[Git][security-tracker-team/security-tracker][master] new mongodb issue

[Moritz Muehlenhoff]

Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
40d5c87f by Moritz Muehlenhoff at 2020-06-03T15:11:26+02:00
new mongodb issue
NFUs

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -52,7 +52,7 @@ CVE-2019-20810 (go7007_snd_init in drivers/media/usb/go7007/snd-go7007.c in the
 	- linux 5.6.7-1
 	NOTE: https://git.kernel.org/linus/9453264ef58638ce8976121ac44c07a3ef375983
 CVE-2020-13759 (rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attacker ...)
-	TODO: check
+	NOT-FOR-US: rust-vmm
 CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...)
 	NOT-FOR-US: Bitrix24
 CVE-2020-13757 (Python-RSA 4.0 ignores leading '\0' bytes during decryption of ciphert ...)
@@ -340,9 +340,9 @@ CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in
 CVE-2020-13629
 	RESERVED
 CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
-	TODO: check
+	- centreon-web <itp> (bug #913903)
 CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
-	TODO: check
+	- centreon-web <itp> (bug #913903)
 CVE-2020-13626
 	RESERVED
 CVE-2020-13625
@@ -2682,7 +2682,7 @@ CVE-2020-12609
 CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management Engine ...)
 	NOT-FOR-US: SolarWinds
 CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...)
-	TODO: check
+	NOT-FOR-US: fastecdsa
 CVE-2020-12606
 	RESERVED
 CVE-2020-12605
@@ -7991,9 +7991,9 @@ CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienfor
 CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...)
 	NOT-FOR-US: Sophos
 CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
-	TODO: check
+	- centreon-web <itp> (bug #913903)
 CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server responses. ...)
-	TODO: check
+	- centreon-web <itp> (bug #913903)
 CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-si ...)
 	- nomad 0.10.5+dfsg1-1
 	NOTE: https://github.com/hashicorp/nomad/issues/7468
@@ -10224,7 +10224,7 @@ CVE-2020-10138
 CVE-2020-10137
 	RESERVED
 CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...)
-	TODO: check
+	NOT-FOR-US: Cisco
 CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...)
 	NOTE: Bluetooth protocol issue
 CVE-2020-10134 (Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthe ...)
@@ -15395,7 +15395,9 @@ CVE-2020-7923
 CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...)
 	NOT-FOR-US: MongoDB Enterprise
 CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...)
-	TODO: check
+	- mongodb <removed>
+	[stretch] - mongodb <no-dsa> (Minor issue)
+	NOTE: https://jira.mongodb.org/browse/SERVER-45472
 CVE-2019-20419
 	RESERVED
 CVE-2019-20418



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40d5c87f03d5fca9b34967c3fd088cf5758a2ce8

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/40d5c87f03d5fca9b34967c3fd088cf5758a2ce8
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200603/9d137fe4/attachment.html>