Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
bd8154e9 by security tracker role at 2020-07-09T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -281,8 +281,8 @@ CVE-2020-15528 (An issue was discovered in GOG Galaxy
Client 2.0.17. Local escal
NOT-FOR-US: GOG Galaxy client
CVE-2020-15527
RESERVED
-CVE-2020-15526
- RESERVED
+CVE-2020-15526 (In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the
scope for ...)
+ TODO: check
CVE-2020-15525 (GitLab EE 11.3 through 13.1.2 has Incorrect Access Control
because of ...)
- gitlab <not-affected> (Specific to EE)
CVE-2020-15524
@@ -320,11 +320,11 @@ CVE-2020-15509 (Nordic Semiconductor Android BLE Library
through 2.2.1 and DFU L
NOT-FOR-US: Nordic Semiconductor
CVE-2020-15508
RESERVED
-CVE-2020-15507 (MobileIron Core and Connector before 10.3.0.4, 10.4.x before
10.4.0.4, ...)
+CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core and
Connect ...)
NOT-FOR-US: MobileIron Core and Connector
-CVE-2020-15506 (MobileIron Core and Connector before 10.3.0.4, 10.4.x before
10.4.0.4, ...)
+CVE-2020-15506 (An Authentication Bypass vulnerability in MobileIron Core and
Connecto ...)
NOT-FOR-US: MobileIron Core and Connector
-CVE-2020-15505 (MobileIron Core and Connector before 10.3.0.4, 10.4.x before
10.4.0.4, ...)
+CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core and
Connector ...)
NOT-FOR-US: MobileIron Core and Connector
CVE-2020-15504
RESERVED
@@ -799,8 +799,8 @@ CVE-2020-15301
RESERVED
CVE-2020-15300
RESERVED
-CVE-2020-15299
- RESERVED
+CVE-2020-15299 (A reflected Cross-Site Scripting (XSS) Vulnerability in the
KingCompos ...)
+ TODO: check
CVE-2020-15298
RESERVED
CVE-2020-15297
@@ -1211,10 +1211,10 @@ CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6
are vulnerable to an inf
TODO: check
CVE-2020-15094
RESERVED
-CVE-2020-15093
- RESERVED
-CVE-2020-15092
- RESERVED
+CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does
not pro ...)
+ TODO: check
+CVE-2020-15092 (In TimelineJS before version 3.7.0, some user data renders as
HTML. An ...)
+ TODO: check
CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6
allows block ...)
NOT-FOR-US: TenderMint
CVE-2020-15090
@@ -1418,10 +1418,10 @@ CVE-2020-15003
RESERVED
CVE-2020-15002
RESERVED
-CVE-2020-15001
- RESERVED
-CVE-2020-15000
- RESERVED
+CVE-2020-15001 (An information leak was discovered on Yubico YubiKey 5 NFC
devices 5.0 ...)
+ TODO: check
+CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5
devices 5. ...)
+ TODO: check
CVE-2020-14999
RESERVED
CVE-2020-14998
@@ -3521,10 +3521,10 @@ CVE-2020-14173 (The file upload feature in Atlassian
Jira Server and Data Center
NOT-FOR-US: Atlassian
CVE-2020-14172 (Affected versions of Atlassian Jira Server and Data Center
allow remot ...)
NOT-FOR-US: Atlassian
-CVE-2020-14171
- RESERVED
-CVE-2020-14170
- RESERVED
+CVE-2020-14171 (Atlassian Bitbucket Server from version 4.9.0 before version
7.2.4 all ...)
+ TODO: check
+CVE-2020-14170 (Webhooks in Atlassian Bitbucket Server from version 5.4.0
before versi ...)
+ TODO: check
CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data
Center be ...)
NOT-FOR-US: Atlassian
CVE-2020-14168 (The email client in Jira Server and Data Center before version
7.13.16 ...)
@@ -4008,7 +4008,7 @@ CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in
libEMF (aka ECMA-234 Metafil
- libemf 1.0.13-1 (bug #963778)
[buster] - libemf <no-dsa> (Minor issue)
NOTE: Fixed upstream in 1.0.13
-CVE-2020-13998 (** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5,
when 2FA ...)
+CVE-2020-13998 (** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is
enabled ...)
NOT-FOR-US: Citrix
CVE-2020-13997
RESERVED
@@ -4016,12 +4016,12 @@ CVE-2020-13996 (The J2Store plugin before 3.3.13 for
Joomla! allows a SQL inject
NOT-FOR-US: J2Store plugin for Joomla!
