Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: 9437bec6 by security tracker role at 2020-07-15T20:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,5 @@ +CVE-2020-15778 + RESERVED CVE-2020-15777 RESERVED CVE-2020-15776 @@ -118,12 +120,12 @@ CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class NOTE: https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72 CVE-2020-15719 (libldap in certain third-party OpenLDAP packages has a certificate-val ...) TODO: check -CVE-2020-15718 - RESERVED -CVE-2020-15717 - RESERVED -CVE-2020-15716 - RESERVED +CVE-2020-15718 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) + TODO: check +CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) + TODO: check +CVE-2020-15716 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) + TODO: check CVE-2020-15715 RESERVED CVE-2020-15714 @@ -154,18 +156,18 @@ CVE-2020-15702 RESERVED CVE-2020-15701 RESERVED -CVE-2020-15700 - RESERVED -CVE-2020-15699 - RESERVED -CVE-2020-15698 - RESERVED -CVE-2020-15697 - RESERVED -CVE-2020-15696 - RESERVED -CVE-2020-15695 - RESERVED +CVE-2020-15700 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...) + TODO: check +CVE-2020-15699 (An issue was discovered in Joomla! through 3.9.19. Missing validation ...) + TODO: check +CVE-2020-15698 (An issue was discovered in Joomla! through 3.9.19. Inadequate filterin ...) + TODO: check +CVE-2020-15697 (An issue was discovered in Joomla! through 3.9.19. Internal read-only ...) + TODO: check +CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input filte ...) + TODO: check +CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...) + TODO: check CVE-2020-15694 RESERVED CVE-2020-15693 @@ -458,8 +460,7 @@ CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script NOT-FOR-US: SolarWinds Serv-U File Server CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponen ...) NOT-FOR-US: WebChess -CVE-2020-15572 [TROVE-2020-001] - RESERVED +CVE-2020-15572 (Tor before 0.4.3.6 has an out-of-bounds memory access that allows a re ...) - tor 0.4.3.6-1 (unimportant) NOTE: Tor in Debian doesn't use NSS NOTE: https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes @@ -1460,8 +1461,8 @@ CVE-2020-15119 RESERVED CVE-2020-15118 RESERVED -CVE-2020-15117 - RESERVED +CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...) + TODO: check CVE-2020-15116 RESERVED CVE-2020-15115 @@ -2321,481 +2322,421 @@ CVE-2020-14726 RESERVED CVE-2020-14725 RESERVED -CVE-2020-14724 - RESERVED -CVE-2020-14723 - RESERVED -CVE-2020-14722 - RESERVED -CVE-2020-14721 - RESERVED -CVE-2020-14720 - RESERVED -CVE-2020-14719 - RESERVED -CVE-2020-14718 - RESERVED -CVE-2020-14717 - RESERVED -CVE-2020-14716 - RESERVED -CVE-2020-14715 - RESERVED +CVE-2020-14724 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-14723 (Vulnerability in the Oracle Help Technologies product of Oracle Fusion ...) + TODO: check +CVE-2020-14722 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) + TODO: check +CVE-2020-14721 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) + TODO: check +CVE-2020-14720 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) + TODO: check +CVE-2020-14719 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) + TODO: check +CVE-2020-14718 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) + TODO: check +CVE-2020-14717 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) + TODO: check +CVE-2020-14716 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) + TODO: check +CVE-2020-14715 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14714 - RESERVED +CVE-2020-14714 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14713 - RESERVED +CVE-2020-14713 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14712 - RESERVED +CVE-2020-14712 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14711 - RESERVED +CVE-2020-14711 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox <not-affected> (MacOS-specific) -CVE-2020-14710 - RESERVED -CVE-2020-14709 - RESERVED -CVE-2020-14708 - RESERVED -CVE-2020-14707 - RESERVED +CVE-2020-14710 (Vulnerability in the Customer Management and Segmentation Foundation p ...) + TODO: check +CVE-2020-14709 (Vulnerability in the Customer Management and Segmentation Foundation p ...) + TODO: check +CVE-2020-14708 (Vulnerability in the Customer Management and Segmentation Foundation p ...) + TODO: check +CVE-2020-14707 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14706 - RESERVED -CVE-2020-14705 - RESERVED -CVE-2020-14704 - RESERVED +CVE-2020-14706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + