[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 26 21:10:35 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
7356fb1c by security tracker role at 2020-08-26T20:10:27+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,13 @@
+CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate verificati ...)
+ TODO: check
+CVE-2020-24660
+ RESERVED
+CVE-2020-24659
+ RESERVED
+CVE-2020-24658
+ RESERVED
+CVE-2020-24657
+ RESERVED
CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...)
NOT-FOR-US: Maltego
CVE-2020-24655
@@ -218,8 +228,8 @@ CVE-2020-24550
RESERVED
CVE-2020-24549
RESERVED
-CVE-2020-24548
- RESERVED
+CVE-2020-24548 (Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSR ...)
+ TODO: check
CVE-2020-24547
RESERVED
CVE-2020-24546
@@ -722,16 +732,16 @@ CVE-2020-24318
RESERVED
CVE-2020-24317
RESERVED
-CVE-2020-24316
- RESERVED
-CVE-2020-24315
- RESERVED
-CVE-2020-24314
- RESERVED
-CVE-2020-24313
- RESERVED
-CVE-2020-24312
- RESERVED
+CVE-2020-24316 (WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the va ...)
+ TODO: check
+CVE-2020-24315 (Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL stateme ...)
+ TODO: check
+CVE-2020-24314 (Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitiz ...)
+ TODO: check
+CVE-2020-24313 (Etoile Web Design Ultimate Appointment Booking & Scheduling WordPr ...)
+ TODO: check
+CVE-2020-24312 (mndpsingh287 WP File Manager v6.4 and lower fails to restrict external ...)
+ TODO: check
CVE-2020-24311
RESERVED
CVE-2020-24310
@@ -1346,10 +1356,10 @@ CVE-2020-24010
RESERVED
CVE-2020-24009
RESERVED
-CVE-2020-24008
- RESERVED
-CVE-2020-24007
- RESERVED
+CVE-2020-24008 (Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs ...)
+ TODO: check
+CVE-2020-24007 (Umanni RH 1.0 does not limit the number of authentication attempts. An ...)
+ TODO: check
CVE-2020-24006
RESERVED
CVE-2020-24005
@@ -2042,20 +2052,20 @@ CVE-2020-23662
RESERVED
CVE-2020-23661
RESERVED
-CVE-2020-23660
- RESERVED
-CVE-2020-23659
- RESERVED
-CVE-2020-23658
- RESERVED
-CVE-2020-23657
- RESERVED
-CVE-2020-23656
- RESERVED
-CVE-2020-23655
- RESERVED
-CVE-2020-23654
- RESERVED
+CVE-2020-23660 (webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." ...)
+ TODO: check
+CVE-2020-23659 (WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the " ...)
+ TODO: check
+CVE-2020-23658 (PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infus ...)
+ TODO: check
+CVE-2020-23657 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...)
+ TODO: check
+CVE-2020-23656 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...)
+ TODO: check
+CVE-2020-23655 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...)
+ TODO: check
+CVE-2020-23654 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the modu ...)
+ TODO: check
CVE-2020-23653
RESERVED
CVE-2020-23652
@@ -11348,8 +11358,8 @@ CVE-2020-19009
RESERVED
CVE-2020-19008
RESERVED
-CVE-2020-19007
- RESERVED
+CVE-2020-19007 (Halo blog 1.2.0 allows users to submit comments on blog posts via /api ...)
+ TODO: check
CVE-2020-19006
RESERVED
CVE-2020-19005 (zrlog v2.1.0 has a vulnerability with the permission check. If admin a ...)
@@ -14639,8 +14649,7 @@ CVE-2020-17378
RESERVED
CVE-2020-17377
RESERVED
-CVE-2020-17376 [OSSA-2020-006: Live migration fails to update persistent domain XML]
- RESERVED
+CVE-2020-17376 (An issue was discovered in Guest.migrate in virt/libvirt/guest.py in O ...)
- nova <unfixed> (bug #969052)
[buster] - nova <no-dsa> (Minor issue)
NOTE: https://launchpad.net/bugs/1890501
@@ -16989,10 +16998,10 @@ CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...)
