[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Aug 12 21:10:42 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2af1f066 by security tracker role at 2020-08-12T20:10:33+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,87 @@
+CVE-2020-17537
+ RESERVED
+CVE-2020-17536
+ RESERVED
+CVE-2020-17535
+ RESERVED
+CVE-2020-17534
+ RESERVED
+CVE-2020-17533
+ RESERVED
+CVE-2020-17532
+ RESERVED
+CVE-2020-17531
+ RESERVED
+CVE-2020-17530
+ RESERVED
+CVE-2020-17529
+ RESERVED
+CVE-2020-17528
+ RESERVED
+CVE-2020-17527
+ RESERVED
+CVE-2020-17526
+ RESERVED
+CVE-2020-17525
+ RESERVED
+CVE-2020-17524
+ RESERVED
+CVE-2020-17523
+ RESERVED
+CVE-2020-17522
+ RESERVED
+CVE-2020-17521
+ RESERVED
+CVE-2020-17520
+ RESERVED
+CVE-2020-17519
+ RESERVED
+CVE-2020-17518
+ RESERVED
+CVE-2020-17517
+ RESERVED
+CVE-2020-17516
+ RESERVED
+CVE-2020-17515
+ RESERVED
+CVE-2020-17514
+ RESERVED
+CVE-2020-17513
+ RESERVED
+CVE-2020-17512
+ RESERVED
+CVE-2020-17511
+ RESERVED
+CVE-2020-17510
+ RESERVED
+CVE-2020-17509
+ RESERVED
+CVE-2020-17508
+ RESERVED
+CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...)
+ TODO: check
+CVE-2020-17506 (Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privil ...)
+ TODO: check
+CVE-2020-17505 (Artica Web Proxy 4.30.000000 allows an authenticated remote attacker t ...)
+ TODO: check
+CVE-2020-17504
+ RESERVED
+CVE-2020-17503
+ RESERVED
+CVE-2020-17502
+ RESERVED
+CVE-2020-17501
+ RESERVED
+CVE-2020-17500
+ RESERVED
+CVE-2020-17499
+ RESERVED
+CVE-2020-17498
+ RESERVED
+CVE-2020-17497 (eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to ...)
+ TODO: check
+CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...)
+ TODO: check
CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...)
- python-django-celery-results <unfixed> (bug #968305)
NOTE: https://github.com/celery/django-celery-results/issues/142
@@ -102,8 +186,8 @@ CVE-2020-17448 (Telegram Desktop through 2.1.13 allows a spoofed file type to by
TODO: check
CVE-2020-17447 (MyBB before 1.8.24 allows XSS because the visual editor mishandles [al ...)
NOT-FOR-US: MyBB
-CVE-2020-17446
- RESERVED
+CVE-2020-17446 (asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger ...)
+ TODO: check
CVE-2020-17445
RESERVED
CVE-2020-17444
@@ -250,10 +334,10 @@ CVE-2020-17375
RESERVED
CVE-2020-17374
RESERVED
-CVE-2020-17373
- RESERVED
-CVE-2020-17372
- RESERVED
+CVE-2020-17373 (SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. ...)
+ TODO: check
+CVE-2020-17372 (SugarCRM before 10.1.0 (Q3 2020) allows XSS. ...)
+ TODO: check
CVE-2020-17371
RESERVED
CVE-2020-17370
@@ -278,10 +362,10 @@ CVE-2020-17363
RESERVED
CVE-2020-17362
RESERVED
-CVE-2020-17361
- RESERVED
-CVE-2020-17360
- RESERVED
+CVE-2020-17361 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...)
+ TODO: check
+CVE-2020-17360 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...)
+ TODO: check
CVE-2020-17359
RESERVED
CVE-2020-17358
@@ -2479,8 +2563,8 @@ CVE-2020-16268
RESERVED
CVE-2020-16267
RESERVED
-CVE-2020-16266
- RESERVED
+CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...)
+ TODO: check
CVE-2015-9549 (A reflected Cross-site Scripting (XSS) vulnerability exists in OcPorta ...)
