[Git][security-tracker-team/security-tracker][master] 2 commits: Process more NFUs

Fri Feb 7 08:31:45 GMT 2020


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
336e0b2a by Salvatore Bonaccorso at 2020-02-07T09:31:01+01:00
Process more NFUs

- - - - -
5bff605a by Salvatore Bonaccorso at 2020-02-07T09:31:28+01:00
Merge remote-tracking branch 'origin/master'

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4230,9 +4230,9 @@ CVE-2020-6858
 CVE-2020-6857 (CarbonFTP v1.4 uses insecure proprietary password encryption with a ha ...)
 	NOT-FOR-US: CarbonFTP
 CVE-2020-6856 (An XML External Entity (XEE) vulnerability exists in the JOC Cockpit c ...)
-	TODO: check
+	NOT-FOR-US: JOC Cockpit component of SOS JobScheduler
 CVE-2020-6855 (A large or infinite loop vulnerability in the JOC Cockpit component of ...)
-	TODO: check
+	NOT-FOR-US: JOC Cockpit component of SOS JobScheduler
 CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit componen ...)
 	NOT-FOR-US: JOC Cockpit, different from src:cockpit
 CVE-2020-6853
@@ -4450,7 +4450,7 @@ CVE-2020-6762
 CVE-2020-6761
 	RESERVED
 CVE-2020-6760 (Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS com ...)
-	TODO: check
+	NOT-FOR-US: Schmid ZI 620 V400 VPN 090 routers
 CVE-2020-6759
 	RESERVED
 CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in ...)
@@ -220446,7 +220446,7 @@ CVE-2015-6002
 CVE-2015-6001
 	RESERVED
 CVE-2015-6000 (Unrestricted file upload vulnerability in the Settings_Vtiger_CompanyD ...)
-	TODO: check
+	NOT-FOR-US: Vtiger CRM
 CVE-2015-5999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the D-Li ...)
 	NOT-FOR-US: D-Link DIR-816L Wireless Router
 CVE-2015-5998 (Impero Education Pro before 5105 relies on the -1|AUTHENTICATE\x02PASS ...)
@@ -221636,11 +221636,11 @@ CVE-2015-5630 (Cross-site scripting (XSS) vulnerability in the NTT Broadband Pla
 CVE-2015-5629 (The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6. ...)
 	NOT-FOR-US: NTT
 CVE-2015-5628 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
-	TODO: check
+	NOT-FOR-US: Yokogawa
 CVE-2015-5627 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
-	TODO: check
+	NOT-FOR-US: Yokogawa
 CVE-2015-5626 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
-	TODO: check
+	NOT-FOR-US: Yokogawa
 CVE-2015-5625 (Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 al ...)
 	NOT-FOR-US: OpenDocMan
 CVE-2015-5624 (Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELP ...)
@@ -273532,7 +273532,7 @@ CVE-2013-3570
 CVE-2013-3569
 	RESERVED
 CVE-2013-3568 (Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT11 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2013-3567 (Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterpri ...)
 	{DSA-2715-1}
 	- puppet 3.2.2-1 (bug #712745)
@@ -275634,15 +275634,15 @@ CVE-2013-2685 (Stack-based buffer overflow in res/res_format_attr_h264.c in Aste
 	- asterisk <not-affected> (H264 code not yet present)
 	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-20901
 CVE-2013-2684 (Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devic ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2013-2683 (Cisco Linksys E4200 1.0.05 Build 7 devices contain an Information Disc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2013-2682 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vuln ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass V ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartex ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2013-2679
 	RESERVED
 CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...)
@@ -275652,7 +275652,7 @@ CVE-2013-2677
 CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
 	NOT-FOR-US: Brother
 CVE-2013-2675 (Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable r ...)
-	TODO: check
+	NOT-FOR-US: Brother devices
 CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
 	NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices
 CVE-2013-2673 (Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass  ...)
@@ -282574,9 +282574,9 @@ CVE-2012-6343
 CVE-2012-6342 (Cross-site request forgery (CSRF) vulnerability in logout.action in At ...)
 	NOT-FOR-US: Atlassian Confluence
 CVE-2012-6341 (An Information Disclosure vulnerability exists in the my config file i ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2012-6340 (An Authentication vulnerability exists in NETGEAR WGR614 v7 and v9 due ...)
-	TODO: check
+	NOT-FOR-US: Netgear
 CVE-2012-6339 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...)
 	NOT-FOR-US: Cerberus FTP Server
 CVE-2012-6338
@@ -283690,7 +283690,7 @@ CVE-2012-6299 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16
 CVE-2012-6298 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, r12 ...)
 	NOT-FOR-US: CA IdentityMinder
 CVE-2012-6297 (Command Injection vulnerability exists via a CSRF in DD-WRT 24-sp2 fro ...)
-	TODO: check
+	NOT-FOR-US: DD-WRT
 CVE-2012-6296
 	RESERVED
 CVE-2012-6295



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e883e581ec7f8979fbcc906e578c2b74f3e469b3...5bff605a11c8ffdec49d335f9725f3b0dfe7196d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/e883e581ec7f8979fbcc906e578c2b74f3e469b3...5bff605a11c8ffdec49d335f9725f3b0dfe7196d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200207/3521b9ba/attachment.html>
