Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
cbdeeab0 by Salvatore Bonaccorso at 2020-09-24T22:23:54+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3761,7 +3761,7 @@ CVE-2020-24367
CVE-2020-24366
RESERVED
CVE-2020-24365 (An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and
WRTM-12 ...)
- TODO: check
+ NOT-FOR-US: Gemtek devices
CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via
the note ...)
NOT-FOR-US: MineTime
CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an
unauthenticat ...)
@@ -7617,7 +7617,7 @@ CVE-2020-22455
CVE-2020-22454
RESERVED
CVE-2020-22453 (Untis WebUntis before 2020.9.6 allows XSS in multiple
functions that s ...)
- TODO: check
+ NOT-FOR-US: Untis WebUntis
CVE-2020-22452
RESERVED
CVE-2020-22451
@@ -20377,9 +20377,9 @@ CVE-2020-16150 (A Lucky 13 timing side channel in
mbedtls_ssl_decrypt_buf in lib
CVE-2020-16149
REJECTED
CVE-2020-16148 (The ping page of the administration panel in Telmat AccessLog
<= 6. ...)
- TODO: check
+ NOT-FOR-US: Telmat AccessLog
CVE-2020-16147 (The login page in Telmat AccessLog <= 6.0 (TAL_20180415)
allows an ...)
- TODO: check
+ NOT-FOR-US: Telmat AccessLog
CVE-2020-16146
RESERVED
CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in
HTML me ...)
@@ -20880,7 +20880,7 @@ CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles
Symbolic Links during upda
CVE-2020-15931
RESERVED
CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows
arbitrary cod ...)
- TODO: check
+ NOT-FOR-US: Joplin desktop
CVE-2020-15929
RESERVED
CVE-2020-15928
@@ -21097,7 +21097,7 @@ CVE-2020-15842 (Liferay Portal before 7.3.0, and
Liferay DXP 7.0 before fix pack
CVE-2020-15841 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix
pack 89, 7 ...)
NOT-FOR-US: Liferay
CVE-2020-15840 (In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and
Liferay DXP ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2020-15839 (Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix
pack 18 an ...)
NOT-FOR-US: Liferay
CVE-2020-15838
@@ -28310,7 +28310,7 @@ CVE-2020-13121 (Submitty through 20.04.01 has an open
redirect via authenticatio
CVE-2020-13120
RESERVED
CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to clickjacking. ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System
through 2 ...)
NOT-FOR-US: Mikrotik-Router-Monitoring-System
CVE-2020-13117
@@ -28941,19 +28941,19 @@ CVE-2020-12845 (Cherokee 0.4.27 to 1.2.104 is
affected by a denial of service du
CVE-2020-12844
RESERVED
CVE-2020-12843 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads
via the f ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12842 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by
appendin ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12841 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote
attacker ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12840 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote
attacker ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12839 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by
appendin ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12838 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by
appendin ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12837 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads
via the f ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12836
RESERVED
CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro
3.2.5. Due to ...)
@@ -29011,13 +29011,13 @@ CVE-2020-12820
CVE-2020-12819
RESERVED
CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before
6.4.1 may al ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12817 (An improper neutralization of input vulnerability in
FortiAnalyzer bef ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12816 (An improper neutralization of input vulnerability in FortiNAC
before 8 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12815 (An improper neutralization of input vulnerability in
FortiTester befor ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12814
RESERVED
CVE-2020-12813
@@ -29025,7 +29025,7 @@ CVE-2020-12813
CVE-2020-12812 (An improper authentication vulnerability in SSL VPN in FortiOS
6.4.0, ...)
NOT-FOR-US: Fortinet
CVE-2020-12811 (An improper neutralization of script-related HTML tags in a
web page i ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12810
RESERVED
CVE-2020-12809
@@ -30492,11 +30492,11 @@ CVE-2016-11054 (NETGEAR DGN2200v4 devices before
2017-01-06 are affected by comm
CVE-2020-12283 (Sourcegraph before 3.15.1 has a vulnerable authentication
workflow bec ...)