TODO: check +CVE-2020-14705 (Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (c ...) + TODO: check +CVE-2020-14704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14703 - RESERVED +CVE-2020-14703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14702 - RESERVED +CVE-2020-14702 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14701 - RESERVED -CVE-2020-14700 - RESERVED +CVE-2020-14701 (Vulnerability in the Oracle SD-WAN Aware product of Oracle Communicati ...) + TODO: check +CVE-2020-14700 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14699 - RESERVED +CVE-2020-14699 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14698 - RESERVED +CVE-2020-14698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14697 - RESERVED +CVE-2020-14697 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14696 - RESERVED -CVE-2020-14695 - RESERVED +CVE-2020-14696 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + TODO: check +CVE-2020-14695 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14694 - RESERVED +CVE-2020-14694 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14693 - RESERVED -CVE-2020-14692 - RESERVED -CVE-2020-14691 - RESERVED -CVE-2020-14690 - RESERVED +CVE-2020-14693 (Vulnerability in the Oracle Insurance Accounting Analyzer product of O ...) + TODO: check +CVE-2020-14692 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...) + TODO: check +CVE-2020-14691 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...) + TODO: check +CVE-2020-14690 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check CVE-2020-14689 RESERVED -CVE-2020-14688 - RESERVED -CVE-2020-14687 - RESERVED -CVE-2020-14686 - RESERVED -CVE-2020-14685 - RESERVED -CVE-2020-14684 - RESERVED +CVE-2020-14688 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) + TODO: check +CVE-2020-14687 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14686 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) + TODO: check +CVE-2020-14685 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + TODO: check +CVE-2020-14684 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + TODO: check CVE-2020-14683 RESERVED -CVE-2020-14682 - RESERVED -CVE-2020-14681 - RESERVED -CVE-2020-14680 - RESERVED +CVE-2020-14682 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) + TODO: check +CVE-2020-14681 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) + TODO: check +CVE-2020-14680 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14679 - RESERVED -CVE-2020-14678 - RESERVED +CVE-2020-14679 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2020-14678 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14677 - RESERVED +CVE-2020-14677 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14676 - RESERVED +CVE-2020-14676 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14675 - RESERVED +CVE-2020-14675 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14674 - RESERVED +CVE-2020-14674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14673 - RESERVED +CVE-2020-14673 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14672 RESERVED -CVE-2020-14671 - RESERVED -CVE-2020-14670 - RESERVED -CVE-2020-14669 - RESERVED -CVE-2020-14668 - RESERVED -CVE-2020-14667 - RESERVED -CVE-2020-14666 - RESERVED -CVE-2020-14665 - RESERVED -CVE-2020-14664 - RESERVED +CVE-2020-14671 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) + TODO: check +CVE-2020-14670 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) + TODO: check +CVE-2020-14669 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) + TODO: check +CVE-2020-14668 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) + TODO: check +CVE-2020-14667 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2020-14666 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) + TODO: check +CVE-2020-14665 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) + TODO: check +CVE-2020-14664 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) - openjfx 11+26-1 NOTE: Oracle CPU lists only 8.x as affected, so marking the first 11.x upload as fixed -CVE-2020-14663 - RESERVED +CVE-2020-14663 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14662 - RESERVED -CVE-2020-14661 - RESERVED -CVE-2020-14660 - RESERVED -CVE-2020-14659 - RESERVED -CVE-2020-14658 - RESERVED -CVE-2020-14657 - RESERVED -CVE-2020-14656 - RESERVED +CVE-2020-14662 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + TODO: check +CVE-2020-14661 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2020-14660 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2020-14659 