[Git][security-tracker-team/security-tracker][master] Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Fri Jul 31 20:29:46 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f8f3f8f0 by Salvatore Bonaccorso at 2020-07-31T21:29:15+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -27642,11 +27642,11 @@ CVE-2020-5616
CVE-2020-5615
RESERVED
CVE-2020-5614 (Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows ...)
- TODO: check
+ NOT-FOR-US: KonaWiki
CVE-2020-5613 (Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allow ...)
- TODO: check
+ NOT-FOR-US: KonaWiki
CVE-2020-5612 (Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allow ...)
- TODO: check
+ NOT-FOR-US: KonaWiki
CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social Sharing Plug ...)
NOT-FOR-US: Social Sharing Plugin for WordPress
CVE-2020-5610 (Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earli ...)
@@ -31999,23 +31999,23 @@ CVE-2019-20035
CVE-2019-20034
RESERVED
CVE-2019-20033 (On Aspire-derived NEC PBXes, including all versions of SV8100 devices, ...)
- TODO: check
+ NOT-FOR-US: NEC devices
CVE-2019-20032 (An attacker with access to an InMail voicemail box equipped with the f ...)
- TODO: check
+ NOT-FOR-US: NEC devices
CVE-2019-20031 (NEC UM8000, UM4730 and prior non-InMail voicemail systems with all kno ...)
- TODO: check
+ NOT-FOR-US: NEC devices
CVE-2019-20030 (An attacker with knowledge of the modem access number on a NEC UM8000 ...)
- TODO: check
+ NOT-FOR-US: NEC devices
CVE-2019-20029 (An exploitable privilege escalation vulnerability exists in the WebPro ...)
- TODO: check
+ NOT-FOR-US: NEC devices
CVE-2019-20028 (Aspire-derived NEC PBXes operating InMail software, including all vers ...)
- TODO: check
+ NOT-FOR-US: NEC devices
CVE-2019-20027 (Aspire-derived NEC PBXes, including the SV8100, SV9100, SL1100 and SL2 ...)
- TODO: check
+ NOT-FOR-US: NEC devices
CVE-2019-20026 (The WebPro interface in NEC SV9100 software releases 7.0 or higher all ...)
- TODO: check
+ NOT-FOR-US: NEC devices
CVE-2019-20025 (Certain builds of NEC SV9100 software could allow an unauthenticated, ...)
- TODO: check
+ NOT-FOR-US: NEC devices
CVE-2019-20024 (A heap-based buffer overflow was discovered in image_buffer_resize in ...)
- libsixel 1.8.6-1 (low; bug #948103)
[buster] - libsixel <no-dsa> (Minor issue)
@@ -33814,11 +33814,11 @@ CVE-2020-3464
CVE-2020-3463
RESERVED
CVE-2020-3462 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3461 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3460 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3459
RESERVED
CVE-2020-3458
@@ -33966,15 +33966,15 @@ CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could
CVE-2020-3387 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...)
NOT-FOR-US: Cisco
CVE-2020-3386 (A vulnerability in the REST API endpoint of Cisco Data Center Network ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3385 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...)
NOT-FOR-US: Cisco
CVE-2020-3384 (A vulnerability in specific REST API endpoints of Cisco Data Center Ne ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3383 (A vulnerability in the archive utility of Cisco Data Center Network Ma ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3382 (A vulnerability in the REST API of Cisco Data Center Network Manager ( ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3381 (A vulnerability in the web management interface of Cisco SD-WAN vManag ...)
NOT-FOR-US: Cisco
CVE-2020-3380 (A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) ...)
@@ -33984,13 +33984,13 @@ CVE-2020-3379 (A vulnerability in Cisco SD-WAN Solution Software could allow an
CVE-2020-3378 (A vulnerability in the web-based management interface for Cisco SD-WAN ...)
NOT-FOR-US: Cisco
CVE-2020-3377 (A vulnerability in the Device Manager application of Cisco Data Center ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3376 (A vulnerability in the Device Manager application of Cisco Data Center ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3375 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3374 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3373
RESERVED
CVE-2020-3372 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
@@ -35973,7 +35973,7 @@ CVE-2020-2564 (Vulnerability in the Siebel UI Framework product of Oracle Siebel
CVE-2020-2563 (Vulnerability in the Hyperion Financial Close Management product of Or ...)
NOT-FOR-US: Oracle
CVE-2020-2562 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2561 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
NOT-FOR-US: Oracle
CVE-2020-2560 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...)
@@ -36071,7 +36071,7 @@ CVE-2020-2515 (Vulnerability in the Database Gateway for ODBC component of Oracl
CVE-2020-2514 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
NOT-FOR-US: Oracle
CVE-2020-2513 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-2512 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...)