NOT-FOR-US: Sourcegraph
CVE-2020-12282 (iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca
parameter in ...)
- TODO: check
+ NOT-FOR-US: iSmartgate PRO
CVE-2020-12281 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote
attacker ...)
- TODO: check
+ NOT-FOR-US: iSmartgate PRO
CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote
attacker ...)
- TODO: check
+ NOT-FOR-US: iSmartgate PRO
CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x
before 0.99. ...)
- libgit2 0.28.4+dfsg.1-2
[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on
NTFS like filesystem)
@@ -54584,9 +54584,9 @@ CVE-2020-3562
CVE-2020-3561
RESERVED
CVE-2020-3560 (A vulnerability in Cisco Aironet Access Points (APs) could
allow an un ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3559 (A vulnerability in Cisco Aironet Access Point (AP) Software
could allo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3558
RESERVED
CVE-2020-3557
@@ -54600,7 +54600,7 @@ CVE-2020-3554
CVE-2020-3553
RESERVED
CVE-2020-3552 (A vulnerability in the Ethernet packet handling of Cisco
Aironet Acces ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3551
RESERVED
CVE-2020-3550
@@ -54650,13 +54650,13 @@ CVE-2020-3529
CVE-2020-3528
RESERVED
CVE-2020-3527 (A vulnerability in the Polaris kernel of Cisco Catalyst 9200
Series Sw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3526 (A vulnerability in the Common Open Policy Service (COPS) engine
of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3525
RESERVED
CVE-2020-3524 (A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON)
Software for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3523 (A vulnerability in the web-based management interface of Cisco
Data Ce ...)
NOT-FOR-US: Cisco
CVE-2020-3522 (A vulnerability in the web-based management interface of Cisco
Data Ce ...)
@@ -54672,23 +54672,23 @@ CVE-2020-3518 (A vulnerability in the web-based
management interface of Cisco Da
CVE-2020-3517 (A vulnerability in the Cisco Fabric Services component of Cisco
FXOS S ...)
NOT-FOR-US: Cisco
CVE-2020-3516 (A vulnerability in the web server authentication of Cisco IOS
XE Softw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3515
RESERVED
CVE-2020-3514
RESERVED
CVE-2020-3513 (Multiple vulnerabilities in the initialization routines that
are execu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3512 (A vulnerability in the PROFINET handler for Link Layer
Discovery Proto ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3511 (A vulnerability in the ISDN subsystem of Cisco IOS Software and
Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3510 (A vulnerability in the Umbrella Connector component of Cisco
IOS XE So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3509 (A vulnerability in the DHCP message handler of Cisco IOS XE
Software f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3508 (A vulnerability in the IP Address Resolution Protocol (ARP)
feature of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3507 (Multiple vulnerabilities in the Cisco Discovery Protocol
implementatio ...)
NOT-FOR-US: Cisco
CVE-2020-3506 (Multiple vulnerabilities in the Cisco Discovery Protocol
implementatio ...)
@@ -54698,7 +54698,7 @@ CVE-2020-3505 (A vulnerability in the Cisco Discovery
Protocol of Cisco Video Su
CVE-2020-3504 (A vulnerability in the local management (local-mgmt) CLI of
Cisco UCS ...)
NOT-FOR-US: Cisco
CVE-2020-3503 (A vulnerability in the file system permissions of Cisco IOS XE
Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex
Meetings ...)
NOT-FOR-US: Cisco
CVE-2020-3501 (Multiple vulnerabilities in the user interface of Cisco Webex
Meetings ...)
@@ -54710,29 +54710,29 @@ CVE-2020-3499
CVE-2020-3498 (A vulnerability in Cisco Jabber software could allow an
authenticated, ...)
