[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 3 20:10:31 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
672a63f1 by security tracker role at 2020-12-03T20:10:23+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,85 @@
+CVE-2020-29529 (HashiCorp go-slug before 0.5.0 does not address attempts at directory ...)
+ TODO: check
+CVE-2020-29528
+ RESERVED
+CVE-2020-29527
+ RESERVED
+CVE-2020-29526
+ RESERVED
+CVE-2020-29525
+ RESERVED
+CVE-2020-29524
+ RESERVED
+CVE-2020-29523
+ RESERVED
+CVE-2020-29522
+ RESERVED
+CVE-2020-29521
+ RESERVED
+CVE-2020-29520
+ RESERVED
+CVE-2020-29519
+ RESERVED
+CVE-2020-29518
+ RESERVED
+CVE-2020-29517
+ RESERVED
+CVE-2020-29516
+ RESERVED
+CVE-2020-29515
+ RESERVED
+CVE-2020-29514
+ RESERVED
+CVE-2020-29513
+ RESERVED
+CVE-2020-29512
+ RESERVED
+CVE-2020-29511
+ RESERVED
+CVE-2020-29510
+ RESERVED
+CVE-2020-29509
+ RESERVED
+CVE-2020-29508
+ RESERVED
+CVE-2020-29507
+ RESERVED
+CVE-2020-29506
+ RESERVED
+CVE-2020-29505
+ RESERVED
+CVE-2020-29504
+ RESERVED
+CVE-2020-29503
+ RESERVED
+CVE-2020-29502
+ RESERVED
+CVE-2020-29501
+ RESERVED
+CVE-2020-29500
+ RESERVED
+CVE-2020-29499
+ RESERVED
+CVE-2020-29498
+ RESERVED
+CVE-2020-29497
+ RESERVED
+CVE-2020-29496
+ RESERVED
+CVE-2020-29495
+ RESERVED
+CVE-2020-29494
+ RESERVED
+CVE-2020-29493
+ RESERVED
+CVE-2020-29492
+ RESERVED
+CVE-2020-29491
+ RESERVED
+CVE-2020-29490
+ RESERVED
+CVE-2020-29489
+ RESERVED
CVE-2021-1735
RESERVED
CVE-2021-1734
@@ -1395,12 +1477,12 @@ CVE-2020-28941 (An issue was discovered in drivers/accessibility/speakup/spk_tty
NOTE: https://www.openwall.com/lists/oss-security/2020/11/19/3
CVE-2020-28940 (On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admi ...)
NOT-FOR-US: Western Digital My Cloud OS 5 devices
-CVE-2020-28939
- RESERVED
-CVE-2020-28938
- RESERVED
-CVE-2020-28937
- RESERVED
+CVE-2020-28939 (OpenClinic version 0.8.2 is affected by a medical/test_new.php insecur ...)
+ TODO: check
+CVE-2020-28938 (OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in ...)
+ TODO: check
+CVE-2020-28937 (OpenClinic version 0.8.2 is affected by a missing authentication vulne ...)
+ TODO: check
CVE-2020-28936
RESERVED
CVE-2020-28935
@@ -1449,8 +1531,8 @@ CVE-2020-28924 (An issue was discovered in Rclone before 1.53.3. Due to the use
NOTE: Fixed by: https://github.com/rclone/rclone/commit/f0905499e340f9e73e2552cf0c8b79cbf14ecbc4 (master)
NOTE: Fixed by: https://github.com/rclone/rclone/commit/4c215cc81ec6143ae3c64633700cb341ca28df2d (v1.53.3)
NOTE: Fixed by: https://github.com/rclone/rclone/commit/c8b11d27e1fe261fdfba6b8910fda69356c9c777 (v1.53.3)
-CVE-2020-28923
- RESERVED
+CVE-2020-28923 (An issue was discovered in Play Framework 2.8.0 through 2.8.4. Careful ...)
+ TODO: check
CVE-2020-28922 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...)
