Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
75dedc15 by security tracker role at 2020-04-28T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,45 +1,335 @@
-CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12,
the Task ...)
+CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections
that would ...)
TODO: check
-CVE-2020-12285
+CVE-2020-12428
RESERVED
-CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg
4.2.2 has a ...)
- TODO: check
-CVE-2017-18863
+CVE-2020-12427
RESERVED
-CVE-2017-18862
+CVE-2020-12426
RESERVED
-CVE-2017-18861
+CVE-2020-12425
RESERVED
-CVE-2017-18860
+CVE-2020-12424
RESERVED
-CVE-2017-18859
+CVE-2020-12423
RESERVED
-CVE-2017-18858
+CVE-2020-12422
RESERVED
-CVE-2017-18857
+CVE-2020-12421
RESERVED
-CVE-2017-18856
+CVE-2020-12420
RESERVED
-CVE-2017-18855
+CVE-2020-12419
RESERVED
-CVE-2017-18854
+CVE-2020-12418
RESERVED
-CVE-2017-18853
+CVE-2020-12417
+ RESERVED
+CVE-2020-12416
+ RESERVED
+CVE-2020-12415
+ RESERVED
+CVE-2020-12414
+ RESERVED
+CVE-2020-12413
+ RESERVED
+CVE-2020-12412
+ RESERVED
+CVE-2020-12411
+ RESERVED
+CVE-2020-12410
+ RESERVED
+CVE-2020-12409
+ RESERVED
+CVE-2020-12408
+ RESERVED
+CVE-2020-12407
+ RESERVED
+CVE-2020-12406
+ RESERVED
+CVE-2020-12405
+ RESERVED
+CVE-2020-12404
+ RESERVED
+CVE-2020-12403
+ RESERVED
+CVE-2020-12402
+ RESERVED
+CVE-2020-12401
+ RESERVED
+CVE-2020-12400
+ RESERVED
+CVE-2020-12399
+ RESERVED
+CVE-2020-12398
+ RESERVED
+CVE-2020-12397
+ RESERVED
+CVE-2020-12396
+ RESERVED
+CVE-2020-12395
+ RESERVED
+CVE-2020-12394
+ RESERVED
+CVE-2020-12393
+ RESERVED
+CVE-2020-12392
+ RESERVED
+CVE-2020-12391
+ RESERVED
+CVE-2020-12390
+ RESERVED
+CVE-2020-12389
+ RESERVED
+CVE-2020-12388
+ RESERVED
+CVE-2020-12387
+ RESERVED
+CVE-2020-12386
+ RESERVED
+CVE-2020-12385
+ RESERVED
+CVE-2020-12384
+ RESERVED
+CVE-2020-12383
+ RESERVED
+CVE-2020-12382
+ RESERVED
+CVE-2020-12381
+ RESERVED
+CVE-2020-12380
+ RESERVED
+CVE-2020-12379
+ RESERVED
+CVE-2020-12378
+ RESERVED
+CVE-2020-12377
+ RESERVED
+CVE-2020-12376
+ RESERVED
+CVE-2020-12375
+ RESERVED
+CVE-2020-12374
+ RESERVED
+CVE-2020-12373
+ RESERVED
+CVE-2020-12372
+ RESERVED
+CVE-2020-12371
+ RESERVED
+CVE-2020-12370
+ RESERVED
+CVE-2020-12369
+ RESERVED
+CVE-2020-12368
+ RESERVED
+CVE-2020-12367
+ RESERVED
+CVE-2020-12366
+ RESERVED
+CVE-2020-12365
+ RESERVED
+CVE-2020-12364
+ RESERVED
+CVE-2020-12363
+ RESERVED
+CVE-2020-12362
+ RESERVED
+CVE-2020-12361
+ RESERVED
+CVE-2020-12360
+ RESERVED
+CVE-2020-12359
+ RESERVED
+CVE-2020-12358
+ RESERVED
+CVE-2020-12357
+ RESERVED
+CVE-2020-12356
+ RESERVED
+CVE-2020-12355
RESERVED
-CVE-2016-11060
+CVE-2020-12354
RESERVED
-CVE-2016-11059
+CVE-2020-12353
RESERVED
-CVE-2016-11058
+CVE-2020-12352
RESERVED
-CVE-2016-11057
+CVE-2020-12351
RESERVED
