[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Wed May 6 21:10:39 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
2853adea by security tracker role at 2020-05-06T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,7 @@
+CVE-2020-12674
+ RESERVED
+CVE-2020-12673
+ RESERVED
CVE-2020-XXXX [OSSA-2020-004: EC2 and credential endpoints are not protected from a scoped context]
- keystone <unfixed> (bug #959900)
NOTE: https://bugs.launchpad.net/keystone/+bug/1872735
@@ -8,8 +12,8 @@ CVE-2020-12671
RESERVED
CVE-2020-12670
RESERVED
-CVE-2020-12669
- RESERVED
+CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...)
+ TODO: check
CVE-2020-12668
RESERVED
CVE-2020-12667
@@ -1233,11 +1237,11 @@ CVE-2020-12146
RESERVED
CVE-2020-12145
RESERVED
-CVE-2020-12144 (Details The certificate used to identify the Silver Peak Cloud Portal ...)
+CVE-2020-12144 (The certificate used to identify the Silver Peak Cloud Portal to EdgeC ...)
NOT-FOR-US: Silver Peak Cloud Portal
-CVE-2020-12143 (Summary - The certificate used to identify Orchestrator to EdgeConnect ...)
+CVE-2020-12143 (The certificate used to identify Orchestrator to EdgeConnect devices i ...)
NOT-FOR-US: EdgeConnect
-CVE-2020-12142 (a. IPSec UDP key material can be retrieved from machine-to-machine int ...)
+CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machine int ...)
NOT-FOR-US: EdgeConnect
CVE-2020-12141
RESERVED
@@ -1305,8 +1309,7 @@ CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This af
NOT-FOR-US: TP-Link
CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...)
NOT-FOR-US: TP-Link
-CVE-2020-12108 [Arbitrary Content Injection via the options login page]
- RESERVED
+CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...)
- mailman <removed>
NOTE: https://bugs.launchpad.net/mailman/+bug/1873722
CVE-2020-12107
@@ -2434,9 +2437,9 @@ CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By us
NOTE: https://gitlab.gnome.org/GNOME/evolution/-/commit/6489f20d6905cc797e2b2581c415e558c457caa7
CVE-2020-11878 (The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4 ...)
- jitsi-meet <itp> (bug #760485)
-CVE-2020-11877 (airhost.exe in Zoom Client for Meetings 4.6.11 uses 3423423432325249 a ...)
+CVE-2020-11877 (** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses 342 ...)
NOT-FOR-US: Zoom Client for Meetings
-CVE-2020-11876 (airhost.exe in Zoom Client for Meetings 4.6.11 uses the SHA-256 hash o ...)
+CVE-2020-11876 (** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses the ...)
NOT-FOR-US: Zoom Client for Meetings
CVE-2020-11875 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
NOT-FOR-US: LG mobile devices
@@ -3111,8 +3114,8 @@ CVE-2020-11728 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL)
- awl 0.61-1 (bug #956650)
NOTE: https://gitlab.com/davical-project/awl/-/issues/19
NOTE: https://gitlab.com/davical-project/awl/-/commit/c2e808cc2420f8d870ac0a4aa9cc1f2c90562428
-CVE-2020-11727
- RESERVED
+CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced O ...)
+ TODO: check
CVE-2020-11726
RESERVED
CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...)
@@ -5998,8 +6001,7 @@ CVE-2020-10706
RESERVED
CVE-2020-10705
RESERVED
-CVE-2020-10704
- RESERVED
+CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain Contro ...)
- samba <unfixed>
[buster] - samba <postponed> (Can be fixed along in future DSA)
[stretch] - samba <postponed> (Can be fixed along in future DSA)
@@ -6057,8 +6059,8 @@ CVE-2020-10695
NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container
CVE-2020-10694
RESERVED
-CVE-2020-10693
- RESERVED
+CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in ...)
+ TODO: check
CVE-2020-10692
RESERVED
CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versions 2.9 ...)
@@ -10208,8 +10210,8 @@ CVE-2020-8901
RESERVED
CVE-2020-8900
RESERVED
-CVE-2020-8899
- RESERVED
+CVE-2020-8899 (There is a buffer overwrite vulnerability in the Quram qmg library of ...)
+ TODO: check
CVE-2020-8898
RESERVED
CVE-2020-8897
@@ -12491,8 +12493,8 @@ CVE-2020-7923
RESERVED
CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...)
NOT-FOR-US: MongoDB Enterprise
-CVE-2020-7921
- RESERVED
+CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...)