NOT-FOR-US: Devid Espenschied PC Analyser
CVE-2020-28921 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...)
@@ -5481,7 +5563,7 @@ CVE-2020-28272 (Prototype pollution vulnerability in 'keyget' versions 1.0.0 thr
TODO: check
CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0 through ...)
NOT-FOR-US: Node deephas
-CVE-2020-28270 (Overview:Prototype pollution vulnerability in ‘object-hierarchy- ...)
+CVE-2020-28270 (Prototype pollution vulnerability in ‘object-hierarchy-access ...)
NOT-FOR-US: Node object-hierarchy-access
CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1 through 1. ...)
NOT-FOR-US: Node field
@@ -5525,8 +5607,8 @@ CVE-2020-28253
RESERVED
CVE-2020-28252
RESERVED
-CVE-2020-28251
- RESERVED
+CVE-2020-28251 (NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sen ...)
+ TODO: check
CVE-2020-28250 (Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user ...)
NOT-FOR-US: Cellinx NVT Web Server
CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. ...)
@@ -5688,8 +5770,8 @@ CVE-2020-28177
RESERVED
CVE-2020-28176
RESERVED
-CVE-2020-28175
- RESERVED
+CVE-2020-28175 (There is a local privilege escalation vulnerability in Alfredo Milani ...)
+ TODO: check
CVE-2020-28174
RESERVED
CVE-2020-28173
@@ -6743,8 +6825,7 @@ CVE-2020-27785
RESERVED
CVE-2020-27784
RESERVED
-CVE-2020-27783
- RESERVED
+CVE-2020-27783 (A XSS vulnerability was discovered in python-lxml's clean module. The ...)
{DLA-2467-1}
- lxml 4.6.1-1
NOTE: https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e (lxml-4.6.1)
@@ -6760,8 +6841,7 @@ CVE-2020-27780
NOTE: Fixed by: https://github.com/linux-pam/linux-pam/commit/30fdfb90d9864bcc254a62760aaa149d373fd4eb
CVE-2020-27779
RESERVED
-CVE-2020-27778
- RESERVED
+CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...)
- poppler 0.85.0-2
[buster] - poppler <postponed> (Minor issue)
[stretch] - poppler <postponed> (Minor issue; maybe worth fixing later)
@@ -6866,47 +6946,41 @@ CVE-2020-27765
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1730
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a4c89f2a61069ad7637bc7749cc1a839de442526
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4321934be544bc2888c6799fd6b50d8188a3d832
-CVE-2020-27764
- RESERVED
+CVE-2020-27764 (In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOp ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1735
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5
-CVE-2020-27763
- RESERVED
+CVE-2020-27763 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <postponed> (Minor issue, DoS/div0 while package is mainly CLI)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1718
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/43539e67a47d2f8de832d33a5b26dc2a7a12294f
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/cc0944d57f846c839905d573503ab055b34090e4
-CVE-2020-27762
- RESERVED
+CVE-2020-27762 (A flaw was found in ImageMagick in coders/hdr.c. An attacker who submi ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1713
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7db3fa20893d557259da6e99e111954de83d2495
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e10f7c3c9f0394dfd6ebd372bc34a172dabc8ff
-CVE-2020-27761
- RESERVED
+CVE-2020-27761 (WritePALMImage() in /coders/palm.c used size_t casts in several areas ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1726
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/db5e12e24f1378ce8c93a5c35991dcdd23a67bb0
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/14c90fb315eb3666a4cf6d784cbde74c69c934ec
-CVE-2020-27760
- RESERVED
+CVE-2020-27760 (In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` v ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <postponed> (Minor issue, DoS/div0 while package is mainly CLI)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1717
NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/c5fcdea6a6ae27cf3db20c28b176e87b1a584e06
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/83cd04f580ccf4cc194813777c1fcfba78e602aa
-CVE-2020-27759
- RESERVED
+CVE-2020-27759 (In IntensityCompare() of /MagickCore/quantize.c, a double value was be ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range warning)
@@ -9049,6 +9123,7 @@ CVE-2020-26971
RESERVED
CVE-2020-26970
RESERVED
+ {DSA-4802-1}
- thunderbird 1:78.5.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970
CVE-2020-26969
@@ -11932,8 +12007,7 @@ CVE-2020-25712 [Fix XkbSetDeviceInfo() and SetDeviceIndicators() heap overflows]
RESERVED
- xorg-server 2:1.20.10-1 (bug #976216)
NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9
-CVE-2020-25711
- RESERVED
+CVE-2020-25711 (A flaw was found in infinispan 10 REST API, where authorization permis ...)
