Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 683ed1a0 by Salvatore Bonaccorso at 2020-09-04T22:22:18+02:00 Process NFUs - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -499,7 +499,7 @@ CVE-2020-24965 CVE-2020-24964 RESERVED CVE-2020-24963 (An Authenticated Persistent XSS vulnerability was discovered in the Be ...) - TODO: check + NOT-FOR-US: Best Support System CVE-2020-24962 RESERVED CVE-2020-24961 @@ -2856,7 +2856,7 @@ CVE-2020-23836 (A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.p CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...) NOT-FOR-US: SourceCodester Tailor Management System CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time Logic ...) - TODO: check + NOT-FOR-US: Real Time Logic BarracudaDrive CVE-2020-23833 RESERVED CVE-2020-23832 @@ -23952,7 +23952,7 @@ CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS CVE-2020-14009 RESERVED CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows an auth ...) - TODO: check + NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) NOT-FOR-US: Solarwinds CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) @@ -41315,7 +41315,7 @@ CVE-2020-7732 CVE-2020-7731 RESERVED CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Injection v ...) - TODO: check + NOT-FOR-US: bestzip nodejs module CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...) TODO: check CVE-2020-7728 @@ -42083,9 +42083,9 @@ CVE-2020-7384 CVE-2020-7383 RESERVED CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted ...) - TODO: check + NOT-FOR-US: Rapid7 Nexpose installer CVE-2020-7381 (In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose inst ...) - TODO: check + NOT-FOR-US: Rapid7 Nexpose installer CVE-2020-7380 RESERVED CVE-2020-7379 @@ -42249,7 +42249,7 @@ CVE-2020-7301 (Cross Site scripting vulnerability in McAfee Data Loss Prevention CVE-2020-7300 (Improper Authorization vulnerability in McAfee Data Loss Prevention (D ...) NOT-FOR-US: McAfee CVE-2020-7299 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) - TODO: check + NOT-FOR-US: McAfee CVE-2020-7298 (Unexpected behavior violation in McAfee Total Protection (MTP) prior t ...) NOT-FOR-US: McAfee CVE-2020-7297 @@ -42668,7 +42668,7 @@ CVE-2020-7121 CVE-2020-7120 RESERVED CVE-2020-7119 (A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4 HW-Based ...) - TODO: check + NOT-FOR-US: Aruba CVE-2020-7118 RESERVED CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...) @@ -47102,13 +47102,13 @@ CVE-2020-5381 CVE-2020-5380 RESERVED CVE-2020-5379 (Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot ...) - TODO: check + NOT-FOR-US: Dell CVE-2020-5378 (Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot ...) - TODO: check + NOT-FOR-US: Dell CVE-2020-5377 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior ...) NOT-FOR-US: EMC CVE-2020-5376 (Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot ...) - TODO: check + NOT-FOR-US: Dell CVE-2020-5375 RESERVED CVE-2020-5374 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...) @@ -49062,7 +49062,7 @@ CVE-2020-4704 CVE-2020-4703 RESERVED CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4701 RESERVED CVE-2020-4700 @@ -49202,7 +49202,7 @@ CVE-2020-4634 CVE-2020-4633 RESERVED CVE-2020-4632 (IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-sid ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-de ...) NOT-FOR-US: IBM CVE-2020-4630 @@ -49376,7 +49376,7 @@ CVE-2020-4547 CVE-2020-4546 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4545 (IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbi ...) - TODO: check + NOT-FOR-US: IBM CVE-2020-4544 RESERVED CVE-2020-4543 @@ -52572,19 +52572,19 @@ CVE-2020-3549 CVE-2020-3548 RESERVED CVE-2020-3547 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3545 (A vulnerability in Cisco FXOS Software could allow an authenticated, l ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3544 RESERVED CVE-2020-3543 RESERVED CVE-2020-3542 (A vulnerability in Cisco Webex Training could allow an authenticated, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3541 (A vulnerability