summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--conf/cvelist.el7
-rw-r--r--data/CVE/1999.list2
-rw-r--r--data/CVE/2004.list2
-rw-r--r--data/CVE/2005.list10
-rw-r--r--data/CVE/2011.list4
-rw-r--r--data/CVE/2012.list2
-rw-r--r--data/CVE/2013.list11
-rw-r--r--data/CVE/2014.list4
-rw-r--r--data/CVE/2015.list11
-rw-r--r--data/CVE/2016.list17
-rw-r--r--data/CVE/2017.list38
-rw-r--r--data/CVE/2018.list148
-rw-r--r--data/CVE/2019.list563
-rw-r--r--data/CVE/2020.list11097
-rw-r--r--data/CVE/2021.list400
-rw-r--r--data/DLA/list129
-rw-r--r--data/DSA/list45
-rw-r--r--data/dla-needed.txt150
-rw-r--r--data/dsa-needed.txt12
-rw-r--r--data/embedded-code-copies1
-rw-r--r--data/next-point-update.txt209
-rw-r--r--data/packages/removed-packages3
-rw-r--r--lib/debian-releases.mk5
-rw-r--r--lib/python/config.py2
-rw-r--r--lib/python/debian_support.py52
-rw-r--r--org/lts-frontdesk.2020.txt2
26 files changed, 9104 insertions, 3822 deletions
diff --git a/conf/cvelist.el b/conf/cvelist.el
index fa8b16c..5e34f12 100644
--- a/conf/cvelist.el
+++ b/conf/cvelist.el
@@ -1,5 +1,4 @@
;; Major mode for Debian's CVE list
-;; currently only does some syntax highlighting
;;
;; Can be enabled via
;;
@@ -18,10 +17,16 @@
(interactive)
(insert "\tNOTE: "))
+(defun debian-cvelist-cvesearch ()
+ "Look up a CVE ID at the MITRE website"
+ (interactive)
+ (browse-url (concat "https://cve.mitre.org/cgi-bin/cvename.cgi?name=" (thing-at-point 'symbol))))
+
(defvar debian-cvelist-mode-map
(let ((map (make-sparse-keymap)))
(define-key map (kbd "C-c C-f") 'debian-cvelist-insert-not-for-us)
(define-key map (kbd "C-c C-n") 'debian-cvelist-insert-note)
+ (define-key map (kbd "C-c C-c") 'debian-cvelist-cvesearch)
map)
"Keymap for `debian-cvelist-mode'.")
diff --git a/data/CVE/1999.list b/data/CVE/1999.list
index f20ac0a..f7bfd6f 100644
--- a/data/CVE/1999.list
+++ b/data/CVE/1999.list
@@ -1,3 +1,5 @@
+CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a ...)
+ - glibc 2.2-1
CVE-1999-1598
RESERVED
CVE-1999-1597
diff --git a/data/CVE/2004.list b/data/CVE/2004.list
index f9799a6..7a3d0d7 100644
--- a/data/CVE/2004.list
+++ b/data/CVE/2004.list
@@ -2895,7 +2895,7 @@ CVE-2004-1388 (Format string vulnerability in the gpsd_report function for Berli
CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...)
- apache 1.3.33-3
CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, whic ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain se ...)
- phpgroupware 0.9.16.005-1 (unimportant)
NOTE: path disclosure only, path is known on Debian anyway
diff --git a/data/CVE/2005.list b/data/CVE/2005.list
index 200aae0..6761bdb 100644
--- a/data/CVE/2005.list
+++ b/data/CVE/2005.list
@@ -3094,9 +3094,9 @@ CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
NOT-FOR-US: Antville
CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows remo ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows l ...)
- linux-2.6 2.6.14-1 (low)
- kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later)
@@ -3718,7 +3718,7 @@ CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in comersus_backoffice_s
CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before 6.0 ...)
NOT-FOR-US: AhnLab
CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 al ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass authenticati ...)
NOT-FOR-US: Splatt Forum
CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 al ...)
@@ -7129,7 +7129,7 @@ CVE-2005-1927
CVE-2005-1926
RESERVED
CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...)
- NOT-FOR-US: Tikiwiki
+ - tikiwiki <removed>
CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote a ...)
NOT-FOR-US: External Squirrelmail plugin not packaged in Debian
CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, an ...)
@@ -11065,7 +11065,7 @@ CVE-2005-0202 (Directory traversal vulnerability in the true_path function in pr
CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a socket ...)
- dbus 0.22
CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...)
- NOT-FOR-US: TikiWiki
+ - tikiwiki <removed>
CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ngIRC ...)
NOT-FOR-US: ngIRCd
CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Labe ...)
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 00c3654..9fc930c 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -448,7 +448,7 @@ CVE-2011-5131 (Cross-site request forgery (CSRF) vulnerability in global.php in
CVE-2011-5130 (dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when regi ...)
NOT-FOR-US: Family Connections CMS
CVE-2011-5129 (Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote at ...)
- - xchat <unfixed> (unimportant; bug #686454)
+ - xchat <removed> (unimportant; bug #686454)
CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize ...)
NOT-FOR-US: Adminimize plugin for Wordpress
CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2 ...)
@@ -2304,7 +2304,7 @@ CVE-2011-4338 (Shaman 1.0.9: Users can add the line askforpwd=false to his shama
CVE-2011-4337 (Static code injection vulnerability in translate.php in Support Incide ...)
NOT-FOR-US: Support Incident Tracker
CVE-2011-4336 (Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to sn ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2 ...)
NOT-FOR-US: Contao
CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uploaded ...)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 354f7d0..9cdd769 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -13819,7 +13819,7 @@ CVE-2012-1096 (NetworkManager 0.9 and earlier allows local users to use other us
[squeeze] - network-manager <no-dsa> (Minor issue)
NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=793329
CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or package ...)
- - osc <unfixed> (unimportant)
+ - osc 0.134.0-1 (unimportant)
NOTE: This is ultimately a bug in the respectice terminal emulations and not a vulnerability in osc
CVE-2012-1094 (JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostna ...)
- libapache2-mod-cluster <itp> (bug #731410)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index b76a41d..e78d112 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -3151,7 +3151,7 @@ CVE-2013-6396 (The OpenStack Python client library for Swift (python-swiftclient
- python-swiftclient 1:2.0.2-1 (bug #730626)
NOTE: https://bugs.launchpad.net/python-swiftclient/+bug/1199783
CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web ...)
- - ganglia-web <unfixed> (unimportant; bug #730507)
+ - ganglia-web 3.6.1-1 (unimportant; bug #730507)
[squeeze] - ganglia <not-affected> (Vulnerable code not present)
NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
- ganglia 3.6.0-1
@@ -3159,6 +3159,7 @@ CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in Ganglia
NOTE: ganglia-web and ganglia are now two separate source packages
NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
NOTE: https://github.com/ganglia/ganglia-web/issues/218
+ NOTE: https://github.com/ganglia/ganglia-web/commit/fbdf26542510c01931dac7856bb908f651ad05e6
CVE-2013-6394 (Percona XtraBackup before 2.1.6 uses a constant string for the initial ...)
- percona-xtrabackup 2.1.6-2 (bug #730544)
CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0 ...)
@@ -7064,9 +7065,9 @@ CVE-2013-4717 [SQL injection]
CVE-2013-4716 (Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and ...)
NOT-FOR-US: Tattyan HP TOWN
CVE-2013-4715 (SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before 6. ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2013-4714 (Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2013-4713 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk w ...)
NOT-FOR-US: I-O DATA DEVICE RockDisk
CVE-2013-4712 (I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlie ...)
@@ -8191,7 +8192,7 @@ CVE-2013-4365 (Heap-based buffer overflow in the fcgid_header_bucket_read functi
CVE-2013-4364 ((1) oo-analytics-export and (2) oo-analytics-import in the openshift-o ...)
NOT-FOR-US: OpenShift
CVE-2013-4363 (Algorithmic complexity vulnerability in Gem::Version::ANCHORED_VERSION ...)
- - rubygems <removed> (unimportant; bug #722361)
+ - rubygems <unfixed> (unimportant; bug #722361)
- libgems-ruby <removed> (unimportant; bug #722361)
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
@@ -8481,7 +8482,7 @@ CVE-2013-4288 (Race condition in PolicyKit (aka polkit) allows local users to by
[squeeze] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
[wheezy] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
CVE-2013-4287 (Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...)
- - rubygems <removed> (unimportant; bug #722361)
+ - rubygems <unfixed> (unimportant; bug #722361)
- libgems-ruby <removed> (unimportant; bug #722361)
NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
NOTE: it a potential elevated CPU consumption doesn't add any extra harm
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 7c4158e..f30ac8a 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1,11 +1,13 @@
CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl. DBD: ...)
- - libdbi-perl <unfixed>
+ - libdbi-perl <unfixed> (bug #972180)
[buster] - libdbi-perl <postponed> (Revisit when fixed upstream)
+ [stretch] - libdbi-perl <postponed> (Revisit when fixed upstream)
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
CVE-2014-10401 (An issue was discovered in the DBI module before 1.632 for Perl. DBD:: ...)
- libdbi-perl 1.633-1
NOTE: https://github.com/perl5-dbi/dbi/commit/caedc0d7d602f5b2ae5efc1b00f39efeafb7b05a
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508
+ NOTE: Proposed fix: https://github.com/perl5-dbi/dbi/pull/93
CVE-2014-10400 (The session.lua library in CGILua 5.0.x uses sequential session IDs, w ...)
- lua-cgi <not-affected> (session generation changed in 5.1.x, cf. CVE-2014-10399)
NOTE: https://seclists.org/fulldisclosure/2014/Apr/318
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 4e4781d..024193c 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -6691,9 +6691,9 @@ CVE-2015-7382 (SQL injection vulnerability in install.php in Web Reference Datab
CVE-2015-7381 (Multiple PHP remote file inclusion vulnerabilities in install.php in W ...)
NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-7380
- RESERVED
+ REJECTED
CVE-2015-7379
- RESERVED
+ REJECTED
CVE-2015-7378 (Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "P ...)
NOT-FOR-US: Panda Security
CVE-2015-7377 (Cross-site scripting (XSS) vulnerability in pie-register/pie-register. ...)
@@ -8186,13 +8186,14 @@ CVE-2015-6815 (The process_tx_desc function in hw/net/e1000.c in QEMU before 2.4
NOTE: https://www.openwall.com/lists/oss-security/2015/09/04/4
NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
CVE-2015-6816 (ganglia-web before 3.7.1 allows remote attackers to bypass authenticat ...)
- - ganglia-web <unfixed> (unimportant; bug #798213)
+ - ganglia-web 3.7.5+debian-1 (unimportant; bug #798213)
- ganglia 3.6.0-1 (unimportant)
[squeeze] - ganglia <not-affected> (affected code not present)
NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
NOTE: https://www.openwall.com/lists/oss-security/2015/09/04/2
NOTE: https://github.com/ganglia/ganglia-web/issues/267
+ NOTE: https://github.com/ganglia/ganglia-web/commit/f8cc17054270d54f53d92bbe3f7764dc3d9efcc7
CVE-2015-6817 (PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows r ...)
- pgbouncer 1.6.1-1
[jessie] - pgbouncer <not-affected> (Introduced in 1.6)
@@ -13884,8 +13885,8 @@ CVE-2015-4721 (Multiple cross-site scripting (XSS) vulnerabilities in Concrete5
NOT-FOR-US: Concrete5
CVE-2015-4720
REJECTED
-CVE-2015-4719
- RESERVED
+CVE-2015-4719 (The client API authentication mechanism in Pexip Infinity before 10 al ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2015-4718 (The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x ...)
{DSA-3373-1}
- owncloud 7.0.6+dfsg-1
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 556f1cb..6be1484 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -1,3 +1,6 @@
+CVE-2016-11086 (lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby doe ...)
+ - ruby-oauth <unfixed> (bug #970932)
+ NOTE: https://github.com/oauth-xx/oauth-ruby/issues/137
CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin befor ...)
NOT-FOR-US: Wordpress plugin
CVE-2016-11084 (An issue was discovered in Mattermost Server before 2.1.0. It allows X ...)
@@ -1986,7 +1989,7 @@ CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of servi
NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608
-CVE-2016-10269 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...)
+CVE-2016-10269 (LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0. ...)
{DSA-3844-1 DLA-877-1}
- tiff 4.0.7-2
- tiff3 <removed>
@@ -2137,7 +2140,7 @@ CVE-2016-10229 (udp.c in the Linux kernel before 4.5 allows remote attackers to
[jessie] - linux 3.16.7-ckt20-1+deb8u2
[wheezy] - linux 3.2.73-2+deb7u2
NOTE: Fixed by: https://git.kernel.org/linus/197c949e7798fbf28cfadc69d9ca0c2abbf93191 (v4.5-rc1)
-CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and e ...)
+CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.31 and e ...)
- glibc 2.31-3 (low; bug #856503)
[buster] - glibc <no-dsa> (Minor issue)
[stretch] - glibc <no-dsa> (Minor issue)
@@ -2707,7 +2710,7 @@ CVE-2016-10094 (Off-by-one error in the t2p_readwrite_pdf_image_tile function in
- tiff3 <not-affected> (vulnerable code introduced later)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
-CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote atta ...)
+CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 3.9.3, 3.9.4, 3.9. ...)
{DSA-3762-1 DLA-795-1}
- tiff 4.0.7-2
- tiff3 <removed>
@@ -3339,7 +3342,7 @@ CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and a
CVE-2016-9890
RESERVED
CVE-2016-9889 (Some forms with the parameter geo_zoomlevel_to_found_location in Tiki ...)
- NOT-FOR-US: Tiki Wiki
+ - tikiwiki <removed>
CVE-2016-9888 (An error within the "tar_directory_for_file()" function (gsf-infile-ta ...)
{DLA-2183-1 DLA-740-1}
- libgsf 1.14.41-1
@@ -28843,11 +28846,11 @@ CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer asso
NOTE: Fix for 2.x http://git.tuxfamily.org/chrony/chrony.git/commit/?id=a78bf9725a7b481ebff0e0c321294ba767f2c1d8
NOTE: Fix for 1.x http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=df46e5ca5d70be1c0ae037f96b4b038362703832
CVE-2016-1566 (Cross-site scripting (XSS) vulnerability in the file browser in Guacam ...)
- - guacamole-client <unfixed> (bug #859136)
- [stretch] - guacamole-client <no-dsa> (Minor issue)
- [jessie] - guacamole-client <not-affected> (Vulnerable code not present)
+ - guacamole-client <not-affected> (Vulnerable code never present in released Debian version, cf #859136)
- guacamole <not-affected> (Vulnerable code not present)
NOTE: Fixed by: https://github.com/glyptodon/guacamole-client/commit/7da13129c432d1c0a577342a9bf23ca2bde9c367
+ NOTE: The Debian released versions never contained the broken code in guacFileBrowser.js
+ NOTE: in a released version.
CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group module 7.x ...)
NOT-FOR-US: Field Group module for Drupal
CVE-2016-1714 (The (1) fw_cfg_write and (2) fw_cfg_read functions in hw/nvram/fw_cfg. ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 475519f..880744f 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,8 @@
+CVE-2017-18925 (opentmpfiles through 0.3.1 allows local users to take ownership of arb ...)
+ - opentmpfiles <unfixed>
+ NOTE: https://github.com/OpenRC/opentmpfiles/issues/4
+CVE-2017-18924 (** DISPUTED ** oauth2-server (aka node-oauth2-server) through 3.1.1 im ...)
+ NOT-FOR-US: node-oauth2-server
CVE-2017-18923 (beroNet VoIP Gateways before 3.0.16 have a PHP script that allows down ...)
NOT-FOR-US: beroNet
CVE-2017-18922 (It was discovered that websockets.c in LibVNCServer prior to 0.9.12 di ...)
@@ -3433,7 +3438,7 @@ CVE-2017-17743 (Improper input sanitization within the restricted administration
NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x befo ...)
{DSA-4259-1 DLA-2330-1 DLA-2027-1 DLA-1421-1 DLA-1359-1 DLA-1358-1}
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
- ruby2.5 2.5.1-1
- ruby2.3 <removed>
- ruby2.1 <removed>
@@ -3441,6 +3446,7 @@ CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.
- ruby1.8 <removed>
NOTE: https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
NOTE: https://github.com/jruby/jruby/releases/tag/9.2.12.0
+ NOTE: https://github.com/ruby/ruby/commit/d9d4a28f1cdd05a0e8dabb36d747d40bbcc30f16
CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows attac ...)
{DSA-4082-1 DSA-4073-1 DLA-1232-1}
- linux 4.14.7-1
@@ -4226,8 +4232,8 @@ CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered
NOTE: Debian packaging does not build JPWL, has BUILD_JPWL:BOOL=OFF
CVE-2017-17478 (An XSS issue was discovered in Designer Studio in Pegasystems Pega Pla ...)
NOT-FOR-US: Pegasystems Pega Platform
-CVE-2017-17477
- RESERVED
+CVE-2017-17477 (Pexip Infinity before 17 allows an unauthenticated remote attacker to ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a deni ...)
@@ -6156,7 +6162,8 @@ CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to stea
CVE-2017-16838
RESERVED
CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are no ...)
- - tboot <itp> (bug #803180)
+ - tboot <not-affected> (Fixed with first upload to Debian)
+ NOTE: https://sourceforge.net/p/tboot/code/ci/521c58e51eb5be105a29983742850e72c44ed80e/
CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC2 ...)
NOT-FOR-US: Arris TG1682G devices
CVE-2017-16835 (The "Photo,Video Locker-Calculator" application 12.0 for Android has a ...)
@@ -10901,7 +10908,7 @@ CVE-2017-15096 (A flaw was found in GlusterFS in versions prior to 3.10. A null
CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind in versi ...)
{DSA-4037-1 DLA-2342-1 DLA-2091-1}
- jackson-databind 2.9.1-1
- - libjackson-json-java <unfixed>
+ - libjackson-json-java 1.9.13-2
NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.4.2-2+deb8u1)
NOTE: misses the further sets of blacklists, in particular as well
NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835
@@ -11084,7 +11091,7 @@ CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_sam
NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
-CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3 ...)
+CVE-2017-15045 (LAME 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read ...)
- lame 3.99.5+repack1-8
[jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://sourceforge.net/p/lame/bugs/478/
@@ -11597,9 +11604,9 @@ CVE-2017-14926 (In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRic
NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102601
NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2532df6060092e9fab7f041ae9598aff9cdd94bb
CVE-2017-14925 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2017-14924 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tik ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2017-14923 (Stored XSS vulnerability via IMG element at "Leadname" of CRM in Tine ...)
NOT-FOR-US: Tine groupware
CVE-2017-14922 (Stored XSS vulnerability via IMG element at "History" of Profile, Cale ...)
@@ -29385,8 +29392,7 @@ CVE-2017-8762 (GeniXCMS 1.0.2 has XSS triggered by an authenticated user who sub
NOT-FOR-US: GenixCMS
CVE-2017-8761 [Swift tempurl middleware reveals signatures in the logfiles]
RESERVED
- - swift <unfixed>
- [buster] - swift <no-dsa> (Minor issue)
+ - swift 2.17.0-2
[stretch] - swift <no-dsa> (Minor issue)
[jessie] - swift <end-of-life> (Not supported in Jessie LTS)
NOTE: https://bugs.launchpad.net/swift/+bug/1685798
@@ -33001,7 +33007,7 @@ CVE-2017-7526 (libgcrypt before version 1.7.8 is vulnerable to a cache side-chan
CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind, version ...)
{DSA-4004-1 DLA-2342-1 DLA-2091-1}
- jackson-databind 2.9.1-1 (bug #870848)
- - libjackson-json-java <unfixed>
+ - libjackson-json-java 1.9.13-2
NOTE: https://github.com/FasterXML/jackson-databind/issues/1599
NOTE: For libjackson-json-java:
NOTE: https://github.com/FasterXML/jackson-1/commit/9ac68db819bce7b9546bc4bf1c44f82ca910fa31
@@ -49824,7 +49830,7 @@ CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a po
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
- - rubygems <removed>
+ - rubygems <unfixed>
[wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2017/10/10/2
NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html
@@ -49835,7 +49841,7 @@ CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijack
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
- - rubygems <removed>
+ - rubygems <unfixed>
[wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
@@ -49846,7 +49852,7 @@ CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specificati
- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
@@ -49856,7 +49862,7 @@ CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously
- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
@@ -49866,7 +49872,7 @@ CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously
- ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802)
- ruby2.1 <removed> (unimportant)
- ruby1.9.1 <removed> (unimportant)
- - rubygems <removed> (unimportant)
+ - rubygems <unfixed> (unimportant)
NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 97cc50d..d8959f0 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -1,9 +1,12 @@
+CVE-2018-21269 (checkpath in OpenRC through 0.42.1 might allow local users to take own ...)
+ - openrc <unfixed>
+ NOTE: https://github.com/OpenRC/openrc/issues/201
CVE-2018-21268 (The traceroute (aka node-traceroute) package through 1.0.0 for Node.js ...)
NOT-FOR-US: Node traceroute
CVE-2018-21267
- RESERVED
+ REJECTED
CVE-2018-21266
- RESERVED
+ REJECTED
CVE-2018-21265 (An issue was discovered in Mattermost Desktop App before 4.0.0. It mis ...)
NOT-FOR-US: Mattermost
CVE-2018-21264 (An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and ...)
@@ -78,7 +81,7 @@ CVE-2018-21235 (An issue was discovered in Foxit E-mail advertising system befor
NOT-FOR-US: Foxit E-mail advertising system
CVE-2018-21234 (Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when ...)
- jodd <unfixed> (bug #961298)
- [buster] - jodd <no-dsa> (Minor issue)
+ [buster] - jodd <ignored> (Minor issue; upstream fix needs changes in rdeps and none present in Buster)
NOTE: https://github.com/oblac/jodd/commit/9bffc3913aeb8472c11bb543243004b4b4376f16
NOTE: https://github.com/oblac/jodd/issues/628
CVE-2018-21233 (TensorFlow before 1.7.0 has an integer overflow that causes an out-of- ...)
@@ -1943,7 +1946,7 @@ CVE-2018-20536 (There is a heap-based buffer over-read at liblas::SpatialReferen
NOTE: https://github.com/libLAS/libLAS/pull/183
NOTE: https://github.com/libLAS/libLAS/commit/ca88a11a8a0548d3aa78b643e6c701708b826fa9
CVE-2018-20535 (There is a use-after-free at asm/preproc.c (function pp_getline) in Ne ...)
- - nasm <unfixed> (unimportant; bug #918270)
+ - nasm 2.15.04-1 (unimportant; bug #918270)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392530
NOTE: Crash in CLI tool, no security impact
CVE-2018-20534 (** DISPUTED ** There is an illegal address access at ext/testcase.c in ...)
@@ -2772,7 +2775,7 @@ CVE-2018-1000826 (Microweber version &lt;= 1.0.7 contains a Cross Site Scripting
NOT-FOR-US: Microweber
CVE-2018-1000825 (FreeCol version &lt;= nightly-2018-08-22 contains a XML External Entit ...)
- freecol 0.11.6+dfsg2-3 (bug #917023; low)
- [buster] - freecol <no-dsa> (Minor issue)
+ [buster] - freecol <no-dsa> (Minor issue, will be fixed via spu)
[stretch] - freecol <no-dsa> (Minor issue)
[jessie] - freecol <end-of-life> (Games are not supported)
NOTE: https://github.com/FreeCol/freecol/issues/26
@@ -2930,8 +2933,8 @@ CVE-2018-20245 (The LDAP auth backend (airflow.contrib.auth.backends.ldap_auth)
- airflow <itp> (bug #819700)
CVE-2018-20244 (In Apache Airflow before 1.10.2, a malicious admin user could edit the ...)
- airflow <itp> (bug #819700)
-CVE-2018-20243
- RESERVED
+CVE-2018-20243 (The implementation of POST with the username and password in the URL p ...)
+ NOT-FOR-US: Apache Fineract
CVE-2018-20242 (A carefully crafted URL could trigger an XSS vulnerability on Apache J ...)
- jspwiki <removed>
CVE-2018-20241 (The Edit upload resource for a review in Atlassian Fisheye and Crucibl ...)
@@ -4065,53 +4068,47 @@ CVE-2018-19875
CVE-2018-19874
RESERVED
CVE-2018-19873 (An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer ...)
- {DSA-4374-1 DLA-1786-1 DLA-1627-1}
+ {DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2 (low)
- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/238749/
NOTE: https://github.com/qt/qtbase/commit/621ab8ab59901cc3f9bd98be709929c9eac997a8
CVE-2018-19872 (An issue was discovered in Qt 5.11. A malformed PPM image causes a div ...)
+ {DLA-2377-1 DLA-2376-1}
- qtbase-opensource-src 5.11.2+dfsg-3 (low)
- [stretch] - qtbase-opensource-src <no-dsa> (Minor issue)
[jessie] - qtbase-opensource-src <no-dsa> (Minor issue)
- qt4-x11 4:4.8.7+dfsg-18
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
[jessie] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://bugreports.qt.io/browse/QTBUG-69449
NOTE: qt4-x11: POC doesn't crash on neither jessie nor stretch, it's possibly incomplete; patch applies though.
CVE-2018-19871 (An issue was discovered in Qt before 5.11.3. There is QTgaFile Uncontr ...)
- {DLA-1786-1}
+ {DLA-2377-1 DLA-1786-1}
- qtimageformats-opensource-src 5.11.3-2 (low)
[stretch] - qtimageformats-opensource-src <no-dsa> (Minor issue)
[jessie] - qtimageformats-opensource-src <postponed> (Minor issue)
- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/237761/
NOTE: qt4-x11 affected in src/plugins/imageformats/tga/qtgafile.cpp
NOTE: https://github.com/qt/qtimageformats/commit/7cfe47a8fe2f987fb2a066a696fb3d9d0afe4d65
CVE-2018-19870 (An issue was discovered in Qt before 5.11.3. A malformed GIF image cau ...)
- {DSA-4374-1 DLA-1786-1 DLA-1627-1}
+ {DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2 (low)
- qt4-x11 4:4.8.7+dfsg-18 (low; bug #923003)
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/235998/
NOTE: affected code can be in src/gui/image/qgifhandler.cpp or in
NOTE: src/plugins/imageformats/gif/qgifhandler.cpp depending on the version
NOTE: https://github.com/qt/qtbase/commit/2841e2b61e32f26900bde987d469c8b97ea31999
CVE-2018-19869 (An issue was discovered in Qt before 5.11.3. A malformed SVG image cau ...)
- {DLA-1786-1}
+ {DLA-2377-1 DLA-1786-1}
[experimental] - qtsvg-opensource-src 5.11.3-1
- qtsvg-opensource-src 5.11.3-2 (low)
- [stretch] - qtsvg-opensource-src <no-dsa> (Minor issue)
[jessie] - qtsvg-opensource-src <no-dsa> (Minor issue)
- qt4-x11 4:4.8.7+dfsg-18 (low)
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/234142/
NOTE: https://github.com/qt/qtsvg/commit/8c199714e9bc638fb3f6ec747fb7a23373e49335
@@ -4455,7 +4452,7 @@ CVE-2018-19756 (There is a heap-based buffer over-read at stb_image.h (function:
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649198 (reproducer)
NOTE: CVE description is misleading, not an issue in libstb
CVE-2018-19755 (There is an illegal address access at asm/preproc.c (function: is_mmac ...)
- - nasm <unfixed> (unimportant; bug #915087)
+ - nasm 2.15.02-1 (unimportant; bug #915087)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392528
NOTE: https://github.com/netwide-assembler/nasm/commit/3079f7966dbed4497e36d5067cbfd896a90358cb
NOTE: Crash in CLI tool, no security impact
@@ -5877,7 +5874,7 @@ CVE-2018-19212 (In libwebm through 2018-10-03, there is an abort caused by libwe
NOTE: Chromium and qtwebengine bundle the library, but not a security issue there
CVE-2018-19211 (In ncurses 6.1, there is a NULL pointer dereference at function _nc_pa ...)
- ncurses 6.1+20180210-3 (low)
- [stretch] - ncurses <no-dsa> (Minor issue)
+ [stretch] - ncurses <ignored> (Minor issue)
[jessie] - ncurses <no-dsa> (Minor issue)
[wheezy] - ncurses <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643754
@@ -7476,7 +7473,7 @@ CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due
NOTE: Fixed by: https://git.kernel.org/linus/15fe076edea787807a7cdc168df832544b58eba6
CVE-2018-18558 (An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 ...)
NOT-FOR-US: Espressif ESP-IDF
-CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into ...)
+CVE-2018-18557 (LibTIFF 3.9.3, 3.9.4, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta ...)
{DSA-4349-1 DLA-1557-1}
- tiff 4.0.9+git181026-1 (bug #911635)
- tiff3 <removed>
@@ -7617,9 +7614,8 @@ CVE-2018-18509 (A flaw during verification of certain S/MIME signatures causes e
{DSA-4392-1 DLA-1678-1}
- thunderbird 1:60.5.1-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-06/#CVE-2018-18511
-CVE-2018-18508 [NULL pointer dereference in several CMS functions resulting in a denial of service]
- RESERVED
- {DLA-1704-1}
+CVE-2018-18508 (In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a ...)
+ {DLA-2388-1 DLA-1704-1}
- nss 2:3.42.1-1 (bug #921614)
NOTE: https://hg.mozilla.org/projects/nss/rev/08d1b0c1117f
NOTE: https://hg.mozilla.org/projects/nss/rev/5e70b72131ac
@@ -9488,7 +9484,7 @@ CVE-2018-17797 (An issue was discovered in zzcms 8.3. user/zssave.php allows rem
NOT-FOR-US: zzcms
CVE-2018-17796 (An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The Web ...)
NOT-FOR-US: MRCMS
-CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remot ...)
+CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier ...)
- tiff 4.0.9-2
[stretch] - tiff 4.0.8-2+deb9u2
[jessie] - tiff 4.0.3-12.3+deb8u5
@@ -11913,8 +11909,11 @@ CVE-2018-16849 (A flaw was found in openstack-mistral. By manipulating the SSH p
[stretch] - mistral 3.0.0-4+deb9u1
NOTE: https://bugs.launchpad.net/mistral/+bug/1783708
CVE-2018-16848 (A Denial of Service (DoS) condition is possible in OpenStack Mistral i ...)
- - mistral <undetermined>
+ - mistral 10.0.0~rc1-2
+ [buster] - mistral <no-dsa> (Minor issue)
+ [stretch] - mistral <end-of-life> (OpenStack component; not supported in stretch LTS)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1645332
+ NOTE: https://bugs.launchpad.net/mistral/%2Bbug/1785657
CVE-2018-16847 (An OOB heap buffer r/w access issue was found in the NVM Express Contr ...)
- qemu 1:3.1+dfsg-1 (bug #912655)
[stretch] - qemu <not-affected> (support for Controller Memory Buffers added later)
@@ -15441,11 +15440,10 @@ CVE-2018-15520 (Various Lexmark devices have a Buffer Overflow (issue 2 of 2). .
CVE-2018-15519 (Various Lexmark devices have a Buffer Overflow (issue 1 of 2). ...)
NOT-FOR-US: Lexmark devices
CVE-2018-15518 (QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption dur ...)
- {DSA-4374-1 DLA-1786-1 DLA-1627-1}
+ {DSA-4374-1 DLA-2377-1 DLA-1786-1 DLA-1627-1}
[experimental] - qtbase-opensource-src 5.11.3+dfsg-1
- qtbase-opensource-src 5.11.3+dfsg-2
- qt4-x11 4:4.8.7+dfsg-18 (low)
- [stretch] - qt4-x11 <no-dsa> (Minor issue)
NOTE: https://blog.qt.io/blog/2018/12/04/qt-5-11-3-released-important-security-updates/
NOTE: https://codereview.qt-project.org/#/c/236691/
CVE-2018-15517 (The MailConnect feature on D-Link Central WiFiManager CWM-100 1.03 r00 ...)
@@ -16204,16 +16202,16 @@ CVE-2018-15163
CVE-2018-15162
RESERVED
CVE-2018-15161 (** DISPUTED ** The libesedb_key_append_data function in libesedb_key.c ...)
- - libesedb <undetermined>
+ NOTE: Disputed libesedb issues
NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15160 (** DISPUTED ** The libesedb_catalog_definition_read function in libese ...)
- - libesedb <undetermined>
+ NOTE: Disputed libesedb issues
NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15159 (** DISPUTED ** The libesedb_page_read_tags function in libesedb_page.c ...)
- - libesedb <undetermined>
+ NOTE: Disputed libesedb issues
NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15158 (** DISPUTED ** The libesedb_page_read_values function in libesedb_page ...)
- - libesedb <undetermined>
+ NOTE: Disputed libesedb issues
NOTE: https://github.com/libyal/libesedb/issues/43
CVE-2018-15157 (** DISPUTED ** The libfsclfs_block_read function in libfsclfs_block.c ...)
NOT-FOR-US: libfsclfs
@@ -21990,7 +21988,6 @@ CVE-2018-12888
CVE-2018-12887
RESERVED
CVE-2018-12886 (stack_protect_prologue in cfgexpand.c and stack_protect_epilogue in fu ...)
- - gcc-snapshot <unfixed>
- gcc-8 <unfixed>
[buster] - gcc-8 <ignored> (Too intrusive to backport)
- gcc-7 <unfixed>
@@ -23369,7 +23366,7 @@ CVE-2018-12405 (Mozilla developers and community members reported memory safety
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-30/#CVE-2018-12405
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-31/#CVE-2018-12405
CVE-2018-12404 (A cached side channel attack during handshakes using RSA encryption co ...)
- {DLA-1704-1}
+ {DLA-2388-1 DLA-1704-1}
- nss 2:3.41-1
NOTE: http://cat.eyalro.net/
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1485864 (not public)
@@ -25192,10 +25189,10 @@ CVE-2018-11767 (In Apache Hadoop 2.9.0 to 2.9.1, 2.8.3 to 2.8.4, 2.7.5 to 2.7.6,
- hadoop <itp> (bug #793644)
CVE-2018-11766 (In Apache Hadoop 2.7.4 to 2.7.6, the security fix for CVE-2016-6811 is ...)
- hadoop <itp> (bug #793644)
-CVE-2018-11765
- RESERVED
-CVE-2018-11764
- RESERVED
+CVE-2018-11765 (In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 ...)
+ - hadoop <itp> (bug #793644)
+CVE-2018-11764 (Web endpoint authentication check is broken in Apache Hadoop 3.0.0-alp ...)
+ - hadoop <itp> (bug #793644)
CVE-2018-11763 (In Apache HTTP Server 2.4.17 to 2.4.34, by sending continuous, large S ...)
- apache2 2.4.35-1 (bug #909591)
[stretch] - apache2 2.4.25-3+deb9u6
@@ -27617,12 +27614,14 @@ CVE-2018-10895 (qutebrowser before version 1.4.1 is vulnerable to a cross-site r
CVE-2018-10894 (It was found that SAML authentication in Keycloak 3.4.3.Final incorrec ...)
NOT-FOR-US: Keycloak
CVE-2018-10893 (Multiple integer overflow and buffer overflow issues were discovered i ...)
- - spice-gtk <unfixed> (bug #904161)
+ - spice-gtk 0.37-1 (bug #904161)
[buster] - spice-gtk <no-dsa> (Minor issue)
[stretch] - spice-gtk <no-dsa> (Minor issue)
[jessie] - spice-gtk <no-dsa> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1598234
NOTE: Ongoing patch review: https://lists.freedesktop.org/archives/spice-devel/2018-July/044489.html
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/3050b4e1f6f39c1a9f8a286791d06705fce1ecb7
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/5173ff871a7df11e230124b4d1724653ebaa7134
CVE-2018-10892 (The default OCI linux spec in oci/defaults{_linux}.go in Docker/Moby f ...)
[experimental] - docker.io 18.06.0+dfsg1-1
- docker.io 18.06.1+dfsg1-1 (bug #908057)
@@ -28500,8 +28499,8 @@ CVE-2018-10587 (NetGain Enterprise Manager (EM) is affected by OS Command Inject
NOT-FOR-US: NetGain Enterprise Manager
CVE-2018-10586 (NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-S ...)
NOT-FOR-US: NetGain Enterprise Manager
-CVE-2018-10585
- RESERVED
+CVE-2018-10585 (Pexip Infinity before 18 allows remote Denial of Service (XML parsing) ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2018-10584
RESERVED
CVE-2018-10583 (An information disclosure vulnerability occurs when LibreOffice 6.0.3 ...)
@@ -28901,8 +28900,8 @@ CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM g
- xen 4.8.3+xsa262+shim4.10.0+comet3-1+deb9u6
[wheezy] - xen <not-affected> (No QMP support in wheezy)
NOTE: https://xenbits.xen.org/xsa/advisory-258.html
-CVE-2018-10432
- RESERVED
+CVE-2018-10432 (Pexip Infinity before 18 allows Remote Denial of Service (TLS handshak ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2018-10431 (D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell me ...)
NOT-FOR-US: D-Link
CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a ...)
@@ -32543,8 +32542,8 @@ CVE-2018-8958
CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related ...)
NOT-FOR-US: CoverCMS
CVE-2018-8956 (ntpd in ntp 4.2.8p10, 4.2.8p11, 4.2.8p12 and 4.2.8p13 allow remote att ...)
- - ntp <unfixed> (low)
- [buster] - ntp <no-dsa> (Minor issue)
+ - ntp 1:4.2.8p14+dfsg-1 (low)
+ [buster] - ntp <ignored> (Minor issue)
[stretch] - ntp <no-dsa> (Minor issue)
[jessie] - ntp <postponed> (Minor issue, requires being part of same broadcast network, no patch)
- ntpsec <not-affected> (Broadcast mode not present, see #961748)
@@ -32853,9 +32852,7 @@ CVE-2018-8833 (Heap-based buffer overflow vulnerabilities in Advantech WebAccess
CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable JavaScr ...)
NOT-FOR-US: enhavo
CVE-2018-8831 (A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through ...)
- - kodi <unfixed> (low)
- [buster] - kodi <ignored> (Minor issue)
- [stretch] - kodi <ignored> (Minor issue)
+ - kodi <not-affected> (Chorus not included in Kodi as shipped in Debian)
- xbmc <removed>
[jessie] - xbmc <no-dsa> (Minor issue)
[wheezy] - xbmc <no-dsa> (Minor issue)
@@ -34648,8 +34645,8 @@ CVE-2018-8064
RESERVED
CVE-2018-8063
RESERVED
-CVE-2018-8062
- RESERVED
+CVE-2018-8062 (A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devic ...)
+ NOT-FOR-US: Comtrend
CVE-2018-8061 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...)
NOT-FOR-US: HWiNFO AMD64 Kernel driver
CVE-2018-8060 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an unprivileg ...)
@@ -36013,9 +36010,8 @@ CVE-2018-7579 (\application\admin\controller\update_urls.class.php in YzmCMS 3.6
CVE-2018-7578
RESERVED
CVE-2018-7577 (Memcpy parameter overlap in Google Snappy library 1.1.4, as used in Go ...)
- - snappy <undetermined>
+ - tensorflow <itp> (bug #804612)
NOTE: https://github.com/tensorflow/tensorflow/blob/master/tensorflow/security/advisory/tfsa-2018-005.md
- NOTE: There are no useful details, could just as well be a misuse of snappy by Tensorflow
CVE-2018-7576 (Google TensorFlow 1.6.x and earlier is affected by: Null Pointer Deref ...)
- tensorflow <itp> (bug #804612)
CVE-2018-7575 (Google TensorFlow 1.7.x and earlier is affected by a Buffer Overflow v ...)
@@ -36858,11 +36854,11 @@ CVE-2018-7306
CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to arbitra ...)
NOT-FOR-US: MyBB
CVE-2018-7304 (Tiki 17.1 does not validate user input for special characters; consequ ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port witho ...)
NOT-FOR-US: eQ-3 AG HomeMatic CCU2 2.29.22 devices
CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in ...)
@@ -36886,7 +36882,7 @@ CVE-2018-7292
CVE-2018-7291
RESERVED
CVE-2018-7290 (Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, an ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...)
NOT-FOR-US: Armadito
CVE-2018-7288
@@ -36966,7 +36962,7 @@ CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
- - rubygems <removed>
+ - rubygems <unfixed>
[wheezy] - rubygems <not-affected> (Vulnerable code not present)
- jruby 9.1.17.0-1 (bug #895778)
[jessie] - jruby <not-affected> (Vulnerable code not present)
@@ -36980,7 +36976,7 @@ CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -36990,7 +36986,7 @@ CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -37000,7 +36996,7 @@ CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -37010,7 +37006,7 @@ CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.3 <removed>
- ruby2.1 <removed>
- ruby1.9.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
@@ -37021,7 +37017,7 @@ CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
- - rubygems <removed>
+ - rubygems <unfixed>
[wheezy] - rubygems <no-dsa> (Minor issue)
- jruby 9.1.17.0-1 (bug #895778)
NOTE: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d
@@ -37033,7 +37029,7 @@ CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3
- ruby2.1 <removed>
- ruby1.9.1 <removed>
[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code not present)
- - rubygems <removed>
+ - rubygems <unfixed>
[wheezy] - rubygems <not-affected> (Vulnerable code not present)
- jruby 9.1.17.0-2.1 (bug #895778; bug #925986)
[jessie] - jruby <not-affected> (Vulnerable code not present)
@@ -37298,7 +37294,7 @@ CVE-2018-7190
CVE-2018-7189
RESERVED
CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an au ...)
- NOT-FOR-US: Tiki
+ - tikiwiki <removed>
CVE-2018-7187 (The "go get" implementation in Go 1.9.4, when the -insecure command-li ...)
{DSA-4380-1 DSA-4379-1 DLA-1294-1}
- golang-1.10 1.10.1-1
@@ -39336,12 +39332,12 @@ CVE-2018-6451
RESERVED
CVE-2018-6450
RESERVED
-CVE-2018-6449
- RESERVED
-CVE-2018-6448
- RESERVED
-CVE-2018-6447
- RESERVED
+CVE-2018-6449 (Host Header Injection vulnerability in the http management interface i ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2018-6448 (A vulnerability in the management interface in Brocade Fabric OS Versi ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2018-6447 (A Reflective XSS Vulnerability in HTTP Management Interface in Brocade ...)
+ NOT-FOR-US: Brocade Fabric OS
CVE-2018-6446 (A vulnerability in Brocade Network Advisor Version Before 14.3.1 could ...)
NOT-FOR-US: Brocade
CVE-2018-6445 (A Vulnerability in Brocade Network Advisor versions before 14.0.3 coul ...)
@@ -39500,7 +39496,7 @@ CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL
- mantis <removed>
[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
NOTE: https://mantisbt.org/bugs/view.php?id=23908
-CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid me ...)
+CVE-2018-6381 (In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64 and 0.13.63 there is a s ...)
{DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #889096)
[stretch] - zziplib 0.13.62-3.2~deb9u1
@@ -42531,10 +42527,10 @@ CVE-2018-5356
RESERVED
CVE-2018-5355
RESERVED
-CVE-2018-5354
- RESERVED
-CVE-2018-5353
- RESERVED
+CVE-2018-5354 (The custom GINA/CP module in ANIXIS Password Reset Client before versi ...)
+ NOT-FOR-US: ANIXIS
+CVE-2018-5353 (The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus befo ...)
+ NOT-FOR-US: Zoho ManageEngine
CVE-2018-5352
RESERVED
CVE-2018-5351
@@ -52644,11 +52640,13 @@ CVE-2018-1099 (DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An a
- etcd <unfixed> (low; bug #921156)
[buster] - etcd <no-dsa> (Minor issue)
NOTE: https://github.com/coreos/etcd/issues/9353
+ NOTE: https://github.com/etcd-io/etcd/pull/9372
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552717
CVE-2018-1098 (A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. ...)
- etcd <unfixed> (low; bug #921156)
[buster] - etcd <no-dsa> (Minor issue)
NOTE: https://github.com/coreos/etcd/issues/9353
+ NOTE: https://github.com/etcd-io/etcd/pull/9372
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552714
CVE-2018-1097 (A flaw was found in foreman before 1.16.1. The issue allows users with ...)
- foreman <itp> (bug #663101)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 758ee66..1d9674c 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,6 +1,43 @@
+CVE-2019-20932
+ RESERVED
+CVE-2019-20931
+ RESERVED
+CVE-2019-20930
+ RESERVED
+CVE-2019-20929
+ RESERVED
+CVE-2019-20928
+ RESERVED
+CVE-2019-20927
+ RESERVED
+CVE-2019-20926
+ RESERVED
+CVE-2019-20925
+ RESERVED
+CVE-2019-20924
+ RESERVED
+CVE-2019-20923
+ RESERVED
+CVE-2019-20922 (Handlebars before 4.4.5 allows Regular Expression Denial of Service (R ...)
+ - node-handlebars <not-affected> (Introduced in 4.4.4 and fixed in 4.4.5, no vulnerable version uploaded)
+ - libjs-handlebars <not-affected> (Introduced in 4.4.4 and fixed in 4.4.5, no vulnerable version uploaded)
+ NOTE: https://github.com/handlebars-lang/handlebars.js/issues/1579
+ NOTE: https://github.com/handlebars-lang/handlebars.js/commit/8d5530ee2c3ea9f0aee3fde310b9f36887d00b8b
+ NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388
+ NOTE: https://www.npmjs.com/advisories/1300
+CVE-2019-20921 (bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It d ...)
+ NOT-FOR-US: bootstrap-select
+CVE-2019-20920 (Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrar ...)
+ - node-handlebars 3:4.5.3-1
+ - libjs-handlebars <removed>
+ [stretch] - libjs-handlebars <no-dsa> (Only reverse depends was diaspora which not in stretch)
+ NOTE: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
+ NOTE: https://www.npmjs.com/advisories/1316
+ NOTE: https://www.npmjs.com/advisories/1324
CVE-2019-20919 (An issue was discovered in the DBI module before 1.643 for Perl. The h ...)
+ {DLA-2386-1}
- libdbi-perl 1.643-1
- [buster] - libdbi-perl <no-dsa> (Minor issue)
+ [buster] - libdbi-perl 1.642-1+deb10u1
NOTE: https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff
CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence module ...)
- inspircd <not-affected> (Only affected 3.0.0 and 3.0.1)
@@ -63,10 +100,10 @@ CVE-2019-20905
RESERVED
CVE-2019-20904
RESERVED
-CVE-2019-20903
- RESERVED
-CVE-2019-20902
- RESERVED
+CVE-2019-20903 (The hyperlinks functionality in atlaskit/editor-core in before version ...)
+ NOT-FOR-US: Atlassian
+CVE-2019-20902 (Upgrading Crowd via XML Data Transfer can reactivate a disabled user f ...)
+ NOT-FOR-US: Atlassian
CVE-2019-20901 (The login.jsp resource in Jira before version 8.5.2, and from version ...)
NOT-FOR-US: Atlassian
CVE-2019-20900 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
@@ -212,7 +249,7 @@ CVE-2019-20840 (An issue was discovered in LibVNCServer before 0.9.13. libvncser
CVE-2019-20839 (libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer over ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/3fd03977c9b35800d73a865f167338cb4d05b0c1
CVE-2019-20838 (libpcre in PCRE before 8.43 allows a subject buffer over-read in JIT w ...)
- pcre3 <unfixed> (unimportant)
@@ -691,35 +728,35 @@ CVE-2019-20633 (GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Fr
- patch <not-affected> (Incomplete fix for CVE-2018-6952 not applied)
NOTE: https://savannah.gnu.org/bugs/index.php?56683
CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
NOTE: https://github.com/gpac/gpac/issues/1271
CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
NOTE: https://github.com/gpac/gpac/issues/1270
CVE-2019-20630 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/1ab4860609f2e7a35634930571e7d0531297e090
NOTE: https://github.com/gpac/gpac/issues/1268
CVE-2019-20629 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <ignored> (Minor issue)
NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7
NOTE: https://github.com/gpac/gpac/issues/1264
CVE-2019-20628 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <ignored> (Minor issue)
@@ -1409,9 +1446,10 @@ CVE-2019-20354 (The web application component of piSignage before 2.6.4 allows a
CVE-2019-20353
RESERVED
CVE-2019-20352 (In Netwide Assembler (NASM) 2.15rc0, a heap-based buffer over-read occ ...)
- - nasm <unfixed> (unimportant)
+ - nasm 2.15.04-1 (unimportant)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392636
NOTE: Crash in CLI tool, no security impact
+ NOTE: https://github.com/netwide-assembler/nasm/commit/7c88289e222dc5ef9f53f9e86ecaab1924744b88 (nasm-2.15.04rc6)
CVE-2019-20351
RESERVED
CVE-2019-20350
@@ -1717,7 +1755,7 @@ CVE-2019-20209 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and E
NOT-FOR-US: themes for WordPress
CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based ...)
{DLA-2072-1}
- - gpac <unfixed>
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1348
@@ -1821,7 +1859,7 @@ CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
NOTE: https://github.com/gpac/gpac/commit/2bcca3f1d4605100bb27d3ed7be25b53cddbc75c
CVE-2019-20170 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed> (low)
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1328
@@ -1847,7 +1885,7 @@ CVE-2019-20166 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2)
CVE-2019-20165 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed> (low)
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1338
@@ -1858,21 +1896,21 @@ CVE-2019-20164 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-developm
NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #2)
CVE-2019-20163 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed> (low)
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1335
NOTE: https://github.com/gpac/gpac/commit/5250afecbc770c8f26829e9566d5b226a3c5fa80 (chunk #4)
CVE-2019-20162 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed>
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1327
NOTE: https://github.com/gpac/gpac/commit/3c0ba42546c8148c51169c3908e845c308746c77
CVE-2019-20161 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
{DLA-2072-1}
- - gpac <unfixed>
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
NOTE: https://github.com/gpac/gpac/issues/1320
@@ -2054,7 +2092,7 @@ CVE-2019-20094 (An issue was discovered in libsixel 1.8.4. There is a heap-based
NOTE: https://github.com/saitoha/libsixel/commit/a18b3789cfd147028403c17fe79a43b169d8f034
CVE-2019-20093 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
- libpodofo <unfixed>
- [buster] - libpodofo <no-dsa> (Minor issue)
+ [buster] - libpodofo <ignored> (Minor issue)
[stretch] - libpodofo <no-dsa> (Minor issue)
[jessie] - libpodofo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/podofo/tickets/75/
@@ -2248,6 +2286,7 @@ CVE-2019-20021 (A heap-based buffer over-read was discovered in canUnpack in p_m
NOTE: https://github.com/upx/upx/issues/315
NOTE: https://github.com/upx/upx/commit/819c33fee2b2c33b96bef27a13cb20f2589819aa
CVE-2019-20020 (A stack-based buffer over-read was discovered in ReadNextStructField i ...)
+ [experimental] - libmatio 1.5.18-1
- libmatio <unfixed>
[buster] - libmatio <no-dsa> (Minor issue)
[stretch] - libmatio <no-dsa> (Minor issue)
@@ -2260,12 +2299,14 @@ CVE-2019-20019 (An attempted excessive memory allocation was discovered in Mat_V
[jessie] - libmatio <no-dsa> (Minor issue)
NOTE: https://github.com/tbeu/matio/issues/130
CVE-2019-20018 (A stack-based buffer over-read was discovered in ReadNextCell in mat5. ...)
+ [experimental] - libmatio 1.5.18-1
- libmatio <unfixed>
[buster] - libmatio <no-dsa> (Minor issue)
[stretch] - libmatio <no-dsa> (Minor issue)
[jessie] - libmatio <no-dsa> (Minor issue)
NOTE: https://github.com/tbeu/matio/issues/129
CVE-2019-20017 (A stack-based buffer over-read was discovered in Mat_VarReadNextInfo5 ...)
+ [experimental] - libmatio 1.5.18-1
- libmatio <unfixed>
[buster] - libmatio <no-dsa> (Minor issue)
[stretch] - libmatio <no-dsa> (Minor issue)
@@ -2485,7 +2526,7 @@ CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict
NOT-FOR-US: JFrog Artifactory
CVE-2019-19936
RESERVED
-CVE-2019-19935 (Froala Editor before 3.0.6 allows XSS. ...)
+CVE-2019-19935 (Froala Editor before 3.2.2 allows XSS. ...)
NOT-FOR-US: Froala Editor
CVE-2019-19934
RESERVED
@@ -2523,7 +2564,7 @@ CVE-2019-19925 (zipfileUpdate in ext/misc/zipfile.c in SQLite 3.30.1 mishandles
NOTE: https://github.com/sqlite/sqlite/commit/54d501092d88c0cf89bec4279951f548fb0b8618
CVE-2019-19924 (SQLite 3.30.1 mishandles certain parser-tree rewriting, related to exp ...)
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <ignored> (Minor issue)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/sqlite/sqlite/commit/8654186b0236d556aa85528c2573ee0b6ab71be3
@@ -2553,13 +2594,13 @@ CVE-2019-19919 (Versions of handlebars prior to 4.3.0 are vulnerable to Prototyp
[buster] - node-handlebars 3:4.1.0-1+deb10u1
NOTE: https://www.npmjs.com/advisories/1164
CVE-2019-19918 (Lout 3.40 has a heap-based buffer overflow in the srcnext() function i ...)
- - lout <unfixed> (bug #947113)
+ - lout <removed> (bug #947113)
[buster] - lout <no-dsa> (Minor issue)
[stretch] - lout <no-dsa> (Minor issue)
[jessie] - lout <ignored> (Minor issue)
NOTE: https://lists.gnu.org/archive/html/lout-users/2019-12/msg00001.html
CVE-2019-19917 (Lout 3.40 has a buffer overflow in the StringQuotedWord() function in ...)
- - lout <unfixed> (bug #947113)
+ - lout <removed> (bug #947113)
[buster] - lout <no-dsa> (Minor issue)
[stretch] - lout <no-dsa> (Minor issue)
[jessie] - lout <ignored> (Minor issue)
@@ -2642,8 +2683,8 @@ CVE-2019-19886 (Trustwave ModSecurity 3.0.0 through 3.0.3 allows an attacker to
[buster] - modsecurity 3.0.3-1+deb10u1
NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2202
NOTE: https://github.com/SpiderLabs/ModSecurity/commit/7ba77631f9a37e0680d23ee57c455c6a35c65cb9
-CVE-2019-19885
- RESERVED
+CVE-2019-19885 (In Bender COMTRAXX, user authorization is validated for most, but not ...)
+ NOT-FOR-US: Bender COMTRAXX
CVE-2019-19884
RESERVED
CVE-2019-19883
@@ -2844,14 +2885,19 @@ CVE-2019-19818 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.
CVE-2019-19817 (The JBIG2Decode library in npdf.dll in Nitro Free PDF Reader 12.0.0.11 ...)
NOT-FOR-US: JBIG2Globals library in npdf.dll in Nitro Free PDF Reader
CVE-2019-19816 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image ...)
+ {DLA-2385-1}
- linux 5.2.6-1
NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
CVE-2019-19815 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
- linux 5.3.7-1
+ [buster] - linux 4.19.67-1
+ [stretch] - linux 4.9.184-1
CVE-2019-19814 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem image c ...)
- linux <unfixed>
CVE-2019-19813 (In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, ...)
+ {DLA-2385-1}
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/6bf9e4bd6a277840d3fe8c5d5d530a1fbd3db592
CVE-2019-19812
RESERVED
@@ -3294,7 +3340,7 @@ CVE-2019-19646 (pragma.c in SQLite through 3.30.1 mishandles NOT NULL in an inte
NOTE: https://github.com/sqlite/sqlite/commit/ebd70eedd5d6e6a890a670b5ee874a5eae86b4dd
CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger infinite ...)
- sqlite3 3.30.1+fossil191229-1 (bug #946612)
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <ignored> (Minor issue, too intrusive to backport)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
@@ -3381,9 +3427,8 @@ CVE-2019-19619 (domain/section/markdown/markdown.go in Documize before 3.5.1 mis
CVE-2019-19618
RESERVED
CVE-2019-19617 (phpMyAdmin before 4.9.2 does not escape certain Git information, relat ...)
- {DLA-2024-1}
+ {DLA-2413-1 DLA-2024-1}
- phpmyadmin 4:4.9.2+dfsg1-1
- [stretch] - phpmyadmin <no-dsa> (Minor issue)
NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9
CVE-2019-19616 (An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia ...)
NOT-FOR-US: Microsoft Dynamics NAV
@@ -3425,7 +3470,7 @@ CVE-2019-19604 (Arbitrary command execution is possible in Git before 2.20.2, 2.
NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1
CVE-2019-19603 (SQLite 3.30.1 mishandles certain SELECT statements with a nonexistent ...)
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <ignored> (Minor issue, too intrusive to backport)
[stretch] - sqlite3 <not-affected> (vulnerable code not present)
[jessie] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://github.com/sqlite/sqlite/commit/527cbd4a104cb93bf3994b3dd3619a6299a78b13
@@ -3464,7 +3509,7 @@ CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the var
[jessie] - radare2 <no-dsa> (Minor issue)
NOTE: https://github.com/radareorg/radare2/issues/15543
NOTE: https://github.com/radareorg/radare2/commit/9bbc63ffa0e93aa054e262cdfb973326935a2d70
-CVE-2019-19589 (The Lever PDF Embedder plugin 4.4 for WordPress does not block the dis ...)
+CVE-2019-19589 (** DISPUTED ** The Lever PDF Embedder plugin 4.4 for WordPress does no ...)
NOT-FOR-US: Lever PDF Embedder plugin for WordPress
CVE-2019-19588 (The validators package 0.12.2 through 0.12.5 for Python enters an infi ...)
NOT-FOR-US: validators Python package
@@ -3717,8 +3762,8 @@ CVE-2019-19515 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in w
NOT-FOR-US: Ayision
CVE-2019-19514 (Ayision Ays-WR01 v28K.RPT.20161224 devices allow stored XSS in basic r ...)
NOT-FOR-US: Ayision
-CVE-2019-19513
- RESERVED
+CVE-2019-19513 (The BASSMIDI plugin 2.4.12.1 for Un4seen BASS Audio Library on Windows ...)
+ NOT-FOR-US: BASS Audio Library
CVE-2019-19512
RESERVED
CVE-2019-19511
@@ -3876,7 +3921,9 @@ CVE-2019-19449 (In the Linux kernel 5.0.21, mounting a crafted f2fs filesystem i
- linux <unfixed>
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19449
CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesy ...)
+ {DLA-2385-1}
- linux 5.7.17-1
+ [buster] - linux 4.19.146-1
NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448
CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, ...)
{DLA-2241-1 DLA-2114-1}
@@ -3991,8 +4038,8 @@ CVE-2019-19395
RESERVED
CVE-2019-19394 (Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x bef ...)
NOT-FOR-US: CFEngine Enterprise
-CVE-2019-19393
- RESERVED
+CVE-2019-19393 (The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to ...)
+ NOT-FOR-US: Rittal
CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...)
NOT-FOR-US: forDNN.UsersExportImport module for DNN
CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...)
@@ -4348,7 +4395,6 @@ CVE-2019-19260 (GitLab Community Edition (CE) and Enterprise Edition (EE) throug
[buster] - gitlab-workhorse <ignored> (Minor issue)
[stretch] - gitlab-workhorse <ignored> (Minor issue)
[experimental] - gitaly 1.65.2+dfsg-1
- - gitaly <unfixed>
NOTE: https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
CVE-2019-19259 (GitLab Enterprise Edition (EE) 11.3 and later through 12.5 allows an I ...)
- gitlab <not-affected> (Only affects Gitlab EE)
@@ -4399,16 +4445,16 @@ CVE-2019-19246 (Oniguruma through 6.9.3, as used in PHP 7.3.x and other products
CVE-2019-19245 (NAPC Xinet Elegant 6 Asset Library 6.1.655 allows Pre-Authentication S ...)
NOT-FOR-US: NAPC Xinet Elegant 6 Asset Library
CVE-2019-19244 (sqlite3Select in select.c in SQLite 3.30.1 allows a crash if a sub-sel ...)
- - sqlite3 3.30.1+fossil191229-1 (bug #946656)
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ - sqlite3 3.30.1+fossil191229-1 (unimportant; bug #946656)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code, i.e. window functions, not present)
NOTE: https://github.com/sqlite/sqlite/commit/e59c562b3f6894f84c715772c4b116d7b5c01348
+ NOTE: Only triggerable with SQLITE_DEBUG, which Debian builds don't use
CVE-2019-19243
RESERVED
CVE-2019-19242 (SQLite 3.30.1 mishandles pExpr-&gt;y.pTab, as demonstrated by the TK_C ...)
- sqlite3 3.30.1+fossil191229-1
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <not-affected> (Vulnerable code not present)
[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
NOTE: https://github.com/sqlite/sqlite/commit/57f7ece78410a8aae86aa4625fb7556897db384c
@@ -4526,10 +4572,10 @@ CVE-2019-19202 (In Vtiger 7.x before 7.2.0, the My Preferences saving functional
NOT-FOR-US: Vtiger CRM
CVE-2019-19201
RESERVED
-CVE-2019-19200
- RESERVED
-CVE-2019-19199
- RESERVED
+CVE-2019-19200 (REDDOXX MailDepot 2032 2.2.1242 allows authenticated users to access t ...)
+ NOT-FOR-US: REDDOXX MailDepot
+CVE-2019-19199 (REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiratio ...)
+ NOT-FOR-US: REDDOXX MailDepot
CVE-2019-19198 (The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS. ...)
NOT-FOR-US: Scoutnet Kalender plugin for WordPress
CVE-2019-19197 (IOCTL Handling in the kyrld.sys driver in Kyrol Internet Security 9.0. ...)
@@ -4716,8 +4762,8 @@ CVE-2019-19117 (/usr/lib/lua/luci/controller/admin/autoupgrade.lua on PHICOMM K2
NOT-FOR-US: PHICOMM K2(PSG1218) devices
CVE-2019-19116
RESERVED
-CVE-2019-19115
- RESERVED
+CVE-2019-19115 (An escalation of privilege vulnerability in Nahimic APO Software Compo ...)
+ NOT-FOR-US: Nahimic APO Software Component Driver
CVE-2019-19114
RESERVED
CVE-2019-19113 (main/resources/mapper/NewBeeMallGoodsMapper.xml in newbee-mall (aka Ne ...)
@@ -4790,6 +4836,7 @@ CVE-2019-19083 (Memory leaks in *clock_source_create() functions under drivers/g
NOTE: https://git.kernel.org/linus/055e547478a11a6360c7ce05e2afc3e366968a12
CVE-2019-19082 (Memory leaks in *create_resource_pool() functions under drivers/gpu/dr ...)
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/104c307147ad379617472dd91a5bcb368d72bd6d
@@ -4834,12 +4881,15 @@ CVE-2019-19075 (A memory leak in the ca8210_probe() function in drivers/net/ieee
NOTE: https://git.kernel.org/linus/6402939ec86eaf226c8b8ae00ed983936b164908
CVE-2019-19074 (A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ ...)
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/728c1e2a05e4b5fc52fab3421dce772a806612a2
CVE-2019-19073 (Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux ...)
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/853acf7caf10b828102d92d05b5c101666a6142b
CVE-2019-19072 (A memory leak in the predicate_parse() function in kernel/trace/trace_ ...)
- linux 5.4.6-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/96c5c6e6a5b6db592acae039fed54b5c8844cd35
@@ -4864,6 +4914,7 @@ CVE-2019-19068 (A memory leak in the rtl8xxxu_submit_int_urb() function in drive
[jessie] - linux <not-affected> (Vulnerable code not present)
CVE-2019-19067 (** DISPUTED ** Four memory leaks in the acp_hw_init() function in driv ...)
- linux 5.3.9-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/57be09c6e8747bf48704136d9e3f92bfb93f5725
CVE-2019-19066 (A memory leak in the bfad_im_get_stats() function in drivers/scsi/bfa/ ...)
{DLA-2114-1 DLA-2068-1}
@@ -4889,6 +4940,7 @@ CVE-2019-19062 (A memory leak in the crypto_report() function in crypto/crypto_u
[stretch] - linux 4.9.210-1
CVE-2019-19061 (A memory leak in the adis_update_scan_mode_burst() function in drivers ...)
- linux 5.3.9-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/9c0530e898f384c5d279bfcebd8bb17af1105873
CVE-2019-19060 (A memory leak in the adis_update_scan_mode() function in drivers/iio/i ...)
- linux 5.3.9-1 (unimportant)
@@ -4924,6 +4976,7 @@ CVE-2019-19055 (** DISPUTED ** A memory leak in the nl80211_get_ftm_responder_st
NOTE: https://git.kernel.org/linus/1399c59fa92984836db90538cf92397fe7caaa57
CVE-2019-19054 (A memory leak in the cx23888_ir_probe() function in drivers/media/pci/ ...)
- linux 5.5.13-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: Memory leak on probe only.
CVE-2019-19053 (A memory leak in the rpmsg_eptdev_write_iter() function in drivers/rpm ...)
- linux 5.4.13-1
@@ -5110,12 +5163,12 @@ CVE-2019-18993 (OpenWrt 18.06.4 allows XSS via the "New port forward" Name field
NOT-FOR-US: OpenWrt
CVE-2019-18992 (OpenWrt 18.06.4 allows XSS via these Name fields to the cgi-bin/luci/a ...)
NOT-FOR-US: OpenWrt
-CVE-2019-18991
- RESERVED
-CVE-2019-18990
- RESERVED
-CVE-2019-18989
- RESERVED
+CVE-2019-18991 (A partial authentication bypass vulnerability exists on Atheros AR9132 ...)
+ NOT-FOR-US: Atheros devices
+CVE-2019-18990 (A partial authentication bypass vulnerability exists on Realtek RTL881 ...)
+ NOT-FOR-US: Realtek devices
+CVE-2019-18989 (A partial authentication bypass vulnerability exists on Mediatek MT762 ...)
+ NOT-FOR-US: Mediatek devices
CVE-2019-18988 (TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login a ...)
NOT-FOR-US: TeamViewer
CVE-2019-18987 (An issue was discovered in the AbuseFilter extension through 1.34 for ...)
@@ -5137,7 +5190,7 @@ CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9
CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine fla ...)
NOT-FOR-US: Adaware
CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...)
- {DLA-2096-1}
+ {DLA-2389-1 DLA-2096-1}
- ruby-rack-cors 1.1.1-1 (bug #944849)
NOTE: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4
@@ -5475,6 +5528,7 @@ CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the v
[stretch] - tnef <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/verdammelt/tnef/pull/40
CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count during ...)
+ {DLA-2390-1}
- ruby-json-jwt 1.11.0-1 (bug #944850)
NOTE: https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a
CVE-2019-18847 (Enterprise Access Client Auto-Updater allows for Remote Code Execution ...)
@@ -5597,6 +5651,7 @@ CVE-2019-18809 (A memory leak in the af9005_identify_state() function in drivers
[jessie] - linux <not-affected> (Bug introduced later)
CVE-2019-18808 (A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ ...)
- linux 5.5.13-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: Not a valid issue
CVE-2019-18807 (Two memory leaks in the sja1105_static_config_upload() function in dri ...)
- linux 5.3.7-1
@@ -5646,12 +5701,12 @@ CVE-2019-18797 (LibSass 3.6.1 has uncontrolled recursion in Sass::Eval::operator
[buster] - libsass <no-dsa> (Minor issue)
[stretch] - libsass <no-dsa> (Minor issue)
NOTE: https://github.com/sass/libsass/issues/3000
-CVE-2019-18796
- RESERVED
-CVE-2019-18795
- RESERVED
-CVE-2019-18794
- RESERVED
+CVE-2019-18796 (The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamC ...)
+ NOT-FOR-US: BASS Audio Library
+CVE-2019-18795 (The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamC ...)
+ NOT-FOR-US: BASS Audio Library
+CVE-2019-18794 (The BASS Audio Library 2.4.14 under Windows is prone to a BASS_StreamC ...)
+ NOT-FOR-US: BASS Audio Library
CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/help/inde ...)
NOT-FOR-US: Parallels Plesk Panel
CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to bypass/ev ...)
@@ -5669,7 +5724,7 @@ CVE-2019-18791 (Lexmark printer MS812 and multiple older generation Lexmark devi
CVE-2019-18790 (An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13. ...)
{DLA-2017-1}
- asterisk 1:16.10.0~dfsg-1 (bug #947381)
- [buster] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
[stretch] - asterisk <no-dsa> (Minor issue)
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-006.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28589
@@ -6096,7 +6151,7 @@ CVE-2019-18611 (An issue was discovered in the CheckUser extension through 1.34
CVE-2019-18610 (An issue was discovered in manager.c in Sangoma Asterisk through 13.x, ...)
{DLA-2017-1}
- asterisk 1:16.10.0~dfsg-1 (bug #947377)
- [buster] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
[stretch] - asterisk <no-dsa> (Minor issue)
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-007.html
NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-28580
@@ -6900,13 +6955,13 @@ CVE-2019-18278 (When executing VideoLAN VLC media player 3.0.8 with libqt on Win
NOT-FOR-US: VLC on Windows
CVE-2019-18277 (A flaw was found in HAProxy before 2.0.6. In legacy mode, messages fea ...)
- haproxy 2.0.6-1
- [buster] - haproxy <no-dsa> (Minor issue)
+ [buster] - haproxy 1.8.19-1+deb10u3
[stretch] - haproxy <no-dsa> (Minor issue)
[jessie] - haproxy <no-dsa> (Minor issue)
NOTE: https://git.haproxy.org/?p=haproxy-2.0.git;a=commit;h=196a7df44d8129d1adc795da020b722614d6a581
NOTE: https://nathandavison.com/blog/haproxy-http-request-smuggling
CVE-2019-18276 (An issue was discovered in disable_priv_mode in shell.c in GNU Bash th ...)
- - bash <unfixed> (unimportant)
+ - bash 5.1~rc1-2 (unimportant)
NOTE: https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaad7a18cc0dc1036bba86b18b90874d39ff
NOTE: https://savannah.gnu.org/patch/?9822
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1158028
@@ -8203,8 +8258,8 @@ CVE-2019-17642 (An issue was discovered in Centreon before 18.10.8, 19.10.1, and
- centreon-web <itp> (bug #913903)
CVE-2019-17641
RESERVED
-CVE-2019-17640
- RESERVED
+CVE-2019-17640 (In Eclipse Vert.x 3.4.x up to 3.9.4, 4.0.0.milestone1, 4.0.0.milestone ...)
+ NOT-FOR-US: Eclipse Vert.x
CVE-2019-17639 (In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling th ...)
NOT-FOR-US: IBM JDK specific issue on on AIX and Linux on the Power platform
CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521, in ca ...)
@@ -8214,6 +8269,7 @@ CVE-2019-17638 (In Eclipse Jetty, versions 9.4.27.v20200227 to 9.4.29.v20200521,
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=564984
NOTE: https://github.com/eclipse/jetty.project/issues/4936
CVE-2019-17637 (In all versions of Eclipse Web Tools Platform through release 3.18 (20 ...)
+ {DLA-2404-1}
- eclipse-wtp 3.18-1
NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=458571
NOTE: http://git.eclipse.org/c/sourceediting/webtools.sourceediting.git/commit/?id=9644d4217cd6e3be367d654a8320104d88ddfd6b
@@ -8497,11 +8553,11 @@ CVE-2019-17563 (When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.
