Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
f2087578 by security tracker role at 2020-07-01T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2020-15497
+ RESERVED
+CVE-2020-15496
+ RESERVED
+CVE-2020-15495
+ RESERVED
+CVE-2020-15494
+ RESERVED
+CVE-2020-15493
+ RESERVED
+CVE-2020-15492
+ RESERVED
+CVE-2020-15491
+ RESERVED
+CVE-2020-15490
+ RESERVED
+CVE-2020-15489
+ RESERVED
+CVE-2020-15488
+ RESERVED
+CVE-2020-15487
+ RESERVED
+CVE-2020-15486
+ RESERVED
+CVE-2020-15485
+ RESERVED
+CVE-2020-15484
+ RESERVED
+CVE-2020-15483
+ RESERVED
+CVE-2020-15482
+ RESERVED
+CVE-2020-15481
+ RESERVED
+CVE-2020-15480
+ RESERVED
+CVE-2020-15479
+ RESERVED
+CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of
sensiti ...)
+ TODO: check
+CVE-2020-15477
+ RESERVED
+CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a
heap-based bu ...)
+ TODO: check
+CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in
lib/ndpi_main.c om ...)
+ TODO: check
+CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in
extractRDNSequence i ...)
+ TODO: check
+CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a
heap-bas ...)
+ TODO: check
+CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a
heap-based ...)
+ TODO: check
+CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to
a heap-b ...)
+ TODO: check
+CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in
jfif_dec ...)
+ TODO: check
+CVE-2020-15469
+ RESERVED
CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the
cart_edit ...)
NOT-FOR-US: Persian VIP Download Script
CVE-2020-15467
@@ -3003,13 +3061,13 @@ CVE-2020-14198
RESERVED
CVE-2020-14197
RESERVED
-CVE-2020-14196
- RESERVED
+CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2
and 4.1 ...)
- pdns-recursor <unfixed> (low)
[buster] - pdns-recursor <postponed> (Minor issue, fix along in next
DSA)
[stretch] - pdns-recursor <postponed> (Minor issue, fix along in next
DSA)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/01/1
CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the
interact ...)
+ {DLA-2270-1}
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
@@ -3343,6 +3401,7 @@ CVE-2020-14064
CVE-2020-14063
RESERVED
CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the
interact ...)
+ {DLA-2270-1}
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
@@ -3350,6 +3409,7 @@ CVE-2020-14062 (FasterXML jackson-databind 2.x before
2.9.10.5 mishandles the in
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-14061 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the
interact ...)
+ {DLA-2270-1}
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
@@ -3357,6 +3417,7 @@ CVE-2020-14061 (FasterXML jackson-databind 2.x before
2.9.10.5 mishandles the in
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is
enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-14060 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the
interact ...)
+ {DLA-2270-1}
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a
point release)
@@ -3373,12 +3434,12 @@ CVE-2020-14058 (An issue was discovered in Squid before
4.12 and 5.x before 5.0.
NOTE: Squid 4:
http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch
NOTE:
https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57
NOTE: Squid in Debian builds without OpenSSL support
-CVE-2020-14057
- RESERVED
-CVE-2020-14056
- RESERVED
-CVE-2020-14055
- RESERVED
+CVE-2020-14057 (Monsta FTP 2.10.1 or below allows external control of paths
used in fi ...)
+ TODO: check
+CVE-2020-14056 (Monsta FTP 2.10.1 or below is prone to a server-side request
forgery v ...)
+ TODO: check
+CVE-2020-14055 (Monsta FTP 2.10.1 or below is prone to a stored cross-site
scripting v ...)
+ TODO: check
CVE-2020-14054 (SOKKIA GNR5 Vanguard WEB version 1.2 (build:
91f2b2c3a04d203d79862f87e ...)
NOT-FOR-US: SOKKIA GNR5 Vanguard WEB
CVE-2020-14053
@@ -3416,30 +3477,30 @@ CVE-2020-XXXX [Editor: Ensure latest comments can only
be viewed from public pos
[buster] - wordpress 5.0.10+dfsg1-0+deb10u1
NOTE: https://core.trac.wordpress.org/changeset/47984
CVE-2020-4050 (In affected versions of WordPress, misuse of the
`set-screen-option` f ...)
- {DSA-4709-1}
+ {DSA-4709-1 DLA-2269-1}
- wordpress 5.4.2+dfsg1-1 (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47951
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
NOTE:
https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the
name of ...)
