[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Nov 18 20:12:50 GMT 2024
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
e101a56f by security tracker role at 2024-11-18T20:12:44+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,161 @@
+CVE-2024-9526 (There exists a stored XSS Vulnerability in Kubeflow Pipeline View web ...)
+ TODO: check
+CVE-2024-9474 (A privilege escalation vulnerability in Palo Alto Networks PAN-OS soft ...)
+ TODO: check
+CVE-2024-8781 (Execution with Unnecessary Privileges, : Improper Protection of Altern ...)
+ TODO: check
+CVE-2024-52574 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-52573 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-52572 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-52571 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-52570 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-52569 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-52568 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-52567 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-52566 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-52565 (A vulnerability has been identified in Tecnomatix Plant Simulation V23 ...)
+ TODO: check
+CVE-2024-52436 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-52435 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-52434 (Improper Neutralization of Special Elements Used in a Template Engine ...)
+ TODO: check
+CVE-2024-52433 (Deserialization of Untrusted Data vulnerability in Mindstien Technolog ...)
+ TODO: check
+CVE-2024-52432 (Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd N ...)
+ TODO: check
+CVE-2024-52431 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-52430 (Deserialization of Untrusted Data vulnerability in Lis Lis Video Galle ...)
+ TODO: check
+CVE-2024-52429 (Unrestricted Upload of File with Dangerous Type vulnerability in Anton ...)
+ TODO: check
+CVE-2024-52428 (Improper Control of Filename for Include/Require Statement in PHP Prog ...)
+ TODO: check
+CVE-2024-52427 (Improper Neutralization of Special Elements Used in a Template Engine ...)
+ TODO: check
+CVE-2024-52426 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52425 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52424 (Cross-Site Request Forgery (CSRF) vulnerability in Suresh Kumar wp-log ...)
+ TODO: check
+CVE-2024-52423 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52422 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52419 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-52318 (Incorrect object recycling and reuse vulnerability in Apache Tomcat. ...)
+ TODO: check
+CVE-2024-52317 (Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. ...)
+ TODO: check
+CVE-2024-52316 (Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is ...)
+ TODO: check
+CVE-2024-52303 (aiohttp is an asynchronous HTTP client/server framework for asyncio an ...)
+ TODO: check
+CVE-2024-51743 (MarkUs is a web application for the submission and grading of student ...)
+ TODO: check
+CVE-2024-51499 (MarkUs is a web application for the submission and grading of student ...)
+ TODO: check
+CVE-2024-50919 (Jpress until v5.1.1 has arbitrary file uploads on the windows platform ...)
+ TODO: check
+CVE-2024-48917 (PhpSpreadsheet is a PHP library for reading and writing spreadsheet fi ...)
+ TODO: check
+CVE-2024-48901 (A vulnerability was found in Moodle. Additional checks are required to ...)
+ TODO: check
+CVE-2024-48898 (A vulnerability was found in Moodle. Users with access to delete audie ...)
+ TODO: check
+CVE-2024-48897 (A vulnerability was found in Moodle. Additional checks are required to ...)
+ TODO: check
+CVE-2024-48896 (A vulnerability was found in Moodle. It is possible for users with the ...)
+ TODO: check
+CVE-2024-48294 (A NULL pointer dereference in the component libPdfCore.dll of Wondersh ...)
+ TODO: check
+CVE-2024-48293 (Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and ear ...)
+ TODO: check
+CVE-2024-48292 (An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version ...)
+ TODO: check
+CVE-2024-47873 (PhpSpreadsheet is a PHP library for reading and writing spreadsheet fi ...)
+ TODO: check
+CVE-2024-47820 (MarkUs, a web application for the submission and grading of student as ...)
+ TODO: check
+CVE-2024-47533 (Cobbler, a Linux installation server that allows for rapid setup of ne ...)
+ TODO: check
+CVE-2024-44757 (An arbitrary file download vulnerability in the component /Basics/Down ...)
+ TODO: check
+CVE-2024-44756 (NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL ...)
+ TODO: check
+CVE-2024-43416 (GLPI is a free asset and IT management software package. Starting in v ...)
+ TODO: check
+CVE-2024-42392 (Improper Neutralization of Delimiters vulnerability in Cesanta Mongoos ...)