in the media engine component of Cisco Webex Meetings ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3540 RESERVED CVE-2020-3539 @@ -52592,7 +52592,7 @@ CVE-2020-3539 CVE-2020-3538 RESERVED CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could allow an au ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3536 RESERVED CVE-2020-3535 @@ -52606,7 +52606,7 @@ CVE-2020-3532 CVE-2020-3531 RESERVED CVE-2020-3530 (A vulnerability in task group assignment for a specific CLI command in ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3529 RESERVED CVE-2020-3528 @@ -52670,13 +52670,13 @@ CVE-2020-3500 (A vulnerability in the IPv6 implementation of Cisco StarOS could CVE-2020-3499 RESERVED CVE-2020-3498 (A vulnerability in Cisco Jabber software could allow an authenticated, ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3497 RESERVED CVE-2020-3496 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...) NOT-FOR-US: Cisco CVE-2020-3495 (A vulnerability in Cisco Jabber for Windows could allow an authenticat ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3494 RESERVED CVE-2020-3493 @@ -52713,7 +52713,7 @@ CVE-2020-3480 CVE-2020-3479 RESERVED CVE-2020-3478 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3477 RESERVED CVE-2020-3476 @@ -52723,7 +52723,7 @@ CVE-2020-3475 CVE-2020-3474 RESERVED CVE-2020-3473 (A vulnerability in task group assignment for a specific CLI command in ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings could ...) NOT-FOR-US: Cisco CVE-2020-3471 @@ -52763,11 +52763,11 @@ CVE-2020-3455 CVE-2020-3454 (A vulnerability in the Call Home feature of Cisco NX-OS Software could ...) NOT-FOR-US: Cisco CVE-2020-3453 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3452 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3451 (Multiple vulnerabilities in the web-based management interface of Cisc ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2020-3449 (A vulnerability in the Border Gateway Protocol (BGP) additional paths ...) @@ -52809,7 +52809,7 @@ CVE-2020-3432 CVE-2020-3431 RESERVED CVE-2020-3430 (A vulnerability in the application protocol handling features of Cisco ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3429 RESERVED CVE-2020-3428 @@ -52939,7 +52939,7 @@ CVE-2020-3367 CVE-2020-3366 RESERVED CVE-2020-3365 (A vulnerability in the directory permissions of Cisco Enterprise NFV I ...) - TODO: check + NOT-FOR-US: Cisco CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality of the ...) NOT-FOR-US: Cisco CVE-2020-3363 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...) @@ -56934,23 +56934,23 @@ CVE-2020-1896 CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...) NOT-FOR-US: Instagram for Android CVE-2020-1894 (A stack write overflow in WhatsApp for Android prior to v2.20.35, What ...) - TODO: check + NOT-FOR-US: WhatsApp CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...) - hhvm <removed> CVE-2020-1892 (Insufficient boundary checks when decoding JSON in JSON_parser allows ...) - hhvm <removed> CVE-2020-1891 (A user controlled parameter used in video call in WhatsApp for Android ...) - TODO: check + NOT-FOR-US: WhatsApp CVE-2020-1890 (A URL validation issue in WhatsApp for Android prior to v2.20.11 and W ...) - TODO: check + NOT-FOR-US: WhatsApp CVE-2020-1889 (A security feature bypass issue in WhatsApp Desktop versions prior to ...) - TODO: check + NOT-FOR-US: WhatsApp CVE-2020-1888 (Insufficient boundary checks when decoding JSON in handleBackslash rea ...) - hhvm <removed> CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions after ...) - osquery <itp> (bug #803502) CVE-2020-1886 (A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsA ...) - TODO: check + NOT-FOR-US: WhatsApp CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...) NOT-FOR-US: Oculus Desktop CVE-2019-19512 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683ed1a0691f10ba2e7fff95bcc64ef42f678397 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683ed1a0691f10ba2e7fff95bcc64ef42f678397 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits