[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jul 15 21:10:36 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9437bec6 by security tracker role at 2020-07-15T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,5 @@
+CVE-2020-15778
+ RESERVED
CVE-2020-15777
RESERVED
CVE-2020-15776
@@ -118,12 +120,12 @@ CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class
NOTE: https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72
CVE-2020-15719 (libldap in certain third-party OpenLDAP packages has a certificate-val ...)
TODO: check
-CVE-2020-15718
- RESERVED
-CVE-2020-15717
- RESERVED
-CVE-2020-15716
- RESERVED
+CVE-2020-15718 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...)
+ TODO: check
+CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...)
+ TODO: check
+CVE-2020-15716 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...)
+ TODO: check
CVE-2020-15715
RESERVED
CVE-2020-15714
@@ -154,18 +156,18 @@ CVE-2020-15702
RESERVED
CVE-2020-15701
RESERVED
-CVE-2020-15700
- RESERVED
-CVE-2020-15699
- RESERVED
-CVE-2020-15698
- RESERVED
-CVE-2020-15697
- RESERVED
-CVE-2020-15696
- RESERVED
-CVE-2020-15695
- RESERVED
+CVE-2020-15700 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...)
+ TODO: check
+CVE-2020-15699 (An issue was discovered in Joomla! through 3.9.19. Missing validation ...)
+ TODO: check
+CVE-2020-15698 (An issue was discovered in Joomla! through 3.9.19. Inadequate filterin ...)
+ TODO: check
+CVE-2020-15697 (An issue was discovered in Joomla! through 3.9.19. Internal read-only ...)
+ TODO: check
+CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input filte ...)
+ TODO: check
+CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...)
+ TODO: check
CVE-2020-15694
RESERVED
CVE-2020-15693
@@ -458,8 +460,7 @@ CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script
NOT-FOR-US: SolarWinds Serv-U File Server
CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponen ...)
NOT-FOR-US: WebChess
-CVE-2020-15572 [TROVE-2020-001]
- RESERVED
+CVE-2020-15572 (Tor before 0.4.3.6 has an out-of-bounds memory access that allows a re ...)
- tor 0.4.3.6-1 (unimportant)
NOTE: Tor in Debian doesn't use NSS
NOTE: https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes
@@ -1460,8 +1461,8 @@ CVE-2020-15119
RESERVED
CVE-2020-15118
RESERVED
-CVE-2020-15117
- RESERVED
+CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...)
+ TODO: check
CVE-2020-15116
RESERVED
CVE-2020-15115
@@ -2321,481 +2322,421 @@ CVE-2020-14726
RESERVED
CVE-2020-14725
RESERVED
-CVE-2020-14724
- RESERVED
-CVE-2020-14723
- RESERVED
-CVE-2020-14722
- RESERVED
-CVE-2020-14721
- RESERVED
-CVE-2020-14720
- RESERVED
-CVE-2020-14719
- RESERVED
-CVE-2020-14718
- RESERVED
-CVE-2020-14717
- RESERVED
-CVE-2020-14716
- RESERVED
-CVE-2020-14715
- RESERVED
+CVE-2020-14724 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2020-14723 (Vulnerability in the Oracle Help Technologies product of Oracle Fusion ...)
+ TODO: check
+CVE-2020-14722 (Vulnerability in the Oracle Enterprise Communications Broker product o ...)
+ TODO: check
+CVE-2020-14721 (Vulnerability in the Oracle Enterprise Communications Broker product o ...)
+ TODO: check
+CVE-2020-14720 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...)
+ TODO: check
+CVE-2020-14719 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...)
+ TODO: check
+CVE-2020-14718 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...)
+ TODO: check
+CVE-2020-14717 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
+ TODO: check
+CVE-2020-14716 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
+ TODO: check
+CVE-2020-14715 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14714
- RESERVED
+CVE-2020-14714 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14713
- RESERVED
+CVE-2020-14713 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14712
- RESERVED
+CVE-2020-14712 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14711
- RESERVED
+CVE-2020-14711 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox <not-affected> (MacOS-specific)
-CVE-2020-14710
- RESERVED
-CVE-2020-14709
- RESERVED
-CVE-2020-14708
- RESERVED
-CVE-2020-14707
- RESERVED
+CVE-2020-14710 (Vulnerability in the Customer Management and Segmentation Foundation p ...)
+ TODO: check
+CVE-2020-14709 (Vulnerability in the Customer Management and Segmentation Foundation p ...)
+ TODO: check
+CVE-2020-14708 (Vulnerability in the Customer Management and Segmentation Foundation p ...)
