[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Nov 28 09:05:52 GMT 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9ef1fc8a by Salvatore Bonaccorso at 2018-11-28T09:05:21Z
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -11615,21 +11615,21 @@ CVE-2018-16098
CVE-2018-16097
RESERVED
CVE-2018-16096 (In System Management Module (SMM) versions prior to 1.06, the SMM web ...)
- TODO: check
+ NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16095 (In System Management Module (SMM) versions prior to 1.06, the SMM ...)
- TODO: check
+ NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16094 (In System Management Module (SMM) versions prior to 1.06, an internal ...)
- TODO: check
+ NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16093
RESERVED
CVE-2018-16092 (In System Management Module (SMM) versions prior to 1.06, the FFDC ...)
- TODO: check
+ NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16091 (In System Management Module (SMM) versions prior to 1.06, the SMM ...)
- TODO: check
+ NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16090 (In System Management Module (SMM) versions prior to 1.06, the SMM ...)
- TODO: check
+ NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16089 (In System Management Module (SMM) versions prior to 1.06, a field in ...)
- TODO: check
+ NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-16088
RESERVED
{DSA-4289-1}
@@ -18349,7 +18349,7 @@ CVE-2018-13419 (An issue has been found in libsndfile 1.0.28. There is a memory
[jessie] - libsndfile <no-dsa> (Minor issue)
NOTE: https://github.com/erikd/libsndfile/issues/398
CVE-2018-13418 (System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13417 (In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for ...)
- azureus <removed>
CVE-2018-13416 (In Universal Media Server (UMS) 7.1.0, the XML parsing engine for ...)
@@ -18472,31 +18472,31 @@ CVE-2018-13363
CVE-2018-13362
RESERVED
CVE-2018-13361 (User enumeration in usertable.php in TerraMaster TOS version 3.1.03 ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13360 (Cross-site scripting in Text Editor in TerraMaster TOS version 3.1.03 ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13359 (Cross-site scripting in usertable.php in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13358 (System command injection in ajaxdata.php in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13357 (Cross-site scripting in Control Panel in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13356 (Incorrect access control on ajaxdata.php in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13355 (Cross-site scripting in Control Panel in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13354 (System command injection in logtable.php in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13353 (System command injection in ajaxdata.php in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13352 (Session Exposure in the web application for TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13351 (Cross-site scripting in Control Panel in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13350 (SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13349 (Cross-site scripting in the web application taskbar in TerraMaster TOS ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13345
RESERVED
CVE-2018-13344
@@ -18512,25 +18512,25 @@ CVE-2018-13340 (Gleez CMS 1.2.0 has CSRF, as demonstrated by a /page/add request
CVE-2018-13339 (Imperavi Redactor 3 in Angular Redactor 1.1.6, when HTML content mode ...)
NOT-FOR-US: Imperavi Redactor
CVE-2018-13338 (System command injection in ajaxdata.php in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13337 (Session Fixation in the web application for TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13336 (System command injection in ajaxdata.php in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13335 (Cross-site scripting in Control Panel in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13334 (Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13333 (Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13332 (Directory Traversal in the explorer application in TerraMaster TOS ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13331 (Cross-site scripting in Control Panel in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13330 (System command injection in ajaxdata.php in TerraMaster TOS version ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13329 (Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 ...)
- TODO: check
+ NOT-FOR-US: TerraMaster TOS
CVE-2018-13328 (The transfer, transferFrom, and mint functions of a smart contract ...)
NOT-FOR-US: smart contract
CVE-2018-13327 (The transfer and transferFrom functions of a smart contract ...)
@@ -18556,7 +18556,7 @@ CVE-2018-13318 (System command injection in User.create method in Buffalo TS5600
CVE-2018-13317 (Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 ...)
NOT-FOR-US: TOTOLINK
CVE-2018-13316 (System command injection in formAliasIp in TOTOLINK A3002RU version ...)
- TODO: check
+ NOT-FOR-US: TOTOLINK
CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK A3002RU ...)
NOT-FOR-US: TOTOLINK
CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU version ...)
@@ -29909,9 +29909,9 @@ CVE-2018-9086 (In some Lenovo ThinkServer-branded servers, a command injection .
CVE-2018-9085 (A write protection lock bit was left unset after boot on an older ...)
NOT-FOR-US: IBM
CVE-2018-9084 (In System Management Module (SMM) versions prior to 1.06, if an ...)
- TODO: check
+ NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-9083 (In System Management Module (SMM) versions prior to 1.06, the SMM ...)
- TODO: check
+ NOT-FOR-US: Lenovo / System Management Module (SMM)
CVE-2018-9082 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
NOT-FOR-US: Lenovo
CVE-2018-9081 (For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 ...)
@@ -32695,7 +32695,7 @@ CVE-2018-7990 (Mate10 Pro Huawei smart phones with the versions before 8.1.0.326
CVE-2018-7989 (Huawei Mate 10 pro smartphones with the versions before BLA-AL00B ...)
NOT-FOR-US: Huawei
CVE-2018-7988 (There is a Factory Reset Protection (FRP) bypass vulnerability on ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7987
RESERVED
CVE-2018-7986
@@ -32717,7 +32717,7 @@ CVE-2018-7979
CVE-2018-7978
RESERVED
CVE-2018-7977 (There is an information leakage vulnerability on several Huawei ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2018-7976 (There is a stored cross-site scripting (XSS) vulnerability in Huawei ...)
NOT-FOR-US: Huawei
CVE-2018-7975
@@ -55172,11 +55172,11 @@ CVE-2018-0723
CVE-2018-0722
RESERVED
CVE-2018-0721 (Buffer Overflow vulnerability in QNAP QTS 4.2.6 build 20180711 and ...)
- TODO: check
+ NOT-FOR-US: QNAP QTS
CVE-2018-0720
RESERVED
CVE-2018-0719 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.2.6 build ...)
- TODO: check
+ NOT-FOR-US: QNAP QTS
CVE-2018-0718 (Command injection vulnerability in Music Station 5.1.2 and earlier ...)
NOT-FOR-US: Music Station
CVE-2018-0717
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef1fc8a969a653cfb0c7c30aca92d28d7032386
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/9ef1fc8a969a653cfb0c7c30aca92d28d7032386
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181128/2ee6f7fa/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list