[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Jun 30 09:47:27 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cd6e95b4 by Salvatore Bonaccorso at 2020-06-30T10:47:04+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -4780,7 +4780,7 @@ CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the
CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...)
NOT-FOR-US: Joomla addon
CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that can be exp ...)
- TODO: check
+ NOT-FOR-US: Form Builder for Magento
CVE-2020-13422
RESERVED
CVE-2020-13421
@@ -8136,17 +8136,17 @@ CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion Sys
CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
NOT-FOR-US: Rockwell Automation
CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
- TODO: check
+ NOT-FOR-US: Baxter
CVE-2020-12036 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
- TODO: check
+ NOT-FOR-US: Baxter
CVE-2020-12035 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
- TODO: check
+ NOT-FOR-US: Baxter
CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
NOT-FOR-US: Rockwell Automation
CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all versions, th ...)
NOT-FOR-US: Rockwell Automation
CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
- TODO: check
+ NOT-FOR-US: Baxter
CVE-2020-12031
RESERVED
CVE-2020-12030
@@ -8162,7 +8162,7 @@ CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12025
RESERVED
CVE-2020-12024 (Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix ...)
- TODO: check
+ NOT-FOR-US: Baxter
CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, Intel ...)
NOT-FOR-US: Philips
CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...)
@@ -8170,7 +8170,7 @@ CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous vers ...)
NOT-FOR-US: OSIsoft PI Web
CVE-2020-12020 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix E ...)
- TODO: check
+ NOT-FOR-US: Baxter
CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based ...)
NOT-FOR-US: WebAccess Node
CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An o ...)
@@ -8178,7 +8178,7 @@ CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmw ...)
NOT-FOR-US: GE Grid Solutions Reason RT Clocks
CVE-2020-12016 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...)
- TODO: check
+ NOT-FOR-US: Baxter
CVE-2020-12015
RESERVED
CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...)
@@ -8186,7 +8186,7 @@ CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12013
RESERVED
CVE-2020-12012 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...)
- TODO: check
+ NOT-FOR-US: Baxter
CVE-2020-12011
RESERVED
CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
@@ -8194,7 +8194,7 @@ CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0
CVE-2020-12009
RESERVED
CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...)
- TODO: check
+ NOT-FOR-US: Baxter
CVE-2020-12007
RESERVED
CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...)
@@ -19668,19 +19668,19 @@ CVE-2019-20418
CVE-2019-20417
RESERVED
CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions allows remo ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20414 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20413 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20412 (The Convert Sub-Task to Issue page in affected versions of Atlassian J ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20411 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20410 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
- TODO: check
+ NOT-FOR-US: Atlassian
CVE-2019-20409 (The way in which velocity templates were used in Atlassian Jira Server ...)
NOT-FOR-US: Atlassian
CVE-2019-20408
@@ -20608,23 +20608,23 @@ CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components with
CVE-2020-7511 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...)
TODO: check
CVE-2020-7510 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 ( ...)
- TODO: check
+ NOT-FOR-US: Easergy T300
CVE-2020-7509 (A CWE-269: Improper privilege management (write) vulnerability exists ...)
- TODO: check
+ NOT-FOR-US: Easergy T300
CVE-2020-7508 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...)
- TODO: check
+ NOT-FOR-US: Easergy T300
CVE-2020-7507 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists in E ...)
- TODO: check
+ NOT-FOR-US: Easergy T300
CVE-2020-7506 (A CWE-538: File and Directory Information Exposure vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Easergy T300
CVE-2020-7505 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...)
- TODO: check
+ NOT-FOR-US: Easergy T300
CVE-2020-7504 (A CWE-20: Improper Input Validation vulnerability exists in Easergy T3 ...)
- TODO: check
+ NOT-FOR-US: Easergy T300
CVE-2020-7503 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in E ...)
- TODO: check
+ NOT-FOR-US: Easergy T300
CVE-2020-7502 (A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Lo ...)
- TODO: check
+ NOT-FOR-US: Modicon
CVE-2020-7501 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo ...)
NOT-FOR-US: Schneider
CVE-2020-7500 (A CWE-89:Improper Neutralization of Special Elements used in an SQL Co ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6e95b4c81f7c232dc0c34a1ba31299f2b69aa0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6e95b4c81f7c232dc0c34a1ba31299f2b69aa0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200630/3e3e97bf/attachment.html>
More information about the debian-security-tracker-commits
mailing list