Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
683ed1a0 by Salvatore Bonaccorso at 2020-09-04T22:22:18+02:00
Process NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -499,7 +499,7 @@ CVE-2020-24965
CVE-2020-24964
RESERVED
CVE-2020-24963 (An Authenticated Persistent XSS vulnerability was discovered
in the Be ...)
- TODO: check
+ NOT-FOR-US: Best Support System
CVE-2020-24962
RESERVED
CVE-2020-24961
@@ -2856,7 +2856,7 @@ CVE-2020-23836 (A Cross-Site Request Forgery (CSRF)
vulnerability in edit_user.p
CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the
index.php ...)
NOT-FOR-US: SourceCodester Tailor Management System
CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real
Time Logic ...)
- TODO: check
+ NOT-FOR-US: Real Time Logic BarracudaDrive
CVE-2020-23833
RESERVED
CVE-2020-23832
@@ -23952,7 +23952,7 @@ CVE-2020-14010 (The Laborator Xenon theme 1.3 for
WordPress allows Reflected XSS
CVE-2020-14009
RESERVED
CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows
an auth ...)
- TODO: check
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion
Platform HF ...)
NOT-FOR-US: Solarwinds
CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion
Platform HF ...)
@@ -41315,7 +41315,7 @@ CVE-2020-7732
CVE-2020-7731
RESERVED
CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command
Injection v ...)
- TODO: check
+ NOT-FOR-US: bestzip nodejs module
CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code
Execut ...)
TODO: check
CVE-2020-7728
@@ -42083,9 +42083,9 @@ CVE-2020-7384
CVE-2020-7383
RESERVED
CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an
Unquoted ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Nexpose installer
CVE-2020-7381 (In Rapid7 Nexpose installer versions prior to 6.6.40, the
Nexpose inst ...)
- TODO: check
+ NOT-FOR-US: Rapid7 Nexpose installer
CVE-2020-7380
RESERVED
CVE-2020-7379
@@ -42249,7 +42249,7 @@ CVE-2020-7301 (Cross Site scripting vulnerability in
McAfee Data Loss Prevention
CVE-2020-7300 (Improper Authorization vulnerability in McAfee Data Loss
Prevention (D ...)
NOT-FOR-US: McAfee
CVE-2020-7299 (Cleartext Storage of Sensitive Information in Memory
vulnerability in ...)
- TODO: check
+ NOT-FOR-US: McAfee
CVE-2020-7298 (Unexpected behavior violation in McAfee Total Protection (MTP)
prior t ...)
NOT-FOR-US: McAfee
CVE-2020-7297
@@ -42668,7 +42668,7 @@ CVE-2020-7121
CVE-2020-7120
RESERVED
CVE-2020-7119 (A vulnerability exists in the Aruba ClearPass C1000 S-1200 R4
HW-Based ...)
- TODO: check
+ NOT-FOR-US: Aruba
CVE-2020-7118
RESERVED
CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has
an aut ...)
@@ -47102,13 +47102,13 @@ CVE-2020-5381
CVE-2020-5380
RESERVED
CVE-2020-5379 (Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI
BIOS Boot ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5378 (Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI
BIOS Boot ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5377 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.4
and prior ...)
NOT-FOR-US: EMC
CVE-2020-5376 (Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI
BIOS Boot ...)
- TODO: check
+ NOT-FOR-US: Dell
CVE-2020-5375
RESERVED
CVE-2020-5374 (Dell EMC OpenManage Integration for Microsoft System Center
(OMIMSSC) ...)
@@ -49062,7 +49062,7 @@ CVE-2020-4704
CVE-2020-4703
RESERVED
CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored
cross-s ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4701
RESERVED
CVE-2020-4700
@@ -49202,7 +49202,7 @@ CVE-2020-4634
CVE-2020-4633
RESERVED
CVE-2020-4632 (IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to
server-sid ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in
non-de ...)
NOT-FOR-US: IBM
CVE-2020-4630
@@ -49376,7 +49376,7 @@ CVE-2020-4547
CVE-2020-4546 (IBM Jazz Team Server based Applications are vulnerable to
cross-site s ...)
NOT-FOR-US: IBM
CVE-2020-4545 (IBM Aspera Connect 3.9.9 could allow a remote attacker to
execute arbi ...)