CVE-2020-13995
RESERVED
-CVE-2020-13994
- RESERVED
-CVE-2020-13993
- RESERVED
-CVE-2020-13992
- RESERVED
+CVE-2020-13994 (An issue was discovered in Mods for HESK 3.1.0 through
2019.1.0. A pri ...)
+ TODO: check
+CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through
2019.1.0. A bli ...)
+ TODO: check
+CVE-2020-13992 (An issue was discovered in Mods for HESK 3.1.0 through
2019.1.0. A Sto ...)
+ TODO: check
CVE-2020-13991
RESERVED
CVE-2020-13990
@@ -6099,10 +6099,10 @@ CVE-2020-13134
RESERVED
CVE-2020-13133
RESERVED
-CVE-2020-13132
- RESERVED
-CVE-2020-13131
- RESERVED
+CVE-2020-13132 (An issue was discovered in Yubico libykpiv before 2.1.0. An
attacker c ...)
+ TODO: check
+CVE-2020-13131 (An issue was discovered in Yubico libykpiv before 2.1.0.
lib/util.c in ...)
+ TODO: check
CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in
the Linu ...)
{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.6.14-1
@@ -7812,28 +7812,22 @@ CVE-2020-12428
RESERVED
CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229
for MyClou ...)
NOT-FOR-US: Western Digital
-CVE-2020-12426
- RESERVED
+CVE-2020-12426 (Mozilla developers and community members reported memory
safety bugs p ...)
- firefox 78.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12426
-CVE-2020-12425
- RESERVED
+CVE-2020-12425 (Due to confusion processing a hyphen character in
Date.parse(), a one- ...)
- firefox 78.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12425
-CVE-2020-12424
- RESERVED
+CVE-2020-12424 (When constructing a permission prompt for WebRTC, a URI was
supplied f ...)
- firefox 78.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12424
-CVE-2020-12423
- RESERVED
+CVE-2020-12423 (When the Windows DLL "webauthn.dll" was missing from the
Operating Sys ...)
- firefox <not-affected> (Windows-specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12423
-CVE-2020-12422
- RESERVED
+CVE-2020-12422 (In non-standard configurations, a JPEG image created by
JavaScript cou ...)
- firefox 78.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422
-CVE-2020-12421
- RESERVED
+CVE-2020-12421 (When performing add-on updates, certificate chains terminating
in non- ...)
{DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
@@ -7841,8 +7835,7 @@ CVE-2020-12421
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12421
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12421
-CVE-2020-12420
- RESERVED
+CVE-2020-12420 (When trying to connect to a STUN server, a race condition
could have c ...)
{DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
@@ -7850,8 +7843,7 @@ CVE-2020-12420
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12420
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12420
-CVE-2020-12419
- RESERVED
+CVE-2020-12419 (When processing callbacks that occurred during window flushing
in the ...)
{DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
@@ -7859,8 +7851,7 @@ CVE-2020-12419
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12419
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12419
-CVE-2020-12418
- RESERVED
+CVE-2020-12418 (Manipulating individual parts of a URL object could have
caused an out ...)
{DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
@@ -7868,8 +7859,7 @@ CVE-2020-12418
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12418
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12418
-CVE-2020-12417
- RESERVED
+CVE-2020-12417 (Due to confusion about ValueTags on JavaScript Objects, an
object may ...)
{DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
@@ -7877,26 +7867,22 @@ CVE-2020-12417
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12417
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12417
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12417
-CVE-2020-12416
- RESERVED
+CVE-2020-12416 (A VideoStreamEncoder may have been freed in a race condition
with Vide ...)
- firefox 78.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12416
-CVE-2020-12415
- RESERVED
+CVE-2020-12415 (When "%2F" was present in a manifest URL, Firefox's AppCache
behavior ...)
- firefox 78.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12415
-CVE-2020-12414
- RESERVED
+CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode
and it ...)
+ TODO: check
CVE-2020-12413
RESERVED
-CVE-2020-12412
- RESERVED
-CVE-2020-12411
- RESERVED
+CVE-2020-12412 (By navigating a tab using the history API, an attacker could
cause the ...)
+ TODO: check
+CVE-2020-12411 (Mozilla developers reported memory safety bugs present in
Firefox 76. ...)
- firefox 77.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
-CVE-2020-12410
- RESERVED
+CVE-2020-12410 (Mozilla developers reported memory safety bugs present in
Firefox 76 a ...)
{DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
@@ -7904,20 +7890,16 @@ CVE-2020-12410
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12410
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12410
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12410
-CVE-2020-12409
- RESERVED
+CVE-2020-12409 (When using certain blank characters in a URL, they where
incorrectly r ...)
