automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-10-06 20:10:25 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-10-06 20:10:25 +0000
commit: 101e07f555ca4c1159490ce1b4873a5ec6bf0b10 (patch)
tree: 7beebbd96dbff0b831ba9289cc1eccdebdbe099c
parent: bff423fd66526fb0c320593bbda13fc4ef949433 (diff)
3 files changed, 182 insertions, 101 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index f20ac0a576..ea1dc0b0ed 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -1,3 +1,5 @@
+CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a ...)
+	TODO: check
 CVE-1999-1598
 	RESERVED
 CVE-1999-1597
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index e1445ca990..1d7d8e01fc 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,23 @@
+CVE-2019-20932
+	RESERVED
+CVE-2019-20931
+	RESERVED
+CVE-2019-20930
+	RESERVED
+CVE-2019-20929
+	RESERVED
+CVE-2019-20928
+	RESERVED
+CVE-2019-20927
+	RESERVED
+CVE-2019-20926
+	RESERVED
+CVE-2019-20925
+	RESERVED
+CVE-2019-20924
+	RESERVED
+CVE-2019-20923
+	RESERVED
 CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...)
 	- node-handlebars 3:4.7.2-1
 	- libjs-handlebars <removed>
@@ -4551,8 +4571,8 @@ CVE-2019-19202 (In Vtiger 7.x before 7.2.0, the My Preferences saving functional
 	NOT-FOR-US: Vtiger CRM
 CVE-2019-19201
 	RESERVED
-CVE-2019-19200
-	RESERVED
+CVE-2019-19200 (REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access t ...)
+	TODO: check
 CVE-2019-19199 (REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiratio ...)
 	NOT-FOR-US: REDDOXX MailDepot
 CVE-2019-19198 (The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. ...)
@@ -42986,8 +43006,8 @@ CVE-2019-4727
 	RESERVED
 CVE-2019-4726 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
 	NOT-FOR-US: IBM
-CVE-2019-4725
-	RESERVED
+CVE-2019-4725 (IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site  ...)
+	TODO: check
 CVE-2019-4724
 	RESERVED
 CVE-2019-4723
@@ -43784,10 +43804,10 @@ CVE-2019-4328
 	RESERVED
 CVE-2019-4327 ("HCL AppScan Enterprise uses hard-coded credentials which can be explo ...)
 	NOT-FOR-US: HCL AppScan Enterprise
-CVE-2019-4326
-	RESERVED
-CVE-2019-4325
-	RESERVED
+CVE-2019-4326 ("HCL AppScan Enterprise security rules update administration section o ...)
+	TODO: check
+CVE-2019-4325 ("HCL AppScan Enterprise makes use of broken or risky cryptographic alg ...)
+	TODO: check
 CVE-2019-4324 ("HCL AppScan Enterprise is susceptible to Cross-Site Scripting while i ...)
 	NOT-FOR-US: HCL
 CVE-2019-4323 ("HCL AppScan Enterprise advisory API documentation is susceptible to c ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 7244b61682..8a2f829d71 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,73 @@
+CVE-2020-26607 (An issue was discovered in TimaService on Samsung mobile devices with  ...)
+	TODO: check
+CVE-2020-26606 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+	TODO: check
+CVE-2020-26605 (An issue was discovered on Samsung mobile devices with Q(10.0) and R(1 ...)
+	TODO: check
+CVE-2020-26604 (An issue was discovered in SystemUI on Samsung mobile devices with O(8 ...)
+	TODO: check
+CVE-2020-26603 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+	TODO: check
+CVE-2020-26602 (An issue was discovered in EthernetNetwork on Samsung mobile devices w ...)
+	TODO: check
+CVE-2020-26601 (An issue was discovered in DirEncryptService on Samsung mobile devices ...)
+	TODO: check
+CVE-2020-26600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+	TODO: check
+CVE-2020-26599 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+	TODO: check
+CVE-2020-26598 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+	TODO: check
+CVE-2020-26597 (An issue was discovered on LG mobile devices with Android OS 9.0 and 1 ...)