- ruby-pghero <itp> (bug #882288)
CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...)
NOT-FOR-US: Field Test gem
-CVE-2020-16251
- RESERVED
-CVE-2020-16250
- RESERVED
+CVE-2020-16251 (HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when co ...)
+ TODO: check
+CVE-2020-16250 (HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when co ...)
+ TODO: check
CVE-2020-16249
RESERVED
CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /pro ...)
@@ -17110,8 +17119,8 @@ CVE-2020-16195
RESERVED
CVE-2020-16194
RESERVED
-CVE-2020-16193
- RESERVED
+CVE-2020-16193 (osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.ph ...)
+ TODO: check
CVE-2020-16192 (LimeSurvey 4.3.2 allows reflected XSS because application/controllers/ ...)
- limesurvey <itp> (bug #472802)
CVE-2020-16191
@@ -18381,6 +18390,7 @@ CVE-2020-15670
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670
CVE-2020-15669
RESERVED
+ {DSA-4749-1}
- firefox-esr 68.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669
CVE-2020-15668
@@ -18401,6 +18411,7 @@ CVE-2020-15665
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665
CVE-2020-15664
RESERVED
+ {DSA-4749-1}
- firefox 80.0-1
- firefox-esr 68.12.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664
@@ -18854,10 +18865,10 @@ CVE-2020-15501
RESERVED
CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...)
NOT-FOR-US: TileServer GL
-CVE-2020-15499
- RESERVED
-CVE-2020-15498
- RESERVED
+CVE-2020-15499 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...)
+ TODO: check
+CVE-2020-15498 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...)
+ TODO: check
CVE-2020-15497 (** DISPUTED ** jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build ...)
NOT-FOR-US: Jalios JCMS
CVE-2020-15496
@@ -18880,16 +18891,16 @@ CVE-2020-15488
RESERVED
CVE-2020-15487
RESERVED
-CVE-2020-15486
- RESERVED
+CVE-2020-15486 (An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because t ...)
+ TODO: check
CVE-2020-15485
RESERVED
-CVE-2020-15484
- RESERVED
-CVE-2020-15483
- RESERVED
-CVE-2020-15482
- RESERVED
+CVE-2020-15484 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...)
+ TODO: check
+CVE-2020-15483 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...)
+ TODO: check
+CVE-2020-15482 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...)
+ TODO: check
CVE-2020-15481
RESERVED
CVE-2020-15480 (An issue was discovered in PassMark BurnInTest through 9.1, OSForensic ...)
@@ -19612,8 +19623,8 @@ CVE-2020-15160
RESERVED
CVE-2020-15159
RESERVED
-CVE-2020-15158
- RESERVED
+CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP message ...)
+ TODO: check
CVE-2020-15157
RESERVED
CVE-2020-15156
@@ -21079,8 +21090,8 @@ CVE-2020-14500 (Secomea GateManager all versions prior to 9.2c, An attacker can
NOT-FOR-US: Secomea GateManager
CVE-2020-14499 (Advantech iView, versions 5.6 and prior, has an improper access contro ...)
NOT-FOR-US: Advantech
-CVE-2020-14498
- RESERVED
+CVE-2020-14498 (HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The a ...)
+ TODO: check
CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL injecti ...)
NOT-FOR-US: Advantech
CVE-2020-14496
@@ -23070,8 +23081,8 @@ CVE-2020-13865 (The Elementor Page Builder plugin before 2.9.9 for WordPress suf
NOT-FOR-US: Elementor Page Builder plugin for WordPress
CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...)
NOT-FOR-US: Elementor Page Builder plugin for WordPress
-CVE-2020-13863
- RESERVED
+CVE-2020-13863 (The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker ...)
+ TODO: check
CVE-2020-13862
RESERVED
CVE-2020-13861
@@ -23167,8 +23178,8 @@ CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature ma
- node-elliptic 6.5.3~dfsg-1 (bug #963149)
[buster] - node-elliptic <no-dsa> (Minor issue)
NOTE: https://github.com/indutny/elliptic/issues/226
-CVE-2020-13821
- RESERVED
+CVE-2020-13821 (An issue was discovered in HiveMQ Broker Control Center 4.3.2. A craft ...)
