CVE-2020-13417 (An Elevation of Privilege issue was discovered in Aviatrix VPN Client ...) NOT-FOR-US: Aviatrix CVE-2020-13416 (An issue was discovered in Aviatrix Controller before 5.4.1066. A Cont ...) NOT-FOR-US: Aviatrix CVE-2020-13415 (An issue was discovered in Aviatrix Controller through 5.1. An attacke ...) NOT-FOR-US: Aviatrix CVE-2020-13414 (An issue was discovered in Aviatrix Controller before 5.4.1204. It con ...) NOT-FOR-US: Aviatrix CVE-2020-13413 (An issue was discovered in Aviatrix Controller before 5.4.1204. There ...) NOT-FOR-US: Aviatrix CVE-2020-13412 (An issue was discovered in Aviatrix Controller before 5.4.1204. An API ...) NOT-FOR-US: Aviatrix CVE-2020-13411 RESERVED CVE-2020-13410 RESERVED CVE-2020-13409 RESERVED CVE-2020-13408 RESERVED CVE-2020-13407 RESERVED CVE-2020-13406 RESERVED CVE-2020-13405 RESERVED CVE-2020-13404 RESERVED CVE-2020-13403 RESERVED CVE-2020-13402 RESERVED CVE-2020-13401 RESERVED CVE-2020-13400 RESERVED CVE-2020-13399 RESERVED CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc CVE-2020-13395 RESERVED CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13393 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13392 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13391 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...) TODO: check CVE-2020-13387 RESERVED CVE-2020-13386 RESERVED CVE-2020-13385 RESERVED CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...) NOT-FOR-US: Monstra CMS CVE-2020-13383 RESERVED CVE-2020-13382 RESERVED CVE-2020-13381 RESERVED CVE-2020-13380 RESERVED CVE-2020-13379 RESERVED CVE-2020-13378 RESERVED CVE-2020-13377 RESERVED CVE-2020-13376 RESERVED CVE-2020-13375 RESERVED CVE-2020-13374 RESERVED CVE-2020-13373 RESERVED CVE-2020-13372 RESERVED CVE-2020-13371 RESERVED CVE-2020-13370 RESERVED CVE-2020-13369 RESERVED CVE-2020-13368 RESERVED CVE-2020-13367 RESERVED CVE-2020-13366 RESERVED CVE-2020-13365 RESERVED CVE-2020-13364 RESERVED CVE-2020-13363 RESERVED CVE-2020-13362 RESERVED CVE-2020-13361 RESERVED CVE-2020-13360 RESERVED CVE-2020-13359 RESERVED CVE-2020-13358 RESERVED CVE-2020-13357 RESERVED CVE-2020-13356 RESERVED CVE-2020-13355 RESERVED CVE-2020-13354 RESERVED CVE-2020-13353 RESERVED CVE-2020-13352 RESERVED CVE-2020-13351 RESERVED CVE-2020-13350 RESERVED CVE-2020-13349 RESERVED CVE-2020-13348 RESERVED CVE-2020-13347 RESERVED CVE-2020-13346 RESERVED CVE-2020-13345 RESERVED CVE-2020-13344 RESERVED CVE-2020-13343 RESERVED CVE-2020-13342 RESERVED CVE-2020-13341 RESERVED CVE-2020-13340 RESERVED CVE-2020-13339 RESERVED CVE-2020-13338 RESERVED CVE-2020-13337 RESERVED CVE-2020-13336 RESERVED CVE-2020-13335 RESERVED CVE-2020-13334 RESERVED CVE-2020-13333 RESERVED CVE-2020-13332 RESERVED CVE-2020-13331 RESERVED CVE-2020-13330 RESERVED CVE-2020-13329 RESERVED CVE-2020-13328 RESERVED CVE-2020-13327 RESERVED CVE-2020-13326 RESERVED CVE-2020-13325 RESERVED CVE-2020-13324 RESERVED CVE-2020-13323 RESERVED CVE-2020-13322 RESERVED CVE-2020-13321 RESERVED CVE-2020-13320 RESERVED CVE-2020-13319 RESERVED CVE-2020-13318 RESERVED CVE-2020-13317 RESERVED CVE-2020-13316 RESERVED CVE-2020-13315 RESERVED CVE-2020-13314 RESERVED CVE-2020-13313 RESERVED CVE-2020-13312 RESERVED CVE-2020-13311 RESERVED CVE-2020-13310 RESERVED CVE-2020-13309 RESERVED CVE-2020-13308 RESERVED CVE-2020-13307 RESERVED CVE-2020-13306 RESERVED CVE-2020-13305 RESERVED CVE-2020-13304 RESERVED CVE-2020-13303 RESERVED CVE-2020-13302 RESERVED CVE-2020-13301 RESERVED CVE-2020-13300 RESERVED CVE-2020-13299 RESERVED CVE-2020-13298 RESERVED CVE-2020-13297 RESERVED CVE-2020-13296 RESERVED CVE-2020-13295 RESERVED CVE-2020-13294 RESERVED CVE-2020-13293 RESERVED CVE-2020-13292 RESERVED CVE-2020-13291 RESERVED CVE-2020-13290 RESERVED CVE-2020-13289 RESERVED CVE-2020-13288 RESERVED CVE-2020-13287 RESERVED CVE-2020-13286 RESERVED CVE-2020-13285 RESERVED CVE-2020-13284 RESERVED CVE-2020-13283 RESERVED CVE-2020-13282 RESERVED CVE-2020-13281 RESERVED CVE-2020-13280 RESERVED CVE-2020-13279 RESERVED CVE-2020-13278 RESERVED CVE-2020-13277 RESERVED CVE-2020-13276 RESERVED CVE-2020-13275 RESERVED CVE-2020-13274 RESERVED CVE-2020-13273 RESERVED CVE-2020-13272 RESERVED CVE-2020-13271 RESERVED CVE-2020-13270 RESERVED CVE-2020-13269 RESERVED CVE-2020-13268 RESERVED CVE-2020-13267 RESERVED CVE-2020-13266 RESERVED CVE-2020-13265 RESERVED CVE-2020-13264 RESERVED CVE-2020-13263 RESERVED CVE-2020-13262 RESERVED CVE-2020-13261 RESERVED CVE-2020-13260 RESERVED CVE-2020-13259 RESERVED CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) TODO: check CVE-2020-13257 RESERVED CVE-2020-13256 RESERVED CVE-2020-13255 RESERVED CVE-2020-13254 RESERVED CVE-2020-13253 [sd: OOB access could crash the guest resulting in DoS] RESERVED - qemu (bug #961297) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...) - centreon-web (bug #913903) CVE-2020-13251 RESERVED CVE-2020-13250 RESERVED CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not ...) TODO: check CVE-2020-13248 RESERVED CVE-2020-13247 RESERVED CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...) - gitea CVE-2020-13245 RESERVED CVE-2020-13244 RESERVED CVE-2020-13243 RESERVED CVE-2020-13242 RESERVED CVE-2020-13241 (Microweber 1.1.18 allows Unrestricted File Upload because admin/view:m ...) TODO: check CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup doc ...) - dolibarr CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html file ...) - dolibarr CVE-2020-13238 RESERVED CVE-2020-13237 RESERVED CVE-2020-13236 RESERVED CVE-2020-13235 RESERVED CVE-2020-13234 RESERVED CVE-2020-13233 RESERVED CVE-2020-13232 RESERVED CVE-2020-13231 (In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ...) - cacti 1.2.11+ds1-1 NOTE: https://github.com/Cacti/cacti/issues/3342 CVE-2020-13230 (In Cacti before 1.2.11, disabling a user account does not immediately ...) - cacti 1.2.11+ds1-1 NOTE: https://github.com/Cacti/cacti/issues/3343 CVE-2020-13229 RESERVED CVE-2020-13228 RESERVED CVE-2020-13227 RESERVED CVE-2020-13226 (WSO2 API Manager 3.0.0 does not properly restrict outbound network acc ...) NOT-FOR-US: WSO2 API Manager CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability ...) - phpipam (bug #731713) NOTE: https://github.com/phpipam/phpipam/issues/3025 CVE-2020-13224 RESERVED CVE-2020-13223 RESERVED CVE-2020-13222 RESERVED CVE-2020-13221 RESERVED CVE-2020-13220 RESERVED CVE-2020-13219 RESERVED CVE-2020-13218 RESERVED CVE-2020-13217 RESERVED CVE-2020-13216 RESERVED CVE-2020-13215 RESERVED CVE-2020-13214 RESERVED CVE-2020-13213 RESERVED CVE-2020-13212 RESERVED CVE-2020-13211 RESERVED CVE-2020-13210 RESERVED CVE-2020-13209 RESERVED CVE-2020-13208 RESERVED CVE-2020-13207 RESERVED CVE-2020-13206 RESERVED CVE-2020-13205 RESERVED CVE-2020-13204 RESERVED CVE-2020-13203 RESERVED CVE-2020-13202 RESERVED CVE-2020-13201 RESERVED CVE-2020-13200 RESERVED CVE-2020-13199 RESERVED CVE-2020-13198 RESERVED CVE-2020-13197 RESERVED CVE-2020-13196 RESERVED CVE-2020-13195 RESERVED CVE-2020-13194 RESERVED CVE-2020-13193 RESERVED CVE-2020-13192 RESERVED CVE-2020-13191 RESERVED CVE-2020-13190 RESERVED CVE-2020-13189 RESERVED CVE-2020-13188 RESERVED CVE-2020-13187 RESERVED CVE-2020-13186 RESERVED CVE-2020-13185 RESERVED CVE-2020-13184 RESERVED CVE-2020-13183 RESERVED CVE-2020-13182 RESERVED CVE-2020-13181 RESERVED CVE-2020-13180 RESERVED CVE-2020-13179 RESERVED CVE-2020-13178 RESERVED CVE-2020-13177 RESERVED CVE-2020-13176 RESERVED CVE-2020-13175 RESERVED CVE-2020-13174 RESERVED CVE-2020-13173 RESERVED CVE-2020-13172 RESERVED CVE-2020-13171 RESERVED CVE-2020-13170 RESERVED CVE-2020-13169 RESERVED CVE-2020-13168 RESERVED CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution ...) TODO: check CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...) NOT-FOR-US: MyLittleAdmin CVE-2020-13165 RESERVED CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...) - wireshark 3.2.4-1 (low) [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Can be fixed along with other CVEs) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a NOTE: https://www.wireshark.org/security/wnpa-sec-2020-08.html CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way that allo ...) TODO: check CVE-2020-13162 RESERVED CVE-2020-13161 RESERVED CVE-2020-13160 RESERVED CVE-2020-13159 RESERVED CVE-2020-13158 RESERVED CVE-2020-13157 RESERVED CVE-2020-13156 RESERVED CVE-2020-13155 RESERVED CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-priv ...) NOT-FOR-US: Zoho CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...) NOT-FOR-US: MISP CVE-2020-13152 (A remote user can create a specially crafted M3U file, media playlist ...) TODO: check CVE-2020-13151 RESERVED CVE-2020-13150 RESERVED CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...) NOT-FOR-US: Dragon Center CVE-2020-13148 RESERVED CVE-2020-13147 RESERVED CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because an added ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG files via t ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a u ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13142 RESERVED CVE-2020-13141 RESERVED CVE-2020-13140 RESERVED CVE-2020-13139 RESERVED CVE-2020-13138 RESERVED CVE-2020-13137 RESERVED CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be re ...) NOT-FOR-US: D-Link CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure by interc ...) NOT-FOR-US: D-Link CVE-2020-13134 RESERVED CVE-2020-13133 RESERVED CVE-2020-13132 RESERVED CVE-2020-13131 RESERVED CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...) - linux NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f CVE-2020-13130 RESERVED CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS, W ...) NOT-FOR-US: stashcat app for MacOS CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServle ...) NOT-FOR-US: Manolo GWTUpload CVE-2020-13127 RESERVED CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 2.9.4 for W ...) NOT-FOR-US: Elementor Pro plugin for WordPress CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor" plugin ...) NOT-FOR-US: "Ultimate Addons for Elementor" plugin for WordPress CVE-2020-13124 RESERVED CVE-2020-13123 RESERVED CVE-2020-13122 RESERVED CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...) NOT-FOR-US: Submitty CVE-2020-13120 RESERVED CVE-2020-13119 RESERVED CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...) NOT-FOR-US: Mikrotik-Router-Monitoring-System CVE-2020-13117 RESERVED CVE-2020-13116 RESERVED CVE-2020-13115 RESERVED CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...) - libexif [buster] - libexif (Minor issue) [stretch] - libexif (Minor issue) [jessie] - libexif (Minor issue) NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22) CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...) - libexif [buster] - libexif (Minor issue) [stretch] - libexif (Minor issue) [jessie] - libexif (Minor issue) NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22) CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...) - libexif [buster] - libexif (Minor issue) [stretch] - libexif (Minor issue) [jessie] - libexif (Minor issue) NOTE: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22) CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...) NOT-FOR-US: NaviServer CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary code ex ...) NOT-FOR-US: Node kerberos CVE-2020-13109 (Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remo ...) NOT-FOR-US: Morita Shogi CVE-2020-13108 RESERVED CVE-2020-13107 RESERVED CVE-2020-13106 RESERVED CVE-2020-13105 RESERVED CVE-2020-13104 RESERVED CVE-2020-13103 RESERVED CVE-2020-13102 RESERVED CVE-2020-13101 RESERVED CVE-2020-13100 RESERVED CVE-2020-13099 RESERVED CVE-2020-13098 RESERVED CVE-2020-13097 RESERVED CVE-2020-13096 RESERVED CVE-2020-13095 RESERVED CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...) - dolibarr CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...) NOT-FOR-US: iSpyConnect.com Agent DVR CVE-2020-13092 (** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unseriali ...) - scikit-learn (unimportant) CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute comman ...) - pandas (unimportant) CVE-2020-13090 RESERVED CVE-2020-13089 RESERVED CVE-2020-13088 RESERVED CVE-2020-13087 RESERVED CVE-2020-13086 RESERVED CVE-2020-13085 RESERVED CVE-2020-13084 RESERVED CVE-2020-13083 RESERVED CVE-2020-13082 RESERVED CVE-2020-13081 RESERVED CVE-2020-13080 RESERVED CVE-2020-13079 RESERVED CVE-2020-13078 RESERVED CVE-2020-13077 RESERVED CVE-2020-13076 RESERVED CVE-2020-13075 RESERVED CVE-2020-13074 RESERVED CVE-2020-13073 RESERVED CVE-2020-13072 RESERVED CVE-2020-13071 RESERVED CVE-2020-13070 RESERVED CVE-2020-13069 RESERVED CVE-2020-13068 RESERVED CVE-2020-13067 RESERVED CVE-2020-13066 RESERVED CVE-2020-13065 RESERVED CVE-2020-13064 RESERVED CVE-2020-13063 RESERVED CVE-2020-13062 RESERVED CVE-2020-13061 RESERVED CVE-2020-13060 RESERVED CVE-2020-13059 RESERVED CVE-2020-13058 RESERVED CVE-2020-13057 RESERVED CVE-2020-13056 RESERVED CVE-2020-13055 RESERVED CVE-2020-13054 RESERVED CVE-2020-13053 RESERVED CVE-2020-13052 RESERVED CVE-2020-13051 RESERVED CVE-2020-13050 RESERVED CVE-2020-13049 RESERVED CVE-2020-13048 RESERVED CVE-2020-13047 RESERVED CVE-2020-13046 RESERVED CVE-2020-13045 RESERVED CVE-2020-13044 RESERVED CVE-2020-13043 RESERVED CVE-2020-13042 RESERVED CVE-2020-13041 RESERVED CVE-2020-13040 RESERVED CVE-2020-13039 RESERVED CVE-2020-13038 RESERVED CVE-2020-13037 RESERVED CVE-2020-13036 RESERVED CVE-2020-13035 RESERVED CVE-2020-13034 RESERVED CVE-2020-13033 RESERVED CVE-2020-13032 RESERVED CVE-2020-13031 RESERVED CVE-2020-13030 RESERVED CVE-2020-13029 RESERVED CVE-2020-13028 RESERVED CVE-2020-13027 RESERVED CVE-2020-13026 RESERVED CVE-2020-13025 RESERVED CVE-2020-13024 RESERVED CVE-2020-13023 RESERVED CVE-2020-13022 RESERVED CVE-2020-13021 RESERVED CVE-2020-13020 RESERVED CVE-2020-13019 RESERVED CVE-2020-13018 RESERVED CVE-2020-13017 RESERVED CVE-2020-13016 RESERVED CVE-2020-13015 RESERVED CVE-2020-13014 RESERVED CVE-2020-13013 RESERVED CVE-2020-13012 RESERVED CVE-2020-13011 RESERVED CVE-2020-13010 RESERVED CVE-2020-13009 RESERVED CVE-2020-13008 RESERVED CVE-2020-13007 RESERVED CVE-2020-13006 RESERVED CVE-2020-13005 RESERVED CVE-2020-13004 RESERVED CVE-2020-13003 RESERVED CVE-2020-13002 RESERVED CVE-2020-13001 RESERVED CVE-2020-13000 RESERVED CVE-2020-12999 RESERVED CVE-2020-12998 RESERVED CVE-2020-12997 RESERVED CVE-2020-12996 RESERVED CVE-2020-12995 RESERVED CVE-2020-12994 RESERVED CVE-2020-12993 RESERVED CVE-2020-12992 RESERVED CVE-2020-12991 RESERVED CVE-2020-12990 RESERVED CVE-2020-12989 RESERVED CVE-2020-12988 RESERVED CVE-2020-12987 RESERVED CVE-2020-12986 RESERVED CVE-2020-12985 RESERVED CVE-2020-12984 RESERVED CVE-2020-12983 RESERVED CVE-2020-12982 RESERVED CVE-2020-12981 RESERVED CVE-2020-12980 RESERVED CVE-2020-12979 RESERVED CVE-2020-12978 RESERVED CVE-2020-12977 RESERVED CVE-2020-12976 RESERVED CVE-2020-12975 RESERVED CVE-2020-12974 RESERVED CVE-2020-12973 RESERVED CVE-2020-12972 RESERVED CVE-2020-12971 RESERVED CVE-2020-12970 RESERVED CVE-2020-12969 RESERVED CVE-2020-12968 RESERVED CVE-2020-12967 RESERVED CVE-2020-12966 RESERVED CVE-2020-12965 RESERVED CVE-2020-12964 RESERVED CVE-2020-12963 RESERVED CVE-2020-12962 RESERVED CVE-2020-12961 RESERVED CVE-2020-12960 RESERVED CVE-2020-12959 RESERVED CVE-2020-12958 RESERVED CVE-2020-12957 RESERVED CVE-2020-12956 RESERVED CVE-2020-12955 RESERVED CVE-2020-12954 RESERVED CVE-2020-12953 RESERVED CVE-2020-12952 RESERVED CVE-2020-12951 RESERVED CVE-2020-12950 RESERVED CVE-2020-12949 RESERVED CVE-2020-12948 RESERVED CVE-2020-12947 RESERVED CVE-2020-12946 RESERVED CVE-2020-12945 RESERVED CVE-2020-12944 RESERVED CVE-2020-12943 RESERVED CVE-2020-12942 RESERVED CVE-2020-12941 RESERVED CVE-2020-12940 RESERVED CVE-2020-12939 RESERVED CVE-2020-12938 RESERVED CVE-2020-12937 RESERVED CVE-2020-12936 RESERVED CVE-2020-12935 RESERVED CVE-2020-12934 RESERVED CVE-2020-12933 RESERVED CVE-2020-12932 RESERVED CVE-2020-12931 RESERVED CVE-2020-12930 RESERVED CVE-2020-12929 RESERVED CVE-2020-12928 RESERVED CVE-2020-12927 RESERVED CVE-2020-12926 RESERVED CVE-2020-12925 RESERVED CVE-2020-12924 RESERVED CVE-2020-12923 RESERVED CVE-2020-12922 RESERVED CVE-2020-12921 RESERVED CVE-2020-12920 RESERVED CVE-2020-12919 RESERVED CVE-2020-12918 RESERVED CVE-2020-12917 RESERVED CVE-2020-12916 RESERVED CVE-2020-12915 RESERVED CVE-2020-12914 RESERVED CVE-2020-12913 RESERVED CVE-2020-12912 RESERVED CVE-2020-12911 RESERVED CVE-2020-12910 RESERVED CVE-2020-12909 RESERVED CVE-2020-12908 RESERVED CVE-2020-12907 RESERVED CVE-2020-12906 RESERVED CVE-2020-12905 RESERVED CVE-2020-12904 RESERVED CVE-2020-12903 RESERVED CVE-2020-12902 RESERVED CVE-2020-12901 RESERVED CVE-2020-12900 RESERVED CVE-2020-12899 RESERVED CVE-2020-12898 RESERVED CVE-2020-12897 RESERVED CVE-2020-12896 RESERVED CVE-2020-12895 RESERVED CVE-2020-12894 RESERVED CVE-2020-12893 RESERVED CVE-2020-12892 RESERVED CVE-2020-12891 RESERVED CVE-2020-12890 RESERVED CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...) NOT-FOR-US: MISP CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...) - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244 CVE-2020-12887 RESERVED CVE-2020-12886 RESERVED CVE-2020-12885 RESERVED CVE-2020-12884 RESERVED CVE-2020-12883 RESERVED CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG document, as ...) NOT-FOR-US: Submitty CVE-2020-12881 RESERVED CVE-2020-12880 RESERVED CVE-2020-12879 RESERVED CVE-2020-12878 RESERVED CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...) NOT-FOR-US: Veritas CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...) NOT-FOR-US: Veritas CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate authori ...) NOT-FOR-US: Veritas CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the ...) NOT-FOR-US: Veritas CVE-2020-12873 RESERVED CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...) - yaws (low) [buster] - yaws (Minor issue) [stretch] - yaws (Minor issue) [jessie] - yaws (Minor issue) NOTE: https://medium.com/@charlielabs101/cve-2020-12872-df315411aa70 CVE-2020-12871 RESERVED CVE-2020-12870 RESERVED CVE-2020-12869 RESERVED CVE-2020-12868 RESERVED CVE-2020-12867 RESERVED - sane-backends (bug #961302) NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html CVE-2020-12866 RESERVED - sane-backends (bug #961302) NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html CVE-2020-12865 RESERVED - sane-backends (bug #961302) NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html CVE-2020-12864 RESERVED - sane-backends (bug #961302) NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html CVE-2020-12863 RESERVED - sane-backends (bug #961302) NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html CVE-2020-12862 RESERVED - sane-backends (bug #961302) NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html CVE-2020-12861 RESERVED - sane-backends (bug #961302) NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...) NOT-FOR-US: COVIDSafe CVE-2020-12859 (Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe th ...) NOT-FOR-US: COVIDSafe CVE-2020-12858 (Non-reinitialisation of random data in the advertising payload in COVI ...) NOT-FOR-US: COVIDSafe CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 an ...) NOT-FOR-US: COVIDSafe CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...) NOT-FOR-US: COVIDSafe CVE-2020-12855 RESERVED CVE-2020-12854 RESERVED CVE-2020-12853 RESERVED CVE-2020-12852 RESERVED CVE-2020-12851 RESERVED CVE-2020-12850 RESERVED CVE-2020-12849 RESERVED CVE-2020-12848 RESERVED CVE-2020-12847 RESERVED CVE-2020-12846 RESERVED CVE-2020-12845 RESERVED CVE-2020-12844 RESERVED CVE-2020-12843 RESERVED CVE-2020-12842 RESERVED CVE-2020-12841 RESERVED CVE-2020-12840 RESERVED CVE-2020-12839 RESERVED CVE-2020-12838 RESERVED CVE-2020-12837 RESERVED CVE-2020-12836 RESERVED CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to ...) NOT-FOR-US: SmartBear ReadyAPI SoapUI Pro CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...) NOT-FOR-US: eQ-3 Homematic Central Control Unit CVE-2020-12833 RESERVED CVE-2020-12832 (WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerabi ...) NOT-FOR-US: simple-file-list plugin for WordPress CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ...) - frr (unimportant) NOTE: https://github.com/FRRouting/frr/pull/6383 NOTE: https://github.com/FRRouting/frr/commit/7734484a378052a513c9e21165c13bf85f78ad48 CVE-2020-12830 RESERVED CVE-2020-12829 RESERVED - qemu (low) [buster] - qemu (Minor issue) [stretch] - qemu (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026 CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...) NOT-FOR-US: AnchorFree VPN SDK CVE-2020-12827 RESERVED CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...) - linux 5.6.7-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any ...) - libcroco (low; bug #960527) [buster] - libcroco (Minor issue) [stretch] - libcroco (Minor issue) [jessie] - libcroco (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libcroco/-/issues/8 CVE-2020-12824 RESERVED CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...) {DLA-2212-1} - openconnect 8.10-1 (unimportant; bug #960620) NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/108 NOTE: Only triggerable by local certs, which are under the control of the user CVE-2020-12822 RESERVED CVE-2020-12821 RESERVED CVE-2020-12820 RESERVED CVE-2020-12819 RESERVED CVE-2020-12818 RESERVED CVE-2020-12817 RESERVED CVE-2020-12816 RESERVED CVE-2020-12815 RESERVED CVE-2020-12814 RESERVED CVE-2020-12813 RESERVED CVE-2020-12812 RESERVED CVE-2020-12811 RESERVED CVE-2020-12810 RESERVED CVE-2020-12809 RESERVED CVE-2020-12808 RESERVED CVE-2020-12807 RESERVED CVE-2020-12806 RESERVED CVE-2020-12805 RESERVED CVE-2020-12804 RESERVED CVE-2020-12803 RESERVED CVE-2020-12802 RESERVED CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...) - libreoffice 1:6.4.3-1 (low) [buster] - libreoffice (Minor issue) [stretch] - libreoffice (Minor issue) [jessie] - libreoffice (Minor issue) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801 CVE-2020-12800 RESERVED CVE-2020-12799 RESERVED CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...) NOT-FOR-US: Cellebrite UFED CVE-2020-12797 RESERVED CVE-2020-12796 RESERVED CVE-2020-12795 RESERVED CVE-2020-12794 RESERVED CVE-2020-12793 RESERVED CVE-2020-12792 RESERVED CVE-2020-12791 RESERVED CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMet ...) NOT-FOR-US: SEOmatic plugin for Craft CMS CVE-2020-12789 RESERVED CVE-2020-12788 RESERVED CVE-2020-12787 RESERVED CVE-2020-12786 RESERVED CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the current ...) NOT-FOR-US: cPanel CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a bandwidth s ...) NOT-FOR-US: cPanel CVE-2020-12782 RESERVED CVE-2020-12781 RESERVED CVE-2020-12780 RESERVED CVE-2020-12779 RESERVED CVE-2020-12778 RESERVED CVE-2020-12777 RESERVED CVE-2020-12776 RESERVED CVE-2020-12775 RESERVED CVE-2020-12774 RESERVED CVE-2020-12773 RESERVED CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...) {DSA-4687-1 DLA-2213-1} - exim4 4.93-16 NOTE: https://bugs.exim.org/show_bug.cgi?id=2571 NOTE: https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86 NOTE: https://git.exim.org/exim.git/commitdiff/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0 CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR p ...) NOT-FOR-US: Ignite Realtime Spark CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...) {DLA-2214-1} - libexif 0.6.21-7 (bug #960199) [buster] - libexif (Minor issue) [stretch] - libexif (Minor issue) NOTE: https://github.com/libexif/libexif/issues/31 NOTE: https://github.com/libexif/libexif/commit/e22f73064f804c94e90b642cd0db4697c827da72 CVE-2020-XXXX [unspecified fexsrv security issue] - fex 20160919-2 [buster] - fex 20160919-2~deb10u1 [stretch] - fex (Non-free not supported) CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...) - linux NOTE: https://lkml.org/lkml/2020/4/26/87 CVE-2020-12770 (An issue was discovered in the Linux kernel through 5.6.11. sg_write l ...) - linux NOTE: https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee (5.7-rc3) CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drivers/spi ...) - linux 5.4.19-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6) CVE-2020-12768 (** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. ...) - linux 5.6.7-1 (unimportant) NOTE: https://git.kernel.org/linus/d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 (5.6-rc4) CVE-2020-12766 (Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via t ...) NOT-FOR-US: Gnuteca CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view&it ...) NOT-FOR-US: Solis Miolo CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. ...) NOT-FOR-US: Gnuteca CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...) NOT-FOR-US: TRENDnet ProView CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...) - json-c (bug #960326) NOTE: https://github.com/json-c/json-c/pull/592 NOTE: https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426 NOTE: https://github.com/json-c/json-c/commit/77d935b7ae7871a1940cd827e850e6063044ec45 NOTE: https://github.com/json-c/json-c/commit/d07b91014986900a3a75f306d302e13e005e9d67 NOTE: https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157 NOTE: https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6 NOTE: d07b91014986 ("Fix integer overflows.") introduces a regression tracked as: NOTE: https://github.com/json-c/json-c/issues/599 NOTE: https://github.com/json-c/json-c/pull/610 NOTE: Working backports for older branches: https://github.com/json-c/json-c/pull/608 CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow ( ...) - imlib2 1.6.1-2 (bug #960192) [buster] - imlib2 (Vulnerable code introduced later) [stretch] - imlib2 (Vulnerable code introduced later) [jessie] - imlib2 (Vulnerable code introduced later) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63 CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...) NOT-FOR-US: OpenNMS CVE-2020-12759 RESERVED CVE-2020-12758 RESERVED CVE-2020-12757 RESERVED CVE-2020-12756 RESERVED CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras t ...) - kio-extras (low; bug #960306) [buster] - kio-extras (Minor issue) [stretch] - kio-extras (Minor issue) NOTE: https://cgit.kde.org/kio-extras.git/commit/?id=d813cef3cecdec9af1532a40d677a203ff979145 CVE-2020-12754 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-12753 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-12752 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12751 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12750 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12749 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12748 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12747 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12746 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12745 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12744 RESERVED CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does ...) NOT-FOR-US: Gazie CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does ...) NOT-FOR-US: iubenda-cookie-law-solution plugin for WordPress CVE-2020-12741 RESERVED CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ...) - tcpreplay [jessie] - tcpreplay (Vulnerable code added later) NOTE: https://github.com/appneta/tcpreplay/issues/576 NOTE: --fuzz-seed in PoC not present until version 4.2.0 CVE-2020-12739 RESERVED CVE-2020-12738 RESERVED CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...) NOT-FOR-US: Maxum Rumpus CVE-2020-12736 RESERVED CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...) NOT-FOR-US: DomainMOD CVE-2020-12734 RESERVED CVE-2020-12733 RESERVED CVE-2020-12732 RESERVED CVE-2020-12731 RESERVED CVE-2020-12730 RESERVED CVE-2020-12729 RESERVED CVE-2020-12728 RESERVED CVE-2020-12727 RESERVED CVE-2020-12726 RESERVED CVE-2020-12725 RESERVED CVE-2020-12724 RESERVED CVE-2020-12723 RESERVED CVE-2020-12722 RESERVED CVE-2020-12721 RESERVED CVE-2020-12720 (vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6 ...) NOT-FOR-US: vBulletin CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Console in ...) NOT-FOR-US: WSO2 CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...) NOT-FOR-US: PHP-Fusion CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote atta ...) NOT-FOR-US: COVIDSafe (Australia) app CVE-2020-12716 RESERVED CVE-2020-12715 RESERVED CVE-2020-12714 RESERVED CVE-2020-12713 RESERVED CVE-2020-12712 RESERVED CVE-2020-12711 RESERVED CVE-2020-12710 RESERVED CVE-2020-12709 RESERVED CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) NOT-FOR-US: PHP-Fusion CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4 ...) NOT-FOR-US: LeptonCMS CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) NOT-FOR-US: PHP-Fusion CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS ...) NOT-FOR-US: LeptonCMS CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...) NOT-FOR-US: UliCMS CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall. ...) NOT-FOR-US: UliCMS CVE-2020-12702 RESERVED CVE-2020-12701 RESERVED CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...) NOT-FOR-US: Typo3 extension CVE-2020-12699 (The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect ...) NOT-FOR-US: Typo3 extension CVE-2020-12698 (The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Co ...) NOT-FOR-US: Typo3 extension CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Ser ...) NOT-FOR-US: Typo3 extension CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...) NOT-FOR-US: iframe plugin for WordPress CVE-2020-12695 RESERVED CVE-2020-12694 RESERVED CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...) - slurm-llnl [buster] - slurm-llnl (Minor issue) [stretch] - slurm-llnl (Minor issue) [jessie] - slurm-llnl (Message Aggregation added in 14.11) NOTE: https://www.schedmd.com/news.php?id=236 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html NOTE: Issue affects systems with Message Aggregation enabled CVE-2020-12688 RESERVED CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/attacments ...) NOT-FOR-US: Serpico CVE-2020-12686 RESERVED CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...) NOT-FOR-US: Interchange CVE-2020-12684 RESERVED CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...) NOT-FOR-US: Katyshop2 CVE-2020-12682 RESERVED CVE-2020-12681 RESERVED CVE-2020-12680 (** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866 allows loca ...) NOT-FOR-US: Avira Free Antivirus CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mitel Shor ...) NOT-FOR-US: Mitel CVE-2020-12678 REJECTED CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin. A Web ...) NOT-FOR-US: Progress MOVEit Automation Web Admin CVE-2020-12676 RESERVED CVE-2020-12675 RESERVED CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1872737 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/4 CVE-2020-12691 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1872733 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5 CVE-2020-12690 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1873290 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/6 CVE-2020-12674 RESERVED CVE-2020-12673 RESERVED CVE-2020-12689 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [jessie] - keystone (Not supported in Jessie) NOTE: https://bugs.launchpad.net/keystone/+bug/1872735 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5 CVE-2020-12672 (GraphicsMagick through 1.3.35 has a heap-based buffer overflow in Read ...) - graphicsmagick (bug #960000) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025 CVE-2020-12671 RESERVED CVE-2020-12670 RESERVED CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...) - dolibarr CVE-2020-12668 RESERVED CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...) - knot-resolver (bug #961076) NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/54f05e4d7b2e47c0bdd30b84272fc503cc65304b NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/ba7b89db780fe3884b4e90090318e25ee5afb118 CVE-2020-12666 (macaron before 1.3.7 has an open redirect in the static handler, as de ...) NOT-FOR-US: macaron CVE-2020-12665 RESERVED CVE-2020-12664 RESERVED CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...) - unbound 1.10.1-1 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...) - unbound 1.10.1-1 NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff CVE-2020-12661 RESERVED CVE-2020-12660 RESERVED CVE-2020-12659 (An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg ...) - linux 5.6.7-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2) CVE-2020-12658 RESERVED CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There is a u ...) - linux 5.6.7-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1) CVE-2020-12656 (** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c ...) - linux (unimportant) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651 NOTE: Issue is triggered only at module reloading / rebinding CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c ...) - linux NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1) CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1) CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1) CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the ...) - linux 5.4.19-1 [buster] - linux 4.19.98-1 NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7) CVE-2020-12651 (SecureCRT before 8.7.2 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: SecureCRT CVE-2020-12650 REJECTED CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...) NOT-FOR-US: Gurbalib CVE-2020-12648 RESERVED CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...) TODO: check CVE-2020-12646 RESERVED CVE-2020-12645 RESERVED CVE-2020-12644 RESERVED CVE-2020-12643 RESERVED CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x before 5. ...) NOT-FOR-US: Report Portal CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...) - roundcube 1.4.4+dfsg.1-1 (unimportant) [buster] - roundcube 1.3.11+dfsg.1-1~deb10u1 NOTE: https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3 NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 CVE-2020-12640 (Roundcube Webmail before 1.4.4 allows attackers to include local files ...) - roundcube 1.4.4+dfsg.1-1 (unimportant) [buster] - roundcube 1.3.11+dfsg.1-1~deb10u1 NOTE: https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794 NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 CVE-2020-12639 (phpList before 3.5.3 allows XSS, with resultant privilege elevation, v ...) - phplist (bug #612288) CVE-2020-12638 RESERVED CVE-2020-12637 (Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation beca ...) NOT-FOR-US: Zulip Desktop CVE-2020-12636 RESERVED CVE-2020-12635 RESERVED CVE-2020-12634 RESERVED CVE-2020-12633 RESERVED CVE-2020-12632 RESERVED CVE-2020-12631 RESERVED CVE-2020-12630 RESERVED CVE-2020-12629 (include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA ...) NOT-FOR-US: osTicket CVE-2020-12628 RESERVED CVE-2020-12627 (Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j ...) NOT-FOR-US: Calibre-Web CVE-2020-12624 (The League application before 2020-05-02 on Android sends a bearer tok ...) NOT-FOR-US: League CVE-2020-12623 RESERVED CVE-2020-12622 RESERVED CVE-2020-12621 RESERVED CVE-2020-12620 RESERVED CVE-2020-12619 RESERVED CVE-2020-12618 RESERVED CVE-2020-12617 RESERVED CVE-2020-12616 RESERVED CVE-2020-12615 RESERVED CVE-2020-12614 RESERVED CVE-2020-12613 RESERVED CVE-2020-12612 RESERVED CVE-2020-12611 RESERVED CVE-2020-12610 RESERVED CVE-2020-12609 RESERVED CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management Engine ...) NOT-FOR-US: SolarWinds CVE-2020-12607 RESERVED CVE-2020-12606 RESERVED CVE-2020-12605 RESERVED CVE-2020-12604 RESERVED CVE-2020-12603 RESERVED CVE-2020-12602 RESERVED CVE-2020-12601 RESERVED CVE-2020-12600 RESERVED CVE-2020-12599 RESERVED CVE-2020-12598 RESERVED CVE-2020-12597 RESERVED CVE-2020-12596 RESERVED CVE-2020-12595 RESERVED CVE-2020-12594 RESERVED CVE-2020-12593 RESERVED CVE-2020-12592 RESERVED CVE-2020-12591 RESERVED CVE-2020-12590 RESERVED CVE-2020-12589 RESERVED CVE-2020-12588 RESERVED CVE-2020-12587 RESERVED CVE-2020-12586 RESERVED CVE-2020-12585 RESERVED CVE-2020-12584 RESERVED CVE-2020-12583 RESERVED CVE-2020-12582 RESERVED CVE-2020-12581 RESERVED CVE-2020-12580 RESERVED CVE-2020-12579 RESERVED CVE-2020-12578 RESERVED CVE-2020-12577 RESERVED CVE-2020-12576 RESERVED CVE-2020-12575 RESERVED CVE-2020-12574 RESERVED CVE-2020-12573 RESERVED CVE-2020-12572 RESERVED CVE-2020-12571 RESERVED CVE-2020-12570 RESERVED CVE-2020-12569 RESERVED CVE-2020-12568 RESERVED CVE-2020-12567 RESERVED CVE-2020-12566 RESERVED CVE-2020-12565 RESERVED CVE-2020-12564 RESERVED CVE-2020-12563 RESERVED CVE-2020-12562 RESERVED CVE-2020-12561 RESERVED CVE-2020-12560 RESERVED CVE-2020-12559 RESERVED CVE-2020-12558 RESERVED CVE-2020-12557 RESERVED CVE-2020-12556 RESERVED CVE-2020-12555 RESERVED CVE-2020-12554 RESERVED CVE-2020-12553 RESERVED CVE-2020-12552 RESERVED CVE-2020-12551 RESERVED CVE-2020-12550 RESERVED CVE-2020-12549 RESERVED CVE-2020-12548 RESERVED CVE-2020-12547 RESERVED CVE-2020-12546 RESERVED CVE-2020-12545 RESERVED CVE-2020-12544 RESERVED CVE-2020-12543 RESERVED CVE-2020-12542 RESERVED CVE-2020-12541 RESERVED CVE-2020-12540 RESERVED CVE-2020-12539 RESERVED CVE-2020-12538 RESERVED CVE-2020-12537 RESERVED CVE-2020-12536 RESERVED CVE-2020-12535 RESERVED CVE-2020-12534 RESERVED CVE-2020-12533 RESERVED CVE-2020-12532 RESERVED CVE-2020-12531 RESERVED CVE-2020-12530 RESERVED CVE-2020-12529 RESERVED CVE-2020-12528 RESERVED CVE-2020-12527 RESERVED CVE-2020-12526 RESERVED CVE-2020-12525 RESERVED CVE-2020-12524 RESERVED CVE-2020-12523 RESERVED CVE-2020-12522 RESERVED CVE-2020-12521 RESERVED CVE-2020-12520 RESERVED CVE-2020-12519 RESERVED CVE-2020-12518 RESERVED CVE-2020-12517 RESERVED CVE-2020-12516 RESERVED CVE-2020-12515 RESERVED CVE-2020-12514 RESERVED CVE-2020-12513 RESERVED CVE-2020-12512 RESERVED CVE-2020-12511 RESERVED CVE-2020-12510 RESERVED CVE-2020-12509 RESERVED CVE-2020-12508 RESERVED CVE-2020-12507 RESERVED CVE-2020-12506 RESERVED CVE-2020-12505 RESERVED CVE-2020-12504 RESERVED CVE-2020-12503 RESERVED CVE-2020-12502 RESERVED CVE-2020-12501 RESERVED CVE-2020-12500 RESERVED CVE-2020-12499 RESERVED CVE-2020-12498 RESERVED CVE-2020-12497 RESERVED CVE-2020-12496 RESERVED CVE-2020-12495 RESERVED CVE-2020-12494 RESERVED CVE-2020-12493 RESERVED CVE-2020-12492 RESERVED CVE-2020-12491 RESERVED CVE-2020-12490 RESERVED CVE-2020-12489 RESERVED CVE-2020-12488 RESERVED CVE-2020-12487 RESERVED CVE-2020-12486 RESERVED CVE-2020-12485 RESERVED CVE-2020-12484 RESERVED CVE-2020-12483 RESERVED CVE-2020-12482 RESERVED CVE-2020-12481 RESERVED CVE-2020-12480 RESERVED CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...) - teampass (bug #730180) CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...) - teampass (bug #730180) CVE-2020-12477 (The REST API functions in TeamPass 2.1.27.36 allow any user with a val ...) - teampass (bug #730180) CVE-2020-12476 RESERVED CVE-2020-12475 (TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for ...) NOT-FOR-US: TP-Link CVE-2020-12474 (Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, an ...) - telegram-desktop 2.1.0+ds-1 NOTE: https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474 CVE-2020-12473 (MonoX through 5.1.40.5152 allows admins to execute arbitrary programs ...) NOT-FOR-US: MonoX CVE-2020-12472 (MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comm ...) NOT-FOR-US: MonoX CVE-2020-12471 (MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload ...) NOT-FOR-US: MonoX CVE-2020-12470 (MonoX through 5.1.40.5152 allows administrators to execute arbitrary c ...) NOT-FOR-US: MonoX CVE-2020-12469 (admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Inject ...) NOT-FOR-US: Subrion CMS CVE-2020-12468 (Subrion CMS 4.2.1 allows CSV injection via a phrase value within a lan ...) NOT-FOR-US: Subrion CMS CVE-2020-12467 (Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in ...) NOT-FOR-US: Subrion CMS CVE-2020-12626 (An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF atta ...) {DSA-4674-1} - roundcube 1.4.4+dfsg.1-1 (bug #959142) NOTE: https://github.com/roundcube/roundcubemail/pull/7302 NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/1e7bec9cb868fa32b05acf6b0a557a6311350c56 NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/cceeff2472c00acb2c6b96c9df7a289f1db77713 CVE-2020-12625 (An issue was discovered in Roundcube Webmail before 1.4.4. There is a ...) {DSA-4674-1} - roundcube 1.4.4+dfsg.1-1 (bug #959140) NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/23c06159ae8c6f500336e3075820e648aa6f40a4 NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/4312dc4efecb9553fcacfab0ab9d9ee6e88477e7 CVE-2020-12466 RESERVED CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers/net/w ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6) CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...) - linux NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3) CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...) NOT-FOR-US: Avira CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with ...) NOT-FOR-US: ninja-forms plugin for WordPress CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...) NOT-FOR-US: PHP-Fusion CVE-2020-12460 RESERVED CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the configu ...) NOT-FOR-US: Grafana as shipped in Red Hat CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.3. The ...) - grafana NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1827765 NOTE: https://github.com/grafana/grafana/issues/8283 CVE-2020-12457 RESERVED CVE-2020-12456 RESERVED CVE-2020-12455 RESERVED CVE-2020-12454 RESERVED CVE-2020-12453 RESERVED CVE-2020-12452 RESERVED CVE-2020-12451 RESERVED CVE-2020-12450 RESERVED CVE-2020-12449 RESERVED CVE-2020-12448 (GitLab EE 12.8 and later allows Exposure of Sensitive Information to a ...) - gitlab (Only affects GitLab EE 12.8 and later) NOTE: https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/ CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-000 ...) NOT-FOR-US: Onkyo CVE-2020-12446 (The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00. ...) NOT-FOR-US: G.SKILL Trident Z Lighting Control CVE-2020-12445 RESERVED CVE-2020-12444 RESERVED CVE-2020-12443 (BigBlueButton before 2.2.6 allows remote attackers to read arbitrary f ...) NOT-FOR-US: BigBlueButton CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated ...) NOT-FOR-US: Ivanti CVE-2020-12441 RESERVED CVE-2020-12440 REJECTED CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...) NOT-FOR-US: Grin CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03 ...) NOT-FOR-US: PHP-Fusion CVE-2020-12437 RESERVED CVE-2020-12436 RESERVED CVE-2020-12435 RESERVED CVE-2020-12434 RESERVED CVE-2020-12433 RESERVED CVE-2020-12432 RESERVED CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software ...) NOT-FOR-US: Splashtop Software Updater CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...) [experimental] - libvirt 6.2.0-1 - libvirt (low; bug #959447) [buster] - libvirt (Minor issue) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 (v6.1.0-rc1) NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=d1eac92784573559b6fd56836e33b215c89308e3 (v4.10.0-rc1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1804548 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828190 CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that would ...) NOT-FOR-US: Online Course Registration CVE-2020-12428 RESERVED CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...) NOT-FOR-US: Western Digital CVE-2020-12426 RESERVED CVE-2020-12425 RESERVED CVE-2020-12424 RESERVED CVE-2020-12423 RESERVED CVE-2020-12422 RESERVED CVE-2020-12421 RESERVED CVE-2020-12420 RESERVED CVE-2020-12419 RESERVED CVE-2020-12418 RESERVED CVE-2020-12417 RESERVED CVE-2020-12416 RESERVED CVE-2020-12415 RESERVED CVE-2020-12414 RESERVED CVE-2020-12413 RESERVED CVE-2020-12412 RESERVED CVE-2020-12411 RESERVED CVE-2020-12410 RESERVED CVE-2020-12409 RESERVED CVE-2020-12408 RESERVED CVE-2020-12407 RESERVED CVE-2020-12406 RESERVED CVE-2020-12405 RESERVED CVE-2020-12404 RESERVED CVE-2020-12403 RESERVED CVE-2020-12402 RESERVED CVE-2020-12401 RESERVED CVE-2020-12400 RESERVED CVE-2020-12399 [Force a fixed length for DSA exponentiation] RESERVED - nss NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 (non-public) CVE-2020-12398 RESERVED CVE-2020-12397 (By encoding Unicode whitespace characters within the From email header ...) {DSA-4683-1 DLA-2206-1} - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12397 CVE-2020-12396 RESERVED - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12396 CVE-2020-12395 RESERVED {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12395 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12395 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12395 CVE-2020-12394 RESERVED - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12394 CVE-2020-12393 RESERVED - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12393 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12393 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12393 CVE-2020-12392 RESERVED {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12392 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831 CVE-2020-12391 RESERVED - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12391 CVE-2020-12390 RESERVED - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12390 CVE-2020-12389 RESERVED - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12389 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12389 CVE-2020-12388 RESERVED - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12388 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12388 CVE-2020-12387 RESERVED {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12387 CVE-2020-12386 RESERVED CVE-2020-12385 RESERVED CVE-2020-12384 RESERVED CVE-2020-12383 RESERVED CVE-2020-12382 RESERVED CVE-2020-12381 RESERVED CVE-2020-12380 RESERVED CVE-2020-12379 RESERVED CVE-2020-12378 RESERVED CVE-2020-12377 RESERVED CVE-2020-12376 RESERVED CVE-2020-12375 RESERVED CVE-2020-12374 RESERVED CVE-2020-12373 RESERVED CVE-2020-12372 RESERVED CVE-2020-12371 RESERVED CVE-2020-12370 RESERVED CVE-2020-12369 RESERVED CVE-2020-12368 RESERVED CVE-2020-12367 RESERVED CVE-2020-12366 RESERVED CVE-2020-12365 RESERVED CVE-2020-12364 RESERVED CVE-2020-12363 RESERVED CVE-2020-12362 RESERVED CVE-2020-12361 RESERVED CVE-2020-12360 RESERVED CVE-2020-12359 RESERVED CVE-2020-12358 RESERVED CVE-2020-12357 RESERVED CVE-2020-12356 RESERVED CVE-2020-12355 RESERVED CVE-2020-12354 RESERVED CVE-2020-12353 RESERVED CVE-2020-12352 RESERVED CVE-2020-12351 RESERVED CVE-2020-12350 RESERVED CVE-2020-12349 RESERVED CVE-2020-12348 RESERVED CVE-2020-12347 RESERVED CVE-2020-12346 RESERVED CVE-2020-12345 RESERVED CVE-2020-12344 RESERVED CVE-2020-12343 RESERVED CVE-2020-12342 RESERVED CVE-2020-12341 RESERVED CVE-2020-12340 RESERVED CVE-2020-12339 RESERVED CVE-2020-12338 RESERVED CVE-2020-12337 RESERVED CVE-2020-12336 RESERVED CVE-2020-12335 RESERVED CVE-2020-12334 RESERVED CVE-2020-12333 RESERVED CVE-2020-12332 RESERVED CVE-2020-12331 RESERVED CVE-2020-12330 RESERVED CVE-2020-12329 RESERVED CVE-2020-12328 RESERVED CVE-2020-12327 RESERVED CVE-2020-12326 RESERVED CVE-2020-12325 RESERVED CVE-2020-12324 RESERVED CVE-2020-12323 RESERVED CVE-2020-12322 RESERVED CVE-2020-12321 RESERVED CVE-2020-12320 RESERVED CVE-2020-12319 RESERVED CVE-2020-12318 RESERVED CVE-2020-12317 RESERVED CVE-2020-12316 RESERVED CVE-2020-12315 RESERVED CVE-2020-12314 RESERVED CVE-2020-12313 RESERVED CVE-2020-12312 RESERVED CVE-2020-12311 RESERVED CVE-2020-12310 RESERVED CVE-2020-12309 RESERVED CVE-2020-12308 RESERVED CVE-2020-12307 RESERVED CVE-2020-12306 RESERVED CVE-2020-12305 RESERVED CVE-2020-12304 RESERVED CVE-2020-12303 RESERVED CVE-2020-12302 RESERVED CVE-2020-12301 RESERVED CVE-2020-12300 RESERVED CVE-2020-12299 RESERVED CVE-2020-12298 RESERVED CVE-2020-12297 RESERVED CVE-2020-12296 RESERVED CVE-2020-12295 RESERVED CVE-2020-12294 RESERVED CVE-2020-12293 RESERVED CVE-2020-12292 RESERVED CVE-2020-12291 RESERVED CVE-2020-12290 RESERVED CVE-2020-12289 RESERVED CVE-2020-12288 RESERVED CVE-2020-12287 RESERVED CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...) NOT-FOR-US: Octopus Deploy CVE-2020-12285 RESERVED CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.2.2 has a ...) - ffmpeg NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 NOTE: https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726 CVE-2020-12283 (Sourcegraph before 3.15.1 has a vulnerable authentication workflow bec ...) NOT-FOR-US: Sourcegraph CVE-2020-12282 RESERVED CVE-2020-12281 RESERVED CVE-2020-12280 RESERVED CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) - libgit2 0.28.4+dfsg.1-2 [buster] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [stretch] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) NOTE: https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4 CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) - libgit2 0.28.4+dfsg.1-2 [buster] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [stretch] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) NOTE: https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01 NOTE: https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb CVE-2020-12277 (GitLab 10.8 through 12.9 has a vulnerability that allows someone to mi ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12276 (GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin noti ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12275 (GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...) NOT-FOR-US: TestLink CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...) NOT-FOR-US: TestLink CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...) - opendmarc NOTE: https://sourceforge.net/p/opendmarc/tickets/237/ NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...) NOT-FOR-US: SFOS CVE-2020-12270 (** DISPUTED ** React Native Bluetooth Scan in Bluezone 1.0.0 uses six- ...) NOT-FOR-US: Bluezone CVE-2020-12269 RESERVED CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...) - jbig2dec 0.18-1 [buster] - jbig2dec (Minor issue) [stretch] - jbig2dec (Minor issue) [jessie] - jbig2dec (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332 NOTE: https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextM ...) - qtbase-opensource-src (Vulnerable code not present) NOTE: https://github.com/qt/qtbase/commit/7447e2b337f12b4d04935d0f30fc673e4327d5a0 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450 NOTE: The 5.14 in experimental contains the code, but is already fixed CVE-2020-12266 (An issue was discovered on WAVLINK WL-WN579G3 M79X3.V5030.180719, WL-W ...) NOT-FOR-US: WAVLINK CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...) NOT-FOR-US: Node decompress CVE-2020-12264 RESERVED CVE-2020-12263 RESERVED CVE-2020-12262 RESERVED CVE-2020-12261 (Open-AudIT 3.3.0 allows an XSS attack after login. ...) NOT-FOR-US: Open-AudIT CVE-2020-12260 RESERVED CVE-2020-12259 (rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php fil ...) NOT-FOR-US: rConfig CVE-2020-12258 (rConfig 3.9.4 is vulnerable to session fixation because session expiry ...) NOT-FOR-US: rConfig CVE-2020-12257 (rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) becau ...) NOT-FOR-US: rConfig CVE-2020-12256 (rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file ...) NOT-FOR-US: rConfig CVE-2020-12255 (rConfig 3.9.4 is vulnerable to remote code execution due to improper v ...) NOT-FOR-US: rConfig CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...) NOT-FOR-US: Avira Antivirus CVE-2020-12253 RESERVED CVE-2020-12252 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...) NOT-FOR-US: Gigamon CVE-2020-12251 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...) NOT-FOR-US: Gigamon CVE-2020-12250 RESERVED CVE-2020-12249 RESERVED CVE-2020-12248 RESERVED CVE-2020-12247 RESERVED CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other & ...) NOT-FOR-US: Beeline Smart Box CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...) - grafana NOTE: https://github.com/grafana/grafana/pull/23816 CVE-2020-12244 (An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where ...) {DSA-4691-1} - pdns-recursor 4.3.1-1 [stretch] - pdns-recursor (No longer supported, see DSA 4691) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 CVE-2020-12243 (In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters wi ...) {DSA-4666-1 DLA-2199-1} - openldap 2.4.50+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9202 NOTE: https://git.openldap.org/openldap/openldap/-/commit/d38d48fc8f572dedfb67b9da61a2ba3b125ced91 (master) NOTE: https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440 (OPENLDAP_REL_ENG_2_4_50) CVE-2020-12242 (Valve Source allows local users to gain privileges by writing to the / ...) NOT-FOR-US: Valve CVE-2020-12241 RESERVED CVE-2020-12240 RESERVED CVE-2020-12239 RESERVED CVE-2020-12238 RESERVED CVE-2020-12237 RESERVED CVE-2020-12236 RESERVED CVE-2020-12235 RESERVED CVE-2020-12234 RESERVED CVE-2020-12233 RESERVED CVE-2020-12232 RESERVED CVE-2020-12231 RESERVED CVE-2020-12230 RESERVED CVE-2020-12229 RESERVED CVE-2020-12228 RESERVED CVE-2020-12227 RESERVED CVE-2020-12226 RESERVED CVE-2020-12225 RESERVED CVE-2020-12224 RESERVED CVE-2020-12223 RESERVED CVE-2020-12222 RESERVED CVE-2020-12221 RESERVED CVE-2020-12220 RESERVED CVE-2020-12219 RESERVED CVE-2020-12218 RESERVED CVE-2020-12217 RESERVED CVE-2020-12216 RESERVED CVE-2020-12215 RESERVED CVE-2020-12214 RESERVED CVE-2020-12213 RESERVED CVE-2020-12212 RESERVED CVE-2020-12211 RESERVED CVE-2020-12210 RESERVED CVE-2020-12209 RESERVED CVE-2020-12208 RESERVED CVE-2020-12207 RESERVED CVE-2020-12206 RESERVED CVE-2020-12205 RESERVED CVE-2020-12204 RESERVED CVE-2020-12203 RESERVED CVE-2020-12202 RESERVED CVE-2020-12201 RESERVED CVE-2020-12200 RESERVED CVE-2020-12199 RESERVED CVE-2020-12198 RESERVED CVE-2020-12197 RESERVED CVE-2020-12196 RESERVED CVE-2020-12195 RESERVED CVE-2020-12194 RESERVED CVE-2020-12193 RESERVED CVE-2020-12192 RESERVED CVE-2020-12191 RESERVED CVE-2020-12190 RESERVED CVE-2020-12189 RESERVED CVE-2020-12188 RESERVED CVE-2020-12187 RESERVED CVE-2020-12186 RESERVED CVE-2020-12185 RESERVED CVE-2020-12184 RESERVED CVE-2020-12183 RESERVED CVE-2020-12182 RESERVED CVE-2020-12181 RESERVED CVE-2020-12180 RESERVED CVE-2020-12179 RESERVED CVE-2020-12178 RESERVED CVE-2020-12177 RESERVED CVE-2020-12176 RESERVED CVE-2020-12175 RESERVED CVE-2020-12174 RESERVED CVE-2020-12173 RESERVED CVE-2020-12172 RESERVED CVE-2020-12171 RESERVED CVE-2020-12170 RESERVED CVE-2020-12169 RESERVED CVE-2020-12168 RESERVED CVE-2020-12167 RESERVED CVE-2020-12166 RESERVED CVE-2020-12165 RESERVED CVE-2020-12164 RESERVED CVE-2020-12163 RESERVED CVE-2020-12162 RESERVED CVE-2020-12161 RESERVED CVE-2020-12160 RESERVED CVE-2020-12159 RESERVED CVE-2020-12158 RESERVED CVE-2020-12157 RESERVED CVE-2020-12156 RESERVED CVE-2020-12155 RESERVED CVE-2020-12154 RESERVED CVE-2020-12153 RESERVED CVE-2020-12152 RESERVED CVE-2020-12151 RESERVED CVE-2020-12150 RESERVED CVE-2020-12149 RESERVED CVE-2020-12148 RESERVED CVE-2020-12147 RESERVED CVE-2020-12146 RESERVED CVE-2020-12145 RESERVED CVE-2020-12144 (The certificate used to identify the Silver Peak Cloud Portal to EdgeC ...) NOT-FOR-US: Silver Peak Cloud Portal CVE-2020-12143 (The certificate used to identify Orchestrator to EdgeConnect devices i ...) NOT-FOR-US: EdgeConnect CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machine int ...) NOT-FOR-US: EdgeConnect CVE-2020-12141 RESERVED CVE-2020-12140 RESERVED CVE-2020-12139 RESERVED CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact ...) NOT-FOR-US: AMD ATI atillk64.sys specific issue CVE-2020-12136 RESERVED CVE-2020-12135 (bson before 0.8 incorrectly uses int rather than size_t for many varia ...) - duo-unix (unimportant; bug #958998) NOTE: Embedded older version, but affected function not used CVE-2020-12134 (Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishand ...) NOT-FOR-US: Nanometrics Centaur / TitanSMA CVE-2020-12133 (The Apros Evolution, ConsciusMap, and Furukawa provisioning systems th ...) NOT-FOR-US: Apros Evolution, ConsciusMap, and Furukawa CVE-2020-12132 (Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS ...) NOT-FOR-US: Fifthplay CVE-2020-12131 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parame ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12130 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parame ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder para ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...) NOT-FOR-US: DONG JOO CHO File Transfer iFamily CVE-2020-12127 RESERVED CVE-2020-12126 RESERVED CVE-2020-12125 RESERVED CVE-2020-12124 RESERVED CVE-2020-12123 RESERVED CVE-2020-12122 RESERVED CVE-2020-12121 RESERVED CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...) NOT-FOR-US: PrestaShop CVE-2020-12119 RESERVED CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...) NOT-FOR-US: Binance tss-lib CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allo ...) NOT-FOR-US: Moxa CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Released bu ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-12115 RESERVED CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...) - linux 5.3.7-1 NOTE: https://www.openwall.com/lists/oss-security/2020/05/04/2 CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...) NOT-FOR-US: BigBlueButton CVE-2020-12112 (BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive ...) NOT-FOR-US: BigBlueButton CVE-2020-12111 (Certain TP-Link devices allow Command Injection. This affects NC260 1. ...) NOT-FOR-US: TP-Link CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This affects ...) NOT-FOR-US: TP-Link CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...) NOT-FOR-US: TP-Link CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...) {DLA-2204-1} - mailman NOTE: https://bugs.launchpad.net/mailman/+bug/1873722 CVE-2020-12107 RESERVED CVE-2020-12106 RESERVED CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...) - openconnect (unimportant; bug #959428) [jessie] - openconnect (Vulnerable code introduced later) NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96 NOTE: Only an issue if building with OpenSSL, where Debian binary packages use NOTE: GnuTLS. CVE-2020-12104 (The Import feature in the wp-advanced-search plugin 3.3.6 for WordPres ...) NOT-FOR-US: Import feature in the wp-advanced-search plugin for WordPress CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file b ...) NOT-FOR-US: Tiny File Manager CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in ...) NOT-FOR-US: Tiny File Manager CVE-2020-12101 (The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remo ...) NOT-FOR-US: xt:Commerce CVE-2020-12100 RESERVED CVE-2020-12099 RESERVED CVE-2020-12098 RESERVED CVE-2020-12097 RESERVED CVE-2020-12096 RESERVED CVE-2020-12095 RESERVED CVE-2020-12094 RESERVED CVE-2020-12093 RESERVED CVE-2020-12092 RESERVED CVE-2020-12091 RESERVED CVE-2020-12090 RESERVED CVE-2020-12089 RESERVED CVE-2020-12088 RESERVED CVE-2020-12087 RESERVED CVE-2020-12086 RESERVED CVE-2020-12085 RESERVED CVE-2020-12084 RESERVED CVE-2020-12083 RESERVED CVE-2020-12082 RESERVED CVE-2020-12081 RESERVED CVE-2020-12080 RESERVED CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...) {DSA-4664-1 DLA-2200-1} - mailman (bug #958930) NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/2 NOTE: http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1801 CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system access an ...) NOT-FOR-US: Beaker browser, different from src:beaker CVE-2020-12078 (An issue was discovered in Open-AudIT 3.3.1. There is shell metacharac ...) NOT-FOR-US: Open-AudIT CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPr ...) NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress CVE-2020-12075 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress CVE-2020-12074 (The users-customers-import-export-for-wp-woocommerce plugin before 1.3 ...) NOT-FOR-US: users-customers-import-export-for-wp-woocommerce plugin for WordPress CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect ...) NOT-FOR-US: responsive-add-ons plugin for WordPress CVE-2020-12072 RESERVED CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post content. ...) NOT-FOR-US: Anchor CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpress suff ...) NOT-FOR-US: Advanced Woo Search plugin for WordPress CVE-2020-12069 RESERVED CVE-2020-12068 (An issue was discovered in CODESYS Development System before 3.5.16.0. ...) NOT-FOR-US: CODESYS CVE-2020-12067 RESERVED CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...) - teeworlds [jessie] - teeworlds (Not supported in jessie LTS) NOTE: https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5 NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=14785 CVE-2020-12065 RESERVED CVE-2020-12064 RESERVED CVE-2020-12063 (** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attac ...) NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/3 NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/12 NOTE: Not considered a Postfix vulnerability and scope is outside of the design goals CVE-2020-12062 RESERVED CVE-2020-12061 RESERVED CVE-2020-12060 RESERVED CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...) - ceph 14.2.4-1 [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/44967 NOTE: Introduced with: https://github.com/ceph/ceph/commit/5fb068114bb3da2f8fabea89160a8453f861dc96 (v12.1.1) NOTE: Fixed by: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3 (v13.2.10) NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing. CVE-2020-12058 RESERVED CVE-2020-12057 RESERVED CVE-2020-12056 RESERVED CVE-2020-12055 RESERVED CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflecte ...) NOT-FOR-US: Catch Breadcrumb plugin for WordPress CVE-2020-12053 RESERVED CVE-2020-12052 (Grafana version < 6.7.3 is vulnerable for annotation popup XSS. ...) - grafana CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows remote ...) NOT-FOR-US: MediaWiki extension CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.99 ...) - sqliteodbc (unimportant) NOTE: The issue is located in the *.spec files used for rpm packaging using insecurely NOTE: /tmp/sqliteodbc$$. Debian packaging maintainer scripts do not suffer from same NOTE: issue. CVE-2020-12049 RESERVED CVE-2020-12048 RESERVED CVE-2020-12047 RESERVED CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmwar ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-12045 RESERVED CVE-2020-12044 RESERVED CVE-2020-12043 RESERVED CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-12041 RESERVED CVE-2020-12040 RESERVED CVE-2020-12039 RESERVED CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...) NOT-FOR-US: Rockwell Automation CVE-2020-12037 RESERVED CVE-2020-12036 RESERVED CVE-2020-12035 RESERVED CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...) NOT-FOR-US: Rockwell Automation CVE-2020-12033 RESERVED CVE-2020-12032 RESERVED CVE-2020-12031 RESERVED CVE-2020-12030 RESERVED CVE-2020-12029 RESERVED CVE-2020-12028 RESERVED CVE-2020-12027 RESERVED CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12025 RESERVED CVE-2020-12024 RESERVED CVE-2020-12023 RESERVED CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12021 RESERVED CVE-2020-12020 RESERVED CVE-2020-12019 RESERVED CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An o ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12017 RESERVED CVE-2020-12016 RESERVED CVE-2020-12015 RESERVED CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12013 RESERVED CVE-2020-12012 RESERVED CVE-2020-12011 RESERVED CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12009 RESERVED CVE-2020-12008 RESERVED CVE-2020-12007 RESERVED CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12005 RESERVED CVE-2020-12004 RESERVED CVE-2020-12003 RESERVED CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12001 RESERVED CVE-2020-12000 RESERVED CVE-2020-11999 RESERVED CVE-2020-11998 RESERVED CVE-2020-11997 RESERVED CVE-2020-11996 RESERVED CVE-2020-11995 RESERVED CVE-2020-11994 RESERVED CVE-2020-11993 RESERVED CVE-2020-11992 RESERVED CVE-2020-11991 RESERVED CVE-2020-11990 RESERVED CVE-2020-11989 RESERVED CVE-2020-11988 RESERVED CVE-2020-11987 RESERVED CVE-2020-11986 RESERVED CVE-2020-11985 RESERVED CVE-2020-11984 RESERVED CVE-2020-11983 RESERVED CVE-2020-11982 RESERVED CVE-2020-11981 RESERVED CVE-2020-11980 RESERVED CVE-2020-11979 RESERVED CVE-2020-11978 RESERVED CVE-2020-11977 RESERVED CVE-2020-11976 RESERVED CVE-2020-11975 RESERVED CVE-2020-11974 RESERVED CVE-2020-11973 (Apache Camel Netty enables Java deserialization by default. Apache Cam ...) NOT-FOR-US: Apache Camel CVE-2020-11972 (Apache Camel RabbitMQ enables Java deserialization by default. Apache ...) NOT-FOR-US: Apache Camel CVE-2020-11971 (Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, ...) NOT-FOR-US: Apache Camel CVE-2020-11970 RESERVED CVE-2020-11969 RESERVED CVE-2020-11968 (In the web-panel in IQrouter through 3.3.1, remote attackers can read ...) NOT-FOR-US: IQrouter CVE-2020-11967 (In IQrouter through 3.3.1, remote attackers can control the device (re ...) NOT-FOR-US: IQrouter CVE-2020-11966 (In IQrouter through 3.3.1, the Lua function reset_password in the web- ...) NOT-FOR-US: IQrouter CVE-2020-11965 (In IQrouter through 3.3.1, there is a root user without a password, wh ...) NOT-FOR-US: IQrouter CVE-2020-11964 (In IQrouter through 3.3.1, the Lua function diag_set_password in the w ...) NOT-FOR-US: IQrouter CVE-2020-11963 (IQrouter through 3.3.1, when unconfigured, has multiple remote code ex ...) NOT-FOR-US: IQrouter CVE-2020-11962 RESERVED CVE-2020-11961 RESERVED CVE-2020-11960 RESERVED CVE-2020-11959 RESERVED CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/sc ...) - re2c [buster] - re2c (Vulnerability introduced later) [stretch] - re2c (Vulnerability introduced later) [jessie] - re2c (Vulnerability introduced later) NOTE: http://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/ NOTE: Logical error introduced in: https://github.com/skvadrik/re2c/commit/2f3e597abce36fb7f41413373308b7f13fc98181 (1.2) NOTE: Vulnerability introduced in: https://github.com/skvadrik/re2c/commit/1edd26a35457c5835afd58b8fa8330d33e7a1192 (1.2) NOTE: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a#commitcomment-38652070 NOTE: Fixed by: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a CVE-2020-11957 RESERVED CVE-2020-11956 RESERVED CVE-2020-11955 RESERVED CVE-2020-11954 RESERVED CVE-2020-11953 RESERVED CVE-2020-11952 RESERVED CVE-2020-11951 RESERVED CVE-2020-11950 RESERVED CVE-2020-11949 RESERVED CVE-2020-11948 RESERVED CVE-2020-11947 RESERVED CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker can r ...) {DSA-4682-1} - squid 4.11-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_4.