CVE-2019-17562 (A buffer overflow vulnerability has been found in the baremetal compon ...)
NOT-FOR-US: Apache CloudStack
CVE-2019-17561 (The "Apache NetBeans" autoupdate system does not fully validate code s ...)
- - netbeans <unfixed> (unimportant)
- NOTE: Debian packages updated via apt
+ - netbeans 12.1-1 (unimportant)
+ NOTE: Debian packages updated via apt, starting with 12.1 only some classes are shipped
CVE-2019-17560 (The "Apache NetBeans" autoupdate system does not validate SSL certific ...)
- - netbeans <unfixed> (unimportant)
- NOTE: Debian packages updated via apt
+ - netbeans 12.1-1 (unimportant)
+ NOTE: Debian packages updated via apt, starting with 12.1 only some classes are shipped
CVE-2019-17559 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...)
{DSA-4672-1}
- trafficserver 8.0.6+ds-1
@@ -8824,8 +8880,8 @@ CVE-2019-17446 (An issue was discovered in Eracent EPA Agent through 10.2.26. Th
NOT-FOR-US: Eracent EPA Agent
CVE-2019-17445 (An issue was discovered in Eracent EDA, EPA, EPM, EUA, FLW, and SUM Ag ...)
NOT-FOR-US: Eracent EDA, EPA, EPM, EUA, FLW, and SUM Agent
-CVE-2019-17444
- RESERVED
+CVE-2019-17444 (Jfrog Artifactory uses default passwords (such as "password") for admi ...)
+ NOT-FOR-US: JFrog Artifactory
CVE-2019-17443
RESERVED
CVE-2019-17442
@@ -9590,8 +9646,8 @@ CVE-2019-17100 (An Untrusted Search Path vulnerability in bdserviceshost.exe as
NOT-FOR-US: Bitdefender Total Security
CVE-2019-17099 (An Untrusted Search Path vulnerability in EPSecurityService.exe as use ...)
NOT-FOR-US: Bitdefender Endpoint Security Tools
-CVE-2019-17098
- RESERVED
+CVE-2019-17098 (Use of hard-coded cryptographic key vulnerability in August Connect Wi ...)
+ NOT-FOR-US: August Connect Wi-Fi Bridge App
CVE-2019-17097
RESERVED
CVE-2019-17096 (A OS Command Injection vulnerability in the bootstrap stage of Bitdefe ...)
@@ -9901,18 +9957,16 @@ CVE-2019-17008 (When using nested workers, a use-after-free could occur during w
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17008
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17008
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17008
-CVE-2019-17007 [nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS]
- RESERVED
- {DSA-4579-1 DLA-2015-1}
+CVE-2019-17007 (In Network Security Services before 3.44, a malformed Netscape Certifi ...)
+ {DSA-4579-1 DLA-2388-1 DLA-2015-1}
- nss 2:3.45-1
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1798
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1533216
NOTE: https://hg.mozilla.org/projects/nss/rev/1473dd7efe2ce4f8722a33ebb03a3425e09887de
NOTE: Fixed in 3.44 upstream (and there was an upload of 3.44 to unstable
NOTE: but then reverted until the 2:3.45-1 upload).
-CVE-2019-17006 [Check length of inputs for cryptographic primitives]
- RESERVED
- {DSA-4726-1 DLA-2058-1}
+CVE-2019-17006 (In Network Security Services (NSS) before 3.46, several cryptographic ...)
+ {DSA-4726-1 DLA-2388-1 DLA-2058-1}
- nss 2:3.47-1
NOTE: Fixed upstream in NSS 3.46.
NOTE: Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
@@ -11427,7 +11481,7 @@ CVE-2019-16371 (LogMeIn LastPass before 4.33.0 allows attackers to construct a c
NOT-FOR-US: LogMeIn LastPass
CVE-2019-16370 (The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algori ...)
- gradle <unfixed> (low; bug #941186)
- [buster] - gradle <no-dsa> (Minor issue)
+ [buster] - gradle <ignored> (Minor issue)
[stretch] - gradle <no-dsa> (Minor issue)
[jessie] - gradle <postponed> (Minor issue, old gradle mainly used for building Debian packages with apt signatures)
NOTE: https://github.com/gradle/gradle/commit/425b2b7a50cd84106a77cdf1ab665c89c6b14d2f
@@ -11689,7 +11743,7 @@ CVE-2019-16255 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/code-injection-shell-test-cve-2019-16255/
NOTE: ruby2.5: https://github.com/ruby/ruby/commit/3af01ae1101e0b8815ae5a106be64b0e82a58640
CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4 allow ...)
@@ -11697,7 +11751,7 @@ CVE-2019-16254 (Ruby through 2.4.7, 2.5.x through 2.5.6, and 2.6.x through 2.6.4
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
NOTE: https://github.com/ruby/ruby/commit/3ce238b5f9795581eb84114dcfbdf4aa086bfecc
NOTE: https://hackerone.com/reports/331984
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/http-response-splitting-in-webrick-cve-2019-16254/
@@ -11861,10 +11915,10 @@ CVE-2019-16214 (Libra Core before 2019-09-03 has an erroneous regular expression
NOT-FOR-US: Libra
CVE-2019-16213 (Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 could allow a remote authe ...)
NOT-FOR-US: Tenda PA6 Wi-Fi Powerline extender
-CVE-2019-16212
- RESERVED
-CVE-2019-16211
- RESERVED
+CVE-2019-16212 (A vulnerability in Brocade SANnav versions before v2.1.0 could allow a ...)
+ NOT-FOR-US: Brocade SANnav
+CVE-2019-16211 (Brocade SANnav versions before v2.1.0, contain a Plaintext Password St ...)
+ NOT-FOR-US: Brocade SANnav
CVE-2019-16210 (Brocade SANnav versions before v2.0, logs plain text database connecti ...)
NOT-FOR-US: Brocade
CVE-2019-16209 (A vulnerability, in The ReportsTrustManager class of Brocade SANnav ve ...)
@@ -11888,7 +11942,7 @@ CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x throu
- ruby2.5 2.5.7-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - jruby <unfixed>
+ - jruby <unfixed> (bug #972230)
NOTE: https://github.com/ruby/ruby/commit/36e057e26ef2104bc2349799d6c52d22bb1c7d03
NOTE: https://hackerone.com/reports/661722
NOTE: https://www.ruby-lang.org/en/news/2019/10/01/webrick-regexp-digestauth-dos-cve-2019-16201/
@@ -11987,8 +12041,8 @@ CVE-2019-16162 (Onigmo through 6.2.0 has an out-of-bounds read in parse_char_cla
NOT-FOR-US: Onigmo (fork of Oniguruma)
CVE-2019-16161 (Onigmo through 6.2.0 has a NULL pointer dereference in onig_error_code ...)
NOT-FOR-US: Onigmo (fork of Oniguruma)
-CVE-2019-16160
- RESERVED
+CVE-2019-16160 (An integer underflow in the SMB server of MikroTik RouterOS before 6.4 ...)
+ NOT-FOR-US: MikroTik RouterOS
CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 ...)
- bird 1.6.8-1 (bug #939990)
[buster] - bird 1.6.6-1+deb10u1
@@ -12026,6 +12080,7 @@ CVE-2019-16168 (In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c ca
NOTE: https://www.sqlite.org/src/info/e4598ecbdd18bd82945f6029013296690e719a62
NOTE: Fixed by: https://www.sqlite.org/src/info/d93508fc9913cfe6
NOTE: Introduced by: https://www.sqlite.org/src/info/90e36676476e8db0
+ NOTE: https://github.com/sqlite/sqlite/commit/725dd72400872da94dcfb6af48128905b93d57fe
CVE-2019-16148 (Sakai through 12.6 allows XSS via a chat user name. ...)
NOT-FOR-US: Sakai
CVE-2019-16147 (Liferay Portal through 7.2.0 GA1 allows XSS via a journal article titl ...)
@@ -12068,12 +12123,12 @@ CVE-2019-16131 (framework/admin/modulec_control.php in OKLite v1.2.25 has an Arb
NOT-FOR-US: OKLite
CVE-2019-16130 (YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.ph ...)
NOT-FOR-US: YII2-CMS
-CVE-2019-16129
- RESERVED
-CVE-2019-16128
- RESERVED
-CVE-2019-16127
- RESERVED
+CVE-2019-16129 (Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 ...)
+ NOT-FOR-US: Microchip CryptoAuthentication Library CryptoAuthLib
+CVE-2019-16128 (Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 ...)
+ NOT-FOR-US: Microchip CryptoAuthentication Library CryptoAuthLib
+CVE-2019-16127 (Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. ...)
+ NOT-FOR-US: Atmel Advanced Software Framework (ASF) 4
CVE-2019-16126 (Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaSc ...)
NOT-FOR-US: Grav CMS
CVE-2019-16125 (In Jobberbase 2.0, the parameter category is not sanitized in public/p ...)
@@ -12296,30 +12351,30 @@ CVE-2019-16030
RESERVED
CVE-2019-16029 (A vulnerability in the application programming interface (API) of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2019-16028
- RESERVED
+CVE-2019-16028 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ NOT-FOR-US: Cisco
CVE-2019-16027 (A vulnerability in the implementation of the Intermediate System&amp;n ...)
NOT-FOR-US: Cisco
CVE-2019-16026 (A vulnerability in the implementation of the Stream Control Transmissi ...)
NOT-FOR-US: Cisco
-CVE-2019-16025
- RESERVED
+CVE-2019-16025 (A vulnerability in the web framework of Cisco Emergency Responder coul ...)
+ NOT-FOR-US: Cisco
CVE-2019-16024 (A vulnerability in the web-based management interface of Cisco Crosswo ...)
NOT-FOR-US: Cisco
-CVE-2019-16023
- RESERVED
+CVE-2019-16023 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
+ NOT-FOR-US: Cisco
CVE-2019-16022 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
NOT-FOR-US: Cisco
-CVE-2019-16021
- RESERVED
+CVE-2019-16021 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
+ NOT-FOR-US: Cisco
CVE-2019-16020 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
NOT-FOR-US: Cisco
-CVE-2019-16019
- RESERVED
+CVE-2019-16019 (Multiple vulnerabilities in the implementation of Border Gateway Proto ...)
+ NOT-FOR-US: Cisco
CVE-2019-16018 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...)
NOT-FOR-US: Cisco
-CVE-2019-16017
- RESERVED
+CVE-2019-16017 (A vulnerability in the Operations, Administration, Maintenance and Pro ...)
+ NOT-FOR-US: Cisco
CVE-2019-16016
RESERVED
CVE-2019-16015 (A vulnerability in the web-based management interface of the Cisco Dat ...)
@@ -12334,26 +12389,26 @@ CVE-2019-16011 (A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could
NOT-FOR-US: Cisco
CVE-2019-16010 (A vulnerability in the web UI of the Cisco SD-WAN vManage software cou ...)
NOT-FOR-US: Cisco
-CVE-2019-16009
- RESERVED
+CVE-2019-16009 (A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software c ...)
+ NOT-FOR-US: Cisco
CVE-2019-16008 (A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and ...)
NOT-FOR-US: Cisco
-CVE-2019-16007
- RESERVED
+CVE-2019-16007 (A vulnerability in the inter-service communication of Cisco AnyConnect ...)
+ NOT-FOR-US: Cisco
CVE-2019-16006
RESERVED
CVE-2019-16005 (A vulnerability in the web-based management interface of Cisco Webex V ...)
NOT-FOR-US: Cisco
-CVE-2019-16004
- RESERVED
+CVE-2019-16004 (A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signa ...)
+ NOT-FOR-US: Cisco
CVE-2019-16003 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
NOT-FOR-US: Cisco
CVE-2019-16002 (A vulnerability in the vManage web-based UI (web UI) of the Cisco SD-W ...)
NOT-FOR-US: Cisco
CVE-2019-16001 (A vulnerability in the loading mechanism of specific dynamic link libr ...)
NOT-FOR-US: Cisco
-CVE-2019-16000
- RESERVED
+CVE-2019-16000 (A vulnerability in the automatic update process of Cisco Umbrella Roam ...)
+ NOT-FOR-US: Cisco
CVE-2019-15999 (A vulnerability in the application environment of Cisco Data Center Ne ...)
NOT-FOR-US: Cisco
CVE-2019-15998 (A vulnerability in the access-control logic of the NETCONF over Secure ...)
@@ -12366,10 +12421,10 @@ CVE-2019-15995 (A vulnerability in the web UI of Cisco DNA Spaces: Connector cou
NOT-FOR-US: Cisco
CVE-2019-15994 (A vulnerability in the web-based management interface of Cisco Stealth ...)
NOT-FOR-US: Cisco
-CVE-2019-15993
- RESERVED
-CVE-2019-15992
- RESERVED
+CVE-2019-15993 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
+ NOT-FOR-US: Cisco
+CVE-2019-15992 (A vulnerability in the implementation of the Lua interpreter integrate ...)
+ NOT-FOR-US: Cisco
CVE-2019-15991
RESERVED
CVE-2019-15990 (A vulnerability in the web-based management interface of certain Cisco ...)
@@ -12404,8 +12459,8 @@ CVE-2019-15976 (Multiple vulnerabilities in the authentication mechanisms of Cis
NOT-FOR-US: Cisco
CVE-2019-15975 (Multiple vulnerabilities in the authentication mechanisms of Cisco Dat ...)
NOT-FOR-US: Cisco
-CVE-2019-15974
- RESERVED
+CVE-2019-15974 (A vulnerability in the web interface of Cisco Managed Services Acceler ...)
+ NOT-FOR-US: Cisco
CVE-2019-15973 (A vulnerability in the web-based management interface of Cisco Industr ...)
NOT-FOR-US: Cisco
CVE-2019-15972 (A vulnerability in the web-based management interface of Cisco Unified ...)
@@ -12414,8 +12469,8 @@ CVE-2019-15971 (A vulnerability in the MP3 detection engine of Cisco AsyncOS Sof
NOT-FOR-US: Cisco
CVE-2019-15970
RESERVED
-CVE-2019-15969
- RESERVED
+CVE-2019-15969 (A vulnerability in the web-based management interface of Cisco Web Sec ...)
+ NOT-FOR-US: Cisco
CVE-2019-15968 (A vulnerability in the web-based management interface of Cisco Unified ...)
NOT-FOR-US: Cisco
CVE-2019-15967 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
@@ -12426,8 +12481,8 @@ CVE-2019-15965
RESERVED
CVE-2019-15964
RESERVED
-CVE-2019-15963
- RESERVED
+CVE-2019-15963 (A vulnerability in the web-based management interface of Cisco Unified ...)
+ NOT-FOR-US: Cisco
CVE-2019-15962 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
NOT-FOR-US: Cisco
CVE-2019-15961 (A vulnerability in the email parsing module Clam AntiVirus (ClamAV) So ...)
@@ -12438,12 +12493,12 @@ CVE-2019-15961 (A vulnerability in the email parsing module Clam AntiVirus (Clam
NOTE: https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
CVE-2019-15960 (A vulnerability in the Webex Network Recording Admin page of Cisco Web ...)
NOT-FOR-US: Cisco
-CVE-2019-15959
- RESERVED
+CVE-2019-15959 (A vulnerability in Cisco Small Business SPA500 Series IP Phones could ...)
+ NOT-FOR-US: Cisco
CVE-2019-15958 (A vulnerability in the REST API of Cisco Prime Infrastructure (PI) and ...)
NOT-FOR-US: Cisco
-CVE-2019-15957
- RESERVED
+CVE-2019-15957 (A vulnerability in the web-based management interface of certain Cisco ...)
+ NOT-FOR-US: Cisco
CVE-2019-15956 (A vulnerability in the web management interface of Cisco AsyncOS Softw ...)
NOT-FOR-US: Cisco
CVE-2019-15955 (An issue was discovered in Total.js CMS 12.0.0. A low privilege user c ...)
@@ -12952,7 +13007,7 @@ CVE-2019-15769 (The handl-utm-grabber plugin before 2.6.5 for WordPress has CSRF
CVE-2019-15768
RESERVED
CVE-2019-15767 (In GNU Chess 6.2.5, there is a stack-based buffer overflow in the cmd_ ...)
- - gnuchess <unfixed> (unimportant; bug #936023)
+ - gnuchess 6.2.7-1 (unimportant; bug #936023)
NOTE: https://lists.gnu.org/archive/html/bug-gnu-chess/2019-08/msg00004.html
NOTE: Neutralised by toolchain hardening, no security impact
CVE-2019-15766 (The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android al ...)
@@ -13567,12 +13622,12 @@ CVE-2019-15555 (FredReinink Wellness-app before 2019-06-19 allows SQL injection,
NOT-FOR-US: FredReinink Wellness-app
CVE-2019-15554 (An issue was discovered in the smallvec crate before 0.6.10 for Rust. ...)
- rust-smallvec 0.6.10-1
- [buster] - rust-smallvec <no-dsa> (Minor issue)
+ [buster] - rust-smallvec <ignored> (Minor issue)
NOTE: https://github.com/servo/rust-smallvec/issues/149
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0012.html
CVE-2019-15553 (An issue was discovered in the memoffset crate before 0.5.0 for Rust. ...)
- rust-memoffset 0.5.1-1 (bug #936025)
- [buster] - rust-memoffset <no-dsa> (Minor issue)
+ [buster] - rust-memoffset <ignored> (Minor issue)
NOTE: https://github.com/Gilnaa/memoffset/issues/9#issuecomment-505461490
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0011.html
CVE-2019-15552 (An issue was discovered in the libflate crate before 0.1.25 for Rust. ...)
@@ -13582,7 +13637,7 @@ CVE-2019-15552 (An issue was discovered in the libflate crate before 0.1.25 for
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0010.html
CVE-2019-15551 (An issue was discovered in the smallvec crate before 0.6.10 for Rust. ...)
- rust-smallvec 0.6.10-1
- [buster] - rust-smallvec <no-dsa> (Minor issue)
+ [buster] - rust-smallvec <ignored> (Minor issue)
NOTE: https://github.com/servo/rust-smallvec/issues/148
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0009.html
CVE-2019-15550 (An issue was discovered in the simd-json crate before 0.1.15 for Rust. ...)
@@ -13590,10 +13645,10 @@ CVE-2019-15550 (An issue was discovered in the simd-json crate before 0.1.15 for
CVE-2019-15549 (An issue was discovered in the asn1_der crate before 0.6.2 for Rust. A ...)
NOT-FOR-US: Rust crate asn1_der
CVE-2019-15548 (An issue was discovered in the ncurses crate through 5.99.0 for Rust. ...)
- - rust-ncurses <unfixed>
+ - rust-ncurses <unfixed> (bug #972100)
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0006.html
CVE-2019-15547 (An issue was discovered in the ncurses crate through 5.99.0 for Rust. ...)
- - rust-ncurses <unfixed>
+ - rust-ncurses <unfixed> (bug #972100)
NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0006.html
CVE-2019-15546 (An issue was discovered in the pancurses crate through 0.16.1 for Rust ...)
NOT-FOR-US: Rust crate pancurses
@@ -14117,7 +14172,7 @@ CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An authenti
- centreon-web <itp> (bug #913903)
CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allo ...)
- asterisk 1:16.10.0~dfsg-1 (low; bug #940060)
- [buster] - asterisk <no-dsa> (Minor issue)
+ [buster] - asterisk 1:16.2.1~dfsg-1+deb10u2
[stretch] - asterisk <no-dsa> (Minor issue)
[jessie] - asterisk <not-affected> (The vulnerable code is not present)
NOTE: https://downloads.asterisk.org/pub/security/AST-2019-004.html
@@ -14132,20 +14187,20 @@ CVE-2019-15294 (An issue was discovered in Gallagher Command Centre 8.10 before
NOT-FOR-US: Gallagher Command Centre
CVE-2019-15293 (An issue was discovered in ACDSee Photo Studio Standard 22.1 Build 115 ...)
NOT-FOR-US: ACDSee
-CVE-2019-15289
- RESERVED
+CVE-2019-15289 (Multiple vulnerabilities in the video service of Cisco TelePresence Co ...)
+ NOT-FOR-US: Cisco
CVE-2019-15288 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
NOT-FOR-US: Cisco
-CVE-2019-15287
- RESERVED
+CVE-2019-15287 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+ NOT-FOR-US: Cisco
CVE-2019-15286 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
NOT-FOR-US: Cisco
-CVE-2019-15285
- RESERVED
+CVE-2019-15285 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+ NOT-FOR-US: Cisco
CVE-2019-15284 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
NOT-FOR-US: Cisco
-CVE-2019-15283
- RESERVED
+CVE-2019-15283 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...)
+ NOT-FOR-US: Cisco
CVE-2019-15282 (A vulnerability in the web-based management interface of Cisco Identit ...)
NOT-FOR-US: Cisco
CVE-2019-15281 (A vulnerability in the web-based management interface of Cisco Identit ...)
@@ -14254,7 +14309,7 @@ CVE-2019-15238 (The cforms2 plugin before 15.0.2 for WordPress has CSRF related
NOT-FOR-US: Wordpress plugin
CVE-2019-15237 (Roundcube Webmail through 1.3.9 mishandles Punycode xn-- domain names, ...)
- roundcube <unfixed> (low; bug #949629)
- [buster] - roundcube <no-dsa> (Minor issue)
+ [buster] - roundcube <ignored> (Minor issue)
[stretch] - roundcube <no-dsa> (Minor issue)
NOTE: https://github.com/roundcube/roundcubemail/issues/6891
CVE-2019-15236
@@ -14503,7 +14558,7 @@ CVE-2019-15152
RESERVED
CVE-2019-15151 (AdPlug 2.3.1 has a double free in the Cu6mPlayer class in u6m.h. ...)
[experimental] - adplug 2.3.3+dfsg-1
- - adplug <unfixed> (bug #946340)
+ - adplug 2.3.3+dfsg-2 (bug #946340)
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
@@ -15050,7 +15105,7 @@ CVE-2019-14940 (In Storage Performance Development Kit (SPDK) before 19.07, a us
NOT-FOR-US: Storage Performance Development Kit
CVE-2019-14939 (An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for N ...)
- node-mysql 2.18.0-1 (bug #934712)
- [buster] - node-mysql <no-dsa> (Minor issue)
+ [buster] - node-mysql 2.16.0-1+deb10u1
[stretch] - node-mysql <end-of-life> (Nodejs in stretch not covered by security support)
[jessie] - node-mysql <end-of-life> (Nodejs in jessie not covered by security support)
NOTE: https://github.com/mysqljs/mysql/issues/2257
@@ -15220,8 +15275,12 @@ CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in v
NOTE: https://bugs.debian.org/947129
NOTE: https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d163a943737fe4160f7233925df2eee1f9a
CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in versions befo ...)
- - undertow <undetermined>
+ - undertow 2.0.30-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464
+ NOTE: https://issues.redhat.com/browse/UNDERTOW-1623
+ NOTE: https://github.com/undertow-io/undertow/commit/846c50ead09f7d0b38965b4726ba0b6c5582bf7f (and followups)
+ NOTE: https://github.com/undertow-io/undertow/pull/828
+ NOTE: https://github.com/undertow-io/undertow/pull/852
CVE-2019-14887 (A flaw was found when an OpenSSL security provider is used with Wildfl ...)
- wildfly <itp> (bug #752018)
CVE-2019-14886 (A vulnerability was found in business-central, as shipped in rhdm-7.5. ...)
@@ -15401,11 +15460,11 @@ CVE-2019-14857 (A flaw was found in mod_auth_openidc before version 2.4.0.1. An
NOTE: https://groups.google.com/forum/#!topic/mod_auth_openidc/boy1Ba3Gdk4
CVE-2019-14855 (A flaw was found in the way certificate signatures could be forged usi ...)
- gnupg2 2.2.19-1 (low; bug #945859)
- [buster] - gnupg2 <no-dsa> (Minor issue)
+ [buster] - gnupg2 <ignored> (Minor issue)
[stretch] - gnupg2 <no-dsa> (Minor issue)
[jessie] - gnupg2 <ignored> (No backport to version << 2.2.x, low impact, danger of breaking things)
- gnupg1 <unfixed> (low)
- [buster] - gnupg1 <no-dsa> (Minor issue)
+ [buster] - gnupg1 <ignored> (Minor issue)
[stretch] - gnupg1 <no-dsa> (Minor issue)
- gnupg <removed> (low)
[jessie] - gnupg <ignored> (No backport to version << 2.2.x, low impact, danger of breaking things)
@@ -15832,23 +15891,26 @@ CVE-2019-14736
CVE-2019-14735
RESERVED
CVE-2019-14734 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CmtkLoader::l ...)
- - adplug <unfixed>
+ - adplug 2.3.3+dfsg-2
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/90
+ NOTE: https://github.com/adplug/adplug/commit/8342139c09178823dba3f3bbd8b53d0ea0c72de9
CVE-2019-14733 (AdPlug 2.3.1 has multiple heap-based buffer overflows in CradLoader::l ...)
- - adplug <unfixed>
+ - adplug 2.3.3+dfsg-2
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/89
+ NOTE: https://github.com/adplug/adplug/commit/cb715174f95187bf544c11ca2a2ecd091b7fbb8a (eventually got replaced by rad2.cpp rewrite)
CVE-2019-14732 (AdPlug 2.3.1 has multiple heap-based buffer overflows in Ca2mLoader::l ...)
- - adplug <unfixed>
+ - adplug 2.3.3+dfsg-2
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/88
+ NOTE: https://github.com/adplug/adplug/commit/30ddcfe9bd1cce3e02f8135961bceb411419dbdb
CVE-2019-14731 (An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vul ...)
NOT-FOR-US: ZenTao CMS
CVE-2019-14730 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecu ...)
@@ -15873,24 +15935,24 @@ CVE-2019-14721 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an
NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2019-14720
RESERVED
-CVE-2019-14719
- RESERVED
-CVE-2019-14718
- RESERVED
-CVE-2019-14717
- RESERVED
-CVE-2019-14716
- RESERVED
-CVE-2019-14715
- RESERVED
+CVE-2019-14719 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow ...)
+ NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals
+CVE-2019-14718 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have I ...)
+ NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals
+CVE-2019-14717 (Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 hav ...)
+ NOT-FOR-US: Verifone Verix OS on VerixV Pinpad Payment Terminals
+CVE-2019-14716 (Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocum ...)
+ NOT-FOR-US: Verifone VerixV Pinpad Payment Terminals
+CVE-2019-14715 (Verifone Pinpad Payment Terminals allow undocumented physical access t ...)
+ NOT-FOR-US: Verifone Pinpad Payment Terminals
CVE-2019-14714
RESERVED
-CVE-2019-14713
- RESERVED
-CVE-2019-14712
- RESERVED
-CVE-2019-14711
- RESERVED
+CVE-2019-14713 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow ...)
+ NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals
+CVE-2019-14712 (Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of ...)
+ NOT-FOR-US: Verifone VerixV Pinpad Payment Terminals
+CVE-2019-14711 (Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a ...)
+ NOT-FOR-US: Verifone MX900 series Pinpad Payment Terminals
CVE-2019-14710
RESERVED
CVE-2019-14709 (A cleartext password storage issue was discovered on MicroDigital N-se ...)
@@ -15927,21 +15989,21 @@ CVE-2019-14693 (Zoho ManageEngine AssetExplorer 6.2.0 is vulnerable to an XML Ex
NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2019-14692 (AdPlug 2.3.1 has a heap-based buffer overflow in CmkjPlayer::load() in ...)
[experimental] - adplug 2.3.3+dfsg-1
- - adplug <unfixed> (bug #943927)
+ - adplug 2.3.3+dfsg-2 (bug #943927)
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/87
CVE-2019-14691 (AdPlug 2.3.1 has a heap-based buffer overflow in CdtmLoader::load() in ...)
[experimental] - adplug 2.3.3+dfsg-1
- - adplug <unfixed> (bug #943928)
+ - adplug 2.3.3+dfsg-2 (bug #943928)
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
NOTE: https://github.com/adplug/adplug/issues/86
CVE-2019-14690 (AdPlug 2.3.1 has a heap-based buffer overflow in CxadbmfPlayer::__bmf_ ...)
[experimental] - adplug 2.3.3+dfsg-1
- - adplug <unfixed> (bug #943929)
+ - adplug 2.3.3+dfsg-2 (bug #943929)
[buster] - adplug <no-dsa> (Minor issue)
[stretch] - adplug <no-dsa> (Minor issue)
[jessie] - adplug <no-dsa> (Minor issue)
@@ -16195,6 +16257,11 @@ CVE-2019-14585
RESERVED
CVE-2019-14584
RESERVED
+ - edk2 <unfixed>
+ [buster] - edk2 <no-dsa> (Minor issue)
+ [stretch] - edk2 <ignored> (Minor issue)
+ NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1914
+ NOTE: https://github.com/tianocore/edk2/commit/26442d11e620a9e81c019a24a4ff38441c64ba10
CVE-2019-14583
RESERVED
CVE-2019-14582
@@ -16271,8 +16338,7 @@ CVE-2019-14559 [memory leak in ArpOnFrameRcvdDpc]
[jessie] - edk2 <end-of-life> (non-free)
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2550
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=2031
-CVE-2019-14558
- RESERVED
+CVE-2019-14558 (Insufficient control flow management in BIOS firmware for 8th, 9th, 10 ...)
- edk2 0~20200229.4c0f6e34-1
[buster] - edk2 0~20181115.85588389-3+deb10u1
[stretch] - edk2 <ignored> (Minor issue)
@@ -16280,10 +16346,10 @@ CVE-2019-14558
NOTE: https://bugzilla.tianocore.org/show_bug.cgi?id=1611
NOTE: https://github.com/tianocore/edk2/commit/764e8ba1389a617639d79d2c4f0d53f4ea4a7387
NOTE: https://github.com/tianocore/edk2/commit/f1d78c489a39971b5aac5d2fc8a39bfa925c3c5d
-CVE-2019-14557
- RESERVED
-CVE-2019-14556
- RESERVED
+CVE-2019-14557 (Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R ...)
+ NOT-FOR-US: Intel
+CVE-2019-14556 (Improper initialization in BIOS firmware for 8th, 9th, 10th Generation ...)
+ NOT-FOR-US: Intel
CVE-2019-14555
RESERVED
CVE-2019-14554
@@ -16458,13 +16524,13 @@ CVE-2019-14498 (A divide-by-zero error exists in the Control function of demux/c
CVE-2019-14497 (ModuleEditor::convertInstrument in tracker/ModuleEditor.cpp in MilkyTr ...)
{DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
- [buster] - milkytracker <no-dsa> (Minor issue)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/issues/182
NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
CVE-2019-14496 (LoaderXM::load in LoaderXM.cpp in milkyplay in MilkyTracker 1.02.00 ha ...)
{DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
- [buster] - milkytracker <no-dsa> (Minor issue)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/issues/183
NOTE: https://github.com/milkytracker/MilkyTracker/commit/ea7772a3fae0a9dd0a322e8fec441d15843703b7
CVE-2019-14495 (webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the a ...)
@@ -16580,7 +16646,7 @@ CVE-2019-14465 (fmt_mtm_load_song in fmt/mtm.c in Schism Tracker 20190722 has a
CVE-2019-14464 (XMFile::read in XMFile.cpp in milkyplay in MilkyTracker 1.02.00 has a ...)
{DLA-2292-1 DLA-1961-1}
- milkytracker 1.02.00+dfsg-2 (bug #933964)
- [buster] - milkytracker <no-dsa> (Minor issue)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/issues/184
NOTE: https://github.com/milkytracker/MilkyTracker/commit/fd607a3439fcdd0992e5efded3c16fc79c804e34
CVE-2019-14463 (An issue was discovered in libmodbus before 3.0.7 and 3.1.x before 3.1 ...)
@@ -16606,9 +16672,9 @@ CVE-2019-14461
CVE-2019-14460
RESERVED
CVE-2019-14459 (nfdump 1.6.17 and earlier is affected by an integer overflow in the fu ...)
+ {DLA-2383-1}
- nfdump 1.6.18-1 (bug #933740)
[buster] - nfdump <no-dsa> (Minor issue)
- [stretch] - nfdump <no-dsa> (Minor issue)
NOTE: https://github.com/phaag/nfdump/issues/171
NOTE: https://github.com/phaag/nfdump/commit/3b006ededaf351f1723aea6c727c9edd1b1fff9b
CVE-2019-14458 (VIVOTEK IP Camera devices with firmware before 0x20x allow a denial of ...)
@@ -17205,8 +17271,9 @@ CVE-2019-14249 (dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows at
NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/cb7198abde46c2ae29957ad460da6886eaa606ba
NOTE: Introduced in: https://sourceforge.net/p/libdwarf/code/ci/4709f63c8b7488241b5b522267a796834a66db3a
CVE-2019-14248 (In libnasm.a in Netwide Assembler (NASM) 2.14.xx, asm/pragma.c allows ...)
- - nasm <unfixed> (unimportant; bug #932907)
+ - nasm 2.15.02-1 (unimportant; bug #932907)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392576
+ NOTE: https://github.com/netwide-assembler/nasm/commit/93d41d82963b2cfd0b24c906f5a8daf53281b559
NOTE: Crash in CLI tool, no security impact
CVE-2019-14247 (The scan() function in mad.c in mpg321 0.3.2 allows remote attackers t ...)
- mpg321 0.3.2-2
@@ -18769,8 +18836,8 @@ CVE-2019-13635 (The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows
NOT-FOR-US: WP Fastest Cache plugin for WordPress
CVE-2019-13634
RESERVED
-CVE-2019-13633
- RESERVED
+CVE-2019-13633 (Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attack ...)
+ NOT-FOR-US: Blinger.io
CVE-2019-13632
RESERVED
CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the L ...)
@@ -19959,7 +20026,7 @@ CVE-2019-13208 (WavesSysSvc in Waves MAXX Audio allows privilege escalation beca
NOT-FOR-US: Waves MAXX Audio
CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer Overflo ...)
- nsd 4.2.4-1 (low; bug #931476)
- [buster] - nsd <no-dsa> (Minor issue)
+ [buster] - nsd <ignored> (Minor issue)
[stretch] - nsd <no-dsa> (Minor issue)
[jessie] - nsd <postponed> (Minor issue, crash on malformed admin-controlled disk configuration)
- nsd3 <removed>
@@ -21199,10 +21266,11 @@ CVE-2019-12762 (Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen
NOT-FOR-US: Xiaomi Mi 5s Plus devices
CVE-2019-12761 (A code injection issue was discovered in PyXDG before 0.26 via crafted ...)
{DLA-1819-1}
- - pyxdg <unfixed> (low; bug #930099)
+ - pyxdg 0.26-1 (low; bug #930099)
[buster] - pyxdg <no-dsa> (Minor issue)
[stretch] - pyxdg <no-dsa> (Minor issue)
NOTE: https://snyk.io/vuln/SNYK-PYTHON-PYXDG-174562
+ NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/-/commit/aa4ce1bbc59def6975c9dd1598aafb3ef3fea681 (rel-0.26)
NOTE: https://gitlab.freedesktop.org/xdg/pyxdg/issues/14
CVE-2019-12760 (** DISPUTED ** A deserialization vulnerability exists in the way parso ...)
- parso 0.5.1-0.1 (unimportant; bug #930356)
@@ -22124,7 +22192,7 @@ CVE-2019-12414 (In Apache Incubator Superset before 0.32, a user can view databa
CVE-2019-12413 (In Apache Incubator Superset before 0.31 user could query database met ...)
NOT-FOR-US: Apache Superset
CVE-2019-12411
- RESERVED
+ REJECTED
CVE-2019-12410 (While investigating UBSAN errors in https://github.com/apache/arrow/pu ...)
NOT-FOR-US: Apache Arrow
CVE-2019-12409 (The 8.1.1 and 8.2.0 releases of Apache Solr contain an insecure settin ...)
@@ -22144,7 +22212,7 @@ CVE-2019-12403
REJECTED
CVE-2019-12402 (The file name encoding algorithm used internally in Apache Commons Com ...)
- libcommons-compress-java 1.18-3 (low; bug #939610)
- [buster] - libcommons-compress-java <no-dsa> (Minor issue)
+ [buster] - libcommons-compress-java 1.18-2+deb10u1
[stretch] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
[jessie] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2019/08/27/1
@@ -22390,8 +22458,8 @@ CVE-2019-12307
RESERVED
CVE-2019-12306
RESERVED
-CVE-2019-12305
- RESERVED
+CVE-2019-12305 (In EZCast Pro II, the administrator password md5 hash is provided upon ...)
+ NOT-FOR-US: EZCast Pro II
CVE-2019-12304
RESERVED
CVE-2019-12303 (In Rancher 2 through 2.2.3, Project owners can inject additional fluen ...)
@@ -23042,7 +23110,7 @@ CVE-2019-12068 (In QEMU 1:4.1-1, 1:2.1+dfsg-12+deb8u6, 1:2.8+dfsg-6+deb9u8, 1:3.
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de594e47659029316bbf9391efb79da0a1a08e08
CVE-2019-12067 [ide: ahci: add check to avoid null dereference]
RESERVED
- - qemu <unfixed> (low)
+ - qemu <unfixed> (low; bug #972099)
[buster] - qemu <postponed> (Minor issue, revisit when fixed upstream)
[stretch] - qemu <postponed> (Minor issue, can be fixed along in future update)
[jessie] - qemu <postponed> (Minor issue, can be fixed along in future update)
@@ -23511,7 +23579,7 @@ CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the RICOH
CVE-2019-11843 (The MailPoet plugin before 3.23.2 for WordPress allows remote attacker ...)
NOT-FOR-US: MailPoet plugin for WordPress
CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...)
- {DLA-1920-1}
+ {DLA-2402-1 DLA-1920-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1
NOTE: https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442
NOTE: Patch fixes the second part of the CVE ("prepend arbitrary text")
@@ -23519,7 +23587,7 @@ CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsi
NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html
NOTE: Upstream feels that this is not a security issue. See https://github.com/golang/go/issues/41200.
CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...)
- {DLA-1840-1}
+ {DLA-2402-1 DLA-1840-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1
NOTE: https://github.com/golang/go/issues/30965
NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d
@@ -23859,7 +23927,7 @@ CVE-2019-11746 (A use-after-free vulnerability can occur while manipulating vide
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
CVE-2019-11745 (When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa ...)
- {DSA-4579-1 DLA-2008-1}
+ {DSA-4579-1 DLA-2388-1 DLA-2008-1}
- nss 2:3.47.1-1
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
NOTE: https://hg.mozilla.org/projects/nss/rev/1e22a0c93afe9f46545560c86caedef9dab6cfda
@@ -23949,7 +24017,7 @@ CVE-2019-11730 (A vulnerability exists where if a user opens a locally saved HTM
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11730
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11730
CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a segmentation fa ...)
- {DLA-1857-1}
+ {DLA-2388-1 DLA-1857-1}
- firefox 68.0-1 (unimportant)
- firefox-esr 60.8.0esr-1 (unimportant)
[buster] - firefox-esr 60.8.0esr-1~deb10u1
@@ -23959,7 +24027,6 @@ CVE-2019-11729 (Empty or malformed p256-ECDH public keys may trigger a segmentat
[stretch] - thunderbird 1:60.8.0-1~deb9u1
- nss 2:3.45-1
[buster] - nss 2:3.42.1-1+deb10u1
- [stretch] - nss <no-dsa> (Minor issue)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11729
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11729
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11729
@@ -24002,7 +24069,7 @@ CVE-2019-11720 (Some unicode characters are incorrectly treated as whitespace du
- firefox 68.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11720
CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with leading 0 ...)
- {DLA-1857-1}
+ {DLA-2388-1 DLA-1857-1}
- firefox 68.0-1 (unimportant)
- firefox-esr 60.8.0esr-1 (unimportant)
[buster] - firefox-esr 60.8.0esr-1~deb10u1
@@ -24012,7 +24079,6 @@ CVE-2019-11719 (When importing a curve25519 private key in PKCS#8format with lea
[stretch] - thunderbird 1:60.8.0-1~deb9u1
- nss 2:3.45-1
[buster] - nss 2:3.42.1-1+deb10u1
- [stretch] - nss <no-dsa> (Minor issue)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-21/#CVE-2019-11719
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-22/#CVE-2019-11719
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-23/#CVE-2019-11719
@@ -24501,8 +24567,8 @@ CVE-2019-11558
RESERVED
CVE-2019-11557 (The WebDorado Contact Form Builder plugin before 1.0.69 for WordPress ...)
NOT-FOR-US: WebDorado Contact Form Builder plugi for WordPress
-CVE-2019-11556
- RESERVED
+CVE-2019-11556 (Pagure before 5.6 allows XSS via the templates/blame.html blame view. ...)
+ - pagure <not-affected> (Fixed before initial release)
CVE-2019-11554 (The Audible application through 2.34.0 for Android has Missing SSL Cer ...)
NOT-FOR-US: Audible application for Android
CVE-2019-11553 (In Code42 for Enterprise through 6.8.4, an administrator without web r ...)
@@ -28091,7 +28157,7 @@ CVE-2019-10205 (A flaw was found in the way Red Hat Quay stores robot account to
CVE-2019-10204
RESERVED
CVE-2019-10203 (PowerDNS Authoritative daemon , pdns versions 4.0.x before 4.0.9, 4.1. ...)
- - pdns 4.2.0-1 (low)
+ - pdns 4.2.0-1 (low; bug #970729)
[buster] - pdns <no-dsa> (Minor issue)
[stretch] - pdns <no-dsa> (Minor issue)
[jessie] - pdns <no-dsa> (Minor issue)
@@ -28218,7 +28284,7 @@ CVE-2019-10173 (It was found that xstream API version 1.4.10 before 1.4.11 intro
NOTE: Regression introduced and present only in 1.4.10.
CVE-2019-10172 (A flaw was found in org.codehaus.jackson:jackson-mapper-asl:1.9.x libr ...)
{DLA-2342-1 DLA-2091-1}
- - libjackson-json-java <unfixed>
+ - libjackson-json-java 1.9.13-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1715075
NOTE: https://stackoverflow.com/questions/38017676/small-fix-for-cve-2016-3720-with-older-versions-of-jackson-all-1-9-11-and-in-ja/38017721
NOTE: https://github.com/FasterXML/jackson-1/pull/1
@@ -29686,6 +29752,7 @@ CVE-2019-1010092
CVE-2019-1010091 (tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization ...)
- tinymce <unfixed> (bug #970256)
[buster] - tinymce <no-dsa> (Minor issue)
+ [stretch] - tinymce <ignored> (Minor issue, can't reproduce)
[jessie] - tinymce <ignored> (Minor issue, requires manually copy/pasting javascript to execute it, can't reproduce on Jessie)
NOTE: https://github.com/tinymce/tinymce/issues/4394
CVE-2019-1010090
@@ -29777,8 +29844,8 @@ CVE-2019-1010059
CVE-2019-1010058
RESERVED
CVE-2019-1010057 (nfdump 1.6.16 and earlier is affected by: Buffer Overflow. The impact ...)
+ {DLA-2383-1}
- nfdump 1.6.17-1
- [stretch] - nfdump <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/phaag/nfdump/issues/104
NOTE: https://github.com/phaag/nfdump/commit/9f0fe9563366f62a71d34c92229da3432ec5cf0e
CVE-2019-1010056
@@ -29854,7 +29921,7 @@ CVE-2019-1010024 (GNU Libc current is affected by: Mitigation bypass. The impact
- glibc <unfixed> (unimportant)
NOTE: Not treated as a security issue by upstream
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22852
-CVE-2019-1010023 (GNU Libc current is affected by: Re-mapping current loaded libray with ...)
+CVE-2019-1010023 (GNU Libc current is affected by: Re-mapping current loaded library wit ...)
- glibc <unfixed> (unimportant)
NOTE: Not treated as a security issue by upstream
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22851
@@ -32281,8 +32348,8 @@ CVE-2019-9082 (ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and othe
NOT-FOR-US: ThinkPHP
CVE-2019-9081 (The Illuminate component of Laravel Framework 5.7.x has a deserializat ...)
NOT-FOR-US: Laravel Framework
-CVE-2019-9080
- RESERVED
+CVE-2019-9080 (DomainMOD before 4.14.0 uses MD5 without a salt for password storage. ...)
+ NOT-FOR-US: DomainMOD
CVE-2019-9079
RESERVED
CVE-2019-9078 (zzcms 2019 has XSS via an arbitrary user/ask.php?do=modify parameter b ...)
@@ -34403,7 +34470,7 @@ CVE-2019-8325 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -34413,7 +34480,7 @@ CVE-2019-8324 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -34423,7 +34490,7 @@ CVE-2019-8323 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -34433,7 +34500,7 @@ CVE-2019-8322 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -34444,7 +34511,7 @@ CVE-2019-8321 (An issue was discovered in RubyGems 2.6 and later through 3.0.2.
- ruby2.3 <removed>
- ruby2.1 <removed>
[jessie] - ruby2.1 <not-affected> (Vulnerable code introduced later)
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
NOTE: https://blog.rubygems.org/2019/03/05/security-advisories-2019-03.html
@@ -34454,7 +34521,7 @@ CVE-2019-8320 (A Directory Traversal issue was discovered in RubyGems 2.7.6 and
- ruby2.5 2.5.5-1
- ruby2.3 <removed>
- ruby2.1 <removed>
- - rubygems <removed>
+ - rubygems <unfixed>
- jruby 9.1.17.0-3 (bug #925987)
[jessie] - jruby <not-affected> (Vulnerable code introduced later)
NOTE: https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
@@ -37164,10 +37231,10 @@ CVE-2019-7180
RESERVED
CVE-2019-7179
RESERVED
-CVE-2019-7178
- RESERVED
-CVE-2019-7177
- RESERVED
+CVE-2019-7178 (Pexip Infinity before 20.1 allows privilege escalation by restoring a ...)
+ NOT-FOR-US: Pexip Infinity
+CVE-2019-7177 (Pexip Infinity before 20.1 allows Code Injection onto nodes via an adm ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2019-7176 (An issue was discovered in GitLab Community and Enterprise Edition 8.x ...)
- gitlab 11.5.10+dfsg-1 (bug #921059)
NOTE: https://about.gitlab.com/2019/01/31/security-release-gitlab-11-dot-7-dot-3-released/
@@ -39190,11 +39257,9 @@ CVE-2019-6295 (Cleanto 5.0 has SQL Injection via the assets/lib/service_method_a
CVE-2019-6294 (An issue was discovered in EasyCMS 1.5. There is CSRF via the index.ph ...)
NOT-FOR-US: EasyCMS
CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in nf ...)
- - flex <unfixed> (low; bug #919428)
- [buster] - flex <no-dsa> (Minor issue)
- [stretch] - flex <no-dsa> (Minor issue)
- [jessie] - flex <no-dsa> (Minor issue)
+ - flex <unfixed> (unimportant; bug #919428)
NOTE: https://github.com/westes/flex/issues/414
+ NOTE: Negligible security impact
CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYam ...)
- yaml-cpp 0.6.3-1 (low; bug #919430)
[buster] - yaml-cpp <no-dsa> (Minor issue)
@@ -42955,8 +43020,8 @@ CVE-2019-4727
RESERVED
CVE-2019-4726 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 i ...)
NOT-FOR-US: IBM
-CVE-2019-4725
- RESERVED
+CVE-2019-4725 (IBM Security Access Manager Appliance 9.0 is vulnerable to cross-site ...)
+ NOT-FOR-US: IBM
CVE-2019-4724
RESERVED
CVE-2019-4723
@@ -43045,8 +43110,8 @@ CVE-2019-4682
RESERVED
CVE-2019-4681 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...)
NOT-FOR-US: IBM
-CVE-2019-4680
- RESERVED
+CVE-2019-4680 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 i ...)
+ NOT-FOR-US: IBM
CVE-2019-4679 (IBM Content Navigator 3.0CD could allow an authenticated user to gain ...)
NOT-FOR-US: IBM
CVE-2019-4678
@@ -43301,8 +43366,8 @@ CVE-2019-4554
RESERVED
CVE-2019-4553 (IBM API Connect V5.0.0.0 through 5.0.8.7iFix3 uses weaker than expecte ...)
NOT-FOR-US: IBM
-CVE-2019-4552
- RESERVED
+CVE-2019-4552 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ NOT-FOR-US: IBM
CVE-2019-4551 (IBM Security Directory Server 6.4.0 does not perform an authentication ...)
NOT-FOR-US: IBM
CVE-2019-4550 (IBM Security Directory Server 6.4.0 is deployed with active debugging ...)
@@ -43315,8 +43380,8 @@ CVE-2019-4547
RESERVED
CVE-2019-4546 (After installing the IBM Maximo Health- Safety and Environment Manager ...)
NOT-FOR-US: IBM
-CVE-2019-4545
- RESERVED
+CVE-2019-4545 (IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Au ...)
+ NOT-FOR-US: IBM
CVE-2019-4544
RESERVED
CVE-2019-4543
@@ -43667,8 +43732,8 @@ CVE-2019-4371
RESERVED
CVE-2019-4370
RESERVED
-CVE-2019-4369 (IBM BigFix Inventory v9 (SUA v9 / ILMT v9) discloses sensitive informa ...)
- NOT-FOR-US: IBM
+CVE-2019-4369
+ REJECTED
CVE-2019-4368
RESERVED
CVE-2019-4367
@@ -43753,10 +43818,10 @@ CVE-2019-4328
RESERVED
CVE-2019-4327 ("HCL AppScan Enterprise uses hard-coded credentials which can be explo ...)
NOT-FOR-US: HCL AppScan Enterprise
-CVE-2019-4326
- RESERVED
-CVE-2019-4325
- RESERVED
+CVE-2019-4326 ("HCL AppScan Enterprise security rules update administration section o ...)
+ NOT-FOR-US: HCL
+CVE-2019-4325 ("HCL AppScan Enterprise makes use of broken or risky cryptographic alg ...)
+ NOT-FOR-US: HCL
CVE-2019-4324 ("HCL AppScan Enterprise is susceptible to Cross-Site Scripting while i ...)
NOT-FOR-US: HCL
CVE-2019-4323 ("HCL AppScan Enterprise advisory API documentation is susceptible to c ...)
@@ -44735,8 +44800,9 @@ CVE-2019-3876 (A flaw was found in the /oauth/token/request custom endpoint of t
CVE-2019-3875 (A vulnerability was found in keycloak before 6.0.2. The X.509 authenti ...)
NOT-FOR-US: Keycloak
CVE-2019-3874 (The SCTP socket buffer used by a userspace application is not accounte ...)
+ {DLA-2385-1}
- linux 5.2.6-1
- [buster] - linux <ignored> (Minor issue)
+ [buster] - linux 4.19.146-1
[stretch] - linux <ignored> (Minor issue)
[jessie] - linux <ignored> (Minor issue)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1686373
@@ -45351,6 +45417,7 @@ CVE-2019-3682 (The docker-kubic package in SUSE CaaS Platform 3.0 before 17.09.1
CVE-2019-3681 (A External Control of File Name or Path vulnerability in osc of SUSE L ...)
- osc <unfixed> (bug #969999)
[buster] - osc <no-dsa> (Minor issue)
+ [stretch] - osc <no-dsa> (Minor issue)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1122675
NOTE: https://github.com/openSUSE/osc/commit/a79c54418baf9b9785123bd07f350f12bd729ed3 (0.169.0)
CVE-2019-3680
@@ -48653,9 +48720,9 @@ CVE-2019-2201 (In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, the
NOTE: https://android.googlesource.com/platform/external/libjpeg-turbo/+/d3db2a2634c422286f75c4b38af98837f3d2f0ff
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/361
NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2a9e3bd7430cfda1bc812d139e0609c6aca0b884
- NOTE: https://github.com/clearlinux-pkgs/libjpeg-turbo/commit/0a5d06c3dd4a64754d7e6ffa081fd9132714f74c
NOTE: The description text is wrong, this CVE is about gigapixel images not ARM NEON SIMD code.
NOTE: See https://bugs.gentoo.org/show_bug.cgi?id=699830#c12
+ NOTE: Followup fix for tjbench: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c30b1e72dac76343ef9029833d1561de07d29bad
CVE-2019-2200 (In updatePermissions of PermissionManagerService.java, it may be possi ...)
NOT-FOR-US: Android
CVE-2019-2199 (In createSessionInternal of PackageInstallerService.java, there is a p ...)
@@ -48668,8 +48735,7 @@ CVE-2019-2196 (In Download Provider, there is possible SQL injection. This could
NOT-FOR-US: Android
CVE-2019-2195 (In tokenize of sqlite3_android.cpp, there is a possible attacker contr ...)
NOT-FOR-US: Android
-CVE-2019-2194
- RESERVED
+CVE-2019-2194 (In SurfaceFlinger::createLayer of SurfaceFlinger.cpp, there is a possi ...)
NOT-FOR-US: Android
CVE-2019-2193 (In WelcomeActivity.java and related files, there is a possible permiss ...)
NOT-FOR-US: Android
@@ -49118,8 +49184,8 @@ CVE-2019-1985 (In findAvailSpellCheckerLocked of TextServicesManagerService.java
NOT-FOR-US: Android
CVE-2019-1984 (A vulnerability in Cisco Enterprise Network Functions Virtualization I ...)
NOT-FOR-US: Cisco
-CVE-2019-1983
- RESERVED
+CVE-2019-1983 (A vulnerability in the email message filtering feature of Cisco AsyncO ...)
+ NOT-FOR-US: Cisco
CVE-2019-1982 (A vulnerability in the HTTP traffic filtering component of Cisco Firep ...)
NOT-FOR-US: Cisco
CVE-2019-1981 (A vulnerability in the normalization functionality of Cisco Firepower ...)
@@ -49190,8 +49256,8 @@ CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Fi
NOT-FOR-US: Cisco
CVE-2019-1948 (A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an un ...)
NOT-FOR-US: Cisco
-CVE-2019-1947
- RESERVED
+CVE-2019-1947 (A vulnerability in the email message filtering feature of Cisco AsyncO ...)
+ NOT-FOR-US: Cisco
CVE-2019-1946 (A vulnerability in the web-based management interface of Cisco Enterpr ...)
NOT-FOR-US: Cisco
CVE-2019-1945 (Multiple vulnerabilities in the smart tunnel functionality of Cisco Ad ...)
@@ -49308,8 +49374,8 @@ CVE-2019-1890 (A vulnerability in the fabric infrastructure VLAN connection esta
NOT-FOR-US: Cisco
CVE-2019-1889 (A vulnerability in the REST API for software device management in Cisc ...)
NOT-FOR-US: Cisco
-CVE-2019-1888
- RESERVED
+CVE-2019-1888 (A vulnerability in the Administration Web Interface of Cisco Unified C ...)
+ NOT-FOR-US: Cisco
CVE-2019-1887 (A vulnerability in the Session Initiation Protocol (SIP) protocol impl ...)
NOT-FOR-US: Cisco
CVE-2019-1886 (A vulnerability in the HTTPS decryption feature of Cisco Web Security ...)
@@ -49636,8 +49702,8 @@ CVE-2019-1738 (A vulnerability in the Network-Based Application Recognition (NBA
NOT-FOR-US: Cisco
CVE-2019-1737 (A vulnerability in the processing of IP Service Level Agreement (SLA) ...)
NOT-FOR-US: Cisco
-CVE-2019-1736
- RESERVED
+CVE-2019-1736 (A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers ...)
+ NOT-FOR-US: Cisco
CVE-2019-1735 (A vulnerability in the CLI of Cisco NX-OS Software could allow an auth ...)
NOT-FOR-US: Cisco
CVE-2019-1734 (A vulnerability in the implementation of a CLI diagnostic command in C ...)
@@ -52884,7 +52950,7 @@ CVE-2019-0194 (Apache Camel's File is vulnerable to directory traversal. Camel 2
CVE-2019-0193 (In Apache Solr, the DataImportHandler, an optional but popular module ...)
{DLA-2327-1 DLA-1954-1}
- lucene-solr 3.6.2+dfsg-22 (low)
- [buster] - lucene-solr <no-dsa> (Minor issue)
+ [buster] - lucene-solr 3.6.2+dfsg-20+deb10u2
NOTE: https://issues.apache.org/jira/browse/SOLR-13669
NOTE: upstream recommends everybody upgrade or rework their configuration
NOTE: consider backporting enable.dih.dataConfigParam instead:
@@ -53000,18 +53066,23 @@ CVE-2019-0150 (Insufficient access control in firmware Intel(R) Ethernet 700 Ser
NOT-FOR-US: Intel firmware for Ethernet 700 Series
CVE-2019-0149 (Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0148 (Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0147 (Insufficient input validation in i40e driver for Intel(R) Ethernet 700 ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0146 (Resource leak in i40e driver for Intel(R) Ethernet 700 Series Controll ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0145 (Buffer overflow in i40e driver for Intel(R) Ethernet 700 Series Contro ...)
- linux 5.2.6-1
+ [buster] - linux 4.19.146-1
NOTE: https://lists.osuosl.org/pipermail/intel-wired-lan/Week-of-Mon-20200810/021006.html
CVE-2019-0144 (Unhandled exception in firmware for Intel(R) Ethernet 700 Series Contr ...)
NOT-FOR-US: Intel firmware for Ethernet 700 Series
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 6d84643..2db63b3 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,33 +1,4163 @@
-CVE-2020-XXXX [RUSTSEC-2020-0041: sized-chunks: Multiple soundness issues in Chunk and InlineArray]
- - rust-sized-chunks <unfixed> (bug #970586)
- NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
- NOTE: https://github.com/bodil/sized-chunks/issues/11
-CVE-2020-25780
+CVE-2020-27744
RESERVED
-CVE-2020-25779
+CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAN ...)
+ - libpam-tacplus <unfixed>
+ NOTE: https://github.com/kravietz/pam_tacplus/pull/163
+CVE-2020-27742
RESERVED
-CVE-2020-25778
+CVE-2020-27741
RESERVED
-CVE-2020-25777
+CVE-2020-27740
RESERVED
-CVE-2020-25776
+CVE-2020-27739
RESERVED
-CVE-2020-25775
+CVE-2020-27738
RESERVED
-CVE-2020-25774
+CVE-2020-27737
RESERVED
-CVE-2020-25773
+CVE-2020-27736
RESERVED
-CVE-2020-25772
+CVE-2020-27735
RESERVED
-CVE-2020-25771
+CVE-2020-27734
RESERVED
-CVE-2020-25770
+CVE-2020-27733
RESERVED
-CVE-2020-25769
+CVE-2020-27732
+ RESERVED
+CVE-2020-27731
+ RESERVED
+CVE-2020-27730
+ RESERVED
+CVE-2020-27729
+ RESERVED
+CVE-2020-27728
+ RESERVED
+CVE-2020-27727
+ RESERVED
+CVE-2020-27726
+ RESERVED
+CVE-2020-27725
+ RESERVED
+CVE-2020-27724
+ RESERVED
+CVE-2020-27723
+ RESERVED
+CVE-2020-27722
+ RESERVED
+CVE-2020-27721
+ RESERVED
+CVE-2020-27720
+ RESERVED
+CVE-2020-27719
+ RESERVED
+CVE-2020-27718
+ RESERVED
+CVE-2020-27717
+ RESERVED
+CVE-2020-27716
+ RESERVED
+CVE-2020-27715
+ RESERVED
+CVE-2020-27714
+ RESERVED
+CVE-2020-27713
+ RESERVED
+CVE-2020-27712
+ RESERVED
+CVE-2020-27711
+ RESERVED
+CVE-2020-27710
+ RESERVED
+CVE-2020-27709
+ RESERVED
+CVE-2020-27708
+ RESERVED
+CVE-2020-27707
+ RESERVED
+CVE-2020-27706
+ RESERVED
+CVE-2020-27705
+ RESERVED
+CVE-2020-27704
+ RESERVED
+CVE-2020-27703
+ RESERVED
+CVE-2020-27702
+ RESERVED
+CVE-2020-27701
+ RESERVED
+CVE-2020-27700
+ RESERVED
+CVE-2020-27699
+ RESERVED
+CVE-2020-27698
+ RESERVED
+CVE-2020-27697
+ RESERVED
+CVE-2020-27696
+ RESERVED
+CVE-2020-27695
+ RESERVED
+CVE-2020-27694
+ RESERVED
+CVE-2020-27693
+ RESERVED
+CVE-2020-27692
+ RESERVED
+CVE-2020-27691
+ RESERVED
+CVE-2020-27690
+ RESERVED
+CVE-2020-27689
+ RESERVED
+CVE-2020-27688
+ RESERVED
+CVE-2020-27687
+ RESERVED
+CVE-2020-27686
+ RESERVED
+CVE-2020-27685
+ RESERVED
+CVE-2020-27684
+ RESERVED
+CVE-2020-27683
+ RESERVED
+CVE-2020-27682
+ RESERVED
+CVE-2020-27681
+ RESERVED
+CVE-2020-27680
+ RESERVED
+CVE-2020-27679
+ RESERVED
+CVE-2020-27678 (An issue was discovered in illumos before 2020-10-22, as used in OmniO ...)
+ NOT-FOR-US: illumos
+CVE-2020-27677
+ RESERVED
+CVE-2020-27676
+ RESERVED
+CVE-2020-27669
+ RESERVED
+CVE-2020-27668
+ RESERVED
+CVE-2020-27667
+ RESERVED
+CVE-2020-27666 (Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview fea ...)
+ NOT-FOR-US: Strapi
+CVE-2020-27665 (In Strapi before 3.2.5, there is no admin::hasPermissions restriction ...)
+ NOT-FOR-US: Strapi
+CVE-2020-27664 (admin/src/containers/InputModalStepperProvider/index.js in Strapi befo ...)
+ NOT-FOR-US: Strapi
+CVE-2020-27663
+ RESERVED
+CVE-2020-27662
+ RESERVED
+CVE-2020-27661 [divide by zero in dwc2_handle_packet() in hw/usb/hcd-dwc2.c]
+ RESERVED
+ - qemu <unfixed> (bug #972864)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html
+ NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03
+CVE-2020-27660
+ RESERVED
+CVE-2020-27659
+ RESERVED
+CVE-2020-27658
+ RESERVED
+CVE-2020-27657
+ RESERVED
+CVE-2020-27656
+ RESERVED
+CVE-2020-27655
+ RESERVED
+CVE-2020-27654
+ RESERVED
+CVE-2020-27653
+ RESERVED
+CVE-2020-27652
+ RESERVED
+CVE-2020-27651
+ RESERVED
+CVE-2020-27650
+ RESERVED
+CVE-2020-27649
+ RESERVED
+CVE-2020-27648
+ RESERVED
+CVE-2020-27647
+ RESERVED
+CVE-2020-27646 (Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1 ...)
+ NOT-FOR-US: Biscom Secure File Transfer (SFT)
+CVE-2020-27645
+ RESERVED
+CVE-2020-27644
+ RESERVED
+CVE-2020-27643
+ RESERVED
+CVE-2020-27642 (A cross-site scripting (XSS) vulnerability exists in the 'merge accoun ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27641
+ RESERVED
+CVE-2020-27640
+ RESERVED
+CVE-2020-27639
+ RESERVED
+CVE-2020-27637
+ RESERVED
+CVE-2020-27636
+ RESERVED
+CVE-2020-27635
+ RESERVED
+CVE-2020-27634
+ RESERVED
+CVE-2020-27633
+ RESERVED
+CVE-2020-27632
+ RESERVED
+CVE-2020-27631
+ RESERVED
+CVE-2020-27630
+ RESERVED
+CVE-2020-27629
+ RESERVED
+CVE-2020-27628
+ RESERVED
+CVE-2020-27627
+ RESERVED
+CVE-2020-27626
+ RESERVED
+CVE-2020-27625
+ RESERVED
+CVE-2020-27624
+ RESERVED
+CVE-2020-27623
+ RESERVED
+CVE-2020-27622
+ RESERVED
+CVE-2020-27621 (The FileImporter extension in MediaWiki through 1.35.0 was not properl ...)
+ NOT-FOR-US: MediaWiki extension
+CVE-2020-27620 (The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because Me ...)
+ NOT-FOR-US: MediaWiki extension
+CVE-2020-27619 (In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK ...)
+ - python3.9 <unfixed> (unimportant)
+ - python3.8 <unfixed> (unimportant)
+ - python3.7 <removed> (unimportant)
+ NOTE: https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html
+ NOTE: https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8 (master)
+ NOTE: https://github.com/python/cpython/commit/a8bf44d04915f7366d9f8dfbf84822ac37a4bab3 (master)
+ NOTE: https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794 (3.9)
+ NOTE: https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33 (3.8)
+ NOTE: https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9 (3.7)
+ NOTE: https://bugs.python.org/issue41944
+ NOTE: Only affects the testsuite
+CVE-2020-27618
+ RESERVED
+CVE-2020-27617
+ RESERVED
+CVE-2020-27616
+ RESERVED
+CVE-2020-27615 (The Loginizer plugin before 1.6.4 for WordPress allows SQL injection ( ...)
+ NOT-FOR-US: Loginizer plugin for WordPress
+CVE-2020-27614
+ RESERVED
+CVE-2020-27638 (receive.c in fastd before v21 allows denial of service (assertion fail ...)
+ {DLA-2414-1}
+ - fastd 21-1 (bug #972521)
+ [buster] - fastd <no-dsa> (Will be fixed via point release)
+ NOTE: https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea
+CVE-2020-27613 (The installation procedure in BigBlueButton before 2.2.17 uses ClueCon ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27612 (Greenlight in BigBlueButton through 2.2.28 places usernames in room UR ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27611 (BigBlueButton through 2.2.28 uses STUN/TURN resources from a third par ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27610 (The installation procedure in BigBlueButton before 2.2.28 (or earlier) ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27609 (BigBlueButton through 2.2.28 records a video meeting despite the deact ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27608 (In BigBlueButton before 2.2.6, uploaded presentations are sent to clie ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27607 (In BigBlueButton before 2.2.28 (or earlier), the client-side Mute butt ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27606 (BigBlueButton before 2.2.28 (or earlier) does not set the secure flag ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27605 (BigBlueButton through 2.2.28 uses Ghostscript for processing of upload ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27604 (BigBlueButton before 2.3 does not implement LibreOffice sandboxing. Th ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27603 (BigBlueButton before 2.2.27 has an unsafe JODConverter setting in whic ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27602 (BigBlueButton before 2.2.7 does not have a protection mechanism for se ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27601 (In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat do ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-27673 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
+ - linux <unfixed>
+ NOTE: https://xenbits.xen.org/xsa/advisory-332.html
+CVE-2020-27675 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
+ - linux <unfixed>
+ NOTE: https://xenbits.xen.org/xsa/advisory-331.html
+CVE-2020-27674 (An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS ...)
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-286.html
+CVE-2020-27672 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...)
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-345.html
+CVE-2020-27671 (An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH ...)
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-346.html
+CVE-2020-27670 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...)
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-347.html
+CVE-2020-27600
+ RESERVED
+CVE-2020-27599
+ RESERVED
+CVE-2020-27598
+ RESERVED
+CVE-2020-27597
+ RESERVED
+CVE-2020-27596
+ RESERVED
+CVE-2020-27595
+ RESERVED
+CVE-2020-27594
+ RESERVED
+CVE-2020-27593
+ RESERVED
+CVE-2020-27592
+ RESERVED
+CVE-2020-27591
+ RESERVED
+CVE-2020-27590
+ RESERVED
+CVE-2020-27589
+ RESERVED
+CVE-2020-27588
+ RESERVED
+CVE-2020-27587
+ RESERVED
+CVE-2020-27586
+ RESERVED
+CVE-2020-27585
+ RESERVED
+CVE-2020-27584
+ RESERVED
+CVE-2020-27583
+ RESERVED
+CVE-2020-27582
+ RESERVED
+CVE-2020-27581
+ RESERVED
+CVE-2020-27580
+ RESERVED
+CVE-2020-27579
+ RESERVED
+CVE-2020-27578
+ RESERVED
+CVE-2020-27577
+ RESERVED
+CVE-2020-27576
+ RESERVED
+CVE-2020-27575
+ RESERVED
+CVE-2020-27574
+ RESERVED
+CVE-2020-27573
+ RESERVED
+CVE-2020-27572
+ RESERVED
+CVE-2020-27571
+ RESERVED
+CVE-2020-27570
+ RESERVED
+CVE-2020-27569
+ RESERVED
+CVE-2020-27568
+ RESERVED
+CVE-2020-27567
+ RESERVED
+CVE-2020-27566
+ RESERVED
+CVE-2020-27565
+ RESERVED
+CVE-2020-27564
+ RESERVED
+CVE-2020-27563
+ RESERVED
+CVE-2020-27562
+ RESERVED
+CVE-2020-27561
+ RESERVED
+CVE-2020-27560 (ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames i ...)
+ - imagemagick <unfixed> (bug #972797)
+ [buster] - imagemagick <ignored> (Minor issue)
+ [stretch] - imagemagick <no-dsa> (Minor issue)
+ NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ef59bd764f88d893f1219fee8ba696a5d3f8c1c4
+ NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6e3b13c7ef94d72b40fba91987897c4326717a46
+CVE-2020-27559
+ RESERVED
+CVE-2020-27558
+ RESERVED
+CVE-2020-27557
+ RESERVED
+CVE-2020-27556
+ RESERVED
+CVE-2020-27555
+ RESERVED
+CVE-2020-27554
+ RESERVED
+CVE-2020-27553
+ RESERVED
+CVE-2020-27552
+ RESERVED
+CVE-2020-27551
+ RESERVED
+CVE-2020-27550
+ RESERVED
+CVE-2020-27549
+ RESERVED
+CVE-2020-27548
+ RESERVED
+CVE-2020-27547
+ RESERVED
+CVE-2020-27546
+ RESERVED
+CVE-2020-27545
+ RESERVED
+CVE-2020-27544
+ RESERVED
+CVE-2020-27543
+ RESERVED
+CVE-2020-27542
+ RESERVED
+CVE-2020-27541
+ RESERVED
+CVE-2020-27540
+ RESERVED
+CVE-2020-27539
+ RESERVED
+CVE-2020-27538
+ RESERVED
+CVE-2020-27537
+ RESERVED
+CVE-2020-27536
+ RESERVED
+CVE-2020-27535
+ RESERVED
+CVE-2020-27534
+ RESERVED
+CVE-2020-27533 (A Cross Site Scripting (XSS) issue was discovered in the search featur ...)