NOT-FOR-US: OcPortal
CVE-2020-16265
@@ -2729,8 +2813,7 @@ CVE-2020-16147
RESERVED
CVE-2020-16146
RESERVED
-CVE-2020-16145 [Fix cross-site scripting (XSS) via HTML messages with malicious svg content]
- RESERVED
+CVE-2020-16145 (Roundcube Webmail before 1.4.8 allows stored XSS in HTML messages duri ...)
{DSA-4744-1 DLA-2322-1}
- roundcube 1.4.8+dfsg.1-1 (bug #968216)
NOTE: https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 (1.4.8)
@@ -4580,6 +4663,7 @@ CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9
NOTE: https://github.com/LibVNC/libvncserver/commit/aac95a9dcf4bbba87b76c72706c3221a842ca433
NOTE: https://www.openwall.com/lists/oss-security/2020/06/30/2
CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/m ...)
+ {DLA-2323-1}
- linux 5.7.10-1
[buster] - linux 4.19.131-1
NOTE: https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba
@@ -5124,8 +5208,8 @@ CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview
- node-prismjs <unfixed> (bug #968094)
NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9
NOTE: https://github.com/PrismJS/prism/commit/8bba4880202ef6bd7a1e379fe9aebe69dd75f7be
-CVE-2020-15137
- RESERVED
+CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...)
+ TODO: check
CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...)
TODO: check
CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...)
@@ -8205,6 +8289,7 @@ CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214.
CVE-2020-13975
RESERVED
CVE-2020-13974 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.7 ...)
+ {DLA-2323-1}
- linux 5.7.6-1
[buster] - linux 4.19.131-1
[stretch] - linux 4.9.228-1
@@ -8835,6 +8920,7 @@ CVE-2019-20811 (An issue was discovered in the Linux kernel before 5.0.6. In rx_
[jessie] - linux 3.16.72-1
NOTE: https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e
CVE-2019-20810 (go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the Linux ...)
+ {DLA-2323-1}
- linux 5.6.7-1
[buster] - linux 4.19.131-1
[stretch] - linux 4.9.228-1
@@ -9921,19 +10007,16 @@ CVE-2020-13292 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to b
[experimental] - gitlab 13.1.6-1
- gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13291
- RESERVED
+CVE-2020-13291 (In GitLab before 13.2.3, project sharing could temporarily allow too p ...)
- gitlab <not-affected> (Only affects GitLab 13.2 and later)
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
-CVE-2020-13290
- RESERVED
+CVE-2020-13290 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control ...)
[experimental] - gitlab 13.1.6-1
- gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
CVE-2020-13289
RESERVED
-CVE-2020-13288
- RESERVED
+CVE-2020-13288 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerabili ...)
- gitlab <not-affected> (Only affects GitLab 13.0 and later)
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
CVE-2020-13287
@@ -9970,8 +10053,8 @@ CVE-2020-13280
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0 allows at ...)
NOT-FOR-US: gitlab-vscode-extension
-CVE-2020-13278
- RESERVED
+CVE-2020-13278 (Reflected Cross-Site Scripting vulnerability in Modules.php in Rosario ...)
+ TODO: check
CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...)
- gitlab 13.2.3-2
NOTE: https://about.gitlab.com/releases/2020/06/10/critical-security-release-13-0-6-released/
@@ -11192,6 +11275,7 @@ CVE-2020-XXXX [unspecified fexsrv security issue]
[buster] - fex 20160919-2~deb10u1
[stretch] - fex 20160919-2~deb9u1
CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...)
+ {DLA-2323-1}
- linux 5.7.6-1
[buster] - linux 4.19.131-1
NOTE: https://lkml.org/lkml/2020/4/26/87
@@ -11456,13 +11540,13 @@ CVE-2020-12690 (An issue was discovered in OpenStack Keystone before 15.0.1, and
[jessie] - keystone <end-of-life> (Not supported in Jessie LTS)
NOTE: https://bugs.launchpad.net/keystone/+bug/1873290
NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/6
-CVE-2020-12674
- RESERVED
+CVE-2020-12674 (In Dovecot before 2.3.11.3, sending a specially formatted RPA request ...)
