[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Jul 9 21:10:24 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bd8154e9 by security tracker role at 2020-07-09T20:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -281,8 +281,8 @@ CVE-2020-15528 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escal
NOT-FOR-US: GOG Galaxy client
CVE-2020-15527
RESERVED
-CVE-2020-15526
- RESERVED
+CVE-2020-15526 (In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for ...)
+ TODO: check
CVE-2020-15525 (GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of ...)
- gitlab <not-affected> (Specific to EE)
CVE-2020-15524
@@ -320,11 +320,11 @@ CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU L
NOT-FOR-US: Nordic Semiconductor
CVE-2020-15508
RESERVED
-CVE-2020-15507 (MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, ...)
+CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core and Connect ...)
NOT-FOR-US: MobileIron Core and Connector
-CVE-2020-15506 (MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, ...)
+CVE-2020-15506 (An Authentication Bypass vulnerability in MobileIron Core and Connecto ...)
NOT-FOR-US: MobileIron Core and Connector
-CVE-2020-15505 (MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, ...)
+CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core and Connector ...)
NOT-FOR-US: MobileIron Core and Connector
CVE-2020-15504
RESERVED
@@ -799,8 +799,8 @@ CVE-2020-15301
RESERVED
CVE-2020-15300
RESERVED
-CVE-2020-15299
- RESERVED
+CVE-2020-15299 (A reflected Cross-Site Scripting (XSS) Vulnerability in the KingCompos ...)
+ TODO: check
CVE-2020-15298
RESERVED
CVE-2020-15297
@@ -1211,10 +1211,10 @@ CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an inf
TODO: check
CVE-2020-15094
RESERVED
-CVE-2020-15093
- RESERVED
-CVE-2020-15092
- RESERVED
+CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does not pro ...)
+ TODO: check
+CVE-2020-15092 (In TimelineJS before version 3.7.0, some user data renders as HTML. An ...)
+ TODO: check
CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6 allows block ...)
NOT-FOR-US: TenderMint
CVE-2020-15090
@@ -1418,10 +1418,10 @@ CVE-2020-15003
RESERVED
CVE-2020-15002
RESERVED
-CVE-2020-15001
- RESERVED
-CVE-2020-15000
- RESERVED
+CVE-2020-15001 (An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0 ...)
+ TODO: check
+CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5 devices 5. ...)
+ TODO: check
CVE-2020-14999
RESERVED
CVE-2020-14998
@@ -3521,10 +3521,10 @@ CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center
NOT-FOR-US: Atlassian
CVE-2020-14172 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
NOT-FOR-US: Atlassian
-CVE-2020-14171
- RESERVED
-CVE-2020-14170
- RESERVED
+CVE-2020-14171 (Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 all ...)
+ TODO: check
+CVE-2020-14170 (Webhooks in Atlassian Bitbucket Server from version 5.4.0 before versi ...)
+ TODO: check
CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...)
NOT-FOR-US: Atlassian
CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...)
@@ -4008,7 +4008,7 @@ CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafil
- libemf 1.0.13-1 (bug #963778)
[buster] - libemf <no-dsa> (Minor issue)
NOTE: Fixed upstream in 1.0.13
-CVE-2020-13998 (** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA ...)
+CVE-2020-13998 (** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled ...)
NOT-FOR-US: Citrix
CVE-2020-13997
RESERVED
@@ -4016,12 +4016,12 @@ CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL inject
NOT-FOR-US: J2Store plugin for Joomla!
CVE-2020-13995
RESERVED
-CVE-2020-13994
- RESERVED
-CVE-2020-13993
- RESERVED
-CVE-2020-13992
- RESERVED
+CVE-2020-13994 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A pri ...)
+ TODO: check
+CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A bli ...)
+ TODO: check
+CVE-2020-13992 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Sto ...)
+ TODO: check
CVE-2020-13991
RESERVED
CVE-2020-13990
@@ -6099,10 +6099,10 @@ CVE-2020-13134
RESERVED
CVE-2020-13133
RESERVED
-CVE-2020-13132
- RESERVED
-CVE-2020-13131
- RESERVED
+CVE-2020-13132 (An issue was discovered in Yubico libykpiv before 2.1.0. An attacker c ...)
