diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-09-16 20:10:26 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-09-16 20:10:26 +0000 |
| commit | 45509bc46a721c79e2e0b13b0b6eda4c7463a6fb (patch) | |
| tree | 92855175d5975bea43911f3256762f2116718f48 | |
| parent | e49acca864e12fa6c9f29b3ed0ce6efa5bbf2b68 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2014.list | 2 | ||||
| -rw-r--r-- | data/CVE/2020.list | 252 |
2 files changed, 117 insertions, 137 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 9e5758b5d6..ef0619b513 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1,3 +1,5 @@ +CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl. DBD: ...) + TODO: check CVE-2014-10401 (An issue was discovered in the DBI module before 1.632 for Perl. DBD:: ...) - libdbi-perl 1.633-1 NOTE: https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 5c157bd2dc..2a05e1a87f 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,27 @@ +CVE-2020-25625 + RESERVED +CVE-2020-25624 + RESERVED +CVE-2020-25623 + RESERVED +CVE-2020-25622 + RESERVED +CVE-2020-25621 + RESERVED +CVE-2020-25620 + RESERVED +CVE-2020-25619 + RESERVED +CVE-2020-25618 + RESERVED +CVE-2020-25617 + RESERVED +CVE-2020-25616 + RESERVED +CVE-2020-25615 + RESERVED +CVE-2020-25614 (xmlquery before 1.3.1 lacks a check for whether a LoadURL response is ...) + TODO: check CVE-2020-25613 RESERVED CVE-2020-25612 @@ -98,8 +122,8 @@ CVE-2020-25561 RESERVED CVE-2020-25560 RESERVED -CVE-2020-25559 - RESERVED +CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing print_set_output ...) + TODO: check CVE-2020-25558 RESERVED CVE-2020-25557 @@ -392,8 +416,8 @@ CVE-2020-25414 RESERVED CVE-2020-25413 RESERVED -CVE-2020-25412 - RESERVED +CVE-2020-25412 (gnuplot 5.4 is affected by a segmentation fault in com_line () at comm ...) + TODO: check CVE-2020-25411 RESERVED CVE-2020-25410 @@ -1177,12 +1201,10 @@ CVE-2020-25042 (An arbitrary file upload issue exists in Mara CMS 7.5. In order NOT-FOR-US: Mara CMS CVE-2020-25041 RESERVED -CVE-2020-25040 [Insecure permissions on build temporary rootfs] - RESERVED +CVE-2020-25040 (Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary ...) - singularity-container <unfixed> (bug #970465) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762 -CVE-2020-25039 [Insecure permissions on user namespace / fakeroot temporary rootfs] - RESERVED +CVE-2020-25039 (Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on tem ...) - singularity-container <unfixed> (bug #970465) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7 CVE-2020-25038 @@ -1233,8 +1255,8 @@ CVE-2020-25018 RESERVED CVE-2020-25017 RESERVED -CVE-2020-25015 - RESERVED +CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...) + TODO: check CVE-2020-25014 RESERVED CVE-2020-25013 @@ -1501,11 +1523,11 @@ CVE-2020-24893 CVE-2020-24892 RESERVED CVE-2020-24891 - RESERVED -CVE-2020-24890 - RESERVED -CVE-2020-24889 - RESERVED + REJECTED +CVE-2020-24890 (libraw 20.0 has a null pointer dereference vulnerability in parse_tiff ...) + TODO: check +CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::Ge ...) + TODO: check CVE-2020-24888 RESERVED CVE-2020-24887 @@ -23315,13 +23337,11 @@ CVE-2020-14395 RESERVED CVE-2020-14394 RESERVED -CVE-2020-14393 - RESERVED +CVE-2020-14393 (A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local ...) - libdbi-perl 1.643-1 [buster] - libdbi-perl <no-dsa> (Minor issue) NOTE: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b -CVE-2020-14392 - RESERVED +CVE-2020-14392 (An untrusted pointer dereference flaw was found in Perl-DBI < 1.643 ...) - libdbi-perl 1.643-1 [buster] - libdbi-perl <no-dsa> (Minor issue) NOTE: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1 @@ -23347,8 +23367,7 @@ CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate NOTE: Introduced by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d (v3.2.0pre1) NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549 -CVE-2020-14386 [af_packet memory corruption] - RESERVED +CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption ...) - linux 5.8.7-1 NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3 CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure of the ...) @@ -23359,8 +23378,7 @@ CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-red NOT-FOR-US: JBossWeb CVE-2020-14383 RESERVED -CVE-2020-14382 - RESERVED +CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0 where, ...) - cryptsetup 2:2.3.4-1 (bug #969471) [buster] - cryptsetup <not-affected> (Vulnerable code not present) [stretch] - cryptsetup <not-affected> (Vulnerable code not present) @@ -23490,8 +23508,7 @@ CVE-2020-14349 (It was found that PostgreSQL versions before 12.4, before 11.9 a NOTE: https://www.postgresql.org/about/news/2060/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=11da97024abbe76b8c81e3f2375b2a62e9717c67 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc -CVE-2020-14348 - RESERVED +CVE-2020-14348 (It was found in AMQ Online before 1.5.2 that injecting an invalid fiel ...) NOT-FOR-US: AMQ Online CVE-2020-14347 (A flaw was found in the way xserver memory was not properly initialize ...) {DSA-4758-1 DLA-2359-1} @@ -23617,8 +23634,7 @@ CVE-2020-14317 - wildfly <itp> (bug #752018) CVE-2020-14316 (A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instanc ...) NOT-FOR-US: KubeVirt -CVE-2020-14315 - RESERVED +CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipped in ...) - bsdiff <unfixed> (bug #964796) [buster] - bsdiff <no-dsa> (Minor issue) [stretch] - bsdiff <no-dsa> (Minor issue) @@ -23660,8 +23676,7 @@ CVE-2020-14308 (In grub2 versions before 2.06 the grub memory allocator doesn't NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=f725fa7cb2ece547c5af01eeeecfe8d95802ed41 CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) ver ...) - wildfly <itp> (bug #752018) -CVE-2020-14306 - RESERVED +CVE-2020-14306 (An incorrect access control flaw was found in the operator, openshift- ...) NOT-FOR-US: OpenShift CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module] RESERVED @@ -24610,8 +24625,7 @@ CVE-2020-13930 RESERVED CVE-2020-13929 RESERVED -CVE-2020-13928 - RESERVED +CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving se ...) NOT-FOR-US: Apache Atlas CVE-2020-13927 RESERVED @@ -26237,8 +26251,8 @@ CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13260 RESERVED -CVE-2020-13259 - RESERVED +CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) + TODO: check CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) NOT-FOR-US: Contentful CVE-2020-13257 @@ -32493,8 +32507,7 @@ CVE-2020-10783 (Red Hat CloudForms 4.7 and 5 is affected by a role-based privile NOT-FOR-US: Red Hat CloudForm CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible version ...) NOT-FOR-US: Ansible Tower -CVE-2020-10781 [zram sysfs resource consumption] - RESERVED +CVE-2020-10781 (A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel ...) - linux 5.7.10-1 [stretch] - linux <not-affected> (Vulnerable code introduced later) [jessie] - linux <not-affected> (Vulnerable code introduced later) @@ -32587,8 +32600,7 @@ CVE-2020-10759 (A PGP signature bypass flaw was found in fwupd (all versions), w NOTE: Fixed by: https://github.com/fwupd/fwupd/commit/21f2d12fccef63b8aaa99ec53278ce18250b0444 (1.3.10) NOTE: Introduced with: https://github.com/fwupd/fwupd/commit/36a889034c3d34ae4ac4530ea7b6b16e82476fae (0.1.2) NOTE: https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e -CVE-2020-10758 - RESERVED +CVE-2020-10758 (A vulnerability was found in Keycloak before 11.0.1 where DoS attack i ...) NOT-FOR-US: Keycloak CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} @@ -32637,8 +32649,7 @@ CVE-2020-10749 (A vulnerability was found in all versions of containernetworking - golang-github-containernetworking-plugins 0.8.6-1 NOTE: https://github.com/containernetworking/plugins/pull/484 NOTE: https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43 -CVE-2020-10748 - RESERVED +CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1, where i ...) NOT-FOR-US: Keycloak CVE-2020-10747 REJECTED @@ -32684,8 +32695,7 @@ CVE-2020-10735 RESERVED CVE-2020-10734 RESERVED -CVE-2020-10733 - RESERVED +CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ...) - postgresql-12 <not-affected> (Windows-specific) - postgresql-11 <not-affected> (Windows-specific) - postgresql-9.6 <not-affected> (Windows-specific) @@ -32752,8 +32762,7 @@ CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, reg NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459 NOTE: https://issues.redhat.com/browse/UNDERTOW-1708 (not public) NOTE: most likely fixed by https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf -CVE-2020-10718 - RESERVED +CVE-2020-10718 (A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, wher ...) - wildfly <itp> (bug #752018) CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file system dae ...) - qemu 1:5.0-5 (bug #959746) @@ -32765,8 +32774,7 @@ CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file syst CVE-2020-10716 RESERVED NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation -CVE-2020-10715 - RESERVED +CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...) NOT-FOR-US: Openshift Web Console CVE-2020-10714 RESERVED @@ -39655,8 +39663,8 @@ CVE-2020-7735 RESERVED CVE-2020-7734 RESERVED -CVE-2020-7733 - RESERVED +CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to Regular Expre ...) + TODO: check CVE-2020-7732 RESERVED CVE-2020-7731 @@ -40108,16 +40116,16 @@ CVE-2020-7534 RESERVED CVE-2020-7533 RESERVED -CVE-2020-7532 - RESERVED -CVE-2020-7531 - RESERVED -CVE-2020-7530 - RESERVED -CVE-2020-7529 - RESERVED -CVE-2020-7528 - RESERVED +CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...) + TODO: check +CVE-2020-7531 (A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x ...) + TODO: check +CVE-2020-7530 (A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x ...) + TODO: check +CVE-2020-7529 (A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ( ...) + TODO: check +CVE-2020-7528 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...) + TODO: check CVE-2020-7527 (Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) a ...) NOT-FOR-US: Schneider CVE-2020-7526 (Improper Input Validation vulnerability exists in PowerChute Business ...) @@ -41931,8 +41939,8 @@ CVE-2020-6783 RESERVED CVE-2020-6782 RESERVED -CVE-2020-6781 - RESERVED +CVE-2020-6781 (Improper certificate validation for certain connections in the Bosch S ...) + TODO: check CVE-2020-6780 RESERVED CVE-2020-6779 @@ -43656,8 +43664,8 @@ CVE-2020-6148 RESERVED CVE-2020-6147 RESERVED -CVE-2020-6146 - RESERVED +CVE-2020-6146 (An exploitable code execution vulnerability exists in the rendering fu ...) + TODO: check CVE-2020-6145 (An SQL injection vulnerability exists in the frappe.desk.reportview.ge ...) NOT-FOR-US: ERPNext CVE-2020-6144 (A remote code execution vulnerability exists in the install functional ...) @@ -46792,8 +46800,8 @@ CVE-2020-4710 RESERVED CVE-2020-4709 RESERVED -CVE-2020-4708 - RESERVED +CVE-2020-4708 (IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some infor ...) + TODO: check CVE-2020-4707 RESERVED CVE-2020-4706 @@ -47390,8 +47398,8 @@ CVE-2020-4411 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5 NOT-FOR-US: IBM CVE-2020-4410 (IBM Jazz Foundation and IBM Engineering products could allow an authen ...) NOT-FOR-US: IBM -CVE-2020-4409 - RESERVED +CVE-2020-4409 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attac ...) + TODO: check CVE-2020-4408 (The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRada ...) NOT-FOR-US: IBM CVE-2020-4407 @@ -48257,16 +48265,16 @@ CVE-2020-3992 RESERVED CVE-2020-3991 RESERVED -CVE-2020-3990 - RESERVED -CVE-2020-3989 - RESERVED -CVE-2020-3988 - RESERVED -CVE-2020-3987 - RESERVED -CVE-2020-3986 - RESERVED +CVE-2020-3990 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) + TODO: check +CVE-2020-3989 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) + TODO: check +CVE-2020-3988 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) + TODO: check +CVE-2020-3987 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) + TODO: check +CVE-2020-3986 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) + TODO: check CVE-2020-3985 RESERVED CVE-2020-3984 @@ -48277,8 +48285,8 @@ CVE-2020-3982 RESERVED CVE-2020-3981 RESERVED -CVE-2020-3980 - RESERVED +CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...) + TODO: check CVE-2020-3979 RESERVED CVE-2020-3978 @@ -51978,86 +51986,59 @@ CVE-2020-2280 RESERVED CVE-2020-2279 RESERVED -CVE-2020-2278 - RESERVED +CVE-2020-2278 (Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2277 - RESERVED +CVE-2020-2277 (Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/ ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2276 - RESERVED +CVE-2020-2276 (Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specifi ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2275 - RESERVED +CVE-2020-2275 (Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit w ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2274 - RESERVED +CVE-2020-2274 (Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password u ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2273 - RESERVED +CVE-2020-2273 (A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2272 - RESERVED +CVE-2020-2272 (A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlie ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2271 - RESERVED +CVE-2020-2271 (Jenkins Locked Files Report Plugin 1.6 and earlier does not escape loc ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2270 - RESERVED +CVE-2020-2270 (Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the c ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2269 - RESERVED +CVE-2020-2269 (Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape vie ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2268 - RESERVED +CVE-2020-2268 (A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB P ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2267 - RESERVED +CVE-2020-2267 (A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier a ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2266 - RESERVED +CVE-2020-2266 (Jenkins Description Column Plugin 1.3 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2265 - RESERVED +CVE-2020-2265 (Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2264 - RESERVED +CVE-2020-2264 (Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2263 - RESERVED +CVE-2020-2263 (Jenkins Radiator View Plugin 1.29 and earlier does not escape the full ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2262 - RESERVED +CVE-2020-2262 (Jenkins Android Lint Plugin 2.6 and earlier does not escape the annota ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2261 - RESERVED +CVE-2020-2261 (Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jen ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2260 - RESERVED +CVE-2020-2260 (A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2259 - RESERVED +CVE-2020-2259 (Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape t ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2258 - RESERVED +CVE-2020-2258 (Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2257 - RESERVED +CVE-2020-2257 (Jenkins Validating String Parameter Plugin 2.4 and earlier does not es ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2256 - RESERVED +CVE-2020-2256 (Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not e ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2255 - RESERVED +CVE-2020-2255 (A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and ear ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2254 - RESERVED +CVE-2020-2254 (Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2253 - RESERVED +CVE-2020-2253 (Jenkins Email Extension Plugin 2.75 and earlier does not perform hostn ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2252 - RESERVED +CVE-2020-2252 (Jenkins Mailer Plugin 1.32 and earlier does not perform hostname valid ...) NOT-FOR-US: Jenkins plugin CVE-2020-2251 (Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits ...) NOT-FOR-US: Jenkins plugin @@ -53265,8 +53246,7 @@ CVE-2020-1749 (A flaw was found in the Linux kernel's implementation of some net [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2 -CVE-2020-1748 - RESERVED +CVE-2020-1748 (A flaw was found in all supported versions before wildfly-elytron-1.6. ...) - wildfly <itp> (bug #752018) CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions befor ...) - pyyaml 5.3-2 (bug #953013) @@ -53442,8 +53422,7 @@ CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the - qemu-kvm <removed> NOTE: Upstream patch: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc (5.0) NOTE: https://www.openwall.com/lists/oss-security/2020/01/23/3 -CVE-2020-1710 - RESERVED +CVE-2020-1710 (The issue appears to be that JBoss EAP 6.4.21 does not parse the field ...) NOT-FOR-US: JBoss EAP CVE-2020-1709 (A vulnerability was found in all openshift/mediawiki 4.x.x versions pr ...) NOT-FOR-US: openshift @@ -53491,8 +53470,7 @@ CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.F - resteasy <undetermined> - resteasy3.0 <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462 -CVE-2020-1694 - RESERVED +CVE-2020-1694 (A flaw was found in all versions of Keycloak before 10.0.0, where the ...) NOT-FOR-US: Keycloak CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...) NOT-FOR-US: Red Hat Satellite / Spacewalk |