diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-07 20:10:26 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-07 20:10:26 +0000 |
commit | 567c0eaa0aeb6c1a3f5071751543af90d3253aa5 (patch) | |
tree | f5411ff6ee7a84a24b7b4c11a2275e9f7460431b | |
parent | 9fdf9c7da2193410a4bc927e7541127705cbbab1 (diff) |
automatic update
-rw-r--r-- | data/CVE/2008.list | 2 | ||||
-rw-r--r-- | data/CVE/2010.list | 3 | ||||
-rw-r--r-- | data/CVE/2012.list | 6 | ||||
-rw-r--r-- | data/CVE/2013.list | 55 | ||||
-rw-r--r-- | data/CVE/2014.list | 33 | ||||
-rw-r--r-- | data/CVE/2017.list | 8 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 62 | ||||
-rw-r--r-- | data/CVE/2020.list | 32 |
9 files changed, 112 insertions, 91 deletions
diff --git a/data/CVE/2008.list b/data/CVE/2008.list index d0b9017dcc..f1ba0df1e4 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -8173,7 +8173,7 @@ CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP serve ...) NOT-FOR-US: WS_FTP Home CVE-2008-3793 - RESERVED + REJECTED NOT-FOR-US: Adobe Flash Player CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) i ...) {DSA-1636-1} diff --git a/data/CVE/2010.list b/data/CVE/2010.list index f90e975f8d..d993c4ec1b 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1529,8 +1529,7 @@ CVE-2010-4660 (Unspecified vulnerability in statusnet through 2010 due to the wa - statusnet <itp> (bug #491723) CVE-2010-4659 (Cross-site scripting (XSS) vulnerability in statusnet through 2010 in ...) - statusnet <itp> (bug #491723) -CVE-2010-4658 - RESERVED +CVE-2010-4658 (statusnet through 2010 allows attackers to spoof syslog messages via n ...) - statusnet <itp> (bug #491723) CVE-2010-4657 (PHP5 before 5.4.4 allows passing invalid utf-8 strings via the xmlText ...) - php5 5.4.4-1 (low) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index df4140f52f..33114bd9b4 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -12744,11 +12744,9 @@ CVE-2012-1569 (The asn1_get_length_der function in decoding.c in GNU Libtasn1 be - libtasn1-3 2.12-1 (high) CVE-2012-1568 (The ExecShield feature in a certain Red Hat patch for the Linux kernel ...) - linux-2.6 <not-affected> (execshield issue) -CVE-2012-1567 - RESERVED +CVE-2012-1567 (LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities ...) NOT-FOR-US: LinuxMint -CVE-2012-1566 - RESERVED +CVE-2012-1566 (LinuxMint as of 2012-03-19 has temporary file creation vulnerabilities ...) NOT-FOR-US: LinuxMint CVE-2012-1565 (Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and ...) NOT-FOR-US: eZ Publish diff --git a/data/CVE/2013.list b/data/CVE/2013.list index e30cdb449d..36110a0979 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -8305,11 +8305,9 @@ CVE-2013-4337 REJECTED CVE-2013-4336 REJECTED -CVE-2013-4335 - RESERVED +CVE-2013-4335 (opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML ...) NOT-FOR-US: opOpenSocialPlugin -CVE-2013-4334 - RESERVED +CVE-2013-4334 (opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities ...) NOT-FOR-US: opWebAPIPlugin CVE-2013-4333 (OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an Ex ...) NOT-FOR-US: OpenPNE @@ -10176,12 +10174,12 @@ CVE-2013-3639 (Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4 NOT-FOR-US: Xaraya CVE-2013-3638 (SQL injection vulnerability in Boonex Dolphin before 7.1.3 allows remo ...) TODO: check -CVE-2013-3637 - RESERVED -CVE-2013-3636 - RESERVED -CVE-2013-3635 - RESERVED +CVE-2013-3637 (ProjectPier 0.8.8 does not use the Secure flag for cookies ...) + TODO: check +CVE-2013-3636 (ProjectPier 0.8.8 has a Remote Information Disclosure Weakness because ...) + TODO: check +CVE-2013-3635 (ProjectPier 0.8.8 has stored XSS ...) + TODO: check CVE-2013-3634 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens switches CVE-2013-3633 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) @@ -10194,10 +10192,10 @@ CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators t NOTE: For Moodle: Not a securiy issue according to upstream, only applicable to administrators, see bug #775842 NOTE: https://tracker.moodle.org/browse/MDL-41449 NOTE: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats -CVE-2013-3629 - RESERVED -CVE-2013-3628 - RESERVED +CVE-2013-3629 (ISPConfig 3.0.5.2 has Arbitrary PHP Code Execution ...) + TODO: check +CVE-2013-3628 (Zabbix 2.0.9 has an Arbitrary Command Execution Vulnerability ...) + TODO: check CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed Age ...) NOT-FOR-US: McAfee CVE-2013-3626 (Directory traversal vulnerability in the Session Server in Attachmate ...) @@ -10270,8 +10268,8 @@ CVE-2013-3593 (Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) NOT-FOR-US: Baramundi Management Suite CVE-2013-3592 RESERVED -CVE-2013-3591 - RESERVED +CVE-2013-3591 (vTiger CRM 5.3 and 5.4: 'files' Upload Folder Arbitrary PHP Code Execu ...) + TODO: check CVE-2013-3590 (Unrestricted file upload vulnerability in admin/uploadImage.html in Se ...) NOT-FOR-US: SearchBlox CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the Admi ...) @@ -11366,8 +11364,8 @@ CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRE NOT-FOR-US: TRENDnet TEW-812DRU router CVE-2013-3097 (Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FI ...) NOT-FOR-US: Verizon -CVE-2013-3096 - RESERVED +CVE-2013-3096 (D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking ...) + TODO: check CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link D ...) NOT-FOR-US: D-Link CVE-2013-3094 @@ -11376,8 +11374,8 @@ CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...) NOT-FOR-US: ASUS RT-N56U devices CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...) NOT-FOR-US: Belkin router -CVE-2013-3091 - RESERVED +CVE-2013-3091 (An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) rout ...) + TODO: check CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 rou ...) NOT-FOR-US: Belkin N300 router CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...) @@ -11431,8 +11429,8 @@ CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WN NOT-FOR-US: NETGEAR devices CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksy ...) NOT-FOR-US: Linksys -CVE-2013-3067 - RESERVED +CVE-2013-3067 (Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. ...) + TODO: check CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict ...) NOT-FOR-US: Linksys CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental Controls sect ...) @@ -14374,11 +14372,9 @@ CVE-2013-2011 (WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code- CVE-2013-2010 RESERVED NOT-FOR-US: W3 Total Cache -CVE-2013-2009 - RESERVED +CVE-2013-2009 (WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution ...) NOT-FOR-US: WP Super Cache -CVE-2013-2008 - RESERVED +CVE-2013-2008 (WordPress Super Cache Plugin 1.3 has XSS. ...) NOT-FOR-US: WP Super Cache CVE-2013-2007 (The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when s ...) - qemu <not-affected> (qemu guest agent introduced in 1.4, vulnerable versions were only in experimental) @@ -16897,8 +16893,8 @@ CVE-2013-1204 (Memory