+	TODO: check
+CVE-2020-26596
+	RESERVED
+CVE-2020-26595
+	RESERVED
+CVE-2020-26594
+	RESERVED
+CVE-2020-26593
+	RESERVED
+CVE-2020-26592
+	RESERVED
+CVE-2020-26591
+	RESERVED
+CVE-2020-26590
+	RESERVED
+CVE-2020-26589
+	RESERVED
+CVE-2020-26588
+	RESERVED
+CVE-2020-26587
+	RESERVED
+CVE-2020-26586
+	RESERVED
+CVE-2020-26585
+	RESERVED
+CVE-2020-26584
+	RESERVED
+CVE-2020-26583
+	RESERVED
+CVE-2020-26582 (D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users ...)
+	TODO: check
+CVE-2020-26581
+	RESERVED
+CVE-2020-26580
+	RESERVED
+CVE-2020-26579
+	RESERVED
+CVE-2020-26578
+	RESERVED
+CVE-2020-26577
+	RESERVED
+CVE-2020-26576
+	RESERVED
+CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...)
+	TODO: check
+CVE-2020-26574 (** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is a ...)
+	TODO: check
+CVE-2020-26573
+	RESERVED
 CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a  ...)
 	- opensc <unfixed>
 	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
@@ -1224,10 +1294,10 @@ CVE-2020-25989
 	RESERVED
 CVE-2020-25988
 	RESERVED
-CVE-2020-25987
-	RESERVED
-CVE-2020-25986
-	RESERVED
+CVE-2020-25987 (MonoCMS Blog version as of 29-09-2020 stores hard-coded admin hashes i ...)
+	TODO: check
+CVE-2020-25986 (Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog versio ...)
+	TODO: check
 CVE-2020-25985
 	RESERVED
 CVE-2020-25984
@@ -1470,8 +1540,7 @@ CVE-2020-25868
 	RESERVED
 CVE-2020-25867
 	RESERVED
-CVE-2020-25866
-	RESERVED
+CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dis ...)
 	- wireshark 3.2.7-1
 	[buster] - wireshark <not-affected> (Vulnerable code not present)
 	[stretch] - wireshark <not-affected> (Vulnerable code not present)
@@ -1481,15 +1550,13 @@ CVE-2020-25865
 	RESERVED
 CVE-2020-25864
 	RESERVED
-CVE-2020-25863
-	RESERVED
+CVE-2020-25863 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...)
 	- wireshark 3.2.7-1
 	[buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
 	[stretch] - wireshark <postponed> (Minor issue, can be fixed along in next DLA)
 	NOTE: https://www.wireshark.org/security/wnpa-sec-2020-11.html
 	NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16741
-CVE-2020-25862
-	RESERVED
+CVE-2020-25862 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...)
 	- wireshark 3.2.7-1
 	[buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
 	[stretch] - wireshark <postponed> (Minor issue, can be fixed along in next DLA)
@@ -1631,10 +1698,10 @@ CVE-2020-25805
 	RESERVED
 CVE-2020-25804
 	RESERVED
-CVE-2020-25803
-	RESERVED
-CVE-2020-25802
-	RESERVED
+CVE-2020-25803 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
+	TODO: check
+CVE-2020-25802 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
+	TODO: check
 CVE-2020-25801
 	RESERVED
 CVE-2020-25800
@@ -1770,15 +1837,13 @@ CVE-2020-25745
 	RESERVED
 CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to ...)
 	NOT-FOR-US: SaferVPN
-CVE-2020-25743 [ide: null pointer dereference while cancelling i/o operation]
-	RESERVED
+CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereferen ...)
 	- qemu <unfixed> (bug #970940)
 	[buster] - qemu <postponed> (Fix along in next qemu DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
 	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
 	NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
-CVE-2020-25742 [scsi: lsi: null pointer dereference during memory move]
-	RESERVED
+CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...)
