CVE-2020-XXXX [RUSTSEC-2020-0041: sized-chunks: Multiple soundness issues in Chunk and InlineArray] - rust-sized-chunks (bug #970586) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html NOTE: https://github.com/bodil/sized-chunks/issues/11 CVE-2020-25780 RESERVED CVE-2020-25779 RESERVED CVE-2020-25778 RESERVED CVE-2020-25777 RESERVED CVE-2020-25776 RESERVED CVE-2020-25775 RESERVED CVE-2020-25774 RESERVED CVE-2020-25773 RESERVED CVE-2020-25772 RESERVED CVE-2020-25771 RESERVED CVE-2020-25770 RESERVED CVE-2020-25769 RESERVED CVE-2020-25768 RESERVED CVE-2020-25767 RESERVED CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...) NOT-FOR-US: MISP CVE-2020-25765 RESERVED CVE-2020-25764 RESERVED CVE-2020-25763 RESERVED CVE-2020-25762 RESERVED CVE-2020-25761 RESERVED CVE-2020-25760 RESERVED CVE-2020-25759 RESERVED CVE-2020-25758 RESERVED CVE-2020-25757 RESERVED CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_ht ...) NOT-FOR-US: Cesanta Mongoose NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2020-25755 RESERVED CVE-2020-25754 RESERVED CVE-2020-25753 RESERVED CVE-2020-25752 RESERVED CVE-2020-25751 (The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via ...) NOT-FOR-US: paGO Commerce plugin for Joomla! CVE-2020-25750 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 b ...) NOT-FOR-US: DotPlant2 CVE-2020-25749 RESERVED CVE-2020-25748 RESERVED CVE-2020-25747 RESERVED CVE-2020-25746 RESERVED CVE-2020-25745 RESERVED CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to ...) NOT-FOR-US: SaferVPN CVE-2020-25743 RESERVED CVE-2020-25742 RESERVED CVE-2020-25741 RESERVED CVE-2020-25740 RESERVED CVE-2020-25739 RESERVED CVE-2020-25738 RESERVED CVE-2020-25737 RESERVED CVE-2020-25736 RESERVED CVE-2020-25735 (webTareas through 2.1 allows XSS in clients/editclient.php, extensions ...) NOT-FOR-US: webTareas CVE-2020-25734 (webTareas through 2.1 allows files/Default/ Directory Listing. ...) NOT-FOR-US: webTareas CVE-2020-25733 (webTareas through 2.1 allows upload of the dangerous .exe and .shtml f ...) NOT-FOR-US: webTareas CVE-2020-25732 RESERVED CVE-2020-25731 RESERVED CVE-2020-25730 RESERVED CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the connkey parameter to downloa ...) - zoneminder (unimportant) NOTE: https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413 NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a broken algor ...) NOT-FOR-US: Reset Password add-on for Alfresco CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS- ...) NOT-FOR-US: Reset Password add-on for Alfresco CVE-2020-25726 RESERVED CVE-2020-25725 RESERVED CVE-2020-25724 RESERVED CVE-2020-25723 RESERVED CVE-2020-25722 RESERVED CVE-2020-25721 RESERVED CVE-2020-25720 RESERVED CVE-2020-25719 RESERVED CVE-2020-25718 RESERVED CVE-2020-25717 RESERVED CVE-2020-25716 RESERVED CVE-2020-25715 RESERVED CVE-2020-25714 RESERVED CVE-2020-25713 RESERVED CVE-2020-25712 RESERVED CVE-2020-25711 RESERVED CVE-2020-25710 RESERVED CVE-2020-25709 RESERVED CVE-2020-25708 RESERVED CVE-2020-25707 RESERVED CVE-2020-25706 RESERVED CVE-2020-25705 RESERVED CVE-2020-25704 RESERVED CVE-2020-25703 RESERVED CVE-2020-25702 RESERVED CVE-2020-25701 RESERVED CVE-2020-25700 RESERVED CVE-2020-25699 RESERVED CVE-2020-25698 RESERVED CVE-2020-25697 RESERVED CVE-2020-25696 RESERVED CVE-2020-25695 RESERVED CVE-2020-25694 RESERVED CVE-2020-25693 RESERVED CVE-2020-25692 RESERVED CVE-2020-25691 RESERVED CVE-2020-25690 RESERVED CVE-2020-25689 RESERVED CVE-2020-25688 RESERVED CVE-2020-25687 RESERVED CVE-2020-25686 RESERVED CVE-2020-25685 RESERVED CVE-2020-25684 RESERVED CVE-2020-25683 RESERVED CVE-2020-25682 RESERVED CVE-2020-25681 RESERVED CVE-2020-25680 RESERVED CVE-2020-25679 RESERVED CVE-2020-25678 RESERVED CVE-2020-25677 RESERVED CVE-2020-25676 RESERVED CVE-2020-25675 RESERVED CVE-2020-25674 RESERVED CVE-2020-25673 RESERVED CVE-2020-25672 RESERVED CVE-2020-25671 RESERVED CVE-2020-25670 RESERVED CVE-2020-25669 RESERVED CVE-2020-25668 RESERVED CVE-2020-25667 RESERVED CVE-2020-25666 RESERVED CVE-2020-25665 RESERVED CVE-2020-25664 RESERVED CVE-2020-25663 RESERVED CVE-2020-25662 RESERVED CVE-2020-25661 RESERVED CVE-2020-25660 RESERVED CVE-2020-25659 RESERVED CVE-2020-25658 RESERVED CVE-2020-25657 RESERVED CVE-2020-25656 RESERVED CVE-2020-25655 RESERVED CVE-2020-25654 RESERVED CVE-2020-25653 RESERVED CVE-2020-25652 RESERVED CVE-2020-25651 RESERVED CVE-2020-25650 RESERVED CVE-2020-25649 RESERVED CVE-2020-25648 RESERVED CVE-2020-25647 RESERVED CVE-2020-25646 RESERVED CVE-2020-25645 RESERVED CVE-2020-25644 RESERVED CVE-2020-25643 RESERVED CVE-2020-25642 RESERVED CVE-2020-25641 RESERVED CVE-2020-25640 RESERVED CVE-2020-25639 RESERVED CVE-2020-25638 RESERVED CVE-2020-25637 RESERVED CVE-2020-25636 RESERVED - ansible NOTE: https://github.com/ansible-collections/community.aws/issues/221 CVE-2020-25635 RESERVED - ansible NOTE: https://github.com/ansible-collections/community.aws/issues/222 CVE-2020-25634 RESERVED NOT-FOR-US: 3scale CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...) - resteasy (bug #970585) - resteasy3.0 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042 CVE-2020-25632 RESERVED CVE-2020-25631 RESERVED CVE-2020-25630 RESERVED CVE-2020-25629 RESERVED CVE-2020-25628 RESERVED CVE-2020-25627 RESERVED CVE-2020-25626 RESERVED CVE-2020-25625 [usb: hcd-ohci: infinite loop issue while processing transfer descriptors] RESERVED - qemu (bug #970542) [buster] - qemu (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1 CVE-2020-25624 [hcd-ohci: out-of-bound access issue while processing transfer descriptors] RESERVED - qemu (bug #970541) [buster] - qemu (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html CVE-2020-25623 RESERVED CVE-2020-25622 RESERVED CVE-2020-25621 RESERVED CVE-2020-25620 RESERVED CVE-2020-25619 RESERVED CVE-2020-25618 RESERVED CVE-2020-25617 RESERVED CVE-2020-25616 RESERVED CVE-2020-25615 RESERVED CVE-2020-25614 (xmlquery before 1.3.1 lacks a check for whether a LoadURL response is ...) - golang-github-antchfx-xmlquery NOTE: https://github.com/antchfx/xmlquery/issues/39 CVE-2020-25613 RESERVED CVE-2020-25612 RESERVED CVE-2020-25611 RESERVED CVE-2020-25610 RESERVED CVE-2020-25609 RESERVED CVE-2020-25608 RESERVED CVE-2020-25607 RESERVED CVE-2020-25606 RESERVED CVE-2020-25605 RESERVED CVE-2020-25604 RESERVED CVE-2020-25603 RESERVED CVE-2020-25602 RESERVED CVE-2020-25601 RESERVED CVE-2020-25600 RESERVED CVE-2020-25599 RESERVED CVE-2020-25598 RESERVED CVE-2020-25597 RESERVED CVE-2020-25596 RESERVED CVE-2020-25595 RESERVED CVE-2020-25594 RESERVED CVE-2020-25593 RESERVED CVE-2020-25592 RESERVED CVE-2020-25591 RESERVED CVE-2020-25590 RESERVED CVE-2020-25589 RESERVED CVE-2020-25588 RESERVED CVE-2020-25587 RESERVED CVE-2020-25586 RESERVED CVE-2020-25585 RESERVED CVE-2020-25584 RESERVED CVE-2020-25583 RESERVED CVE-2020-25582 RESERVED CVE-2020-25581 RESERVED CVE-2020-25580 RESERVED CVE-2020-25579 RESERVED CVE-2020-25578 RESERVED CVE-2020-25577 RESERVED CVE-2020-25572 RESERVED CVE-2020-25571 RESERVED CVE-2020-25570 RESERVED CVE-2020-25569 RESERVED CVE-2020-25568 RESERVED CVE-2020-25567 RESERVED CVE-2020-25566 RESERVED CVE-2020-25565 RESERVED CVE-2020-25564 RESERVED CVE-2020-25563 RESERVED CVE-2020-25562 RESERVED CVE-2020-25561 RESERVED CVE-2020-25560 RESERVED CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing print_set_output ...) - gnuplot (unimportant) NOTE: https://sourceforge.net/p/gnuplot/bugs/2312/ NOTE: No security impact, gnuplot can execute arbitrary commands and need to NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6). CVE-2020-25558 RESERVED CVE-2020-25557 RESERVED CVE-2020-25556 RESERVED CVE-2020-25555 RESERVED CVE-2020-25554 RESERVED CVE-2020-25553 RESERVED CVE-2020-25552 RESERVED CVE-2020-25551 RESERVED CVE-2020-25550 RESERVED CVE-2020-25549 RESERVED CVE-2020-25548 RESERVED CVE-2020-25547 RESERVED CVE-2020-25546 RESERVED CVE-2020-25545 RESERVED CVE-2020-25544 RESERVED CVE-2020-25543 RESERVED CVE-2020-25542 RESERVED CVE-2020-25541 RESERVED CVE-2020-25540 (ThinkAdmin v6 is affected by a directory traversal vulnerability. An u ...) NOT-FOR-US: ThinkAdmin CVE-2020-25539 RESERVED CVE-2020-25538 RESERVED CVE-2020-25537 RESERVED CVE-2020-25536 RESERVED CVE-2020-25535 RESERVED CVE-2020-25534 RESERVED CVE-2020-25533 RESERVED CVE-2020-25532 RESERVED CVE-2020-25531 RESERVED CVE-2020-25530 RESERVED CVE-2020-25529 RESERVED CVE-2020-25528 RESERVED CVE-2020-25527 RESERVED CVE-2020-25526 RESERVED CVE-2020-25525 RESERVED CVE-2020-25524 RESERVED CVE-2020-25523 RESERVED CVE-2020-25522 RESERVED CVE-2020-25521 RESERVED CVE-2020-25520 RESERVED CVE-2020-25519 RESERVED CVE-2020-25518 RESERVED CVE-2020-25517 RESERVED CVE-2020-25516 RESERVED CVE-2020-25515 RESERVED CVE-2020-25514 RESERVED CVE-2020-25513 RESERVED CVE-2020-25512 RESERVED CVE-2020-25511 RESERVED CVE-2020-25510 RESERVED CVE-2020-25509 RESERVED CVE-2020-25508 RESERVED CVE-2020-25507 RESERVED CVE-2020-25506 RESERVED CVE-2020-25505 RESERVED CVE-2020-25504 RESERVED CVE-2020-25503 RESERVED CVE-2020-25502 RESERVED CVE-2020-25501 RESERVED CVE-2020-25500 RESERVED CVE-2020-25499 RESERVED CVE-2020-25498 RESERVED CVE-2020-25497 RESERVED CVE-2020-25496 RESERVED CVE-2020-25495 RESERVED CVE-2020-25494 RESERVED CVE-2020-25493 RESERVED CVE-2020-25492 RESERVED CVE-2020-25491 RESERVED CVE-2020-25490 (Lack of cryptographic signature verification in the Sqreen PHP agent d ...) NOT-FOR-US: Sqreen CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0 ...) NOT-FOR-US: Sqreen CVE-2020-25488 RESERVED CVE-2020-25487 RESERVED CVE-2020-25486 RESERVED CVE-2020-25485 RESERVED CVE-2020-25484 RESERVED CVE-2020-25483 RESERVED CVE-2020-25482 RESERVED CVE-2020-25481 RESERVED CVE-2020-25480 RESERVED CVE-2020-25479 RESERVED CVE-2020-25478 RESERVED CVE-2020-25477 RESERVED CVE-2020-25476 RESERVED CVE-2020-25475 RESERVED CVE-2020-25474 RESERVED CVE-2020-25473 RESERVED CVE-2020-25472 RESERVED CVE-2020-25471 RESERVED CVE-2020-25470 RESERVED CVE-2020-25469 RESERVED CVE-2020-25468 RESERVED CVE-2020-25467 RESERVED CVE-2020-25466 RESERVED CVE-2020-25465 RESERVED CVE-2020-25464 RESERVED CVE-2020-25463 RESERVED CVE-2020-25462 RESERVED CVE-2020-25461 RESERVED CVE-2020-25460 RESERVED CVE-2020-25459 RESERVED CVE-2020-25458 RESERVED CVE-2020-25457 RESERVED CVE-2020-25456 RESERVED CVE-2020-25455 RESERVED CVE-2020-25454 RESERVED CVE-2020-25453 (An issue was discovered in BlackCat CMS v.1.3.6. There is a CSRF vulne ...) NOT-FOR-US: BlackCat CMS CVE-2020-25452 RESERVED CVE-2020-25451 RESERVED CVE-2020-25450 RESERVED CVE-2020-25449 RESERVED CVE-2020-25448 RESERVED CVE-2020-25447 RESERVED CVE-2020-25446 RESERVED CVE-2020-25445 RESERVED CVE-2020-25444 RESERVED CVE-2020-25443 RESERVED CVE-2020-25442 RESERVED CVE-2020-25441 RESERVED CVE-2020-25440 RESERVED CVE-2020-25439 RESERVED CVE-2020-25438 RESERVED CVE-2020-25437 RESERVED CVE-2020-25436 RESERVED CVE-2020-25435 RESERVED CVE-2020-25434 RESERVED CVE-2020-25433 RESERVED CVE-2020-25432 RESERVED CVE-2020-25431 RESERVED CVE-2020-25430 RESERVED CVE-2020-25429 RESERVED CVE-2020-25428 RESERVED CVE-2020-25427 RESERVED CVE-2020-25426 RESERVED CVE-2020-25425 RESERVED CVE-2020-25424 RESERVED CVE-2020-25423 RESERVED CVE-2020-25422 RESERVED CVE-2020-25421 RESERVED CVE-2020-25420 RESERVED CVE-2020-25419 RESERVED CVE-2020-25418 RESERVED CVE-2020-25417 RESERVED CVE-2020-25416 RESERVED CVE-2020-25415 RESERVED CVE-2020-25414 RESERVED CVE-2020-25413 RESERVED CVE-2020-25412 (gnuplot 5.4 is affected by a segmentation fault in com_line () at comm ...) - gnuplot (unimportant) NOTE: https://sourceforge.net/p/gnuplot/bugs/2303/ NOTE: No security impact, gnuplot can execute arbitrary commands and need to NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6). CVE-2020-25411 RESERVED CVE-2020-25410 RESERVED CVE-2020-25409 RESERVED CVE-2020-25408 RESERVED CVE-2020-25407 RESERVED CVE-2020-25406 RESERVED CVE-2020-25405 RESERVED CVE-2020-25404 RESERVED CVE-2020-25403 RESERVED CVE-2020-25402 RESERVED CVE-2020-25401 RESERVED CVE-2020-25400 RESERVED CVE-2020-25399 RESERVED CVE-2020-25398 RESERVED CVE-2020-25397 RESERVED CVE-2020-25396 RESERVED CVE-2020-25395 RESERVED CVE-2020-25394 RESERVED CVE-2020-25393 RESERVED CVE-2020-25392 RESERVED CVE-2020-25391 RESERVED CVE-2020-25390 RESERVED CVE-2020-25389 RESERVED CVE-2020-25388 RESERVED CVE-2020-25387 RESERVED CVE-2020-25386 RESERVED CVE-2020-25385 RESERVED CVE-2020-25384 RESERVED CVE-2020-25383 RESERVED CVE-2020-25382 RESERVED CVE-2020-25381 RESERVED CVE-2020-25380 (Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affe ...) NOT-FOR-US: Wordpress Plugin Store / Mike Rooijackers Recall Products CVE-2020-25379 (Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails t ...) NOT-FOR-US: Wordpress Plugin Store / Mike Rooijackers Recall Products CVE-2020-25378 (Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is ...) NOT-FOR-US: Wordpress Plugin Store / AccessPress Themes WP Floating Menu CVE-2020-25377 RESERVED CVE-2020-25376 RESERVED CVE-2020-25375 (Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affect ...) NOT-FOR-US: Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM CVE-2020-25374 RESERVED CVE-2020-25373 RESERVED CVE-2020-25372 RESERVED CVE-2020-25371 RESERVED CVE-2020-25370 RESERVED CVE-2020-25369 RESERVED CVE-2020-25368 RESERVED CVE-2020-25367 RESERVED CVE-2020-25366 RESERVED CVE-2020-25365 RESERVED CVE-2020-25364 RESERVED CVE-2020-25363 RESERVED CVE-2020-25362 RESERVED CVE-2020-25361 RESERVED CVE-2020-25360 RESERVED CVE-2020-25359 RESERVED CVE-2020-25358 RESERVED CVE-2020-25357 RESERVED CVE-2020-25356 RESERVED CVE-2020-25355 RESERVED CVE-2020-25354 RESERVED CVE-2020-25353 RESERVED CVE-2020-25352 RESERVED CVE-2020-25351 RESERVED CVE-2020-25350 RESERVED CVE-2020-25349 RESERVED CVE-2020-25348 RESERVED CVE-2020-25347 RESERVED CVE-2020-25346 RESERVED CVE-2020-25345 RESERVED CVE-2020-25344 RESERVED CVE-2020-25343 RESERVED CVE-2020-25342 RESERVED CVE-2020-25341 RESERVED CVE-2020-25340 RESERVED CVE-2020-25339 RESERVED CVE-2020-25338 RESERVED CVE-2020-25337 RESERVED CVE-2020-25336 RESERVED CVE-2020-25335 RESERVED CVE-2020-25334 RESERVED CVE-2020-25333 RESERVED CVE-2020-25332 RESERVED CVE-2020-25331 RESERVED CVE-2020-25330 RESERVED CVE-2020-25329 RESERVED CVE-2020-25328 RESERVED CVE-2020-25327 RESERVED CVE-2020-25326 RESERVED CVE-2020-25325 RESERVED CVE-2020-25324 RESERVED CVE-2020-25323 RESERVED CVE-2020-25322 RESERVED CVE-2020-25321 RESERVED CVE-2020-25320 RESERVED CVE-2020-25319 RESERVED CVE-2020-25318 RESERVED CVE-2020-25317 RESERVED CVE-2020-25316 RESERVED CVE-2020-25315 RESERVED CVE-2020-25314 RESERVED CVE-2020-25313 RESERVED CVE-2020-25312 RESERVED CVE-2020-25311 RESERVED CVE-2020-25310 RESERVED CVE-2020-25309 RESERVED CVE-2020-25308 RESERVED CVE-2020-25307 RESERVED CVE-2020-25306 RESERVED CVE-2020-25305 RESERVED CVE-2020-25304 RESERVED CVE-2020-25303 RESERVED CVE-2020-25302 RESERVED CVE-2020-25301 RESERVED CVE-2020-25300 RESERVED CVE-2020-25299 RESERVED CVE-2020-25298 RESERVED CVE-2020-25297 RESERVED CVE-2020-25296 RESERVED CVE-2020-25295 RESERVED CVE-2020-25294 RESERVED CVE-2020-25293 RESERVED CVE-2020-25292 RESERVED CVE-2020-25291 (GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows r ...) NOT-FOR-US: Kingsoft WPS Office CVE-2020-25290 RESERVED CVE-2020-25289 (The VPN service in AVAST SecureLine before 5.6.4982.470 allows local u ...) NOT-FOR-US: VPN service in AVAST SecureLine CVE-2020-25288 RESERVED CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute arbitrary com ...) NOT-FOR-US: Pligg CMS CVE-2020-25285 (A race condition between hugetlb sysctl handlers in mm/hugetlb.c in th ...) - linux 5.8.10-1 NOTE: https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467 CVE-2020-25284 (The rbd block device driver in drivers/block/rbd.c in the Linux kernel ...) - linux 5.8.10-1 NOTE: https://git.kernel.org/linus/f44d04e696feaf13d192d942c4f14ad2e117065a CVE-2020-25283 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-25282 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) NOT-FOR-US: LG mobile devices CVE-2020-25281 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-25280 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25279 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25278 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25277 RESERVED CVE-2020-25276 (An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. Wh ...) NOT-FOR-US: PrimeKey CVE-2020-25275 RESERVED CVE-2020-25274 RESERVED CVE-2020-25273 RESERVED CVE-2020-25272 RESERVED CVE-2020-25271 RESERVED CVE-2020-25270 RESERVED CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...) {DSA-4764-1 DLA-2375-1} - inspircd (bug #960650) NOTE: https://docs.inspircd.org/security/2020-01/ NOTE: https://github.com/inspircd/inspircd/commit/07d7dea334fc56642793aa5ae1e05ae3185c474b (v2) NOTE: https://github.com/inspircd/inspircd/commit/a9e107c646ac6d7310b55d0c2e0b06a9cec0a874 (v2) NOTE: https://github.com/inspircd/inspircd/commit/6f6fa13042f319bcd56ceed112c0a969337e4161 (v2) NOTE: https://github.com/inspircd/inspircd/commit/b3f1db9d162455af4b31edf231ba749140d37219 (v3) NOTE: https://github.com/inspircd/inspircd/commit/fbdd08043e97c2749ce2f03382559bba89abf47a (v3) NOTE: https://github.com/inspircd/inspircd/commit/b24a91181f58c7f7141de8995ff212993bcc333b (v3) CVE-2020-25268 RESERVED CVE-2020-25267 RESERVED CVE-2020-25266 RESERVED CVE-2020-25265 RESERVED CVE-2020-25264 RESERVED CVE-2020-25263 RESERVED CVE-2020-25262 RESERVED CVE-2020-25261 RESERVED CVE-2020-25260 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25259 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25258 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25257 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25256 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25255 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25254 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25253 (An issue was discovered in Hyland OnBase through 18.0.0.32. It allows ...) NOT-FOR-US: Hyland OnBase CVE-2020-25252 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25251 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25250 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25249 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25248 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25247 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25246 RESERVED CVE-2020-25245 RESERVED CVE-2020-25244 RESERVED CVE-2020-25243 RESERVED CVE-2020-25242 RESERVED CVE-2020-25241 RESERVED CVE-2020-25240 RESERVED CVE-2020-25239 RESERVED CVE-2020-25238 RESERVED CVE-2020-25237 RESERVED CVE-2020-25236 RESERVED CVE-2020-25235 RESERVED CVE-2020-25234 RESERVED CVE-2020-25233 RESERVED CVE-2020-25232 RESERVED CVE-2020-25231 RESERVED CVE-2020-25230 RESERVED CVE-2020-25229 RESERVED CVE-2020-25228 RESERVED CVE-2020-25227 RESERVED CVE-2020-25226 RESERVED CVE-2020-25225 RESERVED CVE-2020-25224 RESERVED CVE-2020-25223 RESERVED CVE-2020-25222 RESERVED CVE-2020-25221 (get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5 ...) - linux 5.8.7-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2 CVE-2020-25220 (The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.1 ...) - linux (Vulnerable code not present and no partial CVE-2020-14356 fix backported) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868453 NOTE: https://www.spinics.net/lists/stable/msg405099.html CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a rem ...) {DLA-2372-1} - libproxy [buster] - libproxy (Minor issue) NOTE: https://github.com/libproxy/libproxy/issues/134 CVE-2020-25218 RESERVED CVE-2020-25217 RESERVED CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...) NOT-FOR-US: yWorks yEd Desktop CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...) NOT-FOR-US: yWorks yEd Desktop CVE-2020-25214 RESERVED CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...) NOT-FOR-US: File Manager (wp-file-manager) plugin for WordPress CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...) - linux 5.7.17-1 NOTE: https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21 CVE-2020-25211 (In the Linux kernel through 5.8.7, local attackers able to inject conn ...) - linux NOTE: https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6 CVE-2020-25210 RESERVED CVE-2020-25209 RESERVED CVE-2020-25208 RESERVED CVE-2020-25207 RESERVED CVE-2020-25206 RESERVED CVE-2020-25205 RESERVED CVE-2020-25204 RESERVED CVE-2020-25203 RESERVED CVE-2020-25576 (An issue was discovered in the rand_core crate before 0.4.2 for Rust. ...) - rust-rand-core 0.5.0-1 (bug #969911; low) [buster] - rust-rand-core (Minor issue) - rust-rand-core-0.3 (bug #970186; low) - rust-rand-core-0.2 (bug #970185; low) [buster] - rust-rand-core-0.2 (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0035.html NOTE: https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06 CVE-2020-25574 (An issue was discovered in the http crate before 0.1.20 for Rust. An i ...) - rust-http (bug #969896; low) [buster] - rust-http (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0033.html NOTE: https://github.com/hyperium/http/issues/352 CVE-2020-25575 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure ...) - rust-failure (bug #969839; low) [buster] - rust-failure (Minor issue; unmaintained upstream) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0036.html NOTE: https://github.com/rust-lang-nursery/failure/issues/336 CVE-2020-25202 RESERVED CVE-2020-25201 RESERVED CVE-2020-25200 RESERVED CVE-2020-25199 RESERVED CVE-2020-25198 RESERVED CVE-2020-25197 RESERVED CVE-2020-25196 RESERVED CVE-2020-25195 RESERVED CVE-2020-25194 RESERVED CVE-2020-25193 RESERVED CVE-2020-25192 RESERVED CVE-2020-25191 RESERVED CVE-2020-25190 RESERVED CVE-2020-25189 RESERVED CVE-2020-25188 RESERVED CVE-2020-25187 RESERVED CVE-2020-25186 RESERVED CVE-2020-25185 RESERVED CVE-2020-25184 RESERVED CVE-2020-25183 RESERVED CVE-2020-25182 RESERVED CVE-2020-25181 RESERVED CVE-2020-25180 RESERVED CVE-2020-25179 RESERVED CVE-2020-25178 RESERVED CVE-2020-25177 RESERVED CVE-2020-25176 RESERVED CVE-2020-25175 RESERVED CVE-2020-25174 RESERVED CVE-2020-25173 RESERVED CVE-2020-25172 RESERVED CVE-2020-25171 RESERVED CVE-2020-25170 RESERVED CVE-2020-25169 RESERVED CVE-2020-25168 RESERVED CVE-2020-25167 RESERVED CVE-2020-25166 RESERVED CVE-2020-25165 RESERVED CVE-2020-25164 RESERVED CVE-2020-25163 RESERVED CVE-2020-25162 RESERVED CVE-2020-25161 RESERVED CVE-2020-25160 RESERVED CVE-2020-25159 RESERVED CVE-2020-25158 RESERVED CVE-2020-25157 RESERVED CVE-2020-25156 RESERVED CVE-2020-25155 RESERVED CVE-2020-25154 RESERVED CVE-2020-25153 RESERVED CVE-2020-25152 RESERVED CVE-2020-25151 RESERVED CVE-2020-25150 RESERVED CVE-2020-25149 RESERVED CVE-2020-25148 RESERVED CVE-2020-25147 RESERVED CVE-2020-25146 RESERVED CVE-2020-25145 RESERVED CVE-2020-25144 RESERVED CVE-2020-25143 RESERVED CVE-2020-25142 RESERVED CVE-2020-25141 RESERVED CVE-2020-25140 RESERVED CVE-2020-25139 RESERVED CVE-2020-25138 RESERVED CVE-2020-25137 RESERVED CVE-2020-25136 RESERVED CVE-2020-25135 RESERVED CVE-2020-25134 RESERVED CVE-2020-25133 RESERVED CVE-2020-25132 RESERVED CVE-2020-25131 RESERVED CVE-2020-25130 RESERVED CVE-2020-25129 RESERVED CVE-2020-25128 RESERVED CVE-2020-25127 RESERVED CVE-2020-25126 RESERVED CVE-2020-25124 (The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.p ...) NOT-FOR-US: vBulletin CVE-2020-25123 (The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smili ...) NOT-FOR-US: vBulletin CVE-2020-25122 (The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Ran ...) NOT-FOR-US: vBulletin CVE-2020-25121 (The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription E ...) NOT-FOR-US: vBulletin CVE-2020-25120 (The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php? ...) NOT-FOR-US: vBulletin CVE-2020-25119 (The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help ...) NOT-FOR-US: vBulletin CVE-2020-25118 (The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Setting ...) NOT-FOR-US: vBulletin CVE-2020-25117 (The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title t ...) NOT-FOR-US: vBulletin CVE-2020-25116 (The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title t ...) NOT-FOR-US: vBulletin CVE-2020-25115 (The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or ...) NOT-FOR-US: vBulletin CVE-2020-25114 RESERVED CVE-2020-25113 RESERVED CVE-2020-25112 RESERVED CVE-2020-25111 RESERVED CVE-2020-25110 RESERVED CVE-2020-25109 RESERVED CVE-2020-25108 RESERVED CVE-2020-25107 RESERVED CVE-2020-25106 RESERVED CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recove ...) NOT-FOR-US: eramba CVE-2020-25104 (eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted f ...) NOT-FOR-US: eramba CVE-2020-25103 RESERVED CVE-2020-25102 (silverstripe-advancedreports (aka the Advanced Reports module for Silv ...) NOT-FOR-US: silverstripe-advancedreports CVE-2020-25101 RESERVED CVE-2020-25125 (GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, le ...) - gnupg2 (Only affects versions 2.2.21 and 2.2.22) NOTE: https://dev.gnupg.org/T5050 NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html CVE-2020-25100 RESERVED CVE-2020-25099 RESERVED CVE-2020-25098 RESERVED CVE-2020-25097 RESERVED CVE-2020-25096 RESERVED CVE-2020-25095 RESERVED CVE-2020-25094 RESERVED CVE-2020-25093 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.p ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25092 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25091 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25090 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25089 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25088 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25085 [sdhci: out-of-bounds access issue while doing multi block SDMA] RESERVED - qemu (bug #970540) [buster] - qemu (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6 CVE-2020-25084 [usb: use-after-free issue while setting up packet] RESERVED - qemu (bug #970539) [buster] - qemu (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/5 NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fxhci_uaf_2 CVE-2020-25083 RESERVED CVE-2020-25082 RESERVED CVE-2020-25081 RESERVED CVE-2020-25080 RESERVED CVE-2020-25079 (An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and ...) NOT-FOR-US: D-Link CVE-2020-25078 (An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and ...) NOT-FOR-US: D-Link CVE-2020-25077 RESERVED CVE-2020-25076 RESERVED CVE-2020-25075 RESERVED CVE-2020-25074 RESERVED CVE-2020-25072 RESERVED CVE-2020-25071 (Nifty Project Management Web Application 2020-08-26 allows XSS, via Ad ...) NOT-FOR-US: Nifty Project Management Web Application CVE-2020-25070 (USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the ...) NOT-FOR-US: User-friendly SVN CVE-2020-25069 (USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute ...) NOT-FOR-US: User-friendly SVN CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain sensitive i ...) - plinth [buster] - plinth (Minor issue) [stretch] - plinth (Minor issue) NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935 NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/822c322d20d12f81c6cfca47b66f900542a5aac2 CVE-2020-25068 (** DISPUTED ** Setelsa Conacwin v3.7.1.2 is vulnerable to a local file ...) NOT-FOR-US: Setelsa Conacwin CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command injecti ...) NOT-FOR-US: Netgear CVE-2020-25066 RESERVED CVE-2020-25065 (An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-25064 (An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-25063 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-25062 (An issue was discovered on LG mobile devices with Android OS 9 and 10 ...) NOT-FOR-US: LG mobile devices CVE-2020-25061 (An issue was discovered on LG mobile devices with Android OS 9 and 10 ...) NOT-FOR-US: LG mobile devices CVE-2020-25060 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-25059 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-25058 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-25057 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) NOT-FOR-US: LG mobile devices CVE-2020-25056 (An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25055 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25054 (An issue was discovered on Samsung mobile devices with software throug ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25053 (An issue was discovered on Samsung mobile devices with Q(10.0) (exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25052 (An issue was discovered on Samsung mobile devices with Q(10.0) (exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25051 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25050 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25049 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25048 (An issue was discovered on Samsung mobile devices with Q(10.0) (with O ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25047 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25046 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25045 (Installers of Kaspersky Security Center and Kaspersky Security Center ...) NOT-FOR-US: Kaspersky CVE-2020-25044 (Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable ...) NOT-FOR-US: Kaspersky CVE-2020-25043 (The installer of Kaspersky VPN Secure Connection prior to 5.0 was vuln ...) NOT-FOR-US: Kaspersky CVE-2020-25042 (An arbitrary file upload issue exists in Mara CMS 7.5. In order to exp ...) NOT-FOR-US: Mara CMS CVE-2020-25041 RESERVED CVE-2020-25040 (Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary ...) - singularity-container (bug #970465) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762 CVE-2020-25039 (Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on tem ...) - singularity-container (bug #970465) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7 CVE-2020-25038 RESERVED CVE-2020-25037 RESERVED CVE-2020-25036 RESERVED CVE-2020-25035 RESERVED CVE-2020-25034 RESERVED CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for ...) NOT-FOR-US: Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin for WordPress CVE-2020-25032 (An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) ...) - python-flask-cors (bug #969362) NOTE: https://github.com/corydolphin/flask-cors/commit/67c4b2cc98ae87cf1fa7df4f97fd81b40c79b895 CVE-2020-25031 (checkinstall 1.6.2, when used to create a package that contains a syml ...) - checkinstall (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/checkinstall/+bug/1861281 NOTE: Does not cross any reasonable trust boundary, the packages to be installed need to be NOTE: trusted to begin with, a rogue package can cause more harm than a 777 binary CVE-2020-25030 RESERVED CVE-2020-25029 RESERVED CVE-2020-25028 RESERVED CVE-2020-25027 RESERVED CVE-2020-25026 (The sf_event_mgt (aka Event management and registration) extension bef ...) NOT-FOR-US: Typo extension CVE-2020-25025 (The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x bef ...) NOT-FOR-US: Typo extension CVE-2020-25024 RESERVED CVE-2020-25023 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrC ...) NOT-FOR-US: Noise-Java CVE-2020-25022 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallba ...) NOT-FOR-US: Noise-Java CVE-2020-25021 (An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCi ...) NOT-FOR-US: Noise-Java CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectRe ...) NOT-FOR-US: MPXJ CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...) NOT-FOR-US: jitsi-meet-electron CVE-2020-25018 RESERVED CVE-2020-25017 RESERVED CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...) NOT-FOR-US: Genexis Platinum 4410 V2-1.28 CVE-2020-25014 RESERVED CVE-2020-25013 RESERVED CVE-2020-25012 RESERVED CVE-2020-25011 RESERVED CVE-2020-25010 RESERVED CVE-2020-25009 RESERVED CVE-2020-25008 RESERVED CVE-2020-25007 RESERVED CVE-2020-25006 (Heybbs v1.2 has a SQL injection vulnerability in login.php file via th ...) NOT-FOR-US: Heybbs CVE-2020-25005 (Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ...) NOT-FOR-US: Heybbs CVE-2020-25004 (Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ...) NOT-FOR-US: Heybbs CVE-2020-25003 RESERVED CVE-2020-25002 RESERVED CVE-2020-25001 RESERVED CVE-2020-25000 RESERVED CVE-2020-24999 (There is an invalid memory access in the function fprintf located in E ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029 CVE-2020-24998 RESERVED CVE-2020-24997 RESERVED CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028 CVE-2020-24995 RESERVED CVE-2020-24994 RESERVED CVE-2020-24993 RESERVED CVE-2020-24992 RESERVED CVE-2020-24991 RESERVED CVE-2020-24990 RESERVED CVE-2020-24989 RESERVED CVE-2020-24988 RESERVED CVE-2020-24987 (Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(631 ...) NOT-FOR-US: Tenda AC18 Router CVE-2020-24986 (Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File ...) NOT-FOR-US: Concrete5 CVE-2020-24985 RESERVED CVE-2020-24984 RESERVED CVE-2020-24983 RESERVED CVE-2020-24982 RESERVED CVE-2020-24981 (An Incorrect Access Control vulnerability exists in /ucms/chk.php in U ...) NOT-FOR-US: UCMS CVE-2020-24980 REJECTED CVE-2020-24979 REJECTED CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...) - nasm [buster] - nasm (Minor issue) [stretch] - nasm (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712 NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7 CVE-2020-24977 (GNOME project libxml2 v2.9.10 and earlier have a global buffer over-re ...) {DLA-2369-1} - libxml2 (bug #969529) [buster] - libxml2 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 NOTE: The issue is specific and restricted to xmllint: NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178#note_892545 NOTE: and present before the 0b19f236a263 ("Fixed ICU to set flush correctly and NOTE: provide pivot buffer.") commit itself. CVE-2020-24976 RESERVED CVE-2020-24975 RESERVED CVE-2020-24974 RESERVED CVE-2020-24973 RESERVED CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG ...) - kleopatra [buster] - kleopatra (Minor issue) NOTE: https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b NOTE: https://security.gentoo.org/glsa/202008-21 CVE-2020-24971 RESERVED CVE-2020-24970 RESERVED CVE-2020-24969 RESERVED CVE-2020-24968 RESERVED CVE-2020-24967 RESERVED CVE-2020-24966 RESERVED CVE-2020-24965 RESERVED CVE-2020-24964 RESERVED CVE-2020-24963 (An Authenticated Persistent XSS vulnerability was discovered in the Be ...) NOT-FOR-US: Best Support System CVE-2020-24962 RESERVED CVE-2020-24961 RESERVED CVE-2020-24960 RESERVED CVE-2020-24959 RESERVED CVE-2020-24958 RESERVED CVE-2020-24957 RESERVED CVE-2020-24956 RESERVED CVE-2020-24955 (SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local ...) NOT-FOR-US: SUPERAntiSyware Professional CVE-2020-24954 RESERVED CVE-2020-24953 RESERVED CVE-2020-24952 RESERVED CVE-2020-24951 RESERVED CVE-2020-24950 RESERVED CVE-2020-24949 (Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php all ...) NOT-FOR-US: PHP-Fusion CVE-2020-24948 (The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 doe ...) NOT-FOR-US: Autoptimize Wordpress Plugin CVE-2020-24947 RESERVED CVE-2020-24946 RESERVED CVE-2020-24945 RESERVED CVE-2020-24944 RESERVED CVE-2020-24943 RESERVED CVE-2020-24942 RESERVED CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24. ...) NOT-FOR-US: Laravel CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...) NOT-FOR-US: Laravel CVE-2020-24939 RESERVED CVE-2020-24938 RESERVED CVE-2020-24937 RESERVED CVE-2020-24936 RESERVED CVE-2020-24935 RESERVED CVE-2020-24934 RESERVED CVE-2020-24933 RESERVED CVE-2020-24932 RESERVED CVE-2020-24931 RESERVED CVE-2020-24930 RESERVED CVE-2020-24929 RESERVED CVE-2020-24928 (managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted ...) NOT-FOR-US: PreMiD CVE-2020-24927 RESERVED CVE-2020-24926 RESERVED CVE-2020-24925 (A Sensitive Source Code Path Disclosure vulnerability is found in Elka ...) - elkarbackup (bug #865046) CVE-2020-24924 (A Persistent Cross-site Scripting vulnerability is found in ElkarBacku ...) - elkarbackup (bug #865046) CVE-2020-24923 RESERVED CVE-2020-24922 RESERVED CVE-2020-24921 RESERVED CVE-2020-24920 RESERVED CVE-2020-24919 RESERVED CVE-2020-24918 RESERVED CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxA ...) NOT-FOR-US: osTicket CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulner ...) - yaws 2.0.8+dfsg-1 NOTE: https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1 NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection CVE-2020-24915 RESERVED CVE-2020-24914 RESERVED CVE-2020-24913 RESERVED CVE-2020-24912 RESERVED CVE-2020-24911 RESERVED CVE-2020-24910 RESERVED CVE-2020-24909 RESERVED CVE-2020-24908 RESERVED CVE-2020-24907 RESERVED CVE-2020-24906 RESERVED CVE-2020-24905 RESERVED CVE-2020-24904 RESERVED CVE-2020-24903 RESERVED CVE-2020-24902 RESERVED CVE-2020-24901 RESERVED CVE-2020-24900 RESERVED CVE-2020-24899 RESERVED CVE-2020-24898 (The Table Filter and Charts for Confluence Server app before 5.3.26 (f ...) NOT-FOR-US: Confluence Server app for Atlassian Confluence CVE-2020-24897 (The Table Filter and Charts for Confluence Server app before 5.3.25 (f ...) NOT-FOR-US: Confluence Server app for Atlassian Confluence CVE-2020-24896 RESERVED CVE-2020-24895 RESERVED CVE-2020-24894 RESERVED CVE-2020-24893 RESERVED CVE-2020-24892 RESERVED CVE-2020-24891 REJECTED CVE-2020-24890 (libraw 20.0 has a null pointer dereference vulnerability in parse_tiff ...) - libraw [buster] - libraw (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/issues/335 CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::Ge ...) - libraw [buster] - libraw (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/issues/334 NOTE: https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee CVE-2020-24888 RESERVED CVE-2020-24887 RESERVED CVE-2020-24886 RESERVED CVE-2020-24885 RESERVED CVE-2020-24884 RESERVED CVE-2020-24883 RESERVED CVE-2020-24882 RESERVED CVE-2020-24881 RESERVED CVE-2020-24880 RESERVED CVE-2020-24879 RESERVED CVE-2020-24878 RESERVED CVE-2020-24877 RESERVED CVE-2020-24876 (Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 ...) NOT-FOR-US: Pancake CVE-2020-24875 RESERVED CVE-2020-24874 RESERVED CVE-2020-24873 RESERVED CVE-2020-24872 RESERVED CVE-2020-24871 RESERVED CVE-2020-24870 RESERVED CVE-2020-24869 RESERVED CVE-2020-24868 RESERVED CVE-2020-24867 RESERVED CVE-2020-24866 RESERVED CVE-2020-24865 RESERVED CVE-2020-24864 RESERVED CVE-2020-24863 (A memory corruption vulnerability was found in the kernel function ker ...) NOT-FOR-US: FreeBSD and MidnightBSD CVE-2020-24862 RESERVED CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20 for R ...) - rust-rgb (bug #969213) [buster] - rust-rgb (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0029.html NOTE: https://github.com/kornelski/rust-rgb/issues/35 CVE-2020-24861 RESERVED CVE-2020-24860 RESERVED CVE-2020-24859 RESERVED CVE-2020-24858 RESERVED CVE-2020-24857 RESERVED CVE-2020-24856 RESERVED CVE-2020-24855 RESERVED CVE-2020-24854 RESERVED CVE-2020-24853 RESERVED CVE-2020-24852 RESERVED CVE-2020-24851 RESERVED CVE-2020-24850 RESERVED CVE-2020-24849 RESERVED CVE-2020-24848 RESERVED CVE-2020-24847 RESERVED CVE-2020-24846 RESERVED CVE-2020-24845 RESERVED CVE-2020-24844 RESERVED CVE-2020-24843 RESERVED CVE-2020-24842 RESERVED CVE-2020-24841 RESERVED CVE-2020-24840 RESERVED CVE-2020-24839 RESERVED CVE-2020-24838 RESERVED CVE-2020-24837 RESERVED CVE-2020-24836 RESERVED CVE-2020-24835 RESERVED CVE-2020-24834 RESERVED CVE-2020-24833 RESERVED CVE-2020-24832 RESERVED CVE-2020-24831 RESERVED CVE-2020-24830 RESERVED CVE-2020-24829 RESERVED CVE-2020-24828 RESERVED CVE-2020-24827 RESERVED CVE-2020-24826 RESERVED CVE-2020-24825 RESERVED CVE-2020-24824 RESERVED CVE-2020-24823 RESERVED CVE-2020-24822 RESERVED CVE-2020-24821 RESERVED CVE-2020-24820 RESERVED CVE-2020-24819 RESERVED CVE-2020-24818 RESERVED CVE-2020-24817 RESERVED CVE-2020-24816 RESERVED CVE-2020-24815 RESERVED CVE-2020-24814 RESERVED CVE-2020-24813 RESERVED CVE-2020-24812 RESERVED CVE-2020-24811 RESERVED CVE-2020-24810 RESERVED CVE-2020-24809 RESERVED CVE-2020-24808 RESERVED CVE-2020-24807 RESERVED CVE-2020-24806 RESERVED CVE-2020-24805 RESERVED CVE-2020-24804 RESERVED CVE-2020-24803 RESERVED CVE-2020-24802 RESERVED CVE-2020-24801 RESERVED CVE-2020-24800 RESERVED CVE-2020-24799 RESERVED CVE-2020-24798 RESERVED CVE-2020-24797 RESERVED CVE-2020-24796 RESERVED CVE-2020-24795 RESERVED CVE-2020-24794 (Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. ...) NOT-FOR-US: Kentico CVE-2020-24793 RESERVED CVE-2020-24792 RESERVED CVE-2020-24791 RESERVED CVE-2020-24790 RESERVED CVE-2020-24789 RESERVED CVE-2020-24788 RESERVED CVE-2020-24787 RESERVED CVE-2020-24786 (An issue was discovered in Zoho ManageEngine Exchange Reporter Plus be ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-24785 RESERVED CVE-2020-24784 RESERVED CVE-2020-24783 RESERVED CVE-2020-24782 RESERVED CVE-2020-24781 RESERVED CVE-2020-24780 RESERVED CVE-2020-24779 RESERVED CVE-2020-24778 RESERVED CVE-2020-24777 RESERVED CVE-2020-24776 RESERVED CVE-2020-24775 RESERVED CVE-2020-24774 RESERVED CVE-2020-24773 RESERVED CVE-2020-24772 RESERVED CVE-2020-24771 RESERVED CVE-2020-24770 RESERVED CVE-2020-24769 RESERVED CVE-2020-24768 RESERVED CVE-2020-24767 RESERVED CVE-2020-24766 RESERVED CVE-2020-24765 RESERVED CVE-2020-24764 RESERVED CVE-2020-24763 RESERVED CVE-2020-24762 RESERVED CVE-2020-24761 RESERVED CVE-2020-24760 RESERVED CVE-2020-24759 RESERVED CVE-2020-24758 RESERVED CVE-2020-24757 RESERVED CVE-2020-24756 RESERVED CVE-2020-24755 RESERVED CVE-2020-24754 RESERVED CVE-2020-24753 (A memory corruption vulnerability in Objective Open CBOR Run-time (ooc ...) NOT-FOR-US: Objective Open CBOR Run-time CVE-2020-24752 RESERVED CVE-2020-24751 RESERVED CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...) - jackson-databind [buster] - jackson-databind (Minor issue) NOTE: https://github.com/FasterXML/jackson-databind/issues/2798 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-24749 RESERVED CVE-2020-24748 RESERVED CVE-2020-24747 RESERVED CVE-2020-24746 RESERVED CVE-2020-24745 RESERVED CVE-2020-24744 RESERVED CVE-2020-24743 RESERVED CVE-2020-24742 RESERVED CVE-2020-24741 RESERVED CVE-2020-24740 RESERVED CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...) NOT-FOR-US: idreamsoft iCMS CVE-2020-24738 RESERVED CVE-2020-24737 RESERVED CVE-2020-24736 RESERVED CVE-2020-24735 RESERVED CVE-2020-24734 RESERVED CVE-2020-24733 RESERVED CVE-2020-24732 RESERVED CVE-2020-24731 RESERVED CVE-2020-24730 RESERVED CVE-2020-24729 RESERVED CVE-2020-24728 RESERVED CVE-2020-24727 RESERVED CVE-2020-24726 RESERVED CVE-2020-24725 RESERVED CVE-2020-24724 RESERVED CVE-2020-24723 RESERVED CVE-2020-24722 RESERVED CVE-2020-24721 RESERVED CVE-2020-24720 RESERVED CVE-2020-24719 RESERVED CVE-2020-24718 RESERVED CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...) NOT-FOR-US: OpenZFS CVE-2020-24716 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permiss ...) NOT-FOR-US: OpenZFS CVE-2020-24715 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation ...) NOT-FOR-US: Scalyr CVE-2020-24714 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation ...) NOT-FOR-US: Scalyr CVE-2020-24713 RESERVED CVE-2020-24712 RESERVED CVE-2020-24711 RESERVED CVE-2020-24710 RESERVED CVE-2020-24709 RESERVED CVE-2020-24708 RESERVED CVE-2020-24707 RESERVED CVE-2020-24706 (An issue was discovered in certain WSO2 products. The Try It tool allo ...) NOT-FOR-US: WSO2 CVE-2020-24705 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...) NOT-FOR-US: WSO2 CVE-2020-24704 (An issue was discovered in certain WSO2 products. The Try It tool allo ...) NOT-FOR-US: WSO2 CVE-2020-24703 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...) NOT-FOR-US: WSO2 CVE-2020-24702 RESERVED CVE-2020-24701 RESERVED CVE-2020-24700 RESERVED CVE-2020-24699 (The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress al ...) NOT-FOR-US: Chamber Dashboard Business Directory plugin for WordPress CVE-2020-24698 RESERVED CVE-2020-24697 RESERVED CVE-2020-24696 RESERVED CVE-2020-24695 RESERVED CVE-2020-24694 RESERVED CVE-2020-24693 RESERVED CVE-2020-24692 RESERVED CVE-2020-24691 RESERVED CVE-2020-24690 RESERVED CVE-2020-24689 RESERVED CVE-2020-24688 RESERVED CVE-2020-24687 RESERVED CVE-2020-24686 RESERVED CVE-2020-24685 RESERVED CVE-2020-24684 RESERVED CVE-2020-24683 RESERVED CVE-2020-24682 RESERVED CVE-2020-24681 RESERVED CVE-2020-24680 RESERVED CVE-2020-24679 RESERVED CVE-2020-24678 RESERVED CVE-2020-24677 RESERVED CVE-2020-24676 RESERVED CVE-2020-24675 RESERVED CVE-2020-24674 RESERVED CVE-2020-24673 RESERVED CVE-2020-24672 RESERVED CVE-2020-24671 RESERVED CVE-2020-24670 RESERVED CVE-2020-24669 RESERVED CVE-2020-24668 RESERVED CVE-2020-24667 RESERVED CVE-2020-24666 RESERVED CVE-2020-24665 RESERVED CVE-2020-24664 RESERVED CVE-2020-24663 RESERVED CVE-2020-24662 RESERVED CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate verificati ...) - geary 3.38.0.1-1 [buster] - geary (Minor issue) [stretch] - geary (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/geary/-/issues/866 NOTE: https://gitlab.gnome.org/GNOME/geary/commit/0d957559bbb4be81870c9fafba1c74f0926f59a3 CVE-2020-24660 (An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is ...) {DSA-4762-1 DLA-2367-1} - lemonldap-ng 2.0.9+ds-1 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290 CVE-2020-24659 (An issue was discovered in GnuTLS before 3.6.15. A server can trigger ...) - gnutls28 3.6.15-1 (bug #969547) [buster] - gnutls28 (Minor issue) NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1071 NOTE: https://gitlab.com/gnutls/gnutls/-/commit/29ee67c205855e848a0a26e6d0e4f65b6b943e0a CVE-2020-24658 RESERVED CVE-2020-24657 RESERVED CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...) NOT-FOR-US: Maltego CVE-2020-24655 (A race condition in the Twilio Authy 2-Factor Authentication applicati ...) NOT-FOR-US: Twilio Authy 2-Factor Authentication app CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can ins ...) {DSA-4759-1} - ark 4:20.08.1-1 (bug #969437) NOTE: https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd NOTE: https://kde.org/info/security/advisory-20200827-1.txt CVE-2020-24653 (secure-store in Expo through 2.16.1 on iOS provides the insecure kSecA ...) NOT-FOR-US: secure-store in Expo on iOS CVE-2020-24652 RESERVED CVE-2020-24651 RESERVED CVE-2020-24650 RESERVED CVE-2020-24649 RESERVED CVE-2020-24648 RESERVED CVE-2020-24647 RESERVED CVE-2020-24646 RESERVED CVE-2020-24645 RESERVED CVE-2020-24644 RESERVED CVE-2020-24643 RESERVED CVE-2020-24642 RESERVED CVE-2020-24641 RESERVED CVE-2020-24640 RESERVED CVE-2020-24639 RESERVED CVE-2020-24638 RESERVED CVE-2020-24637 RESERVED CVE-2020-24636 RESERVED CVE-2020-24635 RESERVED CVE-2020-24634 RESERVED CVE-2020-24633 RESERVED CVE-2020-24632 RESERVED CVE-2020-24631 RESERVED CVE-2020-24630 RESERVED CVE-2020-24629 RESERVED CVE-2020-24628 RESERVED CVE-2020-24627 RESERVED CVE-2020-24626 RESERVED CVE-2020-24625 RESERVED CVE-2020-24624 RESERVED CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...) NOT-FOR-US: Hewlett Packard Enterprise Universal API Framework CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...) NOT-FOR-US: Sonatype CVE-2020-24621 RESERVED CVE-2020-24620 RESERVED CVE-2020-24619 RESERVED CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020. ...) NOT-FOR-US: JetBrains CVE-2020-24617 RESERVED CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...) - jackson-databind [buster] - jackson-databind (Minor issue) [stretch] - jackson-databind (Minor issue) NOTE: https://github.com/FasterXML/jackson-databind/issues/2814 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-24615 RESERVED CVE-2020-24613 (wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_C ...) - wolfssl 4.5.0+dfsg-1 (bug #969663) NOTE: https://research.nccgroup.com/2020/08/24/technical-advisory-wolfssl-tls-1-3-client-man-in-the-middle-attack/ CVE-2020-24612 (An issue was discovered in the selinux-policy (aka Reference Policy) p ...) - refpolicy (Debian package doesn't ship pam-u2f config) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860888 NOTE: https://github.com/fedora-selinux/selinux-policy/commit/71e1989028802c7875d3436fd3966c587fa383fb CVE-2020-24611 RESERVED CVE-2020-24610 RESERVED CVE-2020-24609 (TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5 has XSS which can r ...) NOT-FOR-US: Savsoft Quiz 5 CVE-2020-24608 RESERVED CVE-2020-24607 RESERVED CVE-2020-24605 RESERVED CVE-2020-24604 (A Reflected XSS vulnerability was discovered in Ignite Realtime Openfi ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-24603 RESERVED CVE-2020-24602 (Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vu ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-24601 (In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability al ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-24600 RESERVED CVE-2020-24599 (An issue was discovered in Joomla! before 3.9.21. Lack of escaping in ...) NOT-FOR-US: Joomla! CVE-2020-24598 (An issue was discovered in Joomla! before 3.9.21. Lack of input valida ...) NOT-FOR-US: Joomla! CVE-2020-24597 RESERVED CVE-2020-24596 RESERVED CVE-2020-24595 RESERVED CVE-2020-24594 RESERVED CVE-2020-24593 RESERVED CVE-2020-24592 RESERVED CVE-2020-24591 (The Management Console in certain WSO2 products allows XXE attacks dur ...) NOT-FOR-US: WSO2 CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...) NOT-FOR-US: WSO2 CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...) NOT-FOR-US: WSO2 CVE-2020-24588 RESERVED CVE-2020-24587 RESERVED CVE-2020-24586 RESERVED CVE-2020-24585 (An issue was discovered in the DTLS handshake implementation in wolfSS ...) - wolfssl 4.5.0+dfsg-1 (bug #969663) NOTE: https://github.com/wolfSSL/wolfssl/pull/3219 NOTE: https://github.com/wolfSSL/wolfssl/commit/3be7f3ea3a56d178acf0f7f84ee4ae8cbfee8915 (v4.5.0-stable) CVE-2020-24584 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...) - python-django 2:2.2.16-1 (bug #969367) [stretch] - python-django (Requires Python 3.7+) NOTE: https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71 (master) NOTE: https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b (3.1.1) NOTE: https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554 (3.0.10) NOTE: https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f (2.2.16) CVE-2020-24583 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...) - python-django 2:2.2.16-1 (bug #969367) [stretch] - python-django (Requires Python 3.7+) NOTE: https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9 (master) NOTE: https://github.com/django/django/commit/934430d22aa5d90c2ba33495ff69a6a1d997d584 (3.1.1) NOTE: https://github.com/django/django/commit/08892bffd275c79ee1f8f67639eb170aaaf1181e (3.0.10) NOTE: https://github.com/django/django/commit/375657a71c889c588f723469bd868bd1d40c369f (2.2.16) CVE-2020-24582 (Zulip Desktop before 5.4.3 allows XSS because string escaping is misha ...) NOT-FOR-US: Zulip Desktop CVE-2020-24581 RESERVED CVE-2020-24580 RESERVED CVE-2020-24579 RESERVED CVE-2020-24578 RESERVED CVE-2020-24577 RESERVED CVE-2020-24576 RESERVED CVE-2020-24575 RESERVED CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.20 ...) NOT-FOR-US: GOG Galaxy client CVE-2020-24573 RESERVED CVE-2020-24572 (An issue was discovered in includes/webconsole.php in RaspAP 2.5. With ...) NOT-FOR-US: RaspAP CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via ../ dir ...) NOT-FOR-US: NexusDB CVE-2020-24570 RESERVED CVE-2020-24569 RESERVED CVE-2020-24568 RESERVED CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08- ...) NOT-FOR-US: voidtools CVE-2020-24566 (In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4. ...) NOT-FOR-US: Octopus Deploy CVE-2020-24565 RESERVED CVE-2020-24564 RESERVED CVE-2020-24563 RESERVED CVE-2020-24562 RESERVED CVE-2020-24561 (A command injection vulnerability in Trend Micro ServerProtect for Lin ...) NOT-FOR-US: Trend Micro CVE-2020-24560 RESERVED CVE-2020-24559 (A vulnerability in Trend Micro Apex One on macOS may allow an attacker ...) NOT-FOR-US: Trend Micro CVE-2020-24558 (A vulnerability in an Trend Micro Apex One dll may allow an attacker t ...) NOT-FOR-US: Trend Micro CVE-2020-24557 (A vulnerability in Trend Micro Apex One on Microsoft Windows may allow ...) NOT-FOR-US: Trend Micro CVE-2020-24556 (A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Micro ...) NOT-FOR-US: Trend Micro CVE-2020-24614 (Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 a ...) - fossil 1:2.12.1-1 [buster] - fossil (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/08/20/1 NOTE: https://fossil-scm.org/forum/info/a05ae3ce7760daf6 NOTE: https://fossil-scm.org/fossil/vdiff?branch=sec2020-2.12-patch&diff=1&w CVE-2020-24555 RESERVED CVE-2020-24554 (The redirect module in Liferay Portal before 7.3.3 does not limit the ...) NOT-FOR-US: Liferay CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html ...) - golang-1.15 1.15.2-1 (bug #969661) - golang-1.14 (bug #969662) - golang-1.11 [buster] - golang-1.11 (Minor issue) - golang-1.8 - golang-1.7 NOTE: https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs NOTE: https://github.com/golang/go/issues/40928 NOTE: https://github.com/golang/go/issues/41164 (1.14 backport) NOTE: https://github.com/golang/go/issues/41165 (1.15 backport) NOTE: https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting CVE-2020-24552 (Atop Technology industrial 3G/4G gateway contains Command Injection vu ...) NOT-FOR-US: Atop Technology industrial 3G/4G gateway CVE-2020-24551 RESERVED CVE-2020-24550 RESERVED CVE-2020-24549 RESERVED CVE-2020-24548 (Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSR ...) NOT-FOR-US: Ericom CVE-2020-24547 RESERVED CVE-2020-24546 RESERVED CVE-2020-24545 RESERVED CVE-2020-24544 RESERVED CVE-2020-24543 RESERVED CVE-2020-24542 RESERVED CVE-2020-24541 RESERVED CVE-2020-24540 RESERVED CVE-2020-24539 RESERVED CVE-2020-24538 RESERVED CVE-2020-24537 RESERVED CVE-2020-24536 RESERVED CVE-2020-24535 RESERVED CVE-2020-24534 RESERVED CVE-2020-24533 RESERVED CVE-2020-24532 RESERVED CVE-2020-24531 RESERVED CVE-2020-24530 RESERVED CVE-2020-24529 RESERVED CVE-2020-24528 RESERVED CVE-2020-24527 RESERVED CVE-2020-24526 RESERVED CVE-2020-24525 RESERVED CVE-2020-24524 RESERVED CVE-2020-24523 RESERVED CVE-2020-24522 RESERVED CVE-2020-24521 RESERVED CVE-2020-24520 RESERVED CVE-2020-24519 RESERVED CVE-2020-24518 RESERVED CVE-2020-24517 RESERVED CVE-2020-24516 RESERVED CVE-2020-24515 RESERVED CVE-2020-24514 RESERVED CVE-2020-24513 RESERVED CVE-2020-24512 RESERVED CVE-2020-24511 RESERVED CVE-2020-24510 RESERVED CVE-2020-24509 RESERVED CVE-2020-24508 RESERVED CVE-2020-24507 RESERVED CVE-2020-24506 RESERVED CVE-2020-24505 RESERVED CVE-2020-24504 RESERVED CVE-2020-24503 RESERVED CVE-2020-24502 RESERVED CVE-2020-24501 RESERVED CVE-2020-24500 RESERVED CVE-2020-24499 RESERVED CVE-2020-24498 RESERVED CVE-2020-24497 RESERVED CVE-2020-24496 RESERVED CVE-2020-24495 RESERVED CVE-2020-24494 RESERVED CVE-2020-24493 RESERVED CVE-2020-24492 RESERVED CVE-2020-24491 RESERVED CVE-2020-24490 RESERVED CVE-2020-24489 RESERVED CVE-2020-24488 RESERVED CVE-2020-24487 RESERVED CVE-2020-24486 RESERVED CVE-2020-24485 RESERVED CVE-2020-24484 RESERVED CVE-2020-24483 RESERVED CVE-2020-24482 RESERVED CVE-2020-24481 RESERVED CVE-2020-24480 RESERVED CVE-2020-24479 RESERVED CVE-2020-24478 RESERVED CVE-2020-24477 RESERVED CVE-2020-24476 RESERVED CVE-2020-24475 RESERVED CVE-2020-24474 RESERVED CVE-2020-24473 RESERVED CVE-2020-24472 RESERVED CVE-2020-24471 RESERVED CVE-2020-24470 RESERVED CVE-2020-24469 RESERVED CVE-2020-24468 RESERVED CVE-2020-24467 RESERVED CVE-2020-24466 RESERVED CVE-2020-24465 RESERVED CVE-2020-24464 RESERVED CVE-2020-24463 RESERVED CVE-2020-24462 RESERVED CVE-2020-24461 RESERVED CVE-2020-24460 RESERVED CVE-2020-24459 RESERVED CVE-2020-24458 RESERVED CVE-2020-24457 (Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) ...) NOT-FOR-US: Intel CVE-2020-24456 RESERVED CVE-2020-24455 RESERVED CVE-2020-24454 RESERVED CVE-2020-24453 RESERVED CVE-2020-24452 RESERVED CVE-2020-24451 RESERVED CVE-2020-24450 RESERVED CVE-2020-24449 RESERVED CVE-2020-24448 RESERVED CVE-2020-24447 RESERVED CVE-2020-24446 RESERVED CVE-2020-24445 RESERVED CVE-2020-24444 RESERVED CVE-2020-24443 RESERVED CVE-2020-24442 RESERVED CVE-2020-24441 RESERVED CVE-2020-24440 RESERVED CVE-2020-24439 RESERVED CVE-2020-24438 RESERVED CVE-2020-24437 RESERVED CVE-2020-24436 RESERVED CVE-2020-24435 RESERVED CVE-2020-24434 RESERVED CVE-2020-24433 RESERVED CVE-2020-24432 RESERVED CVE-2020-24431 RESERVED CVE-2020-24430 RESERVED CVE-2020-24429 RESERVED CVE-2020-24428 RESERVED CVE-2020-24427 RESERVED CVE-2020-24426 RESERVED CVE-2020-24425 RESERVED CVE-2020-24424 RESERVED CVE-2020-24423 RESERVED CVE-2020-24422 RESERVED CVE-2020-24421 RESERVED CVE-2020-24420 RESERVED CVE-2020-24419 RESERVED CVE-2020-24418 RESERVED CVE-2020-24417 RESERVED CVE-2020-24416 RESERVED CVE-2020-24415 RESERVED CVE-2020-24414 RESERVED CVE-2020-24413 RESERVED CVE-2020-24412 RESERVED CVE-2020-24411 RESERVED CVE-2020-24410 RESERVED CVE-2020-24409 RESERVED CVE-2020-24408 RESERVED CVE-2020-24407 RESERVED CVE-2020-24406 RESERVED CVE-2020-24405 RESERVED CVE-2020-24404 RESERVED CVE-2020-24403 RESERVED CVE-2020-24402 RESERVED CVE-2020-24401 RESERVED CVE-2020-24400 RESERVED CVE-2020-24399 RESERVED CVE-2020-24398 RESERVED CVE-2020-24397 RESERVED CVE-2020-24396 RESERVED CVE-2020-24395 RESERVED CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) ca ...) - linux 5.7.6-1 (bug #962254) [buster] - linux 4.19.131-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/22cf8419f1319ff87ec759d0ebdff4cbafaee832 CVE-2020-24393 RESERVED CVE-2020-24392 RESERVED CVE-2020-24391 RESERVED CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-24389 RESERVED CVE-2020-24388 RESERVED CVE-2020-24387 RESERVED CVE-2020-24386 RESERVED CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...) NOT-FOR-US: FreeBSD and MidnightBSD CVE-2020-24384 RESERVED CVE-2020-24383 RESERVED CVE-2020-24382 RESERVED CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) through 3.9 ...) NOT-FOR-US: GUnet Open eClass Platform CVE-2020-24380 RESERVED CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vul ...) - yaws 2.0.8+dfsg-1 NOTE: https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c NOTE: https://github.com/vulnbe/poc-yaws-dav-xxe CVE-2020-24378 RESERVED CVE-2020-24377 (A DNS rebinding vulnerability in the Freebox OS web interface in Freeb ...) NOT-FOR-US: Freebox CVE-2020-24376 (A DNS rebinding vulnerability in the UPnP IGD implementations in Freeb ...) NOT-FOR-US: Freebox CVE-2020-24375 RESERVED CVE-2020-24374 (A DNS rebinding vulnerability in Freebox HD before 1.5.29. ...) NOT-FOR-US: Freebox CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in Freebox ...) NOT-FOR-US: Freebox CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...) - luajit (unimportant) NOTE: https://github.com/LuaJIT/LuaJIT/issues/603 NOTE: No security impact, only "exploitable" with untrusted Lua code CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the ...) - lua5.4 - lua5.3 [buster] - lua5.3 (Minor isue) NOTE: https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110 NOTE: https://www.lua.org/bugs.html#5.4.0-9 CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation faul ...) - lua5.4 - lua5.3 [buster] - lua5.3 (Minor isue) NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00324.html NOTE: https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b CVE-2020-24369 (ldebug.c in Lua 5.4.0 attempts to access debug information via the lin ...) - lua5.4 NOTE: https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a NOTE: https://www.lua.org/bugs.html#5.4.0-12 CVE-2020-24368 (Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Director ...) {DSA-4747-1 DLA-2343-1} - icingaweb2 2.8.2-1 (bug #968833) NOTE: https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2/ NOTE: https://github.com/Icinga/icingaweb2/issues/4226 NOTE: https://github.com/Icinga/icingaweb2/commit/5700caf5f2ebd8a20ce2bd9ca30cb471f8b7487e (support/2.6) NOTE: https://github.com/Icinga/icingaweb2/commit/3035efac65ca2f7977916bd117056aa411776dfd (master) CVE-2020-24367 RESERVED CVE-2020-24366 RESERVED CVE-2020-24365 RESERVED CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via the note ...) NOT-FOR-US: MineTime CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticat ...) NOT-FOR-US: TP-Link CVE-2020-24362 RESERVED CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...) - snmptt 1.4.2-1 NOTE: https://sourceforge.net/p/snmptt/git/ci/f6aef5223bc9ed8126268a273ac9f5c341af835a CVE-2020-24360 RESERVED CVE-2020-24359 (HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrect ...) NOT-FOR-US: vault-ssh-helper CVE-2020-24358 RESERVED CVE-2020-24357 RESERVED CVE-2020-24356 RESERVED CVE-2020-24355 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...) NOT-FOR-US: Zyxel CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...) NOT-FOR-US: Zyxel CVE-2020-24353 RESERVED CVE-2020-24352 RESERVED - qemu (unimportant; bug #968820) [buster] - qemu (Vulnerable code introduced in ATI VGA device emulation added later) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1847584 NOTE: Feature isn't production-ready/experimental: https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg05528.html CVE-2020-24351 RESERVED CVE-2020-24350 RESERVED CVE-2020-24349 (njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_va ...) NOT-FOR-US: njs CVE-2020-24348 (njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_jso ...) NOT-FOR-US: njs CVE-2020-24347 (njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvl ...) NOT-FOR-US: njs CVE-2020-24346 (njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_par ...) NOT-FOR-US: njs CVE-2020-24345 (** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via ...) NOT-FOR-US: JerryScript CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const argumen ...) NOT-FOR-US: JerryScript CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of ...) NOT-FOR-US: MuJS CVE-2020-24342 (Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring be ...) - lua5.4 NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00052.html NOTE: https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27 CVE-2020-24341 RESERVED CVE-2020-24340 RESERVED CVE-2020-24339 RESERVED CVE-2020-24338 RESERVED CVE-2020-24337 RESERVED CVE-2020-24336 RESERVED CVE-2020-24335 RESERVED CVE-2020-24334 RESERVED CVE-2020-24333 RESERVED CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...) - trousers [stretch] - trousers (tss service gets started as non-root user via init script) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472 NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/ NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1 CVE-2020-24331 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...) - trousers [stretch] - trousers (tss service gets started as non-root user via init script) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472 NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/ NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1 CVE-2020-24330 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...) - trousers [stretch] - trousers (tss service gets started as non-root user via init script) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472 NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/ NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1 CVE-2020-24329 RESERVED CVE-2020-24328 RESERVED CVE-2020-24327 RESERVED CVE-2020-24326 RESERVED CVE-2020-24325 RESERVED CVE-2020-24324 RESERVED CVE-2020-24323 RESERVED CVE-2020-24322 RESERVED CVE-2020-24321 RESERVED CVE-2020-24320 RESERVED CVE-2020-24319 RESERVED CVE-2020-24318 RESERVED CVE-2020-24317 RESERVED CVE-2020-24316 (WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the va ...) NOT-FOR-US: WP Plugin Rednumber Admin Menu CVE-2020-24315 (Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL stateme ...) NOT-FOR-US: Vinoj Cardoza WordPress Poll Plugin CVE-2020-24314 (Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitiz ...) NOT-FOR-US: Fahad Mahmood RSS Feed Widget Plugin CVE-2020-24313 (Etoile Web Design Ultimate Appointment Booking & Scheduling WordPr ...) NOT-FOR-US: Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin CVE-2020-24312 (mndpsingh287 WP File Manager v6.4 and lower fails to restrict external ...) NOT-FOR-US: mndpsingh287 WP File Manager CVE-2020-24311 RESERVED CVE-2020-24310 RESERVED CVE-2020-24309 RESERVED CVE-2020-24308 RESERVED CVE-2020-24307 RESERVED CVE-2020-24306 RESERVED CVE-2020-24305 RESERVED CVE-2020-24304 RESERVED CVE-2020-24303 RESERVED CVE-2020-24302 RESERVED CVE-2020-24301 RESERVED CVE-2020-24300 RESERVED CVE-2020-24299 RESERVED CVE-2020-24298 RESERVED CVE-2020-24297 RESERVED CVE-2020-24296 RESERVED CVE-2020-24295 RESERVED CVE-2020-24294 RESERVED CVE-2020-24293 RESERVED CVE-2020-24292 RESERVED CVE-2020-24291 RESERVED CVE-2020-24290 RESERVED CVE-2020-24289 RESERVED CVE-2020-24288 RESERVED CVE-2020-24287 RESERVED CVE-2020-24286 RESERVED CVE-2020-24285 RESERVED CVE-2020-24284 RESERVED CVE-2020-24283 RESERVED CVE-2020-24282 RESERVED CVE-2020-24281 RESERVED CVE-2020-24280 RESERVED CVE-2020-24279 RESERVED CVE-2020-24278 RESERVED CVE-2020-24277 RESERVED CVE-2020-24276 RESERVED CVE-2020-24275 RESERVED CVE-2020-24274 RESERVED CVE-2020-24273 RESERVED CVE-2020-24272 RESERVED CVE-2020-24271 RESERVED CVE-2020-24270 RESERVED CVE-2020-24269 RESERVED CVE-2020-24268 RESERVED CVE-2020-24267 RESERVED CVE-2020-24266 RESERVED CVE-2020-24265 RESERVED CVE-2020-24264 RESERVED CVE-2020-24263 RESERVED CVE-2020-24262 RESERVED CVE-2020-24261 RESERVED CVE-2020-24260 RESERVED CVE-2020-24259 RESERVED CVE-2020-24258 RESERVED CVE-2020-24257 RESERVED CVE-2020-24256 RESERVED CVE-2020-24255 RESERVED CVE-2020-24254 RESERVED CVE-2020-24253 RESERVED CVE-2020-24252 RESERVED CVE-2020-24251 RESERVED CVE-2020-24250 RESERVED CVE-2020-24249 RESERVED CVE-2020-24248 RESERVED CVE-2020-24247 RESERVED CVE-2020-24246 RESERVED CVE-2020-24245 RESERVED CVE-2020-24244 RESERVED CVE-2020-24243 RESERVED CVE-2020-24242 (In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_tex ...) - nasm 2.15.04-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392708 NOTE: https://github.com/netwide-assembler/nasm/commit/6299a3114ce0f3acd55d07de201a8ca2f0a83059 NOTE: Crash in CLI tool, no security impact CVE-2020-24241 (In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in ...) - nasm 2.15.04-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392707 NOTE: https://github.com/netwide-assembler/nasm/commit/6ac6ac57e3d01ea8ed4ea47706eb724b59176461 NOTE: https://github.com/netwide-assembler/nasm/commit/78df8828a0a5d8e2d8ff3dced562bf1778ce2e6c NOTE: Crash in CLI tool, no security impact CVE-2020-24240 (GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/ob ...) - bison 2:3.7.2+dfsg-1 (unimportant) NOTE: https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d (v3.7.1) NOTE: https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html NOTE: Crash in CLI tool, no security impact CVE-2020-24239 RESERVED CVE-2020-24238 RESERVED CVE-2020-24237 RESERVED CVE-2020-24236 RESERVED CVE-2020-24235 RESERVED CVE-2020-24234 RESERVED CVE-2020-24233 RESERVED CVE-2020-24232 RESERVED CVE-2020-24231 RESERVED CVE-2020-24230 RESERVED CVE-2020-24229 RESERVED CVE-2020-24228 RESERVED CVE-2020-24227 RESERVED CVE-2020-24226 RESERVED CVE-2020-24225 RESERVED CVE-2020-24224 RESERVED CVE-2020-24223 (Mara CMS 7.5 allows contact.php?theme= XSS. ...) NOT-FOR-US: Mara CMS CVE-2020-24222 RESERVED CVE-2020-24221 RESERVED CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...) NOT-FOR-US: ShopXO CVE-2020-24219 RESERVED CVE-2020-24218 RESERVED CVE-2020-24217 RESERVED CVE-2020-24216 RESERVED CVE-2020-24215 RESERVED CVE-2020-24214 RESERVED CVE-2020-24213 RESERVED CVE-2020-24212 REJECTED CVE-2020-24211 RESERVED CVE-2020-24210 RESERVED CVE-2020-24209 RESERVED CVE-2020-24208 (A SQL injection vulnerability in SourceCodester Online Shopping Alphaw ...) NOT-FOR-US: SourceCodester CVE-2020-24207 RESERVED CVE-2020-24206 RESERVED CVE-2020-24205 RESERVED CVE-2020-24204 RESERVED CVE-2020-24203 (Insecure File Permissions and Arbitrary File Upload in the upload pic ...) NOT-FOR-US: Projects World Travel Management System CVE-2020-24202 (File Upload component in Projects World House Rental v1.0 suffers from ...) NOT-FOR-US: Projects World House Rental CVE-2020-24201 RESERVED CVE-2020-24200 REJECTED CVE-2020-24199 (Arbitrary File Upload in the Vehicle Image Upload component in Project ...) NOT-FOR-US: Vehicle Image Upload component in Project Worlds Car Rental Management System CVE-2020-24198 (A persistent cross-site scripting vulnerability in Sourcecodester Stoc ...) NOT-FOR-US: Sourcecodester Stock Management System CVE-2020-24197 (A SQL injection vulnerability in the login component in Stock Manageme ...) NOT-FOR-US: Stock Management System CVE-2020-24196 (An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental ...) NOT-FOR-US: Online Bike Rental CVE-2020-24195 (An Arbitrary File Upload in the Upload Image component in Sourcecodest ...) NOT-FOR-US: Sourcecodester Online Bike Rental CVE-2020-24194 (A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in So ...) NOT-FOR-US: SourceCodester Daily Tracker System CVE-2020-24193 (A SQL injection vulnerability in login in Sourcecodetester Daily Track ...) NOT-FOR-US: Sourcecodetester Daily Tracker System CVE-2020-24192 RESERVED CVE-2020-24191 RESERVED CVE-2020-24190 RESERVED CVE-2020-24189 RESERVED CVE-2020-24188 RESERVED CVE-2020-24187 RESERVED CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors wpDiscuz ...) NOT-FOR-US: gVectors wpDiscuz plugin for WordPress CVE-2020-24185 RESERVED CVE-2020-24184 RESERVED CVE-2020-24183 RESERVED CVE-2020-24182 RESERVED CVE-2020-24181 RESERVED CVE-2020-24180 RESERVED CVE-2020-24179 RESERVED CVE-2020-24178 RESERVED CVE-2020-24177 RESERVED CVE-2020-24176 RESERVED CVE-2020-24175 RESERVED CVE-2020-24174 RESERVED CVE-2020-24173 RESERVED CVE-2020-24172 RESERVED CVE-2020-24171 RESERVED CVE-2020-24170 RESERVED CVE-2020-24169 RESERVED CVE-2020-24168 RESERVED CVE-2020-24167 RESERVED CVE-2020-24166 RESERVED CVE-2020-24165 RESERVED CVE-2020-24164 (A deserialization flaw is present in Taoensso Nippy before 2.14.2. In ...) NOT-FOR-US: Taoensso Nippy CVE-2020-24163 RESERVED CVE-2020-24162 (The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App ...) NOT-FOR-US: Shenzhen Tencent app CVE-2020-24161 (Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacki ...) NOT-FOR-US: Guangzhou NetEase Mail Master CVE-2020-24160 (Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vu ...) NOT-FOR-US: Shenzhen Tencent TIM Windows client CVE-2020-24159 (NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can ...) NOT-FOR-US: NetEase Youdao Dictionary CVE-2020-24158 (360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which ...) NOT-FOR-US: 360 Speed Browser CVE-2020-24157 RESERVED CVE-2020-24156 RESERVED CVE-2020-24155 RESERVED CVE-2020-24154 RESERVED CVE-2020-24153 RESERVED CVE-2020-24152 RESERVED CVE-2020-24151 RESERVED CVE-2020-24150 RESERVED CVE-2020-24149 RESERVED CVE-2020-24148 RESERVED CVE-2020-24147 RESERVED CVE-2020-24146 RESERVED CVE-2020-24145 RESERVED CVE-2020-24144 RESERVED CVE-2020-24143 RESERVED CVE-2020-24142 RESERVED CVE-2020-24141 RESERVED CVE-2020-24140 RESERVED CVE-2020-24139 RESERVED CVE-2020-24138 RESERVED CVE-2020-24137 RESERVED CVE-2020-24136 RESERVED CVE-2020-24135 RESERVED CVE-2020-24134 RESERVED CVE-2020-24133 RESERVED CVE-2020-24132 RESERVED CVE-2020-24131 RESERVED CVE-2020-24130 RESERVED CVE-2020-24129 RESERVED CVE-2020-24128 RESERVED CVE-2020-24127 RESERVED CVE-2020-24126 RESERVED CVE-2020-24125 RESERVED CVE-2020-24124 RESERVED CVE-2020-24123 RESERVED CVE-2020-24122 RESERVED CVE-2020-24121 RESERVED CVE-2020-24120 RESERVED CVE-2020-24119 RESERVED CVE-2020-24118 RESERVED CVE-2020-24117 RESERVED CVE-2020-24116 RESERVED CVE-2020-24115 (In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials i ...) NOT-FOR-US: projectworlds Online Book Store CVE-2020-24114 RESERVED CVE-2020-24113 RESERVED CVE-2020-24112 RESERVED CVE-2020-24111 RESERVED CVE-2020-24110 RESERVED CVE-2020-24109 RESERVED CVE-2020-24108 RESERVED CVE-2020-24107 RESERVED CVE-2020-24106 RESERVED CVE-2020-24105 RESERVED CVE-2020-24104 (XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router. ...) NOT-FOR-US: PIX-Link Repeater/Router LV-WR07 CVE-2020-24103 RESERVED CVE-2020-24102 RESERVED CVE-2020-24101 RESERVED CVE-2020-24100 RESERVED CVE-2020-24099 RESERVED CVE-2020-24098 RESERVED CVE-2020-24097 RESERVED CVE-2020-24096 RESERVED CVE-2020-24095 RESERVED CVE-2020-24094 RESERVED CVE-2020-24093 RESERVED CVE-2020-24092 RESERVED CVE-2020-24091 RESERVED CVE-2020-24090 RESERVED CVE-2020-24089 RESERVED CVE-2020-24088 RESERVED CVE-2020-24087 RESERVED CVE-2020-24086 RESERVED CVE-2020-24085 RESERVED CVE-2020-24084 RESERVED CVE-2020-24083 RESERVED CVE-2020-24082 RESERVED CVE-2020-24081 RESERVED CVE-2020-24080 RESERVED CVE-2020-24079 RESERVED CVE-2020-24078 RESERVED CVE-2020-24077 RESERVED CVE-2020-24076 RESERVED CVE-2020-24075 RESERVED CVE-2020-24074 (The decode program in silk-v3-decoder Version:20160922 Build By kn007 ...) NOT-FOR-US: silk-v3-decoder CVE-2020-24073 RESERVED CVE-2020-24072 RESERVED CVE-2020-24071 RESERVED CVE-2020-24070 RESERVED CVE-2020-24069 RESERVED CVE-2020-24068 RESERVED CVE-2020-24067 RESERVED CVE-2020-24066 RESERVED CVE-2020-24065 RESERVED CVE-2020-24064 RESERVED CVE-2020-24063 RESERVED CVE-2020-24062 RESERVED CVE-2020-24061 RESERVED CVE-2020-24060 RESERVED CVE-2020-24059 RESERVED CVE-2020-24058 RESERVED CVE-2020-24057 (The management website of the Verint S5120FD Verint_FW_0_42 unit featu ...) NOT-FOR-US: Verint CVE-2020-24056 (A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_ ...) NOT-FOR-US: Verint CVE-2020-24055 (Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320 ...) NOT-FOR-US: Verint CVE-2020-24054 (The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2 ...) NOT-FOR-US: Moog CVE-2020-24053 (Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credenti ...) NOT-FOR-US: Moog CVE-2020-24052 (Several XML External Entity (XXE) vulnerabilities in the Moog EXO Seri ...) NOT-FOR-US: Moog CVE-2020-24051 (The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF int ...) NOT-FOR-US: Moog CVE-2020-24050 RESERVED CVE-2020-24049 RESERVED CVE-2020-24048 RESERVED CVE-2020-24047 RESERVED CVE-2020-24046 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...) NOT-FOR-US: TitanHQ CVE-2020-24045 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...) NOT-FOR-US: TitanHQ CVE-2020-24044 RESERVED CVE-2020-24043 RESERVED CVE-2020-24042 RESERVED CVE-2020-24041 RESERVED CVE-2020-24040 RESERVED CVE-2020-24039 RESERVED CVE-2020-24038 RESERVED CVE-2020-24037 RESERVED CVE-2020-24036 RESERVED CVE-2020-24035 RESERVED CVE-2020-24034 (Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecu ...) NOT-FOR-US: Sagemcom F@ST 5280 routers CVE-2020-24033 RESERVED CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cm ...) NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD CVE-2020-24031 RESERVED CVE-2020-24030 (ForLogic Qualiex v1 and v3 has weak token expiration. This allows remo ...) NOT-FOR-US: ForLogic Qualiex CVE-2020-24029 (Because of unauthenticated password changes in ForLogic Qualiex v1 and ...) NOT-FOR-US: ForLogic Qualiex CVE-2020-24028 (ForLogic Qualiex v1 and v3 allows any authenticated customer to achiev ...) NOT-FOR-US: ForLogic Qualiex CVE-2020-24027 RESERVED CVE-2020-24026 RESERVED CVE-2020-24025 RESERVED CVE-2020-24024 RESERVED CVE-2020-24023 RESERVED CVE-2020-24022 RESERVED CVE-2020-24021 RESERVED CVE-2020-24020 RESERVED CVE-2020-24019 RESERVED CVE-2020-24018 RESERVED CVE-2020-24017 RESERVED CVE-2020-24016 RESERVED CVE-2020-24015 RESERVED CVE-2020-24014 RESERVED CVE-2020-24013 RESERVED CVE-2020-24012 RESERVED CVE-2020-24011 RESERVED CVE-2020-24010 RESERVED CVE-2020-24009 RESERVED CVE-2020-24008 (Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs ...) NOT-FOR-US: Umanni RH CVE-2020-24007 (Umanni RH 1.0 does not limit the number of authentication attempts. An ...) NOT-FOR-US: Umanni RH CVE-2020-24006 RESERVED CVE-2020-24005 RESERVED CVE-2020-24004 RESERVED CVE-2020-24003 RESERVED CVE-2020-24002 RESERVED CVE-2020-24001 RESERVED CVE-2020-24000 RESERVED CVE-2020-23999 RESERVED CVE-2020-23998 RESERVED CVE-2020-23997 RESERVED CVE-2020-23996 RESERVED CVE-2020-23995 RESERVED CVE-2020-23994 RESERVED CVE-2020-23993 RESERVED CVE-2020-23992 RESERVED CVE-2020-23991 RESERVED CVE-2020-23990 RESERVED CVE-2020-23989 RESERVED CVE-2020-23988 RESERVED CVE-2020-23987 RESERVED CVE-2020-23986 RESERVED CVE-2020-23985 RESERVED CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-s ...) NOT-FOR-US: Online Hotel Booking System Pro PHP CVE-2020-23983 (Michael-design iChat Realtime PHP Live Support System 1.6 has persiste ...) NOT-FOR-US: Michael-design iChat Realtime PHP Live Support System CVE-2020-23982 (DesignMasterEvents Conference management 1.0.0 has cross site scriptin ...) NOT-FOR-US: DesignMasterEvents Conference management CVE-2020-23981 (13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id pa ...) NOT-FOR-US: 13enforme CMS CVE-2020-23980 (DesignMasterEvents Conference management 1.0.0 allows SQL Injection vi ...) NOT-FOR-US: DesignMasterEvents Conference management CVE-2020-23979 (13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter ...) NOT-FOR-US: 13enforme CMS CVE-2020-23978 (SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the ...) NOT-FOR-US: Soluzione Globale Ecommerce CMS CVE-2020-23977 (KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 't ...) NOT-FOR-US: KandNconcepts Club CMS CVE-2020-23976 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection ...) NOT-FOR-US: Webexcels Ecommerce CMS CVE-2020-23975 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scr ...) NOT-FOR-US: Webexcels Ecommerce CMS CVE-2020-23974 (Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting ...) NOT-FOR-US: Create-Project Manager CVE-2020-23973 (KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php ...) NOT-FOR-US: KandNconcepts Club CMS CVE-2020-23972 (In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can ...) NOT-FOR-US: Joomla Component GMapFP CVE-2020-23971 (gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Pe ...) NOT-FOR-US: gmapfp.org Joomla Component GMapFP CVE-2020-23970 RESERVED CVE-2020-23969 RESERVED CVE-2020-23968 RESERVED CVE-2020-23967 RESERVED CVE-2020-23966 RESERVED CVE-2020-23965 RESERVED CVE-2020-23964 RESERVED CVE-2020-23963 RESERVED CVE-2020-23962 RESERVED CVE-2020-23961 RESERVED CVE-2020-23960 RESERVED CVE-2020-23959 RESERVED CVE-2020-23958 RESERVED CVE-2020-23957 RESERVED CVE-2020-23956 RESERVED CVE-2020-23955 RESERVED CVE-2020-23954 RESERVED CVE-2020-23953 RESERVED CVE-2020-23952 RESERVED CVE-2020-23951 RESERVED CVE-2020-23950 RESERVED CVE-2020-23949 RESERVED CVE-2020-23948 RESERVED CVE-2020-23947 RESERVED CVE-2020-23946 RESERVED CVE-2020-23945 RESERVED CVE-2020-23944 RESERVED CVE-2020-23943 RESERVED CVE-2020-23942 RESERVED CVE-2020-23941 RESERVED CVE-2020-23940 RESERVED CVE-2020-23939 RESERVED CVE-2020-23938 REJECTED CVE-2020-23937 RESERVED CVE-2020-23936 (PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Auth ...) NOT-FOR-US: PHPGurukul Vehicle Parking Management System CVE-2020-23935 (Kabir Alhasan Student Management System 1.0 is vulnerable to Authentic ...) NOT-FOR-US: Kabir Alhasan Student Management System CVE-2020-23934 (An issue was discovered in RiteCMS 2.2.1. An authenticated user can di ...) NOT-FOR-US: RiteCMS CVE-2020-23933 REJECTED CVE-2020-23932 RESERVED CVE-2020-23931 RESERVED CVE-2020-23930 RESERVED CVE-2020-23929 RESERVED CVE-2020-23928 RESERVED CVE-2020-23927 RESERVED CVE-2020-23926 RESERVED CVE-2020-23925 RESERVED CVE-2020-23924 RESERVED CVE-2020-23923 RESERVED CVE-2020-23922 RESERVED CVE-2020-23921 RESERVED CVE-2020-23920 RESERVED CVE-2020-23919 RESERVED CVE-2020-23918 RESERVED CVE-2020-23917 RESERVED CVE-2020-23916 RESERVED CVE-2020-23915 RESERVED CVE-2020-23914 RESERVED CVE-2020-23913 RESERVED CVE-2020-23912 RESERVED CVE-2020-23911 RESERVED CVE-2020-23910 RESERVED CVE-2020-23909 RESERVED CVE-2020-23908 RESERVED CVE-2020-23907 RESERVED CVE-2020-23906 RESERVED CVE-2020-23905 RESERVED CVE-2020-23904 RESERVED CVE-2020-23903 RESERVED CVE-2020-23902 RESERVED CVE-2020-23901 RESERVED CVE-2020-23900 RESERVED CVE-2020-23899 RESERVED CVE-2020-23898 RESERVED CVE-2020-23897 RESERVED CVE-2020-23896 RESERVED CVE-2020-23895 RESERVED CVE-2020-23894 RESERVED CVE-2020-23893 RESERVED CVE-2020-23892 RESERVED CVE-2020-23891 RESERVED CVE-2020-23890 RESERVED CVE-2020-23889 RESERVED CVE-2020-23888 RESERVED CVE-2020-23887 RESERVED CVE-2020-23886 RESERVED CVE-2020-23885 RESERVED CVE-2020-23884 RESERVED CVE-2020-23883 RESERVED CVE-2020-23882 RESERVED CVE-2020-23881 RESERVED CVE-2020-23880 RESERVED CVE-2020-23879 RESERVED CVE-2020-23878 RESERVED CVE-2020-23877 RESERVED CVE-2020-23876 RESERVED CVE-2020-23875 RESERVED CVE-2020-23874 RESERVED CVE-2020-23873 RESERVED CVE-2020-23872 RESERVED CVE-2020-23871 RESERVED CVE-2020-23870 RESERVED CVE-2020-23869 RESERVED CVE-2020-23868 RESERVED CVE-2020-23867 RESERVED CVE-2020-23866 RESERVED CVE-2020-23865 RESERVED CVE-2020-23864 RESERVED CVE-2020-23863 RESERVED CVE-2020-23862 RESERVED CVE-2020-23861 RESERVED CVE-2020-23860 RESERVED CVE-2020-23859 RESERVED CVE-2020-23858 RESERVED CVE-2020-23857 RESERVED CVE-2020-23856 RESERVED CVE-2020-23855 RESERVED CVE-2020-23854 RESERVED CVE-2020-23853 RESERVED CVE-2020-23852 RESERVED CVE-2020-23851 RESERVED CVE-2020-23850 RESERVED CVE-2020-23849 RESERVED CVE-2020-23848 RESERVED CVE-2020-23847 RESERVED CVE-2020-23846 RESERVED CVE-2020-23845 RESERVED CVE-2020-23844 RESERVED CVE-2020-23843 RESERVED CVE-2020-23842 RESERVED CVE-2020-23841 RESERVED CVE-2020-23840 RESERVED CVE-2020-23839 (A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS ...) NOT-FOR-US: GetSimple CMS CVE-2020-23838 RESERVED CVE-2020-23837 RESERVED CVE-2020-23836 (A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in ...) NOT-FOR-US: OSWAPP Warehouse Inventory System CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...) NOT-FOR-US: SourceCodester Tailor Management System CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time Logic ...) NOT-FOR-US: Real Time Logic BarracudaDrive CVE-2020-23833 (Projectworlds House Rental v1.0 suffers from an unauthenticated SQL In ...) NOT-FOR-US: Projectworlds House Rental CVE-2020-23832 RESERVED CVE-2020-23831 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...) NOT-FOR-US: SourceCodester Stock Management System CVE-2020-23830 (A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.ph ...) NOT-FOR-US: SourceCodester Stock Management System CVE-2020-23829 (interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suff ...) NOT-FOR-US: LibreHealth EHR CVE-2020-23828 (A File Upload vulnerability in SourceCodester Online Course Registrati ...) NOT-FOR-US: SourceCodester Online Course Registration CVE-2020-23827 RESERVED CVE-2020-23826 RESERVED CVE-2020-23825 RESERVED CVE-2020-23824 (ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forger ...) NOT-FOR-US: ArGo Soft Mail Server CVE-2020-23823 RESERVED CVE-2020-23822 RESERVED CVE-2020-23821 RESERVED CVE-2020-23820 RESERVED CVE-2020-23819 RESERVED CVE-2020-23818 RESERVED CVE-2020-23817 RESERVED CVE-2020-23816 RESERVED CVE-2020-23815 RESERVED CVE-2020-23814 (Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 ...) NOT-FOR-US: xxl-job CVE-2020-23813 RESERVED CVE-2020-23812 RESERVED CVE-2020-23811 (xxl-job 2.2.0 allows Information Disclosure of username, model, and pa ...) NOT-FOR-US: xxl-job CVE-2020-23810 RESERVED CVE-2020-23809 RESERVED CVE-2020-23808 RESERVED CVE-2020-23807 RESERVED CVE-2020-23806 RESERVED CVE-2020-23805 RESERVED CVE-2020-23804 RESERVED CVE-2020-23803 RESERVED CVE-2020-23802 RESERVED CVE-2020-23801 RESERVED CVE-2020-23800 RESERVED CVE-2020-23799 RESERVED CVE-2020-23798 RESERVED CVE-2020-23797 RESERVED CVE-2020-23796 RESERVED CVE-2020-23795 RESERVED CVE-2020-23794 RESERVED CVE-2020-23793 RESERVED CVE-2020-23792 RESERVED CVE-2020-23791 RESERVED CVE-2020-23790 RESERVED CVE-2020-23789 RESERVED CVE-2020-23788 RESERVED CVE-2020-23787 RESERVED CVE-2020-23786 RESERVED CVE-2020-23785 RESERVED CVE-2020-23784 RESERVED CVE-2020-23783 RESERVED CVE-2020-23782 RESERVED CVE-2020-23781 RESERVED CVE-2020-23780 RESERVED CVE-2020-23779 RESERVED CVE-2020-23778 RESERVED CVE-2020-23777 RESERVED CVE-2020-23776 RESERVED CVE-2020-23775 RESERVED CVE-2020-23774 RESERVED CVE-2020-23773 RESERVED CVE-2020-23772 RESERVED CVE-2020-23771 RESERVED CVE-2020-23770 RESERVED CVE-2020-23769 RESERVED CVE-2020-23768 RESERVED CVE-2020-23767 RESERVED CVE-2020-23766 RESERVED CVE-2020-23765 RESERVED CVE-2020-23764 RESERVED CVE-2020-23763 RESERVED CVE-2020-23762 RESERVED CVE-2020-23761 RESERVED CVE-2020-23760 RESERVED CVE-2020-23759 RESERVED CVE-2020-23758 RESERVED CVE-2020-23757 RESERVED CVE-2020-23756 RESERVED CVE-2020-23755 RESERVED CVE-2020-23754 RESERVED CVE-2020-23753 RESERVED CVE-2020-23752 RESERVED CVE-2020-23751 RESERVED CVE-2020-23750 RESERVED CVE-2020-23749 RESERVED CVE-2020-23748 RESERVED CVE-2020-23747 RESERVED CVE-2020-23746 RESERVED CVE-2020-23745 RESERVED CVE-2020-23744 RESERVED CVE-2020-23743 RESERVED CVE-2020-23742 RESERVED CVE-2020-23741 RESERVED CVE-2020-23740 RESERVED CVE-2020-23739 RESERVED CVE-2020-23738 RESERVED CVE-2020-23737 RESERVED CVE-2020-23736 RESERVED CVE-2020-23735 RESERVED CVE-2020-23734 RESERVED CVE-2020-23733 RESERVED CVE-2020-23732 RESERVED CVE-2020-23731 RESERVED CVE-2020-23730 RESERVED CVE-2020-23729 RESERVED CVE-2020-23728 RESERVED CVE-2020-23727 RESERVED CVE-2020-23726 RESERVED CVE-2020-23725 RESERVED CVE-2020-23724 RESERVED CVE-2020-23723 RESERVED CVE-2020-23722 RESERVED CVE-2020-23721 RESERVED CVE-2020-23720 RESERVED CVE-2020-23719 RESERVED CVE-2020-23718 RESERVED CVE-2020-23717 RESERVED CVE-2020-23716 RESERVED CVE-2020-23715 RESERVED CVE-2020-23714 RESERVED CVE-2020-23713 RESERVED CVE-2020-23712 RESERVED CVE-2020-23711 RESERVED CVE-2020-23710 RESERVED CVE-2020-23709 RESERVED CVE-2020-23708 RESERVED CVE-2020-23707 RESERVED CVE-2020-23706 RESERVED CVE-2020-23705 RESERVED CVE-2020-23704 RESERVED CVE-2020-23703 RESERVED CVE-2020-23702 RESERVED CVE-2020-23701 RESERVED CVE-2020-23700 RESERVED CVE-2020-23699 RESERVED CVE-2020-23698 RESERVED CVE-2020-23697 RESERVED CVE-2020-23696 RESERVED CVE-2020-23695 RESERVED CVE-2020-23694 RESERVED CVE-2020-23693 RESERVED CVE-2020-23692 RESERVED CVE-2020-23691 RESERVED CVE-2020-23690 RESERVED CVE-2020-23689 RESERVED CVE-2020-23688 RESERVED CVE-2020-23687 RESERVED CVE-2020-23686 RESERVED CVE-2020-23685 RESERVED CVE-2020-23684 RESERVED CVE-2020-23683 RESERVED CVE-2020-23682 RESERVED CVE-2020-23681 RESERVED CVE-2020-23680 RESERVED CVE-2020-23679 RESERVED CVE-2020-23678 RESERVED CVE-2020-23677 RESERVED CVE-2020-23676 RESERVED CVE-2020-23675 RESERVED CVE-2020-23674 RESERVED CVE-2020-23673 RESERVED CVE-2020-23672 RESERVED CVE-2020-23671 RESERVED CVE-2020-23670 RESERVED CVE-2020-23669 RESERVED CVE-2020-23668 RESERVED CVE-2020-23667 RESERVED CVE-2020-23666 RESERVED CVE-2020-23665 RESERVED CVE-2020-23664 RESERVED CVE-2020-23663 RESERVED CVE-2020-23662 RESERVED CVE-2020-23661 RESERVED CVE-2020-23660 (webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." ...) NOT-FOR-US: webTareas CVE-2020-23659 (WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the " ...) NOT-FOR-US: WebPort CVE-2020-23658 (PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infus ...) NOT-FOR-US: PHP-Fusion CVE-2020-23657 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...) NOT-FOR-US: NavigateCMS CVE-2020-23656 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...) NOT-FOR-US: NavigateCMS CVE-2020-23655 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...) NOT-FOR-US: NavigateCMS CVE-2020-23654 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the modu ...) NOT-FOR-US: NavigateCMS CVE-2020-23653 RESERVED CVE-2020-23652 RESERVED CVE-2020-23651 RESERVED CVE-2020-23650 RESERVED CVE-2020-23649 RESERVED CVE-2020-23648 RESERVED CVE-2020-23647 RESERVED CVE-2020-23646 RESERVED CVE-2020-23645 RESERVED CVE-2020-23644 RESERVED CVE-2020-23643 RESERVED CVE-2020-23642 RESERVED CVE-2020-23641 RESERVED CVE-2020-23640 RESERVED CVE-2020-23639 RESERVED CVE-2020-23638 RESERVED CVE-2020-23637 RESERVED CVE-2020-23636 RESERVED CVE-2020-23635 RESERVED CVE-2020-23634 RESERVED CVE-2020-23633 RESERVED CVE-2020-23632 RESERVED CVE-2020-23631 RESERVED CVE-2020-23630 RESERVED CVE-2020-23629 RESERVED CVE-2020-23628 RESERVED CVE-2020-23627 RESERVED CVE-2020-23626 RESERVED CVE-2020-23625 RESERVED CVE-2020-23624 RESERVED CVE-2020-23623 RESERVED CVE-2020-23622 RESERVED CVE-2020-23621 RESERVED CVE-2020-23620 RESERVED CVE-2020-23619 RESERVED CVE-2020-23618 RESERVED CVE-2020-23617 RESERVED CVE-2020-23616 RESERVED CVE-2020-23615 RESERVED CVE-2020-23614 RESERVED CVE-2020-23613 RESERVED CVE-2020-23612 RESERVED CVE-2020-23611 RESERVED CVE-2020-23610 RESERVED CVE-2020-23609 RESERVED CVE-2020-23608 RESERVED CVE-2020-23607 RESERVED CVE-2020-23606 RESERVED CVE-2020-23605 RESERVED CVE-2020-23604 RESERVED CVE-2020-23603 RESERVED CVE-2020-23602 RESERVED CVE-2020-23601 RESERVED CVE-2020-23600 RESERVED CVE-2020-23599 RESERVED CVE-2020-23598 RESERVED CVE-2020-23597 RESERVED CVE-2020-23596 RESERVED CVE-2020-23595 RESERVED CVE-2020-23594 RESERVED CVE-2020-23593 RESERVED CVE-2020-23592 RESERVED CVE-2020-23591 RESERVED CVE-2020-23590 RESERVED CVE-2020-23589 RESERVED CVE-2020-23588 RESERVED CVE-2020-23587 RESERVED CVE-2020-23586 RESERVED CVE-2020-23585 RESERVED CVE-2020-23584 RESERVED CVE-2020-23583 RESERVED CVE-2020-23582 RESERVED CVE-2020-23581 RESERVED CVE-2020-23580 RESERVED CVE-2020-23579 RESERVED CVE-2020-23578 RESERVED CVE-2020-23577 RESERVED CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site Scripting ...) NOT-FOR-US: Laborator Neon dashboard CVE-2020-23575 RESERVED CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...) NOT-FOR-US: Sysax Multi Server CVE-2020-23573 RESERVED CVE-2020-23572 RESERVED CVE-2020-23571 RESERVED CVE-2020-23570 RESERVED CVE-2020-23569 RESERVED CVE-2020-23568 RESERVED CVE-2020-23567 RESERVED CVE-2020-23566 RESERVED CVE-2020-23565 RESERVED CVE-2020-23564 RESERVED CVE-2020-23563 RESERVED CVE-2020-23562 RESERVED CVE-2020-23561 RESERVED CVE-2020-23560 RESERVED CVE-2020-23559 RESERVED CVE-2020-23558 RESERVED CVE-2020-23557 RESERVED CVE-2020-23556 RESERVED CVE-2020-23555 RESERVED CVE-2020-23554 RESERVED CVE-2020-23553 RESERVED CVE-2020-23552 RESERVED CVE-2020-23551 RESERVED CVE-2020-23550 RESERVED CVE-2020-23549 RESERVED CVE-2020-23548 RESERVED CVE-2020-23547 RESERVED CVE-2020-23546 RESERVED CVE-2020-23545 RESERVED CVE-2020-23544 RESERVED CVE-2020-23543 RESERVED CVE-2020-23542 RESERVED CVE-2020-23541 RESERVED CVE-2020-23540 RESERVED CVE-2020-23539 RESERVED CVE-2020-23538 RESERVED CVE-2020-23537 RESERVED CVE-2020-23536 RESERVED CVE-2020-23535 RESERVED CVE-2020-23534 RESERVED CVE-2020-23533 RESERVED CVE-2020-23532 RESERVED CVE-2020-23531 RESERVED CVE-2020-23530 RESERVED CVE-2020-23529 RESERVED CVE-2020-23528 RESERVED CVE-2020-23527 RESERVED CVE-2020-23526 RESERVED CVE-2020-23525 RESERVED CVE-2020-23524 RESERVED CVE-2020-23523 RESERVED CVE-2020-23522 RESERVED CVE-2020-23521 RESERVED CVE-2020-23520 RESERVED CVE-2020-23519 RESERVED CVE-2020-23518 RESERVED CVE-2020-23517 RESERVED CVE-2020-23516 RESERVED CVE-2020-23515 RESERVED CVE-2020-23514 RESERVED CVE-2020-23513 RESERVED CVE-2020-23512 (VR CAM P1 Model P1 v1 has an incorrect access control vulnerability wh ...) NOT-FOR-US: VR CAM P1 Model P1 CVE-2020-23511 RESERVED CVE-2020-23510 RESERVED CVE-2020-23509 RESERVED CVE-2020-23508 RESERVED CVE-2020-23507 RESERVED CVE-2020-23506 RESERVED CVE-2020-23505 RESERVED CVE-2020-23504 RESERVED CVE-2020-23503 RESERVED CVE-2020-23502 RESERVED CVE-2020-23501 RESERVED CVE-2020-23500 RESERVED CVE-2020-23499 RESERVED CVE-2020-23498 RESERVED CVE-2020-23497 RESERVED CVE-2020-23496 RESERVED CVE-2020-23495 RESERVED CVE-2020-23494 RESERVED CVE-2020-23493 RESERVED CVE-2020-23492 RESERVED CVE-2020-23491 RESERVED CVE-2020-23490 RESERVED CVE-2020-23489 RESERVED CVE-2020-23488 RESERVED CVE-2020-23487 RESERVED CVE-2020-23486 RESERVED CVE-2020-23485 RESERVED CVE-2020-23484 RESERVED CVE-2020-23483 RESERVED CVE-2020-23482 RESERVED CVE-2020-23481 RESERVED CVE-2020-23480 RESERVED CVE-2020-23479 RESERVED CVE-2020-23478 RESERVED CVE-2020-23477 RESERVED CVE-2020-23476 RESERVED CVE-2020-23475 RESERVED CVE-2020-23474 RESERVED CVE-2020-23473 RESERVED CVE-2020-23472 RESERVED CVE-2020-23471 RESERVED CVE-2020-23470 RESERVED CVE-2020-23469 RESERVED CVE-2020-23468 RESERVED CVE-2020-23467 RESERVED CVE-2020-23466 RESERVED CVE-2020-23465 RESERVED CVE-2020-23464 RESERVED CVE-2020-23463 RESERVED CVE-2020-23462 RESERVED CVE-2020-23461 RESERVED CVE-2020-23460 RESERVED CVE-2020-23459 RESERVED CVE-2020-23458 RESERVED CVE-2020-23457 RESERVED CVE-2020-23456 RESERVED CVE-2020-23455 RESERVED CVE-2020-23454 RESERVED CVE-2020-23453 RESERVED CVE-2020-23452 RESERVED CVE-2020-23451 (Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead ...) NOT-FOR-US: Spiceworks CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed ...) NOT-FOR-US: Spiceworks CVE-2020-23449 RESERVED CVE-2020-23448 RESERVED CVE-2020-23447 RESERVED CVE-2020-23446 RESERVED CVE-2020-23445 RESERVED CVE-2020-23444 RESERVED CVE-2020-23443 RESERVED CVE-2020-23442 RESERVED CVE-2020-23441 RESERVED CVE-2020-23440 RESERVED CVE-2020-23439 RESERVED CVE-2020-23438 RESERVED CVE-2020-23437 RESERVED CVE-2020-23436 RESERVED CVE-2020-23435 RESERVED CVE-2020-23434 RESERVED CVE-2020-23433 RESERVED CVE-2020-23432 RESERVED CVE-2020-23431 RESERVED CVE-2020-23430 RESERVED CVE-2020-23429 RESERVED CVE-2020-23428 RESERVED CVE-2020-23427 RESERVED CVE-2020-23426 RESERVED CVE-2020-23425 RESERVED CVE-2020-23424 RESERVED CVE-2020-23423 RESERVED CVE-2020-23422 RESERVED CVE-2020-23421 RESERVED CVE-2020-23420 RESERVED CVE-2020-23419 RESERVED CVE-2020-23418 RESERVED CVE-2020-23417 RESERVED CVE-2020-23416 RESERVED CVE-2020-23415 RESERVED CVE-2020-23414 RESERVED CVE-2020-23413 RESERVED CVE-2020-23412 RESERVED CVE-2020-23411 RESERVED CVE-2020-23410 RESERVED CVE-2020-23409 RESERVED CVE-2020-23408 RESERVED CVE-2020-23407 RESERVED CVE-2020-23406 RESERVED CVE-2020-23405 RESERVED CVE-2020-23404 RESERVED CVE-2020-23403 RESERVED CVE-2020-23402 RESERVED CVE-2020-23401 RESERVED CVE-2020-23400 RESERVED CVE-2020-23399 RESERVED CVE-2020-23398 RESERVED CVE-2020-23397 RESERVED CVE-2020-23396 RESERVED CVE-2020-23395 RESERVED CVE-2020-23394 RESERVED CVE-2020-23393 RESERVED CVE-2020-23392 RESERVED CVE-2020-23391 RESERVED CVE-2020-23390 RESERVED CVE-2020-23389 RESERVED CVE-2020-23388 RESERVED CVE-2020-23387 RESERVED CVE-2020-23386 RESERVED CVE-2020-23385 RESERVED CVE-2020-23384 RESERVED CVE-2020-23383 RESERVED CVE-2020-23382 RESERVED CVE-2020-23381 RESERVED CVE-2020-23380 RESERVED CVE-2020-23379 RESERVED CVE-2020-23378 RESERVED CVE-2020-23377 RESERVED CVE-2020-23376 RESERVED CVE-2020-23375 RESERVED CVE-2020-23374 RESERVED CVE-2020-23373 RESERVED CVE-2020-23372 RESERVED CVE-2020-23371 RESERVED CVE-2020-23370 RESERVED CVE-2020-23369 RESERVED CVE-2020-23368 RESERVED CVE-2020-23367 RESERVED CVE-2020-23366 RESERVED CVE-2020-23365 RESERVED CVE-2020-23364 RESERVED CVE-2020-23363 RESERVED CVE-2020-23362 RESERVED CVE-2020-23361 RESERVED CVE-2020-23360 RESERVED CVE-2020-23359 RESERVED CVE-2020-23358 RESERVED CVE-2020-23357 RESERVED CVE-2020-23356 RESERVED CVE-2020-23355 RESERVED CVE-2020-23354 RESERVED CVE-2020-23353 RESERVED CVE-2020-23352 RESERVED CVE-2020-23351 RESERVED CVE-2020-23350 RESERVED CVE-2020-23349 RESERVED CVE-2020-23348 RESERVED CVE-2020-23347 RESERVED CVE-2020-23346 RESERVED CVE-2020-23345 RESERVED CVE-2020-23344 RESERVED CVE-2020-23343 RESERVED CVE-2020-23342 RESERVED CVE-2020-23341 RESERVED CVE-2020-23340 RESERVED CVE-2020-23339 RESERVED CVE-2020-23338 RESERVED CVE-2020-23337 RESERVED CVE-2020-23336 RESERVED CVE-2020-23335 RESERVED CVE-2020-23334 RESERVED CVE-2020-23333 RESERVED CVE-2020-23332 RESERVED CVE-2020-23331 RESERVED CVE-2020-23330 RESERVED CVE-2020-23329 RESERVED CVE-2020-23328 RESERVED CVE-2020-23327 RESERVED CVE-2020-23326 RESERVED CVE-2020-23325 RESERVED CVE-2020-23324 RESERVED CVE-2020-23323 RESERVED CVE-2020-23322 RESERVED CVE-2020-23321 RESERVED CVE-2020-23320 RESERVED CVE-2020-23319 RESERVED CVE-2020-23318 RESERVED CVE-2020-23317 RESERVED CVE-2020-23316 RESERVED CVE-2020-23315 RESERVED CVE-2020-23314 RESERVED CVE-2020-23313 RESERVED CVE-2020-23312 RESERVED CVE-2020-23311 RESERVED CVE-2020-23310 RESERVED CVE-2020-23309 RESERVED CVE-2020-23308 RESERVED CVE-2020-23307 RESERVED CVE-2020-23306 RESERVED CVE-2020-23305 RESERVED CVE-2020-23304 RESERVED CVE-2020-23303 RESERVED CVE-2020-23302 RESERVED CVE-2020-23301 RESERVED CVE-2020-23300 RESERVED CVE-2020-23299 RESERVED CVE-2020-23298 RESERVED CVE-2020-23297 RESERVED CVE-2020-23296 RESERVED CVE-2020-23295 RESERVED CVE-2020-23294 RESERVED CVE-2020-23293 RESERVED CVE-2020-23292 RESERVED CVE-2020-23291 RESERVED CVE-2020-23290 RESERVED CVE-2020-23289 RESERVED CVE-2020-23288 RESERVED CVE-2020-23287 RESERVED CVE-2020-23286 RESERVED CVE-2020-23285 RESERVED CVE-2020-23284 RESERVED CVE-2020-23283 RESERVED CVE-2020-23282 RESERVED CVE-2020-23281 RESERVED CVE-2020-23280 RESERVED CVE-2020-23279 RESERVED CVE-2020-23278 RESERVED CVE-2020-23277 RESERVED CVE-2020-23276 RESERVED CVE-2020-23275 RESERVED CVE-2020-23274 RESERVED CVE-2020-23273 RESERVED CVE-2020-23272 RESERVED CVE-2020-23271 RESERVED CVE-2020-23270 RESERVED CVE-2020-23269 RESERVED CVE-2020-23268 RESERVED CVE-2020-23267 RESERVED CVE-2020-23266 RESERVED CVE-2020-23265 RESERVED CVE-2020-23264 RESERVED CVE-2020-23263 RESERVED CVE-2020-23262 RESERVED CVE-2020-23261 RESERVED CVE-2020-23260 RESERVED CVE-2020-23259 RESERVED CVE-2020-23258 RESERVED CVE-2020-23257 RESERVED CVE-2020-23256 RESERVED CVE-2020-23255 RESERVED CVE-2020-23254 RESERVED CVE-2020-23253 RESERVED CVE-2020-23252 RESERVED CVE-2020-23251 RESERVED CVE-2020-23250 RESERVED CVE-2020-23249 RESERVED CVE-2020-23248 RESERVED CVE-2020-23247 RESERVED CVE-2020-23246 RESERVED CVE-2020-23245 RESERVED CVE-2020-23244 RESERVED CVE-2020-23243 RESERVED CVE-2020-23242 RESERVED CVE-2020-23241 RESERVED CVE-2020-23240 RESERVED CVE-2020-23239 RESERVED CVE-2020-23238 RESERVED CVE-2020-23237 RESERVED CVE-2020-23236 RESERVED CVE-2020-23235 RESERVED CVE-2020-23234 RESERVED CVE-2020-23233 RESERVED CVE-2020-23232 RESERVED CVE-2020-23231 RESERVED CVE-2020-23230 RESERVED CVE-2020-23229 RESERVED CVE-2020-23228 RESERVED CVE-2020-23227 RESERVED CVE-2020-23226 RESERVED CVE-2020-23225 RESERVED CVE-2020-23224 RESERVED CVE-2020-23223 RESERVED CVE-2020-23222 RESERVED CVE-2020-23221 RESERVED CVE-2020-23220 RESERVED CVE-2020-23219 RESERVED CVE-2020-23218 RESERVED CVE-2020-23217 RESERVED CVE-2020-23216 RESERVED CVE-2020-23215 RESERVED CVE-2020-23214 RESERVED CVE-2020-23213 RESERVED CVE-2020-23212 RESERVED CVE-2020-23211 RESERVED CVE-2020-23210 RESERVED CVE-2020-23209 RESERVED CVE-2020-23208 RESERVED CVE-2020-23207 RESERVED CVE-2020-23206 RESERVED CVE-2020-23205 RESERVED CVE-2020-23204 RESERVED CVE-2020-23203 RESERVED CVE-2020-23202 RESERVED CVE-2020-23201 RESERVED CVE-2020-23200 RESERVED CVE-2020-23199 RESERVED CVE-2020-23198 RESERVED CVE-2020-23197 RESERVED CVE-2020-23196 RESERVED CVE-2020-23195 RESERVED CVE-2020-23194 RESERVED CVE-2020-23193 RESERVED CVE-2020-23192 RESERVED CVE-2020-23191 RESERVED CVE-2020-23190 RESERVED CVE-2020-23189 RESERVED CVE-2020-23188 RESERVED CVE-2020-23187 RESERVED CVE-2020-23186 RESERVED CVE-2020-23185 RESERVED CVE-2020-23184 RESERVED CVE-2020-23183 RESERVED CVE-2020-23182 RESERVED CVE-2020-23181 RESERVED CVE-2020-23180 RESERVED CVE-2020-23179 RESERVED CVE-2020-23178 RESERVED CVE-2020-23177 RESERVED CVE-2020-23176 RESERVED CVE-2020-23175 RESERVED CVE-2020-23174 RESERVED CVE-2020-23173 RESERVED CVE-2020-23172 RESERVED CVE-2020-23171 RESERVED CVE-2020-23170 RESERVED CVE-2020-23169 RESERVED CVE-2020-23168 RESERVED CVE-2020-23167 RESERVED CVE-2020-23166 RESERVED CVE-2020-23165 RESERVED CVE-2020-23164 RESERVED CVE-2020-23163 RESERVED CVE-2020-23162 RESERVED CVE-2020-23161 RESERVED CVE-2020-23160 RESERVED CVE-2020-23159 RESERVED CVE-2020-23158 RESERVED CVE-2020-23157 RESERVED CVE-2020-23156 RESERVED CVE-2020-23155 RESERVED CVE-2020-23154 RESERVED CVE-2020-23153 RESERVED CVE-2020-23152 RESERVED CVE-2020-23151 RESERVED CVE-2020-23150 RESERVED CVE-2020-23149 RESERVED CVE-2020-23148 RESERVED CVE-2020-23147 RESERVED CVE-2020-23146 RESERVED CVE-2020-23145 RESERVED CVE-2020-23144 RESERVED CVE-2020-23143 RESERVED CVE-2020-23142 RESERVED CVE-2020-23141 RESERVED CVE-2020-23140 RESERVED CVE-2020-23139 RESERVED CVE-2020-23138 RESERVED CVE-2020-23137 RESERVED CVE-2020-23136 RESERVED CVE-2020-23135 RESERVED CVE-2020-23134 RESERVED CVE-2020-23133 RESERVED CVE-2020-23132 RESERVED CVE-2020-23131 RESERVED CVE-2020-23130 RESERVED CVE-2020-23129 RESERVED CVE-2020-23128 RESERVED CVE-2020-23127 RESERVED CVE-2020-23126 RESERVED CVE-2020-23125 RESERVED CVE-2020-23124 RESERVED CVE-2020-23123 RESERVED CVE-2020-23122 RESERVED CVE-2020-23121 RESERVED CVE-2020-23120 RESERVED CVE-2020-23119 RESERVED CVE-2020-23118 RESERVED CVE-2020-23117 RESERVED CVE-2020-23116 RESERVED CVE-2020-23115 RESERVED CVE-2020-23114 RESERVED CVE-2020-23113 RESERVED CVE-2020-23112 RESERVED CVE-2020-23111 RESERVED CVE-2020-23110 RESERVED CVE-2020-23109 RESERVED CVE-2020-23108 RESERVED CVE-2020-23107 RESERVED CVE-2020-23106 RESERVED CVE-2020-23105 RESERVED CVE-2020-23104 RESERVED CVE-2020-23103 RESERVED CVE-2020-23102 RESERVED CVE-2020-23101 RESERVED CVE-2020-23100 RESERVED CVE-2020-23099 RESERVED CVE-2020-23098 RESERVED CVE-2020-23097 RESERVED CVE-2020-23096 RESERVED CVE-2020-23095 RESERVED CVE-2020-23094 RESERVED CVE-2020-23093 RESERVED CVE-2020-23092 RESERVED CVE-2020-23091 RESERVED CVE-2020-23090 RESERVED CVE-2020-23089 RESERVED CVE-2020-23088 RESERVED CVE-2020-23087 RESERVED CVE-2020-23086 RESERVED CVE-2020-23085 RESERVED CVE-2020-23084 RESERVED CVE-2020-23083 RESERVED CVE-2020-23082 RESERVED CVE-2020-23081 RESERVED CVE-2020-23080 RESERVED CVE-2020-23079 RESERVED CVE-2020-23078 RESERVED CVE-2020-23077 RESERVED CVE-2020-23076 RESERVED CVE-2020-23075 RESERVED CVE-2020-23074 RESERVED CVE-2020-23073 RESERVED CVE-2020-23072 RESERVED CVE-2020-23071 RESERVED CVE-2020-23070 RESERVED CVE-2020-23069 RESERVED CVE-2020-23068 RESERVED CVE-2020-23067 RESERVED CVE-2020-23066 RESERVED CVE-2020-23065 RESERVED CVE-2020-23064 RESERVED CVE-2020-23063 RESERVED CVE-2020-23062 RESERVED CVE-2020-23061 RESERVED CVE-2020-23060 RESERVED CVE-2020-23059 RESERVED CVE-2020-23058 RESERVED CVE-2020-23057 RESERVED CVE-2020-23056 RESERVED CVE-2020-23055 RESERVED CVE-2020-23054 RESERVED CVE-2020-23053 RESERVED CVE-2020-23052 RESERVED CVE-2020-23051 RESERVED CVE-2020-23050 RESERVED CVE-2020-23049 RESERVED CVE-2020-23048 RESERVED CVE-2020-23047 RESERVED CVE-2020-23046 RESERVED CVE-2020-23045 RESERVED CVE-2020-23044 RESERVED CVE-2020-23043 RESERVED CVE-2020-23042 RESERVED CVE-2020-23041 RESERVED CVE-2020-23040 RESERVED CVE-2020-23039 RESERVED CVE-2020-23038 RESERVED CVE-2020-23037 RESERVED CVE-2020-23036 RESERVED CVE-2020-23035 RESERVED CVE-2020-23034 RESERVED CVE-2020-23033 RESERVED CVE-2020-23032 RESERVED CVE-2020-23031 RESERVED CVE-2020-23030 RESERVED CVE-2020-23029 RESERVED CVE-2020-23028 RESERVED CVE-2020-23027 RESERVED CVE-2020-23026 RESERVED CVE-2020-23025 RESERVED CVE-2020-23024 RESERVED CVE-2020-23023 RESERVED CVE-2020-23022 RESERVED CVE-2020-23021 RESERVED CVE-2020-23020 RESERVED CVE-2020-23019 RESERVED CVE-2020-23018 RESERVED CVE-2020-23017 RESERVED CVE-2020-23016 RESERVED CVE-2020-23015 RESERVED CVE-2020-23014 RESERVED CVE-2020-23013 RESERVED CVE-2020-23012 RESERVED CVE-2020-23011 RESERVED CVE-2020-23010 RESERVED CVE-2020-23009 RESERVED CVE-2020-23008 RESERVED CVE-2020-23007 RESERVED CVE-2020-23006 RESERVED CVE-2020-23005 RESERVED CVE-2020-23004 RESERVED CVE-2020-23003 RESERVED CVE-2020-23002 RESERVED CVE-2020-23001 RESERVED CVE-2020-23000 RESERVED CVE-2020-22999 RESERVED CVE-2020-22998 RESERVED CVE-2020-22997 RESERVED CVE-2020-22996 RESERVED CVE-2020-22995 RESERVED CVE-2020-22994 RESERVED CVE-2020-22993 RESERVED CVE-2020-22992 RESERVED CVE-2020-22991 RESERVED CVE-2020-22990 RESERVED CVE-2020-22989 RESERVED CVE-2020-22988 RESERVED CVE-2020-22987 RESERVED CVE-2020-22986 RESERVED CVE-2020-22985 RESERVED CVE-2020-22984 RESERVED CVE-2020-22983 RESERVED CVE-2020-22982 RESERVED CVE-2020-22981 RESERVED CVE-2020-22980 RESERVED CVE-2020-22979 RESERVED CVE-2020-22978 RESERVED CVE-2020-22977 RESERVED CVE-2020-22976 RESERVED CVE-2020-22975 RESERVED CVE-2020-22974 RESERVED CVE-2020-22973 RESERVED CVE-2020-22972 RESERVED CVE-2020-22971 RESERVED CVE-2020-22970 RESERVED CVE-2020-22969 RESERVED CVE-2020-22968 RESERVED CVE-2020-22967 RESERVED CVE-2020-22966 RESERVED CVE-2020-22965 RESERVED CVE-2020-22964 RESERVED CVE-2020-22963 RESERVED CVE-2020-22962 RESERVED CVE-2020-22961 RESERVED CVE-2020-22960 RESERVED CVE-2020-22959 RESERVED CVE-2020-22958 RESERVED CVE-2020-22957 RESERVED CVE-2020-22956 RESERVED CVE-2020-22955 RESERVED CVE-2020-22954 RESERVED CVE-2020-22953 RESERVED CVE-2020-22952 RESERVED CVE-2020-22951 RESERVED CVE-2020-22950 RESERVED CVE-2020-22949 RESERVED CVE-2020-22948 RESERVED CVE-2020-22947 RESERVED CVE-2020-22946 RESERVED CVE-2020-22945 RESERVED CVE-2020-22944 RESERVED CVE-2020-22943 RESERVED CVE-2020-22942 RESERVED CVE-2020-22941 RESERVED CVE-2020-22940 RESERVED CVE-2020-22939 RESERVED CVE-2020-22938 RESERVED CVE-2020-22937 RESERVED CVE-2020-22936 RESERVED CVE-2020-22935 RESERVED CVE-2020-22934 RESERVED CVE-2020-22933 RESERVED CVE-2020-22932 RESERVED CVE-2020-22931 RESERVED CVE-2020-22930 RESERVED CVE-2020-22929 RESERVED CVE-2020-22928 RESERVED CVE-2020-22927 RESERVED CVE-2020-22926 RESERVED CVE-2020-22925 RESERVED CVE-2020-22924 RESERVED CVE-2020-22923 RESERVED CVE-2020-22922 RESERVED CVE-2020-22921 RESERVED CVE-2020-22920 RESERVED CVE-2020-22919 RESERVED CVE-2020-22918 RESERVED CVE-2020-22917 RESERVED CVE-2020-22916 RESERVED CVE-2020-22915 RESERVED CVE-2020-22914 RESERVED CVE-2020-22913 RESERVED CVE-2020-22912 RESERVED CVE-2020-22911 RESERVED CVE-2020-22910 RESERVED CVE-2020-22909 RESERVED CVE-2020-22908 RESERVED CVE-2020-22907 RESERVED CVE-2020-22906 RESERVED CVE-2020-22905 RESERVED CVE-2020-22904 RESERVED CVE-2020-22903 RESERVED CVE-2020-22902 RESERVED CVE-2020-22901 RESERVED CVE-2020-22900 RESERVED CVE-2020-22899 RESERVED CVE-2020-22898 RESERVED CVE-2020-22897 RESERVED CVE-2020-22896 RESERVED CVE-2020-22895 RESERVED CVE-2020-22894 RESERVED CVE-2020-22893 RESERVED CVE-2020-22892 RESERVED CVE-2020-22891 RESERVED CVE-2020-22890 RESERVED CVE-2020-22889 RESERVED CVE-2020-22888 RESERVED CVE-2020-22887 RESERVED CVE-2020-22886 RESERVED CVE-2020-22885 RESERVED CVE-2020-22884 RESERVED CVE-2020-22883 RESERVED CVE-2020-22882 RESERVED CVE-2020-22881 RESERVED CVE-2020-22880 RESERVED CVE-2020-22879 RESERVED CVE-2020-22878 RESERVED CVE-2020-22877 RESERVED CVE-2020-22876 RESERVED CVE-2020-22875 RESERVED CVE-2020-22874 RESERVED CVE-2020-22873 RESERVED CVE-2020-22872 RESERVED CVE-2020-22871 RESERVED CVE-2020-22870 RESERVED CVE-2020-22869 RESERVED CVE-2020-22868 RESERVED CVE-2020-22867 RESERVED CVE-2020-22866 RESERVED CVE-2020-22865 RESERVED CVE-2020-22864 RESERVED CVE-2020-22863 RESERVED CVE-2020-22862 RESERVED CVE-2020-22861 RESERVED CVE-2020-22860 RESERVED CVE-2020-22859 RESERVED CVE-2020-22858 RESERVED CVE-2020-22857 RESERVED CVE-2020-22856 RESERVED CVE-2020-22855 RESERVED CVE-2020-22854 RESERVED CVE-2020-22853 RESERVED CVE-2020-22852 RESERVED CVE-2020-22851 RESERVED CVE-2020-22850 RESERVED CVE-2020-22849 RESERVED CVE-2020-22848 RESERVED CVE-2020-22847 RESERVED CVE-2020-22846 RESERVED CVE-2020-22845 RESERVED CVE-2020-22844 RESERVED CVE-2020-22843 RESERVED CVE-2020-22842 RESERVED CVE-2020-22841 RESERVED CVE-2020-22840 RESERVED CVE-2020-22839 RESERVED CVE-2020-22838 RESERVED CVE-2020-22837 RESERVED CVE-2020-22836 RESERVED CVE-2020-22835 RESERVED CVE-2020-22834 RESERVED CVE-2020-22833 RESERVED CVE-2020-22832 RESERVED CVE-2020-22831 RESERVED CVE-2020-22830 RESERVED CVE-2020-22829 RESERVED CVE-2020-22828 RESERVED CVE-2020-22827 RESERVED CVE-2020-22826 RESERVED CVE-2020-22825 RESERVED CVE-2020-22824 RESERVED CVE-2020-22823 RESERVED CVE-2020-22822 RESERVED CVE-2020-22821 RESERVED CVE-2020-22820 RESERVED CVE-2020-22819 RESERVED CVE-2020-22818 RESERVED CVE-2020-22817 RESERVED CVE-2020-22816 RESERVED CVE-2020-22815 RESERVED CVE-2020-22814 RESERVED CVE-2020-22813 RESERVED CVE-2020-22812 RESERVED CVE-2020-22811 RESERVED CVE-2020-22810 RESERVED CVE-2020-22809 RESERVED CVE-2020-22808 RESERVED CVE-2020-22807 RESERVED CVE-2020-22806 RESERVED CVE-2020-22805 RESERVED CVE-2020-22804 RESERVED CVE-2020-22803 RESERVED CVE-2020-22802 RESERVED CVE-2020-22801 RESERVED CVE-2020-22800 RESERVED CVE-2020-22799 RESERVED CVE-2020-22798 RESERVED CVE-2020-22797 RESERVED CVE-2020-22796 RESERVED CVE-2020-22795 RESERVED CVE-2020-22794 RESERVED CVE-2020-22793 RESERVED CVE-2020-22792 RESERVED CVE-2020-22791 RESERVED CVE-2020-22790 RESERVED CVE-2020-22789 RESERVED CVE-2020-22788 RESERVED CVE-2020-22787 RESERVED CVE-2020-22786 RESERVED CVE-2020-22785 RESERVED CVE-2020-22784 RESERVED CVE-2020-22783 RESERVED CVE-2020-22782 RESERVED CVE-2020-22781 RESERVED CVE-2020-22780 RESERVED CVE-2020-22779 RESERVED CVE-2020-22778 RESERVED CVE-2020-22777 RESERVED CVE-2020-22776 RESERVED CVE-2020-22775 RESERVED CVE-2020-22774 RESERVED CVE-2020-22773 RESERVED CVE-2020-22772 RESERVED CVE-2020-22771 RESERVED CVE-2020-22770 RESERVED CVE-2020-22769 RESERVED CVE-2020-22768 RESERVED CVE-2020-22767 RESERVED CVE-2020-22766 RESERVED CVE-2020-22765 RESERVED CVE-2020-22764 RESERVED CVE-2020-22763 RESERVED CVE-2020-22762 RESERVED CVE-2020-22761 RESERVED CVE-2020-22760 RESERVED CVE-2020-22759 RESERVED CVE-2020-22758 RESERVED CVE-2020-22757 RESERVED CVE-2020-22756 RESERVED CVE-2020-22755 RESERVED CVE-2020-22754 RESERVED CVE-2020-22753 RESERVED CVE-2020-22752 RESERVED CVE-2020-22751 RESERVED CVE-2020-22750 RESERVED CVE-2020-22749 RESERVED CVE-2020-22748 RESERVED CVE-2020-22747 RESERVED CVE-2020-22746 RESERVED CVE-2020-22745 RESERVED CVE-2020-22744 RESERVED CVE-2020-22743 RESERVED CVE-2020-22742 RESERVED CVE-2020-22741 RESERVED CVE-2020-22740 RESERVED CVE-2020-22739 RESERVED CVE-2020-22738 RESERVED CVE-2020-22737 RESERVED CVE-2020-22736 RESERVED CVE-2020-22735 RESERVED CVE-2020-22734 RESERVED CVE-2020-22733 RESERVED CVE-2020-22732 RESERVED CVE-2020-22731 RESERVED CVE-2020-22730 RESERVED CVE-2020-22729 RESERVED CVE-2020-22728 RESERVED CVE-2020-22727 RESERVED CVE-2020-22726 RESERVED CVE-2020-22725 RESERVED CVE-2020-22724 RESERVED CVE-2020-22723 RESERVED CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege ...) NOT-FOR-US: Rapid Software LLC Rapid SCADA CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8. ...) NOT-FOR-US: PNotes - Andrey Gruber PNotes.NET CVE-2020-22720 REJECTED CVE-2020-22719 RESERVED CVE-2020-22718 RESERVED CVE-2020-22717 RESERVED CVE-2020-22716 RESERVED CVE-2020-22715 RESERVED CVE-2020-22714 RESERVED CVE-2020-22713 RESERVED CVE-2020-22712 RESERVED CVE-2020-22711 RESERVED CVE-2020-22710 RESERVED CVE-2020-22709 RESERVED CVE-2020-22708 RESERVED CVE-2020-22707 RESERVED CVE-2020-22706 RESERVED CVE-2020-22705 RESERVED CVE-2020-22704 RESERVED CVE-2020-22703 RESERVED CVE-2020-22702 RESERVED CVE-2020-22701 RESERVED CVE-2020-22700 RESERVED CVE-2020-22699 RESERVED CVE-2020-22698 RESERVED CVE-2020-22697 RESERVED CVE-2020-22696 RESERVED CVE-2020-22695 RESERVED CVE-2020-22694 RESERVED CVE-2020-22693 RESERVED CVE-2020-22692 RESERVED CVE-2020-22691 RESERVED CVE-2020-22690 RESERVED CVE-2020-22689 RESERVED CVE-2020-22688 RESERVED CVE-2020-22687 RESERVED CVE-2020-22686 RESERVED CVE-2020-22685 RESERVED CVE-2020-22684 RESERVED CVE-2020-22683 RESERVED CVE-2020-22682 RESERVED CVE-2020-22681 RESERVED CVE-2020-22680 RESERVED CVE-2020-22679 RESERVED CVE-2020-22678 RESERVED CVE-2020-22677 RESERVED CVE-2020-22676 RESERVED CVE-2020-22675 RESERVED CVE-2020-22674 RESERVED CVE-2020-22673 RESERVED CVE-2020-22672 RESERVED CVE-2020-22671 RESERVED CVE-2020-22670 RESERVED CVE-2020-22669 RESERVED CVE-2020-22668 RESERVED CVE-2020-22667 RESERVED CVE-2020-22666 RESERVED CVE-2020-22665 RESERVED CVE-2020-22664 RESERVED CVE-2020-22663 RESERVED CVE-2020-22662 RESERVED CVE-2020-22661 RESERVED CVE-2020-22660 RESERVED CVE-2020-22659 RESERVED CVE-2020-22658 RESERVED CVE-2020-22657 RESERVED CVE-2020-22656 RESERVED CVE-2020-22655 RESERVED CVE-2020-22654 RESERVED CVE-2020-22653 RESERVED CVE-2020-22652 RESERVED CVE-2020-22651 RESERVED CVE-2020-22650 RESERVED CVE-2020-22649 RESERVED CVE-2020-22648 RESERVED CVE-2020-22647 RESERVED CVE-2020-22646 RESERVED CVE-2020-22645 RESERVED CVE-2020-22644 RESERVED CVE-2020-22643 RESERVED CVE-2020-22642 RESERVED CVE-2020-22641 RESERVED CVE-2020-22640 RESERVED CVE-2020-22639 RESERVED CVE-2020-22638 RESERVED CVE-2020-22637 RESERVED CVE-2020-22636 RESERVED CVE-2020-22635 RESERVED CVE-2020-22634 RESERVED CVE-2020-22633 RESERVED CVE-2020-22632 RESERVED CVE-2020-22631 RESERVED CVE-2020-22630 RESERVED CVE-2020-22629 RESERVED CVE-2020-22628 RESERVED CVE-2020-22627 RESERVED CVE-2020-22626 RESERVED CVE-2020-22625 RESERVED CVE-2020-22624 RESERVED CVE-2020-22623 RESERVED CVE-2020-22622 RESERVED CVE-2020-22621 RESERVED CVE-2020-22620 RESERVED CVE-2020-22619 RESERVED CVE-2020-22618 RESERVED CVE-2020-22617 RESERVED CVE-2020-22616 RESERVED CVE-2020-22615 RESERVED CVE-2020-22614 RESERVED CVE-2020-22613 RESERVED CVE-2020-22612 RESERVED CVE-2020-22611 RESERVED CVE-2020-22610 RESERVED CVE-2020-22609 RESERVED CVE-2020-22608 RESERVED CVE-2020-22607 RESERVED CVE-2020-22606 RESERVED CVE-2020-22605 RESERVED CVE-2020-22604 RESERVED CVE-2020-22603 RESERVED CVE-2020-22602 RESERVED CVE-2020-22601 RESERVED CVE-2020-22600 RESERVED CVE-2020-22599 RESERVED CVE-2020-22598 RESERVED CVE-2020-22597 RESERVED CVE-2020-22596 RESERVED CVE-2020-22595 RESERVED CVE-2020-22594 RESERVED CVE-2020-22593 RESERVED CVE-2020-22592 RESERVED CVE-2020-22591 RESERVED CVE-2020-22590 RESERVED CVE-2020-22589 RESERVED CVE-2020-22588 RESERVED CVE-2020-22587 RESERVED CVE-2020-22586 RESERVED CVE-2020-22585 RESERVED CVE-2020-22584 RESERVED CVE-2020-22583 RESERVED CVE-2020-22582 RESERVED CVE-2020-22581 RESERVED CVE-2020-22580 RESERVED CVE-2020-22579 RESERVED CVE-2020-22578 RESERVED CVE-2020-22577 RESERVED CVE-2020-22576 RESERVED CVE-2020-22575 RESERVED CVE-2020-22574 RESERVED CVE-2020-22573 RESERVED CVE-2020-22572 RESERVED CVE-2020-22571 RESERVED CVE-2020-22570 RESERVED CVE-2020-22569 RESERVED CVE-2020-22568 RESERVED CVE-2020-22567 RESERVED CVE-2020-22566 RESERVED CVE-2020-22565 RESERVED CVE-2020-22564 RESERVED CVE-2020-22563 RESERVED CVE-2020-22562 RESERVED CVE-2020-22561 RESERVED CVE-2020-22560 RESERVED CVE-2020-22559 RESERVED CVE-2020-22558 RESERVED CVE-2020-22557 RESERVED CVE-2020-22556 RESERVED CVE-2020-22555 RESERVED CVE-2020-22554 RESERVED CVE-2020-22553 RESERVED CVE-2020-22552 RESERVED CVE-2020-22551 RESERVED CVE-2020-22550 RESERVED CVE-2020-22549 RESERVED CVE-2020-22548 RESERVED CVE-2020-22547 RESERVED CVE-2020-22546 RESERVED CVE-2020-22545 RESERVED CVE-2020-22544 RESERVED CVE-2020-22543 RESERVED CVE-2020-22542 RESERVED CVE-2020-22541 RESERVED CVE-2020-22540 RESERVED CVE-2020-22539 RESERVED CVE-2020-22538 RESERVED CVE-2020-22537 RESERVED CVE-2020-22536 RESERVED CVE-2020-22535 RESERVED CVE-2020-22534 RESERVED CVE-2020-22533 RESERVED CVE-2020-22532 RESERVED CVE-2020-22531 RESERVED CVE-2020-22530 RESERVED CVE-2020-22529 RESERVED CVE-2020-22528 RESERVED CVE-2020-22527 RESERVED CVE-2020-22526 RESERVED CVE-2020-22525 RESERVED CVE-2020-22524 RESERVED CVE-2020-22523 RESERVED CVE-2020-22522 RESERVED CVE-2020-22521 RESERVED CVE-2020-22520 RESERVED CVE-2020-22519 RESERVED CVE-2020-22518 RESERVED CVE-2020-22517 RESERVED CVE-2020-22516 RESERVED CVE-2020-22515 RESERVED CVE-2020-22514 RESERVED CVE-2020-22513 RESERVED CVE-2020-22512 RESERVED CVE-2020-22511 RESERVED CVE-2020-22510 RESERVED CVE-2020-22509 RESERVED CVE-2020-22508 RESERVED CVE-2020-22507 RESERVED CVE-2020-22506 RESERVED CVE-2020-22505 RESERVED CVE-2020-22504 RESERVED CVE-2020-22503 RESERVED CVE-2020-22502 RESERVED CVE-2020-22501 RESERVED CVE-2020-22500 RESERVED CVE-2020-22499 RESERVED CVE-2020-22498 RESERVED CVE-2020-22497 RESERVED CVE-2020-22496 RESERVED CVE-2020-22495 RESERVED CVE-2020-22494 RESERVED CVE-2020-22493 RESERVED CVE-2020-22492 RESERVED CVE-2020-22491 RESERVED CVE-2020-22490 RESERVED CVE-2020-22489 RESERVED CVE-2020-22488 RESERVED CVE-2020-22487 RESERVED CVE-2020-22486 RESERVED CVE-2020-22485 RESERVED CVE-2020-22484 RESERVED CVE-2020-22483 RESERVED CVE-2020-22482 RESERVED CVE-2020-22481 RESERVED CVE-2020-22480 RESERVED CVE-2020-22479 RESERVED CVE-2020-22478 RESERVED CVE-2020-22477 RESERVED CVE-2020-22476 RESERVED CVE-2020-22475 RESERVED CVE-2020-22474 RESERVED CVE-2020-22473 RESERVED CVE-2020-22472 RESERVED CVE-2020-22471 RESERVED CVE-2020-22470 RESERVED CVE-2020-22469 RESERVED CVE-2020-22468 RESERVED CVE-2020-22467 RESERVED CVE-2020-22466 RESERVED CVE-2020-22465 RESERVED CVE-2020-22464 RESERVED CVE-2020-22463 RESERVED CVE-2020-22462 RESERVED CVE-2020-22461 RESERVED CVE-2020-22460 RESERVED CVE-2020-22459 RESERVED CVE-2020-22458 RESERVED CVE-2020-22457 RESERVED CVE-2020-22456 RESERVED CVE-2020-22455 RESERVED CVE-2020-22454 RESERVED CVE-2020-22453 RESERVED CVE-2020-22452 RESERVED CVE-2020-22451 RESERVED CVE-2020-22450 RESERVED CVE-2020-22449 RESERVED CVE-2020-22448 RESERVED CVE-2020-22447 RESERVED CVE-2020-22446 RESERVED CVE-2020-22445 RESERVED CVE-2020-22444 RESERVED CVE-2020-22443 RESERVED CVE-2020-22442 RESERVED CVE-2020-22441 RESERVED CVE-2020-22440 RESERVED CVE-2020-22439 RESERVED CVE-2020-22438 RESERVED CVE-2020-22437 RESERVED CVE-2020-22436 RESERVED CVE-2020-22435 RESERVED CVE-2020-22434 RESERVED CVE-2020-22433 RESERVED CVE-2020-22432 RESERVED CVE-2020-22431 RESERVED CVE-2020-22430 RESERVED CVE-2020-22429 RESERVED CVE-2020-22428 RESERVED CVE-2020-22427 RESERVED CVE-2020-22426 RESERVED CVE-2020-22425 RESERVED CVE-2020-22424 RESERVED CVE-2020-22423 RESERVED CVE-2020-22422 RESERVED CVE-2020-22421 RESERVED CVE-2020-22420 RESERVED CVE-2020-22419 RESERVED CVE-2020-22418 RESERVED CVE-2020-22417 RESERVED CVE-2020-22416 RESERVED CVE-2020-22415 RESERVED CVE-2020-22414 RESERVED CVE-2020-22413 RESERVED CVE-2020-22412 RESERVED CVE-2020-22411 RESERVED CVE-2020-22410 RESERVED CVE-2020-22409 RESERVED CVE-2020-22408 RESERVED CVE-2020-22407 RESERVED CVE-2020-22406 RESERVED CVE-2020-22405 RESERVED CVE-2020-22404 RESERVED CVE-2020-22403 RESERVED CVE-2020-22402 RESERVED CVE-2020-22401 RESERVED CVE-2020-22400 RESERVED CVE-2020-22399 RESERVED CVE-2020-22398 RESERVED CVE-2020-22397 RESERVED CVE-2020-22396 RESERVED CVE-2020-22395 RESERVED CVE-2020-22394 RESERVED CVE-2020-22393 RESERVED CVE-2020-22392 RESERVED CVE-2020-22391 RESERVED CVE-2020-22390 RESERVED CVE-2020-22389 RESERVED CVE-2020-22388 RESERVED CVE-2020-22387 RESERVED CVE-2020-22386 RESERVED CVE-2020-22385 RESERVED CVE-2020-22384 RESERVED CVE-2020-22383 RESERVED CVE-2020-22382 RESERVED CVE-2020-22381 RESERVED CVE-2020-22380 RESERVED CVE-2020-22379 RESERVED CVE-2020-22378 RESERVED CVE-2020-22377 RESERVED CVE-2020-22376 RESERVED CVE-2020-22375 RESERVED CVE-2020-22374 RESERVED CVE-2020-22373 RESERVED CVE-2020-22372 RESERVED CVE-2020-22371 RESERVED CVE-2020-22370 RESERVED CVE-2020-22369 RESERVED CVE-2020-22368 RESERVED CVE-2020-22367 RESERVED CVE-2020-22366 RESERVED CVE-2020-22365 RESERVED CVE-2020-22364 RESERVED CVE-2020-22363 RESERVED CVE-2020-22362 RESERVED CVE-2020-22361 RESERVED CVE-2020-22360 RESERVED CVE-2020-22359 RESERVED CVE-2020-22358 RESERVED CVE-2020-22357 RESERVED CVE-2020-22356 RESERVED CVE-2020-22355 RESERVED CVE-2020-22354 RESERVED CVE-2020-22353 RESERVED CVE-2020-22352 RESERVED CVE-2020-22351 RESERVED CVE-2020-22350 RESERVED CVE-2020-22349 RESERVED CVE-2020-22348 RESERVED CVE-2020-22347 RESERVED CVE-2020-22346 RESERVED CVE-2020-22345 RESERVED CVE-2020-22344 RESERVED CVE-2020-22343 RESERVED CVE-2020-22342 RESERVED CVE-2020-22341 RESERVED CVE-2020-22340 RESERVED CVE-2020-22339 RESERVED CVE-2020-22338 RESERVED CVE-2020-22337 RESERVED CVE-2020-22336 RESERVED CVE-2020-22335 RESERVED CVE-2020-22334 RESERVED CVE-2020-22333 RESERVED CVE-2020-22332 RESERVED CVE-2020-22331 RESERVED CVE-2020-22330 RESERVED CVE-2020-22329 RESERVED CVE-2020-22328 RESERVED CVE-2020-22327 RESERVED CVE-2020-22326 RESERVED CVE-2020-22325 RESERVED CVE-2020-22324 RESERVED CVE-2020-22323 RESERVED CVE-2020-22322 RESERVED CVE-2020-22321 RESERVED CVE-2020-22320 RESERVED CVE-2020-22319 RESERVED CVE-2020-22318 RESERVED CVE-2020-22317 RESERVED CVE-2020-22316 RESERVED CVE-2020-22315 RESERVED CVE-2020-22314 RESERVED CVE-2020-22313 RESERVED CVE-2020-22312 RESERVED CVE-2020-22311 RESERVED CVE-2020-22310 RESERVED CVE-2020-22309 RESERVED CVE-2020-22308 RESERVED CVE-2020-22307 RESERVED CVE-2020-22306 RESERVED CVE-2020-22305 RESERVED CVE-2020-22304 RESERVED CVE-2020-22303 RESERVED CVE-2020-22302 RESERVED CVE-2020-22301 RESERVED CVE-2020-22300 RESERVED CVE-2020-22299 RESERVED CVE-2020-22298 RESERVED CVE-2020-22297 RESERVED CVE-2020-22296 RESERVED CVE-2020-22295 RESERVED CVE-2020-22294 RESERVED CVE-2020-22293 RESERVED CVE-2020-22292 RESERVED CVE-2020-22291 RESERVED CVE-2020-22290 RESERVED CVE-2020-22289 RESERVED CVE-2020-22288 RESERVED CVE-2020-22287 RESERVED CVE-2020-22286 RESERVED CVE-2020-22285 RESERVED CVE-2020-22284 RESERVED CVE-2020-22283 RESERVED CVE-2020-22282 RESERVED CVE-2020-22281 RESERVED CVE-2020-22280 RESERVED CVE-2020-22279 RESERVED CVE-2020-22278 RESERVED CVE-2020-22277 RESERVED CVE-2020-22276 RESERVED CVE-2020-22275 RESERVED CVE-2020-22274 RESERVED CVE-2020-22273 RESERVED CVE-2020-22272 RESERVED CVE-2020-22271 RESERVED CVE-2020-22270 RESERVED CVE-2020-22269 RESERVED CVE-2020-22268 RESERVED CVE-2020-22267 RESERVED CVE-2020-22266 RESERVED CVE-2020-22265 RESERVED CVE-2020-22264 RESERVED CVE-2020-22263 RESERVED CVE-2020-22262 RESERVED CVE-2020-22261 RESERVED CVE-2020-22260 RESERVED CVE-2020-22259 RESERVED CVE-2020-22258 RESERVED CVE-2020-22257 RESERVED CVE-2020-22256 RESERVED CVE-2020-22255 RESERVED CVE-2020-22254 RESERVED CVE-2020-22253 RESERVED CVE-2020-22252 RESERVED CVE-2020-22251 RESERVED CVE-2020-22250 RESERVED CVE-2020-22249 RESERVED CVE-2020-22248 RESERVED CVE-2020-22247 RESERVED CVE-2020-22246 RESERVED CVE-2020-22245 RESERVED CVE-2020-22244 RESERVED CVE-2020-22243 RESERVED CVE-2020-22242 RESERVED CVE-2020-22241 RESERVED CVE-2020-22240 RESERVED CVE-2020-22239 RESERVED CVE-2020-22238 RESERVED CVE-2020-22237 RESERVED CVE-2020-22236 RESERVED CVE-2020-22235 RESERVED CVE-2020-22234 RESERVED CVE-2020-22233 RESERVED CVE-2020-22232 RESERVED CVE-2020-22231 RESERVED CVE-2020-22230 RESERVED CVE-2020-22229 RESERVED CVE-2020-22228 RESERVED CVE-2020-22227 RESERVED CVE-2020-22226 RESERVED CVE-2020-22225 RESERVED CVE-2020-22224 RESERVED CVE-2020-22223 RESERVED CVE-2020-22222 RESERVED CVE-2020-22221 RESERVED CVE-2020-22220 RESERVED CVE-2020-22219 RESERVED CVE-2020-22218 RESERVED CVE-2020-22217 RESERVED CVE-2020-22216 RESERVED CVE-2020-22215 RESERVED CVE-2020-22214 RESERVED CVE-2020-22213 RESERVED CVE-2020-22212 RESERVED CVE-2020-22211 RESERVED CVE-2020-22210 RESERVED CVE-2020-22209 RESERVED CVE-2020-22208 RESERVED CVE-2020-22207 RESERVED CVE-2020-22206 RESERVED CVE-2020-22205 RESERVED CVE-2020-22204 RESERVED CVE-2020-22203 RESERVED CVE-2020-22202 RESERVED CVE-2020-22201 RESERVED CVE-2020-22200 RESERVED CVE-2020-22199 RESERVED CVE-2020-22198 RESERVED CVE-2020-22197 RESERVED CVE-2020-22196 RESERVED CVE-2020-22195 RESERVED CVE-2020-22194 RESERVED CVE-2020-22193 RESERVED CVE-2020-22192 RESERVED CVE-2020-22191 RESERVED CVE-2020-22190 RESERVED CVE-2020-22189 RESERVED CVE-2020-22188 RESERVED CVE-2020-22187 RESERVED CVE-2020-22186 RESERVED CVE-2020-22185 RESERVED CVE-2020-22184 RESERVED CVE-2020-22183 RESERVED CVE-2020-22182 RESERVED CVE-2020-22181 RESERVED CVE-2020-22180 RESERVED CVE-2020-22179 RESERVED CVE-2020-22178 RESERVED CVE-2020-22177 RESERVED CVE-2020-22176 RESERVED CVE-2020-22175 RESERVED CVE-2020-22174 RESERVED CVE-2020-22173 RESERVED CVE-2020-22172 RESERVED CVE-2020-22171 RESERVED CVE-2020-22170 RESERVED CVE-2020-22169 RESERVED CVE-2020-22168 RESERVED CVE-2020-22167 RESERVED CVE-2020-22166 RESERVED CVE-2020-22165 RESERVED CVE-2020-22164 RESERVED CVE-2020-22163 RESERVED CVE-2020-22162 RESERVED CVE-2020-22161 RESERVED CVE-2020-22160 RESERVED CVE-2020-22159 RESERVED CVE-2020-22158 (Ericsson RX8200 5.13.3 devices are vulnerable to multiple reflected an ...) NOT-FOR-US: Ericsson RX8200 5.13.3 devices CVE-2020-22157 RESERVED CVE-2020-22156 RESERVED CVE-2020-22155 RESERVED CVE-2020-22154 RESERVED CVE-2020-22153 RESERVED CVE-2020-22152 RESERVED CVE-2020-22151 RESERVED CVE-2020-22150 RESERVED CVE-2020-22149 RESERVED CVE-2020-22148 RESERVED CVE-2020-22147 RESERVED CVE-2020-22146 RESERVED CVE-2020-22145 RESERVED CVE-2020-22144 RESERVED CVE-2020-22143 RESERVED CVE-2020-22142 RESERVED CVE-2020-22141 RESERVED CVE-2020-22140 RESERVED CVE-2020-22139 RESERVED CVE-2020-22138 RESERVED CVE-2020-22137 RESERVED CVE-2020-22136 RESERVED CVE-2020-22135 RESERVED CVE-2020-22134 RESERVED CVE-2020-22133 RESERVED CVE-2020-22132 RESERVED CVE-2020-22131 RESERVED CVE-2020-22130 RESERVED CVE-2020-22129 RESERVED CVE-2020-22128 RESERVED CVE-2020-22127 RESERVED CVE-2020-22126 RESERVED CVE-2020-22125 RESERVED CVE-2020-22124 RESERVED CVE-2020-22123 RESERVED CVE-2020-22122 RESERVED CVE-2020-22121 RESERVED CVE-2020-22120 RESERVED CVE-2020-22119 RESERVED CVE-2020-22118 RESERVED CVE-2020-22117 RESERVED CVE-2020-22116 RESERVED CVE-2020-22115 RESERVED CVE-2020-22114 RESERVED CVE-2020-22113 RESERVED CVE-2020-22112 RESERVED CVE-2020-22111 RESERVED CVE-2020-22110 RESERVED CVE-2020-22109 RESERVED CVE-2020-22108 RESERVED CVE-2020-22107 RESERVED CVE-2020-22106 RESERVED CVE-2020-22105 RESERVED CVE-2020-22104 RESERVED CVE-2020-22103 RESERVED CVE-2020-22102 RESERVED CVE-2020-22101 RESERVED CVE-2020-22100 RESERVED CVE-2020-22099 RESERVED CVE-2020-22098 RESERVED CVE-2020-22097 RESERVED CVE-2020-22096 RESERVED CVE-2020-22095 RESERVED CVE-2020-22094 RESERVED CVE-2020-22093 RESERVED CVE-2020-22092 RESERVED CVE-2020-22091 RESERVED CVE-2020-22090 RESERVED CVE-2020-22089 RESERVED CVE-2020-22088 RESERVED CVE-2020-22087 RESERVED CVE-2020-22086 RESERVED CVE-2020-22085 RESERVED CVE-2020-22084 RESERVED CVE-2020-22083 RESERVED CVE-2020-22082 RESERVED CVE-2020-22081 RESERVED CVE-2020-22080 RESERVED CVE-2020-22079 RESERVED CVE-2020-22078 RESERVED CVE-2020-22077 RESERVED CVE-2020-22076 RESERVED CVE-2020-22075 RESERVED CVE-2020-22074 RESERVED CVE-2020-22073 RESERVED CVE-2020-22072 RESERVED CVE-2020-22071 RESERVED CVE-2020-22070 RESERVED CVE-2020-22069 RESERVED CVE-2020-22068 RESERVED CVE-2020-22067 RESERVED CVE-2020-22066 RESERVED CVE-2020-22065 RESERVED CVE-2020-22064 RESERVED CVE-2020-22063 RESERVED CVE-2020-22062 RESERVED CVE-2020-22061 RESERVED CVE-2020-22060 RESERVED CVE-2020-22059 RESERVED CVE-2020-22058 RESERVED CVE-2020-22057 RESERVED CVE-2020-22056 RESERVED CVE-2020-22055 RESERVED CVE-2020-22054 RESERVED CVE-2020-22053 RESERVED CVE-2020-22052 RESERVED CVE-2020-22051 RESERVED CVE-2020-22050 RESERVED CVE-2020-22049 RESERVED CVE-2020-22048 RESERVED CVE-2020-22047 RESERVED CVE-2020-22046 RESERVED CVE-2020-22045 RESERVED CVE-2020-22044 RESERVED CVE-2020-22043 RESERVED CVE-2020-22042 RESERVED CVE-2020-22041 RESERVED CVE-2020-22040 RESERVED CVE-2020-22039 RESERVED CVE-2020-22038 RESERVED CVE-2020-22037 RESERVED CVE-2020-22036 RESERVED CVE-2020-22035 RESERVED CVE-2020-22034 RESERVED CVE-2020-22033 RESERVED CVE-2020-22032 RESERVED CVE-2020-22031 RESERVED CVE-2020-22030 RESERVED CVE-2020-22029 RESERVED CVE-2020-22028 RESERVED CVE-2020-22027 RESERVED CVE-2020-22026 RESERVED CVE-2020-22025 RESERVED CVE-2020-22024 RESERVED CVE-2020-22023 RESERVED CVE-2020-22022 RESERVED CVE-2020-22021 RESERVED CVE-2020-22020 RESERVED CVE-2020-22019 RESERVED CVE-2020-22018 RESERVED CVE-2020-22017 RESERVED CVE-2020-22016 RESERVED CVE-2020-22015 RESERVED CVE-2020-22014 RESERVED CVE-2020-22013 RESERVED CVE-2020-22012 RESERVED CVE-2020-22011 RESERVED CVE-2020-22010 RESERVED CVE-2020-22009 RESERVED CVE-2020-22008 RESERVED CVE-2020-22007 RESERVED CVE-2020-22006 RESERVED CVE-2020-22005 RESERVED CVE-2020-22004 RESERVED CVE-2020-22003 RESERVED CVE-2020-22002 RESERVED CVE-2020-22001 RESERVED CVE-2020-22000 RESERVED CVE-2020-21999 RESERVED CVE-2020-21998 RESERVED CVE-2020-21997 RESERVED CVE-2020-21996 RESERVED CVE-2020-21995 RESERVED CVE-2020-21994 RESERVED CVE-2020-21993 RESERVED CVE-2020-21992 RESERVED CVE-2020-21991 RESERVED CVE-2020-21990 RESERVED CVE-2020-21989 RESERVED CVE-2020-21988 RESERVED CVE-2020-21987 RESERVED CVE-2020-21986 RESERVED CVE-2020-21985 RESERVED CVE-2020-21984 RESERVED CVE-2020-21983 RESERVED CVE-2020-21982 RESERVED CVE-2020-21981 RESERVED CVE-2020-21980 RESERVED CVE-2020-21979 RESERVED CVE-2020-21978 RESERVED CVE-2020-21977 RESERVED CVE-2020-21976 RESERVED CVE-2020-21975 RESERVED CVE-2020-21974 RESERVED CVE-2020-21973 RESERVED CVE-2020-21972 RESERVED CVE-2020-21971 RESERVED CVE-2020-21970 RESERVED CVE-2020-21969 RESERVED CVE-2020-21968 RESERVED CVE-2020-21967 RESERVED CVE-2020-21966 RESERVED CVE-2020-21965 RESERVED CVE-2020-21964 RESERVED CVE-2020-21963 RESERVED CVE-2020-21962 RESERVED CVE-2020-21961 RESERVED CVE-2020-21960 RESERVED CVE-2020-21959 RESERVED CVE-2020-21958 RESERVED CVE-2020-21957 RESERVED CVE-2020-21956 RESERVED CVE-2020-21955 RESERVED CVE-2020-21954 RESERVED CVE-2020-21953 RESERVED CVE-2020-21952 RESERVED CVE-2020-21951 RESERVED CVE-2020-21950 RESERVED CVE-2020-21949 RESERVED CVE-2020-21948 RESERVED CVE-2020-21947 RESERVED CVE-2020-21946 RESERVED CVE-2020-21945 RESERVED CVE-2020-21944 RESERVED CVE-2020-21943 RESERVED CVE-2020-21942 RESERVED CVE-2020-21941 RESERVED CVE-2020-21940 RESERVED CVE-2020-21939 RESERVED CVE-2020-21938 RESERVED CVE-2020-21937 RESERVED CVE-2020-21936 RESERVED CVE-2020-21935 RESERVED CVE-2020-21934 RESERVED CVE-2020-21933 RESERVED CVE-2020-21932 RESERVED CVE-2020-21931 RESERVED CVE-2020-21930 RESERVED CVE-2020-21929 RESERVED CVE-2020-21928 RESERVED CVE-2020-21927 RESERVED CVE-2020-21926 RESERVED CVE-2020-21925 RESERVED CVE-2020-21924 RESERVED CVE-2020-21923 RESERVED CVE-2020-21922 RESERVED CVE-2020-21921 RESERVED CVE-2020-21920 RESERVED CVE-2020-21919 RESERVED CVE-2020-21918 RESERVED CVE-2020-21917 RESERVED CVE-2020-21916 RESERVED CVE-2020-21915 RESERVED CVE-2020-21914 RESERVED CVE-2020-21913 RESERVED CVE-2020-21912 RESERVED CVE-2020-21911 RESERVED CVE-2020-21910 RESERVED CVE-2020-21909 RESERVED CVE-2020-21908 RESERVED CVE-2020-21907 RESERVED CVE-2020-21906 RESERVED CVE-2020-21905 RESERVED CVE-2020-21904 RESERVED CVE-2020-21903 RESERVED CVE-2020-21902 RESERVED CVE-2020-21901 RESERVED CVE-2020-21900 RESERVED CVE-2020-21899 RESERVED CVE-2020-21898 RESERVED CVE-2020-21897 RESERVED CVE-2020-21896 RESERVED CVE-2020-21895 RESERVED CVE-2020-21894 RESERVED CVE-2020-21893 RESERVED CVE-2020-21892 RESERVED CVE-2020-21891 RESERVED CVE-2020-21890 RESERVED CVE-2020-21889 RESERVED CVE-2020-21888 RESERVED CVE-2020-21887 RESERVED CVE-2020-21886 RESERVED CVE-2020-21885 RESERVED CVE-2020-21884 RESERVED CVE-2020-21883 RESERVED CVE-2020-21882 RESERVED CVE-2020-21881 RESERVED CVE-2020-21880 RESERVED CVE-2020-21879 RESERVED CVE-2020-21878 RESERVED CVE-2020-21877 RESERVED CVE-2020-21876 RESERVED CVE-2020-21875 RESERVED CVE-2020-21874 RESERVED CVE-2020-21873 RESERVED CVE-2020-21872 RESERVED CVE-2020-21871 RESERVED CVE-2020-21870 RESERVED CVE-2020-21869 RESERVED CVE-2020-21868 RESERVED CVE-2020-21867 RESERVED CVE-2020-21866 RESERVED CVE-2020-21865 RESERVED CVE-2020-21864 RESERVED CVE-2020-21863 RESERVED CVE-2020-21862 RESERVED CVE-2020-21861 RESERVED CVE-2020-21860 RESERVED CVE-2020-21859 RESERVED CVE-2020-21858 RESERVED CVE-2020-21857 RESERVED CVE-2020-21856 RESERVED CVE-2020-21855 RESERVED CVE-2020-21854 RESERVED CVE-2020-21853 RESERVED CVE-2020-21852 RESERVED CVE-2020-21851 RESERVED CVE-2020-21850 RESERVED CVE-2020-21849 RESERVED CVE-2020-21848 RESERVED CVE-2020-21847 RESERVED CVE-2020-21846 RESERVED CVE-2020-21845 (Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage u ...) NOT-FOR-US: Codoforum CVE-2020-21844 RESERVED CVE-2020-21843 RESERVED CVE-2020-21842 RESERVED CVE-2020-21841 RESERVED CVE-2020-21840 RESERVED CVE-2020-21839 RESERVED CVE-2020-21838 RESERVED CVE-2020-21837 RESERVED CVE-2020-21836 RESERVED CVE-2020-21835 RESERVED CVE-2020-21834 RESERVED CVE-2020-21833 RESERVED CVE-2020-21832 RESERVED CVE-2020-21831 RESERVED CVE-2020-21830 RESERVED CVE-2020-21829 RESERVED CVE-2020-21828 RESERVED CVE-2020-21827 RESERVED CVE-2020-21826 RESERVED CVE-2020-21825 RESERVED CVE-2020-21824 RESERVED CVE-2020-21823 RESERVED CVE-2020-21822 RESERVED CVE-2020-21821 RESERVED CVE-2020-21820 RESERVED CVE-2020-21819 RESERVED CVE-2020-21818 RESERVED CVE-2020-21817 RESERVED CVE-2020-21816 RESERVED CVE-2020-21815 RESERVED CVE-2020-21814 RESERVED CVE-2020-21813 RESERVED CVE-2020-21812 RESERVED CVE-2020-21811 RESERVED CVE-2020-21810 RESERVED CVE-2020-21809 RESERVED CVE-2020-21808 RESERVED CVE-2020-21807 RESERVED CVE-2020-21806 RESERVED CVE-2020-21805 RESERVED CVE-2020-21804 RESERVED CVE-2020-21803 RESERVED CVE-2020-21802 RESERVED CVE-2020-21801 RESERVED CVE-2020-21800 RESERVED CVE-2020-21799 RESERVED CVE-2020-21798 RESERVED CVE-2020-21797 RESERVED CVE-2020-21796 RESERVED CVE-2020-21795 RESERVED CVE-2020-21794 RESERVED CVE-2020-21793 RESERVED CVE-2020-21792 RESERVED CVE-2020-21791 RESERVED CVE-2020-21790 RESERVED CVE-2020-21789 RESERVED CVE-2020-21788 RESERVED CVE-2020-21787 RESERVED CVE-2020-21786 RESERVED CVE-2020-21785 RESERVED CVE-2020-21784 RESERVED CVE-2020-21783 RESERVED CVE-2020-21782 RESERVED CVE-2020-21781 RESERVED CVE-2020-21780 RESERVED CVE-2020-21779 RESERVED CVE-2020-21778 RESERVED CVE-2020-21777 RESERVED CVE-2020-21776 RESERVED CVE-2020-21775 RESERVED CVE-2020-21774 RESERVED CVE-2020-21773 RESERVED CVE-2020-21772 RESERVED CVE-2020-21771 RESERVED CVE-2020-21770 RESERVED CVE-2020-21769 RESERVED CVE-2020-21768 RESERVED CVE-2020-21767 RESERVED CVE-2020-21766 RESERVED CVE-2020-21765 RESERVED CVE-2020-21764 RESERVED CVE-2020-21763 RESERVED CVE-2020-21762 RESERVED CVE-2020-21761 RESERVED CVE-2020-21760 RESERVED CVE-2020-21759 RESERVED CVE-2020-21758 RESERVED CVE-2020-21757 RESERVED CVE-2020-21756 RESERVED CVE-2020-21755 RESERVED CVE-2020-21754 RESERVED CVE-2020-21753 RESERVED CVE-2020-21752 RESERVED CVE-2020-21751 RESERVED CVE-2020-21750 RESERVED CVE-2020-21749 RESERVED CVE-2020-21748 RESERVED CVE-2020-21747 RESERVED CVE-2020-21746 RESERVED CVE-2020-21745 RESERVED CVE-2020-21744 RESERVED CVE-2020-21743 RESERVED CVE-2020-21742 RESERVED CVE-2020-21741 RESERVED CVE-2020-21740 RESERVED CVE-2020-21739 RESERVED CVE-2020-21738 RESERVED CVE-2020-21737 RESERVED CVE-2020-21736 RESERVED CVE-2020-21735 RESERVED CVE-2020-21734 RESERVED CVE-2020-21733 (Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdn ...) NOT-FOR-US: Sagemcom F@ST3686 CVE-2020-21732 (Rukovoditel Project Management app 2.6 is affected by: Cross Site Scri ...) NOT-FOR-US: Rukovoditel Project Management app CVE-2020-21731 (Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.1 ...) NOT-FOR-US: Gazie CVE-2020-21730 RESERVED CVE-2020-21729 RESERVED CVE-2020-21728 RESERVED CVE-2020-21727 RESERVED CVE-2020-21726 RESERVED CVE-2020-21725 RESERVED CVE-2020-21724 RESERVED CVE-2020-21723 RESERVED CVE-2020-21722 RESERVED CVE-2020-21721 RESERVED CVE-2020-21720 RESERVED CVE-2020-21719 RESERVED CVE-2020-21718 RESERVED CVE-2020-21717 RESERVED CVE-2020-21716 RESERVED CVE-2020-21715 RESERVED CVE-2020-21714 RESERVED CVE-2020-21713 RESERVED CVE-2020-21712 RESERVED CVE-2020-21711 RESERVED CVE-2020-21710 RESERVED CVE-2020-21709 RESERVED CVE-2020-21708 RESERVED CVE-2020-21707 RESERVED CVE-2020-21706 RESERVED CVE-2020-21705 RESERVED CVE-2020-21704 RESERVED CVE-2020-21703 RESERVED CVE-2020-21702 RESERVED CVE-2020-21701 RESERVED CVE-2020-21700 RESERVED CVE-2020-21699 RESERVED CVE-2020-21698 RESERVED CVE-2020-21697 RESERVED CVE-2020-21696 RESERVED CVE-2020-21695 RESERVED CVE-2020-21694 RESERVED CVE-2020-21693 RESERVED CVE-2020-21692 RESERVED CVE-2020-21691 RESERVED CVE-2020-21690 RESERVED CVE-2020-21689 RESERVED CVE-2020-21688 RESERVED CVE-2020-21687 RESERVED CVE-2020-21686 RESERVED CVE-2020-21685 RESERVED CVE-2020-21684 RESERVED CVE-2020-21683 RESERVED CVE-2020-21682 RESERVED CVE-2020-21681 RESERVED CVE-2020-21680 RESERVED CVE-2020-21679 RESERVED CVE-2020-21678 RESERVED CVE-2020-21677 RESERVED CVE-2020-21676 RESERVED CVE-2020-21675 RESERVED CVE-2020-21674 RESERVED CVE-2020-21673 RESERVED CVE-2020-21672 RESERVED CVE-2020-21671 RESERVED CVE-2020-21670 RESERVED CVE-2020-21669 RESERVED CVE-2020-21668 RESERVED CVE-2020-21667 RESERVED CVE-2020-21666 RESERVED CVE-2020-21665 RESERVED CVE-2020-21664 RESERVED CVE-2020-21663 RESERVED CVE-2020-21662 RESERVED CVE-2020-21661 RESERVED CVE-2020-21660 RESERVED CVE-2020-21659 RESERVED CVE-2020-21658 RESERVED CVE-2020-21657 RESERVED CVE-2020-21656 RESERVED CVE-2020-21655 RESERVED CVE-2020-21654 RESERVED CVE-2020-21653 RESERVED CVE-2020-21652 RESERVED CVE-2020-21651 RESERVED CVE-2020-21650 RESERVED CVE-2020-21649 RESERVED CVE-2020-21648 RESERVED CVE-2020-21647 RESERVED CVE-2020-21646 RESERVED CVE-2020-21645 RESERVED CVE-2020-21644 RESERVED CVE-2020-21643 RESERVED CVE-2020-21642 RESERVED CVE-2020-21641 RESERVED CVE-2020-21640 RESERVED CVE-2020-21639 RESERVED CVE-2020-21638 RESERVED CVE-2020-21637 RESERVED CVE-2020-21636 RESERVED CVE-2020-21635 RESERVED CVE-2020-21634 RESERVED CVE-2020-21633 RESERVED CVE-2020-21632 RESERVED CVE-2020-21631 RESERVED CVE-2020-21630 RESERVED CVE-2020-21629 RESERVED CVE-2020-21628 RESERVED CVE-2020-21627 RESERVED CVE-2020-21626 RESERVED CVE-2020-21625 RESERVED CVE-2020-21624 RESERVED CVE-2020-21623 RESERVED CVE-2020-21622 RESERVED CVE-2020-21621 RESERVED CVE-2020-21620 RESERVED CVE-2020-21619 RESERVED CVE-2020-21618 RESERVED CVE-2020-21617 RESERVED CVE-2020-21616 RESERVED CVE-2020-21615 RESERVED CVE-2020-21614 RESERVED CVE-2020-21613 RESERVED CVE-2020-21612 RESERVED CVE-2020-21611 RESERVED CVE-2020-21610 RESERVED CVE-2020-21609 RESERVED CVE-2020-21608 RESERVED CVE-2020-21607 RESERVED CVE-2020-21606 RESERVED CVE-2020-21605 RESERVED CVE-2020-21604 RESERVED CVE-2020-21603 RESERVED CVE-2020-21602 RESERVED CVE-2020-21601 RESERVED CVE-2020-21600 RESERVED CVE-2020-21599 RESERVED CVE-2020-21598 RESERVED CVE-2020-21597 RESERVED CVE-2020-21596 RESERVED CVE-2020-21595 RESERVED CVE-2020-21594 RESERVED CVE-2020-21593 RESERVED CVE-2020-21592 RESERVED CVE-2020-21591 RESERVED CVE-2020-21590 RESERVED CVE-2020-21589 RESERVED CVE-2020-21588 RESERVED CVE-2020-21587 RESERVED CVE-2020-21586 RESERVED CVE-2020-21585 RESERVED CVE-2020-21584 RESERVED CVE-2020-21583 RESERVED CVE-2020-21582 RESERVED CVE-2020-21581 RESERVED CVE-2020-21580 RESERVED CVE-2020-21579 RESERVED CVE-2020-21578 RESERVED CVE-2020-21577 RESERVED CVE-2020-21576 RESERVED CVE-2020-21575 RESERVED CVE-2020-21574 RESERVED CVE-2020-21573 RESERVED CVE-2020-21572 RESERVED CVE-2020-21571 RESERVED CVE-2020-21570 RESERVED CVE-2020-21569 RESERVED CVE-2020-21568 RESERVED CVE-2020-21567 RESERVED CVE-2020-21566 RESERVED CVE-2020-21565 RESERVED CVE-2020-21564 RESERVED CVE-2020-21563 RESERVED CVE-2020-21562 RESERVED CVE-2020-21561 RESERVED CVE-2020-21560 RESERVED CVE-2020-21559 RESERVED CVE-2020-21558 RESERVED CVE-2020-21557 RESERVED CVE-2020-21556 RESERVED CVE-2020-21555 RESERVED CVE-2020-21554 RESERVED CVE-2020-21553 RESERVED CVE-2020-21552 RESERVED CVE-2020-21551 RESERVED CVE-2020-21550 RESERVED CVE-2020-21549 RESERVED CVE-2020-21548 RESERVED CVE-2020-21547 RESERVED CVE-2020-21546 RESERVED CVE-2020-21545 RESERVED CVE-2020-21544 RESERVED CVE-2020-21543 RESERVED CVE-2020-21542 RESERVED CVE-2020-21541 RESERVED CVE-2020-21540 RESERVED CVE-2020-21539 RESERVED CVE-2020-21538 RESERVED CVE-2020-21537 RESERVED CVE-2020-21536 RESERVED CVE-2020-21535 RESERVED CVE-2020-21534 RESERVED CVE-2020-21533 RESERVED CVE-2020-21532 RESERVED CVE-2020-21531 RESERVED CVE-2020-21530 RESERVED CVE-2020-21529 RESERVED CVE-2020-21528 RESERVED CVE-2020-21527 RESERVED CVE-2020-21526 RESERVED CVE-2020-21525 RESERVED CVE-2020-21524 RESERVED CVE-2020-21523 RESERVED CVE-2020-21522 RESERVED CVE-2020-21521 RESERVED CVE-2020-21520 RESERVED CVE-2020-21519 RESERVED CVE-2020-21518 RESERVED CVE-2020-21517 RESERVED CVE-2020-21516 RESERVED CVE-2020-21515 RESERVED CVE-2020-21514 RESERVED CVE-2020-21513 RESERVED CVE-2020-21512 RESERVED CVE-2020-21511 RESERVED CVE-2020-21510 RESERVED CVE-2020-21509 RESERVED CVE-2020-21508 RESERVED CVE-2020-21507 RESERVED CVE-2020-21506 RESERVED CVE-2020-21505 RESERVED CVE-2020-21504 RESERVED CVE-2020-21503 RESERVED CVE-2020-21502 RESERVED CVE-2020-21501 RESERVED CVE-2020-21500 RESERVED CVE-2020-21499 RESERVED CVE-2020-21498 RESERVED CVE-2020-21497 RESERVED CVE-2020-21496 RESERVED CVE-2020-21495 RESERVED CVE-2020-21494 RESERVED CVE-2020-21493 RESERVED CVE-2020-21492 RESERVED CVE-2020-21491 RESERVED CVE-2020-21490 RESERVED CVE-2020-21489 RESERVED CVE-2020-21488 RESERVED CVE-2020-21487 RESERVED CVE-2020-21486 RESERVED CVE-2020-21485 RESERVED CVE-2020-21484 RESERVED CVE-2020-21483 RESERVED CVE-2020-21482 RESERVED CVE-2020-21481 RESERVED CVE-2020-21480 RESERVED CVE-2020-21479 RESERVED CVE-2020-21478 RESERVED CVE-2020-21477 RESERVED CVE-2020-21476 RESERVED CVE-2020-21475 RESERVED CVE-2020-21474 RESERVED CVE-2020-21473 RESERVED CVE-2020-21472 RESERVED CVE-2020-21471 RESERVED CVE-2020-21470 RESERVED CVE-2020-21469 RESERVED CVE-2020-21468 RESERVED CVE-2020-21467 RESERVED CVE-2020-21466 RESERVED CVE-2020-21465 RESERVED CVE-2020-21464 RESERVED CVE-2020-21463 RESERVED CVE-2020-21462 RESERVED CVE-2020-21461 RESERVED CVE-2020-21460 RESERVED CVE-2020-21459 RESERVED CVE-2020-21458 RESERVED CVE-2020-21457 RESERVED CVE-2020-21456 RESERVED CVE-2020-21455 RESERVED CVE-2020-21454 RESERVED CVE-2020-21453 RESERVED CVE-2020-21452 RESERVED CVE-2020-21451 RESERVED CVE-2020-21450 RESERVED CVE-2020-21449 RESERVED CVE-2020-21448 RESERVED CVE-2020-21447 RESERVED CVE-2020-21446 RESERVED CVE-2020-21445 RESERVED CVE-2020-21444 RESERVED CVE-2020-21443 RESERVED CVE-2020-21442 RESERVED CVE-2020-21441 RESERVED CVE-2020-21440 RESERVED CVE-2020-21439 RESERVED CVE-2020-21438 RESERVED CVE-2020-21437 RESERVED CVE-2020-21436 RESERVED CVE-2020-21435 RESERVED CVE-2020-21434 RESERVED CVE-2020-21433 RESERVED CVE-2020-21432 RESERVED CVE-2020-21431 RESERVED CVE-2020-21430 RESERVED CVE-2020-21429 RESERVED CVE-2020-21428 RESERVED CVE-2020-21427 RESERVED CVE-2020-21426 RESERVED CVE-2020-21425 RESERVED CVE-2020-21424 RESERVED CVE-2020-21423 RESERVED CVE-2020-21422 RESERVED CVE-2020-21421 RESERVED CVE-2020-21420 RESERVED CVE-2020-21419 RESERVED CVE-2020-21418 RESERVED CVE-2020-21417 RESERVED CVE-2020-21416 RESERVED CVE-2020-21415 RESERVED CVE-2020-21414 RESERVED CVE-2020-21413 RESERVED CVE-2020-21412 RESERVED CVE-2020-21411 RESERVED CVE-2020-21410 RESERVED CVE-2020-21409 RESERVED CVE-2020-21408 RESERVED CVE-2020-21407 RESERVED CVE-2020-21406 RESERVED CVE-2020-21405 RESERVED CVE-2020-21404 RESERVED CVE-2020-21403 RESERVED CVE-2020-21402 RESERVED CVE-2020-21401 RESERVED CVE-2020-21400 RESERVED CVE-2020-21399 RESERVED CVE-2020-21398 RESERVED CVE-2020-21397 RESERVED CVE-2020-21396 RESERVED CVE-2020-21395 RESERVED CVE-2020-21394 RESERVED CVE-2020-21393 RESERVED CVE-2020-21392 RESERVED CVE-2020-21391 RESERVED CVE-2020-21390 RESERVED CVE-2020-21389 RESERVED CVE-2020-21388 RESERVED CVE-2020-21387 RESERVED CVE-2020-21386 RESERVED CVE-2020-21385 RESERVED CVE-2020-21384 RESERVED CVE-2020-21383 RESERVED CVE-2020-21382 RESERVED CVE-2020-21381 RESERVED CVE-2020-21380 RESERVED CVE-2020-21379 RESERVED CVE-2020-21378 RESERVED CVE-2020-21377 RESERVED CVE-2020-21376 RESERVED CVE-2020-21375 RESERVED CVE-2020-21374 RESERVED CVE-2020-21373 RESERVED CVE-2020-21372 RESERVED CVE-2020-21371 RESERVED CVE-2020-21370 RESERVED CVE-2020-21369 RESERVED CVE-2020-21368 RESERVED CVE-2020-21367 RESERVED CVE-2020-21366 RESERVED CVE-2020-21365 RESERVED CVE-2020-21364 RESERVED CVE-2020-21363 RESERVED CVE-2020-21362 RESERVED CVE-2020-21361 RESERVED CVE-2020-21360 RESERVED CVE-2020-21359 RESERVED CVE-2020-21358 RESERVED CVE-2020-21357 RESERVED CVE-2020-21356 RESERVED CVE-2020-21355 RESERVED CVE-2020-21354 RESERVED CVE-2020-21353 RESERVED CVE-2020-21352 RESERVED CVE-2020-21351 RESERVED CVE-2020-21350 RESERVED CVE-2020-21349 RESERVED CVE-2020-21348 RESERVED CVE-2020-21347 RESERVED CVE-2020-21346 RESERVED CVE-2020-21345 RESERVED CVE-2020-21344 RESERVED CVE-2020-21343 RESERVED CVE-2020-21342 RESERVED CVE-2020-21341 RESERVED CVE-2020-21340 RESERVED CVE-2020-21339 RESERVED CVE-2020-21338 RESERVED CVE-2020-21337 RESERVED CVE-2020-21336 RESERVED CVE-2020-21335 RESERVED CVE-2020-21334 RESERVED CVE-2020-21333 RESERVED CVE-2020-21332 RESERVED CVE-2020-21331 RESERVED CVE-2020-21330 RESERVED CVE-2020-21329 RESERVED CVE-2020-21328 RESERVED CVE-2020-21327 RESERVED CVE-2020-21326 RESERVED CVE-2020-21325 RESERVED CVE-2020-21324 RESERVED CVE-2020-21323 RESERVED CVE-2020-21322 RESERVED CVE-2020-21321 RESERVED CVE-2020-21320 RESERVED CVE-2020-21319 RESERVED CVE-2020-21318 RESERVED CVE-2020-21317 RESERVED CVE-2020-21316 RESERVED CVE-2020-21315 RESERVED CVE-2020-21314 RESERVED CVE-2020-21313 RESERVED CVE-2020-21312 RESERVED CVE-2020-21311 RESERVED CVE-2020-21310 RESERVED CVE-2020-21309 RESERVED CVE-2020-21308 RESERVED CVE-2020-21307 RESERVED CVE-2020-21306 RESERVED CVE-2020-21305 RESERVED CVE-2020-21304 RESERVED CVE-2020-21303 RESERVED CVE-2020-21302 RESERVED CVE-2020-21301 RESERVED CVE-2020-21300 RESERVED CVE-2020-21299 RESERVED CVE-2020-21298 RESERVED CVE-2020-21297 RESERVED CVE-2020-21296 RESERVED CVE-2020-21295 RESERVED CVE-2020-21294 RESERVED CVE-2020-21293 RESERVED CVE-2020-21292 RESERVED CVE-2020-21291 RESERVED CVE-2020-21290 RESERVED CVE-2020-21289 RESERVED CVE-2020-21288 RESERVED CVE-2020-21287 RESERVED CVE-2020-21286 RESERVED CVE-2020-21285 RESERVED CVE-2020-21284 RESERVED CVE-2020-21283 RESERVED CVE-2020-21282 RESERVED CVE-2020-21281 RESERVED CVE-2020-21280 RESERVED CVE-2020-21279 RESERVED CVE-2020-21278 RESERVED CVE-2020-21277 RESERVED CVE-2020-21276 RESERVED CVE-2020-21275 RESERVED CVE-2020-21274 RESERVED CVE-2020-21273 RESERVED CVE-2020-21272 RESERVED CVE-2020-21271 RESERVED CVE-2020-21270 RESERVED CVE-2020-21269 RESERVED CVE-2020-21268 RESERVED CVE-2020-21267 RESERVED CVE-2020-21266 RESERVED CVE-2020-21265 RESERVED CVE-2020-21264 RESERVED CVE-2020-21263 RESERVED CVE-2020-21262 RESERVED CVE-2020-21261 RESERVED CVE-2020-21260 RESERVED CVE-2020-21259 RESERVED CVE-2020-21258 RESERVED CVE-2020-21257 RESERVED CVE-2020-21256 RESERVED CVE-2020-21255 RESERVED CVE-2020-21254 RESERVED CVE-2020-21253 RESERVED CVE-2020-21252 RESERVED CVE-2020-21251 RESERVED CVE-2020-21250 RESERVED CVE-2020-21249 RESERVED CVE-2020-21248 RESERVED CVE-2020-21247 RESERVED CVE-2020-21246 RESERVED CVE-2020-21245 RESERVED CVE-2020-21244 RESERVED CVE-2020-21243 RESERVED CVE-2020-21242 RESERVED CVE-2020-21241 RESERVED CVE-2020-21240 RESERVED CVE-2020-21239 RESERVED CVE-2020-21238 RESERVED CVE-2020-21237 RESERVED CVE-2020-21236 RESERVED CVE-2020-21235 RESERVED CVE-2020-21234 RESERVED CVE-2020-21233 RESERVED CVE-2020-21232 RESERVED CVE-2020-21231 RESERVED CVE-2020-21230 RESERVED CVE-2020-21229 RESERVED CVE-2020-21228 RESERVED CVE-2020-21227 RESERVED CVE-2020-21226 RESERVED CVE-2020-21225 RESERVED CVE-2020-21224 RESERVED CVE-2020-21223 RESERVED CVE-2020-21222 RESERVED CVE-2020-21221 RESERVED CVE-2020-21220 RESERVED CVE-2020-21219 RESERVED CVE-2020-21218 RESERVED CVE-2020-21217 RESERVED CVE-2020-21216 RESERVED CVE-2020-21215 RESERVED CVE-2020-21214 RESERVED CVE-2020-21213 RESERVED CVE-2020-21212 RESERVED CVE-2020-21211 RESERVED CVE-2020-21210 RESERVED CVE-2020-21209 RESERVED CVE-2020-21208 RESERVED CVE-2020-21207 RESERVED CVE-2020-21206 RESERVED CVE-2020-21205 RESERVED CVE-2020-21204 RESERVED CVE-2020-21203 RESERVED CVE-2020-21202 RESERVED CVE-2020-21201 RESERVED CVE-2020-21200 RESERVED CVE-2020-21199 RESERVED CVE-2020-21198 RESERVED CVE-2020-21197 RESERVED CVE-2020-21196 RESERVED CVE-2020-21195 RESERVED CVE-2020-21194 RESERVED CVE-2020-21193 RESERVED CVE-2020-21192 RESERVED CVE-2020-21191 RESERVED CVE-2020-21190 RESERVED CVE-2020-21189 RESERVED CVE-2020-21188 RESERVED CVE-2020-21187 RESERVED CVE-2020-21186 RESERVED CVE-2020-21185 RESERVED CVE-2020-21184 RESERVED CVE-2020-21183 RESERVED CVE-2020-21182 RESERVED CVE-2020-21181 RESERVED CVE-2020-21180 RESERVED CVE-2020-21179 RESERVED CVE-2020-21178 RESERVED CVE-2020-21177 RESERVED CVE-2020-21176 RESERVED CVE-2020-21175 RESERVED CVE-2020-21174 RESERVED CVE-2020-21173 RESERVED CVE-2020-21172 RESERVED CVE-2020-21171 RESERVED CVE-2020-21170 RESERVED CVE-2020-21169 RESERVED CVE-2020-21168 RESERVED CVE-2020-21167 RESERVED CVE-2020-21166 RESERVED CVE-2020-21165 RESERVED CVE-2020-21164 RESERVED CVE-2020-21163 RESERVED CVE-2020-21162 RESERVED CVE-2020-21161 RESERVED CVE-2020-21160 RESERVED CVE-2020-21159 RESERVED CVE-2020-21158 RESERVED CVE-2020-21157 RESERVED CVE-2020-21156 RESERVED CVE-2020-21155 RESERVED CVE-2020-21154 RESERVED CVE-2020-21153 RESERVED CVE-2020-21152 RESERVED CVE-2020-21151 RESERVED CVE-2020-21150 RESERVED CVE-2020-21149 RESERVED CVE-2020-21148 RESERVED CVE-2020-21147 RESERVED CVE-2020-21146 RESERVED CVE-2020-21145 RESERVED CVE-2020-21144 RESERVED CVE-2020-21143 RESERVED CVE-2020-21142 RESERVED CVE-2020-21141 RESERVED CVE-2020-21140 RESERVED CVE-2020-21139 RESERVED CVE-2020-21138 RESERVED CVE-2020-21137 RESERVED CVE-2020-21136 RESERVED CVE-2020-21135 RESERVED CVE-2020-21134 RESERVED CVE-2020-21133 RESERVED CVE-2020-21132 RESERVED CVE-2020-21131 RESERVED CVE-2020-21130 RESERVED CVE-2020-21129 RESERVED CVE-2020-21128 RESERVED CVE-2020-21127 RESERVED CVE-2020-21126 RESERVED CVE-2020-21125 RESERVED CVE-2020-21124 RESERVED CVE-2020-21123 RESERVED CVE-2020-21122 RESERVED CVE-2020-21121 RESERVED CVE-2020-21120 RESERVED CVE-2020-21119 RESERVED CVE-2020-21118 RESERVED CVE-2020-21117 RESERVED CVE-2020-21116 RESERVED CVE-2020-21115 RESERVED CVE-2020-21114 RESERVED CVE-2020-21113 RESERVED CVE-2020-21112 RESERVED CVE-2020-21111 RESERVED CVE-2020-21110 RESERVED CVE-2020-21109 RESERVED CVE-2020-21108 RESERVED CVE-2020-21107 RESERVED CVE-2020-21106 RESERVED CVE-2020-21105 RESERVED CVE-2020-21104 RESERVED CVE-2020-21103 RESERVED CVE-2020-21102 RESERVED CVE-2020-21101 RESERVED CVE-2020-21100 RESERVED CVE-2020-21099 RESERVED CVE-2020-21098 RESERVED CVE-2020-21097 RESERVED CVE-2020-21096 RESERVED CVE-2020-21095 RESERVED CVE-2020-21094 RESERVED CVE-2020-21093 RESERVED CVE-2020-21092 RESERVED CVE-2020-21091 RESERVED CVE-2020-21090 RESERVED CVE-2020-21089 RESERVED CVE-2020-21088 RESERVED CVE-2020-21087 RESERVED CVE-2020-21086 RESERVED CVE-2020-21085 RESERVED CVE-2020-21084 RESERVED CVE-2020-21083 RESERVED CVE-2020-21082 RESERVED CVE-2020-21081 RESERVED CVE-2020-21080 RESERVED CVE-2020-21079 RESERVED CVE-2020-21078 RESERVED CVE-2020-21077 RESERVED CVE-2020-21076 RESERVED CVE-2020-21075 RESERVED CVE-2020-21074 RESERVED CVE-2020-21073 RESERVED CVE-2020-21072 RESERVED CVE-2020-21071 RESERVED CVE-2020-21070 RESERVED CVE-2020-21069 RESERVED CVE-2020-21068 RESERVED CVE-2020-21067 RESERVED CVE-2020-21066 RESERVED CVE-2020-21065 RESERVED CVE-2020-21064 RESERVED CVE-2020-21063 RESERVED CVE-2020-21062 RESERVED CVE-2020-21061 RESERVED CVE-2020-21060 RESERVED CVE-2020-21059 RESERVED CVE-2020-21058 RESERVED CVE-2020-21057 RESERVED CVE-2020-21056 RESERVED CVE-2020-21055 RESERVED CVE-2020-21054 RESERVED CVE-2020-21053 RESERVED CVE-2020-21052 RESERVED CVE-2020-21051 RESERVED CVE-2020-21050 RESERVED CVE-2020-21049 RESERVED CVE-2020-21048 RESERVED CVE-2020-21047 RESERVED CVE-2020-21046 RESERVED CVE-2020-21045 RESERVED CVE-2020-21044 RESERVED CVE-2020-21043 RESERVED CVE-2020-21042 RESERVED CVE-2020-21041 RESERVED CVE-2020-21040 RESERVED CVE-2020-21039 RESERVED CVE-2020-21038 RESERVED CVE-2020-21037 RESERVED CVE-2020-21036 RESERVED CVE-2020-21035 RESERVED CVE-2020-21034 RESERVED CVE-2020-21033 RESERVED CVE-2020-21032 RESERVED CVE-2020-21031 RESERVED CVE-2020-21030 RESERVED CVE-2020-21029 RESERVED CVE-2020-21028 RESERVED CVE-2020-21027 RESERVED CVE-2020-21026 RESERVED CVE-2020-21025 RESERVED CVE-2020-21024 RESERVED CVE-2020-21023 RESERVED CVE-2020-21022 RESERVED CVE-2020-21021 RESERVED CVE-2020-21020 RESERVED CVE-2020-21019 RESERVED CVE-2020-21018 RESERVED CVE-2020-21017 RESERVED CVE-2020-21016 RESERVED CVE-2020-21015 RESERVED CVE-2020-21014 RESERVED CVE-2020-21013 RESERVED CVE-2020-21012 RESERVED CVE-2020-21011 RESERVED CVE-2020-21010 RESERVED CVE-2020-21009 RESERVED CVE-2020-21008 RESERVED CVE-2020-21007 RESERVED CVE-2020-21006 RESERVED CVE-2020-21005 RESERVED CVE-2020-21004 RESERVED CVE-2020-21003 RESERVED CVE-2020-21002 RESERVED CVE-2020-21001 RESERVED CVE-2020-21000 RESERVED CVE-2020-20999 RESERVED CVE-2020-20998 RESERVED CVE-2020-20997 RESERVED CVE-2020-20996 RESERVED CVE-2020-20995 RESERVED CVE-2020-20994 RESERVED CVE-2020-20993 RESERVED CVE-2020-20992 RESERVED CVE-2020-20991 RESERVED CVE-2020-20990 RESERVED CVE-2020-20989 RESERVED CVE-2020-20988 RESERVED CVE-2020-20987 RESERVED CVE-2020-20986 RESERVED CVE-2020-20985 RESERVED CVE-2020-20984 RESERVED CVE-2020-20983 RESERVED CVE-2020-20982 RESERVED CVE-2020-20981 RESERVED CVE-2020-20980 RESERVED CVE-2020-20979 RESERVED CVE-2020-20978 RESERVED CVE-2020-20977 RESERVED CVE-2020-20976 RESERVED CVE-2020-20975 RESERVED CVE-2020-20974 RESERVED CVE-2020-20973 RESERVED CVE-2020-20972 RESERVED CVE-2020-20971 RESERVED CVE-2020-20970 RESERVED CVE-2020-20969 RESERVED CVE-2020-20968 RESERVED CVE-2020-20967 RESERVED CVE-2020-20966 RESERVED CVE-2020-20965 RESERVED CVE-2020-20964 RESERVED CVE-2020-20963 RESERVED CVE-2020-20962 RESERVED CVE-2020-20961 RESERVED CVE-2020-20960 RESERVED CVE-2020-20959 RESERVED CVE-2020-20958 RESERVED CVE-2020-20957 RESERVED CVE-2020-20956 RESERVED CVE-2020-20955 RESERVED CVE-2020-20954 RESERVED CVE-2020-20953 RESERVED CVE-2020-20952 RESERVED CVE-2020-20951 RESERVED CVE-2020-20950 RESERVED CVE-2020-20949 RESERVED CVE-2020-20948 RESERVED CVE-2020-20947 RESERVED CVE-2020-20946 RESERVED CVE-2020-20945 RESERVED CVE-2020-20944 RESERVED CVE-2020-20943 RESERVED CVE-2020-20942 RESERVED CVE-2020-20941 RESERVED CVE-2020-20940 RESERVED CVE-2020-20939 RESERVED CVE-2020-20938 RESERVED CVE-2020-20937 RESERVED CVE-2020-20936 RESERVED CVE-2020-20935 RESERVED CVE-2020-20934 RESERVED CVE-2020-20933 RESERVED CVE-2020-20932 RESERVED CVE-2020-20931 RESERVED CVE-2020-20930 RESERVED CVE-2020-20929 RESERVED CVE-2020-20928 RESERVED CVE-2020-20927 RESERVED CVE-2020-20926 RESERVED CVE-2020-20925 RESERVED CVE-2020-20924 RESERVED CVE-2020-20923 RESERVED CVE-2020-20922 RESERVED CVE-2020-20921 RESERVED CVE-2020-20920 RESERVED CVE-2020-20919 RESERVED CVE-2020-20918 RESERVED CVE-2020-20917 RESERVED CVE-2020-20916 RESERVED CVE-2020-20915 RESERVED CVE-2020-20914 RESERVED CVE-2020-20913 RESERVED CVE-2020-20912 RESERVED CVE-2020-20911 RESERVED CVE-2020-20910 RESERVED CVE-2020-20909 RESERVED CVE-2020-20908 RESERVED CVE-2020-20907 RESERVED CVE-2020-20906 RESERVED CVE-2020-20905 RESERVED CVE-2020-20904 RESERVED CVE-2020-20903 RESERVED CVE-2020-20902 RESERVED CVE-2020-20901 RESERVED CVE-2020-20900 RESERVED CVE-2020-20899 RESERVED CVE-2020-20898 RESERVED CVE-2020-20897 RESERVED CVE-2020-20896 RESERVED CVE-2020-20895 RESERVED CVE-2020-20894 RESERVED CVE-2020-20893 RESERVED CVE-2020-20892 RESERVED CVE-2020-20891 RESERVED CVE-2020-20890 RESERVED CVE-2020-20889 RESERVED CVE-2020-20888 RESERVED CVE-2020-20887 RESERVED CVE-2020-20886 RESERVED CVE-2020-20885 RESERVED CVE-2020-20884 RESERVED CVE-2020-20883 RESERVED CVE-2020-20882 RESERVED CVE-2020-20881 RESERVED CVE-2020-20880 RESERVED CVE-2020-20879 RESERVED CVE-2020-20878 RESERVED CVE-2020-20877 RESERVED CVE-2020-20876 RESERVED CVE-2020-20875 RESERVED CVE-2020-20874 RESERVED CVE-2020-20873 RESERVED CVE-2020-20872 RESERVED CVE-2020-20871 RESERVED CVE-2020-20870 RESERVED CVE-2020-20869 RESERVED CVE-2020-20868 RESERVED CVE-2020-20867 RESERVED CVE-2020-20866 RESERVED CVE-2020-20865 RESERVED CVE-2020-20864 RESERVED CVE-2020-20863 RESERVED CVE-2020-20862 RESERVED CVE-2020-20861 RESERVED CVE-2020-20860 RESERVED CVE-2020-20859 RESERVED CVE-2020-20858 RESERVED CVE-2020-20857 RESERVED CVE-2020-20856 RESERVED CVE-2020-20855 RESERVED CVE-2020-20854 RESERVED CVE-2020-20853 RESERVED CVE-2020-20852 RESERVED CVE-2020-20851 RESERVED CVE-2020-20850 RESERVED CVE-2020-20849 RESERVED CVE-2020-20848 RESERVED CVE-2020-20847 RESERVED CVE-2020-20846 RESERVED CVE-2020-20845 RESERVED CVE-2020-20844 RESERVED CVE-2020-20843 RESERVED CVE-2020-20842 RESERVED CVE-2020-20841 RESERVED CVE-2020-20840 RESERVED CVE-2020-20839 RESERVED CVE-2020-20838 RESERVED CVE-2020-20837 RESERVED CVE-2020-20836 RESERVED CVE-2020-20835 RESERVED CVE-2020-20834 RESERVED CVE-2020-20833 RESERVED CVE-2020-20832 RESERVED CVE-2020-20831 RESERVED CVE-2020-20830 RESERVED CVE-2020-20829 RESERVED CVE-2020-20828 RESERVED CVE-2020-20827 RESERVED CVE-2020-20826 RESERVED CVE-2020-20825 RESERVED CVE-2020-20824 RESERVED CVE-2020-20823 RESERVED CVE-2020-20822 RESERVED CVE-2020-20821 RESERVED CVE-2020-20820 RESERVED CVE-2020-20819 RESERVED CVE-2020-20818 RESERVED CVE-2020-20817 RESERVED CVE-2020-20816 RESERVED CVE-2020-20815 RESERVED CVE-2020-20814 RESERVED CVE-2020-20813 RESERVED CVE-2020-20812 RESERVED CVE-2020-20811 RESERVED CVE-2020-20810 RESERVED CVE-2020-20809 RESERVED CVE-2020-20808 RESERVED CVE-2020-20807 RESERVED CVE-2020-20806 RESERVED CVE-2020-20805 RESERVED CVE-2020-20804 RESERVED CVE-2020-20803 RESERVED CVE-2020-20802 RESERVED CVE-2020-20801 RESERVED CVE-2020-20800 RESERVED CVE-2020-20799 RESERVED CVE-2020-20798 RESERVED CVE-2020-20797 RESERVED CVE-2020-20796 RESERVED CVE-2020-20795 RESERVED CVE-2020-20794 RESERVED CVE-2020-20793 RESERVED CVE-2020-20792 RESERVED CVE-2020-20791 RESERVED CVE-2020-20790 RESERVED CVE-2020-20789 RESERVED CVE-2020-20788 RESERVED CVE-2020-20787 RESERVED CVE-2020-20786 RESERVED CVE-2020-20785 RESERVED CVE-2020-20784 RESERVED CVE-2020-20783 RESERVED CVE-2020-20782 RESERVED CVE-2020-20781 RESERVED CVE-2020-20780 RESERVED CVE-2020-20779 RESERVED CVE-2020-20778 RESERVED CVE-2020-20777 RESERVED CVE-2020-20776 RESERVED CVE-2020-20775 RESERVED CVE-2020-20774 RESERVED CVE-2020-20773 RESERVED CVE-2020-20772 RESERVED CVE-2020-20771 RESERVED CVE-2020-20770 RESERVED CVE-2020-20769 RESERVED CVE-2020-20768 RESERVED CVE-2020-20767 RESERVED CVE-2020-20766 RESERVED CVE-2020-20765 RESERVED CVE-2020-20764 RESERVED CVE-2020-20763 RESERVED CVE-2020-20762 RESERVED CVE-2020-20761 RESERVED CVE-2020-20760 RESERVED CVE-2020-20759 RESERVED CVE-2020-20758 RESERVED CVE-2020-20757 RESERVED CVE-2020-20756 RESERVED CVE-2020-20755 RESERVED CVE-2020-20754 RESERVED CVE-2020-20753 RESERVED CVE-2020-20752 RESERVED CVE-2020-20751 RESERVED CVE-2020-20750 RESERVED CVE-2020-20749 RESERVED CVE-2020-20748 RESERVED CVE-2020-20747 RESERVED CVE-2020-20746 RESERVED CVE-2020-20745 RESERVED CVE-2020-20744 RESERVED CVE-2020-20743 RESERVED CVE-2020-20742 RESERVED CVE-2020-20741 RESERVED CVE-2020-20740 RESERVED CVE-2020-20739 RESERVED CVE-2020-20738 RESERVED CVE-2020-20737 RESERVED CVE-2020-20736 RESERVED CVE-2020-20735 RESERVED CVE-2020-20734 RESERVED CVE-2020-20733 RESERVED CVE-2020-20732 RESERVED CVE-2020-20731 RESERVED CVE-2020-20730 RESERVED CVE-2020-20729 RESERVED CVE-2020-20728 RESERVED CVE-2020-20727 RESERVED CVE-2020-20726 RESERVED CVE-2020-20725 RESERVED CVE-2020-20724 RESERVED CVE-2020-20723 RESERVED CVE-2020-20722 RESERVED CVE-2020-20721 RESERVED CVE-2020-20720 RESERVED CVE-2020-20719 RESERVED CVE-2020-20718 RESERVED CVE-2020-20717 RESERVED CVE-2020-20716 RESERVED CVE-2020-20715 RESERVED CVE-2020-20714 RESERVED CVE-2020-20713 RESERVED CVE-2020-20712 RESERVED CVE-2020-20711 RESERVED CVE-2020-20710 RESERVED CVE-2020-20709 RESERVED CVE-2020-20708 RESERVED CVE-2020-20707 RESERVED CVE-2020-20706 RESERVED CVE-2020-20705 RESERVED CVE-2020-20704 RESERVED CVE-2020-20703 RESERVED CVE-2020-20702 RESERVED CVE-2020-20701 RESERVED CVE-2020-20700 RESERVED CVE-2020-20699 RESERVED CVE-2020-20698 RESERVED CVE-2020-20697 RESERVED CVE-2020-20696 RESERVED CVE-2020-20695 RESERVED CVE-2020-20694 RESERVED CVE-2020-20693 RESERVED CVE-2020-20692 RESERVED CVE-2020-20691 RESERVED CVE-2020-20690 RESERVED CVE-2020-20689 RESERVED CVE-2020-20688 RESERVED CVE-2020-20687 RESERVED CVE-2020-20686 RESERVED CVE-2020-20685 RESERVED CVE-2020-20684 RESERVED CVE-2020-20683 RESERVED CVE-2020-20682 RESERVED CVE-2020-20681 RESERVED CVE-2020-20680 RESERVED CVE-2020-20679 RESERVED CVE-2020-20678 RESERVED CVE-2020-20677 RESERVED CVE-2020-20676 RESERVED CVE-2020-20675 RESERVED CVE-2020-20674 RESERVED CVE-2020-20673 RESERVED CVE-2020-20672 RESERVED CVE-2020-20671 RESERVED CVE-2020-20670 RESERVED CVE-2020-20669 RESERVED CVE-2020-20668 RESERVED CVE-2020-20667 RESERVED CVE-2020-20666 RESERVED CVE-2020-20665 RESERVED CVE-2020-20664 RESERVED CVE-2020-20663 RESERVED CVE-2020-20662 RESERVED CVE-2020-20661 RESERVED CVE-2020-20660 RESERVED CVE-2020-20659 RESERVED CVE-2020-20658 RESERVED CVE-2020-20657 RESERVED CVE-2020-20656 RESERVED CVE-2020-20655 RESERVED CVE-2020-20654 RESERVED CVE-2020-20653 RESERVED CVE-2020-20652 RESERVED CVE-2020-20651 RESERVED CVE-2020-20650 RESERVED CVE-2020-20649 RESERVED CVE-2020-20648 RESERVED CVE-2020-20647 RESERVED CVE-2020-20646 RESERVED CVE-2020-20645 RESERVED CVE-2020-20644 RESERVED CVE-2020-20643 RESERVED CVE-2020-20642 RESERVED CVE-2020-20641 RESERVED CVE-2020-20640 RESERVED CVE-2020-20639 RESERVED CVE-2020-20638 RESERVED CVE-2020-20637 RESERVED CVE-2020-20636 RESERVED CVE-2020-20635 RESERVED CVE-2020-20634 (Elementor 2.9.5 and below WordPress plugin allows authenticated users ...) NOT-FOR-US: Wordpress plugin CVE-2020-20633 (ajax_policy_generator in admin/modules/cli-policy-generator/classes/cl ...) NOT-FOR-US: Wordpress plugin CVE-2020-20632 RESERVED CVE-2020-20631 RESERVED CVE-2020-20630 RESERVED CVE-2020-20629 RESERVED CVE-2020-20628 (controller/controller-comments.php in WP GDPR plugin through 2.1.1 has ...) NOT-FOR-US: WP GDPR plugin CVE-2020-20627 (The includes/gateways/stripe/includes/admin/admin-actions.php in GiveW ...) NOT-FOR-US: includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin for WordPress CVE-2020-20626 (lara-google-analytics.php in Lara Google Analytics plugin through 2.0. ...) NOT-FOR-US: Lara Google Analytics plugin for WordPress CVE-2020-20625 (Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthen ...) NOT-FOR-US: Sliced Invoices plugin for WordPress CVE-2020-20624 RESERVED CVE-2020-20623 RESERVED CVE-2020-20622 RESERVED CVE-2020-20621 RESERVED CVE-2020-20620 RESERVED CVE-2020-20619 RESERVED CVE-2020-20618 RESERVED CVE-2020-20617 RESERVED CVE-2020-20616 RESERVED CVE-2020-20615 RESERVED CVE-2020-20614 RESERVED CVE-2020-20613 RESERVED CVE-2020-20612 RESERVED CVE-2020-20611 RESERVED CVE-2020-20610 RESERVED CVE-2020-20609 RESERVED CVE-2020-20608 RESERVED CVE-2020-20607 RESERVED CVE-2020-20606 RESERVED CVE-2020-20605 RESERVED CVE-2020-20604 RESERVED CVE-2020-20603 RESERVED CVE-2020-20602 RESERVED CVE-2020-20601 RESERVED CVE-2020-20600 RESERVED CVE-2020-20599 RESERVED CVE-2020-20598 RESERVED CVE-2020-20597 RESERVED CVE-2020-20596 RESERVED CVE-2020-20595 RESERVED CVE-2020-20594 RESERVED CVE-2020-20593 RESERVED CVE-2020-20592 RESERVED CVE-2020-20591 RESERVED CVE-2020-20590 RESERVED CVE-2020-20589 RESERVED CVE-2020-20588 RESERVED CVE-2020-20587 RESERVED CVE-2020-20586 RESERVED CVE-2020-20585 RESERVED CVE-2020-20584 RESERVED CVE-2020-20583 RESERVED CVE-2020-20582 RESERVED CVE-2020-20581 RESERVED CVE-2020-20580 RESERVED CVE-2020-20579 RESERVED CVE-2020-20578 RESERVED CVE-2020-20577 RESERVED CVE-2020-20576 RESERVED CVE-2020-20575 RESERVED CVE-2020-20574 RESERVED CVE-2020-20573 RESERVED CVE-2020-20572 RESERVED CVE-2020-20571 RESERVED CVE-2020-20570 RESERVED CVE-2020-20569 RESERVED CVE-2020-20568 RESERVED CVE-2020-20567 RESERVED CVE-2020-20566 RESERVED CVE-2020-20565 RESERVED CVE-2020-20564 RESERVED CVE-2020-20563 RESERVED CVE-2020-20562 RESERVED CVE-2020-20561 RESERVED CVE-2020-20560 RESERVED CVE-2020-20559 RESERVED CVE-2020-20558 RESERVED CVE-2020-20557 RESERVED CVE-2020-20556 RESERVED CVE-2020-20555 RESERVED CVE-2020-20554 RESERVED CVE-2020-20553 RESERVED CVE-2020-20552 RESERVED CVE-2020-20551 RESERVED CVE-2020-20550 RESERVED CVE-2020-20549 RESERVED CVE-2020-20548 RESERVED CVE-2020-20547 RESERVED CVE-2020-20546 RESERVED CVE-2020-20545 RESERVED CVE-2020-20544 RESERVED CVE-2020-20543 RESERVED CVE-2020-20542 RESERVED CVE-2020-20541 RESERVED CVE-2020-20540 RESERVED CVE-2020-20539 RESERVED CVE-2020-20538 RESERVED CVE-2020-20537 RESERVED CVE-2020-20536 RESERVED CVE-2020-20535 RESERVED CVE-2020-20534 RESERVED CVE-2020-20533 RESERVED CVE-2020-20532 RESERVED CVE-2020-20531 RESERVED CVE-2020-20530 RESERVED CVE-2020-20529 RESERVED CVE-2020-20528 RESERVED CVE-2020-20527 RESERVED CVE-2020-20526 RESERVED CVE-2020-20525 RESERVED CVE-2020-20524 RESERVED CVE-2020-20523 RESERVED CVE-2020-20522 RESERVED CVE-2020-20521 RESERVED CVE-2020-20520 RESERVED CVE-2020-20519 RESERVED CVE-2020-20518 RESERVED CVE-2020-20517 RESERVED CVE-2020-20516 RESERVED CVE-2020-20515 RESERVED CVE-2020-20514 RESERVED CVE-2020-20513 RESERVED CVE-2020-20512 RESERVED CVE-2020-20511 RESERVED CVE-2020-20510 RESERVED CVE-2020-20509 RESERVED CVE-2020-20508 RESERVED CVE-2020-20507 RESERVED CVE-2020-20506 RESERVED CVE-2020-20505 RESERVED CVE-2020-20504 RESERVED CVE-2020-20503 RESERVED CVE-2020-20502 RESERVED CVE-2020-20501 RESERVED CVE-2020-20500 RESERVED CVE-2020-20499 RESERVED CVE-2020-20498 RESERVED CVE-2020-20497 RESERVED CVE-2020-20496 RESERVED CVE-2020-20495 RESERVED CVE-2020-20494 RESERVED CVE-2020-20493 RESERVED CVE-2020-20492 RESERVED CVE-2020-20491 RESERVED CVE-2020-20490 RESERVED CVE-2020-20489 RESERVED CVE-2020-20488 RESERVED CVE-2020-20487 RESERVED CVE-2020-20486 RESERVED CVE-2020-20485 RESERVED CVE-2020-20484 RESERVED CVE-2020-20483 RESERVED CVE-2020-20482 RESERVED CVE-2020-20481 RESERVED CVE-2020-20480 RESERVED CVE-2020-20479 RESERVED CVE-2020-20478 RESERVED CVE-2020-20477 RESERVED CVE-2020-20476 RESERVED CVE-2020-20475 RESERVED CVE-2020-20474 RESERVED CVE-2020-20473 RESERVED CVE-2020-20472 RESERVED CVE-2020-20471 RESERVED CVE-2020-20470 RESERVED CVE-2020-20469 RESERVED CVE-2020-20468 RESERVED CVE-2020-20467 RESERVED CVE-2020-20466 RESERVED CVE-2020-20465 RESERVED CVE-2020-20464 RESERVED CVE-2020-20463 RESERVED CVE-2020-20462 RESERVED CVE-2020-20461 RESERVED CVE-2020-20460 RESERVED CVE-2020-20459 RESERVED CVE-2020-20458 RESERVED CVE-2020-20457 RESERVED CVE-2020-20456 RESERVED CVE-2020-20455 RESERVED CVE-2020-20454 RESERVED CVE-2020-20453 RESERVED CVE-2020-20452 RESERVED CVE-2020-20451 RESERVED CVE-2020-20450 RESERVED CVE-2020-20449 RESERVED CVE-2020-20448 RESERVED CVE-2020-20447 RESERVED CVE-2020-20446 RESERVED CVE-2020-20445 RESERVED CVE-2020-20444 RESERVED CVE-2020-20443 RESERVED CVE-2020-20442 RESERVED CVE-2020-20441 RESERVED CVE-2020-20440 RESERVED CVE-2020-20439 RESERVED CVE-2020-20438 RESERVED CVE-2020-20437 RESERVED CVE-2020-20436 RESERVED CVE-2020-20435 RESERVED CVE-2020-20434 RESERVED CVE-2020-20433 RESERVED CVE-2020-20432 RESERVED CVE-2020-20431 RESERVED CVE-2020-20430 RESERVED CVE-2020-20429 RESERVED CVE-2020-20428 RESERVED CVE-2020-20427 RESERVED CVE-2020-20426 RESERVED CVE-2020-20425 RESERVED CVE-2020-20424 RESERVED CVE-2020-20423 RESERVED CVE-2020-20422 RESERVED CVE-2020-20421 RESERVED CVE-2020-20420 RESERVED CVE-2020-20419 RESERVED CVE-2020-20418 RESERVED CVE-2020-20417 RESERVED CVE-2020-20416 RESERVED CVE-2020-20415 RESERVED CVE-2020-20414 RESERVED CVE-2020-20413 RESERVED CVE-2020-20412 RESERVED CVE-2020-20411 RESERVED CVE-2020-20410 RESERVED CVE-2020-20409 RESERVED CVE-2020-20408 RESERVED CVE-2020-20407 RESERVED CVE-2020-20406 (A stored XSS vulnerability exists in the Custom Link Attributes contro ...) NOT-FOR-US: Elementor Page Builder CVE-2020-20405 RESERVED CVE-2020-20404 RESERVED CVE-2020-20403 RESERVED CVE-2020-20402 RESERVED CVE-2020-20401 RESERVED CVE-2020-20400 RESERVED CVE-2020-20399 RESERVED CVE-2020-20398 RESERVED CVE-2020-20397 RESERVED CVE-2020-20396 RESERVED CVE-2020-20395 RESERVED CVE-2020-20394 RESERVED CVE-2020-20393 RESERVED CVE-2020-20392 RESERVED CVE-2020-20391 RESERVED CVE-2020-20390 RESERVED CVE-2020-20389 RESERVED CVE-2020-20388 RESERVED CVE-2020-20387 RESERVED CVE-2020-20386 RESERVED CVE-2020-20385 RESERVED CVE-2020-20384 RESERVED CVE-2020-20383 RESERVED CVE-2020-20382 RESERVED CVE-2020-20381 RESERVED CVE-2020-20380 RESERVED CVE-2020-20379 RESERVED CVE-2020-20378 RESERVED CVE-2020-20377 RESERVED CVE-2020-20376 RESERVED CVE-2020-20375 RESERVED CVE-2020-20374 RESERVED CVE-2020-20373 RESERVED CVE-2020-20372 RESERVED CVE-2020-20371 RESERVED CVE-2020-20370 RESERVED CVE-2020-20369 RESERVED CVE-2020-20368 RESERVED CVE-2020-20367 RESERVED CVE-2020-20366 RESERVED CVE-2020-20365 RESERVED CVE-2020-20364 RESERVED CVE-2020-20363 RESERVED CVE-2020-20362 RESERVED CVE-2020-20361 RESERVED CVE-2020-20360 RESERVED CVE-2020-20359 RESERVED CVE-2020-20358 RESERVED CVE-2020-20357 RESERVED CVE-2020-20356 RESERVED CVE-2020-20355 RESERVED CVE-2020-20354 RESERVED CVE-2020-20353 RESERVED CVE-2020-20352 RESERVED CVE-2020-20351 RESERVED CVE-2020-20350 RESERVED CVE-2020-20349 RESERVED CVE-2020-20348 RESERVED CVE-2020-20347 RESERVED CVE-2020-20346 RESERVED CVE-2020-20345 RESERVED CVE-2020-20344 RESERVED CVE-2020-20343 RESERVED CVE-2020-20342 RESERVED CVE-2020-20341 RESERVED CVE-2020-20340 RESERVED CVE-2020-20339 RESERVED CVE-2020-20338 RESERVED CVE-2020-20337 RESERVED CVE-2020-20336 RESERVED CVE-2020-20335 RESERVED CVE-2020-20334 RESERVED CVE-2020-20333 RESERVED CVE-2020-20332 RESERVED CVE-2020-20331 RESERVED CVE-2020-20330 RESERVED CVE-2020-20329 RESERVED CVE-2020-20328 RESERVED CVE-2020-20327 RESERVED CVE-2020-20326 RESERVED CVE-2020-20325 RESERVED CVE-2020-20324 RESERVED CVE-2020-20323 RESERVED CVE-2020-20322 RESERVED CVE-2020-20321 RESERVED CVE-2020-20320 RESERVED CVE-2020-20319 RESERVED CVE-2020-20318 RESERVED CVE-2020-20317 RESERVED CVE-2020-20316 RESERVED CVE-2020-20315 RESERVED CVE-2020-20314 RESERVED CVE-2020-20313 RESERVED CVE-2020-20312 RESERVED CVE-2020-20311 RESERVED CVE-2020-20310 RESERVED CVE-2020-20309 RESERVED CVE-2020-20308 RESERVED CVE-2020-20307 RESERVED CVE-2020-20306 RESERVED CVE-2020-20305 RESERVED CVE-2020-20304 RESERVED CVE-2020-20303 RESERVED CVE-2020-20302 RESERVED CVE-2020-20301 RESERVED CVE-2020-20300 RESERVED CVE-2020-20299 RESERVED CVE-2020-20298 RESERVED CVE-2020-20297 RESERVED CVE-2020-20296 RESERVED CVE-2020-20295 RESERVED CVE-2020-20294 RESERVED CVE-2020-20293 RESERVED CVE-2020-20292 RESERVED CVE-2020-20291 RESERVED CVE-2020-20290 RESERVED CVE-2020-20289 RESERVED CVE-2020-20288 RESERVED CVE-2020-20287 RESERVED CVE-2020-20286 RESERVED CVE-2020-20285 RESERVED CVE-2020-20284 RESERVED CVE-2020-20283 RESERVED CVE-2020-20282 RESERVED CVE-2020-20281 RESERVED CVE-2020-20280 RESERVED CVE-2020-20279 RESERVED CVE-2020-20278 RESERVED CVE-2020-20277 RESERVED CVE-2020-20276 RESERVED CVE-2020-20275 RESERVED CVE-2020-20274 RESERVED CVE-2020-20273 RESERVED CVE-2020-20272 RESERVED CVE-2020-20271 RESERVED CVE-2020-20270 RESERVED CVE-2020-20269 RESERVED CVE-2020-20268 RESERVED CVE-2020-20267 RESERVED CVE-2020-20266 RESERVED CVE-2020-20265 RESERVED CVE-2020-20264 RESERVED CVE-2020-20263 RESERVED CVE-2020-20262 RESERVED CVE-2020-20261 RESERVED CVE-2020-20260 RESERVED CVE-2020-20259 RESERVED CVE-2020-20258 RESERVED CVE-2020-20257 RESERVED CVE-2020-20256 RESERVED CVE-2020-20255 RESERVED CVE-2020-20254 RESERVED CVE-2020-20253 RESERVED CVE-2020-20252 RESERVED CVE-2020-20251 RESERVED CVE-2020-20250 RESERVED CVE-2020-20249 RESERVED CVE-2020-20248 RESERVED CVE-2020-20247 RESERVED CVE-2020-20246 RESERVED CVE-2020-20245 RESERVED CVE-2020-20244 RESERVED CVE-2020-20243 RESERVED CVE-2020-20242 RESERVED CVE-2020-20241 RESERVED CVE-2020-20240 RESERVED CVE-2020-20239 RESERVED CVE-2020-20238 RESERVED CVE-2020-20237 RESERVED CVE-2020-20236 RESERVED CVE-2020-20235 RESERVED CVE-2020-20234 RESERVED CVE-2020-20233 RESERVED CVE-2020-20232 RESERVED CVE-2020-20231 RESERVED CVE-2020-20230 RESERVED CVE-2020-20229 RESERVED CVE-2020-20228 RESERVED CVE-2020-20227 RESERVED CVE-2020-20226 RESERVED CVE-2020-20225 RESERVED CVE-2020-20224 RESERVED CVE-2020-20223 RESERVED CVE-2020-20222 RESERVED CVE-2020-20221 RESERVED CVE-2020-20220 RESERVED CVE-2020-20219 RESERVED CVE-2020-20218 RESERVED CVE-2020-20217 RESERVED CVE-2020-20216 RESERVED CVE-2020-20215 RESERVED CVE-2020-20214 RESERVED CVE-2020-20213 RESERVED CVE-2020-20212 RESERVED CVE-2020-20211 RESERVED CVE-2020-20210 RESERVED CVE-2020-20209 RESERVED CVE-2020-20208 RESERVED CVE-2020-20207 RESERVED CVE-2020-20206 RESERVED CVE-2020-20205 RESERVED CVE-2020-20204 RESERVED CVE-2020-20203 RESERVED CVE-2020-20202 RESERVED CVE-2020-20201 RESERVED CVE-2020-20200 RESERVED CVE-2020-20199 RESERVED CVE-2020-20198 RESERVED CVE-2020-20197 RESERVED CVE-2020-20196 RESERVED CVE-2020-20195 RESERVED CVE-2020-20194 RESERVED CVE-2020-20193 RESERVED CVE-2020-20192 RESERVED CVE-2020-20191 RESERVED CVE-2020-20190 RESERVED CVE-2020-20189 RESERVED CVE-2020-20188 RESERVED CVE-2020-20187 RESERVED CVE-2020-20186 RESERVED CVE-2020-20185 RESERVED CVE-2020-20184 RESERVED CVE-2020-20183 RESERVED CVE-2020-20182 RESERVED CVE-2020-20181 RESERVED CVE-2020-20180 RESERVED CVE-2020-20179 RESERVED CVE-2020-20178 RESERVED CVE-2020-20177 RESERVED CVE-2020-20176 RESERVED CVE-2020-20175 RESERVED CVE-2020-20174 RESERVED CVE-2020-20173 RESERVED CVE-2020-20172 RESERVED CVE-2020-20171 RESERVED CVE-2020-20170 RESERVED CVE-2020-20169 RESERVED CVE-2020-20168 RESERVED CVE-2020-20167 RESERVED CVE-2020-20166 RESERVED CVE-2020-20165 RESERVED CVE-2020-20164 RESERVED CVE-2020-20163 RESERVED CVE-2020-20162 RESERVED CVE-2020-20161 RESERVED CVE-2020-20160 RESERVED CVE-2020-20159 RESERVED CVE-2020-20158 RESERVED CVE-2020-20157 RESERVED CVE-2020-20156 RESERVED CVE-2020-20155 RESERVED CVE-2020-20154 RESERVED CVE-2020-20153 RESERVED CVE-2020-20152 RESERVED CVE-2020-20151 RESERVED CVE-2020-20150 RESERVED CVE-2020-20149 RESERVED CVE-2020-20148 RESERVED CVE-2020-20147 RESERVED CVE-2020-20146 RESERVED CVE-2020-20145 RESERVED CVE-2020-20144 RESERVED CVE-2020-20143 RESERVED CVE-2020-20142 RESERVED CVE-2020-20141 RESERVED CVE-2020-20140 RESERVED CVE-2020-20139 RESERVED CVE-2020-20138 RESERVED CVE-2020-20137 RESERVED CVE-2020-20136 RESERVED CVE-2020-20135 RESERVED CVE-2020-20134 RESERVED CVE-2020-20133 RESERVED CVE-2020-20132 RESERVED CVE-2020-20131 RESERVED CVE-2020-20130 RESERVED CVE-2020-20129 RESERVED CVE-2020-20128 RESERVED CVE-2020-20127 RESERVED CVE-2020-20126 RESERVED CVE-2020-20125 RESERVED CVE-2020-20124 RESERVED CVE-2020-20123 RESERVED CVE-2020-20122 RESERVED CVE-2020-20121 RESERVED CVE-2020-20120 RESERVED CVE-2020-20119 RESERVED CVE-2020-20118 RESERVED CVE-2020-20117 RESERVED CVE-2020-20116 RESERVED CVE-2020-20115 RESERVED CVE-2020-20114 RESERVED CVE-2020-20113 RESERVED CVE-2020-20112 RESERVED CVE-2020-20111 RESERVED CVE-2020-20110 RESERVED CVE-2020-20109 RESERVED CVE-2020-20108 RESERVED CVE-2020-20107 RESERVED CVE-2020-20106 RESERVED CVE-2020-20105 RESERVED CVE-2020-20104 RESERVED CVE-2020-20103 RESERVED CVE-2020-20102 RESERVED CVE-2020-20101 RESERVED CVE-2020-20100 RESERVED CVE-2020-20099 RESERVED CVE-2020-20098 RESERVED CVE-2020-20097 RESERVED CVE-2020-20096 RESERVED CVE-2020-20095 RESERVED CVE-2020-20094 RESERVED CVE-2020-20093 RESERVED CVE-2020-20092 RESERVED CVE-2020-20091 RESERVED CVE-2020-20090 RESERVED CVE-2020-20089 RESERVED CVE-2020-20088 RESERVED CVE-2020-20087 RESERVED CVE-2020-20086 RESERVED CVE-2020-20085 RESERVED CVE-2020-20084 RESERVED CVE-2020-20083 RESERVED CVE-2020-20082 RESERVED CVE-2020-20081 RESERVED CVE-2020-20080 RESERVED CVE-2020-20079 RESERVED CVE-2020-20078 RESERVED CVE-2020-20077 RESERVED CVE-2020-20076 RESERVED CVE-2020-20075 RESERVED CVE-2020-20074 RESERVED CVE-2020-20073 RESERVED CVE-2020-20072 RESERVED CVE-2020-20071 RESERVED CVE-2020-20070 RESERVED CVE-2020-20069 RESERVED CVE-2020-20068 RESERVED CVE-2020-20067 RESERVED CVE-2020-20066 RESERVED CVE-2020-20065 RESERVED CVE-2020-20064 RESERVED CVE-2020-20063 RESERVED CVE-2020-20062 RESERVED CVE-2020-20061 RESERVED CVE-2020-20060 RESERVED CVE-2020-20059 RESERVED CVE-2020-20058 RESERVED CVE-2020-20057 RESERVED CVE-2020-20056 RESERVED CVE-2020-20055 RESERVED CVE-2020-20054 RESERVED CVE-2020-20053 RESERVED CVE-2020-20052 RESERVED CVE-2020-20051 RESERVED CVE-2020-20050 RESERVED CVE-2020-20049 RESERVED CVE-2020-20048 RESERVED CVE-2020-20047 RESERVED CVE-2020-20046 RESERVED CVE-2020-20045 RESERVED CVE-2020-20044 RESERVED CVE-2020-20043 RESERVED CVE-2020-20042 RESERVED CVE-2020-20041 RESERVED CVE-2020-20040 RESERVED CVE-2020-20039 RESERVED CVE-2020-20038 RESERVED CVE-2020-20037 RESERVED CVE-2020-20036 RESERVED CVE-2020-20035 RESERVED CVE-2020-20034 RESERVED CVE-2020-20033 RESERVED CVE-2020-20032 RESERVED CVE-2020-20031 RESERVED CVE-2020-20030 RESERVED CVE-2020-20029 RESERVED CVE-2020-20028 RESERVED CVE-2020-20027 RESERVED CVE-2020-20026 RESERVED CVE-2020-20025 RESERVED CVE-2020-20024 RESERVED CVE-2020-20023 RESERVED CVE-2020-20022 RESERVED CVE-2020-20021 RESERVED CVE-2020-20020 RESERVED CVE-2020-20019 RESERVED CVE-2020-20018 RESERVED CVE-2020-20017 RESERVED CVE-2020-20016 RESERVED CVE-2020-20015 RESERVED CVE-2020-20014 RESERVED CVE-2020-20013 RESERVED CVE-2020-20012 RESERVED CVE-2020-20011 RESERVED CVE-2020-20010 RESERVED CVE-2020-20009 RESERVED CVE-2020-20008 RESERVED CVE-2020-20007 RESERVED CVE-2020-20006 RESERVED CVE-2020-20005 RESERVED CVE-2020-20004 RESERVED CVE-2020-20003 RESERVED CVE-2020-20002 RESERVED CVE-2020-20001 RESERVED CVE-2020-20000 RESERVED CVE-2020-19999 RESERVED CVE-2020-19998 RESERVED CVE-2020-19997 RESERVED CVE-2020-19996 RESERVED CVE-2020-19995 RESERVED CVE-2020-19994 RESERVED CVE-2020-19993 RESERVED CVE-2020-19992 RESERVED CVE-2020-19991 RESERVED CVE-2020-19990 RESERVED CVE-2020-19989 RESERVED CVE-2020-19988 RESERVED CVE-2020-19987 RESERVED CVE-2020-19986 RESERVED CVE-2020-19985 RESERVED CVE-2020-19984 RESERVED CVE-2020-19983 RESERVED CVE-2020-19982 RESERVED CVE-2020-19981 RESERVED CVE-2020-19980 RESERVED CVE-2020-19979 RESERVED CVE-2020-19978 RESERVED CVE-2020-19977 RESERVED CVE-2020-19976 RESERVED CVE-2020-19975 RESERVED CVE-2020-19974 RESERVED CVE-2020-19973 RESERVED CVE-2020-19972 RESERVED CVE-2020-19971 RESERVED CVE-2020-19970 RESERVED CVE-2020-19969 RESERVED CVE-2020-19968 RESERVED CVE-2020-19967 RESERVED CVE-2020-19966 RESERVED CVE-2020-19965 RESERVED CVE-2020-19964 RESERVED CVE-2020-19963 RESERVED CVE-2020-19962 RESERVED CVE-2020-19961 RESERVED CVE-2020-19960 RESERVED CVE-2020-19959 RESERVED CVE-2020-19958 RESERVED CVE-2020-19957 RESERVED CVE-2020-19956 RESERVED CVE-2020-19955 RESERVED CVE-2020-19954 RESERVED CVE-2020-19953 RESERVED CVE-2020-19952 RESERVED CVE-2020-19951 RESERVED CVE-2020-19950 RESERVED CVE-2020-19949 RESERVED CVE-2020-19948 RESERVED CVE-2020-19947 RESERVED CVE-2020-19946 RESERVED CVE-2020-19945 RESERVED CVE-2020-19944 RESERVED CVE-2020-19943 RESERVED CVE-2020-19942 RESERVED CVE-2020-19941 RESERVED CVE-2020-19940 RESERVED CVE-2020-19939 RESERVED CVE-2020-19938 RESERVED CVE-2020-19937 RESERVED CVE-2020-19936 RESERVED