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2020-14658 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + TODO: check +CVE-2020-14657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2020-14656 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14655 - RESERVED -CVE-2020-14654 - RESERVED +CVE-2020-14655 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...) + TODO: check +CVE-2020-14654 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14653 - RESERVED -CVE-2020-14652 - RESERVED -CVE-2020-14651 - RESERVED +CVE-2020-14653 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + TODO: check +CVE-2020-14652 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14651 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14650 - RESERVED +CVE-2020-14650 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14649 - RESERVED +CVE-2020-14649 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14648 - RESERVED +CVE-2020-14648 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14647 - RESERVED +CVE-2020-14647 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14646 - RESERVED +CVE-2020-14646 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14645 - RESERVED -CVE-2020-14644 - RESERVED -CVE-2020-14643 - RESERVED +CVE-2020-14645 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14644 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14642 - RESERVED -CVE-2020-14641 - RESERVED +CVE-2020-14642 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) + TODO: check +CVE-2020-14641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14640 - RESERVED -CVE-2020-14639 - RESERVED -CVE-2020-14638 - RESERVED -CVE-2020-14637 - RESERVED -CVE-2020-14636 - RESERVED -CVE-2020-14635 - RESERVED -CVE-2020-14634 - RESERVED +CVE-2020-14640 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14639 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14638 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14637 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14636 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14635 (Vulnerability in the Oracle Application Object Library product of Orac ...) + TODO: check +CVE-2020-14634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14633 - RESERVED +CVE-2020-14633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14632 - RESERVED +CVE-2020-14632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14631 - RESERVED +CVE-2020-14631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14630 - RESERVED -CVE-2020-14629 - RESERVED +CVE-2020-14630 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) + TODO: check +CVE-2020-14629 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14628 - RESERVED +CVE-2020-14628 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 -CVE-2020-14627 - RESERVED -CVE-2020-14626 - RESERVED -CVE-2020-14625 - RESERVED -CVE-2020-14624 - RESERVED +CVE-2020-14627 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-14626 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check +CVE-2020-14625 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14623 - RESERVED +CVE-2020-14623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14622 - RESERVED -CVE-2020-14621 - RESERVED +CVE-2020-14622 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14621 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 <unfixed> - openjdk-11 <unfixed> - openjdk-8 <unfixed> -CVE-2020-14620 - RESERVED +CVE-2020-14620 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14619 - RESERVED +CVE-2020-14619 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14618 - RESERVED -CVE-2020-14617 - RESERVED -CVE-2020-14616 - RESERVED -CVE-2020-14615 - RESERVED -CVE-2020-14614 - RESERVED +CVE-2020-14618 (Vulnerability in the Primavera Unifier product of Oracle Construction ...) + TODO: check +CVE-2020-14617 (Vulnerability in the Primavera Unifier product of Oracle Construction ...) + TODO: check +CVE-2020-14616 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + TODO: check +CVE-2020-14615 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + TODO: check +CVE-2020-14614 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14613 - RESERVED -CVE-2020-14612 - RESERVED -CVE-2020-14611 - RESERVED -CVE-2020-14610 - RESERVED -CVE-2020-14609 - RESERVED -CVE-2020-14608 - RESERVED -CVE-2020-14607 - RESERVED -CVE-2020-14606 - RESERVED -CVE-2020-14605 - RESERVED -CVE-2020-14604 - RESERVED -CVE-2020-14603 - RESERVED -CVE-2020-14602 - RESERVED -CVE-2020-14601 - RESERVED -CVE-2020-14600 - RESERVED -CVE-2020-14599 - RESERVED -CVE-2020-14598 - RESERVED -CVE-2020-14597 - RESERVED +CVE-2020-14613 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) + TODO: check +CVE-2020-14612 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...) + TODO: check +CVE-2020-14611 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) + TODO: check +CVE-2020-14610 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + TODO: check +CVE-2020-14609 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check +CVE-2020-14608 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...) + TODO: check +CVE-2020-14607 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...) + TODO: check +CVE-2020-14606 (Vulnerability in the Oracle SD-WAN Edge product of Oracle Communicatio ...) + TODO: check +CVE-2020-14605 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + TODO: check +CVE-2020-14604 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + TODO: check +CVE-2020-14603 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + TODO: check +CVE-2020-14602 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + TODO: check +CVE-2020-14601 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + TODO: check +CVE-2020-14600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-14599 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) + TODO: check +CVE-2020-14598 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) + TODO: check +CVE-2020-14597 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14596 - RESERVED -CVE-2020-14595 - RESERVED -CVE-2020-14594 - RESERVED -CVE-2020-14593 - RESERVED +CVE-2020-14596 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + TODO: check +CVE-2020-14595 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...) + TODO: check +CVE-2020-14594 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + TODO: check +CVE-2020-14593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 <unfixed> - openjdk-11 <unfixed> - openjdk-8 <unfixed> -CVE-2020-14592 - RESERVED -CVE-2020-14591 - RESERVED +CVE-2020-14592 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-14591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14590 - RESERVED -CVE-2020-14589 - RESERVED -CVE-2020-14588 - RESERVED -CVE-2020-14587 - RESERVED -CVE-2020-14586 - RESERVED +CVE-2020-14590 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + TODO: check +CVE-2020-14589 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14588 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14587 (Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Ora ...) + TODO: check +CVE-2020-14586 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14585 - RESERVED -CVE-2020-14584 - RESERVED -CVE-2020-14583 - RESERVED +CVE-2020-14585 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + TODO: check +CVE-2020-14584 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + TODO: check +CVE-2020-14583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 <unfixed> - openjdk-11 <unfixed> - openjdk-8 <unfixed> -CVE-2020-14582 - RESERVED -CVE-2020-14581 - RESERVED +CVE-2020-14582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + TODO: check +CVE-2020-14581 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 <unfixed> - openjdk-11 <unfixed> - openjdk-8 <unfixed> -CVE-2020-14580 - RESERVED -CVE-2020-14579 - RESERVED +CVE-2020-14580 (Vulnerability in the Oracle Communications Session Border Controller p ...) + TODO: check +CVE-2020-14579 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 <unfixed> - openjdk-11 <unfixed> - openjdk-8 <unfixed> -CVE-2020-14578 - RESERVED +CVE-2020-14578 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 <unfixed> - openjdk-11 <unfixed> - openjdk-8 <unfixed> -CVE-2020-14577 - RESERVED +CVE-2020-14577 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 <unfixed> - openjdk-11 <unfixed> - openjdk-8 <unfixed> -CVE-2020-14576 - RESERVED -CVE-2020-14575 - RESERVED +CVE-2020-14576 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2020-14575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14574 - RESERVED -CVE-2020-14573 - RESERVED +CVE-2020-14574 (Vulnerability in the Oracle Communications Interactive Session Recorde ...) + TODO: check +CVE-2020-14573 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...) - openjdk-14 <unfixed> - openjdk-11 <unfixed> -CVE-2020-14572 - RESERVED -CVE-2020-14571 - RESERVED -CVE-2020-14570 - RESERVED -CVE-2020-14569 - RESERVED -CVE-2020-14568 - RESERVED +CVE-2020-14572 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14571 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + TODO: check +CVE-2020-14570 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) + TODO: check +CVE-2020-14569 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) + TODO: check +CVE-2020-14568 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) -CVE-2020-14567 - RESERVED -CVE-2020-14566 - RESERVED -CVE-2020-14565 - RESERVED -CVE-2020-14564 - RESERVED -CVE-2020-14563 - RESERVED -CVE-2020-14562 - RESERVED +CVE-2020-14567 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2020-14566 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + TODO: check +CVE-2020-14565 (Vulnerability in the Oracle Unified Directory product of Oracle Fusion ...) + TODO: check +CVE-2020-14564 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-14563 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) + TODO: check +CVE-2020-14562 (Vulnerability in the Java SE product of Oracle Java SE (component: Ima ...) - openjdk-14 <unfixed> - openjdk-11 <unfixed> -CVE-2020-14561 - RESERVED -CVE-2020-14560 - RESERVED -CVE-2020-14559 - RESERVED -CVE-2020-14558 - RESERVED -CVE-2020-14557 - RESERVED -CVE-2020-14556 - RESERVED +CVE-2020-14561 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + TODO: check +CVE-2020-14560 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...) + TODO: check +CVE-2020-14559 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2020-14558 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-14557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-14556 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-14 <unfixed> - openjdk-11 <unfixed> - openjdk-8 <unfixed> -CVE-2020-14555 - RESERVED -CVE-2020-14554 - RESERVED -CVE-2020-14553 - RESERVED -CVE-2020-14552 - RESERVED -CVE-2020-14551 - RESERVED -CVE-2020-14550 - RESERVED -CVE-2020-14549 - RESERVED -CVE-2020-14548 - RESERVED -CVE-2020-14547 - RESERVED -CVE-2020-14546 - RESERVED -CVE-2020-14545 - RESERVED -CVE-2020-14544 - RESERVED -CVE-2020-14543 - RESERVED -CVE-2020-14542 - RESERVED -CVE-2020-14541 - RESERVED -CVE-2020-14540 - RESERVED -CVE-2020-14539 - RESERVED +CVE-2020-14555 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) + TODO: check +CVE-2020-14554 (Vulnerability in the Oracle Application Object Library product of Orac ...) + TODO: check +CVE-2020-14553 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2020-14552 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) + TODO: check +CVE-2020-14551 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...) + TODO: check +CVE-2020-14550 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) + TODO: check +CVE-2020-14549 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + TODO: check +CVE-2020-14548 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check +CVE-2020-14547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2020-14546 (Vulnerability in the Hyperion Financial Close Management product of Or ...) + TODO: check +CVE-2020-14545 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-14544 (Vulnerability in the Oracle Transportation Management product of Oracl ...) + TODO: check +CVE-2020-14543 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) + TODO: check +CVE-2020-14542 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-14541 (Vulnerability in the Hyperion Financial Close Management product of Or ...) + TODO: check +CVE-2020-14540 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check +CVE-2020-14539 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) + TODO: check CVE-2020-14538 RESERVED -CVE-2020-14537 - RESERVED -CVE-2020-14536 - RESERVED -CVE-2020-14535 - RESERVED -CVE-2020-14534 - RESERVED -CVE-2020-14533 - RESERVED -CVE-2020-14532 - RESERVED -CVE-2020-14531 - RESERVED -CVE-2020-14530 - RESERVED -CVE-2020-14529 - RESERVED -CVE-2020-14528 - RESERVED -CVE-2020-14527 - RESERVED +CVE-2020-14537 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-14536 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) + TODO: check +CVE-2020-14535 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...) + TODO: check +CVE-2020-14534 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + TODO: check +CVE-2020-14533 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) + TODO: check +CVE-2020-14532 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) + TODO: check +CVE-2020-14531 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) + TODO: check +CVE-2020-14530 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...) + TODO: check +CVE-2020-14529 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + TODO: check +CVE-2020-14528 