[Git][security-tracker-team/security-tracker][master] Process some NFUs

Tue, 04 Dec 2018 12:37:25 -0800 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
ecf7116f by Salvatore Bonaccorso at 2018-12-04T20:35:50Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10954,17 +10954,17 @@ CVE-2018-16636
 CVE-2018-16635
        RESERVED
 CVE-2018-16634 (Pluck v4.7.7 allows CSRF via admin.php?action=settings. ...)
-       TODO: check
+       NOT-FOR-US: Pluck CMS
 CVE-2018-16633 (Pluck v4.7.7 allows XSS via the 
admin.php?action=editpage&page= page ...)
-       TODO: check
+       NOT-FOR-US: Pluck CMS
 CVE-2018-16632
        RESERVED
 CVE-2018-16631 (Subrion CMS v4.2.1 allows XSS via the 
panel/configuration/general/ ...)
-       TODO: check
+       NOT-FOR-US: Subrion CMS
 CVE-2018-16630
        RESERVED
 CVE-2018-16629 (panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via 
an SVG ...)
-       TODO: check
+       NOT-FOR-US: Subrion CMS
 CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
        TODO: check
 CVE-2018-16627
@@ -22069,35 +22069,35 @@ CVE-2018-12320 (There is a use after free in radare2 
2.6.0 in r_anal_bb_free() i
        NOTE: 
https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548
        NOTE: https://github.com/radare/radare2/issues/10293
 CVE-2018-12319 (Denial-of-service in the login page of ASUSTOR ADM 3.1.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12318 (Information disclosure in the SNMP settings page in ASUSTOR 
ADM ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12317 (OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12316 (OS Command Injection in upload.cgi in ASUSTOR ADM version 
3.1.1 allows ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12315 (Missing verification of a password in ASUSTOR ADM version 
3.1.1 allows ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12314 (Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM 
version ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12313 (OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12312 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12311 (Cross-site scripting vulnerability in File Explorer in ASUSTOR 
ADM ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12310 (Cross-site scripting in the Login page in ASUSTOR ADM version 
3.1.1 ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12309 (Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12308 (Encryption key disclosure in share.cgi in ASUSTOR ADM version 
3.1.1 ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12307 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 
allows ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12306 (Directory Traversal in File Explorer in ASUSTOR ADM version 
3.1.1 ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12305 (Cross-site scripting in File Explorer in ASUSTOR ADM version 
3.1.1 ...)
-       TODO: check
+       NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12304
        RESERVED
 CVE-2018-12303
@@ -33400,7 +33400,7 @@ CVE-2018-7989 (Huawei Mate 10 pro smartphones with the 
versions before BLA-AL00B
 CVE-2018-7988 (There is a Factory Reset Protection (FRP) bypass vulnerability 
on ...)
        NOT-FOR-US: Huawei
 CVE-2018-7987 (There is an out-of-bounds write vulnerability on Huawei P20 ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2018-7986
        RESERVED
 CVE-2018-7985
@@ -33462,7 +33462,7 @@ CVE-2018-7958 (There is an anonymous TLS cipher suites 
supported vulnerability i
 CVE-2018-7957 (Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) 
have an ...)
        NOT-FOR-US: Huawei
 CVE-2018-7956 (Huawei VIP App is a mobile app for Malaysia customers that 
purchased ...)
-       TODO: check
+       NOT-FOR-US: Huawei
 CVE-2018-7955
        RESERVED
 CVE-2018-7954
@@ -56605,7 +56605,7 @@ CVE-2018-0470 (A vulnerability in the web framework of 
Cisco IOS XE Software cou
 CVE-2018-0469 (A vulnerability in the web user interface of Cisco IOS XE 
Software ...)
        NOT-FOR-US: Cisco
 CVE-2018-0468 (A vulnerability in the configuration of a local database 
installed as ...)
-       TODO: check
+       NOT-FOR-US: Cisco
 CVE-2018-0467 (A vulnerability in the IPv6 processing code of Cisco IOS and 
IOS XE ...)
        NOT-FOR-US: Cisco
 CVE-2018-0466 (A vulnerability in the Open Shortest Path First version 3 
(OSPFv3) ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecf7116fde10c637ade3945056551f83f6f52578

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecf7116fde10c637ade3945056551f83f6f52578
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to