+ TODO: check
CVE-2019-20419
RESERVED
CVE-2019-20418
@@ -12818,8 +12820,8 @@ CVE-2020-7808
RESERVED
CVE-2020-7807
RESERVED
-CVE-2020-7806
- RESERVED
+CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...)
+ TODO: check
CVE-2020-7805
RESERVED
CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, ...)
@@ -14927,8 +14929,8 @@ CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and access
NOT-FOR-US: ZTE
CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Informati ...)
NOT-FOR-US: ZTE F6x2W
-CVE-2020-6861
- RESERVED
+CVE-2020-6861 (A flawed protocol design in the Ledger Monero app before 1.5.1 for Led ...)
+ TODO: check
CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...)
- libmysofa 1.0~dfsg0-1 (bug #949325)
[buster] - libmysofa <no-dsa> (Minor issue)
@@ -16856,8 +16858,8 @@ CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstR
[stretch] - gst-rtsp-server1.0 <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018
NOTE: https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a
-CVE-2020-6094
- RESERVED
+CVE-2020-6094 (An exploitable code execution vulnerability exists in the TIFF fillinr ...)
+ TODO: check
CVE-2020-6093
RESERVED
CVE-2020-6092
@@ -16880,8 +16882,8 @@ CVE-2020-6084
RESERVED
CVE-2020-6083
RESERVED
-CVE-2020-6082
- RESERVED
+CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...)
+ TODO: check
CVE-2020-6081
RESERVED
CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource ...)
@@ -16920,10 +16922,10 @@ CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the mess
[jessie] - vlc <end-of-life> (Not supported in jessie LTS)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000
NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
-CVE-2020-6076
- RESERVED
-CVE-2020-6075
- RESERVED
+CVE-2020-6076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
+ TODO: check
+CVE-2020-6075 (An exploitable out-of-bounds write vulnerability exists in the store_d ...)
+ TODO: check
CVE-2020-6074
RESERVED
CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...)
@@ -20881,8 +20883,8 @@ CVE-2020-4448
RESERVED
CVE-2020-4447
RESERVED
-CVE-2020-4446
- RESERVED
+CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automa ...)
+ TODO: check
CVE-2020-4445
RESERVED
CVE-2020-4444
@@ -20931,8 +20933,8 @@ CVE-2020-4423
RESERVED
CVE-2020-4422
RESERVED
-CVE-2020-4421
- RESERVED
+CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allo ...)
+ TODO: check
CVE-2020-4420
RESERVED
CVE-2020-4419
@@ -21005,8 +21007,8 @@ CVE-2020-4386
RESERVED
CVE-2020-4385
RESERVED
-CVE-2020-4384
- RESERVED
+CVE-2020-4384 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...)
+ TODO: check
CVE-2020-4383
RESERVED
CVE-2020-4382
@@ -21589,8 +21591,8 @@ CVE-2020-4094
RESERVED
CVE-2020-4093
RESERVED
-CVE-2020-4092
- RESERVED
+CVE-2020-4092 ("If port encryption is not enabled on the Domino Server, HCL Nomad on ...)
+ TODO: check
CVE-2020-4091
RESERVED
CVE-2020-4090
@@ -24257,8 +24259,8 @@ CVE-2020-3336
RESERVED
CVE-2020-3335
RESERVED
-CVE-2020-3334
- RESERVED
+CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Securit ...)
+ TODO: check
CVE-2020-3333
RESERVED
CVE-2020-3332
@@ -24267,8 +24269,8 @@ CVE-2020-3331
RESERVED
CVE-2020-3330
RESERVED
-CVE-2020-3329
- RESERVED
+CVE-2020-3329 (A vulnerability in role-based access control of Cisco Integrated Manag ...)
+ TODO: check
CVE-2020-3328
RESERVED
CVE-2020-3327
@@ -24289,48 +24291,48 @@ CVE-2020-3320
RESERVED
CVE-2020-3319
RESERVED
-CVE-2020-3318
- RESERVED
+CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)
+ TODO: check
CVE-2020-3317
RESERVED
CVE-2020-3316
RESERVED
-CVE-2020-3315
- RESERVED
+CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Snort d ...)