+ TODO: check
+CVE-2020-13131 (An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in ...)
+ TODO: check
CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...)
{DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1}
- linux 5.6.14-1
@@ -7812,28 +7812,22 @@ CVE-2020-12428
RESERVED
CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...)
NOT-FOR-US: Western Digital
-CVE-2020-12426
- RESERVED
+CVE-2020-12426 (Mozilla developers and community members reported memory safety bugs p ...)
- firefox 78.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12426
-CVE-2020-12425
- RESERVED
+CVE-2020-12425 (Due to confusion processing a hyphen character in Date.parse(), a one- ...)
- firefox 78.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12425
-CVE-2020-12424
- RESERVED
+CVE-2020-12424 (When constructing a permission prompt for WebRTC, a URI was supplied f ...)
- firefox 78.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12424
-CVE-2020-12423
- RESERVED
+CVE-2020-12423 (When the Windows DLL "webauthn.dll" was missing from the Operating Sys ...)
- firefox <not-affected> (Windows-specific)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12423
-CVE-2020-12422
- RESERVED
+CVE-2020-12422 (In non-standard configurations, a JPEG image created by JavaScript cou ...)
- firefox 78.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422
-CVE-2020-12421
- RESERVED
+CVE-2020-12421 (When performing add-on updates, certificate chains terminating in non- ...)
{DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
@@ -7841,8 +7835,7 @@ CVE-2020-12421
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12421
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12421
-CVE-2020-12420
- RESERVED
+CVE-2020-12420 (When trying to connect to a STUN server, a race condition could have c ...)
{DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
@@ -7850,8 +7843,7 @@ CVE-2020-12420
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12420
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12420
-CVE-2020-12419
- RESERVED
+CVE-2020-12419 (When processing callbacks that occurred during window flushing in the ...)
{DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
@@ -7859,8 +7851,7 @@ CVE-2020-12419
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12419
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12419
-CVE-2020-12418
- RESERVED
+CVE-2020-12418 (Manipulating individual parts of a URL object could have caused an out ...)
{DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
@@ -7868,8 +7859,7 @@ CVE-2020-12418
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12418
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12418
-CVE-2020-12417
- RESERVED
+CVE-2020-12417 (Due to confusion about ValueTags on JavaScript Objects, an object may ...)
{DSA-4718-1 DSA-4713-1}
- firefox 78.0-1
- firefox-esr 68.10.0esr-1
@@ -7877,26 +7867,22 @@ CVE-2020-12417
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12417
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12417
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12417
-CVE-2020-12416
- RESERVED
+CVE-2020-12416 (A VideoStreamEncoder may have been freed in a race condition with Vide ...)
- firefox 78.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12416
-CVE-2020-12415
- RESERVED
+CVE-2020-12415 (When "%2F" was present in a manifest URL, Firefox's AppCache behavior ...)
- firefox 78.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12415
-CVE-2020-12414
- RESERVED
+CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode and it ...)
+ TODO: check
CVE-2020-12413
RESERVED
-CVE-2020-12412
- RESERVED
-CVE-2020-12411
- RESERVED
+CVE-2020-12412 (By navigating a tab using the history API, an attacker could cause the ...)
+ TODO: check
+CVE-2020-12411 (Mozilla developers reported memory safety bugs present in Firefox 76. ...)
- firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
-CVE-2020-12410
- RESERVED
+CVE-2020-12410 (Mozilla developers reported memory safety bugs present in Firefox 76 a ...)
{DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
@@ -7904,20 +7890,16 @@ CVE-2020-12410
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12410
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12410
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12410
-CVE-2020-12409
- RESERVED
+CVE-2020-12409 (When using certain blank characters in a URL, they where incorrectly r ...)
- firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12409
-CVE-2020-12408
- RESERVED
+CVE-2020-12408 (When browsing a document hosted on an IP address, an attacker could in ...)
- firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12408
-CVE-2020-12407
- RESERVED
+CVE-2020-12407 (Mozilla Developer Nicolas Silva found that when using WebRender, Firef ...)
- firefox 77.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
-CVE-2020-12406
- RESERVED
+CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check during ...)
{DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
@@ -7925,8 +7907,7 @@ CVE-2020-12406
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12406
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406
-CVE-2020-12405
- RESERVED
+CVE-2020-12405 (When browsing a malicious page, a race condition in our SharedWorkerSe ...)
{DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
@@ -7934,12 +7915,11 @@ CVE-2020-12405
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12405
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12405
-CVE-2020-12404
- RESERVED
+CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be passed ...)
+ TODO: check
CVE-2020-12403
RESERVED
-CVE-2020-12402 [Side channel vulnerabilities during RSA key generation]
- RESERVED
+CVE-2020-12402 (During RSA key generation, bignum implementations used a variation of ...)
{DLA-2266-1}
- nss 2:3.53.1-1 (bug #963152)
NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
@@ -7948,8 +7928,7 @@ CVE-2020-12401
RESERVED
CVE-2020-12400
RESERVED
-CVE-2020-12399 [Force a fixed length for DSA exponentiation]
- RESERVED
+CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures, which ...)
{DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
@@ -7960,8 +7939,7 @@ CVE-2020-12399 [Force a fixed length for DSA exponentiation]
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12399
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399
-CVE-2020-12398
- RESERVED
+CVE-2020-12398 (If Thunderbird is configured to use STARTTLS for an IMAP server, and t ...)
{DSA-4702-1 DLA-2247-1}
- thunderbird 1:68.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398
@@ -8952,7 +8930,7 @@ CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure on
CVE-2020-11993
RESERVED
CVE-2020-11992
- RESERVED
+ REJECTED
CVE-2020-11991
RESERVED
CVE-2020-11990
@@ -12695,7 +12673,7 @@ CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not
[stretch] - pdns-recursor <end-of-life> (No longer supported, see DSA 4691)
NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html
NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3
-CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.0.0, there are multipl ...)
+CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...)
- pillow <unfixed>
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4505
@@ -13555,6 +13533,7 @@ CVE-2020-10760 (A use-after-free flaw was found in all samba LDAP server version
NOTE: https://www.samba.org/samba/security/CVE-2020-10760.html
CVE-2020-10759 [Possible bypass in signature verification]
RESERVED
+ {DLA-2274-1}
- fwupd 1.3.10-1 (bug #962517)
[buster] - fwupd <no-dsa> (Will be fixed via point release)
- libjcat 0.1.3-1
@@ -13570,8 +13549,7 @@ CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 i
- linux 5.6.14-2
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9
-CVE-2020-10756 [slirp: networking out-of-bounds read information disclosure vulnerability]
- RESERVED
+CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP networking ...)
- libslirp <unfixed>
- qemu 1:4.1-2
[buster] - qemu <postponed> (Minor issue)
@@ -14610,7 +14588,7 @@ CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libIma
[jessie] - pillow <not-affected> (Support for old-JPEG compressed TIFFs introduced in 6.0.0)
NOTE: https://github.com/python-pillow/Pillow/pull/4538
NOTE: Fixed in 6.2.3 and 7.1.0
-CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.0.1, an out-of-bou ...)
+CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.1.0, an out-of-bou ...)
- pillow <unfixed>
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4538
@@ -15077,7 +15055,7 @@ CVE-2020-10179
RESERVED
CVE-2020-10178
REJECTED
-CVE-2020-10177 (Pillow before 7.0.1 has multiple out-of-bounds reads in libImaging/Fli ...)
+CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...)
- pillow <unfixed>
[jessie] - pillow <no-dsa> (Minor issue)
NOTE: https://github.com/python-pillow/Pillow/pull/4503
@@ -16886,10 +16864,10 @@ CVE-2020-9379 (The Software Development Kit of the MiContact Center Business wit
NOT-FOR-US: Mitel
CVE-2020-9378
RESERVED
-CVE-2020-9377
- RESERVED
-CVE-2020-9376
- RESERVED
+CVE-2020-9377 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Co ...)
