[Git][security-tracker-team/security-tracker][master] NFUs

Moritz Muehlenhoff Wed, 24 Jun 2020 09:20:25 -0700


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
7308b33f by Moritz Muehlenhoff at 2020-06-24T18:19:48+02:00
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -4506,11 +4506,11 @@ CVE-2020-13159 (Artica Proxy before 4.30.000000 
Community Edition allows OS comm
 CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows 
Directory Tra ...)
        NOT-FOR-US: Artica Proxy
 CVE-2020-13157 (modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to 
change a u ...)
-       TODO: check
+       NOT-FOR-US: NukeViet
 CVE-2020-13156 (modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF 
to add a  ...)
-       TODO: check
+       NOT-FOR-US: NukeViet
 CVE-2020-13155 (clearsystem.php in NukeViet 4.4 allows CSRF with resultant 
HTML inject ...)
-       TODO: check
+       NOT-FOR-US: NukeViet
 CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows 
low-priv ...)
        NOT-FOR-US: Zoho
 CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 
has XSS ...)
@@ -5371,7 +5371,7 @@ CVE-2020-12785 (cPanel before 86.0.14 allows attackers to 
obtain access to the c
 CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a 
bandwidth s ...)
        NOT-FOR-US: cPanel
 CVE-2020-12782 (Openfind MailGates contains a Command Injection flaw, when 
receiving e ...)
-       TODO: check
+       NOT-FOR-US: Openfind MailGates
 CVE-2020-12781
        RESERVED
 CVE-2020-12780
@@ -6088,7 +6088,7 @@ CVE-2020-12496
 CVE-2020-12495
        RESERVED
 CVE-2020-12494 (Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x 
is prov ...)
-       TODO: check
+       NOT-FOR-US: Beckhoff
 CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series 
with vers ...)
        NOT-FOR-US: SWARCOs CPU LS4000 Series
 CVE-2020-12492
@@ -7220,7 +7220,7 @@ CVE-2020-12055
 CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows 
Reflecte ...)
        NOT-FOR-US: Catch Breadcrumb plugin for WordPress
 CVE-2020-12053 (In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if 
certificate-ba ...)
-       TODO: check
+       NOT-FOR-US: Unisys Stealth
 CVE-2020-12052 (Grafana version &lt; 6.7.3 is vulnerable for annotation popup 
XSS. ...)
        - grafana <removed>
 CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows 
remote  ...)
@@ -7270,7 +7270,7 @@ CVE-2020-12035
 CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior 
(FactoryTalk ...)
        NOT-FOR-US: Rockwell Automation
 CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all 
versions, th ...)
-       TODO: check
+       NOT-FOR-US: Rockwell Automation
 CVE-2020-12032
        RESERVED
 CVE-2020-12031
@@ -7294,7 +7294,7 @@ CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), 
Versions B.12 and prior,
 CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 
9.0.0. An i ...)
        NOT-FOR-US: Advantech WebAccess Node
 CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all 
previous vers ...)
-       TODO: check
+       NOT-FOR-US: OSIsoft PI Web
 CVE-2020-12020
        RESERVED
 CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a 
stack-based  ...)
@@ -9742,9 +9742,9 @@ CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP 
version &gt; 1.0 through 2.
        NOTE: 
https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w
        NOTE: 
https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845
 CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier 
allows  ...)
-       TODO: check
+       NOT-FOR-US: WinMagic SecureDoc
 CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier 
allows  ...)
-       TODO: check
+       NOT-FOR-US: WinMagic SecureDoc
 CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows 
unauthenticate ...)
        NOT-FOR-US: Zoho
 CVE-2020-11517
@@ -9778,7 +9778,7 @@ CVE-2020-11505 (An issue was discovered in GitLab 
Community Edition (CE) and Ent
 CVE-2020-11504
        RESERVED
 CVE-2020-11503 (A heap-based buffer overflow in the awarrensmtp component of 
Sophos XG ...)
-       TODO: check
+       NOT-FOR-US: Sophos
 CVE-2020-11502
        RESERVED
 CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of 
AES for vi ...)
@@ -10759,7 +10759,7 @@ CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 
has a cross-site scripting
 CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, 
it has be ...)
        NOT-FOR-US: TYPO3
 CVE-2020-11068 (In LoRaMac-node before 4.4.4, a reception buffer overflow can 
happen d ...)
-       TODO: check
+       NOT-FOR-US: LoRaMac-node
 CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, 
it has be ...)
        NOT-FOR-US: TYPO3
 CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 
9.5.17 and g ...)
@@ -13165,29 +13165,29 @@ CVE-2020-10282
 CVE-2020-10281
        RESERVED
 CVE-2020-10280 (The Apache server on port 80 that host the web interface is 
vulnerable ...)
-       TODO: check
+       NOT-FOR-US: MiR
 CVE-2020-10279 (MiR robot controllers (central computation unit) makes use of 
Ubuntu 1 ...)
-       TODO: check
+       NOT-FOR-US: MiR
 CVE-2020-10278 (The BIOS onboard MiR's Computer is not protected by password, 
therefor ...)
-       TODO: check
+       NOT-FOR-US: MiR
 CVE-2020-10277 (There is no mechanism in place to prevent a bad operator to 
boot from  ...)
-       TODO: check
+       NOT-FOR-US: MiR
 CVE-2020-10276 (The password for the safety PLC is the default and thus easy 
to find ( ...)
-       TODO: check
+       NOT-FOR-US: Safety PLC
 CVE-2020-10275 (The access tokens for the REST API are directly derived from 
the publi ...)
-       TODO: check
+       NOT-FOR-US: MiR
 CVE-2020-10274 (The access tokens for the REST API are directly derived 
(sha256 and ba ...)
-       TODO: check
+       NOT-FOR-US: MiR
 CVE-2020-10273 (MiR controllers across firmware versions 2.8.1.1 and before do 
not enc ...)
-       TODO: check
+       NOT-FOR-US: MiR
 CVE-2020-10272 (MiR100, MiR200 and other MiR robots use the Robot Operating 
System (RO ...)
-       TODO: check
+       NOT-FOR-US: MiR
 CVE-2020-10271 (MiR100, MiR200 and other MiR robots use the Robot Operating 
System (RO ...)
-       TODO: check
+       NOT-FOR-US: MiR
 CVE-2020-10270 (Out of the wired and wireless interfaces within MiR100, MiR200 
and oth ...)
-       TODO: check
+       NOT-FOR-US: MiR
 CVE-2020-10269 (One of the wireless interfaces within MiR100, MiR200 and 
possibly (acc ...)
-       TODO: check
+       NOT-FOR-US: MiR
 CVE-2020-10268 (Critical services for operation can be terminated from windows 
task ma ...)
        NOT-FOR-US: Kuka
 CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions 
(tested o ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7308b33f427760c279254b804dc895815bd86674

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7308b33f427760c279254b804dc895815bd86674
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] NFUs

Reply via email to