[Git][security-tracker-team/security-tracker][master] Process NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jun 30 20:22:32 BST 2020 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9b43b5f2 by Salvatore Bonaccorso at 2020-06-30T21:22:17+02:00
Process NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -55,7 +55,7 @@ CVE-2020-15370
 CVE-2020-15369
 	RESERVED
 CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...)
-	TODO: check
+	NOT-FOR-US: ASRock RGB Driver
 CVE-2020-15367
 	RESERVED
 CVE-2020-15366
@@ -69,11 +69,11 @@ CVE-2020-15364 (The Nexos theme through 1.7 for WordPress allows top-map/?search
 CVE-2020-15363 (The Nexos theme through 1.7 for WordPress allows side-map/?search_orde ...)
 	NOT-FOR-US: Wordpress theme
 CVE-2020-15362 (wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection b ...)
-	TODO: check
+	NOT-FOR-US: thingsSDK WiFi Scanner
 CVE-2020-15361
 	RESERVED
 CVE-2020-15360 (com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalatio ...)
-	TODO: check
+	NOT-FOR-US: Docker Desktop on Windows
 CVE-2020-15359
 	RESERVED
 CVE-2020-15357
@@ -8137,7 +8137,7 @@ CVE-2020-12041 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24
 CVE-2020-12040 (Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spec ...)
 	NOT-FOR-US: Sigma Spectrum Infusion System
 CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v' ...)
-	TODO: check
+	NOT-FOR-US: Baxter
 CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...)
 	NOT-FOR-US: Rockwell Automation
 CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...)
@@ -25191,7 +25191,7 @@ CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior to
 CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to ...)
 	NOT-FOR-US: XACK DNS
 CVE-2020-5590 (Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 ...)
-	TODO: check
+	NOT-FOR-US: EC-CUBE
 CVE-2020-5589 (SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3,  ...)
 	NOT-FOR-US: SONY
 CVE-2020-5588
@@ -28868,7 +28868,7 @@ CVE-2020-4091
 CVE-2020-4090
 	RESERVED
 CVE-2020-4089 (HCL Notes is vulnerable to an information leakage vulnerability throug ...)
-	TODO: check
+	NOT-FOR-US: HCL Notes
 CVE-2020-4088
 	RESERVED
 CVE-2020-4087
@@ -28910,7 +28910,7 @@ CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is a
 CVE-2020-4069
 	RESERVED
 CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...)
-	TODO: check
+	NOT-FOR-US: APNSwift
 CVE-2020-4067 (In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN  ...)
 	{DSA-4711-1}
 	- coturn 4.5.1.3-1
@@ -29003,7 +29003,7 @@ CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read i
 CVE-2020-4029
 	RESERVED
 CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with a 404  ...)
-	TODO: check
+	NOT-FOR-US: Atlassian
 CVE-2020-4027
 	RESERVED
 CVE-2020-4026 (The CustomAppsRestResource list resource in Atlassian Navigator Links  ...)
@@ -34850,7 +34850,7 @@ CVE-2020-2023 (Kata Containers doesn't restrict containers from accessing the gu
 CVE-2020-2022
 	RESERVED
 CVE-2020-2021 (When Security Assertion Markup Language (SAML) authentication is enabl ...)
-	TODO: check
+	NOT-FOR-US: Palo Alto Networks
 CVE-2020-2020
 	RESERVED
 CVE-2020-2019
@@ -36993,7 +36993,7 @@ CVE-2019-19162 (A use-after-free vulnerability in the TOBESOFT XPLATFORM version
 CVE-2019-19161
 	RESERVED
 CVE-2019-19160 (Reportexpress ProPlus contains a vulnerability that could allow an arb ...)
-	TODO: check
+	NOT-FOR-US: Reportexpress ProPlus
 CVE-2019-19159
 	RESERVED
 CVE-2019-19158
@@ -41761,15 +41761,15 @@ CVE-2019-18258
 CVE-2019-18257 (In Advantech DiagAnywhere Server, Versions 3.07.11 and prior, multiple ...)
 	NOT-FOR-US: Advantech
 CVE-2019-18256 (BIOTRONIK CardioMessenger II, The affected products use individual per ...)
-	TODO: check
+	NOT-FOR-US: BIOTRONIK CardioMessenge
 CVE-2019-18255
 	RESERVED
 CVE-2019-18254 (BIOTRONIK CardioMessenger II, The affected products do not encrypt sen ...)
-	TODO: check
+	NOT-FOR-US: BIOTRONIK CardioMessenge
 CVE-2019-18253 (An attacker could use specially crafted paths in a specific request to ...)
 	NOT-FOR-US: Relion
 CVE-2019-18252 (BIOTRONIK CardioMessenger II, The affected products allow credential r ...)
-	TODO: check
+	NOT-FOR-US: BIOTRONIK CardioMessenge
 CVE-2019-18251 (In Omron CX-Supervisor, Versions 3.5 (12) and prior, Omron CX-Supervis ...)
 	NOT-FOR-US: Omron
 CVE-2019-18250 (In all versions of ABB Power Generation Information Manager (PGIM) and ...)
@@ -41777,11 +41777,11 @@ CVE-2019-18250 (In all versions of ABB Power Generation Information Manager (PGI
 CVE-2019-18249 (Reliable Controls MACH-ProWebCom/Sys, all versions prior to 2.15 (Firm ...)
 	NOT-FOR-US: Reliable Controls
 CVE-2019-18248 (BIOTRONIK CardioMessenger II, The affected products transmit credentia ...)
-	TODO: check
+	NOT-FOR-US: BIOTRONIK CardioMessenge
 CVE-2019-18247 (An attacker may use a specially crafted message to force Relion 650 se ...)
 	NOT-FOR-US: Relion
 CVE-2019-18246 (BIOTRONIK CardioMessenger II, The affected products do not properly en ...)
-	TODO: check
+	NOT-FOR-US: BIOTRONIK CardioMessenge
 CVE-2019-18245 (Reliable Controls LicenseManager versions 3.4 and prior may allow an a ...)
 	NOT-FOR-US: Reliable Controls LicenseManager
 CVE-2019-18244 (OSIsoft PI Vision, PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b43b5f22fff025307b6454a2732e8c3b4400f0f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b43b5f22fff025307b6454a2732e8c3b4400f0f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200630/c9aecbc1/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list