+ NOT-FOR-US: DedeCMS
+CVE-2020-27532
+ RESERVED
+CVE-2020-27531
+ RESERVED
+CVE-2020-27530
+ RESERVED
+CVE-2020-27529
+ RESERVED
+CVE-2020-27528
+ RESERVED
+CVE-2020-27527
+ RESERVED
+CVE-2020-27526
+ RESERVED
+CVE-2020-27525
+ RESERVED
+CVE-2020-27524
+ RESERVED
+CVE-2020-27523
+ RESERVED
+CVE-2020-27522
+ RESERVED
+CVE-2020-27521
+ RESERVED
+CVE-2020-27520
+ RESERVED
+CVE-2020-27519
+ RESERVED
+CVE-2020-27518
+ RESERVED
+CVE-2020-27517
+ RESERVED
+CVE-2020-27516
+ RESERVED
+CVE-2020-27515
+ RESERVED
+CVE-2020-27514
+ RESERVED
+CVE-2020-27513
+ RESERVED
+CVE-2020-27512
+ RESERVED
+CVE-2020-27511
+ RESERVED
+CVE-2020-27510
+ RESERVED
+CVE-2020-27509
+ RESERVED
+CVE-2020-27508
+ RESERVED
+CVE-2020-27507
+ RESERVED
+CVE-2020-27506
+ RESERVED
+CVE-2020-27505
+ RESERVED
+CVE-2020-27504
+ RESERVED
+CVE-2020-27503
+ RESERVED
+CVE-2020-27502
+ RESERVED
+CVE-2020-27501
+ RESERVED
+CVE-2020-27500
+ RESERVED
+CVE-2020-27499
+ RESERVED
+CVE-2020-27498
+ RESERVED
+CVE-2020-27497
+ RESERVED
+CVE-2020-27496
+ RESERVED
+CVE-2020-27495
+ RESERVED
+CVE-2020-27494
+ RESERVED
+CVE-2020-27493
+ RESERVED
+CVE-2020-27492
+ RESERVED
+CVE-2020-27491
+ RESERVED
+CVE-2020-27490
+ RESERVED
+CVE-2020-27489
+ RESERVED
+CVE-2020-27488
+ RESERVED
+CVE-2020-27487
+ RESERVED
+CVE-2020-27486
+ RESERVED
+CVE-2020-27485
+ RESERVED
+CVE-2020-27484
+ RESERVED
+CVE-2020-27483
+ RESERVED
+CVE-2020-27482
+ RESERVED
+CVE-2020-27481
+ RESERVED
+CVE-2020-27480
+ RESERVED
+CVE-2020-27479
+ RESERVED
+CVE-2020-27478
+ RESERVED
+CVE-2020-27477
+ RESERVED
+CVE-2020-27476
+ RESERVED
+CVE-2020-27475
+ RESERVED
+CVE-2020-27474
+ RESERVED
+CVE-2020-27473
+ RESERVED
+CVE-2020-27472
+ RESERVED
+CVE-2020-27471
+ RESERVED
+CVE-2020-27470
+ RESERVED
+CVE-2020-27469
+ RESERVED
+CVE-2020-27468
+ RESERVED
+CVE-2020-27467
+ RESERVED
+CVE-2020-27466
+ RESERVED
+CVE-2020-27465
+ RESERVED
+CVE-2020-27464
+ RESERVED
+CVE-2020-27463
+ RESERVED
+CVE-2020-27462
+ RESERVED
+CVE-2020-27461
+ RESERVED
+CVE-2020-27460
+ RESERVED
+CVE-2020-27459
+ RESERVED
+CVE-2020-27458
+ RESERVED
+CVE-2020-27457
+ RESERVED
+CVE-2020-27456
+ RESERVED
+CVE-2020-27455
+ RESERVED
+CVE-2020-27454
+ RESERVED
+CVE-2020-27453
+ RESERVED
+CVE-2020-27452
+ RESERVED
+CVE-2020-27451
+ RESERVED
+CVE-2020-27450
+ RESERVED
+CVE-2020-27449
+ RESERVED
+CVE-2020-27448
+ RESERVED
+CVE-2020-27447
+ RESERVED
+CVE-2020-27446
+ RESERVED
+CVE-2020-27445
+ RESERVED
+CVE-2020-27444
+ RESERVED
+CVE-2020-27443
+ RESERVED
+CVE-2020-27442
+ RESERVED
+CVE-2020-27441
+ RESERVED
+CVE-2020-27440
+ RESERVED
+CVE-2020-27439
+ RESERVED
+CVE-2020-27438
+ RESERVED
+CVE-2020-27437
+ RESERVED
+CVE-2020-27436
+ RESERVED
+CVE-2020-27435
+ RESERVED
+CVE-2020-27434
+ RESERVED
+CVE-2020-27433
+ RESERVED
+CVE-2020-27432
+ RESERVED
+CVE-2020-27431
+ RESERVED
+CVE-2020-27430
+ RESERVED
+CVE-2020-27429
+ RESERVED
+CVE-2020-27428
+ RESERVED
+CVE-2020-27427
+ RESERVED
+CVE-2020-27426
+ RESERVED
+CVE-2020-27425
+ RESERVED
+CVE-2020-27424
+ RESERVED
+CVE-2020-27423
+ RESERVED
+CVE-2020-27422
+ RESERVED
+CVE-2020-27421
+ RESERVED
+CVE-2020-27420
+ RESERVED
+CVE-2020-27419
+ RESERVED
+CVE-2020-27418
+ RESERVED
+CVE-2020-27417
+ RESERVED
+CVE-2020-27416
+ RESERVED
+CVE-2020-27415
+ RESERVED
+CVE-2020-27414
+ RESERVED
+CVE-2020-27413
+ RESERVED
+CVE-2020-27412
+ RESERVED
+CVE-2020-27411
+ RESERVED
+CVE-2020-27410
+ RESERVED
+CVE-2020-27409
+ RESERVED
+CVE-2020-27408
+ RESERVED
+CVE-2020-27407
+ RESERVED
+CVE-2020-27406
+ RESERVED
+CVE-2020-27405
+ RESERVED
+CVE-2020-27404
+ RESERVED
+CVE-2020-27403
+ RESERVED
+CVE-2020-27402
+ RESERVED
+CVE-2020-27401
+ RESERVED
+CVE-2020-27400
+ RESERVED
+CVE-2020-27399
+ RESERVED
+CVE-2020-27398
+ RESERVED
+CVE-2020-27397
+ RESERVED
+CVE-2020-27396
+ RESERVED
+CVE-2020-27395
+ RESERVED
+CVE-2020-27394
+ RESERVED
+CVE-2020-27393
+ RESERVED
+CVE-2020-27392
+ RESERVED
+CVE-2020-27391
+ RESERVED
+CVE-2020-27390
+ RESERVED
+CVE-2020-27389
+ RESERVED
+CVE-2020-27388 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in th ...)
+ NOT-FOR-US: YOURLS Admin Panel
+CVE-2020-27387
+ RESERVED
+CVE-2020-27386
+ RESERVED
+CVE-2020-27385
+ RESERVED
+CVE-2020-27384
+ RESERVED
+CVE-2020-27383
+ RESERVED
+CVE-2020-27382
+ RESERVED
+CVE-2020-27381
+ RESERVED
+CVE-2020-27380
+ RESERVED
+CVE-2020-27379
+ RESERVED
+CVE-2020-27378
+ RESERVED
+CVE-2020-27377
+ RESERVED
+CVE-2020-27376
+ RESERVED
+CVE-2020-27375
+ RESERVED
+CVE-2020-27374
+ RESERVED
+CVE-2020-27373
+ RESERVED
+CVE-2020-27372
+ RESERVED
+CVE-2020-27371
+ RESERVED
+CVE-2020-27370
+ RESERVED
+CVE-2020-27369
+ RESERVED
+CVE-2020-27368
+ RESERVED
+CVE-2020-27367
+ RESERVED
+CVE-2020-27366
+ RESERVED
+CVE-2020-27365
+ RESERVED
+CVE-2020-27364
+ RESERVED
+CVE-2020-27363
+ RESERVED
+CVE-2020-27362
+ RESERVED
+CVE-2020-27361
+ RESERVED
+CVE-2020-27360
+ RESERVED
+CVE-2020-27359
+ RESERVED
+CVE-2020-27358
+ RESERVED
+CVE-2020-27357
+ RESERVED
+CVE-2020-27356
+ RESERVED
+CVE-2020-27355
+ RESERVED
+CVE-2020-27354
+ RESERVED
+CVE-2020-27353
+ RESERVED
+CVE-2020-27352
+ RESERVED
+CVE-2020-27351
+ RESERVED
+CVE-2020-27350
+ RESERVED
+CVE-2020-27349
+ RESERVED
+CVE-2020-27348
+ RESERVED
+CVE-2020-27347
+ RESERVED
+CVE-2020-27346
+ RESERVED
+CVE-2020-27345
+ RESERVED
+CVE-2020-27344 (The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. ...)
+ NOT-FOR-US: cm-download-manager plugin for WordPress
+CVE-2020-27343
+ RESERVED
+CVE-2020-27342
+ RESERVED
+CVE-2020-27341
+ RESERVED
+CVE-2020-27340
+ RESERVED
+CVE-2020-27339
+ RESERVED
+CVE-2020-27338
+ RESERVED
+CVE-2020-27337
+ RESERVED
+CVE-2020-27336
+ RESERVED
+CVE-2020-27335
+ RESERVED
+CVE-2020-27334
+ RESERVED
+CVE-2020-27333
+ RESERVED
+CVE-2020-27332
+ RESERVED
+CVE-2020-27331
+ RESERVED
+CVE-2020-27330
+ RESERVED
+CVE-2020-27329
+ RESERVED
+CVE-2020-27328
+ RESERVED
+CVE-2020-27327
+ RESERVED
+CVE-2020-27326
+ RESERVED
+CVE-2020-27325
+ RESERVED
+CVE-2020-27324
+ RESERVED
+CVE-2020-27323
+ RESERVED
+CVE-2020-27322
+ RESERVED
+CVE-2020-27321
+ RESERVED
+CVE-2020-27320
+ RESERVED
+CVE-2020-27319
+ RESERVED
+CVE-2020-27318
+ RESERVED
+CVE-2020-27317
+ RESERVED
+CVE-2020-27316
+ RESERVED
+CVE-2020-27315
+ RESERVED
+CVE-2020-27314
+ RESERVED
+CVE-2020-27313
+ RESERVED
+CVE-2020-27312
+ RESERVED
+CVE-2020-27311
+ RESERVED
+CVE-2020-27310
+ RESERVED
+CVE-2020-27309
+ RESERVED
+CVE-2020-27308
+ RESERVED
+CVE-2020-27307
+ RESERVED
+CVE-2020-27306
+ RESERVED
+CVE-2020-27305
+ RESERVED
+CVE-2020-27304
+ RESERVED
+CVE-2020-27303
+ RESERVED
+CVE-2020-27302
+ RESERVED
+CVE-2020-27301
+ RESERVED
+CVE-2020-27300
+ RESERVED
+CVE-2020-27299
+ RESERVED
+CVE-2020-27298
+ RESERVED
+CVE-2020-27297
+ RESERVED
+CVE-2020-27296
+ RESERVED
+CVE-2020-27295
+ RESERVED
+CVE-2020-27294
+ RESERVED
+CVE-2020-27293
+ RESERVED
+CVE-2020-27292
+ RESERVED
+CVE-2020-27291
+ RESERVED
+CVE-2020-27290
+ RESERVED
+CVE-2020-27289
+ RESERVED
+CVE-2020-27288
+ RESERVED
+CVE-2020-27287
+ RESERVED
+CVE-2020-27286
+ RESERVED
+CVE-2020-27285
+ RESERVED
+CVE-2020-27284
+ RESERVED
+CVE-2020-27283
+ RESERVED
+CVE-2020-27282
+ RESERVED
+CVE-2020-27281
+ RESERVED
+CVE-2020-27280
+ RESERVED
+CVE-2020-27279
+ RESERVED
+CVE-2020-27278
+ RESERVED
+CVE-2020-27277
+ RESERVED
+CVE-2020-27276
+ RESERVED
+CVE-2020-27275
+ RESERVED
+CVE-2020-27274
+ RESERVED
+CVE-2020-27273
+ RESERVED
+CVE-2020-27272
+ RESERVED
+CVE-2020-27271
+ RESERVED
+CVE-2020-27270
+ RESERVED
+CVE-2020-27269
+ RESERVED
+CVE-2020-27268
+ RESERVED
+CVE-2020-27267
+ RESERVED
+CVE-2020-27266
+ RESERVED
+CVE-2020-27265
+ RESERVED
+CVE-2020-27264
+ RESERVED
+CVE-2020-27263
+ RESERVED
+CVE-2020-27262
+ RESERVED
+CVE-2020-27261
+ RESERVED
+CVE-2020-27260
+ RESERVED
+CVE-2020-27259
+ RESERVED
+CVE-2020-27258
+ RESERVED
+CVE-2020-27257
+ RESERVED
+CVE-2020-27256
+ RESERVED
+CVE-2020-27255
+ RESERVED
+CVE-2020-27254
+ RESERVED
+CVE-2020-27253
+ RESERVED
+CVE-2020-27252
+ RESERVED
+CVE-2020-27251
+ RESERVED
+CVE-2020-27250
+ RESERVED
+CVE-2020-27249
+ RESERVED
+CVE-2020-27248
+ RESERVED
+CVE-2020-27247
+ RESERVED
+CVE-2020-27246
+ RESERVED
+CVE-2020-27245
+ RESERVED
+CVE-2020-27244
+ RESERVED
+CVE-2020-27243
+ RESERVED
+CVE-2020-27242
+ RESERVED
+CVE-2020-27241
+ RESERVED
+CVE-2020-27240
+ RESERVED
+CVE-2020-27239
+ RESERVED
+CVE-2020-27238
+ RESERVED
+CVE-2020-27237
+ RESERVED
+CVE-2020-27236
+ RESERVED
+CVE-2020-27235
+ RESERVED
+CVE-2020-27234
+ RESERVED
+CVE-2020-27233
+ RESERVED
+CVE-2020-27232
+ RESERVED
+CVE-2020-27231
+ RESERVED
+CVE-2020-27230
+ RESERVED
+CVE-2020-27229
+ RESERVED
+CVE-2020-27228
+ RESERVED
+CVE-2020-27227
+ RESERVED
+CVE-2020-27226
+ RESERVED
+CVE-2020-27225
+ RESERVED
+CVE-2020-27224
+ RESERVED
+CVE-2020-27223
+ RESERVED
+CVE-2020-27222
+ RESERVED
+CVE-2020-27221
+ RESERVED
+CVE-2020-27220
+ RESERVED
+CVE-2020-27219
+ RESERVED
+CVE-2020-27218
+ RESERVED
+CVE-2020-27217
+ RESERVED
+CVE-2020-27216 (In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thr ...)
+ - jetty9 9.4.33-1
+ [stretch] - jetty9 <no-dsa> (Minor issue)
+ - jetty8 <removed>
+ - jetty <removed>
+ NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921
+ NOTE: https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb
+ NOTE: https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f
+ NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6
+CVE-2020-27215
+ RESERVED
+CVE-2020-27214
+ RESERVED
+CVE-2020-27213
+ RESERVED
+CVE-2020-27212
+ RESERVED
+CVE-2020-27211
+ RESERVED
+CVE-2020-27210
+ RESERVED
+CVE-2020-27209
+ RESERVED
+CVE-2020-27208
+ RESERVED
+CVE-2020-27207
+ RESERVED
+CVE-2020-27206
+ RESERVED
+CVE-2020-27205
+ RESERVED
+CVE-2020-27204
+ RESERVED
+CVE-2020-27203
+ RESERVED
+CVE-2020-27202
+ RESERVED
+CVE-2020-27201
+ RESERVED
+CVE-2020-27200
+ RESERVED
+CVE-2020-27199
+ RESERVED
+CVE-2020-27198
+ RESERVED
+CVE-2020-27197 (** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ O ...)
+ NOT-FOR-US: TAXII libtaxii
+CVE-2020-27196
+ RESERVED
+CVE-2020-27195 (HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client ...)
+ - nomad <unfixed> (bug #972795)
+ NOTE: https://github.com/hashicorp/nomad/issues/9129
+ NOTE: https://github.com/hashicorp/nomad/commit/a8ea7c5f421297db434b45046fca7a9deef6df85 (0.12.6)
+CVE-2020-27193
+ RESERVED
+CVE-2020-27192
+ RESERVED
+CVE-2020-27191
+ RESERVED
+CVE-2020-27194 (An issue was discovered in the Linux kernel before 5.8.15. scalar32_mi ...)
+ - linux 5.9.1-1
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://git.kernel.org/linus/5b9fbeb75b6a98955f628e205ac26689bcb1383e
+CVE-2020-27190
+ RESERVED
+CVE-2020-27189
+ RESERVED
+CVE-2020-27188
+ RESERVED
+CVE-2020-27187 (An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. T ...)
+ - kpmcore 4.2.0-1
+ [buster] - kpmcore <not-affected> (kpmcore_externalcommand not yet present)
+ [stretch] - kpmcore <not-affected> (kpmcore_externalcommand not yet present)
+ NOTE: https://kde.org/info/security/advisory-20201017-1.txt
+ NOTE: https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed (fix)
+ NOTE: https://invent.kde.org/system/kpmcore/-/commit/7ec4b611dcf822439b081613cca4184689266454 (removes KF5 5.73 dependency)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1890199
+CVE-2020-27186
+ RESERVED
+CVE-2020-27185
+ RESERVED
+CVE-2020-27184
+ RESERVED
+CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in konzept-ix p ...)
+ NOT-FOR-US: konzept-ix publiXone
+CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publ ...)
+ NOT-FOR-US: konzept-ix publiXone
+CVE-2020-27181 (A hardcoded AES key in CipherUtils.java in the Java applet of konzept- ...)
+ NOT-FOR-US: konzept-ix publiXone
+CVE-2020-27180 (konzept-ix publiXone before 2020.015 allows attackers to download file ...)
+ NOT-FOR-US: konzept-ix publiXone
+CVE-2020-27179 (konzept-ix publiXone before 2020.015 allows attackers to take over arb ...)
+ NOT-FOR-US: konzept-ix publiXone
+CVE-2020-27178 (Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4 ...)
+ NOT-FOR-US: Apereo CAS
+CVE-2020-27177
+ RESERVED
+CVE-2020-27176 (Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote C ...)
+ NOT-FOR-US: Mark Text
+CVE-2020-27175
+ RESERVED
+CVE-2020-27174 (In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the ...)
+ NOT-FOR-US: Firecracker
+CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow to unlimi ...)
+ NOT-FOR-US: vm-superio
+CVE-2020-27172
+ RESERVED
+CVE-2020-27171
+ RESERVED
+CVE-2020-27170
+ RESERVED
+CVE-2020-27169
+ RESERVED
+CVE-2020-27168
+ RESERVED
+CVE-2020-27167
+ RESERVED
+CVE-2020-27166
+ RESERVED
+CVE-2020-27165
+ RESERVED
+CVE-2020-27164
+ RESERVED
+CVE-2020-27163 (phpRedisAdmin before 1.13.2 allows XSS via the login.php username para ...)
+ NOT-FOR-US: phpRedisAdmin
+CVE-2020-27162
+ RESERVED
+CVE-2020-27161
+ RESERVED
+CVE-2020-27160
+ RESERVED
+CVE-2020-27159
+ RESERVED
+CVE-2020-27158
+ RESERVED
+CVE-2020-27157 (Veritas APTARE versions prior to 10.5 included code that bypassed the ...)
+ NOT-FOR-US: Veritas
+CVE-2020-27156 (Veritas APTARE versions prior to 10.5 did not perform adequate authori ...)
+ NOT-FOR-US: Veritas
+CVE-2020-27155 (An issue was discovered in Octopus Deploy through 2020.4.4. If enabled ...)
+ NOT-FOR-US: Octopus Deploy
+CVE-2020-27154
+ RESERVED
+CVE-2020-27152 [KVM: host stack overflow due to lazy update IOAPIC]
+ RESERVED
+ - linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerable code not present)
+ [stretch] - linux <not-affected> (Vulnerable code not present)
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888886
+ NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=208767
+CVE-2020-27151
+ RESERVED
+CVE-2020-27153 (In BlueZ before 5.55, a double free was found in the gatttool disconne ...)
+ {DLA-2410-1}
+ - bluez 5.55-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1884817
+ NOTE: https://github.com/bluez/bluez/commit/1cd644db8c23a2f530ddb93cebed7dacc5f5721a
+CVE-2020-27150
+ RESERVED
+CVE-2020-27149
+ RESERVED
+CVE-2020-27148
+ RESERVED
+CVE-2020-27147
+ RESERVED
+CVE-2020-27146
+ RESERVED
+CVE-2020-27145
+ RESERVED
+CVE-2020-27144
+ RESERVED
+CVE-2020-27143
+ RESERVED
+CVE-2020-27142
+ RESERVED
+CVE-2020-27141
+ RESERVED
+CVE-2020-27140
+ RESERVED
+CVE-2020-27139
+ RESERVED
+CVE-2020-27138
+ RESERVED
+CVE-2020-27137
+ RESERVED
+CVE-2020-27136
+ RESERVED
+CVE-2020-27135
+ RESERVED
+CVE-2020-27134
+ RESERVED
+CVE-2020-27133
+ RESERVED
+CVE-2020-27132
+ RESERVED
+CVE-2020-27131
+ RESERVED
+CVE-2020-27130
+ RESERVED
+CVE-2020-27129
+ RESERVED
+CVE-2020-27128
+ RESERVED
+CVE-2020-27127
+ RESERVED
+CVE-2020-27126
+ RESERVED
+CVE-2020-27125
+ RESERVED
+CVE-2020-27124
+ RESERVED
+CVE-2020-27123
+ RESERVED
+CVE-2020-27122
+ RESERVED
+CVE-2020-27121
+ RESERVED
+CVE-2020-27120
+ RESERVED
+CVE-2020-27119
+ RESERVED
+CVE-2020-27118
+ RESERVED
+CVE-2020-27117
+ RESERVED
+CVE-2020-27116
+ RESERVED
+CVE-2020-27115
+ RESERVED
+CVE-2020-27114
+ RESERVED
+CVE-2020-27113
+ RESERVED
+CVE-2020-27112
+ RESERVED
+CVE-2020-27111
+ RESERVED
+CVE-2020-27110
+ RESERVED
+CVE-2020-27109
+ RESERVED
+CVE-2020-27108
+ RESERVED
+CVE-2020-27107
+ RESERVED
+CVE-2020-27106
+ RESERVED
+CVE-2020-27105
+ RESERVED
+CVE-2020-27104
+ RESERVED
+CVE-2020-27103
+ RESERVED
+CVE-2020-27102
+ RESERVED
+CVE-2020-27101
+ RESERVED
+CVE-2020-27100
+ RESERVED
+CVE-2020-27099
+ RESERVED
+CVE-2020-27098
+ RESERVED
+CVE-2020-27097
+ RESERVED
+CVE-2020-27096
+ RESERVED
+CVE-2020-27095
+ RESERVED
+CVE-2020-27094
+ RESERVED
+CVE-2020-27093
+ RESERVED
+CVE-2020-27092
+ RESERVED
+CVE-2020-27091
+ RESERVED
+CVE-2020-27090
+ RESERVED
+CVE-2020-27089
+ RESERVED
+CVE-2020-27088
+ RESERVED
+CVE-2020-27087
+ RESERVED
+CVE-2020-27086
+ RESERVED
+CVE-2020-27085
+ RESERVED
+CVE-2020-27084
+ RESERVED
+CVE-2020-27083
+ RESERVED
+CVE-2020-27082
+ RESERVED
+CVE-2020-27081
+ RESERVED
+CVE-2020-27080
+ RESERVED
+CVE-2020-27079
+ RESERVED
+CVE-2020-27078
+ RESERVED
+CVE-2020-27077
+ RESERVED
+CVE-2020-27076
+ RESERVED
+CVE-2020-27075
+ RESERVED
+CVE-2020-27074
+ RESERVED
+CVE-2020-27073
+ RESERVED
+CVE-2020-27072
+ RESERVED
+CVE-2020-27071
+ RESERVED
+CVE-2020-27070
+ RESERVED
+CVE-2020-27069
+ RESERVED
+CVE-2020-27068
+ RESERVED
+CVE-2020-27067
+ RESERVED
+CVE-2020-27066
+ RESERVED
+CVE-2020-27065
+ RESERVED
+CVE-2020-27064
+ RESERVED
+CVE-2020-27063
+ RESERVED
+CVE-2020-27062
+ RESERVED
+CVE-2020-27061
+ RESERVED
+CVE-2020-27060
+ RESERVED
+CVE-2020-27059
+ RESERVED
+CVE-2020-27058
+ RESERVED
+CVE-2020-27057
+ RESERVED
+CVE-2020-27056
+ RESERVED
+CVE-2020-27055
+ RESERVED
+CVE-2020-27054
+ RESERVED
+CVE-2020-27053
+ RESERVED
+CVE-2020-27052
+ RESERVED
+CVE-2020-27051
+ RESERVED
+CVE-2020-27050
+ RESERVED
+CVE-2020-27049
+ RESERVED
+CVE-2020-27048
+ RESERVED
+CVE-2020-27047
+ RESERVED
+CVE-2020-27046
+ RESERVED
+CVE-2020-27045
+ RESERVED
+CVE-2020-27044
+ RESERVED
+CVE-2020-27043
+ RESERVED
+CVE-2020-27042
+ RESERVED
+CVE-2020-27041
+ RESERVED
+CVE-2020-27040
+ RESERVED
+CVE-2020-27039
+ RESERVED
+CVE-2020-27038
+ RESERVED
+CVE-2020-27037
+ RESERVED
+CVE-2020-27036
+ RESERVED
+CVE-2020-27035
+ RESERVED
+CVE-2020-27034
+ RESERVED
+CVE-2020-27033
+ RESERVED
+CVE-2020-27032
+ RESERVED
+CVE-2020-27031
+ RESERVED
+CVE-2020-27030
+ RESERVED
+CVE-2020-27029
+ RESERVED
+CVE-2020-27028
+ RESERVED
+CVE-2020-27027
+ RESERVED
+CVE-2020-27026
+ RESERVED
+CVE-2020-27025
+ RESERVED
+CVE-2020-27024
+ RESERVED
+CVE-2020-27023
+ RESERVED
+CVE-2020-27022
+ RESERVED
+CVE-2020-27021
+ RESERVED
+CVE-2020-27020
+ RESERVED
+CVE-2020-27019
+ RESERVED
+CVE-2020-27018
+ RESERVED
+CVE-2020-27017
+ RESERVED
+CVE-2020-27016
+ RESERVED
+CVE-2020-27015
+ RESERVED
+CVE-2020-27014
+ RESERVED
+CVE-2020-27013 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-27012
+ RESERVED
+CVE-2020-27011
+ RESERVED
+CVE-2020-27010
+ RESERVED
+CVE-2020-27009
+ RESERVED
+CVE-2020-27008
+ RESERVED
+CVE-2020-27007
+ RESERVED
+CVE-2020-27006
+ RESERVED
+CVE-2020-27005
+ RESERVED
+CVE-2020-27004
+ RESERVED
+CVE-2020-27003
+ RESERVED
+CVE-2020-27002
+ RESERVED
+CVE-2020-27001
+ RESERVED
+CVE-2020-27000
+ RESERVED
+CVE-2020-26999
+ RESERVED
+CVE-2020-26998
+ RESERVED
+CVE-2020-26997
+ RESERVED
+CVE-2020-26996
+ RESERVED
+CVE-2020-26995
+ RESERVED
+CVE-2020-26994
+ RESERVED
+CVE-2020-26993
+ RESERVED
+CVE-2020-26992
+ RESERVED
+CVE-2020-26991
+ RESERVED
+CVE-2020-26990
+ RESERVED
+CVE-2020-26989
+ RESERVED
+CVE-2020-26988
+ RESERVED
+CVE-2020-26987
+ RESERVED
+CVE-2020-26986
+ RESERVED
+CVE-2020-26985
+ RESERVED
+CVE-2020-26984
+ RESERVED
+CVE-2020-26983
+ RESERVED
+CVE-2020-26982
+ RESERVED
+CVE-2020-26981
+ RESERVED
+CVE-2020-26980
+ RESERVED
+CVE-2020-26979
+ RESERVED
+CVE-2020-26978
+ RESERVED
+CVE-2020-26977
+ RESERVED
+CVE-2020-26976
+ RESERVED
+CVE-2020-26975
+ RESERVED
+CVE-2020-26974
+ RESERVED
+CVE-2020-26973
+ RESERVED
+CVE-2020-26972
+ RESERVED
+CVE-2020-26971
+ RESERVED
+CVE-2020-26970
+ RESERVED
+CVE-2020-26969
+ RESERVED
+CVE-2020-26968
+ RESERVED
+CVE-2020-26967
+ RESERVED
+CVE-2020-26966
+ RESERVED
+CVE-2020-26965
+ RESERVED
+CVE-2020-26964
+ RESERVED
+CVE-2020-26963
+ RESERVED
+CVE-2020-26962
+ RESERVED
+CVE-2020-26961
+ RESERVED
+CVE-2020-26960
+ RESERVED
+CVE-2020-26959
+ RESERVED
+CVE-2020-26958
+ RESERVED
+CVE-2020-26957
+ RESERVED
+CVE-2020-26956
+ RESERVED
+CVE-2020-26955
+ RESERVED
+CVE-2020-26954
+ RESERVED
+CVE-2020-26953
+ RESERVED
+CVE-2020-26952
+ RESERVED
+CVE-2020-26951
+ RESERVED
+CVE-2020-26950
+ RESERVED
+CVE-2020-26949
+ RESERVED
+CVE-2020-26948 (Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ...)
+ NOT-FOR-US: Emby Server
+CVE-2020-26947 (monero-wallet-gui in Monero GUI 0.17.0.1 includes the . directory in a ...)
+ NOT-FOR-US: monero-wallet-gui
+CVE-2020-26946
+ RESERVED
+CVE-2020-26945 (MyBatis before 3.5.6 mishandles deserialization of object streams. ...)
+ NOT-FOR-US: MyBatis
+CVE-2020-26944 (An issue was discovered in Aptean Product Configurator 4.61.0000 on Wi ...)
+ NOT-FOR-US: Aptean
+CVE-2020-26943 (An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2. ...)
+ NOT-FOR-US: blazar-dashboard
+CVE-2020-26942
+ RESERVED
+CVE-2020-26941
+ RESERVED
+CVE-2020-26940
+ RESERVED
+CVE-2020-26939
+ RESERVED
+CVE-2020-26938
+ RESERVED
+CVE-2020-26937
+ RESERVED
+CVE-2020-26936
+ RESERVED
+CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin before 4.9.6 ...)
+ {DLA-2413-1}
+ - phpmyadmin 4:4.9.7+dfsg1-1 (bug #972000)
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2020-6/
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d09ab9bc9d634ad08b866d42bb8c4109869d38d2
+CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the tr ...)
+ {DLA-2413-1}
+ - phpmyadmin 4:4.9.7+dfsg1-1 (bug #971999)
+ NOTE: https://www.phpmyadmin.net/security/PMASA-2020-5/
+ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/19df63b0365621427697edc185ff7c9c5707c523
+CVE-2020-26933
+ RESERVED
+CVE-2020-26931 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26930 (NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect conf ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26929 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26928 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26927 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26926 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26925 (NETGEAR GS808E devices before 1.7.1.0 are affected by denial of servic ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26924 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26923 (Certain NETGEAR devices are affected by stored XSS. This affects WC750 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26922 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26921 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26920 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26919 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of acces ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26918 (Certain NETGEAR devices are affected by stored XSS. This affects EX700 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26917 (Certain NETGEAR devices are affected by stored XSS. This affects EX700 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26916 (Certain NETGEAR devices are affected by incorrect configuration of sec ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26915 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26914 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26913 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26912 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26911 (Certain NETGEAR devices are affected by lack of access control at the ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26910 (Certain NETGEAR devices are affected by command injection by an authen ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26909 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26908 (Certain NETGEAR devices are affected by authentication bypass. This af ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26907 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26906 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26905 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26904 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26903 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26902 (Certain NETGEAR devices are affected by command injection by an unauth ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26901 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26900 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26899 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26898 (NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect config ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26897 (Certain NETGEAR devices are affected by disclosure of administrative c ...)
+ NOT-FOR-US: Netgear
+CVE-2020-26896 (Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerabili ...)
+ - lnd <itp> (bug #886577)
+CVE-2020-26895 (Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accept ...)
+ - lnd <itp> (bug #886577)
+CVE-2020-26894 (LiveCode v9.6.1 on Windows allows local, low-privileged users to gain ...)
+ NOT-FOR-US: New Millennium
+CVE-2020-26893 (An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor c ...)
+ NOT-FOR-US: ClamXAV
+CVE-2020-26892
+ RESERVED
+CVE-2020-26891 (AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS d ...)
+ - matrix-synapse 1.21.1-1
+ NOTE: https://github.com/matrix-org/synapse/pull/8444
+CVE-2020-26890
+ RESERVED
+CVE-2020-26889
+ RESERVED
+CVE-2020-26888
+ RESERVED
+CVE-2020-26887 (FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Reb ...)
+ NOT-FOR-US: Fritz OS
+CVE-2020-26886
+ RESERVED
+CVE-2020-26885
+ RESERVED
+CVE-2020-26884
+ RESERVED
+CVE-2020-26883
+ RESERVED
+CVE-2020-26882
+ RESERVED
+CVE-2020-26881
+ RESERVED
+CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation from the s ...)
+ - sympa <unfixed> (bug #972114)
+ [buster] - sympa <postponed> (Revisit when fixed upstream)
+ NOTE: https://github.com/sympa-community/sympa/issues/1009
+ NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420
+ NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235
+CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded ...)
+ NOT-FOR-US: Ruckus
+CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injection. An ...)
+ NOT-FOR-US: Ruckus
+CVE-2020-26877
+ RESERVED
+CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2020-26875
+ RESERVED
+CVE-2020-26874
+ RESERVED
+CVE-2020-26873
+ RESERVED
+CVE-2020-26872
+ RESERVED
+CVE-2020-26871
+ RESERVED
+CVE-2020-26870 (Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs becaus ...)
+ - dompurify.js <removed>
+ NOTE: https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/
+CVE-2020-26869 (An information exposure vulnerability exists in PcVue 12, allowing a n ...)
+ NOT-FOR-US: PcVue
+CVE-2020-26868 (A Denial Of Service vulnerability exists in PcVue from version 8.10 on ...)
+ NOT-FOR-US: PcVue
+CVE-2020-26867 (A Remote Code Execution vulnerability exists in PcVue from version 8.1 ...)
+ NOT-FOR-US: PcVue
+CVE-2020-26866
+ RESERVED
+CVE-2020-26865
+ RESERVED
+CVE-2020-26864
+ RESERVED
+CVE-2020-26863
+ RESERVED
+CVE-2020-26862
+ RESERVED
+CVE-2020-26861
+ RESERVED
+CVE-2020-26860
+ RESERVED
+CVE-2020-26859
+ RESERVED
+CVE-2020-26858
+ RESERVED
+CVE-2020-26857
+ RESERVED
+CVE-2020-26856
+ RESERVED
+CVE-2020-26855
+ RESERVED
+CVE-2020-26854
+ RESERVED
+CVE-2020-26853
+ RESERVED
+CVE-2020-26852
+ RESERVED
+CVE-2020-26851
+ RESERVED
+CVE-2020-26850
+ RESERVED
+CVE-2020-26849
+ RESERVED
+CVE-2020-26848
+ RESERVED
+CVE-2020-26847
+ RESERVED
+CVE-2020-26846
+ RESERVED
+CVE-2020-26845
+ RESERVED
+CVE-2020-26844
+ RESERVED
+CVE-2020-26843
+ RESERVED
+CVE-2020-26842
+ RESERVED
+CVE-2020-26841
+ RESERVED
+CVE-2020-26840
+ RESERVED
+CVE-2020-26839
+ RESERVED
+CVE-2020-26838
+ RESERVED
+CVE-2020-26837
+ RESERVED
+CVE-2020-26836
+ RESERVED
+CVE-2020-26835
+ RESERVED
+CVE-2020-26834
+ RESERVED
+CVE-2020-26833
+ RESERVED
+CVE-2020-26832
+ RESERVED
+CVE-2020-26831
+ RESERVED
+CVE-2020-26830
+ RESERVED
+CVE-2020-26829
+ RESERVED
+CVE-2020-26828
+ RESERVED
+CVE-2020-26827
+ RESERVED
+CVE-2020-26826
+ RESERVED
+CVE-2020-26825
+ RESERVED
+CVE-2020-26824
+ RESERVED
+CVE-2020-26823
+ RESERVED
+CVE-2020-26822
+ RESERVED
+CVE-2020-26821
+ RESERVED
+CVE-2020-26820
+ RESERVED
+CVE-2020-26819
+ RESERVED
+CVE-2020-26818
+ RESERVED
+CVE-2020-26817
+ RESERVED
+CVE-2020-26816
+ RESERVED
+CVE-2020-26815
+ RESERVED
+CVE-2020-26814
+ RESERVED
+CVE-2020-26813
+ RESERVED
+CVE-2020-26812
+ RESERVED
+CVE-2020-26811
+ RESERVED
+CVE-2020-26810
+ RESERVED
+CVE-2020-26809
+ RESERVED
+CVE-2020-26808
+ RESERVED
+CVE-2020-26807
+ RESERVED
+CVE-2020-26806
+ RESERVED
+CVE-2020-26805
+ RESERVED
+CVE-2020-26804
+ RESERVED
+CVE-2020-26803
+ RESERVED
+CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in ...)
+ NOT-FOR-US: forma.lms
+CVE-2020-26801
+ RESERVED
+CVE-2020-26800
+ RESERVED
+CVE-2020-26799
+ RESERVED
+CVE-2020-26798
+ RESERVED
+CVE-2020-26797
+ RESERVED
+CVE-2020-26796
+ RESERVED
+CVE-2020-26795
+ RESERVED
+CVE-2020-26794
+ RESERVED
+CVE-2020-26793
+ RESERVED
+CVE-2020-26792
+ RESERVED
+CVE-2020-26791
+ RESERVED
+CVE-2020-26790
+ RESERVED
+CVE-2020-26789
+ RESERVED
+CVE-2020-26788
+ RESERVED
+CVE-2020-26787
+ RESERVED
+CVE-2020-26786
+ RESERVED
+CVE-2020-26785
+ RESERVED
+CVE-2020-26784
+ RESERVED
+CVE-2020-26783
+ RESERVED
+CVE-2020-26782
+ RESERVED
+CVE-2020-26781
+ RESERVED
+CVE-2020-26780
+ RESERVED
+CVE-2020-26779
+ RESERVED
+CVE-2020-26778
+ RESERVED
+CVE-2020-26777
+ RESERVED
+CVE-2020-26776
+ RESERVED
+CVE-2020-26775
+ RESERVED
+CVE-2020-26774
+ RESERVED
+CVE-2020-26773
+ RESERVED
+CVE-2020-26772
+ RESERVED
+CVE-2020-26771
+ RESERVED
+CVE-2020-26770
+ RESERVED
+CVE-2020-26769
+ RESERVED
+CVE-2020-26768
+ RESERVED
+CVE-2020-26767
+ RESERVED
+CVE-2020-26766
+ RESERVED
+CVE-2020-26765
+ RESERVED
+CVE-2020-26764
+ RESERVED
+CVE-2020-26763
+ RESERVED
+CVE-2020-26762
+ RESERVED
+CVE-2020-26761
+ RESERVED
+CVE-2020-26760
+ RESERVED
+CVE-2020-26759
+ RESERVED
+CVE-2020-26758
+ RESERVED
+CVE-2020-26757
+ RESERVED
+CVE-2020-26756
+ RESERVED
+CVE-2020-26755
+ RESERVED
+CVE-2020-26754
+ RESERVED
+CVE-2020-26753
+ RESERVED
+CVE-2020-26752
+ RESERVED
+CVE-2020-26751
+ RESERVED
+CVE-2020-26750
+ RESERVED
+CVE-2020-26749
+ RESERVED
+CVE-2020-26748
+ RESERVED
+CVE-2020-26747
+ RESERVED
+CVE-2020-26746
+ RESERVED
+CVE-2020-26745
+ RESERVED
+CVE-2020-26744
+ RESERVED
+CVE-2020-26743
+ RESERVED
+CVE-2020-26742
+ RESERVED
+CVE-2020-26741
+ RESERVED
+CVE-2020-26740
+ RESERVED
+CVE-2020-26739
+ RESERVED
+CVE-2020-26738
+ RESERVED
+CVE-2020-26737
+ RESERVED
+CVE-2020-26736
+ RESERVED
+CVE-2020-26735
+ RESERVED
+CVE-2020-26734
+ RESERVED
+CVE-2020-26733
+ RESERVED
+CVE-2020-26732
+ RESERVED
+CVE-2020-26731
+ RESERVED
+CVE-2020-26730
+ RESERVED
+CVE-2020-26729
+ RESERVED
+CVE-2020-26728
+ RESERVED
+CVE-2020-26727
+ RESERVED
+CVE-2020-26726
+ RESERVED
+CVE-2020-26725
+ RESERVED
+CVE-2020-26724
+ RESERVED
+CVE-2020-26723
+ RESERVED
+CVE-2020-26722
+ RESERVED
+CVE-2020-26721
+ RESERVED
+CVE-2020-26720
+ RESERVED
+CVE-2020-26719
+ RESERVED
+CVE-2020-26718
+ RESERVED
+CVE-2020-26717
+ RESERVED
+CVE-2020-26716
+ RESERVED
+CVE-2020-26715
+ RESERVED
+CVE-2020-26714
+ RESERVED
+CVE-2020-26713
+ RESERVED
+CVE-2020-26712
+ RESERVED
+CVE-2020-26711
+ RESERVED
+CVE-2020-26710
+ RESERVED
+CVE-2020-26709
+ RESERVED
+CVE-2020-26708
+ RESERVED
+CVE-2020-26707
+ RESERVED
+CVE-2020-26706
+ RESERVED
+CVE-2020-26705
+ RESERVED
+CVE-2020-26704
+ RESERVED
+CVE-2020-26703
+ RESERVED
+CVE-2020-26702
+ RESERVED
+CVE-2020-26701
+ RESERVED
+CVE-2020-26700
+ RESERVED
+CVE-2020-26699
+ RESERVED
+CVE-2020-26698
+ RESERVED
+CVE-2020-26697
+ RESERVED
+CVE-2020-26696
+ RESERVED
+CVE-2020-26695
+ RESERVED
+CVE-2020-26694
+ RESERVED
+CVE-2020-26693
+ RESERVED
+CVE-2020-26692
+ RESERVED
+CVE-2020-26691
+ RESERVED
+CVE-2020-26690
+ RESERVED
+CVE-2020-26689
+ RESERVED
+CVE-2020-26688
+ RESERVED
+CVE-2020-26687
+ RESERVED
+CVE-2020-26686
+ RESERVED
+CVE-2020-26685
+ RESERVED
+CVE-2020-26684
+ RESERVED
+CVE-2020-26683
+ RESERVED
+CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s call to `outline_strok ...)
+ - libass <unfixed>
+ [buster] - libass <no-dsa> (Minor issue)
+ [stretch] - libass <not-affected> (Vulnerable code not present)
+ NOTE: https://github.com/libass/libass/issues/431
+ NOTE: https://github.com/libass/libass/pull/432
+CVE-2020-26681
+ RESERVED
+CVE-2020-26680
+ RESERVED
+CVE-2020-26679
+ RESERVED
+CVE-2020-26678
+ RESERVED
+CVE-2020-26677
+ RESERVED
+CVE-2020-26676
+ RESERVED
+CVE-2020-26675
+ RESERVED
+CVE-2020-26674
+ RESERVED
+CVE-2020-26673
+ RESERVED
+CVE-2020-26672 (Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site S ...)
+ NOT-FOR-US: Testimonial Rotator Wordpress Plugin
+CVE-2020-26671
+ RESERVED
+CVE-2020-26670
+ RESERVED
+CVE-2020-26669
+ RESERVED
+CVE-2020-26668
+ RESERVED
+CVE-2020-26667
+ RESERVED
+CVE-2020-26666
+ RESERVED
+CVE-2020-26665
+ RESERVED
+CVE-2020-26664
+ RESERVED
+CVE-2020-26663
+ RESERVED
+CVE-2020-26662
+ RESERVED
+CVE-2020-26661
+ RESERVED
+CVE-2020-26660
+ RESERVED
+CVE-2020-26659
+ RESERVED
+CVE-2020-26658
+ RESERVED
+CVE-2020-26657
+ RESERVED
+CVE-2020-26656
+ RESERVED
+CVE-2020-26655
+ RESERVED
+CVE-2020-26654
+ RESERVED
+CVE-2020-26653
+ RESERVED
+CVE-2020-26652
+ RESERVED
+CVE-2020-26651
+ RESERVED
+CVE-2020-26650 (AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php ...)
+ NOT-FOR-US: AtomXCMS
+CVE-2020-26649 (AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.ph ...)
+ NOT-FOR-US: AtomXCMS
+CVE-2020-26648
+ RESERVED
+CVE-2020-26647
+ RESERVED
+CVE-2020-26646
+ RESERVED
+CVE-2020-26645
+ RESERVED
+CVE-2020-26644
+ RESERVED
+CVE-2020-26643
+ RESERVED
+CVE-2020-26642
+ RESERVED
+CVE-2020-26641
+ RESERVED
+CVE-2020-26640
+ RESERVED
+CVE-2020-26639
+ RESERVED
+CVE-2020-26638
+ RESERVED
+CVE-2020-26637
+ RESERVED
+CVE-2020-26636
+ RESERVED
+CVE-2020-26635
+ RESERVED
+CVE-2020-26634
+ RESERVED
+CVE-2020-26633
+ RESERVED
+CVE-2020-26632
+ RESERVED
+CVE-2020-26631
+ RESERVED
+CVE-2020-26630
+ RESERVED
+CVE-2020-26629
+ RESERVED
+CVE-2020-26628
+ RESERVED
+CVE-2020-26627
+ RESERVED
+CVE-2020-26626
+ RESERVED
+CVE-2020-26625
+ RESERVED
+CVE-2020-26624
+ RESERVED
+CVE-2020-26623
+ RESERVED
+CVE-2020-26622
+ RESERVED
+CVE-2020-26621
+ RESERVED
+CVE-2020-26620
+ RESERVED
+CVE-2020-26619
+ RESERVED
+CVE-2020-26618
+ RESERVED
+CVE-2020-26617
+ RESERVED
+CVE-2020-26616
+ RESERVED
+CVE-2020-26615
+ RESERVED
+CVE-2020-26614
+ RESERVED
+CVE-2020-26613
+ RESERVED
+CVE-2020-26612
+ RESERVED
+CVE-2020-26611
+ RESERVED
+CVE-2020-26610
+ RESERVED
+CVE-2020-26609
+ RESERVED
+CVE-2020-26608
+ RESERVED
+CVE-2020-26607 (An issue was discovered in TimaService on Samsung mobile devices with ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26606 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26605 (An issue was discovered on Samsung mobile devices with Q(10.0) and R(1 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26604 (An issue was discovered in SystemUI on Samsung mobile devices with O(8 ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26603 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26602 (An issue was discovered in EthernetNetwork on Samsung mobile devices w ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26601 (An issue was discovered in DirEncryptService on Samsung mobile devices ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26599 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...)
+ NOT-FOR-US: Samsung mobile devices
+CVE-2020-26598 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-26597 (An issue was discovered on LG mobile devices with Android OS 9.0 and 1 ...)
+ NOT-FOR-US: LG mobile devices
+CVE-2020-26596 (The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for ...)
+ NOT-FOR-US: Wordpress plugin
+CVE-2020-26595
+ RESERVED
+CVE-2020-26594
+ RESERVED
+CVE-2020-26593
+ RESERVED
+CVE-2020-26592
+ RESERVED
+CVE-2020-26591
+ RESERVED
+CVE-2020-26590
+ RESERVED
+CVE-2020-26589
+ RESERVED
+CVE-2020-26588
+ RESERVED
+CVE-2020-26587
+ RESERVED
+CVE-2020-26586
+ RESERVED
+CVE-2020-26585
+ RESERVED
+CVE-2020-26584 (An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The ...)
+ NOT-FOR-US: Sage
+CVE-2020-26583 (An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It a ...)
+ NOT-FOR-US: Sage
+CVE-2020-26582 (D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users ...)
+ NOT-FOR-US: D-Link
+CVE-2020-26581
+ RESERVED
+CVE-2020-26580
+ RESERVED
+CVE-2020-26579
+ RESERVED
+CVE-2020-26578
+ RESERVED
+CVE-2020-26577
+ RESERVED
+CVE-2020-26576
+ RESERVED
+CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...)
+ - wireshark <unfixed>
+ [buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
+ NOTE: https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16887
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/467
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/471
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/472
+ NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/473
+CVE-2020-26574 (** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is a ...)
+ NOT-FOR-US: Leostream
+CVE-2020-26573
+ RESERVED
+CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...)
+ - opensc <unfixed> (bug #972035)
+ [buster] - opensc <no-dsa> (Minor issue)
+ [stretch] - opensc <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967
+ NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817
+CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...)
+ - opensc <unfixed> (bug #972036)
+ [buster] - opensc <no-dsa> (Minor issue)
+ [stretch] - opensc <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612
+ NOTE: https://github.com/OpenSC/OpenSC/commit/ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43
+CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...)
+ - opensc <unfixed> (bug #972037)
+ [buster] - opensc <no-dsa> (Minor issue)
+ [stretch] - opensc <no-dsa> (Minor issue)
+ NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316
+ NOTE: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e
+CVE-2020-26569
+ RESERVED
+CVE-2020-26568
+ RESERVED
+CVE-2020-26567 (An issue was discovered on D-Link DSR-250N before 3.17B devices. The C ...)
+ NOT-FOR-US: D-Link
+CVE-2020-26566 (A Denial of Service condition in Motion-Project Motion 3.2 through 4.3 ...)
+ - motion <unfixed> (bug #972986)
+ [buster] - motion <not-affected> (Vulnerable code introduced in 4.2)
+ NOTE: https://github.com/Motion-Project/motion/security/advisories/GHSA-6f7x-grw7-fw24
+ NOTE: https://github.com/Motion-Project/motion/issues/1227#issuecomment-715927776
+ NOTE: https://github.com/Motion-Project/motion/pull/1232
+CVE-2020-26565
+ RESERVED
+CVE-2020-26564
+ RESERVED
+CVE-2020-26563
+ RESERVED
+CVE-2020-26562
+ RESERVED
+CVE-2020-26561 (** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_ ...)
+ NOT-FOR-US: Belkin
+CVE-2020-26560
+ RESERVED
+CVE-2020-26559
+ RESERVED
+CVE-2020-26558
+ RESERVED
+CVE-2020-26557
+ RESERVED
+CVE-2020-26556
+ RESERVED
+CVE-2020-26555
+ RESERVED
+CVE-2020-26554
+ RESERVED
+CVE-2020-26553
+ RESERVED
+CVE-2020-26552
+ RESERVED
+CVE-2020-26551
+ RESERVED
+CVE-2020-26550
+ RESERVED
+CVE-2020-26549
+ RESERVED
+CVE-2020-26548
+ RESERVED
+CVE-2020-26547
+ RESERVED
+CVE-2020-26546 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in HelpDeskZ 1 ...)
+ NOT-FOR-US: HelpDeskZ
+CVE-2020-26545
+ RESERVED
+CVE-2020-26544
+ RESERVED
+CVE-2020-26543
+ RESERVED
+CVE-2020-26542
+ RESERVED
+CVE-2020-26541 (The Linux kernel through 5.8.13 does not properly enforce the Secure B ...)
+ - linux <unfixed>
+ [stretch] - linux <not-affected> (Secure Boot key import not supported)
+ NOTE: https://lkml.org/lkml/2020/9/15/1871
+CVE-2020-26540 (An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on m ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26539 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Wh ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26538 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26537 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26536 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Th ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26535 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26534 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Th ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-26533
+ RESERVED
+CVE-2020-26532
+ RESERVED
+CVE-2020-26531
+ RESERVED
+CVE-2020-26530
+ RESERVED
+CVE-2020-26529
+ RESERVED
+CVE-2020-26528
+ RESERVED
+CVE-2020-26527 (An issue was discovered in API/api/Version in Damstra Smart Asset 2020 ...)
+ NOT-FOR-US: Damstra Smart Asset
+CVE-2020-26526 (An issue was discovered in Damstra Smart Asset 2020.7. It is possible ...)
+ NOT-FOR-US: Damstra Smart Asset
+CVE-2020-26525 (Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset ori ...)
+ NOT-FOR-US: Damstra Smart Asset
+CVE-2020-26524 (CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. ...)
+ NOT-FOR-US: CodeLathe FileCloud
+CVE-2020-26523 (Froala Editor before 3.2.2 allows XSS via pasted content. ...)
+ NOT-FOR-US: Froala Editor
+CVE-2020-26522 (A cross-site request forgery (CSRF) vulnerability in mod/user/act_user ...)
+ NOT-FOR-US: Garfield Petshop
+CVE-2020-26521
+ RESERVED
+CVE-2020-26520
+ RESERVED
+CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write when pa ...)
+ - mupdf <unfixed> (bug #971595)
+ [stretch] - mupdf <postponed> (Minor issue, can be fixed along in next DLA)
+ NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8
+ NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702937
+CVE-2020-26518 (Artica Pandora FMS before 743 allows unauthenticated attackers to cond ...)
+ NOT-FOR-US: Artica Pandora FMS
+CVE-2020-26517
+ RESERVED
+CVE-2020-26516
+ RESERVED
+CVE-2020-26515
RESERVED
-CVE-2020-25768
+CVE-2020-26514
RESERVED
+CVE-2020-26513
+ RESERVED
+CVE-2020-26512
+ RESERVED
+CVE-2020-26511 (The wpo365-login plugin before v11.7 for WordPress allows use of a sym ...)
+ NOT-FOR-US: wpo365-login plugin for WordPress
+CVE-2020-26510
+ RESERVED
+CVE-2020-26509
+ RESERVED
+CVE-2020-26508
+ RESERVED
+CVE-2020-26507
+ RESERVED
+CVE-2020-26506
+ RESERVED
+CVE-2020-26505
+ RESERVED
+CVE-2020-26504
+ RESERVED
+CVE-2020-26503
+ RESERVED
+CVE-2020-26502
+ RESERVED
+CVE-2020-26501
+ RESERVED
+CVE-2020-26500
+ RESERVED
+CVE-2020-26499
+ RESERVED
+CVE-2020-26498
+ RESERVED
+CVE-2020-26497
+ RESERVED
+CVE-2020-26496
+ RESERVED
+CVE-2020-26495
+ RESERVED
+CVE-2020-26494
+ RESERVED
+CVE-2020-26493
+ RESERVED
+CVE-2020-26492
+ RESERVED
+CVE-2020-26491
+ RESERVED
+CVE-2020-26490
+ RESERVED
+CVE-2020-26489
+ RESERVED
+CVE-2020-26488
+ RESERVED
+CVE-2020-26487
+ RESERVED
+CVE-2020-26486
+ RESERVED
+CVE-2020-26485
+ RESERVED
+CVE-2020-26484
+ RESERVED
+CVE-2020-26483
+ RESERVED
+CVE-2020-26482
+ RESERVED
+CVE-2020-26481
+ RESERVED
+CVE-2020-26480
+ RESERVED
+CVE-2020-26479
+ RESERVED
+CVE-2020-26478
+ RESERVED
+CVE-2020-26477
+ RESERVED
+CVE-2020-26476
+ RESERVED
+CVE-2020-26475
+ RESERVED
+CVE-2020-26474
+ RESERVED
+CVE-2020-26473
+ RESERVED
+CVE-2020-26472
+ RESERVED
+CVE-2020-26471
+ RESERVED
+CVE-2020-26470
+ RESERVED
+CVE-2020-26469
+ RESERVED
+CVE-2020-26468
+ RESERVED
+CVE-2020-26467
+ RESERVED
+CVE-2020-26466
+ RESERVED
+CVE-2020-26465
+ RESERVED
+CVE-2020-26464
+ RESERVED
+CVE-2020-26463
+ RESERVED
+CVE-2020-26462
+ RESERVED
+CVE-2020-26461
+ RESERVED
+CVE-2020-26460
+ RESERVED
+CVE-2020-26459
+ RESERVED
+CVE-2020-26458
+ RESERVED
+CVE-2020-26457
+ RESERVED
+CVE-2020-26456
+ RESERVED
+CVE-2020-26455
+ RESERVED
+CVE-2020-26454
+ RESERVED
+CVE-2020-26453
+ RESERVED
+CVE-2020-26452
+ RESERVED
+CVE-2020-26451
+ RESERVED
+CVE-2020-26450
+ RESERVED
+CVE-2020-26449
+ RESERVED
+CVE-2020-26448
+ RESERVED
+CVE-2020-26447
+ RESERVED
+CVE-2020-26446
+ RESERVED
+CVE-2020-26445
+ RESERVED
+CVE-2020-26444
+ RESERVED
+CVE-2020-26443
+ RESERVED
+CVE-2020-26442
+ RESERVED
+CVE-2020-26441
+ RESERVED
+CVE-2020-26440
+ RESERVED
+CVE-2020-26439
+ RESERVED
+CVE-2020-26438
+ RESERVED
+CVE-2020-26437
+ RESERVED
+CVE-2020-26436
+ RESERVED
+CVE-2020-26435
+ RESERVED
+CVE-2020-26434
+ RESERVED
+CVE-2020-26433
+ RESERVED
+CVE-2020-26432
+ RESERVED
+CVE-2020-26431
+ RESERVED
+CVE-2020-26430
+ RESERVED
+CVE-2020-26429
+ RESERVED
+CVE-2020-26428
+ RESERVED
+CVE-2020-26427
+ RESERVED
+CVE-2020-26426
+ RESERVED
+CVE-2020-26425
+ RESERVED
+CVE-2020-26424
+ RESERVED
+CVE-2020-26423
+ RESERVED
+CVE-2020-26422
+ RESERVED
+CVE-2020-26421
+ RESERVED
+CVE-2020-26420
+ RESERVED
+CVE-2020-26419
+ RESERVED
+CVE-2020-26418
+ RESERVED
+CVE-2020-26417
+ RESERVED
+CVE-2020-26416
+ RESERVED
+CVE-2020-26415
+ RESERVED
+CVE-2020-26414
+ RESERVED
+CVE-2020-26413
+ RESERVED
+CVE-2020-26412
+ RESERVED
+CVE-2020-26411
+ RESERVED
+CVE-2020-26410
+ RESERVED
+CVE-2020-26409
+ RESERVED
+CVE-2020-26408
+ RESERVED
+CVE-2020-26407
+ RESERVED
+CVE-2020-26406
+ RESERVED
+CVE-2020-26405
+ RESERVED
+CVE-2020-26404
+ RESERVED
+CVE-2020-26403
+ RESERVED
+CVE-2020-26402
+ RESERVED
+CVE-2020-26401
+ RESERVED
+CVE-2020-26400
+ RESERVED
+CVE-2020-26399
+ RESERVED
+CVE-2020-26398
+ RESERVED
+CVE-2020-26397
+ RESERVED
+CVE-2020-26396
+ RESERVED
+CVE-2020-26395
+ RESERVED
+CVE-2020-26394
+ RESERVED
+CVE-2020-26393
+ RESERVED
+CVE-2020-26392
+ RESERVED
+CVE-2020-26391
+ RESERVED
+CVE-2020-26390
+ RESERVED
+CVE-2020-26389
+ RESERVED
+CVE-2020-26388
+ RESERVED
+CVE-2020-26387
+ RESERVED
+CVE-2020-26386
+ RESERVED
+CVE-2020-26385
+ RESERVED
+CVE-2020-26384
+ RESERVED
+CVE-2020-26383
+ RESERVED
+CVE-2020-26382
+ RESERVED
+CVE-2020-26381
+ RESERVED
+CVE-2020-26380
+ RESERVED
+CVE-2020-26379
+ RESERVED
+CVE-2020-26378
+ RESERVED
+CVE-2020-26377
+ RESERVED
+CVE-2020-26376
+ RESERVED
+CVE-2020-26375
+ RESERVED
+CVE-2020-26374
+ RESERVED
+CVE-2020-26373
+ RESERVED
+CVE-2020-26372
+ RESERVED
+CVE-2020-26371
+ RESERVED
+CVE-2020-26370
+ RESERVED
+CVE-2020-26369
+ RESERVED
+CVE-2020-26368
+ RESERVED
+CVE-2020-26367
+ RESERVED
+CVE-2020-26366
+ RESERVED
+CVE-2020-26365
+ RESERVED
+CVE-2020-26364
+ RESERVED
+CVE-2020-26363
+ RESERVED
+CVE-2020-26362
+ RESERVED
+CVE-2020-26361
+ RESERVED
+CVE-2020-26360
+ RESERVED
+CVE-2020-26359
+ RESERVED
+CVE-2020-26358
+ RESERVED
+CVE-2020-26357
+ RESERVED
+CVE-2020-26356
+ RESERVED
+CVE-2020-26355
+ RESERVED
+CVE-2020-26354
+ RESERVED
+CVE-2020-26353
+ RESERVED
+CVE-2020-26352
+ RESERVED
+CVE-2020-26351
+ RESERVED
+CVE-2020-26350
+ RESERVED
+CVE-2020-26349
+ RESERVED
+CVE-2020-26348
+ RESERVED
+CVE-2020-26347
+ RESERVED
+CVE-2020-26346
+ RESERVED
+CVE-2020-26345
+ RESERVED
+CVE-2020-26344
+ RESERVED
+CVE-2020-26343
+ RESERVED
+CVE-2020-26342
+ RESERVED
+CVE-2020-26341
+ RESERVED
+CVE-2020-26340
+ RESERVED
+CVE-2020-26339
+ RESERVED
+CVE-2020-26338
+ RESERVED
+CVE-2020-26337
+ RESERVED
+CVE-2020-26336
+ RESERVED
+CVE-2020-26335
+ RESERVED
+CVE-2020-26334
+ RESERVED
+CVE-2020-26333
+ RESERVED
+CVE-2020-26332
+ RESERVED
+CVE-2020-26331
+ RESERVED
+CVE-2020-26330
+ RESERVED
+CVE-2020-26329
+ RESERVED
+CVE-2020-26328
+ RESERVED
+CVE-2020-26327
+ RESERVED
+CVE-2020-26326
+ RESERVED
+CVE-2020-26325
+ RESERVED
+CVE-2020-26324
+ RESERVED
+CVE-2020-26323
+ RESERVED
+CVE-2020-26322
+ RESERVED
+CVE-2020-26321
+ RESERVED
+CVE-2020-26320
+ RESERVED
+CVE-2020-26319
+ RESERVED
+CVE-2020-26318
+ RESERVED
+CVE-2020-26317
+ RESERVED
+CVE-2020-26316
+ RESERVED
+CVE-2020-26315
+ RESERVED
+CVE-2020-26314
+ RESERVED
+CVE-2020-26313
+ RESERVED
+CVE-2020-26312
+ RESERVED
+CVE-2020-26311
+ RESERVED
+CVE-2020-26310
+ RESERVED
+CVE-2020-26309
+ RESERVED
+CVE-2020-26308
+ RESERVED
+CVE-2020-26307
+ RESERVED
+CVE-2020-26306
+ RESERVED
+CVE-2020-26305
+ RESERVED
+CVE-2020-26304
+ RESERVED
+CVE-2020-26303
+ RESERVED
+CVE-2020-26302
+ RESERVED
+CVE-2020-26301
+ RESERVED
+CVE-2020-26300
+ RESERVED
+CVE-2020-26299
+ RESERVED
+CVE-2020-26298
+ RESERVED
+CVE-2020-26297
+ RESERVED
+CVE-2020-26296
+ RESERVED
+CVE-2020-26295
+ RESERVED
+CVE-2020-26294
+ RESERVED
+CVE-2020-26293
+ RESERVED
+CVE-2020-26292
+ RESERVED
+CVE-2020-26291
+ RESERVED
+CVE-2020-26290
+ RESERVED
+CVE-2020-26289
+ RESERVED
+CVE-2020-26288
+ RESERVED
+CVE-2020-26287
+ RESERVED
+CVE-2020-26286
+ RESERVED
+CVE-2020-26285
+ RESERVED
+CVE-2020-26284
+ RESERVED
+CVE-2020-26283
+ RESERVED
+CVE-2020-26282
+ RESERVED
+CVE-2020-26281
+ RESERVED
+CVE-2020-26280
+ RESERVED
+CVE-2020-26279
+ RESERVED
+CVE-2020-26278
+ RESERVED
+CVE-2020-26277
+ RESERVED
+CVE-2020-26276
+ RESERVED
+CVE-2020-26275
+ RESERVED
+CVE-2020-26274
+ RESERVED
+CVE-2020-26273
+ RESERVED
+CVE-2020-26272
+ RESERVED
+CVE-2020-26271
+ RESERVED
+CVE-2020-26270
+ RESERVED
+CVE-2020-26269
+ RESERVED
+CVE-2020-26268
+ RESERVED
+CVE-2020-26267
+ RESERVED
+CVE-2020-26266
+ RESERVED
+CVE-2020-26265
+ RESERVED
+CVE-2020-26264
+ RESERVED
+CVE-2020-26263
+ RESERVED
+CVE-2020-26262
+ RESERVED
+CVE-2020-26261
+ RESERVED
+CVE-2020-26260
+ RESERVED
+CVE-2020-26259
+ RESERVED
+CVE-2020-26258
+ RESERVED
+CVE-2020-26257
+ RESERVED
+CVE-2020-26256
+ RESERVED
+CVE-2020-26255
+ RESERVED
+CVE-2020-26254
+ RESERVED
+CVE-2020-26253
+ RESERVED
+CVE-2020-26252
+ RESERVED
+CVE-2020-26251
+ RESERVED
+CVE-2020-26250
+ RESERVED
+CVE-2020-26249
+ RESERVED
+CVE-2020-26248
+ RESERVED
+CVE-2020-26247
+ RESERVED
+CVE-2020-26246
+ RESERVED
+CVE-2020-26245
+ RESERVED
+CVE-2020-26244
+ RESERVED
+CVE-2020-26243
+ RESERVED
+CVE-2020-26242
+ RESERVED
+CVE-2020-26241
+ RESERVED
+CVE-2020-26240
+ RESERVED
+CVE-2020-26239
+ RESERVED
+CVE-2020-26238
+ RESERVED
+CVE-2020-26237
+ RESERVED
+CVE-2020-26236
+ RESERVED
+CVE-2020-26235
+ RESERVED
+CVE-2020-26234
+ RESERVED
+CVE-2020-26233
+ RESERVED
+CVE-2020-26232
+ RESERVED
+CVE-2020-26231
+ RESERVED
+CVE-2020-26230
+ RESERVED
+CVE-2020-26229
+ RESERVED
+CVE-2020-26228
+ RESERVED
+CVE-2020-26227
+ RESERVED
+CVE-2020-26226
+ RESERVED
+CVE-2020-26225
+ RESERVED
+CVE-2020-26224
+ RESERVED
+CVE-2020-26223
+ RESERVED
+CVE-2020-26222
+ RESERVED
+CVE-2020-26221
+ RESERVED
+CVE-2020-26220
+ RESERVED
+CVE-2020-26219
+ RESERVED
+CVE-2020-26218
+ RESERVED
+CVE-2020-26217
+ RESERVED
+CVE-2020-26216
+ RESERVED
+CVE-2020-26215
+ RESERVED
+CVE-2020-26214
+ RESERVED
+CVE-2020-26213
+ RESERVED
+CVE-2020-26212
+ RESERVED
+CVE-2020-26211
+ RESERVED
+CVE-2020-26210
+ RESERVED
+CVE-2020-26209
+ RESERVED
+CVE-2020-26208
+ RESERVED
+CVE-2020-26207
+ RESERVED
+CVE-2020-26206
+ RESERVED
+CVE-2020-26205
+ RESERVED
+CVE-2020-26204
+ RESERVED
+CVE-2020-26203
+ RESERVED
+CVE-2020-26202
+ RESERVED
+CVE-2020-26201
+ RESERVED
+CVE-2020-26200
+ RESERVED
+CVE-2020-26199
+ RESERVED
+CVE-2020-26198
+ RESERVED
+CVE-2020-26197
+ RESERVED
+CVE-2020-26196
+ RESERVED
+CVE-2020-26195
+ RESERVED
+CVE-2020-26194
+ RESERVED
+CVE-2020-26193
+ RESERVED
+CVE-2020-26192
+ RESERVED
+CVE-2020-26191
+ RESERVED
+CVE-2020-26190
+ RESERVED
+CVE-2020-26189
+ RESERVED
+CVE-2020-26188
+ RESERVED
+CVE-2020-26187
+ RESERVED
+CVE-2020-26186
+ RESERVED
+CVE-2020-26185
+ RESERVED
+CVE-2020-26184
+ RESERVED
+CVE-2020-26183 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper auth ...)
+ NOT-FOR-US: EMC
+CVE-2020-26182 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect pri ...)
+ NOT-FOR-US: EMC
+CVE-2020-26181
+ RESERVED
+CVE-2020-26180
+ RESERVED
+CVE-2020-26179
+ RESERVED
+CVE-2020-26178
+ RESERVED
+CVE-2020-26177
+ RESERVED
+CVE-2020-26176
+ RESERVED
+CVE-2020-26175
+ RESERVED
+CVE-2020-26174
+ RESERVED
+CVE-2020-26173
+ RESERVED
+CVE-2020-26172
+ RESERVED
+CVE-2020-26171
+ RESERVED
+CVE-2020-26170
+ RESERVED
+CVE-2020-26169
+ RESERVED
+CVE-2020-26168
+ RESERVED
+CVE-2020-26167
+ RESERVED
+CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...)
+ NOT-FOR-US: qdPM
+CVE-2020-26165
+ RESERVED
+CVE-2020-26164 (In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the ...)
+ - kdeconnect <unfixed> (bug #971736)
+ [buster] - kdeconnect <no-dsa> (Minor issue)
+ [stretch] - kdeconnect <no-dsa> (Minor issue)
+ NOTE: https://kde.org/info/security/advisory-20201002-1.txt
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/f183b5447bad47655c21af87214579f03bf3a163
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/b279c52101d3f7cc30a26086d58de0b5f1c547fa
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/d35b88c1b25fe13715f9170f18674d476ca9acdc
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/b496e66899e5bc9547b6537a7f44ab44dd0aaf38
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/5310eae85dbdf92fba30375238a2481f2e34943e
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/721ba9faafb79aac73973410ee1dd3624ded97a5
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/ae58b9dec49c809b85b5404cee17946116f8a706
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/66c768aa9e7fba30b119c8b801efd49ed1270b0a
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/85b691e40f525e22ca5cc4ebe79c361d71d7dc05
+ NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/48180b46552d40729a36b7431e97bbe2b5379306
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/4
+CVE-2020-26163 (BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Ori ...)
+ NOT-FOR-US: BigBlueButton Greenlight
+CVE-2020-26162 (Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073 ...)
+ NOT-FOR-US: Xerox
+CVE-2020-26161 (In Octopus Deploy through 2020.4.2, an attacker could redirect users t ...)
+ NOT-FOR-US: Octopus Deploy
+CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...)
+ - golang-github-dgrijalva-jwt-go <unfixed> (bug #971556)
+ NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515
+ NOTE: https://github.com/dgrijalva/jwt-go/issues/422
+ NOTE: https://github.com/dgrijalva/jwt-go/pull/426
+CVE-2020-26159 (In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expressi ...)
+ - libonig <unfixed> (bug #972113)
+ [buster] - libonig <no-dsa> (Minor issue)
+ NOTE: https://github.com/kkos/oniguruma/commit/cbe9f8bd9cfc6c3c87a60fbae58fa1a85db59df0
+ NOTE: https://github.com/kkos/oniguruma/issues/207
+CVE-2020-26158 (Leanote Desktop through 2.6.2 allows XSS because a note's title is mis ...)