- {DSA-4709-1}
+ {DSA-4709-1 DLA-2269-1}
- wordpress 5.4.2+dfsg1-1 (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47950
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p
NOTE:
https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148
CVE-2020-4048 (In affected versions of WordPress, due to an issue in
wp_validate_redi ...)
- {DSA-4709-1}
+ {DSA-4709-1 DLA-2269-1}
- wordpress 5.4.2+dfsg1-1 (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47949
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5
NOTE:
https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693
CVE-2020-4046 (In affected versions of WordPress, users with low privileges
(like con ...)
- {DSA-4709-1}
+ {DSA-4709-1 DLA-2269-1}
- wordpress 5.4.2+dfsg1-1 (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47947
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf
CVE-2020-4047 (In affected versions of WordPress, authenticated users with
upload per ...)
- {DSA-4709-1}
+ {DSA-4709-1 DLA-2269-1}
- wordpress 5.4.2+dfsg1-1 (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47948
NOTE:
https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27
@@ -4549,8 +4610,8 @@ CVE-2020-13621
RESERVED
CVE-2020-13620
RESERVED
-CVE-2020-13619
- RESERVED
+CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows
an attack ...)
+ TODO: check
CVE-2020-13618
RESERVED
CVE-2020-13617
@@ -5067,14 +5128,14 @@ CVE-2020-13385
RESERVED
CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload
and exec ...)
NOT-FOR-US: Monstra CMS
-CVE-2020-13383
- RESERVED
-CVE-2020-13382
- RESERVED
-CVE-2020-13381
- RESERVED
-CVE-2020-13380
- RESERVED
+CVE-2020-13383 (openSIS through 7.4 allows Directory Traversal. ...)
+ TODO: check
+CVE-2020-13382 (openSIS through 7.4 has Incorrect Access Control. ...)
+ TODO: check
+CVE-2020-13381 (openSIS through 7.4 allows SQL Injection. ...)
+ TODO: check
+CVE-2020-13380 (openSIS before 7.4 allows SQL Injection. ...)
+ TODO: check
CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF
Incorrec ...)
- grafana <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/4
@@ -6933,14 +6994,11 @@ CVE-2020-12607 (An issue was discovered in fastecdsa
before 2.1.2. When using th
NOT-FOR-US: fastecdsa
CVE-2020-12606
RESERVED
-CVE-2020-12605
- RESERVED
+CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume
excessive ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-12604
- RESERVED
+CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible
to incr ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-12603
- RESERVED
+CVE-2020-12603 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume
excessive ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-12602
RESERVED
@@ -7150,10 +7208,10 @@ CVE-2020-12500
RESERVED
CVE-2020-12499
RESERVED
-CVE-2020-12498
- RESERVED
-CVE-2020-12497
- RESERVED
+CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx
Express versio ...)
+ TODO: check
+CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC
Worx Expres ...)
+ TODO: check
CVE-2020-12496
RESERVED
CVE-2020-12495
@@ -7359,30 +7417,35 @@ CVE-2020-12422
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422
CVE-2020-12421
RESERVED
+ {DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12421
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421
CVE-2020-12420
RESERVED
+ {DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12420
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420
CVE-2020-12419
RESERVED
+ {DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12419
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419
CVE-2020-12418
RESERVED
+ {DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12418
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418
CVE-2020-12417
RESERVED
+ {DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12417
@@ -18086,8 +18149,7 @@ CVE-2020-8665
RESERVED
CVE-2020-8664 (CNCF Envoy through 1.13.0 has incorrect Access Control when
using SDS ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-8663
- RESERVED
+CVE-2020-8663 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust
file descr ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-8662
RESERVED
@@ -20465,10 +20527,10 @@ CVE-2020-7691
RESERVED
CVE-2020-7690
RESERVED
-CVE-2020-7689
- RESERVED
-CVE-2020-7688
- RESERVED
+CVE-2020-7689 (Data is truncated wrong when its length is greater than 255
bytes. ...)
+ TODO: check
+CVE-2020-7688 (The issue occurs because tagName user input is formatted inside
the ex ...)
+ TODO: check
CVE-2020-7687
RESERVED
CVE-2020-7686
@@ -23974,8 +24036,8 @@ CVE-2020-6263 (Standalone clients connecting to SAP
NetWeaver AS Java via P4 Pro
NOT-FOR-US: SAP
CVE-2020-6262 (Service Data Download in SAP Application Server ABAP (ST-PI,
before ve ...)