+ TODO: check
CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...)
NOT-FOR-US: Extreme Management Center
CVE-2020-13819 (Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS vi ...)
@@ -23397,8 +23408,8 @@ CVE-2020-13769
RESERVED
CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via ...)
NOT-FOR-US: MiniShare
-CVE-2020-13767
- RESERVED
+CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could allow an u ...)
+ TODO: check
CVE-2020-13766
RESERVED
CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the rel ...)
@@ -23788,8 +23799,8 @@ CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an
NOT-FOR-US: Locutus PHP
CVE-2020-13618
RESERVED
-CVE-2020-13617
- RESERVED
+CVE-2020-13617 (The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones ...)
+ TODO: check
CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...)
NOT-FOR-US: pichi
CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification ...)
@@ -24233,8 +24244,8 @@ CVE-2020-13412 (An issue was discovered in Aviatrix Controller before 5.4.1204.
NOT-FOR-US: Aviatrix
CVE-2020-13411
RESERVED
-CVE-2020-13410
- RESERVED
+CVE-2020-13410 (An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not ...)
+ TODO: check
CVE-2020-13409
RESERVED
CVE-2020-13408
@@ -25566,8 +25577,8 @@ CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0
NOT-FOR-US: COVIDSafe
CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...)
NOT-FOR-US: COVIDSafe
-CVE-2020-12855
- RESERVED
+CVE-2020-12855 (A Host header injection vulnerability has been discovered in SecZetta ...)
+ TODO: check
CVE-2020-12854 (A remote code execution vulnerability was identified in SecZetta NEPro ...)
NOT-FOR-US: SecZetta NEProfile
CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...)
@@ -26592,8 +26603,8 @@ CVE-2020-12457 (An issue was discovered in wolfSSL before 4.5.0. It mishandles t
- wolfssl <unfixed>
NOTE: https://github.com/wolfSSL/wolfssl/commit/df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59 (v4.5.0-stable)
NOTE: https://github.com/wolfSSL/wolfssl/pull/2927
-CVE-2020-12456
- RESERVED
+CVE-2020-12456 (A remote code execution vulnerability in Mitel MiVoice Connect Client ...)
+ TODO: check
CVE-2020-12455
RESERVED
CVE-2020-12454
@@ -28940,8 +28951,8 @@ CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate p
NOT-FOR-US: Z-Cron
CVE-2020-11798 (A Directory Traversal vulnerability in the web conference component of ...)
NOT-FOR-US: Mitel
-CVE-2020-11797
- RESERVED
+CVE-2020-11797 (An Authentication Bypass vulnerability in the Published Area of the we ...)
+ TODO: check
CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...)
NOT-FOR-US: JetBrains Space
CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was ...)
@@ -29417,7 +29428,7 @@ CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus Adva
CVE-2020-11726
RESERVED
CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...)
- {DLA-2283-1}
+ {DSA-4750-1 DLA-2283-1}
- nginx 1.18.0-5 (bug #964950)
NOTE: https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa (ngx_lua 0.10.17, with tests)
NOTE: https://github.com/openresty/openresty/commit/4e8b4c395f842a078e429c80dd063b2323999957 (ngx_lua 0.10.15)
@@ -30302,8 +30313,8 @@ CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS wh
NOT-FOR-US: Firmware Analysis and Comparison Tool
CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...)
NOT-FOR-US: Slack Nebula
-CVE-2020-11497
- RESERVED
+CVE-2020-11497 (An issue was discovered in the NAB Transact extension 2.1.0 for the Wo ...)