leak in the SNMP process in Cisco IOS XR allows remote att NOT-FOR-US: Cisco IOS XR CVE-2013-1203 (Cisco ASA CX Context-Aware Security Software allows remote attackers t ...) NOT-FOR-US: Cisco ASA -CVE-2013-1202 - RESERVED +CVE-2013-1202 (Cisco ACE A2(3.6) allows log retention DoS. ...) + TODO: check CVE-2013-1201 RESERVED CVE-2013-1200 (Session fixation vulnerability in Cisco Secure Access Control System ( ...) @@ -19586,8 +19582,7 @@ CVE-2013-0194 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote a CVE-2013-0193 (Cross-site Scripting (XSS) in Piwik before 1.10.1 allows remote attack ...) - piwik <itp> (bug #506933) NOTE: http://piwik.org/blog/2013/01/piwik-1-10/ -CVE-2013-0192 - RESERVED +CVE-2013-0192 (File Disclosure in SMF (SimpleMachines Forum) <= 2.0.3: Forum admin ...) NOT-FOR-US: Simple Machines Forum CVE-2013-0188 REJECTED diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 22e6d7422e..0695cf4da3 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -2813,8 +2813,8 @@ CVE-2014-9532 RESERVED CVE-2014-9531 RESERVED -CVE-2014-9530 - RESERVED +CVE-2014-9530 (A vulnerability exists in nw.js before 0.11.3 when calling nw methods ...) + TODO: check CVE-2014-9528 (SQL injection vulnerability in the actionIndex function in protected/m ...) NOT-FOR-US: HumHub CVE-2014-9527 (HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cau ...) @@ -8851,8 +8851,7 @@ CVE-2014-7226 (The file comment feature in Rejetto HTTP File Server (hfs) 2.3c a NOT-FOR-US: Rejetto HTTP File Server CVE-2014-7225 RESERVED -CVE-2014-7224 - RESERVED +CVE-2014-7224 (A Code Execution vulnerability exists in Android prior to 4.4.0 relate ...) NOT-FOR-US: Android addJavascriptInterface CVE-2014-7223 RESERVED @@ -10719,8 +10718,8 @@ CVE-2014-6419 RESERVED CVE-2014-6415 RESERVED -CVE-2014-6413 - RESERVED +CVE-2014-6413 (A Cross-site Scripting (XSS) vulnerability exists in WatchGuard XTM 11 ...) + TODO: check CVE-2014-6412 (WordPress before 4.4 makes it easier for remote attackers to predict p ...) - wordpress <not-affected> (Affects only Wordpress on Windows systems) CVE-2014-6411 @@ -12790,8 +12789,8 @@ CVE-2014-5470 RESERVED CVE-2014-5469 RESERVED -CVE-2014-5468 - RESERVED +CVE-2014-5468 (A File Inclusion vulnerability exists in Railo 4.2.1 and earlier via a ...) + TODO: check CVE-2014-5467 RESERVED CVE-2014-5466 (Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk We ...) @@ -12869,7 +12868,7 @@ CVE-2014-5441 (Multiple cross-site scripting (XSS) vulnerabilities in app/views/ NOT-FOR-US: Fat Free CRM CVE-2014-5440 (SQL injection vulnerability in Login.aspx in MPEX Business Solutions M ...) NOT-FOR-US: MX-SmartTimer -CVE-2014-5439 (sniffit 0.3.7 and prior: A configuration file can be leveraged to exec ...) +CVE-2014-5439 (Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit ...) {DLA-713-1} - sniffit 0.3.7.beta-20 (bug #845122) [jessie] - sniffit 0.3.7.beta-17+deb8u1 @@ -13255,8 +13254,8 @@ CVE-2014-5290 RESERVED CVE-2014-5289 (Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execu ...) NOT-FOR-US: Senkas Kolibri -CVE-2014-5288 - RESERVED +CVE-2014-5288 (A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via uns ...) + TODO: check CVE-2014-5287 (A Bash script injection vulnerability exists in Kemp Load Master 7.1-1 ...) NOT-FOR-US: Kemp Load Master CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO ActiveM ...) @@ -13275,8 +13274,8 @@ CVE-2014-5280 (boot2docker 1.2 and earlier allows attackers to conduct cross-sit NOT-FOR-US: boot2docker CVE-2014-5279 (The Docker