NOT-FOR-US: Infinispan
CVE-2020-25708 (A divide by zero issue was found to occur in libvncserver-0.9.12. A ma ...)
{DLA-2451-1}
@@ -12000,8 +12074,7 @@ CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5
[buster] - postgresql-11 <no-dsa> (Minor issue)
- postgresql-9.6 <removed>
NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
-CVE-2020-25693
- RESERVED
+CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer overflows ...)
{DLA-2462-1}
- cimg <unfixed> (bug #973770)
NOTE: https://github.com/dtschump/CImg/pull/295
@@ -12194,8 +12267,7 @@ CVE-2020-25650 (A flaw was found in the way the spice-vdagentd daemon handled fi
NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332
NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/9d35d8a86fb310fc1f29d428c0a96995948d2357
-CVE-2020-25649
- RESERVED
+CVE-2020-25649 (A flaw was found in FasterXML Jackson Databind, where it did not have ...)
{DLA-2406-1}
- jackson-databind 2.11.1-1
[buster] - jackson-databind <no-dsa> (Minor issue)
@@ -16376,20 +16448,20 @@ CVE-2020-23743
RESERVED
CVE-2020-23742
RESERVED
-CVE-2020-23741
- RESERVED
-CVE-2020-23740
- RESERVED
+CVE-2020-23741 (In AnyView (network police) network monitoring software 4.6.0.1, there ...)
+ TODO: check
+CVE-2020-23740 (In DriverGenius 9.61.5480.28 there is a local privilege escalation vul ...)
+ TODO: check
CVE-2020-23739
RESERVED
-CVE-2020-23738
- RESERVED
+CVE-2020-23738 (There is a local denial of service vulnerability in Advanced SystemCar ...)
+ TODO: check
CVE-2020-23737
RESERVED
-CVE-2020-23736
- RESERVED
-CVE-2020-23735
- RESERVED
+CVE-2020-23736 (There is a local denial of service vulnerability in DaDa accelerator 5 ...)
+ TODO: check
+CVE-2020-23735 (In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escal ...)
+ TODO: check
CVE-2020-23734
RESERVED
CVE-2020-23733
@@ -16404,10 +16476,10 @@ CVE-2020-23729
RESERVED
CVE-2020-23728
RESERVED
-CVE-2020-23727
- RESERVED
-CVE-2020-23726
- RESERVED
+CVE-2020-23727 (There is a local denial of service vulnerability in the Antiy Zhijia T ...)
+ TODO: check
+CVE-2020-23726 (There is a local denial of service vulnerability in Wise Care 365 5.5. ...)
+ TODO: check
CVE-2020-23725
RESERVED
CVE-2020-23724
@@ -28831,8 +28903,8 @@ CVE-2020-17529
RESERVED
CVE-2020-17528
RESERVED
-CVE-2020-17527
- RESERVED
+CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomcat 10. ...)
+ TODO: check
CVE-2020-17526
RESERVED
CVE-2020-17525
@@ -36564,8 +36636,7 @@ CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0 w
NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/46ee71edcd13e1dad50815ad65c28779aa6f7503
NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/752c9a52798f11d3b765b673ebaa3058eb25316e
NOTE: Introduced with: https://gitlab.com/cryptsetup/cryptsetup/-/commit/a7f80a27701450e40ef37e2224577f1a0c98cf0f (v2.2.0-rc0)
-CVE-2020-14381
- RESERVED
+CVE-2020-14381 (A flaw was found in the Linux kernel’s futex implementation. Thi ...)
