[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 1 21:10:29 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
f2087578 by security tracker role at 2020-07-01T20:10:21+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,61 @@
+CVE-2020-15497
+ RESERVED
+CVE-2020-15496
+ RESERVED
+CVE-2020-15495
+ RESERVED
+CVE-2020-15494
+ RESERVED
+CVE-2020-15493
+ RESERVED
+CVE-2020-15492
+ RESERVED
+CVE-2020-15491
+ RESERVED
+CVE-2020-15490
+ RESERVED
+CVE-2020-15489
+ RESERVED
+CVE-2020-15488
+ RESERVED
+CVE-2020-15487
+ RESERVED
+CVE-2020-15486
+ RESERVED
+CVE-2020-15485
+ RESERVED
+CVE-2020-15484
+ RESERVED
+CVE-2020-15483
+ RESERVED
+CVE-2020-15482
+ RESERVED
+CVE-2020-15481
+ RESERVED
+CVE-2020-15480
+ RESERVED
+CVE-2020-15479
+ RESERVED
+CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of sensiti ...)
+ TODO: check
+CVE-2020-15477
+ RESERVED
+CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...)
+ TODO: check
+CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...)
+ TODO: check
+CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...)
+ TODO: check
+CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...)
+ TODO: check
+CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...)
+ TODO: check
+CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a heap-b ...)
+ TODO: check
+CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...)
+ TODO: check
+CVE-2020-15469
+ RESERVED
CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...)
NOT-FOR-US: Persian VIP Download Script
CVE-2020-15467
@@ -3003,13 +3061,13 @@ CVE-2020-14198
RESERVED
CVE-2020-14197
RESERVED
-CVE-2020-14196
- RESERVED
+CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1 ...)
- pdns-recursor <unfixed> (low)
[buster] - pdns-recursor <postponed> (Minor issue, fix along in next DSA)
[stretch] - pdns-recursor <postponed> (Minor issue, fix along in next DSA)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/01/1
CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
+ {DLA-2270-1}
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
@@ -3343,6 +3401,7 @@ CVE-2020-14064
CVE-2020-14063
RESERVED
CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
+ {DLA-2270-1}
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
@@ -3350,6 +3409,7 @@ CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the in
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-14061 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
+ {DLA-2270-1}
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
@@ -3357,6 +3417,7 @@ CVE-2020-14061 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the in
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
CVE-2020-14060 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
+ {DLA-2270-1}
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
[stretch] - jackson-databind <no-dsa> (Minor issue; can be fixed via a point release)
@@ -3373,12 +3434,12 @@ CVE-2020-14058 (An issue was discovered in Squid before 4.12 and 5.x before 5.0.
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57
NOTE: Squid in Debian builds without OpenSSL support
-CVE-2020-14057
- RESERVED
-CVE-2020-14056
- RESERVED
-CVE-2020-14055
- RESERVED
+CVE-2020-14057 (Monsta FTP 2.10.1 or below allows external control of paths used in fi ...)
+ TODO: check
+CVE-2020-14056 (Monsta FTP 2.10.1 or below is prone to a server-side request forgery v ...)
+ TODO: check
+CVE-2020-14055 (Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting v ...)
+ TODO: check
CVE-2020-14054 (SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e ...)
NOT-FOR-US: SOKKIA GNR5 Vanguard WEB
CVE-2020-14053
@@ -3416,30 +3477,30 @@ CVE-2020-XXXX [Editor: Ensure latest comments can only be viewed from public pos
[buster] - wordpress 5.0.10+dfsg1-0+deb10u1
NOTE: https://core.trac.wordpress.org/changeset/47984
CVE-2020-4050 (In affected versions of WordPress, misuse of the `set-screen-option` f ...)
- {DSA-4709-1}
+ {DSA-4709-1 DLA-2269-1}
- wordpress 5.4.2+dfsg1-1 (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47951
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
NOTE: https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920
CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the name of ...)