- TODO: check
+ NOT-FOR-US: IBM
CVE-2020-4544
RESERVED
CVE-2020-4543
@@ -52572,19 +52572,19 @@ CVE-2020-3549
CVE-2020-3548
RESERVED
CVE-2020-3547 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco
AsyncOS ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3545 (A vulnerability in Cisco FXOS Software could allow an
authenticated, l ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3544
RESERVED
CVE-2020-3543
RESERVED
CVE-2020-3542 (A vulnerability in Cisco Webex Training could allow an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3541 (A vulnerability in the media engine component of Cisco Webex
Meetings ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3540
RESERVED
CVE-2020-3539
@@ -52592,7 +52592,7 @@ CVE-2020-3539
CVE-2020-3538
RESERVED
CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could
allow an au ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3536
RESERVED
CVE-2020-3535
@@ -52606,7 +52606,7 @@ CVE-2020-3532
CVE-2020-3531
RESERVED
CVE-2020-3530 (A vulnerability in task group assignment for a specific CLI
command in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3529
RESERVED
CVE-2020-3528
@@ -52670,13 +52670,13 @@ CVE-2020-3500 (A vulnerability in the IPv6
implementation of Cisco StarOS could
CVE-2020-3499
RESERVED
CVE-2020-3498 (A vulnerability in Cisco Jabber software could allow an
authenticated, ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3497
RESERVED
CVE-2020-3496 (A vulnerability in the IPv6 packet processing engine of Cisco
Small Bu ...)
NOT-FOR-US: Cisco
CVE-2020-3495 (A vulnerability in Cisco Jabber for Windows could allow an
authenticat ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3494
RESERVED
CVE-2020-3493
@@ -52713,7 +52713,7 @@ CVE-2020-3480
CVE-2020-3479
RESERVED
CVE-2020-3478 (A vulnerability in the REST API of Cisco Enterprise NFV
Infrastructure ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3477
RESERVED
CVE-2020-3476
@@ -52723,7 +52723,7 @@ CVE-2020-3475
CVE-2020-3474
RESERVED
CVE-2020-3473 (A vulnerability in task group assignment for a specific CLI
command in ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings
could ...)
NOT-FOR-US: Cisco
CVE-2020-3471
@@ -52763,11 +52763,11 @@ CVE-2020-3455
CVE-2020-3454 (A vulnerability in the Call Home feature of Cisco NX-OS
Software could ...)
NOT-FOR-US: Cisco
CVE-2020-3453 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3452 (A vulnerability in the web services interface of Cisco Adaptive
Securi ...)
NOT-FOR-US: Cisco
CVE-2020-3451 (Multiple vulnerabilities in the web-based management interface
of Cisc ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco
Vision ...)
NOT-FOR-US: Cisco
CVE-2020-3449 (A vulnerability in the Border Gateway Protocol (BGP) additional
paths ...)
@@ -52809,7 +52809,7 @@ CVE-2020-3432
CVE-2020-3431
RESERVED
CVE-2020-3430 (A vulnerability in the application protocol handling features
of Cisco ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3429
RESERVED
CVE-2020-3428
@@ -52939,7 +52939,7 @@ CVE-2020-3367
CVE-2020-3366
RESERVED
CVE-2020-3365 (A vulnerability in the directory permissions of Cisco
Enterprise NFV I ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality
of the ...)
NOT-FOR-US: Cisco
CVE-2020-3363 (A vulnerability in the IPv6 packet processing engine of Cisco
Small Bu ...)
@@ -56934,23 +56934,23 @@ CVE-2020-1896
CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when
attemp ...)
NOT-FOR-US: Instagram for Android
CVE-2020-1894 (A stack write overflow in WhatsApp for Android prior to
v2.20.35, What ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse
reads out ...)
- hhvm <removed>
CVE-2020-1892 (Insufficient boundary checks when decoding JSON in JSON_parser
allows ...)
- hhvm <removed>
CVE-2020-1891 (A user controlled parameter used in video call in WhatsApp for
Android ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2020-1890 (A URL validation issue in WhatsApp for Android prior to
v2.20.11 and W ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2020-1889 (A security feature bypass issue in WhatsApp Desktop versions
prior to ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2020-1888 (Insufficient boundary checks when decoding JSON in
handleBackslash rea ...)
- hhvm <removed>
CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery
versions after ...)
- osquery <itp> (bug #803502)
CVE-2020-1886 (A buffer overflow in WhatsApp for Android prior to v2.20.11 and
WhatsA ...)
- TODO: check
+ NOT-FOR-US: WhatsApp
CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe
process ...)
NOT-FOR-US: Oculus Desktop
CVE-2019-19512
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683ed1a0691f10ba2e7fff95bcc64ef42f678397
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/683ed1a0691f10ba2e7fff95bcc64ef42f678397
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