NOT-FOR-US: Cisco
CVE-2020-3497 (Multiple vulnerabilities in the Control and Provisioning of
Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3496 (A vulnerability in the IPv6 packet processing engine of Cisco
Small Bu ...)
NOT-FOR-US: Cisco
CVE-2020-3495 (A vulnerability in Cisco Jabber for Windows could allow an
authenticat ...)
NOT-FOR-US: Cisco
CVE-2020-3494 (Multiple vulnerabilities in the Control and Provisioning of
Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3493 (Multiple vulnerabilities in the Control and Provisioning of
Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3492 (A vulnerability in the Flexible NetFlow Version 9 packet
processor of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3491 (A vulnerability in the web-based management interface of Cisco
Vision ...)
NOT-FOR-US: Cisco
CVE-2020-3490 (A vulnerability in the web-based management interface of Cisco
Vision ...)
NOT-FOR-US: Cisco
CVE-2020-3489 (Multiple vulnerabilities in the Control and Provisioning of
Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3488 (Multiple vulnerabilities in the Control and Provisioning of
Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3487 (Multiple vulnerabilities in the Control and Provisioning of
Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3486 (Multiple vulnerabilities in the Control and Provisioning of
Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3485 (A vulnerability in the role-based access control (RBAC)
functionality ...)
NOT-FOR-US: Cisco
CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco
Vision ...)
@@ -54747,19 +54747,19 @@ CVE-2020-3481 (A vulnerability in the EGG archive
parsing module in Clam AntiVir
[buster] - clamav 0.102.4+dfsg-0+deb10u1
NOTE:
https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
CVE-2020-3480 (Multiple vulnerabilities in the Zone-Based Firewall feature of
Cisco I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3479 (A vulnerability in the implementation of Multiprotocol Border
Gateway ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3478 (A vulnerability in the REST API of Cisco Enterprise NFV
Infrastructure ...)
NOT-FOR-US: Cisco
CVE-2020-3477 (A vulnerability in the CLI parser of Cisco IOS Software and
Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3476 (A vulnerability in the CLI implementation of a specific command
of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3475 (Multiple vulnerabilities in the web management framework of
Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3474 (Multiple vulnerabilities in the web management framework of
Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3473 (A vulnerability in task group assignment for a specific CLI
command in ...)
NOT-FOR-US: Cisco
CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings
could ...)
@@ -54777,7 +54777,7 @@ CVE-2020-3467
CVE-2020-3466 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2020-3465 (A vulnerability in Cisco IOS XE Software could allow an
unauthenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco
UCS Dir ...)
NOT-FOR-US: Cisco
CVE-2020-3463 (A vulnerability in the web-based management interface of Cisco
Webex M ...)
@@ -54849,37 +54849,37 @@ CVE-2020-3431
CVE-2020-3430 (A vulnerability in the application protocol handling features
of Cisco ...)
NOT-FOR-US: Cisco
CVE-2020-3429 (A vulnerability in the WPA2 and WPA3 security implementation of
Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3428 (A vulnerability in the WLAN Local Profiling feature of Cisco
IOS XE Wi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3427
RESERVED
CVE-2020-3426 (A vulnerability in the implementation of the Low Power, Wide
Area (LPW ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3425 (Multiple vulnerabilities in the web management framework of
Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3424
RESERVED
CVE-2020-3423 (A vulnerability in the implementation of the Lua interpreter
that is i ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3422 (A vulnerability in the IP Service Level Agreement (SLA)
responder feat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3421 (Multiple vulnerabilities in the Zone-Based Firewall feature of
Cisco I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3420
RESERVED
CVE-2020-3419
RESERVED
CVE-2020-3418 (A vulnerability in Cisco IOS XE Wireless Controller Software
for Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3417 (A vulnerability in Cisco IOS XE Software could allow an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3416 (Multiple vulnerabilities in the initialization routines that
are execu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3415 (A vulnerability in the Data Management Engine (DME) of Cisco
NX-OS Sof ...)
