Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ded19317 by Salvatore Bonaccorso at 2020-10-21T22:15:22+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2020-27613 (The installation procedure in BigBlueButton before 2.2.17 uses
ClueCon ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27612 (Greenlight in BigBlueButton through 2.2.28 places usernames in
room UR ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27611 (BigBlueButton through 2.2.28 uses STUN/TURN resources from a
third par ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27610 (The installation procedure in BigBlueButton before 2.2.28 (or
earlier) ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27609 (BigBlueButton through 2.2.28 records a video meeting despite
the deact ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27608 (In BigBlueButton before 2.2.6, uploaded presentations are sent
to clie ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27607 (In BigBlueButton before 2.2.28 (or earlier), the client-side
Mute butt ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27606 (BigBlueButton before 2.2.28 (or earlier) does not set the
secure flag ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27605 (BigBlueButton through 2.2.28 uses Ghostscript for processing
of upload ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27604 (BigBlueButton before 2.3 does not implement LibreOffice
sandboxing. Th ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27603 (BigBlueButton before 2.2.27 has an unsafe JODConverter setting
in whic ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27602 (BigBlueButton before 2.2.7 does not have a protection
mechanism for se ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27601 (In BigBlueButton before 2.2.7,
lockSettingsProps.disablePrivateChat do ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-XXXX [Rogue guests can cause DoS of Dom0 via high frequency events]
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-332.html
@@ -3764,7 +3764,7 @@ CVE-2020-25822
CVE-2020-25821 (** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL
pointer ...)
NOT-FOR-US: peg-markdown
CVE-2020-25820 (BigBlueButton before 2.2.27 allows remote authenticated users
to read ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-25819
RESERVED
CVE-2020-25818
@@ -21080,7 +21080,7 @@ CVE-2020-17383
CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer
Overflow (0x801 ...)
NOT-FOR-US: MSI AmbientLink MsIo64 driver
CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due
to insuff ...)
- TODO: check
+ NOT-FOR-US: Ghisler Total Commander
CVE-2020-17380 [heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in
hw/sd/sdhci.c]
RESERVED
- qemu <unfixed> (bug #970937)
@@ -26888,21 +26888,21 @@ CVE-2020-14903
CVE-2020-14902
RESERVED
CVE-2020-14901 (Vulnerability in the RDBMS Security component of Oracle
Database Serve ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14900 (Vulnerability in the Oracle Application Express Group Calendar
compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14899 (Vulnerability in the Oracle Application Express Data Reporter
componen ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14898 (Vulnerability in the Oracle Application Express Packaged Apps
componen ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14897 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14896 (Vulnerability in the Oracle Banking Payments product of Oracle
Financi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14895 (Vulnerability in the Oracle Utilities Framework product of
Oracle Util ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14894 (Vulnerability in the Oracle Banking Corporate Lending product
of Oracl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14893 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14892 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
@@ -26910,13 +26910,13 @@ CVE-2020-14892 (Vulnerability in the Oracle VM
VirtualBox product of Oracle Virt
CVE-2020-14891 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14890 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14889 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 6.1.16-dfsg-1
CVE-2020-14888 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14887 (Vulnerability in the Oracle FLEXCUBE Universal Banking product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14886 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 6.1.16-dfsg-1
CVE-2020-14885 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
@@ -26924,23 +26924,23 @@ CVE-2020-14885 (Vulnerability in the Oracle VM
VirtualBox product of Oracle Virt
CVE-2020-14884 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 6.1.16-dfsg-1
CVE-2020-14883 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14882 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14881 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 6.1.16-dfsg-1
CVE-2020-14880 (Vulnerability in the BI Publisher product of Oracle Fusion
Middleware ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14879 (Vulnerability in the BI Publisher product of Oracle Fusion
Middleware ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14878 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14877 (Vulnerability in the Oracle Hospitality OPERA 5 Property
Services prod ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14876 (Vulnerability in the Oracle Trade Management product of Oracle
E-Busin ...)
- mysql-8.0 <unfixed>
CVE-2020-14875 (Vulnerability in the Oracle Marketing product of Oracle
E-Business Sui ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14874
RESERVED
CVE-2020-14873 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -26948,7 +26948,7 @@ CVE-2020-14873 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2020-14872 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 6.1.16-dfsg-1
CVE-2020-14871 (Vulnerability in the Oracle Solaris product of Oracle Systems
(compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14870 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14869 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -26962,35 +26962,35 @@ CVE-2020-14867 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2020-14866 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14865 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier
Connection pr ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14864 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14863 (Vulnerability in the Oracle One-to-One Fulfillment product of
Oracle E ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14862 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14861 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14860 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14859 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14858 (Vulnerability in the Oracle Hospitality OPERA 5 Property
Services prod ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14857 (Vulnerability in the Oracle Trade Management product of Oracle
E-Busin ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14856 (Vulnerability in the Oracle Trade Management product of Oracle
E-Busin ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14855 (Vulnerability in the Oracle Universal Work Queue product of
Oracle E-B ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14854 (Vulnerability in the Hyperion Infrastructure Technology
product of Ora ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14853 (Vulnerability in the MySQL Cluster product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14852 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14851 (Vulnerability in the Oracle Trade Management product of Oracle
E-Busin ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14850 (Vulnerability in the Oracle CRM Technical Foundation product
of Oracle ...)
TODO: check
CVE-2020-14849 (Vulnerability in the Oracle Marketing product of Oracle
E-Business Sui ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded1931766d1c45e13827e90e1300e7bd8e309e2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded1931766d1c45e13827e90e1300e7bd8e309e2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
