[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Jun 18 09:10:30 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
32597bd4 by security tracker role at 2020-06-18T08:10:22+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2020-14414
+	RESERVED
+CVE-2020-14413
+	RESERVED
+CVE-2020-14412
+	RESERVED
+CVE-2020-14411
+	RESERVED
+CVE-2020-14410
+	RESERVED
+CVE-2020-14409
+	RESERVED
+CVE-2020-14408 (An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanit ...)
+	TODO: check
 CVE-2020-14407
 	RESERVED
 CVE-2020-14406
@@ -399,7 +413,7 @@ CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncser
 CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...)
 	- libvncserver <unfixed>
 	NOTE: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
-CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is a memo ...)
+CVE-2018-21247 (An issue was discovered in LibVNCServer before 0.9.13. There is an inf ...)
 	- libvncserver 0.9.12+dfsg-3
 	NOTE: https://github.com/LibVNC/libvncserver/issues/253
 	NOTE: https://github.com/LibVNC/libvncserver/commit/8b06f835e259652b0ff026898014fc7297ade858
@@ -526,8 +540,8 @@ CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.1
 	NOT-FOR-US: ConnectWise
 CVE-2020-14158
 	RESERVED
-CVE-2020-14157
-	RESERVED
+CVE-2020-14157 (The wireless-communication feature of the ABUS Secvest FUBE50001 devic ...)
+	TODO: check
 CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020 ...)
 	NOT-FOR-US: OpenBMC
 CVE-2020-14155 (libpcre in PCRE before 8.44 allows an integer overflow via a large num ...)
@@ -804,8 +818,8 @@ CVE-2020-14042
 	RESERVED
 CVE-2020-14041
 	RESERVED
-CVE-2020-14040
-	RESERVED
+CVE-2020-14040 (Go version v0.3.3 of the x/text package fixes a vulnerability in encod ...)
+	TODO: check
 CVE-2020-14039
 	RESERVED
 CVE-2020-XXXX [Editor: Ensure latest comments can only be viewed from public posts]
@@ -1968,7 +1982,7 @@ CVE-2020-13593
 	RESERVED
 CVE-2020-13662 [Drupal SA 2020-003]
 	RESERVED
-	{DSA-4693-1}
+	{DSA-4693-1 DLA-2250-1}
 	- drupal7 <removed>
 	NOTE: https://www.drupal.org/sa-core-2020-003
 	NOTE: https://git.drupalcode.org/project/drupal/-/commit/905ff00a44160adee3f266cdcc87d3350a64a072
@@ -15427,12 +15441,10 @@ CVE-2020-8621
 	RESERVED
 CVE-2020-8620
 	RESERVED
-CVE-2020-8619
-	RESERVED
+CVE-2020-8619 (Unless a nameserver is providing authoritative service for one or more ...)
 	- bind9 1:9.16.4-1
 	NOTE: https://kb.isc.org/docs/cve-2020-8619
-CVE-2020-8618
-	RESERVED
+CVE-2020-8618 (An attacker who is permitted to send zone data to a server via zone tr ...)
 	- bind9 1:9.16.4-1
 	NOTE: https://kb.isc.org/docs/cve-2020-8618
 CVE-2020-8617 (Using a specially-crafted message, an attacker may potentially cause a ...)
@@ -28874,50 +28886,50 @@ CVE-2020-3370
 	RESERVED
 CVE-2020-3369
 	RESERVED
-CVE-2020-3368
-	RESERVED
+CVE-2020-3368 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
+	TODO: check
 CVE-2020-3367
 	RESERVED
 CVE-2020-3366
 	RESERVED
 CVE-2020-3365
 	RESERVED
-CVE-2020-3364
-	RESERVED
+CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality of the  ...)
+	TODO: check
 CVE-2020-3363
 	RESERVED
-CVE-2020-3362
-	RESERVED
-CVE-2020-3361
-	RESERVED
-CVE-2020-3360
-	RESERVED
+CVE-2020-3362 (A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO ...)
+	TODO: check
+CVE-2020-3361 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
+	TODO: check
+CVE-2020-3360 (A vulnerability in the Web Access feature of Cisco IP Phones Series 78 ...)
+	TODO: check
 CVE-2020-3359
 	RESERVED
 CVE-2020-3358
 	RESERVED
 CVE-2020-3357
 	RESERVED
-CVE-2020-3356
-	RESERVED
-CVE-2020-3355
-	RESERVED
-CVE-2020-3354
-	RESERVED
+CVE-2020-3356 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+	TODO: check
+CVE-2020-3355 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+	TODO: check
+CVE-2020-3354 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+	TODO: check
 CVE-2020-3353 (A vulnerability in the syslog processing engine of Cisco Identity Serv ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3352
 	RESERVED
 CVE-2020-3351
 	RESERVED
-CVE-2020-3350
-	RESERVED
+CVE-2020-3350 (A vulnerability in the endpoint software of Cisco AMP for Endpoints an ...)
+	TODO: check
 CVE-2020-3349
 	RESERVED
 CVE-2020-3348
 	RESERVED
-CVE-2020-3347
-	RESERVED
+CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could  ...)
