[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Tue Jul 21 21:25:12 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a032968b by Salvatore Bonaccorso at 2020-07-21T22:24:28+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,11 +1,12 @@
CVE-2020-15880
RESERVED
CVE-2020-15879 (Bitwarden Server 1.35.1 allows SSRF because it does not consider certa ...)
- TODO: check
+ NOT-FOR-US: Bitwarden Server
+ NOTE: bitwarden client is ITP'ed as #956836
CVE-2020-15878
RESERVED
CVE-2020-15877 (An issue was discovered in LibreNMS before 1.65.1. It has insufficient ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2020-15876
RESERVED
CVE-2020-15875
@@ -13,7 +14,7 @@ CVE-2020-15875
CVE-2020-15874
RESERVED
CVE-2020-15873 (In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL I ...)
- TODO: check
+ NOT-FOR-US: LibreNMS
CVE-2020-15872
RESERVED
CVE-2020-15871
@@ -347,11 +348,11 @@ CVE-2020-15726
CVE-2020-15725
RESERVED
CVE-2020-15724 (In the version 12.1.0.1005 and below of 360 Total Security, when the G ...)
- TODO: check
+ NOT-FOR-US: 360 Total Security
CVE-2020-15723 (In the version 12.1.0.1004 and below of 360 Total Security, when the m ...)
- TODO: check
+ NOT-FOR-US: 360 Total Security
CVE-2020-15722 (In version 12.1.0.1004 and below of 360 Total Security,when TPI calls ...)
- TODO: check
+ NOT-FOR-US: 360 Total Security
CVE-2020-15721 (RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XS ...)
NOT-FOR-US: RosarioSIS
CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did n ...)
@@ -1764,7 +1765,7 @@ CVE-2020-15103
NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0)
NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0)
CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...)
- TODO: check
+ NOT-FOR-US: PrestaShop
CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...)
NOT-FOR-US: freewvs
CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...)
@@ -8286,7 +8287,7 @@ CVE-2020-12501
CVE-2020-12500
RESERVED
CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...)
- TODO: check
+ NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer
CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...)
NOT-FOR-US: Phoenix
CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...)
@@ -32901,7 +32902,7 @@ CVE-2020-3470
CVE-2020-3469
RESERVED
CVE-2020-3468 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3467
RESERVED
CVE-2020-3466
@@ -32937,7 +32938,7 @@ CVE-2020-3452
CVE-2020-3451
RESERVED
CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco Vision ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3449
RESERVED
CVE-2020-3448
@@ -32963,7 +32964,7 @@ CVE-2020-3439
CVE-2020-3438
RESERVED
CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3436
RESERVED
CVE-2020-3435
@@ -33025,9 +33026,9 @@ CVE-2020-3408
CVE-2020-3407
RESERVED
CVE-2020-3406 (A vulnerability in the web-based management interface of the Cisco SD- ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3405 (A vulnerability in the web UI of Cisco SD-WAN vManage Software could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3404
RESERVED
CVE-2020-3403
@@ -33035,7 +33036,7 @@ CVE-2020-3403
CVE-2020-3402 (A vulnerability in the Java Remote Method Invocation (RMI) interface o ...)
NOT-FOR-US: Cisco
CVE-2020-3401 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3400
RESERVED
CVE-2020-3399
@@ -33061,13 +33062,13 @@ CVE-2020-3390
CVE-2020-3389
RESERVED
CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3387 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3386
RESERVED
CVE-2020-3385 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3384
RESERVED
CVE-2020-3383
@@ -33075,13 +33076,13 @@ CVE-2020-3383
CVE-2020-3382
RESERVED
CVE-2020-3381 (A vulnerability in the web management interface of Cisco SD-WAN vManag ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3380 (A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3379 (A vulnerability in Cisco SD-WAN Solution Software could allow an authe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3378 (A vulnerability in the web-based management interface for Cisco SD-WAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3377
RESERVED
CVE-2020-3376
@@ -33093,13 +33094,13 @@ CVE-2020-3374
CVE-2020-3373
RESERVED
CVE-2020-3372 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3371
RESERVED
CVE-2020-3370 (A vulnerability in URL filtering of Cisco Content Security Management ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3369 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3368 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
NOT-FOR-US: Cisco
CVE-2020-3367
@@ -33121,9 +33122,9 @@ CVE-2020-3360 (A vulnerability in the Web Access feature of Cisco IP Phones Seri
CVE-2020-3359
RESERVED
CVE-2020-3358 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3357 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3356 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
NOT-FOR-US: Cisco
CVE-2020-3355 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
@@ -33135,21 +33136,21 @@ CVE-2020-3353 (A vulnerability in the syslog processing engine of Cisco Identity
CVE-2020-3352
RESERVED
CVE-2020-3351 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3350 (A vulnerability in the endpoint software of Cisco AMP for Endpoints an ...)