+ NOT-FOR-US: Leanote Desktop
+CVE-2020-26157 (Leanote Desktop through 2.6.2 allows XSS because a note's title is mis ...)
+ NOT-FOR-US: Leanote Desktop
+CVE-2020-26156
+ RESERVED
+CVE-2020-26155
+ RESERVED
+CVE-2020-26153
+ RESERVED
+CVE-2020-26152
+ RESERVED
+CVE-2020-26151
+ RESERVED
+CVE-2020-26150 (info.php in Logaritmo Aware CallManager 2012 allows remote attackers t ...)
+ NOT-FOR-US: Logaritmo Aware CallManager 2012
+CVE-2020-26149 (NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno ...)
+ NOT-FOR-US: nats.js
+CVE-2020-26154 (url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when ...)
+ - libproxy <unfixed> (bug #968366)
+ NOTE: https://github.com/libproxy/libproxy/pull/126
+CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigge ...)
+ - md4c 0.4.5-2 (bug #971396)
+ NOTE: https://github.com/mity/md4c/issues/130
+ NOTE: https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0
+CVE-2020-26147
+ RESERVED
+CVE-2020-26146
+ RESERVED
+CVE-2020-26145
+ RESERVED
+CVE-2020-26144
+ RESERVED
+CVE-2020-26143
+ RESERVED
+CVE-2020-26142
+ RESERVED
+CVE-2020-26141
+ RESERVED
+CVE-2020-26140
+ RESERVED
+CVE-2020-26139
+ RESERVED
+CVE-2020-26138
+ RESERVED
+CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...)
+ - python-urllib3 1.25.9-1
+ [buster] - python-urllib3 <no-dsa> (Minor issue)
+ [stretch] - python-urllib3 <no-dsa> (Minor issue)
+ NOTE: https://bugs.python.org/issue39603
+ NOTE: https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b (1.25.9)
+ NOTE: https://github.com/urllib3/urllib3/pull/1800
+CVE-2020-26136
+ RESERVED
+CVE-2020-26135 (Live Helper Chat before 3.44v allows reflected XSS via the setsettinga ...)
+ NOT-FOR-US: Live Helper Chat
+CVE-2020-26134 (Live Helper Chat before 3.44v allows stored XSS in chat messages with ...)
+ NOT-FOR-US: Live Helper Chat
+CVE-2020-26133
+ RESERVED
+CVE-2020-26132
+ RESERVED
+CVE-2020-26131
+ RESERVED
+CVE-2020-26130
+ RESERVED
+CVE-2020-26129
+ RESERVED
+CVE-2020-26128
+ RESERVED
+CVE-2020-26127
+ RESERVED
+CVE-2020-26126
+ RESERVED
+CVE-2020-26125
+ RESERVED
+CVE-2020-26124 (openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticate ...)
+ NOT-FOR-US: openmediavault
+CVE-2020-26123
+ RESERVED
+CVE-2020-26122
+ RESERVED
+CVE-2020-26121 (An issue was discovered in the FileImporter extension for MediaWiki be ...)
+ NOT-FOR-US: FileImporter MediaWiki extension
+CVE-2020-26120 (XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 ...)
+ NOT-FOR-US: MobileFrontend MediaWiki extension
+CVE-2020-26119
+ RESERVED
+CVE-2020-26118
+ RESERVED
+CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1 ...)
+ {DLA-2396-1}
+ - tigervnc 1.10.1+dfsg-9 (bug #971272)
+ [buster] - tigervnc <no-dsa> (Minor issue)
+ NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1176733
+ NOTE: https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb (v1.11.0)
+ NOTE: https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b (v1.11.0)
+ NOTE: https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba (master)
+ NOTE: https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e (master)
+CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ...)
+ - python3.9 3.9.0~b5-1
+ - python3.8 3.8.5-1
+ - python3.7 <removed>
+ [buster] - python3.7 <no-dsa> (Minor issue)
+ - python3.5 <removed>
+ NOTE: https://bugs.python.org/issue39603
+ NOTE: https://python-security.readthedocs.io/vuln/http-header-injection-method.html
+ NOTE: https://github.com/python/cpython/commit/8ca8a2e8fb068863c1138f07e3098478ef8be12e (master)
+ NOTE: https://github.com/python/cpython/commit/27b811057ff5e93b68798e278c88358123efdc71 (v3.9.0b5)
+ NOTE: https://github.com/python/cpython/commit/668d321476d974c4f51476b33aaca870272523bf (v3.8.5)
+ NOTE: https://github.com/python/cpython/commit/ca75fec1ed358f7324272608ca952b2d8226d11a (v3.7.9)
+ NOTE: https://github.com/python/cpython/commit/f02de961b9f19a5db0ead56305fe0057a78787ae (v3.6.12)
+ NOTE: https://github.com/python/cpython/commit/524b8de630036a29ca340bc2ae6fd6dc7dda8f40 (v3.5.10)
+CVE-2020-26115 (cPanel before 90.0.10 allows self XSS via the Cron Editor interface (S ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26114 (cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26113 (cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interf ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26112 (The email quota cache in cPanel before 90.0.10 allows overwriting of f ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26111 (cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interf ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26110 (cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC inte ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26109 (cPanel before 88.0.13 allows bypass of a protection mechanism that att ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26108 (cPanel before 88.0.13 mishandles file-extension dispatching, leading t ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26107 (cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDN ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26106 (cPanel before 88.0.3 has weak permissions (world readable) for the pro ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26105 (In cPanel before 88.0.3, insecure chkservd test credentials are used o ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26104 (In cPanel before 88.0.3, an insecure SRS secret is used on a templated ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26103 (In cPanel before 88.0.3, an insecure site password is used for Mailman ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26102 (In cPanel before 88.0.3, an insecure auth policy API key is used by Do ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26101 (In cPanel before 88.0.3, insecure RNDC credentials are used for BIND o ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26100 (chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26099 (cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting p ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26098 (cPanel before 88.0.3 mishandles the Exim filter path, leading to remot ...)
+ NOT-FOR-US: cPanel
+CVE-2020-26097
+ RESERVED
+CVE-2020-26096
+ RESERVED
+CVE-2020-26095
+ RESERVED
+CVE-2020-26094
+ RESERVED
+CVE-2020-26093
+ RESERVED
+CVE-2020-26092
+ RESERVED
+CVE-2020-26091
+ RESERVED
+CVE-2020-26090
+ RESERVED
+CVE-2020-26089
+ RESERVED
+CVE-2020-26087
+ RESERVED
+CVE-2020-26086
+ RESERVED
+CVE-2020-26085
+ RESERVED
+CVE-2020-26084
+ RESERVED
+CVE-2020-26083
+ RESERVED
+CVE-2020-26082
+ RESERVED
+CVE-2020-26081
+ RESERVED
+CVE-2020-26080
+ RESERVED
+CVE-2020-26079
+ RESERVED
+CVE-2020-26078
+ RESERVED
+CVE-2020-26077
+ RESERVED
+CVE-2020-26076
+ RESERVED
+CVE-2020-26075
+ RESERVED
+CVE-2020-26074
+ RESERVED
+CVE-2020-26073
+ RESERVED
+CVE-2020-26072
+ RESERVED
+CVE-2020-26071
+ RESERVED
+CVE-2020-26070
+ RESERVED
+CVE-2020-26069
+ RESERVED
+CVE-2020-26068
+ RESERVED
+CVE-2020-26067
+ RESERVED
+CVE-2020-26066
+ RESERVED
+CVE-2020-26065
+ RESERVED
+CVE-2020-26064
+ RESERVED
+CVE-2020-26063
+ RESERVED
+CVE-2020-26062
+ RESERVED
+CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock. ...)
+ {DLA-2385-1}
+ - linux 5.7.17-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041
+CVE-2020-26061 (ClickStudios Passwordstate Password Reset Portal prior to build 8501 i ...)
+ NOT-FOR-US: ClickStudios Passwordstate Password Reset Portal
+CVE-2020-26060
+ RESERVED
+CVE-2020-26059
+ RESERVED
+CVE-2020-26058
+ RESERVED
+CVE-2020-26057
+ RESERVED
+CVE-2020-26056
+ RESERVED
+CVE-2020-26055
+ RESERVED
+CVE-2020-26054
+ RESERVED
+CVE-2020-26053
+ REJECTED
+CVE-2020-26052
+ RESERVED
+CVE-2020-26051
+ RESERVED
+CVE-2020-26050
+ RESERVED
+CVE-2020-26049
+ RESERVED
+CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows an authen ...)
+ NOT-FOR-US: CuppaCMS
+CVE-2020-26047
+ RESERVED
+CVE-2020-26046
+ RESERVED
+CVE-2020-26045
+ RESERVED
+CVE-2020-26044
+ RESERVED
+CVE-2020-26043 (An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerabil ...)
+ NOT-FOR-US: Hoosk CMS
+CVE-2020-26042 (An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection ...)
+ NOT-FOR-US: Hoosk CMS
+CVE-2020-26041 (An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code E ...)
+ NOT-FOR-US: Hoosk CMS
+CVE-2020-26040
+ RESERVED
+CVE-2020-26039
+ RESERVED
+CVE-2020-26038
+ RESERVED
+CVE-2020-26037
+ RESERVED
+CVE-2020-26036
+ RESERVED
+CVE-2020-26035
+ RESERVED
+CVE-2020-26034
+ RESERVED
+CVE-2020-26033
+ RESERVED
+CVE-2020-26032
+ RESERVED
+CVE-2020-26031
+ RESERVED
+CVE-2020-26030
+ RESERVED
+CVE-2020-26029
+ RESERVED
+CVE-2020-26028
+ RESERVED
+CVE-2020-26027
+ RESERVED
+CVE-2020-26026
+ RESERVED
+CVE-2020-26025
+ RESERVED
+CVE-2020-26024
+ RESERVED
+CVE-2020-26023
+ RESERVED
+CVE-2020-26022
+ RESERVED
+CVE-2020-26021
+ RESERVED
+CVE-2020-26020
+ RESERVED
+CVE-2020-26019
+ RESERVED
+CVE-2020-26018
+ RESERVED
+CVE-2020-26017
+ RESERVED
+CVE-2020-26016
+ RESERVED
+CVE-2020-26015
+ RESERVED
+CVE-2020-26014
+ RESERVED
+CVE-2020-26013
+ RESERVED
+CVE-2020-26012
+ RESERVED
+CVE-2020-26011
+ RESERVED
+CVE-2020-26010
+ RESERVED
+CVE-2020-26009
+ RESERVED
+CVE-2020-26008
+ RESERVED
+CVE-2020-26007
+ RESERVED
+CVE-2020-26006
+ RESERVED
+CVE-2020-26005
+ RESERVED
+CVE-2020-26004
+ RESERVED
+CVE-2020-26003
+ RESERVED
+CVE-2020-26002
+ RESERVED
+CVE-2020-26001
+ RESERVED
+CVE-2020-26000
+ RESERVED
+CVE-2020-25999
+ RESERVED
+CVE-2020-25998
+ RESERVED
+CVE-2020-25997
+ RESERVED
+CVE-2020-25996
+ RESERVED
+CVE-2020-25995
+ RESERVED
+CVE-2020-25994
+ RESERVED
+CVE-2020-25993
+ RESERVED
+CVE-2020-25992
+ RESERVED
+CVE-2020-25991
+ RESERVED
+CVE-2020-25990 (WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' ...)
+ NOT-FOR-US: WebsiteBaker
+CVE-2020-25989
+ RESERVED
+CVE-2020-25988
+ RESERVED
+CVE-2020-25987 (MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in ...)
+ NOT-FOR-US: MonoCMS Blog
+CVE-2020-25986 (A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 ...)
+ NOT-FOR-US: MonoCMS Blog
+CVE-2020-25985 (MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenti ...)
+ NOT-FOR-US: MonoCMS Blog
+CVE-2020-25984
+ RESERVED
+CVE-2020-25983
+ RESERVED
+CVE-2020-25982
+ RESERVED
+CVE-2020-25981
+ RESERVED
+CVE-2020-25980
+ RESERVED
+CVE-2020-25979
+ RESERVED
+CVE-2020-25978
+ RESERVED
+CVE-2020-25977
+ RESERVED
+CVE-2020-25976
+ RESERVED
+CVE-2020-25975
+ RESERVED
+CVE-2020-25974
+ RESERVED
+CVE-2020-25973
+ RESERVED
+CVE-2020-25972
+ RESERVED
+CVE-2020-25971
+ RESERVED
+CVE-2020-25970
+ RESERVED
+CVE-2020-25969
+ RESERVED
+CVE-2020-25968
+ RESERVED
+CVE-2020-25967
+ RESERVED
+CVE-2020-25966
+ RESERVED
+CVE-2020-25965
+ RESERVED
+CVE-2020-25964
+ RESERVED
+CVE-2020-25963
+ RESERVED
+CVE-2020-25962
+ RESERVED
+CVE-2020-25961
+ RESERVED
+CVE-2020-25960
+ RESERVED
+CVE-2020-25959
+ RESERVED
+CVE-2020-25958
+ RESERVED
+CVE-2020-25957
+ RESERVED
+CVE-2020-25956
+ RESERVED
+CVE-2020-25955
+ RESERVED
+CVE-2020-25954
+ RESERVED
+CVE-2020-25953
+ RESERVED
+CVE-2020-25952
+ RESERVED
+CVE-2020-25951
+ RESERVED
+CVE-2020-25950
+ RESERVED
+CVE-2020-25949
+ RESERVED
+CVE-2020-25948
+ RESERVED
+CVE-2020-25947
+ RESERVED
+CVE-2020-25946
+ RESERVED
+CVE-2020-25945
+ RESERVED
+CVE-2020-25944
+ RESERVED
+CVE-2020-25943
+ RESERVED
+CVE-2020-25942
+ RESERVED
+CVE-2020-25941
+ RESERVED
+CVE-2020-25940
+ RESERVED
+CVE-2020-25939
+ RESERVED
+CVE-2020-25938
+ RESERVED
+CVE-2020-25937
+ RESERVED
+CVE-2020-25936
+ RESERVED
+CVE-2020-25935
+ RESERVED
+CVE-2020-25934
+ RESERVED
+CVE-2020-25933
+ RESERVED
+CVE-2020-25932
+ RESERVED
+CVE-2020-25931
+ RESERVED
+CVE-2020-25930
+ RESERVED
+CVE-2020-25929
+ RESERVED
+CVE-2020-25928
+ RESERVED
+CVE-2020-25927
+ RESERVED
+CVE-2020-25926
+ RESERVED
+CVE-2020-25925
+ RESERVED
+CVE-2020-25924
+ RESERVED
+CVE-2020-25923
+ RESERVED
+CVE-2020-25922
+ RESERVED
+CVE-2020-25921
+ RESERVED
+CVE-2020-25920
+ RESERVED
+CVE-2020-25919
+ RESERVED
+CVE-2020-25918
+ RESERVED
+CVE-2020-25917
+ RESERVED
+CVE-2020-25916
+ RESERVED
+CVE-2020-25915
+ RESERVED
+CVE-2020-25914
+ RESERVED
+CVE-2020-25913
+ RESERVED
+CVE-2020-25912
+ RESERVED
+CVE-2020-25911
+ RESERVED
+CVE-2020-25910
+ RESERVED
+CVE-2020-25909
+ RESERVED
+CVE-2020-25908
+ RESERVED
+CVE-2020-25907
+ RESERVED
+CVE-2020-25906
+ RESERVED
+CVE-2020-25905
+ RESERVED
+CVE-2020-25904
+ RESERVED
+CVE-2020-25903
+ RESERVED
+CVE-2020-25902
+ RESERVED
+CVE-2020-25901
+ RESERVED
+CVE-2020-25900
+ RESERVED
+CVE-2020-25899
+ RESERVED
+CVE-2020-25898
+ RESERVED
+CVE-2020-25897
+ RESERVED
+CVE-2020-25896
+ RESERVED
+CVE-2020-25895
+ RESERVED
+CVE-2020-25894
+ RESERVED
+CVE-2020-25893
+ RESERVED
+CVE-2020-25892
+ RESERVED
+CVE-2020-25891
+ RESERVED
+CVE-2020-25890
+ RESERVED
+CVE-2020-25889
+ RESERVED
+CVE-2020-25888
+ RESERVED
+CVE-2020-25887
+ RESERVED
+CVE-2020-25886
+ RESERVED
+CVE-2020-25885
+ RESERVED
+CVE-2020-25884
+ RESERVED
+CVE-2020-25883
+ RESERVED
+CVE-2020-25882
+ RESERVED
+CVE-2020-25881
+ RESERVED
+CVE-2020-25880
+ RESERVED
+CVE-2020-25879
+ RESERVED
+CVE-2020-25878
+ RESERVED
+CVE-2020-25877
+ RESERVED
+CVE-2020-25876
+ RESERVED
+CVE-2020-25875
+ RESERVED
+CVE-2020-25874
+ RESERVED
+CVE-2020-25873
+ RESERVED
+CVE-2020-25872
+ RESERVED
+CVE-2020-25871
+ RESERVED
+CVE-2020-25870
+ RESERVED
+CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 and 1.3 ...)
+ NOT-FOR-US: CentralAuth MediaWiki extension
+ NOTE: The extension requires some new infrastructure code which was added to the
+ NOTE: MediaWiki 1.31.9 / 1.34.3 security releases announced at
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T260485
+CVE-2020-25868
+ RESERVED
+CVE-2020-25867 (SoPlanning before 1.47 doesn't correctly check the security key used t ...)
+ NOT-FOR-US: SoPlanning
+CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dis ...)
+ - wireshark 3.2.7-1
+ [buster] - wireshark <not-affected> (Vulnerable code not present)
+ [stretch] - wireshark <not-affected> (Vulnerable code not present)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-13.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16866
+CVE-2020-25865
+ RESERVED
+CVE-2020-25864
+ RESERVED
+CVE-2020-25863 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...)
+ - wireshark 3.2.7-1
+ [buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
+ [stretch] - wireshark <postponed> (Minor issue, can be fixed along in next DLA)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-11.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16741
+CVE-2020-25862 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...)
+ - wireshark 3.2.7-1
+ [buster] - wireshark <postponed> (Minor issue, can be fixed along in next DSA)
+ [stretch] - wireshark <postponed> (Minor issue, can be fixed along in next DLA)
+ NOTE: https://www.wireshark.org/security/wnpa-sec-2020-12.html
+ NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16816
+CVE-2020-25861
+ RESERVED
+CVE-2020-25860
+ RESERVED
+CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to ve ...)
+ NOT-FOR-US: Qualcomm QCMAP
+CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior ...)
+ NOT-FOR-US: Qualcomm QCMAP
+CVE-2020-25857
+ RESERVED
+CVE-2020-25856
+ RESERVED
+CVE-2020-25855
+ RESERVED
+CVE-2020-25854
+ RESERVED
+CVE-2020-25853
+ RESERVED
+CVE-2020-25852
+ RESERVED
+CVE-2020-25851
+ RESERVED
+CVE-2020-25850
+ RESERVED
+CVE-2020-25849
+ RESERVED
+CVE-2020-25848
+ RESERVED
+CVE-2020-25847
+ RESERVED
+CVE-2020-25846
+ RESERVED
+CVE-2020-25845
+ RESERVED
+CVE-2020-25844
+ RESERVED
+CVE-2020-25843
+ RESERVED
+CVE-2020-25842
+ RESERVED
+CVE-2020-25841
+ RESERVED
+CVE-2020-25840
+ RESERVED
+CVE-2020-25839
+ RESERVED
+CVE-2020-25838
+ RESERVED
+CVE-2020-25837
+ RESERVED
+CVE-2020-25836
+ RESERVED
+CVE-2020-25835
+ RESERVED
+CVE-2020-25834
+ RESERVED
+CVE-2020-25833
+ RESERVED
+CVE-2020-25832
+ RESERVED
+CVE-2020-25831
+ RESERVED
+CVE-2020-25830 (An issue was discovered in MantisBT before 2.24.3. Improper escaping o ...)
+ - mantis <removed>
+CVE-2020-25829 (An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x befo ...)
+ - pdns-recursor 4.3.5-1 (bug #972159)
+ NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html
+CVE-2020-25828 (An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through ...)
+ {DSA-4767-1 DLA-2379-1}
+ - mediawiki 1:1.35.0-1
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T115888
+CVE-2020-25827 (An issue was discovered in the OATHAuth extension in MediaWiki before ...)
+ {DSA-4767-1 DLA-2379-1}
+ - mediawiki 1:1.35.0-1
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T251661
+CVE-2020-25826 (PingID Integration for Windows Login before 2.4.2 allows local users t ...)
+ NOT-FOR-US: PingID Integration for Windows Login
+CVE-2020-25825 (In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensit ...)
+ NOT-FOR-US: Octopus Deploy
+CVE-2020-25824 (Telegram Desktop through 2.4.3 does not require passcode entry upon pu ...)
+ NOTE: Nonsense CVE allocation for Telegram desktop client, with an desktop not protected
+ NOTE: by a screen lock anything can happen anyway
+CVE-2020-25823
+ RESERVED
+CVE-2020-25822
+ RESERVED
+CVE-2020-25821 (** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer ...)
+ NOT-FOR-US: peg-markdown
+CVE-2020-25820 (BigBlueButton before 2.2.27 allows remote authenticated users to read ...)
+ NOT-FOR-US: BigBlueButton
+CVE-2020-25819
+ RESERVED
+CVE-2020-25818
+ RESERVED
+CVE-2020-25817
+ RESERVED
+CVE-2020-25816 (HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed le ...)
+ NOT-FOR-US: HashiCorp Vault
+CVE-2020-25815 (An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34 ...)
+ - mediawiki 1:1.35.0-1
+ [buster] - mediawiki <not-affected> (Vulnerable code introduced in 1.32)
+ [stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T256171
+CVE-2020-25814 (In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, X ...)
+ {DSA-4767-1 DLA-2379-1}
+ - mediawiki 1:1.35.0-1
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T86738
+CVE-2020-25813 (In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, S ...)
+ {DSA-4767-1 DLA-2379-1}
+ - mediawiki 1:1.35.0-1
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T232568
+CVE-2020-25812 (An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special: ...)
+ {DSA-4767-1}
+ - mediawiki 1:1.35.0-1
+ [stretch] - mediawiki <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html
+ NOTE: https://phabricator.wikimedia.org/T255918
+CVE-2020-25811
+ RESERVED
+CVE-2020-25810
+ RESERVED
+CVE-2020-25809
+ RESERVED
+CVE-2020-25808
+ RESERVED
+CVE-2020-25807
+ RESERVED
+CVE-2020-25806
+ RESERVED
+CVE-2020-25805
+ RESERVED
+CVE-2020-25804
+ RESERVED
+CVE-2020-25803 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
+ NOT-FOR-US: Crafter Studio of Crafter CMS
+CVE-2020-25802 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...)
+ NOT-FOR-US: Crafter Studio of Crafter CMS
+CVE-2020-25801
+ RESERVED
+CVE-2020-25800
+ RESERVED
+CVE-2020-25799
+ RESERVED
+CVE-2020-25798
+ RESERVED
+CVE-2020-25797
+ RESERVED
+CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload ...)
+ NOT-FOR-US: Typesetter CMS
+CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
+ - tt-rss <unfixed> (bug #970633)
+ NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
+ NOTE: https://git.tt-rss.org/fox/tt-rss/commit/da5af2fae091041cca27b24b6f0e69e4a6d0dc60
+CVE-2020-25788 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
+ - tt-rss <unfixed> (bug #970633)
+ NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
+ NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
+CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...)
+ - tt-rss <unfixed> (bug #970633)
+ NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799
+ NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef
+CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L ...)
+ NOT-FOR-US: D-Link
+CVE-2020-25785
+ RESERVED
+CVE-2020-25784
+ RESERVED
+CVE-2020-25783
+ RESERVED
+CVE-2020-25782
+ RESERVED
+CVE-2020-25781 (An issue was discovered in file_download.php in MantisBT before 2.24.3 ...)
+ - mantis <removed>
+CVE-2020-25796 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks <unfixed> (bug #970586)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25795 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks <unfixed> (bug #970586)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25794 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks <unfixed> (bug #970586)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25793 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks <unfixed> (bug #970586)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25792 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks <unfixed> (bug #970586)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25791 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...)
+ - rust-sized-chunks <unfixed> (bug #970586)
+ NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html
+ NOTE: https://github.com/bodil/sized-chunks/issues/11
+CVE-2020-25780
+ RESERVED
+CVE-2020-25779 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in w ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25778 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25777 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a speci ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25776 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbo ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25775 (The Trend Micro Security 2020 (v16) consumer family of products is vul ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25774 (A vulnerability in the Trend Micro Apex One ServerMigrationTool compon ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25773 (A vulnerability in the Trend Micro Apex One ServerMigrationTool compon ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25772 (An out-of-bounds read information disclosure vulnerabilities in Trend ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25771 (An out-of-bounds read information disclosure vulnerabilities in Trend ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25770 (An out-of-bounds read information disclosure vulnerabilities in Trend ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-25769
+ RESERVED
+CVE-2020-25768 (Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 hav ...)
+ NOT-FOR-US: Contao CMS
CVE-2020-25767
RESERVED
CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...)
@@ -36,14 +4166,14 @@ CVE-2020-25765
RESERVED
CVE-2020-25764
RESERVED
-CVE-2020-25763
- RESERVED
-CVE-2020-25762
- RESERVED
-CVE-2020-25761
- RESERVED
-CVE-2020-25760
- RESERVED
+CVE-2020-25763 (Seat Reservation System version 1.0 suffers from an Unauthenticated Fi ...)
+ NOT-FOR-US: Seat Reservation System
+CVE-2020-25762 (An issue was discovered in SourceCodester Seat Reservation System 1.0. ...)
+ NOT-FOR-US: SourceCodester Seat Reservation System
+CVE-2020-25761 (Projectworlds Visitor Management System in PHP 1.0 allows XSS. The fil ...)
+ NOT-FOR-US: Projectworlds Visitor Management System in PHP
+CVE-2020-25760 (Projectworlds Visitor Management System in PHP 1.0 allows SQL Injectio ...)
+ NOT-FOR-US: Projectworlds Visitor Management System in PHP
CVE-2020-25759
RESERVED
CVE-2020-25758
@@ -65,28 +4195,43 @@ CVE-2020-25751 (The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injectio
NOT-FOR-US: paGO Commerce plugin for Joomla!
CVE-2020-25750 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 b ...)
NOT-FOR-US: DotPlant2
-CVE-2020-25749
- RESERVED
-CVE-2020-25748
- RESERVED
-CVE-2020-25747
- RESERVED
+CVE-2020-25749 (The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 ca ...)
+ NOT-FOR-US: Rubetek
+CVE-2020-25748 (A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3 ...)
+ NOT-FOR-US: Rubetek
+CVE-2020-25747 (The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (f ...)
+ NOT-FOR-US: Rubetek
CVE-2020-25746
RESERVED
CVE-2020-25745
RESERVED
CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to ...)
NOT-FOR-US: SaferVPN
-CVE-2020-25743
- RESERVED
-CVE-2020-25742
- RESERVED
-CVE-2020-25741
- RESERVED
+CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereferen ...)
+ - qemu <unfixed> (bug #970940)
+ [buster] - qemu <postponed> (Fix along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html
+ NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1
+CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...)
+ - qemu <unfixed> (bug #971390)
+ [buster] - qemu <postponed> (Fix along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html
+ NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1
+CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ...)
+ - qemu <unfixed> (bug #970939)
+ [buster] - qemu <postponed> (Fix along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html
+ NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1
CVE-2020-25740
RESERVED
-CVE-2020-25739
- RESERVED
+CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Mult ...)
+ {DLA-2380-1}
+ - ruby-gon <unfixed> (bug #970938)
+ [buster] - ruby-gon <no-dsa> (Minor issue)
+ NOTE: https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7
CVE-2020-25738
RESERVED
CVE-2020-25737
@@ -106,7 +4251,7 @@ CVE-2020-25731
CVE-2020-25730
RESERVED
CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the connkey parameter to downloa ...)
- - zoneminder <unfixed> (unimportant)
+ - zoneminder 1.34.21-1 (unimportant)
NOTE: https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413
NOTE: Only supported for trusted users/behind auth, see README.debian.security
CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a broken algor ...)
@@ -114,7 +4259,7 @@ CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a broken
CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS- ...)
NOT-FOR-US: Reset Password add-on for Alfresco
CVE-2020-25726
- RESERVED
+ REJECTED
CVE-2020-25725
RESERVED
CVE-2020-25724
@@ -247,18 +4392,27 @@ CVE-2020-25661
RESERVED
CVE-2020-25660
RESERVED
-CVE-2020-25659
+CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption]
RESERVED
+ - python-cryptography <unfixed>
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889988
+ NOTE: https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 (3.2)
CVE-2020-25658
RESERVED
CVE-2020-25657
RESERVED
CVE-2020-25656
RESERVED
+ - linux <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/16/1
CVE-2020-25655
RESERVED
-CVE-2020-25654
+ NOT-FOR-US: Red Hat open-cluster-management
+CVE-2020-25654 [ACL restrictions bypass]
RESERVED
+ - pacemaker <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191
CVE-2020-25653
RESERVED
CVE-2020-25652
@@ -269,37 +4423,64 @@ CVE-2020-25650
RESERVED
CVE-2020-25649
RESERVED
-CVE-2020-25648
- RESERVED
+ {DLA-2406-1}
+ - jackson-databind 2.11.1-1
+ [buster] - jackson-databind <no-dsa> (Minor issue)
+ NOTE: https://github.com/FasterXML/jackson-databind/issues/2589
+ NOTE: https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1)
+CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...)
+ - nss 2:3.58-1
+ [buster] - nss <no-dsa> (Minor issue)
+ [stretch] - nss <no-dsa> (Minor issue)
+ NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
+ NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 (private)
+ NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
CVE-2020-25647
RESERVED
CVE-2020-25646
RESERVED
-CVE-2020-25645
- RESERVED
-CVE-2020-25644
- RESERVED
-CVE-2020-25643
- RESERVED
+CVE-2020-25645 (A flaw was found in the Linux kernel in versions before 5.9-rc7. Traff ...)
+ {DSA-4774-1}
+ - linux 5.8.14-1
+ NOTE: https://git.kernel.org/linus/34beb21594519ce64a55a498c2fe7d567bc1ca20
+CVE-2020-25644 (A memory leak flaw was found in WildFly OpenSSL in versions prior to 1 ...)
+ - wildfly <itp> (bug #752018)
+CVE-2020-25643 (A flaw was found in the HDLC_PPP module of the Linux kernel in version ...)
+ {DSA-4774-1}
+ - linux 5.8.14-1
+ NOTE: https://git.kernel.org/linus/66d42ed8b25b64eb63111a2b8582c5afc8bf1105
CVE-2020-25642
RESERVED
-CVE-2020-25641
- RESERVED
+CVE-2020-25641 (A flaw was found in the Linux kernel's implementation of biovecs in ve ...)
+ {DLA-2385-1}
+ - linux 5.8.10-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124
CVE-2020-25640
RESERVED
-CVE-2020-25639
+ - wildfly <itp> (bug #752018)
+CVE-2020-25639 [NULL pointer dereference via nouveau ioctl can lead to DoS]
RESERVED
+ - linux <unfixed>
+ [buster] - linux <not-affected> (Vulnerable code introduced later)
+ [stretch] - linux <not-affected> (Vulnerable code introduced later)
+ NOTE: https://lists.freedesktop.org/archives/nouveau/2020-August/036682.html
CVE-2020-25638
RESERVED
-CVE-2020-25637
- RESERVED
-CVE-2020-25636
- RESERVED
- - ansible <unfixed>
+CVE-2020-25637 (A double free memory issue was found to occur in the libvirt API, in v ...)
+ {DLA-2395-1}
+ - libvirt <unfixed> (bug #971555)
+ [buster] - libvirt <no-dsa> (Minor issue)
+ NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0977b8aa071de550e1a013d35e2c72615e65d520 (v1.2.14-rc1)
+ NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=955029bd0ad7ef96000f529ac38204a8f4a96401 (v6.8.0)
+ NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=50864dcda191eb35732dbd80fb6ca251a6bba923 (v6.8.0)
+ NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=e4116eaa44cb366b59f7fe98f4b88d04c04970ad (v6.8.0)
+ NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=a63b48c5ecef077bf0f909a85f453a605600cf05 (v6.8.0)
+CVE-2020-25636 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...)
+ - ansible <not-affected> (Vulnerable connection/aws_ssm plugin not included)
NOTE: https://github.com/ansible-collections/community.aws/issues/221
-CVE-2020-25635
- RESERVED
- - ansible <unfixed>
+CVE-2020-25635 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...)
+ - ansible <not-affected> (Vulnerable connection/aws_ssm plugin not included)
NOTE: https://github.com/ansible-collections/community.aws/issues/222
CVE-2020-25634
RESERVED
@@ -320,21 +4501,28 @@ CVE-2020-25628
RESERVED
CVE-2020-25627
RESERVED
-CVE-2020-25626
- RESERVED
-CVE-2020-25625 [usb: hcd-ohci: infinite loop issue while processing transfer descriptors]
- RESERVED
+CVE-2020-25626 (A flaw was found in Django REST Framework versions before 3.12.0 and b ...)
+ - djangorestframework 3.12.1-1 (bug #971554)
+ [stretch] - djangorestframework <no-dsa> (Minor issue)
+ NOTE: https://github.com/encode/django-rest-framework/commit/4121b01b912668c049b26194a9a107c27a332429
+ NOTE: Fixed upstream in 3.12.0 and 3.11.2
+CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list ha ...)
- qemu <unfixed> (bug #970542)
[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html
NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1
CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer descriptors]
RESERVED
- qemu <unfixed> (bug #970541)
[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html
-CVE-2020-25623
- RESERVED
+CVE-2020-25623 (Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Director ...)
+ - erlang 1:23.1+dfsg-1
+ [buster] - erlang <not-affected> (Vulnerable code introduced later)
+ [stretch] - erlang <not-affected> (Vulnerable code introduced later)
+ NOTE: https://github.com/erlang/otp/releases/tag/OTP-23.1
CVE-2020-25622
RESERVED
CVE-2020-25621
@@ -354,8 +4542,15 @@ CVE-2020-25615
CVE-2020-25614 (xmlquery before 1.3.1 lacks a check for whether a LoadURL response is ...)
- golang-github-antchfx-xmlquery <unfixed>
NOTE: https://github.com/antchfx/xmlquery/issues/39
-CVE-2020-25613
- RESERVED
+CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ...)
+ {DLA-2392-1 DLA-2391-1}
+ - ruby2.7 2.7.1-4
+ - ruby2.5 <removed>
+ [buster] - ruby2.5 <no-dsa> (Minor issue)
+ - ruby2.3 <removed>
+ - jruby <unfixed> (bug #972230)
+ NOTE: https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
+ NOTE: Fix in webrick: https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7
CVE-2020-25612
RESERVED
CVE-2020-25611
@@ -372,26 +4567,55 @@ CVE-2020-25606
RESERVED
CVE-2020-25605
RESERVED
-CVE-2020-25604
- RESERVED
-CVE-2020-25603
- RESERVED
-CVE-2020-25602
- RESERVED
-CVE-2020-25601
- RESERVED
-CVE-2020-25600
- RESERVED
-CVE-2020-25599
- RESERVED
-CVE-2020-25598
- RESERVED
-CVE-2020-25597
- RESERVED
-CVE-2020-25596
- RESERVED
-CVE-2020-25595
- RESERVED
+CVE-2020-25604 (An issue was discovered in Xen through 4.14.x. There is a race conditi ...)
+ {DSA-4769-1}
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-336.html
+CVE-2020-25603 (An issue was discovered in Xen through 4.14.x. There are missing memor ...)
+ {DSA-4769-1}
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-340.html
+CVE-2020-25602 (An issue was discovered in Xen through 4.14.x. An x86 PV guest can tri ...)
+ {DSA-4769-1}
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-333.html
+CVE-2020-25601 (An issue was discovered in Xen through 4.14.x. There is a lack of pree ...)
+ {DSA-4769-1}
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-344.html
+CVE-2020-25600 (An issue was discovered in Xen through 4.14.x. Out of bounds event cha ...)
+ {DSA-4769-1}
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-342.html
+CVE-2020-25599 (An issue was discovered in Xen through 4.14.x. There are evtchn_reset( ...)
+ {DSA-4769-1}
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-343.html
+CVE-2020-25598 (An issue was discovered in Xen 4.14.x. There is a missing unlock in th ...)
+ [experimental] - xen <unfixed>
+ - xen <not-affected> (No affected version (only > 4.12) ever uploaded to unstable)
+ NOTE: https://xenbits.xen.org/xsa/advisory-334.html
+CVE-2020-25597 (An issue was discovered in Xen through 4.14.x. There is mishandling of ...)
+ {DSA-4769-1}
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-338.html
+CVE-2020-25596 (An issue was discovered in Xen through 4.14.x. x86 PV guest kernels ca ...)
+ {DSA-4769-1}
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-339.html
+CVE-2020-25595 (An issue was discovered in Xen through 4.14.x. The PCI passthrough cod ...)
+ {DSA-4769-1}
+ - xen <unfixed>
+ [stretch] - xen <end-of-life> (DSA 4602-1)
+ NOTE: https://xenbits.xen.org/xsa/advisory-337.html
CVE-2020-25594
RESERVED
CVE-2020-25593
@@ -545,10 +4769,10 @@ CVE-2020-25517
RESERVED
CVE-2020-25516
RESERVED
-CVE-2020-25515
- RESERVED
-CVE-2020-25514
- RESERVED
+CVE-2020-25515 (Sourcecodester Simple Library Management System 1.0 is affected by Ins ...)
+ NOT-FOR-US: Sourcecodester Simple Library Management System
+CVE-2020-25514 (Sourcecodester Simple Library Management System 1.0 is affected by Inc ...)
+ NOT-FOR-US: Sourcecodester Simple Library Management System
CVE-2020-25513
RESERVED
CVE-2020-25512
@@ -601,16 +4825,16 @@ CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) be
NOT-FOR-US: Sqreen
CVE-2020-25488
RESERVED
-CVE-2020-25487
- RESERVED
+CVE-2020-25487 (PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is af ...)
+ NOT-FOR-US: PHPGURUKUL Zoo Management System
CVE-2020-25486
RESERVED
CVE-2020-25485
RESERVED
CVE-2020-25484
RESERVED
-CVE-2020-25483
- RESERVED
+CVE-2020-25483 (An arbitrary command execution vulnerability exists in the fopen() fun ...)
+ NOT-FOR-US: UCMS
CVE-2020-25482
RESERVED
CVE-2020-25481
@@ -635,16 +4859,16 @@ CVE-2020-25472
RESERVED
CVE-2020-25471
RESERVED
-CVE-2020-25470
- RESERVED
+CVE-2020-25470 (AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability i ...)
+ NOT-FOR-US: AntSword
CVE-2020-25469
RESERVED
CVE-2020-25468
RESERVED
CVE-2020-25467
RESERVED
-CVE-2020-25466
- RESERVED
+CVE-2020-25466 (A SSRF vulnerability exists in the downloadimage interface of CRMEB 3. ...)
+ NOT-FOR-US: CRMEB
CVE-2020-25465
RESERVED
CVE-2020-25464
@@ -751,7 +4975,7 @@ CVE-2020-25414
RESERVED
CVE-2020-25413
RESERVED
-CVE-2020-25412 (gnuplot 5.4 is affected by a segmentation fault in com_line () at comm ...)
+CVE-2020-25412 (com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write ...)
- gnuplot <unfixed> (unimportant)
NOTE: https://sourceforge.net/p/gnuplot/bugs/2303/
NOTE: No security impact, gnuplot can execute arbitrary commands and need to
@@ -892,8 +5116,8 @@ CVE-2020-25345
RESERVED
CVE-2020-25344
RESERVED
-CVE-2020-25343
- RESERVED
+CVE-2020-25343 (Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow ...)
+ NOT-FOR-US: Symphony CMS
CVE-2020-25342
RESERVED
CVE-2020-25341
@@ -1002,15 +5226,19 @@ CVE-2020-25290
RESERVED
CVE-2020-25289 (The VPN service in AVAST SecureLine before 5.6.4982.470 allows local u ...)
NOT-FOR-US: VPN service in AVAST SecureLine
-CVE-2020-25288
- RESERVED
+CVE-2020-25288 (An issue was discovered in MantisBT before 2.24.3. When editing an Iss ...)
+ - mantis <removed>
CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute arbitrary com ...)
NOT-FOR-US: Pligg CMS
CVE-2020-25285 (A race condition between hugetlb sysctl handlers in mm/hugetlb.c in th ...)
+ {DLA-2385-1}
- linux 5.8.10-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467
CVE-2020-25284 (The rbd block device driver in drivers/block/rbd.c in the Linux kernel ...)
+ {DLA-2385-1}
- linux 5.8.10-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/f44d04e696feaf13d192d942c4f14ad2e117065a
CVE-2020-25283 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...)
NOT-FOR-US: LG mobile devices
@@ -1032,14 +5260,14 @@ CVE-2020-25275
RESERVED
CVE-2020-25274
RESERVED
-CVE-2020-25273
- RESERVED
-CVE-2020-25272
- RESERVED
-CVE-2020-25271
- RESERVED
-CVE-2020-25270
- RESERVED
+CVE-2020-25273 (In SourceCodester Online Bus Booking System 1.0, there is Authenticati ...)
+ NOT-FOR-US: SourceCodester Online Bus Booking System
+CVE-2020-25272 (In SourceCodester Online Bus Booking System 1.0, there is XSS through ...)
+ NOT-FOR-US: SourceCodester Online Bus Booking System
+CVE-2020-25271 (PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/ ...)
+ NOT-FOR-US: PHPGurukul hospital-management-system-in-php
+CVE-2020-25270 (PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, ...)
+ NOT-FOR-US: PHPGurukul hostel-management-system
CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...)
{DSA-4764-1 DLA-2375-1}
- inspircd <unfixed> (bug #960650)
@@ -1060,10 +5288,10 @@ CVE-2020-25265
RESERVED
CVE-2020-25264
RESERVED
-CVE-2020-25263
- RESERVED
-CVE-2020-25262
- RESERVED
+CVE-2020-25263 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the ...)
+ NOT-FOR-US: PyroCMS
+CVE-2020-25262 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the ...)
+ NOT-FOR-US: PyroCMS
CVE-2020-25261
RESERVED
CVE-2020-25260 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...)
@@ -1140,8 +5368,8 @@ CVE-2020-25225
RESERVED
CVE-2020-25224
RESERVED
-CVE-2020-25223
- RESERVED
+CVE-2020-25223 (A remote code execution vulnerability exists in the WebAdmin of Sophos ...)
+ NOT-FOR-US: Sophos
CVE-2020-25222
RESERVED
CVE-2020-25221 (get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5 ...)
@@ -1155,9 +5383,10 @@ CVE-2020-25220 (The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, a
NOTE: https://www.spinics.net/lists/stable/msg405099.html
CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a rem ...)
{DLA-2372-1}
- - libproxy <unfixed>
+ - libproxy <unfixed> (bug #971394)
[buster] - libproxy <no-dsa> (Minor issue)
NOTE: https://github.com/libproxy/libproxy/issues/134
+ NOTE: https://github.com/libproxy/libproxy/commit/836c10b60c65e947ff1e10eb02fbcc676d909ffa
CVE-2020-25218
RESERVED
CVE-2020-25217
@@ -1166,15 +5395,18 @@ CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XS
NOT-FOR-US: yWorks yEd Desktop
CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...)
NOT-FOR-US: yWorks yEd Desktop
-CVE-2020-25214
- RESERVED
+CVE-2020-25214 (In the client in Overwolf 0.149.2.30, a channel can be accessed or inf ...)
+ NOT-FOR-US: Overwolf
CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...)
NOT-FOR-US: File Manager (wp-file-manager) plugin for WordPress
CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...)
+ {DLA-2385-1}
- linux 5.7.17-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21
CVE-2020-25211 (In the Linux kernel through 5.8.7, local attackers able to inject conn ...)
- - linux <unfixed>
+ {DSA-4774-1}
+ - linux 5.8.14-1
NOTE: https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6
CVE-2020-25210
RESERVED
@@ -1190,8 +5422,8 @@ CVE-2020-25205
RESERVED
CVE-2020-25204
RESERVED
-CVE-2020-25203
- RESERVED
+CVE-2020-25203 (The Framer Preview application 12 for Android exposes com.framer.viewe ...)
+ NOT-FOR-US: Framer Preview application
CVE-2020-25576 (An issue was discovered in the rand_core crate before 0.4.2 for Rust. ...)
- rust-rand-core 0.5.0-1 (bug #969911; low)
[buster] - rust-rand-core <no-dsa> (Minor issue)
@@ -1214,8 +5446,8 @@ CVE-2020-25202
RESERVED
CVE-2020-25201
RESERVED
-CVE-2020-25200
- RESERVED
+CVE-2020-25200 (Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames ...)
+ NOT-FOR-US: Pritunl
CVE-2020-25199
RESERVED
CVE-2020-25198
@@ -1238,12 +5470,12 @@ CVE-2020-25190
RESERVED
CVE-2020-25189
RESERVED
-CVE-2020-25188
- RESERVED
+CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...)
+ NOT-FOR-US: LAquis SCADA
CVE-2020-25187
RESERVED
-CVE-2020-25186
- RESERVED
+CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...)
+ NOT-FOR-US: LeviStudioU Release
CVE-2020-25185
RESERVED
CVE-2020-25184
@@ -1300,8 +5532,8 @@ CVE-2020-25159
RESERVED
CVE-2020-25158
RESERVED
-CVE-2020-25157
- RESERVED
+CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection ...)
+ NOT-FOR-US: R-SeeNet
CVE-2020-25156
RESERVED
CVE-2020-25155
@@ -1316,46 +5548,46 @@ CVE-2020-25151
RESERVED
CVE-2020-25150
RESERVED
-CVE-2020-25149
- RESERVED
-CVE-2020-25148
- RESERVED
-CVE-2020-25147
- RESERVED
-CVE-2020-25146
- RESERVED
-CVE-2020-25145
- RESERVED
-CVE-2020-25144
- RESERVED
-CVE-2020-25143
- RESERVED
-CVE-2020-25142
- RESERVED
-CVE-2020-25141
- RESERVED
-CVE-2020-25140
- RESERVED
-CVE-2020-25139
- RESERVED
-CVE-2020-25138
- RESERVED
-CVE-2020-25137
- RESERVED
-CVE-2020-25136
- RESERVED
-CVE-2020-25135
- RESERVED
-CVE-2020-25134
- RESERVED
-CVE-2020-25133
- RESERVED
-CVE-2020-25132
- RESERVED
-CVE-2020-25131
- RESERVED
-CVE-2020-25130
- RESERVED
+CVE-2020-25149 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25148 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25147 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25146 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25145 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25144 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25143 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25142 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25141 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25140 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25139 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25138 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25137 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25136 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25135 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25134 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25133 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25132 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25131 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
+CVE-2020-25130 (An issue was discovered in Observium Professional, Enterprise &amp; Co ...)
+ NOT-FOR-US: Observium
CVE-2020-25129
RESERVED
CVE-2020-25128
@@ -1446,17 +5678,17 @@ CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...)
NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap
-CVE-2020-25085 [sdhci: out-of-bounds access issue while doing multi block SDMA]
- RESERVED
+CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue ...)
- qemu <unfixed> (bug #970540)
[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html
NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6
-CVE-2020-25084 [usb: use-after-free issue while setting up packet]
- RESERVED
+CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_p ...)
- qemu <unfixed> (bug #970539)
[buster] - qemu <postponed> (Can be fixed along in next qemu DSA)
+ [stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html
NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html
NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/5
@@ -1483,14 +5715,14 @@ CVE-2020-25074
RESERVED
CVE-2020-25072
RESERVED
-CVE-2020-25071 (Nifty Project Management Web Application 2020-08-26 allows XSS, via Ad ...)
+CVE-2020-25071 (** DISPUTED ** Nifty Project Management Web Application 2020-08-26 all ...)
NOT-FOR-US: Nifty Project Management Web Application
CVE-2020-25070 (USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the ...)
NOT-FOR-US: User-friendly SVN
CVE-2020-25069 (USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute ...)
NOT-FOR-US: User-friendly SVN
CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain sensitive i ...)
- - plinth <unfixed>
+ - plinth 20.14
[buster] - plinth <no-dsa> (Minor issue)
[stretch] - plinth <no-dsa> (Minor issue)
NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935
@@ -1565,11 +5797,12 @@ CVE-2020-25036
RESERVED
CVE-2020-25035
RESERVED
-CVE-2020-25034
- RESERVED
+CVE-2020-25034 (eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authentic ...)
+ NOT-FOR-US: eMPS
CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for ...)
NOT-FOR-US: Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin for WordPress
CVE-2020-25032 (An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) ...)
+ {DSA-4775-1}
- python-flask-cors <unfixed> (bug #969362)
NOTE: https://github.com/corydolphin/flask-cors/commit/67c4b2cc98ae87cf1fa7df4f97fd81b40c79b895
CVE-2020-25031 (checkinstall 1.6.2, when used to create a package that contains a syml ...)
@@ -1601,10 +5834,10 @@ CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttPro
NOT-FOR-US: MPXJ
CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...)
NOT-FOR-US: jitsi-meet-electron
-CVE-2020-25018
- RESERVED
-CVE-2020-25017
- RESERVED
+CVE-2020-25018 (Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL ...)
+ NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
+CVE-2020-25017 (Envoy through 1.15.0 only considers the first value when multiple head ...)
+ NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...)
NOT-FOR-US: Genexis Platinum 4410 V2-1.28
CVE-2020-25014
@@ -1682,12 +5915,12 @@ CVE-2020-24980
CVE-2020-24979
REJECTED
CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...)
- - nasm <unfixed>
+ - nasm 2.15.04-1
[buster] - nasm <no-dsa> (Minor issue)
[stretch] - nasm <no-dsa> (Minor issue)
NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712
NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7
-CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global buffer over-re ...)
+CVE-2020-24977 (GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerabil ...)
{DLA-2369-1}
- libxml2 <unfixed> (bug #969529)
[buster] - libxml2 <no-dsa> (Minor issue)
@@ -1708,8 +5941,10 @@ CVE-2020-24973
CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG ...)
- kleopatra <unfixed>
[buster] - kleopatra <no-dsa> (Minor issue)
+ [stretch] - kleopatra <not-affected> (Vulnerable code added to Debian in version 4:18.07.90-1)
NOTE: https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b
NOTE: https://security.gentoo.org/glsa/202008-21
+ NOTE: Added in https://dev.gnupg.org/rKLEOPATRAd1cd40bae47eb349e14750601223b6b5d9f71940 (v18.07.80+)
CVE-2020-24971
RESERVED
CVE-2020-24970
@@ -1821,6 +6056,7 @@ CVE-2020-24918
CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxA ...)
NOT-FOR-US: osTicket
CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulner ...)
+ {DSA-4773-1 DLA-2384-1}
- yaws 2.0.8+dfsg-1
NOTE: https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1
NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection
@@ -1877,10 +6113,12 @@ CVE-2020-24891
CVE-2020-24890 (libraw 20.0 has a null pointer dereference vulnerability in parse_tiff ...)
- libraw <unfixed>
[buster] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/issues/335
CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version &lt; 20.0 LibRaw::Ge ...)
- libraw <unfixed>
[buster] - libraw <no-dsa> (Minor issue)
+ [stretch] - libraw <no-dsa> (Minor issue)
NOTE: https://github.com/LibRaw/LibRaw/issues/334
NOTE: https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee
CVE-2020-24888
@@ -1942,10 +6180,10 @@ CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20
[buster] - rust-rgb <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0029.html
NOTE: https://github.com/kornelski/rust-rgb/issues/35
-CVE-2020-24861
- RESERVED
-CVE-2020-24860
- RESERVED
+CVE-2020-24861 (GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings p ...)
+ NOT-FOR-US: GetSimple CMS
+CVE-2020-24860 (CMS Made Simple 2.2.14 allows an authenticated user with access to the ...)
+ NOT-FOR-US: CMS Made Simple
CVE-2020-24859
RESERVED
CVE-2020-24858
@@ -1968,10 +6206,10 @@ CVE-2020-24850
RESERVED
CVE-2020-24849
RESERVED
-CVE-2020-24848
- RESERVED
-CVE-2020-24847
- RESERVED
+CVE-2020-24848 (FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) N ...)
+ NOT-FOR-US: FruityWifi
+CVE-2020-24847 (A Cross-Site Request Forgery (CSRF) vulnerability is identified in Fru ...)
+ NOT-FOR-US: FruityWifi
CVE-2020-24846
RESERVED
CVE-2020-24845
@@ -2050,8 +6288,8 @@ CVE-2020-24809
RESERVED
CVE-2020-24808
RESERVED
-CVE-2020-24807
- RESERVED
+CVE-2020-24807 (** UNSUPPORTED WHEN ASSIGNED ** The socket.io-file package through 2.0 ...)
+ NOT-FOR-US: Node socket.io-file
CVE-2020-24806
RESERVED
CVE-2020-24805
@@ -2134,8 +6372,8 @@ CVE-2020-24767
RESERVED
CVE-2020-24766
RESERVED
-CVE-2020-24765
- RESERVED
+CVE-2020-24765 (InterMind iMind Server through 3.13.65 allows remote unauthenticated a ...)
+ NOT-FOR-US: InterMind iMind Server
CVE-2020-24764
RESERVED
CVE-2020-24763
@@ -2167,6 +6405,7 @@ CVE-2020-24751
CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...)
- jackson-databind <unfixed>
[buster] - jackson-databind <no-dsa> (Minor issue)
+ [stretch] - jackson-databind <no-dsa> (Minor issue)
NOTE: https://github.com/FasterXML/jackson-databind/issues/2798
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
@@ -2224,16 +6463,16 @@ CVE-2020-24724
RESERVED
CVE-2020-24723
RESERVED
-CVE-2020-24722
- RESERVED
-CVE-2020-24721
- RESERVED
+CVE-2020-24722 (** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple E ...)
+ NOT-FOR-US: GAEN (Google Apple Encounter Notification) protocol
+CVE-2020-24721 (An issue was discovered in the GAEN (aka Google/Apple Exposure Notific ...)
+ NOT-FOR-US: GAEN (Google Apple Encounter Notification) protocol
CVE-2020-24720
RESERVED
CVE-2020-24719
RESERVED
-CVE-2020-24718
- RESERVED
+CVE-2020-24718 (bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE th ...)
+ NOT-FOR-US: bhyve
CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...)
NOT-FOR-US: OpenZFS
CVE-2020-24716 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permiss ...)
@@ -2272,20 +6511,26 @@ CVE-2020-24700
RESERVED
CVE-2020-24699 (The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress al ...)
NOT-FOR-US: Chamber Dashboard Business Directory plugin for WordPress
-CVE-2020-24698
- RESERVED
-CVE-2020-24697
- RESERVED
-CVE-2020-24696
- RESERVED
+CVE-2020-24698 (An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...)
+ - pdns <unfixed> (unimportant)
+ NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
+ NOTE: Debian packages not built with experimental GSS-TSIG support
+CVE-2020-24697 (An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...)
+ - pdns <unfixed> (unimportant)
+ NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
+ NOTE: Debian packages not built with experimental GSS-TSIG support
+CVE-2020-24696 (An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...)
+ - pdns <unfixed> (unimportant)
+ NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html
+ NOTE: Debian packages not built with experimental GSS-TSIG support
CVE-2020-24695
RESERVED
CVE-2020-24694
RESERVED
CVE-2020-24693
RESERVED
-CVE-2020-24692
- RESERVED
+CVE-2020-24692 (The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 co ...)
+ NOT-FOR-US: Mitel
CVE-2020-24691
RESERVED
CVE-2020-24690
@@ -2359,6 +6604,7 @@ CVE-2020-24660 (An issue was discovered in LemonLDAP::NG through 2.0.8, when NGI
CVE-2020-24659 (An issue was discovered in GnuTLS before 3.6.15. A server can trigger ...)
- gnutls28 3.6.15-1 (bug #969547)
[buster] - gnutls28 <no-dsa> (Minor issue)
+ [stretch] - gnutls28 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04
NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1071
NOTE: https://gitlab.com/gnutls/gnutls/-/commit/29ee67c205855e848a0a26e6d0e4f65b6b943e0a
@@ -2377,20 +6623,20 @@ CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks c
NOTE: https://kde.org/info/security/advisory-20200827-1.txt
CVE-2020-24653 (secure-store in Expo through 2.16.1 on iOS provides the insecure kSecA ...)
NOT-FOR-US: secure-store in Expo on iOS
-CVE-2020-24652
- RESERVED
-CVE-2020-24651
- RESERVED
-CVE-2020-24650
- RESERVED
-CVE-2020-24649
- RESERVED
-CVE-2020-24648
- RESERVED
-CVE-2020-24647
- RESERVED
-CVE-2020-24646
- RESERVED
+CVE-2020-24652 (A addvsiinterfaceinfo expression language injection remote code execut ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24651 (A syslogtempletselectwin expression language injection remote code exe ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24650 (A legend expression language injection remote code execution vulnerabi ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24649 (A remote bytemessageresource transformentity" input validation code ex ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24648 (A accessmgrservlet classname deserialization of untrusted data remote ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24647 (A remote accessmgrservlet classname input validation code execution vu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24646 (A tftpserver stack-based buffer overflow remote code execution vulnera ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
CVE-2020-24645
RESERVED
CVE-2020-24644
@@ -2417,34 +6663,34 @@ CVE-2020-24634
RESERVED
CVE-2020-24633
RESERVED
-CVE-2020-24632
- RESERVED
-CVE-2020-24631
- RESERVED
-CVE-2020-24630
- RESERVED
-CVE-2020-24629
- RESERVED
-CVE-2020-24628
- RESERVED
-CVE-2020-24627
- RESERVED
-CVE-2020-24626
- RESERVED
-CVE-2020-24625
- RESERVED
-CVE-2020-24624
- RESERVED
+CVE-2020-24632 (A remote execution of arbitrary commandss vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24631 (A remote execution of arbitrary commands vulnerability was discovered ...)
+ NOT-FOR-US: Aruba
+CVE-2020-24630 (A remote operatoronlinelist_content privilege escalation vulnerability ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24629 (A remote urlaccesscontroller authentication bypass vulnerability was d ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-24628 (A remote code injection vulnerability was discovered in HPE KVM IP Con ...)
+ NOT-FOR-US: HPE
+CVE-2020-24627 (A remote stored xss vulnerability was discovered in HPE KVM IP Console ...)
+ NOT-FOR-US: HPE
+CVE-2020-24626 (Unathenticated directory traversal in the ReceiverServlet class doPost ...)
+ NOT-FOR-US: HPE
+CVE-2020-24625 (Unathenticated directory traversal in the ReceiverServlet class doGet( ...)
+ NOT-FOR-US: HPE
+CVE-2020-24624 (Unathenticated directory traversal in the DownloadServlet class execut ...)
+ NOT-FOR-US: HPE
CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...)
NOT-FOR-US: Hewlett Packard Enterprise Universal API Framework
CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...)
NOT-FOR-US: Sonatype
-CVE-2020-24621
- RESERVED
-CVE-2020-24620
- RESERVED
-CVE-2020-24619
- RESERVED
+CVE-2020-24621 (A remote code execution (RCE) vulnerability was discovered in the html ...)
+ NOT-FOR-US: OpenMRS
+CVE-2020-24620 (Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable ...)
+ NOT-FOR-US: Unisys
+CVE-2020-24619 (In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuse ...)
+ NOT-FOR-US: Shotcut
CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020. ...)
NOT-FOR-US: JetBrains
CVE-2020-24617
@@ -2456,8 +6702,8 @@ CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the in
NOTE: https://github.com/FasterXML/jackson-databind/issues/2814
NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default
NOTE: but still an issue when Default Typing is enabled.
-CVE-2020-24615
- RESERVED
+CVE-2020-24615 (Pexip Infinity before 24.1 has Improper Input Validation, leading to t ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2020-24613 (wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_C ...)
- wolfssl 4.5.0+dfsg-1 (bug #969663)
NOTE: https://research.nccgroup.com/2020/08/24/technical-advisory-wolfssl-tls-1-3-client-man-in-the-middle-attack/
@@ -2495,14 +6741,14 @@ CVE-2020-24597
RESERVED
CVE-2020-24596
RESERVED
-CVE-2020-24595
- RESERVED
-CVE-2020-24594
- RESERVED
-CVE-2020-24593
- RESERVED
-CVE-2020-24592
- RESERVED
+CVE-2020-24595 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker ...)
+ NOT-FOR-US: Mitel
+CVE-2020-24594 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthen ...)
+ NOT-FOR-US: Mitel
+CVE-2020-24593 (Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote at ...)
+ NOT-FOR-US: Mitel
+CVE-2020-24592 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker ...)
+ NOT-FOR-US: Mitel
CVE-2020-24591 (The Management Console in certain WSO2 products allows XXE attacks dur ...)
NOT-FOR-US: WSO2
CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...)
@@ -2521,6 +6767,7 @@ CVE-2020-24585 (An issue was discovered in the DTLS handshake implementation in
NOTE: https://github.com/wolfSSL/wolfssl/commit/3be7f3ea3a56d178acf0f7f84ee4ae8cbfee8915 (v4.5.0-stable)
CVE-2020-24584 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...)
- python-django 2:2.2.16-1 (bug #969367)
+ [buster] - python-django <postponed> (Fix along in future DSA)
[stretch] - python-django <not-affected> (Requires Python 3.7+)
NOTE: https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71 (master)
NOTE: https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b (3.1.1)
@@ -2528,6 +6775,7 @@ CVE-2020-24584 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before
NOTE: https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f (2.2.16)
CVE-2020-24583 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...)
- python-django 2:2.2.16-1 (bug #969367)
+ [buster] - python-django <postponed> (Fix along in future DSA)
[stretch] - python-django <not-affected> (Requires Python 3.7+)
NOTE: https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9 (master)
NOTE: https://github.com/django/django/commit/934430d22aa5d90c2ba33495ff69a6a1d997d584 (3.1.1)
@@ -2557,28 +6805,28 @@ CVE-2020-24572 (An issue was discovered in includes/webconsole.php in RaspAP 2.5
NOT-FOR-US: RaspAP
CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via ../ dir ...)
NOT-FOR-US: NexusDB
-CVE-2020-24570
- RESERVED
-CVE-2020-24569
- RESERVED
-CVE-2020-24568
- RESERVED
+CVE-2020-24570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT LINE
+CVE-2020-24569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT LINE
+CVE-2020-24568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...)
+ NOT-FOR-US: MB CONNECT LINE
CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08- ...)
NOT-FOR-US: voidtools
CVE-2020-24566 (In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4. ...)
NOT-FOR-US: Octopus Deploy
-CVE-2020-24565
- RESERVED
-CVE-2020-24564
- RESERVED
-CVE-2020-24563
- RESERVED
-CVE-2020-24562
- RESERVED
+CVE-2020-24565 (An out-of-bounds read information disclosure vulnerabilities in Trend ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24564 (An out-of-bounds read information disclosure vulnerabilities in Trend ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24563 (A vulnerability in Trend Micro Apex One may allow a local attacker to ...)
+ NOT-FOR-US: Trend Micro
+CVE-2020-24562 (A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows ...)
+ NOT-FOR-US: Trend Micro
CVE-2020-24561 (A command injection vulnerability in Trend Micro ServerProtect for Lin ...)
NOT-FOR-US: Trend Micro
-CVE-2020-24560
- RESERVED
+CVE-2020-24560 (An incomplete SSL server certification validation vulnerability in the ...)
+ NOT-FOR-US: Trend Micro
CVE-2020-24559 (A vulnerability in Trend Micro Apex One on macOS may allow an attacker ...)
NOT-FOR-US: Trend Micro
CVE-2020-24558 (A vulnerability in an Trend Micro Apex One dll may allow an attacker t ...)
@@ -2599,7 +6847,7 @@ CVE-2020-24554 (The redirect module in Liferay Portal before 7.3.3 does not limi
NOT-FOR-US: Liferay
CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html ...)
- golang-1.15 1.15.2-1 (bug #969661)
- - golang-1.14 <unfixed> (bug #969662)
+ - golang-1.14 <removed> (bug #969662)
- golang-1.11 <removed>
[buster] - golang-1.11 <no-dsa> (Minor issue)
- golang-1.8 <removed>
@@ -2611,8 +6859,8 @@ CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because tex
NOTE: https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting
CVE-2020-24552 (Atop Technology industrial 3G/4G gateway contains Command Injection vu ...)
NOT-FOR-US: Atop Technology industrial 3G/4G gateway
-CVE-2020-24551
- RESERVED
+CVE-2020-24551 (IProom MMC+ Server login page does not validate specific parameters pr ...)
+ NOT-FOR-US: IProom MMC+ Server
CVE-2020-24550
RESERVED
CVE-2020-24549
@@ -2735,6 +6983,11 @@ CVE-2020-24491
RESERVED
CVE-2020-24490
RESERVED
+ - linux 5.7.17-1
+ [buster] - linux 4.19.146-1
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649
+ NOTE: Fixed by: https://git.kernel.org/linus/a2ec905d1e160a33b2e210e45ad30445ef26ce0e (5.8)
CVE-2020-24489
RESERVED
CVE-2020-24488
@@ -2863,42 +7116,42 @@ CVE-2020-24427
RESERVED
CVE-2020-24426
RESERVED
-CVE-2020-24425
- RESERVED
-CVE-2020-24424
- RESERVED
-CVE-2020-24423
- RESERVED
-CVE-2020-24422
- RESERVED
-CVE-2020-24421
- RESERVED
-CVE-2020-24420
- RESERVED
-CVE-2020-24419
- RESERVED
-CVE-2020-24418
- RESERVED
+CVE-2020-24425 (Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24424 (Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncont ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24423 (Adobe Media Encoder version 14.4 (and earlier) for Windows is affected ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24422 (Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24421 (Adobe InDesign version 15.1.2 (and earlier) is affected by a memory co ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24420 (Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected b ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24419 (Adobe After Effects version 17.1.1 (and earlier) for Windows is affect ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24418 (Adobe After Effects version 17.1.1 (and earlier) is affected by an out ...)
+ NOT-FOR-US: Adobe
CVE-2020-24417
RESERVED
-CVE-2020-24416
- RESERVED
-CVE-2020-24415
- RESERVED
-CVE-2020-24414
- RESERVED
-CVE-2020-24413
- RESERVED
-CVE-2020-24412
- RESERVED
-CVE-2020-24411
- RESERVED
-CVE-2020-24410
- RESERVED
-CVE-2020-24409
- RESERVED
-CVE-2020-24408
- RESERVED
+CVE-2020-24416 (Marketo Sales Insight plugin version 1.4355 (and earlier) is affected ...)
+ NOT-FOR-US: Marketo Sales Insight plugin
+CVE-2020-24415 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24414 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24413 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24412 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24411 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24410 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24409 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...)
+ NOT-FOR-US: Adobe
+CVE-2020-24408 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a per ...)
+ NOT-FOR-US: Magento
CVE-2020-24407
RESERVED
CVE-2020-24406
@@ -2919,8 +7172,8 @@ CVE-2020-24399
RESERVED
CVE-2020-24398
RESERVED
-CVE-2020-24397
- RESERVED
+CVE-2020-24397 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...)
+ NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2020-24396
RESERVED
CVE-2020-24395
@@ -2940,10 +7193,10 @@ CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape th
NOT-FOR-US: EyesOfNetwork (EON)
CVE-2020-24389
RESERVED
-CVE-2020-24388
- RESERVED
-CVE-2020-24387
- RESERVED
+CVE-2020-24388 (An issue was discovered in the _send_secure_msg() function of yubihsm- ...)
+ NOT-FOR-US: yubihsm-shell
+CVE-2020-24387 (An issue was discovered in the yh_create_session() function of yubihsm ...)
+ NOT-FOR-US: yubihsm-shell
CVE-2020-24386
RESERVED
CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...)
@@ -2959,6 +7212,7 @@ CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) throu
CVE-2020-24380
RESERVED
CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vul ...)
+ {DSA-4773-1 DLA-2384-1}
- yaws 2.0.8+dfsg-1
NOTE: https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c
NOTE: https://github.com/vulnbe/poc-yaws-dav-xxe
@@ -2968,8 +7222,8 @@ CVE-2020-24377 (A DNS rebinding vulnerability in the Freebox OS web interface in
NOT-FOR-US: Freebox
CVE-2020-24376 (A DNS rebinding vulnerability in the UPnP IGD implementations in Freeb ...)
NOT-FOR-US: Freebox
-CVE-2020-24375
- RESERVED
+CVE-2020-24375 (A DNS rebinding vulnerability in the UPnP MediaServer implementation i ...)
+ NOT-FOR-US: Freebox
CVE-2020-24374 (A DNS rebinding vulnerability in Freebox HD before 1.5.29. ...)
NOT-FOR-US: Freebox
CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in Freebox ...)
@@ -2979,19 +7233,20 @@ CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_r
NOTE: https://github.com/LuaJIT/LuaJIT/issues/603
NOTE: No security impact, only "exploitable" with untrusted Lua code
CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the ...)
- - lua5.4 <unfixed>
- - lua5.3 <unfixed>
- [buster] - lua5.3 <no-dsa> (Minor isue)
+ - lua5.4 <unfixed> (bug #971010)
+ - lua5.3 <not-affected> (Vulnerable code introduced in 5.4.0)
NOTE: https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110
- NOTE: https://www.lua.org/bugs.html#5.4.0-9
+ NOTE: https://www.lua.org/bugs.html#5.4.0-10
CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation faul ...)
- - lua5.4 <unfixed>
+ {DLA-2381-1}
+ - lua5.4 <unfixed> (bug #971613)
- lua5.3 <unfixed>
- [buster] - lua5.3 <no-dsa> (Minor isue)
+ [buster] - lua5.3 <no-dsa> (Minor issue)
NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00324.html
- NOTE: https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b
+ NOTE: (lua5.4) https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b
+ NOTE: (lua5.3) https://github.com/lua/lua/commit/b5bc89846721375fe30772eb8c5ab2786f362bf9
CVE-2020-24369 (ldebug.c in Lua 5.4.0 attempts to access debug information via the lin ...)
- - lua5.4 <unfixed>
+ - lua5.4 <unfixed> (bug #971013)
NOTE: https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a
NOTE: https://www.lua.org/bugs.html#5.4.0-12
CVE-2020-24368 (Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Director ...)
@@ -3005,8 +7260,8 @@ CVE-2020-24367
RESERVED
CVE-2020-24366
RESERVED
-CVE-2020-24365
- RESERVED
+CVE-2020-24365 (An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-12 ...)
+ NOT-FOR-US: Gemtek devices
CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via the note ...)
NOT-FOR-US: MineTime
CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticat ...)
@@ -3014,6 +7269,7 @@ CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthe
CVE-2020-24362
RESERVED
CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...)
+ {DLA-2393-1}
- snmptt 1.4.2-1
NOTE: https://sourceforge.net/p/snmptt/git/ci/f6aef5223bc9ed8126268a273ac9f5c341af835a
CVE-2020-24360
@@ -3024,16 +7280,15 @@ CVE-2020-24358
RESERVED
CVE-2020-24357
RESERVED
-CVE-2020-24356
- RESERVED
+CVE-2020-24356 (`cloudflared` versions prior to 2020.8.1 contain a local privilege esc ...)