+ TODO: check
+CVE-2024-42391 (Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose W ...)
+ TODO: check
+CVE-2024-42390 (Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose W ...)
+ TODO: check
+CVE-2024-42389 (Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose W ...)
+ TODO: check
+CVE-2024-42388 (Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose W ...)
+ TODO: check
+CVE-2024-42387 (Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose W ...)
+ TODO: check
+CVE-2024-42386 (Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose W ...)
+ TODO: check
+CVE-2024-42385 (Improper Neutralization of Delimiters vulnerability in Cesanta Mongoos ...)
+ TODO: check
+CVE-2024-42384 (Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web S ...)
+ TODO: check
+CVE-2024-42383 (Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose W ...)
+ TODO: check
+CVE-2024-41974 (A low privileged remote attackermay modify the BACNet service properti ...)
+ TODO: check
+CVE-2024-41973 (A low privileged remote attacker canspecify an arbitrary file on the f ...)
+ TODO: check
+CVE-2024-41972 (A low privileged remote attacker canoverwrite an arbitrary file on the ...)
+ TODO: check
+CVE-2024-41971 (A low privileged remote attacker can overwrite an arbitrary file on th ...)
+ TODO: check
+CVE-2024-41970 (A low privileged remote attackermay gain access to forbidden diagnosti ...)
+ TODO: check
+CVE-2024-41969 (A low privileged remote attacker maymodify the configuration of the CO ...)
+ TODO: check
+CVE-2024-41968 (A low privileged remote attacker may modify the docker settings setup ...)
+ TODO: check
+CVE-2024-41967 (A low privileged remote attackermay modify the boot mode configuration ...)
+ TODO: check
+CVE-2024-3370 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
+ TODO: check
+CVE-2024-37155 (OpenCTI is an open source platform allowing organizations to manage th ...)
+ TODO: check
+CVE-2024-28058 (In RSA NetWitness (NW) Platform before 12.5.1, even when an administra ...)
+ TODO: check
+CVE-2024-11319 (Improper Neutralization of Input During Web Page Generation (XSS or 'C ...)
+ TODO: check
+CVE-2024-11318 (An IDOR (Insecure Direct Object Reference) vulnerability has been disc ...)
+ TODO: check
+CVE-2024-11304 (Missing input validation in the SEH Computertechnik utnserver Pro, SEH ...)
+ TODO: check
+CVE-2024-11303 (The pathname of the root directory to a Restricted Directory ('Path Tr ...)
+ TODO: check
+CVE-2024-11023 (Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store ...)
+ TODO: check
+CVE-2024-10390 (The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to un ...)
+ TODO: check
+CVE-2024-0012 (An authentication bypass in Palo Alto Networks PAN-OS software enables ...)
+ TODO: check
+CVE-2023-49952 (Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of ...)
+ TODO: check
CVE-2024-5030 (The CM Table Of Contents WordPress plugin before 1.2.3 does not have ...)
NOT-FOR-US: WordPress plugin
CVE-2024-52947 (A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.2 ...)
@@ -152,7 +310,7 @@ CVE-2024-51764 (A security vulnerability has been identified in HPE Data Managem
NOT-FOR-US: HPE
CVE-2024-50983 (FlightPath 7.5 contains a Cross Site Scripting (XSS) vulnerability, wh ...)
NOT-FOR-US: FlightPath
-CVE-2024-49592 (McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads ...)
+CVE-2024-49592 (Trial installer for McAfee Total Protection (legacy trial installer so ...)
NOT-FOR-US: McAfee
CVE-2024-49060 (Azure Stack HCI Elevation of Privilege Vulnerability)
NOT-FOR-US: Microsoft
@@ -213,15 +371,15 @@ CVE-2024-10017 (The PJW Mime Config plugin for WordPress is vulnerable to Stored
NOT-FOR-US: WordPress plugin
CVE-2024-10015 (The ConvertCalculator for WordPress plugin for WordPress is vulnerable ...)
NOT-FOR-US: WordPress plugin
-CVE-2024-41151
+CVE-2024-41151 (Deserialization of Untrusted Data vulnerability in Apache HertzBeat. ...)