NOT-FOR-US: Oracle
CVE-2020-2511 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
@@ -40695,7 +40695,7 @@ CVE-2020-1654 (On Juniper Networks SRX Series with ICAP (Internet Content Adapta
CVE-2020-1653 (On Juniper Networks Junos OS devices, a stream of TCP packets sent to ...)
NOT-FOR-US: Juniper
CVE-2020-1652 (OpenNMS is accessible via port 9443 ...)
- TODO: check
+ NOT-FOR-US: OpenNMS
CVE-2020-1651 (On Juniper Networks MX series, receipt of a stream of specific Layer 2 ...)
NOT-FOR-US: Juniper
CVE-2020-1650 (On Juniper Networks Junos MX Series with service card configured, rece ...)
@@ -40719,7 +40719,7 @@ CVE-2020-1642
CVE-2020-1641 (A Race Condition vulnerability in Juniper Networks Junos OS LLDP imple ...)
NOT-FOR-US: Juniper
CVE-2020-1640 (An improper use of a validation framework when processing incoming gen ...)
- TODO: check
+ NOT-FOR-US: Juniper
CVE-2020-1639 (When an attacker sends a specific crafted Ethernet Operation, Administ ...)
NOT-FOR-US: Juniper
CVE-2020-1638 (The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and J ...)
@@ -41085,7 +41085,7 @@ CVE-2020-1459
CVE-2020-1458 (A remote code execution vulnerability exists when Microsoft Office imp ...)
NOT-FOR-US: Microsoft
CVE-2020-1457 (A remote code execution vulnerability exists in the way that Microsoft ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-1456 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
NOT-FOR-US: Microsoft
CVE-2020-1455
@@ -41149,7 +41149,7 @@ CVE-2020-1427 (An elevation of privilege vulnerability exists in the way that th
CVE-2020-1426 (An information disclosure vulnerability exists when the Windows kernel ...)
NOT-FOR-US: Microsoft
CVE-2020-1425 (A remoted code execution vulnerability exists in the way that Microsof ...)
- TODO: check
+ NOT-FOR-US: Microsoft
CVE-2020-1424 (An elevation of privilege vulnerability exists when the Windows Update ...)
NOT-FOR-US: Microsoft
CVE-2020-1423 (An elevation of privilege vulnerability exists in the way that the Win ...)
@@ -58087,7 +58087,7 @@ CVE-2019-14101 (Out of bounds read can happen in diag event set mask command han
CVE-2019-14100 (Register write via debugfs is disabled by default to prevent register ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14099 (Device misbehavior may be observed when incorrect offset, length or nu ...)
- TODO: check
+ NOT-FOR-US: Snapdragon
CVE-2019-14098 (Possible buffer overflow in data offload handler due to lack of check ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2019-14097 (Possible buffer overflow in WLAN Parser due to lack of length check wh ...)
@@ -64804,7 +64804,7 @@ CVE-2019-12002 (A remote session reuse vulnerability leading to access restricti
CVE-2019-12001 (A remote session reuse vulnerability leading to access restriction byp ...)
NOT-FOR-US: HPE
CVE-2019-12000 (HPE has found a potential Remote Access Restriction Bypass in HPE MSE ...)
- TODO: check
+ NOT-FOR-US: HPE
CVE-2019-11999 (Potential security vulnerabilities have been identified in HPE OpenCal ...)
NOT-FOR-US: HPE
CVE-2019-11998 (HPE Superdome Flex Server is vulnerable to multiple remote vulnerabili ...)
@@ -86586,9 +86586,9 @@ CVE-2019-4093 (IBM Tivoli Storage Manager (IBM Spectrum Protect 8.1.7) could all
CVE-2019-4092 (IBM Content Navigator 2.0.3 and 3.0CD could allow a remote attacker to ...)
NOT-FOR-US: IBM
CVE-2019-4091 ("HCL Marketing Platform is vulnerable to cross-site scripting during a ...)
- TODO: check
+ NOT-FOR-US: HCL Marketing Platform
CVE-2019-4090 ("HCL Campaign is vulnerable to cross-site scripting when a user provid ...)
- TODO: check
+ NOT-FOR-US: HCL Campaign
CVE-2019-4089
RESERVED
CVE-2019-4088 (IBM Spectrum Protect Servers 7.1 and 8.1 and Storage Agents could allo ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8f3f8f0483f02e6892d6fcc06b36a67b09f533e
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f8f3f8f0483f02e6892d6fcc06b36a67b09f533e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200731/def08d9e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list