[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso Wed, 24 Jun 2020 01:10:41 -0700


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / 
security-tracker



Commits:
3d39ad78 by security tracker role at 2020-06-24T08:10:20+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -2262,8 +2262,8 @@ CVE-2020-14075 (TRENDnet TEW-827DRU devices through 
2.06B04 contain multiple com
        NOT-FOR-US: TRENDnet
 CVE-2020-14074 (TRENDnet TEW-827DRU devices through 2.06B04 contain a 
stack-based buff ...)
        NOT-FOR-US: TRENDnet
-CVE-2020-14073
-       RESERVED
+CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted 
map proper ...)
+       TODO: check
 CVE-2020-14072
        RESERVED
 CVE-2020-14071
@@ -4491,12 +4491,12 @@ CVE-2020-13159 (Artica Proxy before 4.30.000000 
Community Edition allows OS comm
        NOT-FOR-US: Artica Proxy
 CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows 
Directory Tra ...)
        NOT-FOR-US: Artica Proxy
-CVE-2020-13157
-       RESERVED
-CVE-2020-13156
-       RESERVED
-CVE-2020-13155
-       RESERVED
+CVE-2020-13157 (modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to 
change a u ...)
+       TODO: check
+CVE-2020-13156 (modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF 
to add a  ...)
+       TODO: check
+CVE-2020-13155 (clearsystem.php in NukeViet 4.4 allows CSRF with resultant 
HTML inject ...)
+       TODO: check
 CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows 
low-priv ...)
        NOT-FOR-US: Zoho
 CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 
has XSS ...)
@@ -7255,8 +7255,8 @@ CVE-2020-12035
        RESERVED
 CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior 
(FactoryTalk ...)
        NOT-FOR-US: Rockwell Automation
-CVE-2020-12033
-       RESERVED
+CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all 
versions, th ...)
+       TODO: check
 CVE-2020-12032
        RESERVED
 CVE-2020-12031
@@ -7279,8 +7279,8 @@ CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), 
Versions B.12 and prior,
        NOT-FOR-US: Philips
 CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 
9.0.0. An i ...)
        NOT-FOR-US: Advantech WebAccess Node
-CVE-2020-12021
-       RESERVED
+CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all 
previous vers ...)
+       TODO: check
 CVE-2020-12020
        RESERVED
 CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a 
stack-based  ...)
@@ -13138,30 +13138,30 @@ CVE-2020-10282
        RESERVED
 CVE-2020-10281
        RESERVED
-CVE-2020-10280
-       RESERVED
-CVE-2020-10279
-       RESERVED
-CVE-2020-10278
-       RESERVED
-CVE-2020-10277
-       RESERVED
-CVE-2020-10276
-       RESERVED
-CVE-2020-10275
-       RESERVED
-CVE-2020-10274
-       RESERVED
-CVE-2020-10273
-       RESERVED
-CVE-2020-10272
-       RESERVED
-CVE-2020-10271
-       RESERVED
-CVE-2020-10270
-       RESERVED
-CVE-2020-10269
-       RESERVED
+CVE-2020-10280 (The Apache server on port 80 that host the web interface is 
vulnerable ...)
+       TODO: check
+CVE-2020-10279 (MiR robot controllers (central computation unit) makes use of 
Ubuntu 1 ...)
+       TODO: check
+CVE-2020-10278 (The BIOS onboard MiR's Computer is not protected by password, 
therefor ...)
+       TODO: check
+CVE-2020-10277 (There is no mechanism in place to prevent a bad operator to 
boot from  ...)
+       TODO: check
+CVE-2020-10276 (The password for the safety PLC is the default and thus easy 
to find ( ...)
+       TODO: check
+CVE-2020-10275 (The access tokens for the REST API are directly derived from 
the publi ...)
+       TODO: check
+CVE-2020-10274 (The access tokens for the REST API are directly derived 
(sha256 and ba ...)
+       TODO: check
+CVE-2020-10273 (MiR controllers across firmware versions 2.8.1.1 and before do 
not enc ...)
+       TODO: check
+CVE-2020-10272 (MiR100, MiR200 and other MiR robots use the Robot Operating 
System (RO ...)
+       TODO: check
+CVE-2020-10271 (MiR100, MiR200 and other MiR robots use the Robot Operating 
System (RO ...)
+       TODO: check
+CVE-2020-10270 (Out of the wired and wireless interfaces within MiR100, MiR200 
and oth ...)
+       TODO: check
+CVE-2020-10269 (One of the wireless interfaces within MiR100, MiR200 and 
possibly (acc ...)
+       TODO: check
 CVE-2020-10268 (Critical services for operation can be terminated from windows 
task ma ...)
        NOT-FOR-US: Kuka
 CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions 
(tested o ...)
@@ -14941,8 +14941,8 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 
7.1.9, and 8.0.0 to 8.0.6 is
        - trafficserver 8.0.7+ds-1
        NOTE: 
https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E
        NOTE: 
https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c
-CVE-2020-9480
-       RESERVED
+CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource 
manager's mas ...)
+       TODO: check
 CVE-2020-9479
        RESERVED
 CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the 
holding of a ...)
@@ -24744,8 +24744,8 @@ CVE-2020-5369
        RESERVED
 CVE-2020-5368
        RESERVED
-CVE-2020-5367
-       RESERVED
+CVE-2020-5367 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, 
Dell EMC U ...)
+       TODO: check
 CVE-2020-5366
        RESERVED
 CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and earlier contain a 
remotesupport vul ...)
@@ -24788,8 +24788,8 @@ CVE-2020-5347 (Dell EMC Isilon OneFS versions 8.2.2 and 
earlier contain a denial
        NOT-FOR-US: Dell EMC Isilon OneFS
 CVE-2020-5346 (RSA Authentication Manager versions prior to 8.4 P11 contain a 
stored  ...)
        NOT-FOR-US: RSA Authentication Manager
-CVE-2020-5345
-       RESERVED
+CVE-2020-5345 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, 
Dell EMC U ...)
+       TODO: check
 CVE-2020-5344 (Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 
2.65.65.65, 2.70. ...)
        NOT-FOR-US: EMC
 CVE-2020-5343 (Dell Client platforms restored using a Dell OS recovery image 
download ...)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d39ad783361c37b1cdd97d826cf97785431da80

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/3d39ad783361c37b1cdd97d826cf97785431da80
You're receiving this email because of your account on salsa.debian.org.

_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

[Git][security-tracker-team/security-tracker][master] automatic update

Reply via email to