[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed Jun 3 21:10:59 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
ef6d49d6 by security tracker role at 2020-06-03T20:10:50+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,8 +1,36 @@
+CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...)
+ TODO: check
+CVE-2020-13789
+ RESERVED
+CVE-2020-13788
+ RESERVED
+CVE-2020-13787 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of ...)
+ TODO: check
+CVE-2020-13786 (D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. ...)
+ TODO: check
+CVE-2020-13785 (D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Str ...)
+ TODO: check
+CVE-2020-13784 (D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a P ...)
+ TODO: check
+CVE-2020-13783 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sens ...)
+ TODO: check
+CVE-2020-13782 (D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. ...)
+ TODO: check
+CVE-2020-13781
+ RESERVED
+CVE-2020-13780
+ RESERVED
+CVE-2020-13779
+ RESERVED
+CVE-2020-13778
+ RESERVED
+CVE-2020-13777
+ RESERVED
CVE-2020-13776 (systemd through v245 mishandles numerical usernames such as ones compo ...)
- systemd <unfixed> (unimportant)
NOTE: https://github.com/systemd/systemd/issues/15985
NOTE: Issue exists due to an incomplete fix for CVE-2017-1000082.
-CVE-2020-13775 (ZNC before 1.8.1-rc1 allows attackers to trigger an application crash ...)
+CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows attackers to trigger an application c ...)
- znc <unfixed> (bug #962105)
[buster] - znc <not-affected> (Vulnerable code introduced later)
[stretch] - znc <not-affected> (Vulnerable code introduced later)
@@ -63,8 +91,8 @@ CVE-2020-13757 (Python-RSA 4.0 ignores leading '\0' bytes during decryption of c
- python-rsa <unfixed> (bug #962142)
[jessie] - python-rsa <no-dsa> (No reverse dependencies)
NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146
-CVE-2020-13756
- RESERVED
+CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...)
+ TODO: check
CVE-2020-13755
RESERVED
CVE-2020-13753
@@ -169,8 +197,8 @@ CVE-2020-13704
RESERVED
CVE-2020-13703
RESERVED
-CVE-2019-20809
- RESERVED
+CVE-2019-20809 (The price oracle in PriceOracle.sol in Compound Finance Compound Price ...)
+ TODO: check
CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...)
- qemu <unfixed>
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00004.html
@@ -410,10 +438,9 @@ CVE-2020-13599
RESERVED
CVE-2020-13598
RESERVED
-CVE-2020-13597
- RESERVED
-CVE-2020-13596 [Possible XSS via admin ForeignKeyRawIdWidget]
- RESERVED
+CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...)
+ TODO: check
+CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
- python-django <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1
NOTE: https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master)
@@ -883,8 +910,7 @@ CVE-2020-13381
RESERVED
CVE-2020-13380
RESERVED
-CVE-2020-13379
- RESERVED
+CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ...)
- grafana <removed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/4
NOTE: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/
@@ -1158,8 +1184,7 @@ CVE-2020-13256
RESERVED
CVE-2020-13255
RESERVED
-CVE-2020-13254 [Potential data leakage via malformed memcached keys]
- RESERVED
+CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...)
- python-django <unfixed>
NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1
NOTE: https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master)
@@ -2079,8 +2104,8 @@ CVE-2020-12848
RESERVED
CVE-2020-12847
RESERVED
-CVE-2020-12846
- RESERVED
+CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remo ...)
+ TODO: check
CVE-2020-12845
RESERVED
CVE-2020-12844
@@ -3141,6 +3166,7 @@ CVE-2020-12411
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411
CVE-2020-12410
RESERVED
+ {DSA-4695-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12410
@@ -3159,12 +3185,14 @@ CVE-2020-12407
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407
CVE-2020-12406
RESERVED
+ {DSA-4695-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12406
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406
CVE-2020-12405
RESERVED
+ {DSA-4695-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12405
@@ -3181,6 +3209,7 @@ CVE-2020-12400
RESERVED
CVE-2020-12399 [Force a fixed length for DSA exponentiation]
RESERVED
+ {DSA-4695-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- nss 2:3.53-1 (bug #961752)
@@ -8710,8 +8739,7 @@ CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implement
NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6
CVE-2020-10750
RESERVED
-CVE-2020-10749 [IPv6 router advertisements allow for MitM attacks on IPv4 clusters]
- RESERVED
+CVE-2020-10749 (A vulnerability was found in all versions of containernetworking/plugi ...)