-CVE-2016-11056
+CVE-2020-12350
RESERVED
-CVE-2016-11055
+CVE-2020-12349
RESERVED
-CVE-2016-11054
+CVE-2020-12348
RESERVED
+CVE-2020-12347
+ RESERVED
+CVE-2020-12346
+ RESERVED
+CVE-2020-12345
+ RESERVED
+CVE-2020-12344
+ RESERVED
+CVE-2020-12343
+ RESERVED
+CVE-2020-12342
+ RESERVED
+CVE-2020-12341
+ RESERVED
+CVE-2020-12340
+ RESERVED
+CVE-2020-12339
+ RESERVED
+CVE-2020-12338
+ RESERVED
+CVE-2020-12337
+ RESERVED
+CVE-2020-12336
+ RESERVED
+CVE-2020-12335
+ RESERVED
+CVE-2020-12334
+ RESERVED
+CVE-2020-12333
+ RESERVED
+CVE-2020-12332
+ RESERVED
+CVE-2020-12331
+ RESERVED
+CVE-2020-12330
+ RESERVED
+CVE-2020-12329
+ RESERVED
+CVE-2020-12328
+ RESERVED
+CVE-2020-12327
+ RESERVED
+CVE-2020-12326
+ RESERVED
+CVE-2020-12325
+ RESERVED
+CVE-2020-12324
+ RESERVED
+CVE-2020-12323
+ RESERVED
+CVE-2020-12322
+ RESERVED
+CVE-2020-12321
+ RESERVED
+CVE-2020-12320
+ RESERVED
+CVE-2020-12319
+ RESERVED
+CVE-2020-12318
+ RESERVED
+CVE-2020-12317
+ RESERVED
+CVE-2020-12316
+ RESERVED
+CVE-2020-12315
+ RESERVED
+CVE-2020-12314
+ RESERVED
+CVE-2020-12313
+ RESERVED
+CVE-2020-12312
+ RESERVED
+CVE-2020-12311
+ RESERVED
+CVE-2020-12310
+ RESERVED
+CVE-2020-12309
+ RESERVED
+CVE-2020-12308
+ RESERVED
+CVE-2020-12307
+ RESERVED
+CVE-2020-12306
+ RESERVED
+CVE-2020-12305
+ RESERVED
+CVE-2020-12304
+ RESERVED
+CVE-2020-12303
+ RESERVED
+CVE-2020-12302
+ RESERVED
+CVE-2020-12301
+ RESERVED
+CVE-2020-12300
+ RESERVED
+CVE-2020-12299
+ RESERVED
+CVE-2020-12298
+ RESERVED
+CVE-2020-12297
+ RESERVED
+CVE-2020-12296
+ RESERVED
+CVE-2020-12295
+ RESERVED
+CVE-2020-12294
+ RESERVED
+CVE-2020-12293
+ RESERVED
+CVE-2020-12292
+ RESERVED
+CVE-2020-12291
+ RESERVED
+CVE-2020-12290
+ RESERVED
+CVE-2020-12289
+ RESERVED
+CVE-2020-12288
+ RESERVED
+CVE-2020-12287
+ RESERVED
+CVE-2019-20791 (OpenThread before 2019-12-13 has a stack-based buffer overflow
in Mesh ...)
+ TODO: check
+CVE-2018-21232
+ RESERVED
+CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12,
the Task ...)
+ TODO: check
+CVE-2020-12285
+ RESERVED
+CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg
4.2.2 has a ...)
+ TODO: check
+CVE-2017-18863 (Certain NETGEAR devices are affected by command execution via
a PHP fo ...)
+ TODO: check
+CVE-2017-18862 (Certain NETGEAR devices are affected by authentication bypass.
This af ...)
+ TODO: check
+CVE-2017-18861 (Certain NETGEAR devices are affected by CSRF. This affects
ReadyNAS Su ...)
+ TODO: check
+CVE-2017-18860
+ RESERVED
+CVE-2017-18859 (Certain NETGEAR devices are affected by slowdown/stoppage.
This affect ...)
+ TODO: check
+CVE-2017-18858 (Certain NETGEAR devices are affected by command execution.
This affect ...)
+ TODO: check
+CVE-2017-18857 (The NETGEAR Insight application before 2.42 for Android and
iOS is aff ...)