NOT-FOR-US: Apache HertzBeat
-CVE-2024-45791
+CVE-2024-45791 (Exposure of Sensitive Information to an Unauthorized Actor vulnerabili ...)
NOT-FOR-US: Apache HertzBeat
-CVE-2024-45505
+CVE-2024-45505 (Improper Neutralization of Special Elements used in a Command ('Comman ...)
NOT-FOR-US: Apache HertzBeat
-CVE-2024-47208
+CVE-2024-47208 (Server-Side Request Forgery (SSRF), Improper Control of Generation of ...)
NOT-FOR-US: Apache OFBiz
-CVE-2024-48962
+CVE-2024-48962 (Improper Control of Generation of Code ('Code Injection'), Cross-Site ...)
NOT-FOR-US: Apache OFBiz
CVE-2024-52616 [Avahi Wide-Area DNS Predictable Transaction IDs]
- avahi <unfixed>
@@ -241,17 +399,17 @@ CVE-2024-52615 [Avahi Wide-Area DNS Uses Constant Source Port]
NOTE: turn off wide-area feature: https://github.com/avahi/avahi/pull/577
NOTE: Revisiting of feature: https://github.com/avahi/avahi/issues/578
NOTE: https://github.com/avahi/avahi/security/advisories/GHSA-x6vp-f33h-h32g
-CVE-2023-39180 [Linux Kernel ksmbd Read Request Memory Leak Denial-of-Service Vulnerability]
+CVE-2023-39180 (A flaw was found within the handling of SMB2_READ commands in the kern ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e202a1e8634b186da38cbbff85382ea2b9e297cf (6.5-rc4)
-CVE-2023-39179 [Linux Kernel ksmbd Read Request Out-Of-Bounds Read Information Disclosure Vulnerability]
+CVE-2023-39179 (A flaw was found within the handling of SMB2 read requests in the kern ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.55-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/e202a1e8634b186da38cbbff85382ea2b9e297cf (6.5-rc4)
-CVE-2023-39176 [Linux Kernel ksmbd Transform Header Out-Of-Bounds Read Information Disclosure Vulnerability]
+CVE-2023-39176 (A flaw was found within the parsing of SMB2 requests that have a trans ...)
- linux 6.5.3-1
[bookworm] - linux 6.1.52-1
[bullseye] - linux <not-affected> (Vulnerable code not present)
@@ -11515,7 +11673,7 @@ CVE-2024-47164 (Gradio is an open-source Python package designed for quick proto
NOT-FOR-US: Gradio
CVE-2024-47084 (Gradio is an open-source Python package designed for quick prototyping ...)
NOT-FOR-US: Gradio
-CVE-2024-21534 (Versions of the package jsonpath-plus before 10.0.7 are vulnerable to ...)
+CVE-2024-21534 (All versions of the package jsonpath-plus are vulnerable to Remote Cod ...)
NOT-FOR-US: Node jsonpath-plus
CVE-2024-9810 (A vulnerability was found in SourceCodester Record Management System 1 ...)
NOT-FOR-US: SourceCodester
@@ -35163,7 +35321,7 @@ CVE-2024-38473 (Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and e
NOTE: Regression [1/2] Fix: https://github.com/apache/httpd/commit/2f2f82a2225c5c3b6bb2fa4056541682e34763d4
NOTE: Regression [2/2] bug apache: https://bz.apache.org/bugzilla/show_bug.cgi?id=69203
NOTE: Regression [2/2] tracked at https://bugs.debian.org/1079171
-CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially leak NTML ...)
+CVE-2024-38472 (SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM ...)
- apache2 <not-affected> (Only affects Windows)
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2024-38472
NOTE: https://github.com/apache/httpd/commit/12542a80324b69ad6a1a489e1b697398551a5fe0
@@ -311830,16 +311988,16 @@ CVE-2021-1467 (A vulnerability in Cisco Webex Meetings for Android could allow a
NOT-FOR-US: Cisco
CVE-2021-1466 (A vulnerability in the vDaemon service of Cisco SD-WAN vManage So ...)