+ TODO: check
CVE-2020-3314
RESERVED
-CVE-2020-3313
- RESERVED
-CVE-2020-3312
- RESERVED
-CVE-2020-3311
- RESERVED
-CVE-2020-3310
- RESERVED
-CVE-2020-3309
- RESERVED
-CVE-2020-3308
- RESERVED
-CVE-2020-3307
- RESERVED
-CVE-2020-3306
- RESERVED
-CVE-2020-3305
- RESERVED
+CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
+ TODO: check
+CVE-2020-3312 (A vulnerability in the application policy configuration of Cisco Firep ...)
+ TODO: check
+CVE-2020-3311 (A vulnerability in the web interface of Cisco Firepower Management Cen ...)
+ TODO: check
+CVE-2020-3310 (A vulnerability in the XML parser code of Cisco Firepower Device Manag ...)
+ TODO: check
+CVE-2020-3309 (A vulnerability in Cisco Firepower Device Manager (FDM) On-Box softwar ...)
+ TODO: check
+CVE-2020-3308 (A vulnerability in the Image Signature Verification feature of Cisco F ...)
+ TODO: check
+CVE-2020-3307 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
+ TODO: check
+CVE-2020-3306 (A vulnerability in the DHCP module of Cisco Adaptive Security Applianc ...)
+ TODO: check
+CVE-2020-3305 (A vulnerability in the implementation of the Border Gateway Protocol ( ...)
+ TODO: check
CVE-2020-3304
RESERVED
-CVE-2020-3303
- RESERVED
-CVE-2020-3302
- RESERVED
-CVE-2020-3301
- RESERVED
+CVE-2020-3303 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...)
+ TODO: check
+CVE-2020-3302 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...)
+ TODO: check
+CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...)
+ TODO: check
CVE-2020-3300
RESERVED
CVE-2020-3299
RESERVED
-CVE-2020-3298
- RESERVED
+CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...)
+ TODO: check
CVE-2020-3297
RESERVED
CVE-2020-3296
@@ -24355,12 +24357,12 @@ CVE-2020-3287
RESERVED
CVE-2020-3286
RESERVED
-CVE-2020-3285
- RESERVED
+CVE-2020-3285 (A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) ...)
+ TODO: check
CVE-2020-3284
RESERVED
-CVE-2020-3283
- RESERVED
+CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
+ TODO: check
CVE-2020-3282
RESERVED
CVE-2020-3281
@@ -24407,20 +24409,20 @@ CVE-2020-3261 (A vulnerability in the web-based management interface of Cisco Mo
NOT-FOR-US: Cisco
CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software could a ...)
NOT-FOR-US: Cisco
-CVE-2020-3259
- RESERVED
+CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ TODO: check
CVE-2020-3258
RESERVED
CVE-2020-3257
RESERVED
-CVE-2020-3256
- RESERVED
-CVE-2020-3255
- RESERVED
-CVE-2020-3254
- RESERVED
-CVE-2020-3253
- RESERVED
+CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco Hosted ...)
+ TODO: check
+CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco Firepo ...)
+ TODO: check
+CVE-2020-3254 (Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) ...)
+ TODO: check
+CVE-2020-3253 (A vulnerability in the support tunnel feature of Cisco Firepower Threa ...)
+ TODO: check
CVE-2020-3252 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
NOT-FOR-US: Cisco
CVE-2020-3251 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
@@ -24433,8 +24435,8 @@ CVE-2020-3248 (Multiple vulnerabilities in the REST API of Cisco UCS Director an
NOT-FOR-US: Cisco
CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...)
NOT-FOR-US: Cisco
-CVE-2020-3246
- RESERVED
+CVE-2020-3246 (A vulnerability in the web server of Cisco Umbrella could allow an una ...)
+ TODO: check
CVE-2020-3245
RESERVED
CVE-2020-3244
@@ -24533,28 +24535,28 @@ CVE-2020-3198
RESERVED
CVE-2020-3197
RESERVED
-CVE-2020-3196
- RESERVED
-CVE-2020-3195
- RESERVED
+CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...)
+ TODO: check
+CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...)
+ TODO: check
CVE-2020-3194 (A vulnerability in Cisco Webex Network Recording Player for Microsoft ...)
NOT-FOR-US: Cisco
CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...)
NOT-FOR-US: Cisco
CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...)
NOT-FOR-US: Cisco
-CVE-2020-3191
- RESERVED
+CVE-2020-3191 (A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive ...)
+ TODO: check
CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR Software ...)
NOT-FOR-US: Cisco
-CVE-2020-3189
- RESERVED
-CVE-2020-3188
- RESERVED
-CVE-2020-3187
- RESERVED
-CVE-2020-3186
- RESERVED
+CVE-2020-3189 (A vulnerability in the VPN System Logging functionality for Cisco Fire ...)