NOT-FOR-US: Cisco
CVE-2020-3414 (A vulnerability in the packet processing of Cisco IOS XE
Software for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of
Cisco Web ...)
NOT-FOR-US: Cisco
CVE-2020-3412 (A vulnerability in the scheduled meeting template feature of
Cisco Web ...)
@@ -54889,45 +54889,45 @@ CVE-2020-3411 (A vulnerability in Cisco DNA Center
software could allow an unaut
CVE-2020-3410
RESERVED
CVE-2020-3409 (A vulnerability in the PROFINET feature of Cisco IOS Software
and Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3408 (A vulnerability in the Split DNS feature of Cisco IOS Software
and Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3407 (A vulnerability in the RESTCONF and NETCONF-YANG access control
list ( ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3406 (A vulnerability in the web-based management interface of the
Cisco SD- ...)
NOT-FOR-US: Cisco
CVE-2020-3405 (A vulnerability in the web UI of Cisco SD-WAN vManage Software
could a ...)
NOT-FOR-US: Cisco
CVE-2020-3404 (A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI
of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3403 (A vulnerability in the CLI of Cisco IOS XE Software could allow
an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3402 (A vulnerability in the Java Remote Method Invocation (RMI)
interface o ...)
NOT-FOR-US: Cisco
CVE-2020-3401 (A vulnerability in the web-based management interface of Cisco
SD-WAN ...)
NOT-FOR-US: Cisco
CVE-2020-3400 (A vulnerability in the web UI feature of Cisco IOS XE Software
could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3399 (A vulnerability in the Control and Provisioning of Wireless
Access Poi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3398 (A vulnerability in the Border Gateway Protocol (BGP) Multicast
VPN (MV ...)
NOT-FOR-US: Cisco
CVE-2020-3397 (A vulnerability in the Border Gateway Protocol (BGP) Multicast
VPN (MV ...)
NOT-FOR-US: Cisco
CVE-2020-3396 (A vulnerability in the file system on the pluggable USB 3.0
Solid Stat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3395
RESERVED
CVE-2020-3394 (A vulnerability in the Enable Secret feature of Cisco Nexus
3000 Serie ...)
NOT-FOR-US: Cisco
CVE-2020-3393 (A vulnerability in the application-hosting subsystem of Cisco
IOS XE S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3392
RESERVED
CVE-2020-3391 (A vulnerability in Cisco Digital Network Architecture (DNA)
Center cou ...)
NOT-FOR-US: Cisco
CVE-2020-3390 (A vulnerability in Simple Network Management Protocol (SNMP)
trap gene ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3389 (A vulnerability in the installation component of Cisco
Hyperflex HX-Se ...)
NOT-FOR-US: Cisco
CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software
could allo ...)
@@ -54989,7 +54989,7 @@ CVE-2020-3361 (A vulnerability in Cisco Webex Meetings
and Cisco Webex Meetings
CVE-2020-3360 (A vulnerability in the Web Access feature of Cisco IP Phones
Series 78 ...)
NOT-FOR-US: Cisco
CVE-2020-3359 (A vulnerability in the multicast DNS (mDNS) feature of Cisco
IOS XE So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3358 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature
for Cisc ...)
NOT-FOR-US: Cisco
CVE-2020-3357 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature
of Cisco ...)
@@ -55437,7 +55437,7 @@ CVE-2020-3143 (A vulnerability in the video endpoint
API (xAPI) of Cisco TelePre
CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco
Webex Me ...)
NOT-FOR-US: Cisco
CVE-2020-3141 (Multiple vulnerabilities in the web management framework of
Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3140 (A vulnerability in the web management interface of Cisco Prime
License ...)
NOT-FOR-US: Cisco
CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface
IP table ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbdeeab007204f9311866a312e887fd14ff5ace7
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbdeeab007204f9311866a312e887fd14ff5ace7
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