TODO: check
-CVE-2021-1465
- RESERVED
+CVE-2021-1465 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ TODO: check
CVE-2021-1464 (A vulnerability in Cisco SD-WAN vManage Software could allow an a ...)
TODO: check
CVE-2021-1463 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
-CVE-2021-1462
- RESERVED
-CVE-2021-1461
- RESERVED
+CVE-2021-1462 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could ...)
+ TODO: check
+CVE-2021-1461 (A vulnerability in the Image Signature Verification feature of Cisco&n ...)
+ TODO: check
CVE-2021-1460 (A vulnerability in the Cisco IOx Application Framework of Cisco 809 In ...)
NOT-FOR-US: Cisco
CVE-2021-1459 (A vulnerability in the web-based management interface of Cisco Small B ...)
@@ -311872,16 +312030,16 @@ CVE-2021-1446 (A vulnerability in the DNS application layer gateway (ALG) functi
NOT-FOR-US: Cisco
CVE-2021-1445 (Multiple vulnerabilities in Cisco Adaptive Security Appliance (ASA) So ...)
NOT-FOR-US: Cisco
-CVE-2021-1444
- RESERVED
+CVE-2021-1444 (A vulnerability in the web services interface of Cisco Adaptive S ...)
+ TODO: check
CVE-2021-1443 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
NOT-FOR-US: Cisco
CVE-2021-1442 (A vulnerability in a diagnostic command for the Plug-and-Play (PnP) su ...)
NOT-FOR-US: Cisco
CVE-2021-1441 (A vulnerability in the hardware initialization routines of Cisco IOS X ...)
NOT-FOR-US: Cisco
-CVE-2021-1440
- RESERVED
+CVE-2021-1440 (A vulnerability in the implementation of the Resource Public Key Infra ...)
+ TODO: check
CVE-2021-1439 (A vulnerability in the multicast DNS (mDNS) gateway feature of Cisco A ...)
NOT-FOR-US: Cisco
CVE-2021-1438 (A vulnerability in Cisco Wide Area Application Services (WAAS) Softwar ...)
@@ -311910,10 +312068,10 @@ CVE-2021-1427 (Multiple vulnerabilities in the install, uninstall, and upgrade p
NOT-FOR-US: Cisco
CVE-2021-1426 (Multiple vulnerabilities in the install, uninstall, and upgrade proces ...)
NOT-FOR-US: Cisco
-CVE-2021-1425
- RESERVED
-CVE-2021-1424
- RESERVED
+CVE-2021-1425 (A vulnerability in the web-based management interface of Cisco As ...)
+ TODO: check
+CVE-2021-1424 (A vulnerability in the ipsecmgr process of Cisco ASR 5000 Series ...)
+ TODO: check
CVE-2021-1423 (A vulnerability in the implementation of a CLI command in Cisco Airone ...)
NOT-FOR-US: Cisco
CVE-2021-1422 (A vulnerability in the software cryptography module of Cisco Adaptive ...)
@@ -311940,8 +312098,8 @@ CVE-2021-1412 (Multiple vulnerabilities in the Admin portal of Cisco Identity Se
NOT-FOR-US: Cisco
CVE-2021-1411 (Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for ...)
NOT-FOR-US: Cisco
-CVE-2021-1410
- RESERVED
+CVE-2021-1410 (A vulnerability in the distribution list feature of Cisco Webex M ...)
+ TODO: check
CVE-2021-1409 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
CVE-2021-1408 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -312008,8 +312166,8 @@ CVE-2021-1381 (A vulnerability in Cisco IOS XE Software could allow an authentic
NOT-FOR-US: Cisco
CVE-2021-1380 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2021-1379
- RESERVED
+CVE-2021-1379 (Multiple vulnerabilities in the Cisco Discovery Protocol and Link ...)
+ TODO: check
CVE-2021-1378 (A vulnerability in the SSH service of the Cisco StarOS operating syste ...)
NOT-FOR-US: Cisco
CVE-2021-1377 (A vulnerability in Address Resolution Protocol (ARP) management of Cis ...)
@@ -312196,8 +312354,8 @@ CVE-2021-1287 (A vulnerability in the web-based management interface of Cisco RV
NOT-FOR-US: Cisco
CVE-2021-1286 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2021-1285
- RESERVED
+CVE-2021-1285 (Multiple Cisco products are affected by a vulnerability in the Et ...)