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + TODO: check +CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + TODO: check CVE-2020-14526 RESERVED CVE-2020-14525 @@ -2826,8 +2767,8 @@ CVE-2020-14513 RESERVED CVE-2020-14512 RESERVED -CVE-2020-14511 - RESERVED +CVE-2020-14511 (Malicious operation of the crafted web browser cookie may cause a stac ...) + TODO: check CVE-2020-14510 RESERVED CVE-2020-14509 @@ -3301,6 +3242,7 @@ CVE-2020-14424 CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...) NOT-FOR-US: Convos CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...) + {DLA-2280-1} - python3.8 3.8.4~rc1-1 - python3.7 <removed> [buster] - python3.7 <no-dsa> (Minor issue) @@ -4566,8 +4508,7 @@ CVE-2020-13925 (Similar to CVE-2020-1956, Kylin has one more restful API which c NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2020-13924 RESERVED -CVE-2020-13923 - RESERVED +CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...) NOT-FOR-US: Apache OFBiz CVE-2020-13922 RESERVED @@ -7149,8 +7090,8 @@ CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, NOT-FOR-US: COVIDSafe CVE-2020-12855 RESERVED -CVE-2020-12854 - RESERVED +CVE-2020-12854 (A remote code execution vulnerability was identified in SecZetta NEPro ...) + TODO: check CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...) NOT-FOR-US: Pydio Cells CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator user ...) @@ -17023,8 +16964,7 @@ CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...) - guacamole-client <unfixed> (bug #964195) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2 -CVE-2020-9496 - RESERVED +CVE-2020-9496 (XML-RPC request are vulnerable to unsafe deserialization and Cross-Sit ...) NOT-FOR-US: Apache OFBiz CVE-2020-9495 (Apache Archiva login service before 2.2.5 is vulnerable to LDAP inject ...) NOT-FOR-US: Apache Archiva @@ -19477,6 +19417,7 @@ CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x ver CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...) + {DLA-2280-1} - python3.8 3.8.3~rc1-1 - python3.7 <removed> [buster] - python3.7 <no-dsa> (Minor issue) @@ -20106,8 +20047,8 @@ CVE-2020-8205 RESERVED CVE-2020-8204 RESERVED -CVE-2020-8203 - RESERVED +CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash <= ...) + TODO: check CVE-2020-8202 RESERVED CVE-2020-8201 @@ -20160,8 +20101,8 @@ CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed NOT-FOR-US: Nextcloud Talk CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to ...) NOT-FOR-US: Nextcloud Deck -CVE-2020-8178 - RESERVED +CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18 may ...) + TODO: check CVE-2020-8177 RESERVED - curl <unfixed> @@ -22298,8 +22239,8 @@ CVE-2020-7294 RESERVED CVE-2020-7293 RESERVED -CVE-2020-7292 - RESERVED +CVE-2020-7292 (Inappropriate Encoding for output context in McAfee Web Gateway (MWG) ...) + TODO: check CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) NOT-FOR-US: McAfee CVE-2020-7290 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) @@ -26181,8 +26122,8 @@ CVE-2020-5767 RESERVED CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Wordpress plugin -CVE-2020-5765 - RESERVED +CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerabi ...) + TODO: check CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable to a d ...) NOT-FOR-US: MX Player Android App CVE-2020-5763 @@ -30192,8 +30133,8 @@ CVE-2020-4102 RESERVED CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...) NOT-FOR-US: HCL Digital Experience -CVE-2020-4100 - RESERVED +CVE-2020-4100 ("HCL Verse for Android was found to employ dynamic code loading. This ...) + TODO: check CVE-2020-4099 RESERVED CVE-2020-4098 @@ -33764,44 +33705,44 @@ CVE-2020-2986 RESERVED CVE-2020-2985 RESERVED -CVE-2020-2984 - RESERVED -CVE-2020-2983 - RESERVED -CVE-2020-2982 - RESERVED -CVE-2020-2981 - RESERVED +CVE-2020-2984 (Vulnerability in the Oracle Configuration Manager product of Oracle En ...) + TODO: check +CVE-2020-2983 (Vulnerability in the Oracle Data Masking and Subsetting product of Ora ...) + TODO: check +CVE-2020-2982 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2981 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) + TODO: check CVE-2020-2980 RESERVED CVE-2020-2979 RESERVED -CVE-2020-2978 - RESERVED -CVE-2020-2977 - RESERVED -CVE-2020-2976 - RESERVED -CVE-2020-2975 - RESERVED -CVE-2020-2974 - RESERVED -CVE-2020-2973 - RESERVED -CVE-2020-2972 - RESERVED -CVE-2020-2971 - RESERVED +CVE-2020-2978 (Vulnerability in the Oracle Database - Enterprise Edition component of ...) + TODO: check +CVE-2020-2977 (Vulnerability in the Oracle Application Express component of Oracle Da ...) + TODO: check +CVE-2020-2976 (Vulnerability in the Oracle Application Express component of Oracle Da ...) + TODO: check +CVE-2020-2975 (Vulnerability in the Oracle Application Express component of Oracle Da ...) + TODO: check +CVE-2020-2974 (Vulnerability in the Oracle Application Express component of Oracle Da ...) + TODO: check +CVE-2020-2973 (Vulnerability in the Oracle Application Express component of Oracle Da ...) + TODO: check +CVE-2020-2972 (Vulnerability in the Oracle Application Express component of Oracle Da ...) + TODO: check +CVE-2020-2971 (Vulnerability in the Oracle Application Express component of Oracle Da ...) + TODO: check CVE-2020-2970 RESERVED -CVE-2020-2969 - RESERVED -CVE-2020-2968 - RESERVED -CVE-2020-2967 - RESERVED -CVE-2020-2966 - RESERVED +CVE-2020-2969 (Vulnerability in the Data Pump component of Oracle Database Server. Su ...) + TODO: check +CVE-2020-2968 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + TODO: check +CVE-2020-2967 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-2966 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check CVE-2020-2965 RESERVED CVE-2020-2964 (Vulnerability in the Oracle Financial Services Data Foundation product ...) @@ -34803,8 +34744,8 @@ CVE-2020-2564 (Vulnerability in the Siebel UI Framework product of Oracle Siebel NOT-FOR-US: Oracle CVE-2020-2563 (Vulnerability in the Hyperion Financial Close Management product of Or ...) NOT-FOR-US: Oracle -CVE-2020-2562 - RESERVED +CVE-2020-2562 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) + TODO: check CVE-2020-2561 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...) NOT-FOR-US: Oracle CVE-2020-2560 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) @@ -34901,8 +34842,8 @@ CVE-2020-2515 (Vulnerability in the Database Gateway for ODBC component of Oracl NOT-FOR-US: Oracle CVE-2020-2514 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle -CVE-2020-2513 - RESERVED +CVE-2020-2513 (Vulnerability in the Oracle Application Express component of Oracle Da ...) + TODO: check CVE-2020-2512 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2511 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) @@ -35799,32 +35740,23 @@ CVE-2020-2230 RESERVED CVE-2020-2229 RESERVED -CVE-2020-2228 - RESERVED +CVE-2020-2228 (Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2227 - RESERVED +CVE-2020-2227 (Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2226 - RESERVED +CVE-2020-2226 (Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does no ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2225 - RESERVED +CVE-2020-2225 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axi ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2224 - RESERVED +CVE-2020-2224 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape the nod ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2223 - RESERVED +CVE-2020-2223 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape cor ...) NOT-FOR-US: Jenkins -CVE-2020-2222 - RESERVED +CVE-2020-2222 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) NOT-FOR-US: Jenkins -CVE-2020-2221 - RESERVED +CVE-2020-2221 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) NOT-FOR-US: Jenkins -CVE-2020-2220 - RESERVED +CVE-2020-2220 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) NOT-FOR-US: Jenkins CVE-2020-2219 (Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of lin ...) NOT-FOR-US: Jenkins plugin @@ -37901,8 +37833,8 @@ CVE-2019-19328 (ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI NOT-FOR-US: Wikibase Wikidata Query Service GUI CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-S ...) NOT-FOR-US: Wikibase Wikidata Query Service GUI -CVE-2019-19326 - RESERVED +CVE-2019-19326 (SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequ ...) + TODO: check CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows ...) NOT-FOR-US: SilverStripe CVE-2019-19324 (Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms ...) @@ -42918,6 +42850,7 @@ CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirec CVE-2019-18349 (HotkeyP through 4.9 r96 allows privilege escalation in the privilege f ...) NOT-FOR-US: HotkeyP CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...) + {DLA-2280-1} - python3.8 3.8.3~rc1-1 (unimportant) - python3.7 <removed> (unimportant) - python3.5 <removed> (unimportant) @@ -45456,8 +45389,8 @@ CVE-2019-17639 RESERVED CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in ca ...) TODO: check -CVE-2019-17637 - RESERVED +CVE-2019-17637 (In all versions of Eclipse Web Tools Platform through release 3.18 (20 ...) + TODO: check CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre ...) NOT-FOR-US: Eclipse Theia CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...) @@ -47521,6 +47454,7 @@ CVE-2019-16937 CVE-2019-16936 RESERVED CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x through ...) + {DLA-2280-1} - python3.8 3.8.0~rc1-1 - python3.7 3.7.5~rc1-1 [buster] - python3.7 3.7.3-2+deb10u1 @@ -50095,7 +50029,7 @@ CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 CVE-2019-16057 (The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnera ...) NOT-FOR-US: D-Link CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ...) - {DLA-1925-1 DLA-1924-1} + {DLA-2280-1 DLA-1925-1 DLA-1924-1} - python3.8 3.8.0~b4-1 - python3.7 3.7.4-4 [buster] - python3.7 3.7.3-2+deb10u1 @@ -59292,7 +59226,7 @@ CVE-2019-13578 (A SQL injection vulnerability exists in the Impress GiveWP Give CVE-2019-13577 (SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthe ...) NOT-FOR-US: SnmpAdm.exe in MAPLE WBT SNMP Administrator CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...) - {DLA-1906-1 DLA-1889-1} + {DLA-2280-1 DLA-1906-1 DLA-1889-1} - python3.7 3.7.3~rc1-1 - python3.5 <removed> - python3.4 <removed> @@ -68851,6 +68785,7 @@ CVE-2019-10161 (It was discovered that libvirtd before versions 4.10.1 and 5.4.1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720115 NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580 CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python since ...) + {DLA-2280-1} - python3.7 3.7.4~rc2-2 [buster] - python3.7 3.7.3-2+deb10u1 - python3.6 <not-affected> (Fix for CVE-2019-9636 not applied) @@ -69514,7 +69449,7 @@ CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultr CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...) NOT-FOR-US: Western Digital CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...) - {DLA-1852-1 DLA-1834-1} + {DLA-2280-1 DLA-1852-1 DLA-1834-1} - python3.7 3.7.4~rc2-2 [buster] - python3.7 3.7.3-2+deb10u1 - python3.6 <removed> @@ -69529,7 +69464,7 @@ CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: sche NOTE: https://github.com/python/cpython/commit/b15bde8058e821b383d81fcae68b335a752083ca (2.7) NOTE: https://github.com/python/cpython/commit/942c31dffbe886ff02e25a319cc3891220b8c641 (2.7) CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...) - {DLA-1835-1 DLA-1834-1} + {DLA-2280-1 DLA-1835-1 DLA-1834-1} - python3.7 3.7.4~rc2-2 [buster] - python3.7 3.7.3-2+deb10u1 - python3.6 <removed> @@ -71078,7 +71013,7 @@ CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection NOTE: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9 NOTE: https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708#diff-b97af51863ce82bf2a13003b52034aa9 CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...) - {DLA-1835-1 DLA-1834-1} + {DLA-2280-1 DLA-1835-1 DLA-1834-1} - python3.7 3.7.4~rc2-2 [buster] - python3.7 3.7.3-2+deb10u1 - python3.6 <removed> @@ -71357,7 +71292,7 @@ CVE-2019-9643 CVE-2019-9642 (An issue was discovered in proxy.php in pydio-core in Pydio through 8. ...) - extplorer <removed> CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Impr ...) - {DLA-1835-1 DLA-1834-1} + {DLA-2280-1 DLA-1835-1 DLA-1834-1} - python3.7 3.7.3~rc1-1 (bug #924072) - python3.6 <removed> - python3.5 <removed> @@ -83482,7 +83417,7 @@ CVE-2019-5012 (An exploitable privilege escalation vulnerability exists in the W CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the helper ...) NOT-FOR-US: CleanMyMac CVE-2019-5010 (An exploitable denial-of-service vulnerability exists in the X509 cert ...) - {DLA-1834-1 DLA-1663-1} + {DLA-2280-1 DLA-1834-1 DLA-1663-1} - python3.7 3.7.2-2 (bug #921064) - python3.6 <removed> (bug #921063) - python3.5 <removed> @@ -87865,7 +87800,7 @@ CVE-2018-20408 (An issue was discovered in Bento4 1.5.1-627. There is a memory l CVE-2018-20407 (An issue was discovered in Bento4 1.5.1-627. There is a memory leak in ...) NOT-FOR-US: Bento4 CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ...) - {DLA-1663-1} + {DLA-2280-1 DLA-1663-1} - python3.7 3.7.0-7 (unimportant) - python3.6 3.6.7~rc1-1 (unimportant) - python3.5 <removed> (unimportant) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9437bec660ddf219cc2e5525b5c62f9f9601429a -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9437bec660ddf219cc2e5525b5c62f9f9601429a You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits