[Git][security-tracker-team/security-tracker][master] 2 commits: Process NFUs
Salvatore Bonaccorso
carnil at debian.org
Sat Jun 6 07:29:24 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
37fcf0ea by Salvatore Bonaccorso at 2020-06-06T08:19:58+02:00
Process NFUs
- - - - -
7ec11f91 by Salvatore Bonaccorso at 2020-06-06T08:28:28+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,9 +1,9 @@
CVE-2020-13870 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...)
- TODO: check
+ NOT-FOR-US: Comments plugin for Craft CMS
CVE-2020-13869 (An issue was discovered in the Comments plugin before 1.5.6 for Craft ...)
- TODO: check
+ NOT-FOR-US: Comments plugin for Craft CMS
CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...)
- TODO: check
+ NOT-FOR-US: Comments plugin for Craft CMS
CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...)
TODO: check
CVE-2020-13866
@@ -6135,13 +6135,13 @@ CVE-2020-11684
CVE-2020-11683
RESERVED
CVE-2020-11682 (Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing ...)
- TODO: check
+ NOT-FOR-US: Castel NextGen DVR
CVE-2020-11681 (Castel NextGen DVR v1.0.0 stores and displays credentials for the asso ...)
- TODO: check
+ NOT-FOR-US: Castel NextGen DVR
CVE-2020-11680 (Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all ...)
- TODO: check
+ NOT-FOR-US: Castel NextGen DVR
CVE-2020-11679 (Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation throug ...)
- TODO: check
+ NOT-FOR-US: Castel NextGen DVR
CVE-2020-11678
RESERVED
CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). ...)
@@ -12496,7 +12496,7 @@ CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0
CVE-2020-9293
RESERVED
CVE-2020-9292 (An unquoted service path vulnerability in the FortiSIEM Windows Agent ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windows 6. ...)
NOT-FOR-US: Fortiguard / FortiClient for Windows
CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online ...)
@@ -12980,7 +12980,7 @@ CVE-2020-9076
CVE-2020-9075
RESERVED
CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an imprope ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...)
NOT-FOR-US: Huawei
CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...)
@@ -15268,7 +15268,7 @@ CVE-2020-8105
CVE-2020-8104
RESERVED
CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...)
- TODO: check
+ NOT-FOR-US: Bitdefender Antivirus Free
CVE-2020-8102
RESERVED
CVE-2020-8101
@@ -17556,11 +17556,11 @@ CVE-2020-7119
CVE-2020-7118
RESERVED
CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
- TODO: check
+ NOT-FOR-US: ClearPass Policy Manager WebUI
CVE-2020-7116 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
- TODO: check
+ NOT-FOR-US: ClearPass Policy Manager WebUI
CVE-2020-7115 (The ClearPass Policy Manager web interface is affected by a vulnerabil ...)
- TODO: check
+ NOT-FOR-US: ClearPass Policy Manager
CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the same ne ...)
NOT-FOR-US: ClearPass
CVE-2020-7113 (A vulnerability was found when an attacker, while communicating with t ...)
@@ -17850,7 +17850,7 @@ CVE-2020-7032
CVE-2020-7031
RESERVED
CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered in the ...)
- TODO: check
+ NOT-FOR-US: IP Office
CVE-2020-7029
RESERVED
CVE-2020-7028
@@ -18805,7 +18805,7 @@ CVE-2020-6642
CVE-2020-6641
RESERVED
CVE-2020-6640 (An improper neutralization of input vulnerability in the Admin Profile ...)
- TODO: check
+ NOT-FOR-US: Fortiguard
CVE-2020-6639
RESERVED
CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...)
@@ -21213,7 +21213,7 @@ CVE-2020-5593
CVE-2020-5592
RESERVED
CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to ...)
- TODO: check
+ NOT-FOR-US: XACK DNS
CVE-2020-5590
RESERVED
CVE-2020-5589
@@ -21902,15 +21902,15 @@ CVE-2020-5301 (SimpleSAMLphp versions before 1.18.6 contain an information discl
CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect ...)
NOT-FOR-US: ORY Hydra
CVE-2020-5299 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
- TODO: check
+ NOT-FOR-US: OctoberCMS
CVE-2020-5298 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
- TODO: check
+ NOT-FOR-US: OctoberCMS
CVE-2020-5297 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
- TODO: check
+ NOT-FOR-US: OctoberCMS
CVE-2020-5296 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
- TODO: check
+ NOT-FOR-US: OctoberCMS
CVE-2020-5295 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...)
- TODO: check
+ NOT-FOR-US: OctoberCMS
CVE-2020-5294 (PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflect ...)
NOT-FOR-US: PrestaShop
CVE-2020-5293 (In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper ...)
@@ -24170,11 +24170,11 @@ CVE-2020-4452
CVE-2020-4451
RESERVED
CVE-2020-4450 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4449 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4448 (IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4447
RESERVED
CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automa ...)
@@ -24612,7 +24612,7 @@ CVE-2020-4231 (IBM Security Identity Governance and Intelligence 5.2.6 could all
CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...)
