Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
40d5c87f by Moritz Muehlenhoff at 2020-06-03T15:11:26+02:00
new mongodb issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -52,7 +52,7 @@ CVE-2019-20810 (go7007_snd_init in
drivers/media/usb/go7007/snd-go7007.c in the
- linux 5.6.7-1
NOTE:
https://git.kernel.org/linus/9453264ef58638ce8976121ac44c07a3ef375983
CVE-2020-13759 (rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows
attacker ...)
- TODO: check
+ NOT-FOR-US: rust-vmm
CVE-2020-13758
(modules/security/classes/general.post_filter.php/post_filter.php in th ...)
NOT-FOR-US: Bitrix24
CVE-2020-13757 (Python-RSA 4.0 ignores leading '\0' bytes during decryption of
ciphert ...)
@@ -340,9 +340,9 @@ CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has
a use-after-free in
CVE-2020-13629
RESERVED
CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote
attackers to in ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote
attackers to in ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2020-13626
RESERVED
CVE-2020-13625
@@ -2682,7 +2682,7 @@ CVE-2020-12609
CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch
Management Engine ...)
NOT-FOR-US: SolarWinds
CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using
the NIST ...)
- TODO: check
+ NOT-FOR-US: fastecdsa
CVE-2020-12606
RESERVED
CVE-2020-12605
@@ -7991,9 +7991,9 @@ CVE-2020-10948 (Jon Hedley AlienForm2 (typically
installed as af.cgi or alienfor
CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint
for Soph ...)
NOT-FOR-US: Sophos
CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote
attackers to in ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server
responses. ...)
- TODO: check
+ - centreon-web <itp> (bug #913903)
CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a
cross-si ...)
- nomad 0.10.5+dfsg1-1
NOTE: https://github.com/hashicorp/nomad/issues/7468
@@ -10224,7 +10224,7 @@ CVE-2020-10138
CVE-2020-10137
RESERVED
CVE-2020-10136 (Multiple products that implement the IP Encapsulation within
IP standa ...)
- TODO: check
+ NOT-FOR-US: Cisco
CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication
in Blueto ...)
NOTE: Bluetooth protocol issue
CVE-2020-10134 (Pairing in Bluetooth® Core v5.2 and earlier may permit an
unauthe ...)
@@ -15395,7 +15395,9 @@ CVE-2020-7923
CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise
Kubernetes Oper ...)
NOT-FOR-US: MongoDB Enterprise
CVE-2020-7921 (Improper serialization of internal state in the authorization
subsyste ...)
- TODO: check
+ - mongodb <removed>
+ [stretch] - mongodb <no-dsa> (Minor issue)
+ NOTE: https://jira.mongodb.org/browse/SERVER-45472
CVE-2019-20419
RESERVED
CVE-2019-20418
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40d5c87f03d5fca9b34967c3fd088cf5758a2ce8
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40d5c87f03d5fca9b34967c3fd088cf5758a2ce8
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