- golang-github-containernetworking-plugins <unfixed>
NOTE: https://github.com/containernetworking/plugins/pull/484
NOTE: https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43
@@ -9417,8 +9445,8 @@ CVE-2020-10518
RESERVED
CVE-2020-10517
RESERVED
-CVE-2020-10516
- RESERVED
+CVE-2020-10516 (An improper access control vulnerability was identified in the GitHub ...)
+ TODO: check
CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...)
NOT-FOR-US: STARFACE UCC Client
CVE-2020-10514 (iCatch DVR firmware before 20200103 do not validate function parameter ...)
@@ -16106,7 +16134,7 @@ CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection.
NOT-FOR-US: git-add-remote node module
CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...)
NOT-FOR-US: install-package node module
-CVE-2020-7628 (install-package through 1.1.6 is vulnerable to Command Injection. It a ...)
+CVE-2020-7628 (umount through 1.1.6 is vulnerable to Command Injection. The argument ...)
NOT-FOR-US: install-package node module
CVE-2020-7627 (node-key-sender through 1.0.11 is vulnerable to Command Injection. It ...)
NOT-FOR-US: node-key-sender node module
@@ -17229,12 +17257,12 @@ CVE-2020-7119
RESERVED
CVE-2020-7118
RESERVED
-CVE-2020-7117
- RESERVED
-CVE-2020-7116
- RESERVED
-CVE-2020-7115
- RESERVED
+CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
+ TODO: check
+CVE-2020-7116 (The ClearPass Policy Manager WebUI administrative interface has an aut ...)
+ TODO: check
+CVE-2020-7115 (The ClearPass Policy Manager web interface is affected by a vulnerabil ...)
+ TODO: check
CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the same ne ...)
NOT-FOR-US: ClearPass
CVE-2020-7113 (A vulnerability was found when an attacker, while communicating with t ...)
@@ -17553,18 +17581,18 @@ CVE-2020-7017
RESERVED
CVE-2020-7016
RESERVED
-CVE-2020-7015
- RESERVED
-CVE-2020-7014
- RESERVED
-CVE-2020-7013
- RESERVED
-CVE-2020-7012
- RESERVED
-CVE-2020-7011
- RESERVED
-CVE-2020-7010
- RESERVED
+CVE-2020-7015 (Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in t ...)
+ TODO: check
+CVE-2020-7014 (The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch ve ...)
+ TODO: check
+CVE-2020-7013 (Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution f ...)
+ TODO: check
+CVE-2020-7012 (Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype ...)
+ TODO: check
+CVE-2020-7011 (Elastic App Search versions before 7.7.0 contain a cross site scriptin ...)
+ TODO: check
+CVE-2020-7010 (Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate pas ...)
+ TODO: check
CVE-2020-7009 (Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 ...)
- elasticsearch <removed>
CVE-2020-7008 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...)
@@ -24123,8 +24151,8 @@ CVE-2020-4309 (IBM Content Navigator 3.0CD could disclose sensitive information
NOT-FOR-US: IBM
CVE-2020-4308
RESERVED
-CVE-2020-4307
- RESERVED
+CVE-2020-4307 (IBM Security Guardium 11.1 could allow an attacker on the same network ...)
+ TODO: check
CVE-2020-4306 (IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cros ...)
NOT-FOR-US: IBM
CVE-2020-4305
@@ -24357,14 +24385,14 @@ CVE-2020-4192
RESERVED
CVE-2020-4191
RESERVED
-CVE-2020-4190
- RESERVED
+CVE-2020-4190 (IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credent ...)
+ TODO: check
CVE-2020-4189
RESERVED
CVE-2020-4188
RESERVED
-CVE-2020-4187
- RESERVED
+CVE-2020-4187 (IBM Security Guardium 11.1 could disclose sensitive information on the ...)
+ TODO: check
CVE-2020-4186
RESERVED
CVE-2020-4185
@@ -24373,18 +24401,18 @@ CVE-2020-4184
RESERVED
CVE-2020-4183
RESERVED
-CVE-2020-4182
- RESERVED
+CVE-2020-4182 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...)
+ TODO: check
CVE-2020-4181
RESERVED
-CVE-2020-4180
- RESERVED
+CVE-2020-4180 (IBM Security Guardium 11.1 could allow a remote authenticated attacker ...)