 	- qemu <unfixed> (bug #971390)
 	[buster] - qemu <postponed> (Fix along in next qemu DSA)
 	[stretch] - qemu <postponed> (Fix along in future DLA)
@@ -1986,16 +2051,14 @@ CVE-2020-25646
 	RESERVED
 CVE-2020-25645
 	RESERVED
-CVE-2020-25644
-	RESERVED
-CVE-2020-25643 [hdlc_ppp: add range checks in ppp_cp_parse_cr()]
-	RESERVED
+CVE-2020-25644 (A memory leak flaw was found in WildFly OpenSSL in versions prior to 1 ...)
+	TODO: check
+CVE-2020-25643 (A memory corruption flaw in the Linux kernel in versions before 5.9-rc ...)
 	- linux <unfixed>
 	NOTE: https://git.kernel.org/linus/66d42ed8b25b64eb63111a2b8582c5afc8bf1105
 CVE-2020-25642
 	RESERVED
-CVE-2020-25641
-	RESERVED
+CVE-2020-25641 (A flaw was found in the Linux kernel's implementation of biovecs in ve ...)
 	{DLA-2385-1}
 	- linux 5.8.10-1
 	[buster] - linux 4.19.146-1
@@ -2011,8 +2074,7 @@ CVE-2020-25639 [NULL pointer dereference via nouveau ioctl can lead to DoS]
 	NOTE: https://lists.freedesktop.org/archives/nouveau/2020-August/036682.html
 CVE-2020-25638
 	RESERVED
-CVE-2020-25637 [double free in qemuAgentGetInterfaces() in qemu_agent.c]
-	RESERVED
+CVE-2020-25637 (A double free memory issue was found to occur in the libvirt API, in v ...)
 	{DLA-2395-1}
 	- libvirt <unfixed> (bug #971555)
 	NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0977b8aa071de550e1a013d35e2c72615e65d520 (v1.2.14-rc1)
@@ -2086,8 +2148,7 @@ CVE-2020-25615
 CVE-2020-25614 (xmlquery before 1.3.1 lacks a check for whether a LoadURL response is  ...)
 	- golang-github-antchfx-xmlquery <unfixed>
 	NOTE: https://github.com/antchfx/xmlquery/issues/39
-CVE-2020-25613 [Potential HTTP Request Smuggling Vulnerability in WEBrick]
-	RESERVED
+CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ...)
 	{DLA-2392-1 DLA-2391-1}
 	- ruby2.7 2.7.1-4
 	- ruby2.5 <removed>
@@ -3830,8 +3891,8 @@ CVE-2020-24809
 	RESERVED
 CVE-2020-24808
 	RESERVED
-CVE-2020-24807
-	RESERVED
+CVE-2020-24807 (** UNSUPPORTED WHEN ASSIGNED ** The socket.io-file package through 2.0 ...)
+	TODO: check
 CVE-2020-24806
 	RESERVED
 CVE-2020-24805
@@ -5123,18 +5184,18 @@ CVE-2020-24221
 	RESERVED
 CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...)
 	NOT-FOR-US: ShopXO
-CVE-2020-24219
-	RESERVED
-CVE-2020-24218
-	RESERVED
-CVE-2020-24217
-	RESERVED
-CVE-2020-24216
-	RESERVED
-CVE-2020-24215
-	RESERVED
-CVE-2020-24214
-	RESERVED
+CVE-2020-24219 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...)
+	TODO: check
+CVE-2020-24218 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...)
+	TODO: check
+CVE-2020-24217 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+	TODO: check
+CVE-2020-24216 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+	TODO: check
+CVE-2020-24215 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+	TODO: check
+CVE-2020-24214 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+	TODO: check
 CVE-2020-24213 (An integer overflow was discovered in YGOPro ygocore v13.51. Attackers ...)
 	NOT-FOR-US: ygocore
 CVE-2020-24212
@@ -5897,8 +5958,8 @@ CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time
 	NOT-FOR-US: Real Time Logic BarracudaDrive
 CVE-2020-23833 (Projectworlds House Rental v1.0 suffers from an unauthenticated SQL In ...)
 	NOT-FOR-US: Projectworlds House Rental
-CVE-2020-23832
-	RESERVED
+CVE-2020-23832 (A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin ...)
+	TODO: check
 CVE-2020-23831 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php  ...)
 	NOT-FOR-US: SourceCodester Stock Management System
 CVE-2020-23830 (A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.ph ...)
@@ -21167,8 +21228,8 @@ CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, c
 	NOTE: https://github.com/radareorg/radare2/issues/17383
 CVE-2020-16268
 	RESERVED
-CVE-2020-16267
-	RESERVED
+CVE-2020-16267 (Zoho ManageEngine Applications Manager version 14740 and prior allows  ...)
+	TODO: check
 CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...)
 	- mantis <removed>
 CVE-2020-16265
@@ -21923,8 +21984,8 @@ CVE-2020-15929
 	RESERVED
 CVE-2020-15928
 	RESERVED
-CVE-2020-15927
-	RESERVED
+CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior allows  ...)
+	TODO: check
 CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...)
 	NOT-FOR-US: Rocket.Chat
 CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...)
@@ -22802,8 +22863,7 @@ CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows C
 	NOT-FOR-US: CMSUno
 CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...)
 	NOT-FOR-US: Victor CMS
-CVE-2020-15598
-	RESERVED
+CVE-2020-15598 (** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial o ...)
 	{DSA-4765-1}
 	- modsecurity 3.0.4-2
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879588
@@ -23641,8 +23701,8 @@ CVE-2020-15241
 	RESERVED
 CVE-2020-15240
 	RESERVED
-CVE-2020-15239
-	RESERVED
+CVE-2020-15239 (In xmpp-http-upload before version 0.4.0, when the GET method is attac ...)
+	TODO: check
 CVE-2020-15238
 	RESERVED
 CVE-2020-15237 (In Shrine before version 3.3.0, when using the `derivation_endpoint` p ...)
@@ -23692,8 +23752,8 @@ CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) bef
 	- golang-github-russellhaering-goxmldsig <unfixed> (bug #971615)
 	NOTE: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
 	NOTE: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64
-CVE-2020-15215
-	RESERVED
+CVE-2020-15215 (Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vuln ...)
+	TODO: check
 CVE-2020-15214 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
 	- tensorflow <itp> (bug #804612)
 CVE-2020-15213 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
@@ -23774,8 +23834,8 @@ CVE-2020-15176
 	RESERVED
 CVE-2020-15175
 	RESERVED
-CVE-2020-15174
-	RESERVED
+CVE-2020-15174 (In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the  ...)
+	TODO: check
 CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a b ...)
 	NOT-FOR-US: ACCEL-PPP
 CVE-2020-15172 (The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerabl ...)
@@ -28272,12 +28332,12 @@ CVE-2020-13347
 	RESERVED
 CVE-2020-13346
 	RESERVED
-CVE-2020-13345
-	RESERVED
+CVE-2020-13345 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
 CVE-2020-13344
 	RESERVED
-CVE-2020-13343
-	RESERVED
+CVE-2020-13343 (An issue has been discovered in GitLab affecting all versions starting ...)
+	TODO: check
 CVE-2020-13342
 	RESERVED
 CVE-2020-13341
@@ -28300,8 +28360,7 @@ CVE-2020-13335
 CVE-2020-13334
 	RESERVED
 	- gitlab <unfixed>
-CVE-2020-13333
-	RESERVED
+CVE-2020-13333 (A potential DOS vulnerability was discovered in GitLab versions 13.1,  ...)
 	- gitlab <unfixed>
 CVE-2020-13332
 	RESERVED
@@ -39519,10 +39578,10 @@ CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions pri
 	NOT-FOR-US: SuiteCRM
 CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
 	NOT-FOR-US: SuiteCRM
-CVE-2020-8782
-	RESERVED
-CVE-2020-8781
-	RESERVED
+CVE-2020-8782 (Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 al ...)
+	TODO: check
+CVE-2020-8781 (Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 an ...)
+	TODO: check
 CVE-2020-8780
 	RESERVED
 CVE-2020-8779
@@ -41940,12 +41999,12 @@ CVE-2020-7743
 	RESERVED
 CVE-2020-7742
 	RESERVED
-CVE-2020-7741
-	RESERVED
-CVE-2020-7740
-	RESERVED
-CVE-2020-7739
-	RESERVED
+CVE-2020-7741 (This affects the package hellojs before 1.18.6. The code get the param ...)