- firefox 77.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12409
-CVE-2020-12408
- RESERVED
+CVE-2020-12408 (When browsing a document hosted on an IP address, an attacker
could in ...)
- firefox 77.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12408
-CVE-2020-12407
- RESERVED
+CVE-2020-12407 (Mozilla Developer Nicolas Silva found that when using
WebRender, Firef ...)
- firefox 77.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
-CVE-2020-12406
- RESERVED
+CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check
during ...)
{DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
@@ -7925,8 +7907,7 @@ CVE-2020-12406
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12406
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
-CVE-2020-12405
- RESERVED
+CVE-2020-12405 (When browsing a malicious page, a race condition in our
SharedWorkerSe ...)
{DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
@@ -7934,12 +7915,11 @@ CVE-2020-12405
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12405
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12405
-CVE-2020-12404
- RESERVED
+CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to
be passed ...)
+ TODO: check
CVE-2020-12403
RESERVED
-CVE-2020-12402 [Side channel vulnerabilities during RSA key generation]
- RESERVED
+CVE-2020-12402 (During RSA key generation, bignum implementations used a
variation of ...)
{DLA-2266-1}
- nss 2:3.53.1-1 (bug #963152)
NOTE:
https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
@@ -7948,8 +7928,7 @@ CVE-2020-12401
RESERVED
CVE-2020-12400
RESERVED
-CVE-2020-12399 [Force a fixed length for DSA exponentiation]
- RESERVED
+CVE-2020-12399 (NSS has shown timing differences when performing DSA
signatures, which ...)
{DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
@@ -7960,8 +7939,7 @@ CVE-2020-12399 [Force a fixed length for DSA
exponentiation]
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12399
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399
-CVE-2020-12398
- RESERVED
+CVE-2020-12398 (If Thunderbird is configured to use STARTTLS for an IMAP
server, and t ...)
{DSA-4702-1 DLA-2247-1}
- thunderbird 1:68.9.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398
@@ -8952,7 +8930,7 @@ CVE-2020-11994 (Server-Side Template Injection and
arbitrary file disclosure on
CVE-2020-11993
RESERVED
CVE-2020-11992
- RESERVED
+ REJECTED
CVE-2020-11991
RESERVED
CVE-2020-11990
@@ -12695,7 +12673,7 @@ CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and
including 4.3.0 does not
[stretch] - pdns-recursor <end-of-life> (No longer supported, see DSA
4691)
NOTE:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
-CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.0.0, there are
multipl ...)
+CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are
multipl ...)
- pillow <unfixed>
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4505
@@ -13555,6 +13533,7 @@ CVE-2020-10760 (A use-after-free flaw was found in all
samba LDAP server version
NOTE: https://www.samba.org/samba/security/CVE-2020-10760.html
CVE-2020-10759 [Possible bypass in signature verification]
RESERVED
+ {DLA-2274-1}
- fwupd 1.3.10-1 (bug #962517)
[buster] - fwupd <no-dsa> (Will be fixed via point release)
- libjcat 0.1.3-1
@@ -13570,8 +13549,7 @@ CVE-2020-10757 (A flaw was found in the Linux Kernel in
versions after 4.5-rc1 i
- linux 5.6.14-2
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE:
https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
-CVE-2020-10756 [slirp: networking out-of-bounds read information disclosure
vulnerability]
- RESERVED
+CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP
networking ...)
- libslirp <unfixed>
- qemu 1:4.1-2
[buster] - qemu <postponed> (Minor issue)
@@ -14610,7 +14588,7 @@ CVE-2020-10379 (In Pillow before 7.1.0, there are two
Buffer Overflows in libIma
[jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs
introduced in 6.0.0)
NOTE: https://github.com/python-pillow/Pillow/pull/4538
NOTE: Fixed in 6.2.3 and 7.1.0
-CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.0.1, an
out-of-bou ...)
+CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.1.0, an
out-of-bou ...)
- pillow <unfixed>
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4538
@@ -15077,7 +15055,7 @@ CVE-2020-10179
RESERVED
CVE-2020-10178
REJECTED
-CVE-2020-10177 (Pillow before 7.0.1 has multiple out-of-bounds reads in
libImaging/Fli ...)
+CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in
libImaging/Fli ...)
