[Git][security-tracker-team/security-tracker][master] Process some NFUs
Salvatore Bonaccorso
carnil at debian.org
Thu Sep 24 21:24:10 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
cbdeeab0 by Salvatore Bonaccorso at 2020-09-24T22:23:54+02:00
Process some NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3761,7 +3761,7 @@ CVE-2020-24367
CVE-2020-24366
RESERVED
CVE-2020-24365 (An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-12 ...)
- TODO: check
+ NOT-FOR-US: Gemtek devices
CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via the note ...)
NOT-FOR-US: MineTime
CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticat ...)
@@ -7617,7 +7617,7 @@ CVE-2020-22455
CVE-2020-22454
RESERVED
CVE-2020-22453 (Untis WebUntis before 2020.9.6 allows XSS in multiple functions that s ...)
- TODO: check
+ NOT-FOR-US: Untis WebUntis
CVE-2020-22452
RESERVED
CVE-2020-22451
@@ -20377,9 +20377,9 @@ CVE-2020-16150 (A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in lib
CVE-2020-16149
REJECTED
CVE-2020-16148 (The ping page of the administration panel in Telmat AccessLog <= 6. ...)
- TODO: check
+ NOT-FOR-US: Telmat AccessLog
CVE-2020-16147 (The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an ...)
- TODO: check
+ NOT-FOR-US: Telmat AccessLog
CVE-2020-16146
RESERVED
CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ...)
@@ -20880,7 +20880,7 @@ CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during upda
CVE-2020-15931
RESERVED
CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...)
- TODO: check
+ NOT-FOR-US: Joplin desktop
CVE-2020-15929
RESERVED
CVE-2020-15928
@@ -21097,7 +21097,7 @@ CVE-2020-15842 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack
CVE-2020-15841 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7 ...)
NOT-FOR-US: Liferay
CVE-2020-15840 (In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP ...)
- TODO: check
+ NOT-FOR-US: Liferay
CVE-2020-15839 (Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 an ...)
NOT-FOR-US: Liferay
CVE-2020-15838
@@ -28310,7 +28310,7 @@ CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authenticatio
CVE-2020-13120
RESERVED
CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to clickjacking. ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...)
NOT-FOR-US: Mikrotik-Router-Monitoring-System
CVE-2020-13117
@@ -28941,19 +28941,19 @@ CVE-2020-12845 (Cherokee 0.4.27 to 1.2.104 is affected by a denial of service du
CVE-2020-12844
RESERVED
CVE-2020-12843 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12842 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12841 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12840 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12839 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12838 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12837 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...)
- TODO: check
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12836
RESERVED
CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to ...)
@@ -29011,13 +29011,13 @@ CVE-2020-12820
CVE-2020-12819
RESERVED
CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before 6.4.1 may al ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12817 (An improper neutralization of input vulnerability in FortiAnalyzer bef ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12816 (An improper neutralization of input vulnerability in FortiNAC before 8 ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12815 (An improper neutralization of input vulnerability in FortiTester befor ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12814
RESERVED
CVE-2020-12813
@@ -29025,7 +29025,7 @@ CVE-2020-12813
CVE-2020-12812 (An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, ...)
NOT-FOR-US: Fortinet
CVE-2020-12811 (An improper neutralization of script-related HTML tags in a web page i ...)
- TODO: check
+ NOT-FOR-US: FortiGuard
CVE-2020-12810
RESERVED
CVE-2020-12809
@@ -30492,11 +30492,11 @@ CVE-2016-11054 (NETGEAR DGN2200v4 devices before 2017-01-06 are affected by comm
CVE-2020-12283 (Sourcegraph before 3.15.1 has a vulnerable authentication workflow bec ...)
NOT-FOR-US: Sourcegraph
CVE-2020-12282 (iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in ...)