- {DSA-4709-1}
+ {DSA-4709-1 DLA-2269-1}
- wordpress 5.4.2+dfsg1-1 (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47950
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p
NOTE: https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148
CVE-2020-4048 (In affected versions of WordPress, due to an issue in wp_validate_redi ...)
- {DSA-4709-1}
+ {DSA-4709-1 DLA-2269-1}
- wordpress 5.4.2+dfsg1-1 (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47949
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5
NOTE: https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693
CVE-2020-4046 (In affected versions of WordPress, users with low privileges (like con ...)
- {DSA-4709-1}
+ {DSA-4709-1 DLA-2269-1}
- wordpress 5.4.2+dfsg1-1 (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47947
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf
CVE-2020-4047 (In affected versions of WordPress, authenticated users with upload per ...)
- {DSA-4709-1}
+ {DSA-4709-1 DLA-2269-1}
- wordpress 5.4.2+dfsg1-1 (bug #962685)
NOTE: https://core.trac.wordpress.org/changeset/47948
NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27
@@ -4549,8 +4610,8 @@ CVE-2020-13621
RESERVED
CVE-2020-13620
RESERVED
-CVE-2020-13619
- RESERVED
+CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attack ...)
+ TODO: check
CVE-2020-13618
RESERVED
CVE-2020-13617
@@ -5067,14 +5128,14 @@ CVE-2020-13385
RESERVED
CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...)
NOT-FOR-US: Monstra CMS
-CVE-2020-13383
- RESERVED
-CVE-2020-13382
- RESERVED
-CVE-2020-13381
- RESERVED
-CVE-2020-13380
- RESERVED
+CVE-2020-13383 (openSIS through 7.4 allows Directory Traversal. ...)
+ TODO: check
+CVE-2020-13382 (openSIS through 7.4 has Incorrect Access Control. ...)
+ TODO: check
+CVE-2020-13381 (openSIS through 7.4 allows SQL Injection. ...)
+ TODO: check
+CVE-2020-13380 (openSIS before 7.4 allows SQL Injection. ...)
+ TODO: check
CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ...)
- grafana <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/4
@@ -6933,14 +6994,11 @@ CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using th
NOT-FOR-US: fastecdsa
CVE-2020-12606
RESERVED
-CVE-2020-12605
- RESERVED
+CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-12604
- RESERVED
+CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-12603
- RESERVED
+CVE-2020-12603 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-12602
RESERVED
@@ -7150,10 +7208,10 @@ CVE-2020-12500
RESERVED
CVE-2020-12499
RESERVED
-CVE-2020-12498
- RESERVED
-CVE-2020-12497
- RESERVED
+CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...)
+ TODO: check
+CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...)
+ TODO: check
CVE-2020-12496
RESERVED
CVE-2020-12495
@@ -7359,30 +7417,35 @@ CVE-2020-12422
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422
CVE-2020-12421
RESERVED
+ {DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12421
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421
CVE-2020-12420
RESERVED
+ {DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12420
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420
CVE-2020-12419
RESERVED
+ {DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12419
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419
CVE-2020-12418
RESERVED
+ {DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12418
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418
CVE-2020-12417
RESERVED
+ {DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12417
@@ -18086,8 +18149,7 @@ CVE-2020-8665
RESERVED
CVE-2020-8664 (CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-8663
- RESERVED
+CVE-2020-8663 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descr ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-8662
RESERVED
@@ -20465,10 +20527,10 @@ CVE-2020-7691
RESERVED
CVE-2020-7690
RESERVED
-CVE-2020-7689
- RESERVED
-CVE-2020-7688
- RESERVED
+CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes. ...)
+ TODO: check
+CVE-2020-7688 (The issue occurs because tagName user input is formatted inside the ex ...)
+ TODO: check
CVE-2020-7687
RESERVED
CVE-2020-7686
@@ -23974,8 +24036,8 @@ CVE-2020-6263 (Standalone clients connecting to SAP NetWeaver AS Java via P4 Pro
NOT-FOR-US: SAP
CVE-2020-6262 (Service Data Download in SAP Application Server ABAP (ST-PI, before ve ...)
