Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
e101a56f by security tracker role at 2024-11-18T20:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,161 @@
+CVE-2024-9526 (There exists a stored XSS Vulnerability in Kubeflow Pipeline
View web ...)
+ TODO: check
+CVE-2024-9474 (A privilege escalation vulnerability in Palo Alto Networks
PAN-OS soft ...)
+ TODO: check
+CVE-2024-8781 (Execution with Unnecessary Privileges, : Improper Protection of
Altern ...)
+ TODO: check
+CVE-2024-52574 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-52573 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-52572 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-52571 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-52570 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-52569 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-52568 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-52567 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-52566 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-52565 (A vulnerability has been identified in Tecnomatix Plant
Simulation V23 ...)
+ TODO: check
+CVE-2024-52436 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-52435 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-52434 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
+ TODO: check
+CVE-2024-52433 (Deserialization of Untrusted Data vulnerability in Mindstien
Technolog ...)
+ TODO: check
+CVE-2024-52432 (Deserialization of Untrusted Data vulnerability in NIX
Solutions Ltd N ...)
+ TODO: check
+CVE-2024-52431 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-52430 (Deserialization of Untrusted Data vulnerability in Lis Lis
Video Galle ...)
+ TODO: check
+CVE-2024-52429 (Unrestricted Upload of File with Dangerous Type vulnerability
in Anton ...)
+ TODO: check
+CVE-2024-52428 (Improper Control of Filename for Include/Require Statement in
PHP Prog ...)
+ TODO: check
+CVE-2024-52427 (Improper Neutralization of Special Elements Used in a Template
Engine ...)
+ TODO: check
+CVE-2024-52426 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-52425 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-52424 (Cross-Site Request Forgery (CSRF) vulnerability in Suresh
Kumar wp-log ...)
+ TODO: check
+CVE-2024-52423 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-52422 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-52419 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-52318 (Incorrect object recycling and reuse vulnerability in Apache
Tomcat. ...)
+ TODO: check
+CVE-2024-52317 (Incorrect object re-cycling and re-use vulnerability in Apache
Tomcat. ...)
+ TODO: check
+CVE-2024-52316 (Unchecked Error Condition vulnerability in Apache Tomcat. If
Tomcat is ...)
+ TODO: check
+CVE-2024-52303 (aiohttp is an asynchronous HTTP client/server framework for
asyncio an ...)
+ TODO: check
+CVE-2024-51743 (MarkUs is a web application for the submission and grading of
student ...)
+ TODO: check
+CVE-2024-51499 (MarkUs is a web application for the submission and grading of
student ...)
+ TODO: check
+CVE-2024-50919 (Jpress until v5.1.1 has arbitrary file uploads on the windows
platform ...)
+ TODO: check
+CVE-2024-48917 (PhpSpreadsheet is a PHP library for reading and writing
spreadsheet fi ...)
+ TODO: check
+CVE-2024-48901 (A vulnerability was found in Moodle. Additional checks are
required to ...)
+ TODO: check
+CVE-2024-48898 (A vulnerability was found in Moodle. Users with access to
delete audie ...)
+ TODO: check
+CVE-2024-48897 (A vulnerability was found in Moodle. Additional checks are
required to ...)
+ TODO: check
+CVE-2024-48896 (A vulnerability was found in Moodle. It is possible for users
with the ...)
+ TODO: check
+CVE-2024-48294 (A NULL pointer dereference in the component libPdfCore.dll of
Wondersh ...)
+ TODO: check
+CVE-2024-48293 (Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182
and ear ...)
+ TODO: check
+CVE-2024-48292 (An issue in the wssrvc.exe service of QuickHeal Antivirus Pro
Version ...)
+ TODO: check
+CVE-2024-47873 (PhpSpreadsheet is a PHP library for reading and writing
spreadsheet fi ...)
+ TODO: check
+CVE-2024-47820 (MarkUs, a web application for the submission and grading of
student as ...)
