[Git][security-tracker-team/security-tracker][master] Process some NFUs

Salvatore Bonaccorso carnil at debian.org
Tue Jul 21 21:25:12 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
a032968b by Salvatore Bonaccorso at 2020-07-21T22:24:28+02:00
Process some NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,11 +1,12 @@
 CVE-2020-15880
 	RESERVED
 CVE-2020-15879 (Bitwarden Server 1.35.1 allows SSRF because it does not consider certa ...)
-	TODO: check
+	NOT-FOR-US: Bitwarden Server
+	NOTE: bitwarden client is ITP'ed as #956836
 CVE-2020-15878
 	RESERVED
 CVE-2020-15877 (An issue was discovered in LibreNMS before 1.65.1. It has insufficient ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2020-15876
 	RESERVED
 CVE-2020-15875
@@ -13,7 +14,7 @@ CVE-2020-15875
 CVE-2020-15874
 	RESERVED
 CVE-2020-15873 (In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL I ...)
-	TODO: check
+	NOT-FOR-US: LibreNMS
 CVE-2020-15872
 	RESERVED
 CVE-2020-15871
@@ -347,11 +348,11 @@ CVE-2020-15726
 CVE-2020-15725
 	RESERVED
 CVE-2020-15724 (In the version 12.1.0.1005 and below of 360 Total Security, when the G ...)
-	TODO: check
+	NOT-FOR-US: 360 Total Security
 CVE-2020-15723 (In the version 12.1.0.1004 and below of 360 Total Security, when the m ...)
-	TODO: check
+	NOT-FOR-US: 360 Total Security
 CVE-2020-15722 (In version 12.1.0.1004 and below of 360 Total Security,when TPI calls  ...)
-	TODO: check
+	NOT-FOR-US: 360 Total Security
 CVE-2020-15721 (RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XS ...)
 	NOT-FOR-US: RosarioSIS
 CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did n ...)
@@ -1764,7 +1765,7 @@ CVE-2020-15103
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0)
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0)
 CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...)
-	TODO: check
+	NOT-FOR-US: PrestaShop
 CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...)
 	NOT-FOR-US: freewvs
 CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...)
@@ -8286,7 +8287,7 @@ CVE-2020-12501
 CVE-2020-12500
 	RESERVED
 CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...)
-	TODO: check
+	NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer
 CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...)
 	NOT-FOR-US: Phoenix
 CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...)
@@ -32901,7 +32902,7 @@ CVE-2020-3470
 CVE-2020-3469
 	RESERVED
 CVE-2020-3468 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3467
 	RESERVED
 CVE-2020-3466
@@ -32937,7 +32938,7 @@ CVE-2020-3452
 CVE-2020-3451
 	RESERVED
 CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco Vision  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3449
 	RESERVED
 CVE-2020-3448
@@ -32963,7 +32964,7 @@ CVE-2020-3439
 CVE-2020-3438
 	RESERVED
 CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3436
 	RESERVED
 CVE-2020-3435
@@ -33025,9 +33026,9 @@ CVE-2020-3408
 CVE-2020-3407
 	RESERVED
 CVE-2020-3406 (A vulnerability in the web-based management interface of the Cisco SD- ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3405 (A vulnerability in the web UI of Cisco SD-WAN vManage Software could a ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3404
 	RESERVED
 CVE-2020-3403
@@ -33035,7 +33036,7 @@ CVE-2020-3403
 CVE-2020-3402 (A vulnerability in the Java Remote Method Invocation (RMI) interface o ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3401 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3400
 	RESERVED
 CVE-2020-3399
@@ -33061,13 +33062,13 @@ CVE-2020-3390
 CVE-2020-3389
 	RESERVED
 CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3387 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3386
 	RESERVED
 CVE-2020-3385 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3384
 	RESERVED
 CVE-2020-3383
@@ -33075,13 +33076,13 @@ CVE-2020-3383
 CVE-2020-3382
 	RESERVED
 CVE-2020-3381 (A vulnerability in the web management interface of Cisco SD-WAN vManag ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3380 (A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3379 (A vulnerability in Cisco SD-WAN Solution Software could allow an authe ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3378 (A vulnerability in the web-based management interface for Cisco SD-WAN ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3377
 	RESERVED
 CVE-2020-3376
@@ -33093,13 +33094,13 @@ CVE-2020-3374
 CVE-2020-3373
 	RESERVED
 CVE-2020-3372 (A vulnerability in the web-based management interface of Cisco SD-WAN  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3371
 	RESERVED
 CVE-2020-3370 (A vulnerability in URL filtering of Cisco Content Security Management  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3369 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3368 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3367
@@ -33121,9 +33122,9 @@ CVE-2020-3360 (A vulnerability in the Web Access feature of Cisco IP Phones Seri
 CVE-2020-3359
 	RESERVED
 CVE-2020-3358 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3357 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3356 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3355 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
@@ -33135,21 +33136,21 @@ CVE-2020-3353 (A vulnerability in the syslog processing engine of Cisco Identity
 CVE-2020-3352
 	RESERVED
 CVE-2020-3351 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3350 (A vulnerability in the endpoint software of Cisco AMP for Endpoints an ...)