+	TODO: check
+CVE-2020-7740 (This affects all versions of package node-pdf-generator. Due to lack o ...)
+	TODO: check
+CVE-2020-7739 (This affects all versions of package phantomjs-seo. It is possible for ...)
+	TODO: check
 CVE-2020-7738 (All versions of package shiba are vulnerable to Arbitrary Code Executi ...)
 	TODO: check
 CVE-2020-7737 (All versions of package safetydance are vulnerable to Prototype Pollut ...)
@@ -42551,10 +42610,10 @@ CVE-2020-7468
 	RESERVED
 CVE-2020-7467
 	RESERVED
-CVE-2020-7466
-	RESERVED
-CVE-2020-7465
-	RESERVED
+CVE-2020-7466 (The PPP implementation of MPD before 5.9 allows a remote attacker who  ...)
+	TODO: check
+CVE-2020-7465 (The L2TP implementation of MPD before 5.9 allows a remote attacker who ...)
+	TODO: check
 CVE-2020-7464
 	RESERVED
 CVE-2020-7463
@@ -43047,7 +43106,7 @@ CVE-2020-7234 (Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via
 	NOT-FOR-US: Ruckus ZoneFlex R310 devices
 CVE-2020-7233 (KMS Controls BAC-A1616BC BACnet devices have a cleartext password of s ...)
 	NOT-FOR-US: KMS Controls BAC-A1616BC BACnet devices
-CVE-2020-7232 (Evoko Home 1.31 devices allow remote attackers to obtain sensitive inf ...)
+CVE-2020-7232 (Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain  ...)
 	NOT-FOR-US: Evoko Home devices
 CVE-2020-7231 (Evoko Home 1.31 devices provide different error messages for failed lo ...)
 	NOT-FOR-US: Evoko Home devices
@@ -49433,8 +49492,8 @@ CVE-2020-4530 (IBM Business Automation Workflow C.D.0 and IBM Business Process M
 	NOT-FOR-US: IBM
 CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server si ...)
 	NOT-FOR-US: IBM
-CVE-2020-4528
-	RESERVED
+CVE-2020-4528 (IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 throug ...)
+	TODO: check
 CVE-2020-4527 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
 	NOT-FOR-US: IBM
 CVE-2020-4526 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
@@ -55098,20 +55157,20 @@ CVE-2020-1909
 	RESERVED
 CVE-2020-1908
 	RESERVED
-CVE-2020-1907
-	RESERVED
-CVE-2020-1906
-	RESERVED
-CVE-2020-1905
-	RESERVED
-CVE-2020-1904
-	RESERVED
-CVE-2020-1903
-	RESERVED
-CVE-2020-1902
-	RESERVED
-CVE-2020-1901
-	RESERVED
+CVE-2020-1907 (A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsA ...)
+	TODO: check
+CVE-2020-1906 (A buffer overflow in WhatsApp for Android prior to v2.20.130 and Whats ...)
+	TODO: check
+CVE-2020-1905 (Media ContentProvider URIs used for opening attachments in other apps  ...)
+	TODO: check
+CVE-2020-1904 (A path validation issue in WhatsApp for iOS prior to v2.20.61 and What ...)
+	TODO: check
+CVE-2020-1903 (An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for ...)
+	TODO: check
+CVE-2020-1902 (A user running a quick search on a highly forwarded message on WhatsAp ...)
+	TODO: check
+CVE-2020-1901 (Receiving a large text message containing URLs in WhatsApp for iOS pri ...)
+	TODO: check
 CVE-2020-1900
 	RESERVED
 CVE-2020-1899
author	security tracker role <sectracker@soriano.debian.org>	2020-10-06 20:10:25 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-10-06 20:10:25 +0000
commit	101e07f555ca4c1159490ce1b4873a5ec6bf0b10 (patch)
tree	7beebbd96dbff0b831ba9289cc1eccdebdbe099c
parent	bff423fd66526fb0c320593bbda13fc4ef949433 (diff)