+ TODO: check
+CVE-2017-18856
+ RESERVED
+CVE-2017-18855
+ RESERVED
+CVE-2017-18854
+ RESERVED
+CVE-2017-18853
+ RESERVED
+CVE-2016-11060 (Certain NETGEAR devices are affected by insecure
renegotiation. This a ...)
+ TODO: check
+CVE-2016-11059 (Certain NETGEAR devices are affected by password exposure.
This affect ...)
+ TODO: check
+CVE-2016-11058 (The NETGEAR genie application before 2.4.34 for Android is
affected by ...)
+ TODO: check
+CVE-2016-11057 (Certain NETGEAR devices are affected by mishandling of
repeated URL ca ...)
+ TODO: check
+CVE-2016-11056 (Certain NETGEAR devices are affected by anonymous root access.
This af ...)
+ TODO: check
+CVE-2016-11055 (Certain NETGEAR devices are affected by CSRF. This affects
CM400 befor ...)
+ TODO: check
+CVE-2016-11054 (NETGEAR DGN2200v4 devices before 2017-01-06 are affected by
command ex ...)
+ TODO: check
CVE-2020-12283
RESERVED
CVE-2020-12282
@@ -134,8 +424,8 @@ CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS
via column.title or
NOTE: https://github.com/grafana/grafana/pull/23816
CVE-2020-12244
RESERVED
-CVE-2020-12243
- RESERVED
+CVE-2020-12243 (In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search
filters wi ...)
+ {DSA-4666-1}
- openldap <unfixed>
NOTE: https://bugs.openldap.org/show_bug.cgi?id=9202
NOTE:
https://git.openldap.org/openldap/openldap/-/commit/d38d48fc8f572dedfb67b9da61a2ba3b125ced91
(master)
@@ -479,8 +769,8 @@ CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj
extension for scrubb
NOTE:
http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1801
CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system
access an ...)
TODO: check
-CVE-2020-12078
- RESERVED
+CVE-2020-12078 (An issue was discovered in Open-AudIT 3.3.1. There is shell
metacharac ...)
+ TODO: check
CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9
for WordPr ...)
NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress
CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92
for WordPr ...)
@@ -822,98 +1112,98 @@ CVE-2018-21228 (Certain NETGEAR devices are affected by
command injection by an
NOT-FOR-US: Netgear
CVE-2018-21227 (Certain NETGEAR devices are affected by command injection by
an authen ...)
NOT-FOR-US: Netgear
-CVE-2018-21226
- RESERVED
-CVE-2018-21225
- RESERVED
-CVE-2018-21224
- RESERVED
-CVE-2018-21223
- RESERVED
-CVE-2018-21222
- RESERVED
-CVE-2018-21221
- RESERVED
-CVE-2018-21220
- RESERVED
-CVE-2018-21219
- RESERVED
-CVE-2018-21218
- RESERVED
-CVE-2018-21217
- RESERVED
-CVE-2018-21216
- RESERVED
-CVE-2018-21215
- RESERVED
-CVE-2018-21214
- RESERVED
-CVE-2018-21213
- RESERVED
-CVE-2018-21212
- RESERVED
-CVE-2018-21211
- RESERVED
-CVE-2018-21210
- RESERVED
-CVE-2018-21209
- RESERVED
-CVE-2018-21208
- RESERVED
-CVE-2018-21207
- RESERVED
-CVE-2018-21206
- RESERVED
-CVE-2018-21205
- RESERVED
-CVE-2018-21204
- RESERVED
-CVE-2018-21203
- RESERVED
-CVE-2018-21202
- RESERVED
-CVE-2018-21201
- RESERVED
-CVE-2018-21200
- RESERVED
-CVE-2018-21199
- RESERVED
-CVE-2018-21198
- RESERVED
-CVE-2018-21197
- RESERVED
-CVE-2018-21196
- RESERVED
-CVE-2018-21195
- RESERVED
-CVE-2018-21194
- RESERVED
-CVE-2018-21193
- RESERVED
-CVE-2018-21192
- RESERVED
-CVE-2018-21191
- RESERVED
-CVE-2018-21190
- RESERVED
-CVE-2018-21189
- RESERVED
-CVE-2018-21188
- RESERVED
-CVE-2018-21187
- RESERVED
-CVE-2018-21186
- RESERVED
-CVE-2018-21185
- RESERVED
-CVE-2018-21184
- RESERVED
-CVE-2018-21183
- RESERVED
-CVE-2018-21182
- RESERVED
-CVE-2018-21181
- RESERVED
+CVE-2018-21226 (Certain NETGEAR devices are affected by authentication bypass.