+ TODO: check
+CVE-2024-47533 (Cobbler, a Linux installation server that allows for rapid
setup of ne ...)
+ TODO: check
+CVE-2024-44757 (An arbitrary file download vulnerability in the component
/Basics/Down ...)
+ TODO: check
+CVE-2024-44756 (NUS-M9 ERP Management Software v3.0.0 was discovered to
contain a SQL ...)
+ TODO: check
+CVE-2024-43416 (GLPI is a free asset and IT management software package.
Starting in v ...)
+ TODO: check
+CVE-2024-42392 (Improper Neutralization of Delimiters vulnerability in Cesanta
Mongoos ...)
+ TODO: check
+CVE-2024-42391 (Use of Out-of-range Pointer Offset vulnerability in Cesanta
Mongoose W ...)
+ TODO: check
+CVE-2024-42390 (Use of Out-of-range Pointer Offset vulnerability in Cesanta
Mongoose W ...)
+ TODO: check
+CVE-2024-42389 (Use of Out-of-range Pointer Offset vulnerability in Cesanta
Mongoose W ...)
+ TODO: check
+CVE-2024-42388 (Use of Out-of-range Pointer Offset vulnerability in Cesanta
Mongoose W ...)
+ TODO: check
+CVE-2024-42387 (Use of Out-of-range Pointer Offset vulnerability in Cesanta
Mongoose W ...)
+ TODO: check
+CVE-2024-42386 (Use of Out-of-range Pointer Offset vulnerability in Cesanta
Mongoose W ...)
+ TODO: check
+CVE-2024-42385 (Improper Neutralization of Delimiters vulnerability in Cesanta
Mongoos ...)
+ TODO: check
+CVE-2024-42384 (Integer Overflow or Wraparound vulnerability in Cesanta
Mongoose Web S ...)
+ TODO: check
+CVE-2024-42383 (Use of Out-of-range Pointer Offset vulnerability in Cesanta
Mongoose W ...)
+ TODO: check
+CVE-2024-41974 (A low privileged remote attackermay modify the BACNet service
properti ...)
+ TODO: check
+CVE-2024-41973 (A low privileged remote attacker canspecify an arbitrary file
on the f ...)
+ TODO: check
+CVE-2024-41972 (A low privileged remote attacker canoverwrite an arbitrary
file on the ...)
+ TODO: check
+CVE-2024-41971 (A low privileged remote attacker can overwrite an arbitrary
file on th ...)
+ TODO: check
+CVE-2024-41970 (A low privileged remote attackermay gain access to forbidden
diagnosti ...)
+ TODO: check
+CVE-2024-41969 (A low privileged remote attacker maymodify the configuration
of the CO ...)
+ TODO: check
+CVE-2024-41968 (A low privileged remote attacker may modify the docker
settings setup ...)
+ TODO: check
+CVE-2024-41967 (A low privileged remote attackermay modify the boot mode
configuration ...)
+ TODO: check
+CVE-2024-3370 (Improper Neutralization of Special Elements used in an SQL
Command ('S ...)
+ TODO: check
+CVE-2024-37155 (OpenCTI is an open source platform allowing organizations to
manage th ...)
+ TODO: check
+CVE-2024-28058 (In RSA NetWitness (NW) Platform before 12.5.1, even when an
administra ...)
+ TODO: check
+CVE-2024-11319 (Improper Neutralization of Input During Web Page Generation
(XSS or 'C ...)
+ TODO: check
+CVE-2024-11318 (An IDOR (Insecure Direct Object Reference) vulnerability has
been disc ...)
+ TODO: check
+CVE-2024-11304 (Missing input validation in the SEH Computertechnik utnserver
Pro, SEH ...)
+ TODO: check
+CVE-2024-11303 (The pathname of the root directory to a Restricted Directory
('Path Tr ...)
+ TODO: check
+CVE-2024-11023 (Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie
to store ...)