+ TODO: check
+CVE-2020-9376 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Informati ...)
+ TODO: check
CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows re ...)
NOT-FOR-US: TP-Link
CVE-2019-20482
@@ -20970,10 +20948,10 @@ CVE-2020-7695
RESERVED
CVE-2020-7694
RESERVED
-CVE-2020-7693
- RESERVED
-CVE-2020-7692
- RESERVED
+CVE-2020-7693 (Incorrect handling of Upgrade header with the value websocket leads in ...)
+ TODO: check
+CVE-2020-7692 (PKCE support is not implemented in accordance with the RFC for OAuth 2 ...)
+ TODO: check
CVE-2020-7691 (In all versions of the package jspdf, it is possible to use <<sc ...)
TODO: check
CVE-2020-7690 (In all versions of package jspdf, it is possible to inject JavaScript ...)
@@ -21492,10 +21470,10 @@ CVE-2020-7460
RESERVED
CVE-2020-7459
RESERVED
-CVE-2020-7458
- RESERVED
-CVE-2020-7457
- RESERVED
+CVE-2020-7458 (In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and ...)
+ TODO: check
+CVE-2020-7457 (In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-ST ...)
+ TODO: check
CVE-2020-7456 (In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-ST ...)
- kfreebsd-10 <unfixed> (unimportant)
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:17.usb.asc
@@ -26542,8 +26520,8 @@ CVE-2020-5368 (Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper
NOT-FOR-US: EMC
CVE-2020-5367 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC U ...)
NOT-FOR-US: Dell EMC
-CVE-2020-5366
- RESERVED
+CVE-2020-5366 (Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal ...)
+ TODO: check
CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vul ...)
NOT-FOR-US: EMC
CVE-2020-5364 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vul ...)
@@ -29260,8 +29238,8 @@ CVE-2020-4307 (IBM Security Guardium 11.1 could allow an attacker on the same ne
NOT-FOR-US: IBM
CVE-2020-4306 (IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cros ...)
NOT-FOR-US: IBM
-CVE-2020-4305
- RESERVED
+CVE-2020-4305 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a r ...)
+ TODO: check
CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...)
NOT-FOR-US: IBM
CVE-2020-4303 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...)
@@ -29524,8 +29502,8 @@ CVE-2020-4175
RESERVED
CVE-2020-4174
RESERVED
-CVE-2020-4173
- RESERVED
+CVE-2020-4173 (IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure a ...)
+ TODO: check
CVE-2020-4172
RESERVED
CVE-2020-4171
@@ -44904,8 +44882,8 @@ CVE-2019-17640
RESERVED
CVE-2019-17639
RESERVED
-CVE-2019-17638
- RESERVED
+CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in ca ...)
+ TODO: check
CVE-2019-17637
RESERVED
CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre ...)
@@ -68531,7 +68509,7 @@ CVE-2019-10097 (In Apache HTTP Server 2.4.32-2.4.39, when mod_remoteip was confi
NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-10097
NOTE: https://svn.apache.org/r1864613
CVE-2019-10096
- RESERVED
+ REJECTED
CVE-2019-10095
RESERVED
CVE-2019-10094 (A carefully crafted package/compressed file that, when unzipped/uncomp ...)
@@ -116144,8 +116122,7 @@ CVE-2018-12372 (Decrypted S/MIME parts, when included in HTML crafted for an att
{DSA-4244-1 DLA-1425-1}
- thunderbird 1:52.9.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-18/#CVE-2018-12372
-CVE-2018-12371
- RESERVED
+CVE-2018-12371 (An integer overflow vulnerability in the Skia library when allocating ...)
{DSA-4295-1 DLA-1575-1}
- firefox 61.0-1
- thunderbird 1:60.0-1
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd8154e9793b7751d7ee36a70d5cf0fc4dd4c2e4
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bd8154e9793b7751d7ee36a70d5cf0fc4dd4c2e4
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200709/3de02238/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list