[Git][security-tracker-team/security-tracker][master] Process several NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Apr 16 09:47:06 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7f61485d by Salvatore Bonaccorso at 2020-04-16T10:46:35+02:00
Process several NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -293,27 +293,27 @@ CVE-2019-20683
CVE-2019-20682
RESERVED
CVE-2019-20681 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-20680 (Certain NETGEAR devices are affected by command injection by an authen ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-20679 (NETGEAR MR1100 devices before 12.06.08.00 are affected by lack of acce ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-20678 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-20677 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-20676 (Certain NETGEAR devices are affected by lack of access control at the ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-20675 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-20674 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-20673 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-20672 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-20671 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
- TODO: check
+ NOT-FOR-US: Netgear
CVE-2019-20670 (Certain NETGEAR devices are affected by stored XSS. This affects RBR50 ...)
NOT-FOR-US: Netgear
CVE-2019-20669 (Certain NETGEAR devices are affected by stored XSS. This affects RBR20 ...)
@@ -623,17 +623,17 @@ CVE-2020-11665 (CA API Developer Portal 4.3.1 and earlier handles loginRedirect
CVE-2020-11664 (CA API Developer Portal 4.3.1 and earlier handles homeRedirect page re ...)
NOT-FOR-US: CA API Developer Portal
CVE-2020-11663 (CA API Developer Portal 4.3.1 and earlier handles 404 requests in an i ...)
- TODO: check
+ NOT-FOR-US: CA API Developer Portal
CVE-2020-11662 (CA API Developer Portal 4.3.1 and earlier handles requests insecurely, ...)
- TODO: check
+ NOT-FOR-US: CA API Developer Portal
CVE-2020-11661 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...)
- TODO: check
+ NOT-FOR-US: CA API Developer Portal
CVE-2020-11660 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...)
- TODO: check
+ NOT-FOR-US: CA API Developer Portal
CVE-2020-11659 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...)
- TODO: check
+ NOT-FOR-US: CA API Developer Portal
CVE-2020-11658 (CA API Developer Portal 4.3.1 and earlier handles shared secret keys i ...)
- TODO: check
+ NOT-FOR-US: CA API Developer Portal
CVE-2020-11657
RESERVED
CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...)
@@ -2476,7 +2476,7 @@ CVE-2020-10952 (GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/pu
- gitlab <unfixed>
NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10951 (Western Digital My Cloud Home and ibi devices before 2.2.0 allow click ...)
- TODO: check
+ NOT-FOR-US: Western Digital My Cloud Home and ibi devices
CVE-2020-10950
RESERVED
CVE-2020-10949
@@ -3760,9 +3760,9 @@ CVE-2020-10514 (iCatch DVR do not validate function parameter properly, resultin
CVE-2020-10513 (The file management interface of iCatch DVR contains broken access con ...)
NOT-FOR-US: iCatch DVR
CVE-2020-10512 (HGiga C&Cmail contains a SQL Injection vulnerability which allows ...)
- TODO: check
+ NOT-FOR-US: HGiga C&Cmail
CVE-2020-10511 (HGiga C&Cmail contains insecure configurations. Attackers can expl ...)
- TODO: check
+ NOT-FOR-US: HGiga C&Cmail
CVE-2020-10510 (Sunnet eHRD, a human training and development management system, conta ...)
NOT-FOR-US: Sunnet eHRD
CVE-2020-10509 (Sunnet eHRD, a human training and development management system, conta ...)
@@ -3770,11 +3770,11 @@ CVE-2020-10509 (Sunnet eHRD, a human training and development management system,
CVE-2020-10508 (Sunnet eHRD, a human training and development management system, impro ...)
NOT-FOR-US: Sunnet eHRD
CVE-2020-10507 (The School Manage System, developed by ALLE INFORMATION CO., LTD., con ...)
- TODO: check
+ NOT-FOR-US: The School Manage System
CVE-2020-10506 (The School Manage System, developed by ALLE INFORMATION CO., LTD., con ...)
- TODO: check
+ NOT-FOR-US: The School Manage System
CVE-2020-10505 (The School Manage System, developed by ALLE INFORMATION CO., LTD., con ...)
- TODO: check
+ NOT-FOR-US: The School Manage System
CVE-2020-10504 (CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Languag ...)
NOT-FOR-US: Chadha PHPKB
CVE-2020-10503 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...)