CVE-2020-19935 RESERVED CVE-2020-19934 RESERVED CVE-2020-19933 RESERVED CVE-2020-19932 RESERVED CVE-2020-19931 RESERVED CVE-2020-19930 RESERVED CVE-2020-19929 RESERVED CVE-2020-19928 RESERVED CVE-2020-19927 RESERVED CVE-2020-19926 RESERVED CVE-2020-19925 RESERVED CVE-2020-19924 RESERVED CVE-2020-19923 RESERVED CVE-2020-19922 RESERVED CVE-2020-19921 RESERVED CVE-2020-19920 RESERVED CVE-2020-19919 RESERVED CVE-2020-19918 RESERVED CVE-2020-19917 RESERVED CVE-2020-19916 RESERVED CVE-2020-19915 RESERVED CVE-2020-19914 RESERVED CVE-2020-19913 RESERVED CVE-2020-19912 RESERVED CVE-2020-19911 RESERVED CVE-2020-19910 RESERVED CVE-2020-19909 RESERVED CVE-2020-19908 RESERVED CVE-2020-19907 RESERVED CVE-2020-19906 RESERVED CVE-2020-19905 RESERVED CVE-2020-19904 RESERVED CVE-2020-19903 RESERVED CVE-2020-19902 RESERVED CVE-2020-19901 RESERVED CVE-2020-19900 RESERVED CVE-2020-19899 RESERVED CVE-2020-19898 RESERVED CVE-2020-19897 RESERVED CVE-2020-19896 RESERVED CVE-2020-19895 RESERVED CVE-2020-19894 RESERVED CVE-2020-19893 RESERVED CVE-2020-19892 RESERVED CVE-2020-19891 (DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\ ...) NOT-FOR-US: DBHcms CVE-2020-19890 (DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\m ...) NOT-FOR-US: DBHcms CVE-2020-19889 (DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF ...) NOT-FOR-US: DBHcms CVE-2020-19888 (DBHcms v1.2.0 has an unauthorized operation vulnerability because ther ...) NOT-FOR-US: DBHcms CVE-2020-19887 (DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19886 (DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF ...) NOT-FOR-US: DBHcms CVE-2020-19885 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19884 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19883 (DBHcms v1.2.0 has a stored xss vulnerability as there is no security f ...) NOT-FOR-US: DBHcms CVE-2020-19882 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19881 (DBHcms v1.2.0 has a reflected xss vulnerability as there is no securit ...) NOT-FOR-US: DBHcms CVE-2020-19880 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19879 (DBHcms v1.2.0 has a stored xss vulnerability as there is no security f ...) NOT-FOR-US: DBHcms CVE-2020-19878 (DBHcms v1.2.0 has a sensitive information leaks vulnerability as there ...) NOT-FOR-US: DBHcms CVE-2020-19877 (DBHcms v1.2.0 has a directory traversal vulnerability as there is no d ...) NOT-FOR-US: DBHcms CVE-2020-19876 RESERVED CVE-2020-19875 RESERVED CVE-2020-19874 RESERVED CVE-2020-19873 RESERVED CVE-2020-19872 RESERVED CVE-2020-19871 RESERVED CVE-2020-19870 RESERVED CVE-2020-19869 RESERVED CVE-2020-19868 RESERVED CVE-2020-19867 RESERVED CVE-2020-19866 RESERVED CVE-2020-19865 RESERVED CVE-2020-19864 RESERVED CVE-2020-19863 RESERVED CVE-2020-19862 RESERVED CVE-2020-19861 RESERVED CVE-2020-19860 RESERVED CVE-2020-19859 RESERVED CVE-2020-19858 RESERVED CVE-2020-19857 RESERVED CVE-2020-19856 RESERVED CVE-2020-19855 RESERVED CVE-2020-19854 RESERVED CVE-2020-19853 RESERVED CVE-2020-19852 RESERVED CVE-2020-19851 RESERVED CVE-2020-19850 RESERVED CVE-2020-19849 RESERVED CVE-2020-19848 RESERVED CVE-2020-19847 RESERVED CVE-2020-19846 RESERVED CVE-2020-19845 RESERVED CVE-2020-19844 RESERVED CVE-2020-19843 RESERVED CVE-2020-19842 RESERVED CVE-2020-19841 RESERVED CVE-2020-19840 RESERVED CVE-2020-19839 RESERVED CVE-2020-19838 RESERVED CVE-2020-19837 RESERVED CVE-2020-19836 RESERVED CVE-2020-19835 RESERVED CVE-2020-19834 RESERVED CVE-2020-19833 RESERVED CVE-2020-19832 RESERVED CVE-2020-19831 RESERVED CVE-2020-19830 RESERVED CVE-2020-19829 RESERVED CVE-2020-19828 RESERVED CVE-2020-19827 RESERVED CVE-2020-19826 RESERVED CVE-2020-19825 RESERVED CVE-2020-19824 RESERVED CVE-2020-19823 RESERVED CVE-2020-19822 RESERVED CVE-2020-19821 RESERVED CVE-2020-19820 RESERVED CVE-2020-19819 RESERVED CVE-2020-19818 RESERVED CVE-2020-19817 RESERVED CVE-2020-19816 RESERVED CVE-2020-19815 RESERVED CVE-2020-19814 RESERVED CVE-2020-19813 RESERVED CVE-2020-19812 RESERVED CVE-2020-19811 RESERVED CVE-2020-19810 RESERVED CVE-2020-19809 RESERVED CVE-2020-19808 RESERVED CVE-2020-19807 RESERVED CVE-2020-19806 RESERVED CVE-2020-19805 RESERVED CVE-2020-19804 RESERVED CVE-2020-19803 RESERVED CVE-2020-19802 RESERVED CVE-2020-19801 RESERVED CVE-2020-19800 RESERVED CVE-2020-19799 RESERVED CVE-2020-19798 RESERVED CVE-2020-19797 RESERVED CVE-2020-19796 RESERVED CVE-2020-19795 RESERVED CVE-2020-19794 RESERVED CVE-2020-19793 RESERVED CVE-2020-19792 RESERVED CVE-2020-19791 RESERVED CVE-2020-19790 RESERVED CVE-2020-19789 RESERVED CVE-2020-19788 RESERVED CVE-2020-19787 RESERVED CVE-2020-19786 RESERVED CVE-2020-19785 RESERVED CVE-2020-19784 RESERVED CVE-2020-19783 RESERVED CVE-2020-19782 RESERVED CVE-2020-19781 RESERVED CVE-2020-19780 RESERVED CVE-2020-19779 RESERVED CVE-2020-19778 RESERVED CVE-2020-19777 RESERVED CVE-2020-19776 RESERVED CVE-2020-19775 RESERVED CVE-2020-19774 RESERVED CVE-2020-19773 RESERVED CVE-2020-19772 RESERVED CVE-2020-19771 RESERVED CVE-2020-19770 RESERVED CVE-2020-19769 RESERVED CVE-2020-19768 RESERVED CVE-2020-19767 RESERVED CVE-2020-19766 RESERVED CVE-2020-19765 RESERVED CVE-2020-19764 RESERVED CVE-2020-19763 RESERVED CVE-2020-19762 RESERVED CVE-2020-19761 RESERVED CVE-2020-19760 RESERVED CVE-2020-19759 RESERVED CVE-2020-19758 RESERVED CVE-2020-19757 RESERVED CVE-2020-19756 RESERVED CVE-2020-19755 RESERVED CVE-2020-19754 RESERVED CVE-2020-19753 RESERVED CVE-2020-19752 RESERVED CVE-2020-19751 RESERVED CVE-2020-19750 RESERVED CVE-2020-19749 RESERVED CVE-2020-19748 RESERVED CVE-2020-19747 RESERVED CVE-2020-19746 RESERVED CVE-2020-19745 RESERVED CVE-2020-19744 RESERVED CVE-2020-19743 RESERVED CVE-2020-19742 RESERVED CVE-2020-19741 RESERVED CVE-2020-19740 RESERVED CVE-2020-19739 RESERVED CVE-2020-19738 RESERVED CVE-2020-19737 RESERVED CVE-2020-19736 RESERVED CVE-2020-19735 RESERVED CVE-2020-19734 RESERVED CVE-2020-19733 RESERVED CVE-2020-19732 RESERVED CVE-2020-19731 RESERVED CVE-2020-19730 RESERVED CVE-2020-19729 RESERVED CVE-2020-19728 RESERVED CVE-2020-19727 RESERVED CVE-2020-19726 RESERVED CVE-2020-19725 RESERVED CVE-2020-19724 RESERVED CVE-2020-19723 RESERVED CVE-2020-19722 RESERVED CVE-2020-19721 RESERVED CVE-2020-19720 RESERVED CVE-2020-19719 RESERVED CVE-2020-19718 RESERVED CVE-2020-19717 RESERVED CVE-2020-19716 RESERVED CVE-2020-19715 RESERVED CVE-2020-19714 RESERVED CVE-2020-19713 RESERVED CVE-2020-19712 RESERVED CVE-2020-19711 RESERVED CVE-2020-19710 RESERVED CVE-2020-19709 RESERVED CVE-2020-19708 RESERVED CVE-2020-19707 RESERVED CVE-2020-19706 RESERVED CVE-2020-19705 RESERVED CVE-2020-19704 RESERVED CVE-2020-19703 RESERVED CVE-2020-19702 RESERVED CVE-2020-19701 RESERVED CVE-2020-19700 RESERVED CVE-2020-19699 RESERVED CVE-2020-19698 RESERVED CVE-2020-19697 RESERVED CVE-2020-19696 RESERVED CVE-2020-19695 RESERVED CVE-2020-19694 RESERVED CVE-2020-19693 RESERVED CVE-2020-19692 RESERVED CVE-2020-19691 RESERVED CVE-2020-19690 RESERVED CVE-2020-19689 RESERVED CVE-2020-19688 RESERVED CVE-2020-19687 RESERVED CVE-2020-19686 RESERVED CVE-2020-19685 RESERVED CVE-2020-19684 RESERVED CVE-2020-19683 RESERVED CVE-2020-19682 RESERVED CVE-2020-19681 RESERVED CVE-2020-19680 RESERVED CVE-2020-19679 RESERVED CVE-2020-19678 RESERVED CVE-2020-19677 RESERVED CVE-2020-19676 RESERVED CVE-2020-19675 RESERVED CVE-2020-19674 RESERVED CVE-2020-19673 RESERVED CVE-2020-19672 RESERVED CVE-2020-19671 RESERVED CVE-2020-19670 RESERVED CVE-2020-19669 RESERVED CVE-2020-19668 RESERVED CVE-2020-19667 RESERVED CVE-2020-19666 RESERVED CVE-2020-19665 RESERVED CVE-2020-19664 RESERVED CVE-2020-19663 RESERVED CVE-2020-19662 RESERVED CVE-2020-19661 RESERVED CVE-2020-19660 RESERVED CVE-2020-19659 RESERVED CVE-2020-19658 RESERVED CVE-2020-19657 RESERVED CVE-2020-19656 RESERVED CVE-2020-19655 RESERVED CVE-2020-19654 RESERVED CVE-2020-19653 RESERVED CVE-2020-19652 RESERVED CVE-2020-19651 RESERVED CVE-2020-19650 RESERVED CVE-2020-19649 RESERVED CVE-2020-19648 RESERVED CVE-2020-19647 RESERVED CVE-2020-19646 RESERVED CVE-2020-19645 RESERVED CVE-2020-19644 RESERVED CVE-2020-19643 RESERVED CVE-2020-19642 RESERVED CVE-2020-19641 RESERVED CVE-2020-19640 RESERVED CVE-2020-19639 RESERVED CVE-2020-19638 RESERVED CVE-2020-19637 RESERVED CVE-2020-19636 RESERVED CVE-2020-19635 RESERVED CVE-2020-19634 RESERVED CVE-2020-19633 RESERVED CVE-2020-19632 RESERVED CVE-2020-19631 RESERVED CVE-2020-19630 RESERVED CVE-2020-19629 RESERVED CVE-2020-19628 RESERVED CVE-2020-19627 RESERVED CVE-2020-19626 RESERVED CVE-2020-19625 RESERVED CVE-2020-19624 RESERVED CVE-2020-19623 RESERVED CVE-2020-19622 RESERVED CVE-2020-19621 RESERVED CVE-2020-19620 RESERVED CVE-2020-19619 RESERVED CVE-2020-19618 RESERVED CVE-2020-19617 RESERVED CVE-2020-19616 RESERVED CVE-2020-19615 RESERVED CVE-2020-19614 RESERVED CVE-2020-19613 RESERVED CVE-2020-19612 RESERVED CVE-2020-19611 RESERVED CVE-2020-19610 RESERVED CVE-2020-19609 RESERVED CVE-2020-19608 RESERVED CVE-2020-19607 RESERVED CVE-2020-19606 RESERVED CVE-2020-19605 RESERVED CVE-2020-19604 RESERVED CVE-2020-19603 RESERVED CVE-2020-19602 RESERVED CVE-2020-19601 RESERVED CVE-2020-19600 RESERVED CVE-2020-19599 RESERVED CVE-2020-19598 RESERVED CVE-2020-19597 RESERVED CVE-2020-19596 RESERVED CVE-2020-19595 RESERVED CVE-2020-19594 RESERVED CVE-2020-19593 RESERVED CVE-2020-19592 RESERVED CVE-2020-19591 RESERVED CVE-2020-19590 RESERVED CVE-2020-19589 RESERVED CVE-2020-19588 RESERVED CVE-2020-19587 RESERVED CVE-2020-19586 RESERVED CVE-2020-19585 RESERVED CVE-2020-19584 RESERVED CVE-2020-19583 RESERVED CVE-2020-19582 RESERVED CVE-2020-19581 RESERVED CVE-2020-19580 RESERVED CVE-2020-19579 RESERVED CVE-2020-19578 RESERVED CVE-2020-19577 RESERVED CVE-2020-19576 RESERVED CVE-2020-19575 RESERVED CVE-2020-19574 RESERVED CVE-2020-19573 RESERVED CVE-2020-19572 RESERVED CVE-2020-19571 RESERVED CVE-2020-19570 RESERVED CVE-2020-19569 RESERVED CVE-2020-19568 RESERVED CVE-2020-19567 RESERVED CVE-2020-19566 RESERVED CVE-2020-19565 RESERVED CVE-2020-19564 RESERVED CVE-2020-19563 RESERVED CVE-2020-19562 RESERVED CVE-2020-19561 RESERVED CVE-2020-19560 RESERVED CVE-2020-19559 RESERVED CVE-2020-19558 RESERVED CVE-2020-19557 RESERVED CVE-2020-19556 RESERVED CVE-2020-19555 RESERVED CVE-2020-19554 RESERVED CVE-2020-19553 RESERVED CVE-2020-19552 RESERVED CVE-2020-19551 RESERVED CVE-2020-19550 RESERVED CVE-2020-19549 RESERVED CVE-2020-19548 RESERVED CVE-2020-19547 RESERVED CVE-2020-19546 RESERVED CVE-2020-19545 RESERVED CVE-2020-19544 RESERVED CVE-2020-19543 RESERVED CVE-2020-19542 RESERVED CVE-2020-19541 RESERVED CVE-2020-19540 RESERVED CVE-2020-19539 RESERVED CVE-2020-19538 RESERVED CVE-2020-19537 RESERVED CVE-2020-19536 RESERVED CVE-2020-19535 RESERVED CVE-2020-19534 RESERVED CVE-2020-19533 RESERVED CVE-2020-19532 RESERVED CVE-2020-19531 RESERVED CVE-2020-19530 RESERVED CVE-2020-19529 RESERVED CVE-2020-19528 RESERVED CVE-2020-19527 RESERVED CVE-2020-19526 RESERVED CVE-2020-19525 RESERVED CVE-2020-19524 RESERVED CVE-2020-19523 RESERVED CVE-2020-19522 RESERVED CVE-2020-19521 RESERVED CVE-2020-19520 RESERVED CVE-2020-19519 RESERVED CVE-2020-19518 RESERVED CVE-2020-19517 RESERVED CVE-2020-19516 RESERVED CVE-2020-19515 RESERVED CVE-2020-19514 RESERVED CVE-2020-19513 RESERVED CVE-2020-19512 RESERVED CVE-2020-19511 RESERVED CVE-2020-19510 RESERVED CVE-2020-19509 RESERVED CVE-2020-19508 RESERVED CVE-2020-19507 RESERVED CVE-2020-19506 RESERVED CVE-2020-19505 RESERVED CVE-2020-19504 RESERVED CVE-2020-19503 RESERVED CVE-2020-19502 RESERVED CVE-2020-19501 RESERVED CVE-2020-19500 RESERVED CVE-2020-19499 RESERVED CVE-2020-19498 RESERVED CVE-2020-19497 RESERVED CVE-2020-19496 RESERVED CVE-2020-19495 RESERVED CVE-2020-19494 RESERVED CVE-2020-19493 RESERVED CVE-2020-19492 RESERVED CVE-2020-19491 RESERVED CVE-2020-19490 RESERVED CVE-2020-19489 RESERVED CVE-2020-19488 RESERVED CVE-2020-19487 RESERVED CVE-2020-19486 RESERVED CVE-2020-19485 RESERVED CVE-2020-19484 RESERVED CVE-2020-19483 RESERVED CVE-2020-19482 RESERVED CVE-2020-19481 RESERVED CVE-2020-19480 RESERVED CVE-2020-19479 RESERVED CVE-2020-19478 RESERVED CVE-2020-19477 RESERVED CVE-2020-19476 RESERVED CVE-2020-19475 RESERVED CVE-2020-19474 RESERVED CVE-2020-19473 RESERVED CVE-2020-19472 RESERVED CVE-2020-19471 RESERVED CVE-2020-19470 RESERVED CVE-2020-19469 RESERVED CVE-2020-19468 RESERVED CVE-2020-19467 RESERVED CVE-2020-19466 RESERVED CVE-2020-19465 RESERVED CVE-2020-19464 RESERVED CVE-2020-19463 RESERVED CVE-2020-19462 RESERVED CVE-2020-19461 RESERVED CVE-2020-19460 RESERVED CVE-2020-19459 RESERVED CVE-2020-19458 RESERVED CVE-2020-19457 RESERVED CVE-2020-19456 RESERVED CVE-2020-19455 RESERVED CVE-2020-19454 RESERVED CVE-2020-19453 RESERVED CVE-2020-19452 RESERVED CVE-2020-19451 RESERVED CVE-2020-19450 RESERVED CVE-2020-19449 RESERVED CVE-2020-19448 RESERVED CVE-2020-19447 RESERVED CVE-2020-19446 RESERVED CVE-2020-19445 RESERVED CVE-2020-19444 RESERVED CVE-2020-19443 RESERVED CVE-2020-19442 RESERVED CVE-2020-19441 RESERVED CVE-2020-19440 RESERVED CVE-2020-19439 RESERVED CVE-2020-19438 RESERVED CVE-2020-19437 RESERVED CVE-2020-19436 RESERVED CVE-2020-19435 RESERVED CVE-2020-19434 RESERVED CVE-2020-19433 RESERVED CVE-2020-19432 RESERVED CVE-2020-19431 RESERVED CVE-2020-19430 RESERVED CVE-2020-19429 RESERVED CVE-2020-19428 RESERVED CVE-2020-19427 RESERVED CVE-2020-19426 RESERVED CVE-2020-19425 RESERVED CVE-2020-19424 RESERVED CVE-2020-19423 RESERVED CVE-2020-19422 RESERVED CVE-2020-19421 RESERVED CVE-2020-19420 RESERVED CVE-2020-19419 RESERVED CVE-2020-19418 RESERVED CVE-2020-19417 RESERVED CVE-2020-19416 RESERVED CVE-2020-19415 RESERVED CVE-2020-19414 RESERVED CVE-2020-19413 RESERVED CVE-2020-19412 RESERVED CVE-2020-19411 RESERVED CVE-2020-19410 RESERVED CVE-2020-19409 RESERVED CVE-2020-19408 RESERVED CVE-2020-19407 RESERVED CVE-2020-19406 RESERVED CVE-2020-19405 RESERVED CVE-2020-19404 RESERVED CVE-2020-19403 RESERVED CVE-2020-19402 RESERVED CVE-2020-19401 RESERVED CVE-2020-19400 RESERVED CVE-2020-19399 RESERVED CVE-2020-19398 RESERVED CVE-2020-19397 RESERVED CVE-2020-19396 RESERVED CVE-2020-19395 RESERVED CVE-2020-19394 RESERVED CVE-2020-19393 RESERVED CVE-2020-19392 RESERVED CVE-2020-19391 RESERVED CVE-2020-19390 RESERVED CVE-2020-19389 RESERVED CVE-2020-19388 RESERVED CVE-2020-19387 RESERVED CVE-2020-19386 RESERVED CVE-2020-19385 RESERVED CVE-2020-19384 RESERVED CVE-2020-19383 RESERVED CVE-2020-19382 RESERVED CVE-2020-19381 RESERVED CVE-2020-19380 RESERVED CVE-2020-19379 RESERVED CVE-2020-19378 RESERVED CVE-2020-19377 RESERVED CVE-2020-19376 RESERVED CVE-2020-19375 RESERVED CVE-2020-19374 RESERVED CVE-2020-19373 RESERVED CVE-2020-19372 RESERVED CVE-2020-19371 RESERVED CVE-2020-19370 RESERVED CVE-2020-19369 RESERVED CVE-2020-19368 RESERVED CVE-2020-19367 RESERVED CVE-2020-19366 RESERVED CVE-2020-19365 RESERVED CVE-2020-19364 RESERVED CVE-2020-19363 RESERVED CVE-2020-19362 RESERVED CVE-2020-19361 RESERVED CVE-2020-19360 RESERVED CVE-2020-19359 RESERVED CVE-2020-19358 RESERVED CVE-2020-19357 RESERVED CVE-2020-19356 RESERVED CVE-2020-19355 RESERVED CVE-2020-19354 RESERVED CVE-2020-19353 RESERVED CVE-2020-19352 RESERVED CVE-2020-19351 RESERVED CVE-2020-19350 RESERVED CVE-2020-19349 RESERVED CVE-2020-19348 RESERVED CVE-2020-19347 RESERVED CVE-2020-19346 RESERVED CVE-2020-19345 RESERVED CVE-2020-19344 RESERVED CVE-2020-19343 RESERVED CVE-2020-19342 RESERVED CVE-2020-19341 RESERVED CVE-2020-19340 RESERVED CVE-2020-19339 RESERVED CVE-2020-19338 RESERVED CVE-2020-19337 RESERVED CVE-2020-19336 RESERVED CVE-2020-19335 RESERVED CVE-2020-19334 RESERVED CVE-2020-19333 RESERVED CVE-2020-19332 RESERVED CVE-2020-19331 RESERVED CVE-2020-19330 RESERVED CVE-2020-19329 RESERVED CVE-2020-19328 RESERVED CVE-2020-19327 RESERVED CVE-2020-19326 RESERVED CVE-2020-19325 RESERVED CVE-2020-19324 RESERVED CVE-2020-19323 RESERVED CVE-2020-19322 RESERVED CVE-2020-19321 RESERVED CVE-2020-19320 RESERVED CVE-2020-19319 RESERVED CVE-2020-19318 RESERVED CVE-2020-19317 RESERVED CVE-2020-19316 RESERVED CVE-2020-19315 RESERVED CVE-2020-19314 RESERVED CVE-2020-19313 RESERVED CVE-2020-19312 RESERVED CVE-2020-19311 RESERVED CVE-2020-19310 RESERVED CVE-2020-19309 RESERVED CVE-2020-19308 RESERVED CVE-2020-19307 RESERVED CVE-2020-19306 RESERVED CVE-2020-19305 RESERVED CVE-2020-19304 RESERVED CVE-2020-19303 RESERVED CVE-2020-19302 RESERVED CVE-2020-19301 RESERVED CVE-2020-19300 RESERVED CVE-2020-19299 RESERVED CVE-2020-19298 RESERVED CVE-2020-19297 RESERVED CVE-2020-19296 RESERVED CVE-2020-19295 RESERVED CVE-2020-19294 RESERVED CVE-2020-19293 RESERVED CVE-2020-19292 RESERVED CVE-2020-19291 RESERVED CVE-2020-19290 RESERVED CVE-2020-19289 RESERVED CVE-2020-19288 RESERVED CVE-2020-19287 RESERVED CVE-2020-19286 RESERVED CVE-2020-19285 RESERVED CVE-2020-19284 RESERVED CVE-2020-19283 RESERVED CVE-2020-19282 RESERVED CVE-2020-19281 RESERVED CVE-2020-19280 RESERVED CVE-2020-19279 RESERVED CVE-2020-19278 RESERVED CVE-2020-19277 RESERVED CVE-2020-19276 RESERVED CVE-2020-19275 RESERVED CVE-2020-19274 RESERVED CVE-2020-19273 RESERVED CVE-2020-19272 RESERVED CVE-2020-19271 RESERVED CVE-2020-19270 RESERVED CVE-2020-19269 RESERVED CVE-2020-19268 RESERVED CVE-2020-19267 RESERVED CVE-2020-19266 RESERVED CVE-2020-19265 RESERVED CVE-2020-19264 RESERVED CVE-2020-19263 RESERVED CVE-2020-19262 RESERVED CVE-2020-19261 RESERVED CVE-2020-19260 RESERVED CVE-2020-19259 RESERVED CVE-2020-19258 RESERVED CVE-2020-19257 RESERVED CVE-2020-19256 RESERVED CVE-2020-19255 RESERVED CVE-2020-19254 RESERVED CVE-2020-19253 RESERVED CVE-2020-19252 RESERVED CVE-2020-19251 RESERVED CVE-2020-19250 RESERVED CVE-2020-19249 RESERVED CVE-2020-19248 RESERVED CVE-2020-19247 RESERVED CVE-2020-19246 RESERVED CVE-2020-19245 RESERVED CVE-2020-19244 RESERVED CVE-2020-19243 RESERVED CVE-2020-19242 RESERVED CVE-2020-19241 RESERVED CVE-2020-19240 RESERVED CVE-2020-19239 RESERVED CVE-2020-19238 RESERVED CVE-2020-19237 RESERVED CVE-2020-19236 RESERVED CVE-2020-19235 RESERVED CVE-2020-19234 RESERVED CVE-2020-19233 RESERVED CVE-2020-19232 RESERVED CVE-2020-19231 RESERVED CVE-2020-19230 RESERVED CVE-2020-19229 RESERVED CVE-2020-19228 RESERVED CVE-2020-19227 RESERVED CVE-2020-19226 RESERVED CVE-2020-19225 RESERVED CVE-2020-19224 RESERVED CVE-2020-19223 RESERVED CVE-2020-19222 RESERVED CVE-2020-19221 RESERVED CVE-2020-19220 RESERVED CVE-2020-19219 RESERVED CVE-2020-19218 RESERVED CVE-2020-19217 RESERVED CVE-2020-19216 RESERVED CVE-2020-19215 RESERVED CVE-2020-19214 RESERVED CVE-2020-19213 RESERVED CVE-2020-19212 RESERVED CVE-2020-19211 RESERVED CVE-2020-19210 RESERVED CVE-2020-19209 RESERVED CVE-2020-19208 RESERVED CVE-2020-19207 RESERVED CVE-2020-19206 RESERVED CVE-2020-19205 RESERVED CVE-2020-19204 RESERVED CVE-2020-19203 RESERVED CVE-2020-19202 RESERVED CVE-2020-19201 RESERVED CVE-2020-19200 RESERVED CVE-2020-19199 RESERVED CVE-2020-19198 RESERVED CVE-2020-19197 RESERVED CVE-2020-19196 RESERVED CVE-2020-19195 RESERVED CVE-2020-19194 RESERVED CVE-2020-19193 RESERVED CVE-2020-19192 RESERVED CVE-2020-19191 RESERVED CVE-2020-19190 RESERVED CVE-2020-19189 RESERVED CVE-2020-19188 RESERVED CVE-2020-19187 RESERVED CVE-2020-19186 RESERVED CVE-2020-19185 RESERVED CVE-2020-19184 RESERVED CVE-2020-19183 RESERVED CVE-2020-19182 RESERVED CVE-2020-19181 RESERVED CVE-2020-19180 RESERVED CVE-2020-19179 RESERVED CVE-2020-19178 RESERVED CVE-2020-19177 RESERVED CVE-2020-19176 RESERVED CVE-2020-19175 RESERVED CVE-2020-19174 RESERVED CVE-2020-19173 RESERVED CVE-2020-19172 RESERVED CVE-2020-19171 RESERVED CVE-2020-19170 RESERVED CVE-2020-19169 RESERVED CVE-2020-19168 RESERVED CVE-2020-19167 RESERVED CVE-2020-19166 RESERVED CVE-2020-19165 RESERVED CVE-2020-19164 RESERVED CVE-2020-19163 RESERVED CVE-2020-19162 RESERVED CVE-2020-19161 RESERVED CVE-2020-19160 RESERVED CVE-2020-19159 RESERVED CVE-2020-19158 RESERVED CVE-2020-19157 RESERVED CVE-2020-19156 RESERVED CVE-2020-19155 RESERVED CVE-2020-19154 RESERVED CVE-2020-19153 RESERVED CVE-2020-19152 RESERVED CVE-2020-19151 RESERVED CVE-2020-19150 RESERVED CVE-2020-19149 RESERVED CVE-2020-19148 RESERVED CVE-2020-19147 RESERVED CVE-2020-19146 RESERVED CVE-2020-19145 RESERVED CVE-2020-19144 RESERVED CVE-2020-19143 RESERVED CVE-2020-19142 RESERVED CVE-2020-19141 RESERVED CVE-2020-19140 RESERVED CVE-2020-19139 RESERVED CVE-2020-19138 RESERVED CVE-2020-19137 RESERVED CVE-2020-19136 RESERVED CVE-2020-19135 RESERVED CVE-2020-19134 RESERVED CVE-2020-19133 RESERVED CVE-2020-19132 RESERVED CVE-2020-19131 RESERVED CVE-2020-19130 RESERVED CVE-2020-19129 RESERVED CVE-2020-19128 RESERVED CVE-2020-19127 RESERVED CVE-2020-19126 RESERVED CVE-2020-19125 RESERVED CVE-2020-19124 RESERVED CVE-2020-19123 RESERVED CVE-2020-19122 RESERVED CVE-2020-19121 RESERVED CVE-2020-19120 RESERVED CVE-2020-19119 RESERVED CVE-2020-19118 RESERVED CVE-2020-19117 RESERVED CVE-2020-19116 RESERVED CVE-2020-19115 RESERVED CVE-2020-19114 RESERVED CVE-2020-19113 RESERVED CVE-2020-19112 RESERVED CVE-2020-19111 RESERVED CVE-2020-19110 RESERVED CVE-2020-19109 RESERVED CVE-2020-19108 RESERVED CVE-2020-19107 RESERVED CVE-2020-19106 RESERVED CVE-2020-19105 RESERVED CVE-2020-19104 RESERVED CVE-2020-19103 RESERVED CVE-2020-19102 RESERVED CVE-2020-19101 RESERVED CVE-2020-19100 RESERVED CVE-2020-19099 RESERVED CVE-2020-19098 RESERVED CVE-2020-19097 RESERVED CVE-2020-19096 RESERVED CVE-2020-19095 RESERVED CVE-2020-19094 RESERVED CVE-2020-19093 RESERVED CVE-2020-19092 RESERVED CVE-2020-19091 RESERVED CVE-2020-19090 RESERVED CVE-2020-19089 RESERVED CVE-2020-19088 RESERVED CVE-2020-19087 RESERVED CVE-2020-19086 RESERVED CVE-2020-19085 RESERVED CVE-2020-19084 RESERVED CVE-2020-19083 RESERVED CVE-2020-19082 RESERVED CVE-2020-19081 RESERVED CVE-2020-19080 RESERVED CVE-2020-19079 RESERVED CVE-2020-19078 RESERVED CVE-2020-19077 RESERVED CVE-2020-19076 RESERVED CVE-2020-19075 RESERVED CVE-2020-19074 RESERVED CVE-2020-19073 RESERVED CVE-2020-19072 RESERVED CVE-2020-19071 RESERVED CVE-2020-19070 RESERVED CVE-2020-19069 RESERVED CVE-2020-19068 RESERVED CVE-2020-19067 RESERVED CVE-2020-19066 RESERVED CVE-2020-19065 RESERVED CVE-2020-19064 RESERVED CVE-2020-19063 RESERVED CVE-2020-19062 RESERVED CVE-2020-19061 RESERVED CVE-2020-19060 RESERVED CVE-2020-19059 RESERVED CVE-2020-19058 RESERVED CVE-2020-19057 RESERVED CVE-2020-19056 RESERVED CVE-2020-19055 RESERVED CVE-2020-19054 RESERVED CVE-2020-19053 RESERVED CVE-2020-19052 RESERVED CVE-2020-19051 RESERVED CVE-2020-19050 RESERVED CVE-2020-19049 RESERVED CVE-2020-19048 RESERVED CVE-2020-19047 RESERVED CVE-2020-19046 RESERVED CVE-2020-19045 RESERVED CVE-2020-19044 RESERVED CVE-2020-19043 RESERVED CVE-2020-19042 RESERVED CVE-2020-19041 RESERVED CVE-2020-19040 RESERVED CVE-2020-19039 RESERVED CVE-2020-19038 RESERVED CVE-2020-19037 RESERVED CVE-2020-19036 RESERVED CVE-2020-19035 RESERVED CVE-2020-19034 RESERVED CVE-2020-19033 RESERVED CVE-2020-19032 RESERVED CVE-2020-19031 RESERVED CVE-2020-19030 RESERVED CVE-2020-19029 RESERVED CVE-2020-19028 RESERVED CVE-2020-19027 RESERVED CVE-2020-19026 RESERVED CVE-2020-19025 RESERVED CVE-2020-19024 RESERVED CVE-2020-19023 RESERVED CVE-2020-19022 RESERVED CVE-2020-19021 RESERVED CVE-2020-19020 RESERVED CVE-2020-19019 RESERVED CVE-2020-19018 RESERVED CVE-2020-19017 RESERVED CVE-2020-19016 RESERVED CVE-2020-19015 RESERVED CVE-2020-19014 RESERVED CVE-2020-19013 RESERVED CVE-2020-19012 RESERVED CVE-2020-19011 RESERVED CVE-2020-19010 RESERVED CVE-2020-19009 RESERVED CVE-2020-19008 RESERVED CVE-2020-19007 (Halo blog 1.2.0 allows users to submit comments on blog posts via /api ...) NOT-FOR-US: Halo blog CVE-2020-19006 RESERVED CVE-2020-19005 (zrlog v2.1.0 has a vulnerability with the permission check. If admin a ...) NOT-FOR-US: zrlog CVE-2020-19004 RESERVED CVE-2020-19003 RESERVED CVE-2020-19002 RESERVED CVE-2020-19001 RESERVED CVE-2020-19000 RESERVED CVE-2020-18999 RESERVED CVE-2020-18998 RESERVED CVE-2020-18997 RESERVED CVE-2020-18996 RESERVED CVE-2020-18995 RESERVED CVE-2020-18994 RESERVED CVE-2020-18993 RESERVED CVE-2020-18992 RESERVED CVE-2020-18991 RESERVED CVE-2020-18990 RESERVED CVE-2020-18989 RESERVED CVE-2020-18988 RESERVED CVE-2020-18987 RESERVED CVE-2020-18986 RESERVED CVE-2020-18985 RESERVED CVE-2020-18984 RESERVED CVE-2020-18983 RESERVED CVE-2020-18982 RESERVED CVE-2020-18981 RESERVED CVE-2020-18980 RESERVED CVE-2020-18979 RESERVED CVE-2020-18978 RESERVED CVE-2020-18977 RESERVED CVE-2020-18976 RESERVED CVE-2020-18975 RESERVED CVE-2020-18974 RESERVED CVE-2020-18973 RESERVED CVE-2020-18972 RESERVED CVE-2020-18971 RESERVED CVE-2020-18970 RESERVED CVE-2020-18969 RESERVED CVE-2020-18968 RESERVED CVE-2020-18967 RESERVED CVE-2020-18966 RESERVED CVE-2020-18965 RESERVED CVE-2020-18964 RESERVED CVE-2020-18963 RESERVED CVE-2020-18962 RESERVED CVE-2020-18961 RESERVED CVE-2020-18960 RESERVED CVE-2020-18959 RESERVED CVE-2020-18958 RESERVED CVE-2020-18957 RESERVED CVE-2020-18956 RESERVED CVE-2020-18955 RESERVED CVE-2020-18954 RESERVED CVE-2020-18953 RESERVED CVE-2020-18952 RESERVED CVE-2020-18951 RESERVED CVE-2020-18950 RESERVED CVE-2020-18949 RESERVED CVE-2020-18948 RESERVED CVE-2020-18947 RESERVED CVE-2020-18946 RESERVED CVE-2020-18945 RESERVED CVE-2020-18944 RESERVED CVE-2020-18943 RESERVED CVE-2020-18942 RESERVED CVE-2020-18941 RESERVED CVE-2020-18940 RESERVED CVE-2020-18939 RESERVED CVE-2020-18938 RESERVED CVE-2020-18937 RESERVED CVE-2020-18936 RESERVED CVE-2020-18935 RESERVED CVE-2020-18934 RESERVED CVE-2020-18933 RESERVED CVE-2020-18932 RESERVED CVE-2020-18931 RESERVED CVE-2020-18930 RESERVED CVE-2020-18929 RESERVED CVE-2020-18928 RESERVED CVE-2020-18927 RESERVED CVE-2020-18926 RESERVED CVE-2020-18925 RESERVED CVE-2020-18924 RESERVED CVE-2020-18923 RESERVED CVE-2020-18922 RESERVED CVE-2020-18921 RESERVED CVE-2020-18920 RESERVED CVE-2020-18919 RESERVED CVE-2020-18918 RESERVED CVE-2020-18917 RESERVED CVE-2020-18916 RESERVED CVE-2020-18915 RESERVED CVE-2020-18914 RESERVED CVE-2020-18913 RESERVED CVE-2020-18912 RESERVED CVE-2020-18911 RESERVED CVE-2020-18910 RESERVED CVE-2020-18909 RESERVED CVE-2020-18908 RESERVED CVE-2020-18907 RESERVED CVE-2020-18906 RESERVED CVE-2020-18905 RESERVED CVE-2020-18904 RESERVED CVE-2020-18903 RESERVED CVE-2020-18902 RESERVED CVE-2020-18901 RESERVED CVE-2020-18900 RESERVED CVE-2020-18899 RESERVED CVE-2020-18898 RESERVED CVE-2020-18897 RESERVED CVE-2020-18896 RESERVED CVE-2020-18895 RESERVED CVE-2020-18894 RESERVED CVE-2020-18893 RESERVED CVE-2020-18892 RESERVED CVE-2020-18891 RESERVED CVE-2020-18890 RESERVED CVE-2020-18889 RESERVED CVE-2020-18888 RESERVED CVE-2020-18887 RESERVED CVE-2020-18886 RESERVED CVE-2020-18885 RESERVED CVE-2020-18884 RESERVED CVE-2020-18883 RESERVED CVE-2020-18882 RESERVED CVE-2020-18881 RESERVED CVE-2020-18880 RESERVED CVE-2020-18879 RESERVED CVE-2020-18878 RESERVED CVE-2020-18877 RESERVED CVE-2020-18876 RESERVED CVE-2020-18875 RESERVED CVE-2020-18874 RESERVED CVE-2020-18873 RESERVED CVE-2020-18872 RESERVED CVE-2020-18871 RESERVED CVE-2020-18870 RESERVED CVE-2020-18869 RESERVED CVE-2020-18868 RESERVED CVE-2020-18867 RESERVED CVE-2020-18866 RESERVED CVE-2020-18865 RESERVED CVE-2020-18864 RESERVED CVE-2020-18863 RESERVED CVE-2020-18862 RESERVED CVE-2020-18861 RESERVED CVE-2020-18860 RESERVED CVE-2020-18859 RESERVED CVE-2020-18858 RESERVED CVE-2020-18857 RESERVED CVE-2020-18856 RESERVED CVE-2020-18855 RESERVED CVE-2020-18854 RESERVED CVE-2020-18853 RESERVED CVE-2020-18852 RESERVED CVE-2020-18851 RESERVED CVE-2020-18850 RESERVED CVE-2020-18849 RESERVED CVE-2020-18848 RESERVED CVE-2020-18847 RESERVED CVE-2020-18846 RESERVED CVE-2020-18845 RESERVED CVE-2020-18844 RESERVED CVE-2020-18843 RESERVED CVE-2020-18842 RESERVED CVE-2020-18841 RESERVED CVE-2020-18840 RESERVED CVE-2020-18839 RESERVED CVE-2020-18838 RESERVED CVE-2020-18837 RESERVED CVE-2020-18836 RESERVED CVE-2020-18835 RESERVED CVE-2020-18834 RESERVED CVE-2020-18833 RESERVED CVE-2020-18832 RESERVED CVE-2020-18831 RESERVED CVE-2020-18830 RESERVED CVE-2020-18829 RESERVED CVE-2020-18828 RESERVED CVE-2020-18827 RESERVED CVE-2020-18826 RESERVED CVE-2020-18825 RESERVED CVE-2020-18824 RESERVED CVE-2020-18823 RESERVED CVE-2020-18822 RESERVED CVE-2020-18821 RESERVED CVE-2020-18820 RESERVED CVE-2020-18819 RESERVED CVE-2020-18818 RESERVED CVE-2020-18817 RESERVED CVE-2020-18816 RESERVED CVE-2020-18815 RESERVED CVE-2020-18814 RESERVED CVE-2020-18813 RESERVED CVE-2020-18812 RESERVED CVE-2020-18811 RESERVED CVE-2020-18810 RESERVED CVE-2020-18809 RESERVED CVE-2020-18808 RESERVED CVE-2020-18807 RESERVED CVE-2020-18806 RESERVED CVE-2020-18805 RESERVED CVE-2020-18804 RESERVED CVE-2020-18803 RESERVED CVE-2020-18802 RESERVED CVE-2020-18801 RESERVED CVE-2020-18800 RESERVED CVE-2020-18799 RESERVED CVE-2020-18798 RESERVED CVE-2020-18797 RESERVED CVE-2020-18796 RESERVED CVE-2020-18795 RESERVED CVE-2020-18794 RESERVED CVE-2020-18793 RESERVED CVE-2020-18792 RESERVED CVE-2020-18791 RESERVED CVE-2020-18790 RESERVED CVE-2020-18789 RESERVED CVE-2020-18788 RESERVED CVE-2020-18787 RESERVED CVE-2020-18786 RESERVED CVE-2020-18785 RESERVED CVE-2020-18784 RESERVED CVE-2020-18783 RESERVED CVE-2020-18782 RESERVED CVE-2020-18781 RESERVED CVE-2020-18780 RESERVED CVE-2020-18779 RESERVED CVE-2020-18778 RESERVED CVE-2020-18777 RESERVED CVE-2020-18776 RESERVED CVE-2020-18775 RESERVED CVE-2020-18774 RESERVED CVE-2020-18773 RESERVED CVE-2020-18772 RESERVED CVE-2020-18771 RESERVED CVE-2020-18770 RESERVED CVE-2020-18769 RESERVED CVE-2020-18768 RESERVED CVE-2020-18767 RESERVED CVE-2020-18766 RESERVED CVE-2020-18765 RESERVED CVE-2020-18764 RESERVED CVE-2020-18763 RESERVED CVE-2020-18762 RESERVED CVE-2020-18761 RESERVED CVE-2020-18760 RESERVED CVE-2020-18759 RESERVED CVE-2020-18758 RESERVED CVE-2020-18757 RESERVED CVE-2020-18756 RESERVED CVE-2020-18755 RESERVED CVE-2020-18754 RESERVED CVE-2020-18753 RESERVED CVE-2020-18752 RESERVED CVE-2020-18751 RESERVED CVE-2020-18750 RESERVED CVE-2020-18749 RESERVED CVE-2020-18748 RESERVED CVE-2020-18747 RESERVED CVE-2020-18746 RESERVED CVE-2020-18745 RESERVED CVE-2020-18744 RESERVED CVE-2020-18743 RESERVED CVE-2020-18742 RESERVED CVE-2020-18741 RESERVED CVE-2020-18740 RESERVED CVE-2020-18739 RESERVED CVE-2020-18738 RESERVED CVE-2020-18737 RESERVED CVE-2020-18736 RESERVED CVE-2020-18735 RESERVED CVE-2020-18734 RESERVED CVE-2020-18733 RESERVED CVE-2020-18732 RESERVED CVE-2020-18731 RESERVED CVE-2020-18730 RESERVED CVE-2020-18729 RESERVED CVE-2020-18728 RESERVED CVE-2020-18727 RESERVED CVE-2020-18726 RESERVED CVE-2020-18725 RESERVED CVE-2020-18724 RESERVED CVE-2020-18723 RESERVED CVE-2020-18722 RESERVED CVE-2020-18721 RESERVED CVE-2020-18720 RESERVED CVE-2020-18719 RESERVED CVE-2020-18718 RESERVED CVE-2020-18717 RESERVED CVE-2020-18716 RESERVED CVE-2020-18715 RESERVED CVE-2020-18714 RESERVED CVE-2020-18713 RESERVED CVE-2020-18712 RESERVED CVE-2020-18711 RESERVED CVE-2020-18710 RESERVED CVE-2020-18709 RESERVED CVE-2020-18708 RESERVED CVE-2020-18707 RESERVED CVE-2020-18706 RESERVED CVE-2020-18705 RESERVED CVE-2020-18704 RESERVED CVE-2020-18703 RESERVED CVE-2020-18702 RESERVED CVE-2020-18701 RESERVED CVE-2020-18700 RESERVED CVE-2020-18699 RESERVED CVE-2020-18698 RESERVED CVE-2020-18697 RESERVED CVE-2020-18696 RESERVED CVE-2020-18695 RESERVED CVE-2020-18694 RESERVED CVE-2020-18693 RESERVED CVE-2020-18692 RESERVED CVE-2020-18691 RESERVED CVE-2020-18690 RESERVED CVE-2020-18689 RESERVED CVE-2020-18688 RESERVED CVE-2020-18687 RESERVED CVE-2020-18686 RESERVED CVE-2020-18685 RESERVED CVE-2020-18684 RESERVED CVE-2020-18683 RESERVED CVE-2020-18682 RESERVED CVE-2020-18681 RESERVED CVE-2020-18680 RESERVED CVE-2020-18679 RESERVED CVE-2020-18678 RESERVED CVE-2020-18677 RESERVED CVE-2020-18676 RESERVED CVE-2020-18675 RESERVED CVE-2020-18674 RESERVED CVE-2020-18673 RESERVED CVE-2020-18672 RESERVED CVE-2020-18671 RESERVED CVE-2020-18670 RESERVED CVE-2020-18669 RESERVED CVE-2020-18668 RESERVED CVE-2020-18667 RESERVED CVE-2020-18666 RESERVED CVE-2020-18665 RESERVED CVE-2020-18664 RESERVED CVE-2020-18663 RESERVED CVE-2020-18662 RESERVED CVE-2020-18661 RESERVED CVE-2020-18660 RESERVED CVE-2020-18659 RESERVED CVE-2020-18658 RESERVED CVE-2020-18657 RESERVED CVE-2020-18656 RESERVED CVE-2020-18655 RESERVED CVE-2020-18654 RESERVED CVE-2020-18653 RESERVED CVE-2020-18652 RESERVED CVE-2020-18651 RESERVED CVE-2020-18650 RESERVED CVE-2020-18649 RESERVED CVE-2020-18648 RESERVED CVE-2020-18647 RESERVED CVE-2020-18646 RESERVED CVE-2020-18645 RESERVED CVE-2020-18644 RESERVED CVE-2020-18643 RESERVED CVE-2020-18642 RESERVED CVE-2020-18641 RESERVED CVE-2020-18640 RESERVED CVE-2020-18639 RESERVED CVE-2020-18638 RESERVED CVE-2020-18637 RESERVED CVE-2020-18636 RESERVED CVE-2020-18635 RESERVED CVE-2020-18634 RESERVED CVE-2020-18633 RESERVED CVE-2020-18632 RESERVED CVE-2020-18631 RESERVED CVE-2020-18630 RESERVED CVE-2020-18629 RESERVED CVE-2020-18628 RESERVED CVE-2020-18627 RESERVED CVE-2020-18626 RESERVED CVE-2020-18625 RESERVED CVE-2020-18624 RESERVED CVE-2020-18623 RESERVED CVE-2020-18622 RESERVED CVE-2020-18621 RESERVED CVE-2020-18620 RESERVED CVE-2020-18619 RESERVED CVE-2020-18618 RESERVED CVE-2020-18617 RESERVED CVE-2020-18616 RESERVED CVE-2020-18615 RESERVED CVE-2020-18614 RESERVED CVE-2020-18613 RESERVED CVE-2020-18612 RESERVED CVE-2020-18611 RESERVED CVE-2020-18610 RESERVED CVE-2020-18609 RESERVED CVE-2020-18608 RESERVED CVE-2020-18607 RESERVED CVE-2020-18606 RESERVED CVE-2020-18605 RESERVED CVE-2020-18604 RESERVED CVE-2020-18603 RESERVED CVE-2020-18602 RESERVED CVE-2020-18601 RESERVED CVE-2020-18600 RESERVED CVE-2020-18599 RESERVED CVE-2020-18598 RESERVED CVE-2020-18597 RESERVED CVE-2020-18596 RESERVED CVE-2020-18595 RESERVED CVE-2020-18594 RESERVED CVE-2020-18593 RESERVED CVE-2020-18592 RESERVED CVE-2020-18591 RESERVED CVE-2020-18590 RESERVED CVE-2020-18589 RESERVED CVE-2020-18588 RESERVED CVE-2020-18587 RESERVED CVE-2020-18586 RESERVED CVE-2020-18585 RESERVED CVE-2020-18584 RESERVED CVE-2020-18583 RESERVED CVE-2020-18582 RESERVED CVE-2020-18581 RESERVED CVE-2020-18580 RESERVED CVE-2020-18579 RESERVED CVE-2020-18578 RESERVED CVE-2020-18577 RESERVED CVE-2020-18576 RESERVED CVE-2020-18575 RESERVED CVE-2020-18574 RESERVED CVE-2020-18573 RESERVED CVE-2020-18572 RESERVED CVE-2020-18571 RESERVED CVE-2020-18570 RESERVED CVE-2020-18569 RESERVED CVE-2020-18568 RESERVED CVE-2020-18567 RESERVED CVE-2020-18566 RESERVED CVE-2020-18565 RESERVED CVE-2020-18564 RESERVED CVE-2020-18563 RESERVED CVE-2020-18562 RESERVED CVE-2020-18561 RESERVED CVE-2020-18560 RESERVED CVE-2020-18559 RESERVED CVE-2020-18558 RESERVED CVE-2020-18557 RESERVED CVE-2020-18556 RESERVED CVE-2020-18555 RESERVED CVE-2020-18554 RESERVED CVE-2020-18553 RESERVED CVE-2020-18552 RESERVED CVE-2020-18551 RESERVED CVE-2020-18550 RESERVED CVE-2020-18549 RESERVED CVE-2020-18548 RESERVED CVE-2020-18547 RESERVED CVE-2020-18546 RESERVED CVE-2020-18545 RESERVED CVE-2020-18544 RESERVED CVE-2020-18543 RESERVED CVE-2020-18542 RESERVED CVE-2020-18541 RESERVED CVE-2020-18540 RESERVED CVE-2020-18539 RESERVED CVE-2020-18538 RESERVED CVE-2020-18537 RESERVED CVE-2020-18536 RESERVED CVE-2020-18535 RESERVED CVE-2020-18534 RESERVED CVE-2020-18533 RESERVED CVE-2020-18532 RESERVED CVE-2020-18531 RESERVED CVE-2020-18530 RESERVED CVE-2020-18529 RESERVED CVE-2020-18528 RESERVED CVE-2020-18527 RESERVED CVE-2020-18526 RESERVED CVE-2020-18525 RESERVED CVE-2020-18524 RESERVED CVE-2020-18523 RESERVED CVE-2020-18522 RESERVED CVE-2020-18521 RESERVED CVE-2020-18520 RESERVED CVE-2020-18519 RESERVED CVE-2020-18518 RESERVED CVE-2020-18517 RESERVED CVE-2020-18516 RESERVED CVE-2020-18515 RESERVED CVE-2020-18514 RESERVED CVE-2020-18513 RESERVED CVE-2020-18512 RESERVED CVE-2020-18511 RESERVED CVE-2020-18510 RESERVED CVE-2020-18509 RESERVED CVE-2020-18508 RESERVED CVE-2020-18507 RESERVED CVE-2020-18506 RESERVED CVE-2020-18505 RESERVED CVE-2020-18504 RESERVED CVE-2020-18503 RESERVED CVE-2020-18502 RESERVED CVE-2020-18501 RESERVED CVE-2020-18500 RESERVED CVE-2020-18499 RESERVED CVE-2020-18498 RESERVED CVE-2020-18497 RESERVED CVE-2020-18496 RESERVED CVE-2020-18495 RESERVED CVE-2020-18494 RESERVED CVE-2020-18493 RESERVED CVE-2020-18492 RESERVED CVE-2020-18491 RESERVED CVE-2020-18490 RESERVED CVE-2020-18489 RESERVED CVE-2020-18488 RESERVED CVE-2020-18487 RESERVED CVE-2020-18486 RESERVED CVE-2020-18485 RESERVED CVE-2020-18484 RESERVED CVE-2020-18483 RESERVED CVE-2020-18482 RESERVED CVE-2020-18481 RESERVED CVE-2020-18480 RESERVED CVE-2020-18479 RESERVED CVE-2020-18478 RESERVED CVE-2020-18477 RESERVED CVE-2020-18476 RESERVED CVE-2020-18475 RESERVED CVE-2020-18474 RESERVED CVE-2020-18473 RESERVED CVE-2020-18472 RESERVED CVE-2020-18471 RESERVED CVE-2020-18470 RESERVED CVE-2020-18469 RESERVED CVE-2020-18468 RESERVED CVE-2020-18467 RESERVED CVE-2020-18466 RESERVED CVE-2020-18465 RESERVED CVE-2020-18464 RESERVED CVE-2020-18463 RESERVED CVE-2020-18462 RESERVED CVE-2020-18461 RESERVED CVE-2020-18460 RESERVED CVE-2020-18459 RESERVED CVE-2020-18458 RESERVED CVE-2020-18457 RESERVED CVE-2020-18456 RESERVED CVE-2020-18455 RESERVED CVE-2020-18454 RESERVED CVE-2020-18453 RESERVED CVE-2020-18452 RESERVED CVE-2020-18451 RESERVED CVE-2020-18450 RESERVED CVE-2020-18449 RESERVED CVE-2020-18448 RESERVED CVE-2020-18447 RESERVED CVE-2020-18446 RESERVED CVE-2020-18445 RESERVED CVE-2020-18444 RESERVED CVE-2020-18443 RESERVED CVE-2020-18442 RESERVED CVE-2020-18441 RESERVED CVE-2020-18440 RESERVED CVE-2020-18439 RESERVED CVE-2020-18438 RESERVED CVE-2020-18437 RESERVED CVE-2020-18436 RESERVED CVE-2020-18435 RESERVED CVE-2020-18434 RESERVED CVE-2020-18433 RESERVED CVE-2020-18432 RESERVED CVE-2020-18431 RESERVED CVE-2020-18430 RESERVED CVE-2020-18429 RESERVED CVE-2020-18428 RESERVED CVE-2020-18427 RESERVED CVE-2020-18426 RESERVED CVE-2020-18425 RESERVED CVE-2020-18424 RESERVED CVE-2020-18423 RESERVED CVE-2020-18422 RESERVED CVE-2020-18421 RESERVED CVE-2020-18420 RESERVED CVE-2020-18419 RESERVED CVE-2020-18418 RESERVED CVE-2020-18417 RESERVED CVE-2020-18416 RESERVED CVE-2020-18415 RESERVED CVE-2020-18414 RESERVED CVE-2020-18413 RESERVED CVE-2020-18412 RESERVED CVE-2020-18411 RESERVED CVE-2020-18410 RESERVED CVE-2020-18409 RESERVED CVE-2020-18408 RESERVED CVE-2020-18407 RESERVED CVE-2020-18406 RESERVED CVE-2020-18405 RESERVED CVE-2020-18404 RESERVED CVE-2020-18403 RESERVED CVE-2020-18402 RESERVED CVE-2020-18401 RESERVED CVE-2020-18400 RESERVED CVE-2020-18399 RESERVED CVE-2020-18398 RESERVED CVE-2020-18397 RESERVED CVE-2020-18396 RESERVED CVE-2020-18395 RESERVED CVE-2020-18394 RESERVED CVE-2020-18393 RESERVED CVE-2020-18392 RESERVED CVE-2020-18391 RESERVED CVE-2020-18390 RESERVED CVE-2020-18389 RESERVED CVE-2020-18388 RESERVED CVE-2020-18387 RESERVED CVE-2020-18386 RESERVED CVE-2020-18385 RESERVED CVE-2020-18384 RESERVED CVE-2020-18383 RESERVED CVE-2020-18382 RESERVED CVE-2020-18381 RESERVED CVE-2020-18380 RESERVED CVE-2020-18379 RESERVED CVE-2020-18378 RESERVED CVE-2020-18377 RESERVED CVE-2020-18376 RESERVED CVE-2020-18375 RESERVED CVE-2020-18374 RESERVED CVE-2020-18373 RESERVED CVE-2020-18372 RESERVED CVE-2020-18371 RESERVED CVE-2020-18370 RESERVED CVE-2020-18369 RESERVED CVE-2020-18368 RESERVED CVE-2020-18367 RESERVED CVE-2020-18366 RESERVED CVE-2020-18365 RESERVED CVE-2020-18364 RESERVED CVE-2020-18363 RESERVED CVE-2020-18362 RESERVED CVE-2020-18361 RESERVED CVE-2020-18360 RESERVED CVE-2020-18359 RESERVED CVE-2020-18358 RESERVED CVE-2020-18357 RESERVED CVE-2020-18356 RESERVED CVE-2020-18355 RESERVED CVE-2020-18354 RESERVED CVE-2020-18353 RESERVED CVE-2020-18352 RESERVED CVE-2020-18351 RESERVED CVE-2020-18350 RESERVED CVE-2020-18349 RESERVED CVE-2020-18348 RESERVED CVE-2020-18347 RESERVED CVE-2020-18346 RESERVED CVE-2020-18345 RESERVED CVE-2020-18344 RESERVED CVE-2020-18343 RESERVED CVE-2020-18342 RESERVED CVE-2020-18341 RESERVED CVE-2020-18340 RESERVED CVE-2020-18339 RESERVED CVE-2020-18338 RESERVED CVE-2020-18337 RESERVED CVE-2020-18336 RESERVED CVE-2020-18335 RESERVED CVE-2020-18334 RESERVED CVE-2020-18333 RESERVED CVE-2020-18332 RESERVED CVE-2020-18331 RESERVED CVE-2020-18330 RESERVED CVE-2020-18329 RESERVED CVE-2020-18328 RESERVED CVE-2020-18327 RESERVED CVE-2020-18326 RESERVED CVE-2020-18325 RESERVED CVE-2020-18324 RESERVED CVE-2020-18323 RESERVED CVE-2020-18322 RESERVED CVE-2020-18321 RESERVED CVE-2020-18320 RESERVED CVE-2020-18319 RESERVED CVE-2020-18318 RESERVED CVE-2020-18317 RESERVED CVE-2020-18316 RESERVED CVE-2020-18315 RESERVED CVE-2020-18314 RESERVED CVE-2020-18313 RESERVED CVE-2020-18312 RESERVED CVE-2020-18311 RESERVED CVE-2020-18310 RESERVED CVE-2020-18309 RESERVED CVE-2020-18308 RESERVED CVE-2020-18307 RESERVED CVE-2020-18306 RESERVED CVE-2020-18305 RESERVED CVE-2020-18304 RESERVED CVE-2020-18303 RESERVED CVE-2020-18302 RESERVED CVE-2020-18301 RESERVED CVE-2020-18300 RESERVED CVE-2020-18299 RESERVED CVE-2020-18298 RESERVED CVE-2020-18297 RESERVED CVE-2020-18296 RESERVED CVE-2020-18295 RESERVED CVE-2020-18294 RESERVED CVE-2020-18293 RESERVED CVE-2020-18292 RESERVED CVE-2020-18291 RESERVED CVE-2020-18290 RESERVED CVE-2020-18289 RESERVED CVE-2020-18288 RESERVED CVE-2020-18287 RESERVED CVE-2020-18286 RESERVED CVE-2020-18285 RESERVED CVE-2020-18284 RESERVED CVE-2020-18283 RESERVED CVE-2020-18282 RESERVED CVE-2020-18281 RESERVED CVE-2020-18280 RESERVED CVE-2020-18279 RESERVED CVE-2020-18278 RESERVED CVE-2020-18277 RESERVED CVE-2020-18276 RESERVED CVE-2020-18275 RESERVED CVE-2020-18274 RESERVED CVE-2020-18273 RESERVED CVE-2020-18272 RESERVED CVE-2020-18271 RESERVED CVE-2020-18270 RESERVED CVE-2020-18269 RESERVED CVE-2020-18268 RESERVED CVE-2020-18267 RESERVED CVE-2020-18266 RESERVED CVE-2020-18265 RESERVED CVE-2020-18264 RESERVED CVE-2020-18263 RESERVED CVE-2020-18262 RESERVED CVE-2020-18261 RESERVED CVE-2020-18260 RESERVED CVE-2020-18259 RESERVED CVE-2020-18258 RESERVED CVE-2020-18257 RESERVED CVE-2020-18256 RESERVED CVE-2020-18255 RESERVED CVE-2020-18254 RESERVED CVE-2020-18253 RESERVED CVE-2020-18252 RESERVED CVE-2020-18251 RESERVED CVE-2020-18250 RESERVED CVE-2020-18249 RESERVED CVE-2020-18248 RESERVED CVE-2020-18247 RESERVED CVE-2020-18246 RESERVED CVE-2020-18245 RESERVED CVE-2020-18244 RESERVED CVE-2020-18243 RESERVED CVE-2020-18242 RESERVED CVE-2020-18241 RESERVED CVE-2020-18240 RESERVED CVE-2020-18239 RESERVED CVE-2020-18238 RESERVED CVE-2020-18237 RESERVED CVE-2020-18236 RESERVED CVE-2020-18235 RESERVED CVE-2020-18234 RESERVED CVE-2020-18233 RESERVED CVE-2020-18232 RESERVED CVE-2020-18231 RESERVED CVE-2020-18230 RESERVED CVE-2020-18229 RESERVED CVE-2020-18228 RESERVED CVE-2020-18227 RESERVED CVE-2020-18226 RESERVED CVE-2020-18225 RESERVED CVE-2020-18224 RESERVED CVE-2020-18223 RESERVED CVE-2020-18222 RESERVED CVE-2020-18221 RESERVED CVE-2020-18220 RESERVED CVE-2020-18219 RESERVED CVE-2020-18218 RESERVED CVE-2020-18217 RESERVED CVE-2020-18216 RESERVED CVE-2020-18215 RESERVED CVE-2020-18214 RESERVED CVE-2020-18213 RESERVED CVE-2020-18212 RESERVED CVE-2020-18211 RESERVED CVE-2020-18210 RESERVED CVE-2020-18209 RESERVED CVE-2020-18208 RESERVED CVE-2020-18207 RESERVED CVE-2020-18206 RESERVED CVE-2020-18205 RESERVED CVE-2020-18204 RESERVED CVE-2020-18203 RESERVED CVE-2020-18202 RESERVED CVE-2020-18201 RESERVED CVE-2020-18200 RESERVED CVE-2020-18199 RESERVED CVE-2020-18198 RESERVED CVE-2020-18197 RESERVED CVE-2020-18196 RESERVED CVE-2020-18195 RESERVED CVE-2020-18194 RESERVED CVE-2020-18193 RESERVED CVE-2020-18192 RESERVED CVE-2020-18191 RESERVED CVE-2020-18190 RESERVED CVE-2020-18189 RESERVED CVE-2020-18188 RESERVED CVE-2020-18187 RESERVED CVE-2020-18186 RESERVED CVE-2020-18185 RESERVED CVE-2020-18184 RESERVED CVE-2020-18183 RESERVED CVE-2020-18182 RESERVED CVE-2020-18181 RESERVED CVE-2020-18180 RESERVED CVE-2020-18179 RESERVED CVE-2020-18178 RESERVED CVE-2020-18177 RESERVED CVE-2020-18176 RESERVED CVE-2020-18175 RESERVED CVE-2020-18174 RESERVED CVE-2020-18173 RESERVED CVE-2020-18172 RESERVED CVE-2020-18171 RESERVED CVE-2020-18170 RESERVED CVE-2020-18169 RESERVED CVE-2020-18168 RESERVED CVE-2020-18167 RESERVED CVE-2020-18166 RESERVED CVE-2020-18165 RESERVED CVE-2020-18164 RESERVED CVE-2020-18163 RESERVED CVE-2020-18162 RESERVED CVE-2020-18161 RESERVED CVE-2020-18160 RESERVED CVE-2020-18159 RESERVED CVE-2020-18158 RESERVED CVE-2020-18157 RESERVED CVE-2020-18156 RESERVED CVE-2020-18155 RESERVED CVE-2020-18154 RESERVED CVE-2020-18153 RESERVED CVE-2020-18152 RESERVED CVE-2020-18151 RESERVED CVE-2020-18150 RESERVED CVE-2020-18149 RESERVED CVE-2020-18148 RESERVED CVE-2020-18147 RESERVED CVE-2020-18146 RESERVED CVE-2020-18145 RESERVED CVE-2020-18144 RESERVED CVE-2020-18143 RESERVED CVE-2020-18142 RESERVED CVE-2020-18141 RESERVED CVE-2020-18140 RESERVED CVE-2020-18139 RESERVED CVE-2020-18138 RESERVED CVE-2020-18137 RESERVED CVE-2020-18136 RESERVED CVE-2020-18135 RESERVED CVE-2020-18134 RESERVED CVE-2020-18133 RESERVED CVE-2020-18132 RESERVED CVE-2020-18131 RESERVED CVE-2020-18130 RESERVED CVE-2020-18129 RESERVED CVE-2020-18128 RESERVED CVE-2020-18127 RESERVED CVE-2020-18126 RESERVED CVE-2020-18125 RESERVED CVE-2020-18124 RESERVED CVE-2020-18123 RESERVED CVE-2020-18122 RESERVED CVE-2020-18121 RESERVED CVE-2020-18120 RESERVED CVE-2020-18119 RESERVED CVE-2020-18118 RESERVED CVE-2020-18117 RESERVED CVE-2020-18116 RESERVED CVE-2020-18115 RESERVED CVE-2020-18114 RESERVED CVE-2020-18113 RESERVED CVE-2020-18112 RESERVED CVE-2020-18111 RESERVED CVE-2020-18110 RESERVED CVE-2020-18109 RESERVED CVE-2020-18108 RESERVED CVE-2020-18107 RESERVED CVE-2020-18106 RESERVED CVE-2020-18105 RESERVED CVE-2020-18104 RESERVED CVE-2020-18103 RESERVED CVE-2020-18102 RESERVED CVE-2020-18101 RESERVED CVE-2020-18100 RESERVED CVE-2020-18099 RESERVED CVE-2020-18098 RESERVED CVE-2020-18097 RESERVED CVE-2020-18096 RESERVED CVE-2020-18095 RESERVED CVE-2020-18094 RESERVED CVE-2020-18093 RESERVED CVE-2020-18092 RESERVED CVE-2020-18091 RESERVED CVE-2020-18090 RESERVED CVE-2020-18089 RESERVED CVE-2020-18088 RESERVED CVE-2020-18087 RESERVED CVE-2020-18086 RESERVED CVE-2020-18085 RESERVED CVE-2020-18084 RESERVED CVE-2020-18083 RESERVED CVE-2020-18082 RESERVED CVE-2020-18081 RESERVED CVE-2020-18080 RESERVED CVE-2020-18079 RESERVED CVE-2020-18078 RESERVED CVE-2020-18077 RESERVED CVE-2020-18076 RESERVED CVE-2020-18075 RESERVED CVE-2020-18074 RESERVED CVE-2020-18073 RESERVED CVE-2020-18072 RESERVED CVE-2020-18071 RESERVED CVE-2020-18070 RESERVED CVE-2020-18069 RESERVED CVE-2020-18068 RESERVED CVE-2020-18067 RESERVED CVE-2020-18066 RESERVED CVE-2020-18065 RESERVED CVE-2020-18064 RESERVED CVE-2020-18063 RESERVED CVE-2020-18062 RESERVED CVE-2020-18061 RESERVED CVE-2020-18060 RESERVED CVE-2020-18059 RESERVED CVE-2020-18058 RESERVED CVE-2020-18057 RESERVED CVE-2020-18056 RESERVED CVE-2020-18055 RESERVED CVE-2020-18054 RESERVED CVE-2020-18053 RESERVED CVE-2020-18052 RESERVED CVE-2020-18051 RESERVED CVE-2020-18050 RESERVED CVE-2020-18049 RESERVED CVE-2020-18048 RESERVED CVE-2020-18047 RESERVED CVE-2020-18046 RESERVED CVE-2020-18045 RESERVED CVE-2020-18044 RESERVED CVE-2020-18043 RESERVED CVE-2020-18042 RESERVED CVE-2020-18041 RESERVED CVE-2020-18040 RESERVED CVE-2020-18039 RESERVED CVE-2020-18038 RESERVED CVE-2020-18037 RESERVED CVE-2020-18036 RESERVED CVE-2020-18035 RESERVED CVE-2020-18034 RESERVED CVE-2020-18033 RESERVED CVE-2020-18032 RESERVED CVE-2020-18031 RESERVED CVE-2020-18030 RESERVED CVE-2020-18029 RESERVED CVE-2020-18028 RESERVED CVE-2020-18027 RESERVED CVE-2020-18026 RESERVED CVE-2020-18025 RESERVED CVE-2020-18024 RESERVED CVE-2020-18023 RESERVED CVE-2020-18022 RESERVED CVE-2020-18021 RESERVED CVE-2020-18020 RESERVED CVE-2020-18019 RESERVED CVE-2020-18018 RESERVED CVE-2020-18017 RESERVED CVE-2020-18016 RESERVED CVE-2020-18015 RESERVED CVE-2020-18014 RESERVED CVE-2020-18013 RESERVED CVE-2020-18012 RESERVED CVE-2020-18011 RESERVED CVE-2020-18010 RESERVED CVE-2020-18009 RESERVED CVE-2020-18008 RESERVED CVE-2020-18007 RESERVED CVE-2020-18006 RESERVED CVE-2020-18005 RESERVED CVE-2020-18004 RESERVED CVE-2020-18003 RESERVED CVE-2020-18002 RESERVED CVE-2020-18001 RESERVED CVE-2020-18000 RESERVED CVE-2020-17999 RESERVED CVE-2020-17998 RESERVED CVE-2020-17997 RESERVED CVE-2020-17996 RESERVED CVE-2020-17995 RESERVED CVE-2020-17994 RESERVED CVE-2020-17993 RESERVED CVE-2020-17992 RESERVED CVE-2020-17991 RESERVED CVE-2020-17990 RESERVED CVE-2020-17989 RESERVED CVE-2020-17988 RESERVED CVE-2020-17987 RESERVED CVE-2020-17986 RESERVED CVE-2020-17985 RESERVED CVE-2020-17984 RESERVED CVE-2020-17983 RESERVED CVE-2020-17982 RESERVED CVE-2020-17981 RESERVED CVE-2020-17980 RESERVED CVE-2020-17979 RESERVED CVE-2020-17978 RESERVED CVE-2020-17977 RESERVED CVE-2020-17976 RESERVED CVE-2020-17975 RESERVED CVE-2020-17974 RESERVED CVE-2020-17973 RESERVED CVE-2020-17972 RESERVED CVE-2020-17971 RESERVED CVE-2020-17970 RESERVED CVE-2020-17969 RESERVED CVE-2020-17968 RESERVED CVE-2020-17967 RESERVED CVE-2020-17966 RESERVED CVE-2020-17965 RESERVED CVE-2020-17964 RESERVED CVE-2020-17963 RESERVED CVE-2020-17962 RESERVED CVE-2020-17961 RESERVED CVE-2020-17960 RESERVED CVE-2020-17959 RESERVED CVE-2020-17958 RESERVED CVE-2020-17957 RESERVED CVE-2020-17956 RESERVED CVE-2020-17955 RESERVED CVE-2020-17954 RESERVED CVE-2020-17953 RESERVED CVE-2020-17952 RESERVED CVE-2020-17951 RESERVED CVE-2020-17950 RESERVED CVE-2020-17949 RESERVED CVE-2020-17948 RESERVED CVE-2020-17947 RESERVED CVE-2020-17946 RESERVED CVE-2020-17945 RESERVED CVE-2020-17944 RESERVED CVE-2020-17943 RESERVED CVE-2020-17942 RESERVED CVE-2020-17941 RESERVED CVE-2020-17940 RESERVED CVE-2020-17939 RESERVED CVE-2020-17938 RESERVED CVE-2020-17937 RESERVED CVE-2020-17936 RESERVED CVE-2020-17935 RESERVED CVE-2020-17934 RESERVED CVE-2020-17933 RESERVED CVE-2020-17932 RESERVED CVE-2020-17931 RESERVED CVE-2020-17930 RESERVED CVE-2020-17929 RESERVED CVE-2020-17928 RESERVED CVE-2020-17927 RESERVED CVE-2020-17926 RESERVED CVE-2020-17925 RESERVED CVE-2020-17924 RESERVED CVE-2020-17923 RESERVED CVE-2020-17922 RESERVED CVE-2020-17921 RESERVED CVE-2020-17920 RESERVED CVE-2020-17919 RESERVED CVE-2020-17918 RESERVED CVE-2020-17917 RESERVED CVE-2020-17916 RESERVED CVE-2020-17915 RESERVED CVE-2020-17914 RESERVED CVE-2020-17913 RESERVED CVE-2020-17912 RESERVED CVE-2020-17911 RESERVED CVE-2020-17910 RESERVED CVE-2020-17909 RESERVED CVE-2020-17908 RESERVED CVE-2020-17907 RESERVED CVE-2020-17906 RESERVED CVE-2020-17905 RESERVED CVE-2020-17904 RESERVED CVE-2020-17903 RESERVED CVE-2020-17902 RESERVED CVE-2020-17901 RESERVED CVE-2020-17900 RESERVED CVE-2020-17899 RESERVED CVE-2020-17898 RESERVED CVE-2020-17897 RESERVED CVE-2020-17896 RESERVED CVE-2020-17895 RESERVED CVE-2020-17894 RESERVED CVE-2020-17893 RESERVED CVE-2020-17892 RESERVED CVE-2020-17891 RESERVED CVE-2020-17890 RESERVED CVE-2020-17889 RESERVED CVE-2020-17888 RESERVED CVE-2020-17887 RESERVED CVE-2020-17886 RESERVED CVE-2020-17885 RESERVED CVE-2020-17884 RESERVED CVE-2020-17883 RESERVED CVE-2020-17882 RESERVED CVE-2020-17881 RESERVED CVE-2020-17880 RESERVED CVE-2020-17879 RESERVED CVE-2020-17878 RESERVED CVE-2020-17877 RESERVED CVE-2020-17876 RESERVED CVE-2020-17875 RESERVED CVE-2020-17874 RESERVED CVE-2020-17873 RESERVED CVE-2020-17872 RESERVED CVE-2020-17871 RESERVED CVE-2020-17870 RESERVED CVE-2020-17869 RESERVED CVE-2020-17868 RESERVED CVE-2020-17867 RESERVED CVE-2020-17866 RESERVED CVE-2020-17865 RESERVED CVE-2020-17864 RESERVED CVE-2020-17863 RESERVED CVE-2020-17862 RESERVED CVE-2020-17861 RESERVED CVE-2020-17860 RESERVED CVE-2020-17859 RESERVED CVE-2020-17858 RESERVED CVE-2020-17857 RESERVED CVE-2020-17856 RESERVED CVE-2020-17855 RESERVED CVE-2020-17854 RESERVED CVE-2020-17853 RESERVED CVE-2020-17852 RESERVED CVE-2020-17851 RESERVED CVE-2020-17850 RESERVED CVE-2020-17849 RESERVED CVE-2020-17848 RESERVED CVE-2020-17847 RESERVED CVE-2020-17846 RESERVED CVE-2020-17845 RESERVED CVE-2020-17844 RESERVED CVE-2020-17843 RESERVED CVE-2020-17842 RESERVED CVE-2020-17841 RESERVED CVE-2020-17840 RESERVED CVE-2020-17839 RESERVED CVE-2020-17838 RESERVED CVE-2020-17837 RESERVED CVE-2020-17836 RESERVED CVE-2020-17835 RESERVED CVE-2020-17834 RESERVED CVE-2020-17833 RESERVED CVE-2020-17832 RESERVED CVE-2020-17831 RESERVED CVE-2020-17830 RESERVED CVE-2020-17829 RESERVED CVE-2020-17828 RESERVED CVE-2020-17827 RESERVED CVE-2020-17826 RESERVED CVE-2020-17825 RESERVED CVE-2020-17824 RESERVED CVE-2020-17823 RESERVED CVE-2020-17822 RESERVED CVE-2020-17821 RESERVED CVE-2020-17820 RESERVED CVE-2020-17819 RESERVED CVE-2020-17818 RESERVED CVE-2020-17817 RESERVED CVE-2020-17816 RESERVED CVE-2020-17815 RESERVED CVE-2020-17814 RESERVED CVE-2020-17813 RESERVED CVE-2020-17812 RESERVED CVE-2020-17811 RESERVED CVE-2020-17810 RESERVED CVE-2020-17809 RESERVED CVE-2020-17808 RESERVED CVE-2020-17807 RESERVED CVE-2020-17806 RESERVED CVE-2020-17805 RESERVED CVE-2020-17804 RESERVED CVE-2020-17803 RESERVED CVE-2020-17802 RESERVED CVE-2020-17801 RESERVED CVE-2020-17800 RESERVED CVE-2020-17799 RESERVED CVE-2020-17798 RESERVED CVE-2020-17797 RESERVED CVE-2020-17796 RESERVED CVE-2020-17795 RESERVED CVE-2020-17794 RESERVED CVE-2020-17793 RESERVED CVE-2020-17792 RESERVED CVE-2020-17791 RESERVED CVE-2020-17790 RESERVED CVE-2020-17789 RESERVED CVE-2020-17788 RESERVED CVE-2020-17787 RESERVED CVE-2020-17786 RESERVED CVE-2020-17785 RESERVED CVE-2020-17784 RESERVED CVE-2020-17783 RESERVED CVE-2020-17782 RESERVED CVE-2020-17781 RESERVED CVE-2020-17780 RESERVED CVE-2020-17779 RESERVED CVE-2020-17778 RESERVED CVE-2020-17777 RESERVED CVE-2020-17776 RESERVED CVE-2020-17775 RESERVED CVE-2020-17774 RESERVED CVE-2020-17773 RESERVED CVE-2020-17772 RESERVED CVE-2020-17771 RESERVED CVE-2020-17770 RESERVED CVE-2020-17769 RESERVED CVE-2020-17768 RESERVED CVE-2020-17767 RESERVED CVE-2020-17766 RESERVED CVE-2020-17765 RESERVED CVE-2020-17764 RESERVED CVE-2020-17763 RESERVED CVE-2020-17762 RESERVED CVE-2020-17761 RESERVED CVE-2020-17760 RESERVED CVE-2020-17759 RESERVED CVE-2020-17758 RESERVED CVE-2020-17757 RESERVED CVE-2020-17756 RESERVED CVE-2020-17755 RESERVED CVE-2020-17754 RESERVED CVE-2020-17753 RESERVED CVE-2020-17752 RESERVED CVE-2020-17751 RESERVED CVE-2020-17750 RESERVED CVE-2020-17749 RESERVED CVE-2020-17748 RESERVED CVE-2020-17747 RESERVED CVE-2020-17746 RESERVED CVE-2020-17745 RESERVED CVE-2020-17744 RESERVED CVE-2020-17743 RESERVED CVE-2020-17742 RESERVED CVE-2020-17741 RESERVED CVE-2020-17740 RESERVED CVE-2020-17739 RESERVED CVE-2020-17738 RESERVED CVE-2020-17737 RESERVED CVE-2020-17736 RESERVED CVE-2020-17735 RESERVED CVE-2020-17734 RESERVED CVE-2020-17733 RESERVED CVE-2020-17732 RESERVED CVE-2020-17731 RESERVED CVE-2020-17730 RESERVED CVE-2020-17729 RESERVED CVE-2020-17728 RESERVED CVE-2020-17727 RESERVED CVE-2020-17726 RESERVED CVE-2020-17725 RESERVED CVE-2020-17724 RESERVED CVE-2020-17723 RESERVED CVE-2020-17722 RESERVED CVE-2020-17721 RESERVED CVE-2020-17720 RESERVED CVE-2020-17719 RESERVED CVE-2020-17718 RESERVED CVE-2020-17717 RESERVED CVE-2020-17716 RESERVED CVE-2020-17715 RESERVED CVE-2020-17714 RESERVED CVE-2020-17713 RESERVED CVE-2020-17712 RESERVED CVE-2020-17711 RESERVED CVE-2020-17710 RESERVED CVE-2020-17709 RESERVED CVE-2020-17708 RESERVED CVE-2020-17707 RESERVED CVE-2020-17706 RESERVED CVE-2020-17705 RESERVED CVE-2020-17704 RESERVED CVE-2020-17703 RESERVED CVE-2020-17702 RESERVED CVE-2020-17701 RESERVED CVE-2020-17700 RESERVED CVE-2020-17699 RESERVED CVE-2020-17698 RESERVED CVE-2020-17697 RESERVED CVE-2020-17696 RESERVED CVE-2020-17695 RESERVED CVE-2020-17694 RESERVED CVE-2020-17693 RESERVED CVE-2020-17692 RESERVED CVE-2020-17691 RESERVED CVE-2020-17690 RESERVED CVE-2020-17689 RESERVED CVE-2020-17688 RESERVED CVE-2020-17687 RESERVED CVE-2020-17686 RESERVED CVE-2020-17685 RESERVED CVE-2020-17684 RESERVED CVE-2020-17683 RESERVED CVE-2020-17682 RESERVED CVE-2020-17681 RESERVED CVE-2020-17680 RESERVED CVE-2020-17679 RESERVED CVE-2020-17678 RESERVED CVE-2020-17677 RESERVED CVE-2020-17676 RESERVED CVE-2020-17675 RESERVED CVE-2020-17674 RESERVED CVE-2020-17673 RESERVED CVE-2020-17672 RESERVED CVE-2020-17671 RESERVED CVE-2020-17670 RESERVED CVE-2020-17669 RESERVED CVE-2020-17668 RESERVED CVE-2020-17667 RESERVED CVE-2020-17666 RESERVED CVE-2020-17665 RESERVED CVE-2020-17664 RESERVED CVE-2020-17663 RESERVED CVE-2020-17662 RESERVED CVE-2020-17661 RESERVED CVE-2020-17660 RESERVED CVE-2020-17659 RESERVED CVE-2020-17658 RESERVED CVE-2020-17657 RESERVED CVE-2020-17656 RESERVED CVE-2020-17655 RESERVED CVE-2020-17654 RESERVED CVE-2020-17653 RESERVED CVE-2020-17652 RESERVED CVE-2020-17651 RESERVED CVE-2020-17650 RESERVED CVE-2020-17649 RESERVED CVE-2020-17648 RESERVED CVE-2020-17647 RESERVED CVE-2020-17646 RESERVED CVE-2020-17645 RESERVED CVE-2020-17644 RESERVED CVE-2020-17643 RESERVED CVE-2020-17642 RESERVED CVE-2020-17641 RESERVED CVE-2020-17640 RESERVED CVE-2020-17639 RESERVED CVE-2020-17638 RESERVED CVE-2020-17637 RESERVED CVE-2020-17636 RESERVED CVE-2020-17635 RESERVED CVE-2020-17634 RESERVED CVE-2020-17633 RESERVED CVE-2020-17632 RESERVED CVE-2020-17631 RESERVED CVE-2020-17630 RESERVED CVE-2020-17629 RESERVED CVE-2020-17628 RESERVED CVE-2020-17627 RESERVED CVE-2020-17626 RESERVED CVE-2020-17625 RESERVED CVE-2020-17624 RESERVED CVE-2020-17623 RESERVED CVE-2020-17622 RESERVED CVE-2020-17621 RESERVED CVE-2020-17620 RESERVED CVE-2020-17619 RESERVED CVE-2020-17618 RESERVED CVE-2020-17617 RESERVED CVE-2020-17616 RESERVED CVE-2020-17615 RESERVED CVE-2020-17614 RESERVED CVE-2020-17613 RESERVED CVE-2020-17612 RESERVED CVE-2020-17611 RESERVED CVE-2020-17610 RESERVED CVE-2020-17609 RESERVED CVE-2020-17608 RESERVED CVE-2020-17607 RESERVED CVE-2020-17606 RESERVED CVE-2020-17605 RESERVED CVE-2020-17604 RESERVED CVE-2020-17603 RESERVED CVE-2020-17602 RESERVED CVE-2020-17601 RESERVED CVE-2020-17600 RESERVED CVE-2020-17599 RESERVED CVE-2020-17598 RESERVED CVE-2020-17597 RESERVED CVE-2020-17596 RESERVED CVE-2020-17595 RESERVED CVE-2020-17594 RESERVED CVE-2020-17593 RESERVED CVE-2020-17592 RESERVED CVE-2020-17591 RESERVED CVE-2020-17590 RESERVED CVE-2020-17589 RESERVED CVE-2020-17588 RESERVED CVE-2020-17587 RESERVED CVE-2020-17586 RESERVED CVE-2020-17585 RESERVED CVE-2020-17584 RESERVED CVE-2020-17583 RESERVED CVE-2020-17582 RESERVED CVE-2020-17581 RESERVED CVE-2020-17580 RESERVED CVE-2020-17579 RESERVED CVE-2020-17578 RESERVED CVE-2020-17577 RESERVED CVE-2020-17576 RESERVED CVE-2020-17575 RESERVED CVE-2020-17574 RESERVED CVE-2020-17573 RESERVED CVE-2020-17572 RESERVED CVE-2020-17571 RESERVED CVE-2020-17570 RESERVED CVE-2020-17569 RESERVED CVE-2020-17568 RESERVED CVE-2020-17567 RESERVED CVE-2020-17566 RESERVED CVE-2020-17565 RESERVED CVE-2020-17564 RESERVED CVE-2020-17563 RESERVED CVE-2020-17562 RESERVED CVE-2020-17561 RESERVED CVE-2020-17560 RESERVED CVE-2020-17559 RESERVED CVE-2020-17558 RESERVED CVE-2020-17557 RESERVED CVE-2020-17556 RESERVED CVE-2020-17555 RESERVED CVE-2020-17554 RESERVED CVE-2020-17553 RESERVED CVE-2020-17552 RESERVED CVE-2020-17551 RESERVED CVE-2020-17550 RESERVED CVE-2020-17549 RESERVED CVE-2020-17548 RESERVED CVE-2020-17547 RESERVED CVE-2020-17546 RESERVED CVE-2020-17545 RESERVED CVE-2020-17544 RESERVED CVE-2020-17543 RESERVED CVE-2020-17542 RESERVED CVE-2020-17541 RESERVED CVE-2020-17540 RESERVED CVE-2020-17539 RESERVED CVE-2020-17538 (A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/g ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51) NOTE: chunk #1, see also CVE-2020-16296 CVE-2020-17537 RESERVED CVE-2020-17536 RESERVED CVE-2020-17535 RESERVED CVE-2020-17534 RESERVED CVE-2020-17533 RESERVED CVE-2020-17532 RESERVED CVE-2020-17531 RESERVED CVE-2020-17530 RESERVED CVE-2020-17529 RESERVED CVE-2020-17528 RESERVED CVE-2020-17527 RESERVED CVE-2020-17526 RESERVED CVE-2020-17525 RESERVED CVE-2020-17524 RESERVED CVE-2020-17523 RESERVED CVE-2020-17522 RESERVED CVE-2020-17521 RESERVED CVE-2020-17520 RESERVED CVE-2020-17519 RESERVED CVE-2020-17518 RESERVED CVE-2020-17517 RESERVED CVE-2020-17516 RESERVED CVE-2020-17515 RESERVED CVE-2020-17514 RESERVED CVE-2020-17513 RESERVED CVE-2020-17512 RESERVED CVE-2020-17511 RESERVED CVE-2020-17510 RESERVED CVE-2020-17509 RESERVED CVE-2020-17508 RESERVED CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...) - qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444) [buster] - qtbase-opensource-src (Minor issue) - qt4-x11 (bug #970308) [buster] - qt4-x11 (Minor issue) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308436 (dev branch) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308496 (5.15 branch) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308495 (5.12 branch) CVE-2020-17506 (Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privil ...) NOT-FOR-US: Artica Web Proxy CVE-2020-17505 (Artica Web Proxy 4.30.000000 allows an authenticated remote attacker t ...) NOT-FOR-US: Artica Web Proxy CVE-2020-17504 RESERVED CVE-2020-17503 RESERVED CVE-2020-17502 RESERVED CVE-2020-17501 RESERVED CVE-2020-17500 RESERVED CVE-2020-17499 RESERVED CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...) - wireshark 3.2.6-1 [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Vulnerable compose_tvb code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b NOTE: https://www.wireshark.org/security/wnpa-sec-2020-10.html CVE-2020-17497 (eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to ...) - iwd 1.9-1 (bug #968996) [buster] - iwd (Minor issue) NOTE: https://lists.01.org/hyperkitty/list/iwd@lists.01.org/thread/4GUXL4Z6KZWWZINATGHNJVAEUTS3I7PG/ NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=f22ba5aebb569ca54521afd2babdc1f67e3904ea CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...) NOT-FOR-US: vBulletin CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...) - python-django-celery-results (bug #968305) [buster] - python-django-celery-results (Minor issue) NOTE: https://github.com/celery/django-celery-results/issues/142 CVE-2020-17494 RESERVED CVE-2020-17493 RESERVED CVE-2020-17492 RESERVED CVE-2020-17491 RESERVED CVE-2020-17490 RESERVED CVE-2020-17489 (An issue was discovered in certain configurations of GNOME gnome-shell ...) {DLA-2374-1} - gnome-shell 3.36.5-1 (bug #968311) [buster] - gnome-shell (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/13137aad9db52223e8b62cecbd3456f4a7f66f04 CVE-2020-17488 RESERVED CVE-2020-17487 (radare2 4.5.0 misparses signature information in PE files, causing a s ...) - radare2 NOTE: https://github.com/radareorg/radare2/issues/17431 CVE-2020-17486 RESERVED CVE-2020-17485 RESERVED CVE-2020-17484 RESERVED CVE-2020-17483 RESERVED CVE-2020-17482 RESERVED CVE-2020-17481 RESERVED CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...) - tinymce [buster] - tinymce (Minor issue) NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95 CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...) NOT-FOR-US: jpv CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly conside ...) - libcrypt-perl-perl (bug #907353) CVE-2020-17477 RESERVED CVE-2020-17476 (Mibew Messenger before 3.2.7 allows XSS via a crafted user name. ...) NOT-FOR-US: Mibew Messenger CVE-2020-17475 (Lack of authentication in the network relays used in MEGVII Koala 2.9. ...) NOT-FOR-US: MEGVII Koala CVE-2020-17474 (A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiose ...) NOT-FOR-US: ZKTeco FaceDepot 7B and ZKBiosecurity Server CVE-2020-17473 (Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBio ...) NOT-FOR-US: ZKTeco FaceDepot and ZKBiosecurity Server CVE-2020-17472 RESERVED CVE-2020-17471 RESERVED CVE-2020-17470 RESERVED CVE-2020-17469 RESERVED CVE-2020-17468 RESERVED CVE-2020-17467 RESERVED CVE-2020-17466 (Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by ...) NOT-FOR-US: Turcom TRCwifiZone CVE-2020-17465 (Dashboards and progressiveProfileForms in ForgeRock Identity Manager b ...) NOT-FOR-US: Dashboards and progressiveProfileForms in ForgeRock Identity Manager CVE-2020-17464 REJECTED CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...) NOT-FOR-US: FUEL CMS CVE-2020-17462 (CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload beca ...) NOT-FOR-US: CMS Made Simple CVE-2020-17461 RESERVED CVE-2020-17460 RESERVED CVE-2020-17459 RESERVED CVE-2020-17458 (A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via th ...) NOT-FOR-US: MultiUx CVE-2020-17457 RESERVED CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...) NOT-FOR-US: SEOWON INTECH CVE-2020-17455 RESERVED CVE-2020-17454 RESERVED CVE-2020-17453 RESERVED CVE-2020-17452 (flatCore before 1.5.7 allows upload and execution of a .php file by an ...) NOT-FOR-US: flatCore CMS CVE-2020-17451 (flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pa ...) NOT-FOR-US: flatCore CMS CVE-2020-17450 (PHP-Fusion 9.03 allows XSS on the preview page. ...) NOT-FOR-US: PHP-Fusion CVE-2020-17449 (PHP-Fusion 9.03 allows XSS via the error_log file. ...) NOT-FOR-US: PHP-Fusion CVE-2020-17448 (Telegram Desktop through 2.1.13 allows a spoofed file type to bypass t ...) - telegram-desktop 2.2.0+ds-1 [buster] - telegram-desktop (Minor issue) CVE-2020-17447 REJECTED CVE-2020-17446 (asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger ...) {DLA-2363-1} - asyncpg 0.21.0-1 NOTE: https://github.com/MagicStack/asyncpg/commit/69bcdf5bf7696b98ee708be5408fd7d854e910d0 CVE-2020-17445 RESERVED CVE-2020-17444 RESERVED CVE-2020-17443 RESERVED CVE-2020-17442 RESERVED CVE-2020-17441 RESERVED CVE-2020-17440 RESERVED CVE-2020-17439 RESERVED CVE-2020-17438 RESERVED CVE-2020-17437 RESERVED CVE-2020-17436 RESERVED CVE-2020-17435 RESERVED CVE-2020-17434 RESERVED CVE-2020-17433 RESERVED CVE-2020-17432 RESERVED CVE-2020-17431 RESERVED CVE-2020-17430 RESERVED CVE-2020-17429 RESERVED CVE-2020-17428 RESERVED CVE-2020-17427 RESERVED CVE-2020-17426 RESERVED CVE-2020-17425 RESERVED CVE-2020-17424 RESERVED CVE-2020-17423 RESERVED CVE-2020-17422 RESERVED CVE-2020-17421 RESERVED CVE-2020-17420 RESERVED CVE-2020-17419 RESERVED CVE-2020-17418 RESERVED CVE-2020-17417 RESERVED CVE-2020-17416 RESERVED CVE-2020-17415 RESERVED CVE-2020-17414 RESERVED CVE-2020-17413 RESERVED CVE-2020-17412 RESERVED CVE-2020-17411 RESERVED CVE-2020-17410 RESERVED CVE-2020-17409 RESERVED CVE-2020-17408 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: NEC CVE-2020-17407 RESERVED CVE-2020-17406 RESERVED CVE-2020-17405 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Senstar Symphony CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17402 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2020-17401 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2020-17400 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17399 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17398 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels Desktop CVE-2020-17397 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17396 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17395 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17394 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2020-17393 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels Desktop CVE-2020-17392 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17391 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels Desktop CVE-2020-17390 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17389 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-17388 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-17387 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-17386 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) NOT-FOR-US: Cellopoint Cellos CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) NOT-FOR-US: Cellopoint Cellos CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) NOT-FOR-US: Cellopoint Cellos CVE-2020-17383 RESERVED CVE-2020-17382 RESERVED CVE-2020-17381 RESERVED CVE-2020-17380 [heap buffer overflow in sdhci_sdma_transfer_multi_blocks() in hw/sd/sdhci.c] RESERVED - qemu [buster] - qemu (Minor issue, fix along in future DSA) [stretch] - qemu (Minor issue, fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167 CVE-2020-17379 RESERVED CVE-2020-17378 RESERVED CVE-2020-17377 RESERVED CVE-2020-17376 (An issue was discovered in Guest.migrate in virt/libvirt/guest.py in O ...) - nova 2:21.1.0-1 (bug #969052) [buster] - nova (Minor issue) [stretch] - nova (Minor issue) NOTE: https://launchpad.net/bugs/1890501 NOTE: https://www.openwall.com/lists/oss-security/2020/08/25/4 CVE-2020-17375 RESERVED CVE-2020-17374 RESERVED CVE-2020-17373 (SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. ...) NOT-FOR-US: SugarCRM CVE-2020-17372 (SugarCRM before 10.1.0 (Q3 2020) allows XSS. ...) NOT-FOR-US: SugarCRM CVE-2020-17371 RESERVED CVE-2020-17370 RESERVED CVE-2020-17369 RESERVED CVE-2020-17368 (Firejail through 0.9.62 mishandles shell metacharacters during use of ...) {DSA-4742-1 DLA-2336-1} - firejail 0.9.62-4 NOTE: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b CVE-2020-17367 (Firejail through 0.9.62 does not honor the -- end-of-options indicator ...) {DSA-4742-1 DLA-2336-1} - firejail 0.9.62-4 NOTE: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37 CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. ...) - routinator (bug #929024) NOTE: https://github.com/NLnetLabs/routinator/issues/319 CVE-2020-17365 RESERVED CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. ...) NOT-FOR-US: User-friendly SVN CVE-2020-17363 RESERVED CVE-2020-17362 (search.php in the Nova Lite theme before 1.3.9 for WordPress allows Re ...) NOT-FOR-US: Nova Lite theme for WordPress CVE-2020-17361 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...) NOT-FOR-US: ReadyTalk Avian CVE-2020-17360 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...) NOT-FOR-US: ReadyTalk Avian CVE-2020-17359 RESERVED CVE-2020-17358 RESERVED CVE-2020-17357 RESERVED CVE-2020-17356 RESERVED CVE-2020-17355 RESERVED CVE-2020-17354 RESERVED CVE-2020-17353 (scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x ...) {DSA-4756-1} - lilypond 2.20.0-2 (bug #968993) NOTE: http://git.savannah.gnu.org/gitweb/?p=lilypond.git;a=commit;h=b84ea4740f3279516905c5db05f4074e777c16ff CVE-2020-17352 (Two OS command injection vulnerabilities in the User Portal of Sophos ...) NOT-FOR-US: Sophos CVE-2020-17351 RESERVED CVE-2020-17350 RESERVED CVE-2020-17349 RESERVED CVE-2020-17348 RESERVED CVE-2020-17347 RESERVED CVE-2020-17346 RESERVED CVE-2020-17345 RESERVED CVE-2020-17344 RESERVED CVE-2020-17343 RESERVED CVE-2020-17342 RESERVED CVE-2020-17341 RESERVED CVE-2020-17340 RESERVED CVE-2020-17339 RESERVED CVE-2020-17338 RESERVED CVE-2020-17337 RESERVED CVE-2020-17336 RESERVED CVE-2020-17335 RESERVED CVE-2020-17334 RESERVED CVE-2020-17333 RESERVED CVE-2020-17332 RESERVED CVE-2020-17331 RESERVED CVE-2020-17330 RESERVED CVE-2020-17329 RESERVED CVE-2020-17328 RESERVED CVE-2020-17327 RESERVED CVE-2020-17326 RESERVED CVE-2020-17325 RESERVED CVE-2020-17324 RESERVED CVE-2020-17323 RESERVED CVE-2020-17322 RESERVED CVE-2020-17321 RESERVED CVE-2020-17320 RESERVED CVE-2020-17319 RESERVED CVE-2020-17318 RESERVED CVE-2020-17317 RESERVED CVE-2020-17316 RESERVED CVE-2020-17315 RESERVED CVE-2020-17314 RESERVED CVE-2020-17313 RESERVED CVE-2020-17312 RESERVED CVE-2020-17311 RESERVED CVE-2020-17310 RESERVED CVE-2020-17309 RESERVED CVE-2020-17308 RESERVED CVE-2020-17307 RESERVED CVE-2020-17306 RESERVED CVE-2020-17305 RESERVED CVE-2020-17304 RESERVED CVE-2020-17303 RESERVED CVE-2020-17302 RESERVED CVE-2020-17301 RESERVED CVE-2020-17300 RESERVED CVE-2020-17299 RESERVED CVE-2020-17298 RESERVED CVE-2020-17297 RESERVED CVE-2020-17296 RESERVED CVE-2020-17295 RESERVED CVE-2020-17294 RESERVED CVE-2020-17293 RESERVED CVE-2020-17292 RESERVED CVE-2020-17291 RESERVED CVE-2020-17290 RESERVED CVE-2020-17289 RESERVED CVE-2020-17288 RESERVED CVE-2020-17287 RESERVED CVE-2020-17286 RESERVED CVE-2020-17285 RESERVED CVE-2020-17284 RESERVED CVE-2020-17283 RESERVED CVE-2020-17282 RESERVED CVE-2020-17281 RESERVED CVE-2020-17280 RESERVED CVE-2020-17279 RESERVED CVE-2020-17278 RESERVED CVE-2020-17277 RESERVED CVE-2020-17276 RESERVED CVE-2020-17275 RESERVED CVE-2020-17274 RESERVED CVE-2020-17273 RESERVED CVE-2020-17272 RESERVED CVE-2020-17271 RESERVED CVE-2020-17270 RESERVED CVE-2020-17269 RESERVED CVE-2020-17268 RESERVED CVE-2020-17267 RESERVED CVE-2020-17266 RESERVED CVE-2020-17265 RESERVED CVE-2020-17264 RESERVED CVE-2020-17263 RESERVED CVE-2020-17262 RESERVED CVE-2020-17261 RESERVED CVE-2020-17260 RESERVED CVE-2020-17259 RESERVED CVE-2020-17258 RESERVED CVE-2020-17257 RESERVED CVE-2020-17256 RESERVED CVE-2020-17255 RESERVED CVE-2020-17254 RESERVED CVE-2020-17253 RESERVED CVE-2020-17252 RESERVED CVE-2020-17251 RESERVED CVE-2020-17250 RESERVED CVE-2020-17249 RESERVED CVE-2020-17248 RESERVED CVE-2020-17247 RESERVED CVE-2020-17246 RESERVED CVE-2020-17245 RESERVED CVE-2020-17244 RESERVED CVE-2020-17243 RESERVED CVE-2020-17242 RESERVED CVE-2020-17241 RESERVED CVE-2020-17240 RESERVED CVE-2020-17239 RESERVED CVE-2020-17238 RESERVED CVE-2020-17237 RESERVED CVE-2020-17236 RESERVED CVE-2020-17235 RESERVED CVE-2020-17234 RESERVED CVE-2020-17233 RESERVED CVE-2020-17232 RESERVED CVE-2020-17231 RESERVED CVE-2020-17230 RESERVED CVE-2020-17229 RESERVED CVE-2020-17228 RESERVED CVE-2020-17227 RESERVED CVE-2020-17226 RESERVED CVE-2020-17225 RESERVED CVE-2020-17224 RESERVED CVE-2020-17223 RESERVED CVE-2020-17222 RESERVED CVE-2020-17221 RESERVED CVE-2020-17220 RESERVED CVE-2020-17219 RESERVED CVE-2020-17218 RESERVED CVE-2020-17217 RESERVED CVE-2020-17216 RESERVED CVE-2020-17215 RESERVED CVE-2020-17214 RESERVED CVE-2020-17213 RESERVED CVE-2020-17212 RESERVED CVE-2020-17211 RESERVED CVE-2020-17210 RESERVED CVE-2020-17209 RESERVED CVE-2020-17208 RESERVED CVE-2020-17207 RESERVED CVE-2020-17206 RESERVED CVE-2020-17205 RESERVED CVE-2020-17204 RESERVED CVE-2020-17203 RESERVED CVE-2020-17202 RESERVED CVE-2020-17201 RESERVED CVE-2020-17200 RESERVED CVE-2020-17199 RESERVED CVE-2020-17198 RESERVED CVE-2020-17197 RESERVED CVE-2020-17196 RESERVED CVE-2020-17195 RESERVED CVE-2020-17194 RESERVED CVE-2020-17193 RESERVED CVE-2020-17192 RESERVED CVE-2020-17191 RESERVED CVE-2020-17190 RESERVED CVE-2020-17189 RESERVED CVE-2020-17188 RESERVED CVE-2020-17187 RESERVED CVE-2020-17186 RESERVED CVE-2020-17185 RESERVED CVE-2020-17184 RESERVED CVE-2020-17183 RESERVED CVE-2020-17182 RESERVED CVE-2020-17181 RESERVED CVE-2020-17180 RESERVED CVE-2020-17179 RESERVED CVE-2020-17178 RESERVED CVE-2020-17177 RESERVED CVE-2020-17176 RESERVED CVE-2020-17175 RESERVED CVE-2020-17174 RESERVED CVE-2020-17173 RESERVED CVE-2020-17172 RESERVED CVE-2020-17171 RESERVED CVE-2020-17170 RESERVED CVE-2020-17169 RESERVED CVE-2020-17168 RESERVED CVE-2020-17167 RESERVED CVE-2020-17166 RESERVED CVE-2020-17165 RESERVED CVE-2020-17164 RESERVED CVE-2020-17163 RESERVED CVE-2020-17162 RESERVED CVE-2020-17161 RESERVED CVE-2020-17160 RESERVED CVE-2020-17159 RESERVED CVE-2020-17158 RESERVED CVE-2020-17157 RESERVED CVE-2020-17156 RESERVED CVE-2020-17155 RESERVED CVE-2020-17154 RESERVED CVE-2020-17153 RESERVED CVE-2020-17152 RESERVED CVE-2020-17151 RESERVED CVE-2020-17150 RESERVED CVE-2020-17149 RESERVED CVE-2020-17148 RESERVED CVE-2020-17147 RESERVED CVE-2020-17146 RESERVED CVE-2020-17145 RESERVED CVE-2020-17144 RESERVED CVE-2020-17143 RESERVED CVE-2020-17142 RESERVED CVE-2020-17141 RESERVED CVE-2020-17140 RESERVED CVE-2020-17139 RESERVED CVE-2020-17138 RESERVED CVE-2020-17137 RESERVED CVE-2020-17136 RESERVED CVE-2020-17135 RESERVED CVE-2020-17134 RESERVED CVE-2020-17133 RESERVED CVE-2020-17132 RESERVED CVE-2020-17131 RESERVED CVE-2020-17130 RESERVED CVE-2020-17129 RESERVED CVE-2020-17128 RESERVED CVE-2020-17127 RESERVED CVE-2020-17126 RESERVED CVE-2020-17125 RESERVED CVE-2020-17124 RESERVED CVE-2020-17123 RESERVED CVE-2020-17122 RESERVED CVE-2020-17121 RESERVED CVE-2020-17120 RESERVED CVE-2020-17119 RESERVED CVE-2020-17118 RESERVED CVE-2020-17117 RESERVED CVE-2020-17116 RESERVED CVE-2020-17115 RESERVED CVE-2020-17114 RESERVED CVE-2020-17113 RESERVED CVE-2020-17112 RESERVED CVE-2020-17111 RESERVED CVE-2020-17110 RESERVED CVE-2020-17109 RESERVED CVE-2020-17108 RESERVED CVE-2020-17107 RESERVED CVE-2020-17106 RESERVED CVE-2020-17105 RESERVED CVE-2020-17104 RESERVED CVE-2020-17103 RESERVED CVE-2020-17102 RESERVED CVE-2020-17101 RESERVED CVE-2020-17100 RESERVED CVE-2020-17099 RESERVED CVE-2020-17098 RESERVED CVE-2020-17097 RESERVED CVE-2020-17096 RESERVED CVE-2020-17095 RESERVED CVE-2020-17094 RESERVED CVE-2020-17093 RESERVED CVE-2020-17092 RESERVED CVE-2020-17091 RESERVED CVE-2020-17090 RESERVED CVE-2020-17089 RESERVED CVE-2020-17088 RESERVED CVE-2020-17087 RESERVED CVE-2020-17086 RESERVED CVE-2020-17085 RESERVED CVE-2020-17084 RESERVED CVE-2020-17083 RESERVED CVE-2020-17082 RESERVED CVE-2020-17081 RESERVED CVE-2020-17080 RESERVED CVE-2020-17079 RESERVED CVE-2020-17078 RESERVED CVE-2020-17077 RESERVED CVE-2020-17076 RESERVED CVE-2020-17075 RESERVED CVE-2020-17074 RESERVED CVE-2020-17073 RESERVED CVE-2020-17072 RESERVED CVE-2020-17071 RESERVED CVE-2020-17070 RESERVED CVE-2020-17069 RESERVED CVE-2020-17068 RESERVED CVE-2020-17067 RESERVED CVE-2020-17066 RESERVED CVE-2020-17065 RESERVED CVE-2020-17064 RESERVED CVE-2020-17063 RESERVED CVE-2020-17062 RESERVED CVE-2020-17061 RESERVED CVE-2020-17060 RESERVED CVE-2020-17059 RESERVED CVE-2020-17058 RESERVED CVE-2020-17057 RESERVED CVE-2020-17056 RESERVED CVE-2020-17055 RESERVED CVE-2020-17054 RESERVED CVE-2020-17053 RESERVED CVE-2020-17052 RESERVED CVE-2020-17051 RESERVED CVE-2020-17050 RESERVED CVE-2020-17049 RESERVED CVE-2020-17048 RESERVED CVE-2020-17047 RESERVED CVE-2020-17046 RESERVED CVE-2020-17045 RESERVED CVE-2020-17044 RESERVED CVE-2020-17043 RESERVED CVE-2020-17042 RESERVED CVE-2020-17041 RESERVED CVE-2020-17040 RESERVED CVE-2020-17039 RESERVED CVE-2020-17038 RESERVED CVE-2020-17037 RESERVED CVE-2020-17036 RESERVED CVE-2020-17035 RESERVED CVE-2020-17034 RESERVED CVE-2020-17033 RESERVED CVE-2020-17032 RESERVED CVE-2020-17031 RESERVED CVE-2020-17030 RESERVED CVE-2020-17029 RESERVED CVE-2020-17028 RESERVED CVE-2020-17027 RESERVED CVE-2020-17026 RESERVED CVE-2020-17025 RESERVED CVE-2020-17024 RESERVED CVE-2020-17023 RESERVED CVE-2020-17022 RESERVED CVE-2020-17021 RESERVED CVE-2020-17020 RESERVED CVE-2020-17019 RESERVED CVE-2020-17018 RESERVED CVE-2020-17017 RESERVED CVE-2020-17016 RESERVED CVE-2020-17015 RESERVED CVE-2020-17014 RESERVED CVE-2020-17013 RESERVED CVE-2020-17012 RESERVED CVE-2020-17011 RESERVED CVE-2020-17010 RESERVED CVE-2020-17009 RESERVED CVE-2020-17008 RESERVED CVE-2020-17007 RESERVED CVE-2020-17006 RESERVED CVE-2020-17005 RESERVED CVE-2020-17004 RESERVED CVE-2020-17003 RESERVED CVE-2020-17002 RESERVED CVE-2020-17001 RESERVED CVE-2020-17000 RESERVED CVE-2020-16999 RESERVED CVE-2020-16998 RESERVED CVE-2020-16997 RESERVED CVE-2020-16996 RESERVED CVE-2020-16995 RESERVED CVE-2020-16994 RESERVED CVE-2020-16993 RESERVED CVE-2020-16992 RESERVED CVE-2020-16991 RESERVED CVE-2020-16990 RESERVED CVE-2020-16989 RESERVED CVE-2020-16988 RESERVED CVE-2020-16987 RESERVED CVE-2020-16986 RESERVED CVE-2020-16985 RESERVED CVE-2020-16984 RESERVED CVE-2020-16983 RESERVED CVE-2020-16982 RESERVED CVE-2020-16981 RESERVED CVE-2020-16980 RESERVED CVE-2020-16979 RESERVED CVE-2020-16978 RESERVED CVE-2020-16977 RESERVED CVE-2020-16976 RESERVED CVE-2020-16975 RESERVED CVE-2020-16974 RESERVED CVE-2020-16973 RESERVED CVE-2020-16972 RESERVED CVE-2020-16971 RESERVED CVE-2020-16970 RESERVED CVE-2020-16969 RESERVED CVE-2020-16968 RESERVED CVE-2020-16967 RESERVED CVE-2020-16966 RESERVED CVE-2020-16965 RESERVED CVE-2020-16964 RESERVED CVE-2020-16963 RESERVED CVE-2020-16962 RESERVED CVE-2020-16961 RESERVED CVE-2020-16960 RESERVED CVE-2020-16959 RESERVED CVE-2020-16958 RESERVED CVE-2020-16957 RESERVED CVE-2020-16956 RESERVED CVE-2020-16955 RESERVED CVE-2020-16954 RESERVED CVE-2020-16953 RESERVED CVE-2020-16952 RESERVED CVE-2020-16951 RESERVED CVE-2020-16950 RESERVED CVE-2020-16949 RESERVED CVE-2020-16948 RESERVED CVE-2020-16947 RESERVED CVE-2020-16946 RESERVED CVE-2020-16945 RESERVED CVE-2020-16944 RESERVED CVE-2020-16943 RESERVED CVE-2020-16942 RESERVED CVE-2020-16941 RESERVED CVE-2020-16940 RESERVED CVE-2020-16939 RESERVED CVE-2020-16938 RESERVED CVE-2020-16937 RESERVED CVE-2020-16936 RESERVED CVE-2020-16935 RESERVED CVE-2020-16934 RESERVED CVE-2020-16933 RESERVED CVE-2020-16932 RESERVED CVE-2020-16931 RESERVED CVE-2020-16930 RESERVED CVE-2020-16929 RESERVED CVE-2020-16928 RESERVED CVE-2020-16927 RESERVED CVE-2020-16926 RESERVED CVE-2020-16925 RESERVED CVE-2020-16924 RESERVED CVE-2020-16923 RESERVED CVE-2020-16922 RESERVED CVE-2020-16921 RESERVED CVE-2020-16920 RESERVED CVE-2020-16919 RESERVED CVE-2020-16918 RESERVED CVE-2020-16917 RESERVED CVE-2020-16916 RESERVED CVE-2020-16915 RESERVED CVE-2020-16914 RESERVED CVE-2020-16913 RESERVED CVE-2020-16912 RESERVED CVE-2020-16911 RESERVED CVE-2020-16910 RESERVED CVE-2020-16909 RESERVED CVE-2020-16908 RESERVED CVE-2020-16907 RESERVED CVE-2020-16906 RESERVED CVE-2020-16905 RESERVED CVE-2020-16904 RESERVED CVE-2020-16903 RESERVED CVE-2020-16902 RESERVED CVE-2020-16901 RESERVED CVE-2020-16900 RESERVED CVE-2020-16899 RESERVED CVE-2020-16898 RESERVED CVE-2020-16897 RESERVED CVE-2020-16896 RESERVED CVE-2020-16895 RESERVED CVE-2020-16894 RESERVED CVE-2020-16893 RESERVED CVE-2020-16892 RESERVED CVE-2020-16891 RESERVED CVE-2020-16890 RESERVED CVE-2020-16889 RESERVED CVE-2020-16888 RESERVED CVE-2020-16887 RESERVED CVE-2020-16886 RESERVED CVE-2020-16885 RESERVED CVE-2020-16884 (A remote code execution vulnerability exists in the way that the IEToE ...) NOT-FOR-US: IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer CVE-2020-16883 RESERVED CVE-2020-16882 RESERVED CVE-2020-16881 (A remote code execution vulnerability exists in Visual Studio Code whe ...) NOT-FOR-US: Microsoft CVE-2020-16880 RESERVED CVE-2020-16879 (An information disclosure vulnerability exists when a Windows Projecte ...) NOT-FOR-US: Microsoft CVE-2020-16878 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16877 RESERVED CVE-2020-16876 RESERVED CVE-2020-16875 (A remote code execution vulnerability exists in Microsoft Exchange ser ...) NOT-FOR-US: Microsoft CVE-2020-16874 (A remote code execution vulnerability exists in Visual Studio when it ...) NOT-FOR-US: Microsoft CVE-2020-16873 (A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to t ...) NOT-FOR-US: Microsoft CVE-2020-16872 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16871 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16870 RESERVED CVE-2020-16869 RESERVED CVE-2020-16868 RESERVED CVE-2020-16867 RESERVED CVE-2020-16866 RESERVED CVE-2020-16865 RESERVED CVE-2020-16864 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16863 RESERVED CVE-2020-16862 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...) NOT-FOR-US: Microsoft CVE-2020-16861 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16860 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...) NOT-FOR-US: Microsoft CVE-2020-16859 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16858 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16857 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...) NOT-FOR-US: Microsoft CVE-2020-16856 (A remote code execution vulnerability exists in Visual Studio when it ...) NOT-FOR-US: Microsoft CVE-2020-16855 (An information disclosure vulnerability exists when Microsoft Office s ...) NOT-FOR-US: Microsoft CVE-2020-16854 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-16853 (An elevation of privilege vulnerability exists when the OneDrive for W ...) NOT-FOR-US: Microsoft CVE-2020-16852 (An elevation of privilege vulnerability exists when the OneDrive for W ...) NOT-FOR-US: Microsoft CVE-2020-16851 (An elevation of privilege vulnerability exists when the OneDrive for W ...) NOT-FOR-US: Microsoft CVE-2020-16850 RESERVED CVE-2020-16849 RESERVED CVE-2020-16848 RESERVED CVE-2020-16847 (Extreme Analytics in Extreme Management Center before 8.5.0.169 allows ...) NOT-FOR-US: Extreme Management Center CVE-2020-16846 RESERVED CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...) - golang-1.15 1.15~rc2-1 - golang-1.14 1.14.7-1 - golang-1.11 [buster] - golang-1.11 (Minor issue) - golang-1.8 [stretch] - golang-1.8 (Minor issue) - golang-1.7 [stretch] - golang-1.7 (Minor issue) NOTE: https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo NOTE: https://github.com/golang/go/issues/40618 NOTE: Fixed in 1.15~rc2, 1.14.7, 1.13.15 CVE-2020-16844 RESERVED NOT-FOR-US: Istio CVE-2020-16843 (In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the netw ...) NOT-FOR-US: Firecracker CVE-2020-16842 RESERVED CVE-2020-16841 RESERVED CVE-2020-16840 RESERVED CVE-2020-16839 RESERVED CVE-2020-16838 RESERVED CVE-2020-16837 RESERVED CVE-2020-16836 RESERVED CVE-2020-16835 RESERVED CVE-2020-16834 RESERVED CVE-2020-16833 RESERVED CVE-2020-16832 RESERVED CVE-2020-16831 RESERVED CVE-2020-16830 RESERVED CVE-2020-16829 RESERVED CVE-2020-16828 RESERVED CVE-2020-16827 RESERVED CVE-2020-16826 RESERVED CVE-2020-16825 RESERVED CVE-2020-16824 RESERVED CVE-2020-16823 RESERVED CVE-2020-16822 RESERVED CVE-2020-16821 RESERVED CVE-2020-16820 RESERVED CVE-2020-16819 RESERVED CVE-2020-16818 RESERVED CVE-2020-16817 RESERVED CVE-2020-16816 RESERVED CVE-2020-16815 RESERVED CVE-2020-16814 RESERVED CVE-2020-16813 RESERVED CVE-2020-16812 RESERVED CVE-2020-16811 RESERVED CVE-2020-16810 RESERVED CVE-2020-16809 RESERVED CVE-2020-16808 RESERVED CVE-2020-16807 RESERVED CVE-2020-16806 RESERVED CVE-2020-16805 RESERVED CVE-2020-16804 RESERVED CVE-2020-16803 RESERVED CVE-2020-16802 RESERVED CVE-2020-16801 RESERVED CVE-2020-16800 RESERVED CVE-2020-16799 RESERVED CVE-2020-16798 RESERVED CVE-2020-16797 RESERVED CVE-2020-16796 RESERVED CVE-2020-16795 RESERVED CVE-2020-16794 RESERVED CVE-2020-16793 RESERVED CVE-2020-16792 RESERVED CVE-2020-16791 RESERVED CVE-2020-16790 RESERVED CVE-2020-16789 RESERVED CVE-2020-16788 RESERVED CVE-2020-16787 RESERVED CVE-2020-16786 RESERVED CVE-2020-16785 RESERVED CVE-2020-16784 RESERVED CVE-2020-16783 RESERVED CVE-2020-16782 RESERVED CVE-2020-16781 RESERVED CVE-2020-16780 RESERVED CVE-2020-16779 RESERVED CVE-2020-16778 RESERVED CVE-2020-16777 RESERVED CVE-2020-16776 RESERVED CVE-2020-16775 RESERVED CVE-2020-16774 RESERVED CVE-2020-16773 RESERVED CVE-2020-16772 RESERVED CVE-2020-16771 RESERVED CVE-2020-16770 RESERVED CVE-2020-16769 RESERVED CVE-2020-16768 RESERVED CVE-2020-16767 RESERVED CVE-2020-16766 RESERVED CVE-2020-16765 RESERVED CVE-2020-16764 RESERVED CVE-2020-16763 RESERVED CVE-2020-16762 RESERVED CVE-2020-16761 RESERVED CVE-2020-16760 RESERVED CVE-2020-16759 RESERVED CVE-2020-16758 RESERVED CVE-2020-16757 RESERVED CVE-2020-16756 RESERVED CVE-2020-16755 RESERVED CVE-2020-16754 RESERVED CVE-2020-16753 RESERVED CVE-2020-16752 RESERVED CVE-2020-16751 RESERVED CVE-2020-16750 RESERVED CVE-2020-16749 RESERVED CVE-2020-16748 RESERVED CVE-2020-16747 RESERVED CVE-2020-16746 RESERVED CVE-2020-16745 RESERVED CVE-2020-16744 RESERVED CVE-2020-16743 RESERVED CVE-2020-16742 RESERVED CVE-2020-16741 RESERVED CVE-2020-16740 RESERVED CVE-2020-16739 RESERVED CVE-2020-16738 RESERVED CVE-2020-16737 RESERVED CVE-2020-16736 RESERVED CVE-2020-16735 RESERVED CVE-2020-16734 RESERVED CVE-2020-16733 RESERVED CVE-2020-16732 RESERVED CVE-2020-16731 RESERVED CVE-2020-16730 RESERVED CVE-2020-16729 RESERVED CVE-2020-16728 RESERVED CVE-2020-16727 RESERVED CVE-2020-16726 RESERVED CVE-2020-16725 RESERVED CVE-2020-16724 RESERVED CVE-2020-16723 RESERVED CVE-2020-16722 RESERVED CVE-2020-16721 RESERVED CVE-2020-16720 RESERVED CVE-2020-16719 RESERVED CVE-2020-16718 RESERVED CVE-2020-16717 RESERVED CVE-2020-16716 RESERVED CVE-2020-16715 RESERVED CVE-2020-16714 RESERVED CVE-2020-16713 RESERVED CVE-2020-16712 RESERVED CVE-2020-16711 RESERVED CVE-2020-16710 RESERVED CVE-2020-16709 RESERVED CVE-2020-16708 RESERVED CVE-2020-16707 RESERVED CVE-2020-16706 RESERVED CVE-2020-16705 RESERVED CVE-2020-16704 RESERVED CVE-2020-16703 RESERVED CVE-2020-16702 RESERVED CVE-2020-16701 RESERVED CVE-2020-16700 RESERVED CVE-2020-16699 RESERVED CVE-2020-16698 RESERVED CVE-2020-16697 RESERVED CVE-2020-16696 RESERVED CVE-2020-16695 RESERVED CVE-2020-16694 RESERVED CVE-2020-16693 RESERVED CVE-2020-16692 RESERVED CVE-2020-16691 RESERVED CVE-2020-16690 RESERVED CVE-2020-16689 RESERVED CVE-2020-16688 RESERVED CVE-2020-16687 RESERVED CVE-2020-16686 RESERVED CVE-2020-16685 RESERVED CVE-2020-16684 RESERVED CVE-2020-16683 RESERVED CVE-2020-16682 RESERVED CVE-2020-16681 RESERVED CVE-2020-16680 RESERVED CVE-2020-16679 RESERVED CVE-2020-16678 RESERVED CVE-2020-16677 RESERVED CVE-2020-16676 RESERVED CVE-2020-16675 RESERVED CVE-2020-16674 RESERVED CVE-2020-16673 RESERVED CVE-2020-16672 RESERVED CVE-2020-16671 RESERVED CVE-2020-16670 RESERVED CVE-2020-16669 RESERVED CVE-2020-16668 RESERVED CVE-2020-16667 RESERVED CVE-2020-16666 RESERVED CVE-2020-16665 RESERVED CVE-2020-16664 RESERVED CVE-2020-16663 RESERVED CVE-2020-16662 RESERVED CVE-2020-16661 RESERVED CVE-2020-16660 RESERVED CVE-2020-16659 RESERVED CVE-2020-16658 RESERVED CVE-2020-16657 RESERVED CVE-2020-16656 RESERVED CVE-2020-16655 RESERVED CVE-2020-16654 RESERVED CVE-2020-16653 RESERVED CVE-2020-16652 RESERVED CVE-2020-16651 RESERVED CVE-2020-16650 RESERVED CVE-2020-16649 RESERVED CVE-2020-16648 RESERVED CVE-2020-16647 RESERVED CVE-2020-16646 RESERVED CVE-2020-16645 RESERVED CVE-2020-16644 RESERVED CVE-2020-16643 RESERVED CVE-2020-16642 RESERVED CVE-2020-16641 RESERVED CVE-2020-16640 RESERVED CVE-2020-16639 RESERVED CVE-2020-16638 RESERVED CVE-2020-16637 RESERVED CVE-2020-16636 REJECTED CVE-2020-16635 RESERVED CVE-2020-16634 RESERVED CVE-2020-16633 RESERVED CVE-2020-16632 RESERVED CVE-2020-16631 RESERVED CVE-2020-16630 RESERVED CVE-2020-16629 RESERVED CVE-2020-16628 RESERVED CVE-2020-16627 RESERVED CVE-2020-16626 RESERVED CVE-2020-16625 RESERVED CVE-2020-16624 RESERVED CVE-2020-16623 RESERVED CVE-2020-16622 RESERVED CVE-2020-16621 RESERVED CVE-2020-16620 RESERVED CVE-2020-16619 RESERVED CVE-2020-16618 RESERVED CVE-2020-16617 RESERVED CVE-2020-16616 RESERVED CVE-2020-16615 RESERVED CVE-2020-16614 RESERVED CVE-2020-16613 RESERVED CVE-2020-16612 RESERVED CVE-2020-16611 RESERVED CVE-2020-16610 (Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request ...) NOT-FOR-US: Hoosk Codeigniter CMS CVE-2020-16609 RESERVED CVE-2020-16608 RESERVED CVE-2020-16607 RESERVED CVE-2020-16606 RESERVED CVE-2020-16605 RESERVED CVE-2020-16604 RESERVED CVE-2020-16603 RESERVED CVE-2020-16602 (Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers t ...) NOT-FOR-US: Razer Chroma SDK Rest Server CVE-2020-16601 RESERVED CVE-2020-16600 RESERVED CVE-2020-16599 RESERVED CVE-2020-16598 RESERVED CVE-2020-16597 RESERVED CVE-2020-16596 RESERVED CVE-2020-16595 RESERVED CVE-2020-16594 RESERVED CVE-2020-16593 RESERVED CVE-2020-16592 RESERVED CVE-2020-16591 RESERVED CVE-2020-16590 RESERVED CVE-2020-16589 RESERVED CVE-2020-16588 RESERVED CVE-2020-16587 RESERVED CVE-2020-16586 RESERVED CVE-2020-16585 RESERVED CVE-2020-16584 RESERVED CVE-2020-16583 RESERVED CVE-2020-16582 RESERVED CVE-2020-16581 RESERVED CVE-2020-16580 RESERVED CVE-2020-16579 RESERVED CVE-2020-16578 RESERVED CVE-2020-16577 RESERVED CVE-2020-16576 RESERVED CVE-2020-16575 RESERVED CVE-2020-16574 RESERVED CVE-2020-16573 RESERVED CVE-2020-16572 RESERVED CVE-2020-16571 RESERVED CVE-2020-16570 RESERVED CVE-2020-16569 RESERVED CVE-2020-16568 RESERVED CVE-2020-16567 RESERVED CVE-2020-16566 RESERVED CVE-2020-16565 RESERVED CVE-2020-16564 RESERVED CVE-2020-16563 RESERVED CVE-2020-16562 RESERVED CVE-2020-16561 RESERVED CVE-2020-16560 RESERVED CVE-2020-16559 RESERVED CVE-2020-16558 RESERVED CVE-2020-16557 RESERVED CVE-2020-16556 RESERVED CVE-2020-16555 RESERVED CVE-2020-16554 RESERVED CVE-2020-16553 RESERVED CVE-2020-16552 RESERVED CVE-2020-16551 RESERVED CVE-2020-16550 RESERVED CVE-2020-16549 RESERVED CVE-2020-16548 RESERVED CVE-2020-16547 RESERVED CVE-2020-16546 RESERVED CVE-2020-16545 RESERVED CVE-2020-16544 RESERVED CVE-2020-16543 RESERVED CVE-2020-16542 RESERVED CVE-2020-16541 RESERVED CVE-2020-16540 RESERVED CVE-2020-16539 RESERVED CVE-2020-16538 RESERVED CVE-2020-16537 RESERVED CVE-2020-16536 RESERVED CVE-2020-16535 RESERVED CVE-2020-16534 RESERVED CVE-2020-16533 RESERVED CVE-2020-16532 RESERVED CVE-2020-16531 RESERVED CVE-2020-16530 RESERVED CVE-2020-16529 RESERVED CVE-2020-16528 RESERVED CVE-2020-16527 RESERVED CVE-2020-16526 RESERVED CVE-2020-16525 RESERVED CVE-2020-16524 RESERVED CVE-2020-16523 RESERVED CVE-2020-16522 RESERVED CVE-2020-16521 RESERVED CVE-2020-16520 RESERVED CVE-2020-16519 RESERVED CVE-2020-16518 RESERVED CVE-2020-16517 RESERVED CVE-2020-16516 RESERVED CVE-2020-16515 RESERVED CVE-2020-16514 RESERVED CVE-2020-16513 RESERVED CVE-2020-16512 RESERVED CVE-2020-16511 RESERVED CVE-2020-16510 RESERVED CVE-2020-16509 RESERVED CVE-2020-16508 RESERVED CVE-2020-16507 RESERVED CVE-2020-16506 RESERVED CVE-2020-16505 RESERVED CVE-2020-16504 RESERVED CVE-2020-16503 RESERVED CVE-2020-16502 RESERVED CVE-2020-16501 RESERVED CVE-2020-16500 RESERVED CVE-2020-16499 RESERVED CVE-2020-16498 RESERVED CVE-2020-16497 RESERVED CVE-2020-16496 RESERVED CVE-2020-16495 RESERVED CVE-2020-16494 RESERVED CVE-2020-16493 RESERVED CVE-2020-16492 RESERVED CVE-2020-16491 RESERVED CVE-2020-16490 RESERVED CVE-2020-16489 RESERVED CVE-2020-16488 RESERVED CVE-2020-16487 RESERVED CVE-2020-16486 RESERVED CVE-2020-16485 RESERVED CVE-2020-16484 RESERVED CVE-2020-16483 RESERVED CVE-2020-16482 RESERVED CVE-2020-16481 RESERVED CVE-2020-16480 RESERVED CVE-2020-16479 RESERVED CVE-2020-16478 RESERVED CVE-2020-16477 RESERVED CVE-2020-16476 RESERVED CVE-2020-16475 RESERVED CVE-2020-16474 RESERVED CVE-2020-16473 RESERVED CVE-2020-16472 RESERVED CVE-2020-16471 RESERVED CVE-2020-16470 RESERVED CVE-2020-16469 RESERVED CVE-2020-16468 RESERVED CVE-2020-16467 RESERVED CVE-2020-16466 RESERVED CVE-2020-16465 RESERVED CVE-2020-16464 RESERVED CVE-2020-16463 RESERVED CVE-2020-16462 RESERVED CVE-2020-16461 RESERVED CVE-2020-16460 RESERVED CVE-2020-16459 RESERVED CVE-2020-16458 RESERVED CVE-2020-16457 RESERVED CVE-2020-16456 RESERVED CVE-2020-16455 RESERVED CVE-2020-16454 RESERVED CVE-2020-16453 RESERVED CVE-2020-16452 RESERVED CVE-2020-16451 RESERVED CVE-2020-16450 RESERVED CVE-2020-16449 RESERVED CVE-2020-16448 RESERVED CVE-2020-16447 RESERVED CVE-2020-16446 RESERVED CVE-2020-16445 RESERVED CVE-2020-16444 RESERVED CVE-2020-16443 RESERVED CVE-2020-16442 RESERVED CVE-2020-16441 RESERVED CVE-2020-16440 RESERVED CVE-2020-16439 RESERVED CVE-2020-16438 RESERVED CVE-2020-16437 RESERVED CVE-2020-16436 RESERVED CVE-2020-16435 RESERVED CVE-2020-16434 RESERVED CVE-2020-16433 RESERVED CVE-2020-16432 RESERVED CVE-2020-16431 RESERVED CVE-2020-16430 RESERVED CVE-2020-16429 RESERVED CVE-2020-16428 RESERVED CVE-2020-16427 RESERVED CVE-2020-16426 RESERVED CVE-2020-16425 RESERVED CVE-2020-16424 RESERVED CVE-2020-16423 RESERVED CVE-2020-16422 RESERVED CVE-2020-16421 RESERVED CVE-2020-16420 RESERVED CVE-2020-16419 RESERVED CVE-2020-16418 RESERVED CVE-2020-16417 RESERVED CVE-2020-16416 RESERVED CVE-2020-16415 RESERVED CVE-2020-16414 RESERVED CVE-2020-16413 RESERVED CVE-2020-16412 RESERVED CVE-2020-16411 RESERVED CVE-2020-16410 RESERVED CVE-2020-16409 RESERVED CVE-2020-16408 RESERVED CVE-2020-16407 RESERVED CVE-2020-16406 RESERVED CVE-2020-16405 RESERVED CVE-2020-16404 RESERVED CVE-2020-16403 RESERVED CVE-2020-16402 RESERVED CVE-2020-16401 RESERVED CVE-2020-16400 RESERVED CVE-2020-16399 RESERVED CVE-2020-16398 RESERVED CVE-2020-16397 RESERVED CVE-2020-16396 RESERVED CVE-2020-16395 RESERVED CVE-2020-16394 RESERVED CVE-2020-16393 RESERVED CVE-2020-16392 RESERVED CVE-2020-16391 RESERVED CVE-2020-16390 RESERVED CVE-2020-16389 RESERVED CVE-2020-16388 RESERVED CVE-2020-16387 RESERVED CVE-2020-16386 RESERVED CVE-2020-16385 RESERVED CVE-2020-16384 RESERVED CVE-2020-16383 RESERVED CVE-2020-16382 RESERVED CVE-2020-16381 RESERVED CVE-2020-16380 RESERVED CVE-2020-16379 RESERVED CVE-2020-16378 RESERVED CVE-2020-16377 RESERVED CVE-2020-16376 RESERVED CVE-2020-16375 RESERVED CVE-2020-16374 RESERVED CVE-2020-16373 RESERVED CVE-2020-16372 RESERVED CVE-2020-16371 RESERVED CVE-2020-16370 RESERVED CVE-2020-16369 RESERVED CVE-2020-16368 RESERVED CVE-2020-16367 RESERVED CVE-2020-16366 RESERVED CVE-2020-16365 RESERVED CVE-2020-16364 RESERVED CVE-2020-16363 RESERVED CVE-2020-16362 RESERVED CVE-2020-16361 RESERVED CVE-2020-16360 RESERVED CVE-2020-16359 RESERVED CVE-2020-16358 RESERVED CVE-2020-16357 RESERVED CVE-2020-16356 RESERVED CVE-2020-16355 RESERVED CVE-2020-16354 RESERVED CVE-2020-16353 RESERVED CVE-2020-16352 RESERVED CVE-2020-16351 RESERVED CVE-2020-16350 RESERVED CVE-2020-16349 RESERVED CVE-2020-16348 RESERVED CVE-2020-16347 RESERVED CVE-2020-16346 RESERVED CVE-2020-16345 RESERVED CVE-2020-16344 RESERVED CVE-2020-16343 RESERVED CVE-2020-16342 RESERVED CVE-2020-16341 RESERVED CVE-2020-16340 RESERVED CVE-2020-16339 RESERVED CVE-2020-16338 RESERVED CVE-2020-16337 RESERVED CVE-2020-16336 RESERVED CVE-2020-16335 RESERVED CVE-2020-16334 RESERVED CVE-2020-16333 RESERVED CVE-2020-16332 RESERVED CVE-2020-16331 RESERVED CVE-2020-16330 RESERVED CVE-2020-16329 RESERVED CVE-2020-16328 RESERVED CVE-2020-16327 RESERVED CVE-2020-16326 RESERVED CVE-2020-16325 RESERVED CVE-2020-16324 RESERVED CVE-2020-16323 RESERVED CVE-2020-16322 RESERVED CVE-2020-16321 RESERVED CVE-2020-16320 RESERVED CVE-2020-16319 RESERVED CVE-2020-16318 RESERVED CVE-2020-16317 RESERVED CVE-2020-16316 RESERVED CVE-2020-16315 RESERVED CVE-2020-16314 RESERVED CVE-2020-16313 RESERVED CVE-2020-16312 RESERVED CVE-2020-16311 RESERVED CVE-2020-16310 (A division by zero vulnerability in dot24_print_page() in devices/gdev ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701828 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e (9.51) CVE-2020-16309 (A buffer overflow vulnerability in lxm5700m_print_page() in devices/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701827 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10 (9.51) NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger CVE-2020-16308 (A buffer overflow vulnerability in p_print_image() in devices/gdevcdj. ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701829 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6 (9.51) CVE-2020-16307 (A null pointer dereference vulnerability in devices/vector/gdevtxtw.c ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701822 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f (9.51) CVE-2020-16306 (A null pointer dereference vulnerability in devices/gdevtsep.c of Arti ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701821 CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701819 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 (9.51) CVE-2020-16304 (A buffer overflow vulnerability in image_render_color_thresh() in base ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701816 NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger CVE-2020-16303 (A use-after-free vulnerability in xps_finish_image_path() in devices/v ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701818 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a (9.51) CVE-2020-16302 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701815 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 (9.51) CVE-2020-16301 (A buffer overflow vulnerability in okiibm_print_page1() in devices/gde ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701808 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc (9.51) CVE-2020-16300 (A buffer overflow vulnerability in tiff12_print_page() in devices/gdev ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701807 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e (9.51) CVE-2020-16299 (A Division by Zero vulnerability in bj10v_print_page() in contrib/japa ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701801 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2 (9.51) NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece468706e0e89ed2856729b2ccacbc112be (9.51) CVE-2020-16298 (A buffer overflow vulnerability in mj_color_correct() in contrib/japan ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701799 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af (9.51) CVE-2020-16297 (A buffer overflow vulnerability in FloydSteinbergDitheringC() in contr ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701800 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39 (9.51) CVE-2020-16296 (A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/ ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51) NOTE: chunk #2, see also CVE-2020-17538 CVE-2020-16295 (A null pointer dereference vulnerability in clj_media_size() in device ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701796 CVE-2020-16294 (A buffer overflow vulnerability in epsc_print_page() in devices/gdevep ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701794 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358 (9.51) CVE-2020-16293 (A null pointer dereference vulnerability in compose_group_nonknockout_ ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701795 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231 (9.51) CVE-2020-16292 (A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701793 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7 (9.51) CVE-2020-16291 (A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Softwa ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701787 CVE-2020-16290 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701786 CVE-2020-16289 (A buffer overflow vulnerability in cif_print_page() in devices/gdevcif ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701788 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768 (9.51) CVE-2020-16288 (A buffer overflow vulnerability in pj_common_print_page() in devices/g ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701791 CVE-2020-16287 (A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701785 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6 (9.51) CVE-2020-16286 RESERVED CVE-2020-16285 RESERVED CVE-2020-16284 RESERVED CVE-2020-16283 RESERVED CVE-2020-16282 (In the default configuration of Rangee GmbH RangeeOS 8.0.4, all compon ...) NOT-FOR-US: Rangee CVE-2020-16281 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a loca ...) NOT-FOR-US: Rangee CVE-2020-16280 (Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plain ...) NOT-FOR-US: Rangee CVE-2020-16279 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to R ...) NOT-FOR-US: Rangee CVE-2020-16278 (A cross-site scripting (XSS) vulnerability in the Permissions componen ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16277 (An SQL injection vulnerability in the Analytics component of SAINT Sec ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16276 (An SQL injection vulnerability in the Assets component of SAINT Securi ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16275 (A cross-site scripting (XSS) vulnerability in the Credential Manager c ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16274 RESERVED CVE-2020-16273 RESERVED CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is mis ...) NOT-FOR-US: Kee Vault KeePassRPC CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...) NOT-FOR-US: Kee Vault KeePassRPC CVE-2020-16270 RESERVED CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...) - radare2 NOTE: https://github.com/radareorg/radare2/issues/17383 CVE-2020-16268 RESERVED CVE-2020-16267 RESERVED CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...) - mantis CVE-2020-16265 RESERVED CVE-2020-16264 RESERVED CVE-2020-16263 RESERVED CVE-2020-16262 RESERVED CVE-2020-16261 RESERVED CVE-2020-16260 RESERVED CVE-2020-16259 RESERVED CVE-2020-16258 RESERVED CVE-2020-16257 RESERVED CVE-2020-16256 RESERVED CVE-2020-16255 RESERVED CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...) NOT-FOR-US: Chartkick gem CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...) - ruby-pghero (bug #882288) CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...) NOT-FOR-US: Field Test gem CVE-2020-16251 (HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when co ...) NOT-FOR-US: HashiCorp Vault CVE-2020-16250 (HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when co ...) NOT-FOR-US: HashiCorp Vault CVE-2020-16249 RESERVED CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /pro ...) - prometheus-blackbox-exporter (unimportant) NOTE: https://github.com/prometheus/blackbox_exporter/issues/669 NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/12 NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/3 NOTE: Upstream of the project did disputed the CVE. Upstream position is NOTE: that the refererred behaviour is intended functionality. CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-16246 RESERVED CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...) NOT-FOR-US: Advantech CVE-2020-16244 RESERVED CVE-2020-16243 RESERVED CVE-2020-16242 RESERVED CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...) NOT-FOR-US: Philips SureSigns CVE-2020-16240 RESERVED CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...) NOT-FOR-US: Philips SureSigns CVE-2020-16238 RESERVED CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives input ...) NOT-FOR-US: Philips SureSigns CVE-2020-16236 RESERVED CVE-2020-16235 RESERVED CVE-2020-16234 RESERVED CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...) NOT-FOR-US: CodeMeter CVE-2020-16232 RESERVED CVE-2020-16231 RESERVED CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...) NOT-FOR-US: HMS Networks CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input ...) NOT-FOR-US: Delta Electronics CVE-2020-16226 RESERVED CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...) NOT-FOR-US: Delta Electronics CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16223 (Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffe ...) NOT-FOR-US: Delta Electronics CVE-2020-16222 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16221 (Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buff ...) NOT-FOR-US: Delta Electronics CVE-2020-16220 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16219 (Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds r ...) NOT-FOR-US: Delta Electronics CVE-2020-16218 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16217 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A doubl ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16216 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16215 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16214 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16213 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16212 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out- ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16210 (The affected product is vulnerable to reflected cross-site scripting, ...) NOT-FOR-US: N-Tron CVE-2020-16209 RESERVED CVE-2020-16208 (The affected product is vulnerable to cross-site request forgery, whic ...) NOT-FOR-US: N-Tron CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multipl ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16206 (The affected product is vulnerable to stored cross-site scripting, whi ...) NOT-FOR-US: N-Tron CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated user can ...) NOT-FOR-US: G-Cam and G-Code CVE-2020-16204 (The affected product is vulnerable due to an undocumented interface fo ...) NOT-FOR-US: N-Tron CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation CVE-2020-16202 RESERVED CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Wh ...) NOT-FOR-US: Philips CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...) NOT-FOR-US: Octopus Deploy CVE-2020-16196 RESERVED CVE-2020-16195 RESERVED CVE-2020-16194 RESERVED CVE-2020-16193 (osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.ph ...) NOT-FOR-US: osTicket CVE-2020-16192 (LimeSurvey 4.3.2 allows reflected XSS because application/controllers/ ...) - limesurvey (bug #472802) CVE-2020-16191 RESERVED CVE-2020-16190 RESERVED CVE-2020-16189 RESERVED CVE-2020-16188 RESERVED CVE-2020-16187 RESERVED CVE-2020-16186 REJECTED CVE-2020-16185 RESERVED CVE-2020-16184 RESERVED CVE-2020-16183 RESERVED CVE-2020-16182 RESERVED CVE-2020-16181 RESERVED CVE-2020-16180 RESERVED CVE-2020-16179 RESERVED CVE-2020-16178 RESERVED CVE-2020-16177 RESERVED CVE-2020-16176 RESERVED CVE-2020-16175 RESERVED CVE-2020-16174 RESERVED CVE-2020-16173 RESERVED CVE-2020-16172 RESERVED CVE-2020-16171 RESERVED CVE-2020-16170 (Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Andr ...) NOT-FOR-US: Temi application fo Android CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in temi Robox ...) NOT-FOR-US: Temi Robox OS CVE-2020-16168 (Origin Validation Error in temi Robox OS prior to 120, temi Android ap ...) NOT-FOR-US: Temi firmware CVE-2020-16167 (Missing Authentication for Critical Function in temi Robox OS prior to ...) NOT-FOR-US: Temi Launcher OS CVE-2020-16166 (The Linux kernel through 5.7.11 allows remote attackers to make observ ...) - linux 5.7.17-1 NOTE: https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 CVE-2020-16165 (The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Inj ...) NOT-FOR-US: SpringBlade CVE-2020-16164 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...) NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16163 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...) NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16162 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...) NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16161 RESERVED CVE-2020-16160 RESERVED CVE-2020-16159 RESERVED CVE-2020-16158 RESERVED CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...) NOT-FOR-US: Nagios Log Server CVE-2020-16156 RESERVED CVE-2020-16155 RESERVED CVE-2020-16154 RESERVED CVE-2020-16153 RESERVED CVE-2020-16152 RESERVED CVE-2020-16151 RESERVED CVE-2020-16150 (A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/s ...) - mbedtls NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1 CVE-2020-16149 REJECTED CVE-2020-16148 RESERVED CVE-2020-16147 RESERVED CVE-2020-16146 RESERVED CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ...) {DSA-4744-1 DLA-2322-1} - roundcube 1.4.8+dfsg.1-1 (bug #968216) NOTE: https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 (1.4.8) NOTE: https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b (1.3.15) NOTE: https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e (1.2.12) CVE-2020-16144 RESERVED CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijac ...) - seafile-client (Windows-specific) CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the B ...) NOT-FOR-US: Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles CVE-2020-16141 RESERVED CVE-2020-16140 RESERVED CVE-2020-16139 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified I ...) NOT-FOR-US: Cisco CVE-2020-16138 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Uni ...) NOT-FOR-US: Cisco CVE-2020-16137 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation issue in Cisco ...) NOT-FOR-US: Cisco CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permis ...) NOT-FOR-US: tgstation-server CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buf ...) {DLA-2303-1} - libssh (bug #966560) [buster] - libssh (Minor issue) NOTE: https://bugs.libssh.org/T232 NOTE: https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238 NOTE: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120 CVE-2020-16134 (An issue was discovered on Swisscom Internet Box 2, Internet Box Stand ...) NOT-FOR-US: Swisscom CVE-2020-16133 RESERVED CVE-2020-16132 RESERVED CVE-2020-16131 (Tiki before 21.2 allows XSS because [\s\/"\'] is not properly consider ...) - tikiwiki CVE-2020-16130 RESERVED CVE-2020-16129 RESERVED CVE-2020-16128 RESERVED CVE-2020-16127 RESERVED CVE-2020-16126 RESERVED CVE-2020-16125 RESERVED CVE-2020-16124 RESERVED CVE-2020-16123 RESERVED CVE-2020-16122 RESERVED CVE-2020-16121 RESERVED CVE-2020-16120 RESERVED CVE-2020-16119 RESERVED CVE-2020-16118 (In GNOME Balsa before 2.6.0, a malicious server operator or man in the ...) - balsa 2.6.0-1 [buster] - balsa (Minor issue) [stretch] - balsa (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5 NOTE: https://gitlab.gnome.org/GNOME/balsa/-/issues/23 CVE-2020-16117 (In GNOME evolution-data-server before 3.35.91, a malicious server can ...) {DLA-2309-1} - evolution-data-server 3.36.0-1 [buster] - evolution-data-server (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7 NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189 CVE-2020-16116 (In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can ...) {DSA-4738-1} - ark 4:20.04.3-1 NOTE: https://kde.org/info/security/advisory-20200730-1.txt NOTE: https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f CVE-2020-16115 RESERVED CVE-2020-16114 RESERVED CVE-2020-16113 RESERVED CVE-2020-16112 RESERVED CVE-2020-16111 RESERVED CVE-2020-16110 RESERVED CVE-2020-16109 RESERVED CVE-2020-16108 RESERVED CVE-2020-16107 RESERVED CVE-2020-16106 RESERVED CVE-2020-16105 RESERVED CVE-2020-16104 RESERVED CVE-2020-16103 RESERVED CVE-2020-16102 RESERVED CVE-2020-16101 (It is possible for an unauthenticated remote DCOM websocket connection ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16100 (It is possible for an unauthenticated remote DCOM websocket connection ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16099 (In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possi ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16098 (It is possible to enumerate access card credentials via an unauthentic ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16097 (On controllers running versions of v8.20 prior to vCR8.20.200221b (dis ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16096 (In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.0 ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 all ...) NOT-FOR-US: dlf for TYPO3 CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...) - claws-mail (bug #966630) [buster] - claws-mail (Minor issue) [stretch] - claws-mail (Minor issue) NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313 CVE-2020-16093 RESERVED - lemonldap-ng 2.0.9+ds-1 [buster] - lemonldap-ng (Minor issue) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250 CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...) {DSA-4760-1 DLA-2373-1} - qemu 1:5.1+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8 CVE-2020-16091 RESERVED CVE-2020-16090 RESERVED CVE-2020-16089 RESERVED CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows authenticatio ...) NOT-FOR-US: OpenIKED CVE-2020-16087 (An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An a ...) NOT-FOR-US: VNG Zalo Desktop CVE-2020-16086 RESERVED CVE-2020-16085 RESERVED CVE-2020-16084 RESERVED CVE-2020-16083 RESERVED CVE-2020-16082 RESERVED CVE-2020-16081 RESERVED CVE-2020-16080 RESERVED CVE-2020-16079 RESERVED CVE-2020-16078 RESERVED CVE-2020-16077 RESERVED CVE-2020-16076 RESERVED CVE-2020-16075 RESERVED CVE-2020-16074 RESERVED CVE-2020-16073 RESERVED CVE-2020-16072 RESERVED CVE-2020-16071 RESERVED CVE-2020-16070 RESERVED CVE-2020-16069 RESERVED CVE-2020-16068 RESERVED CVE-2020-16067 RESERVED CVE-2020-16066 RESERVED CVE-2020-16065 RESERVED CVE-2020-16064 RESERVED CVE-2020-16063 RESERVED CVE-2020-16062 RESERVED CVE-2020-16061 RESERVED CVE-2020-16060 RESERVED CVE-2020-16059 RESERVED CVE-2020-16058 RESERVED CVE-2020-16057 RESERVED CVE-2020-16056 RESERVED CVE-2020-16055 RESERVED CVE-2020-16054 RESERVED CVE-2020-16053 RESERVED CVE-2020-16052 RESERVED CVE-2020-16051 RESERVED CVE-2020-16050 RESERVED CVE-2020-16049 RESERVED CVE-2020-16048 RESERVED CVE-2020-16047 RESERVED CVE-2020-16046 RESERVED CVE-2020-16045 RESERVED CVE-2020-16044 RESERVED CVE-2020-16043 RESERVED CVE-2020-16042 RESERVED CVE-2020-16041 RESERVED CVE-2020-16040 RESERVED CVE-2020-16039 RESERVED CVE-2020-16038 RESERVED CVE-2020-16037 RESERVED CVE-2020-16036 RESERVED CVE-2020-16035 RESERVED CVE-2020-16034 RESERVED CVE-2020-16033 RESERVED CVE-2020-16032 RESERVED CVE-2020-16031 RESERVED CVE-2020-16030 RESERVED CVE-2020-16029 RESERVED CVE-2020-16028 RESERVED CVE-2020-16027 RESERVED CVE-2020-16026 RESERVED CVE-2020-16025 RESERVED CVE-2020-16024 RESERVED CVE-2020-16023 RESERVED CVE-2020-16022 RESERVED CVE-2020-16021 RESERVED CVE-2020-16020 RESERVED CVE-2020-16019 RESERVED CVE-2020-16018 RESERVED CVE-2020-16017 RESERVED CVE-2020-16016 RESERVED CVE-2020-16015 RESERVED CVE-2020-16014 RESERVED CVE-2020-16013 RESERVED CVE-2020-16012 RESERVED CVE-2020-16011 RESERVED CVE-2020-16010 RESERVED CVE-2020-16009 RESERVED CVE-2020-16008 RESERVED CVE-2020-16007 RESERVED CVE-2020-16006 RESERVED CVE-2020-16005 RESERVED CVE-2020-16004 RESERVED CVE-2020-16003 RESERVED CVE-2020-16002 RESERVED CVE-2020-16001 RESERVED CVE-2020-16000 RESERVED CVE-2020-15999 RESERVED CVE-2020-15998 RESERVED CVE-2020-15997 RESERVED CVE-2020-15996 RESERVED CVE-2020-15995 RESERVED CVE-2020-15994 RESERVED CVE-2020-15993 RESERVED CVE-2020-15992 RESERVED CVE-2020-15991 RESERVED CVE-2020-15990 RESERVED CVE-2020-15989 RESERVED CVE-2020-15988 RESERVED CVE-2020-15987 RESERVED CVE-2020-15986 RESERVED CVE-2020-15985 RESERVED CVE-2020-15984 RESERVED CVE-2020-15983 RESERVED CVE-2020-15982 RESERVED CVE-2020-15981 RESERVED CVE-2020-15980 RESERVED CVE-2020-15979 RESERVED CVE-2020-15978 RESERVED CVE-2020-15977 RESERVED CVE-2020-15976 RESERVED CVE-2020-15975 RESERVED CVE-2020-15974 RESERVED CVE-2020-15973 RESERVED CVE-2020-15972 RESERVED CVE-2020-15971 RESERVED CVE-2020-15970 RESERVED CVE-2020-15969 RESERVED CVE-2020-15968 RESERVED CVE-2020-15967 RESERVED CVE-2020-15966 RESERVED CVE-2020-15965 RESERVED CVE-2020-15964 RESERVED CVE-2020-15963 RESERVED CVE-2020-15962 RESERVED CVE-2020-15961 RESERVED CVE-2020-15960 RESERVED CVE-2020-15959 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An insecure dire ...) NOT-FOR-US: 1CRM System CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...) NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T) CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...) NOT-FOR-US: ACTi NVR3 Standard Server CVE-2020-15955 RESERVED CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...) {DLA-2300-1} - kdepim-runtime 4:20.04.1-2 (bug #966666) [buster] - kdepim-runtime (Minor issue) - kmail-account-wizard 4:20.04.1-2 (bug #966667) [buster] - kmail-account-wizard (Minor issue) NOTE: https://bugs.kde.org/show_bug.cgi?id=423426 NOTE: kdepim-runtime: https://invent.kde.org/pim/kdepim-runtime/commit/bd64ab29116aa7318fdee7f95878ff97580162f2 NOTE: kmail-account-wizard: https://invent.kde.org/pim/kmail-account-wizard/commit/a64d80e523edce7d3d59c26834973418fae042f6 CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other ...) {DLA-2329-1} - libetpan (bug #966647) [buster] - libetpan (Minor issue) NOTE: https://github.com/dinhvh/libetpan/issues/386 NOTE: https://github.com/dinhvh/libetpan/pull/387 NOTE: https://github.com/dinhvh/libetpan/pull/388 CVE-2020-15952 RESERVED CVE-2020-15951 RESERVED CVE-2020-15950 RESERVED CVE-2020-15949 RESERVED CVE-2020-15948 RESERVED CVE-2020-25573 (An issue was discovered in the linked-hash-map crate before 0.5.3 for ...) - rust-linked-hash-map (bug #966246) [buster] - rust-linked-hash-map (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0026.html CVE-2020-15947 (A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do end ...) NOT-FOR-US: Loway QueueMetrics CVE-2020-15946 RESERVED CVE-2020-15945 (Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c ...) - lua5.4 - lua5.3 - lua5.2 - lua5.1 - lua50 NOTE: https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3 NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00123.html NOTE: check 5.3, 5.2, 5.1 and 5.0 lua versions, different code but might be affected in similar way on updating oldpc value CVE-2020-15944 (An issue was discovered in the Gantt-Chart module before 5.5.5 for Jir ...) NOT-FOR-US: Gantt-Chart module for Jira CVE-2020-15943 (An issue was discovered in the Gantt-Chart module before 5.5.4 for Jir ...) NOT-FOR-US: Gantt-Chart module for Jira CVE-2020-15942 RESERVED CVE-2020-15941 RESERVED CVE-2020-15940 RESERVED CVE-2020-15939 RESERVED CVE-2020-15938 RESERVED CVE-2020-15937 RESERVED CVE-2020-15936 RESERVED CVE-2020-15935 RESERVED CVE-2020-15934 RESERVED CVE-2020-15933 RESERVED CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...) NOT-FOR-US: Overwolf CVE-2020-15931 RESERVED CVE-2020-15930 RESERVED CVE-2020-15929 RESERVED CVE-2020-15928 RESERVED CVE-2020-15927 RESERVED CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...) NOT-FOR-US: Rocket.Chat CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...) NOT-FOR-US: Loway QueueMetrics CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that leads t ...) NOT-FOR-US: Mida eFramework CVE-2020-15923 (Mida eFramework through 2.9.0 allows unauthenticated ../ directory tra ...) NOT-FOR-US: Mida eFramework CVE-2020-15922 (There is an OS Command Injection in Mida eFramework 2.9.0 that allows ...) NOT-FOR-US: Mida eFramework CVE-2020-15921 (Mida eFramework through 2.9.0 has a back door that permits a change of ...) NOT-FOR-US: Mida eFramework CVE-2020-15920 (There is an OS Command Injection in Mida eFramework through 2.9.0 that ...) NOT-FOR-US: Mida eFramework CVE-2020-15919 (A Reflected Cross Site Scripting (XSS) vulnerability was discovered in ...) NOT-FOR-US: Mida eFramework CVE-2020-15918 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discov ...) NOT-FOR-US: Mida eFramework CVE-2020-15917 (common/session.c in Claws Mail before 3.17.6 has a protocol violation ...) - claws-mail 3.17.6-1 [buster] - claws-mail (Minor issue) [stretch] - claws-mail (low priority issue) NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5 CVE-2020-15916 (goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices a ...) NOT-FOR-US: Tenda devices CVE-2020-15915 RESERVED CVE-2020-15914 RESERVED CVE-2020-15913 RESERVED CVE-2020-15912 (** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a door b ...) NOT-FOR-US: Tesla CVE-2020-15911 RESERVED CVE-2020-15910 RESERVED CVE-2020-15909 RESERVED CVE-2020-15908 (tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6. ...) NOT-FOR-US: Cauldron cbang CVE-2020-15907 (In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before ...) - mahara CVE-2020-15906 RESERVED CVE-2020-15905 RESERVED CVE-2020-15904 (A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allo ...) NOT-FOR-US: bsdiff4 (different from src:bsdiff) CVE-2020-15903 (An issue was found in Nagios XI before 5.7.3. There is a privilege esc ...) NOT-FOR-US: Nagios XI CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url o ...) NOT-FOR-US: Nagios XI CVE-2020-15901 (In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated ...) NOT-FOR-US: Nagios XI CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50 and 9. ...) - ghostscript 9.52.1~dfsg-1 [buster] - ghostscript (Vulnerable code introduced later) [stretch] - ghostscript (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702582 NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (9.28rc1) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b (9.53.0rc1) CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data related to ...) NOT-FOR-US: Grin CVE-2020-15898 RESERVED CVE-2020-15897 RESERVED CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...) NOT-FOR-US: D-Link CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10 ...) NOT-FOR-US: D-Link CVE-2020-15894 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...) NOT-FOR-US: D-Link CVE-2020-15893 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...) NOT-FOR-US: D-Link CVE-2020-15892 (An issue was discovered in apply.cgi on D-Link DAP-1520 devices before ...) NOT-FOR-US: D-Link CVE-2020-15891 RESERVED CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...) {DLA-2296-1} - luajit (unimportant; bug #966148) NOTE: https://github.com/LuaJIT/LuaJIT/issues/601 NOTE: https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6 NOTE: No security impact, only "exploitable" with untrusted Lua code CVE-2020-15889 (Lua through 5.4.0 has a getobjname heap-based buffer over-read because ...) - lua5.4 5.4.0-2 NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00078.html NOTE: https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312 NOTE: Introduced in 5.4 CVE-2020-15888 (Lua through 5.4.0 mishandles the interaction between stack resizes and ...) - lua5.4 NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00053.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00054.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00071.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00079.html NOTE: https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7 NOTE: https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5 CVE-2020-15887 (A SQL injection vulnerability in softwareupdate_controller.php in the ...) NOT-FOR-US: MunkiReport CVE-2020-15886 (A SQL injection vulnerability in reportdata_controller.php in the repo ...) NOT-FOR-US: MunkiReport CVE-2020-15885 (A Cross-Site Scripting (XSS) vulnerability in the comment module befor ...) NOT-FOR-US: MunkiReport CVE-2020-15884 (A SQL injection vulnerability in TableQuery.php in MunkiReport before ...) NOT-FOR-US: MunkiReport CVE-2020-15883 (A Cross-Site Scripting (XSS) vulnerability in the managedinstalls modu ...) NOT-FOR-US: MunkiReport CVE-2020-15882 (A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6. ...) NOT-FOR-US: MunkiReport CVE-2020-15881 (A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Mun ...) NOT-FOR-US: MunkiReport CVE-2020-15880 RESERVED CVE-2020-15879 (Bitwarden Server 1.35.1 allows SSRF because it does not consider certa ...) NOT-FOR-US: Bitwarden Server NOTE: bitwarden client is ITP'ed as #956836 CVE-2020-15878 RESERVED CVE-2020-15877 (An issue was discovered in LibreNMS before 1.65.1. It has insufficient ...) NOT-FOR-US: LibreNMS CVE-2020-15876 RESERVED CVE-2020-15875 RESERVED CVE-2020-15874 RESERVED CVE-2020-15873 (In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL I ...) NOT-FOR-US: LibreNMS CVE-2020-15872 RESERVED CVE-2020-15871 (Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15870 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15869 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15868 (Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15867 RESERVED CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...) - mruby [buster] - mruby (Minor issue) [stretch] - mruby (Minor issue) NOTE: https://github.com/mruby/mruby/issues/5042 NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b CVE-2020-15865 (A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Re ...) NOT-FOR-US: Stimulsoft CVE-2020-15864 RESERVED CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...) {DSA-4760-1 DLA-2288-1} - qemu 1:5.0-12 NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555 CVE-2020-15861 (Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX ...) {DSA-4746-1 DLA-2313-1} - net-snmp 5.8+dfsg-5 (bug #966599) NOTE: https://github.com/net-snmp/net-snmp/issues/145 NOTE: https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic ...) NOT-FOR-US: Parallels CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...) - qemu (bug #965978) [buster] - qemu (Minor issue, can be fixed along in next DSA) [stretch] - qemu (Minor issue, can be fixed along in next DLA) NOTE: Proposed patch: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html NOTE: https://bugs.launchpad.net/qemu/+bug/1886362 CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allo ...) NOT-FOR-US: Thales DIS CVE-2020-15857 RESERVED CVE-2020-15856 RESERVED CVE-2020-15855 RESERVED CVE-2020-15854 RESERVED CVE-2020-15853 RESERVED CVE-2020-XXXX [mpv insecure lua loadpath] - mpv 0.32.0-2 (bug #950816) [buster] - mpv (Minor issue) [stretch] - mpv (Minor issue) NOTE: https://github.com/mpv-player/mpv/commit/cce7062a8a6b6a3b3666aea3ff86db879cba67b6 CVE-2020-15851 RESERVED CVE-2020-15850 RESERVED CVE-2020-15849 RESERVED CVE-2020-15848 RESERVED CVE-2020-15847 RESERVED CVE-2020-15846 RESERVED CVE-2020-15845 RESERVED CVE-2020-15844 RESERVED CVE-2020-15843 RESERVED CVE-2020-15842 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7 ...) NOT-FOR-US: Liferay CVE-2020-15841 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7 ...) NOT-FOR-US: Liferay CVE-2020-15840 RESERVED CVE-2020-15839 RESERVED CVE-2020-15838 RESERVED CVE-2020-15837 RESERVED CVE-2020-15836 RESERVED CVE-2020-15835 RESERVED CVE-2020-15834 RESERVED CVE-2020-15833 RESERVED CVE-2020-15832 RESERVED CVE-2020-15831 (JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in t ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15830 (JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15829 (In JetBrains TeamCity before 2019.2.3, password parameters could be di ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15828 (In JetBrains TeamCity before 2020.1.1, project parameter values can be ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15827 (In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signatu ...) NOT-FOR-US: JetBrains ToolBox CVE-2020-15826 (In JetBrains TeamCity before 2020.1, users are able to assign more per ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15825 (In JetBrains TeamCity before 2020.1, users with the Modify Group permi ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15824 (In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not aff ...) - kotlin (bug #892842) CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15822 RESERVED CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without permission is ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser could di ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15819 (JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that all ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15818 (In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user could execu ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15862 (Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP ...) {DSA-4746-1 DLA-2299-1} - net-snmp 5.8+dfsg-4 (bug #965166) NOTE: The commit https://github.com/net-snmp/net-snmp/commit/c2b96ee744392243782094432f657ded4e985a07 NOTE: disables NET-SNMP-EXTEND-MIB support by default. But it is still NOTE: possible to enable the MIB via --with-mib-modules configure option. NOTE: Upstream reverted the change and the solution is to make NET-SNMP-EXTEND-MIB NOTE: read-only, cf. https://bugs.debian.org/966544 NOTE: Disabling was reverted with: https://github.com/net-snmp/net-snmp/commit/4097a311e952d3b5c12610102bb4cc2fe72b56e5 NOTE: Makes extended mib read-only: NOTE: https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious applicat ...) NOT-FOR-US: Western Digital WD Discovery CVE-2020-15815 RESERVED CVE-2020-15814 RESERVED CVE-2020-15813 (Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers ...) - graylog2 (bug #652273) CVE-2020-15812 RESERVED CVE-2020-15811 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...) {DSA-4751-1} - squid 4.13-1 (bug #968932) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_8.patch CVE-2020-24606 (Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...) {DSA-4751-1} - squid 4.13-1 (bug #968933) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch CVE-2020-15810 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...) {DSA-4751-1} - squid 4.13-1 (bug #968934) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_10.patch CVE-2020-15809 RESERVED CVE-2020-15808 RESERVED CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted ...) - libredwg (bug #595191) CVE-2020-15806 (CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Me ...) NOT-FOR-US: CODESYS CVE-2020-15805 RESERVED CVE-2020-15804 RESERVED CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...) {DLA-2311-1} - zabbix 1:5.0.2+dfsg-1 (bug #966146) [buster] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-18057 CVE-2020-15802 (Devices supporting Bluetooth before 5.1 may allow man-in-the-middle at ...) - linux NOTE: https://www.kb.cert.org/vuls/id/589825/ CVE-2020-15801 (In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ...) - python3.9 (Windows-specific) - python3.8 (Windows-specific) - python3.7 (Windows-specific) - python3.5 (Windows-specific) - python2.7 (Windows-specific) CVE-2020-15852 (An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used ...) - linux 5.7.10-1 [buster] - linux (Only affects 5.5 and later) [stretch] - linux (Only affects 5.5 and later) NOTE: https://www.openwall.com/lists/oss-security/2020/07/16/1 CVE-2020-15800 RESERVED CVE-2020-15799 RESERVED CVE-2020-15798 RESERVED CVE-2020-15797 RESERVED CVE-2020-15796 RESERVED CVE-2020-15795 RESERVED CVE-2020-15794 RESERVED CVE-2020-15793 RESERVED CVE-2020-15792 RESERVED CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...) NOT-FOR-US: Siemens CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) NOT-FOR-US: Siemens CVE-2020-15789 (A vulnerability has been identified in Polarion Subversion Webclient ( ...) NOT-FOR-US: Siemens CVE-2020-15788 (A vulnerability has been identified in Polarion Subversion Webclient ( ...) NOT-FOR-US: Siemens CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI United Comfort Pane ...) NOT-FOR-US: Siemens CVE-2020-15786 (A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Ge ...) NOT-FOR-US: Siemens CVE-2020-15785 (A vulnerability has been identified in Siveillance Video Client (All v ...) NOT-FOR-US: Siveillance Video Client CVE-2020-15784 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) NOT-FOR-US: Spectrum Power 4 CVE-2020-15783 RESERVED CVE-2020-15782 RESERVED CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...) NOT-FOR-US: SICAM CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...) NOT-FOR-US: Node socket.io-file CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...) - linux 5.7.10-1 [stretch] - linux (securelevel included but not supported) NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/3 NOTE: Fixed by: https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354 CVE-2020-15778 (scp in OpenSSH through 8.3p1 allows command injection in scp.c remote ...) - openssh (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860487 NOTE: https://github.com/cpandya2909/CVE-2020-15778 NOTE: Negligible security impact, changing the scp protocol can have a good chance NOTE: of breaking existing workflows. CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...) NOT-FOR-US: Maven Extension plugin for Gradle Enterprise CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF m ...) TODO: check CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrest ...) TODO: check CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Becaus ...) TODO: check CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because ...) TODO: check CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There ...) TODO: check CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...) TODO: check CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. There is a lack o ...) TODO: check CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...) TODO: check CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...) TODO: check CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of ...) TODO: check CVE-2020-15766 RESERVED CVE-2020-15765 RESERVED CVE-2020-15764 RESERVED CVE-2020-15763 RESERVED CVE-2020-15762 RESERVED CVE-2020-15761 RESERVED CVE-2020-15760 RESERVED CVE-2020-15759 RESERVED CVE-2020-15758 RESERVED CVE-2020-15757 RESERVED CVE-2020-15756 RESERVED CVE-2020-15755 RESERVED CVE-2020-15754 RESERVED CVE-2020-15753 RESERVED CVE-2020-15752 RESERVED CVE-2020-15751 RESERVED CVE-2020-15750 RESERVED CVE-2020-15749 RESERVED CVE-2020-15748 RESERVED CVE-2020-15747 RESERVED CVE-2020-15746 RESERVED CVE-2020-15745 RESERVED CVE-2020-15744 RESERVED CVE-2020-15743 RESERVED CVE-2020-15742 RESERVED CVE-2020-15741 RESERVED CVE-2020-15740 RESERVED CVE-2020-15739 RESERVED CVE-2020-15738 RESERVED CVE-2020-15737 RESERVED CVE-2020-15736 RESERVED CVE-2020-15735 RESERVED CVE-2020-15734 RESERVED CVE-2020-15733 RESERVED CVE-2020-15732 RESERVED CVE-2020-15731 RESERVED CVE-2020-15730 RESERVED CVE-2020-15729 RESERVED CVE-2020-15728 RESERVED CVE-2020-15727 RESERVED CVE-2020-15726 RESERVED CVE-2020-15725 RESERVED CVE-2020-15724 (In the version 12.1.0.1005 and below of 360 Total Security, when the G ...) NOT-FOR-US: 360 Total Security CVE-2020-15723 (In the version 12.1.0.1004 and below of 360 Total Security, when the m ...) NOT-FOR-US: 360 Total Security CVE-2020-15722 (In version 12.1.0.1004 and below of 360 Total Security,when TPI calls ...) NOT-FOR-US: 360 Total Security CVE-2020-15721 (RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XS ...) NOT-FOR-US: RosarioSIS CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did n ...) - dogtag-pki 10.9.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855273 NOTE: https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72 CVE-2020-15719 (libldap in certain third-party OpenLDAP packages has a certificate-val ...) - openldap (unimportant; bug #965184) NOTE: https://bugs.openldap.org/show_bug.cgi?id=9266 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1740070 NOTE: RedHat/CentOS applied patch: https://git.centos.org/rpms/openldap/raw/67459960064be9d226d57c5f82aaba0929876813/f/SOURCES/openldap-tlso-dont-check-cn-when-bad-san.patch NOTE: OpenLDAP upstream did dispute the issue as beeing valid, as the current libldap NOTE: behaviour does conform with RFC4513. RFC6125 does not superseed the rules for NOTE: verifying service identity provided in specifications for existing application NOTE: protocols published prior to RFC6125, like RFC4513 for LDAP. CVE-2020-15718 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) NOT-FOR-US: RosarioSIS CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) NOT-FOR-US: RosarioSIS CVE-2020-15716 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) NOT-FOR-US: RosarioSIS CVE-2020-15715 (rConfig 3.9.5 could allow a remote authenticated attacker to execute a ...) NOT-FOR-US: rConfig CVE-2020-15714 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...) NOT-FOR-US: rConfig CVE-2020-15713 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...) NOT-FOR-US: rConfig CVE-2020-15712 (rConfig 3.9.5 could allow a remote authenticated attacker to traverse ...) NOT-FOR-US: rConfig CVE-2020-15711 (In MISP before 2.4.129, setting a favourite homepage was not CSRF prot ...) NOT-FOR-US: MISP CVE-2020-15710 RESERVED CVE-2020-15709 (Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20 ...) {DLA-2339-1} - software-properties (bug #968850) [buster] - software-properties (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/08/03/1 NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286 CVE-2020-15708 [incorrect permissions on the UNIX domain socket allows local attacker to escalate privileges] RESERVED - libvirt (Ubuntu specific issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866270#c2 NOTE: Debian used to use polkit in 1.2.9-rc1-1 and only later on NOTE: enabled as well libvirtd socket activation. Ubuntu OTOH continued NOTE: to ship the Allow-libvirt-group-to-access-the-socket.patch patch NOTE: which caused the CVE-2020-15708 issue. NOTE: Upstream improved documentation in with: NOTE: https://www.redhat.com/archives/libvir-list/2020-August/msg00360.html CVE-2020-15707 (Integer overflows were discovered in the functions grub_cmd_initrd and ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10 CVE-2020-15706 (GRUB2 contains a race condition in grub_script_function_create() leadi ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=426f57383d647406ae9c628c472059c27cd6e040 CVE-2020-15705 (GRUB2 fails to validate kernel signature when booted directly without ...) - grub2 (Vulnerable code specific in Ubuntu) NOTE: Debian's grub_linuxefi_secure_validate has different interface than the one in NOTE: Ubuntu and returns the code from "shim not available" and "kernel signature NOTE: verification failed". The patch for CVE-2020-15705 is essentially about handling NOTE: those two cases in the same way when they were previously handled differently, NOTE: and so not a problem for src:grub2 in Debian. NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 CVE-2020-15704 (The modprobe child process in the ./debian/patches/load_ppp_generic_if ...) - ppp (Ubuntu-specific issue, load_ppp_generic_if_needed.patch not used in Debian) CVE-2020-15703 RESERVED CVE-2020-15702 (TOCTOU Race Condition vulnerability in apport allows a local attacker ...) NOT-FOR-US: Apport CVE-2020-15701 (An unhandled exception in check_ignored() in apport/report.py can be e ...) NOT-FOR-US: Apport CVE-2020-15700 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...) NOT-FOR-US: Joomla! CVE-2020-15699 (An issue was discovered in Joomla! through 3.9.19. Missing validation ...) NOT-FOR-US: Joomla! CVE-2020-15698 (An issue was discovered in Joomla! through 3.9.19. Inadequate filterin ...) NOT-FOR-US: Joomla! CVE-2020-15697 (An issue was discovered in Joomla! through 3.9.19. Internal read-only ...) NOT-FOR-US: Joomla! CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input filte ...) NOT-FOR-US: Joomla! CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...) NOT-FOR-US: Joomla! CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...) - nim 1.2.6-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...) - nim 1.2.6-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...) - nim 1.2.6-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) CVE-2020-15691 RESERVED CVE-2020-15690 RESERVED CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...) NOT-FOR-US: Appweb CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server before 5.1.2 ...) NOT-FOR-US: Embedthis GoAhead CVE-2020-15687 (Missing access control restrictions in the Hypervisor component of the ...) NOT-FOR-US: ACRN Project CVE-2020-15686 RESERVED CVE-2020-15685 RESERVED CVE-2020-15684 RESERVED CVE-2020-15683 RESERVED CVE-2020-15682 RESERVED CVE-2020-15681 RESERVED CVE-2020-15680 RESERVED CVE-2020-15679 RESERVED CVE-2020-15678 RESERVED CVE-2020-15677 RESERVED CVE-2020-15676 RESERVED CVE-2020-15675 RESERVED CVE-2020-15674 RESERVED CVE-2020-15673 RESERVED CVE-2020-15672 RESERVED CVE-2020-15671 RESERVED CVE-2020-15670 RESERVED - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670 CVE-2020-15669 RESERVED {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1} - firefox-esr 68.12.0esr-1 - thunderbird 1:68.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15669 CVE-2020-15668 RESERVED - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15668 CVE-2020-15667 RESERVED - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15667 CVE-2020-15666 RESERVED - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15666 CVE-2020-15665 RESERVED - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665 CVE-2020-15664 RESERVED {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1} - firefox 80.0-1 - firefox-esr 68.12.0esr-1 - thunderbird 1:68.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15664 CVE-2020-15663 RESERVED - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15663 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15663 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15663 CVE-2020-15662 (A rogue webpage could override the injected WKUserScript used by the d ...) - firefox (Specific to Firefox for iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15662 CVE-2020-15661 (A rogue webpage could override the injected WKUserScript used by the l ...) - firefox (Specific to Firefox for iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15661 CVE-2020-15660 RESERVED CVE-2020-15659 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1} - firefox 79.0-1 - firefox-esr 68.11.0esr-1 - thunderbird 1:68.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15659 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15659 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15659 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15659 CVE-2020-15658 (The code for downloading files did not properly take care of special c ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15658 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658 CVE-2020-15657 (Firefox could be made to load attacker-supplied DLL files from the ins ...) - firefox (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15657 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15657 CVE-2020-15656 (JIT optimizations involving the Javascript arguments object could conf ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15656 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15656 CVE-2020-15655 (A redirected HTTP request which is observed or modified through a web ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15655 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15655 CVE-2020-15654 (When in an endless loop, a website specifying a custom cursor using CS ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15654 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15654 CVE-2020-15653 (An iframe sandbox element with the allow-popups flag could be bypassed ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15653 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15653 CVE-2020-15652 (By observing the stack trace for JavaScript errors in web workers, it ...) {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1} - firefox 79.0-1 - firefox-esr 68.11.0esr-1 - thunderbird 1:68.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15652 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15652 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15652 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15652 CVE-2020-15651 (A unicode RTL order character in the downloaded file name can be used ...) - firefox (Specific to Firefox for iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15651 CVE-2020-15650 (Given an installed malicious file picker application, an attacker was ...) - firefox-esr (Android specific) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15650 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15650 CVE-2020-15649 (Given an installed malicious file picker application, an attacker was ...) - firefox-esr (Android specific) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15649 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15649 CVE-2020-15648 (Using object or embed tags, it was possible to frame other websites, e ...) - firefox 78.0.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-28/#CVE-2020-15648 CVE-2020-15647 (A Content Provider in Firefox for Android allowed local files accessib ...) - firefox (Only affects Firefox for Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-27/#CVE-2020-15647 CVE-2020-15646 RESERVED {DSA-4718-1} - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646 CVE-2020-15645 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15644 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15643 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15642 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15641 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15640 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15639 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15638 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-15637 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-15636 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Netgear CVE-2020-15635 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-15634 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-15633 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-15631 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2020-15630 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-15629 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-15628 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15627 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15626 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15625 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15624 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15623 (This vulnerability allows remote attackers to write arbitrary files on ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15622 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15621 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15620 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15619 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15618 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15617 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15616 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15615 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15614 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15613 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15612 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15611 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15610 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15609 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15608 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15607 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15606 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15605 (If LDAP authentication is enabled, an LDAP authentication bypass vulne ...) NOT-FOR-US: Trend Micro CVE-2020-15604 RESERVED CVE-2020-15603 (An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v1 ...) NOT-FOR-US: Trend Micro CVE-2020-15602 (An untrusted search path remote code execution (RCE) vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2020-15601 (If LDAP authentication is enabled, an LDAP authentication bypass vulne ...) NOT-FOR-US: Trend Micro CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to ...) NOT-FOR-US: CMSUno CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...) NOT-FOR-US: Victor CMS CVE-2020-15598 RESERVED {DSA-4765-1} - modsecurity 3.0.4-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879588 NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/ NOTE: https://coreruleset.org/20200914/cve-2020-15598/ NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2348 CVE-2020-15597 (SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statute ...) NOT-FOR-US: SOPlanning CVE-2020-15596 (The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on var ...) NOT-FOR-US: ALPS ALPINE touchpad driver for Windows CVE-2020-XXXX [veyon-configurator tmp handling] - veyon 4.4.1+repack1-1 (bug #964568) [buster] - veyon (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/07/07/1 CVE-2020-15595 RESERVED CVE-2020-15594 RESERVED CVE-2020-15593 (SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It u ...) NOT-FOR-US: SteelCentral Aternity Agent CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privil ...) NOT-FOR-US: SteelCentral Aternity Agent CVE-2020-15591 RESERVED CVE-2020-15590 (A vulnerability in the Private Internet Access (PIA) VPN Client for Li ...) NOT-FOR-US: Private Internet Access client for Linux CVE-2020-15589 RESERVED CVE-2020-15588 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-15587 RESERVED CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net ...) - golang-1.15 1.15~rc1-1 - golang-1.14 1.14.6-1 - golang-1.11 [buster] - golang-1.11 (Minor issue, can be fixed along in next DSA) - golang-1.8 [stretch] - golang-1.8 (Minor issue) - golang-1.7 [stretch] - golang-1.7 (Minor issue) - golang NOTE: https://github.com/golang/go/issues/34902 NOTE: https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ CVE-2020-15585 RESERVED CVE-2020-15584 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15583 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15582 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15581 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15580 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15579 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15578 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15577 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15576 (SolarWinds Serv-U File Server before 15.2.1 allows information disclos ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2020-15575 (SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2020-15574 (SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site c ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulner ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2020-15572 (Tor before 0.4.3.6 has an out-of-bounds memory access that allows a re ...) - tor 0.4.3.6-1 (unimportant) NOTE: Tor in Debian doesn't use NSS NOTE: https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes CVE-2020-15571 RESERVED CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 m ...) NOT-FOR-US: Whoopsie CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...) {DLA-2292-1} - milkytracker 1.02.00+dfsg-2.1 (bug #964797) [buster] - milkytracker (Minor issue) NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf CVE-2020-15568 RESERVED CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel guest OS ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-328.html CVE-2020-15566 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-317.html CVE-2020-15565 (An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-321.html CVE-2020-15564 (An issue was discovered in Xen through 4.13.x, allowing Arm guest OS u ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-327.html CVE-2020-15563 (An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-319.html CVE-2020-15561 RESERVED CVE-2020-15560 RESERVED CVE-2020-15559 RESERVED CVE-2020-15558 RESERVED CVE-2020-15557 RESERVED CVE-2020-15556 RESERVED CVE-2020-15555 RESERVED CVE-2020-15554 RESERVED CVE-2020-15553 RESERVED CVE-2020-15552 RESERVED CVE-2020-15551 RESERVED CVE-2020-15550 RESERVED CVE-2020-15549 RESERVED CVE-2020-15548 RESERVED CVE-2020-15547 RESERVED CVE-2020-15546 RESERVED CVE-2020-15545 RESERVED CVE-2020-15544 RESERVED CVE-2020-15543 (SolarWinds Serv-U FTP server before 15.2.1 does not validate an argume ...) NOT-FOR-US: SolarWinds Serv-U FTP server CVE-2020-15542 (SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD comman ...) NOT-FOR-US: SolarWinds Serv-U FTP server CVE-2020-15541 (SolarWinds Serv-U FTP server before 15.2.1 allows remote command execu ...) NOT-FOR-US: SolarWinds Serv-U FTP server CVE-2020-15562 (An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x befo ...) {DSA-4720-1} - roundcube 1.4.7+dfsg.1-1 (bug #964355) [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u6 NOTE: 1.4.x https://github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82 NOTE: 1.3.x https://github.com/roundcube/roundcubemail/commit/19502419757a976dbd55ce5a746610c5bab7896b NOTE: 1.2.x https://github.com/roundcube/roundcubemail/commit/f3d1566cf223eb04f47b6dfffcd88753f66c36ee CVE-2020-15540 (We-com OpenData CMS 2.0 allows SQL Injection via the username field on ...) NOT-FOR-US: We-com OpenData CMS CVE-2020-15539 (SQL injection can occur in We-com Municipality portal CMS 2.1.x via th ...) NOT-FOR-US: We-com Municipality portal CMS CVE-2020-15538 (XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ s ...) NOT-FOR-US: We-com Municipality portal CMS CVE-2020-15537 (An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS ...) NOT-FOR-US: Vanguard plugin for WordPress CVE-2020-15536 (An issue was discovered in the bestsoftinc Hotel Booking System Pro pl ...) NOT-FOR-US: bestsoftinc Hotel Booking System Pro plugin for WordPress CVE-2020-15535 (An issue was discovered in the bestsoftinc Car Rental System plugin th ...) NOT-FOR-US: bestsoftinc Car Rental System plugin for WordPress CVE-2020-15534 RESERVED CVE-2020-15533 RESERVED CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...) NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK CVE-2020-15531 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...) NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK CVE-2020-15530 (An issue was discovered in Valve Steam Client 2.10.91.91. The installe ...) - steam (Steam on Windows) CVE-2020-15529 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...) NOT-FOR-US: GOG Galaxy client CVE-2020-15528 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...) NOT-FOR-US: GOG Galaxy client CVE-2020-15527 RESERVED CVE-2020-15526 (In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for ...) NOT-FOR-US: Redgate SQL Monitor CVE-2020-15525 (GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of ...) - gitlab (Specific to EE) CVE-2020-15524 RESERVED CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, ...) - python3.8 (Python on Windows) - python2.7 (Python on Windows) CVE-2020-15522 RESERVED CVE-2020-15521 RESERVED CVE-2020-15520 RESERVED CVE-2020-15519 RESERVED CVE-2020-15518 (VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup &a ...) NOT-FOR-US: Veeam CVE-2020-15517 (The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x th ...) NOT-FOR-US: Typo3 extension CVE-2020-15516 (The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be ...) NOT-FOR-US: Typo3 extension CVE-2020-15515 (The turn extension through 0.3.2 for TYPO3 allows Remote Code Executio ...) NOT-FOR-US: Typo3 extension CVE-2020-15514 (The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYP ...) NOT-FOR-US: Typo3 extension CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access ...) NOT-FOR-US: Typo3 extension CVE-2020-15512 RESERVED CVE-2020-15511 (HashiCorp Terraform Enterprise up to v202006-1 contained a default sig ...) NOT-FOR-US: HashiCorp Terraform Enterprise CVE-2020-15510 RESERVED CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library ...) NOT-FOR-US: Nordic Semiconductor CVE-2020-15508 RESERVED CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core versions 10 ...) NOT-FOR-US: MobileIron Core and Connector CVE-2020-15506 (An authentication bypass vulnerability in MobileIron Core & Connec ...) NOT-FOR-US: MobileIron Core and Connector CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core & Connect ...) NOT-FOR-US: MobileIron Core and Connector CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of ...) NOT-FOR-US: Sophos CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...) [experimental] - libraw 0.20.0-1 - libraw 0.20.0-4 (bug #964747) [buster] - libraw (Minor issue) [stretch] - libraw (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477 NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android, ...) NOT-FOR-US: DuckDuckGo application for Android and iOS CVE-2020-15501 RESERVED CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...) NOT-FOR-US: TileServer GL CVE-2020-15499 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...) NOT-FOR-US: ASUS RT-AC1900P routers CVE-2020-15498 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...) NOT-FOR-US: ASUS RT-AC1900P routers CVE-2020-15497 (** DISPUTED ** jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build ...) NOT-FOR-US: Jalios JCMS CVE-2020-15496 RESERVED CVE-2020-15495 RESERVED CVE-2020-15494 RESERVED CVE-2020-15493 RESERVED CVE-2020-15492 (An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 ...) NOT-FOR-US: INNEO CVE-2020-15491 RESERVED CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) NOT-FOR-US: Wavlink WL-WN530HG4 CVE-2020-15489 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) NOT-FOR-US: Wavlink WL-WN530HG4 CVE-2020-15488 RESERVED CVE-2020-15487 RESERVED CVE-2020-15486 (An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because t ...) NOT-FOR-US: Dr Trust ECG Pen 2.00.08 devices CVE-2020-15485 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15484 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15483 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15482 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15481 RESERVED CVE-2020-15480 (An issue was discovered in PassMark BurnInTest through 9.1, OSForensic ...) NOT-FOR-US: PassMark CVE-2020-15479 (An issue was discovered in PassMark BurnInTest through 9.1, OSForensic ...) NOT-FOR-US: PassMark CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of sensiti ...) NOT-FOR-US: Journal theme for OpenCart CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable t ...) NOT-FOR-US: RaspberryTortoise CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...) {DLA-2354-1} - ndpi NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780 NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05 CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...) - ndpi [stretch] - ndpi (Vulnerable code not present, content_disposition_line introduced later) NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...) - ndpi [buster] - ndpi (Vulnerable code not present) [stretch] - ndpi (Vulnerable code not present) NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...) - ndpi [stretch] - ndpi (Vulnerable code introduced later) NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...) - ndpi [stretch] - ndpi (Vulnerable code introduced later) NOTE: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701 CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a heap-b ...) - ndpi [buster] - ndpi (Vulnerable code not present) [stretch] - ndpi (Vulnerable code not present) NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622 CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...) NOT-FOR-US: ffjpeg CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...) - qemu (low; bug #970253) [buster] - qemu (Minor issue, fix along in next DSA) [stretch] - qemu (Minor issue, fix along in next DSA) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1 NOTE: Proposed patch(es): https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html NOTE: Still under review: https://lists.gnu.org/archive/html/qemu-devel/2020-09/msg01569.html CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...) NOT-FOR-US: Persian VIP Download Script CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn appliances ...) NOT-FOR-US: Cohesive Networks vns3:vpn appliances CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infin ...) - wireshark 3.2.5-1 (low) [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-09.html CVE-2020-15465 RESERVED CVE-2020-15464 RESERVED CVE-2020-15463 RESERVED CVE-2020-15462 RESERVED CVE-2020-15461 RESERVED CVE-2020-15460 RESERVED CVE-2020-15459 RESERVED CVE-2020-15458 RESERVED CVE-2020-15457 RESERVED CVE-2020-15456 RESERVED CVE-2020-15455 RESERVED CVE-2020-15454 RESERVED CVE-2020-15453 RESERVED CVE-2020-15452 RESERVED CVE-2020-15451 RESERVED CVE-2020-15450 RESERVED CVE-2020-15449 RESERVED CVE-2020-15448 RESERVED CVE-2020-15447 RESERVED CVE-2020-15446 RESERVED CVE-2020-15445 RESERVED CVE-2020-15444 RESERVED CVE-2020-15443 RESERVED CVE-2020-15442 RESERVED CVE-2020-15441 RESERVED CVE-2020-15440 RESERVED CVE-2020-15439 RESERVED CVE-2020-15438 RESERVED CVE-2020-15437 RESERVED CVE-2020-15436 RESERVED CVE-2020-15435 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15434 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15433 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15432 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15431 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15430 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15429 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15428 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15427 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15426 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15425 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15424 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15423 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15422 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15421 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15420 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15419 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Veeam CVE-2020-15418 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Veeam CVE-2020-15417 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-15416 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, c ...) NOT-FOR-US: DrayTek CVE-2020-15414 RESERVED CVE-2020-15413 RESERVED CVE-2020-15412 (An issue was discovered in MISP 2.4.128. app/Controller/EventsControll ...) NOT-FOR-US: MISP CVE-2020-15411 (An issue was discovered in MISP 2.4.128. app/Controller/AttributesCont ...) NOT-FOR-US: MISP CVE-2020-15410 RESERVED CVE-2020-15409 RESERVED CVE-2020-15408 (An issue was discovered in Pulse Secure Pulse Connect Secure before 9. ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-15407 RESERVED CVE-2020-15406 RESERVED CVE-2020-15405 RESERVED CVE-2020-15404 RESERVED CVE-2020-15403 RESERVED CVE-2020-15402 RESERVED CVE-2020-15401 (IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privile ...) NOT-FOR-US: IOBit Malware Fighter Pro CVE-2020-15400 (CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...) - cakephp [buster] - cakephp (Minor issue) [stretch] - cakephp (Minor issue) CVE-2020-15399 RESERVED CVE-2020-15398 RESERVED CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execut ...) - hylafax (bug #964198) [buster] - hylafax (Minor issue) [stretch] - hylafax (Minor issue) NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/ CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...) - hylafax (bug #964198) [buster] - hylafax (Minor issue) [stretch] - hylafax (Minor issue) NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/ CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based b ...) - libmediainfo (low; bug #967073) [buster] - libmediainfo (Minor issue) [stretch] - libmediainfo (Minor issue) [jessie] - libmediainfo (Minor issue) NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/ CVE-2020-15394 RESERVED CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/m ...) {DLA-2323-1} - linux 5.7.10-1 [buster] - linux 4.19.131-1 NOTE: https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki Supravizio BP ...) NOT-FOR-US: Venki CVE-2020-15391 (The UI in DevSpace 4.13.0 allows web sites to execute actions on pods ...) NOT-FOR-US: DevSpace CVE-2020-15390 RESERVED CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...) {DLA-2277-1} - openjpeg2 (bug #965220) [buster] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1261 NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 CVE-2020-15388 RESERVED CVE-2020-15387 RESERVED CVE-2020-15386 RESERVED CVE-2020-15385 RESERVED CVE-2020-15384 RESERVED CVE-2020-15383 RESERVED CVE-2020-15382 RESERVED CVE-2020-15381 RESERVED CVE-2020-15380 RESERVED CVE-2020-15379 RESERVED CVE-2020-15378 RESERVED CVE-2020-15377 RESERVED CVE-2020-15376 RESERVED CVE-2020-15375 RESERVED CVE-2020-15374 RESERVED CVE-2020-15373 RESERVED CVE-2020-15372 RESERVED CVE-2020-15371 RESERVED CVE-2020-15370 RESERVED CVE-2020-15369 RESERVED CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...) NOT-FOR-US: ASRock RGB Driver CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authenticatio ...) NOT-FOR-US: Venki CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another JSON Sch ...) - node-ajv 6.12.4-1 [buster] - node-ajv (Minor issue) NOTE: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3 CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...) - libraw (Vulnerable code introduced in 0.20-Beta1) NOTE: https://github.com/LibRaw/LibRaw/issues/301 NOTE: https://github.com/LibRaw/LibRaw/commit/55f0a0c08974b8b79ebfa7762b555a1704b25fb2 CVE-2020-15364 (The Nexos theme through 1.7 for WordPress allows top-map/?search_locat ...) NOT-FOR-US: Wordpress theme CVE-2020-15363 (The Nexos theme through 1.7 for WordPress allows side-map/?search_orde ...) NOT-FOR-US: Wordpress theme CVE-2020-15362 (wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection b ...) NOT-FOR-US: thingsSDK WiFi Scanner CVE-2020-15361 RESERVED CVE-2020-15360 (com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalatio ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-15359 RESERVED CVE-2020-15357 RESERVED CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...) - sqlite3 3.32.3-1 [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Vulnerable code introduced in 3.25.0) [jessie] - sqlite3 (Vulnerable code introduced in 3.25.0) NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5 NOTE: https://www.sqlite.org/src/tktview?name=8f157e8010 CVE-2020-15356 REJECTED CVE-2020-15355 REJECTED CVE-2020-15354 REJECTED CVE-2020-15353 RESERVED CVE-2020-15352 RESERVED CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...) NOT-FOR-US: IDrive CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...) NOT-FOR-US: RIOT RIOT-OS CVE-2020-15349 RESERVED CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManag ...) NOT-FOR-US: Zyxel CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b pa ...) NOT-FOR-US: Zyxel CVE-2020-15346 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API wit ...) NOT-FOR-US: Zyxel CVE-2020-15345 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...) NOT-FOR-US: Zyxel CVE-2020-15344 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...) NOT-FOR-US: Zyxel CVE-2020-15343 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...) NOT-FOR-US: Zyxel CVE-2020-15342 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...) NOT-FOR-US: Zyxel CVE-2020-15341 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated upda ...) NOT-FOR-US: Zyxel CVE-2020-15340 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/A ...) NOT-FOR-US: Zyxel CVE-2020-15339 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCa ...) NOT-FOR-US: Zyxel CVE-2020-15338 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...) NOT-FOR-US: Zyxel CVE-2020-15337 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...) NOT-FOR-US: Zyxel CVE-2020-15336 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...) NOT-FOR-US: Zyxel CVE-2020-15335 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...) NOT-FOR-US: Zyxel CVE-2020-15334 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence inje ...) NOT-FOR-US: Zyxel CVE-2020-15333 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discove ...) NOT-FOR-US: Zyxel CVE-2020-15332 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/def ...) NOT-FOR-US: Zyxel CVE-2020-15331 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRE ...) NOT-FOR-US: Zyxel CVE-2020-15330 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in ...) NOT-FOR-US: Zyxel CVE-2020-15329 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permission ...) NOT-FOR-US: Zyxel CVE-2020-15328 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blo ...) NOT-FOR-US: Zyxel CVE-2020-15327 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without a ...) NOT-FOR-US: Zyxel CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate ...) NOT-FOR-US: Zyxel CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cook ...) NOT-FOR-US: Zyxel CVE-2020-15324 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/ ...) NOT-FOR-US: Zyxel CVE-2020-15323 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password ...) NOT-FOR-US: Zyxel CVE-2020-15322 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM ha ...) NOT-FOR-US: Zyxel CVE-2020-15321 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password fo ...) NOT-FOR-US: Zyxel CVE-2020-15320 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for ...) NOT-FOR-US: Zyxel CVE-2020-15319 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15318 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15317 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15316 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...) NOT-FOR-US: Zyxel CVE-2020-15315 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15314 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...) NOT-FOR-US: Zyxel CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15311 (Stash 1.0.3 allows SQL Injection via the downloadmp3.php download para ...) NOT-FOR-US: Stash CVE-2020-15310 RESERVED CVE-2020-15309 (An issue was discovered in wolfSSL before 4.5.0, when single precision ...) - wolfssl 4.5.0+dfsg-1 (bug #969663) NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...) NOT-FOR-US: Support Incident Tracker CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS ( ...) NOT-FOR-US: Nozomi Guardian CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.2-1 - openexr 2.5.3-2 [jessie] - openexr (Minor issue) NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6a9f8af6e89547bcd370ae3cec2b12849eee0b54 CVE-2020-15305 (An issue was discovered in OpenEXR before 2.5.2. Invalid input could c ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.2-1 - openexr 2.5.3-2 [jessie] - openexr (Minor issue) NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/730 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3d03979dc101612e806cdf0b011475d9fa685a73 CVE-2020-15304 (An issue was discovered in OpenEXR before 2.5.2. An invalid tiled inpu ...) [experimental] - openexr 2.5.2-1 - openexr 2.5.3-2 [buster] - openexr (Vulnerable code not present) [stretch] - openexr (Vulnerable code not present) [jessie] - openexr (Minor issue) NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/727 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/36e05c14c612a89c43d4e0b013669ecd7f8e3440 CVE-2020-15303 RESERVED CVE-2020-15302 (In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A0397 ...) NOT-FOR-US: Argent RecoveryManager CVE-2020-15301 RESERVED CVE-2020-15300 RESERVED CVE-2020-15299 (A reflected Cross-Site Scripting (XSS) Vulnerability in the KingCompos ...) NOT-FOR-US: KingComposer plugin for WordPress CVE-2020-15298 RESERVED CVE-2020-15297 RESERVED CVE-2020-15296 RESERVED CVE-2020-15295 RESERVED CVE-2020-15294 RESERVED CVE-2020-15293 RESERVED CVE-2020-15292 RESERVED CVE-2020-15291 RESERVED CVE-2020-15290 RESERVED CVE-2020-15289 RESERVED CVE-2020-15288 RESERVED CVE-2020-15287 RESERVED CVE-2020-15286 RESERVED CVE-2020-15285 RESERVED CVE-2020-15284 RESERVED CVE-2020-15283 RESERVED CVE-2020-15282 RESERVED CVE-2020-15281 RESERVED CVE-2020-15280 RESERVED CVE-2020-15279 RESERVED CVE-2020-15278 RESERVED CVE-2020-15277 RESERVED CVE-2020-15276 RESERVED CVE-2020-15275 RESERVED CVE-2020-15274 RESERVED CVE-2020-15273 RESERVED CVE-2020-15272 RESERVED CVE-2020-15271 RESERVED CVE-2020-15270 RESERVED CVE-2020-15269 RESERVED CVE-2020-15268 RESERVED CVE-2020-15267 RESERVED CVE-2020-15266 RESERVED CVE-2020-15265 RESERVED CVE-2020-15264 RESERVED CVE-2020-15263 RESERVED CVE-2020-15262 RESERVED CVE-2020-15261 RESERVED CVE-2020-15260 RESERVED CVE-2020-15259 RESERVED CVE-2020-15258 RESERVED CVE-2020-15257 RESERVED CVE-2020-15256 RESERVED CVE-2020-15255 RESERVED CVE-2020-15254 RESERVED CVE-2020-15253 RESERVED CVE-2020-15252 RESERVED CVE-2020-15251 RESERVED CVE-2020-15250 RESERVED CVE-2020-15249 RESERVED CVE-2020-15248 RESERVED CVE-2020-15247 RESERVED CVE-2020-15246 RESERVED CVE-2020-15245 RESERVED CVE-2020-15244 RESERVED CVE-2020-15243 RESERVED CVE-2020-15242 RESERVED CVE-2020-15241 RESERVED CVE-2020-15240 RESERVED CVE-2020-15239 RESERVED CVE-2020-15238 RESERVED CVE-2020-15237 RESERVED CVE-2020-15236 RESERVED CVE-2020-15235 RESERVED CVE-2020-15234 RESERVED CVE-2020-15233 RESERVED CVE-2020-15232 RESERVED CVE-2020-15231 RESERVED CVE-2020-15230 RESERVED CVE-2020-15229 RESERVED CVE-2020-15228 RESERVED CVE-2020-15227 RESERVED CVE-2020-15226 RESERVED CVE-2020-15225 RESERVED CVE-2020-15224 RESERVED CVE-2020-15223 RESERVED CVE-2020-15222 RESERVED CVE-2020-15221 RESERVED CVE-2020-15220 RESERVED CVE-2020-15219 RESERVED CVE-2020-15218 RESERVED CVE-2020-15217 RESERVED CVE-2020-15216 RESERVED CVE-2020-15215 RESERVED CVE-2020-15214 RESERVED CVE-2020-15213 RESERVED CVE-2020-15212 RESERVED CVE-2020-15211 RESERVED CVE-2020-15210 RESERVED CVE-2020-15209 RESERVED CVE-2020-15208 RESERVED CVE-2020-15207 RESERVED CVE-2020-15206 RESERVED CVE-2020-15205 RESERVED CVE-2020-15204 RESERVED CVE-2020-15203 RESERVED CVE-2020-15202 RESERVED CVE-2020-15201 RESERVED CVE-2020-15200 RESERVED CVE-2020-15199 RESERVED CVE-2020-15198 RESERVED CVE-2020-15197 RESERVED CVE-2020-15196 RESERVED CVE-2020-15195 RESERVED CVE-2020-15194 RESERVED CVE-2020-15193 RESERVED CVE-2020-15192 RESERVED CVE-2020-15191 RESERVED CVE-2020-15190 RESERVED CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...) NOT-FOR-US: SOY CMS CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...) NOT-FOR-US: SOY CMS CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...) - helm-kubernetes (bug #910799) CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...) - helm-kubernetes (bug #910799) CVE-2020-15185 (In Helm before versions 2.16.11 and 3.3.2, a Helm repository can conta ...) - helm-kubernetes (bug #910799) CVE-2020-15184 (In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the ...) - helm-kubernetes (bug #910799) CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting ...) NOT-FOR-US: SoyCMS CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...) NOT-FOR-US: SoyCMS CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies on untr ...) NOT-FOR-US: Alfresco Reset Password add-on CVE-2020-15180 RESERVED CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...) NOT-FOR-US: ScratchSig MediaWiki extension CVE-2020-15178 (In PrestaShop contactform module (prestashop/contactform) before versi ...) NOT-FOR-US: PrestaShop CVE-2020-15177 RESERVED CVE-2020-15176 RESERVED CVE-2020-15175 RESERVED CVE-2020-15174 RESERVED CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a b ...) NOT-FOR-US: ACCEL-PPP CVE-2020-15172 (The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerabl ...) NOT-FOR-US: Act module for Red Discord Bot CVE-2020-15171 (In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right ...) NOT-FOR-US: XWiki CVE-2020-15170 (apollo-adminservice before version 1.7.1 does not implement access con ...) NOT-FOR-US: apollo-adminservice CVE-2020-15169 (In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potentia ...) - rails 2:6.0.3.3+dfsg-1 (bug #970040) NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml NOTE: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc?pli=1 NOTE: https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e CVE-2020-15168 (node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the si ...) [experimental] - node-fetch 2.6.1-1 - node-fetch (bug #970173) [buster] - node-fetch (Minor issue; Intrusive to backport) NOTE: https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r CVE-2020-15167 (In Miller (command line utility) using the configuration file support ...) - miller 5.9.1+dfsg-1 (bug #969467) [buster] - miller (Introduced in 5.9.0) [stretch] - miller (Introduced in 5.9.0) NOTE: https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw CVE-2020-15166 (In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerabi ...) {DSA-4761-1} - zeromq3 4.3.3-1 NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/3 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m NOTE: https://github.com/zeromq/libzmq/commit/e7f0090b161ce6344f6bd35009816a925c070b09 CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...) NOT-FOR-US: Chameleon Mini Live Debugger CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any account ...) NOT-FOR-US: Scrach Login MediaWiki extension CVE-2020-15163 (Python TUF (The Update Framework) reference implementation before vers ...) - python-tuf (bug #934151) CVE-2020-15162 RESERVED CVE-2020-15161 RESERVED CVE-2020-15160 RESERVED CVE-2020-15159 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) a ...) NOT-FOR-US: baserCMS CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP message ...) NOT-FOR-US: libIEC61850 CVE-2020-15157 RESERVED CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged in user ...) NOT-FOR-US: nodebb-plugin-blog-comments CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...) NOT-FOR-US: baserCMS CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...) NOT-FOR-US: baserCMS CVE-2020-15153 RESERVED CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Req ...) NOT-FOR-US: Node ftp-srv CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...) NOT-FOR-US: OpenMage CVE-2020-15150 (There is a vulnerability in Paginator (Elixir/Hex package) which makes ...) NOT-FOR-US: Paginator CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...) NOT-FOR-US: NodeBB CVE-2020-15148 (Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote cod ...) - yii (bug #597899) CVE-2020-15147 (Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execu ...) NOT-FOR-US: Red Discord Bot CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...) NOT-FOR-US: SyliusResourceBundle CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...) NOT-FOR-US: Composer-Setup for Windows CVE-2020-15144 RESERVED CVE-2020-15143 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...) NOT-FOR-US: SyliusResourceBundle CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with ...) NOT-FOR-US: openapi-python-client CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...) NOT-FOR-US: openapi-python-client CVE-2020-15140 (In Red Discord Bot before version 3.3.11, a RCE exploit has been disco ...) NOT-FOR-US: Red Discord Bot CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visu ...) NOT-FOR-US: MyBB CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview of the ...) - node-prismjs 1.11.0+dfsg-4 (bug #968094) NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9 NOTE: https://github.com/PrismJS/prism/commit/8bba4880202ef6bd7a1e379fe9aebe69dd75f7be CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...) NOT-FOR-US: HoRNDIS CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...) - etcd (bug #968752) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...) NOT-FOR-US: Node save-server CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...) - ruby-faye (bug #967063) [buster] - ruby-faye (Minor issue) NOTE: https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9 NOTE: https://github.com/faye/faye/issues/524 NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of certificat ...) - ruby-faye-websocket (bug #967061) [buster] - ruby-faye-websocket (Minor issue) NOTE: https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv NOTE: https://github.com/faye/faye-websocket-ruby/pull/129 NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ CVE-2020-15132 (In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget pa ...) NOT-FOR-US: Sulu CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...) NOT-FOR-US: Node slp-validate CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...) NOT-FOR-US: Node slpjs CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists ...) NOT-FOR-US: Traefik CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...) NOT-FOR-US: October CMS CVE-2020-15127 (In Contour ( Ingress controller for Kubernetes) before version 1.7.0, ...) NOT-FOR-US: Countour CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...) NOT-FOR-US: Node parser-server CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of specific ...) NOT-FOR-US: Node auth0 CVE-2020-15124 (In Goobi Viewer Core before version 4.8.3, a path traversal vulnerabil ...) NOT-FOR-US: Goobi Viewer Core CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload method has a ...) NOT-FOR-US: Node codedev CVE-2020-15122 RESERVED CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the PDB s ...) - radare2 NOTE: https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 NOTE: https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 NOTE: https://github.com/radareorg/radare2/issues/16945 NOTE: https://github.com/radareorg/radare2/pull/16966 CVE-2020-15120 (In "I hate money" before version 4.1.5, an authenticated member of one ...) NOT-FOR-US: ihatemoney CVE-2020-15119 (In auth0-lock versions before and including 11.25.1, dangerouslySetInn ...) NOT-FOR-US: Node auth0-lock CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is m ...) NOT-FOR-US: Wagtail CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...) - synergy [stretch] - synergy (minor issue, low priority) NOTE: https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39 NOTE: https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp CVE-2020-15116 RESERVED CVE-2020-15115 (etcd before versions 3.3.23 and 3.4.10 does not perform any password l ...) - etcd (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh CVE-2020-15114 (In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simpl ...) - etcd (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 CVE-2020-15113 (In etcd before versions 3.3.23 and 3.4.10, certain directory paths are ...) - etcd (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 CVE-2020-15112 (In etcd before versions 3.3.23 and 3.4.10, it is possible to have an e ...) - etcd (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.Attach ...) NOT-FOR-US: Fiber CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able ...) NOT-FOR-US: jupyterhub-kubespawner CVE-2020-15109 (In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bilit ...) NOT-FOR-US: solidus CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of "Clon ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v NOTE: https://github.com/glpi-project/glpi/commit/a4baa64114eb92fd2adf6056a36e0582324414ba NOTE: https://github.com/glpi-project/glpi/pull/6684 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...) NOT-FOR-US: openenclave CVE-2020-15106 (In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic ...) - etcd (bug #968740) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...) NOT-FOR-US: Django Two-Factor Authentication CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when valid ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-15103 (In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...) - freerdp2 2.2.0+dfsg1-1 (bug #965979) [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Vulnerable gfx code not present) NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381 NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0) NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0) CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...) NOT-FOR-US: PrestaShop CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...) NOT-FOR-US: freewvs CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...) NOT-FOR-US: freewvs CVE-2020-15099 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...) NOT-FOR-US: TYPO3 CVE-2020-15098 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...) NOT-FOR-US: TYPO3 CVE-2020-15097 RESERVED CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...) - electron (bug #842420) CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...) - npm 6.14.6+ds-1 (low; bug #964746) [buster] - npm (Minor issue) NOTE: https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp NOTE: https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc CVE-2020-15094 (In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient cla ...) - symfony 4.4.13+dfsg-1 [buster] - symfony (Vulnerable code introduced later - in v4.4.0) [stretch] - symfony (Vulnerable code introduced later - in v4.4.0) NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r NOTE: https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78 CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does not pro ...) NOT-FOR-US: Rust tough CVE-2020-15092 (In TimelineJS before version 3.7.0, some user data renders as HTML. An ...) NOT-FOR-US: TimelineJS CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6 allows block ...) NOT-FOR-US: TenderMint CVE-2020-15090 RESERVED CVE-2020-15089 RESERVED CVE-2020-15088 RESERVED CVE-2020-15087 (In Presto before version 337, authenticated users can bypass authoriza ...) NOT-FOR-US: Presto query engine, different from src:presto CVE-2020-15086 (In TYPO3 installations with the "mediace" extension from version 7.6.2 ...) NOT-FOR-US: TYPO3 CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used to authe ...) NOT-FOR-US: Saleor Storefront CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, the algor ...) NOT-FOR-US: Node express-jwt CVE-2020-15083 (In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a ta ...) NOT-FOR-US: PrestaShop CVE-2020-15082 (In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the das ...) NOT-FOR-US: PrestaShop CVE-2020-15081 (In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is inform ...) NOT-FOR-US: PrestaShop CVE-2020-15080 (In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some fi ...) NOT-FOR-US: PrestaShop CVE-2020-15079 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there i ...) NOT-FOR-US: PrestaShop CVE-2020-15078 RESERVED CVE-2020-15077 RESERVED CVE-2020-15076 RESERVED CVE-2020-15075 RESERVED CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 generates new user auth ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...) - phplist (bug #612288) CVE-2020-15072 (An issue was discovered in phpList through 3.5.4. An error-based SQL I ...) - phplist (bug #612288) CVE-2020-15071 (content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS ...) NOT-FOR-US: Symphony CMS CVE-2020-15070 (Zulip Server 2.x before 2.1.7 allows eval injection if a privileged at ...) - zulip-server (bug #800052) CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow an ...) NOT-FOR-US: Sophos CVE-2020-15068 RESERVED CVE-2020-15067 RESERVED CVE-2020-15066 RESERVED CVE-2020-15065 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15064 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15063 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15062 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15061 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15060 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15059 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15058 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15057 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15056 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15055 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15054 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15053 (An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflec ...) NOT-FOR-US: Artica Proxy CVE-2020-15052 (An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL In ...) NOT-FOR-US: Artica Proxy CVE-2020-15051 (An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS ...) NOT-FOR-US: Artica Proxy CVE-2020-15050 (An issue was discovered in the Video Extension in Suprema BioStar 2 be ...) NOT-FOR-US: Suprema BioStar CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...) {DSA-4732-1} - squid 4.12-1 - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch CVE-2020-15048 RESERVED CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification er ...) - trojita (bug #795701) CVE-2020-15046 (The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a ...) NOT-FOR-US: Supermicro CVE-2020-15045 RESERVED CVE-2020-15044 RESERVED CVE-2020-15043 (iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling ...) NOT-FOR-US: iBall WRB303N devices CVE-2020-15042 RESERVED CVE-2020-15041 (PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Ad ...) NOT-FOR-US: PHP-Fusion CVE-2020-15040 RESERVED CVE-2020-15039 RESERVED CVE-2020-15038 (The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. ...) NOT-FOR-US: WordPress plugin CVE-2020-15037 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15036 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15035 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15034 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15033 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15032 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15031 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15030 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...) NOT-FOR-US: NeDi CVE-2020-15027 (ConnectWise Automate through 2020.x has insufficient validation on cer ...) NOT-FOR-US: ConnectWise CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...) NOT-FOR-US: Bludit CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...) - ntp (low; bug #963807) [buster] - ntp (Minor issue) [stretch] - ntp (Vulnerable code introduced later) [jessie] - ntp (Vulnerable code introduced later) - ntpsec (Vulnerable code not present) NOTE: https://support.ntp.org/bin/view/Main/NtpBug3661 NOTE: https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea NOTE: https://bugs.ntp.org/show_bug.cgi?id=3661 CVE-2020-15024 (An issue was discovered in the Login Password feature of the Password ...) NOT-FOR-US: Avast Antivirus CVE-2020-15023 RESERVED CVE-2020-15022 RESERVED CVE-2020-15021 RESERVED CVE-2020-15020 (An issue was discovered in the Elementor plugin through 2.9.13 for Wor ...) NOT-FOR-US: Elementor plugin for WordPress CVE-2020-15019 RESERVED CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation. ...) NOT-FOR-US: playSMS CVE-2020-15017 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices ...) NOT-FOR-US: NeDi CVE-2020-15016 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-C ...) NOT-FOR-US: NeDi CVE-2020-15015 (The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XS ...) NOT-FOR-US: FileExplorer component in GleamTech FileUltimate CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. ...) NOT-FOR-US: BlogCMS CVE-2020-15013 RESERVED CVE-2020-15012 RESERVED CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...) {DLA-2276-1 DLA-2265-1} - mailman [buster] - mailman (Minor issue) NOTE: https://bugs.launchpad.net/mailman/+bug/1877379 CVE-2020-15010 RESERVED CVE-2020-15009 (AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe i ...) NOT-FOR-US: ASUS CVE-2020-15008 (A SQLi exists in the probe code of all Connectwise Automate versions b ...) NOT-FOR-US: Connectwise CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...) - rbdoom3bfg (unimportant) NOTE: https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec NOTE: Problematic code not built CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document ...) NOT-FOR-US: Bludit CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...) - mediawiki 1:1.31.8-1 [buster] - mediawiki (Minor issue) [stretch] - mediawiki (Minor issue) NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html CVE-2020-15004 RESERVED CVE-2020-15003 RESERVED CVE-2020-15002 RESERVED CVE-2020-15001 (An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0 ...) NOT-FOR-US: Yubico YubiKey 5 NFC devices CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5 devices 5. ...) NOT-FOR-US: Yubico YubiKey 5 devices CVE-2020-14999 RESERVED CVE-2020-14998 RESERVED CVE-2020-14997 RESERVED CVE-2020-14996 RESERVED CVE-2020-14995 RESERVED CVE-2020-14994 RESERVED CVE-2020-14993 (A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vig ...) NOT-FOR-US: DrayTek devices CVE-2020-14992 RESERVED CVE-2020-14991 RESERVED CVE-2020-14990 (IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain p ...) NOT-FOR-US: IOBit Advanced SystemCare Free CVE-2020-14989 RESERVED CVE-2020-14988 RESERVED CVE-2020-14987 RESERVED CVE-2020-14986 RESERVED CVE-2020-14985 RESERVED CVE-2020-14984 RESERVED CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't valid ...) - crispy-doom 5.9.0-1 (bug #964564) [buster] - crispy-doom (Minor issue) - chocolate-doom 3.0.1-1 [buster] - chocolate-doom (Minor issue) [stretch] - chocolate-doom (Minor issue) [jessie] - chocolate-doom (games are not supported) NOTE: https://github.com/chocolate-doom/chocolate-doom/issues/1293 NOTE: https://github.com/chocolate-doom/chocolate-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1 NOTE: https://github.com/fabiangreffrath/crispy-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1 CVE-2020-14982 (A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later be ...) NOT-FOR-US: Kronos WebTA CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...) NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...) NOT-FOR-US: Sophos Secure Email application for Android CVE-2020-14979 (The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X ...) NOT-FOR-US: EVGA Precision X1 CVE-2020-14978 (An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorre ...) NOT-FOR-US: F-Secure SAFE CVE-2020-14977 (An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC servic ...) NOT-FOR-US: F-Secure SAFE CVE-2020-14976 (GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2. ...) - gns3-server (bug #766166) CVE-2020-14975 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to del ...) NOT-FOR-US: IOBit Unlocker CVE-2020-14974 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unl ...) NOT-FOR-US: IOBit Unlocker CVE-2020-14973 (The loginForm within the general/login.php webpage in webTareas 2.0p8 ...) NOT-FOR-US: webTareas CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online ...) NOT-FOR-US: Sourcecodester Pisay Online E-Learning System CVE-2020-14971 (Pi-hole through 5.0 allows code injection in piholedhcp (the Static DH ...) NOT-FOR-US: Pi-hole CVE-2020-14970 RESERVED CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribu ...) NOT-FOR-US: MISP CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17 for Nod ...) NOT-FOR-US: jsrsasign CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 for Nod ...) NOT-FOR-US: jsrsasign CVE-2020-14966 (An issue was discovered in the jsrsasign package through 8.0.18 for No ...) NOT-FOR-US: jsrsasign CVE-2020-14965 (On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with ac ...) NOT-FOR-US: TP-Link CVE-2020-14964 RESERVED CVE-2020-14963 RESERVED CVE-2020-14962 (Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before ...) NOT-FOR-US: Final Tiles Gallery plugin for WordPress CVE-2020-14961 (Concrete5 before 8.5.3 does not constrain the sort direction to a vali ...) NOT-FOR-US: Concrete5 CVE-2020-14960 (A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoi ...) NOT-FOR-US: PHP-Fusion CVE-2020-14959 (Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3. ...) NOT-FOR-US: Easy Testimonials plugin for WordPress CVE-2020-14958 (In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not ...) NOT-FOR-US: Go Git Service CVE-2020-14957 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...) NOT-FOR-US: Windows cleaning assistant CVE-2020-14956 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...) NOT-FOR-US: Windows cleaning assistant CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows l ...) NOT-FOR-US: Jiangmin Antivirus CVE-2020-14953 RESERVED CVE-2020-14952 RESERVED CVE-2020-14951 RESERVED CVE-2020-14950 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...) NOT-FOR-US: aaPanel CVE-2020-14949 RESERVED CVE-2020-14948 RESERVED CVE-2020-14947 (OCS Inventory NG 2.7 allows Remote Command Execution via shell metacha ...) - ocsinventory-server (unimportant) NOTE: Only supported in trusted environments, see debtags CVE-2020-14946 (downloadFile.ashx in the Administrator section of the Surveillance mod ...) NOT-FOR-US: Surveillance module in Global RADAR BSA Radar CVE-2020-14945 (A privilege escalation vulnerability exists within Global RADAR BSA Ra ...) NOT-FOR-US: Global RADAR BSA Radar CVE-2020-14944 (Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authoriz ...) NOT-FOR-US: Global RADAR BSA Radar CVE-2020-14943 (The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.72 ...) NOT-FOR-US: Global RADAR BSA Radar CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\ ...) NOT-FOR-US: Tendenci CVE-2020-14941 RESERVED CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar ...) - tuxguitar (bug #963626) [buster] - tuxguitar (Minor issue) [stretch] - tuxguitar (Minor issue) [jessie] - tuxguitar (Minor issue) NOTE: https://logicaltrust.net/blog/2020/06/tuxguitar.html NOTE: https://sourceforge.net/p/tuxguitar/bugs/126/ CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...) - freedroidrpg (low; bug #964197) [buster] - freedroidrpg (Minor issue) [stretch] - freedroidrpg (Minor issue) [jessie] - freedroidrpg (games are not supported) NOTE: https://bugs.freedroid.org/b/issue953 NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...) - freedroidrpg (low; bug #964197) [buster] - freedroidrpg (Minor issue) [stretch] - freedroidrpg (Minor issue) [jessie] - freedroidrpg (games are not supported) NOTE: https://bugs.freedroid.org/b/issue952 NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html CVE-2020-14937 (Memory access out of buffer boundaries issues was discovered in Contik ...) NOT-FOR-US: Contiki-NG CVE-2020-14936 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) NOT-FOR-US: Contiki-NG CVE-2020-14935 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) NOT-FOR-US: Contiki-NG CVE-2020-14934 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) NOT-FOR-US: Contiki-NG CVE-2020-14933 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachme ...) - squirrelmail NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1 CVE-2020-14932 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtoda ...) - squirrelmail NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1 CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information Gatheri ...) NOT-FOR-US: DMitry CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...) NOT-FOR-US: BT CTROMS Terminal OS Port Portal CT-464 CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...) {DLA-2254-1} - alpine 2.23+dfsg1-1 (bug #963179) [buster] - alpine (Minor issue) [stretch] - alpine (Minor issue) NOTE: http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html NOTE: https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab CVE-2020-14928 (evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering is ...) {DSA-4725-1 DLA-2281-1} - evolution-data-server 3.36.4-1 NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 NOTE: https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df CVE-2020-14927 (Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "We ...) NOT-FOR-US: Navigate CMS CVE-2020-14926 (CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/modul ...) NOT-FOR-US: CMS Made Simple CVE-2020-14925 RESERVED CVE-2020-14924 RESERVED CVE-2020-14923 RESERVED CVE-2020-14922 RESERVED CVE-2020-14921 RESERVED CVE-2020-14920 RESERVED CVE-2020-14919 RESERVED CVE-2020-14918 RESERVED CVE-2020-14917 RESERVED CVE-2020-14916 RESERVED CVE-2020-14915 RESERVED CVE-2020-14914 RESERVED CVE-2020-14913 RESERVED CVE-2020-14912 RESERVED CVE-2020-14911 RESERVED CVE-2020-14910 RESERVED CVE-2020-14909 RESERVED CVE-2020-14908 RESERVED CVE-2020-14907 RESERVED CVE-2020-14906 RESERVED CVE-2020-14905 RESERVED CVE-2020-14904 RESERVED CVE-2020-14903 RESERVED CVE-2020-14902 RESERVED CVE-2020-14901 RESERVED CVE-2020-14900 RESERVED CVE-2020-14899 RESERVED CVE-2020-14898 RESERVED CVE-2020-14897 RESERVED CVE-2020-14896 RESERVED CVE-2020-14895 RESERVED CVE-2020-14894 RESERVED CVE-2020-14893 RESERVED CVE-2020-14892 RESERVED CVE-2020-14891 RESERVED CVE-2020-14890 RESERVED CVE-2020-14889 RESERVED CVE-2020-14888 RESERVED CVE-2020-14887 RESERVED CVE-2020-14886 RESERVED CVE-2020-14885 RESERVED CVE-2020-14884 RESERVED CVE-2020-14883 RESERVED CVE-2020-14882 RESERVED CVE-2020-14881 RESERVED CVE-2020-14880 RESERVED CVE-2020-14879 RESERVED CVE-2020-14878 RESERVED CVE-2020-14877 RESERVED CVE-2020-14876 RESERVED CVE-2020-14875 RESERVED CVE-2020-14874 RESERVED CVE-2020-14873 RESERVED CVE-2020-14872 RESERVED CVE-2020-14871 RESERVED CVE-2020-14870 RESERVED CVE-2020-14869 RESERVED CVE-2020-14868 RESERVED CVE-2020-14867 RESERVED CVE-2020-14866 RESERVED CVE-2020-14865 RESERVED CVE-2020-14864 RESERVED CVE-2020-14863 RESERVED CVE-2020-14862 RESERVED CVE-2020-14861 RESERVED CVE-2020-14860 RESERVED CVE-2020-14859 RESERVED CVE-2020-14858 RESERVED CVE-2020-14857 RESERVED CVE-2020-14856 RESERVED CVE-2020-14855 RESERVED CVE-2020-14854 RESERVED CVE-2020-14853 RESERVED CVE-2020-14852 RESERVED CVE-2020-14851 RESERVED CVE-2020-14850 RESERVED CVE-2020-14849 RESERVED CVE-2020-14848 RESERVED CVE-2020-14847 RESERVED CVE-2020-14846 RESERVED CVE-2020-14845 RESERVED CVE-2020-14844 RESERVED CVE-2020-14843 RESERVED CVE-2020-14842 RESERVED CVE-2020-14841 RESERVED CVE-2020-14840 RESERVED CVE-2020-14839 RESERVED CVE-2020-14838 RESERVED CVE-2020-14837 RESERVED CVE-2020-14836 RESERVED CVE-2020-14835 RESERVED CVE-2020-14834 RESERVED CVE-2020-14833 RESERVED CVE-2020-14832 RESERVED CVE-2020-14831 RESERVED CVE-2020-14830 RESERVED CVE-2020-14829 RESERVED CVE-2020-14828 RESERVED CVE-2020-14827 RESERVED CVE-2020-14826 RESERVED CVE-2020-14825 RESERVED CVE-2020-14824 RESERVED CVE-2020-14823 RESERVED CVE-2020-14822 RESERVED CVE-2020-14821 RESERVED CVE-2020-14820 RESERVED CVE-2020-14819 RESERVED CVE-2020-14818 RESERVED CVE-2020-14817 RESERVED CVE-2020-14816 RESERVED CVE-2020-14815 RESERVED CVE-2020-14814 RESERVED CVE-2020-14813 RESERVED CVE-2020-14812 RESERVED CVE-2020-14811 RESERVED CVE-2020-14810 RESERVED CVE-2020-14809 RESERVED CVE-2020-14808 RESERVED CVE-2020-14807 RESERVED CVE-2020-14806 RESERVED CVE-2020-14805 RESERVED CVE-2020-14804 RESERVED CVE-2020-14803 RESERVED CVE-2020-14802 RESERVED CVE-2020-14801 RESERVED CVE-2020-14800 RESERVED CVE-2020-14799 RESERVED CVE-2020-14798 RESERVED CVE-2020-14797 RESERVED CVE-2020-14796 RESERVED CVE-2020-14795 RESERVED CVE-2020-14794 RESERVED CVE-2020-14793 RESERVED CVE-2020-14792 RESERVED CVE-2020-14791 RESERVED CVE-2020-14790 RESERVED CVE-2020-14789 RESERVED CVE-2020-14788 RESERVED CVE-2020-14787 RESERVED CVE-2020-14786 RESERVED CVE-2020-14785 RESERVED CVE-2020-14784 RESERVED CVE-2020-14783 RESERVED CVE-2020-14782 RESERVED CVE-2020-14781 RESERVED CVE-2020-14780 RESERVED CVE-2020-14779 RESERVED CVE-2020-14778 RESERVED CVE-2020-14777 RESERVED CVE-2020-14776 RESERVED CVE-2020-14775 RESERVED CVE-2020-14774 RESERVED CVE-2020-14773 RESERVED CVE-2020-14772 RESERVED CVE-2020-14771 RESERVED CVE-2020-14770 RESERVED CVE-2020-14769 RESERVED CVE-2020-14768 RESERVED CVE-2020-14767 RESERVED CVE-2020-14766 RESERVED CVE-2020-14765 RESERVED CVE-2020-14764 RESERVED CVE-2020-14763 RESERVED CVE-2020-14762 RESERVED CVE-2020-14761 RESERVED CVE-2020-14760 RESERVED CVE-2020-14759 RESERVED CVE-2020-14758 RESERVED CVE-2020-14757 RESERVED CVE-2020-14756 RESERVED CVE-2020-14755 RESERVED CVE-2020-14754 RESERVED CVE-2020-14753 RESERVED CVE-2020-14752 RESERVED CVE-2020-14751 RESERVED CVE-2020-14750 RESERVED CVE-2020-14749 RESERVED CVE-2020-14748 RESERVED CVE-2020-14747 RESERVED CVE-2020-14746 RESERVED CVE-2020-14745 RESERVED CVE-2020-14744 RESERVED CVE-2020-14743 RESERVED CVE-2020-14742 RESERVED CVE-2020-14741 RESERVED CVE-2020-14740 RESERVED CVE-2020-14739 RESERVED CVE-2020-14738 RESERVED CVE-2020-14737 RESERVED CVE-2020-14736 RESERVED CVE-2020-14735 RESERVED CVE-2020-14734 RESERVED CVE-2020-14733 RESERVED CVE-2020-14732 RESERVED CVE-2020-14731 RESERVED CVE-2020-14730 RESERVED CVE-2020-14729 (Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracl ...) NOT-FOR-US: Oracle NetSuite CVE-2020-14728 (Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle ...) NOT-FOR-US: Oracle NetSuite CVE-2020-14727 RESERVED CVE-2020-14726 RESERVED CVE-2020-14725 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14724 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14723 (Vulnerability in the Oracle Help Technologies product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14722 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) NOT-FOR-US: Oracle CVE-2020-14721 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) NOT-FOR-US: Oracle CVE-2020-14720 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2020-14719 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2020-14718 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14717 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-14716 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-14715 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14714 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14713 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14712 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14711 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox (MacOS-specific) CVE-2020-14710 (Vulnerability in the Customer Management and Segmentation Foundation p ...) NOT-FOR-US: Oracle CVE-2020-14709 (Vulnerability in the Customer Management and Segmentation Foundation p ...) NOT-FOR-US: Oracle CVE-2020-14708 (Vulnerability in the Customer Management and Segmentation Foundation p ...) NOT-FOR-US: Oracle CVE-2020-14707 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-14705 (Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (c ...) NOT-FOR-US: Oracle CVE-2020-14704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14702 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14701 (Vulnerability in the Oracle SD-WAN Aware product of Oracle Communicati ...) NOT-FOR-US: Oracle CVE-2020-14700 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14699 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14697 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14696 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14695 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14694 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14693 (Vulnerability in the Oracle Insurance Accounting Analyzer product of O ...) NOT-FOR-US: Oracle CVE-2020-14692 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...) NOT-FOR-US: Oracle CVE-2020-14691 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...) NOT-FOR-US: Oracle CVE-2020-14690 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14689 RESERVED CVE-2020-14688 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-14687 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14686 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-14685 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14684 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14683 RESERVED CVE-2020-14682 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-14681 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14680 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14679 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14678 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14677 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14676 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14675 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14673 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14672 RESERVED CVE-2020-14671 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14670 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14669 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) NOT-FOR-US: Oracle CVE-2020-14668 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14667 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14666 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-14665 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14664 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) - openjfx 11+26-1 [stretch] - openjfx (Minor issue) NOTE: Oracle CPU lists only 8.x as affected, so marking the first 11.x upload as fixed CVE-2020-14663 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14662 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14661 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14660 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14659 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14658 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14656 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14655 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14654 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14653 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-14652 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14651 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14650 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14649 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14648 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14647 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14646 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14645 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14644 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14642 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-14641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14640 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14639 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14638 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14637 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14636 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14635 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14630 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) NOT-FOR-US: Oracle CVE-2020-14629 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14628 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14627 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14626 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14625 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14622 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14621 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14620 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14619 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14618 (Vulnerability in the Primavera Unifier product of Oracle Construction ...) NOT-FOR-US: Oracle CVE-2020-14617 (Vulnerability in the Primavera Unifier product of Oracle Construction ...) NOT-FOR-US: Oracle CVE-2020-14616 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14615 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14614 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14613 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14612 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...) NOT-FOR-US: Oracle CVE-2020-14611 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14610 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14609 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14608 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14607 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14606 (Vulnerability in the Oracle SD-WAN Edge product of Oracle Communicatio ...) NOT-FOR-US: Oracle CVE-2020-14605 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14604 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14603 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14602 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14601 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14599 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) NOT-FOR-US: Oracle CVE-2020-14598 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) NOT-FOR-US: Oracle CVE-2020-14597 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14596 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-14595 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...) NOT-FOR-US: Oracle CVE-2020-14594 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14592 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14590 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14589 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14588 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14587 (Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14586 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14585 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14584 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-14581 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14580 (Vulnerability in the Oracle Communications Session Border Controller p ...) NOT-FOR-US: Oracle CVE-2020-14579 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14578 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14577 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14576 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14574 (Vulnerability in the Oracle Communications Interactive Session Recorde ...) NOT-FOR-US: Oracle CVE-2020-14573 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...) {DSA-4734-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 CVE-2020-14572 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14571 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14570 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14569 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14568 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14567 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14566 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14565 (Vulnerability in the Oracle Unified Directory product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14564 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14563 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) NOT-FOR-US: Oracle CVE-2020-14562 (Vulnerability in the Java SE product of Oracle Java SE (component: Ima ...) {DSA-4734-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 CVE-2020-14561 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14560 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...) NOT-FOR-US: Oracle CVE-2020-14559 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14558 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14556 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14555 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14554 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14553 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14552 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14551 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...) NOT-FOR-US: Oracle CVE-2020-14550 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14549 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14548 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14546 (Vulnerability in the Hyperion Financial Close Management product of Or ...) NOT-FOR-US: Oracle CVE-2020-14545 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14544 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-14543 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14542 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14541 (Vulnerability in the Hyperion Financial Close Management product of Or ...) NOT-FOR-US: Oracle CVE-2020-14540 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14539 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14538 RESERVED CVE-2020-14537 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14536 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) NOT-FOR-US: Oracle CVE-2020-14535 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14534 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14533 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2020-14532 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2020-14531 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-14530 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14529 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14528 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14526 RESERVED CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...) NOT-FOR-US: Softing Industrial Automation CVE-2020-14523 RESERVED CVE-2020-14522 (Softing Industrial Automation all versions prior to the latest build o ...) NOT-FOR-US: Softing Industrial Automation CVE-2020-14521 RESERVED CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-14519 (This vulnerability allows an attacker to use the internal WebSockets A ...) NOT-FOR-US: CodeMeter CVE-2020-14518 (Philips DreamMapper, Version 2.24 and prior. Information written to lo ...) NOT-FOR-US: Philips DreamMapper CVE-2020-14517 (Protocol encryption can be easily broken for CodeMeter (All versions p ...) NOT-FOR-US: CodeMeter CVE-2020-14516 RESERVED CVE-2020-14515 (CodeMeter (All versions prior to 6.90 when using CmActLicense update f ...) NOT-FOR-US: CodeMeter CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus traffic ca ...) NOT-FOR-US: PLC CVE-2020-14513 (CodeMeter (All versions prior to 6.81) and the software using it may c ...) NOT-FOR-US: CodeMeter CVE-2020-14512 (GateManager versions prior to 9.2c, The affected product uses a weak h ...) NOT-FOR-US: GateManager CVE-2020-14511 (Malicious operation of the crafted web browser cookie may cause a stac ...) NOT-FOR-US: EDR routers CVE-2020-14510 (GateManager versions prior to 9.2c, The affected product contains a ha ...) NOT-FOR-US: GateManager CVE-2020-14509 (Multiple memory corruption vulnerabilities exist in CodeMeter (All ver ...) NOT-FOR-US: CodeMeter CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is vulnerable ...) NOT-FOR-US: GateManager CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...) NOT-FOR-US: Advantech CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...) NOT-FOR-US: Advantech CVE-2020-14504 RESERVED CVE-2020-14503 (Advantech iView, versions 5.6 and prior, has an improper input validat ...) NOT-FOR-US: Advantech CVE-2020-14502 RESERVED CVE-2020-14501 (Advantech iView, versions 5.6 and prior, has an improper authenticatio ...) NOT-FOR-US: Advantech CVE-2020-14500 (Secomea GateManager all versions prior to 9.2c, An attacker can send a ...) NOT-FOR-US: Secomea GateManager CVE-2020-14499 (Advantech iView, versions 5.6 and prior, has an improper access contro ...) NOT-FOR-US: Advantech CVE-2020-14498 (HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The a ...) NOT-FOR-US: HMS Industrial Networks AB eCatche CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL injecti ...) NOT-FOR-US: Advantech CVE-2020-14496 RESERVED CVE-2020-14495 RESERVED CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication ...) NOT-FOR-US: OpenClinic GA CVE-2020-14493 (A low-privilege user may use SQL syntax to write arbitrary files to th ...) NOT-FOR-US: OpenClinic CVE-2020-14492 (OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-c ...) NOT-FOR-US: OpenClinic CVE-2020-14491 (OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check perm ...) NOT-FOR-US: OpenClinic GA CVE-2020-14490 (OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files spec ...) NOT-FOR-US: OpenClinic CVE-2020-14489 (OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate h ...) NOT-FOR-US: OpenClinic CVE-2020-14488 (OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded f ...) NOT-FOR-US: OpenClinic CVE-2020-14487 (OpenClinic GA 5.09.02 contains a hidden default user account that may ...) NOT-FOR-US: OpenClinic CVE-2020-14486 (An attacker may bypass permission/authorization checks in OpenClinic G ...) NOT-FOR-US: OpenClinic CVE-2020-14485 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...) NOT-FOR-US: OpenClinic GA CVE-2020-14484 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...) NOT-FOR-US: OpenClinic GA CVE-2020-14483 (A timeout during a TLS handshake can result in the connection failing ...) NOT-FOR-US: Niagara CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...) NOT-FOR-US: Delta Industrial Automation DOPSoft CVE-2020-14481 RESERVED CVE-2020-14480 RESERVED CVE-2020-14479 RESERVED CVE-2020-14478 RESERVED CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...) NOT-FOR-US: Philips CVE-2020-14476 REJECTED CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0. ...) - dolibarr NOTE: https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08 CVE-2020-14474 (The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on ke ...) NOT-FOR-US: Cellebrite CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...) NOT-FOR-US: DrayTek CVE-2020-14472 (On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1 ...) NOT-FOR-US: DrayTek CVE-2020-14471 RESERVED CVE-2020-14470 (In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authent ...) NOT-FOR-US: Octopus Deploy CVE-2020-14469 RESERVED CVE-2020-14468 RESERVED CVE-2020-14467 REJECTED CVE-2020-14466 RESERVED CVE-2020-14465 RESERVED CVE-2020-14464 RESERVED CVE-2020-14463 RESERVED CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box. ...) NOT-FOR-US: CALDERA CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversa ...) NOT-FOR-US: Zyxel CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5. ...) NOT-FOR-US: Mattermost CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...) NOT-FOR-US: Mattermost CVE-2020-14458 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...) NOT-FOR-US: Mattermost CVE-2020-14457 (An issue was discovered in Mattermost Server before 5.20.0. Non-member ...) NOT-FOR-US: Mattermost CVE-2020-14456 (An issue was discovered in Mattermost Desktop App before 4.4.0. The Sa ...) NOT-FOR-US: Mattermost CVE-2020-14455 (An issue was discovered in Mattermost Desktop App before 4.4.0. Prompt ...) NOT-FOR-US: Mattermost CVE-2020-14454 (An issue was discovered in Mattermost Desktop App before 4.4.0. Attack ...) NOT-FOR-US: Mattermost CVE-2020-14453 (An issue was discovered in Mattermost Server before 5.21.0. Socket rea ...) NOT-FOR-US: Mattermost CVE-2020-14452 (An issue was discovered in Mattermost Server before 5.21.0. mmctl allo ...) NOT-FOR-US: Mattermost CVE-2020-14451 (An issue was discovered in Mattermost Mobile Apps before 1.29.0. The i ...) NOT-FOR-US: Mattermost CVE-2020-14450 (An issue was discovered in Mattermost Server before 5.22.0. The markdo ...) NOT-FOR-US: Mattermost CVE-2020-14449 (An issue was discovered in Mattermost Mobile Apps before 1.30.0. Autho ...) NOT-FOR-US: Mattermost CVE-2020-14448 (An issue was discovered in Mattermost Server before 5.23.0. Automatic ...) NOT-FOR-US: Mattermost CVE-2020-14447 (An issue was discovered in Mattermost Server before 5.23.0. Large webh ...) NOT-FOR-US: Mattermost CVE-2020-14954 (Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffe ...) {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1} - mutt 1.14.4-1 - neomutt 20200619+dfsg.1-1 NOTE: https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4 NOTE: https://gitlab.com/muttmua/mutt/-/issues/248 NOTE: https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc CVE-2020-14446 (An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO ...) NOT-FOR-US: WSO2 Identity Server CVE-2020-14445 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...) NOT-FOR-US: WSO2 Identity Server CVE-2020-14444 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...) NOT-FOR-US: WSO2 Identity Server CVE-2020-14443 (A SQL injection vulnerability in accountancy/customer/card.php in Doli ...) - dolibarr CVE-2020-14442 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14441 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14440 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14439 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14438 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14437 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14436 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14435 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14434 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: NETGEAR CVE-2020-14433 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: NETGEAR CVE-2020-14432 (Certain NETGEAR devices are affected by CSRF. This affects RBK752 befo ...) NOT-FOR-US: NETGEAR CVE-2020-14431 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14430 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14429 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14428 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14427 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14425 RESERVED CVE-2020-14424 RESERVED CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...) NOT-FOR-US: Convos CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...) {DLA-2280-1} - python3.8 3.8.4~rc1-1 - python3.7 [buster] - python3.7 3.7.3-2+deb10u2 - python3.5 - python3.4 [jessie] - python3.4 (Minor issue, DoS with constraints) NOTE: https://bugs.python.org/issue41004 NOTE: https://github.com/python/cpython/pull/20956 NOTE: https://github.com/python/cpython/pull/21033 NOTE: https://github.com/python/cpython/commit/b30ee26e366bf509b7538d79bfec6c6d38d53f28 (master) NOTE: https://github.com/python/cpython/commit/9a646aa82dfa62d70ca2a99ada901ee6cf9f82bd (3.9-branch) NOTE: https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 (v3.8.4rc1) NOTE: https://github.com/python/cpython/commit/b98e7790c77a4378ec4b1c71b84138cb930b69b7 (3.7-branch) NOTE: https://github.com/python/cpython/commit/cfc7ff8d05f7a949a88b8a8dd506fb5c1c30d3e9 (3.6-branch) CVE-2020-14421 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...) NOT-FOR-US: aaPanel CVE-2020-14420 RESERVED CVE-2020-14419 RESERVED CVE-2020-14418 RESERVED CVE-2020-14417 RESERVED CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...) - qemu 1:5.0-1 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=3ba4066d085f5bdce2c7ac145692a4fd52493d67 (4.2.0-rc0) NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=7a4ede0047a8613b0e3b72c9d351038f013dd357 (5.0.0-rc0) CVE-2020-14416 (In the Linux kernel before 5.4.16, a race condition in tty->disc_da ...) - linux 5.4.19-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.210-1+deb9u1 [jessie] - linux 3.16.84-1 NOTE: https://git.kernel.org/linus/0ace17d56824165c7f4c68785d6b58971db954dd CVE-2020-14414 (NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php imprope ...) NOT-FOR-US: NeDi CVE-2020-14413 (NeDi 1.9C is vulnerable to XSS because of an incorrect implementation ...) NOT-FOR-US: NeDi CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.p ...) NOT-FOR-US: NeDi CVE-2020-14411 RESERVED CVE-2020-14410 RESERVED CVE-2020-14409 RESERVED CVE-2020-14408 (An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanit ...) NOT-FOR-US: Agentejo Cockpit CVE-2020-14407 RESERVED CVE-2020-14406 RESERVED CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rf ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Minor issue; will be fixed via point release) NOTE: https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365 CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rr ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Minor issue; will be fixed via point release) NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/he ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Minor issue; will be fixed via point release) NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/co ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Minor issue; will be fixed via point release) NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/sc ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Minor issue; will be fixed via point release) NOTE: https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af CVE-2020-14400 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Minor issue; will be fixed via point release) NOTE: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d CVE-2020-14399 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Minor issue; will be fixed via point release) NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improperly c ...) - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Proposed patch might break ABI for consumers) [stretch] - libvncserver (Proposed patch might break ABI for consumers) [jessie] - libvncserver (Proposed patch might break ABI for consumers) NOTE: https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Minor issue; will be fixed via point release) NOTE: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0 CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tl ...) - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Vulnerable code not present) [stretch] - libvncserver (Vulnerable code not present) [jessie] - libvncserver (Vulnerable code not present) NOTE: https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553 CVE-2020-14395 RESERVED CVE-2020-14394 RESERVED CVE-2020-14393 (A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local ...) - libdbi-perl 1.643-1 [buster] - libdbi-perl (Minor issue) NOTE: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b CVE-2020-14392 (An untrusted pointer dereference flaw was found in Perl-DBI < 1.643 ...) - libdbi-perl 1.643-1 [buster] - libdbi-perl (Minor issue) NOTE: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1 CVE-2020-14391 RESERVED - gnome-settings-daemon (Red Hat-specific plugin) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093 CVE-2020-14390 (A flaw was found in the Linux kernel in versions from 2.2.3 through 5. ...) - linux 5.8.10-1 NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489 NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2 CVE-2020-14389 RESERVED CVE-2020-14388 RESERVED NOT-FOR-US: 3scale CVE-2020-14387 [rsync-ssl does not verify the hostname in the server certificate when using openssl] RESERVED - rsync (bug #969530) [buster] - rsync (Vulnerable code introduced later) [stretch] - rsync (Vulnerable code introduced later) NOTE: Introduced by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d (v3.2.0pre1) NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549 CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption ...) - linux 5.8.7-1 NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3 CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure of the ...) - linux 5.8.7-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933 CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. ...) NOT-FOR-US: JBossWeb CVE-2020-14383 RESERVED CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0 where, ...) - cryptsetup 2:2.3.4-1 (bug #969471) [buster] - cryptsetup (Vulnerable code not present) [stretch] - cryptsetup (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874712 NOTE: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/102 NOTE: Fixed by: https://gitlab.com/cryptsetup/cryptsetup/-/commit/52f5cb8cedf22fb3e14c744814ec8af7614146c7 NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/46ee71edcd13e1dad50815ad65c28779aa6f7503 NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/752c9a52798f11d3b765b673ebaa3058eb25316e NOTE: Introduced with: https://gitlab.com/cryptsetup/cryptsetup/-/commit/a7f80a27701450e40ef37e2224577f1a0c98cf0f (v2.2.0-rc0) CVE-2020-14381 RESERVED - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/8019ad13ef7f64be44d4f892af9c840179009254 CVE-2020-14380 RESERVED NOT-FOR-US: Red Hat Satellite CVE-2020-14379 RESERVED CVE-2020-14378 RESERVED CVE-2020-14377 RESERVED CVE-2020-14376 RESERVED CVE-2020-14375 RESERVED CVE-2020-14374 RESERVED CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of g ...) - ghostscript 9.26~dfsg-1 [stretch] - ghostscript 9.26~dfsg-0+deb9u1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ece5cbbd9979cd35737b00e68267762d72feb2ea NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702851 CVE-2020-14372 RESERVED CVE-2020-14371 RESERVED NOT-FOR-US: Red Hat Satellite CVE-2020-14370 RESERVED CVE-2020-14369 RESERVED NOT-FOR-US: Red Hat CloudForm CVE-2020-14368 RESERVED NOT-FOR-US: Eclipse Che CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating the PID ...) - chrony 3.5.1-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2020/08/21/1 NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/util.c?id=7a4c396bba8f92a3ee8018620983529152050c74 (4.0-pre1) NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/main.c?id=e18903a6b56341481a2e08469c0602010bf7bfe3 (4.0-pre1) NOTE: Minimal backport: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=f00fed20092b6a42283f29c6ee1f58244d74b545 (3.5.1) NOTE: Debian packaging relocates chronyd.pid as well to /run since 3.1-3 NOTE: additionally mitigating the issue. Earlier versions used /var/run/chronyd.pid. CVE-2020-14366 RESERVED CVE-2020-14365 [dnf module install packages with no GPG signature] RESERVED - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154 CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator ...) {DSA-4760-1 DLA-2373-1} - qemu 1:5.1+dfsg-4 (bug #968947) NOTE: https://xenbits.xen.org/xsa/advisory-335.html NOTE: https://www.openwall.com/lists/oss-security/2020/08/24/3 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b946434f2659a182afc17e155be6791ebfb302eb CVE-2020-14363 (An integer overflow vulnerability leading to a double-free was found i ...) {DLA-2361-1} - libx11 (bug #969008) [buster] - libx11 (Minor issue, will be fixed via spu) NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d CVE-2020-14362 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc CVE-2020-14361 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787 CVE-2020-14360 RESERVED CVE-2020-14359 RESERVED CVE-2020-14358 RESERVED CVE-2020-14357 REJECTED CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...) - linux 5.7.10-1 (bug #966846) NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed CVE-2020-14355 RESERVED CVE-2020-14354 [ares_destroy() with pending ares_getaddrinfo() leads to Use-After-Free] RESERVED - c-ares 1.16.1-1 [buster] - c-ares (Vulnerable code introduced later) [stretch] - c-ares (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866838 NOTE: Introduced in: https://github.com/c-ares/c-ares/commit/dbd4c441fb7babad5c56f455d720af38e20546bc (1.16.0) NOTE: Fixed by: https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e (1.16.1) CVE-2020-14353 REJECTED CVE-2020-14352 (A flaw was found in librepo in versions before 1.12.1. A directory tra ...) NOT-FOR-US: librepo CVE-2020-14351 [perf: Fix race in perf_mmap_close function] RESERVED - linux NOTE: https://lore.kernel.org/lkml/20200910104153.1672460-1-jolsa@kernel.org/ CVE-2020-14350 (It was found that some PostgreSQL extensions did not use search_path s ...) {DLA-2331-1} - postgresql-12 12.4-1 - postgresql-11 [buster] - postgresql-11 (Minor issue; will be fixed via point release) - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/2060/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7eeb1d9861b0a3f453f8b31c7648396cdd7f1e59 CVE-2020-14349 (It was found that PostgreSQL versions before 12.4, before 11.9 and bef ...) - postgresql-12 12.4-1 - postgresql-11 [buster] - postgresql-11 (Minor issue; will be fixed via point release) - postgresql-9.6 (Vulnerable code introduced later) NOTE: https://www.postgresql.org/about/news/2060/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=11da97024abbe76b8c81e3f2375b2a62e9717c67 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc CVE-2020-14348 (It was found in AMQ Online before 1.5.2 that injecting an invalid fiel ...) NOT-FOR-US: AMQ Online CVE-2020-14347 (A flaw was found in the way xserver memory was not properly initialize ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 (bug #968986) NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816 CVE-2020-14346 (A flaw was found in xorg-x11-server before 1.20.9. An integer underflo ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff CVE-2020-14345 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found in The ...) {DLA-2312-1} - libx11 2:1.6.10-1 [buster] - libx11 (Minor issue, will be fixed via spu) NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488 NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60 NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2 NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d NOTE: Original patchset introduces regression: https://bugs.debian.org/966691 and https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116 NOTE: Follow-up for regression: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b CVE-2020-14343 [.load() and FullLoader still vulnerable to fairly trivial RCE] RESERVED - pyyaml (bug #966233) [buster] - pyyaml (Vulnerable code not present) [stretch] - pyyaml (Vulnerable code not present) NOTE: https://github.com/yaml/pyyaml/issues/420 NOTE: CVE is for an incomplete fix of CVE-2020-1747. CVE-2020-14342 (It was found that cifs-utils' mount.cifs was invoking a shell when req ...) - cifs-utils (bug #970172) [buster] - cifs-utils (Minor issue) [stretch] - cifs-utils (Minor issue) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14442 NOTE: https://lists.samba.org/archive/samba-technical/2020-September/135747.html NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=48a654e2e763fce24c22e1b9c695b42804bbdd4a CVE-2020-14341 RESERVED CVE-2020-14340 RESERVED - jboss-xnio 3.8.2-1 [stretch] - jboss-xnio (vulnerable code is not present) NOTE: Fix for 3.8: https://github.com/xnio/xnio/pull/233 NOTE: Fix for 3.7 (Buster): https://github.com/xnio/xnio/pull/234 CVE-2020-14339 [leak of /dev/mapper/control into QEMU guests] RESERVED - libvirt 6.6.0-1 (bug #966563) [buster] - libvirt (Vulnerable code introduced later) [stretch] - libvirt (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860069 NOTE: https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html NOTE: Proposed patch: https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=22494556542c676d1b9e7f1c1f2ea13ac17e1e3e (v6.6.0) CVE-2020-14338 (A flaw was found in Wildfly's implementation of Xerces, specifically i ...) - wildfly (bug #752018) CVE-2020-14337 (A data exposure flaw was found in Tower, where sensitive data was reve ...) NOT-FOR-US: Ansible Tower CVE-2020-14336 RESERVED NOT-FOR-US: OpenShift CVE-2020-14335 RESERVED NOT-FOR-US: Red Hat Satellite CVE-2020-14334 (A flaw was found in Red Hat Satellite 6 which allows privileged attack ...) - foreman (bug #663101) CVE-2020-14333 (A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earl ...) NOT-FOR-US: ovirt-engine CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. Tasks e ...) - ansible (bug #966672) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805 NOTE: https://github.com/ansible/ansible/pull/71033 CVE-2020-14331 (A flaw was found in the Linux kernel’s implementation of the inv ...) - linux 5.7.17-1 (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2020/07/28/2 NOTE: Only exploitable when CONFIG_VGACON_SOFT_SCROLLBACK is set CVE-2020-14330 (An Improper Output Neutralization for Logs flaw was found in Ansible w ...) - ansible NOTE: https://github.com/ansible/ansible/issues/68400 NOTE: Initial fix: https://github.com/ansible/ansible/pull/69653 NOTE: Complete fix (reverting first and adding more elaborated fix): NOTE: https://github.com/ansible/ansible/pull/70762 NOTE: https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e CVE-2020-14329 RESERVED NOT-FOR-US: Ansible Tower CVE-2020-14328 RESERVED NOT-FOR-US: Ansible Tower CVE-2020-14327 RESERVED NOT-FOR-US: Ansible Tower CVE-2020-14326 RESERVED - resteasy - resteasy3.0 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855826 NOTE: https://issues.redhat.com/browse/RESTEASY-2643 CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Imperson ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14324 (A high severity vulnerability was found in all active versions of Red ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14323 RESERVED CVE-2020-14322 RESERVED CVE-2020-14321 RESERVED CVE-2020-14320 RESERVED CVE-2020-14319 (It was found that the AMQ Online console is vulnerable to a Cross-Site ...) NOT-FOR-US: AMQ Online CVE-2020-14318 RESERVED CVE-2020-14317 RESERVED - wildfly (bug #752018) CVE-2020-14316 (A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instanc ...) NOT-FOR-US: KubeVirt CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipped in ...) - bsdiff (bug #964796) [buster] - bsdiff (Minor issue) [stretch] - bsdiff (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2 NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc CVE-2020-14314 (A memory out-of-bounds read flaw was found in the Linux kernel before ...) - linux 5.8.7-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922 NOTE: https://git.kernel.org/linus/5872331b3d91820e14716632ebb56b1399b34fe1 CVE-2020-14313 (An information disclosure vulnerability was found in Red Hat Quay in v ...) NOT-FOR-US: Quay CVE-2020-14312 RESERVED - dnsmasq 2.69-1 (bug #732610) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342 CVE-2020-14311 (There is an issue with grub2 before version 2.06 while handling symlin ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 CVE-2020-14310 (There is an issue on grub2 before version 2.06 at function read_sectio ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 CVE-2020-14309 (There's an issue with grub2 in all versions before 2.06 when handling ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 CVE-2020-14308 (In grub2 versions before 2.06 the grub memory allocator doesn't check ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=f725fa7cb2ece547c5af01eeeecfe8d95802ed41 CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) ver ...) - wildfly (bug #752018) CVE-2020-14306 (An incorrect access control flaw was found in the operator, openshift- ...) NOT-FOR-US: OpenShift CVE-2020-14305 [memory corruption in Voice over IP nf_conntrack_h323 module] RESERVED - linux 4.12.6-1 NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/ CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's ethernet driv ...) - linux (bug #960702) CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions before ...) - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html CVE-2020-14302 RESERVED CVE-2020-14301 [leak of sensitive cookie information via dumpxml] RESERVED - libvirt (Vulnerable code introduced with 6.2.0) NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979 NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5 CVE-2020-14300 (The docker packages version docker-1.13.1-108.git4ef4b30.el7 as releas ...) - docker.io (Red Hat specific regression) CVE-2020-14299 RESERVED CVE-2020-14298 (The version of docker as released for Red Hat Enterprise Linux 7 Extra ...) - docker.io (Red Hat specific regression) CVE-2020-14297 (A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat ...) - wildfly (bug #752018) CVE-2020-14296 (Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request For ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14295 (A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to ...) - cacti 1.2.13+ds1-1 (bug #963139) [buster] - cacti (Vulnerability introduced later) [stretch] - cacti (Vulnerability introduced later) [jessie] - cacti (Vulnerability introduced later) NOTE: https://github.com/Cacti/cacti/issues/3622 NOTE: Fixed by: https://github.com/Cacti/cacti/commit/cc1a656f37b08c0c45667c119a44a3751271ac6e NOTE: Introduced with the fix for https://github.com/Cacti/cacti/issues/2839 NOTE: Introduced by: https://github.com/Cacti/cacti/commit/b87747c38ba58e8cf6507d4f1f8476d1df567556 (1.2.6) CVE-2020-14294 RESERVED CVE-2020-14293 RESERVED CVE-2020-14292 (In the COVIDSafe application through 1.0.21 for Android, unsafe use of ...) NOT-FOR-US: COVIDSafe application for Android CVE-2020-14291 RESERVED CVE-2020-14290 RESERVED CVE-2020-14289 RESERVED CVE-2020-14288 RESERVED CVE-2020-14287 RESERVED CVE-2020-14286 RESERVED CVE-2020-14285 RESERVED CVE-2020-14284 RESERVED CVE-2020-14283 RESERVED CVE-2020-14282 RESERVED CVE-2020-14281 RESERVED CVE-2020-14280 RESERVED CVE-2020-14279 RESERVED CVE-2020-14278 RESERVED CVE-2020-14277 RESERVED CVE-2020-14276 RESERVED CVE-2020-14275 RESERVED CVE-2020-14274 RESERVED CVE-2020-14273 RESERVED CVE-2020-14272 RESERVED CVE-2020-14271 RESERVED CVE-2020-14270 RESERVED CVE-2020-14269 RESERVED CVE-2020-14268 RESERVED CVE-2020-14267 RESERVED CVE-2020-14266 RESERVED CVE-2020-14265 RESERVED CVE-2020-14264 RESERVED CVE-2020-14263 RESERVED CVE-2020-14262 RESERVED CVE-2020-14261 RESERVED CVE-2020-14260 RESERVED CVE-2020-14259 RESERVED CVE-2020-14258 RESERVED CVE-2020-14257 RESERVED CVE-2020-14256 RESERVED CVE-2020-14255 RESERVED CVE-2020-14254 RESERVED CVE-2020-14253 RESERVED CVE-2020-14252 RESERVED CVE-2020-14251 RESERVED CVE-2020-14250 RESERVED CVE-2020-14249 RESERVED CVE-2020-14248 RESERVED CVE-2020-14247 RESERVED CVE-2020-14246 RESERVED CVE-2020-14245 RESERVED CVE-2020-14244 RESERVED CVE-2020-14243 RESERVED CVE-2020-14242 RESERVED CVE-2020-14241 RESERVED CVE-2020-14240 RESERVED CVE-2020-14239 RESERVED CVE-2020-14238 RESERVED CVE-2020-14237 RESERVED CVE-2020-14236 RESERVED CVE-2020-14235 RESERVED CVE-2020-14234 RESERVED CVE-2020-14233 RESERVED CVE-2020-14232 RESERVED CVE-2020-14231 RESERVED CVE-2020-14230 RESERVED CVE-2020-14229 RESERVED CVE-2020-14228 RESERVED CVE-2020-14227 RESERVED CVE-2020-14226 RESERVED CVE-2020-14225 RESERVED CVE-2020-14224 RESERVED CVE-2020-14223 RESERVED CVE-2020-14222 RESERVED CVE-2020-14221 RESERVED CVE-2020-14220 RESERVED CVE-2020-14219 RESERVED CVE-2020-14218 RESERVED CVE-2020-14217 RESERVED CVE-2020-14216 RESERVED CVE-2020-14215 (Zulip Server before 2.1.5 has Incorrect Access Control because 0198_pr ...) - zulip-server (bug #800052) CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled, relies o ...) - zammad (bug #841355) CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should only ...) - zammad (bug #841355) CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in ...) - ffmpeg 7:4.3.1-1 [buster] - ffmpeg (Vulnerable code not present) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8716 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14 CVE-2020-14211 RESERVED CVE-2020-14210 (MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected ...) NOT-FOR-US: MONITORAPP CVE-2020-14209 (Dolibarr before 11.0.5 allows low-privilege users to upload files of d ...) - dolibarr CVE-2020-14208 RESERVED CVE-2020-14207 RESERVED CVE-2020-14206 RESERVED CVE-2020-14205 RESERVED CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal ...) NOT-FOR-US: WebFOCUS Business Intelligence CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request F ...) NOT-FOR-US: WebFOCUS Business Intelligence CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...) NOT-FOR-US: WebFOCUS Business Intelligence CVE-2020-14201 (Dolibarr CRM before 11.0.5 allows privilege escalation. This could all ...) - dolibarr CVE-2020-14200 RESERVED CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the signing o ...) NOT-FOR-US: Bitcoin protocol issue CVE-2020-14198 (Bitcoin Core 0.20.0 allows remote denial of service. ...) - bitcoin NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198 CVE-2020-14197 RESERVED CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1 ...) - pdns-recursor 4.3.2-1 (low; bug #964103) [buster] - pdns-recursor (Minor issue, fix along in next DSA) NOTE: https://www.openwall.com/lists/oss-security/2020/07/01/1 CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2765 NOTE: https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a topic header ...) - zulip-server (bug #800052) CVE-2020-14193 RESERVED CVE-2020-14192 RESERVED CVE-2020-14191 RESERVED CVE-2020-14190 RESERVED CVE-2020-14189 RESERVED CVE-2020-14188 RESERVED CVE-2020-14187 RESERVED CVE-2020-14186 RESERVED CVE-2020-14185 RESERVED CVE-2020-14184 RESERVED CVE-2020-14183 RESERVED CVE-2020-14182 RESERVED CVE-2020-14181 (Affected versions of Atlassian Jira Server and Data Center allow an un ...) NOT-FOR-US: Atlassian CVE-2020-14180 RESERVED CVE-2020-14179 RESERVED CVE-2020-14178 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-14177 RESERVED CVE-2020-14176 RESERVED CVE-2020-14175 (Affected versions of Atlassian Confluence Server and Data Center allow ...) NOT-FOR-US: Atlassian CVE-2020-14174 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center in af ...) NOT-FOR-US: Atlassian CVE-2020-14172 (This issue exists to document that a security improvement in the way t ...) NOT-FOR-US: Atlassian CVE-2020-14171 (Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 all ...) NOT-FOR-US: Atlassian CVE-2020-14170 (Webhooks in Atlassian Bitbucket Server from version 5.4.0 before versi ...) NOT-FOR-US: Atlassian CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...) NOT-FOR-US: Atlassian CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...) NOT-FOR-US: Atlassian CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data Center befo ...) NOT-FOR-US: Atlassian CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service Desk Server ...) NOT-FOR-US: Atlassian CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server and Dat ...) NOT-FOR-US: Atlassian CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center before vers ...) NOT-FOR-US: Atlassian CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in ...) NOT-FOR-US: JerryScript CVE-2020-14162 (An issue was discovered in Pi-Hole through 5.0. The local www-data use ...) NOT-FOR-US: Pi-Hole CVE-2020-14161 RESERVED CVE-2020-14160 RESERVED CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.178, a ...) NOT-FOR-US: ConnectWise CVE-2020-14158 (The ABUS Secvest FUMO50110 hybrid module does not have any security me ...) NOT-FOR-US: ABUS Secvest FUMO50110 hybrid module CVE-2020-14157 (The wireless-communication feature of the ABUS Secvest FUBE50001 devic ...) NOT-FOR-US: ABUS CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020 ...) NOT-FOR-US: OpenBMC CVE-2020-14155 (libpcre in PCRE before 8.44 allows an integer overflow via a large num ...) - pcre3 2:8.39-13 (bug #963086) [buster] - pcre3 (Minor issue) [stretch] - pcre3 (Minor issue) [jessie] - pcre3 (Minor issue) NOTE: https://bugs.exim.org/show_bug.cgi?id=2463 NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1761 (8.44) CVE-2020-14154 (Mutt before 1.14.3 proceeds with a connection even if, in response to ...) - mutt 1.14.3-1 (unimportant) [buster] - mutt 1.10.1-2.1+deb10u1 - neomutt 20200619+dfsg.1-1 (unimportant) NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html NOTE: https://gitlab.com/muttmua/mutt/commit/bb0e6277a45a5d4c3a30d3b968eeb31d78124e95 NOTE: https://gitlab.com/muttmua/mutt/commit/5fccf603ebcf352ba783136d6b2d2600d811fb3b NOTE: https://gitlab.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3 NOTE: Negligible security impact CVE-2020-14153 (In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an o ...) - libjpeg9 1:9d-1 - libjpeg-turbo (Vulnerable code not present; problematic condition cannot be reached) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445 CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...) {DLA-2302-1} - libjpeg9 1:9d-1 (low) - libjpeg-turbo 1:1.5.2-1 (low) [jessie] - libjpeg-turbo (Minor issue) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933 CVE-2020-14151 REJECTED CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...) - bison 2:3.6.1+dfsg-1 (unimportant) NOTE: https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html NOTE: Crash in CLI tool, no security impact CVE-2020-14149 (In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provi ...) NOT-FOR-US: uftpd CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 26~rc2 allo ...) {DLA-2252-1} - ngircd (bug #963147) [buster] - ngircd (Minor issue) [stretch] - ngircd (Minor issue) NOTE: https://github.com/ngircd/ngircd/issues/274 NOTE: https://github.com/ngircd/ngircd/issues/277 NOTE: https://github.com/ngircd/ngircd/pull/275 NOTE: https://github.com/ngircd/ngircd/pull/276 NOTE: https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5 CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in Redis be ...) {DSA-4731-1} - redis 5:6.0.0-1 [stretch] - redis (Vulnerable code reintroduced later) [jessie] - redis (Vulnerable code reintroduced later) NOTE: https://github.com/antirez/redis/pull/6875 NOTE: Issue re-introduced with https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3 (5.0-rc4) NOTE: Fixed by: https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571 NOTE: Fixed upstream in 6.0~rc2 and 5.0.8 CVE-2020-14146 (KumbiaPHP through 1.1.1, in Development mode, allows XSS via the publi ...) NOT-FOR-US: KumbiaPHP CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepan ...) - openssh (unimportant) NOTE: https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf NOTE: The OpenSSH project is not planning to change the behaviour of OpenSSH regarding NOTE: the issue, details in "3.1 OpenSSH" in the publication. CVE-2020-14144 RESERVED CVE-2020-14143 RESERVED CVE-2020-14142 RESERVED CVE-2020-14141 RESERVED CVE-2020-14140 RESERVED CVE-2020-14139 RESERVED CVE-2020-14138 RESERVED CVE-2020-14137 RESERVED CVE-2020-14136 RESERVED CVE-2020-14135 RESERVED CVE-2020-14134 RESERVED CVE-2020-14133 RESERVED CVE-2020-14132 RESERVED CVE-2020-14131 RESERVED CVE-2020-14130 RESERVED CVE-2020-14129 RESERVED CVE-2020-14128 RESERVED CVE-2020-14127 RESERVED CVE-2020-14126 RESERVED CVE-2020-14125 RESERVED CVE-2020-14124 RESERVED CVE-2020-14123 RESERVED CVE-2020-14122 RESERVED CVE-2020-14121 RESERVED CVE-2020-14120 RESERVED CVE-2020-14119 RESERVED CVE-2020-14118 RESERVED CVE-2020-14117 RESERVED CVE-2020-14116 RESERVED CVE-2020-14115 RESERVED CVE-2020-14114 RESERVED CVE-2020-14113 RESERVED CVE-2020-14112 RESERVED CVE-2020-14111 RESERVED CVE-2020-14110 RESERVED CVE-2020-14109 RESERVED CVE-2020-14108 RESERVED CVE-2020-14107 RESERVED CVE-2020-14106 RESERVED CVE-2020-14105 RESERVED CVE-2020-14104 RESERVED CVE-2020-14103 RESERVED CVE-2020-14102 RESERVED CVE-2020-14101 RESERVED CVE-2020-14100 (In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 ...) NOT-FOR-US: Xiaomi CVE-2020-14099 RESERVED CVE-2020-14098 RESERVED CVE-2020-14097 RESERVED CVE-2020-14096 (Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen ...) NOT-FOR-US: Xiaomi CVE-2020-14095 (In Xiaomi router R3600, ROM version<1.0.20, a connect service suffe ...) NOT-FOR-US: Xiaomi CVE-2020-14094 (In Xiaomi router R3600, ROM version<1.0.20, the connection service ...) NOT-FOR-US: Xiaomi CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attac ...) {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1} - mutt 1.14.3-1 (bug #962897) - neomutt 20200619+dfsg.1-1 NOTE: Fixed by: https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 NOTE: Fix for CVE-2020-14093 introduces a regression, cf. #963107 NOTE: Regression fixed by: https://gitlab.com/muttmua/mutt/-/commit/dc909119b3433a84290f0095c0f43a23b98b3748 CVE-2020-14092 (The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for Wo ...) NOT-FOR-US: CodePeople Payment Form for PayPal Pro plugin for WordPress CVE-2020-14091 RESERVED CVE-2020-14090 RESERVED CVE-2020-14089 RESERVED CVE-2020-14088 RESERVED CVE-2020-14087 RESERVED CVE-2020-14086 RESERVED CVE-2020-14085 RESERVED CVE-2020-14084 RESERVED CVE-2020-14083 RESERVED CVE-2020-14082 RESERVED CVE-2020-14081 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...) NOT-FOR-US: TRENDnet CVE-2020-14080 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14079 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14078 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14077 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14076 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet TEW-827DRU devices CVE-2020-14075 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...) NOT-FOR-US: TRENDnet CVE-2020-14074 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map proper ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-14072 (An issue was discovered in MK-AUTH 19.01. It allows command execution ...) NOT-FOR-US: MK-AUTH CVE-2020-14071 (An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin ...) NOT-FOR-US: MK-AUTH CVE-2020-14070 (An issue was discovered in MK-AUTH 19.01. There is authentication bypa ...) NOT-FOR-US: MK-AUTH CVE-2020-14069 (An issue was discovered in MK-AUTH 19.01. There are SQL injection issu ...) NOT-FOR-US: MK-AUTH CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login functionality ...) NOT-FOR-US: MK-AUTH CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does not consi ...) NOT-FOR-US: Navigate CMS CVE-2020-14066 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaSc ...) NOT-FOR-US: IceWarp Email Server CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload files ...) NOT-FOR-US: IceWarp Email Server CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user ac ...) NOT-FOR-US: IceWarp Email Server CVE-2020-14063 (A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom Jav ...) NOT-FOR-US: TC Custom JavaScript plugin for WordPress CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2704 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14061 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2698 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14060 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2688 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14059 (An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect ...) - squid (vulnerability introduced in the 5.x series) - squid3 (vulnerability introduced in the 5.x series) NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-w7pw-2m4p-58hr CVE-2020-14058 (An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...) - squid 4.12-1 (unimportant) - squid3 (unimportant) NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57 NOTE: Squid in Debian builds without OpenSSL support CVE-2020-14057 (Monsta FTP 2.10.1 or below allows external control of paths used in fi ...) NOT-FOR-US: Monsta FTP CVE-2020-14056 (Monsta FTP 2.10.1 or below is prone to a server-side request forgery v ...) NOT-FOR-US: Monsta FTP CVE-2020-14055 (Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting v ...) NOT-FOR-US: Monsta FTP CVE-2020-14054 (SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e ...) NOT-FOR-US: SOKKIA GNR5 Vanguard WEB CVE-2020-14053 RESERVED CVE-2020-14052 RESERVED CVE-2020-14051 RESERVED CVE-2020-14050 RESERVED CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its custom U ...) NOT-FOR-US: Viber CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remo ...) NOT-FOR-US: Zoho CVE-2020-14047 RESERVED CVE-2020-14046 RESERVED CVE-2020-14045 RESERVED CVE-2020-14044 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forger ...) NOT-FOR-US: Codiad CVE-2020-14043 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery ...) NOT-FOR-US: Codiad CVE-2020-14042 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) ...) NOT-FOR-US: Codiad CVE-2020-14041 RESERVED CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in encoding ...) - golang-golang-x-text 0.3.3-1 (bug #964272) - golang-x-text (bug #964271) [buster] - golang-x-text (Minor issue) [stretch] - golang-x-text (Minor issue) NOTE: https://github.com/golang/go/issues/39491 NOTE: https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e NOTE: https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0 CVE-2020-14039 (In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may ...) - golang-1.15 (Windows-specific) - golang-1.14 (Windows-specific) - golang-1.11 (Windows-specific) NOTE: https://golang.org/issue/39360 NOTE: https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ CVE-2020-25286 (In wp-includes/comment-template.php in WordPress before 5.4.2, comment ...) {DSA-4709-1 DLA-2371-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47984 CVE-2020-4050 (In affected versions of WordPress, misuse of the `set-screen-option` f ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47951 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc NOTE: https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920 NOTE: https://core.trac.wordpress.org/ticket/50392 (regression fix) CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the name of ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47950 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p NOTE: https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148 CVE-2020-4048 (In affected versions of WordPress, due to an issue in wp_validate_redi ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47949 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5 NOTE: https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693 CVE-2020-4046 (In affected versions of WordPress, users with low privileges (like con ...) - wordpress 5.4.2+dfsg1-1 (bug #962685) [buster] - wordpress (Vulnerable code introduced later) [stretch] - wordpress (Vulnerable code introduced later) [jessie] - wordpress (Vulnerable code introduced later) NOTE: https://core.trac.wordpress.org/changeset/47947 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf CVE-2020-4047 (In affected versions of WordPress, authenticated users with upload per ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47948 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27 NOTE: https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f CVE-2020-14038 RESERVED CVE-2020-14037 RESERVED CVE-2020-14036 RESERVED CVE-2020-14035 RESERVED CVE-2020-14034 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.2-1 NOTE: https://github.com/meetecho/janus-gateway/pull/2229 NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80 CVE-2020-14033 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.2-1 NOTE: https://github.com/meetecho/janus-gateway/pull/2229 NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80 CVE-2020-14032 RESERVED CVE-2020-14031 RESERVED CVE-2020-14030 RESERVED CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14028 RESERVED CVE-2020-14027 RESERVED CVE-2020-14026 RESERVED CVE-2020-14025 RESERVED CVE-2020-14024 RESERVED CVE-2020-14023 RESERVED CVE-2020-14022 RESERVED CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The AS ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14020 RESERVED CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...) - python-rtslib-fb [buster] - python-rtslib-fb (Introduced in 2.1.70) [stretch] - python-rtslib-fb (vulnerable code introduced later, shutil.copyfile is not used) [jessie] - python-rtslib-fb (vulnerable code introduced later, shutil.copyfile is not used) NOTE: https://github.com/open-iscsi/rtslib-fb/pull/162 NOTE: https://github.com/open-iscsi/rtslib-fb/commit/75e73778dce1cb7a2816a936240ef75adfbd6ed9 CVE-2020-14018 (An issue was discovered in Navigate CMS 2.9 r1433. There is a stored X ...) NOT-FOR-US: Navigate CMS CVE-2020-14017 (An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well a ...) NOT-FOR-US: Navigate CMS CVE-2020-14016 (An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password ...) NOT-FOR-US: Navigate CMS CVE-2020-14015 (An issue was discovered in Navigate CMS 2.9 r1433. When performing a p ...) NOT-FOR-US: Navigate CMS CVE-2020-14014 (An issue was discovered in Navigate CMS 2.9 r1433. The query parameter ...) NOT-FOR-US: Navigate CMS CVE-2020-14013 RESERVED CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase C ...) NOT-FOR-US: osTicket CVE-2020-14011 (Lansweeper 6.0.x through 7.2.x has a default installation in which the ...) NOT-FOR-US: Lansweeper CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via t ...) NOT-FOR-US: Laborator Xenon theme for WordPress CVE-2020-14009 RESERVED CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows an auth ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) NOT-FOR-US: Solarwinds CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) NOT-FOR-US: Solarwinds CVE-2020-14005 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) NOT-FOR-US: Solarwinds CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dir ...) - icinga2 2.11.5-1 (bug #970252) [buster] - icinga2 (Minor issue) [stretch] - icinga2 (prepare-dirs script not shipped) [jessie] - icinga2 (prepare-dirs script not shipped) NOTE: https://www.openwall.com/lists/oss-security/2020/06/12/1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1172171 NOTE: https://github.com/Icinga/icinga2/commit/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6 CVE-2020-14003 RESERVED CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an in ...) - putty 0.74-1 [buster] - putty (Minor issue) [stretch] - putty (Minor issue) [jessie] - putty (Minor issue) NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74) CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...) {DSA-4743-1 DLA-2316-1} [experimental] - ruby-kramdown 2.3.0-1 - ruby-kramdown 2.3.0-3 (bug #965305) NOTE: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6 NOTE: https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...) NOT-FOR-US: scratch-vm different from src:scratch CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...) - libemf 1.0.13-1 (bug #963778) [buster] - libemf (Minor issue) NOTE: Fixed upstream in 1.0.13 CVE-2020-13998 (** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled ...) NOT-FOR-US: Citrix CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to an unauth ...) NOT-FOR-US: Shopware CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...) NOT-FOR-US: J2Store plugin for Joomla! CVE-2020-13995 RESERVED CVE-2020-13994 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A pri ...) NOT-FOR-US: Mods for HESK CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A bli ...) NOT-FOR-US: Mods for HESK CVE-2020-13992 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Sto ...) NOT-FOR-US: Mods for HESK CVE-2020-13991 RESERVED CVE-2020-13990 RESERVED CVE-2020-13989 RESERVED CVE-2020-13988 RESERVED CVE-2020-13987 RESERVED CVE-2020-13986 RESERVED CVE-2020-13985 RESERVED CVE-2020-13984 RESERVED CVE-2020-13983 REJECTED CVE-2020-13982 RESERVED CVE-2020-13981 RESERVED CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to c ...) NOT-FOR-US: OpenCart CVE-2020-13979 RESERVED CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has a ...) NOT-FOR-US: Monstra CMS CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has administrative access ...) - nagios4 4.3.4-4 (bug #962826) [buster] - nagios4 (Minor issue) NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/8deeca7cad3df1143ad9c351d107b5c0a6c61213 CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Di ...) NOT-FOR-US: DD-WRT CVE-2020-13975 RESERVED CVE-2020-13974 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.7 ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...) NOT-FOR-US: OWASP json-sanitizer CVE-2020-13972 (Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own dom ...) NOT-FOR-US: Enghouse Web Chat CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use the M ...) NOT-FOR-US: Shopware CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...) NOT-FOR-US: Shopware CVE-2020-13969 RESERVED CVE-2020-13968 RESERVED CVE-2020-13967 RESERVED CVE-2020-13966 RESERVED CVE-2020-13963 RESERVED CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...) - qtbase-opensource-src 5.14.2+dfsg-6 [buster] - qtbase-opensource-src (Only affects 5.12.2 and later) [stretch] - qtbase-opensource-src (Only affects 5.12.2 and later) [jessie] - qtbase-opensource-src (Only affects 5.12.2 and later) NOTE: https://bugreports.qt.io/browse/QTBUG-83450 NOTE: https://github.com/mumble-voip/mumble/issues/3679 NOTE: https://github.com/mumble-voip/mumble/pull/4032 CVE-2020-13961 (Strapi before 3.0.2 could allow a remote authenticated attacker to byp ...) NOT-FOR-US: Strapi CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have t ...) NOT-FOR-US: D-Link CVE-2020-13959 RESERVED CVE-2020-13958 RESERVED CVE-2020-13957 RESERVED CVE-2020-13956 RESERVED CVE-2020-13955 RESERVED CVE-2020-13954 RESERVED CVE-2020-13953 RESERVED CVE-2020-13952 RESERVED CVE-2020-13951 RESERVED CVE-2020-13950 RESERVED CVE-2020-13949 RESERVED CVE-2020-13948 (While investigating a bug report on Apache Superset, it was determined ...) NOT-FOR-US: Apache Superset CVE-2020-13947 RESERVED CVE-2020-13946 (In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.1 ...) - cassandra (bug #585905) CVE-2020-13945 RESERVED CVE-2020-13944 (In Apache Airflow < 1.10.12, the "origin" parameter passed to some ...) - airflow (bug #819700) CVE-2020-13943 RESERVED CVE-2020-13942 RESERVED CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...) - lucene-solr [buster] - lucene-solr (Minor issue) [stretch] - lucene-solr (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/08/15/1 NOTE: https://issues.apache.org/jira/browse/SOLR-14561 NOTE: https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2 CVE-2020-13940 RESERVED CVE-2020-13939 RESERVED CVE-2020-13938 RESERVED CVE-2020-13937 RESERVED CVE-2020-13936 RESERVED CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...) {DSA-4727-1 DLA-2286-1} - tomcat9 9.0.37-1 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/3 NOTE: https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5 (8.5.57) NOTE: https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d (9.0.37) CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0. ...) {DSA-4727-1 DLA-2286-1} - tomcat9 9.0.37-1 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/4 NOTE: https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e (8.5.57) NOTE: https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399 (9.0.37) CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ...) - shiro (bug #968753) NOTE: https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT p ...) NOT-FOR-US: Apache ActiveMQ Artemis NOTE: https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt CVE-2020-13931 RESERVED CVE-2020-13930 RESERVED CVE-2020-13929 RESERVED CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving se ...) NOT-FOR-US: Apache Atlas CVE-2020-13927 RESERVED CVE-2020-13926 (Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2020-13925 (Similar to CVE-2020-1956, Kylin has one more restful API which concate ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2020-13924 RESERVED CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...) NOT-FOR-US: Apache OFBiz CVE-2020-13922 RESERVED CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...) NOT-FOR-US: Apache SkyWalking CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...) - activemq NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt NOTE: When fixing this issue make sure to use a complete fix and not open up NOTE: CVE-2020-11998 (a regression introduced in 5.15.12 in the commit preventing NOTE: JMX re-bind). NOTE: Fixed by: https://github.com/apache/activemq/commit/c29244931d54affaceabb478b3a52d9b74f5d543 (activemq-5.15.12) NOTE: Followup needed: https://github.com/apache/activemq/commit/0d6e5f240ef34bae2e4089102047593bef628e6c (activemq-5.15.13) CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13917 (rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remot ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13916 (A stack buffer overflow in webs in Ruckus Wireless Unleashed through 2 ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13915 (Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed throu ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13914 (webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a rem ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13913 (An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102 ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users ...) NOT-FOR-US: SolarWinds Advanced Monitoring Agent CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a ...) NOT-FOR-US: Your Online Shop CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nf ...) NOT-FOR-US: Pengutronix Barebox CVE-2020-13909 (The Ignition page before 2.0.5 for Laravel mishandles globals, _get, _ ...) NOT-FOR-US: Laravel CVE-2020-13908 RESERVED CVE-2020-13907 RESERVED CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation starting at F ...) NOT-FOR-US: IrfanView CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation starting at F ...) NOT-FOR-US: IrfanView CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF duration in an ...) {DSA-4722-1 DLA-2291-1} - ffmpeg 7:4.3.1-1 NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/ NOTE: https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc NOTE: https://trac.ffmpeg.org/ticket/8673 CVE-2020-13903 RESERVED CVE-2020-13902 (ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-re ...) - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) [stretch] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) [jessie] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920 NOTE: https://github.com/ImageMagick/ImageMagick/discussions/2132 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/824f344ceb823e156ad6e85314d79c087933c2a0 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/218d6abc4e36596c90a07463bfb2ab9e8312efbb CVE-2020-13901 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/90cc2ada775c4d4d8f6ae66f96b4ec7588e4bc86 CVE-2020-13900 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/5f33d5e1073207f7275a726b7bb4cd7dbb08d13a CVE-2020-13899 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/f46f27fb129fd1b3744830b4fc6e75ab78794636 CVE-2020-13898 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/2ed485d04630b9ee9de7c96517135654b7f32120 CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS. ...) NOT-FOR-US: HESK CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remot ...) NOT-FOR-US: Maipu devices CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows ...) NOT-FOR-US: DEXT5 Editor CVE-2020-13893 RESERVED CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS. ...) NOT-FOR-US: SportsPress plugin for WordPress CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS ...) NOT-FOR-US: Mattermost CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an A ...) NOT-FOR-US: Bootstrap theme CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS. ...) NOT-FOR-US: Bludit CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, use ...) NOT-FOR-US: Kordil EDMS CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Comma ...) NOT-FOR-US: Kordil EDMS CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module befor ...) - libcrypt-perl-perl (bug #907353) NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14 NOTE: https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2 CVE-2020-13886 RESERVED CVE-2020-13885 (Citrix Workspace App before 1912 on Windows has Insecure Permissions w ...) NOT-FOR-US: Citrix CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure Permissions a ...) NOT-FOR-US: Citrix CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...) NOT-FOR-US: WSO2 API Manager CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TO ...) - lynis 3.0.0-1 (unimportant) NOTE: Neutralised by kernel hardening NOTE: https://github.com/CISOfy/lynis/pull/594 NOTE: https://github.com/CISOfy/lynis/commit/5b09da0d9878096d45f04b858c4f65e674369ab4 CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...) {DLA-2239-1} - libpam-tacplus (low; bug #962830) [buster] - libpam-tacplus (Minor issue) [stretch] - libpam-tacplus (Minor issue) NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 NOTE: https://github.com/kravietz/pam_tacplus/issues/149 CVE-2020-13880 RESERVED CVE-2020-13879 RESERVED CVE-2020-13878 RESERVED CVE-2020-13877 RESERVED CVE-2020-13876 RESERVED CVE-2020-13875 RESERVED CVE-2020-13874 RESERVED CVE-2020-13873 RESERVED CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for at ...) NOT-FOR-US: Royal TS CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...) {DLA-2340-1} - sqlite3 3.32.2-2 [jessie] - sqlite3 (Vulnerable code not present) NOTE: New fix: https://www.sqlite.org/src/info/44a58d6cb135a104 NOTE: Fixed by: https://www.sqlite.org/src/info/79eff1d0383179c4 NOTE: https://www.sqlite.org/src/info/c8d3b9f0a750a529 NOTE: https://www.sqlite.org/src/info/cd708fa84d2aaaea CVE-2020-13870 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...) NOT-FOR-US: Comments plugin for Craft CMS CVE-2020-13869 (An issue was discovered in the Comments plugin before 1.5.6 for Craft ...) NOT-FOR-US: Comments plugin for Craft CMS CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...) NOT-FOR-US: Comments plugin for Craft CMS CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...) - targetcli-fb (low; bug #962331) [buster] - targetcli-fb (Minor issue) [stretch] - targetcli-fb (Minor issue) NOTE: https://github.com/open-iscsi/targetcli-fb/pull/172 CVE-2020-13866 (WinGate v9.4.1.5998 has insecure permissions for the installation dire ...) NOT-FOR-US: WinGate CVE-2020-13865 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...) NOT-FOR-US: Elementor Page Builder plugin for WordPress CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...) NOT-FOR-US: Elementor Page Builder plugin for WordPress CVE-2020-13863 (The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker ...) NOT-FOR-US: Mitel CVE-2020-13862 RESERVED CVE-2020-13861 RESERVED CVE-2020-13860 RESERVED CVE-2020-13859 RESERVED CVE-2020-13858 RESERVED CVE-2020-13857 RESERVED CVE-2020-13856 RESERVED CVE-2020-13855 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13854 (Artica Pandora FMS 7.44 allows privilege escalation. ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13853 (Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13852 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13851 (Artica Pandora FMS 7.44 allows remote command execution via the events ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a web folder ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout value of 1. ...) NOT-FOR-US: MQTT protocol flaw CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attac ...) {DLA-2238-1} - pupnp-1.8 (bug #962282) [buster] - pupnp-1.8 (Minor issue) - libupnp [stretch] - libupnp (Minor issue) NOTE: https://github.com/pupnp/pupnp/issues/177 NOTE: https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0 CVE-2020-13847 (Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Chec ...) - singularity-container (bug #965040) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v CVE-2020-13846 (Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a S ...) - singularity-container (bug #965040) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92 CVE-2020-13845 (Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integ ...) - singularity-container (bug #965040) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c CVE-2020-13844 (Arm Armv8-A core implementations utilizing speculative execution past ...) NOTE: https://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation NOTE: Hardware issue, mitigations to intrusive to backport (and would require to recompile NOTE: the entire distro, which is not warranted for the impact) NOTE: GCC patches: NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=a9ba2a9b77bec7eacaf066801f22d1c366a2bc86 NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=be178ecd5ac1fe1510d960ff95c66d0ff831afe1 NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=96b7f495f9269d5448822e4fc28882edb35a58d7 CVE-2020-13843 (An issue was discovered on LG mobile devices with Android OS software ...) NOT-FOR-US: LG mobile devices CVE-2020-13842 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-13841 (An issue was discovered on LG mobile devices with Android OS 9 and 10 ...) NOT-FOR-US: LG mobile devices CVE-2020-13840 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-13839 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-13838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13837 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13835 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13834 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13833 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13832 (An issue was discovered on Samsung mobile devices with Q(10.0) (with T ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13831 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13830 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13829 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13828 (Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (X ...) - dolibarr CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/a ...) - phplist (bug #612288) CVE-2020-13826 (A CSV injection (aka Excel Macro Injection or Formula Injection) issue ...) NOT-FOR-US: i-doit CVE-2020-13825 (A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows rem ...) NOT-FOR-US: i-doit CVE-2020-13824 RESERVED CVE-2020-13823 RESERVED CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleabi ...) - node-elliptic 6.5.3~dfsg-1 (bug #963149) [buster] - node-elliptic (Minor issue) NOTE: https://github.com/indutny/elliptic/issues/226 CVE-2020-13821 (An issue was discovered in HiveMQ Broker Control Center 4.3.2. A craft ...) NOT-FOR-US: HiveMQ Broker Control Center CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...) NOT-FOR-US: Extreme Management Center CVE-2020-13819 (Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS vi ...) NOT-FOR-US: Extreme EAC Appliance CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when <cachestart> ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...) - ntp 1:4.2.8p14+dfsg-1 (low) [buster] - ntp (Minor issue) [stretch] - ntp (Minor issue) [jessie] - ntp (Too intrusive to backport, requires new configuration) - ntpsec (Doesn't affect ntpsec per upstream, #964395) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3596 NOTE: https://bugs.ntp.org/show_bug.cgi?id=3596 NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e312021VVVkyioYBR_aeIP1LqMCVg (4.2.8p14) NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e4a536dzxRWAzMw-KsKjm04l6joNA (4.2.8p14) CVE-2020-13816 REJECTED CVE-2020-13815 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13814 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13813 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-13812 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-13811 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-13810 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13809 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13808 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13807 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13806 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13805 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...) NOT-FOR-US: Foxit Reader CVE-2020-13802 (Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command in ...) - rebar3 (bug #824773) NOTE: https://github.com/erlang/rebar3/pull/2302 NOTE: https://github.com/erlang/rebar3/commit/2e2d1a6bb141a969b6483e082a2afd361fc2ece2 CVE-2020-13801 RESERVED CVE-2020-13799 RESERVED CVE-2020-13798 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) NOT-FOR-US: Navigate CMS CVE-2020-13797 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) NOT-FOR-US: Navigate CMS CVE-2020-13796 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) NOT-FOR-US: Navigate CMS CVE-2020-13795 (An issue was discovered in Navigate CMS through 2.8.7. It allows Direc ...) NOT-FOR-US: Navigate CMS CVE-2020-13794 RESERVED CVE-2020-13793 (Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a st ...) NOT-FOR-US: Ivanti CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via ajax.php?type=../ad ...) NOT-FOR-US: PlayTube CVE-2020-13965 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...) {DSA-4700-1} - roundcube 1.4.5+dfsg.1-1 (bug #962124) NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/ccaccae6653031b809b4347a60021951e19a0e43 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3 CVE-2020-13964 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...) {DSA-4700-1} - roundcube 1.4.5+dfsg.1-1 (bug #962123) NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19 CVE-2020-13800 (ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to tri ...) - qemu 1:5.0-6 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/2 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00833.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a98610c429d52db0937c1e48659428929835c455 CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of- ...) - qemu 1:5.0-6 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00831.html CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...) {DLA-2302-1} - libjpeg-turbo 1:2.0.5-1 (bug #962829) [buster] - libjpeg-turbo (Minor issue) [jessie] - libjpeg-turbo (No package in Debian jessie uses the TurboJPEG API) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x) CVE-2020-13789 RESERVED CVE-2020-13788 (Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker wi ...) NOT-FOR-US: Harbor CVE-2020-13787 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of ...) NOT-FOR-US: D-Link CVE-2020-13786 (D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. ...) NOT-FOR-US: D-Link CVE-2020-13785 (D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Str ...) NOT-FOR-US: D-Link CVE-2020-13784 (D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a P ...) NOT-FOR-US: D-Link CVE-2020-13783 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sens ...) NOT-FOR-US: D-Link CVE-2020-13782 (D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. ...) NOT-FOR-US: D-Link CVE-2020-13781 RESERVED CVE-2020-13780 RESERVED CVE-2020-13779 RESERVED CVE-2020-13778 RESERVED CVE-2020-13777 (GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting ...) {DSA-4697-1} - gnutls28 3.6.14-1 (bug #962289) [stretch] - gnutls28 (Vulnerable code introduced in 3.6.4) [jessie] - gnutls28 (Vulnerable code introduced in 3.6.4) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1843723 NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1011 NOTE: https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca NOTE: https://gitlab.com/gnutls/gnutls/-/commit/3d7fae761e65e9d0f16d7247ee8a464d4fe002da CVE-2020-13776 (systemd through v245 mishandles numerical usernames such as ones compo ...) - systemd 246-2 (unimportant) NOTE: https://github.com/systemd/systemd/issues/15985 NOTE: https://github.com/systemd/systemd/commit/156a5fd297b61bce31630d7a52c15614bf784843 (v246-rc1) NOTE: https://github.com/systemd/systemd/commit/6495ceddf38aed2c9efdcf9d3440140190800b55 (v246-rc1) NOTE: Issue exists due to an incomplete fix for CVE-2017-1000082. CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an app ...) - znc 1.8.1-1 (bug #962105) [buster] - znc (Vulnerable code introduced later) [stretch] - znc (Vulnerable code introduced later) [jessie] - znc (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8 (znc-1.8.1-rc1) NOTE: Introduced with: https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001 (znc-1.8.0) CVE-2020-13774 RESERVED CVE-2020-13773 RESERVED CVE-2020-13772 RESERVED CVE-2020-13771 RESERVED CVE-2020-13770 RESERVED CVE-2020-13769 RESERVED CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via ...) NOT-FOR-US: MiniShare CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could allow an u ...) NOT-FOR-US: Mitel CVE-2020-13766 RESERVED CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the rel ...) {DSA-4728-1 DLA-2288-1 DLA-2262-1} - qemu 1:4.2-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319 NOTE: https://bugs.launchpad.net/qemu/+bug/1844635 CVE-2020-13764 (common.php in the Gravity Forms plugin before 2.4.9 for WordPress can ...) NOT-FOR-US: Gravity Forms plugin for WordPress CVE-2020-13763 (In Joomla! before 3.9.19, the default settings of the global textfilte ...) NOT-FOR-US: Joomla! CVE-2020-13762 (In Joomla! before 3.9.19, incorrect input validation of the module tag ...) NOT-FOR-US: Joomla! CVE-2020-13761 (In Joomla! before 3.9.19, lack of input validation in the heading tag ...) NOT-FOR-US: Joomla! CVE-2020-13760 (In Joomla! before 3.9.19, missing token checks in com_postinstall lead ...) NOT-FOR-US: Joomla! CVE-2020-13759 (rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attacker ...) NOT-FOR-US: rust-vmm CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...) NOT-FOR-US: Bitrix24 CVE-2020-13757 (Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ...) - python-rsa (bug #962142) [buster] - python-rsa (Minor issue) [stretch] - python-rsa (Minor issue) [jessie] - python-rsa (No reverse dependencies) NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146 CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...) NOT-FOR-US: Sabberworm PHP CSS Parser CVE-2020-13755 RESERVED CVE-2020-13753 (The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, f ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-13752 RESERVED CVE-2020-13751 RESERVED CVE-2020-13750 RESERVED CVE-2020-13749 RESERVED CVE-2020-13748 RESERVED CVE-2020-13747 RESERVED CVE-2020-13746 RESERVED CVE-2020-13745 RESERVED CVE-2020-13744 RESERVED CVE-2020-13743 RESERVED CVE-2020-13742 RESERVED CVE-2020-13741 RESERVED CVE-2020-13740 RESERVED CVE-2020-13739 RESERVED CVE-2020-13738 RESERVED CVE-2020-13737 RESERVED CVE-2020-13736 RESERVED CVE-2020-13735 RESERVED CVE-2020-13734 RESERVED CVE-2020-13733 RESERVED CVE-2020-13732 RESERVED CVE-2020-13731 RESERVED CVE-2020-13730 RESERVED CVE-2020-13729 RESERVED CVE-2020-13728 RESERVED CVE-2020-13727 RESERVED CVE-2020-13726 RESERVED CVE-2020-13725 RESERVED CVE-2020-13724 RESERVED CVE-2020-13723 RESERVED CVE-2020-13722 RESERVED CVE-2020-13721 RESERVED CVE-2020-13720 RESERVED CVE-2020-13719 RESERVED CVE-2020-13718 RESERVED CVE-2020-13717 RESERVED CVE-2020-13716 RESERVED CVE-2020-13715 RESERVED CVE-2020-13714 RESERVED CVE-2020-13713 RESERVED CVE-2020-13712 RESERVED CVE-2020-13711 RESERVED CVE-2020-13710 RESERVED CVE-2020-13709 RESERVED CVE-2020-13708 RESERVED CVE-2020-13707 RESERVED CVE-2020-13706 RESERVED CVE-2020-13705 RESERVED CVE-2020-13704 RESERVED CVE-2020-13703 RESERVED CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...) {DSA-4728-1 DLA-2288-1} - qemu 1:5.0-6 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5d971f9e672507210e77d020d89e0e89165c8fc9 (fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dba04c3488c4699f5afe96f66e448b1d447cf3fb (regression fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e67fda2dd6202ccec093fda561107ba14830a17 (regression fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=70b78d4e71494c90d2ccb40381336bc9b9a22f79 (regression fix) CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...) NOT-FOR-US: Apple/Google Exposure Notification API CVE-2020-13701 RESERVED CVE-2020-13700 (An issue was discovered in the acf-to-rest-api plugin through 3.1.0 fo ...) NOT-FOR-US: acf-to-rest-api plugin for WordPress CVE-2020-13699 (TeamViewer Desktop for Windows before 15.8.3 does not properly quote i ...) NOT-FOR-US: TeamViewer Desktop CVE-2020-13698 RESERVED CVE-2020-13697 RESERVED CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The function de ...) {DLA-2246-1} - xawtv 3.107-1 (bug #962221) [stretch] - xawtv (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6 NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3 NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292 NOTE: But those sill allow to test for arbitrary files and would need: NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6/1 CVE-2020-13695 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...) NOT-FOR-US: QuickBox CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...) NOT-FOR-US: QuickBox CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...) NOT-FOR-US: bbPress plugin for WordPress CVE-2020-13692 (PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. ...) - libpgjava 42.2.12-2 (low; bug #962828) [buster] - libpgjava (Minor issue) [stretch] - libpgjava (Minor issue) [jessie] - libpgjava (Minor issue) NOTE: https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65 CVE-2020-13691 RESERVED CVE-2020-13690 RESERVED CVE-2020-13689 RESERVED CVE-2020-13688 RESERVED CVE-2020-13687 RESERVED CVE-2020-13686 RESERVED CVE-2020-13685 RESERVED CVE-2020-13684 RESERVED CVE-2020-13683 RESERVED CVE-2020-13682 RESERVED CVE-2020-13681 RESERVED CVE-2020-13680 RESERVED CVE-2020-13679 RESERVED CVE-2020-13678 RESERVED CVE-2020-13677 RESERVED CVE-2020-13676 RESERVED CVE-2020-13675 RESERVED CVE-2020-13674 RESERVED CVE-2020-13673 RESERVED CVE-2020-13672 RESERVED CVE-2020-13671 RESERVED CVE-2020-13670 RESERVED CVE-2020-13669 RESERVED CVE-2020-13668 RESERVED CVE-2020-13667 RESERVED CVE-2020-13666 RESERVED CVE-2020-13665 RESERVED - drupal7 (Drupal 7 not affected) NOTE: https://www.drupal.org/sa-core-2020-006 CVE-2020-13664 RESERVED - drupal7 (Drupal 7 not affected) NOTE: https://www.drupal.org/sa-core-2020-005 CVE-2020-13663 [Drupal SA 2020-004] RESERVED {DSA-4706-1 DLA-2263-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2020-004 NOTE: https://git.drupalcode.org/project/drupal/-/commit/3999b8f658bf2ef8e96a7ee8ccb279c5d3073006 CVE-2020-13661 RESERVED CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...) NOT-FOR-US: CMS Made Simple CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...) {DSA-4728-1 DLA-2288-1} - qemu 1:5.0-6 NOTE: https://bugs.launchpad.net/qemu/+bug/1878259 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82 CVE-2020-13658 RESERVED CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free Antivirus ...) NOT-FOR-US: Avast CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implementation ...) NOT-FOR-US: Hobbes CVE-2020-13655 (An issue was discovered in Collabtive 3.0 and later. managefile.php is ...) - collabtive CVE-2020-13654 RESERVED CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra Collabo ...) NOT-FOR-US: Zimbra CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...) NOT-FOR-US: DigDash CVE-2020-13651 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...) NOT-FOR-US: DigDash CVE-2020-13650 (An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 ...) NOT-FOR-US: DigDash CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...) NOT-FOR-US: JerryScript CVE-2020-13648 RESERVED CVE-2020-13647 RESERVED CVE-2020-13646 (In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows local ...) NOT-FOR-US: cheetah free wifi CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...) - glib-networking 2.64.3-2 (bug #961756) [buster] - glib-networking 2.58.0-2+deb10u1 [stretch] - glib-networking 2.50.0-1+deb9u1 NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135 NOTE: Updating glib-networking to address CVE-2020-13645 will need a compatibility NOTE: update as well for balsa (cf. https://bugs.debian.org/961792) CVE-2020-13644 (An issue was discovered in the Accordion plugin before 2.2.9 for WordP ...) NOT-FOR-US: Accordion plugin for WordPress CVE-2020-13643 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...) NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress CVE-2020-13642 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...) NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin befor ...) NOT-FOR-US: Real-Time Find and Replace plugin for WordPress CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlie ...) NOT-FOR-US: gVectors wpDiscuz plugin for WordPress CVE-2020-13639 RESERVED CVE-2020-13638 RESERVED CVE-2020-13637 (An issue was discovered in the stashcat app through 3.9.2 for macOS, W ...) NOT-FOR-US: stashcat app CVE-2020-13636 RESERVED CVE-2020-13635 RESERVED CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...) NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...) NOT-FOR-US: Fork CMS CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...) {DLA-2340-1} - sqlite3 3.32.0-1 [jessie] - sqlite3 (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/a4dd148928ea65bd CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name ...) - sqlite3 3.32.0-1 [stretch] - sqlite3 (Vulnerable code not present) [jessie] - sqlite3 (Too intrusive to backport) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/eca0ba2cf4c0fdf7 CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...) {DLA-2340-1} - sqlite3 3.32.0-1 [jessie] - sqlite3 (Vulnerable code not found) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/0d69f76f0865f962 CVE-2020-13629 RESERVED CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) - centreon-web (bug #913903) CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) - centreon-web (bug #913903) CVE-2020-13626 RESERVED CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...) {DLA-2306-1 DLA-2244-1} - libphp-phpmailer 6.1.6-1 (bug #962827) [buster] - libphp-phpmailer (Minor issue) NOTE: https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj NOTE: https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3 CVE-2020-13624 RESERVED CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...) NOT-FOR-US: JerryScript CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service (asser ...) NOT-FOR-US: JerryScript CVE-2020-13621 RESERVED CVE-2020-13620 RESERVED CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attack ...) NOT-FOR-US: Locutus PHP CVE-2020-13618 RESERVED CVE-2020-13617 (The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones ...) NOT-FOR-US: Mitel CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...) NOT-FOR-US: pichi CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification ...) NOT-FOR-US: Qore CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implem ...) - axel 2.17.8-1 [buster] - axel (Minor issue) [stretch] - axel (Minor issue) [jessie] - axel (SSL/TLS implemented from v2.10. But without ssl support is a major drawback) NOTE: https://github.com/axel-download-accelerator/axel/issues/262 CVE-2020-13613 RESERVED CVE-2020-13612 RESERVED CVE-2020-13611 RESERVED CVE-2020-13610 RESERVED CVE-2020-13609 RESERVED CVE-2020-13608 RESERVED CVE-2020-13607 RESERVED CVE-2020-13606 RESERVED CVE-2020-13605 RESERVED CVE-2020-13604 RESERVED CVE-2020-13603 RESERVED CVE-2020-13602 RESERVED CVE-2020-13601 RESERVED CVE-2020-13600 RESERVED CVE-2020-13599 RESERVED CVE-2020-13598 RESERVED CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...) NOT-FOR-US: Calico CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) {DSA-4705-1 DLA-2233-1} - python-django 2:2.2.13-1 (bug #962323) NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 NOTE: https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master) NOTE: https://github.com/django/django/commit/49d7cc19e33a104bb23f7ae1dbb1240b4f6c40f9 (3.1 branch) NOTE: https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38 (3.0 branch) NOTE: https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815 (2.2. branch) CVE-2020-13595 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...) NOT-FOR-US: Espressif CVE-2020-13594 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...) NOT-FOR-US: Espressif CVE-2020-13593 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...) NOT-FOR-US: Espressif CVE-2020-13662 [Drupal SA 2020-003] RESERVED {DSA-4693-1 DLA-2250-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2020-003 NOTE: https://git.drupalcode.org/project/drupal/-/commit/905ff00a44160adee3f266cdcc87d3350a64a072 CVE-2020-13592 RESERVED CVE-2020-13591 RESERVED CVE-2020-13590 RESERVED CVE-2020-13589 RESERVED CVE-2020-13588 RESERVED CVE-2020-13587 RESERVED CVE-2020-13586 RESERVED CVE-2020-13585 RESERVED CVE-2020-13584 RESERVED CVE-2020-13583 RESERVED CVE-2020-13582 RESERVED CVE-2020-13581 RESERVED CVE-2020-13580 RESERVED CVE-2020-13579 RESERVED CVE-2020-13578 RESERVED CVE-2020-13577 RESERVED CVE-2020-13576 RESERVED CVE-2020-13575 RESERVED CVE-2020-13574 RESERVED CVE-2020-13573 RESERVED CVE-2020-13572 RESERVED CVE-2020-13571 RESERVED CVE-2020-13570 RESERVED CVE-2020-13569 RESERVED CVE-2020-13568 RESERVED CVE-2020-13567 RESERVED CVE-2020-13566 RESERVED CVE-2020-13565 RESERVED CVE-2020-13564 RESERVED CVE-2020-13563 RESERVED CVE-2020-13562 RESERVED CVE-2020-13561 RESERVED CVE-2020-13560 RESERVED CVE-2020-13559 RESERVED CVE-2020-13558 RESERVED CVE-2020-13557 RESERVED CVE-2020-13556 RESERVED CVE-2020-13555 RESERVED CVE-2020-13554 RESERVED CVE-2020-13553 RESERVED CVE-2020-13552 RESERVED CVE-2020-13551 RESERVED CVE-2020-13550 RESERVED CVE-2020-13549 RESERVED CVE-2020-13548 RESERVED CVE-2020-13547 RESERVED CVE-2020-13546 RESERVED CVE-2020-13545 RESERVED CVE-2020-13544 RESERVED CVE-2020-13543 RESERVED CVE-2020-13542 RESERVED CVE-2020-13541 RESERVED CVE-2020-13540 RESERVED CVE-2020-13539 RESERVED CVE-2020-13538 RESERVED CVE-2020-13537 RESERVED CVE-2020-13536 RESERVED CVE-2020-13535 RESERVED CVE-2020-13534 RESERVED CVE-2020-13533 RESERVED CVE-2020-13532 RESERVED CVE-2020-13531 RESERVED CVE-2020-13530 RESERVED CVE-2020-13529 RESERVED CVE-2020-13528 RESERVED CVE-2020-13527 RESERVED CVE-2020-13526 RESERVED CVE-2020-13525 RESERVED CVE-2020-13524 RESERVED CVE-2020-13523 (An exploitable information disclosure vulnerability exists in SoftPerf ...) NOT-FOR-US: SoftPerfect CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in SoftPerfe ...) NOT-FOR-US: SoftPerfect CVE-2020-13521 RESERVED CVE-2020-13520 RESERVED CVE-2020-13519 RESERVED CVE-2020-13518 RESERVED CVE-2020-13517 RESERVED CVE-2020-13516 RESERVED CVE-2020-13515 RESERVED CVE-2020-13514 RESERVED CVE-2020-13513 RESERVED CVE-2020-13512 RESERVED CVE-2020-13511 RESERVED CVE-2020-13510 RESERVED CVE-2020-13509 RESERVED CVE-2020-13508 RESERVED CVE-2020-13507 RESERVED CVE-2020-13506 RESERVED CVE-2020-13505 RESERVED CVE-2020-13504 RESERVED CVE-2020-13503 RESERVED CVE-2020-13502 RESERVED CVE-2020-13501 RESERVED CVE-2020-13500 RESERVED CVE-2020-13499 RESERVED CVE-2020-13498 RESERVED CVE-2020-13497 RESERVED CVE-2020-13496 RESERVED CVE-2020-13495 RESERVED CVE-2020-13494 RESERVED CVE-2020-13493 RESERVED CVE-2020-13492 RESERVED CVE-2020-13491 RESERVED CVE-2020-13490 RESERVED CVE-2020-13489 RESERVED CVE-2020-13488 RESERVED CVE-2020-13487 (The bbPress plugin through 2.6.4 for WordPress has stored XSS in the F ...) NOT-FOR-US: Wordpress plugin CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious red ...) NOT-FOR-US: Craft CMS plugin CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist ...) NOT-FOR-US: Craft CMS plugin CVE-2020-13484 (Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in th ...) NOT-FOR-US: Bitrix24 CVE-2020-13483 (The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via ...) NOT-FOR-US: Bitrix24 CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...) NOT-FOR-US: EM-HTTP-Request CVE-2020-13481 RESERVED CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...) NOT-FOR-US: Verint Workforce Optimization (WFO) CVE-2020-13479 RESERVED CVE-2020-13478 RESERVED CVE-2020-13477 RESERVED CVE-2020-13476 RESERVED CVE-2020-13475 RESERVED CVE-2020-13474 RESERVED CVE-2020-13473 RESERVED CVE-2020-13472 (The flash memory readout protection in Gigadevice GD32F103 devices all ...) NOT-FOR-US: Gigadevice GD32F103 devices CVE-2020-13471 (Apex Microelectronics APM32F103 devices allow physical attackers to ex ...) NOT-FOR-US: Apex Microelectronics APM32F103 devices CVE-2020-13470 (Gigadevice GD32F103 and GD32F130 devices allow physical attackers to e ...) NOT-FOR-US: Gigadevice GD32F103 and GD32F130 devices CVE-2020-13469 (The flash memory readout protection in Gigadevice GD32VF103 devices al ...) NOT-FOR-US: Gigadevice GD32VF103 devices CVE-2020-13468 (Gigadevice GD32F130 devices allow physical attackers to escalate their ...) NOT-FOR-US: Gigadevice GD32F130 devices CVE-2020-13467 (The flash memory readout protection in China Key Systems & Integra ...) NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices CVE-2020-13466 (STMicroelectronics STM32F103 devices through 2020-05-20 allow physical ...) NOT-FOR-US: STMicroelectronics STM32F103 devices CVE-2020-13465 (The security protection in Gigadevice GD32F103 devices allows physical ...) NOT-FOR-US: Gigadevice GD32F103 devices CVE-2020-13464 (The flash memory readout protection in China Key Systems & Integra ...) NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices CVE-2020-13463 (The flash memory readout protection in Apex Microelectronics APM32F103 ...) NOT-FOR-US: Apex Microelectronics APM32F103 devices CVE-2020-13462 RESERVED CVE-2020-13461 RESERVED CVE-2020-13460 RESERVED CVE-2020-13459 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...) NOT-FOR-US: Image Resizer plugin for Craft CMS CVE-2020-13458 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...) NOT-FOR-US: Image Resizer plugin for Craft CMS CVE-2020-13457 RESERVED CVE-2020-13456 RESERVED CVE-2020-13455 RESERVED CVE-2020-13454 RESERVED CVE-2020-13453 RESERVED CVE-2020-13452 RESERVED CVE-2020-13451 RESERVED CVE-2020-13450 RESERVED CVE-2020-13449 RESERVED CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...) NOT-FOR-US: QuickBox CVE-2020-13447 RESERVED CVE-2020-13446 RESERVED CVE-2020-13445 (In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, ...) NOT-FOR-US: Liferay CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 9 ...) NOT-FOR-US: Liferay CVE-2020-13443 (ExpressionEngine before 5.3.2 allows remote attackers to upload and ex ...) NOT-FOR-US: ExpressionEngine CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 t ...) NOT-FOR-US: DEXT5 CVE-2020-13441 RESERVED CVE-2020-13440 (ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. ...) NOT-FOR-US: ffjpeg CVE-2020-13439 (ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_de ...) NOT-FOR-US: ffjpeg CVE-2020-13438 (ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c ...) NOT-FOR-US: ffjpeg CVE-2020-13437 RESERVED CVE-2020-13436 RESERVED CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarge ...) - sqlite3 3.32.1-1 [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) NOTE: https://www.sqlite.org/src/info/7a5279a25c57adf1 NOTE: https://www.sqlite.org/src/info/ad7bb70af9bb68d1 NOTE: https://www.sqlite.org/src/info/572105de1d44bca4 CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf ...) {DLA-2340-1 DLA-2221-1} - sqlite3 3.32.1-1 [buster] - sqlite3 (Minor issue) NOTE: https://www.sqlite.org/src/info/23439ea582241138 NOTE: https://www.sqlite.org/src/info/d08d3405878d394e CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...) NOT-FOR-US: Jason2605 AdminPanel CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...) NOT-FOR-US: Rejetto HTTP File Server CVE-2020-13431 (I2P before 0.9.46 allows local users to gain privileges via a Trojan h ...) - i2p (Windows-specific) CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...) - grafana NOTE: https://github.com/grafana/grafana/pull/24539 CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...) NOT-FOR-US: piechart-panel plugin for Grafana CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...) {DSA-4704-1} - vlc 3.0.11-1 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11 NOTE: http://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0 CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...) NOT-FOR-US: Victor CMS CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...) NOT-FOR-US: Multi-Scheduler plugin for WordPress CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep ...) NOT-FOR-US: TrackR CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...) NOT-FOR-US: Joomla addon CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that can be exp ...) NOT-FOR-US: Form Builder for Magento CVE-2020-13422 RESERVED CVE-2020-13421 RESERVED CVE-2020-13420 RESERVED CVE-2020-13419 RESERVED CVE-2020-13418 RESERVED CVE-2020-13417 (An Elevation of Privilege issue was discovered in Aviatrix VPN Client ...) NOT-FOR-US: Aviatrix CVE-2020-13416 (An issue was discovered in Aviatrix Controller before 5.4.1066. A Cont ...) NOT-FOR-US: Aviatrix CVE-2020-13415 (An issue was discovered in Aviatrix Controller through 5.1. An attacke ...) NOT-FOR-US: Aviatrix CVE-2020-13414 (An issue was discovered in Aviatrix Controller before 5.4.1204. It con ...) NOT-FOR-US: Aviatrix CVE-2020-13413 (An issue was discovered in Aviatrix Controller before 5.4.1204. There ...) NOT-FOR-US: Aviatrix CVE-2020-13412 (An issue was discovered in Aviatrix Controller before 5.4.1204. An API ...) NOT-FOR-US: Aviatrix CVE-2020-13411 RESERVED CVE-2020-13410 (An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not ...) NOT-FOR-US: MoscaJS Aedes CVE-2020-13409 RESERVED CVE-2020-13408 RESERVED CVE-2020-13407 RESERVED CVE-2020-13406 RESERVED CVE-2020-13405 (userfiles/modules/users/controller/controller.php in Microweber before ...) NOT-FOR-US: Microweber CVE-2020-13404 (The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for M ...) NOT-FOR-US: Atos-Magento CVE-2020-13403 RESERVED CVE-2020-13402 RESERVED CVE-2020-13401 (An issue was discovered in Docker Engine before 19.03.11. An attacker ...) {DSA-4716-1} - docker.io 19.03.11+dfsg1-1 (bug #962141) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833233 NOTE: https://github.com/moby/libnetwork/commit/153d0769a1181bf591a9637fd487a541ec7db1e6 CVE-2020-13400 RESERVED CVE-2020-13399 RESERVED CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc CVE-2020-13395 RESERVED CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13393 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13392 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13391 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...) NOT-FOR-US: jw.util CVE-2020-13387 RESERVED CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...) NOT-FOR-US: SmartDraw CVE-2020-13385 RESERVED CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...) NOT-FOR-US: Monstra CMS CVE-2020-13383 (openSIS through 7.4 allows Directory Traversal. ...) NOT-FOR-US: openSIS CVE-2020-13382 (openSIS through 7.4 has Incorrect Access Control. ...) NOT-FOR-US: openSIS CVE-2020-13381 (openSIS through 7.4 allows SQL Injection. ...) NOT-FOR-US: openSIS CVE-2020-13380 (openSIS before 7.4 allows SQL Injection. ...) NOT-FOR-US: openSIS CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ...) - grafana NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/4 NOTE: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/ CVE-2020-13378 RESERVED CVE-2020-13377 RESERVED CVE-2020-13376 (SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable fil ...) NOT-FOR-US: SecurEnvoy SecurMail CVE-2020-13375 RESERVED CVE-2020-13374 RESERVED CVE-2020-13373 RESERVED CVE-2020-13372 RESERVED CVE-2020-13371 RESERVED CVE-2020-13370 RESERVED CVE-2020-13369 RESERVED CVE-2020-13368 RESERVED CVE-2020-13367 RESERVED CVE-2020-13366 RESERVED CVE-2020-13365 (Certain Zyxel products have a locally accessible binary that allows a ...) NOT-FOR-US: Zyxel CVE-2020-13364 (A backdoor in certain Zyxel products allows remote TELNET access via a ...) NOT-FOR-US: Zyxel CVE-2020-13363 RESERVED CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...) {DSA-4728-1 DLA-2288-1 DLA-2262-1} - qemu 1:5.0-6 (bug #961887) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c ...) {DSA-4728-1 DLA-2288-1 DLA-2262-1} - qemu 1:5.0-6 (bug #961888) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html CVE-2020-13360 RESERVED CVE-2020-13359 RESERVED CVE-2020-13358 RESERVED CVE-2020-13357 RESERVED CVE-2020-13356 RESERVED CVE-2020-13355 RESERVED CVE-2020-13354 RESERVED CVE-2020-13353 RESERVED CVE-2020-13352 RESERVED CVE-2020-13351 RESERVED CVE-2020-13350 RESERVED CVE-2020-13349 RESERVED CVE-2020-13348 RESERVED CVE-2020-13347 RESERVED CVE-2020-13346 RESERVED CVE-2020-13345 RESERVED CVE-2020-13344 RESERVED CVE-2020-13343 RESERVED CVE-2020-13342 RESERVED CVE-2020-13341 RESERVED CVE-2020-13340 RESERVED CVE-2020-13339 RESERVED CVE-2020-13338 RESERVED CVE-2020-13337 RESERVED CVE-2020-13336 RESERVED CVE-2020-13335 RESERVED CVE-2020-13334 RESERVED CVE-2020-13333 RESERVED CVE-2020-13332 RESERVED CVE-2020-13331 RESERVED CVE-2020-13330 RESERVED CVE-2020-13329 RESERVED CVE-2020-13328 RESERVED CVE-2020-13327 RESERVED CVE-2020-13326 RESERVED CVE-2020-13325 RESERVED CVE-2020-13324 RESERVED CVE-2020-13323 RESERVED CVE-2020-13322 RESERVED CVE-2020-13321 RESERVED CVE-2020-13320 RESERVED CVE-2020-13319 RESERVED CVE-2020-13318 (A vulnerability was discovered in GitLab versions before 13.0.12, 13.1 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13317 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13316 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13315 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13314 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13313 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13312 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13311 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13310 (A vulnerability was discovered in GitLab runner versions before 13.1.3 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13309 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13308 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13307 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13306 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13305 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13304 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13303 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13302 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13301 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13300 (GitLab before version 13.3.4 was vulnerable to an OAuth authorization ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13299 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13298 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13297 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13296 RESERVED CVE-2020-13295 (For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd ...) - gitlab-ci-multi-runner NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13294 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not re ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13293 (In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexa ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13292 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13291 (In GitLab before 13.2.3, project sharing could temporarily allow too p ...) - gitlab (Only affects GitLab 13.2 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13290 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13289 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13288 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerabili ...) - gitlab (Only affects GitLab 13.0 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13287 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13286 (For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configur ...) - gitlab (Only affects GitLab 12.7 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13285 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulne ...) - gitlab (Only affects GitLab 12.9 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13284 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13283 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulne ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13282 (For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occur ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13281 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists i ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13280 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exi ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0 allows at ...) NOT-FOR-US: gitlab-vscode-extension CVE-2020-13278 (Reflected Cross-Site Scripting vulnerability in Modules.php in Rosario ...) NOT-FOR-US: RosarioSIS Student Information System CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/06/10/critical-security-release-13-0-6-released/ CVE-2020-13276 (User is allowed to set an email as a notification email even without v ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13275 (A user with an unverified email address could request an access to dom ...) - gitlab (Only affects GitLab EE/CE 12.2 and later) CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks through m ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the system resour ...) - gitlab (Only affects GitLab 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later through 13 ...) - gitlab (Only affects GitLab 12.3 and later) CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13269 (A Reflected Cross-Site Scripting vulnerability allowed the execution o ...) - gitlab (Only affects GitLab 12.10 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13268 (A specially crafted request could be used to confirm the existence of ...) - gitlab (Only affects GitLab 12.10 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the execution on J ...) - gitlab (Only affects GitLab 12.8 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...) - gitlab (Only affects GitLab 12.8 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later through ...) - gitlab (Only affects GitLab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13263 (An authorization issue relating to project maintainer impersonation wa ...) - gitlab (Specific to EE) CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 ...) - gitlab (Only affects GitLab 12.9 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...) - gitlab (Only affects GitLab 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13260 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) NOT-FOR-US: RAD SecFlow-1v os-image CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) NOT-FOR-US: RAD SecFlow-1v os-image CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) NOT-FOR-US: Contentful CVE-2020-13257 RESERVED CVE-2020-13256 RESERVED CVE-2020-13255 RESERVED CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) {DSA-4705-1 DLA-2233-1} - python-django 2:2.2.13-1 (bug #962323) NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 NOTE: https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master) NOTE: https://github.com/django/django/commit/580bd64c0482ae9b7c05715390e25f4405a12719 (3.1 branch) NOTE: https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693 (3.0 branch) NOTE: https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206 (2.2 branch) NOTE: Regression https://code.djangoproject.com/ticket/31654 CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ...) {DLA-2373-1} - qemu 1:5.0-8 (bug #961297) [buster] - qemu (Minor issue, revisit when fixed upstream) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2 NOTE: https://bugs.launchpad.net/qemu/+bug/1880822 (reproducer) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=790762e5487114341cccc5bffcec4cb3c022c3cd (5.1) CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...) - centreon-web (bug #913903) CVE-2020-13251 RESERVED CVE-2020-13250 (HashiCorp Consul and Consul Enterprise include an HTTP API (introduced ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/8023 CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not ...) - mariadb-10.3 1:10.3.23-1 [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 - mariadb-10.1 (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 (v3.1.8) NOTE: Introduced around: https://github.com/mariadb-corporation/mariadb-connector-c/commit/b4efe73c9e725f97b3550371f8a78a10a20bf2fd (v3.0-cc-server-integ-0) CVE-2020-13248 (BooleBox Secure File Sharing Utility (potentially all versions) allows ...) NOT-FOR-US: BooleBox Secure File Sharing Utility CVE-2020-13247 (BooleBox Secure File Sharing Utility (potentially all versions) allows ...) NOT-FOR-US: BooleBox Secure File Sharing Utility CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...) - gitea CVE-2020-13245 (Certain NETGEAR devices are affected by Missing SSL Certificate Valida ...) NOT-FOR-US: Netgear CVE-2020-13244 RESERVED CVE-2020-13243 RESERVED CVE-2020-13242 RESERVED CVE-2020-13241 (Microweber 1.1.18 allows Unrestricted File Upload because admin/view:m ...) NOT-FOR-US: Microweber CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup doc ...) - dolibarr CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html file ...) - dolibarr CVE-2020-13238 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to ...) NOT-FOR-US: Mitsubishi CVE-2020-13237 RESERVED CVE-2020-13236 RESERVED CVE-2020-13235 RESERVED CVE-2020-13234 RESERVED CVE-2020-13233 RESERVED CVE-2020-13232 RESERVED CVE-2020-13231 (In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ...) - cacti 1.2.11+ds1-1 [buster] - cacti 1.2.2+ds1-2+deb10u3 [stretch] - cacti (Minor issue) NOTE: https://github.com/Cacti/cacti/issues/3342 CVE-2020-13230 (In Cacti before 1.2.11, disabling a user account does not immediately ...) - cacti 1.2.11+ds1-1 [buster] - cacti 1.2.2+ds1-2+deb10u3 [stretch] - cacti (Minor issue) NOTE: https://github.com/Cacti/cacti/issues/3343 CVE-2020-13229 (An issue was discovered in Sysax Multi Server 6.90. A session can be h ...) NOT-FOR-US: Sysax Multi Server CVE-2020-13228 (An issue was discovered in Sysax Multi Server 6.90. There is reflected ...) NOT-FOR-US: Sysax Multi Server CVE-2020-13227 (An issue was discovered in Sysax Multi Server 6.90. An attacker can de ...) NOT-FOR-US: Sysax Multi Server CVE-2020-13226 (WSO2 API Manager 3.0.0 does not properly restrict outbound network acc ...) NOT-FOR-US: WSO2 API Manager CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability ...) - phpipam (bug #731713) NOTE: https://github.com/phpipam/phpipam/issues/3025 CVE-2020-13224 (TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices throu ...) NOT-FOR-US: TP-LINK CVE-2020-13223 (HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2 before 1. ...) NOT-FOR-US: HashiCorp Vault CVE-2020-13222 RESERVED CVE-2020-13221 RESERVED CVE-2020-13220 RESERVED CVE-2020-13219 RESERVED CVE-2020-13218 RESERVED CVE-2020-13217 RESERVED CVE-2020-13216 RESERVED CVE-2020-13215 RESERVED CVE-2020-13214 RESERVED CVE-2020-13213 RESERVED CVE-2020-13212 RESERVED CVE-2020-13211 RESERVED CVE-2020-13210 RESERVED CVE-2020-13209 RESERVED CVE-2020-13208 RESERVED CVE-2020-13207 RESERVED CVE-2020-13206 RESERVED CVE-2020-13205 RESERVED CVE-2020-13204 RESERVED CVE-2020-13203 RESERVED CVE-2020-13202 RESERVED CVE-2020-13201 RESERVED CVE-2020-13200 RESERVED CVE-2020-13199 RESERVED CVE-2020-13198 RESERVED CVE-2020-13197 RESERVED CVE-2020-13196 RESERVED CVE-2020-13195 RESERVED CVE-2020-13194 RESERVED CVE-2020-13193 RESERVED CVE-2020-13192 RESERVED CVE-2020-13191 RESERVED CVE-2020-13190 RESERVED CVE-2020-13189 RESERVED CVE-2020-13188 RESERVED CVE-2020-13187 RESERVED CVE-2020-13186 RESERVED CVE-2020-13185 RESERVED CVE-2020-13184 RESERVED CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management Console pr ...) NOT-FOR-US: Teradici CVE-2020-13182 RESERVED CVE-2020-13181 RESERVED CVE-2020-13180 RESERVED CVE-2020-13179 (Broker Protocol messages in Teradici PCoIP Standard Agent for Windows ...) NOT-FOR-US: Teradici CVE-2020-13178 (A function in the Teradici PCoIP Standard Agent for Windows and Graphi ...) NOT-FOR-US: Teradici CVE-2020-13177 (The support bundler in Teradici PCoIP Standard Agent for Windows and G ...) NOT-FOR-US: Teradici CVE-2020-13176 (The Management Interface of the Teradici Cloud Access Connector and Cl ...) NOT-FOR-US: Teradici CVE-2020-13175 (The Management Interface of the Teradici Cloud Access Connector and Cl ...) NOT-FOR-US: Teradici CVE-2020-13174 (The web server in the Teradici Managament console versions 20.04 and 2 ...) NOT-FOR-US: Teradici CVE-2020-13173 (Initialization of the pcoip_credential_provider in Teradici PCoIP Stan ...) NOT-FOR-US: Teradici CVE-2020-13172 RESERVED CVE-2020-13171 RESERVED CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enforce s ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/8068 CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platf ...) NOT-FOR-US: SolarWinds CVE-2020-13168 RESERVED CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution ...) NOT-FOR-US: Netsweeper CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...) NOT-FOR-US: MyLittleAdmin CVE-2020-13165 RESERVED CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...) - wireshark 3.2.4-1 (low) [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Can be fixed along with other CVEs) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a NOTE: https://www.wireshark.org/security/wnpa-sec-2020-08.html CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way that allo ...) NOT-FOR-US: em-imap CVE-2020-13162 (A time-of-check time-of-use vulnerability in PulseSecureService.exe in ...) NOT-FOR-US: Pulse Secure Client CVE-2020-13161 RESERVED CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...) NOT-FOR-US: AnyDesk CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS command in ...) NOT-FOR-US: Artica Proxy CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows Directory Tra ...) NOT-FOR-US: Artica Proxy CVE-2020-13157 (modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a u ...) NOT-FOR-US: NukeViet CVE-2020-13156 (modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a ...) NOT-FOR-US: NukeViet CVE-2020-13155 (clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML inject ...) NOT-FOR-US: NukeViet CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-priv ...) NOT-FOR-US: Zoho CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...) NOT-FOR-US: MISP CVE-2020-13152 (A remote user can create a specially crafted M3U file, media playlist ...) - amarok (unimportant) NOTE: Elevated resource usage in client application, no security impact CVE-2020-13151 (Aerospike Community Edition 4.9.0.5 allows for unauthenticated submiss ...) NOT-FOR-US: Aerospike CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 secon ...) NOT-FOR-US: D-link CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...) NOT-FOR-US: Dragon Center CVE-2020-13148 RESERVED CVE-2020-13147 RESERVED CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because an added ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG files via t ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a u ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13142 RESERVED CVE-2020-13141 RESERVED CVE-2020-13140 RESERVED CVE-2020-13139 RESERVED CVE-2020-13138 RESERVED CVE-2020-13137 RESERVED CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be re ...) NOT-FOR-US: D-Link CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure by interc ...) NOT-FOR-US: D-Link CVE-2020-13134 RESERVED CVE-2020-13133 RESERVED CVE-2020-13132 (An issue was discovered in Yubico libykpiv before 2.1.0. An attacker c ...) - yubico-piv-tool [stretch] - yubico-piv-tool (Vulnerable code not present) NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-02/ NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/ CVE-2020-13131 (An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in ...) - yubico-piv-tool [stretch] - yubico-piv-tool (Vulnerable code not present) NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/ CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f CVE-2020-13130 RESERVED CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS, W ...) NOT-FOR-US: stashcat app for MacOS CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServle ...) NOT-FOR-US: Manolo GWTUpload CVE-2020-13127 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...) NOT-FOR-US: Loway QueueMetrics CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 2.9.4 for W ...) NOT-FOR-US: Elementor Pro plugin for WordPress CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor" plugin ...) NOT-FOR-US: "Ultimate Addons for Elementor" plugin for WordPress CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in ...) - sabnzbdplus [buster] - sabnzbdplus (Minor update, can be fixed via point release, contrib not supported) [stretch] - sabnzbdplus (contrib not supported) NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2 NOTE: https://github.com/sabnzbd/sabnzbd/commit/dfcba6e2fb37f58fea06b453b1ba258c7f110429 NOTE: https://github.com/sabnzbd/sabnzbd/commit/73d3f7b5c248fc369de3454fe53e3e93924ebfe3 CVE-2020-13123 RESERVED CVE-2020-13122 (The novish command-line interface, included in NoviFlow NoviWare befor ...) NOT-FOR-US: Noviflow CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...) NOT-FOR-US: Submitty CVE-2020-13120 RESERVED CVE-2020-13119 RESERVED CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...) NOT-FOR-US: Mikrotik-Router-Monitoring-System CVE-2020-13117 RESERVED CVE-2020-13116 RESERVED CVE-2020-13115 RESERVED CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...) {DLA-2222-1} - libexif 0.6.21-9 (bug #961410) [buster] - libexif 0.6.21-5.1+deb10u3 [stretch] - libexif 0.6.21-2+deb9u3 NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22) CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...) {DLA-2222-1} - libexif 0.6.21-9 (bug #961409) [buster] - libexif 0.6.21-5.1+deb10u3 [stretch] - libexif 0.6.21-2+deb9u3 NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22) CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...) {DLA-2222-1} - libexif 0.6.21-9 (bug #961407) [buster] - libexif 0.6.21-5.1+deb10u3 [stretch] - libexif 0.6.21-2+deb9u3 NOTE: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22) CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...) NOT-FOR-US: NaviServer CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary code ex ...) NOT-FOR-US: Node kerberos CVE-2020-13109 (Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remo ...) NOT-FOR-US: Morita Shogi CVE-2020-13108 RESERVED CVE-2020-13107 RESERVED CVE-2020-13106 RESERVED CVE-2020-13105 RESERVED CVE-2020-13104 RESERVED CVE-2020-13103 RESERVED CVE-2020-13102 RESERVED CVE-2020-13101 (In OASIS Digital Signature Services (DSS) 1.0, an attacker can control ...) NOT-FOR-US: OASIS Digital Signature Services (DSS) CVE-2020-13100 RESERVED CVE-2020-13099 RESERVED CVE-2020-13098 RESERVED CVE-2020-13097 RESERVED CVE-2020-13096 RESERVED CVE-2020-13095 (Little Snitch version 4.5.1 and older changed ownership of a directory ...) NOT-FOR-US: Little Snitch CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...) - dolibarr CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...) NOT-FOR-US: iSpyConnect.com Agent DVR CVE-2020-13092 (** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unseriali ...) - scikit-learn (unimportant) CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute comman ...) - pandas (unimportant) CVE-2020-13090 RESERVED CVE-2020-13089 RESERVED CVE-2020-13088 RESERVED CVE-2020-13087 RESERVED CVE-2020-13086 RESERVED CVE-2020-13085 RESERVED CVE-2020-13084 RESERVED CVE-2020-13083 RESERVED CVE-2020-13082 RESERVED CVE-2020-13081 RESERVED CVE-2020-13080 RESERVED CVE-2020-13079 RESERVED CVE-2020-13078 RESERVED CVE-2020-13077 RESERVED CVE-2020-13076 RESERVED CVE-2020-13075 RESERVED CVE-2020-13074 RESERVED CVE-2020-13073 RESERVED CVE-2020-13072 RESERVED CVE-2020-13071 RESERVED CVE-2020-13070 RESERVED CVE-2020-13069 RESERVED CVE-2020-13068 RESERVED CVE-2020-13067 RESERVED CVE-2020-13066 RESERVED CVE-2020-13065 RESERVED CVE-2020-13064 RESERVED CVE-2020-13063 RESERVED CVE-2020-13062 RESERVED CVE-2020-13061 RESERVED CVE-2020-13060 RESERVED CVE-2020-13059 RESERVED CVE-2020-13058 RESERVED CVE-2020-13057 RESERVED CVE-2020-13056 RESERVED CVE-2020-13055 RESERVED CVE-2020-13054 RESERVED CVE-2020-13053 RESERVED CVE-2020-13052 RESERVED CVE-2020-13051 RESERVED CVE-2020-13050 RESERVED CVE-2020-13049 RESERVED CVE-2020-13048 RESERVED CVE-2020-13047 RESERVED CVE-2020-13046 RESERVED CVE-2020-13045 RESERVED CVE-2020-13044 RESERVED CVE-2020-13043 RESERVED CVE-2020-13042 RESERVED CVE-2020-13041 RESERVED CVE-2020-13040 RESERVED CVE-2020-13039 RESERVED CVE-2020-13038 RESERVED CVE-2020-13037 RESERVED CVE-2020-13036 RESERVED CVE-2020-13035 RESERVED CVE-2020-13034 RESERVED CVE-2020-13033 RESERVED CVE-2020-13032 RESERVED CVE-2020-13031 RESERVED CVE-2020-13030 RESERVED CVE-2020-13029 RESERVED CVE-2020-13028 RESERVED CVE-2020-13027 RESERVED CVE-2020-13026 RESERVED CVE-2020-13025 RESERVED CVE-2020-13024 RESERVED CVE-2020-13023 RESERVED CVE-2020-13022 RESERVED CVE-2020-13021 RESERVED CVE-2020-13020 RESERVED CVE-2020-13019 RESERVED CVE-2020-13018 RESERVED CVE-2020-13017 RESERVED CVE-2020-13016 RESERVED CVE-2020-13015 RESERVED CVE-2020-13014 RESERVED CVE-2020-13013 RESERVED CVE-2020-13012 RESERVED CVE-2020-13011 RESERVED CVE-2020-13010 RESERVED CVE-2020-13009 RESERVED CVE-2020-13008 RESERVED CVE-2020-13007 RESERVED CVE-2020-13006 RESERVED CVE-2020-13005 RESERVED CVE-2020-13004 RESERVED CVE-2020-13003 RESERVED CVE-2020-13002 RESERVED CVE-2020-13001 RESERVED CVE-2020-13000 RESERVED CVE-2020-12999 RESERVED CVE-2020-12998 RESERVED CVE-2020-12997 RESERVED CVE-2020-12996 RESERVED CVE-2020-12995 RESERVED CVE-2020-12994 RESERVED CVE-2020-12993 RESERVED CVE-2020-12992 RESERVED CVE-2020-12991 RESERVED CVE-2020-12990 RESERVED CVE-2020-12989 RESERVED CVE-2020-12988 RESERVED CVE-2020-12987 RESERVED CVE-2020-12986 RESERVED CVE-2020-12985 RESERVED CVE-2020-12984 RESERVED CVE-2020-12983 RESERVED CVE-2020-12982 RESERVED CVE-2020-12981 RESERVED CVE-2020-12980 RESERVED CVE-2020-12979 RESERVED CVE-2020-12978 RESERVED CVE-2020-12977 RESERVED CVE-2020-12976 RESERVED CVE-2020-12975 RESERVED CVE-2020-12974 RESERVED CVE-2020-12973 RESERVED CVE-2020-12972 RESERVED CVE-2020-12971 RESERVED CVE-2020-12970 RESERVED CVE-2020-12969 RESERVED CVE-2020-12968 RESERVED CVE-2020-12967 RESERVED CVE-2020-12966 RESERVED CVE-2020-12965 RESERVED CVE-2020-12964 RESERVED CVE-2020-12963 RESERVED CVE-2020-12962 RESERVED CVE-2020-12961 RESERVED CVE-2020-12960 RESERVED CVE-2020-12959 RESERVED CVE-2020-12958 RESERVED CVE-2020-12957 RESERVED CVE-2020-12956 RESERVED CVE-2020-12955 RESERVED CVE-2020-12954 RESERVED CVE-2020-12953 RESERVED CVE-2020-12952 RESERVED CVE-2020-12951 RESERVED CVE-2020-12950 RESERVED CVE-2020-12949 RESERVED CVE-2020-12948 RESERVED CVE-2020-12947 RESERVED CVE-2020-12946 RESERVED CVE-2020-12945 RESERVED CVE-2020-12944 RESERVED CVE-2020-12943 RESERVED CVE-2020-12942 RESERVED CVE-2020-12941 RESERVED CVE-2020-12940 RESERVED CVE-2020-12939 RESERVED CVE-2020-12938 RESERVED CVE-2020-12937 RESERVED CVE-2020-12936 RESERVED CVE-2020-12935 RESERVED CVE-2020-12934 RESERVED CVE-2020-12933 RESERVED CVE-2020-12932 RESERVED CVE-2020-12931 RESERVED CVE-2020-12930 RESERVED CVE-2020-12929 RESERVED CVE-2020-12928 RESERVED CVE-2020-12927 RESERVED CVE-2020-12926 RESERVED CVE-2020-12925 RESERVED CVE-2020-12924 RESERVED CVE-2020-12923 RESERVED CVE-2020-12922 RESERVED CVE-2020-12921 RESERVED CVE-2020-12920 RESERVED CVE-2020-12919 RESERVED CVE-2020-12918 RESERVED CVE-2020-12917 RESERVED CVE-2020-12916 RESERVED CVE-2020-12915 RESERVED CVE-2020-12914 RESERVED CVE-2020-12913 RESERVED CVE-2020-12912 RESERVED CVE-2020-12911 RESERVED CVE-2020-12910 RESERVED CVE-2020-12909 RESERVED CVE-2020-12908 RESERVED CVE-2020-12907 RESERVED CVE-2020-12906 RESERVED CVE-2020-12905 RESERVED CVE-2020-12904 RESERVED CVE-2020-12903 RESERVED CVE-2020-12902 RESERVED CVE-2020-12901 RESERVED CVE-2020-12900 RESERVED CVE-2020-12899 RESERVED CVE-2020-12898 RESERVED CVE-2020-12897 RESERVED CVE-2020-12896 RESERVED CVE-2020-12895 RESERVED CVE-2020-12894 RESERVED CVE-2020-12893 RESERVED CVE-2020-12892 RESERVED CVE-2020-12891 RESERVED CVE-2020-12890 RESERVED CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...) NOT-FOR-US: MISP CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...) - linux 5.8.7-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244 CVE-2020-12887 (Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12886 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12885 (An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.1 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12884 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12883 (Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG document, as ...) NOT-FOR-US: Submitty CVE-2020-12881 RESERVED CVE-2020-12880 (An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect ...) NOT-FOR-US: Pulse CVE-2020-12879 RESERVED CVE-2020-12878 RESERVED CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...) NOT-FOR-US: Veritas CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...) NOT-FOR-US: Veritas CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate authori ...) NOT-FOR-US: Veritas CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the ...) NOT-FOR-US: Veritas CVE-2020-12873 RESERVED CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...) - erlang 1:21.2.6+dfsg-1 (low) [stretch] - erlang 1:19.2.1+dfsg-2+deb9u3 [jessie] - erlang (Minor issue) NOTE: https://medium.com/@charlielabs101/cve-2020-12872-df315411aa70 NOTE: https://github.com/erlyaws/yaws/issues/402 NOTE: In Debian yaws uses the cipher settings from erlang, mark the version which NOTE: landed in Buster as fixed (although it was possibly fixed earlier between NOTE: Stretch and Buster. The CVE was assigned specifically for yaws, cf. #961422 NOTE: for discussion. CVE-2020-12871 RESERVED CVE-2020-12870 RESERVED CVE-2020-12869 RESERVED CVE-2020-12868 RESERVED CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...) {DLA-2332-1 DLA-2231-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [buster] - sane-backends (Minor issue) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/fff83e7eacd0f27bb2d71c42488e0fd735c15ac3 (1.0.30) CVE-2020-12866 (A NULL pointer dereference in SANE Backends before 1.0.30 allows a mal ...) [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [buster] - sane-backends (Minor issue) [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-2-ghsl-2020-079-null-pointer-dereference-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) CVE-2020-12865 (A heap buffer overflow in SANE Backends before 1.0.30 may allow a mali ...) {DLA-2332-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [buster] - sane-backends (Minor issue) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-9-ghsl-2020-084-buffer-overflow-in-esci2_img NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/b9b0173409df73e235da2aa0dae5edd21fb55967 (1.0.30) CVE-2020-12864 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [buster] - sane-backends (Minor issue) [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-4-ghsl-2020-081-reading-uninitialized-data-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) CVE-2020-12863 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) {DLA-2332-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [buster] - sane-backends (Minor issue) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-7-ghsl-2020-083-out-of-bounds-read-in-esci2_check_header NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/db9480b09ea807e52029f2334769a55d4b95e45b (1.0.30) CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) {DLA-2332-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [buster] - sane-backends (Minor issue) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-5-ghsl-2020-082-out-of-bounds-read-in-decode_binary NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/27ea994d23ee52fe1ec1249c92ebc1080a358288 (1.0.30) CVE-2020-12861 (A heap buffer overflow in SANE Backends before 1.0.30 allows a malicio ...) [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends (bug #961302) [buster] - sane-backends (Minor issue) [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-3-ghsl-2020-080-heap-buffer-overflow-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...) NOT-FOR-US: COVIDSafe CVE-2020-12859 (Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe th ...) NOT-FOR-US: COVIDSafe CVE-2020-12858 (Non-reinitialisation of random data in the advertising payload in COVI ...) NOT-FOR-US: COVIDSafe CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 an ...) NOT-FOR-US: COVIDSafe CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...) NOT-FOR-US: COVIDSafe CVE-2020-12855 (A Host header injection vulnerability has been discovered in SecZetta ...) NOT-FOR-US: SecZetta NEProfile CVE-2020-12854 (A remote code execution vulnerability was identified in SecZetta NEPro ...) NOT-FOR-US: SecZetta NEProfile CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...) NOT-FOR-US: Pydio Cells CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator user ...) NOT-FOR-US: Pydio Cells CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or overwrite e ...) NOT-FOR-US: Pydio Cells CVE-2020-12850 (The following vulnerability applies only to the Pydio Cells Enterprise ...) NOT-FOR-US: Pydio Cells CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to the web ...) NOT-FOR-US: Pydio Cells CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file selecti ...) NOT-FOR-US: Pydio Cells CVE-2020-12847 (Pydio Cells 2.0.4 web application offers an administrative console nam ...) NOT-FOR-US: Pydio Cells CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remo ...) NOT-FOR-US: Zimbra CVE-2020-12845 (Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a ...) - cherokee CVE-2020-12844 RESERVED CVE-2020-12843 RESERVED CVE-2020-12842 RESERVED CVE-2020-12841 RESERVED CVE-2020-12840 RESERVED CVE-2020-12839 RESERVED CVE-2020-12838 RESERVED CVE-2020-12837 RESERVED CVE-2020-12836 RESERVED CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to ...) NOT-FOR-US: SmartBear ReadyAPI SoapUI Pro CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...) NOT-FOR-US: eQ-3 Homematic Central Control Unit CVE-2020-12833 RESERVED CVE-2020-12832 (WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerabi ...) NOT-FOR-US: simple-file-list plugin for WordPress CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ...) - frr (unimportant) NOTE: https://github.com/FRRouting/frr/pull/6383 NOTE: https://github.com/FRRouting/frr/commit/7734484a378052a513c9e21165c13bf85f78ad48 CVE-2020-12830 RESERVED CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the SM501 disp ...) {DSA-4760-1} - qemu 1:5.0-12 (low; bug #961451) [stretch] - qemu (SM501 only compiled for misc/sh4 where it's not enabled as a graphics device yet; intrusive) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4 CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...) NOT-FOR-US: AnchorFree VPN SDK CVE-2020-12827 (MJML prior to 4.6.3 contains a path traversal vulnerability when proce ...) NOT-FOR-US: MJML CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...) {DLA-2241-1} - linux 5.6.7-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any ...) - libcroco (low; bug #960527) [buster] - libcroco (Minor issue) [stretch] - libcroco (Minor issue) [jessie] - libcroco (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libcroco/-/issues/8 CVE-2020-12824 RESERVED CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...) {DLA-2212-1} - openconnect 8.10-1 (unimportant; bug #960620) NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/108 NOTE: Only triggerable by local certs, which are under the control of the user CVE-2020-12822 RESERVED CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...) NOT-FOR-US: Gossipsub CVE-2020-12820 RESERVED CVE-2020-12819 RESERVED CVE-2020-12818 RESERVED CVE-2020-12817 RESERVED CVE-2020-12816 RESERVED CVE-2020-12815 RESERVED CVE-2020-12814 RESERVED CVE-2020-12813 RESERVED CVE-2020-12812 (An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, ...) NOT-FOR-US: Fortinet CVE-2020-12811 RESERVED CVE-2020-12810 RESERVED CVE-2020-12809 RESERVED CVE-2020-12808 RESERVED CVE-2020-12807 RESERVED CVE-2020-12806 RESERVED CVE-2020-12805 RESERVED CVE-2020-12804 RESERVED CVE-2020-12803 (ODF documents can contain forms to be filled out by the user. Similar ...) - libreoffice 1:6.4.4-1 (low) [buster] - libreoffice (Minor issue) [stretch] - libreoffice (Minor issue) [jessie] - libreoffice (Minor issue) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803 CVE-2020-12802 (LibreOffice has a 'stealth mode' in which only documents from location ...) - libreoffice 1:6.4.4-1 (low) [buster] - libreoffice (Minor issue) [stretch] - libreoffice (Minor issue) [jessie] - libreoffice (Minor issue) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802 CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...) - libreoffice 1:6.4.3-1 (low) [buster] - libreoffice (Minor issue) [stretch] - libreoffice (Minor issue) [jessie] - libreoffice (Minor issue) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801 CVE-2020-12800 (The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1. ...) NOT-FOR-US: drag-and-drop-multiple-file-upload-contact-form-7 plugin for WordPress CVE-2020-12799 RESERVED CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...) NOT-FOR-US: Cellebrite UFED CVE-2020-12797 (HashiCorp Consul and Consul Enterprise failed to enforce changes to le ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/8047 CVE-2020-12796 RESERVED CVE-2020-12795 RESERVED CVE-2020-12794 RESERVED CVE-2020-12793 RESERVED CVE-2020-12792 RESERVED CVE-2020-12791 RESERVED CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMet ...) NOT-FOR-US: SEOmatic plugin for Craft CMS CVE-2020-12789 (The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded ...) NOT-FOR-US: Microchip Atmel ATSAMA5 products CVE-2020-12788 (CMAC verification functionality in Microchip Atmel ATSAMA5 products is ...) NOT-FOR-US: Microchip Atmel ATSAMA5 products CVE-2020-12787 (Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to b ...) NOT-FOR-US: Microchip Atmel ATSAMA5 products CVE-2020-12786 RESERVED CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the current ...) NOT-FOR-US: cPanel CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a bandwidth s ...) NOT-FOR-US: cPanel CVE-2020-12782 (Openfind MailGates contains a Command Injection flaw, when receiving e ...) NOT-FOR-US: Openfind MailGates CVE-2020-12781 (Combodo iTop contains a cross-site request forgery (CSRF) vulnerabilit ...) NOT-FOR-US: Combodo iTop CVE-2020-12780 (A security misconfiguration exists in Combodo iTop, which can expose s ...) NOT-FOR-US: Combodo iTop CVE-2020-12779 (Combodo iTop contains a stored Cross-site Scripting vulnerability, whi ...) NOT-FOR-US: Combodo iTop CVE-2020-12778 (Combodo iTop does not validate inputted parameters, attackers can inje ...) NOT-FOR-US: Combodo iTop CVE-2020-12777 (A function in Combodo iTop contains a vulnerability of Broken Access C ...) NOT-FOR-US: Combodo iTop CVE-2020-12776 (Openfind Mail2000 contains Broken Access Control vulnerability, which ...) NOT-FOR-US: Openfind Mail2000 CVE-2020-12775 RESERVED CVE-2020-12774 (D-Link DSL-7740C does not properly validate user input, which allows a ...) NOT-FOR-US: D-Link CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of some Re ...) NOT-FOR-US: Realtek ADSL/PON Modem SoC firmware CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...) {DSA-4687-1 DLA-2213-1} - exim4 4.93-16 NOTE: https://bugs.exim.org/show_bug.cgi?id=2571 NOTE: https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86 NOTE: https://git.exim.org/exim.git/commitdiff/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0 CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR p ...) NOT-FOR-US: Ignite Realtime Spark CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...) {DLA-2214-1} - libexif 0.6.21-7 (bug #960199) [buster] - libexif 0.6.21-5.1+deb10u2 [stretch] - libexif 0.6.21-2+deb9u2 NOTE: https://github.com/libexif/libexif/issues/31 NOTE: https://github.com/libexif/libexif/commit/e22f73064f804c94e90b642cd0db4697c827da72 CVE-2020-XXXX [unspecified fexsrv security issue] - fex 20160919-2 [buster] - fex 20160919-2~deb10u1 [stretch] - fex 20160919-2~deb9u1 CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 NOTE: https://lkml.org/lkml/2020/4/26/87 NOTE: https://git.kernel.org/linus/be23e837333a914df3f24bf0b32e87b0331ab8d1 (5.8-rc2) CVE-2020-12770 (An issue was discovered in the Linux kernel through 5.6.11. sg_write l ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee (5.7-rc3) CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drivers/spi ...) {DLA-2241-1} - linux 5.4.19-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6) CVE-2020-12768 (** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. ...) {DSA-4699-1} - linux 5.6.7-1 (unimportant) [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 (5.6-rc4) CVE-2020-12766 (Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via t ...) NOT-FOR-US: Gnuteca CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view&it ...) NOT-FOR-US: Solis Miolo CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. ...) NOT-FOR-US: Gnuteca CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...) NOT-FOR-US: TRENDnet ProView CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...) {DSA-4741-1 DLA-2301-1 DLA-2228-2 DLA-2228-1} - json-c 0.13.1+dfsg-8 (bug #960326) NOTE: https://github.com/json-c/json-c/pull/592 NOTE: https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426 NOTE: https://github.com/json-c/json-c/commit/77d935b7ae7871a1940cd827e850e6063044ec45 NOTE: https://github.com/json-c/json-c/commit/d07b91014986900a3a75f306d302e13e005e9d67 NOTE: https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157 NOTE: https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6 NOTE: d07b91014986 ("Fix integer overflows.") introduces a regression tracked as: NOTE: https://github.com/json-c/json-c/issues/599 NOTE: https://github.com/json-c/json-c/pull/610 NOTE: Working backports for older branches: https://github.com/json-c/json-c/pull/608 CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow ( ...) - imlib2 1.6.1-2 (bug #960192) [buster] - imlib2 (Vulnerable code introduced later) [stretch] - imlib2 (Vulnerable code introduced later) [jessie] - imlib2 (Vulnerable code introduced later) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63 CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...) NOT-FOR-US: OpenNMS CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook ...) - zulip-server (bug #800052) CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/7783 CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.x before 1.4.2 has Incorrect ...) NOT-FOR-US: HashiCorp Vault CVE-2020-12756 RESERVED CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras t ...) - kio-extras (low; bug #960306) [buster] - kio-extras (Minor issue) [stretch] - kio-extras (Minor issue) NOTE: https://github.com/KDE/kio-extras/commit/d813cef3cecdec9af1532a40d677a203ff979145 CVE-2020-12754 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-12753 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-12752 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12751 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12750 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12749 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12748 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12747 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12746 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12745 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12744 RESERVED CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does ...) NOT-FOR-US: Gazie CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does ...) NOT-FOR-US: iubenda-cookie-law-solution plugin for WordPress CVE-2020-12741 RESERVED CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ...) - tcpreplay 4.3.3-1 (unimportant) [jessie] - tcpreplay (Vulnerable code added later) NOTE: https://github.com/appneta/tcpreplay/issues/576 NOTE: https://github.com/appneta/tcpreplay/pull/590 NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578 NOTE: --fuzz-seed in PoC not present until version 4.2.0 NOTE: Crash in CLI tool, no security impact CVE-2020-12739 (A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and ...) NOT-FOR-US: Fanuc i Series CNC CVE-2020-12738 RESERVED CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...) NOT-FOR-US: Maxum Rumpus CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and earlier ...) NOT-FOR-US: Code42 CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...) NOT-FOR-US: DomainMOD CVE-2020-12734 RESERVED CVE-2020-12733 RESERVED CVE-2020-12732 RESERVED CVE-2020-12731 RESERVED CVE-2020-12730 RESERVED CVE-2020-12729 RESERVED CVE-2020-12728 RESERVED CVE-2020-12727 RESERVED CVE-2020-12726 RESERVED CVE-2020-12725 (Havoc Research discovered an authenticated Server-Side Request Forgery ...) NOT-FOR-US: Redash CVE-2020-12724 RESERVED CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...) - perl 5.30.3-1 (bug #962005) [buster] - perl 5.28.1-6+deb10u1 [stretch] - perl 5.24.1-3+deb9u7 NOTE: https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a (v5.30.3) CVE-2020-12722 RESERVED CVE-2020-12721 RESERVED CVE-2020-12720 (vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6 ...) NOT-FOR-US: vBulletin CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Console in ...) NOT-FOR-US: WSO2 CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...) NOT-FOR-US: PHP-Fusion CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote atta ...) NOT-FOR-US: COVIDSafe (Australia) app CVE-2020-12716 RESERVED CVE-2020-12715 RESERVED CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual Applia ...) NOT-FOR-US: CipherMail CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...) NOT-FOR-US: CipherMail CVE-2020-12712 (A vulnerability based on insecure user/password encryption in the JOE ...) NOT-FOR-US: SOS JobScheduler CVE-2020-12711 RESERVED CVE-2020-12710 RESERVED CVE-2020-12709 RESERVED CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) NOT-FOR-US: PHP-Fusion CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4 ...) NOT-FOR-US: LeptonCMS CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) NOT-FOR-US: PHP-Fusion CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS ...) NOT-FOR-US: LeptonCMS CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...) NOT-FOR-US: UliCMS CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall. ...) NOT-FOR-US: UliCMS CVE-2020-12702 RESERVED CVE-2020-12701 RESERVED CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...) NOT-FOR-US: Typo3 extension CVE-2020-12699 (The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect ...) NOT-FOR-US: Typo3 extension CVE-2020-12698 (The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Co ...) NOT-FOR-US: Typo3 extension CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Ser ...) NOT-FOR-US: Typo3 extension CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...) NOT-FOR-US: iframe plugin for WordPress CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17 ...) {DLA-2318-1 DLA-2315-1} - wpa [buster] - wpa (Minor issue) - gupnp 1.2.3-1 [buster] - gupnp (Minor issue) NOTE: https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt NOTE: https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch NOTE: https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch NOTE: https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch CVE-2020-12694 RESERVED CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...) - slurm-llnl (bug #961406) [buster] - slurm-llnl (Minor issue) [stretch] - slurm-llnl (Minor issue) [jessie] - slurm-llnl (Message Aggregation added in 14.11) NOTE: https://www.schedmd.com/news.php?id=236 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html NOTE: Issue affects systems with Message Aggregation enabled CVE-2020-12688 RESERVED CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/attacments ...) NOT-FOR-US: Serpico CVE-2020-12686 RESERVED CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...) NOT-FOR-US: Interchange CVE-2020-12684 (XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer ...) NOT-FOR-US: i-net Clear Reports CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...) NOT-FOR-US: Katyshop2 CVE-2020-12682 RESERVED CVE-2020-12681 RESERVED CVE-2020-12680 (** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866 allows loca ...) NOT-FOR-US: Avira Free Antivirus CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mitel Shor ...) NOT-FOR-US: Mitel CVE-2020-12678 REJECTED CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin. A Web ...) NOT-FOR-US: Progress MOVEit Automation Web Admin CVE-2020-12676 RESERVED CVE-2020-12675 (The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPr ...) NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1872737 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/4 CVE-2020-12691 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1872733 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5 CVE-2020-12690 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1873290 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/6 CVE-2020-12674 (In Dovecot before 2.3.11.3, sending a specially formatted RPA request ...) {DSA-4745-1 DLA-2328-1} - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/3 NOTE: https://github.com/dovecot/core/commit/69ad3c902ea4bbf9f21ab1857d8923f975dc6145 CVE-2020-12673 (In Dovecot before 2.3.11.3, sending a specially formatted NTLM request ...) {DSA-4745-1 DLA-2328-1} - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/2 NOTE: https://github.com/dovecot/core/commit/fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 CVE-2020-12689 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie) NOTE: https://bugs.launchpad.net/keystone/+bug/1872735 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5 CVE-2020-12672 (GraphicsMagick through 1.3.35 has a heap-based buffer overflow in Read ...) {DLA-2236-1} - graphicsmagick 1.4+really1.3.35-2 (bug #960000) [buster] - graphicsmagick (Minor issue; can be fixed along in future DSA) [stretch] - graphicsmagick (Minor issue; can be fixed along in future DSA) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025 NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/50395430a37188d0d197e71bd85ed6dd0f649ee3/ CVE-2020-12671 RESERVED CVE-2020-12670 RESERVED CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...) - dolibarr CVE-2020-12668 RESERVED CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...) - knot-resolver 5.1.1-0.1 (bug #961076) NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/54f05e4d7b2e47c0bdd30b84272fc503cc65304b NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/ba7b89db780fe3884b4e90090318e25ee5afb118 CVE-2020-12666 (macaron before 1.3.7 has an open redirect in the static handler, as de ...) NOT-FOR-US: macaron CVE-2020-12665 RESERVED CVE-2020-12664 RESERVED CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...) {DSA-4694-1} - unbound 1.10.1-1 [stretch] - unbound (No longer supported, see DSA 4694) [jessie] - unbound (No longer supported) NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...) {DSA-4694-1} - unbound 1.10.1-1 [stretch] - unbound (No longer supported, see DSA 4694) [jessie] - unbound (No longer supported) NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff CVE-2020-12661 RESERVED CVE-2020-12660 RESERVED CVE-2020-12659 (An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg ...) - linux 5.6.7-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2) CVE-2020-12658 RESERVED CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There is a u ...) - linux 5.6.7-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1) CVE-2020-12656 (** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c ...) - linux 5.7.6-1 (unimportant) [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651 NOTE: Issue is triggered only at module reloading / rebinding CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c ...) {DLA-2323-1} - linux 5.6.14-1 [buster] - linux 4.19.131-1 NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1) CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1) CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1) CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.4.19-1 [buster] - linux 4.19.98-1 NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7) CVE-2020-12651 (SecureCRT before 8.7.2 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: SecureCRT CVE-2020-12650 REJECTED CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...) NOT-FOR-US: Gurbalib CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...) - tinymce [buster] - tinymce (Minor issue) NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...) NOT-FOR-US: Unisys ALGOL Compiler CVE-2020-12646 (OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text ...) NOT-FOR-US: OX App Suite CVE-2020-12645 (OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate l ...) NOT-FOR-US: OX App Suite CVE-2020-12644 (OX App Suite 7.10.3 and earlier allows SSRF, related to the mail accou ...) NOT-FOR-US: OX App Suite CVE-2020-12643 (OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /a ...) NOT-FOR-US: OX App Suite CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x before 5. ...) NOT-FOR-US: Report Portal CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...) - roundcube 1.4.4+dfsg.1-1 (unimportant) [buster] - roundcube 1.3.11+dfsg.1-1~deb10u1 NOTE: https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3 NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 CVE-2020-12640 (Roundcube Webmail before 1.4.4 allows attackers to include local files ...) - roundcube 1.4.4+dfsg.1-1 (unimportant) [buster] - roundcube 1.3.11+dfsg.1-1~deb10u1 NOTE: https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794 NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 CVE-2020-12639 (phpList before 3.5.3 allows XSS, with resultant privilege elevation, v ...) - phplist (bug #612288) CVE-2020-12638 (An encryption-bypass issue was discovered on Espressif ESP-IDF devices ...) NOT-FOR-US: Espressif CVE-2020-12637 (Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation beca ...) NOT-FOR-US: Zulip Desktop CVE-2020-12636 RESERVED CVE-2020-12635 (XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento ...) NOT-FOR-US: WebForms Pro M2 extension for Magento CVE-2020-12634 RESERVED CVE-2020-12633 RESERVED CVE-2020-12632 RESERVED CVE-2020-12631 RESERVED CVE-2020-12630 RESERVED CVE-2020-12629 (include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA ...) NOT-FOR-US: osTicket CVE-2020-12628 RESERVED CVE-2020-12627 (Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j ...) NOT-FOR-US: Calibre-Web CVE-2020-12624 (The League application before 2020-05-02 on Android sends a bearer tok ...) NOT-FOR-US: League CVE-2020-12623 RESERVED CVE-2020-12622 RESERVED CVE-2020-12621 (The Teamwire application 5.3.0 for Android allows physically proximate ...) NOT-FOR-US: Teamwire application for Android CVE-2020-12620 (Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.con ...) NOT-FOR-US: Pi-hole CVE-2020-12619 (MailMate before 1.11 automatically imported S/MIME certificates and th ...) NOT-FOR-US: MailMate CVE-2020-12618 (eM Client before 7.2.33412.0 automatically imported S/MIME certificate ...) NOT-FOR-US: eM Client CVE-2020-12617 RESERVED CVE-2020-12616 RESERVED CVE-2020-12615 RESERVED CVE-2020-12614 RESERVED CVE-2020-12613 RESERVED CVE-2020-12612 RESERVED CVE-2020-12611 RESERVED CVE-2020-12610 RESERVED CVE-2020-12609 RESERVED CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management Engine ...) NOT-FOR-US: SolarWinds CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...) NOT-FOR-US: fastecdsa CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...) NOT-FOR-US: DB Soft CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-12603 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-12602 RESERVED CVE-2020-12601 RESERVED CVE-2020-12600 RESERVED CVE-2020-12599 RESERVED CVE-2020-12598 RESERVED CVE-2020-12597 RESERVED CVE-2020-12596 RESERVED CVE-2020-12595 RESERVED CVE-2020-12594 RESERVED CVE-2020-12593 RESERVED CVE-2020-12592 RESERVED CVE-2020-12591 RESERVED CVE-2020-12590 RESERVED CVE-2020-12589 RESERVED CVE-2020-12588 RESERVED CVE-2020-12587 RESERVED CVE-2020-12586 RESERVED CVE-2020-12585 RESERVED CVE-2020-12584 RESERVED CVE-2020-12583 RESERVED CVE-2020-12582 RESERVED CVE-2020-12581 RESERVED CVE-2020-12580 RESERVED CVE-2020-12579 RESERVED CVE-2020-12578 RESERVED CVE-2020-12577 RESERVED CVE-2020-12576 RESERVED CVE-2020-12575 RESERVED CVE-2020-12574 RESERVED CVE-2020-12573 RESERVED CVE-2020-12572 RESERVED CVE-2020-12571 RESERVED CVE-2020-12570 RESERVED CVE-2020-12569 RESERVED CVE-2020-12568 RESERVED CVE-2020-12567 RESERVED CVE-2020-12566 RESERVED CVE-2020-12565 RESERVED CVE-2020-12564 RESERVED CVE-2020-12563 RESERVED CVE-2020-12562 RESERVED CVE-2020-12561 RESERVED CVE-2020-12560 RESERVED CVE-2020-12559 RESERVED CVE-2020-12558 RESERVED CVE-2020-12557 RESERVED CVE-2020-12556 RESERVED CVE-2020-12555 RESERVED CVE-2020-12554 RESERVED CVE-2020-12553 RESERVED CVE-2020-12552 RESERVED CVE-2020-12551 RESERVED CVE-2020-12550 RESERVED CVE-2020-12549 RESERVED CVE-2020-12548 RESERVED CVE-2020-12547 RESERVED CVE-2020-12546 RESERVED CVE-2020-12545 RESERVED CVE-2020-12544 RESERVED CVE-2020-12543 RESERVED CVE-2020-12542 RESERVED CVE-2020-12541 RESERVED CVE-2020-12540 RESERVED CVE-2020-12539 RESERVED CVE-2020-12538 RESERVED CVE-2020-12537 RESERVED CVE-2020-12536 RESERVED CVE-2020-12535 RESERVED CVE-2020-12534 RESERVED CVE-2020-12533 RESERVED CVE-2020-12532 RESERVED CVE-2020-12531 RESERVED CVE-2020-12530 RESERVED CVE-2020-12529 RESERVED CVE-2020-12528 RESERVED CVE-2020-12527 RESERVED CVE-2020-12526 RESERVED CVE-2020-12525 RESERVED CVE-2020-12524 RESERVED CVE-2020-12523 RESERVED CVE-2020-12522 RESERVED CVE-2020-12521 RESERVED CVE-2020-12520 RESERVED CVE-2020-12519 RESERVED CVE-2020-12518 RESERVED CVE-2020-12517 RESERVED CVE-2020-12516 RESERVED CVE-2020-12515 RESERVED CVE-2020-12514 RESERVED CVE-2020-12513 RESERVED CVE-2020-12512 RESERVED CVE-2020-12511 RESERVED CVE-2020-12510 RESERVED CVE-2020-12509 RESERVED CVE-2020-12508 RESERVED CVE-2020-12507 RESERVED CVE-2020-12506 RESERVED CVE-2020-12505 RESERVED CVE-2020-12504 RESERVED CVE-2020-12503 RESERVED CVE-2020-12502 RESERVED CVE-2020-12501 RESERVED CVE-2020-12500 RESERVED CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...) NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...) NOT-FOR-US: Phoenix CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...) NOT-FOR-US: Phoenix CVE-2020-12496 RESERVED CVE-2020-12495 RESERVED CVE-2020-12494 (Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is prov ...) NOT-FOR-US: Beckhoff CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...) NOT-FOR-US: SWARCOs CPU LS4000 Series CVE-2020-12492 RESERVED CVE-2020-12491 RESERVED CVE-2020-12490 RESERVED CVE-2020-12489 RESERVED CVE-2020-12488 RESERVED CVE-2020-12487 RESERVED CVE-2020-12486 RESERVED CVE-2020-12485 RESERVED CVE-2020-12484 RESERVED CVE-2020-12483 RESERVED CVE-2020-12482 RESERVED CVE-2020-12481 RESERVED CVE-2020-12480 (In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed ...) NOT-FOR-US: Play Framework CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...) - teampass (bug #730180) CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...) - teampass (bug #730180) CVE-2020-12477 (The REST API functions in TeamPass 2.1.27.36 allow any user with a val ...) - teampass (bug #730180) CVE-2020-12476 RESERVED CVE-2020-12475 (TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for ...) NOT-FOR-US: TP-Link CVE-2020-12474 (Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, an ...) - telegram-desktop 2.1.0+ds-1 [buster] - telegram-desktop (Minor issue) NOTE: https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474 CVE-2020-12473 (MonoX through 5.1.40.5152 allows admins to execute arbitrary programs ...) NOT-FOR-US: MonoX CVE-2020-12472 (MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comm ...) NOT-FOR-US: MonoX CVE-2020-12471 (MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload ...) NOT-FOR-US: MonoX CVE-2020-12470 (MonoX through 5.1.40.5152 allows administrators to execute arbitrary c ...) NOT-FOR-US: MonoX CVE-2020-12469 (admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Inject ...) NOT-FOR-US: Subrion CMS CVE-2020-12468 (Subrion CMS 4.2.1 allows CSV injection via a phrase value within a lan ...) NOT-FOR-US: Subrion CMS CVE-2020-12467 (Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in ...) NOT-FOR-US: Subrion CMS CVE-2020-12626 (An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF atta ...) {DSA-4674-1} - roundcube 1.4.4+dfsg.1-1 (bug #959142) NOTE: https://github.com/roundcube/roundcubemail/pull/7302 NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/1e7bec9cb868fa32b05acf6b0a557a6311350c56 NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/cceeff2472c00acb2c6b96c9df7a289f1db77713 CVE-2020-12625 (An issue was discovered in Roundcube Webmail before 1.4.4. There is a ...) {DSA-4674-1} - roundcube 1.4.4+dfsg.1-1 (bug #959140) NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/23c06159ae8c6f500336e3075820e648aa6f40a4 NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/4312dc4efecb9553fcacfab0ab9d9ee6e88477e7 CVE-2020-12466 RESERVED CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers/net/w ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6) CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3) CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...) NOT-FOR-US: Avira CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with ...) NOT-FOR-US: ninja-forms plugin for WordPress CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...) NOT-FOR-US: PHP-Fusion CVE-2020-12460 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper nul ...) - opendmarc 1.4.0~beta1+dfsg-3 (bug #966464) NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/64 NOTE: https://github.com/trusteddomainproject/OpenDMARC/commit/50d28af25d8735504b6103537228ce7f76ad765f CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the configu ...) NOT-FOR-US: Grafana as shipped in Red Hat CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.3. The ...) - grafana NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1827765 NOTE: https://github.com/grafana/grafana/issues/8283 CVE-2020-12457 (An issue was discovered in wolfSSL before 4.5.0. It mishandles the cha ...) - wolfssl 4.5.0+dfsg-1 (bug #969663) NOTE: https://github.com/wolfSSL/wolfssl/commit/df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59 (v4.5.0-stable) NOTE: https://github.com/wolfSSL/wolfssl/pull/2927 CVE-2020-12456 (A remote code execution vulnerability in Mitel MiVoice Connect Client ...) NOT-FOR-US: Mitel CVE-2020-12455 RESERVED CVE-2020-12454 RESERVED CVE-2020-12453 RESERVED CVE-2020-12452 RESERVED CVE-2020-12451 RESERVED CVE-2020-12450 RESERVED CVE-2020-12449 RESERVED CVE-2020-12448 (GitLab EE 12.8 and later allows Exposure of Sensitive Information to a ...) - gitlab (Only affects GitLab EE 12.8 and later) NOTE: https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/ CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-000 ...) NOT-FOR-US: Onkyo CVE-2020-12446 (The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00. ...) NOT-FOR-US: G.SKILL Trident Z Lighting Control CVE-2020-12445 RESERVED CVE-2020-12444 RESERVED CVE-2020-12443 (BigBlueButton before 2.2.6 allows remote attackers to read arbitrary f ...) NOT-FOR-US: BigBlueButton CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated ...) NOT-FOR-US: Ivanti CVE-2020-12441 (Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control ...) NOT-FOR-US: Ivanti CVE-2020-12440 REJECTED CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...) NOT-FOR-US: Grin CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03 ...) NOT-FOR-US: PHP-Fusion CVE-2020-12437 RESERVED CVE-2020-12436 RESERVED CVE-2020-12435 RESERVED CVE-2020-12434 RESERVED CVE-2020-12433 RESERVED CVE-2020-12432 (The WOPI API integration for Vereign Collabora CODE through 4.2.2 does ...) NOT-FOR-US: Vereign Collabora CODE CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software ...) NOT-FOR-US: Splashtop Software Updater CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...) [experimental] - libvirt 6.2.0-1 - libvirt 6.4.0-2 (low; bug #959447) [buster] - libvirt (Minor issue) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 (v6.1.0-rc1) NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=d1eac92784573559b6fd56836e33b215c89308e3 (v4.10.0-rc1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1804548 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828190 CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that would ...) NOT-FOR-US: Online Course Registration CVE-2020-12428 RESERVED CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...) NOT-FOR-US: Western Digital CVE-2020-12426 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12426 CVE-2020-12425 (Due to confusion processing a hyphen character in Date.parse(), a one- ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12425 CVE-2020-12424 (When constructing a permission prompt for WebRTC, a URI was supplied f ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12424 CVE-2020-12423 (When the Windows DLL "webauthn.dll" was missing from the Operating Sys ...) - firefox (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12423 CVE-2020-12422 (In non-standard configurations, a JPEG image created by JavaScript cou ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422 CVE-2020-12421 (When performing add-on updates, certificate chains terminating in non- ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12421 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12421 CVE-2020-12420 (When trying to connect to a STUN server, a race condition could have c ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12420 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12420 CVE-2020-12419 (When processing callbacks that occurred during window flushing in the ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12419 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12419 CVE-2020-12418 (Manipulating individual parts of a URL object could have caused an out ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12418 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12418 CVE-2020-12417 (Due to confusion about ValueTags on JavaScript Objects, an object may ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12417 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12417 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12417 CVE-2020-12416 (A VideoStreamEncoder may have been freed in a race condition with Vide ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12416 CVE-2020-12415 (When "%2F" was present in a manifest URL, Firefox's AppCache behavior ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12415 CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode and it ...) - firefox (Specific to Firefox on iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/#CVE-2020-12414 CVE-2020-12413 [racoon attack for NSS] RESERVED - nss [buster] - nss (Minor issue) NOTE: https://raccoon-attack.com/ CVE-2020-12412 (By navigating a tab using the history API, an attacker could cause the ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2020-12412 CVE-2020-12411 (Mozilla developers reported memory safety bugs present in Firefox 76. ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411 CVE-2020-12410 (Mozilla developers reported memory safety bugs present in Firefox 76 a ...) {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12410 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12410 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12410 CVE-2020-12409 (When using certain blank characters in a URL, they where incorrectly r ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12409 CVE-2020-12408 (When browsing a document hosted on an IP address, an attacker could in ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12408 CVE-2020-12407 (Mozilla Developer Nicolas Silva found that when using WebRender, Firef ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407 CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check during ...) {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12406 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406 CVE-2020-12405 (When browsing a malicious page, a race condition in our SharedWorkerSe ...) {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12405 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12405 CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be passed ...) - firefox (Specific to iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404 CVE-2020-12403 RESERVED - nss 2:3.55-1 [buster] - nss (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38 NOTE: https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868931 CVE-2020-12402 (During RSA key generation, bignum implementations used a variation of ...) {DSA-4726-1 DLA-2266-1} - nss 2:3.53.1-1 (bug #963152) NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1 NOTE: Fixed upstream in 3.53.1 CVE-2020-12401 [ECDSA timing attack mitigation bypass] RESERVED - firefox 80.0-1 - nss 2:3.55-1 [buster] - nss (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private) NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401 CVE-2020-12400 [P-384 and P-521 implementation uses a side-channel vulnerable modular inversion function] RESERVED - firefox 80.0-1 - nss 2:3.55-1 [buster] - nss (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0 NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes NOTE: Issue relates to CVE-2020-6829 and resolved in the same commits. NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12400 CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures, which ...) {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2266-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - nss 2:3.53-1 (bug #961752) - thunderbird 1:68.9.0-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 (non-public) NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12399 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399 CVE-2020-12398 (If Thunderbird is configured to use STARTTLS for an IMAP server, and t ...) {DSA-4702-1 DLA-2247-1} - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398 CVE-2020-12397 (By encoding Unicode whitespace characters within the From email header ...) {DSA-4683-1 DLA-2206-1} - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12397 CVE-2020-12396 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12396 CVE-2020-12395 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12395 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12395 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12395 CVE-2020-12394 (A logic flaw in our location bar implementation could have allowed a l ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12394 CVE-2020-12393 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12393 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12393 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12393 CVE-2020-12392 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12392 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12392 CVE-2020-12391 (Documents formed using data: URLs in an OBJECT element failed to inher ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12391 CVE-2020-12390 (Incorrect origin serialization of URLs with IPv6 addresses could lead ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12390 CVE-2020-12389 (The Firefox content processes did not sufficiently lockdown access con ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12389 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12389 CVE-2020-12388 (The Firefox content processes did not sufficiently lockdown access con ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12388 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12388 CVE-2020-12387 (A race condition when running shutdown code for Web Worker led to a us ...) {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12387 CVE-2020-12386 RESERVED CVE-2020-12385 RESERVED CVE-2020-12384 RESERVED CVE-2020-12383 RESERVED CVE-2020-12382 RESERVED CVE-2020-12381 RESERVED CVE-2020-12380 RESERVED CVE-2020-12379 RESERVED CVE-2020-12378 RESERVED CVE-2020-12377 RESERVED CVE-2020-12376 RESERVED CVE-2020-12375 RESERVED CVE-2020-12374 RESERVED CVE-2020-12373 RESERVED CVE-2020-12372 RESERVED CVE-2020-12371 RESERVED CVE-2020-12370 RESERVED CVE-2020-12369 RESERVED CVE-2020-12368 RESERVED CVE-2020-12367 RESERVED CVE-2020-12366 RESERVED CVE-2020-12365 RESERVED CVE-2020-12364 RESERVED CVE-2020-12363 RESERVED CVE-2020-12362 RESERVED CVE-2020-12361 RESERVED CVE-2020-12360 RESERVED CVE-2020-12359 RESERVED CVE-2020-12358 RESERVED CVE-2020-12357 RESERVED CVE-2020-12356 RESERVED CVE-2020-12355 RESERVED CVE-2020-12354 RESERVED CVE-2020-12353 RESERVED CVE-2020-12352 RESERVED CVE-2020-12351 RESERVED CVE-2020-12350 RESERVED CVE-2020-12349 RESERVED CVE-2020-12348 RESERVED CVE-2020-12347 RESERVED CVE-2020-12346 RESERVED CVE-2020-12345 RESERVED CVE-2020-12344 RESERVED CVE-2020-12343 RESERVED CVE-2020-12342 RESERVED CVE-2020-12341 RESERVED CVE-2020-12340 RESERVED CVE-2020-12339 RESERVED CVE-2020-12338 RESERVED CVE-2020-12337 RESERVED CVE-2020-12336 RESERVED CVE-2020-12335 RESERVED CVE-2020-12334 RESERVED CVE-2020-12333 RESERVED CVE-2020-12332 RESERVED CVE-2020-12331 RESERVED CVE-2020-12330 RESERVED CVE-2020-12329 RESERVED CVE-2020-12328 RESERVED CVE-2020-12327 RESERVED CVE-2020-12326 RESERVED CVE-2020-12325 RESERVED CVE-2020-12324 RESERVED CVE-2020-12323 RESERVED CVE-2020-12322 RESERVED CVE-2020-12321 RESERVED CVE-2020-12320 RESERVED CVE-2020-12319 RESERVED CVE-2020-12318 RESERVED CVE-2020-12317 RESERVED CVE-2020-12316 RESERVED CVE-2020-12315 RESERVED CVE-2020-12314 RESERVED CVE-2020-12313 RESERVED CVE-2020-12312 RESERVED CVE-2020-12311 RESERVED CVE-2020-12310 RESERVED CVE-2020-12309 RESERVED CVE-2020-12308 RESERVED CVE-2020-12307 RESERVED CVE-2020-12306 RESERVED CVE-2020-12305 RESERVED CVE-2020-12304 RESERVED CVE-2020-12303 RESERVED CVE-2020-12302 RESERVED CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...) NOT-FOR-US: Intel CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server Board Famil ...) NOT-FOR-US: Intel CVE-2020-12299 (Improper input validation in BIOS firmware for Intel(R) Server Board F ...) NOT-FOR-US: Intel CVE-2020-12298 RESERVED CVE-2020-12297 RESERVED CVE-2020-12296 RESERVED CVE-2020-12295 RESERVED CVE-2020-12294 RESERVED CVE-2020-12293 RESERVED CVE-2020-12292 RESERVED CVE-2020-12291 RESERVED CVE-2020-12290 RESERVED CVE-2020-12289 RESERVED CVE-2020-12288 RESERVED CVE-2020-12287 (Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Too ...) NOT-FOR-US: Intel CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...) NOT-FOR-US: Octopus Deploy CVE-2020-12285 RESERVED CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a ...) {DSA-4722-1} - ffmpeg 7:4.2.3-1 [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 NOTE: https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726 CVE-2020-12283 (Sourcegraph before 3.15.1 has a vulnerable authentication workflow bec ...) NOT-FOR-US: Sourcegraph CVE-2020-12282 RESERVED CVE-2020-12281 RESERVED CVE-2020-12280 RESERVED CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) - libgit2 0.28.4+dfsg.1-2 [buster] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [stretch] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) NOTE: https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4 CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) - libgit2 0.28.4+dfsg.1-2 [buster] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [stretch] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) NOTE: https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01 NOTE: https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb CVE-2020-12277 (GitLab 10.8 through 12.9 has a vulnerability that allows someone to mi ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12276 (GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin noti ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12275 (GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...) NOT-FOR-US: TestLink CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...) NOT-FOR-US: TestLink CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...) - opendmarc NOTE: https://sourceforge.net/p/opendmarc/tickets/237/ NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...) NOT-FOR-US: SFOS CVE-2020-12270 (** DISPUTED ** React Native Bluetooth Scan in Bluezone 1.0.0 uses six- ...) NOT-FOR-US: Bluezone CVE-2020-12269 RESERVED CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...) - jbig2dec 0.18-1 [buster] - jbig2dec (Minor issue) [stretch] - jbig2dec (Minor issue) [jessie] - jbig2dec (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332 NOTE: https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextM ...) - qtbase-opensource-src (Vulnerable code not present) NOTE: https://github.com/qt/qtbase/commit/7447e2b337f12b4d04935d0f30fc673e4327d5a0 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450 NOTE: The 5.14 in experimental contains the code, but is already fixed CVE-2020-12266 (An issue was discovered on WAVLINK WL-WN579G3 M79X3.V5030.180719, WL-W ...) NOT-FOR-US: WAVLINK CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...) NOT-FOR-US: Node decompress CVE-2020-12264 RESERVED CVE-2020-12263 RESERVED CVE-2020-12262 RESERVED CVE-2020-12261 (Open-AudIT 3.3.0 allows an XSS attack after login. ...) NOT-FOR-US: Open-AudIT CVE-2020-12260 RESERVED CVE-2020-12259 (rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php fil ...) NOT-FOR-US: rConfig CVE-2020-12258 (rConfig 3.9.4 is vulnerable to session fixation because session expiry ...) NOT-FOR-US: rConfig CVE-2020-12257 (rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) becau ...) NOT-FOR-US: rConfig CVE-2020-12256 (rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file ...) NOT-FOR-US: rConfig CVE-2020-12255 (rConfig 3.9.4 is vulnerable to remote code execution due to improper v ...) NOT-FOR-US: rConfig CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...) NOT-FOR-US: Avira Antivirus CVE-2020-12253 RESERVED CVE-2020-12252 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...) NOT-FOR-US: Gigamon CVE-2020-12251 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...) NOT-FOR-US: Gigamon CVE-2020-12250 RESERVED CVE-2020-12249 RESERVED CVE-2020-12248 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) NOT-FOR-US: Foxit CVE-2020-12247 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) NOT-FOR-US: Foxit CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other & ...) NOT-FOR-US: Beeline Smart Box CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...) - grafana NOTE: https://github.com/grafana/grafana/pull/23816 CVE-2020-12244 (An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where ...) {DSA-4691-1} - pdns-recursor 4.3.1-1 [jessie] - pdns-recursor (Vulnerable code added later) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 CVE-2020-12243 (In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters wi ...) {DSA-4666-1 DLA-2199-1} - openldap 2.4.50+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9202 NOTE: https://git.openldap.org/openldap/openldap/-/commit/d38d48fc8f572dedfb67b9da61a2ba3b125ced91 (master) NOTE: https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440 (OPENLDAP_REL_ENG_2_4_50) CVE-2020-12242 (Valve Source allows local users to gain privileges by writing to the / ...) NOT-FOR-US: Valve CVE-2020-12241 RESERVED CVE-2020-12240 RESERVED CVE-2020-12239 RESERVED CVE-2020-12238 RESERVED CVE-2020-12237 RESERVED CVE-2020-12236 RESERVED CVE-2020-12235 RESERVED CVE-2020-12234 RESERVED CVE-2020-12233 RESERVED CVE-2020-12232 RESERVED CVE-2020-12231 RESERVED CVE-2020-12230 RESERVED CVE-2020-12229 RESERVED CVE-2020-12228 RESERVED CVE-2020-12227 RESERVED CVE-2020-12226 RESERVED CVE-2020-12225 RESERVED CVE-2020-12224 RESERVED CVE-2020-12223 RESERVED CVE-2020-12222 RESERVED CVE-2020-12221 RESERVED CVE-2020-12220 RESERVED CVE-2020-12219 RESERVED CVE-2020-12218 RESERVED CVE-2020-12217 RESERVED CVE-2020-12216 RESERVED CVE-2020-12215 RESERVED CVE-2020-12214 RESERVED CVE-2020-12213 RESERVED CVE-2020-12212 RESERVED CVE-2020-12211 RESERVED CVE-2020-12210 RESERVED CVE-2020-12209 RESERVED CVE-2020-12208 RESERVED CVE-2020-12207 RESERVED CVE-2020-12206 RESERVED CVE-2020-12205 RESERVED CVE-2020-12204 RESERVED CVE-2020-12203 RESERVED CVE-2020-12202 RESERVED CVE-2020-12201 RESERVED CVE-2020-12200 RESERVED CVE-2020-12199 RESERVED CVE-2020-12198 RESERVED CVE-2020-12197 RESERVED CVE-2020-12196 RESERVED CVE-2020-12195 RESERVED CVE-2020-12194 RESERVED CVE-2020-12193 RESERVED CVE-2020-12192 RESERVED CVE-2020-12191 RESERVED CVE-2020-12190 RESERVED CVE-2020-12189 RESERVED CVE-2020-12188 RESERVED CVE-2020-12187 RESERVED CVE-2020-12186 RESERVED CVE-2020-12185 RESERVED CVE-2020-12184 RESERVED CVE-2020-12183 RESERVED CVE-2020-12182 RESERVED CVE-2020-12181 RESERVED CVE-2020-12180 RESERVED CVE-2020-12179 RESERVED CVE-2020-12178 RESERVED CVE-2020-12177 RESERVED CVE-2020-12176 RESERVED CVE-2020-12175 RESERVED CVE-2020-12174 RESERVED CVE-2020-12173 RESERVED CVE-2020-12172 RESERVED CVE-2020-12171 RESERVED CVE-2020-12170 RESERVED CVE-2020-12169 RESERVED CVE-2020-12168 RESERVED CVE-2020-12167 RESERVED CVE-2020-12166 RESERVED CVE-2020-12165 RESERVED CVE-2020-12164 RESERVED CVE-2020-12163 RESERVED CVE-2020-12162 RESERVED CVE-2020-12161 RESERVED CVE-2020-12160 RESERVED CVE-2020-12159 RESERVED CVE-2020-12158 RESERVED CVE-2020-12157 RESERVED CVE-2020-12156 RESERVED CVE-2020-12155 RESERVED CVE-2020-12154 RESERVED CVE-2020-12153 RESERVED CVE-2020-12152 RESERVED CVE-2020-12151 RESERVED CVE-2020-12150 RESERVED CVE-2020-12149 RESERVED CVE-2020-12148 RESERVED CVE-2020-12147 RESERVED CVE-2020-12146 RESERVED CVE-2020-12145 RESERVED CVE-2020-12144 (The certificate used to identify the Silver Peak Cloud Portal to EdgeC ...) NOT-FOR-US: Silver Peak Cloud Portal CVE-2020-12143 (The certificate used to identify Orchestrator to EdgeConnect devices i ...) NOT-FOR-US: EdgeConnect CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machine int ...) NOT-FOR-US: EdgeConnect CVE-2020-12141 RESERVED CVE-2020-12140 RESERVED CVE-2020-12139 RESERVED CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact ...) NOT-FOR-US: AMD ATI atillk64.sys specific issue CVE-2020-12136 RESERVED CVE-2020-12135 (bson before 0.8 incorrectly uses int rather than size_t for many varia ...) - duo-unix (unimportant; bug #958998) NOTE: Embedded older version, but affected function not used CVE-2020-12134 (Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishand ...) NOT-FOR-US: Nanometrics Centaur / TitanSMA CVE-2020-12133 (The Apros Evolution, ConsciusMap, and Furukawa provisioning systems th ...) NOT-FOR-US: Apros Evolution, ConsciusMap, and Furukawa CVE-2020-12132 (Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS ...) NOT-FOR-US: Fifthplay CVE-2020-12131 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parame ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12130 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parame ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder para ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...) NOT-FOR-US: DONG JOO CHO File Transfer iFamily CVE-2020-12127 RESERVED CVE-2020-12126 RESERVED CVE-2020-12125 RESERVED CVE-2020-12124 RESERVED CVE-2020-12123 RESERVED CVE-2020-12122 RESERVED CVE-2020-12121 RESERVED CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...) NOT-FOR-US: PrestaShop CVE-2020-12119 (Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF ...) NOT-FOR-US: Ledger Live CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...) NOT-FOR-US: Binance tss-lib CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allo ...) NOT-FOR-US: Moxa CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Released bu ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-12115 RESERVED CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.3.7-1 NOTE: https://www.openwall.com/lists/oss-security/2020/05/04/2 CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...) NOT-FOR-US: BigBlueButton CVE-2020-12112 (BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive ...) NOT-FOR-US: BigBlueButton CVE-2020-12111 (Certain TP-Link devices allow Command Injection. This affects NC260 1. ...) NOT-FOR-US: TP-Link CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This affects ...) NOT-FOR-US: TP-Link CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...) NOT-FOR-US: TP-Link CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...) {DLA-2276-1 DLA-2204-1} - mailman [buster] - mailman (Minor issue) NOTE: https://bugs.launchpad.net/mailman/+bug/1873722 CVE-2020-12107 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command ...) NOT-FOR-US: VPNCrypt CVE-2020-12106 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthe ...) NOT-FOR-US: VPNCrypt CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...) - openconnect (unimportant; bug #959428) [jessie] - openconnect (Vulnerable code introduced later) NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96 NOTE: Only an issue if building with OpenSSL, where Debian binary packages use NOTE: GnuTLS. CVE-2020-12104 (The Import feature in the wp-advanced-search plugin 3.3.6 for WordPres ...) NOT-FOR-US: Import feature in the wp-advanced-search plugin for WordPress CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file b ...) NOT-FOR-US: Tiny File Manager CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in ...) NOT-FOR-US: Tiny File Manager CVE-2020-12101 (The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remo ...) NOT-FOR-US: xt:Commerce CVE-2020-12100 (In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp ...) {DSA-4745-1 DLA-2328-1} - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/1 NOTE: https://github.com/dovecot/core/commit/d4bb43a08ab9ecfab7249a17279e5f773c8abaad NOTE: https://github.com/dovecot/core/commit/6d77e00e4d170efde908591dc5871a8e48ea844b NOTE: https://github.com/dovecot/core/commit/926742088a3c66c11099386b2c6e80999c29f405 NOTE: https://github.com/dovecot/core/commit/e5830ae88531a32db36c97ebf122cba9a39cf801 NOTE: https://github.com/dovecot/core/commit/cb00e21fd70aae49453aedc1bb33c0765ab98667 NOTE: https://github.com/dovecot/core/commit/5ecadd30746d91854b5aa484feff9c70ea91c20b NOTE: https://github.com/dovecot/core/commit/24f0bfefdbccaaaaab9f52be428648ec3f1c34d3 NOTE: https://github.com/dovecot/core/commit/02c7c6dbb51748a5af8b0c70a499a3ab17de8490 NOTE: https://github.com/dovecot/core/commit/729941c996ee0b0ede40f462c9e34ceb6a6bd049 NOTE: https://github.com/dovecot/core/commit/8dbc754a31fbf7684e858aa1fb633b8dfbeb13cf NOTE: https://github.com/dovecot/core/commit/a175d654c3bc4d57641b871bbff99c10799b7d67 NOTE: https://github.com/dovecot/core/commit/a676cb539fc1545c58d1341baa2f875f7b694133 NOTE: https://github.com/dovecot/core/commit/0f46088a1af7b493db76a1d97ef4ecc6bb41f5a4 NOTE: https://github.com/dovecot/core/commit/7868f5f49be91fe51795b477a5440e69c1540716 NOTE: https://github.com/dovecot/core/commit/be53a118e789886efcdd57c513651c5148651161 NOTE: https://github.com/dovecot/core/commit/19193f40b1d74e8d4ef88121992b4a61d84773e3 CVE-2020-12099 RESERVED CVE-2020-12098 RESERVED CVE-2020-12097 RESERVED CVE-2020-12096 RESERVED CVE-2020-12095 RESERVED CVE-2020-12094 RESERVED CVE-2020-12093 RESERVED CVE-2020-12092 RESERVED CVE-2020-12091 RESERVED CVE-2020-12090 RESERVED CVE-2020-12089 RESERVED CVE-2020-12088 RESERVED CVE-2020-12087 RESERVED CVE-2020-12086 RESERVED CVE-2020-12085 RESERVED CVE-2020-12084 RESERVED CVE-2020-12083 RESERVED CVE-2020-12082 RESERVED CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...) NOT-FOR-US: FlexNet Publisher lmadmin.exe CVE-2020-12080 RESERVED CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...) {DSA-4664-1 DLA-2200-1} - mailman (bug #958930) NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/2 NOTE: http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1801 CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system access an ...) NOT-FOR-US: Beaker browser, different from src:beaker CVE-2020-12078 (An issue was discovered in Open-AudIT 3.3.1. There is shell metacharac ...) NOT-FOR-US: Open-AudIT CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPr ...) NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress CVE-2020-12075 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress CVE-2020-12074 (The users-customers-import-export-for-wp-woocommerce plugin before 1.3 ...) NOT-FOR-US: users-customers-import-export-for-wp-woocommerce plugin for WordPress CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect ...) NOT-FOR-US: responsive-add-ons plugin for WordPress CVE-2020-12072 RESERVED CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post content. ...) NOT-FOR-US: Anchor CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpress suff ...) NOT-FOR-US: Advanced Woo Search plugin for WordPress CVE-2020-12069 RESERVED CVE-2020-12068 (An issue was discovered in CODESYS Development System before 3.5.16.0. ...) NOT-FOR-US: CODESYS CVE-2020-12067 RESERVED CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...) {DSA-4763-1} - teeworlds 0.7.5-1 [jessie] - teeworlds (Not supported in jessie LTS) NOTE: https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5 NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=14785 CVE-2020-12065 RESERVED CVE-2020-12064 RESERVED CVE-2020-12063 (** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attac ...) NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/3 NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/12 NOTE: Not considered a Postfix vulnerability and scope is outside of the design goals CVE-2020-12062 (** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplica ...) - openssh 1:8.3p1-1 (unimportant) NOTE: https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1 NOTE: https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894 NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/1 NOTE: Negligible security impact, a malicious peer can achieve no more than already NOTE: able o achieve within the scp protocol. CVE-2020-12061 RESERVED CVE-2020-12060 RESERVED CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...) - ceph 14.2.4-1 [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/44967 NOTE: Introduced with: https://github.com/ceph/ceph/commit/5fb068114bb3da2f8fabea89160a8453f861dc96 (v12.1.1) NOTE: Fixed by: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3 (v13.2.10) NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing. CVE-2020-12058 (Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 al ...) NOT-FOR-US: osCommerce CE Phoenix CVE-2020-12057 RESERVED CVE-2020-12056 RESERVED CVE-2020-12055 RESERVED CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflecte ...) NOT-FOR-US: Catch Breadcrumb plugin for WordPress CVE-2020-12053 (In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-ba ...) NOT-FOR-US: Unisys Stealth CVE-2020-12052 (Grafana version < 6.7.3 is vulnerable for annotation popup XSS. ...) - grafana CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows remote ...) NOT-FOR-US: MediaWiki extension CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.99 ...) - sqliteodbc (unimportant) NOTE: The issue is located in the *.spec files used for rpm packaging using insecurely NOTE: /tmp/sqliteodbc$$. Debian packaging maintainer scripts do not suffer from same NOTE: issue. CVE-2020-12049 (An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusSe ...) {DLA-2235-1} - dbus 1.12.18-1 [buster] - dbus 1.12.20-0+deb10u1 [stretch] - dbus 1.10.32-0+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/3 NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/294 NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5 NOTE: Test: https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748 CVE-2020-12048 (Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hem ...) NOT-FOR-US: Phoenix Hemodialysis Delivery System CVE-2020-12047 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), whe ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmwar ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-12045 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12044 RESERVED CVE-2020-12043 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-12041 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) teln ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12040 (Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spec ...) NOT-FOR-US: Sigma Spectrum Infusion System CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v' ...) NOT-FOR-US: Baxter CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...) NOT-FOR-US: Rockwell Automation CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) NOT-FOR-US: Baxter CVE-2020-12036 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) NOT-FOR-US: Baxter CVE-2020-12035 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) NOT-FOR-US: Baxter CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...) NOT-FOR-US: Rockwell Automation CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all versions, th ...) NOT-FOR-US: Rockwell Automation CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...) NOT-FOR-US: Baxter CVE-2020-12031 (In all versions of FactoryTalk View SE, after bypassing memory corrupt ...) NOT-FOR-US: FactoryTalk View SE CVE-2020-12030 RESERVED CVE-2020-12029 (All versions of FactoryTalk View SE do not properly validate input of ...) NOT-FOR-US: FactoryTalk View SE CVE-2020-12028 (In all versions of FactoryTalk View SEA remote, an authenticated attac ...) NOT-FOR-US: FactoryTalk View CVE-2020-12027 (All versions of FactoryTalk View SE disclose the hostnames and file pa ...) NOT-FOR-US: FactoryTalk View SE CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12025 (Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, ...) NOT-FOR-US: Rockwell Automation CVE-2020-12024 (Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix ...) NOT-FOR-US: Baxter CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, Intel ...) NOT-FOR-US: Philips CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous vers ...) NOT-FOR-US: OSIsoft PI Web CVE-2020-12020 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix E ...) NOT-FOR-US: Baxter CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based ...) NOT-FOR-US: WebAccess Node CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An o ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmw ...) NOT-FOR-US: GE Grid Solutions Reason RT Clocks CVE-2020-12016 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...) NOT-FOR-US: Baxter CVE-2020-12015 (A specially crafted communication packet sent to the affected systems ...) NOT-FOR-US: Mitsubishi CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12013 (A specially crafted WCF client that interfaces to the may allow the ex ...) NOT-FOR-US: Mitsubishi CVE-2020-12012 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...) NOT-FOR-US: Baxter CVE-2020-12011 (A specially crafted communication packet sent to the affected systems ...) NOT-FOR-US: Mitsubishi CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12009 (A specially crafted communication packet sent to the affected device c ...) NOT-FOR-US: Mitsubishi CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...) NOT-FOR-US: Baxter CVE-2020-12007 (A specially crafted communication packet sent to the affected devices ...) NOT-FOR-US: Mitsubishi CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12005 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-12004 (The affected product lacks proper authentication required to query the ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-12003 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12001 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-12000 (The affected product is vulnerable to the handling of serialized data. ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-11999 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-11998 (A regression has been introduced in the commit preventing JMX re-bind. ...) - activemq (Only affects 5.15.12) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt CVE-2020-11997 RESERVED CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...) {DSA-4727-1 DLA-2279-1} - tomcat9 9.0.36-1 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6 NOTE: https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976 (9.0.36) NOTE: https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552 (8.5.56) CVE-2020-11995 RESERVED CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure on Camel ...) NOT-FOR-US: Apache Camel CVE-2020-11993 (Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enab ...) {DSA-4757-1} - apache2 2.4.46-1 [stretch] - apache2 (Too intrusive to backport) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/3 NOTE: https://svn.apache.org/r1879642 NOTE: https://github.com/apache/httpd/commit/63a0a87efa0925514d15c211b508f6594669888c CVE-2020-11992 REJECTED CVE-2020-11991 (When using the StreamGenerator, the code parse a user-provided XML. A ...) - cocoon CVE-2020-11990 RESERVED CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...) {DLA-2273-1} - shiro NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1 NOTE: https://github.com/apache/shiro/pull/211 NOTE: https://issues.apache.org/jira/browse/SHIRO-753 NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This NOTE: CVE is closely related to CVE-2020-1957. CVE-2020-11988 RESERVED CVE-2020-11987 RESERVED CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...) - netbeans NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2 CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and mod_rewrite F ...) - apache2 2.4.25-1 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 NOTE: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/2 NOTE: Upstream patch: https://svn.apache.org/r1688399 NOTE: https://github.com/apache/httpd/commit/dd6c959b3625048ee15ba4ad72e6cb7bcaf91020 CVE-2020-11984 (Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure an ...) {DSA-4757-1 DLA-2362-1} - apache2 2.4.46-1 [stretch] - apache2 (Vulnerable code not present) - uwsgi (unimportant) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11984 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/1 NOTE: https://svn.apache.org/r1880251 NOTE: https://github.com/apache/httpd/commit/0c543e3f5b3881d515d6235f152aacaaaf3aba72 NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg} NOTE: packages which are provided by src:apache2 itself. CVE-2020-11983 (An issue was found in Apache Airflow versions 1.10.10 and below. It wa ...) - airflow (bug #819700) CVE-2020-11982 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...) - airflow (bug #819700) CVE-2020-11981 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...) - airflow (bug #819700) CVE-2020-11980 (In Karaf, JMX authentication takes place using JAAS and authorization ...) - apache-karaf (bug #881297) CVE-2020-11979 RESERVED CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and below. A rem ...) - airflow (bug #819700) CVE-2020-11977 (In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable ext ...) NOT-FOR-US: Apache Syncope CVE-2020-11976 (By crafting a special URL it is possible to make Wicket deliver unproc ...) NOT-FOR-US: Apache Wicket CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which offers the ...) NOT-FOR-US: Apache Unomi CVE-2020-11974 RESERVED CVE-2020-11973 (Apache Camel Netty enables Java deserialization by default. Apache Cam ...) NOT-FOR-US: Apache Camel CVE-2020-11972 (Apache Camel RabbitMQ enables Java deserialization by default. Apache ...) NOT-FOR-US: Apache Camel CVE-2020-11971 (Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, ...) NOT-FOR-US: Apache Camel CVE-2020-11970 REJECTED CVE-2020-11969 (If Apache TomEE is configured to use the embedded ActiveMQ broker, and ...) NOT-FOR-US: Apache TomEE CVE-2020-11968 (In the web-panel in IQrouter through 3.3.1, remote attackers can read ...) NOT-FOR-US: IQrouter CVE-2020-11967 (In IQrouter through 3.3.1, remote attackers can control the device (re ...) NOT-FOR-US: IQrouter CVE-2020-11966 (In IQrouter through 3.3.1, the Lua function reset_password in the web- ...) NOT-FOR-US: IQrouter CVE-2020-11965 (In IQrouter through 3.3.1, there is a root user without a password, wh ...) NOT-FOR-US: IQrouter CVE-2020-11964 (In IQrouter through 3.3.1, the Lua function diag_set_password in the w ...) NOT-FOR-US: IQrouter CVE-2020-11963 (IQrouter through 3.3.1, when unconfigured, has multiple remote code ex ...) NOT-FOR-US: IQrouter CVE-2020-11962 RESERVED CVE-2020-11961 (Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive infor ...) NOT-FOR-US: Xiaomi CVE-2020-11960 (Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability w ...) NOT-FOR-US: Xiaomi CVE-2020-11959 (An unsafe configuration of nginx lead to information leak in Xiaomi ro ...) NOT-FOR-US: Xiaomi CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/sc ...) - re2c 1.3-2 (bug #963158) [buster] - re2c (Vulnerability introduced later) [stretch] - re2c (Vulnerability introduced later) [jessie] - re2c (Vulnerability introduced later) NOTE: http://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/ NOTE: Logical error introduced in: https://github.com/skvadrik/re2c/commit/2f3e597abce36fb7f41413373308b7f13fc98181 (1.2) NOTE: Vulnerability introduced in: https://github.com/skvadrik/re2c/commit/1edd26a35457c5835afd58b8fa8330d33e7a1192 (1.2) NOTE: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a#commitcomment-38652070 NOTE: Fixed by: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a CVE-2020-11957 (The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4. ...) NOT-FOR-US: Cypress CVE-2020-11956 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11955 (An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11954 RESERVED CVE-2020-11953 (An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11952 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11951 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11950 (VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XX ...) NOT-FOR-US: VIVOTEK Network Cameras CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras before XX ...) NOT-FOR-US: VIVOTEK Network Cameras CVE-2020-11948 RESERVED CVE-2020-11947 RESERVED CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker can r ...) {DSA-4682-1 DLA-2278-1} - squid 4.11-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_4.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch CVE-2020-11944 (Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call_ ...) NOT-FOR-US: bitcoin-abe CVE-2020-11943 (An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file u ...) NOT-FOR-US: Open-AudIT CVE-2020-11942 (An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL In ...) NOT-FOR-US: Open-AudIT CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...) NOT-FOR-US: Open-AudIT CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...) - ndpi [buster] - ndpi (Introduced in 3.0) [stretch] - ndpi (Introduced in 3.0) [jessie] - ndpi (Introduced in 3.0) NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435 NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...) - ndpi [buster] - ndpi (Introduced in 3.0) [stretch] - ndpi (Introduced in 3.0) [jessie] - ndpi (Introduced in 3.0) NOTE: https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202 NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11937 (In whoopsie, parse_report() from whoopsie.c allows a local attacker to ...) NOT-FOR-US: Whoopsie CVE-2020-11936 RESERVED CVE-2020-11935 RESERVED - aufs (bug #964748) [buster] - aufs (Minor issue; CONFIG_IMA not enabled in kernel; can be fixed via point release) [stretch] - aufs (Minor issue; too many other aufs issues open) NOTE: To exploit the issue CONFIG_IMA in Kernel needs to be enabled. NOTE: linux/4.9.y had the config enabled, but was disabled in later versions NOTE: including linux/4.19.y. NOTE: https://sourceforge.net/p/aufs/mailman/message/37048642/ NOTE: https://github.com/sfjro/aufs4-linux/commit/515a586eeef31e0717d5dea21e2c11a965340b3c NOTE: https://github.com/sfjro/aufs4-linux/commit/f10aea57d39d6cd311312e9e7746804f7059b5c8 CVE-2020-11934 (It was discovered that snapctl user-open allowed altering the $XDG_DAT ...) - snapd 2.45.2-1 [buster] - snapd (Minor issue) [stretch] - snapd (Vulnerable code not present) NOTE: https://github.com/snapcore/snapd/commit/06342a31878f1cf99d56da5483e71b9af61f46ad CVE-2020-11933 (cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 de ...) NOT-FOR-US: cloud-init in some Ubuntu images CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server logge ...) NOT-FOR-US: Subiquity installer for Ubuntu CVE-2020-11931 (An Ubuntu-specific modification to Pulseaudio to provide security medi ...) NOT-FOR-US: Ubuntu snap packaging of Pulseaudio CVE-2020-11930 (The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS vi ...) NOT-FOR-US: GTranslate plugin for WordPress CVE-2020-11929 RESERVED CVE-2020-11928 (In the media-library-assistant plugin before 2.82 for WordPress, Remot ...) NOT-FOR-US: media-library-assistant plugin for WordPress CVE-2020-11927 RESERVED CVE-2020-11926 RESERVED CVE-2020-11925 RESERVED CVE-2020-11924 RESERVED CVE-2020-11923 RESERVED CVE-2020-11922 RESERVED CVE-2020-11921 RESERVED CVE-2020-11920 RESERVED CVE-2020-11919 RESERVED CVE-2020-11918 RESERVED CVE-2020-11917 RESERVED CVE-2020-11916 RESERVED CVE-2020-11915 RESERVED CVE-2020-11914 (The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11913 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11912 (The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11911 (The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Cont ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11910 (The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Rea ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11909 (The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11908 (The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11907 (The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Par ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11906 (The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Inte ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11905 (The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11904 (The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11903 (The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11902 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling O ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11901 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution vi ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11900 (The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Fr ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11899 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11898 (The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMP ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11897 (The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11896 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, r ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) i ...) - ming NOTE: https://github.com/libming/libming/issues/197 CVE-2020-11894 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) i ...) - ming NOTE: https://github.com/libming/libming/issues/196 CVE-2020-11893 RESERVED CVE-2020-11892 RESERVED CVE-2020-11891 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...) NOT-FOR-US: Joomla! CVE-2020-11890 (An issue was discovered in Joomla! before 3.9.17. Improper input valid ...) NOT-FOR-US: Joomla! CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...) NOT-FOR-US: Joomla! CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...) - python-markdown2 2.3.9-1 (bug #959445) [buster] - python-markdown2 2.3.7-2+deb10u1 NOTE: https://github.com/trentm/python-markdown2/issues/348 CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...) NOT-FOR-US: svg2png CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...) NOT-FOR-US: OpenNMS CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...) NOT-FOR-US: WSO2 Enterprise Integrator CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code execution ...) {DSA-4667-1} - linux 5.6.7-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/316ec154810960052d4586b634156c54d0778f74 CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...) NOT-FOR-US: Divante vue-storefront-api CVE-2020-11882 (The O2 Business application 1.2.0 for Android exposes the canvasm.myo2 ...) NOT-FOR-US: O2 Business CVE-2020-11881 (An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7 ...) NOT-FOR-US: MikroTik RouterOS CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...) - kmail 4:20.04.1-1 (bug #958054) [buster] - kmail (Minor issue) - kdepim [stretch] - kdepim (Minor issue) [jessie] - kdepim (Minor issue) NOTE: https://github.com/KDE/kmail/commit/2a348eccd352260f192d9b449492071bbf2b34b1 CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...) - evolution 3.36.0-1 [buster] - evolution (Minor issue) [stretch] - evolution (Minor issue) [jessie] - evolution (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/784 NOTE: https://gitlab.gnome.org/GNOME/evolution/-/commit/6489f20d6905cc797e2b2581c415e558c457caa7 CVE-2020-11878 (The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4 ...) - jitsi-meet (bug #760485) CVE-2020-11877 (** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses 342 ...) NOT-FOR-US: Zoom Client for Meetings CVE-2020-11876 (** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses the ...) NOT-FOR-US: Zoom Client for Meetings CVE-2020-11875 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-11874 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication ...) NOT-FOR-US: OpenTrace CVE-2020-11871 RESERVED CVE-2020-11870 RESERVED CVE-2020-11869 (An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way i ...) - qemu 1:5.0-1 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/2 CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-pat ...) {DLA-2201-1} - ntp 1:4.2.8p14+dfsg-1 [buster] - ntp (Minor issue) [stretch] - ntp (Minor issue) - ntpsec (Doesn't affect ntpsec per upstream, #958027) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3592 NOTE: http://bugs.ntp.org/3592 NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5df73278nIf5dNbaR_vTeCY43_h7Vg NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5deb5269ieF1tee6Mp3UJyZOk8DB-Q NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1716665 NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651 CVE-2020-11867 RESERVED CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-aft ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11865 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bo ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11864 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11862 RESERVED CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...) NOT-FOR-US: Micro Focus CVE-2020-11860 RESERVED CVE-2020-11859 RESERVED CVE-2020-11858 RESERVED CVE-2020-11857 RESERVED CVE-2020-11856 RESERVED CVE-2020-11855 RESERVED CVE-2020-11854 RESERVED CVE-2020-11853 RESERVED CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure Messaging ...) NOT-FOR-US: Micro Focus CVE-2020-11851 RESERVED CVE-2020-11850 RESERVED CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...) NOT-FOR-US: Micro Focus CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...) NOT-FOR-US: Micro Focus CVE-2020-11847 RESERVED CVE-2020-11846 RESERVED CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...) NOT-FOR-US: Micro Focus CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container Deploym ...) NOT-FOR-US: Micro Focus CVE-2020-11843 RESERVED CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...) NOT-FOR-US: Micro Focus CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...) NOT-FOR-US: Micro Focus CVE-2020-11840 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...) NOT-FOR-US: Micro Focus CVE-2020-11839 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logge ...) NOT-FOR-US: Micro Focus CVE-2020-11838 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Manag ...) NOT-FOR-US: Micro Focus CVE-2020-11837 RESERVED CVE-2020-11836 RESERVED CVE-2020-11835 RESERVED CVE-2020-11834 RESERVED CVE-2020-11833 RESERVED CVE-2020-11832 RESERVED CVE-2020-11831 RESERVED CVE-2020-11830 RESERVED CVE-2020-11829 RESERVED CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...) NOT-FOR-US: ColorOS CVE-2020-11827 (In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak fi ...) NOT-FOR-US: GOG Galaxy client CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...) NOT-FOR-US: Memono CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...) - dolibarr CVE-2020-11824 RESERVED CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored ...) - dolibarr CVE-2020-11822 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the appli ...) NOT-FOR-US: Rukovoditel CVE-2020-11821 (In Rukovoditel 2.5.2, users' passwords and usernames are stored in a c ...) NOT-FOR-US: Rukovoditel CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file lo ...) NOT-FOR-US: Rukovoditel CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF at ...) NOT-FOR-US: Rukovoditel CVE-2020-11817 (In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the s ...) NOT-FOR-US: Rukovoditel CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to the serve ...) NOT-FOR-US: Rukovoditel CVE-2020-11814 (A Host Header Injection vulnerability in qdPM 9.1 may allow an attacke ...) NOT-FOR-US: qdPM CVE-2020-11813 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the confi ...) NOT-FOR-US: Rukovoditel CVE-2020-11812 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to the serve ...) NOT-FOR-US: qdPM CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...) - openvpn 2.4.9-1 (low) [buster] - openvpn (Minor issue) [stretch] - openvpn (Minor issue) [jessie] - openvpn (Minor issue) NOTE: https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab CVE-2020-11809 RESERVED CVE-2020-11808 RESERVED CVE-2020-11807 (Because of Unrestricted Upload of a File with a Dangerous Type, Source ...) NOT-FOR-US: Sourcefabric Newscoop CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...) NOT-FOR-US: MailStore Outlook Add-in CVE-2020-11805 RESERVED CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to improper sanit ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11802 RESERVED CVE-2020-11801 RESERVED CVE-2020-11800 RESERVED CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...) NOT-FOR-US: Z-Cron CVE-2020-11798 (A Directory Traversal vulnerability in the web conference component of ...) NOT-FOR-US: Mitel CVE-2020-11797 (An Authentication Bypass vulnerability in the Published Area of the we ...) NOT-FOR-US: Mitel CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...) NOT-FOR-US: JetBrains Space CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was ...) NOT-FOR-US: JetBrains Space CVE-2020-11794 RESERVED CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKi ...) {DSA-4658-1} - webkit2gtk 2.28.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.1-1 NOTE: https://webkitgtk.org/security/WSA-2020-0004.html CVE-2020-11792 (NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are ...) NOT-FOR-US: Netgear CVE-2020-11791 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS ...) NOT-FOR-US: Netgear CVE-2020-11790 (NETGEAR R7800 devices before 1.0.2.68 are affected by remote code exec ...) NOT-FOR-US: Netgear CVE-2020-11789 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2020-11788 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2020-11787 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11786 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11785 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11784 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11783 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11782 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11781 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11780 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11779 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11778 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11777 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11776 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11775 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11774 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11773 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11772 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11771 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11770 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-11769 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11768 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. I ...) NOT-FOR-US: Istio CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web I ...) NOT-FOR-US: iFAX AvantFAX CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2 CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/643/commits/d0303d1785d2a8cb994efee9efa81f8ee4be4c17 CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09 CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3 CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/7a52d40ae23c148f27116cb1f6e897b9143b372c CVE-2020-11757 RESERVED CVE-2020-11756 RESERVED CVE-2020-11755 RESERVED CVE-2020-11754 RESERVED CVE-2020-11753 (An issue was discovered in Sonatype Nexus Repository Manager in versio ...) NOT-FOR-US: Sonatype CVE-2020-11752 RESERVED CVE-2020-11751 RESERVED CVE-2020-11750 RESERVED CVE-2020-11749 (Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities ...) NOT-FOR-US: Pandora FMS CVE-2020-11748 RESERVED CVE-2020-11747 REJECTED CVE-2020-11746 RESERVED CVE-2020-11745 RESERVED CVE-2020-11744 RESERVED CVE-2020-11743 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-316.html CVE-2020-11742 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-318.html CVE-2020-11741 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-313.html CVE-2020-11740 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-313.html CVE-2020-11739 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-314.html CVE-2020-11738 (The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Dupl ...) NOT-FOR-US: Snap Creek Duplicator plugin for WordPress CVE-2020-11737 (A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 ...) NOT-FOR-US: Zimbra CVE-2020-11735 (The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use ...) - wolfssl 4.4.0+dfsg-1 NOTE: https://github.com/wolfSSL/wolfssl/commit/1de07da61f0c8e9926dcbd68119f73230dae283f CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...) {DLA-2180-1} - file-roller 3.36.2-1 (bug #956638) [buster] - file-roller 3.30.1-2+deb10u1 [stretch] - file-roller 3.22.3-1+deb9u2 NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...) NOT-FOR-US: CyberSolutions CyberMail CVE-2020-11733 (An issue was discovered on Spirent TestCenter and Avalanche appliance ...) NOT-FOR-US: Spirent CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2020-11730 RESERVED CVE-2020-11729 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...) {DSA-4660-1 DLA-2178-1} - awl 0.61-1 (bug #956650) NOTE: https://gitlab.com/davical-project/awl/-/issues/18 NOTE: https://gitlab.com/davical-project/awl/-/commit/535505c9acd0dda9cf664c38f5f8cb8dd61dc0cd CVE-2020-11728 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...) {DSA-4660-1 DLA-2178-1} - awl 0.61-1 (bug #956650) NOTE: https://gitlab.com/davical-project/awl/-/issues/19 NOTE: https://gitlab.com/davical-project/awl/-/commit/c2e808cc2420f8d870ac0a4aa9cc1f2c90562428 CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced O ...) NOT-FOR-US: AlgolPlus CVE-2020-11726 RESERVED CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...) {DSA-4750-1 DLA-2283-1} - nginx 1.18.0-5 (bug #964950) NOTE: https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa (ngx_lua 0.10.17, with tests) NOTE: https://github.com/openresty/openresty/commit/4e8b4c395f842a078e429c80dd063b2323999957 (ngx_lua 0.10.15) NOTE: nginx packages include ngx_lua in debian/modules/ CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux k ...) - linux NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400 CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys ...) NOT-FOR-US: Cellebrite UFED CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) - crawl 2:0.25.0-1 (bug #958232) [buster] - crawl (Minor issue) [stretch] - crawl (Minor issue) [jessie] - crawl (Minor issue) NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04 NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28 CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...) - libsixel (low) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/134 CVE-2020-11720 RESERVED CVE-2020-11719 RESERVED CVE-2020-11718 RESERVED CVE-2020-11717 RESERVED CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices throu ...) NOT-FOR-US: Panasonic CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access Control ...) NOT-FOR-US: Panasonic CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...) NOT-FOR-US: eten PSG-6528VM 1.1 devices CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...) - wolfssl 4.4.0+dfsg-1 (bug #960190) NOTE: https://github.com/wolfSSL/wolfssl/pull/2894/ CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and the fi ...) NOT-FOR-US: Open Upload CVE-2020-11711 RESERVED CVE-2020-11710 (** DISPUTED ** An issue was discovered in docker-kong (for Kong) throu ...) NOT-FOR-US: docker-kong CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...) NOT-FOR-US: cpp-httplip NOTE: https://github.com/yhirose/cpp-httplib/issues/425 CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11707 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11706 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11705 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11704 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11703 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11702 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11700 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11699 (An issue was discovered in Titan SpamTitan 7.07. Improper validation o ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11698 (An issue was discovered in Titan SpamTitan 7.07. Improper input saniti ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a reflective XSS ...) NOT-FOR-US: Combodo iTop CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a stored XS ...) NOT-FOR-US: Combodo iTop CVE-2020-11695 RESERVED CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarizatio ...) - pycharm (bug #742394) CVE-2020-11693 (JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-11692 (In JetBrains YouTrack before 2020.1.659, DB export was accessible to r ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAut ...) NOT-FOR-US: JetBrains Hub CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server could be ...) - intellij-idea (bug #747616) - intellij-community-idea CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without appropriate perm ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state is kept a ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11687 (In JetBrains TeamCity before 2019.2.2, password values were shown in a ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator was abl ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was accesse ...) NOT-FOR-US: JetBrains GoLand CVE-2020-11684 (AT91bootstrap before 3.9.2 does not properly wipe encryption and authe ...) NOT-FOR-US: Microchip AT91bootstrap CVE-2020-11683 (A timing side channel was discovered in AT91bootstrap before 3.9.2. It ...) NOT-FOR-US: Microchip AT91bootstrap CVE-2020-11682 (Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11681 (Castel NextGen DVR v1.0.0 stores and displays credentials for the asso ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11680 (Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11679 (Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation throug ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11678 RESERVED CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). ...) NOT-FOR-US: Cerner medico CVE-2020-11676 (Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3). ...) NOT-FOR-US: Cerner medico CVE-2020-11675 (Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3). ...) NOT-FOR-US: Cerner medico CVE-2020-11674 (Cerner medico 26.00 allows variable reuse, possibly causing data corru ...) NOT-FOR-US: Cerner medico CVE-2020-11673 (An issue was discovered in the Responsive Poll through 1.3.4 for Wordp ...) NOT-FOR-US: Responsive Poll for WordPress CVE-2020-11672 RESERVED CVE-2020-11671 (Lack of authorization controls in REST API functions in TeamPass throu ...) - teampass (bug #730180) CVE-2020-11670 RESERVED CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the powerpc ...) - linux 5.2.6-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerability introduced later with support for KVM guests on POWER9) [jessie] - linux (Vulnerability introduced later with support for KVM guests on POWER9) NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0 NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1 CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 CVE-2020-11667 RESERVED CVE-2020-11666 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11665 (CA API Developer Portal 4.3.1 and earlier handles loginRedirect page r ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11664 (CA API Developer Portal 4.3.1 and earlier handles homeRedirect page re ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11663 (CA API Developer Portal 4.3.1 and earlier handles 404 requests in an i ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11662 (CA API Developer Portal 4.3.1 and earlier handles requests insecurely, ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11661 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11660 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11659 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11658 (CA API Developer Portal 4.3.1 and earlier handles shared secret keys i ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11657 RESERVED CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) - sqlite3 3.32.0-1 (unimportant) NOTE: https://www.sqlite.org/cgi/src/tktview?name=4722bdab08cb14 NOTE: https://www.sqlite.org/src/info/d09f8c3621d5f7f8 NOTE: https://www.sqlite.org/src/info/b64674919f673602 NOTE: Negliglible security impact (and uncovered in DEBUG build) CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) {DLA-2340-1 DLA-2203-1} - sqlite3 3.31.1-5 [buster] - sqlite3 (Minor issue) NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11 CVE-2020-11654 RESERVED CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...) - varnish 6.4.0-1 (bug #956307) [buster] - varnish (Can be fixed along in next DSA) [stretch] - varnish (Only affects 6.x) [jessie] - varnish (Only affects 6.x) NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005 NOTE: https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62 CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...) {DSA-4676-2 DSA-4676-1 DLA-2223-1} - salt 3000.2+dfsg1-1 (bug #959684) NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst NOTE: Fixed by: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...) {DSA-4676-2 DSA-4676-1 DLA-2223-1} - salt 3000.2+dfsg1-1 (bug #959684) NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7 NOTE: Followup needed: https://github.com/saltstack/salt/commit/78172bf647473d5c1c2720e72fc12d6f2314d583 NOTE: There is a typo in the whitelisted methods on AESFuncs: NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue NOTE: Regression bugreport: https://github.com/saltstack/salt/issues/57016 NOTE: https://github.com/saltstack/salt/issues/57027 CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...) NOT-FOR-US: FreeNAS CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...) [experimental] - gitlab 12.9.3+dfsg-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) - wireshark 3.2.3-1 (low; bug #958213) [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Minor, can be fixed along in a future update) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html CVE-2020-11646 RESERVED CVE-2020-11645 RESERVED CVE-2020-11644 RESERVED CVE-2020-11643 RESERVED CVE-2020-11642 RESERVED CVE-2020-11641 RESERVED CVE-2020-11640 RESERVED CVE-2020-11639 RESERVED CVE-2020-11638 RESERVED CVE-2020-11637 RESERVED CVE-2020-11636 RESERVED CVE-2020-11635 RESERVED CVE-2020-11634 RESERVED CVE-2020-11633 RESERVED CVE-2020-11632 RESERVED CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11629 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11628 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11627 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11625 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) NOT-FOR-US: AvertX CVE-2020-11624 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) NOT-FOR-US: AvertX CVE-2020-11623 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) NOT-FOR-US: AvertX CVE-2020-11622 (A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M a ...) NOT-FOR-US: Cloud EOS CVE-2020-11621 RESERVED CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2682 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2680 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top b ...) NOT-FOR-US: THOMSON CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA ...) NOT-FOR-US: THOMSON CVE-2020-11616 RESERVED CVE-2020-11615 RESERVED CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...) NOT-FOR-US: Mids' Reborn Hero Designer CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...) NOT-FOR-US: Mids' Reborn Hero Designer CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...) {DLA-2364-1} - netty 1:4.1.48-1 [jessie] - netty (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API) NOTE: https://github.com/netty/netty/issues/6168 NOTE: https://github.com/netty/netty/pull/9924 NOTE: https://github.com/netty/netty/commit/1543218d3e7afcb33a90b728b14370395a3deca0 CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The buildMess ...) NOT-FOR-US: xdLocalStorage CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...) NOT-FOR-US: xdLocalStorage CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205 CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 CVE-2020-11607 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11606 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11605 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11604 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11603 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11602 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11601 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11599 (An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. Ge ...) NOT-FOR-US: CIPPlanner CVE-2020-11598 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upl ...) NOT-FOR-US: CIPPlanner CVE-2020-11597 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11596 (A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Bu ...) NOT-FOR-US: CIPPlanner CVE-2020-11595 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11594 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11593 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11592 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11591 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11590 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11589 (An Insecure Direct Object Reference issue was discovered in CIPPlanner ...) NOT-FOR-US: CIPPlanner CVE-2020-11588 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11587 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11586 (An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. ...) NOT-FOR-US: CIPPlanner CVE-2020-11585 (There is an information disclosure issue in DNN (formerly DotNetNuke) ...) NOT-FOR-US: DNN (formerly DotNetNuke) CVE-2020-11584 (A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows r ...) NOT-FOR-US: Plesk Onyx CVE-2020-11583 (A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allo ...) NOT-FOR-US: Plesk Obsidian CVE-2020-11582 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11581 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11579 (An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. instal ...) NOT-FOR-US: Chadha PHPKB CVE-2020-11578 RESERVED CVE-2020-11577 RESERVED CVE-2020-11576 (Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumerat ...) NOT-FOR-US: Argo CVE-2020-11575 RESERVED CVE-2020-11574 RESERVED CVE-2020-11573 RESERVED CVE-2020-11572 RESERVED CVE-2020-11571 RESERVED CVE-2020-11570 RESERVED CVE-2020-11569 RESERVED CVE-2020-11568 RESERVED CVE-2020-11567 RESERVED CVE-2020-11566 RESERVED CVE-2020-11565 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.6 ...) {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd CVE-2020-11564 RESERVED CVE-2020-11563 RESERVED CVE-2020-11562 RESERVED CVE-2020-11561 (In NCH Express Invoice 7.25, an authenticated low-privilege user can e ...) NOT-FOR-US: NCH Express Invoice CVE-2020-11560 (NCH Express Invoice 7.25 allows local users to discover the cleartext ...) NOT-FOR-US: NCH Express Invoice CVE-2020-11559 RESERVED CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...) - gpac [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Vulnerable code not present and not reproducible) NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c NOTE: https://github.com/gpac/gpac/issues/1440 CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11555 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11554 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11552 (An elevation of privilege vulnerability exists in ManageEngine ADSelfS ...) NOT-FOR-US: ManageEngine CVE-2020-11551 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11550 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11549 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...) NOT-FOR-US: Search Meter plugin for WordPress CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-11546 (SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution ...) NOT-FOR-US: SuperWebMailer CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to multiple ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11543 (OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the pa ...) NOT-FOR-US: OpsRamp Gateway CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices CVE-2020-11541 (In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE ...) NOT-FOR-US: TechSmith SnagIt CVE-2020-11540 RESERVED CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It ...) NOT-FOR-US: Tata Sonata Smart SF Rush 1.12 devices CVE-2020-11538 (In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...) - pillow 7.2.0-1 (low) [buster] - pillow 5.4.1-2+deb10u2 [stretch] - pillow (Vulnerable code not present) NOTE: https://github.com/python-pillow/Pillow/pull/4504 NOTE: https://github.com/python-pillow/Pillow/pull/4538 CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11536 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11535 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11534 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...) NOT-FOR-US: Ivanti Workspace Control CVE-2020-11532 (Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin ...) NOT-FOR-US: Zoho ManageEngine DataSecurity Plus CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine DataSecur ...) NOT-FOR-US: Zoho ManageEngine DataSecurity Plus CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider 3, a Wor ...) NOT-FOR-US: Chop Slider 3 WordPress plugin CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect. ...) NOT-FOR-US: Grav CMS CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) ...) NOT-FOR-US: bit2spr CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...) NOT-FOR-US: Zoho CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012 CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-r ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2. ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820 CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42 NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out- ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845 CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...) NOT-FOR-US: WinMagic SecureDoc CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...) NOT-FOR-US: WinMagic SecureDoc CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticate ...) NOT-FOR-US: Zoho CVE-2020-11517 RESERVED CVE-2020-11516 (Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for W ...) NOT-FOR-US: Contact Form 7 Datepicker plugin for WordPress CVE-2020-11515 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) NOT-FOR-US: Rank Math plugin for WordPress CVE-2020-11514 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) NOT-FOR-US: Rank Math plugin for WordPress CVE-2020-11513 RESERVED CVE-2020-11512 (Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 ...) NOT-FOR-US: IMPress for IDX Broker WordPress plugin CVE-2020-11511 RESERVED CVE-2020-11510 RESERVED CVE-2020-11509 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) NOT-FOR-US: WP Lead Plus X plugin for WordPress CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) NOT-FOR-US: WP Lead Plus X plugin for WordPress CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0. ...) NOT-FOR-US: Malwarebytes AdwCleaner CVE-2020-11506 (An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A W ...) [experimental] - gitlab 12.9.3+dfsg-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11505 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) - gitlab (Only affects GitLab EE 12.8.0 and later) NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11504 RESERVED CVE-2020-11503 (A heap-based buffer overflow in the awarrensmtp component of Sophos XG ...) NOT-FOR-US: Sophos CVE-2020-11502 RESERVED CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...) NOT-FOR-US: Zoom CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when upd ...) NOT-FOR-US: Firmware Analysis and Comparison Tool CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...) NOT-FOR-US: Slack Nebula CVE-2020-11497 (An issue was discovered in the NAB Transact extension 2.1.0 for the Wo ...) NOT-FOR-US: NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress CVE-2020-11496 RESERVED CVE-2020-11495 REJECTED CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ CVE-2020-11493 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) NOT-FOR-US: Foxit CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11489 RESERVED CVE-2020-11488 RESERVED CVE-2020-11487 RESERVED CVE-2020-11486 RESERVED CVE-2020-11485 RESERVED CVE-2020-11484 RESERVED CVE-2020-11483 RESERVED CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...) {DSA-4652-1} - gnutls28 3.6.13-2 (bug #955556) [stretch] - gnutls28 (Vulnerable code introduced later) [jessie] - gnutls28 (Vulnerable code introduced later) NOTE: https://gitlab.com/gnutls/gnutls/-/issues/960 NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/c01011c2d8533dbbbe754e49e256c109cb848d0d (3.6.13) NOTE: Broken-by: https://gitlab.com/gnutls/gnutls/-/commit/bcf4de0371efbdf0846388e2df0cb14b5db09954 (gnutls_3_6_3) CVE-2020-11482 RESERVED CVE-2020-11481 RESERVED CVE-2020-11480 RESERVED CVE-2020-11479 RESERVED CVE-2020-11478 RESERVED CVE-2020-11477 RESERVED CVE-2020-11476 (Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangero ...) NOT-FOR-US: Concrete5 CVE-2020-11475 RESERVED CVE-2020-11474 (NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic lin ...) NOT-FOR-US: NCP Secure Enterprise Client CVE-2020-11473 RESERVED CVE-2020-11472 RESERVED CVE-2020-11471 RESERVED CVE-2020-11470 (Zoom Client for Meetings through 4.6.8 on macOS has the disable-librar ...) NOT-FOR-US: Zoom CVE-2020-11469 (Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to ...) NOT-FOR-US: Zoom CVE-2020-11468 RESERVED CVE-2020-11467 (An issue was discovered in Deskpro before 2019.8.0. This product enabl ...) NOT-FOR-US: Deskpro CVE-2020-11466 (An issue was discovered in Deskpro before 2019.8.0. The /api/tickets e ...) NOT-FOR-US: Deskpro CVE-2020-11465 (An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* en ...) NOT-FOR-US: Deskpro CVE-2020-11464 (An issue was discovered in Deskpro before 2019.8.0. The /api/people en ...) NOT-FOR-US: Deskpro CVE-2020-11463 (An issue was discovered in Deskpro before 2019.8.0. The /api/email_acc ...) NOT-FOR-US: Deskpro CVE-2020-11462 (An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8. ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-11461 RESERVED CVE-2020-11460 RESERVED CVE-2020-11459 RESERVED CVE-2020-11458 (app/Model/feed.php in MISP before 2.4.124 allows administrators to cho ...) NOT-FOR-US: MISP CVE-2020-11457 (pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php ...) NOT-FOR-US: pfSense CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored XSS in application/views/ad ...) - limesurvey (bug #472802) CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal vulnerabilit ...) - limesurvey (bug #472802) CVE-2020-11454 (Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Contain ...) NOT-FOR-US: Microstrategy Web CVE-2020-11453 (** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Req ...) NOT-FOR-US: Microstrategy Web CVE-2020-11452 (Microstrategy Web 10.4 includes functionality to allow users to import ...) NOT-FOR-US: Microstrategy Web CVE-2020-11451 (The Upload Visualization plugin in the Microstrategy Web 10.4 admin pa ...) NOT-FOR-US: Microstrategy Web CVE-2020-11450 (Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture ...) NOT-FOR-US: Microstrategy Web CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices. An atta ...) NOT-FOR-US: Technicolor devices CVE-2020-11448 RESERVED CVE-2020-11447 RESERVED CVE-2020-11446 (ESET Antivirus and Antispyware Module module 1553 through 1560 allows ...) NOT-FOR-US: ESET CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote attackers to byp ...) NOT-FOR-US: TP-Link CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has I ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-11443 (The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to ver ...) NOT-FOR-US: Zoom CVE-2020-11442 RESERVED CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated ...) - phpmyadmin (unimportant) [jessie] - phpmyadmin (The pma_error display code does not exist in this version) NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056 NOTE: Not considered a security issue CVE-2020-11440 (httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no ...) NOT-FOR-US: Wind River CVE-2020-11439 (LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue all ...) NOT-FOR-US: LibreHealth EMR CVE-2020-11438 (LibreHealth EMR v2.0.0 is affected by systemic CSRF. ...) NOT-FOR-US: LibreHealth EMR CVE-2020-11437 (LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privi ...) NOT-FOR-US: LibreHealth EMR CVE-2020-11436 (LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the abilit ...) NOT-FOR-US: LibreHealth EMR CVE-2020-11435 RESERVED CVE-2020-11434 RESERVED CVE-2020-11433 RESERVED CVE-2020-11432 RESERVED CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to 19.2, HelpD ...) NOT-FOR-US: i-net CVE-2020-11430 RESERVED CVE-2020-11429 RESERVED CVE-2020-11428 RESERVED CVE-2020-11427 RESERVED CVE-2020-11426 RESERVED CVE-2020-11425 RESERVED CVE-2020-11424 RESERVED CVE-2020-11423 RESERVED CVE-2020-11422 RESERVED CVE-2020-11421 RESERVED CVE-2020-11420 (UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker ...) NOT-FOR-US: UPS Adapter CS141 CVE-2020-11419 RESERVED CVE-2020-11418 RESERVED CVE-2020-11417 RESERVED CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. ...) NOT-FOR-US: JetBrains Space CVE-2020-11415 (An issue was discovered in Sonatype Nexus Repository Manager 2.x befor ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...) NOT-FOR-US: Progress Telerik UI CVE-2020-11413 RESERVED CVE-2020-11412 RESERVED CVE-2020-11411 RESERVED CVE-2020-11410 RESERVED CVE-2020-11409 RESERVED CVE-2020-11408 RESERVED CVE-2020-11407 RESERVED CVE-2020-11406 RESERVED CVE-2020-11405 RESERVED CVE-2020-11404 RESERVED CVE-2020-11403 RESERVED CVE-2020-11402 RESERVED CVE-2020-11401 RESERVED CVE-2020-11400 RESERVED CVE-2020-11399 RESERVED CVE-2020-11398 RESERVED CVE-2020-11397 RESERVED CVE-2020-11396 RESERVED CVE-2020-11395 RESERVED CVE-2020-11394 RESERVED CVE-2020-11393 RESERVED CVE-2020-11392 RESERVED CVE-2020-11391 RESERVED CVE-2020-11390 RESERVED CVE-2020-11389 RESERVED CVE-2020-11388 RESERVED CVE-2020-11387 RESERVED CVE-2020-11386 RESERVED CVE-2020-11385 RESERVED CVE-2020-11384 RESERVED CVE-2020-11383 RESERVED CVE-2020-11382 RESERVED CVE-2020-11381 RESERVED CVE-2020-11380 RESERVED CVE-2020-11379 RESERVED CVE-2020-11378 RESERVED CVE-2020-11377 RESERVED CVE-2020-11376 RESERVED CVE-2020-11375 RESERVED CVE-2020-11374 RESERVED CVE-2020-11373 RESERVED CVE-2020-11372 RESERVED CVE-2020-11371 RESERVED CVE-2020-11370 RESERVED CVE-2020-11369 RESERVED CVE-2020-11368 RESERVED CVE-2020-11367 RESERVED CVE-2020-11366 RESERVED CVE-2020-11365 RESERVED CVE-2020-11364 RESERVED CVE-2020-11363 RESERVED CVE-2020-11362 RESERVED CVE-2020-11361 RESERVED CVE-2020-11360 RESERVED CVE-2020-11359 RESERVED CVE-2020-11358 RESERVED CVE-2020-11357 RESERVED CVE-2020-11356 RESERVED CVE-2020-11355 RESERVED CVE-2020-11354 RESERVED CVE-2020-11353 RESERVED CVE-2020-11352 RESERVED CVE-2020-11351 RESERVED CVE-2020-11350 RESERVED CVE-2020-11349 RESERVED CVE-2020-11348 RESERVED CVE-2020-11347 RESERVED CVE-2020-11346 RESERVED CVE-2020-11345 RESERVED CVE-2020-11344 RESERVED CVE-2020-11343 RESERVED CVE-2020-11342 RESERVED CVE-2020-11341 RESERVED CVE-2020-11340 RESERVED CVE-2020-11339 RESERVED CVE-2020-11338 RESERVED CVE-2020-11337 RESERVED CVE-2020-11336 RESERVED CVE-2020-11335 RESERVED CVE-2020-11334 RESERVED CVE-2020-11333 RESERVED CVE-2020-11332 RESERVED CVE-2020-11331 RESERVED CVE-2020-11330 RESERVED CVE-2020-11329 RESERVED CVE-2020-11328 RESERVED CVE-2020-11327 RESERVED CVE-2020-11326 RESERVED CVE-2020-11325 RESERVED CVE-2020-11324 RESERVED CVE-2020-11323 RESERVED CVE-2020-11322 RESERVED CVE-2020-11321 RESERVED CVE-2020-11320 RESERVED CVE-2020-11319 RESERVED CVE-2020-11318 RESERVED CVE-2020-11317 RESERVED CVE-2020-11316 RESERVED CVE-2020-11315 RESERVED CVE-2020-11314 RESERVED CVE-2020-11313 RESERVED CVE-2020-11312 RESERVED CVE-2020-11311 RESERVED CVE-2020-11310 RESERVED CVE-2020-11309 RESERVED CVE-2020-11308 RESERVED CVE-2020-11307 RESERVED CVE-2020-11306 RESERVED CVE-2020-11305 RESERVED CVE-2020-11304 RESERVED CVE-2020-11303 RESERVED CVE-2020-11302 RESERVED CVE-2020-11301 RESERVED CVE-2020-11300 RESERVED CVE-2020-11299 RESERVED CVE-2020-11298 RESERVED CVE-2020-11297 RESERVED CVE-2020-11296 RESERVED CVE-2020-11295 RESERVED CVE-2020-11294 RESERVED CVE-2020-11293 RESERVED CVE-2020-11292 RESERVED CVE-2020-11291 RESERVED CVE-2020-11290 RESERVED CVE-2020-11289 RESERVED CVE-2020-11288 RESERVED CVE-2020-11287 RESERVED CVE-2020-11286 RESERVED CVE-2020-11285 RESERVED CVE-2020-11284 RESERVED CVE-2020-11283 RESERVED CVE-2020-11282 RESERVED CVE-2020-11281 RESERVED CVE-2020-11280 RESERVED CVE-2020-11279 RESERVED CVE-2020-11278 RESERVED CVE-2020-11277 RESERVED CVE-2020-11276 RESERVED CVE-2020-11275 RESERVED CVE-2020-11274 RESERVED CVE-2020-11273 RESERVED CVE-2020-11272 RESERVED CVE-2020-11271 RESERVED CVE-2020-11270 RESERVED CVE-2020-11269 RESERVED CVE-2020-11268 RESERVED CVE-2020-11267 RESERVED CVE-2020-11266 RESERVED CVE-2020-11265 RESERVED CVE-2020-11264 RESERVED CVE-2020-11263 RESERVED CVE-2020-11262 RESERVED CVE-2020-11261 RESERVED CVE-2020-11260 RESERVED CVE-2020-11259 RESERVED CVE-2020-11258 RESERVED CVE-2020-11257 RESERVED CVE-2020-11256 RESERVED CVE-2020-11255 RESERVED CVE-2020-11254 RESERVED CVE-2020-11253 RESERVED CVE-2020-11252 RESERVED CVE-2020-11251 RESERVED CVE-2020-11250 RESERVED CVE-2020-11249 RESERVED CVE-2020-11248 RESERVED CVE-2020-11247 RESERVED CVE-2020-11246 RESERVED CVE-2020-11245 RESERVED CVE-2020-11244 RESERVED CVE-2020-11243 RESERVED CVE-2020-11242 RESERVED CVE-2020-11241 RESERVED CVE-2020-11240 RESERVED CVE-2020-11239 RESERVED CVE-2020-11238 RESERVED CVE-2020-11237 RESERVED CVE-2020-11236 RESERVED CVE-2020-11235 RESERVED CVE-2020-11234 RESERVED CVE-2020-11233 RESERVED CVE-2020-11232 RESERVED CVE-2020-11231 RESERVED CVE-2020-11230 RESERVED CVE-2020-11229 RESERVED CVE-2020-11228 RESERVED CVE-2020-11227 RESERVED CVE-2020-11226 RESERVED CVE-2020-11225 RESERVED CVE-2020-11224 RESERVED CVE-2020-11223 RESERVED CVE-2020-11222 RESERVED CVE-2020-11221 RESERVED CVE-2020-11220 RESERVED CVE-2020-11219 RESERVED CVE-2020-11218 RESERVED CVE-2020-11217 RESERVED CVE-2020-11216 RESERVED CVE-2020-11215 RESERVED CVE-2020-11214 RESERVED CVE-2020-11213 RESERVED CVE-2020-11212 RESERVED CVE-2020-11211 RESERVED CVE-2020-11210 RESERVED CVE-2020-11209 RESERVED CVE-2020-11208 RESERVED CVE-2020-11207 RESERVED CVE-2020-11206 RESERVED CVE-2020-11205 RESERVED CVE-2020-11204 RESERVED CVE-2020-11203 RESERVED CVE-2020-11202 RESERVED CVE-2020-11201 RESERVED CVE-2020-11200 RESERVED CVE-2020-11199 RESERVED CVE-2020-11198 RESERVED CVE-2020-11197 RESERVED CVE-2020-11196 RESERVED CVE-2020-11195 RESERVED CVE-2020-11194 RESERVED CVE-2020-11193 RESERVED CVE-2020-11192 RESERVED CVE-2020-11191 RESERVED CVE-2020-11190 RESERVED CVE-2020-11189 RESERVED CVE-2020-11188 RESERVED CVE-2020-11187 RESERVED CVE-2020-11186 RESERVED CVE-2020-11185 RESERVED CVE-2020-11184 RESERVED CVE-2020-11183 RESERVED CVE-2020-11182 RESERVED CVE-2020-11181 RESERVED CVE-2020-11180 RESERVED CVE-2020-11179 RESERVED CVE-2020-11178 RESERVED CVE-2020-11177 RESERVED CVE-2020-11176 RESERVED CVE-2020-11175 RESERVED CVE-2020-11174 RESERVED CVE-2020-11173 RESERVED CVE-2020-11172 RESERVED CVE-2020-11171 RESERVED CVE-2020-11170 RESERVED CVE-2020-11169 RESERVED CVE-2020-11168 RESERVED CVE-2020-11167 RESERVED CVE-2020-11166 RESERVED CVE-2020-11165 RESERVED CVE-2020-11164 RESERVED CVE-2020-11163 RESERVED CVE-2020-11162 RESERVED CVE-2020-11161 RESERVED CVE-2020-11160 RESERVED CVE-2020-11159 RESERVED CVE-2020-11158 (u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due t ...) NOT-FOR-US: Qualcomm CVE-2020-11157 RESERVED CVE-2020-11156 RESERVED CVE-2020-11155 RESERVED CVE-2020-11154 RESERVED CVE-2020-11153 RESERVED CVE-2020-11152 RESERVED CVE-2020-11151 RESERVED CVE-2020-11150 RESERVED CVE-2020-11149 RESERVED CVE-2020-11148 RESERVED CVE-2020-11147 RESERVED CVE-2020-11146 RESERVED CVE-2020-11145 RESERVED CVE-2020-11144 RESERVED CVE-2020-11143 RESERVED CVE-2020-11142 RESERVED CVE-2020-11141 RESERVED CVE-2020-11140 RESERVED CVE-2020-11139 RESERVED CVE-2020-11138 RESERVED CVE-2020-11137 RESERVED CVE-2020-11136 RESERVED CVE-2020-11135 (u'Reachable assertion when wrong data size is returned by parser for a ...) NOT-FOR-US: Snapdragon CVE-2020-11134 RESERVED CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due to lack o ...) NOT-FOR-US: Snapdragon CVE-2020-11132 RESERVED CVE-2020-11131 RESERVED CVE-2020-11130 RESERVED CVE-2020-11129 (u'During the error occurrence in capture request, the buffer is freed ...) NOT-FOR-US: Snapdragon CVE-2020-11128 (u'Possible out of bound access while copying the mask file content int ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11127 RESERVED CVE-2020-11126 RESERVED CVE-2020-11125 RESERVED CVE-2020-11124 (u'Possible use-after-free while accessing diag client map table since ...) NOT-FOR-US: Snapdragon CVE-2020-11123 RESERVED CVE-2020-11122 (u'Null Pointer exception while playing crafted mkv file as data stream ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11121 RESERVED CVE-2020-11120 (u'Calling thread may free the data buffer pointer that was passed to t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11119 RESERVED CVE-2020-11118 (u'Information exposure issues while processing IE header due to improp ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11117 (u'In the lbd service, an external user can issue a specially crafted d ...) NOT-FOR-US: Snapdragon CVE-2020-11116 (u'Possible out of bound write while processing association response re ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11115 (u'Buffer over read occurs while processing information element from be ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11114 RESERVED CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...) - bubblewrap 0.4.1-1 (low; bug #955441) [buster] - bubblewrap (Introduced in 0.4.0) [stretch] - bubblewrap (Introduced in 0.4.0) NOTE: https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj NOTE: https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240 CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2670 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2666 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2664 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11110 (Grafana through 6.7.1 allows stored XSS due to insufficient input prot ...) - grafana CVE-2020-11109 RESERVED CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an authenticated adv ...) NOT-FOR-US: Pi-hole CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , ...) NOT-FOR-US: XAMPP CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) NOT-FOR-US: Responsive Filemanager CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It employs c ...) NOT-FOR-US: USC iLab cereal CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...) NOT-FOR-US: USC iLab cereal CVE-2020-11103 RESERVED CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ...) - qemu 1:4.2-4 (bug #956145) [buster] - qemu (Vulnerable code/Tulip NIC emulator added later) [stretch] - qemu (Vulnerable code/Tulip NIC emulator added later) [jessie] - qemu (Vulnerable code/Tulip NIC emulator added later) - qemu-kvm (Vulnerable code/Tulip NIC emulator added later) NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 (v5.0.0-rc1) CVE-2020-11101 RESERVED CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...) {DSA-4649-1} - haproxy 2.0.13-2 [stretch] - haproxy (Vulnerable code introduced in 1.8) [jessie] - haproxy (Vulnerable code introduced in 1.8) NOTE: https://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=f17f86304f187b0f10ca6a8d46346afd9851a543 CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs resultin ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in update_ ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs resultin ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2 CVE-2020-11094 (The October CMS debugbar plugin before version 3.1.0 contains a featur ...) NOT-FOR-US: October CMS CVE-2020-11093 RESERVED CVE-2020-11092 RESERVED CVE-2020-11091 (In Weave Net before version 2.6.3, an attacker able to run a process a ...) NOT-FOR-US: Weave Net CVE-2020-11090 (In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vul ...) NOT-FOR-US: Indy Node CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h CVE-2020-11088 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp CVE-2020-11087 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7 CVE-2020-11086 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974 CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_rea ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead to comm ...) NOT-FOR-US: iPear CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a user wit ...) NOT-FOR-US: October CMS CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would allow an ...) - ruby-kaminari 1.0.1-6 (bug #961847) [jessie] - ruby-kaminari (No reverse dependency) NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433 NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8 CVE-2020-11081 (osquery before version 4.4.0 enables a privilege escalation vulnerabil ...) - osquery (bug #803502) CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...) {DSA-4696-1} - nodejs 10.21.0~dfsg-1 (bug #962145) [stretch] - nodejs (Nodejs in stretch not covered by security support) [jessie] - nodejs (Nodejs in jessie not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#http-2-large-settings-frame-dos-low-cve-2020-11080 CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of ...) NOT-FOR-US: dns-sync nodejs module CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...) {DLA-2232-1} - python-httplib2 0.18.1-1 [buster] - python-httplib2 (Minor issue) [stretch] - python-httplib2 (Minor issue) NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq NOTE: https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e CVE-2020-11077 (In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ...) - puma NOTE: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...) - puma NOTE: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...) NOT-FOR-US: Anchore Engine CVE-2020-11074 (In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there i ...) NOT-FOR-US: PrestaShop CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...) NOT-FOR-US: zsh-autoswitch-virtualenv CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1, users ...) NOT-FOR-US: Node slp-validate CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability w ...) NOT-FOR-US: Node slpjs CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulne ...) NOT-FOR-US: TYPO3 CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...) NOT-FOR-US: TYPO3 CVE-2020-11068 (In LoRaMac-node before 4.4.4, a reception buffer overflow can happen d ...) NOT-FOR-US: LoRaMac-node CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...) NOT-FOR-US: TYPO3 CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...) NOT-FOR-US: TYPO3 CVE-2020-11065 (In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and ...) NOT-FOR-US: TYPO3 CVE-2020-11064 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...) NOT-FOR-US: TYPO3 CVE-2020-11063 (In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that t ...) NOT-FOR-US: TYPO3 CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...) {DLA-2353-1} - bacula 9.6.5-1 [buster] - bacula (Minor issue; can be fixed via point release) - bareos (bug #968957) [buster] - bareos (Minor issue; can be fixed via point release) [stretch] - bareos (minor issue, low priority) NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4 NOTE: https://bugs.bareos.org/view.php?id=1210 NOTE: https://github.com/bareos/bareos/commit/86c6fa479a21a1464366babb74e6cf33770ed7ae (master) NOTE: https://www.bacula.org/git/cgit.cgi/bacula/commit/?id=f9472227317b8e1d26a781d042e0efdf432a633f (Release-9.6.4) CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f NOTE: https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir ...) NOT-FOR-US: AEgir CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011 CVE-2020-11057 (In XWiki Platform 7.2 through 11.10.2, registered users without script ...) NOT-FOR-US: XWiki CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...) NOT-FOR-US: Sprout Forms CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 0.29.2, the ...) NOT-FOR-US: BookStack CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with certif ...) - qutebrowser 1.11.1.post1-1 (unimportant) NOTE: https://github.com/qutebrowser/qutebrowser/issues/5403 NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j NOTE: Depends on qtwebkit, which is not covered by security support CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...) NOT-FOR-US: OAuth2 Proxy CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...) NOT-FOR-US: Sorcery CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...) NOT-FOR-US: Wiki.js CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Improper Va ...) NOT-FOR-US: Java-WebSocket, different from src:websocket-api CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008 CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007 CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009 CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006 CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005 CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp (Vulnerable code introduced later) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013 CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84 CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010 CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled array in ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w CVE-2020-11040 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr CVE-2020-11039 (In FreeRDP less than or equal to 2.0.0, when using a manipulated serve ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq CVE-2020-11038 (In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack ...) NOT-FOR-US: Wagtail CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored XSS vul ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3g3h-rwhr-7385 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11035 (In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11034 (In GLPI before version 9.4.6, there is a vulnerability that allows byp ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11033 (In GLPI from version 9.1 and before version 9.4.6, any API user with R ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11032 (In GLPI before version 9.4.6, there is a SQL injection vulnerability f ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11031 RESERVED CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...) - wordpress 5.4.1+dfsg1-1 (bug #959391) [buster] - wordpress (Vulnerable code not present) [stretch] - wordpress (Vulnerable code not present) [jessie] - wordpress (Vulnerable code not present) NOTE: https://core.trac.wordpress.org/changeset/47636 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: Fixed by: https://github.com/WordPress/wordpress-develop/commit/ec05c8b897ef4ae77fc0cba576573e90a726a52f CVE-2020-11029 (In affected versions of WordPress, a vulnerability in the stats() meth ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47637 NOTE: https://github.com/WordPress/wordpress-develop/935ab39e8ee754735a553c74d41270df1164ae56 (master) CVE-2020-11028 (In affected versions of WordPress, some private posts, which were prev ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47635 NOTE: https://github.com/WordPress/wordpress-develop/commit/8e11facb671932a6eefe0e7e4f3d63d39eef55b3 CVE-2020-11027 (In affected versions of WordPress, a password reset link emailed to a ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47634 NOTE: https://github.com/WordPress/wordpress-develop/commit/4354d1fc5cd55a18bc24555b11db201d5eb87e0c (master) CVE-2020-11026 (In affected versions of WordPress, files with a specially crafted name ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2 NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47638 NOTE: https://github.com/WordPress/wordpress-develop/commit/74d6f9613b96a2948f7675513b8b7f8224bfc386 (master) CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS) vulner ...) {DSA-4677-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) [jessie] - wordpress (Vulnerable code not present) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47633 NOTE: https://github.com/WordPress/wordpress-develop/commit/cfb690cb8efaee32d55b10a7771afb0f1f47aab3 CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable ...) NOT-FOR-US: Moonlight iOS/tvOS CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...) {DSA-4693-1} - jquery [buster] - jquery (Minor issue) [stretch] - jquery (Minor issue) [jessie] - jquery (Vulnerable code note present) - drupal7 [jessie] - drupal7 (Vulnerable code not embedded) - node-jquery 3.5.0+dfsg-2 [buster] - node-jquery (Minor issue) NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 NOTE: https://www.drupal.org/sa-core-2020-002 CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...) {DSA-4693-1} - jquery [buster] - jquery (Minor issue) [stretch] - jquery (Minor issue) [jessie] - jquery (Vulnerable code note present) - node-jquery 3.5.0+dfsg-2 [buster] - node-jquery (Minor issue) - drupal7 [jessie] - drupal7 (Vulnerable code not embedded) NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77 NOTE: https://www.drupal.org/sa-core-2020-002 CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...) NOT-FOR-US: Actions Http-Client CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...) - ruby-faye (bug #959392) [buster] - ruby-faye (Minor issue) NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5 NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh CVE-2020-11018 (In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) [jessie] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated input ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) [jessie] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...) NOT-FOR-US: IntelMQ Manager CVE-2020-11015 RESERVED CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token ...) NOT-FOR-US: Electron-Cash-SLP CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from version ...) - helm-kubernetes (bug #910799) CVE-2020-11012 (MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authenticat ...) NOT-FOR-US: MinIO CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability which allow ...) NOT-FOR-US: Phproject CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of S ...) NOT-FOR-US: Tortoise ORM CVE-2020-11009 (In Rundeck before version 3.2.6, authenticated users can craft a reque ...) NOT-FOR-US: Rundeck CVE-2020-11008 (Affected versions of Git have a vulnerability whereby Git can be trick ...) {DSA-4659-1 DLA-2182-1} - git 1:2.26.2-1 NOTE: https://lore.kernel.org/lkml/xmqq4kterq5s.fsf@gitster.c.googlers.com/ NOTE: https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a88dbd2f8c7fd8c1e2f63483da03bd6928e8791f NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=73aafe9bc27585554181c58871a25e6d0f58a3dc NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=24036686c4af84c9e84e486ef3debab6e6d8e6b5 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=8ba8ed568e2a3b75ee84c49ddffb026fde1a0a91 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a2b26ffb1a81aa23dd14453f4db05d8fe24ee7cc NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=fe29a9b7b0236d3d45c254965580d6aff7fa8504 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c44088ecc4b0722636e0a305f9608d3047197282 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e7fab62b736cca3416660636e46f0be8386a5030 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=1a3609e402a062ef7b11f197fe96c28cabca132c CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller based versi ...) NOT-FOR-US: Shopizer CVE-2020-11006 (In Shopizer before version 2.11.0, a script can be injected in various ...) NOT-FOR-US: Shopizer CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...) NOT-FOR-US: WindowsHello CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. The mai ...) NOT-FOR-US: Admidio CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...) NOT-FOR-US: Oasis (not the same as src:oasis) CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...) NOT-FOR-US: dropwizard-validation CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XS ...) NOT-FOR-US: Wagtail CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps that re ...) NOT-FOR-US: GreenBrowser CVE-2020-10999 RESERVED CVE-2020-10998 RESERVED CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the command li ...) - percona-xtrabackup (Vulnerable code introduced later) NOTE: https://jira.percona.com/browse/PXB-2142 NOTE: Introduced in: https://github.com/percona/percona-xtrabackup/commit/0b38ffc0f30f1b6d3ff7ed0f9cb3ab31a2ccad13 (percona-xtrabackup-2.4.11) NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/ CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41. ...) NOT-FOR-US: Percona XtraDB Cluster CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not suffic ...) {DSA-4691-1} - pdns-recursor 4.3.1-1 [jessie] - pdns-recursor (Vulnerable code added later) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...) - pillow 7.2.0-1 (unimportant) NOTE: https://github.com/python-pillow/Pillow/pull/4505 NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: Fixed in 7.1.0 NOTE: Debian packages are built without JPEG2000 support CVE-2020-10993 (Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader. ...) NOT-FOR-US: Osmand CVE-2020-10992 (Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorMa ...) NOT-FOR-US: Azkaban CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXml ...) NOT-FOR-US: Mulesoft APIkit CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28 because of the ...) NOT-FOR-US: Accenture Mercury CVE-2020-10989 (An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 ...) NOT-FOR-US: Tenda CVE-2020-10988 (A hard-coded telnet credential in the tenda_login binary of Tenda AC15 ...) NOT-FOR-US: Tenda CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05 ...) NOT-FOR-US: Tenda CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC190 ...) NOT-FOR-US: Tenda CVE-2020-10985 (Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. ...) NOT-FOR-US: Gambio GX CVE-2020-10984 (Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. ...) NOT-FOR-US: Gambio GX CVE-2020-10983 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. ...) NOT-FOR-US: Gambio GX CVE-2020-10982 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. ...) NOT-FOR-US: Gambio GX CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10980 (GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogB ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10979 (GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pip ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10978 (GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10977 (GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when mov ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10976 (GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when qu ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerab ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10974 (An issue was discovered on Wavlink WL-WN579G3 - M79X3.V5030.180719 and ...) NOT-FOR-US: Wavlink CVE-2020-10973 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) NOT-FOR-US: Wavlink CVE-2020-10972 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) NOT-FOR-US: Wavlink CVE-2020-10971 (An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-W ...) NOT-FOR-US: Wavlink CVE-2020-10970 RESERVED CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2642 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2662 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ...) {DSA-4690-1} - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-XXXX [RUSTSEC-2020-0006: bumpalo: Flaw in `realloc` allows reading unknown memory] - rust-bumpalo 3.2.1-1 (bug #955151) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0006.html NOTE: https://github.com/fitzgen/bumpalo/issues/69 CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...) NOT-FOR-US: VESTA Control Panel CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...) NOT-FOR-US: Teradici PCoIP Management Console CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...) - serendipity CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...) NOT-FOR-US: FrozenNode Laravel-Administrator CVE-2020-10962 RESERVED CVE-2020-10961 RESERVED CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading Style Shee ...) {DSA-4651-1} - mediawiki 1:1.31.7-1 [stretch] - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T246602 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html CVE-2020-10959 (resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 a ...) - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T232932 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ...) {DSA-4690-1} - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ...) {DSA-4690-1} - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-10956 (GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a proje ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10955 (GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10954 (GitLab through 12.9 is affected by a potential DoS in repository archi ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10953 (In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a pat ...) - gitlab (Only affects GitLab EE 11.7 and later) NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10952 (GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push doc ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10951 (Western Digital My Cloud Home and ibi devices before 2.2.0 allow click ...) NOT-FOR-US: Western Digital My Cloud Home and ibi devices CVE-2020-10950 RESERVED CVE-2020-10949 RESERVED CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) ...) NOT-FOR-US: Jon Hedley AlienForm2 CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...) NOT-FOR-US: Sophos CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) - centreon-web (bug #913903) CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server responses. ...) - centreon-web (bug #913903) CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-si ...) - nomad 0.10.5+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7468 CVE-2020-10943 RESERVED CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...) {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4) CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive inform ...) - mbedtls 2.16.5-1 [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 CVE-2020-10940 (Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER ...) NOT-FOR-US: PHOENIX CONTACT CVE-2020-10939 (Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT thro ...) NOT-FOR-US: PHOENIX CONTACT CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resultant hea ...) {DSA-4675-1 DLA-2173-1} - graphicsmagick 1.4+really1.3.34-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce CVE-2020-10937 RESERVED CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...) - sympa (bug #961491) NOTE: https://sympa-community.github.io/security/2020-002.html NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch NOTE: Patch for sympa-6.1.25: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.1.25-sa-2020-002-r2.patch NOTE: https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/ NOTE: https://github.com/sympa-community/sympa/issues/943 CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with resulta ...) - zulip-server (bug #800052) CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. ...) NOT-FOR-US: Acyba AcyMailing CVE-2020-10933 (An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6 ...) {DSA-4721-1} - ruby2.7 2.7.1-1 - ruby2.5 - ruby2.3 (Vulnerable code introduced in 2.5.0) - ruby2.1 (Vulnerable code introduced in 2.5.0) NOTE: https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/ NOTE: Fixed by: https://github.com/ruby/ruby/commit/61b7f86248bd121be2e83768be71ef289e8e5b90 NOTE: Introduced around https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc NOTE: and https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc CVE-2020-10932 (An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before ...) - mbedtls (bug #963159) [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 CVE-2020-10930 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: Netgear CVE-2020-10929 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10928 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10927 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10926 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10925 (This vulnerability allows network-adjacent attackers to compromise the ...) NOT-FOR-US: Netgear CVE-2020-10924 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2020-10923 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2020-10922 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: C-MORE HMI CVE-2020-10921 (This vulnerability allows remote attackers to issue commands on affect ...) NOT-FOR-US: C-MORE HMI CVE-2020-10920 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: C-MORE HMI CVE-2020-10919 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: C-MORE HMI CVE-2020-10918 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: C-MORE HMI CVE-2020-10917 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NEC CVE-2020-10916 (This vulnerability allows network-adjacent attackers to escalate privi ...) NOT-FOR-US: TP-Link CVE-2020-10915 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: VEEAM One Agent CVE-2020-10914 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: VEEAM One Agent CVE-2020-10913 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10912 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10911 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10910 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10909 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10908 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10907 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10906 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10905 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10904 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10903 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10902 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10901 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10900 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10899 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10898 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10897 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10896 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10895 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10894 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10893 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10892 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10891 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10890 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10889 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10888 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: TP-Link CVE-2020-10887 (This vulnerability allows a firewall bypass on affected installations ...) NOT-FOR-US: TP-Link CVE-2020-10886 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10885 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10884 (This vulnerability allows network-adjacent attackers execute arbitrary ...) NOT-FOR-US: TP-Link CVE-2020-10883 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: TP-Link CVE-2020-10882 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2020-10881 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10880 RESERVED CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...) NOT-FOR-US: rConfig CVE-2020-10878 (Perl before 5.30.3 has an integer overflow related to mishandling of a ...) - perl 5.30.3-1 (bug #962005) [buster] - perl 5.28.1-6+deb10u1 [stretch] - perl 5.24.1-3+deb9u7 NOTE: https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 (v5.30.3) NOTE: https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c (v5.30.3) CVE-2020-10877 RESERVED CVE-2020-10876 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-10875 (Motorola FX9500 devices allow remote attackers to conduct absolute pat ...) NOT-FOR-US: Motorola devices CVE-2020-10874 (Motorola FX9500 devices allow remote attackers to read database files. ...) NOT-FOR-US: Motorola devices CVE-2020-10873 RESERVED CVE-2020-10872 RESERVED CVE-2020-10871 (** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attack ...) NOT-FOR-US: OpenWrt LuCI CVE-2020-10870 (Zim through 0.72.1 creates temporary directories with predictable name ...) - zim 0.72.1-1 (unimportant; bug #954810) NOTE: https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028 NOTE: Negligible security impact CVE-2020-10869 RESERVED CVE-2020-10868 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10867 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10866 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10865 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10864 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10863 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10862 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10861 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An Arbitrary Mem ...) NOT-FOR-US: Avast Antivirus CVE-2020-10859 (Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated ...) NOT-FOR-US: Zoho CVE-2020-10858 RESERVED CVE-2020-10857 RESERVED CVE-2020-10856 RESERVED CVE-2020-10931 (Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial ...) - memcached 1.6.2-1 (bug #954808) [buster] - memcached (Introduced in 1.6) [stretch] - memcached (Introduced in 1.6) [jessie] - memcached (Introduced in 1.6) NOTE: https://github.com/memcached/memcached/issues/629 NOTE: https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305 CVE-2020-10855 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10854 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10853 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10852 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10851 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10850 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10849 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10848 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10847 (An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10846 (An issue was discovered on Samsung mobile devices with P(9.x) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10845 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10844 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10843 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10842 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10841 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10840 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10839 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10837 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10835 (An issue was discovered on Samsung mobile devices with any (before Feb ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10834 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10833 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10832 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10831 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10830 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10829 (An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10828 (A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, ...) NOT-FOR-US: Draytek CVE-2020-10827 (A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, ...) NOT-FOR-US: Draytek CVE-2020-10826 (/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B d ...) NOT-FOR-US: Draytek CVE-2020-10825 (A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 de ...) NOT-FOR-US: Draytek CVE-2020-10824 (A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket ...) NOT-FOR-US: Draytek CVE-2020-10823 (A stack-based buffer overflow in /cgi-bin/activate.cgi through var par ...) NOT-FOR-US: Draytek CVE-2020-10822 RESERVED CVE-2020-10821 (Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. ...) NOT-FOR-US: Nagios XI CVE-2020-10820 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) NOT-FOR-US: Nagios XI CVE-2020-10819 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) NOT-FOR-US: Nagios XI CVE-2020-10818 (Artica Proxy 4.26 allows remote command execution for an authenticated ...) NOT-FOR-US: Artica Proxy CVE-2020-10817 (The custom-searchable-data-entry-system (aka Custom Searchable Data En ...) NOT-FOR-US: custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin for WordPress CVE-2020-10816 RESERVED CVE-2020-10815 RESERVED CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...) NOT-FOR-US: Code::Blocks CVE-2020-10813 (A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to cr ...) NOT-FOR-US: FTPDMIN CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) - hdf5 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4 NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) - hdf5 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 NOTE: https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) - hdf5 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3 NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) - hdf5 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1 NOTE: https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injectio ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass (for RES ...) NOT-FOR-US: Caldera CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before ...) NOT-FOR-US: eZ Publish Kernel CVE-2020-10805 RESERVED CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954667) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 [jessie] - phpmyadmin (Vulnerable code not present) NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/56b43527196b0349ec2bea8ca711667e5aa75c65 NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/d55abcd5ffa1ea8785f1217f5b7d78a8a54b8542 NOTE: https://www.phpmyadmin.net/security/PMASA-2020-2/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80 CVE-2020-10803 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) {DLA-2154-1} - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954666) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 NOTE: https://www.phpmyadmin.net/security/PMASA-2020-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) {DLA-2154-1} - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954665) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 NOTE: https://www.phpmyadmin.net/security/PMASA-2020-3/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe CVE-2020-10801 RESERVED CVE-2020-10800 (lix through 15.8.7 allows man-in-the-middle attackers to execute arbit ...) NOT-FOR-US: lix node (different from src:lix) CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks via an ...) NOT-FOR-US: svglib CVE-2020-10798 RESERVED CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_ping.ph ...) NOT-FOR-US: pfSense CVE-2020-10796 RESERVED CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code ...) NOT-FOR-US: Gira TKS-IP-Gateway CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...) NOT-FOR-US: Gira TKS-IP-Gateway CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to ga ...) - codeigniter (bug #471583) CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10791 (app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10790 (openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that allows attack ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a941523 ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10787 (An elevation of privilege in Vesta Control Panel through 0.9.8-26 allo ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10786 (A remote command execution in Vesta Control Panel through 0.9.8-26 all ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10785 RESERVED CVE-2020-10784 RESERVED CVE-2020-10783 (Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege esc ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible version ...) NOT-FOR-US: Ansible Tower CVE-2020-10781 (A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel ...) - linux 5.7.10-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/18/1 NOTE: https://git.kernel.org/linus/853eab68afc80f59f36bbdeb715e5c88c501e680 CVE-2020-10780 (Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a craf ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10779 (Red Hat CloudForms 4.7 and 5 leads to insecure direct object reference ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10778 (In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited b ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10777 (A cross-site scripting flaw was found in Report Menu feature of Red Ha ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10776 RESERVED CVE-2020-10775 (An Open redirect vulnerability was found in ovirt-engine versions 4.4 ...) NOT-FOR-US: ovirt-engine CVE-2020-10774 RESERVED - linux (Red Hat-specific patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846964 CVE-2020-10773 (A stack information leak flaw was found in s390/s390x in the Linux ker ...) - linux 5.3.9-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 [jessie] - linux 3.16.81-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846380 CVE-2020-10772 RESERVED - unbound (Red Hat specific regression in backport) CVE-2020-10771 RESERVED NOT-FOR-US: Infinispan CVE-2020-10770 RESERVED CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5.0 in ...) - linux 4.19.20-1 [stretch] - linux 4.9.161-1 [jessie] - linux 3.16.68-1 NOTE: https://git.kernel.org/linus/8f9c469348487844328e162db57112f7d347c49f CVE-2020-10768 (A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() fun ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 NOTE: https://git.kernel.org/linus/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf CVE-2020-10767 (A flaw was found in the Linux kernel before 5.8-rc1 in the implementat ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 NOTE: https://git.kernel.org/linus/21998a351512eba4ed5969006f0c55882d995ada CVE-2020-10766 (A logic bug flaw was found in Linux kernel before 5.8-rc1 in the imple ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 NOTE: https://git.kernel.org/linus/dbbe2ad02e9df26e372f38cc3e70dab9222c832e CVE-2020-10765 RESERVED CVE-2020-10764 RESERVED CVE-2020-10763 RESERVED CVE-2020-10762 RESERVED CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD) ...) - qemu 1:5.0-6 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/09/1 NOTE: Proposed upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af CVE-2020-10760 (A use-after-free flaw was found in all samba LDAP server versions befo ...) - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) NOTE: https://www.samba.org/samba/security/CVE-2020-10760.html CVE-2020-10759 (A PGP signature bypass flaw was found in fwupd (all versions), which c ...) {DLA-2274-1} - fwupd 1.3.10-1 (bug #962517) [buster] - fwupd 1.2.13-1 - libjcat 0.1.3-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1844316 NOTE: https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md NOTE: Fixed by: https://github.com/fwupd/fwupd/commit/21f2d12fccef63b8aaa99ec53278ce18250b0444 (1.3.10) NOTE: Introduced with: https://github.com/fwupd/fwupd/commit/36a889034c3d34ae4ac4530ea7b6b16e82476fae (0.1.2) NOTE: https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e CVE-2020-10758 (A vulnerability was found in Keycloak before 11.0.1 where DoS attack i ...) NOT-FOR-US: Keycloak CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-2 [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9 CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP networking ...) {DSA-4728-1 DLA-2288-1} - libslirp 4.3.1-1 - qemu 1:4.1-2 - slirp4netns 1.0.1-1 [buster] - slirp4netns (Minor issue) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11 CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder version ...) - cinder 2:16.1.0-1 (low) [buster] - cinder (Minor issue) [stretch] - cinder (Minor issue) [jessie] - cinder (OpenStack component, not supported in jessie LTS) - python-os-brick 3.1.0-1 (low) [buster] - python-os-brick (Minor issue) NOTE: https://bugs.launchpad.net/cinder/+bug/1823200 NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086 CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...) - network-manager (unimportant) NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448 NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4 NOTE: Only affects builds enabling ifcfg-rh settings plugin, source-wise only NOTE: affected but not the Debian binary builds (and is RedHat/Fedora specific NOTE: plugin). CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...) - ceph [jessie] - ceph (Minor issue) NOTE: https://github.com/ceph/ceph/pull/35773 NOTE: Fix: https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2 CVE-2020-10752 (A flaw was found in the OpenShift API Server, where it failed to suffi ...) NOT-FOR-US: OpenShift CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6 CVE-2020-10750 (Sensitive information written to a log file vulnerability was found in ...) NOT-FOR-US: Jaeger CVE-2020-10749 (A vulnerability was found in all versions of containernetworking/plugi ...) - golang-github-containernetworking-plugins 0.8.6-1 NOTE: https://github.com/containernetworking/plugins/pull/484 NOTE: https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43 CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1, where i ...) NOT-FOR-US: Keycloak CVE-2020-10747 REJECTED CVE-2020-10746 RESERVED CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 4.11.11 ...) - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) NOTE: https://www.samba.org/samba/security/CVE-2020-10745.html CVE-2020-10744 (An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...) - ansible (bug #966660) [buster] - ansible (Incomplete fix not applied) [stretch] - ansible (Incomplete fix not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835566 NOTE: CVE is for an incomplete fix of CVE-2020-1733 CVE-2020-10743 RESERVED - kibana (bug #700337) CVE-2020-10742 RESERVED - linux 3.16.2-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835127 CVE-2020-10741 REJECTED CVE-2020-10740 (A vulnerability was found in Wildfly in versions before 20.0.0.Final, ...) - wildfly (bug #752018) CVE-2020-10739 (Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the foll ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...) - moodle CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with the oddj ...) - oddjob 0.34.6-1 (bug #960089) [buster] - oddjob (Minor issue) [stretch] - oddjob (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042 NOTE: https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions 15.2. ...) - ceph (Vulnerable code introduced later) NOTE: https://ceph.io/releases/v15-2-2-octopus-released/ NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master) NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2) CVE-2020-10735 RESERVED CVE-2020-10734 RESERVED CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ...) - postgresql-12 (Windows-specific) - postgresql-11 (Windows-specific) - postgresql-9.6 (Windows-specific) NOTE: https://www.postgresql.org/about/news/2038/ CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of Userspace cor ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-2 [jessie] - linux (Does not affect supported architectures) NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1 NOTE: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413 CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the Red Hat ...) NOT-FOR-US: Red Hat OpenStack platform CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found ...) - ldb 2:2.1.4-1 [buster] - ldb (Minor issue) - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) [stretch] - ldb (Vulnerable code introduced later) NOTE: https://www.samba.org/samba/security/CVE-2020-10730.html NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0 (for ldb) CVE-2020-10729 [two random password lookups in same task return same value] RESERVED - ansible 2.9.6+dfsg-1 [jessie] - ansible (Vulnerable code introduced later, no variables template caching) NOTE: https://github.com/ansible/ansible/issues/34144 NOTE: https://github.com/ansible/ansible/pull/67429/ NOTE: https://github.com/ansible/ansible/commit/b38603c45ed3a53574ec2080fb3a24db38ab5bc6 NOTE: Introduced in https://github.com/ansible/ansible/commit/87a9485b2f5a3188460f0a0219d2e0d990ce4e67 (2.0) CVE-2020-10728 RESERVED NOT-FOR-US: automationbroker/apb CVE-2020-10727 (A flaw was found in ActiveMQ Artemis management API from version 2.7.0 ...) NOT-FOR-US: ApacheMQ Artemis CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A maliciou ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk (Vulnerable code not present) [stretch] - dpdk (Vulnerable code not present) CVE-2020-10725 (A flaw was found in DPDK version 19.11 and above that allows a malicio ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk (Vulnerable code not present) [stretch] - dpdk (Vulnerable code not present) CVE-2020-10724 (A vulnerability was found in DPDK versions 18.11 and above. The vhost- ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk 18.11.6-1~deb10u2 [stretch] - dpdk (Vulnerable code not present) CVE-2020-10723 (A memory corruption issue was found in DPDK versions 17.05 and above. ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk 18.11.6-1~deb10u2 [stretch] - dpdk (Vulnerable code not present) CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A missing ...) {DSA-4688-1} - dpdk 19.11.2-1 (bug #960936) CVE-2020-10721 RESERVED CVE-2020-10720 (A flaw was found in the Linux kernel's implementation of GRO in versio ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 [jessie] - linux 3.16.76-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1781204 NOTE: Fixed by: https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...) - undertow 2.1.1-1 (bug #969913) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459 NOTE: https://issues.redhat.com/browse/UNDERTOW-1708 (not public) NOTE: most likely fixed by https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf CVE-2020-10718 (A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, wher ...) - wildfly (bug #752018) CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file system dae ...) - qemu 1:5.0-5 (bug #959746) [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=01a6dc95ec7f71eeff9963fe3cb03d85225fba3e (v5.0.0-rc0) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html CVE-2020-10716 RESERVED NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...) NOT-FOR-US: Openshift Web Console CVE-2020-10714 RESERVED NOT-FOR-US: WildFly Elytron CVE-2020-10713 (A flaw was found in grub2, prior to version 2.06. An attacker may use ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...) NOT-FOR-US: image registry operator in OpenShift Container Platform CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's SELinu ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-1 [jessie] - linux (Vulnerability introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2 CVE-2020-10710 RESERVED CVE-2020-10709 RESERVED - ansible-awx (bug #908763) NOTE: https://github.com/ansible/awx/issues/6630 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033 CVE-2020-10708 REJECTED CVE-2020-10707 REJECTED CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth tokens ar ...) NOT-FOR-US: OpenShift CVE-2020-10705 (A flaw was discovered in Undertow in versions before Undertow 2.1.1.Fi ...) - undertow 2.1.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241 NOTE: https://github.com/undertow-io/undertow/commit/b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4 CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain Contro ...) - samba 2:4.12.3+dfsg-2 (bug #960188) [buster] - samba (Can be fixed along in future DSA) [stretch] - samba (Can be fixed along in future DSA) [jessie] - samba (Minor issue and the patch is very invisible, eg. http://paste.debian.net/plain/1143919 is not even complete) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334 NOTE: https://www.samba.org/samba/security/CVE-2020-10704.html CVE-2020-10703 (A NULL pointer dereference was found in the libvirt API responsible in ...) - libvirt 6.0.0-2 [buster] - libvirt (Minor issue) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725 NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1) CVE-2020-10702 (A flaw was found in QEMU in the implementation of the Pointer Authenti ...) - qemu 1:4.2-5 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) - qemu-kvm (Vulnerable code introduced later) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0) CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to DoS] RESERVED - libvirt 6.0.0-7 (bug #955841) [buster] - libvirt (Vulnerable code introduced later) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=95f5ac9ae52455e9da47afc95fa31c9456ac27ae (v5.10.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 (v6.2.0-rc1) CVE-2020-10700 (A use-after-free flaw was found in the way samba AD DC LDAP servers, h ...) - samba 2:4.12.3+dfsg-2 (bug #960189) [buster] - samba (Vulnerable code introduced later) [stretch] - samba (Vulnerable code introduced later) [jessie] - samba (Vulnerable code introduced later) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14331 NOTE: https://www.samba.org/samba/security/CVE-2020-10700.html CVE-2020-10699 (A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 ...) - targetcli-fb (Vulnerable code introduced later) NOTE: https://github.com/open-iscsi/targetcli-fb/issues/162 NOTE: Introduced in: https://github.com/open-iscsi/targetcli-fb/commit/ad37f94ae72d0e3d5963ce182e2897c84af9c039 (v2.1.50) NOTE: Fixed by: https://github.com/open-iscsi/targetcli-fb/commit/6e4f39357a90a914d11bac21cc2d2b52c07c213d CVE-2020-10698 RESERVED NOT-FOR-US: Ansible Tower CVE-2020-10697 RESERVED NOT-FOR-US: Ansible Tower CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5. ...) - golang-github-containers-buildah 1.11.6-2 NOTE: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed CVE-2020-10695 RESERVED NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container CVE-2020-10694 RESERVED CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in ...) - libhibernate-validator-java [buster] - libhibernate-validator-java (EL support added in 5.x) [stretch] - libhibernate-validator-java (EL support added in 5.x) [jessie] - libhibernate-validator-java (EL support added in 5.x) - libhibernate-validator4-java (EL support added in 5.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805501 CVE-2020-10692 RESERVED CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versions 2.9 ...) - ansible 2.9.7+dfsg-1 [buster] - ansible (Vulnerable code introduced later) [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817161 NOTE: https://github.com/ansible/ansible/pull/68596 NOTE: https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8 (stable-2.9) CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a race ...) {DLA-2241-1} - linux 5.4.8-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.228-1 NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where it did ...) NOT-FOR-US: Eclipse Che CVE-2020-10688 RESERVED - resteasy (bug #970328) - resteasy3.0 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974 NOTE: https://github.com/quarkusio/quarkus/issues/7248 NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted) CVE-2020-10687 RESERVED - undertow NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049 CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in ...) NOT-FOR-US: Keycloak CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...) - ansible 2.9.7+dfsg-1 [jessie] - ansible (Vulnerable code introduced later, all decryption in-memory, no transparent file decryption) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627 NOTE: https://github.com/ansible/ansible/pull/68433 NOTE: https://github.com/ansible/ansible/commit/6452a82452f3a721233b50f62419598206442fd9 NOTE: Introduced in https://github.com/ansible/ansible/commit/cdf6e3e4bf44fdab62c2e4ccd3f5fd67ea554548 (2.1) CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...) - ansible 2.9.7+dfsg-1 [jessie] - ansible (Vulnerable code introduced later, 'ansible_facts' variable not exposed) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519 NOTE: https://github.com/ansible/ansible/pull/68431 NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce CVE-2020-10683 (dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and Ext ...) {DLA-2191-1} - dom4j 2.1.3-1 (bug #958055) [buster] - dom4j (Minor issue) [stretch] - dom4j (Minor issue) NOTE: https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d (the fix?) NOTE: https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658 (post-fix refactor?) CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...) NOT-FOR-US: CMS Made Simple CVE-2020-10681 (The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd fi ...) NOT-FOR-US: CMS Made Simple CVE-2020-10680 RESERVED CVE-2020-10679 RESERVED CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-premises A ...) NOT-FOR-US: Octopus Deploy CVE-2020-10677 RESERVED CVE-2020-10676 RESERVED CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows attacker ...) - golang-github-buger-jsonparser 0.0~git20200322.0.f7e751e-1 (bug #954373) [buster] - golang-github-buger-jsonparser (Minor issue) NOTE: https://github.com/buger/jsonparser/issues/188 NOTE: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717 CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2153-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2660 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2153-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2659 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missi ...) NOT-FOR-US: Canon CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10669 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10666 RESERVED CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...) - libperlspeak-perl (bug #954238) [jessie] - libperlspeak-perl (Not supported in jessie LTS) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173 CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 ...) NOT-FOR-US: VxWorks CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...) {DSA-4721-1 DLA-2192-1 DLA-2190-1} - ruby-json 2.3.0+dfsg-1 [buster] - ruby-json 2.1.0+dfsg-2+deb10u1 [stretch] - ruby-json 2.0.1+dfsg-3+deb9u1 - ruby2.7 (Fixed before initial upload to Debian) - ruby2.5 - ruby2.3 [stretch] - ruby2.3 2.3.3-1+deb9u8 - ruby2.1 NOTE: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ NOTE: https://hackerone.com/reports/706934 NOTE: https://github.com/ruby/ruby/commit/36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01 (2.6.6) NOTE: https://github.com/ruby/ruby/commit/b379ecd8b6832dfcd5dad353b6bfd41701e2d678 (2.5.8) CVE-2020-10662 RESERVED CVE-2020-10661 (HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may ...) NOT-FOR-US: HashiCorp Vault CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, ...) NOT-FOR-US: HashiCorp Vault CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...) NOT-FOR-US: Entrust Entelligence Security Provider (ESP) CVE-2020-10658 RESERVED CVE-2020-10657 RESERVED CVE-2020-10656 RESERVED CVE-2020-10655 RESERVED CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...) NOT-FOR-US: Ping Identity PingID CVE-2020-10653 RESERVED CVE-2020-10652 RESERVED CVE-2020-10651 RESERVED CVE-2020-10650 RESERVED CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 ...) NOT-FOR-US: ASUS Device Activation CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...) - u-boot 2020.04+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/5 NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/ NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html CVE-2020-10647 REJECTED CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...) NOT-FOR-US: Fuji Electric V-Server Lite CVE-2020-10645 RESERVED CVE-2020-10644 (The affected product lacks proper validation of user-supplied data, wh ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-10643 (An authenticated remote attacker could use specially crafted URLs to s ...) NOT-FOR-US: PI Vision CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...) NOT-FOR-US: Rockwell CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...) NOT-FOR-US: Inductive Automation CVE-2020-10640 RESERVED CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) NOT-FOR-US: Eaton HMiSoft VU3 CVE-2020-10638 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-10637 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) NOT-FOR-US: Eaton HMiSoft VU3 CVE-2020-10636 RESERVED CVE-2020-10635 RESERVED CVE-2020-10634 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted ...) NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...) NOT-FOR-US: eWON Flexy and Cosy CVE-2020-10632 RESERVED CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does no ...) NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...) NOT-FOR-US: ControlEdge PLC CVE-2020-10627 RESERVED CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...) NOT-FOR-US: Fazecast jSerialComm CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10624 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...) NOT-FOR-US: ControlEdge PLC CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) NOT-FOR-US: LCDS LAquis SCADA CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10620 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication d ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10618 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) NOT-FOR-US: LCDS LAquis SCADA CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10616 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specif ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10614 (In OSIsoft PI System multiple products and versions, an authenticated ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10612 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicat ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10610 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10609 (Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may all ...) NOT-FOR-US: Grundfos CVE-2020-10608 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer ...) NOT-FOR-US: Advantech WebAccess CVE-2020-10606 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10605 (Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests ...) NOT-FOR-US: Grundfos CIM CVE-2020-10604 (In OSIsoft PI System multiple products and versions, a remote, unauthe ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10602 (In OSIsoft PI System multiple products and versions, an authenticated ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-10600 (An authenticated remote attacker could crash PI Archive Subsystem when ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES ...) NOT-FOR-US: Pyxis CVE-2020-10597 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Mul ...) NOT-FOR-US: Insulet CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...) NOT-FOR-US: OpenCart CVE-2020-10595 (pam-krb5 before 4.9 has a buffer overflow that might cause remote code ...) {DSA-4648-1 DLA-2166-1} - libpam-krb5 4.9-1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/31/1 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...) NOT-FOR-US: drf-jwt CVE-2020-10593 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) - tor 0.4.2.7-1 [buster] - tor (Only affects tor 0.4.0.1-alpha onwards) [stretch] - tor (Only affects tor 0.4.0.1-alpha onwards) [jessie] - tor (Only affects tor 0.4.0.1-alpha onwards) NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 NOTE: https://bugs.torproject.org/33619 CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) {DSA-4644-1} - tor 0.4.2.7-1 [stretch] - tor (See DSA 4644) [jessie] - tor (Not supported in jessie LTS) NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 NOTE: https://bugs.torproject.org/33120 CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...) NOT-FOR-US: Walmart Labs Concord CVE-2020-10590 RESERVED CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) NOT-FOR-US: v2rayL CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) NOT-FOR-US: v2rayL CVE-2020-10587 (antiX and MX Linux allow local users to achieve root access via "persi ...) NOT-FOR-US: antiX and MX Linux CVE-2020-10586 RESERVED CVE-2020-10585 RESERVED CVE-2020-10584 RESERVED CVE-2020-10583 RESERVED CVE-2020-10582 RESERVED CVE-2020-10581 RESERVED CVE-2020-10580 RESERVED CVE-2020-10579 RESERVED CVE-2020-10578 (An arbitrary file read vulnerability exists in system/controller/backe ...) NOT-FOR-US: QCMS CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has multiple c ...) - janus 0.9.2-1 (bug #954668) NOTE: https://github.com/meetecho/janus-gateway/pull/1990 CVE-2020-10576 (An issue was discovered in Janus through 0.9.1. plugins/janus_voicemai ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1993 CVE-2020-10575 (An issue was discovered in Janus through 0.9.1. plugins/janus_videocal ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1994 CVE-2020-10574 (An issue was discovered in Janus through 0.9.1. janus.c tries to use a ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1989 CVE-2020-10573 (An issue was discovered in Janus through 0.9.1. janus_audiobridge.c ha ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1988 CVE-2020-10572 RESERVED CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython implemen ...) NOT-FOR-US: psd-tools CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is ...) NOT-FOR-US: Telegram for Android CVE-2020-10569 (SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, w ...) NOT-FOR-US: SysAid On-Premise CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...) NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress CVE-2020-10567 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) NOT-FOR-US: Responsive Filemanager CVE-2020-10566 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) NOT-FOR-US: FreeBSD CVE-2020-10565 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) NOT-FOR-US: FreeBSD CVE-2020-10564 (An issue was discovered in the File Upload plugin before 4.13.0 for Wo ...) NOT-FOR-US: File Upload plugin for WordPress CVE-2020-10563 (An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.ph ...) NOT-FOR-US: DEVOME GRR CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.p ...) NOT-FOR-US: DEVOME GRR CVE-2020-10561 (An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_01 ...) NOT-FOR-US: Xiaomi CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN) through 5 ...) NOT-FOR-US: Open Source Social Network (OSSN) CVE-2020-10559 RESERVED CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before ...) NOT-FOR-US: driving interface of Tesla Model 3 vehicles CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...) NOT-FOR-US: AContent CVE-2020-10556 RESERVED CVE-2020-10555 RESERVED CVE-2020-10554 RESERVED CVE-2020-10553 RESERVED CVE-2020-10552 RESERVED CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...) NOT-FOR-US: QQBrowser CVE-2020-10550 RESERVED CVE-2020-10549 (rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.p ...) NOT-FOR-US: rConfig CVE-2020-10548 (rConfig 3.9.4 and previous versions has unauthenticated devices.inc.ph ...) NOT-FOR-US: rConfig CVE-2020-10547 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...) NOT-FOR-US: rConfig CVE-2020-10546 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...) NOT-FOR-US: rConfig CVE-2020-10545 RESERVED CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFac ...) NOT-FOR-US: PrimeTek PrimeFaces CVE-2020-10543 (Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over ...) - perl 5.30.3-1 (bug #962005) [buster] - perl 5.28.1-6+deb10u1 [stretch] - perl 5.24.1-3+deb9u7 NOTE: https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed (v5.30.3) CVE-2020-10542 RESERVED CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code executi ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...) NOT-FOR-US: Untis WebUntis CVE-2020-10539 RESERVED CVE-2020-10538 RESERVED CVE-2020-10537 RESERVED CVE-2020-10536 RESERVED CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...) NOT-FOR-US: MediaWiki extension CVE-2020-10535 (GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote at ...) - gitlab (Only affects Gitlab 12.8.x) NOTE: https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/ CVE-2020-10533 RESERVED CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allo ...) NOT-FOR-US: AD Helper component in WatchGuard Fireware CVE-2020-10531 (An issue was discovered in International Components for Unicode (ICU) ...) {DSA-4646-1 DLA-2151-1} [experimental] - icu 66.1-2 - icu 63.2-3 (bug #953747) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public) NOTE: Upstream ICU bug: https://unicode-org.atlassian.net/browse/ICU-20958 (private) NOTE: Fixed by: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca NOTE: https://github.com/unicode-org/icu/pull/971 CVE-2020-10530 RESERVED CVE-2020-10529 RESERVED CVE-2020-10528 RESERVED CVE-2020-10527 RESERVED CVE-2020-10526 RESERVED CVE-2020-10525 RESERVED CVE-2020-10524 RESERVED CVE-2020-10523 RESERVED CVE-2020-10522 RESERVED CVE-2020-10521 RESERVED CVE-2020-10520 RESERVED CVE-2020-10519 RESERVED CVE-2020-10518 (A remote code execution vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: GitHub Enterprise Server CVE-2020-10517 (An improper access control vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2020-10516 (An improper access control vulnerability was identified in the GitHub ...) NOT-FOR-US: GitHub Enterprise Server API CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...) NOT-FOR-US: STARFACE UCC Client CVE-2020-10514 (iCatch DVR firmware before 20200103 do not validate function parameter ...) NOT-FOR-US: iCatch DVR CVE-2020-10513 (The file management interface of iCatch DVR firmware before 20200103 c ...) NOT-FOR-US: iCatch DVR CVE-2020-10512 (HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CC ...) NOT-FOR-US: HGiga C&Cmail CVE-2020-10511 (HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAIL ...) NOT-FOR-US: HGiga C&Cmail CVE-2020-10510 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10509 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10508 (Sunnet eHRD, a human training and development management system, impro ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10507 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10506 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10505 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10504 (CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10503 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10502 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10501 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10500 (CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10499 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10498 (CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10497 (CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Lan ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10496 (CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10495 (CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10494 (CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10493 (CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10492 (CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Lang ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10491 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10490 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10489 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10488 (CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10487 (CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10486 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10485 (CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10484 (CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10483 (CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 a ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10482 (CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10481 (CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10480 (CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10479 (CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 a ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10478 (CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10477 (Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi- ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10476 (Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10475 (Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Mul ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10474 (Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10473 (Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10472 (Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard M ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10471 (Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10470 (Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10469 (Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10468 (Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10467 (Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10466 (Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10465 (Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10464 (Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10463 (Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10462 (Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-L ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10461 (The way comments in article.php (vulnerable function in include/functi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10460 (admin/include/operations.php (via admin/email-harvester.php) in Chadha ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10459 (Path Traversal in admin/assetmanager/assetmanager.php (vulnerable func ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10458 (Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Sta ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10457 (Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10456 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10455 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10454 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10453 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10452 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10451 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10450 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10449 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10448 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10447 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10446 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10445 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10444 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10443 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10442 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10441 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10440 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10439 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10438 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10437 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10436 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10435 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10434 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10433 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10432 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10431 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10430 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10429 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10428 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10427 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10426 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10425 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10424 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10423 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10422 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10421 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10420 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10419 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10418 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10417 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10416 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10415 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10414 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10413 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10412 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10411 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10410 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10409 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10408 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10407 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10406 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10405 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10404 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10403 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10402 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10401 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10400 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10399 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10398 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10397 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10396 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10395 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10394 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10393 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10392 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10391 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10390 (OS Command Injection in export.php (vulnerable function called from in ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10389 (admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allo ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10388 (The way the Referer header in article.php is handled in Chadha PHPKB S ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10387 (Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10386 (admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Lang ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10385 (A stored cross-site scripting (XSS) vulnerability exists in the WPForm ...) NOT-FOR-US: WPForms Contact Form plugin for WordPress CVE-2020-10384 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10383 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10382 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10381 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...) - rmysql 0.10.20-1 [buster] - rmysql (Minor issue) [jessie] - rmysql (Minor issue) NOTE: Fixed by: https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32 NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40 CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...) - pillow 7.2.0-1 [buster] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) [stretch] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) [jessie] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: https://github.com/python-pillow/Pillow/pull/4507 NOTE: Fixed in 6.2.3 and 7.1.0 CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...) - pillow 7.2.0-1 [buster] - pillow 5.4.1-2+deb10u2 [stretch] - pillow (Vulnerable code not present) [jessie] - pillow (Vulnerable code not present) NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: https://github.com/python-pillow/Pillow/pull/4506 NOTE: https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2 (Test) NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7 NOTE: https://github.com/python-pillow/Pillow/commit/ada137eba5b605fd5aeff619c33bbf0e53af26ee (Test) NOTE: Fixed in 6.2.3 and 7.1.0 CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...) NOT-FOR-US: Mitel CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...) NOT-FOR-US: Technicolor CVE-2020-10375 RESERVED CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-10373 RESERVED CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...) NOT-FOR-US: Ramp AltitudeCDN Altimeter CVE-2020-10371 RESERVED CVE-2020-10370 RESERVED CVE-2020-10369 RESERVED CVE-2020-10368 RESERVED CVE-2020-10367 RESERVED CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...) NOT-FOR-US: LogicalDoc CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...) NOT-FOR-US: LogicalDoc CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...) NOT-FOR-US: SSH daemon on MikroTik routers CVE-2020-10363 RESERVED CVE-2020-10362 RESERVED CVE-2020-10361 RESERVED CVE-2020-10360 RESERVED CVE-2020-10359 RESERVED CVE-2020-10358 RESERVED CVE-2020-10357 RESERVED CVE-2020-10356 RESERVED CVE-2020-10355 RESERVED CVE-2020-10354 RESERVED CVE-2020-10353 RESERVED CVE-2020-10352 RESERVED CVE-2020-10351 RESERVED CVE-2020-10350 RESERVED CVE-2020-10349 RESERVED CVE-2020-10348 RESERVED CVE-2020-10347 RESERVED CVE-2020-10346 RESERVED CVE-2020-10345 RESERVED CVE-2020-10344 RESERVED CVE-2020-10343 RESERVED CVE-2020-10342 RESERVED CVE-2020-10341 RESERVED CVE-2020-10340 RESERVED CVE-2020-10339 RESERVED CVE-2020-10338 RESERVED CVE-2020-10337 RESERVED CVE-2020-10336 RESERVED CVE-2020-10335 RESERVED CVE-2020-10334 RESERVED CVE-2020-10333 RESERVED CVE-2020-10332 RESERVED CVE-2020-10331 RESERVED CVE-2020-10330 RESERVED CVE-2020-10329 RESERVED CVE-2020-10328 RESERVED CVE-2020-10327 RESERVED CVE-2020-10326 RESERVED CVE-2020-10325 RESERVED CVE-2020-10324 RESERVED CVE-2020-10323 RESERVED CVE-2020-10322 RESERVED CVE-2020-10321 RESERVED CVE-2020-10320 RESERVED CVE-2020-10319 RESERVED CVE-2020-10318 RESERVED CVE-2020-10317 RESERVED CVE-2020-10316 RESERVED CVE-2020-10315 RESERVED CVE-2020-10314 RESERVED CVE-2020-10313 RESERVED CVE-2020-10312 RESERVED CVE-2020-10311 RESERVED CVE-2020-10310 RESERVED CVE-2020-10309 RESERVED CVE-2020-10308 RESERVED CVE-2020-10307 RESERVED CVE-2020-10306 RESERVED CVE-2020-10305 RESERVED CVE-2020-10304 RESERVED CVE-2020-10303 RESERVED CVE-2020-10302 RESERVED CVE-2020-10301 RESERVED CVE-2020-10300 RESERVED CVE-2020-10299 RESERVED CVE-2020-10298 RESERVED CVE-2020-10297 RESERVED CVE-2020-10296 RESERVED CVE-2020-10295 RESERVED CVE-2020-10294 RESERVED CVE-2020-10293 RESERVED CVE-2020-10292 RESERVED CVE-2020-10291 RESERVED CVE-2020-10290 (Universal Robots controller execute URCaps (zip files containing Java- ...) NOT-FOR-US: Universal Robots controller CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary objects. Th ...) {DLA-2357-1} - ros-actionlib 1.13.1-4 (bug #968830) [buster] - ros-actionlib (Minor issue) NOTE: https://github.com/ros/actionlib/pull/171 CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...) NOT-FOR-US: ABB IRC5 CVE-2020-10287 (The IRC5 family with UAS service enabled comes by default with credent ...) NOT-FOR-US: ABB IRC5 CVE-2020-10286 (the main user account has restricted privileges but is in the sudoers ...) NOT-FOR-US: xArm CVE-2020-10285 (The authentication implementation on the xArm controller has very low ...) NOT-FOR-US: xArm CVE-2020-10284 (No authentication is required to control the robot inside the network, ...) NOT-FOR-US: xArm CVE-2020-10283 (The Micro Air Vehicle Link (MAVLink) protocol presents authentication ...) NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol CVE-2020-10282 (The Micro Air Vehicle Link (MAVLink) protocol presents no authenticati ...) NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol CVE-2020-10281 (This vulnerability applies to the Micro Air Vehicle Link (MAVLink) pro ...) NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol CVE-2020-10280 (The Apache server on port 80 that host the web interface is vulnerable ...) NOT-FOR-US: MiR CVE-2020-10279 (MiR robot controllers (central computation unit) makes use of Ubuntu 1 ...) NOT-FOR-US: MiR CVE-2020-10278 (The BIOS onboard MiR's Computer is not protected by password, therefor ...) NOT-FOR-US: MiR CVE-2020-10277 (There is no mechanism in place to prevent a bad operator to boot from ...) NOT-FOR-US: MiR CVE-2020-10276 (The password for the safety PLC is the default and thus easy to find ( ...) NOT-FOR-US: Safety PLC CVE-2020-10275 (The access tokens for the REST API are directly derived from the publi ...) NOT-FOR-US: MiR CVE-2020-10274 (The access tokens for the REST API are directly derived (sha256 and ba ...) NOT-FOR-US: MiR CVE-2020-10273 (MiR controllers across firmware versions 2.8.1.1 and before do not enc ...) NOT-FOR-US: MiR CVE-2020-10272 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...) NOT-FOR-US: MiR CVE-2020-10271 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...) NOT-FOR-US: MiR CVE-2020-10270 (Out of the wired and wireless interfaces within MiR100, MiR200 and oth ...) NOT-FOR-US: MiR CVE-2020-10269 (One of the wireless interfaces within MiR100, MiR200 and possibly (acc ...) NOT-FOR-US: MiR CVE-2020-10268 (Critical services for operation can be terminated from windows task ma ...) NOT-FOR-US: Kuka CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...) NOT-FOR-US: Universal Robots control box CB CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...) NOT-FOR-US: Universal Robots+ CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, ...) NOT-FOR-US: Universal Robots+ CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards al ...) NOT-FOR-US: CB3 SW CVE-2020-10263 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Atta ...) NOT-FOR-US: XIAOMI CVE-2020-10262 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Att ...) NOT-FOR-US: XIAOMI CVE-2020-10261 RESERVED CVE-2020-10260 RESERVED CVE-2020-10259 RESERVED CVE-2020-10258 RESERVED CVE-2020-10257 (The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks acces ...) NOT-FOR-US: ThemeREX Addons plugin for WordPress CVE-2020-10256 RESERVED CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...) NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips CVE-2020-10254 RESERVED CVE-2020-10253 RESERVED CVE-2020-10252 RESERVED CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...) - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #953741) [buster] - imagemagick (Minor issue) [stretch] - imagemagick (Vulnerable code introduced later with HEIC image format support) [jessie] - imagemagick (Vulnerable code introduced later with HEIC image format support) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/868aad754ee599eb7153b84d610f2ecdf7b339f6 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3456724dff047db5adb32f8cf70c903c1b7d16d4 CVE-2020-10250 (BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitra ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10249 (BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10248 (BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwo ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is ...) NOT-FOR-US: MISP CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is ...) NOT-FOR-US: MISP CVE-2020-10245 (CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control run ...) NOT-FOR-US: CODESYS CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...) NOT-FOR-US: JPaseto CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...) NOT-FOR-US: Joomla! CVE-2020-10242 (An issue was discovered in Joomla! before 3.9.16. Inadequate handling ...) NOT-FOR-US: Joomla! CVE-2020-10241 (An issue was discovered in Joomla! before 3.9.16. Missing token checks ...) NOT-FOR-US: Joomla! CVE-2020-10240 (An issue was discovered in Joomla! before 3.9.16. Missing length check ...) NOT-FOR-US: Joomla! CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect Access Con ...) NOT-FOR-US: Joomla! CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various actions in c ...) NOT-FOR-US: Joomla! CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...) NOT-FOR-US: Froxlor CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...) NOT-FOR-US: Froxlor CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...) NOT-FOR-US: Froxlor CVE-2020-10234 RESERVED CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...) - sleuthkit (unimportant) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829 NOTE: Crash in CLI tool, no security impact CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack ...) {DLA-2137-1} [experimental] - sleuthkit 4.9.0+dfsg-1 - sleuthkit (low; bug #953976) [buster] - sleuthkit (Minor issue) [stretch] - sleuthkit (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836 NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1 CVE-2020-10231 (TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_17 ...) NOT-FOR-US: TP-Link CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-10229 (A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unw ...) NOT-FOR-US: vtecrm vtenext CVE-2020-10228 (A file upload vulnerability in vtecrm vtenext 19 CE allows authenticat ...) NOT-FOR-US: vtecrm vtenext CVE-2020-10227 (A cross-site scripting (XSS) vulnerability in the messages module of v ...) NOT-FOR-US: vtecrm vtenext CVE-2020-10226 RESERVED CVE-2020-10225 (An unauthenticated file upload vulnerability has been identified in ad ...) NOT-FOR-US: PHPGurukul Job Portal CVE-2020-10224 (An unauthenticated file upload vulnerability has been identified in ad ...) NOT-FOR-US: PHPGurukul Online Book Store CVE-2020-10223 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode ...) NOT-FOR-US: npdf.dll in Nitro Pro CVE-2020-10222 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corrupt ...) NOT-FOR-US: npdf.dll in Nitro Pro CVE-2020-10221 (lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows re ...) NOT-FOR-US: rConfig CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interface is ...) NOT-FOR-US: rConfig CVE-2020-10219 RESERVED CVE-2020-10218 (A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 ...) NOT-FOR-US: Sapplica Sentrifugo CVE-2020-10217 RESERVED CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10215 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10214 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is ...) NOT-FOR-US: D-Link CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...) NOT-FOR-US: Responsive FileManager CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...) NOT-FOR-US: Mitel CVE-2020-10210 RESERVED CVE-2020-10209 RESERVED CVE-2020-10208 RESERVED CVE-2020-10207 RESERVED CVE-2020-10206 RESERVED CVE-2020-10205 RESERVED CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10203 (Sonatype Nexus Repository before 3.21.2 allows XSS. ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10202 RESERVED CVE-2020-10201 RESERVED CVE-2020-10200 RESERVED CVE-2020-10199 (Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10198 RESERVED CVE-2020-10197 RESERVED CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 for Wor ...) NOT-FOR-US: popup-builder plugin for WordPress CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...) NOT-FOR-US: popup-builder plugin for WordPress CVE-2020-10194 (cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8. ...) NOT-FOR-US: Zimbra CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...) NOT-FOR-US: ESET Archive Support Module CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...) NOT-FOR-US: Munkireport CVE-2020-10191 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) NOT-FOR-US: Munkireport CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) NOT-FOR-US: Munkireport CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...) {DLA-2341-1 DLA-2176-1} - inetutils 2:1.9.4-12 (bug #956084) [buster] - inetutils (Minor issue) - netkit-telnet 0.17-18woody2 (bug #953477) - netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478) NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html NOTE: https://github.com/marado/netkit-telnet-ssl/issues/5 NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2020-04/msg00010.html NOTE: Patch in Fedora: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch CVE-2020-10187 (Doorkeeper version 5.0.0 and later contains an information disclosure ...) - ruby-doorkeeper 5.0.3-1 (bug #959903) NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6 NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9 CVE-2020-10186 RESERVED CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...) {DLA-2141-1} - yubikey-val [buster] - yubikey-val (Minor issue) [stretch] - yubikey-val (Minor issue) NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 CVE-2020-10184 (The verify endpoint in YubiKey Validation Server before 2.40 does not ...) {DLA-2141-1} - yubikey-val [buster] - yubikey-val (Minor issue) [stretch] - yubikey-val (Minor issue) NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 CVE-2020-10183 RESERVED CVE-2020-10182 RESERVED CVE-2020-10181 (goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4. ...) NOT-FOR-US: Sumavision Enhanced Multimedia Router CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...) NOT-FOR-US: ESET AV parsing engine CVE-2020-10179 RESERVED CVE-2020-10178 REJECTED CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...) {DLA-2317-1} - pillow 7.2.0-1 [buster] - pillow 5.4.1-2+deb10u2 NOTE: https://github.com/python-pillow/Pillow/pull/4503 NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: Fixed in 6.2.3 and 7.1.0 CVE-2020-10176 (ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow E ...) NOT-FOR-US: ASSA ABLOY Yale WIPC-301W CVE-2020-10175 REJECTED CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely ...) - timeshift 20.03+ds-1 (bug #953385) [buster] - timeshift 19.01+ds-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/06/3 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1165802 NOTE: https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462 CVE-2020-10173 (Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Mult ...) NOT-FOR-US: Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices CVE-2020-10172 RESERVED CVE-2020-10171 RESERVED CVE-2020-10170 RESERVED CVE-2020-10169 RESERVED CVE-2020-10168 RESERVED CVE-2020-10167 RESERVED CVE-2020-10166 RESERVED CVE-2020-10165 RESERVED CVE-2020-10164 RESERVED CVE-2020-10163 RESERVED CVE-2020-10162 RESERVED CVE-2020-10161 RESERVED CVE-2020-10160 RESERVED CVE-2020-10159 RESERVED CVE-2020-10158 RESERVED CVE-2020-10157 RESERVED CVE-2020-10156 RESERVED CVE-2020-10155 RESERVED CVE-2020-10154 RESERVED CVE-2020-10153 RESERVED CVE-2020-10152 RESERVED CVE-2020-10151 RESERVED CVE-2020-10150 RESERVED CVE-2020-10149 RESERVED CVE-2020-10148 RESERVED CVE-2020-10147 RESERVED CVE-2020-10146 RESERVED CVE-2020-10145 RESERVED CVE-2020-10144 RESERVED CVE-2020-10143 RESERVED CVE-2020-10142 RESERVED CVE-2020-10141 RESERVED CVE-2020-10140 RESERVED CVE-2020-10139 RESERVED CVE-2020-10138 RESERVED CVE-2020-10137 RESERVED CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...) NOT-FOR-US: Cisco CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...) NOTE: Bluetooth protocol issue CVE-2020-10134 (Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthe ...) NOTE: Bluetooth protocol issue CVE-2020-10133 RESERVED CVE-2020-10132 RESERVED CVE-2020-10131 RESERVED CVE-2020-10130 RESERVED CVE-2020-10129 RESERVED CVE-2020-10128 RESERVED CVE-2020-10127 RESERVED CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-10125 (NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 51 ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-10124 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authentic ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-10123 (The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to delete arbit ...) NOT-FOR-US: cPanel CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code execution ...) NOT-FOR-US: cPanel CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code executio ...) NOT-FOR-US: cPanel CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote code exe ...) NOT-FOR-US: cPanel CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files via Brandi ...) NOT-FOR-US: cPanel CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in the Mar ...) NOT-FOR-US: cPanel CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended restrictions ...) NOT-FOR-US: cPanel CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code ex ...) NOT-FOR-US: cPanel CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file editor ...) NOT-FOR-US: cPanel CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary character-set sp ...) NOT-FOR-US: cPanel CVE-2020-10112 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poison ...) NOT-FOR-US: Citrix CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent ...) NOT-FOR-US: Citrix CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information ...) NOT-FOR-US: Citrix CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) {DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted (Minor issue) [stretch] - twisted (Minor issue) NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) {DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted (Minor issue) [stretch] - twisted (Minor issue) NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2020-10106 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injec ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2020-10105 (An issue was discovered in Zammad 3.0 through 3.2. It returns source c ...) - zammad (bug #841355) CVE-2020-10104 (An issue was discovered in Zammad 3.0 through 3.2. After authenticatio ...) - zammad (bug #841355) CVE-2020-10103 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10102 (An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password ...) - zammad (bug #841355) CVE-2020-10101 (An issue was discovered in Zammad 3.0 through 3.2. The WebSocket serve ...) - zammad (bug #841355) CVE-2020-10100 (An issue was discovered in Zammad 3.0 through 3.2. It allows for users ...) - zammad (bug #841355) CVE-2020-10099 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10098 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10097 (An issue was discovered in Zammad 3.0 through 3.2. It may respond with ...) - zammad (bug #841355) CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not prevent ...) - zammad (bug #841355) CVE-2020-10095 RESERVED CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW7 ...) NOT-FOR-US: Lexmark CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series in ...) NOT-FOR-US: Lexmark CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...) - gitlab (Only affects Gitlab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...) - gitlab (Only affects Gitlab 12.3.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain con ...) - gitlab (Only affects Gitlab 12.7 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of servi ...) - gitlab (Only affects Gitlab 12.2 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation re ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting v ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error h ...) - gitlab (Only affects Gitlab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10072 RESERVED CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of the len ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can result i ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10069 RESERVED CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate and back- ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10066 RESERVED CVE-2020-10065 RESERVED CVE-2020-10064 RESERVED CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP packets to ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length decoder c ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10061 (Improper handling of the full-buffer case in the Zephyr Bluetooth impl ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1] ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10058 (Multiple syscalls in the Kscan subsystem perform insufficient argument ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...) NOT-FOR-US: GeniXCMS CVE-2020-10056 (A vulnerability has been identified in License Management Utility (LMU ...) NOT-FOR-US: Siemens CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...) NOT-FOR-US: Desigo CVE-2020-10054 RESERVED CVE-2020-10053 RESERVED CVE-2020-10052 RESERVED CVE-2020-10051 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10048 RESERVED CVE-2020-10047 RESERVED CVE-2020-10046 RESERVED CVE-2020-10045 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10044 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10043 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10042 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10041 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10040 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10039 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10038 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10037 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10036 RESERVED CVE-2020-10035 RESERVED CVE-2020-10034 RESERVED CVE-2020-10033 RESERVED CVE-2020-10032 RESERVED CVE-2020-10031 RESERVED CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and including ...) - pdns-recursor 4.3.1-1 (unimportant) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 NOTE: Non exploitable on Linux CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...) - glibc 2.30-1 (bug #953108) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25487 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a CVE-2020-9999 RESERVED CVE-2020-9998 RESERVED CVE-2020-9997 RESERVED CVE-2020-9996 RESERVED CVE-2020-9995 RESERVED CVE-2020-9994 RESERVED CVE-2020-9993 RESERVED CVE-2020-9992 RESERVED CVE-2020-9991 RESERVED CVE-2020-9990 RESERVED CVE-2020-9989 RESERVED CVE-2020-9988 RESERVED CVE-2020-9987 RESERVED CVE-2020-9986 RESERVED CVE-2020-9985 RESERVED CVE-2020-9984 RESERVED CVE-2020-9983 RESERVED CVE-2020-9982 RESERVED CVE-2020-9981 RESERVED CVE-2020-9980 RESERVED CVE-2020-9979 RESERVED CVE-2020-9978 RESERVED CVE-2020-9977 RESERVED CVE-2020-9976 RESERVED CVE-2020-9975 RESERVED CVE-2020-9974 RESERVED CVE-2020-9973 RESERVED CVE-2020-9972 RESERVED CVE-2020-9971 RESERVED CVE-2020-9970 RESERVED CVE-2020-9969 RESERVED CVE-2020-9968 RESERVED CVE-2020-9967 RESERVED CVE-2020-9966 RESERVED CVE-2020-9965 RESERVED CVE-2020-9964 RESERVED CVE-2020-9963 RESERVED CVE-2020-9962 RESERVED CVE-2020-9961 RESERVED CVE-2020-9960 RESERVED CVE-2020-9959 RESERVED CVE-2020-9958 RESERVED CVE-2020-9957 RESERVED CVE-2020-9956 RESERVED CVE-2020-9955 RESERVED CVE-2020-9954 RESERVED CVE-2020-9953 RESERVED CVE-2020-9952 RESERVED CVE-2020-9951 RESERVED CVE-2020-9950 RESERVED CVE-2020-9949 RESERVED CVE-2020-9948 RESERVED CVE-2020-9947 RESERVED CVE-2020-9946 RESERVED CVE-2020-9945 RESERVED CVE-2020-9944 RESERVED CVE-2020-9943 RESERVED CVE-2020-9942 RESERVED CVE-2020-9941 RESERVED CVE-2020-9940 RESERVED CVE-2020-9939 RESERVED CVE-2020-9938 RESERVED CVE-2020-9937 RESERVED CVE-2020-9936 RESERVED CVE-2020-9935 RESERVED CVE-2020-9934 RESERVED CVE-2020-9933 RESERVED CVE-2020-9932 RESERVED CVE-2020-9931 RESERVED CVE-2020-9930 RESERVED CVE-2020-9929 RESERVED CVE-2020-9928 RESERVED CVE-2020-9927 RESERVED CVE-2020-9926 RESERVED CVE-2020-9925 RESERVED {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9924 RESERVED CVE-2020-9923 RESERVED CVE-2020-9922 RESERVED CVE-2020-9921 RESERVED CVE-2020-9920 RESERVED CVE-2020-9919 RESERVED CVE-2020-9918 RESERVED CVE-2020-9917 RESERVED CVE-2020-9916 RESERVED CVE-2020-9915 RESERVED {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9914 RESERVED CVE-2020-9913 RESERVED CVE-2020-9912 RESERVED CVE-2020-9911 RESERVED CVE-2020-9910 RESERVED CVE-2020-9909 RESERVED CVE-2020-9908 RESERVED CVE-2020-9907 RESERVED CVE-2020-9906 RESERVED CVE-2020-9905 RESERVED CVE-2020-9904 RESERVED CVE-2020-9903 RESERVED CVE-2020-9902 RESERVED CVE-2020-9901 RESERVED CVE-2020-9900 RESERVED CVE-2020-9899 RESERVED CVE-2020-9898 RESERVED CVE-2020-9897 RESERVED CVE-2020-9896 RESERVED CVE-2020-9895 RESERVED {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9894 RESERVED {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9893 RESERVED {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9892 RESERVED CVE-2020-9891 RESERVED CVE-2020-9890 RESERVED CVE-2020-9889 RESERVED CVE-2020-9888 RESERVED CVE-2020-9887 RESERVED CVE-2020-9886 RESERVED CVE-2020-9885 RESERVED CVE-2020-9884 RESERVED CVE-2020-9883 RESERVED CVE-2020-9882 RESERVED CVE-2020-9881 RESERVED CVE-2020-9880 RESERVED CVE-2020-9879 RESERVED CVE-2020-9878 RESERVED CVE-2020-9877 RESERVED CVE-2020-9876 RESERVED CVE-2020-9875 RESERVED CVE-2020-9874 RESERVED CVE-2020-9873 RESERVED CVE-2020-9872 RESERVED CVE-2020-9871 RESERVED CVE-2020-9870 RESERVED CVE-2020-9869 RESERVED CVE-2020-9868 RESERVED CVE-2020-9867 RESERVED CVE-2020-9866 RESERVED CVE-2020-9865 RESERVED CVE-2020-9864 RESERVED CVE-2020-9863 RESERVED CVE-2020-9862 RESERVED {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9861 RESERVED CVE-2020-9860 RESERVED CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...) NOT-FOR-US: Apple CVE-2020-9857 RESERVED CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2020-9854 RESERVED CVE-2020-9853 RESERVED CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9849 RESERVED CVE-2020-9848 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9846 RESERVED CVE-2020-9845 RESERVED CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...) NOT-FOR-US: Apple CVE-2020-9843 (An input validation issue was addressed with improved input validation ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9842 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...) NOT-FOR-US: SwiftNIO Extras CVE-2020-9839 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9836 RESERVED CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue was resol ...) NOT-FOR-US: Apple CVE-2020-9834 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9833 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-9832 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9830 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-9828 RESERVED CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9825 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2020-9824 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9823 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9821 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9820 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9819 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9817 (A permissions issue existed. This issue was addressed with improved pe ...) NOT-FOR-US: Apple CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was address ...) NOT-FOR-US: Apple CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was address ...) NOT-FOR-US: Apple CVE-2020-9812 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-9810 RESERVED CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2020-9799 RESERVED CVE-2020-9798 RESERVED CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...) NOT-FOR-US: Apple CVE-2020-9796 RESERVED CVE-2020-9795 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - sqlite3 NOTE: https://vuldb.com/?id.155768 NOTE: As usual Apple advisories are too unspecific CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-9791 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-9787 RESERVED CVE-2020-9786 RESERVED CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple Safari CVE-2020-9783 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9782 RESERVED CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...) NOT-FOR-US: Apple CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...) NOT-FOR-US: Apple CVE-2020-9779 RESERVED CVE-2020-9778 RESERVED CVE-2020-9777 (An issue existed in the selection of video file by Mail. The issue was ...) NOT-FOR-US: Apple CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in picture ...) NOT-FOR-US: Apple CVE-2020-9774 RESERVED CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...) NOT-FOR-US: Apple CVE-2020-9772 RESERVED CVE-2020-9771 RESERVED CVE-2020-9770 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. This i ...) NOT-FOR-US: Apple CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9767 (A vulnerability related to Dynamic-link Library (“DLL”) lo ...) NOT-FOR-US: Zoom CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10026 REJECTED CVE-2020-10025 REJECTED CVE-2020-10024 (The arm platform-specific code uses a signed integer comparison when v ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10023 (The shell subsystem contains a buffer overflow, whereby an adversary w ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10022 (A malformed JSON payload that is received from an UpdateHub server may ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10021 (Out-of-bounds Write in the USB Mass Storage memoryWrite handler with u ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10020 REJECTED CVE-2020-10019 (USB DFU has a potential buffer overflow where the requested length (wL ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the ...) {DSA-4641-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0003.html CVE-2020-10017 RESERVED CVE-2020-10016 RESERVED CVE-2020-10015 RESERVED CVE-2020-10014 RESERVED CVE-2020-10013 RESERVED CVE-2020-10012 RESERVED CVE-2020-10011 RESERVED CVE-2020-10010 RESERVED CVE-2020-10009 RESERVED CVE-2020-10008 RESERVED CVE-2020-10007 RESERVED CVE-2020-10006 RESERVED CVE-2020-10005 RESERVED CVE-2020-10004 RESERVED CVE-2020-10003 RESERVED CVE-2020-10002 RESERVED CVE-2020-10001 RESERVED CVE-2020-10000 RESERVED CVE-2020-9766 RESERVED CVE-2020-9765 RESERVED CVE-2020-9764 RESERVED CVE-2020-9763 RESERVED CVE-2020-9762 RESERVED CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...) NOT-FOR-US: UNCTAD ASYCUDA World CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affe ...) {DLA-2157-1} - weechat 2.7.1-1 [buster] - weechat (Minor issue) [stretch] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affe ...) {DLA-2157-1} - weechat 2.7.1-1 [buster] - weechat (Minor issue) [stretch] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...) NOT-FOR-US: LiveZilla Live Chat CVE-2020-9757 (The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side T ...) NOT-FOR-US: Seomatic component for Craft CMS CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...) NOT-FOR-US: Patriot Viper RGB Driver CVE-2020-9755 RESERVED CVE-2020-9754 RESERVED CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...) NOT-FOR-US: Whale Browser CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...) NOT-FOR-US: Naver Cloud Explorer CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an ...) NOT-FOR-US: Naver Cloud Explorer CVE-2020-9750 RESERVED CVE-2020-9749 RESERVED CVE-2020-9748 RESERVED CVE-2020-9747 RESERVED CVE-2020-9746 RESERVED CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) NOT-FOR-US: Adobe CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) NOT-FOR-US: Adobe CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9741 (The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9739 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) NOT-FOR-US: Adobe CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9736 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9735 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9734 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9733 (An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (a ...) NOT-FOR-US: Adobe AEM CVE-2020-9732 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9731 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9730 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9729 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9728 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9727 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9726 (Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of ...) NOT-FOR-US: Adobe CVE-2020-9725 (Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper ...) NOT-FOR-US: Adobe CVE-2020-9724 (Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library ...) NOT-FOR-US: Adobe CVE-2020-9723 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9722 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9721 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9720 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9719 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9718 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9717 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9716 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9715 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9714 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9713 RESERVED CVE-2020-9712 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9711 RESERVED CVE-2020-9710 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9709 RESERVED CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...) NOT-FOR-US: Adobe CVE-2020-9707 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9706 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9705 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9704 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9703 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9702 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9701 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9700 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9699 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9698 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9697 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9696 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9695 RESERVED CVE-2020-9694 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9693 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9692 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9691 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9690 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9689 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9688 (Adobe Download Manager version 2.0.0.518 have a command injection vuln ...) NOT-FOR-US: Adobe CVE-2020-9687 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9686 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9685 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9684 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9683 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9682 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9681 RESERVED CVE-2020-9680 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vul ...) NOT-FOR-US: Adobe CVE-2020-9679 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vuln ...) NOT-FOR-US: Adobe CVE-2020-9678 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vul ...) NOT-FOR-US: Adobe CVE-2020-9677 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vuln ...) NOT-FOR-US: Adobe CVE-2020-9676 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write v ...) NOT-FOR-US: Adobe CVE-2020-9675 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vu ...) NOT-FOR-US: Adobe CVE-2020-9674 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write v ...) NOT-FOR-US: Adobe CVE-2020-9673 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...) NOT-FOR-US: Adobe CVE-2020-9672 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...) NOT-FOR-US: Adobe CVE-2020-9671 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9670 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9669 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9668 RESERVED CVE-2020-9667 RESERVED CVE-2020-9666 (Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerab ...) NOT-FOR-US: Adobe CVE-2020-9665 (Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9664 (Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9663 (Adobe Reader Mobile versions 20.0.1 and earlier have a directory trave ...) NOT-FOR-US: Adobe CVE-2020-9662 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9661 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds re ...) NOT-FOR-US: Adobe CVE-2020-9660 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9659 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...) NOT-FOR-US: Adobe CVE-2020-9658 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...) NOT-FOR-US: Adobe CVE-2020-9657 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9656 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9655 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9654 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9653 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9652 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds rea ...) NOT-FOR-US: Adobe CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9650 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9649 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds re ...) NOT-FOR-US: Adobe CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9646 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind server- ...) NOT-FOR-US: Adobe CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9643 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...) NOT-FOR-US: Adobe CVE-2020-9642 (Adobe Illustrator versions 24.1.2 and earlier have a buffer errors vul ...) NOT-FOR-US: Adobe CVE-2020-9641 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9640 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9639 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9638 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...) NOT-FOR-US: Adobe CVE-2020-9637 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...) NOT-FOR-US: Adobe CVE-2020-9636 (Adobe Framemaker versions 2019.0.5 and below have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9635 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9634 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9633 (Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash ...) NOT-FOR-US: Adobe CVE-2020-9632 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9631 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9630 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9629 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9628 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9627 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9626 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9625 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9624 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9623 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9622 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9621 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9620 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9619 RESERVED CVE-2020-9618 (Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read ...) NOT-FOR-US: Adobe CVE-2020-9617 (Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds r ...) NOT-FOR-US: Adobe CVE-2020-9616 (Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds rea ...) NOT-FOR-US: Adobe CVE-2020-9615 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9614 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9613 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9612 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9611 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9610 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9609 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9608 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9607 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9606 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9605 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9604 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9603 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9602 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9601 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9600 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9599 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9598 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9597 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9596 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9595 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9594 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9593 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9592 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9591 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9590 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9589 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9588 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9587 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9586 (Adobe Character Animator versions 3.2 and earlier have a buffer overfl ...) NOT-FOR-US: Adobe CVE-2020-9585 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9584 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9583 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9582 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9581 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9580 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9579 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9578 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9577 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9576 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9575 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9574 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9573 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9572 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9571 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9570 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9569 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9568 (Adobe Bridge versions 10.0.1 and earlier version have a memory corrupt ...) NOT-FOR-US: Adobe CVE-2020-9567 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...) NOT-FOR-US: Adobe CVE-2020-9566 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...) NOT-FOR-US: Adobe CVE-2020-9565 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9564 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9563 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow ...) NOT-FOR-US: Adobe CVE-2020-9562 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow ...) NOT-FOR-US: Adobe CVE-2020-9561 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9560 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9559 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9558 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9557 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9556 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9555 (Adobe Bridge versions 10.0.1 and earlier version have a stack-based bu ...) NOT-FOR-US: Adobe CVE-2020-9554 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9553 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9552 (Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerabi ...) NOT-FOR-US: Adobe CVE-2020-9551 (Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. ...) NOT-FOR-US: Adobe CVE-2020-9550 (Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication b ...) NOT-FOR-US: Rubetek SmartHome 2020 devices CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ...) {DLA-2134-1} - pdfresurrect 0.20-1 (unimportant; bug #952948) NOTE: https://github.com/enferex/pdfresurrect/issues/8 NOTE: Crash in CLI tool, no security impact CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2631 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9545 (Pale Moon 28.x before 28.8.4 has a segmentation fault related to modul ...) NOT-FOR-US: Pale Moon CVE-2020-9544 (An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The ad ...) NOT-FOR-US: D-Link CVE-2020-9543 (OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9 ...) - manila 1:9.0.0-5 (bug #953581) [buster] - manila 1:7.0.0-1+deb10u1 [stretch] - manila (Minor issue) NOTE: https://bugs.launchpad.net/manila/+bug/1861485 NOTE: https://security.openstack.org/ossa/OSSA-2020-002.html CVE-2020-9542 RESERVED CVE-2020-9541 RESERVED CVE-2020-9540 (Sophos HitmanPro.Alert before build 861 allows local elevation of priv ...) NOT-FOR-US: Sophos CVE-2020-9539 RESERVED CVE-2020-9538 RESERVED CVE-2020-9537 RESERVED CVE-2020-9536 RESERVED CVE-2020-9535 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) NOT-FOR-US: D-Link CVE-2020-9534 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) NOT-FOR-US: D-Link CVE-2020-9533 RESERVED CVE-2020-9532 RESERVED CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In t ...) NOT-FOR-US: Xiaomi CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The ...) NOT-FOR-US: Xiaomi CVE-2020-9529 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology CVE-2020-9528 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology CVE-2020-9527 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology CVE-2020-9526 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...) NOT-FOR-US: CS2 Network P2P CVE-2020-9525 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...) NOT-FOR-US: CS2 Network P2P CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Server an ...) NOT-FOR-US: Micro Focus CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...) NOT-FOR-US: Micro Focus CVE-2020-9522 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enter ...) NOT-FOR-US: Micro Focus CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus Service M ...) NOT-FOR-US: Micro Focus CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...) NOT-FOR-US: Micro Focus Vibe CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...) NOT-FOR-US: Micro Focus CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...) NOT-FOR-US: Micro Focus CVE-2020-9517 (There is an improper restriction of rendered UI layers or frames vulne ...) NOT-FOR-US: Micro Focus CVE-2020-9516 RESERVED CVE-2020-9515 RESERVED CVE-2020-9514 (An issue was discovered in the IMPress for IDX Broker plugin before 2. ...) NOT-FOR-US: IMPress for IDX Broker plugin for WordPress CVE-2020-9513 RESERVED CVE-2020-9512 RESERVED CVE-2020-9511 RESERVED CVE-2020-9510 RESERVED CVE-2020-9509 RESERVED CVE-2020-9508 RESERVED CVE-2020-9507 RESERVED CVE-2020-9506 RESERVED CVE-2020-9505 RESERVED CVE-2020-9504 RESERVED CVE-2020-9503 RESERVED CVE-2020-9502 (Some Dahua products with Build time before December 2019 have Session ...) NOT-FOR-US: Dahua CVE-2020-9501 (Attackers can obtain Cloud Key information from the Dahua Web P2P cont ...) NOT-FOR-US: Dahua CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...) NOT-FOR-US: Dahua CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...) NOT-FOR-US: Dahua CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved inpro ...) - guacamole-client (bug #964195) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3 CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...) - guacamole-client (bug #964195) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2 CVE-2020-9496 (XML-RPC request are vulnerable to unsafe deserialization and Cross-Sit ...) NOT-FOR-US: Apache OFBiz CVE-2020-9495 (Apache Archiva login service before 2.2.5 is vulnerable to LDAP inject ...) NOT-FOR-US: Apache Archiva CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8. ...) {DSA-4710-1} - trafficserver 8.0.8+ds-1 (bug #963629) NOTE: https://github.com/apache/trafficserver/pull/6922 CVE-2020-9493 RESERVED CVE-2020-9492 RESERVED CVE-2020-9491 RESERVED CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted valu ...) {DSA-4757-1} - apache2 2.4.46-1 [stretch] - apache2 (Too intrusive to backport) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/4 NOTE: https://svn.apache.org/r1880396 NOTE: https://github.com/apache/httpd/commit/a61223e9cb906110f35ec144b93fee9eb80ad6e4 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2030 CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in Tika' ...) - tika [buster] - tika (Minor issue) [jessie] - tika (the fix is too invasive to backport) NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1 CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j ...) - apache-log4j2 (bug #959450) [buster] - apache-log4j2 (Minor issue) [stretch] - apache-log4j2 (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification) [jessie] - apache-log4j2 (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification) NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1 NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819 NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b (release-2.x) NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb (master) CVE-2020-9487 RESERVED CVE-2020-9486 RESERVED CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and below. A sto ...) - airflow (bug #819700) CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...) {DSA-4727-1 DLA-2279-1 DLA-2217-1 DLA-2209-1} - tomcat9 9.0.35-1 (bug #961209) - tomcat8 - tomcat7 [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b (10.0.0-M5) NOTE: https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222 (9.0.35) NOTE: https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f (8.5.55) NOTE: https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06 (7.0.104) CVE-2020-9483 (**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the ...) NOT-FOR-US: Apache SkyWalking CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other ...) NOT-FOR-US: Apache NiFi CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulne ...) {DSA-4672-1} - trafficserver 8.0.7+ds-1 NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...) - apache-spark (bug #802194) CVE-2020-9479 RESERVED NOT-FOR-US: Apache AsterixDB CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...) NOT-FOR-US: Rubrik CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...) NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...) NOT-FOR-US: ARRIS TG1692A devices CVE-2020-9475 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9474 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9473 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a p ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...) NOT-FOR-US: Umbraco CMS CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...) NOT-FOR-US: Umbraco CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...) NOT-FOR-US: Wing FTP Server CVE-2020-9469 RESERVED CVE-2020-9468 (The Community plugin 2.9.e-beta for Piwigo allows users to set image i ...) - piwigo CVE-2020-9467 (Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php reque ...) - piwigo CVE-2020-9466 (The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV ...) NOT-FOR-US: Export Users to CSV plugin for WordPress CVE-2020-9465 (An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP B ...) NOT-FOR-US: BECKHOFF Ethernet TCP/IP Bus Coupler BK9000 CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary ...) - centreon-web (bug #913903) CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro devices up to ...) NOT-FOR-US: Athom CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...) NOT-FOR-US: Octech Oempro CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...) NOT-FOR-US: Octech Oempro CVE-2020-9459 (Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webn ...) NOT-FOR-US: Webnus Modern Events Calendar Lite plugin for WordPress CVE-2020-9458 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the exp ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9457 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9456 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the use ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9455 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 f ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9453 RESERVED CVE-2020-9452 RESERVED CVE-2020-9451 RESERVED CVE-2020-9450 RESERVED CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB! ...) NOT-FOR-US: BlaB! CVE-2020-9448 RESERVED CVE-2020-9447 (There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0. ...) NOT-FOR-US: GwtUpload CVE-2020-9446 RESERVED CVE-2020-9445 (Zulip Server before 2.1.3 allows XSS via the modal_link feature in the ...) - zulip-server (bug #800052) CVE-2020-9444 (Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown f ...) - zulip-server (bug #800052) CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an Electron web ...) NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server) CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...) NOT-FOR-US: OpenVPN Connect on Windows CVE-2020-9441 RESERVED CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...) NOT-FOR-US: CKEditor plugin CVE-2020-9439 RESERVED CVE-2020-9438 (Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a d ...) NOT-FOR-US: Tinxy Door Lock CVE-2020-9437 (SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side tem ...) NOT-FOR-US: SecureAuth IdP CVE-2020-9436 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) NOT-FOR-US: PHOENIX CVE-2020-9435 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) NOT-FOR-US: PHOENIX CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 cert ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certi ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9427 (OX Guard 2.10.3 and earlier allows SSRF. ...) NOT-FOR-US: OX Guard CVE-2020-9426 (OX Guard 2.10.3 and earlier allows XSS. ...) NOT-FOR-US: OX Guard CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...) NOT-FOR-US: rConfig CVE-2020-9424 RESERVED CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...) NOT-FOR-US: LogicalDoc CVE-2020-9422 RESERVED CVE-2020-9421 RESERVED CVE-2020-9420 RESERVED CVE-2020-9419 RESERVED CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (composite TVB handling added later) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850 CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790 CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 (low) [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9fe2de783dbcbe74144678d60a4e3923367044b2 CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This ...) - wireshark 3.2.2-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-06.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73c5fff899f253c44a72657048aec7db6edee571 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2530f740d67d41908e84434bb5ec99480c2ac2e CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...) NOT-FOR-US: PDFescape CVE-2020-9417 RESERVED CVE-2020-9416 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...) NOT-FOR-US: TIBCO CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...) NOT-FOR-US: TIBCO CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...) NOT-FOR-US: TIBCO CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) NOT-FOR-US: TIBCO CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) NOT-FOR-US: TIBCO CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...) NOT-FOR-US: TIBCO CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...) NOT-FOR-US: TIBCO CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain sensitive ...) NOT-FOR-US: IBL Online Weather CVE-2020-9406 (IBL Online Weather before 4.3.5a allows unauthenticated eval injection ...) NOT-FOR-US: IBL Online Weather CVE-2020-9405 (IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS ...) NOT-FOR-US: IBL Online Weather CVE-2020-9404 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...) NOT-FOR-US: PACTware CVE-2020-9403 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...) NOT-FOR-US: PACTware CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...) - python-django 2:2.2.11-1 (low; bug #953102) [buster] - python-django 1:1.11.29-1~deb10u1 [stretch] - python-django (Can be fixed along in a future DSA) [jessie] - python-django (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/03/04/1 NOTE: Introduced by: https://github.com/django/django/commit/fcf494b48fea7c0c55ea29721ba0b2d250351ff8 NOTE: Fixed by: https://github.com/django/django/commit/fe886a3b58a93cfbe8864b485f93cb6d426cd1f2 (v2.2) NOTE: Fixed by: https://github.com/django/django/commit/02d97f3c9a88adc890047996e5606180bd1c6166 (v1.11) CVE-2020-9401 RESERVED CVE-2020-9400 RESERVED CVE-2020-9399 (The Avast AV parsing engine allows virus-detection bypass via a crafte ...) NOT-FOR-US: Avast AV parsing engine CVE-2020-9398 (ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_a ...) NOT-FOR-US: ISPConfig CVE-2020-9397 RESERVED CVE-2020-9396 RESERVED CVE-2020-9395 (An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, an ...) NOT-FOR-US: Realtek CVE-2020-9394 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9390 RESERVED CVE-2020-9389 RESERVED CVE-2020-9388 RESERVED CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account detai ...) - mahara CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) - mahara CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 ...) - linux 5.5.13-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...) - zint (bug #732141) CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...) NOT-FOR-US: Subex CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3 CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 for Med ...) NOT-FOR-US: Widgets extension for MediaWiki CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers to exe ...) NOT-FOR-US: Total.js CMS CVE-2020-9380 (IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to exe ...) NOT-FOR-US: IPTV Smarters WEB TV PLAYER CVE-2020-9379 (The Software Development Kit of the MiContact Center Business with Sit ...) NOT-FOR-US: Mitel CVE-2020-9378 RESERVED CVE-2020-9377 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Co ...) NOT-FOR-US: D-Link CVE-2020-9376 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Informati ...) NOT-FOR-US: D-Link CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows re ...) NOT-FOR-US: TP-Link CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...) NOT-FOR-US: TP-Link CVE-2020-9373 RESERVED CVE-2020-9372 (The Appointment Booking Calendar plugin before 1.3.35 for WordPress al ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin before 1. ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. ...) NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial ...) - sympa 6.2.40~dfsg-4 (low; bug #952428) [buster] - sympa (Minor issue) [stretch] - sympa (Vulnerability introduced later in 6.2.38) [jessie] - sympa (Vulnerability introduced later in 6.2.38) NOTE: https://github.com/sympa-community/sympa/issues/886 NOTE: https://sympa-community.github.io/security/2020-001.html NOTE: Upstream patch: https://github.com/sympa-community/sympa/releases/download/6.2.54/sympa-6.2.52-sa-2020-001.patch CVE-2020-9368 RESERVED CVE-2020-9367 RESERVED CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ...) - pure-ftpd 1.0.49-3 (bug #952471) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) [jessie] - pure-ftpd (Vulnerable code does not exist) NOTE: https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b CVE-2020-9364 (An issue was discovered in helpers/mailer.php in the Creative Contact ...) NOT-FOR-US: Creative Contact Form extension for Joomla! CVE-2020-9363 (The Sophos AV parsing engine before 2020-01-14 allows virus-detection ...) NOT-FOR-US: Sophos AV CVE-2020-9362 (The Quick Heal AV parsing engine (November 2019) allows virus-detectio ...) NOT-FOR-US: Quick Heal AV parsing engine CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 treated ...) - screen 4.8.0-1 (bug #950896) [buster] - screen (Vulnerable code introduced in v4.7.0) [stretch] - screen (Vulnerable code introduced in v4.7.0) [jessie] - screen (Vulnerable code introduced in v4.7.0) NOTE: https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html NOTE: https://www.openwall.com/lists/oss-security/2020/02/06/3 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b (v4.8.0) NOTE: Follow-up: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a (v4.8.0) NOTE: Introduced due to: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 (v4.7.0) CVE-2020-9361 RESERVED CVE-2020-9360 RESERVED CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...) {DLA-2159-1} - okular 4:19.12.3-2 (bug #954891) [buster] - okular (Minor issue) [stretch] - okular (Minor issue) NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244 NOTE: https://kde.org/info/security/advisory-20200312-1.txt NOTE: https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC) CVE-2020-9358 RESERVED CVE-2020-9357 RESERVED CVE-2020-9356 RESERVED CVE-2020-9354 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) NOT-FOR-US: SmartClient CVE-2020-9353 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) NOT-FOR-US: SmartClient CVE-2020-9352 (An issue was discovered in SmartClient 12.0. Unauthenticated exploitat ...) NOT-FOR-US: SmartClient CVE-2020-9351 (An issue was discovered in SmartClient 12.0. If an unauthenticated att ...) NOT-FOR-US: SmartClient CVE-2020-9350 (Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph templ ...) NOT-FOR-US: Graph Builder in SAS Visual Analytics CVE-2020-9349 (The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmwar ...) NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP CVE-2020-9348 RESERVED CVE-2020-9347 (** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.x has ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9345 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) NOT-FOR-US: signoPAD-API/Web CVE-2020-9344 (Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at ...) NOT-FOR-US: Subversion ALM CVE-2020-9343 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) NOT-FOR-US: signoPAD-API/Web CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows virus-detectio ...) NOT-FOR-US: F-Secure AV parsing engine CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator ...) NOT-FOR-US: CandidATS CVE-2020-9340 (fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandid ...) NOT-FOR-US: fauzantrif eLection CVE-2020-9339 (SOPlanning 1.45 allows XSS via the Name or Comment to status.php. ...) NOT-FOR-US: SOPlanning CVE-2020-9338 (SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. ...) NOT-FOR-US: SOPlanning CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encod ...) NOT-FOR-US: GolfBuddy Course Manager CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings ...) NOT-FOR-US: fauzantrif eLection CVE-2020-6816 (In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCD ...) {DSA-4643-1} - python-bleach 3.1.3-1 (bug #954236) [stretch] - python-bleach (Requires invasive changes to address issue) [jessie] - python-bleach (Requires invasive change to address issue) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 NOTE: https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986 CVE-2020-6802 (In Mozilla Bleach before 3.11, a mutation XSS affects users calling bl ...) {DSA-4636-1} - python-bleach 3.1.1-1 (bug #951907) [stretch] - python-bleach (Requires invasive changes to address issue) [jessie] - python-bleach (Fix too invasive in jessie; uses external html5 parser) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r NOTE: https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd CVE-2020-9335 (Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery p ...) NOT-FOR-US: 10Web Photo Gallery plugin for WordPress CVE-2020-9334 (A stored XSS vulnerability exists in the Envira Photo Gallery plugin t ...) NOT-FOR-US: Envira Photo Gallery plugin for WordPress CVE-2020-9333 RESERVED CVE-2020-9332 (ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 ...) NOT-FOR-US: FabulaTech CVE-2020-9331 RESERVED CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...) NOT-FOR-US: Xerox CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...) NOT-FOR-US: Go Git Service CVE-2020-9328 RESERVED CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...) - sqlite3 3.31.1-3 (bug #951835) [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (vulnerable code not present) [jessie] - sqlite3 (vulnerable code not present) NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380 NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900 CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...) NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory E ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9322 RESERVED CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...) NOT-FOR-US: Traefik CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a ...) NOT-FOR-US: Avira CVE-2020-9319 RESERVED CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...) NOT-FOR-US: Red Gate SQL Monitor CVE-2020-9317 RESERVED CVE-2020-9316 RESERVED CVE-2020-9315 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...) NOT-FOR-US: Oracle CVE-2020-9314 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...) NOT-FOR-US: Oracle CVE-2020-9313 RESERVED CVE-2020-9312 RESERVED CVE-2020-9311 (In SilverStripe through 4.5, malicious users with a valid Silverstripe ...) NOT-FOR-US: SilverStripe CVE-2020-9310 REJECTED CVE-2020-9309 (Silverstripe CMS through 4.5 can be susceptible to script execution fr ...) NOT-FOR-US: SilverStripe CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...) - libarchive 3.4.0-2 (bug #951759) [buster] - libarchive (rar5 support added in 3.4.0) [stretch] - libarchive (rar5 support added in 3.4.0) [jessie] - libarchive (rar5 support added in 3.4.0) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 NOTE: https://github.com/libarchive/libarchive/pull/1326 NOTE: https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a CVE-2020-9307 RESERVED CVE-2020-9306 RESERVED CVE-2020-9305 RESERVED CVE-2020-9304 RESERVED CVE-2020-9303 RESERVED CVE-2020-9302 RESERVED CVE-2020-9301 RESERVED CVE-2020-9300 RESERVED CVE-2020-9299 RESERVED CVE-2020-9298 (The Spinnaker template resolution functionality is vulnerable to Serve ...) NOT-FOR-US: Spinnaker CVE-2020-9297 (Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java ...) NOT-FOR-US: Netflix Titus CVE-2020-9296 (Netflix Titus uses Java Bean Validation (JSR 380) custom constraint va ...) NOT-FOR-US: Netflix Conductor CVE-2020-9295 RESERVED CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...) NOT-FOR-US: FortiMail Fortiguard CVE-2020-9293 RESERVED CVE-2020-9292 (An unquoted service path vulnerability in the FortiSIEM Windows Agent ...) NOT-FOR-US: Fortiguard CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windows 6. ...) NOT-FOR-US: Fortiguard / FortiClient for Windows CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online ...) NOT-FOR-US: Fortiguard CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data in CLI ...) NOT-FOR-US: Fortiguard CVE-2020-9288 (An improper neutralization of input vulnerability in FortiWLC 8.5.1 al ...) NOT-FOR-US: Fortinet CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...) NOT-FOR-US: Fortiguard CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...) NOT-FOR-US: Fortiguard CVE-2020-9285 RESERVED CVE-2020-9284 RESERVED CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...) - golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462) [buster] - golang-go.crypto (Minor issue) [stretch] - golang-go.crypto (Minor issue) [jessie] - golang-go.crypto (Minor issue) NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236 CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) - mahara CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) NOT-FOR-US: CKEditor plugin CVE-2020-9280 (In SilverStripe through 4.5, files uploaded via Forms to folders migra ...) NOT-FOR-US: SilverStripe CVE-2020-9279 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A har ...) NOT-FOR-US: D-Link CVE-2020-9278 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The d ...) NOT-FOR-US: D-Link CVE-2020-9277 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authe ...) NOT-FOR-US: D-Link CVE-2020-9276 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The f ...) NOT-FOR-US: D-Link CVE-2020-9275 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm ...) NOT-FOR-US: D-Link CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...) {DLA-2123-1} - pure-ftpd 1.0.49-4 (bug #952666) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) NOTE: https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa NOTE: though the CVE description does not specifically say, the issue seems to be an NOTE: out-of-bounds memory read which may result in information disclosure; NOTE: probably not the end of the world, but it is made worse by use of the rather NOTE: unsafe strcmp() instead of strncmp() in the vulnerable functions CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...) {DSA-4635-1 DLA-2115-2 DLA-2115-1} - proftpd-dfsg 1.3.6c-2 (bug #951800) NOTE: https://github.com/proftpd/proftpd/issues/903 NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master) NOTE: https://github.com/proftpd/proftpd/commit/f8047a1ed0e0eb15193f555c4cbbb281e705c5c3 (master) NOTE: https://github.com/proftpd/proftpd/commit/e845abc1bd86eebec7a0342fded908a1b0f1996b (1.3.6c) NOTE: https://github.com/proftpd/proftpd/commit/cd9036f4ef7a05c107f0ffcb19a018b20267c531 (1.3.6-branch) CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...) - proftpd-dfsg 1.3.6c-1 (unimportant) NOTE: https://github.com/proftpd/proftpd/issues/902 NOTE: Debian does not build mod_cap and does not use the embedded libcap. NOTE: Sourcewise fixed in 1.3.6c by updating to the lastest libcap. CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...) NOT-FOR-US: ICE Hrm CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via ...) NOT-FOR-US: ICE Hrm CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...) NOT-FOR-US: SOPlanning CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, ...) NOT-FOR-US: SOPlanning CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) NOT-FOR-US: SOPlanning CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) NOT-FOR-US: SOPlanning CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...) NOT-FOR-US: phpMyChat-Plus CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...) NOT-FOR-US: ESET CVE-2020-9263 RESERVED CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: HUAWEI CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: HUAWEI CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 1 ...) NOT-FOR-US: HUAWEI CVE-2020-9259 (Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00 ...) NOT-FOR-US: Huawei CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P ...) NOT-FOR-US: HUAWEI CVE-2020-9257 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...) NOT-FOR-US: Huawei CVE-2020-9256 (Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C ...) NOT-FOR-US: Huawei CVE-2020-9255 (Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E ...) NOT-FOR-US: Huawei CVE-2020-9254 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...) NOT-FOR-US: Huawei CVE-2020-9253 RESERVED CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI M ...) NOT-FOR-US: Huawei CVE-2020-9251 (HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E1 ...) NOT-FOR-US: Huawei CVE-2020-9250 RESERVED CVE-2020-9249 (HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2 ...) NOT-FOR-US: Huawei CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization vulnerability ...) NOT-FOR-US: Huawei CVE-2020-9247 RESERVED CVE-2020-9246 (FusionCompute 8.0.0 has an information leak vulnerability. A module do ...) NOT-FOR-US: Huawei CVE-2020-9245 (HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUA ...) NOT-FOR-US: Huawei CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8); ...) NOT-FOR-US: Huawei CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: Huawei CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The softwa ...) NOT-FOR-US: Huawei CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...) NOT-FOR-US: Huawei CVE-2020-9240 RESERVED CVE-2020-9239 (Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier t ...) NOT-FOR-US: Huawei CVE-2020-9238 RESERVED CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...) NOT-FOR-US: Huawei CVE-2020-9236 RESERVED CVE-2020-9235 (Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E ...) NOT-FOR-US: Huawei CVE-2020-9234 RESERVED CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...) NOT-FOR-US: Huawei CVE-2020-9232 RESERVED CVE-2020-9231 RESERVED CVE-2020-9230 RESERVED CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) NOT-FOR-US: Huawei CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) NOT-FOR-US: Huawei CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 ...) NOT-FOR-US: Huawei CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...) NOT-FOR-US: HUAWEI CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...) NOT-FOR-US: Huawei CVE-2020-9224 RESERVED CVE-2020-9223 RESERVED CVE-2020-9222 RESERVED CVE-2020-9221 RESERVED CVE-2020-9220 RESERVED CVE-2020-9219 RESERVED CVE-2020-9218 RESERVED CVE-2020-9217 RESERVED CVE-2020-9216 RESERVED CVE-2020-9215 RESERVED CVE-2020-9214 RESERVED CVE-2020-9213 RESERVED CVE-2020-9212 RESERVED CVE-2020-9211 RESERVED CVE-2020-9210 RESERVED CVE-2020-9209 RESERVED CVE-2020-9208 RESERVED CVE-2020-9207 RESERVED CVE-2020-9206 RESERVED CVE-2020-9205 RESERVED CVE-2020-9204 RESERVED CVE-2020-9203 RESERVED CVE-2020-9202 RESERVED CVE-2020-9201 RESERVED CVE-2020-9200 RESERVED CVE-2020-9199 (B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a ...) NOT-FOR-US: Huawei CVE-2020-9198 RESERVED CVE-2020-9197 RESERVED CVE-2020-9196 RESERVED CVE-2020-9195 RESERVED CVE-2020-9194 RESERVED CVE-2020-9193 RESERVED CVE-2020-9192 RESERVED CVE-2020-9191 RESERVED CVE-2020-9190 RESERVED CVE-2020-9189 RESERVED CVE-2020-9188 RESERVED CVE-2020-9187 RESERVED CVE-2020-9186 RESERVED CVE-2020-9185 RESERVED CVE-2020-9184 RESERVED CVE-2020-9183 RESERVED CVE-2020-9182 RESERVED CVE-2020-9181 RESERVED CVE-2020-9180 RESERVED CVE-2020-9179 RESERVED CVE-2020-9178 RESERVED CVE-2020-9177 RESERVED CVE-2020-9176 RESERVED CVE-2020-9175 RESERVED CVE-2020-9174 RESERVED CVE-2020-9173 RESERVED CVE-2020-9172 RESERVED CVE-2020-9171 RESERVED CVE-2020-9170 RESERVED CVE-2020-9169 RESERVED CVE-2020-9168 RESERVED CVE-2020-9167 RESERVED CVE-2020-9166 RESERVED CVE-2020-9165 RESERVED CVE-2020-9164 RESERVED CVE-2020-9163 RESERVED CVE-2020-9162 RESERVED CVE-2020-9161 RESERVED CVE-2020-9160 RESERVED CVE-2020-9159 RESERVED CVE-2020-9158 RESERVED CVE-2020-9157 RESERVED CVE-2020-9156 RESERVED CVE-2020-9155 RESERVED CVE-2020-9154 RESERVED CVE-2020-9153 RESERVED CVE-2020-9152 RESERVED CVE-2020-9151 RESERVED CVE-2020-9150 RESERVED CVE-2020-9149 RESERVED CVE-2020-9148 RESERVED CVE-2020-9147 RESERVED CVE-2020-9146 RESERVED CVE-2020-9145 RESERVED CVE-2020-9144 RESERVED CVE-2020-9143 RESERVED CVE-2020-9142 RESERVED CVE-2020-9141 RESERVED CVE-2020-9140 RESERVED CVE-2020-9139 RESERVED CVE-2020-9138 RESERVED CVE-2020-9137 RESERVED CVE-2020-9136 RESERVED CVE-2020-9135 RESERVED CVE-2020-9134 RESERVED CVE-2020-9133 RESERVED CVE-2020-9132 RESERVED CVE-2020-9131 RESERVED CVE-2020-9130 RESERVED CVE-2020-9129 RESERVED CVE-2020-9128 RESERVED CVE-2020-9127 RESERVED CVE-2020-9126 RESERVED CVE-2020-9125 RESERVED CVE-2020-9124 RESERVED CVE-2020-9123 RESERVED CVE-2020-9122 RESERVED CVE-2020-9121 RESERVED CVE-2020-9120 RESERVED CVE-2020-9119 RESERVED CVE-2020-9118 RESERVED CVE-2020-9117 RESERVED CVE-2020-9116 RESERVED CVE-2020-9115 RESERVED CVE-2020-9114 RESERVED CVE-2020-9113 RESERVED CVE-2020-9112 RESERVED CVE-2020-9111 RESERVED CVE-2020-9110 RESERVED CVE-2020-9109 RESERVED CVE-2020-9108 RESERVED CVE-2020-9107 RESERVED CVE-2020-9106 RESERVED CVE-2020-9105 RESERVED CVE-2020-9104 (HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2 ...) NOT-FOR-US: Huawei CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...) NOT-FOR-US: Huawei CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...) NOT-FOR-US: Huawei CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...) NOT-FOR-US: Huawei CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...) NOT-FOR-US: Huawei CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...) NOT-FOR-US: Huawei CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...) NOT-FOR-US: Huawei CVE-2020-9097 RESERVED CVE-2020-9096 (HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E1 ...) NOT-FOR-US: Huawei CVE-2020-9095 (HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E16 ...) NOT-FOR-US: Huawei CVE-2020-9094 RESERVED CVE-2020-9093 RESERVED CVE-2020-9092 RESERVED CVE-2020-9091 RESERVED CVE-2020-9090 RESERVED CVE-2020-9089 RESERVED CVE-2020-9088 RESERVED CVE-2020-9087 RESERVED CVE-2020-9086 RESERVED CVE-2020-9085 RESERVED CVE-2020-9084 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use- ...) NOT-FOR-US: Taurus-AN00B CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...) NOT-FOR-US: Huawei CVE-2020-9082 RESERVED CVE-2020-9081 RESERVED CVE-2020-9080 RESERVED CVE-2020-9079 (FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulne ...) NOT-FOR-US: Huawei CVE-2020-9078 (FusionCompute 8.0.0 have local privilege escalation vulnerability. A l ...) NOT-FOR-US: Huawei CVE-2020-9077 (HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R ...) NOT-FOR-US: Huawei CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier ...) NOT-FOR-US: Huawei CVE-2020-9075 (Huawei products Secospace USG6300;USG6300E with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an imprope ...) NOT-FOR-US: Huawei CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...) NOT-FOR-US: Huawei CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...) NOT-FOR-US: Huawei CVE-2020-9071 (There is a few bytes out-of-bounds read vulnerability in some Huawei p ...) NOT-FOR-US: Huawei CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...) NOT-FOR-US: Huawei CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...) NOT-FOR-US: Huawei CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...) NOT-FOR-US: Huawei CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...) NOT-FOR-US: Huawei CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169 ...) NOT-FOR-US: Huawei CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203( ...) NOT-FOR-US: Huawei CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...) NOT-FOR-US: Huawei CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authent ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version ...) NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs CVE-2020-9061 RESERVED CVE-2020-9060 RESERVED CVE-2020-9059 RESERVED CVE-2020-9058 RESERVED CVE-2020-9057 RESERVED CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scr ...) NOT-FOR-US: Periscope BuySpeed CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...) NOT-FOR-US: Versiant LYNX Customer Service Portal CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...) NOT-FOR-US: ZyXEL CVE-2020-9053 RESERVED CVE-2020-9052 RESERVED CVE-2020-9051 RESERVED CVE-2020-9050 RESERVED CVE-2020-9049 RESERVED CVE-2020-9048 RESERVED CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized ...) NOT-FOR-US: exacqVision Web Service CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...) NOT-FOR-US: Kantech CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...) NOT-FOR-US: Software House CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...) NOT-FOR-US: Johnson Controls CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...) NOT-FOR-US: wpCentral plugin for WordPress CVE-2020-9042 (In Couchbase Server 6.0, credentials cached by a browser can be used t ...) NOT-FOR-US: Couchbase CVE-2020-9041 (In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, th ...) NOT-FOR-US: Couchbase CVE-2020-9040 (Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker t ...) NOT-FOR-US: Couchbase CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...) NOT-FOR-US: Couchbase CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...) NOT-FOR-US: Joplin CVE-2020-9037 RESERVED CVE-2020-9036 (Jeedom through 4.0.38 allows XSS. ...) NOT-FOR-US: Jeedom CVE-2020-9035 RESERVED CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...) {DSA-4637-1} - network-manager-ssh 1.2.11-1 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803499 CVE-2020-9034 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9033 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9032 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9031 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9030 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9029 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9028 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9027 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) NOT-FOR-US: ELTEX devices CVE-2020-9026 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) NOT-FOR-US: ELTEX devices CVE-2020-9025 (Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9024 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world- ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9023 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two us ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9022 (An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 de ...) NOT-FOR-US: Xirrus devices CVE-2020-9021 (Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1. ...) NOT-FOR-US: Post Oak AWAM Bluetooth Field Device CVE-2020-9020 (Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9019 (The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via th ...) NOT-FOR-US: WPJobBoard plugin for WordPress CVE-2020-9018 (LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF ...) NOT-FOR-US: LiteCart CVE-2020-9017 (LiteCart through 2.2.1 allows CSV injection via a customer's profile. ...) NOT-FOR-US: LiteCart CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, ...) - dolibarr CVE-2020-9015 (** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20 ...) NOT-FOR-US: Arista devices CVE-2020-9014 RESERVED CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...) NOT-FOR-US: Arvato Skillpipe CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People functi ...) NOT-FOR-US: Gluu Identity Configuration CVE-2020-9011 RESERVED CVE-2020-9010 RESERVED CVE-2020-9009 RESERVED CVE-2020-9008 (Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/Pe ...) NOT-FOR-US: Blackboard Learn/PeopleTool CVE-2020-9007 (Codoforum 4.8.8 allows self-XSS via the title of a new topic. ...) NOT-FOR-US: Codoforum CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulner ...) NOT-FOR-US: Popup Builder plugin for WordPress CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attack ...) NOT-FOR-US: Dota 2 CVE-2020-9004 (A remote authenticated authorization-bypass vulnerability in Wowza Str ...) NOT-FOR-US: Wowza Streaming Engine CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...) NOT-FOR-US: Modula Image Gallery plugin for WordPress CVE-2020-9002 RESERVED CVE-2020-9001 RESERVED CVE-2020-9000 RESERVED CVE-2020-8999 RESERVED CVE-2020-8998 REJECTED CVE-2020-8997 (Older generation Abbott FreeStyle Libre sensors allow remote attackers ...) NOT-FOR-US: Abbott FreeStyle Libre CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to read ...) NOT-FOR-US: AnyShare Cloud CVE-2020-8995 RESERVED CVE-2020-8994 (An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1. ...) NOT-FOR-US: XIAOMI AI speaker MDZ-25-DT CVE-2020-8993 RESERVED CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://patchwork.ozlabs.org/patch/1236118/ CVE-2020-8991 (** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.0 ...) - lvm2 2.03.01-2 [stretch] - lvm2 (Minor issue) [jessie] - lvm2 (Minor issue) NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701 NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code) CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow ...) NOT-FOR-US: Western Digital My Cloud Home CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...) NOT-FOR-US: Voatz application for Android CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...) NOT-FOR-US: Voatz application for Android CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 pr ...) NOT-FOR-US: Avast AntiTrack CVE-2020-8986 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly c ...) NOT-FOR-US: ZendTo CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unl ...) NOT-FOR-US: ZendTo CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address s ...) NOT-FOR-US: ZendTo CVE-2020-8983 (An arbitrary file write issue exists in all versions of Citrix ShareFi ...) NOT-FOR-US: Citrix CVE-2020-8982 (An unauthenticated arbitrary file read issue exists in all versions of ...) NOT-FOR-US: Citrix CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...) NOT-FOR-US: Source Integration plugin for MantisBT CVE-2020-8980 RESERVED CVE-2020-8979 RESERVED CVE-2020-8978 RESERVED CVE-2020-8977 RESERVED CVE-2020-8976 RESERVED CVE-2020-8975 RESERVED CVE-2020-8974 RESERVED CVE-2020-8973 RESERVED CVE-2020-8972 RESERVED CVE-2020-8971 RESERVED CVE-2020-8970 RESERVED CVE-2020-8969 RESERVED CVE-2020-8968 RESERVED CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...) NOT-FOR-US: GESIO CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...) NOT-FOR-US: Tiki-Wiki Groupware CVE-2020-8965 RESERVED CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) NOT-FOR-US: TimeTools devices CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) NOT-FOR-US: TimeTools devices CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...) NOT-FOR-US: D-Link CVE-2020-8961 (An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. ...) NOT-FOR-US: Avira CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...) NOT-FOR-US: Western Digital mycloud.com CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...) NOT-FOR-US: Western Digital CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804R ...) NOT-FOR-US: Guangzhou CVE-2020-8957 RESERVED CVE-2020-8956 RESERVED CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...) {DLA-2157-1} - weechat 2.7.1-1 (bug #951289) [buster] - weechat (Minor issue) [stretch] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link ...) NOT-FOR-US: OpenSearch Web browser CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...) NOT-FOR-US: Fiserv Accurate Reconciliation CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Des ...) NOT-FOR-US: Fiserv Accurate Reconciliation CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...) NOT-FOR-US: Radeon AMD User Experience Program Launcher CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...) NOT-FOR-US: Gocloud devices CVE-2020-8948 (The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) be ...) NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) CVE-2020-8947 (functions_netflow.php in Artica Pandora FMS 7.0 allows remote attacker ...) NOT-FOR-US: Pandora FMS CVE-2020-8946 (Netis WF2471 v1.2.30142 devices allow an authenticated attacker to exe ...) NOT-FOR-US: Netis devices CVE-2020-8945 (The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...) - golang-github-proglottis-gpgme 0.1.1-1 (bug #951372) [buster] - golang-github-proglottis-gpgme (Minor issue) NOTE: https://github.com/proglottis/gpgme/pull/23 CVE-2020-8944 RESERVED CVE-2020-8943 RESERVED CVE-2020-8942 RESERVED CVE-2020-8941 RESERVED CVE-2020-8940 RESERVED CVE-2020-8939 RESERVED CVE-2020-8938 RESERVED CVE-2020-8937 RESERVED CVE-2020-8936 RESERVED CVE-2020-8935 RESERVED CVE-2020-8934 RESERVED CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) - google-compute-image-packages NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 CVE-2020-8932 RESERVED CVE-2020-8931 RESERVED CVE-2020-8930 RESERVED CVE-2020-8929 RESERVED CVE-2020-8928 RESERVED CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...) - brotli 1.0.9-1 NOTE: https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6 CVE-2020-8926 RESERVED CVE-2020-8925 RESERVED CVE-2020-8924 RESERVED CVE-2020-8923 (An improper HTML sanitization in Dart versions up to and including 2.7 ...) NOT-FOR-US: Dart (different from src:dart) CVE-2020-8922 RESERVED CVE-2020-8921 RESERVED CVE-2020-8920 RESERVED CVE-2020-8919 RESERVED CVE-2020-8918 (An improperly initialized 'migrationAuth' value in Google's go-tpm TPM ...) NOT-FOR-US: go-tpm TPM1.2 library CVE-2020-8917 RESERVED CVE-2020-8916 (A memory leak in Openthread's wpantund versions up to commit 0e5d1601f ...) NOT-FOR-US: wpantund CVE-2020-8915 RESERVED CVE-2020-8914 RESERVED CVE-2020-8913 (A local, arbitrary code execution vulnerability exists in the SplitCom ...) NOT-FOR-US: Android's Play Core Library CVE-2020-8912 (A vulnerability in the in-band key negotiation exists in the AWS S3 Cr ...) NOT-FOR-US: AWS S3 Crypto SDK for Go CVE-2020-8911 (A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoL ...) NOT-FOR-US: AWS S3 Crypto SDK for Go CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...) NOT-FOR-US: Google Closure Library CVE-2020-8909 RESERVED CVE-2020-8908 RESERVED CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) - google-compute-image-packages NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 CVE-2020-8906 RESERVED CVE-2020-8905 (A buffer length validation vulnerability in Asylo versions prior to 0. ...) NOT-FOR-US: Asylo CVE-2020-8904 (An arbitrary memory overwrite vulnerability in the trusted memory of A ...) NOT-FOR-US: Asylo CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) - google-compute-image-packages NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 CVE-2020-8902 RESERVED CVE-2020-8901 RESERVED CVE-2020-8900 RESERVED CVE-2020-8899 (There is a buffer overwrite vulnerability in the Quram qmg library of ...) NOT-FOR-US: Samsung CVE-2020-8898 RESERVED CVE-2020-8897 RESERVED CVE-2020-8896 (A Buffer Overflow vulnerability in the khcrypt implementation in Googl ...) NOT-FOR-US: Google Earth Pro CVE-2020-8895 (Untrusted Search Path vulnerability in the windows installer of Google ...) NOT-FOR-US: windows installer of Google Earth Pro CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...) NOT-FOR-US: MISP CVE-2020-8893 (An issue was discovered in MISP before 2.4.121. The Galaxy view contai ...) NOT-FOR-US: MISP CVE-2020-8892 (An issue was discovered in MISP before 2.4.121. It did not consider th ...) NOT-FOR-US: MISP CVE-2020-8891 (An issue was discovered in MISP before 2.4.121. It did not canonicaliz ...) NOT-FOR-US: MISP CVE-2020-8890 (An issue was discovered in MISP before 2.4.121. It mishandled time ske ...) NOT-FOR-US: MISP CVE-2020-8889 RESERVED CVE-2020-8888 RESERVED CVE-2020-8887 RESERVED CVE-2020-8886 RESERVED CVE-2020-8885 RESERVED CVE-2020-8884 RESERVED CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8881 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8880 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8879 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8876 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels CVE-2020-8875 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8874 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8873 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8870 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-8869 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Quest Foglight Evolve CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: OPC Foundation UA .NET Standard CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...) {DLA-2162-1} - php-horde-form 2.0.20-1 (bug #955020) [buster] - php-horde-form 2.0.18-3.1+deb10u1 [stretch] - php-horde-form 2.0.15-1+deb9u2 NOTE: https://lists.horde.org/archives/announce/2020/001288.html NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-275/ NOTE: https://github.com/horde/Form/commit/813f8e7e9479fad4546b89c569325ee9eef60b0f CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP files ...) {DLA-2175-1} - php-horde-trean 1.1.10-1 (bug #955019) [buster] - php-horde-trean 1.1.9-3+deb10u1 [stretch] - php-horde-trean 1.1.7-1+deb9u1 NOTE: https://lists.horde.org/archives/announce/2020/001286.html NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-276/ NOTE: https://github.com/horde/trean/commit/db0714a0c04d87bda9e2852f1b0d259fc281ca75 NOTE: https://github.com/horde/trean/commit/055029f551501803d7e293a48316e2cf31307908 CVE-2020-8864 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8863 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Samsung Galaxy S10 Firmware CVE-2020-8859 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: elog CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Moxa CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8856 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8855 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8854 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8853 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8852 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2020-8851 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8850 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8849 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8848 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8847 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8846 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...) NOT-FOR-US: Istio CVE-2020-8842 (Unquoted search path vulnerability in MSI True Color before 3.0.52.0 a ...) NOT-FOR-US: MSI True Color CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...) NOT-FOR-US: TestLink CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...) {DLA-2111-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2620 NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter dev ...) NOT-FOR-US: CHIYU BF-430 232/485 TCP/IP Converter devices CVE-2020-8838 (An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-8837 RESERVED CVE-2020-8836 RESERVED CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/veri ...) - linux 5.5.13-2 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f2d67fec0b43edce8c416101cdc52e71145b5fef NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-350/ CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting use of ...) - linux 4.18.6-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2 CVE-2020-8833 (Time-of-check Time-of-use Race Condition vulnerability on crash report ...) NOT-FOR-US: Apport CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...) - linux 4.16.5-1 [stretch] - linux (Vulnerable code not present, incomplete fix not applied) [jessie] - linux (No support for this hardware) NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 NOTE: The CVE is for an incomplete fix for CVE-2019-14615 which technically only NOTE: affects upstream versions (and downstreams) which applied the fix fo NOTE: CVE-2019-14615 which is bc8a76a152c5 ("drm/i915/gen9: Clear residual context NOTE: state on context switch"). But there is need to apply as well the prerequistite NOTE: d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load"). CVE-2020-8831 (Apport creates a world writable lock file with root ownership in the w ...) NOT-FOR-US: Apport CVE-2020-8830 (CSRF in login.asp on Ruckus devices allows an attacker to access the p ...) NOT-FOR-US: Ruckus CVE-2020-8829 (CSRF on Intelbras CIP 92200 devices allows an attacker to access the p ...) NOT-FOR-US: Intelbras CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...) NOT-FOR-US: Argo CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...) NOT-FOR-US: Argo CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...) NOT-FOR-US: Argo CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...) NOT-FOR-US: Vanilla Forums CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...) NOT-FOR-US: Hitron devices CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerab ...) NOT-FOR-US: SockJS CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices ...) NOT-FOR-US: Digi TransPort CVE-2020-8821 RESERVED CVE-2020-8820 RESERVED CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3.1.15 ...) NOT-FOR-US: CardGate Payments plugin for WooCommerce CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...) NOT-FOR-US: CardGate Payments plugin for Magento CVE-2020-8817 (Dataiku DSS before 6.0.5 allows attackers write access to the project ...) NOT-FOR-US: Dataiku CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by priv ...) NOT-FOR-US: Pi-hole CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam ...) NOT-FOR-US: BearFTP CVE-2020-8814 RESERVED CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...) - cacti 1.2.10+ds1-1 (bug #951832) [buster] - cacti (Minor issue) [stretch] - cacti (Vulnerable code not present) [jessie] - cacti (Vulnerable code not present) NOTE: https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129 NOTE: https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ NOTE: https://github.com/Cacti/cacti/issues/3285 NOTE: https://github.com/Cacti/cacti/commit/fea919e8fe05bb730c802054661fd3a7ec029784 CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert m ...) NOT-FOR-US: Bludit CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated ...) NOT-FOR-US: Bludit CVE-2020-8810 (An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301 ...) NOT-FOR-US: Gurux CVE-2020-8809 (Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add- ...) NOT-FOR-US: Gurux CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...) NOT-FOR-US: CORSAIR iCUE CVE-2020-8807 RESERVED CVE-2020-8806 RESERVED CVE-2020-8805 RESERVED CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...) NOT-FOR-US: SuiteCRM CVE-2020-8803 (SuiteCRM through 7.11.11 allows Directory Traversal to include arbitra ...) NOT-FOR-US: SuiteCRM CVE-2020-8802 (SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveH ...) NOT-FOR-US: SuiteCRM CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization. ...) NOT-FOR-US: SuiteCRM CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...) NOT-FOR-US: SuiteCRM CVE-2020-8799 (A Stored XSS vulnerability has been found in the administration page o ...) NOT-FOR-US: administration page of the WTI Like Post plugin for WordPress CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to cha ...) NOT-FOR-US: Juplink CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to ...) NOT-FOR-US: Juplink CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a gro ...) - gitlab (Only affects EE version) NOTE: https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/ CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an out- ...) {DSA-4634-1} - opensmtpd 6.6.4p1-1 (bug #952453) NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5 NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ NOTE: https://www.openwall.com/lists/oss-security/2020/02/26/1 CVE-2020-8793 (OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ...) - opensmtpd 6.6.4p1-1 (unimportant; bug #952453) [buster] - opensmtpd 6.0.3p1-5+deb10u4 [stretch] - opensmtpd 6.0.2p1-2+deb9u3 NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/4 NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ NOTE: Neutralised by kernel hardening CVE-2020-8792 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8791 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8790 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8789 (Composr 10.0.30 allows Persistent XSS via a Usergroup name under the S ...) NOT-FOR-US: Composr CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...) NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8786 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8785 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8782 RESERVED CVE-2020-8781 RESERVED CVE-2020-8780 RESERVED CVE-2020-8779 RESERVED CVE-2020-8778 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8777 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8776 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8775 (Pega Platform before version 8.2.6 is affected by a Stored Cross-Site ...) NOT-FOR-US: Pega Platform CVE-2020-8774 (Pega Platform before version 8.2.6 is affected by a Reflected Cross-Si ...) NOT-FOR-US: Pega Platform CVE-2020-8773 (The Richtext Editor in Pega Platform before 8.2.6 is affected by a Sto ...) NOT-FOR-US: Pega Platform CVE-2020-8772 (The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missin ...) NOT-FOR-US: InfiniteWP Client plugin for WordPress CVE-2020-8771 (The Time Capsule plugin before 1.21.16 for WordPress has an authentica ...) NOT-FOR-US: Time Capsule plugin for WordPress CVE-2020-8770 RESERVED CVE-2020-8769 RESERVED CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...) NOT-FOR-US: PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L) CVE-2020-8767 RESERVED CVE-2020-8766 RESERVED CVE-2020-8765 RESERVED CVE-2020-8764 RESERVED CVE-2020-8763 (Improper permissions in the installer for the Intel(R) RealSense(TM) D ...) NOT-FOR-US: Intel CVE-2020-8762 RESERVED CVE-2020-8761 RESERVED CVE-2020-8760 RESERVED CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT versions ...) NOT-FOR-US: Intel CVE-2020-8758 (Improper buffer restrictions in network subsystem in provisioned Intel ...) NOT-FOR-US: Intel CVE-2020-8757 RESERVED CVE-2020-8756 RESERVED CVE-2020-8755 RESERVED CVE-2020-8754 RESERVED CVE-2020-8753 RESERVED CVE-2020-8752 RESERVED CVE-2020-8751 RESERVED CVE-2020-8750 RESERVED CVE-2020-8749 RESERVED CVE-2020-8748 RESERVED CVE-2020-8747 RESERVED CVE-2020-8746 RESERVED CVE-2020-8745 RESERVED CVE-2020-8744 RESERVED CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox Interfa ...) NOT-FOR-US: Intel CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may allow ...) NOT-FOR-US: Intel CVE-2020-8741 RESERVED CVE-2020-8740 RESERVED CVE-2020-8739 RESERVED CVE-2020-8738 RESERVED CVE-2020-8737 RESERVED CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing Improv ...) NOT-FOR-US: Intel CVE-2020-8735 RESERVED CVE-2020-8734 RESERVED NOT-FOR-US: Intel CVE-2020-8733 (Improper buffer restrictions in the firmware for Intel(R) Server Board ...) NOT-FOR-US: Intel CVE-2020-8732 (Heap-based buffer overflow in the firmware for some Intel(R) Server Bo ...) NOT-FOR-US: Intel CVE-2020-8731 (Incorrect execution-assigned permissions in the file system for some I ...) NOT-FOR-US: Intel CVE-2020-8730 (Heap-based overflow for some Intel(R) Server Boards, Server Systems an ...) NOT-FOR-US: Intel CVE-2020-8729 (Buffer copy without checking size of input for some Intel(R) Server Bo ...) NOT-FOR-US: Intel CVE-2020-8728 RESERVED CVE-2020-8727 RESERVED CVE-2020-8726 RESERVED CVE-2020-8725 RESERVED CVE-2020-8724 RESERVED CVE-2020-8723 (Cross-site scripting for some Intel(R) Server Boards, Server Systems a ...) NOT-FOR-US: Intel CVE-2020-8722 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) NOT-FOR-US: Intel CVE-2020-8721 (Improper input validation for some Intel(R) Server Boards, Server Syst ...) NOT-FOR-US: Intel CVE-2020-8720 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) NOT-FOR-US: Intel CVE-2020-8719 (Buffer overflow in subsystem for some Intel(R) Server Boards, Server S ...) NOT-FOR-US: Intel CVE-2020-8718 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) NOT-FOR-US: Intel CVE-2020-8717 (Improper input validation in a subsystem for some Intel Server Boards, ...) NOT-FOR-US: Intel CVE-2020-8716 (Improper access control for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8715 (Invalid pointer for some Intel(R) Server Boards, Server Systems and Co ...) NOT-FOR-US: Intel CVE-2020-8714 (Improper authentication for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8713 (Improper authentication for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8712 (Buffer overflow in a verification process for some Intel(R) Server Boa ...) NOT-FOR-US: Intel CVE-2020-8711 (Improper access control in the bootloader for some Intel(R) Server Boa ...) NOT-FOR-US: Intel CVE-2020-8710 (Buffer overflow in the bootloader for some Intel(R) Server Boards, Ser ...) NOT-FOR-US: Intel CVE-2020-8709 (Improper authentication in socket services for some Intel(R) Server Bo ...) NOT-FOR-US: Intel CVE-2020-8708 (Improper authentication for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8707 (Buffer overflow in daemon for some Intel(R) Server Boards, Server Syst ...) NOT-FOR-US: Intel CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Server Sy ...) NOT-FOR-US: Intel CVE-2020-8705 RESERVED CVE-2020-8704 RESERVED CVE-2020-8703 RESERVED CVE-2020-8702 RESERVED CVE-2020-8701 RESERVED CVE-2020-8700 RESERVED CVE-2020-8699 RESERVED CVE-2020-8698 RESERVED CVE-2020-8697 RESERVED CVE-2020-8696 RESERVED CVE-2020-8695 RESERVED CVE-2020-8694 RESERVED CVE-2020-8693 RESERVED CVE-2020-8692 RESERVED CVE-2020-8691 RESERVED CVE-2020-8690 RESERVED CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open Source ...) - iwd 1.5-1 [buster] - iwd (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00379.html CVE-2020-8688 (Improper input validation in the Intel(R) RAID Web Console 3 for Windo ...) NOT-FOR-US: Intel CVE-2020-8687 (Uncontrolled search path in the installer for Intel(R) RSTe Software R ...) NOT-FOR-US: Intel CVE-2020-8686 RESERVED CVE-2020-8685 (Improper authentication in subsystem for Intel (R) LED Manager for NUC ...) NOT-FOR-US: Intel CVE-2020-8684 (Improper access control in firmware for Intel(R) PAC with Arria(R) 10 ...) NOT-FOR-US: Intel CVE-2020-8683 (Improper buffer restrictions in system driver for some Intel(R) Graphi ...) NOT-FOR-US: Intel CVE-2020-8682 (Out of bounds read in system driver for some Intel(R) Graphics Drivers ...) NOT-FOR-US: Intel CVE-2020-8681 (Out of bounds write in system driver for some Intel(R) Graphics Driver ...) NOT-FOR-US: Intel CVE-2020-8680 (Race condition in some Intel(R) Graphics Drivers before version 15.40. ...) NOT-FOR-US: Intel CVE-2020-8679 (Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics D ...) NOT-FOR-US: Intel CVE-2020-8678 RESERVED CVE-2020-8677 RESERVED CVE-2020-8676 RESERVED CVE-2020-8675 (Insufficient control flow management in firmware build and signing too ...) NOT-FOR-US: Intel CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM ...) NOT-FOR-US: Intel CVE-2020-8673 RESERVED CVE-2020-8672 RESERVED CVE-2020-8671 RESERVED CVE-2020-8670 RESERVED CVE-2020-8669 RESERVED CVE-2020-8668 RESERVED CVE-2020-8667 RESERVED CVE-2020-8666 RESERVED CVE-2020-8665 RESERVED CVE-2020-8664 (CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8663 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descr ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8662 RESERVED CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...) NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress CVE-2020-8657 (An issue was discovered in EyesOfNetwork 5.3. The installation uses th ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8656 (An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2. ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8655 (An issue was discovered in EyesOfNetwork 5.3. The sudoers configuratio ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8654 (An issue was discovered in EyesOfNetwork 5.3. An authenticated web use ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8653 RESERVED CVE-2020-8652 RESERVED CVE-2020-8651 RESERVED CVE-2020-8650 RESERVED CVE-2020-8646 RESERVED CVE-2020-8645 (An issue was discovered in Simplejobscript.com SJS through 1.66. There ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-8644 (PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. ...) NOT-FOR-US: PlaySMS CVE-2020-8643 RESERVED CVE-2020-8642 RESERVED CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...) NOT-FOR-US: Lotus Core CMS CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5 CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8640 RESERVED CVE-2020-8639 (An unrestricted file upload vulnerability in keywordsImport.php in Tes ...) NOT-FOR-US: TestLink CVE-2020-8638 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) NOT-FOR-US: TestLink CVE-2020-8637 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) NOT-FOR-US: TestLink CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...) NOT-FOR-US: OpServices OpMon CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) NOT-FOR-US: Wing FTP Server CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) NOT-FOR-US: Wing FTP Server CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...) {DLA-2113-1} - cloud-init 19.4-2 (bug #951363) [buster] - cloud-init (Minor issue) [stretch] - cloud-init (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 NOTE: https://github.com/canonical/cloud-init/pull/189 NOTE: https://github.com/canonical/cloud-init/commit/42788bf24a1a0a5421a2d00a7f59b59e38ba1a14 CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...) {DLA-2113-1} - cloud-init 19.4-2 (bug #951362) [buster] - cloud-init (Minor issue) [stretch] - cloud-init (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 NOTE: https://github.com/canonical/cloud-init/pull/204 CVE-2020-8630 RESERVED CVE-2020-8629 RESERVED CVE-2020-8628 RESERVED CVE-2020-8627 RESERVED CVE-2020-8626 RESERVED CVE-2020-8625 RESERVED CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21 ...) {DSA-4752-1} - bind9 1:9.16.6-1 (bug #966497) [stretch] - bind9 (Vulnerable code (dns_ssu_mtypefromstring()) introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8624 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/7630a64141a997b5247d9ad4a7dfff6ac6d9a485 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/5bf457e89a3fdc355aad74140f5e010b42d1df82 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/14aa0c5df65d28cf6aaf437151c6a008afb66fb1 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/e4cccf9668c7adee4724a7649ec64685f82c8677 (v9_11_22) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/393e8f643c02215fa4e6d4edf67be7d77085da0e (v9_11_22) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/58e560beb50873c699f3431cf57e215dc645d7aa (v9_11_22) CVE-2020-8623 (In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3 ...) {DSA-4752-1 DLA-2355-1} - bind9 1:9.16.6-1 NOTE: https://kb.isc.org/docs/cve-2020-8623 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/ac3862a5da95bb07b6cf748b0958175687a9de1d (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab (v9_11_22) CVE-2020-8622 (In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, ...) {DSA-4752-1 DLA-2355-1} - bind9 1:9.16.6-1 NOTE: https://kb.isc.org/docs/cve-2020-8622 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0eec632d6a5a474280017ec949d8a8014612f3b3 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/6ed167ad0a647dff20c8cb08c944a7967df2d415 (v9_11_22) CVE-2020-8621 (In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is confi ...) - bind9 1:9.16.6-1 [buster] - bind9 (Vulnerable code introduced in 9.14.x) [stretch] - bind9 (Vulnerable code introduced in 9.14.x) NOTE: https://kb.isc.org/docs/cve-2020-8621 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/81514ff925dfc6e0c293745e0fc8320a8af95586 (v9_16_6) CVE-2020-8620 (In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can ...) - bind9 1:9.16.6-1 [buster] - bind9 (Vulnerable code introduced later) [stretch] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8620 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9a372f2bce642545164d2b4408eb6c4e301acc5e (v9_16_6) CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9. ...) {DSA-4752-1} - bind9 1:9.16.4-1 [stretch] - bind9 (Vulnerable code introduced later) [jessie] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8619 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1718 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0854f631149848b64cc193979d0b0edf39159330 (v9_17_3) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/90a7416d1599df7aa1cdfac33b2da9352eeec4b0 (v9_11_21) CVE-2020-8618 (An attacker who is permitted to send zone data to a server via zone tr ...) - bind9 1:9.16.4-1 [buster] - bind9 (Vulnerable code introduced later) [stretch] - bind9 (Vulnerable code introduced later) [jessie] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8618 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1850 CVE-2020-8617 (Using a specially-crafted message, an attacker may potentially cause a ...) {DSA-4689-1 DLA-2227-1} - bind9 1:9.16.3-1 (bug #961939) NOTE: https://kb.isc.org/docs/cve-2020-8617 NOTE: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information CVE-2020-8616 (A malicious actor who intentionally exploits this lack of effective li ...) {DSA-4689-1 DLA-2227-1} - bind9 1:9.16.3-1 (bug #961939) NOTE: https://kb.isc.org/docs/cve-2020-8616 CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...) NOT-FOR-US: Tutor LMS plugin for WordPress CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An att ...) NOT-FOR-US: Askey devices CVE-2020-8613 RESERVED CVE-2020-8612 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2020-8611 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2020-8610 RESERVED CVE-2020-8609 RESERVED CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...) {DSA-4733-1 DLA-2288-1 DLA-2144-1 DLA-2142-1} - libslirp 4.2.0-1 - qemu 1:4.1-2 - qemu-kvm - slirp [buster] - slirp (Minor issue, too intrusive to backport) - slirp4netns 1.0.1-1 [buster] - slirp4netns (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775 NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. CVE-2020-8607 (An input validation vulnerability found in multiple Trend Micro produc ...) NOT-FOR-US: Trend Micro CVE-2020-8606 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8605 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8604 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8603 (A cross-site scripting vulnerability (XSS) in Trend Micro InterScan We ...) NOT-FOR-US: Trend Micro CVE-2020-8602 (A vulnerability in the management consoles of Trend Micro Deep Securit ...) NOT-FOR-US: Trend Micro CVE-2020-8601 (Trend Micro Vulnerability Protection 2.0 is affected by a vulnerabilit ...) NOT-FOR-US: Trend Micro CVE-2020-8600 (Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected ...) NOT-FOR-US: Trend Micro CVE-2020-8599 (Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnera ...) NOT-FOR-US: Trend Micro CVE-2020-8598 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overf ...) {DSA-4632-1 DLA-2097-1} - lwip 2.1.2+dfsg1-5 (bug #951291) [buster] - lwip 2.0.3-3+deb10u1 [experimental] - ppp 2.4.8-1+1~exp1 - ppp (bug #950618) NOTE: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86 NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...) NOT-FOR-US: Participants Database plugin for WordPress CVE-2020-8595 (Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and ...) NOT-FOR-US: Istio CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2020-8593 RESERVED CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...) NOT-FOR-US: eG Manager CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLogi ...) NOT-FOR-US: eG Manager CVE-2020-8590 RESERVED CVE-2020-8589 RESERVED CVE-2020-8588 RESERVED CVE-2020-8587 RESERVED CVE-2020-8586 RESERVED CVE-2020-8585 RESERVED CVE-2020-8584 RESERVED CVE-2020-8583 RESERVED CVE-2020-8582 RESERVED CVE-2020-8581 RESERVED CVE-2020-8580 RESERVED CVE-2020-8579 RESERVED CVE-2020-8578 RESERVED CVE-2020-8577 RESERVED CVE-2020-8576 (Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 a ...) NOT-FOR-US: ONTAP CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows versions prio ...) NOT-FOR-US: Active IQ Unified Manager CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship with th ...) NOT-FOR-US: Active IQ Unified Manager CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers ...) NOT-FOR-US: NetApp CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...) NOT-FOR-US: Element OS CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...) NOT-FOR-US: StorageGRID CVE-2020-8570 RESERVED CVE-2020-8569 RESERVED CVE-2020-8568 RESERVED CVE-2020-8567 RESERVED CVE-2020-8566 RESERVED CVE-2020-8565 RESERVED CVE-2020-8564 RESERVED CVE-2020-8563 RESERVED CVE-2020-8562 RESERVED CVE-2020-8561 RESERVED CVE-2020-8560 RESERVED CVE-2020-8559 (The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions pri ...) - kubernetes 1.18.5-1 NOTE: https://www.openwall.com/lists/oss-security/2020/07/15/6 CVE-2020-8558 (The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17. ...) - kubernetes 1.18.5-1 NOTE: Issue: https://github.com/kubernetes/kubernetes/issues/90259 NOTE: Upstream fix: https://github.com/kubernetes/kubernetes/pull/91569 CVE-2020-8557 (The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17. ...) - kubernetes 1.18.5-1 NOTE: https://github.com/kubernetes/kubernetes/issues/93032 NOTE: https://github.com/kubernetes/kubernetes/pull/92916 CVE-2020-8556 RESERVED CVE-2020-8555 (The Kubernetes kube-controller-manager in versions v1.0-1.14, versions ...) - kubernetes 1.18.2-1 NOTE: https://github.com/kubernetes/kubernetes/issues/91542 CVE-2020-8554 RESERVED CVE-2020-8553 (The Kubernetes ingress-nginx component prior to version 0.28.0 allows ...) NOT-FOR-US: Kubernetes ingress-nginx component CVE-2020-8552 (The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/89378 CVE-2020-8551 (The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1. ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/89377 CVE-2020-8550 RESERVED CVE-2020-8549 (Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPre ...) NOT-FOR-US: Strong Testimonials plugin for WordPress CVE-2020-8548 (massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resu ...) NOT-FOR-US: massCode CVE-2020-8547 (phpList 3.5.0 allows type juggling for admin login bypass because == i ...) - phplist (bug #612288) CVE-2020-8546 RESERVED CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...) NOT-FOR-US: AIL framework CVE-2020-8544 (OX App Suite through 7.10.3 allows SSRF. ...) NOT-FOR-US: OX App Suite CVE-2020-8543 (OX App Suite through 7.10.3 has Improper Input Validation. ...) NOT-FOR-US: OX App Suite CVE-2020-8542 (OX App Suite through 7.10.3 allows XSS. ...) NOT-FOR-US: OX App Suite CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks. ...) NOT-FOR-US: OX App Suite CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8539 RESERVED CVE-2020-8538 RESERVED CVE-2020-8537 RESERVED CVE-2020-8536 RESERVED CVE-2020-8535 RESERVED CVE-2020-8534 RESERVED CVE-2020-8533 RESERVED CVE-2020-8532 RESERVED CVE-2020-8531 RESERVED CVE-2020-8530 RESERVED CVE-2020-8529 RESERVED CVE-2020-8528 RESERVED CVE-2020-8527 RESERVED CVE-2020-8526 RESERVED CVE-2020-8525 RESERVED CVE-2020-8524 RESERVED CVE-2020-8523 RESERVED CVE-2020-8522 RESERVED CVE-2020-8521 (SQL injection with start and length parameters in Records.php for phpz ...) NOT-FOR-US: phpzag CVE-2020-8520 (SQL injection in order and column parameters in Records.php for phpzag ...) NOT-FOR-US: phpzag CVE-2020-8519 (SQL injection with the search parameter in Records.php for phpzag live ...) NOT-FOR-US: phpzag CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...) {DLA-2174-1} - php-horde-data 2.1.5-1 (bug #951537) [buster] - php-horde-data 2.1.4-5+deb10u1 [stretch] - php-horde-data 2.1.4-3+deb9u1 NOTE: https://lists.horde.org/archives/announce/2020/001285.html NOTE: https://github.com/horde/Data/commit/78ad0c2390176cdde7260a271bc6ddd86f4c9c0e CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) - squid 4.10-1 (unimportant) - squid3 (unimportant) NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_3.txt NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-c62d2b43ad4962ea44aa0c5edb4cc99cb83a413d.patch NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch NOTE: Debian binary packages are not build with --enable-external-acl-helpers="[...]LM_group[...". CVE-2020-8516 (** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0 ...) - tor (unimportant) NOTE: Not considered a bug / explicit design choice by upstream NOTE: https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html NOTE: https://trac.torproject.org/projects/tor/ticket/33129 NOTE: http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3. ...) NOT-FOR-US: DrayTek devices CVE-2020-8514 (An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a direc ...) NOT-FOR-US: Rumpus on macOS CVE-2020-8513 RESERVED CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webma ...) NOT-FOR-US: IceWarp Webmail Server CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute arbitr ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...) NOT-FOR-US: phpABook CVE-2020-8509 (Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticat ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...) NOT-FOR-US: Norman Malware Cleaner CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...) NOT-FOR-US: Citytv Video application for Android and iOS CVE-2020-8506 (The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Un ...) NOT-FOR-US: Global TV application for Android and iOS CVE-2020-8505 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) NOT-FOR-US: School Management Software PHP/mySQL CVE-2020-8504 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) NOT-FOR-US: School Management Software PHP/mySQL CVE-2020-8503 (Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.10 ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8502 RESERVED CVE-2020-8501 RESERVED CVE-2020-8500 (** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8499 RESERVED CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin befo ...) NOT-FOR-US: shortcode functionality of the GistPress plugin for WordPress CVE-2020-8497 (In Artica Pandora FMS through 7.42, an unauthenticated attacker can re ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...) {DLA-2280-1} - python3.8 3.8.3~rc1-1 - python3.7 [buster] - python3.7 3.7.3-2+deb10u2 - python3.5 - python3.4 [jessie] - python3.4 (Minor issue) - python2.7 (low; bug #970099) [buster] - python2.7 (Minor issue) [stretch] - python2.7 (Minor issue) [jessie] - python2.7 (Minor issue) NOTE: https://bugs.python.org/issue39503 NOTE: https://github.com/python/cpython/pull/18284 NOTE: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html NOTE: https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 (master) NOTE: https://github.com/python/cpython/commit/ea9e240aa02372440be8024acb110371f69c9d41 (3.8-branch) NOTE: https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e (3.7-branch) NOTE: https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e (3.6-branch) CVE-2020-8491 RESERVED CVE-2020-8490 RESERVED CVE-2020-8489 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8488 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8487 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8486 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8485 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8484 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8483 RESERVED CVE-2020-8482 (Insecure storage of sensitive information in ABB Device Library Wizard ...) NOT-FOR-US: ABB CVE-2020-8481 (For ABB products ABB Ability™ System 800xA and related system ex ...) NOT-FOR-US: ABB CVE-2020-8480 RESERVED CVE-2020-8479 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8478 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8477 (The installations for ABB System 800xA Information Manager versions 5. ...) NOT-FOR-US: ABB CVE-2020-8476 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8475 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8474 (Weak Registry permissions in ABB System 800xA Base allow low privilege ...) NOT-FOR-US: ABB CVE-2020-8473 (Insufficient folder permissions used by system functions in ABB System ...) NOT-FOR-US: ABB CVE-2020-8472 (Insufficient folder permissions used by system functions in ABB System ...) NOT-FOR-US: ABB CVE-2020-8471 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8470 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8469 (Trend Micro Password Manager for Windows version 5.0 is affected by a ...) NOT-FOR-US: Trend Micro CVE-2020-8468 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8467 (A migration tool component of Trend Micro Apex One (2019) and OfficeSc ...) NOT-FOR-US: Trend Micro CVE-2020-8466 RESERVED CVE-2020-8465 RESERVED CVE-2020-8464 RESERVED CVE-2020-8463 RESERVED CVE-2020-8462 RESERVED CVE-2020-8461 RESERVED CVE-2020-8460 RESERVED CVE-2020-8459 RESERVED CVE-2020-8458 RESERVED CVE-2020-8457 RESERVED CVE-2020-8456 RESERVED CVE-2020-8455 RESERVED CVE-2020-8454 RESERVED CVE-2020-8453 RESERVED CVE-2020-8452 RESERVED CVE-2020-8451 RESERVED CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer ...) {DSA-4682-1 DLA-2278-1} - squid 4.10-1 (bug #950802) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) {DSA-4682-1 DLA-2278-1} - squid 4.10-1 (bug #950802) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8446 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8445 (In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-ana ...) - ossec-hids (bug #361954) CVE-2020-8444 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8441 (JYaml through 1.3 allows remote code execution during deserialization ...) NOT-FOR-US: JYaml CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-8439 (Monstra CMS through 3.0.4 allows remote authenticated users to take ov ...) NOT-FOR-US: Monstra CMS CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...) NOT-FOR-US: Ruckus devices CVE-2020-8437 (The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505 ...) NOT-FOR-US: uTorrent CVE-2020-8436 (XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPre ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-8435 (An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for Wo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-8434 (Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 ...) NOT-FOR-US: Jenzabar JICS (aka Internet Campus Solution) CVE-2020-8433 RESERVED CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...) - u-boot 2020.01+dfsg-2 (low) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396799.html NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396853.html CVE-2020-8431 RESERVED CVE-2020-8430 (Stormshield Network Security 310 3.7.10 devices have an auth/lang.html ...) NOT-FOR-US: Stormshield Network Security 310 CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not ...) NOT-FOR-US: Kinetica CVE-2020-8427 (In Unitrends Backup before 10.4.1, an HTTP request parameter was not p ...) NOT-FOR-US: Kaseya Traverse CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...) NOT-FOR-US: Elementor plugin for WordPress CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmwa ...) NOT-FOR-US: TP-Link CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...) NOT-FOR-US: Joomla! CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...) NOT-FOR-US: Joomla! CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...) NOT-FOR-US: Joomla! CVE-2020-8418 RESERVED CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) NOT-FOR-US: Code Snippets plugin for WordPress CVE-2020-8416 (IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial ...) NOT-FOR-US: BearFTP CVE-2020-8415 RESERVED CVE-2020-8414 RESERVED CVE-2020-8413 RESERVED CVE-2020-8412 RESERVED CVE-2020-8411 RESERVED CVE-2020-8410 RESERVED CVE-2020-8409 RESERVED CVE-2020-8408 RESERVED CVE-2020-8407 RESERVED CVE-2020-8406 RESERVED CVE-2020-8405 RESERVED CVE-2020-8404 RESERVED CVE-2020-8403 RESERVED CVE-2020-8402 RESERVED CVE-2020-8401 RESERVED CVE-2020-8400 RESERVED CVE-2020-8399 RESERVED CVE-2020-8398 RESERVED CVE-2020-8397 RESERVED CVE-2020-8396 RESERVED CVE-2020-8395 RESERVED CVE-2020-8394 RESERVED CVE-2020-8393 RESERVED CVE-2020-8392 RESERVED CVE-2020-8391 RESERVED CVE-2020-8390 RESERVED CVE-2020-8389 RESERVED CVE-2020-8388 RESERVED CVE-2020-8387 RESERVED CVE-2020-8386 RESERVED CVE-2020-8385 RESERVED CVE-2020-8384 RESERVED CVE-2020-8383 RESERVED CVE-2020-8382 RESERVED CVE-2020-8381 RESERVED CVE-2020-8380 RESERVED CVE-2020-8379 RESERVED CVE-2020-8378 RESERVED CVE-2020-8377 RESERVED CVE-2020-8376 RESERVED CVE-2020-8375 RESERVED CVE-2020-8374 RESERVED CVE-2020-8373 RESERVED CVE-2020-8372 RESERVED CVE-2020-8371 RESERVED CVE-2020-8370 RESERVED CVE-2020-8369 RESERVED CVE-2020-8368 RESERVED CVE-2020-8367 RESERVED CVE-2020-8366 RESERVED CVE-2020-8365 RESERVED CVE-2020-8364 RESERVED CVE-2020-8363 RESERVED CVE-2020-8362 RESERVED CVE-2020-8361 RESERVED CVE-2020-8360 RESERVED CVE-2020-8359 RESERVED CVE-2020-8358 RESERVED CVE-2020-8357 RESERVED CVE-2020-8356 RESERVED CVE-2020-8355 RESERVED CVE-2020-8354 RESERVED CVE-2020-8353 RESERVED CVE-2020-8352 RESERVED CVE-2020-8351 RESERVED CVE-2020-8350 RESERVED CVE-2020-8349 RESERVED CVE-2020-8348 RESERVED CVE-2020-8347 RESERVED CVE-2020-8346 (A denial of service vulnerability was reported in the Lenovo Vantage c ...) NOT-FOR-US: Lenovo CVE-2020-8345 RESERVED CVE-2020-8344 RESERVED CVE-2020-8343 RESERVED CVE-2020-8342 (A race condition vulnerability was reported in Lenovo System Update pr ...) NOT-FOR-US: Lenovo CVE-2020-8341 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...) NOT-FOR-US: Lenovo CVE-2020-8340 (A cross-site scripting (XSS) vulnerability was discovered in the legac ...) NOT-FOR-US: IBM CVE-2020-8339 (A cross-site scripting inclusion (XSSI) vulnerability was reported in ...) NOT-FOR-US: IBM CVE-2020-8338 RESERVED CVE-2020-8337 (An unquoted search path vulnerability was reported in versions prior t ...) NOT-FOR-US: Synaptics Smart Audio UWP app CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on some Th ...) NOT-FOR-US: Lenovo CVE-2020-8335 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) NOT-FOR-US: Lenovo CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) NOT-FOR-US: Lenovo CVE-2020-8333 RESERVED CVE-2020-8332 RESERVED CVE-2020-8331 REJECTED CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...) NOT-FOR-US: Lenovo CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...) NOT-FOR-US: Lenovo CVE-2020-8328 RESERVED CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...) NOT-FOR-US: Lenovo CVE-2020-8326 (An unquoted service path vulnerability was reported in Lenovo Drivers ...) NOT-FOR-US: Lenovo CVE-2020-8325 RESERVED CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...) NOT-FOR-US: Lenovo CVE-2020-8323 (A potential vulnerability in the SMI callback function used in the Leg ...) NOT-FOR-US: Lenovo CVE-2020-8322 (A potential vulnerability in the SMI callback function used in the Leg ...) NOT-FOR-US: Lenovo CVE-2020-8321 (A potential vulnerability in the SMI callback function used in the Sys ...) NOT-FOR-US: Lenovo CVE-2020-8320 (An internal shell was included in BIOS image in some ThinkPad models t ...) NOT-FOR-US: Lenovo CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo System Int ...) NOT-FOR-US: Lenovo CVE-2020-8318 (A privilege escalation vulnerability was reported in the LenovoSystemU ...) NOT-FOR-US: Lenovo CVE-2020-8317 (A DLL search path vulnerability was reported in Lenovo Drivers Managem ...) NOT-FOR-US: Lenovo CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...) NOT-FOR-US: Lenovo CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...) {DSA-4698-1 DSA-4667-1 DLA-2242-1} - linux 5.4.19-1 [jessie] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6 CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ...) - python3.8 (Windows-specific) - python3.7 (Windows-specific) NOTE: https://bugs.python.org/issue39401 CVE-2020-8314 RESERVED CVE-2020-8313 RESERVED CVE-2020-8312 RESERVED CVE-2020-8311 RESERVED CVE-2020-8310 RESERVED CVE-2020-8309 RESERVED CVE-2020-8308 RESERVED CVE-2020-8307 RESERVED CVE-2020-8306 RESERVED CVE-2020-8305 RESERVED CVE-2020-8304 RESERVED CVE-2020-8303 RESERVED CVE-2020-8302 RESERVED CVE-2020-8301 RESERVED CVE-2020-8300 RESERVED CVE-2020-8299 RESERVED CVE-2020-8298 RESERVED CVE-2020-8297 RESERVED CVE-2020-8296 RESERVED CVE-2020-8295 RESERVED CVE-2020-8294 RESERVED CVE-2020-8293 RESERVED CVE-2020-8292 RESERVED CVE-2020-8291 RESERVED CVE-2020-8290 RESERVED CVE-2020-8289 RESERVED CVE-2020-8288 RESERVED CVE-2020-8287 RESERVED CVE-2020-8286 RESERVED CVE-2020-8285 RESERVED CVE-2020-8284 RESERVED CVE-2020-8283 RESERVED CVE-2020-8282 RESERVED CVE-2020-8281 RESERVED CVE-2020-8280 RESERVED CVE-2020-8279 RESERVED CVE-2020-8278 RESERVED CVE-2020-8277 RESERVED CVE-2020-8276 RESERVED CVE-2020-8275 RESERVED CVE-2020-8274 RESERVED CVE-2020-8273 RESERVED CVE-2020-8272 RESERVED CVE-2020-8271 RESERVED CVE-2020-8270 RESERVED CVE-2020-8269 RESERVED CVE-2020-8268 RESERVED CVE-2020-8267 RESERVED CVE-2020-8266 RESERVED CVE-2020-8265 RESERVED CVE-2020-8264 RESERVED CVE-2020-8263 RESERVED CVE-2020-8262 RESERVED CVE-2020-8261 RESERVED CVE-2020-8260 RESERVED CVE-2020-8259 RESERVED CVE-2020-8258 RESERVED CVE-2020-8257 RESERVED CVE-2020-8256 RESERVED CVE-2020-8255 RESERVED CVE-2020-8254 RESERVED CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...) NOT-FOR-US: Citrix CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18.4, an ...) - libuv1 1.39.0-1 NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one NOTE: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd CVE-2020-8251 (Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) att ...) - nodejs (Only affects 14.x series) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251 CVE-2020-8250 RESERVED CVE-2020-8249 RESERVED CVE-2020-8248 RESERVED CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) NOT-FOR-US: Citrix CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) NOT-FOR-US: Citrix CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before ...) NOT-FOR-US: Citrix CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, &l ...) - node-bl 4.0.3-1 (bug #969309) [buster] - node-bl (Minor issue) [stretch] - node-bl (Minor issue) NOTE: https://hackerone.com/reports/966347 NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190 CVE-2020-8243 RESERVED CVE-2020-8242 RESERVED CVE-2020-8241 RESERVED CVE-2020-8240 RESERVED CVE-2020-8239 RESERVED CVE-2020-8238 RESERVED CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lead to ...) TODO: check CVE-2020-8236 RESERVED CVE-2020-8235 RESERVED CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 w ...) NOT-FOR-US: EdgeMax EdgeSwitch firmware CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware <v1 ...) NOT-FOR-US: Edgeswitch CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...) NOT-FOR-US: Edgeswitch CVE-2020-8231 RESERVED - curl 7.72.0-1 (bug #968831) NOTE: https://curl.haxx.se/docs/CVE-2020-8231.html NOTE: https://github.com/curl/curl/pull/5824 NOTE: https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8 CVE-2020-8230 (A memory corruption vulnerability exists in NextCloud Desktop Client v ...) - nextcloud-desktop (Windows-specific) CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop Clie ...) - nextcloud-desktop (Windows-specific) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-034 NOTE: Windows-specific code in shell_integration/windows/OCUtil NOTE: https://hackerone.com/reports/588562 CVE-2020-8228 RESERVED CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client ...) - nextcloud-desktop 3.0.1-1 [buster] - nextcloud-desktop (Minor issue) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-032 NOTE: https://hackerone.com/reports/685552 CVE-2020-8226 (A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allow ...) NOT-FOR-US: phpBB CVE-2020-8225 (A cleartext storage of sensitive information in Nextcloud Desktop Clie ...) - nextcloud-desktop 3.0.1-1 [buster] - nextcloud-desktop (Minor issue) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-031 CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...) - nextcloud-desktop (Windows-specific) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030 NOTE: https://hackerone.com/reports/622170 CVE-2020-8223 RESERVED CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R ...) NOT-FOR-US: Pulse CVE-2020-8221 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R ...) NOT-FOR-US: Pulse CVE-2020-8220 (A denial of service vulnerability exists in Pulse Connect Secure <9 ...) NOT-FOR-US: Pulse CVE-2020-8219 (An insufficient permission check vulnerability exists in Pulse Connect ...) NOT-FOR-US: Pulse CVE-2020-8218 (A code injection vulnerability exists in Pulse Connect Secure <9.1R ...) NOT-FOR-US: Pulse CVE-2020-8217 (A cross site scripting (XSS) vulnerability in Pulse Connect Secure < ...) NOT-FOR-US: Pulse CVE-2020-8216 (An information disclosure vulnerability in meeting of Pulse Connect Se ...) NOT-FOR-US: Pulse CVE-2020-8215 (A buffer overflow is present in canvas version <= 1.6.9, which coul ...) NOT-FOR-US: Node canvas CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an atta ...) NOT-FOR-US: servey CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect before v ...) NOT-FOR-US: UniFi Protect CVE-2020-8212 (Improper access control in Citrix XenMobile Server 10.12 before RP3, C ...) NOT-FOR-US: Citrix CVE-2020-8211 (Improper input validation in Citrix XenMobile Server 10.12 before RP3, ...) NOT-FOR-US: Citrix CVE-2020-8210 (Insufficient protection of secrets in Citrix XenMobile Server 10.12 be ...) NOT-FOR-US: Citrix CVE-2020-8209 (Improper access control in Citrix XenMobile Server 10.12 before RP2, C ...) NOT-FOR-US: Citrix CVE-2020-8208 (Improper input validation in Citrix XenMobile Server 10.12 before RP1, ...) NOT-FOR-US: Citrix CVE-2020-8207 (Improper access control in Citrix Workspace app for Windows 1912 CU1 a ...) NOT-FOR-US: Citrix CVE-2020-8206 (An improper authentication vulnerability exists in Pulse Connect Secur ...) NOT-FOR-US: Pulse CVE-2020-8205 (The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable ...) NOT-FOR-US: Node uppy CVE-2020-8204 (A cross site scripting (XSS) vulnerability exists in Pulse Connect Sec ...) NOT-FOR-US: Pulse CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash <= ...) - node-lodash 4.17.19+dfsg-1 (bug #965283) [buster] - node-lodash (Minor issue; can be fixed via point release) [stretch] - node-lodash (Nodejs in stretch not covered by security support) NOTE: https://hackerone.com/reports/712065 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...) NOT-FOR-US: Nextcloud Preferred Providers app CVE-2020-8201 (Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP d ...) - nodejs 12.18.4~dfsg-1 [buster] - nodejs (Only affects 12.x and later) [stretch] - nodejs (Only affects 12.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201 CVE-2020-8200 (Improper authentication in Citrix StoreFront Server < 1912.0.1000 a ...) NOT-FOR-US: Citrix CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...) NOT-FOR-US: Citrix CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8197 (Privilege escalation vulnerability on Citrix ADC and Citrix Gateway ve ...) NOT-FOR-US: Citrix CVE-2020-8196 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) NOT-FOR-US: Citrix CVE-2020-8195 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8194 (Reflected code injection in Citrix ADC and Citrix Gateway versions bef ...) NOT-FOR-US: Citrix CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) NOT-FOR-US: Citrix CVE-2020-8192 (A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0 ...) NOT-FOR-US: Node fastify CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...) NOT-FOR-US: Citrix CVE-2020-8189 (A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed ...) - nextcloud-desktop 3.0.1-1 [buster] - nextcloud-desktop (Minor issue) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-027 CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...) NOT-FOR-US: UniFi Protect CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8186 (A command injection vulnerability in the `devcert` module may lead to ...) NOT-FOR-US: Node devcert CVE-2020-8185 (A denial of service vulnerability exists in Rails <6.0.3.2 that all ...) [experimental] - rails 6.0.3.2+dfsg-1 (bug #964081) - rails (Introduced in rails 6.x) NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0 CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...) {DLA-2275-1} - ruby-rack (bug #963477) [buster] - ruby-rack (Minor issue) NOTE: https://hackerone.com/reports/895727 NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c CVE-2020-8183 RESERVED CVE-2020-8182 RESERVED CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...) NOT-FOR-US: Nextcloud Contacts CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...) NOT-FOR-US: Nextcloud Talk CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18 may ...) - node-jison (Vulnerable code not included in Debian source) NOTE: https://hackerone.com/reports/690010 NOTE: ports/ is stripped/excluded in the src:node-jison source package. CVE-2020-8177 RESERVED {DLA-2295-1} - curl 7.72.0-1 (bug #965281) NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0) CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.6 ...) NOT-FOR-US: koa-shopify-auth CVE-2020-8175 (Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow ...) NOT-FOR-US: Node jimp CVE-2020-8174 (napi_get_value_string_*() allows various kinds of memory corruption in ...) {DSA-4696-1} - nodejs 10.21.0~dfsg-1 (bug #962145) [stretch] - nodejs (Nodejs in stretch not covered by security support) [jessie] - nodejs (Nodejs in jessie not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#napi_get_value_string_-allows-various-kinds-of-memory-corruption-high-cve-2020-8174 CVE-2020-8173 RESERVED CVE-2020-8172 (TLS session reuse can lead to host certificate verification bypass in ...) - nodejs (Only affects 12.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172 CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS CVE-2020-8169 RESERVED - curl 7.72.0-1 (bug #965280) [stretch] - curl (Vulnerable code introduced later) [jessie] - curl (Vulnerable code introduced later) NOTE: https://curl.haxx.se/docs/CVE-2020-8169.html NOTE: https://github.com/curl/curl/commit/600a8cded447cd7118ed50142c576567c0cf5158 (7.71.0) CVE-2020-8168 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS CVE-2020-8167 (A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that ...) - rails 2:5.2.4.3+dfsg-1 [stretch] - rails (Vulnerable code introduced later) [jessie] - rails (Vulnerable code introduced later) NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3 CVE-2020-8166 (A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6. ...) - rails 2:5.2.4.3+dfsg-1 [stretch] - rails (Vulnerable code introduced later) [jessie] - rails (Vulnerable code introduced later) NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1 NOTE: per-form CSRF token introduced in 5.x: https://github.com/rails/rails/commit/3e98819e20bc113343d4d4c0df614865ad5a9d3a CVE-2020-8165 (A deserialization of untrusted data vulnernerability exists in rails & ...) {DLA-2282-1 DLA-2251-1} - rails 2:5.2.4.3+dfsg-1 NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend) NOTE: https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend) NOTE: Redis backend introduced in 5.2: https://github.com/rails/rails/commit/9f8ec3535247ac41a9c92e84ddc7a3b771bc318b CVE-2020-8164 (A deserialization of untrusted data vulnerability exists in rails < ...) {DLA-2282-1 DLA-2251-1} [experimental] - rails 2:6.0.3.1+dfsg-1 - rails 2:5.2.4.3+dfsg-1 NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec CVE-2020-8163 (The is a code injection vulnerability in versions of Rails prior to 5. ...) {DLA-2282-1} - rails 2:5.2.0+dfsg-2 NOTE: https://weblog.rubyonrails.org/2020/5/15/Rails-4-2-11-2-has-been-released/ NOTE: https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/ NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0 NOTE: https://github.com/rails/rails/commit/4c46a15e0a7815ca9e4cd7c7fda042eb8c1b7724 (4.2.11.2) NOTE: Follow-up needed due to breaking change: https://github.com/rails/rails/issues/39301 NOTE: https://github.com/rails/rails/commit/1f3db0ad793441a0c00e85d56228fc80aafbe6c1 (4.2.11.3) NOTE: Follow-up #2: NOTE: https://github.com/rails/rails/commit/0ecaaf76d1b79cf2717cdac754e55b4114ad6599 (4-2-stable) NOTE: For rails 5.0 the issue is fixed in >= 5.0.1 CVE-2020-8162 (A client side enforcement of server side security vulnerability exists ...) - rails 2:5.2.4.3+dfsg-1 [stretch] - rails (Vulnerable code introduced later) [jessie] - rails (Vulnerable code introduced later) NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 that all ...) {DLA-2275-1 DLA-2216-1} - ruby-rack 2.1.1-5 [buster] - ruby-rack (Minor issue; can be fixed via point release) NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa NOTE: Test: https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94 CVE-2020-8160 RESERVED CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...) - ruby-actionpack-page-caching 1.2.2-1 (bug #960680) [buster] - ruby-actionpack-page-caching (Minor issue) NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package < 0.2.25 m ...) NOT-FOR-US: TypeORM CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...) NOT-FOR-US: UniFi Cloud Key CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...) NOT-FOR-US: Nextcloud Mail CVE-2020-8155 (An outdated 3rd party library in the Files PDF viewer for Nextcloud Se ...) - nextcloud-server (bug #941708) CVE-2020-8154 (An Insecure direct object reference vulnerability in Nextcloud Server ...) - nextcloud-server (bug #941708) CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to delete hi ...) NOT-FOR-US: Nextcloud Groupfolders app CVE-2020-8152 RESERVED CVE-2020-8151 (There is a possible information disclosure issue in Active Resource &l ...) - rails (Vulnerable code splitted out upstream before initial upload to Debian) NOTE: ActiveResource was extracted to a separate gem in starting in the 4.0 rails NOTE: release as it was not widely used. CVE-2020-8150 RESERVED CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...) NOT-FOR-US: Node logkitty CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enab ...) NOT-FOR-US: UniFi Cloud Key firmware CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...) NOT-FOR-US: Node utils-extend CVE-2020-8146 (In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privi ...) NOT-FOR-US: UniFi CVE-2020-8145 (The UniFi Video Server (Windows) web interface configuration restore f ...) NOT-FOR-US: UniFi CVE-2020-8144 (The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web i ...) NOT-FOR-US: UniFi CVE-2020-8143 (An Open Redirect vulnerability was discovered in Revive Adserver versi ...) NOT-FOR-US: Revive Adserver CVE-2020-8142 (A security restriction bypass vulnerability has been discovered in Rev ...) NOT-FOR-US: Revive Adserver CVE-2020-8141 (The dot package v1.1.2 uses Function() to compile templates. This can ...) - node-dot 1.1.3+ds-1 [buster] - node-dot 1.1.1-1+deb10u1 NOTE: https://hackerone.com/reports/390929 CVE-2020-8140 (A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed t ...) - nextcloud-desktop (MacOS-specific) CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1, < 1 ...) - nextcloud-server (bug #941708) CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server < 1 ...) - nextcloud-server (bug #941708) CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...) NOT-FOR-US: Node blamer CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5 allo ...) NOT-FOR-US: Node fastify-multipart CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request ...) NOT-FOR-US: Node uppy CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...) NOT-FOR-US: Ghost CMS CVE-2020-8133 RESERVED CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...) NOT-FOR-US: Node pdf-image package CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...) - node-yarnpkg 1.22.4-2 (bug #952912) [buster] - node-yarnpkg (Minor issue) NOTE: https://hackerone.com/reports/730239 NOTE: https://github.com/yarnpkg/yarn/pull/7831 CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake < 12.3. ...) {DLA-2120-1} - rake 12.3.3-1 [buster] - rake 12.3.1-3+deb10u1 [stretch] - rake 10.5.0-2+deb9u1 NOTE: https://hackerone.com/reports/651518 NOTE: Fixed by: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee (v12.3.3) CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...) NOT-FOR-US: script-manager nodejs module CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities ...) NOT-FOR-US: jsreport CVE-2020-8127 (Insufficient validation in cross-origin communication (postMessage) in ...) NOT-FOR-US: reveal.js CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...) NOT-FOR-US: Ubiquiti Networks EdgeSwitch CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...) NOT-FOR-US: klona node module CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...) - node-url-parse 1.4.7-1 [buster] - node-url-parse (Minor issue) [stretch] - node-url-parse (Nodejs in stretch not covered by security support) NOTE: https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b NOTE: https://hackerone.com/reports/496293 CVE-2020-8123 (A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that ...) NOT-FOR-US: strapi CVE-2020-8122 (A missing check in Nextcloud Server 14.0.3 could give recipient the po ...) - nextcloud-server (bug #941708) CVE-2020-8121 (A bug in Nextcloud Server 14.0.4 could expose more data in reshared li ...) - nextcloud-server (bug #941708) CVE-2020-8120 (A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16. ...) - nextcloud-server (bug #941708) CVE-2020-8119 (Improper authorization in Nextcloud server 17.0.0 causes leaking of pr ...) - nextcloud-server (bug #941708) CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud server 16.0. ...) - nextcloud-server (bug #941708) CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3 causes ...) - nextcloud-server (bug #941708) CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package versions bef ...) - node-dot-prop 5.2.0-1 [buster] - node-dot-prop 4.1.1-1+deb10u1 NOTE: https://hackerone.com/reports/719856 NOTE: https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2 CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...) NOT-FOR-US: Revive Adserver CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...) {DLA-2277-1 DLA-2089-1} - openjpeg2 (bug #950184) [buster] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1231 CVE-2020-8111 RESERVED CVE-2020-8110 RESERVED CVE-2020-8109 RESERVED CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...) NOT-FOR-US: Bitdefender CVE-2020-8107 RESERVED CVE-2020-8106 RESERVED CVE-2020-8105 RESERVED CVE-2020-8104 RESERVED CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...) NOT-FOR-US: Bitdefender Antivirus Free CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser compone ...) NOT-FOR-US: Safepay CVE-2020-8101 RESERVED CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as ...) NOT-FOR-US: Bitdefender CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...) NOT-FOR-US: Bitdefender Antivirus Free CVE-2020-8098 RESERVED CVE-2020-8097 (An improper authentication vulnerability in Bitdefender Endpoint Secur ...) NOT-FOR-US: Bitdefender CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level Antimalw ...) NOT-FOR-US: Bitdefender CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion ...) NOT-FOR-US: Bitdefender Total Security CVE-2020-8094 RESERVED CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...) NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...) NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...) NOT-FOR-US: TYPO3 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) NOT-FOR-US: A1 WLAN Box ADB VV2220v2 devices CVE-2020-8089 (Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to th ...) - piwigo CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login bypass ...) NOT-FOR-US: UseBB CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...) NOT-FOR-US: SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices CVE-2020-8086 (The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01 ...) {DSA-4612-1} - prosody-modules 0.0~hg20200128.09e7e880e056+dfsg-1 NOTE: https://hg.prosody.im/prosody-modules/rev/f2b29183ef08 NOTE: https://prosody.im/security/advisory_20200128/ CVE-2020-8085 RESERVED CVE-2020-8084 RESERVED CVE-2020-8083 RESERVED CVE-2020-8082 RESERVED CVE-2020-8081 RESERVED CVE-2020-8080 RESERVED CVE-2020-8079 RESERVED CVE-2020-8078 RESERVED CVE-2020-8077 RESERVED CVE-2020-8076 RESERVED CVE-2020-8075 RESERVED CVE-2020-8074 RESERVED CVE-2020-8073 RESERVED CVE-2020-8072 RESERVED CVE-2020-8071 RESERVED CVE-2020-8070 RESERVED CVE-2020-8069 RESERVED CVE-2020-8068 RESERVED CVE-2020-8067 RESERVED CVE-2020-8066 RESERVED CVE-2020-8065 RESERVED CVE-2020-8064 RESERVED CVE-2020-8063 RESERVED CVE-2020-8062 RESERVED CVE-2020-8061 RESERVED CVE-2020-8060 RESERVED CVE-2020-8059 RESERVED CVE-2020-8058 RESERVED CVE-2020-8057 RESERVED CVE-2020-8056 RESERVED CVE-2020-8055 RESERVED CVE-2020-8054 RESERVED CVE-2020-8053 RESERVED CVE-2020-8052 RESERVED CVE-2020-8051 RESERVED CVE-2020-8050 RESERVED CVE-2020-8049 RESERVED CVE-2020-8048 RESERVED CVE-2020-8047 RESERVED CVE-2020-8046 RESERVED CVE-2020-8045 RESERVED CVE-2020-8044 RESERVED CVE-2020-8043 RESERVED CVE-2020-8042 RESERVED CVE-2020-8041 RESERVED CVE-2020-8040 RESERVED CVE-2020-8039 RESERVED CVE-2020-8038 RESERVED CVE-2020-8037 RESERVED CVE-2020-8036 RESERVED CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...) {DLA-2230-1} - php-horde 5.2.23+debian0-1 (bug #963809) [buster] - php-horde 5.2.20+debian0-1+deb10u2 [stretch] - php-horde 5.2.13+debian0-1+deb9u2 NOTE: https://github.com/horde/base/commit/64127fe3c2b9843c9760218e59dae9731cc56bdf NOTE: https://lists.horde.org/archives/announce/2020/001290.html CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.2 ...) {DLA-2229-1} - php-horde-gollem 3.0.12-6 (bug #961649) [buster] - php-horde-gollem 3.0.12-3+deb10u1 [stretch] - php-horde-gollem 3.0.10-1+deb9u1 NOTE: https://lists.horde.org/archives/announce/2020/001289.html NOTE: https://github.com/horde/gollem/commit/a73bef1aef27d4cbfc7b939c2a81dea69aabb083 CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...) NOT-FOR-US: Ruckus CVE-2020-8032 RESERVED CVE-2020-8031 RESERVED CVE-2020-8030 RESERVED CVE-2020-8029 RESERVED CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...) TODO: check CVE-2020-8027 RESERVED CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) - inn2 (inews has correct ownership in Debian) CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the permis ...) NOT-FOR-US: SAP CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging of hyla ...) - hylafax (SuSE-specific packaging issue) CVE-2020-8023 (A acceptance of Extraneous Untrusted Data With Trusted Data vulnerabil ...) NOT-FOR-US: SAP CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...) NOT-FOR-US: SAP CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...) - open-build-service NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649 CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...) - open-build-service NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439 NOTE: https://github.com/openSUSE/open-build-service/commit/7cc32c8e2ff7290698e101d9a80a9dc29a5500fb CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) NOT-FOR-US: SAP CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...) NOT-FOR-US: Some SLES images CVE-2020-8017 (A Race Condition Enabling Link Following vulnerability in the cron job ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8016 (A Race Condition Enabling Link Following vulnerability in the packagin ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8015 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8014 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) - kopanocore (SuSE-specific packaging issue) CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of S ...) NOT-FOR-US: chkstat CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...) NOT-FOR-US: AVB MOTU devices CVE-2020-8008 RESERVED CVE-2020-8007 RESERVED CVE-2020-8006 RESERVED CVE-2020-8005 RESERVED CVE-2020-8004 (STMicroelectronics STM32F1 devices have Incorrect Access Control. ...) NOT-FOR-US: STMicroelectronics STM32F1 devices CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...) - virglrenderer 0.8.2-1 (bug #949954) [buster] - virglrenderer (Minor issue) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42 CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...) - virglrenderer 0.8.2-1 (bug #949954) [buster] - virglrenderer (Minor issue) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5 CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a hardcoded pass ...) NOT-FOR-US: Intellian Aptus application for Android CVE-2020-8000 (Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7999 (The Intellian Aptus application 1.0.2 for Android has hardcoded values ...) NOT-FOR-US: Intellian Aptus application for Android CVE-2020-7998 (An arbitrary file upload vulnerability has been discovered in the Supe ...) NOT-FOR-US: Super File Explorer app for iOS CVE-2020-7997 (ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Na ...) NOT-FOR-US: ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices CVE-2020-7996 (htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via th ...) - dolibarr CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allow ...) - dolibarr CVE-2020-7994 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 ...) - dolibarr CVE-2020-7993 (Prototype 1.6.0.1 allows remote authenticated users to forge ticket cr ...) NOT-FOR-US: Prototype node module CVE-2020-7992 RESERVED CVE-2020-7991 (Adive Framework 2.0.8 has admin/config CSRF to change the Administrato ...) NOT-FOR-US: Adive Framework CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS. ...) NOT-FOR-US: Adive Framework CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...) NOT-FOR-US: Adive Framework CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4 ...) NOT-FOR-US: phpIPAM CVE-2020-7987 RESERVED CVE-2020-7986 RESERVED CVE-2020-7985 RESERVED CVE-2020-7984 (SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allow ...) NOT-FOR-US: SolarWinds CVE-2020-7983 (A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows re ...) NOT-FOR-US: Ruckus CVE-2020-7982 (An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and ...) NOT-FOR-US: OpenWrt CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) - ruby-geocoder 1.5.1-3 (bug #949870) NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7979 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...) - gitlab (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7978 (GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. ...) - gitlab (Only affects Gitlab EE 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7977 (GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. ...) - gitlab (Only affects Gitlab EE 8.8 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7976 (GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. ...) - gitlab (Only affects Gitlab EE 12.4 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7975 REJECTED CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure. ...) - gitlab (Only affects Gitlab EE 10.1 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7973 (GitLab through 12.7.2 allows XSS. ...) [experimental] - gitlab 12.6.7-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). ...) - gitlab (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS. ...) - gitlab (Only affects Gitlab EE 11.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7970 RESERVED CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. ...) - gitlab (Only affects Gitlab EE 8.