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch CVE-2020-11944 (Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call_ ...) NOT-FOR-US: bitcoin-abe CVE-2020-11943 (An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file u ...) NOT-FOR-US: Open-AudIT CVE-2020-11942 (An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL In ...) NOT-FOR-US: Open-AudIT CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...) NOT-FOR-US: Open-AudIT CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...) - ndpi [buster] - ndpi (Introduced in 3.0) [stretch] - ndpi (Introduced in 3.0) [jessie] - ndpi (Introduced in 3.0) NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435 NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...) - ndpi [buster] - ndpi (Introduced in 3.0) [stretch] - ndpi (Introduced in 3.0) [jessie] - ndpi (Introduced in 3.0) NOTE: https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202 NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11937 RESERVED CVE-2020-11936 RESERVED CVE-2020-11935 RESERVED CVE-2020-11934 RESERVED CVE-2020-11933 RESERVED CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server logge ...) NOT-FOR-US: Subiquity installer for Ubuntu CVE-2020-11931 (An Ubuntu-specific modification to Pulseaudio to provide security medi ...) NOT-FOR-US: Ubuntu snap packaging of Pulseaudio CVE-2020-11930 (The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS vi ...) NOT-FOR-US: GTranslate plugin for WordPress CVE-2020-11929 RESERVED CVE-2020-11928 (In the media-library-assistant plugin before 2.82 for WordPress, Remot ...) NOT-FOR-US: media-library-assistant plugin for WordPress CVE-2020-11927 RESERVED CVE-2020-11926 RESERVED CVE-2020-11925 RESERVED CVE-2020-11924 RESERVED CVE-2020-11923 RESERVED CVE-2020-11922 RESERVED CVE-2020-11921 RESERVED CVE-2020-11920 RESERVED CVE-2020-11919 RESERVED CVE-2020-11918 RESERVED CVE-2020-11917 RESERVED CVE-2020-11916 RESERVED CVE-2020-11915 RESERVED CVE-2020-11914 RESERVED CVE-2020-11913 RESERVED CVE-2020-11912 RESERVED CVE-2020-11911 RESERVED CVE-2020-11910 RESERVED CVE-2020-11909 RESERVED CVE-2020-11908 RESERVED CVE-2020-11907 RESERVED CVE-2020-11906 RESERVED CVE-2020-11905 RESERVED CVE-2020-11904 RESERVED CVE-2020-11903 RESERVED CVE-2020-11902 RESERVED CVE-2020-11901 RESERVED CVE-2020-11900 RESERVED CVE-2020-11899 RESERVED CVE-2020-11898 RESERVED CVE-2020-11897 RESERVED CVE-2020-11896 RESERVED CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) i ...) - ming NOTE: https://github.com/libming/libming/issues/197 CVE-2020-11894 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) i ...) - ming NOTE: https://github.com/libming/libming/issues/196 CVE-2020-11893 RESERVED CVE-2020-11892 RESERVED CVE-2020-11891 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...) NOT-FOR-US: Joomla! CVE-2020-11890 (An issue was discovered in Joomla! before 3.9.17. Improper input valid ...) NOT-FOR-US: Joomla! CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...) NOT-FOR-US: Joomla! CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...) - python-markdown2 (bug #959445) [buster] - python-markdown2 (Minor issue) NOTE: https://github.com/trentm/python-markdown2/issues/348 CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...) NOT-FOR-US: svg2png CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...) NOT-FOR-US: OpenNMS CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...) NOT-FOR-US: WSO2 Enterprise Integrator CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code execution ...) {DSA-4667-1} - linux 5.6.7-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/316ec154810960052d4586b634156c54d0778f74 CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...) NOT-FOR-US: Divante vue-storefront-api CVE-2020-11882 RESERVED CVE-2020-11881 RESERVED CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...) - kmail (bug #958054) [buster] - kmail (Minor issue) - kdepim [stretch] - kdepim (Minor issue) [jessie] - kdepim (Minor issue) NOTE: https://cgit.kde.org/kmail.git/commit/?id=2a348eccd352260f192d9b449492071bbf2b34b1 CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...) - evolution 3.36.0-1 [buster] - evolution (Minor issue) [stretch] - evolution (Minor issue) [jessie] - evolution (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/784 NOTE: https://gitlab.gnome.org/GNOME/evolution/-/commit/6489f20d6905cc797e2b2581c415e558c457caa7 CVE-2020-11878 (The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4 ...) - jitsi-meet (bug #760485) CVE-2020-11877 (** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses 342 ...) NOT-FOR-US: Zoom Client for Meetings CVE-2020-11876 (** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses the ...) NOT-FOR-US: Zoom Client for Meetings CVE-2020-11875 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-11874 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication ...) NOT-FOR-US: OpenTrace CVE-2020-11871 RESERVED CVE-2020-11870 RESERVED CVE-2020-11869 (An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way i ...) - qemu 1:5.0-1 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/2 CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-pat ...) {DLA-2201-1} - ntp 1:4.2.8p14+dfsg-1 [buster] - ntp (Minor issue) [stretch] - ntp (Minor issue) - ntpsec (Doesn't affect ntpsec per upstream, #958027) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3592 NOTE: http://bugs.ntp.org/3592 NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5df73278nIf5dNbaR_vTeCY43_h7Vg NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5deb5269ieF1tee6Mp3UJyZOk8DB-Q NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1716665 NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651 CVE-2020-11867 RESERVED CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-aft ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11865 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bo ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11864 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11862 RESERVED CVE-2020-11861 RESERVED CVE-2020-11860 RESERVED CVE-2020-11859 RESERVED CVE-2020-11858 RESERVED CVE-2020-11857 RESERVED CVE-2020-11856 RESERVED CVE-2020-11855 RESERVED CVE-2020-11854 RESERVED CVE-2020-11853 RESERVED CVE-2020-11852 RESERVED CVE-2020-11851 RESERVED CVE-2020-11850 RESERVED CVE-2020-11849 RESERVED CVE-2020-11848 RESERVED CVE-2020-11847 RESERVED CVE-2020-11846 RESERVED CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...) NOT-FOR-US: Micro Focus CVE-2020-11844 RESERVED CVE-2020-11843 RESERVED CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...) NOT-FOR-US: Micro Focus CVE-2020-11841 RESERVED CVE-2020-11840 RESERVED CVE-2020-11839 RESERVED CVE-2020-11838 RESERVED CVE-2020-11837 RESERVED CVE-2020-11836 RESERVED CVE-2020-11835 RESERVED CVE-2020-11834 RESERVED CVE-2020-11833 RESERVED CVE-2020-11832 RESERVED CVE-2020-11831 RESERVED CVE-2020-11830 RESERVED CVE-2020-11829 RESERVED CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...) NOT-FOR-US: ColorOS CVE-2020-11827 RESERVED CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...) NOT-FOR-US: Memono CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...) - dolibarr CVE-2020-11824 RESERVED CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored ...) - dolibarr CVE-2020-11822 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the appli ...) NOT-FOR-US: Rukovoditel CVE-2020-11821 (In Rukovoditel 2.5.2, users' passwords and usernames are stored in a c ...) NOT-FOR-US: Rukovoditel CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file lo ...) NOT-FOR-US: Rukovoditel CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF at ...) NOT-FOR-US: Rukovoditel CVE-2020-11817 (In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the s ...) NOT-FOR-US: Rukovoditel CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to the serve ...) NOT-FOR-US: Rukovoditel CVE-2020-11814 (A Host Header Injection vulnerability in qdPM 9.1 may allow an attacke ...) NOT-FOR-US: qdPM CVE-2020-11813 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the confi ...) NOT-FOR-US: Rukovoditel CVE-2020-11812 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to the serve ...) NOT-FOR-US: qdPM CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...) - openvpn 2.4.9-1 (low) [buster] - openvpn (Minor issue) [stretch] - openvpn (Minor issue) [jessie] - openvpn (Minor issue) NOTE: https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab CVE-2020-11809 RESERVED CVE-2020-11808 RESERVED CVE-2020-11807 (Because of Unrestricted Upload of a File with a Dangerous Type, Source ...) NOT-FOR-US: Sourcefabric Newscoop CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...) NOT-FOR-US: MailStore Outlook Add-in CVE-2020-11805 RESERVED CVE-2020-11804 RESERVED CVE-2020-11803 RESERVED CVE-2020-11802 RESERVED CVE-2020-11801 RESERVED CVE-2020-11800 RESERVED CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...) NOT-FOR-US: Z-Cron CVE-2020-11798 RESERVED CVE-2020-11797 RESERVED CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...) NOT-FOR-US: JetBrains Space CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was ...) NOT-FOR-US: JetBrains Space CVE-2020-11794 RESERVED CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKi ...) {DSA-4658-1} - webkit2gtk 2.28.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.1-1 NOTE: https://webkitgtk.org/security/WSA-2020-0004.html CVE-2020-11792 (NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are ...) NOT-FOR-US: Netgear CVE-2020-11791 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS ...) NOT-FOR-US: Netgear CVE-2020-11790 (NETGEAR R7800 devices before 1.0.2.68 are affected by remote code exec ...) NOT-FOR-US: Netgear CVE-2020-11789 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2020-11788 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2020-11787 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11786 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11785 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11784 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11783 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11782 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11781 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11780 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11779 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11778 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11777 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11776 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11775 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11774 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11773 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11772 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11771 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11770 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-11769 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11768 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. I ...) NOT-FOR-US: itsio CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web I ...) TODO: check CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...) [experimental] - openexr 2.5.0-1 - openexr (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) [experimental] - openexr 2.5.0-1 - openexr (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2 CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...) [experimental] - openexr 2.5.0-1 - openexr (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 TODO: check fixing commit CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) [experimental] - openexr 2.5.0-1 - openexr (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) [experimental] - openexr 2.5.0-1 - openexr (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09 CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) [experimental] - openexr 2.5.0-1 - openexr (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3 CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...) [experimental] - openexr 2.5.0-1 - openexr (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f TODO: check completeness for upstream commits to cover CVE-2020-11759 CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) [experimental] - openexr 2.5.0-1 - openexr (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 TODO: check isolated commit to fix issue CVE-2020-11757 RESERVED CVE-2020-11756 RESERVED CVE-2020-11755 RESERVED CVE-2020-11754 RESERVED CVE-2020-11753 (An issue was discovered in Sonatype Nexus Repository Manager in versio ...) NOT-FOR-US: Sonatype CVE-2020-11752 RESERVED CVE-2020-11751 RESERVED CVE-2020-11750 RESERVED CVE-2020-11749 RESERVED CVE-2020-11748 RESERVED CVE-2020-11747 REJECTED CVE-2020-11746 RESERVED CVE-2020-11745 RESERVED CVE-2020-11744 RESERVED CVE-2020-11743 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) - xen [buster] - xen (Can be fixed along in future Xen DSA) [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-316.html CVE-2020-11742 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) - xen [buster] - xen (Can be fixed along in future Xen DSA) [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-318.html CVE-2020-11741 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...) - xen [buster] - xen (Can be fixed along in future Xen DSA) [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-313.html CVE-2020-11740 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...) - xen [buster] - xen (Can be fixed along in future Xen DSA) [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-313.html CVE-2020-11739 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) - xen [buster] - xen (Can be fixed along in future Xen DSA) [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-314.html CVE-2020-11738 (The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Dupl ...) NOT-FOR-US: Snap Creek Duplicator plugin for WordPress CVE-2020-11737 (A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 ...) NOT-FOR-US: Zimbra CVE-2020-11735 RESERVED CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...) {DLA-2180-1} - file-roller 3.36.2-1 (bug #956638) NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...) NOT-FOR-US: CyberSolutions CyberMail CVE-2020-11733 RESERVED CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2020-11730 RESERVED CVE-2020-11729 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...) {DSA-4660-1 DLA-2178-1} - awl 0.61-1 (bug #956650) NOTE: https://gitlab.com/davical-project/awl/-/issues/18 NOTE: https://gitlab.com/davical-project/awl/-/commit/535505c9acd0dda9cf664c38f5f8cb8dd61dc0cd CVE-2020-11728 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...) {DSA-4660-1 DLA-2178-1} - awl 0.61-1 (bug #956650) NOTE: https://gitlab.com/davical-project/awl/-/issues/19 NOTE: https://gitlab.com/davical-project/awl/-/commit/c2e808cc2420f8d870ac0a4aa9cc1f2c90562428 CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced O ...) NOT-FOR-US: AlgolPlus CVE-2020-11726 RESERVED CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...) - nginx NOTE: Patch: https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch TODO: check details (patch applies to src:ngnix, but check if issue is specific to OpenResty before 1.15.8.4) CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux k ...) - linux NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400 CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys ...) NOT-FOR-US: Cellebrite UFED CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) - crawl (bug #958232) [buster] - crawl (Minor issue) [stretch] - crawl (Minor issue) [jessie] - crawl (Minor issue) NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04 NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28 CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...) - libsixel (low) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/134 CVE-2020-11720 RESERVED CVE-2020-11719 RESERVED CVE-2020-11718 RESERVED CVE-2020-11717 RESERVED CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices throu ...) NOT-FOR-US: Panasonic CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access Control ...) NOT-FOR-US: Panasonic CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...) NOT-FOR-US: eten PSG-6528VM 1.1 devices CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...) - wolfssl 4.4.0+dfsg-1 (bug #960190) NOTE: https://github.com/wolfSSL/wolfssl/pull/2894/ CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and the fi ...) NOT-FOR-US: Open Upload CVE-2020-11711 RESERVED CVE-2020-11710 (** DISPUTED ** An issue was discovered in docker-kong (for Kong) throu ...) NOT-FOR-US: docker-kong CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...) - chromium [stretch] - chromium (see DSA 4562) NOTE: Chromium embeds cpp-httplib NOTE: https://github.com/yhirose/cpp-httplib/issues/425 CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11707 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11706 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11705 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11704 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11703 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11702 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11700 RESERVED CVE-2020-11699 RESERVED CVE-2020-11698 RESERVED CVE-2020-11697 RESERVED CVE-2020-11696 RESERVED CVE-2020-11695 RESERVED CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarizatio ...) - pycharm (bug #742394) CVE-2020-11693 (JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-11692 (In JetBrains YouTrack before 2020.1.659, DB export was accessible to r ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAut ...) NOT-FOR-US: JetBrains Hub CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server could be ...) - intellij-idea (bug #747616) CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without appropriate perm ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state is kept a ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11687 (In JetBrains TeamCity before 2019.2.2, password values were shown in a ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator was abl ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was accesse ...) NOT-FOR-US: JetBrains GoLand CVE-2020-11684 RESERVED CVE-2020-11683 RESERVED CVE-2020-11682 RESERVED CVE-2020-11681 RESERVED CVE-2020-11680 RESERVED CVE-2020-11679 RESERVED CVE-2020-11678 RESERVED CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). ...) NOT-FOR-US: Cerner medico CVE-2020-11676 (Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3). ...) NOT-FOR-US: Cerner medico CVE-2020-11675 (Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3). ...) NOT-FOR-US: Cerner medico CVE-2020-11674 (Cerner medico 26.00 allows variable reuse, possibly causing data corru ...) NOT-FOR-US: Cerner medico CVE-2020-11673 (An issue was discovered in the Responsive Poll through 1.3.4 for Wordp ...) NOT-FOR-US: Responsive Poll for WordPress CVE-2020-11672 RESERVED CVE-2020-11671 (Lack of authorization controls in REST API functions in TeamPass throu ...) - teampass (bug #730180) CVE-2020-11670 RESERVED CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the powerpc ...) - linux 5.2.6-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerability introduced later with support for KVM guests on POWER9) [jessie] - linux (Vulnerability introduced later with support for KVM guests on POWER9) NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0 NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1 CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 CVE-2020-11667 RESERVED CVE-2020-11666 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11665 (CA API Developer Portal 4.3.1 and earlier handles loginRedirect page r ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11664 (CA API Developer Portal 4.3.1 and earlier handles homeRedirect page re ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11663 (CA API Developer Portal 4.3.1 and earlier handles 404 requests in an i ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11662 (CA API Developer Portal 4.3.1 and earlier handles requests insecurely, ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11661 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11660 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11659 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11658 (CA API Developer Portal 4.3.1 and earlier handles shared secret keys i ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11657 RESERVED CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) - sqlite3 (unimportant) NOTE: https://www.sqlite.org/cgi/src/tktview?name=4722bdab08cb14 NOTE: https://www.sqlite.org/src/info/d09f8c3621d5f7f8 NOTE: https://www.sqlite.org/src/info/b64674919f673602 NOTE: Negliglible security impact (and uncovered in DEBUG build) CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) {DLA-2203-1} - sqlite3 3.31.1-5 [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Minor issue) NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11 CVE-2020-11654 RESERVED CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...) - varnish 6.4.0-1 (bug #956307) [stretch] - varnish (Only affects 6.x) [jessie] - varnish (Only affects 6.x) NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005 NOTE: https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62 CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...) {DSA-4676-2 DSA-4676-1} - salt 3000.2+dfsg1-1 (bug #959684) NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst NOTE: Fixed by: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...) {DSA-4676-2 DSA-4676-1} - salt 3000.2+dfsg1-1 (bug #959684) NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7 NOTE: Followup needed: https://github.com/saltstack/salt/commit/78172bf647473d5c1c2720e72fc12d6f2314d583 NOTE: There is a typo in the whitelisted methods on AESFuncs: NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue NOTE: Regression bugreport: https://github.com/saltstack/salt/issues/57016 NOTE: https://github.com/saltstack/salt/issues/57027 CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...) NOT-FOR-US: FreeNAS CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...) - gitlab NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) - wireshark 3.2.3-1 (low; bug #958213) [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Minor, can be fixed along in a future update) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html CVE-2020-11646 RESERVED CVE-2020-11645 RESERVED CVE-2020-11644 RESERVED CVE-2020-11643 RESERVED CVE-2020-11642 RESERVED CVE-2020-11641 RESERVED CVE-2020-11640 RESERVED CVE-2020-11639 RESERVED CVE-2020-11638 RESERVED CVE-2020-11637 RESERVED CVE-2020-11636 RESERVED CVE-2020-11635 RESERVED CVE-2020-11634 RESERVED CVE-2020-11633 RESERVED CVE-2020-11632 RESERVED CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11629 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11628 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11627 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11625 RESERVED CVE-2020-11624 RESERVED CVE-2020-11623 RESERVED CVE-2020-11622 RESERVED CVE-2020-11621 RESERVED CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2682 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2680 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11618 RESERVED CVE-2020-11617 RESERVED CVE-2020-11616 RESERVED CVE-2020-11615 RESERVED CVE-2020-11614 RESERVED CVE-2020-11613 RESERVED CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...) - netty 1:4.1.48-1 [jessie] - netty (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API) NOTE: https://github.com/netty/netty/issues/6168 NOTE: https://github.com/netty/netty/pull/9924 NOTE: https://github.com/netty/netty/commit/1543218d3e7afcb33a90b728b14370395a3deca0 CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The buildMess ...) NOT-FOR-US: xdLocalStorage CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...) NOT-FOR-US: xdLocalStorage CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...) - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205 CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...) - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 CVE-2020-11607 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11606 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11605 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11604 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11603 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11602 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11601 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11599 (An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. Ge ...) NOT-FOR-US: CIPPlanner CVE-2020-11598 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upl ...) NOT-FOR-US: CIPPlanner CVE-2020-11597 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11596 (A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Bu ...) NOT-FOR-US: CIPPlanner CVE-2020-11595 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11594 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11593 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11592 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11591 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11590 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11589 (An Insecure Direct Object Reference issue was discovered in CIPPlanner ...) NOT-FOR-US: CIPPlanner CVE-2020-11588 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11587 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11586 (An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. ...) NOT-FOR-US: CIPPlanner CVE-2020-11585 (There is an information disclosure issue in DNN (formerly DotNetNuke) ...) NOT-FOR-US: DNN (formerly DotNetNuke) CVE-2020-11584 RESERVED CVE-2020-11583 RESERVED CVE-2020-11582 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11581 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11579 RESERVED CVE-2020-11578 RESERVED CVE-2020-11577 RESERVED CVE-2020-11576 (Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumerat ...) NOT-FOR-US: Argo CVE-2020-11575 RESERVED CVE-2020-11574 RESERVED CVE-2020-11573 RESERVED CVE-2020-11572 RESERVED CVE-2020-11571 RESERVED CVE-2020-11570 RESERVED CVE-2020-11569 RESERVED CVE-2020-11568 RESERVED CVE-2020-11567 RESERVED CVE-2020-11566 RESERVED CVE-2020-11565 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.6 ...) {DSA-4667-1} - linux 5.5.17-1 NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd CVE-2020-11564 RESERVED CVE-2020-11563 RESERVED CVE-2020-11562 RESERVED CVE-2020-11561 (In NCH Express Invoice 7.25, an authenticated low-privilege user can e ...) NOT-FOR-US: NCH Express Invoice CVE-2020-11560 (NCH Express Invoice 7.25 allows local users to discover the cleartext ...) NOT-FOR-US: NCH Express Invoice CVE-2020-11559 RESERVED CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...) - gpac [jessie] - gpac (Vulnerable code not present and not reproducible) NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c NOTE: https://github.com/gpac/gpac/issues/1440 TODO: check CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11555 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11554 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11552 RESERVED CVE-2020-11551 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11550 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11549 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...) NOT-FOR-US: Search Meter plugin for WordPress CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-11546 RESERVED CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to multiple ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with the pa ...) NOT-FOR-US: OpsRamp Gateway CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices CVE-2020-11541 (In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE ...) NOT-FOR-US: TechSmith SnagIt CVE-2020-11540 RESERVED CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It ...) NOT-FOR-US: Tata Sonata Smart SF Rush 1.12 devices CVE-2020-11538 RESERVED CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11536 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11535 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11534 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...) NOT-FOR-US: Ivanti Workspace Control CVE-2020-11532 (Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin ...) NOT-FOR-US: Zoho ManageEngine DataSecurity Plus CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine DataSecur ...) NOT-FOR-US: Zoho ManageEngine DataSecurity Plus CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider 3, a Wor ...) NOT-FOR-US: Chop Slider 3 WordPress plugin CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect. ...) NOT-FOR-US: Grav CMS CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) ...) NOT-FOR-US: bit2spr CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...) NOT-FOR-US: Zoho CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012 CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-r ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2. ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820 CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42 NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out- ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845 CVE-2020-11520 RESERVED CVE-2020-11519 RESERVED CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticate ...) NOT-FOR-US: Zoho CVE-2020-11517 RESERVED CVE-2020-11516 (Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for W ...) NOT-FOR-US: Contact Form 7 Datepicker plugin for WordPress CVE-2020-11515 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) NOT-FOR-US: Rank Math plugin for WordPress CVE-2020-11514 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) NOT-FOR-US: Rank Math plugin for WordPress CVE-2020-11513 RESERVED CVE-2020-11512 (Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 ...) NOT-FOR-US: IMPress for IDX Broker WordPress plugin CVE-2020-11511 RESERVED CVE-2020-11510 RESERVED CVE-2020-11509 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) NOT-FOR-US: WP Lead Plus X plugin for WordPress CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) NOT-FOR-US: WP Lead Plus X plugin for WordPress CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0. ...) NOT-FOR-US: Malwarebytes AdwCleaner CVE-2020-11506 (An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A W ...) - gitlab NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11505 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) - gitlab (Only affects GitLab EE 12.8.0 and later) NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11504 RESERVED CVE-2020-11503 RESERVED CVE-2020-11502 RESERVED CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...) NOT-FOR-US: Zoom CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when upd ...) NOT-FOR-US: Firmware Analysis and Comparison Tool CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...) NOT-FOR-US: Slack Nebula CVE-2020-11497 RESERVED CVE-2020-11496 RESERVED CVE-2020-11495 REJECTED CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...) - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ CVE-2020-11493 RESERVED CVE-2020-11492 RESERVED CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11489 RESERVED CVE-2020-11488 RESERVED CVE-2020-11487 RESERVED CVE-2020-11486 RESERVED CVE-2020-11485 RESERVED CVE-2020-11484 RESERVED CVE-2020-11483 RESERVED CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...) {DSA-4652-1} - gnutls28 3.6.13-2 (bug #955556) [stretch] - gnutls28 (Vulnerable code introduced later) [jessie] - gnutls28 (Vulnerable code introduced later) NOTE: https://gitlab.com/gnutls/gnutls/-/issues/960 NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/c01011c2d8533dbbbe754e49e256c109cb848d0d (3.6.13) NOTE: Broken-by: https://gitlab.com/gnutls/gnutls/-/commit/bcf4de0371efbdf0846388e2df0cb14b5db09954 (gnutls_3_6_3) CVE-2020-11482 RESERVED CVE-2020-11481 RESERVED CVE-2020-11480 RESERVED CVE-2020-11479 RESERVED CVE-2020-11478 RESERVED CVE-2020-11477 RESERVED CVE-2020-11476 RESERVED CVE-2020-11475 RESERVED CVE-2020-11474 RESERVED CVE-2020-11473 RESERVED CVE-2020-11472 RESERVED CVE-2020-11471 RESERVED CVE-2020-11470 (Zoom Client for Meetings through 4.6.8 on macOS has the disable-librar ...) NOT-FOR-US: Zoom CVE-2020-11469 (Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to ...) NOT-FOR-US: Zoom CVE-2020-11468 RESERVED CVE-2020-11467 (An issue was discovered in Deskpro before 2019.8.0. This product enabl ...) NOT-FOR-US: Deskpro CVE-2020-11466 (An issue was discovered in Deskpro before 2019.8.0. The /api/tickets e ...) NOT-FOR-US: Deskpro CVE-2020-11465 (An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* en ...) NOT-FOR-US: Deskpro CVE-2020-11464 (An issue was discovered in Deskpro before 2019.8.0. The /api/people en ...) NOT-FOR-US: Deskpro CVE-2020-11463 (An issue was discovered in Deskpro before 2019.8.0. The /api/email_acc ...) NOT-FOR-US: Deskpro CVE-2020-11462 (An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8. ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-11461 RESERVED CVE-2020-11460 RESERVED CVE-2020-11459 RESERVED CVE-2020-11458 (app/Model/feed.php in MISP before 2.4.124 allows administrators to cho ...) NOT-FOR-US: MISP CVE-2020-11457 (pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php ...) NOT-FOR-US: pfSense CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored XSS in application/views/ad ...) - limesurvey (bug #472802) CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal vulnerabilit ...) - limesurvey (bug #472802) CVE-2020-11454 (Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Contain ...) NOT-FOR-US: Microstrategy Web CVE-2020-11453 (Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in ...) NOT-FOR-US: Microstrategy Web CVE-2020-11452 (Microstrategy Web 10.4 includes functionality to allow users to import ...) NOT-FOR-US: Microstrategy Web CVE-2020-11451 (The Upload Visualization plugin in the Microstrategy Web 10.4 admin pa ...) NOT-FOR-US: Microstrategy Web CVE-2020-11450 (Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture ...) NOT-FOR-US: Microstrategy Web CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices. An atta ...) NOT-FOR-US: Technicolor devices CVE-2020-11448 RESERVED CVE-2020-11447 RESERVED CVE-2020-11446 (ESET Antivirus and Antispyware Module module 1553 through 1560 allows ...) NOT-FOR-US: ESET CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote attackers to byp ...) NOT-FOR-US: TP-Link CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has I ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-11443 (The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to ver ...) NOT-FOR-US: Zoom CVE-2020-11442 RESERVED CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated ...) - phpmyadmin [jessie] - phpmyadmin (The pma_error display code does not exist in this version) NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056 CVE-2020-11440 RESERVED CVE-2020-11439 RESERVED CVE-2020-11438 RESERVED CVE-2020-11437 RESERVED CVE-2020-11436 RESERVED CVE-2020-11435 RESERVED CVE-2020-11434 RESERVED CVE-2020-11433 RESERVED CVE-2020-11432 RESERVED CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to 19.2, HelpD ...) NOT-FOR-US: i-net CVE-2020-11430 RESERVED CVE-2020-11429 RESERVED CVE-2020-11428 RESERVED CVE-2020-11427 RESERVED CVE-2020-11426 RESERVED CVE-2020-11425 RESERVED CVE-2020-11424 RESERVED CVE-2020-11423 RESERVED CVE-2020-11422 RESERVED CVE-2020-11421 RESERVED CVE-2020-11420 (UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker ...) NOT-FOR-US: UPS Adapter CS141 CVE-2020-11419 RESERVED CVE-2020-11418 RESERVED CVE-2020-11417 RESERVED CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. ...) NOT-FOR-US: JetBrains Space CVE-2020-11415 (An issue was discovered in Sonatype Nexus Repository Manager 2.x befor ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...) NOT-FOR-US: Progress Telerik UI CVE-2020-11413 RESERVED CVE-2020-11412 RESERVED CVE-2020-11411 RESERVED CVE-2020-11410 RESERVED CVE-2020-11409 RESERVED CVE-2020-11408 RESERVED CVE-2020-11407 RESERVED CVE-2020-11406 RESERVED CVE-2020-11405 RESERVED CVE-2020-11404 RESERVED CVE-2020-11403 RESERVED CVE-2020-11402 RESERVED CVE-2020-11401 RESERVED CVE-2020-11400 RESERVED CVE-2020-11399 RESERVED CVE-2020-11398 RESERVED CVE-2020-11397 RESERVED CVE-2020-11396 RESERVED CVE-2020-11395 RESERVED CVE-2020-11394 RESERVED CVE-2020-11393 RESERVED CVE-2020-11392 RESERVED CVE-2020-11391 RESERVED CVE-2020-11390 RESERVED CVE-2020-11389 RESERVED CVE-2020-11388 RESERVED CVE-2020-11387 RESERVED CVE-2020-11386 RESERVED CVE-2020-11385 RESERVED CVE-2020-11384 RESERVED CVE-2020-11383 RESERVED CVE-2020-11382 RESERVED CVE-2020-11381 RESERVED CVE-2020-11380 RESERVED CVE-2020-11379 RESERVED CVE-2020-11378 RESERVED CVE-2020-11377 RESERVED CVE-2020-11376 RESERVED CVE-2020-11375 RESERVED CVE-2020-11374 RESERVED CVE-2020-11373 RESERVED CVE-2020-11372 RESERVED CVE-2020-11371 RESERVED CVE-2020-11370 RESERVED CVE-2020-11369 RESERVED CVE-2020-11368 RESERVED CVE-2020-11367 RESERVED CVE-2020-11366 RESERVED CVE-2020-11365 RESERVED CVE-2020-11364 RESERVED CVE-2020-11363 RESERVED CVE-2020-11362 RESERVED CVE-2020-11361 RESERVED CVE-2020-11360 RESERVED CVE-2020-11359 RESERVED CVE-2020-11358 RESERVED CVE-2020-11357 RESERVED CVE-2020-11356 RESERVED CVE-2020-11355 RESERVED CVE-2020-11354 RESERVED CVE-2020-11353 RESERVED CVE-2020-11352 RESERVED CVE-2020-11351 RESERVED CVE-2020-11350 RESERVED CVE-2020-11349 RESERVED CVE-2020-11348 RESERVED CVE-2020-11347 RESERVED CVE-2020-11346 RESERVED CVE-2020-11345 RESERVED CVE-2020-11344 RESERVED CVE-2020-11343 RESERVED CVE-2020-11342 RESERVED CVE-2020-11341 RESERVED CVE-2020-11340 RESERVED CVE-2020-11339 RESERVED CVE-2020-11338 RESERVED CVE-2020-11337 RESERVED CVE-2020-11336 RESERVED CVE-2020-11335 RESERVED CVE-2020-11334 RESERVED CVE-2020-11333 RESERVED CVE-2020-11332 RESERVED CVE-2020-11331 RESERVED CVE-2020-11330 RESERVED CVE-2020-11329 RESERVED CVE-2020-11328 RESERVED CVE-2020-11327 RESERVED CVE-2020-11326 RESERVED CVE-2020-11325 RESERVED CVE-2020-11324 RESERVED CVE-2020-11323 RESERVED CVE-2020-11322 RESERVED CVE-2020-11321 RESERVED CVE-2020-11320 RESERVED CVE-2020-11319 RESERVED CVE-2020-11318 RESERVED CVE-2020-11317 RESERVED CVE-2020-11316 RESERVED CVE-2020-11315 RESERVED CVE-2020-11314 RESERVED CVE-2020-11313 RESERVED CVE-2020-11312 RESERVED CVE-2020-11311 RESERVED CVE-2020-11310 RESERVED CVE-2020-11309 RESERVED CVE-2020-11308 RESERVED CVE-2020-11307 RESERVED CVE-2020-11306 RESERVED CVE-2020-11305 RESERVED CVE-2020-11304 RESERVED CVE-2020-11303 RESERVED CVE-2020-11302 RESERVED CVE-2020-11301 RESERVED CVE-2020-11300 RESERVED CVE-2020-11299 RESERVED CVE-2020-11298 RESERVED CVE-2020-11297 RESERVED CVE-2020-11296 RESERVED CVE-2020-11295 RESERVED CVE-2020-11294 RESERVED CVE-2020-11293 RESERVED CVE-2020-11292 RESERVED CVE-2020-11291 RESERVED CVE-2020-11290 RESERVED CVE-2020-11289 RESERVED CVE-2020-11288 RESERVED CVE-2020-11287 RESERVED CVE-2020-11286 RESERVED CVE-2020-11285 RESERVED CVE-2020-11284 RESERVED CVE-2020-11283 RESERVED CVE-2020-11282 RESERVED CVE-2020-11281 RESERVED CVE-2020-11280 RESERVED CVE-2020-11279 RESERVED CVE-2020-11278 RESERVED CVE-2020-11277 RESERVED CVE-2020-11276 RESERVED CVE-2020-11275 RESERVED CVE-2020-11274 RESERVED CVE-2020-11273 RESERVED CVE-2020-11272 RESERVED CVE-2020-11271 RESERVED CVE-2020-11270 RESERVED CVE-2020-11269 RESERVED CVE-2020-11268 RESERVED CVE-2020-11267 RESERVED CVE-2020-11266 RESERVED CVE-2020-11265 RESERVED CVE-2020-11264 RESERVED CVE-2020-11263 RESERVED CVE-2020-11262 RESERVED CVE-2020-11261 RESERVED CVE-2020-11260 RESERVED CVE-2020-11259 RESERVED CVE-2020-11258 RESERVED CVE-2020-11257 RESERVED CVE-2020-11256 RESERVED CVE-2020-11255 RESERVED CVE-2020-11254 RESERVED CVE-2020-11253 RESERVED CVE-2020-11252 RESERVED CVE-2020-11251 RESERVED CVE-2020-11250 RESERVED CVE-2020-11249 RESERVED CVE-2020-11248 RESERVED CVE-2020-11247 RESERVED CVE-2020-11246 RESERVED CVE-2020-11245 RESERVED CVE-2020-11244 RESERVED CVE-2020-11243 RESERVED CVE-2020-11242 RESERVED CVE-2020-11241 RESERVED CVE-2020-11240 RESERVED CVE-2020-11239 RESERVED CVE-2020-11238 RESERVED CVE-2020-11237 RESERVED CVE-2020-11236 RESERVED CVE-2020-11235 RESERVED CVE-2020-11234 RESERVED CVE-2020-11233 RESERVED CVE-2020-11232 RESERVED CVE-2020-11231 RESERVED CVE-2020-11230 RESERVED CVE-2020-11229 RESERVED CVE-2020-11228 RESERVED CVE-2020-11227 RESERVED CVE-2020-11226 RESERVED CVE-2020-11225 RESERVED CVE-2020-11224 RESERVED CVE-2020-11223 RESERVED CVE-2020-11222 RESERVED CVE-2020-11221 RESERVED CVE-2020-11220 RESERVED CVE-2020-11219 RESERVED CVE-2020-11218 RESERVED CVE-2020-11217 RESERVED CVE-2020-11216 RESERVED CVE-2020-11215 RESERVED CVE-2020-11214 RESERVED CVE-2020-11213 RESERVED CVE-2020-11212 RESERVED CVE-2020-11211 RESERVED CVE-2020-11210 RESERVED CVE-2020-11209 RESERVED CVE-2020-11208 RESERVED CVE-2020-11207 RESERVED CVE-2020-11206 RESERVED CVE-2020-11205 RESERVED CVE-2020-11204 RESERVED CVE-2020-11203 RESERVED CVE-2020-11202 RESERVED CVE-2020-11201 RESERVED CVE-2020-11200 RESERVED CVE-2020-11199 RESERVED CVE-2020-11198 RESERVED CVE-2020-11197 RESERVED CVE-2020-11196 RESERVED CVE-2020-11195 RESERVED CVE-2020-11194 RESERVED CVE-2020-11193 RESERVED CVE-2020-11192 RESERVED CVE-2020-11191 RESERVED CVE-2020-11190 RESERVED CVE-2020-11189 RESERVED CVE-2020-11188 RESERVED CVE-2020-11187 RESERVED CVE-2020-11186 RESERVED CVE-2020-11185 RESERVED CVE-2020-11184 RESERVED CVE-2020-11183 RESERVED CVE-2020-11182 RESERVED CVE-2020-11181 RESERVED CVE-2020-11180 RESERVED CVE-2020-11179 RESERVED CVE-2020-11178 RESERVED CVE-2020-11177 RESERVED CVE-2020-11176 RESERVED CVE-2020-11175 RESERVED CVE-2020-11174 RESERVED CVE-2020-11173 RESERVED CVE-2020-11172 RESERVED CVE-2020-11171 RESERVED CVE-2020-11170 RESERVED CVE-2020-11169 RESERVED CVE-2020-11168 RESERVED CVE-2020-11167 RESERVED CVE-2020-11166 RESERVED CVE-2020-11165 RESERVED CVE-2020-11164 RESERVED CVE-2020-11163 RESERVED CVE-2020-11162 RESERVED CVE-2020-11161 RESERVED CVE-2020-11160 RESERVED CVE-2020-11159 RESERVED CVE-2020-11158 RESERVED CVE-2020-11157 RESERVED CVE-2020-11156 RESERVED CVE-2020-11155 RESERVED CVE-2020-11154 RESERVED CVE-2020-11153 RESERVED CVE-2020-11152 RESERVED CVE-2020-11151 RESERVED CVE-2020-11150 RESERVED CVE-2020-11149 RESERVED CVE-2020-11148 RESERVED CVE-2020-11147 RESERVED CVE-2020-11146 RESERVED CVE-2020-11145 RESERVED CVE-2020-11144 RESERVED CVE-2020-11143 RESERVED CVE-2020-11142 RESERVED CVE-2020-11141 RESERVED CVE-2020-11140 RESERVED CVE-2020-11139 RESERVED CVE-2020-11138 RESERVED CVE-2020-11137 RESERVED CVE-2020-11136 RESERVED CVE-2020-11135 RESERVED CVE-2020-11134 RESERVED CVE-2020-11133 RESERVED CVE-2020-11132 RESERVED CVE-2020-11131 RESERVED CVE-2020-11130 RESERVED CVE-2020-11129 RESERVED CVE-2020-11128 RESERVED CVE-2020-11127 RESERVED CVE-2020-11126 RESERVED CVE-2020-11125 RESERVED CVE-2020-11124 RESERVED CVE-2020-11123 RESERVED CVE-2020-11122 RESERVED CVE-2020-11121 RESERVED CVE-2020-11120 RESERVED CVE-2020-11119 RESERVED CVE-2020-11118 RESERVED CVE-2020-11117 RESERVED CVE-2020-11116 RESERVED CVE-2020-11115 RESERVED CVE-2020-11114 RESERVED CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...) - bubblewrap 0.4.1-1 (low; bug #955441) [buster] - bubblewrap (Introduced in 0.4.0) [stretch] - bubblewrap (Introduced in 0.4.0) NOTE: https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj NOTE: https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240 CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2670 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2666 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2664 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11110 RESERVED CVE-2020-11109 RESERVED CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an authenticated adv ...) NOT-FOR-US: Pi-hole CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , ...) NOT-FOR-US: XAMPP CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) NOT-FOR-US: Responsive Filemanager CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It employs c ...) NOT-FOR-US: USC iLab cereal CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...) NOT-FOR-US: USC iLab cereal CVE-2020-11103 RESERVED CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ...) - qemu 1:4.2-4 (bug #956145) [buster] - qemu (Vulnerable code/Tulip NIC emulator added later) [stretch] - qemu (Vulnerable code/Tulip NIC emulator added later) [jessie] - qemu (Vulnerable code/Tulip NIC emulator added later) - qemu-kvm (Vulnerable code/Tulip NIC emulator added later) NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 (v5.0.0-rc1) CVE-2020-11101 RESERVED CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...) {DSA-4649-1} - haproxy 2.0.13-2 [stretch] - haproxy (Vulnerable code introduced in 1.8) [jessie] - haproxy (Vulnerable code introduced in 1.8) NOTE: https://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=f17f86304f187b0f10ca6a8d46346afd9851a543 CVE-2020-11099 RESERVED CVE-2020-11098 RESERVED CVE-2020-11097 RESERVED CVE-2020-11096 RESERVED CVE-2020-11095 RESERVED CVE-2020-11094 RESERVED CVE-2020-11093 RESERVED CVE-2020-11092 RESERVED CVE-2020-11091 RESERVED CVE-2020-11090 RESERVED CVE-2020-11089 RESERVED CVE-2020-11088 RESERVED CVE-2020-11087 RESERVED CVE-2020-11086 RESERVED CVE-2020-11085 RESERVED CVE-2020-11084 RESERVED CVE-2020-11083 RESERVED CVE-2020-11082 RESERVED CVE-2020-11081 RESERVED CVE-2020-11080 RESERVED CVE-2020-11079 RESERVED CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...) TODO: check CVE-2020-11077 (In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ...) TODO: check CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...) TODO: check CVE-2020-11075 RESERVED CVE-2020-11074 RESERVED CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...) NOT-FOR-US: zsh-autoswitch-virtualenv CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1, users ...) NOT-FOR-US: Node slp-validate CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability w ...) NOT-FOR-US: Node slpjs CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulne ...) NOT-FOR-US: TYPO3 CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...) NOT-FOR-US: TYPO3 CVE-2020-11068 RESERVED CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...) NOT-FOR-US: TYPO3 CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...) NOT-FOR-US: TYPO3 CVE-2020-11065 (In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and ...) NOT-FOR-US: TYPO3 CVE-2020-11064 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...) NOT-FOR-US: TYPO3 CVE-2020-11063 (In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that t ...) NOT-FOR-US: TYPO3 CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11061 RESERVED CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f NOTE: https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11059 RESERVED CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011 CVE-2020-11057 (In XWiki Platform 7.2 through 11.10.2, registered users without script ...) NOT-FOR-US: XWiki CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...) NOT-FOR-US: Sprout Forms CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 0.29.2, the ...) NOT-FOR-US: BookStack CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with certif ...) - qutebrowser 1.11.1.post1-1 (unimportant) NOTE: https://github.com/qutebrowser/qutebrowser/issues/5403 NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j NOTE: Depends on qtwebkit, which is not covered by security support CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...) NOT-FOR-US: OAuth2 Proxy CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...) NOT-FOR-US: Sorcery CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...) NOT-FOR-US: Wiki.js CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Improper Va ...) NOT-FOR-US: Java-WebSocket, different from src:websocket-api CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008 CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007 CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009 CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006 CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005 CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...) - freerdp2 - freerdp (Vulnerable code introduced later) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013 CVE-2020-11043 RESERVED CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...) - freerdp2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010 CVE-2020-11041 RESERVED CVE-2020-11040 RESERVED CVE-2020-11039 RESERVED CVE-2020-11038 RESERVED CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack ...) NOT-FOR-US: Wagtail CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored XSS vul ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3g3h-rwhr-7385 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11035 (In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11034 (In GLPI before version 9.4.6, there is a vulnerability that allows byp ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11033 (In GLPI from version 9.1 and before version 9.4.6, any API user with R ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11032 (In GLPI before version 9.4.6, there is a SQL injection vulnerability f ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11031 RESERVED CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...) - wordpress 5.4.1+dfsg1-1 (bug #959391) [buster] - wordpress (Vulnerable code not present) [stretch] - wordpress (Vulnerable code not present) [jessie] - wordpress (Vulnerable code not present) NOTE: https://core.trac.wordpress.org/changeset/47636 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: Fixed by: https://github.com/WordPress/wordpress-develop/commit/ec05c8b897ef4ae77fc0cba576573e90a726a52f CVE-2020-11029 (In affected versions of WordPress, a vulnerability in the stats() meth ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47637 NOTE: https://github.com/WordPress/wordpress-develop/935ab39e8ee754735a553c74d41270df1164ae56 (master) CVE-2020-11028 (In affected versions of WordPress, some private posts, which were prev ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47635 NOTE: https://github.com/WordPress/wordpress-develop/commit/8e11facb671932a6eefe0e7e4f3d63d39eef55b3 CVE-2020-11027 (In affected versions of WordPress, a password reset link emailed to a ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47634 NOTE: https://github.com/WordPress/wordpress-develop/commit/4354d1fc5cd55a18bc24555b11db201d5eb87e0c (master) CVE-2020-11026 (In affected versions of WordPress, files with a specially crafted name ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2 NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47638 NOTE: https://github.com/WordPress/wordpress-develop/commit/74d6f9613b96a2948f7675513b8b7f8224bfc386 (master) CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS) vulner ...) {DSA-4677-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) [jessie] - wordpress (Vulnerable code not present) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47633 NOTE: https://github.com/WordPress/wordpress-develop/commit/cfb690cb8efaee32d55b10a7771afb0f1f47aab3 CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable ...) NOT-FOR-US: Moonlight iOS/tvOS CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...) - jquery [jessie] - jquery (Vulnerable code note present) - node-jquery 3.5.0+dfsg-2 NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...) - jquery [jessie] - jquery (Vulnerable code note present) - node-jquery 3.5.0+dfsg-2 NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77 CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...) NOT-FOR-US: Actions Http-Client CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...) - ruby-faye (bug #959392) NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5 NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e CVE-2020-11019 RESERVED CVE-2020-11018 RESERVED CVE-2020-11017 RESERVED CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...) NOT-FOR-US: IntelMQ Manager CVE-2020-11015 RESERVED CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token ...) NOT-FOR-US: Electron-Cash-SLP CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from version ...) - helm-kubernetes (bug #910799) CVE-2020-11012 (MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authenticat ...) NOT-FOR-US: MinIO CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability which allow ...) NOT-FOR-US: Phproject CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of S ...) NOT-FOR-US: Tortoise ORM CVE-2020-11009 (In Rundeck before version 3.2.6, authenticated users can craft a reque ...) NOT-FOR-US: Rundeck CVE-2020-11008 (Affected versions of Git have a vulnerability whereby Git can be trick ...) {DSA-4659-1 DLA-2182-1} - git 1:2.26.2-1 NOTE: https://lore.kernel.org/lkml/xmqq4kterq5s.fsf@gitster.c.googlers.com/ NOTE: https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a88dbd2f8c7fd8c1e2f63483da03bd6928e8791f NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=73aafe9bc27585554181c58871a25e6d0f58a3dc NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=24036686c4af84c9e84e486ef3debab6e6d8e6b5 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=8ba8ed568e2a3b75ee84c49ddffb026fde1a0a91 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a2b26ffb1a81aa23dd14453f4db05d8fe24ee7cc NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=fe29a9b7b0236d3d45c254965580d6aff7fa8504 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c44088ecc4b0722636e0a305f9608d3047197282 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e7fab62b736cca3416660636e46f0be8386a5030 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=1a3609e402a062ef7b11f197fe96c28cabca132c CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller based versi ...) NOT-FOR-US: Shopizer CVE-2020-11006 (In Shopizer before version 2.11.0, a script can be injected in various ...) NOT-FOR-US: Shopizer CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...) NOT-FOR-US: WindowsHello CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. The mai ...) NOT-FOR-US: Admidio CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...) NOT-FOR-US: Oasis (not the same as src:oasis) CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...) NOT-FOR-US: dropwizard-validation CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XS ...) NOT-FOR-US: Wagtail CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps that re ...) NOT-FOR-US: GreenBrowser CVE-2020-10999 RESERVED CVE-2020-10998 RESERVED CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the command li ...) - percona-xtrabackup (Vulnerable code introduced later) NOTE: https://jira.percona.com/browse/PXB-2142 NOTE: Introduced in: https://github.com/percona/percona-xtrabackup/commit/0b38ffc0f30f1b6d3ff7ed0f9cb3ab31a2ccad13 (percona-xtrabackup-2.4.11) NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/ CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41. ...) NOT-FOR-US: Percona XtraDB Cluster CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not suffic ...) {DSA-4691-1} - pdns-recursor 4.3.1-1 [stretch] - pdns-recursor (No longer supported, see DSA 4691) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 CVE-2020-10994 RESERVED CVE-2020-10993 (Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader. ...) NOT-FOR-US: Osmand CVE-2020-10992 (Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorMa ...) NOT-FOR-US: Azkaban CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXml ...) NOT-FOR-US: Mulesoft APIkit CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28 because of the ...) NOT-FOR-US: Accenture Mercury CVE-2020-10989 RESERVED CVE-2020-10988 RESERVED CVE-2020-10987 RESERVED CVE-2020-10986 RESERVED CVE-2020-10985 RESERVED CVE-2020-10984 RESERVED CVE-2020-10983 RESERVED CVE-2020-10982 RESERVED CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10980 (GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogB ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10979 (GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pip ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10978 (GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10977 (GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when mov ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10976 (GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when qu ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerab ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10974 (An issue was discovered on Wavlink WL-WN579G3 - M79X3.V5030.180719 and ...) NOT-FOR-US: Wavlink CVE-2020-10973 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) NOT-FOR-US: Wavlink CVE-2020-10972 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) NOT-FOR-US: Wavlink CVE-2020-10971 (An issue was discovered on Wavlink WL-WN579G3 M79X3.V5030.180719, WL-W ...) NOT-FOR-US: Wavlink CVE-2020-10970 RESERVED CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2642 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2662 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ...) {DSA-4690-1} - dovecot (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-XXXX [RUSTSEC-2020-0006: bumpalo: Flaw in `realloc` allows reading unknown memory] - rust-bumpalo 3.2.1-1 (bug #955151) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0006.html NOTE: https://github.com/fitzgen/bumpalo/issues/69 CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...) NOT-FOR-US: VESTA Control Panel CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...) NOT-FOR-US: Teradici PCoIP Management Console CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...) - serendipity CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...) NOT-FOR-US: FrozenNode Laravel-Administrator CVE-2020-10962 RESERVED CVE-2020-10961 RESERVED CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading Style Shee ...) {DSA-4651-1} - mediawiki 1:1.31.7-1 [stretch] - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T246602 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html CVE-2020-10959 [mediawiki: User content can redirect the logout button to different URL] RESERVED - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T232932 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ...) {DSA-4690-1} - dovecot (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ...) {DSA-4690-1} - dovecot (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-10956 (GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a proje ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10955 (GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10954 (GitLab through 12.9 is affected by a potential DoS in repository archi ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10953 (In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a pat ...) - gitlab (Only affects GitLab EE 11.7 and later) NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10952 (GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push doc ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10951 (Western Digital My Cloud Home and ibi devices before 2.2.0 allow click ...) NOT-FOR-US: Western Digital My Cloud Home and ibi devices CVE-2020-10950 RESERVED CVE-2020-10949 RESERVED CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) ...) NOT-FOR-US: Jon Hedley AlienForm2 CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...) NOT-FOR-US: Sophos CVE-2020-10946 RESERVED CVE-2020-10945 RESERVED CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-si ...) - nomad 0.10.5+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7468 CVE-2020-10943 RESERVED CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...) {DSA-4667-1} - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4) CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive inform ...) - mbedtls 2.16.5-1 NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 CVE-2020-10940 (Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER ...) NOT-FOR-US: PHOENIX CONTACT CVE-2020-10939 (Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT thro ...) NOT-FOR-US: PHOENIX CONTACT CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resultant hea ...) {DSA-4675-1 DLA-2173-1} - graphicsmagick 1.4+really1.3.34-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce CVE-2020-10937 RESERVED CVE-2020-10936 RESERVED CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with resulta ...) - zulip-server (bug #800052) CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. ...) NOT-FOR-US: Acyba AcyMailing CVE-2020-10933 (An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6 ...) - ruby2.7 2.7.1-1 - ruby2.5 - ruby2.3 (Vulnerable code introduced in 2.5.0) - ruby2.1 (Vulnerable code introduced in 2.5.0) NOTE: https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/ NOTE: Fixed by: https://github.com/ruby/ruby/commit/61b7f86248bd121be2e83768be71ef289e8e5b90 NOTE: Introduced around https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc NOTE: and https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc TODO: Verify the relevant introducing commits for the issue. CVE-2020-10932 (An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before ...) - mbedtls NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 CVE-2020-10930 RESERVED CVE-2020-10929 RESERVED CVE-2020-10928 RESERVED CVE-2020-10927 RESERVED CVE-2020-10926 RESERVED CVE-2020-10925 RESERVED CVE-2020-10924 RESERVED CVE-2020-10923 RESERVED CVE-2020-10922 RESERVED CVE-2020-10921 RESERVED CVE-2020-10920 RESERVED CVE-2020-10919 RESERVED CVE-2020-10918 RESERVED CVE-2020-10917 RESERVED CVE-2020-10916 (This vulnerability allows network-adjacent attackers to escalate privi ...) NOT-FOR-US: TP-Link CVE-2020-10915 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: VEEAM One Agent CVE-2020-10914 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: VEEAM One Agent CVE-2020-10913 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10912 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10911 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10910 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10909 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10908 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10907 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10906 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10905 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10904 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10903 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10902 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10901 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10900 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10899 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10898 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10897 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10896 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10895 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10894 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10893 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10892 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10891 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10890 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10889 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10888 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: TP-Link CVE-2020-10887 (This vulnerability allows a firewall bypass on affected installations ...) NOT-FOR-US: TP-Link CVE-2020-10886 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10885 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10884 (This vulnerability allows network-adjacent attackers execute arbitrary ...) NOT-FOR-US: TP-Link CVE-2020-10883 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: TP-Link CVE-2020-10882 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2020-10881 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10880 RESERVED CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...) NOT-FOR-US: rConfig CVE-2020-10878 RESERVED CVE-2020-10877 RESERVED CVE-2020-10876 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-10875 (Motorola FX9500 devices allow remote attackers to conduct absolute pat ...) NOT-FOR-US: Motorola devices CVE-2020-10874 (Motorola FX9500 devices allow remote attackers to read database files. ...) NOT-FOR-US: Motorola devices CVE-2020-10873 RESERVED CVE-2020-10872 RESERVED CVE-2020-10871 (** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attack ...) NOT-FOR-US: OpenWrt LuCI CVE-2020-10870 (Zim through 0.72.1 creates temporary directories with predictable name ...) - zim 0.72.1-1 (unimportant; bug #954810) NOTE: https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028 NOTE: Negligible security impact CVE-2020-10869 RESERVED CVE-2020-10868 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10867 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10866 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10865 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10864 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10863 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10862 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10861 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An Arbitrary Mem ...) NOT-FOR-US: Avast Antivirus CVE-2020-10859 (Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated ...) NOT-FOR-US: Zoho CVE-2020-10858 RESERVED CVE-2020-10857 RESERVED CVE-2020-10856 RESERVED CVE-2020-10931 (Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial ...) - memcached 1.6.2-1 (bug #954808) [buster] - memcached (Introduced in 1.6) [stretch] - memcached (Introduced in 1.6) [jessie] - memcached (Introduced in 1.6) NOTE: https://github.com/memcached/memcached/issues/629 NOTE: https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305 CVE-2020-10855 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10854 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10853 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10852 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10851 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10850 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10849 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10848 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10847 (An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10846 (An issue was discovered on Samsung mobile devices with P(9.x) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10845 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10844 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10843 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10842 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10841 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10840 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10839 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10837 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10835 (An issue was discovered on Samsung mobile devices with any (before Feb ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10834 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10833 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10832 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10831 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10830 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10829 (An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10828 (A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, ...) NOT-FOR-US: Draytek CVE-2020-10827 (A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, ...) NOT-FOR-US: Draytek CVE-2020-10826 (/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B d ...) NOT-FOR-US: Draytek CVE-2020-10825 (A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 de ...) NOT-FOR-US: Draytek CVE-2020-10824 (A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket ...) NOT-FOR-US: Draytek CVE-2020-10823 (A stack-based buffer overflow in /cgi-bin/activate.cgi through var par ...) NOT-FOR-US: Draytek CVE-2020-10822 RESERVED CVE-2020-10821 (Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. ...) NOT-FOR-US: Nagios XI CVE-2020-10820 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) NOT-FOR-US: Nagios XI CVE-2020-10819 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) NOT-FOR-US: Nagios XI CVE-2020-10818 (Artica Proxy 4.26 allows remote command execution for an authenticated ...) NOT-FOR-US: Artica Proxy CVE-2020-10817 (The custom-searchable-data-entry-system (aka Custom Searchable Data En ...) NOT-FOR-US: custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin for WordPress CVE-2020-10816 RESERVED CVE-2020-10815 RESERVED CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...) NOT-FOR-US: Code::Blocks CVE-2020-10813 (A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to cr ...) NOT-FOR-US: FTPDMIN CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) - hdf5 NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4 NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/ TODO: check details CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) - hdf5 NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 NOTE: https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/ TODO: check details CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) - hdf5 NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3 NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/ TODO: check details CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) - hdf5 NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1 NOTE: https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/ TODO: check details CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injectio ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass (for RES ...) NOT-FOR-US: Caldera CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before ...) NOT-FOR-US: eZ Publish Kernel CVE-2020-10805 RESERVED CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954667) [stretch] - phpmyadmin (Minor issue) [jessie] - phpmyadmin (Vulnerable code not present) NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/56b43527196b0349ec2bea8ca711667e5aa75c65 NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/d55abcd5ffa1ea8785f1217f5b7d78a8a54b8542 NOTE: https://www.phpmyadmin.net/security/PMASA-2020-2/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80 CVE-2020-10803 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) {DLA-2154-1} - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954666) [stretch] - phpmyadmin (Minor issue) NOTE: https://www.phpmyadmin.net/security/PMASA-2020-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) {DLA-2154-1} - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954665) [stretch] - phpmyadmin (Minor issue) NOTE: https://www.phpmyadmin.net/security/PMASA-2020-3/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe CVE-2020-10801 RESERVED CVE-2020-10800 (lix through 15.8.7 allows man-in-the-middle attackers to execute arbit ...) NOT-FOR-US: lix node (different from src:lix) CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks via an ...) NOT-FOR-US: svglib CVE-2020-10798 RESERVED CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_ping.ph ...) NOT-FOR-US: pfSense CVE-2020-10796 RESERVED CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code ...) NOT-FOR-US: Gira TKS-IP-Gateway CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...) NOT-FOR-US: Gira TKS-IP-Gateway CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to ga ...) - codeigniter (bug #471583) CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10791 (app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10790 (openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that allows attack ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a941523 ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10787 (An elevation of privilege in Vesta Control Panel through 0.9.8-26 allo ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10786 (A remote command execution in Vesta Control Panel through 0.9.8-26 all ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10785 RESERVED CVE-2020-10784 RESERVED CVE-2020-10783 RESERVED CVE-2020-10782 RESERVED CVE-2020-10781 RESERVED CVE-2020-10780 RESERVED CVE-2020-10779 RESERVED CVE-2020-10778 RESERVED CVE-2020-10777 RESERVED CVE-2020-10776 RESERVED CVE-2020-10775 RESERVED CVE-2020-10774 RESERVED CVE-2020-10773 RESERVED CVE-2020-10772 RESERVED CVE-2020-10771 RESERVED CVE-2020-10770 RESERVED CVE-2020-10769 RESERVED CVE-2020-10768 RESERVED CVE-2020-10767 RESERVED CVE-2020-10766 RESERVED CVE-2020-10765 RESERVED CVE-2020-10764 RESERVED CVE-2020-10763 RESERVED CVE-2020-10762 RESERVED CVE-2020-10761 RESERVED CVE-2020-10760 RESERVED CVE-2020-10759 RESERVED CVE-2020-10758 RESERVED CVE-2020-10757 RESERVED CVE-2020-10756 RESERVED CVE-2020-10755 RESERVED CVE-2020-10754 RESERVED CVE-2020-10753 RESERVED CVE-2020-10752 RESERVED CVE-2020-10751 RESERVED CVE-2020-10750 RESERVED CVE-2020-10749 RESERVED CVE-2020-10748 RESERVED CVE-2020-10747 RESERVED CVE-2020-10746 RESERVED CVE-2020-10745 RESERVED CVE-2020-10744 (An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...) - ansible [buster] - ansible (Incomplete fix not applied) [stretch] - ansible (Incomplete fix not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835566 NOTE: CVE is for an incomplete fix of CVE-2020-1733 CVE-2020-10743 RESERVED - kibana (bug #700337) CVE-2020-10742 RESERVED - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835127 CVE-2020-10741 REJECTED CVE-2020-10740 RESERVED CVE-2020-10739 RESERVED NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...) - moodle CVE-2020-10737 [oddjob: race condition in oddjob_selinux_mkdir function in mkhomedir.c can lead to symlink attack] RESERVED - oddjob (bug #960089) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042 NOTE: https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac CVE-2020-10736 [authorization bypass in mons & mgrs] RESERVED - ceph (Vulnerable code introduced later) NOTE: https://ceph.io/releases/v15-2-2-octopus-released/ NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master) NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2) CVE-2020-10735 RESERVED CVE-2020-10734 RESERVED CVE-2020-10733 RESERVED - postgresql-12 (Windows-specific) - postgresql-11 (Windows-specific) - postgresql-9.6 (Windows-specific) NOTE: https://www.postgresql.org/about/news/2038/ CVE-2020-10732 [uninitialized kernel data leak in userspace coredumps] RESERVED - linux NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1 CVE-2020-10731 RESERVED CVE-2020-10730 RESERVED CVE-2020-10729 [two random password lookups in same task return same value] RESERVED - ansible 2.9.6+dfsg-1 [jessie] - ansible (Vulnerable code introduced later, no variables template caching) NOTE: https://github.com/ansible/ansible/issues/34144 NOTE: https://github.com/ansible/ansible/pull/67429/ NOTE: https://github.com/ansible/ansible/commit/b38603c45ed3a53574ec2080fb3a24db38ab5bc6 NOTE: Introduced in https://github.com/ansible/ansible/commit/87a9485b2f5a3188460f0a0219d2e0d990ce4e67 (2.0) CVE-2020-10728 RESERVED NOT-FOR-US: automationbroker/apb CVE-2020-10727 RESERVED CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A maliciou ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk (Vulnerable code not present) [stretch] - dpdk (Vulnerable code not present) CVE-2020-10725 (A flaw was found in DPDK version 19.11 and above that allows a malicio ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk (Vulnerable code not present) [stretch] - dpdk (Vulnerable code not present) CVE-2020-10724 (A vulnerability was found in DPDK versions 18.11 and above. The vhost- ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk 18.11.6-1~deb10u2 [stretch] - dpdk (Vulnerable code not present) CVE-2020-10723 (A memory corruption issue was found in DPDK versions 17.05 and above. ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk 18.11.6-1~deb10u2 [stretch] - dpdk (Vulnerable code not present) CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A missing ...) {DSA-4688-1} - dpdk 19.11.2-1 (bug #960936) CVE-2020-10721 RESERVED CVE-2020-10720 RESERVED - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 [jessie] - linux 3.16.76-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1781204 NOTE: Fixed by: https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef CVE-2020-10719 RESERVED - undertow NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459 TODO: check, no details on Red Hat bugreport CVE-2020-10718 RESERVED CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file system dae ...) - qemu 1:5.0-5 (bug #959746) [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=01a6dc95ec7f71eeff9963fe3cb03d85225fba3e (v5.0.0-rc0) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html CVE-2020-10716 RESERVED NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation CVE-2020-10715 RESERVED CVE-2020-10714 RESERVED NOT-FOR-US: WildFly Elytron CVE-2020-10713 RESERVED CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...) NOT-FOR-US: image registry operator in OpenShift Container Platform CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's SELinu ...) - linux NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2 CVE-2020-10710 RESERVED CVE-2020-10709 RESERVED - ansible-awx (bug #908763) NOTE: https://github.com/ansible/awx/issues/6630 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033 CVE-2020-10708 [race condition in kernel/audit.c may allow low privilege users trigger kernel panic] RESERVED - linux (unimportant) NOTE: Disputed and negligigle imapct CVE-2020-10707 REJECTED CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth tokens ar ...) NOT-FOR-US: OpenShift CVE-2020-10705 RESERVED - undertow NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241 CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain Contro ...) - samba (bug #960188) [buster] - samba (Can be fixed along in future DSA) [stretch] - samba (Can be fixed along in future DSA) [jessie] - samba (Minor issue and the patch is very invisible, eg. http://paste.debian.net/plain/1143919 is not even complete) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334 NOTE: https://www.samba.org/samba/security/CVE-2020-10704.html CVE-2020-10703 [Potential denial of service via active pool without target path] RESERVED - libvirt 6.0.0-2 [buster] - libvirt (Minor issue) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725 NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1) CVE-2020-10702 [weak signature generation in Pointer Authentication support for ARM] RESERVED - qemu 1:4.2-5 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) - qemu-kvm (Vulnerable code introduced later) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0) CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to DoS] RESERVED - libvirt 6.0.0-7 (bug #955841) [buster] - libvirt (Vulnerable code introduced later) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=95f5ac9ae52455e9da47afc95fa31c9456ac27ae (v5.10.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 (v6.2.0-rc1) CVE-2020-10700 (A use-after-free flaw was found in the way samba AD DC LDAP servers, h ...) - samba (bug #960189) [buster] - samba (Vulnerable code introduced later) [stretch] - samba (Vulnerable code introduced later) [jessie] - samba (Vulnerable code introduced later) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14331 NOTE: https://www.samba.org/samba/security/CVE-2020-10700.html CVE-2020-10699 (A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 ...) - targetcli-fb (Vulnerable code introduced later) NOTE: https://github.com/open-iscsi/targetcli-fb/issues/162 NOTE: Introduced in: https://github.com/open-iscsi/targetcli-fb/commit/ad37f94ae72d0e3d5963ce182e2897c84af9c039 (v2.1.50) NOTE: Fixed by: https://github.com/open-iscsi/targetcli-fb/commit/6e4f39357a90a914d11bac21cc2d2b52c07c213d CVE-2020-10698 RESERVED NOT-FOR-US: Ansible Tower CVE-2020-10697 RESERVED NOT-FOR-US: Ansible Tower CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5. ...) - golang-github-containers-buildah NOTE: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed CVE-2020-10695 RESERVED NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container CVE-2020-10694 RESERVED CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in ...) - libhibernate-validator-java NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805501 CVE-2020-10692 RESERVED CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versions 2.9 ...) - ansible 2.9.7+dfsg-1 [buster] - ansible (Vulnerable code introduced later) [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817161 NOTE: https://github.com/ansible/ansible/pull/68596 NOTE: https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8 (stable-2.9) CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a race ...) - linux 5.4.8-1 [buster] - linux 4.19.98-1 NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where it did ...) NOT-FOR-US: Eclipse Che CVE-2020-10688 RESERVED - resteasy - resteasy3.0 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974 NOTE: https://github.com/quarkusio/quarkus/issues/7248 NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted) TODO: check details, not much information provided by Red Hat. CVE-2020-10687 RESERVED - undertow NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049 CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in ...) NOT-FOR-US: Keycloak CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...) - ansible [jessie] - ansible (Vulnerable code introduced later, all decryption in-memory, no transparent file decryption) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627 NOTE: https://github.com/ansible/ansible/pull/68433 NOTE: https://github.com/ansible/ansible/commit/6452a82452f3a721233b50f62419598206442fd9 NOTE: Introduced in https://github.com/ansible/ansible/commit/cdf6e3e4bf44fdab62c2e4ccd3f5fd67ea554548 (2.1) CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...) - ansible [jessie] - ansible (Vulnerable code introduced later, 'ansible_facts' variable not exposed) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519 NOTE: https://github.com/ansible/ansible/pull/68431 NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce CVE-2020-10683 (dom4j before 2.1.3 allows external DTDs and External Entities by defau ...) {DLA-2191-1} - dom4j (bug #958055) NOTE: https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d (the fix?) NOTE: https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658 (post-fix refactor?) CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...) NOT-FOR-US: CMS Made Simple CVE-2020-10681 (The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd fi ...) NOT-FOR-US: CMS Made Simple CVE-2020-10680 RESERVED CVE-2020-10679 RESERVED CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-premises A ...) NOT-FOR-US: Octopus Deploy CVE-2020-10677 RESERVED CVE-2020-10676 RESERVED CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows attacker ...) - golang-github-buger-jsonparser 0.0~git20200322.0.f7e751e-1 (bug #954373) [buster] - golang-github-buger-jsonparser (Minor issue) NOTE: https://github.com/buger/jsonparser/issues/188 NOTE: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717 CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2153-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2660 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2153-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2659 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missi ...) NOT-FOR-US: Canon CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10669 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10666 RESERVED CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...) - libperlspeak-perl (bug #954238) [stretch] - libperlspeak-perl (Will be removed in next point release) [jessie] - libperlspeak-perl (Not supported in jessie LTS) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173 CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 ...) NOT-FOR-US: VxWorks CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...) {DLA-2192-1 DLA-2190-1} - ruby-json 2.3.0+dfsg-1 [buster] - ruby-json (Minor issue) [stretch] - ruby-json (Minor issue) - ruby2.7 (Fixed before initial upload to Debian) - ruby2.5 [buster] - ruby2.5 (Minor issue) - ruby2.3 [stretch] - ruby2.3 (Minor issue) - ruby2.1 NOTE: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ NOTE: https://hackerone.com/reports/706934 NOTE: https://github.com/ruby/ruby/commit/36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01 (2.6.6) NOTE: https://github.com/ruby/ruby/commit/b379ecd8b6832dfcd5dad353b6bfd41701e2d678 (2.5.8) CVE-2020-10662 RESERVED CVE-2020-10661 (HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may ...) NOT-FOR-US: HashiCorp Vault CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, ...) NOT-FOR-US: HashiCorp Vault CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...) NOT-FOR-US: Entrust Entelligence Security Provider (ESP) CVE-2020-10658 RESERVED CVE-2020-10657 RESERVED CVE-2020-10656 RESERVED CVE-2020-10655 RESERVED CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...) NOT-FOR-US: Ping Identity PingID CVE-2020-10653 RESERVED CVE-2020-10652 RESERVED CVE-2020-10651 RESERVED CVE-2020-10650 RESERVED CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 ...) NOT-FOR-US: ASUS Device Activation CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...) - u-boot 2020.04+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5 NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/ NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html CVE-2020-10647 (Wind River VxWorks tftp client library, as distributed in VxWorks 6.9 ...) NOT-FOR-US: VxWorks CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...) NOT-FOR-US: Fuji Electric V-Server Lite CVE-2020-10645 RESERVED CVE-2020-10644 RESERVED CVE-2020-10643 RESERVED CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and prior, an au ...) NOT-FOR-US: Rockwell CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...) NOT-FOR-US: Inductive Automation CVE-2020-10640 RESERVED CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) NOT-FOR-US: Eaton HMiSoft VU3 CVE-2020-10638 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-10637 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) NOT-FOR-US: Eaton HMiSoft VU3 CVE-2020-10636 RESERVED CVE-2020-10635 RESERVED CVE-2020-10634 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted ...) NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...) NOT-FOR-US: eWON Flexy and Cosy CVE-2020-10632 RESERVED CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does no ...) NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10628 RESERVED CVE-2020-10627 RESERVED CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...) NOT-FOR-US: Fazecast jSerialComm CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10624 RESERVED CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) NOT-FOR-US: LCDS LAquis SCADA CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10620 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication d ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10618 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) NOT-FOR-US: LCDS LAquis SCADA CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10616 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specif ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10614 RESERVED CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10612 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicat ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10610 RESERVED CVE-2020-10609 RESERVED CVE-2020-10608 RESERVED CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer ...) NOT-FOR-US: Advantech WebAccess CVE-2020-10606 RESERVED CVE-2020-10605 RESERVED CVE-2020-10604 RESERVED CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10602 RESERVED CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-10600 RESERVED CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES ...) NOT-FOR-US: Pyxis CVE-2020-10597 (The affected insulin pump is designed to communicate using a wireless ...) NOT-FOR-US: Insulet CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...) NOT-FOR-US: OpenCart CVE-2020-10595 (pam-krb5 before 4.9 has a buffer overflow that might cause remote code ...) {DSA-4648-1 DLA-2166-1} - libpam-krb5 4.9-1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/31/1 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...) NOT-FOR-US: drf-jwt CVE-2020-10593 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) - tor 0.4.2.7-1 [buster] - tor (Only affects tor 0.4.0.1-alpha onwards) [stretch] - tor (Only affects tor 0.4.0.1-alpha onwards) [jessie] - tor (Only affects tor 0.4.0.1-alpha onwards) NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 NOTE: https://bugs.torproject.org/33619 CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) {DSA-4644-1} - tor 0.4.2.7-1 [stretch] - tor (See DSA 4644) [jessie] - tor (Not supported in jessie LTS) NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 NOTE: https://bugs.torproject.org/33120 CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...) NOT-FOR-US: Walmart Labs Concord CVE-2020-10590 RESERVED CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) NOT-FOR-US: v2rayL CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) NOT-FOR-US: v2rayL CVE-2020-10587 (antiX and MX Linux allow local users to achieve root access via "persi ...) NOT-FOR-US: antiX and MX Linux CVE-2020-10586 RESERVED CVE-2020-10585 RESERVED CVE-2020-10584 RESERVED CVE-2020-10583 RESERVED CVE-2020-10582 RESERVED CVE-2020-10581 RESERVED CVE-2020-10580 RESERVED CVE-2020-10579 RESERVED CVE-2020-10578 (An arbitrary file read vulnerability exists in system/controller/backe ...) NOT-FOR-US: QCMS CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has multiple c ...) - janus 0.9.2-1 (bug #954668) NOTE: https://github.com/meetecho/janus-gateway/pull/1990 CVE-2020-10576 (An issue was discovered in Janus through 0.9.1. plugins/janus_voicemai ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1993 CVE-2020-10575 (An issue was discovered in Janus through 0.9.1. plugins/janus_videocal ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1994 CVE-2020-10574 (An issue was discovered in Janus through 0.9.1. janus.c tries to use a ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1989 CVE-2020-10573 (An issue was discovered in Janus through 0.9.1. janus_audiobridge.c ha ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1988 CVE-2020-10572 RESERVED CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython implemen ...) NOT-FOR-US: psd-tools CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is ...) NOT-FOR-US: Telegram for Android CVE-2020-10569 (SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, w ...) NOT-FOR-US: SysAid On-Premise CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...) NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress CVE-2020-10567 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) NOT-FOR-US: Responsive Filemanager CVE-2020-10566 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) NOT-FOR-US: FreeBSD CVE-2020-10565 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) NOT-FOR-US: FreeBSD CVE-2020-10564 (An issue was discovered in the File Upload plugin before 4.13.0 for Wo ...) NOT-FOR-US: File Upload plugin for WordPress CVE-2020-10563 (An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.ph ...) NOT-FOR-US: DEVOME GRR CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.p ...) NOT-FOR-US: DEVOME GRR CVE-2020-10561 RESERVED CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN) through 5 ...) NOT-FOR-US: Open Source Social Network (OSSN) CVE-2020-10559 RESERVED CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before ...) NOT-FOR-US: driving interface of Tesla Model 3 vehicles CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...) NOT-FOR-US: AContent CVE-2020-10556 RESERVED CVE-2020-10555 RESERVED CVE-2020-10554 RESERVED CVE-2020-10553 RESERVED CVE-2020-10552 RESERVED CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...) NOT-FOR-US: QQBrowser CVE-2020-10550 RESERVED CVE-2020-10549 RESERVED CVE-2020-10548 RESERVED CVE-2020-10547 RESERVED CVE-2020-10546 RESERVED CVE-2020-10545 RESERVED CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFac ...) NOT-FOR-US: PrimeTek PrimeFaces CVE-2020-10543 RESERVED CVE-2020-10542 RESERVED CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code executi ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...) NOT-FOR-US: Untis WebUntis CVE-2020-10539 RESERVED CVE-2020-10538 RESERVED CVE-2020-10537 RESERVED CVE-2020-10536 RESERVED CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...) NOT-FOR-US: MediaWiki extension CVE-2020-10535 (GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote at ...) - gitlab (Only affects Gitlab 12.8.x) NOTE: https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/ CVE-2020-10533 RESERVED CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allo ...) NOT-FOR-US: AD Helper component in WatchGuard Fireware CVE-2020-10531 (An issue was discovered in International Components for Unicode (ICU) ...) {DSA-4646-1 DLA-2151-1} [experimental] - icu 66.1-2 - icu 63.2-3 (bug #953747) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public) NOTE: Upstream ICU bug: https://unicode-org.atlassian.net/browse/ICU-20958 (private) NOTE: Fixed by: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca NOTE: https://github.com/unicode-org/icu/pull/971 CVE-2020-10530 RESERVED CVE-2020-10529 RESERVED CVE-2020-10528 RESERVED CVE-2020-10527 RESERVED CVE-2020-10526 RESERVED CVE-2020-10525 RESERVED CVE-2020-10524 RESERVED CVE-2020-10523 RESERVED CVE-2020-10522 RESERVED CVE-2020-10521 RESERVED CVE-2020-10520 RESERVED CVE-2020-10519 RESERVED CVE-2020-10518 RESERVED CVE-2020-10517 RESERVED CVE-2020-10516 RESERVED CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...) NOT-FOR-US: STARFACE UCC Client CVE-2020-10514 (iCatch DVR firmware before 20200103 do not validate function parameter ...) NOT-FOR-US: iCatch DVR CVE-2020-10513 (The file management interface of iCatch DVR firmware before 20200103 c ...) NOT-FOR-US: iCatch DVR CVE-2020-10512 (HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CC ...) NOT-FOR-US: HGiga C&Cmail CVE-2020-10511 (HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAIL ...) NOT-FOR-US: HGiga C&Cmail CVE-2020-10510 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10509 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10508 (Sunnet eHRD, a human training and development management system, impro ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10507 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10506 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10505 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10504 (CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10503 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10502 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10501 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10500 (CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10499 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10498 (CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10497 (CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Lan ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10496 (CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10495 (CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10494 (CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10493 (CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10492 (CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Lang ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10491 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10490 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10489 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10488 (CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10487 (CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10486 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10485 (CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10484 (CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10483 (CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 a ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10482 (CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10481 (CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10480 (CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10479 (CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 a ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10478 (CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10477 (Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi- ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10476 (Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10475 (Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Mul ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10474 (Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10473 (Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10472 (Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard M ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10471 (Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10470 (Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10469 (Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10468 (Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10467 (Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10466 (Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10465 (Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10464 (Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10463 (Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10462 (Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-L ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10461 (The way comments in article.php (vulnerable function in include/functi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10460 (admin/include/operations.php (via admin/email-harvester.php) in Chadha ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10459 (Path Traversal in admin/assetmanager/assetmanager.php (vulnerable func ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10458 (Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Sta ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10457 (Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10456 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10455 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10454 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10453 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10452 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10451 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10450 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10449 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10448 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10447 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10446 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10445 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10444 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10443 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10442 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10441 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10440 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10439 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10438 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10437 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10436 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10435 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10434 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10433 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10432 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10431 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10430 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10429 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10428 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10427 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10426 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10425 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10424 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10423 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10422 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10421 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10420 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10419 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10418 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10417 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10416 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10415 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10414 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10413 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10412 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10411 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10410 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10409 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10408 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10407 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10406 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10405 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10404 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10403 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10402 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10401 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10400 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10399 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10398 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10397 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10396 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10395 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10394 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10393 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10392 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10391 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10390 (OS Command Injection in export.php (vulnerable function called from in ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10389 (admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allo ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10388 (The way the Referer header in article.php is handled in Chadha PHPKB S ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10387 (Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10386 (admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Lang ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10385 (A stored cross-site scripting (XSS) vulnerability exists in the WPForm ...) NOT-FOR-US: WPForms Contact Form plugin for WordPress CVE-2020-10384 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10383 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10382 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10381 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...) - rmysql 0.10.20-1 [buster] - rmysql (Minor issue) [jessie] - rmysql (Minor issue) NOTE: Fixed by: https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32 NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40 CVE-2020-10379 RESERVED CVE-2020-10378 RESERVED CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...) NOT-FOR-US: Mitel CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...) NOT-FOR-US: Technicolor CVE-2020-10375 RESERVED CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-10373 RESERVED CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...) NOT-FOR-US: Ramp AltitudeCDN Altimeter CVE-2020-10371 RESERVED CVE-2020-10370 RESERVED CVE-2020-10369 RESERVED CVE-2020-10368 RESERVED CVE-2020-10367 RESERVED CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...) NOT-FOR-US: LogicalDoc CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...) NOT-FOR-US: LogicalDoc CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...) NOT-FOR-US: SSH daemon on MikroTik routers CVE-2020-10363 RESERVED CVE-2020-10362 RESERVED CVE-2020-10361 RESERVED CVE-2020-10360 RESERVED CVE-2020-10359 RESERVED CVE-2020-10358 RESERVED CVE-2020-10357 RESERVED CVE-2020-10356 RESERVED CVE-2020-10355 RESERVED CVE-2020-10354 RESERVED CVE-2020-10353 RESERVED CVE-2020-10352 RESERVED CVE-2020-10351 RESERVED CVE-2020-10350 RESERVED CVE-2020-10349 RESERVED CVE-2020-10348 RESERVED CVE-2020-10347 RESERVED CVE-2020-10346 RESERVED CVE-2020-10345 RESERVED CVE-2020-10344 RESERVED CVE-2020-10343 RESERVED CVE-2020-10342 RESERVED CVE-2020-10341 RESERVED CVE-2020-10340 RESERVED CVE-2020-10339 RESERVED CVE-2020-10338 RESERVED CVE-2020-10337 RESERVED CVE-2020-10336 RESERVED CVE-2020-10335 RESERVED CVE-2020-10334 RESERVED CVE-2020-10333 RESERVED CVE-2020-10332 RESERVED CVE-2020-10331 RESERVED CVE-2020-10330 RESERVED CVE-2020-10329 RESERVED CVE-2020-10328 RESERVED CVE-2020-10327 RESERVED CVE-2020-10326 RESERVED CVE-2020-10325 RESERVED CVE-2020-10324 RESERVED CVE-2020-10323 RESERVED CVE-2020-10322 RESERVED CVE-2020-10321 RESERVED CVE-2020-10320 RESERVED CVE-2020-10319 RESERVED CVE-2020-10318 RESERVED CVE-2020-10317 RESERVED CVE-2020-10316 RESERVED CVE-2020-10315 RESERVED CVE-2020-10314 RESERVED CVE-2020-10313 RESERVED CVE-2020-10312 RESERVED CVE-2020-10311 RESERVED CVE-2020-10310 RESERVED CVE-2020-10309 RESERVED CVE-2020-10308 RESERVED CVE-2020-10307 RESERVED CVE-2020-10306 RESERVED CVE-2020-10305 RESERVED CVE-2020-10304 RESERVED CVE-2020-10303 RESERVED CVE-2020-10302 RESERVED CVE-2020-10301 RESERVED CVE-2020-10300 RESERVED CVE-2020-10299 RESERVED CVE-2020-10298 RESERVED CVE-2020-10297 RESERVED CVE-2020-10296 RESERVED CVE-2020-10295 RESERVED CVE-2020-10294 RESERVED CVE-2020-10293 RESERVED CVE-2020-10292 RESERVED CVE-2020-10291 RESERVED CVE-2020-10290 RESERVED CVE-2020-10289 RESERVED CVE-2020-10288 RESERVED CVE-2020-10287 RESERVED CVE-2020-10286 RESERVED CVE-2020-10285 RESERVED CVE-2020-10284 RESERVED CVE-2020-10283 RESERVED CVE-2020-10282 RESERVED CVE-2020-10281 RESERVED CVE-2020-10280 RESERVED CVE-2020-10279 RESERVED CVE-2020-10278 RESERVED CVE-2020-10277 RESERVED CVE-2020-10276 RESERVED CVE-2020-10275 RESERVED CVE-2020-10274 RESERVED CVE-2020-10273 RESERVED CVE-2020-10272 RESERVED CVE-2020-10271 RESERVED CVE-2020-10270 RESERVED CVE-2020-10269 RESERVED CVE-2020-10268 RESERVED CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...) NOT-FOR-US: Universal Robots control box CB CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...) NOT-FOR-US: Universal Robots+ CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, ...) NOT-FOR-US: Universal Robots+ CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards al ...) NOT-FOR-US: CB3 SW CVE-2020-10263 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Atta ...) NOT-FOR-US: XIAOMI CVE-2020-10262 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Att ...) NOT-FOR-US: XIAOMI CVE-2020-10261 RESERVED CVE-2020-10260 RESERVED CVE-2020-10259 RESERVED CVE-2020-10258 RESERVED CVE-2020-10257 (The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks acces ...) NOT-FOR-US: ThemeREX Addons plugin for WordPress CVE-2020-10256 RESERVED CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...) NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips CVE-2020-10254 RESERVED CVE-2020-10253 RESERVED CVE-2020-10252 RESERVED CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...) - imagemagick (bug #953741) [stretch] - imagemagick (Vulnerable code introduced later with HEIC image format support) [jessie] - imagemagick (Vulnerable code introduced later with HEIC image format support) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/868aad754ee599eb7153b84d610f2ecdf7b339f6 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3456724dff047db5adb32f8cf70c903c1b7d16d4 CVE-2020-10250 (BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitra ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10249 (BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10248 (BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwo ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is ...) NOT-FOR-US: MISP CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is ...) NOT-FOR-US: MISP CVE-2020-10245 (CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control run ...) NOT-FOR-US: CODESYS CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...) NOT-FOR-US: JPaseto CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...) NOT-FOR-US: Joomla! CVE-2020-10242 (An issue was discovered in Joomla! before 3.9.16. Inadequate handling ...) NOT-FOR-US: Joomla! CVE-2020-10241 (An issue was discovered in Joomla! before 3.9.16. Missing token checks ...) NOT-FOR-US: Joomla! CVE-2020-10240 (An issue was discovered in Joomla! before 3.9.16. Missing length check ...) NOT-FOR-US: Joomla! CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect Access Con ...) NOT-FOR-US: Joomla! CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various actions in c ...) NOT-FOR-US: Joomla! CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...) NOT-FOR-US: Froxlor CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...) NOT-FOR-US: Froxlor CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...) NOT-FOR-US: Froxlor CVE-2020-10234 RESERVED CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...) - sleuthkit (unimportant) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829 NOTE: Crash in CLI tool, no security impact CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack ...) {DLA-2137-1} - sleuthkit (low; bug #953976) [buster] - sleuthkit (Minor issue) [stretch] - sleuthkit (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836 NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1 CVE-2020-10231 (TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_17 ...) NOT-FOR-US: TP-Link CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-10229 RESERVED CVE-2020-10228 RESERVED CVE-2020-10227 RESERVED CVE-2020-10226 RESERVED CVE-2020-10225 (An unauthenticated file upload vulnerability has been identified in ad ...) NOT-FOR-US: PHPGurukul Job Portal CVE-2020-10224 (An unauthenticated file upload vulnerability has been identified in ad ...) NOT-FOR-US: PHPGurukul Online Book Store CVE-2020-10223 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode ...) NOT-FOR-US: npdf.dll in Nitro Pro CVE-2020-10222 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corrupt ...) NOT-FOR-US: npdf.dll in Nitro Pro CVE-2020-10221 (lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows re ...) NOT-FOR-US: rConfig CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interface is ...) NOT-FOR-US: rConfig CVE-2020-10219 RESERVED CVE-2020-10218 (A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 ...) NOT-FOR-US: Sapplica Sentrifugo CVE-2020-10217 RESERVED CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10215 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10214 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is ...) NOT-FOR-US: D-Link CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...) NOT-FOR-US: Responsive FileManager CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...) NOT-FOR-US: Mitel CVE-2020-10210 RESERVED CVE-2020-10209 RESERVED CVE-2020-10208 RESERVED CVE-2020-10207 RESERVED CVE-2020-10206 RESERVED CVE-2020-10205 RESERVED CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10203 (Sonatype Nexus Repository before 3.21.2 allows XSS. ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10202 RESERVED CVE-2020-10201 RESERVED CVE-2020-10200 RESERVED CVE-2020-10199 (Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10198 RESERVED CVE-2020-10197 RESERVED CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 for Wor ...) NOT-FOR-US: popup-builder plugin for WordPress CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...) NOT-FOR-US: popup-builder plugin for WordPress CVE-2020-10194 (cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8. ...) NOT-FOR-US: Zimbra CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...) NOT-FOR-US: ESET Archive Support Module CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...) NOT-FOR-US: Munkireport CVE-2020-10191 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) NOT-FOR-US: Munkireport CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) NOT-FOR-US: Munkireport CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...) {DLA-2176-1} - inetutils 2:1.9.4-12 (bug #956084) - netkit-telnet 0.17-18woody2 (bug #953477) - netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478) NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html NOTE: https://github.com/marado/netkit-telnet-ssl/issues/5 NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2020-04/msg00010.html NOTE: Patch in Fedora: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch CVE-2020-10187 (Doorkeeper version 5.0.0 and later contains an information disclosure ...) - ruby-doorkeeper (bug #959903) NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6 NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9 CVE-2020-10186 RESERVED CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...) {DLA-2141-1} - yubikey-val [buster] - yubikey-val (Minor issue) [stretch] - yubikey-val (Minor issue) NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 CVE-2020-10184 (The verify endpoint in YubiKey Validation Server before 2.40 does not ...) {DLA-2141-1} - yubikey-val [buster] - yubikey-val (Minor issue) [stretch] - yubikey-val (Minor issue) NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 CVE-2020-10183 RESERVED CVE-2020-10182 RESERVED CVE-2020-10181 (goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4. ...) NOT-FOR-US: Sumavision Enhanced Multimedia Router CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...) NOT-FOR-US: ESET AV parsing engine CVE-2020-10179 RESERVED CVE-2020-10178 REJECTED CVE-2020-10177 RESERVED CVE-2020-10176 (ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow E ...) NOT-FOR-US: ASSA ABLOY Yale WIPC-301W CVE-2020-10175 REJECTED CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely ...) - timeshift 20.03+ds-1 (bug #953385) [buster] - timeshift 19.01+ds-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/06/3 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1165802 NOTE: https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462 CVE-2020-10173 (Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Mult ...) NOT-FOR-US: Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices CVE-2020-10172 RESERVED CVE-2020-10171 RESERVED CVE-2020-10170 RESERVED CVE-2020-10169 RESERVED CVE-2020-10168 RESERVED CVE-2020-10167 RESERVED CVE-2020-10166 RESERVED CVE-2020-10165 RESERVED CVE-2020-10164 RESERVED CVE-2020-10163 RESERVED CVE-2020-10162 RESERVED CVE-2020-10161 RESERVED CVE-2020-10160 RESERVED CVE-2020-10159 RESERVED CVE-2020-10158 RESERVED CVE-2020-10157 RESERVED CVE-2020-10156 RESERVED CVE-2020-10155 RESERVED CVE-2020-10154 RESERVED CVE-2020-10153 RESERVED CVE-2020-10152 RESERVED CVE-2020-10151 RESERVED CVE-2020-10150 RESERVED CVE-2020-10149 RESERVED CVE-2020-10148 RESERVED CVE-2020-10147 RESERVED CVE-2020-10146 RESERVED CVE-2020-10145 RESERVED CVE-2020-10144 RESERVED CVE-2020-10143 RESERVED CVE-2020-10142 RESERVED CVE-2020-10141 RESERVED CVE-2020-10140 RESERVED CVE-2020-10139 RESERVED CVE-2020-10138 RESERVED CVE-2020-10137 RESERVED CVE-2020-10136 RESERVED CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...) - linux TODO: check, the CVE was specifically associated with kernel part CVE-2020-10134 (Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthe ...) NOTE: Bluetooth protocol issue CVE-2020-10133 RESERVED CVE-2020-10132 RESERVED CVE-2020-10131 RESERVED CVE-2020-10130 RESERVED CVE-2020-10129 RESERVED CVE-2020-10128 RESERVED CVE-2020-10127 RESERVED CVE-2020-10126 RESERVED CVE-2020-10125 RESERVED CVE-2020-10124 RESERVED CVE-2020-10123 RESERVED CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to delete arbit ...) NOT-FOR-US: cPanel CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code execution ...) NOT-FOR-US: cPanel CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code executio ...) NOT-FOR-US: cPanel CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote code exe ...) NOT-FOR-US: cPanel CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files via Brandi ...) NOT-FOR-US: cPanel CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in the Mar ...) NOT-FOR-US: cPanel CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended restrictions ...) NOT-FOR-US: cPanel CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code ex ...) NOT-FOR-US: cPanel CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file editor ...) NOT-FOR-US: cPanel CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary character-set sp ...) NOT-FOR-US: cPanel CVE-2020-10112 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poison ...) NOT-FOR-US: Citrix CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent ...) NOT-FOR-US: Citrix CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information ...) NOT-FOR-US: Citrix CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) {DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted (Minor issue) [stretch] - twisted (Minor issue) NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) {DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted (Minor issue) [stretch] - twisted (Minor issue) NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2020-10106 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injec ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2020-10105 (An issue was discovered in Zammad 3.0 through 3.2. It returns source c ...) - zammad (bug #841355) CVE-2020-10104 (An issue was discovered in Zammad 3.0 through 3.2. After authenticatio ...) - zammad (bug #841355) CVE-2020-10103 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10102 (An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password ...) - zammad (bug #841355) CVE-2020-10101 (An issue was discovered in Zammad 3.0 through 3.2. The WebSocket serve ...) - zammad (bug #841355) CVE-2020-10100 (An issue was discovered in Zammad 3.0 through 3.2. It allows for users ...) - zammad (bug #841355) CVE-2020-10099 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10098 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10097 (An issue was discovered in Zammad 3.0 through 3.2. It may respond with ...) - zammad (bug #841355) CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not prevent ...) - zammad (bug #841355) CVE-2020-10095 RESERVED CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW7 ...) NOT-FOR-US: Lexmark CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series in ...) NOT-FOR-US: Lexmark CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...) - gitlab (Only affects Gitlab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...) - gitlab (Only affects Gitlab 12.3.