This af ...)
+ TODO: check
+CVE-2018-21225 (Certain NETGEAR devices are affected by command injection by
an authen ...)
+ TODO: check
+CVE-2018-21224 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21223 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21222 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21221 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21220 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21219 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21218 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21217 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21216 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21215 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21214 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21213 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21212 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21211 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21210 (Certain NETGEAR devices are affected by a buffer overflow by
an unauth ...)
+ TODO: check
+CVE-2018-21209 (Certain NETGEAR devices are affected by reflected XSS. This
affects JN ...)
+ TODO: check
+CVE-2018-21208 (Certain NETGEAR devices are affected by command injection by
an unauth ...)
+ TODO: check
+CVE-2018-21207 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21206 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21205 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21204 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21203 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21202 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21201 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21200 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21199 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21198 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21197 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21196 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21195 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21194 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21193 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21192 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21191 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21190 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21189 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21188 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21187 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21186 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21185 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21184 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21183 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21182 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
+CVE-2018-21181 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
+ TODO: check
CVE-2018-21180 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
NOT-FOR-US: Netgear
CVE-2018-21179 (Certain NETGEAR devices are affected by a stack-based buffer
overflow ...)
@@ -1502,6 +1792,7 @@ CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0
has an XXE vulnerabilit
NOT-FOR-US: WSO2 Enterprise Integrator
CVE-2020-11884 [s390/mm: fix page table upgrade vs 2ndary address mode
accesses]
RESERVED
+ {DSA-4667-1}
- linux <unfixed>
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
@@ -2880,6 +3171,7 @@ CVE-2020-11567
CVE-2020-11566
RESERVED
CVE-2020-11565 (** DISPUTED ** An issue was discovered in the Linux kernel
through 5.6 ...)
+ {DSA-4667-1}
- linux 5.5.17-1
NOTE:
https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd
CVE-2020-11564
@@ -4237,14 +4529,15 @@ CVE-2020-10946
RESERVED
CVE-2020-10945
RESERVED
-CVE-2020-10944
- RESERVED
+CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a
cross-si ...)
+ TODO: check
CVE-2020-10943
RESERVED
CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double
Free vul ...)
- patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied)
NOTE: https://savannah.gnu.org/bugs/index.php?56683
CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in
drivers/vhost/net. ...)
+ {DSA-4667-1}
- linux 5.5.13-1
NOTE:
https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4)
CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain
sensitive inform ...)
@@ -5270,8 +5563,8 @@ CVE-2020-10643
RESERVED
CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and
prior, an au ...)
NOT-FOR-US: Rockwell
-CVE-2020-10641
- RESERVED
+CVE-2020-10641 (An unprotected logging route may allow an attacker to write
endless lo ...)
+ TODO: check
CVE-2020-10640
RESERVED
CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version
3.00.23 and p ...)
@@ -6476,10 +6769,10 @@ CVE-2020-10096 (An issue was discovered in Zammad 3.0
through 3.2. It does not p
- zammad <itp> (bug #841355)
CVE-2020-10095
RESERVED
-CVE-2020-10094
- RESERVED
-CVE-2020-10093
- RESERVED
+CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x
before LW7 ...)
+ TODO: check
+CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910
series in ...)
+ TODO: check
CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting
vulnerab ...)
- gitlab <not-affected> (Only affects Gitlab 12.1 and later)
NOTE:
https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/
@@ -7804,8 +8097,7 @@ CVE-2020-9484
RESERVED
CVE-2020-9483
RESERVED
-CVE-2020-9482
- RESERVED
+CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication
mechanism other ...)
NOT-FOR-US: Apache NiFi
CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6
is vulne ...)
- trafficserver 8.0.7+ds-1
@@ -10564,6 +10856,7 @@ CVE-2020-8317
CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version
10.200 ...)
NOT-FOR-US: Lenovo
CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a
may_create_in_sticky u ...)