 	- clamav 0.102.4+dfsg-1
 	[buster] - clamav <no-dsa> (ClamAV is updated via -updates)
 	NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
 CVE-2020-3349 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3348 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3346
 	RESERVED
 CVE-2020-3345 (A vulnerability in certain web pages of Cisco Webex Meetings and Cisco ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
@@ -33179,11 +33180,11 @@ CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Se
 CVE-2020-3333 (A vulnerability in the API of Cisco Application Services Engine Softwa ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3332 (A vulnerability in the web-based management interface of Cisco Small B ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3331 (A vulnerability in the web-based management interface of Cisco RV110W  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3330 (A vulnerability in the Telnet service of Cisco Small Business RV110W W ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3329 (A vulnerability in role-based access control of Cisco Integrated Manag ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3328
@@ -33203,7 +33204,7 @@ CVE-2020-3325
 CVE-2020-3324
 	RESERVED
 CVE-2020-3323 (A vulnerability in the web-based management interface of Cisco Small B ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
@@ -33455,7 +33456,7 @@ CVE-2020-3199 (Multiple vulnerabilities in the Cisco IOx application environment
 CVE-2020-3198 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3197 (A vulnerability in the API subsystem of Cisco Meetings App could allow ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF) implementation  ...)
@@ -33489,7 +33490,7 @@ CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuratio
 CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3180 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Softwar ...)
@@ -33549,7 +33550,7 @@ CVE-2020-3152
 CVE-2020-3151
 	RESERVED
 CVE-2020-3150 (A vulnerability in the web-based management interface of Cisco Small B ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...)
@@ -33557,11 +33558,11 @@ CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network
 CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3146 (Multiple vulnerabilities in the web-based management interface of the  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3145 (Multiple vulnerabilities in the web-based management interface of the  ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3144 (A vulnerability in the web-based management interface of the Cisco RV1 ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3143
 	RESERVED
 CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...)
@@ -33569,7 +33570,7 @@ CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Web
 CVE-2020-3141
 	RESERVED
 CVE-2020-3140 (A vulnerability in the web management interface of Cisco Prime License ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3138 (A vulnerability in the upgrade component of Cisco Enterprise NFV Infra ...)
@@ -34035,9 +34036,9 @@ CVE-2020-2985
 CVE-2020-2984 (Vulnerability in the Oracle Configuration Manager product of Oracle En ...)
 	TODO: check
 CVE-2020-2983 (Vulnerability in the Oracle Data Masking and Subsetting product of Ora ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2982 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2981 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
 	TODO: check
 CVE-2020-2980
@@ -34045,31 +34046,31 @@ CVE-2020-2980
 CVE-2020-2979
 	RESERVED
 CVE-2020-2978 (Vulnerability in the Oracle Database - Enterprise Edition component of ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2977 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2976 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2975 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2974 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2973 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2972 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2971 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2970
 	RESERVED
 CVE-2020-2969 (Vulnerability in the Data Pump component of Oracle Database Server. Su ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2968 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2967 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2966 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
-	TODO: check
+	NOT-FOR-US: Oracle
 CVE-2020-2965
 	RESERVED
 CVE-2020-2964 (Vulnerability in the Oracle Financial Services Data Foundation product ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a032968bdeb154bdeb2e9595d325a811a6421ba6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a032968bdeb154bdeb2e9595d325a811a6421ba6
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200721/c6ca2d3b/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list