+ TODO: check
CVE-2020-11496
RESERVED
CVE-2020-11495
@@ -41442,6 +41453,7 @@ CVE-2020-7069
RESERVED
CVE-2020-7068
RESERVED
+ {DLA-2345-1}
- php7.4 7.4.9-1
- php7.3 <removed>
[buster] - php7.3 <postponed> (Minor issue, fix along in future DSA)
@@ -44575,40 +44587,40 @@ CVE-2020-5930
RESERVED
CVE-2020-5929
RESERVED
-CVE-2020-5928
- RESERVED
-CVE-2020-5927
- RESERVED
-CVE-2020-5926
- RESERVED
-CVE-2020-5925
- RESERVED
-CVE-2020-5924
- RESERVED
-CVE-2020-5923
- RESERVED
-CVE-2020-5922
- RESERVED
-CVE-2020-5921
- RESERVED
-CVE-2020-5920
- RESERVED
-CVE-2020-5919
- RESERVED
-CVE-2020-5918
- RESERVED
-CVE-2020-5917
- RESERVED
-CVE-2020-5916
- RESERVED
-CVE-2020-5915
- RESERVED
-CVE-2020-5914
- RESERVED
-CVE-2020-5913
- RESERVED
-CVE-2020-5912
- RESERVED
+CVE-2020-5928 (In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0- ...)
+ TODO: check
+CVE-2020-5927 (In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG ...)
+ TODO: check
+CVE-2020-5926 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2 ...)
+ TODO: check
+CVE-2020-5925 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, ...)
+ TODO: check
+CVE-2020-5924 (In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS aut ...)
+ TODO: check
+CVE-2020-5923 (In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, ...)
+ TODO: check
+CVE-2020-5922 (In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, ...)
+ TODO: check
+CVE-2020-5921 (in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, ...)
+ TODO: check
+CVE-2020-5920 (In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0- ...)
+ TODO: check
+CVE-2020-5919 (In versions 15.1.0-15.1.0.4, rendering of certain session variables by ...)
+ TODO: check
+CVE-2020-5918 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...)
+ TODO: check
+CVE-2020-5917 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...)
+ TODO: check
+CVE-2020-5916 (In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate ...)
+ TODO: check
+CVE-2020-5915 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...)
+ TODO: check
+CVE-2020-5914 (In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2 ...)
+ TODO: check
+CVE-2020-5913 (In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0- ...)
+ TODO: check
+CVE-2020-5912 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...)
+ TODO: check
CVE-2020-5911 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller ...)
NOT-FOR-US: NGINX Controller
CVE-2020-5910 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic ...)
@@ -51273,18 +51285,18 @@ CVE-2020-3525
RESERVED
CVE-2020-3524
RESERVED
-CVE-2020-3523
- RESERVED
-CVE-2020-3522
- RESERVED
-CVE-2020-3521
- RESERVED
-CVE-2020-3520
- RESERVED
-CVE-2020-3519
- RESERVED
-CVE-2020-3518
- RESERVED
+CVE-2020-3523 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ TODO: check
+CVE-2020-3522 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ TODO: check
+CVE-2020-3521 (A vulnerability in a specific REST API of Cisco Data Center Network Ma ...)
+ TODO: check
+CVE-2020-3520 (A vulnerability in Cisco Data Center Network Manager (DCNM) Software c ...)
+ TODO: check
+CVE-2020-3519 (A vulnerability in a specific REST API method of Cisco Data Center Net ...)
+ TODO: check
+CVE-2020-3518 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ TODO: check
CVE-2020-3517
RESERVED
CVE-2020-3516
@@ -51305,12 +51317,12 @@ CVE-2020-3509
RESERVED
CVE-2020-3508
RESERVED
-CVE-2020-3507
- RESERVED
-CVE-2020-3506
- RESERVED
-CVE-2020-3505
- RESERVED
+CVE-2020-3507 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...)
+ TODO: check
+CVE-2020-3506 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...)
+ TODO: check
+CVE-2020-3505 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...)
+ TODO: check
CVE-2020-3504
RESERVED
CVE-2020-3503
@@ -51327,8 +51339,8 @@ CVE-2020-3498
RESERVED
CVE-2020-3497
RESERVED
-CVE-2020-3496
- RESERVED
+CVE-2020-3496 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...)