NOT-FOR-US: SAP
-CVE-2020-6261
- RESERVED
+CVE-2020-6261 (SAP Solution Manager (Trace Analysis), version 7.20, allows an
attacke ...)
+ TODO: check
CVE-2020-6260 (SAP Solution Manager (Trace Analysis), version 7.20, allows an
attacke ...)
NOT-FOR-US: SAP
CVE-2020-6259 (Under certain conditions SAP Adaptive Server Enterprise,
versions 15.7 ...)
@@ -24350,8 +24412,8 @@ CVE-2020-6091 (An exploitable authentication bypass
vulnerability exists in the
NOT-FOR-US: EPSON
CVE-2020-6090 (An exploitable code execution vulnerability exists in the
Web-Based Ma ...)
NOT-FOR-US: WAGO
-CVE-2020-6089
- RESERVED
+CVE-2020-6089 (An exploitable code execution vulnerability exists in the ANI
file for ...)
+ TODO: check
CVE-2020-6088
RESERVED
CVE-2020-6087
@@ -24794,26 +24856,26 @@ CVE-2020-5910
RESERVED
CVE-2020-5909
RESERVED
-CVE-2020-5908
- RESERVED
-CVE-2020-5907
- RESERVED
-CVE-2020-5906
- RESERVED
-CVE-2020-5905
- RESERVED
-CVE-2020-5904
- RESERVED
-CVE-2020-5903
- RESERVED
-CVE-2020-5902
- RESERVED
-CVE-2020-5901
- RESERVED
-CVE-2020-5900
- RESERVED
-CVE-2020-5899
- RESERVED
+CVE-2020-5908 (In versions bundled with BIG-IP APM 12.1.0-12.1.5 and
11.6.1-11.6.5.2, ...)
+ TODO: check
+CVE-2020-5907 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3,
13.1.0-13.1.3.3, ...)
+ TODO: check
+CVE-2020-5906 (In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and
11.6.1-11.6.5.2, the ...)
+ TODO: check
+CVE-2020-5905 (In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration
utility ...)
+ TODO: check
+CVE-2020-5904 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5,
13.1.0-13.1.3.3, ...)
+ TODO: check
+CVE-2020-5903 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5,
13.1.0-13.1.3.3, ...)
+ TODO: check
+CVE-2020-5902 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5,
13.1.0-13.1.3.3, ...)
+ TODO: check
+CVE-2020-5901 (In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may
allow f ...)
+ TODO: check
+CVE-2020-5900 (In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is
insufficient ...)
+ TODO: check
+CVE-2020-5899 (In NGINX Controller 3.0.0-3.4.0, recovery code required to
change a us ...)
+ TODO: check
CVE-2020-5898 (In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall
driver d ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5897 (In versions 7.1.5-7.1.9, there is use-after-free memory
vulnerability ...)
@@ -28445,8 +28507,8 @@ CVE-2020-4422 (IBM i2 Intelligent Analyis Platform
9.2.1 could allow a remote at
NOT-FOR-US: IBM
CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4
could allo ...)
NOT-FOR-US: IBM
-CVE-2020-4420
- RESERVED
+CVE-2020-4420 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
+ TODO: check
CVE-2020-4419 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is
vulnerable to cr ...)
NOT-FOR-US: IBM
CVE-2020-4418
@@ -28457,8 +28519,8 @@ CVE-2020-4416
RESERVED
CVE-2020-4415 (IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a
stack-based ...)
NOT-FOR-US: IBM
-CVE-2020-4414
- RESERVED
+CVE-2020-4414 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
+ TODO: check
CVE-2020-4413 (IBM Security Secret Server 10.7 could allow a remote attacker
to obtai ...)
NOT-FOR-US: IBM
CVE-2020-4412 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through
5.0.4. ...)
@@ -28511,10 +28573,10 @@ CVE-2020-4389
RESERVED
CVE-2020-4388
RESERVED
-CVE-2020-4387
- RESERVED
-CVE-2020-4386
- RESERVED
+CVE-2020-4387 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
+ TODO: check
+CVE-2020-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
+ TODO: check
CVE-2020-4385
RESERVED
CVE-2020-4384 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is
vulnerable t ...)
@@ -28533,8 +28595,8 @@ CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through
5.0.4.4 could allow a privileg
NOT-FOR-US: IBM
CVE-2020-4377
RESERVED
-CVE-2020-4376
- RESERVED
+CVE-2020-4376 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and
8.1.0 could ...)