@@ -4016,13 +4016,13 @@ CVE-2020-10386 (admin/imagepaster/image-upload.php in Chadha PHPKB Standard Mult
CVE-2020-10385 (A stored cross-site scripting (XSS) vulnerability exists in the WPForm ...)
NOT-FOR-US: WPForms Contact Form plugin for WordPress
CVE-2020-10384 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software
CVE-2020-10383 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software
CVE-2020-10382 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software
CVE-2020-10381 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...)
- TODO: check
+ NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software
CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...)
- rmysql 0.10.20-1
[jessie] - rmysql <no-dsa> (Minor issue)
@@ -6012,7 +6012,7 @@ CVE-2019-20485 (qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holdin
CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...)
NOT-FOR-US: Swann
CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...)
- TODO: check
+ NOT-FOR-US: Rubrik
CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...)
NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices
CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...)
@@ -6249,7 +6249,7 @@ CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5
CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...)
- zint <itp> (bug #732141)
CVE-2020-9384 (An Insecure Direct Object Reference (IDOR) vulnerability in the Change ...)
- TODO: check
+ NOT-FOR-US: Subex
CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...)
- linux 5.5.13-1
NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3
@@ -7293,7 +7293,7 @@ CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program La
CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...)
NOT-FOR-US: Gocloud devices
CVE-2020-8948 (The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) be ...)
- TODO: check
+ NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP)
CVE-2020-8947 (functions_netflow.php in Artica Pandora FMS 7.0 allows remote attacker ...)
NOT-FOR-US: Pandora FMS
CVE-2020-8946 (Netis WF2471 v1.2.30142 devices allow an authenticated attacker to exe ...)
@@ -8726,13 +8726,13 @@ CVE-2020-8329
CVE-2020-8328
RESERVED
CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8326
RESERVED
CVE-2020-8325
RESERVED
CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8323
RESERVED
CVE-2020-8322
@@ -8742,13 +8742,13 @@ CVE-2020-8321
CVE-2020-8320
RESERVED
CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo System Int ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8318 (A privilege escalation vulnerability was reported in the LenovoSystemU ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8317
RESERVED
CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...)
- TODO: check
+ NOT-FOR-US: Lenovo
CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...)
- linux 5.4.19-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -9583,7 +9583,7 @@ CVE-2020-7960
CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...)
NOT-FOR-US: LabVantage LIMS
CVE-2020-7958 (An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. ...)
- TODO: check
+ NOT-FOR-US: OnePlus 7 Pro devices
CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...)
- dovecot <not-affected> (Only affects 2.3.9)
NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/2
@@ -10474,9 +10474,9 @@ CVE-2020-7577
CVE-2020-7576
RESERVED
CVE-2020-7575 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...)
- TODO: check
+ NOT-FOR-US: Climatix
CVE-2020-7574 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...)
- TODO: check
+ NOT-FOR-US: Climatix
CVE-2020-7573
RESERVED
CVE-2020-7572
@@ -11091,17 +11091,17 @@ CVE-2020-7280
CVE-2020-7279
RESERVED
CVE-2020-7278 (Exploiting incorrectly configured access control security levels vulne ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7277 (Protection mechanism failure in all processes in McAfee Endpoint Secur ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7276 (Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoi ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7275 (Accessing, modifying or executing executable files vulnerability in th ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7274 (Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Se ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7273 (Accessing functionality not properly constrained by ACLs vulnerability ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7272
RESERVED
CVE-2020-7271
@@ -11125,19 +11125,19 @@ CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS
CVE-2020-7262
RESERVED
CVE-2020-7261 (Buffer Overflow via Environment Variables vulnerability in AMSI compon ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee Application ...)
NOT-FOR-US: McAfee
CVE-2020-7259 (Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoi ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7258 (Cross site scripting vulnerability in McAfee Network Security Manageme ...)
NOT-FOR-US: McAfee
CVE-2020-7257 (Privilege escalation vulnerability in McAfee Endpoint Security (ENS) f ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7256 (Cross site scripting vulnerability in McAfee Network Security Manageme ...)
NOT-FOR-US: McAfee
CVE-2020-7255 (Privilege escalation vulnerability in the administrative user interfac ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7254 (Privilege Escalation vulnerability in the command line interface in Mc ...)
NOT-FOR-US: McAfee
CVE-2020-7253 (Improper access control vulnerability in masvc.exe in McAfee Agent (MA ...)