+ TODO: check
CVE-2020-4179
RESERVED
CVE-2020-4178
RESERVED
-CVE-2020-4177
- RESERVED
+CVE-2020-4177 (IBM Security Guardium 11.1 contains hard-coded credentials, such as a ...)
+ TODO: check
CVE-2020-4176
RESERVED
CVE-2020-4175
@@ -24667,8 +24695,8 @@ CVE-2020-4037
RESERVED
CVE-2020-4036
RESERVED
-CVE-2020-4035
- RESERVED
+CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0. ...)
+ TODO: check
CVE-2020-4034
RESERVED
CVE-2020-4033
@@ -27188,8 +27216,8 @@ CVE-2020-3355
RESERVED
CVE-2020-3354
RESERVED
-CVE-2020-3353
- RESERVED
+CVE-2020-3353 (A vulnerability in the syslog processing engine of Cisco Identity Serv ...)
+ TODO: check
CVE-2020-3352
RESERVED
CVE-2020-3351
@@ -27220,20 +27248,20 @@ CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVir
NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
CVE-2020-3340
RESERVED
-CVE-2020-3339
- RESERVED
+CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Prime I ...)
+ TODO: check
CVE-2020-3338
RESERVED
CVE-2020-3337
RESERVED
CVE-2020-3336
RESERVED
-CVE-2020-3335
- RESERVED
+CVE-2020-3335 (A vulnerability in the key store of Cisco Application Services Engine ...)
+ TODO: check
CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Securit ...)
NOT-FOR-US: Cisco
-CVE-2020-3333
- RESERVED
+CVE-2020-3333 (A vulnerability in the API of Cisco Application Services Engine Softwa ...)
+ TODO: check
CVE-2020-3332
RESERVED
CVE-2020-3331
@@ -27258,14 +27286,14 @@ CVE-2020-3324
RESERVED
CVE-2020-3323
RESERVED
-CVE-2020-3322
- RESERVED
-CVE-2020-3321
- RESERVED
+CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
+ TODO: check
+CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
+ TODO: check
CVE-2020-3320
RESERVED
-CVE-2020-3319
- RESERVED
+CVE-2020-3319 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...)
+ TODO: check
CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)
NOT-FOR-US: Cisco
CVE-2020-3317
@@ -27340,8 +27368,8 @@ CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer
NOT-FOR-US: Cisco
CVE-2020-3282
RESERVED
-CVE-2020-3281
- RESERVED
+CVE-2020-3281 (A vulnerability in the audit logging component of Cisco Digital Networ ...)
+ TODO: check
CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of Cisco Unifi ...)
NOT-FOR-US: Cisco
CVE-2020-3279
@@ -27368,8 +27396,8 @@ CVE-2020-3269
RESERVED
CVE-2020-3268
RESERVED
-CVE-2020-3267
- RESERVED
+CVE-2020-3267 (A vulnerability in the API subsystem of Cisco Unified Contact Center E ...)
+ TODO: check
CVE-2020-3266 (A vulnerability in the CLI of Cisco SD-WAN Solution software could all ...)
NOT-FOR-US: Cisco
CVE-2020-3265 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...)
@@ -27386,10 +27414,10 @@ CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software co
NOT-FOR-US: Cisco
CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
NOT-FOR-US: Cisco
-CVE-2020-3258
- RESERVED
-CVE-2020-3257
- RESERVED
+CVE-2020-3258 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
+ TODO: check
+CVE-2020-3257 (Multiple vulnerabilities in the Cisco IOx application environment of C ...)
+ TODO: check
CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco Hosted ...)
NOT-FOR-US: Cisco
CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco Firepo ...)
@@ -27426,88 +27454,88 @@ CVE-2020-3240 (Multiple vulnerabilities in the REST API of Cisco UCS Director an
NOT-FOR-US: Cisco
CVE-2020-3239 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
NOT-FOR-US: Cisco
-CVE-2020-3238
- RESERVED
-CVE-2020-3237
- RESERVED
+CVE-2020-3238 (A vulnerability in the Cisco Application Framework component of the Ci ...)
+ TODO: check
+CVE-2020-3237 (A vulnerability in the Cisco Application Framework component of the Ci ...)