+ TODO: check
+CVE-2024-10390 (The Elfsight Telegram Chat CC plugin for WordPress is
vulnerable to un ...)
+ TODO: check
+CVE-2024-0012 (An authentication bypass in Palo Alto Networks PAN-OS software
enables ...)
+ TODO: check
+CVE-2023-49952 (Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a
bypass of ...)
+ TODO: check
CVE-2024-5030 (The CM Table Of Contents WordPress plugin before 1.2.3 does
not have ...)
NOT-FOR-US: WordPress plugin
CVE-2024-52947 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG
before 2.2 ...)
@@ -152,7 +310,7 @@ CVE-2024-51764 (A security vulnerability has been
identified in HPE Data Managem
NOT-FOR-US: HPE
CVE-2024-50983 (FlightPath 7.5 contains a Cross Site Scripting (XSS)
vulnerability, wh ...)
NOT-FOR-US: FlightPath
-CVE-2024-49592 (McAfee Trial Installer 16.0.53 has Incorrect Access Control
that leads ...)
+CVE-2024-49592 (Trial installer for McAfee Total Protection (legacy trial
installer so ...)
NOT-FOR-US: McAfee
CVE-2024-49060 (Azure Stack HCI Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -213,15 +371,15 @@ CVE-2024-10017 (The PJW Mime Config plugin for WordPress
is vulnerable to Stored
NOT-FOR-US: WordPress plugin
CVE-2024-10015 (The ConvertCalculator for WordPress plugin for WordPress is
vulnerable ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-41151
+CVE-2024-41151 (Deserialization of Untrusted Data vulnerability in Apache
HertzBeat. ...)
NOT-FOR-US: Apache HertzBeat
-CVE-2024-45791
+CVE-2024-45791 (Exposure of Sensitive Information to an Unauthorized Actor
vulnerabili ...)
NOT-FOR-US: Apache HertzBeat
-CVE-2024-45505
+CVE-2024-45505 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
NOT-FOR-US: Apache HertzBeat
-CVE-2024-47208
+CVE-2024-47208 (Server-Side Request Forgery (SSRF), Improper Control of
Generation of ...)
NOT-FOR-US: Apache OFBiz
-CVE-2024-48962
+CVE-2024-48962 (Improper Control of Generation of Code ('Code Injection'),
Cross-Site ...)
NOT-FOR-US: Apache OFBiz
CVE-2024-52616 [Avahi Wide-Area DNS Predictable Transaction IDs]
- avahi <unfixed>
@@ -241,17 +399,17 @@ CVE-2024-52615 [Avahi Wide-Area DNS Uses Constant Source
Port]
NOTE: turn off wide-area feature:
https://github.com/avahi/avahi/pull/577
NOTE: Revisiting of feature: https://github.com/avahi/avahi/issues/578
NOTE:
https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g
-CVE-2023-39180 [Linux Kernel ksmbd Read Request Memory Leak Denial-of-Service
Vulnerability]
+CVE-2023-39180 (A flaw was found within the handling of SMB2_READ commands in
the kern ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e202a1e8634b186da38cbbff85382ea2b9e297cf (6.5-rc4)
-CVE-2023-39179 [Linux Kernel ksmbd Read Request Out-Of-Bounds Read Information
Disclosure Vulnerability]
+CVE-2023-39179 (A flaw was found within the handling of SMB2 read requests in
the kern ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE:
https://git.kernel.org/linus/e202a1e8634b186da38cbbff85382ea2b9e297cf (6.5-rc4)
-CVE-2023-39176 [Linux Kernel ksmbd Transform Header Out-Of-Bounds Read
Information Disclosure Vulnerability]
+CVE-2023-39176 (A flaw was found within the parsing of SMB2 requests that have
a trans ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -11515,7 +11673,7 @@ CVE-2024-47164 (Gradio is an open-source Python package
designed for quick proto
NOT-FOR-US: Gradio
CVE-2024-47084 (Gradio is an open-source Python package designed for quick
prototyping ...)