+ {DSA-4745-1}
- dovecot <unfixed> (bug #968302)
NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/3
NOTE: https://github.com/dovecot/core/commit/69ad3c902ea4bbf9f21ab1857d8923f975dc6145
-CVE-2020-12673
- RESERVED
+CVE-2020-12673 (In Dovecot before 2.3.11.3, sending a specially formatted NTLM request ...)
+ {DSA-4745-1}
- dovecot <unfixed> (bug #968302)
NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/2
NOTE: https://github.com/dovecot/core/commit/fb246611e62ad8c5a95b0ca180a63f17aa34b0d8
@@ -11546,6 +11630,7 @@ CVE-2020-12656 (** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_swi
NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651
NOTE: Issue is triggered only at module reloading / rebinding
CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c ...)
+ {DLA-2323-1}
- linux 5.6.14-1
[buster] - linux 4.19.131-1
NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1)
@@ -12916,10 +13001,10 @@ CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary C
- mailman <removed>
[buster] - mailman <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
-CVE-2020-12107
- RESERVED
-CVE-2020-12106
- RESERVED
+CVE-2020-12107 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command ...)
+ TODO: check
+CVE-2020-12106 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthe ...)
+ TODO: check
CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...)
- openconnect <unfixed> (unimportant; bug #959428)
[jessie] - openconnect <not-affected> (Vulnerable code introduced later)
@@ -12934,8 +13019,8 @@ CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal vulnerabil
NOT-FOR-US: Tiny File Manager
CVE-2020-12101 (The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remo ...)
NOT-FOR-US: xt:Commerce
-CVE-2020-12100
- RESERVED
+CVE-2020-12100 (In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp ...)
+ {DSA-4745-1}
- dovecot <unfixed> (bug #968302)
NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/1
NOTE: https://github.com/dovecot/core/commit/d4bb43a08ab9ecfab7249a17279e5f773c8abaad
@@ -17821,6 +17906,7 @@ CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5
NOTE: https://git.kernel.org/linus/8f9c469348487844328e162db57112f7d347c49f
CVE-2020-10768 [Indirect branch speculation can be enabled after it was force-disabled by the PR_SPEC_FORCE_DISABLE prctl command]
RESERVED
+ {DLA-2323-1}
- linux 5.7.6-1
[buster] - linux 4.19.131-1
[stretch] - linux 4.9.228-1
@@ -17828,6 +17914,7 @@ CVE-2020-10768 [Indirect branch speculation can be enabled after it was force-di
NOTE: https://git.kernel.org/linus/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf
CVE-2020-10767 [Indirect Branch Prediction Barrier is force-disabled when STIBP is unavailable or enhanced IBRS is available]
RESERVED
+ {DLA-2323-1}
- linux 5.7.6-1
[buster] - linux 4.19.131-1
[stretch] - linux 4.9.228-1
@@ -17835,6 +17922,7 @@ CVE-2020-10767 [Indirect Branch Prediction Barrier is force-disabled when STIBP
NOTE: https://git.kernel.org/linus/21998a351512eba4ed5969006f0c55882d995ada
CVE-2020-10766 [Rogue cross-process SSBD shutdown]
RESERVED
+ {DLA-2323-1}
- linux 5.7.6-1
[buster] - linux 4.19.131-1
[stretch] - linux 4.9.228-1
@@ -22395,8 +22483,8 @@ CVE-2020-8915
RESERVED
CVE-2020-8914
RESERVED
-CVE-2020-8913
- RESERVED
+CVE-2020-8913 (A local, arbitrary code execution vulnerability exists in the SplitCom ...)
+ TODO: check
CVE-2020-8912 (A vulnerability in the in-band key negotiation exists in the AWS S3 Cr ...)
TODO: check
CVE-2020-8911 (A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoL ...)
@@ -22413,10 +22501,10 @@ CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions
NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29
CVE-2020-8906
RESERVED
-CVE-2020-8905
- RESERVED
-CVE-2020-8904
- RESERVED
+CVE-2020-8905 (A buffer length validation vulnerability in Asylo versions prior to 0. ...)