NOT-FOR-US: IBM
CVE-2020-4229 (IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate se ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4228
RESERVED
CVE-2020-4227
@@ -27521,7 +27521,7 @@ CVE-2020-3355
CVE-2020-3354
RESERVED
CVE-2020-3353 (A vulnerability in the syslog processing engine of Cisco Identity Serv ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3352
RESERVED
CVE-2020-3351
@@ -27553,7 +27553,7 @@ CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVir
CVE-2020-3340
RESERVED
CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Prime I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3338
RESERVED
CVE-2020-3337
@@ -27561,11 +27561,11 @@ CVE-2020-3337
CVE-2020-3336
RESERVED
CVE-2020-3335 (A vulnerability in the key store of Cisco Application Services Engine ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Securit ...)
NOT-FOR-US: Cisco
CVE-2020-3333 (A vulnerability in the API of Cisco Application Services Engine Softwa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3332
RESERVED
CVE-2020-3331
@@ -27591,13 +27591,13 @@ CVE-2020-3324
CVE-2020-3323
RESERVED
CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3320
RESERVED
CVE-2020-3319 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)
NOT-FOR-US: Cisco
CVE-2020-3317
@@ -27673,7 +27673,7 @@ CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer
CVE-2020-3282
RESERVED
CVE-2020-3281 (A vulnerability in the audit logging component of Cisco Digital Networ ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of Cisco Unifi ...)
NOT-FOR-US: Cisco
CVE-2020-3279
@@ -27701,7 +27701,7 @@ CVE-2020-3269
CVE-2020-3268
RESERVED
CVE-2020-3267 (A vulnerability in the API subsystem of Cisco Unified Contact Center E ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3266 (A vulnerability in the CLI of Cisco SD-WAN Solution software could all ...)
NOT-FOR-US: Cisco
CVE-2020-3265 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...)
@@ -27719,9 +27719,9 @@ CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software co
CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
NOT-FOR-US: Cisco
CVE-2020-3258 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3257 (Multiple vulnerabilities in the Cisco IOx application environment of C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco Hosted ...)
NOT-FOR-US: Cisco
CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco Firepo ...)
@@ -27759,87 +27759,87 @@ CVE-2020-3240 (Multiple vulnerabilities in the REST API of Cisco UCS Director an
CVE-2020-3239 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
NOT-FOR-US: Cisco
CVE-2020-3238 (A vulnerability in the Cisco Application Framework component of the Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3237 (A vulnerability in the Cisco Application Framework component of the Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3236
RESERVED
CVE-2020-3235 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3234 (A vulnerability in the virtual console authentication of Cisco IOS Sof ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3233 (A vulnerability in the web-based Local Manager interface of the Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3232 (A vulnerability in the Simple Network Management Protocol (SNMP) imple ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3231 (A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3230 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3229 (A vulnerability in Role Based Access Control (RBAC) functionality of C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3228 (A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3227 (A vulnerability in the authorization controls for the Cisco IOx applic ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3226 (A vulnerability in the Session Initiation Protocol (SIP) library of Ci ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3225 (Multiple vulnerabilities in the implementation of the Common Industria ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3224 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3223 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3222 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3221 (A vulnerability in the Flexible NetFlow Version 9 packet processor of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3220 (A vulnerability in the hardware crypto driver of Cisco IOS XE Software ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3219 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3218 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3217 (A vulnerability in the Topology Discovery Service of Cisco One Platfor ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3216 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3215 (A vulnerability in the Virtual Services Container of Cisco IOS XE Soft ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3214 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3213 (A vulnerability in the ROMMON of Cisco IOS XE Software could allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3212 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3211 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3210 (A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3209 (A vulnerability in software image verification in Cisco IOS XE Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3208 (A vulnerability in the image verification feature of Cisco IOS Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3207 (A vulnerability in the processing of boot options of specific Cisco IO ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3206 (A vulnerability in the handling of IEEE 802.11w Protected Management F ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3205 (A vulnerability in the implementation of the inter-VM channel of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3204 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3203 (A vulnerability in the locally significant certificate (LSC) provision ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3202
RESERVED
CVE-2020-3201 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3200 (A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Sof ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3199 (Multiple vulnerabilities in the Cisco IOx application environment of C ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3198 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3197
RESERVED
CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
@@ -31613,7 +31613,7 @@ CVE-2019-19467
CVE-2020-1884
RESERVED
CVE-2020-1883 (Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak v ...)
- TODO: check
+ NOT-FOR-US: Huawei
CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...)
NOT-FOR-US: Huawei
CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f9ce546f4a0fed1d888a7dcc75bc6e546b21dd7...7ec11f913e7715d8df4f49a9bb0b4b903f88bff3
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/6f9ce546f4a0fed1d888a7dcc75bc6e546b21dd7...7ec11f913e7715d8df4f49a9bb0b4b903f88bff3
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200606/75e254ad/attachment.html>
More information about the debian-security-tracker-commits
mailing list