NOT-FOR-US: Gradio
-CVE-2024-21534 (Versions of the package jsonpath-plus before 10.0.7 are
vulnerable to ...)
+CVE-2024-21534 (All versions of the package jsonpath-plus are vulnerable to
Remote Cod ...)
NOT-FOR-US: Node jsonpath-plus
CVE-2024-9810 (A vulnerability was found in SourceCodester Record Management
System 1 ...)
NOT-FOR-US: SourceCodester
@@ -35163,7 +35321,7 @@ CVE-2024-38473 (Encoding problem in mod_proxy in Apache
HTTP Server 2.4.59 and e
NOTE: Regression [1/2] Fix:
https://github.com/apache/httpd/commit/2f2f82a2225c5c3b6bb2fa4056541682e34763d4
NOTE: Regression [2/2] bug apache:
https://bz.apache.org/bugzilla/show_bug.cgi?id=69203
NOTE: Regression [2/2] tracked at https://bugs.debian.org/1079171
-CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially
leak NTML ...)
+CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially
leak NTLM ...)
- apache2 <not-affected> (Only affects Windows)
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38472
NOTE:
https://github.com/apache/httpd/commit/12542a80324b69ad6a1a489e1b697398551a5fe0
@@ -311830,16 +311988,16 @@ CVE-2021-1467 (A vulnerability in Cisco Webex
Meetings for Android could allow a
NOT-FOR-US: Cisco
CVE-2021-1466 (A vulnerability in the vDaemon service of Cisco SD-WAN
vManage So ...)
TODO: check
-CVE-2021-1465
- RESERVED
+CVE-2021-1465 (A vulnerability in the web-based management interface of Cisco
SD-WAN ...)
+ TODO: check
CVE-2021-1464 (A vulnerability in Cisco SD-WAN vManage Software could
allow an a ...)
TODO: check
CVE-2021-1463 (A vulnerability in the web-based management interface of Cisco
Unified ...)
NOT-FOR-US: Cisco
-CVE-2021-1462
- RESERVED
-CVE-2021-1461
- RESERVED
+CVE-2021-1462 (A vulnerability in the CLI of Cisco SD-WAN vManage
Software could ...)
+ TODO: check
+CVE-2021-1461 (A vulnerability in the Image Signature Verification feature of
Cisco&n ...)
+ TODO: check
CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco
809 In ...)
NOT-FOR-US: Cisco
CVE-2021-1459 (A vulnerability in the web-based management interface of Cisco
Small B ...)
@@ -311872,16 +312030,16 @@ CVE-2021-1446 (A vulnerability in the DNS
application layer gateway (ALG) functi
NOT-FOR-US: Cisco
CVE-2021-1445 (Multiple vulnerabilities in Cisco Adaptive Security Appliance
(ASA) So ...)
NOT-FOR-US: Cisco
-CVE-2021-1444
- RESERVED
+CVE-2021-1444 (A vulnerability in the web services interface of
Cisco Adaptive S ...)
+ TODO: check
CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could
allow an ...)
NOT-FOR-US: Cisco
CVE-2021-1442 (A vulnerability in a diagnostic command for the Plug-and-Play
(PnP) su ...)
NOT-FOR-US: Cisco
CVE-2021-1441 (A vulnerability in the hardware initialization routines of
Cisco IOS X ...)
NOT-FOR-US: Cisco
-CVE-2021-1440
- RESERVED
+CVE-2021-1440 (A vulnerability in the implementation of the Resource Public
Key Infra ...)
+ TODO: check
CVE-2021-1439 (A vulnerability in the multicast DNS (mDNS) gateway feature of
Cisco A ...)
NOT-FOR-US: Cisco
CVE-2021-1438 (A vulnerability in Cisco Wide Area Application Services (WAAS)
Softwar ...)
