Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
69e9747c by Salvatore Bonaccorso at 2020-08-29T10:55:36+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -20363,7 +20363,7 @@ CVE-2020-15161
CVE-2020-15160
RESERVED
CVE-2020-15159 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting
(XSS) a ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP
message ...)
NOT-FOR-US: libIEC61850
CVE-2020-15157
@@ -20371,9 +20371,9 @@ CVE-2020-15157
CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged
in user ...)
NOT-FOR-US: nodebb-plugin-blog-comments
CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting
(XSS) v ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting
(XSS) v ...)
- TODO: check
+ NOT-FOR-US: baserCMS
CVE-2020-15153
RESERVED
CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to
Server-Side Req ...)
@@ -23351,7 +23351,7 @@ CVE-2020-14044 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED
** A Server-Side Request
CVE-2020-14043 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request
Forgery ...)
NOT-FOR-US: Codiad
CVE-2020-14042 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site
Scripting (XSS) ...)
- TODO: check
+ NOT-FOR-US: Codiad
CVE-2020-14041
RESERVED
CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in
encoding ...)
@@ -34028,9 +34028,9 @@ CVE-2020-10520
CVE-2020-10519
RESERVED
CVE-2020-10518 (A remote code execution vulnerability was identified in GitHub
Enterpr ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2020-10517 (An improper access control vulnerability was identified in
GitHub Ente ...)
- TODO: check
+ NOT-FOR-US: GitHub Enterprise Server
CVE-2020-10516 (An improper access control vulnerability was identified in the
GitHub ...)
NOT-FOR-US: GitHub Enterprise Server API
CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary
planting ...)
@@ -36902,7 +36902,7 @@ CVE-2020-9300
CVE-2020-9299
RESERVED
CVE-2020-9298 (The Spinnaker template resolution functionality is vulnerable
to Serve ...)
- TODO: check
+ NOT-FOR-US: Spinnaker
CVE-2020-9297 (Netflix Titus, all versions prior to version v0.1.1-rc.274,
uses Java ...)
NOT-FOR-US: Netflix Titus
CVE-2020-9296 (Netflix Titus uses Java Bean Validation (JSR 380) custom
constraint va ...)
@@ -40813,7 +40813,7 @@ CVE-2020-7707 (The package property-expr before 2.0.3
are vulnerable to Prototyp
CVE-2020-7706 (The package connie-lang before 0.1.1 are vulnerable to
Prototype Pollu ...)
NOT-FOR-US: Node connie-lang
CVE-2020-7705 (This affects the package MintegralAdSDK from 0.0.0. The SDK
distribute ...)
- TODO: check
+ NOT-FOR-US: MintegralAdSDK
CVE-2020-7704 (The package linux-cmdline before 1.0.1 are vulnerable to
Prototype Pol ...)
NOT-FOR-US: Node linux-cmdline
CVE-2020-7703 (All versions of package nis-utils are vulnerable to Prototype
Pollutio ...)
@@ -41532,9 +41532,9 @@ CVE-2020-7379
CVE-2020-7378
RESERVED
CVE-2020-7377 (The Metasploit Framework module
"auxiliary/admin/http/telpho10_credent ...)
- TODO: check
+ NOT-FOR-US: Metasploit Framework module
CVE-2020-7376 (The Metasploit Framework module "post/osx/gather/enum_osx
module" is a ...)
- TODO: check
+ NOT-FOR-US: Metasploit Framework module
CVE-2020-7375
RESERVED
CVE-2020-7374 (Documalis Free PDF Editor version 5.7.2.26 and Documalis Free
PDF Scan ...)
@@ -41668,7 +41668,7 @@ CVE-2020-7311
CVE-2020-7310 (Privilege Escalation vulnerability in the installer in McAfee
McAfee T ...)
NOT-FOR-US: McAfee
CVE-2020-7309 (Cross Site Scripting vulnerability in ePO extension in McAfee
Applicat ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7308
RESERVED
CVE-2020-7307 (Unprotected Storage of Credentials vulnerability in McAfee Data
Loss P ...)
@@ -43379,7 +43379,7 @@ CVE-2020-6639
CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...)
NOT-FOR-US: Grin
CVE-2020-6637 (openSIS Community Edition version 7.3 is vulnerable to SQL
injection v ...)