- TODO: check
+ NOT-FOR-US: iSmartgate PRO
CVE-2020-12281 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
- TODO: check
+ NOT-FOR-US: iSmartgate PRO
CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
- TODO: check
+ NOT-FOR-US: iSmartgate PRO
CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
- libgit2 0.28.4+dfsg.1-2
[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
@@ -54584,9 +54584,9 @@ CVE-2020-3562
CVE-2020-3561
RESERVED
CVE-2020-3560 (A vulnerability in Cisco Aironet Access Points (APs) could allow an un ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3559 (A vulnerability in Cisco Aironet Access Point (AP) Software could allo ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3558
RESERVED
CVE-2020-3557
@@ -54600,7 +54600,7 @@ CVE-2020-3554
CVE-2020-3553
RESERVED
CVE-2020-3552 (A vulnerability in the Ethernet packet handling of Cisco Aironet Acces ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3551
RESERVED
CVE-2020-3550
@@ -54650,13 +54650,13 @@ CVE-2020-3529
CVE-2020-3528
RESERVED
CVE-2020-3527 (A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Sw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3526 (A vulnerability in the Common Open Policy Service (COPS) engine of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3525
RESERVED
CVE-2020-3524 (A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3523 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
NOT-FOR-US: Cisco
CVE-2020-3522 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
@@ -54672,23 +54672,23 @@ CVE-2020-3518 (A vulnerability in the web-based management interface of Cisco Da
CVE-2020-3517 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
NOT-FOR-US: Cisco
CVE-2020-3516 (A vulnerability in the web server authentication of Cisco IOS XE Softw ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3515
RESERVED
CVE-2020-3514
RESERVED
CVE-2020-3513 (Multiple vulnerabilities in the initialization routines that are execu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3512 (A vulnerability in the PROFINET handler for Link Layer Discovery Proto ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3511 (A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3510 (A vulnerability in the Umbrella Connector component of Cisco IOS XE So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3509 (A vulnerability in the DHCP message handler of Cisco IOS XE Software f ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3508 (A vulnerability in the IP Address Resolution Protocol (ARP) feature of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3507 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...)
NOT-FOR-US: Cisco
CVE-2020-3506 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...)
@@ -54698,7 +54698,7 @@ CVE-2020-3505 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Su
CVE-2020-3504 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...)
NOT-FOR-US: Cisco
CVE-2020-3503 (A vulnerability in the file system permissions of Cisco IOS XE Softwar ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
NOT-FOR-US: Cisco
CVE-2020-3501 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
@@ -54710,29 +54710,29 @@ CVE-2020-3499
CVE-2020-3498 (A vulnerability in Cisco Jabber software could allow an authenticated, ...)
NOT-FOR-US: Cisco
CVE-2020-3497 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3496 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...)
NOT-FOR-US: Cisco
CVE-2020-3495 (A vulnerability in Cisco Jabber for Windows could allow an authenticat ...)
NOT-FOR-US: Cisco
CVE-2020-3494 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3493 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3492 (A vulnerability in the Flexible NetFlow Version 9 packet processor of ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3491 (A vulnerability in the web-based management interface of Cisco Vision ...)
NOT-FOR-US: Cisco
CVE-2020-3490 (A vulnerability in the web-based management interface of Cisco Vision ...)
NOT-FOR-US: Cisco
CVE-2020-3489 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3488 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3487 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3486 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3485 (A vulnerability in the role-based access control (RBAC) functionality ...)
NOT-FOR-US: Cisco
CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco Vision ...)
@@ -54747,19 +54747,19 @@ CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam AntiVir
[buster] - clamav 0.102.4+dfsg-0+deb10u1
NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
CVE-2020-3480 (Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3479 (A vulnerability in the implementation of Multiprotocol Border Gateway ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3478 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...)
NOT-FOR-US: Cisco
CVE-2020-3477 (A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3476 (A vulnerability in the CLI implementation of a specific command of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3475 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3474 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3473 (A vulnerability in task group assignment for a specific CLI command in ...)
NOT-FOR-US: Cisco
CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings could ...)