+ TODO: check
+CVE-2020-14707 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14706
- RESERVED
-CVE-2020-14705
- RESERVED
-CVE-2020-14704
- RESERVED
+CVE-2020-14706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ TODO: check
+CVE-2020-14705 (Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (c ...)
+ TODO: check
+CVE-2020-14704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14703
- RESERVED
+CVE-2020-14703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14702
- RESERVED
+CVE-2020-14702 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14701
- RESERVED
-CVE-2020-14700
- RESERVED
+CVE-2020-14701 (Vulnerability in the Oracle SD-WAN Aware product of Oracle Communicati ...)
+ TODO: check
+CVE-2020-14700 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14699
- RESERVED
+CVE-2020-14699 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14698
- RESERVED
+CVE-2020-14698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14697
- RESERVED
+CVE-2020-14697 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14696
- RESERVED
-CVE-2020-14695
- RESERVED
+CVE-2020-14696 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ TODO: check
+CVE-2020-14695 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14694
- RESERVED
+CVE-2020-14694 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14693
- RESERVED
-CVE-2020-14692
- RESERVED
-CVE-2020-14691
- RESERVED
-CVE-2020-14690
- RESERVED
+CVE-2020-14693 (Vulnerability in the Oracle Insurance Accounting Analyzer product of O ...)
+ TODO: check
+CVE-2020-14692 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...)
+ TODO: check
+CVE-2020-14691 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...)
+ TODO: check
+CVE-2020-14690 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
CVE-2020-14689
RESERVED
-CVE-2020-14688
- RESERVED
-CVE-2020-14687
- RESERVED
-CVE-2020-14686
- RESERVED
-CVE-2020-14685
- RESERVED
-CVE-2020-14684
- RESERVED
+CVE-2020-14688 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...)
+ TODO: check
+CVE-2020-14687 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14686 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
+ TODO: check
+CVE-2020-14685 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ TODO: check
+CVE-2020-14684 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ TODO: check
CVE-2020-14683
RESERVED
-CVE-2020-14682
- RESERVED
-CVE-2020-14681
- RESERVED
-CVE-2020-14680
- RESERVED
+CVE-2020-14682 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...)
+ TODO: check
+CVE-2020-14681 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...)
+ TODO: check
+CVE-2020-14680 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14679
- RESERVED
-CVE-2020-14678
- RESERVED
+CVE-2020-14679 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ TODO: check
+CVE-2020-14678 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14677
- RESERVED
+CVE-2020-14677 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14676
- RESERVED
+CVE-2020-14676 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14675
- RESERVED
+CVE-2020-14675 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14674
- RESERVED
+CVE-2020-14674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14673
- RESERVED
+CVE-2020-14673 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
CVE-2020-14672
RESERVED
-CVE-2020-14671
- RESERVED
-CVE-2020-14670
- RESERVED
-CVE-2020-14669
- RESERVED
-CVE-2020-14668
- RESERVED
-CVE-2020-14667
- RESERVED
-CVE-2020-14666
- RESERVED
-CVE-2020-14665
- RESERVED
-CVE-2020-14664
- RESERVED
+CVE-2020-14671 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
+ TODO: check
+CVE-2020-14670 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
+ TODO: check
+CVE-2020-14669 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...)
+ TODO: check
+CVE-2020-14668 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...)
+ TODO: check
+CVE-2020-14667 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ TODO: check
+CVE-2020-14666 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...)
+ TODO: check
+CVE-2020-14665 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ TODO: check
+CVE-2020-14664 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...)
- openjfx 11+26-1
NOTE: Oracle CPU lists only 8.x as affected, so marking the first 11.x upload as fixed
-CVE-2020-14663
- RESERVED
+CVE-2020-14663 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14662
- RESERVED
-CVE-2020-14661
- RESERVED
-CVE-2020-14660
- RESERVED
-CVE-2020-14659
- RESERVED
-CVE-2020-14658
- RESERVED
-CVE-2020-14657
- RESERVED
-CVE-2020-14656
- RESERVED
+CVE-2020-14662 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ TODO: check
+CVE-2020-14661 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ TODO: check
+CVE-2020-14660 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ TODO: check
+CVE-2020-14659 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ TODO: check
+CVE-2020-14658 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ TODO: check
+CVE-2020-14657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ TODO: check
+CVE-2020-14656 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14655
- RESERVED
-CVE-2020-14654
- RESERVED
+CVE-2020-14655 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...)
