[Git][security-tracker-team/security-tracker][master] Process some NFUs

Neil Williams (@codehelp) codehelp at debian.org
Wed Apr 20 09:55:45 BST 2022 


Neil Williams pushed to branch master at Debian Security Tracker / security-tracker


Commits:
ca108f35 by Neil Williams at 2022-04-20T09:55:14+01:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -111624,23 +111624,23 @@ CVE-2020-25170 (An Excel Macro Injection vulnerability exists in the export feat
 CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect data tra ...)
 	NOT-FOR-US: Reolink P2P products
 CVE-2020-25168 (Hard-coded credentials in the B. Braun Melsungen AG SpaceCom Version L ...)
-	TODO: check
+	NOT-FOR-US: B. Braun Melsungen AG
 CVE-2020-25167 (OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose informat ...)
 	TODO: check
 CVE-2020-25166 (An improper verification of the cryptographic signature of firmware up ...)
-	TODO: check
+	NOT-FOR-US: B. Braun Melsungen AG
 CVE-2020-25165 (BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alar ...)
 	NOT-FOR-US: BD Alaris PC Unit
 CVE-2020-25164 (A vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61  ...)
-	TODO: check
+	NOT-FOR-US: B. Braun Melsungen AG
 CVE-2020-25163 (A remote attacker with write access to PI ProcessBook files could inje ...)
 	TODO: check
 CVE-2020-25162 (A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom  ...)
-	TODO: check
+	NOT-FOR-US: B. Braun Melsungen AG
 CVE-2020-25161 (The WADashboard component of WebAccess/SCADA Versions 9.0 and prior ma ...)
 	NOT-FOR-US: WebAccess/SCADA
 CVE-2020-25160 (Improper access controls in the B. Braun Melsungen AG SpaceCom Version ...)
-	TODO: check
+	NOT-FOR-US: B. Braun Melsungen AG
 CVE-2020-25159 (499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack- ...)
 	NOT-FOR-US: 499ES
 CVE-2020-25158 (A reflected cross-site scripting (XSS) vulnerability in the B. Braun M ...)
@@ -111648,19 +111648,19 @@ CVE-2020-25158 (A reflected cross-site scripting (XSS) vulnerability in the B. B
 CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection ...)
 	NOT-FOR-US: R-SeeNet
 CVE-2020-25156 (Active debug code in the B. Braun Melsungen AG SpaceCom Version L8/U61 ...)
-	TODO: check
+	NOT-FOR-US: B. Braun Melsungen AG
 CVE-2020-25155 (The affected product transmits unencrypted sensitive information, whic ...)
 	NOT-FOR-US: NEXCOM
 CVE-2020-25154 (An open redirect vulnerability in the administrative interface of the  ...)
-	TODO: check
+	NOT-FOR-US: B. Braun Melsungen AG
 CVE-2020-25153 (The built-in web service for MOXA NPort IAW5000A-I/O firmware version  ...)
 	NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware
 CVE-2020-25152 (A session fixation vulnerability in the B. Braun Melsungen AG SpaceCom ...)
-	TODO: check
+	NOT-FOR-US: B. Braun Melsungen AG
 CVE-2020-25151 (The affected product does not properly validate input, which may allow ...)
 	NOT-FOR-US: NEXCOM
 CVE-2020-25150 (A relative path traversal attack in the B. Braun Melsungen AG SpaceCom ...)
-	TODO: check
+	NOT-FOR-US: B. Braun Melsungen AG
 CVE-2020-25149 (An issue was discovered in Observium Professional, Enterprise & Co ...)
 	NOT-FOR-US: Observium
 CVE-2020-25148 (An issue was discovered in Observium Professional, Enterprise & Co ...)
@@ -130819,7 +130819,7 @@ CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure dire
 CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...)
 	NOT-FOR-US: Philips SureSigns
 CVE-2020-16238 (A vulnerability in the configuration import mechanism of the B. Braun  ...)
-	TODO: check
+	NOT-FOR-US: B. Braun Melsungen AG
 CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives input  ...)
 	NOT-FOR-US: Philips SureSigns
 CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a  ...)
@@ -138343,7 +138343,7 @@ CVE-2020-13592 (An exploitable SQL injection vulnerability exists in "global_lis
 CVE-2020-13591 (An exploitable SQL injection vulnerability exists in the "access_rules ...)
 	NOT-FOR-US: Rukovoditel Project Management App
 CVE-2020-13590 (Multiple exploitable SQL injection vulnerabilities exist in the 'entit ...)
-	TODO: check
+	NOT-FOR-US: Rukovoditel Project Management App
 CVE-2020-13589 (An exploitable SQL injection vulnerability exists in the ‘entiti ...)
 	NOT-FOR-US: Rukovoditel Project Management App
 CVE-2020-13588 (An exploitable SQL injection vulnerability exists in the ‘entiti ...)
@@ -138409,7 +138409,7 @@ CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL fu
 CVE-2020-13568 (SQL injection vulnerability exists in phpGACL 3.3.7. A specially craft ...)
 	NOT-FOR-US: phpGACL
 CVE-2020-13567 (Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A speci ...)
-	TODO: check
+	NOT-FOR-US: phpGACL
 CVE-2020-13566 (SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially craf ...)
 	NOT-FOR-US: phpGACL
 CVE-2020-13565 (An open redirect vulnerability exists in the return_page redirection f ...)
@@ -138567,7 +138567,7 @@ CVE-2020-13497 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.
 CVE-2020-13496 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...)
 	NOT-FOR-US: Pixar OpenUSD
 CVE-2020-13495 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...)
-	TODO: check
+	NOT-FOR-US: Pixar OpenUSD
 CVE-2020-13494 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsin ...)
 	NOT-FOR-US: Pixar OpenUSD
 CVE-2020-13493 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...)
@@ -159177,7 +159177,7 @@ CVE-2020-6101 (An exploitable code execution vulnerability exists in the Shader
 CVE-2020-6100 (An exploitable memory corruption vulnerability exists in AMD atidxx64. ...)
 	NOT-FOR-US: AMD
 CVE-2020-6099 (An exploitable code execution vulnerability exists in the file format  ...)
-	TODO: check
+	NOT-FOR-US: Graphisoft BIMx
 CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...)
 	- freediameter 1.2.1-8 (bug #985088)
 	[buster] - freediameter 1.2.1-7+deb10u1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca108f35cb9b4cd9d924c832ecd71803b9f0d456

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ca108f35cb9b4cd9d924c832ecd71803b9f0d456
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220420/820faac5/attachment.htm>

More information about the debian-security-tracker-commits mailing list