- TODO: check
+ NOT-FOR-US: openSIS
CVE-2020-6636
RESERVED
CVE-2020-6635
@@ -45965,15 +45965,15 @@ CVE-2020-5627
CVE-2020-5626
RESERVED
CVE-2020-5625 (Cross-site scripting vulnerability in XooNIps 3.48 and earlier
allows ...)
- TODO: check
+ NOT-FOR-US: XooNIps
CVE-2020-5624 (SQL injection vulnerability in the XooNIps 3.48 and earlier
allows rem ...)
- TODO: check
+ NOT-FOR-US: XooNIps
CVE-2020-5623 (NITORI App for Android versions 6.0.4 and earlier and NITORI
App for i ...)
- TODO: check
+ NOT-FOR-US: NITORI App for Android and iOS
CVE-2020-5622
RESERVED
CVE-2020-5621 (Cross-site request forgery (CSRF) vulnerability in NETGEAR
switching h ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2020-5620 (Cross-site scripting vulnerability in Exment prior to v3.6.0
allows re ...)
NOT-FOR-US: Exment
CVE-2020-5619 (Cross-site scripting vulnerability in Exment prior to v3.6.0
allows re ...)
@@ -52057,19 +52057,19 @@ CVE-2020-3525
CVE-2020-3524
RESERVED
CVE-2020-3523 (A vulnerability in the web-based management interface of Cisco
Data Ce ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3522 (A vulnerability in the web-based management interface of Cisco
Data Ce ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3521 (A vulnerability in a specific REST API of Cisco Data Center
Network Ma ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3520 (A vulnerability in Cisco Data Center Network Manager (DCNM)
Software c ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3519 (A vulnerability in a specific REST API method of Cisco Data
Center Net ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3518 (A vulnerability in the web-based management interface of Cisco
Data Ce ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3517 (A vulnerability in the Cisco Fabric Services component of Cisco
FXOS S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3516
RESERVED
CVE-2020-3515
@@ -52089,13 +52089,13 @@ CVE-2020-3509
CVE-2020-3508
RESERVED
CVE-2020-3507 (Multiple vulnerabilities in the Cisco Discovery Protocol
implementatio ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3506 (Multiple vulnerabilities in the Cisco Discovery Protocol
implementatio ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3505 (A vulnerability in the Cisco Discovery Protocol of Cisco Video
Surveil ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3504 (A vulnerability in the local management (local-mgmt) CLI of
Cisco UCS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3503
RESERVED
CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex
Meetings ...)
@@ -52111,7 +52111,7 @@ CVE-2020-3498
CVE-2020-3497
RESERVED
CVE-2020-3496 (A vulnerability in the IPv6 packet processing engine of Cisco
Small Bu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3495
RESERVED
CVE-2020-3494
@@ -52121,9 +52121,9 @@ CVE-2020-3493
CVE-2020-3492
RESERVED
CVE-2020-3491 (A vulnerability in the web-based management interface of Cisco
Vision ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3490 (A vulnerability in the web-based management interface of Cisco
Vision ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3489
RESERVED
CVE-2020-3488
@@ -52133,9 +52133,9 @@ CVE-2020-3487
CVE-2020-3486
RESERVED
CVE-2020-3485 (A vulnerability in the role-based access control (RBAC)
functionality ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco
Vision ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3483
RESERVED
CVE-2020-3482
@@ -52174,7 +52174,7 @@ CVE-2020-3468 (A vulnerability in the web-based
management interface of Cisco SD
CVE-2020-3467
RESERVED
CVE-2020-3466 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3465
RESERVED
CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco
UCS Dir ...)
@@ -52198,7 +52198,7 @@ CVE-2020-3456
CVE-2020-3455
RESERVED
CVE-2020-3454 (A vulnerability in the Call Home feature of Cisco NX-OS
Software could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3453
RESERVED
CVE-2020-3452 (A vulnerability in the web services interface of Cisco Adaptive
Securi ...)
@@ -52214,21 +52214,21 @@ CVE-2020-3448 (A vulnerability in an access control
mechanism of Cisco Cyber Vis
CVE-2020-3447 (A vulnerability in the CLI of Cisco AsyncOS for Cisco Email
Security A ...)