+ TODO: check
+CVE-2020-8904 (An arbitrary memory overwrite vulnerability in the trusted memory of A ...)
+ TODO: check
CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...)
- google-compute-image-packages <unfixed>
NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619
@@ -26087,8 +26175,8 @@ CVE-2020-7376
RESERVED
CVE-2020-7375
RESERVED
-CVE-2020-7374
- RESERVED
+CVE-2020-7374 (Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scan ...)
+ TODO: check
CVE-2020-7373
RESERVED
CVE-2020-7372
@@ -27150,8 +27238,8 @@ CVE-2020-6934
RESERVED
CVE-2020-6933
RESERVED
-CVE-2020-6932
- RESERVED
+CVE-2020-6932 (An information disclosure and remote code execution vulnerability in t ...)
+ TODO: check
CVE-2020-6931
RESERVED
CVE-2020-6930
@@ -27886,8 +27974,8 @@ CVE-2020-6655
RESERVED
CVE-2020-6654
RESERVED
-CVE-2020-6653
- RESERVED
+CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 & prior stores the user l ...)
+ TODO: check
CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...)
NOT-FOR-US: Eaton
CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v ...)
@@ -28993,10 +29081,10 @@ CVE-2020-6312
RESERVED
CVE-2020-6311
RESERVED
-CVE-2020-6310
- RESERVED
-CVE-2020-6309
- RESERVED
+CVE-2020-6310 (Improper access control in SOA Configuration Trace component in SAP Ne ...)
+ TODO: check
+CVE-2020-6309 (SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7. ...)
+ TODO: check
CVE-2020-6308
RESERVED
CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7. ...)
@@ -29011,24 +29099,24 @@ CVE-2020-6303 (SAP Disclosure Management, before version 10.1, does not validate
NOT-FOR-US: SAP
CVE-2020-6302
RESERVED
-CVE-2020-6301
- RESERVED
-CVE-2020-6300
- RESERVED
-CVE-2020-6299
- RESERVED
-CVE-2020-6298
- RESERVED
-CVE-2020-6297
- RESERVED
-CVE-2020-6296
- RESERVED
-CVE-2020-6295
- RESERVED
-CVE-2020-6294
- RESERVED
-CVE-2020-6293
- RESERVED
+CVE-2020-6301 (SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 6 ...)
+ TODO: check
+CVE-2020-6300 (SAP Business Objects Business Intelligence Platform (Central Managemen ...)
+ TODO: check
+CVE-2020-6299 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 75 ...)
+ TODO: check
+CVE-2020-6298 (SAP Banking Services (Generic Market Data), versions - 400, 450, 500, ...)
+ TODO: check
+CVE-2020-6297 (Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data I ...)
+ TODO: check
+CVE-2020-6296 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 70 ...)
+ TODO: check
+CVE-2020-6295 (Under certain conditions the SAP Adaptive Server Enterprise, version 1 ...)
+ TODO: check
+CVE-2020-6294 (Xvfb of SAP Business Objects Business Intelligence Platform, versions ...)
+ TODO: check
+CVE-2020-6293 (SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.5 ...)
+ TODO: check
CVE-2020-6292 (Logout mechanism in SAP Disclosure Management, version 10.1, does not ...)
NOT-FOR-US: SAP
CVE-2020-6291 (SAP Disclosure Management, version 10.1, session mechanism does not ha ...)
@@ -29045,8 +29133,8 @@ CVE-2020-6286 (The insufficient input path validation of certain parameter in th
NOT-FOR-US: SAP
CVE-2020-6285 (SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11 ...)
NOT-FOR-US: SAP
-CVE-2020-6284
- RESERVED
+CVE-2020-6284 (SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.5 ...)
+ TODO: check
CVE-2020-6283
RESERVED
CVE-2020-6282 (SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11 ...)
@@ -29067,8 +29155,8 @@ CVE-2020-6275 (SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731
NOT-FOR-US: SAP
CVE-2020-6274
RESERVED
-CVE-2020-6273
- RESERVED
+CVE-2020-6273 (SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 1 ...)
