[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jun 30 09:47:27 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
cd6e95b4 by Salvatore Bonaccorso at 2020-06-30T10:47:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4780,7 +4780,7 @@ CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the
 CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...)
 	NOT-FOR-US: Joomla addon
 CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that can be exp ...)
-	TODO: check
+	NOT-FOR-US: Form Builder for Magento
 CVE-2020-13422
 	RESERVED
 CVE-2020-13421
@@ -8136,17 +8136,17 @@ CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion Sys
 CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
-	TODO: check
+	NOT-FOR-US: Baxter
 CVE-2020-12036 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
-	TODO: check
+	NOT-FOR-US: Baxter
 CVE-2020-12035 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
-	TODO: check
+	NOT-FOR-US: Baxter
 CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all versions, th ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
-	TODO: check
+	NOT-FOR-US: Baxter
 CVE-2020-12031
 	RESERVED
 CVE-2020-12030
@@ -8162,7 +8162,7 @@ CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
 CVE-2020-12025
 	RESERVED
 CVE-2020-12024 (Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix ...)
-	TODO: check
+	NOT-FOR-US: Baxter
 CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, Intel ...)
 	NOT-FOR-US: Philips
 CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...)
@@ -8170,7 +8170,7 @@ CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
 CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous vers ...)
 	NOT-FOR-US: OSIsoft PI Web
 CVE-2020-12020 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix E ...)
-	TODO: check
+	NOT-FOR-US: Baxter
 CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based  ...)
 	NOT-FOR-US: WebAccess Node
 CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An o ...)
@@ -8178,7 +8178,7 @@ CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
 CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmw ...)
 	NOT-FOR-US: GE Grid Solutions Reason RT Clocks
 CVE-2020-12016 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...)
-	TODO: check
+	NOT-FOR-US: Baxter
 CVE-2020-12015
 	RESERVED
 CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...)
@@ -8186,7 +8186,7 @@ CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
 CVE-2020-12013
 	RESERVED
 CVE-2020-12012 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...)
-	TODO: check
+	NOT-FOR-US: Baxter
 CVE-2020-12011
 	RESERVED
 CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
@@ -8194,7 +8194,7 @@ CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
 CVE-2020-12009
 	RESERVED
 CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
-	TODO: check
+	NOT-FOR-US: Baxter
 CVE-2020-12007
 	RESERVED
 CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
@@ -19668,19 +19668,19 @@ CVE-2019-20418
 CVE-2019-20417
 	RESERVED
 CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions allows remo ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2019-20414 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2019-20413 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2019-20412 (The Convert Sub-Task to Issue page in affected versions of Atlassian J ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2019-20411 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2019-20410 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2019-20409 (The way in which velocity templates were used in Atlassian Jira Server ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-20408
@@ -20608,23 +20608,23 @@ CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components with
 CVE-2020-7511 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...)
 	TODO: check
 CVE-2020-7510 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 ( ...)
-	TODO: check
+	NOT-FOR-US: Easergy T300
 CVE-2020-7509 (A CWE-269: Improper privilege management (write) vulnerability exists  ...)
-	TODO: check
+	NOT-FOR-US: Easergy T300
 CVE-2020-7508 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...)
-	TODO: check
+	NOT-FOR-US: Easergy T300
 CVE-2020-7507 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists in E ...)
-	TODO: check
+	NOT-FOR-US: Easergy T300
 CVE-2020-7506 (A CWE-538: File and Directory Information Exposure vulnerability exist ...)
-	TODO: check
+	NOT-FOR-US: Easergy T300
 CVE-2020-7505 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...)
-	TODO: check
+	NOT-FOR-US: Easergy T300
 CVE-2020-7504 (A CWE-20: Improper Input Validation vulnerability exists in Easergy T3 ...)
-	TODO: check
+	NOT-FOR-US: Easergy T300
 CVE-2020-7503 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in E ...)
-	TODO: check
+	NOT-FOR-US: Easergy T300
 CVE-2020-7502 (A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Lo ...)
-	TODO: check
+	NOT-FOR-US: Modicon
 CVE-2020-7501 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo ...)
 	NOT-FOR-US: Schneider
 CVE-2020-7500 (A CWE-89:Improper Neutralization of Special Elements used in an SQL Co ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6e95b4c81f7c232dc0c34a1ba31299f2b69aa0

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6e95b4c81f7c232dc0c34a1ba31299f2b69aa0
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200630/3e3e97bf/attachment.html>


More information about the debian-security-tracker-commits mailing list