+ NOT-FOR-US: cloudflared
CVE-2020-24355 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...)
NOT-FOR-US: Zyxel
CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...)
NOT-FOR-US: Zyxel
CVE-2020-24353
RESERVED
-CVE-2020-24352
- RESERVED
+CVE-2020-24352 (An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory ...)
- qemu <unfixed> (unimportant; bug #968820)
[buster] - qemu <not-affected> (Vulnerable code introduced in ATI VGA device emulation added later)
[stretch] - qemu <not-affected> (Vulnerable code introduced later)
@@ -3058,7 +7313,7 @@ CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const a
CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of ...)
NOT-FOR-US: MuJS
CVE-2020-24342 (Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring be ...)
- - lua5.4 <unfixed>
+ - lua5.4 <unfixed> (bug #971012)
NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00052.html
NOTE: https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27
CVE-2020-24341
@@ -3077,26 +7332,26 @@ CVE-2020-24335
RESERVED
CVE-2020-24334
RESERVED
-CVE-2020-24333
- RESERVED
+CVE-2020-24333 (A vulnerability in Arista&#8217;s CloudVision Portal (CVP) prior to 20 ...)
+ NOT-FOR-US: Arista
CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
- - trousers <unfixed>
- [stretch] - trousers <ignored> (tss service gets started as non-root user via init script)
+ - trousers <unfixed> (unimportant)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1
+ NOTE: In Debian, tcsd gets started under the tss user
CVE-2020-24331 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
- - trousers <unfixed>
- [stretch] - trousers <ignored> (tss service gets started as non-root user via init script)
+ - trousers <unfixed> (unimportant)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1
+ NOTE: In Debian, tcsd gets started under the tss user
CVE-2020-24330 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...)
- - trousers <unfixed>
- [stretch] - trousers <ignored> (tss service gets started as non-root user via init script)
+ - trousers <unfixed> (unimportant)
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472
NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/
NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1
+ NOTE: In Debian, tcsd gets started under the tss user
CVE-2020-24329
RESERVED
CVE-2020-24328
@@ -3153,8 +7408,8 @@ CVE-2020-24303
RESERVED
CVE-2020-24302
RESERVED
-CVE-2020-24301
- RESERVED
+CVE-2020-24301 (Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a spec ...)
+ NOT-FOR-US: HAPI FHIR Testpage Overlay
CVE-2020-24300
RESERVED
CVE-2020-24299
@@ -3223,10 +7478,12 @@ CVE-2020-24268
RESERVED
CVE-2020-24267
RESERVED
-CVE-2020-24266
- RESERVED
-CVE-2020-24265
- RESERVED
+CVE-2020-24266 (An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ...)
+ - tcpreplay <unfixed> (bug #972889)
+ NOTE: https://github.com/appneta/tcpreplay/issues/617
+CVE-2020-24265 (An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ...)
+ - tcpreplay <unfixed> (bug #972890)
+ NOTE: https://github.com/appneta/tcpreplay/issues/616
CVE-2020-24264
RESERVED
CVE-2020-24263
@@ -3263,8 +7520,8 @@ CVE-2020-24248
RESERVED
CVE-2020-24247
RESERVED
-CVE-2020-24246
- RESERVED
+CVE-2020-24246 (Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to ...)
+ NOT-FOR-US: Peplink Balance
CVE-2020-24245
RESERVED
CVE-2020-24244
@@ -3284,7 +7541,10 @@ CVE-2020-24241 (In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-fr
NOTE: Crash in CLI tool, no security impact
CVE-2020-24240 (GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/ob ...)
- bison 2:3.7.2+dfsg-1 (unimportant)
- NOTE: https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d (v3.7.1)
+ [buster] - bison <not-affected> (Vulnerable code introduced later)
+ [stretch] - bison <not-affected> (Vulnerable code introduced later)
+ NOTE: Introduced by: https://github.com/akimd/bison/commit/7346163840080f289f0adbadfbf5659c620d5fea (v3.5.91)
+ NOTE: Fixed by: https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d (v3.7.1)
NOTE: https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html
NOTE: Crash in CLI tool, no security impact
CVE-2020-24239
@@ -3303,8 +7563,8 @@ CVE-2020-24233
RESERVED
CVE-2020-24232
RESERVED
-CVE-2020-24231
- RESERVED
+CVE-2020-24231 (Symmetric DS &lt;3.12.0 uses mx4j to provide access to JMX over HTTP. ...)
+ NOT-FOR-US: Symmetric DS
CVE-2020-24230
RESERVED
CVE-2020-24229
@@ -3327,20 +7587,20 @@ CVE-2020-24221
RESERVED
CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...)
NOT-FOR-US: ShopXO
-CVE-2020-24219
- RESERVED
-CVE-2020-24218
- RESERVED
-CVE-2020-24217
- RESERVED
-CVE-2020-24216
- RESERVED
-CVE-2020-24215
- RESERVED
-CVE-2020-24214
- RESERVED
-CVE-2020-24213
- RESERVED
+CVE-2020-24219 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...)
+ NOT-FOR-US: URayTech IPTV/H.264/H.265 video encoders
+CVE-2020-24218 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...)
+ NOT-FOR-US: URayTech IPTV/H.264/H.265 video encoders
+CVE-2020-24217 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+ NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
+CVE-2020-24216 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+ NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
+CVE-2020-24215 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+ NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
+CVE-2020-24214 (An issue was discovered in the box application on HiSilicon based IPTV ...)
+ NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders
+CVE-2020-24213 (An integer overflow was discovered in YGOPro ygocore v13.51. Attackers ...)
+ NOT-FOR-US: ygocore
CVE-2020-24212
REJECTED
CVE-2020-24211
@@ -3389,8 +7649,8 @@ CVE-2020-24190
RESERVED
CVE-2020-24189
RESERVED
-CVE-2020-24188
- RESERVED
+CVE-2020-24188 (Cross-site scripting (XSS) vulnerability in the search functionality i ...)
+ NOT-FOR-US: United Planet Intrexx Professional
CVE-2020-24187
RESERVED
CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors wpDiscuz ...)
@@ -3699,8 +7959,8 @@ CVE-2020-24035
RESERVED
CVE-2020-24034 (Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecu ...)
NOT-FOR-US: Sagemcom F@ST 5280 routers
-CVE-2020-24033
- RESERVED
+CVE-2020-24033 (An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The f ...)
+ NOT-FOR-US: fs.com S3900
CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cm ...)
NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
CVE-2020-24031
@@ -4091,8 +8351,8 @@ CVE-2020-23839 (A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimpl
NOT-FOR-US: GetSimple CMS
CVE-2020-23838
RESERVED
-CVE-2020-23837
- RESERVED
+CVE-2020-23837 (A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User pl ...)
+ NOT-FOR-US: GetSimple CMS
CVE-2020-23836 (A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in ...)
NOT-FOR-US: OSWAPP Warehouse Inventory System
CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...)
@@ -4101,8 +8361,8 @@ CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time
NOT-FOR-US: Real Time Logic BarracudaDrive
CVE-2020-23833 (Projectworlds House Rental v1.0 suffers from an unauthenticated SQL In ...)
NOT-FOR-US: Projectworlds House Rental
-CVE-2020-23832
- RESERVED
+CVE-2020-23832 (A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin ...)
+ NOT-FOR-US: Projectworlds Car Rental Management System
CVE-2020-23831 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...)
NOT-FOR-US: SourceCodester Stock Management System
CVE-2020-23830 (A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.ph ...)
@@ -4873,8 +9133,8 @@ CVE-2020-23448
RESERVED
CVE-2020-23447
RESERVED
-CVE-2020-23446
- RESERVED
+CVE-2020-23446 (Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenti ...)
+ NOT-FOR-US: Verint Workforce Optimization suite
CVE-2020-23445
RESERVED
CVE-2020-23444
@@ -6081,8 +10341,8 @@ CVE-2020-22844
RESERVED
CVE-2020-22843
RESERVED
-CVE-2020-22842
- RESERVED
+CVE-2020-22842 (CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ...)
+ NOT-FOR-US: CMS Made Simple
CVE-2020-22841
RESERVED
CVE-2020-22840
@@ -6803,8 +11063,8 @@ CVE-2020-22483
RESERVED
CVE-2020-22482
RESERVED
-CVE-2020-22481
- RESERVED
+CVE-2020-22481 (An issue was discovered in HFish 0.5.1. When a payload is inserted whe ...)
+ NOT-FOR-US: HFish
CVE-2020-22480
RESERVED
CVE-2020-22479
@@ -6859,8 +11119,8 @@ CVE-2020-22455
RESERVED
CVE-2020-22454
RESERVED
-CVE-2020-22453
- RESERVED
+CVE-2020-22453 (Untis WebUntis before 2020.9.6 allows XSS in multiple functions that s ...)
+ NOT-FOR-US: Untis WebUntis
CVE-2020-22452
RESERVED
CVE-2020-22451
@@ -7449,7 +11709,7 @@ CVE-2020-22160
RESERVED
CVE-2020-22159
RESERVED
-CVE-2020-22158 (Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected an ...)
+CVE-2020-22158 (MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to ...)
NOT-FOR-US: Ericsson RX8200 5.13.3 devices
CVE-2020-22157
RESERVED
@@ -8417,8 +12677,11 @@ CVE-2020-21676
RESERVED
CVE-2020-21675
RESERVED
-CVE-2020-21674
- RESERVED
+CVE-2020-21674 (Heap-based buffer overflow in archive_string_append_from_wcs() (archiv ...)
+ - libarchive <not-affected> (Vulnerable code not present in a released version)
+ NOTE: https://github.com/libarchive/libarchive/issues/1298
+ NOTE: Introduced (around): https://github.com/libarchive/libarchive/commit/3566a5d6ba2458e68c7e42b23f00a57901c6eafb
+ NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/4f085eea879e2be745f4d9bf57e8513ae48157f4 (v3.4.1)
CVE-2020-21673
RESERVED
CVE-2020-21672
@@ -8637,8 +12900,8 @@ CVE-2020-21566
RESERVED
CVE-2020-21565
RESERVED
-CVE-2020-21564
- RESERVED
+CVE-2020-21564 (An issue was discovered in Pluck CMS v4.7.11. There is a file upload v ...)
+ NOT-FOR-US: Pluck CMS
CVE-2020-21563
RESERVED
CVE-2020-21562
@@ -8711,18 +12974,18 @@ CVE-2020-21529
RESERVED
CVE-2020-21528
RESERVED
-CVE-2020-21527
- RESERVED
-CVE-2020-21526
- RESERVED
-CVE-2020-21525
- RESERVED
-CVE-2020-21524
- RESERVED
-CVE-2020-21523
- RESERVED
-CVE-2020-21522
- RESERVED
+CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo v1.1.3. A ba ...)
+ NOT-FOR-US: Halo
+CVE-2020-21526 (An Arbitrary file writing vulnerability in halo v1.1.3. In an interfac ...)
+ NOT-FOR-US: Halo
+CVE-2020-21525 (Halo V1.1.3 is affected by: Arbitrary File reading. In an interface th ...)
+ NOT-FOR-US: Halo
+CVE-2020-21524 (There is a XML external entity (XXE) vulnerability in halo v1.1.3, The ...)
+ NOT-FOR-US: Halo
+CVE-2020-21523 (A Server-Side Freemarker template injection vulnerability in halo CMS ...)
+ NOT-FOR-US: Halo
+CVE-2020-21522 (An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal ...)
+ NOT-FOR-US: Halo
CVE-2020-21521
RESERVED
CVE-2020-21520
@@ -9277,8 +13540,8 @@ CVE-2020-21246
RESERVED
CVE-2020-21245
RESERVED
-CVE-2020-21244
- RESERVED
+CVE-2020-21244 (An issue was discovered in FrontAccounting 2.4.7. There is a Directory ...)
+ - frontaccounting <removed>
CVE-2020-21243
RESERVED
CVE-2020-21242
@@ -10165,8 +14428,8 @@ CVE-2020-20802
RESERVED
CVE-2020-20801
RESERVED
-CVE-2020-20800
- RESERVED
+CVE-2020-20800 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...)
+ NOT-FOR-US: MetInfo
CVE-2020-20799
RESERVED
CVE-2020-20798
@@ -12413,20 +16676,20 @@ CVE-2020-19678
RESERVED
CVE-2020-19677
RESERVED
-CVE-2020-19676
- RESERVED
+CVE-2020-19676 (Nacos 1.1.4 is affected by: Incorrect Access Control. An environment c ...)
+ NOT-FOR-US: Nacos
CVE-2020-19675
RESERVED
CVE-2020-19674
RESERVED
CVE-2020-19673
RESERVED
-CVE-2020-19672
- RESERVED
+CVE-2020-19672 (Niushop B2B2C Multi-business basic version V1.11, can bypass the admin ...)
+ NOT-FOR-US: Niushop B2B2C Multi-business basic
CVE-2020-19671
RESERVED
-CVE-2020-19670
- RESERVED
+CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication ca ...)
+ NOT-FOR-US: Niushop B2B2C Multi-Business Basic Edition
CVE-2020-19669
RESERVED
CVE-2020-19668
@@ -12855,24 +17118,24 @@ CVE-2020-19457
RESERVED
CVE-2020-19456
RESERVED
-CVE-2020-19455
- RESERVED
+CVE-2020-19455 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...)
+ NOT-FOR-US: jdownloads component for Joomla!
CVE-2020-19454
RESERVED
CVE-2020-19453
RESERVED
CVE-2020-19452
RESERVED
-CVE-2020-19451
- RESERVED
-CVE-2020-19450
- RESERVED
+CVE-2020-19451 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...)
+ NOT-FOR-US: jdownloads component for Joomla!
+CVE-2020-19450 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...)
+ NOT-FOR-US: jdownloads component for Joomla!
CVE-2020-19449
RESERVED
CVE-2020-19448
RESERVED
-CVE-2020-19447
- RESERVED
+CVE-2020-19447 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! co ...)
+ NOT-FOR-US: jdownloads component for Joomla!
CVE-2020-19446
RESERVED
CVE-2020-19445
@@ -14233,8 +18496,8 @@ CVE-2020-18768
RESERVED
CVE-2020-18767
RESERVED
-CVE-2020-18766
- RESERVED
+CVE-2020-18766 (A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotel ...)
+ NOT-FOR-US: AntSword
CVE-2020-18765
RESERVED
CVE-2020-18764
@@ -15383,10 +19646,10 @@ CVE-2020-18193
RESERVED
CVE-2020-18192
RESERVED
-CVE-2020-18191
- RESERVED
-CVE-2020-18190
- RESERVED
+CVE-2020-18191 (GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attacke ...)
+ NOT-FOR-US: GetSimple CMS
+CVE-2020-18190 (Bludit v3.8.1 is affected by directory traversal. Remote attackers are ...)
+ NOT-FOR-US: Bludit
CVE-2020-18189
RESERVED
CVE-2020-18188
@@ -15395,10 +19658,12 @@ CVE-2020-18187
RESERVED
CVE-2020-18186
RESERVED
-CVE-2020-18185
- RESERVED
-CVE-2020-18184
- RESERVED
+CVE-2020-18185 (class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrar ...)
+ - pluxml <unfixed>
+ NOTE: https://github.com/pluxml/PluXml/issues/321
+CVE-2020-18184 (In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_ ...)
+ - pluxml <unfixed>
+ NOTE: https://github.com/pluxml/PluXml/issues/320
CVE-2020-18183
RESERVED
CVE-2020-18182
@@ -15507,8 +19772,8 @@ CVE-2020-18131
RESERVED
CVE-2020-18130
RESERVED
-CVE-2020-18129
- RESERVED
+CVE-2020-18129 (A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an ad ...)
+ NOT-FOR-US: Eyoucms
CVE-2020-18128
RESERVED
CVE-2020-18127
@@ -16663,8 +20928,8 @@ CVE-2020-17553
RESERVED
CVE-2020-17552
RESERVED
-CVE-2020-17551
- RESERVED
+CVE-2020-17551 (ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which ...)
+ NOT-FOR-US: ImpressCMS
CVE-2020-17550
RESERVED
CVE-2020-17549
@@ -16756,10 +21021,11 @@ CVE-2020-17509
CVE-2020-17508
RESERVED
CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...)
+ {DLA-2377-1 DLA-2376-1}
- qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444)
- [buster] - qtbase-opensource-src <no-dsa> (Minor issue)
+ [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u4
- qt4-x11 <removed> (bug #970308)
- [buster] - qt4-x11 <no-dsa> (Minor issue)
+ [buster] - qt4-x11 4:4.8.7+dfsg-18+deb10u1
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308436 (dev branch)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308496 (5.15 branch)
NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308495 (5.12 branch)
@@ -16810,7 +21076,7 @@ CVE-2020-17490
CVE-2020-17489 (An issue was discovered in certain configurations of GNOME gnome-shell ...)
{DLA-2374-1}
- gnome-shell 3.36.5-1 (bug #968311)
- [buster] - gnome-shell <no-dsa> (Minor issue)
+ [buster] - gnome-shell 3.30.2-11~deb10u2
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377
NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/13137aad9db52223e8b62cecbd3456f4a7f66f04
@@ -16827,13 +21093,17 @@ CVE-2020-17484
RESERVED
CVE-2020-17483
RESERVED
-CVE-2020-17482
- RESERVED
+CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server before 4.3.1 ...)
+ - pdns 4.3.1-1 (bug #970737)
+ [buster] - pdns <no-dsa> (Minor issue)
+ [stretch] - pdns <no-dsa> (Minor issue)
+ NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html
CVE-2020-17481
RESERVED
CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...)
- - tinymce <unfixed>
+ - tinymce <unfixed> (bug #972642)
[buster] - tinymce <no-dsa> (Minor issue)
+ [stretch] - tinymce <no-dsa> (Minor issue)
NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95
CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...)
NOT-FOR-US: jpv
@@ -16885,8 +21155,8 @@ CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Exe
NOT-FOR-US: SEOWON INTECH
CVE-2020-17455
RESERVED
-CVE-2020-17454
- RESERVED
+CVE-2020-17454 (WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher ...)
+ NOT-FOR-US: WSO2 API Manager
CVE-2020-17453
RESERVED
CVE-2020-17452 (flatCore before 1.5.7 allows upload and execution of a .php file by an ...)
@@ -16962,30 +21232,30 @@ CVE-2020-17419
RESERVED
CVE-2020-17418
RESERVED
-CVE-2020-17417
- RESERVED
-CVE-2020-17416
- RESERVED
-CVE-2020-17415
- RESERVED
-CVE-2020-17414
- RESERVED
-CVE-2020-17413
- RESERVED
-CVE-2020-17412
- RESERVED
-CVE-2020-17411
- RESERVED
-CVE-2020-17410
- RESERVED
-CVE-2020-17409
- RESERVED
+CVE-2020-17417 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-17416 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-17415 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17414 (This vulnerability allows local attackers to escalate privileges on af ...)
+ NOT-FOR-US: Foxit Reader
+CVE-2020-17413 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17412 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17411 (This vulnerability allows remote attackers to disclose sensitive infor ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17410 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Foxit
+CVE-2020-17409 (This vulnerability allows network-adjacent attackers to disclose sensi ...)
+ NOT-FOR-US: Netgear
CVE-2020-17408 (This vulnerability allows remote attackers to disclose sensitive infor ...)
NOT-FOR-US: NEC
-CVE-2020-17407
- RESERVED
-CVE-2020-17406
- RESERVED
+CVE-2020-17407 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Microhard Bullet-LTE
+CVE-2020-17406 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ NOT-FOR-US: Microhard Bullet-LTE
CVE-2020-17405 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
NOT-FOR-US: Senstar Symphony
CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...)
@@ -17032,16 +21302,17 @@ CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL i
NOT-FOR-US: Cellopoint Cellos
CVE-2020-17383
RESERVED
-CVE-2020-17382
- RESERVED
-CVE-2020-17381
- RESERVED
+CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x801 ...)
+ NOT-FOR-US: MSI AmbientLink MsIo64 driver
+CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...)
+ NOT-FOR-US: Ghisler Total Commander
CVE-2020-17380 [heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c]
RESERVED
- - qemu <unfixed>
+ - qemu <unfixed> (bug #970937)
[buster] - qemu <postponed> (Minor issue, fix along in future DSA)
[stretch] - qemu <postponed> (Minor issue, fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167
+ NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html
CVE-2020-17379
RESERVED
CVE-2020-17378
@@ -17069,18 +21340,18 @@ CVE-2020-17370
CVE-2020-17369
RESERVED
CVE-2020-17368 (Firejail through 0.9.62 mishandles shell metacharacters during use of ...)
- {DSA-4742-1 DLA-2336-1}
+ {DSA-4767-1 DSA-4742-1 DLA-2336-1}
- firejail 0.9.62-4
NOTE: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b
CVE-2020-17367 (Firejail through 0.9.62 does not honor the -- end-of-options indicator ...)
- {DSA-4742-1 DLA-2336-1}
+ {DSA-4767-1 DSA-4742-1 DLA-2336-1}
- firejail 0.9.62-4
NOTE: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37
CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. ...)
- routinator <itp> (bug #929024)
NOTE: https://github.com/NLnetLabs/routinator/issues/319
-CVE-2020-17365
- RESERVED
+CVE-2020-17365 (Improper directory permissions in the Hotspot Shield VPN client softwa ...)
+ NOT-FOR-US: Hotspot Shield VPN client for Windows
CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. ...)
NOT-FOR-US: User-friendly SVN
CVE-2020-17363
@@ -17099,8 +21370,8 @@ CVE-2020-17357
RESERVED
CVE-2020-17356
RESERVED
-CVE-2020-17355
- RESERVED
+CVE-2020-17355 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...)
+ NOT-FOR-US: Arista
CVE-2020-17354
RESERVED
CVE-2020-17353 (scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x ...)
@@ -17765,10 +22036,10 @@ CVE-2020-17025
RESERVED
CVE-2020-17024
RESERVED
-CVE-2020-17023
- RESERVED
-CVE-2020-17022
- RESERVED
+CVE-2020-17023 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-17022 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
CVE-2020-17021
RESERVED
CVE-2020-17020
@@ -17805,8 +22076,8 @@ CVE-2020-17005
RESERVED
CVE-2020-17004
RESERVED
-CVE-2020-17003
- RESERVED
+CVE-2020-17003 (A remote code execution vulnerability exists when the Base3D rendering ...)
+ NOT-FOR-US: Microsoft
CVE-2020-17002
RESERVED
CVE-2020-17001
@@ -17821,8 +22092,8 @@ CVE-2020-16997
RESERVED
CVE-2020-16996
RESERVED
-CVE-2020-16995
- RESERVED
+CVE-2020-16995 (An elevation of privilege vulnerability exists in Network Watcher Agen ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16994
RESERVED
CVE-2020-16993
@@ -17851,34 +22122,34 @@ CVE-2020-16982
RESERVED
CVE-2020-16981
RESERVED
-CVE-2020-16980
- RESERVED
+CVE-2020-16980 (An elevation of privilege vulnerability exists when the Windows iSCSI ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16979
RESERVED
-CVE-2020-16978
- RESERVED
-CVE-2020-16977
- RESERVED
-CVE-2020-16976
- RESERVED
-CVE-2020-16975
- RESERVED
-CVE-2020-16974
- RESERVED
-CVE-2020-16973
- RESERVED
-CVE-2020-16972
- RESERVED
+CVE-2020-16978 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16977 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16976 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16975 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16974 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16973 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16972 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16971
RESERVED
CVE-2020-16970
RESERVED
-CVE-2020-16969
- RESERVED
-CVE-2020-16968
- RESERVED
-CVE-2020-16967
- RESERVED
+CVE-2020-16969 (An information disclosure vulnerability exists in how Microsoft Exchan ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16968 (A remote code execution vulnerability exists when the Windows Camera C ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16967 (A remote code execution vulnerability exists when the Windows Camera C ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16966
RESERVED
CVE-2020-16965
@@ -17897,152 +22168,152 @@ CVE-2020-16959
RESERVED
CVE-2020-16958
RESERVED
-CVE-2020-16957
- RESERVED
-CVE-2020-16956
- RESERVED
-CVE-2020-16955
- RESERVED
-CVE-2020-16954
- RESERVED
-CVE-2020-16953
- RESERVED
-CVE-2020-16952
- RESERVED
-CVE-2020-16951
- RESERVED
-CVE-2020-16950
- RESERVED
-CVE-2020-16949
- RESERVED
-CVE-2020-16948
- RESERVED
-CVE-2020-16947
- RESERVED
-CVE-2020-16946
- RESERVED
-CVE-2020-16945
- RESERVED
-CVE-2020-16944
- RESERVED
-CVE-2020-16943
- RESERVED
-CVE-2020-16942
- RESERVED
-CVE-2020-16941
- RESERVED
-CVE-2020-16940
- RESERVED
-CVE-2020-16939
- RESERVED
-CVE-2020-16938
- RESERVED
-CVE-2020-16937
- RESERVED
-CVE-2020-16936
- RESERVED
-CVE-2020-16935
- RESERVED
-CVE-2020-16934
- RESERVED
-CVE-2020-16933
- RESERVED
-CVE-2020-16932
- RESERVED
-CVE-2020-16931
- RESERVED
-CVE-2020-16930
- RESERVED
-CVE-2020-16929
- RESERVED
-CVE-2020-16928
- RESERVED
-CVE-2020-16927
- RESERVED
+CVE-2020-16957 (A remote code execution vulnerability exists when the Microsoft Office ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16956 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16955 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16954 (A remote code execution vulnerability exists in Microsoft Office softw ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16953 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16952 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16951 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16950 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16949 (A denial of service vulnerability exists in Microsoft Outlook software ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16948 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16947 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16946 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16945 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16944 (This vulnerability is caused when SharePoint Server does not properly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16943 (An elevation of privilege vulnerability exists in Microsoft Dynamics 3 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16942 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16941 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16940 (An elevation of privilege vulnerability exists when the Windows User P ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16939 (An elevation of privilege vulnerability exists when Group Policy impro ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16938 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16937 (An information disclosure vulnerability exists when the .NET Framework ...)
+ - dotnet-core-3.1 <itp> (bug #968921)
+CVE-2020-16936 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16935 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16934 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16933 (A security feature bypass vulnerability exists in Microsoft Word softw ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16932 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16931 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16930 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16929 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16928 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16927 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16926
RESERVED
CVE-2020-16925
RESERVED
-CVE-2020-16924
- RESERVED
-CVE-2020-16923
- RESERVED
-CVE-2020-16922
- RESERVED
-CVE-2020-16921
- RESERVED
-CVE-2020-16920
- RESERVED
-CVE-2020-16919
- RESERVED
-CVE-2020-16918
- RESERVED
+CVE-2020-16924 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16923 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16922 (A spoofing vulnerability exists when Windows incorrectly validates fil ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16921 (An information disclosure vulnerability exists in Text Services Framew ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16920 (An elevation of privilege vulnerability exists when the Windows Applic ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16919 (An information disclosure vulnerability exists when the Windows Enterp ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16918 (A remote code execution vulnerability exists when the Base3D rendering ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16917
RESERVED
-CVE-2020-16916
- RESERVED
-CVE-2020-16915
- RESERVED
-CVE-2020-16914
- RESERVED
-CVE-2020-16913
- RESERVED
-CVE-2020-16912
- RESERVED
-CVE-2020-16911
- RESERVED
-CVE-2020-16910
- RESERVED
-CVE-2020-16909
- RESERVED
-CVE-2020-16908
- RESERVED
-CVE-2020-16907
- RESERVED
+CVE-2020-16916 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16915 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16914 (An information disclosure vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16913 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16912 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16911 (A remote code execution vulnerability exists in the way that the Windo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16910 (A security feature bypass vulnerability exists when Microsoft Windows ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16909 (An elevation of privilege vulnerability exists in Windows Error Report ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16908 (An elevation of privilege vulnerability exists in Windows Setup in the ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16907 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16906
RESERVED
-CVE-2020-16905
- RESERVED
-CVE-2020-16904
- RESERVED
+CVE-2020-16905 (An elevation of privilege vulnerability exists in Windows Error Report ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16904 (An elevation of privilege vulnerability exists in the way Azure Functi ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16903
RESERVED
-CVE-2020-16902
- RESERVED
-CVE-2020-16901
- RESERVED
-CVE-2020-16900
- RESERVED
-CVE-2020-16899
- RESERVED
-CVE-2020-16898
- RESERVED
-CVE-2020-16897
- RESERVED
-CVE-2020-16896
- RESERVED
-CVE-2020-16895
- RESERVED
-CVE-2020-16894
- RESERVED
+CVE-2020-16902 (An elevation of privilege vulnerability exists in the Windows Installe ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16901 (An information disclosure vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16900 (An elevation of privilege vulnerability exists when the Windows Event ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16899 (A denial of service vulnerability exists when the Windows TCP/IP stack ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16898 (A remote code execution vulnerability exists when the Windows TCP/IP s ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16897 (An information disclosure vulnerability exists when NetBIOS over TCP ( ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16896 (An information disclosure vulnerability exists in Remote Desktop Proto ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16895 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16894 (A remote code execution vulnerability exists when Windows Network Addr ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16893
RESERVED
-CVE-2020-16892
- RESERVED
-CVE-2020-16891
- RESERVED
-CVE-2020-16890
- RESERVED
-CVE-2020-16889
- RESERVED
+CVE-2020-16892 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16891 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16890 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16889 (An information disclosure vulnerability exists when the Windows Kernel ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16888
RESERVED
-CVE-2020-16887
- RESERVED
-CVE-2020-16886
- RESERVED
-CVE-2020-16885
- RESERVED
+CVE-2020-16887 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16886 (A security feature bypass vulnerability exists in the PowerShellGet V2 ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16885 (An elevation of privilege vulnerability exists when the Windows Storag ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16884 (A remote code execution vulnerability exists in the way that the IEToE ...)
NOT-FOR-US: IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer
CVE-2020-16883
@@ -18057,10 +22328,10 @@ CVE-2020-16879 (An information disclosure vulnerability exists when a Windows Pr
NOT-FOR-US: Microsoft
CVE-2020-16878 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
NOT-FOR-US: Microsoft
-CVE-2020-16877
- RESERVED
-CVE-2020-16876
- RESERVED
+CVE-2020-16877 (An elevation of privilege vulnerability exists when Microsoft Windows ...)
+ NOT-FOR-US: Microsoft
+CVE-2020-16876 (An elevation of privilege vulnerability exists when the Windows Applic ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16875 (A remote code execution vulnerability exists in Microsoft Exchange ser ...)
NOT-FOR-US: Microsoft
CVE-2020-16874 (A remote code execution vulnerability exists in Visual Studio when it ...)
@@ -18085,8 +22356,8 @@ CVE-2020-16865
RESERVED
CVE-2020-16864 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
NOT-FOR-US: Microsoft
-CVE-2020-16863
- RESERVED
+CVE-2020-16863 (A denial of service vulnerability exists in Windows Remote Desktop Ser ...)
+ NOT-FOR-US: Microsoft
CVE-2020-16862 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
NOT-FOR-US: Microsoft
CVE-2020-16861 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
@@ -18133,8 +22404,7 @@ CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite re
NOTE: https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo
NOTE: https://github.com/golang/go/issues/40618
NOTE: Fixed in 1.15~rc2, 1.14.7, 1.13.15
-CVE-2020-16844
- RESERVED
+CVE-2020-16844 (In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users ...)
NOT-FOR-US: Istio
CVE-2020-16843 (In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the netw ...)
NOT-FOR-US: Firecracker
@@ -19358,15 +23628,15 @@ CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0
NOT-FOR-US: Kee Vault KeePassRPC
CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...)
NOT-FOR-US: Kee Vault KeePassRPC
-CVE-2020-16270
- RESERVED
+CVE-2020-16270 (OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attac ...)
+ NOT-FOR-US: OLIMPOKS
CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...)
- radare2 <unfixed>
NOTE: https://github.com/radareorg/radare2/issues/17383
CVE-2020-16268
RESERVED
-CVE-2020-16267
- RESERVED
+CVE-2020-16267 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...)
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...)
- mantis <removed>
CVE-2020-16265
@@ -19412,20 +23682,20 @@ CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allow
NOTE: that the refererred behaviour is intended functionality.
CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
NOT-FOR-US: Philips
-CVE-2020-16246
- RESERVED
+CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...)
+ NOT-FOR-US: Reason S20 Ethernet Switch
CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...)
NOT-FOR-US: Advantech
-CVE-2020-16244
- RESERVED
+CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...)
+ NOT-FOR-US: GE Digital APM Classic
CVE-2020-16243
RESERVED
-CVE-2020-16242
- RESERVED
+CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...)
+ NOT-FOR-US: General Electric
CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...)
NOT-FOR-US: Philips SureSigns
-CVE-2020-16240
- RESERVED
+CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure direct obj ...)
+ NOT-FOR-US: GE Digital APM Classic
CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...)
NOT-FOR-US: Philips SureSigns
CVE-2020-16238
@@ -19436,8 +23706,8 @@ CVE-2020-16236
RESERVED
CVE-2020-16235
RESERVED
-CVE-2020-16234
- RESERVED
+CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...)
+ NOT-FOR-US: PLC WinProladder
CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...)
NOT-FOR-US: CodeMeter
CVE-2020-16232
@@ -19452,8 +23722,8 @@ CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03,
NOT-FOR-US: Philips
CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input ...)
NOT-FOR-US: Delta Electronics
-CVE-2020-16226
- RESERVED
+CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to impersonations ...)
+ NOT-FOR-US: Mitsubishi
CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...)
NOT-FOR-US: Delta Electronics
CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...)
@@ -19500,8 +23770,8 @@ CVE-2020-16204 (The affected product is vulnerable due to an undocumented interf
NOT-FOR-US: N-Tron
CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
NOT-FOR-US: Delta Industrial Automation
-CVE-2020-16202
- RESERVED
+CVE-2020-16202 (WebAccess Node (All versions prior to 9.0.1) has incorrect permissions ...)
+ NOT-FOR-US: WebAccess Node
CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
NOT-FOR-US: Delta Industrial Automation
CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...)
@@ -19562,8 +23832,8 @@ CVE-2020-16173
RESERVED
CVE-2020-16172
RESERVED
-CVE-2020-16171
- RESERVED
+CVE-2020-16171 (An issue was discovered in Acronis Cyber Backup before 12.5 Build 1634 ...)
+ NOT-FOR-US: Acronis
CVE-2020-16170 (Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Andr ...)
NOT-FOR-US: Temi application fo Android
CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in temi Robox ...)
@@ -19573,7 +23843,9 @@ CVE-2020-16168 (Origin Validation Error in temi Robox OS prior to 120, temi Andr
CVE-2020-16167 (Missing Authentication for Critical Function in temi Robox OS prior to ...)
NOT-FOR-US: Temi Launcher OS
CVE-2020-16166 (The Linux kernel through 5.7.11 allows remote attackers to make observ ...)
+ {DLA-2385-1}
- linux 5.7.17-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4
CVE-2020-16165 (The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Inj ...)
NOT-FOR-US: SpringBlade
@@ -19583,14 +23855,14 @@ CVE-2020-16163 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validato
NOT-FOR-US: RIPE NCC RPKI Validator
CVE-2020-16162 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...)
NOT-FOR-US: RIPE NCC RPKI Validator
-CVE-2020-16161
- RESERVED
-CVE-2020-16160
- RESERVED
-CVE-2020-16159
- RESERVED
-CVE-2020-16158
- RESERVED
+CVE-2020-16161 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Sca ...)
+ NOT-FOR-US: GoPro
+CVE-2020-16160 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Dec ...)
+ NOT-FOR-US: GoPro
+CVE-2020-16159 (GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GP ...)
+ NOT-FOR-US: GoPro
+CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerab ...)
+ NOT-FOR-US: GoPro
CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...)
NOT-FOR-US: Nagios Log Server
CVE-2020-16156
@@ -19606,14 +23878,16 @@ CVE-2020-16152
CVE-2020-16151
RESERVED
CVE-2020-16150 (A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/s ...)
- - mbedtls <unfixed>
+ - mbedtls <unfixed> (bug #972806)
+ [buster] - mbedtls <no-dsa> (Minor issue)
+ [stretch] - mbedtls <no-dsa> (Minor issue)
NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1
CVE-2020-16149
REJECTED
-CVE-2020-16148
- RESERVED
-CVE-2020-16147
- RESERVED
+CVE-2020-16148 (The ping page of the administration panel in Telmat AccessLog &lt;= 6. ...)
+ NOT-FOR-US: Telmat AccessLog
+CVE-2020-16147 (The login page in Telmat AccessLog &lt;= 6.0 (TAL_20180415) allows an ...)
+ NOT-FOR-US: Telmat AccessLog
CVE-2020-16146
RESERVED
CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ...)
@@ -19667,18 +23941,33 @@ CVE-2020-16126
RESERVED
CVE-2020-16125
RESERVED
-CVE-2020-16124
- RESERVED
+CVE-2020-16124 (Integer Overflow or Wraparound vulnerability in the XML RPC library of ...)
+ - ros-ros-comm 1.15.8+ds1-2
+ [buster] - ros-ros-comm <no-dsa> (Minor issue)
+ [stretch] - ros-ros-comm <no-dsa> (Minor issue)
+ NOTE: https://github.com/ros/ros_comm/pull/2065
CVE-2020-16123
RESERVED
CVE-2020-16122
RESERVED
+ {DLA-2399-1}
+ - packagekit 1.2.1-1 (bug #972229)
+ [buster] - packagekit <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098
CVE-2020-16121
RESERVED
+ {DLA-2399-1}
+ - packagekit 1.2.1-1 (bug #972229)
+ [buster] - packagekit <no-dsa> (Minor issue)
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887
CVE-2020-16120
RESERVED
+ - linux 5.8.7-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6
CVE-2020-16119
RESERVED
+ - linux <unfixed>
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7
CVE-2020-16118 (In GNOME Balsa before 2.6.0, a malicious server operator or man in the ...)
- balsa 2.6.0-1
[buster] - balsa <no-dsa> (Minor issue)
@@ -19740,7 +24029,7 @@ CVE-2020-16096 (In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4
CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 all ...)
NOT-FOR-US: dlf for TYPO3
CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...)
- - claws-mail <unfixed> (bug #966630)
+ - claws-mail 3.17.7-1 (bug #966630)
[buster] - claws-mail <no-dsa> (Minor issue)
[stretch] - claws-mail <no-dsa> (Minor issue)
NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313
@@ -19932,14 +24221,28 @@ CVE-2020-16004
RESERVED
CVE-2020-16003
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-16002
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-16001
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-16000
RESERVED
-CVE-2020-15999
- RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15999 [heap buffer overflow]
+ RESERVED
+ {DSA-4777-1 DLA-2415-1}
+ - freetype 2.10.2+dfsg-4 (bug #972586)
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/20/7
+ NOTE: https://savannah.nongnu.org/bugs/?59308
+ NOTE: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
+ NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2103
CVE-2020-15998
RESERVED
CVE-2020-15997
@@ -19954,72 +24257,137 @@ CVE-2020-15993
RESERVED
CVE-2020-15992
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15991
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15990
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15989
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15988
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15987
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15986
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15985
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15984
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15983
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15982
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15981
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15980
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15979
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15978
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15977
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15976
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15975
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15974
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15973
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15972
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15971
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15970
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15969
RESERVED
+ {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1}
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+ - firefox 82.0-1
+ - firefox-esr 78.4.0esr-1
+ - thunderbird 1:78.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15969
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15969
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15969
CVE-2020-15968
RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15967
RESERVED
-CVE-2020-15966
- RESERVED
-CVE-2020-15965
- RESERVED
-CVE-2020-15964
- RESERVED
-CVE-2020-15963
- RESERVED
-CVE-2020-15962
- RESERVED
-CVE-2020-15961
- RESERVED
-CVE-2020-15960
- RESERVED
-CVE-2020-15959
- RESERVED
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15966 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15965 (Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a ...)
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15964 (Insufficient data validation in media in Google Chrome prior to 85.0.4 ...)
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15963 (Insufficient policy enforcement in extensions in Google Chrome prior t ...)
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15962 (Insufficient policy validation in serial in Google Chrome prior to 85. ...)
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15961 (Insufficient policy validation in extensions in Google Chrome prior to ...)
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15960 (Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.12 ...)
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-15959 (Insufficient policy enforcement in networking in Google Chrome prior t ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An insecure dire ...)
@@ -20099,16 +24467,16 @@ CVE-2020-15933
RESERVED
CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...)
NOT-FOR-US: Overwolf
-CVE-2020-15931
- RESERVED
-CVE-2020-15930
- RESERVED
+CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attackers to ...)
+ NOT-FOR-US: Netwrix Account Lockout Examiner
+CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...)
+ NOT-FOR-US: Joplin desktop
CVE-2020-15929
RESERVED
CVE-2020-15928
RESERVED
-CVE-2020-15927
- RESERVED
+CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...)
+ NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...)
NOT-FOR-US: Rocket.Chat
CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...)
@@ -20144,16 +24512,16 @@ CVE-2020-15912 (** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a
NOT-FOR-US: Tesla
CVE-2020-15911
RESERVED
-CVE-2020-15910
- RESERVED
-CVE-2020-15909
- RESERVED
+CVE-2020-15910 (SolarWinds N-Central version 12.3 GA and lower does not set the JSESSI ...)
+ NOT-FOR-US: SolarWinds
+CVE-2020-15909 (SolarWinds N-central through 2020.1 allows session hijacking and requi ...)
+ NOT-FOR-US: SolarWinds
CVE-2020-15908 (tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6. ...)
NOT-FOR-US: Cauldron cbang
CVE-2020-15907 (In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before ...)
- mahara <removed>
-CVE-2020-15906
- RESERVED
+CVE-2020-15906 (tiki-login.php in Tiki before 21.2 sets the admin password to a blank ...)
+ - tikiwiki <removed>
CVE-2020-15905
RESERVED
CVE-2020-15904 (A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allo ...)
@@ -20175,8 +24543,8 @@ CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data rela
NOT-FOR-US: Grin
CVE-2020-15898
RESERVED
-CVE-2020-15897
- RESERVED
+CVE-2020-15897 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...)
+ NOT-FOR-US: Arista EOS
CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...)
NOT-FOR-US: D-Link
CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10 ...)
@@ -20201,7 +24569,7 @@ CVE-2020-15889 (Lua through 5.4.0 has a getobjname heap-based buffer over-read b
NOTE: https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312
NOTE: Introduced in 5.4
CVE-2020-15888 (Lua through 5.4.0 mishandles the interaction between stack resizes and ...)
- - lua5.4 <unfixed>
+ - lua5.4 <unfixed> (bug #972101)
NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00053.html
NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00054.html
NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00071.html
@@ -20249,10 +24617,10 @@ CVE-2020-15869 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1
NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro
CVE-2020-15868 (Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect ...)
NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro
-CVE-2020-15867
- RESERVED
+CVE-2020-15867 (The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authentic ...)
+ NOT-FOR-US: Go Git Service
CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...)
- - mruby <unfixed>
+ - mruby <unfixed> (bug #972051)
[buster] - mruby <no-dsa> (Minor issue)
[stretch] - mruby <no-dsa> (Minor issue)
NOTE: https://github.com/mruby/mruby/issues/5042
@@ -20296,12 +24664,12 @@ CVE-2020-XXXX [mpv insecure lua loadpath]
[buster] - mpv <no-dsa> (Minor issue)
[stretch] - mpv <no-dsa> (Minor issue)
NOTE: https://github.com/mpv-player/mpv/commit/cce7062a8a6b6a3b3666aea3ff86db879cba67b6
-CVE-2020-15851
- RESERVED
-CVE-2020-15850
- RESERVED
-CVE-2020-15849
- RESERVED
+CVE-2020-15851 (Lack of access control in Nakivo Backup &amp; Replication Transporter ...)
+ NOT-FOR-US: Nakivo Backup
+CVE-2020-15850 (Insecure permissions in Nakivo Backup &amp; Replication Director versi ...)
+ NOT-FOR-US: Nakivo Backup
+CVE-2020-15849 (Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in t ...)
+ NOT-FOR-US: Re:Desk
CVE-2020-15848
RESERVED
CVE-2020-15847
@@ -20312,18 +24680,18 @@ CVE-2020-15845
RESERVED
CVE-2020-15844
RESERVED
-CVE-2020-15843
- RESERVED
+CVE-2020-15843 (ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privil ...)
+ NOT-FOR-US: ActFax
CVE-2020-15842 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7 ...)
NOT-FOR-US: Liferay
CVE-2020-15841 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7 ...)
NOT-FOR-US: Liferay
-CVE-2020-15840
- RESERVED
-CVE-2020-15839
- RESERVED
-CVE-2020-15838
- RESERVED
+CVE-2020-15840 (In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP ...)
+ NOT-FOR-US: Liferay
+CVE-2020-15839 (Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 an ...)
+ NOT-FOR-US: Liferay
+CVE-2020-15838 (The Agent Update System in ConnectWise Automate before 2020.8 allows P ...)
+ NOT-FOR-US: ConnectWise Automate
CVE-2020-15837
RESERVED
CVE-2020-15836
@@ -20354,8 +24722,8 @@ CVE-2020-15824 (In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is n
- kotlin <itp> (bug #892842)
CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...)
NOT-FOR-US: JetBrains YouTrack
-CVE-2020-15822
- RESERVED
+CVE-2020-15822 (In JetBrains YouTrack before 2020.2.10514, SSRF is possible because UR ...)
+ NOT-FOR-US: JetBrains YouTrack
CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without permission is ...)
NOT-FOR-US: JetBrains YouTrack
CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser could di ...)
@@ -20388,19 +24756,19 @@ CVE-2020-15813 (Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP s
CVE-2020-15812
RESERVED
CVE-2020-15811 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...)
- {DSA-4751-1}
+ {DSA-4751-1 DLA-2394-1}
- squid 4.13-1 (bug #968932)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_8.patch
CVE-2020-24606 (Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...)
- {DSA-4751-1}
+ {DSA-4751-1 DLA-2394-1}
- squid 4.13-1 (bug #968933)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg
NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch
CVE-2020-15810 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...)
- {DSA-4751-1}
+ {DSA-4751-1 DLA-2394-1}
- squid 4.13-1 (bug #968934)
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m
@@ -20442,18 +24810,18 @@ CVE-2020-15799
RESERVED
CVE-2020-15798
RESERVED
-CVE-2020-15797
- RESERVED
+CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
+ NOT-FOR-US: DCA Vantage Analyzer
CVE-2020-15796
RESERVED
CVE-2020-15795
RESERVED
-CVE-2020-15794
- RESERVED
-CVE-2020-15793
- RESERVED
-CVE-2020-15792
- RESERVED
+CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions). ...)
+ NOT-FOR-US: Desigo Insight
+CVE-2020-15793 (A vulnerability has been identified in Desigo Insight (All versions). ...)
+ NOT-FOR-US: Desigo Insight
+CVE-2020-15792 (A vulnerability has been identified in Desigo Insight (All versions). ...)
+ NOT-FOR-US: Desigo Insight
CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...)
NOT-FOR-US: Siemens
CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All versions ...)
@@ -20480,6 +24848,7 @@ CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file pack
NOT-FOR-US: Node socket.io-file
CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...)
- linux 5.7.10-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <ignored> (securelevel included but not supported)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/3
NOTE: Fixed by: https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354
@@ -20492,25 +24861,25 @@ CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in scp.c r
CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...)
NOT-FOR-US: Maven Extension plugin for Gradle Enterprise
CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF m ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrest ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Becaus ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. There is a lack o ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of ...)
- TODO: check
+ NOT-FOR-US: Gradle Enterprise
CVE-2020-15766
RESERVED
CVE-2020-15765
@@ -20581,8 +24950,8 @@ CVE-2020-15733
RESERVED
CVE-2020-15732
RESERVED
-CVE-2020-15731
- RESERVED
+CVE-2020-15731 (An improper Input Validation vulnerability in the code handling file r ...)
+ NOT-FOR-US: Bitdefender
CVE-2020-15730
RESERVED
CVE-2020-15729
@@ -20634,6 +25003,8 @@ CVE-2020-15711 (In MISP before 2.4.129, setting a favourite homepage was not CSR
NOT-FOR-US: MISP
CVE-2020-15710
RESERVED
+ - pulseaudio <not-affected> (Issue in Ubuntu-specific patch)
+ NOTE: https://bugs.launchpad.net/ubuntu/%2Bsource/pulseaudio/%2Bbug/1884738
CVE-2020-15709 (Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20 ...)
{DLA-2339-1}
- software-properties <unfixed> (bug #968850)
@@ -20674,6 +25045,8 @@ CVE-2020-15704 (The modprobe child process in the ./debian/patches/load_ppp_gene
- ppp <not-affected> (Ubuntu-specific issue, load_ppp_generic_if_needed.patch not used in Debian)
CVE-2020-15703
RESERVED
+ - aptdaemon <removed>
+ NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1888235
CVE-2020-15702 (TOCTOU Race Condition vulnerability in apport allows a local attacker ...)
NOT-FOR-US: Apport
CVE-2020-15701 (An unhandled exception in check_ignored() in apport/report.py can be e ...)
@@ -20716,63 +25089,93 @@ CVE-2020-15686
RESERVED
CVE-2020-15685
RESERVED
-CVE-2020-15684
- RESERVED
-CVE-2020-15683
- RESERVED
-CVE-2020-15682
- RESERVED
-CVE-2020-15681
- RESERVED
-CVE-2020-15680
- RESERVED
+CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefox 81. ...)
+ - firefox 82.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684
+CVE-2020-15683 (Mozilla developers and community members reported memory safety bugs p ...)
+ {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1}
+ - firefox 82.0-1
+ - firefox-esr 78.4.0esr-1
+ - thunderbird 1:78.4.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15683
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15683
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15683
+CVE-2020-15682 (When a link to an external protocol was clicked, a prompt was presente ...)
+ - firefox 82.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15682
+CVE-2020-15681 (When multiple WASM threads had a reference to a module, and were looki ...)
+ - firefox 82.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15681
+CVE-2020-15680 (If a valid external protocol handler was referenced in an image tag, t ...)
+ - firefox 82.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15680
CVE-2020-15679
RESERVED
-CVE-2020-15678
- RESERVED
-CVE-2020-15677
- RESERVED
-CVE-2020-15676
- RESERVED
-CVE-2020-15675
- RESERVED
-CVE-2020-15674
- RESERVED
-CVE-2020-15673
- RESERVED
+CVE-2020-15678 (When recursing through graphical layers while scrolling, an iterator m ...)
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
+ - firefox 81.0-1
+ - firefox-esr 78.3.0esr-1
+ - thunderbird 1:78.3.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15678
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15678
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15678
+CVE-2020-15677 (By exploiting an Open Redirect vulnerability on a website, an attacker ...)
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
+ - firefox 81.0-1
+ - firefox-esr 78.3.0esr-1
+ - thunderbird 1:78.3.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15677
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15677
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15677
+CVE-2020-15676 (Firefox sometimes ran the onload handler for SVG elements that the DOM ...)
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
+ - firefox 81.0-1
+ - firefox-esr 78.3.0esr-1
+ - thunderbird 1:78.3.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15676
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15676
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15676
+CVE-2020-15675 (When processing surfaces, the lifetime may outlive a persistent buffer ...)
+ - firefox 81.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15675
+CVE-2020-15674 (Mozilla developers reported memory safety bugs present in Firefox 80. ...)
+ - firefox 81.0-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15674
+CVE-2020-15673 (Mozilla developers reported memory safety bugs present in Firefox 80 a ...)
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
+ - firefox 81.0-1
+ - firefox-esr 78.3.0esr-1
+ - thunderbird 1:78.3.1-1
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15673
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15673
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15673
CVE-2020-15672
RESERVED
-CVE-2020-15671
- RESERVED
-CVE-2020-15670
- RESERVED
+CVE-2020-15671 (When typing in a password under certain conditions, a race may have oc ...)
+ - firefox <not-affected> (Android specific)
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-39/#CVE-2020-15671
+CVE-2020-15670 (Mozilla developers reported memory safety bugs present in Firefox for ...)
- firefox 80.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670
-CVE-2020-15669
- RESERVED
+CVE-2020-15669 (When aborting an operation, such as a fetch, an abort signal may be de ...)
{DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1}
- firefox-esr 68.12.0esr-1
- thunderbird 1:68.12.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15669
-CVE-2020-15668
- RESERVED
+CVE-2020-15668 (A lock was missing when accessing a data structure and importing certi ...)
- firefox 80.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15668
-CVE-2020-15667
- RESERVED
+CVE-2020-15667 (When processing a MAR update file, after the signature has been valida ...)
- firefox 80.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15667
-CVE-2020-15666
- RESERVED
+CVE-2020-15666 (When trying to load a non-video in an audio/video context the exact st ...)
- firefox 80.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15666
-CVE-2020-15665
- RESERVED
+CVE-2020-15665 (Firefox did not reset the address bar after the beforeunload dialog wa ...)
- firefox 80.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665
-CVE-2020-15664
- RESERVED
+CVE-2020-15664 (By holding a reference to the eval() function from an about:blank wind ...)
{DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1}
- firefox 80.0-1
- firefox-esr 68.12.0esr-1
@@ -20780,8 +25183,7 @@ CVE-2020-15664
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15664
-CVE-2020-15663
- RESERVED
+CVE-2020-15663 (If Firefox is installed to a user-writable directory, the Mozilla Main ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
@@ -20863,8 +25265,7 @@ CVE-2020-15648 (Using object or embed tags, it was possible to frame other websi
CVE-2020-15647 (A Content Provider in Firefox for Android allowed local files accessib ...)
- firefox <not-affected> (Only affects Firefox for Android)
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-27/#CVE-2020-15647
-CVE-2020-15646
- RESERVED
+CVE-2020-15646 (If an attacker intercepts Thunderbird's initial attempt to perform aut ...)
{DSA-4718-1}
- thunderbird 1:68.10.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646
@@ -20950,8 +25351,8 @@ CVE-2020-15606 (This vulnerability allows remote attackers to execute arbitrary
NOT-FOR-US: CentOS-WebPanel.com
CVE-2020-15605 (If LDAP authentication is enabled, an LDAP authentication bypass vulne ...)
NOT-FOR-US: Trend Micro
-CVE-2020-15604
- RESERVED
+CVE-2020-15604 (An incomplete SSL server certification validation vulnerability in the ...)
+ NOT-FOR-US: Trend Micro
CVE-2020-15603 (An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v1 ...)
NOT-FOR-US: Trend Micro
CVE-2020-15602 (An untrusted search path remote code execution (RCE) vulnerability in ...)
@@ -20962,8 +25363,7 @@ CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows C
NOT-FOR-US: CMSUno
CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...)
NOT-FOR-US: Victor CMS
-CVE-2020-15598
- RESERVED
+CVE-2020-15598 (** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial o ...)
{DSA-4765-1}
- modsecurity 3.0.4-2
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879588
@@ -20978,10 +25378,10 @@ CVE-2020-XXXX [veyon-configurator tmp handling]
- veyon 4.4.1+repack1-1 (bug #964568)
[buster] - veyon <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/07/1
-CVE-2020-15595
- RESERVED
-CVE-2020-15594
- RESERVED
+CVE-2020-15595 (An issue was discovered in Zoho Application Control Plus before versio ...)
+ NOT-FOR-US: Zoho Application Control Plus
+CVE-2020-15594 (An SSRF issue was discovered in Zoho Application Control Plus before v ...)
+ NOT-FOR-US: Zoho Application Control Plus
CVE-2020-15593 (SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It u ...)
NOT-FOR-US: SteelCentral Aternity Agent
CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privil ...)
@@ -20990,8 +25390,8 @@ CVE-2020-15591
RESERVED
CVE-2020-15590 (A vulnerability in the Private Internet Access (PIA) VPN Client for Li ...)
NOT-FOR-US: Private Internet Access client for Linux
-CVE-2020-15589
- RESERVED
+CVE-2020-15589 (A design issue was discovered in GetInternetRequestHandle, InternetSen ...)
+ NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2020-15588 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...)
NOT-FOR-US: Zoho ManageEngine
CVE-2020-15587
@@ -21045,7 +25445,7 @@ CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0.
CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...)
{DLA-2292-1}
- milkytracker 1.02.00+dfsg-2.1 (bug #964797)
- [buster] - milkytracker <no-dsa> (Minor issue)
+ [buster] - milkytracker 1.02.00+dfsg-1+deb10u1
NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf
CVE-2020-15568
RESERVED
@@ -21137,8 +25537,8 @@ CVE-2020-15535 (An issue was discovered in the bestsoftinc Car Rental System plu
NOT-FOR-US: bestsoftinc Car Rental System plugin for WordPress
CVE-2020-15534
RESERVED
-CVE-2020-15533
- RESERVED
+CVE-2020-15533 (In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 1468 ...)
+ NOT-FOR-US: Zoho ManageEngine Application Manager
CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...)
NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK
CVE-2020-15531 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...)
@@ -21162,8 +25562,8 @@ CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8
- python2.7 <not-affected> (Python on Windows)
CVE-2020-15522
RESERVED
-CVE-2020-15521
- RESERVED
+CVE-2020-15521 (Zoho ManageEngine Applications Manager before 14 build 14730 has no pr ...)
+ NOT-FOR-US: Zoho
CVE-2020-15520
RESERVED
CVE-2020-15519
@@ -21207,8 +25607,8 @@ CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This
NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d
CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android, ...)
NOT-FOR-US: DuckDuckGo application for Android and iOS
-CVE-2020-15501
- RESERVED
+CVE-2020-15501 (** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before 2nd genera ...)
+ NOT-FOR-US: Smarter Coffee Maker
CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...)
NOT-FOR-US: TileServer GL
CVE-2020-15499 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...)
@@ -21233,10 +25633,10 @@ CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.1911
NOT-FOR-US: Wavlink WL-WN530HG4
CVE-2020-15489 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...)
NOT-FOR-US: Wavlink WL-WN530HG4
-CVE-2020-15488
- RESERVED
-CVE-2020-15487
- RESERVED
+CVE-2020-15488 (Re:Desk 2.3 allows insecure file upload. ...)
+ NOT-FOR-US: Re:Desk
+CVE-2020-15487 (Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerabili ...)
+ NOT-FOR-US: Re:Desk
CVE-2020-15486 (An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because t ...)
NOT-FOR-US: Dr Trust ECG Pen 2.00.08 devices
CVE-2020-15485 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...)
@@ -21259,28 +25659,28 @@ CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is vulner
NOT-FOR-US: RaspberryTortoise
CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...)
{DLA-2354-1}
- - ndpi <unfixed>
+ - ndpi <unfixed> (bug #972050)
NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780
NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05
CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...)
- - ndpi <unfixed>
+ - ndpi <unfixed> (bug #972050)
[stretch] - ndpi <not-affected> (Vulnerable code not present, content_disposition_line introduced later)
NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952
CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...)
- - ndpi <unfixed>
+ - ndpi <unfixed> (bug #972050)
[buster] - ndpi <not-affected> (Vulnerable code not present)
[stretch] - ndpi <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce
CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...)
- - ndpi <unfixed>
+ - ndpi <unfixed> (bug #972050)
[stretch] - ndpi <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e
CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...)
- - ndpi <unfixed>
+ - ndpi <unfixed> (bug #972050)
[stretch] - ndpi <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701
CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a heap-b ...)
- - ndpi <unfixed>
+ - ndpi <unfixed> (bug #972050)
[buster] - ndpi <not-affected> (Vulnerable code not present)
[stretch] - ndpi <not-affected> (Vulnerable code not present)
NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622
@@ -21436,7 +25836,7 @@ CVE-2020-15401 (IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain p
NOT-FOR-US: IOBit Malware Fighter Pro
CVE-2020-15400 (CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...)
- cakephp <unfixed>
- [buster] - cakephp <no-dsa> (Minor issue)
+ [buster] - cakephp <ignored> (Minor issue)
[stretch] - cakephp <no-dsa> (Minor issue)
CVE-2020-15399
RESERVED
@@ -21458,8 +25858,8 @@ CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-b
[stretch] - libmediainfo <no-dsa> (Minor issue)
[jessie] - libmediainfo <no-dsa> (Minor issue)
NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/
-CVE-2020-15394
- RESERVED
+CVE-2020-15394 (The REST API in Zoho ManageEngine Applications Manager before build 14 ...)
+ NOT-FOR-US: Zoho
CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/m ...)
{DLA-2323-1}
- linux 5.7.10-1
@@ -21505,18 +25905,18 @@ CVE-2020-15376
RESERVED
CVE-2020-15375
RESERVED
-CVE-2020-15374
- RESERVED
-CVE-2020-15373
- RESERVED
-CVE-2020-15372
- RESERVED
-CVE-2020-15371
- RESERVED
-CVE-2020-15370
- RESERVED
-CVE-2020-15369
- RESERVED
+CVE-2020-15374 (Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versio ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15373 (Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15372 (A vulnerability in the command-line interface in Brocade Fabric OS bef ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15371 (Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15370 (Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allo ...)
+ NOT-FOR-US: Brocade Fabric OS
+CVE-2020-15369 (Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, ...)
+ NOT-FOR-US: Brocade Fabric OS
CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...)
NOT-FOR-US: ASRock RGB Driver
CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authenticatio ...)
@@ -21558,8 +25958,8 @@ CVE-2020-15354
REJECTED
CVE-2020-15353
RESERVED
-CVE-2020-15352
- RESERVED
+CVE-2020-15352 (An XML external entity (XXE) vulnerability in Pulse Connect Secure (PC ...)
+ TODO: check
CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...)
NOT-FOR-US: IDrive
CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...)
@@ -21731,56 +26131,68 @@ CVE-2020-15276
RESERVED
CVE-2020-15275
RESERVED
-CVE-2020-15274
- RESERVED
+CVE-2020-15274 (In Wiki.js before version 2.5.162, an XSS payload can be injected in a ...)
+ TODO: check
CVE-2020-15273
RESERVED
-CVE-2020-15272
- RESERVED
-CVE-2020-15271
- RESERVED
-CVE-2020-15270
- RESERVED
-CVE-2020-15269
- RESERVED
+CVE-2020-15272 (In the git-tag-annotation-action (open source GitHub Action) before ve ...)
+ TODO: check
+CVE-2020-15271 (In lookatme (python/pypi package) versions prior to 2.3.0, the package ...)
+ - lookatme <unfixed> (bug #972988)
+ NOTE: https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q
+ NOTE: https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84 (v2.3.0)
+ NOTE: https://github.com/d0c-s4vage/lookatme/pull/110
+CVE-2020-15270 (Parse Server (npm package parse-server) broadcasts events to all clien ...)
+ NOT-FOR-US: Node parse-server
+CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...)
+ NOT-FOR-US: Spree
CVE-2020-15268
RESERVED
CVE-2020-15267
RESERVED
-CVE-2020-15266
- RESERVED
-CVE-2020-15265
- RESERVED
-CVE-2020-15264
- RESERVED
-CVE-2020-15263
- RESERVED
-CVE-2020-15262
- RESERVED
-CVE-2020-15261
- RESERVED
+CVE-2020-15266 (In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.i ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15265 (In Tensorflow before version 2.4.0, an attacker can pass an invalid `a ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15264 (The Boxstarter installer before version 2.13.0 configures C:\ProgramDa ...)
+ NOT-FOR-US: Boxstarter
+CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not properly e ...)
+ NOT-FOR-US: Laravel Orchid Platform
+CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all dynamically ...)
+ NOT-FOR-US: Node webpack-subresource-integrity
+CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an unquoted ...)
+ - veyon <not-affected> (Windows-specific)
+ NOTE: https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp
CVE-2020-15260
RESERVED
CVE-2020-15259
RESERVED
-CVE-2020-15258
- RESERVED
+CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without checking ...)
+ NOT-FOR-US: Wire app
CVE-2020-15257
RESERVED
-CVE-2020-15256
- RESERVED
-CVE-2020-15255
- RESERVED
-CVE-2020-15254
- RESERVED
-CVE-2020-15253
- RESERVED
-CVE-2020-15252
- RESERVED
-CVE-2020-15251
- RESERVED
-CVE-2020-15250
- RESERVED
+CVE-2020-15256 (A prototype pollution vulnerability has been found in `object-path` &l ...)
+ - node-object-path 0.11.5-3
+ [buster] - node-object-path <no-dsa> (Minor issue; will be fixed via point release)
+ [stretch] - node-object-path <postponed> (Minor issue)
+ NOTE: https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w
+CVE-2020-15255 (In Anuko Time Tracker before verion 1.19.23.5325, due to not properly ...)
+ NOT-FOR-US: Anuko Time Tracker
+CVE-2020-15254 (Crossbeam is a set of tools for concurrent programming. In crossbeam-c ...)
+ - firefox 82.0-1
+ - rust-crossbeam-channel <not-affected> (Only affected 0.4.3 which was not released in Debian)
+ NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx
+ NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15254
+CVE-2020-15253 (Versions of Grocy &lt;= 2.7.1 are vulnerable to Cross-Site Scripting v ...)
+ NOT-FOR-US: Grocy
+CVE-2020-15252 (In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right ( ...)
+ NOT-FOR-US: XWiki
+CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...)
+ NOT-FOR-US: Channelmgnt plug-in for Sopel
+CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryF ...)
+ - junit4 <unfixed> (bug #972231)
+ NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp
+ NOTE: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae
CVE-2020-15249
RESERVED
CVE-2020-15248
@@ -21789,54 +26201,58 @@ CVE-2020-15247
RESERVED
CVE-2020-15246
RESERVED
-CVE-2020-15245
- RESERVED
-CVE-2020-15244
- RESERVED
-CVE-2020-15243
- RESERVED
-CVE-2020-15242
- RESERVED
-CVE-2020-15241
- RESERVED
-CVE-2020-15240
- RESERVED
-CVE-2020-15239
- RESERVED
+CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...)
+ NOT-FOR-US: Sylius
+CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before versions 19. ...)
+ NOT-FOR-US: Magento
+CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi Authentication a ...)
+ NOT-FOR-US: Smartstore
+CVE-2020-15242 (Next.js versions &gt;=9.5.0 and &lt;9.5.4 are vulnerable to an Open Re ...)
+ NOT-FOR-US: next.js
+CVE-2020-15241 (TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, ...)
+ NOT-FOR-US: TYPO3 Fluid Engine
+CVE-2020-15240 (omniauth-auth0 (rubygems) versions &gt;= 2.3.0 and &lt; 2.4.1 improper ...)
+ - ruby-omniauth-auth0 <not-affected> (Introduced in 2.3.0)
+ NOTE: https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm
+CVE-2020-15239 (In xmpp-http-upload before version 0.4.0, when the GET method is attac ...)
+ NOT-FOR-US: xmpp-http-upload
CVE-2020-15238
RESERVED
-CVE-2020-15237
- RESERVED
-CVE-2020-15236
- RESERVED
-CVE-2020-15235
- RESERVED
-CVE-2020-15234
- RESERVED
-CVE-2020-15233
- RESERVED
-CVE-2020-15232
- RESERVED
-CVE-2020-15231
- RESERVED
-CVE-2020-15230
- RESERVED
-CVE-2020-15229
- RESERVED
-CVE-2020-15228
- RESERVED
-CVE-2020-15227
- RESERVED
-CVE-2020-15226
- RESERVED
+CVE-2020-15237 (In Shrine before version 3.3.0, when using the `derivation_endpoint` p ...)
+ NOT-FOR-US: Shrine
+CVE-2020-15236 (In Wiki.js before version 2.5.151, directory traversal outside of Wiki ...)
+ NOT-FOR-US: Wiki.js
+CVE-2020-15235 (In RACTF before commit f3dc89b, unauthenticated users are able to get ...)
+ NOT-FOR-US: RACTF
+CVE-2020-15234 (ORY Fosite is a security first OAuth2 &amp; OpenID Connect framework f ...)
+ NOT-FOR-US: ORY Fosite
+CVE-2020-15233 (ORY Fosite is a security first OAuth2 &amp; OpenID Connect framework f ...)
+ NOT-FOR-US: ORY Fosite
+CVE-2020-15232 (In mapfish-print before version 3.24, a user can do to an XML External ...)
+ NOT-FOR-US: mapfish-print
+CVE-2020-15231 (In mapfish-print before version 3.24, a user can use the JSONP support ...)
+ NOT-FOR-US: mapfish-print
+CVE-2020-15230 (Vapor is a web framework for Swift. In Vapor before version 4.29.4, At ...)
+ NOT-FOR-US: Vapor
+CVE-2020-15229 (Singularity (an open source container platform) from version 3.1.1 thr ...)
+ - singularity-container <unfixed> (bug #972212)
+ NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9
+CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` and ` ...)
+ NOT-FOR-US: Node @actions/core
+CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...)
+ - php-nette <removed>
+ [stretch] - php-nette <no-dsa> (low priority)
+ NOTE: https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94
+CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the API's se ...)
+ - glpi <removed>
CVE-2020-15225
RESERVED
-CVE-2020-15224
- RESERVED
-CVE-2020-15223
- RESERVED
-CVE-2020-15222
- RESERVED
+CVE-2020-15224 (In Open Enclave before version 0.12.0, an information disclosure vulne ...)
+ NOT-FOR-US: Open Enclave
+CVE-2020-15223 (In ORY Fosite (the security first OAuth2 &amp; OpenID Connect framewor ...)
+ NOT-FOR-US: ORY Fosite
+CVE-2020-15222 (In ORY Fosite (the security first OAuth2 &amp; OpenID Connect framewor ...)
+ NOT-FOR-US: ORY Fosite
CVE-2020-15221
RESERVED
CVE-2020-15220
@@ -21845,62 +26261,64 @@ CVE-2020-15219
RESERVED
CVE-2020-15218
RESERVED
-CVE-2020-15217
- RESERVED
-CVE-2020-15216
- RESERVED
-CVE-2020-15215
- RESERVED
-CVE-2020-15214
- RESERVED
-CVE-2020-15213
- RESERVED
-CVE-2020-15212
- RESERVED
-CVE-2020-15211
- RESERVED
-CVE-2020-15210
- RESERVED
-CVE-2020-15209
- RESERVED
-CVE-2020-15208
- RESERVED
-CVE-2020-15207
- RESERVED
-CVE-2020-15206
- RESERVED
-CVE-2020-15205
- RESERVED
-CVE-2020-15204
- RESERVED
-CVE-2020-15203
- RESERVED
-CVE-2020-15202
- RESERVED
-CVE-2020-15201
- RESERVED
-CVE-2020-15200
- RESERVED
-CVE-2020-15199
- RESERVED
-CVE-2020-15198
- RESERVED
-CVE-2020-15197
- RESERVED
-CVE-2020-15196
- RESERVED
-CVE-2020-15195
- RESERVED
-CVE-2020-15194
- RESERVED
-CVE-2020-15193
- RESERVED
-CVE-2020-15192
- RESERVED
-CVE-2020-15191
- RESERVED
-CVE-2020-15190
- RESERVED
+CVE-2020-15217 (In GLPI before version 9.5.2, there is a leakage of user information t ...)
+ - glpi <removed>
+CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) before ve ...)