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain con ...) - gitlab (Only affects Gitlab 12.7 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of servi ...) - gitlab (Only affects Gitlab 12.2 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation re ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting v ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error h ...) - gitlab (Only affects Gitlab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10072 RESERVED CVE-2020-10071 RESERVED CVE-2020-10070 RESERVED CVE-2020-10069 RESERVED CVE-2020-10068 RESERVED CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10066 RESERVED CVE-2020-10065 RESERVED CVE-2020-10064 RESERVED CVE-2020-10063 RESERVED CVE-2020-10062 RESERVED CVE-2020-10061 RESERVED CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1] ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10058 (Multiple syscalls in the Kscan subsystem perform insufficient argument ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...) NOT-FOR-US: GeniXCMS CVE-2020-10056 RESERVED CVE-2020-10055 RESERVED CVE-2020-10054 RESERVED CVE-2020-10053 RESERVED CVE-2020-10052 RESERVED CVE-2020-10051 RESERVED CVE-2020-10050 RESERVED CVE-2020-10049 RESERVED CVE-2020-10048 RESERVED CVE-2020-10047 RESERVED CVE-2020-10046 RESERVED CVE-2020-10045 RESERVED CVE-2020-10044 RESERVED CVE-2020-10043 RESERVED CVE-2020-10042 RESERVED CVE-2020-10041 RESERVED CVE-2020-10040 RESERVED CVE-2020-10039 RESERVED CVE-2020-10038 RESERVED CVE-2020-10037 RESERVED CVE-2020-10036 RESERVED CVE-2020-10035 RESERVED CVE-2020-10034 RESERVED CVE-2020-10033 RESERVED CVE-2020-10032 RESERVED CVE-2020-10031 RESERVED CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and including ...) - pdns-recursor 4.3.1-1 (unimportant) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 NOTE: Non exploitable on Linux CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...) - glibc 2.30-1 (bug #953108) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25487 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a CVE-2020-9999 RESERVED CVE-2020-9998 RESERVED CVE-2020-9997 RESERVED CVE-2020-9996 RESERVED CVE-2020-9995 RESERVED CVE-2020-9994 RESERVED CVE-2020-9993 RESERVED CVE-2020-9992 RESERVED CVE-2020-9991 RESERVED CVE-2020-9990 RESERVED CVE-2020-9989 RESERVED CVE-2020-9988 RESERVED CVE-2020-9987 RESERVED CVE-2020-9986 RESERVED CVE-2020-9985 RESERVED CVE-2020-9984 RESERVED CVE-2020-9983 RESERVED CVE-2020-9982 RESERVED CVE-2020-9981 RESERVED CVE-2020-9980 RESERVED CVE-2020-9979 RESERVED CVE-2020-9978 RESERVED CVE-2020-9977 RESERVED CVE-2020-9976 RESERVED CVE-2020-9975 RESERVED CVE-2020-9974 RESERVED CVE-2020-9973 RESERVED CVE-2020-9972 RESERVED CVE-2020-9971 RESERVED CVE-2020-9970 RESERVED CVE-2020-9969 RESERVED CVE-2020-9968 RESERVED CVE-2020-9967 RESERVED CVE-2020-9966 RESERVED CVE-2020-9965 RESERVED CVE-2020-9964 RESERVED CVE-2020-9963 RESERVED CVE-2020-9962 RESERVED CVE-2020-9961 RESERVED CVE-2020-9960 RESERVED CVE-2020-9959 RESERVED CVE-2020-9958 RESERVED CVE-2020-9957 RESERVED CVE-2020-9956 RESERVED CVE-2020-9955 RESERVED CVE-2020-9954 RESERVED CVE-2020-9953 RESERVED CVE-2020-9952 RESERVED CVE-2020-9951 RESERVED CVE-2020-9950 RESERVED CVE-2020-9949 RESERVED CVE-2020-9948 RESERVED CVE-2020-9947 RESERVED CVE-2020-9946 RESERVED CVE-2020-9945 RESERVED CVE-2020-9944 RESERVED CVE-2020-9943 RESERVED CVE-2020-9942 RESERVED CVE-2020-9941 RESERVED CVE-2020-9940 RESERVED CVE-2020-9939 RESERVED CVE-2020-9938 RESERVED CVE-2020-9937 RESERVED CVE-2020-9936 RESERVED CVE-2020-9935 RESERVED CVE-2020-9934 RESERVED CVE-2020-9933 RESERVED CVE-2020-9932 RESERVED CVE-2020-9931 RESERVED CVE-2020-9930 RESERVED CVE-2020-9929 RESERVED CVE-2020-9928 RESERVED CVE-2020-9927 RESERVED CVE-2020-9926 RESERVED CVE-2020-9925 RESERVED CVE-2020-9924 RESERVED CVE-2020-9923 RESERVED CVE-2020-9922 RESERVED CVE-2020-9921 RESERVED CVE-2020-9920 RESERVED CVE-2020-9919 RESERVED CVE-2020-9918 RESERVED CVE-2020-9917 RESERVED CVE-2020-9916 RESERVED CVE-2020-9915 RESERVED CVE-2020-9914 RESERVED CVE-2020-9913 RESERVED CVE-2020-9912 RESERVED CVE-2020-9911 RESERVED CVE-2020-9910 RESERVED CVE-2020-9909 RESERVED CVE-2020-9908 RESERVED CVE-2020-9907 RESERVED CVE-2020-9906 RESERVED CVE-2020-9905 RESERVED CVE-2020-9904 RESERVED CVE-2020-9903 RESERVED CVE-2020-9902 RESERVED CVE-2020-9901 RESERVED CVE-2020-9900 RESERVED CVE-2020-9899 RESERVED CVE-2020-9898 RESERVED CVE-2020-9897 RESERVED CVE-2020-9896 RESERVED CVE-2020-9895 RESERVED CVE-2020-9894 RESERVED CVE-2020-9893 RESERVED CVE-2020-9892 RESERVED CVE-2020-9891 RESERVED CVE-2020-9890 RESERVED CVE-2020-9889 RESERVED CVE-2020-9888 RESERVED CVE-2020-9887 RESERVED CVE-2020-9886 RESERVED CVE-2020-9885 RESERVED CVE-2020-9884 RESERVED CVE-2020-9883 RESERVED CVE-2020-9882 RESERVED CVE-2020-9881 RESERVED CVE-2020-9880 RESERVED CVE-2020-9879 RESERVED CVE-2020-9878 RESERVED CVE-2020-9877 RESERVED CVE-2020-9876 RESERVED CVE-2020-9875 RESERVED CVE-2020-9874 RESERVED CVE-2020-9873 RESERVED CVE-2020-9872 RESERVED CVE-2020-9871 RESERVED CVE-2020-9870 RESERVED CVE-2020-9869 RESERVED CVE-2020-9868 RESERVED CVE-2020-9867 RESERVED CVE-2020-9866 RESERVED CVE-2020-9865 RESERVED CVE-2020-9864 RESERVED CVE-2020-9863 RESERVED CVE-2020-9862 RESERVED CVE-2020-9861 RESERVED CVE-2020-9860 RESERVED CVE-2020-9859 RESERVED CVE-2020-9858 RESERVED CVE-2020-9857 RESERVED CVE-2020-9856 RESERVED CVE-2020-9855 RESERVED CVE-2020-9854 RESERVED CVE-2020-9853 RESERVED CVE-2020-9852 RESERVED CVE-2020-9851 RESERVED CVE-2020-9850 RESERVED CVE-2020-9849 RESERVED CVE-2020-9848 RESERVED CVE-2020-9847 RESERVED CVE-2020-9846 RESERVED CVE-2020-9845 RESERVED CVE-2020-9844 RESERVED CVE-2020-9843 RESERVED CVE-2020-9842 RESERVED CVE-2020-9841 RESERVED CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...) NOT-FOR-US: SwiftNIO Extras CVE-2020-9839 RESERVED CVE-2020-9838 RESERVED CVE-2020-9837 RESERVED CVE-2020-9836 RESERVED CVE-2020-9835 RESERVED CVE-2020-9834 RESERVED CVE-2020-9833 RESERVED CVE-2020-9832 RESERVED CVE-2020-9831 RESERVED CVE-2020-9830 RESERVED CVE-2020-9829 RESERVED CVE-2020-9828 RESERVED CVE-2020-9827 RESERVED CVE-2020-9826 RESERVED CVE-2020-9825 RESERVED CVE-2020-9824 RESERVED CVE-2020-9823 RESERVED CVE-2020-9822 RESERVED CVE-2020-9821 RESERVED CVE-2020-9820 RESERVED CVE-2020-9819 RESERVED CVE-2020-9818 RESERVED CVE-2020-9817 RESERVED CVE-2020-9816 RESERVED CVE-2020-9815 RESERVED CVE-2020-9814 RESERVED CVE-2020-9813 RESERVED CVE-2020-9812 RESERVED CVE-2020-9811 RESERVED CVE-2020-9810 RESERVED CVE-2020-9809 RESERVED CVE-2020-9808 RESERVED CVE-2020-9807 RESERVED CVE-2020-9806 RESERVED CVE-2020-9805 RESERVED CVE-2020-9804 RESERVED CVE-2020-9803 RESERVED CVE-2020-9802 RESERVED CVE-2020-9801 RESERVED CVE-2020-9800 RESERVED CVE-2020-9799 RESERVED CVE-2020-9798 RESERVED CVE-2020-9797 RESERVED CVE-2020-9796 RESERVED CVE-2020-9795 RESERVED CVE-2020-9794 RESERVED CVE-2020-9793 RESERVED CVE-2020-9792 RESERVED CVE-2020-9791 RESERVED CVE-2020-9790 RESERVED CVE-2020-9789 RESERVED CVE-2020-9788 RESERVED CVE-2020-9787 RESERVED CVE-2020-9786 RESERVED CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple Safari CVE-2020-9783 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9782 RESERVED CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...) NOT-FOR-US: Apple CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...) NOT-FOR-US: Apple CVE-2020-9779 RESERVED CVE-2020-9778 RESERVED CVE-2020-9777 (An issue existed in the selection of video file by Mail. The issue was ...) NOT-FOR-US: Apple CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in picture ...) NOT-FOR-US: Apple CVE-2020-9774 RESERVED CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...) NOT-FOR-US: Apple CVE-2020-9772 RESERVED CVE-2020-9771 RESERVED CVE-2020-9770 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. This i ...) NOT-FOR-US: Apple CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9767 RESERVED CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10026 REJECTED CVE-2020-10025 REJECTED CVE-2020-10024 (The arm platform-specific code uses a signed integer comparison when v ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10023 (The shell subsystem contains a buffer overflow, whereby an adversary w ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10022 (A malformed JSON payload that is received from an UpdateHub server may ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10021 (Out-of-bounds Write in the USB Mass Storage memoryWrite handler with u ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10020 REJECTED CVE-2020-10019 (USB DFU has a potential buffer overflow where the requested length (wL ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the ...) {DSA-4641-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0003.html CVE-2020-10017 RESERVED CVE-2020-10016 RESERVED CVE-2020-10015 RESERVED CVE-2020-10014 RESERVED CVE-2020-10013 RESERVED CVE-2020-10012 RESERVED CVE-2020-10011 RESERVED CVE-2020-10010 RESERVED CVE-2020-10009 RESERVED CVE-2020-10008 RESERVED CVE-2020-10007 RESERVED CVE-2020-10006 RESERVED CVE-2020-10005 RESERVED CVE-2020-10004 RESERVED CVE-2020-10003 RESERVED CVE-2020-10002 RESERVED CVE-2020-10001 RESERVED CVE-2020-10000 RESERVED CVE-2020-9766 RESERVED CVE-2020-9765 RESERVED CVE-2020-9764 RESERVED CVE-2020-9763 RESERVED CVE-2020-9762 RESERVED CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...) NOT-FOR-US: UNCTAD ASYCUDA World CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affe ...) {DLA-2157-1} - weechat 2.7.1-1 [buster] - weechat (Minor issue) [stretch] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affe ...) {DLA-2157-1} - weechat 2.7.1-1 [buster] - weechat (Minor issue) [stretch] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...) NOT-FOR-US: LiveZilla Live Chat CVE-2020-9757 (The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side T ...) NOT-FOR-US: Seomatic component for Craft CMS CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...) NOT-FOR-US: Patriot Viper RGB Driver CVE-2020-9755 RESERVED CVE-2020-9754 RESERVED CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...) TODO: check CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...) NOT-FOR-US: Naver Cloud Explorer CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an ...) NOT-FOR-US: Naver Cloud Explorer CVE-2020-9750 RESERVED CVE-2020-9749 RESERVED CVE-2020-9748 RESERVED CVE-2020-9747 RESERVED CVE-2020-9746 RESERVED CVE-2020-9745 RESERVED CVE-2020-9744 RESERVED CVE-2020-9743 RESERVED CVE-2020-9742 RESERVED CVE-2020-9741 RESERVED CVE-2020-9740 RESERVED CVE-2020-9739 RESERVED CVE-2020-9738 RESERVED CVE-2020-9737 RESERVED CVE-2020-9736 RESERVED CVE-2020-9735 RESERVED CVE-2020-9734 RESERVED CVE-2020-9733 RESERVED CVE-2020-9732 RESERVED CVE-2020-9731 RESERVED CVE-2020-9730 RESERVED CVE-2020-9729 RESERVED CVE-2020-9728 RESERVED CVE-2020-9727 RESERVED CVE-2020-9726 RESERVED CVE-2020-9725 RESERVED CVE-2020-9724 RESERVED CVE-2020-9723 RESERVED CVE-2020-9722 RESERVED CVE-2020-9721 RESERVED CVE-2020-9720 RESERVED CVE-2020-9719 RESERVED CVE-2020-9718 RESERVED CVE-2020-9717 RESERVED CVE-2020-9716 RESERVED CVE-2020-9715 RESERVED CVE-2020-9714 RESERVED CVE-2020-9713 RESERVED CVE-2020-9712 RESERVED CVE-2020-9711 RESERVED CVE-2020-9710 RESERVED CVE-2020-9709 RESERVED CVE-2020-9708 RESERVED CVE-2020-9707 RESERVED CVE-2020-9706 RESERVED CVE-2020-9705 RESERVED CVE-2020-9704 RESERVED CVE-2020-9703 RESERVED CVE-2020-9702 RESERVED CVE-2020-9701 RESERVED CVE-2020-9700 RESERVED CVE-2020-9699 RESERVED CVE-2020-9698 RESERVED CVE-2020-9697 RESERVED CVE-2020-9696 RESERVED CVE-2020-9695 RESERVED CVE-2020-9694 RESERVED CVE-2020-9693 RESERVED CVE-2020-9692 RESERVED CVE-2020-9691 RESERVED CVE-2020-9690 RESERVED CVE-2020-9689 RESERVED CVE-2020-9688 RESERVED CVE-2020-9687 RESERVED CVE-2020-9686 RESERVED CVE-2020-9685 RESERVED CVE-2020-9684 RESERVED CVE-2020-9683 RESERVED CVE-2020-9682 RESERVED CVE-2020-9681 RESERVED CVE-2020-9680 RESERVED CVE-2020-9679 RESERVED CVE-2020-9678 RESERVED CVE-2020-9677 RESERVED CVE-2020-9676 RESERVED CVE-2020-9675 RESERVED CVE-2020-9674 RESERVED CVE-2020-9673 RESERVED CVE-2020-9672 RESERVED CVE-2020-9671 RESERVED CVE-2020-9670 RESERVED CVE-2020-9669 RESERVED CVE-2020-9668 RESERVED CVE-2020-9667 RESERVED CVE-2020-9666 RESERVED CVE-2020-9665 RESERVED CVE-2020-9664 RESERVED CVE-2020-9663 RESERVED CVE-2020-9662 RESERVED CVE-2020-9661 RESERVED CVE-2020-9660 RESERVED CVE-2020-9659 RESERVED CVE-2020-9658 RESERVED CVE-2020-9657 RESERVED CVE-2020-9656 RESERVED CVE-2020-9655 RESERVED CVE-2020-9654 RESERVED CVE-2020-9653 RESERVED CVE-2020-9652 RESERVED CVE-2020-9651 RESERVED CVE-2020-9650 RESERVED CVE-2020-9649 RESERVED CVE-2020-9648 RESERVED CVE-2020-9647 RESERVED CVE-2020-9646 RESERVED CVE-2020-9645 RESERVED CVE-2020-9644 RESERVED CVE-2020-9643 RESERVED CVE-2020-9642 RESERVED CVE-2020-9641 RESERVED CVE-2020-9640 RESERVED CVE-2020-9639 RESERVED CVE-2020-9638 RESERVED CVE-2020-9637 RESERVED CVE-2020-9636 RESERVED CVE-2020-9635 RESERVED CVE-2020-9634 RESERVED CVE-2020-9633 RESERVED CVE-2020-9632 RESERVED CVE-2020-9631 RESERVED CVE-2020-9630 RESERVED CVE-2020-9629 RESERVED CVE-2020-9628 RESERVED CVE-2020-9627 RESERVED CVE-2020-9626 RESERVED CVE-2020-9625 RESERVED CVE-2020-9624 RESERVED CVE-2020-9623 RESERVED CVE-2020-9622 RESERVED CVE-2020-9621 RESERVED CVE-2020-9620 RESERVED CVE-2020-9619 RESERVED CVE-2020-9618 RESERVED CVE-2020-9617 RESERVED CVE-2020-9616 RESERVED CVE-2020-9615 RESERVED CVE-2020-9614 RESERVED CVE-2020-9613 RESERVED CVE-2020-9612 RESERVED CVE-2020-9611 RESERVED CVE-2020-9610 RESERVED CVE-2020-9609 RESERVED CVE-2020-9608 RESERVED CVE-2020-9607 RESERVED CVE-2020-9606 RESERVED CVE-2020-9605 RESERVED CVE-2020-9604 RESERVED CVE-2020-9603 RESERVED CVE-2020-9602 RESERVED CVE-2020-9601 RESERVED CVE-2020-9600 RESERVED CVE-2020-9599 RESERVED CVE-2020-9598 RESERVED CVE-2020-9597 RESERVED CVE-2020-9596 RESERVED CVE-2020-9595 RESERVED CVE-2020-9594 RESERVED CVE-2020-9593 RESERVED CVE-2020-9592 RESERVED CVE-2020-9591 RESERVED CVE-2020-9590 RESERVED CVE-2020-9589 RESERVED CVE-2020-9588 RESERVED CVE-2020-9587 RESERVED CVE-2020-9586 RESERVED CVE-2020-9585 RESERVED CVE-2020-9584 RESERVED CVE-2020-9583 RESERVED CVE-2020-9582 RESERVED CVE-2020-9581 RESERVED CVE-2020-9580 RESERVED CVE-2020-9579 RESERVED CVE-2020-9578 RESERVED CVE-2020-9577 RESERVED CVE-2020-9576 RESERVED CVE-2020-9575 RESERVED CVE-2020-9574 RESERVED CVE-2020-9573 RESERVED CVE-2020-9572 RESERVED CVE-2020-9571 RESERVED CVE-2020-9570 RESERVED CVE-2020-9569 RESERVED CVE-2020-9568 RESERVED CVE-2020-9567 RESERVED CVE-2020-9566 RESERVED CVE-2020-9565 RESERVED CVE-2020-9564 RESERVED CVE-2020-9563 RESERVED CVE-2020-9562 RESERVED CVE-2020-9561 RESERVED CVE-2020-9560 RESERVED CVE-2020-9559 RESERVED CVE-2020-9558 RESERVED CVE-2020-9557 RESERVED CVE-2020-9556 RESERVED CVE-2020-9555 RESERVED CVE-2020-9554 RESERVED CVE-2020-9553 RESERVED CVE-2020-9552 (Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerabi ...) NOT-FOR-US: Adobe CVE-2020-9551 (Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. ...) NOT-FOR-US: Adobe CVE-2020-9550 (Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication b ...) NOT-FOR-US: Rubetek SmartHome 2020 devices CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ...) {DLA-2134-1} - pdfresurrect 0.20-1 (unimportant; bug #952948) NOTE: https://github.com/enferex/pdfresurrect/issues/8 NOTE: Crash in CLI tool, no security impact CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2631 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9545 (Pale Moon 28.x before 28.8.4 has a segmentation fault related to modul ...) NOT-FOR-US: Pale Moon CVE-2020-9544 (An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The ad ...) NOT-FOR-US: D-Link CVE-2020-9543 (OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9 ...) - manila 1:9.0.0-5 (bug #953581) [buster] - manila 1:7.0.0-1+deb10u1 [stretch] - manila (Minor issue) NOTE: https://bugs.launchpad.net/manila/+bug/1861485 NOTE: https://security.openstack.org/ossa/OSSA-2020-002.html CVE-2020-9542 RESERVED CVE-2020-9541 RESERVED CVE-2020-9540 (Sophos HitmanPro.Alert before build 861 allows local elevation of priv ...) NOT-FOR-US: Sophos CVE-2020-9539 RESERVED CVE-2020-9538 RESERVED CVE-2020-9537 RESERVED CVE-2020-9536 RESERVED CVE-2020-9535 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) NOT-FOR-US: D-Link CVE-2020-9534 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) NOT-FOR-US: D-Link CVE-2020-9533 RESERVED CVE-2020-9532 RESERVED CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In t ...) NOT-FOR-US: Xiaomi CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The ...) NOT-FOR-US: Xiaomi CVE-2020-9529 RESERVED CVE-2020-9528 RESERVED CVE-2020-9527 RESERVED CVE-2020-9526 RESERVED CVE-2020-9525 RESERVED CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Server an ...) NOT-FOR-US: Micro Focus CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...) NOT-FOR-US: Micro Focus CVE-2020-9522 RESERVED CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus Service M ...) NOT-FOR-US: Micro Focus CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...) NOT-FOR-US: Micro Focus Vibe CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...) NOT-FOR-US: Micro Focus CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...) NOT-FOR-US: Micro Focus CVE-2020-9517 (There is an improper restriction of rendered UI layers or frames vulne ...) NOT-FOR-US: Micro Focus CVE-2020-9516 RESERVED CVE-2020-9515 RESERVED CVE-2020-9514 (An issue was discovered in the IMPress for IDX Broker plugin before 2. ...) NOT-FOR-US: IMPress for IDX Broker plugin for WordPress CVE-2020-9513 RESERVED CVE-2020-9512 RESERVED CVE-2020-9511 RESERVED CVE-2020-9510 RESERVED CVE-2020-9509 RESERVED CVE-2020-9508 RESERVED CVE-2020-9507 RESERVED CVE-2020-9506 RESERVED CVE-2020-9505 RESERVED CVE-2020-9504 RESERVED CVE-2020-9503 RESERVED CVE-2020-9502 (Some Dahua products with Build time before December 2019 have Session ...) NOT-FOR-US: Dahua CVE-2020-9501 (Attackers can obtain Cloud Key information from the Dahua Web P2P cont ...) NOT-FOR-US: Dahua CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...) NOT-FOR-US: Dahua CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...) NOT-FOR-US: Dahua CVE-2020-9498 RESERVED CVE-2020-9497 RESERVED CVE-2020-9496 RESERVED CVE-2020-9495 RESERVED CVE-2020-9494 RESERVED CVE-2020-9493 RESERVED CVE-2020-9492 RESERVED CVE-2020-9491 RESERVED CVE-2020-9490 RESERVED CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in Tika' ...) - tika [jessie] - tika (the fix is too invasive to backport) NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1 CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j ...) - apache-log4j2 (bug #959450) [jessie] - apache-log4j2 (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification) NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1 NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819 NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b (release-2.x) NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb (master) CVE-2020-9487 RESERVED CVE-2020-9486 RESERVED CVE-2020-9485 RESERVED CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...) - tomcat9 9.0.35-1 (bug #961209) - tomcat8 - tomcat7 NOTE: https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b (10.0.0-M5) NOTE: https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222 (9.0.35) NOTE: https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f (8.5.55) NOTE: https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06 (7.0.104) CVE-2020-9483 RESERVED CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other ...) NOT-FOR-US: Apache NiFi CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulne ...) {DSA-4672-1} - trafficserver 8.0.7+ds-1 NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c CVE-2020-9480 RESERVED CVE-2020-9479 RESERVED CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...) NOT-FOR-US: Rubrik CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...) NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...) NOT-FOR-US: ARRIS TG1692A devices CVE-2020-9475 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9474 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9473 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a p ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...) NOT-FOR-US: Umbraco CMS CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...) NOT-FOR-US: Umbraco CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...) NOT-FOR-US: Wing FTP Server CVE-2020-9469 RESERVED CVE-2020-9468 (The Community plugin 2.9.e-beta for Piwigo allows users to set image i ...) - piwigo CVE-2020-9467 (Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php reque ...) - piwigo CVE-2020-9466 (The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV ...) NOT-FOR-US: Export Users to CSV plugin for WordPress CVE-2020-9465 (An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP B ...) NOT-FOR-US: BECKHOFF Ethernet TCP/IP Bus Coupler BK9000 CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary ...) - centreon-web (bug #913903) CVE-2020-9462 RESERVED CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...) NOT-FOR-US: Octech Oempro CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...) NOT-FOR-US: Octech Oempro CVE-2020-9459 (Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webn ...) NOT-FOR-US: Webnus Modern Events Calendar Lite plugin for WordPress CVE-2020-9458 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the exp ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9457 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9456 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the use ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9455 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 f ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9453 RESERVED CVE-2020-9452 RESERVED CVE-2020-9451 RESERVED CVE-2020-9450 RESERVED CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB! ...) NOT-FOR-US: BlaB! CVE-2020-9448 RESERVED CVE-2020-9447 (There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0. ...) NOT-FOR-US: GwtUpload CVE-2020-9446 RESERVED CVE-2020-9445 (Zulip Server before 2.1.3 allows XSS via the modal_link feature in the ...) - zulip-server (bug #800052) CVE-2020-9444 (Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown f ...) - zulip-server (bug #800052) CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an Electron web ...) NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server) CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...) NOT-FOR-US: OpenVPN Connect on Windows CVE-2020-9441 RESERVED CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...) NOT-FOR-US: CKEditor plugin CVE-2020-9439 RESERVED CVE-2020-9438 RESERVED CVE-2020-9437 RESERVED CVE-2020-9436 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) NOT-FOR-US: PHOENIX CVE-2020-9435 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) NOT-FOR-US: PHOENIX CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 cert ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certi ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9427 RESERVED CVE-2020-9426 RESERVED CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...) NOT-FOR-US: rConfig CVE-2020-9424 RESERVED CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...) NOT-FOR-US: LogicalDoc CVE-2020-9422 RESERVED CVE-2020-9421 RESERVED CVE-2020-9420 RESERVED CVE-2020-9419 RESERVED CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (composite TVB handling added later) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850 CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790 CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 (low) [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9fe2de783dbcbe74144678d60a4e3923367044b2 CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This ...) - wireshark 3.2.2-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-06.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73c5fff899f253c44a72657048aec7db6edee571 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2530f740d67d41908e84434bb5ec99480c2ac2e CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...) NOT-FOR-US: PDFescape CVE-2020-9417 RESERVED CVE-2020-9416 RESERVED CVE-2020-9415 RESERVED CVE-2020-9414 RESERVED CVE-2020-9413 RESERVED CVE-2020-9412 RESERVED CVE-2020-9411 RESERVED CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...) TODO: check CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...) TODO: check CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain sensitive ...) NOT-FOR-US: IBL Online Weather CVE-2020-9406 (IBL Online Weather before 4.3.5a allows unauthenticated eval injection ...) NOT-FOR-US: IBL Online Weather CVE-2020-9405 (IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS ...) NOT-FOR-US: IBL Online Weather CVE-2020-9404 RESERVED CVE-2020-9403 RESERVED CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...) - python-django 2:2.2.11-1 (low; bug #953102) [buster] - python-django (Can be fixed along in a future DSA) [stretch] - python-django (Can be fixed along in a future DSA) [jessie] - python-django (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/03/04/1 NOTE: Introduced by: https://github.com/django/django/commit/fcf494b48fea7c0c55ea29721ba0b2d250351ff8 NOTE: Fixed by: https://github.com/django/django/commit/fe886a3b58a93cfbe8864b485f93cb6d426cd1f2 (v2.2) NOTE: Fixed by: https://github.com/django/django/commit/02d97f3c9a88adc890047996e5606180bd1c6166 (v1.11) CVE-2020-9401 RESERVED CVE-2020-9400 RESERVED CVE-2020-9399 (The Avast AV parsing engine allows virus-detection bypass via a crafte ...) NOT-FOR-US: Avast AV parsing engine CVE-2020-9398 (ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_a ...) NOT-FOR-US: ISPConfig CVE-2020-9397 RESERVED CVE-2020-9396 RESERVED CVE-2020-9395 RESERVED CVE-2020-9394 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9390 RESERVED CVE-2020-9389 RESERVED CVE-2020-9388 RESERVED CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account detai ...) - mahara CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) - mahara CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 ...) - linux 5.5.13-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...) - zint (bug #732141) CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...) NOT-FOR-US: Subex CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3 CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 for Med ...) NOT-FOR-US: Widgets extension for MediaWiki CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers to exe ...) NOT-FOR-US: Total.js CMS CVE-2020-9380 (IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to exe ...) NOT-FOR-US: IPTV Smarters WEB TV PLAYER CVE-2020-9379 (The Software Development Kit of the MiContact Center Business with Sit ...) NOT-FOR-US: Mitel CVE-2020-9378 RESERVED CVE-2020-9377 RESERVED CVE-2020-9376 RESERVED CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows re ...) NOT-FOR-US: TP-Link CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...) NOT-FOR-US: TP-Link CVE-2020-9373 RESERVED CVE-2020-9372 (The Appointment Booking Calendar plugin before 1.3.35 for WordPress al ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin before 1. ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. ...) NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial ...) - sympa 6.2.40~dfsg-4 (low; bug #952428) [buster] - sympa (Minor issue) [stretch] - sympa (Vulnerability introduced later in 6.2.38) [jessie] - sympa (Vulnerability introduced later in 6.2.38) NOTE: https://github.com/sympa-community/sympa/issues/886 NOTE: https://sympa-community.github.io/security/2020-001.html NOTE: Upstream patch: https://github.com/sympa-community/sympa/releases/download/6.2.54/sympa-6.2.52-sa-2020-001.patch CVE-2020-9368 RESERVED CVE-2020-9367 RESERVED CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ...) - pure-ftpd 1.0.49-3 (bug #952471) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) [jessie] - pure-ftpd (Vulnerable code does not exist) NOTE: https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b CVE-2020-9364 (An issue was discovered in helpers/mailer.php in the Creative Contact ...) NOT-FOR-US: Creative Contact Form extension for Joomla! CVE-2020-9363 (The Sophos AV parsing engine before 2020-01-14 allows virus-detection ...) NOT-FOR-US: Sophos AV CVE-2020-9362 (The Quick Heal AV parsing engine (November 2019) allows virus-detectio ...) NOT-FOR-US: Quick Heal AV parsing engine CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 treated ...) - screen 4.8.0-1 (bug #950896) [buster] - screen (Vulnerable code introduced in v4.7.0) [stretch] - screen (Vulnerable code introduced in v4.7.0) [jessie] - screen (Vulnerable code introduced in v4.7.0) NOTE: https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html NOTE: https://www.openwall.com/lists/oss-security/2020/02/06/3 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b (v4.8.0) NOTE: Follow-up: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a (v4.8.0) NOTE: Introduced due to: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 (v4.7.0) CVE-2020-9361 RESERVED CVE-2020-9360 RESERVED CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...) {DLA-2159-1} - okular 4:19.12.3-2 (bug #954891) [buster] - okular (Minor issue) [stretch] - okular (Minor issue) NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244 NOTE: https://kde.org/info/security/advisory-20200312-1.txt NOTE: https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC) CVE-2020-9358 RESERVED CVE-2020-9357 RESERVED CVE-2020-9356 RESERVED CVE-2020-9354 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) NOT-FOR-US: SmartClient CVE-2020-9353 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) NOT-FOR-US: SmartClient CVE-2020-9352 (An issue was discovered in SmartClient 12.0. Unauthenticated exploitat ...) NOT-FOR-US: SmartClient CVE-2020-9351 (An issue was discovered in SmartClient 12.0. If an unauthenticated att ...) NOT-FOR-US: SmartClient CVE-2020-9350 (Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph templ ...) NOT-FOR-US: Graph Builder in SAS Visual Analytics CVE-2020-9349 (The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmwar ...) NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP CVE-2020-9348 RESERVED CVE-2020-9347 (** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.x has ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9345 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) NOT-FOR-US: signoPAD-API/Web CVE-2020-9344 (Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at ...) NOT-FOR-US: Subversion ALM CVE-2020-9343 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) NOT-FOR-US: signoPAD-API/Web CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows virus-detectio ...) NOT-FOR-US: F-Secure AV parsing engine CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator ...) NOT-FOR-US: CandidATS CVE-2020-9340 (fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandid ...) NOT-FOR-US: fauzantrif eLection CVE-2020-9339 (SOPlanning 1.45 allows XSS via the Name or Comment to status.php. ...) NOT-FOR-US: SOPlanning CVE-2020-9338 (SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. ...) NOT-FOR-US: SOPlanning CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encod ...) NOT-FOR-US: GolfBuddy Course Manager CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings ...) NOT-FOR-US: fauzantrif eLection CVE-2020-6816 (In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCD ...) {DSA-4643-1} - python-bleach 3.1.3-1 (bug #954236) [stretch] - python-bleach (Requires invasive changes to address issue) [jessie] - python-bleach (Requires invasive change to address issue) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 NOTE: https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986 CVE-2020-6802 (In Mozilla Bleach before 3.11, a mutation XSS affects users calling bl ...) {DSA-4636-1} - python-bleach 3.1.1-1 (bug #951907) [stretch] - python-bleach (Requires invasive changes to address issue) [jessie] - python-bleach (Fix too invasive in jessie; uses external html5 parser) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r NOTE: https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd CVE-2020-9335 (Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery p ...) NOT-FOR-US: 10Web Photo Gallery plugin for WordPress CVE-2020-9334 (A stored XSS vulnerability exists in the Envira Photo Gallery plugin t ...) NOT-FOR-US: Envira Photo Gallery plugin for WordPress CVE-2020-9333 RESERVED CVE-2020-9332 RESERVED CVE-2020-9331 RESERVED CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...) NOT-FOR-US: Xerox CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...) NOT-FOR-US: Go Git Service CVE-2020-9328 RESERVED CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...) - sqlite3 3.31.1-3 (bug #951835) [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Minor issue) [jessie] - sqlite3 (vulnerable code not present) NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380 NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900 CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...) NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory E ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9322 RESERVED CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...) NOT-FOR-US: Traefik CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a ...) NOT-FOR-US: Avira CVE-2020-9319 RESERVED CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...) NOT-FOR-US: Red Gate SQL Monitor CVE-2020-9317 RESERVED CVE-2020-9316 RESERVED CVE-2020-9315 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...) NOT-FOR-US: Oracle CVE-2020-9314 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...) NOT-FOR-US: Oracle CVE-2020-9313 RESERVED CVE-2020-9312 RESERVED CVE-2020-9311 RESERVED CVE-2020-9310 REJECTED CVE-2020-9309 RESERVED CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...) - libarchive 3.4.0-2 (bug #951759) [buster] - libarchive (rar5 support added in 3.4.0) [stretch] - libarchive (rar5 support added in 3.4.0) [jessie] - libarchive (rar5 support added in 3.4.0) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 NOTE: https://github.com/libarchive/libarchive/pull/1326 NOTE: https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a CVE-2020-9307 RESERVED CVE-2020-9306 RESERVED CVE-2020-9305 RESERVED CVE-2020-9304 RESERVED CVE-2020-9303 RESERVED CVE-2020-9302 RESERVED CVE-2020-9301 RESERVED CVE-2020-9300 RESERVED CVE-2020-9299 RESERVED CVE-2020-9298 RESERVED CVE-2020-9297 RESERVED CVE-2020-9296 RESERVED CVE-2020-9295 RESERVED CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...) NOT-FOR-US: FortiMail Fortiguard CVE-2020-9293 RESERVED CVE-2020-9292 RESERVED CVE-2020-9291 RESERVED CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online ...) NOT-FOR-US: Fortiguard CVE-2020-9289 RESERVED CVE-2020-9288 RESERVED CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...) NOT-FOR-US: Fortiguard CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...) NOT-FOR-US: Fortiguard CVE-2020-9285 RESERVED CVE-2020-9284 RESERVED CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...) - golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462) [buster] - golang-go.crypto (Minor issue) [stretch] - golang-go.crypto (Minor issue) [jessie] - golang-go.crypto (Minor issue) NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236 CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) - mahara CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) NOT-FOR-US: CKEditor plugin CVE-2020-9280 (In SilverStripe through 4.5, files uploaded via Forms to folders migra ...) NOT-FOR-US: SilverStripe CVE-2020-9279 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A har ...) NOT-FOR-US: D-Link CVE-2020-9278 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The d ...) NOT-FOR-US: D-Link CVE-2020-9277 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authe ...) NOT-FOR-US: D-Link CVE-2020-9276 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The f ...) NOT-FOR-US: D-Link CVE-2020-9275 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm ...) NOT-FOR-US: D-Link CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...) {DLA-2123-1} - pure-ftpd 1.0.49-4 (bug #952666) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) NOTE: https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa NOTE: though the CVE description does not specifically say, the issue seems to be an NOTE: out-of-bounds memory read which may result in information disclosure; NOTE: probably not the end of the world, but it is made worse by use of the rather NOTE: unsafe strcmp() instead of strncmp() in the vulnerable functions CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...) {DSA-4635-1 DLA-2115-2 DLA-2115-1} - proftpd-dfsg 1.3.6c-2 (bug #951800) NOTE: https://github.com/proftpd/proftpd/issues/903 NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master) NOTE: https://github.com/proftpd/proftpd/commit/f8047a1ed0e0eb15193f555c4cbbb281e705c5c3 (master) NOTE: https://github.com/proftpd/proftpd/commit/e845abc1bd86eebec7a0342fded908a1b0f1996b (1.3.6c) NOTE: https://github.com/proftpd/proftpd/commit/cd9036f4ef7a05c107f0ffcb19a018b20267c531 (1.3.6-branch) CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...) - proftpd-dfsg 1.3.6c-1 (unimportant) NOTE: https://github.com/proftpd/proftpd/issues/902 NOTE: Debian does not build mod_cap and does not use the embedded libcap. NOTE: Sourcewise fixed in 1.3.6c by updating to the lastest libcap. CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...) NOT-FOR-US: ICE Hrm CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via ...) NOT-FOR-US: ICE Hrm CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...) NOT-FOR-US: SOPlanning CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, ...) NOT-FOR-US: SOPlanning CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) NOT-FOR-US: SOPlanning CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) NOT-FOR-US: SOPlanning CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...) NOT-FOR-US: phpMyChat-Plus CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...) NOT-FOR-US: ESET CVE-2020-9263 RESERVED CVE-2020-9262 RESERVED CVE-2020-9261 RESERVED CVE-2020-9260 RESERVED CVE-2020-9259 RESERVED CVE-2020-9258 RESERVED CVE-2020-9257 RESERVED CVE-2020-9256 RESERVED CVE-2020-9255 RESERVED CVE-2020-9254 RESERVED CVE-2020-9253 RESERVED CVE-2020-9252 RESERVED CVE-2020-9251 RESERVED CVE-2020-9250 RESERVED CVE-2020-9249 RESERVED CVE-2020-9248 RESERVED CVE-2020-9247 RESERVED CVE-2020-9246 RESERVED CVE-2020-9245 RESERVED CVE-2020-9244 RESERVED CVE-2020-9243 RESERVED CVE-2020-9242 RESERVED CVE-2020-9241 RESERVED CVE-2020-9240 RESERVED CVE-2020-9239 RESERVED CVE-2020-9238 RESERVED CVE-2020-9237 RESERVED CVE-2020-9236 RESERVED CVE-2020-9235 RESERVED CVE-2020-9234 RESERVED CVE-2020-9233 RESERVED CVE-2020-9232 RESERVED CVE-2020-9231 RESERVED CVE-2020-9230 RESERVED CVE-2020-9229 RESERVED CVE-2020-9228 RESERVED CVE-2020-9227 RESERVED CVE-2020-9226 RESERVED CVE-2020-9225 RESERVED CVE-2020-9224 RESERVED CVE-2020-9223 RESERVED CVE-2020-9222 RESERVED CVE-2020-9221 RESERVED CVE-2020-9220 RESERVED CVE-2020-9219 RESERVED CVE-2020-9218 RESERVED CVE-2020-9217 RESERVED CVE-2020-9216 RESERVED CVE-2020-9215 RESERVED CVE-2020-9214 RESERVED CVE-2020-9213 RESERVED CVE-2020-9212 RESERVED CVE-2020-9211 RESERVED CVE-2020-9210 RESERVED CVE-2020-9209 RESERVED CVE-2020-9208 RESERVED CVE-2020-9207 RESERVED CVE-2020-9206 RESERVED CVE-2020-9205 RESERVED CVE-2020-9204 RESERVED CVE-2020-9203 RESERVED CVE-2020-9202 RESERVED CVE-2020-9201 RESERVED CVE-2020-9200 RESERVED CVE-2020-9199 RESERVED CVE-2020-9198 RESERVED CVE-2020-9197 RESERVED CVE-2020-9196 RESERVED CVE-2020-9195 RESERVED CVE-2020-9194 RESERVED CVE-2020-9193 RESERVED CVE-2020-9192 RESERVED CVE-2020-9191 RESERVED CVE-2020-9190 RESERVED CVE-2020-9189 RESERVED CVE-2020-9188 RESERVED CVE-2020-9187 RESERVED CVE-2020-9186 RESERVED CVE-2020-9185 RESERVED CVE-2020-9184 RESERVED CVE-2020-9183 RESERVED CVE-2020-9182 RESERVED CVE-2020-9181 RESERVED CVE-2020-9180 RESERVED CVE-2020-9179 RESERVED CVE-2020-9178 RESERVED CVE-2020-9177 RESERVED CVE-2020-9176 RESERVED CVE-2020-9175 RESERVED CVE-2020-9174 RESERVED CVE-2020-9173 RESERVED CVE-2020-9172 RESERVED CVE-2020-9171 RESERVED CVE-2020-9170 RESERVED CVE-2020-9169 RESERVED CVE-2020-9168 RESERVED CVE-2020-9167 RESERVED CVE-2020-9166 RESERVED CVE-2020-9165 RESERVED CVE-2020-9164 RESERVED CVE-2020-9163 RESERVED CVE-2020-9162 RESERVED CVE-2020-9161 RESERVED CVE-2020-9160 RESERVED CVE-2020-9159 RESERVED CVE-2020-9158 RESERVED CVE-2020-9157 RESERVED CVE-2020-9156 RESERVED CVE-2020-9155 RESERVED CVE-2020-9154 RESERVED CVE-2020-9153 RESERVED CVE-2020-9152 RESERVED CVE-2020-9151 RESERVED CVE-2020-9150 RESERVED CVE-2020-9149 RESERVED CVE-2020-9148 RESERVED CVE-2020-9147 RESERVED CVE-2020-9146 RESERVED CVE-2020-9145 RESERVED CVE-2020-9144 RESERVED CVE-2020-9143 RESERVED CVE-2020-9142 RESERVED CVE-2020-9141 RESERVED CVE-2020-9140 RESERVED CVE-2020-9139 RESERVED CVE-2020-9138 RESERVED CVE-2020-9137 RESERVED CVE-2020-9136 RESERVED CVE-2020-9135 RESERVED CVE-2020-9134 RESERVED CVE-2020-9133 RESERVED CVE-2020-9132 RESERVED CVE-2020-9131 RESERVED CVE-2020-9130 RESERVED CVE-2020-9129 RESERVED CVE-2020-9128 RESERVED CVE-2020-9127 RESERVED CVE-2020-9126 RESERVED CVE-2020-9125 RESERVED CVE-2020-9124 RESERVED CVE-2020-9123 RESERVED CVE-2020-9122 RESERVED CVE-2020-9121 RESERVED CVE-2020-9120 RESERVED CVE-2020-9119 RESERVED CVE-2020-9118 RESERVED CVE-2020-9117 RESERVED CVE-2020-9116 RESERVED CVE-2020-9115 RESERVED CVE-2020-9114 RESERVED CVE-2020-9113 RESERVED CVE-2020-9112 RESERVED CVE-2020-9111 RESERVED CVE-2020-9110 RESERVED CVE-2020-9109 RESERVED CVE-2020-9108 RESERVED CVE-2020-9107 RESERVED CVE-2020-9106 RESERVED CVE-2020-9105 RESERVED CVE-2020-9104 RESERVED CVE-2020-9103 RESERVED CVE-2020-9102 RESERVED CVE-2020-9101 RESERVED CVE-2020-9100 RESERVED CVE-2020-9099 RESERVED CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...) NOT-FOR-US: Huawei CVE-2020-9097 RESERVED CVE-2020-9096 RESERVED CVE-2020-9095 RESERVED CVE-2020-9094 RESERVED CVE-2020-9093 RESERVED CVE-2020-9092 RESERVED CVE-2020-9091 RESERVED CVE-2020-9090 RESERVED CVE-2020-9089 RESERVED CVE-2020-9088 RESERVED CVE-2020-9087 RESERVED CVE-2020-9086 RESERVED CVE-2020-9085 RESERVED CVE-2020-9084 RESERVED CVE-2020-9083 RESERVED CVE-2020-9082 RESERVED CVE-2020-9081 RESERVED CVE-2020-9080 RESERVED CVE-2020-9079 RESERVED CVE-2020-9078 RESERVED CVE-2020-9077 RESERVED CVE-2020-9076 RESERVED CVE-2020-9075 RESERVED CVE-2020-9074 RESERVED CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...) NOT-FOR-US: Huawei CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...) NOT-FOR-US: Huawei CVE-2020-9071 RESERVED CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...) NOT-FOR-US: Huawei CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...) TODO: check CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...) NOT-FOR-US: Huawei CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...) NOT-FOR-US: Huawei CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169 ...) NOT-FOR-US: Huawei CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203( ...) NOT-FOR-US: Huawei CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...) NOT-FOR-US: Huawei CVE-2020-9063 RESERVED CVE-2020-9062 RESERVED CVE-2020-9061 RESERVED CVE-2020-9060 RESERVED CVE-2020-9059 RESERVED CVE-2020-9058 RESERVED CVE-2020-9057 RESERVED CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scr ...) NOT-FOR-US: Periscope BuySpeed CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...) NOT-FOR-US: Versiant LYNX Customer Service Portal CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...) NOT-FOR-US: ZyXEL CVE-2020-9053 RESERVED CVE-2020-9052 RESERVED CVE-2020-9051 RESERVED CVE-2020-9050 RESERVED CVE-2020-9049 RESERVED CVE-2020-9048 RESERVED CVE-2020-9047 RESERVED CVE-2020-9046 RESERVED CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...) TODO: check CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...) NOT-FOR-US: Johnson Controls CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...) NOT-FOR-US: wpCentral plugin for WordPress CVE-2020-9042 RESERVED CVE-2020-9041 RESERVED CVE-2020-9040 RESERVED CVE-2020-9039 (Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for ...) NOT-FOR-US: Couchbase CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...) NOT-FOR-US: Joplin CVE-2020-9037 RESERVED CVE-2020-9036 RESERVED CVE-2020-9035 RESERVED CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...) {DSA-4637-1} - network-manager-ssh 1.2.11-1 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803499 CVE-2020-9034 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9033 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9032 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9031 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9030 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9029 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9028 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9027 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) NOT-FOR-US: ELTEX devices CVE-2020-9026 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) NOT-FOR-US: ELTEX devices CVE-2020-9025 (Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9024 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world- ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9023 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two us ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9022 (An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 de ...) NOT-FOR-US: Xirrus devices CVE-2020-9021 (Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1. ...) NOT-FOR-US: Post Oak AWAM Bluetooth Field Device CVE-2020-9020 (Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9019 (The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via th ...) NOT-FOR-US: WPJobBoard plugin for WordPress CVE-2020-9018 (LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF ...) NOT-FOR-US: LiteCart CVE-2020-9017 (LiteCart through 2.2.1 allows CSV injection via a customer's profile. ...) NOT-FOR-US: LiteCart CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, ...) - dolibarr CVE-2020-9015 (** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20 ...) NOT-FOR-US: Arista devices CVE-2020-9014 RESERVED CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...) NOT-FOR-US: Arvato Skillpipe CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People functi ...) NOT-FOR-US: Gluu Identity Configuration CVE-2020-9011 RESERVED CVE-2020-9010 RESERVED CVE-2020-9009 RESERVED CVE-2020-9008 (Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/Pe ...) NOT-FOR-US: Blackboard Learn/PeopleTool CVE-2020-9007 (Codoforum 4.8.8 allows self-XSS via the title of a new topic. ...) NOT-FOR-US: Codoforum CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulner ...) NOT-FOR-US: Popup Builder plugin for WordPress CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attack ...) NOT-FOR-US: Dota 2 CVE-2020-9004 (A remote authenticated authorization-bypass vulnerability in Wowza Str ...) NOT-FOR-US: Wowza Streaming Engine CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...) NOT-FOR-US: Modula Image Gallery plugin for WordPress CVE-2020-9002 RESERVED CVE-2020-9001 RESERVED CVE-2020-9000 RESERVED CVE-2020-8999 RESERVED CVE-2020-8998 REJECTED CVE-2020-8997 (Older generation Abbott FreeStyle Libre sensors allow remote attackers ...) NOT-FOR-US: Abbott FreeStyle Libre CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to read ...) NOT-FOR-US: AnyShare Cloud CVE-2020-8995 RESERVED CVE-2020-8994 (An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1. ...) NOT-FOR-US: XIAOMI AI speaker MDZ-25-DT CVE-2020-8993 RESERVED CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://patchwork.ozlabs.org/patch/1236118/ CVE-2020-8991 (** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.0 ...) - lvm2 2.03.01-2 [stretch] - lvm2 (Minor issue) [jessie] - lvm2 (Minor issue) NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701 NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code) CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow ...) NOT-FOR-US: Western Digital My Cloud Home CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...) NOT-FOR-US: Voatz application for Android CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...) NOT-FOR-US: Voatz application for Android CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 pr ...) NOT-FOR-US: Avast AntiTrack CVE-2020-8986 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly c ...) NOT-FOR-US: ZendTo CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unl ...) NOT-FOR-US: ZendTo CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address s ...) NOT-FOR-US: ZendTo CVE-2020-8983 (An arbitrary file write issue exists in all versions of Citrix ShareFi ...) NOT-FOR-US: Citrix CVE-2020-8982 (An unauthenticated arbitrary file read issue exists in all versions of ...) NOT-FOR-US: Citrix CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...) NOT-FOR-US: Source Integration plugin for MantisBT CVE-2020-8980 RESERVED CVE-2020-8979 RESERVED CVE-2020-8978 RESERVED CVE-2020-8977 RESERVED CVE-2020-8976 RESERVED CVE-2020-8975 RESERVED CVE-2020-8974 RESERVED CVE-2020-8973 RESERVED CVE-2020-8972 RESERVED CVE-2020-8971 RESERVED CVE-2020-8970 RESERVED CVE-2020-8969 RESERVED CVE-2020-8968 RESERVED CVE-2020-8967 RESERVED CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...) NOT-FOR-US: Tiki-Wiki Groupware CVE-2020-8965 RESERVED CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) NOT-FOR-US: TimeTools devices CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) NOT-FOR-US: TimeTools devices CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...) NOT-FOR-US: D-Link CVE-2020-8961 (An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. ...) NOT-FOR-US: Avira CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...) NOT-FOR-US: Western Digital mycloud.com CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...) NOT-FOR-US: Western Digital CVE-2020-8958 RESERVED CVE-2020-8957 RESERVED CVE-2020-8956 RESERVED CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...) {DLA-2157-1} - weechat 2.7.1-1 (bug #951289) [buster] - weechat (Minor issue) [stretch] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da CVE-2020-8954 RESERVED CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...) NOT-FOR-US: Fiserv Accurate Reconciliation CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Des ...) NOT-FOR-US: Fiserv Accurate Reconciliation CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...) NOT-FOR-US: Radeon AMD User Experience Program Launcher CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...) NOT-FOR-US: Gocloud devices CVE-2020-8948 (The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) be ...) NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) CVE-2020-8947 (functions_netflow.php in Artica Pandora FMS 7.0 allows remote attacker ...) NOT-FOR-US: Pandora FMS CVE-2020-8946 (Netis WF2471 v1.2.30142 devices allow an authenticated attacker to exe ...) NOT-FOR-US: Netis devices CVE-2020-8945 (The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...) - golang-github-proglottis-gpgme 0.1.1-1 (bug #951372) NOTE: https://github.com/proglottis/gpgme/pull/23 CVE-2020-8944 RESERVED CVE-2020-8943 RESERVED CVE-2020-8942 RESERVED CVE-2020-8941 RESERVED CVE-2020-8940 RESERVED CVE-2020-8939 RESERVED CVE-2020-8938 RESERVED CVE-2020-8937 RESERVED CVE-2020-8936 RESERVED CVE-2020-8935 RESERVED CVE-2020-8934 RESERVED CVE-2020-8933 RESERVED CVE-2020-8932 RESERVED CVE-2020-8931 RESERVED CVE-2020-8930 RESERVED CVE-2020-8929 RESERVED CVE-2020-8928 RESERVED CVE-2020-8927 RESERVED CVE-2020-8926 RESERVED CVE-2020-8925 RESERVED CVE-2020-8924 RESERVED CVE-2020-8923 (An improper HTML sanitization in Dart versions up to and including 2.7 ...) NOT-FOR-US: Dart (different from src:dart) CVE-2020-8922 RESERVED CVE-2020-8921 RESERVED CVE-2020-8920 RESERVED CVE-2020-8919 RESERVED CVE-2020-8918 RESERVED CVE-2020-8917 RESERVED CVE-2020-8916 RESERVED CVE-2020-8915 RESERVED CVE-2020-8914 RESERVED CVE-2020-8913 RESERVED CVE-2020-8912 RESERVED CVE-2020-8911 RESERVED CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...) - chromium [stretch] - chromium (see DSA 4562) NOTE: https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9 CVE-2020-8909 RESERVED CVE-2020-8908 RESERVED CVE-2020-8907 RESERVED CVE-2020-8906 RESERVED CVE-2020-8905 RESERVED CVE-2020-8904 RESERVED CVE-2020-8903 RESERVED CVE-2020-8902 RESERVED CVE-2020-8901 RESERVED CVE-2020-8900 RESERVED CVE-2020-8899 (There is a buffer overwrite vulnerability in the Quram qmg library of ...) NOT-FOR-US: Samsung CVE-2020-8898 RESERVED CVE-2020-8897 RESERVED CVE-2020-8896 (A Buffer Overflow vulnerability in the khcrypt implementation in Googl ...) NOT-FOR-US: Google Earth Pro CVE-2020-8895 (Untrusted Search Path vulnerability in the windows installer of Google ...) NOT-FOR-US: windows installer of Google Earth Pro CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...) NOT-FOR-US: MISP CVE-2020-8893 (An issue was discovered in MISP before 2.4.121. The Galaxy view contai ...) NOT-FOR-US: MISP CVE-2020-8892 (An issue was discovered in MISP before 2.4.121. It did not consider th ...) NOT-FOR-US: MISP CVE-2020-8891 (An issue was discovered in MISP before 2.4.121. It did not canonicaliz ...) NOT-FOR-US: MISP CVE-2020-8890 (An issue was discovered in MISP before 2.4.121. It mishandled time ske ...) NOT-FOR-US: MISP CVE-2020-8889 RESERVED CVE-2020-8888 RESERVED CVE-2020-8887 RESERVED CVE-2020-8886 RESERVED CVE-2020-8885 RESERVED CVE-2020-8884 RESERVED CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8881 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8880 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8879 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8876 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels CVE-2020-8875 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8874 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8873 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8870 RESERVED CVE-2020-8869 RESERVED CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Quest Foglight Evolve CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: OPC Foundation UA .NET Standard CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...) {DLA-2162-1} - php-horde-form (bug #955020) [buster] - php-horde-form 2.0.18-3.1+deb10u1 [stretch] - php-horde-form (Minor issue) NOTE: https://lists.horde.org/archives/announce/2020/001288.html NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-275/ NOTE: https://github.com/horde/Form/commit/813f8e7e9479fad4546b89c569325ee9eef60b0f CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP files ...) {DLA-2175-1} - php-horde-trean (bug #955019) [buster] - php-horde-trean 1.1.9-3+deb10u1 [stretch] - php-horde-trean (Minor issue) NOTE: https://lists.horde.org/archives/announce/2020/001286.html NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-276/ NOTE: https://github.com/horde/trean/commit/db0714a0c04d87bda9e2852f1b0d259fc281ca75 NOTE: https://github.com/horde/trean/commit/055029f551501803d7e293a48316e2cf31307908 CVE-2020-8864 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8863 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Samsung Galaxy S10 Firmware CVE-2020-8859 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: elog CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Moxa CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8856 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8855 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8854 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8853 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8852 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2020-8851 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8850 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8849 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8848 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8847 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8846 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...) NOT-FOR-US: itsio CVE-2020-8842 (Unquoted search path vulnerability in MSI True Color before 3.0.52.0 a ...) NOT-FOR-US: MSI True Color CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...) NOT-FOR-US: TestLink CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...) {DLA-2111-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2620 NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter dev ...) NOT-FOR-US: CHIYU BF-430 232/485 TCP/IP Converter devices CVE-2020-8838 (An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-8837 RESERVED CVE-2020-8836 RESERVED CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/veri ...) - linux 5.5.13-2 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f2d67fec0b43edce8c416101cdc52e71145b5fef NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-350/ CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting use of ...) - linux 4.18.6-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2 CVE-2020-8833 (Time-of-check Time-of-use Race Condition vulnerability on crash report ...) NOT-FOR-US: Apport CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...) - linux 4.16.5-1 [jessie] - linux (No support for this hardware) NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 NOTE: The CVE is for an incomplete fix for CVE-2019-14615 which technically only NOTE: affects upstream versions (and downstreams) which applied the fix fo NOTE: CVE-2019-14615 which is bc8a76a152c5 ("drm/i915/gen9: Clear residual context NOTE: state on context switch"). But there is need to apply as well the prerequistite NOTE: d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load"). CVE-2020-8831 (Apport creates a world writable lock file with root ownership in the w ...) NOT-FOR-US: Apport CVE-2020-8830 (CSRF in login.asp on Ruckus devices allows an attacker to access the p ...) NOT-FOR-US: Ruckus CVE-2020-8829 (CSRF on Intelbras CIP 92200 devices allows an attacker to access the p ...) NOT-FOR-US: Intelbras CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...) NOT-FOR-US: Argo CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...) NOT-FOR-US: Argo CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...) NOT-FOR-US: Argo CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...) NOT-FOR-US: Vanilla Forums CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...) NOT-FOR-US: Hitron devices CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerab ...) NOT-FOR-US: SockJS CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices ...) NOT-FOR-US: Digi TransPort CVE-2020-8821 RESERVED CVE-2020-8820 RESERVED CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3.1.15 ...) NOT-FOR-US: CardGate Payments plugin for WooCommerce CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...) NOT-FOR-US: CardGate Payments plugin for Magento CVE-2020-8817 RESERVED CVE-2020-8816 RESERVED CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam ...) NOT-FOR-US: BearFTP CVE-2020-8814 RESERVED CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...) - cacti 1.2.10+ds1-1 (bug #951832) [stretch] - cacti (Vulnerable code not present) [jessie] - cacti (Vulnerable code not present) NOTE: https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129 NOTE: https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ NOTE: https://github.com/Cacti/cacti/issues/3285 NOTE: https://github.com/Cacti/cacti/commit/fea919e8fe05bb730c802054661fd3a7ec029784 CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert m ...) NOT-FOR-US: Bludit CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated ...) NOT-FOR-US: Bludit CVE-2020-8810 (An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301 ...) NOT-FOR-US: Gurux CVE-2020-8809 (Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add- ...) NOT-FOR-US: Gurux CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...) NOT-FOR-US: CORSAIR iCUE CVE-2020-8807 RESERVED CVE-2020-8806 RESERVED CVE-2020-8805 RESERVED CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...) NOT-FOR-US: SuiteCRM CVE-2020-8803 (SuiteCRM through 7.11.11 allows Directory Traversal to include arbitra ...) NOT-FOR-US: SuiteCRM CVE-2020-8802 (SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveH ...) NOT-FOR-US: SuiteCRM CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization. ...) NOT-FOR-US: SuiteCRM CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...) NOT-FOR-US: SuiteCRM CVE-2020-8799 (A Stored XSS vulnerability has been found in the administration page o ...) NOT-FOR-US: administration page of the WTI Like Post plugin for WordPress CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to cha ...) NOT-FOR-US: Juplink CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to ...) NOT-FOR-US: Juplink CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a gro ...) - gitlab (Only affects EE version) NOTE: https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/ CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an out- ...) {DSA-4634-1} - opensmtpd 6.6.4p1-1 (bug #952453) NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5 NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ NOTE: https://www.openwall.com/lists/oss-security/2020/02/26/1 CVE-2020-8793 (OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ...) - opensmtpd 6.6.4p1-1 (unimportant; bug #952453) [buster] - opensmtpd 6.0.3p1-5+deb10u4 [stretch] - opensmtpd 6.0.2p1-2+deb9u3 NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/4 NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ NOTE: Neutralised by kernel hardening CVE-2020-8792 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8791 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8790 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8789 (Composr 10.0.30 allows Persistent XSS via a Usergroup name under the S ...) TODO: check CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...) NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8786 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8785 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8782 RESERVED CVE-2020-8781 RESERVED CVE-2020-8780 RESERVED CVE-2020-8779 RESERVED CVE-2020-8778 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8777 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8776 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8775 (Pega Platform before version 8.2.6 is affected by a Stored Cross-Site ...) NOT-FOR-US: Pega Platform CVE-2020-8774 (Pega Platform before version 8.2.6 is affected by a Reflected Cross-Si ...) NOT-FOR-US: Pega Platform CVE-2020-8773 (The Richtext Editor in Pega Platform before 8.2.6 is affected by a Sto ...) NOT-FOR-US: Pega Platform CVE-2020-8772 (The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missin ...) NOT-FOR-US: InfiniteWP Client plugin for WordPress CVE-2020-8771 (The Time Capsule plugin before 1.21.16 for WordPress has an authentica ...) NOT-FOR-US: Time Capsule plugin for WordPress CVE-2020-8770 RESERVED CVE-2020-8769 RESERVED CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...) NOT-FOR-US: PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L) CVE-2020-8767 RESERVED CVE-2020-8766 RESERVED CVE-2020-8765 RESERVED CVE-2020-8764 RESERVED CVE-2020-8763 RESERVED CVE-2020-8762 RESERVED CVE-2020-8761 RESERVED CVE-2020-8760 RESERVED CVE-2020-8759 RESERVED CVE-2020-8758 RESERVED CVE-2020-8757 RESERVED CVE-2020-8756 RESERVED CVE-2020-8755 RESERVED CVE-2020-8754 RESERVED CVE-2020-8753 RESERVED CVE-2020-8752 RESERVED CVE-2020-8751 RESERVED CVE-2020-8750 RESERVED CVE-2020-8749 RESERVED CVE-2020-8748 RESERVED CVE-2020-8747 RESERVED CVE-2020-8746 RESERVED CVE-2020-8745 RESERVED CVE-2020-8744 RESERVED CVE-2020-8743 RESERVED CVE-2020-8742 RESERVED CVE-2020-8741 RESERVED CVE-2020-8740 RESERVED CVE-2020-8739 RESERVED CVE-2020-8738 RESERVED CVE-2020-8737 RESERVED CVE-2020-8736 RESERVED CVE-2020-8735 RESERVED CVE-2020-8734 RESERVED CVE-2020-8733 RESERVED CVE-2020-8732 RESERVED CVE-2020-8731 RESERVED CVE-2020-8730 RESERVED CVE-2020-8729 RESERVED CVE-2020-8728 RESERVED CVE-2020-8727 RESERVED CVE-2020-8726 RESERVED CVE-2020-8725 RESERVED CVE-2020-8724 RESERVED CVE-2020-8723 RESERVED CVE-2020-8722 RESERVED CVE-2020-8721 RESERVED CVE-2020-8720 RESERVED CVE-2020-8719 RESERVED CVE-2020-8718 RESERVED CVE-2020-8717 RESERVED CVE-2020-8716 RESERVED CVE-2020-8715 RESERVED CVE-2020-8714 RESERVED CVE-2020-8713 RESERVED CVE-2020-8712 RESERVED CVE-2020-8711 RESERVED CVE-2020-8710 RESERVED CVE-2020-8709 RESERVED CVE-2020-8708 RESERVED CVE-2020-8707 RESERVED CVE-2020-8706 RESERVED CVE-2020-8705 RESERVED CVE-2020-8704 RESERVED CVE-2020-8703 RESERVED CVE-2020-8702 RESERVED CVE-2020-8701 RESERVED CVE-2020-8700 RESERVED CVE-2020-8699 RESERVED CVE-2020-8698 RESERVED CVE-2020-8697 RESERVED CVE-2020-8696 RESERVED CVE-2020-8695 RESERVED CVE-2020-8694 RESERVED CVE-2020-8693 RESERVED CVE-2020-8692 RESERVED CVE-2020-8691 RESERVED CVE-2020-8690 RESERVED CVE-2020-8689 RESERVED CVE-2020-8688 RESERVED CVE-2020-8687 RESERVED CVE-2020-8686 RESERVED CVE-2020-8685 RESERVED CVE-2020-8684 RESERVED CVE-2020-8683 RESERVED CVE-2020-8682 RESERVED CVE-2020-8681 RESERVED CVE-2020-8680 RESERVED CVE-2020-8679 RESERVED CVE-2020-8678 RESERVED CVE-2020-8677 RESERVED CVE-2020-8676 RESERVED CVE-2020-8675 RESERVED CVE-2020-8674 RESERVED CVE-2020-8673 RESERVED CVE-2020-8672 RESERVED CVE-2020-8671 RESERVED CVE-2020-8670 RESERVED CVE-2020-8669 RESERVED CVE-2020-8668 RESERVED CVE-2020-8667 RESERVED CVE-2020-8666 RESERVED CVE-2020-8665 RESERVED CVE-2020-8664 (CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8663 RESERVED CVE-2020-8662 RESERVED CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...) NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress CVE-2020-8657 (An issue was discovered in EyesOfNetwork 5.3. The installation uses th ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8656 (An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2. ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8655 (An issue was discovered in EyesOfNetwork 5.3. The sudoers configuratio ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8654 (An issue was discovered in EyesOfNetwork 5.3. An authenticated web use ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8653 RESERVED CVE-2020-8652 RESERVED CVE-2020-8651 RESERVED CVE-2020-8650 RESERVED CVE-2020-8646 RESERVED CVE-2020-8645 (An issue was discovered in Simplejobscript.com SJS through 1.66. There ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-8644 (PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. ...) NOT-FOR-US: PlaySMS CVE-2020-8643 RESERVED CVE-2020-8642 RESERVED CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...) NOT-FOR-US: Lotus Core CMS CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5 CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8640 RESERVED CVE-2020-8639 (An unrestricted file upload vulnerability in keywordsImport.php in Tes ...) NOT-FOR-US: TestLink CVE-2020-8638 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) NOT-FOR-US: TestLink CVE-2020-8637 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) NOT-FOR-US: TestLink CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...) NOT-FOR-US: OpServices OpMon CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) NOT-FOR-US: Wing FTP Server CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) NOT-FOR-US: Wing FTP Server CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...) {DLA-2113-1} - cloud-init 19.4-2 (bug #951363) [buster] - cloud-init (Minor issue) [stretch] - cloud-init (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 NOTE: https://github.com/canonical/cloud-init/pull/189 NOTE: https://github.com/canonical/cloud-init/commit/42788bf24a1a0a5421a2d00a7f59b59e38ba1a14 CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...) {DLA-2113-1} - cloud-init 19.4-2 (bug #951362) [buster] - cloud-init (Minor issue) [stretch] - cloud-init (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 NOTE: https://github.com/canonical/cloud-init/pull/204 CVE-2020-8630 RESERVED CVE-2020-8629 RESERVED CVE-2020-8628 RESERVED CVE-2020-8627 RESERVED CVE-2020-8626 RESERVED CVE-2020-8625 RESERVED CVE-2020-8624 RESERVED CVE-2020-8623 RESERVED CVE-2020-8622 RESERVED CVE-2020-8621 RESERVED CVE-2020-8620 RESERVED CVE-2020-8619 RESERVED CVE-2020-8618 RESERVED CVE-2020-8617 (Using a specially-crafted message, an attacker may potentially cause a ...) {DSA-4689-1} - bind9 NOTE: https://kb.isc.org/docs/cve-2020-8617 NOTE: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information CVE-2020-8616 (A malicious actor who intentionally exploits this lack of effective li ...) {DSA-4689-1} - bind9 NOTE: https://kb.isc.org/docs/cve-2020-8616 CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...) NOT-FOR-US: Tutor LMS plugin for WordPress CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An att ...) NOT-FOR-US: Askey devices CVE-2020-8613 RESERVED CVE-2020-8612 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2020-8611 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2020-8610 RESERVED CVE-2020-8609 RESERVED CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...) {DLA-2144-1 DLA-2142-1} - libslirp 4.2.0-1 - qemu 1:4.1-2 [buster] - qemu (Minor issue) [stretch] - qemu (Minor issue) - qemu-kvm - slirp - slirp4netns 1.0.1-1 [buster] - slirp4netns (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775 NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. CVE-2020-8607 RESERVED CVE-2020-8606 RESERVED CVE-2020-8605 RESERVED CVE-2020-8604 RESERVED CVE-2020-8603 RESERVED CVE-2020-8602 RESERVED CVE-2020-8601 (Trend Micro Vulnerability Protection 2.0 is affected by a vulnerabilit ...) NOT-FOR-US: Trend Micro CVE-2020-8600 (Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected ...) NOT-FOR-US: Trend Micro CVE-2020-8599 (Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnera ...) NOT-FOR-US: Trend Micro CVE-2020-8598 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overf ...) {DSA-4632-1 DLA-2097-1} - lwip 2.1.2+dfsg1-5 (bug #951291) [buster] - lwip 2.0.3-3+deb10u1 [experimental] - ppp 2.4.8-1+1~exp1 - ppp (bug #950618) NOTE: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86 NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...) NOT-FOR-US: Participants Database plugin for WordPress CVE-2020-8595 (Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and ...) NOT-FOR-US: itsio CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2020-8593 RESERVED CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...) NOT-FOR-US: eG Manager CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLogi ...) NOT-FOR-US: eG Manager CVE-2020-8590 RESERVED CVE-2020-8589 RESERVED CVE-2020-8588 RESERVED CVE-2020-8587 RESERVED CVE-2020-8586 RESERVED CVE-2020-8585 RESERVED CVE-2020-8584 RESERVED CVE-2020-8583 RESERVED CVE-2020-8582 RESERVED CVE-2020-8581 RESERVED CVE-2020-8580 RESERVED CVE-2020-8579 RESERVED CVE-2020-8578 RESERVED CVE-2020-8577 RESERVED CVE-2020-8576 RESERVED CVE-2020-8575 RESERVED CVE-2020-8574 RESERVED CVE-2020-8573 RESERVED CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...) TODO: check CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...) NOT-FOR-US: StorageGRID CVE-2020-8570 RESERVED CVE-2020-8569 RESERVED CVE-2020-8568 RESERVED CVE-2020-8567 RESERVED CVE-2020-8566 RESERVED CVE-2020-8565 RESERVED CVE-2020-8564 RESERVED CVE-2020-8563 RESERVED CVE-2020-8562 RESERVED CVE-2020-8561 RESERVED CVE-2020-8560 RESERVED CVE-2020-8559 RESERVED CVE-2020-8558 RESERVED CVE-2020-8557 RESERVED CVE-2020-8556 RESERVED CVE-2020-8555 RESERVED CVE-2020-8554 RESERVED CVE-2020-8553 RESERVED CVE-2020-8552 (The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/89378 CVE-2020-8551 (The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1. ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/89377 CVE-2020-8550 RESERVED CVE-2020-8549 (Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPre ...) NOT-FOR-US: Strong Testimonials plugin for WordPress CVE-2020-8548 (massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resu ...) NOT-FOR-US: massCode CVE-2020-8547 (phpList 3.5.0 allows type juggling for admin login bypass because == i ...) - phplist (bug #612288) CVE-2020-8546 RESERVED CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...) NOT-FOR-US: AIL framework CVE-2020-8544 RESERVED CVE-2020-8543 RESERVED CVE-2020-8542 RESERVED CVE-2020-8541 RESERVED CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8539 RESERVED CVE-2020-8538 RESERVED CVE-2020-8537 RESERVED CVE-2020-8536 RESERVED CVE-2020-8535 RESERVED CVE-2020-8534 RESERVED CVE-2020-8533 RESERVED CVE-2020-8532 RESERVED CVE-2020-8531 RESERVED CVE-2020-8530 RESERVED CVE-2020-8529 RESERVED CVE-2020-8528 RESERVED CVE-2020-8527 RESERVED CVE-2020-8526 RESERVED CVE-2020-8525 RESERVED CVE-2020-8524 RESERVED CVE-2020-8523 RESERVED CVE-2020-8522 RESERVED CVE-2020-8521 RESERVED CVE-2020-8520 RESERVED CVE-2020-8519 RESERVED CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...) {DLA-2174-1} - php-horde-data (bug #951537) [buster] - php-horde-data 2.1.4-5+deb10u1 [stretch] - php-horde-data (Minor issue) NOTE: https://lists.horde.org/archives/announce/2020/001285.html NOTE: https://github.com/horde/Data/commit/78ad0c2390176cdde7260a271bc6ddd86f4c9c0e CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) - squid 4.10-1 (unimportant) - squid3 (unimportant) NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_3.txt NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-c62d2b43ad4962ea44aa0c5edb4cc99cb83a413d.patch NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch NOTE: Debian binary packages are not build with --enable-external-acl-helpers="[...]LM_group[...". CVE-2020-8516 (** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0 ...) - tor (unimportant) NOTE: Not considered a bug / explicit design choice by upstream NOTE: https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html NOTE: https://trac.torproject.org/projects/tor/ticket/33129 NOTE: http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3. ...) NOT-FOR-US: DrayTek devices CVE-2020-8514 (An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a direc ...) NOT-FOR-US: Rumpus on macOS CVE-2020-8513 RESERVED CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webma ...) NOT-FOR-US: IceWarp Webmail Server CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute arbitr ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...) NOT-FOR-US: phpABook CVE-2020-8509 (Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticat ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...) NOT-FOR-US: Norman Malware Cleaner CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...) NOT-FOR-US: Citytv Video application for Android and iOS CVE-2020-8506 (The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Un ...) NOT-FOR-US: Global TV application for Android and iOS CVE-2020-8505 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) NOT-FOR-US: School Management Software PHP/mySQL CVE-2020-8504 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) NOT-FOR-US: School Management Software PHP/mySQL CVE-2020-8503 (Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.10 ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8502 RESERVED CVE-2020-8501 RESERVED CVE-2020-8500 (** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8499 RESERVED CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin befo ...) NOT-FOR-US: shortcode functionality of the GistPress plugin for WordPress CVE-2020-8497 (In Artica Pandora FMS through 7.42, an unauthenticated attacker can re ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...) - python3.8 3.8.3~rc1-1 - python3.7 [buster] - python3.7 (Minor issue) - python3.5 [stretch] - python3.5 (Minor issue) - python3.4 [jessie] - python3.4 (Minor issue) - python2.7 [buster] - python2.7 (Minor issue) [stretch] - python2.7 (Minor issue) [jessie] - python2.7 (Minor issue) NOTE: https://bugs.python.org/issue39503 NOTE: https://github.com/python/cpython/pull/18284 NOTE: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html NOTE: https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 (master) NOTE: https://github.com/python/cpython/commit/ea9e240aa02372440be8024acb110371f69c9d41 (3.8-branch) NOTE: https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e (3.7-branch) NOTE: https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e (3.6-branch) CVE-2020-8491 RESERVED CVE-2020-8490 RESERVED CVE-2020-8489 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8488 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8487 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8486 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8485 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8484 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8483 RESERVED CVE-2020-8482 RESERVED CVE-2020-8481 (For ABB products ABB Ability™ System 800xA and related system ex ...) NOT-FOR-US: ABB CVE-2020-8480 RESERVED CVE-2020-8479 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8478 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8477 (The installations for ABB System 800xA Information Manager versions 5. ...) NOT-FOR-US: ABB CVE-2020-8476 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8475 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8474 (Weak Registry permissions in ABB System 800xA Base allow low privilege ...) NOT-FOR-US: ABB CVE-2020-8473 (Insufficient folder permissions used by system functions in ABB System ...) NOT-FOR-US: ABB CVE-2020-8472 (Insufficient folder permissions used by system functions in ABB System ...) NOT-FOR-US: ABB CVE-2020-8471 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8470 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8469 (Trend Micro Password Manager for Windows version 5.0 is affected by a ...) NOT-FOR-US: Trend Micro CVE-2020-8468 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8467 (A migration tool component of Trend Micro Apex One (2019) and OfficeSc ...) NOT-FOR-US: Trend Micro CVE-2020-8466 RESERVED CVE-2020-8465 RESERVED CVE-2020-8464 RESERVED CVE-2020-8463 RESERVED CVE-2020-8462 RESERVED CVE-2020-8461 RESERVED CVE-2020-8460 RESERVED CVE-2020-8459 RESERVED CVE-2020-8458 RESERVED CVE-2020-8457 RESERVED CVE-2020-8456 RESERVED CVE-2020-8455 RESERVED CVE-2020-8454 RESERVED CVE-2020-8453 RESERVED CVE-2020-8452 RESERVED CVE-2020-8451 RESERVED CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer ...) {DSA-4682-1} - squid 4.10-1 (bug #950802) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) {DSA-4682-1} - squid 4.10-1 (bug #950802) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8446 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8445 (In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-ana ...) - ossec-hids (bug #361954) CVE-2020-8444 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8441 (JYaml through 1.3 allows remote code execution during deserialization ...) NOT-FOR-US: JYaml CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-8439 (Monstra CMS through 3.0.4 allows remote authenticated users to take ov ...) NOT-FOR-US: Monstra CMS CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...) NOT-FOR-US: Ruckus devices CVE-2020-8437 (The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505 ...) NOT-FOR-US: uTorrent CVE-2020-8436 (XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPre ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-8435 (An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for Wo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-8434 (Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 ...) NOT-FOR-US: Jenzabar JICS (aka Internet Campus Solution) CVE-2020-8433 RESERVED CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...) - u-boot 2020.01+dfsg-2 (low) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396799.html NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396853.html CVE-2020-8431 RESERVED CVE-2020-8430 (Stormshield Network Security 310 3.7.10 devices have an auth/lang.html ...) NOT-FOR-US: Stormshield Network Security 310 CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not ...) NOT-FOR-US: Kinetica CVE-2020-8427 (Kaseya Traverse before 9.5.20 allows OS command injection attacks agai ...) NOT-FOR-US: Kaseya Traverse CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...) NOT-FOR-US: Elementor plugin for WordPress CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmwa ...) NOT-FOR-US: TP-Link CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...) NOT-FOR-US: Joomla! CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...) NOT-FOR-US: Joomla! CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...) NOT-FOR-US: Joomla! CVE-2020-8418 RESERVED CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) NOT-FOR-US: Code Snippets plugin for WordPress CVE-2020-8416 (IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial ...) NOT-FOR-US: BearFTP CVE-2020-8415 RESERVED CVE-2020-8414 RESERVED CVE-2020-8413 RESERVED CVE-2020-8412 RESERVED CVE-2020-8411 RESERVED CVE-2020-8410 RESERVED CVE-2020-8409 RESERVED CVE-2020-8408 RESERVED CVE-2020-8407 RESERVED CVE-2020-8406 RESERVED CVE-2020-8405 RESERVED CVE-2020-8404 RESERVED CVE-2020-8403 RESERVED CVE-2020-8402 RESERVED CVE-2020-8401 RESERVED CVE-2020-8400 RESERVED CVE-2020-8399 RESERVED CVE-2020-8398 RESERVED CVE-2020-8397 RESERVED CVE-2020-8396 RESERVED CVE-2020-8395 RESERVED CVE-2020-8394 RESERVED CVE-2020-8393 RESERVED CVE-2020-8392 RESERVED CVE-2020-8391 RESERVED CVE-2020-8390 RESERVED CVE-2020-8389 RESERVED CVE-2020-8388 RESERVED CVE-2020-8387 RESERVED CVE-2020-8386 RESERVED CVE-2020-8385 RESERVED CVE-2020-8384 RESERVED CVE-2020-8383 RESERVED CVE-2020-8382 RESERVED CVE-2020-8381 RESERVED CVE-2020-8380 RESERVED CVE-2020-8379 RESERVED CVE-2020-8378 RESERVED CVE-2020-8377 RESERVED CVE-2020-8376 RESERVED CVE-2020-8375 RESERVED CVE-2020-8374 RESERVED CVE-2020-8373 RESERVED CVE-2020-8372 RESERVED CVE-2020-8371 RESERVED CVE-2020-8370 RESERVED CVE-2020-8369 RESERVED CVE-2020-8368 RESERVED CVE-2020-8367 RESERVED CVE-2020-8366 RESERVED CVE-2020-8365 RESERVED CVE-2020-8364 RESERVED CVE-2020-8363 RESERVED CVE-2020-8362 RESERVED CVE-2020-8361 RESERVED CVE-2020-8360 RESERVED CVE-2020-8359 RESERVED CVE-2020-8358 RESERVED CVE-2020-8357 RESERVED CVE-2020-8356 RESERVED CVE-2020-8355 RESERVED CVE-2020-8354 RESERVED CVE-2020-8353 RESERVED CVE-2020-8352 RESERVED CVE-2020-8351 RESERVED CVE-2020-8350 RESERVED CVE-2020-8349 RESERVED CVE-2020-8348 RESERVED CVE-2020-8347 RESERVED CVE-2020-8346 RESERVED CVE-2020-8345 RESERVED CVE-2020-8344 RESERVED CVE-2020-8343 RESERVED CVE-2020-8342 RESERVED CVE-2020-8341 RESERVED CVE-2020-8340 RESERVED CVE-2020-8339 RESERVED CVE-2020-8338 RESERVED CVE-2020-8337 RESERVED CVE-2020-8336 RESERVED CVE-2020-8335 RESERVED CVE-2020-8334 RESERVED CVE-2020-8333 RESERVED CVE-2020-8332 RESERVED CVE-2020-8331 RESERVED CVE-2020-8330 RESERVED CVE-2020-8329 RESERVED CVE-2020-8328 RESERVED CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...) NOT-FOR-US: Lenovo CVE-2020-8326 RESERVED CVE-2020-8325 RESERVED CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...) NOT-FOR-US: Lenovo CVE-2020-8323 RESERVED CVE-2020-8322 RESERVED CVE-2020-8321 RESERVED CVE-2020-8320 RESERVED CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo System Int ...) NOT-FOR-US: Lenovo CVE-2020-8318 (A privilege escalation vulnerability was reported in the LenovoSystemU ...) NOT-FOR-US: Lenovo CVE-2020-8317 RESERVED CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...) NOT-FOR-US: Lenovo CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...) {DSA-4667-1} - linux 5.4.19-1 [jessie] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6 CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ...) - python3.8 (Windows-specific) - python3.7 (Windows-specific) NOTE: https://bugs.python.org/issue39401 CVE-2020-8314 RESERVED CVE-2020-8313 RESERVED CVE-2020-8312 RESERVED CVE-2020-8311 RESERVED CVE-2020-8310 RESERVED CVE-2020-8309 RESERVED CVE-2020-8308 RESERVED CVE-2020-8307 RESERVED CVE-2020-8306 RESERVED CVE-2020-8305 RESERVED CVE-2020-8304 RESERVED CVE-2020-8303 RESERVED CVE-2020-8302 RESERVED CVE-2020-8301 RESERVED CVE-2020-8300 RESERVED CVE-2020-8299 RESERVED CVE-2020-8298 RESERVED CVE-2020-8297 RESERVED CVE-2020-8296 RESERVED CVE-2020-8295 RESERVED CVE-2020-8294 RESERVED CVE-2020-8293 RESERVED CVE-2020-8292 RESERVED CVE-2020-8291 RESERVED CVE-2020-8290 RESERVED CVE-2020-8289 RESERVED CVE-2020-8288 RESERVED CVE-2020-8287 RESERVED CVE-2020-8286 RESERVED CVE-2020-8285 RESERVED CVE-2020-8284 RESERVED CVE-2020-8283 RESERVED CVE-2020-8282 RESERVED CVE-2020-8281 RESERVED CVE-2020-8280 RESERVED CVE-2020-8279 RESERVED CVE-2020-8278 RESERVED CVE-2020-8277 RESERVED CVE-2020-8276 RESERVED CVE-2020-8275 RESERVED CVE-2020-8274 RESERVED CVE-2020-8273 RESERVED CVE-2020-8272 RESERVED CVE-2020-8271 RESERVED CVE-2020-8270 RESERVED CVE-2020-8269 RESERVED CVE-2020-8268 RESERVED CVE-2020-8267 RESERVED CVE-2020-8266 RESERVED CVE-2020-8265 RESERVED CVE-2020-8264 RESERVED CVE-2020-8263 RESERVED CVE-2020-8262 RESERVED CVE-2020-8261 RESERVED CVE-2020-8260 RESERVED CVE-2020-8259 RESERVED CVE-2020-8258 RESERVED CVE-2020-8257 RESERVED CVE-2020-8256 RESERVED CVE-2020-8255 RESERVED CVE-2020-8254 RESERVED CVE-2020-8253 RESERVED CVE-2020-8252 RESERVED CVE-2020-8251 RESERVED CVE-2020-8250 RESERVED CVE-2020-8249 RESERVED CVE-2020-8248 RESERVED CVE-2020-8247 RESERVED CVE-2020-8246 RESERVED CVE-2020-8245 RESERVED CVE-2020-8244 RESERVED CVE-2020-8243 RESERVED CVE-2020-8242 RESERVED CVE-2020-8241 RESERVED CVE-2020-8240 RESERVED CVE-2020-8239 RESERVED CVE-2020-8238 RESERVED CVE-2020-8237 RESERVED CVE-2020-8236 RESERVED CVE-2020-8235 RESERVED CVE-2020-8234 RESERVED CVE-2020-8233 RESERVED CVE-2020-8232 RESERVED CVE-2020-8231 RESERVED CVE-2020-8230 RESERVED CVE-2020-8229 RESERVED CVE-2020-8228 RESERVED CVE-2020-8227 RESERVED CVE-2020-8226 RESERVED CVE-2020-8225 RESERVED CVE-2020-8224 RESERVED CVE-2020-8223 RESERVED CVE-2020-8222 RESERVED CVE-2020-8221 RESERVED CVE-2020-8220 RESERVED CVE-2020-8219 RESERVED CVE-2020-8218 RESERVED CVE-2020-8217 RESERVED CVE-2020-8216 RESERVED CVE-2020-8215 RESERVED CVE-2020-8214 RESERVED CVE-2020-8213 RESERVED CVE-2020-8212 RESERVED CVE-2020-8211 RESERVED CVE-2020-8210 RESERVED CVE-2020-8209 RESERVED CVE-2020-8208 RESERVED CVE-2020-8207 RESERVED CVE-2020-8206 RESERVED CVE-2020-8205 RESERVED CVE-2020-8204 RESERVED CVE-2020-8203 RESERVED CVE-2020-8202 RESERVED CVE-2020-8201 RESERVED CVE-2020-8200 RESERVED CVE-2020-8199 RESERVED CVE-2020-8198 RESERVED CVE-2020-8197 RESERVED CVE-2020-8196 RESERVED CVE-2020-8195 RESERVED CVE-2020-8194 RESERVED CVE-2020-8193 RESERVED CVE-2020-8192 RESERVED CVE-2020-8191 RESERVED CVE-2020-8190 RESERVED CVE-2020-8189 RESERVED CVE-2020-8188 RESERVED CVE-2020-8187 RESERVED CVE-2020-8186 RESERVED CVE-2020-8185 RESERVED CVE-2020-8184 RESERVED CVE-2020-8183 RESERVED CVE-2020-8182 RESERVED CVE-2020-8181 RESERVED CVE-2020-8180 RESERVED CVE-2020-8179 RESERVED CVE-2020-8178 RESERVED CVE-2020-8177 RESERVED CVE-2020-8176 RESERVED CVE-2020-8175 RESERVED CVE-2020-8174 RESERVED CVE-2020-8173 RESERVED CVE-2020-8172 RESERVED CVE-2020-8171 RESERVED CVE-2020-8170 RESERVED CVE-2020-8169 RESERVED CVE-2020-8168 RESERVED CVE-2020-8167 RESERVED CVE-2020-8166 RESERVED CVE-2020-8165 RESERVED CVE-2020-8164 RESERVED CVE-2020-8163 RESERVED CVE-2020-8162 RESERVED CVE-2020-8161 [Directory traversal in Rack::Directory] RESERVED {DLA-2216-1} - ruby-rack 2.1.1-5 NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa NOTE: Test: https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94 CVE-2020-8160 RESERVED CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...) - ruby-actionpack-page-caching (bug #960680) NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 CVE-2020-8158 RESERVED CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...) NOT-FOR-US: UniFi Cloud Key CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...) NOT-FOR-US: Nextcloud Mail CVE-2020-8155 (An outdated 3rd party library in the Files PDF viewer for Nextcloud Se ...) - nextcloud-server (bug #941708) CVE-2020-8154 (An Insecure direct object reference vulnerability in Nextcloud Server ...) - nextcloud-server (bug #941708) CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to delete hi ...) NOT-FOR-US: Nextcloud Groupfolders app CVE-2020-8152 RESERVED CVE-2020-8151 (There is a possible information disclosure issue in Active Resource &l ...) TODO: check CVE-2020-8150 RESERVED CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...) TODO: check CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enab ...) NOT-FOR-US: UniFi Cloud Key firmware CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...) NOT-FOR-US: Node utils-extend CVE-2020-8146 (In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privi ...) NOT-FOR-US: UniFi CVE-2020-8145 (The UniFi Video Server (Windows) web interface configuration restore f ...) NOT-FOR-US: UniFi CVE-2020-8144 (The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web i ...) NOT-FOR-US: UniFi CVE-2020-8143 (An Open Redirect vulnerability was discovered in Revive Adserver versi ...) NOT-FOR-US: Revive Adserver CVE-2020-8142 (A security restriction bypass vulnerability has been discovered in Rev ...) NOT-FOR-US: Revive Adserver CVE-2020-8141 (The dot package v1.1.2 uses Function() to compile templates. This can ...) - node-dot 1.1.3+ds-1 [buster] - node-dot 1.1.1-1+deb10u1 NOTE: https://hackerone.com/reports/390929 CVE-2020-8140 (A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed t ...) - nextcloud-desktop (MacOS-specific) CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1, < 1 ...) - nextcloud-server (bug #941708) CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server < 1 ...) - nextcloud-server (bug #941708) CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...) NOT-FOR-US: Node blamer CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5 allo ...) NOT-FOR-US: Node fastify-multipart CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request ...) NOT-FOR-US: Node uppy CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...) NOT-FOR-US: Ghost CMS CVE-2020-8133 RESERVED CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...) NOT-FOR-US: Node pdf-image package CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...) - node-yarnpkg 1.22.4-2 (bug #952912) NOTE: https://hackerone.com/reports/730239 NOTE: https://github.com/yarnpkg/yarn/pull/7831 CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake < 12.3. ...) {DLA-2120-1} - rake 12.3.3-1 [buster] - rake 12.3.1-3+deb10u1 [stretch] - rake (Minor issue) NOTE: https://hackerone.com/reports/651518 NOTE: Fixed by: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee (v12.3.3) CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...) NOT-FOR-US: script-manager nodejs module CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities ...) NOT-FOR-US: jsreport CVE-2020-8127 (Insufficient validation in cross-origin communication (postMessage) in ...) NOT-FOR-US: reveal.js CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...) NOT-FOR-US: Ubiquiti Networks EdgeSwitch CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...) NOT-FOR-US: klona node module CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...) - node-url-parse 1.4.7-1 [buster] - node-url-parse (Minor issue) [stretch] - node-url-parse (Nodejs in stretch not covered by security support) NOTE: https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b NOTE: https://hackerone.com/reports/496293 CVE-2020-8123 (A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that ...) NOT-FOR-US: strapi CVE-2020-8122 (A missing check in Nextcloud Server 14.0.3 could give recipient the po ...) - nextcloud-server (bug #941708) CVE-2020-8121 (A bug in Nextcloud Server 14.0.4 could expose more data in reshared li ...) - nextcloud-server (bug #941708) CVE-2020-8120 (A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16. ...) - nextcloud-server (bug #941708) CVE-2020-8119 (Improper authorization in Nextcloud server 17.0.0 causes leaking of pr ...) - nextcloud-server (bug #941708) CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud server 16.0. ...) - nextcloud-server (bug #941708) CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3 causes ...) - nextcloud-server (bug #941708) CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package version 5.1. ...) - node-dot-prop 5.2.0-1 [buster] - node-dot-prop 4.1.1-1+deb10u1 NOTE: https://hackerone.com/reports/719856 NOTE: https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2 CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...) NOT-FOR-US: Revive Adserver CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...) {DLA-2089-1} - openjpeg2 (bug #950184) [buster] - openjpeg2 (Minor issue) [stretch] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1231 CVE-2020-8111 RESERVED CVE-2020-8110 RESERVED CVE-2020-8109 RESERVED CVE-2020-8108 RESERVED CVE-2020-8107 RESERVED CVE-2020-8106 RESERVED CVE-2020-8105 RESERVED CVE-2020-8104 RESERVED CVE-2020-8103 RESERVED CVE-2020-8102 RESERVED CVE-2020-8101 RESERVED CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as ...) NOT-FOR-US: Bitdefender CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...) NOT-FOR-US: Bitdefender Antivirus Free CVE-2020-8098 RESERVED CVE-2020-8097 RESERVED CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level Antimalw ...) NOT-FOR-US: Bitdefender CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion ...) NOT-FOR-US: Bitdefender Total Security CVE-2020-8094 RESERVED CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...) NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...) NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...) NOT-FOR-US: TYPO3 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) NOT-FOR-US: A1 WLAN Box ADB VV2220v2 devices CVE-2020-8089 (Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to th ...) - piwigo CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login bypass ...) NOT-FOR-US: UseBB CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...) NOT-FOR-US: SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices CVE-2020-8086 (The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01 ...) {DSA-4612-1} - prosody-modules 0.0~hg20200128.09e7e880e056+dfsg-1 NOTE: https://hg.prosody.im/prosody-modules/rev/f2b29183ef08 NOTE: https://prosody.im/security/advisory_20200128/ CVE-2020-8085 RESERVED CVE-2020-8084 RESERVED CVE-2020-8083 RESERVED CVE-2020-8082 RESERVED CVE-2020-8081 RESERVED CVE-2020-8080 RESERVED CVE-2020-8079 RESERVED CVE-2020-8078 RESERVED CVE-2020-8077 RESERVED CVE-2020-8076 RESERVED CVE-2020-8075 RESERVED CVE-2020-8074 RESERVED CVE-2020-8073 RESERVED CVE-2020-8072 RESERVED CVE-2020-8071 RESERVED CVE-2020-8070 RESERVED CVE-2020-8069 RESERVED CVE-2020-8068 RESERVED CVE-2020-8067 RESERVED CVE-2020-8066 RESERVED CVE-2020-8065 RESERVED CVE-2020-8064 RESERVED CVE-2020-8063 RESERVED CVE-2020-8062 RESERVED CVE-2020-8061 RESERVED CVE-2020-8060 RESERVED CVE-2020-8059 RESERVED CVE-2020-8058 RESERVED CVE-2020-8057 RESERVED CVE-2020-8056 RESERVED CVE-2020-8055 RESERVED CVE-2020-8054 RESERVED CVE-2020-8053 RESERVED CVE-2020-8052 RESERVED CVE-2020-8051 RESERVED CVE-2020-8050 RESERVED CVE-2020-8049 RESERVED CVE-2020-8048 RESERVED CVE-2020-8047 RESERVED CVE-2020-8046 RESERVED CVE-2020-8045 RESERVED CVE-2020-8044 RESERVED CVE-2020-8043 RESERVED CVE-2020-8042 RESERVED CVE-2020-8041 RESERVED CVE-2020-8040 RESERVED CVE-2020-8039 RESERVED CVE-2020-8038 RESERVED CVE-2020-8037 RESERVED CVE-2020-8036 RESERVED CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...) TODO: check CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.2 ...) TODO: check CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...) NOT-FOR-US: Ruckus CVE-2020-8032 RESERVED CVE-2020-8031 RESERVED CVE-2020-8030 RESERVED CVE-2020-8029 RESERVED CVE-2020-8028 RESERVED CVE-2020-8027 RESERVED CVE-2020-8026 RESERVED CVE-2020-8025 RESERVED CVE-2020-8024 RESERVED CVE-2020-8023 RESERVED CVE-2020-8022 RESERVED CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...) TODO: check CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...) TODO: check CVE-2020-8019 RESERVED CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...) NOT-FOR-US: Some SLES images CVE-2020-8017 (A Race Condition Enabling Link Following vulnerability in the cron job ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8016 (A Race Condition Enabling Link Following vulnerability in the packagin ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8015 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8014 RESERVED CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of S ...) NOT-FOR-US: chkstat CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...) NOT-FOR-US: AVB MOTU devices CVE-2020-8008 RESERVED CVE-2020-8007 RESERVED CVE-2020-8006 RESERVED CVE-2020-8005 RESERVED CVE-2020-8004 (STMicroelectronics STM32F1 devices have Incorrect Access Control. ...) NOT-FOR-US: STMicroelectronics STM32F1 devices CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...) - virglrenderer 0.8.2-1 (bug #949954) [buster] - virglrenderer (Minor issue) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42 CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...) - virglrenderer 0.8.2-1 (bug #949954) [buster] - virglrenderer (Minor issue) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5 CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a hardcoded pass ...) NOT-FOR-US: Intellian Aptus application for Android CVE-2020-8000 (Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7999 (The Intellian Aptus application 1.0.2 for Android has hardcoded values ...) NOT-FOR-US: Intellian Aptus application for Android CVE-2020-7998 (An arbitrary file upload vulnerability has been discovered in the Supe ...) NOT-FOR-US: Super File Explorer app for iOS CVE-2020-7997 (ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Na ...) NOT-FOR-US: ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices CVE-2020-7996 (htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via th ...) - dolibarr CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allow ...) - dolibarr CVE-2020-7994 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 ...) - dolibarr CVE-2020-7993 (Prototype 1.6.0.1 allows remote authenticated users to forge ticket cr ...) NOT-FOR-US: Prototype node module CVE-2020-7992 RESERVED CVE-2020-7991 (Adive Framework 2.0.8 has admin/config CSRF to change the Administrato ...) NOT-FOR-US: Adive Framework CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS. ...) NOT-FOR-US: Adive Framework CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...) NOT-FOR-US: Adive Framework CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4 ...) NOT-FOR-US: phpIPAM CVE-2020-7987 RESERVED CVE-2020-7986 RESERVED CVE-2020-7985 RESERVED CVE-2020-7984 (SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allow ...) NOT-FOR-US: SolarWinds CVE-2020-7983 (A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows re ...) NOT-FOR-US: Ruckus CVE-2020-7982 (An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and ...) NOT-FOR-US: OpenWrt CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) - ruby-geocoder 1.5.1-3 (bug #949870) NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7979 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...) - gitlab (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7978 (GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. ...) - gitlab (Only affects Gitlab EE 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7977 (GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. ...) - gitlab (Only affects Gitlab EE 8.8 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7976 (GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. ...) - gitlab (Only affects Gitlab EE 12.4 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7975 REJECTED CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure. ...) - gitlab (Only affects Gitlab EE 10.1 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7973 (GitLab through 12.7.2 allows XSS. ...) [experimental] - gitlab 12.6.7-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). ...) - gitlab (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS. ...) - gitlab (Only affects Gitlab EE 11.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7970 RESERVED CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. ...) - gitlab (Only affects Gitlab EE 8.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. ...) [experimental] - gitlab 12.6.7-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). ...) - gitlab (ONly affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7966 (GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. ...) - gitlab (Only affects Gitlab EE 11.11 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...) NOT-FOR-US: webargs CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect ...) NOT-FOR-US: Mirumee Saleor CVE-2020-7963 RESERVED CVE-2020-7962 RESERVED CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE ...) NOT-FOR-US: Liferay Portal CVE-2020-7960 RESERVED CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...) NOT-FOR-US: LabVantage LIMS CVE-2020-7958 (An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. ...) NOT-FOR-US: OnePlus 7 Pro devices CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...) - dovecot (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/2 CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...) - nomad 0.10.3+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7003 CVE-2020-7955 (HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...) - consul 1.7.0+dfsg1-1 (bug #950736) [buster] - consul (Minor issue) NOTE: https://github.com/hashicorp/consul/issues/7160 NOTE: Fixed in 1.6.3. CVE-2020-7954 (An issue was discovered in OpServices OpMon 9.3.2. Starting from the a ...) NOT-FOR-US: OpServices OpMon CVE-2020-7953 (An issue was discovered in OpServices OpMon 9.3.2. Without authenticat ...) NOT-FOR-US: OpServices OpMon CVE-2020-7952 (rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attacke ...) NOT-FOR-US: rendersystemdx9.dll in Valve Dota 2 CVE-2020-7951 (meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to ...) NOT-FOR-US: Dota 2 CVE-2020-7950 (meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to ...) NOT-FOR-US: Dota 2 CVE-2020-7949 (schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers ...) NOT-FOR-US: Dota 2 CVE-2020-7948 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-7946 RESERVED CVE-2020-7945 RESERVED CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...) NOT-FOR-US: Puppet Enterprise CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...) - puppet (low) [stretch] - puppet (Minor issue) [buster] - puppet (Minor issue) [jessie] - puppet (vulnerable code not present) - puppetdb (low) [buster] - puppetdb (Minor issue) NOTE: https://puppet.com/security/cve/CVE-2020-7943/ NOTE: https://github.com/puppetlabs/puppet_metrics_dashboard/pull/92 CVE-2020-7942 (Previously, Puppet operated on a model that a node with a valid certif ...) - puppet (unimportant) NOTE: This CVE assignment is for switching the default setting of strict_hostname_checking, NOTE: the option is available in older Puppet releases (such as 4.8 from Stretch) NOTE: https://puppet.com/security/cve/CVE-2020-7942/ CVE-2020-7941 (A privilege escalation issue in plone.app.contenttypes in Plone 4.3 th ...) NOT-FOR-US: Plone CVE-2020-7940 (Missing password strength checks on some forms in Plone 4.3 through 5. ...) NOT-FOR-US: Plone CVE-2020-7939 (SQL Injection in DTML or in connection objects in Plone 4.0 through 5. ...) NOT-FOR-US: Plone CVE-2020-7938 (plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain ...) NOT-FOR-US: Plone CVE-2020-7937 (An XSS issue in the title field in Plone 5.0 through 5.2.1 allows user ...) NOT-FOR-US: Plone CVE-2020-7936 (An open redirect on the login form (and possibly other places) in Plon ...) NOT-FOR-US: Plone CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, ...) NOT-FOR-US: LifeRay Portal CVE-2020-7933 RESERVED CVE-2020-7932 RESERVED CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...) NOT-FOR-US: JFrog Artifactory CVE-2020-7930 RESERVED CVE-2020-7929 RESERVED CVE-2020-7928 RESERVED CVE-2020-7927 RESERVED CVE-2020-7926 RESERVED CVE-2020-7925 RESERVED CVE-2020-7924 RESERVED CVE-2020-7923 RESERVED CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...) NOT-FOR-US: MongoDB Enterprise CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...) TODO: check CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...) NOT-FOR-US: Percona Monitoring and Management (PMM) CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte ...) - golang-1.14 1.14~rc1-1 - golang-1.13 1.13.7-1 - golang-1.11 [buster] - golang-1.11 (Minor issue, can be fixed along in next DSA) NOTE: https://github.com/golang/go/issues/36837 NOTE: https://github.com/golang/go/commit/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574 (master) NOTE: https://github.com/golang/go/issues/36838 (Go 1.13) NOTE: https://github.com/golang/go/commit/f938e06d0623d0e1de202575d16f1e126741f6e0 (go1.13.7) TODO: check older versions than golang-1.11 CVE-2020-7918 (An insecure direct object reference in webmail in totemo totemomail 7. ...) NOT-FOR-US: totemo totemomail CVE-2020-7917 RESERVED CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...) NOT-FOR-US: LearnPress plugin for WordPress CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...) NOT-FOR-US: Eaton devices CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...) - intellij-idea (bug #747616) CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...) NOT-FOR-US: JetBrains CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could ...) NOT-FOR-US: JetBrains CVE-2020-7911 (In JetBrains TeamCity before 2019.2, several user-level pages were vul ...) NOT-FOR-US: JetBrains CVE-2020-7910 (JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack ...) NOT-FOR-US: JetBrains CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwords co ...) NOT-FOR-US: JetBrains CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...) NOT-FOR-US: JetBrains CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...) NOT-FOR-US: JetBrains Scala plugin CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...) NOT-FOR-US: JetBrains CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...) - intellij-idea (bug #747616) CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...) - intellij-idea (bug #747616) CVE-2020-7903 RESERVED CVE-2020-7902 RESERVED CVE-2020-7901 RESERVED CVE-2020-7900 RESERVED CVE-2020-7899 RESERVED CVE-2020-7898 RESERVED CVE-2020-7897 RESERVED CVE-2020-7896 RESERVED CVE-2020-7895 RESERVED CVE-2020-7894 RESERVED CVE-2020-7893 RESERVED CVE-2020-7892 RESERVED CVE-2020-7891 RESERVED CVE-2020-7890 RESERVED CVE-2020-7889 RESERVED CVE-2020-7888 RESERVED CVE-2020-7887 RESERVED CVE-2020-7886 RESERVED CVE-2020-7885 RESERVED CVE-2020-7884 RESERVED CVE-2020-7883 RESERVED CVE-2020-7882 RESERVED CVE-2020-7881 RESERVED CVE-2020-7880 RESERVED CVE-2020-7879 RESERVED CVE-2020-7878 RESERVED CVE-2020-7877 RESERVED CVE-2020-7876 RESERVED CVE-2020-7875 RESERVED CVE-2020-7874 RESERVED CVE-2020-7873 RESERVED CVE-2020-7872 RESERVED CVE-2020-7871 RESERVED CVE-2020-7870 RESERVED CVE-2020-7869 RESERVED CVE-2020-7868 RESERVED CVE-2020-7867 RESERVED CVE-2020-7866 RESERVED CVE-2020-7865 RESERVED CVE-2020-7864 RESERVED CVE-2020-7863 RESERVED CVE-2020-7862 RESERVED CVE-2020-7861 RESERVED CVE-2020-7860 RESERVED CVE-2020-7859 RESERVED CVE-2020-7858 RESERVED CVE-2020-7857 RESERVED CVE-2020-7856 RESERVED CVE-2020-7855 RESERVED CVE-2020-7854 RESERVED CVE-2020-7853 RESERVED CVE-2020-7852 RESERVED CVE-2020-7851 RESERVED CVE-2020-7850 RESERVED CVE-2020-7849 RESERVED CVE-2020-7848 RESERVED CVE-2020-7847 RESERVED CVE-2020-7846 RESERVED CVE-2020-7845 RESERVED CVE-2020-7844 RESERVED CVE-2020-7843 RESERVED CVE-2020-7842 RESERVED CVE-2020-7841 RESERVED CVE-2020-7840 RESERVED CVE-2020-7839 RESERVED CVE-2020-7838 RESERVED CVE-2020-7837 RESERVED CVE-2020-7836 RESERVED CVE-2020-7835 RESERVED CVE-2020-7834 RESERVED CVE-2020-7833 RESERVED CVE-2020-7832 RESERVED CVE-2020-7831 RESERVED CVE-2020-7830 RESERVED CVE-2020-7829 RESERVED CVE-2020-7828 RESERVED CVE-2020-7827 RESERVED CVE-2020-7826 RESERVED CVE-2020-7825 RESERVED CVE-2020-7824 RESERVED CVE-2020-7823 RESERVED CVE-2020-7822 RESERVED CVE-2020-7821 RESERVED CVE-2020-7820 RESERVED CVE-2020-7819 RESERVED CVE-2020-7818 RESERVED CVE-2020-7817 RESERVED CVE-2020-7816 RESERVED CVE-2020-7815 RESERVED CVE-2020-7814 RESERVED CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) TODO: check CVE-2020-7812 RESERVED CVE-2020-7811 RESERVED CVE-2020-7810 RESERVED CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...) NOT-FOR-US: ALSong CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...) TODO: check CVE-2020-7807 RESERVED CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...) NOT-FOR-US: Tobesoft Xplatform CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) an ...) NOT-FOR-US: KT Slim egg IML500 wifi devices CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, ...) NOT-FOR-US: Handy Groupware CVE-2020-7803 (IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, versio ...) NOT-FOR-US: Zoneplayer CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7801 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7800 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An authenticated ...) NOT-FOR-US: FusionAuth CVE-2020-7798 RESERVED CVE-2020-7797 RESERVED CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF whe ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-7795 RESERVED CVE-2020-7794 RESERVED CVE-2020-7793 RESERVED CVE-2020-7792 RESERVED CVE-2020-7791 RESERVED CVE-2020-7790 RESERVED CVE-2020-7789 RESERVED CVE-2020-7788 RESERVED CVE-2020-7787 RESERVED CVE-2020-7786 RESERVED CVE-2020-7785 RESERVED CVE-2020-7784 RESERVED CVE-2020-7783 RESERVED CVE-2020-7782 RESERVED CVE-2020-7781 RESERVED CVE-2020-7780 RESERVED CVE-2020-7779 RESERVED CVE-2020-7778 RESERVED CVE-2020-7777 RESERVED CVE-2020-7776 RESERVED CVE-2020-7775 RESERVED CVE-2020-7774 RESERVED CVE-2020-7773 RESERVED CVE-2020-7772 RESERVED CVE-2020-7771 RESERVED CVE-2020-7770 RESERVED CVE-2020-7769 RESERVED CVE-2020-7768 RESERVED CVE-2020-7767 RESERVED CVE-2020-7766 RESERVED CVE-2020-7765 RESERVED CVE-2020-7764 RESERVED CVE-2020-7763 RESERVED CVE-2020-7762 RESERVED CVE-2020-7761 RESERVED CVE-2020-7760 RESERVED CVE-2020-7759 RESERVED CVE-2020-7758 RESERVED CVE-2020-7757 RESERVED CVE-2020-7756 RESERVED CVE-2020-7755 RESERVED CVE-2020-7754 RESERVED CVE-2020-7753 RESERVED CVE-2020-7752 RESERVED CVE-2020-7751 RESERVED CVE-2020-7750 RESERVED CVE-2020-7749 RESERVED CVE-2020-7748 RESERVED CVE-2020-7747 RESERVED CVE-2020-7746 RESERVED CVE-2020-7745 RESERVED CVE-2020-7744 RESERVED CVE-2020-7743 RESERVED CVE-2020-7742 RESERVED CVE-2020-7741 RESERVED CVE-2020-7740 RESERVED CVE-2020-7739 RESERVED CVE-2020-7738 RESERVED CVE-2020-7737 RESERVED CVE-2020-7736 RESERVED CVE-2020-7735 RESERVED CVE-2020-7734 RESERVED CVE-2020-7733 RESERVED CVE-2020-7732 RESERVED CVE-2020-7731 RESERVED CVE-2020-7730 RESERVED CVE-2020-7729 RESERVED CVE-2020-7728 RESERVED CVE-2020-7727 RESERVED CVE-2020-7726 RESERVED CVE-2020-7725 RESERVED CVE-2020-7724 RESERVED CVE-2020-7723 RESERVED CVE-2020-7722 RESERVED CVE-2020-7721 RESERVED CVE-2020-7720 RESERVED CVE-2020-7719 RESERVED CVE-2020-7718 RESERVED CVE-2020-7717 RESERVED CVE-2020-7716 RESERVED CVE-2020-7715 RESERVED CVE-2020-7714 RESERVED CVE-2020-7713 RESERVED CVE-2020-7712 RESERVED CVE-2020-7711 RESERVED CVE-2020-7710 RESERVED CVE-2020-7709 RESERVED CVE-2020-7708 RESERVED CVE-2020-7707 RESERVED CVE-2020-7706 RESERVED CVE-2020-7705 RESERVED CVE-2020-7704 RESERVED CVE-2020-7703 RESERVED CVE-2020-7702 RESERVED CVE-2020-7701 RESERVED CVE-2020-7700 RESERVED CVE-2020-7699 RESERVED CVE-2020-7698 RESERVED CVE-2020-7697 RESERVED CVE-2020-7696 RESERVED CVE-2020-7695 RESERVED CVE-2020-7694 RESERVED CVE-2020-7693 RESERVED CVE-2020-7692 RESERVED CVE-2020-7691 RESERVED CVE-2020-7690 RESERVED CVE-2020-7689 RESERVED CVE-2020-7688 RESERVED CVE-2020-7687 RESERVED CVE-2020-7686 RESERVED CVE-2020-7685 RESERVED CVE-2020-7684 RESERVED CVE-2020-7683 RESERVED CVE-2020-7682 RESERVED CVE-2020-7681 RESERVED CVE-2020-7680 RESERVED CVE-2020-7679 RESERVED CVE-2020-7678 RESERVED CVE-2020-7677 RESERVED CVE-2020-7676 RESERVED CVE-2020-7675 RESERVED CVE-2020-7674 RESERVED CVE-2020-7673 RESERVED CVE-2020-7672 RESERVED CVE-2020-7671 RESERVED CVE-2020-7670 RESERVED CVE-2020-7669 RESERVED CVE-2020-7668 RESERVED CVE-2020-7667 RESERVED CVE-2020-7666 RESERVED CVE-2020-7665 RESERVED CVE-2020-7664 RESERVED CVE-2020-7663 RESERVED CVE-2020-7662 RESERVED CVE-2020-7661 RESERVED CVE-2020-7660 RESERVED CVE-2020-7659 RESERVED CVE-2020-7658 (meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP ...) TODO: check CVE-2020-7657 RESERVED CVE-2020-7656 (jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...) TODO: check CVE-2020-7655 (netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP ...) TODO: check CVE-2020-7654 RESERVED CVE-2020-7653 RESERVED CVE-2020-7652 RESERVED CVE-2020-7651 RESERVED CVE-2020-7650 RESERVED CVE-2020-7649 RESERVED CVE-2020-7648 RESERVED CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...) TODO: check CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary commands.It is ...) TODO: check CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...) NOT-FOR-US: Node chrome-launcher CVE-2020-7644 (fun-map through 3.3.1 is vulnerable to Prototype Pollution. The functi ...) NOT-FOR-US: Node fun-map CVE-2020-7643 (paypal-adaptive through 0.4.2 manipulation of JavaScript objects resul ...) NOT-FOR-US: Node paypal-adaptive CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious JavaScript. The ...) NOT-FOR-US: Node lazysizes CVE-2020-7641 RESERVED CVE-2020-7640 (pixl-class prior to 1.0.3 allows execution of arbitrary commands. The ...) NOT-FOR-US: Node pixl-class CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...) NOT-FOR-US: Node eivindfjeldstad-dot CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...) NOT-FOR-US: Node confinit CVE-2020-7637 (class-transformer through 0.2.3 is vulnerable to Prototype Pollution. ...) NOT-FOR-US: Node class-transformer CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows ...) NOT-FOR-US: Node adb-driver CVE-2020-7635 (compass-compile through 0.0.1 is vulnerable to Command Injection.It al ...) NOT-FOR-US: Node compass-compile CVE-2020-7634 (heroku-addonpool through 0.1.15 is vulnerable to Command Injection. ...) NOT-FOR-US: Node heroku-addonpool CVE-2020-7633 (apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injectio ...) NOT-FOR-US: Node apiconnect-cli-plugins CVE-2020-7632 (node-mpv through 1.4.3 is vulnerable to Command Injection. It allows e ...) NOT-FOR-US: Node node-mpv CVE-2020-7631 (diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allow ...) NOT-FOR-US: Node diskusage-ng CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection. It al ...) NOT-FOR-US: git-add-remote node module CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...) NOT-FOR-US: install-package node module CVE-2020-7628 (install-package through 1.1.6 is vulnerable to Command Injection. It a ...) NOT-FOR-US: install-package node module CVE-2020-7627 (node-key-sender through 1.0.11 is vulnerable to Command Injection. It ...) NOT-FOR-US: node-key-sender node module CVE-2020-7626 (karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows ...) NOT-FOR-US: karma-mojo node module CVE-2020-7625 (op-browser through 1.0.6 is vulnerable to Command Injection. It allows ...) NOT-FOR-US: op-browser node module CVE-2020-7624 (effect through 1.0.4 is vulnerable to Command Injection. It allows exe ...) NOT-FOR-US: effect node module CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It allows ex ...) NOT-FOR-US: Node jscover CVE-2020-7622 (All versions of Jooby before 2.2.1 are vulnerable to HTTP Response Spl ...) NOT-FOR-US: Jooby CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command Injecti ...) NOT-FOR-US: Node strong-nginx-controller CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It all ...) NOT-FOR-US: Node pomelo-monitor CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. It is p ...) NOT-FOR-US: get-git-data node module CVE-2020-7618 (sds through 3.2.0 is vulnerable to Prototype Pollution.The library cou ...) NOT-FOR-US: Node sds CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...) NOT-FOR-US: Node ini-parser CVE-2020-7616 (express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollu ...) NOT-FOR-US: Node express-mock-middleware CVE-2020-7615 (fsa through 0.5.1 is vulnerable to Command Injection. The first argume ...) NOT-FOR-US: Node fsa CVE-2020-7614 (npm-programmatic through 0.0.12 is vulnerable to Command Injection.The ...) NOT-FOR-US: npm-programmatic CVE-2020-7613 (clamscan through 1.2.0 is vulnerable to Command Injection. It is possi ...) NOT-FOR-US: Node clamscan CVE-2020-7612 REJECTED CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...) NOT-FOR-US: io.micronaut:micronaut-http-client CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...) [experimental] - node-mongodb 3.5.5+~cs11.12.19-1 - node-mongodb 3.5.6+~cs11.12.19-1 [buster] - node-mongodb 3.1.13+~3.1.11-2+deb10u1 NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19 NOTE: https://snyk.io/vuln/SNYK-JS-BSON-561052 NOTE: https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8 CVE-2020-7609 (node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbi ...) NOT-FOR-US: Node node-rules CVE-2020-7608 (yargs-parser could be tricked into adding or modifying properties of O ...) - node-yargs-parser 18.1.1-1 [buster] - node-yargs-parser 11.1.1-1+deb10u1 [stretch] - node-yargs-parser (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 NOTE: https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2 NOTE: https://gist.github.com/Kirill89/dcd8100d010896157a36624119439832 CVE-2020-7607 (gulp-styledocco through 0.0.3 allows execution of arbitrary commands. ...) NOT-FOR-US: Node gulp-styledocco CVE-2020-7606 (docker-compose-remote-api through 0.1.4 allows execution of arbitrary ...) NOT-FOR-US: Node docker-compose-remote-api CVE-2020-7605 (gulp-tape through 1.0.0 allows execution of arbitrary commands. It is ...) NOT-FOR-US: Node gulp-tape CVE-2020-7604 (pulverizr through 0.7.0 allows execution of arbitrary commands. Within ...) NOT-FOR-US: Node pulverizr CVE-2020-7603 (closure-compiler-stream through 0.1.15 allows execution of arbitrary c ...) NOT-FOR-US: closure-compiler-stream CVE-2020-7602 (node-prompt-here through 1.0.1 allows execution of arbitrary commands. ...) NOT-FOR-US: Node node-prompt-here CVE-2020-7601 (gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. I ...) NOT-FOR-US: Node gulp-scss-lint CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object properties. The ...) NOT-FOR-US: querymen nodejs module CVE-2020-7599 (All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable ...) NOT-FOR-US: com.gradle.plugin-publish CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying proper ...) - node-minimist 1.2.5-1 (bug #953762) [buster] - node-minimist (Minor issue) [stretch] - node-minimist (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 NOTE: POC: https://gist.github.com/Kirill89/47feb345b09bf081317f08dd43403a8a NOTE: Fixed by: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94 CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to execut ...) NOT-FOR-US: codecov-node nodejs module CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...) NOT-FOR-US: Codecov npm module CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...) - libxml2 2.9.10+dfsg-2.1 (bug #949582) [buster] - libxml2 (Minor issue) [stretch] - libxml2 (Minor issue) [jessie] - libxml2 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5 CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...) NOT-FOR-US: MultiTech Conduit MTCDT-LVW2-24XX devices CVE-2020-7593 RESERVED CVE-2020-7592 RESERVED CVE-2020-7591 RESERVED CVE-2020-7590 RESERVED CVE-2020-7589 RESERVED CVE-2020-7588 RESERVED CVE-2020-7587 RESERVED CVE-2020-7586 RESERVED CVE-2020-7585 RESERVED CVE-2020-7584 RESERVED CVE-2020-7583 RESERVED CVE-2020-7582 RESERVED CVE-2020-7581 RESERVED CVE-2020-7580 RESERVED CVE-2020-7579 (A vulnerability has been identified in Spectrum Power™ 5 (All ve ...) NOT-FOR-US: Siemens CVE-2020-7578 RESERVED CVE-2020-7577 RESERVED CVE-2020-7576 RESERVED CVE-2020-7575 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...) NOT-FOR-US: Climatix CVE-2020-7574 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...) NOT-FOR-US: Climatix CVE-2020-7573 RESERVED CVE-2020-7572 RESERVED CVE-2020-7571 RESERVED CVE-2020-7570 RESERVED CVE-2020-7569 RESERVED CVE-2020-7568 RESERVED CVE-2020-7567 RESERVED CVE-2020-7566 RESERVED CVE-2020-7565 RESERVED CVE-2020-7564 RESERVED CVE-2020-7563 RESERVED CVE-2020-7562 RESERVED CVE-2020-7561 RESERVED CVE-2020-7560 RESERVED CVE-2020-7559 RESERVED CVE-2020-7558 RESERVED CVE-2020-7557 RESERVED CVE-2020-7556 RESERVED CVE-2020-7555 RESERVED CVE-2020-7554 RESERVED CVE-2020-7553 RESERVED CVE-2020-7552 RESERVED CVE-2020-7551 RESERVED CVE-2020-7550 RESERVED CVE-2020-7549 RESERVED CVE-2020-7548 RESERVED CVE-2020-7547 RESERVED CVE-2020-7546 RESERVED CVE-2020-7545 RESERVED CVE-2020-7544 RESERVED CVE-2020-7543 RESERVED CVE-2020-7542 RESERVED CVE-2020-7541 RESERVED CVE-2020-7540 RESERVED CVE-2020-7539 RESERVED CVE-2020-7538 RESERVED CVE-2020-7537 RESERVED CVE-2020-7536 RESERVED CVE-2020-7535 RESERVED CVE-2020-7534 RESERVED CVE-2020-7533 RESERVED CVE-2020-7532 RESERVED CVE-2020-7531 RESERVED CVE-2020-7530 RESERVED CVE-2020-7529 RESERVED CVE-2020-7528 RESERVED CVE-2020-7527 RESERVED CVE-2020-7526 RESERVED CVE-2020-7525 RESERVED CVE-2020-7524 RESERVED CVE-2020-7523 RESERVED CVE-2020-7522 RESERVED CVE-2020-7521 RESERVED CVE-2020-7520 RESERVED CVE-2020-7519 RESERVED CVE-2020-7518 RESERVED CVE-2020-7517 RESERVED CVE-2020-7516 RESERVED CVE-2020-7515 RESERVED CVE-2020-7514 RESERVED CVE-2020-7513 RESERVED CVE-2020-7512 RESERVED CVE-2020-7511 RESERVED CVE-2020-7510 RESERVED CVE-2020-7509 RESERVED CVE-2020-7508 RESERVED CVE-2020-7507 RESERVED CVE-2020-7506 RESERVED CVE-2020-7505 RESERVED CVE-2020-7504 RESERVED CVE-2020-7503 RESERVED CVE-2020-7502 RESERVED CVE-2020-7501 RESERVED CVE-2020-7500 RESERVED CVE-2020-7499 RESERVED CVE-2020-7498 RESERVED CVE-2020-7497 RESERVED CVE-2020-7496 RESERVED CVE-2020-7495 RESERVED CVE-2020-7494 RESERVED CVE-2020-7493 RESERVED CVE-2020-7492 RESERVED CVE-2020-7491 RESERVED CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...) NOT-FOR-US: Schneider CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...) NOT-FOR-US: Schneider CVE-2020-7488 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...) NOT-FOR-US: Schneider CVE-2020-7487 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) NOT-FOR-US: Schneider CVE-2020-7486 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TC ...) NOT-FOR-US: Schneider Electric CVE-2020-7485 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in th ...) NOT-FOR-US: Schneider Electric CVE-2020-7484 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the forme ...) NOT-FOR-US: Schneider Electric CVE-2020-7483 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause ce ...) NOT-FOR-US: Schneider Electric CVE-2020-7482 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: Andover Continuum CVE-2020-7481 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: Andover Continuum CVE-2020-7480 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) NOT-FOR-US: Andover Continuum CVE-2020-7479 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: IGSS CVE-2020-7478 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: IGSS CVE-2020-7477 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Quantum Ethernet Network module CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Instal ...) NOT-FOR-US: ZigBee Installation Kit CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...) NOT-FOR-US: ProSoft Configurator CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...) NOT-FOR-US: Citrix CVE-2020-7472 RESERVED CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...) {DSA-4629-1} - python-django 2:2.2.10-1 (bug #950581) [jessie] - python-django (Vulnerable code introduced in Django ~1.9) NOTE: https://www.djangoproject.com/weblog/2020/feb/03/security-releases/ NOTE: https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 (master) NOTE: https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b (3.0.3) NOTE: https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147 (2.2.10) NOTE: https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd (1.11.28) CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the ...) NOT-FOR-US: Sonoff TH 10 and 16 devices CVE-2020-7469 RESERVED CVE-2020-7468 RESERVED CVE-2020-7467 RESERVED CVE-2020-7466 RESERVED CVE-2020-7465 RESERVED CVE-2020-7464 RESERVED CVE-2020-7463 RESERVED CVE-2020-7462 RESERVED CVE-2020-7461 RESERVED CVE-2020-7460 RESERVED CVE-2020-7459 RESERVED CVE-2020-7458 RESERVED CVE-2020-7457 RESERVED CVE-2020-7456 RESERVED CVE-2020-7455 (In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-ST ...) NOT-FOR-US: FreeBSD CVE-2020-7454 (In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-ST ...) NOT-FOR-US: FreeBSD CVE-2020-7453 (In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:08.jail.asc CVE-2020-7452 (In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:07.epair.asc CVE-2020-7451 (In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEAS ...) NOT-FOR-US: FreeBSD CVE-2020-7450 (In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEAS ...) NOT-FOR-US: FreeBSD CVE-2020-7449 RESERVED CVE-2020-7448 RESERVED CVE-2020-7447 RESERVED CVE-2020-7446 RESERVED CVE-2020-7445 RESERVED CVE-2020-7444 RESERVED CVE-2020-7443 RESERVED CVE-2020-7442 RESERVED CVE-2020-7441 RESERVED CVE-2020-7440 RESERVED CVE-2020-7439 RESERVED CVE-2020-7438 RESERVED CVE-2020-7437 RESERVED CVE-2020-7436 RESERVED CVE-2020-7435 RESERVED CVE-2020-7434 RESERVED CVE-2020-7433 RESERVED CVE-2020-7432 RESERVED CVE-2020-7431 RESERVED CVE-2020-7430 RESERVED CVE-2020-7429 RESERVED CVE-2020-7428 RESERVED CVE-2020-7427 RESERVED CVE-2020-7426 RESERVED CVE-2020-7425 RESERVED CVE-2020-7424 RESERVED CVE-2020-7423 RESERVED CVE-2020-7422 RESERVED CVE-2020-7421 RESERVED CVE-2020-7420 RESERVED CVE-2020-7419 RESERVED CVE-2020-7418 RESERVED CVE-2020-7417 RESERVED CVE-2020-7416 RESERVED CVE-2020-7415 RESERVED CVE-2020-7414 RESERVED CVE-2020-7413 RESERVED CVE-2020-7412 RESERVED CVE-2020-7411 RESERVED CVE-2020-7410 RESERVED CVE-2020-7409 RESERVED CVE-2020-7408 RESERVED CVE-2020-7407 RESERVED CVE-2020-7406 RESERVED CVE-2020-7405 RESERVED CVE-2020-7404 RESERVED CVE-2020-7403 RESERVED CVE-2020-7402 RESERVED CVE-2020-7401 RESERVED CVE-2020-7400 RESERVED CVE-2020-7399 RESERVED CVE-2020-7398 RESERVED CVE-2020-7397 RESERVED CVE-2020-7396 RESERVED CVE-2020-7395 RESERVED CVE-2020-7394 RESERVED CVE-2020-7393 RESERVED CVE-2020-7392 RESERVED CVE-2020-7391 RESERVED CVE-2020-7390 RESERVED CVE-2020-7389 RESERVED CVE-2020-7388 RESERVED CVE-2020-7387 RESERVED CVE-2020-7386 RESERVED CVE-2020-7385 RESERVED CVE-2020-7384 RESERVED CVE-2020-7383 RESERVED CVE-2020-7382 RESERVED CVE-2020-7381 RESERVED CVE-2020-7380 RESERVED CVE-2020-7379 RESERVED CVE-2020-7378 RESERVED CVE-2020-7377 RESERVED CVE-2020-7376 RESERVED CVE-2020-7375 RESERVED CVE-2020-7374 RESERVED CVE-2020-7373 RESERVED CVE-2020-7372 RESERVED CVE-2020-7371 RESERVED CVE-2020-7370 RESERVED CVE-2020-7369 RESERVED CVE-2020-7368 RESERVED CVE-2020-7367 RESERVED CVE-2020-7366 RESERVED CVE-2020-7365 RESERVED