+ TODO: check
CVE-2020-4375
RESERVED
CVE-2020-4374
@@ -28559,8 +28621,8 @@ CVE-2020-4365 (IBM WebSphere Application Server 8.5 is
vulnerable to server-side
NOT-FOR-US: IBM
CVE-2020-4364
RESERVED
-CVE-2020-4363
- RESERVED
+CVE-2020-4363 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
+ TODO: check
CVE-2020-4362 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0
traditional is ...)
NOT-FOR-US: IBM
CVE-2020-4361
@@ -28575,8 +28637,8 @@ CVE-2020-4357 (IBM Spectrum Scale 5.0.0.0 through
5.0.4.4 could allow a remote a
NOT-FOR-US: IBM
CVE-2020-4356
RESERVED
-CVE-2020-4355
- RESERVED
+CVE-2020-4355 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect
Server) 9.7, ...)
+ TODO: check
CVE-2020-4354
RESERVED
CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the
device ...)
@@ -29152,7 +29214,7 @@ CVE-2020-4069
CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is
likely to r ...)
NOT-FOR-US: APNSwift
CVE-2020-4067 (In coturn before version 4.5.1.3, there is an issue whereby
STUN/TURN ...)
- {DSA-4711-1}
+ {DSA-4711-1 DLA-2271-1}
- coturn 4.5.1.3-1
NOTE:
https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
NOTE:
https://github.com/coturn/coturn/commit/170da1140797748ae85565b5a93a2e35e7b07b6a
@@ -33851,8 +33913,8 @@ CVE-2020-2502
RESERVED
CVE-2020-2501
RESERVED
-CVE-2020-2500
- RESERVED
+CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows
attacker ...)
+ TODO: check
CVE-2020-2499
RESERVED
CVE-2020-2498
@@ -82936,12 +82998,12 @@ CVE-2019-4708
RESERVED
CVE-2019-4707 (IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to
an XML ...)
NOT-FOR-US: IBM
-CVE-2019-4706
- RESERVED
-CVE-2019-4705
- RESERVED
-CVE-2019-4704
- RESERVED
+CVE-2019-4706 (IBM Security Identity Manager Virtual Appliance 7.0.2 writes
informati ...)
+ TODO: check
+CVE-2019-4705 (IBM Security Identity Manager Virtual Appliance 7.0.2 discloses
sensit ...)
+ TODO: check
+CVE-2019-4704 (IBM Security Identity Manager Virtual Appliance 7.0.2 does not
set the ...)
+ TODO: check
CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting
Microsoft ...)
NOT-FOR-US: IBM
CVE-2019-4702
@@ -82996,8 +83058,8 @@ CVE-2019-4678
RESERVED
CVE-2019-4677
RESERVED
-CVE-2019-4676
- RESERVED
+CVE-2019-4676 (IBM Security Identity Manager Virtual Appliance 7.0.2 stores
user cred ...)
+ TODO: check
CVE-2019-4675 (IBM Security Identity Manager 7.0.1 contains hard-coded
credentials, s ...)
NOT-FOR-US: IBM
CVE-2019-4674 (IBM Security Identity Manager 7.0.1 could allow a remote
attacker to t ...)
@@ -197909,8 +197971,8 @@ CVE-2017-1714 (IBM Notes and Domino NSD 8.5 and 9.0
could allow an authenticated
NOT-FOR-US: IBM Notes and Domino NSD
CVE-2017-1713 (IBM InfoSphere Streams 4.2.1 uses weaker than expected
cryptographic a ...)
NOT-FOR-US: IBM
-CVE-2017-1712
- RESERVED
+CVE-2017-1712 ("A vulnerability in the TLS protocol implementation of the
Domino serv ...)
+ TODO: check
CVE-2017-1711 (IBM iNotes 8.5 and 9.0 SUService can be misguided into running
malicio ...)
NOT-FOR-US: IBM iNotes
CVE-2017-1710 (A vulnerability in the Service Assistant GUI in IBM Storwize
V7000 (20 ...)
@@ -198015,8 +198077,8 @@ CVE-2017-1661
RESERVED
CVE-2017-1660
RESERVED
-CVE-2017-1659
- RESERVED
+CVE-2017-1659 ("HCL iNotes is susceptible to a Cross-Site Scripting (XSS)
Vulnerabili ...)
+ TODO: check
CVE-2017-1658
RESERVED
CVE-2017-1657
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f208757863f5d2ca366ce4a1604fa6bb9e7fcfff
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f208757863f5d2ca366ce4a1604fa6bb9e7fcfff
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
