[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Dec 4 20:36:30 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ecf7116f by Salvatore Bonaccorso at 2018-12-04T20:35:50Z
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -10954,17 +10954,17 @@ CVE-2018-16636
CVE-2018-16635
RESERVED
CVE-2018-16634 (Pluck v4.7.7 allows CSRF via admin.php?action=settings. ...)
- TODO: check
+ NOT-FOR-US: Pluck CMS
CVE-2018-16633 (Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page ...)
- TODO: check
+ NOT-FOR-US: Pluck CMS
CVE-2018-16632
RESERVED
CVE-2018-16631 (Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2018-16630
RESERVED
CVE-2018-16629 (panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG ...)
- TODO: check
+ NOT-FOR-US: Subrion CMS
CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
TODO: check
CVE-2018-16627
@@ -22069,35 +22069,35 @@ CVE-2018-12320 (There is a use after free in radare2 2.6.0 in r_anal_bb_free() i
NOTE: https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548
NOTE: https://github.com/radare/radare2/issues/10293
CVE-2018-12319 (Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12318 (Information disclosure in the SNMP settings page in ASUSTOR ADM ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12317 (OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12316 (OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12315 (Missing verification of a password in ASUSTOR ADM version 3.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12314 (Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12313 (OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12312 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12311 (Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12310 (Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12309 (Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12308 (Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12307 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12306 (Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12305 (Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 ...)
- TODO: check
+ NOT-FOR-US: ASUSTOR ADM
CVE-2018-12304
RESERVED
CVE-2018-12303
@@ -33400,7 +33400,7 @@ CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before BLA-AL00B
CVE-2018-7988 (There is a Factory Reset Protection (FRP) bypass vulnerability on ...)
NOT-FOR-US: Huawei
CVE-2018-7987 (There is an out-of-bounds write vulnerability on Huawei P20 ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7986
RESERVED
CVE-2018-7985
@@ -33462,7 +33462,7 @@ CVE-2018-7958 (There is an anonymous TLS cipher suites supported vulnerability i
CVE-2018-7957 (Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an ...)
NOT-FOR-US: Huawei
CVE-2018-7956 (Huawei VIP App is a mobile app for Malaysia customers that purchased ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7955
RESERVED
CVE-2018-7954
@@ -56605,7 +56605,7 @@ CVE-2018-0470 (A vulnerability in the web framework of Cisco IOS XE Software cou
CVE-2018-0469 (A vulnerability in the web user interface of Cisco IOS XE Software ...)
NOT-FOR-US: Cisco
CVE-2018-0468 (A vulnerability in the configuration of a local database installed as ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2018-0467 (A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE ...)
NOT-FOR-US: Cisco
CVE-2018-0466 (A vulnerability in the Open Shortest Path First version 3 (OSPFv3) ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecf7116fde10c637ade3945056551f83f6f52578
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecf7116fde10c637ade3945056551f83f6f52578
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181204/68f101d4/attachment.html>
More information about the debian-security-tracker-commits
mailing list