+ TODO: check
CVE-2020-3495
RESERVED
CVE-2020-3494
@@ -51337,10 +51349,10 @@ CVE-2020-3493
RESERVED
CVE-2020-3492
RESERVED
-CVE-2020-3491
- RESERVED
-CVE-2020-3490
- RESERVED
+CVE-2020-3491 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ TODO: check
+CVE-2020-3490 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ TODO: check
CVE-2020-3489
RESERVED
CVE-2020-3488
@@ -51349,10 +51361,10 @@ CVE-2020-3487
RESERVED
CVE-2020-3486
RESERVED
-CVE-2020-3485
- RESERVED
-CVE-2020-3484
- RESERVED
+CVE-2020-3485 (A vulnerability in the role-based access control (RBAC) functionality ...)
+ TODO: check
+CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ TODO: check
CVE-2020-3483
RESERVED
CVE-2020-3482
@@ -51390,8 +51402,8 @@ CVE-2020-3468 (A vulnerability in the web-based management interface of Cisco SD
NOT-FOR-US: Cisco
CVE-2020-3467
RESERVED
-CVE-2020-3466
- RESERVED
+CVE-2020-3466 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ TODO: check
CVE-2020-3465
RESERVED
CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
@@ -51430,22 +51442,22 @@ CVE-2020-3448 (A vulnerability in an access control mechanism of Cisco Cyber Vis
NOT-FOR-US: Cisco
CVE-2020-3447 (A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security A ...)
NOT-FOR-US: Cisco
-CVE-2020-3446
- RESERVED
+CVE-2020-3446 (A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS ...)
+ TODO: check
CVE-2020-3445
RESERVED
CVE-2020-3444
RESERVED
-CVE-2020-3443
- RESERVED
+CVE-2020-3443 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) ...)
+ TODO: check
CVE-2020-3442 (The DuoConnect client enables users to establish SSH connections to ho ...)
NOT-FOR-US: DuoConnect
CVE-2020-3441
RESERVED
-CVE-2020-3440
- RESERVED
-CVE-2020-3439
- RESERVED
+CVE-2020-3440 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could ...)
+ TODO: check
+CVE-2020-3439 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ TODO: check
CVE-2020-3438
RESERVED
CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
@@ -51544,8 +51556,8 @@ CVE-2020-3391 (A vulnerability in Cisco Digital Network Architecture (DNA) Cente
NOT-FOR-US: Cisco
CVE-2020-3390
RESERVED
-CVE-2020-3389
- RESERVED
+CVE-2020-3389 (A vulnerability in the installation component of Cisco Hyperflex HX-Se ...)
+ TODO: check
CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
NOT-FOR-US: Cisco
CVE-2020-3387 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...)
@@ -52030,10 +52042,10 @@ CVE-2020-3154 (A vulnerability in the web UI of Cisco Cloud Web Security (CWS) c
NOT-FOR-US: Cisco
CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect Secure ...)
NOT-FOR-US: Cisco
-CVE-2020-3152
- RESERVED
-CVE-2020-3151
- RESERVED
+CVE-2020-3152 (A vulnerability in Cisco Connected Mobile Experiences (CMX) could allo ...)
+ TODO: check
+CVE-2020-3151 (A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) ...)
+ TODO: check
CVE-2020-3150 (A vulnerability in the web-based management interface of Cisco Small B ...)
NOT-FOR-US: Cisco
CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -57996,8 +58008,8 @@ CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the v
CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count during ...)
- ruby-json-jwt 1.11.0-1 (bug #944850)
NOTE: https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a
-CVE-2019-18847
- RESERVED
+CVE-2019-18847 (Enterprise Access Client Auto-Updater allows for Remote Code Execution ...)
+ TODO: check
CVE-2019-18846 (OX App Suite through 7.10.2 allows SSRF. ...)
NOT-FOR-US: OX App Suite
CVE-2019-18845 (The MsIo64.sys and MsIo32.sys drivers in Patriot Viper RGB before 1.1 ...)