+ TODO: check
+CVE-2020-14654 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14653
- RESERVED
-CVE-2020-14652
- RESERVED
-CVE-2020-14651
- RESERVED
+CVE-2020-14653 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...)
+ TODO: check
+CVE-2020-14652 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14651 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14650
- RESERVED
+CVE-2020-14650 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14649
- RESERVED
+CVE-2020-14649 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14648
- RESERVED
+CVE-2020-14648 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14647
- RESERVED
+CVE-2020-14647 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14646
- RESERVED
+CVE-2020-14646 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14645
- RESERVED
-CVE-2020-14644
- RESERVED
-CVE-2020-14643
- RESERVED
+CVE-2020-14645 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14644 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14642
- RESERVED
-CVE-2020-14641
- RESERVED
+CVE-2020-14642 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...)
+ TODO: check
+CVE-2020-14641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14640
- RESERVED
-CVE-2020-14639
- RESERVED
-CVE-2020-14638
- RESERVED
-CVE-2020-14637
- RESERVED
-CVE-2020-14636
- RESERVED
-CVE-2020-14635
- RESERVED
-CVE-2020-14634
- RESERVED
+CVE-2020-14640 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14639 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14638 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14637 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14636 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14635 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ TODO: check
+CVE-2020-14634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14633
- RESERVED
+CVE-2020-14633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14632
- RESERVED
+CVE-2020-14632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14631
- RESERVED
+CVE-2020-14631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14630
- RESERVED
-CVE-2020-14629
- RESERVED
+CVE-2020-14630 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...)
+ TODO: check
+CVE-2020-14629 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14628
- RESERVED
+CVE-2020-14628 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14627
- RESERVED
-CVE-2020-14626
- RESERVED
-CVE-2020-14625
- RESERVED
-CVE-2020-14624
- RESERVED
+CVE-2020-14627 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2020-14626 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2020-14625 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14623
- RESERVED
+CVE-2020-14623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14622
- RESERVED
-CVE-2020-14621
- RESERVED
+CVE-2020-14622 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14621 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
- openjdk-8 <unfixed>
-CVE-2020-14620
- RESERVED
+CVE-2020-14620 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14619
- RESERVED
+CVE-2020-14619 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14618
- RESERVED
-CVE-2020-14617
- RESERVED
-CVE-2020-14616
- RESERVED
-CVE-2020-14615
- RESERVED
-CVE-2020-14614
- RESERVED
+CVE-2020-14618 (Vulnerability in the Primavera Unifier product of Oracle Construction ...)
+ TODO: check
+CVE-2020-14617 (Vulnerability in the Primavera Unifier product of Oracle Construction ...)
+ TODO: check
+CVE-2020-14616 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ TODO: check
+CVE-2020-14615 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ TODO: check
+CVE-2020-14614 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14613
- RESERVED
-CVE-2020-14612
- RESERVED
-CVE-2020-14611
- RESERVED
-CVE-2020-14610
- RESERVED
-CVE-2020-14609
- RESERVED
-CVE-2020-14608
- RESERVED
-CVE-2020-14607
- RESERVED
-CVE-2020-14606
- RESERVED
-CVE-2020-14605
- RESERVED
-CVE-2020-14604
- RESERVED
-CVE-2020-14603
- RESERVED
-CVE-2020-14602
- RESERVED
-CVE-2020-14601
- RESERVED
-CVE-2020-14600
- RESERVED
-CVE-2020-14599
- RESERVED
-CVE-2020-14598
- RESERVED
-CVE-2020-14597
- RESERVED
+CVE-2020-14613 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14612 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...)
+ TODO: check
+CVE-2020-14611 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...)
+ TODO: check
+CVE-2020-14610 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ TODO: check
+CVE-2020-14609 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2020-14608 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...)
+ TODO: check
+CVE-2020-14607 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...)
+ TODO: check
+CVE-2020-14606 (Vulnerability in the Oracle SD-WAN Edge product of Oracle Communicatio ...)
+ TODO: check
+CVE-2020-14605 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ TODO: check
+CVE-2020-14604 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ TODO: check
+CVE-2020-14603 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ TODO: check
+CVE-2020-14602 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ TODO: check
+CVE-2020-14601 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ TODO: check
+CVE-2020-14600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2020-14599 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...)
+ TODO: check
+CVE-2020-14598 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...)
+ TODO: check
+CVE-2020-14597 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14596
- RESERVED
-CVE-2020-14595
- RESERVED
-CVE-2020-14594
- RESERVED
-CVE-2020-14593
- RESERVED
+CVE-2020-14596 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ TODO: check
+CVE-2020-14595 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...)