+	TODO: check
 CVE-2020-3346
 	RESERVED
 CVE-2020-3345
@@ -28926,8 +28938,8 @@ CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Softwa
 	NOT-FOR-US: Cisco
 CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3342
-	RESERVED
+CVE-2020-3342 (A vulnerability in the software update feature of Cisco Webex Meetings ...)
+	TODO: check
 CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVirus (C ...)
 	{DLA-2215-1}
 	- clamav 0.102.3+dfsg-1
@@ -28940,10 +28952,10 @@ CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Pr
 	NOT-FOR-US: Cisco
 CVE-2020-3338
 	RESERVED
-CVE-2020-3337
-	RESERVED
-CVE-2020-3336
-	RESERVED
+CVE-2020-3337 (A vulnerability in the web server of Cisco Umbrella could allow an una ...)
+	TODO: check
+CVE-2020-3336 (A vulnerability in the software upgrade process of Cisco TelePresence  ...)
+	TODO: check
 CVE-2020-3335 (A vulnerability in the key store of Cisco Application Services Engine  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Securit ...)
@@ -29026,28 +29038,28 @@ CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementa
 	NOT-FOR-US: Cisco
 CVE-2020-3297
 	RESERVED
-CVE-2020-3296
-	RESERVED
-CVE-2020-3295
-	RESERVED
-CVE-2020-3294
-	RESERVED
-CVE-2020-3293
-	RESERVED
-CVE-2020-3292
-	RESERVED
-CVE-2020-3291
-	RESERVED
-CVE-2020-3290
-	RESERVED
-CVE-2020-3289
-	RESERVED
-CVE-2020-3288
-	RESERVED
-CVE-2020-3287
-	RESERVED
-CVE-2020-3286
-	RESERVED
+CVE-2020-3296 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3295 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3294 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3293 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3292 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3291 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3290 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3289 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3288 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3287 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3286 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
 CVE-2020-3285 (A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3)  ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3284
@@ -29060,18 +29072,18 @@ CVE-2020-3281 (A vulnerability in the audit logging component of Cisco Digital N
 	NOT-FOR-US: Cisco
 CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of Cisco Unifi ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3279
-	RESERVED
-CVE-2020-3278
-	RESERVED
-CVE-2020-3277
-	RESERVED
-CVE-2020-3276
-	RESERVED
-CVE-2020-3275
-	RESERVED
-CVE-2020-3274
-	RESERVED
+CVE-2020-3279 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3278 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3277 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3276 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3275 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3274 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
 CVE-2020-3273 (A vulnerability in the 802.11 Generic Advertisement Service (GAS) fram ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3272 (A vulnerability in the DHCP server of Cisco Prime Network Registrar co ...)
@@ -29080,10 +29092,10 @@ CVE-2020-3271
 	RESERVED
 CVE-2020-3270
 	RESERVED
-CVE-2020-3269
-	RESERVED
-CVE-2020-3268
-	RESERVED
+CVE-2020-3269 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
+CVE-2020-3268 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+	TODO: check
 CVE-2020-3267 (A vulnerability in the API subsystem of Cisco Unified Contact Center E ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3266 (A vulnerability in the CLI of Cisco SD-WAN Solution software could all ...)
@@ -29092,8 +29104,8 @@ CVE-2020-3265 (A vulnerability in Cisco SD-WAN Solution software could allow an
 	NOT-FOR-US: Cisco
 CVE-2020-3264 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3263
-	RESERVED
+CVE-2020-3263 (A vulnerability in Cisco Webex Meetings Desktop App could allow an una ...)
+	TODO: check
 CVE-2020-3262 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3261 (A vulnerability in the web-based management interface of Cisco Mobilit ...)
@@ -29128,16 +29140,16 @@ CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director an
 	NOT-FOR-US: Cisco
 CVE-2020-3246 (A vulnerability in the web server of Cisco Umbrella could allow an una ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3245
-	RESERVED
-CVE-2020-3244
-	RESERVED
+CVE-2020-3245 (A vulnerability in the web application of Cisco Smart Software Manager ...)
+	TODO: check
+CVE-2020-3244 (A vulnerability in the Enhanced Charging Service (ECS) functionality o ...)
+	TODO: check
 CVE-2020-3243 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3242
-	RESERVED
-CVE-2020-3241
-	RESERVED
+CVE-2020-3242 (A vulnerability in the REST API of Cisco UCS Director could allow an a ...)
+	TODO: check
+CVE-2020-3241 (A vulnerability in the orchestration tasks of Cisco UCS Director could ...)
+	TODO: check
 CVE-2020-3240 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3239 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
@@ -29146,8 +29158,8 @@ CVE-2020-3238 (A vulnerability in the Cisco Application Framework component of t
 	NOT-FOR-US: Cisco
 CVE-2020-3237 (A vulnerability in the Cisco Application Framework component of the Ci ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3236
-	RESERVED
+CVE-2020-3236 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...)
+	TODO: check
 CVE-2020-3235 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
 	NOT-FOR-US: Cisco
 CVE-2020-3234 (A vulnerability in the virtual console authentication of Cisco IOS Sof ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32597bd42698ab9aeecaee4757befb884399ad22

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/32597bd42698ab9aeecaee4757befb884399ad22
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200618/4ae41299/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list