[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso Wed, 28 Nov 2018 01:06:02 -0800

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
9ef1fc8a by Salvatore Bonaccorso at 2018-11-28T09:05:21Z
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -11615,21 +11615,21 @@ CVE-2018-16098
 CVE-2018-16097
        RESERVED
 CVE-2018-16096 (In System Management Module (SMM) versions prior to 1.06, the 
SMM web ...)
-       TODO: check
+       NOT-FOR-US: Lenovo / System Management Module (SMM)
 CVE-2018-16095 (In System Management Module (SMM) versions prior to 1.06, the 
SMM ...)
-       TODO: check
+       NOT-FOR-US: Lenovo / System Management Module (SMM)
 CVE-2018-16094 (In System Management Module (SMM) versions prior to 1.06, an 
internal ...)
-       TODO: check
+       NOT-FOR-US: Lenovo / System Management Module (SMM)
 CVE-2018-16093
        RESERVED
 CVE-2018-16092 (In System Management Module (SMM) versions prior to 1.06, the 
FFDC ...)
-       TODO: check
+       NOT-FOR-US: Lenovo / System Management Module (SMM)
 CVE-2018-16091 (In System Management Module (SMM) versions prior to 1.06, the 
SMM ...)
-       TODO: check
+       NOT-FOR-US: Lenovo / System Management Module (SMM)
 CVE-2018-16090 (In System Management Module (SMM) versions prior to 1.06, the 
SMM ...)
-       TODO: check
+       NOT-FOR-US: Lenovo / System Management Module (SMM)
 CVE-2018-16089 (In System Management Module (SMM) versions prior to 1.06, a 
field in ...)
-       TODO: check
+       NOT-FOR-US: Lenovo / System Management Module (SMM)
 CVE-2018-16088
        RESERVED
        {DSA-4289-1}
@@ -18349,7 +18349,7 @@ CVE-2018-13419 (An issue has been found in libsndfile 
1.0.28. There is a memory
        [jessie] - libsndfile <no-dsa> (Minor issue)
        NOTE: https://github.com/erikd/libsndfile/issues/398
 CVE-2018-13418 (System command injection in ajaxdata.php in TerraMaster TOS 
3.1.03 ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13417 (In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for 
...)
        - azureus <removed>
 CVE-2018-13416 (In Universal Media Server (UMS) 7.1.0, the XML parsing engine 
for ...)
@@ -18472,31 +18472,31 @@ CVE-2018-13363
 CVE-2018-13362
        RESERVED
 CVE-2018-13361 (User enumeration in usertable.php in TerraMaster TOS version 
3.1.03 ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13360 (Cross-site scripting in Text Editor in TerraMaster TOS version 
3.1.03 ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13359 (Cross-site scripting in usertable.php in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13358 (System command injection in ajaxdata.php in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13357 (Cross-site scripting in Control Panel in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13356 (Incorrect access control on ajaxdata.php in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13355 (Cross-site scripting in Control Panel in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13354 (System command injection in logtable.php in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13353 (System command injection in ajaxdata.php in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13352 (Session Exposure in the web application for TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13351 (Cross-site scripting in Control Panel in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13350 (SQL injection in logtable.php in TerraMaster TOS version 
3.1.03 allows ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13349 (Cross-site scripting in the web application taskbar in 
TerraMaster TOS ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13345
        RESERVED
 CVE-2018-13344
@@ -18512,25 +18512,25 @@ CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as 
demonstrated by a /page/add request
 CVE-2018-13339 (Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML 
content mode ...)
        NOT-FOR-US: Imperavi Redactor
 CVE-2018-13338 (System command injection in ajaxdata.php in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13337 (Session Fixation in the web application for TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13336 (System command injection in ajaxdata.php in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13335 (Cross-site scripting in Control Panel in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13334 (Cross-site scripting in handle.php in TerraMaster TOS version 
3.1.03 ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13333 (Cross-site scripting in File Manager in TerraMaster TOS 
version 3.1.03 ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13332 (Directory Traversal in the explorer application in TerraMaster 
TOS ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13331 (Cross-site scripting in Control Panel in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13330 (System command injection in ajaxdata.php in TerraMaster TOS 
version ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13329 (Cross-site scripting in ajaxdata.php in TerraMaster TOS 
version 3.1.03 ...)
-       TODO: check
+       NOT-FOR-US: TerraMaster TOS
 CVE-2018-13328 (The transfer, transferFrom, and mint functions of a smart 
contract ...)
        NOT-FOR-US: smart contract
 CVE-2018-13327 (The transfer and transferFrom functions of a smart contract 
...)
@@ -18556,7 +18556,7 @@ CVE-2018-13318 (System command injection in User.create 
method in Buffalo TS5600
 CVE-2018-13317 (Password disclosure in password.htm in TOTOLINK A3002RU 
version 1.0.8 ...)
        NOT-FOR-US: TOTOLINK
 CVE-2018-13316 (System command injection in formAliasIp in TOTOLINK A3002RU 
version ...)
-       TODO: check
+       NOT-FOR-US: TOTOLINK
 CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK 
A3002RU ...)
        NOT-FOR-US: TOTOLINK
 CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU 
version ...)
@@ -29909,9 +29909,9 @@ CVE-2018-9086 (In some Lenovo ThinkServer-branded 
servers, a command injection .
 CVE-2018-9085 (A write protection lock bit was left unset after boot on an 
older ...)
        NOT-FOR-US: IBM
 CVE-2018-9084 (In System Management Module (SMM) versions prior to 1.06, if an 
...)
-       TODO: check
+       NOT-FOR-US: Lenovo / System Management Module (SMM)
 CVE-2018-9083 (In System Management Module (SMM) versions prior to 1.06, the 
SMM ...)
-       TODO: check
+       NOT-FOR-US: Lenovo / System Management Module (SMM)
 CVE-2018-9082 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 
4.1.402.34662 ...)
        NOT-FOR-US: Lenovo
 CVE-2018-9081 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 
4.1.402.34662 ...)
@@ -32695,7 +32695,7 @@ CVE-2018-7990 (Mate10 Pro Huawei smart phones with the 
versions before 8.1.0.326
 CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before 
BLA-AL00B ...)
        NOT-FOR-US: Huawei
 CVE-2018-7988 (There is a Factory Reset Protection (FRP) bypass vulnerability 
on ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2018-7987
        RESERVED
 CVE-2018-7986
@@ -32717,7 +32717,7 @@ CVE-2018-7979
 CVE-2018-7978
        RESERVED
 CVE-2018-7977 (There is an information leakage vulnerability on several Huawei 
...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2018-7976 (There is a stored cross-site scripting (XSS) vulnerability in 
Huawei ...)
        NOT-FOR-US: Huawei
 CVE-2018-7975
@@ -55172,11 +55172,11 @@ CVE-2018-0723
 CVE-2018-0722
        RESERVED
 CVE-2018-0721 (Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 
and ...)
-       TODO: check
+       NOT-FOR-US: QNAP QTS
 CVE-2018-0720
        RESERVED
 CVE-2018-0719 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.2.6 
build ...)
-       TODO: check
+       NOT-FOR-US: QNAP QTS
 CVE-2018-0718 (Command injection vulnerability in Music Station 5.1.2 and 
earlier ...)
        NOT-FOR-US: Music Station
 CVE-2018-0717



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef1fc8a969a653cfb0c7c30aca92d28d7032386

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef1fc8a969a653cfb0c7c30aca92d28d7032386
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process NFUs

Reply via email to