- clamav 0.102.4+dfsg-1
[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
CVE-2020-3349 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3348 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could ...)
NOT-FOR-US: Cisco
CVE-2020-3346
RESERVED
CVE-2020-3345 (A vulnerability in certain web pages of Cisco Webex Meetings and Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
NOT-FOR-US: Cisco
CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
@@ -33179,11 +33180,11 @@ CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Se
CVE-2020-3333 (A vulnerability in the API of Cisco Application Services Engine Softwa ...)
NOT-FOR-US: Cisco
CVE-2020-3332 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3331 (A vulnerability in the web-based management interface of Cisco RV110W ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3330 (A vulnerability in the Telnet service of Cisco Small Business RV110W W ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3329 (A vulnerability in role-based access control of Cisco Integrated Manag ...)
NOT-FOR-US: Cisco
CVE-2020-3328
@@ -33203,7 +33204,7 @@ CVE-2020-3325
CVE-2020-3324
RESERVED
CVE-2020-3323 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
NOT-FOR-US: Cisco
CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
@@ -33455,7 +33456,7 @@ CVE-2020-3199 (Multiple vulnerabilities in the Cisco IOx application environment
CVE-2020-3198 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
NOT-FOR-US: Cisco
CVE-2020-3197 (A vulnerability in the API subsystem of Cisco Meetings App could allow ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
NOT-FOR-US: Cisco
CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...)
@@ -33489,7 +33490,7 @@ CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuratio
CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...)
NOT-FOR-US: Cisco
CVE-2020-3180 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...)
NOT-FOR-US: Cisco
CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Softwar ...)
@@ -33549,7 +33550,7 @@ CVE-2020-3152
CVE-2020-3151
RESERVED
CVE-2020-3150 (A vulnerability in the web-based management interface of Cisco Small B ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...)
@@ -33557,11 +33558,11 @@ CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network
CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
NOT-FOR-US: Cisco
CVE-2020-3146 (Multiple vulnerabilities in the web-based management interface of the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3145 (Multiple vulnerabilities in the web-based management interface of the ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3144 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3143
RESERVED
CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...)
@@ -33569,7 +33570,7 @@ CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Web
CVE-2020-3141
RESERVED
CVE-2020-3140 (A vulnerability in the web management interface of Cisco Prime License ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...)
NOT-FOR-US: Cisco
CVE-2020-3138 (A vulnerability in the upgrade component of Cisco Enterprise NFV Infra ...)
@@ -34035,9 +34036,9 @@ CVE-2020-2985
CVE-2020-2984 (Vulnerability in the Oracle Configuration Manager product of Oracle En ...)
TODO: check
CVE-2020-2983 (Vulnerability in the Oracle Data Masking and Subsetting product of Ora ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2982 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2981 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
TODO: check
CVE-2020-2980
@@ -34045,31 +34046,31 @@ CVE-2020-2980
CVE-2020-2979
RESERVED
CVE-2020-2978 (Vulnerability in the Oracle Database - Enterprise Edition component of ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2977 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2976 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2975 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2974 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2973 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2972 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2971 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2970
RESERVED
CVE-2020-2969 (Vulnerability in the Data Pump component of Oracle Database Server. Su ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2968 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2967 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2966 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2965
RESERVED
CVE-2020-2964 (Vulnerability in the Oracle Financial Services Data Foundation product ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a032968bdeb154bdeb2e9595d325a811a6421ba6
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a032968bdeb154bdeb2e9595d325a811a6421ba6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200721/c6ca2d3b/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list