Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
dc9a62dd by Moritz Muehlenhoff at 2020-07-16T09:48:32+02:00
new openldap issue
NFUs
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -123,7 +123,8 @@ CVE-2020-15720 (In Dogtag PKI through 10.8.3, the
pki.client.PKIConnection class
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855273
NOTE:
https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72
CVE-2020-15719 (libldap in certain third-party OpenLDAP packages has a
certificate-val ...)
- TODO: check
+ - openldap <unfixed> (low)
+ [buster] - openldap <no-dsa> (Minor issue)
CVE-2020-15718 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper
validation o ...)
NOT-FOR-US: RosarioSIS
CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper
validation o ...)
@@ -2367,7 +2368,7 @@ CVE-2020-14708 (Vulnerability in the Customer Management
and Segmentation Founda
CVE-2020-14707 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
CVE-2020-14706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio
Managem ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14705 (Vulnerability in the Oracle GoldenGate product of Oracle
GoldenGate (c ...)
NOT-FOR-US: Oracle
CVE-2020-14704 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
@@ -2474,7 +2475,7 @@ CVE-2020-14655 (Vulnerability in the Oracle Security
Service product of Oracle F
CVE-2020-14654 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2020-14653 (Vulnerability in the Primavera P6 Enterprise Project Portfolio
Managem ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14652 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2020-14651 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
@@ -2526,7 +2527,7 @@ CVE-2020-14629 (Vulnerability in the Oracle VM VirtualBox
product of Oracle Virt
CVE-2020-14628 (Vulnerability in the Oracle VM VirtualBox product of Oracle
Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
CVE-2020-14627 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14626 (Vulnerability in the Oracle Business Intelligence Enterprise
Edition p ...)
NOT-FOR-US: Oracle
CVE-2020-14625 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
@@ -2546,9 +2547,9 @@ CVE-2020-14620 (Vulnerability in the MySQL Server product
of Oracle MySQL (compo
CVE-2020-14619 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2020-14618 (Vulnerability in the Primavera Unifier product of Oracle
Construction ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14617 (Vulnerability in the Primavera Unifier product of Oracle
Construction ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14616 (Vulnerability in the Oracle Hospitality Reporting and
Analytics produc ...)
NOT-FOR-US: Oracle
CVE-2020-14615 (Vulnerability in the Oracle Financial Services Analytical
Applications ...)
@@ -2558,7 +2559,7 @@ CVE-2020-14614 (Vulnerability in the MySQL Server product
of Oracle MySQL (compo
CVE-2020-14613 (Vulnerability in the Oracle WebCenter Sites product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2020-14612 (Vulnerability in the PeopleSoft Enterprise HRMS product of
Oracle Peop ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14611 (Vulnerability in the Oracle WebCenter Portal product of Oracle
Fusion ...)
NOT-FOR-US: Oracle
CVE-2020-14610 (Vulnerability in the Oracle Applications Framework product of
Oracle E ...)
@@ -2582,7 +2583,7 @@ CVE-2020-14602 (Vulnerability in the Oracle Financial
Services Analytical Applic
CVE-2020-14601 (Vulnerability in the Oracle Financial Services Analytical
Applications ...)
NOT-FOR-US: Oracle
CVE-2020-14600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14599 (Vulnerability in the Oracle CRM Gateway for Mobile Devices
product of ...)
NOT-FOR-US: Oracle
CVE-2020-14598 (Vulnerability in the Oracle CRM Gateway for Mobile Devices
product of ...)
@@ -2600,7 +2601,7 @@ CVE-2020-14593 (Vulnerability in the Java SE, Java SE
Embedded product of Oracle
- openjdk-11 <unfixed>
- openjdk-8 <unfixed>
CVE-2020-14592 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14591 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2020-14590 (Vulnerability in the Oracle Applications Framework product of
Oracle E ...)
@@ -2610,7 +2611,7 @@ CVE-2020-14589 (Vulnerability in the Oracle WebLogic
Server product of Oracle Fu
CVE-2020-14588 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
NOT-FOR-US: Oracle
CVE-2020-14587 (Vulnerability in the PeopleSoft Enterprise FIN Expenses
product of Ora ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14586 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2020-14585 (Vulnerability in the Oracle BI Publisher product of Oracle
Fusion Midd ...)
@@ -2646,43 +2647,43 @@ CVE-2020-14576 (Vulnerability in the MySQL Server
product of Oracle MySQL (compo
CVE-2020-14575 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2020-14574 (Vulnerability in the Oracle Communications Interactive Session
Recorde ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14573 (Vulnerability in the Java SE product of Oracle Java SE
(component: Hot ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
CVE-2020-14572 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14571 (Vulnerability in the Oracle BI Publisher product of Oracle
Fusion Midd ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14570 (Vulnerability in the Oracle BI Publisher product of Oracle
Fusion Midd ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14569 (Vulnerability in the Oracle FLEXCUBE Investor Servicing
product of Ora ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14568 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
CVE-2020-14567 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2020-14566 (Vulnerability in the Primavera Portfolio Management product of
Oracle ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14565 (Vulnerability in the Oracle Unified Directory product of
Oracle Fusion ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14564 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14563 (Vulnerability in the Oracle Enterprise Communications Broker
product o ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14562 (Vulnerability in the Java SE product of Oracle Java SE
(component: Ima ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
CVE-2020-14561 (Vulnerability in the Oracle Hospitality Reporting and
Analytics produc ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14560 (Vulnerability in the Oracle Hyperion BI+ product of Oracle
Hyperion (c ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14559 (Vulnerability in the MySQL Server product of Oracle MySQL
(component: ...)
TODO: check
CVE-2020-14558 (Vulnerability in the PeopleSoft Enterprise PeopleTools product
of Orac ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14557 (Vulnerability in the Oracle WebLogic Server product of Oracle
Fusion M ...)
- TODO: check
+ NOT-FOR-US: Oracle
CVE-2020-14556 (Vulnerability in the Java SE, Java SE Embedded product of
Oracle Java ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
@@ -16271,7 +16272,7 @@ CVE-2020-9795 (A use after free issue was addressed
with improved memory managem
CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
- sqlite3 <undetermined>
NOTE: https://vuldb.com/?id.155768
- TODO: Try to get more information, as usual Apple advisories are too
unspecific
+ NOTE: As usual Apple advisories are too unspecific
CVE-2020-9793 (A memory corruption issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
CVE-2020-9792 (A validation issue was addressed with improved input
sanitization. Thi ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9a62ddaef89978973d7656227e1f5ee148b9b2
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/dc9a62ddaef89978973d7656227e1f5ee148b9b2
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