@@ -311910,10 +312068,10 @@ CVE-2021-1427 (Multiple vulnerabilities in the
install, uninstall, and upgrade p
NOT-FOR-US: Cisco
CVE-2021-1426 (Multiple vulnerabilities in the install, uninstall, and upgrade
proces ...)
NOT-FOR-US: Cisco
-CVE-2021-1425
- RESERVED
-CVE-2021-1424
- RESERVED
+CVE-2021-1425 (A vulnerability in the web-based management interface of
Cisco As ...)
+ TODO: check
+CVE-2021-1424 (A vulnerability in the ipsecmgr process of Cisco ASR 5000
Series ...)
+ TODO: check
CVE-2021-1423 (A vulnerability in the implementation of a CLI command in Cisco
Airone ...)
NOT-FOR-US: Cisco
CVE-2021-1422 (A vulnerability in the software cryptography module of Cisco
Adaptive ...)
@@ -311940,8 +312098,8 @@ CVE-2021-1412 (Multiple vulnerabilities in the Admin
portal of Cisco Identity Se
NOT-FOR-US: Cisco
CVE-2021-1411 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco
Jabber for ...)
NOT-FOR-US: Cisco
-CVE-2021-1410
- RESERVED
+CVE-2021-1410 (A vulnerability in the distribution list feature of
Cisco Webex M ...)
+ TODO: check
CVE-2021-1409 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1408 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
@@ -312008,8 +312166,8 @@ CVE-2021-1381 (A vulnerability in Cisco IOS XE
Software could allow an authentic
NOT-FOR-US: Cisco
CVE-2021-1380 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2021-1379
- RESERVED
+CVE-2021-1379 (Multiple vulnerabilities in the Cisco Discovery Protocol
and Link ...)
+ TODO: check
CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS
operating syste ...)
NOT-FOR-US: Cisco
CVE-2021-1377 (A vulnerability in Address Resolution Protocol (ARP) management
of Cis ...)
@@ -312196,8 +312354,8 @@ CVE-2021-1287 (A vulnerability in the web-based
management interface of Cisco RV
NOT-FOR-US: Cisco
CVE-2021-1286 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2021-1285
- RESERVED
+CVE-2021-1285 (Multiple Cisco products are affected by a vulnerability in
the Et ...)
+ TODO: check
CVE-2021-1284 (A vulnerability in the web-based messaging service interface of
Cisco ...)
NOT-FOR-US: Cisco
CVE-2021-1283 (A vulnerability in the logging subsystem of Cisco Data Center
Network ...)
@@ -312303,12 +312461,12 @@ CVE-2021-1236 (Multiple Cisco products are affected
by a vulnerability in the Sn
NOTE:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq
CVE-2021-1235 (A vulnerability in the CLI of Cisco SD-WAN vManage Software
could allo ...)
NOT-FOR-US: Cisco
-CVE-2021-1234
- RESERVED
+CVE-2021-1234 (A vulnerability in the cluster management interface of
Cisco SD-W ...)
+ TODO: check
CVE-2021-1233 (A vulnerability in the CLI of Cisco SD-WAN Software could allow
an aut ...)
NOT-FOR-US: Cisco
-CVE-2021-1232
- RESERVED
+CVE-2021-1232 (A vulnerability in the web-based management interface of
Cisco SD ...)
+ TODO: check
CVE-2021-1231 (A vulnerability in the Link Layer Discovery Protocol (LLDP) for
Nexus ...)
NOT-FOR-US: Cisco
CVE-2021-1230 (A vulnerability with the Border Gateway Protocol (BGP) for
Cisco Nexus ...)
@@ -312511,8 +312669,8 @@ CVE-2021-1134 (A vulnerability in the Cisco Identity
Services Engine (ISE) integ
NOT-FOR-US: Cisco
CVE-2021-1133 (Multiple vulnerabilities in the REST API endpoint of Cisco Data
Center ...)