+ TODO: check
CVE-2021-1284 (A vulnerability in the web-based messaging service interface of Cisco ...)
NOT-FOR-US: Cisco
CVE-2021-1283 (A vulnerability in the logging subsystem of Cisco Data Center Network ...)
@@ -312303,12 +312461,12 @@ CVE-2021-1236 (Multiple Cisco products are affected by a vulnerability in the Sn
NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-app-bypass-cSBYCATq
CVE-2021-1235 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...)
NOT-FOR-US: Cisco
-CVE-2021-1234
- RESERVED
+CVE-2021-1234 (A vulnerability in the cluster management interface of Cisco SD-W ...)
+ TODO: check
CVE-2021-1233 (A vulnerability in the CLI of Cisco SD-WAN Software could allow an aut ...)
NOT-FOR-US: Cisco
-CVE-2021-1232
- RESERVED
+CVE-2021-1232 (A vulnerability in the web-based management interface of Cisco SD ...)
+ TODO: check
CVE-2021-1231 (A vulnerability in the Link Layer Discovery Protocol (LLDP) for Nexus ...)
NOT-FOR-US: Cisco
CVE-2021-1230 (A vulnerability with the Border Gateway Protocol (BGP) for Cisco Nexus ...)
@@ -312511,8 +312669,8 @@ CVE-2021-1134 (A vulnerability in the Cisco Identity Services Engine (ISE) integ
NOT-FOR-US: Cisco
CVE-2021-1133 (Multiple vulnerabilities in the REST API endpoint of Cisco Data Center ...)
NOT-FOR-US: Cisco
-CVE-2021-1132
- RESERVED
+CVE-2021-1132 (A vulnerability in the API subsystem and in the web-management interfa ...)
+ TODO: check
CVE-2021-1131 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
NOT-FOR-US: Cisco
CVE-2021-1130 (A vulnerability in the web-based management interface of Cisco DNA Cen ...)
@@ -318867,8 +319025,8 @@ CVE-2020-27126 (A vulnerability in an API of Cisco Webex Meetings could allow an
NOT-FOR-US: Cisco
CVE-2020-27125 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...)
NOT-FOR-US: Cisco
-CVE-2020-27124
- RESERVED
+CVE-2020-27124 (A vulnerability in the SSL/TLS handler of Cisco Adaptive Security ...)
+ TODO: check
CVE-2020-27123 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
NOT-FOR-US: Cisco
CVE-2020-27122 (A vulnerability in the Microsoft Active Directory integration of Cisco ...)
@@ -321418,32 +321576,32 @@ CVE-2020-26076 (A vulnerability in Cisco IoT Field Network Director (FND) could
NOT-FOR-US: Cisco
CVE-2020-26075 (A vulnerability in the REST API of Cisco IoT Field Network Director (F ...)
NOT-FOR-US: Cisco
-CVE-2020-26074
- RESERVED
-CVE-2020-26073
- RESERVED
+CVE-2020-26074 (A vulnerability in system file transfer functions of Cisco SD-WAN ...)
+ TODO: check
+CVE-2020-26073 (A vulnerability in the application data endpoints of Cisco SD-WAN ...)
+ TODO: check
CVE-2020-26072 (A vulnerability in the SOAP API of Cisco IoT Field Network Director (F ...)
NOT-FOR-US: Cisco
-CVE-2020-26071
- RESERVED
+CVE-2020-26071 (A vulnerability in the CLI of Cisco SD-WAN Software could allow a ...)
+ TODO: check
CVE-2020-26070 (A vulnerability in the ingress packet processing function of Cisco IOS ...)
NOT-FOR-US: Cisco
CVE-2020-26069
RESERVED
CVE-2020-26068 (A vulnerability in the xAPI service of Cisco Telepresence CE Software ...)
NOT-FOR-US: Cisco
-CVE-2020-26067
- RESERVED
-CVE-2020-26066
- RESERVED
+CVE-2020-26067 (A vulnerability in the web-based interface of Cisco Webex Teams c ...)