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. ...) [experimental] - gitlab 12.6.7-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). ...) - gitlab (ONly affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7966 (GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. ...) - gitlab (Only affects Gitlab EE 11.11 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...) NOT-FOR-US: webargs CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect ...) NOT-FOR-US: Mirumee Saleor CVE-2020-7963 RESERVED CVE-2020-7962 RESERVED CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE ...) NOT-FOR-US: Liferay Portal CVE-2020-7960 RESERVED CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...) NOT-FOR-US: LabVantage LIMS CVE-2020-7958 (An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. ...) NOT-FOR-US: OnePlus 7 Pro devices CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...) - dovecot (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/2 CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...) - nomad 0.10.3+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7003 CVE-2020-7955 (HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...) - consul 1.7.0+dfsg1-1 (bug #950736) [buster] - consul (Minor issue) NOTE: https://github.com/hashicorp/consul/issues/7160 NOTE: Fixed in 1.6.3. CVE-2020-7954 (An issue was discovered in OpServices OpMon 9.3.2. Starting from the a ...) NOT-FOR-US: OpServices OpMon CVE-2020-7953 (An issue was discovered in OpServices OpMon 9.3.2. Without authenticat ...) NOT-FOR-US: OpServices OpMon CVE-2020-7952 (rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attacke ...) NOT-FOR-US: rendersystemdx9.dll in Valve Dota 2 CVE-2020-7951 (meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to ...) NOT-FOR-US: Dota 2 CVE-2020-7950 (meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to ...) NOT-FOR-US: Dota 2 CVE-2020-7949 (schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers ...) NOT-FOR-US: Dota 2 CVE-2020-7948 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-7946 RESERVED CVE-2020-7945 (Local registry credentials were included directly in the CD4PE deploym ...) NOT-FOR-US: Puppet Enterprise CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...) NOT-FOR-US: Puppet Enterprise CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...) - puppet (low) [stretch] - puppet (Minor issue) [buster] - puppet (Minor issue) [jessie] - puppet (vulnerable code not present) - puppetdb (low) [buster] - puppetdb (Minor issue) NOTE: https://puppet.com/security/cve/CVE-2020-7943/ NOTE: https://github.com/puppetlabs/puppet_metrics_dashboard/pull/92 CVE-2020-7942 (Previously, Puppet operated on a model that a node with a valid certif ...) - puppet (unimportant) NOTE: This CVE assignment is for switching the default setting of strict_hostname_checking, NOTE: the option is available in older Puppet releases (such as 4.8 from Stretch) NOTE: https://puppet.com/security/cve/CVE-2020-7942/ CVE-2020-7941 (A privilege escalation issue in plone.app.contenttypes in Plone 4.3 th ...) NOT-FOR-US: Plone CVE-2020-7940 (Missing password strength checks on some forms in Plone 4.3 through 5. ...) NOT-FOR-US: Plone CVE-2020-7939 (SQL Injection in DTML or in connection objects in Plone 4.0 through 5. ...) NOT-FOR-US: Plone CVE-2020-7938 (plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain ...) NOT-FOR-US: Plone CVE-2020-7937 (An XSS issue in the title field in Plone 5.0 through 5.2.1 allows user ...) NOT-FOR-US: Plone CVE-2020-7936 (An open redirect on the login form (and possibly other places) in Plon ...) NOT-FOR-US: Plone CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, ...) NOT-FOR-US: LifeRay Portal CVE-2020-7933 RESERVED CVE-2020-7932 (OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g. ...) NOT-FOR-US: OMERO CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...) NOT-FOR-US: JFrog Artifactory CVE-2020-7930 RESERVED CVE-2020-7929 RESERVED CVE-2020-7928 RESERVED CVE-2020-7927 RESERVED CVE-2020-7926 RESERVED CVE-2020-7925 RESERVED CVE-2020-7924 RESERVED CVE-2020-7923 (A user authorized to perform database queries may cause denial of serv ...) {DLA-2344-1} - mongodb NOTE: https://jira.mongodb.org/browse/SERVER-47773 CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...) NOT-FOR-US: MongoDB Enterprise CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...) - mongodb [stretch] - mongodb (Minor issue) [jessie] - mongodb (Minor issue) NOTE: https://jira.mongodb.org/browse/SERVER-45472 CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...) NOT-FOR-US: Percona Monitoring and Management (PMM) CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte ...) - golang-1.14 1.14~rc1-1 - golang-1.13 1.13.7-1 - golang-1.11 [buster] - golang-1.11 (Minor issue, can be fixed along in next DSA) - golang-1.8 [stretch] - golang-1.8 (Minor issue) - golang-1.7 [stretch] - golang-1.7 (Minor issue) - golang NOTE: https://github.com/golang/go/issues/36837 NOTE: https://github.com/golang/go/commit/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574 (master) NOTE: https://github.com/golang/go/issues/36838 (Go 1.13) NOTE: https://github.com/golang/go/commit/f938e06d0623d0e1de202575d16f1e126741f6e0 (go1.13.7) CVE-2020-7918 (An insecure direct object reference in webmail in totemo totemomail 7. ...) NOT-FOR-US: totemo totemomail CVE-2020-7917 RESERVED CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...) NOT-FOR-US: LearnPress plugin for WordPress CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...) NOT-FOR-US: Eaton devices CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...) - intellij-idea (bug #747616) - intellij-community-idea CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...) NOT-FOR-US: JetBrains CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could ...) NOT-FOR-US: JetBrains CVE-2020-7911 (In JetBrains TeamCity before 2019.2, several user-level pages were vul ...) NOT-FOR-US: JetBrains CVE-2020-7910 (JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack ...) NOT-FOR-US: JetBrains CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwords co ...) NOT-FOR-US: JetBrains CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...) NOT-FOR-US: JetBrains CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...) NOT-FOR-US: JetBrains Scala plugin CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...) NOT-FOR-US: JetBrains CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...) - intellij-idea (bug #747616) - intellij-community-idea CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...) - intellij-idea (bug #747616) - intellij-community-idea CVE-2020-7903 RESERVED CVE-2020-7902 RESERVED CVE-2020-7901 RESERVED CVE-2020-7900 RESERVED CVE-2020-7899 RESERVED CVE-2020-7898 RESERVED CVE-2020-7897 RESERVED CVE-2020-7896 RESERVED CVE-2020-7895 RESERVED CVE-2020-7894 RESERVED CVE-2020-7893 RESERVED CVE-2020-7892 RESERVED CVE-2020-7891 RESERVED CVE-2020-7890 RESERVED CVE-2020-7889 RESERVED CVE-2020-7888 RESERVED CVE-2020-7887 RESERVED CVE-2020-7886 RESERVED CVE-2020-7885 RESERVED CVE-2020-7884 RESERVED CVE-2020-7883 RESERVED CVE-2020-7882 RESERVED CVE-2020-7881 RESERVED CVE-2020-7880 RESERVED CVE-2020-7879 RESERVED CVE-2020-7878 RESERVED CVE-2020-7877 RESERVED CVE-2020-7876 RESERVED CVE-2020-7875 RESERVED CVE-2020-7874 RESERVED CVE-2020-7873 RESERVED CVE-2020-7872 RESERVED CVE-2020-7871 RESERVED CVE-2020-7870 RESERVED CVE-2020-7869 RESERVED CVE-2020-7868 RESERVED CVE-2020-7867 RESERVED CVE-2020-7866 RESERVED CVE-2020-7865 RESERVED CVE-2020-7864 RESERVED CVE-2020-7863 RESERVED CVE-2020-7862 RESERVED CVE-2020-7861 RESERVED CVE-2020-7860 RESERVED CVE-2020-7859 RESERVED CVE-2020-7858 RESERVED CVE-2020-7857 RESERVED CVE-2020-7856 RESERVED CVE-2020-7855 RESERVED CVE-2020-7854 RESERVED CVE-2020-7853 RESERVED CVE-2020-7852 RESERVED CVE-2020-7851 RESERVED CVE-2020-7850 RESERVED CVE-2020-7849 RESERVED CVE-2020-7848 RESERVED CVE-2020-7847 RESERVED CVE-2020-7846 RESERVED CVE-2020-7845 RESERVED CVE-2020-7844 RESERVED CVE-2020-7843 RESERVED CVE-2020-7842 RESERVED CVE-2020-7841 RESERVED CVE-2020-7840 RESERVED CVE-2020-7839 RESERVED CVE-2020-7838 RESERVED CVE-2020-7837 RESERVED CVE-2020-7836 RESERVED CVE-2020-7835 RESERVED CVE-2020-7834 RESERVED CVE-2020-7833 RESERVED CVE-2020-7832 RESERVED CVE-2020-7831 (A vulnerability in the web-based contract management service interface ...) NOT-FOR-US: Inogard Ebiz4u CVE-2020-7830 (RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability tha ...) NOT-FOR-US: RAONWIZ CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) NOT-FOR-US: DaviewIndy CVE-2020-7828 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) NOT-FOR-US: DaviewIndy CVE-2020-7827 (DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerabi ...) NOT-FOR-US: DaviewIndy CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a ...) NOT-FOR-US: EyeSurfer BflyInstallerX.ocx CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...) NOT-FOR-US: MiPlatform CVE-2020-7824 (A vulnerability in the web-based management interface of iPECS could a ...) NOT-FOR-US: iPECS CVE-2020-7823 (DaviewIndy has a Memory corruption vulnerability, triggered when the u ...) NOT-FOR-US: DaviewIndy CVE-2020-7822 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...) NOT-FOR-US: DaviewIndy CVE-2020-7821 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a ...) NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a ...) NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library CVE-2020-7819 RESERVED CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, ...) NOT-FOR-US: Daview CVE-2020-7817 (MyBrowserPlus downloads the files needed to run the program through th ...) NOT-FOR-US: MyBrowserPlus CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...) NOT-FOR-US: DaView CVE-2020-7815 (XPLATFORM v9.2.260 and eariler versions contain a vulnerability that c ...) NOT-FOR-US: XPLATFORM CVE-2020-7814 (RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability tha ...) NOT-FOR-US: RAONWIZ CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) NOT-FOR-US: Kaoni CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) NOT-FOR-US: Kaoni ezHTTPTrans CVE-2020-7811 RESERVED CVE-2020-7810 (hslogin2.dll ActiveX Control in Groupware contains a vulnerability tha ...) NOT-FOR-US: hslogin2.dll ActiveX Control in Groupware CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...) NOT-FOR-US: ALSong CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...) NOT-FOR-US: RAONWIZ K Upload CVE-2020-7807 (A vulnerability that can hijack a DLL file that is loaded during produ ...) NOT-FOR-US: LG CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...) NOT-FOR-US: Tobesoft Xplatform CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) an ...) NOT-FOR-US: KT Slim egg IML500 wifi devices CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, ...) NOT-FOR-US: Handy Groupware CVE-2020-7803 (IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, versio ...) NOT-FOR-US: Zoneplayer CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7801 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7800 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An authenticated ...) NOT-FOR-US: FusionAuth CVE-2020-7798 RESERVED CVE-2020-7797 RESERVED CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF whe ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-7795 RESERVED CVE-2020-7794 RESERVED CVE-2020-7793 RESERVED CVE-2020-7792 RESERVED CVE-2020-7791 RESERVED CVE-2020-7790 RESERVED CVE-2020-7789 RESERVED CVE-2020-7788 RESERVED CVE-2020-7787 RESERVED CVE-2020-7786 RESERVED CVE-2020-7785 RESERVED CVE-2020-7784 RESERVED CVE-2020-7783 RESERVED CVE-2020-7782 RESERVED CVE-2020-7781 RESERVED CVE-2020-7780 RESERVED CVE-2020-7779 RESERVED CVE-2020-7778 RESERVED CVE-2020-7777 RESERVED CVE-2020-7776 RESERVED CVE-2020-7775 RESERVED CVE-2020-7774 RESERVED CVE-2020-7773 RESERVED CVE-2020-7772 RESERVED CVE-2020-7771 RESERVED CVE-2020-7770 RESERVED CVE-2020-7769 RESERVED CVE-2020-7768 RESERVED CVE-2020-7767 RESERVED CVE-2020-7766 RESERVED CVE-2020-7765 RESERVED CVE-2020-7764 RESERVED CVE-2020-7763 RESERVED CVE-2020-7762 RESERVED CVE-2020-7761 RESERVED CVE-2020-7760 RESERVED CVE-2020-7759 RESERVED CVE-2020-7758 RESERVED CVE-2020-7757 RESERVED CVE-2020-7756 RESERVED CVE-2020-7755 RESERVED CVE-2020-7754 RESERVED CVE-2020-7753 RESERVED CVE-2020-7752 RESERVED CVE-2020-7751 RESERVED CVE-2020-7750 RESERVED CVE-2020-7749 RESERVED CVE-2020-7748 RESERVED CVE-2020-7747 RESERVED CVE-2020-7746 RESERVED CVE-2020-7745 RESERVED CVE-2020-7744 RESERVED CVE-2020-7743 RESERVED CVE-2020-7742 RESERVED CVE-2020-7741 RESERVED CVE-2020-7740 RESERVED CVE-2020-7739 RESERVED CVE-2020-7738 RESERVED CVE-2020-7737 RESERVED CVE-2020-7736 RESERVED CVE-2020-7735 RESERVED CVE-2020-7734 RESERVED CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to Regular Expre ...) - node-ua-parser-js (No affected version present in the archive, introduced after 0.7.14 and fixed in 0.7.22) NOTE: https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 CVE-2020-7732 RESERVED CVE-2020-7731 RESERVED CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Injection v ...) NOT-FOR-US: bestzip nodejs module CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...) {DLA-2368-1} - grunt 1.3.0-1 (bug #969668) [buster] - grunt (Minor issue) NOTE: https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7 NOTE: https://snyk.io/vuln/SNYK-JS-GRUNT-597546 CVE-2020-7728 RESERVED CVE-2020-7727 (All versions of package gedi are vulnerable to Prototype Pollution via ...) NOT-FOR-US: Node gedi CVE-2020-7726 (All versions of package safe-object2 are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node safe-object2 CVE-2020-7725 (All versions of package worksmith are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node worksmith CVE-2020-7724 (All versions of package tiny-conf are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node tiny-conf CVE-2020-7723 (All versions of package promisehelpers are vulnerable to Prototype Pol ...) NOT-FOR-US: Node promisehelpers CVE-2020-7722 (All versions of package nodee-utils are vulnerable to Prototype Pollut ...) NOT-FOR-US: Node nodee-utils CVE-2020-7721 (All versions of package node-oojs are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node node-oojs CVE-2020-7720 (The package node-forge before 0.10.0 is vulnerable to Prototype Pollut ...) - node-node-forge 0.10.0~dfsg-1 (bug #969669) [buster] - node-node-forge (Minor issue) NOTE: https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677 NOTE: https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756 CVE-2020-7719 (Versions of package locutus before 2.0.12 are vulnerable to prototype ...) NOT-FOR-US: Node locutus CVE-2020-7718 (All versions of package gammautils are vulnerable to Prototype Polluti ...) NOT-FOR-US: Node gammautils CVE-2020-7717 (All versions of package dot-notes are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node dot-notes CVE-2020-7716 (All versions of package deeps are vulnerable to Prototype Pollution vi ...) NOT-FOR-US: Node deeps CVE-2020-7715 (All versions of package deep-get-set are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node deep-get-set CVE-2020-7714 (All versions of package confucious are vulnerable to Prototype Polluti ...) NOT-FOR-US: Node confucious CVE-2020-7713 (All versions of package arr-flatten-unflatten are vulnerable to Protot ...) NOT-FOR-US: Node arr-flatten-unflatten CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to inject ...) NOT-FOR-US: Node json CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...) - golang-github-russellhaering-goxmldsig (bug #968928) NOTE: https://github.com/russellhaering/goxmldsig/issues/48 CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an ...) NOT-FOR-US: Node safe-eval CVE-2020-7709 RESERVED CVE-2020-7708 (The package irrelon-path before 4.7.0; the package @irrelon/path befor ...) NOT-FOR-US: Node irrelon-path CVE-2020-7707 (The package property-expr before 2.0.3 are vulnerable to Prototype Pol ...) NOT-FOR-US: Node property-expr CVE-2020-7706 (The package connie-lang before 0.1.1 are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node connie-lang CVE-2020-7705 (This affects the package MintegralAdSDK from 0.0.0. The SDK distribute ...) NOT-FOR-US: MintegralAdSDK CVE-2020-7704 (The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pol ...) NOT-FOR-US: Node linux-cmdline CVE-2020-7703 (All versions of package nis-utils are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node nis-utils CVE-2020-7702 (All versions of package templ8 are vulnerable to Prototype Pollution v ...) NOT-FOR-US: templ8 CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution ...) NOT-FOR-US: Node madlib-object-utils CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...) NOT-FOR-US: phpjs CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...) NOT-FOR-US: express-fileupload CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...) NOT-FOR-US: Gerapy CVE-2020-7697 (This affects all versions of package mock2easy. a malicious user could ...) NOT-FOR-US: mock2easy nodejs module CVE-2020-7696 (This affects all versions of package react-native-fast-image. When an ...) NOT-FOR-US: react-native-fast-image nodejs module CVE-2020-7695 (Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF s ...) - python-uvicorn (bug #969275) [buster] - python-uvicorn (Minor issue) NOTE: https://snyk.io/vuln/SNYK-PYTHON-UVICORN-570471 NOTE: https://github.com/encode/uvicorn/issues/719 CVE-2020-7694 (This affects all versions of package uvicorn. The request logger provi ...) - python-uvicorn (bug #969276) [buster] - python-uvicorn (Minor issue) NOTE: https://snyk.io/vuln/SNYK-PYTHON-UVICORN-575560 NOTE: https://github.com/encode/uvicorn/issues/723 CVE-2020-7693 (Incorrect handling of Upgrade header with the value websocket leads in ...) - node-socks (bug #922921) CVE-2020-7692 (PKCE support is not implemented in accordance with the RFC for OAuth 2 ...) - google-oauth-client-java NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276 NOTE: https://github.com/googleapis/google-oauth-java-client/issues/469 NOTE: https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824 CVE-2020-7691 (In all versions of the package jspdf, it is possible to use <<sc ...) NOT-FOR-US: jspdf CVE-2020-7690 (All affected versions <2.0.0 of package jspdf are vulnerable to Cro ...) NOT-FOR-US: jspdf CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes. ...) NOT-FOR-US: Node bcrypt CVE-2020-7688 (The issue occurs because tagName user input is formatted inside the ex ...) NOT-FOR-US: Node mversion CVE-2020-7687 (This affects all versions of package fast-http. There is no path sanit ...) NOT-FOR-US: Node fast-http CVE-2020-7686 (This affects all versions of package rollup-plugin-dev-server. There i ...) NOT-FOR-US: Node rollup-plugin-dev-server CVE-2020-7685 (This affects all versions of package UmbracoForms. When using the defa ...) NOT-FOR-US: UmbracoForms CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There is no ...) NOT-FOR-US: Node rollup-plugin-server CVE-2020-7683 (This affects all versions of package rollup-plugin-server. There is no ...) NOT-FOR-US: Node rollup-plugin-server CVE-2020-7682 (This affects all versions of package marked-tree. There is no path san ...) NOT-FOR-US: Node marked-tree CVE-2020-7681 (This affects all versions of package marscode. There is no path saniti ...) NOT-FOR-US: Node marscode CVE-2020-7680 (docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). ...) NOT-FOR-US: docsify CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility function ...) NOT-FOR-US: Node casperjs CVE-2020-7678 RESERVED CVE-2020-7677 RESERVED CVE-2020-7676 (angular.js prior to 1.8.0 allows cross site scripting. The regex-based ...) - angular.js 1.8.0-1 [buster] - angular.js (Minor issue; can be fixed via point release) [stretch] - angular.js (Nodejs in stretch not covered by security support) [jessie] - angular.js (Minor issue, low usage of 2014-era Nodejs) NOTE: https://github.com/angular/angular.js/pull/17028 NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 CVE-2020-7675 (cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. ...) NOT-FOR-US: Node cd-messenger CVE-2020-7674 (access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. ...) NOT-FOR-US: Node access-policy CVE-2020-7673 (node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. U ...) - node-extend (Vulnerable code not present) NOTE: Debian's node-extend is a different package(fork?) which doesn't eval() CVE-2020-7672 (mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User inp ...) NOT-FOR-US: Node mosc CVE-2020-7671 (goliath through 1.0.6 allows request smuggling attacks where goliath i ...) NOT-FOR-US: Ruby gem goliath CVE-2020-7670 (agoo through 2.12.3 allows request smuggling attacks where agoo is use ...) NOT-FOR-US: Ruby gem agoo CVE-2020-7669 (This affects all versions of package github.com/u-root/u-root/pkg/taru ...) NOT-FOR-US: github.com/u-root/u-root/pkg/tarutil Go package CVE-2020-7668 (In all versions of the package github.com/unknwon/cae/tz, the ExtractT ...) - golang-github-unknwon-cae (bug #967956) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384 CVE-2020-7667 (In package github.com/sassoftware/go-rpmutils/cpio before version 0.1. ...) NOT-FOR-US: github.com/sassoftware/go-rpmutils/cpio go module CVE-2020-7666 (This affects all versions of package github.com/u-root/u-root/pkg/cpio ...) NOT-FOR-US: github.com/u-root/u-root/pkg/cpio Go package CVE-2020-7665 (This affects all versions of package github.com/u-root/u-root/pkg/uzip ...) NOT-FOR-US: github.com/u-root/u-root/pkg/uzip Go package CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the Extract ...) - golang-github-unknwon-cae (bug #967955) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383 CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of Servi ...) {DLA-2334-1} - ruby-websocket-extensions 0.1.5-1 (bug #964274) NOTE: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2 NOTE: https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of Servic ...) NOT-FOR-US: Node websocket-extensions CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression Denial ...) NOT-FOR-US: Node url-regex CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to inject ...) NOT-FOR-US: serialize-javascript Node package CVE-2020-7659 (reel through 0.6.1 allows Request Smuggling attacks due to incorrect C ...) - reel NOTE: https://snyk.io/vuln/SNYK-RUBY-REEL-569135 CVE-2020-7658 (meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP ...) NOT-FOR-US: meinheld CVE-2020-7657 RESERVED CVE-2020-7656 (jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...) - jquery 2.2.4+dfsg-1 [jessie] - jquery (Too intrusive to backport) NOTE: https://snyk.io/vuln/SNYK-JS-JQUERY-569619 NOTE: See debian-lts discussion starting at: https://lists.debian.org/debian-lts/2020/06/msg00025.html CVE-2020-7655 (netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP ...) NOT-FOR-US: netius CVE-2020-7654 (All versions of snyk-broker before 4.73.1 are vulnerable to Informatio ...) NOT-FOR-US: snyk-broker CVE-2020-7653 (All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary ...) NOT-FOR-US: snyk-broker CVE-2020-7652 (All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary ...) NOT-FOR-US: snyk-broker CVE-2020-7651 (All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary ...) NOT-FOR-US: snyk-broker CVE-2020-7650 (All versions of snyk-broker after 4.72.0 including and before 4.73.1 a ...) NOT-FOR-US: snyk-broker CVE-2020-7649 RESERVED CVE-2020-7648 (All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary ...) NOT-FOR-US: snyk-broker CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...) NOT-FOR-US: jooby CVE-2020-7646 (curlrequest through 1.0.1 allows reading any file by populating the fi ...) NOT-FOR-US: Noed curlrequest CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...) NOT-FOR-US: Node chrome-launcher CVE-2020-7644 (fun-map through 3.3.1 is vulnerable to Prototype Pollution. The functi ...) NOT-FOR-US: Node fun-map CVE-2020-7643 (paypal-adaptive through 0.4.2 manipulation of JavaScript objects resul ...) NOT-FOR-US: Node paypal-adaptive CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious JavaScript. The ...) NOT-FOR-US: Node lazysizes CVE-2020-7641 RESERVED CVE-2020-7640 (pixl-class prior to 1.0.3 allows execution of arbitrary commands. The ...) NOT-FOR-US: Node pixl-class CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...) NOT-FOR-US: Node eivindfjeldstad-dot CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...) NOT-FOR-US: Node confinit CVE-2020-7637 (class-transformer before 0.3.1 allow attackers to perform Prototype Po ...) NOT-FOR-US: Node class-transformer CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows ...) NOT-FOR-US: Node adb-driver CVE-2020-7635 (compass-compile through 0.0.1 is vulnerable to Command Injection.It al ...) NOT-FOR-US: Node compass-compile CVE-2020-7634 (heroku-addonpool through 0.1.15 is vulnerable to Command Injection. ...) NOT-FOR-US: Node heroku-addonpool CVE-2020-7633 (apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injectio ...) NOT-FOR-US: Node apiconnect-cli-plugins CVE-2020-7632 (node-mpv through 1.4.3 is vulnerable to Command Injection. It allows e ...) NOT-FOR-US: Node node-mpv CVE-2020-7631 (diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allow ...) NOT-FOR-US: Node diskusage-ng CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection. It al ...) NOT-FOR-US: git-add-remote node module CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...) NOT-FOR-US: install-package node module CVE-2020-7628 (umount through 1.1.6 is vulnerable to Command Injection. The argument ...) NOT-FOR-US: install-package node module CVE-2020-7627 (node-key-sender through 1.0.11 is vulnerable to Command Injection. It ...) NOT-FOR-US: node-key-sender node module CVE-2020-7626 (karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows ...) NOT-FOR-US: karma-mojo node module CVE-2020-7625 (op-browser through 1.0.6 is vulnerable to Command Injection. It allows ...) NOT-FOR-US: op-browser node module CVE-2020-7624 (effect through 1.0.4 is vulnerable to Command Injection. It allows exe ...) NOT-FOR-US: effect node module CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It allows ex ...) NOT-FOR-US: Node jscover CVE-2020-7622 (All versions of Jooby before 2.2.1 are vulnerable to HTTP Response Spl ...) NOT-FOR-US: Jooby CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command Injecti ...) NOT-FOR-US: Node strong-nginx-controller CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It all ...) NOT-FOR-US: Node pomelo-monitor CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. It is p ...) NOT-FOR-US: get-git-data node module CVE-2020-7618 (sds through 3.2.0 is vulnerable to Prototype Pollution.The library cou ...) NOT-FOR-US: Node sds CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...) NOT-FOR-US: Node ini-parser CVE-2020-7616 (express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollu ...) NOT-FOR-US: Node express-mock-middleware CVE-2020-7615 (fsa through 0.5.1 is vulnerable to Command Injection. The first argume ...) NOT-FOR-US: Node fsa CVE-2020-7614 (npm-programmatic through 0.0.12 is vulnerable to Command Injection.The ...) NOT-FOR-US: npm-programmatic CVE-2020-7613 (clamscan through 1.2.0 is vulnerable to Command Injection. It is possi ...) NOT-FOR-US: Node clamscan CVE-2020-7612 REJECTED CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...) NOT-FOR-US: io.micronaut:micronaut-http-client CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...) [experimental] - node-mongodb 3.5.5+~cs11.12.19-1 - node-mongodb 3.5.6+~cs11.12.19-1 [buster] - node-mongodb 3.1.13+~3.1.11-2+deb10u1 NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19 NOTE: https://snyk.io/vuln/SNYK-JS-BSON-561052 NOTE: https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8 CVE-2020-7609 (node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbi ...) NOT-FOR-US: Node node-rules CVE-2020-7608 (yargs-parser could be tricked into adding or modifying properties of O ...) - node-yargs-parser 18.1.1-1 [buster] - node-yargs-parser 11.1.1-1+deb10u1 [stretch] - node-yargs-parser (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 NOTE: https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2 NOTE: https://gist.github.com/Kirill89/dcd8100d010896157a36624119439832 CVE-2020-7607 (gulp-styledocco through 0.0.3 allows execution of arbitrary commands. ...) NOT-FOR-US: Node gulp-styledocco CVE-2020-7606 (docker-compose-remote-api through 0.1.4 allows execution of arbitrary ...) NOT-FOR-US: Node docker-compose-remote-api CVE-2020-7605 (gulp-tape through 1.0.0 allows execution of arbitrary commands. It is ...) NOT-FOR-US: Node gulp-tape CVE-2020-7604 (pulverizr through 0.7.0 allows execution of arbitrary commands. Within ...) NOT-FOR-US: Node pulverizr CVE-2020-7603 (closure-compiler-stream through 0.1.15 allows execution of arbitrary c ...) NOT-FOR-US: closure-compiler-stream CVE-2020-7602 (node-prompt-here through 1.0.1 allows execution of arbitrary commands. ...) NOT-FOR-US: Node node-prompt-here CVE-2020-7601 (gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. I ...) NOT-FOR-US: Node gulp-scss-lint CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object properties. The ...) NOT-FOR-US: querymen nodejs module CVE-2020-7599 (All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable ...) NOT-FOR-US: com.gradle.plugin-publish CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying proper ...) - node-minimist 1.2.5-1 (bug #953762) [buster] - node-minimist 1.2.0-1+deb10u1 [stretch] - node-minimist (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 NOTE: POC: https://gist.github.com/Kirill89/47feb345b09bf081317f08dd43403a8a NOTE: Fixed by: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94 CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to execut ...) NOT-FOR-US: codecov-node nodejs module CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...) NOT-FOR-US: Codecov npm module CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...) {DLA-2369-1} - libxml2 2.9.10+dfsg-2.1 (bug #949582) [buster] - libxml2 (Minor issue) [jessie] - libxml2 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5 CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...) NOT-FOR-US: MultiTech Conduit MTCDT-LVW2-24XX devices CVE-2020-7593 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-7592 (A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Ge ...) NOT-FOR-US: Siemens CVE-2020-7591 RESERVED CVE-2020-7590 RESERVED CVE-2020-7589 (A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS variant ...) NOT-FOR-US: Siemens CVE-2020-7588 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...) NOT-FOR-US: Siemens CVE-2020-7587 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...) NOT-FOR-US: Siemens CVE-2020-7586 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) NOT-FOR-US: Siemens CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) NOT-FOR-US: Siemens CVE-2020-7584 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU family ...) NOT-FOR-US: Siemens CVE-2020-7583 (A vulnerability has been identified in Automation License Manager 5 (A ...) NOT-FOR-US: Siemens CVE-2020-7582 RESERVED CVE-2020-7581 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...) NOT-FOR-US: Siemens CVE-2020-7580 (A vulnerability has been identified in SIMATIC Automation Tool (All ve ...) NOT-FOR-US: Siemens CVE-2020-7579 (A vulnerability has been identified in Spectrum Power™ 5 (All ve ...) NOT-FOR-US: Siemens CVE-2020-7578 (A vulnerability has been identified in Camstar Enterprise Platform (Al ...) NOT-FOR-US: Siemens CVE-2020-7577 (A vulnerability has been identified in Camstar Enterprise Platform (Al ...) NOT-FOR-US: Siemens CVE-2020-7576 (A vulnerability has been identified in Camstar Enterprise Platform (Al ...) NOT-FOR-US: Siemens CVE-2020-7575 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...) NOT-FOR-US: Climatix CVE-2020-7574 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...) NOT-FOR-US: Climatix CVE-2020-7573 RESERVED CVE-2020-7572 RESERVED CVE-2020-7571 RESERVED CVE-2020-7570 RESERVED CVE-2020-7569 RESERVED CVE-2020-7568 RESERVED CVE-2020-7567 RESERVED CVE-2020-7566 RESERVED CVE-2020-7565 RESERVED CVE-2020-7564 RESERVED CVE-2020-7563 RESERVED CVE-2020-7562 RESERVED CVE-2020-7561 RESERVED CVE-2020-7560 RESERVED CVE-2020-7559 RESERVED CVE-2020-7558 RESERVED CVE-2020-7557 RESERVED CVE-2020-7556 RESERVED CVE-2020-7555 RESERVED CVE-2020-7554 RESERVED CVE-2020-7553 RESERVED CVE-2020-7552 RESERVED CVE-2020-7551 RESERVED CVE-2020-7550 RESERVED CVE-2020-7549 RESERVED CVE-2020-7548 RESERVED CVE-2020-7547 RESERVED CVE-2020-7546 RESERVED CVE-2020-7545 RESERVED CVE-2020-7544 RESERVED CVE-2020-7543 RESERVED CVE-2020-7542 RESERVED CVE-2020-7541 RESERVED CVE-2020-7540 RESERVED CVE-2020-7539 RESERVED CVE-2020-7538 RESERVED CVE-2020-7537 RESERVED CVE-2020-7536 RESERVED CVE-2020-7535 RESERVED CVE-2020-7534 RESERVED CVE-2020-7533 RESERVED CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...) NOT-FOR-US: SCADAPack x70 Security Administrator CVE-2020-7531 (A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x ...) NOT-FOR-US: SCADAPack 7x Remote Connect CVE-2020-7530 (A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x ...) NOT-FOR-US: SCADAPack 7x Remote Connect CVE-2020-7529 (A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ( ...) NOT-FOR-US: SCADAPack 7x Remote Connect CVE-2020-7528 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...) NOT-FOR-US: SCADAPack 7x Remote Connect CVE-2020-7527 (Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) a ...) NOT-FOR-US: Schneider CVE-2020-7526 (Improper Input Validation vulnerability exists in PowerChute Business ...) NOT-FOR-US: Schneider CVE-2020-7525 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) NOT-FOR-US: Schneider CVE-2020-7524 (Out-of-bounds Write vulnerability exists in Modicon M218 Logic Control ...) NOT-FOR-US: Schneider CVE-2020-7523 (Improper Privilege Management vulnerability exists in Schneider Electr ...) NOT-FOR-US: Schneider CVE-2020-7522 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Schneider CVE-2020-7521 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Schneider CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnera ...) NOT-FOR-US: Schneider CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in Easergy ...) NOT-FOR-US: Schneider CVE-2020-7518 (A CWE-20: Improper input validation vulnerability exists in Easergy Bu ...) NOT-FOR-US: Schneider CVE-2020-7517 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...) NOT-FOR-US: Schneider CVE-2020-7516 (A CWE-316: Cleartext Storage of Sensitive Information in Memory vulner ...) NOT-FOR-US: Schneider CVE-2020-7515 (A CWE-321: Use of hard-coded cryptographic key stored in cleartext vul ...) NOT-FOR-US: Schneider CVE-2020-7514 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...) NOT-FOR-US: Schneider CVE-2020-7513 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...) NOT-FOR-US: Schneider CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components with vuln ...) NOT-FOR-US: Easergy T300 CVE-2020-7511 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...) NOT-FOR-US: Easergy T300 CVE-2020-7510 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 ( ...) NOT-FOR-US: Easergy T300 CVE-2020-7509 (A CWE-269: Improper privilege management (write) vulnerability exists ...) NOT-FOR-US: Easergy T300 CVE-2020-7508 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...) NOT-FOR-US: Easergy T300 CVE-2020-7507 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists in E ...) NOT-FOR-US: Easergy T300 CVE-2020-7506 (A CWE-538: File and Directory Information Exposure vulnerability exist ...) NOT-FOR-US: Easergy T300 CVE-2020-7505 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...) NOT-FOR-US: Easergy T300 CVE-2020-7504 (A CWE-20: Improper Input Validation vulnerability exists in Easergy T3 ...) NOT-FOR-US: Easergy T300 CVE-2020-7503 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in E ...) NOT-FOR-US: Easergy T300 CVE-2020-7502 (A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Lo ...) NOT-FOR-US: Modicon CVE-2020-7501 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo ...) NOT-FOR-US: Schneider CVE-2020-7500 (A CWE-89:Improper Neutralization of Special Elements used in an SQL Co ...) NOT-FOR-US: Schneider CVE-2020-7499 (A CWE-284:Improper Access Control vulnerability exists in U.motion Ser ...) NOT-FOR-US: Schneider CVE-2020-7498 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in the U ...) NOT-FOR-US: Schneider CVE-2020-7497 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider CVE-2020-7496 (A CWE-88: Argument Injection or Modification vulnerability exists in E ...) NOT-FOR-US: Schneider CVE-2020-7495 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider CVE-2020-7494 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider CVE-2020-7493 (A CWE-89: Improper Neutralization of Special Elements used in an SQL C ...) NOT-FOR-US: Schneider CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in the GP-P ...) NOT-FOR-US: Schneider CVE-2020-7491 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in ...) NOT-FOR-US: Schneider CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...) NOT-FOR-US: Schneider CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...) NOT-FOR-US: Schneider CVE-2020-7488 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...) NOT-FOR-US: Schneider CVE-2020-7487 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) NOT-FOR-US: Schneider CVE-2020-7486 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TC ...) NOT-FOR-US: Schneider Electric CVE-2020-7485 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in th ...) NOT-FOR-US: Schneider Electric CVE-2020-7484 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the forme ...) NOT-FOR-US: Schneider Electric CVE-2020-7483 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause ce ...) NOT-FOR-US: Schneider Electric CVE-2020-7482 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: Andover Continuum CVE-2020-7481 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: Andover Continuum CVE-2020-7480 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) NOT-FOR-US: Andover Continuum CVE-2020-7479 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: IGSS CVE-2020-7478 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: IGSS CVE-2020-7477 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Quantum Ethernet Network module CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Instal ...) NOT-FOR-US: ZigBee Installation Kit CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...) NOT-FOR-US: ProSoft Configurator CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...) NOT-FOR-US: Citrix CVE-2020-7472 RESERVED CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...) {DSA-4629-1} - python-django 2:2.2.10-1 (bug #950581) [jessie] - python-django (Vulnerable code introduced in Django ~1.9) NOTE: https://www.djangoproject.com/weblog/2020/feb/03/security-releases/ NOTE: https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 (master) NOTE: https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b (3.0.3) NOTE: https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147 (2.2.10) NOTE: https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd (1.11.28) CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the ...) NOT-FOR-US: Sonoff TH 10 and 16 devices CVE-2020-7469 RESERVED CVE-2020-7468 RESERVED CVE-2020-7467 RESERVED CVE-2020-7466 RESERVED CVE-2020-7465 RESERVED CVE-2020-7464 RESERVED CVE-2020-7463 RESERVED CVE-2020-7462 RESERVED CVE-2020-7461 RESERVED CVE-2020-7460 (In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-ST ...) NOT-FOR-US: FreeBSD CVE-2020-7459 (In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-ST ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:21.usb_net.asc CVE-2020-7458 (In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and ...) NOT-FOR-US: FreeBSD CVE-2020-7457 (In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-ST ...) NOT-FOR-US: FreeBSD CVE-2020-7456 (In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-ST ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:17.usb.asc CVE-2020-7455 (In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-ST ...) NOT-FOR-US: FreeBSD CVE-2020-7454 (In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-ST ...) NOT-FOR-US: FreeBSD CVE-2020-7453 (In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:08.jail.asc CVE-2020-7452 (In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:07.epair.asc CVE-2020-7451 (In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEAS ...) NOT-FOR-US: FreeBSD CVE-2020-7450 (In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEAS ...) NOT-FOR-US: FreeBSD CVE-2020-7449 RESERVED CVE-2020-7448 RESERVED CVE-2020-7447 RESERVED CVE-2020-7446 RESERVED CVE-2020-7445 RESERVED CVE-2020-7444 RESERVED CVE-2020-7443 RESERVED CVE-2020-7442 RESERVED CVE-2020-7441 RESERVED CVE-2020-7440 RESERVED CVE-2020-7439 RESERVED CVE-2020-7438 RESERVED CVE-2020-7437 RESERVED CVE-2020-7436 RESERVED CVE-2020-7435 RESERVED CVE-2020-7434 RESERVED CVE-2020-7433 RESERVED CVE-2020-7432 RESERVED CVE-2020-7431 RESERVED CVE-2020-7430 RESERVED CVE-2020-7429 RESERVED CVE-2020-7428 RESERVED CVE-2020-7427 RESERVED CVE-2020-7426 RESERVED CVE-2020-7425 RESERVED CVE-2020-7424 RESERVED CVE-2020-7423 RESERVED CVE-2020-7422 RESERVED CVE-2020-7421 RESERVED CVE-2020-7420 RESERVED CVE-2020-7419 RESERVED CVE-2020-7418 RESERVED CVE-2020-7417 RESERVED CVE-2020-7416 RESERVED CVE-2020-7415 RESERVED CVE-2020-7414 RESERVED CVE-2020-7413 RESERVED CVE-2020-7412 RESERVED CVE-2020-7411 RESERVED CVE-2020-7410 RESERVED CVE-2020-7409 RESERVED CVE-2020-7408 RESERVED CVE-2020-7407 RESERVED CVE-2020-7406 RESERVED CVE-2020-7405 RESERVED CVE-2020-7404 RESERVED CVE-2020-7403 RESERVED CVE-2020-7402 RESERVED CVE-2020-7401 RESERVED CVE-2020-7400 RESERVED CVE-2020-7399 RESERVED CVE-2020-7398 RESERVED CVE-2020-7397 RESERVED CVE-2020-7396 RESERVED CVE-2020-7395 RESERVED CVE-2020-7394 RESERVED CVE-2020-7393 RESERVED CVE-2020-7392 RESERVED CVE-2020-7391 RESERVED CVE-2020-7390 RESERVED CVE-2020-7389 RESERVED CVE-2020-7388 RESERVED CVE-2020-7387 RESERVED CVE-2020-7386 RESERVED CVE-2020-7385 RESERVED CVE-2020-7384 RESERVED CVE-2020-7383 RESERVED CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted ...) NOT-FOR-US: Rapid7 Nexpose installer CVE-2020-7381 (In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose inst ...) NOT-FOR-US: Rapid7 Nexpose installer CVE-2020-7380 RESERVED CVE-2020-7379 RESERVED CVE-2020-7378 RESERVED CVE-2020-7377 (The Metasploit Framework module "auxiliary/admin/http/telpho10_credent ...) NOT-FOR-US: Metasploit Framework module CVE-2020-7376 (The Metasploit Framework module "post/osx/gather/enum_osx module" is a ...) NOT-FOR-US: Metasploit Framework module CVE-2020-7375 RESERVED CVE-2020-7374 (Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scan ...) NOT-FOR-US: Documalis Free PDF Editor CVE-2020-7373 RESERVED CVE-2020-7372 RESERVED CVE-2020-7371 RESERVED CVE-2020-7370 RESERVED CVE-2020-7369 RESERVED CVE-2020-7368 RESERVED CVE-2020-7367 RESERVED CVE-2020-7366 RESERVED CVE-2020-7365 RESERVED CVE-2020-7364 RESERVED CVE-2020-7363 RESERVED CVE-2020-7362 RESERVED CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command injecti ...) NOT-FOR-US: EasyCorp ZenTao Pro application CVE-2020-7360 (An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartCo ...) NOT-FOR-US: SmartControl CVE-2020-7359 RESERVED CVE-2020-7358 (In AppSpider installer versions prior to 7.2.126, the AppSpider instal ...) NOT-FOR-US: AppSpider installer CVE-2020-7357 (Cayin CMS suffers from an authenticated OS semi-blind command injectio ...) NOT-FOR-US: Cayin CMS CVE-2020-7356 (CAYIN xPost suffers from an unauthenticated SQL Injection vulnerabilit ...) NOT-FOR-US: CAYIN xPost CVE-2020-7355 (Cross-site Scripting (XSS) vulnerability in the 'notes' field of a dis ...) NOT-FOR-US: Metasploit Pro CVE-2020-7354 (Cross-site Scripting (XSS) vulnerability in the 'host' field of a disc ...) NOT-FOR-US: Metasploit Pro CVE-2020-7353 RESERVED CVE-2020-7352 (The GalaxyClientService component of GOG Galaxy runs with elevated SYS ...) NOT-FOR-US: GOG Galaxy CVE-2020-7351 (An OS Command Injection vulnerability in the endpoint_devicemap.php co ...) NOT-FOR-US: Fonality Trixbox Community Edition CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from an ins ...) NOT-FOR-US: Rapid7 Metasploit Framework CVE-2020-7349 RESERVED CVE-2020-7348 RESERVED CVE-2020-7347 RESERVED CVE-2020-7346 RESERVED CVE-2020-7345 RESERVED CVE-2020-7344 RESERVED CVE-2020-7343 RESERVED CVE-2020-7342 RESERVED CVE-2020-7341 RESERVED CVE-2020-7340 RESERVED CVE-2020-7339 RESERVED CVE-2020-7338 RESERVED CVE-2020-7337 RESERVED CVE-2020-7336 RESERVED CVE-2020-7335 RESERVED CVE-2020-7334 RESERVED CVE-2020-7333 RESERVED CVE-2020-7332 RESERVED CVE-2020-7331 RESERVED CVE-2020-7330 RESERVED CVE-2020-7329 RESERVED CVE-2020-7328 RESERVED CVE-2020-7327 RESERVED CVE-2020-7326 RESERVED CVE-2020-7325 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...) NOT-FOR-US: McAfee CVE-2020-7324 (Improper Access Control vulnerability in McAfee MVISION Endpoint prior ...) NOT-FOR-US: McAfee CVE-2020-7323 (Authentication Protection Bypass vulnerability in McAfee Endpoint Secu ...) NOT-FOR-US: McAfee CVE-2020-7322 (Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) ...) NOT-FOR-US: McAfee CVE-2020-7321 RESERVED CVE-2020-7320 (Protection Mechanism Failure vulnerability in McAfee Endpoint Security ...) NOT-FOR-US: McAfee CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...) NOT-FOR-US: McAfee CVE-2020-7318 RESERVED CVE-2020-7317 RESERVED CVE-2020-7316 RESERVED CVE-2020-7315 (DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to ...) NOT-FOR-US: McAfee CVE-2020-7314 (Privilege Escalation Vulnerability in the installer in McAfee Data Exc ...) NOT-FOR-US: McAfee CVE-2020-7313 RESERVED CVE-2020-7312 (DLL Search Order Hijacking Vulnerability in the installer in McAfee Ag ...) NOT-FOR-US: McAfee CVE-2020-7311 (Privilege Escalation vulnerability in the installer in McAfee Agent (M ...) NOT-FOR-US: McAfee CVE-2020-7310 (Privilege Escalation vulnerability in the installer in McAfee McAfee T ...) NOT-FOR-US: McAfee CVE-2020-7309 (Cross Site Scripting vulnerability in ePO extension in McAfee Applicat ...) NOT-FOR-US: McAfee CVE-2020-7308 RESERVED CVE-2020-7307 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...) NOT-FOR-US: McAfee CVE-2020-7306 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...) NOT-FOR-US: McAfee CVE-2020-7305 (Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP ...) NOT-FOR-US: McAfee CVE-2020-7304 (Cross site request forgery vulnerability in McAfee Data Loss Preventio ...) NOT-FOR-US: McAfee CVE-2020-7303 (Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP ...) NOT-FOR-US: McAfee CVE-2020-7302 (Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Pr ...) NOT-FOR-US: McAfee CVE-2020-7301 (Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP ...) NOT-FOR-US: McAfee CVE-2020-7300 (Improper Authorization vulnerability in McAfee Data Loss Prevention (D ...) NOT-FOR-US: McAfee CVE-2020-7299 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) NOT-FOR-US: McAfee CVE-2020-7298 (Unexpected behavior violation in McAfee Total Protection (MTP) prior t ...) NOT-FOR-US: McAfee CVE-2020-7297 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) NOT-FOR-US: McAfee CVE-2020-7296 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) NOT-FOR-US: McAfee CVE-2020-7295 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) NOT-FOR-US: McAfee CVE-2020-7294 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) NOT-FOR-US: McAfee CVE-2020-7293 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) NOT-FOR-US: McAfee CVE-2020-7292 (Inappropriate Encoding for output context vulnerability in McAfee Web ...) NOT-FOR-US: McAfee CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) NOT-FOR-US: McAfee CVE-2020-7290 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) NOT-FOR-US: McAfee CVE-2020-7289 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) NOT-FOR-US: McAfee CVE-2020-7288 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...) NOT-FOR-US: McAfee CVE-2020-7287 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...) NOT-FOR-US: McAfee CVE-2020-7286 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...) NOT-FOR-US: McAfee CVE-2020-7285 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...) NOT-FOR-US: McAfee CVE-2020-7284 (Exposure of Sensitive Information in McAfee Network Security Managemen ...) NOT-FOR-US: McAfee CVE-2020-7283 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) be ...) NOT-FOR-US: McAfee CVE-2020-7282 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) be ...) NOT-FOR-US: McAfee CVE-2020-7281 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...) NOT-FOR-US: McAfee CVE-2020-7280 (Privilege Escalation vulnerability during daily DAT updates when using ...) NOT-FOR-US: McAfee CVE-2020-7279 (DLL Search Order Hijacking Vulnerability in the installer component of ...) NOT-FOR-US: McAfee CVE-2020-7278 (Exploiting incorrectly configured access control security levels vulne ...) NOT-FOR-US: McAfee CVE-2020-7277 (Protection mechanism failure in all processes in McAfee Endpoint Secur ...) NOT-FOR-US: McAfee CVE-2020-7276 (Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoi ...) NOT-FOR-US: McAfee CVE-2020-7275 (Accessing, modifying or executing executable files vulnerability in th ...) NOT-FOR-US: McAfee CVE-2020-7274 (Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Se ...) NOT-FOR-US: McAfee CVE-2020-7273 (Accessing functionality not properly constrained by ACLs vulnerability ...) NOT-FOR-US: McAfee CVE-2020-7272 RESERVED CVE-2020-7271 RESERVED CVE-2020-7270 RESERVED CVE-2020-7269 RESERVED CVE-2020-7268 (Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prio ...) NOT-FOR-US: McAfee CVE-2020-7267 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...) NOT-FOR-US: McAfee CVE-2020-7266 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...) NOT-FOR-US: McAfee CVE-2020-7265 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...) NOT-FOR-US: McAfee CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...) NOT-FOR-US: McAfee CVE-2020-7263 (Improper access control vulnerability in ESconfigTool.exe in McAfee En ...) NOT-FOR-US: ENS for Windows CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...) NOT-FOR-US: McAfee CVE-2020-7261 (Buffer Overflow via Environment Variables vulnerability in AMSI compon ...) NOT-FOR-US: McAfee CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee Application ...) NOT-FOR-US: McAfee CVE-2020-7259 (Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoi ...) NOT-FOR-US: McAfee CVE-2020-7258 (Cross site scripting vulnerability in McAfee Network Security Manageme ...) NOT-FOR-US: McAfee CVE-2020-7257 (Privilege escalation vulnerability in McAfee Endpoint Security (ENS) f ...) NOT-FOR-US: McAfee CVE-2020-7256 (Cross site scripting vulnerability in McAfee Network Security Manageme ...) NOT-FOR-US: McAfee CVE-2020-7255 (Privilege escalation vulnerability in the administrative user interfac ...) NOT-FOR-US: McAfee CVE-2020-7254 (Privilege Escalation vulnerability in the command line interface in Mc ...) NOT-FOR-US: McAfee CVE-2020-7253 (Improper access control vulnerability in masvc.exe in McAfee Agent (MA ...) NOT-FOR-US: McAfee CVE-2020-7252 (Unquoted service executable path in DXL Broker in McAfee Data eXchange ...) NOT-FOR-US: McAfee CVE-2020-7251 (Improper access control vulnerability in Configuration Tool in McAfee ...) NOT-FOR-US: McAfee CVE-2020-7250 (Symbolic link manipulation vulnerability in McAfee Endpoint Security ( ...) NOT-FOR-US: McAfee CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...) NOT-FOR-US: SMC D3G0804W devices CVE-2020-7248 (libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged ...) NOT-FOR-US: libubox in OpenWrt CVE-2020-XXXX [opensmtpd DoS via opportunistic TLS downgrade] - opensmtpd 6.6.2p1-1 (bug #950121) [stretch] - opensmtpd 6.0.2p1-2+deb9u2 [buster] - opensmtpd 6.0.3p1-5+deb10u3 NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/018_smtpd_tls.patch.sig CVE-2020-7247 (smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6 ...) {DSA-4611-1} - opensmtpd 6.6.2p1-1 (bug #950121) NOTE: https://www.openwall.com/lists/oss-security/2020/01/28/3 NOTE: Fixed by: https://github.com/OpenSMTPD/OpenSMTPD/commit/2afab2297347342f81fa31a75bbbf7dbee614fda NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/019_smtpd_exec.patch.sig NOTE: The issue is exploitable after switching "to new grammar", which is included NOTE: in portable sync commit: NOTE: https://github.com/OpenSMTPD/OpenSMTPD/commit/be6ef06cba9484d008d9f057e6b25d863cf278ff (opensmtpd-6.4.0) CVE-2020-7246 (A remote code execution (RCE) vulnerability exists in qdPM 9.1 and ear ...) NOT-FOR-US: qdPM CVE-2020-7245 (Incorrect username validation in the registration process of CTFd v2.0 ...) NOT-FOR-US: CTFd CVE-2020-7244 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7243 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7242 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7241 (The WP Database Backup plugin through 5.5 for WordPress stores downloa ...) NOT-FOR-US: WP Database Backup plugin for WordPress CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers ...) NOT-FOR-US: Meinberg Lantime M300 and M1000 devices CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...) NOT-FOR-US: conversation-watson plugin for WordPress CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...) {DLA-2364-1 DLA-2110-1 DLA-2109-1} - netty 1:4.1.45-1 (bug #950967) - netty-3.9 [stretch] - netty-3.9 (Incomplete fix for CVE-2019-16869 was not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225 NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1 NOTE: Issue exists because of incomplete fix for CVE-2019-16869. NOTE: https://github.com/netty/netty/issues/9861#issuecomment-582307539 (same fix as CVE-2019-20445) CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...) - cacti 1.2.9+ds1-1 (bug #949997) [buster] - cacti 1.2.2+ds1-2+deb10u3 [stretch] - cacti (Minor issue) [jessie] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/issues/3201 NOTE: https://github.com/Cacti/cacti/commit/5010719dbd160198be3e07bb994cf237e3af1308 CVE-2020-7236 (UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= ...) NOT-FOR-US: UHP UHP-100 devices CVE-2020-7235 (UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= ...) NOT-FOR-US: UHP UHP-100 devices CVE-2020-7234 (Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the S ...) NOT-FOR-US: Ruckus ZoneFlex R310 devices CVE-2020-7233 (KMS Controls BAC-A1616BC BACnet devices have a cleartext password of s ...) NOT-FOR-US: KMS Controls BAC-A1616BC BACnet devices CVE-2020-7232 (Evoko Home 1.31 devices allow remote attackers to obtain sensitive inf ...) NOT-FOR-US: Evoko Home devices CVE-2020-7231 (Evoko Home 1.31 devices provide different error messages for failed lo ...) NOT-FOR-US: Evoko Home devices CVE-2020-7230 RESERVED CVE-2020-7229 (An issue was discovered in Simplejobscript.com SJS before 1.65. There ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-7228 (The Calculated Fields Form plugin through 1.0.353 for WordPress suffer ...) NOT-FOR-US: Calculated Fields Form plugin for WordPress CVE-2020-7227 (Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosur ...) NOT-FOR-US: Westermo MRD-315 devices CVE-2020-7226 (CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and ...) NOT-FOR-US: cryptacular CVE-2020-7225 RESERVED CVE-2020-7224 (The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows ...) NOT-FOR-US: Aviatrix OpenVPN client CVE-2020-7223 RESERVED CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06- ...) NOT-FOR-US: Amcrest Web Server CVE-2020-7221 (mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege es ...) - mariadb-10.3 (Only affects MariaDB 10.4.7 through 10.4.11) - mariadb-10.1 (Only affects MariaDB 10.4.7 through 10.4.11) CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...) NOT-FOR-US: HashiCorp Vault CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...) - consul 1.7.0+dfsg1-1 (bug #950736) [buster] - consul (Minor issue) NOTE: https://github.com/hashicorp/consul/issues/7159 NOTE: Fixed in 1.6.3. CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded res ...) - nomad 0.10.3+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7002 CVE-2020-7217 (An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0. ...) NOT-FOR-US: openSUSE wicked CVE-2020-7216 (An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and e ...) NOT-FOR-US: openSUSE wicked CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7.90.99 ...) NOT-FOR-US: Gallagher Command Centre CVE-2020-7214 RESERVED CVE-2020-7213 (Parallels 13 uses cleartext HTTP as part of the update process, allowi ...) NOT-FOR-US: Parallels CVE-2020-7212 (The _encode_invalid_chars function in util/url.py in the urllib3 libra ...) - python-urllib3 1.25.8-1 [buster] - python-urllib3 (Vulnerable code introduced later) [stretch] - python-urllib3 (Vulnerable code introduced later) [jessie] - python-urllib3 (Vulnerable code introduced later) NOTE: https://github.com/urllib3/urllib3/pull/1787 NOTE: Introduced by: https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a (1.25.2) NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/a2697e7c6b275f05879b60f593c5854a816489f0 (1.25.8) CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ ...) - libslirp (unimportant) NOTE: https://bugs.launchpad.net/qemu/+bug/1812451 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...) NOT-FOR-US: Umbraco CMS CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution w ...) NOT-FOR-US: LinuxKI CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved i ...) NOT-FOR-US: LinuxKI CVE-2020-7207 RESERVED CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has ...) NOT-FOR-US: HP nagios plugin for iLO CVE-2020-7205 (A potential security vulnerability has been identified in HPE Intellig ...) NOT-FOR-US: HPE CVE-2020-7204 RESERVED CVE-2020-7203 RESERVED CVE-2020-7202 RESERVED CVE-2020-7201 RESERVED CVE-2020-7200 RESERVED CVE-2020-7199 RESERVED CVE-2020-7198 RESERVED CVE-2020-7197 RESERVED CVE-2020-7196 RESERVED CVE-2020-7195 RESERVED CVE-2020-7194 RESERVED CVE-2020-7193 RESERVED CVE-2020-7192 RESERVED CVE-2020-7191 RESERVED CVE-2020-7190 RESERVED CVE-2020-7189 RESERVED CVE-2020-7188 RESERVED CVE-2020-7187 RESERVED CVE-2020-7186 RESERVED CVE-2020-7185 RESERVED CVE-2020-7184 RESERVED CVE-2020-7183 RESERVED CVE-2020-7182 RESERVED CVE-2020-7181 RESERVED CVE-2020-7180 RESERVED CVE-2020-7179 RESERVED CVE-2020-7178 RESERVED CVE-2020-7177 RESERVED CVE-2020-7176 RESERVED CVE-2020-7175 RESERVED CVE-2020-7174 RESERVED CVE-2020-7173 RESERVED CVE-2020-7172 RESERVED CVE-2020-7171 RESERVED CVE-2020-7170 RESERVED CVE-2020-7169 RESERVED CVE-2020-7168 RESERVED CVE-2020-7167 RESERVED CVE-2020-7166 RESERVED CVE-2020-7165 RESERVED CVE-2020-7164 RESERVED CVE-2020-7163 RESERVED CVE-2020-7162 RESERVED CVE-2020-7161 RESERVED CVE-2020-7160 RESERVED CVE-2020-7159 RESERVED CVE-2020-7158 RESERVED CVE-2020-7157 RESERVED CVE-2020-7156 RESERVED CVE-2020-7155 RESERVED CVE-2020-7154 RESERVED CVE-2020-7153 RESERVED CVE-2020-7152 RESERVED CVE-2020-7151 RESERVED CVE-2020-7150 RESERVED CVE-2020-7149 RESERVED CVE-2020-7148 RESERVED CVE-2020-7147 RESERVED CVE-2020-7146 RESERVED CVE-2020-7145 RESERVED CVE-2020-7144 RESERVED CVE-2020-7143 RESERVED CVE-2020-7142 RESERVED CVE-2020-7141 RESERVED CVE-2020-7140 (A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gatew ...) NOT-FOR-US: HPE CVE-2020-7139 (Potential remote access security vulnerabilities have been identified ...) NOT-FOR-US: HPE CVE-2020-7138 (Potential remote code execution security vulnerabilities have been ide ...) NOT-FOR-US: HPE CVE-2020-7137 (A validation issue in HPE Superdome Flex's RMC component may allow loc ...) NOT-FOR-US: HPE CVE-2020-7136 (A security vulnerability in HPE Smart Update Manager (SUM) prior to ve ...) NOT-FOR-US: HPE Smart Update Manager (SUM) CVE-2020-7135 (A potential security vulnerability has been identified in the disk dri ...) NOT-FOR-US: HPE CVE-2020-7134 (A remote access to sensitive data vulnerability was discovered in HPE ...) NOT-FOR-US: HPE CVE-2020-7133 (A unauthorized remote access vulnerability was discovered in HPE IOT + ...) NOT-FOR-US: HPE CVE-2020-7132 (A potential security vulnerability has been identified in HPE Onboard ...) NOT-FOR-US: HPE CVE-2020-7131 (This document describes a security vulnerability in Blade Maintenance ...) NOT-FOR-US: HPE CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote information discl ...) NOT-FOR-US: HPE CVE-2020-7129 RESERVED CVE-2020-7128 RESERVED CVE-2020-7127 RESERVED CVE-2020-7126 RESERVED CVE-2020-7125 RESERVED CVE-2020-7124 RESERVED CVE-2020-7123 RESERVED CVE-2020-7122 RESERVED CVE-2020-7121 RESERVED CVE-2020-7120 RESERVED CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location Engine (ALE ...) NOT-FOR-US: Aruba CVE-2020-7118 RESERVED CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...) NOT-FOR-US: ClearPass Policy Manager WebUI CVE-2020-7116 (The ClearPass Policy Manager WebUI administrative interface has an aut ...) NOT-FOR-US: ClearPass Policy Manager WebUI CVE-2020-7115 (The ClearPass Policy Manager web interface is affected by a vulnerabil ...) NOT-FOR-US: ClearPass Policy Manager CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the same ne ...) NOT-FOR-US: ClearPass CVE-2020-7113 (A vulnerability was found when an attacker, while communicating with t ...) NOT-FOR-US: ClearPass CVE-2020-7112 RESERVED CVE-2020-7111 (A server side injection vulnerability exists which could allow an auth ...) NOT-FOR-US: ClearPass CVE-2020-7110 (ClearPass is vulnerable to Stored Cross Site Scripting by allowing a m ...) NOT-FOR-US: ClearPass CVE-2020-7109 (The Elementor Page Builder plugin before 2.8.4 for WordPress does not ...) NOT-FOR-US: Elementor Page Builder plugin for WordPress CVE-2020-7108 (The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ...) NOT-FOR-US: LearnDash LMS plugin for WordPress CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Dis ...) NOT-FOR-US: Ultimate FAQ plugin for WordPress CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...) {DLA-2069-1} - cacti 1.2.9+ds1-1 (bug #949996) [buster] - cacti 1.2.2+ds1-2+deb10u3 [stretch] - cacti (can be fixed along with more important issues) NOTE: https://github.com/Cacti/cacti/issues/3191 NOTE: https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9 NOTE: https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464 NOTE: https://github.com/Cacti/cacti/commit/b1c70e19466a6e69284e24cde437b55ccc454bee CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...) {DLA-2083-1} - hiredis 0.14.0-5 (bug #949995) [buster] - hiredis (Minor issue) [stretch] - hiredis (Minor issue) NOTE: https://github.com/redis/hiredis/pull/754 NOTE: https://github.com/redis/hiredis/pull/756 CVE-2020-7104 (The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via th ...) NOT-FOR-US: chained-quiz plugin for WordPress CVE-2020-7103 RESERVED CVE-2020-7102 RESERVED CVE-2020-7101 RESERVED CVE-2020-7100 RESERVED CVE-2020-7099 RESERVED CVE-2020-7098 RESERVED CVE-2020-7097 RESERVED CVE-2020-7096 RESERVED CVE-2020-7095 RESERVED CVE-2020-7094 RESERVED CVE-2020-7093 RESERVED CVE-2020-7092 RESERVED CVE-2020-7091 RESERVED CVE-2020-7090 RESERVED CVE-2020-7089 RESERVED CVE-2020-7088 RESERVED CVE-2020-7087 RESERVED CVE-2020-7086 RESERVED CVE-2020-7085 (A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 ...) NOT-FOR-US: Autodesk CVE-2020-7084 (A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versi ...) NOT-FOR-US: Autodesk CVE-2020-7083 (An intager overflow vulnerability in the Autodesk FBX-SDK versions 201 ...) NOT-FOR-US: Autodesk CVE-2020-7082 (A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 ...) NOT-FOR-US: Autodesk CVE-2020-7081 (A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 ...) NOT-FOR-US: Autodesk CVE-2020-7080 (A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019. ...) NOT-FOR-US: Autodesk CVE-2020-7079 (An improper signature validation vulnerability in Autodesk Dynamo BIM ...) NOT-FOR-US: Autodesk CVE-2020-7078 RESERVED CVE-2020-7077 RESERVED CVE-2020-7076 RESERVED CVE-2020-7075 RESERVED CVE-2020-7074 RESERVED CVE-2020-7073 RESERVED CVE-2020-7072 RESERVED CVE-2020-7071 RESERVED CVE-2020-7070 RESERVED CVE-2020-7069 RESERVED CVE-2020-7068 (In PHP versions 7.2.x below 7.3.21, 7.3.x below 7.3.21 and 7.4.x below ...) {DLA-2345-1} - php7.4 7.4.9-1 - php7.3 [buster] - php7.3 (Minor issue, fix along in future DSA) - php7.0 NOTE: Fixed in PHP 7.4.9, 7.3.21, 7.2.33 NOTE: PHP Bug: https://bugs.php.net/79797 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=7355ab81763a3d6a04ac11660e6a16d58838d187 CVE-2020-7067 (In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2188-1} - php7.4 7.4.5-1 (unimportant) - php7.3 (unimportant) - php7.0 (unimportant) - php5 (unimportant) NOTE: Fixed in PHP 7.4.5, 7.3.17 NOTE: PHP Bug: https://bugs.php.net/79465 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be NOTE: This only affects builds which enable EDBDIC CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2188-1} - php7.4 7.4.5-1 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29 NOTE: PHP Bug: https://bugs.php.net/79329 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43 CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using ...) {DSA-4719-1} - php7.4 7.4.5-1 - php7.3 - php7.0 (Vulnerable code introduced later) - php5 (Vulnerable code introduced later) NOTE: Fixed in PHP 7.4.4, 7.3.16 NOTE: PHP Bug: https://bugs.php.net/79371 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1fdffd1c55d771ca22ae217784ab75fce592ad38 CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2188-1} - php7.4 7.4.5-1 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29 NOTE: PHP Bug: https://bugs.php.net/79282 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=25238bdf6005b85ab844aa2b743b589dfce9f0d2 CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2160-1} - php7.4 7.4.3-1 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28 NOTE: PHP Bug: https://bugs.php.net/79082 CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2160-1} - php7.4 7.4.3-1 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28 NOTE: PHP Bug: https://bugs.php.net/79221 CVE-2020-7061 (In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...) - php7.4 (Windows specific issue) - php7.3 (Windows specific issue) - php7.0 (Windows specific issue) - php5 (Windows specific issue) NOTE: Fixed in PHP 7.4.3, 7.3.15 NOTE: PHP Bug: https://bugs.php.net/79171 CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings, ...) {DSA-4628-1 DSA-4626-1 DLA-2124-1} - php7.4 7.4.2-7 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27 NOTE: PHP Bug: https://bugs.php.net/79037 CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP ...) {DSA-4628-1 DSA-4626-1 DLA-2124-1} - php7.4 7.4.2-7 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27 NOTE: PHP Bug: https://bugs.php.net/79099 CVE-2020-7058 (** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execut ...) - cacti (unimportant) NOTE: https://github.com/Cacti/cacti/issues/3186 NOTE: Properly configured in there is no security impact, cf. NOTE: https://github.com/Cacti/cacti/issues/3186#issuecomment-574444803 CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a d ...) NOT-FOR-US: Hikvision CVE-2020-7056 RESERVED CVE-2020-7055 (An issue was discovered in Elementor 2.7.4. Arbitrary file upload is p ...) NOT-FOR-US: Elementor CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in li ...) NOT-FOR-US: libIEC61850 CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...) - linux 5.2.6-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/ CVE-2020-7052 (CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow unco ...) NOT-FOR-US: CODESYS CVE-2020-7051 (Codologic Codoforum through 4.8.4 allows stored XSS in the login area. ...) NOT-FOR-US: Codoforum CVE-2020-7050 (Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creati ...) NOT-FOR-US: Codoforum CVE-2020-7049 (Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_li ...) NOT-FOR-US: Nozomi Networks OS CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...) NOT-FOR-US: Wordpress plugin CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...) NOT-FOR-US: Wordpress plugin CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 ...) - dovecot (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1 CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...) - wireshark 3.2.0-1 [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Doesn't support request-respone tracking in affected code passage, yet) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d NOTE: https://www.wireshark.org/security/wnpa-sec-2020-02.html CVE-2020-7044 (In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This ...) - wireshark 3.2.1-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) [jessie] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f90a3720b73ca140403315126e2a478c4f70ca03 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-01.html CVE-2020-7043 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 (unimportant) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8 NOTE: No version of openfortivpn was shipped with OpenSSL < 1.0.2, marking as unimportant CVE-2020-7042 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 [buster] - openfortivpn (Minor issue) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3 CVE-2020-7041 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 [buster] - openfortivpn (Minor issue) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91 CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...) {DLA-2095-1} - storebackup 3.2.1-2 (bug #949393) [buster] - storebackup 3.2.1-2~deb10u1 [stretch] - storebackup 3.2.1-2~deb9u1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1156767 NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3 NOTE: SuSE provided patch: https://www.openwall.com/lists/oss-security/2020/01/20/3/1 CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...) {DSA-4616-1 DLA-2090-1 DLA-2076-1} - libslirp 4.1.0-2 (bug #949084) - qemu 1:4.1-2 - qemu-kvm - slirp 1:1.0.17-10 (bug #949085) [buster] - slirp (Minor issue; can be fixed via point release) [stretch] - slirp (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/2 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. CVE-2020-7038 RESERVED CVE-2020-7037 RESERVED CVE-2020-7036 RESERVED CVE-2020-7035 RESERVED CVE-2020-7034 RESERVED CVE-2020-7033 RESERVED CVE-2020-7032 RESERVED CVE-2020-7031 RESERVED CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered in the ...) NOT-FOR-US: IP Office CVE-2020-7029 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in th ...) NOT-FOR-US: Avaya CVE-2020-7028 RESERVED CVE-2020-7027 RESERVED CVE-2020-7026 RESERVED CVE-2020-7025 RESERVED CVE-2020-7024 RESERVED CVE-2020-7023 RESERVED CVE-2020-7022 RESERVED CVE-2020-7021 RESERVED CVE-2020-7020 RESERVED CVE-2020-7019 (In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was f ...) - elasticsearch CVE-2020-7018 (Elastic Enterprise Search before 7.9.0 contain a credential exposure f ...) - elasticsearch CVE-2020-7017 (In Kibana versions before 6.8.11 and 7.8.1 the region map visualizatio ...) - kibana (bug #700337) CVE-2020-7016 (Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (D ...) - kibana (bug #700337) CVE-2020-7015 (Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in t ...) - kibana (bug #700337) CVE-2020-7014 (The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch ve ...) - elasticsearch CVE-2020-7013 (Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution f ...) - kibana (bug #700337) CVE-2020-7012 (Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype ...) - kibana (bug #700337) CVE-2020-7011 (Elastic App Search versions before 7.7.0 contain a cross site scriptin ...) - elasticsearch CVE-2020-7010 (Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate pas ...) NOT-FOR-US: Elastic Cloud CVE-2020-7009 (Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 ...) - elasticsearch CVE-2020-7008 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker ...) NOT-FOR-US: Moxa CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), ...) NOT-FOR-US: Systech Corporation CVE-2020-7005 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...) NOT-FOR-US: Honeywell CVE-2020-7004 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...) NOT-FOR-US: Moxa CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...) NOT-FOR-US: McAfee CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected ...) NOT-FOR-US: Moxa CVE-2020-7000 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-6999 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the p ...) NOT-FOR-US: Moxa CVE-2020-6998 RESERVED CVE-2020-6997 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive inf ...) NOT-FOR-US: Moxa CVE-2020-6996 (Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Prot ...) NOT-FOR-US: Triangle MicroWorks CVE-2020-6995 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6994 (A buffer overflow vulnerability was found in some devices of Hirschman ...) NOT-FOR-US: Hirschmann Automation and Control HiOS and HiSecOS CVE-2020-6993 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6992 (A local privilege escalation vulnerability has been identified in the ...) NOT-FOR-US: GE Digital CVE-2020-6991 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password ...) NOT-FOR-US: Moxa CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6989 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6988 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6987 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a series ...) NOT-FOR-US: Omron CVE-2020-6985 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6983 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6982 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injecti ...) NOT-FOR-US: Honeywell CVE-2020-6981 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker m ...) NOT-FOR-US: Moxa CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6979 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected ...) NOT-FOR-US: Moxa CVE-2020-6978 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...) NOT-FOR-US: Honeywell CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...) NOT-FOR-US: GE CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...) NOT-FOR-US: Delta Industrial Automation CNCSoft ScreenEditor CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6974 (Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a pa ...) NOT-FOR-US: Honeywell CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6972 (In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell F ...) NOT-FOR-US: Honeywell CVE-2020-6971 (In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the Va ...) NOT-FOR-US: Emerson CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA ...) NOT-FOR-US: Emerson OpenEnterprise SCADA Server CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...) NOT-FOR-US: AutomationDirect CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to escalate app ...) NOT-FOR-US: Honeywell CVE-2020-6967 (In Rockwell Automation all versions of FactoryTalk Diagnostics softwar ...) NOT-FOR-US: Rockwell CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6965 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6964 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6963 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6962 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6961 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6960 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...) NOT-FOR-US: Honeywell CVE-2020-6959 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...) NOT-FOR-US: Honeywell CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrappe ...) NOT-FOR-US: Yet Another Java Service Wrapper (YAJSW) CVE-2020-6957 RESERVED CVE-2020-6956 (PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_acti ...) NOT-FOR-US: PCS DEXICON CVE-2020-6955 (An issue was discovered on Cayin SMP-PRO4 devices. They allow image_pr ...) NOT-FOR-US: Cayin SMP-PRO4 devices CVE-2020-6954 (An issue was discovered on Cayin SMP-PRO4 devices. A user can discover ...) NOT-FOR-US: Cayin SMP-PRO4 devices CVE-2020-6953 RESERVED CVE-2020-6952 RESERVED CVE-2020-6951 RESERVED CVE-2020-6950 RESERVED - mojarra (Vulnerable code introduced later) NOTE: https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 CVE-2020-6949 (A privilege escalation issue was discovered in the postUser function i ...) NOT-FOR-US: HashBrown CMS CVE-2020-6948 (A remote code execution issue was discovered in HashBrown CMS through ...) NOT-FOR-US: HashBrown CMS CVE-2020-6947 RESERVED CVE-2020-6946 RESERVED CVE-2020-6945 RESERVED CVE-2020-6944 RESERVED CVE-2020-6943 RESERVED CVE-2020-6942 RESERVED CVE-2020-6941 RESERVED CVE-2020-6940 RESERVED CVE-2020-6939 RESERVED CVE-2020-6938 (A sensitive information disclosure vulnerability in Tableau Server 10. ...) NOT-FOR-US: Tableau Server CVE-2020-6937 (A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, ...) NOT-FOR-US: MuleSoft CVE-2020-6936 RESERVED CVE-2020-6935 RESERVED CVE-2020-6934 RESERVED CVE-2020-6933 RESERVED CVE-2020-6932 (An information disclosure and remote code execution vulnerability in t ...) NOT-FOR-US: BlackBerry QNX Software Development Platform CVE-2020-6931 RESERVED CVE-2020-6930 RESERVED CVE-2020-6929 RESERVED CVE-2020-6928 RESERVED CVE-2020-6927 RESERVED CVE-2020-6926 RESERVED CVE-2020-6925 RESERVED CVE-2020-6924 RESERVED CVE-2020-6923 RESERVED CVE-2020-6922 RESERVED CVE-2020-6921 RESERVED CVE-2020-6920 RESERVED CVE-2020-6919 RESERVED CVE-2020-6918 RESERVED CVE-2020-6917 RESERVED CVE-2020-6916 RESERVED CVE-2020-6915 RESERVED CVE-2020-6914 RESERVED CVE-2020-6913 RESERVED CVE-2020-6912 RESERVED CVE-2020-6911 RESERVED CVE-2020-6910 RESERVED CVE-2020-6909 RESERVED CVE-2020-6908 RESERVED CVE-2020-6907 RESERVED CVE-2020-6906 RESERVED CVE-2020-6905 RESERVED CVE-2020-6904 RESERVED CVE-2020-6903 RESERVED CVE-2020-6902 RESERVED CVE-2020-6901 RESERVED CVE-2020-6900 RESERVED CVE-2020-6899 RESERVED CVE-2020-6898 RESERVED CVE-2020-6897 RESERVED CVE-2020-6896 RESERVED CVE-2020-6895 RESERVED CVE-2020-6894 RESERVED CVE-2020-6893 RESERVED CVE-2020-6892 RESERVED CVE-2020-6891 RESERVED CVE-2020-6890 RESERVED CVE-2020-6889 RESERVED CVE-2020-6888 RESERVED CVE-2020-6887 RESERVED CVE-2020-6886 RESERVED CVE-2020-6885 RESERVED CVE-2020-6884 RESERVED CVE-2020-6883 RESERVED CVE-2020-6882 RESERVED CVE-2020-6881 RESERVED CVE-2020-6880 RESERVED CVE-2020-6879 RESERVED CVE-2020-6878 RESERVED CVE-2020-6877 RESERVED CVE-2020-6876 RESERVED CVE-2020-6875 RESERVED CVE-2020-6874 (A ZTE product is impacted by the cryptographic issues vulnerability. T ...) NOT-FOR-US: ZTE CVE-2020-6873 (A ZTE product has a DoS vulnerability. Because the equipment couldn ...) NOT-FOR-US: ZTE CVE-2020-6872 (The server management software module of ZTE has a storage XSS vulnera ...) NOT-FOR-US: ZTE CVE-2020-6871 (The server management software module of ZTE has an authentication iss ...) NOT-FOR-US: ZTE CVE-2020-6870 (The version V12.17.20T115 of ZTE U31R20 product is impacted by a desig ...) NOT-FOR-US: ZTE CVE-2020-6869 (All versions up to 10.06 of ZTEMarket APK are impacted by an informati ...) NOT-FOR-US: ZTE CVE-2020-6868 (ZTE's PON terminal product is impacted by the access control vulnerabi ...) NOT-FOR-US: ZTE CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...) NOT-FOR-US: ZTE CVE-2020-6866 (A ZTE product is impacted by a resource management error vulnerability ...) NOT-FOR-US: ZTE CVE-2020-6865 (ZTE SDN controller platform is impacted by an information leakage vuln ...) NOT-FOR-US: ZTE CVE-2020-6864 (ZTE E8820V3 router product is impacted by an information leak vulnerab ...) NOT-FOR-US: ZTE CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and access cont ...) NOT-FOR-US: ZTE CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Informati ...) NOT-FOR-US: ZTE F6x2W CVE-2020-6861 (A flawed protocol design in the Ledger Monero app before 1.5.1 for Led ...) NOT-FOR-US: Ledger Monero app CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...) - libmysofa 1.0~dfsg0-1 (bug #949325) [buster] - libmysofa (Minor issue) NOTE: https://github.com/hoene/libmysofa/issues/96 NOTE: https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85 CVE-2020-6859 (Multiple Insecure Direct Object Reference vulnerabilities in includes/ ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2020-6858 (Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to ...) NOT-FOR-US: Hotels Styx CVE-2020-6857 (CarbonFTP v1.4 uses insecure proprietary password encryption with a ha ...) NOT-FOR-US: CarbonFTP CVE-2020-6856 (An XML External Entity (XEE) vulnerability exists in the JOC Cockpit c ...) NOT-FOR-US: JOC Cockpit component of SOS JobScheduler CVE-2020-6855 (A large or infinite loop vulnerability in the JOC Cockpit component of ...) NOT-FOR-US: JOC Cockpit component of SOS JobScheduler CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit componen ...) NOT-FOR-US: JOC Cockpit, different from src:cockpit CVE-2020-6853 RESERVED CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3. ...) NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...) {DLA-2277-1 DLA-2081-1} - openjpeg2 (bug #950000) [buster] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1228 NOTE: https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04 CVE-2020-6850 (Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4 ...) NOT-FOR-US: miniorange-saml-20-single-sign-on plugin for WordPress CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allo ...) NOT-FOR-US: marketo-forms-and-tracking plugin for WordPress CVE-2020-6848 (Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Na ...) NOT-FOR-US: Axper Vision II 4 devices CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is exec ...) NOT-FOR-US: OpenTrade CVE-2020-6846 RESERVED CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no ReadOnly ...) NOT-FOR-US: TopManage CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vulnerab ...) NOT-FOR-US: TopManage CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2020-6842 (D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated ...) NOT-FOR-US: D-Link CVE-2020-6841 (D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to ...) NOT-FOR-US: D-Link CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mru ...) - mruby (Vulnerable code introduced later) NOTE: https://github.com/mruby/mruby/issues/4927 NOTE: Introduced by: https://github.com/mruby/mruby/commit/694089fafe4eae36c379a3d918d540eb0c4b8661 NOTE: Fixed by: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 CVE-2020-6839 (In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_ ...) - mruby (Vulnerable code not present) NOTE: https://github.com/mruby/mruby/issues/4929 NOTE: Introduced by: https://github.com/mruby/mruby/commit/2532e625edc2457447369e36e2ecf7882d872ef9 NOTE: Fixed by: https://github.com/mruby/mruby/commit/2124b9b4c95e66e63b1eb26a8dab49753b82fd6c CVE-2020-6838 (In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems ...) - mruby (Vulnerable code not present) NOTE: Introduced by: https://github.com/mruby/mruby/commit/694089fafe4eae36c379a3d918d540eb0c4b8661 NOTE: https://github.com/mruby/mruby/issues/4926 NOTE: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 NOTE: https://github.com/mruby/mruby/commit/70e574689664c10ed2c47581999cc2ce3e3c5afb NOTE: https://github.com/mruby/mruby/commit/2742ded32fe18f88833d76b297f5c2170b6880c3 CVE-2020-6837 RESERVED CVE-2020-6836 (grammar-parser.jison in the hot-formula-parser package before 3.0.1 fo ...) NOT-FOR-US: hot-formula-parser Node package CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a heap-based off ...) - bftpd (bug #640469) CVE-2020-6834 RESERVED CVE-2020-6833 (An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhors ...) - gitlab (Only affects Gitlab EE 11.3 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 throug ...) - gitlab (Only affects GitLab EE 8.9.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/ CVE-2020-6831 (A buffer overflow could occur when parsing and validating SCTP chunks ...) {DSA-4714-1 DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-6831 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831 CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be passe ...) - firefox (Firefox on iOS) CVE-2020-6829 [Side channel attack on ECDSA signature generation] RESERVED - firefox 80.0-1 - nss 2:3.55-1 [buster] - nss (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0 NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes NOTE: Issue relates to CVE-2020-12400 and resolved in the same commits. NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-6829 CVE-2020-6828 (A malicious Android application could craft an Intent that would have ...) - firefox-esr (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6828 CVE-2020-6827 (When following a link that opened an intent://-schemed URL, causing a ...) - firefox-esr (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6827 CVE-2020-6826 (Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis report ...) - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6826 CVE-2020-6825 (Mozilla developers and community members Tyson Smith and Christian Hol ...) {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6825 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6825 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6825 CVE-2020-6824 (Initially, a user opens a Private Browsing Window and generates a pass ...) - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6824 CVE-2020-6823 (A malicious extension could have called <code>browser.identity.l ...) - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6823 CVE-2020-6822 (On 32-bit builds, an out of bounds write could have occurred when proc ...) {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6822 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6822 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6822 CVE-2020-6821 (When reading from areas partially or fully outside the source resource ...) {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6821 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6821 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821 CVE-2020-6820 (Under certain conditions, when handling a ReadableStream, a race condi ...) {DSA-4656-1 DSA-4653-1 DLA-2172-1 DLA-2170-1} - firefox 74.0.1-1 - firefox-esr 68.6.1esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6820 CVE-2020-6819 (Under certain conditions, when running the nsDocShell destructor, a ra ...) {DSA-4656-1 DSA-4653-1 DLA-2172-1 DLA-2170-1} - firefox 74.0.1-1 - firefox-esr 68.6.1esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6819 CVE-2020-6818 RESERVED CVE-2020-6817 [Regular expression denial of service] RESERVED {DLA-2167-1} - python-bleach 3.1.4-1 (bug #955388) [buster] - python-bleach (Minor issue; some regression potential) [stretch] - python-bleach (Minor issue; some regression potential) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 NOTE: https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69 NOTE: https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7 NOTE: Regression report: https://github.com/mozilla/bleach/pull/530 CVE-2020-6815 (Mozilla developers reported memory safety and script safety bugs prese ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815 CVE-2020-6814 (Mozilla developers reported memory safety bugs present in Firefox and ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6814 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814 CVE-2020-6813 (When protecting CSS blocks with the nonce feature of Content Security ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813 CVE-2020-6812 (The first time AirPods are connected to an iPhone, they become named a ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812 CVE-2020-6811 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811 CVE-2020-6810 (After a website had entered fullscreen mode, it could have used a prev ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810 CVE-2020-6809 (When a Web Extension had the all-urls permission and made a fetch requ ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809 CVE-2020-6808 (When a JavaScript URL (javascript:) is evaluated and the result is a s ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808 CVE-2020-6807 (When a device was changed while a stream was about to be destroyed, th ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6807 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807 CVE-2020-6806 (By carefully crafting promise resolutions, it was possible to cause an ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6806 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806 CVE-2020-6805 (When removing data about an origin whose tab was recently closed, a us ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6805 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6805 CVE-2020-6804 (A reflected XSS vulnerability exists within the gateway, allowing an a ...) NOT-FOR-US: Mozilla IOT CVE-2020-6803 (An open redirect is present on the gateway's login page, which could c ...) NOT-FOR-US: Mozilla IOT CVE-2020-6801 (Mozilla developers reported memory safety bugs present in Firefox 72. ...) - firefox 73.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801 CVE-2020-6800 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6800 CVE-2020-6799 (Command line arguments could have been injected during Firefox invocat ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6799 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799 CVE-2020-6798 (If a template tag was used in a select tag, the parser could be confus ...) {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6798 CVE-2020-6797 (By downloading a file with the .fileloc extension, a semi-privileged e ...) - firefox (Only affects Mac OSX) - firefox-esr (Only affects Mac OSX) - thunderbird (Only affects Mac OSX) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797 CVE-2020-6796 (A content process could have modified shared memory relating to crash ...) {DSA-4620-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796 CVE-2020-6795 (When processing a message that contains multiple S/MIME signatures, a ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6795 CVE-2020-6794 (If a user saved passwords before Thunderbird 60 and then later set a m ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6794 CVE-2020-6793 (When processing an email message with an ill-formed envelope, Thunderb ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6793 CVE-2020-6792 (When deriving an identifier for an email message, uninitialized memory ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6792 CVE-2020-6791 RESERVED CVE-2020-6790 RESERVED CVE-2020-6789 RESERVED CVE-2020-6788 RESERVED CVE-2020-6787 RESERVED CVE-2020-6786 RESERVED CVE-2020-6785 RESERVED CVE-2020-6784 RESERVED CVE-2020-6783 RESERVED CVE-2020-6782 RESERVED CVE-2020-6781 (Improper certificate validation for certain connections in the Bosch S ...) NOT-FOR-US: Bosch Smart Home System App for iOS CVE-2020-6780 RESERVED CVE-2020-6779 RESERVED CVE-2020-6778 RESERVED CVE-2020-6777 RESERVED CVE-2020-6776 RESERVED CVE-2020-6775 RESERVED CVE-2020-6774 (Improper Access Control in the Kiosk Mode functionality of Bosch Recor ...) NOT-FOR-US: Bosch CVE-2020-6773 RESERVED CVE-2020-6772 RESERVED CVE-2020-6771 RESERVED CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...) NOT-FOR-US: BVMS Mobile Video Service (BVMS MVS) CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...) NOT-FOR-US: Bosch CVE-2020-6768 (A path traversal vulnerability in the Bosch Video Management System (B ...) NOT-FOR-US: Bosch CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management System (B ...) NOT-FOR-US: Bosch CVE-2020-6766 RESERVED CVE-2020-6765 (D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS comm ...) NOT-FOR-US: D-Link CVE-2020-6764 REJECTED CVE-2020-6763 RESERVED CVE-2020-6762 RESERVED CVE-2020-6761 RESERVED CVE-2020-6760 (Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS com ...) NOT-FOR-US: Schmid ZI 620 V400 VPN 090 routers CVE-2020-6759 RESERVED CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6757 (contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150 ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (K ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6755 RESERVED CVE-2020-6754 (dotCMS before 5.2.4 is vulnerable to directory traversal, leading to i ...) NOT-FOR-US: dotCMS CVE-2020-6753 (The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-6752 (In OMERO before 5.6.1, group owners can access members' data in other ...) NOT-FOR-US: OMERO CVE-2020-6751 RESERVED CVE-2020-6750 (GSocketClient in GNOME GLib through 2.62.4 may occasionally connect di ...) - glib2.0 2.62.5-1 (bug #948554) [buster] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) [stretch] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) [jessie] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1989 CVE-2020-6749 RESERVED CVE-2020-6748 RESERVED CVE-2020-6747 RESERVED CVE-2020-6746 RESERVED CVE-2020-6745 RESERVED CVE-2020-6744 RESERVED CVE-2020-6743 RESERVED CVE-2020-6742 RESERVED CVE-2020-6741 RESERVED CVE-2020-6740 RESERVED CVE-2020-6739 RESERVED CVE-2020-6738 RESERVED CVE-2020-6737 RESERVED CVE-2020-6736 RESERVED CVE-2020-6735 RESERVED CVE-2020-6734 RESERVED CVE-2020-6733 RESERVED CVE-2020-6732 RESERVED CVE-2020-6731 RESERVED CVE-2020-6730 RESERVED CVE-2020-6729 RESERVED CVE-2020-6728 RESERVED CVE-2020-6727 RESERVED CVE-2020-6726 RESERVED CVE-2020-6725 RESERVED CVE-2020-6724 RESERVED CVE-2020-6723 RESERVED CVE-2020-6722 RESERVED CVE-2020-6721 RESERVED CVE-2020-6720 RESERVED CVE-2020-6719 RESERVED CVE-2020-6718 RESERVED CVE-2020-6717 RESERVED CVE-2020-6716 RESERVED CVE-2020-6715 RESERVED CVE-2020-6714 RESERVED CVE-2020-6713 RESERVED CVE-2020-6712 RESERVED CVE-2020-6711 RESERVED CVE-2020-6710 RESERVED CVE-2020-6709 RESERVED CVE-2020-6708 RESERVED CVE-2020-6707 RESERVED CVE-2020-6706 RESERVED CVE-2020-6705 RESERVED CVE-2020-6704 RESERVED CVE-2020-6703 RESERVED CVE-2020-6702 RESERVED CVE-2020-6701 RESERVED CVE-2020-6700 RESERVED CVE-2020-6699 RESERVED CVE-2020-6698 RESERVED CVE-2020-6697 RESERVED CVE-2020-6696 RESERVED CVE-2020-6695 RESERVED CVE-2020-6694 RESERVED CVE-2020-6693 RESERVED CVE-2020-6692 RESERVED CVE-2020-6691 RESERVED CVE-2020-6690 RESERVED CVE-2020-6689 RESERVED CVE-2020-6688 RESERVED CVE-2020-6687 RESERVED CVE-2020-6686 RESERVED CVE-2020-6685 RESERVED CVE-2020-6684 RESERVED CVE-2020-6683 RESERVED CVE-2020-6682 RESERVED CVE-2020-6681 RESERVED CVE-2020-6680 RESERVED CVE-2020-6679 RESERVED CVE-2020-6678 RESERVED CVE-2020-6677 RESERVED CVE-2020-6676 RESERVED CVE-2020-6675 RESERVED CVE-2020-6674 RESERVED CVE-2020-6673 RESERVED CVE-2020-6672 RESERVED CVE-2020-6671 RESERVED CVE-2020-6670 RESERVED CVE-2020-6669 RESERVED CVE-2020-6668 RESERVED CVE-2020-6667 RESERVED CVE-2020-6666 RESERVED CVE-2020-6665 RESERVED CVE-2020-6664 RESERVED CVE-2020-6663 RESERVED CVE-2020-6662 RESERVED CVE-2020-6661 RESERVED CVE-2020-6660 RESERVED CVE-2020-6659 RESERVED CVE-2020-6658 RESERVED CVE-2020-6657 RESERVED CVE-2020-6656 RESERVED CVE-2020-6655 RESERVED CVE-2020-6654 RESERVED CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 & prior stores the user l ...) NOT-FOR-US: Eaton CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...) NOT-FOR-US: Eaton CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v ...) NOT-FOR-US: Eaton CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by ‘Eval In ...) NOT-FOR-US: UPS companion software CVE-2020-6649 RESERVED CVE-2020-6648 RESERVED CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of ...) NOT-FOR-US: Fortiguard CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...) NOT-FOR-US: Fortiguard CVE-2020-6645 RESERVED CVE-2020-6644 (An insufficient session expiration vulnerability in FortiDeceptor 3.0. ...) NOT-FOR-US: Fortiguard CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...) NOT-FOR-US: Fortinet CVE-2020-6642 RESERVED CVE-2020-6641 RESERVED CVE-2020-6640 (An improper neutralization of input vulnerability in the Admin Profile ...) NOT-FOR-US: Fortiguard CVE-2020-6639 RESERVED CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...) NOT-FOR-US: Grin CVE-2020-6637 (openSIS Community Edition version 7.3 is vulnerable to SQL injection v ...) NOT-FOR-US: openSIS CVE-2020-6636 RESERVED CVE-2020-6635 RESERVED CVE-2020-6634 RESERVED CVE-2020-6633 RESERVED CVE-2020-6632 (In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a Q ...) NOT-FOR-US: PrestaShop CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) - gpac (low) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue, clean crash, MP42TS not shipped, incomplete patch) NOTE: https://github.com/gpac/gpac/issues/1378 NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) - gpac (low) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue, clean crash, MP42TS not shipped, incomplete patch) NOTE: https://github.com/gpac/gpac/issues/1377 NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS CVE-2020-6629 (Ming (aka libming) 0.4.8 has z NULL pointer dereference in the functio ...) - ming NOTE: https://github.com/libming/libming/issues/190 CVE-2020-6628 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the func ...) - ming NOTE: https://github.com/libming/libming/issues/191 CVE-2020-6627 RESERVED CVE-2020-6626 RESERVED CVE-2020-6625 (jhead through 3.04 has a heap-based buffer over-read in Get32s when ca ...) - jhead (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746 NOTE: Crash in CLI tool, no security impact CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_DQT in ...) - jhead (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744 NOTE: Crash in CLI tool, no security impact CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) - libstb (low; bug #949560) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/865 NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, godot, dart CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (low; bug #949559) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/869 CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...) - libstb (low; bug #949558) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/867 CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (low; bug #949557) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/868 CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...) - libstb (low; bug #949556) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/863 CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (low; bug #949555) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/866 CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) - libstb (low; bug #949554) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/867 CVE-2020-6616 (Some Broadcom chips mishandle Bluetooth random-number generation becau ...) NOT-FOR-US: Broadcom CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...) - libredwg (bug #595191) CVE-2020-6614 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read ...) - libredwg (bug #595191) CVE-2020-6613 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_searc ...) - libredwg (bug #595191) CVE-2020-6612 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_comp ...) - libredwg (bug #595191) CVE-2020-6611 (GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_own ...) - libredwg (bug #595191) CVE-2020-6610 (GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation i ...) - libredwg (bug #595191) CVE-2020-6609 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_page ...) - libredwg (bug #595191) CVE-2020-6608 RESERVED CVE-2020-6607 RESERVED CVE-2020-6606 RESERVED CVE-2020-6605 RESERVED CVE-2020-6604 RESERVED CVE-2020-6603 RESERVED CVE-2020-6602 RESERVED CVE-2020-6601 RESERVED CVE-2020-6600 RESERVED CVE-2020-6599 RESERVED CVE-2020-6598 RESERVED CVE-2020-6597 RESERVED CVE-2020-6596 RESERVED CVE-2020-6595 RESERVED CVE-2020-6594 RESERVED CVE-2020-6593 RESERVED CVE-2020-6592 RESERVED CVE-2020-6591 RESERVED CVE-2020-6590 RESERVED CVE-2020-6589 RESERVED CVE-2020-6588 RESERVED CVE-2020-6587 RESERVED CVE-2020-6586 (Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a ...) NOT-FOR-US: Nagios Log Server CVE-2020-6585 (Nagios Log Server 2.1.3 has CSRF. ...) NOT-FOR-US: Nagios Log Server CVE-2020-6584 (Nagios Log Server 2.1.3 has Incorrect Access Control. ...) NOT-FOR-US: Nagios Log Server CVE-2020-6583 (BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be ...) NOT-FOR-US: BigProf Online Invoicing System (OIS) CVE-2020-6582 (Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by ...) - nagios-nrpe 4.0.0-1 [buster] - nagios-nrpe (Minor issue) [stretch] - nagios-nrpe (Minor issue) [jessie] - nagios-nrpe (Minor issue) NOTE: https://herolab.usd.de/security-advisories/usd-2020-0001/ NOTE: https://github.com/NagiosEnterprises/nrpe/commit/b84f9b8c9d290dd02e139df8dad1c3eb690c1213 NOTE: https://github.com/NagiosEnterprises/nrpe/commit/8e3bea4e1b1937e395a182729762aa8894e8649e NOTE: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197 (part validating incoming buffer size) CVE-2020-6581 (Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nas ...) - nagios-nrpe 4.0.0-1 [buster] - nagios-nrpe (Minor issue) [stretch] - nagios-nrpe (Minor issue) [jessie] - nagios-nrpe (Vulnerable code introduced later) NOTE: https://herolab.usd.de/security-advisories/usd-2020-0002/ NOTE: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197 (part for proper processing of nasty_metachars) CVE-2020-6580 RESERVED CVE-2020-6579 (Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudlo ...) NOT-FOR-US: MailBeez plugin for ZenCart CVE-2020-6578 RESERVED CVE-2020-6577 RESERVED CVE-2020-6576 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6575 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6574 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6573 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6572 RESERVED CVE-2020-6571 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6570 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6569 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6568 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6567 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6566 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6565 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6564 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6563 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6562 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6561 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6560 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6559 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6558 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6557 RESERVED CVE-2020-6556 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6555 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6554 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6553 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6552 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6551 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6550 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6549 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6548 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6547 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6546 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6545 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6544 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6543 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6542 RESERVED - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6541 RESERVED [experimental] - chromium 84.0.4147.105-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6540 RESERVED [experimental] - chromium 84.0.4147.105-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6539 RESERVED [experimental] - chromium 84.0.4147.105-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6538 RESERVED [experimental] - chromium 84.0.4147.105-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6537 RESERVED [experimental] - chromium 84.0.4147.105-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6536 (Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 a ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6535 (Insufficient data validation in WebUI in Google Chrome prior to 84.0.4 ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6534 (Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6533 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6532 RESERVED [experimental] - chromium 84.0.4147.105-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6531 (Side-channel information leakage in scroll to text in Google Chrome pr ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6530 (Out of bounds memory access in developer tools in Google Chrome prior ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6529 (Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6528 (Incorrect security UI in basic auth in Google Chrome on iOS prior to 8 ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6527 (Insufficient policy enforcement in CSP in Google Chrome prior to 84.0. ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6526 (Inappropriate implementation in iframe sandbox in Google Chrome prior ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6525 (Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 al ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6524 (Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.8 ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6523 (Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 all ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6522 (Inappropriate implementation in external protocol handlers in Google C ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6521 (Side-channel information leakage in autofill in Google Chrome prior to ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6520 (Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6519 (Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6518 (Use after free in developer tools in Google Chrome prior to 84.0.4147. ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6517 (Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6516 (Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6515 (Use after free in tab strip in Google Chrome prior to 84.0.4147.89 all ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6514 (Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ...) {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1} [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) - firefox 79.0-1 - firefox-esr 68.11.0esr-1 - thunderbird 1:68.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-6514 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-6514 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-6514 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-6514 CVE-2020-6513 (Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6512 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6511 (Information leak in content security policy in Google Chrome prior to ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6510 (Heap buffer overflow in background fetch in Google Chrome prior to 84. ...) [experimental] - chromium 84.0.4147.89-1 - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6509 (Use after free in extensions in Google Chrome prior to 83.0.4103.116 a ...) {DSA-4714-1} - chromium 83.0.4103.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6508 RESERVED CVE-2020-6507 (Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allo ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6506 (Insufficient policy enforcement in WebView in Google Chrome on Android ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6505 (Use after free in speech in Google Chrome prior to 83.0.4103.106 allow ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6504 (Insufficient policy enforcement in notifications in Google Chrome prio ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2020-6503 (Inappropriate implementation in accessibility in Google Chrome prior t ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2020-6502 (Incorrect implementation in permissions in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6501 (Insufficient policy enforcement in CSP in Google Chrome prior to 80.0. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6500 (Inappropriate implementation in interstitials in Google Chrome prior t ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6499 (Inappropriate implementation in AppCache in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6498 (Incorrect implementation in user interface in Google Chrome on iOS pri ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6497 (Insufficient policy enforcement in Omnibox in Google Chrome on iOS pri ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6496 (Use after free in payments in Google Chrome on MacOS prior to 83.0.410 ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6495 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6494 (Incorrect security UI in payments in Google Chrome on Android prior to ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6493 (Use after free in WebAuthentication in Google Chrome prior to 83.0.410 ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6492 RESERVED CVE-2020-6491 (Insufficient data validation in site information in Google Chrome prio ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6490 (Insufficient data validation in loader in Google Chrome prior to 83.0. ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6489 (Inappropriate implementation in developer tools in Google Chrome prior ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6488 (Insufficient policy enforcement in downloads in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6487 (Insufficient policy enforcement in downloads in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6486 (Insufficient policy enforcement in navigations in Google Chrome prior ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6485 (Insufficient data validation in media router in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6484 (Insufficient data validation in ChromeDriver in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6483 (Insufficient policy enforcement in payments in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6482 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6481 (Insufficient policy enforcement in URL formatting in Google Chrome pri ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6480 (Insufficient policy enforcement in enterprise in Google Chrome prior t ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6479 (Inappropriate implementation in sharing in Google Chrome prior to 83.0 ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6478 (Inappropriate implementation in full screen in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6477 (Inappropriate implementation in installer in Google Chrome on OS X pri ...) - chromium (Only affects installer) CVE-2020-6476 (Insufficient policy enforcement in tab strip in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6475 (Incorrect implementation in full screen in Google Chrome prior to 83.0 ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6474 (Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6473 (Insufficient policy enforcement in Blink in Google Chrome prior to 83. ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6472 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6471 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6470 (Insufficient validation of untrusted input in clipboard in Google Chro ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6469 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6468 (Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6467 (Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowe ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6466 (Use after free in media in Google Chrome prior to 83.0.4103.61 allowed ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6465 (Use after free in reader mode in Google Chrome on Android prior to 83. ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6464 (Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowe ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6463 (Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowe ...) {DSA-4740-1 DSA-4736-1 DSA-4714-1 DLA-2310-1 DLA-2297-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) - firefox 79.0-1 - firefox-esr 68.11.0esr-1 - thunderbird 1:68.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-6463 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-6463 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-6463 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-6463 CVE-2020-6462 (Use after free in task scheduling in Google Chrome prior to 81.0.4044. ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6461 (Use after free in storage in Google Chrome prior to 81.0.4044.129 allo ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6460 (Insufficient data validation in URL formatting in Google Chrome prior ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6459 (Use after free in payments in Google Chrome prior to 81.0.4044.122 all ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6458 (Out of bounds read and write in PDFium in Google Chrome prior to 81.0. ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6457 (Use after free in speech recognizer in Google Chrome prior to 81.0.404 ...) {DSA-4714-1} - chromium 83.0.4103.83-1 (bug #958450) [stretch] - chromium (see DSA 4562) CVE-2020-6456 (Insufficient validation of untrusted input in clipboard in Google Chro ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6455 (Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 al ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6454 (Use after free in extensions in Google Chrome prior to 81.0.4044.92 al ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6453 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...) {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6452 (Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 ...) {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6451 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 all ...) {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6450 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 all ...) {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6448 (Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6447 (Inappropriate implementation in developer tools in Google Chrome prior ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6446 (Insufficient policy enforcement in trusted types in Google Chrome prio ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6445 (Insufficient policy enforcement in trusted types in Google Chrome prio ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6444 (Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 all ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6443 (Insufficient data validation in developer tools in Google Chrome prior ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6442 (Inappropriate implementation in cache in Google Chrome prior to 81.0.4 ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6441 (Insufficient policy enforcement in omnibox in Google Chrome prior to 8 ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6440 (Inappropriate implementation in extensions in Google Chrome prior to 8 ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6439 (Insufficient policy enforcement in navigations in Google Chrome prior ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6438 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6437 (Inappropriate implementation in WebView in Google Chrome prior to 81.0 ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6436 (Use after free in window management in Google Chrome prior to 81.0.404 ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6435 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6434 (Use after free in devtools in Google Chrome prior to 81.0.4044.92 allo ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6433 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6432 (Insufficient policy enforcement in navigations in Google Chrome prior ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6431 (Insufficient policy enforcement in full screen in Google Chrome prior ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6430 (Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6429 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6428 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6427 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6426 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6425 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6424 (Use after free in media in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6423 (Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6422 (Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6421 RESERVED CVE-2020-6420 (Insufficient policy enforcement in media in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.132-1 [stretch] - chromium (see DSA 4562) CVE-2020-6419 (Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allow ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...) {DSA-4638-1} - chromium 80.0.3987.122-1 [stretch] - chromium (see DSA 4562) CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome prior to 80 ...) - chromium (debian package does not support the chromium installer) CVE-2020-6416 (Insufficient data validation in streams in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6415 (Inappropriate implementation in JavaScript in Google Chrome prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6414 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6413 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6412 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6411 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6410 (Insufficient policy enforcement in navigation in Google Chrome prior t ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6409 (Inappropriate implementation in Omnibox in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6408 (Insufficient policy enforcement in CORS in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6407 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...) {DSA-4638-1} - chromium 80.0.3987.122-1 [stretch] - chromium (see DSA 4562) CVE-2020-6406 (Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6405 (Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 al ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6404 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6403 (Incorrect implementation in Omnibox in Google Chrome on iOS prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6402 (Insufficient policy enforcement in downloads in Google Chrome on OS X ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6401 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6400 (Inappropriate implementation in CORS in Google Chrome prior to 80.0.39 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6399 (Insufficient policy enforcement in AppCache in Google Chrome prior to ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6398 (Use of uninitialized data in PDFium in Google Chrome prior to 80.0.398 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6397 (Inappropriate implementation in sharing in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6396 (Inappropriate implementation in Skia in Google Chrome prior to 80.0.39 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6395 (Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6394 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6393 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6392 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6391 (Insufficient validation of untrusted input in Blink in Google Chrome p ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6390 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6389 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6388 (Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6387 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6386 (Use after free in speech in Google Chrome prior to 80.0.3987.116 allow ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6385 (Insufficient policy enforcement in storage in Google Chrome prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6384 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 all ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6383 (Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6382 (Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 al ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6381 (Integer overflow in JavaScript in Google Chrome on ChromeOS and Androi ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6380 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6379 (Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6378 (Use after free in speech in Google Chrome prior to 79.0.3945.130 allow ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6377 (Use after free in audio in Google Chrome prior to 79.0.3945.117 allowe ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6376 RESERVED CVE-2020-6375 RESERVED CVE-2020-6374 RESERVED CVE-2020-6373 RESERVED CVE-2020-6372 RESERVED CVE-2020-6371 RESERVED CVE-2020-6370 RESERVED CVE-2020-6369 RESERVED CVE-2020-6368 RESERVED CVE-2020-6367 RESERVED CVE-2020-6366 RESERVED CVE-2020-6365 RESERVED CVE-2020-6364 RESERVED CVE-2020-6363 RESERVED CVE-2020-6362 RESERVED CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6360 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6359 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6358 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6357 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6356 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6355 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6354 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6353 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6352 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6351 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6350 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6349 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6348 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6347 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6346 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6345 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6344 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6343 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6342 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6341 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6340 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6339 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6338 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6337 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6336 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6335 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6334 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6333 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6332 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6331 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6330 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6329 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6328 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6327 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6326 (SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, all ...) NOT-FOR-US: SAP CVE-2020-6325 RESERVED CVE-2020-6324 (SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700 ...) NOT-FOR-US: SAP CVE-2020-6323 RESERVED CVE-2020-6322 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6321 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6320 (SAP Marketing (Servlet), version-130,140,150, allows an authenticated ...) NOT-FOR-US: SAP CVE-2020-6319 RESERVED CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABA ...) NOT-FOR-US: SAP CVE-2020-6317 RESERVED CVE-2020-6316 RESERVED CVE-2020-6315 RESERVED CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6313 (SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, ...) NOT-FOR-US: SAP CVE-2020-6312 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...) NOT-FOR-US: SAP CVE-2020-6311 (Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP ...) NOT-FOR-US: SAP CVE-2020-6310 (Improper access control in SOA Configuration Trace component in SAP Ne ...) NOT-FOR-US: SAP CVE-2020-6309 (SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7. ...) NOT-FOR-US: SAP CVE-2020-6308 RESERVED CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7. ...) NOT-FOR-US: SAP CVE-2020-6306 (Missing authorization check in a transaction within SAP Leasing (updat ...) NOT-FOR-US: SAP CVE-2020-6305 (PI Rest Adapter of SAP Process Integration (update provided in SAP_XIA ...) NOT-FOR-US: SAP CVE-2020-6304 (Improper input validation in SAP NetWeaver Internet Communication Mana ...) NOT-FOR-US: SAP CVE-2020-6303 (SAP Disclosure Management, before version 10.1, does not validate user ...) NOT-FOR-US: SAP CVE-2020-6302 (SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSessio ...) NOT-FOR-US: SAP CVE-2020-6301 (SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 6 ...) NOT-FOR-US: SAP CVE-2020-6300 (SAP Business Objects Business Intelligence Platform (Central Managemen ...) NOT-FOR-US: SAP CVE-2020-6299 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 75 ...) NOT-FOR-US: SAP CVE-2020-6298 (SAP Banking Services (Generic Market Data), versions - 400, 450, 500, ...) NOT-FOR-US: SAP CVE-2020-6297 (Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data I ...) NOT-FOR-US: SAP CVE-2020-6296 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 70 ...) NOT-FOR-US: SAP CVE-2020-6295 (Under certain conditions the SAP Adaptive Server Enterprise, version 1 ...) NOT-FOR-US: SAP CVE-2020-6294 (Xvfb of SAP Business Objects Business Intelligence Platform, versions ...) NOT-FOR-US: SAP CVE-2020-6293 (SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.5 ...) NOT-FOR-US: SAP CVE-2020-6292 (Logout mechanism in SAP Disclosure Management, version 10.1, does not ...) NOT-FOR-US: SAP CVE-2020-6291 (SAP Disclosure Management, version 10.1, session mechanism does not ha ...) NOT-FOR-US: SAP CVE-2020-6290 (SAP Disclosure Management, version 10.1, is vulnerable to Session Fixa ...) NOT-FOR-US: SAP CVE-2020-6289 (SAP Disclosure Management, version 10.1, had insufficient protection a ...) NOT-FOR-US: SAP CVE-2020-6288 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6287 (SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31 ...) NOT-FOR-US: SAP CVE-2020-6286 (The insufficient input path validation of certain parameter in the web ...) NOT-FOR-US: SAP CVE-2020-6285 (SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11 ...) NOT-FOR-US: SAP CVE-2020-6284 (SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.5 ...) NOT-FOR-US: SAP CVE-2020-6283 (SAP Fiori Launchpad does not sufficiently encode user controlled input ...) NOT-FOR-US: SAP CVE-2020-6282 (SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11 ...) NOT-FOR-US: SAP CVE-2020-6281 (SAP Business Objects Business Intelligence Platform (BI Launchpad), ve ...) NOT-FOR-US: SAP CVE-2020-6280 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, ...) NOT-FOR-US: SAP CVE-2020-6279 REJECTED CVE-2020-6278 (SAP Business Objects Business Intelligence Platform (BI Launchpad and ...) NOT-FOR-US: SAP CVE-2020-6277 RESERVED CVE-2020-6276 (SAP Business Objects Business Intelligence Platform (bipodata), versio ...) NOT-FOR-US: SAP CVE-2020-6275 (SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740 ...) NOT-FOR-US: SAP CVE-2020-6274 RESERVED CVE-2020-6273 (SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 1 ...) NOT-FOR-US: SAP CVE-2020-6272 RESERVED CVE-2020-6271 (SAP Solution Manager (Problem Context Manager), version 7.2, does not ...) NOT-FOR-US: SAP CVE-2020-6270 (SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 75 ...) NOT-FOR-US: SAP CVE-2020-6269 (Under certain conditions SAP Business Objects Business Intelligence Pl ...) NOT-FOR-US: SAP CVE-2020-6268 (Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV ver ...) NOT-FOR-US: SAP CVE-2020-6267 (Some sensitive cookies in SAP Disclosure Management, version 10.1, are ...) NOT-FOR-US: SAP CVE-2020-6266 (SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an at ...) NOT-FOR-US: SAP CVE-2020-6265 (SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data ...) NOT-FOR-US: SAP CVE-2020-6264 (SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker ...) NOT-FOR-US: SAP CVE-2020-6263 (Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol ...) NOT-FOR-US: SAP CVE-2020-6262 (Service Data Download in SAP Application Server ABAP (ST-PI, before ve ...) NOT-FOR-US: SAP CVE-2020-6261 (SAP Solution Manager (Trace Analysis), version 7.20, allows an attacke ...) NOT-FOR-US: SAP CVE-2020-6260 (SAP Solution Manager (Trace Analysis), version 7.20, allows an attacke ...) NOT-FOR-US: SAP CVE-2020-6259 (Under certain conditions SAP Adaptive Server Enterprise, versions 15.7 ...) NOT-FOR-US: SAP CVE-2020-6258 (SAP Identity Management, version 8.0, does not perform necessary autho ...) NOT-FOR-US: SAP CVE-2020-6257 (SAP Business Objects Business Intelligence Platform (CMC and BI Launch ...) NOT-FOR-US: SAP CVE-2020-6256 (SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 8 ...) NOT-FOR-US: SAP CVE-2020-6255 RESERVED CVE-2020-6254 (SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficien ...) NOT-FOR-US: SAP CVE-2020-6253 (Under certain conditions, SAP Adaptive Server Enterprise (Web Services ...) NOT-FOR-US: SAP CVE-2020-6252 (Under certain conditions SAP Adaptive Server Enterprise (Cockpit), ver ...) NOT-FOR-US: SAP CVE-2020-6251 (Under certain conditions or error scenarios SAP Business Objects Busin ...) NOT-FOR-US: SAP CVE-2020-6250 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated ...) NOT-FOR-US: SAP CVE-2020-6249 (The use of an admin backend report within SAP Master Data Governance, ...) NOT-FOR-US: SAP CVE-2020-6248 (SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not ...) NOT-FOR-US: SAP CVE-2020-6247 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...) NOT-FOR-US: SAP CVE-2020-6246 (SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_T ...) NOT-FOR-US: SAP CVE-2020-6245 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...) NOT-FOR-US: SAP CVE-2020-6244 (SAP Business Client, version 7.0, allows an attacker after a successfu ...) NOT-FOR-US: SAP CVE-2020-6243 (Under certain conditions, SAP Adaptive Server Enterprise (XP Server on ...) NOT-FOR-US: SAP CVE-2020-6242 (SAP Business Objects Business Intelligence Platform (Live Data Connect ...) NOT-FOR-US: SAP CVE-2020-6241 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated ...) NOT-FOR-US: SAP CVE-2020-6240 (SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 75 ...) NOT-FOR-US: SAP CVE-2020-6239 (Under certain conditions SAP Business One (Backup service), versions 9 ...) NOT-FOR-US: SAP CVE-2020-6238 (SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process ...) NOT-FOR-US: SAP CVE-2020-6237 (Under certain conditions, SAP Business Objects Business Intelligence P ...) NOT-FOR-US: SAP CVE-2020-6236 (SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, ve ...) NOT-FOR-US: SAP CVE-2020-6235 (SAP Solution Manager (Diagnostics Agent), version 7.2, does not perfor ...) NOT-FOR-US: SAP CVE-2020-6234 (SAP Host Agent, version 7.21, allows an attacker with admin privileges ...) NOT-FOR-US: SAP CVE-2020-6233 (SAP S/4 HANA (Financial Products Subledger and Banking Services), vers ...) NOT-FOR-US: SAP CVE-2020-6232 (SAP Commerce, versions 1811, 1905, does not perform necessary authoriz ...) NOT-FOR-US: SAP CVE-2020-6231 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6230 (SAP OrientDB, version 3.0, allows an authenticated attacker with scrip ...) NOT-FOR-US: SAP CVE-2020-6229 (SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME ...) NOT-FOR-US: SAP CVE-2020-6228 (SAP Business Client, versions 6.5, 7.0, does not perform necessary int ...) NOT-FOR-US: SAP CVE-2020-6227 (SAP Business Objects Business Intelligence Platform (CMS / Auditing is ...) NOT-FOR-US: SAP CVE-2020-6226 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6225 (SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7 ...) NOT-FOR-US: SAP CVE-2020-6224 (SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, ...) NOT-FOR-US: SAP CVE-2020-6223 (The open document of SAP Business Objects Business Intelligence Platfo ...) NOT-FOR-US: SAP CVE-2020-6222 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6221 (Web Intelligence HTML interface in SAP Business Objects Business Intel ...) NOT-FOR-US: SAP CVE-2020-6220 RESERVED CVE-2020-6219 (SAP Business Objects Business Intelligence Platform (CrystalReports We ...) NOT-FOR-US: SAP CVE-2020-6218 (Admin tools and Query Builder in SAP Business Objects Business Intelli ...) NOT-FOR-US: SAP CVE-2020-6217 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...) NOT-FOR-US: SAP CVE-2020-6216 (SAP Business Objects Business Intelligence Platform (BI Launchpad), ve ...) NOT-FOR-US: SAP CVE-2020-6215 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...) NOT-FOR-US: SAP CVE-2020-6214 (SAP S/4HANA (Financial Products Subledger), version 100, uses an incor ...) NOT-FOR-US: SAP CVE-2020-6213 (SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_P ...) NOT-FOR-US: SAP CVE-2020-6212 (Egypt localized withholding tax reports Clearing of Liabilities and Re ...) NOT-FOR-US: SAP CVE-2020-6211 (SAP Business Objects Business Intelligence Platform (AdminTools), vers ...) NOT-FOR-US: SAP CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode ...) NOT-FOR-US: SAP CVE-2020-6209 (SAP Disclosure Management, version 10.1, does not perform necessary au ...) NOT-FOR-US: SAP CVE-2020-6208 (SAP Business Objects Business Intelligence Platform (Crystal Reports), ...) NOT-FOR-US: SAP CVE-2020-6207 (SAP Solution Manager (User Experience Monitoring), version- 7.2, due t ...) NOT-FOR-US: SAP CVE-2020-6206 (SAP Cloud Platform Integration for Data Services, version 1.0, allows ...) NOT-FOR-US: SAP CVE-2020-6205 (SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS v ...) NOT-FOR-US: SAP CVE-2020-6204 (The selection query in SAP Treasury and Risk Management (Transaction M ...) NOT-FOR-US: SAP CVE-2020-6203 (SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7 ...) NOT-FOR-US: SAP CVE-2020-6202 (SAP NetWeaver Application Server Java (User Management Engine), versio ...) NOT-FOR-US: SAP CVE-2020-6201 (The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, ...) NOT-FOR-US: SAP CVE-2020-6200 (The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811 ...) NOT-FOR-US: SAP CVE-2020-6199 (The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EA ...) NOT-FOR-US: SAP CVE-2020-6198 (SAP Solution Manager (Diagnostics Agent), version 720, allows unencryp ...) NOT-FOR-US: SAP CVE-2020-6197 (SAP Enable Now, before version 1908, does not invalidate session token ...) NOT-FOR-US: SAP CVE-2020-6196 (SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an a ...) NOT-FOR-US: SAP CVE-2020-6195 (SAP Business Objects Business Intelligence Platform (CMC), version 4.1 ...) NOT-FOR-US: SAP CVE-2020-6194 RESERVED CVE-2020-6193 (SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, ...) NOT-FOR-US: SAP CVE-2020-6192 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...) NOT-FOR-US: SAP CVE-2020-6191 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...) NOT-FOR-US: SAP CVE-2020-6190 (Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Appli ...) NOT-FOR-US: SAP CVE-2020-6189 (Certain settings page(s) in SAP Business Objects Business Intelligence ...) NOT-FOR-US: SAP CVE-2020-6188 (VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, ...) NOT-FOR-US: SAP CVE-2020-6187 (SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7. ...) NOT-FOR-US: SAP CVE-2020-6186 (SAP Host Agent, version 7.21, allows an attacker to cause a slowdown i ...) NOT-FOR-US: SAP CVE-2020-6185 (Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_B ...) NOT-FOR-US: SAP CVE-2020-6184 (Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_ ...) NOT-FOR-US: SAP CVE-2020-6183 (SAP Host Agent, version 7.21, allows an unprivileged user to read the ...) NOT-FOR-US: SAP CVE-2020-6182 RESERVED CVE-2020-6181 (Under some circumstances the SAML SSO implementation in the SAP NetWea ...) NOT-FOR-US: SAP CVE-2020-6180 RESERVED CVE-2020-6179 RESERVED CVE-2020-6178 (SAP Enable Now, before version 1911, sends the Session ID cookie value ...) NOT-FOR-US: SAP CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate an XM ...) NOT-FOR-US: SAP CVE-2020-6176 RESERVED CVE-2020-6175 (Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missin ...) NOT-FOR-US: Citrix CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper Verificatio ...) - python-tuf (bug #934151) CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolle ...) - python-tuf (bug #934151) CVE-2020-6172 RESERVED CVE-2020-6171 (A cross-site scripting (XSS) vulnerability in the index page of the CL ...) NOT-FOR-US: Clink Office CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P ...) NOT-FOR-US: Genexis CVE-2020-6169 RESERVED CVE-2020-6168 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6165 (SilverStripe 4.5.0 allows attackers to read certain records that shoul ...) NOT-FOR-US: SilverStripe CVE-2020-6164 (In SilverStripe through 4.5.0, a specific URL path configured by defau ...) NOT-FOR-US: SilverStripe CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because ...) NOT-FOR-US: WikibaseMediaInfo MediaWiki extension CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain circumstances, an ...) - bftpd (bug #640469) CVE-2020-6161 RESERVED CVE-2020-6160 RESERVED CVE-2020-6159 RESERVED CVE-2020-6158 RESERVED CVE-2020-6157 RESERVED CVE-2020-6156 RESERVED CVE-2020-6155 RESERVED CVE-2020-6154 RESERVED CVE-2020-6153 RESERVED CVE-2020-6152 (A code execution vulnerability exists in the DICOM parse_dicom_meta_in ...) NOT-FOR-US: Accusoft CVE-2020-6151 (A memory corruption vulnerability exists in the TIFF handle_COMPRESSIO ...) NOT-FOR-US: Accusoft CVE-2020-6150 RESERVED CVE-2020-6149 RESERVED CVE-2020-6148 RESERVED CVE-2020-6147 RESERVED CVE-2020-6146 (An exploitable code execution vulnerability exists in the rendering fu ...) NOT-FOR-US: Nitro Pro CVE-2020-6145 (An SQL injection vulnerability exists in the frappe.desk.reportview.ge ...) NOT-FOR-US: ERPNext CVE-2020-6144 (A remote code execution vulnerability exists in the install functional ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6143 (A remote code execution vulnerability exists in the install functional ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6142 (A remote code execution vulnerability exists in the Modules.php functi ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6141 (An exploitable SQL injection vulnerability exists in the login functio ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6140 (SQL injection vulnerability exists in the password reset functionality ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6139 (SQL injection vulnerability exists in the password reset functionality ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6138 (SQL injection vulnerability exists in the password reset functionality ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6137 (SQL injection vulnerability exists in the password reset functionality ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6136 (An exploitable SQL injection vulnerability exists in the DownloadWindo ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6135 (An exploitable SQL injection vulnerability exists in the Validator.php ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6134 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6133 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6132 (SQL injection vulnerability exists in the ID parameters of OS4Ed openS ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6131 (SQL injection vulnerabilities exist in the course_period_id parameters ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6130 (SQL injection vulnerabilities exist in the course_period_id parameters ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6129 (SQL injection vulnerabilities exist in the course_period_id parameters ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6128 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6127 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6126 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6125 (An exploitable SQL injection vulnerability exists in the GetSchool.php ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6124 (An exploitable sql injection vulnerability exists in the email paramet ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6123 (An exploitable sql injection vulnerability exists in the email paramet ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6122 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6121 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6120 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6119 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6118 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6117 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6116 (An arbitrary code execution vulnerability exists in the rendering func ...) NOT-FOR-US: Nitro Pro CVE-2020-6115 (An exploitable vulnerability exists in the cross-reference table repai ...) NOT-FOR-US: Nitro Pro CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin Reports ...) NOT-FOR-US: Glacies IceHRM CVE-2020-6113 (An exploitable vulnerability exists in the object stream parsing funct ...) NOT-FOR-US: Nitro Pro CVE-2020-6112 (An exploitable code execution vulnerability exists in the JPEG2000 Str ...) NOT-FOR-US: Nitro Pro CVE-2020-6111 RESERVED CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way ...) NOT-FOR-US: Zoom CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...) NOT-FOR-US: Zoom CVE-2020-6108 RESERVED CVE-2020-6107 RESERVED CVE-2020-6106 RESERVED CVE-2020-6105 RESERVED CVE-2020-6104 RESERVED CVE-2020-6103 (An exploitable code execution vulnerability exists in the Shader funct ...) NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll CVE-2020-6102 (An exploitable code execution vulnerability exists in the Shader funct ...) NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll CVE-2020-6101 (An exploitable code execution vulnerability exists in the Shader funct ...) NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll CVE-2020-6100 (An exploitable memory corruption vulnerability exists in AMD atidxx64. ...) NOT-FOR-US: AMD CVE-2020-6099 RESERVED CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...) - freediameter NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030 CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...) - atftp (bug #970066) [buster] - atftp (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...) - glibc 2.31-2 (low; bug #961452) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25620 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019 CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstRTSPAu ...) - gst-rtsp-server1.0 1.16.2-3 (low) [buster] - gst-rtsp-server1.0 (Minor issue) [stretch] - gst-rtsp-server1.0 (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a CVE-2020-6094 (An exploitable code execution vulnerability exists in the TIFF fillinr ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6093 (An exploitable information disclosure vulnerability exists in the way ...) NOT-FOR-US: Nitro Pro CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nitro Pr ...) NOT-FOR-US: Nitro Pro CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the ESPON ...) NOT-FOR-US: EPSON CVE-2020-6090 (An exploitable code execution vulnerability exists in the Web-Based Ma ...) NOT-FOR-US: WAGO CVE-2020-6089 (An exploitable code execution vulnerability exists in the ANI file for ...) NOT-FOR-US: Leadtools CVE-2020-6088 RESERVED CVE-2020-6087 RESERVED CVE-2020-6086 RESERVED CVE-2020-6085 RESERVED CVE-2020-6084 RESERVED CVE-2020-6083 RESERVED CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...) NOT-FOR-US: Accusoft CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...) NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Runtime CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the resource ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the message-p ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the message-p ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft CVE-2020-6075 (An exploitable out-of-bounds write vulnerability exists in the store_d ...) NOT-FOR-US: Accusoft CVE-2020-6074 (An exploitable code execution vulnerability exists in the PDF parser o ...) NOT-FOR-US: Nitro Pro CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-parsin ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the resource ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6070 (An exploitable code execution vulnerability exists in the file system ...) - f2fs-tools [buster] - f2fs-tools (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0988 CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6068 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6067 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6066 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6065 (An exploitable out-of-bounds write vulnerability exists in the bmp_par ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6064 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way CoTUR ...) {DSA-4711-1} - coturn 4.5.1.1-1.2 (bug #951876) [jessie] - coturn (Vulnerable code introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985 NOTE: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8 CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...) {DSA-4711-1} - coturn 4.5.1.1-1.2 (bug #951876) [jessie] - coturn (Vulnerable code introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984 NOTE: https://github.com/coturn/coturn/commit/51a7c2b9bf924890c7a3ff4db9c4976c5a93340a CVE-2020-6060 (A stack buffer overflow vulnerability exists in the way MiniSNMPD vers ...) NOT-FOR-US: MiniSNMPD CVE-2020-6059 (An exploitable out of bounds read vulnerability exists in the way Mini ...) NOT-FOR-US: MiniSNMPD CVE-2020-6058 (An exploitable out-of-bounds read vulnerability exists in the way Mini ...) NOT-FOR-US: MiniSNMPD CVE-2020-6057 RESERVED CVE-2020-6056 RESERVED CVE-2020-6055 RESERVED CVE-2020-6054 RESERVED CVE-2020-6053 RESERVED CVE-2020-6052 RESERVED CVE-2020-6051 RESERVED CVE-2020-6050 RESERVED CVE-2020-6049 RESERVED CVE-2020-6048 RESERVED CVE-2020-6047 RESERVED CVE-2020-6046 RESERVED CVE-2020-6045 RESERVED CVE-2020-6044 RESERVED CVE-2020-6043 RESERVED CVE-2020-6042 RESERVED CVE-2020-6041 RESERVED CVE-2020-6040 RESERVED CVE-2020-6039 RESERVED CVE-2020-6038 RESERVED CVE-2020-6037 RESERVED CVE-2020-6036 RESERVED CVE-2020-6035 RESERVED CVE-2020-6034 RESERVED CVE-2020-6033 RESERVED CVE-2020-6032 RESERVED CVE-2020-6031 RESERVED CVE-2020-6030 RESERVED CVE-2020-6029 RESERVED CVE-2020-6028 RESERVED CVE-2020-6027 RESERVED CVE-2020-6026 RESERVED CVE-2020-6025 RESERVED CVE-2020-6024 RESERVED CVE-2020-6023 RESERVED CVE-2020-6022 RESERVED CVE-2020-6021 RESERVED CVE-2020-6020 RESERVED CVE-2020-6019 RESERVED CVE-2020-6018 RESERVED CVE-2020-6017 RESERVED CVE-2020-6016 RESERVED CVE-2020-6015 RESERVED CVE-2020-6014 RESERVED CVE-2020-6013 (ZoneAlarm Firewall and Antivirus products before version 15.8.109.1843 ...) NOT-FOR-US: ZoneAlarm CVE-2020-6012 (ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the ...) NOT-FOR-US: ZoneAlarm CVE-2020-6011 RESERVED CVE-2020-6010 (LearnPress Wordpress plugin version prior and including 3.2.6.7 is vul ...) NOT-FOR-US: LearnPress Wordpress plugin CVE-2020-6009 (LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauth ...) NOT-FOR-US: LearnDash Wordpress plugin CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbi ...) NOT-FOR-US: LifterLMS Wordpress plugin CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...) NOT-FOR-US: Philips Hue Bridge model CVE-2020-6006 RESERVED CVE-2020-6005 RESERVED CVE-2020-6004 RESERVED CVE-2020-6003 RESERVED CVE-2020-6002 RESERVED CVE-2020-6001 RESERVED CVE-2020-6000 RESERVED CVE-2020-5999 RESERVED CVE-2020-5998 RESERVED CVE-2020-5997 RESERVED CVE-2020-5996 RESERVED CVE-2020-5995 RESERVED CVE-2020-5994 RESERVED CVE-2020-5993 RESERVED CVE-2020-5992 RESERVED CVE-2020-5991 RESERVED CVE-2020-5990 RESERVED CVE-2020-5989 RESERVED CVE-2020-5988 RESERVED CVE-2020-5987 RESERVED CVE-2020-5986 RESERVED CVE-2020-5985 RESERVED CVE-2020-5984 RESERVED CVE-2020-5983 RESERVED CVE-2020-5982 RESERVED CVE-2020-5981 RESERVED CVE-2020-5980 RESERVED CVE-2020-5979 RESERVED CVE-2020-5978 RESERVED CVE-2020-5977 RESERVED CVE-2020-5976 (NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and vers ...) NOT-FOR-US: NVIDIA GeForce NOW CVE-2020-5975 (NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, con ...) NOT-FOR-US: NVIDIA GeForce NOW CVE-2020-5974 (NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in i ...) NOT-FOR-US: NVIDIA CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5972 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5971 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5970 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5969 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5968 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnerabilit ...) - nvidia-graphics-drivers 440.100-1 (bug #963766) [buster] - nvidia-graphics-drivers 418.152.00-1 [stretch] - nvidia-graphics-drivers 390.138-1 [jessie] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908) [buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1 - nvidia-graphics-drivers-legacy-340xx [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) - nvidia-graphics-drivers-legacy-304xx [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) - nvidia-graphics-drivers-tesla-440 440.95.01-1 - nvidia-graphics-drivers-tesla-418 418.152.00-1 NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin CVE-2020-5966 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5965 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5964 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5963 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) - nvidia-graphics-drivers 440.100-1 (bug #963766) [buster] - nvidia-graphics-drivers 418.152.00-1 [stretch] - nvidia-graphics-drivers 390.138-1 [jessie] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908) [buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1 - nvidia-graphics-drivers-legacy-340xx [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported) - nvidia-graphics-drivers-legacy-304xx [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) - nvidia-graphics-drivers-tesla-440 440.95.01-1 - nvidia-graphics-drivers-tesla-418 418.152.00-1 NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin CVE-2020-5962 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5961 (NVIDIA vGPU graphics driver for guest OS contains a vulnerability in w ...) NOT-FOR-US: NVIDIA vGPU graphics driver for guest OS CVE-2020-5960 (NVIDIA Virtual GPU Manager contains a vulnerability in the kernel modu ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5959 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5958 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5957 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: Nvidia driver for Windows CVE-2020-5956 RESERVED CVE-2020-5955 RESERVED CVE-2020-5954 RESERVED CVE-2020-5953 RESERVED CVE-2020-5952 RESERVED CVE-2020-5951 RESERVED CVE-2020-5950 RESERVED CVE-2020-5949 RESERVED CVE-2020-5948 RESERVED CVE-2020-5947 RESERVED CVE-2020-5946 RESERVED CVE-2020-5945 RESERVED CVE-2020-5944 RESERVED CVE-2020-5943 RESERVED CVE-2020-5942 RESERVED CVE-2020-5941 RESERVED CVE-2020-5940 RESERVED CVE-2020-5939 RESERVED CVE-2020-5938 RESERVED CVE-2020-5937 RESERVED CVE-2020-5936 RESERVED CVE-2020-5935 RESERVED CVE-2020-5934 RESERVED CVE-2020-5933 RESERVED CVE-2020-5932 RESERVED CVE-2020-5931 RESERVED CVE-2020-5930 RESERVED CVE-2020-5929 RESERVED NOT-FOR-US: F5 CVE-2020-5928 (In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5927 (In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5926 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5925 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5924 (In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS aut ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5923 (In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5922 (In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5921 (in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5920 (In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5919 (In versions 15.1.0-15.1.0.4, rendering of certain session variables by ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5918 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5917 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5916 (In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5915 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5914 (In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5913 (In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5912 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5911 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller ...) NOT-FOR-US: NGINX Controller CVE-2020-5910 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic ...) NOT-FOR-US: NGINX Controller CVE-2020-5909 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the co ...) NOT-FOR-US: NGINX Controller CVE-2020-5908 (In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5907 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5906 (In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5905 (In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5904 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5903 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5902 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5901 (In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow f ...) NOT-FOR-US: NGINX Controller CVE-2020-5900 (In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient ...) NOT-FOR-US: NGINX Controller CVE-2020-5899 (In NGINX Controller 3.0.0-3.4.0, recovery code required to change a us ...) NOT-FOR-US: NGINX Controller CVE-2020-5898 (In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver d ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5897 (In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5896 (On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Se ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and ...) NOT-FOR-US: NGINX Controller CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does not inval ...) NOT-FOR-US: NGINX Controller CVE-2020-5893 (In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Ed ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5892 (In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP A ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5891 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undis ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5890 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5889 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5888 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5887 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5886 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5885 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5884 (On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5883 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5882 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5881 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, whe ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5880 (Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process m ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5879 (On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-I ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5878 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Tra ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5877 (On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5876 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5875 (On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5874 (On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5873 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5872 (On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5871 (On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial o ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5870 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanis ...) NOT-FOR-US: F5 CVE-2020-5869 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not s ...) NOT-FOR-US: F5 CVE-2020-5868 (In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discover ...) NOT-FOR-US: F5 CVE-2020-5867 (In versions prior to 3.3.0, the NGINX Controller Agent installer scrip ...) NOT-FOR-US: NGINX Controller CVE-2020-5866 (In versions of NGINX Controller prior to 3.3.0, the helper.sh script, ...) NOT-FOR-US: NGINX Controller CVE-2020-5865 (In versions prior to 3.3.0, the NGINX Controller is configured to comm ...) NOT-FOR-US: NGINX Controller CVE-2020-5864 (In versions of NGINX Controller prior to 3.2.0, communication between ...) NOT-FOR-US: NGINX Controller CVE-2020-5863 (In NGINX Controller versions prior to 3.2.0, an unauthenticated attack ...) NOT-FOR-US: NGINX Controller CVE-2020-5862 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5861 (On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in so ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5860 (On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5859 (On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5858 (On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5857 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5856 (On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specif ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5855 (When the Windows Logon Integration feature is configured for all versi ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5854 (On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5853 (In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5852 (Undisclosed traffic patterns received may cause a disruption of servic ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5851 (On impacted versions and platforms the Trusted Platform Module (TPM) s ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5850 RESERVED CVE-2020-5849 (Unraid 6.8.0 allows authentication bypass. ...) NOT-FOR-US: Unraid CVE-2020-5848 RESERVED CVE-2020-5847 (Unraid through 6.8.0 allows Remote Code Execution. ...) NOT-FOR-US: Unraid CVE-2020-5846 (An insecure file upload and code execution issue was discovered in Ahs ...) NOT-FOR-US: Ahsay Cloud Backup Suite CVE-2020-5845 RESERVED CVE-2020-5844 (index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pan ...) NOT-FOR-US: Pandora FMS CVE-2020-5843 (Codoforum 4.8.3 allows XSS in the admin dashboard via a category to th ...) NOT-FOR-US: Codoforum CVE-2020-5842 (Codoforum 4.8.3 allows XSS in the user registration page: via the user ...) NOT-FOR-US: Codoforum CVE-2020-5841 (An issue was discovered in OpServices OpMon 9.3.1-1. Using password ch ...) NOT-FOR-US: OpServices OpMon CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/R ...) NOT-FOR-US: HashBrown CMS CVE-2020-5839 (Symantec Endpoint Detection And Response, prior to 4.4, may be suscept ...) NOT-FOR-US: Symantec CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-s ...) NOT-FOR-US: Symantec CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...) NOT-FOR-US: Symantec CVE-2020-5836 (Symantec Endpoint Protection, prior to 14.3, can potentially reset the ...) NOT-FOR-US: Symantec CVE-2020-5835 (Symantec Endpoint Protection Manager, prior to 14.3, has a race condit ...) NOT-FOR-US: Symantec CVE-2020-5834 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...) NOT-FOR-US: Symantec CVE-2020-5833 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...) NOT-FOR-US: Symantec CVE-2020-5832 (Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6 ...) NOT-FOR-US: Symantec CVE-2020-5831 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5830 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5829 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5828 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5827 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5826 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5825 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5824 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5823 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5822 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5821 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5820 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5819 RESERVED CVE-2020-5818 RESERVED CVE-2020-5817 RESERVED CVE-2020-5816 RESERVED CVE-2020-5815 RESERVED CVE-2020-5814 RESERVED CVE-2020-5813 RESERVED CVE-2020-5812 RESERVED CVE-2020-5811 RESERVED CVE-2020-5810 RESERVED CVE-2020-5809 RESERVED CVE-2020-5808 RESERVED CVE-2020-5807 RESERVED CVE-2020-5806 RESERVED CVE-2020-5805 RESERVED CVE-2020-5804 RESERVED CVE-2020-5803 RESERVED CVE-2020-5802 RESERVED CVE-2020-5801 RESERVED CVE-2020-5800 RESERVED CVE-2020-5799 RESERVED CVE-2020-5798 RESERVED CVE-2020-5797 RESERVED CVE-2020-5796 RESERVED CVE-2020-5795 RESERVED CVE-2020-5794 RESERVED CVE-2020-5793 RESERVED CVE-2020-5792 RESERVED CVE-2020-5791 RESERVED CVE-2020-5790 RESERVED CVE-2020-5789 RESERVED CVE-2020-5788 RESERVED CVE-2020-5787 RESERVED CVE-2020-5786 RESERVED CVE-2020-5785 RESERVED CVE-2020-5784 RESERVED CVE-2020-5783 RESERVED CVE-2020-5782 RESERVED CVE-2020-5781 RESERVED CVE-2020-5780 (Missing Authentication for Critical Function in Icegram Email Subscrib ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates t ...) NOT-FOR-US: Trading Technologies Messaging CVE-2020-5778 (A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) du ...) NOT-FOR-US: Trading Technologies Messaging CVE-2020-5777 (MAGMI versions prior to 0.7.24 are vulnerable to a remote authenticati ...) NOT-FOR-US: MAGMI CVE-2020-5776 (Currently, all versions of MAGMI are vulnerable to CSRF due to the lac ...) NOT-FOR-US: MAGMI CVE-2020-5775 (Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, ...) NOT-FOR-US: Canvas LMS CVE-2020-5774 (Nessus versions 8.11.0 and earlier were found to maintain sessions lon ...) NOT-FOR-US: Nessus CVE-2020-5773 (Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allow ...) NOT-FOR-US: Teltonika firmware CVE-2020-5772 (Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 all ...) NOT-FOR-US: Teltonika firmware CVE-2020-5771 (Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 all ...) NOT-FOR-US: Teltonika firmware CVE-2020-5770 (Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 al ...) NOT-FOR-US: Teltonika firmware CVE-2020-5769 (Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 ...) NOT-FOR-US: Teltonika CVE-2020-5768 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress CVE-2020-5767 (Cross-site request forgery in Icegram Email Subscribers & Newslett ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Wordpress plugin CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerabi ...) NOT-FOR-US: Nessus CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable to a d ...) NOT-FOR-US: MX Player Android App CVE-2020-5763 (Grandstream HT800 series firmware version 1.0.17.5 and below contain a ...) NOT-FOR-US: Grandstream CVE-2020-5762 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...) NOT-FOR-US: Grandstream CVE-2020-5761 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...) NOT-FOR-US: Grandstream CVE-2020-5760 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...) NOT-FOR-US: Grandstream CVE-2020-5759 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...) NOT-FOR-US: Grandstream CVE-2020-5758 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...) NOT-FOR-US: Grandstream CVE-2020-5757 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...) NOT-FOR-US: Grandstream CVE-2020-5756 (Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenti ...) NOT-FOR-US: Grandstream CVE-2020-5755 (Webroot endpoint agents prior to version v9.0.28.48 did not protect th ...) NOT-FOR-US: Webroot CVE-2020-5754 (Webroot endpoint agents prior to version v9.0.28.48 allows remote atta ...) NOT-FOR-US: Webroot CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...) NOT-FOR-US: Signal Private Messenger (Android and iOS version) CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a ...) NOT-FOR-US: Druva inSync Windows Client CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...) NOT-FOR-US: TCExam CVE-2020-5749 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5748 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...) NOT-FOR-US: TCExam CVE-2020-5747 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5746 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5745 (Cross-site request forgery in TCExam 14.2.2 allows a remote attacker t ...) NOT-FOR-US: TCExam CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticate ...) NOT-FOR-US: TCExam CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2 allows a rem ...) NOT-FOR-US: TCExam CVE-2020-5742 (Improper Access Control in Plex Media Server prior to June 15, 2020 al ...) NOT-FOR-US: Plex Media Server CVE-2020-5741 (Deserialization of Untrusted Data in Plex Media Server on Windows allo ...) NOT-FOR-US: Plex Media Server on Windows CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows allows a loc ...) NOT-FOR-US: Plex Media Server CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...) NOT-FOR-US: Grandstream CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...) NOT-FOR-US: Grandstream CVE-2020-5737 (Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated re ...) NOT-FOR-US: Tenable.Sc CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...) NOT-FOR-US: Amcrest CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer overflo ...) NOT-FOR-US: Amcrest CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, unauth ...) NOT-FOR-US: SolarWinds CVE-2020-5733 (In OpenMRS 2.9 and prior, the export functionality of the Data Exchang ...) NOT-FOR-US: OpenMRS CVE-2020-5732 (In OpenMRS 2.9 and prior, he import functionality of the Data Exchange ...) NOT-FOR-US: OpenMRS CVE-2020-5731 (In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page ...) NOT-FOR-US: OpenMRS CVE-2020-5730 (In OpenMRS 2.9 and prior, the sessionLocation parameter for the login ...) NOT-FOR-US: OpenMRS CVE-2020-5729 (In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitra ...) NOT-FOR-US: OpenMRS CVE-2020-5728 (OpenMRS 2.9 and prior copies "Referrer" header values into an html ele ...) NOT-FOR-US: OpenMRS CVE-2020-5727 (Authentication bypass using an alternate path or channel in SimpliSafe ...) NOT-FOR-US: SimpliSafe CVE-2020-5726 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5725 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5724 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5723 (The UCM6200 series 1.0.20.22 and below stores unencrypted user passwor ...) NOT-FOR-US: UCM6200 CVE-2020-5722 (The HTTP interface of the Grandstream UCM6200 series is vulnerable to ...) NOT-FOR-US: Grandstream CVE-2020-5721 (MikroTik WinBox 3.22 and below stores the user's cleartext password in ...) NOT-FOR-US: MikroTik CVE-2020-5720 (MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerab ...) NOT-FOR-US: MikroTik WinBox CVE-2020-5719 RESERVED CVE-2020-5718 RESERVED CVE-2020-5717 RESERVED CVE-2020-5716 RESERVED CVE-2020-5715 RESERVED CVE-2020-5714 RESERVED CVE-2020-5713 RESERVED CVE-2020-5712 RESERVED CVE-2020-5711 RESERVED CVE-2020-5710 RESERVED CVE-2020-5709 RESERVED CVE-2020-5708 RESERVED CVE-2020-5707 RESERVED CVE-2020-5706 RESERVED CVE-2020-5705 RESERVED CVE-2020-5704 RESERVED CVE-2020-5703 RESERVED CVE-2020-5702 RESERVED CVE-2020-5701 RESERVED CVE-2020-5700 RESERVED CVE-2020-5699 RESERVED CVE-2020-5698 RESERVED CVE-2020-5697 RESERVED CVE-2020-5696 RESERVED CVE-2020-5695 RESERVED CVE-2020-5694 RESERVED CVE-2020-5693 RESERVED CVE-2020-5692 RESERVED CVE-2020-5691 RESERVED CVE-2020-5690 RESERVED CVE-2020-5689 RESERVED CVE-2020-5688 RESERVED CVE-2020-5687 RESERVED CVE-2020-5686 RESERVED CVE-2020-5685 RESERVED CVE-2020-5684 RESERVED CVE-2020-5683 RESERVED CVE-2020-5682 RESERVED CVE-2020-5681 RESERVED CVE-2020-5680 RESERVED CVE-2020-5679 RESERVED CVE-2020-5678 RESERVED CVE-2020-5677 RESERVED CVE-2020-5676 RESERVED CVE-2020-5675 RESERVED CVE-2020-5674 RESERVED CVE-2020-5673 RESERVED CVE-2020-5672 RESERVED CVE-2020-5671 RESERVED CVE-2020-5670 RESERVED CVE-2020-5669 RESERVED CVE-2020-5668 RESERVED CVE-2020-5667 RESERVED CVE-2020-5666 RESERVED CVE-2020-5665 RESERVED CVE-2020-5664 RESERVED CVE-2020-5663 RESERVED CVE-2020-5662 RESERVED CVE-2020-5661 RESERVED CVE-2020-5660 RESERVED CVE-2020-5659 RESERVED CVE-2020-5658 RESERVED CVE-2020-5657 RESERVED CVE-2020-5656 RESERVED CVE-2020-5655 RESERVED CVE-2020-5654 RESERVED CVE-2020-5653 RESERVED CVE-2020-5652 RESERVED CVE-2020-5651 RESERVED CVE-2020-5650 RESERVED CVE-2020-5649 RESERVED CVE-2020-5648 RESERVED CVE-2020-5647 RESERVED CVE-2020-5646 RESERVED CVE-2020-5645 RESERVED CVE-2020-5644 RESERVED CVE-2020-5643 RESERVED CVE-2020-5642 RESERVED CVE-2020-5641 RESERVED CVE-2020-5640 RESERVED CVE-2020-5639 RESERVED CVE-2020-5638 RESERVED CVE-2020-5637 RESERVED CVE-2020-5636 RESERVED CVE-2020-5635 RESERVED CVE-2020-5634 RESERVED CVE-2020-5633 RESERVED CVE-2020-5632 RESERVED CVE-2020-5631 RESERVED CVE-2020-5630 RESERVED CVE-2020-5629 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...) NOT-FOR-US: UNIQLO App for Android CVE-2020-5628 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...) NOT-FOR-US: UNIQLO App for Android CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows remote att ...) NOT-FOR-US: Yodobashi App for Android CVE-2020-5626 RESERVED CVE-2020-5625 (Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows ...) NOT-FOR-US: XooNIps CVE-2020-5624 (SQL injection vulnerability in the XooNIps 3.48 and earlier allows rem ...) NOT-FOR-US: XooNIps CVE-2020-5623 (NITORI App for Android versions 6.0.4 and earlier and NITORI App for i ...) NOT-FOR-US: NITORI App for Android and iOS CVE-2020-5622 (Shadankun Server Security Type (excluding normal blocking method types ...) NOT-FOR-US: Shadankun Server Security Type CVE-2020-5621 (Cross-site request forgery (CSRF) vulnerability in NETGEAR switching h ...) NOT-FOR-US: Netgear CVE-2020-5620 (Cross-site scripting vulnerability in Exment prior to v3.6.0 allows re ...) NOT-FOR-US: Exment CVE-2020-5619 (Cross-site scripting vulnerability in Exment prior to v3.6.0 allows re ...) NOT-FOR-US: Exment CVE-2020-5618 RESERVED CVE-2020-5617 (Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12 ...) NOT-FOR-US: SKYSEA Client View CVE-2020-5616 ([Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], ...) NOT-FOR-US: Calendar01 CVE-2020-5615 (Cross-site request forgery (CSRF) vulnerability in [Calendar01] free e ...) NOT-FOR-US: Calendar01 CVE-2020-5614 (Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows ...) NOT-FOR-US: KonaWiki CVE-2020-5613 (Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allow ...) NOT-FOR-US: KonaWiki CVE-2020-5612 (Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allow ...) NOT-FOR-US: KonaWiki CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social Sharing Plug ...) NOT-FOR-US: Social Sharing Plugin for WordPress CVE-2020-5610 (Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earli ...) NOT-FOR-US: Global TechStream (GTS) for TOYOTA dealers CVE-2020-5609 (Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (incl ...) NOT-FOR-US: Yokogawa CAMS CVE-2020-5608 (CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 t ...) NOT-FOR-US: Yokogawa CAMS CVE-2020-5607 (Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows re ...) NOT-FOR-US: SHIRASAGI CVE-2020-5606 (Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earli ...) NOT-FOR-US: WHR-G54S firmware CVE-2020-5605 (Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlie ...) NOT-FOR-US: WHR-G54S firmware CVE-2020-5604 (Android App 'Mercari' (Japan version) prior to version 3.52.0 allows a ...) NOT-FOR-US: Mercari CVE-2020-5603 (Uncontrolled resource consumption vulnerability in Mitsubishi Electori ...) NOT-FOR-US: Mitsubishi CVE-2020-5602 (Mitsubishi Electoric FA Engineering Software (CPU Module Logging Confi ...) NOT-FOR-US: Mitsubishi CVE-2020-5601 (Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote a ...) NOT-FOR-US: Chrome Extension for e-Tax Reception System CVE-2020-5600 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5599 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5598 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5597 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5596 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5595 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5594 (Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules ...) NOT-FOR-US: Mitsubishi CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP cod ...) NOT-FOR-US: Zenphoto CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 ...) NOT-FOR-US: Zenphoto CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to ...) NOT-FOR-US: XACK DNS CVE-2020-5590 (Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 ...) NOT-FOR-US: EC-CUBE CVE-2020-5589 (SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, ...) NOT-FOR-US: SONY CVE-2020-5588 (Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows at ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5587 (Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to o ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5586 (Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 al ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5585 (Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 all ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5584 (Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintend ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5583 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5582 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5581 (Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows re ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5580 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5579 (SQL injection vulnerability in the Paid Memberships versions prior to ...) NOT-FOR-US: Paid Memberships CVE-2020-5578 RESERVED CVE-2020-5577 (Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movabl ...) - movabletype-opensource CVE-2020-5576 (Cross-site request forgery (CSRF) vulnerability in Movable Type series ...) - movabletype-opensource CVE-2020-5575 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...) - movabletype-opensource CVE-2020-5574 (HTML attribute value injection vulnerability in Movable Type series (M ...) - movabletype-opensource CVE-2020-5573 (Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attack ...) NOT-FOR-US: Android App 'kintone mobile for Android' CVE-2020-5572 (Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker t ...) NOT-FOR-US: Android App 'Mailwise for Android' CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...) NOT-FOR-US: SHARP AQUOS CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant version 11 ...) NOT-FOR-US: Sales Force Assistant CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password tool (for ...) NOT-FOR-US: HDD Password tool (CANVIO) CVE-2020-5568 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 all ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5567 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5566 (Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5565 (Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5564 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 al ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5563 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5562 (Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6. ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...) NOT-FOR-US: Keijiban Tsumiki CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...) NOT-FOR-US: WL-Enq CVE-2020-5559 (Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remo ...) NOT-FOR-US: WL-Enq CVE-2020-5558 (CuteNews 2.0.1 allows remote authenticated attackers to execute arbitr ...) NOT-FOR-US: CuteNews CVE-2020-5557 (Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote att ...) NOT-FOR-US: CuteNews CVE-2020-5556 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5554 (Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 a ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute arbitrary PHP ...) NOT-FOR-US: mailform CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allows rem ...) NOT-FOR-US: mailform CVE-2020-5551 (Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenti ...) NOT-FOR-US: Toyota CVE-2020-5550 (Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earli ...) NOT-FOR-US: EasyBlocks CVE-2020-5549 (Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver ...) NOT-FOR-US: EasyBlocks CVE-2020-5548 (Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yam ...) NOT-FOR-US: Yamaha CVE-2020-5547 (Resource Management Errors vulnerability in TCP function included in t ...) NOT-FOR-US: Mitsubishi CVE-2020-5546 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...) NOT-FOR-US: Mitsubishi CVE-2020-5545 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...) NOT-FOR-US: Mitsubishi CVE-2020-5544 (Null Pointer Dereference vulnerability in TCP function included in the ...) NOT-FOR-US: Mitsubishi CVE-2020-5543 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...) NOT-FOR-US: Mitsubishi CVE-2020-5542 (Buffer error vulnerability in TCP function included in the firmware of ...) NOT-FOR-US: Mitsubishi CVE-2020-5541 (Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows re ...) NOT-FOR-US: CyberMail CVE-2020-5540 (Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x al ...) NOT-FOR-US: CyberMail CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do no ...) NOT-FOR-US: GRANDIT CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows ...) NOT-FOR-US: PALLET CONTROL CVE-2020-5537 (Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code executi ...) NOT-FOR-US: Cybozu CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...) NOT-FOR-US: OpenBlocks IoT VX2 CVE-2020-5535 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...) NOT-FOR-US: OpenBlocks IoT VX2 CVE-2020-5534 (Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated a ...) NOT-FOR-US: Aterm WG2600HS firmware CVE-2020-5533 (Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 ...) NOT-FOR-US: Aterm WG2600HS firmware CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for ...) NOT-FOR-US: ilbo App CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI500 ...) NOT-FOR-US: Mitsubishi CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy Property Listi ...) NOT-FOR-US: Easy Property Listings plugin for WordPress CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...) {DLA-2326-1} - htmlunit NOTE: https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28 CVE-2020-5528 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...) - movabletype-opensource CVE-2020-5527 (When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC ...) NOT-FOR-US: Mitsubishi CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2. ...) NOT-FOR-US: AWMS Mobile App for Android and iOS CVE-2020-5525 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG120 ...) NOT-FOR-US: Aterm series firmware CVE-2020-5524 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG120 ...) NOT-FOR-US: Aterm series firmware CVE-2020-5523 (Android App 'MyPallete' and some of the Android banking applications b ...) NOT-FOR-US: MyPallete CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify ...) NOT-FOR-US: kantan netprint App for Android CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...) NOT-FOR-US: kantan netprint App for iOS CVE-2020-5520 (The netprint App for iOS 3.2.3 and earlier does not verify X.509 certi ...) NOT-FOR-US: netprint App for iOS CVE-2020-5519 (The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly ...) NOT-FOR-US: OpenLiteSpeed CVE-2020-5518 RESERVED CVE-2020-5517 (CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access ...) NOT-FOR-US: BlueOnyx CVE-2020-5516 RESERVED CVE-2020-5515 (Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. ...) NOT-FOR-US: Gila CMS CVE-2020-5514 (Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous ...) NOT-FOR-US: Gila CMS CVE-2020-5513 (Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. ...) NOT-FOR-US: Gila CMS CVE-2020-5512 (Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. ...) NOT-FOR-US: Gila CMS CVE-2020-5511 (PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypas ...) NOT-FOR-US: PHPGurukul Small CRM CVE-2020-5510 (PHPGurukul Hostel Management System v2.0 allows SQL injection via the ...) NOT-FOR-US: PHPGurukul Hostel Management System CVE-2020-5509 (PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an ...) NOT-FOR-US: PHPGurukul Car Rental Project CVE-2020-5508 RESERVED CVE-2020-5507 RESERVED CVE-2020-5506 RESERVED CVE-2020-5505 (Freelancy v1.0.0 allows remote command execution via the "file":"data: ...) NOT-FOR-US: Freelancy CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists ...) {DLA-2060-1} - phpmyadmin 4:4.9.4+dfsg1-1 (bug #948718) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983 NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/ CVE-2020-5503 RESERVED CVE-2020-5502 (phpBB 3.2.8 allows a CSRF attack that can approve pending group member ...) NOT-FOR-US: phpBB CVE-2020-5501 (phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. ...) NOT-FOR-US: phpBB CVE-2020-5500 RESERVED CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...) NOT-FOR-US: Baidu Rust SGX SDK CVE-2020-5498 REJECTED CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect throug ...) NOT-FOR-US: MITREid Connect CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...) - fontforge (bug #948231) [buster] - fontforge (Minor issue) [stretch] - fontforge (Minor issue) [jessie] - fontforge (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/4085 CVE-2020-5495 RESERVED CVE-2020-5494 RESERVED CVE-2020-5493 RESERVED CVE-2020-5492 RESERVED CVE-2020-5491 RESERVED CVE-2020-5490 RESERVED CVE-2020-5489 RESERVED CVE-2020-5488 RESERVED CVE-2020-5487 RESERVED CVE-2020-5486 RESERVED CVE-2020-5485 RESERVED CVE-2020-5484 RESERVED CVE-2020-5483 RESERVED CVE-2020-5482 RESERVED CVE-2020-5481 RESERVED CVE-2020-5480 RESERVED CVE-2020-5479 RESERVED CVE-2020-5478 RESERVED CVE-2020-5477 RESERVED CVE-2020-5476 RESERVED CVE-2020-5475 RESERVED CVE-2020-5474 RESERVED CVE-2020-5473 RESERVED CVE-2020-5472 RESERVED CVE-2020-5471 RESERVED CVE-2020-5470 RESERVED CVE-2020-5469 RESERVED CVE-2020-5468 RESERVED CVE-2020-5467 RESERVED CVE-2020-5466 RESERVED CVE-2020-5465 RESERVED CVE-2020-5464 RESERVED CVE-2020-5463 RESERVED CVE-2020-5462 RESERVED CVE-2020-5461 RESERVED CVE-2020-5460 RESERVED CVE-2020-5459 RESERVED CVE-2020-5458 RESERVED CVE-2020-5457 RESERVED CVE-2020-5456 RESERVED CVE-2020-5455 RESERVED CVE-2020-5454 RESERVED CVE-2020-5453 RESERVED CVE-2020-5452 RESERVED CVE-2020-5451 RESERVED CVE-2020-5450 RESERVED CVE-2020-5449 RESERVED CVE-2020-5448 RESERVED CVE-2020-5447 RESERVED CVE-2020-5446 RESERVED CVE-2020-5445 RESERVED CVE-2020-5444 RESERVED CVE-2020-5443 RESERVED CVE-2020-5442 RESERVED CVE-2020-5441 RESERVED CVE-2020-5440 RESERVED CVE-2020-5439 RESERVED CVE-2020-5438 RESERVED CVE-2020-5437 RESERVED CVE-2020-5436 RESERVED CVE-2020-5435 RESERVED CVE-2020-5434 RESERVED CVE-2020-5433 RESERVED CVE-2020-5432 RESERVED CVE-2020-5431 RESERVED CVE-2020-5430 RESERVED CVE-2020-5429 RESERVED CVE-2020-5428 RESERVED CVE-2020-5427 RESERVED CVE-2020-5426 RESERVED CVE-2020-5425 RESERVED CVE-2020-5424 RESERVED CVE-2020-5423 RESERVED CVE-2020-5422 RESERVED CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...) TODO: check CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...) NOT-FOR-US: Cloud Foundry CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...) - rabbitmq-server (Windows-specific vulnerability) CVE-2020-5418 (Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow a ...) NOT-FOR-US: Cloud Foundry CVE-2020-5417 (Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when ...) NOT-FOR-US: Cloud Foundry CVE-2020-5416 (Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used ...) NOT-FOR-US: Cloud Foundry CVE-2020-5415 (Concourse, versions prior to 6.3.1 and 6.4.1, in installations which u ...) NOT-FOR-US: Councourse CVE-2020-5414 (VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7. ...) NOT-FOR-US: VMware CVE-2020-5413 (Spring Integration framework provides Kryo Codec implementations as an ...) NOT-FOR-US: VMware CVE-2020-5412 (Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x pr ...) NOT-FOR-US: Spring Cloud Netflix CVE-2020-5411 (When configured to enable default typing, Jackson contained a deserial ...) NOT-FOR-US: spring-batch CVE-2020-5410 (Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x pri ...) NOT-FOR-US: Spring Cloud Config CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...) NOT-FOR-US: Pivotal CVE-2020-5408 (Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5 ...) - libspring-security-2.0-java [jessie] - libspring-security-2.0-java (Vulnerable code introduced later) CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 ...) - libspring-security-2.0-java [jessie] - libspring-security-2.0-java (Vulnerable code introduced later) CVE-2020-5406 (VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6. ...) NOT-FOR-US: VMware CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...) NOT-FOR-US: Spring Cloud Config CVE-2020-5404 (The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and ...) NOT-FOR-US: Reactor Netty, different from src:netty CVE-2020-5403 (Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a UR ...) NOT-FOR-US: Reactor Netty, different from src:netty CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability ...) NOT-FOR-US: Cloud Foundry CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoR ...) NOT-FOR-US: Cloud Foundry CVE-2020-5400 (Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs ...) NOT-FOR-US: Cloud Foundry CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...) NOT-FOR-US: Cloud Foundry CredHub CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...) - libspring-java (Vulnerable code not present) NOTE: https://pivotal.io/security/cve-2020-5398 NOTE: https://github.com/spring-projects/spring-framework/issues/24220 NOTE: https://github.com/spring-projects/spring-framework/commit/41f40c6c229d3b4f768718f1ec229d8f0ad76d76 NOTE: https://github.com/spring-projects/spring-framework/commit/956ffe68587c8d5f21135b5ce4650af0c2dea933 CVE-2020-5397 (Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ...) - libspring-java (Only affects 5.2.x) NOTE: https://pivotal.io/security/cve-2020-5397 NOTE: https://github.com/spring-projects/spring-framework/issues/24327 NOTE: https://github.com/spring-projects/spring-framework/commit/bc7d01048579430b4b2df668178809b63d3f1929 CVE-2020-5396 (VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and ...) NOT-FOR-US: VMware CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...) - fontforge (bug #948231) [buster] - fontforge (Minor issue) [stretch] - fontforge (Minor issue) [jessie] - fontforge (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/4084 CVE-2020-5394 RESERVED CVE-2020-5393 (In Appspace On-Prem through 7.1.3, an adversary can steal a session to ...) NOT-FOR-US: Appspace On-Prem CVE-2020-5392 (A stored cross-site scripting (XSS) vulnerability exists in the Auth0 ...) NOT-FOR-US: Auth0 plugin for WordPress CVE-2020-5391 (Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 p ...) NOT-FOR-US: Auth0 plugin for WordPress CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML docum ...) {DSA-4630-1 DLA-2119-1} - python-pysaml2 4.5.0-7 (bug #949322) NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0) CVE-2020-5389 RESERVED CVE-2020-5388 RESERVED CVE-2020-5387 RESERVED CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource ...) NOT-FOR-US: EMC CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suit ...) NOT-FOR-US: Dell CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Wi ...) NOT-FOR-US: RSA MFA Agent CVE-2020-5383 (Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS vers ...) NOT-FOR-US: EMC CVE-2020-5382 RESERVED CVE-2020-5381 RESERVED CVE-2020-5380 RESERVED CVE-2020-5379 (Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot ...) NOT-FOR-US: Dell CVE-2020-5378 (Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot ...) NOT-FOR-US: Dell CVE-2020-5377 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior ...) NOT-FOR-US: EMC CVE-2020-5376 (Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot ...) NOT-FOR-US: Dell CVE-2020-5375 RESERVED CVE-2020-5374 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...) NOT-FOR-US: EMC CVE-2020-5373 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...) NOT-FOR-US: EMC CVE-2020-5372 (Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerab ...) NOT-FOR-US: EMC CVE-2020-5371 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...) NOT-FOR-US: EMC CVE-2020-5370 RESERVED CVE-2020-5369 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...) NOT-FOR-US: EMC CVE-2020-5368 (Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authe ...) NOT-FOR-US: EMC CVE-2020-5367 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC U ...) NOT-FOR-US: Dell EMC CVE-2020-5366 (Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal ...) NOT-FOR-US: EMC CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vul ...) NOT-FOR-US: EMC CVE-2020-5364 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vul ...) NOT-FOR-US: EMC CVE-2020-5363 (Select Dell Client Consumer and Commercial platforms include an issue ...) NOT-FOR-US: Dell CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an improper auth ...) NOT-FOR-US: Dell CVE-2020-5361 RESERVED CVE-2020-5360 RESERVED CVE-2020-5359 RESERVED CVE-2020-5358 (Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suit ...) NOT-FOR-US: Dell Encryption CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer and Comme ...) NOT-FOR-US: Dell CVE-2020-5356 (Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell ...) NOT-FOR-US: Dell CVE-2020-5355 RESERVED CVE-2020-5354 RESERVED CVE-2020-5353 RESERVED CVE-2020-5352 (Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS comma ...) NOT-FOR-US: EMC CVE-2020-5351 RESERVED CVE-2020-5350 (Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, ...) NOT-FOR-US: EMC CVE-2020-5349 RESERVED CVE-2020-5348 (Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a ...) NOT-FOR-US: Dell CVE-2020-5347 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of s ...) NOT-FOR-US: Dell EMC Isilon OneFS CVE-2020-5346 (RSA Authentication Manager versions prior to 8.4 P11 contain a stored ...) NOT-FOR-US: RSA Authentication Manager CVE-2020-5345 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC U ...) NOT-FOR-US: Dell EMC CVE-2020-5344 (Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70. ...) NOT-FOR-US: EMC CVE-2020-5343 (Dell Client platforms restored using a Dell OS recovery image download ...) NOT-FOR-US: Dell CVE-2020-5342 (Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect ...) NOT-FOR-US: Dell CVE-2020-5341 RESERVED CVE-2020-5340 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...) NOT-FOR-US: RSA Authentication Manager CVE-2020-5339 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...) NOT-FOR-US: RSA Authentication Manager CVE-2020-5338 RESERVED CVE-2020-5337 (RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirect ...) NOT-FOR-US: RSA CVE-2020-5336 (RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injectio ...) NOT-FOR-US: RSA CVE-2020-5335 (RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site r ...) NOT-FOR-US: RSA CVE-2020-5334 (RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Ob ...) NOT-FOR-US: RSA CVE-2020-5333 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorizati ...) NOT-FOR-US: RSA CVE-2020-5332 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command inje ...) NOT-FOR-US: RSA CVE-2020-5331 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information ...) NOT-FOR-US: RSA CVE-2020-5330 (Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell ...) NOT-FOR-US: EMC CVE-2020-5329 RESERVED CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized ...) NOT-FOR-US: EMC CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...) NOT-FOR-US: Dell CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup configuration auth ...) NOT-FOR-US: Dell CVE-2020-5325 RESERVED CVE-2020-5324 (Dell Client Consumer and Commercial Platforms contain an Arbitrary Fil ...) NOT-FOR-US: Dell CVE-2020-5323 RESERVED CVE-2020-5322 RESERVED CVE-2020-5321 RESERVED CVE-2020-5320 RESERVED CVE-2020-5319 (Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prio ...) NOT-FOR-US: EMC CVE-2020-5318 (Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 co ...) NOT-FOR-US: EMC CVE-2020-5317 (Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A ...) NOT-FOR-US: EMC CVE-2020-5316 RESERVED CVE-2020-5315 RESERVED CVE-2020-5314 RESERVED CVE-2020-5313 (libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...) {DSA-4631-1 DLA-2057-1} - pillow 7.0.0-1 (bug #948224) NOTE: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b (6.2.2) CVE-2020-5312 (libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer ...) {DSA-4631-1 DLA-2057-1} - pillow 7.0.0-1 (bug #948224) NOTE: https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd (6.2.2) CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ...) - pillow 7.0.0-1 (bug #948224) [buster] - pillow 5.4.1-2+deb10u1 [stretch] - pillow (Vulnerable code not present) [jessie] - pillow (The vulnerable code was introduced later) NOTE: https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3 (6.2.2) CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...) - pillow 7.0.0-1 (bug #948224) [buster] - pillow (Vulnerability introduced later) [stretch] - pillow (Vulnerable code not present) [jessie] - pillow (The vulnerable code was introduced later) NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/f0436a4ddc954541fa10a531e2d9ea0c5ae2065d (5.3.0) NOTE: and https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0) NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 (6.2.2) CVE-2020-5309 RESERVED CVE-2020-5308 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, ...) NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System CVE-2020-5307 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL ...) NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display name, t ...) NOT-FOR-US: Codoforum CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of ...) NOT-FOR-US: Codoforum CVE-2020-5304 (The dashboard in WhiteSource Application Vulnerability Management (AVM ...) NOT-FOR-US: WhiteSource Application Vulnerability Management (AVM) CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-o ...) NOT-FOR-US: Tendermint CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...) NOT-FOR-US: MH-WikiBot CVE-2020-5301 (SimpleSAMLphp versions before 1.18.6 contain an information disclosure ...) - simplesamlphp (Windows-only issue) CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect ...) NOT-FOR-US: ORY Hydra CVE-2020-5299 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...) NOT-FOR-US: OctoberCMS CVE-2020-5298 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...) NOT-FOR-US: OctoberCMS CVE-2020-5297 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...) NOT-FOR-US: OctoberCMS CVE-2020-5296 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...) NOT-FOR-US: OctoberCMS CVE-2020-5295 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...) NOT-FOR-US: OctoberCMS CVE-2020-5294 (PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5293 (In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper ...) NOT-FOR-US: PrestaShop CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vuln ...) NOT-FOR-US: Leantime CVE-2020-5290 (In RedpwnCTF before version 2.3, there is a session fixation vulnerabi ...) NOT-FOR-US: RedpwnCTF CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and ...) NOT-FOR-US: Elide CVE-2020-5288 ("In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper ...) NOT-FOR-US: PrestaShop CVE-2020-5287 (In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper ...) NOT-FOR-US: PrestaShop CVE-2020-5286 (In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5285 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal vulnerability ...) NOT-FOR-US: next.js CVE-2020-5283 (ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS ...) - viewvc [buster] - viewvc (Minor issue) [stretch] - viewvc (Minor issue) [jessie] - viewvc (Minor issue) NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-xpxf-fvqv-7mfg NOTE: https://github.com/viewvc/viewvc/commit/ad0f966e9a997b17d853a6972ea283d4dcd70fa8 NOTE: https://github.com/viewvc/viewvc/issues/211 CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...) NOT-FOR-US: Nick Chan Bot CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify configur ...) NOT-FOR-US: Perun CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file i ...) NOT-FOR-US: http4s CVE-2020-5279 (In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper ...) NOT-FOR-US: PrestaShop CVE-2020-5278 (In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5276 (In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5275 (In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Fire ...) - symfony 4.4.8-1 (bug #961415) [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy NOTE: https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf CVE-2020-5274 (In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exc ...) - symfony 4.4.8-1 (bug #961415) [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler NOTE: https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad NOTE: https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db CVE-2020-5273 (In PrestaShop module ps_linklist versions before 3.1.0, there is a sto ...) NOT-FOR-US: PrestaShop CVE-2020-5272 (In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5271 (In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5270 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open r ...) NOT-FOR-US: PrestaShop CVE-2020-5269 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5268 (In Saml2 Authentication Services for ASP.NET versions before 1.0.2, an ...) NOT-FOR-US: Saml2 Authentication Services for ASP.NET CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...) {DLA-2149-1} - rails 2:5.2.4.1+dfsg-2 (bug #954304) [buster] - rails 2:5.2.2.1+dfsg-1+deb10u1 [stretch] - rails 2:4.2.7.1-1+deb9u2 NOTE: https://www.openwall.com/lists/oss-security/2020/03/19/1 NOTE: https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a (master) CVE-2020-5266 (In the ps_link module for PrestaShop before version 3.1.0, there is a ...) NOT-FOR-US: PrestaShop CVE-2020-5265 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5264 (In PrestaShop before version 1.7.6.5, there is a reflected XSS while r ...) NOT-FOR-US: PrestaShop CVE-2020-5263 (auth0.js (NPM package auth0-js) greater than version 8.0.0 and before ...) NOT-FOR-US: Node auth0-js CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...) NOT-FOR-US: EasyBuild CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...) NOT-FOR-US: ASP.NET CVE-2020-5260 (Affected versions of Git have a vulnerability whereby Git can be trick ...) {DSA-4657-1 DLA-2177-1} - git 1:2.26.1-1 NOTE: https://lore.kernel.org/lkml/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/ NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=17f1c0b8c7e447aa62f85dc355bb48133d2812f2 NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c716fe4bd917e013bf376a678b3a924447777b2d NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=07259e74ec1237c836874342c65650bdee8a3993 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 NOTE: https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...) {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953587) [buster] - dojo (Minor issue) NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...) {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953585) [buster] - dojo (Minor issue) NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2 NOTE: https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by attri ...) NOT-FOR-US: Administrate ruby gem CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...) NOT-FOR-US: BookStack CVE-2020-5255 (In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not ...) - symfony 4.4.8-1 (bug #961415) [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header NOTE: https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6 CVE-2020-5254 (In NetHack before 3.6.6, some out-of-bound values for the hilite_statu ...) - nethack 3.6.6-1 (bug #953978) [buster] - nethack (Minor issue) [stretch] - nethack (Vulnerable code introduced in 3.6.1) [jessie] - nethack (Vulnerable code introduced in 3.6.1) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9 NOTE: https://nethack.org/security/CVE-2020-5254.html NOTE: Fixed with: https://github.com/NetHack/NetHack/commit/abdd3254ae06dd1fbcff637c4c631783d5ed9741 (NetHack-3.6.6_Released) NOTE: Introduced with: https://github.com/NetHack/NetHack/commit/f8211f69f2008609b59fe4c9ba341ff1fa520825 (NetHack-3.6.1_RC01) CVE-2020-5253 (NetHack before version 3.6.0 allowed malicious use of escaping of char ...) - nethack 3.6.0-1 [jessie] - nethack (Not supported in jessie LTS) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m NOTE: https://github.com/NetHack/NetHack/commit/612755bfb5c412079795c68ba392df5d93874ed8 CVE-2020-5252 (The command-line "safety" package for Python has a potential security ...) NOT-FOR-US: safety Python module CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...) NOT-FOR-US: parser-server CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their addr ...) NOT-FOR-US: PrestaShop CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...) - puma 3.12.4-1 (bug #953122) [buster] - puma (Minor issue) [stretch] - puma (Minor issue) NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58 NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3 CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-j222-j9mf-h6j9 NOTE: https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...) - puma 3.12.4-1 (bug #952766) [buster] - puma (Minor issue) [stretch] - puma (Minor issue) NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v NOTE: https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3) NOTE: https://github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2) CVE-2020-5246 (Traccar GPS Tracking System before version 4.9 has a LDAP injection vu ...) NOT-FOR-US: Traccar GPS Tracking System CVE-2020-5245 (Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary cod ...) NOT-FOR-US: Dropwizard-Validation CVE-2020-5244 (In BuddyPress before 5.1.2, requests to a certain REST API endpoint ca ...) NOT-FOR-US: BuddyPress CVE-2020-5243 (uap-core before 0.7.3 is vulnerable to a denial of service attack when ...) - uap-core 1:0.8.0-1 (bug #952649) [buster] - uap-core (Minor issue) NOTE: https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p NOTE: https://github.com/ua-parser/uap-core/commit/a679b131697e7371f0441f4799940779efa2f27e NOTE: https://github.com/ua-parser/uap-core/commit/dd279cff09546dbd4174bd05d29c0e90c2cffa7c NOTE: https://github.com/ua-parser/uap-core/commit/7d92a383440c9742ec878273c90a4dcf8446f9af NOTE: https://github.com/ua-parser/uap-core/commit/e9a1c74dae9ecd4aa6385bd34ef6c7243f89b537 CVE-2020-5242 (openHAB before 2.5.2 allow a remote attacker to use REST calls to inst ...) NOT-FOR-US: openHAB CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...) NOT-FOR-US: matestack-ui-core Ruby gem CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user with access to the CMS can view ...) NOT-FOR-US: wagtail-2fa CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...) NOT-FOR-US: Mailu CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0.29.0. ...) - cmark-gfm (bug #965984) [buster] - cmark-gfm (Minor issue) - python-cmarkgfm (bug #965983) [buster] - python-cmarkgfm (Minor issue) - ruby-commonmarker 0.21.0-1 (bug #965981) [buster] - ruby-commonmarker (Minor issue) - haskell-cmark-gfm (bug #965982) [buster] - haskell-cmark-gfm (Minor issue) - r-cran-commonmark (bug #965980) [buster] - r-cran-commonmark (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85 NOTE: https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4 NOTE: haskell-cmark-gfm switched to src:cmark-gfm in 0.2.1+ds1-1 CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the oneup/uploader ...) NOT-FOR-US: oneup/uploader-bundle CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...) - waitress (Vulnerable code introduced later) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc NOTE: Introduced in: https://github.com/Pylons/waitress/commit/0bf98dadd8cae23830cb365cc6cb9cedd7f98db0 (v1.4.2) NOTE: https://github.com/Pylons/waitress/commit/6e46f9e3f014d64dd7d1e258eaf626e39870ee1f (v1.4.3) CVE-2020-5235 (There is a potentially exploitable out of memory condition In Nanopb b ...) - nanopb (Fixed before initial upload to Debian) NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-gcx3-7m76-287p NOTE: https://github.com/nanopb/nanopb/commit/45582f1f97f49e2abfdba1463d1e1027682d9856 NOTE: https://github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3 NOTE: https://github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2 CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vu ...) NOT-FOR-US: MessagePack for C# CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...) NOT-FOR-US: OAuth2 Proxy CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...) NOT-FOR-US: Ethereum CVE-2020-5231 (In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN ...) NOT-FOR-US: Opencast CVE-2020-5230 (Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for me ...) NOT-FOR-US: Opencast CVE-2020-5229 (Opencast before 8.1 stores passwords using the rather outdated and cry ...) NOT-FOR-US: Opencast CVE-2020-5228 (Opencast before 8.1 and 7.6 allows unauthorized public access to all m ...) NOT-FOR-US: Opencast CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of ...) NOT-FOR-US: Feedgen CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...) - simplesamlphp 1.18.4-1 [buster] - simplesamlphp (Vulnerable code introduced later) [stretch] - simplesamlphp (Vulnerable code introduced later) [jessie] - simplesamlphp (Vulnerable code introduced later) NOTE: https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w NOTE: https://simplesamlphp.org/security/202001-01 CVE-2020-5225 (Log injection in SimpleSAMLphp before version 1.18.4. The www/errorepo ...) - simplesamlphp 1.18.4-1 (low) [buster] - simplesamlphp (Minor issue) [stretch] - simplesamlphp (Minor issue) [jessie] - simplesamlphp (Minor issue) NOTE: https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww NOTE: https://simplesamlphp.org/security/202001-02 CVE-2020-5224 (In Django User Sessions (django-user-sessions) before 1.7.1, the views ...) NOT-FOR-US: Django User Sessions (django-user-sessions) CVE-2020-5223 (In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a p ...) NOT-FOR-US: PrivateBin CVE-2020-5222 (Opencast before 7.6 and 8.1 enables a remember-me cookie based on a ha ...) NOT-FOR-US: Opencast CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...) NOT-FOR-US: uftpd CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups to be ...) NOT-FOR-US: Sylius CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...) NOT-FOR-US: Angular Expressions CVE-2020-5218 (Affected versions of Sylius give attackers the ability to switch chann ...) NOT-FOR-US: Sylius CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) - ruby-secure-headers 6.3.1-1 (bug #949999) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c NOTE: https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3 NOTE: https://github.com/twitter/secure_headers/issues/418 NOTE: https://github.com/twitter/secure_headers/pull/421 CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) - ruby-secure-headers 6.3.1-1 (bug #949998) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg NOTE: https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0 CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...) - tensorflow (bug #804612) CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6 NOTE: Negligible security impact CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v NOTE: Negligible security impact CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56 NOTE: Negligible security impact CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value for the ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7 NOTE: Negligible security impact CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command line op ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 NOTE: Negligible security impact CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i can ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8 NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 NOTE: Negligible security impact CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 negl ...) {DLA-2098-1} - ipmitool (bug #950761) [buster] - ipmitool (Minor issue) [stretch] - ipmitool (Minor issue) NOTE: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp NOTE: https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 NOTE: https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10 NOTE: https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 NOTE: https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4 NOTE: https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10 NOTE: https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637 CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...) NOT-FOR-US: Ktor CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with an arb ...) NOT-FOR-US: Opencast CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...) NOT-FOR-US: Pow CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...) NOT-FOR-US: uftpd CVE-2020-5203 (In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code exec ...) NOT-FOR-US: Fat-Free Framework CVE-2020-5202 (apt-cacher-ng through 3.3 allows local users to obtain sensitive infor ...) - apt-cacher-ng 3.3.1-1 [buster] - apt-cacher-ng 3.2.1-1 [stretch] - apt-cacher-ng (Minor issue) [jessie] - apt-cacher-ng (Minor issue) NOTE: https://salsa.debian.org/blade/apt-cacher-ng/commit/3b91874b0c099b0ded1a94f1784fe1265082efbc CVE-2020-5201 RESERVED CVE-2020-5200 RESERVED CVE-2020-5199 RESERVED CVE-2020-5198 RESERVED CVE-2020-5197 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) [experimental] - gitlab 12.6.2-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2020-5196 (Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10 ...) NOT-FOR-US: Cerberus FTP Server Enterprise Edition CVE-2020-5195 (Reflected XSS through an IMG element in Cerberus FTP Server prior to v ...) NOT-FOR-US: Cerberus FTP Server CVE-2020-5194 (The zip API endpoint in Cerberus FTP Server 8 allows an authenticated ...) NOT-FOR-US: Cerberus FTP Server CVE-2020-5193 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5192 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5191 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5190 RESERVED CVE-2020-5189 RESERVED CVE-2020-5188 (DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. ...) NOT-FOR-US: DNN CVE-2020-5187 (DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 ...) NOT-FOR-US: DNN CVE-2020-5186 (DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). ...) NOT-FOR-US: DNN CVE-2020-5185 RESERVED CVE-2020-5184 RESERVED CVE-2020-5183 (FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption ...) NOT-FOR-US: FTPGetter Professional CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reve ...) NOT-FOR-US: J-BusinessDirectory extension for Joomla! CVE-2020-5181 RESERVED CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to se ...) NOT-FOR-US: Viscosity on Widnows and macOS CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 7.4.3 devices CVE-2020-5178 RESERVED CVE-2020-5177 RESERVED CVE-2020-5176 RESERVED CVE-2020-5175 RESERVED CVE-2020-5174 RESERVED CVE-2020-5173 RESERVED CVE-2020-5172 RESERVED CVE-2020-5171 RESERVED CVE-2020-5170 RESERVED CVE-2020-5169 RESERVED CVE-2020-5168 RESERVED CVE-2020-5167 RESERVED CVE-2020-5166 RESERVED CVE-2020-5165 RESERVED CVE-2020-5164 RESERVED CVE-2020-5163 RESERVED CVE-2020-5162 RESERVED CVE-2020-5161 RESERVED CVE-2020-5160 RESERVED CVE-2020-5159 RESERVED CVE-2020-5158 RESERVED CVE-2020-5157 RESERVED CVE-2020-5156 RESERVED CVE-2020-5155 RESERVED CVE-2020-5154 RESERVED CVE-2020-5153 RESERVED CVE-2020-5152 RESERVED CVE-2020-5151 RESERVED CVE-2020-5150 RESERVED CVE-2020-5149 RESERVED CVE-2020-5148 RESERVED CVE-2020-5147 RESERVED CVE-2020-5146 RESERVED CVE-2020-5145 RESERVED CVE-2020-5144 RESERVED CVE-2020-5143 RESERVED CVE-2020-5142 RESERVED CVE-2020-5141 RESERVED CVE-2020-5140 RESERVED CVE-2020-5139 RESERVED CVE-2020-5138 RESERVED CVE-2020-5137 RESERVED CVE-2020-5136 RESERVED CVE-2020-5135 RESERVED CVE-2020-5134 RESERVED CVE-2020-5133 RESERVED CVE-2020-5132 RESERVED CVE-2020-5131 (SonicWall NetExtender Windows client vulnerable to arbitrary file writ ...) NOT-FOR-US: SonicWall NetExtender Windows client CVE-2020-5130 (SonicOS SSLVPN LDAP login request allows remote attackers to cause ext ...) NOT-FOR-US: SonicOS SSLVPN / SonicWall CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows a ...) NOT-FOR-US: SonicWall CVE-2020-5128 RESERVED CVE-2020-5127 RESERVED CVE-2020-5126 RESERVED CVE-2020-5125 RESERVED CVE-2020-5124 RESERVED CVE-2020-5123 RESERVED CVE-2020-5122 RESERVED CVE-2020-5121 RESERVED CVE-2020-5120 RESERVED CVE-2020-5119 RESERVED CVE-2020-5118 RESERVED CVE-2020-5117 RESERVED CVE-2020-5116 RESERVED CVE-2020-5115 RESERVED CVE-2020-5114 RESERVED CVE-2020-5113 RESERVED CVE-2020-5112 RESERVED CVE-2020-5111 RESERVED CVE-2020-5110 RESERVED CVE-2020-5109 RESERVED CVE-2020-5108 RESERVED CVE-2020-5107 RESERVED CVE-2020-5106 RESERVED CVE-2020-5105 RESERVED CVE-2020-5104 RESERVED CVE-2020-5103 RESERVED CVE-2020-5102 RESERVED CVE-2020-5101 RESERVED CVE-2020-5100 RESERVED CVE-2020-5099 RESERVED CVE-2020-5098 RESERVED CVE-2020-5097 RESERVED CVE-2020-5096 RESERVED CVE-2020-5095 RESERVED CVE-2020-5094 RESERVED CVE-2020-5093 RESERVED CVE-2020-5092 RESERVED CVE-2020-5091 RESERVED CVE-2020-5090 RESERVED CVE-2020-5089 RESERVED CVE-2020-5088 RESERVED CVE-2020-5087 RESERVED CVE-2020-5086 RESERVED CVE-2020-5085 RESERVED CVE-2020-5084 RESERVED CVE-2020-5083 RESERVED CVE-2020-5082 RESERVED CVE-2020-5081 RESERVED CVE-2020-5080 RESERVED CVE-2020-5079 RESERVED CVE-2020-5078 RESERVED CVE-2020-5077 RESERVED CVE-2020-5076 RESERVED CVE-2020-5075 RESERVED CVE-2020-5074 RESERVED CVE-2020-5073 RESERVED CVE-2020-5072 RESERVED CVE-2020-5071 RESERVED CVE-2020-5070 RESERVED CVE-2020-5069 RESERVED CVE-2020-5068 RESERVED CVE-2020-5067 RESERVED CVE-2020-5066 RESERVED CVE-2020-5065 RESERVED CVE-2020-5064 RESERVED CVE-2020-5063 RESERVED CVE-2020-5062 RESERVED CVE-2020-5061 RESERVED CVE-2020-5060 RESERVED CVE-2020-5059 RESERVED CVE-2020-5058 RESERVED CVE-2020-5057 RESERVED CVE-2020-5056 RESERVED CVE-2020-5055 RESERVED CVE-2020-5054 RESERVED CVE-2020-5053 RESERVED CVE-2020-5052 RESERVED CVE-2020-5051 RESERVED CVE-2020-5050 RESERVED CVE-2020-5049 RESERVED CVE-2020-5048 RESERVED CVE-2020-5047 RESERVED CVE-2020-5046 RESERVED CVE-2020-5045 RESERVED CVE-2020-5044 RESERVED CVE-2020-5043 RESERVED CVE-2020-5042 RESERVED CVE-2020-5041 RESERVED CVE-2020-5040 RESERVED CVE-2020-5039 RESERVED CVE-2020-5038 RESERVED CVE-2020-5037 RESERVED CVE-2020-5036 RESERVED CVE-2020-5035 RESERVED CVE-2020-5034 RESERVED CVE-2020-5033 RESERVED CVE-2020-5032 RESERVED CVE-2020-5031 RESERVED CVE-2020-5030 RESERVED CVE-2020-5029 RESERVED CVE-2020-5028 RESERVED CVE-2020-5027 RESERVED CVE-2020-5026 RESERVED CVE-2020-5025 RESERVED CVE-2020-5024 RESERVED CVE-2020-5023 RESERVED CVE-2020-5022 RESERVED CVE-2020-5021 RESERVED CVE-2020-5020 RESERVED CVE-2020-5019 RESERVED CVE-2020-5018 RESERVED CVE-2020-5017 RESERVED CVE-2020-5016 RESERVED CVE-2020-5015 RESERVED CVE-2020-5014 RESERVED CVE-2020-5013 RESERVED CVE-2020-5012 RESERVED CVE-2020-5011 RESERVED CVE-2020-5010 RESERVED CVE-2020-5009 RESERVED CVE-2020-5008 RESERVED CVE-2020-5007 RESERVED CVE-2020-5006 RESERVED CVE-2020-5005 RESERVED CVE-2020-5004 RESERVED CVE-2020-5003 RESERVED CVE-2020-5002 RESERVED CVE-2020-5001 RESERVED CVE-2020-5000 RESERVED CVE-2020-4999 RESERVED CVE-2020-4998 RESERVED CVE-2020-4997 RESERVED CVE-2020-4996 RESERVED CVE-2020-4995 RESERVED CVE-2020-4994 RESERVED CVE-2020-4993 RESERVED CVE-2020-4992 RESERVED CVE-2020-4991 RESERVED CVE-2020-4990 RESERVED CVE-2020-4989 RESERVED CVE-2020-4988 RESERVED CVE-2020-4987 RESERVED CVE-2020-4986 RESERVED CVE-2020-4985 RESERVED CVE-2020-4984 RESERVED CVE-2020-4983 RESERVED CVE-2020-4982 RESERVED CVE-2020-4981 RESERVED CVE-2020-4980 RESERVED CVE-2020-4979 RESERVED CVE-2020-4978 RESERVED CVE-2020-4977 RESERVED CVE-2020-4976 RESERVED CVE-2020-4975 RESERVED CVE-2020-4974 RESERVED CVE-2020-4973 RESERVED CVE-2020-4972 RESERVED CVE-2020-4971 RESERVED CVE-2020-4970 RESERVED CVE-2020-4969 RESERVED CVE-2020-4968 RESERVED CVE-2020-4967 RESERVED CVE-2020-4966 RESERVED CVE-2020-4965 RESERVED CVE-2020-4964 RESERVED CVE-2020-4963 RESERVED CVE-2020-4962 RESERVED CVE-2020-4961 RESERVED CVE-2020-4960 RESERVED CVE-2020-4959 RESERVED CVE-2020-4958 RESERVED CVE-2020-4957 RESERVED CVE-2020-4956 RESERVED CVE-2020-4955 RESERVED CVE-2020-4954 RESERVED CVE-2020-4953 RESERVED CVE-2020-4952 RESERVED CVE-2020-4951 RESERVED CVE-2020-4950 RESERVED CVE-2020-4949 RESERVED CVE-2020-4948 RESERVED CVE-2020-4947 RESERVED CVE-2020-4946 RESERVED CVE-2020-4945 RESERVED CVE-2020-4944 RESERVED CVE-2020-4943 RESERVED CVE-2020-4942 RESERVED CVE-2020-4941 RESERVED CVE-2020-4940 RESERVED CVE-2020-4939 RESERVED CVE-2020-4938 RESERVED CVE-2020-4937 RESERVED CVE-2020-4936 RESERVED CVE-2020-4935 RESERVED CVE-2020-4934 RESERVED CVE-2020-4933 RESERVED CVE-2020-4932 RESERVED CVE-2020-4931 RESERVED CVE-2020-4930 RESERVED CVE-2020-4929 RESERVED CVE-2020-4928 RESERVED CVE-2020-4927 RESERVED CVE-2020-4926 RESERVED CVE-2020-4925 RESERVED CVE-2020-4924 RESERVED CVE-2020-4923 RESERVED CVE-2020-4922 RESERVED CVE-2020-4921 RESERVED CVE-2020-4920 RESERVED CVE-2020-4919 RESERVED CVE-2020-4918 RESERVED CVE-2020-4917 RESERVED CVE-2020-4916 RESERVED CVE-2020-4915 RESERVED CVE-2020-4914 RESERVED CVE-2020-4913 RESERVED CVE-2020-4912 RESERVED CVE-2020-4911 RESERVED CVE-2020-4910 RESERVED CVE-2020-4909 RESERVED CVE-2020-4908 RESERVED CVE-2020-4907 RESERVED CVE-2020-4906 RESERVED CVE-2020-4905 RESERVED CVE-2020-4904 RESERVED CVE-2020-4903 RESERVED CVE-2020-4902 RESERVED CVE-2020-4901 RESERVED CVE-2020-4900 RESERVED CVE-2020-4899 RESERVED CVE-2020-4898 RESERVED CVE-2020-4897 RESERVED CVE-2020-4896 RESERVED CVE-2020-4895 RESERVED CVE-2020-4894 RESERVED CVE-2020-4893 RESERVED CVE-2020-4892 RESERVED CVE-2020-4891 RESERVED CVE-2020-4890 RESERVED CVE-2020-4889 RESERVED CVE-2020-4888 RESERVED CVE-2020-4887 RESERVED CVE-2020-4886 RESERVED CVE-2020-4885 RESERVED CVE-2020-4884 RESERVED CVE-2020-4883 RESERVED CVE-2020-4882 RESERVED CVE-2020-4881 RESERVED CVE-2020-4880 RESERVED CVE-2020-4879 RESERVED CVE-2020-4878 RESERVED CVE-2020-4877 RESERVED CVE-2020-4876 RESERVED CVE-2020-4875 RESERVED CVE-2020-4874 RESERVED CVE-2020-4873 RESERVED CVE-2020-4872 RESERVED CVE-2020-4871 RESERVED CVE-2020-4870 RESERVED CVE-2020-4869 RESERVED CVE-2020-4868 RESERVED CVE-2020-4867 RESERVED CVE-2020-4866 RESERVED CVE-2020-4865 RESERVED CVE-2020-4864 RESERVED CVE-2020-4863 RESERVED CVE-2020-4862 RESERVED CVE-2020-4861 RESERVED CVE-2020-4860 RESERVED CVE-2020-4859 RESERVED CVE-2020-4858 RESERVED CVE-2020-4857 RESERVED CVE-2020-4856 RESERVED CVE-2020-4855 RESERVED CVE-2020-4854 RESERVED CVE-2020-4853 RESERVED CVE-2020-4852 RESERVED CVE-2020-4851 RESERVED CVE-2020-4850 RESERVED CVE-2020-4849 RESERVED CVE-2020-4848 RESERVED CVE-2020-4847 RESERVED CVE-2020-4846 RESERVED CVE-2020-4845 RESERVED CVE-2020-4844 RESERVED CVE-2020-4843 RESERVED CVE-2020-4842 RESERVED CVE-2020-4841 RESERVED CVE-2020-4840 RESERVED CVE-2020-4839 RESERVED CVE-2020-4838 RESERVED CVE-2020-4837 RESERVED CVE-2020-4836 RESERVED CVE-2020-4835 RESERVED CVE-2020-4834 RESERVED CVE-2020-4833 RESERVED CVE-2020-4832 RESERVED CVE-2020-4831 RESERVED CVE-2020-4830 RESERVED CVE-2020-4829 RESERVED CVE-2020-4828 RESERVED CVE-2020-4827 RESERVED CVE-2020-4826 RESERVED CVE-2020-4825 RESERVED CVE-2020-4824 RESERVED CVE-2020-4823 RESERVED CVE-2020-4822 RESERVED CVE-2020-4821 RESERVED CVE-2020-4820 RESERVED CVE-2020-4819 RESERVED CVE-2020-4818 RESERVED CVE-2020-4817 RESERVED CVE-2020-4816 RESERVED CVE-2020-4815 RESERVED CVE-2020-4814 RESERVED CVE-2020-4813 RESERVED CVE-2020-4812 RESERVED CVE-2020-4811 RESERVED CVE-2020-4810 RESERVED CVE-2020-4809 RESERVED CVE-2020-4808 RESERVED CVE-2020-4807 RESERVED CVE-2020-4806 RESERVED CVE-2020-4805 RESERVED CVE-2020-4804 RESERVED CVE-2020-4803 RESERVED CVE-2020-4802 RESERVED CVE-2020-4801 RESERVED CVE-2020-4800 RESERVED CVE-2020-4799 RESERVED CVE-2020-4798 RESERVED CVE-2020-4797 RESERVED CVE-2020-4796 RESERVED CVE-2020-4795 RESERVED CVE-2020-4794 RESERVED CVE-2020-4793 RESERVED CVE-2020-4792 RESERVED CVE-2020-4791 RESERVED CVE-2020-4790 RESERVED CVE-2020-4789 RESERVED CVE-2020-4788 RESERVED CVE-2020-4787 RESERVED CVE-2020-4786 RESERVED CVE-2020-4785 RESERVED CVE-2020-4784 RESERVED CVE-2020-4783 RESERVED CVE-2020-4782 RESERVED CVE-2020-4781 RESERVED CVE-2020-4780 RESERVED CVE-2020-4779 RESERVED CVE-2020-4778 RESERVED CVE-2020-4777 RESERVED CVE-2020-4776 RESERVED CVE-2020-4775 RESERVED CVE-2020-4774 RESERVED CVE-2020-4773 RESERVED CVE-2020-4772 RESERVED CVE-2020-4771 RESERVED CVE-2020-4770 RESERVED CVE-2020-4769 RESERVED CVE-2020-4768 RESERVED CVE-2020-4767 RESERVED CVE-2020-4766 RESERVED CVE-2020-4765 RESERVED CVE-2020-4764 RESERVED CVE-2020-4763 RESERVED CVE-2020-4762 RESERVED CVE-2020-4761 RESERVED CVE-2020-4760 RESERVED CVE-2020-4759 RESERVED CVE-2020-4758 RESERVED CVE-2020-4757 RESERVED CVE-2020-4756 RESERVED CVE-2020-4755 RESERVED CVE-2020-4754 RESERVED CVE-2020-4753 RESERVED CVE-2020-4752 RESERVED CVE-2020-4751 RESERVED CVE-2020-4750 RESERVED CVE-2020-4749 RESERVED CVE-2020-4748 RESERVED CVE-2020-4747 RESERVED CVE-2020-4746 RESERVED CVE-2020-4745 RESERVED CVE-2020-4744 RESERVED CVE-2020-4743 RESERVED CVE-2020-4742 RESERVED CVE-2020-4741 RESERVED CVE-2020-4740 RESERVED CVE-2020-4739 RESERVED CVE-2020-4738 RESERVED CVE-2020-4737 RESERVED CVE-2020-4736 RESERVED CVE-2020-4735 RESERVED CVE-2020-4734 RESERVED CVE-2020-4733 RESERVED CVE-2020-4732 RESERVED CVE-2020-4731 RESERVED CVE-2020-4730 RESERVED CVE-2020-4729 RESERVED CVE-2020-4728 RESERVED CVE-2020-4727 RESERVED CVE-2020-4726 RESERVED CVE-2020-4725 RESERVED CVE-2020-4724 RESERVED CVE-2020-4723 RESERVED CVE-2020-4722 RESERVED CVE-2020-4721 RESERVED CVE-2020-4720 RESERVED CVE-2020-4719 RESERVED CVE-2020-4718 RESERVED CVE-2020-4717 RESERVED CVE-2020-4716 RESERVED CVE-2020-4715 RESERVED CVE-2020-4714 RESERVED CVE-2020-4713 RESERVED CVE-2020-4712 RESERVED CVE-2020-4711 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4710 RESERVED CVE-2020-4709 RESERVED CVE-2020-4708 (IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some infor ...) NOT-FOR-US: IBM CVE-2020-4707 RESERVED CVE-2020-4706 RESERVED CVE-2020-4705 RESERVED CVE-2020-4704 RESERVED CVE-2020-4703 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console ...) NOT-FOR-US: IBM CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...) NOT-FOR-US: IBM CVE-2020-4701 RESERVED CVE-2020-4700 RESERVED CVE-2020-4699 RESERVED CVE-2020-4698 (IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Work ...) NOT-FOR-US: IBM CVE-2020-4697 RESERVED CVE-2020-4696 RESERVED CVE-2020-4695 RESERVED CVE-2020-4694 RESERVED CVE-2020-4693 (IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8. ...) NOT-FOR-US: IBM CVE-2020-4692 RESERVED CVE-2020-4691 RESERVED CVE-2020-4690 RESERVED CVE-2020-4689 RESERVED CVE-2020-4688 RESERVED CVE-2020-4687 (IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated use ...) NOT-FOR-US: IBM CVE-2020-4686 (IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated ...) NOT-FOR-US: IBM CVE-2020-4685 RESERVED CVE-2020-4684 RESERVED CVE-2020-4683 RESERVED CVE-2020-4682 RESERVED CVE-2020-4681 RESERVED CVE-2020-4680 RESERVED CVE-2020-4679 RESERVED CVE-2020-4678 RESERVED CVE-2020-4677 RESERVED CVE-2020-4676 RESERVED CVE-2020-4675 RESERVED CVE-2020-4674 RESERVED CVE-2020-4673 RESERVED CVE-2020-4672 RESERVED CVE-2020-4671 RESERVED CVE-2020-4670 RESERVED CVE-2020-4669 RESERVED CVE-2020-4668 RESERVED CVE-2020-4667 RESERVED CVE-2020-4666 RESERVED CVE-2020-4665 RESERVED CVE-2020-4664 RESERVED CVE-2020-4663 RESERVED CVE-2020-4662 (IBM Event Streams 10.0.0 could allow an authenticated user to perform ...) NOT-FOR-US: IBM CVE-2020-4661 RESERVED CVE-2020-4660 RESERVED CVE-2020-4659 RESERVED CVE-2020-4658 RESERVED CVE-2020-4657 RESERVED CVE-2020-4656 RESERVED CVE-2020-4655 RESERVED CVE-2020-4654 RESERVED CVE-2020-4653 (IBM Planning Analytics 2.0 could allow a remote attacker to conduct ph ...) NOT-FOR-US: IBM CVE-2020-4652 RESERVED CVE-2020-4651 RESERVED CVE-2020-4650 RESERVED CVE-2020-4649 RESERVED CVE-2020-4648 (A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars ...) NOT-FOR-US: IBM CVE-2020-4647 RESERVED CVE-2020-4646 RESERVED CVE-2020-4645 (IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4644 (IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remot ...) NOT-FOR-US: IBM CVE-2020-4643 RESERVED CVE-2020-4642 RESERVED CVE-2020-4641 RESERVED CVE-2020-4640 RESERVED CVE-2020-4639 RESERVED CVE-2020-4638 (IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulner ...) NOT-FOR-US: IBM CVE-2020-4637 RESERVED CVE-2020-4636 RESERVED CVE-2020-4635 RESERVED CVE-2020-4634 RESERVED CVE-2020-4633 RESERVED CVE-2020-4632 (IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-sid ...) NOT-FOR-US: IBM CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-de ...) NOT-FOR-US: IBM CVE-2020-4630 RESERVED CVE-2020-4629 RESERVED CVE-2020-4628 RESERVED CVE-2020-4627 RESERVED CVE-2020-4626 RESERVED CVE-2020-4625 RESERVED CVE-2020-4624 RESERVED CVE-2020-4623 RESERVED CVE-2020-4622 RESERVED CVE-2020-4621 RESERVED CVE-2020-4620 RESERVED CVE-2020-4619 RESERVED CVE-2020-4618 RESERVED CVE-2020-4617 RESERVED CVE-2020-4616 RESERVED CVE-2020-4615 RESERVED CVE-2020-4614 RESERVED CVE-2020-4613 RESERVED CVE-2020-4612 RESERVED CVE-2020-4611 RESERVED CVE-2020-4610 RESERVED CVE-2020-4609 RESERVED CVE-2020-4608 RESERVED CVE-2020-4607 RESERVED CVE-2020-4606 RESERVED CVE-2020-4605 RESERVED CVE-2020-4604 RESERVED CVE-2020-4603 (IBM Security Guardium Insights 2.0.1 performs an operation at a privil ...) NOT-FOR-US: IBM CVE-2020-4602 RESERVED CVE-2020-4601 RESERVED CVE-2020-4600 RESERVED CVE-2020-4599 RESERVED CVE-2020-4598 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4597 RESERVED CVE-2020-4596 RESERVED CVE-2020-4595 RESERVED CVE-2020-4594 RESERVED CVE-2020-4593 (IBM Security Guardium Insights 2.0.1 stores user credentials in plain ...) NOT-FOR-US: IBM CVE-2020-4592 RESERVED CVE-2020-4591 (IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclos ...) NOT-FOR-US: IBM CVE-2020-4590 RESERVED CVE-2020-4589 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2020-4588 RESERVED CVE-2020-4587 (IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is ...) NOT-FOR-US: IBM CVE-2020-4586 RESERVED CVE-2020-4585 RESERVED CVE-2020-4584 RESERVED CVE-2020-4583 RESERVED CVE-2020-4582 RESERVED CVE-2020-4581 RESERVED CVE-2020-4580 RESERVED CVE-2020-4579 RESERVED CVE-2020-4578 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2020-4577 RESERVED CVE-2020-4576 RESERVED CVE-2020-4575 (IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Vir ...) NOT-FOR-US: IBM CVE-2020-4574 (IBM Tivoli Key Lifecycle Manager does not require that users should ha ...) NOT-FOR-US: IBM CVE-2020-4573 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitiv ...) NOT-FOR-US: IBM CVE-2020-4572 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote at ...) NOT-FOR-US: IBM CVE-2020-4571 RESERVED CVE-2020-4570 RESERVED CVE-2020-4569 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mecha ...) NOT-FOR-US: IBM CVE-2020-4568 RESERVED CVE-2020-4567 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate acco ...) NOT-FOR-US: IBM CVE-2020-4566 RESERVED CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacke ...) NOT-FOR-US: IBM CVE-2020-4564 RESERVED CVE-2020-4563 RESERVED CVE-2020-4562 RESERVED CVE-2020-4561 RESERVED CVE-2020-4560 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2020-4559 (IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a de ...) NOT-FOR-US: IBM CVE-2020-4558 RESERVED CVE-2020-4557 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...) NOT-FOR-US: IBM CVE-2020-4556 RESERVED CVE-2020-4555 RESERVED CVE-2020-4554 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4553 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4552 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute ...) NOT-FOR-US: IBM CVE-2020-4551 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4550 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute ...) NOT-FOR-US: IBM CVE-2020-4548 (IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input ...) NOT-FOR-US: IBM CVE-2020-4547 RESERVED CVE-2020-4546 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4545 (IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbi ...) NOT-FOR-US: IBM CVE-2020-4544 RESERVED CVE-2020-4543 RESERVED CVE-2020-4542 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2020-4541 (IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4540 RESERVED CVE-2020-4539 (IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vu ...) NOT-FOR-US: IBM CVE-2020-4538 RESERVED CVE-2020-4537 RESERVED CVE-2020-4536 RESERVED CVE-2020-4535 RESERVED CVE-2020-4534 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2020-4533 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager (IBM ...) NOT-FOR-US: IBM CVE-2020-4531 RESERVED CVE-2020-4530 (IBM Business Automation Workflow C.D.0 and IBM Business Process Manage ...) NOT-FOR-US: IBM CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server si ...) NOT-FOR-US: IBM CVE-2020-4528 RESERVED CVE-2020-4527 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2020-4526 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2020-4525 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2020-4524 RESERVED CVE-2020-4523 RESERVED CVE-2020-4522 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4521 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authe ...) NOT-FOR-US: IBM CVE-2020-4520 RESERVED CVE-2020-4519 RESERVED CVE-2020-4518 RESERVED CVE-2020-4517 RESERVED CVE-2020-4516 (IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Work ...) NOT-FOR-US: IBM CVE-2020-4515 RESERVED CVE-2020-4514 RESERVED CVE-2020-4513 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2020-4512 (IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to ex ...) NOT-FOR-US: IBM CVE-2020-4511 (IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause ...) NOT-FOR-US: IBM CVE-2020-4510 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity In ...) NOT-FOR-US: IBM CVE-2020-4509 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity In ...) NOT-FOR-US: IBM CVE-2020-4508 RESERVED CVE-2020-4507 RESERVED CVE-2020-4506 RESERVED CVE-2020-4505 RESERVED CVE-2020-4504 RESERVED CVE-2020-4503 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2020-4502 RESERVED CVE-2020-4501 RESERVED CVE-2020-4500 RESERVED CVE-2020-4499 RESERVED CVE-2020-4498 (IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged use ...) NOT-FOR-US: IBM CVE-2020-4497 RESERVED CVE-2020-4496 RESERVED CVE-2020-4495 RESERVED CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...) NOT-FOR-US: IBM CVE-2020-4493 RESERVED CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2 ...) NOT-FOR-US: IBM CVE-2020-4491 RESERVED CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business Process M ...) NOT-FOR-US: IBM CVE-2020-4489 RESERVED CVE-2020-4488 RESERVED CVE-2020-4487 RESERVED CVE-2020-4486 (IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to ov ...) NOT-FOR-US: IBM CVE-2020-4485 (IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to di ...) NOT-FOR-US: IBM CVE-2020-4484 RESERVED CVE-2020-4483 RESERVED CVE-2020-4482 RESERVED CVE-2020-4481 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is v ...) NOT-FOR-US: IBM CVE-2020-4480 RESERVED CVE-2020-4479 RESERVED CVE-2020-4478 RESERVED CVE-2020-4477 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensi ...) NOT-FOR-US: IBM CVE-2020-4476 RESERVED CVE-2020-4475 RESERVED CVE-2020-4474 RESERVED CVE-2020-4473 RESERVED CVE-2020-4472 RESERVED CVE-2020-4471 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthe ...) NOT-FOR-US: IBM CVE-2020-4470 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console ...) NOT-FOR-US: IBM CVE-2020-4469 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4468 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4467 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4466 (IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authentica ...) NOT-FOR-US: IBM CVE-2020-4465 (IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and ...) NOT-FOR-US: IBM CVE-2020-4464 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...) NOT-FOR-US: IBM CVE-2020-4463 (IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XM ...) NOT-FOR-US: IBM CVE-2020-4462 (IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and ...) NOT-FOR-US: IBM CVE-2020-4461 (IBM Security Access Manager Appliance 9.0.7.1 could allow an authentic ...) NOT-FOR-US: IBM CVE-2020-4460 RESERVED CVE-2020-4459 (IBM Security Verify Access 10.7 contains hard-coded credentials, such ...) NOT-FOR-US: IBM CVE-2020-4458 RESERVED CVE-2020-4457 RESERVED CVE-2020-4456 RESERVED CVE-2020-4455 RESERVED CVE-2020-4454 RESERVED CVE-2020-4453 RESERVED CVE-2020-4452 (IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expec ...) NOT-FOR-US: IBM CVE-2020-4451 RESERVED CVE-2020-4450 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...) NOT-FOR-US: IBM CVE-2020-4449 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...) NOT-FOR-US: IBM CVE-2020-4448 (IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and ...) NOT-FOR-US: IBM CVE-2020-4447 (IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automa ...) NOT-FOR-US: IBM CVE-2020-4445 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4444 RESERVED CVE-2020-4443 RESERVED CVE-2020-4442 RESERVED CVE-2020-4441 RESERVED CVE-2020-4440 RESERVED CVE-2020-4439 RESERVED CVE-2020-4438 RESERVED CVE-2020-4437 RESERVED CVE-2020-4436 (Certain IBM Aspera applications are vulnerable to buffer overflow afte ...) NOT-FOR-US: IBM CVE-2020-4435 (Certain IBM Aspera applications are vulnerable to arbitrary memory cor ...) NOT-FOR-US: IBM CVE-2020-4434 (Certain IBM Aspera applications are vulnerable to buffer overflow base ...) NOT-FOR-US: IBM CVE-2020-4433 (Certain IBM Aspera applications are vulnerable to a stack-based buffer ...) NOT-FOR-US: IBM CVE-2020-4432 (Certain IBM Aspera applications are vulnerable to command injection af ...) NOT-FOR-US: IBM CVE-2020-4431 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2020-4430 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a rem ...) NOT-FOR-US: IBM CVE-2020-4429 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 con ...) NOT-FOR-US: IBM CVE-2020-4428 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a rem ...) NOT-FOR-US: IBM CVE-2020-4427 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...) NOT-FOR-US: IBM CVE-2020-4426 RESERVED CVE-2020-4425 RESERVED CVE-2020-4424 RESERVED CVE-2020-4423 RESERVED CVE-2020-4422 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allo ...) NOT-FOR-US: IBM CVE-2020-4420 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4419 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4418 RESERVED CVE-2020-4417 RESERVED CVE-2020-4416 RESERVED CVE-2020-4415 (IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based ...) NOT-FOR-US: IBM CVE-2020-4414 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4413 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...) NOT-FOR-US: IBM CVE-2020-4412 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...) NOT-FOR-US: IBM CVE-2020-4411 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...) NOT-FOR-US: IBM CVE-2020-4410 (IBM Jazz Foundation and IBM Engineering products could allow an authen ...) NOT-FOR-US: IBM CVE-2020-4409 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4408 (The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRada ...) NOT-FOR-US: IBM CVE-2020-4407 RESERVED CVE-2020-4406 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...) NOT-FOR-US: IBM CVE-2020-4405 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially se ...) NOT-FOR-US: IBM CVE-2020-4404 RESERVED CVE-2020-4403 RESERVED CVE-2020-4402 RESERVED CVE-2020-4401 RESERVED CVE-2020-4400 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lo ...) NOT-FOR-US: IBM CVE-2020-4399 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2020-4398 RESERVED CVE-2020-4397 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive informati ...) NOT-FOR-US: IBM CVE-2020-4396 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2020-4395 RESERVED CVE-2020-4394 RESERVED CVE-2020-4393 RESERVED CVE-2020-4392 RESERVED CVE-2020-4391 RESERVED CVE-2020-4390 RESERVED CVE-2020-4389 RESERVED CVE-2020-4388 RESERVED CVE-2020-4387 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4385 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentia ...) NOT-FOR-US: IBM CVE-2020-4384 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) NOT-FOR-US: IBM CVE-2020-4383 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 ...) NOT-FOR-US: IBM CVE-2020-4382 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 ...) NOT-FOR-US: IBM CVE-2020-4381 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 ...) NOT-FOR-US: IBM CVE-2020-4380 (IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...) NOT-FOR-US: IBM CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged au ...) NOT-FOR-US: IBM CVE-2020-4377 (IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Ent ...) NOT-FOR-US: IBM CVE-2020-4376 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could ...) NOT-FOR-US: IBM CVE-2020-4375 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 ...) NOT-FOR-US: IBM CVE-2020-4374 RESERVED CVE-2020-4373 RESERVED CVE-2020-4372 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in pl ...) NOT-FOR-US: IBM CVE-2020-4371 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive informatio ...) NOT-FOR-US: IBM CVE-2020-4370 RESERVED CVE-2020-4369 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive infor ...) NOT-FOR-US: IBM CVE-2020-4368 RESERVED CVE-2020-4367 (IBM Planning Analytics Local 2.0 uses weaker than expected cryptograph ...) NOT-FOR-US: IBM CVE-2020-4366 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2020-4365 (IBM WebSphere Application Server 8.5 is vulnerable to server-side requ ...) NOT-FOR-US: IBM CVE-2020-4364 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2020-4363 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4362 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...) NOT-FOR-US: IBM CVE-2020-4361 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2020-4360 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2020-4359 RESERVED CVE-2020-4358 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2020-4357 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attack ...) NOT-FOR-US: IBM CVE-2020-4356 RESERVED CVE-2020-4355 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4354 RESERVED CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the device ...) NOT-FOR-US: IBM CVE-2020-4352 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...) NOT-FOR-US: IBM CVE-2020-4351 RESERVED CVE-2020-4350 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...) NOT-FOR-US: IBM CVE-2020-4349 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...) NOT-FOR-US: IBM CVE-2020-4348 (IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...) NOT-FOR-US: IBM CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subjec ...) NOT-FOR-US: IBM CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server ha ...) NOT-FOR-US: IBM CVE-2020-4345 (IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a s ...) NOT-FOR-US: IBM CVE-2020-4344 (IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web ...) NOT-FOR-US: IBM CVE-2020-4343 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4342 (IBM Security Secret Server 10.7 could disclose sensitive information i ...) NOT-FOR-US: IBM CVE-2020-4341 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...) NOT-FOR-US: IBM CVE-2020-4340 RESERVED CVE-2020-4339 RESERVED CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...) NOT-FOR-US: IBM CVE-2020-4337 (IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker ...) NOT-FOR-US: IBM CVE-2020-4336 RESERVED CVE-2020-4335 RESERVED CVE-2020-4334 RESERVED CVE-2020-4333 RESERVED CVE-2020-4332 RESERVED CVE-2020-4331 RESERVED CVE-2020-4330 RESERVED CVE-2020-4329 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...) NOT-FOR-US: IBM CVE-2020-4328 (IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection ...) NOT-FOR-US: IBM CVE-2020-4327 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...) NOT-FOR-US: IBM CVE-2020-4326 RESERVED CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0 ...) NOT-FOR-US: IBM CVE-2020-4324 RESERVED CVE-2020-4323 (IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2020-4322 (IBM Security Secret Server 10.7 could allow a remote attacker to hijac ...) NOT-FOR-US: IBM CVE-2020-4321 RESERVED CVE-2020-4320 (IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9 ...) NOT-FOR-US: IBM CVE-2020-4319 (IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and ...) NOT-FOR-US: IBM CVE-2020-4318 (IBM Intelligent Operations Center for Emergency Management, Intelligen ...) NOT-FOR-US: IBM CVE-2020-4317 (IBM Intelligent Operations Center for Emergency Management, Intelligen ...) NOT-FOR-US: IBM CVE-2020-4316 (IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure ...) NOT-FOR-US: IBM CVE-2020-4315 RESERVED CVE-2020-4314 RESERVED CVE-2020-4313 RESERVED CVE-2020-4312 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 co ...) NOT-FOR-US: IBM CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute ar ...) NOT-FOR-US: IBM CVE-2020-4310 (IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are ...) NOT-FOR-US: IBM CVE-2020-4309 (IBM Content Navigator 3.0CD could disclose sensitive information to an ...) NOT-FOR-US: IBM CVE-2020-4308 RESERVED CVE-2020-4307 (IBM Security Guardium 11.1 could allow an attacker on the same network ...) NOT-FOR-US: IBM CVE-2020-4306 (IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2020-4305 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a r ...) NOT-FOR-US: IBM CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...) NOT-FOR-US: IBM CVE-2020-4303 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...) NOT-FOR-US: IBM CVE-2020-4302 RESERVED CVE-2020-4301 RESERVED CVE-2020-4300 RESERVED CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 c ...) NOT-FOR-US: IBM CVE-2020-4298 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) NOT-FOR-US: IBM CVE-2020-4297 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is ...) NOT-FOR-US: IBM CVE-2020-4296 RESERVED CVE-2020-4295 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is ...) NOT-FOR-US: IBM CVE-2020-4294 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request ...) NOT-FOR-US: IBM CVE-2020-4293 RESERVED CVE-2020-4292 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and ...) NOT-FOR-US: IBM CVE-2020-4291 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4290 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4289 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4288 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4287 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4286 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) NOT-FOR-US: IBM CVE-2020-4285 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4284 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4283 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and ...) NOT-FOR-US: IBM CVE-2020-4282 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4281 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is ...) NOT-FOR-US: IBM CVE-2020-4280 RESERVED CVE-2020-4279 RESERVED CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Sp ...) NOT-FOR-US: IBM CVE-2020-4277 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive i ...) NOT-FOR-US: IBM CVE-2020-4276 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...) NOT-FOR-US: IBM CVE-2020-4275 RESERVED CVE-2020-4274 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to ...) NOT-FOR-US: IBM CVE-2020-4273 (IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attack ...) NOT-FOR-US: IBM CVE-2020-4272 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to inc ...) NOT-FOR-US: IBM CVE-2020-4271 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to ...) NOT-FOR-US: IBM CVE-2020-4270 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain esc ...) NOT-FOR-US: IBM CVE-2020-4269 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, suc ...) NOT-FOR-US: IBM CVE-2020-4268 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scriptin ...) NOT-FOR-US: IBM CVE-2020-4267 (IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authen ...) NOT-FOR-US: IBM CVE-2020-4266 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4265 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4264 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4263 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4262 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4261 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4260 (IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permi ...) NOT-FOR-US: IBM CVE-2020-4259 (IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authe ...) NOT-FOR-US: IBM CVE-2020-4258 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4257 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4256 RESERVED CVE-2020-4255 RESERVED CVE-2020-4254 RESERVED CVE-2020-4253 (IBM Content Navigator 3.0CD does not invalidate session after logout w ...) NOT-FOR-US: IBM CVE-2020-4252 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...) NOT-FOR-US: IBM CVE-2020-4251 (IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2020-4250 RESERVED CVE-2020-4249 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...) NOT-FOR-US: IBM CVE-2020-4248 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) NOT-FOR-US: IBM CVE-2020-4247 RESERVED CVE-2020-4246 (IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable ...) NOT-FOR-US: IBM CVE-2020-4245 (IBM Security Identity Governance and Intelligence 5.2.6 does not requi ...) NOT-FOR-US: IBM CVE-2020-4244 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...) NOT-FOR-US: IBM CVE-2020-4243 (IBM Security Identity Governance and Intelligence 5.2.6 Virtual Applia ...) NOT-FOR-US: IBM CVE-2020-4242 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...) NOT-FOR-US: IBM CVE-2020-4241 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...) NOT-FOR-US: IBM CVE-2020-4240 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4239 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remot ...) NOT-FOR-US: IBM CVE-2020-4238 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4237 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4236 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an auth ...) NOT-FOR-US: IBM CVE-2020-4235 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4234 RESERVED CVE-2020-4233 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) NOT-FOR-US: IBM CVE-2020-4232 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...) NOT-FOR-US: IBM CVE-2020-4231 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...) NOT-FOR-US: IBM CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2020-4229 (IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate se ...) NOT-FOR-US: IBM CVE-2020-4228 RESERVED CVE-2020-4227 RESERVED CVE-2020-4226 (IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive in ...) NOT-FOR-US: IBM CVE-2020-4225 RESERVED CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...) NOT-FOR-US: IBM CVE-2020-4223 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM Spectrum Protect Plus CVE-2020-4221 RESERVED CVE-2020-4220 RESERVED CVE-2020-4219 RESERVED CVE-2020-4218 RESERVED CVE-2020-4217 (The IBM Spectrum Scale 4.2 and 5.0 file system component is affected b ...) NOT-FOR-US: IBM CVE-2020-4216 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded cr ...) NOT-FOR-US: IBM CVE-2020-4215 RESERVED CVE-2020-4214 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4213 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4212 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4211 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4210 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4209 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4208 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded cr ...) NOT-FOR-US: IBM CVE-2020-4207 (IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 ...) NOT-FOR-US: IBM CVE-2020-4206 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4205 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an aut ...) NOT-FOR-US: IBM CVE-2020-4204 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4203 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially ...) NOT-FOR-US: IBM CVE-2020-4202 (IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenti ...) NOT-FOR-US: IBM CVE-2020-4201 RESERVED CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2020-4199 (IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request f ...) NOT-FOR-US: IBM CVE-2020-4198 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored loc ...) NOT-FOR-US: IBM CVE-2020-4196 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2020-4195 (IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4194 RESERVED CVE-2020-4193 (IBM Security Guardium 11.1 uses an inadequate account lockout setting ...) NOT-FOR-US: IBM CVE-2020-4192 RESERVED CVE-2020-4191 (IBM Security Guardium 11.1 uses weaker than expected cryptographic alg ...) NOT-FOR-US: IBM CVE-2020-4190 (IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credent ...) NOT-FOR-US: IBM CVE-2020-4189 RESERVED CVE-2020-4188 (IBM Security Guardium 10.6 and 11.1 may use insufficiently random numb ...) NOT-FOR-US: IBM CVE-2020-4187 (IBM Security Guardium 11.1 could disclose sensitive information on the ...) NOT-FOR-US: IBM CVE-2020-4186 (IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive in ...) NOT-FOR-US: IBM CVE-2020-4185 (IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected c ...) NOT-FOR-US: IBM CVE-2020-4184 RESERVED CVE-2020-4183 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2020-4182 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2020-4181 RESERVED CVE-2020-4180 (IBM Security Guardium 11.1 could allow a remote authenticated attacker ...) NOT-FOR-US: IBM CVE-2020-4179 RESERVED CVE-2020-4178 RESERVED CVE-2020-4177 (IBM Security Guardium 11.1 contains hard-coded credentials, such as a ...) NOT-FOR-US: IBM CVE-2020-4176 RESERVED CVE-2020-4175 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4174 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...) NOT-FOR-US: IBM CVE-2020-4173 (IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure a ...) NOT-FOR-US: IBM CVE-2020-4172 (IBM Security Guardium Insights 2.0.1 stores sensitive information in U ...) NOT-FOR-US: IBM CVE-2020-4171 (IBM Security Guardium Insights 2.0.1 allows web pages to be stored loc ...) NOT-FOR-US: IBM CVE-2020-4170 (IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site reque ...) NOT-FOR-US: IBM CVE-2020-4169 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...) NOT-FOR-US: IBM CVE-2020-4168 RESERVED CVE-2020-4167 (IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain ...) NOT-FOR-US: IBM CVE-2020-4166 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4165 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4164 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under special ...) NOT-FOR-US: IBM CVE-2020-4162 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2020-4161 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2020-4160 RESERVED CVE-2020-4159 RESERVED CVE-2020-4158 RESERVED CVE-2020-4157 RESERVED CVE-2020-4156 RESERVED CVE-2020-4155 RESERVED CVE-2020-4154 RESERVED CVE-2020-4153 RESERVED CVE-2020-4152 RESERVED CVE-2020-4151 (IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attac ...) NOT-FOR-US: IBM CVE-2020-4150 RESERVED CVE-2020-4149 RESERVED CVE-2020-4148 RESERVED CVE-2020-4147 RESERVED CVE-2020-4146 RESERVED CVE-2020-4145 RESERVED CVE-2020-4144 RESERVED CVE-2020-4143 RESERVED CVE-2020-4142 RESERVED CVE-2020-4141 RESERVED CVE-2020-4140 RESERVED CVE-2020-4139 RESERVED CVE-2020-4138 RESERVED CVE-2020-4137 RESERVED CVE-2020-4136 RESERVED CVE-2020-4135 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4134 RESERVED CVE-2020-4133 RESERVED CVE-2020-4132 RESERVED CVE-2020-4131 RESERVED CVE-2020-4130 RESERVED CVE-2020-4129 RESERVED CVE-2020-4128 RESERVED CVE-2020-4127 RESERVED CVE-2020-4126 RESERVED CVE-2020-4125 (Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious ...) NOT-FOR-US: HCL CVE-2020-4124 RESERVED CVE-2020-4123 RESERVED CVE-2020-4122 RESERVED CVE-2020-4121 RESERVED CVE-2020-4120 RESERVED CVE-2020-4119 RESERVED CVE-2020-4118 RESERVED CVE-2020-4117 RESERVED CVE-2020-4116 RESERVED CVE-2020-4115 RESERVED CVE-2020-4114 RESERVED CVE-2020-4113 RESERVED CVE-2020-4112 RESERVED CVE-2020-4111 RESERVED CVE-2020-4110 RESERVED CVE-2020-4109 RESERVED CVE-2020-4108 RESERVED CVE-2020-4107 RESERVED CVE-2020-4106 RESERVED CVE-2020-4105 RESERVED CVE-2020-4104 (HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) wi ...) NOT-FOR-US: HCL CVE-2020-4103 RESERVED CVE-2020-4102 RESERVED CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...) NOT-FOR-US: HCL Digital Experience CVE-2020-4100 ("HCL Verse for Android was found to employ dynamic code loading. This ...) NOT-FOR-US: HCL CVE-2020-4099 RESERVED CVE-2020-4098 RESERVED CVE-2020-4097 RESERVED CVE-2020-4096 RESERVED CVE-2020-4095 ("BigFix Platform is storing clear text credentials within the system's ...) NOT-FOR-US: HCL CVE-2020-4094 RESERVED CVE-2020-4093 RESERVED CVE-2020-4092 ("If port encryption is not enabled on the Domino Server, HCL Nomad on ...) NOT-FOR-US: HCL Nomad CVE-2020-4091 RESERVED CVE-2020-4090 RESERVED CVE-2020-4089 (HCL Notes is vulnerable to an information leakage vulnerability throug ...) NOT-FOR-US: HCL Notes CVE-2020-4088 RESERVED CVE-2020-4087 RESERVED CVE-2020-4086 RESERVED CVE-2020-4085 ("HCL Connections is vulnerable to possible information leakage and cou ...) NOT-FOR-US: HCL Connections CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scri ...) NOT-FOR-US: HCL Connections CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...) NOT-FOR-US: HCL Connections CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...) NOT-FOR-US: HCL Connections CVE-2020-4081 RESERVED CVE-2020-4080 RESERVED CVE-2020-4079 RESERVED CVE-2020-4078 RESERVED CVE-2020-4077 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...) - electron (bug #842420) CVE-2020-4076 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...) - electron (bug #842420) CVE-2020-4075 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary ...) - electron (bug #842420) CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the aut ...) NOT-FOR-US: PrestaShop CVE-2020-4073 RESERVED CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are created for ...) NOT-FOR-US: generator-jhipster-kotlin CVE-2020-4071 (In django-basic-auth-ip-whitelist before 0.3.4, a potential timing att ...) NOT-FOR-US: django-basic-auth-ip-whitelist CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is a cros ...) NOT-FOR-US: w3c css-validator CVE-2020-4069 RESERVED CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...) NOT-FOR-US: APNSwift CVE-2020-4067 (In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN ...) {DSA-4711-1 DLA-2271-1} - coturn 4.5.1.3-1 NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm NOTE: https://github.com/coturn/coturn/commit/170da1140797748ae85565b5a93a2e35e7b07b6a CVE-2020-4066 (In Limdu before 0.95, the trainBatch function has a command injection ...) NOT-FOR-US: Limdu CVE-2020-4065 RESERVED CVE-2020-4064 RESERVED CVE-2020-4063 RESERVED CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified critical ...) NOT-FOR-US: Conjur Helm Chart CVE-2020-4061 (In October from version 1.0.319 and before version 1.0.467, pasting co ...) NOT-FOR-US: October CMS CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free vulnera ...) NOT-FOR-US: LoRa Basics Station CVE-2020-4059 (In mversion before 2.0.0, there is a command injection vulnerability. ...) NOT-FOR-US: mversion CVE-2020-4058 RESERVED CVE-2020-4057 RESERVED CVE-2020-4056 RESERVED CVE-2020-4055 RESERVED CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less ...) {DSA-4730-1} - ruby-sanitize 4.6.6-2.1 (bug #963808) [stretch] - ruby-sanitize (Vulnerable code introduced later) [jessie] - ruby-sanitize (Vulnerable code introduced later) NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m NOTE: Fixed by: https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9 (v5.2.1) NOTE: Only in 5.0.0 removing of useless filtered elements content is done by default NOTE: with: https://github.com/rgrove/sanitize/commit/faf9a0f432fda3cef29f0f8aad99d4dedf079d67 (v5.0.0) CVE-2020-4053 (In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path tra ...) - helm-kubernetes (bug #910799) CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site scripting thro ...) NOT-FOR-US: Wiki.js CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 ...) - dojo (bug #970000) [buster] - dojo (Minor issue) NOTE: https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...) NOT-FOR-US: SSB-DB CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by conn ...) {DSA-4737-1 DLA-2319-1} - xrdp 0.9.12-1.1 (bug #964573) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4 NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...) NOT-FOR-US: phpMussel CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious client to ...) - bareos (bug #965985) [buster] - bareos (Minor issue; workaround exists; intrusive to backport to older versions) [stretch] - bareos (minor issue, low priority) NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752 NOTE: https://bugs.bareos.org/view.php?id=1250 NOTE: https://github.com/bareos/bareos/commit/93f2db6451a684fbb224a7d24cdd85e77b2b51fc (master) NOTE: Workaround: Make sure the director will not connect to a client that can NOTE: initiate connections. As a rule: every client with "Connection From Client NOTE: To Director = yes" must also set "Connection From Director To Client = no". CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...) NOT-FOR-US: Bolt CMS CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the preview ge ...) NOT-FOR-US: Bolt CMS CVE-2020-4039 RESERVED CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...) NOT-FOR-US: Node graphql-playground-html CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users ...) NOT-FOR-US: OAuth2 Proxy CVE-2020-4036 RESERVED CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0. ...) NOT-FOR-US: WatermelonDB CVE-2020-4034 RESERVED CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read in RLE ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8 CVE-2020-4032 (In FreeRDP before version 2.1.2, there is an integer casting vulnerabi ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc CVE-2020-4031 (In FreeRDP before version 2.1.2, there is a use-after-free in gdi_Sele ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read in Tri ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 CVE-2020-4029 (The /rest/project-templates/1.0/createshared resource in Atlassian Jir ...) NOT-FOR-US: Atlassian CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with a 404 ...) NOT-FOR-US: Atlassian CVE-2020-4027 (Atlassian Confluence Server and Data Center before version 7.5.1 allow ...) NOT-FOR-US: Atlassian CVE-2020-4026 (The CustomAppsRestResource list resource in Atlassian Navigator Links ...) NOT-FOR-US: Atlassian CVE-2020-4025 (The attachment download resource in Atlassian Jira Server and Data Cen ...) NOT-FOR-US: Atlassian CVE-2020-4024 (The attachment download resource in Atlassian Jira Server and Data Cen ...) NOT-FOR-US: Atlassian CVE-2020-4023 (The review coverage resource in Atlassian Fisheye and Crucible before ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2020-4022 (The attachment download resource in Atlassian Jira Server and Data Cen ...) NOT-FOR-US: Atlassian CVE-2020-4021 (Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of At ...) NOT-FOR-US: Atlassian CVE-2020-4020 (The file downloading functionality in the Atlassian Companion App befo ...) NOT-FOR-US: Atlassian CVE-2020-4019 (The file editing functionality in the Atlassian Companion App before v ...) NOT-FOR-US: Atlassian CVE-2020-4018 (The setup resources in Atlassian Fisheye and Crucible before version 4 ...) NOT-FOR-US: Atlassian CVE-2020-4017 (The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jir ...) NOT-FOR-US: Atlassian CVE-2020-4016 (The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril ...) NOT-FOR-US: Atlassian CVE-2020-4015 (The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Cru ...) NOT-FOR-US: Atlassian CVE-2020-4014 (The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible ...) NOT-FOR-US: Atlassian CVE-2020-4013 (The review resource in Atlassian Fisheye and Crucible before version 4 ...) NOT-FOR-US: Atlassian CVE-2020-4012 RESERVED CVE-2020-4011 RESERVED CVE-2020-4010 RESERVED CVE-2020-4009 RESERVED CVE-2020-4008 RESERVED CVE-2020-4007 RESERVED CVE-2020-4006 RESERVED CVE-2020-4005 RESERVED CVE-2020-4004 RESERVED CVE-2020-4003 RESERVED CVE-2020-4002 RESERVED CVE-2020-4001 RESERVED CVE-2020-4000 RESERVED CVE-2020-3999 RESERVED CVE-2020-3998 RESERVED CVE-2020-3997 RESERVED CVE-2020-3996 RESERVED CVE-2020-3995 RESERVED CVE-2020-3994 RESERVED CVE-2020-3993 RESERVED CVE-2020-3992 RESERVED CVE-2020-3991 RESERVED CVE-2020-3990 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) NOT-FOR-US: VMware CVE-2020-3989 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) NOT-FOR-US: VMware CVE-2020-3988 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) NOT-FOR-US: VMware CVE-2020-3987 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) NOT-FOR-US: VMware CVE-2020-3986 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) NOT-FOR-US: VMware CVE-2020-3985 RESERVED CVE-2020-3984 RESERVED CVE-2020-3983 RESERVED CVE-2020-3982 RESERVED CVE-2020-3981 RESERVED CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...) NOT-FOR-US: VMware CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...) NOT-FOR-US: InstallBuilder for Qt Windows installers CVE-2020-3978 RESERVED CVE-2020-3977 RESERVED CVE-2020-3976 (VMware ESXi and vCenter Server contain a partial denial of service vul ...) NOT-FOR-US: VMware CVE-2020-3975 (VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior ...) NOT-FOR-US: VMware CVE-2020-3974 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...) NOT-FOR-US: VMware CVE-2020-3973 (The VeloCloud Orchestrator does not apply correct input validation whi ...) NOT-FOR-US: VMware CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...) NOT-FOR-US: VMware CVE-2020-3971 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2020-3970 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3969 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3968 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3967 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3966 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3965 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3964 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3963 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3962 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3961 (VMware Horizon Client for Windows (prior to 5.4.3) contains a privileg ...) NOT-FOR-US: VMware CVE-2020-3960 RESERVED CVE-2020-3959 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2020-3958 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2020-3957 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...) NOT-FOR-US: VMware CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, ...) NOT-FOR-US: VMware CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ...) NOT-FOR-US: VMware CVE-2020-3954 (Open Redirect vulnerability exists in VMware vRealize Log Insight prio ...) NOT-FOR-US: VMware CVE-2020-3953 (Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log ...) NOT-FOR-US: VMware CVE-2020-3952 (Under certain conditions, vmdir that ships with VMware vCenter Server, ...) NOT-FOR-US: VMware CVE-2020-3951 (VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows ...) NOT-FOR-US: VMware CVE-2020-3950 (VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11. ...) NOT-FOR-US: VMware CVE-2020-3949 RESERVED CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and ...) NOT-FOR-US: VMware CVE-2020-3947 (VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2 ...) NOT-FOR-US: VMware CVE-2020-3946 (InstallBuilder AutoUpdate tool and regular installers enabling <che ...) NOT-FOR-US: InstallBuilder CVE-2020-3945 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3944 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3943 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3942 RESERVED CVE-2020-3941 (The repair operation of VMware Tools for Windows 10.x.y has a race con ...) NOT-FOR-US: VMware Tools for Windows CVE-2020-3940 (VMware Workspace ONE SDK and dependent mobile application updates addr ...) NOT-FOR-US: VMware CVE-2020-3939 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3938 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3937 (SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, a ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3936 (UltraLog Express device management interface does not properly filter ...) NOT-FOR-US: UltraLog Express CVE-2020-3935 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3934 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3933 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may ...) NOT-FOR-US: Draytek VigorAP910C CVE-2020-3931 (Buffer overflow exists in Geovision Door Access Control device family, ...) NOT-FOR-US: Geovision Door Access Control CVE-2020-3930 (GeoVision Door Access Control device family improperly stores and cont ...) NOT-FOR-US: GeoVision Door Access Control CVE-2020-3929 (GeoVision Door Access Control device family employs shared cryptograph ...) NOT-FOR-US: GeoVision Door Access Control CVE-2020-3928 (GeoVision Door Access Control device family is hardcoded with a root p ...) NOT-FOR-US: GeoVision Door Access Control CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3924 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...) NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series CVE-2020-3923 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...) NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series CVE-2020-3922 (LisoMail, by ArmorX, allows SQL Injections, attackers can access the d ...) NOT-FOR-US: LisoMail CVE-2020-3921 (UltraLog Express device management software stores user’s inform ...) NOT-FOR-US: UltraLog Express CVE-2020-3920 (UltraLog Express device management interface does not properly perform ...) NOT-FOR-US: UltraLog Express CVE-2020-3919 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3918 RESERVED CVE-2020-3917 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2020-3916 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2020-3915 RESERVED CVE-2020-3914 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3913 (A permissions issue existed. This issue was addressed with improved pe ...) NOT-FOR-US: Apple CVE-2020-3912 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3911 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2020-3910 (A buffer overflow was addressed with improved size validation. This is ...) - libxml2 CVE-2020-3909 (A buffer overflow was addressed with improved bounds checking. This is ...) - libxml2 CVE-2020-3908 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3907 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3906 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3905 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3904 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-3903 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3902 (An input validation issue was addressed with improved input validation ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3901 (A type confusion issue was addressed with improved memory handling. Th ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3900 (A memory corruption issue was addressed with improved memory handling. ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3899 (A memory consumption issue was addressed with improved memory handling ...) {DSA-4681-1} - webkit2gtk 2.28.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.2-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c] RESERVED {DLA-2237-1} - cups 2.3.1-12 [buster] - cups 2.2.10-6+deb10u3 [stretch] - cups 2.2.1-8+deb9u6 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1823964 NOTE: https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ppd.c, ppdc/ppdc-source.cxx) CVE-2020-3897 (A type confusion issue was addressed with improved memory handling. Th ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3896 RESERVED CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3894 (A race condition was addressed with additional validation. This issue ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3893 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3892 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3891 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3890 (The issue was addressed with improved deletion. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3889 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3888 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3886 RESERVED CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3884 (An injection issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2020-3883 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3882 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3880 RESERVED CVE-2020-3879 RESERVED CVE-2020-3878 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3877 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3876 RESERVED CVE-2020-3875 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-3874 (An issued existed in the naming of screenshots. The issue was correcte ...) NOT-FOR-US: Apple CVE-2020-3873 (This issue was addressed with improved setting propagation. This issue ...) NOT-FOR-US: Apple CVE-2020-3872 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3871 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3870 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3869 (An issue existed in the handling of the local user's self-view. The is ...) NOT-FOR-US: Apple CVE-2020-3868 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3867 (A logic issue was addressed with improved state management. This issue ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3866 (This was addressed with additional checks by Gatekeeper on files mount ...) NOT-FOR-US: Apple CVE-2020-3865 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3864 RESERVED {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3863 RESERVED CVE-2020-3862 (A denial of service issue was addressed with improved memory handling. ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3861 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2020-3860 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3859 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-3858 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3857 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3856 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3855 RESERVED CVE-2020-3854 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3853 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2020-3852 RESERVED CVE-2020-3851 RESERVED CVE-2020-3850 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3849 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3848 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3847 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3846 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2020-3845 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3844 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3843 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3842 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3841 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2020-3840 (An off by one issue existed in the handling of racoon configuration fi ...) NOT-FOR-US: Apple CVE-2020-3839 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-3838 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2020-3837 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3836 (An access issue was addressed with improved memory management. This is ...) NOT-FOR-US: Apple CVE-2020-3835 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2020-3834 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-3833 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-3832 RESERVED CVE-2020-3831 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-3830 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2020-3829 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-3828 (A lock screen issue allowed access to contacts on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2020-3827 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3826 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3825 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2020-3824 RESERVED CVE-2020-3823 RESERVED CVE-2020-3822 RESERVED CVE-2020-3821 RESERVED CVE-2020-3820 RESERVED CVE-2020-3819 RESERVED CVE-2020-3818 RESERVED CVE-2020-3817 RESERVED CVE-2020-3816 RESERVED CVE-2020-3815 RESERVED CVE-2020-3814 RESERVED CVE-2020-3813 RESERVED CVE-2020-3812 (qmail-verify as used in netqmail 1.06 is prone to an information discl ...) {DSA-4692-1 DLA-2234-1} - netqmail 1.06-6.2 (bug #961060) NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2020-3811 (qmail-verify as used in netqmail 1.06 is prone to a mail-address verif ...) {DSA-4692-1 DLA-2234-1} - netqmail 1.06-6.2 (bug #961060) NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT before v ...) {DSA-4685-1 DLA-2210-1} - apt 2.1.2 NOTE: https://github.com/Debian/apt/issues/111 NOTE: https://bugs.launchpad.net/bugs/1878177 NOTE: https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6 CVE-2020-3809 (Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-3808 (Creative Cloud Desktop Application versions 5.0 and earlier have a tim ...) NOT-FOR-US: Adobe CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3805 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3804 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3803 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3802 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3801 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3800 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3799 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3798 (Adobe Digital Editions versions 4.5.11.187212 and below have a file en ...) NOT-FOR-US: Adobe CVE-2020-3797 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3796 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an impro ...) NOT-FOR-US: ColdFusion CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file i ...) NOT-FOR-US: Adobe CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3791 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3790 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3789 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3788 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3787 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3786 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3785 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3784 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3783 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3782 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3781 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3780 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3779 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3778 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-3777 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3776 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3775 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3774 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3773 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3772 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3771 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3770 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...) NOT-FOR-US: Adobe CVE-2020-3768 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll se ...) NOT-FOR-US: ColdFusion CVE-2020-3767 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insuf ...) NOT-FOR-US: ColdFusion CVE-2020-3766 (Adobe Genuine Integrity Service versions Version 6.4 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3761 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote ...) NOT-FOR-US: Adobe CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...) NOT-FOR-US: Adobe CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors ...) NOT-FOR-US: Adobe CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3757 (Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and ear ...) NOT-FOR-US: Adobe CVE-2020-3756 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3755 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3754 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3753 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3752 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3751 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3750 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3749 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3748 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3747 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3746 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3745 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3744 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3743 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3742 (Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.01 ...) NOT-FOR-US: Adobe CVE-2020-3741 (Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled re ...) NOT-FOR-US: Adobe CVE-2020-3740 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-3739 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-3738 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3737 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3736 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3735 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...) NOT-FOR-US: Adobe CVE-2020-3734 (Adobe Framemaker versions 2019.0.4 and below have a buffer error vulne ...) NOT-FOR-US: Adobe CVE-2020-3733 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3732 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3731 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...) NOT-FOR-US: Adobe CVE-2020-3730 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3729 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3728 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3727 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3726 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3725 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3724 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3723 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3722 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3721 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3720 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3709 RESERVED CVE-2020-3708 RESERVED CVE-2020-3707 RESERVED CVE-2020-3706 RESERVED CVE-2020-3705 RESERVED CVE-2020-3704 RESERVED CVE-2020-3703 RESERVED CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...) NOT-FOR-US: Snapdragon CVE-2020-3701 (Use after free issue while processing error notification from camx dri ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3700 (Possible out of bounds read due to a missing bounds check and could le ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3699 (Possible out of bound access while processing assoc response from host ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3698 (Out of bound write while QoS DSCP mapping due to improper input valida ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3697 RESERVED CVE-2020-3696 RESERVED CVE-2020-3695 RESERVED CVE-2020-3694 RESERVED CVE-2020-3693 RESERVED CVE-2020-3692 RESERVED CVE-2020-3691 RESERVED CVE-2020-3690 RESERVED CVE-2020-3689 RESERVED CVE-2020-3688 (Possible buffer overflow while parsing mp4 clip with corrupted sample ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3687 RESERVED CVE-2020-3686 RESERVED CVE-2020-3685 RESERVED CVE-2020-3684 RESERVED CVE-2020-3683 RESERVED CVE-2020-3682 RESERVED CVE-2020-3681 (Authenticated and encrypted payload MMEs can be forged and remotely se ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3680 (A race condition can occur when using the fastrpc memory mapping API. ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3679 (u'During execution after Address Space Layout Randomization is turned ...) NOT-FOR-US: Snapdragon CVE-2020-3678 RESERVED CVE-2020-3677 RESERVED CVE-2020-3676 (Possible memory corruption in perfservice due to improper validation a ...) NOT-FOR-US: Snapdragon CVE-2020-3675 (u'Potential integer underflow while parsing Service Info and IPv6 link ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3674 (Information can leak into userspace due to improper transfer of data f ...) NOT-FOR-US: Snapdragon CVE-2020-3673 RESERVED CVE-2020-3672 RESERVED CVE-2020-3671 (Use-after-free issue could occur due to dangling pointer when generati ...) NOT-FOR-US: Snapdragon CVE-2020-3670 RESERVED CVE-2020-3669 (u'Buffer Overflow issue in WLAN tcp ip verification due to usage of ou ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3668 (u'Buffer overflow while parsing PMF enabled MCBC frames due to frame l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3667 (u'Buffer Overflow in mic calculation for WPA due to copying data into ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3666 (u'Out of bounds memory access during memory copy while processing Host ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3665 (A possible buffer overflow would occur while processing command from f ...) NOT-FOR-US: Snapdragon CVE-2020-3664 RESERVED CVE-2020-3663 (Buffer over-write may occur during fetching track decoder specific inf ...) NOT-FOR-US: Snapdragon CVE-2020-3662 (Buffer overflow can occur while parsing eac3 header while playing the ...) NOT-FOR-US: Snapdragon CVE-2020-3661 (Buffer overflow will happen while parsing mp4 clip with corrupted samp ...) NOT-FOR-US: Snapdragon CVE-2020-3660 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...) NOT-FOR-US: Snapdragon CVE-2020-3659 RESERVED CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...) NOT-FOR-US: Snapdragon CVE-2020-3657 RESERVED CVE-2020-3656 (Out of bound access can happen in MHI command process due to lack of c ...) NOT-FOR-US: Snapdragon CVE-2020-3655 RESERVED CVE-2020-3654 RESERVED CVE-2020-3653 (Possible buffer over-read in windows wlan driver function due to lack ...) NOT-FOR-US: Snapdragon CVE-2020-3652 (Possible buffer over-read issue in windows x86 wlan driver function wh ...) NOT-FOR-US: Snapdragon CVE-2020-3651 (Active command timeout since WM status change cmd is not removed from ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3650 RESERVED CVE-2020-3649 RESERVED CVE-2020-3648 (u'Possible out of bound write in DSP driver code due to lack of check ...) NOT-FOR-US: Snapdragon CVE-2020-3647 (u'Potential buffer overflow when accessing npu debugfs node "off"/"log ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3646 (u'Buffer overflow seen as the destination buffer size is lesser than t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3645 (Firmware will hit assert in WLAN firmware If encrypted data length in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3644 (u'Information disclosure issue occurs as in current logic Secure Touch ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3643 (u'Information disclosure issue can occur due to partial secure display ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3642 (Use after free issue in camera applications when used randomly over mu ...) NOT-FOR-US: Snapdragon CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset as th ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3640 (u'Resizing the usage table header before passing all the checks leads ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3639 RESERVED CVE-2020-3638 RESERVED CVE-2020-3637 RESERVED CVE-2020-3636 (u'Out of bound writes happen when accessing usage_table header entry b ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed per re ...) NOT-FOR-US: Snapdragon CVE-2020-3634 (u'Multiple Read overflows issue due to improper length check while dec ...) NOT-FOR-US: Snapdragon CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3632 RESERVED CVE-2020-3631 RESERVED CVE-2020-3630 (Possibility of out of bound access while processing the responses from ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3629 (u'Stack out of bound issue occurs when making query to DSP capabilitie ...) NOT-FOR-US: Snapdragon CVE-2020-3628 (Improper access due to socket opened by the logging application withou ...) NOT-FOR-US: Snapdragon CVE-2020-3627 RESERVED CVE-2020-3626 (Any application can bind to it and exercise the APIs due to no protect ...) NOT-FOR-US: Snapdragon CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds occurs due ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3624 (u'A potential buffer overflow exists due to integer overflow when pars ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3623 (kernel failure due to load failures while running v1 path directly via ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3622 (u'Channel name string which has been read from shared memory is potent ...) NOT-FOR-US: Snapdragon CVE-2020-3621 (u'Lack of check to ensure that the TX read index & RX write index ...) NOT-FOR-US: Snapdragon CVE-2020-3620 (u'Lack of check of integer overflow while doing a round up operation f ...) NOT-FOR-US: Snapdragon CVE-2020-3619 (u'Non-secure memory is touched multiple times during TrustZone\u2019s ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3618 (NULL exception due to accessing bad pointer while posting events on RT ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3617 (u'Buffer over-read Issue in Q6 testbus framework due to diag packet le ...) NOT-FOR-US: Snapdragon CVE-2020-3616 (Buffer overflow in display function due to memory copy without checkin ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3615 (Valid deauth/disassoc frames is dropped in case if RMF is enabled and ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3614 (Possible buffer overflow while copying the frame to local buffer due t ...) NOT-FOR-US: Snapdragon CVE-2020-3613 (Double free issue in kernel memory mapping due to lack of memory prote ...) NOT-FOR-US: Snapdragon CVE-2020-3612 RESERVED CVE-2020-3611 (u'XBL SEC clears only ZI region when loading Qualcomm-signed segments ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3610 (Possibility of double free of the drawobj that is added to the drawque ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3609 RESERVED CVE-2020-3608 RESERVED CVE-2020-3607 RESERVED CVE-2020-3606 RESERVED CVE-2020-3605 RESERVED CVE-2020-3604 RESERVED CVE-2020-3603 RESERVED CVE-2020-3602 RESERVED CVE-2020-3601 RESERVED CVE-2020-3600 RESERVED CVE-2020-3599 RESERVED CVE-2020-3598 RESERVED CVE-2020-3597 RESERVED CVE-2020-3596 RESERVED CVE-2020-3595 RESERVED CVE-2020-3594 RESERVED CVE-2020-3593 RESERVED CVE-2020-3592 RESERVED CVE-2020-3591 RESERVED CVE-2020-3590 RESERVED CVE-2020-3589 RESERVED CVE-2020-3588 RESERVED CVE-2020-3587 RESERVED CVE-2020-3586 RESERVED CVE-2020-3585 RESERVED CVE-2020-3584 RESERVED CVE-2020-3583 RESERVED CVE-2020-3582 RESERVED CVE-2020-3581 RESERVED CVE-2020-3580 RESERVED CVE-2020-3579 RESERVED CVE-2020-3578 RESERVED CVE-2020-3577 RESERVED CVE-2020-3576 RESERVED CVE-2020-3575 RESERVED CVE-2020-3574 RESERVED CVE-2020-3573 RESERVED CVE-2020-3572 RESERVED CVE-2020-3571 RESERVED CVE-2020-3570 RESERVED CVE-2020-3569 RESERVED CVE-2020-3568 RESERVED CVE-2020-3567 RESERVED CVE-2020-3566 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...) NOT-FOR-US: Cisco CVE-2020-3565 RESERVED CVE-2020-3564 RESERVED CVE-2020-3563 RESERVED CVE-2020-3562 RESERVED CVE-2020-3561 RESERVED CVE-2020-3560 RESERVED CVE-2020-3559 RESERVED CVE-2020-3558 RESERVED CVE-2020-3557 RESERVED CVE-2020-3556 RESERVED CVE-2020-3555 RESERVED CVE-2020-3554 RESERVED CVE-2020-3553 RESERVED CVE-2020-3552 RESERVED CVE-2020-3551 RESERVED CVE-2020-3550 RESERVED CVE-2020-3549 RESERVED CVE-2020-3548 RESERVED CVE-2020-3547 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3545 (A vulnerability in Cisco FXOS Software could allow an authenticated, l ...) NOT-FOR-US: Cisco CVE-2020-3544 RESERVED CVE-2020-3543 RESERVED CVE-2020-3542 (A vulnerability in Cisco Webex Training could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3541 (A vulnerability in the media engine component of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2020-3540 RESERVED CVE-2020-3539 RESERVED CVE-2020-3538 RESERVED CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could allow an au ...) NOT-FOR-US: Cisco CVE-2020-3536 RESERVED CVE-2020-3535 RESERVED CVE-2020-3534 RESERVED CVE-2020-3533 RESERVED CVE-2020-3532 RESERVED CVE-2020-3531 RESERVED CVE-2020-3530 (A vulnerability in task group assignment for a specific CLI command in ...) NOT-FOR-US: Cisco CVE-2020-3529 RESERVED CVE-2020-3528 RESERVED CVE-2020-3527 RESERVED CVE-2020-3526 RESERVED CVE-2020-3525 RESERVED CVE-2020-3524 RESERVED CVE-2020-3523 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3522 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3521 (A vulnerability in a specific REST API of Cisco Data Center Network Ma ...) NOT-FOR-US: Cisco CVE-2020-3520 (A vulnerability in Cisco Data Center Network Manager (DCNM) Software c ...) NOT-FOR-US: Cisco CVE-2020-3519 (A vulnerability in a specific REST API method of Cisco Data Center Net ...) NOT-FOR-US: Cisco CVE-2020-3518 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3517 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) NOT-FOR-US: Cisco CVE-2020-3516 RESERVED CVE-2020-3515 RESERVED CVE-2020-3514 RESERVED CVE-2020-3513 RESERVED CVE-2020-3512 RESERVED CVE-2020-3511 RESERVED CVE-2020-3510 RESERVED CVE-2020-3509 RESERVED CVE-2020-3508 RESERVED CVE-2020-3507 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...) NOT-FOR-US: Cisco CVE-2020-3506 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...) NOT-FOR-US: Cisco CVE-2020-3505 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...) NOT-FOR-US: Cisco CVE-2020-3504 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...) NOT-FOR-US: Cisco CVE-2020-3503 RESERVED CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2020-3501 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2020-3500 (A vulnerability in the IPv6 implementation of Cisco StarOS could allow ...) NOT-FOR-US: Cisco CVE-2020-3499 RESERVED CVE-2020-3498 (A vulnerability in Cisco Jabber software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3497 RESERVED CVE-2020-3496 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...) NOT-FOR-US: Cisco CVE-2020-3495 (A vulnerability in Cisco Jabber for Windows could allow an authenticat ...) NOT-FOR-US: Cisco CVE-2020-3494 RESERVED CVE-2020-3493 RESERVED CVE-2020-3492 RESERVED CVE-2020-3491 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2020-3490 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2020-3489 RESERVED CVE-2020-3488 RESERVED CVE-2020-3487 RESERVED CVE-2020-3486 RESERVED CVE-2020-3485 (A vulnerability in the role-based access control (RBAC) functionality ...) NOT-FOR-US: Cisco CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2020-3483 RESERVED CVE-2020-3482 RESERVED CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam AntiVirus (C ...) {DLA-2314-1} - clamav 0.102.4+dfsg-1 [buster] - clamav 0.102.4+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html CVE-2020-3480 RESERVED CVE-2020-3479 RESERVED CVE-2020-3478 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...) NOT-FOR-US: Cisco CVE-2020-3477 RESERVED CVE-2020-3476 RESERVED CVE-2020-3475 RESERVED CVE-2020-3474 RESERVED CVE-2020-3473 (A vulnerability in task group assignment for a specific CLI command in ...) NOT-FOR-US: Cisco CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings could ...) NOT-FOR-US: Cisco CVE-2020-3471 RESERVED CVE-2020-3470 RESERVED CVE-2020-3469 RESERVED CVE-2020-3468 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3467 RESERVED CVE-2020-3466 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3465 RESERVED CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) NOT-FOR-US: Cisco CVE-2020-3463 (A vulnerability in the web-based management interface of Cisco Webex M ...) NOT-FOR-US: Cisco CVE-2020-3462 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3461 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3460 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3459 RESERVED CVE-2020-3458 RESERVED CVE-2020-3457 RESERVED CVE-2020-3456 RESERVED CVE-2020-3455 RESERVED CVE-2020-3454 (A vulnerability in the Call Home feature of Cisco NX-OS Software could ...) NOT-FOR-US: Cisco CVE-2020-3453 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3452 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3451 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2020-3449 (A vulnerability in the Border Gateway Protocol (BGP) additional paths ...) NOT-FOR-US: Cisco CVE-2020-3448 (A vulnerability in an access control mechanism of Cisco Cyber Vision C ...) NOT-FOR-US: Cisco CVE-2020-3447 (A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security A ...) NOT-FOR-US: Cisco CVE-2020-3446 (A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS ...) NOT-FOR-US: Cisco CVE-2020-3445 RESERVED CVE-2020-3444 RESERVED CVE-2020-3443 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) ...) NOT-FOR-US: Cisco CVE-2020-3442 (The DuoConnect client enables users to establish SSH connections to ho ...) NOT-FOR-US: DuoConnect CVE-2020-3441 RESERVED CVE-2020-3440 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could ...) NOT-FOR-US: Cisco CVE-2020-3439 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3438 RESERVED CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3436 RESERVED CVE-2020-3435 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) NOT-FOR-US: Cisco CVE-2020-3434 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) NOT-FOR-US: Cisco CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) NOT-FOR-US: Cisco CVE-2020-3432 RESERVED CVE-2020-3431 RESERVED CVE-2020-3430 (A vulnerability in the application protocol handling features of Cisco ...) NOT-FOR-US: Cisco CVE-2020-3429 RESERVED CVE-2020-3428 RESERVED CVE-2020-3427 RESERVED CVE-2020-3426 RESERVED CVE-2020-3425 RESERVED CVE-2020-3424 RESERVED CVE-2020-3423 RESERVED CVE-2020-3422 RESERVED CVE-2020-3421 RESERVED CVE-2020-3420 RESERVED CVE-2020-3419 RESERVED CVE-2020-3418 RESERVED CVE-2020-3417 RESERVED CVE-2020-3416 RESERVED CVE-2020-3415 (A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Sof ...) NOT-FOR-US: Cisco CVE-2020-3414 RESERVED CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of Cisco Web ...) NOT-FOR-US: Cisco CVE-2020-3412 (A vulnerability in the scheduled meeting template feature of Cisco Web ...) NOT-FOR-US: Cisco CVE-2020-3411 (A vulnerability in Cisco DNA Center software could allow an unauthenti ...) NOT-FOR-US: Cisco CVE-2020-3410 RESERVED CVE-2020-3409 RESERVED CVE-2020-3408 RESERVED CVE-2020-3407 RESERVED CVE-2020-3406 (A vulnerability in the web-based management interface of the Cisco SD- ...) NOT-FOR-US: Cisco CVE-2020-3405 (A vulnerability in the web UI of Cisco SD-WAN vManage Software could a ...) NOT-FOR-US: Cisco CVE-2020-3404 RESERVED CVE-2020-3403 RESERVED CVE-2020-3402 (A vulnerability in the Java Remote Method Invocation (RMI) interface o ...) NOT-FOR-US: Cisco CVE-2020-3401 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3400 RESERVED CVE-2020-3399 RESERVED CVE-2020-3398 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...) NOT-FOR-US: Cisco CVE-2020-3397 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...) NOT-FOR-US: Cisco CVE-2020-3396 RESERVED CVE-2020-3395 RESERVED CVE-2020-3394 (A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Serie ...) NOT-FOR-US: Cisco CVE-2020-3393 RESERVED CVE-2020-3392 RESERVED CVE-2020-3391 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...) NOT-FOR-US: Cisco CVE-2020-3390 RESERVED CVE-2020-3389 (A vulnerability in the installation component of Cisco Hyperflex HX-Se ...) NOT-FOR-US: Cisco CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...) NOT-FOR-US: Cisco CVE-2020-3387 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...) NOT-FOR-US: Cisco CVE-2020-3386 (A vulnerability in the REST API endpoint of Cisco Data Center Network ...) NOT-FOR-US: Cisco CVE-2020-3385 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...) NOT-FOR-US: Cisco CVE-2020-3384 (A vulnerability in specific REST API endpoints of Cisco Data Center Ne ...) NOT-FOR-US: Cisco CVE-2020-3383 (A vulnerability in the archive utility of Cisco Data Center Network Ma ...) NOT-FOR-US: Cisco CVE-2020-3382 (A vulnerability in the REST API of Cisco Data Center Network Manager ( ...) NOT-FOR-US: Cisco CVE-2020-3381 (A vulnerability in the web management interface of Cisco SD-WAN vManag ...) NOT-FOR-US: Cisco CVE-2020-3380 (A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) ...) NOT-FOR-US: Cisco CVE-2020-3379 (A vulnerability in Cisco SD-WAN Solution Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3378 (A vulnerability in the web-based management interface for Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3377 (A vulnerability in the Device Manager application of Cisco Data Center ...) NOT-FOR-US: Cisco CVE-2020-3376 (A vulnerability in the Device Manager application of Cisco Data Center ...) NOT-FOR-US: Cisco CVE-2020-3375 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...) NOT-FOR-US: Cisco CVE-2020-3374 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3373 RESERVED CVE-2020-3372 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3371 RESERVED CVE-2020-3370 (A vulnerability in URL filtering of Cisco Content Security Management ...) NOT-FOR-US: Cisco CVE-2020-3369 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...) NOT-FOR-US: Cisco CVE-2020-3368 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3367 RESERVED CVE-2020-3366 RESERVED CVE-2020-3365 (A vulnerability in the directory permissions of Cisco Enterprise NFV I ...) NOT-FOR-US: Cisco CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality of the ...) NOT-FOR-US: Cisco CVE-2020-3363 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...) NOT-FOR-US: Cisco CVE-2020-3362 (A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO ...) NOT-FOR-US: Cisco CVE-2020-3361 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...) NOT-FOR-US: Cisco CVE-2020-3360 (A vulnerability in the Web Access feature of Cisco IP Phones Series 78 ...) NOT-FOR-US: Cisco CVE-2020-3359 RESERVED CVE-2020-3358 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisc ...) NOT-FOR-US: Cisco CVE-2020-3357 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco ...) NOT-FOR-US: Cisco CVE-2020-3356 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3355 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3354 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3353 (A vulnerability in the syslog processing engine of Cisco Identity Serv ...) NOT-FOR-US: Cisco CVE-2020-3352 RESERVED CVE-2020-3351 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...) NOT-FOR-US: Cisco CVE-2020-3350 (A vulnerability in the endpoint software of Cisco AMP for Endpoints an ...) {DLA-2314-1} - clamav 0.102.4+dfsg-1 [buster] - clamav 0.102.4+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html CVE-2020-3349 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3348 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could ...) NOT-FOR-US: Cisco CVE-2020-3346 (A vulnerability in the web UI of Cisco Unified Communications Manager ...) NOT-FOR-US: Cisco CVE-2020-3345 (A vulnerability in certain web pages of Cisco Webex Meetings and Cisco ...) NOT-FOR-US: Cisco CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...) NOT-FOR-US: Cisco CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...) NOT-FOR-US: Cisco CVE-2020-3342 (A vulnerability in the software update feature of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVirus (C ...) {DLA-2215-1} - clamav 0.102.3+dfsg-1 [buster] - clamav 0.102.3+dfsg-0~deb10u1 [stretch] - clamav 0.102.3+dfsg-0~deb9u1 NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html CVE-2020-3340 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2020-3338 (A vulnerability in the Protocol Independent Multicast (PIM) feature fo ...) NOT-FOR-US: Cisco CVE-2020-3337 (A vulnerability in the web server of Cisco Umbrella could allow an una ...) NOT-FOR-US: Cisco CVE-2020-3336 (A vulnerability in the software upgrade process of Cisco TelePresence ...) NOT-FOR-US: Cisco CVE-2020-3335 (A vulnerability in the key store of Cisco Application Services Engine ...) NOT-FOR-US: Cisco CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Securit ...) NOT-FOR-US: Cisco CVE-2020-3333 (A vulnerability in the API of Cisco Application Services Engine Softwa ...) NOT-FOR-US: Cisco CVE-2020-3332 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2020-3331 (A vulnerability in the web-based management interface of Cisco RV110W ...) NOT-FOR-US: Cisco CVE-2020-3330 (A vulnerability in the Telnet service of Cisco Small Business RV110W W ...) NOT-FOR-US: Cisco CVE-2020-3329 (A vulnerability in role-based access control of Cisco Integrated Manag ...) NOT-FOR-US: Cisco CVE-2020-3328 RESERVED CVE-2020-3327 (A vulnerability in the ARJ archive parsing module in Clam AntiVirus (C ...) {DLA-2314-1 DLA-2215-1} - clamav 0.102.4+dfsg-1 [buster] - clamav 0.102.4+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html NOTE: Original fix from 0.102.3 was incomplete CVE-2020-3326 RESERVED CVE-2020-3325 RESERVED CVE-2020-3324 RESERVED CVE-2020-3323 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...) NOT-FOR-US: Cisco CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...) NOT-FOR-US: Cisco CVE-2020-3320 RESERVED CVE-2020-3319 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...) NOT-FOR-US: Cisco CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...) NOT-FOR-US: Cisco CVE-2020-3317 RESERVED CVE-2020-3316 RESERVED CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Snort d ...) NOT-FOR-US: Cisco CVE-2020-3314 (A vulnerability in the file scan process of Cisco AMP for Endpoints Ma ...) NOT-FOR-US: Cisco CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...) NOT-FOR-US: Cisco CVE-2020-3312 (A vulnerability in the application policy configuration of Cisco Firep ...) NOT-FOR-US: Cisco CVE-2020-3311 (A vulnerability in the web interface of Cisco Firepower Management Cen ...) NOT-FOR-US: Cisco CVE-2020-3310 (A vulnerability in the XML parser code of Cisco Firepower Device Manag ...) NOT-FOR-US: Cisco CVE-2020-3309 (A vulnerability in Cisco Firepower Device Manager (FDM) On-Box softwar ...) NOT-FOR-US: Cisco CVE-2020-3308 (A vulnerability in the Image Signature Verification feature of Cisco F ...) NOT-FOR-US: Cisco CVE-2020-3307 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...) NOT-FOR-US: Cisco CVE-2020-3306 (A vulnerability in the DHCP module of Cisco Adaptive Security Applianc ...) NOT-FOR-US: Cisco CVE-2020-3305 (A vulnerability in the implementation of the Border Gateway Protocol ( ...) NOT-FOR-US: Cisco CVE-2020-3304 RESERVED CVE-2020-3303 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...) NOT-FOR-US: Cisco CVE-2020-3302 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...) NOT-FOR-US: Cisco CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...) NOT-FOR-US: Cisco CVE-2020-3300 RESERVED CVE-2020-3299 RESERVED CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...) NOT-FOR-US: Cisco CVE-2020-3297 (A vulnerability in session management for the web-based interface of C ...) NOT-FOR-US: Cisco CVE-2020-3296 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3295 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3294 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3293 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3292 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3291 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3290 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3289 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3288 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3287 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3286 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3285 (A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) ...) NOT-FOR-US: Cisco CVE-2020-3284 RESERVED CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...) NOT-FOR-US: Cisco CVE-2020-3282 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2020-3281 (A vulnerability in the audit logging component of Cisco Digital Networ ...) NOT-FOR-US: Cisco CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of Cisco Unifi ...) NOT-FOR-US: Cisco CVE-2020-3279 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3278 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3277 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3276 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3275 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3274 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3273 (A vulnerability in the 802.11 Generic Advertisement Service (GAS) fram ...) NOT-FOR-US: Cisco CVE-2020-3272 (A vulnerability in the DHCP server of Cisco Prime Network Registrar co ...) NOT-FOR-US: Cisco CVE-2020-3271 RESERVED CVE-2020-3270 RESERVED CVE-2020-3269 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3268 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3267 (A vulnerability in the API subsystem of Cisco Unified Contact Center E ...) NOT-FOR-US: Cisco CVE-2020-3266 (A vulnerability in the CLI of Cisco SD-WAN Solution software could all ...) NOT-FOR-US: Cisco CVE-2020-3265 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3264 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3263 (A vulnerability in Cisco Webex Meetings Desktop App could allow an una ...) NOT-FOR-US: Cisco CVE-2020-3262 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2020-3261 (A vulnerability in the web-based management interface of Cisco Mobilit ...) NOT-FOR-US: Cisco CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software could a ...) NOT-FOR-US: Cisco CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3258 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...) NOT-FOR-US: Cisco CVE-2020-3257 (Multiple vulnerabilities in the Cisco IOx application environment of C ...) NOT-FOR-US: Cisco CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco Hosted ...) NOT-FOR-US: Cisco CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco Firepo ...) NOT-FOR-US: Cisco CVE-2020-3254 (Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) ...) NOT-FOR-US: Cisco CVE-2020-3253 (A vulnerability in the support tunnel feature of Cisco Firepower Threa ...) NOT-FOR-US: Cisco CVE-2020-3252 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3251 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3250 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3249 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3248 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3246 (A vulnerability in the web server of Cisco Umbrella could allow an una ...) NOT-FOR-US: Cisco CVE-2020-3245 (A vulnerability in the web application of Cisco Smart Software Manager ...) NOT-FOR-US: Cisco CVE-2020-3244 (A vulnerability in the Enhanced Charging Service (ECS) functionality o ...) NOT-FOR-US: Cisco CVE-2020-3243 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3242 (A vulnerability in the REST API of Cisco UCS Director could allow an a ...) NOT-FOR-US: Cisco CVE-2020-3241 (A vulnerability in the orchestration tasks of Cisco UCS Director could ...) NOT-FOR-US: Cisco CVE-2020-3240 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3239 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3238 (A vulnerability in the Cisco Application Framework component of the Ci ...) NOT-FOR-US: Cisco CVE-2020-3237 (A vulnerability in the Cisco Application Framework component of the Ci ...) NOT-FOR-US: Cisco CVE-2020-3236 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...) NOT-FOR-US: Cisco CVE-2020-3235 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...) NOT-FOR-US: Cisco CVE-2020-3234 (A vulnerability in the virtual console authentication of Cisco IOS Sof ...) NOT-FOR-US: Cisco CVE-2020-3233 (A vulnerability in the web-based Local Manager interface of the Cisco ...) NOT-FOR-US: Cisco CVE-2020-3232 (A vulnerability in the Simple Network Management Protocol (SNMP) imple ...) NOT-FOR-US: Cisco CVE-2020-3231 (A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series ...) NOT-FOR-US: Cisco CVE-2020-3230 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...) NOT-FOR-US: Cisco CVE-2020-3229 (A vulnerability in Role Based Access Control (RBAC) functionality of C ...) NOT-FOR-US: Cisco CVE-2020-3228 (A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco ...) NOT-FOR-US: Cisco CVE-2020-3227 (A vulnerability in the authorization controls for the Cisco IOx applic ...) NOT-FOR-US: Cisco CVE-2020-3226 (A vulnerability in the Session Initiation Protocol (SIP) library of Ci ...) NOT-FOR-US: Cisco CVE-2020-3225 (Multiple vulnerabilities in the implementation of the Common Industria ...) NOT-FOR-US: Cisco CVE-2020-3224 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-3223 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-3222 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-3221 (A vulnerability in the Flexible NetFlow Version 9 packet processor of ...) NOT-FOR-US: Cisco CVE-2020-3220 (A vulnerability in the hardware crypto driver of Cisco IOS XE Software ...) NOT-FOR-US: Cisco CVE-2020-3219 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2020-3218 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2020-3217 (A vulnerability in the Topology Discovery Service of Cisco One Platfor ...) NOT-FOR-US: Cisco CVE-2020-3216 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...) NOT-FOR-US: Cisco CVE-2020-3215 (A vulnerability in the Virtual Services Container of Cisco IOS XE Soft ...) NOT-FOR-US: Cisco CVE-2020-3214 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3213 (A vulnerability in the ROMMON of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2020-3212 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2020-3211 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2020-3210 (A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 ...) NOT-FOR-US: Cisco CVE-2020-3209 (A vulnerability in software image verification in Cisco IOS XE Softwar ...) NOT-FOR-US: Cisco CVE-2020-3208 (A vulnerability in the image verification feature of Cisco IOS Softwar ...) NOT-FOR-US: Cisco CVE-2020-3207 (A vulnerability in the processing of boot options of specific Cisco IO ...) NOT-FOR-US: Cisco CVE-2020-3206 (A vulnerability in the handling of IEEE 802.11w Protected Management F ...) NOT-FOR-US: Cisco CVE-2020-3205 (A vulnerability in the implementation of the inter-VM channel of Cisco ...) NOT-FOR-US: Cisco CVE-2020-3204 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3203 (A vulnerability in the locally significant certificate (LSC) provision ...) NOT-FOR-US: Cisco CVE-2020-3202 RESERVED CVE-2020-3201 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3200 (A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Sof ...) NOT-FOR-US: Cisco CVE-2020-3199 (Multiple vulnerabilities in the Cisco IOx application environment of C ...) NOT-FOR-US: Cisco CVE-2020-3198 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...) NOT-FOR-US: Cisco CVE-2020-3197 (A vulnerability in the API subsystem of Cisco Meetings App could allow ...) NOT-FOR-US: Cisco CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...) NOT-FOR-US: Cisco CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...) NOT-FOR-US: Cisco CVE-2020-3194 (A vulnerability in Cisco Webex Network Recording Player for Microsoft ...) NOT-FOR-US: Cisco CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2020-3191 (A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR Software ...) NOT-FOR-US: Cisco CVE-2020-3189 (A vulnerability in the VPN System Logging functionality for Cisco Fire ...) NOT-FOR-US: Cisco CVE-2020-3188 (A vulnerability in how Cisco Firepower Threat Defense (FTD) Software h ...) NOT-FOR-US: Cisco CVE-2020-3187 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3186 (A vulnerability in the management access list configuration of Cisco F ...) NOT-FOR-US: Cisco CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco TelePre ...) NOT-FOR-US: Cisco CVE-2020-3184 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2020-3183 RESERVED CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuration of ...) NOT-FOR-US: Cisco CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...) NOT-FOR-US: Cisco CVE-2020-3180 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...) NOT-FOR-US: Cisco CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...) NOT-FOR-US: Cisco CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Softwar ...) NOT-FOR-US: Cisco CVE-2020-3177 (A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) ...) NOT-FOR-US: Cisco CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...) NOT-FOR-US: Cisco CVE-2020-3174 (A vulnerability in the anycast gateway feature of Cisco NX-OS Software ...) NOT-FOR-US: Cisco CVE-2020-3173 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...) NOT-FOR-US: Cisco CVE-2020-3172 (A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS ...) NOT-FOR-US: Cisco CVE-2020-3171 (A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS ...) NOT-FOR-US: Cisco CVE-2020-3170 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2020-3169 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3168 (A vulnerability in the Secure Login Enhancements capability of Cisco N ...) NOT-FOR-US: Cisco CVE-2020-3167 (A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manage ...) NOT-FOR-US: Cisco CVE-2020-3166 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3165 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...) NOT-FOR-US: Cisco CVE-2020-3164 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...) NOT-FOR-US: Cisco CVE-2020-3162 (A vulnerability in the Constrained Application Protocol (CoAP) impleme ...) NOT-FOR-US: Cisco CVE-2020-3161 (A vulnerability in the web server for Cisco IP Phones could allow an u ...) NOT-FOR-US: Cisco CVE-2020-3160 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...) NOT-FOR-US: Cisco CVE-2020-3159 (A vulnerability in the web-based management interface of Cisco Finesse ...) NOT-FOR-US: Cisco CVE-2020-3158 (A vulnerability in the High Availability (HA) service of Cisco Smart S ...) NOT-FOR-US: Cisco CVE-2020-3157 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-3156 (A vulnerability in the logging component of Cisco Identity Services En ...) NOT-FOR-US: Cisco CVE-2020-3155 (A vulnerability in the SSL implementation of the Cisco Intelligent Pro ...) NOT-FOR-US: Cisco CVE-2020-3154 (A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could ...) NOT-FOR-US: Cisco CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect Secure ...) NOT-FOR-US: Cisco CVE-2020-3152 (A vulnerability in Cisco Connected Mobile Experiences (CMX) could allo ...) NOT-FOR-US: Cisco CVE-2020-3151 (A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) ...) NOT-FOR-US: Cisco CVE-2020-3150 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...) NOT-FOR-US: Cisco CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...) NOT-FOR-US: Cisco CVE-2020-3146 (Multiple vulnerabilities in the web-based management interface of the ...) NOT-FOR-US: Cisco CVE-2020-3145 (Multiple vulnerabilities in the web-based management interface of the ...) NOT-FOR-US: Cisco CVE-2020-3144 (A vulnerability in the web-based management interface of the Cisco RV1 ...) NOT-FOR-US: Cisco CVE-2020-3143 RESERVED CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...) NOT-FOR-US: Cisco CVE-2020-3141 RESERVED CVE-2020-3140 (A vulnerability in the web management interface of Cisco Prime License ...) NOT-FOR-US: Cisco CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...) NOT-FOR-US: Cisco CVE-2020-3138 (A vulnerability in the upgrade component of Cisco Enterprise NFV Infra ...) NOT-FOR-US: Cisco CVE-2020-3137 RESERVED CVE-2020-3136 (A vulnerability in the web-based management interface of Cisco Jabber ...) NOT-FOR-US: Cisco CVE-2020-3135 RESERVED CVE-2020-3134 (A vulnerability in the zip decompression engine of Cisco AsyncOS Softw ...) NOT-FOR-US: Cisco CVE-2020-3133 RESERVED CVE-2020-3132 (A vulnerability in the email message scanning feature of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3131 (A vulnerability in the Cisco Webex Teams client for Windows could allo ...) NOT-FOR-US: Cisco CVE-2020-3130 RESERVED CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...) NOT-FOR-US: Cisco CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2020-3126 (vulnerability within the Multimedia Viewer feature of Cisco Webex Meet ...) NOT-FOR-US: Cisco CVE-2020-3125 (A vulnerability in the Kerberos authentication feature of Cisco Adapti ...) NOT-FOR-US: Cisco CVE-2020-3124 RESERVED CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...) - clamav 0.102.2+dfsg-1 (bug #950944) [buster] - clamav 0.102.2+dfsg-0+deb10u1 [stretch] - clamav 0.102.2+dfsg-0~deb9u1 [jessie] - clamav (Vulnerable code introduced in 0.102.x) NOTE: https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html CVE-2020-3122 RESERVED CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2020-3120 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3119 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3118 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3117 RESERVED CVE-2020-3116 RESERVED CVE-2020-3115 (A vulnerability in the CLI of the Cisco SD-WAN Solution vManage softwa ...) NOT-FOR-US: Cisco CVE-2020-3114 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3113 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3112 (A vulnerability in the REST API endpoint of Cisco Data Center Network ...) NOT-FOR-US: Cisco CVE-2020-3111 (A vulnerability in the Cisco Discovery Protocol implementation for the ...) NOT-FOR-US: Cisco CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation for the ...) NOT-FOR-US: Cisco CVE-2020-3109 RESERVED CVE-2020-3108 RESERVED CVE-2020-3107 RESERVED CVE-2020-3106 RESERVED CVE-2020-3105 RESERVED CVE-2020-3104 RESERVED CVE-2020-3103 RESERVED CVE-2020-3102 RESERVED CVE-2020-3101 RESERVED CVE-2020-3100 RESERVED CVE-2020-3099 RESERVED CVE-2020-3098 RESERVED CVE-2020-3097 RESERVED CVE-2020-3096 RESERVED CVE-2020-3095 RESERVED CVE-2020-3094 RESERVED CVE-2020-3093 RESERVED CVE-2020-3092 RESERVED CVE-2020-3091 RESERVED CVE-2020-3090 RESERVED CVE-2020-3089 RESERVED CVE-2020-3088 RESERVED CVE-2020-3087 RESERVED CVE-2020-3086 RESERVED CVE-2020-3085 RESERVED CVE-2020-3084 RESERVED CVE-2020-3083 RESERVED CVE-2020-3082 RESERVED CVE-2020-3081 RESERVED CVE-2020-3080 RESERVED CVE-2020-3079 RESERVED CVE-2020-3078 RESERVED CVE-2020-3077 RESERVED CVE-2020-3076 RESERVED CVE-2020-3075 RESERVED CVE-2020-3074 RESERVED CVE-2020-3073 RESERVED CVE-2020-3072 RESERVED CVE-2020-3071 RESERVED CVE-2020-3070 RESERVED CVE-2020-3069 RESERVED CVE-2020-3068 RESERVED CVE-2020-3067 RESERVED CVE-2020-3066 RESERVED CVE-2020-3065 RESERVED CVE-2020-3064 RESERVED CVE-2020-3063 RESERVED CVE-2020-3062 RESERVED CVE-2020-3061 RESERVED CVE-2020-3060 RESERVED CVE-2020-3059 RESERVED CVE-2020-3058 RESERVED CVE-2020-3057 RESERVED CVE-2020-3056 RESERVED CVE-2020-3055 RESERVED CVE-2020-3054 RESERVED CVE-2020-3053 RESERVED CVE-2020-3052 RESERVED CVE-2020-3051 RESERVED CVE-2020-3050 RESERVED CVE-2020-3049 RESERVED CVE-2020-3048 RESERVED CVE-2020-3047 RESERVED CVE-2020-3046 RESERVED CVE-2020-3045 RESERVED CVE-2020-3044 RESERVED CVE-2020-3043 RESERVED CVE-2020-3042 RESERVED CVE-2020-3041 RESERVED CVE-2020-3040 RESERVED CVE-2020-3039 RESERVED CVE-2020-3038 RESERVED CVE-2020-3037 RESERVED CVE-2020-3036 RESERVED CVE-2020-3035 RESERVED CVE-2020-3034 RESERVED CVE-2020-3033 RESERVED CVE-2020-3032 RESERVED CVE-2020-3031 RESERVED CVE-2020-3030 RESERVED CVE-2020-3029 RESERVED CVE-2020-3028 RESERVED CVE-2020-3027 RESERVED CVE-2020-3026 RESERVED CVE-2020-3025 RESERVED CVE-2020-3024 RESERVED CVE-2020-3023 RESERVED CVE-2020-3022 RESERVED CVE-2020-3021 RESERVED CVE-2020-3020 RESERVED CVE-2020-3019 RESERVED CVE-2020-3018 RESERVED CVE-2020-3017 RESERVED CVE-2020-3016 RESERVED CVE-2020-3015 RESERVED CVE-2020-3014 RESERVED CVE-2020-3013 RESERVED CVE-2020-3012 RESERVED CVE-2020-3011 RESERVED CVE-2020-3010 RESERVED CVE-2020-3009 RESERVED CVE-2020-3008 RESERVED CVE-2020-3007 RESERVED CVE-2020-3006 RESERVED CVE-2020-3005 RESERVED CVE-2020-3004 RESERVED CVE-2020-3003 RESERVED CVE-2020-3002 RESERVED CVE-2020-3001 RESERVED CVE-2020-3000 RESERVED CVE-2020-2999 RESERVED CVE-2020-2998 RESERVED CVE-2020-2997 RESERVED CVE-2020-2996 RESERVED CVE-2020-2995 RESERVED CVE-2020-2994 RESERVED CVE-2020-2993 RESERVED CVE-2020-2992 RESERVED CVE-2020-2991 RESERVED CVE-2020-2990 RESERVED CVE-2020-2989 RESERVED CVE-2020-2988 RESERVED CVE-2020-2987 RESERVED CVE-2020-2986 RESERVED CVE-2020-2985 RESERVED CVE-2020-2984 (Vulnerability in the Oracle Configuration Manager product of Oracle En ...) NOT-FOR-US: Oracle CVE-2020-2983 (Vulnerability in the Oracle Data Masking and Subsetting product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2982 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2981 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2020-2980 RESERVED CVE-2020-2979 RESERVED CVE-2020-2978 (Vulnerability in the Oracle Database - Enterprise Edition component of ...) NOT-FOR-US: Oracle CVE-2020-2977 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2976 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2975 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2974 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2973 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2972 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2971 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2970 RESERVED CVE-2020-2969 (Vulnerability in the Data Pump component of Oracle Database Server. Su ...) NOT-FOR-US: Oracle CVE-2020-2968 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2020-2967 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2966 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2965 RESERVED CVE-2020-2964 (Vulnerability in the Oracle Financial Services Data Foundation product ...) NOT-FOR-US: Oracle CVE-2020-2963 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2962 RESERVED CVE-2020-2961 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2960 RESERVED CVE-2020-2959 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2958 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2957 RESERVED CVE-2020-2956 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2955 (Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2020-2954 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...) NOT-FOR-US: Oracle CVE-2020-2953 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2952 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2020-2951 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2950 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2949 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2948 RESERVED CVE-2020-2947 (Vulnerability in the PeopleSoft Enterprise HCM Absence Management prod ...) NOT-FOR-US: Oracle CVE-2020-2946 (Vulnerability in the Application Performance Management product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2945 (Vulnerability in the Oracle Financial Services Deposit Insurance Calcu ...) NOT-FOR-US: Oracle CVE-2020-2944 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle Solaris CVE-2020-2943 (Vulnerability in the Oracle Financial Services Liquidity Risk Measurem ...) NOT-FOR-US: Oracle CVE-2020-2942 (Vulnerability in the Oracle Financial Services Price Creation and Disc ...) NOT-FOR-US: Oracle CVE-2020-2941 (Vulnerability in the Oracle Financial Services Funds Transfer Pricing ...) NOT-FOR-US: Oracle CVE-2020-2940 (Vulnerability in the Oracle Financial Services Profitability Managemen ...) NOT-FOR-US: Oracle CVE-2020-2939 (Vulnerability in the Oracle Financial Services Asset Liability Managem ...) NOT-FOR-US: Oracle CVE-2020-2938 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...) NOT-FOR-US: Oracle CVE-2020-2937 (Vulnerability in the Oracle Insurance Accounting Analyzer product of O ...) NOT-FOR-US: Oracle CVE-2020-2936 (Vulnerability in the Oracle Financial Services Balance Sheet Planning ...) NOT-FOR-US: Oracle CVE-2020-2935 (Vulnerability in the Oracle Financial Services Hedge Management and IF ...) NOT-FOR-US: Oracle CVE-2020-2934 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) {DSA-4703-1 DLA-2245-1} - mysql-connector-java NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2933 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) {DSA-4703-1 DLA-2245-1} - mysql-connector-java NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2932 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2931 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2930 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2929 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2928 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2927 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2926 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2925 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2924 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2923 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2922 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2921 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2920 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...) NOT-FOR-US: Oracle CVE-2020-2919 RESERVED CVE-2020-2918 RESERVED CVE-2020-2917 RESERVED CVE-2020-2916 RESERVED CVE-2020-2915 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2914 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2913 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2912 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...) NOT-FOR-US: Oracle CVE-2020-2911 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2910 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2909 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2908 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2907 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2906 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...) NOT-FOR-US: Oracle CVE-2020-2905 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2904 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2903 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2902 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2901 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2900 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2899 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...) NOT-FOR-US: Oracle CVE-2020-2898 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2897 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2896 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2895 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2894 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2893 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2892 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2891 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...) NOT-FOR-US: Oracle CVE-2020-2890 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2889 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2888 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2887 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2020-2886 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2885 (Vulnerability in the Oracle Document Management and Collaboration prod ...) NOT-FOR-US: Oracle CVE-2020-2884 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2883 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2882 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2881 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2880 (Vulnerability in the Oracle Learning Management product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-2879 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2878 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2877 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2020-2876 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2875 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) {DSA-4703-1 DLA-2245-1} - mysql-connector-java NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2874 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2873 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2020-2872 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2871 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2870 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2869 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2868 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2867 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2866 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2865 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) NOT-FOR-US: Oracle CVE-2020-2864 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-2863 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2862 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2861 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2860 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2859 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2858 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2857 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2856 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2855 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2854 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2853 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2852 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2851 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle Solaris CVE-2020-2850 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2849 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2848 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2847 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2846 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2845 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2844 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2843 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2842 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2841 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2840 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2839 (Vulnerability in the Oracle Service Intelligence product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2838 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) NOT-FOR-US: Oracle CVE-2020-2837 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2836 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2835 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2834 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2833 (Vulnerability in the Oracle Quoting product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-2832 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2831 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2830 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2829 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2828 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2827 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2826 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2825 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2824 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2823 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) NOT-FOR-US: Oracle CVE-2020-2822 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-2821 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-2820 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) NOT-FOR-US: Oracle CVE-2020-2819 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2818 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2817 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2816 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2815 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2814 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.3 1:10.3.23-1 (bug #961849) [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.45-0+deb9u1 - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL NOTE: Fixed in MariaDB 10.3.23, 10.1.45 CVE-2020-2813 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2812 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.3 1:10.3.23-1 (bug #961849) [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.45-0+deb9u1 - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL NOTE: Fixed in MariaDB 10.3.23, 10.1.45 CVE-2020-2811 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2810 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-2809 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2808 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2807 (Vulnerability in the Oracle Marketing Encyclopedia System product of O ...) NOT-FOR-US: Oracle CVE-2020-2806 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2805 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2804 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2803 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2802 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2801 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2800 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2799 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2798 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2797 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2796 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2795 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2794 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2793 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-2792 RESERVED CVE-2020-2791 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2790 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2789 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2788 RESERVED CVE-2020-2787 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2786 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2785 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2784 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2783 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2782 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2780 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2779 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2778 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2777 (Vulnerability in the Hyperion Financial Management product of Oracle H ...) NOT-FOR-US: Oracle CVE-2020-2776 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2775 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2774 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2773 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2772 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2771 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle Solaris CVE-2020-2770 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2769 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...) NOT-FOR-US: Oracle CVE-2020-2768 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-cluster (bug #833356) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2767 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2766 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2765 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2764 (Vulnerability in the Java SE product of Oracle Java SE (component: Adv ...) NOT-FOR-US: Java Advanced Management Console CVE-2020-2763 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2762 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2761 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2760 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.3 1:10.3.23-1 (bug #961849) [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL NOTE: Fixed in MariaDB 10.3.23 CVE-2020-2759 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2758 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2757 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2756 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2755 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 CVE-2020-2754 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 CVE-2020-2753 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2752 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mariadb-10.3 1:10.3.23-1 (bug #961849) [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.45-0+deb9u1 - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL NOTE: Fixed in MariaDB 10.3.23, 10.1.45 CVE-2020-2751 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2750 (Vulnerability in the Oracle General Ledger product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2020-2749 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2748 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2747 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2020-2746 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2020-2745 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2020-2744 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2743 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2742 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2741 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2740 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2020-2739 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2738 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2737 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2736 RESERVED CVE-2020-2735 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2020-2734 (Vulnerability in the RDBMS/Optimizer component of Oracle Database Serv ...) NOT-FOR-US: Oracle CVE-2020-2733 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor handled instr ...) {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c NOTE: https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d CVE-2020-2731 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2730 (Vulnerability in the Oracle Financial Services Revenue Management and ...) NOT-FOR-US: Oracle CVE-2020-2729 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2728 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2727 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2726 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2725 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2724 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2723 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2722 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2721 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2720 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2719 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2718 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2717 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2716 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2715 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2714 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2713 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2712 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2711 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2710 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2709 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...) NOT-FOR-US: Oracle CVE-2020-2708 RESERVED CVE-2020-2707 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2705 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2702 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2701 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2700 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2699 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2697 (Vulnerability in the Oracle Hospitality Suites Management component of ...) NOT-FOR-US: Oracle CVE-2020-2696 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2695 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) NOT-FOR-US: Oracle CVE-2020-2694 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2693 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2692 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2691 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2690 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2689 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2688 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-2687 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2686 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2685 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2684 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2683 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2682 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2681 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2680 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2679 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2678 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2677 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2676 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2675 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2673 (Vulnerability in the Oracle Application Testing Suite product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2672 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2671 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2670 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2669 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2668 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2667 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2666 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2665 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2664 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2663 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2662 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2661 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2660 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DLA-2128-1} - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2658 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2656 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2655 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4605-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 CVE-2020-2654 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2653 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2652 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2651 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2650 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2649 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2648 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2647 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2646 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2645 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2644 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2643 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2642 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2641 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2640 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2639 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2638 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2637 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2636 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2635 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2634 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2633 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2632 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2631 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2630 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2629 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2628 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2627 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2626 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2625 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2624 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2622 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2621 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2620 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2619 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2618 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2617 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2616 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2615 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2614 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...) NOT-FOR-US: Oracle CVE-2020-2613 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2612 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2611 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2610 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2609 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2608 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2607 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2603 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2601 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2599 (Vulnerability in the Oracle Hospitality Cruise Materials Management pr ...) NOT-FOR-US: Oracle CVE-2020-2598 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2597 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2596 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2595 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2594 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2592 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...) NOT-FOR-US: Oracle CVE-2020-2591 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2589 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2588 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2587 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2586 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2585 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) - openjfx 11+26-1 [stretch] - openjfx (Minor issue) NOTE: This only affects JavaFX 8, so marking the first post 8 version as fixed CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-2581 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2580 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2579 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2578 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2576 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2575 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) - mariadb-10.3 1:10.3.22-1 [buster] - mariadb-10.3 1:10.3.22-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.44-0+deb9u1 NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL NOTE: Fixed in MariaDB: 5.5.67, 10.1.44, 10.2.31, 10.3.22, 10.4.12 CVE-2020-2573 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2572 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2571 (Vulnerability in the Oracle VM Server for SPARC product of Oracle Syst ...) NOT-FOR-US: Oracle CVE-2020-2570 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2569 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...) NOT-FOR-US: Oracle CVE-2020-2568 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...) NOT-FOR-US: Oracle CVE-2020-2567 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2566 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2565 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2564 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2563 (Vulnerability in the Hyperion Financial Close Management product of Or ...) NOT-FOR-US: Oracle CVE-2020-2562 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2561 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...) NOT-FOR-US: Oracle CVE-2020-2560 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2559 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2558 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2557 (Vulnerability in the Oracle Demantra Demand Management product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2556 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2555 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2554 RESERVED CVE-2020-2553 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2551 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2550 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2549 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2548 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2547 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2546 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2545 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2020-2544 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2543 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2542 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2541 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2540 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2539 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2538 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2537 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2536 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2535 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2534 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-2533 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-2532 RESERVED CVE-2020-2531 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2530 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2020-2529 RESERVED CVE-2020-2528 RESERVED CVE-2020-2527 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2526 RESERVED CVE-2020-2525 RESERVED CVE-2020-2524 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2523 RESERVED CVE-2020-2522 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2521 RESERVED CVE-2020-2520 RESERVED CVE-2020-2519 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2518 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2020-2517 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2516 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2515 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2514 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2513 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2512 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2511 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2510 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2509 RESERVED CVE-2020-2508 RESERVED CVE-2020-2507 RESERVED CVE-2020-2506 RESERVED CVE-2020-2505 RESERVED CVE-2020-2504 RESERVED CVE-2020-2503 RESERVED CVE-2020-2502 RESERVED CVE-2020-2501 RESERVED CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows attacker ...) NOT-FOR-US: QNAP CVE-2020-2499 RESERVED CVE-2020-2498 RESERVED CVE-2020-2497 RESERVED CVE-2020-2496 RESERVED CVE-2020-2495 RESERVED CVE-2020-2494 RESERVED CVE-2020-2493 RESERVED CVE-2020-2492 RESERVED CVE-2020-2491 RESERVED CVE-2020-2490 RESERVED CVE-2020-2489 RESERVED CVE-2020-2488 RESERVED CVE-2020-2487 RESERVED CVE-2020-2486 RESERVED CVE-2020-2485 RESERVED CVE-2020-2484 RESERVED CVE-2020-2483 RESERVED CVE-2020-2482 RESERVED CVE-2020-2481 RESERVED CVE-2020-2480 RESERVED CVE-2020-2479 RESERVED CVE-2020-2478 RESERVED CVE-2020-2477 RESERVED CVE-2020-2476 RESERVED CVE-2020-2475 RESERVED CVE-2020-2474 RESERVED CVE-2020-2473 RESERVED CVE-2020-2472 RESERVED CVE-2020-2471 RESERVED CVE-2020-2470 RESERVED CVE-2020-2469 RESERVED CVE-2020-2468 RESERVED CVE-2020-2467 RESERVED CVE-2020-2466 RESERVED CVE-2020-2465 RESERVED CVE-2020-2464 RESERVED CVE-2020-2463 RESERVED CVE-2020-2462 RESERVED CVE-2020-2461 RESERVED CVE-2020-2460 RESERVED CVE-2020-2459 RESERVED CVE-2020-2458 RESERVED CVE-2020-2457 RESERVED CVE-2020-2456 RESERVED CVE-2020-2455 RESERVED CVE-2020-2454 RESERVED CVE-2020-2453 RESERVED CVE-2020-2452 RESERVED CVE-2020-2451 RESERVED CVE-2020-2450 RESERVED CVE-2020-2449 RESERVED CVE-2020-2448 RESERVED CVE-2020-2447 RESERVED CVE-2020-2446 RESERVED CVE-2020-2445 RESERVED CVE-2020-2444 RESERVED CVE-2020-2443 RESERVED CVE-2020-2442 RESERVED CVE-2020-2441 RESERVED CVE-2020-2440 RESERVED CVE-2020-2439 RESERVED CVE-2020-2438 RESERVED CVE-2020-2437 RESERVED CVE-2020-2436 RESERVED CVE-2020-2435 RESERVED CVE-2020-2434 RESERVED CVE-2020-2433 RESERVED CVE-2020-2432 RESERVED CVE-2020-2431 RESERVED CVE-2020-2430 RESERVED CVE-2020-2429 RESERVED CVE-2020-2428 RESERVED CVE-2020-2427 RESERVED CVE-2020-2426 RESERVED CVE-2020-2425 RESERVED CVE-2020-2424 RESERVED CVE-2020-2423 RESERVED CVE-2020-2422 RESERVED CVE-2020-2421 RESERVED CVE-2020-2420 RESERVED CVE-2020-2419 RESERVED CVE-2020-2418 RESERVED CVE-2020-2417 RESERVED CVE-2020-2416 RESERVED CVE-2020-2415 RESERVED CVE-2020-2414 RESERVED CVE-2020-2413 RESERVED CVE-2020-2412 RESERVED CVE-2020-2411 RESERVED CVE-2020-2410 RESERVED CVE-2020-2409 RESERVED CVE-2020-2408 RESERVED CVE-2020-2407 RESERVED CVE-2020-2406 RESERVED CVE-2020-2405 RESERVED CVE-2020-2404 RESERVED CVE-2020-2403 RESERVED CVE-2020-2402 RESERVED CVE-2020-2401 RESERVED CVE-2020-2400 RESERVED CVE-2020-2399 RESERVED CVE-2020-2398 RESERVED CVE-2020-2397 RESERVED CVE-2020-2396 RESERVED CVE-2020-2395 RESERVED CVE-2020-2394 RESERVED CVE-2020-2393 RESERVED CVE-2020-2392 RESERVED CVE-2020-2391 RESERVED CVE-2020-2390 RESERVED CVE-2020-2389 RESERVED CVE-2020-2388 RESERVED CVE-2020-2387 RESERVED CVE-2020-2386 RESERVED CVE-2020-2385 RESERVED CVE-2020-2384 RESERVED CVE-2020-2383 RESERVED CVE-2020-2382 RESERVED CVE-2020-2381 RESERVED CVE-2020-2380 RESERVED CVE-2020-2379 RESERVED CVE-2020-2378 RESERVED CVE-2020-2377 RESERVED CVE-2020-2376 RESERVED CVE-2020-2375 RESERVED CVE-2020-2374 RESERVED CVE-2020-2373 RESERVED CVE-2020-2372 RESERVED CVE-2020-2371 RESERVED CVE-2020-2370 RESERVED CVE-2020-2369 RESERVED CVE-2020-2368 RESERVED CVE-2020-2367 RESERVED CVE-2020-2366 RESERVED CVE-2020-2365 RESERVED CVE-2020-2364 RESERVED CVE-2020-2363 RESERVED CVE-2020-2362 RESERVED CVE-2020-2361 RESERVED CVE-2020-2360 RESERVED CVE-2020-2359 RESERVED CVE-2020-2358 RESERVED CVE-2020-2357 RESERVED CVE-2020-2356 RESERVED CVE-2020-2355 RESERVED CVE-2020-2354 RESERVED CVE-2020-2353 RESERVED CVE-2020-2352 RESERVED CVE-2020-2351 RESERVED CVE-2020-2350 RESERVED CVE-2020-2349 RESERVED CVE-2020-2348 RESERVED CVE-2020-2347 RESERVED CVE-2020-2346 RESERVED CVE-2020-2345 RESERVED CVE-2020-2344 RESERVED CVE-2020-2343 RESERVED CVE-2020-2342 RESERVED CVE-2020-2341 RESERVED CVE-2020-2340 RESERVED CVE-2020-2339 RESERVED CVE-2020-2338 RESERVED CVE-2020-2337 RESERVED CVE-2020-2336 RESERVED CVE-2020-2335 RESERVED CVE-2020-2334 RESERVED CVE-2020-2333 RESERVED CVE-2020-2332 RESERVED CVE-2020-2331 RESERVED CVE-2020-2330 RESERVED CVE-2020-2329 RESERVED CVE-2020-2328 RESERVED CVE-2020-2327 RESERVED CVE-2020-2326 RESERVED CVE-2020-2325 RESERVED CVE-2020-2324 RESERVED CVE-2020-2323 RESERVED CVE-2020-2322 RESERVED CVE-2020-2321 RESERVED CVE-2020-2320 RESERVED CVE-2020-2319 RESERVED CVE-2020-2318 RESERVED CVE-2020-2317 RESERVED CVE-2020-2316 RESERVED CVE-2020-2315 RESERVED CVE-2020-2314 RESERVED CVE-2020-2313 RESERVED CVE-2020-2312 RESERVED CVE-2020-2311 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-2310 RESERVED CVE-2020-2309 RESERVED CVE-2020-2308 RESERVED CVE-2020-2307 RESERVED CVE-2020-2306 RESERVED CVE-2020-2305 RESERVED CVE-2020-2304 RESERVED CVE-2020-2303 RESERVED CVE-2020-2302 RESERVED CVE-2020-2301 RESERVED CVE-2020-2300 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-2299 RESERVED CVE-2020-2298 RESERVED CVE-2020-2297 RESERVED CVE-2020-2296 RESERVED CVE-2020-2295 RESERVED CVE-2020-2294 RESERVED CVE-2020-2293 RESERVED CVE-2020-2292 RESERVED CVE-2020-2291 RESERVED CVE-2020-2290 RESERVED CVE-2020-2289 RESERVED CVE-2020-2288 RESERVED CVE-2020-2287 RESERVED CVE-2020-2286 RESERVED CVE-2020-2285 RESERVED CVE-2020-2284 RESERVED CVE-2020-2283 RESERVED CVE-2020-2282 RESERVED CVE-2020-2281 RESERVED CVE-2020-2280 RESERVED CVE-2020-2279 RESERVED CVE-2020-2278 (Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2277 (Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/ ...) NOT-FOR-US: Jenkins plugin CVE-2020-2276 (Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specifi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2275 (Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit w ...) NOT-FOR-US: Jenkins plugin CVE-2020-2274 (Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password u ...) NOT-FOR-US: Jenkins plugin CVE-2020-2273 (A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest ...) NOT-FOR-US: Jenkins plugin CVE-2020-2272 (A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2020-2271 (Jenkins Locked Files Report Plugin 1.6 and earlier does not escape loc ...) NOT-FOR-US: Jenkins plugin CVE-2020-2270 (Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the c ...) NOT-FOR-US: Jenkins plugin CVE-2020-2269 (Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape vie ...) NOT-FOR-US: Jenkins plugin CVE-2020-2268 (A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB P ...) NOT-FOR-US: Jenkins plugin CVE-2020-2267 (A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2266 (Jenkins Description Column Plugin 1.3 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2265 (Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does ...) NOT-FOR-US: Jenkins plugin CVE-2020-2264 (Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job ...) NOT-FOR-US: Jenkins plugin CVE-2020-2263 (Jenkins Radiator View Plugin 1.29 and earlier does not escape the full ...) NOT-FOR-US: Jenkins plugin CVE-2020-2262 (Jenkins Android Lint Plugin 2.6 and earlier does not escape the annota ...) NOT-FOR-US: Jenkins plugin CVE-2020-2261 (Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jen ...) NOT-FOR-US: Jenkins plugin CVE-2020-2260 (A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2259 (Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape t ...) NOT-FOR-US: Jenkins plugin CVE-2020-2258 (Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2020-2257 (Jenkins Validating String Parameter Plugin 2.4 and earlier does not es ...) NOT-FOR-US: Jenkins plugin CVE-2020-2256 (Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not e ...) NOT-FOR-US: Jenkins plugin CVE-2020-2255 (A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2020-2254 (Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented ...) NOT-FOR-US: Jenkins plugin CVE-2020-2253 (Jenkins Email Extension Plugin 2.75 and earlier does not perform hostn ...) NOT-FOR-US: Jenkins plugin CVE-2020-2252 (Jenkins Mailer Plugin 1.32 and earlier does not perform hostname valid ...) NOT-FOR-US: Jenkins plugin CVE-2020-2251 (Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits ...) NOT-FOR-US: Jenkins plugin CVE-2020-2250 (Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores pr ...) NOT-FOR-US: Jenkins plugin CVE-2020-2249 (Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a web ...) NOT-FOR-US: Jenkins plugin CVE-2020-2248 (Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code ...) NOT-FOR-US: Jenkins plugin CVE-2020-2247 (Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configu ...) NOT-FOR-US: Jenkins plugin CVE-2020-2246 (Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Va ...) NOT-FOR-US: Jenkins plugin CVE-2020-2245 (Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2244 (Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not esca ...) NOT-FOR-US: Jenkins plugin CVE-2020-2243 (Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape buil ...) NOT-FOR-US: Jenkins plugin CVE-2020-2242 (A missing permission check in Jenkins database Plugin 1.6 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2241 (A cross-site request forgery (CSRF) vulnerability in Jenkins database ...) NOT-FOR-US: Jenkins plugin CVE-2020-2240 (A cross-site request forgery (CSRF) vulnerability in Jenkins database ...) NOT-FOR-US: Jenkins plugin CVE-2020-2239 (Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2238 (Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the re ...) NOT-FOR-US: Jenkins plugin CVE-2020-2237 (A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Tes ...) NOT-FOR-US: Jenkins plugin CVE-2020-2236 (Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2020-2235 (A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline ...) NOT-FOR-US: Jenkins plugin CVE-2020-2234 (A missing permission check in Jenkins Pipeline Maven Integration Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2233 (A missing permission check in Jenkins Pipeline Maven Integration Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2232 (Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays th ...) NOT-FOR-US: Jenkins plugin CVE-2020-2231 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...) - jenkins CVE-2020-2230 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...) - jenkins CVE-2020-2229 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...) - jenkins CVE-2020-2228 (Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform ...) NOT-FOR-US: Jenkins plugin CVE-2020-2227 (Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2226 (Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does no ...) NOT-FOR-US: Jenkins plugin CVE-2020-2225 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2224 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape the nod ...) NOT-FOR-US: Jenkins plugin CVE-2020-2223 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape cor ...) NOT-FOR-US: Jenkins CVE-2020-2222 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) NOT-FOR-US: Jenkins CVE-2020-2221 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) NOT-FOR-US: Jenkins CVE-2020-2220 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) NOT-FOR-US: Jenkins CVE-2020-2219 (Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of lin ...) NOT-FOR-US: Jenkins plugin CVE-2020-2218 (Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password ...) NOT-FOR-US: Jenkins plugin CVE-2020-2217 (Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not e ...) NOT-FOR-US: Jenkins plugin CVE-2020-2216 (A missing permission check in Jenkins Zephyr for JIRA Test Management ...) NOT-FOR-US: Jenkins plugin CVE-2020-2215 (A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA ...) NOT-FOR-US: Jenkins plugin CVE-2020-2214 (Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables ...) NOT-FOR-US: Jenkins plugin CVE-2020-2213 (Jenkins White Source Plugin 19.1.1 and earlier stores credentials unen ...) NOT-FOR-US: Jenkins plugin CVE-2020-2212 (Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets ...) NOT-FOR-US: Jenkins plugin CVE-2020-2211 (Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier doe ...) NOT-FOR-US: Jenkins plugin CVE-2020-2210 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits conf ...) NOT-FOR-US: Jenkins plugin CVE-2020-2209 (Jenkins TestComplete support Plugin 2.4.1 and earlier stores a passwor ...) NOT-FOR-US: Jenkins plugin CVE-2020-2208 (Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypte ...) NOT-FOR-US: Jenkins plugin CVE-2020-2207 (Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter v ...) NOT-FOR-US: Jenkins plugin CVE-2020-2206 (Jenkins VncRecorder Plugin 1.25 and earlier does not escape a paramete ...) NOT-FOR-US: Jenkins plugin CVE-2020-2205 (Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool pat ...) NOT-FOR-US: Jenkins plugin CVE-2020-2204 (A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2203 (A cross-site request forgery vulnerability in Jenkins Fortify on Deman ...) NOT-FOR-US: Jenkins plugin CVE-2020-2202 (A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2201 (Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2020-2200 (Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2199 (Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier do ...) NOT-FOR-US: Jenkins plugin CVE-2020-2198 (Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redac ...) NOT-FOR-US: Jenkins plugin CVE-2020-2197 (Jenkins Project Inheritance Plugin 19.08.02 and earlier does not requi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2196 (Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection fo ...) NOT-FOR-US: Jenkins plugin CVE-2020-2195 (Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocess ...) NOT-FOR-US: Jenkins plugin CVE-2020-2194 (Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the dis ...) NOT-FOR-US: Jenkins plugin CVE-2020-2193 (Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the par ...) NOT-FOR-US: Jenkins plugin CVE-2020-2192 (A cross-site request forgery vulnerability in Jenkins Self-Organizing ...) NOT-FOR-US: Jenkins plugin CVE-2020-2191 (Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2190 (Jenkins Script Security Plugin 1.72 and earlier does not correctly esc ...) NOT-FOR-US: Jenkins plugin CVE-2020-2189 (Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2188 (A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2020-2187 (Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts s ...) NOT-FOR-US: Jenkins plugin CVE-2020-2186 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2185 (Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH hos ...) NOT-FOR-US: Jenkins plugin CVE-2020-2184 (A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 ...) NOT-FOR-US: Jenkins plugin CVE-2020-2183 (Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper perm ...) NOT-FOR-US: Jenkins plugin CVE-2020-2182 (Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e ...) NOT-FOR-US: Jenkins plugin CVE-2020-2181 (Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e ...) NOT-FOR-US: Jenkins plugin CVE-2020-2180 (Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML p ...) NOT-FOR-US: Jenkins plugin CVE-2020-2179 (Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML ...) NOT-FOR-US: Jenkins plugin CVE-2020-2178 (Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2177 (Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in ...) NOT-FOR-US: Jenkins plugin CVE-2020-2176 (Multiple form validation endpoints in Jenkins useMango Runner Plugin 1 ...) NOT-FOR-US: Jenkins plugin CVE-2020-2175 (Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape rep ...) NOT-FOR-US: Jenkins plugin CVE-2020-2174 (Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape var ...) NOT-FOR-US: Jenkins plugin CVE-2020-2173 (Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Pol ...) NOT-FOR-US: Jenkins plugin CVE-2020-2172 (Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2171 (Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML ...) NOT-FOR-US: Jenkins plugin CVE-2020-2170 (Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package nam ...) NOT-FOR-US: Jenkins plugin CVE-2020-2169 (A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2020-2168 (Jenkins Azure Container Service Plugin 1.0.1 and earlier does not conf ...) NOT-FOR-US: Jenkins plugin CVE-2020-2167 (Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configur ...) NOT-FOR-US: Jenkins plugin CVE-2020-2166 (Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2165 (Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured pass ...) NOT-FOR-US: Jenkins plugin CVE-2020-2164 (Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory se ...) NOT-FOR-US: Jenkins plugin CVE-2020-2163 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processe ...) NOT-FOR-US: Jenkins CVE-2020-2162 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Conten ...) NOT-FOR-US: Jenkins CVE-2020-2161 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly e ...) NOT-FOR-US: Jenkins CVE-2020-2160 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different repr ...) NOT-FOR-US: Jenkins CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job ...) NOT-FOR-US: Jenkins CryptoMove Plugin CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its YAML pa ...) NOT-FOR-US: Jenkins Literate Plugin CVE-2020-2157 (Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured c ...) NOT-FOR-US: Jenkins Skytap Cloud CI Plugin CVE-2020-2156 (Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured crede ...) NOT-FOR-US: Jenkins DeployHub Plugin CVE-2020-2155 (Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configur ...) NOT-FOR-US: Jenkins OpenShift Deployer Plugin CVE-2020-2154 (Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores ...) NOT-FOR-US: Jenkins Zephyr for JIRA Test Management Plugin CVE-2020-2153 (Jenkins Backlog Plugin 2.4 and earlier transmits configured credential ...) NOT-FOR-US: Jenkins Backlog Plugin CVE-2020-2152 (Jenkins Subversion Release Manager Plugin 1.2 and earlier does not esc ...) NOT-FOR-US: Jenkins Subversion Release Manager Plugin CVE-2020-2151 (Jenkins Quality Gates Plugin 2.5 and earlier transmits configured cred ...) NOT-FOR-US: Jenkins Quality Gates Plugin CVE-2020-2150 (Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configu ...) NOT-FOR-US: Jenkins Sonar Quality Gates Plugin CVE-2020-2149 (Jenkins Repository Connector Plugin 1.2.6 and earlier transmits config ...) NOT-FOR-US: Jenkins Repository Connector Plugin CVE-2020-2148 (A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier all ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2147 (A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2146 (Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys w ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2145 (Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier sto ...) NOT-FOR-US: Jenkins Zephyr Enterprise Test Management Plugin CVE-2020-2144 (Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML pa ...) NOT-FOR-US: Jenkins Rundeck Plugin CVE-2020-2143 (Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credent ...) NOT-FOR-US: Jenkins Logstash Plugin CVE-2020-2142 (A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier al ...) NOT-FOR-US: Jenkins P4 Plugin CVE-2020-2141 (A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.1 ...) NOT-FOR-US: Jenkins P4 Plugin CVE-2020-2140 (Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error m ...) NOT-FOR-US: Jenkins Audit Trail Plugin CVE-2020-2139 (An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 ...) NOT-FOR-US: Jenkins Cobertura Plugin CVE-2020-2138 (Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML p ...) NOT-FOR-US: Jenkins Cobertura Plugin CVE-2020-2137 (Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML f ...) NOT-FOR-US: Jenkins Timestamper Plugin CVE-2020-2136 (Jenkins Git Plugin 4.2.0 and earlier does not escape the error message ...) NOT-FOR-US: Jenkins Git Plugin CVE-2020-2135 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2020-2134 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2131 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencryp ...) NOT-FOR-US: Jenkins plugin CVE-2020-2130 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencry ...) NOT-FOR-US: Jenkins plugin CVE-2020-2129 (Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencr ...) NOT-FOR-US: Jenkins plugin CVE-2020-2128 (Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a passw ...) NOT-FOR-US: Jenkins plugin CVE-2020-2127 (Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stor ...) NOT-FOR-US: Jenkins plugin CVE-2020-2126 (Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2020-2125 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG ...) NOT-FOR-US: Jenkins plugin CVE-2020-2124 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier sto ...) NOT-FOR-US: Jenkins plugin CVE-2020-2123 (Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2122 (Jenkins Brakeman Plugin 0.12 and earlier did not escape values receive ...) NOT-FOR-US: Jenkins plugin CVE-2020-2121 (Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not con ...) NOT-FOR-US: Jenkins plugin CVE-2020-2120 (Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2119 (Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credent ...) NOT-FOR-US: Jenkins plugin CVE-2020-2118 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2117 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2116 (A cross-site request forgery vulnerability in Jenkins Pipeline GitHub ...) NOT-FOR-US: Jenkins plugin CVE-2020-2115 (Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parse ...) NOT-FOR-US: Jenkins plugin CVE-2020-2114 (Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured cr ...) NOT-FOR-US: Jenkins plugin CVE-2020-2113 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the de ...) NOT-FOR-US: Jenkins plugin CVE-2020-2112 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2111 (Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error ...) NOT-FOR-US: Jenkins plugin CVE-2020-2110 (Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2109 (Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2108 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwor ...) NOT-FOR-US: Jenkins plugin CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earli ...) NOT-FOR-US: Jenkins CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with ...) NOT-FOR-US: Jenkins CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session ide ...) NOT-FOR-US: Jenkins CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant ...) NOT-FOR-US: Jenkins CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a const ...) NOT-FOR-US: Jenkins CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a ...) NOT-FOR-US: Jenkins CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses e ...) NOT-FOR-US: Jenkins CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...) NOT-FOR-US: Jenkins plugin CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform permission chec ...) NOT-FOR-US: Jenkins plugin CVE-2020-2096 (Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project n ...) NOT-FOR-US: Jenkins plugin CVE-2020-2095 (Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored ...) NOT-FOR-US: Jenkins plugin CVE-2020-2094 (A missing permission check in Jenkins Health Advisor by CloudBees Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2093 (A cross-site request forgery vulnerability in Jenkins Health Advisor b ...) NOT-FOR-US: Jenkins plugin CVE-2020-2092 (Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure it ...) NOT-FOR-US: Jenkins plugin CVE-2020-2091 (A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2020-2090 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2089 RESERVED CVE-2020-2088 RESERVED CVE-2020-2087 RESERVED CVE-2020-2086 RESERVED CVE-2020-2085 RESERVED CVE-2020-2084 RESERVED CVE-2020-2083 RESERVED CVE-2020-2082 RESERVED CVE-2020-2081 RESERVED CVE-2020-2080 RESERVED CVE-2020-2079 RESERVED CVE-2020-2078 (Passwords are stored in plain text within the configuration of SICK Pa ...) NOT-FOR-US: SICK CVE-2020-2077 (SICK Package Analytics software up to and including version V04.0.0 ar ...) NOT-FOR-US: SICK CVE-2020-2076 (SICK Package Analytics software up to and including version V04.0.0 ar ...) NOT-FOR-US: SICK CVE-2020-2075 (Platform mechanism AutoIP allows remote attackers to reboot the device ...) NOT-FOR-US: SICK CVE-2020-2074 RESERVED CVE-2020-2073 RESERVED CVE-2020-2072 RESERVED CVE-2020-2071 RESERVED CVE-2020-2070 RESERVED CVE-2020-2069 RESERVED CVE-2020-2068 RESERVED CVE-2020-2067 RESERVED CVE-2020-2066 RESERVED CVE-2020-2065 RESERVED CVE-2020-2064 RESERVED CVE-2020-2063 RESERVED CVE-2020-2062 RESERVED CVE-2020-2061 RESERVED CVE-2020-2060 RESERVED CVE-2020-2059 RESERVED CVE-2020-2058 RESERVED CVE-2020-2057 RESERVED CVE-2020-2056 RESERVED CVE-2020-2055 RESERVED CVE-2020-2054 RESERVED CVE-2020-2053 RESERVED CVE-2020-2052 RESERVED CVE-2020-2051 RESERVED CVE-2020-2050 RESERVED CVE-2020-2049 RESERVED CVE-2020-2048 RESERVED CVE-2020-2047 RESERVED CVE-2020-2046 RESERVED CVE-2020-2045 RESERVED CVE-2020-2044 (An information exposure through log file vulnerability where an admini ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2043 (An information exposure through log file vulnerability where sensitive ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2042 (A buffer overflow vulnerability in the PAN-OS management web interface ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2041 (An insecure configuration of the appweb daemon of Palo Alto Networks P ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2040 (A buffer overflow vulnerability in PAN-OS allows an unauthenticated at ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2039 (An uncontrolled resource consumption vulnerability in Palo Alto Networ ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2038 (An OS Command Injection vulnerability in the PAN-OS management interfa ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2037 (An OS Command Injection vulnerability in the PAN-OS management interfa ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2036 (A reflected cross-site scripting (XSS) vulnerability exists in the PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2035 (When SSL/TLS Forward Proxy Decryption mode has been configured to decr ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2034 (An OS Command Injection vulnerability in the PAN-OS GlobalProtect port ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2033 (When the pre-logon feature is enabled, a missing certification validat ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2032 (A race condition vulnerability Palo Alto Networks GlobalProtect app on ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2031 (An integer underflow vulnerability in the dnsproxyd component of the P ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2030 (An OS Command Injection vulnerability in the PAN-OS management interfa ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2029 (An OS Command Injection vulnerability in the PAN-OS web management int ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2028 (An OS Command Injection vulnerability in PAN-OS management server allo ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2027 (A buffer overflow vulnerability in the authd component of the PAN-OS m ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2026 (A malicious guest compromised before a container creation (e.g. a mali ...) NOT-FOR-US: Kata Containers CVE-2020-2025 (Kata Containers before 1.11.0 on Cloud Hypervisor persists guest files ...) NOT-FOR-US: Kata Containers CVE-2020-2024 (An improper link resolution vulnerability affects Kata Containers vers ...) NOT-FOR-US: Kata Containers CVE-2020-2023 (Kata Containers doesn't restrict containers from accessing the guest's ...) NOT-FOR-US: Kata Containers CVE-2020-2022 RESERVED CVE-2020-2021 (When Security Assertion Markup Language (SAML) authentication is enabl ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2020 RESERVED CVE-2020-2019 RESERVED CVE-2020-2018 (An authentication bypass vulnerability in the Panorama context switchi ...) NOT-FOR-US: PAN-OS CVE-2020-2017 (A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Pa ...) NOT-FOR-US: PAN-OS CVE-2020-2016 (A race condition due to insecure creation of a file in a temporary dir ...) NOT-FOR-US: PAN-OS CVE-2020-2015 (A buffer overflow vulnerability in the PAN-OS management server allows ...) NOT-FOR-US: PAN-OS CVE-2020-2014 (An OS Command Injection vulnerability in PAN-OS management server allo ...) NOT-FOR-US: PAN-OS CVE-2020-2013 (A cleartext transmission of sensitive information vulnerability in Pal ...) NOT-FOR-US: PAN-OS CVE-2020-2012 (Improper restriction of XML external entity reference ('XXE') vulnerab ...) NOT-FOR-US: PAN-OS CVE-2020-2011 (An improper input validation vulnerability in the configuration daemon ...) NOT-FOR-US: PAN-OS CVE-2020-2010 (An OS command injection vulnerability in PAN-OS management interface a ...) NOT-FOR-US: PAN-OS CVE-2020-2009 (An external control of filename vulnerability in the SD WAN component ...) NOT-FOR-US: PAN-OS CVE-2020-2008 (An OS command injection and external control of filename vulnerability ...) NOT-FOR-US: PAN-OS CVE-2020-2007 (An OS command injection vulnerability in the management server compone ...) NOT-FOR-US: PAN-OS CVE-2020-2006 (A stack-based buffer overflow vulnerability in the management server c ...) NOT-FOR-US: PAN-OS CVE-2020-2005 (A cross-site scripting (XSS) vulnerability exists when visiting malici ...) NOT-FOR-US: PAN-OS CVE-2020-2004 (Under certain circumstances a user's password may be logged in clearte ...) NOT-FOR-US: PAN-OS CVE-2020-2003 (An external control of filename vulnerability in the command processin ...) NOT-FOR-US: PAN-OS CVE-2020-2002 (An authentication bypass by spoofing vulnerability exists in the authe ...) NOT-FOR-US: PAN-OS CVE-2020-2001 (An external control of path and data vulnerability in the Palo Alto Ne ...) NOT-FOR-US: PAN-OS CVE-2020-2000 RESERVED CVE-2020-1999 RESERVED CVE-2020-1998 (An improper authorization vulnerability in PAN-OS that mistakenly uses ...) NOT-FOR-US: PAN-OS CVE-2020-1997 (An open redirection vulnerability in the GlobalProtect component of Pa ...) NOT-FOR-US: PAN-OS CVE-2020-1996 (A missing authorization vulnerability in the management server compone ...) NOT-FOR-US: PAN-OS CVE-2020-1995 (A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS ...) NOT-FOR-US: PAN-OS CVE-2020-1994 (A predictable temporary file vulnerability in PAN-OS allows a local au ...) NOT-FOR-US: PAN-OS CVE-2020-1993 (The GlobalProtect Portal feature in PAN-OS does not set a new session ...) NOT-FOR-US: PAN-OS CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1990 (A stack-based buffer overflow vulnerability in the management server c ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1989 (An incorrect privilege assignment vulnerability when writing applicati ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1988 (An unquoted search path vulnerability in the Windows release of Global ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1987 (An information exposure vulnerability in the logging component of Palo ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1986 (Improper input validation vulnerability in Secdo allows an authenticat ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in S ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...) {DSA-4665-1 DLA-2288-1 DLA-2262-1} - qemu 1:4.1-2 - qemu-kvm - libslirp 4.2.0-2 - slirp4netns 1.0.1-1 [buster] - slirp4netns (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9bd6c5913271eabcb7768a58197ed3301fe19f2d NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. CVE-2020-1982 (Certain communication between PAN-OS and cloud-delivered services inad ...) NOT-FOR-US: PAN-OS CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local ...) NOT-FOR-US: PAN-OS CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...) NOT-FOR-US: PAN-OS CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...) NOT-FOR-US: PAN-OS CVE-2020-1978 (TechSupport files generated on Palo Alto Networks VM Series firewalls ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...) NOT-FOR-US: Palo Alto CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...) NOT-FOR-US: Palo Alto Networks GlobalProtect software CVE-2020-1975 (Missing XML validation vulnerability in the PAN-OS web interface on Pa ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-1974 RESERVED CVE-2020-1973 RESERVED CVE-2020-1972 RESERVED CVE-2020-1971 RESERVED CVE-2020-1970 RESERVED CVE-2020-1969 RESERVED CVE-2020-1968 (The Raccoon attack exploits a flaw in the TLS specification which can ...) - openssl 1.1.1~~pre9-1 - openssl1.0 NOTE: Marking the first openssl 1.1.1 version in unstable as the fixed version in sid NOTE: https://www.openssl.org/news/secadv/20200909.txt NOTE: https://raccoon-attack.com/ CVE-2020-1967 (Server or client applications that call the SSL_check_chain() function ...) {DSA-4661-1} - openssl 1.1.1g-1 [stretch] - openssl (Only affects 1.1.1d to 1.1.1f) [jessie] - openssl (Only affects 1.1.1d to 1.1.1f) - openssl1.0 (Only affects 1.1.1d to 1.1.1f) NOTE: https://www.openssl.org/news/secadv/20200421.txt CVE-2020-1966 RESERVED CVE-2020-1965 RESERVED CVE-2020-1964 (It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-inc ...) NOT-FOR-US: Apache Heron CVE-2020-1963 (Apache Ignite uses H2 database to build SQL distributed execution engi ...) NOT-FOR-US: Apache Ignite CVE-2020-1962 REJECTED CVE-2020-1961 (Vulnerability to Server-Side Template Injection on Mail templates for ...) NOT-FOR-US: Apache Syncope CVE-2020-1960 (A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 ...) NOT-FOR-US: Apache Flink CVE-2020-1959 (A Server-Side Template Injection was identified in Apache Syncope prio ...) NOT-FOR-US: Apache Syncope CVE-2020-1958 (When LDAP authentication is enabled in Apache Druid 0.17.0, callers of ...) - druid (bug #825797) CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...) {DLA-2273-1 DLA-2181-1} - shiro (bug #955018) NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2 NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139 NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322 NOTE: Fix for CVE-2020-1957 introduces a (security sensitive) encoding issue NOTE: resulting in a followup release 1.5.3. CVE-2020-1956 (Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restfu ...) NOT-FOR-US: Apache Kylin CVE-2020-1955 (CouchDB version 3.0.0 shipped with a new configuration setting that go ...) - couchdb CVE-2020-1954 (Apache CXF has the ability to integrate with JMX by registering an Ins ...) NOT-FOR-US: Apache CXF CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML ...) - commons-configuration2 2.7-1 (bug #954713) [buster] - commons-configuration2 2.2-1+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1 CVE-2020-1952 (An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. W ...) NOT-FOR-US: Apache IoTDB CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite loop in ...) {DLA-2161-1} - tika (bug #954302) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/4 CVE-2020-1950 (A carefully crafted or corrupt PSD file can cause excessive memory usa ...) {DLA-2161-1} - tika (bug #954303) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/3 CVE-2020-1949 (Scripts in Sling CMS before 0.16.0 do not property escape the Sling Se ...) NOT-FOR-US: Apache Sling CVE-2020-1948 (This vulnerability can affect all Dubbo users stay on version 2.7.6 or ...) NOT-FOR-US: Apache Dubbo CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingS ...) NOT-FOR-US: Apache ShardingSphere CVE-2020-1946 RESERVED CVE-2020-1945 (Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default tempora ...) - ant 1.10.8-1 (low; bug #960630) [buster] - ant (Minor issue) [stretch] - ant (Minor issue) [jessie] - ant (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/05/13/1 NOTE: https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (1.9.15) NOTE: https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (1.9.15) NOTE: https://github.com/apache/ant/commit/d591851ae3921172bb825b5a5344afa3de0e28ca (10.8) NOTE: https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (10.8) NOTE: https://github.com/apache/ant/commit/041b058c7bf10a94d56db3ca9dba38cf90ab9943 (10.8) NOTE: https://github.com/apache/ant/commit/a8645a151bc706259fb1789ef587d05482d98612 (10.8) NOTE: https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (10.8) CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...) {DSA-4672-1} - trafficserver 8.0.6+ds-1 NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/commit/5830bc72611e85e7a31098ce86710242f29076dc CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized, allowing ...) NOT-FOR-US: Apache OFBiz CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated ...) NOT-FOR-US: Apache NiFi CVE-2020-1941 (In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open ...) - activemq (unimportant) NOTE: Admin console not enabled in the Debian package, see #702670) NOTE: Fixed in 5.15.12 CVE-2020-1940 (The optional initial password change and password expiration features ...) NOT-FOR-US: Apache Jackrabbit Oak CVE-2020-1939 (The Apache NuttX (Incubating) project provides an optional separate "a ...) NOT-FOR-US: Apache NuttX CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...) {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1} - tomcat9 9.0.31-1 (bug #952437) - tomcat8 (bug #952438) - tomcat7 (bug #952436) [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: AJP disabled in Debian in default configuration since 2008 NOTE: fixed in upstream versions 9.0.31, 8.5.51, 7.0.100 NOTE: https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487 NOTE: https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb (9.0.31) NOTE: https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad (9.0.31) NOTE: https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72 (7.0.100) NOTE: https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2 (7.0.100) NOTE: https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba (7.0.100) NOTE: https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645 (7.0.100) CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the user ...) NOT-FOR-US: Apache Kylin CVE-2020-1936 RESERVED CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...) {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1} - tomcat9 9.0.31-1 - tomcat8 - tomcat7 [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d (7.0.100) CVE-2020-1934 (In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitial ...) {DSA-4757-1} - apache2 2.4.43-1 (low) [stretch] - apache2 (Minor issue) [jessie] - apache2 (Minor issue) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1934 NOTE: Upstream patch: https://svn.apache.org/r1873745 CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Maliciou ...) NOT-FOR-US: Apache NiFi CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...) NOT-FOR-US: Apache Superset CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) {DSA-4615-1 DLA-2107-1} - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784 (restricted) CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) {DSA-4615-1 DLA-2107-1} - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648 (restricted) CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an ...) NOT-FOR-US: Apache Beam MongoDB connector CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...) NOT-FOR-US: Apache NiFi CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_r ...) {DSA-4757-1} - apache2 2.4.43-1 (low) [stretch] - apache2 (Minor issue) [jessie] - apache2 (Minor issue) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927 NOTE: https://svn.apache.org/r1873905 NOTE: https://svn.apache.org/r1874191 CVE-2020-1926 RESERVED CVE-2020-1925 (Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperI ...) NOT-FOR-US: Olingo CVE-2020-1924 RESERVED CVE-2020-1923 RESERVED CVE-2020-1922 RESERVED CVE-2020-1921 RESERVED CVE-2020-1920 RESERVED CVE-2020-1919 RESERVED CVE-2020-1918 RESERVED CVE-2020-1917 RESERVED CVE-2020-1916 RESERVED CVE-2020-1915 RESERVED CVE-2020-1914 RESERVED CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in Facebook ...) NOT-FOR-US: Facebook Hermes CVE-2020-1912 (An out-of-bounds read/write vulnerability when executing lazily compil ...) NOT-FOR-US: Facebook Hermes CVE-2020-1911 (A type confusion vulnerability when resolving properties of JavaScript ...) NOT-FOR-US: Facebook Hermes CVE-2020-1910 RESERVED CVE-2020-1909 RESERVED CVE-2020-1908 RESERVED CVE-2020-1907 RESERVED CVE-2020-1906 RESERVED CVE-2020-1905 RESERVED CVE-2020-1904 RESERVED CVE-2020-1903 RESERVED CVE-2020-1902 RESERVED CVE-2020-1901 RESERVED CVE-2020-1900 RESERVED CVE-2020-1899 RESERVED CVE-2020-1898 RESERVED CVE-2020-1897 (A use-after-free is possible due to an error in lifetime management in ...) NOT-FOR-US: Facebook Proxygen CVE-2020-1896 RESERVED CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...) NOT-FOR-US: Instagram for Android CVE-2020-1894 (A stack write overflow in WhatsApp for Android prior to v2.20.35, What ...) NOT-FOR-US: WhatsApp CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...) - hhvm CVE-2020-1892 (Insufficient boundary checks when decoding JSON in JSON_parser allows ...) - hhvm CVE-2020-1891 (A user controlled parameter used in video call in WhatsApp for Android ...) NOT-FOR-US: WhatsApp CVE-2020-1890 (A URL validation issue in WhatsApp for Android prior to v2.20.11 and W ...) NOT-FOR-US: WhatsApp CVE-2020-1889 (A security feature bypass issue in WhatsApp Desktop versions prior to ...) NOT-FOR-US: WhatsApp CVE-2020-1888 (Insufficient boundary checks when decoding JSON in handleBackslash rea ...) - hhvm CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions after ...) - osquery (bug #803502) CVE-2020-1886 (A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsA ...) NOT-FOR-US: WhatsApp CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...) NOT-FOR-US: Oculus Desktop CVE-2020-1884 RESERVED CVE-2020-1883 (Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak v ...) NOT-FOR-US: Huawei CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...) NOT-FOR-US: Huawei CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1880 (Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00 ...) NOT-FOR-US: Huawei CVE-2020-1879 (There is an improper integrity checking vulnerability on some huawei p ...) NOT-FOR-US: Huawei CVE-2020-1878 (Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D ...) NOT-FOR-US: Huawei CVE-2020-1877 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...) NOT-FOR-US: Huawei CVE-2020-1876 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...) NOT-FOR-US: Huawei CVE-2020-1875 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...) NOT-FOR-US: Huawei CVE-2020-1874 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...) NOT-FOR-US: Huawei CVE-2020-1873 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E ...) NOT-FOR-US: Huawei CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...) NOT-FOR-US: Huawei CVE-2020-1870 (CloudEngine 12800 products with versions of V200R019C00, V200R019C10SP ...) NOT-FOR-US: Huawei CVE-2020-1869 RESERVED CVE-2020-1868 RESERVED CVE-2020-1867 RESERVED CVE-2020-1866 RESERVED CVE-2020-1865 RESERVED CVE-2020-1864 (Some Huawei products have a security vulnerability due to improper aut ...) NOT-FOR-US: Huawei CVE-2020-1863 (Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, an ...) NOT-FOR-US: Huawei CVE-2020-1862 (There is a double free vulnerability in some Huawei products. A local ...) NOT-FOR-US: Huawei CVE-2020-1861 (CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700 ...) NOT-FOR-US: Huawei CVE-2020-1860 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1859 RESERVED CVE-2020-1858 (Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V ...) NOT-FOR-US: Huawei CVE-2020-1857 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1856 (Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG ...) NOT-FOR-US: Huawei CVE-2020-1855 (Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-55 ...) NOT-FOR-US: Huawei CVE-2020-1854 RESERVED CVE-2020-1853 (GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. ...) NOT-FOR-US: Huawei CVE-2020-1852 RESERVED CVE-2020-1851 RESERVED CVE-2020-1850 RESERVED CVE-2020-1849 RESERVED CVE-2020-1848 RESERVED CVE-2020-1847 RESERVED CVE-2020-1846 RESERVED CVE-2020-1845 (Huawei PCManager product with versions earlier than 10.0.5.53 have a l ...) NOT-FOR-US: Huawei CVE-2020-1844 (PCManager with versions earlier than 10.0.5.51 have a privilege escala ...) NOT-FOR-US: Huawei CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...) NOT-FOR-US: Huawei CVE-2020-1842 (Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version ...) NOT-FOR-US: Huawei CVE-2020-1841 (Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6 ...) NOT-FOR-US: Huawei CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...) NOT-FOR-US: Huawei CVE-2020-1839 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: Huawei CVE-2020-1838 (HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) ...) NOT-FOR-US: Huawei CVE-2020-1837 (ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) ...) NOT-FOR-US: Huawei CVE-2020-1836 (HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUA ...) NOT-FOR-US: Huawei CVE-2020-1835 (HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have ...) NOT-FOR-US: Huawei CVE-2020-1834 (HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C0 ...) NOT-FOR-US: Huawei CVE-2020-1833 (Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) ...) NOT-FOR-US: Huawei CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3. ...) NOT-FOR-US: Huawei CVE-2020-1831 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C ...) NOT-FOR-US: Huawei CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...) NOT-FOR-US: Huawei CVE-2020-1828 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...) NOT-FOR-US: Huawei CVE-2020-1825 (FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of ...) NOT-FOR-US: Huawei CVE-2020-1824 RESERVED CVE-2020-1823 RESERVED CVE-2020-1822 RESERVED CVE-2020-1821 RESERVED CVE-2020-1820 RESERVED CVE-2020-1819 RESERVED CVE-2020-1818 RESERVED CVE-2020-1817 (Huawei PCManager with versions earlier than 10.0.1.36 has a privilege ...) NOT-FOR-US: Huawei CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1814 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1813 (HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2 ...) NOT-FOR-US: Huawei CVE-2020-1812 (HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P ...) NOT-FOR-US: Huawei CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) NOT-FOR-US: Huawei CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...) NOT-FOR-US: Huawei CVE-2020-1809 (HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E1 ...) NOT-FOR-US: Huawei CVE-2020-1808 (Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI ...) NOT-FOR-US: Huawei CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...) NOT-FOR-US: Huawei CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) NOT-FOR-US: Huawei CVE-2020-1805 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) NOT-FOR-US: Huawei CVE-2020-1804 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) NOT-FOR-US: Huawei CVE-2020-1803 (Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C63 ...) NOT-FOR-US: Huawei CVE-2020-1802 (There is an insufficient integrity validation vulnerability in several ...) NOT-FOR-US: Huawei CVE-2020-1801 (There is an improper authentication vulnerability in several smartphon ...) NOT-FOR-US: Huawei CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P ...) NOT-FOR-US: Huawei CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00 ...) NOT-FOR-US: Huawei CVE-2020-1798 (HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2 ...) NOT-FOR-US: Huawei CVE-2020-1797 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...) NOT-FOR-US: Huawei CVE-2020-1796 (There is an improper authorization vulnerability in several smartphone ...) NOT-FOR-US: Huawei CVE-2020-1795 (There is a logic error vulnerability in several smartphones. The softw ...) NOT-FOR-US: Huawei CVE-2020-1794 (There is an improper authentication vulnerability in several smartphon ...) NOT-FOR-US: Huawei CVE-2020-1793 (There is an improper authentication vulnerability in several smartphon ...) NOT-FOR-US: Huawei CVE-2020-1792 (Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C ...) NOT-FOR-US: Huawei CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...) NOT-FOR-US: Huawei CVE-2020-1790 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) NOT-FOR-US: Huawei CVE-2020-1789 (Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with ve ...) NOT-FOR-US: Huawei CVE-2020-1788 (Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P ...) NOT-FOR-US: Huawei CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...) NOT-FOR-US: Huawei CVE-2020-1786 (HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69 ...) NOT-FOR-US: Huawei CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of ser ...) NOT-FOR-US: Huawei CVE-2020-1784 RESERVED CVE-2020-1783 RESERVED CVE-2020-1782 RESERVED CVE-2020-1781 RESERVED CVE-2020-1780 RESERVED CVE-2020-1779 RESERVED CVE-2020-1778 RESERVED CVE-2020-1777 RESERVED CVE-2020-1776 (When an agent user is renamed or set to invalid the session belonging ...) - otrs2 6.0.29-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-13/ CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article detail o ...) - otrs2 (ONly affects 7.x and 8.x series) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-12/ CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported file has ...) {DLA-2198-1} - otrs2 6.0.28-1 (bug #959448) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/ NOTE: Fixed in 7.0.17, 6.0.28 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342 CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (Too intrusive to backport) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e NOTE: OTRS5: https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77 CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...) {DLA-2198-1} - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b NOTE: OTRS5: https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7 CVE-2020-1771 (Attacker is able craft an article with a link to the customer address ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (Vulnerable code introduced in later version) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/ NOTE: Fixed in 7.0.16, 6.0.27 NOTE: https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2 CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...) {DLA-2198-1} - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95 NOTE: OTRS5: https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (https://lists.debian.org/debian-lts/2020/04/msg00040.html) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/1b74e24582c946d02209acfc248d4ba451251f93 NOTE: OTRS5: https://github.com/OTRS/otrs/commit/7974ea582211c13730d223fc4dcdffa542af423f CVE-2020-1768 (The external frontend system uses numerous background calls to the bac ...) - otrs2 (Only affects 7.0.x series) NOTE: https://community.otrs.com/security-advisory-2020-04/ CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then Agent ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/ NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570 CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/ NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6) NOTE: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a (OTRS5) CVE-2020-1765 (An improper control of parameters allows the spoofing of the from fiel ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/ NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6) NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5) CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default configurat ...) NOT-FOR-US: Kiali CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon of lib ...) {DSA-4684-1} - libreswan 3.32-1 (bug #960458) NOTE: Introduced by: https://github.com/libreswan/libreswan/commit/fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 (v3.27) NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 NOTE: https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt CVE-2020-1762 (An insufficient JWT validation vulnerability was found in Kiali versio ...) NOT-FOR-US: Kiali CVE-2020-1761 RESERVED NOT-FOR-US: OpenShift CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports request ...) {DLA-2171-1} - ceph 14.2.9-1 (bug #956142) NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/8aa1f77363ec32bdc57744a143035033291ab5e1 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/18eb4d918b27d362312c29a3bbd57a421897c0a5 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/1bf14094fec34770d2cc74317f4238ccb2dfef98 NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/1 CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Opensh ...) - ceph 14.2.9-1 (bug #956139) [buster] - ceph (Vulnerable code not present) [stretch] - ceph (Vulnerable code not present) [jessie] - ceph (Vulnerable code not present) NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/fe387e02b11df98357d8cdbfa3b1f1d5f2bb3f74 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/84d2e215969cde830b086d11544aeb3666614211 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/659ec7dc6e30fe961832f813da007f49e603a33d NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2 CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where it does ...) NOT-FOR-US: Keycloak CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to undertow- ...) - undertow 2.1.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1752770 NOTE: https://issues.redhat.com/browse/UNDERTOW-1464 NOTE: https://issues.redhat.com/browse/UNDERTOW-1671 NOTE: https://github.com/undertow-io/undertow/pull/871 CVE-2020-1756 RESERVED CVE-2020-1755 RESERVED CVE-2020-1754 RESERVED CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...) - ansible [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1811008 NOTE: https://github.com/ansible-collections/kubernetes/pull/51 NOTE: Fixing commit only introduces a warning about disclosure when using certain NOTE: options. CVE-2020-1752 (A use-after-free vulnerability introduced in glibc upstream version 2. ...) - glibc 2.30-3 (bug #953788) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25414 NOTE: Introduced in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f2962a71959fd254a7a223437ca4b63b9e81130c (2.14) NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c CVE-2020-1751 (An out-of-bounds write vulnerability was found in glibc before 2.31 wh ...) - glibc 2.30-3 [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25423 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d93769405996dfc11d216ddbe415946617b5a494 CVE-2020-1750 RESERVED NOT-FOR-US: OpenShift machine-config-operator CVE-2020-1749 (A flaw was found in the Linux kernel's implementation of some networki ...) {DLA-2241-1} - linux 5.4.6-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2 CVE-2020-1748 (A flaw was found in all supported versions before wildfly-elytron-1.6. ...) - wildfly (bug #752018) CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions befor ...) - pyyaml 5.3-2 (bug #953013) [buster] - pyyaml (Loader/Constructor classes are unsafe in this version) [stretch] - pyyaml (Loader/Constructor classes are unsafe in this version) [jessie] - pyyaml (Loader/Constructor classes are unsafe in this version) NOTE: https://github.com/yaml/pyyaml/pull/386 CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine versio ...) - ansible 2.9.7+dfsg-1 [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805491 NOTE: https://github.com/ansible/ansible/pull/67866 NOTE: Fixed by: https://github.com/ansible/ansible/commit/d41e38435b1a9e300d8011ac28f16a5add2db119 (v2.9.7) CVE-2020-1745 (A file inclusion vulnerability was found in the AJP connector enabled ...) - undertow 2.0.30-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1807305 NOTE: Variant of the Ghostcat Tomcat vulnerability, CVE-2020-1938. NOTE: According to https://lists.jboss.org/pipermail/undertow-dev/2020-March/002422.html NOTE: the fix is: https://github.com/undertow-io/undertow/pull/859 CVE-2020-1744 (A flaw was found in keycloak before version 9.0.1. When configuring an ...) NOT-FOR-US: Keycloak CVE-2020-1743 RESERVED CVE-2020-1742 RESERVED NOT-FOR-US: OpenShift jenkins-slave-base-rhel7-container CVE-2020-1741 (A flaw was found in openshift-ansible. OpenShift Container Platform (O ...) NOT-FOR-US: openshift-ansible CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...) {DLA-2202-1} - ansible 2.9.7+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193 NOTE: https://github.com/ansible/ansible/issues/67798 NOTE: https://github.com/ansible/ansible/pull/68644 CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...) {DLA-2202-1} - ansible 2.9.7+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178 NOTE: https://github.com/ansible/ansible/issues/67797 NOTE: https://github.com/ansible/ansible/pull/67829 NOTE: https://github.com/ansible/ansible/commit/d91658ec0c8434c82c3ef98bfe9eb4e1027a43a3 CVE-2020-1738 (A flaw was found in Ansible Engine when the module package or service ...) - ansible (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802164 NOTE: https://github.com/ansible/ansible/issues/67796 NOTE: Marked unimportant as for exploitation it requires already a remote that is NOTE: compromised, cf. https://github.com/ansible/ansible/issues/67796#issuecomment-614656017 CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...) - ansible 2.9.7+dfsg-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154 NOTE: https://github.com/ansible/ansible/issues/67795 NOTE: https://github.com/ansible/ansible/pull/67799 NOTE: Issue in the win_unzip module which is executed only on Windows plattform CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using atomic_m ...) - ansible (bug #966663) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802124 NOTE: https://github.com/ansible/ansible/issues/67794 NOTE: https://github.com/ansible/ansible/pull/70221 CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is used. ...) - ansible 2.9.7+dfsg-1 [jessie] - ansible (No remote expansion in fetch module) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085 NOTE: https://github.com/ansible/ansible/issues/67793 NOTE: https://github.com/ansible/ansible/pull/68720 NOTE: Introduced in https://github.com/ansible/ansible/commit/e47f6137e5b897dec4319e7cb7791fb9b2cffb8d (1.8) NOTE: Fixed by: https://github.com/ansible/ansible/commit/290bfa820d533dc224e0c3fa7dd7c6b907ed0189 NOTE: The commit has incorrect CVE reference adressed in NOTE: https://github.com/ansible/ansible/commit/18f91bbb88a84b1d3614ef41c3550da735592ac1 CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ...) - ansible (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804 NOTE: https://github.com/ansible/ansible/issues/6550 NOTE: https://github.com/ansible/ansible/issues/67792 NOTE: Upstream considers this intended functionality and delegates it up to the NOTE: playbook author to ensure they use the quote filter. CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...) {DLA-2202-1} - ansible 2.9.7+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735 NOTE: https://github.com/ansible/ansible/issues/67791 NOTE: https://github.com/ansible/ansible/pull/68921 NOTE: https://github.com/ansible/ansible/commit/8077d8e40148fe77e2393caa5f2b2ea855149d63 NOTE: When applying the fix for CVE-2020-1733 make sure to apply complete fix to NOTE: not open up CVE-2020-10744. CVE-2020-1732 (A flaw was found in Soteria before 1.0.1, in a way that multiple reque ...) - wildfly (bug #752018) CVE-2020-1731 (A flaw was found in all versions of the Keycloak operator, before vers ...) NOT-FOR-US: Keycloak CVE-2020-1730 (A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in t ...) - libssh 0.9.4-1 (bug #956308) [buster] - libssh 0.8.7-1+deb10u1 [stretch] - libssh (Vulnerable code introduced later) [jessie] - libssh (Vulnerable code introduced later) NOTE: https://www.libssh.org/security/advisories/CVE-2020-1730.txt NOTE: https://bugs.libssh.org/T213 NOTE: Introduced by: https://git.libssh.org/projects/libssh.git/commit/?id=84a85803b4c83b8dac03b0d0aba58b48c98253e6 (libssh-0.8.0) NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b36272eac1b36982598c10de7af0a501582de07a CVE-2020-1729 RESERVED NOT-FOR-US: SmallRye Config CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the pages ...) NOT-FOR-US: Keycloak CVE-2020-1727 (A vulnerability was found in Keycloak before 9.0.2, where every Author ...) NOT-FOR-US: Keycloak CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...) - libpod 1.6.4+dfsg1-3 (bug #961421) NOTE: Introduced in: https://github.com/containers/libpod/commit/997c4b56ed2121726e966afe9a102ed16ba78f93 (v1.6.0-rc1) NOTE: https://github.com/containers/libpod/pull/5168 NOTE: Fixed by: https://github.com/containers/libpod/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42 (v1.8.1-rc1) CVE-2020-1725 RESERVED CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This flaw allow ...) NOT-FOR-US: Keycloak CVE-2020-1723 RESERVED CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...) - freeipa (bug #966200) [buster] - freeipa (Minor issue) NOTE: https://pagure.io/freeipa/issue/8268 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793071 NOTE: https://pagure.io/freeipa/c/dbf5df4a66b68f62a9e063c43a30b46e539c603b (master) NOTE: https://pagure.io/freeipa/c/089a393581aa249ddec66ce1455fff4951cdb827 (ipa-4-8) CVE-2020-1721 RESERVED - dogtag-pki 10.9.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579 NOTE: https://github.com/dogtagpki/pki/commit/b3514113c867c9394dd84e313c55dc66f3e846b6 (v10.9.0-a2) CVE-2020-1720 (A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", whe ...) {DSA-4623-1 DSA-4622-1 DLA-2105-1} - postgresql-12 12.2-1 - postgresql-11 - postgresql-9.6 - postgresql-9.4 NOTE: https://www.postgresql.org/about/news/2011/ NOTE: Fixed in 12.2, 11.7, 10.12, 9.6.17, 9.5.21, and 9.4.26 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b048f558dd7c26a0c630a2cff29d3d8981eaf6b9 CVE-2020-1719 RESERVED - wildfly (bug #752018) CVE-2020-1718 (A flaw was found in the reset credential flow in all Keycloak versions ...) NOT-FOR-US: Keycloak CVE-2020-1717 RESERVED CVE-2020-1716 RESERVED NOT-FOR-US: ceph-ansible CVE-2020-1715 RESERVED CVE-2020-1714 (A flaw was found in Keycloak before version 11.0.0, where the code bas ...) NOT-FOR-US: Keycloak CVE-2020-1713 RESERVED CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before versio ...) - systemd 244.2-1 (bug #950732) [buster] - systemd 241-7~deb10u4 [stretch] - systemd (Can be fixed via point release) [jessie] - systemd (Vulnerable code introduced later) NOTE: https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation) NOTE: https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 (preparation) NOTE: https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab (preparation) NOTE: https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b (preparation) NOTE: https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 (introduce new API) NOTE: https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb (use new function to fix CVE-2020-1712) NOTE: https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation) NOTE: https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971 CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...) {DLA-2373-1 DLA-2144-1} - qemu 1:4.2-2 (bug #949731) [buster] - qemu 1:3.1+dfsg-8+deb10u4 - qemu-kvm NOTE: Upstream patch: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc (5.0) NOTE: https://www.openwall.com/lists/oss-security/2020/01/23/3 CVE-2020-1710 (The issue appears to be that JBoss EAP 6.4.21 does not parse the field ...) NOT-FOR-US: JBoss EAP CVE-2020-1709 (A vulnerability was found in all openshift/mediawiki 4.x.x versions pr ...) NOT-FOR-US: openshift CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all openshi ...) NOT-FOR-US: openshift CVE-2020-1707 (A vulnerability was found in all openshift/postgresql-apb 4.x.x versio ...) NOT-FOR-US: openshift CVE-2020-1706 (It has been found that in openshift-enterprise version 3.11 and opensh ...) NOT-FOR-US: openshift CVE-2020-1705 (A vulnerability was found in openshift/template-service-broker-operato ...) NOT-FOR-US: openshift CVE-2020-1704 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2020-1703 REJECTED CVE-2020-1702 RESERVED NOT-FOR-US: Red Hat container manager tooling CVE-2020-1701 RESERVED NOT-FOR-US: KubeVirt CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...) - ceph 14.2.7-1 [buster] - ceph (Minor issue) [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/42531 NOTE: https://github.com/ceph/ceph/pull/33017 NOTE: https://github.com/ceph/ceph/commit/ff72c50a2c43c57aead933eb4903ad1ca6d1748a CVE-2020-1699 (A path traversal flaw was found in the Ceph dashboard implemented in u ...) - ceph 14.2.6-4 (bug #949206) [buster] - ceph (Vulnerable code introduced later) [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/41320 NOTE: https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158 CVE-2020-1698 (A flaw was found in keycloak in versions before 9.0.0. A logged except ...) NOT-FOR-US: Keycloak CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to exter ...) NOT-FOR-US: Keycloak CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...) - dogtag-pki NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707 CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ...) - resteasy - resteasy3.0 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462 CVE-2020-1694 (A flaw was found in all versions of Keycloak before 10.0.0, where the ...) NOT-FOR-US: Keycloak CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...) NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...) - moodle CVE-2020-1691 RESERVED CVE-2020-1690 RESERVED NOT-FOR-US: openstack-selinux CVE-2020-1689 RESERVED CVE-2020-1688 RESERVED CVE-2020-1687 RESERVED CVE-2020-1686 RESERVED CVE-2020-1685 RESERVED CVE-2020-1684 RESERVED CVE-2020-1683 RESERVED CVE-2020-1682 RESERVED CVE-2020-1681 RESERVED CVE-2020-1680 RESERVED CVE-2020-1679 RESERVED CVE-2020-1678 RESERVED CVE-2020-1677 RESERVED CVE-2020-1676 RESERVED CVE-2020-1675 RESERVED CVE-2020-1674 RESERVED CVE-2020-1673 RESERVED CVE-2020-1672 RESERVED CVE-2020-1671 RESERVED CVE-2020-1670 RESERVED CVE-2020-1669 RESERVED CVE-2020-1668 RESERVED CVE-2020-1667 RESERVED CVE-2020-1666 RESERVED CVE-2020-1665 RESERVED CVE-2020-1664 RESERVED CVE-2020-1663 RESERVED CVE-2020-1662 RESERVED CVE-2020-1661 RESERVED CVE-2020-1660 RESERVED CVE-2020-1659 RESERVED CVE-2020-1658 RESERVED CVE-2020-1657 RESERVED CVE-2020-1656 RESERVED CVE-2020-1655 (When a device running Juniper Networks Junos OS with MPC7, MPC8, or MP ...) NOT-FOR-US: Juniper CVE-2020-1654 (On Juniper Networks SRX Series with ICAP (Internet Content Adaptation ...) NOT-FOR-US: Juniper CVE-2020-1653 (On Juniper Networks Junos OS devices, a stream of TCP packets sent to ...) NOT-FOR-US: Juniper CVE-2020-1652 (OpenNMS is accessible via port 9443 ...) NOT-FOR-US: OpenNMS CVE-2020-1651 (On Juniper Networks MX series, receipt of a stream of specific Layer 2 ...) NOT-FOR-US: Juniper CVE-2020-1650 (On Juniper Networks Junos MX Series with service card configured, rece ...) NOT-FOR-US: Juniper CVE-2020-1649 (When a device running Juniper Networks Junos OS with MPC7, MPC8, or MP ...) NOT-FOR-US: Juniper CVE-2020-1648 (On Juniper Networks Junos OS and Junos OS Evolved devices, processing ...) NOT-FOR-US: Juniper CVE-2020-1647 (On Juniper Networks SRX Series with ICAP (Internet Content Adaptation ...) NOT-FOR-US: Juniper CVE-2020-1646 (On Juniper Networks Junos OS and Junos OS Evolved devices, processing ...) NOT-FOR-US: Juniper CVE-2020-1645 (When DNS filtering is enabled on Juniper Networks Junos MX Series with ...) NOT-FOR-US: Juniper CVE-2020-1644 (On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt ...) NOT-FOR-US: Juniper CVE-2020-1643 (Execution of the "show ospf interface extensive" or "show ospf interfa ...) NOT-FOR-US: Juniper CVE-2020-1642 RESERVED CVE-2020-1641 (A Race Condition vulnerability in Juniper Networks Junos OS LLDP imple ...) NOT-FOR-US: Juniper CVE-2020-1640 (An improper use of a validation framework when processing incoming gen ...) NOT-FOR-US: Juniper CVE-2020-1639 (When an attacker sends a specific crafted Ethernet Operation, Administ ...) NOT-FOR-US: Juniper CVE-2020-1638 (The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and J ...) NOT-FOR-US: Juniper CVE-2020-1637 (A vulnerability in Juniper Networks SRX Series device configured as a ...) NOT-FOR-US: Juniper CVE-2020-1636 RESERVED CVE-2020-1635 RESERVED CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and when sp ...) NOT-FOR-US: Juniper CVE-2020-1633 (Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos ...) NOT-FOR-US: Juniper CVE-2020-1632 (In a certain condition, receipt of a specific BGP UPDATE message might ...) NOT-FOR-US: Juniper CVE-2020-1631 (A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentic ...) NOT-FOR-US: Juniper CVE-2020-1630 (A privilege escalation vulnerability in Juniper Networks Junos OS devi ...) NOT-FOR-US: Juniper CVE-2020-1629 (A race condition vulnerability on Juniper Network Junos OS devices may ...) NOT-FOR-US: Juniper CVE-2020-1628 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...) NOT-FOR-US: Juniper CVE-2020-1627 (A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices ...) NOT-FOR-US: Juniper CVE-2020-1626 (A vulnerability in Juniper Networks Junos OS Evolved may allow an atta ...) NOT-FOR-US: Juniper CVE-2020-1625 (The kernel memory usage represented as "temp" via 'show system virtual ...) NOT-FOR-US: Juniper CVE-2020-1624 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1623 (A local, authenticated user with shell can view sensitive configuratio ...) NOT-FOR-US: Juniper CVE-2020-1622 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1621 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1620 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1619 (A privilege escalation vulnerability in Juniper Networks QFX10K Series ...) NOT-FOR-US: Juniper CVE-2020-1618 (On Juniper Networks EX and QFX Series, an authentication bypass vulner ...) NOT-FOR-US: Juniper CVE-2020-1617 (This issue occurs on Juniper Networks Junos OS devices which do not su ...) NOT-FOR-US: Juniper CVE-2020-1616 (Due to insufficient server-side login attempt limit enforcement, a vul ...) NOT-FOR-US: Juniper CVE-2020-1615 (The factory configuration for vMX installations, as shipped, includes ...) NOT-FOR-US: Juniper CVE-2020-1614 (A Use of Hard-coded Credentials vulnerability exists in the NFX250 Ser ...) NOT-FOR-US: Juniper CVE-2020-1613 (A vulnerability in the BGP FlowSpec implementation may cause a Juniper ...) NOT-FOR-US: Juniper CVE-2020-1612 RESERVED CVE-2020-1611 (A Local File Inclusion vulnerability in Juniper Networks Junos Space a ...) NOT-FOR-US: Juniper CVE-2020-1610 RESERVED CVE-2020-1609 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1608 (Receipt of a specific MPLS or IPv6 packet on the core facing interface ...) NOT-FOR-US: Juniper CVE-2020-1607 (Insufficient Cross-Site Scripting (XSS) protection in J-Web may potent ...) NOT-FOR-US: Juniper CVE-2020-1606 (A path traversal vulnerability in the Juniper Networks Junos OS device ...) NOT-FOR-US: Juniper CVE-2020-1605 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1604 (On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the ...) NOT-FOR-US: Juniper CVE-2020-1603 (Specific IPv6 packets sent by clients processed by the Routing Engine ...) NOT-FOR-US: Juniper CVE-2020-1602 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1601 (Certain types of malformed Path Computation Element Protocol (PCEP) pa ...) NOT-FOR-US: Juniper CVE-2020-1600 (In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an ...) NOT-FOR-US: Juniper CVE-2020-1599 RESERVED CVE-2020-1598 (An elevation of privilege vulnerability exists when the Windows Univer ...) NOT-FOR-US: Microsoft CVE-2020-1597 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: Microsoft CVE-2020-1596 (A information disclosure vulnerability exists when TLS components use ...) NOT-FOR-US: Microsoft CVE-2020-1595 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1594 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1593 (A remote code execution vulnerability exists when Windows Media Audio ...) NOT-FOR-US: Microsoft CVE-2020-1592 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1591 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-1590 (An elevation of privilege vulnerability exists when the Connected User ...) NOT-FOR-US: Microsoft CVE-2020-1589 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1588 RESERVED CVE-2020-1587 (An elevation of privilege vulnerability exists when the Windows Ancill ...) NOT-FOR-US: Microsoft CVE-2020-1586 RESERVED CVE-2020-1585 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1584 (An elevation of privilege vulnerability exists in the way that the dns ...) NOT-FOR-US: Microsoft CVE-2020-1583 (An information disclosure vulnerability exists when Microsoft Word imp ...) NOT-FOR-US: Microsoft CVE-2020-1582 (A remote code execution vulnerability exists in Microsoft Access softw ...) NOT-FOR-US: Microsoft CVE-2020-1581 (An elevation of privilege vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-1580 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1579 (An elevation of privilege vulnerability exists when the Windows Functi ...) NOT-FOR-US: Microsoft CVE-2020-1578 (An information disclosure vulnerability exists in the Windows kernel t ...) NOT-FOR-US: Microsoft CVE-2020-1577 (An information disclosure vulnerability exists when DirectWrite improp ...) NOT-FOR-US: Microsoft CVE-2020-1576 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1575 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1574 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1573 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1572 RESERVED CVE-2020-1571 (An elevation of privilege vulnerability exists in Windows Setup in the ...) NOT-FOR-US: Microsoft CVE-2020-1570 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-1569 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2020-1568 (A remote code execution vulnerability exists when Microsoft Edge PDF R ...) NOT-FOR-US: Microsoft CVE-2020-1567 (A remote code execution vulnerability exists in the way that the MSHTM ...) NOT-FOR-US: Microsoft CVE-2020-1566 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1565 (An elevation of privilege vulnerability exists when the &quot;Publ ...) NOT-FOR-US: Microsoft CVE-2020-1564 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1563 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-1562 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1561 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1560 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1559 (An elevation of privilege vulnerability exists when the Windows Storag ...) NOT-FOR-US: Microsoft CVE-2020-1558 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1557 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1556 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1555 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-1554 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1553 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1552 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-1551 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1550 (An elevation of privilege vulnerability exists when the Windows CDP Us ...) NOT-FOR-US: Microsoft CVE-2020-1549 (An elevation of privilege vulnerability exists when the Windows CDP Us ...) NOT-FOR-US: Microsoft CVE-2020-1548 (An information disclosure vulnerability exists when the Windows WaasMe ...) NOT-FOR-US: Microsoft CVE-2020-1547 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1546 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1545 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1544 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1543 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1542 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1541 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1540 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1539 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1538 (An elevation of privilege vulnerability exists when the Windows UPnP D ...) NOT-FOR-US: Microsoft CVE-2020-1537 (An elevation of privilege vulnerability exists when the Windows Remote ...) NOT-FOR-US: Microsoft CVE-2020-1536 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1535 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1534 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1533 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1532 (An elevation of privilege vulnerability exists when the Windows Instal ...) NOT-FOR-US: Microsoft CVE-2020-1531 (An elevation of privilege vulnerability exists when the Windows Accoun ...) NOT-FOR-US: Microsoft CVE-2020-1530 (An elevation of privilege vulnerability exists when Windows Remote Acc ...) NOT-FOR-US: Microsoft CVE-2020-1529 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1528 (An elevation of privilege vulnerability exists when the Windows Radio ...) NOT-FOR-US: Microsoft CVE-2020-1527 (An elevation of privilege vulnerability exists when the Windows Custom ...) NOT-FOR-US: Microsoft CVE-2020-1526 (An elevation of privilege vulnerability exists when the Windows Networ ...) NOT-FOR-US: Microsoft CVE-2020-1525 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1524 (An elevation of privilege vulnerability exists when the Windows Speech ...) NOT-FOR-US: Microsoft CVE-2020-1523 (A tampering vulnerability exists when Microsoft SharePoint Server fail ...) NOT-FOR-US: Microsoft CVE-2020-1522 (An elevation of privilege vulnerability exists when the Windows Speech ...) NOT-FOR-US: Microsoft CVE-2020-1521 (An elevation of privilege vulnerability exists when the Windows Speech ...) NOT-FOR-US: Microsoft CVE-2020-1520 (A remote code execution vulnerability exists when the Windows Font Dri ...) NOT-FOR-US: Microsoft CVE-2020-1519 (An elevation of privilege vulnerability exists when the Windows UPnP D ...) NOT-FOR-US: Microsoft CVE-2020-1518 (An elevation of privilege vulnerability exists when the Windows File S ...) NOT-FOR-US: Microsoft CVE-2020-1517 (An elevation of privilege vulnerability exists when the Windows File S ...) NOT-FOR-US: Microsoft CVE-2020-1516 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-1515 (An elevation of privilege vulnerability exists when the Windows Teleph ...) NOT-FOR-US: Microsoft CVE-2020-1514 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1513 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-1512 (An information disclosure vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1511 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-1510 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-1509 (An elevation of privilege vulnerability exists in the Local Security A ...) NOT-FOR-US: Microsoft CVE-2020-1508 (A remote code execution vulnerability exists when Windows Media Audio ...) NOT-FOR-US: Microsoft CVE-2020-1507 (An elevation of privilege vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-1506 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1505 (An information disclosure vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2020-1504 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1503 (An information disclosure vulnerability exists when Microsoft Word imp ...) NOT-FOR-US: Microsoft CVE-2020-1502 (An information disclosure vulnerability exists when Microsoft Word imp ...) NOT-FOR-US: Microsoft CVE-2020-1501 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1500 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1499 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1498 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1497 (An information disclosure vulnerability exists when Microsoft Excel im ...) NOT-FOR-US: Microsoft CVE-2020-1496 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1495 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1494 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1493 (An information disclosure vulnerability exists when attaching files to ...) NOT-FOR-US: Microsoft CVE-2020-1492 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1491 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1490 (An elevation of privilege vulnerability exists when the Storage Servic ...) NOT-FOR-US: Microsoft CVE-2020-1489 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-1488 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2020-1487 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-1486 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1485 (An information disclosure vulnerability exists when the Windows Image ...) NOT-FOR-US: Microsoft CVE-2020-1484 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-1483 (A remote code execution vulnerability exists in Microsoft Outlook when ...) NOT-FOR-US: Microsoft CVE-2020-1482 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1481 (A remote code execution vulnerability exists in the ESLint extension f ...) NOT-FOR-US: Microsoft CVE-2020-1480 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1479 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-1478 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1477 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1476 (An elevation of privilege vulnerability exists when ASP.NET or .NET we ...) NOT-FOR-US: Microsoft CVE-2020-1475 (An elevation of privilege vulnerability exists in the way that the srm ...) NOT-FOR-US: Microsoft CVE-2020-1474 (An information disclosure vulnerability exists when the Windows Image ...) NOT-FOR-US: Microsoft CVE-2020-1473 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1472 (An elevation of privilege vulnerability exists when an attacker establ ...) - samba NOTE: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 NOTE: Originally a Microsoft only CVE but it was found that the ZeroLogon attack NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14497 NOTE: Mitigation: server schannel = yes; but code changes planned. NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/2 NOTE: https://www.samba.org/samba/security/CVE-2020-1472.html CVE-2020-1471 (An elevation of privilege vulnerability exists when Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2020-1470 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-1469 (A denial of service vulnerability exists when the .NET implementation ...) NOT-FOR-US: Microsoft CVE-2020-1468 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1467 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1466 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...) NOT-FOR-US: Microsoft CVE-2020-1465 (An elevation of privilege vulnerability exists in Microsoft OneDrive t ...) NOT-FOR-US: Microsoft CVE-2020-1464 (A spoofing vulnerability exists when Windows incorrectly validates fil ...) NOT-FOR-US: Microsoft CVE-2020-1463 (An elevation of privilege vulnerability exists in the way that the Sha ...) NOT-FOR-US: Microsoft CVE-2020-1462 (An information disclosure vulnerability exists when Skype for Business ...) NOT-FOR-US: Microsoft CVE-2020-1461 (An elevation of privilege vulnerability exists when the MpSigStub.exe ...) NOT-FOR-US: Microsoft CVE-2020-1460 (A remote code execution vulnerability exists in Microsoft SharePoint S ...) NOT-FOR-US: Microsoft CVE-2020-1459 (An information disclosure vulnerability exists on ARM implementations ...) NOT-FOR-US: Microsoft CVE-2020-1458 (A remote code execution vulnerability exists when Microsoft Office imp ...) NOT-FOR-US: Microsoft CVE-2020-1457 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1456 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1455 (A denial of service vulnerability exists when Microsoft SQL Server Man ...) NOT-FOR-US: Microsoft CVE-2020-1454 (This vulnerability is caused when SharePoint Server does not properly ...) NOT-FOR-US: Microsoft CVE-2020-1453 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1452 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1451 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1450 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1449 (A remote code execution vulnerability exists in Microsoft Project soft ...) NOT-FOR-US: Microsoft CVE-2020-1448 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-1447 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-1446 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-1445 (An information disclosure vulnerability exists when Microsoft Office i ...) NOT-FOR-US: Microsoft CVE-2020-1444 (A remote code execution vulnerability exists in the way Microsoft Shar ...) NOT-FOR-US: Microsoft CVE-2020-1443 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1442 (A spoofing vulnerability exists when an Office Web Apps server does no ...) NOT-FOR-US: Microsoft CVE-2020-1441 RESERVED CVE-2020-1440 (A tampering vulnerability exists when Microsoft SharePoint Server fail ...) NOT-FOR-US: Microsoft CVE-2020-1439 (A remote code execution vulnerability exists in PerformancePoint Servi ...) NOT-FOR-US: Microsoft CVE-2020-1438 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1437 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1436 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2020-1435 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-1434 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1433 (An information disclosure vulnerability exists when Microsoft Edge PDF ...) NOT-FOR-US: Microsoft CVE-2020-1432 (An information disclosure vulnerability exists when Skype for Business ...) NOT-FOR-US: Microsoft CVE-2020-1431 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2020-1430 (An elevation of privilege vulnerability exists when the Windows UPnP D ...) NOT-FOR-US: Microsoft CVE-2020-1429 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-1428 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1427 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1426 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1425 (A remoted code execution vulnerability exists in the way that Microsof ...) NOT-FOR-US: Microsoft CVE-2020-1424 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-1423 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1422 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1421 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-1420 (An information disclosure vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-1419 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1418 (An elevation of privilege vulnerability exists when the Windows Diagno ...) NOT-FOR-US: Microsoft CVE-2020-1417 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1416 (An elevation of privilege vulnerability exists in Visual Studio and Vi ...) NOT-FOR-US: Microsoft CVE-2020-1415 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1414 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1413 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1412 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1411 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1410 (A remote code execution vulnerability exists when Windows Address Book ...) NOT-FOR-US: Microsoft CVE-2020-1409 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2020-1408 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2020-1407 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1406 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1405 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-1404 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1403 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1402 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-1401 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1400 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1399 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1398 (An elevation of privilege vulnerability exists when Windows Lockscreen ...) NOT-FOR-US: Microsoft CVE-2020-1397 (An information disclosure vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1396 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1395 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1394 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1393 (An elevation of privilege vulnerability exists when the Windows Diagno ...) NOT-FOR-US: Microsoft CVE-2020-1392 (An elevation of privilege vulnerability exists when the Windows Delive ...) NOT-FOR-US: Microsoft CVE-2020-1391 (An information disclosure vulnerability exists when the Windows Agent ...) NOT-FOR-US: Microsoft CVE-2020-1390 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1389 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1388 (An elevation of privilege vulnerability exists in the way that the psm ...) NOT-FOR-US: Microsoft CVE-2020-1387 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1386 (An information vulnerability exists when Windows Connected User Experi ...) NOT-FOR-US: Microsoft CVE-2020-1385 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1384 (An elevation of privilege vulnerability exists when the Windows Crypto ...) NOT-FOR-US: Microsoft CVE-2020-1383 (An information disclosure vulnerability exists in RPC if the server ha ...) NOT-FOR-US: Microsoft CVE-2020-1382 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-1381 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-1380 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-1379 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1378 (An elevation of privilege vulnerability exists when the Windows Kernel ...) NOT-FOR-US: Microsoft CVE-2020-1377 (An elevation of privilege vulnerability exists when the Windows Kernel ...) NOT-FOR-US: Microsoft CVE-2020-1376 (An elevation of privilege vulnerability exists in the way that fdSSDP. ...) NOT-FOR-US: Microsoft CVE-2020-1375 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1374 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-1373 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1372 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-1371 (An elevation of privilege vulnerability exists when the Windows Event ...) NOT-FOR-US: Microsoft CVE-2020-1370 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1369 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1368 (An elevation of privilege vulnerability exists in the way that the Cre ...) NOT-FOR-US: Microsoft CVE-2020-1367 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1366 (An elevation of privilege vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2020-1365 (An elevation of privilege vulnerability exists when the Windows Event ...) NOT-FOR-US: Microsoft CVE-2020-1364 (A denial of service vulnerability exists in the way that the WalletSer ...) NOT-FOR-US: Microsoft CVE-2020-1363 (An elevation of privilege vulnerability exists when the Windows Picker ...) NOT-FOR-US: Microsoft CVE-2020-1362 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1361 (An information disclosure vulnerability exists in the way that the Wal ...) NOT-FOR-US: Microsoft CVE-2020-1360 (An elevation of privilege vulnerability exists when the Windows Profil ...) NOT-FOR-US: Microsoft CVE-2020-1359 (An elevation of privilege vulnerability exists when the Windows Crypto ...) NOT-FOR-US: Microsoft CVE-2020-1358 (An information disclosure vulnerability exists when the Windows Resour ...) NOT-FOR-US: Microsoft CVE-2020-1357 (An elevation of privilege vulnerability exists when the Windows System ...) NOT-FOR-US: Microsoft CVE-2020-1356 (An elevation of privilege vulnerability exists when the Windows iSCSI ...) NOT-FOR-US: Microsoft CVE-2020-1355 (A remote code execution vulnerability exists when the Windows Font Dri ...) NOT-FOR-US: Microsoft CVE-2020-1354 (An elevation of privilege vulnerability exists when the Windows UPnP D ...) NOT-FOR-US: Microsoft CVE-2020-1353 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1352 (An elevation of privilege vulnerability exists when the Windows USO Co ...) NOT-FOR-US: Microsoft CVE-2020-1351 (An information disclosure vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-1350 (A remote code execution vulnerability exists in Windows Domain Name Sy ...) NOT-FOR-US: Microsoft CVE-2020-1349 (A remote code execution vulnerability exists in Microsoft Outlook soft ...) NOT-FOR-US: Microsoft CVE-2020-1348 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1347 (An elevation of privilege vulnerability exists when the Windows Storag ...) NOT-FOR-US: Microsoft CVE-2020-1346 (An elevation of privilege vulnerability exists when the Windows Module ...) NOT-FOR-US: Microsoft CVE-2020-1345 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1344 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1343 (An information disclosure vulnerability exists in Visual Studio Code L ...) NOT-FOR-US: Microsoft CVE-2020-1342 (An information disclosure vulnerability exists when Microsoft Office s ...) NOT-FOR-US: Microsoft CVE-2020-1341 RESERVED CVE-2020-1340 (A spoofing vulnerability exists when the NuGetGallery does not properl ...) NOT-FOR-US: Microsoft CVE-2020-1339 (A remote code execution vulnerability exists when Windows Media Audio ...) NOT-FOR-US: Microsoft CVE-2020-1338 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-1337 (An elevation of privilege vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2020-1336 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1335 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1334 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1333 (An elevation of privilege vulnerability exists when Group Policy Servi ...) NOT-FOR-US: Microsoft CVE-2020-1332 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1331 (A spoofing vulnerability exists when System Center Operations Manager ...) NOT-FOR-US: Microsoft CVE-2020-1330 (An information disclosure vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-1329 (A spoofing vulnerability exists when Microsoft Bing Search for Android ...) NOT-FOR-US: Microsoft CVE-2020-1328 RESERVED CVE-2020-1327 (A spoofing vulnerability exists in Microsoft Azure DevOps Server when ...) NOT-FOR-US: Microsoft CVE-2020-1326 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2020-1325 RESERVED CVE-2020-1324 (An elevation of privilege (user to user) vulnerability exists in Windo ...) NOT-FOR-US: Microsoft CVE-2020-1323 (An open redirect vulnerability exists in Microsoft SharePoint that cou ...) NOT-FOR-US: Microsoft CVE-2020-1322 (An information disclosure vulnerability exists when Microsoft Project ...) NOT-FOR-US: Microsoft CVE-2020-1321 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-1320 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1319 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1318 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1317 (An elevation of privilege vulnerability exists when Group Policy impro ...) NOT-FOR-US: Microsoft CVE-2020-1316 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1315 (An information disclosure vulnerability exists when Internet Explorer ...) NOT-FOR-US: Microsoft CVE-2020-1314 (An elevation of privilege vulnerability exists in Windows Text Service ...) NOT-FOR-US: Microsoft CVE-2020-1313 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-1312 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-1311 (An elevation of privilege vulnerability exists when Component Object M ...) NOT-FOR-US: Microsoft CVE-2020-1310 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1309 (An elevation of privilege vulnerability exists when the Microsoft Stor ...) NOT-FOR-US: Microsoft CVE-2020-1308 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-1307 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1306 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1305 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1304 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1303 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1302 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-1301 (A remote code execution vulnerability exists in the way that the Micro ...) NOT-FOR-US: Microsoft CVE-2020-1300 (A remote code execution vulnerability exists when Microsoft Windows fa ...) NOT-FOR-US: Microsoft CVE-2020-1299 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-1298 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1297 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1296 (A vulnerability exists in the way the Windows Diagnostics &amp; fe ...) NOT-FOR-US: Microsoft CVE-2020-1295 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...) NOT-FOR-US: Microsoft CVE-2020-1294 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1293 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1292 (An elevation of privilege vulnerability exists in OpenSSH for Windows ...) NOT-FOR-US: Microsoft CVE-2020-1291 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1290 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-1289 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1288 RESERVED CVE-2020-1287 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1286 (A remote code execution vulnerability exists when the Windows Shell do ...) NOT-FOR-US: Microsoft CVE-2020-1285 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-1284 (A denial of service vulnerability exists in the way that the Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1283 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2020-1282 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1281 (A remote code execution vulnerability exists when Microsoft Windows OL ...) NOT-FOR-US: Microsoft CVE-2020-1280 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1279 (An elevation of privilege vulnerability exists when Windows Lockscreen ...) NOT-FOR-US: Microsoft CVE-2020-1278 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1277 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-1276 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1275 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1274 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1273 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1272 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-1271 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1270 (An elevation of privilege vulnerability exists in the way that the wla ...) NOT-FOR-US: Microsoft CVE-2020-1269 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1268 (An information disclosure vulnerability exists when a Windows service ...) NOT-FOR-US: Microsoft CVE-2020-1267 (This security update corrects a denial of service in the Local Securit ...) NOT-FOR-US: Microsoft CVE-2020-1266 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1265 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1264 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1263 (An information disclosure vulnerability exists in the way Windows Erro ...) NOT-FOR-US: Microsoft CVE-2020-1262 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1261 (An information disclosure vulnerability exists in the way Windows Erro ...) NOT-FOR-US: Microsoft CVE-2020-1260 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1259 (A security feature bypass vulnerability exists when Windows Host Guard ...) NOT-FOR-US: Microsoft CVE-2020-1258 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-1257 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1256 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1255 (An elevation of privilege vulnerability exists when the Windows Backgr ...) NOT-FOR-US: Microsoft CVE-2020-1254 (An elevation of privilege vulnerability exists when Windows Modules In ...) NOT-FOR-US: Microsoft CVE-2020-1253 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1252 (A remote code execution vulnerability exists when Windows improperly h ...) NOT-FOR-US: Microsoft CVE-2020-1251 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1250 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-1249 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1248 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-1247 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1246 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1245 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1244 (A denial of service vulnerability exists when Connected User Experienc ...) NOT-FOR-US: Microsoft CVE-2020-1243 RESERVED CVE-2020-1242 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-1241 (A security feature bypass vulnerability exists when Windows Kernel fai ...) NOT-FOR-US: Microsoft CVE-2020-1240 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1239 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1238 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1237 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1236 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1235 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1234 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-1233 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1232 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-1231 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1230 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1229 (A security feature bypass vulnerability exists in Microsoft Outlook wh ...) NOT-FOR-US: Microsoft CVE-2020-1228 (A denial of service vulnerability exists in Windows DNS when it fails ...) NOT-FOR-US: Microsoft CVE-2020-1227 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1226 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1225 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1224 (An information disclosure vulnerability exists when Microsoft Excel im ...) NOT-FOR-US: Microsoft CVE-2020-1223 (A remote code execution vulnerability exists when Microsoft Word for A ...) NOT-FOR-US: Microsoft CVE-2020-1222 (An elevation of privilege vulnerability exists when the Microsoft Stor ...) NOT-FOR-US: Microsoft CVE-2020-1221 RESERVED CVE-2020-1220 (A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based ...) NOT-FOR-US: Microsoft CVE-2020-1219 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1218 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-1217 (An information disclosure vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1216 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1215 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1214 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1213 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1212 (An elevation of privilege vulnerability exists when an OLE Automation ...) NOT-FOR-US: Microsoft CVE-2020-1211 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-1210 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1209 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1208 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1207 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1206 (An information disclosure vulnerability exists in the way that the Mic ...) NOT-FOR-US: Microsoft CVE-2020-1205 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1204 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-1203 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1202 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1201 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1200 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1199 (An elevation of privilege vulnerability exists when the Windows Feedba ...) NOT-FOR-US: Microsoft CVE-2020-1198 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1197 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-1196 (An elevation of privilege vulnerability exists in the way that the pri ...) NOT-FOR-US: Microsoft CVE-2020-1195 (An elevation of privilege vulnerability exists in Microsoft Edge (Chro ...) NOT-FOR-US: Microsoft CVE-2020-1194 (A denial of service vulnerability exists when Windows Registry imprope ...) NOT-FOR-US: Microsoft CVE-2020-1193 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1192 (A remote code execution vulnerability exists in Visual Studio Code whe ...) NOT-FOR-US: Microsoft CVE-2020-1191 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1190 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1189 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1188 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1187 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1186 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1185 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1184 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1183 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1182 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...) NOT-FOR-US: Microsoft CVE-2020-1181 (A remote code execution vulnerability exists in Microsoft SharePoint S ...) NOT-FOR-US: Microsoft CVE-2020-1180 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1179 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1178 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2020-1177 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1176 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1175 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1174 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1173 (A spoofing vulnerability exists in Microsoft Power BI Report Server in ...) NOT-FOR-US: Microsoft CVE-2020-1172 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1171 (A remote code execution vulnerability exists in Visual Studio Code whe ...) NOT-FOR-US: Microsoft CVE-2020-1170 (An elevation of privilege vulnerability exists in Windows Defender tha ...) NOT-FOR-US: Microsoft CVE-2020-1169 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1168 RESERVED CVE-2020-1167 RESERVED CVE-2020-1166 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1165 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1164 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1163 (An elevation of privilege vulnerability exists in Windows Defender tha ...) NOT-FOR-US: Microsoft CVE-2020-1162 (An elevation of privilege (user to user) vulnerability exists in Windo ...) NOT-FOR-US: Microsoft CVE-2020-1161 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: Microsoft .NET CVE-2020-1160 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-1159 (An elevation of privilege vulnerability exists in the way that the Sta ...) NOT-FOR-US: Microsoft CVE-2020-1158 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1157 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1156 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1155 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1154 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-1153 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1152 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1151 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1150 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1149 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1148 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1147 (A remote code execution vulnerability exists in .NET Framework, Micros ...) NOT-FOR-US: Microsoft .NET CVE-2020-1146 (An elevation of privilege vulnerability exists when the Microsoft Stor ...) NOT-FOR-US: Microsoft CVE-2020-1145 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1144 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1143 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1142 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1141 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1140 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-1139 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1138 (An elevation of privilege vulnerability exists when the Storage Servic ...) NOT-FOR-US: Microsoft CVE-2020-1137 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1136 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1135 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-1134 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1133 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1132 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-1131 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1130 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1129 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1128 RESERVED CVE-2020-1127 RESERVED CVE-2020-1126 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1125 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1124 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1123 (A denial of service vulnerability exists when Connected User Experienc ...) NOT-FOR-US: Microsoft CVE-2020-1122 (An elevation of privilege vulnerability exists when the Windows Langua ...) NOT-FOR-US: Microsoft CVE-2020-1121 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1120 (A denial of service vulnerability exists when Connected User Experienc ...) NOT-FOR-US: Microsoft CVE-2020-1119 (An information disclosure vulnerability exists when StartTileData.dll ...) NOT-FOR-US: Microsoft CVE-2020-1118 (A denial of service vulnerability exists in the Windows implementation ...) NOT-FOR-US: Microsoft CVE-2020-1117 (A remote code execution vulnerability exists in the way that the Color ...) NOT-FOR-US: Microsoft CVE-2020-1116 (An information disclosure vulnerability exists when the Windows Client ...) NOT-FOR-US: Microsoft CVE-2020-1115 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-1114 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1113 (A security feature bypass vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2020-1112 (An elevation of privilege vulnerability exists when the Windows Backgr ...) NOT-FOR-US: Microsoft CVE-2020-1111 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1110 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-1109 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-1108 (A denial of service vulnerability exists when .NET Core or .NET Framew ...) NOT-FOR-US: Microsoft .NET CVE-2020-1107 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1106 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1105 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1104 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1103 (An information disclosure vulnerability exists where certain modes of ...) NOT-FOR-US: Microsoft CVE-2020-1102 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1101 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1100 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1099 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1098 (An elevation of privilege vulnerability exists when the Shell infrastr ...) NOT-FOR-US: Microsoft CVE-2020-1097 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1096 (A remote code execution vulnerability exists when Microsoft Edge PDF R ...) NOT-FOR-US: Microsoft CVE-2020-1095 RESERVED CVE-2020-1094 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-1093 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1092 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-1091 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1090 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1089 RESERVED CVE-2020-1088 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-1087 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1086 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1085 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1084 (A Denial Of Service vulnerability exists when Connected User Experienc ...) NOT-FOR-US: Microsoft CVE-2020-1083 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-1082 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-1081 (An elevation of privilege vulnerability exists when the Windows Printe ...) NOT-FOR-US: Microsoft CVE-2020-1080 RESERVED CVE-2020-1079 (An elevation of privilege vulnerability exists when the Windows fails ...) NOT-FOR-US: Microsoft CVE-2020-1078 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-1077 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1076 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2020-1075 (An information disclosure vulnerability exists when Windows Subsystem ...) NOT-FOR-US: Microsoft CVE-2020-1074 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1073 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1072 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1071 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1070 (An elevation of privilege vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2020-1069 (A remote code execution vulnerability exists in Microsoft SharePoint S ...) NOT-FOR-US: Microsoft CVE-2020-1068 (An elevation of privilege vulnerability exists in Windows Media Servic ...) NOT-FOR-US: Microsoft CVE-2020-1067 (A remote code execution vulnerability exists in the way that Windows h ...) NOT-FOR-US: Microsoft CVE-2020-1066 (An elevation of privilege vulnerability exists in .NET Framework which ...) NOT-FOR-US: Microsoft CVE-2020-1065 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1064 (A remote code execution vulnerability exists in the way that the MSHTM ...) NOT-FOR-US: Microsoft CVE-2020-1063 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-1062 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-1061 (A remote code execution vulnerability exists in the way that the Micro ...) NOT-FOR-US: Microsoft CVE-2020-1060 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1059 (A spoofing vulnerability exists when Microsoft Edge does not properly ...) NOT-FOR-US: Microsoft CVE-2020-1058 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1057 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1056 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...) NOT-FOR-US: Microsoft CVE-2020-1055 (A cross-site-scripting (XSS) vulnerability exists when Active Director ...) NOT-FOR-US: Microsoft CVE-2020-1054 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1053 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-1052 (An elevation of privilege vulnerability exists in the way that the ssd ...) NOT-FOR-US: Microsoft CVE-2020-1051 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1050 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-1049 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-1048 (An elevation of privilege vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2020-1047 RESERVED CVE-2020-1046 (A remote code execution vulnerability exists when Microsoft .NET Frame ...) NOT-FOR-US: Microsoft CVE-2020-1045 (A security feature bypass vulnerability exists in the way Microsoft AS ...) - dotnet-core-3.1 (bug #968921) CVE-2020-1044 (A security feature bypass vulnerability exists in SQL Server Reporting ...) NOT-FOR-US: Microsoft CVE-2020-1043 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1042 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1041 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1040 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1039 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1038 (A denial of service vulnerability exists when Windows Routing Utilitie ...) NOT-FOR-US: Microsoft CVE-2020-1037 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1036 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1035 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1034 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1033 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1032 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1031 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1030 (An elevation of privilege vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2020-1029 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-1028 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1027 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1026 (A Security Feature Bypass vulnerability exists in the MSR JavaScript C ...) NOT-FOR-US: Microsoft CVE-2020-1025 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2020-1024 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1023 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1022 (A remote code execution vulnerability exists in Microsoft Dynamics Bus ...) NOT-FOR-US: Microsoft CVE-2020-1021 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-1020 (A remote code execution vulnerability exists in Microsoft Windows when ...) NOT-FOR-US: Microsoft CVE-2020-1019 (An elevation of privilege vulnerability exists in RMS Sharing App for ...) NOT-FOR-US: Microsoft CVE-2020-1018 (An information disclosure vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-1017 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1016 (An information disclosure vulnerability exists when the Windows Push N ...) NOT-FOR-US: Microsoft CVE-2020-1015 (An elevation of privilege vulnerability exists in the way that the Use ...) NOT-FOR-US: Microsoft CVE-2020-1014 (An elevation of privilege vulnerability exists in the Microsoft Window ...) NOT-FOR-US: Microsoft CVE-2020-1013 (An elevation of privilege vulnerability exists when Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2020-1012 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1011 (An elevation of privilege vulnerability exists when the Windows System ...) NOT-FOR-US: Microsoft CVE-2020-1010 (An elevation of privilege vulnerability exists in Windows Block Level ...) NOT-FOR-US: Microsoft CVE-2020-1009 (An elevation of privilege vulnerability exists in the way that the Mic ...) NOT-FOR-US: Microsoft CVE-2020-1008 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1007 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1006 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1005 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-1004 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-1003 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1002 (An elevation of privilege vulnerability exists when the MpSigStub.exe ...) NOT-FOR-US: Microsoft CVE-2020-1001 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1000 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0999 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0998 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0997 (A remote code execution vulnerability exists when the Windows Camera C ...) NOT-FOR-US: Microsoft CVE-2020-0996 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0995 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0994 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0993 (A denial of service vulnerability exists in Windows DNS when it fails ...) NOT-FOR-US: Microsoft CVE-2020-0992 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0991 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-0990 RESERVED CVE-2020-0989 (An information disclosure vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-0988 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0987 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0986 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0985 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0984 (An elevation of privilege vulnerability exists when the Microsoft Auto ...) NOT-FOR-US: Microsoft CVE-2020-0983 (An elevation of privilege vulnerability exists when the Windows Delive ...) NOT-FOR-US: Microsoft CVE-2020-0982 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0981 (A security feature bypass vulnerability exists when Windows fails to p ...) NOT-FOR-US: Microsoft CVE-2020-0980 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0979 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0978 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0977 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0976 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0975 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0974 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0973 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0972 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0971 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0970 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0969 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0968 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0967 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0966 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0965 (A remoted code execution vulnerability exists in the way that Microsof ...) NOT-FOR-US: Microsoft CVE-2020-0964 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-0963 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0962 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0961 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2020-0960 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0959 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0958 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0957 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0956 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0955 (An information disclosure vulnerability exists when certain central pr ...) NOT-FOR-US: Microsoft CVE-2020-0954 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0953 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0952 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0951 (A security feature bypass vulnerability exists in Windows Defender App ...) NOT-FOR-US: Microsoft CVE-2020-0950 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0949 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0948 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0947 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0946 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0945 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0944 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-0943 (An authentication bypass vulnerability exists in Microsoft YourPhoneCo ...) NOT-FOR-US: Microsoft CVE-2020-0942 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-0941 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0940 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-0939 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0938 (A remote code execution vulnerability exists in Microsoft Windows when ...) NOT-FOR-US: Microsoft CVE-2020-0937 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0936 (An elevation of privilege vulnerability exists when a Windows schedule ...) NOT-FOR-US: Microsoft CVE-2020-0935 (An elevation of privilege vulnerability exists when the OneDrive for W ...) NOT-FOR-US: Microsoft CVE-2020-0934 (An elevation of privilege vulnerability exists when the Windows WpcDes ...) NOT-FOR-US: Microsoft CVE-2020-0933 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0932 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0931 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0930 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0929 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0928 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0927 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0926 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0925 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0924 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0923 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0922 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-0921 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0920 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0919 (An elevation of privilege vulnerability exists in Remote Desktop App f ...) NOT-FOR-US: Microsoft CVE-2020-0918 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...) NOT-FOR-US: Microsoft CVE-2020-0917 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...) NOT-FOR-US: Microsoft CVE-2020-0916 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0915 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0914 (An information disclosure vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-0913 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0912 (An elevation of privilege vulnerability exists when the Windows Functi ...) NOT-FOR-US: Microsoft CVE-2020-0911 (An elevation of privilege vulnerability exists when Windows Modules In ...) NOT-FOR-US: Microsoft CVE-2020-0910 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2020-0909 (A denial of service vulnerability exists when Hyper-V on a Windows Ser ...) NOT-FOR-US: Microsoft CVE-2020-0908 (A remote code execution vulnerability exists when the Windows Text Ser ...) NOT-FOR-US: Microsoft CVE-2020-0907 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-0906 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0905 (An remote code execution vulnerability exists in Microsoft Dynamics Bu ...) NOT-FOR-US: Microsoft CVE-2020-0904 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0903 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Excha ...) NOT-FOR-US: Microsoft CVE-2020-0902 (An elevation of privilege vulnerability exists in Service Fabric File ...) NOT-FOR-US: Microsoft CVE-2020-0901 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0900 (An elevation of privilege vulnerability exists when the Visual Studio ...) NOT-FOR-US: Microsoft CVE-2020-0899 (An elevation of privilege vulnerability exists when Microsoft Visual S ...) NOT-FOR-US: Microsoft CVE-2020-0898 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0897 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0896 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0895 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0894 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0893 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0892 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0891 (This vulnerability is caused when SharePoint Server does not properly ...) NOT-FOR-US: Microsoft CVE-2020-0890 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0889 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0888 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0887 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0886 (An elevation of privilege vulnerability exists when the Windows Storag ...) NOT-FOR-US: Microsoft CVE-2020-0885 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0884 (A spoofing vulnerability exists in Microsoft Visual Studio as it inclu ...) NOT-FOR-US: Microsoft CVE-2020-0883 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-0882 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0881 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-0880 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0879 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0878 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-0877 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0876 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0875 (An information disclosure vulnerability exists in how splwow64.exe han ...) NOT-FOR-US: Microsoft CVE-2020-0874 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0873 RESERVED CVE-2020-0872 (A remote code execution vulnerability exists in Application Inspector ...) NOT-FOR-US: Microsoft CVE-2020-0871 (An information disclosure vulnerability exists when Windows Network Co ...) NOT-FOR-US: Microsoft CVE-2020-0870 (An elevation of privilege vulnerability exists when the Shell infrastr ...) NOT-FOR-US: Microsoft CVE-2020-0869 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0868 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0867 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0866 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0865 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0864 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0863 (An information vulnerability exists when Windows Connected User Experi ...) NOT-FOR-US: Microsoft CVE-2020-0862 RESERVED CVE-2020-0861 (An information disclosure vulnerability exists when the Windows Networ ...) NOT-FOR-US: Microsoft CVE-2020-0860 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0859 (An information vulnerability exists when Windows Modules Installer Ser ...) NOT-FOR-US: Microsoft CVE-2020-0858 (An elevation of privilege vulnerability exists when the &quot;Publ ...) NOT-FOR-US: Microsoft CVE-2020-0857 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0856 (An information disclosure vulnerability exists when Active Directory i ...) NOT-FOR-US: Microsoft CVE-2020-0855 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0854 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-0853 (An information disclosure vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0852 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0851 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0850 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0849 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0848 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0847 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0846 RESERVED CVE-2020-0845 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0844 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-0843 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0842 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0841 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0840 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0839 (An elevation of privilege vulnerability exists in the way that the dns ...) NOT-FOR-US: Microsoft CVE-2020-0838 (An elevation of privilege vulnerability exists when NTFS improperly ch ...) NOT-FOR-US: Microsoft CVE-2020-0837 (A spoofing vulnerability exists when Active Directory Federation Servi ...) NOT-FOR-US: Microsoft CVE-2020-0836 (A denial of service vulnerability exists in Windows DNS when it fails ...) NOT-FOR-US: Microsoft CVE-2020-0835 (An elevation of privilege vulnerability exists when Windows Defender a ...) NOT-FOR-US: Microsoft CVE-2020-0834 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0833 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0832 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0831 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0830 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2020-0829 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0828 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0827 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0826 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0825 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0824 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-0823 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0822 (An elevation of privilege vulnerability exists when the Windows Langua ...) NOT-FOR-US: Microsoft CVE-2020-0821 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0820 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0819 (An elevation of privilege vulnerability exists when the Windows Device ...) NOT-FOR-US: Microsoft CVE-2020-0818 RESERVED CVE-2020-0817 RESERVED CVE-2020-0816 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2020-0815 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...) NOT-FOR-US: Microsoft CVE-2020-0814 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0813 (An information disclosure vulnerability exists when Chakra improperly ...) NOT-FOR-US: Microsoft CVE-2020-0812 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0811 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0810 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-0809 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0808 (An elevation of privilege vulnerability exists in the way the Provisio ...) NOT-FOR-US: Microsoft CVE-2020-0807 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0806 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0805 (A security feature bypass vulnerability exists when a Windows Projecte ...) NOT-FOR-US: Microsoft CVE-2020-0804 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0803 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0802 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0801 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0800 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0799 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2020-0798 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0797 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0796 (A remote code execution vulnerability exists in the way that the Micro ...) NOT-FOR-US: Microsoft CVE-2020-0795 (This vulnerability is caused when SharePoint Server does not properly ...) NOT-FOR-US: Microsoft CVE-2020-0794 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2020-0793 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-0792 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0791 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0790 (A local elevation of privilege vulnerability exists in how splwow64.ex ...) NOT-FOR-US: Microsoft CVE-2020-0789 (A denial of service vulnerability exists when the Visual Studio Extens ...) NOT-FOR-US: Microsoft CVE-2020-0788 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0787 (An elevation of privilege vulnerability exists when the Windows Backgr ...) NOT-FOR-US: Microsoft CVE-2020-0786 (A denial of service vulnerability exists when the Windows Tile Object ...) NOT-FOR-US: Microsoft CVE-2020-0785 (An elevation of privilege vulnerability exists when the Windows User P ...) NOT-FOR-US: Microsoft CVE-2020-0784 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0783 (An elevation of privilege vulnerability exists when the Windows Univer ...) NOT-FOR-US: Microsoft CVE-2020-0782 (An elevation of privilege vulnerability exists when the Windows Crypto ...) NOT-FOR-US: Microsoft CVE-2020-0781 (An elevation of privilege vulnerability exists when the Windows Univer ...) NOT-FOR-US: Microsoft CVE-2020-0780 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0779 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0778 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0777 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0776 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2020-0775 (An information disclosure vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0774 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0773 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0772 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0771 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-0770 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0769 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-0768 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2020-0767 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0766 (An elevation of privilege vulnerability exists when the Microsoft Stor ...) NOT-FOR-US: Microsoft CVE-2020-0765 (An information disclosure vulnerability exists in the Remote Desktop C ...) NOT-FOR-US: Microsoft CVE-2020-0764 RESERVED CVE-2020-0763 (An elevation of privilege vulnerability exists when Windows Defender S ...) NOT-FOR-US: Microsoft CVE-2020-0762 (An elevation of privilege vulnerability exists when Windows Defender S ...) NOT-FOR-US: Microsoft CVE-2020-0761 (A remote code execution vulnerability exists when Active Directory int ...) NOT-FOR-US: Microsoft CVE-2020-0760 (A remote code execution vulnerability exists when Microsoft Office imp ...) NOT-FOR-US: Microsoft CVE-2020-0759 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0758 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...) NOT-FOR-US: Microsoft CVE-2020-0757 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0756 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0755 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0754 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0753 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0752 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0751 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0750 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0749 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0748 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0747 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2020-0746 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-0745 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0744 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0743 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0742 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0741 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0740 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0739 (An elevation of privilege vulnerability exists in the way that the dss ...) NOT-FOR-US: Microsoft CVE-2020-0738 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0737 (An elevation of privilege vulnerability exists in the way that the tap ...) NOT-FOR-US: Microsoft CVE-2020-0736 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0735 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0734 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0733 (An elevation of privilege vulnerability exists when the Windows Malici ...) NOT-FOR-US: Microsoft CVE-2020-0732 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0731 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0730 (An elevation of privilege vulnerability exists when the Windows User P ...) NOT-FOR-US: Microsoft CVE-2020-0729 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-0728 (An information vulnerability exists when Windows Modules Installer Ser ...) NOT-FOR-US: Microsoft CVE-2020-0727 (An elevation of privilege vulnerability exists when the Connected User ...) NOT-FOR-US: Microsoft CVE-2020-0726 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0725 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0724 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0723 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0722 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0721 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0720 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0719 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0718 (A remote code execution vulnerability exists when Active Directory int ...) NOT-FOR-US: Microsoft CVE-2020-0717 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0716 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0715 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0714 (An information disclosure vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0713 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0712 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0711 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0710 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0709 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0708 (A remote code execution vulnerability exists when the Windows Imaging ...) NOT-FOR-US: Microsoft CVE-2020-0707 (An elevation of privilege vulnerability exists when the Windows IME im ...) NOT-FOR-US: Microsoft CVE-2020-0706 (An information disclosure vulnerability exists in the way that affecte ...) NOT-FOR-US: Microsoft CVE-2020-0705 (An information disclosure vulnerability exists when the Windows Networ ...) NOT-FOR-US: Microsoft CVE-2020-0704 (An elevation of privilege vulnerability exists when the Windows Wirele ...) NOT-FOR-US: Microsoft CVE-2020-0703 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-0702 (A security feature bypass vulnerability exists in Surface Hub when pro ...) NOT-FOR-US: Microsoft CVE-2020-0701 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0700 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2020-0699 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0698 (An information disclosure vulnerability exists when the Telephony Serv ...) NOT-FOR-US: Microsoft CVE-2020-0697 (An elevation of privilege vulnerability exists in Microsoft Office OLi ...) NOT-FOR-US: Microsoft CVE-2020-0696 (A security feature bypass vulnerability exists in Microsoft Outlook so ...) NOT-FOR-US: Microsoft CVE-2020-0695 (A spoofing vulnerability exists when Office Online Server does not val ...) NOT-FOR-US: Microsoft CVE-2020-0694 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0693 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0692 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...) NOT-FOR-US: Microsoft CVE-2020-0691 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0690 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0689 (A security feature bypass vulnerability exists in secure boot, aka 'Mi ...) NOT-FOR-US: Microsoft CVE-2020-0688 (A remote code execution vulnerability exists in Microsoft Exchange sof ...) NOT-FOR-US: Microsoft CVE-2020-0687 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2020-0686 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0685 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0684 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-0683 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0682 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0681 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0680 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0679 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0678 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0677 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0676 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0675 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0674 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0673 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0672 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0671 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0670 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0669 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0668 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0667 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0666 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0665 (An elevation of privilege vulnerability exists in Active Directory For ...) NOT-FOR-US: Microsoft CVE-2020-0664 (An information disclosure vulnerability exists when Active Directory i ...) NOT-FOR-US: Microsoft CVE-2020-0663 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...) NOT-FOR-US: Microsoft CVE-2020-0662 (A remote code execution vulnerability exists in the way that Windows h ...) NOT-FOR-US: Microsoft CVE-2020-0661 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0660 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...) NOT-FOR-US: Microsoft CVE-2020-0659 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2020-0658 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0657 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-0656 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-0655 (A remote code execution vulnerability exists in Remote Desktop Service ...) NOT-FOR-US: Microsoft CVE-2020-0654 (A security feature bypass vulnerability exists in Microsoft OneDrive A ...) NOT-FOR-US: Microsoft CVE-2020-0653 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0652 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-0651 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0650 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0649 RESERVED CVE-2020-0648 (An elevation of privilege vulnerability exists when the Windows RSoP S ...) NOT-FOR-US: Microsoft CVE-2020-0647 (A spoofing vulnerability exists when Office Online does not validate o ...) NOT-FOR-US: Microsoft CVE-2020-0646 (A remote code execution vulnerability exists when the Microsoft .NET F ...) NOT-FOR-US: Microsoft CVE-2020-0645 (A tampering vulnerability exists when Microsoft IIS Server improperly ...) NOT-FOR-US: Microsoft CVE-2020-0644 (An elevation of privilege vulnerability exists when Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2020-0643 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0642 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0641 (An elevation of privilege vulnerability exists in Windows Media Servic ...) NOT-FOR-US: Microsoft CVE-2020-0640 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-0639 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0638 (An elevation of privilege vulnerability exists in the way the Update N ...) NOT-FOR-US: Microsoft CVE-2020-0637 (An information disclosure vulnerability exists when Remote Desktop Web ...) NOT-FOR-US: Microsoft CVE-2020-0636 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0635 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2020-0634 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-0633 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0632 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0631 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0630 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0629 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0628 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0627 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0626 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0625 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0624 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0623 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0622 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0621 (A security feature bypass vulnerability exists in Windows 10 when thir ...) NOT-FOR-US: Microsoft CVE-2020-0620 (An elevation of privilege vulnerability exists when Microsoft Cryptogr ...) NOT-FOR-US: Microsoft CVE-2020-0619 RESERVED CVE-2020-0618 (A remote code execution vulnerability exists in Microsoft SQL Server R ...) NOT-FOR-US: Microsoft CVE-2020-0617 (A denial of service vulnerability exists when Microsoft Hyper-V Virtua ...) NOT-FOR-US: Microsoft CVE-2020-0616 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2020-0615 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0614 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0613 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0612 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...) NOT-FOR-US: Microsoft CVE-2020-0611 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0610 (A remote code execution vulnerability exists in Windows Remote Desktop ...) NOT-FOR-US: Microsoft CVE-2020-0609 (A remote code execution vulnerability exists in Windows Remote Desktop ...) NOT-FOR-US: Microsoft CVE-2020-0608 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0607 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-0606 (A remote code execution vulnerability exists in .NET software when the ...) NOT-FOR-US: Microsoft CVE-2020-0605 (A remote code execution vulnerability exists in .NET software when the ...) NOT-FOR-US: Microsoft CVE-2020-0604 (A remote code execution vulnerability exists in Visual Studio Code whe ...) NOT-FOR-US: Microsoft CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core software ...) NOT-FOR-US: Microsoft CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: Microsoft CVE-2020-0601 (A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32. ...) NOT-FOR-US: Microsoft CVE-2020-0600 (Improper buffer restrictions in firmware for some Intel(R) NUC may all ...) NOT-FOR-US: Intel CVE-2020-0599 RESERVED CVE-2020-0598 (Uncontrolled search path in the installer for the Intel(R) Binary Conf ...) NOT-FOR-US: Intel CVE-2020-0597 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM ...) NOT-FOR-US: Intel CVE-2020-0596 (Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Inte ...) NOT-FOR-US: Intel CVE-2020-0595 (Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM vers ...) NOT-FOR-US: Intel CVE-2020-0594 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM ...) NOT-FOR-US: Intel CVE-2020-0593 RESERVED CVE-2020-0592 RESERVED CVE-2020-0591 RESERVED CVE-2020-0590 RESERVED CVE-2020-0589 RESERVED CVE-2020-0588 RESERVED CVE-2020-0587 RESERVED CVE-2020-0586 (Improper initialization in subsystem for Intel(R) SPS versions before ...) NOT-FOR-US: Intel CVE-2020-0585 RESERVED CVE-2020-0584 RESERVED CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart Sound Tech ...) NOT-FOR-US: Intel CVE-2020-0582 RESERVED CVE-2020-0581 RESERVED CVE-2020-0580 RESERVED CVE-2020-0579 RESERVED CVE-2020-0578 (Improper conditions check for Intel(R) Modular Server MFS2600KISPP Com ...) NOT-FOR-US: Intel CVE-2020-0577 (Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Com ...) NOT-FOR-US: Intel CVE-2020-0576 (Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module ...) NOT-FOR-US: Intel CVE-2020-0575 RESERVED CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...) NOT-FOR-US: Intel CVE-2020-0573 RESERVED CVE-2020-0572 RESERVED CVE-2020-0571 RESERVED CVE-2020-0570 (Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5 ...) - qtbase-opensource-src 5.12.5+dfsg-8 [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3 [stretch] - qtbase-opensource-src (Only affects 5.12.0 through 5.14.0) [jessie] - qtbase-opensource-src (Only affects 5.12.0 through 5.14.0) NOTE: https://bugreports.qt.io/browse/QTBUG-81272 NOTE: Patch: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63fb16b2df239f82a89d2bf05dd NOTE: https://lists.qt-project.org/pipermail/development/2020-January/038534.html CVE-2020-0569 RESERVED {DSA-4617-1 DLA-2092-1} - qtbase-opensource-src 5.12.5+dfsg-8 NOTE: Patch for 5.6.0 through 5.13.2: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404 NOTE: Patch for 5.0.0 through 5.5.1: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d CVE-2020-0568 (Race condition in the Intel(R) Driver and Support Assistant before ver ...) NOT-FOR-US: Intel CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before version ...) NOT-FOR-US: Intel graphics driver for Windows CVE-2020-0566 (Improper Access Control in subsystem for Intel(R) TXE versions before ...) NOT-FOR-US: Intel CVE-2020-0565 (Uncontrolled search path in Intel(R) Graphics Drivers before version 2 ...) NOT-FOR-US: Intel graphics driver for Windows CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for Windows be ...) NOT-FOR-US: Intel CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before version ...) NOT-FOR-US: Intel CVE-2020-0562 (Improper permissions in the installer for Intel(R) RWC2, all versions, ...) NOT-FOR-US: Intel CVE-2020-0561 (Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may ...) NOT-FOR-US: Intel CVE-2020-0560 (Improper permissions in the installer for the Intel(R) Renesas Electro ...) NOT-FOR-US: Intel CVE-2020-0559 (Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi p ...) NOT-FOR-US: Intel CVE-2020-0558 (Improper buffer restrictions in kernel mode driver for Intel(R) PROSet ...) NOT-FOR-US: Intel CVE-2020-0557 (Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi produc ...) NOT-FOR-US: Intel CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...) {DSA-4647-1 DLA-2240-1} - bluez 5.50-1.1 (bug #953770) NOTE: https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1 NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html NOTE: Second commit introduces new configuration option "ClassicBondedOnly" which defaults NOTE: to false, and allows to make sure that input connections only come from bonded NOTE: device connections. NOTE: Followup commits to avoid (functional) regression: NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519 NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e CVE-2020-0555 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...) NOT-FOR-US: Intel CVE-2020-0554 (Race condition in software installer for some Intel(R) Wireless Blueto ...) NOT-FOR-US: Intel CVE-2020-0553 (Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bl ...) NOT-FOR-US: Intel CVE-2020-0552 RESERVED CVE-2020-0551 (Load value injection in some Intel(R) Processors utilizing speculative ...) NOTE: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection NOTE: https://xenbits.xen.org/xsa/advisory-315.html NOTE: https://lviattack.eu/ NOTE: No mitigation will provided by this issue in software, primarily impacts Intel SGX NOTE: binutils/toolchain updates will include a patch that optionally emits lfence NOTE: instructions in problematic situations (but have performance impact), cf. NOTE: https://sourceware.org/pipermail/binutils/2020-March/110175.html CVE-2020-0550 (Improper data forwarding in some data cache for some Intel(R) Processo ...) NOTE: Intel is (currently) no planning to release microcode updates to mitigate issue. NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling NOTE: https://software.intel.com/security-software-guidance/insights/processors-affected-snoop-assisted-l1-data-sampling CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...) {DSA-4701-1 DLA-2248-1} - intel-microcode 3.20200609.1 NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling NOTE: https://cacheoutattack.com/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated ...) {DSA-4701-1 DLA-2248-1} - intel-microcode 3.20200609.1 NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html CVE-2020-0547 (Incorrect default permissions in the installer for Intel(R) Data Migra ...) NOT-FOR-US: Intel CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Modu ...) NOT-FOR-US: Intel CVE-2020-0545 (Integer overflow in subsystem for Intel(R) CSME versions before 11.8.7 ...) NOT-FOR-US: Intel CVE-2020-0544 RESERVED CVE-2020-0543 (Incomplete cleanup from specific special register read operations in s ...) {DSA-4701-1 DSA-4699-1 DSA-4698-1 DLA-2248-1 DLA-2242-1 DLA-2241-1} - intel-microcode 3.20200609.1 - linux 5.6.14-2 NOTE: https://www.vusec.net/projects/crosstalk/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling CVE-2020-0542 (Improper buffer restrictions in subsystem for Intel(R) CSME versions b ...) NOT-FOR-US: Intel CVE-2020-0541 (Out-of-bounds write in subsystem for Intel(R) CSME versions before 12. ...) NOT-FOR-US: Intel CVE-2020-0540 (Insufficiently protected credentials in Intel(R) AMT versions before 1 ...) NOT-FOR-US: Intel CVE-2020-0539 (Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSM ...) NOT-FOR-US: Intel CVE-2020-0538 (Improper input validation in subsystem for Intel(R) AMT versions befor ...) NOT-FOR-US: Intel CVE-2020-0537 (Improper input validation in subsystem for Intel(R) AMT versions befor ...) NOT-FOR-US: Intel CVE-2020-0536 (Improper input validation in the DAL subsystem for Intel(R) CSME versi ...) NOT-FOR-US: Intel CVE-2020-0535 (Improper input validation in Intel(R) AMT versions before 11.8.76, 11. ...) NOT-FOR-US: Intel CVE-2020-0534 (Improper input validation in the DAL subsystem for Intel(R) CSME versi ...) NOT-FOR-US: Intel CVE-2020-0533 (Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.1 ...) NOT-FOR-US: Intel CVE-2020-0532 (Improper input validation in subsystem for Intel(R) AMT versions befor ...) NOT-FOR-US: Intel CVE-2020-0531 (Improper input validation in Intel(R) AMT versions before 11.8.77, 11. ...) NOT-FOR-US: Intel CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may allow an ...) NOT-FOR-US: Intel CVE-2020-0529 (Improper initialization in BIOS firmware for 8th, 9th and 10th Generat ...) NOT-FOR-US: Intel CVE-2020-0528 (Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10 ...) NOT-FOR-US: Intel CVE-2020-0527 (Insufficient control flow management in firmware for some Intel(R) Dat ...) NOT-FOR-US: Intel CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...) NOT-FOR-US: Intel CVE-2020-0525 RESERVED CVE-2020-0524 RESERVED CVE-2020-0523 RESERVED CVE-2020-0522 RESERVED CVE-2020-0521 RESERVED CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...) NOT-FOR-US: Intel CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0518 RESERVED CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) Graphic ...) NOT-FOR-US: Intel CVE-2020-0514 (Improper default permissions in the installer for Intel(R) Graphics Dr ...) NOT-FOR-US: Intel CVE-2020-0513 (Out of bounds write for some Intel(R) Graphics Drivers before version ...) NOT-FOR-US: Intel CVE-2020-0512 (Uncaught exception in the system driver for some Intel(R) Graphics Dri ...) NOT-FOR-US: Intel CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics Drivers befo ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0510 (Out of bounds read in some Intel(R) Graphics Drivers before versions 1 ...) NOT-FOR-US: Intel CVE-2020-0509 RESERVED CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...) NOT-FOR-US: Intel CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before versions 15. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before versions 1 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0505 (Improper conditions check in Intel(R) Graphics Drivers before versions ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0504 (Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0503 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0502 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0501 (Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0500 RESERVED CVE-2020-0499 RESERVED CVE-2020-0498 RESERVED CVE-2020-0497 RESERVED CVE-2020-0496 RESERVED CVE-2020-0495 RESERVED CVE-2020-0494 RESERVED CVE-2020-0493 RESERVED CVE-2020-0492 RESERVED CVE-2020-0491 RESERVED CVE-2020-0490 RESERVED CVE-2020-0489 RESERVED CVE-2020-0488 RESERVED CVE-2020-0487 RESERVED CVE-2020-0486 RESERVED CVE-2020-0485 RESERVED CVE-2020-0484 RESERVED CVE-2020-0483 RESERVED CVE-2020-0482 RESERVED CVE-2020-0481 RESERVED CVE-2020-0480 RESERVED CVE-2020-0479 RESERVED CVE-2020-0478 RESERVED CVE-2020-0477 RESERVED CVE-2020-0476 RESERVED CVE-2020-0475 RESERVED CVE-2020-0474 RESERVED CVE-2020-0473 RESERVED CVE-2020-0472 RESERVED CVE-2020-0471 RESERVED CVE-2020-0470 RESERVED CVE-2020-0469 RESERVED CVE-2020-0468 RESERVED CVE-2020-0467 RESERVED CVE-2020-0466 RESERVED CVE-2020-0465 RESERVED CVE-2020-0464 RESERVED CVE-2020-0463 RESERVED CVE-2020-0462 RESERVED CVE-2020-0461 RESERVED CVE-2020-0460 RESERVED CVE-2020-0459 RESERVED CVE-2020-0458 RESERVED CVE-2020-0457 RESERVED CVE-2020-0456 RESERVED CVE-2020-0455 RESERVED CVE-2020-0454 RESERVED CVE-2020-0453 RESERVED CVE-2020-0452 RESERVED CVE-2020-0451 RESERVED CVE-2020-0450 RESERVED CVE-2020-0449 RESERVED CVE-2020-0448 RESERVED CVE-2020-0447 RESERVED CVE-2020-0446 RESERVED CVE-2020-0445 RESERVED CVE-2020-0444 RESERVED CVE-2020-0443 RESERVED CVE-2020-0442 RESERVED CVE-2020-0441 RESERVED CVE-2020-0440 RESERVED CVE-2020-0439 RESERVED CVE-2020-0438 RESERVED CVE-2020-0437 RESERVED CVE-2020-0436 RESERVED CVE-2020-0435 (In inline_data_addr of f2fs.h, there is a possible out of bounds write ...) TODO: check CVE-2020-0434 (In Pixel's use of the Catpipe library, there is possible memory corrup ...) TODO: check CVE-2020-0433 (In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use ...) TODO: check CVE-2020-0432 (In skb_to_mamac of networking.c, there is a possible out of bounds wri ...) TODO: check CVE-2020-0431 (In kbd_keycode of keyboard.c, there is a possible out of bounds write ...) TODO: check CVE-2020-0430 (In skb_headlen of /include/linux/skbuff.h, there is a possible out of ...) TODO: check CVE-2020-0429 (In l2tp_session_delete and related functions of l2tp_core.c, there is ...) TODO: check CVE-2020-0428 (In CamX code, there is a possible use after free due to a race conditi ...) TODO: check CVE-2020-0427 (In create_pinctrl of core.c, there is a possible out of bounds read du ...) TODO: check CVE-2020-0426 (In SyncManager, there is a possible permission bypass due to an unsafe ...) TODO: check CVE-2020-0425 (There is a possible way to view notifications even when the "Lockdown" ...) TODO: check CVE-2020-0424 RESERVED CVE-2020-0423 RESERVED CVE-2020-0422 RESERVED CVE-2020-0421 RESERVED CVE-2020-0420 RESERVED CVE-2020-0419 RESERVED CVE-2020-0418 RESERVED CVE-2020-0417 RESERVED CVE-2020-0416 RESERVED CVE-2020-0415 RESERVED CVE-2020-0414 RESERVED CVE-2020-0413 RESERVED CVE-2020-0412 RESERVED CVE-2020-0411 RESERVED CVE-2020-0410 RESERVED CVE-2020-0409 RESERVED CVE-2020-0408 RESERVED CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some implem ...) TODO: check CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to a missi ...) TODO: check CVE-2020-0405 (In NetworkStackNotifier, there is a possible permissions bypass due to ...) TODO: check CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked ...) - linux 5.4.19-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/68035c80e129c4cfec659aac4180354530b26527 CVE-2020-0403 (In the FPC TrustZone fingerprint App, there is a possible invalid comm ...) NOT-FOR-US: FPC TrustZone fingerprint App CVE-2020-0402 RESERVED NOTE: Duplicate assignment for CVE-2019-19769 (Android security informed) CVE-2020-0401 (In setInstallerPackageName of PackageManagerService.java, there is a m ...) TODO: check CVE-2020-0400 RESERVED CVE-2020-0399 (In showLimitedSimFunctionWarningNotification of NotificationMgr.java, ...) TODO: check CVE-2020-0398 RESERVED CVE-2020-0397 (In getNotificationBuilder of CarrierServiceStateTracker.java, there is ...) TODO: check CVE-2020-0396 (In various places in Telephony, there is a possible permission bypass ...) TODO: check CVE-2020-0395 (In showNotification of EmergencyCallbackModeService.java, there is a p ...) TODO: check CVE-2020-0394 (In onCreate of BluetoothPairingDialog.java, there is a possible tapjac ...) TODO: check CVE-2020-0393 (In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible ou ...) TODO: check CVE-2020-0392 (In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code e ...) TODO: check CVE-2020-0391 (In applyPolicy of PackageManagerService.java, there is possible arbitr ...) TODO: check CVE-2020-0390 (In the app zygote SE Policy, there is a possible permissions bypass. T ...) TODO: check CVE-2020-0389 (In createSaveNotification of RecordingService.java, there is a possibl ...) TODO: check CVE-2020-0388 (In createEmergencyLocationUserNotification of GnssVisibilityControl.ja ...) TODO: check CVE-2020-0387 (In manifest files of the SmartSpace package, there is a possible tapja ...) TODO: check CVE-2020-0386 (In onCreate of RequestPermissionActivity.java, there is a possible tap ...) TODO: check CVE-2020-0385 (In Parse_insh of eas_mdls.c, there is a possible out of bounds write d ...) TODO: check CVE-2020-0384 (In Parse_art of eas_mdls.c, there is a possible out of bounds write du ...) TODO: check CVE-2020-0383 (In Parse_ins of eas_mdls.c, there is a possible out of bounds write du ...) TODO: check CVE-2020-0382 (In RunInternal of dumpstate.cpp, there is a possible user consent bypa ...) TODO: check CVE-2020-0381 (In Parse_wave of eas_mdls.c, there is a possible out of bounds write d ...) TODO: check CVE-2020-0380 (In allocExcessBits of bitalloc.c, there is a possible out of bounds wr ...) TODO: check CVE-2020-0379 (In the Bluetooth service, there is a possible spoofing attack due to a ...) TODO: check CVE-2020-0378 RESERVED CVE-2020-0377 RESERVED CVE-2020-0376 RESERVED CVE-2020-0375 (In Telephony, there is a possible permission bypass due to a missing p ...) TODO: check CVE-2020-0374 (In NFC, there is a possible permission bypass due to an unsafe Pending ...) TODO: check CVE-2020-0373 (In SoundTriggerHwService, there is a possible out of bounds read due t ...) TODO: check CVE-2020-0372 (In ActivityManager, there is a possible access to protected data due t ...) TODO: check CVE-2020-0371 RESERVED CVE-2020-0370 (In libAACdec, there is a possible out of bounds read due to missing bo ...) TODO: check CVE-2020-0369 (In libavb, there is a possible out of bounds write due to an integer o ...) TODO: check CVE-2020-0368 RESERVED CVE-2020-0367 RESERVED CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...) TODO: check CVE-2020-0365 (In netd, there is a possible out of bounds read due to a missing bound ...) TODO: check CVE-2020-0364 (In libDRCdec, there is a possible out of bounds read due to a missing ...) TODO: check CVE-2020-0363 (In libmedia, there is a possible resource exhaustion due to improper i ...) TODO: check CVE-2020-0362 (In libstagefright, there is a possible resource exhaustion due to impr ...) TODO: check CVE-2020-0361 (In libDRCdec, there is a possible information disclosure due to uninit ...) TODO: check CVE-2020-0360 (In Notification Access Confirmation, there is a possible permissions b ...) TODO: check CVE-2020-0359 (In GLESRenderEngine, there is a possible out of bounds read due to a b ...) TODO: check CVE-2020-0358 (In SurfaceFlinger, there is a possible use after free due to a race co ...) TODO: check CVE-2020-0357 (In SurfaceFlinger, there is a possible use-after-free due to improper ...) TODO: check CVE-2020-0356 (In the Audio HAL, there is a possible out of bounds write due to an in ...) TODO: check CVE-2020-0355 (In libFraunhoferAAC, there is a possible out of bounds read due to a m ...) TODO: check CVE-2020-0354 (In Bluetooth, there is a possible out of bounds write due to a missing ...) TODO: check CVE-2020-0353 (In libmp4extractor, there is a possible resource exhaustion due to a m ...) TODO: check CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to SQL in ...) TODO: check CVE-2020-0351 (In libstagefright, there is possible CPU exhaustion due to improper in ...) TODO: check CVE-2020-0350 (In NFC, there is a possible out of bounds write due to a missing bound ...) TODO: check CVE-2020-0349 (In NFC, there is a possible out of bounds read due to a missing bounds ...) TODO: check CVE-2020-0348 (In NFC, there is a possible out of bounds read due to a missing bounds ...) TODO: check CVE-2020-0347 (In iptables, there is a possible out of bounds write due to an incorre ...) TODO: check CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to an inte ...) TODO: check CVE-2020-0345 (In DocumentsUI, there is a possible permission bypass due to a confuse ...) TODO: check CVE-2020-0344 (In MediaProvider, there is a possible permissions bypass due to SQL in ...) TODO: check CVE-2020-0343 (In NetworkStatsService, there is a possible access to protected data d ...) TODO: check CVE-2020-0342 (There is a possible out of bounds write due to an incorrect bounds che ...) TODO: check CVE-2020-0341 (In DisplayManager, there is a possible permission bypass due to a miss ...) TODO: check CVE-2020-0340 (In libcodec2_soft_mp3dec, there is a possible information disclosure d ...) TODO: check CVE-2020-0339 RESERVED CVE-2020-0338 (In AccountManager, there is a possible bypass of a permissions check d ...) TODO: check CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions check du ...) TODO: check CVE-2020-0336 (In SurfaceFlinger, there is possible memory corruption due to type con ...) TODO: check CVE-2020-0335 (In NFC, there is a possible out of bounds write due to a missing bound ...) TODO: check CVE-2020-0334 (In NFC, there is a possible out of bounds write due to a missing bound ...) TODO: check CVE-2020-0333 (In UrlQuerySanitizer, there is a possible improper input validation. T ...) TODO: check CVE-2020-0332 (In libstagefright, there is a possible dead loop due to an uncaught ex ...) TODO: check CVE-2020-0331 (In Settings, there is a possible permissions bypass. This could lead t ...) TODO: check CVE-2020-0330 (In iorap, there is a possible memory corruption due to a use after fre ...) TODO: check CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due to inva ...) TODO: check CVE-2020-0328 (In the camera, there is a possible out of bounds read due to an intege ...) TODO: check CVE-2020-0327 (In core networking, there is a missing permission check. This could le ...) TODO: check CVE-2020-0326 (In NFC, there is a possible out of bounds write due to uninitialized d ...) TODO: check CVE-2020-0325 (In NFC, there is a missing bounds check. This could lead to local info ...) TODO: check CVE-2020-0324 (In libsonivox, there is a possible out of bounds read due to a missing ...) TODO: check CVE-2020-0323 (In libavb, there is a possible out of bounds read due to a missing bou ...) TODO: check CVE-2020-0322 (In apexd, there is a possible out of bounds read due to a missing boun ...) TODO: check CVE-2020-0321 (In the mp3 extractor, there is a possible out of bounds write due to u ...) TODO: check CVE-2020-0320 (In libstagefright, there is a possible resource exhaustion due to impr ...) TODO: check CVE-2020-0319 (In NFC, there is a possible out of bounds write due to a missing bound ...) TODO: check CVE-2020-0318 (In the System UI, there is a possible system crash due to an uncaught ...) TODO: check CVE-2020-0317 (In UsageStatsManager, there is a possible access to protected data due ...) TODO: check CVE-2020-0316 (In Telephony, there is a missing permission check. This could lead to ...) TODO: check CVE-2020-0315 (In Zen Mode, there is a possible permission bypass due to an unsafe Pe ...) TODO: check CVE-2020-0314 (In AudioService, there are missing permission checks. This could lead ...) TODO: check CVE-2020-0313 (In NotificationManagerService, there is a possible permission bypass d ...) TODO: check CVE-2020-0312 (In Battery Saver, there is a possible permission bypass due to an unsa ...) TODO: check CVE-2020-0311 (In InputManagerService, there is a possible permission bypass due to a ...) TODO: check CVE-2020-0310 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) TODO: check CVE-2020-0309 (In the Bluetooth server, there is a possible out of bounds write due t ...) TODO: check CVE-2020-0308 (In Window Manager, there is a possible permission bypass due to an uns ...) TODO: check CVE-2020-0307 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) TODO: check CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement due to ...) TODO: check CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...) - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 [jessie] - linux 3.16.84-1 NOTE: https://git.kernel.org/linus/68faa679b8be1a74e6663c21c3a9d25d32f1c079 CVE-2020-0304 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) TODO: check CVE-2020-0303 (In the Media extractor, there is a possible use after free due to impr ...) TODO: check CVE-2020-0302 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) TODO: check CVE-2020-0301 (In libstagefright, there is a possible resource exhaustion due to impr ...) TODO: check CVE-2020-0300 (In NFC, there is a possible out of bounds read due to uninitialized da ...) TODO: check CVE-2020-0299 (In Bluetooth, there is a possible spoofing of bluetooth device metadat ...) TODO: check CVE-2020-0298 (In Bluetooth, there is a possible control over Bluetooth enabled state ...) TODO: check CVE-2020-0297 (In devicepolicy service, there is a possible permission bypass due to ...) TODO: check CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypass du ...) TODO: check CVE-2020-0295 (In Telecom, there is a possible permission bypass due to an unsafe Pen ...) TODO: check CVE-2020-0294 (In the wallpaper manager, there is a possible permission bypass due to ...) TODO: check CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...) TODO: check CVE-2020-0292 (In Bluetooth, there is a possible out of bounds read due to a missing ...) TODO: check CVE-2020-0291 (In Bluetooth, there is a possible out of bounds read due to a missing ...) TODO: check CVE-2020-0290 (In PackageManager, there is a missing permission check. This could lea ...) TODO: check CVE-2020-0289 (In PackageManager, there is a missing permission check. This could lea ...) TODO: check CVE-2020-0288 (In PackageManager, there is a missing permission check. This could lea ...) TODO: check CVE-2020-0287 (In libmkvextractor, there is a possible resource exhaustion due to a m ...) TODO: check CVE-2020-0286 (In Bluetooth AVRCP, there is a possible leak of audio metadata due to ...) TODO: check CVE-2020-0285 (In Telephony, there is a possible permission bypass due to a missing p ...) TODO: check CVE-2020-0284 (In Telephony, there is a possible permission bypass due to a missing p ...) TODO: check CVE-2020-0283 RESERVED CVE-2020-0282 (In NFC, there is a possible out of bounds read due to a missing bounds ...) TODO: check CVE-2020-0281 (In NFC, there is a possible out of bounds read due to a missing bounds ...) TODO: check CVE-2020-0280 RESERVED CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due to a mis ...) TODO: check CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bounds che ...) TODO: check CVE-2020-0277 (In NetworkPolicyManagerService, there is a possible permissions bypass ...) TODO: check CVE-2020-0276 (In Telephony, there is a possible permission bypass due to a missing p ...) TODO: check CVE-2020-0275 (In MediaProvider, there is a possible way to access ContentResolver an ...) TODO: check CVE-2020-0274 (In the OMX parser, there is a possible information disclosure due to a ...) TODO: check CVE-2020-0273 (In hwservicemanager, there is a possible out of bounds write due to fr ...) TODO: check CVE-2020-0272 (In libhwbinder, there is a possible information disclosure due to unin ...) TODO: check CVE-2020-0271 (In the Settings app, there is an insecure default value. This could le ...) TODO: check CVE-2020-0270 (In tremolo, there is a possible out of bounds read due to a missing bo ...) TODO: check CVE-2020-0269 (In Android Auto Settings, there is a possible permission bypass due to ...) TODO: check CVE-2020-0268 (In NFC, there is a possible use-after-free due to a race condition. Th ...) TODO: check CVE-2020-0267 (In WindowManager, there is a possible launch of an unexpected app due ...) TODO: check CVE-2020-0266 (In factory reset protection, there is a possible FRP bypass due to a m ...) TODO: check CVE-2020-0265 (In Telephony, there are possible leaks of sensitive data due to missin ...) TODO: check CVE-2020-0264 (In libstagefright, there is a possible out of bounds write due to an i ...) TODO: check CVE-2020-0263 (In the Accessibility service, there is a possible permission bypass du ...) TODO: check CVE-2020-0262 (In WiFi tethering, there is a possible attacker controlled intent due ...) TODO: check CVE-2020-0261 (In C2 flame devices, there is a possible bypass of seccomp due to a mi ...) NOT-FOR-US: C2 flame devices CVE-2020-0260 (There is a possible out of bounds read due to an incorrect bounds chec ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0259 (In android_verity_ctr of dm-android-verity.c, there is a possible way ...) NOT-FOR-US: Android CVE-2020-0258 (In stopZygoteLocked of AppZygote.java, there is an insufficient cleanu ...) NOT-FOR-US: Android CVE-2020-0257 (In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a ...) NOT-FOR-US: Android CVE-2020-0256 (In LoadPartitionTable of gpt.cc, there is a possible out of bounds wri ...) NOT-FOR-US: Android CVE-2020-0255 REJECTED CVE-2020-0254 (There is a possible out of bounds read due to an incorrect bounds chec ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0253 (There is a possible memory corruption due to a use after free.Product: ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0252 (There is a possible memory corruption due to a use after free.Product: ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0251 (There is a possible out of bounds read due to an incorrect bounds chec ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0250 (In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there ...) NOT-FOR-US: Android CVE-2020-0249 (In postInstantAppNotif of InstantAppNotifier.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0248 (In postInstantAppNotif of InstantAppNotifier.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0247 (In Threshold::getHistogram of ImageProcessHelper.java, there is a poss ...) NOT-FOR-US: Android CVE-2020-0246 RESERVED CVE-2020-0245 (In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible ...) TODO: check CVE-2020-0244 RESERVED CVE-2020-0243 (In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-a ...) NOT-FOR-US: Android media framework CVE-2020-0242 (In reset of NuPlayerDriver.cpp, there is a possible use-after-free due ...) NOT-FOR-US: Android media framework CVE-2020-0241 (In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is poss ...) NOT-FOR-US: Android media framework CVE-2020-0240 (In NewFixedDoubleArray of factory.cc, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2020-0239 (In getDocumentMetadata of DocumentsContract.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0238 (In updatePreferenceIntents of AccountTypePreferenceLoader, there is a ...) NOT-FOR-US: Android CVE-2020-0237 RESERVED CVE-2020-0236 RESERVED CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0234 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0233 (In main of main.cpp, there is possible memory corruption due to a use ...) NOT-FOR-US: Android CVE-2020-0232 (Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0231 (There is a possible out of bounds write due to an incorrect bounds che ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0230 (There is a possible out of bounds write due to an incorrect bounds che ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0229 (There is a possible out of bounds write due to an incorrect bounds che ...) TODO: check CVE-2020-0228 (There is an improper configuration of recorder related service. Produc ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0227 (In onCommand of CompanionDeviceManagerService.java, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0226 (In createWithSurfaceParent of Client.cpp, there is a possible out of b ...) NOT-FOR-US: Android Media Framework CVE-2020-0225 (In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder. ...) NOT-FOR-US: Android CVE-2020-0224 (In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0223 (This is an unbounded write into kernel global memory, via a user-contr ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0222 RESERVED CVE-2020-0221 (Airbrush FW's scratch memory allocator is susceptible to numeric overf ...) NOT-FOR-US: Android CVE-2020-0220 (In crus_afe_callback of msm-cirrus-playback.c, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0219 (In onCreate of SliceDeepLinkSpringBoard.java there is a possible insec ...) NOT-FOR-US: Android CVE-2020-0218 (In loadSoundModel and related functions of SoundTriggerHwService.cpp, ...) NOT-FOR-US: Android Media Framework CVE-2020-0217 (In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0216 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0215 (In onCreate of ConfirmConnectActivity.java, there is a possible leak o ...) NOT-FOR-US: Android CVE-2020-0214 (In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0213 (In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp ...) NOT-FOR-US: Android Media Framework CVE-2020-0212 (In _onBufferDestroyed of InputBufferManager.cpp, there is a possible o ...) NOT-FOR-US: Android Media Framework CVE-2020-0211 (In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible ...) NOT-FOR-US: Android Media Framework CVE-2020-0210 (In removeSharedAccountAsUser of AccountManager.java, there is a possib ...) NOT-FOR-US: Android CVE-2020-0209 (In multiple functions of AccountManager.java, there is a possible perm ...) NOT-FOR-US: Android CVE-2020-0208 (In multiple functions of AccountManager.java, there is a possible perm ...) NOT-FOR-US: Android CVE-2020-0207 (In next_marker of jdmarker.c, there is a possible out of bounds read d ...) NOT-FOR-US: Android Media Framework CVE-2020-0206 (In the settings app, there is a possible app crash due to improper inp ...) NOT-FOR-US: Android CVE-2020-0205 (In the DaalaBitReader constructor of entropy_decoder.cc, there is a po ...) NOT-FOR-US: Android Media Framework CVE-2020-0204 (In InstallPackage of package.cpp, there is a possible bypass of a sign ...) NOT-FOR-US: Android CVE-2020-0203 (In freeIsolatedUidLocked of ProcessList.java, there is a possible UID ...) NOT-FOR-US: Android CVE-2020-0202 (In onStart of MainActivity.java, there is a possible bypass of develop ...) NOT-FOR-US: Android CVE-2020-0201 (In showSecurityFields of WifiConfigController.java there is a possible ...) NOT-FOR-US: Android CVE-2020-0200 (In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of b ...) NOT-FOR-US: Android Media Framework CVE-2020-0199 (In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a ...) NOT-FOR-US: Android Media Framework CVE-2020-0198 (In exif_data_load_data_content of exif-data.c, there is a possible UBS ...) {DLA-2249-1} - libexif 0.6.22-2 (bug #962345) [buster] - libexif 0.6.21-5.1+deb10u4 [stretch] - libexif 0.6.21-2+deb9u4 NOTE: https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0 NOTE: https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c CVE-2020-0197 (In InitDataParser::parsePssh of InitDataParser.cpp, there is a possibl ...) NOT-FOR-US: Android Media Framework CVE-2020-0196 (In RegisterNotificationResponse::GetEvent of register_notification_pac ...) NOT-FOR-US: Android CVE-2020-0195 (In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c ...) NOT-FOR-US: Android Media Framework CVE-2020-0194 (In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is ...) NOT-FOR-US: Android Media Framework CVE-2020-0193 (In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_ ...) NOT-FOR-US: Android Media Framework CVE-2020-0192 (In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there i ...) NOT-FOR-US: Android Media Framework CVE-2020-0191 (In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a ...) NOT-FOR-US: Android Media Framework CVE-2020-0190 (In ideint_weave_blk of ideint_utils.c, there is a possible out of boun ...) NOT-FOR-US: Android Media Framework CVE-2020-0189 (In ihevcd_decode() of ihevcd_decode.c, there is possible resource exha ...) NOT-FOR-US: Android Media Framework CVE-2020-0188 (In onCreatePermissionRequest of SettingsSliceProvider.java, there is a ...) NOT-FOR-US: Android CVE-2020-0187 (In engineSetMode of BaseBlockCipher.java, there is a possible incorrec ...) NOT-FOR-US: Android CVE-2020-0186 (In hal_fd_init of hal_fd.cc, there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2020-0185 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0184 (In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinit ...) NOT-FOR-US: Android Media Framework CVE-2020-0183 (In handleMessage of BluetoothManagerService, there is an incomplete re ...) NOT-FOR-US: Android CVE-2020-0182 (In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...) {DLA-2249-1} - libexif 0.6.22-1 (low) [buster] - libexif 0.6.21-5.1+deb10u4 [stretch] - libexif 0.6.21-2+deb9u4 NOTE: https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff (0.6.22) NOTE: CVE originally originally reported by Android where a different patch was shipped CVE-2020-0181 (In exif_data_load_data_thumbnail of exif-data.c, there is a possible d ...) {DSA-4618-1 DLA-2100-1} - libexif 0.6.21-6 (bug #962346) NOTE: https://android.googlesource.com/platform/external/libexif/+/f6c54954cbfc25eb73d2d2902f0597c0220174a4 NOTE: Fixed by the patch for CVE-2019-9278 CVE-2020-0180 (In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out o ...) NOT-FOR-US: Android Media Framework CVE-2020-0179 (In doSendObjectInfo of MtpServer.cpp, there is a possible path travers ...) NOT-FOR-US: Android Media Framework CVE-2020-0178 (In getAllConfigFlags of SettingsProvider.cpp, there is a possible ille ...) NOT-FOR-US: Android CVE-2020-0177 (In connect() of PanService.java, there is a possible permissions bypas ...) NOT-FOR-US: Android CVE-2020-0176 (In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds ...) NOT-FOR-US: Android CVE-2020-0175 (In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion du ...) NOT-FOR-US: Android Media Framework CVE-2020-0174 (In Parse_ptbl of eas_mdls.c, there is possible resource exhaustion due ...) NOT-FOR-US: Android Media Framework CVE-2020-0173 (In Parse_lins of eas_mdls.c, there is possible resource exhaustion due ...) NOT-FOR-US: Android Media Framework CVE-2020-0172 (In Parse_art of eas_mdls.c, there is possible resource exhaustion due ...) NOT-FOR-US: Android Media Framework CVE-2020-0171 (In Parse_lart of eas_mdls.c, there is possible resource exhaustion due ...) NOT-FOR-US: Android Media Framework CVE-2020-0170 (In IMY_Event of eas_imelody.c, there is possible resource exhaustion d ...) NOT-FOR-US: Android Media Framework CVE-2020-0169 (In RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion d ...) NOT-FOR-US: Android Media Framework CVE-2020-0168 (In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c, the ...) NOT-FOR-US: Android Media Framework CVE-2020-0167 (In load of ResourceTypes.cpp, there is a possible out of bounds read d ...) NOT-FOR-US: Android CVE-2020-0166 (In multiple functions of URI.java, there is a possible escalation of p ...) NOT-FOR-US: Android CVE-2020-0165 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...) NOT-FOR-US: Android CVE-2020-0164 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...) NOT-FOR-US: Android CVE-2020-0163 (In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there i ...) NOT-FOR-US: Android Media Framework CVE-2020-0162 (In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there ...) NOT-FOR-US: Android Media Framework CVE-2020-0161 (In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaus ...) NOT-FOR-US: Android Media Framework CVE-2020-0160 (In setSyncSampleParams of SampleTable.cpp, there is possible resource ...) NOT-FOR-US: Android Media Framework CVE-2020-0159 (In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds r ...) NOT-FOR-US: Android CVE-2020-0158 (In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2020-0157 (In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2020-0156 (In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read ...) NOT-FOR-US: Android CVE-2020-0155 (In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a poss ...) NOT-FOR-US: Android CVE-2020-0154 (In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0153 (In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0152 (In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible ...) NOT-FOR-US: Android Media Framework CVE-2020-0151 (In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible o ...) NOT-FOR-US: Android Media Framework CVE-2020-0150 (In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0149 (In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2020-0148 (In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and b ...) NOT-FOR-US: Android CVE-2020-0147 (In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0146 (In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0145 (In btm_simple_pair_complete of btm_sec.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2020-0144 (In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2020-0143 (In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible ...) NOT-FOR-US: Android CVE-2020-0142 (In rw_i93_sm_format of rw_i93.c, there is a possible information discl ...) NOT-FOR-US: Android CVE-2020-0141 (In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possib ...) NOT-FOR-US: Android Media Framework CVE-2020-0140 (In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information ...) NOT-FOR-US: Android CVE-2020-0139 (In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0138 (In get_element_attr_rsp of btif_rc.cc, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2020-0137 (In setIPv6AddrGenMode of NetworkManagementService.java, there is a pos ...) NOT-FOR-US: Android CVE-2020-0136 (In multiple locations of Parcel.cpp, there is a possible out-of-bounds ...) NOT-FOR-US: Android CVE-2020-0135 (In dump of RollbackManagerServiceImpl.java, there is a possible backup ...) NOT-FOR-US: Android CVE-2020-0134 (In BnDrm::onTransact of IDrm.cpp, there is a possible information disc ...) NOT-FOR-US: Android Media Framework CVE-2020-0133 (In MockLocationAppPreferenceController.java, it is possible to mock th ...) NOT-FOR-US: Android CVE-2020-0132 (In BnAAudioService::onTransact of IAAudioService.cpp, there is a possi ...) NOT-FOR-US: Android Media Framework CVE-2020-0131 (In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android Media Framework CVE-2020-0130 (In screencap, there is a possible command injection due to improper in ...) TODO: check CVE-2020-0129 (In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound w ...) NOT-FOR-US: Android CVE-2020-0128 (In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds r ...) NOT-FOR-US: Android Media Framework CVE-2020-0127 (In AudioStream::decode of AudioGroup.cpp, there is a possible out of b ...) NOT-FOR-US: Android Media Framework CVE-2020-0126 (In multiple functions in DrmPlugin.cpp, there is a possible use after ...) NOT-FOR-US: Android Media Framework CVE-2020-0125 (In mediadrm, there is a possible out of bounds read due to a missing b ...) TODO: check CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2020-0123 (There is a possible out of bounds write due to an incorrect bounds che ...) TODO: check CVE-2020-0122 (In the permission declaration for com.google.android.providers.gsf.per ...) NOT-FOR-US: Android CVE-2020-0121 (In updateUidProcState of AppOpsService.java, there is a possible permi ...) NOT-FOR-US: Android CVE-2020-0120 (In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possib ...) NOT-FOR-US: Android Media Framework CVE-2020-0119 (In addOrUpdateNetworkInternal and related functions of WifiConfigManag ...) NOT-FOR-US: Android CVE-2020-0118 (In addListener of RegionSamplingThread.cpp, there is a possible out of ...) NOT-FOR-US: Android Media Framework CVE-2020-0117 (In aes_cmac of aes_cmac.cc, there is a possible out of bounds write du ...) NOT-FOR-US: Android CVE-2020-0116 (In checkSystemLocationAccess of LocationAccessPolicy.java, there is a ...) NOT-FOR-US: Android CVE-2020-0115 (In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is ...) NOT-FOR-US: Android CVE-2020-0114 (In onCreateSliceProvider of KeyguardSliceProvider.java, there is a pos ...) NOT-FOR-US: Android CVE-2020-0113 (In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible ou ...) NOT-FOR-US: Android Media Framework CVE-2020-0112 RESERVED CVE-2020-0111 RESERVED CVE-2020-0110 (In psi_write of psi.c, there is a possible out of bounds write due to ...) - linux 5.5.13-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6fcca0fa48118e6d63733eb4644c6cd880c15b8f (5.6-rc2) CVE-2020-0109 (In simulatePackageSuspendBroadcast of NotificationManagerService.java, ...) NOT-FOR-US: Android CVE-2020-0108 (In postNotification of ServiceRecord.java, there is a possible bypass ...) NOT-FOR-US: Android CVE-2020-0107 (In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0105 (In onKeyguardVisibilityChanged of key_store_service.cpp, there is a mi ...) NOT-FOR-US: Android CVE-2020-0104 (In onShowingStateChanged of KeyguardStateMonitor.java, there is a poss ...) NOT-FOR-US: Android CVE-2020-0103 (In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0102 (In GattServer::SendResponse of gatt_server.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0101 (In BnCrypto::onTransact of ICrypto.cpp, there is a possible informatio ...) NOT-FOR-US: Android media framework CVE-2020-0100 (In onTransact of IHDCP.cpp, there is a possible out of bounds read due ...) NOT-FOR-US: Android media framework CVE-2020-0099 RESERVED CVE-2020-0098 (In navigateUpToLocked of ActivityStack.java, there is a possible permi ...) NOT-FOR-US: Android CVE-2020-0097 (In various methods of PackageManagerService.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0096 (In startActivities of ActivityStartController.java, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0095 RESERVED NOT-FOR-US: Android Media Framework CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possi ...) NOT-FOR-US: Android media framework CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a possible out o ...) {DLA-2214-1} - libexif 0.6.21-8 [buster] - libexif 0.6.21-5.1+deb10u2 [stretch] - libexif 0.6.21-2+deb9u2 NOTE: https://github.com/libexif/libexif/issues/42 NOTE: https://github.com/libexif/libexif/commit/5ae5973bed1947f4d447dc80b76d5cefadd90133 CVE-2020-0092 (In setHideSensitive of NotificationStackScrollLayout.java, there is a ...) NOT-FOR-US: Android CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for meta fac ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0090 (An improper authorization in the receiver component of Email.Product: ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0089 (In the audio server, there is a missing permission check. This could l ...) TODO: check CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible reso ...) NOT-FOR-US: Android Media Framework CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...) NOT-FOR-US: Android CVE-2020-0086 (In readCString of Parcel.cpp, there is a possible out of bounds write ...) NOT-FOR-US: Android Media Framework CVE-2020-0085 (In setBluetoothTethering of PanService.java, there is a possible permi ...) NOT-FOR-US: Android CVE-2020-0084 (In several functions of NotificationManagerService.java, there are mis ...) NOT-FOR-US: Android CVE-2020-0083 (In setRequirePmfInternal of sta_network.cpp, there is a possible defau ...) NOT-FOR-US: Android CVE-2020-0082 (In ExternalVibration of ExternalVibration.java, there is a possible ac ...) NOT-FOR-US: Android CVE-2020-0081 (In finalize of AssetManager.java, there is possible memory corruption ...) NOT-FOR-US: Android CVE-2020-0080 (In onOpActiveChanged and related methods of AppOpsControllerImpl.java, ...) NOT-FOR-US: Android CVE-2020-0079 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0078 (In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2020-0077 (In authorize_enroll of the FPC IRIS TrustZone app, there is a possible ...) NOT-FOR-US: Android CVE-2020-0076 (In get_auth_result of the FPC IRIS TrustZone app, there is a possible ...) NOT-FOR-US: Android CVE-2020-0075 (In set_shared_key of the FPC IRIS TrustZone app, there is a possible o ...) NOT-FOR-US: Android CVE-2020-0074 (In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is ...) TODO: check CVE-2020-0073 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-0072 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-0071 (In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a pos ...) NOT-FOR-US: Android CVE-2020-0070 (In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0069 (In the ioctl handlers of the Mediatek Command Queue driver, there is a ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0068 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0067 (In f2fs_xattr_generic_list of xattr.c, there is a possible out of boun ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [jessie] - linux (f2fs is not supportable) NOTE: https://git.kernel.org/linus/688078e7f36c293dae25b338ddc9e0a2790f6e06 CVE-2020-0066 (In the netlink driver, there is a possible out of bounds write due to ...) - linux 4.2.5-1 [jessie] - linux 3.16.7-ckt20-1 NOTE: https://git.kernel.org/linus/db65a3aaf29ecce2e34271d52e8d2336b97bd9fe CVE-2020-0065 (An improper authorization in the receiver component of the Android Sui ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0064 (An improper authorization while processing the provisioning data.Produ ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0063 (In SurfaceFlinger, it is possible to override UI confirmation screen p ...) NOT-FOR-US: Android CVE-2020-0062 (In Euicc, there is a possible information disclosure due to an include ...) NOT-FOR-US: Android CVE-2020-0061 (In Pixel Recorder, there is a possible permissions bypass allowing arb ...) NOT-FOR-US: Android CVE-2020-0060 (In query of SmsProvider.java and MmsSmsProvider.java, there is a possi ...) NOT-FOR-US: Android CVE-2020-0059 (In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.c ...) NOT-FOR-US: Android CVE-2020-0058 (In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0057 (In btm_process_inq_results of btm_inq.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2020-0056 (In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0055 (In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a poss ...) NOT-FOR-US: Android CVE-2020-0054 (In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java ...) NOT-FOR-US: Android CVE-2020-0053 (In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanD ...) NOT-FOR-US: Android CVE-2020-0052 (In smsSelected of AnswerFragment.java, there is a way to send an SMS f ...) NOT-FOR-US: Android CVE-2020-0051 (In onCreate of SettingsHomepageActivity, there is a possible tapjackin ...) NOT-FOR-US: Android CVE-2020-0050 (In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2020-0049 (In onReadBuffer() of StreamingSource.cpp, there is a possible informat ...) NOT-FOR-US: Android media framework CVE-2020-0048 (In onTransact of IAudioFlinger.cpp, there is a possible stack informat ...) NOT-FOR-US: Android media framework CVE-2020-0047 (In setMasterMute of AudioService.java, there is a missing permission c ...) NOT-FOR-US: Android media framework CVE-2020-0046 (In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible ...) NOT-FOR-US: Android media framework CVE-2020-0045 (In StatsService::command of StatsService.cpp, there is possible memory ...) NOT-FOR-US: Android CVE-2020-0044 (In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds re ...) NOT-FOR-US: FPC components for Android CVE-2020-0043 (In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bou ...) NOT-FOR-US: FPC components for Android CVE-2020-0042 (In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a poss ...) NOT-FOR-US: FPC components for Android CVE-2020-0041 (In binder_transaction of binder.c, there is a possible out of bounds w ...) - linux 5.4.6-1 [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2 CVE-2020-0040 RESERVED NOTE: Duplicate of CVE-2019-15239, will be rejected CVE-2020-0039 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...) NOT-FOR-US: Android CVE-2020-0038 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...) NOT-FOR-US: Android CVE-2020-0037 (In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2020-0036 (In hasPermissions of PermissionMonitor.java, there is a possible acces ...) NOT-FOR-US: Android CVE-2020-0035 (In query of TelephonyProvider.java, there is a possible access to SIM ...) NOT-FOR-US: Android CVE-2020-0034 (In vp8_decode_frame of decodeframe.c, there is a possible out of bound ...) {DLA-2136-1} - libvpx 1.7.0-3 [stretch] - libvpx (Minor issue) NOTE: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a CVE-2020-0033 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) NOT-FOR-US: Android media framework CVE-2020-0032 (In ih264d_release_display_bufs of ih264d_utils.c, there is a possible ...) NOT-FOR-US: Android media framework CVE-2020-0031 (In triggerAugmentedAutofillLocked and related functions of Session.jav ...) NOT-FOR-US: Android CVE-2020-0030 (In binder_thread_release of binder.c, there is a possible use after fr ...) - linux 4.15.11-1 NOTE: Fixed by: https://git.kernel.org/linus/5eeb2ca02a2f6084fc57ae5c244a38baab07033a CVE-2020-0029 (In the WifiConfigManager, there is a possible storage of location hist ...) NOT-FOR-US: Android CVE-2020-0028 (In notifyNetworkTested and related functions of NetworkMonitor.java, t ...) NOT-FOR-US: Android CVE-2020-0027 (In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of ...) NOT-FOR-US: Android CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible memory corru ...) NOT-FOR-US: Android CVE-2020-0025 RESERVED CVE-2020-0024 (In onCreate of SettingsBaseActivity.java, there is a possible unauthor ...) NOT-FOR-US: Android CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there is a pos ...) NOT-FOR-US: Android CVE-2020-0022 (In reassemble_and_dispatch of packet_fragmenter.cc, there is possible ...) NOT-FOR-US: Android CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there is a p ...) NOT-FOR-US: Android CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible failur ...) NOT-FOR-US: Android CVE-2020-0019 RESERVED CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there is a p ...) NOT-FOR-US: Android CVE-2020-0017 (In multiple places, it was possible for the primary user’s dicti ...) NOT-FOR-US: Android CVE-2020-0016 RESERVED CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to overlay ...) NOT-FOR-US: Android CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TOAST w ...) NOT-FOR-US: Android CVE-2020-0013 RESERVED CVE-2020-0012 (In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible ...) NOT-FOR-US: FPC components for Android CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bou ...) NOT-FOR-US: FPC components for Android CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...) NOT-FOR-US: FPC components for Android CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...) {DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1949 CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there ...) NOT-FOR-US: Android CVE-2020-0007 (In flattenString8 of Sensor.cpp, there is a possible information discl ...) NOT-FOR-US: Android CVE-2020-0006 (In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0005 (In btm_read_remote_ext_features_complete of btm_acl.cc, there is a pos ...) NOT-FOR-US: Android CVE-2020-0004 (In generateCrop of WallpaperManagerService.java, there is a possible s ...) NOT-FOR-US: Android CVE-2020-0003 (In onCreate of InstallStart.java, there is a possible package validati ...) NOT-FOR-US: Android CVE-2020-0002 (In ih264d_init_decoder of ih264d_api.c, there is a possible out of bou ...) NOT-FOR-US: Android Media Framework CVE-2020-0001 (In getProcessRecordLocked of ActivityManagerService.java isolated apps ...) NOT-FOR-US: Android