+ TODO: check
+CVE-2020-3188 (A vulnerability in how Cisco Firepower Threat Defense (FTD) Software h ...)
+ TODO: check
+CVE-2020-3187 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ TODO: check
+CVE-2020-3186 (A vulnerability in the management access list configuration of Cisco F ...)
+ TODO: check
CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco TelePre ...)
NOT-FOR-US: Cisco
CVE-2020-3184
@@ -24567,10 +24569,10 @@ CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco A
NOT-FOR-US: Cisco
CVE-2020-3180
RESERVED
-CVE-2020-3179
- RESERVED
-CVE-2020-3178
- RESERVED
+CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...)
+ TODO: check
+CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Softwar ...)
+ TODO: check
CVE-2020-3177 (A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) ...)
NOT-FOR-US: Cisco
CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...)
@@ -24675,8 +24677,8 @@ CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player
NOT-FOR-US: Cisco
CVE-2020-3126 (vulnerability within the Multimedia Viewer feature of Cisco Webex Meet ...)
NOT-FOR-US: Cisco
-CVE-2020-3125
- RESERVED
+CVE-2020-3125 (A vulnerability in the Kerberos authentication feature of Cisco Adapti ...)
+ TODO: check
CVE-2020-3124
RESERVED
CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...)
@@ -27202,32 +27204,23 @@ CVE-2020-2191
RESERVED
CVE-2020-2190
RESERVED
-CVE-2020-2189
- RESERVED
+CVE-2020-2189 (Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2188
- RESERVED
+CVE-2020-2188 (A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and ear ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2187
- RESERVED
+CVE-2020-2187 (Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts s ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2186
- RESERVED
+CVE-2020-2186 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2185
- RESERVED
+CVE-2020-2185 (Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH hos ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2184
- RESERVED
+CVE-2020-2184 (A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2183
- RESERVED
+CVE-2020-2183 (Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper perm ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2182
- RESERVED
+CVE-2020-2182 (Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2181
- RESERVED
+CVE-2020-2181 (Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2180 (Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML p ...)
NOT-FOR-US: Jenkins plugin
@@ -29644,14 +29637,14 @@ CVE-2019-19171
RESERVED
CVE-2019-19170
RESERVED
-CVE-2019-19169
- RESERVED
-CVE-2019-19168
- RESERVED
-CVE-2019-19167
- RESERVED
-CVE-2019-19166
- RESERVED
+CVE-2019-19169 (Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerabili ...)
+ TODO: check
+CVE-2019-19168 (Dext5.ocx ActiveX 5.0.0.116 and eariler versions contain a vulnerabili ...)
+ TODO: check
+CVE-2019-19167 (Tobesoft Nexacro v2019.9.25.1 and earlier version have an arbitrary co ...)
+ TODO: check
+CVE-2019-19166 (Tobesoft XPlatform v9.1, 9.2.0, 9.2.1 and 9.2.2 have a vulnerability t ...)
+ TODO: check
CVE-2019-19165 (AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability ...)
NOT-FOR-US: Inogard Ebiz4u
CVE-2019-19164
@@ -76152,8 +76145,8 @@ CVE-2019-4268 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could all
NOT-FOR-US: IBM
CVE-2019-4267 (The IBM Spectrum Protect 7.1 and 8.1 Backup-Archive Client is vulnerab ...)
NOT-FOR-US: IBM
-CVE-2019-4266
- RESERVED
+CVE-2019-4266 (IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 does not ha ...)
+ TODO: check
CVE-2019-4265 (IBM Maximo Anywhere 7.6.0, 7.6.1, 7.6.2, and 7.6.3 does not have devic ...)
NOT-FOR-US: IBM
CVE-2019-4264 (IBM QRadar SIEM 7.2.8 WinCollect could allow an attacker to obtain sen ...)
@@ -117100,8 +117093,8 @@ CVE-2018-8958
RESERVED
CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related ...)
NOT-FOR-US: CoverCMS
-CVE-2018-8956
- RESERVED
+CVE-2018-8956 (ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...)
+ TODO: check
CVE-2018-8955 (The installer for BitDefender GravityZone relies on an encoded string ...)
NOT-FOR-US: BitDefender GravityZone
CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote attackers to ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2853adeab8a940b81d3224f40f6c03ecdd62af9b
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/2853adeab8a940b81d3224f40f6c03ecdd62af9b
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200506/21124842/attachment.html>
More information about the debian-security-tracker-commits
mailing list