[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso Tue, 30 Jun 2020 01:47:59 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
cd6e95b4 by Salvatore Bonaccorso at 2020-06-30T10:47:04+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4780,7 +4780,7 @@ CVE-2020-13425 (TrackR devices through 2020-05-06 allow 
attackers to trigger the
 CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows 
Authenticated Lo ...)
        NOT-FOR-US: Joomla addon
 CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that 
can be exp ...)
-       TODO: check
+       NOT-FOR-US: Form Builder for Magento
 CVE-2020-13422
        RESERVED
 CVE-2020-13421
@@ -8136,17 +8136,17 @@ CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps 
Sigma Spectrum Infusion Sys
 CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior 
(FactoryTalk ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to 
3.x, The ...)
-       TODO: check
+       NOT-FOR-US: Baxter
 CVE-2020-12036 (Baxter PrismaFlex all versions, PrisMax all versions prior to 
3.x, The ...)
-       TODO: check
+       NOT-FOR-US: Baxter
 CVE-2020-12035 (Baxter PrismaFlex all versions, PrisMax all versions prior to 
3.x, The ...)
-       TODO: check
+       NOT-FOR-US: Baxter
 CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior 
(FactoryTalk ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all 
versions, th ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix 
EM1200 Vers ...)
-       TODO: check
+       NOT-FOR-US: Baxter
 CVE-2020-12031
        RESERVED
 CVE-2020-12030
@@ -8162,7 +8162,7 @@ CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 
and prior, Version 9.0.0
 CVE-2020-12025
        RESERVED
 CVE-2020-12024 (Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and 
ExactaMix ...)
-       TODO: check
+       NOT-FOR-US: Baxter
 CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and 
prior, Intel ...)
        NOT-FOR-US: Philips
 CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 
9.0.0. An i ...)
@@ -8170,7 +8170,7 @@ CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 
and prior, Version 9.0.0
 CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all 
previous vers ...)
        NOT-FOR-US: OSIsoft PI Web
 CVE-2020-12020 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and 
ExactaMix E ...)
-       TODO: check
+       NOT-FOR-US: Baxter
 CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a 
stack-based  ...)
        NOT-FOR-US: WebAccess Node
 CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 
9.0.0. An o ...)
@@ -8178,7 +8178,7 @@ CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 
and prior, Version 9.0.0
 CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, 
all firmw ...)
        NOT-FOR-US: GE Grid Solutions Reason RT Clocks
 CVE-2020-12016 (Baxter ExactaMix EM 2400 &amp; EM 1200, Versions ExactaMix 
EM2400 Vers ...)
-       TODO: check
+       NOT-FOR-US: Baxter
 CVE-2020-12015
        RESERVED
 CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 
9.0.0. Inpu ...)
@@ -8186,7 +8186,7 @@ CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 
and prior, Version 9.0.0
 CVE-2020-12013
        RESERVED
 CVE-2020-12012 (Baxter ExactaMix EM 2400 &amp; EM 1200, Versions ExactaMix 
EM2400 Vers ...)
-       TODO: check
+       NOT-FOR-US: Baxter
 CVE-2020-12011
        RESERVED
 CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 
9.0.0. Mult ...)
@@ -8194,7 +8194,7 @@ CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 
and prior, Version 9.0.0
 CVE-2020-12009
        RESERVED
 CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix 
EM1200 Vers ...)
-       TODO: check
+       NOT-FOR-US: Baxter
 CVE-2020-12007
        RESERVED
 CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 
9.0.0. Mult ...)
@@ -19668,19 +19668,19 @@ CVE-2019-20418
 CVE-2019-20417
        RESERVED
 CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2019-20415 (Atlassian Jira Server and Data Center in affected versions 
allows remo ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2019-20414 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2019-20413 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2019-20412 (The Convert Sub-Task to Issue page in affected versions of 
Atlassian J ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2019-20411 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2019-20410 (Affected versions of Atlassian Jira Server and Data Center 
allow remot ...)
-       TODO: check
+       NOT-FOR-US: Atlassian
 CVE-2019-20409 (The way in which velocity templates were used in Atlassian 
Jira Server ...)
        NOT-FOR-US: Atlassian
 CVE-2019-20408
@@ -20608,23 +20608,23 @@ CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent 
Third Party Components with
 CVE-2020-7511 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm 
vulnerabil ...)
        TODO: check
 CVE-2020-7510 (A CWE-200: Information Exposure vulnerability exists in Easergy 
T300 ( ...)
-       TODO: check
+       NOT-FOR-US: Easergy T300
 CVE-2020-7509 (A CWE-269: Improper privilege management (write) vulnerability 
exists  ...)
-       TODO: check
+       NOT-FOR-US: Easergy T300
 CVE-2020-7508 (A CWE-307 Improper Restriction of Excessive Authentication 
Attempts vu ...)
-       TODO: check
+       NOT-FOR-US: Easergy T300
 CVE-2020-7507 (A CWE-400: Uncontrolled Resource Consumption vulnerability 
exists in E ...)
-       TODO: check
+       NOT-FOR-US: Easergy T300
 CVE-2020-7506 (A CWE-538: File and Directory Information Exposure 
vulnerability exist ...)
-       TODO: check
+       NOT-FOR-US: Easergy T300
 CVE-2020-7505 (A CWE-494 Download of Code Without Integrity Check 
vulnerability exist ...)
-       TODO: check
+       NOT-FOR-US: Easergy T300
 CVE-2020-7504 (A CWE-20: Improper Input Validation vulnerability exists in 
Easergy T3 ...)
-       TODO: check
+       NOT-FOR-US: Easergy T300
 CVE-2020-7503 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability 
exists in E ...)
-       TODO: check
+       NOT-FOR-US: Easergy T300
 CVE-2020-7502 (A CWE-787: Out-of-bounds Write vulnerability exists in Modicon 
M218 Lo ...)
-       TODO: check
+       NOT-FOR-US: Modicon
 CVE-2020-7501 (A CWE-798: Use of Hard-coded Credentials vulnerability exists 
in Vijeo ...)
        NOT-FOR-US: Schneider
 CVE-2020-7500 (A CWE-89:Improper Neutralization of Special Elements used in an 
SQL Co ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6e95b4c81f7c232dc0c34a1ba31299f2b69aa0

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cd6e95b4c81f7c232dc0c34a1ba31299f2b69aa0
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] Process some NFUs

Reply via email to