+ TODO: check
+CVE-2020-14594 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ TODO: check
+CVE-2020-14593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
- openjdk-8 <unfixed>
-CVE-2020-14592
- RESERVED
-CVE-2020-14591
- RESERVED
+CVE-2020-14592 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2020-14591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14590
- RESERVED
-CVE-2020-14589
- RESERVED
-CVE-2020-14588
- RESERVED
-CVE-2020-14587
- RESERVED
-CVE-2020-14586
- RESERVED
+CVE-2020-14590 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ TODO: check
+CVE-2020-14589 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14588 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14587 (Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Ora ...)
+ TODO: check
+CVE-2020-14586 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14585
- RESERVED
-CVE-2020-14584
- RESERVED
-CVE-2020-14583
- RESERVED
+CVE-2020-14585 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ TODO: check
+CVE-2020-14584 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ TODO: check
+CVE-2020-14583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
- openjdk-8 <unfixed>
-CVE-2020-14582
- RESERVED
-CVE-2020-14581
- RESERVED
+CVE-2020-14582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...)
+ TODO: check
+CVE-2020-14581 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
- openjdk-8 <unfixed>
-CVE-2020-14580
- RESERVED
-CVE-2020-14579
- RESERVED
+CVE-2020-14580 (Vulnerability in the Oracle Communications Session Border Controller p ...)
+ TODO: check
+CVE-2020-14579 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
- openjdk-8 <unfixed>
-CVE-2020-14578
- RESERVED
+CVE-2020-14578 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
- openjdk-8 <unfixed>
-CVE-2020-14577
- RESERVED
+CVE-2020-14577 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
- openjdk-8 <unfixed>
-CVE-2020-14576
- RESERVED
-CVE-2020-14575
- RESERVED
+CVE-2020-14576 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2020-14575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14574
- RESERVED
-CVE-2020-14573
- RESERVED
+CVE-2020-14574 (Vulnerability in the Oracle Communications Interactive Session Recorde ...)
+ TODO: check
+CVE-2020-14573 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
-CVE-2020-14572
- RESERVED
-CVE-2020-14571
- RESERVED
-CVE-2020-14570
- RESERVED
-CVE-2020-14569
- RESERVED
-CVE-2020-14568
- RESERVED
+CVE-2020-14572 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14571 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ TODO: check
+CVE-2020-14570 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ TODO: check
+CVE-2020-14569 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...)
+ TODO: check
+CVE-2020-14568 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
- mysql-5.7 <not-affected> (Only affects MySQL 8)
-CVE-2020-14567
- RESERVED
-CVE-2020-14566
- RESERVED
-CVE-2020-14565
- RESERVED
-CVE-2020-14564
- RESERVED
-CVE-2020-14563
- RESERVED
-CVE-2020-14562
- RESERVED
+CVE-2020-14567 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2020-14566 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ TODO: check
+CVE-2020-14565 (Vulnerability in the Oracle Unified Directory product of Oracle Fusion ...)
+ TODO: check
+CVE-2020-14564 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2020-14563 (Vulnerability in the Oracle Enterprise Communications Broker product o ...)
+ TODO: check
+CVE-2020-14562 (Vulnerability in the Java SE product of Oracle Java SE (component: Ima ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
-CVE-2020-14561
- RESERVED
-CVE-2020-14560
- RESERVED
-CVE-2020-14559
- RESERVED
-CVE-2020-14558
- RESERVED
-CVE-2020-14557
- RESERVED
-CVE-2020-14556
- RESERVED
+CVE-2020-14561 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ TODO: check
+CVE-2020-14560 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...)
+ TODO: check
+CVE-2020-14559 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2020-14558 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ TODO: check
+CVE-2020-14557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-14556 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
- openjdk-14 <unfixed>
- openjdk-11 <unfixed>
- openjdk-8 <unfixed>
-CVE-2020-14555
- RESERVED
-CVE-2020-14554
- RESERVED
-CVE-2020-14553
- RESERVED
-CVE-2020-14552
- RESERVED
-CVE-2020-14551
- RESERVED
-CVE-2020-14550
- RESERVED
-CVE-2020-14549
- RESERVED
-CVE-2020-14548
- RESERVED
-CVE-2020-14547
- RESERVED
-CVE-2020-14546
- RESERVED
-CVE-2020-14545
- RESERVED
-CVE-2020-14544
- RESERVED
-CVE-2020-14543
- RESERVED
-CVE-2020-14542
- RESERVED
-CVE-2020-14541
- RESERVED
-CVE-2020-14540
- RESERVED
-CVE-2020-14539
- RESERVED
+CVE-2020-14555 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ TODO: check
+CVE-2020-14554 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ TODO: check
+CVE-2020-14553 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2020-14552 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...)