+ TODO: check
+CVE-2020-26066 (A vulnerability in the web UI of Cisco SD-WAN vManage Software co ...)
+ TODO: check
CVE-2020-26065 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
NOT-FOR-US: Cisco
CVE-2020-26064 (A vulnerability in the web UI of Cisco SD-WAN vManage Software could a ...)
NOT-FOR-US: Cisco
-CVE-2020-26063
- RESERVED
-CVE-2020-26062
- RESERVED
+CVE-2020-26063 (A vulnerability in the API endpoints of Cisco Integrated Manageme ...)
+ TODO: check
+CVE-2020-26062 (A vulnerability in Cisco Integrated Management Controller could a ...)
+ TODO: check
CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock. ...)
{DLA-2420-1 DLA-2385-1}
- linux 5.7.17-1
@@ -378833,8 +378991,8 @@ CVE-2020-3550 (A vulnerability in the sfmgr daemon of Cisco Firepower Management
NOT-FOR-US: Cisco
CVE-2020-3549 (A vulnerability in the sftunnel functionality of Cisco Firepower Manag ...)
NOT-FOR-US: Cisco
-CVE-2020-3548
- RESERVED
+CVE-2020-3548 (A vulnerability in the Transport Layer Security (TLS) protocol impleme ...)
+ TODO: check
CVE-2020-3547 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
NOT-FOR-US: Cisco
CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
@@ -378851,10 +379009,10 @@ CVE-2020-3541 (A vulnerability in the media engine component of Cisco Webex Meet
NOT-FOR-US: Cisco
CVE-2020-3540
RESERVED
-CVE-2020-3539
- RESERVED
-CVE-2020-3538
- RESERVED
+CVE-2020-3539 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
+ TODO: check
+CVE-2020-3538 (A vulnerability in a certain REST API endpoint of Cisco Data Cent ...)
+ TODO: check
CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could allow an au ...)
NOT-FOR-US: Cisco
CVE-2020-3536 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
@@ -378865,8 +379023,8 @@ CVE-2020-3534
RESERVED
CVE-2020-3533 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
NOT-FOR-US: Cisco
-CVE-2020-3532
- RESERVED
+CVE-2020-3532 (A vulnerability in the web-based management interface of Cisco Un ...)
+ TODO: check
CVE-2020-3531 (A vulnerability in the REST API of Cisco IoT Field Network Director (F ...)
NOT-FOR-US: Cisco
CVE-2020-3530 (A vulnerability in task group assignment for a specific CLI command in ...)
@@ -378879,8 +379037,8 @@ CVE-2020-3527 (A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Seri
NOT-FOR-US: Cisco
CVE-2020-3526 (A vulnerability in the Common Open Policy Service (COPS) engine of Cis ...)
NOT-FOR-US: Cisco
-CVE-2020-3525
- RESERVED
+CVE-2020-3525 (A vulnerability in the Admin portal of Cisco Identity Services En ...)
+ TODO: check
CVE-2020-3524 (A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for ...)
NOT-FOR-US: Cisco
CVE-2020-3523 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
@@ -379070,8 +379228,8 @@ CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel o
NOT-FOR-US: Cisco
CVE-2020-3432
RESERVED
-CVE-2020-3431
- RESERVED
+CVE-2020-3431 (A vulnerability in the web-based management interface of Cisco Sm ...)
+ TODO: check
CVE-2020-3430 (A vulnerability in the application protocol handling features of Cisco ...)
NOT-FOR-US: Cisco
CVE-2020-3429 (A vulnerability in the WPA2 and WPA3 security implementation of Cisco ...)
@@ -379092,8 +379250,8 @@ CVE-2020-3422 (A vulnerability in the IP Service Level Agreement (SLA) responder
NOT-FOR-US: Cisco
CVE-2020-3421 (Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco I ...)
NOT-FOR-US: Cisco
-CVE-2020-3420
- RESERVED
+CVE-2020-3420 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ TODO: check
CVE-2020-3419 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...)
NOT-FOR-US: Cisco
CVE-2020-3418 (A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e101a56f606086fbc2b3f4bb0035708b3a941f81
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/e101a56f606086fbc2b3f4bb0035708b3a941f81
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20241118/eddaec2b/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list