daemon managed by boot2docker 1.2 and earlier improperly en ...) NOT-FOR-US: boot2docker -CVE-2014-5278 - RESERVED +CVE-2014-5278 (A vulnerability exists in Docker before 1.2 via container names, which ...) + TODO: check CVE-2014-5277 (Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when ...) - docker.io 1.3.1~dfsg1-1 NOTE: https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion @@ -13797,16 +13796,16 @@ CVE-2014-5093 (Status2k does not remove the install directory allowing credentia NOT-FOR-US: Status2k CVE-2014-5092 (Status2k allows Remote Command Execution in admin/options/editpl.php. ...) NOT-FOR-US: Status2k -CVE-2014-5091 - RESERVED +CVE-2014-5091 (A vulnerability exits in Status2K 2.5 Server Monitoring Software via t ...) + TODO: check CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated adminis ...) NOT-FOR-US: Status2k CVE-2014-5089 (SQL injection vulnerability in admin/options/logs.php in Status2k allo ...) NOT-FOR-US: Status2k CVE-2014-5088 (Cross-site scripting (XSS) vulnerability in Status2k allows remote att ...) NOT-FOR-US: Status2k -CVE-2014-5087 - RESERVED +CVE-2014-5087 (A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to ...) + TODO: check CVE-2014-5086 RESERVED CVE-2014-5085 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 43953bcfb2..e4979ae6f2 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -44270,13 +44270,13 @@ CVE-2017-3151 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were CVE-2017-3150 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use cookie ...) NOT-FOR-US: Apache Atlas CVE-2017-3149 - RESERVED + REJECTED CVE-2017-3148 - RESERVED + REJECTED CVE-2017-3147 - RESERVED + REJECTED CVE-2017-3146 - RESERVED + REJECTED CVE-2017-3145 (BIND was improperly sequencing cleanup operations on upstream recursio ...) {DSA-4089-1 DLA-1255-1} - bind9 1:9.11.2.P1-1 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 961b7c3161..40ca08a360 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -40972,7 +40972,7 @@ CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in [wheezy] - lrzip <no-dsa> (Minor issue) NOTE: https://github.com/ckolivas/lrzip/issues/90 CVE-2018-5746 - RESERVED + REJECTED CVE-2018-5745 ("managed-keys" is a feature which allows a BIND resolver to automatica ...) {DSA-4440-1 DLA-1697-1} - bind9 1:9.11.5.P4+dfsg-1 (low; bug #922954) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 6ff744ec3e..1250660fe9 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,9 @@ +CVE-2019-20450 + RESERVED +CVE-2019-20449 + RESERVED +CVE-2019-20448 + RESERVED CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...) NOT-FOR-US: Jobberbase CMS CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nest ...) @@ -3835,8 +3841,8 @@ CVE-2019-18990 RESERVED CVE-2019-18989 RESERVED -CVE-2019-18988 - RESERVED +CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login a ...) + TODO: check CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for ...) NOT-FOR-US: AbuseFilter MediaWiki extension CVE-2019-18986 (Pimcore before 6.2.2 allow attackers to brute-force (guess) valid user ...) @@ -7808,8 +7814,8 @@ CVE-2019-17270 (Yachtcontrol through 2019-10-06: It's possible to perform direct NOT-FOR-US: Yachtcontrol CVE-2019-17269 (Intellian Remote Access 3.18 allows remote attackers to execute arbitr ...) NOT-FOR-US: Intellian Remote Access -CVE-2019-17268 - RESERVED +CVE-2019-17268 (The omniauth-weibo-oauth2 gem 0.4.6 for Ruby, as distributed on RubyGe ...) + TODO: check CVE-2019-17267 