- linux 5.5.13-1
[buster] - linux 4.19.118-1
[stretch] - linux 4.9.228-1
@@ -36691,8 +36762,7 @@ CVE-2020-14353
REJECTED
CVE-2020-14352 (A flaw was found in librepo in versions before 1.12.1. A directory tra ...)
NOT-FOR-US: librepo
-CVE-2020-14351 [perf: Fix race in perf_mmap_close function]
- RESERVED
+CVE-2020-14351 (A flaw was found in the Linux kernel. A use-after-free memory flaw was ...)
- linux 5.9.6-1
NOTE: https://lore.kernel.org/lkml/20200910104153.1672460-1-jolsa@kernel.org/
CVE-2020-14350 (It was found that some PostgreSQL extensions did not use search_path s ...)
@@ -36764,8 +36834,7 @@ CVE-2020-14340
[stretch] - jboss-xnio <not-affected> (vulnerable code is not present)
NOTE: Fix for 3.8: https://github.com/xnio/xnio/pull/233
NOTE: Fix for 3.7 (Buster): https://github.com/xnio/xnio/pull/234
-CVE-2020-14339 [leak of /dev/mapper/control into QEMU guests]
- RESERVED
+CVE-2020-14339 (A flaw was found in libvirt, where it leaked a file descriptor for `/d ...)
- libvirt 6.6.0-1 (bug #966563)
[buster] - libvirt <not-affected> (Vulnerable code introduced later)
[stretch] - libvirt <not-affected> (Vulnerable code introduced later)
@@ -36838,8 +36907,7 @@ CVE-2020-14320
RESERVED
CVE-2020-14319 (It was found that the AMQ Online console is vulnerable to a Cross-Site ...)
NOT-FOR-US: AMQ Online
-CVE-2020-14318 [Missing handle permissions check in SMB1/2/3 ChangeNotify]
- RESERVED
+CVE-2020-14318 (A flaw was found in the way samba handled file and directory permissio ...)
{DLA-2463-1}
[experimental] - samba 2:4.13.2+dfsg-1
- samba 2:4.13.2+dfsg-2 (bug #973400)
@@ -38890,8 +38958,7 @@ CVE-2020-13586
RESERVED
CVE-2020-13585
RESERVED
-CVE-2020-13584
- RESERVED
+CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...)
{DSA-4797-1}
- webkit2gtk 2.30.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -38978,15 +39045,14 @@ CVE-2020-13545
RESERVED
CVE-2020-13544
RESERVED
-CVE-2020-13543
- RESERVED
+CVE-2020-13543 (A code execution vulnerability exists in the WebSocket functionality o ...)
{DSA-4797-1}
- webkit2gtk 2.30.3-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
- wpewebkit 2.30.3-1
NOTE: https://webkitgtk.org/security/WSA-2020-0009.html
-CVE-2020-13542
- RESERVED
+CVE-2020-13542 (A local privilege elevation vulnerability exists in the file system pe ...)
+ TODO: check
CVE-2020-13541
RESERVED
CVE-2020-13540
@@ -39007,8 +39073,8 @@ CVE-2020-13533
RESERVED
CVE-2020-13532
RESERVED
-CVE-2020-13531
- RESERVED
+CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 pro ...)
+ TODO: check
CVE-2020-13530
RESERVED
CVE-2020-13529
@@ -39019,10 +39085,10 @@ CVE-2020-13527
RESERVED
CVE-2020-13526
RESERVED
-CVE-2020-13525
- RESERVED
-CVE-2020-13524
- RESERVED
+CVE-2020-13525 (The sort parameter in the download page /sysworkflow/en/neoclassic/rep ...)
+ TODO: check
+CVE-2020-13524 (An out-of-bounds memory corruption vulnerability exists in the way Pix ...)
+ TODO: check
CVE-2020-13523 (An exploitable information disclosure vulnerability exists in SoftPerf ...)