+ TODO: check
CVE-2020-3236
RESERVED
-CVE-2020-3235
- RESERVED
-CVE-2020-3234
- RESERVED
-CVE-2020-3233
- RESERVED
-CVE-2020-3232
- RESERVED
-CVE-2020-3231
- RESERVED
-CVE-2020-3230
- RESERVED
-CVE-2020-3229
- RESERVED
-CVE-2020-3228
- RESERVED
-CVE-2020-3227
- RESERVED
-CVE-2020-3226
- RESERVED
-CVE-2020-3225
- RESERVED
-CVE-2020-3224
- RESERVED
-CVE-2020-3223
- RESERVED
-CVE-2020-3222
- RESERVED
-CVE-2020-3221
- RESERVED
-CVE-2020-3220
- RESERVED
-CVE-2020-3219
- RESERVED
-CVE-2020-3218
- RESERVED
-CVE-2020-3217
- RESERVED
-CVE-2020-3216
- RESERVED
-CVE-2020-3215
- RESERVED
-CVE-2020-3214
- RESERVED
-CVE-2020-3213
- RESERVED
-CVE-2020-3212
- RESERVED
-CVE-2020-3211
- RESERVED
-CVE-2020-3210
- RESERVED
-CVE-2020-3209
- RESERVED
-CVE-2020-3208
- RESERVED
-CVE-2020-3207
- RESERVED
-CVE-2020-3206
- RESERVED
-CVE-2020-3205
- RESERVED
-CVE-2020-3204
- RESERVED
-CVE-2020-3203
- RESERVED
+CVE-2020-3235 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...)
+ TODO: check
+CVE-2020-3234 (A vulnerability in the virtual console authentication of Cisco IOS Sof ...)
+ TODO: check
+CVE-2020-3233 (A vulnerability in the web-based Local Manager interface of the Cisco ...)
+ TODO: check
+CVE-2020-3232 (A vulnerability in the Simple Network Management Protocol (SNMP) imple ...)
+ TODO: check
+CVE-2020-3231 (A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series ...)
+ TODO: check
+CVE-2020-3230 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...)
+ TODO: check
+CVE-2020-3229 (A vulnerability in Role Based Access Control (RBAC) functionality of C ...)
+ TODO: check
+CVE-2020-3228 (A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco ...)
+ TODO: check
+CVE-2020-3227 (A vulnerability in the authorization controls for the Cisco IOx applic ...)
+ TODO: check
+CVE-2020-3226 (A vulnerability in the Session Initiation Protocol (SIP) library of Ci ...)
+ TODO: check
+CVE-2020-3225 (Multiple vulnerabilities in the implementation of the Common Industria ...)
+ TODO: check
+CVE-2020-3224 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
+ TODO: check
+CVE-2020-3223 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
+ TODO: check
+CVE-2020-3222 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
+ TODO: check
+CVE-2020-3221 (A vulnerability in the Flexible NetFlow Version 9 packet processor of ...)
+ TODO: check
+CVE-2020-3220 (A vulnerability in the hardware crypto driver of Cisco IOS XE Software ...)
+ TODO: check
+CVE-2020-3219 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ TODO: check
+CVE-2020-3218 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ TODO: check
+CVE-2020-3217 (A vulnerability in the Topology Discovery Service of Cisco One Platfor ...)
+ TODO: check
+CVE-2020-3216 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...)
+ TODO: check
+CVE-2020-3215 (A vulnerability in the Virtual Services Container of Cisco IOS XE Soft ...)
+ TODO: check
+CVE-2020-3214 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
+ TODO: check
+CVE-2020-3213 (A vulnerability in the ROMMON of Cisco IOS XE Software could allow an ...)
+ TODO: check
+CVE-2020-3212 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ TODO: check
+CVE-2020-3211 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...)
+ TODO: check
+CVE-2020-3210 (A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 ...)
+ TODO: check
+CVE-2020-3209 (A vulnerability in software image verification in Cisco IOS XE Softwar ...)
+ TODO: check
+CVE-2020-3208 (A vulnerability in the image verification feature of Cisco IOS Softwar ...)
+ TODO: check
+CVE-2020-3207 (A vulnerability in the processing of boot options of specific Cisco IO ...)
+ TODO: check
+CVE-2020-3206 (A vulnerability in the handling of IEEE 802.11w Protected Management F ...)
+ TODO: check
+CVE-2020-3205 (A vulnerability in the implementation of the inter-VM channel of Cisco ...)
+ TODO: check
+CVE-2020-3204 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...)
+ TODO: check
+CVE-2020-3203 (A vulnerability in the locally significant certificate (LSC) provision ...)
+ TODO: check
CVE-2020-3202
RESERVED
-CVE-2020-3201
- RESERVED
-CVE-2020-3200
- RESERVED
-CVE-2020-3199
- RESERVED
-CVE-2020-3198
- RESERVED
+CVE-2020-3201 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...)
+ TODO: check
+CVE-2020-3200 (A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Sof ...)
+ TODO: check
+CVE-2020-3199 (Multiple vulnerabilities in the Cisco IOx application environment of C ...)
+ TODO: check
+CVE-2020-3198 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...)
+ TODO: check
CVE-2020-3197
RESERVED
CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
@@ -30172,38 +30200,27 @@ CVE-2020-2202
RESERVED
CVE-2020-2201
RESERVED
-CVE-2020-2200
- RESERVED
+CVE-2020-2200 (Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2199
- RESERVED
+CVE-2020-2199 (Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier do ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2198
- RESERVED
+CVE-2020-2198 (Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redac ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2197
- RESERVED
+CVE-2020-2197 (Jenkins Project Inheritance Plugin 19.08.02 and earlier does not requi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2196
- RESERVED
+CVE-2020-2196 (Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection fo ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2195
- RESERVED
+CVE-2020-2195 (Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocess ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2194
- RESERVED
+CVE-2020-2194 (Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the dis ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2193
- RESERVED
+CVE-2020-2193 (Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the par ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2192
- RESERVED
+CVE-2020-2192 (A cross-site request forgery vulnerability in Jenkins Self-Organizing ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2191
- RESERVED
+CVE-2020-2191 (Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2190
- RESERVED
+CVE-2020-2190 (Jenkins Script Security Plugin 1.72 and earlier does not correctly esc ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2189 (Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure ...)
NOT-FOR-US: Jenkins plugin
@@ -30936,8 +30953,7 @@ CVE-2019-19518 (CA Automic Sysload 5.6.0 through 6.1.2 contains a vulnerability,
NOT-FOR-US: CA Automic Sysload
CVE-2020-1964 (It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-inc ...)
NOT-FOR-US: Apache Heron
-CVE-2020-1963
- RESERVED
+CVE-2020-1963 (Apache Ignite uses H2 database to build SQL distributed execution engi ...)
NOT-FOR-US: Apache Ignite
CVE-2020-1962
REJECTED
@@ -30955,7 +30971,7 @@ CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dy
NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2
NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139
NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322
-CVE-2020-1956 (Kylin has some restful apis which will concatenate os command with the ...)
+CVE-2020-1956 (Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restfu ...)
NOT-FOR-US: Apache Kylin
CVE-2020-1955 (CouchDB version 3.0.0 shipped with a new configuration setting that go ...)
- couchdb <removed>
@@ -32557,9 +32573,9 @@ CVE-2019-19216 (BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. ...)
CVE-2019-19215 (A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when ...)
NOT-FOR-US: BMC Control-M/Agent
CVE-2019-19214
- RESERVED
+ REJECTED
CVE-2019-19213
- RESERVED
+ REJECTED
CVE-2019-19212 (Dolibarr ERP/CRM 3.0 through 10.0.3 allows XSS via the qty parameter t ...)
- dolibarr <removed>
CVE-2019-19211 (Dolibarr ERP/CRM before 10.0.3 has an Insufficient Filtering issue tha ...)
@@ -108094,7 +108110,7 @@ CVE-2018-13369
RESERVED
CVE-2018-13368 (A local privilege escalation in Fortinet FortiClient for Windows 6.0.4 ...)
NOT-FOR-US: Fortinet FortiClient
-CVE-2018-13367 (An information exposure vulnerability in FortiOS 6.2.0 and below may a ...)
+CVE-2018-13367 (An information exposure vulnerability in FortiOS 6.2.3, 6.2.0 and belo ...)
NOT-FOR-US: FortiOS
CVE-2018-13366 (An information disclosure vulnerability in Fortinet FortiOS 6.0.1, 5.6 ...)
NOT-FOR-US: Fortinet FortiOS
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef6d49d6a66d509e15d187d8ba63bc642d7ef858
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/ef6d49d6a66d509e15d187d8ba63bc642d7ef858
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200603/b4d82654/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list