NOT-FOR-US: Cisco
-CVE-2021-1132
- RESERVED
+CVE-2021-1132 (A vulnerability in the API subsystem and in the web-management
interfa ...)
+ TODO: check
CVE-2021-1131 (A vulnerability in the Cisco Discovery Protocol implementation
for Cis ...)
NOT-FOR-US: Cisco
CVE-2021-1130 (A vulnerability in the web-based management interface of Cisco
DNA Cen ...)
@@ -318867,8 +319025,8 @@ CVE-2020-27126 (A vulnerability in an API of Cisco
Webex Meetings could allow an
NOT-FOR-US: Cisco
CVE-2020-27125 (A vulnerability in Cisco Security Manager could allow an
unauthenticat ...)
NOT-FOR-US: Cisco
-CVE-2020-27124
- RESERVED
+CVE-2020-27124 (A vulnerability in the SSL/TLS handler of Cisco Adaptive
Security ...)
+ TODO: check
CVE-2020-27123 (A vulnerability in the interprocess communication (IPC)
channel of Cis ...)
NOT-FOR-US: Cisco
CVE-2020-27122 (A vulnerability in the Microsoft Active Directory integration
of Cisco ...)
@@ -321418,32 +321576,32 @@ CVE-2020-26076 (A vulnerability in Cisco IoT Field
Network Director (FND) could
NOT-FOR-US: Cisco
CVE-2020-26075 (A vulnerability in the REST API of Cisco IoT Field Network
Director (F ...)
NOT-FOR-US: Cisco
-CVE-2020-26074
- RESERVED
-CVE-2020-26073
- RESERVED
+CVE-2020-26074 (A vulnerability in system file transfer functions of
Cisco SD-WAN ...)
+ TODO: check
+CVE-2020-26073 (A vulnerability in the application data endpoints of
Cisco SD-WAN ...)
+ TODO: check
CVE-2020-26072 (A vulnerability in the SOAP API of Cisco IoT Field Network
Director (F ...)
NOT-FOR-US: Cisco
-CVE-2020-26071
- RESERVED
+CVE-2020-26071 (A vulnerability in the CLI of Cisco SD-WAN Software could
allow a ...)
+ TODO: check
CVE-2020-26070 (A vulnerability in the ingress packet processing function of
Cisco IOS ...)
NOT-FOR-US: Cisco
CVE-2020-26069
RESERVED
CVE-2020-26068 (A vulnerability in the xAPI service of Cisco Telepresence CE
Software ...)
NOT-FOR-US: Cisco
-CVE-2020-26067
- RESERVED
-CVE-2020-26066
- RESERVED
+CVE-2020-26067 (A vulnerability in the web-based interface of Cisco Webex
Teams c ...)
+ TODO: check
+CVE-2020-26066 (A vulnerability in the web UI of Cisco SD-WAN vManage
Software co ...)
+ TODO: check
CVE-2020-26065 (A vulnerability in the web-based management interface of Cisco
SD-WAN ...)
NOT-FOR-US: Cisco
CVE-2020-26064 (A vulnerability in the web UI of Cisco SD-WAN vManage Software
could a ...)
NOT-FOR-US: Cisco
-CVE-2020-26063
- RESERVED
-CVE-2020-26062
- RESERVED
+CVE-2020-26063 (A vulnerability in the API endpoints of Cisco Integrated
Manageme ...)
+ TODO: check
+CVE-2020-26062 (A vulnerability in Cisco Integrated Management Controller
could a ...)
+ TODO: check
CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in
net/nfc/rawsock. ...)
{DLA-2420-1 DLA-2385-1}
- linux 5.7.17-1
@@ -378833,8 +378991,8 @@ CVE-2020-3550 (A vulnerability in the sfmgr daemon of
Cisco Firepower Management
NOT-FOR-US: Cisco
CVE-2020-3549 (A vulnerability in the sftunnel functionality of Cisco
Firepower Manag ...)