NOT-FOR-US: SoftPerfect
CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in SoftPerfe ...)
@@ -59418,8 +59484,8 @@ CVE-2020-6113 (An exploitable vulnerability exists in the object stream parsing
NOT-FOR-US: Nitro Pro
CVE-2020-6112 (An exploitable code execution vulnerability exists in the JPEG2000 Str ...)
NOT-FOR-US: Nitro Pro
-CVE-2020-6111
- RESERVED
+CVE-2020-6111 (An exploitable denial-of-service vulnerability exists in the IPv4 func ...)
+ TODO: check
CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way ...)
NOT-FOR-US: Zoom
CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...)
@@ -59664,16 +59730,16 @@ CVE-2020-6023 (Check Point ZoneAlarm before version 15.8.139.18543 allows a loca
NOT-FOR-US: Check Point ZoneAlarm
CVE-2020-6022 (Check Point ZoneAlarm before version 15.8.139.18543 allows a local act ...)
NOT-FOR-US: Check Point ZoneAlarm
-CVE-2020-6021
- RESERVED
+CVE-2020-6021 (Check Point Endpoint Security Client for Windows before version E84.20 ...)
+ TODO: check
CVE-2020-6020 (Check Point Security Management's Internal CA web management before Ju ...)
NOT-FOR-US: Check Point
CVE-2020-6019 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
NOT-FOR-US: Valve's Game Networking Sockets
CVE-2020-6018 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
TODO: check
-CVE-2020-6017
- RESERVED
+CVE-2020-6017 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
+ TODO: check
CVE-2020-6016 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...)
NOT-FOR-US: Valve's Game Networking Sockets
CVE-2020-6015 (Check Point Endpoint Security for Windows before E84.10 can reach deni ...)
@@ -60382,16 +60448,16 @@ CVE-2020-5682
RESERVED
CVE-2020-5681
RESERVED
-CVE-2020-5680
- RESERVED
-CVE-2020-5679
- RESERVED
-CVE-2020-5678
- RESERVED
-CVE-2020-5677
- RESERVED
-CVE-2020-5676
- RESERVED
+CVE-2020-5680 (Improper input validation vulnerability in EC-CUBE versions from 3.0.5 ...)
+ TODO: check
+CVE-2020-5679 (Improper restriction of rendered UI layers or frames in EC-CUBE versio ...)
+ TODO: check
+CVE-2020-5678 (Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier ...)
+ TODO: check
+CVE-2020-5677 (Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earli ...)
+ TODO: check
+CVE-2020-5676 (GROWI v4.1.3 and earlier allow remote attackers to obtain information ...)
+ TODO: check
CVE-2020-5675
RESERVED
CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...)
@@ -60466,8 +60532,8 @@ CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and ear
NOT-FOR-US: OneThird CMS
CVE-2020-5639
RESERVED
-CVE-2020-5638
- RESERVED
+CVE-2020-5638 (Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Sma ...)
+ TODO: check
CVE-2020-5637
RESERVED
CVE-2020-5636
@@ -69673,16 +69739,16 @@ CVE-2020-2326
RESERVED
CVE-2020-2325
RESERVED
-CVE-2020-2324
- RESERVED
-CVE-2020-2323
- RESERVED
-CVE-2020-2322
- RESERVED
-CVE-2020-2321
- RESERVED
-CVE-2020-2320
- RESERVED
+CVE-2020-2324 (Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser ...)
+ TODO: check
+CVE-2020-2323 (Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permissio ...)
+ TODO: check
+CVE-2020-2322 (Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permissio ...)
+ TODO: check
+CVE-2020-2321 (A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Pr ...)
+ TODO: check
+CVE-2020-2320 (Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not ve ...)
+ TODO: check
CVE-2020-2319 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a pa ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2318 (Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/672a63f11be3a4df868739bc1076f9fefe26bc84
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/672a63f11be3a4df868739bc1076f9fefe26bc84
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201203/f4bddcc6/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list