+ TODO: check
CVE-2020-6272
RESERVED
CVE-2020-6271 (SAP Solution Manager (Problem Context Manager), version 7.2, does not ...)
@@ -30953,8 +31041,8 @@ CVE-2020-5417
RESERVED
CVE-2020-5416
RESERVED
-CVE-2020-5415
- RESERVED
+CVE-2020-5415 (Concourse, versions prior to 6.3.1 and 6.4.1, in installations which u ...)
+ TODO: check
CVE-2020-5414 (VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7. ...)
NOT-FOR-US: VMware
CVE-2020-5413 (Spring Integration framework provides Kryo Codec implementations as an ...)
@@ -39821,24 +39909,24 @@ CVE-2020-2239
RESERVED
CVE-2020-2238
RESERVED
-CVE-2020-2237
- RESERVED
-CVE-2020-2236
- RESERVED
-CVE-2020-2235
- RESERVED
-CVE-2020-2234
- RESERVED
-CVE-2020-2233
- RESERVED
-CVE-2020-2232
- RESERVED
-CVE-2020-2231
- RESERVED
-CVE-2020-2230
- RESERVED
-CVE-2020-2229
- RESERVED
+CVE-2020-2237 (A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Tes ...)
+ TODO: check
+CVE-2020-2236 (Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not ...)
+ TODO: check
+CVE-2020-2235 (A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline ...)
+ TODO: check
+CVE-2020-2234 (A missing permission check in Jenkins Pipeline Maven Integration Plugi ...)
+ TODO: check
+CVE-2020-2233 (A missing permission check in Jenkins Pipeline Maven Integration Plugi ...)
+ TODO: check
+CVE-2020-2232 (Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays th ...)
+ TODO: check
+CVE-2020-2231 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...)
+ TODO: check
+CVE-2020-2230 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...)
+ TODO: check
+CVE-2020-2229 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...)
+ TODO: check
CVE-2020-2228 (Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2227 (Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the ...)
@@ -40225,8 +40313,8 @@ CVE-2020-2037
RESERVED
CVE-2020-2036
RESERVED
-CVE-2020-2035
- RESERVED
+CVE-2020-2035 (When SSL/TLS Forward Proxy Decryption mode has been configured to decr ...)
+ TODO: check
CVE-2020-2034 (An OS Command Injection vulnerability in the PAN-OS GlobalProtect port ...)
NOT-FOR-US: Palo Alto Networks
CVE-2020-2033 (When the pre-logon feature is enabled, a missing certification validat ...)
@@ -43179,6 +43267,7 @@ CVE-2019-18886 (An issue was discovered in Symfony 4.2.0 to 4.2.11 and 4.3.0 to
NOTE: "loading the user" and thus are not affected.
NOTE: Fixed by: https://github.com/symfony/symfony/commit/7bd4a92fc9cc15d9a9fbb9eb1041e01b977f8332 (v4.2.12)
CVE-2019-18885 (fs/btrfs/volumes.c in the Linux kernel before 5.1 allows a btrfs_verif ...)
+ {DLA-2323-1}
- linux 5.2.6-1
[buster] - linux 4.19.131-1
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -43357,6 +43446,7 @@ CVE-2019-18816 (po-admin/route.php?mod=post&act=edit in PopojiCMS 2.0.1 allo
CVE-2019-18815 (PopojiCMS 2.0.1 allows refer= Open Redirection. ...)
NOT-FOR-US: PopojiCMS
CVE-2019-18814 (An issue was discovered in the Linux kernel through 5.3.9. There is a ...)
+ {DLA-2323-1}
- linux 5.7.6-1
[buster] - linux 4.19.131-1
[stretch] - linux <not-affected> (Vulnerability introduced later)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2af1f066c7c40ba6b016d62c38e0bcb29ea49f38
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2af1f066c7c40ba6b016d62c38e0bcb29ea49f38
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200812/cbfd2e94/attachment.html>
More information about the debian-security-tracker-commits
mailing list