NOT-FOR-US: Cisco
-CVE-2020-3548
- RESERVED
+CVE-2020-3548 (A vulnerability in the Transport Layer Security (TLS) protocol
impleme ...)
+ TODO: check
CVE-2020-3547 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
NOT-FOR-US: Cisco
CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
@@ -378851,10 +379009,10 @@ CVE-2020-3541 (A vulnerability in the media engine
component of Cisco Webex Meet
NOT-FOR-US: Cisco
CVE-2020-3540
RESERVED
-CVE-2020-3539
- RESERVED
-CVE-2020-3538
- RESERVED
+CVE-2020-3539 (A vulnerability in the web-based management interface of Cisco
Data Ce ...)
+ TODO: check
+CVE-2020-3538 (A vulnerability in a certain REST API endpoint of
Cisco Data Cent ...)
+ TODO: check
CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could
allow an au ...)
NOT-FOR-US: Cisco
CVE-2020-3536 (A vulnerability in the web-based management interface of Cisco
SD-WAN ...)
@@ -378865,8 +379023,8 @@ CVE-2020-3534
RESERVED
CVE-2020-3533 (A vulnerability in the Simple Network Management Protocol
(SNMP) input ...)
NOT-FOR-US: Cisco
-CVE-2020-3532
- RESERVED
+CVE-2020-3532 (A vulnerability in the web-based management interface of
Cisco Un ...)
+ TODO: check
CVE-2020-3531 (A vulnerability in the REST API of Cisco IoT Field Network
Director (F ...)
NOT-FOR-US: Cisco
CVE-2020-3530 (A vulnerability in task group assignment for a specific CLI
command in ...)
@@ -378879,8 +379037,8 @@ CVE-2020-3527 (A vulnerability in the Polaris kernel
of Cisco Catalyst 9200 Seri
NOT-FOR-US: Cisco
CVE-2020-3526 (A vulnerability in the Common Open Policy Service (COPS) engine
of Cis ...)
NOT-FOR-US: Cisco
-CVE-2020-3525
- RESERVED
+CVE-2020-3525 (A vulnerability in the Admin portal of Cisco Identity
Services En ...)
+ TODO: check
CVE-2020-3524 (A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON)
Software for ...)
NOT-FOR-US: Cisco
CVE-2020-3523 (A vulnerability in the web-based management interface of Cisco
Data Ce ...)
@@ -379070,8 +379228,8 @@ CVE-2020-3433 (A vulnerability in the interprocess
communication (IPC) channel o
NOT-FOR-US: Cisco
CVE-2020-3432
RESERVED
-CVE-2020-3431
- RESERVED
+CVE-2020-3431 (A vulnerability in the web-based management interface of
Cisco Sm ...)
+ TODO: check
CVE-2020-3430 (A vulnerability in the application protocol handling features
of Cisco ...)
NOT-FOR-US: Cisco
CVE-2020-3429 (A vulnerability in the WPA2 and WPA3 security implementation of
Cisco ...)
@@ -379092,8 +379250,8 @@ CVE-2020-3422 (A vulnerability in the IP Service
Level Agreement (SLA) responder
NOT-FOR-US: Cisco
CVE-2020-3421 (Multiple vulnerabilities in the Zone-Based Firewall feature of
Cisco I ...)
NOT-FOR-US: Cisco
-CVE-2020-3420
- RESERVED
+CVE-2020-3420 (A vulnerability in the web-based management interface of Cisco
Unified ...)
+ TODO: check
CVE-2020-3419 (A vulnerability in Cisco Webex Meetings and Cisco Webex
Meetings Serve ...)
NOT-FOR-US: Cisco
CVE-2020-3418 (A vulnerability in Cisco IOS XE Wireless Controller Software
for Cisco ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e101a56f606086fbc2b3f4bb0035708b3a941f81
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e101a56f606086fbc2b3f4bb0035708b3a941f81
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