+ - golang-github-russellhaering-goxmldsig <unfixed> (bug #971615)
+ NOTE: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
+ NOTE: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64
+CVE-2020-15215 (Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vuln ...)
+ - electron <itp> (bug #842420)
+CVE-2020-15214 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15213 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15212 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15211 (In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15210 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15209 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15208 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15207 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15206 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, c ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15205 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15204 (In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15203 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, b ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15202 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15201 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15200 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15199 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15198 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15197 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15196 (In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `Ragged ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15195 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15194 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15193 (In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of ` ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15192 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15191 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an inv ...)
+ - tensorflow <itp> (bug #804612)
+CVE-2020-15190 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...)
+ - tensorflow <itp> (bug #804612)
CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...)
NOT-FOR-US: SOY CMS
CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...)
@@ -21921,18 +26339,23 @@ CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies o
NOT-FOR-US: Alfresco Reset Password add-on
CVE-2020-15180
RESERVED
+ {DSA-4776-1 DLA-2409-1}
+ - mariadb-10.5 1:10.5.6-1
+ - mariadb-10.3 <unfixed> (bug #972746)
+ - mariadb-10.1 <removed>
+ NOTE: Fixed in MariaDB 10.5.6, 10.4.15, 10.3.25, 10.2.34, 10.1.47
CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...)
NOT-FOR-US: ScratchSig MediaWiki extension
CVE-2020-15178 (In PrestaShop contactform module (prestashop/contactform) before versi ...)
NOT-FOR-US: PrestaShop
-CVE-2020-15177
- RESERVED
-CVE-2020-15176
- RESERVED
-CVE-2020-15175
- RESERVED
-CVE-2020-15174
- RESERVED
+CVE-2020-15177 (In GLPI before version 9.5.2, the `install/install.php` endpoint insec ...)
+ - glpi <removed>
+CVE-2020-15176 (In GLPI before version 9.5.2, when supplying a back tick in input that ...)
+ - glpi <removed>
+CVE-2020-15175 (In GLPI before version 9.5.2, the `&#8203;pluginimage.send.php&#8203;` ...)
+ - glpi <removed>
+CVE-2020-15174 (In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the ...)
+ - electron <itp> (bug #842420)
CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a b ...)
NOT-FOR-US: ACCEL-PPP
CVE-2020-15172 (The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerabl ...)
@@ -21942,13 +26365,15 @@ CVE-2020-15171 (In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT
CVE-2020-15170 (apollo-adminservice before version 1.7.1 does not implement access con ...)
NOT-FOR-US: apollo-adminservice
CVE-2020-15169 (In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potentia ...)
+ {DSA-4766-1 DLA-2403-1}
- rails 2:6.0.3.3+dfsg-1 (bug #970040)
NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml
NOTE: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc?pli=1
- NOTE: https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e
+ NOTE: https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e (master)
+ NOTE: https://github.com/rails/rails/commit/aaa7ab1320330b3c4fa8f0fbda716dcfa21e3d65 (5.2)
CVE-2020-15168 (node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the si ...)
[experimental] - node-fetch 2.6.1-1
- - node-fetch <unfixed> (bug #970173)
+ - node-fetch 2.6.1-2 (bug #970173)
[buster] - node-fetch <ignored> (Minor issue; Intrusive to backport)
NOTE: https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r
CVE-2020-15167 (In Miller (command line utility) using the configuration file support ...)
@@ -21968,18 +26393,23 @@ CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any a
NOT-FOR-US: Scrach Login MediaWiki extension
CVE-2020-15163 (Python TUF (The Update Framework) reference implementation before vers ...)
- python-tuf <itp> (bug #934151)
-CVE-2020-15162
- RESERVED
-CVE-2020-15161
- RESERVED
-CVE-2020-15160
- RESERVED
+CVE-2020-15162 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users a ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15161 (In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attac ...)
+ NOT-FOR-US: PrestaShop
+CVE-2020-15160 (PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerab ...)
+ NOT-FOR-US: PrestaShop
CVE-2020-15159 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) a ...)
NOT-FOR-US: baserCMS
CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP message ...)
NOT-FOR-US: libIEC61850
-CVE-2020-15157
- RESERVED
+CVE-2020-15157 (In containerd (an industry-standard container runtime) before version ...)
+ - containerd 1.3.2~ds1-2
+ - docker.io 19.03.12+dfsg1-1
+ NOTE: https://www.openwall.com/lists/oss-security/2020/10/15/1
+ NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c
+ NOTE: https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726 (v1.2.14)
+ NOTE: docker.io switched to systemwide containerd packages in 19.03.12+dfsg1-1
CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged in user ...)
NOT-FOR-US: nodebb-plugin-blog-comments
CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...)
@@ -22023,7 +26453,8 @@ CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview
CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...)
NOT-FOR-US: HoRNDIS
CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...)
- - etcd <unfixed> (bug #968752)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968752)
NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q
CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...)
NOT-FOR-US: Node save-server
@@ -22081,16 +26512,20 @@ CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashe
CVE-2020-15116
RESERVED
CVE-2020-15115 (etcd before versions 3.3.23 and 3.4.10 does not perform any password l ...)
- - etcd <unfixed> (bug #968740)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968740)
NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh
CVE-2020-15114 (In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simpl ...)
- - etcd <unfixed> (bug #968740)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968740)
NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224
CVE-2020-15113 (In etcd before versions 3.3.23 and 3.4.10, certain directory paths are ...)
- - etcd <unfixed> (bug #968740)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968740)
NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92
CVE-2020-15112 (In etcd before versions 3.3.23 and 3.4.10, it is possible to have an e ...)
- - etcd <unfixed> (bug #968740)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968740)
NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93
CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.Attach ...)
NOT-FOR-US: Fiber
@@ -22107,7 +26542,8 @@ CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of
CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...)
NOT-FOR-US: openenclave
CVE-2020-15106 (In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic ...)
- - etcd <unfixed> (bug #968740)
+ [experimental] - etcd 3.3.25+dfsg-1
+ - etcd 3.3.25+dfsg-5 (bug #968740)
NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2
CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...)
NOT-FOR-US: Django Two-Factor Authentication
@@ -22137,7 +26573,7 @@ CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta2
- electron <itp> (bug #842420)
CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...)
- npm 6.14.6+ds-1 (low; bug #964746)
- [buster] - npm <no-dsa> (Minor issue)
+ [buster] - npm 5.8.0+ds6-4+deb10u2
NOTE: https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp
NOTE: https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc
CVE-2020-15094 (In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient cla ...)
@@ -22235,7 +26671,7 @@ CVE-2020-15051 (An issue was discovered in Artica Proxy before 4.30.000000. Stor
CVE-2020-15050 (An issue was discovered in the Video Extension in Suprema BioStar 2 be ...)
NOT-FOR-US: Suprema BioStar
CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...)
- {DSA-4732-1}
+ {DSA-4732-1 DLA-2394-1}
- squid 4.12-1
- squid3 <removed>
NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5
@@ -22287,7 +26723,7 @@ CVE-2020-15027 (ConnectWise Automate through 2020.x has insufficient validation
CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...)
NOT-FOR-US: Bludit
CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...)
- - ntp <unfixed> (low; bug #963807)
+ - ntp 1:4.2.8p15-1 (low; bug #963807)
[buster] - ntp <no-dsa> (Minor issue)
[stretch] - ntp <not-affected> (Vulnerable code introduced later)
[jessie] - ntp <not-affected> (Vulnerable code introduced later)
@@ -22295,6 +26731,7 @@ CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allow
NOTE: https://support.ntp.org/bin/view/Main/NtpBug3661
NOTE: https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea
NOTE: https://bugs.ntp.org/show_bug.cgi?id=3661
+ NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e84aa07N2NcL4sE_0dW35Tizc74SA
CVE-2020-15024 (An issue was discovered in the Login Password feature of the Password ...)
NOT-FOR-US: Avast Antivirus
CVE-2020-15023
@@ -22319,8 +26756,8 @@ CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php
NOT-FOR-US: BlogCMS
CVE-2020-15013
RESERVED
-CVE-2020-15012
- RESERVED
+CVE-2020-15012 (A Directory Traversal issue was discovered in Sonatype Nexus Repositor ...)
+ NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...)
{DLA-2276-1 DLA-2265-1}
- mailman <removed>
@@ -22339,16 +26776,16 @@ CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in
CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document ...)
NOT-FOR-US: Bludit
CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...)
+ {DSA-4767-1}
- mediawiki 1:1.31.8-1
- [buster] - mediawiki <postponed> (Minor issue)
[stretch] - mediawiki <postponed> (Minor issue)
NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html
-CVE-2020-15004
- RESERVED
-CVE-2020-15003
- RESERVED
-CVE-2020-15002
- RESERVED
+CVE-2020-15004 (OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. ...)
+ NOT-FOR-US: Open-Xchange App Suite
+CVE-2020-15003 (OX App Suite through 7.10.3 allows Information Exposure because a user ...)
+ NOT-FOR-US: Open-Xchange App Suite
+CVE-2020-15002 (OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/me ...)
+ NOT-FOR-US: Open-Xchange App Suite
CVE-2020-15001 (An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0 ...)
NOT-FOR-US: Yubico YubiKey 5 NFC devices
CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5 devices 5. ...)
@@ -22389,7 +26826,7 @@ CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't
- crispy-doom 5.9.0-1 (bug #964564)
[buster] - crispy-doom <no-dsa> (Minor issue)
- chocolate-doom 3.0.1-1
- [buster] - chocolate-doom <no-dsa> (Minor issue)
+ [buster] - chocolate-doom 3.0.0-4+deb10u1
[stretch] - chocolate-doom <no-dsa> (Minor issue)
[jessie] - chocolate-doom <end-of-life> (games are not supported)
NOTE: https://github.com/chocolate-doom/chocolate-doom/issues/1293
@@ -22581,306 +27018,342 @@ CVE-2020-14903
RESERVED
CVE-2020-14902
RESERVED
-CVE-2020-14901
- RESERVED
-CVE-2020-14900
- RESERVED
-CVE-2020-14899
- RESERVED
-CVE-2020-14898
- RESERVED
-CVE-2020-14897
- RESERVED
-CVE-2020-14896
- RESERVED
-CVE-2020-14895
- RESERVED
-CVE-2020-14894
- RESERVED
-CVE-2020-14893
- RESERVED
-CVE-2020-14892
- RESERVED
-CVE-2020-14891
- RESERVED
-CVE-2020-14890
- RESERVED
-CVE-2020-14889
- RESERVED
-CVE-2020-14888
- RESERVED
-CVE-2020-14887
- RESERVED
-CVE-2020-14886
- RESERVED
-CVE-2020-14885
- RESERVED
-CVE-2020-14884
- RESERVED
-CVE-2020-14883
- RESERVED
-CVE-2020-14882
- RESERVED
-CVE-2020-14881
- RESERVED
-CVE-2020-14880
- RESERVED
-CVE-2020-14879
- RESERVED
-CVE-2020-14878
- RESERVED
-CVE-2020-14877
- RESERVED
-CVE-2020-14876
- RESERVED
-CVE-2020-14875
- RESERVED
+CVE-2020-14901 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14900 (Vulnerability in the Oracle Application Express Group Calendar compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14899 (Vulnerability in the Oracle Application Express Data Reporter componen ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14898 (Vulnerability in the Oracle Application Express Packaged Apps componen ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14897 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14896 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14895 (Vulnerability in the Oracle Utilities Framework product of Oracle Util ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14894 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14893 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14892 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14891 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14890 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14889 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14888 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14887 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14886 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14885 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14884 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14883 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14882 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14881 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14880 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14879 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14878 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14877 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14876 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14875 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
CVE-2020-14874
RESERVED
-CVE-2020-14873
- RESERVED
-CVE-2020-14872
- RESERVED
-CVE-2020-14871
- RESERVED
-CVE-2020-14870
- RESERVED
-CVE-2020-14869
- RESERVED
-CVE-2020-14868
- RESERVED
-CVE-2020-14867
- RESERVED
-CVE-2020-14866
- RESERVED
-CVE-2020-14865
- RESERVED
-CVE-2020-14864
- RESERVED
-CVE-2020-14863
- RESERVED
-CVE-2020-14862
- RESERVED
-CVE-2020-14861
- RESERVED
-CVE-2020-14860
- RESERVED
-CVE-2020-14859
- RESERVED
-CVE-2020-14858
- RESERVED
-CVE-2020-14857
- RESERVED
-CVE-2020-14856
- RESERVED
-CVE-2020-14855
- RESERVED
-CVE-2020-14854
- RESERVED
-CVE-2020-14853
- RESERVED
-CVE-2020-14852
- RESERVED
-CVE-2020-14851
- RESERVED
-CVE-2020-14850
- RESERVED
-CVE-2020-14849
- RESERVED
-CVE-2020-14848
- RESERVED
-CVE-2020-14847
- RESERVED
-CVE-2020-14846
- RESERVED
-CVE-2020-14845
- RESERVED
-CVE-2020-14844
- RESERVED
-CVE-2020-14843
- RESERVED
-CVE-2020-14842
- RESERVED
-CVE-2020-14841
- RESERVED
-CVE-2020-14840
- RESERVED
-CVE-2020-14839
- RESERVED
-CVE-2020-14838
- RESERVED
-CVE-2020-14837
- RESERVED
-CVE-2020-14836
- RESERVED
-CVE-2020-14835
- RESERVED
-CVE-2020-14834
- RESERVED
-CVE-2020-14833
- RESERVED
-CVE-2020-14832
- RESERVED
-CVE-2020-14831
- RESERVED
-CVE-2020-14830
- RESERVED
-CVE-2020-14829
- RESERVED
-CVE-2020-14828
- RESERVED
-CVE-2020-14827
- RESERVED
-CVE-2020-14826
- RESERVED
-CVE-2020-14825
- RESERVED
-CVE-2020-14824
- RESERVED
-CVE-2020-14823
- RESERVED
-CVE-2020-14822
- RESERVED
-CVE-2020-14821
- RESERVED
-CVE-2020-14820
- RESERVED
-CVE-2020-14819
- RESERVED
-CVE-2020-14818
- RESERVED
-CVE-2020-14817
- RESERVED
-CVE-2020-14816
- RESERVED
-CVE-2020-14815
- RESERVED
-CVE-2020-14814
- RESERVED
-CVE-2020-14813
- RESERVED
-CVE-2020-14812
- RESERVED
-CVE-2020-14811
- RESERVED
-CVE-2020-14810
- RESERVED
-CVE-2020-14809
- RESERVED
-CVE-2020-14808
- RESERVED
-CVE-2020-14807
- RESERVED
-CVE-2020-14806
- RESERVED
-CVE-2020-14805
- RESERVED
-CVE-2020-14804
- RESERVED
-CVE-2020-14803
- RESERVED
-CVE-2020-14802
- RESERVED
-CVE-2020-14801
- RESERVED
-CVE-2020-14800
- RESERVED
-CVE-2020-14799
- RESERVED
-CVE-2020-14798
- RESERVED
-CVE-2020-14797
- RESERVED
-CVE-2020-14796
- RESERVED
-CVE-2020-14795
- RESERVED
-CVE-2020-14794
- RESERVED
-CVE-2020-14793
- RESERVED
-CVE-2020-14792
- RESERVED
-CVE-2020-14791
- RESERVED
-CVE-2020-14790
- RESERVED
-CVE-2020-14789
- RESERVED
-CVE-2020-14788
- RESERVED
-CVE-2020-14787
- RESERVED
-CVE-2020-14786
- RESERVED
-CVE-2020-14785
- RESERVED
-CVE-2020-14784
- RESERVED
-CVE-2020-14783
- RESERVED
-CVE-2020-14782
- RESERVED
-CVE-2020-14781
- RESERVED
-CVE-2020-14780
- RESERVED
-CVE-2020-14779
- RESERVED
-CVE-2020-14778
- RESERVED
-CVE-2020-14777
- RESERVED
-CVE-2020-14776
- RESERVED
-CVE-2020-14775
- RESERVED
-CVE-2020-14774
- RESERVED
-CVE-2020-14773
- RESERVED
-CVE-2020-14772
- RESERVED
-CVE-2020-14771
- RESERVED
-CVE-2020-14770
- RESERVED
-CVE-2020-14769
- RESERVED
-CVE-2020-14768
- RESERVED
-CVE-2020-14767
- RESERVED
-CVE-2020-14766
- RESERVED
-CVE-2020-14765
- RESERVED
-CVE-2020-14764
- RESERVED
-CVE-2020-14763
- RESERVED
-CVE-2020-14762
- RESERVED
-CVE-2020-14761
- RESERVED
-CVE-2020-14760
- RESERVED
-CVE-2020-14759
- RESERVED
-CVE-2020-14758
- RESERVED
-CVE-2020-14757
- RESERVED
+CVE-2020-14873 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14872 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
+ - virtualbox 6.1.16-dfsg-1
+CVE-2020-14871 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14870 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14869 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <unfixed> (bug #972824)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14868 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14867 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <unfixed> (bug #972824)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14866 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14865 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection pr ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14864 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14863 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14862 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14861 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14860 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14859 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14858 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14857 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14856 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14855 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14854 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14853 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...)
+ - mysql-cluster <itp> (bug #833356)
+CVE-2020-14852 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14851 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14850 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14849 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14848 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14847 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14846 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14845 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14844 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14843 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14842 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14841 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14840 (Vulnerability in the Oracle Application Object Library product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14839 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14838 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14837 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14836 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14835 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14834 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14833 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14832 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14831 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14830 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14829 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14828 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14827 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <unfixed> (bug #972824)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14826 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14825 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14824 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14823 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14822 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14821 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14820 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14819 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14818 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14817 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14816 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14815 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14814 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14813 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14812 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <unfixed> (bug #972824)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14811 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14810 (Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospi ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14809 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14808 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14807 (Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospi ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14806 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14805 (Vulnerability in the Oracle E-Business Suite Secure Enterprise Search ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14804 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14803 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14802 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14801 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14800 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14799 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14798 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14797 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14796 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14795 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14794 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14793 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <unfixed> (bug #972824)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14792 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14791 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14790 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <unfixed> (bug #972824)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14789 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <unfixed> (bug #972824)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14788 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14787 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14786 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14785 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14784 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14783 (Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Foo ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14782 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14780 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14779 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...)
+ {DSA-4779-1 DLA-2412-1}
+ - openjdk-15 15.0.1+9-1
+ - openjdk-11 11.0.9+11-1
+ - openjdk-8 8u272-b10-1
+CVE-2020-14778 (Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core pro ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14777 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14776 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+ - mysql-5.7 <unfixed> (bug #972824)
+CVE-2020-14775 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+ - mysql-5.7 <unfixed> (bug #972824)
+CVE-2020-14774 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14773 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14772 (Vulnerability in the Hyperion Lifecycle Management product of Oracle H ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14771 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <unfixed> (bug #972824)
+ - mysql-8.0 <unfixed> (bug #972623)
+CVE-2020-14770 (Vulnerability in the Hyperion BI+ product of Oracle Hyperion (componen ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14769 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+ - mysql-5.7 <unfixed> (bug #972824)
+CVE-2020-14768 (Vulnerability in the Hyperion Analytic Provider Services product of Or ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14767 (Vulnerability in the Hyperion BI+ product of Oracle Hyperion (componen ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14766 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14765 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-8.0 <unfixed> (bug #972623)
+ - mysql-5.7 <unfixed> (bug #972824)
+CVE-2020-14764 (Vulnerability in the Hyperion Planning product of Oracle Hyperion (com ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14763 (Vulnerability in the Oracle Application Express Quick Poll component o ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14762 (Vulnerability in the Oracle Application Express component of Oracle Da ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14761 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14760 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <unfixed> (bug #972824)
+CVE-2020-14759 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14758 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14757 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...)
+ NOT-FOR-US: Oracle
CVE-2020-14756
RESERVED
CVE-2020-14755
RESERVED
-CVE-2020-14754
- RESERVED
-CVE-2020-14753
- RESERVED
-CVE-2020-14752
- RESERVED
+CVE-2020-14754 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14753 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14752 (Vulnerability in the Hyperion Lifecycle Management product of Oracle H ...)
+ NOT-FOR-US: Oracle
CVE-2020-14751
RESERVED
CVE-2020-14750
@@ -22891,38 +27364,38 @@ CVE-2020-14748
RESERVED
CVE-2020-14747
RESERVED
-CVE-2020-14746
- RESERVED
-CVE-2020-14745
- RESERVED
-CVE-2020-14744
- RESERVED
-CVE-2020-14743
- RESERVED
-CVE-2020-14742
- RESERVED
-CVE-2020-14741
- RESERVED
-CVE-2020-14740
- RESERVED
+CVE-2020-14746 (Vulnerability in the Oracle Applications Framework product of Oracle E ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14745 (Vulnerability in the Oracle REST Data Services product of Oracle REST ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14744 (Vulnerability in the Oracle REST Data Services product of Oracle REST ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14743 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14742 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14741 (Vulnerability in the Database Filesystem component of Oracle Database ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14740 (Vulnerability in the SQL Developer Install component of Oracle Databas ...)
+ NOT-FOR-US: Oracle
CVE-2020-14739
RESERVED
CVE-2020-14738
RESERVED
CVE-2020-14737
RESERVED
-CVE-2020-14736
- RESERVED
-CVE-2020-14735
- RESERVED
-CVE-2020-14734
- RESERVED
+CVE-2020-14736 (Vulnerability in the Database Vault component of Oracle Database Serve ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14735 (Vulnerability in the Scheduler component of Oracle Database Server. Su ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14734 (Vulnerability in the Oracle Text component of Oracle Database Server. ...)
+ NOT-FOR-US: Oracle
CVE-2020-14733
RESERVED
-CVE-2020-14732
- RESERVED
-CVE-2020-14731
- RESERVED
+CVE-2020-14732 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
+ NOT-FOR-US: Oracle
+CVE-2020-14731 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...)
+ NOT-FOR-US: Oracle
CVE-2020-14730
RESERVED
CVE-2020-14729 (Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracl ...)
@@ -23039,8 +27512,9 @@ CVE-2020-14674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virt
- virtualbox 6.1.12-dfsg-1
CVE-2020-14673 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...)
- virtualbox 6.1.12-dfsg-1
-CVE-2020-14672
- RESERVED
+CVE-2020-14672 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...)
+ - mysql-5.7 <unfixed> (bug #972824)
+ - mysql-8.0 <unfixed> (bug #972623)
CVE-2020-14671 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
NOT-FOR-US: Oracle
CVE-2020-14670 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...)
@@ -23432,7 +27906,7 @@ CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL i
CVE-2020-14496
RESERVED
CVE-2020-14495
- RESERVED
+ REJECTED
CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication ...)
NOT-FOR-US: OpenClinic GA
CVE-2020-14493 (A low-privilege user may use SQL syntax to write arbitrary files to th ...)
@@ -23645,37 +28119,37 @@ CVE-2020-14406
CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rf ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365
CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rr ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/he ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/co ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff
CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/sc ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af
CVE-2020-14400 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d
CVE-2020-14399 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d
CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improperly c ...)
- libvncserver 0.9.13+dfsg-1
@@ -23686,7 +28160,7 @@ CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improp
CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...)
{DLA-2347-1 DLA-2264-1}
- libvncserver 0.9.13+dfsg-1
- [buster] - libvncserver <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4
NOTE: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0
CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tl ...)
- libvncserver 0.9.13+dfsg-1
@@ -23699,19 +28173,23 @@ CVE-2020-14395
CVE-2020-14394
RESERVED
CVE-2020-14393 (A buffer overflow was found in perl-DBI &lt; 1.643 in DBI.xs. A local ...)
+ {DLA-2386-1}
- libdbi-perl 1.643-1
- [buster] - libdbi-perl <no-dsa> (Minor issue)
+ [buster] - libdbi-perl 1.642-1+deb10u1
NOTE: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b
CVE-2020-14392 (An untrusted pointer dereference flaw was found in Perl-DBI &lt; 1.643 ...)
+ {DLA-2386-1}
- libdbi-perl 1.643-1
- [buster] - libdbi-perl <no-dsa> (Minor issue)
+ [buster] - libdbi-perl 1.642-1+deb10u1
NOTE: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1
CVE-2020-14391
RESERVED
- gnome-settings-daemon <not-affected> (Red Hat-specific plugin)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093
-CVE-2020-14390 (A flaw was found in the Linux kernel in versions from 2.2.3 through 5. ...)
+CVE-2020-14390 (A flaw was found in the Linux kernel in versions before 5.9-rc6. When ...)
+ {DLA-2385-1}
- linux 5.8.10-1
+ [buster] - linux 4.19.146-1
NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489
NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2
CVE-2020-14389
@@ -23728,10 +28206,14 @@ CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate
NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549
CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption ...)
+ {DLA-2385-1}
- linux 5.8.7-1
+ [buster] - linux 4.19.146-1
NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3
CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure of the ...)
+ {DLA-2385-1}
- linux 5.8.7-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933
CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. ...)
@@ -23759,16 +28241,31 @@ CVE-2020-14380
NOT-FOR-US: Red Hat Satellite
CVE-2020-14379
RESERVED
-CVE-2020-14378
- RESERVED
-CVE-2020-14377
- RESERVED
-CVE-2020-14376
- RESERVED
-CVE-2020-14375
- RESERVED
-CVE-2020-14374
- RESERVED
+CVE-2020-14378 (An integer underflow in dpdk versions before 18.11.10 and before 19.11 ...)
+ - dpdk 19.11.5-1 (bug #971269)
+ [buster] - dpdk <no-dsa> (Minor issue)
+ [stretch] - dpdk <no-dsa> (Minor issue)
+ NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+CVE-2020-14377 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
+ - dpdk 19.11.5-1 (bug #971269)
+ [buster] - dpdk <no-dsa> (Minor issue)
+ [stretch] - dpdk <no-dsa> (Minor issue)
+ NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+CVE-2020-14376 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
+ - dpdk 19.11.5-1 (bug #971269)
+ [buster] - dpdk <no-dsa> (Minor issue)
+ [stretch] - dpdk <no-dsa> (Minor issue)
+ NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+CVE-2020-14375 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
+ - dpdk 19.11.5-1 (bug #971269)
+ [buster] - dpdk <no-dsa> (Minor issue)
+ [stretch] - dpdk <no-dsa> (Minor issue)
+ NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
+CVE-2020-14374 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...)
+ - dpdk 19.11.5-1 (bug #971269)
+ [buster] - dpdk <no-dsa> (Minor issue)
+ [stretch] - dpdk <no-dsa> (Minor issue)
+ NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272
CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of g ...)
- ghostscript 9.26~dfsg-1
[stretch] - ghostscript 9.26~dfsg-0+deb9u1
@@ -23779,8 +28276,10 @@ CVE-2020-14372
CVE-2020-14371
RESERVED
NOT-FOR-US: Red Hat Satellite
-CVE-2020-14370
- RESERVED
+CVE-2020-14370 (An information disclosure vulnerability was found in containers/podman ...)
+ - libpod 2.0.6+dfsg1-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874268
+ NOTE: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074
CVE-2020-14369
RESERVED
NOT-FOR-US: Red Hat CloudForm
@@ -23789,6 +28288,7 @@ CVE-2020-14368
NOT-FOR-US: Eclipse Che
CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating the PID ...)
- chrony 3.5.1-1 (unimportant)
+ [buster] - chrony 3.4-4+deb10u1
NOTE: https://www.openwall.com/lists/oss-security/2020/08/21/1
NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/util.c?id=7a4c396bba8f92a3ee8018620983529152050c74 (4.0-pre1)
NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/main.c?id=e18903a6b56341481a2e08469c0602010bf7bfe3 (4.0-pre1)
@@ -23797,8 +28297,7 @@ CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating t
NOTE: additionally mitigating the issue. Earlier versions used /var/run/chronyd.pid.
CVE-2020-14366
RESERVED
-CVE-2020-14365 [dnf module install packages with no GPG signature]
- RESERVED
+CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator ...)
@@ -23810,7 +28309,7 @@ CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emu
CVE-2020-14363 (An integer overflow vulnerability leading to a double-free was found i ...)
{DLA-2361-1}
- libx11 <unfixed> (bug #969008)
- [buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu)
+ [buster] - libx11 2:1.6.7-1+deb10u1
NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html
NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d
CVE-2020-14362 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...)
@@ -23832,10 +28331,19 @@ CVE-2020-14358
CVE-2020-14357
REJECTED
CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...)
+ {DLA-2385-1}
- linux 5.7.10-1 (bug #966846)
+ [buster] - linux 4.19.146-1
NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed
-CVE-2020-14355
- RESERVED
+CVE-2020-14355 (Multiple buffer overflow vulnerabilities were found in the QUIC image ...)
+ {DSA-4771-1}
+ - spice <unfixed> (bug #971750)
+ - spice-gtk <unfixed> (bug #971751)
+ [buster] - spice-gtk <no-dsa> (Minor issue)
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccde658fd52d3235887b60862d
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d146c5bf3118bb41bf3378e4
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d759e5415b8e35b92bb1a4c206
+ NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b66b86e601c725d30f00c37e684b6395b6
CVE-2020-14354 [ares_destroy() with pending ares_getaddrinfo() leads to Use-After-Free]
RESERVED
- c-ares 1.16.1-1
@@ -23856,14 +28364,14 @@ CVE-2020-14350 (It was found that some PostgreSQL extensions did not use search_
{DLA-2331-1}
- postgresql-12 12.4-1
- postgresql-11 <removed>
- [buster] - postgresql-11 <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - postgresql-11 11.9-0+deb10u1
- postgresql-9.6 <removed>
NOTE: https://www.postgresql.org/about/news/2060/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7eeb1d9861b0a3f453f8b31c7648396cdd7f1e59
CVE-2020-14349 (It was found that PostgreSQL versions before 12.4, before 11.9 and bef ...)
- postgresql-12 12.4-1
- postgresql-11 <removed>
- [buster] - postgresql-11 <no-dsa> (Minor issue; will be fixed via point release)
+ [buster] - postgresql-11 11.9-0+deb10u1
- postgresql-9.6 <not-affected> (Vulnerable code introduced later)
NOTE: https://www.postgresql.org/about/news/2060/
NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=11da97024abbe76b8c81e3f2375b2a62e9717c67
@@ -23888,7 +28396,7 @@ CVE-2020-14345 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9.
CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found in The ...)
{DLA-2312-1}
- libx11 2:1.6.10-1
- [buster] - libx11 <no-dsa> (Minor issue, will be fixed via spu)
+ [buster] - libx11 2:1.6.7-1+deb10u1
NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html
NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e
NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488
@@ -23916,6 +28424,7 @@ CVE-2020-14341
CVE-2020-14340
RESERVED
- jboss-xnio 3.8.2-1
+ [buster] - jboss-xnio <no-dsa> (Minor issue)
[stretch] - jboss-xnio <not-affected> (vulnerable code is not present)
NOTE: Fix for 3.8: https://github.com/xnio/xnio/pull/233
NOTE: Fix for 3.7 (Buster): https://github.com/xnio/xnio/pull/234
@@ -23947,7 +28456,9 @@ CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. T
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805
NOTE: https://github.com/ansible/ansible/pull/71033
CVE-2020-14331 (A flaw was found in the Linux kernel&#8217;s implementation of the inv ...)
+ {DLA-2385-1}
- linux 5.7.17-1 (unimportant)
+ [buster] - linux 4.19.146-1
NOTE: https://www.openwall.com/lists/oss-security/2020/07/28/2
NOTE: Only exploitable when CONFIG_VGACON_SOFT_SCROLLBACK is set
CVE-2020-14330 (An Improper Output Neutralization for Logs flaw was found in Ansible w ...)
@@ -24000,7 +28511,9 @@ CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipp
NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2
NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc
CVE-2020-14314 (A memory out-of-bounds read flaw was found in the Linux kernel before ...)
+ {DLA-2385-1}
- linux 5.8.7-1
+ [buster] - linux 4.19.146-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922
NOTE: https://git.kernel.org/linus/5872331b3d91820e14716632ebb56b1399b34fe1
CVE-2020-14313 (An information disclosure vulnerability was found in Red Hat Quay in v ...)
@@ -24056,8 +28569,8 @@ CVE-2020-14301 [leak of sensitive cookie information via dumpxml]
NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5
CVE-2020-14300 (The docker packages version docker-1.13.1-108.git4ef4b30.el7 as releas ...)
- docker.io <not-affected> (Red Hat specific regression)
-CVE-2020-14299
- RESERVED
+CVE-2020-14299 (A flaw was found in JBoss EAP, where the authentication configuration ...)
+ NOT-FOR-US: JBoss EAP
CVE-2020-14298 (The version of docker as released for Red Hat Enterprise Linux 7 Extra ...)
- docker.io <not-affected> (Red Hat specific regression)
CVE-2020-14297 (A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat ...)
@@ -24073,10 +28586,10 @@ CVE-2020-14295 (A SQL injection issue in color.php in Cacti 1.2.12 allows an adm
NOTE: Fixed by: https://github.com/Cacti/cacti/commit/cc1a656f37b08c0c45667c119a44a3751271ac6e
NOTE: Introduced with the fix for https://github.com/Cacti/cacti/issues/2839
NOTE: Introduced by: https://github.com/Cacti/cacti/commit/b87747c38ba58e8cf6507d4f1f8476d1df567556 (1.2.6)
-CVE-2020-14294
- RESERVED
-CVE-2020-14293
- RESERVED
+CVE-2020-14294 (An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feat ...)
+ NOT-FOR-US: Secudos Qiata FTA
+CVE-2020-14293 (conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute ...)
+ NOT-FOR-US: Secudos DOMOS
CVE-2020-14292 (In the COVIDSafe application through 1.0.21 for Android, unsafe use of ...)
NOT-FOR-US: COVIDSafe application for Android
CVE-2020-14291
@@ -24215,8 +28728,8 @@ CVE-2020-14225
RESERVED
CVE-2020-14224
RESERVED
-CVE-2020-14223
- RESERVED
+CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...)
+ NOT-FOR-US: HCL Digital Experience
CVE-2020-14222
RESERVED
CVE-2020-14221
@@ -24305,24 +28818,24 @@ CVE-2020-14187
RESERVED
CVE-2020-14186
RESERVED
-CVE-2020-14185
- RESERVED
-CVE-2020-14184
- RESERVED
-CVE-2020-14183
- RESERVED
+CVE-2020-14185 (Affected versions of Jira Server allow remote unauthenticated attacker ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14184 (Affected versions of Atlassian Jira Server allow remote attackers to i ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14183 (Affected versions of Jira Server &amp; Data Center allow a remote atta ...)
+ NOT-FOR-US: Atlassian
CVE-2020-14182
RESERVED
CVE-2020-14181 (Affected versions of Atlassian Jira Server and Data Center allow an un ...)
NOT-FOR-US: Atlassian
-CVE-2020-14180
- RESERVED
-CVE-2020-14179
- RESERVED
+CVE-2020-14180 (Affected versions of Atlassian Jira Service Desk Server and Data Cente ...)
+ NOT-FOR-US: Atlassian
+CVE-2020-14179 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
CVE-2020-14178 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
NOT-FOR-US: Atlassian
-CVE-2020-14177
- RESERVED
+CVE-2020-14177 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+ NOT-FOR-US: Atlassian
CVE-2020-14176
RESERVED
CVE-2020-14175 (Affected versions of Atlassian Confluence Server and Data Center allow ...)
@@ -24401,7 +28914,7 @@ CVE-2020-14149 (In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path
NOT-FOR-US: uftpd
CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 26~rc2 allo ...)
{DLA-2252-1}
- - ngircd <unfixed> (bug #963147)
+ - ngircd 26-1 (bug #963147)
[buster] - ngircd <no-dsa> (Minor issue)
[stretch] - ngircd <no-dsa> (Minor issue)
NOTE: https://github.com/ngircd/ngircd/issues/274
@@ -24426,8 +28939,8 @@ CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.3 has an Observable Dis
NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf
NOTE: The OpenSSH project is not planning to change the behaviour of OpenSSH regarding
NOTE: the issue, details in "3.1 OpenSSH" in the publication.
-CVE-2020-14144
- RESERVED
+CVE-2020-14144 (** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 allo ...)
+ - gitea <removed>
CVE-2020-14143
RESERVED
CVE-2020-14142
@@ -24731,32 +29244,32 @@ CVE-2020-14033 (An issue was discovered in janus-gateway (aka Janus WebRTC Serve
NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80
CVE-2020-14032
RESERVED
-CVE-2020-14031
- RESERVED
-CVE-2020-14030
- RESERVED
+CVE-2020-14031 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ou ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14030 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It sto ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...)
NOT-FOR-US: Ozeki NG SMS Gateway
-CVE-2020-14028
- RESERVED
-CVE-2020-14027
- RESERVED
-CVE-2020-14026
- RESERVED
-CVE-2020-14025
- RESERVED
-CVE-2020-14024
- RESERVED
-CVE-2020-14023
- RESERVED
-CVE-2020-14022
- RESERVED
+CVE-2020-14028 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By lev ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14027 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The da ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14026 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14025 (Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14024 (Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14023 (Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
+CVE-2020-14022 (Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file typ ...)
+ NOT-FOR-US: Ozeki NG SMS Gateway
CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The AS ...)
NOT-FOR-US: Ozeki NG SMS Gateway
CVE-2020-14020
RESERVED
CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...)
- - python-rtslib-fb <unfixed>
+ - python-rtslib-fb <unfixed> (bug #972227)
[buster] - python-rtslib-fb <not-affected> (Introduced in 2.1.70)
[stretch] - python-rtslib-fb <not-affected> (vulnerable code introduced later, shutil.copyfile is not used)
[jessie] - python-rtslib-fb <not-affected> (vulnerable code introduced later, shutil.copyfile is not used)
@@ -24792,7 +29305,7 @@ CVE-2020-14005 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platf
NOT-FOR-US: Solarwinds
CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dir ...)
- icinga2 2.11.5-1 (bug #970252)
- [buster] - icinga2 <no-dsa> (Minor issue)
+ [buster] - icinga2 2.10.3-2+deb10u1
[stretch] - icinga2 <not-affected> (prepare-dirs script not shipped)
[jessie] - icinga2 <not-affected> (prepare-dirs script not shipped)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/12/1
@@ -24824,16 +29337,20 @@ CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to an
NOT-FOR-US: Shopware
CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...)
NOT-FOR-US: J2Store plugin for Joomla!
-CVE-2020-13995
- RESERVED
+CVE-2020-13995 (U.S. Air Force Sensor Data Management System extract75 has a buffer ov ...)
+ NOT-FOR-US: U.S. Air Force Sensor Data Management System extract75
CVE-2020-13994 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A pri ...)
NOT-FOR-US: Mods for HESK
CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A bli ...)
NOT-FOR-US: Mods for HESK
CVE-2020-13992 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Sto ...)
NOT-FOR-US: Mods for HESK
-CVE-2020-13991
- RESERVED
+CVE-2020-13991 (vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow ...)
+ - iotjs <not-affected> (Vulnerable code not present; cf. #972228)
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3858
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3859
+ NOTE: https://github.com/jerryscript-project/jerryscript/issues/3860
+ NOTE: https://github.com/jerryscript-project/jerryscript/pull/3867
CVE-2020-13990
RESERVED
CVE-2020-13989
@@ -24908,20 +29425,24 @@ CVE-2020-13959
RESERVED
CVE-2020-13958
RESERVED
-CVE-2020-13957
- RESERVED
-CVE-2020-13956
- RESERVED
-CVE-2020-13955
+CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 ...)
+ - lucene-solr <not-affected> (Vulnerable functionality not yet present)
+CVE-2020-13956 [incorrect handling of malformed authority component in request URIs]
RESERVED
+ {DSA-4772-1 DLA-2405-1}
+ - httpcomponents-client 4.5.13-1
+ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587
+ NOTE: Fixed by: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e (4.5.13-RC1)
+CVE-2020-13955 (HttpUtils#getURLConnection method disables explicitly hostname verific ...)
+ NOT-FOR-US: Apache Calcite
CVE-2020-13954
RESERVED
-CVE-2020-13953
- RESERVED
-CVE-2020-13952
- RESERVED
-CVE-2020-13951
- RESERVED
+CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an att ...)
+ NOT-FOR-US: Apache Tapestry
+CVE-2020-13952 (In the course of work on the open source project it was discovered tha ...)
+ NOT-FOR-US: Apache Superset
+CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeetings 4. ...)
+ NOT-FOR-US: Apache OpenMeetings
CVE-2020-13950
RESERVED
CVE-2020-13949
@@ -24936,8 +29457,12 @@ CVE-2020-13945
RESERVED
CVE-2020-13944 (In Apache Airflow &lt; 1.10.12, the "origin" parameter passed to some ...)
- airflow <itp> (bug #819700)
-CVE-2020-13943
- RESERVED
+CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7 ...)
+ {DLA-2407-1}
+ - tomcat9 9.0.38-1
+ - tomcat8 <removed>
+ NOTE: https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b (9.0.38)
+ NOTE: https://github.com/apache/tomcat/commit/9d7def063b47407a09a2f9202beed99f4dcb292a (8.5.58)
CVE-2020-13942
RESERVED
CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...)
@@ -24947,14 +29472,14 @@ CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public
NOTE: https://www.openwall.com/lists/oss-security/2020/08/15/1
NOTE: https://issues.apache.org/jira/browse/SOLR-14561
NOTE: https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2
-CVE-2020-13940
- RESERVED
+CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and v ...)
+ NOT-FOR-US: Apache NiFi
CVE-2020-13939
- RESERVED
+ REJECTED
CVE-2020-13938
RESERVED
-CVE-2020-13937
- RESERVED
+CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2 ...)
+ NOT-FOR-US: Apache Kylin (different from Kylin desktop environment)
CVE-2020-13936
RESERVED
CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...)
@@ -25000,7 +29525,9 @@ CVE-2020-13922
CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...)
NOT-FOR-US: Apache SkyWalking
CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...)
- - activemq <unfixed>
+ {DLA-2400-1}
+ - activemq 5.16.0-1
+ [buster] - activemq <no-dsa> (Minor issue; can be fixed via point release)
NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt
NOTE: When fixing this issue make sure to use a complete fix and not open up
NOTE: CVE-2020-11998 (a regression introduced in 5.15.12 in the commit preventing
@@ -25044,7 +29571,7 @@ CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration
NOTE: https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc
NOTE: https://trac.ffmpeg.org/ticket/8673
CVE-2020-13903
- RESERVED
+ REJECTED
CVE-2020-13902 (ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-re ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <not-affected> (Not affected, tiff uses TIFF_SETGET_C32_UINT32)
@@ -25076,8 +29603,8 @@ CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows
NOT-FOR-US: Maipu devices
CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows ...)
NOT-FOR-US: DEXT5 Editor
-CVE-2020-13893
- RESERVED
+CVE-2020-13893 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sage Eas ...)
+ NOT-FOR-US: Sage EasyPay
CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS. ...)
NOT-FOR-US: SportsPress plugin for WordPress
CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS ...)
@@ -25257,7 +29784,7 @@ CVE-2020-13823
RESERVED
CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleabi ...)
- node-elliptic 6.5.3~dfsg-1 (bug #963149)
- [buster] - node-elliptic <no-dsa> (Minor issue)
+ [buster] - node-elliptic 6.4.1~dfsg-1+deb10u1
NOTE: https://github.com/indutny/elliptic/issues/226
CVE-2020-13821 (An issue was discovered in HiveMQ Broker Control Center 4.3.2. A craft ...)
NOT-FOR-US: HiveMQ Broker Control Center
@@ -25321,8 +29848,8 @@ CVE-2020-13796 (An issue was discovered in Navigate CMS through 2.8.7. It allows
NOT-FOR-US: Navigate CMS
CVE-2020-13795 (An issue was discovered in Navigate CMS through 2.8.7. It allows Direc ...)
NOT-FOR-US: Navigate CMS
-CVE-2020-13794
- RESERVED
+CVE-2020-13794 (Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information ...)
+ NOT-FOR-US: Harbor
CVE-2020-13793 (Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a st ...)
NOT-FOR-US: Ivanti
CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via ajax.php?type=../ad ...)
@@ -25382,8 +29909,8 @@ CVE-2020-13780
RESERVED
CVE-2020-13779
RESERVED
-CVE-2020-13778
- RESERVED
+CVE-2020-13778 (rConfig 3.9.4 and earlier allows authenticated code execution (of syst ...)
+ NOT-FOR-US: rConfig
CVE-2020-13777 (GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting ...)
{DSA-4697-1}
- gnutls28 3.6.14-1 (bug #962289)
@@ -25678,8 +30205,8 @@ CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL poi
NOTE: https://bugs.launchpad.net/qemu/+bug/1878259
NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html
NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82
-CVE-2020-13658
- RESERVED
+CVE-2020-13658 (In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF atta ...)
+ NOT-FOR-US: Lansweeper
CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free Antivirus ...)
NOT-FOR-US: Avast
CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implementation ...)
@@ -25738,11 +30265,14 @@ CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...)
CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...)
{DLA-2340-1}
- sqlite3 3.32.0-1
+ [buster] - sqlite3 <no-dsa> (Minor issue, will be fixed in point release)
[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
NOTE: https://sqlite.org/src/info/a4dd148928ea65bd
+ NOTE: https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730
CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name ...)
- sqlite3 3.32.0-1
+ [buster] - sqlite3 <ignored> (Minor issue, too intrusive to backport)
[stretch] - sqlite3 <not-affected> (Vulnerable code not present)
[jessie] - sqlite3 <no-dsa> (Too intrusive to backport)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
@@ -25750,17 +30280,19 @@ CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the
CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...)
{DLA-2340-1}
- sqlite3 3.32.0-1
+ [buster] - sqlite3 <no-dsa> (Minor issue, will be fixed in point release)
[jessie] - sqlite3 <not-affected> (Vulnerable code not found)
NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459
NOTE: https://sqlite.org/src/info/0d69f76f0865f962
+ NOTE: https://github.com/sqlite/sqlite/commit/becd68ba0dac41904aa817d96a67fb4685734b41
CVE-2020-13629
RESERVED
CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
- centreon-web <itp> (bug #913903)
CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...)
- centreon-web <itp> (bug #913903)
-CVE-2020-13626
- RESERVED
+CVE-2020-13626 (OnePlus App Locker through 2020-10-06 allows physically proximate atta ...)
+ NOT-FOR-US: OnePlus App Locker
CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...)
{DLA-2306-1 DLA-2244-1}
- libphp-phpmailer 6.1.6-1 (bug #962827)
@@ -25990,7 +30522,7 @@ CVE-2020-13523 (An exploitable information disclosure vulnerability exists in So
CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in SoftPerfe ...)
NOT-FOR-US: SoftPerfect
CVE-2020-13521
- RESERVED
+ REJECTED
CVE-2020-13520
RESERVED
CVE-2020-13519
@@ -26016,25 +30548,25 @@ CVE-2020-13510
CVE-2020-13509
RESERVED
CVE-2020-13508
- RESERVED
+ REJECTED
CVE-2020-13507
- RESERVED
+ REJECTED
CVE-2020-13506
- RESERVED
-CVE-2020-13505
- RESERVED
-CVE-2020-13504
- RESERVED
+ REJECTED
+CVE-2020-13505 (Parameter psClass in ednareporting.asmx is vulnerable to unauthenticat ...)
+ NOT-FOR-US: ednareporting.asmx
+CVE-2020-13504 (Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauth ...)
+ NOT-FOR-US: ednareporting.asmx
CVE-2020-13503
- RESERVED
+ REJECTED
CVE-2020-13502
- RESERVED
-CVE-2020-13501
- RESERVED
-CVE-2020-13500
- RESERVED
-CVE-2020-13499
- RESERVED
+ REJECTED
+CVE-2020-13501 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...)
+ NOT-FOR-US: CHaD.asmx
+CVE-2020-13500 (SQL injection vulnerability exists in the CHaD.asmx web service functi ...)
+ NOT-FOR-US: CHaD.asmx
+CVE-2020-13499 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...)
+ NOT-FOR-US: CHaD.asmx
CVE-2020-13498
RESERVED
CVE-2020-13497
@@ -26175,6 +30707,7 @@ CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vap
[buster] - sqlite3 <no-dsa> (Minor issue)
NOTE: https://www.sqlite.org/src/info/23439ea582241138
NOTE: https://www.sqlite.org/src/info/d08d3405878d394e
+ NOTE: https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018
CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...)
NOT-FOR-US: Jason2605 AdminPanel
CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...)
@@ -26287,8 +30820,8 @@ CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD0
NOT-FOR-US: Tenda devices
CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...)
NOT-FOR-US: jw.util
-CVE-2020-13387
- RESERVED
+CVE-2020-13387 (Pexip Infinity before 23.4 has a lack of input validation, leading to ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...)
NOT-FOR-US: SmartDraw
CVE-2020-13385
@@ -26373,64 +30906,66 @@ CVE-2020-13349
RESERVED
CVE-2020-13348
RESERVED
-CVE-2020-13347
- RESERVED
-CVE-2020-13346
- RESERVED
-CVE-2020-13345
- RESERVED
-CVE-2020-13344
- RESERVED
-CVE-2020-13343
- RESERVED
-CVE-2020-13342
- RESERVED
-CVE-2020-13341
- RESERVED
-CVE-2020-13340
- RESERVED
-CVE-2020-13339
- RESERVED
-CVE-2020-13338
- RESERVED
-CVE-2020-13337
- RESERVED
-CVE-2020-13336
- RESERVED
-CVE-2020-13335
- RESERVED
-CVE-2020-13334
- RESERVED
-CVE-2020-13333
- RESERVED
+CVE-2020-13347 (A command injection vulnerability was discovered in Gitlab runner vers ...)
+ - gitlab-ci-multi-runner <not-affected> (Only affects gitlab-runner when configured on Windows)
+CVE-2020-13346 (Membership changes are not reflected in ToDo subscriptions in GitLab v ...)
+ - gitlab 13.2.10-1
+CVE-2020-13345 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab 13.2.10-1
+CVE-2020-13344 (An issue has been discovered in GitLab affecting all versions prior to ...)
+ - gitlab 13.2.10-1
+CVE-2020-13343 (An issue has been discovered in GitLab affecting all versions starting ...)
+ - gitlab 13.2.10-1
+CVE-2020-13342 (An issue has been discovered in GitLab affecting versions prior to 13. ...)
+ - gitlab 13.2.10-1
+CVE-2020-13341 (An issue has been discovered in GitLab affecting all versions prior to ...)
+ - gitlab <unfixed>
+CVE-2020-13340 (An issue has been discovered in GitLab affecting all versions prior to ...)
+ - gitlab 13.2.10-1
+CVE-2020-13339 (An issue has been discovered in GitLab affecting all versions before 1 ...)
+ - gitlab 13.2.10-1
+CVE-2020-13338 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
+ - gitlab 13.2.3-2
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/213273
+CVE-2020-13337 (An issue has been discovered in GitLab affecting versions from 12.10 t ...)
+ - gitlab <not-affected> (Only affected 12.10 to 12.10.12)
+ NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/199049
+CVE-2020-13336 (An issue has been discovered in GitLab affecting versions from 11.8 be ...)
+ - gitlab <not-affected> (Only affected 11.x/12.x while unstable on 13.x)
+CVE-2020-13335 (Improper group membership validation when deleting a user account in G ...)
+ - gitlab 13.2.10-1
+CVE-2020-13334 (In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper autho ...)
+ - gitlab 13.2.10-1
+CVE-2020-13333 (A potential DOS vulnerability was discovered in GitLab versions 13.1, ...)
+ - gitlab 13.2.10-1
CVE-2020-13332
- RESERVED
-CVE-2020-13331
- RESERVED
-CVE-2020-13330
- RESERVED
-CVE-2020-13329
- RESERVED
-CVE-2020-13328
- RESERVED
-CVE-2020-13327
- RESERVED
-CVE-2020-13326
- RESERVED
-CVE-2020-13325
- RESERVED
-CVE-2020-13324
- RESERVED
-CVE-2020-13323
- RESERVED
-CVE-2020-13322
- RESERVED
-CVE-2020-13321
- RESERVED
-CVE-2020-13320
- RESERVED
-CVE-2020-13319
- RESERVED
+ REJECTED
+CVE-2020-13331 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
+ - gitlab 13.2.3-2
+CVE-2020-13330 (An issue has been discovered in GitLab affecting versions prior to 12. ...)
+ - gitlab 13.2.3-2
+CVE-2020-13329 (An issue has been discovered in GitLab affecting versions from 12.6.2 ...)
+ - gitlab 13.2.3-2
+CVE-2020-13328 (An issue has been discovered in GitLab affecting versions prior to 13. ...)
+ - gitlab 13.2.3-2
+CVE-2020-13327 (An issue has been discovered in GitLab Runner affecting all versions s ...)
+ - gitlab-ci-multi-runner <unfixed>
+CVE-2020-13326 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...)
+ - gitlab 13.2.3-2
+CVE-2020-13325 (A vulnerability was discovered in GitLab versions prior 13.1. The comm ...)
+ - gitlab 13.2.3-2
+CVE-2020-13324 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...)
+ - gitlab 13.2.3-2
+CVE-2020-13323 (A vulnerability was discovered in GitLab versions prior 13.1. Under ce ...)
+ - gitlab 13.2.3-2
+CVE-2020-13322 (A vulnerability was discovered in GitLab versions after 12.9. Due to i ...)
+ - gitlab 13.2.3-2
+CVE-2020-13321 (A vulnerability was discovered in GitLab versions prior to 13.1. Usern ...)
+ - gitlab 13.2.3-2
+CVE-2020-13320 (An issue has been discovered in GitLab before version 12.10.13 that al ...)
+ - gitlab 13.2.3-2
+CVE-2020-13319 (An issue has been discovered in GitLab affecting versions prior to 13. ...)
+ - gitlab 13.2.3-2
CVE-2020-13318 (A vulnerability was discovered in GitLab versions before 13.0.12, 13.1 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
@@ -26497,8 +31032,8 @@ CVE-2020-13298 (A vulnerability was discovered in GitLab versions before 13.1.10
CVE-2020-13297 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...)
- gitlab 13.2.8-1
NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/
-CVE-2020-13296
- RESERVED
+CVE-2020-13296 (An issue has been discovered in GitLab affecting versions &gt;=10.7 &l ...)
+ - gitlab 13.2.6-1
CVE-2020-13295 (For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd ...)
- gitlab-ci-multi-runner <unfixed>
NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
@@ -26708,7 +31243,7 @@ CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnera
NOTE: https://github.com/phpipam/phpipam/issues/3025
CVE-2020-13224 (TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices throu ...)
NOT-FOR-US: TP-LINK
-CVE-2020-13223 (HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1. ...)
+CVE-2020-13223 (HashiCorp Vault and Vault Enterprise logged proxy environment variable ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-13222
RESERVED
@@ -26821,8 +31356,8 @@ CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enf
NOTE: https://github.com/hashicorp/consul/pull/8068
CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platf ...)
NOT-FOR-US: SolarWinds
-CVE-2020-13168
- RESERVED
+CVE-2020-13168 (SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp acco ...)
+ NOT-FOR-US: SysAid
CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution ...)
NOT-FOR-US: Netsweeper
CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...)
@@ -26899,12 +31434,12 @@ CVE-2020-13134
CVE-2020-13133
RESERVED
CVE-2020-13132 (An issue was discovered in Yubico libykpiv before 2.1.0. An attacker c ...)
- - yubico-piv-tool <unfixed>
+ - yubico-piv-tool <unfixed> (bug #972644)
[stretch] - yubico-piv-tool <not-affected> (Vulnerable code not present)
NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-02/
NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/
CVE-2020-13131 (An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in ...)
- - yubico-piv-tool <unfixed>
+ - yubico-piv-tool <unfixed> (bug #972644)
[stretch] - yubico-piv-tool <not-affected> (Vulnerable code not present)
NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/
CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...)
@@ -26938,8 +31473,8 @@ CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authenticatio
NOT-FOR-US: Submitty
CVE-2020-13120
RESERVED
-CVE-2020-13119
- RESERVED
+CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to clickjacking. ...)
+ NOT-FOR-US: ismartgate PRO
CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...)
NOT-FOR-US: Mikrotik-Router-Monitoring-System
CVE-2020-13117
@@ -26988,8 +31523,8 @@ CVE-2020-13102
RESERVED
CVE-2020-13101 (In OASIS Digital Signature Services (DSS) 1.0, an attacker can control ...)
NOT-FOR-US: OASIS Digital Signature Services (DSS)
-CVE-2020-13100
- RESERVED
+CVE-2020-13100 (Arista&#8217;s CloudVision eXchange (CVX) server before 4.21.12M, 4.22 ...)
+ NOT-FOR-US: Arista
CVE-2020-13099
RESERVED
CVE-2020-13098
@@ -27322,8 +31857,8 @@ CVE-2020-12935
RESERVED
CVE-2020-12934
RESERVED
-CVE-2020-12933
- RESERVED
+CVE-2020-12933 (A denial of service vulnerability exists in the D3DKMTEscape handler f ...)
+ NOT-FOR-US: AMD ATIKMDAG.SYS
CVE-2020-12932
RESERVED
CVE-2020-12931
@@ -27332,8 +31867,8 @@ CVE-2020-12930
RESERVED
CVE-2020-12929
RESERVED
-CVE-2020-12928
- RESERVED
+CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...)
+ NOT-FOR-US: AMD Ryzen Master
CVE-2020-12927
RESERVED
CVE-2020-12926
@@ -27366,8 +31901,8 @@ CVE-2020-12913
RESERVED
CVE-2020-12912
RESERVED
-CVE-2020-12911
- RESERVED
+CVE-2020-12911 (A denial of service vulnerability exists in the D3DKMTCreateAllocation ...)
+ NOT-FOR-US: AMD ATIKMDAG.SYS
CVE-2020-12910
RESERVED
CVE-2020-12909
@@ -27413,7 +31948,9 @@ CVE-2020-12890
CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...)
NOT-FOR-US: MISP
CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...)
+ {DLA-2385-1}
- linux 5.8.7-1
+ [buster] - linux 4.19.146-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244
CVE-2020-12887 (Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 ...)
NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls)
@@ -27457,10 +31994,10 @@ CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolet
NOTE: for discussion.
CVE-2020-12871
RESERVED
-CVE-2020-12870
- RESERVED
-CVE-2020-12869
- RESERVED
+CVE-2020-12870 (RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username ...)
+ NOT-FOR-US: RainbowFish PacsOne Server
+CVE-2020-12869 (RainbowFish PacsOne Server 6.8.4 allows XSS. ...)
+ NOT-FOR-US: RainbowFish PacsOne Server
CVE-2020-12868
RESERVED
CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...)
@@ -27569,20 +32106,20 @@ CVE-2020-12845 (Cherokee 0.4.27 to 1.2.104 is affected by a denial of service du
- cherokee <removed>
CVE-2020-12844
RESERVED
-CVE-2020-12843
- RESERVED
-CVE-2020-12842
- RESERVED
-CVE-2020-12841
- RESERVED
-CVE-2020-12840
- RESERVED
-CVE-2020-12839
- RESERVED
-CVE-2020-12838
- RESERVED
-CVE-2020-12837
- RESERVED
+CVE-2020-12843 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12842 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12841 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12840 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12839 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12838 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...)
+ NOT-FOR-US: ismartgate PRO
+CVE-2020-12837 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...)
+ NOT-FOR-US: ismartgate PRO
CVE-2020-12836
RESERVED
CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to ...)
@@ -27622,8 +32159,8 @@ CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_par
[stretch] - libcroco <ignored> (Minor issue)
[jessie] - libcroco <ignored> (Minor issue)
NOTE: https://gitlab.gnome.org/GNOME/libcroco/-/issues/8
-CVE-2020-12824
- RESERVED
+CVE-2020-12824 (Pexip Infinity 23.x before 23.3 has improper input validation, leading ...)
+ NOT-FOR-US: Pexip Infinity
CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...)
{DLA-2212-1}
- openconnect 8.10-1 (unimportant; bug #960620)
@@ -27637,22 +32174,22 @@ CVE-2020-12820
RESERVED
CVE-2020-12819
RESERVED
-CVE-2020-12818
- RESERVED
-CVE-2020-12817
- RESERVED
-CVE-2020-12816
- RESERVED
-CVE-2020-12815
- RESERVED
+CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before 6.4.1 may al ...)
+ NOT-FOR-US: FortiGuard
+CVE-2020-12817 (An improper neutralization of input vulnerability in FortiAnalyzer bef ...)
+ NOT-FOR-US: FortiGuard
+CVE-2020-12816 (An improper neutralization of input vulnerability in FortiNAC before 8 ...)
+ NOT-FOR-US: FortiGuard
+CVE-2020-12815 (An improper neutralization of input vulnerability in FortiTester befor ...)
+ NOT-FOR-US: FortiGuard
CVE-2020-12814
RESERVED
CVE-2020-12813
RESERVED
CVE-2020-12812 (An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, ...)
NOT-FOR-US: Fortinet
-CVE-2020-12811
- RESERVED
+CVE-2020-12811 (An improper neutralization of script-related HTML tags in a web page i ...)
+ NOT-FOR-US: FortiGuard
CVE-2020-12810
RESERVED
CVE-2020-12809
@@ -27819,7 +32356,7 @@ CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configur
[buster] - consul <not-affected> (Vulnerable code not present)
NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md
NOTE: https://github.com/hashicorp/consul/pull/7783
-CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.x before 1.4.2 has Incorrect ...)
+CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured ...)
NOT-FOR-US: HashiCorp Vault
CVE-2020-12756
RESERVED
@@ -27915,8 +32452,8 @@ CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remot
NOT-FOR-US: COVIDSafe (Australia) app
CVE-2020-12716
RESERVED
-CVE-2020-12715
- RESERVED
+CVE-2020-12715 (RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. ...)
+ NOT-FOR-US: RainbowFish PacsOne Server
CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual Applia ...)
NOT-FOR-US: CipherMail
CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...)
@@ -27960,7 +32497,7 @@ CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-
- wpa <unfixed>
[buster] - wpa <no-dsa> (Minor issue)
- gupnp 1.2.3-1
- [buster] - gupnp <no-dsa> (Minor issue)
+ [buster] - gupnp 1.0.5-0+deb10u1
NOTE: https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt
NOTE: https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch
NOTE: https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch
@@ -27999,8 +32536,8 @@ CVE-2020-12678
REJECTED
CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin. A Web ...)
NOT-FOR-US: Progress MOVEit Automation Web Admin
-CVE-2020-12676
- RESERVED
+CVE-2020-12676 (FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge me ...)
+ NOT-FOR-US: FusionAuth
CVE-2020-12675 (The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPr ...)
NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress
CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...)
@@ -28050,8 +32587,8 @@ CVE-2020-12672 (GraphicsMagick through 1.3.35 has a heap-based buffer overflow i
NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/50395430a37188d0d197e71bd85ed6dd0f649ee3/
CVE-2020-12671
RESERVED
-CVE-2020-12670
- RESERVED
+CVE-2020-12670 (XSS exists in Webmin 1.941 and earlier affecting the Save function of ...)
+ - webmin <removed>
CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...)
- dolibarr <removed>
CVE-2020-12668
@@ -28132,8 +32669,9 @@ CVE-2020-12650
CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
NOT-FOR-US: Gurbalib
CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...)
- - tinymce <unfixed>
+ - tinymce <unfixed> (bug #972642)
[buster] - tinymce <no-dsa> (Minor issue)
+ [stretch] - tinymce <ignored> (Vulnerable code not present and not reproducible)
NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1
CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...)
NOT-FOR-US: Unisys ALGOL Compiler
@@ -28419,20 +32957,20 @@ CVE-2020-12508
RESERVED
CVE-2020-12507
RESERVED
-CVE-2020-12506
- RESERVED
-CVE-2020-12505
- RESERVED
-CVE-2020-12504
- RESERVED
-CVE-2020-12503
- RESERVED
-CVE-2020-12502
- RESERVED
-CVE-2020-12501
- RESERVED
-CVE-2020-12500
- RESERVED
+CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...)
+ NOT-FOR-US: WAGO
+CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...)
+ NOT-FOR-US: WAGO
+CVE-2020-12504 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ NOT-FOR-US: Pepperl+Fuchs
+CVE-2020-12503 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ NOT-FOR-US: Pepperl+Fuchs
+CVE-2020-12502 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ NOT-FOR-US: Pepperl+Fuchs
+CVE-2020-12501 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ NOT-FOR-US: Pepperl+Fuchs
+CVE-2020-12500 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...)
+ NOT-FOR-US: Pepperl+Fuchs
CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...)
NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer
CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...)
@@ -28683,6 +33221,7 @@ CVE-2020-12413 [racoon attack for NSS]
RESERVED
- nss <unfixed>
[buster] - nss <no-dsa> (Minor issue)
+ [stretch] - nss <no-dsa> (Minor issue)
NOTE: https://raccoon-attack.com/
CVE-2020-12412 (By navigating a tab using the history API, an attacker could cause the ...)
- firefox 70.0-1
@@ -28728,6 +33267,7 @@ CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404
CVE-2020-12403
RESERVED
+ {DLA-2388-1}
- nss 2:3.55-1
[buster] - nss <no-dsa> (Minor issue)
NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38
@@ -28735,12 +33275,12 @@ CVE-2020-12403
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868931
CVE-2020-12402 (During RSA key generation, bignum implementations used a variation of ...)
- {DSA-4726-1 DLA-2266-1}
+ {DSA-4726-1 DLA-2388-1 DLA-2266-1}
- nss 2:3.53.1-1 (bug #963152)
NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1
NOTE: Fixed upstream in 3.53.1
-CVE-2020-12401 [ECDSA timing attack mitigation bypass]
- RESERVED
+CVE-2020-12401 (During ECDSA signature generation, padding applied in the nonce design ...)
+ {DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
[buster] - nss <no-dsa> (Minor issue)
@@ -28748,8 +33288,8 @@ CVE-2020-12401 [ECDSA timing attack mitigation bypass]
NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private)
NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401
-CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function]
- RESERVED
+CVE-2020-12400 (When converting coordinates from projective to affine, the modular inv ...)
+ {DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
[buster] - nss <no-dsa> (Minor issue)
@@ -28759,7 +33299,7 @@ CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable mo
NOTE: Issue relates to CVE-2020-6829 and resolved in the same commits.
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12400
CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures, which ...)
- {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
+ {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2388-1 DLA-2266-1 DLA-2247-1 DLA-2243-1}
- firefox 77.0-1
- firefox-esr 68.9.0esr-1
- nss 2:3.53-1 (bug #961752)
@@ -28900,8 +33440,18 @@ CVE-2020-12353
RESERVED
CVE-2020-12352
RESERVED
+ {DSA-4774-1}
+ - linux 5.9.1-1
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq
+ NOTE: Fixed by: https://git.kernel.org/linus/eddb7732119d53400f48a02536a84c509692faa8
CVE-2020-12351
RESERVED
+ {DSA-4774-1}
+ - linux 5.9.1-1
+ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
+ NOTE: https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq
+ NOTE: Fixed by: https://git.kernel.org/linus/f19425641cb2572a33cb074d5e30283720bd4d22
CVE-2020-12350
RESERVED
CVE-2020-12349
@@ -28998,8 +33548,8 @@ CVE-2020-12304
RESERVED
CVE-2020-12303
RESERVED
-CVE-2020-12302
- RESERVED
+CVE-2020-12302 (Improper permissions in the Intel(R) Driver &amp; Support Assistant be ...)
+ NOT-FOR-US: Intel
CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...)
NOT-FOR-US: Intel
CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server Board Famil ...)
@@ -29042,12 +33592,12 @@ CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2
NOTE: https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726
CVE-2020-12283 (Sourcegraph before 3.15.1 has a vulnerable authentication workflow bec ...)
NOT-FOR-US: Sourcegraph
-CVE-2020-12282
- RESERVED
-CVE-2020-12281
- RESERVED
-CVE-2020-12280
- RESERVED
+CVE-2020-12282 (iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in ...)
+ NOT-FOR-US: iSmartgate PRO
+CVE-2020-12281 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
+ NOT-FOR-US: iSmartgate PRO
+CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...)
+ NOT-FOR-US: iSmartgate PRO
CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...)
- libgit2 0.28.4+dfsg.1-2
[buster] - libgit2 <no-dsa> (Minor issue; only problematic when used on NTFS like filesystem)
@@ -29385,16 +33935,16 @@ CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolde
NOT-FOR-US: AirDisk Pro app for iOS
CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...)
NOT-FOR-US: DONG JOO CHO File Transfer iFamily
-CVE-2020-12127
- RESERVED
-CVE-2020-12126
- RESERVED
-CVE-2020-12125
- RESERVED
-CVE-2020-12124
- RESERVED
-CVE-2020-12123
- RESERVED
+CVE-2020-12127 (An information disclosure vulnerability in the /cgi-bin/ExportAllSetti ...)
+ NOT-FOR-US: WAVLINK
+CVE-2020-12126 (Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoi ...)
+ NOT-FOR-US: WAVLINK
+CVE-2020-12125 (A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi ...)
+ NOT-FOR-US: WAVLINK
+CVE-2020-12124 (A remote command-line injection vulnerability in the /cgi-bin/live_api ...)
+ NOT-FOR-US: WAVLINK
+CVE-2020-12123 (CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 ...)
+ NOT-FOR-US: WAVLINK
CVE-2020-12122
RESERVED
CVE-2020-12121
@@ -29746,7 +34296,8 @@ CVE-2020-11988
CVE-2020-11987
RESERVED
CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...)
- - netbeans <unfixed>
+ - netbeans 12.1-1
+ [stretch] - netbeans <no-dsa> (Minor issue)
NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2
CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and mod_rewrite F ...)
- apache2 2.4.25-1
@@ -29775,8 +34326,12 @@ CVE-2020-11981 (An issue was found in Apache Airflow versions 1.10.10 and below.
- airflow <itp> (bug #819700)
CVE-2020-11980 (In Karaf, JMX authentication takes place using JAAS and authorization ...)
- apache-karaf <itp> (bug #881297)
-CVE-2020-11979
- RESERVED
+CVE-2020-11979 (As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissi ...)
+ - ant 1.10.9-1 (bug #971612)
+ [buster] - ant <not-affected> (Vulnerability not present as CVE-2020-1945 not addressed)
+ [stretch] - ant <not-affected> (Vulnerability not present as CVE-2020-1945 not addressed)
+ NOTE: https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E
+ NOTE: Issue is pesent depending on if CVE-2020-1945 was fixed.
CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and below. A rem ...)
- airflow <itp> (bug #819700)
CVE-2020-11977 (In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable ext ...)
@@ -29866,14 +34421,14 @@ CVE-2020-11942 (An issue was discovered in Open-AudIT 3.2.2. There are Multiple
CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...)
NOT-FOR-US: Open-AudIT
CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...)
- - ndpi <unfixed>
+ - ndpi <unfixed> (bug #972050)
[buster] - ndpi <not-affected> (Introduced in 3.0)
[stretch] - ndpi <not-affected> (Introduced in 3.0)
[jessie] - ndpi <not-affected> (Introduced in 3.0)
NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435
NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi
CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...)