NOT-FOR-US: SAP
-CVE-2020-6261
- RESERVED
+CVE-2020-6261 (SAP Solution Manager (Trace Analysis), version 7.20, allows an attacke ...)
+ TODO: check
CVE-2020-6260 (SAP Solution Manager (Trace Analysis), version 7.20, allows an attacke ...)
NOT-FOR-US: SAP
CVE-2020-6259 (Under certain conditions SAP Adaptive Server Enterprise, versions 15.7 ...)
@@ -24350,8 +24412,8 @@ CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the
NOT-FOR-US: EPSON
CVE-2020-6090 (An exploitable code execution vulnerability exists in the Web-Based Ma ...)
NOT-FOR-US: WAGO
-CVE-2020-6089
- RESERVED
+CVE-2020-6089 (An exploitable code execution vulnerability exists in the ANI file for ...)
+ TODO: check
CVE-2020-6088
RESERVED
CVE-2020-6087
@@ -24794,26 +24856,26 @@ CVE-2020-5910
RESERVED
CVE-2020-5909
RESERVED
-CVE-2020-5908
- RESERVED
-CVE-2020-5907
- RESERVED
-CVE-2020-5906
- RESERVED
-CVE-2020-5905
- RESERVED
-CVE-2020-5904
- RESERVED
-CVE-2020-5903
- RESERVED
-CVE-2020-5902
- RESERVED
-CVE-2020-5901
- RESERVED
-CVE-2020-5900
- RESERVED
-CVE-2020-5899
- RESERVED
+CVE-2020-5908 (In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, ...)
+ TODO: check
+CVE-2020-5907 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, ...)
+ TODO: check
+CVE-2020-5906 (In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the ...)
+ TODO: check
+CVE-2020-5905 (In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility ...)
+ TODO: check
+CVE-2020-5904 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...)
+ TODO: check
+CVE-2020-5903 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...)
+ TODO: check
+CVE-2020-5902 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...)
+ TODO: check
+CVE-2020-5901 (In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow f ...)
+ TODO: check
+CVE-2020-5900 (In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient ...)
+ TODO: check
+CVE-2020-5899 (In NGINX Controller 3.0.0-3.4.0, recovery code required to change a us ...)
+ TODO: check
CVE-2020-5898 (In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver d ...)
NOT-FOR-US: F5 BIG-IP
CVE-2020-5897 (In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability ...)
@@ -28445,8 +28507,8 @@ CVE-2020-4422 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote at
NOT-FOR-US: IBM
CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allo ...)
NOT-FOR-US: IBM
-CVE-2020-4420
- RESERVED
+CVE-2020-4420 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2020-4419 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...)
NOT-FOR-US: IBM
CVE-2020-4418
@@ -28457,8 +28519,8 @@ CVE-2020-4416
RESERVED
CVE-2020-4415 (IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based ...)
NOT-FOR-US: IBM
-CVE-2020-4414
- RESERVED
+CVE-2020-4414 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2020-4413 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
NOT-FOR-US: IBM
CVE-2020-4412 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...)
@@ -28511,10 +28573,10 @@ CVE-2020-4389
RESERVED
CVE-2020-4388
RESERVED
-CVE-2020-4387
- RESERVED
-CVE-2020-4386
- RESERVED
+CVE-2020-4387 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
+CVE-2020-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2020-4385
RESERVED
CVE-2020-4384 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
@@ -28533,8 +28595,8 @@ CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileg
NOT-FOR-US: IBM
CVE-2020-4377
RESERVED
-CVE-2020-4376
- RESERVED
+CVE-2020-4376 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could ...)