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...) {DLA-2030-1} - jackson-databind 2.10.0-1 @@ -10556,8 +10562,8 @@ CVE-2019-16157 RESERVED CVE-2019-16156 RESERVED -CVE-2019-16155 - RESERVED +CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...) + TODO: check CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...) NOT-FOR-US: FortiAuthenticator WEB UI CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM database ...) @@ -11950,12 +11956,12 @@ CVE-2019-15608 RESERVED CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: <= ...) TODO: check -CVE-2019-15606 - RESERVED -CVE-2019-15605 - RESERVED -CVE-2019-15604 - RESERVED +CVE-2019-15606 (Including trailing white space in HTTP header values in Nodejs 10, 12, ...) + TODO: check +CVE-2019-15605 (HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payl ...) + TODO: check +CVE-2019-15604 (Improper Certificate Validation in Node.js 10, 12, and 13 causes the p ...) + TODO: check CVE-2019-15603 (The seefl package v0.1.1 is vulnerable to a stored Cross-Site Scriptin ...) NOT-FOR-US: seefl CVE-2019-15602 (The fileview package v0.1.6 has inadequate output encoding and escapin ...) @@ -37118,7 +37124,7 @@ CVE-2019-6467 (A programming error in the nxdomain-redirect feature can cause an - bind9 <not-affected> (Vulnerable code only present in 9.12 onwards) NOTE: https://kb.isc.org/docs/cve-2019-6467 CVE-2019-6466 - RESERVED + REJECTED CVE-2019-6465 (Controls for zone transfers may not be properly applied to Dynamically ...) {DSA-4440-1 DLA-1697-1} - bind9 1:9.11.5.P4+dfsg-1 (low; bug #922955) @@ -39065,35 +39071,35 @@ CVE-2019-5666 (NVIDIA Windows GPU Display Driver contains a vulnerability in the CVE-2019-5665 (NVIDIA Windows GPU Display driver contains a vulnerability in the 3D v ...) NOT-FOR-US: Nvidia drivers on Windows CVE-2019-5664 - RESERVED + REJECTED CVE-2019-5663 - RESERVED + REJECTED CVE-2019-5662 - RESERVED + REJECTED CVE-2019-5661 - RESERVED + REJECTED CVE-2019-5660 - RESERVED + REJECTED CVE-2019-5659 - RESERVED + REJECTED CVE-2019-5658 - RESERVED + REJECTED CVE-2019-5657 - RESERVED + REJECTED CVE-2019-5656 - RESERVED + REJECTED CVE-2019-5655 - RESERVED + REJECTED CVE-2019-5654 - RESERVED + REJECTED CVE-2019-5653 - RESERVED + REJECTED CVE-2019-5652 - RESERVED + REJECTED CVE-2019-5651 - RESERVED + REJECTED CVE-2019-5650 - RESERVED + REJECTED CVE-2019-5649 RESERVED CVE-2019-5648 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index b41b742cf5..ab611646be 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,27 @@ +CVE-2020-8794 + RESERVED +CVE-2020-8793 + RESERVED +CVE-2020-8792 + RESERVED +CVE-2020-8791 + RESERVED +CVE-2020-8790 + RESERVED +CVE-2020-8789 + RESERVED +CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...) + TODO: check +CVE-2020-8787 + RESERVED +CVE-2020-8786 + RESERVED +CVE-2020-8785 + RESERVED +CVE-2020-8784 + RESERVED +CVE-2020-8783 + RESERVED CVE-2020-8782 RESERVED CVE-2020-8781 @@ -1356,8 +1380,8 @@ CVE-2020-8128 RESERVED CVE-2020-8127 RESERVED -CVE-2020-8126 - RESERVED +CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...) + TODO: check CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...) NOT-FOR-US: klona node module CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...) @@ -14475,8 +14499,8 @@ CVE-2020-1770 RESERVED CVE-2020-1769 RESERVED -CVE-2020-1768 - RESERVED +CVE-2020-1768 (The external frontend system uses numerous background calls to the bac ...) + TODO: check CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then Agent ...) {DLA-2079-1} - otrs2 6.0.25-1 |