+ TODO: check
+CVE-2020-14551 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...)
+ TODO: check
+CVE-2020-14550 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2020-14549 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ TODO: check
+CVE-2020-14548 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ TODO: check
+CVE-2020-14547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2020-14546 (Vulnerability in the Hyperion Financial Close Management product of Or ...)
+ TODO: check
+CVE-2020-14545 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2020-14544 (Vulnerability in the Oracle Transportation Management product of Oracl ...)
+ TODO: check
+CVE-2020-14543 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ TODO: check
+CVE-2020-14542 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2020-14541 (Vulnerability in the Hyperion Financial Close Management product of Or ...)
+ TODO: check
+CVE-2020-14540 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
+CVE-2020-14539 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ TODO: check
CVE-2020-14538
RESERVED
-CVE-2020-14537
- RESERVED
-CVE-2020-14536
- RESERVED
-CVE-2020-14535
- RESERVED
-CVE-2020-14534
- RESERVED
-CVE-2020-14533
- RESERVED
-CVE-2020-14532
- RESERVED
-CVE-2020-14531
- RESERVED
-CVE-2020-14530
- RESERVED
-CVE-2020-14529
- RESERVED
-CVE-2020-14528
- RESERVED
-CVE-2020-14527
- RESERVED
+CVE-2020-14537 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ TODO: check
+CVE-2020-14536 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...)
+ TODO: check
+CVE-2020-14535 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...)
+ TODO: check
+CVE-2020-14534 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ TODO: check
+CVE-2020-14533 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
+ TODO: check
+CVE-2020-14532 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...)
+ TODO: check
+CVE-2020-14531 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...)
+ TODO: check
+CVE-2020-14530 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...)
+ TODO: check
+CVE-2020-14529 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ TODO: check
+CVE-2020-14528 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ TODO: check
+CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ TODO: check
CVE-2020-14526
RESERVED
CVE-2020-14525
@@ -2826,8 +2767,8 @@ CVE-2020-14513
RESERVED
CVE-2020-14512
RESERVED
-CVE-2020-14511
- RESERVED
+CVE-2020-14511 (Malicious operation of the crafted web browser cookie may cause a stac ...)
+ TODO: check
CVE-2020-14510
RESERVED
CVE-2020-14509
@@ -3301,6 +3242,7 @@ CVE-2020-14424
CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...)
NOT-FOR-US: Convos
CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...)
+ {DLA-2280-1}
- python3.8 3.8.4~rc1-1
- python3.7 <removed>
[buster] - python3.7 <no-dsa> (Minor issue)
@@ -4566,8 +4508,7 @@ CVE-2020-13925 (Similar to CVE-2020-1956, Kylin has one more restful API which c
NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2020-13924
RESERVED
-CVE-2020-13923
- RESERVED
+CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...)
NOT-FOR-US: Apache OFBiz
CVE-2020-13922
RESERVED
@@ -7149,8 +7090,8 @@ CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether,
NOT-FOR-US: COVIDSafe
CVE-2020-12855
RESERVED
-CVE-2020-12854
- RESERVED
+CVE-2020-12854 (A remote code execution vulnerability was identified in SecZetta NEPro ...)
+ TODO: check
CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...)
NOT-FOR-US: Pydio Cells
CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator user ...)
@@ -17023,8 +16964,7 @@ CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved
CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...)
- guacamole-client <unfixed> (bug #964195)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2
-CVE-2020-9496
- RESERVED
+CVE-2020-9496 (XML-RPC request are vulnerable to unsafe deserialization and Cross-Sit ...)
NOT-FOR-US: Apache OFBiz
CVE-2020-9495 (Apache Archiva login service before 2.2.5 is vulnerable to LDAP inject ...)
NOT-FOR-US: Apache Archiva
@@ -19477,6 +19417,7 @@ CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x ver
CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...)
NOT-FOR-US: Kronos Web Time and Attendance (webTA)
CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...)
+ {DLA-2280-1}
- python3.8 3.8.3~rc1-1
- python3.7 <removed>
[buster] - python3.7 <no-dsa> (Minor issue)
@@ -20106,8 +20047,8 @@ CVE-2020-8205
RESERVED
CVE-2020-8204
RESERVED
-CVE-2020-8203
- RESERVED
+CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash <= ...)