+ TODO: check
CVE-2020-4375
RESERVED
CVE-2020-4374
@@ -28559,8 +28621,8 @@ CVE-2020-4365 (IBM WebSphere Application Server 8.5 is vulnerable to server-side
NOT-FOR-US: IBM
CVE-2020-4364
RESERVED
-CVE-2020-4363
- RESERVED
+CVE-2020-4363 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2020-4362 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...)
NOT-FOR-US: IBM
CVE-2020-4361
@@ -28575,8 +28637,8 @@ CVE-2020-4357 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote a
NOT-FOR-US: IBM
CVE-2020-4356
RESERVED
-CVE-2020-4355
- RESERVED
+CVE-2020-4355 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
+ TODO: check
CVE-2020-4354
RESERVED
CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the device ...)
@@ -29152,7 +29214,7 @@ CVE-2020-4069
CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...)
NOT-FOR-US: APNSwift
CVE-2020-4067 (In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN ...)
- {DSA-4711-1}
+ {DSA-4711-1 DLA-2271-1}
- coturn 4.5.1.3-1
NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
NOTE: https://github.com/coturn/coturn/commit/170da1140797748ae85565b5a93a2e35e7b07b6a
@@ -33851,8 +33913,8 @@ CVE-2020-2502
RESERVED
CVE-2020-2501
RESERVED
-CVE-2020-2500
- RESERVED
+CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows attacker ...)
+ TODO: check
CVE-2020-2499
RESERVED
CVE-2020-2498
@@ -82936,12 +82998,12 @@ CVE-2019-4708
RESERVED
CVE-2019-4707 (IBM Security Access Manager Appliance 9.0.7.0 is vulnerable to an XML ...)
NOT-FOR-US: IBM
-CVE-2019-4706
- RESERVED
-CVE-2019-4705
- RESERVED
-CVE-2019-4704
- RESERVED
+CVE-2019-4706 (IBM Security Identity Manager Virtual Appliance 7.0.2 writes informati ...)
+ TODO: check
+CVE-2019-4705 (IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensit ...)
+ TODO: check
+CVE-2019-4704 (IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the ...)
+ TODO: check
CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft ...)
NOT-FOR-US: IBM
CVE-2019-4702
@@ -82996,8 +83058,8 @@ CVE-2019-4678
RESERVED
CVE-2019-4677
RESERVED
-CVE-2019-4676
- RESERVED
+CVE-2019-4676 (IBM Security Identity Manager Virtual Appliance 7.0.2 stores user cred ...)
+ TODO: check
CVE-2019-4675 (IBM Security Identity Manager 7.0.1 contains hard-coded credentials, s ...)
NOT-FOR-US: IBM
CVE-2019-4674 (IBM Security Identity Manager 7.0.1 could allow a remote attacker to t ...)
@@ -197909,8 +197971,8 @@ CVE-2017-1714 (IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated
NOT-FOR-US: IBM Notes and Domino NSD
CVE-2017-1713 (IBM InfoSphere Streams 4.2.1 uses weaker than expected cryptographic a ...)
NOT-FOR-US: IBM
-CVE-2017-1712
- RESERVED
+CVE-2017-1712 ("A vulnerability in the TLS protocol implementation of the Domino serv ...)
+ TODO: check
CVE-2017-1711 (IBM iNotes 8.5 and 9.0 SUService can be misguided into running malicio ...)
NOT-FOR-US: IBM iNotes
CVE-2017-1710 (A vulnerability in the Service Assistant GUI in IBM Storwize V7000 (20 ...)
@@ -198015,8 +198077,8 @@ CVE-2017-1661
RESERVED
CVE-2017-1660
RESERVED
-CVE-2017-1659
- RESERVED
+CVE-2017-1659 ("HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerabili ...)
+ TODO: check
CVE-2017-1658
RESERVED
CVE-2017-1657
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f208757863f5d2ca366ce4a1604fa6bb9e7fcfff
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f208757863f5d2ca366ce4a1604fa6bb9e7fcfff
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200701/1a161d9d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list