[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Wed Nov 28 08:35:40 GMT 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
265caabb by Salvatore Bonaccorso at 2018-11-28T08:32:02Z
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4433,7 +4433,7 @@ CVE-2018-18984
 CVE-2018-18983
 	RESERVED
 CVE-2018-18982 (NUUO CMS All versions 3.3 and prior the web server application allows ...)
-	TODO: check
+	NOT-FOR-US: NUUO CMS
 CVE-2018-18981
 	RESERVED
 CVE-2014-10077 (Hash#slice in lib/i18n/core_ext/hash.rb in the i18n gem before 0.8.0 ...)
@@ -7139,11 +7139,11 @@ CVE-2018-17938 (Zimbra Collaboration before 8.8.10 GA allows text content spoofi
 CVE-2018-17937
 	RESERVED
 CVE-2018-17936 (NUUO CMS All versions 3.3 and prior the application allows the upload ...)
-	TODO: check
+	NOT-FOR-US: NUUO CMS
 CVE-2018-17935 (All versions of Telecrane F25 Series Radio Controls before 00.0A use ...)
 	NOT-FOR-US: Telecrane
 CVE-2018-17934 (NUUO CMS All versions 3.3 and prior the application allows external ...)
-	TODO: check
+	NOT-FOR-US: NUUO CMS
 CVE-2018-17933 (VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may ...)
 	NOT-FOR-US: VGo Robot
 CVE-2018-17932
@@ -8690,7 +8690,7 @@ CVE-2018-17258
 CVE-2018-17257
 	RESERVED
 CVE-2018-17256 (Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS ...)
-	TODO: check
+	NOT-FOR-US: Umbraco CMS
 CVE-2018-17255 (Navigate CMS 2.8 has Reflected XSS via the navigate.php fid parameter. ...)
 	NOT-FOR-US: Navigate CMS
 CVE-2018-17254 (The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the ...)
@@ -11545,7 +11545,7 @@ CVE-2018-16132 (The image rendering component (createGenericPreview) of the Open
 CVE-2018-16131 (The decodeRequest and decodeRequestWith directives in Lightbend Akka ...)
 	NOT-FOR-US: Lightbend Akka
 CVE-2018-16130 (System command injection in request_mitv in Xiaomi Mi Router 3 version ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi Mi Router
 CVE-2018-558213
 	REJECTED
 CVE-2018-16129
@@ -14506,9 +14506,9 @@ CVE-2018-14895
 CVE-2018-14894
 	RESERVED
 CVE-2018-14893 (A system command injection vulnerability in zyshclient in ZyXEL NSA325 ...)
-	TODO: check
+	NOT-FOR-US: ZyXEL
 CVE-2018-14892 (Missing protections against Cross-Site Request Forgery in the web ...)
-	TODO: check
+	NOT-FOR-US: ZyXEL
 CVE-2018-14891 (Management Console in Vectra Networks Cognito Brain and Sensor before ...)
 	NOT-FOR-US: Vectra Networks Cognito Brain and Sensor
 CVE-2018-14890 (Vectra Networks Cognito Brain and Sensor before 4.2 contains a ...)
@@ -18442,7 +18442,7 @@ CVE-2018-13378
 CVE-2018-13377
 	RESERVED
 CVE-2018-13376 (An uninitialized memory buffer leak exists in Fortinet FortiOS 5.6.1 ...)
-	TODO: check
+	NOT-FOR-US: Fortinet FortiOS
 CVE-2018-13375
 	RESERVED
 CVE-2018-13374
@@ -18560,7 +18560,7 @@ CVE-2018-13316 (System command injection in formAliasIp in TOTOLINK A3002RU vers
 CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK A3002RU ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU version ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2018-13313
 	RESERVED
 CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version ...)
@@ -18574,9 +18574,9 @@ CVE-2018-13309 (Cross-site scripting in password.htm in TOTOLINK A3002RU version
 CVE-2018-13308 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version ...)
 	NOT-FOR-US: TOTOLINK
 CVE-2018-13307 (System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2018-13306 (System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 ...)
-	TODO: check
+	NOT-FOR-US: TOTOLINK
 CVE-2018-13305 (In FFmpeg 4.0.1, due to a missing check for negative values of the ...)
 	- ffmpeg <not-affected> (Vulnerable code not present)
 	- libav <undetermined>
@@ -19223,9 +19223,9 @@ CVE-2018-13025 (protected/apps/admin/controller/photoController.php in YXcms 1.4
 CVE-2018-13024 (Metinfo v6.0.0 allows remote attackers to write code into a .php file, ...)
 	NOT-FOR-US: Metinfo
 CVE-2018-13023 (System command injection vulnerability in wifi_access in Xiaomi Mi ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi Mi Router
 CVE-2018-13022 (Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi ...)
-	TODO: check
+	NOT-FOR-US: Xiaomi Mi Router
 CVE-2018-13021 (An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script ...)
 	NOT-FOR-US: HongCMS
 CVE-2018-13020
@@ -21568,7 +21568,7 @@ CVE-2018-12243 (The Symantec Messaging Gateway product prior to 10.6.6 may be ..
 CVE-2018-12242 (The Symantec Messaging Gateway product prior to 10.6.6 may be ...)
 	NOT-FOR-US: Symantec
 CVE-2018-12241 (The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is ...)
-	TODO: check
+	NOT-FOR-US: Symantec
 CVE-2018-12240 (The Norton Identity Safe product prior to 5.3.0.976 may be susceptible ...)
 	NOT-FOR-US: Norton
 CVE-2018-12239
@@ -32749,13 +32749,13 @@ CVE-2018-7963
 CVE-2018-7962
 	RESERVED
 CVE-2018-7961 (There is a smart SMS verification code vulnerability in some Huawei ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7960 (There is a SRTP icon display vulnerability in Huawei eSpace product. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7959 (There is a short key vulnerability in Huawei eSpace product. An ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7958 (There is an anonymous TLS cipher suites supported vulnerability in ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7957 (Huawei smartphones with software Victoria-AL00 8.0.0.336a(C00) have an ...)
 	NOT-FOR-US: Huawei
 CVE-2018-7956
@@ -32779,7 +32779,7 @@ CVE-2018-7948
 CVE-2018-7947 (Huawei mobile phones with versions earlier before Emily-AL00A ...)
 	NOT-FOR-US: Huawei
 CVE-2018-7946 (There is an information leak vulnerability in some Huawei smartphones. ...)
-	TODO: check
+	NOT-FOR-US: Huawei
 CVE-2018-7945
 	RESERVED
 CVE-2018-7944 (Huawei smart phones Emily-AL00A with software 8.1.0.106(SP2C00) and ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/265caabbf77cb806d6e14a4b1e82310e6ccda02b

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/265caabbf77cb806d6e14a4b1e82310e6ccda02b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181128/efde0b56/attachment.html>

More information about the debian-security-tracker-commits mailing list