[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Tue, 24 Mar 2020 01:16:47 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
6b04ae15 by Salvatore Bonaccorso at 2020-03-24T09:15:13+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,7 +1,7 @@
 CVE-2020-10880
        RESERVED
 CVE-2020-10879 (rConfig before 3.9.5 allows injection because 
lib/crud/search.crud.php ...)
-       TODO: check
+       NOT-FOR-US: rConfig
 CVE-2020-10878
        RESERVED
 CVE-2020-10877
@@ -9,15 +9,15 @@ CVE-2020-10877
 CVE-2020-10876
        RESERVED
 CVE-2020-10875 (Motorola FX9500 devices allow remote attackers to conduct 
absolute pat ...)
-       TODO: check
+       NOT-FOR-US: Motorola devices
 CVE-2020-10874 (Motorola FX9500 devices allow remote attackers to read 
database files. ...)
-       TODO: check
+       NOT-FOR-US: Motorola devices
 CVE-2020-10873
        RESERVED
 CVE-2020-10872
        RESERVED
 CVE-2020-10871 (** DISPUTED ** In OpenWrt LuCI git-20.x, remote 
unauthenticated attack ...)
-       TODO: check
+       NOT-FOR-US: OpenWrt LuCI
 CVE-2020-10870 (Zim through 0.72.1 creates temporary directories with 
predictable name ...)
        - zim <unfixed> (unimportant; bug #954810)
        NOTE: https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028
@@ -4734,7 +4734,7 @@ CVE-2020-8870
 CVE-2020-8869
        RESERVED
 CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary 
code o ...)
-       TODO: check
+       NOT-FOR-US: Quest Foglight Evolve
 CVE-2020-8867
        RESERVED
 CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary 
files o ...)
@@ -4742,9 +4742,9 @@ CVE-2020-8866 (This vulnerability allows remote attackers 
to create arbitrary fi
 CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP 
files  ...)
        TODO: check
 CVE-2020-8864 (This vulnerability allows network-adjacent attackers to bypass 
authent ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2020-8863 (This vulnerability allows network-adjacent attackers to bypass 
authent ...)
-       TODO: check
+       NOT-FOR-US: D-Link
 CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass 
authent ...)
        NOT-FOR-US: D-Link
 CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass 
authent ...)
@@ -7891,13 +7891,13 @@ CVE-2020-7483
 CVE-2020-7482 (A CWE-79:Improper Neutralization of Input During Web Page 
Generation ( ...)
        TODO: check
 CVE-2020-7481 (A CWE-79:Improper Neutralization of Input During Web Page 
Generation ( ...)
-       TODO: check
+       NOT-FOR-US: Andover Continuum
 CVE-2020-7480 (A CWE-94: Improper Control of Generation of Code ('Code 
Injection') vu ...)
-       TODO: check
+       NOT-FOR-US: Andover Continuum
 CVE-2020-7479 (A CWE-306: Missing Authentication for Critical Function 
vulnerability  ...)
-       TODO: check
+       NOT-FOR-US: IGSS
 CVE-2020-7478 (A CWE-22: Improper Limitation of a Pathname to a Restricted 
Directory  ...)
-       TODO: check
+       NOT-FOR-US: IGSS
 CVE-2020-7477 (A CWE-754: Improper Check for Unusual or Exceptional Conditions 
vulner ...)
        TODO: check
 CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee 
Instal ...)
@@ -9089,7 +9089,7 @@ CVE-2020-6969 (It is possible to unmask credentials and 
other sensitive informat
 CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to 
escalate app ...)
        NOT-FOR-US: Honeywell
 CVE-2020-6967 (In Rockwell Automation all versions of FactoryTalk Diagnostics 
softwar ...)
-       TODO: check
+       NOT-FOR-US: Rockwell
 CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE 
Telemetr ...)
        NOT-FOR-US: ApexPro Telemetry Server
 CVE-2020-6965 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE 
Telemetr ...)
@@ -11901,7 +11901,7 @@ CVE-2020-5724
 CVE-2020-5723
        RESERVED
 CVE-2020-5722 (The HTTP interface of the Grandstream UCM6200 series is 
vulnerable to  ...)
-       TODO: check
+       NOT-FOR-US: Grandstream
 CVE-2020-5721
        RESERVED
 CVE-2020-5720 (MikroTik WinBox before 3.21 is vulnerable to a path traversal 
vulnerab ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b04ae15865128d19340cd1aafeda4a71b52fef0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/6b04ae15865128d19340cd1aafeda4a71b52fef0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to