@@ -11147,7 +11147,7 @@ CVE-2020-7252 (Unquoted service executable path in DXL Broker in McAfee Data eXc
CVE-2020-7251 (Improper access control vulnerability in Configuration Tool in McAfee ...)
NOT-FOR-US: McAfee
CVE-2020-7250 (Symbolic link manipulation vulnerability in McAfee Endpoint Security ( ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...)
NOT-FOR-US: SMC D3G0804W devices
CVE-2020-7248 (libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged ...)
@@ -14741,9 +14741,9 @@ CVE-2020-5741
CVE-2020-5740
RESERVED
CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...)
- TODO: check
+ NOT-FOR-US: Grandstream
CVE-2020-5737
RESERVED
CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...)
@@ -14777,7 +14777,7 @@ CVE-2020-5723 (The UCM6200 series 1.0.20.22 and below stores unencrypted user pa
CVE-2020-5722 (The HTTP interface of the Grandstream UCM6200 series is vulnerable to ...)
NOT-FOR-US: Grandstream
CVE-2020-5721 (MikroTik WinBox 3.22 and below stores the user's cleartext password in ...)
- TODO: check
+ NOT-FOR-US: MikroTik
CVE-2020-5720 (MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerab ...)
NOT-FOR-US: MikroTik WinBox
CVE-2020-5719
@@ -18975,9 +18975,9 @@ CVE-2020-3956
CVE-2020-3955
RESERVED
CVE-2020-3954 (Open Redirect vulnerability exists in VMware vRealize Log Insight prio ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3953 (Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log ...)
- TODO: check
+ NOT-FOR-US: VMware
CVE-2020-3952 (Under certain conditions, vmdir that ships with VMware vCenter Server, ...)
NOT-FOR-US: VMware
CVE-2020-3951 (VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows ...)
@@ -21438,7 +21438,7 @@ CVE-2020-3275
CVE-2020-3274
RESERVED
CVE-2020-3273 (A vulnerability in the 802.11 Generic Advertisement Service (GAS) fram ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3272
RESERVED
CVE-2020-3271
@@ -21460,11 +21460,11 @@ CVE-2020-3264 (A vulnerability in Cisco SD-WAN Solution software could allow an
CVE-2020-3263
RESERVED
CVE-2020-3262 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3261 (A vulnerability in the web-based management interface of Cisco Mobilit ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3259
RESERVED
CVE-2020-3258
@@ -21480,17 +21480,17 @@ CVE-2020-3254
CVE-2020-3253
RESERVED
CVE-2020-3252 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3251 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3250 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3249 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3248 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3246
RESERVED
CVE-2020-3245
@@ -21498,15 +21498,15 @@ CVE-2020-3245
CVE-2020-3244
RESERVED
CVE-2020-3243 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3242
RESERVED
CVE-2020-3241
RESERVED
CVE-2020-3240 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3239 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3238
RESERVED
CVE-2020-3237
@@ -21596,7 +21596,7 @@ CVE-2020-3196
CVE-2020-3195
RESERVED
CVE-2020-3194 (A vulnerability in Cisco Webex Network Recording Player for Microsoft ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...)
NOT-FOR-US: Cisco
CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...)
@@ -21630,7 +21630,7 @@ CVE-2020-3179
CVE-2020-3178
RESERVED
CVE-2020-3177 (A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
NOT-FOR-US: Cisco
CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...)
@@ -21660,9 +21660,9 @@ CVE-2020-3164 (A vulnerability in the web-based management interface of Cisco As
CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...)
NOT-FOR-US: Cisco
CVE-2020-3162 (A vulnerability in the Constrained Application Protocol (CoAP) impleme ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3161 (A vulnerability in the web server for Cisco IP Phones could allow an u ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3160 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...)
NOT-FOR-US: Cisco
CVE-2020-3159 (A vulnerability in the web-based management interface of Cisco Finesse ...)
@@ -21732,7 +21732,7 @@ CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording Player
CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
NOT-FOR-US: Cisco
CVE-2020-3126 (vulnerability within the Multimedia Viewer feature of Cisco Webex Meet ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3125
RESERVED
CVE-2020-3124
@@ -22203,9 +22203,9 @@ CVE-2020-2966
CVE-2020-2965
RESERVED
CVE-2020-2964 (Vulnerability in the Oracle Financial Services Data Foundation product ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2963 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2962
RESERVED
CVE-2020-2961 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f61485d7e274708bf7af88e49626191796d2430
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7f61485d7e274708bf7af88e49626191796d2430
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200416/72d53543/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list