+ {DSA-4667-1}
- linux 5.4.19-1
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: Fixed by:
https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6
@@ -12136,8 +12429,8 @@ CVE-2020-7646
RESERVED
CVE-2020-7645
RESERVED
-CVE-2020-7644
- RESERVED
+CVE-2020-7644 (fun-map through 3.3.1 is vulnerable to Prototype Pollution. The
functi ...)
+ TODO: check
CVE-2020-7643 (paypal-adaptive through 0.4.2 manipulation of JavaScript
objects resul ...)
NOT-FOR-US: Node paypal-adaptive
CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious
JavaScript. The ...)
@@ -20054,8 +20347,8 @@ CVE-2020-4331
RESERVED
CVE-2020-4330
RESERVED
-CVE-2020-4329
- RESERVED
+CVE-2020-4329 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty
17.0.0 ...)
+ TODO: check
CVE-2020-4328
RESERVED
CVE-2020-4327
@@ -24439,7 +24732,7 @@ CVE-2020-2806 (Vulnerability in the MySQL Server
product of Oracle MySQL (compon
- mysql-5.7 <unfixed> (bug #956832)
NOTE:
https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2805 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24448,7 +24741,7 @@ CVE-2020-2804 (Vulnerability in the MySQL Server
product of Oracle MySQL (compon
- mysql-5.7 <unfixed> (bug #956832)
NOTE:
https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2803 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24458,7 +24751,7 @@ CVE-2020-2802 (Vulnerability in the Oracle GraalVM
Enterprise Edition product of
CVE-2020-2801 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2020-2800 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24501,7 +24794,7 @@ CVE-2020-2783 (Vulnerability in the Oracle Outside In
Technology product of Orac
CVE-2020-2782 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
NOT-FOR-US: Oracle
CVE-2020-2781 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24526,7 +24819,7 @@ CVE-2020-2774 (Vulnerability in the MySQL Server
product of Oracle MySQL (compon
- mysql-5.7 <not-affected> (Only affects MySQL 8)
NOTE:
https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL
CVE-2020-2773 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24573,24 +24866,24 @@ CVE-2020-2758 (Vulnerability in the Oracle VM
VirtualBox product of Oracle Virtu
- virtualbox 6.1.6-dfsg-1
[jessie] - virtualbox <end-of-life> (DSA-3699-1)
CVE-2020-2757 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
- openjdk-7 <removed>
CVE-2020-2756 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
- openjdk-7 <removed>
CVE-2020-2755 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
CVE-2020-2754 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- {DSA-4662-1}
+ {DSA-4668-1 DSA-4662-1}
- openjdk-14 14.0.1+7-1
- openjdk-11 11.0.7+10-1
- openjdk-8 8u252-b09-1
@@ -24642,6 +24935,7 @@ CVE-2020-2734 (Vulnerability in the RDBMS/Optimizer
component of Oracle Database
CVE-2020-2733 (Vulnerability in the JD Edwards EnterpriseOne Tools product of
Oracle ...)
NOT-FOR-US: Oracle
CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor
handled instr ...)
+ {DSA-4667-1}
- linux 5.5.13-1
NOTE:
https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec
NOTE:
https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c
@@ -27574,8 +27868,8 @@ CVE-2020-1776
RESERVED
CVE-2020-1775
RESERVED
-CVE-2020-1774
- RESERVED
+CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported
file has ...)
+ TODO: check
CVE-2020-1773 (An attacker with the ability to generate session IDs or
password reset ...)
- otrs2 6.0.27-1
[buster] - otrs2 <no-dsa> (Non-free not supported)
@@ -27790,8 +28084,7 @@ CVE-2020-1746 [Information disclosure issue in
ldap_attr and ldap_entry modules]
[jessie] - ansible <not-affected> (Vulnerable code introduced later)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805491
NOTE: https://github.com/ansible/ansible/pull/67866
-CVE-2020-1745 [AJP File Read/Inclusion Vulnerability]
- RESERVED
+CVE-2020-1745 (A file inclusion vulnerability was found in the AJP connector
enabled ...)
- undertow 2.0.30-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1807305
NOTE: Variant of the Ghostcat Tomcat vulnerability, CVE-2020-1938.
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75dedc15529a399c7d21c783e274200f8d911993
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/75dedc15529a399c7d21c783e274200f8d911993
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