@@ -76993,7 +77005,7 @@ CVE-2019-13614 (CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in T
NOT-FOR-US: TP-Link
CVE-2019-13613 (CMD_FTEST_CONFIG in the TP-Link Device Debug protocol in TP-Link Wirel ...)
NOT-FOR-US: TP-Link
-CVE-2019-13612 (MDaemon Email Server 19 skips SpamAssassin checks by default for e-mai ...)
+CVE-2019-13612 (MDaemon Email Server 19 through 20.0.1 skips SpamAssassin checks by de ...)
NOT-FOR-US: MDaemon Email Server
CVE-2019-13611 (An issue was discovered in python-engineio through 3.8.2. There is a C ...)
- python-engineio 3.11.1-1 (bug #932538)
@@ -102947,8 +102959,8 @@ CVE-2019-4715 (IBM Spectrum Scale 4.2 and 5.0 could allow a remote authenticated
NOT-FOR-US: IBM
CVE-2019-4714
RESERVED
-CVE-2019-4713
- RESERVED
+CVE-2019-4713 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remo ...)
+ TODO: check
CVE-2019-4712
RESERVED
CVE-2019-4711
@@ -102971,38 +102983,38 @@ CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Micr
NOT-FOR-US: IBM
CVE-2019-4702
RESERVED
-CVE-2019-4701
- RESERVED
+CVE-2019-4701 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is deployed with a ...)
+ TODO: check
CVE-2019-4700
RESERVED
-CVE-2019-4699
- RESERVED
-CVE-2019-4698
- RESERVED
-CVE-2019-4697
- RESERVED
+CVE-2019-4699 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 generates an error ...)
+ TODO: check
+CVE-2019-4698 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not require t ...)
+ TODO: check
+CVE-2019-4697 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user creden ...)
+ TODO: check
CVE-2019-4696
RESERVED
CVE-2019-4695
RESERVED
-CVE-2019-4694
- RESERVED
-CVE-2019-4693
- RESERVED
-CVE-2019-4692
- RESERVED
-CVE-2019-4691
- RESERVED
+CVE-2019-4694 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 contains hard-code ...)
+ TODO: check
+CVE-2019-4693 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 stores user creden ...)
+ TODO: check
+CVE-2019-4692 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 discloses sensitiv ...)
+ TODO: check
+CVE-2019-4691 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 is vulnerable to c ...)
+ TODO: check
CVE-2019-4690
RESERVED
-CVE-2019-4689
- RESERVED
-CVE-2019-4688
- RESERVED
+CVE-2019-4689 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remo ...)
+ TODO: check
+CVE-2019-4688 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the s ...)
+ TODO: check
CVE-2019-4687
RESERVED
-CVE-2019-4686
- RESERVED
+CVE-2019-4686 (IBM Security Guardium Data Encryption (GDE) 3.0.0.2 does not set the s ...)
+ TODO: check
CVE-2019-4685
RESERVED
CVE-2019-4684
@@ -166051,8 +166063,8 @@ CVE-2018-1503 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a remotely authent
NOT-FOR-US: IBM
CVE-2018-1502 (IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 ...)
NOT-FOR-US: IBM
-CVE-2018-1501
- RESERVED
+CVE-2018-1501 (IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized ...)
+ TODO: check
CVE-2018-1500
RESERVED
CVE-2018-1499
@@ -196690,7 +196702,7 @@ CVE-2017-8829 (Deserialization vulnerability in lintian through 2.5.50.3 allows
- lintian 2.5.50.4 (bug #861958)
[jessie] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)
[wheezy] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)
-CVE-2017-8804 (The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc ...)
+CVE-2017-8804 (** DISPUTED ** The xdr_bytes and xdr_string functions in the GNU C Lib ...)
NOTE: This is not a vulnerability in glibc, but a bug in the application, see
NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00128.html and
NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00129.html
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7356fb1c89a5e44bd47430033a69550f1af7bb3a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7356fb1c89a5e44bd47430033a69550f1af7bb3a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200826/791c1f48/attachment.html>
More information about the debian-security-tracker-commits
mailing list