[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Wed Oct 21 21:15:43 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ded19317 by Salvatore Bonaccorso at 2020-10-21T22:15:22+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,29 +1,29 @@
CVE-2020-27613 (The installation procedure in BigBlueButton before 2.2.17 uses ClueCon ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27612 (Greenlight in BigBlueButton through 2.2.28 places usernames in room UR ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27611 (BigBlueButton through 2.2.28 uses STUN/TURN resources from a third par ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27610 (The installation procedure in BigBlueButton before 2.2.28 (or earlier) ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27609 (BigBlueButton through 2.2.28 records a video meeting despite the deact ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27608 (In BigBlueButton before 2.2.6, uploaded presentations are sent to clie ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27607 (In BigBlueButton before 2.2.28 (or earlier), the client-side Mute butt ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27606 (BigBlueButton before 2.2.28 (or earlier) does not set the secure flag ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27605 (BigBlueButton through 2.2.28 uses Ghostscript for processing of upload ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27604 (BigBlueButton before 2.3 does not implement LibreOffice sandboxing. Th ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27603 (BigBlueButton before 2.2.27 has an unsafe JODConverter setting in whic ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27602 (BigBlueButton before 2.2.7 does not have a protection mechanism for se ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-27601 (In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat do ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-XXXX [Rogue guests can cause DoS of Dom0 via high frequency events]
- linux <unfixed>
NOTE: https://xenbits.xen.org/xsa/advisory-332.html
@@ -3764,7 +3764,7 @@ CVE-2020-25822
CVE-2020-25821 (** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer ...)
NOT-FOR-US: peg-markdown
CVE-2020-25820 (BigBlueButton before 2.2.27 allows remote authenticated users to read ...)
- TODO: check
+ NOT-FOR-US: BigBlueButton
CVE-2020-25819
RESERVED
CVE-2020-25818
@@ -21080,7 +21080,7 @@ CVE-2020-17383
CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x801 ...)
NOT-FOR-US: MSI AmbientLink MsIo64 driver
CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...)
- TODO: check
+ NOT-FOR-US: Ghisler Total Commander
CVE-2020-17380 [heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c]
RESERVED
- qemu <unfixed> (bug #970937)
@@ -26888,21 +26888,21 @@ CVE-2020-14903
CVE-2020-14902
RESERVED
CVE-2020-14901 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14900 (Vulnerability in the Oracle Application Express Group Calendar compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14899 (Vulnerability in the Oracle Application Express Data Reporter componen ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14898 (Vulnerability in the Oracle Application Express Packaged Apps componen ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14897 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14896 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14895 (Vulnerability in the Oracle Utilities Framework product of Oracle Util ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14894 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14893 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14892 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -26910,13 +26910,13 @@ CVE-2020-14892 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
CVE-2020-14891 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14890 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14889 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.16-dfsg-1
CVE-2020-14888 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14887 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14886 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.16-dfsg-1
CVE-2020-14885 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
@@ -26924,23 +26924,23 @@ CVE-2020-14885 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
CVE-2020-14884 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.16-dfsg-1
CVE-2020-14883 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14882 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14881 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.16-dfsg-1
CVE-2020-14880 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14879 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14878 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14877 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14876 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
- mysql-8.0 <unfixed>
CVE-2020-14875 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14874
RESERVED
CVE-2020-14873 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -26948,7 +26948,7 @@ CVE-2020-14873 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2020-14872 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.16-dfsg-1
CVE-2020-14871 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14870 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14869 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
@@ -26962,35 +26962,35 @@ CVE-2020-14867 (Vulnerability in the MySQL Server product of Oracle MySQL (compo
CVE-2020-14866 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14865 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection pr ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14864 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14863 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14862 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14861 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14860 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14859 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14858 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14857 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14856 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14855 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14854 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14853 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14852 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-8.0 <unfixed>
CVE-2020-14851 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14850 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
TODO: check
CVE-2020-14849 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded1931766d1c45e13827e90e1300e7bd8e309e2
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ded1931766d1c45e13827e90e1300e7bd8e309e2
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201021/1fd67ec9/attachment.html>
More information about the debian-security-tracker-commits
mailing list