[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Dec 4 20:36:30 GMT 2018


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ecf7116f by Salvatore Bonaccorso at 2018-12-04T20:35:50Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10954,17 +10954,17 @@ CVE-2018-16636
 CVE-2018-16635
 	RESERVED
 CVE-2018-16634 (Pluck v4.7.7 allows CSRF via admin.php?action=settings. ...)
-	TODO: check
+	NOT-FOR-US: Pluck CMS
 CVE-2018-16633 (Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page ...)
-	TODO: check
+	NOT-FOR-US: Pluck CMS
 CVE-2018-16632
 	RESERVED
 CVE-2018-16631 (Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2018-16630
 	RESERVED
 CVE-2018-16629 (panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG ...)
-	TODO: check
+	NOT-FOR-US: Subrion CMS
 CVE-2018-16628 (panel/login in Kirby v2.5.12 allows XSS via a blog name. ...)
 	TODO: check
 CVE-2018-16627
@@ -22069,35 +22069,35 @@ CVE-2018-12320 (There is a use after free in radare2 2.6.0 in r_anal_bb_free() i
 	NOTE: https://github.com/radare/radare2/commit/90b71c017a7fa9732fe45fd21b245ee051b1f548
 	NOTE: https://github.com/radare/radare2/issues/10293
 CVE-2018-12319 (Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12318 (Information disclosure in the SNMP settings page in ASUSTOR ADM ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12317 (OS command injection in group.cgi in ASUSTOR ADM version 3.1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12316 (OS Command Injection in upload.cgi in ASUSTOR ADM version 3.1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12315 (Missing verification of a password in ASUSTOR ADM version 3.1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12314 (Directory Traversal in downloadwallpaper.cgi in ASUSTOR ADM version ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12313 (OS command injection in snmp.cgi in ASUSTOR ADM version 3.1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12312 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12311 (Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12310 (Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12309 (Directory Traversal in upload.cgi in ASUSTOR ADM version 3.1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12308 (Encryption key disclosure in share.cgi in ASUSTOR ADM version 3.1.1 ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12307 (OS command injection in user.cgi in ASUSTOR ADM version 3.1.1 allows ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12306 (Directory Traversal in File Explorer in ASUSTOR ADM version 3.1.1 ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12305 (Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 ...)
-	TODO: check
+	NOT-FOR-US: ASUSTOR ADM
 CVE-2018-12304
 	RESERVED
 CVE-2018-12303
@@ -33400,7 +33400,7 @@ CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before BLA-AL00B
 CVE-2018-7988 (There is a Factory Reset Protection (FRP) bypass vulnerability on ...)
 	NOT-FOR-US: Huawei
 CVE-2018-7987 (There is an out-of-bounds write vulnerability on Huawei P20 ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7986
 	RESERVED
 CVE-2018-7985
@@ -33462,7 +33462,7 @@ CVE-2018-7958 (There is an anonymous TLS cipher suites supported vulnerability i
 CVE-2018-7957 (Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an ...)
 	NOT-FOR-US: Huawei
 CVE-2018-7956 (Huawei VIP App is a mobile app for Malaysia customers that purchased ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7955
 	RESERVED
 CVE-2018-7954
@@ -56605,7 +56605,7 @@ CVE-2018-0470 (A vulnerability in the web framework of Cisco IOS XE Software cou
 CVE-2018-0469 (A vulnerability in the web user interface of Cisco IOS XE Software ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0468 (A vulnerability in the configuration of a local database installed as ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2018-0467 (A vulnerability in the IPv6 processing code of Cisco IOS and IOS XE ...)
 	NOT-FOR-US: Cisco
 CVE-2018-0466 (A vulnerability in the Open Shortest Path First version 3 (OSPFv3) ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecf7116fde10c637ade3945056551f83f6f52578

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/ecf7116fde10c637ade3945056551f83f6f52578
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181204/68f101d4/attachment.html>


More information about the debian-security-tracker-commits mailing list