- - ndpi <unfixed>
+ - ndpi <unfixed> (bug #972050)
[buster] - ndpi <not-affected> (Introduced in 3.0)
[stretch] - ndpi <not-affected> (Introduced in 3.0)
[jessie] - ndpi <not-affected> (Introduced in 3.0)
@@ -30090,16 +34645,16 @@ CVE-2020-11859
RESERVED
CVE-2020-11858
RESERVED
-CVE-2020-11857
- RESERVED
-CVE-2020-11856
- RESERVED
-CVE-2020-11855
- RESERVED
+CVE-2020-11857 (An Authorization Bypass vulnerability on Micro Focus Operation Bridge ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11856 (Arbitrary code execution vulnerability on Micro Focus Operation Bridge ...)
+ NOT-FOR-US: Micro Focus
+CVE-2020-11855 (An Authorization Bypass vulnerability on Micro Focus Operation Bridge ...)
+ NOT-FOR-US: Micro Focus
CVE-2020-11854
RESERVED
-CVE-2020-11853
- RESERVED
+CVE-2020-11853 (An arbitrary code execution vulnerability exists in Micro Focus Operat ...)
+ NOT-FOR-US: Micro Focus
CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure Messaging ...)
NOT-FOR-US: Micro Focus
CVE-2020-11851
@@ -30198,8 +34753,8 @@ CVE-2020-11807 (Because of Unrestricted Upload of a File with a Dangerous Type,
NOT-FOR-US: Sourcefabric Newscoop
CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...)
NOT-FOR-US: MailStore Outlook Add-in
-CVE-2020-11805
- RESERVED
+CVE-2020-11805 (Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Acc ...)
+ NOT-FOR-US: Pexip Reverse Proxy and TURN Server
CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to improper sanit ...)
NOT-FOR-US: Titan SpamTitan
CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...)
@@ -30208,8 +34763,11 @@ CVE-2020-11802
RESERVED
CVE-2020-11801
RESERVED
-CVE-2020-11800
- RESERVED
+CVE-2020-11800 (Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote att ...)
+ - zabbix 1:4.0.0+dfsg-1
+ NOTE: https://support.zabbix.com/browse/DEV-1538
+ NOTE: https://support.zabbix.com/browse/ZBX-17600
+ NOTE: https://support.zabbix.com/browse/ZBXSEC-30 (not public)
CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...)
NOT-FOR-US: Z-Cron
CVE-2020-11798 (A Directory Traversal vulnerability in the web conference component of ...)
@@ -30458,7 +35016,7 @@ CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows
NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04
NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28
CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...)
- - libsixel <unfixed> (low)
+ - libsixel <unfixed> (low; bug #972641)
[buster] - libsixel <no-dsa> (Minor issue)
[stretch] - libsixel <no-dsa> (Minor issue)
[jessie] - libsixel <no-dsa> (Minor issue)
@@ -30611,10 +35169,13 @@ CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a u
CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...)
{DLA-2340-1 DLA-2203-1}
- sqlite3 3.31.1-5
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <not-affected> (Introduced/exploitable in 3.30 with 3251a2031bfd29f338a5fda1a08c18878296d354)
NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c
NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed
NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11
+ NOTE: https://github.com/sqlite/sqlite/commit/3251a2031bfd29f338a5fda1a08c18878296d354
+ NOTE: https://github.com/sqlite/sqlite/commit/c415d91007e1680e4eb17def583b202c3c83c718
+ NOTE: https://github.com/sqlite/sqlite/commit/4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae
CVE-2020-11654
RESERVED
CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...)
@@ -30655,26 +35216,26 @@ CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15
NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0
NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html
-CVE-2020-11646
- RESERVED
-CVE-2020-11645
- RESERVED
-CVE-2020-11644
- RESERVED
-CVE-2020-11643
- RESERVED
-CVE-2020-11642
- RESERVED
-CVE-2020-11641
- RESERVED
+CVE-2020-11646 (A log information disclosure vulnerability in B&amp;R GateManager 4260 ...)
+ NOT-FOR-US: B&R GateManager
+CVE-2020-11645 (A denial of service vulnerability in B&amp;R GateManager 4260 and 9250 ...)
+ NOT-FOR-US: B&R GateManager
+CVE-2020-11644 (The information disclosure vulnerability present in B&amp;R GateManage ...)
+ NOT-FOR-US: B&R GateManager
+CVE-2020-11643 (An information disclosure vulnerability in B&amp;R GateManager 4260 an ...)
+ NOT-FOR-US: B&R GateManager
+CVE-2020-11642 (The local file inclusion vulnerability present in B&amp;R SiteManager ...)
+ NOT-FOR-US: B&R SiteManager
+CVE-2020-11641 (A local file inclusion vulnerability in B&amp;R SiteManager versions & ...)
+ NOT-FOR-US: B&R GateManager
CVE-2020-11640
RESERVED
CVE-2020-11639
RESERVED
CVE-2020-11638
RESERVED
-CVE-2020-11637
- RESERVED
+CVE-2020-11637 (A memory leak in the TFTP service in B&amp;R Automation Runtime versio ...)
+ NOT-FOR-US: B&R Automation Runtime
CVE-2020-11636
RESERVED
CVE-2020-11635
@@ -30857,7 +35418,7 @@ CVE-2020-11560 (NCH Express Invoice 7.25 allows local users to discover the clea
CVE-2020-11559
RESERVED
CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...)
- - gpac <unfixed>
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <not-affected> (Vulnerable code not present and not reproducible)
@@ -31021,8 +35582,8 @@ CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerabilit
NOT-FOR-US: Slack Nebula
CVE-2020-11497 (An issue was discovered in the NAB Transact extension 2.1.0 for the Wo ...)
NOT-FOR-US: NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress
-CVE-2020-11496
- RESERVED
+CVE-2020-11496 (Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers ...)
+ NOT-FOR-US: Sprecher SPRECON-E firmware
CVE-2020-11495
REJECTED
CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...)
@@ -31682,8 +36243,10 @@ CVE-2020-11175
RESERVED
CVE-2020-11174
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11173
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11172
RESERVED
CVE-2020-11171
@@ -31692,6 +36255,7 @@ CVE-2020-11170
RESERVED
CVE-2020-11169
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11168
RESERVED
CVE-2020-11167
@@ -31702,10 +36266,12 @@ CVE-2020-11165
RESERVED
CVE-2020-11164
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11163
RESERVED
CVE-2020-11162
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11161
RESERVED
CVE-2020-11160
@@ -31716,12 +36282,16 @@ CVE-2020-11158 (u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter
NOT-FOR-US: Qualcomm
CVE-2020-11157
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11156
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11155
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11154
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11153
RESERVED
CVE-2020-11152
@@ -31748,6 +36318,7 @@ CVE-2020-11142
RESERVED
CVE-2020-11141
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11140
RESERVED
CVE-2020-11139
@@ -31780,6 +36351,7 @@ CVE-2020-11126
RESERVED
CVE-2020-11125
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-11124 (u'Possible use-after-free while accessing diag client map table since ...)
NOT-FOR-US: Snapdragon
CVE-2020-11123
@@ -31961,10 +36533,14 @@ CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unesc
NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq
NOTE: https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e
CVE-2020-11077 (In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ...)
- - puma <unfixed>
+ {DLA-2398-1}
+ - puma 4.3.6-1 (bug #972102)
+ [buster] - puma <no-dsa> (Minor issue)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm
CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...)
- - puma <unfixed>
+ {DLA-2398-1}
+ - puma 4.3.6-1 (bug #972102)
+ [buster] - puma <no-dsa> (Minor issue)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h
NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd
CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...)
@@ -32001,7 +36577,7 @@ CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS oc
CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...)
{DLA-2353-1}
- bacula 9.6.5-1
- [buster] - bacula <no-dsa> (Minor issue; can be fixed via point release)
+ [buster] - bacula 9.4.2-2+deb10u1
- bareos <unfixed> (bug #968957)
[buster] - bareos <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - bareos <no-dsa> (minor issue, low priority)
@@ -32150,8 +36726,11 @@ CVE-2020-11032 (In GLPI before version 9.4.6, there is a SQL injection vulnerabi
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2020-11031
- RESERVED
+CVE-2020-11031 (In GLPI before version 9.5.0, the encryption algorithm used is insecur ...)
+ - glpi <removed> (unimportant)
+ NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-7xwm-4vjr-jvqh
+ NOTE: https://github.com/glpi-project/glpi/commit/f1ae6c8481e5c19a6f1801a5548cada45702e01a#diff-b5d0ee8c97c7abd7e3fa29b9a27d1780
+ NOTE: Only supported behind an authenticated HTTP zone
CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...)
- wordpress 5.4.1+dfsg1-1 (bug #959391)
[buster] - wordpress <not-affected> (Vulnerable code not present)
@@ -32209,8 +36788,12 @@ CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5
[jessie] - drupal7 <not-affected> (Vulnerable code not embedded)
- node-jquery 3.5.0+dfsg-2
[buster] - node-jquery <no-dsa> (Minor issue)
+ - otrs2 6.0.30-1
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6
NOTE: https://www.drupal.org/sa-core-2020-002
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/
CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...)
{DSA-4693-1}
- jquery <removed>
@@ -32221,9 +36804,13 @@ CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0
[buster] - node-jquery <no-dsa> (Minor issue)
- drupal7 <removed>
[jessie] - drupal7 <not-affected> (Vulnerable code not embedded)
+ - otrs2 6.0.30-1
+ [buster] - otrs2 <no-dsa> (Non-free not supported)
+ [stretch] - otrs2 <no-dsa> (Non-free not supported)
NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2
NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77
NOTE: https://www.drupal.org/sa-core-2020-002
+ NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/
CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...)
NOT-FOR-US: Actions Http-Client
CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...)
@@ -32500,12 +37087,22 @@ CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resulta
CVE-2020-10937
RESERVED
CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...)
- - sympa <unfixed> (bug #961491)
+ {DLA-2401-1}
+ - sympa 6.2.40~dfsg-5 (bug #961491)
+ [buster] - sympa <no-dsa> (Will be fixed via point release)
NOTE: https://sympa-community.github.io/security/2020-002.html
NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch
NOTE: Patch for sympa-6.1.25: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.1.25-sa-2020-002-r2.patch
NOTE: https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/
NOTE: https://github.com/sympa-community/sympa/issues/943
+CVE-2020-26932 (debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg- ...)
+ {DLA-2401-1}
+ - sympa 6.2.40~dfsg-7 (bug #971904)
+ [buster] - sympa <no-dsa> (Will be fixed via point release)
+ NOTE: Debian specific issue where sympa_newaliases-wrapper had loose permissions
+ NOTE: (already suid root and word-executable) allowing to gain root privileges
+ NOTE: without first to escalate to sympa user.
+ NOTE: https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1
CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with resulta ...)
- zulip-server <itp> (bug #800052)
CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. ...)
@@ -32767,8 +37364,8 @@ CVE-2020-10818 (Artica Proxy 4.26 allows remote command execution for an authent
NOT-FOR-US: Artica Proxy
CVE-2020-10817 (The custom-searchable-data-entry-system (aka Custom Searchable Data En ...)
NOT-FOR-US: custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin for WordPress
-CVE-2020-10816
- RESERVED
+CVE-2020-10816 (Zoho ManageEngine Applications Manager 14780 and before allows a remot ...)
+ NOT-FOR-US: Zoho ManageEngine
CVE-2020-10815
RESERVED
CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...)
@@ -32866,7 +37463,9 @@ CVE-2020-10783 (Red Hat CloudForms 4.7 and 5 is affected by a role-based privile
CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible version ...)
NOT-FOR-US: Ansible Tower
CVE-2020-10781 (A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel ...)
+ {DLA-2385-1}
- linux 5.7.10-1
+ [buster] - linux 4.19.146-1
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://www.openwall.com/lists/oss-security/2020/06/18/1
@@ -32933,8 +37532,10 @@ CVE-2020-10764
RESERVED
CVE-2020-10763
RESERVED
+ - heketi <itp> (bug #903384)
CVE-2020-10762
RESERVED
+ NOT-FOR-US: gluster-block
CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD) ...)
- qemu 1:5.0-6
[buster] - qemu <not-affected> (Vulnerable code introduced later)
@@ -32981,10 +37582,11 @@ CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder v
[jessie] - cinder <end-of-life> (OpenStack component, not supported in jessie LTS)
- python-os-brick 3.1.0-1 (low)
[buster] - python-os-brick <no-dsa> (Minor issue)
+ [stretch] - python-os-brick <no-dsa> (Minor issue)
NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...)
- - network-manager <unfixed> (unimportant)
+ - network-manager 1.24.2-1 (unimportant)
NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448
NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4
NOTE: Only affects builds enabling ifcfg-rh settings plugin, source-wise only
@@ -33011,8 +37613,8 @@ CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1, w
NOT-FOR-US: Keycloak
CVE-2020-10747
REJECTED
-CVE-2020-10746
- RESERVED
+CVE-2020-10746 (A flaw was found in Infinispan version 10, where it permits local acce ...)
+ NOT-FOR-US: Infinispan
CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 4.11.11 ...)
- samba 2:4.12.5+dfsg-1
[buster] - samba <postponed> (Minor issue, fix along in next DSA)
@@ -33106,8 +37708,8 @@ CVE-2020-10723 (A memory corruption issue was found in DPDK versions 17.05 and a
CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A missing ...)
{DSA-4688-1}
- dpdk 19.11.2-1 (bug #960936)
-CVE-2020-10721
- RESERVED
+CVE-2020-10721 (A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When usi ...)
+ NOT-FOR-US: fabric8-maven-plugin
CVE-2020-10720 (A flaw was found in the Linux kernel's implementation of GRO in versio ...)
- linux 5.2.6-1
[buster] - linux 4.19.67-1
@@ -33134,8 +37736,7 @@ CVE-2020-10716
NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation
CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...)
NOT-FOR-US: Openshift Web Console
-CVE-2020-10714
- RESERVED
+CVE-2020-10714 (A flaw was found in WildFly Elytron version 1.11.3.Final and before. W ...)
NOT-FOR-US: WildFly Elytron
CVE-2020-10713 (A flaw was found in grub2, prior to version 2.06. An attacker may use ...)
{DSA-4735-1}
@@ -33256,10 +37857,12 @@ CVE-2020-10688
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
NOTE: https://github.com/quarkusio/quarkus/issues/7248
NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted)
-CVE-2020-10687
- RESERVED
- - undertow <undetermined>
+CVE-2020-10687 (A flaw was discovered in all versions of Undertow before Undertow 2.2. ...)
+ - undertow 2.2.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049
+ NOTE: https://issues.jboss.org/browse/UNDERTOW-1780
+ NOTE: https://github.com/undertow-io/undertow/pull/951
+ NOTE: https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e (2.2.0.Final)
CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in ...)
NOT-FOR-US: Keycloak
CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...)
@@ -34152,7 +38755,7 @@ CVE-2020-10290 (Universal Robots controller execute URCaps (zip files containing
CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary objects. Th ...)
{DLA-2357-1}
- ros-actionlib 1.13.1-4 (bug #968830)
- [buster] - ros-actionlib <no-dsa> (Minor issue)
+ [buster] - ros-actionlib 1.11.15-1+deb10u1
NOTE: https://github.com/ros/actionlib/pull/171
CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...)
NOT-FOR-US: ABB IRC5
@@ -34276,8 +38879,7 @@ CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a
NOTE: Crash in CLI tool, no security impact
CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack ...)
{DLA-2137-1}
- [experimental] - sleuthkit 4.9.0+dfsg-1
- - sleuthkit <unfixed> (low; bug #953976)
+ - sleuthkit 4.9.0+dfsg-2 (low; bug #953976)
[buster] - sleuthkit <no-dsa> (Minor issue)
[stretch] - sleuthkit <no-dsa> (Minor issue)
NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836
@@ -34371,7 +38973,7 @@ CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote
CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...)
{DLA-2341-1 DLA-2176-1}
- inetutils 2:1.9.4-12 (bug #956084)
- [buster] - inetutils <no-dsa> (Minor issue)
+ [buster] - inetutils 2:1.9.4-7+deb10u1
- netkit-telnet 0.17-18woody2 (bug #953477)
- netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478)
NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
@@ -34493,12 +39095,12 @@ CVE-2020-10142
RESERVED
CVE-2020-10141
RESERVED
-CVE-2020-10140
- RESERVED
-CVE-2020-10139
- RESERVED
-CVE-2020-10138
- RESERVED
+CVE-2020-10140 (Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramDa ...)
+ NOT-FOR-US: Acronis
+CVE-2020-10139 (Acronis True Image 2021 includes an OpenSSL component that specifies a ...)
+ NOT-FOR-US: Acronis
+CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL comp ...)
+ NOT-FOR-US: Acronis
CVE-2020-10137
RESERVED
CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...)
@@ -34769,50 +39371,50 @@ CVE-2020-9999
RESERVED
CVE-2020-9998
RESERVED
-CVE-2020-9997
- RESERVED
+CVE-2020-9997 (An information disclosure issue was addressed with improved state mana ...)
+ NOT-FOR-US: Apple
CVE-2020-9996
RESERVED
CVE-2020-9995
RESERVED
-CVE-2020-9994
- RESERVED
+CVE-2020-9994 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
CVE-2020-9993
RESERVED
-CVE-2020-9992
- RESERVED
+CVE-2020-9992 (This issue was addressed by encrypting communications over the network ...)
+ NOT-FOR-US: Apple
CVE-2020-9991
RESERVED
-CVE-2020-9990
- RESERVED
+CVE-2020-9990 (A race condition was addressed with additional validation. This issue ...)
+ NOT-FOR-US: Apple
CVE-2020-9989
RESERVED
CVE-2020-9988
RESERVED
CVE-2020-9987
RESERVED
-CVE-2020-9986
- RESERVED
-CVE-2020-9985
- RESERVED
-CVE-2020-9984
- RESERVED
-CVE-2020-9983
- RESERVED
+CVE-2020-9986 (A file access issue existed with certain home folder files. This was a ...)
+ NOT-FOR-US: Apple
+CVE-2020-9985 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9984 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Safari
CVE-2020-9982
RESERVED
CVE-2020-9981
RESERVED
-CVE-2020-9980
- RESERVED
+CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
CVE-2020-9979
RESERVED
CVE-2020-9978
RESERVED
CVE-2020-9977
RESERVED
-CVE-2020-9976
- RESERVED
+CVE-2020-9976 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
CVE-2020-9975
RESERVED
CVE-2020-9974
@@ -34827,16 +39429,16 @@ CVE-2020-9970
RESERVED
CVE-2020-9969
RESERVED
-CVE-2020-9968
- RESERVED
+CVE-2020-9968 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
CVE-2020-9967
RESERVED
CVE-2020-9966
RESERVED
CVE-2020-9965
RESERVED
-CVE-2020-9964
- RESERVED
+CVE-2020-9964 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
CVE-2020-9963
RESERVED
CVE-2020-9962
@@ -34845,10 +39447,10 @@ CVE-2020-9961
RESERVED
CVE-2020-9960
RESERVED
-CVE-2020-9959
- RESERVED
-CVE-2020-9958
- RESERVED
+CVE-2020-9959 (A lock screen issue allowed access to messages on a locked device. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9958 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
CVE-2020-9957
RESERVED
CVE-2020-9956
@@ -34859,20 +39461,20 @@ CVE-2020-9954
RESERVED
CVE-2020-9953
RESERVED
-CVE-2020-9952
- RESERVED
-CVE-2020-9951
- RESERVED
+CVE-2020-9952 (An input validation issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-9951 (A use after free issue was addressed with improved memory management. ...)
+ NOT-FOR-US: Safari
CVE-2020-9950
RESERVED
CVE-2020-9949
RESERVED
-CVE-2020-9948
- RESERVED
+CVE-2020-9948 (A type confusion issue was addressed with improved memory handling. Th ...)
+ NOT-FOR-US: Safari
CVE-2020-9947
RESERVED
-CVE-2020-9946
- RESERVED
+CVE-2020-9946 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
CVE-2020-9945
RESERVED
CVE-2020-9944
@@ -34883,194 +39485,188 @@ CVE-2020-9942
RESERVED
CVE-2020-9941
RESERVED
-CVE-2020-9940
- RESERVED
-CVE-2020-9939
- RESERVED
-CVE-2020-9938
- RESERVED
-CVE-2020-9937
- RESERVED
-CVE-2020-9936
- RESERVED
-CVE-2020-9935
- RESERVED
-CVE-2020-9934
- RESERVED
-CVE-2020-9933
- RESERVED
+CVE-2020-9940 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9939 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-9938 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9937 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9936 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9935 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9934 (An issue existed in the handling of environment variables. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9933 (An authorization issue was addressed with improved state management. T ...)
+ NOT-FOR-US: Apple
CVE-2020-9932
RESERVED
-CVE-2020-9931
- RESERVED
+CVE-2020-9931 (A denial of service issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
CVE-2020-9930
RESERVED
-CVE-2020-9929
- RESERVED
-CVE-2020-9928
- RESERVED
-CVE-2020-9927
- RESERVED
+CVE-2020-9929 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9928 (Multiple memory corruption issues were addressed with improved memory ...)
+ NOT-FOR-US: Apple
+CVE-2020-9927 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
CVE-2020-9926
RESERVED
-CVE-2020-9925
- RESERVED
+CVE-2020-9925 (A logic issue was addressed with improved state management. This issue ...)
{DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
-CVE-2020-9924
- RESERVED
-CVE-2020-9923
- RESERVED
+CVE-2020-9924 (A logic issue was addressed with improved state management. This issue ...)
+ NOT-FOR-US: Apple
+CVE-2020-9923 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
CVE-2020-9922
RESERVED
-CVE-2020-9921
- RESERVED
-CVE-2020-9920
- RESERVED
-CVE-2020-9919
- RESERVED
-CVE-2020-9918
- RESERVED
-CVE-2020-9917
- RESERVED
-CVE-2020-9916
- RESERVED
-CVE-2020-9915
- RESERVED
+CVE-2020-9921 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9920 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
+CVE-2020-9919 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9918 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9917 (This issue was addressed with improved checks. This issue is fixed in ...)
+ NOT-FOR-US: Apple
+CVE-2020-9916 (A URL Unicode encoding issue was addressed with improved state managem ...)
+ NOT-FOR-US: Apple
+CVE-2020-9915 (An access issue existed in Content Security Policy. This issue was add ...)
{DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
-CVE-2020-9914
- RESERVED
-CVE-2020-9913
- RESERVED
-CVE-2020-9912
- RESERVED
-CVE-2020-9911
- RESERVED
-CVE-2020-9910
- RESERVED
-CVE-2020-9909
- RESERVED
-CVE-2020-9908
- RESERVED
-CVE-2020-9907
- RESERVED
-CVE-2020-9906
- RESERVED
-CVE-2020-9905
- RESERVED
-CVE-2020-9904
- RESERVED
-CVE-2020-9903
- RESERVED
-CVE-2020-9902
- RESERVED
-CVE-2020-9901
- RESERVED
-CVE-2020-9900
- RESERVED
-CVE-2020-9899
- RESERVED
-CVE-2020-9898
- RESERVED
+CVE-2020-9914 (An input validation issue existed in Bluetooth. This issue was address ...)
+ NOT-FOR-US: Apple
+CVE-2020-9913 (This issue was addressed with improved data protection. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9912 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Safari
+CVE-2020-9911 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Safari
+CVE-2020-9910 (Multiple issues were addressed with improved logic. This issue is fixe ...)
+ NOT-FOR-US: Safari
+CVE-2020-9909 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9908 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9907 (A memory corruption issue was addressed by removing the vulnerable cod ...)
+ NOT-FOR-US: Apple
+CVE-2020-9906 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-9905 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9904 (A memory corruption issue was addressed with improved state management ...)
+ NOT-FOR-US: Apple
+CVE-2020-9903 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Safari
+CVE-2020-9902 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9901 (An issue existed within the path validation logic for symlinks. This i ...)
+ NOT-FOR-US: Apple
+CVE-2020-9900 (An issue existed within the path validation logic for symlinks. This i ...)
+ NOT-FOR-US: Apple
+CVE-2020-9899 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
+CVE-2020-9898 (This issue was addressed with improved entitlements. This issue is fix ...)
+ NOT-FOR-US: Apple
CVE-2020-9897
RESERVED
CVE-2020-9896
RESERVED
-CVE-2020-9895
- RESERVED
+CVE-2020-9895 (A use after free issue was addressed with improved memory management. ...)
{DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
-CVE-2020-9894
- RESERVED
+CVE-2020-9894 (An out-of-bounds read was addressed with improved input validation. Th ...)
{DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
-CVE-2020-9893
- RESERVED
+CVE-2020-9893 (A use after free issue was addressed with improved memory management. ...)
{DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
-CVE-2020-9892
- RESERVED
-CVE-2020-9891
- RESERVED
-CVE-2020-9890
- RESERVED
-CVE-2020-9889
- RESERVED
-CVE-2020-9888
- RESERVED
-CVE-2020-9887
- RESERVED
+CVE-2020-9892 (Multiple memory corruption issues were addressed with improved state m ...)
+ NOT-FOR-US: Apple
+CVE-2020-9891 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9890 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9889 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9888 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9887 (A memory corruption issue was addressed with improved input validation ...)
+ NOT-FOR-US: Apple
CVE-2020-9886
RESERVED
-CVE-2020-9885
- RESERVED
-CVE-2020-9884
- RESERVED
-CVE-2020-9883
- RESERVED
-CVE-2020-9882
- RESERVED
-CVE-2020-9881
- RESERVED
-CVE-2020-9880
- RESERVED
-CVE-2020-9879
- RESERVED
-CVE-2020-9878
- RESERVED
-CVE-2020-9877
- RESERVED
-CVE-2020-9876
- RESERVED
-CVE-2020-9875
- RESERVED
-CVE-2020-9874
- RESERVED
-CVE-2020-9873
- RESERVED
-CVE-2020-9872
- RESERVED
-CVE-2020-9871
- RESERVED
-CVE-2020-9870
- RESERVED
-CVE-2020-9869
- RESERVED
-CVE-2020-9868
- RESERVED
+CVE-2020-9885 (An issue existed in the handling of iMessage tapbacks. The issue was r ...)
+ NOT-FOR-US: Apple
+CVE-2020-9884 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9883 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9882 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9881 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9880 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9879 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9878 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9876 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9875 (An integer overflow was addressed through improved input validation. T ...)
+ NOT-FOR-US: Apple
+CVE-2020-9874 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9873 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
+CVE-2020-9872 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9871 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ NOT-FOR-US: Apple
+CVE-2020-9870 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9869 (A memory corruption issue was addressed with improved memory handling. ...)
+ NOT-FOR-US: Apple
+CVE-2020-9868 (A certificate validation issue existed when processing administrator a ...)
+ NOT-FOR-US: Apple
CVE-2020-9867
RESERVED
CVE-2020-9866
RESERVED
-CVE-2020-9865
- RESERVED
-CVE-2020-9864
- RESERVED
-CVE-2020-9863
- RESERVED
-CVE-2020-9862
- RESERVED
+CVE-2020-9865 (A memory corruption issue was addressed by removing the vulnerable cod ...)
+ NOT-FOR-US: Apple
+CVE-2020-9864 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9863 (A memory initialization issue was addressed with improved memory handl ...)
+ NOT-FOR-US: Apple
+CVE-2020-9862 (A command injection issue existed in Web Inspector. This issue was add ...)
{DSA-4739-1}
- webkit2gtk 2.28.4-1
[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -35091,10 +39687,10 @@ CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixe
NOT-FOR-US: Apple
CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...)
NOT-FOR-US: Apple
-CVE-2020-9854
- RESERVED
-CVE-2020-9853
- RESERVED
+CVE-2020-9854 (A logic issue was addressed with improved validation. This issue is fi ...)
+ NOT-FOR-US: Apple
+CVE-2020-9853 (A memory corruption issue was addressed with improved validation. This ...)
+ NOT-FOR-US: Apple
CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...)
NOT-FOR-US: Apple
CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...)
@@ -35125,7 +39721,7 @@ CVE-2020-9843 (An input validation issue was addressed with improved input valid
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.3-1
NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
-CVE-2020-9842 (This issue was addressed with improved checks. This issue is fixed in ...)
+CVE-2020-9842 (An entitlement parsing issue was addressed with improved parsing. This ...)
NOT-FOR-US: Apple
CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...)
NOT-FOR-US: Apple
@@ -35153,8 +39749,8 @@ CVE-2020-9830 (A memory corruption issue was addressed with improved state manag
NOT-FOR-US: Apple
CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...)
NOT-FOR-US: Apple
-CVE-2020-9828
- RESERVED
+CVE-2020-9828 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...)
@@ -35189,8 +39785,8 @@ CVE-2020-9812 (An information disclosure issue was addressed with improved state
NOT-FOR-US: Apple
CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...)
NOT-FOR-US: Apple
-CVE-2020-9810
- RESERVED
+CVE-2020-9810 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...)
NOT-FOR-US: Apple
CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...)
@@ -35236,20 +39832,19 @@ CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issu
NOT-FOR-US: Apple
CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...)
NOT-FOR-US: Apple
-CVE-2020-9799
- RESERVED
+CVE-2020-9799 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ NOT-FOR-US: Apple
CVE-2020-9798
RESERVED
CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...)
NOT-FOR-US: Apple
-CVE-2020-9796
- RESERVED
+CVE-2020-9796 (A race condition was addressed with improved state handling. This issu ...)
+ NOT-FOR-US: Apple
CVE-2020-9795 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
- - sqlite3 <undetermined>
- NOTE: https://vuldb.com/?id.155768
- NOTE: As usual Apple advisories are too unspecific
+ NOT-FOR-US: sqlite3 as used by Apple
+ NOTE: No details available due to typical Apple intransparency
CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...)
@@ -35262,8 +39857,8 @@ CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds c
NOT-FOR-US: Apple
CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...)
NOT-FOR-US: Apple
-CVE-2020-9787
- RESERVED
+CVE-2020-9787 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
CVE-2020-9786
RESERVED
CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...)
@@ -35278,8 +39873,8 @@ CVE-2020-9781 (The issue was addressed by clearing website permission prompts af
NOT-FOR-US: Apple
CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...)
NOT-FOR-US: Apple
-CVE-2020-9779
- RESERVED
+CVE-2020-9779 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ NOT-FOR-US: Apple
CVE-2020-9778
RESERVED
CVE-2020-9777 (An issue existed in the selection of video file by Mail. The issue was ...)
@@ -35292,10 +39887,10 @@ CVE-2020-9774
RESERVED
CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...)
NOT-FOR-US: Apple
-CVE-2020-9772
- RESERVED
-CVE-2020-9771
- RESERVED
+CVE-2020-9772 (A logic issue was addressed with improved restrictions. This issue is ...)
+ NOT-FOR-US: Apple
+CVE-2020-9771 (This issue was addressed with a new entitlement. This issue is fixed i ...)
+ NOT-FOR-US: Apple
CVE-2020-9770 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. This i ...)
@@ -35407,16 +40002,16 @@ CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move
NOT-FOR-US: Naver Cloud Explorer
CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an ...)
NOT-FOR-US: Naver Cloud Explorer
-CVE-2020-9750
- RESERVED
-CVE-2020-9749
- RESERVED
-CVE-2020-9748
- RESERVED
-CVE-2020-9747
- RESERVED
-CVE-2020-9746
- RESERVED
+CVE-2020-9750 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9749 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9748 (Adobe Animate version 20.5 (and earlier) is affected by a stack overfl ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9747 (Adobe Animate version 20.5 (and earlier) is affected by a double free ...)
+ NOT-FOR-US: Adobe
+CVE-2020-9746 (Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an ...)
+ NOT-FOR-US: Adobe Flash Plugin
CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
NOT-FOR-US: Adobe
CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...)
@@ -35937,11 +40532,15 @@ CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. Af
CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...)
NOT-FOR-US: Dahua
CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved inpro ...)
- - guacamole-client <unfixed> (bug #964195)
+ - guacamole-server <unfixed> (bug #964195)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3
+ NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/
+ NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb
CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...)
- - guacamole-client <unfixed> (bug #964195)
+ - guacamole-server <unfixed> (bug #964195)
NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2
+ NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/
+ NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb
CVE-2020-9496 (XML-RPC request are vulnerable to unsafe deserialization and Cross-Sit ...)
NOT-FOR-US: Apache OFBiz
CVE-2020-9495 (Apache Archiva login service before 2.2.5 is vulnerable to LDAP inject ...)
@@ -35954,8 +40553,8 @@ CVE-2020-9493
RESERVED
CVE-2020-9492
RESERVED
-CVE-2020-9491
- RESERVED
+CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by ...)
+ NOT-FOR-US: Apache NiFi
CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted valu ...)
{DSA-4757-1}
- apache2 2.4.46-1
@@ -35979,10 +40578,10 @@ CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache L
NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819
NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b (release-2.x)
NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb (master)
-CVE-2020-9487
- RESERVED
-CVE-2020-9486
- RESERVED
+CVE-2020-9487 (In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time pass ...)
+ NOT-FOR-US: Apache NiFi
+CVE-2020-9486 (In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine p ...)
+ NOT-FOR-US: Apache NiFi
CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and below. A sto ...)
- airflow <itp> (bug #819700)
CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...)
@@ -36158,8 +40757,8 @@ CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash.
NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2530f740d67d41908e84434bb5ec99480c2ac2e
CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...)
NOT-FOR-US: PDFescape
-CVE-2020-9417
- RESERVED
+CVE-2020-9417 (The Transaction Insight reporting component of TIBCO Software Inc.'s T ...)
+ NOT-FOR-US: TIBCO
CVE-2020-9416 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...)
NOT-FOR-US: TIBCO
CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...)
@@ -36234,7 +40833,7 @@ CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a
CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...)
- - zint <itp> (bug #732141)
+ - zint <not-affected> (Fixed with initial upload to archive)
CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...)
NOT-FOR-US: Subex
CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...)
@@ -36302,14 +40901,14 @@ CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 tr
NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b (v4.8.0)
NOTE: Follow-up: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a (v4.8.0)
NOTE: Introduced due to: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 (v4.7.0)
-CVE-2020-9361
- RESERVED
+CVE-2020-9361 (CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local use ...)
+ NOT-FOR-US: CryptoPro CSP
CVE-2020-9360
RESERVED
CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...)
{DLA-2159-1}
- okular 4:19.12.3-2 (bug #954891)
- [buster] - okular <no-dsa> (Minor issue)
+ [buster] - okular <no-dsa> (Minor issue, will be fixed via point update)
[stretch] - okular <no-dsa> (Minor issue)
NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244
NOTE: https://kde.org/info/security/advisory-20200312-1.txt
@@ -36382,8 +40981,8 @@ CVE-2020-9333
RESERVED
CVE-2020-9332 (ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 ...)
NOT-FOR-US: FabulaTech
-CVE-2020-9331
- RESERVED
+CVE-2020-9331 (CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Pri ...)
+ NOT-FOR-US: CryptoPro CSP
CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...)
NOT-FOR-US: Xerox
CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...)
@@ -36392,12 +40991,14 @@ CVE-2020-9328
RESERVED
CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...)
- sqlite3 3.31.1-3 (bug #951835)
- [buster] - sqlite3 <no-dsa> (Minor issue)
+ [buster] - sqlite3 <not-affected> (Vulnerable code not present)
[stretch] - sqlite3 <not-affected> (vulnerable code not present)
[jessie] - sqlite3 <not-affected> (vulnerable code not present)
NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380
NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e
NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900
+ NOTE: https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d
+ NOTE: https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21
CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...)
NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac
CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...)
@@ -36491,9 +41092,9 @@ CVE-2020-9285
CVE-2020-9284
RESERVED
CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...)
+ {DLA-2402-1}
- golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462)
[buster] - golang-go.crypto <no-dsa> (Minor issue)
- [stretch] - golang-go.crypto <no-dsa> (Minor issue)
[jessie] - golang-go.crypto <no-dsa> (Minor issue)
NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236
CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...)
@@ -36551,8 +41152,8 @@ CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections agai
NOT-FOR-US: phpMyChat-Plus
CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...)
NOT-FOR-US: ESET
-CVE-2020-9263
- RESERVED
+CVE-2020-9263 (HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWE ...)
+ NOT-FOR-US: Huawei
CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
NOT-FOR-US: HUAWEI
CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...)
@@ -36597,12 +41198,12 @@ CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The s
NOT-FOR-US: Huawei
CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...)
NOT-FOR-US: Huawei
-CVE-2020-9240
- RESERVED
+CVE-2020-9240 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buff ...)
+ NOT-FOR-US: Huawei
CVE-2020-9239 (Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier t ...)
NOT-FOR-US: Huawei
-CVE-2020-9238
- RESERVED
+CVE-2020-9238 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buff ...)
+ NOT-FOR-US: Huawei
CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...)
NOT-FOR-US: Huawei
CVE-2020-9236
@@ -36617,8 +41218,8 @@ CVE-2020-9232
RESERVED
CVE-2020-9231
RESERVED
-CVE-2020-9230
- RESERVED
+CVE-2020-9230 (WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due ...)
+ NOT-FOR-US: Huawei
CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
NOT-FOR-US: Huawei
CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
@@ -36831,10 +41432,10 @@ CVE-2020-9125
RESERVED
CVE-2020-9124
RESERVED
-CVE-2020-9123
- RESERVED
-CVE-2020-9122
- RESERVED
+CVE-2020-9123 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versi ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9122 (Some Huawei products have an insufficient input verification vulnerabi ...)
+ NOT-FOR-US: Huawei
CVE-2020-9121
RESERVED
CVE-2020-9120
@@ -36851,24 +41452,24 @@ CVE-2020-9115
RESERVED
CVE-2020-9114
RESERVED
-CVE-2020-9113
- RESERVED
-CVE-2020-9112
- RESERVED
-CVE-2020-9111
- RESERVED
-CVE-2020-9110
- RESERVED
-CVE-2020-9109
- RESERVED
-CVE-2020-9108
- RESERVED
-CVE-2020-9107
- RESERVED
-CVE-2020-9106
- RESERVED
-CVE-2020-9105
- RESERVED
+CVE-2020-9113 (HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buf ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9112 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a priv ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9111 (E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9110 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an inf ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9109 (There is an information disclosure vulnerability in several smartphone ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9108 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an o ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9107 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an o ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9106 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a pa ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9105 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an ins ...)
+ NOT-FOR-US: Huawei
CVE-2020-9104 (HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2 ...)
NOT-FOR-US: Huawei
CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...)
@@ -36893,18 +41494,18 @@ CVE-2020-9094
RESERVED
CVE-2020-9093
RESERVED
-CVE-2020-9092
- RESERVED
-CVE-2020-9091
- RESERVED
-CVE-2020-9090
- RESERVED
+CVE-2020-9092 (HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a Ja ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9091 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out ...)
+ NOT-FOR-US: Huawei
+CVE-2020-9090 (FusionAccess version 6.5.1 has an improper authorization vulnerability ...)
+ NOT-FOR-US: Huawei
CVE-2020-9089
RESERVED
CVE-2020-9088
RESERVED
-CVE-2020-9087
- RESERVED
+CVE-2020-9087 (Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vul ...)
+ NOT-FOR-US: Huawei
CVE-2020-9086
RESERVED
CVE-2020-9085
@@ -36981,8 +41582,8 @@ CVE-2020-9050
RESERVED
CVE-2020-9049
RESERVED
-CVE-2020-9048
- RESERVED
+CVE-2020-9048 (A vulnerability in victor Web Client versions up to and including v5.4 ...)
+ NOT-FOR-US: Johnson Controls
CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized ...)
NOT-FOR-US: exacqVision Web Service
CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...)
@@ -37160,7 +41761,7 @@ CVE-2020-8968
CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...)
NOT-FOR-US: GESIO
CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...)
- NOT-FOR-US: Tiki-Wiki Groupware
+ - tikiwiki <removed>
CVE-2020-8965
RESERVED
CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...)
@@ -37179,8 +41780,8 @@ CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V
NOT-FOR-US: Guangzhou
CVE-2020-8957
RESERVED
-CVE-2020-8956
- RESERVED
+CVE-2020-8956 (Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 ...)
+ TODO: check
CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...)
{DLA-2157-1}
- weechat 2.7.1-1 (bug #951289)
@@ -37241,8 +41842,8 @@ CVE-2020-8931
RESERVED
CVE-2020-8930
RESERVED
-CVE-2020-8929
- RESERVED
+CVE-2020-8929 (A mis-handling of invalid unicode characters in the Java implementatio ...)
+ NOT-FOR-US: Tink
CVE-2020-8928
RESERVED
CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...)
@@ -37330,8 +41931,8 @@ CVE-2020-8889
RESERVED
CVE-2020-8888
RESERVED
-CVE-2020-8887
- RESERVED
+CVE-2020-8887 (Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 hav ...)
+ NOT-FOR-US: Telestream Tektronix Medius
CVE-2020-8886
RESERVED
CVE-2020-8885
@@ -37498,10 +42099,10 @@ CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vul
NOT-FOR-US: SockJS
CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices ...)
NOT-FOR-US: Digi TransPort
-CVE-2020-8821
- RESERVED
-CVE-2020-8820
- RESERVED
+CVE-2020-8821 (An Improper Data Validation Vulnerability exists in Webmin 1.941 and e ...)
+ - webmin <removed>
+CVE-2020-8820 (An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the ...)
+ - webmin <removed>
CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3.1.15 ...)
NOT-FOR-US: CardGate Payments plugin for WooCommerce
CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...)
@@ -37594,10 +42195,10 @@ CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions pri
NOT-FOR-US: SuiteCRM
CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...)
NOT-FOR-US: SuiteCRM
-CVE-2020-8782
- RESERVED
-CVE-2020-8781
- RESERVED
+CVE-2020-8782 (Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 al ...)
+ NOT-FOR-US: ALEOS
+CVE-2020-8781 (Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 an ...)
+ NOT-FOR-US: ALEOS
CVE-2020-8780
RESERVED
CVE-2020-8779
@@ -37819,8 +42420,8 @@ CVE-2020-8673
RESERVED
CVE-2020-8672
RESERVED
-CVE-2020-8671
- RESERVED
+CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...)
+ NOT-FOR-US: Intel
CVE-2020-8670
RESERVED
CVE-2020-8669
@@ -38110,12 +42711,28 @@ CVE-2020-8567
RESERVED
CVE-2020-8566
RESERVED
+ - kubernetes 1.19.3-1 (bug #972341)
+ NOTE: https://github.com/kubernetes/kubernetes/pull/95245
+ NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
+ NOTE: https://github.com/kubernetes/kubernetes/issues/95624
CVE-2020-8565
RESERVED
+ - kubernetes <unfixed> (bug #972649)
+ NOTE: https://github.com/kubernetes/kubernetes/pull/95316
+ NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
+ NOTE: https://github.com/kubernetes/kubernetes/issues/95623
CVE-2020-8564
RESERVED
+ - kubernetes 1.19.3-1 (bug #972341)
+ NOTE: https://github.com/kubernetes/kubernetes/pull/94712
+ NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
+ NOTE: https://github.com/kubernetes/kubernetes/issues/95622
CVE-2020-8563
RESERVED
+ - kubernetes <not-affected> (Only affects 19.x)
+ NOTE: https://github.com/kubernetes/kubernetes/pull/95236
+ NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk
+ NOTE: https://github.com/kubernetes/kubernetes/issues/95621
CVE-2020-8562
RESERVED
CVE-2020-8561
@@ -38594,22 +43211,22 @@ CVE-2020-8352
RESERVED
CVE-2020-8351
RESERVED
-CVE-2020-8350
- RESERVED
-CVE-2020-8349
- RESERVED
-CVE-2020-8348
- RESERVED
-CVE-2020-8347
- RESERVED
+CVE-2020-8350 (An authentication bypass vulnerability was reported in Lenovo ThinkPad ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8349 (An internal security review has identified an unauthenticated remote c ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8348 (A DOM-based cross-site scripting (XSS) vulnerability was reported in L ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8347 (A reflective cross-site scripting (XSS) vulnerability was reported in ...)
+ NOT-FOR-US: Lenovo
CVE-2020-8346 (A denial of service vulnerability was reported in the Lenovo Vantage c ...)
NOT-FOR-US: Lenovo
-CVE-2020-8345
- RESERVED
+CVE-2020-8345 (A DLL search path vulnerability was reported in the Lenovo HardwareSca ...)
+ NOT-FOR-US: Lenovo
CVE-2020-8344
- RESERVED
+ REJECTED
CVE-2020-8343
- RESERVED
+ REJECTED
CVE-2020-8342 (A race condition vulnerability was reported in Lenovo System Update pr ...)
NOT-FOR-US: Lenovo
CVE-2020-8341 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...)
@@ -38618,8 +43235,8 @@ CVE-2020-8340 (A cross-site scripting (XSS) vulnerability was discovered in the
NOT-FOR-US: IBM
CVE-2020-8339 (A cross-site scripting inclusion (XSSI) vulnerability was reported in ...)
NOT-FOR-US: IBM
-CVE-2020-8338
- RESERVED
+CVE-2020-8338 (A DLL search path vulnerability was reported in Lenovo Diagnostics pri ...)
+ NOT-FOR-US: Lenovo
CVE-2020-8337 (An unquoted search path vulnerability was reported in versions prior t ...)
NOT-FOR-US: Synaptics Smart Audio UWP app
CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on some Th ...)
@@ -38628,10 +43245,10 @@ CVE-2020-8335 (The BIOS tamper detection mechanism was not triggered in Lenovo T
NOT-FOR-US: Lenovo
CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
NOT-FOR-US: Lenovo
-CVE-2020-8333
- RESERVED
-CVE-2020-8332
- RESERVED
+CVE-2020-8333 (A potential vulnerability in the SMI callback function used in the EEP ...)
+ NOT-FOR-US: Lenovo
+CVE-2020-8332 (A potential vulnerability in the SMI callback function used in the leg ...)
+ NOT-FOR-US: Lenovo
CVE-2020-8331
REJECTED
CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...)
@@ -38639,13 +43256,13 @@ CVE-2020-8330 (A denial of service vulnerability was reported in the firmware pr
CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...)
NOT-FOR-US: Lenovo
CVE-2020-8328
- RESERVED
+ REJECTED
CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...)
NOT-FOR-US: Lenovo
CVE-2020-8326 (An unquoted service path vulnerability was reported in Lenovo Drivers ...)
NOT-FOR-US: Lenovo
CVE-2020-8325
- RESERVED
+ REJECTED
CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...)
NOT-FOR-US: Lenovo
CVE-2020-8323 (A potential vulnerability in the SMI callback function used in the Leg ...)
@@ -38773,8 +43390,12 @@ CVE-2020-8266
RESERVED
CVE-2020-8265
RESERVED
-CVE-2020-8264
+CVE-2020-8264 [Possible XSS Vulnerability in Action Pack in Development Mode]
RESERVED
+ - rails 2:6.0.3.4+dfsg-1 (bug #971988)
+ [buster] - rails <not-affected> (Vulnerable code not present)
+ [stretch] - rails <not-affected> (Vulnerable code not present)
+ NOTE: https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ
CVE-2020-8263
RESERVED
CVE-2020-8262
@@ -38789,8 +43410,8 @@ CVE-2020-8258
RESERVED
CVE-2020-8257
RESERVED
-CVE-2020-8256
- RESERVED
+CVE-2020-8256 (A vulnerability in the Pulse Connect Secure &lt; 9.1R8.2 admin web int ...)
+ NOT-FOR-US: Pulse Connect Secure
CVE-2020-8255
RESERVED
CVE-2020-8254
@@ -38798,10 +43419,17 @@ CVE-2020-8254
CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...)
NOT-FOR-US: Citrix
CVE-2020-8252 (The implementation of realpath in libuv &lt; 10.22.1, &lt; 12.18.4, an ...)
- - libuv1 1.39.0-1
+ - libuv1 1.39.0-1 (unimportant)
+ [stretch] - libuv1 <not-affected> (Vulnerable code introduced later)
+ NOTE: https://hackerone.com/reports/965914
NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
- NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one
- NOTE: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd
+ NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead
+ NOTE: of the bundled one.
+ NOTE: https://github.com/libuv/libuv/issues/2965
+ NOTE: Introduced by: https://github.com/libuv/libuv/commit/b56d279b172fbe78dee2fb1d29cae9c9c5c6d1c4 (v1.24.0)
+ NOTE: Fixed by: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd (v1.39.0)
+ NOTE: Broken path in uv__fs_realpath() only taken when libuv1 build in
+ NOTE: pre-POSIX.2008 mode (defined(_POSIX_VERSION) && _POSIX_VERSION < 200809L).
CVE-2020-8251 (Node.js &lt; 14.11.0 is vulnerable to HTTP denial of service (DoS) att ...)
- nodejs <not-affected> (Only affects 14.x series)
NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251
@@ -38819,12 +43447,12 @@ CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 b
NOT-FOR-US: Citrix
CVE-2020-8244 (A buffer over-read vulnerability exists in bl &lt;4.0.3, &lt;3.0.1, &l ...)
- node-bl 4.0.3-1 (bug #969309)
- [buster] - node-bl <no-dsa> (Minor issue)
+ [buster] - node-bl 1.1.2-1+deb10u1
[stretch] - node-bl <no-dsa> (Minor issue)
NOTE: https://hackerone.com/reports/966347
NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190
-CVE-2020-8243
- RESERVED
+CVE-2020-8243 (A vulnerability in the Pulse Connect Secure &lt; 9.1R8.2 admin web int ...)
+ NOT-FOR-US: Pulse Connect Secure
CVE-2020-8242
RESERVED
CVE-2020-8241
@@ -38833,14 +43461,14 @@ CVE-2020-8240
RESERVED
CVE-2020-8239
RESERVED
-CVE-2020-8238
- RESERVED
+CVE-2020-8238 (A vulnerability in the authenticated user web interface of Pulse Conne ...)
+ NOT-FOR-US: Pulse Connect Secure
CVE-2020-8237 (Prototype pollution in json-bigint npm package &lt; 1.0.0 may lead to ...)
- TODO: check
+ NOT-FOR-US: Node json-bigint
CVE-2020-8236
RESERVED
-CVE-2020-8235
- RESERVED
+CVE-2020-8235 (Missing access control in Nextcloud Deck 1.0.4 caused an insecure dire ...)
+ NOT-FOR-US: Nextcloud Deck
CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware &lt;v1.9.1 w ...)
NOT-FOR-US: EdgeMax EdgeSwitch firmware
CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware &lt;v1 ...)
@@ -38849,7 +43477,9 @@ CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwi
NOT-FOR-US: Edgeswitch
CVE-2020-8231
RESERVED
+ {DLA-2382-1}
- curl 7.72.0-1 (bug #968831)
+ [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.haxx.se/docs/CVE-2020-8231.html
NOTE: https://github.com/curl/curl/pull/5824
NOTE: https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8
@@ -38860,8 +43490,8 @@ CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop
NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-034
NOTE: Windows-specific code in shell_integration/windows/OCUtil
NOTE: https://hackerone.com/reports/588562
-CVE-2020-8228
- RESERVED
+CVE-2020-8228 (A missing rate limit in the Preferred Providers app 1.7.0 allowed an a ...)
+ NOT-FOR-US: Preferred Providers app
CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client ...)
- nextcloud-desktop 3.0.1-1
[buster] - nextcloud-desktop <no-dsa> (Minor issue)
@@ -38877,8 +43507,8 @@ CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to loa
- nextcloud-desktop <not-affected> (Windows-specific)
NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030
NOTE: https://hackerone.com/reports/622170
-CVE-2020-8223
- RESERVED
+CVE-2020-8223 (A logic error in Nextcloud Server 19.0.0 caused a privilege escalation ...)
+ - nextcloud-server <itp> (bug #941708)
CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure &lt;9.1R ...)
NOT-FOR-US: Pulse
CVE-2020-8221 (A path traversal vulnerability exists in Pulse Connect Secure &lt;9.1R ...)
@@ -38917,7 +43547,7 @@ CVE-2020-8205 (The uppy npm package &lt; 1.13.2 and &lt; 2.0.0-alpha.5 is vulner
NOT-FOR-US: Node uppy
CVE-2020-8204 (A cross site scripting (XSS) vulnerability exists in Pulse Connect Sec ...)
NOT-FOR-US: Pulse
-CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash &lt;= ...)
+CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash before ...)
- node-lodash 4.17.19+dfsg-1 (bug #965283)
[buster] - node-lodash <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - node-lodash <end-of-life> (Nodejs in stretch not covered by security support)
@@ -38973,8 +43603,8 @@ CVE-2020-8184 (A reliance on cookies without validation/integrity check security
NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c
CVE-2020-8183
RESERVED
-CVE-2020-8182
- RESERVED
+CVE-2020-8182 (Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to ...)
+ NOT-FOR-US: Nextcloud Deck
CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...)
NOT-FOR-US: Nextcloud Contacts
CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...)
@@ -38989,6 +43619,7 @@ CVE-2020-8177
RESERVED
{DLA-2295-1}
- curl 7.72.0-1 (bug #965281)
+ [buster] - curl <no-dsa> (Minor issue)
NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html
NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0)
CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.6 ...)
@@ -39013,6 +43644,7 @@ CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6
CVE-2020-8169
RESERVED
- curl 7.72.0-1 (bug #965280)
+ [buster] - curl <no-dsa> (Minor issue)
[stretch] - curl <not-affected> (Vulnerable code introduced later)
[jessie] - curl <not-affected> (Vulnerable code introduced later)
NOTE: https://curl.haxx.se/docs/CVE-2020-8169.html
@@ -39020,31 +43652,33 @@ CVE-2020-8169
CVE-2020-8168 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...)
NOT-FOR-US: AirMax AirOS
CVE-2020-8167 (A CSRF vulnerability exists in rails &lt;= 6.0.3 rails-ujs module that ...)
+ {DSA-4766-1}
- rails 2:5.2.4.3+dfsg-1
[stretch] - rails <not-affected> (Vulnerable code introduced later)
[jessie] - rails <not-affected> (Vulnerable code introduced later)
NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
- NOTE: https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3
+ NOTE: https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3 (5.2)
CVE-2020-8166 (A CSRF forgery vulnerability exists in rails &lt; 5.2.5, rails &lt; 6. ...)
+ {DSA-4766-1}
- rails 2:5.2.4.3+dfsg-1
[stretch] - rails <not-affected> (Vulnerable code introduced later)
[jessie] - rails <not-affected> (Vulnerable code introduced later)
NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
- NOTE: https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1
+ NOTE: https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1 (5.2)
NOTE: per-form CSRF token introduced in 5.x: https://github.com/rails/rails/commit/3e98819e20bc113343d4d4c0df614865ad5a9d3a
CVE-2020-8165 (A deserialization of untrusted data vulnernerability exists in rails & ...)
- {DLA-2282-1 DLA-2251-1}
+ {DSA-4766-1 DLA-2282-1 DLA-2251-1}
- rails 2:5.2.4.3+dfsg-1
NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
- NOTE: https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend)
- NOTE: https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend)
+ NOTE: https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend) (5.2)
+ NOTE: https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend) (5.2)
NOTE: Redis backend introduced in 5.2: https://github.com/rails/rails/commit/9f8ec3535247ac41a9c92e84ddc7a3b771bc318b
CVE-2020-8164 (A deserialization of untrusted data vulnerability exists in rails &lt; ...)
- {DLA-2282-1 DLA-2251-1}
+ {DSA-4766-1 DLA-2282-1 DLA-2251-1}
[experimental] - rails 2:6.0.3.1+dfsg-1
- rails 2:5.2.4.3+dfsg-1
NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
- NOTE: https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec
+ NOTE: https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec (5.2)
CVE-2020-8163 (The is a code injection vulnerability in versions of Rails prior to 5. ...)
{DLA-2282-1}
- rails 2:5.2.0+dfsg-2
@@ -39058,11 +43692,12 @@ CVE-2020-8163 (The is a code injection vulnerability in versions of Rails prior
NOTE: https://github.com/rails/rails/commit/0ecaaf76d1b79cf2717cdac754e55b4114ad6599 (4-2-stable)
NOTE: For rails 5.0 the issue is fixed in >= 5.0.1
CVE-2020-8162 (A client side enforcement of server side security vulnerability exists ...)
+ {DSA-4766-1}
- rails 2:5.2.4.3+dfsg-1
[stretch] - rails <not-affected> (Vulnerable code introduced later)
[jessie] - rails <not-affected> (Vulnerable code introduced later)
NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released
- NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be
+ NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be (5.2)
CVE-2020-8161 (A directory traversal vulnerability exists in rack &lt; 2.2.0 that all ...)
{DLA-2275-1 DLA-2216-1}
- ruby-rack 2.1.1-5
@@ -39159,7 +43794,7 @@ CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and e
NOT-FOR-US: klona node module
CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...)
- node-url-parse 1.4.7-1
- [buster] - node-url-parse <no-dsa> (Minor issue)
+ [buster] - node-url-parse 1.2.0-2+deb10u1
[stretch] - node-url-parse <ignored> (Nodejs in stretch not covered by security support)
NOTE: https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b
NOTE: https://hackerone.com/reports/496293
@@ -39198,10 +43833,10 @@ CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 th
NOTE: https://github.com/uclouvain/openjpeg/issues/1231
CVE-2020-8111
RESERVED
-CVE-2020-8110
- RESERVED
-CVE-2020-8109
- RESERVED
+CVE-2020-8110 (A vulnerability has been discovered in the ceva_emu.cvd module that re ...)
+ NOT-FOR-US: Bitdefender
+CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that results ...)
+ NOT-FOR-US: Bitdefender
CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...)
NOT-FOR-US: Bitdefender
CVE-2020-8107
@@ -39376,7 +44011,7 @@ CVE-2020-8030
CVE-2020-8029
RESERVED
CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...)
- TODO: check
+ NOT-FOR-US: Salt configuration in SUSE Server Manager
CVE-2020-8027
RESERVED
CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...)
@@ -39392,6 +44027,7 @@ CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of
CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...)
- open-build-service <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649
+ NOTE: https://github.com/openSUSE/open-build-service/commit/7323c904f86ba9e04065c23422d06c03647589fb
CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...)
- open-build-service <unfixed>
NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439
@@ -39573,10 +44209,7 @@ CVE-2020-7945 (Local registry credentials were included directly in the CD4PE de
CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...)
NOT-FOR-US: Puppet Enterprise
CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...)
- - puppet <unfixed> (low)
- [stretch] - puppet <no-dsa> (Minor issue)
- [buster] - puppet <no-dsa> (Minor issue)
- [jessie] - puppet <not-affected> (vulnerable code not present)
+ - puppet <not-affected> (Doesn't affect Puppet masters (passenger-based) in Debian)
- puppetdb <unfixed> (low)
[buster] - puppetdb <no-dsa> (Minor issue)
NOTE: https://puppet.com/security/cve/CVE-2020-7943/
@@ -39600,7 +44233,7 @@ CVE-2020-7936 (An open redirect on the login form (and possibly other places) in
NOT-FOR-US: Plone
CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...)
NOT-FOR-US: Artica Pandora FMS
-CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, ...)
+CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle N ...)
NOT-FOR-US: LifeRay Portal
CVE-2020-7933
RESERVED
@@ -39866,8 +44499,8 @@ CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and
NOT-FOR-US: Kaoni
CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...)
NOT-FOR-US: Kaoni ezHTTPTrans
-CVE-2020-7811
- RESERVED
+CVE-2020-7811 (Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows priv ...)
+ NOT-FOR-US: Samsung
CVE-2020-7810 (hslogin2.dll ActiveX Control in Groupware contains a vulnerability tha ...)
NOT-FOR-US: hslogin2.dll ActiveX Control in Groupware
CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...)
@@ -39984,44 +44617,47 @@ CVE-2020-7754
RESERVED
CVE-2020-7753
RESERVED
-CVE-2020-7752
- RESERVED
-CVE-2020-7751
- RESERVED
-CVE-2020-7750
- RESERVED
-CVE-2020-7749
- RESERVED
-CVE-2020-7748
- RESERVED
-CVE-2020-7747
- RESERVED
+CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This packag ...)
+ TODO: check
+CVE-2020-7751 (This affects all versions of package pathval. ...)
+ - node-pathval 1.1.0-4 (bug #972895)
+ [buster] - node-pathval <no-dsa> (Minor issue)
+ NOTE: https://snyk.io/vuln/SNYK-JS-PATHVAL-596926
+ NOTE: https://github.com/chaijs/pathval/pull/58
+CVE-2020-7750 (This affects the package scratch-svg-renderer before 0.2.0-prerelease. ...)
+ NOT-FOR-US: scratch-svg-renderer nodejs module
+CVE-2020-7749 (This affects all versions of package osm-static-maps. User input given ...)
+ NOT-FOR-US: osm-static-maps nodejs module
+CVE-2020-7748 (This affects the package @tsed/core before 5.65.7. This vulnerability ...)
+ NOT-FOR-US: Ts.ED
+CVE-2020-7747 (This affects all versions of package lightning-server. It is possible ...)
+ NOT-FOR-US: lightning-server nodejs module
CVE-2020-7746
RESERVED
-CVE-2020-7745
- RESERVED
-CVE-2020-7744
- RESERVED
-CVE-2020-7743
- RESERVED
-CVE-2020-7742
- RESERVED
-CVE-2020-7741
- RESERVED
-CVE-2020-7740
- RESERVED
-CVE-2020-7739
- RESERVED
-CVE-2020-7738
- RESERVED
-CVE-2020-7737
- RESERVED
-CVE-2020-7736
- RESERVED
-CVE-2020-7735
- RESERVED
-CVE-2020-7734
- RESERVED
+CVE-2020-7745 (This affects the package MintegralAdSDK before 6.6.0.0. The SDK distri ...)
+ NOT-FOR-US: MintegralAdSDK
+CVE-2020-7744 (This affects all versions of package com.mintegral.msdk:alphab. The An ...)
+ NOT-FOR-US: com.mintegral.msdk:alphab
+CVE-2020-7743 (The package mathjs before 7.5.1 are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node mathjs
+CVE-2020-7742 (This affects the package simpl-schema before 1.10.2. ...)
+ NOT-FOR-US: Node simpl-schema
+CVE-2020-7741 (This affects the package hellojs before 1.18.6. The code get the param ...)
+ NOT-FOR-US: hello.js
+CVE-2020-7740 (This affects all versions of package node-pdf-generator. Due to lack o ...)
+ NOT-FOR-US: Node pdf-generator
+CVE-2020-7739 (This affects all versions of package phantomjs-seo. It is possible for ...)
+ NOT-FOR-US: Node phantomjs-seo
+CVE-2020-7738 (All versions of package shiba are vulnerable to Arbitrary Code Executi ...)
+ NOT-FOR-US: Node shiba
+CVE-2020-7737 (All versions of package safetydance are vulnerable to Prototype Pollut ...)
+ NOT-FOR-US: Node safetydance
+CVE-2020-7736 (The package bmoor before 0.8.12 are vulnerable to Prototype Pollution ...)
+ NOT-FOR-US: Node bmoor
+CVE-2020-7735 (The package ng-packagr before 10.1.1 are vulnerable to Command Injecti ...)
+ NOT-FOR-US: ng-packagr
+CVE-2020-7734 (All versions of package cabot are vulnerable to Cross-site Scripting ( ...)
+ NOT-FOR-US: cabot
CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to Regular Expre ...)
- node-ua-parser-js <not-affected> (No affected version present in the archive, introduced after 0.7.14 and fixed in 0.7.22)
NOTE: https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d
@@ -40035,7 +44671,7 @@ CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Inject
CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...)
{DLA-2368-1}
- grunt 1.3.0-1 (bug #969668)
- [buster] - grunt <no-dsa> (Minor issue)
+ [buster] - grunt 1.0.1-8+deb10u1
NOTE: https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7
NOTE: https://snyk.io/vuln/SNYK-JS-GRUNT-597546
CVE-2020-7728
@@ -40077,11 +44713,12 @@ CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to in
NOT-FOR-US: Node json
CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...)
- golang-github-russellhaering-goxmldsig <unfixed> (bug #968928)
+ [buster] - golang-github-russellhaering-goxmldsig <no-dsa> (Minor issue)
NOTE: https://github.com/russellhaering/goxmldsig/issues/48
CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an ...)
NOT-FOR-US: Node safe-eval
-CVE-2020-7709
- RESERVED
+CVE-2020-7709 (This affects the package json-pointer before 0.6.1. Multiple reference ...)
+ NOT-FOR-US: Node json-pointer
CVE-2020-7708 (The package irrelon-path before 4.7.0; the package @irrelon/path befor ...)
NOT-FOR-US: Node irrelon-path
CVE-2020-7707 (The package property-expr before 2.0.3 are vulnerable to Prototype Pol ...)
@@ -40359,10 +44996,10 @@ CVE-2020-7593 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS v
NOT-FOR-US: Siemens
CVE-2020-7592 (A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Ge ...)
NOT-FOR-US: Siemens
-CVE-2020-7591
- RESERVED
-CVE-2020-7590
- RESERVED
+CVE-2020-7591 (A vulnerability has been identified in SIPORT MP (All versions &lt; 3. ...)
+ NOT-FOR-US: Siemens
+CVE-2020-7590 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...)
+ NOT-FOR-US: DCA Vantage Analyzer
CVE-2020-7589 (A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS variant ...)
NOT-FOR-US: Siemens
CVE-2020-7588 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...)
@@ -40616,10 +45253,10 @@ CVE-2020-7468
RESERVED
CVE-2020-7467
RESERVED
-CVE-2020-7466
- RESERVED
-CVE-2020-7465
- RESERVED
+CVE-2020-7466 (The PPP implementation of MPD before 5.9 allows a remote attacker who ...)
+ NOT-FOR-US: MPD (FreeBSD PPP daemon)
+CVE-2020-7465 (The L2TP implementation of MPD before 5.9 allows a remote attacker who ...)
+ NOT-FOR-US: MPD (FreeBSD PPP daemon)
CVE-2020-7464
RESERVED
CVE-2020-7463
@@ -40786,8 +45423,8 @@ CVE-2020-7385
RESERVED
CVE-2020-7384
RESERVED
-CVE-2020-7383
- RESERVED
+CVE-2020-7383 (A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that m ...)
+ NOT-FOR-US: Rapid7 Nexpose
CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted ...)
NOT-FOR-US: Rapid7 Nexpose installer
CVE-2020-7381 (In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose inst ...)
@@ -40810,12 +45447,12 @@ CVE-2020-7373
RESERVED
CVE-2020-7372
RESERVED
-CVE-2020-7371
- RESERVED
-CVE-2020-7370
- RESERVED
-CVE-2020-7369
- RESERVED
+CVE-2020-7371 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ NOT-FOR-US: Yandex Browser
+CVE-2020-7370 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ NOT-FOR-US: Danyil Vasilenko's Bolt Browser
+CVE-2020-7369 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ NOT-FOR-US: Yandex Browser
CVE-2020-7368
RESERVED
CVE-2020-7367
@@ -40824,10 +45461,10 @@ CVE-2020-7366
RESERVED
CVE-2020-7365
RESERVED
-CVE-2020-7364
- RESERVED
-CVE-2020-7363
- RESERVED
+CVE-2020-7364 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ NOT-FOR-US: UCWeb's UC Browser
+CVE-2020-7363 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...)
+ NOT-FOR-US: UCWeb's UC Browser
CVE-2020-7362
RESERVED
CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command injecti ...)
@@ -40884,24 +45521,24 @@ CVE-2020-7336
RESERVED
CVE-2020-7335
RESERVED
-CVE-2020-7334
- RESERVED
+CVE-2020-7334 (Improper privilege assignment vulnerability in the installer McAfee Ap ...)
+ NOT-FOR-US: McAfee
CVE-2020-7333
RESERVED
CVE-2020-7332
RESERVED
CVE-2020-7331
RESERVED
-CVE-2020-7330
- RESERVED
+CVE-2020-7330 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) tr ...)
+ NOT-FOR-US: McAfee
CVE-2020-7329
RESERVED
CVE-2020-7328
RESERVED
-CVE-2020-7327
- RESERVED
-CVE-2020-7326
- RESERVED
+CVE-2020-7327 (Improperly implemented security check in McAfee MVISION Endpoint Detec ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7326 (Improperly implemented security check in McAfee Active Response (MAR) ...)
+ NOT-FOR-US: McAfee
CVE-2020-7325 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...)
NOT-FOR-US: McAfee
CVE-2020-7324 (Improper Access Control vulnerability in McAfee MVISION Endpoint prior ...)
@@ -40916,12 +45553,12 @@ CVE-2020-7320 (Protection Mechanism Failure vulnerability in McAfee Endpoint Sec
NOT-FOR-US: McAfee
CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...)
NOT-FOR-US: McAfee
-CVE-2020-7318
- RESERVED
-CVE-2020-7317
- RESERVED
-CVE-2020-7316
- RESERVED
+CVE-2020-7318 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7317 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO ...)
+ NOT-FOR-US: McAfee
+CVE-2020-7316 (Unquoted service path vulnerability in McAfee File and Removable Media ...)
+ NOT-FOR-US: McAfee
CVE-2020-7315 (DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to ...)
NOT-FOR-US: McAfee
CVE-2020-7314 (Privilege Escalation Vulnerability in the installer in McAfee Data Exc ...)
@@ -41112,7 +45749,7 @@ CVE-2020-7234 (Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via
NOT-FOR-US: Ruckus ZoneFlex R310 devices
CVE-2020-7233 (KMS Controls BAC-A1616BC BACnet devices have a cleartext password of s ...)
NOT-FOR-US: KMS Controls BAC-A1616BC BACnet devices
-CVE-2020-7232 (Evoko Home 1.31 devices allow remote attackers to obtain sensitive inf ...)
+CVE-2020-7232 (Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain ...)
NOT-FOR-US: Evoko Home devices
CVE-2020-7231 (Evoko Home 1.31 devices provide different error messages for failed lo ...)
NOT-FOR-US: Evoko Home devices
@@ -41144,7 +45781,7 @@ CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC servi
[buster] - consul <no-dsa> (Minor issue)
NOTE: https://github.com/hashicorp/consul/issues/7159
NOTE: Fixed in 1.6.3.
-CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded res ...)
+CVE-2020-7218 (HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services al ...)
- nomad 0.10.3+dfsg1-1
NOTE: https://github.com/hashicorp/nomad/issues/7002
CVE-2020-7217 (An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0. ...)
