[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Dec 4 08:28:30 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
860a7396 by Salvatore Bonaccorso at 2018-12-04T08:28:09Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -15656,35 +15656,35 @@ CVE-2018-14711
 CVE-2018-14710
 	RESERVED
 CVE-2018-14709 (Incorrect access control in the Dashboard API on Drobo 5N2 NAS version ...)
-	TODO: check
+	NOT-FOR-US: Dashboard API on Drobo 5N2 NAS
 CVE-2018-14708 (An insecure transport protocol used by Drobo Dashboard API on Drobo ...)
-	TODO: check
+	NOT-FOR-US: Drobo Dashboard API on Drobo 5N2 NAS
 CVE-2018-14707 (Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS ...)
-	TODO: check
+	NOT-FOR-US: Drobo Pix web application on Drobo 5N2 NAS
 CVE-2018-14706 (System command injection in the /DroboPix/api/drobopix/demo endpoint ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14705
 	RESERVED
 CVE-2018-14704 (Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14703 (Incorrect access control in the /mysql/api/droboapp/data endpoint in ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14702 (Incorrect access control in the /drobopix/api/drobo.php endpoint in ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14701 (System command injection in the /DroboAccess/delete_user endpoint in ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14700 (Incorrect access control in the /mysql/api/logfile.php endpoint in ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14699 (System command injection in the /DroboAccess/enable_user endpoint in ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14698 (Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14697 (Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14696 (Incorrect access control in the /mysql/api/drobo.php endpoint in Drobo ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14695 (Incorrect access control in the /mysql/api/diags.php endpoint in Drobo ...)
-	TODO: check
+	NOT-FOR-US: Drobo 5N2 NAS
 CVE-2018-14694
 	RESERVED
 CVE-2018-14693



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/860a7396682632d5e3be400f72c5744ab08528ba

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/860a7396682632d5e3be400f72c5744ab08528ba
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181204/44a10e5d/attachment.html>

More information about the debian-security-tracker-commits mailing list