+ TODO: check
CVE-2020-8202
RESERVED
CVE-2020-8201
@@ -20160,8 +20101,8 @@ CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed
NOT-FOR-US: Nextcloud Talk
CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to ...)
NOT-FOR-US: Nextcloud Deck
-CVE-2020-8178
- RESERVED
+CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18 may ...)
+ TODO: check
CVE-2020-8177
RESERVED
- curl <unfixed>
@@ -22298,8 +22239,8 @@ CVE-2020-7294
RESERVED
CVE-2020-7293
RESERVED
-CVE-2020-7292
- RESERVED
+CVE-2020-7292 (Inappropriate Encoding for output context in McAfee Web Gateway (MWG) ...)
+ TODO: check
CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
NOT-FOR-US: McAfee
CVE-2020-7290 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
@@ -26181,8 +26122,8 @@ CVE-2020-5767
RESERVED
CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...)
NOT-FOR-US: Wordpress plugin
-CVE-2020-5765
- RESERVED
+CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerabi ...)
+ TODO: check
CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable to a d ...)
NOT-FOR-US: MX Player Android App
CVE-2020-5763
@@ -30192,8 +30133,8 @@ CVE-2020-4102
RESERVED
CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...)
NOT-FOR-US: HCL Digital Experience
-CVE-2020-4100
- RESERVED
+CVE-2020-4100 ("HCL Verse for Android was found to employ dynamic code loading. This ...)
+ TODO: check
CVE-2020-4099
RESERVED
CVE-2020-4098
@@ -33764,44 +33705,44 @@ CVE-2020-2986
RESERVED
CVE-2020-2985
RESERVED
-CVE-2020-2984
- RESERVED
-CVE-2020-2983
- RESERVED
-CVE-2020-2982
- RESERVED
-CVE-2020-2981
- RESERVED
+CVE-2020-2984 (Vulnerability in the Oracle Configuration Manager product of Oracle En ...)
+ TODO: check
+CVE-2020-2983 (Vulnerability in the Oracle Data Masking and Subsetting product of Ora ...)
+ TODO: check
+CVE-2020-2982 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...)
+ TODO: check
+CVE-2020-2981 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...)
+ TODO: check
CVE-2020-2980
RESERVED
CVE-2020-2979
RESERVED
-CVE-2020-2978
- RESERVED
-CVE-2020-2977
- RESERVED
-CVE-2020-2976
- RESERVED
-CVE-2020-2975
- RESERVED
-CVE-2020-2974
- RESERVED
-CVE-2020-2973
- RESERVED
-CVE-2020-2972
- RESERVED
-CVE-2020-2971
- RESERVED
+CVE-2020-2978 (Vulnerability in the Oracle Database - Enterprise Edition component of ...)
+ TODO: check
+CVE-2020-2977 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ TODO: check
+CVE-2020-2976 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ TODO: check
+CVE-2020-2975 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ TODO: check
+CVE-2020-2974 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ TODO: check
+CVE-2020-2973 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ TODO: check
+CVE-2020-2972 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ TODO: check
+CVE-2020-2971 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ TODO: check
CVE-2020-2970
RESERVED
-CVE-2020-2969
- RESERVED
-CVE-2020-2968
- RESERVED
-CVE-2020-2967
- RESERVED
-CVE-2020-2966
- RESERVED
+CVE-2020-2969 (Vulnerability in the Data Pump component of Oracle Database Server. Su ...)
+ TODO: check
+CVE-2020-2968 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ TODO: check
+CVE-2020-2967 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
+CVE-2020-2966 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ TODO: check
CVE-2020-2965
RESERVED
CVE-2020-2964 (Vulnerability in the Oracle Financial Services Data Foundation product ...)
@@ -34803,8 +34744,8 @@ CVE-2020-2564 (Vulnerability in the Siebel UI Framework product of Oracle Siebel
NOT-FOR-US: Oracle
CVE-2020-2563 (Vulnerability in the Hyperion Financial Close Management product of Or ...)
NOT-FOR-US: Oracle
-CVE-2020-2562
- RESERVED
+CVE-2020-2562 (Vulnerability in the Primavera Portfolio Management product of Oracle ...)
+ TODO: check
CVE-2020-2561 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...)
NOT-FOR-US: Oracle
CVE-2020-2560 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...)