- pillow <unfixed>
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4503
@@ -16886,10 +16864,10 @@ CVE-2020-9379 (The Software Development Kit of the
MiContact Center Business wit
NOT-FOR-US: Mitel
CVE-2020-9378
RESERVED
-CVE-2020-9377
- RESERVED
-CVE-2020-9376
- RESERVED
+CVE-2020-9377 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow
Remote Co ...)
+ TODO: check
+CVE-2020-9376 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow
Informati ...)
+ TODO: check
CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209
allows re ...)
NOT-FOR-US: TP-Link
CVE-2019-20482
@@ -20970,10 +20948,10 @@ CVE-2020-7695
RESERVED
CVE-2020-7694
RESERVED
-CVE-2020-7693
- RESERVED
-CVE-2020-7692
- RESERVED
+CVE-2020-7693 (Incorrect handling of Upgrade header with the value websocket
leads in ...)
+ TODO: check
+CVE-2020-7692 (PKCE support is not implemented in accordance with the RFC for
OAuth 2 ...)
+ TODO: check
CVE-2020-7691 (In all versions of the package jspdf, it is possible to use
<<sc ...)
TODO: check
CVE-2020-7690 (In all versions of package jspdf, it is possible to inject
JavaScript ...)
@@ -21492,10 +21470,10 @@ CVE-2020-7460
RESERVED
CVE-2020-7459
RESERVED
-CVE-2020-7458
- RESERVED
-CVE-2020-7457
- RESERVED
+CVE-2020-7458 (In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before
r362281, and ...)
+ TODO: check
+CVE-2020-7457 (In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7,
11.4-ST ...)
+ TODO: check
CVE-2020-7456 (In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6,
11.4-ST ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE:
https://www.freebsd.org/security/advisories/FreeBSD-SA-20:17.usb.asc
@@ -26542,8 +26520,8 @@ CVE-2020-5368 (Dell EMC VxRail versions 4.7.410 and
4.7.411 contain an improper
NOT-FOR-US: EMC
CVE-2020-5367 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17,
Dell EMC U ...)
NOT-FOR-US: Dell EMC
-CVE-2020-5366
- RESERVED
+CVE-2020-5366 (Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path
Traversal ...)
+ TODO: check
CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and earlier contain a
remotesupport vul ...)
NOT-FOR-US: EMC
CVE-2020-5364 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an
SNMPv2 vul ...)
@@ -29260,8 +29238,8 @@ CVE-2020-4307 (IBM Security Guardium 11.1 could allow
an attacker on the same ne
NOT-FOR-US: IBM
CVE-2020-4306 (IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable
to cros ...)
NOT-FOR-US: IBM
-CVE-2020-4305
- RESERVED
+CVE-2020-4305 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could
allow a r ...)
+ TODO: check
CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through
20.0.0.3 i ...)
NOT-FOR-US: IBM
CVE-2020-4303 (IBM WebSphere Application Server - Liberty 17.0.0.3 through
20.0.0.3 i ...)
@@ -29524,8 +29502,8 @@ CVE-2020-4175
RESERVED
CVE-2020-4174
RESERVED
-CVE-2020-4173
- RESERVED
+CVE-2020-4173 (IBM Guardium Activity Insights 10.6 and 11.0 does not set the
secure a ...)
+ TODO: check
CVE-2020-4172
RESERVED
CVE-2020-4171
@@ -44904,8 +44882,8 @@ CVE-2019-17640
RESERVED
CVE-2019-17639
RESERVED
-CVE-2019-17638
- RESERVED
+CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to
9.4.29.v20200521, in ca ...)
+ TODO: check
CVE-2019-17637
RESERVED
CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the
default pre ...)
@@ -68531,7 +68509,7 @@ CVE-2019-10097 (In Apache HTTP Server 2.4.32-2.4.39,
when mod_remoteip was confi
NOTE:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10097
NOTE: https://svn.apache.org/r1864613
CVE-2019-10096
- RESERVED
+ REJECTED
CVE-2019-10095
RESERVED
CVE-2019-10094 (A carefully crafted package/compressed file that, when
unzipped/uncomp ...)
@@ -116144,8 +116122,7 @@ CVE-2018-12372 (Decrypted S/MIME parts, when included
in HTML crafted for an att
{DSA-4244-1 DLA-1425-1}
- thunderbird 1:52.9.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
-CVE-2018-12371
- RESERVED
+CVE-2018-12371 (An integer overflow vulnerability in the Skia library when
allocating ...)
{DSA-4295-1 DLA-1575-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd8154e9793b7751d7ee36a70d5cf0fc4dd4c2e4
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd8154e9793b7751d7ee36a70d5cf0fc4dd4c2e4
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