@@ -54777,7 +54777,7 @@ CVE-2020-3467
CVE-2020-3466 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2020-3465 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
NOT-FOR-US: Cisco
CVE-2020-3463 (A vulnerability in the web-based management interface of Cisco Webex M ...)
@@ -54849,37 +54849,37 @@ CVE-2020-3431
CVE-2020-3430 (A vulnerability in the application protocol handling features of Cisco ...)
NOT-FOR-US: Cisco
CVE-2020-3429 (A vulnerability in the WPA2 and WPA3 security implementation of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3428 (A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3427
RESERVED
CVE-2020-3426 (A vulnerability in the implementation of the Low Power, Wide Area (LPW ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3425 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3424
RESERVED
CVE-2020-3423 (A vulnerability in the implementation of the Lua interpreter that is i ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3422 (A vulnerability in the IP Service Level Agreement (SLA) responder feat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3421 (Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3420
RESERVED
CVE-2020-3419
RESERVED
CVE-2020-3418 (A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3417 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3416 (Multiple vulnerabilities in the initialization routines that are execu ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3415 (A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Sof ...)
NOT-FOR-US: Cisco
CVE-2020-3414 (A vulnerability in the packet processing of Cisco IOS XE Software for ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of Cisco Web ...)
NOT-FOR-US: Cisco
CVE-2020-3412 (A vulnerability in the scheduled meeting template feature of Cisco Web ...)
@@ -54889,45 +54889,45 @@ CVE-2020-3411 (A vulnerability in Cisco DNA Center software could allow an unaut
CVE-2020-3410
RESERVED
CVE-2020-3409 (A vulnerability in the PROFINET feature of Cisco IOS Software and Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3408 (A vulnerability in the Split DNS feature of Cisco IOS Software and Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3407 (A vulnerability in the RESTCONF and NETCONF-YANG access control list ( ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3406 (A vulnerability in the web-based management interface of the Cisco SD- ...)
NOT-FOR-US: Cisco
CVE-2020-3405 (A vulnerability in the web UI of Cisco SD-WAN vManage Software could a ...)
NOT-FOR-US: Cisco
CVE-2020-3404 (A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cis ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3403 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3402 (A vulnerability in the Java Remote Method Invocation (RMI) interface o ...)
NOT-FOR-US: Cisco
CVE-2020-3401 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
NOT-FOR-US: Cisco
CVE-2020-3400 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3399 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3398 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...)
NOT-FOR-US: Cisco
CVE-2020-3397 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...)
NOT-FOR-US: Cisco
CVE-2020-3396 (A vulnerability in the file system on the pluggable USB 3.0 Solid Stat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3395
RESERVED
CVE-2020-3394 (A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Serie ...)
NOT-FOR-US: Cisco
CVE-2020-3393 (A vulnerability in the application-hosting subsystem of Cisco IOS XE S ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3392
RESERVED
CVE-2020-3391 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...)
NOT-FOR-US: Cisco
CVE-2020-3390 (A vulnerability in Simple Network Management Protocol (SNMP) trap gene ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3389 (A vulnerability in the installation component of Cisco Hyperflex HX-Se ...)
NOT-FOR-US: Cisco
CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
@@ -54989,7 +54989,7 @@ CVE-2020-3361 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings
CVE-2020-3360 (A vulnerability in the Web Access feature of Cisco IP Phones Series 78 ...)
NOT-FOR-US: Cisco
CVE-2020-3359 (A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE So ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3358 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisc ...)
NOT-FOR-US: Cisco
CVE-2020-3357 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco ...)
@@ -55437,7 +55437,7 @@ CVE-2020-3143 (A vulnerability in the video endpoint API (xAPI) of Cisco TelePre
CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...)
NOT-FOR-US: Cisco
CVE-2020-3141 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3140 (A vulnerability in the web management interface of Cisco Prime License ...)
NOT-FOR-US: Cisco
CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbdeeab007204f9311866a312e887fd14ff5ace7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/cbdeeab007204f9311866a312e887fd14ff5ace7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200924/a52d353f/attachment.html>
More information about the debian-security-tracker-commits
mailing list