@@ -34901,8 +34842,8 @@ CVE-2020-2515 (Vulnerability in the Database Gateway for ODBC component of Oracl
NOT-FOR-US: Oracle
CVE-2020-2514 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
NOT-FOR-US: Oracle
-CVE-2020-2513
- RESERVED
+CVE-2020-2513 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ TODO: check
CVE-2020-2512 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...)
NOT-FOR-US: Oracle
CVE-2020-2511 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
@@ -35799,32 +35740,23 @@ CVE-2020-2230
RESERVED
CVE-2020-2229
RESERVED
-CVE-2020-2228
- RESERVED
+CVE-2020-2228 (Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2227
- RESERVED
+CVE-2020-2227 (Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2226
- RESERVED
+CVE-2020-2226 (Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does no ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2225
- RESERVED
+CVE-2020-2225 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2224
- RESERVED
+CVE-2020-2224 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape the nod ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2223
- RESERVED
+CVE-2020-2223 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape cor ...)
NOT-FOR-US: Jenkins
-CVE-2020-2222
- RESERVED
+CVE-2020-2222 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...)
NOT-FOR-US: Jenkins
-CVE-2020-2221
- RESERVED
+CVE-2020-2221 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...)
NOT-FOR-US: Jenkins
-CVE-2020-2220
- RESERVED
+CVE-2020-2220 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...)
NOT-FOR-US: Jenkins
CVE-2020-2219 (Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of lin ...)
NOT-FOR-US: Jenkins plugin
@@ -37901,8 +37833,8 @@ CVE-2019-19328 (ui/editor/tooltip/Rdf.js in Wikibase Wikidata Query Service GUI
NOT-FOR-US: Wikibase Wikidata Query Service GUI
CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0.3.6-S ...)
NOT-FOR-US: Wikibase Wikidata Query Service GUI
-CVE-2019-19326
- RESERVED
+CVE-2019-19326 (SilverStripe through 4.4.4 allows Web Cache Poisoning through HTTPRequ ...)
+ TODO: check
CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows ...)
NOT-FOR-US: SilverStripe
CVE-2019-19324 (Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms ...)
@@ -42918,6 +42850,7 @@ CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirec
CVE-2019-18349 (HotkeyP through 4.9 r96 allows privilege escalation in the privilege f ...)
NOT-FOR-US: HotkeyP
CVE-2019-18348 (An issue was discovered in urllib2 in Python 2.x through 2.7.17 and ur ...)
+ {DLA-2280-1}
- python3.8 3.8.3~rc1-1 (unimportant)
- python3.7 <removed> (unimportant)
- python3.5 <removed> (unimportant)
@@ -45456,8 +45389,8 @@ CVE-2019-17639
RESERVED
CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in ca ...)
TODO: check
-CVE-2019-17637
- RESERVED
+CVE-2019-17637 (In all versions of Eclipse Web Tools Platform through release 3.18 (20 ...)
+ TODO: check
CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre ...)
NOT-FOR-US: Eclipse Theia
CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...)
@@ -47521,6 +47454,7 @@ CVE-2019-16937
CVE-2019-16936
RESERVED
CVE-2019-16935 (The documentation XML-RPC server in Python through 2.7.16, 3.x through ...)
+ {DLA-2280-1}
- python3.8 3.8.0~rc1-1
- python3.7 3.7.5~rc1-1
[buster] - python3.7 3.7.3-2+deb10u1
@@ -50095,7 +50029,7 @@ CVE-2019-16058 (An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0
CVE-2019-16057 (The login_mgr.cgi script in D-Link DNS-320 through 2.05.B10 is vulnera ...)
NOT-FOR-US: D-Link
CVE-2019-16056 (An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3 ...)
- {DLA-1925-1 DLA-1924-1}
+ {DLA-2280-1 DLA-1925-1 DLA-1924-1}
- python3.8 3.8.0~b4-1
- python3.7 3.7.4-4
[buster] - python3.7 3.7.3-2+deb10u1
@@ -59292,7 +59226,7 @@ CVE-2019-13578 (A SQL injection vulnerability exists in the Impress GiveWP Give
CVE-2019-13577 (SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthe ...)
NOT-FOR-US: SnmpAdm.exe in MAPLE WBT SNMP Administrator
CVE-2018-20852 (http.cookiejar.DefaultPolicy.domain_return_ok in Lib/http/cookiejar.py ...)
- {DLA-1906-1 DLA-1889-1}
+ {DLA-2280-1 DLA-1906-1 DLA-1889-1}
- python3.7 3.7.3~rc1-1
- python3.5 <removed>
- python3.4 <removed>
@@ -68851,6 +68785,7 @@ CVE-2019-10161 (It was discovered that libvirtd before versions 4.10.1 and 5.4.1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1720115
NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=aed6a032cead4386472afb24b16196579e239580
CVE-2019-10160 (A security regression of CVE-2019-9636 was discovered in python since ...)