NOT-FOR-US: Cisco
CVE-2020-3446 (A vulnerability in Cisco Virtual Wide Area Application Services
(vWAAS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3445
RESERVED
CVE-2020-3444
RESERVED
CVE-2020-3443 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM
On-Prem) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3442 (The DuoConnect client enables users to establish SSH
connections to ho ...)
NOT-FOR-US: DuoConnect
CVE-2020-3441
RESERVED
CVE-2020-3440 (A vulnerability in Cisco Webex Meetings Desktop App for Windows
could ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3439 (A vulnerability in the web-based management interface of Cisco
Data Ce ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3438
RESERVED
CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco
SD-WAN ...)
@@ -52276,7 +52276,7 @@ CVE-2020-3417
CVE-2020-3416
RESERVED
CVE-2020-3415 (A vulnerability in the Data Management Engine (DME) of Cisco
NX-OS Sof ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3414
RESERVED
CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of
Cisco Web ...)
@@ -52310,15 +52310,15 @@ CVE-2020-3400
CVE-2020-3399
RESERVED
CVE-2020-3398 (A vulnerability in the Border Gateway Protocol (BGP) Multicast
VPN (MV ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3397 (A vulnerability in the Border Gateway Protocol (BGP) Multicast
VPN (MV ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3396
RESERVED
CVE-2020-3395
RESERVED
CVE-2020-3394 (A vulnerability in the Enable Secret feature of Cisco Nexus
3000 Serie ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3393
RESERVED
CVE-2020-3392
@@ -52328,7 +52328,7 @@ CVE-2020-3391 (A vulnerability in Cisco Digital Network
Architecture (DNA) Cente
CVE-2020-3390
RESERVED
CVE-2020-3389 (A vulnerability in the installation component of Cisco
Hyperflex HX-Se ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software
could allo ...)
NOT-FOR-US: Cisco
CVE-2020-3387 (A vulnerability in Cisco SD-WAN vManage Software could allow an
authen ...)
@@ -52437,7 +52437,7 @@ CVE-2020-3340 (Multiple vulnerabilities in the
web-based management interface of
CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco
Prime I ...)
NOT-FOR-US: Cisco
CVE-2020-3338 (A vulnerability in the Protocol Independent Multicast (PIM)
feature fo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3337 (A vulnerability in the web server of Cisco Umbrella could allow
an una ...)
NOT-FOR-US: Cisco
CVE-2020-3336 (A vulnerability in the software upgrade process of Cisco
TelePresence ...)
@@ -52814,9 +52814,9 @@ CVE-2020-3154 (A vulnerability in the web UI of Cisco
Cloud Web Security (CWS) c
CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect
Secure ...)
NOT-FOR-US: Cisco
CVE-2020-3152 (A vulnerability in Cisco Connected Mobile Experiences (CMX)
could allo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3151 (A vulnerability in the CLI of Cisco Connected Mobile
Experiences (CMX) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3150 (A vulnerability in the web-based management interface of Cisco
Small B ...)
NOT-FOR-US: Cisco
CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco
Identit ...)
@@ -58780,7 +58780,7 @@ CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby
lacks an element count d
- ruby-json-jwt 1.11.0-1 (bug #944850)
NOTE:
https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a
CVE-2019-18847 (Enterprise Access Client Auto-Updater allows for Remote Code
Execution ...)
- TODO: check
+ NOT-FOR-US: Akamai / Enterprise Access Client Auto-Updater
CVE-2019-18846 (OX App Suite through 7.10.2 allows SSRF. ...)
NOT-FOR-US: OX App Suite
CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB
before 1.1 ...)
@@ -328113,7 +328113,7 @@ CVE-2012-4820 (Unspecified vulnerability in the JRE
component in IBM Java 7 SR2
CVE-2012-4819 (Cross-site scripting (XSS) vulnerability in InfoSphere Business
Glossa ...)
NOT-FOR-US: IBM InfoSphere
CVE-2012-4818 (IBM InfoSphere Information Server 8.1, 8.5, and 8,7 could allow
a remo ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1,
and VIOS ...)
NOT-FOR-US: IBM AIX, VIOS
CVE-2012-4816 (IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5
allows rem ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e9747c78cdfbcc213a5efc696c738a21e056d8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69e9747c78cdfbcc213a5efc696c738a21e056d8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