@@ -41195,120 +45832,120 @@ CVE-2020-7199
RESERVED
CVE-2020-7198
RESERVED
-CVE-2020-7197
- RESERVED
-CVE-2020-7196
- RESERVED
-CVE-2020-7195
- RESERVED
-CVE-2020-7194
- RESERVED
-CVE-2020-7193
- RESERVED
-CVE-2020-7192
- RESERVED
-CVE-2020-7191
- RESERVED
-CVE-2020-7190
- RESERVED
-CVE-2020-7189
- RESERVED
-CVE-2020-7188
- RESERVED
-CVE-2020-7187
- RESERVED
-CVE-2020-7186
- RESERVED
-CVE-2020-7185
- RESERVED
-CVE-2020-7184
- RESERVED
-CVE-2020-7183
- RESERVED
-CVE-2020-7182
- RESERVED
-CVE-2020-7181
- RESERVED
-CVE-2020-7180
- RESERVED
-CVE-2020-7179
- RESERVED
-CVE-2020-7178
- RESERVED
-CVE-2020-7177
- RESERVED
-CVE-2020-7176
- RESERVED
-CVE-2020-7175
- RESERVED
-CVE-2020-7174
- RESERVED
-CVE-2020-7173
- RESERVED
-CVE-2020-7172
- RESERVED
-CVE-2020-7171
- RESERVED
-CVE-2020-7170
- RESERVED
-CVE-2020-7169
- RESERVED
-CVE-2020-7168
- RESERVED
-CVE-2020-7167
- RESERVED
-CVE-2020-7166
- RESERVED
-CVE-2020-7165
- RESERVED
-CVE-2020-7164
- RESERVED
-CVE-2020-7163
- RESERVED
-CVE-2020-7162
- RESERVED
-CVE-2020-7161
- RESERVED
-CVE-2020-7160
- RESERVED
-CVE-2020-7159
- RESERVED
-CVE-2020-7158
- RESERVED
-CVE-2020-7157
- RESERVED
-CVE-2020-7156
- RESERVED
-CVE-2020-7155
- RESERVED
-CVE-2020-7154
- RESERVED
-CVE-2020-7153
- RESERVED
-CVE-2020-7152
- RESERVED
-CVE-2020-7151
- RESERVED
-CVE-2020-7150
- RESERVED
-CVE-2020-7149
- RESERVED
-CVE-2020-7148
- RESERVED
-CVE-2020-7147
- RESERVED
-CVE-2020-7146
- RESERVED
-CVE-2020-7145
- RESERVED
-CVE-2020-7144
- RESERVED
-CVE-2020-7143
- RESERVED
-CVE-2020-7142
- RESERVED
-CVE-2020-7141
- RESERVED
+CVE-2020-7197 (SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreSe ...)
+ TODO: check
+CVE-2020-7196 (The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Co ...)
+ NOT-FOR-US: HPE
+CVE-2020-7195 (A iccselectrules expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7194 (A perfaddormoddevicemonitor expression language injection remote code ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7193 (A ictexpertcsvdownload expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7192 (A devicethresholdconfig expression language injection remote code exec ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7191 (A devsoftsel expression language injection remote code execution vulne ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7190 (A deviceselect expression language injection remote code execution vul ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7189 (A faultflasheventselectfact expression language injectionremote code e ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7188 (A userselectpagingcontent expression language injection remote code ex ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7187 (A reportpage index expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7186 (A powershellconfigcontent expression language injection remote code ex ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7185 (A tvxlanlegend expression language injection remote code execution vul ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7184 (A viewbatchtaskresultdetailfact expression language injection remote c ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7183 (A forwardredirect expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7182 (A sshconfig expression language injection remote code execution vulner ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7181 (A smsrulesdownload expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7180 (A ictexpertdownload expression language injection remote code executio ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7179 (A thirdpartyperfselecttask expression language injection remote code e ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7178 (A mediaforaction expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7177 (A wmiconfigcontent expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7176 (A viewtaskresultdetailfact expression language injection remote code e ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7175 (A iccselectdymicparam expression language injection remote code execut ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7174 (A soapconfigcontent expression language injection remote code executio ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7173 (A actionselectcontent expression language injection remote code execut ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7172 (A templateselect expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7171 (A guidatadetail expression language injection remote code execution vu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7170 (A select expression language injection remote code execution vulnerabi ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7169 (A ictexpertcsvdownload expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7168 (A selectusergroup expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7167 (A quicktemplateselect expression language injection remote code execut ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7166 (A operatorgrouptreeselectcontent expression language injection remote ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7165 (A iccselectcommand expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7164 (A operationselect expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7163 (A navigationto expression language injection remote code execution vul ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7162 (A operatorgroupselectcontent expression language injection remote code ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7161 (A reporttaskselect expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7160 (A iccselectdeviceseries expression language injection remote code exec ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7159 (A customtemplateselect expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7158 (A perfselecttask expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7157 (A selviewnavcontent expression language injection remote code executio ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7156 (A faultinfo_content expression language injection remote code executio ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7155 (A select expression language injection remote code execution vulnerabi ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7154 (A ifviewselectpage expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7153 (A iccselectdevtype expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7152 (A faultparasset expression language injection remote code execution vu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7151 (A faulttrapgroupselect expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7150 (A faultstatchoosefaulttype expression language injection remote code e ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7149 (A ictexpertcsvdownload expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7148 (A deployselectsoftware expression language injection remote code execu ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7147 (A deployselectbootrom expression language injection remote code execut ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7146 (A devgroupselect expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7145 (A chooseperfview expression language injection remote code execution v ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7144 (A comparefilesresult expression language injection remote code executi ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7143 (A faultdevparasset expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7142 (A eventinfo_content expression language injection remote code executio ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
+CVE-2020-7141 (A adddevicetoview expression language injection remote code execution ...)
+ NOT-FOR-US: HPE Intelligent Management Center (iMC)
CVE-2020-7140 (A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gatew ...)
NOT-FOR-US: HPE
CVE-2020-7139 (Potential remote access security vulnerabilities have been identified ...)
@@ -41335,20 +45972,20 @@ CVE-2020-7129
RESERVED
CVE-2020-7128
RESERVED
-CVE-2020-7127
- RESERVED
-CVE-2020-7126
- RESERVED
-CVE-2020-7125
- RESERVED
-CVE-2020-7124
- RESERVED
+CVE-2020-7127 (A remote unauthenticated arbitrary code execution vulnerability was di ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7126 (A remote server-side request forgery (ssrf) vulnerability was discover ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7125 (A remote escalation of privilege vulnerability was discovered in Aruba ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7124 (A remote unauthorized access vulnerability was discovered in Aruba Air ...)
+ NOT-FOR-US: Aruba
CVE-2020-7123
RESERVED
-CVE-2020-7122
- RESERVED
-CVE-2020-7121
- RESERVED
+CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...)
+ NOT-FOR-US: Aruba
+CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...)
+ NOT-FOR-US: Aruba
CVE-2020-7120
RESERVED
CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location Engine (ALE ...)
@@ -41461,11 +46098,23 @@ CVE-2020-7072
RESERVED
CVE-2020-7071
RESERVED
-CVE-2020-7070
- RESERVED
-CVE-2020-7069
- RESERVED
-CVE-2020-7068 (In PHP versions 7.2.x below 7.3.21, 7.3.x below 7.3.21 and 7.4.x below ...)
+CVE-2020-7070 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...)
+ {DLA-2397-1}
+ - php7.4 7.4.11-1
+ - php7.3 <removed>
+ [buster] - php7.3 <postponed> (Minor issue, likely to introduce regressions, wait for one more 7.3 upstream release)
+ - php7.0 <removed>
+ NOTE: Fixed in PHP 7.4.11, 7.3.23, 7.2.34
+ NOTE: PHP Bug: https://bugs.php.net/79699
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6559fe912661ca5ce5f0eeeb591d928451428ed0
+CVE-2020-7069 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...)
+ - php7.4 7.4.11-1
+ - php7.3 <removed>
+ - php7.0 <not-affected> (Affected code not present)
+ NOTE: Fixed in PHP 7.4.11, 7.3.23, 7.2.34
+ NOTE: PHP Bug: https://bugs.php.net/79601
+ NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0216630ea2815a5789a24279a1211ac398d4de79
+CVE-2020-7068 (In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below ...)
{DLA-2345-1}
- php7.4 7.4.9-1
- php7.3 <removed>
@@ -41672,8 +46321,8 @@ CVE-2020-7022
RESERVED
CVE-2020-7021
RESERVED
-CVE-2020-7020
- RESERVED
+CVE-2020-7020 (Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disc ...)
+ - elasticsearch <removed>
CVE-2020-7019 (In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was f ...)
- elasticsearch <removed>
CVE-2020-7018 (Elastic Enterprise Search before 7.9.0 contain a credential exposure f ...)
@@ -41848,8 +46497,8 @@ CVE-2020-6935
RESERVED
CVE-2020-6934
RESERVED
-CVE-2020-6933
- RESERVED
+CVE-2020-6933 (An improper input validation vulnerability in the UEM Core of BlackBer ...)
+ NOT-FOR-US: BlackBerry
CVE-2020-6932 (An information disclosure and remote code execution vulnerability in t ...)
NOT-FOR-US: BlackBerry QNX Software Development Platform
CVE-2020-6931
@@ -41962,10 +46611,10 @@ CVE-2020-6878
RESERVED
CVE-2020-6877
RESERVED
-CVE-2020-6876
- RESERVED
-CVE-2020-6875
- RESERVED
+CVE-2020-6876 (A ZTE product is impacted by an XSS vulnerability. The vulnerability i ...)
+ NOT-FOR-US: ZTE
+CVE-2020-6875 (A ZTE product is impacted by the improper access control vulnerability ...)
+ NOT-FOR-US: ZTE
CVE-2020-6874 (A ZTE product is impacted by the cryptographic issues vulnerability. T ...)
NOT-FOR-US: ZTE
CVE-2020-6873 (A ZTE product has a DoS vulnerability. Because the equipment couldn&#8 ...)
@@ -42086,6 +46735,7 @@ CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be
- firefox <not-affected> (Firefox on iOS)
CVE-2020-6829 [Side channel attack on ECDSA signature generation]
RESERVED
+ {DLA-2388-1}
- firefox 80.0-1
- nss 2:3.55-1
[buster] - nss <no-dsa> (Minor issue)
@@ -42558,8 +47208,8 @@ CVE-2020-6656
RESERVED
CVE-2020-6655
RESERVED
-CVE-2020-6654
- RESERVED
+CVE-2020-6654 (A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configu ...)
+ NOT-FOR-US: Eaton
CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 &amp; prior stores the user l ...)
NOT-FOR-US: Eaton
CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...)
@@ -42570,8 +47220,8 @@ CVE-2020-6650 (UPS companion software v1.05 &amp; Prior is affected by &#8216;Ev
NOT-FOR-US: UPS companion software
CVE-2020-6649
RESERVED
-CVE-2020-6648
- RESERVED
+CVE-2020-6648 (A cleartext storage of sensitive information vulnerability in FortiOS ...)
+ NOT-FOR-US: Fortiguard FortiOS
CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of ...)
NOT-FOR-US: Fortiguard
CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...)
@@ -42605,7 +47255,7 @@ CVE-2020-6633
CVE-2020-6632 (In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a Q ...)
NOT-FOR-US: PrestaShop
CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...)
- - gpac <unfixed> (low)
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <postponed> (Minor issue, clean crash, MP42TS not shipped, incomplete patch)
@@ -42613,7 +47263,7 @@ CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL po
NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521
NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS
CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...)
- - gpac <unfixed> (low)
+ - gpac <unfixed> (bug #972053)
[buster] - gpac <no-dsa> (Minor issue)
[stretch] - gpac <no-dsa> (Minor issue)
[jessie] - gpac <postponed> (Minor issue, clean crash, MP42TS not shipped, incomplete patch)
@@ -42759,164 +47409,128 @@ CVE-2020-6578
RESERVED
CVE-2020-6577
RESERVED
-CVE-2020-6576
- RESERVED
+CVE-2020-6576 (Use after free in offscreen canvas in Google Chrome prior to 85.0.4183 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6575
- RESERVED
+CVE-2020-6575 (Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6574
- RESERVED
+CVE-2020-6574 (Insufficient policy enforcement in installer in Google Chrome on OS X ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6573
- RESERVED
+CVE-2020-6573 (Use after free in video in Google Chrome on Android prior to 85.0.4183 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6572
RESERVED
-CVE-2020-6571
- RESERVED
+CVE-2020-6571 (Insufficient data validation in Omnibox in Google Chrome prior to 85.0 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6570
- RESERVED
+CVE-2020-6570 (Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6569
- RESERVED
+CVE-2020-6569 (Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allo ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6568
- RESERVED
+CVE-2020-6568 (Insufficient policy enforcement in intent handling in Google Chrome on ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6567
- RESERVED
+CVE-2020-6567 (Insufficient validation of untrusted input in command line handling in ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6566
- RESERVED
+CVE-2020-6566 (Insufficient policy enforcement in media in Google Chrome prior to 85. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6565
- RESERVED
+CVE-2020-6565 (Inappropriate implementation in Omnibox in Google Chrome on iOS prior ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6564
- RESERVED
+CVE-2020-6564 (Inappropriate implementation in permissions in Google Chrome prior to ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6563
- RESERVED
+CVE-2020-6563 (Insufficient policy enforcement in intent handling in Google Chrome on ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6562
- RESERVED
+CVE-2020-6562 (Insufficient policy enforcement in Blink in Google Chrome prior to 85. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6561
- RESERVED
+CVE-2020-6561 (Inappropriate implementation in Content Security Policy in Google Chro ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6560
- RESERVED
+CVE-2020-6560 (Insufficient policy enforcement in autofill in Google Chrome prior to ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6559
- RESERVED
+CVE-2020-6559 (Use after free in presentation API in Google Chrome prior to 85.0.4183 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6558
- RESERVED
+CVE-2020-6558 (Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prio ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6557
RESERVED
-CVE-2020-6556
- RESERVED
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6555
- RESERVED
+CVE-2020-6556 (Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.414 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6554
- RESERVED
+CVE-2020-6555 (Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 al ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6553
- RESERVED
+CVE-2020-6554 (Use after free in extensions in Google Chrome prior to 84.0.4147.125 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6552
- RESERVED
+CVE-2020-6553 (Use after free in offline mode in Google Chrome on iOS prior to 84.0.4 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6551
- RESERVED
+CVE-2020-6552 (Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowe ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6550
- RESERVED
+CVE-2020-6551 (Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowe ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6549
- RESERVED
+CVE-2020-6550 (Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 al ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6548
- RESERVED
+CVE-2020-6549 (Use after free in media in Google Chrome prior to 84.0.4147.125 allowe ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6547
- RESERVED
+CVE-2020-6548 (Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6546
- RESERVED
+CVE-2020-6547 (Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6545
- RESERVED
+CVE-2020-6546 (Inappropriate implementation in installer in Google Chrome prior to 84 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6544
- RESERVED
+CVE-2020-6545 (Use after free in audio in Google Chrome prior to 84.0.4147.125 allowe ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6543
- RESERVED
+CVE-2020-6544 (Use after free in media in Google Chrome prior to 84.0.4147.125 allowe ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6542
- RESERVED
+CVE-2020-6543 (Use after free in task scheduling in Google Chrome prior to 84.0.4147. ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6541
- RESERVED
+CVE-2020-6542 (Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowe ...)
+ - chromium <unfixed>
+ [stretch] - chromium <end-of-life> (see DSA 4562)
+CVE-2020-6541 (Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allow ...)
[experimental] - chromium 84.0.4147.105-1
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6540
- RESERVED
+CVE-2020-6540 (Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowe ...)
[experimental] - chromium 84.0.4147.105-1
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6539
- RESERVED
+CVE-2020-6539 (Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed ...)
[experimental] - chromium 84.0.4147.105-1
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6538
- RESERVED
+CVE-2020-6538 (Inappropriate implementation in WebView in Google Chrome on Android pr ...)
[experimental] - chromium 84.0.4147.105-1
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6537
- RESERVED
+CVE-2020-6537 (Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a ...)
[experimental] - chromium 84.0.4147.105-1
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -42936,8 +47550,7 @@ CVE-2020-6533 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allow
[experimental] - chromium 84.0.4147.89-1
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6532
- RESERVED
+CVE-2020-6532 (Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed ...)
[experimental] - chromium 84.0.4147.105-1
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -43565,36 +48178,36 @@ CVE-2020-6377 (Use after free in audio in Google Chrome prior to 79.0.3945.117 a
{DSA-4606-1}
- chromium 79.0.3945.130-1
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6376
- RESERVED
-CVE-2020-6375
- RESERVED
-CVE-2020-6374
- RESERVED
-CVE-2020-6373
- RESERVED
-CVE-2020-6372
- RESERVED
-CVE-2020-6371
- RESERVED
-CVE-2020-6370
- RESERVED
-CVE-2020-6369
- RESERVED
-CVE-2020-6368
- RESERVED
-CVE-2020-6367
- RESERVED
-CVE-2020-6366
- RESERVED
-CVE-2020-6365
- RESERVED
-CVE-2020-6364
- RESERVED
-CVE-2020-6363
- RESERVED
-CVE-2020-6362
- RESERVED
+CVE-2020-6376 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6375 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6374 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6373 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6372 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
+ NOT-FOR-US: SAP
+CVE-2020-6371 (User enumeration vulnerability can be exploited to get a list of user ...)
+ NOT-FOR-US: SAP
+CVE-2020-6370 (SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.3 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6369 (SAP Solution Manager and SAP Focused Run (update provided in WILY_INTR ...)
+ NOT-FOR-US: SAP
+CVE-2020-6368 (SAP Business Planning and Consolidation, versions - 750, 751, 752, 753 ...)
+ NOT-FOR-US: SAP
+CVE-2020-6367 (There is a reflected cross site scripting vulnerability in SAP NetWeav ...)
+ NOT-FOR-US: SAP
+CVE-2020-6366 (SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, doe ...)
+ NOT-FOR-US: SAP
+CVE-2020-6365 (SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, ...)
+ NOT-FOR-US: SAP
+CVE-2020-6364 (SAP Solution Manager and SAP Focused Run (update provided in WILY_INTR ...)
+ NOT-FOR-US: SAP
+CVE-2020-6363 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several ...)
+ NOT-FOR-US: SAP
+CVE-2020-6362 (SAP Banking Services version 500, use an incorrect authorization objec ...)
+ NOT-FOR-US: SAP
CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
NOT-FOR-US: SAP
CVE-2020-6360 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
@@ -43671,24 +48284,24 @@ CVE-2020-6325
RESERVED
CVE-2020-6324 (SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700 ...)
NOT-FOR-US: SAP
-CVE-2020-6323
- RESERVED
+CVE-2020-6323 (SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50 ...)
+ NOT-FOR-US: SAP
CVE-2020-6322 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
NOT-FOR-US: SAP
CVE-2020-6321 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
NOT-FOR-US: SAP
CVE-2020-6320 (SAP Marketing (Servlet), version-130,140,150, allows an authenticated ...)
NOT-FOR-US: SAP
-CVE-2020-6319
- RESERVED
+CVE-2020-6319 (SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7. ...)
+ NOT-FOR-US: SAP
CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABA ...)
NOT-FOR-US: SAP
CVE-2020-6317
RESERVED
CVE-2020-6316
RESERVED
-CVE-2020-6315
- RESERVED
+CVE-2020-6315 (SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send ...)
+ NOT-FOR-US: SAP
CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...)
NOT-FOR-US: SAP
CVE-2020-6313 (SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, ...)
@@ -43701,8 +48314,8 @@ CVE-2020-6310 (Improper access control in SOA Configuration Trace component in S
NOT-FOR-US: SAP
CVE-2020-6309 (SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7. ...)
NOT-FOR-US: SAP
-CVE-2020-6308
- RESERVED
+CVE-2020-6308 (SAP BusinessObjects Business Intelligence Platform (Web Services) vers ...)
+ NOT-FOR-US: SAP
CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7. ...)
NOT-FOR-US: SAP
CVE-2020-6306 (Missing authorization check in a transaction within SAP Leasing (updat ...)
@@ -43773,8 +48386,8 @@ CVE-2020-6274
RESERVED
CVE-2020-6273 (SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 1 ...)
NOT-FOR-US: SAP
-CVE-2020-6272
- RESERVED
+CVE-2020-6272 (SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not suffici ...)
+ NOT-FOR-US: SAP
CVE-2020-6271 (SAP Solution Manager (Problem Context Manager), version 7.2, does not ...)
NOT-FOR-US: SAP
CVE-2020-6270 (SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 75 ...)
@@ -44012,7 +48625,7 @@ CVE-2020-6155
CVE-2020-6154
RESERVED
CVE-2020-6153
- RESERVED
+ REJECTED
CVE-2020-6152 (A code execution vulnerability exists in the DICOM parse_dicom_meta_in ...)
NOT-FOR-US: Accusoft
CVE-2020-6151 (A memory corruption vulnerability exists in the TIFF handle_COMPRESSIO ...)
@@ -44101,16 +48714,21 @@ CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the
NOT-FOR-US: Zoom
CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...)
NOT-FOR-US: Zoom
-CVE-2020-6108
- RESERVED
-CVE-2020-6107
- RESERVED
-CVE-2020-6106
- RESERVED
-CVE-2020-6105
- RESERVED
-CVE-2020-6104
- RESERVED
+CVE-2020-6108 (An exploitable code execution vulnerability exists in the fsck_chk_orp ...)
+ - f2fs-tools <unfixed>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050
+CVE-2020-6107 (An exploitable information disclosure vulnerability exists in the dev_ ...)
+ - f2fs-tools <unfixed>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049
+CVE-2020-6106 (An exploitable information disclosure vulnerability exists in the init ...)
+ - f2fs-tools <unfixed>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048
+CVE-2020-6105 (An exploitable code execution vulnerability exists in the multiple dev ...)
+ - f2fs-tools <unfixed>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047
+CVE-2020-6104 (An exploitable information disclosure vulnerability exists in the get_ ...)
+ - f2fs-tools <unfixed>
+ NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046
CVE-2020-6103 (An exploitable code execution vulnerability exists in the Shader funct ...)
NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll
CVE-2020-6102 (An exploitable code execution vulnerability exists in the Shader funct ...)
@@ -44127,6 +48745,7 @@ CVE-2020-6098 (An exploitable denial of service vulnerability exists in the free
CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...)
- atftp <unfixed> (bug #970066)
[buster] - atftp <no-dsa> (Minor issue)
+ [stretch] - atftp <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029
CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...)
- glibc 2.31-2 (low; bug #961452)
@@ -44135,6 +48754,8 @@ CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv
[jessie] - glibc <not-affected> (Vulnerable code not present)
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25620
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=beea361050728138b82c57dda0c4810402d342b9
+ NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=79a4fa341b8a89cb03f84564fd72abaa1a2db394
CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstRTSPAu ...)
- gst-rtsp-server1.0 1.16.2-3 (low)
[buster] - gst-rtsp-server1.0 <no-dsa> (Minor issue)
@@ -44155,16 +48776,16 @@ CVE-2020-6089 (An exploitable code execution vulnerability exists in the ANI fil
NOT-FOR-US: Leadtools
CVE-2020-6088
RESERVED
-CVE-2020-6087
- RESERVED
-CVE-2020-6086
- RESERVED
-CVE-2020-6085
- RESERVED
-CVE-2020-6084
- RESERVED
-CVE-2020-6083
- RESERVED
+CVE-2020-6087 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ NOT-FOR-US: Allen-Bradley Flex IO
+CVE-2020-6086 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ NOT-FOR-US: Allen-Bradley Flex IO
+CVE-2020-6085 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ NOT-FOR-US: Allen-Bradley Flex IO
+CVE-2020-6084 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ NOT-FOR-US: Allen-Bradley Flex IO
+CVE-2020-6083 (An exploitable denial of service vulnerability exists in the ENIP Requ ...)
+ NOT-FOR-US: Allen-Bradley Flex IO
CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...)
NOT-FOR-US: Accusoft
CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...)
@@ -44225,7 +48846,7 @@ CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the reso
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994
NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin
CVE-2020-6070 (An exploitable code execution vulnerability exists in the file system ...)
- - f2fs-tools <unfixed>
+ - f2fs-tools <unfixed> (bug #970941)
[buster] - f2fs-tools <no-dsa> (Minor issue)
NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0988
CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...)
@@ -44334,8 +48955,8 @@ CVE-2020-6022
RESERVED
CVE-2020-6021
RESERVED
-CVE-2020-6020
- RESERVED
+CVE-2020-6020 (Check Point Security Management's Internal CA web management before Ju ...)
+ NOT-FOR-US: Check Point
CVE-2020-6019
RESERVED
CVE-2020-6018
@@ -44394,34 +49015,34 @@ CVE-2020-5992
RESERVED
CVE-2020-5991
RESERVED
-CVE-2020-5990
- RESERVED
-CVE-2020-5989
- RESERVED
-CVE-2020-5988
- RESERVED
-CVE-2020-5987
- RESERVED
-CVE-2020-5986
- RESERVED
-CVE-2020-5985
- RESERVED
-CVE-2020-5984
- RESERVED
-CVE-2020-5983
- RESERVED
-CVE-2020-5982
- RESERVED
-CVE-2020-5981
- RESERVED
-CVE-2020-5980
- RESERVED
-CVE-2020-5979
- RESERVED
-CVE-2020-5978
- RESERVED
-CVE-2020-5977
- RESERVED
+CVE-2020-5990 (NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a ...)
+ NOT-FOR-US: NVIDIA GeForce Experience
+CVE-2020-5989 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5988 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5987 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5986 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5985 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5984 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5983 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...)
+ NOT-FOR-US: NVIDIA Virtual GPU Manager
+CVE-2020-5982 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
+CVE-2020-5981 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
+CVE-2020-5980 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
+CVE-2020-5979 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...)
+ NOT-FOR-US: NVIDIA Windows GPU Display Driver
+CVE-2020-5978 (NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a ...)
+ NOT-FOR-US: NVIDIA GeForce Experience
+CVE-2020-5977 (NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a ...)
+ NOT-FOR-US: NVIDIA GeForce Experience
CVE-2020-5976 (NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and vers ...)
NOT-FOR-US: NVIDIA GeForce NOW
CVE-2020-5975 (NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, con ...)
@@ -44448,7 +49069,7 @@ CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnera
- nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908)
[buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
@@ -44470,7 +49091,7 @@ CVE-2020-5963 (NVIDIA Windows GPU Display Driver, all versions, contains a vulne
- nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908)
[buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1
- nvidia-graphics-drivers-legacy-340xx <unfixed>
- [buster] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
+ [buster] - nvidia-graphics-drivers-legacy-340xx <ignored> (Non-free not supported)
[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
- nvidia-graphics-drivers-legacy-304xx <unfixed>
[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
@@ -44542,10 +49163,9 @@ CVE-2020-5932
RESERVED
CVE-2020-5931
RESERVED
-CVE-2020-5930
- RESERVED
-CVE-2020-5929
- RESERVED
+CVE-2020-5930 (In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12 ...)
+ NOT-FOR-US: F5 BIG-IP
+CVE-2020-5929 (In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, B ...)
NOT-FOR-US: F5
CVE-2020-5928 (In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0- ...)
NOT-FOR-US: F5 BIG-IP
@@ -44819,30 +49439,30 @@ CVE-2020-5794
RESERVED
CVE-2020-5793
RESERVED
-CVE-2020-5792
- RESERVED
-CVE-2020-5791
- RESERVED
-CVE-2020-5790
- RESERVED
-CVE-2020-5789
- RESERVED
-CVE-2020-5788
- RESERVED
-CVE-2020-5787
- RESERVED
-CVE-2020-5786
- RESERVED
-CVE-2020-5785
- RESERVED
-CVE-2020-5784
- RESERVED
-CVE-2020-5783
- RESERVED
-CVE-2020-5782
- RESERVED
-CVE-2020-5781
- RESERVED
+CVE-2020-5792 (Improper neutralization of argument delimiters in a command in Nagios ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-5791 (Improper neutralization of special elements used in an OS command in N ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-5790 (Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker ...)
+ NOT-FOR-US: Nagios XI
+CVE-2020-5789 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5788 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5787 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5786 (Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 all ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5785 (Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04 ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5784 (Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 al ...)
+ NOT-FOR-US: Teltonika
+CVE-2020-5783 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does n ...)
+ NOT-FOR-US: IgniteNet HeliOS GLinq
+CVE-2020-5782 (In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ...)
+ NOT-FOR-US: IgniteNet HeliOS GLinq
+CVE-2020-5781 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is ...)
+ NOT-FOR-US: IgniteNet HeliOS GLinq
CVE-2020-5780 (Missing Authentication for Critical Function in Icegram Email Subscrib ...)
NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress
CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates t ...)
@@ -45101,10 +49721,10 @@ CVE-2020-5653
RESERVED
CVE-2020-5652
RESERVED
-CVE-2020-5651
- RESERVED
-CVE-2020-5650
- RESERVED
+CVE-2020-5651 (SQL injection vulnerability in Simple Download Monitor 3.8.8 and earli ...)
+ NOT-FOR-US: Simple Download Monitor
+CVE-2020-5650 (Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 an ...)
+ NOT-FOR-US: Simple Download Monitor
CVE-2020-5649
RESERVED
CVE-2020-5648
@@ -45119,12 +49739,12 @@ CVE-2020-5644
RESERVED
CVE-2020-5643
RESERVED
-CVE-2020-5642
- RESERVED
+CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Live su ...)
+ NOT-FOR-US: Live Chat
CVE-2020-5641
RESERVED
-CVE-2020-5640
- RESERVED
+CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier ...)
+ NOT-FOR-US: OneThird CMS
CVE-2020-5639
RESERVED
CVE-2020-5638
@@ -45135,14 +49755,14 @@ CVE-2020-5636
RESERVED
CVE-2020-5635
RESERVED
-CVE-2020-5634
- RESERVED
+CVE-2020-5634 (ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC ...)
+ NOT-FOR-US: ELECOM LAN routers
CVE-2020-5633
RESERVED
-CVE-2020-5632
- RESERVED
-CVE-2020-5631
- RESERVED
+CVE-2020-5632 (InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and ...)
+ NOT-FOR-US: InfoCage SiteShell
+CVE-2020-5631 (Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 ...)
+ NOT-FOR-US: CMONOS.JP
CVE-2020-5630
RESERVED
CVE-2020-5629 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...)
@@ -45570,10 +50190,12 @@ CVE-2020-5424
RESERVED
CVE-2020-5423
RESERVED
-CVE-2020-5422
- RESERVED
+CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA pas ...)
+ NOT-FOR-US: BOSH System Metrics Server
CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...)
- TODO: check
+ - libspring-java <unfixed>
+ [stretch] - libspring-java <no-dsa> (Minor issue)
+ NOTE: https://tanzu.vmware.com/security/cve-2020-5421
CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...)
NOT-FOR-US: Cloud Foundry
CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...)
@@ -45651,12 +50273,12 @@ CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML
{DSA-4630-1 DLA-2119-1}
- python-pysaml2 4.5.0-7 (bug #949322)
NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0)
-CVE-2020-5389
- RESERVED
+CVE-2020-5389 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...)
+ NOT-FOR-US: Dell
CVE-2020-5388
RESERVED
-CVE-2020-5387
- RESERVED
+CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Ex ...)
+ NOT-FOR-US: Dell
CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource ...)
NOT-FOR-US: EMC
CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suit ...)
@@ -45956,13 +50578,13 @@ CVE-2020-5260 (Affected versions of Git have a vulnerability whereby Git can be
CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...)
{DLA-2139-1}
- dojo 1.15.3+dfsg1-1 (bug #953587)
- [buster] - dojo <no-dsa> (Minor issue)
+ [buster] - dojo 1.14.2+dfsg1-1+deb10u2
NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw
NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da
CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...)
{DLA-2139-1}
- dojo 1.15.3+dfsg1-1 (bug #953585)
- [buster] - dojo <no-dsa> (Minor issue)
+ [buster] - dojo 1.14.2+dfsg1-1+deb10u2
NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2
NOTE: https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d
CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by attri ...)
@@ -45999,7 +50621,7 @@ CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their
CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...)
- puma 3.12.4-1 (bug #953122)
[buster] - puma <no-dsa> (Minor issue)
- [stretch] - puma <no-dsa> (Minor issue)
+ [stretch] - puma <not-affected> (early_hint feature added in later version)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58
NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3
CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...)
@@ -46010,7 +50632,7 @@ CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a
CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...)
- puma 3.12.4-1 (bug #952766)
[buster] - puma <no-dsa> (Minor issue)
- [stretch] - puma <no-dsa> (Minor issue)
+ [stretch] - puma <no-dsa> (intrusive to backport)
NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v
NOTE: https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3)
NOTE: https://github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2)
@@ -46109,12 +50731,14 @@ CVE-2020-5218 (Affected versions of Sylius give attackers the ability to switch
NOT-FOR-US: Sylius
CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...)
- ruby-secure-headers 6.3.1-1 (bug #949999)
+ [buster] - ruby-secure-headers <no-dsa> (Minor issue)
NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c
NOTE: https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3
NOTE: https://github.com/twitter/secure_headers/issues/418
NOTE: https://github.com/twitter/secure_headers/pull/421
CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...)
- ruby-secure-headers 6.3.1-1 (bug #949998)
+ [buster] - ruby-secure-headers <no-dsa> (Minor issue)
NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg
NOTE: https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0
CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...)
@@ -46291,30 +50915,30 @@ CVE-2020-5145
RESERVED
CVE-2020-5144
RESERVED
-CVE-2020-5143
- RESERVED
-CVE-2020-5142
- RESERVED
-CVE-2020-5141
- RESERVED
-CVE-2020-5140
- RESERVED
-CVE-2020-5139
- RESERVED
-CVE-2020-5138
- RESERVED
-CVE-2020-5137
- RESERVED
-CVE-2020-5136
- RESERVED
-CVE-2020-5135
- RESERVED
-CVE-2020-5134
- RESERVED
-CVE-2020-5133
- RESERVED
-CVE-2020-5132
- RESERVED
+CVE-2020-5143 (SonicOS SSLVPN login page allows a remote unauthenticated attacker to ...)
+ NOT-FOR-US: SonicOS SSLVPN
+CVE-2020-5142 (A stored cross-site scripting (XSS) vulnerability exists in the SonicO ...)
+ NOT-FOR-US: SonicOS SSLVPN
+CVE-2020-5141 (A vulnerability in SonicOS allows a remote unauthenticated attacker to ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5140 (A vulnerability in SonicOS allows a remote unauthenticated attacker to ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5139 (A vulnerability in SonicOS SSLVPN service allows a remote unauthentica ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5138 (A Heap Overflow vulnerability in the SonicOS allows a remote unauthent ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5137 (A buffer overflow vulnerability in SonicOS allows a remote unauthentic ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5136 (A buffer overflow vulnerability in SonicOS allows an authenticated att ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5135 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5134 (A vulnerability in SonicOS allows an authenticated attacker to cause o ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5133 (A vulnerability in SonicOS allows a remote unauthenticated attacker to ...)
+ NOT-FOR-US: SonicOS
+CVE-2020-5132 (SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misc ...)
+ NOT-FOR-US: SonicWall
CVE-2020-5131 (SonicWall NetExtender Windows client vulnerable to arbitrary file writ ...)
NOT-FOR-US: SonicWall NetExtender Windows client
CVE-2020-5130 (SonicOS SSLVPN LDAP login request allows remote attackers to cause ext ...)
@@ -46979,8 +51603,8 @@ CVE-2020-4801
RESERVED
CVE-2020-4800
RESERVED
-CVE-2020-4799
- RESERVED
+CVE-2020-4799 (IBM Informix spatial 14.10 could allow a local user to execute command ...)
+ NOT-FOR-US: IBM
CVE-2020-4798
RESERVED
CVE-2020-4797
@@ -47015,26 +51639,26 @@ CVE-2020-4783
RESERVED
CVE-2020-4782
RESERVED
-CVE-2020-4781
- RESERVED
-CVE-2020-4780
- RESERVED
-CVE-2020-4779
- RESERVED
-CVE-2020-4778
- RESERVED
+CVE-2020-4781 (An improper input validation before calling java readLine() method may ...)
+ NOT-FOR-US: IBM
+CVE-2020-4780 (OOTB build scripts does not set the secure attribute on session cookie ...)
+ NOT-FOR-US: IBM
+CVE-2020-4779 (A HTTP Verb Tampering vulnerability may impact IBM Curam Social Progra ...)
+ NOT-FOR-US: IBM
+CVE-2020-4778 (IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorith ...)
+ NOT-FOR-US: IBM
CVE-2020-4777
RESERVED
-CVE-2020-4776
- RESERVED
-CVE-2020-4775
- RESERVED
-CVE-2020-4774
- RESERVED
-CVE-2020-4773
- RESERVED
-CVE-2020-4772
- RESERVED
+CVE-2020-4776 (A path traversal vulnerability may impact IBM Curam Social Program Man ...)
+ NOT-FOR-US: IBM
+CVE-2020-4775 (A cross-site scripting (XSS) vulnerability may impact IBM Curam Social ...)
+ NOT-FOR-US: IBM
+CVE-2020-4774 (An XPath vulnerability may impact IBM Curam Social Program Management ...)
+ NOT-FOR-US: IBM
+CVE-2020-4773 (A cross-site request forgery (CSRF) vulnerability may impact IBM Curam ...)
+ NOT-FOR-US: IBM
+CVE-2020-4772 (An XML External Entity Injection (XXE) vulnerability may impact IBM Cu ...)
+ NOT-FOR-US: IBM
CVE-2020-4771
RESERVED
CVE-2020-4770
@@ -47065,10 +51689,10 @@ CVE-2020-4758
RESERVED
CVE-2020-4757
RESERVED
-CVE-2020-4756
- RESERVED
-CVE-2020-4755
- RESERVED
+CVE-2020-4756 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4755 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
CVE-2020-4754
RESERVED
CVE-2020-4753
@@ -47079,10 +51703,10 @@ CVE-2020-4751
RESERVED
CVE-2020-4750
RESERVED
-CVE-2020-4749
- RESERVED
-CVE-2020-4748
- RESERVED
+CVE-2020-4749 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attri ...)
+ NOT-FOR-US: IBM
+CVE-2020-4748 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...)
+ NOT-FOR-US: IBM
CVE-2020-4747
RESERVED
CVE-2020-4746
@@ -47095,10 +51719,10 @@ CVE-2020-4743
RESERVED
CVE-2020-4742
RESERVED
-CVE-2020-4741
- RESERVED
-CVE-2020-4740
- RESERVED
+CVE-2020-4741 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to store ...)
+ NOT-FOR-US: IBM
+CVE-2020-4740 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML ...)
+ NOT-FOR-US: IBM
CVE-2020-4739
RESERVED
CVE-2020-4738
@@ -47115,16 +51739,16 @@ CVE-2020-4733
RESERVED
CVE-2020-4732
RESERVED
-CVE-2020-4731
- RESERVED
+CVE-2020-4731 (IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scri ...)
+ NOT-FOR-US: IBM
CVE-2020-4730
RESERVED
CVE-2020-4729
RESERVED
CVE-2020-4728
RESERVED
-CVE-2020-4727
- RESERVED
+CVE-2020-4727 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...)
+ NOT-FOR-US: IBM
CVE-2020-4726
RESERVED
CVE-2020-4725
@@ -47179,8 +51803,8 @@ CVE-2020-4701
RESERVED
CVE-2020-4700
RESERVED
-CVE-2020-4699
- RESERVED
+CVE-2020-4699 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ NOT-FOR-US: IBM
CVE-2020-4698 (IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Work ...)
NOT-FOR-US: IBM
CVE-2020-4697
@@ -47199,8 +51823,8 @@ CVE-2020-4691
RESERVED
CVE-2020-4690
RESERVED
-CVE-2020-4689
- RESERVED
+CVE-2020-4689 (IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote pr ...)
+ NOT-FOR-US: IBM
CVE-2020-4688
RESERVED
CVE-2020-4687 (IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated use ...)
@@ -47215,14 +51839,14 @@ CVE-2020-4683
RESERVED
CVE-2020-4682
RESERVED
-CVE-2020-4681
- RESERVED
-CVE-2020-4680
- RESERVED
-CVE-2020-4679
- RESERVED
-CVE-2020-4678
- RESERVED
+CVE-2020-4681 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2020-4680 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2020-4679 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...)
+ NOT-FOR-US: IBM
+CVE-2020-4678 (IBM Security Guardium 11.2 could allow an attacker with admin access t ...)
+ NOT-FOR-US: IBM
CVE-2020-4677
RESERVED
CVE-2020-4676
@@ -47255,10 +51879,10 @@ CVE-2020-4663
RESERVED
CVE-2020-4662 (IBM Event Streams 10.0.0 could allow an authenticated user to perform ...)
NOT-FOR-US: IBM
-CVE-2020-4661
- RESERVED
-CVE-2020-4660
- RESERVED
+CVE-2020-4661 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ NOT-FOR-US: IBM
+CVE-2020-4660 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ NOT-FOR-US: IBM
CVE-2020-4659
RESERVED
CVE-2020-4658
@@ -47291,8 +51915,8 @@ CVE-2020-4645 (IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable
NOT-FOR-US: IBM
CVE-2020-4644 (IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remot ...)
NOT-FOR-US: IBM
-CVE-2020-4643
- RESERVED
+CVE-2020-4643 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
+ NOT-FOR-US: IBM
CVE-2020-4642
RESERVED
CVE-2020-4641
@@ -47305,8 +51929,8 @@ CVE-2020-4638 (IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is v
NOT-FOR-US: IBM
CVE-2020-4637
RESERVED
-CVE-2020-4636
- RESERVED
+CVE-2020-4636 (IBM Resilient OnPrem 38.2 could allow a privileged user to inject mali ...)
+ NOT-FOR-US: IBM
CVE-2020-4635
RESERVED
CVE-2020-4634
@@ -47319,8 +51943,8 @@ CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in n
NOT-FOR-US: IBM
CVE-2020-4630
RESERVED
-CVE-2020-4629
- RESERVED
+CVE-2020-4629 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
+ NOT-FOR-US: IBM
CVE-2020-4628
RESERVED
CVE-2020-4627
@@ -47333,38 +51957,38 @@ CVE-2020-4624
RESERVED
CVE-2020-4623
RESERVED
-CVE-2020-4622
- RESERVED
-CVE-2020-4621
- RESERVED
-CVE-2020-4620
- RESERVED
-CVE-2020-4619
- RESERVED
-CVE-2020-4618
- RESERVED
-CVE-2020-4617
- RESERVED
-CVE-2020-4616
- RESERVED
-CVE-2020-4615
- RESERVED
-CVE-2020-4614
- RESERVED
-CVE-2020-4613
- RESERVED
-CVE-2020-4612
- RESERVED
-CVE-2020-4611
- RESERVED
+CVE-2020-4622 (IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, su ...)
+ NOT-FOR-US: IBM
+CVE-2020-4621 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4620 (IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated ...)
+ NOT-FOR-US: IBM
+CVE-2020-4619 (IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in ...)
+ NOT-FOR-US: IBM
+CVE-2020-4618 (IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to ca ...)
+ NOT-FOR-US: IBM
+CVE-2020-4617 (IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request ...)
+ NOT-FOR-US: IBM
+CVE-2020-4616 (IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username i ...)
+ NOT-FOR-US: IBM
+CVE-2020-4615 (IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripti ...)
+ NOT-FOR-US: IBM
+CVE-2020-4614 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...)
+ NOT-FOR-US: IBM
+CVE-2020-4613 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...)
+ NOT-FOR-US: IBM
+CVE-2020-4612 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
+CVE-2020-4611 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...)
+ NOT-FOR-US: IBM
CVE-2020-4610
RESERVED
CVE-2020-4609
RESERVED
CVE-2020-4608
RESERVED
-CVE-2020-4607
- RESERVED
+CVE-2020-4607 (IBM Security Secret Server (IBM Security Verify Privilege Vault Remote ...)
+ NOT-FOR-US: IBM
CVE-2020-4606
RESERVED
CVE-2020-4605
@@ -47397,8 +52021,8 @@ CVE-2020-4592
RESERVED
CVE-2020-4591 (IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclos ...)
NOT-FOR-US: IBM
-CVE-2020-4590
- RESERVED
+CVE-2020-4590 (IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 run ...)
+ NOT-FOR-US: IBM
CVE-2020-4589 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
NOT-FOR-US: IBM
CVE-2020-4588
@@ -47415,18 +52039,18 @@ CVE-2020-4583
RESERVED
CVE-2020-4582
RESERVED
-CVE-2020-4581
- RESERVED
-CVE-2020-4580
- RESERVED
-CVE-2020-4579
- RESERVED
+CVE-2020-4581 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2020-4580 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a rem ...)
+ NOT-FOR-US: IBM
+CVE-2020-4579 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a rem ...)
+ NOT-FOR-US: IBM
CVE-2020-4578 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
NOT-FOR-US: IBM
CVE-2020-4577
RESERVED
-CVE-2020-4576
- RESERVED
+CVE-2020-4576 (IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional co ...)
+ NOT-FOR-US: IBM
CVE-2020-4575 (IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Vir ...)
NOT-FOR-US: IBM
CVE-2020-4574 (IBM Tivoli Key Lifecycle Manager does not require that users should ha ...)
@@ -47449,8 +52073,8 @@ CVE-2020-4566
RESERVED
CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacke ...)
NOT-FOR-US: IBM
-CVE-2020-4564
- RESERVED
+CVE-2020-4564 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 a ...)
+ NOT-FOR-US: IBM
CVE-2020-4563
RESERVED
CVE-2020-4562
@@ -47515,14 +52139,14 @@ CVE-2020-4533 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable
NOT-FOR-US: IBM
CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager (IBM ...)
NOT-FOR-US: IBM
-CVE-2020-4531
- RESERVED
+CVE-2020-4531 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...)
+ NOT-FOR-US: IBM
CVE-2020-4530 (IBM Business Automation Workflow C.D.0 and IBM Business Process Manage ...)
NOT-FOR-US: IBM
CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server si ...)
NOT-FOR-US: IBM
-CVE-2020-4528
- RESERVED
+CVE-2020-4528 (IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 throug ...)
+ NOT-FOR-US: IBM
CVE-2020-4527 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...)
NOT-FOR-US: IBM
CVE-2020-4526 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...)
@@ -47579,8 +52203,8 @@ CVE-2020-4501
RESERVED
CVE-2020-4500
RESERVED
-CVE-2020-4499
- RESERVED
+CVE-2020-4499 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...)
+ NOT-FOR-US: IBM
CVE-2020-4498 (IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged use ...)
NOT-FOR-US: IBM
CVE-2020-4497
@@ -47591,12 +52215,12 @@ CVE-2020-4495
RESERVED
CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...)
NOT-FOR-US: IBM
-CVE-2020-4493
- RESERVED
+CVE-2020-4493 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to ...)
+ NOT-FOR-US: IBM
CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2 ...)
NOT-FOR-US: IBM
-CVE-2020-4491
- RESERVED
+CVE-2020-4491 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5. ...)
+ NOT-FOR-US: IBM
CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business Process M ...)
NOT-FOR-US: IBM
CVE-2020-4489
@@ -47787,8 +52411,8 @@ CVE-2020-4397 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive info
NOT-FOR-US: IBM
CVE-2020-4396 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...)
NOT-FOR-US: IBM
-CVE-2020-4395
- RESERVED
+CVE-2020-4395 (IBM Security Access Manager Appliance 9.0.7 does not invalidate sessio ...)
+ NOT-FOR-US: IBM
CVE-2020-4394
RESERVED
CVE-2020-4393
@@ -47801,8 +52425,8 @@ CVE-2020-4390
RESERVED
CVE-2020-4389
RESERVED
-CVE-2020-4388
- RESERVED
+CVE-2020-4388 (IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of ...)
+ NOT-FOR-US: IBM
CVE-2020-4387 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
NOT-FOR-US: IBM
CVE-2020-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
@@ -47897,8 +52521,8 @@ CVE-2020-4342 (IBM Security Secret Server 10.7 could disclose sensitive informat
NOT-FOR-US: IBM
CVE-2020-4341 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
NOT-FOR-US: IBM
-CVE-2020-4340
- RESERVED
+CVE-2020-4340 (IBM Security Secret Server prior to 10.9 could allow an attacker to by ...)
+ NOT-FOR-US: IBM
CVE-2020-4339
RESERVED
CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...)
@@ -47929,8 +52553,8 @@ CVE-2020-4326
RESERVED
CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0 ...)
NOT-FOR-US: IBM
-CVE-2020-4324
- RESERVED
+CVE-2020-4324 (IBM Security Secret Server proir to 10.9 could allow a remote attacker ...)
+ NOT-FOR-US: IBM
CVE-2020-4323 (IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. ...)
NOT-FOR-US: IBM
CVE-2020-4322 (IBM Security Secret Server 10.7 could allow a remote attacker to hijac ...)
@@ -47947,8 +52571,8 @@ CVE-2020-4317 (IBM Intelligent Operations Center for Emergency Management, Intel
NOT-FOR-US: IBM
CVE-2020-4316 (IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure ...)
NOT-FOR-US: IBM
-CVE-2020-4315
- RESERVED
+CVE-2020-4315 (IBM Business Automation Content Analyzer on Cloud 1.0 does not set the ...)
+ NOT-FOR-US: IBM
CVE-2020-4314
RESERVED
CVE-2020-4313
@@ -47973,8 +52597,8 @@ CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.
NOT-FOR-US: IBM
CVE-2020-4303 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...)
NOT-FOR-US: IBM
-CVE-2020-4302
- RESERVED
+CVE-2020-4302 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ex ...)
+ NOT-FOR-US: IBM
CVE-2020-4301
RESERVED
CVE-2020-4300
@@ -48017,8 +52641,8 @@ CVE-2020-4282 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3,
NOT-FOR-US: IBM
CVE-2020-4281 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is ...)
NOT-FOR-US: IBM
-CVE-2020-4280
- RESERVED
+CVE-2020-4280 (IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute a ...)
+ NOT-FOR-US: IBM
CVE-2020-4279
RESERVED
CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Sp ...)
@@ -48069,8 +52693,8 @@ CVE-2020-4256
RESERVED
CVE-2020-4255
RESERVED
-CVE-2020-4254
- RESERVED
+CVE-2020-4254 (IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker t ...)
+ NOT-FOR-US: IBM
CVE-2020-4253 (IBM Content Navigator 3.0CD does not invalidate session after logout w ...)
NOT-FOR-US: IBM
CVE-2020-4252 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...)
@@ -48610,22 +53234,23 @@ CVE-2020-4000
RESERVED
CVE-2020-3999
RESERVED
-CVE-2020-3998
- RESERVED
-CVE-2020-3997
- RESERVED
-CVE-2020-3996
- RESERVED
-CVE-2020-3995
- RESERVED
-CVE-2020-3994
- RESERVED
-CVE-2020-3993
- RESERVED
-CVE-2020-3992
- RESERVED
-CVE-2020-3991
- RESERVED
+CVE-2020-3998 (VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an inf ...)
+ NOT-FOR-US: VMware
+CVE-2020-3997 (VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross ...)
+ NOT-FOR-US: VMware
+CVE-2020-3996 (Velero (prior to 1.4.3 and 1.5.2) in some instances doesn&#8217;t prop ...)
+ NOT-FOR-US: Velero
+CVE-2020-3995 (In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-20 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3994 (VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a ...)
+ NOT-FOR-US: VMware
+CVE-2020-3993 (VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a sec ...)
+ NOT-FOR-US: VMware
+CVE-2020-3992 (OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6. ...)
+ NOT-FOR-US: VMware
+ NOTE: Might affect src:openslp-dfsg, but removed years ago
+CVE-2020-3991 (VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial ...)
+ NOT-FOR-US: VMware
CVE-2020-3990 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
NOT-FOR-US: VMware
CVE-2020-3989 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...)
@@ -48642,18 +53267,18 @@ CVE-2020-3984
RESERVED
CVE-2020-3983
RESERVED
-CVE-2020-3982
- RESERVED
-CVE-2020-3981
- RESERVED
+CVE-2020-3982 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...)
+ NOT-FOR-US: VMware
+CVE-2020-3981 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...)
+ NOT-FOR-US: VMware
CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...)
NOT-FOR-US: VMware
CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...)
NOT-FOR-US: InstallBuilder for Qt Windows installers
CVE-2020-3978
RESERVED
-CVE-2020-3977
- RESERVED
+CVE-2020-3977 (VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a bro ...)
+ NOT-FOR-US: VMware
CVE-2020-3976 (VMware ESXi and vCenter Server contain a partial denial of service vul ...)
NOT-FOR-US: VMware
CVE-2020-3975 (VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior ...)
@@ -48770,14 +53395,14 @@ CVE-2020-3920 (UltraLog Express device management interface does not properly pe
NOT-FOR-US: UltraLog Express
CVE-2020-3919 (A memory initialization issue was addressed with improved memory handl ...)
NOT-FOR-US: Apple
-CVE-2020-3918
- RESERVED
+CVE-2020-3918 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ NOT-FOR-US: Apple
CVE-2020-3917 (This issue was addressed with a new entitlement. This issue is fixed i ...)
NOT-FOR-US: Apple
CVE-2020-3916 (An access issue was addressed with additional sandbox restrictions. Th ...)
NOT-FOR-US: Apple
-CVE-2020-3915
- RESERVED
+CVE-2020-3915 (A path handling issue was addressed with improved validation. This iss ...)
+ NOT-FOR-US: Apple
CVE-2020-3914 (A memory initialization issue was addressed with improved memory handl ...)
NOT-FOR-US: Apple
CVE-2020-3913 (A permissions issue existed. This issue was addressed with improved pe ...)
@@ -48830,8 +53455,7 @@ CVE-2020-3899 (A memory consumption issue was addressed with improved memory han
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.2-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
-CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c]
- RESERVED
+CVE-2020-3898 (A memory corruption issue was addressed with improved validation. This ...)
{DLA-2237-1}
- cups 2.3.1-12
[buster] - cups 2.2.10-6+deb10u3
@@ -49281,8 +53905,10 @@ CVE-2020-3705
RESERVED
CVE-2020-3704
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3703
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...)
NOT-FOR-US: Snapdragon
CVE-2020-3701 (Use after free issue while processing error notification from camx dri ...)
@@ -49305,10 +53931,12 @@ CVE-2020-3693
RESERVED
CVE-2020-3692
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3691
RESERVED
CVE-2020-3690
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3689
RESERVED
CVE-2020-3688 (Possible buffer overflow while parsing mp4 clip with corrupted sample ...)
@@ -49321,6 +53949,7 @@ CVE-2020-3685
RESERVED
CVE-2020-3684
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3683
RESERVED
CVE-2020-3682
@@ -49333,6 +53962,7 @@ CVE-2020-3679 (u'During execution after Address Space Layout Randomization is tu
NOT-FOR-US: Snapdragon
CVE-2020-3678
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3677
RESERVED
CVE-2020-3676 (Possible memory corruption in perfservice due to improper validation a ...)
@@ -49343,12 +53973,14 @@ CVE-2020-3674 (Information can leak into userspace due to improper transfer of d
NOT-FOR-US: Snapdragon
CVE-2020-3673
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3672
RESERVED
CVE-2020-3671 (Use-after-free issue could occur due to dangling pointer when generati ...)
NOT-FOR-US: Snapdragon
CVE-2020-3670
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3669 (u'Buffer Overflow issue in WLAN tcp ip verification due to usage of ou ...)
NOT-FOR-US: Qualcomm components for Android
CVE-2020-3668 (u'Buffer overflow while parsing PMF enabled MCBC frames due to frame l ...)
@@ -49375,12 +54007,14 @@ CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4 cli
NOT-FOR-US: Snapdragon
CVE-2020-3657
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3656 (Out of bound access can happen in MHI command process due to lack of c ...)
NOT-FOR-US: Snapdragon
CVE-2020-3655
RESERVED
CVE-2020-3654
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3653 (Possible buffer over-read in windows wlan driver function due to lack ...)
NOT-FOR-US: Snapdragon
CVE-2020-3652 (Possible buffer over-read issue in windows x86 wlan driver function wh ...)
@@ -49413,6 +54047,7 @@ CVE-2020-3639
RESERVED
CVE-2020-3638
RESERVED
+ NOT-FOR-US: Qualcomm components for Android
CVE-2020-3637
RESERVED
CVE-2020-3636 (u'Out of bound writes happen when accessing usage_table header entry b ...)
@@ -49483,20 +54118,20 @@ CVE-2020-3604
RESERVED
CVE-2020-3603
RESERVED
-CVE-2020-3602
- RESERVED
-CVE-2020-3601
- RESERVED
+CVE-2020-3602 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3601 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco ...)
+ NOT-FOR-US: Cisco
CVE-2020-3600
RESERVED
-CVE-2020-3599
- RESERVED
-CVE-2020-3598
- RESERVED
-CVE-2020-3597
- RESERVED
-CVE-2020-3596
- RESERVED
+CVE-2020-3599 (A vulnerability in the web-based management interface of Cisco Adaptiv ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3598 (A vulnerability in the web-based management interface of Cisco Vision ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3597 (A vulnerability in the configuration restore feature of Cisco Nexus Da ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3596 (A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expr ...)
+ NOT-FOR-US: Cisco
CVE-2020-3595
RESERVED
CVE-2020-3594
@@ -49509,32 +54144,32 @@ CVE-2020-3591
RESERVED
CVE-2020-3590
RESERVED
-CVE-2020-3589
- RESERVED
+CVE-2020-3589 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
CVE-2020-3588
RESERVED
CVE-2020-3587
RESERVED
CVE-2020-3586
RESERVED
-CVE-2020-3585
- RESERVED
+CVE-2020-3585 (A vulnerability in the TLS handler of Cisco Adaptive Security Applianc ...)
+ NOT-FOR-US: Cisco
CVE-2020-3584
RESERVED
-CVE-2020-3583
- RESERVED
-CVE-2020-3582
- RESERVED
-CVE-2020-3581
- RESERVED
-CVE-2020-3580
- RESERVED
+CVE-2020-3583 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3582 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3581 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3580 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...)
+ NOT-FOR-US: Cisco
CVE-2020-3579
RESERVED
-CVE-2020-3578
- RESERVED
-CVE-2020-3577
- RESERVED
+CVE-2020-3578 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3577 (A vulnerability in the ingress packet processing path of Cisco Firepow ...)
+ NOT-FOR-US: Cisco
CVE-2020-3576
RESERVED
CVE-2020-3575
@@ -49543,54 +54178,54 @@ CVE-2020-3574
RESERVED
CVE-2020-3573
RESERVED
-CVE-2020-3572
- RESERVED
-CVE-2020-3571
- RESERVED
+CVE-2020-3572 (A vulnerability in the SSL/TLS session handler of Cisco Adaptive Secur ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3571 (A vulnerability in the ICMP ingress packet processing of Cisco Firepow ...)
+ NOT-FOR-US: Cisco
CVE-2020-3570
RESERVED
-CVE-2020-3569
- RESERVED
-CVE-2020-3568
- RESERVED
-CVE-2020-3567
- RESERVED
+CVE-2020-3569 (Multiple vulnerabilities in the Distance Vector Multicast Routing Prot ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3568 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3567 (A vulnerability in the management REST API of Cisco Industrial Network ...)
+ NOT-FOR-US: Cisco
CVE-2020-3566 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...)
NOT-FOR-US: Cisco
-CVE-2020-3565
- RESERVED
-CVE-2020-3564
- RESERVED
-CVE-2020-3563
- RESERVED
-CVE-2020-3562
- RESERVED
-CVE-2020-3561
- RESERVED
-CVE-2020-3560
- RESERVED
-CVE-2020-3559
- RESERVED
-CVE-2020-3558
- RESERVED
-CVE-2020-3557
- RESERVED
+CVE-2020-3565 (A vulnerability in the TCP Intercept functionality of Cisco Firepower ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3564 (A vulnerability in the FTP inspection engine of Cisco Adaptive Securit ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3563 (A vulnerability in the packet processing functionality of Cisco Firepo ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3562 (A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat De ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3561 (A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive S ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3560 (A vulnerability in Cisco Aironet Access Points (APs) could allow an un ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3559 (A vulnerability in Cisco Aironet Access Point (AP) Software could allo ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3558 (A vulnerability in the web-based management interface of Cisco Firepow ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3557 (A vulnerability in the host input API daemon of Cisco Firepower Manage ...)
+ NOT-FOR-US: Cisco
CVE-2020-3556
RESERVED
-CVE-2020-3555
- RESERVED
-CVE-2020-3554
- RESERVED
-CVE-2020-3553
- RESERVED
-CVE-2020-3552
- RESERVED
+CVE-2020-3555 (A vulnerability in the SIP inspection process of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3554 (A vulnerability in the TCP packet processing of Cisco Adaptive Securit ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3553 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3552 (A vulnerability in the Ethernet packet handling of Cisco Aironet Acces ...)
+ NOT-FOR-US: Cisco
CVE-2020-3551
RESERVED
-CVE-2020-3550
- RESERVED
-CVE-2020-3549
- RESERVED
+CVE-2020-3550 (A vulnerability in the sfmgr daemon of Cisco Firepower Management Cent ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3549 (A vulnerability in the sftunnel functionality of Cisco Firepower Manag ...)
+ NOT-FOR-US: Cisco
CVE-2020-3548
RESERVED
CVE-2020-3547 (A vulnerability in the web-based management interface of Cisco AsyncOS ...)
@@ -49599,10 +54234,10 @@ CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco As
NOT-FOR-US: Cisco
CVE-2020-3545 (A vulnerability in Cisco FXOS Software could allow an authenticated, l ...)
NOT-FOR-US: Cisco
-CVE-2020-3544
- RESERVED
-CVE-2020-3543
- RESERVED
+CVE-2020-3544 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3543 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...)
+ NOT-FOR-US: Cisco
CVE-2020-3542 (A vulnerability in Cisco Webex Training could allow an authenticated, ...)
NOT-FOR-US: Cisco
CVE-2020-3541 (A vulnerability in the media engine component of Cisco Webex Meetings ...)
@@ -49615,32 +54250,32 @@ CVE-2020-3538
RESERVED
CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could allow an au ...)
NOT-FOR-US: Cisco
-CVE-2020-3536
- RESERVED
-CVE-2020-3535
- RESERVED
+CVE-2020-3536 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3535 (A vulnerability in the loading mechanism of specific DLLs in the Cisco ...)
+ NOT-FOR-US: Cisco
CVE-2020-3534
RESERVED
-CVE-2020-3533
- RESERVED
+CVE-2020-3533 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...)
+ NOT-FOR-US: Cisco
CVE-2020-3532
RESERVED
CVE-2020-3531
RESERVED
CVE-2020-3530 (A vulnerability in task group assignment for a specific CLI command in ...)
NOT-FOR-US: Cisco
-CVE-2020-3529
- RESERVED
-CVE-2020-3528
- RESERVED
-CVE-2020-3527
- RESERVED
-CVE-2020-3526
- RESERVED
+CVE-2020-3529 (A vulnerability in the SSL VPN negotiation process for Cisco Adaptive ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3528 (A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3527 (A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Sw ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3526 (A vulnerability in the Common Open Policy Service (COPS) engine of Cis ...)
+ NOT-FOR-US: Cisco
CVE-2020-3525
RESERVED
-CVE-2020-3524
- RESERVED
+CVE-2020-3524 (A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for ...)
+ NOT-FOR-US: Cisco
CVE-2020-3523 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
NOT-FOR-US: Cisco
CVE-2020-3522 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
@@ -49655,24 +54290,24 @@ CVE-2020-3518 (A vulnerability in the web-based management interface of Cisco Da
NOT-FOR-US: Cisco
CVE-2020-3517 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...)
NOT-FOR-US: Cisco
-CVE-2020-3516
- RESERVED
-CVE-2020-3515
- RESERVED
-CVE-2020-3514
- RESERVED
-CVE-2020-3513
- RESERVED
-CVE-2020-3512
- RESERVED
-CVE-2020-3511
- RESERVED
-CVE-2020-3510
- RESERVED
-CVE-2020-3509
- RESERVED
-CVE-2020-3508
- RESERVED
+CVE-2020-3516 (A vulnerability in the web server authentication of Cisco IOS XE Softw ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3515 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3514 (A vulnerability in the multi-instance feature of Cisco Firepower Threa ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3513 (Multiple vulnerabilities in the initialization routines that are execu ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3512 (A vulnerability in the PROFINET handler for Link Layer Discovery Proto ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3511 (A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3510 (A vulnerability in the Umbrella Connector component of Cisco IOS XE So ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3509 (A vulnerability in the DHCP message handler of Cisco IOS XE Software f ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3508 (A vulnerability in the IP Address Resolution Protocol (ARP) feature of ...)
+ NOT-FOR-US: Cisco
CVE-2020-3507 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...)
NOT-FOR-US: Cisco
CVE-2020-3506 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...)
@@ -49681,48 +54316,48 @@ CVE-2020-3505 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Su
NOT-FOR-US: Cisco
CVE-2020-3504 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...)
NOT-FOR-US: Cisco
-CVE-2020-3503
- RESERVED
+CVE-2020-3503 (A vulnerability in the file system permissions of Cisco IOS XE Softwar ...)
+ NOT-FOR-US: Cisco
CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
NOT-FOR-US: Cisco
CVE-2020-3501 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...)
NOT-FOR-US: Cisco
CVE-2020-3500 (A vulnerability in the IPv6 implementation of Cisco StarOS could allow ...)
NOT-FOR-US: Cisco
-CVE-2020-3499
- RESERVED
+CVE-2020-3499 (A vulnerability in the licensing service of Cisco Firepower Management ...)
+ NOT-FOR-US: Cisco
CVE-2020-3498 (A vulnerability in Cisco Jabber software could allow an authenticated, ...)
NOT-FOR-US: Cisco
-CVE-2020-3497
- RESERVED
+CVE-2020-3497 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
CVE-2020-3496 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...)
NOT-FOR-US: Cisco
CVE-2020-3495 (A vulnerability in Cisco Jabber for Windows could allow an authenticat ...)
NOT-FOR-US: Cisco
-CVE-2020-3494
- RESERVED
-CVE-2020-3493
- RESERVED
-CVE-2020-3492
- RESERVED
+CVE-2020-3494 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3493 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3492 (A vulnerability in the Flexible NetFlow Version 9 packet processor of ...)
+ NOT-FOR-US: Cisco
CVE-2020-3491 (A vulnerability in the web-based management interface of Cisco Vision ...)
NOT-FOR-US: Cisco
CVE-2020-3490 (A vulnerability in the web-based management interface of Cisco Vision ...)
NOT-FOR-US: Cisco
-CVE-2020-3489
- RESERVED
-CVE-2020-3488
- RESERVED
-CVE-2020-3487
- RESERVED
-CVE-2020-3486
- RESERVED
+CVE-2020-3489 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3488 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3487 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3486 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...)
+ NOT-FOR-US: Cisco
CVE-2020-3485 (A vulnerability in the role-based access control (RBAC) functionality ...)
NOT-FOR-US: Cisco
CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco Vision ...)
NOT-FOR-US: Cisco
-CVE-2020-3483
- RESERVED
+CVE-2020-3483 (Duo has identified and fixed an issue with the Duo Network Gateway (DN ...)
+ NOT-FOR-US: Duo
CVE-2020-3482
RESERVED
CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam AntiVirus (C ...)
@@ -49730,20 +54365,20 @@ CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam AntiVir
- clamav 0.102.4+dfsg-1
[buster] - clamav 0.102.4+dfsg-0+deb10u1
NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
-CVE-2020-3480
- RESERVED
-CVE-2020-3479
- RESERVED
+CVE-2020-3480 (Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco I ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3479 (A vulnerability in the implementation of Multiprotocol Border Gateway ...)
+ NOT-FOR-US: Cisco
CVE-2020-3478 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...)
NOT-FOR-US: Cisco
-CVE-2020-3477
- RESERVED
-CVE-2020-3476
- RESERVED
-CVE-2020-3475
- RESERVED
-CVE-2020-3474
- RESERVED
+CVE-2020-3477 (A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3476 (A vulnerability in the CLI implementation of a specific command of Cis ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3475 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3474 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
+ NOT-FOR-US: Cisco
CVE-2020-3473 (A vulnerability in task group assignment for a specific CLI command in ...)
NOT-FOR-US: Cisco
CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings could ...)
@@ -49756,12 +54391,12 @@ CVE-2020-3469
RESERVED
CVE-2020-3468 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
NOT-FOR-US: Cisco
-CVE-2020-3467
- RESERVED
+CVE-2020-3467 (A vulnerability in the web-based management interface of Cisco Identit ...)
+ NOT-FOR-US: Cisco
CVE-2020-3466 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
NOT-FOR-US: Cisco
-CVE-2020-3465
- RESERVED
+CVE-2020-3465 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...)
+ NOT-FOR-US: Cisco
CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco UCS Dir ...)
NOT-FOR-US: Cisco
CVE-2020-3463 (A vulnerability in the web-based management interface of Cisco Webex M ...)
@@ -49772,16 +54407,16 @@ CVE-2020-3461 (A vulnerability in the web-based management interface of Cisco Da
NOT-FOR-US: Cisco
CVE-2020-3460 (A vulnerability in the web-based management interface of Cisco Data Ce ...)
NOT-FOR-US: Cisco
-CVE-2020-3459
- RESERVED
-CVE-2020-3458
- RESERVED
-CVE-2020-3457
- RESERVED
-CVE-2020-3456
- RESERVED
-CVE-2020-3455
- RESERVED
+CVE-2020-3459 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3458 (Multiple vulnerabilities in the secure boot process of Cisco Adaptive ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3457 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3456 (A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3455 (A vulnerability in the secure boot process of Cisco FXOS Software coul ...)
+ NOT-FOR-US: Cisco
CVE-2020-3454 (A vulnerability in the Call Home feature of Cisco NX-OS Software could ...)
NOT-FOR-US: Cisco
CVE-2020-3453 (Multiple vulnerabilities in the web-based management interface of Cisc ...)
@@ -49818,8 +54453,8 @@ CVE-2020-3438
RESERVED
CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco SD-WAN ...)
NOT-FOR-US: Cisco
-CVE-2020-3436
- RESERVED
+CVE-2020-3436 (A vulnerability in the web services interface of Cisco Adaptive Securi ...)
+ NOT-FOR-US: Cisco
CVE-2020-3435 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
NOT-FOR-US: Cisco
CVE-2020-3434 (A vulnerability in the interprocess communication (IPC) channel of Cis ...)
@@ -49832,86 +54467,86 @@ CVE-2020-3431
RESERVED
CVE-2020-3430 (A vulnerability in the application protocol handling features of Cisco ...)
NOT-FOR-US: Cisco
-CVE-2020-3429
- RESERVED
-CVE-2020-3428
- RESERVED
-CVE-2020-3427
- RESERVED
-CVE-2020-3426
- RESERVED
-CVE-2020-3425
- RESERVED
+CVE-2020-3429 (A vulnerability in the WPA2 and WPA3 security implementation of Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3428 (A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wi ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3427 (The Windows Logon installer prior to 4.1.2 did not properly validate f ...)
+ NOT-FOR-US: Duo
+CVE-2020-3426 (A vulnerability in the implementation of the Low Power, Wide Area (LPW ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3425 (Multiple vulnerabilities in the web management framework of Cisco IOS ...)
+ NOT-FOR-US: Cisco
CVE-2020-3424
RESERVED
-CVE-2020-3423
- RESERVED
-CVE-2020-3422
- RESERVED
-CVE-2020-3421
- RESERVED
+CVE-2020-3423 (A vulnerability in the implementation of the Lua interpreter that is i ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3422 (A vulnerability in the IP Service Level Agreement (SLA) responder feat ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3421 (Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco I ...)
+ NOT-FOR-US: Cisco
CVE-2020-3420
RESERVED
CVE-2020-3419
RESERVED
-CVE-2020-3418
- RESERVED
-CVE-2020-3417
- RESERVED
-CVE-2020-3416
- RESERVED
+CVE-2020-3418 (A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3417 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...)
+ NOT-FOR-US: Cisco
+CVE-2020-3416 (Multiple vulnerabilities in the initialization routines that are execu ...)
+ NOT-FOR-US: Cisco
CVE-2020