+ {DLA-2280-1}
- python3.7 3.7.4~rc2-2
[buster] - python3.7 3.7.3-2+deb10u1
- python3.6 <not-affected> (Fix for CVE-2019-9636 not applied)
@@ -69514,7 +69449,7 @@ CVE-2019-9950 (Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultr
CVE-2019-9949 (Western Digital My Cloud Cloud, Mirror Gen2, EX2 Ultra, EX2100, EX4100 ...)
NOT-FOR-US: Western Digital
CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: scheme, w ...)
- {DLA-1852-1 DLA-1834-1}
+ {DLA-2280-1 DLA-1852-1 DLA-1834-1}
- python3.7 3.7.4~rc2-2
[buster] - python3.7 3.7.3-2+deb10u1
- python3.6 <removed>
@@ -69529,7 +69464,7 @@ CVE-2019-9948 (urllib in Python 2.x through 2.7.16 supports the local_file: sche
NOTE: https://github.com/python/cpython/commit/b15bde8058e821b383d81fcae68b335a752083ca (2.7)
NOTE: https://github.com/python/cpython/commit/942c31dffbe886ff02e25a319cc3891220b8c641 (2.7)
CVE-2019-9947 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...)
- {DLA-1835-1 DLA-1834-1}
+ {DLA-2280-1 DLA-1835-1 DLA-1834-1}
- python3.7 3.7.4~rc2-2
[buster] - python3.7 3.7.3-2+deb10u1
- python3.6 <removed>
@@ -71078,7 +71013,7 @@ CVE-2019-9741 (An issue was discovered in net/http in Go 1.11.5. CRLF injection
NOTE: https://github.com/golang/go/commit/829c5df58694b3345cb5ea41206783c8ccf5c3ca#diff-b97af51863ce82bf2a13003b52034aa9
NOTE: https://github.com/golang/go/commit/f1d662f34788f4a5f087581d0951cdf4e0f6e708#diff-b97af51863ce82bf2a13003b52034aa9
CVE-2019-9740 (An issue was discovered in urllib2 in Python 2.x through 2.7.16 and ur ...)
- {DLA-1835-1 DLA-1834-1}
+ {DLA-2280-1 DLA-1835-1 DLA-1834-1}
- python3.7 3.7.4~rc2-2
[buster] - python3.7 3.7.3-2+deb10u1
- python3.6 <removed>
@@ -71357,7 +71292,7 @@ CVE-2019-9643
CVE-2019-9642 (An issue was discovered in proxy.php in pydio-core in Pydio through 8. ...)
- extplorer <removed>
CVE-2019-9636 (Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Impr ...)
- {DLA-1835-1 DLA-1834-1}
+ {DLA-2280-1 DLA-1835-1 DLA-1834-1}
- python3.7 3.7.3~rc1-1 (bug #924072)
- python3.6 <removed>
- python3.5 <removed>
@@ -83482,7 +83417,7 @@ CVE-2019-5012 (An exploitable privilege escalation vulnerability exists in the W
CVE-2019-5011 (An exploitable privilege escalation vulnerability exists in the helper ...)
NOT-FOR-US: CleanMyMac
CVE-2019-5010 (An exploitable denial-of-service vulnerability exists in the X509 cert ...)
- {DLA-1834-1 DLA-1663-1}
+ {DLA-2280-1 DLA-1834-1 DLA-1663-1}
- python3.7 3.7.2-2 (bug #921064)
- python3.6 <removed> (bug #921063)
- python3.5 <removed>
@@ -87865,7 +87800,7 @@ CVE-2018-20408 (An issue was discovered in Bento4 1.5.1-627. There is a memory l
CVE-2018-20407 (An issue was discovered in Bento4 1.5.1-627. There is a memory leak in ...)
NOT-FOR-US: Bento4
CVE-2018-20406 (Modules/_pickle.c in Python before 3.7.1 has an integer overflow via a ...)
- {DLA-1663-1}
+ {DLA-2280-1 DLA-1663-1}
- python3.7 3.7.0-7 (unimportant)
- python3.6 3.6.7~rc1-1 (unimportant)
- python3.5 <removed> (unimportant)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9437bec660ddf219cc2e5525b5c62f9f9601429a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9437bec660ddf219cc2e5525b5c62f9f9601429a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200715/b50e5a9f/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list