CVE-2020-7364 RESERVED CVE-2020-7363 RESERVED CVE-2020-7362 RESERVED CVE-2020-7361 RESERVED CVE-2020-7360 RESERVED CVE-2020-7359 RESERVED CVE-2020-7358 RESERVED CVE-2020-7357 RESERVED CVE-2020-7356 RESERVED CVE-2020-7355 RESERVED CVE-2020-7354 RESERVED CVE-2020-7353 RESERVED CVE-2020-7352 RESERVED CVE-2020-7351 (An OS Command Injection vulnerability in the endpoint_devicemap.php co ...) NOT-FOR-US: Fonality Trixbox Community Edition CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from an ins ...) NOT-FOR-US: Rapid7 Metasploit Framework CVE-2020-7349 RESERVED CVE-2020-7348 RESERVED CVE-2020-7347 RESERVED CVE-2020-7346 RESERVED CVE-2020-7345 RESERVED CVE-2020-7344 RESERVED CVE-2020-7343 RESERVED CVE-2020-7342 RESERVED CVE-2020-7341 RESERVED CVE-2020-7340 RESERVED CVE-2020-7339 RESERVED CVE-2020-7338 RESERVED CVE-2020-7337 RESERVED CVE-2020-7336 RESERVED CVE-2020-7335 RESERVED CVE-2020-7334 RESERVED CVE-2020-7333 RESERVED CVE-2020-7332 RESERVED CVE-2020-7331 RESERVED CVE-2020-7330 RESERVED CVE-2020-7329 RESERVED CVE-2020-7328 RESERVED CVE-2020-7327 RESERVED CVE-2020-7326 RESERVED CVE-2020-7325 RESERVED CVE-2020-7324 RESERVED CVE-2020-7323 RESERVED CVE-2020-7322 RESERVED CVE-2020-7321 RESERVED CVE-2020-7320 RESERVED CVE-2020-7319 RESERVED CVE-2020-7318 RESERVED CVE-2020-7317 RESERVED CVE-2020-7316 RESERVED CVE-2020-7315 RESERVED CVE-2020-7314 RESERVED CVE-2020-7313 RESERVED CVE-2020-7312 RESERVED CVE-2020-7311 RESERVED CVE-2020-7310 RESERVED CVE-2020-7309 RESERVED CVE-2020-7308 RESERVED CVE-2020-7307 RESERVED CVE-2020-7306 RESERVED CVE-2020-7305 RESERVED CVE-2020-7304 RESERVED CVE-2020-7303 RESERVED CVE-2020-7302 RESERVED CVE-2020-7301 RESERVED CVE-2020-7300 RESERVED CVE-2020-7299 RESERVED CVE-2020-7298 RESERVED CVE-2020-7297 RESERVED CVE-2020-7296 RESERVED CVE-2020-7295 RESERVED CVE-2020-7294 RESERVED CVE-2020-7293 RESERVED CVE-2020-7292 RESERVED CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) NOT-FOR-US: McAfee CVE-2020-7290 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) NOT-FOR-US: McAfee CVE-2020-7289 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) NOT-FOR-US: McAfee CVE-2020-7288 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...) NOT-FOR-US: McAfee CVE-2020-7287 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...) NOT-FOR-US: McAfee CVE-2020-7286 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...) NOT-FOR-US: McAfee CVE-2020-7285 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...) NOT-FOR-US: McAfee CVE-2020-7284 RESERVED CVE-2020-7283 RESERVED CVE-2020-7282 RESERVED CVE-2020-7281 RESERVED CVE-2020-7280 RESERVED CVE-2020-7279 RESERVED CVE-2020-7278 (Exploiting incorrectly configured access control security levels vulne ...) NOT-FOR-US: McAfee CVE-2020-7277 (Protection mechanism failure in all processes in McAfee Endpoint Secur ...) NOT-FOR-US: McAfee CVE-2020-7276 (Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoi ...) NOT-FOR-US: McAfee CVE-2020-7275 (Accessing, modifying or executing executable files vulnerability in th ...) NOT-FOR-US: McAfee CVE-2020-7274 (Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Se ...) NOT-FOR-US: McAfee CVE-2020-7273 (Accessing functionality not properly constrained by ACLs vulnerability ...) NOT-FOR-US: McAfee CVE-2020-7272 RESERVED CVE-2020-7271 RESERVED CVE-2020-7270 RESERVED CVE-2020-7269 RESERVED CVE-2020-7268 RESERVED CVE-2020-7267 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...) NOT-FOR-US: McAfee CVE-2020-7266 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...) NOT-FOR-US: McAfee CVE-2020-7265 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...) NOT-FOR-US: McAfee CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...) NOT-FOR-US: McAfee CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...) NOT-FOR-US: ENS for Windows CVE-2020-7262 RESERVED CVE-2020-7261 (Buffer Overflow via Environment Variables vulnerability in AMSI compon ...) NOT-FOR-US: McAfee CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee Application ...) NOT-FOR-US: McAfee CVE-2020-7259 (Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoi ...) NOT-FOR-US: McAfee CVE-2020-7258 (Cross site scripting vulnerability in McAfee Network Security Manageme ...) NOT-FOR-US: McAfee CVE-2020-7257 (Privilege escalation vulnerability in McAfee Endpoint Security (ENS) f ...) NOT-FOR-US: McAfee CVE-2020-7256 (Cross site scripting vulnerability in McAfee Network Security Manageme ...) NOT-FOR-US: McAfee CVE-2020-7255 (Privilege escalation vulnerability in the administrative user interfac ...) NOT-FOR-US: McAfee CVE-2020-7254 (Privilege Escalation vulnerability in the command line interface in Mc ...) NOT-FOR-US: McAfee CVE-2020-7253 (Improper access control vulnerability in masvc.exe in McAfee Agent (MA ...) NOT-FOR-US: McAfee CVE-2020-7252 (Unquoted service executable path in DXL Broker in McAfee Data eXchange ...) NOT-FOR-US: McAfee CVE-2020-7251 (Improper access control vulnerability in Configuration Tool in McAfee ...) NOT-FOR-US: McAfee CVE-2020-7250 (Symbolic link manipulation vulnerability in McAfee Endpoint Security ( ...) NOT-FOR-US: McAfee CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...) NOT-FOR-US: SMC D3G0804W devices CVE-2020-7248 (libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged ...) NOT-FOR-US: libubox in OpenWrt CVE-2020-XXXX [opensmtpd DoS via opportunistic TLS downgrade] - opensmtpd 6.6.2p1-1 (bug #950121) [stretch] - opensmtpd 6.0.2p1-2+deb9u2 [buster] - opensmtpd 6.0.3p1-5+deb10u3 NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/018_smtpd_tls.patch.sig CVE-2020-7247 (smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6 ...) {DSA-4611-1} - opensmtpd 6.6.2p1-1 (bug #950121) NOTE: https://www.openwall.com/lists/oss-security/2020/01/28/3 NOTE: Fixed by: https://github.com/OpenSMTPD/OpenSMTPD/commit/2afab2297347342f81fa31a75bbbf7dbee614fda NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/019_smtpd_exec.patch.sig NOTE: The issue is exploitable after switching "to new grammar", which is included NOTE: in portable sync commit: NOTE: https://github.com/OpenSMTPD/OpenSMTPD/commit/be6ef06cba9484d008d9f057e6b25d863cf278ff (opensmtpd-6.4.0) CVE-2020-7246 (A remote code execution (RCE) vulnerability exists in qdPM 9.1 and ear ...) NOT-FOR-US: qdPM CVE-2020-7245 (Incorrect username validation in the registration process of CTFd v2.0 ...) NOT-FOR-US: CTFd CVE-2020-7244 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7243 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7242 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7241 (The WP Database Backup plugin through 5.5 for WordPress stores downloa ...) NOT-FOR-US: WP Database Backup plugin for WordPress CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers ...) NOT-FOR-US: Meinberg Lantime M300 and M1000 devices CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...) NOT-FOR-US: conversation-watson plugin for WordPress CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...) {DLA-2110-1 DLA-2109-1} - netty 1:4.1.45-1 (bug #950967) - netty-3.9 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225 NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1 NOTE: Issue exists because of incomplete fix for CVE-2019-16869. NOTE: https://github.com/netty/netty/issues/9861#issuecomment-582307539 (same fix as CVE-2019-20445) CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...) - cacti 1.2.9+ds1-1 (bug #949997) [jessie] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/issues/3201 NOTE: https://github.com/Cacti/cacti/commit/5010719dbd160198be3e07bb994cf237e3af1308 CVE-2020-7236 (UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= ...) NOT-FOR-US: UHP UHP-100 devices CVE-2020-7235 (UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= ...) NOT-FOR-US: UHP UHP-100 devices CVE-2020-7234 (Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the S ...) NOT-FOR-US: Ruckus ZoneFlex R310 devices CVE-2020-7233 (KMS Controls BAC-A1616BC BACnet devices have a cleartext password of s ...) NOT-FOR-US: KMS Controls BAC-A1616BC BACnet devices CVE-2020-7232 (Evoko Home 1.31 devices allow remote attackers to obtain sensitive inf ...) NOT-FOR-US: Evoko Home devices CVE-2020-7231 (Evoko Home 1.31 devices provide different error messages for failed lo ...) NOT-FOR-US: Evoko Home devices CVE-2020-7230 RESERVED CVE-2020-7229 (An issue was discovered in Simplejobscript.com SJS before 1.65. There ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-7228 (The Calculated Fields Form plugin through 1.0.353 for WordPress suffer ...) NOT-FOR-US: Calculated Fields Form plugin for WordPress CVE-2020-7227 (Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosur ...) NOT-FOR-US: Westermo MRD-315 devices CVE-2020-7226 (CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and ...) NOT-FOR-US: cryptacular CVE-2020-7225 RESERVED CVE-2020-7224 (The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows ...) NOT-FOR-US: Aviatrix OpenVPN client CVE-2020-7223 RESERVED CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06- ...) NOT-FOR-US: Amcrest Web Server CVE-2020-7221 (mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege es ...) - mariadb-10.3 (Only affects MariaDB 10.4.7 through 10.4.11) - mariadb-10.1 (Only affects MariaDB 10.4.7 through 10.4.11) CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...) NOT-FOR-US: HashiCorp Vault CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...) - consul 1.7.0+dfsg1-1 (bug #950736) [buster] - consul (Minor issue) NOTE: https://github.com/hashicorp/consul/issues/7159 NOTE: Fixed in 1.6.3. CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded res ...) - nomad 0.10.3+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7002 CVE-2020-7217 (An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0. ...) NOT-FOR-US: openSUSE wicked CVE-2020-7216 (An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and e ...) NOT-FOR-US: openSUSE wicked CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7.90.99 ...) NOT-FOR-US: Gallagher Command Centre CVE-2020-7214 RESERVED CVE-2020-7213 (Parallels 13 uses cleartext HTTP as part of the update process, allowi ...) NOT-FOR-US: Parallels CVE-2020-7212 (The _encode_invalid_chars function in util/url.py in the urllib3 libra ...) - python-urllib3 1.25.8-1 [buster] - python-urllib3 (Vulnerable code introduced later) [stretch] - python-urllib3 (Vulnerable code introduced later) [jessie] - python-urllib3 (Vulnerable code introduced later) NOTE: https://github.com/urllib3/urllib3/pull/1787 NOTE: Introduced by: https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a (1.25.2) NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/a2697e7c6b275f05879b60f593c5854a816489f0 (1.25.8) CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ ...) - libslirp (unimportant) NOTE: https://bugs.launchpad.net/qemu/+bug/1812451 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...) NOT-FOR-US: Umbraco CMS CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution w ...) NOT-FOR-US: LinuxKI CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved i ...) NOT-FOR-US: LinuxKI CVE-2020-7207 RESERVED CVE-2020-7206 RESERVED CVE-2020-7205 RESERVED CVE-2020-7204 RESERVED CVE-2020-7203 RESERVED CVE-2020-7202 RESERVED CVE-2020-7201 RESERVED CVE-2020-7200 RESERVED CVE-2020-7199 RESERVED CVE-2020-7198 RESERVED CVE-2020-7197 RESERVED CVE-2020-7196 RESERVED CVE-2020-7195 RESERVED CVE-2020-7194 RESERVED CVE-2020-7193 RESERVED CVE-2020-7192 RESERVED CVE-2020-7191 RESERVED CVE-2020-7190 RESERVED CVE-2020-7189 RESERVED CVE-2020-7188 RESERVED CVE-2020-7187 RESERVED CVE-2020-7186 RESERVED CVE-2020-7185 RESERVED CVE-2020-7184 RESERVED CVE-2020-7183 RESERVED CVE-2020-7182 RESERVED CVE-2020-7181 RESERVED CVE-2020-7180 RESERVED CVE-2020-7179 RESERVED CVE-2020-7178 RESERVED CVE-2020-7177 RESERVED CVE-2020-7176 RESERVED CVE-2020-7175 RESERVED CVE-2020-7174 RESERVED CVE-2020-7173 RESERVED CVE-2020-7172 RESERVED CVE-2020-7171 RESERVED CVE-2020-7170 RESERVED CVE-2020-7169 RESERVED CVE-2020-7168 RESERVED CVE-2020-7167 RESERVED CVE-2020-7166 RESERVED CVE-2020-7165 RESERVED CVE-2020-7164 RESERVED CVE-2020-7163 RESERVED CVE-2020-7162 RESERVED CVE-2020-7161 RESERVED CVE-2020-7160 RESERVED CVE-2020-7159 RESERVED CVE-2020-7158 RESERVED CVE-2020-7157 RESERVED CVE-2020-7156 RESERVED CVE-2020-7155 RESERVED CVE-2020-7154 RESERVED CVE-2020-7153 RESERVED CVE-2020-7152 RESERVED CVE-2020-7151 RESERVED CVE-2020-7150 RESERVED CVE-2020-7149 RESERVED CVE-2020-7148 RESERVED CVE-2020-7147 RESERVED CVE-2020-7146 RESERVED CVE-2020-7145 RESERVED CVE-2020-7144 RESERVED CVE-2020-7143 RESERVED CVE-2020-7142 RESERVED CVE-2020-7141 RESERVED CVE-2020-7140 RESERVED CVE-2020-7139 (Potential remote access security vulnerabilities have been identified ...) TODO: check CVE-2020-7138 (Potential remote code execution security vulnerabilities have been ide ...) TODO: check CVE-2020-7137 (A validation issue in HPE Superdome Flex's RMC component may allow loc ...) TODO: check CVE-2020-7136 (A security vulnerability in HPE Smart Update Manager (SUM) prior to ve ...) NOT-FOR-US: HPE Smart Update Manager (SUM) CVE-2020-7135 (A potential security vulnerability has been identified in the disk dri ...) NOT-FOR-US: HPE CVE-2020-7134 (A remote access to sensitive data vulnerability was discovered in HPE ...) NOT-FOR-US: HPE CVE-2020-7133 (A unauthorized remote access vulnerability was discovered in HPE IOT + ...) NOT-FOR-US: HPE CVE-2020-7132 (A potential security vulnerability has been identified in HPE Onboard ...) NOT-FOR-US: HPE CVE-2020-7131 (This document describes a security vulnerability in Blade Maintenance ...) NOT-FOR-US: HPE CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote information discl ...) NOT-FOR-US: HPE CVE-2020-7129 RESERVED CVE-2020-7128 RESERVED CVE-2020-7127 RESERVED CVE-2020-7126 RESERVED CVE-2020-7125 RESERVED CVE-2020-7124 RESERVED CVE-2020-7123 RESERVED CVE-2020-7122 RESERVED CVE-2020-7121 RESERVED CVE-2020-7120 RESERVED CVE-2020-7119 RESERVED CVE-2020-7118 RESERVED CVE-2020-7117 RESERVED CVE-2020-7116 RESERVED CVE-2020-7115 RESERVED CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the same ne ...) NOT-FOR-US: ClearPass CVE-2020-7113 (A vulnerability was found when an attacker, while communicating with t ...) NOT-FOR-US: ClearPass CVE-2020-7112 RESERVED CVE-2020-7111 (A server side injection vulnerability exists which could allow an auth ...) NOT-FOR-US: ClearPass CVE-2020-7110 (ClearPass is vulnerable to Stored Cross Site Scripting by allowing a m ...) NOT-FOR-US: ClearPass CVE-2020-7109 (The Elementor Page Builder plugin before 2.8.4 for WordPress does not ...) NOT-FOR-US: Elementor Page Builder plugin for WordPress CVE-2020-7108 (The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ...) NOT-FOR-US: LearnDash LMS plugin for WordPress CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Dis ...) NOT-FOR-US: Ultimate FAQ plugin for WordPress CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...) {DLA-2069-1} - cacti 1.2.9+ds1-1 (bug #949996) [buster] - cacti (can be fixed along with more important issues) [stretch] - cacti (can be fixed along with more important issues) NOTE: https://github.com/Cacti/cacti/issues/3191 NOTE: https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9 NOTE: https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464 NOTE: https://github.com/Cacti/cacti/commit/b1c70e19466a6e69284e24cde437b55ccc454bee CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...) {DLA-2083-1} - hiredis 0.14.0-5 (bug #949995) [buster] - hiredis (Minor issue) [stretch] - hiredis (Minor issue) NOTE: https://github.com/redis/hiredis/pull/754 NOTE: https://github.com/redis/hiredis/pull/756 CVE-2020-7104 (The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via th ...) NOT-FOR-US: chained-quiz plugin for WordPress CVE-2020-7103 RESERVED CVE-2020-7102 RESERVED CVE-2020-7101 RESERVED CVE-2020-7100 RESERVED CVE-2020-7099 RESERVED CVE-2020-7098 RESERVED CVE-2020-7097 RESERVED CVE-2020-7096 RESERVED CVE-2020-7095 RESERVED CVE-2020-7094 RESERVED CVE-2020-7093 RESERVED CVE-2020-7092 RESERVED CVE-2020-7091 RESERVED CVE-2020-7090 RESERVED CVE-2020-7089 RESERVED CVE-2020-7088 RESERVED CVE-2020-7087 RESERVED CVE-2020-7086 RESERVED CVE-2020-7085 (A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 ...) NOT-FOR-US: Autodesk CVE-2020-7084 (A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versi ...) NOT-FOR-US: Autodesk CVE-2020-7083 (An intager overflow vulnerability in the Autodesk FBX-SDK versions 201 ...) NOT-FOR-US: Autodesk CVE-2020-7082 (A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 ...) NOT-FOR-US: Autodesk CVE-2020-7081 (A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 ...) NOT-FOR-US: Autodesk CVE-2020-7080 (A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019. ...) NOT-FOR-US: Autodesk CVE-2020-7079 (An improper signature validation vulnerability in Autodesk Dynamo BIM ...) NOT-FOR-US: Autodesk CVE-2020-7078 RESERVED CVE-2020-7077 RESERVED CVE-2020-7076 RESERVED CVE-2020-7075 RESERVED CVE-2020-7074 RESERVED CVE-2020-7073 RESERVED CVE-2020-7072 RESERVED CVE-2020-7071 RESERVED CVE-2020-7070 RESERVED CVE-2020-7069 RESERVED CVE-2020-7068 RESERVED CVE-2020-7067 (In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...) {DLA-2188-1} - php7.4 7.4.5-1 (unimportant) - php7.3 (unimportant) - php7.0 (unimportant) - php5 (unimportant) NOTE: Fixed in PHP 7.4.5, 7.3.17 NOTE: PHP Bug: https://bugs.php.net/79465 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be NOTE: This only affects builds which enable EDBDIC CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...) {DLA-2188-1} - php7.4 7.4.5-1 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29 NOTE: PHP Bug: https://bugs.php.net/79329 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43 CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using ...) - php7.4 7.4.5-1 - php7.3 - php7.0 - php5 (Vulnerable code introduced later) NOTE: Fixed in PHP 7.4.4, 7.3.16 NOTE: PHP Bug: https://bugs.php.net/79371 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=1fdffd1c55d771ca22ae217784ab75fce592ad38 CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...) {DLA-2188-1} - php7.4 7.4.5-1 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29 NOTE: PHP Bug: https://bugs.php.net/79282 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=25238bdf6005b85ab844aa2b743b589dfce9f0d2 CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...) {DLA-2160-1} - php7.4 7.4.3-1 - php7.3 7.3.15-1 [buster] - php7.3 (Minor issue, can be fixed along in a future DSA) - php7.0 [stretch] - php7.0 (Minor issue, can be fixed along in a future DSA) - php5 NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28 NOTE: PHP Bug: http://bugs.php.net/79082 CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...) {DLA-2160-1} - php7.4 7.4.3-1 - php7.3 7.3.15-1 [buster] - php7.3 (Minor issue, can be fixed along in a future DSA) - php7.0 [stretch] - php7.0 (Minor issue, can be fixed along in a future DSA) - php5 NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28 NOTE: PHP Bug: http://bugs.php.net/79221 CVE-2020-7061 (In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...) - php7.4 (Windows specific issue) - php7.3 (Windows specific issue) - php7.0 (Windows specific issue) - php5 (Windows specific issue) NOTE: Fixed in PHP 7.4.3, 7.3.15 NOTE: PHP Bug: http://bugs.php.net/79171 CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings, ...) {DSA-4628-1 DSA-4626-1 DLA-2124-1} - php7.4 7.4.2-7 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27 NOTE: PHP Bug: http://bugs.php.net/79037 CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP ...) {DSA-4628-1 DSA-4626-1 DLA-2124-1} - php7.4 7.4.2-7 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27 NOTE: PHP Bug: https://bugs.php.net/79099 CVE-2020-7058 (** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execut ...) - cacti (unimportant) NOTE: https://github.com/Cacti/cacti/issues/3186 NOTE: Properly configured in there is no security impact, cf. NOTE: https://github.com/Cacti/cacti/issues/3186#issuecomment-574444803 CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a d ...) NOT-FOR-US: Hikvision CVE-2020-7056 RESERVED CVE-2020-7055 (An issue was discovered in Elementor 2.7.4. Arbitrary file upload is p ...) NOT-FOR-US: Elementor CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in li ...) NOT-FOR-US: libIEC61850 CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...) - linux 5.2.6-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/ CVE-2020-7052 (CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow unco ...) NOT-FOR-US: CODESYS CVE-2020-7051 (Codologic Codoforum through 4.8.4 allows stored XSS in the login area. ...) NOT-FOR-US: Codoforum CVE-2020-7050 (Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creati ...) NOT-FOR-US: Codoforum CVE-2020-7049 RESERVED CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...) NOT-FOR-US: Wordpress plugin CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...) NOT-FOR-US: Wordpress plugin CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 ...) - dovecot (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1 CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...) - wireshark 3.2.0-1 [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Doesn't support request-respone tracking in affected code passage, yet) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d NOTE: https://www.wireshark.org/security/wnpa-sec-2020-02.html CVE-2020-7044 (In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This ...) - wireshark 3.2.1-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) [jessie] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f90a3720b73ca140403315126e2a478c4f70ca03 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-01.html CVE-2020-7043 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 (unimportant) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8 NOTE: No version of openfortivpn was shipped with OpenSSL < 1.0.2, marking as unimportant CVE-2020-7042 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 [buster] - openfortivpn (Minor issue) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3 CVE-2020-7041 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 [buster] - openfortivpn (Minor issue) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91 CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...) {DLA-2095-1} - storebackup (bug #949393) [buster] - storebackup (Minor issue) [stretch] - storebackup (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1156767 NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3 NOTE: SuSE provided patch: https://www.openwall.com/lists/oss-security/2020/01/20/3/1 CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...) {DSA-4616-1 DLA-2090-1 DLA-2076-1} - libslirp 4.1.0-2 (bug #949084) - qemu 1:4.1-2 - qemu-kvm - slirp 1:1.0.17-10 (bug #949085) [buster] - slirp (Minor issue; can be fixed via point release) [stretch] - slirp (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/2 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. CVE-2020-7038 RESERVED CVE-2020-7037 RESERVED CVE-2020-7036 RESERVED CVE-2020-7035 RESERVED CVE-2020-7034 RESERVED CVE-2020-7033 RESERVED CVE-2020-7032 RESERVED CVE-2020-7031 RESERVED CVE-2020-7030 RESERVED CVE-2020-7029 RESERVED CVE-2020-7028 RESERVED CVE-2020-7027 RESERVED CVE-2020-7026 RESERVED CVE-2020-7025 RESERVED CVE-2020-7024 RESERVED CVE-2020-7023 RESERVED CVE-2020-7022 RESERVED CVE-2020-7021 RESERVED CVE-2020-7020 RESERVED CVE-2020-7019 RESERVED CVE-2020-7018 RESERVED CVE-2020-7017 RESERVED CVE-2020-7016 RESERVED CVE-2020-7015 RESERVED CVE-2020-7014 RESERVED CVE-2020-7013 RESERVED CVE-2020-7012 RESERVED CVE-2020-7011 RESERVED CVE-2020-7010 RESERVED CVE-2020-7009 (Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 ...) - elasticsearch CVE-2020-7008 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker ...) NOT-FOR-US: Moxa CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), ...) NOT-FOR-US: Systech Corporation CVE-2020-7005 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...) NOT-FOR-US: Honeywell CVE-2020-7004 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...) NOT-FOR-US: Moxa CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...) NOT-FOR-US: McAfee CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected ...) NOT-FOR-US: Moxa CVE-2020-7000 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-6999 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the p ...) NOT-FOR-US: Moxa CVE-2020-6998 RESERVED CVE-2020-6997 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive inf ...) NOT-FOR-US: Moxa CVE-2020-6996 (Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Prot ...) NOT-FOR-US: Triangle MicroWorks CVE-2020-6995 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6994 (A buffer overflow vulnerability was found in some devices of Hirschman ...) NOT-FOR-US: Hirschmann Automation and Control HiOS and HiSecOS CVE-2020-6993 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6992 (A local privilege escalation vulnerability has been identified in the ...) NOT-FOR-US: GE Digital CVE-2020-6991 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password ...) NOT-FOR-US: Moxa CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6989 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6988 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6987 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a series ...) NOT-FOR-US: Omron CVE-2020-6985 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6983 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6982 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injecti ...) NOT-FOR-US: Honeywell CVE-2020-6981 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker m ...) NOT-FOR-US: Moxa CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6979 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected ...) NOT-FOR-US: Moxa CVE-2020-6978 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...) NOT-FOR-US: Honeywell CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...) NOT-FOR-US: GE CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...) NOT-FOR-US: Delta Industrial Automation CNCSoft ScreenEditor CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6974 (Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a pa ...) NOT-FOR-US: Honeywell CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6972 (In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell F ...) NOT-FOR-US: Honeywell CVE-2020-6971 (In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the Va ...) NOT-FOR-US: Emerson CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA ...) NOT-FOR-US: Emerson OpenEnterprise SCADA Server CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...) NOT-FOR-US: AutomationDirect CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to escalate app ...) NOT-FOR-US: Honeywell CVE-2020-6967 (In Rockwell Automation all versions of FactoryTalk Diagnostics softwar ...) NOT-FOR-US: Rockwell CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6965 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6964 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6963 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6962 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6961 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6960 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...) NOT-FOR-US: Honeywell CVE-2020-6959 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...) NOT-FOR-US: Honeywell CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrappe ...) NOT-FOR-US: Yet Another Java Service Wrapper (YAJSW) CVE-2020-6957 RESERVED CVE-2020-6956 (PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_acti ...) NOT-FOR-US: PCS DEXICON CVE-2020-6955 (An issue was discovered on Cayin SMP-PRO4 devices. They allow image_pr ...) NOT-FOR-US: Cayin SMP-PRO4 devices CVE-2020-6954 (An issue was discovered on Cayin SMP-PRO4 devices. A user can discover ...) NOT-FOR-US: Cayin SMP-PRO4 devices CVE-2020-6953 RESERVED CVE-2020-6952 RESERVED CVE-2020-6951 RESERVED CVE-2020-6950 RESERVED - mojarra (Vulnerable code introduced later) NOTE: https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 CVE-2020-6949 (A privilege escalation issue was discovered in the postUser function i ...) NOT-FOR-US: HashBrown CMS CVE-2020-6948 (A remote code execution issue was discovered in HashBrown CMS through ...) NOT-FOR-US: HashBrown CMS CVE-2020-6947 RESERVED CVE-2020-6946 RESERVED CVE-2020-6945 RESERVED CVE-2020-6944 RESERVED CVE-2020-6943 RESERVED CVE-2020-6942 RESERVED CVE-2020-6941 RESERVED CVE-2020-6940 RESERVED CVE-2020-6939 RESERVED CVE-2020-6938 RESERVED CVE-2020-6937 RESERVED CVE-2020-6936 RESERVED CVE-2020-6935 RESERVED CVE-2020-6934 RESERVED CVE-2020-6933 RESERVED CVE-2020-6932 RESERVED CVE-2020-6931 RESERVED CVE-2020-6930 RESERVED CVE-2020-6929 RESERVED CVE-2020-6928 RESERVED CVE-2020-6927 RESERVED CVE-2020-6926 RESERVED CVE-2020-6925 RESERVED CVE-2020-6924 RESERVED CVE-2020-6923 RESERVED CVE-2020-6922 RESERVED CVE-2020-6921 RESERVED CVE-2020-6920 RESERVED CVE-2020-6919 RESERVED CVE-2020-6918 RESERVED CVE-2020-6917 RESERVED CVE-2020-6916 RESERVED CVE-2020-6915 RESERVED CVE-2020-6914 RESERVED CVE-2020-6913 RESERVED CVE-2020-6912 RESERVED CVE-2020-6911 RESERVED CVE-2020-6910 RESERVED CVE-2020-6909 RESERVED CVE-2020-6908 RESERVED CVE-2020-6907 RESERVED CVE-2020-6906 RESERVED CVE-2020-6905 RESERVED CVE-2020-6904 RESERVED CVE-2020-6903 RESERVED CVE-2020-6902 RESERVED CVE-2020-6901 RESERVED CVE-2020-6900 RESERVED CVE-2020-6899 RESERVED CVE-2020-6898 RESERVED CVE-2020-6897 RESERVED CVE-2020-6896 RESERVED CVE-2020-6895 RESERVED CVE-2020-6894 RESERVED CVE-2020-6893 RESERVED CVE-2020-6892 RESERVED CVE-2020-6891 RESERVED CVE-2020-6890 RESERVED CVE-2020-6889 RESERVED CVE-2020-6888 RESERVED CVE-2020-6887 RESERVED CVE-2020-6886 RESERVED CVE-2020-6885 RESERVED CVE-2020-6884 RESERVED CVE-2020-6883 RESERVED CVE-2020-6882 RESERVED CVE-2020-6881 RESERVED CVE-2020-6880 RESERVED CVE-2020-6879 RESERVED CVE-2020-6878 RESERVED CVE-2020-6877 RESERVED CVE-2020-6876 RESERVED CVE-2020-6875 RESERVED CVE-2020-6874 RESERVED CVE-2020-6873 RESERVED CVE-2020-6872 RESERVED CVE-2020-6871 RESERVED CVE-2020-6870 RESERVED CVE-2020-6869 RESERVED CVE-2020-6868 RESERVED CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...) NOT-FOR-US: ZTE CVE-2020-6866 (A ZTE product is impacted by a resource management error vulnerability ...) NOT-FOR-US: ZTE CVE-2020-6865 (ZTE SDN controller platform is impacted by an information leakage vuln ...) NOT-FOR-US: ZTE CVE-2020-6864 (ZTE E8820V3 router product is impacted by an information leak vulnerab ...) NOT-FOR-US: ZTE CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and access cont ...) NOT-FOR-US: ZTE CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Informati ...) NOT-FOR-US: ZTE F6x2W CVE-2020-6861 (A flawed protocol design in the Ledger Monero app before 1.5.1 for Led ...) NOT-FOR-US: Ledger Monero app CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...) - libmysofa 1.0~dfsg0-1 (bug #949325) [buster] - libmysofa (Minor issue) NOTE: https://github.com/hoene/libmysofa/issues/96 NOTE: https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85 CVE-2020-6859 (Multiple Insecure Direct Object Reference vulnerabilities in includes/ ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2020-6858 (Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to ...) NOT-FOR-US: Hotels Styx CVE-2020-6857 (CarbonFTP v1.4 uses insecure proprietary password encryption with a ha ...) NOT-FOR-US: CarbonFTP CVE-2020-6856 (An XML External Entity (XEE) vulnerability exists in the JOC Cockpit c ...) NOT-FOR-US: JOC Cockpit component of SOS JobScheduler CVE-2020-6855 (A large or infinite loop vulnerability in the JOC Cockpit component of ...) NOT-FOR-US: JOC Cockpit component of SOS JobScheduler CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit componen ...) NOT-FOR-US: JOC Cockpit, different from src:cockpit CVE-2020-6853 RESERVED CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3. ...) NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...) {DLA-2081-1} - openjpeg2 (bug #950000) [buster] - openjpeg2 (Minor issue) [stretch] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1228 NOTE: https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04 CVE-2020-6850 (Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4 ...) NOT-FOR-US: miniorange-saml-20-single-sign-on plugin for WordPress CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allo ...) NOT-FOR-US: marketo-forms-and-tracking plugin for WordPress CVE-2020-6848 (Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Na ...) NOT-FOR-US: Axper Vision II 4 devices CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is exec ...) NOT-FOR-US: OpenTrade CVE-2020-6846 RESERVED CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no ReadOnly ...) NOT-FOR-US: TopManage CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vulnerab ...) NOT-FOR-US: TopManage CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2020-6842 (D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated ...) NOT-FOR-US: D-Link CVE-2020-6841 (D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to ...) NOT-FOR-US: D-Link CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mru ...) - mruby (Vulnerable code introduced later) NOTE: https://github.com/mruby/mruby/issues/4927 NOTE: Introduced by: https://github.com/mruby/mruby/commit/694089fafe4eae36c379a3d918d540eb0c4b8661 NOTE: Fixed by: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 CVE-2020-6839 (In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_ ...) - mruby (Vulnerable code not present) NOTE: https://github.com/mruby/mruby/issues/4929 NOTE: Introduced by: https://github.com/mruby/mruby/commit/2532e625edc2457447369e36e2ecf7882d872ef9 NOTE: Fixed by: https://github.com/mruby/mruby/commit/2124b9b4c95e66e63b1eb26a8dab49753b82fd6c CVE-2020-6838 (In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems ...) - mruby (Vulnerable code not present) NOTE: Introduced by: https://github.com/mruby/mruby/commit/694089fafe4eae36c379a3d918d540eb0c4b8661 NOTE: https://github.com/mruby/mruby/issues/4926 NOTE: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 NOTE: https://github.com/mruby/mruby/commit/70e574689664c10ed2c47581999cc2ce3e3c5afb NOTE: https://github.com/mruby/mruby/commit/2742ded32fe18f88833d76b297f5c2170b6880c3 CVE-2020-6837 RESERVED CVE-2020-6836 (grammar-parser.jison in the hot-formula-parser package before 3.0.1 fo ...) NOT-FOR-US: hot-formula-parser Node package CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a heap-based off ...) - bftpd (bug #640469) CVE-2020-6834 RESERVED CVE-2020-6833 (An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhors ...) - gitlab (Only affects Gitlab EE 11.3 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 throug ...) - gitlab (Only affects GitLab EE 8.9.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/ CVE-2020-6831 RESERVED {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - chromium - thunderbird 1:68.8.0-1 [stretch] - chromium (see DSA 4562) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-6831 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831 CVE-2020-6830 RESERVED CVE-2020-6829 RESERVED CVE-2020-6828 (A malicious Android application could craft an Intent that would have ...) - firefox-esr (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6828 CVE-2020-6827 (When following a link that opened an intent://-schemed URL, causing a ...) - firefox-esr (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6827 CVE-2020-6826 (Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis report ...) - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6826 CVE-2020-6825 (Mozilla developers and community members Tyson Smith and Christian Hol ...) {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6825 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6825 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6825 CVE-2020-6824 (Initially, a user opens a Private Browsing Window and generates a pass ...) - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6824 CVE-2020-6823 (A malicious extension could have called <code>browser.identity.l ...) - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6823 CVE-2020-6822 (On 32-bit builds, an out of bounds write could have occurred when proc ...) {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6822 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6822 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6822 CVE-2020-6821 (When reading from areas partially or fully outside the source resource ...) {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6821 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6821 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821 CVE-2020-6820 (Under certain conditions, when handling a ReadableStream, a race condi ...) {DSA-4656-1 DSA-4653-1 DLA-2172-1 DLA-2170-1} - firefox 74.0.1-1 - firefox-esr 68.6.1esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6820 CVE-2020-6819 (Under certain conditions, when running the nsDocShell destructor, a ra ...) {DSA-4656-1 DSA-4653-1 DLA-2172-1 DLA-2170-1} - firefox 74.0.1-1 - firefox-esr 68.6.1esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6819 CVE-2020-6818 RESERVED CVE-2020-6817 [Regular expression denial of service] RESERVED {DLA-2167-1} - python-bleach 3.1.4-1 (bug #955388) [buster] - python-bleach (Minor issue; some regression potential) [stretch] - python-bleach (Minor issue; some regression potential) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 NOTE: https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69 NOTE: https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7 NOTE: Regression report: https://github.com/mozilla/bleach/pull/530 CVE-2020-6815 (Mozilla developers reported memory safety and script safety bugs prese ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815 CVE-2020-6814 (Mozilla developers reported memory safety bugs present in Firefox and ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6814 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814 CVE-2020-6813 (When protecting CSS blocks with the nonce feature of Content Security ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813 CVE-2020-6812 (The first time AirPods are connected to an iPhone, they become named a ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812 CVE-2020-6811 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811 CVE-2020-6810 (After a website had entered fullscreen mode, it could have used a prev ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810 CVE-2020-6809 (When a Web Extension had the all-urls permission and made a fetch requ ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809 CVE-2020-6808 (When a JavaScript URL (javascript:) is evaluated and the result is a s ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808 CVE-2020-6807 (When a device was changed while a stream was about to be destroyed, th ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6807 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807 CVE-2020-6806 (By carefully crafting promise resolutions, it was possible to cause an ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6806 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806 CVE-2020-6805 (When removing data about an origin whose tab was recently closed, a us ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6805 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6805 CVE-2020-6804 (A reflected XSS vulnerability exists within the gateway, allowing an a ...) NOT-FOR-US: Mozilla IOT CVE-2020-6803 (An open redirect is present on the gateway's login page, which could c ...) NOT-FOR-US: Mozilla IOT CVE-2020-6801 (Mozilla developers reported memory safety bugs present in Firefox 72. ...) - firefox 73.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801 CVE-2020-6800 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6800 CVE-2020-6799 (Command line arguments could have been injected during Firefox invocat ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6799 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799 CVE-2020-6798 (If a template tag was used in a select tag, the parser could be confus ...) {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6798 CVE-2020-6797 (By downloading a file with the .fileloc extension, a semi-privileged e ...) - firefox (Only affects Mac OSX) - firefox-esr (Only affects Mac OSX) - thunderbird (Only affects Mac OSX) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797 CVE-2020-6796 (A content process could have modified shared memory relating to crash ...) {DSA-4620-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796 CVE-2020-6795 (When processing a message that contains multiple S/MIME signatures, a ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6795 CVE-2020-6794 (If a user saved passwords before Thunderbird 60 and then later set a m ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6794 CVE-2020-6793 (When processing an email message with an ill-formed envelope, Thunderb ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6793 CVE-2020-6792 (When deriving an identifier for an email message, uninitialized memory ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6792 CVE-2020-6791 RESERVED CVE-2020-6790 RESERVED CVE-2020-6789 RESERVED CVE-2020-6788 RESERVED CVE-2020-6787 RESERVED CVE-2020-6786 RESERVED CVE-2020-6785 RESERVED CVE-2020-6784 RESERVED CVE-2020-6783 RESERVED CVE-2020-6782 RESERVED CVE-2020-6781 RESERVED CVE-2020-6780 RESERVED CVE-2020-6779 RESERVED CVE-2020-6778 RESERVED CVE-2020-6777 RESERVED CVE-2020-6776 RESERVED CVE-2020-6775 RESERVED CVE-2020-6774 RESERVED CVE-2020-6773 RESERVED CVE-2020-6772 RESERVED CVE-2020-6771 RESERVED CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...) NOT-FOR-US: BVMS Mobile Video Service (BVMS MVS) CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...) NOT-FOR-US: Bosch CVE-2020-6768 (A path traversal vulnerability in the Bosch Video Management System (B ...) NOT-FOR-US: Bosch CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management System (B ...) NOT-FOR-US: Bosch CVE-2020-6766 RESERVED CVE-2020-6765 (D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS comm ...) NOT-FOR-US: D-Link CVE-2020-6764 REJECTED CVE-2020-6763 RESERVED CVE-2020-6762 RESERVED CVE-2020-6761 RESERVED CVE-2020-6760 (Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS com ...) NOT-FOR-US: Schmid ZI 620 V400 VPN 090 routers CVE-2020-6759 RESERVED CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6757 (contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150 ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (K ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6755 RESERVED CVE-2020-6754 (dotCMS before 5.2.4 is vulnerable to directory traversal, leading to i ...) NOT-FOR-US: dotCMS CVE-2020-6753 (The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-6752 RESERVED CVE-2020-6751 RESERVED CVE-2020-6750 (GSocketClient in GNOME GLib through 2.62.4 may occasionally connect di ...) - glib2.0 2.62.5-1 (bug #948554) [buster] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) [stretch] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) [jessie] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1989 CVE-2020-6749 RESERVED CVE-2020-6748 RESERVED CVE-2020-6747 RESERVED CVE-2020-6746 RESERVED CVE-2020-6745 RESERVED CVE-2020-6744 RESERVED CVE-2020-6743 RESERVED CVE-2020-6742 RESERVED CVE-2020-6741 RESERVED CVE-2020-6740 RESERVED CVE-2020-6739 RESERVED CVE-2020-6738 RESERVED CVE-2020-6737 RESERVED CVE-2020-6736 RESERVED CVE-2020-6735 RESERVED CVE-2020-6734 RESERVED CVE-2020-6733 RESERVED CVE-2020-6732 RESERVED CVE-2020-6731 RESERVED CVE-2020-6730 RESERVED CVE-2020-6729 RESERVED CVE-2020-6728 RESERVED CVE-2020-6727 RESERVED CVE-2020-6726 RESERVED CVE-2020-6725 RESERVED CVE-2020-6724 RESERVED CVE-2020-6723 RESERVED CVE-2020-6722 RESERVED CVE-2020-6721 RESERVED CVE-2020-6720 RESERVED CVE-2020-6719 RESERVED CVE-2020-6718 RESERVED CVE-2020-6717 RESERVED CVE-2020-6716 RESERVED CVE-2020-6715 RESERVED CVE-2020-6714 RESERVED CVE-2020-6713 RESERVED CVE-2020-6712 RESERVED CVE-2020-6711 RESERVED CVE-2020-6710 RESERVED CVE-2020-6709 RESERVED CVE-2020-6708 RESERVED CVE-2020-6707 RESERVED CVE-2020-6706 RESERVED CVE-2020-6705 RESERVED CVE-2020-6704 RESERVED CVE-2020-6703 RESERVED CVE-2020-6702 RESERVED CVE-2020-6701 RESERVED CVE-2020-6700 RESERVED CVE-2020-6699 RESERVED CVE-2020-6698 RESERVED CVE-2020-6697 RESERVED CVE-2020-6696 RESERVED CVE-2020-6695 RESERVED CVE-2020-6694 RESERVED CVE-2020-6693 RESERVED CVE-2020-6692 RESERVED CVE-2020-6691 RESERVED CVE-2020-6690 RESERVED CVE-2020-6689 RESERVED CVE-2020-6688 RESERVED CVE-2020-6687 RESERVED CVE-2020-6686 RESERVED CVE-2020-6685 RESERVED CVE-2020-6684 RESERVED CVE-2020-6683 RESERVED CVE-2020-6682 RESERVED CVE-2020-6681 RESERVED CVE-2020-6680 RESERVED CVE-2020-6679 RESERVED CVE-2020-6678 RESERVED CVE-2020-6677 RESERVED CVE-2020-6676 RESERVED CVE-2020-6675 RESERVED CVE-2020-6674 RESERVED CVE-2020-6673 RESERVED CVE-2020-6672 RESERVED CVE-2020-6671 RESERVED CVE-2020-6670 RESERVED CVE-2020-6669 RESERVED CVE-2020-6668 RESERVED CVE-2020-6667 RESERVED CVE-2020-6666 RESERVED CVE-2020-6665 RESERVED CVE-2020-6664 RESERVED CVE-2020-6663 RESERVED CVE-2020-6662 RESERVED CVE-2020-6661 RESERVED CVE-2020-6660 RESERVED CVE-2020-6659 RESERVED CVE-2020-6658 RESERVED CVE-2020-6657 RESERVED CVE-2020-6656 RESERVED CVE-2020-6655 RESERVED CVE-2020-6654 RESERVED CVE-2020-6653 RESERVED CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...) NOT-FOR-US: Eaton CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v ...) NOT-FOR-US: Eaton CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by ‘Eval In ...) NOT-FOR-US: UPS companion software CVE-2020-6649 RESERVED CVE-2020-6648 RESERVED CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of ...) NOT-FOR-US: Fortiguard CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...) NOT-FOR-US: Fortiguard CVE-2020-6645 RESERVED CVE-2020-6644 RESERVED CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...) NOT-FOR-US: Fortinet CVE-2020-6642 RESERVED CVE-2020-6641 RESERVED CVE-2020-6640 RESERVED CVE-2020-6639 RESERVED CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...) NOT-FOR-US: Grin CVE-2020-6637 RESERVED CVE-2020-6636 RESERVED CVE-2020-6635 RESERVED CVE-2020-6634 RESERVED CVE-2020-6633 RESERVED CVE-2020-6632 (In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a Q ...) NOT-FOR-US: PrestaShop CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) - gpac [jessie] - gpac (Minor issue, clean crash, MP42TS not shipped, incomplete patch) NOTE: https://github.com/gpac/gpac/issues/1378 NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) - gpac [jessie] - gpac (Minor issue, clean crash, MP42TS not shipped, incomplete patch) NOTE: https://github.com/gpac/gpac/issues/1377 NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS CVE-2020-6629 (Ming (aka libming) 0.4.8 has z NULL pointer dereference in the functio ...) - ming NOTE: https://github.com/libming/libming/issues/190 CVE-2020-6628 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the func ...) - ming NOTE: https://github.com/libming/libming/issues/191 CVE-2020-6627 RESERVED CVE-2020-6626 RESERVED CVE-2020-6625 (jhead through 3.04 has a heap-based buffer over-read in Get32s when ca ...) - jhead (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746 NOTE: Crash in CLI tool, no security impact CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_DQT in ...) - jhead (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744 NOTE: Crash in CLI tool, no security impact CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) - libstb (low; bug #949560) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/865 NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, godot, dart CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (low; bug #949559) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/869 CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...) - libstb (low; bug #949558) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/867 CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (low; bug #949557) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/868 CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...) - libstb (low; bug #949556) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/863 CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (low; bug #949555) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/866 CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) - libstb (low; bug #949554) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/867 CVE-2020-6616 (Some Broadcom chips mishandle Bluetooth random-number generation becau ...) TODO: check CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...) - libredwg (bug #595191) CVE-2020-6614 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read ...) - libredwg (bug #595191) CVE-2020-6613 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_searc ...) - libredwg (bug #595191) CVE-2020-6612 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_comp ...) - libredwg (bug #595191) CVE-2020-6611 (GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_own ...) - libredwg (bug #595191) CVE-2020-6610 (GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation i ...) - libredwg (bug #595191) CVE-2020-6609 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_page ...) - libredwg (bug #595191) CVE-2020-6608 RESERVED CVE-2020-6607 RESERVED CVE-2020-6606 RESERVED CVE-2020-6605 RESERVED CVE-2020-6604 RESERVED CVE-2020-6603 RESERVED CVE-2020-6602 RESERVED CVE-2020-6601 RESERVED CVE-2020-6600 RESERVED CVE-2020-6599 RESERVED CVE-2020-6598 RESERVED CVE-2020-6597 RESERVED CVE-2020-6596 RESERVED CVE-2020-6595 RESERVED CVE-2020-6594 RESERVED CVE-2020-6593 RESERVED CVE-2020-6592 RESERVED CVE-2020-6591 RESERVED CVE-2020-6590 RESERVED CVE-2020-6589 RESERVED CVE-2020-6588 RESERVED CVE-2020-6587 RESERVED CVE-2020-6586 (Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a ...) NOT-FOR-US: Nagios Log Server CVE-2020-6585 (Nagios Log Server 2.1.3 has CSRF. ...) NOT-FOR-US: Nagios Log Server CVE-2020-6584 (Nagios Log Server 2.1.3 has Incorrect Access Control. ...) NOT-FOR-US: Nagios Log Server CVE-2020-6583 (BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be ...) NOT-FOR-US: BigProf Online Invoicing System (OIS) CVE-2020-6582 (Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by ...) - nagios-nrpe 4.0.0-1 [buster] - nagios-nrpe (Minor issue) [stretch] - nagios-nrpe (Minor issue) [jessie] - nagios-nrpe (Minor issue) NOTE: https://herolab.usd.de/security-advisories/usd-2020-0001/ NOTE: https://github.com/NagiosEnterprises/nrpe/commit/b84f9b8c9d290dd02e139df8dad1c3eb690c1213 NOTE: https://github.com/NagiosEnterprises/nrpe/commit/8e3bea4e1b1937e395a182729762aa8894e8649e NOTE: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197 (part validating incoming buffer size) CVE-2020-6581 (Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nas ...) - nagios-nrpe 4.0.0-1 [buster] - nagios-nrpe (Minor issue) [stretch] - nagios-nrpe (Minor issue) [jessie] - nagios-nrpe (Vulnerable code introduced later) NOTE: https://herolab.usd.de/security-advisories/usd-2020-0002/ NOTE: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197 (part for proper processing of nasty_metachars) CVE-2020-6580 RESERVED CVE-2020-6579 (Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudlo ...) NOT-FOR-US: MailBeez plugin for ZenCart CVE-2020-6578 RESERVED CVE-2020-6577 RESERVED CVE-2020-6576 RESERVED CVE-2020-6575 RESERVED CVE-2020-6574 RESERVED CVE-2020-6573 RESERVED CVE-2020-6572 RESERVED CVE-2020-6571 RESERVED CVE-2020-6570 RESERVED CVE-2020-6569 RESERVED CVE-2020-6568 RESERVED CVE-2020-6567 RESERVED CVE-2020-6566 RESERVED CVE-2020-6565 RESERVED CVE-2020-6564 RESERVED CVE-2020-6563 RESERVED CVE-2020-6562 RESERVED CVE-2020-6561 RESERVED CVE-2020-6560 RESERVED CVE-2020-6559 RESERVED CVE-2020-6558 RESERVED CVE-2020-6557 RESERVED CVE-2020-6556 RESERVED CVE-2020-6555 RESERVED CVE-2020-6554 RESERVED CVE-2020-6553 RESERVED CVE-2020-6552 RESERVED CVE-2020-6551 RESERVED CVE-2020-6550 RESERVED CVE-2020-6549 RESERVED CVE-2020-6548 RESERVED CVE-2020-6547 RESERVED CVE-2020-6546 RESERVED CVE-2020-6545 RESERVED CVE-2020-6544 RESERVED CVE-2020-6543 RESERVED CVE-2020-6542 RESERVED CVE-2020-6541 RESERVED CVE-2020-6540 RESERVED CVE-2020-6539 RESERVED CVE-2020-6538 RESERVED CVE-2020-6537 RESERVED CVE-2020-6536 RESERVED CVE-2020-6535 RESERVED CVE-2020-6534 RESERVED CVE-2020-6533 RESERVED CVE-2020-6532 RESERVED CVE-2020-6531 RESERVED CVE-2020-6530 RESERVED CVE-2020-6529 RESERVED CVE-2020-6528 RESERVED CVE-2020-6527 RESERVED CVE-2020-6526 RESERVED CVE-2020-6525 RESERVED CVE-2020-6524 RESERVED CVE-2020-6523 RESERVED CVE-2020-6522 RESERVED CVE-2020-6521 RESERVED CVE-2020-6520 RESERVED CVE-2020-6519 RESERVED CVE-2020-6518 RESERVED CVE-2020-6517 RESERVED CVE-2020-6516 RESERVED CVE-2020-6515 RESERVED CVE-2020-6514 RESERVED CVE-2020-6513 RESERVED CVE-2020-6512 RESERVED CVE-2020-6511 RESERVED CVE-2020-6510 RESERVED CVE-2020-6509 RESERVED CVE-2020-6508 RESERVED CVE-2020-6507 RESERVED CVE-2020-6506 RESERVED CVE-2020-6505 RESERVED CVE-2020-6504 RESERVED CVE-2020-6503 RESERVED CVE-2020-6502 RESERVED CVE-2020-6501 RESERVED CVE-2020-6500 RESERVED CVE-2020-6499 RESERVED CVE-2020-6498 RESERVED CVE-2020-6497 RESERVED CVE-2020-6496 RESERVED CVE-2020-6495 RESERVED CVE-2020-6494 RESERVED CVE-2020-6493 RESERVED CVE-2020-6492 RESERVED CVE-2020-6491 (Insufficient data validation in site information in Google Chrome prio ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6490 (Insufficient data validation in loader in Google Chrome prior to 83.0. ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6489 (Inappropriate implementation in developer tools in Google Chrome prior ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6488 (Insufficient policy enforcement in downloads in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6487 (Insufficient policy enforcement in downloads in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6486 (Insufficient policy enforcement in navigations in Google Chrome prior ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6485 (Insufficient data validation in media router in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6484 (Insufficient data validation in ChromeDriver in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6483 (Insufficient policy enforcement in payments in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6482 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6481 (Insufficient policy enforcement in URL formatting in Google Chrome pri ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6480 (Insufficient policy enforcement in enterprise in Google Chrome prior t ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6479 (Inappropriate implementation in sharing in Google Chrome prior to 83.0 ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6478 (Inappropriate implementation in full screen in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6477 (Inappropriate implementation in installer in Google Chrome on OS X pri ...) - chromium (Only affects installer) CVE-2020-6476 (Insufficient policy enforcement in tab strip in Google Chrome prior to ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6475 (Incorrect implementation in full screen in Google Chrome prior to 83.0 ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6474 (Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6473 (Insufficient policy enforcement in Blink in Google Chrome prior to 83. ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6472 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6471 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6470 (Insufficient validation of untrusted input in clipboard in Google Chro ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6469 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6468 (Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6467 (Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowe ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6466 (Use after free in media in Google Chrome prior to 83.0.4103.61 allowed ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6465 (Use after free in reader mode in Google Chrome on Android prior to 83. ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6464 (Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowe ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6463 (Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowe ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6462 (Use after free in task scheduling in Google Chrome prior to 81.0.4044. ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6461 (Use after free in storage in Google Chrome prior to 81.0.4044.129 allo ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6460 (Insufficient data validation in URL formatting in Google Chrome prior ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6459 (Use after free in payments in Google Chrome prior to 81.0.4044.122 all ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6458 (Out of bounds read and write in PDFium in Google Chrome prior to 81.0. ...) - chromium [stretch] - chromium (see DSA 4562) CVE-2020-6457 (Use after free in speech recognizer in Google Chrome prior to 81.0.404 ...) - chromium (bug #958450) [stretch] - chromium (see DSA 4562) CVE-2020-6456 (Insufficient validation of untrusted input in clipboard in Google Chro ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6455 (Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 al ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6454 (Use after free in extensions in Google Chrome prior to 81.0.4044.92 al ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6453 RESERVED CVE-2020-6452 (Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 ...) {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6451 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 all ...) {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6450 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 all ...) {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6448 (Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6447 (Inappropriate implementation in developer tools in Google Chrome prior ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6446 (Insufficient policy enforcement in trusted types in Google Chrome prio ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6445 (Insufficient policy enforcement in trusted types in Google Chrome prio ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6444 (Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 all ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6443 (Insufficient data validation in developer tools in Google Chrome prior ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6442 (Inappropriate implementation in cache in Google Chrome prior to 81.0.4 ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6441 (Insufficient policy enforcement in omnibox in Google Chrome prior to 8 ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6440 (Inappropriate implementation in extensions in Google Chrome prior to 8 ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6439 (Insufficient policy enforcement in navigations in Google Chrome prior ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6438 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6437 (Inappropriate implementation in WebView in Google Chrome prior to 81.0 ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6436 (Use after free in window management in Google Chrome prior to 81.0.404 ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6435 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6434 (Use after free in devtools in Google Chrome prior to 81.0.4044.92 allo ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6433 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6432 (Insufficient policy enforcement in navigations in Google Chrome prior ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6431 (Insufficient policy enforcement in full screen in Google Chrome prior ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6430 (Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6429 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6428 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6427 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6426 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6425 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6424 (Use after free in media in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6423 (Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6422 (Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6421 RESERVED CVE-2020-6420 (Insufficient policy enforcement in media in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.132-1 [stretch] - chromium (see DSA 4562) CVE-2020-6419 RESERVED CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...) {DSA-4638-1} - chromium 80.0.3987.122-1 [stretch] - chromium (see DSA 4562) CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome prior to 80 ...) - chromium (debian package does not support the chromium installer) CVE-2020-6416 (Insufficient data validation in streams in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6415 (Inappropriate implementation in JavaScript in Google Chrome prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6414 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6413 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6412 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6411 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6410 (Insufficient policy enforcement in navigation in Google Chrome prior t ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6409 (Inappropriate implementation in Omnibox in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6408 (Insufficient policy enforcement in CORS in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6407 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...) {DSA-4638-1} - chromium 80.0.3987.122-1 [stretch] - chromium (see DSA 4562) CVE-2020-6406 (Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6405 (Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 al ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6404 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6403 (Incorrect implementation in Omnibox in Google Chrome on iOS prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6402 (Insufficient policy enforcement in downloads in Google Chrome on OS X ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6401 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6400 (Inappropriate implementation in CORS in Google Chrome prior to 80.0.39 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6399 (Insufficient policy enforcement in AppCache in Google Chrome prior to ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6398 (Use of uninitialized data in PDFium in Google Chrome prior to 80.0.398 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6397 (Inappropriate implementation in sharing in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6396 (Inappropriate implementation in Skia in Google Chrome prior to 80.0.39 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6395 (Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6394 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6393 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6392 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6391 (Insufficient validation of untrusted input in Blink in Google Chrome p ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6390 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6389 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6388 (Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6387 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6386 (Use after free in speech in Google Chrome prior to 80.0.3987.116 allow ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6385 (Insufficient policy enforcement in storage in Google Chrome prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6384 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 all ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6383 (Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6382 (Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 al ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6381 (Integer overflow in JavaScript in Google Chrome on ChromeOS and Androi ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6380 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6379 (Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6378 (Use after free in speech in Google Chrome prior to 79.0.3945.130 allow ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6377 (Use after free in audio in Google Chrome prior to 79.0.3945.117 allowe ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6376 RESERVED CVE-2020-6375 RESERVED CVE-2020-6374 RESERVED CVE-2020-6373 RESERVED CVE-2020-6372 RESERVED CVE-2020-6371 RESERVED CVE-2020-6370 RESERVED CVE-2020-6369 RESERVED CVE-2020-6368 RESERVED CVE-2020-6367 RESERVED CVE-2020-6366 RESERVED CVE-2020-6365 RESERVED CVE-2020-6364 RESERVED CVE-2020-6363 RESERVED CVE-2020-6362 RESERVED CVE-2020-6361 RESERVED CVE-2020-6360 RESERVED CVE-2020-6359 RESERVED CVE-2020-6358 RESERVED CVE-2020-6357 RESERVED CVE-2020-6356 RESERVED CVE-2020-6355 RESERVED CVE-2020-6354 RESERVED CVE-2020-6353 RESERVED CVE-2020-6352 RESERVED CVE-2020-6351 RESERVED CVE-2020-6350 RESERVED CVE-2020-6349 RESERVED CVE-2020-6348 RESERVED CVE-2020-6347 RESERVED CVE-2020-6346 RESERVED CVE-2020-6345 RESERVED CVE-2020-6344 RESERVED CVE-2020-6343 RESERVED CVE-2020-6342 RESERVED CVE-2020-6341 RESERVED CVE-2020-6340 RESERVED CVE-2020-6339 RESERVED CVE-2020-6338 RESERVED CVE-2020-6337 RESERVED CVE-2020-6336 RESERVED CVE-2020-6335 RESERVED CVE-2020-6334 RESERVED CVE-2020-6333 RESERVED CVE-2020-6332 RESERVED CVE-2020-6331 RESERVED CVE-2020-6330 RESERVED CVE-2020-6329 RESERVED CVE-2020-6328 RESERVED CVE-2020-6327 RESERVED CVE-2020-6326 RESERVED CVE-2020-6325 RESERVED CVE-2020-6324 RESERVED CVE-2020-6323 RESERVED CVE-2020-6322 RESERVED CVE-2020-6321 RESERVED CVE-2020-6320 RESERVED CVE-2020-6319 RESERVED CVE-2020-6318 RESERVED CVE-2020-6317 RESERVED CVE-2020-6316 RESERVED CVE-2020-6315 RESERVED CVE-2020-6314 RESERVED CVE-2020-6313 RESERVED CVE-2020-6312 RESERVED CVE-2020-6311 RESERVED CVE-2020-6310 RESERVED CVE-2020-6309 RESERVED CVE-2020-6308 RESERVED CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7. ...) NOT-FOR-US: SAP CVE-2020-6306 (Missing authorization check in a transaction within SAP Leasing (updat ...) NOT-FOR-US: SAP CVE-2020-6305 (PI Rest Adapter of SAP Process Integration (update provided in SAP_XIA ...) NOT-FOR-US: SAP CVE-2020-6304 (Improper input validation in SAP NetWeaver Internet Communication Mana ...) NOT-FOR-US: SAP CVE-2020-6303 (SAP Disclosure Management, before version 10.1, does not validate user ...) NOT-FOR-US: SAP CVE-2020-6302 RESERVED CVE-2020-6301 RESERVED CVE-2020-6300 RESERVED CVE-2020-6299 RESERVED CVE-2020-6298 RESERVED CVE-2020-6297 RESERVED CVE-2020-6296 RESERVED CVE-2020-6295 RESERVED CVE-2020-6294 RESERVED CVE-2020-6293 RESERVED CVE-2020-6292 RESERVED CVE-2020-6291 RESERVED CVE-2020-6290 RESERVED CVE-2020-6289 RESERVED CVE-2020-6288 RESERVED CVE-2020-6287 RESERVED CVE-2020-6286 RESERVED CVE-2020-6285 RESERVED CVE-2020-6284 RESERVED CVE-2020-6283 RESERVED CVE-2020-6282 RESERVED CVE-2020-6281 RESERVED CVE-2020-6280 RESERVED CVE-2020-6279 RESERVED CVE-2020-6278 RESERVED CVE-2020-6277 RESERVED CVE-2020-6276 RESERVED CVE-2020-6275 RESERVED CVE-2020-6274 RESERVED CVE-2020-6273 RESERVED CVE-2020-6272 RESERVED CVE-2020-6271 RESERVED CVE-2020-6270 RESERVED CVE-2020-6269 RESERVED CVE-2020-6268 RESERVED CVE-2020-6267 RESERVED CVE-2020-6266 RESERVED CVE-2020-6265 RESERVED CVE-2020-6264 RESERVED CVE-2020-6263 RESERVED CVE-2020-6262 (Service Data Download in SAP Application Server ABAP (ST-PI, before ve ...) NOT-FOR-US: SAP CVE-2020-6261 RESERVED CVE-2020-6260 RESERVED CVE-2020-6259 (Under certain conditions SAP Adaptive Server Enterprise, versions 15.7 ...) NOT-FOR-US: SAP CVE-2020-6258 (SAP Identity Management, version 8.0, does not perform necessary autho ...) NOT-FOR-US: SAP CVE-2020-6257 (SAP Business Objects Business Intelligence Platform (CMC and BI Launch ...) NOT-FOR-US: SAP CVE-2020-6256 (SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 8 ...) NOT-FOR-US: SAP CVE-2020-6255 RESERVED CVE-2020-6254 (SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficien ...) NOT-FOR-US: SAP CVE-2020-6253 (Under certain conditions, SAP Adaptive Server Enterprise (Web Services ...) NOT-FOR-US: SAP CVE-2020-6252 (Under certain conditions SAP Adaptive Server Enterprise (Cockpit), ver ...) NOT-FOR-US: SAP CVE-2020-6251 (Under certain conditions or error scenarios SAP Business Objects Busin ...) NOT-FOR-US: SAP CVE-2020-6250 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated ...) NOT-FOR-US: SAP CVE-2020-6249 (The use of an admin backend report within SAP Master Data Governance, ...) NOT-FOR-US: SAP CVE-2020-6248 (SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not ...) NOT-FOR-US: SAP CVE-2020-6247 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...) NOT-FOR-US: SAP CVE-2020-6246 RESERVED CVE-2020-6245 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...) NOT-FOR-US: SAP CVE-2020-6244 (SAP Business Client, version 7.0, allows an attacker after a successfu ...) NOT-FOR-US: SAP CVE-2020-6243 (Under certain conditions, SAP Adaptive Server Enterprise (XP Server on ...) NOT-FOR-US: SAP CVE-2020-6242 (SAP Business Objects Business Intelligence Platform (Live Data Connect ...) NOT-FOR-US: SAP CVE-2020-6241 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated ...) NOT-FOR-US: SAP CVE-2020-6240 (SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 75 ...) NOT-FOR-US: SAP CVE-2020-6239 RESERVED CVE-2020-6238 (SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process ...) NOT-FOR-US: SAP CVE-2020-6237 (Under certain conditions, SAP Business Objects Business Intelligence P ...) NOT-FOR-US: SAP CVE-2020-6236 (SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, ve ...) NOT-FOR-US: SAP CVE-2020-6235 (SAP Solution Manager (Diagnostics Agent), version 7.2, does not perfor ...) NOT-FOR-US: SAP CVE-2020-6234 (SAP Host Agent, version 7.21, allows an attacker with admin privileges ...) NOT-FOR-US: SAP CVE-2020-6233 (SAP S/4 HANA (Financial Products Subledger and Banking Services), vers ...) NOT-FOR-US: SAP CVE-2020-6232 (SAP Commerce, versions 1811, 1905, does not perform necessary authoriz ...) NOT-FOR-US: SAP CVE-2020-6231 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6230 (SAP OrientDB, version 3.0, allows an authenticated attacker with scrip ...) NOT-FOR-US: SAP CVE-2020-6229 (SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME ...) NOT-FOR-US: SAP CVE-2020-6228 (SAP Business Client, versions 6.5, 7.0, does not perform necessary int ...) NOT-FOR-US: SAP CVE-2020-6227 (SAP Business Objects Business Intelligence Platform (CMS / Auditing is ...) NOT-FOR-US: SAP CVE-2020-6226 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6225 (SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7 ...) NOT-FOR-US: SAP CVE-2020-6224 (SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, ...) NOT-FOR-US: SAP CVE-2020-6223 (The open document of SAP Business Objects Business Intelligence Platfo ...) NOT-FOR-US: SAP CVE-2020-6222 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6221 (Web Intelligence HTML interface in SAP Business Objects Business Intel ...) NOT-FOR-US: SAP CVE-2020-6220 RESERVED CVE-2020-6219 (SAP Business Objects Business Intelligence Platform (CrystalReports We ...) NOT-FOR-US: SAP CVE-2020-6218 (Admin tools and Query Builder in SAP Business Objects Business Intelli ...) NOT-FOR-US: SAP CVE-2020-6217 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...) NOT-FOR-US: SAP CVE-2020-6216 (SAP Business Objects Business Intelligence Platform (BI Launchpad), ve ...) NOT-FOR-US: SAP CVE-2020-6215 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...) NOT-FOR-US: SAP CVE-2020-6214 (SAP S/4HANA (Financial Products Subledger), version 100, uses an incor ...) NOT-FOR-US: SAP CVE-2020-6213 (SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_P ...) NOT-FOR-US: SAP CVE-2020-6212 (Egypt localized withholding tax reports Clearing of Liabilities and Re ...) NOT-FOR-US: SAP CVE-2020-6211 (SAP Business Objects Business Intelligence Platform (AdminTools), vers ...) NOT-FOR-US: SAP CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode ...) NOT-FOR-US: SAP CVE-2020-6209 (SAP Disclosure Management, version 10.1, does not perform necessary au ...) NOT-FOR-US: SAP CVE-2020-6208 (SAP Business Objects Business Intelligence Platform (Crystal Reports), ...) NOT-FOR-US: SAP CVE-2020-6207 (SAP Solution Manager (User Experience Monitoring), version- 7.2, due t ...) NOT-FOR-US: SAP CVE-2020-6206 (SAP Cloud Platform Integration for Data Services, version 1.0, allows ...) NOT-FOR-US: SAP CVE-2020-6205 (SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS v ...) NOT-FOR-US: SAP CVE-2020-6204 (The selection query in SAP Treasury and Risk Management (Transaction M ...) NOT-FOR-US: SAP CVE-2020-6203 (SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7 ...) NOT-FOR-US: SAP CVE-2020-6202 (SAP NetWeaver Application Server Java (User Management Engine), versio ...) NOT-FOR-US: SAP CVE-2020-6201 (The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, ...) NOT-FOR-US: SAP CVE-2020-6200 (The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811 ...) NOT-FOR-US: SAP CVE-2020-6199 (The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EA ...) NOT-FOR-US: SAP CVE-2020-6198 (SAP Solution Manager (Diagnostics Agent), version 720, allows unencryp ...) NOT-FOR-US: SAP CVE-2020-6197 (SAP Enable Now, before version 1908, does not invalidate session token ...) NOT-FOR-US: SAP CVE-2020-6196 (SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an a ...) NOT-FOR-US: SAP CVE-2020-6195 (SAP Business Objects Business Intelligence Platform (CMC), version 4.1 ...) NOT-FOR-US: SAP CVE-2020-6194 RESERVED CVE-2020-6193 (SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, ...) NOT-FOR-US: SAP CVE-2020-6192 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...) NOT-FOR-US: SAP CVE-2020-6191 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...) NOT-FOR-US: SAP CVE-2020-6190 (Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Appli ...) NOT-FOR-US: SAP CVE-2020-6189 (Certain settings page(s) in SAP Business Objects Business Intelligence ...) NOT-FOR-US: SAP CVE-2020-6188 (VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, ...) NOT-FOR-US: SAP CVE-2020-6187 (SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7. ...) NOT-FOR-US: SAP CVE-2020-6186 (SAP Host Agent, version 7.21, allows an attacker to cause a slowdown i ...) NOT-FOR-US: SAP CVE-2020-6185 (Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_B ...) NOT-FOR-US: SAP CVE-2020-6184 (Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_ ...) NOT-FOR-US: SAP CVE-2020-6183 (SAP Host Agent, version 7.21, allows an unprivileged user to read the ...) NOT-FOR-US: SAP CVE-2020-6182 RESERVED CVE-2020-6181 (Under some circumstances the SAML SSO implementation in the SAP NetWea ...) NOT-FOR-US: SAP CVE-2020-6180 RESERVED CVE-2020-6179 RESERVED CVE-2020-6178 (SAP Enable Now, before version 1911, sends the Session ID cookie value ...) NOT-FOR-US: SAP CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate an XM ...) NOT-FOR-US: SAP CVE-2020-6176 RESERVED CVE-2020-6175 (Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missin ...) NOT-FOR-US: Citrix CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper Verificatio ...) - python-tuf (bug #934151) CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolle ...) - python-tuf (bug #934151) CVE-2020-6172 RESERVED CVE-2020-6171 (A cross-site scripting (XSS) vulnerability in the index page of the CL ...) NOT-FOR-US: Clink Office CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P ...) NOT-FOR-US: Genexis CVE-2020-6169 RESERVED CVE-2020-6168 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6165 RESERVED CVE-2020-6164 RESERVED CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because ...) NOT-FOR-US: WikibaseMediaInfo MediaWiki extension CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain circumstances, an ...) - bftpd (bug #640469) CVE-2020-6161 RESERVED CVE-2020-6160 RESERVED CVE-2020-6159 RESERVED CVE-2020-6158 RESERVED CVE-2020-6157 RESERVED CVE-2020-6156 RESERVED CVE-2020-6155 RESERVED CVE-2020-6154 RESERVED CVE-2020-6153 RESERVED CVE-2020-6152 RESERVED CVE-2020-6151 RESERVED CVE-2020-6150 RESERVED CVE-2020-6149 RESERVED CVE-2020-6148 RESERVED CVE-2020-6147 RESERVED CVE-2020-6146 RESERVED CVE-2020-6145 RESERVED CVE-2020-6144 RESERVED CVE-2020-6143 RESERVED CVE-2020-6142 RESERVED CVE-2020-6141 RESERVED CVE-2020-6140 RESERVED CVE-2020-6139 RESERVED CVE-2020-6138 RESERVED CVE-2020-6137 RESERVED CVE-2020-6136 RESERVED CVE-2020-6135 RESERVED CVE-2020-6134 RESERVED CVE-2020-6133 RESERVED CVE-2020-6132 RESERVED CVE-2020-6131 RESERVED CVE-2020-6130 RESERVED CVE-2020-6129 RESERVED CVE-2020-6128 RESERVED CVE-2020-6127 RESERVED CVE-2020-6126 RESERVED CVE-2020-6125 RESERVED CVE-2020-6124 RESERVED CVE-2020-6123 RESERVED CVE-2020-6122 RESERVED CVE-2020-6121 RESERVED CVE-2020-6120 RESERVED CVE-2020-6119 RESERVED CVE-2020-6118 RESERVED CVE-2020-6117 RESERVED CVE-2020-6116 RESERVED CVE-2020-6115 RESERVED CVE-2020-6114 RESERVED CVE-2020-6113 RESERVED CVE-2020-6112 RESERVED CVE-2020-6111 RESERVED CVE-2020-6110 RESERVED CVE-2020-6109 RESERVED CVE-2020-6108 RESERVED CVE-2020-6107 RESERVED CVE-2020-6106 RESERVED CVE-2020-6105 RESERVED CVE-2020-6104 RESERVED CVE-2020-6103 RESERVED CVE-2020-6102 RESERVED CVE-2020-6101 RESERVED CVE-2020-6100 RESERVED CVE-2020-6099 RESERVED CVE-2020-6098 RESERVED CVE-2020-6097 RESERVED CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...) - glibc (low) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25620 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019 CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstRTSPAu ...) - gst-rtsp-server1.0 1.16.2-3 (low) [buster] - gst-rtsp-server1.0 (Minor issue) [stretch] - gst-rtsp-server1.0 (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a CVE-2020-6094 (An exploitable code execution vulnerability exists in the TIFF fillinr ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6093 (An exploitable information disclosure vulnerability exists in the way ...) NOT-FOR-US: Nitro Pro CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nitro Pr ...) NOT-FOR-US: Nitro Pro CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the ESPON ...) TODO: check CVE-2020-6090 RESERVED CVE-2020-6089 RESERVED CVE-2020-6088 RESERVED CVE-2020-6087 RESERVED CVE-2020-6086 RESERVED CVE-2020-6085 RESERVED CVE-2020-6084 RESERVED CVE-2020-6083 RESERVED CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...) NOT-FOR-US: Accusoft CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...) NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Runtime CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource ...) {DSA-4671-1} - libmicrodns [stretch] - libmicrodns (Will be removed in next point release) - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the resource ...) {DSA-4671-1} - libmicrodns [stretch] - libmicrodns (Will be removed in next point release) - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the message-p ...) {DSA-4671-1} - libmicrodns [stretch] - libmicrodns (Will be removed in next point release) - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the message-p ...) {DSA-4671-1} - libmicrodns [stretch] - libmicrodns (Will be removed in next point release) - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft CVE-2020-6075 (An exploitable out-of-bounds write vulnerability exists in the store_d ...) NOT-FOR-US: Accusoft CVE-2020-6074 (An exploitable code execution vulnerability exists in the PDF parser o ...) NOT-FOR-US: Nitro Pro CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...) {DSA-4671-1} - libmicrodns [stretch] - libmicrodns (Will be removed in next point release) - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-parsin ...) {DSA-4671-1} - libmicrodns [stretch] - libmicrodns (Will be removed in next point release) - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the resource ...) {DSA-4671-1} - libmicrodns [stretch] - libmicrodns (Will be removed in next point release) - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6070 RESERVED CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6068 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6067 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6066 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6065 (An exploitable out-of-bounds write vulnerability exists in the bmp_par ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6064 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way CoTUR ...) - coturn 4.5.1.1-1.2 (bug #951876) [buster] - coturn (Minor issue) [stretch] - coturn (Minor issue) [jessie] - coturn (Vulnerable code introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985 NOTE: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8 CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...) - coturn 4.5.1.1-1.2 (bug #951876) [buster] - coturn (Minor issue) [stretch] - coturn (Minor issue) [jessie] - coturn (Vulnerable code introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984 NOTE: https://github.com/coturn/coturn/commit/51a7c2b9bf924890c7a3ff4db9c4976c5a93340a CVE-2020-6060 (A stack buffer overflow vulnerability exists in the way MiniSNMPD vers ...) NOT-FOR-US: MiniSNMPD CVE-2020-6059 (An exploitable out of bounds read vulnerability exists in the way Mini ...) NOT-FOR-US: MiniSNMPD CVE-2020-6058 (An exploitable out-of-bounds read vulnerability exists in the way Mini ...) NOT-FOR-US: MiniSNMPD CVE-2020-6057 RESERVED CVE-2020-6056 RESERVED CVE-2020-6055 RESERVED CVE-2020-6054 RESERVED CVE-2020-6053 RESERVED CVE-2020-6052 RESERVED CVE-2020-6051 RESERVED CVE-2020-6050 RESERVED CVE-2020-6049 RESERVED CVE-2020-6048 RESERVED CVE-2020-6047 RESERVED CVE-2020-6046 RESERVED CVE-2020-6045 RESERVED CVE-2020-6044 RESERVED CVE-2020-6043 RESERVED CVE-2020-6042 RESERVED CVE-2020-6041 RESERVED CVE-2020-6040 RESERVED CVE-2020-6039 RESERVED CVE-2020-6038 RESERVED CVE-2020-6037 RESERVED CVE-2020-6036 RESERVED CVE-2020-6035 RESERVED CVE-2020-6034 RESERVED CVE-2020-6033 RESERVED CVE-2020-6032 RESERVED CVE-2020-6031 RESERVED CVE-2020-6030 RESERVED CVE-2020-6029 RESERVED CVE-2020-6028 RESERVED CVE-2020-6027 RESERVED CVE-2020-6026 RESERVED CVE-2020-6025 RESERVED CVE-2020-6024 RESERVED CVE-2020-6023 RESERVED CVE-2020-6022 RESERVED CVE-2020-6021 RESERVED CVE-2020-6020 RESERVED CVE-2020-6019 RESERVED CVE-2020-6018 RESERVED CVE-2020-6017 RESERVED CVE-2020-6016 RESERVED CVE-2020-6015 RESERVED CVE-2020-6014 RESERVED CVE-2020-6013 RESERVED CVE-2020-6012 RESERVED CVE-2020-6011 RESERVED CVE-2020-6010 (LearnPress Wordpress plugin version prior and including 3.2.6.7 is vul ...) NOT-FOR-US: LearnPress Wordpress plugin CVE-2020-6009 (LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauth ...) NOT-FOR-US: LearnDash Wordpress plugin CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbi ...) NOT-FOR-US: LifterLMS Wordpress plugin CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...) NOT-FOR-US: Philips Hue Bridge model CVE-2020-6006 RESERVED CVE-2020-6005 RESERVED CVE-2020-6004 RESERVED CVE-2020-6003 RESERVED CVE-2020-6002 RESERVED CVE-2020-6001 RESERVED CVE-2020-6000 RESERVED CVE-2020-5999 RESERVED CVE-2020-5998 RESERVED CVE-2020-5997 RESERVED CVE-2020-5996 RESERVED CVE-2020-5995 RESERVED CVE-2020-5994 RESERVED CVE-2020-5993 RESERVED CVE-2020-5992 RESERVED CVE-2020-5991 RESERVED CVE-2020-5990 RESERVED CVE-2020-5989 RESERVED CVE-2020-5988 RESERVED CVE-2020-5987 RESERVED CVE-2020-5986 RESERVED CVE-2020-5985 RESERVED CVE-2020-5984 RESERVED CVE-2020-5983 RESERVED CVE-2020-5982 RESERVED CVE-2020-5981 RESERVED CVE-2020-5980 RESERVED CVE-2020-5979 RESERVED CVE-2020-5978 RESERVED CVE-2020-5977 RESERVED CVE-2020-5976 RESERVED CVE-2020-5975 RESERVED CVE-2020-5974 RESERVED CVE-2020-5973 RESERVED CVE-2020-5972 RESERVED CVE-2020-5971 RESERVED CVE-2020-5970 RESERVED CVE-2020-5969 RESERVED CVE-2020-5968 RESERVED CVE-2020-5967 RESERVED CVE-2020-5966 RESERVED CVE-2020-5965 RESERVED CVE-2020-5964 RESERVED CVE-2020-5963 RESERVED CVE-2020-5962 RESERVED CVE-2020-5961 (NVIDIA vGPU graphics driver for guest OS contains a vulnerability in w ...) NOT-FOR-US: NVIDIA vGPU graphics driver for guest OS CVE-2020-5960 (NVIDIA Virtual GPU Manager contains a vulnerability in the kernel modu ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5959 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5958 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5957 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: Nvidia driver for Windows CVE-2020-5956 RESERVED CVE-2020-5955 RESERVED CVE-2020-5954 RESERVED CVE-2020-5953 RESERVED CVE-2020-5952 RESERVED CVE-2020-5951 RESERVED CVE-2020-5950 RESERVED CVE-2020-5949 RESERVED CVE-2020-5948 RESERVED CVE-2020-5947 RESERVED CVE-2020-5946 RESERVED CVE-2020-5945 RESERVED CVE-2020-5944 RESERVED CVE-2020-5943 RESERVED CVE-2020-5942 RESERVED CVE-2020-5941 RESERVED CVE-2020-5940 RESERVED CVE-2020-5939 RESERVED CVE-2020-5938 RESERVED CVE-2020-5937 RESERVED CVE-2020-5936 RESERVED CVE-2020-5935 RESERVED CVE-2020-5934 RESERVED CVE-2020-5933 RESERVED CVE-2020-5932 RESERVED CVE-2020-5931 RESERVED CVE-2020-5930 RESERVED CVE-2020-5929 RESERVED CVE-2020-5928 RESERVED CVE-2020-5927 RESERVED CVE-2020-5926 RESERVED CVE-2020-5925 RESERVED CVE-2020-5924 RESERVED CVE-2020-5923 RESERVED CVE-2020-5922 RESERVED CVE-2020-5921 RESERVED CVE-2020-5920 RESERVED CVE-2020-5919 RESERVED CVE-2020-5918 RESERVED CVE-2020-5917 RESERVED CVE-2020-5916 RESERVED CVE-2020-5915 RESERVED CVE-2020-5914 RESERVED CVE-2020-5913 RESERVED CVE-2020-5912 RESERVED CVE-2020-5911 RESERVED CVE-2020-5910 RESERVED CVE-2020-5909 RESERVED CVE-2020-5908 RESERVED CVE-2020-5907 RESERVED CVE-2020-5906 RESERVED CVE-2020-5905 RESERVED CVE-2020-5904 RESERVED CVE-2020-5903 RESERVED CVE-2020-5902 RESERVED CVE-2020-5901 RESERVED CVE-2020-5900 RESERVED CVE-2020-5899 RESERVED CVE-2020-5898 (In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver d ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5897 (In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5896 (On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Se ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and ...) NOT-FOR-US: NGINX Controller CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does not inval ...) NOT-FOR-US: NGINX Controller CVE-2020-5893 (In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Ed ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5892 (In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP A ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5891 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undis ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5890 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5889 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5888 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5887 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5886 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5885 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5884 (On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5883 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5882 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5881 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, whe ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5880 (Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process m ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5879 (On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-I ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5878 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Tra ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5877 (On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5876 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5875 (On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5874 (On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5873 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5872 (On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5871 (On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial o ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5870 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanis ...) NOT-FOR-US: F5 CVE-2020-5869 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not s ...) NOT-FOR-US: F5 CVE-2020-5868 (In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discover ...) NOT-FOR-US: F5 CVE-2020-5867 (In versions prior to 3.3.0, the NGINX Controller Agent installer scrip ...) NOT-FOR-US: NGINX Controller CVE-2020-5866 (In versions of NGINX Controller prior to 3.3.0, the helper.sh script, ...) NOT-FOR-US: NGINX Controller CVE-2020-5865 (In versions prior to 3.3.0, the NGINX Controller is configured to comm ...) NOT-FOR-US: NGINX Controller CVE-2020-5864 (In versions of NGINX Controller prior to 3.2.0, communication between ...) NOT-FOR-US: NGINX Controller CVE-2020-5863 (In NGINX Controller versions prior to 3.2.0, an unauthenticated attack ...) NOT-FOR-US: NGINX Controller CVE-2020-5862 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5861 (On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in so ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5860 (On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5859 (On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5858 (On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5857 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5856 (On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specif ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5855 (When the Windows Logon Integration feature is configured for all versi ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5854 (On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5853 (In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5852 (Undisclosed traffic patterns received may cause a disruption of servic ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5851 (On impacted versions and platforms the Trusted Platform Module (TPM) s ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5850 RESERVED CVE-2020-5849 (Unraid 6.8.0 allows authentication bypass. ...) NOT-FOR-US: Unraid CVE-2020-5848 RESERVED CVE-2020-5847 (Unraid through 6.8.0 allows Remote Code Execution. ...) NOT-FOR-US: Unraid CVE-2020-5846 (An insecure file upload and code execution issue was discovered in Ahs ...) NOT-FOR-US: Ahsay Cloud Backup Suite CVE-2020-5845 RESERVED CVE-2020-5844 (index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pan ...) NOT-FOR-US: Pandora FMS CVE-2020-5843 (Codoforum 4.8.3 allows XSS in the admin dashboard via a category to th ...) NOT-FOR-US: Codoforum CVE-2020-5842 (Codoforum 4.8.3 allows XSS in the user registration page: via the user ...) NOT-FOR-US: Codoforum CVE-2020-5841 (An issue was discovered in OpServices OpMon 9.3.1-1. Using password ch ...) NOT-FOR-US: OpServices OpMon CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/R ...) NOT-FOR-US: HashBrown CMS CVE-2020-5839 RESERVED CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-s ...) NOT-FOR-US: Symantec CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...) NOT-FOR-US: Symantec CVE-2020-5836 (Symantec Endpoint Protection, prior to 14.3, can potentially reset the ...) NOT-FOR-US: Symantec CVE-2020-5835 (Symantec Endpoint Protection Manager, prior to 14.3, has a race condit ...) NOT-FOR-US: Symantec CVE-2020-5834 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...) NOT-FOR-US: Symantec CVE-2020-5833 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...) NOT-FOR-US: Symantec CVE-2020-5832 (Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6 ...) NOT-FOR-US: Symantec CVE-2020-5831 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5830 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5829 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5828 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5827 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5826 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5825 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5824 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5823 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5822 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5821 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5820 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5819 RESERVED CVE-2020-5818 RESERVED CVE-2020-5817 RESERVED CVE-2020-5816 RESERVED CVE-2020-5815 RESERVED CVE-2020-5814 RESERVED CVE-2020-5813 RESERVED CVE-2020-5812 RESERVED CVE-2020-5811 RESERVED CVE-2020-5810 RESERVED CVE-2020-5809 RESERVED CVE-2020-5808 RESERVED CVE-2020-5807 RESERVED CVE-2020-5806 RESERVED CVE-2020-5805 RESERVED CVE-2020-5804 RESERVED CVE-2020-5803 RESERVED CVE-2020-5802 RESERVED CVE-2020-5801 RESERVED CVE-2020-5800 RESERVED CVE-2020-5799 RESERVED CVE-2020-5798 RESERVED CVE-2020-5797 RESERVED CVE-2020-5796 RESERVED CVE-2020-5795 RESERVED CVE-2020-5794 RESERVED CVE-2020-5793 RESERVED CVE-2020-5792 RESERVED CVE-2020-5791 RESERVED CVE-2020-5790 RESERVED CVE-2020-5789 RESERVED CVE-2020-5788 RESERVED CVE-2020-5787 RESERVED CVE-2020-5786 RESERVED CVE-2020-5785 RESERVED CVE-2020-5784 RESERVED CVE-2020-5783 RESERVED CVE-2020-5782 RESERVED CVE-2020-5781 RESERVED CVE-2020-5780 RESERVED CVE-2020-5779 RESERVED CVE-2020-5778 RESERVED CVE-2020-5777 RESERVED CVE-2020-5776 RESERVED CVE-2020-5775 RESERVED CVE-2020-5774 RESERVED CVE-2020-5773 RESERVED CVE-2020-5772 RESERVED CVE-2020-5771 RESERVED CVE-2020-5770 RESERVED CVE-2020-5769 RESERVED CVE-2020-5768 RESERVED CVE-2020-5767 RESERVED CVE-2020-5766 RESERVED CVE-2020-5765 RESERVED CVE-2020-5764 RESERVED CVE-2020-5763 RESERVED CVE-2020-5762 RESERVED CVE-2020-5761 RESERVED CVE-2020-5760 RESERVED CVE-2020-5759 RESERVED CVE-2020-5758 RESERVED CVE-2020-5757 RESERVED CVE-2020-5756 RESERVED CVE-2020-5755 RESERVED CVE-2020-5754 RESERVED CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...) TODO: check CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a ...) TODO: check CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...) NOT-FOR-US: TCExam CVE-2020-5749 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5748 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...) NOT-FOR-US: TCExam CVE-2020-5747 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5746 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5745 (Cross-site request forgery in TCExam 14.2.2 allows a remote attacker t ...) NOT-FOR-US: TCExam CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticate ...) NOT-FOR-US: TCExam CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2 allows a rem ...) NOT-FOR-US: TCExam CVE-2020-5742 RESERVED CVE-2020-5741 (Deserialization of Untrusted Data in Plex Media Server on Windows allo ...) NOT-FOR-US: Plex Media Server on Windows CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows allows a loc ...) NOT-FOR-US: Plex Media Server CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...) NOT-FOR-US: Grandstream CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...) NOT-FOR-US: Grandstream CVE-2020-5737 (Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated re ...) NOT-FOR-US: Tenable.Sc CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...) NOT-FOR-US: Amcrest CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer overflo ...) NOT-FOR-US: Amcrest CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, unauth ...) NOT-FOR-US: SolarWinds CVE-2020-5733 (In OpenMRS 2.9 and prior, the export functionality of the Data Exchang ...) NOT-FOR-US: OpenMRS CVE-2020-5732 (In OpenMRS 2.9 and prior, he import functionality of the Data Exchange ...) NOT-FOR-US: OpenMRS CVE-2020-5731 (In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page ...) NOT-FOR-US: OpenMRS CVE-2020-5730 (In OpenMRS 2.9 and prior, the sessionLocation parameter for the login ...) NOT-FOR-US: OpenMRS CVE-2020-5729 (In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitra ...) NOT-FOR-US: OpenMRS CVE-2020-5728 (OpenMRS 2.9 and prior copies "Referrer" header values into an html ele ...) NOT-FOR-US: OpenMRS CVE-2020-5727 (Authentication bypass using an alternate path or channel in SimpliSafe ...) NOT-FOR-US: SimpliSafe CVE-2020-5726 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5725 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5724 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5723 (The UCM6200 series 1.0.20.22 and below stores unencrypted user passwor ...) NOT-FOR-US: UCM6200 CVE-2020-5722 (The HTTP interface of the Grandstream UCM6200 series is vulnerable to ...) NOT-FOR-US: Grandstream CVE-2020-5721 (MikroTik WinBox 3.22 and below stores the user's cleartext password in ...) NOT-FOR-US: MikroTik CVE-2020-5720 (MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerab ...) NOT-FOR-US: MikroTik WinBox CVE-2020-5719 RESERVED CVE-2020-5718 RESERVED CVE-2020-5717 RESERVED CVE-2020-5716 RESERVED CVE-2020-5715 RESERVED CVE-2020-5714 RESERVED CVE-2020-5713 RESERVED CVE-2020-5712 RESERVED CVE-2020-5711 RESERVED CVE-2020-5710 RESERVED CVE-2020-5709 RESERVED CVE-2020-5708 RESERVED CVE-2020-5707 RESERVED CVE-2020-5706 RESERVED CVE-2020-5705 RESERVED CVE-2020-5704 RESERVED CVE-2020-5703 RESERVED CVE-2020-5702 RESERVED CVE-2020-5701 RESERVED CVE-2020-5700 RESERVED CVE-2020-5699 RESERVED CVE-2020-5698 RESERVED CVE-2020-5697 RESERVED CVE-2020-5696 RESERVED CVE-2020-5695 RESERVED CVE-2020-5694 RESERVED CVE-2020-5693 RESERVED CVE-2020-5692 RESERVED CVE-2020-5691 RESERVED CVE-2020-5690 RESERVED CVE-2020-5689 RESERVED CVE-2020-5688 RESERVED CVE-2020-5687 RESERVED CVE-2020-5686 RESERVED CVE-2020-5685 RESERVED CVE-2020-5684 RESERVED CVE-2020-5683 RESERVED CVE-2020-5682 RESERVED CVE-2020-5681 RESERVED CVE-2020-5680 RESERVED CVE-2020-5679 RESERVED CVE-2020-5678 RESERVED CVE-2020-5677 RESERVED CVE-2020-5676 RESERVED CVE-2020-5675 RESERVED CVE-2020-5674 RESERVED CVE-2020-5673 RESERVED CVE-2020-5672 RESERVED CVE-2020-5671 RESERVED CVE-2020-5670 RESERVED CVE-2020-5669 RESERVED CVE-2020-5668 RESERVED CVE-2020-5667 RESERVED CVE-2020-5666 RESERVED CVE-2020-5665 RESERVED CVE-2020-5664 RESERVED CVE-2020-5663 RESERVED CVE-2020-5662 RESERVED CVE-2020-5661 RESERVED CVE-2020-5660 RESERVED CVE-2020-5659 RESERVED CVE-2020-5658 RESERVED CVE-2020-5657 RESERVED CVE-2020-5656 RESERVED CVE-2020-5655 RESERVED CVE-2020-5654 RESERVED CVE-2020-5653 RESERVED CVE-2020-5652 RESERVED CVE-2020-5651 RESERVED CVE-2020-5650 RESERVED CVE-2020-5649 RESERVED CVE-2020-5648 RESERVED CVE-2020-5647 RESERVED CVE-2020-5646 RESERVED CVE-2020-5645 RESERVED CVE-2020-5644 RESERVED CVE-2020-5643 RESERVED CVE-2020-5642 RESERVED CVE-2020-5641 RESERVED CVE-2020-5640 RESERVED CVE-2020-5639 RESERVED CVE-2020-5638 RESERVED CVE-2020-5637 RESERVED CVE-2020-5636 RESERVED CVE-2020-5635 RESERVED CVE-2020-5634 RESERVED CVE-2020-5633 RESERVED CVE-2020-5632 RESERVED CVE-2020-5631 RESERVED CVE-2020-5630 RESERVED CVE-2020-5629 RESERVED CVE-2020-5628 RESERVED CVE-2020-5627 RESERVED CVE-2020-5626 RESERVED CVE-2020-5625 RESERVED CVE-2020-5624 RESERVED CVE-2020-5623 RESERVED CVE-2020-5622 RESERVED CVE-2020-5621 RESERVED CVE-2020-5620 RESERVED CVE-2020-5619 RESERVED CVE-2020-5618 RESERVED CVE-2020-5617 RESERVED CVE-2020-5616 RESERVED CVE-2020-5615 RESERVED CVE-2020-5614 RESERVED CVE-2020-5613 RESERVED CVE-2020-5612 RESERVED CVE-2020-5611 RESERVED CVE-2020-5610 RESERVED CVE-2020-5609 RESERVED CVE-2020-5608 RESERVED CVE-2020-5607 RESERVED CVE-2020-5606 RESERVED CVE-2020-5605 RESERVED CVE-2020-5604 RESERVED CVE-2020-5603 RESERVED CVE-2020-5602 RESERVED CVE-2020-5601 RESERVED CVE-2020-5600 RESERVED CVE-2020-5599 RESERVED CVE-2020-5598 RESERVED CVE-2020-5597 RESERVED CVE-2020-5596 RESERVED CVE-2020-5595 RESERVED CVE-2020-5594 RESERVED CVE-2020-5593 RESERVED CVE-2020-5592 RESERVED CVE-2020-5591 RESERVED CVE-2020-5590 RESERVED CVE-2020-5589 RESERVED CVE-2020-5588 RESERVED CVE-2020-5587 RESERVED CVE-2020-5586 RESERVED CVE-2020-5585 RESERVED CVE-2020-5584 RESERVED CVE-2020-5583 RESERVED CVE-2020-5582 RESERVED CVE-2020-5581 RESERVED CVE-2020-5580 RESERVED CVE-2020-5579 (SQL injection vulnerability in the Paid Memberships versions prior to ...) TODO: check CVE-2020-5578 RESERVED CVE-2020-5577 (Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movabl ...) - movabletype-opensource CVE-2020-5576 (Cross-site request forgery (CSRF) vulnerability in Movable Type series ...) - movabletype-opensource CVE-2020-5575 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...) - movabletype-opensource CVE-2020-5574 (HTML attribute value injection vulnerability in Movable Type series (M ...) - movabletype-opensource CVE-2020-5573 RESERVED CVE-2020-5572 RESERVED CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...) NOT-FOR-US: SHARP AQUOS CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant version 11 ...) NOT-FOR-US: Sales Force Assistant CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password tool (for ...) NOT-FOR-US: HDD Password tool (CANVIO) CVE-2020-5568 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 all ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5567 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5566 (Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5565 (Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5564 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 al ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5563 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5562 (Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6. ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...) NOT-FOR-US: Keijiban Tsumiki CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...) NOT-FOR-US: WL-Enq CVE-2020-5559 (Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remo ...) NOT-FOR-US: WL-Enq CVE-2020-5558 (CuteNews 2.0.1 allows remote authenticated attackers to execute arbitr ...) NOT-FOR-US: CuteNews CVE-2020-5557 (Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote att ...) NOT-FOR-US: CuteNews CVE-2020-5556 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5554 (Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 a ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute arbitrary PHP ...) NOT-FOR-US: mailform CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allows rem ...) NOT-FOR-US: mailform CVE-2020-5551 (Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenti ...) NOT-FOR-US: Toyota CVE-2020-5550 (Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earli ...) NOT-FOR-US: EasyBlocks CVE-2020-5549 (Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver ...) NOT-FOR-US: EasyBlocks CVE-2020-5548 (Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yam ...) NOT-FOR-US: Yamaha CVE-2020-5547 (Resource Management Errors vulnerability in TCP function included in t ...) NOT-FOR-US: Mitsubishi CVE-2020-5546 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...) NOT-FOR-US: Mitsubishi CVE-2020-5545 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...) NOT-FOR-US: Mitsubishi CVE-2020-5544 (Null Pointer Dereference vulnerability in TCP function included in the ...) NOT-FOR-US: Mitsubishi CVE-2020-5543 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...) NOT-FOR-US: Mitsubishi CVE-2020-5542 (Buffer error vulnerability in TCP function included in the firmware of ...) NOT-FOR-US: Mitsubishi CVE-2020-5541 RESERVED CVE-2020-5540 RESERVED CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do no ...) NOT-FOR-US: GRANDIT CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows ...) NOT-FOR-US: PALLET CONTROL CVE-2020-5537 RESERVED CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...) NOT-FOR-US: OpenBlocks IoT VX2 CVE-2020-5535 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...) NOT-FOR-US: OpenBlocks IoT VX2 CVE-2020-5534 (Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated a ...) NOT-FOR-US: Aterm WG2600HS firmware CVE-2020-5533 (Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 ...) NOT-FOR-US: Aterm WG2600HS firmware CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for ...) NOT-FOR-US: ilbo App CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI500 ...) NOT-FOR-US: Mitsubishi CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy Property Listi ...) NOT-FOR-US: Easy Property Listings plugin for WordPress CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...) - htmlunit NOTE: https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28 TODO: check details, might affect jenkins-htmlunit CVE-2020-5528 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...) - movabletype-opensource CVE-2020-5527 (When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC ...) NOT-FOR-US: Mitsubishi CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2. ...) NOT-FOR-US: AWMS Mobile App for Android and iOS CVE-2020-5525 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG120 ...) NOT-FOR-US: Aterm series firmware CVE-2020-5524 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG120 ...) NOT-FOR-US: Aterm series firmware CVE-2020-5523 (Android App 'MyPallete' and some of the Android banking applications b ...) NOT-FOR-US: MyPallete CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify ...) NOT-FOR-US: kantan netprint App for Android CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...) NOT-FOR-US: kantan netprint App for iOS CVE-2020-5520 (The netprint App for iOS 3.2.3 and earlier does not verify X.509 certi ...) NOT-FOR-US: netprint App for iOS CVE-2020-5519 (The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly ...) NOT-FOR-US: OpenLiteSpeed CVE-2020-5518 RESERVED CVE-2020-5517 (CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access ...) NOT-FOR-US: BlueOnyx CVE-2020-5516 RESERVED CVE-2020-5515 (Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. ...) NOT-FOR-US: Gila CMS CVE-2020-5514 (Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous ...) NOT-FOR-US: Gila CMS CVE-2020-5513 (Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. ...) NOT-FOR-US: Gila CMS CVE-2020-5512 (Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. ...) NOT-FOR-US: Gila CMS CVE-2020-5511 (PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypas ...) NOT-FOR-US: PHPGurukul Small CRM CVE-2020-5510 (PHPGurukul Hostel Management System v2.0 allows SQL injection via the ...) NOT-FOR-US: PHPGurukul Hostel Management System CVE-2020-5509 (PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an ...) NOT-FOR-US: PHPGurukul Car Rental Project CVE-2020-5508 RESERVED CVE-2020-5507 RESERVED CVE-2020-5506 RESERVED CVE-2020-5505 (Freelancy v1.0.0 allows remote command execution via the "file":"data: ...) NOT-FOR-US: Freelancy CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists ...) {DLA-2060-1} - phpmyadmin 4:4.9.4+dfsg1-1 (bug #948718) [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983 NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/ CVE-2020-5503 RESERVED CVE-2020-5502 (phpBB 3.2.8 allows a CSRF attack that can approve pending group member ...) NOT-FOR-US: phpBB CVE-2020-5501 (phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. ...) NOT-FOR-US: phpBB CVE-2020-5500 RESERVED CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...) NOT-FOR-US: Baidu Rust SGX SDK CVE-2020-5498 REJECTED CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect throug ...) NOT-FOR-US: MITREid Connect CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...) - fontforge (bug #948231) [buster] - fontforge (Minor issue) [stretch] - fontforge (Minor issue) [jessie] - fontforge (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/4085 CVE-2020-5495 RESERVED CVE-2020-5494 RESERVED CVE-2020-5493 RESERVED CVE-2020-5492 RESERVED CVE-2020-5491 RESERVED CVE-2020-5490 RESERVED CVE-2020-5489 RESERVED CVE-2020-5488 RESERVED CVE-2020-5487 RESERVED CVE-2020-5486 RESERVED CVE-2020-5485 RESERVED CVE-2020-5484 RESERVED CVE-2020-5483 RESERVED CVE-2020-5482 RESERVED CVE-2020-5481 RESERVED CVE-2020-5480 RESERVED CVE-2020-5479 RESERVED CVE-2020-5478 RESERVED CVE-2020-5477 RESERVED CVE-2020-5476 RESERVED CVE-2020-5475 RESERVED CVE-2020-5474 RESERVED CVE-2020-5473 RESERVED CVE-2020-5472 RESERVED CVE-2020-5471 RESERVED CVE-2020-5470 RESERVED CVE-2020-5469 RESERVED CVE-2020-5468 RESERVED CVE-2020-5467 RESERVED CVE-2020-5466 RESERVED CVE-2020-5465 RESERVED CVE-2020-5464 RESERVED CVE-2020-5463 RESERVED CVE-2020-5462 RESERVED CVE-2020-5461 RESERVED CVE-2020-5460 RESERVED CVE-2020-5459 RESERVED CVE-2020-5458 RESERVED CVE-2020-5457 RESERVED CVE-2020-5456 RESERVED CVE-2020-5455 RESERVED CVE-2020-5454 RESERVED CVE-2020-5453 RESERVED CVE-2020-5452 RESERVED CVE-2020-5451 RESERVED CVE-2020-5450 RESERVED CVE-2020-5449 RESERVED CVE-2020-5448 RESERVED CVE-2020-5447 RESERVED CVE-2020-5446 RESERVED CVE-2020-5445 RESERVED CVE-2020-5444 RESERVED CVE-2020-5443 RESERVED CVE-2020-5442 RESERVED CVE-2020-5441 RESERVED CVE-2020-5440 RESERVED CVE-2020-5439 RESERVED CVE-2020-5438 RESERVED CVE-2020-5437 RESERVED CVE-2020-5436 RESERVED CVE-2020-5435 RESERVED CVE-2020-5434 RESERVED CVE-2020-5433 RESERVED CVE-2020-5432 RESERVED CVE-2020-5431 RESERVED CVE-2020-5430 RESERVED CVE-2020-5429 RESERVED CVE-2020-5428 RESERVED CVE-2020-5427 RESERVED CVE-2020-5426 RESERVED CVE-2020-5425 RESERVED CVE-2020-5424 RESERVED CVE-2020-5423 RESERVED CVE-2020-5422 RESERVED CVE-2020-5421 RESERVED CVE-2020-5420 RESERVED CVE-2020-5419 RESERVED CVE-2020-5418 RESERVED CVE-2020-5417 RESERVED CVE-2020-5416 RESERVED CVE-2020-5415 RESERVED CVE-2020-5414 RESERVED CVE-2020-5413 RESERVED CVE-2020-5412 RESERVED CVE-2020-5411 RESERVED CVE-2020-5410 RESERVED CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...) NOT-FOR-US: Pivotal CVE-2020-5408 (Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5 ...) - libspring-security-2.0-java [jessie] - libspring-security-2.0-java (Vulnerable code introduced later) CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 ...) - libspring-security-2.0-java [jessie] - libspring-security-2.0-java (Vulnerable code introduced later) CVE-2020-5406 (VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6. ...) NOT-FOR-US: VMware CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...) NOT-FOR-US: Spring Cloud Config CVE-2020-5404 (The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and ...) NOT-FOR-US: Reactor Netty, different from src:netty CVE-2020-5403 (Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a UR ...) NOT-FOR-US: Reactor Netty, different from src:netty CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability ...) NOT-FOR-US: Cloud Foundry CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoR ...) NOT-FOR-US: Cloud Foundry CVE-2020-5400 (Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs ...) NOT-FOR-US: Cloud Foundry CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...) NOT-FOR-US: Cloud Foundry CredHub CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...) - libspring-java [jessie] - libspring-java (Vulnerable code not present) NOTE: https://pivotal.io/security/cve-2020-5398 NOTE: https://github.com/spring-projects/spring-framework/issues/24220 NOTE: https://github.com/spring-projects/spring-framework/commit/41f40c6c229d3b4f768718f1ec229d8f0ad76d76 NOTE: https://github.com/spring-projects/spring-framework/commit/956ffe68587c8d5f21135b5ce4650af0c2dea933 CVE-2020-5397 (Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ...) - libspring-java [jessie] - libspring-java (Vulnerable code not present) NOTE: https://pivotal.io/security/cve-2020-5397 NOTE: https://github.com/spring-projects/spring-framework/issues/24327 NOTE: https://github.com/spring-projects/spring-framework/commit/bc7d01048579430b4b2df668178809b63d3f1929 CVE-2020-5396 RESERVED CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...) - fontforge (bug #948231) [buster] - fontforge (Minor issue) [stretch] - fontforge (Minor issue) [jessie] - fontforge (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/4084 CVE-2020-5394 RESERVED CVE-2020-5393 (In Appspace On-Prem through 7.1.3, an adversary can steal a session to ...) NOT-FOR-US: Appspace On-Prem CVE-2020-5392 (A stored cross-site scripting (XSS) vulnerability exists in the Auth0 ...) NOT-FOR-US: Auth0 plugin for WordPress CVE-2020-5391 (Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 p ...) NOT-FOR-US: Auth0 plugin for WordPress CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML docum ...) {DSA-4630-1 DLA-2119-1} - python-pysaml2 4.5.0-7 (bug #949322) NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0) CVE-2020-5389 RESERVED CVE-2020-5388 RESERVED CVE-2020-5387 RESERVED CVE-2020-5386 RESERVED CVE-2020-5385 RESERVED CVE-2020-5384 RESERVED CVE-2020-5383 RESERVED CVE-2020-5382 RESERVED CVE-2020-5381 RESERVED CVE-2020-5380 RESERVED CVE-2020-5379 RESERVED CVE-2020-5378 RESERVED CVE-2020-5377 RESERVED CVE-2020-5376 RESERVED CVE-2020-5375 RESERVED CVE-2020-5374 RESERVED CVE-2020-5373 RESERVED CVE-2020-5372 RESERVED CVE-2020-5371 RESERVED CVE-2020-5370 RESERVED CVE-2020-5369 RESERVED CVE-2020-5368 RESERVED CVE-2020-5367 RESERVED CVE-2020-5366 RESERVED CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vul ...) NOT-FOR-US: EMC CVE-2020-5364 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vul ...) NOT-FOR-US: EMC CVE-2020-5363 RESERVED CVE-2020-5362 RESERVED CVE-2020-5361 RESERVED CVE-2020-5360 RESERVED CVE-2020-5359 RESERVED CVE-2020-5358 RESERVED CVE-2020-5357 RESERVED CVE-2020-5356 RESERVED CVE-2020-5355 RESERVED CVE-2020-5354 RESERVED CVE-2020-5353 RESERVED CVE-2020-5352 RESERVED CVE-2020-5351 RESERVED CVE-2020-5350 (Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, ...) NOT-FOR-US: EMC CVE-2020-5349 RESERVED CVE-2020-5348 (Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a ...) NOT-FOR-US: Dell CVE-2020-5347 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of s ...) NOT-FOR-US: Dell EMC Isilon OneFS CVE-2020-5346 (RSA Authentication Manager versions prior to 8.4 P11 contain a stored ...) NOT-FOR-US: RSA Authentication Manager CVE-2020-5345 RESERVED CVE-2020-5344 (Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70. ...) NOT-FOR-US: EMC CVE-2020-5343 (Dell Client platforms restored using a Dell OS recovery image download ...) NOT-FOR-US: Dell CVE-2020-5342 (Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect ...) NOT-FOR-US: Dell CVE-2020-5341 RESERVED CVE-2020-5340 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...) NOT-FOR-US: RSA Authentication Manager CVE-2020-5339 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...) NOT-FOR-US: RSA Authentication Manager CVE-2020-5338 RESERVED CVE-2020-5337 (RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirect ...) NOT-FOR-US: RSA CVE-2020-5336 (RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injectio ...) NOT-FOR-US: RSA CVE-2020-5335 (RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site r ...) NOT-FOR-US: RSA CVE-2020-5334 (RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Ob ...) NOT-FOR-US: RSA CVE-2020-5333 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorizati ...) NOT-FOR-US: RSA CVE-2020-5332 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command inje ...) NOT-FOR-US: RSA CVE-2020-5331 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information ...) NOT-FOR-US: RSA CVE-2020-5330 (Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell ...) NOT-FOR-US: EMC CVE-2020-5329 RESERVED CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized ...) NOT-FOR-US: EMC CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...) NOT-FOR-US: Dell CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup configuration auth ...) NOT-FOR-US: Dell CVE-2020-5325 RESERVED CVE-2020-5324 (Dell Client Consumer and Commercial Platforms contain an Arbitrary Fil ...) NOT-FOR-US: Dell CVE-2020-5323 RESERVED CVE-2020-5322 RESERVED CVE-2020-5321 RESERVED CVE-2020-5320 RESERVED CVE-2020-5319 (Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prio ...) NOT-FOR-US: EMC CVE-2020-5318 (Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 co ...) NOT-FOR-US: EMC CVE-2020-5317 (Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A ...) NOT-FOR-US: EMC CVE-2020-5316 RESERVED CVE-2020-5315 RESERVED CVE-2020-5314 RESERVED CVE-2020-5313 (libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...) {DSA-4631-1 DLA-2057-1} - pillow 7.0.0-1 (bug #948224) NOTE: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b (6.2.2) CVE-2020-5312 (libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer ...) {DSA-4631-1 DLA-2057-1} - pillow 7.0.0-1 (bug #948224) NOTE: https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd (6.2.2) CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ...) - pillow 7.0.0-1 (bug #948224) [buster] - pillow 5.4.1-2+deb10u1 [stretch] - pillow (Vulnerable code not present) [jessie] - pillow (The vulnerable code was introduced later) NOTE: https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3 (6.2.2) CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...) - pillow 7.0.0-1 (bug #948224) [buster] - pillow (Vulnerability introduced later) [stretch] - pillow (Vulnerable code not present) [jessie] - pillow (The vulnerable code was introduced later) NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/f0436a4ddc954541fa10a531e2d9ea0c5ae2065d (5.3.0) NOTE: and https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0) NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 (6.2.2) CVE-2020-5309 RESERVED CVE-2020-5308 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, ...) NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System CVE-2020-5307 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL ...) NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display name, t ...) NOT-FOR-US: Codoforum CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of ...) NOT-FOR-US: Codoforum CVE-2020-5304 RESERVED CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-o ...) NOT-FOR-US: Tendermint CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...) NOT-FOR-US: MH-WikiBot CVE-2020-5301 (SimpleSAMLphp versions before 1.18.6 contain an information disclosure ...) - simplesamlphp (Windows-only issue) CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect ...) NOT-FOR-US: ORY Hydra CVE-2020-5299 RESERVED CVE-2020-5298 RESERVED CVE-2020-5297 RESERVED CVE-2020-5296 RESERVED CVE-2020-5295 RESERVED CVE-2020-5294 (PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5293 (In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper ...) NOT-FOR-US: PrestaShop CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vuln ...) NOT-FOR-US: Leantime CVE-2020-5290 (In RedpwnCTF before version 2.3, there is a session fixation vulnerabi ...) NOT-FOR-US: RedpwnCTF CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and ...) NOT-FOR-US: Elide CVE-2020-5288 ("In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper ...) NOT-FOR-US: PrestaShop CVE-2020-5287 (In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper ...) NOT-FOR-US: PrestaShop CVE-2020-5286 (In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5285 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal vulnerability ...) NOT-FOR-US: next.js CVE-2020-5283 (ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS ...) - viewvc [buster] - viewvc (Minor issue) [stretch] - viewvc (Minor issue) [jessie] - viewvc (Minor issue) NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-xpxf-fvqv-7mfg NOTE: https://github.com/viewvc/viewvc/commit/ad0f966e9a997b17d853a6972ea283d4dcd70fa8 NOTE: https://github.com/viewvc/viewvc/issues/211 CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...) NOT-FOR-US: Nick Chan Bot CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify configur ...) NOT-FOR-US: Perun CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file i ...) NOT-FOR-US: http4s CVE-2020-5279 (In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper ...) NOT-FOR-US: PrestaShop CVE-2020-5278 (In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5276 (In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5275 (In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Fire ...) - symfony [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy NOTE: https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf CVE-2020-5274 (In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exc ...) - symfony [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler NOTE: https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad NOTE: https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db CVE-2020-5273 (In PrestaShop module ps_linklist versions before 3.1.0, there is a sto ...) NOT-FOR-US: PrestaShop CVE-2020-5272 (In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5271 (In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5270 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open r ...) NOT-FOR-US: PrestaShop CVE-2020-5269 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5268 (In Saml2 Authentication Services for ASP.NET versions before 1.0.2, an ...) NOT-FOR-US: Saml2 Authentication Services for ASP.NET CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...) {DLA-2149-1} - rails 2:5.2.4.1+dfsg-2 (bug #954304) [buster] - rails 2:5.2.2.1+dfsg-1+deb10u1 [stretch] - rails (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/19/1 NOTE: https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a (master) CVE-2020-5266 (In the ps_link module for PrestaShop before version 3.1.0, there is a ...) NOT-FOR-US: PrestaShop CVE-2020-5265 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5264 (In PrestaShop before version 1.7.6.5, there is a reflected XSS while r ...) NOT-FOR-US: PrestaShop CVE-2020-5263 (auth0.js (NPM package auth0-js) greater than version 8.0.0 and before ...) NOT-FOR-US: Node auth0-js CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...) NOT-FOR-US: EasyBuild CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...) NOT-FOR-US: ASP.NET CVE-2020-5260 (Affected versions of Git have a vulnerability whereby Git can be trick ...) {DSA-4657-1 DLA-2177-1} - git 1:2.26.1-1 NOTE: https://lore.kernel.org/lkml/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/ NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=17f1c0b8c7e447aa62f85dc355bb48133d2812f2 NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c716fe4bd917e013bf376a678b3a924447777b2d NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=07259e74ec1237c836874342c65650bdee8a3993 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 NOTE: https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...) {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953587) [buster] - dojo (Minor issue) NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...) {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953585) [buster] - dojo (Minor issue) NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2 NOTE: https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by attri ...) NOT-FOR-US: Administrate ruby gem CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...) NOT-FOR-US: BookStack CVE-2020-5255 (In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not ...) - symfony [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header NOTE: https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6 CVE-2020-5254 (In NetHack before 3.6.6, some out-of-bound values for the hilite_statu ...) - nethack (bug #953978) [buster] - nethack (Minor issue) [stretch] - nethack (Vulnerable code introduced in 3.6.1) [jessie] - nethack (Vulnerable code introduced in 3.6.1) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9 NOTE: https://nethack.org/security/CVE-2020-5254.html NOTE: Fixed with: https://github.com/NetHack/NetHack/commit/abdd3254ae06dd1fbcff637c4c631783d5ed9741 (NetHack-3.6.6_Released) NOTE: Introduced with: https://github.com/NetHack/NetHack/commit/f8211f69f2008609b59fe4c9ba341ff1fa520825 (NetHack-3.6.1_RC01) CVE-2020-5253 (NetHack before version 3.6.0 allowed malicious use of escaping of char ...) - nethack 3.6.0-1 [jessie] - nethack (Not supported in jessie LTS) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m NOTE: https://github.com/NetHack/NetHack/commit/612755bfb5c412079795c68ba392df5d93874ed8 CVE-2020-5252 (The command-line "safety" package for Python has a potential security ...) NOT-FOR-US: safety Python module CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...) NOT-FOR-US: parser-server CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their addr ...) NOT-FOR-US: PrestaShop CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...) - puma 3.12.4-1 (bug #953122) [buster] - puma (Minor issue) [stretch] - puma (Minor issue) NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58 NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3 CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-j222-j9mf-h6j9 NOTE: https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...) - puma 3.12.4-1 (bug #952766) [buster] - puma (Minor issue) [stretch] - puma (Minor issue) NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v NOTE: https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3) NOTE: https://github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2) CVE-2020-5246 RESERVED CVE-2020-5245 (Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary cod ...) NOT-FOR-US: Dropwizard-Validation CVE-2020-5244 (In BuddyPress before 5.1.2, requests to a certain REST API endpoint ca ...) NOT-FOR-US: BuddyPress CVE-2020-5243 (uap-core before 0.7.3 is vulnerable to a denial of service attack when ...) - uap-core 1:0.8.0-1 (bug #952649) [buster] - uap-core (Minor issue) NOTE: https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p NOTE: https://github.com/ua-parser/uap-core/commit/a679b131697e7371f0441f4799940779efa2f27e NOTE: https://github.com/ua-parser/uap-core/commit/dd279cff09546dbd4174bd05d29c0e90c2cffa7c NOTE: https://github.com/ua-parser/uap-core/commit/7d92a383440c9742ec878273c90a4dcf8446f9af NOTE: https://github.com/ua-parser/uap-core/commit/e9a1c74dae9ecd4aa6385bd34ef6c7243f89b537 CVE-2020-5242 (openHAB before 2.5.2 allow a remote attacker to use REST calls to inst ...) NOT-FOR-US: openHAB CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...) NOT-FOR-US: matestack-ui-core Ruby gem CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user with access to the CMS can view ...) NOT-FOR-US: wagtail-2fa CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...) NOT-FOR-US: Mailu CVE-2020-5238 RESERVED CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the oneup/uploader ...) NOT-FOR-US: oneup/uploader-bundle CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...) - waitress (Vulnerable code introduced later) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc NOTE: Introduced in: https://github.com/Pylons/waitress/commit/0bf98dadd8cae23830cb365cc6cb9cedd7f98db0 (v1.4.2) NOTE: https://github.com/Pylons/waitress/commit/6e46f9e3f014d64dd7d1e258eaf626e39870ee1f (v1.4.3) CVE-2020-5235 (There is a potentially exploitable out of memory condition In Nanopb b ...) - nanopb (Fixed before initial upload to Debian) NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-gcx3-7m76-287p NOTE: https://github.com/nanopb/nanopb/commit/45582f1f97f49e2abfdba1463d1e1027682d9856 NOTE: https://github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3 NOTE: https://github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2 CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vu ...) NOT-FOR-US: MessagePack for C# CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...) NOT-FOR-US: OAuth2 Proxy CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...) NOT-FOR-US: Ethereum CVE-2020-5231 (In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN ...) NOT-FOR-US: Opencast CVE-2020-5230 (Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for me ...) NOT-FOR-US: Opencast CVE-2020-5229 (Opencast before 8.1 stores passwords using the rather outdated and cry ...) NOT-FOR-US: Opencast CVE-2020-5228 (Opencast before 8.1 and 7.6 allows unauthorized public access to all m ...) NOT-FOR-US: Opencast CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of ...) NOT-FOR-US: Feedgen CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...) - simplesamlphp 1.18.4-1 [buster] - simplesamlphp (Vulnerable code introduced later) [stretch] - simplesamlphp (Vulnerable code introduced later) [jessie] - simplesamlphp (Vulnerable code introduced later) NOTE: https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w NOTE: https://simplesamlphp.org/security/202001-01 CVE-2020-5225 (Log injection in SimpleSAMLphp before version 1.18.4. The www/errorepo ...) - simplesamlphp 1.18.4-1 (low) [buster] - simplesamlphp (Minor issue) [stretch] - simplesamlphp (Minor issue) [jessie] - simplesamlphp (Minor issue) NOTE: https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww NOTE: https://simplesamlphp.org/security/202001-02 CVE-2020-5224 (In Django User Sessions (django-user-sessions) before 1.7.1, the views ...) NOT-FOR-US: Django User Sessions (django-user-sessions) CVE-2020-5223 (In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a p ...) NOT-FOR-US: PrivateBin CVE-2020-5222 (Opencast before 7.6 and 8.1 enables a remember-me cookie based on a ha ...) NOT-FOR-US: Opencast CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...) NOT-FOR-US: uftpd CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups to be ...) NOT-FOR-US: Sylius CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...) NOT-FOR-US: Angular Expressions CVE-2020-5218 (Affected versions of Sylius give attackers the ability to switch chann ...) NOT-FOR-US: Sylius CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) - ruby-secure-headers (bug #949999) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c NOTE: https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3 NOTE: https://github.com/twitter/secure_headers/issues/418 NOTE: https://github.com/twitter/secure_headers/pull/421 CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) - ruby-secure-headers (bug #949998) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg NOTE: https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0 CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...) - tensorflow (bug #804612) CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6 NOTE: Negligible security impact CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v NOTE: Negligible security impact CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56 NOTE: Negligible security impact CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value for the ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7 NOTE: Negligible security impact CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command line op ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 NOTE: Negligible security impact CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i can ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8 NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 NOTE: Negligible security impact CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 negl ...) {DLA-2098-1} - ipmitool (bug #950761) [buster] - ipmitool (Minor issue) [stretch] - ipmitool (Minor issue) NOTE: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp NOTE: https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 NOTE: https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10 NOTE: https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 NOTE: https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4 NOTE: https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10 NOTE: https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637 CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...) NOT-FOR-US: Ktor CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with an arb ...) NOT-FOR-US: Opencast CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...) NOT-FOR-US: Pow CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...) NOT-FOR-US: uftpd CVE-2020-5203 (In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code exec ...) NOT-FOR-US: Fat-Free Framework CVE-2020-5202 (apt-cacher-ng through 3.3 allows local users to obtain sensitive infor ...) - apt-cacher-ng 3.3.1-1 [buster] - apt-cacher-ng 3.2.1-1 [stretch] - apt-cacher-ng (Minor issue) [jessie] - apt-cacher-ng (Minor issue) NOTE: https://salsa.debian.org/blade/apt-cacher-ng/commit/3b91874b0c099b0ded1a94f1784fe1265082efbc CVE-2020-5201 RESERVED CVE-2020-5200 RESERVED CVE-2020-5199 RESERVED CVE-2020-5198 RESERVED CVE-2020-5197 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) [experimental] - gitlab 12.6.2-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2020-5196 (Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10 ...) NOT-FOR-US: Cerberus FTP Server Enterprise Edition CVE-2020-5195 (Reflected XSS through an IMG element in Cerberus FTP Server prior to v ...) NOT-FOR-US: Cerberus FTP Server CVE-2020-5194 (The zip API endpoint in Cerberus FTP Server 8 allows an authenticated ...) NOT-FOR-US: Cerberus FTP Server CVE-2020-5193 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5192 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5191 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5190 RESERVED CVE-2020-5189 RESERVED CVE-2020-5188 (DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. ...) NOT-FOR-US: DNN CVE-2020-5187 (DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 ...) NOT-FOR-US: DNN CVE-2020-5186 (DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). ...) NOT-FOR-US: DNN CVE-2020-5185 RESERVED CVE-2020-5184 RESERVED CVE-2020-5183 (FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption ...) NOT-FOR-US: FTPGetter Professional CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reve ...) NOT-FOR-US: J-BusinessDirectory extension for Joomla! CVE-2020-5181 RESERVED CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to se ...) NOT-FOR-US: Viscosity on Widnows and macOS CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 7.4.3 devices CVE-2020-5178 RESERVED CVE-2020-5177 RESERVED CVE-2020-5176 RESERVED CVE-2020-5175 RESERVED CVE-2020-5174 RESERVED CVE-2020-5173 RESERVED CVE-2020-5172 RESERVED CVE-2020-5171 RESERVED CVE-2020-5170 RESERVED CVE-2020-5169 RESERVED CVE-2020-5168 RESERVED CVE-2020-5167 RESERVED CVE-2020-5166 RESERVED CVE-2020-5165 RESERVED CVE-2020-5164 RESERVED CVE-2020-5163 RESERVED CVE-2020-5162 RESERVED CVE-2020-5161 RESERVED CVE-2020-5160 RESERVED CVE-2020-5159 RESERVED CVE-2020-5158 RESERVED CVE-2020-5157 RESERVED CVE-2020-5156 RESERVED CVE-2020-5155 RESERVED CVE-2020-5154 RESERVED CVE-2020-5153 RESERVED CVE-2020-5152 RESERVED CVE-2020-5151 RESERVED CVE-2020-5150 RESERVED CVE-2020-5149 RESERVED CVE-2020-5148 RESERVED CVE-2020-5147 RESERVED CVE-2020-5146 RESERVED CVE-2020-5145 RESERVED CVE-2020-5144 RESERVED CVE-2020-5143 RESERVED CVE-2020-5142 RESERVED CVE-2020-5141 RESERVED CVE-2020-5140 RESERVED CVE-2020-5139 RESERVED CVE-2020-5138 RESERVED CVE-2020-5137 RESERVED CVE-2020-5136 RESERVED CVE-2020-5135 RESERVED CVE-2020-5134 RESERVED CVE-2020-5133 RESERVED CVE-2020-5132 RESERVED CVE-2020-5131 RESERVED CVE-2020-5130 RESERVED CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows a ...) NOT-FOR-US: SonicWall CVE-2020-5128 RESERVED CVE-2020-5127 RESERVED CVE-2020-5126 RESERVED CVE-2020-5125 RESERVED CVE-2020-5124 RESERVED CVE-2020-5123 RESERVED CVE-2020-5122 RESERVED CVE-2020-5121 RESERVED CVE-2020-5120 RESERVED CVE-2020-5119 RESERVED CVE-2020-5118 RESERVED CVE-2020-5117 RESERVED CVE-2020-5116 RESERVED CVE-2020-5115 RESERVED CVE-2020-5114 RESERVED CVE-2020-5113 RESERVED CVE-2020-5112 RESERVED CVE-2020-5111 RESERVED CVE-2020-5110 RESERVED CVE-2020-5109 RESERVED CVE-2020-5108 RESERVED CVE-2020-5107 RESERVED CVE-2020-5106 RESERVED CVE-2020-5105 RESERVED CVE-2020-5104 RESERVED CVE-2020-5103 RESERVED CVE-2020-5102 RESERVED CVE-2020-5101 RESERVED CVE-2020-5100 RESERVED CVE-2020-5099 RESERVED CVE-2020-5098 RESERVED CVE-2020-5097 RESERVED CVE-2020-5096 RESERVED CVE-2020-5095 RESERVED CVE-2020-5094 RESERVED CVE-2020-5093 RESERVED CVE-2020-5092 RESERVED CVE-2020-5091 RESERVED CVE-2020-5090 RESERVED CVE-2020-5089 RESERVED CVE-2020-5088 RESERVED CVE-2020-5087 RESERVED CVE-2020-5086 RESERVED CVE-2020-5085 RESERVED CVE-2020-5084 RESERVED CVE-2020-5083 RESERVED CVE-2020-5082 RESERVED CVE-2020-5081 RESERVED CVE-2020-5080 RESERVED CVE-2020-5079 RESERVED CVE-2020-5078 RESERVED CVE-2020-5077 RESERVED CVE-2020-5076 RESERVED CVE-2020-5075 RESERVED CVE-2020-5074 RESERVED CVE-2020-5073 RESERVED CVE-2020-5072 RESERVED CVE-2020-5071 RESERVED CVE-2020-5070 RESERVED CVE-2020-5069 RESERVED CVE-2020-5068 RESERVED CVE-2020-5067 RESERVED CVE-2020-5066 RESERVED CVE-2020-5065 RESERVED CVE-2020-5064 RESERVED CVE-2020-5063 RESERVED CVE-2020-5062 RESERVED CVE-2020-5061 RESERVED CVE-2020-5060 RESERVED CVE-2020-5059 RESERVED CVE-2020-5058 RESERVED CVE-2020-5057 RESERVED CVE-2020-5056 RESERVED CVE-2020-5055 RESERVED CVE-2020-5054 RESERVED CVE-2020-5053 RESERVED CVE-2020-5052 RESERVED CVE-2020-5051 RESERVED CVE-2020-5050 RESERVED CVE-2020-5049 RESERVED CVE-2020-5048 RESERVED CVE-2020-5047 RESERVED CVE-2020-5046 RESERVED CVE-2020-5045 RESERVED CVE-2020-5044 RESERVED CVE-2020-5043 RESERVED CVE-2020-5042 RESERVED CVE-2020-5041 RESERVED CVE-2020-5040 RESERVED CVE-2020-5039 RESERVED CVE-2020-5038 RESERVED CVE-2020-5037 RESERVED CVE-2020-5036 RESERVED CVE-2020-5035 RESERVED CVE-2020-5034 RESERVED CVE-2020-5033 RESERVED CVE-2020-5032 RESERVED CVE-2020-5031 RESERVED CVE-2020-5030 RESERVED CVE-2020-5029 RESERVED CVE-2020-5028 RESERVED CVE-2020-5027 RESERVED CVE-2020-5026 RESERVED CVE-2020-5025 RESERVED CVE-2020-5024 RESERVED CVE-2020-5023 RESERVED CVE-2020-5022 RESERVED CVE-2020-5021 RESERVED CVE-2020-5020 RESERVED CVE-2020-5019 RESERVED CVE-2020-5018 RESERVED CVE-2020-5017 RESERVED CVE-2020-5016 RESERVED CVE-2020-5015 RESERVED CVE-2020-5014 RESERVED CVE-2020-5013 RESERVED CVE-2020-5012 RESERVED CVE-2020-5011 RESERVED CVE-2020-5010 RESERVED CVE-2020-5009 RESERVED CVE-2020-5008 RESERVED CVE-2020-5007 RESERVED CVE-2020-5006 RESERVED CVE-2020-5005 RESERVED CVE-2020-5004 RESERVED CVE-2020-5003 RESERVED CVE-2020-5002 RESERVED CVE-2020-5001 RESERVED CVE-2020-5000 RESERVED CVE-2020-4999 RESERVED CVE-2020-4998 RESERVED CVE-2020-4997 RESERVED CVE-2020-4996 RESERVED CVE-2020-4995 RESERVED CVE-2020-4994 RESERVED CVE-2020-4993 RESERVED CVE-2020-4992 RESERVED CVE-2020-4991 RESERVED CVE-2020-4990 RESERVED CVE-2020-4989 RESERVED CVE-2020-4988 RESERVED CVE-2020-4987 RESERVED CVE-2020-4986 RESERVED CVE-2020-4985 RESERVED CVE-2020-4984 RESERVED CVE-2020-4983 RESERVED CVE-2020-4982 RESERVED CVE-2020-4981 RESERVED CVE-2020-4980 RESERVED CVE-2020-4979 RESERVED CVE-2020-4978 RESERVED CVE-2020-4977 RESERVED CVE-2020-4976 RESERVED CVE-2020-4975 RESERVED CVE-2020-4974 RESERVED CVE-2020-4973 RESERVED CVE-2020-4972 RESERVED CVE-2020-4971 RESERVED CVE-2020-4970 RESERVED CVE-2020-4969 RESERVED CVE-2020-4968 RESERVED CVE-2020-4967 RESERVED CVE-2020-4966 RESERVED CVE-2020-4965 RESERVED CVE-2020-4964 RESERVED CVE-2020-4963 RESERVED CVE-2020-4962 RESERVED CVE-2020-4961 RESERVED CVE-2020-4960 RESERVED CVE-2020-4959 RESERVED CVE-2020-4958 RESERVED CVE-2020-4957 RESERVED CVE-2020-4956 RESERVED CVE-2020-4955 RESERVED CVE-2020-4954 RESERVED CVE-2020-4953 RESERVED CVE-2020-4952 RESERVED CVE-2020-4951 RESERVED CVE-2020-4950 RESERVED CVE-2020-4949 RESERVED CVE-2020-4948 RESERVED CVE-2020-4947 RESERVED CVE-2020-4946 RESERVED CVE-2020-4945 RESERVED CVE-2020-4944 RESERVED CVE-2020-4943 RESERVED CVE-2020-4942 RESERVED CVE-2020-4941 RESERVED CVE-2020-4940 RESERVED CVE-2020-4939 RESERVED CVE-2020-4938 RESERVED CVE-2020-4937 RESERVED CVE-2020-4936 RESERVED CVE-2020-4935 RESERVED CVE-2020-4934 RESERVED CVE-2020-4933 RESERVED CVE-2020-4932 RESERVED CVE-2020-4931 RESERVED CVE-2020-4930 RESERVED CVE-2020-4929 RESERVED CVE-2020-4928 RESERVED CVE-2020-4927 RESERVED CVE-2020-4926 RESERVED CVE-2020-4925 RESERVED CVE-2020-4924 RESERVED CVE-2020-4923 RESERVED CVE-2020-4922 RESERVED CVE-2020-4921 RESERVED CVE-2020-4920 RESERVED CVE-2020-4919 RESERVED CVE-2020-4918 RESERVED CVE-2020-4917 RESERVED CVE-2020-4916 RESERVED CVE-2020-4915 RESERVED CVE-2020-4914 RESERVED CVE-2020-4913 RESERVED CVE-2020-4912 RESERVED CVE-2020-4911 RESERVED CVE-2020-4910 RESERVED CVE-2020-4909 RESERVED CVE-2020-4908 RESERVED CVE-2020-4907 RESERVED CVE-2020-4906 RESERVED CVE-2020-4905 RESERVED CVE-2020-4904 RESERVED CVE-2020-4903 RESERVED CVE-2020-4902 RESERVED CVE-2020-4901 RESERVED CVE-2020-4900 RESERVED CVE-2020-4899 RESERVED CVE-2020-4898 RESERVED CVE-2020-4897 RESERVED CVE-2020-4896 RESERVED CVE-2020-4895 RESERVED CVE-2020-4894 RESERVED CVE-2020-4893 RESERVED CVE-2020-4892 RESERVED CVE-2020-4891 RESERVED CVE-2020-4890 RESERVED CVE-2020-4889 RESERVED CVE-2020-4888 RESERVED CVE-2020-4887 RESERVED CVE-2020-4886 RESERVED CVE-2020-4885 RESERVED CVE-2020-4884 RESERVED CVE-2020-4883 RESERVED CVE-2020-4882 RESERVED CVE-2020-4881 RESERVED CVE-2020-4880 RESERVED CVE-2020-4879 RESERVED CVE-2020-4878 RESERVED CVE-2020-4877 RESERVED CVE-2020-4876 RESERVED CVE-2020-4875 RESERVED CVE-2020-4874 RESERVED CVE-2020-4873 RESERVED CVE-2020-4872 RESERVED CVE-2020-4871 RESERVED CVE-2020-4870 RESERVED CVE-2020-4869 RESERVED CVE-2020-4868 RESERVED CVE-2020-4867 RESERVED CVE-2020-4866 RESERVED CVE-2020-4865 RESERVED CVE-2020-4864 RESERVED CVE-2020-4863 RESERVED CVE-2020-4862 RESERVED CVE-2020-4861 RESERVED CVE-2020-4860 RESERVED CVE-2020-4859 RESERVED CVE-2020-4858 RESERVED CVE-2020-4857 RESERVED CVE-2020-4856 RESERVED CVE-2020-4855 RESERVED CVE-2020-4854 RESERVED CVE-2020-4853 RESERVED CVE-2020-4852 RESERVED CVE-2020-4851 RESERVED CVE-2020-4850 RESERVED CVE-2020-4849 RESERVED CVE-2020-4848 RESERVED CVE-2020-4847 RESERVED CVE-2020-4846 RESERVED CVE-2020-4845 RESERVED CVE-2020-4844 RESERVED CVE-2020-4843 RESERVED CVE-2020-4842 RESERVED CVE-2020-4841 RESERVED CVE-2020-4840 RESERVED CVE-2020-4839 RESERVED CVE-2020-4838 RESERVED CVE-2020-4837 RESERVED CVE-2020-4836 RESERVED CVE-2020-4835 RESERVED CVE-2020-4834 RESERVED CVE-2020-4833 RESERVED CVE-2020-4832 RESERVED CVE-2020-4831 RESERVED CVE-2020-4830 RESERVED CVE-2020-4829 RESERVED CVE-2020-4828 RESERVED CVE-2020-4827 RESERVED CVE-2020-4826 RESERVED CVE-2020-4825 RESERVED CVE-2020-4824 RESERVED CVE-2020-4823 RESERVED CVE-2020-4822 RESERVED CVE-2020-4821 RESERVED CVE-2020-4820 RESERVED CVE-2020-4819 RESERVED CVE-2020-4818 RESERVED CVE-2020-4817 RESERVED CVE-2020-4816 RESERVED CVE-2020-4815 RESERVED CVE-2020-4814 RESERVED CVE-2020-4813 RESERVED CVE-2020-4812 RESERVED CVE-2020-4811 RESERVED CVE-2020-4810 RESERVED CVE-2020-4809 RESERVED CVE-2020-4808 RESERVED CVE-2020-4807 RESERVED CVE-2020-4806 RESERVED CVE-2020-4805 RESERVED CVE-2020-4804 RESERVED CVE-2020-4803 RESERVED CVE-2020-4802 RESERVED CVE-2020-4801 RESERVED CVE-2020-4800 RESERVED CVE-2020-4799 RESERVED CVE-2020-4798 RESERVED CVE-2020-4797 RESERVED CVE-2020-4796 RESERVED CVE-2020-4795 RESERVED CVE-2020-4794 RESERVED CVE-2020-4793 RESERVED CVE-2020-4792 RESERVED CVE-2020-4791 RESERVED CVE-2020-4790 RESERVED CVE-2020-4789 RESERVED CVE-2020-4788 RESERVED CVE-2020-4787 RESERVED CVE-2020-4786 RESERVED CVE-2020-4785 RESERVED CVE-2020-4784 RESERVED CVE-2020-4783 RESERVED CVE-2020-4782 RESERVED CVE-2020-4781 RESERVED CVE-2020-4780 RESERVED CVE-2020-4779 RESERVED CVE-2020-4778 RESERVED CVE-2020-4777 RESERVED CVE-2020-4776 RESERVED CVE-2020-4775 RESERVED CVE-2020-4774 RESERVED CVE-2020-4773 RESERVED CVE-2020-4772 RESERVED CVE-2020-4771 RESERVED CVE-2020-4770 RESERVED CVE-2020-4769 RESERVED CVE-2020-4768 RESERVED CVE-2020-4767 RESERVED CVE-2020-4766 RESERVED CVE-2020-4765 RESERVED CVE-2020-4764 RESERVED CVE-2020-4763 RESERVED CVE-2020-4762 RESERVED CVE-2020-4761 RESERVED CVE-2020-4760 RESERVED CVE-2020-4759 RESERVED CVE-2020-4758 RESERVED CVE-2020-4757 RESERVED CVE-2020-4756 RESERVED CVE-2020-4755 RESERVED CVE-2020-4754 RESERVED CVE-2020-4753 RESERVED CVE-2020-4752 RESERVED CVE-2020-4751 RESERVED CVE-2020-4750 RESERVED CVE-2020-4749 RESERVED CVE-2020-4748 RESERVED CVE-2020-4747 RESERVED CVE-2020-4746 RESERVED CVE-2020-4745 RESERVED CVE-2020-4744 RESERVED CVE-2020-4743 RESERVED CVE-2020-4742 RESERVED CVE-2020-4741 RESERVED CVE-2020-4740 RESERVED CVE-2020-4739 RESERVED CVE-2020-4738 RESERVED CVE-2020-4737 RESERVED CVE-2020-4736 RESERVED CVE-2020-4735 RESERVED CVE-2020-4734 RESERVED CVE-2020-4733 RESERVED CVE-2020-4732 RESERVED CVE-2020-4731 RESERVED CVE-2020-4730 RESERVED CVE-2020-4729 RESERVED CVE-2020-4728 RESERVED CVE-2020-4727 RESERVED CVE-2020-4726 RESERVED CVE-2020-4725 RESERVED CVE-2020-4724 RESERVED CVE-2020-4723 RESERVED CVE-2020-4722 RESERVED CVE-2020-4721 RESERVED CVE-2020-4720 RESERVED CVE-2020-4719 RESERVED CVE-2020-4718 RESERVED CVE-2020-4717 RESERVED CVE-2020-4716 RESERVED CVE-2020-4715 RESERVED CVE-2020-4714 RESERVED CVE-2020-4713 RESERVED CVE-2020-4712 RESERVED CVE-2020-4711 RESERVED CVE-2020-4710 RESERVED CVE-2020-4709 RESERVED CVE-2020-4708 RESERVED CVE-2020-4707 RESERVED CVE-2020-4706 RESERVED CVE-2020-4705 RESERVED CVE-2020-4704 RESERVED CVE-2020-4703 RESERVED CVE-2020-4702 RESERVED CVE-2020-4701 RESERVED CVE-2020-4700 RESERVED CVE-2020-4699 RESERVED CVE-2020-4698 RESERVED CVE-2020-4697 RESERVED CVE-2020-4696 RESERVED CVE-2020-4695 RESERVED CVE-2020-4694 RESERVED CVE-2020-4693 RESERVED CVE-2020-4692 RESERVED CVE-2020-4691 RESERVED CVE-2020-4690 RESERVED CVE-2020-4689 RESERVED CVE-2020-4688 RESERVED CVE-2020-4687 RESERVED CVE-2020-4686 RESERVED CVE-2020-4685 RESERVED CVE-2020-4684 RESERVED CVE-2020-4683 RESERVED CVE-2020-4682 RESERVED CVE-2020-4681 RESERVED CVE-2020-4680 RESERVED CVE-2020-4679 RESERVED CVE-2020-4678 RESERVED CVE-2020-4677 RESERVED CVE-2020-4676 RESERVED CVE-2020-4675 RESERVED CVE-2020-4674 RESERVED CVE-2020-4673 RESERVED CVE-2020-4672 RESERVED CVE-2020-4671 RESERVED CVE-2020-4670 RESERVED CVE-2020-4669 RESERVED CVE-2020-4668 RESERVED CVE-2020-4667 RESERVED CVE-2020-4666 RESERVED CVE-2020-4665 RESERVED CVE-2020-4664 RESERVED CVE-2020-4663 RESERVED CVE-2020-4662 RESERVED CVE-2020-4661 RESERVED CVE-2020-4660 RESERVED CVE-2020-4659 RESERVED CVE-2020-4658 RESERVED CVE-2020-4657 RESERVED CVE-2020-4656 RESERVED CVE-2020-4655 RESERVED CVE-2020-4654 RESERVED CVE-2020-4653 RESERVED CVE-2020-4652 RESERVED CVE-2020-4651 RESERVED CVE-2020-4650 RESERVED CVE-2020-4649 RESERVED CVE-2020-4648 RESERVED CVE-2020-4647 RESERVED CVE-2020-4646 RESERVED CVE-2020-4645 RESERVED CVE-2020-4644 RESERVED CVE-2020-4643 RESERVED CVE-2020-4642 RESERVED CVE-2020-4641 RESERVED CVE-2020-4640 RESERVED CVE-2020-4639 RESERVED CVE-2020-4638 RESERVED CVE-2020-4637 RESERVED CVE-2020-4636 RESERVED CVE-2020-4635 RESERVED CVE-2020-4634 RESERVED CVE-2020-4633 RESERVED CVE-2020-4632 RESERVED CVE-2020-4631 RESERVED CVE-2020-4630 RESERVED CVE-2020-4629 RESERVED CVE-2020-4628 RESERVED CVE-2020-4627 RESERVED CVE-2020-4626 RESERVED CVE-2020-4625 RESERVED CVE-2020-4624 RESERVED CVE-2020-4623 RESERVED CVE-2020-4622 RESERVED CVE-2020-4621 RESERVED CVE-2020-4620 RESERVED CVE-2020-4619 RESERVED CVE-2020-4618 RESERVED CVE-2020-4617 RESERVED CVE-2020-4616 RESERVED CVE-2020-4615 RESERVED CVE-2020-4614 RESERVED CVE-2020-4613 RESERVED CVE-2020-4612 RESERVED CVE-2020-4611 RESERVED CVE-2020-4610 RESERVED CVE-2020-4609 RESERVED CVE-2020-4608 RESERVED CVE-2020-4607 RESERVED CVE-2020-4606 RESERVED CVE-2020-4605 RESERVED CVE-2020-4604 RESERVED CVE-2020-4603 RESERVED CVE-2020-4602 RESERVED CVE-2020-4601 RESERVED CVE-2020-4600 RESERVED CVE-2020-4599 RESERVED CVE-2020-4598 RESERVED CVE-2020-4597 RESERVED CVE-2020-4596 RESERVED CVE-2020-4595 RESERVED CVE-2020-4594 RESERVED CVE-2020-4593 RESERVED CVE-2020-4592 RESERVED CVE-2020-4591 RESERVED CVE-2020-4590 RESERVED CVE-2020-4589 RESERVED CVE-2020-4588 RESERVED CVE-2020-4587 RESERVED CVE-2020-4586 RESERVED CVE-2020-4585 RESERVED CVE-2020-4584 RESERVED CVE-2020-4583 RESERVED CVE-2020-4582 RESERVED CVE-2020-4581 RESERVED CVE-2020-4580 RESERVED CVE-2020-4579 RESERVED CVE-2020-4578 RESERVED CVE-2020-4577 RESERVED CVE-2020-4576 RESERVED CVE-2020-4575 RESERVED CVE-2020-4574 RESERVED CVE-2020-4573 RESERVED CVE-2020-4572 RESERVED CVE-2020-4571 RESERVED CVE-2020-4570 RESERVED CVE-2020-4569 RESERVED CVE-2020-4568 RESERVED CVE-2020-4567 RESERVED CVE-2020-4566 RESERVED CVE-2020-4565 RESERVED CVE-2020-4564 RESERVED CVE-2020-4563 RESERVED CVE-2020-4562 RESERVED CVE-2020-4561 RESERVED CVE-2020-4560 RESERVED CVE-2020-4559 RESERVED CVE-2020-4558 RESERVED CVE-2020-4557 RESERVED CVE-2020-4556 RESERVED CVE-2020-4555 RESERVED CVE-2020-4554 RESERVED CVE-2020-4553 RESERVED CVE-2020-4552 RESERVED CVE-2020-4551 RESERVED CVE-2020-4550 RESERVED CVE-2020-4549 RESERVED CVE-2020-4548 RESERVED CVE-2020-4547 RESERVED CVE-2020-4546 RESERVED CVE-2020-4545 RESERVED CVE-2020-4544 RESERVED CVE-2020-4543 RESERVED CVE-2020-4542 RESERVED CVE-2020-4541 RESERVED CVE-2020-4540 RESERVED CVE-2020-4539 RESERVED CVE-2020-4538 RESERVED CVE-2020-4537 RESERVED CVE-2020-4536 RESERVED CVE-2020-4535 RESERVED CVE-2020-4534 RESERVED CVE-2020-4533 RESERVED CVE-2020-4532 RESERVED CVE-2020-4531 RESERVED CVE-2020-4530 RESERVED CVE-2020-4529 RESERVED CVE-2020-4528 RESERVED CVE-2020-4527 RESERVED CVE-2020-4526 RESERVED CVE-2020-4525 RESERVED CVE-2020-4524 RESERVED CVE-2020-4523 RESERVED CVE-2020-4522 RESERVED CVE-2020-4521 RESERVED CVE-2020-4520 RESERVED CVE-2020-4519 RESERVED CVE-2020-4518 RESERVED CVE-2020-4517 RESERVED CVE-2020-4516 RESERVED CVE-2020-4515 RESERVED CVE-2020-4514 RESERVED CVE-2020-4513 RESERVED CVE-2020-4512 RESERVED CVE-2020-4511 RESERVED CVE-2020-4510 RESERVED CVE-2020-4509 RESERVED CVE-2020-4508 RESERVED CVE-2020-4507 RESERVED CVE-2020-4506 RESERVED CVE-2020-4505 RESERVED CVE-2020-4504 RESERVED CVE-2020-4503 RESERVED CVE-2020-4502 RESERVED CVE-2020-4501 RESERVED CVE-2020-4500 RESERVED CVE-2020-4499 RESERVED CVE-2020-4498 RESERVED CVE-2020-4497 RESERVED CVE-2020-4496 RESERVED CVE-2020-4495 RESERVED CVE-2020-4494 RESERVED CVE-2020-4493 RESERVED CVE-2020-4492 RESERVED CVE-2020-4491 RESERVED CVE-2020-4490 RESERVED CVE-2020-4489 RESERVED CVE-2020-4488 RESERVED CVE-2020-4487 RESERVED CVE-2020-4486 RESERVED CVE-2020-4485 RESERVED CVE-2020-4484 RESERVED CVE-2020-4483 RESERVED CVE-2020-4482 RESERVED CVE-2020-4481 RESERVED CVE-2020-4480 RESERVED CVE-2020-4479 RESERVED CVE-2020-4478 RESERVED CVE-2020-4477 RESERVED CVE-2020-4476 RESERVED CVE-2020-4475 RESERVED CVE-2020-4474 RESERVED CVE-2020-4473 RESERVED CVE-2020-4472 RESERVED CVE-2020-4471 RESERVED CVE-2020-4470 RESERVED CVE-2020-4469 RESERVED CVE-2020-4468 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4467 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4466 RESERVED CVE-2020-4465 RESERVED CVE-2020-4464 RESERVED CVE-2020-4463 RESERVED CVE-2020-4462 RESERVED CVE-2020-4461 (IBM Security Access Manager Appliance 9.0.7.1 could allow an authentic ...) NOT-FOR-US: IBM CVE-2020-4460 RESERVED CVE-2020-4459 RESERVED CVE-2020-4458 RESERVED CVE-2020-4457 RESERVED CVE-2020-4456 RESERVED CVE-2020-4455 RESERVED CVE-2020-4454 RESERVED CVE-2020-4453 RESERVED CVE-2020-4452 RESERVED CVE-2020-4451 RESERVED CVE-2020-4450 RESERVED CVE-2020-4449 RESERVED CVE-2020-4448 RESERVED CVE-2020-4447 RESERVED CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automa ...) NOT-FOR-US: IBM CVE-2020-4445 RESERVED CVE-2020-4444 RESERVED CVE-2020-4443 RESERVED CVE-2020-4442 RESERVED CVE-2020-4441 RESERVED CVE-2020-4440 RESERVED CVE-2020-4439 RESERVED CVE-2020-4438 RESERVED CVE-2020-4437 RESERVED CVE-2020-4436 RESERVED CVE-2020-4435 RESERVED CVE-2020-4434 RESERVED CVE-2020-4433 RESERVED CVE-2020-4432 RESERVED CVE-2020-4431 RESERVED CVE-2020-4430 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a rem ...) NOT-FOR-US: IBM CVE-2020-4429 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 con ...) NOT-FOR-US: IBM CVE-2020-4428 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a rem ...) NOT-FOR-US: IBM CVE-2020-4427 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...) NOT-FOR-US: IBM CVE-2020-4426 RESERVED CVE-2020-4425 RESERVED CVE-2020-4424 RESERVED CVE-2020-4423 RESERVED CVE-2020-4422 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allo ...) NOT-FOR-US: IBM CVE-2020-4420 RESERVED CVE-2020-4419 RESERVED CVE-2020-4418 RESERVED CVE-2020-4417 RESERVED CVE-2020-4416 RESERVED CVE-2020-4415 (IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based ...) NOT-FOR-US: IBM CVE-2020-4414 RESERVED CVE-2020-4413 RESERVED CVE-2020-4412 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...) NOT-FOR-US: IBM CVE-2020-4411 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...) NOT-FOR-US: IBM CVE-2020-4410 RESERVED CVE-2020-4409 RESERVED CVE-2020-4408 RESERVED CVE-2020-4407 RESERVED CVE-2020-4406 RESERVED CVE-2020-4405 RESERVED CVE-2020-4404 RESERVED CVE-2020-4403 RESERVED CVE-2020-4402 RESERVED CVE-2020-4401 RESERVED CVE-2020-4400 RESERVED CVE-2020-4399 RESERVED CVE-2020-4398 RESERVED CVE-2020-4397 RESERVED CVE-2020-4396 RESERVED CVE-2020-4395 RESERVED CVE-2020-4394 RESERVED CVE-2020-4393 RESERVED CVE-2020-4392 RESERVED CVE-2020-4391 RESERVED CVE-2020-4390 RESERVED CVE-2020-4389 RESERVED CVE-2020-4388 RESERVED CVE-2020-4387 RESERVED CVE-2020-4386 RESERVED CVE-2020-4385 RESERVED CVE-2020-4384 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) NOT-FOR-US: IBM CVE-2020-4383 RESERVED CVE-2020-4382 RESERVED CVE-2020-4381 RESERVED CVE-2020-4380 RESERVED CVE-2020-4379 RESERVED CVE-2020-4378 RESERVED CVE-2020-4377 RESERVED CVE-2020-4376 RESERVED CVE-2020-4375 RESERVED CVE-2020-4374 RESERVED CVE-2020-4373 RESERVED CVE-2020-4372 RESERVED CVE-2020-4371 RESERVED CVE-2020-4370 RESERVED CVE-2020-4369 RESERVED CVE-2020-4368 RESERVED CVE-2020-4367 RESERVED CVE-2020-4366 RESERVED CVE-2020-4365 (IBM WebSphere Application Server 8.5 is vulnerable to server-side requ ...) NOT-FOR-US: IBM CVE-2020-4364 RESERVED CVE-2020-4363 RESERVED CVE-2020-4362 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...) NOT-FOR-US: IBM CVE-2020-4361 RESERVED CVE-2020-4360 RESERVED CVE-2020-4359 RESERVED CVE-2020-4358 RESERVED CVE-2020-4357 RESERVED CVE-2020-4356 RESERVED CVE-2020-4355 RESERVED CVE-2020-4354 RESERVED CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the device ...) NOT-FOR-US: IBM CVE-2020-4352 RESERVED CVE-2020-4351 RESERVED CVE-2020-4350 RESERVED CVE-2020-4349 RESERVED CVE-2020-4348 RESERVED CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subjec ...) NOT-FOR-US: IBM CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server ha ...) NOT-FOR-US: IBM CVE-2020-4345 (IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a s ...) NOT-FOR-US: IBM CVE-2020-4344 RESERVED CVE-2020-4343 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4342 RESERVED CVE-2020-4341 RESERVED CVE-2020-4340 RESERVED CVE-2020-4339 RESERVED CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...) NOT-FOR-US: IBM CVE-2020-4337 RESERVED CVE-2020-4336 RESERVED CVE-2020-4335 RESERVED CVE-2020-4334 RESERVED CVE-2020-4333 RESERVED CVE-2020-4332 RESERVED CVE-2020-4331 RESERVED CVE-2020-4330 RESERVED CVE-2020-4329 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...) NOT-FOR-US: IBM CVE-2020-4328 RESERVED CVE-2020-4327 RESERVED CVE-2020-4326 RESERVED CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0 ...) NOT-FOR-US: IBM CVE-2020-4324 RESERVED CVE-2020-4323 RESERVED CVE-2020-4322 RESERVED CVE-2020-4321 RESERVED CVE-2020-4320 RESERVED CVE-2020-4319 RESERVED CVE-2020-4318 RESERVED CVE-2020-4317 RESERVED CVE-2020-4316 RESERVED CVE-2020-4315 RESERVED CVE-2020-4314 RESERVED CVE-2020-4313 RESERVED CVE-2020-4312 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 co ...) NOT-FOR-US: IBM CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute ar ...) NOT-FOR-US: IBM CVE-2020-4310 RESERVED CVE-2020-4309 (IBM Content Navigator 3.0CD could disclose sensitive information to an ...) NOT-FOR-US: IBM CVE-2020-4308 RESERVED CVE-2020-4307 RESERVED CVE-2020-4306 RESERVED CVE-2020-4305 RESERVED CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...) NOT-FOR-US: IBM CVE-2020-4303 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...) NOT-FOR-US: IBM CVE-2020-4302 RESERVED CVE-2020-4301 RESERVED CVE-2020-4300 RESERVED CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 c ...) NOT-FOR-US: IBM CVE-2020-4298 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) NOT-FOR-US: IBM CVE-2020-4297 RESERVED CVE-2020-4296 RESERVED CVE-2020-4295 RESERVED CVE-2020-4294 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request ...) NOT-FOR-US: IBM CVE-2020-4293 RESERVED CVE-2020-4292 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and ...) NOT-FOR-US: IBM CVE-2020-4291 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4290 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4289 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4288 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4287 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4286 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) NOT-FOR-US: IBM CVE-2020-4285 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4284 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4283 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and ...) NOT-FOR-US: IBM CVE-2020-4282 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4281 RESERVED CVE-2020-4280 RESERVED CVE-2020-4279 RESERVED CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Sp ...) NOT-FOR-US: IBM CVE-2020-4277 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive i ...) NOT-FOR-US: IBM CVE-2020-4276 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...) NOT-FOR-US: IBM CVE-2020-4275 RESERVED CVE-2020-4274 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to ...) NOT-FOR-US: IBM CVE-2020-4273 (IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attack ...) NOT-FOR-US: IBM CVE-2020-4272 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to inc ...) NOT-FOR-US: IBM CVE-2020-4271 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to ...) NOT-FOR-US: IBM CVE-2020-4270 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain esc ...) NOT-FOR-US: IBM CVE-2020-4269 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, suc ...) NOT-FOR-US: IBM CVE-2020-4268 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scriptin ...) NOT-FOR-US: IBM CVE-2020-4267 (IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authen ...) NOT-FOR-US: IBM CVE-2020-4266 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4265 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4264 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4263 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4262 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4261 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4260 (IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permi ...) NOT-FOR-US: IBM CVE-2020-4259 (IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authe ...) NOT-FOR-US: IBM CVE-2020-4258 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4257 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4256 RESERVED CVE-2020-4255 RESERVED CVE-2020-4254 RESERVED CVE-2020-4253 (IBM Content Navigator 3.0CD does not invalidate session after logout w ...) NOT-FOR-US: IBM CVE-2020-4252 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...) NOT-FOR-US: IBM CVE-2020-4251 RESERVED CVE-2020-4250 RESERVED CVE-2020-4249 RESERVED CVE-2020-4248 RESERVED CVE-2020-4247 RESERVED CVE-2020-4246 RESERVED CVE-2020-4245 RESERVED CVE-2020-4244 RESERVED CVE-2020-4243 RESERVED CVE-2020-4242 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...) NOT-FOR-US: IBM CVE-2020-4241 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...) NOT-FOR-US: IBM CVE-2020-4240 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4239 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remot ...) NOT-FOR-US: IBM CVE-2020-4238 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4237 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4236 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an auth ...) NOT-FOR-US: IBM CVE-2020-4235 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4234 RESERVED CVE-2020-4233 RESERVED CVE-2020-4232 RESERVED CVE-2020-4231 RESERVED CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2020-4229 RESERVED CVE-2020-4228 RESERVED CVE-2020-4227 RESERVED CVE-2020-4226 RESERVED CVE-2020-4225 RESERVED CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...) NOT-FOR-US: IBM CVE-2020-4223 RESERVED CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM Spectrum Protect Plus CVE-2020-4221 RESERVED CVE-2020-4220 RESERVED CVE-2020-4219 RESERVED CVE-2020-4218 RESERVED CVE-2020-4217 (The IBM Spectrum Scale 4.2 and 5.0 file system component is affected b ...) NOT-FOR-US: IBM CVE-2020-4216 RESERVED CVE-2020-4215 RESERVED CVE-2020-4214 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4213 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4212 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4211 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4210 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4209 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4208 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded cr ...) NOT-FOR-US: IBM CVE-2020-4207 (IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 ...) NOT-FOR-US: IBM CVE-2020-4206 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4205 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an aut ...) NOT-FOR-US: IBM CVE-2020-4204 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4203 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially ...) NOT-FOR-US: IBM CVE-2020-4202 (IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenti ...) NOT-FOR-US: IBM CVE-2020-4201 RESERVED CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2020-4199 (IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request f ...) NOT-FOR-US: IBM CVE-2020-4198 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored loc ...) NOT-FOR-US: IBM CVE-2020-4196 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2020-4195 (IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4194 RESERVED CVE-2020-4193 RESERVED CVE-2020-4192 RESERVED CVE-2020-4191 RESERVED CVE-2020-4190 RESERVED CVE-2020-4189 RESERVED CVE-2020-4188 RESERVED CVE-2020-4187 RESERVED CVE-2020-4186 RESERVED CVE-2020-4185 RESERVED CVE-2020-4184 RESERVED CVE-2020-4183 RESERVED CVE-2020-4182 RESERVED CVE-2020-4181 RESERVED CVE-2020-4180 RESERVED CVE-2020-4179 RESERVED CVE-2020-4178 RESERVED CVE-2020-4177 RESERVED CVE-2020-4176 RESERVED CVE-2020-4175 RESERVED CVE-2020-4174 RESERVED CVE-2020-4173 RESERVED CVE-2020-4172 RESERVED CVE-2020-4171 RESERVED CVE-2020-4170 RESERVED CVE-2020-4169 RESERVED CVE-2020-4168 RESERVED CVE-2020-4167 RESERVED CVE-2020-4166 RESERVED CVE-2020-4165 RESERVED CVE-2020-4164 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under special ...) NOT-FOR-US: IBM CVE-2020-4162 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2020-4161 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2020-4160 RESERVED CVE-2020-4159 RESERVED CVE-2020-4158 RESERVED CVE-2020-4157 RESERVED CVE-2020-4156 RESERVED CVE-2020-4155 RESERVED CVE-2020-4154 RESERVED CVE-2020-4153 RESERVED CVE-2020-4152 RESERVED CVE-2020-4151 (IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attac ...) NOT-FOR-US: IBM CVE-2020-4150 RESERVED CVE-2020-4149 RESERVED CVE-2020-4148 RESERVED CVE-2020-4147 RESERVED CVE-2020-4146 RESERVED CVE-2020-4145 RESERVED CVE-2020-4144 RESERVED CVE-2020-4143 RESERVED CVE-2020-4142 RESERVED CVE-2020-4141 RESERVED CVE-2020-4140 RESERVED CVE-2020-4139 RESERVED CVE-2020-4138 RESERVED CVE-2020-4137 RESERVED CVE-2020-4136 RESERVED CVE-2020-4135 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4134 RESERVED CVE-2020-4133 RESERVED CVE-2020-4132 RESERVED CVE-2020-4131 RESERVED CVE-2020-4130 RESERVED CVE-2020-4129 RESERVED CVE-2020-4128 RESERVED CVE-2020-4127 RESERVED CVE-2020-4126 RESERVED CVE-2020-4125 RESERVED CVE-2020-4124 RESERVED CVE-2020-4123 RESERVED CVE-2020-4122 RESERVED CVE-2020-4121 RESERVED CVE-2020-4120 RESERVED CVE-2020-4119 RESERVED CVE-2020-4118 RESERVED CVE-2020-4117 RESERVED CVE-2020-4116 RESERVED CVE-2020-4115 RESERVED CVE-2020-4114 RESERVED CVE-2020-4113 RESERVED CVE-2020-4112 RESERVED CVE-2020-4111 RESERVED CVE-2020-4110 RESERVED CVE-2020-4109 RESERVED CVE-2020-4108 RESERVED CVE-2020-4107 RESERVED CVE-2020-4106 RESERVED CVE-2020-4105 RESERVED CVE-2020-4104 RESERVED CVE-2020-4103 RESERVED CVE-2020-4102 RESERVED CVE-2020-4101 RESERVED CVE-2020-4100 RESERVED CVE-2020-4099 RESERVED CVE-2020-4098 RESERVED CVE-2020-4097 RESERVED CVE-2020-4096 RESERVED CVE-2020-4095 RESERVED CVE-2020-4094 RESERVED CVE-2020-4093 RESERVED CVE-2020-4092 ("If port encryption is not enabled on the Domino Server, HCL Nomad on ...) NOT-FOR-US: HCL Nomad CVE-2020-4091 RESERVED CVE-2020-4090 RESERVED CVE-2020-4089 RESERVED CVE-2020-4088 RESERVED CVE-2020-4087 RESERVED CVE-2020-4086 RESERVED CVE-2020-4085 ("HCL Connections is vulnerable to possible information leakage and cou ...) NOT-FOR-US: HCL Connections CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scri ...) NOT-FOR-US: HCL Connections CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...) NOT-FOR-US: HCL Connections CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...) NOT-FOR-US: HCL Connections CVE-2020-4081 RESERVED CVE-2020-4080 RESERVED CVE-2020-4079 RESERVED CVE-2020-4078 RESERVED CVE-2020-4077 RESERVED CVE-2020-4076 RESERVED CVE-2020-4075 RESERVED CVE-2020-4074 RESERVED CVE-2020-4073 RESERVED CVE-2020-4072 RESERVED CVE-2020-4071 RESERVED CVE-2020-4070 RESERVED CVE-2020-4069 RESERVED CVE-2020-4068 RESERVED CVE-2020-4067 RESERVED CVE-2020-4066 RESERVED CVE-2020-4065 RESERVED CVE-2020-4064 RESERVED CVE-2020-4063 RESERVED CVE-2020-4062 RESERVED CVE-2020-4061 RESERVED CVE-2020-4060 RESERVED CVE-2020-4059 RESERVED CVE-2020-4058 RESERVED CVE-2020-4057 RESERVED CVE-2020-4056 RESERVED CVE-2020-4055 RESERVED CVE-2020-4054 RESERVED CVE-2020-4053 RESERVED CVE-2020-4052 RESERVED CVE-2020-4051 RESERVED CVE-2020-4050 RESERVED CVE-2020-4049 RESERVED CVE-2020-4048 RESERVED CVE-2020-4047 RESERVED CVE-2020-4046 RESERVED CVE-2020-4045 RESERVED CVE-2020-4044 RESERVED CVE-2020-4043 RESERVED CVE-2020-4042 RESERVED CVE-2020-4041 RESERVED CVE-2020-4040 RESERVED CVE-2020-4039 RESERVED CVE-2020-4038 RESERVED CVE-2020-4037 RESERVED CVE-2020-4036 RESERVED CVE-2020-4035 RESERVED CVE-2020-4034 RESERVED CVE-2020-4033 RESERVED CVE-2020-4032 RESERVED CVE-2020-4031 RESERVED CVE-2020-4030 RESERVED CVE-2020-4029 RESERVED CVE-2020-4028 RESERVED CVE-2020-4027 RESERVED CVE-2020-4026 RESERVED CVE-2020-4025 RESERVED CVE-2020-4024 RESERVED CVE-2020-4023 RESERVED CVE-2020-4022 RESERVED CVE-2020-4021 RESERVED CVE-2020-4020 RESERVED CVE-2020-4019 RESERVED CVE-2020-4018 RESERVED CVE-2020-4017 RESERVED CVE-2020-4016 RESERVED CVE-2020-4015 RESERVED CVE-2020-4014 RESERVED CVE-2020-4013 RESERVED CVE-2020-4012 RESERVED CVE-2020-4011 RESERVED CVE-2020-4010 RESERVED CVE-2020-4009 RESERVED CVE-2020-4008 RESERVED CVE-2020-4007 RESERVED CVE-2020-4006 RESERVED CVE-2020-4005 RESERVED CVE-2020-4004 RESERVED CVE-2020-4003 RESERVED CVE-2020-4002 RESERVED CVE-2020-4001 RESERVED CVE-2020-4000 RESERVED CVE-2020-3999 RESERVED CVE-2020-3998 RESERVED CVE-2020-3997 RESERVED CVE-2020-3996 RESERVED CVE-2020-3995 RESERVED CVE-2020-3994 RESERVED CVE-2020-3993 RESERVED CVE-2020-3992 RESERVED CVE-2020-3991 RESERVED CVE-2020-3990 RESERVED CVE-2020-3989 RESERVED CVE-2020-3988 RESERVED CVE-2020-3987 RESERVED CVE-2020-3986 RESERVED CVE-2020-3985 RESERVED CVE-2020-3984 RESERVED CVE-2020-3983 RESERVED CVE-2020-3982 RESERVED CVE-2020-3981 RESERVED CVE-2020-3980 RESERVED CVE-2020-3979 RESERVED CVE-2020-3978 RESERVED CVE-2020-3977 RESERVED CVE-2020-3976 RESERVED CVE-2020-3975 RESERVED CVE-2020-3974 RESERVED CVE-2020-3973 RESERVED CVE-2020-3972 RESERVED CVE-2020-3971 RESERVED CVE-2020-3970 RESERVED CVE-2020-3969 RESERVED CVE-2020-3968 RESERVED CVE-2020-3967 RESERVED CVE-2020-3966 RESERVED CVE-2020-3965 RESERVED CVE-2020-3964 RESERVED CVE-2020-3963 RESERVED CVE-2020-3962 RESERVED CVE-2020-3961 RESERVED CVE-2020-3960 RESERVED CVE-2020-3959 RESERVED CVE-2020-3958 RESERVED CVE-2020-3957 RESERVED CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, ...) TODO: check CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ...) NOT-FOR-US: VMware CVE-2020-3954 (Open Redirect vulnerability exists in VMware vRealize Log Insight prio ...) NOT-FOR-US: VMware CVE-2020-3953 (Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log ...) NOT-FOR-US: VMware CVE-2020-3952 (Under certain conditions, vmdir that ships with VMware vCenter Server, ...) NOT-FOR-US: VMware CVE-2020-3951 (VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows ...) NOT-FOR-US: VMware CVE-2020-3950 (VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11. ...) NOT-FOR-US: VMware CVE-2020-3949 RESERVED CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and ...) NOT-FOR-US: VMware CVE-2020-3947 (VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2 ...) NOT-FOR-US: VMware CVE-2020-3946 (InstallBuilder AutoUpdate tool and regular installers enabling <che ...) NOT-FOR-US: InstallBuilder CVE-2020-3945 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3944 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3943 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3942 RESERVED CVE-2020-3941 (The repair operation of VMware Tools for Windows 10.x.y has a race con ...) NOT-FOR-US: VMware Tools for Windows CVE-2020-3940 (VMware Workspace ONE SDK and dependent mobile application updates addr ...) NOT-FOR-US: VMware CVE-2020-3939 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3938 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3937 (SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, a ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3936 (UltraLog Express device management interface does not properly filter ...) NOT-FOR-US: UltraLog Express CVE-2020-3935 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3934 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3933 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may ...) NOT-FOR-US: Draytek VigorAP910C CVE-2020-3931 RESERVED CVE-2020-3930 RESERVED CVE-2020-3929 RESERVED CVE-2020-3928 RESERVED CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3924 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...) NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series CVE-2020-3923 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...) NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series CVE-2020-3922 (LisoMail, by ArmorX, allows SQL Injections, attackers can access the d ...) NOT-FOR-US: LisoMail CVE-2020-3921 (UltraLog Express device management software stores user’s inform ...) NOT-FOR-US: UltraLog Express CVE-2020-3920 (UltraLog Express device management interface does not properly perform ...) NOT-FOR-US: UltraLog Express CVE-2020-3919 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3918 RESERVED CVE-2020-3917 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2020-3916 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2020-3915 RESERVED CVE-2020-3914 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3913 (A permissions issue existed. This issue was addressed with improved pe ...) NOT-FOR-US: Apple CVE-2020-3912 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3911 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2020-3910 (A buffer overflow was addressed with improved size validation. This is ...) - libxml2 CVE-2020-3909 (A buffer overflow was addressed with improved bounds checking. This is ...) - libxml2 CVE-2020-3908 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3907 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3906 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3905 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3904 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-3903 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3902 (An input validation issue was addressed with improved input validation ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3901 (A type confusion issue was addressed with improved memory handling. Th ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3900 (A memory corruption issue was addressed with improved memory handling. ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3899 (A memory consumption issue was addressed with improved memory handling ...) {DSA-4681-1} - webkit2gtk 2.28.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.2-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c] RESERVED - cups 2.3.1-12 [buster] - cups 2.2.10-6+deb10u3 [stretch] - cups (Minor issue) [jessie] - cups (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1823964 NOTE: https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ppd.c, ppdc/ppdc-source.cxx) CVE-2020-3897 (A type confusion issue was addressed with improved memory handling. Th ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3896 RESERVED CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3894 (A race condition was addressed with additional validation. This issue ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3893 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3892 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3891 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3890 (The issue was addressed with improved deletion. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3889 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3888 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3886 RESERVED CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3884 (An injection issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2020-3883 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3882 RESERVED CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3880 RESERVED CVE-2020-3879 RESERVED CVE-2020-3878 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3877 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3876 RESERVED CVE-2020-3875 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-3874 (An issued existed in the naming of screenshots. The issue was correcte ...) NOT-FOR-US: Apple CVE-2020-3873 (This issue was addressed with improved setting propagation. This issue ...) NOT-FOR-US: Apple CVE-2020-3872 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3871 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3870 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3869 (An issue existed in the handling of the local user's self-view. The is ...) NOT-FOR-US: Apple CVE-2020-3868 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3867 (A logic issue was addressed with improved state management. This issue ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3866 (This was addressed with additional checks by Gatekeeper on files mount ...) NOT-FOR-US: Apple CVE-2020-3865 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3864 RESERVED {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3863 RESERVED CVE-2020-3862 (A denial of service issue was addressed with improved memory handling. ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3861 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2020-3860 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3859 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-3858 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3857 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3856 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3855 RESERVED CVE-2020-3854 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3853 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2020-3852 RESERVED CVE-2020-3851 RESERVED CVE-2020-3850 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3849 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3848 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3847 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3846 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2020-3845 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3844 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3843 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3842 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3841 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2020-3840 (An off by one issue existed in the handling of racoon configuration fi ...) NOT-FOR-US: Apple CVE-2020-3839 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-3838 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2020-3837 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3836 (An access issue was addressed with improved memory management. This is ...) NOT-FOR-US: Apple CVE-2020-3835 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2020-3834 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-3833 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-3832 RESERVED CVE-2020-3831 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-3830 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2020-3829 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-3828 (A lock screen issue allowed access to contacts on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2020-3827 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3826 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3825 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2020-3824 RESERVED CVE-2020-3823 RESERVED CVE-2020-3822 RESERVED CVE-2020-3821 RESERVED CVE-2020-3820 RESERVED CVE-2020-3819 RESERVED CVE-2020-3818 RESERVED CVE-2020-3817 RESERVED CVE-2020-3816 RESERVED CVE-2020-3815 RESERVED CVE-2020-3814 RESERVED CVE-2020-3813 RESERVED CVE-2020-3812 RESERVED - netqmail 1.06-6.2 (bug #961060) NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2020-3811 RESERVED - netqmail 1.06-6.2 (bug #961060) NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT before v ...) {DSA-4685-1 DLA-2210-1} - apt 2.1.2 NOTE: https://github.com/Debian/apt/issues/111 NOTE: https://bugs.launchpad.net/bugs/1878177 NOTE: https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6 CVE-2020-3809 RESERVED CVE-2020-3808 (Creative Cloud Desktop Application versions 5.0 and earlier have a tim ...) NOT-FOR-US: Adobe CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3805 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3804 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3803 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3802 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3801 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3800 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3799 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3798 RESERVED CVE-2020-3797 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3796 RESERVED CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file i ...) NOT-FOR-US: Adobe CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3791 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3790 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3789 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3788 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3787 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3786 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3785 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3784 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3783 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3782 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3781 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3780 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3779 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3778 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-3777 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3776 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3775 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3774 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3773 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3772 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3771 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3770 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...) NOT-FOR-US: Adobe CVE-2020-3768 RESERVED CVE-2020-3767 RESERVED CVE-2020-3766 (Adobe Genuine Integrity Service versions Version 6.4 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3761 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote ...) NOT-FOR-US: Adobe CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...) NOT-FOR-US: Adobe CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors ...) NOT-FOR-US: Adobe CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3757 (Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and ear ...) NOT-FOR-US: Adobe CVE-2020-3756 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3755 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3754 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3753 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3752 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3751 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3750 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3749 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3748 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3747 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3746 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3745 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3744 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3743 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3742 (Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.01 ...) NOT-FOR-US: Adobe CVE-2020-3741 (Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled re ...) NOT-FOR-US: Adobe CVE-2020-3740 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-3739 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-3738 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3737 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3736 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3735 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...) NOT-FOR-US: Adobe CVE-2020-3734 (Adobe Framemaker versions 2019.0.4 and below have a buffer error vulne ...) NOT-FOR-US: Adobe CVE-2020-3733 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3732 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3731 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...) NOT-FOR-US: Adobe CVE-2020-3730 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3729 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3728 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3727 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3726 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3725 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3724 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3723 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3722 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3721 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3720 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3709 RESERVED CVE-2020-3708 RESERVED CVE-2020-3707 RESERVED CVE-2020-3706 RESERVED CVE-2020-3705 RESERVED CVE-2020-3704 RESERVED CVE-2020-3703 RESERVED CVE-2020-3702 RESERVED CVE-2020-3701 RESERVED CVE-2020-3700 RESERVED CVE-2020-3699 RESERVED CVE-2020-3698 RESERVED CVE-2020-3697 RESERVED CVE-2020-3696 RESERVED CVE-2020-3695 RESERVED CVE-2020-3694 RESERVED CVE-2020-3693 RESERVED CVE-2020-3692 RESERVED CVE-2020-3691 RESERVED CVE-2020-3690 RESERVED CVE-2020-3689 RESERVED CVE-2020-3688 RESERVED CVE-2020-3687 RESERVED CVE-2020-3686 RESERVED CVE-2020-3685 RESERVED CVE-2020-3684 RESERVED CVE-2020-3683 RESERVED CVE-2020-3682 RESERVED CVE-2020-3681 RESERVED CVE-2020-3680 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3679 RESERVED CVE-2020-3678 RESERVED CVE-2020-3677 RESERVED CVE-2020-3676 RESERVED CVE-2020-3675 RESERVED CVE-2020-3674 RESERVED CVE-2020-3673 RESERVED CVE-2020-3672 RESERVED CVE-2020-3671 RESERVED CVE-2020-3670 RESERVED CVE-2020-3669 RESERVED CVE-2020-3668 RESERVED CVE-2020-3667 RESERVED CVE-2020-3666 RESERVED CVE-2020-3665 RESERVED CVE-2020-3664 RESERVED CVE-2020-3663 RESERVED CVE-2020-3662 RESERVED CVE-2020-3661 RESERVED CVE-2020-3660 RESERVED CVE-2020-3659 RESERVED CVE-2020-3658 RESERVED CVE-2020-3657 RESERVED CVE-2020-3656 RESERVED CVE-2020-3655 RESERVED CVE-2020-3654 RESERVED CVE-2020-3653 (Possible buffer over-read in windows wlan driver function due to lack ...) NOT-FOR-US: Snapdragon CVE-2020-3652 (Possible buffer over-read issue in windows x86 wlan driver function wh ...) NOT-FOR-US: Snapdragon CVE-2020-3651 (Active command timeout since WM status change cmd is not removed from ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3650 RESERVED CVE-2020-3649 RESERVED CVE-2020-3648 RESERVED CVE-2020-3647 RESERVED CVE-2020-3646 RESERVED CVE-2020-3645 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3644 RESERVED CVE-2020-3643 RESERVED CVE-2020-3642 RESERVED CVE-2020-3641 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3640 RESERVED CVE-2020-3639 RESERVED CVE-2020-3638 RESERVED CVE-2020-3637 RESERVED CVE-2020-3636 RESERVED CVE-2020-3635 RESERVED CVE-2020-3634 RESERVED CVE-2020-3633 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3632 RESERVED CVE-2020-3631 RESERVED CVE-2020-3630 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3629 RESERVED CVE-2020-3628 RESERVED CVE-2020-3627 RESERVED CVE-2020-3626 RESERVED CVE-2020-3625 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3624 RESERVED CVE-2020-3623 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3622 RESERVED CVE-2020-3621 RESERVED CVE-2020-3620 RESERVED CVE-2020-3619 RESERVED CVE-2020-3618 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3617 RESERVED CVE-2020-3616 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3615 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3614 RESERVED CVE-2020-3613 RESERVED CVE-2020-3612 RESERVED CVE-2020-3611 RESERVED CVE-2020-3610 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3609 RESERVED CVE-2020-3608 RESERVED CVE-2020-3607 RESERVED CVE-2020-3606 RESERVED CVE-2020-3605 RESERVED CVE-2020-3604 RESERVED CVE-2020-3603 RESERVED CVE-2020-3602 RESERVED CVE-2020-3601 RESERVED CVE-2020-3600 RESERVED CVE-2020-3599 RESERVED CVE-2020-3598 RESERVED CVE-2020-3597 RESERVED CVE-2020-3596 RESERVED CVE-2020-3595 RESERVED CVE-2020-3594 RESERVED CVE-2020-3593 RESERVED CVE-2020-3592 RESERVED CVE-2020-3591 RESERVED CVE-2020-3590 RESERVED CVE-2020-3589 RESERVED CVE-2020-3588 RESERVED CVE-2020-3587 RESERVED CVE-2020-3586 RESERVED CVE-2020-3585 RESERVED CVE-2020-3584 RESERVED CVE-2020-3583 RESERVED CVE-2020-3582 RESERVED CVE-2020-3581 RESERVED CVE-2020-3580 RESERVED CVE-2020-3579 RESERVED CVE-2020-3578 RESERVED CVE-2020-3577 RESERVED CVE-2020-3576 RESERVED CVE-2020-3575 RESERVED CVE-2020-3574 RESERVED CVE-2020-3573 RESERVED CVE-2020-3572 RESERVED CVE-2020-3571 RESERVED CVE-2020-3570 RESERVED CVE-2020-3569 RESERVED CVE-2020-3568 RESERVED CVE-2020-3567 RESERVED CVE-2020-3566 RESERVED CVE-2020-3565 RESERVED CVE-2020-3564 RESERVED CVE-2020-3563 RESERVED CVE-2020-3562 RESERVED CVE-2020-3561 RESERVED CVE-2020-3560 RESERVED CVE-2020-3559 RESERVED CVE-2020-3558 RESERVED CVE-2020-3557 RESERVED CVE-2020-3556 RESERVED CVE-2020-3555 RESERVED CVE-2020-3554 RESERVED CVE-2020-3553 RESERVED CVE-2020-3552 RESERVED CVE-2020-3551 RESERVED CVE-2020-3550 RESERVED CVE-2020-3549 RESERVED CVE-2020-3548 RESERVED CVE-2020-3547 RESERVED CVE-2020-3546 RESERVED CVE-2020-3545 RESERVED CVE-2020-3544 RESERVED CVE-2020-3543 RESERVED CVE-2020-3542 RESERVED CVE-2020-3541 RESERVED CVE-2020-3540 RESERVED CVE-2020-3539 RESERVED CVE-2020-3538 RESERVED CVE-2020-3537 RESERVED CVE-2020-3536 RESERVED CVE-2020-3535 RESERVED CVE-2020-3534 RESERVED CVE-2020-3533 RESERVED CVE-2020-3532 RESERVED CVE-2020-3531 RESERVED CVE-2020-3530 RESERVED CVE-2020-3529 RESERVED CVE-2020-3528 RESERVED CVE-2020-3527 RESERVED CVE-2020-3526 RESERVED CVE-2020-3525 RESERVED CVE-2020-3524 RESERVED CVE-2020-3523 RESERVED CVE-2020-3522 RESERVED CVE-2020-3521 RESERVED CVE-2020-3520 RESERVED CVE-2020-3519 RESERVED CVE-2020-3518 RESERVED CVE-2020-3517 RESERVED CVE-2020-3516 RESERVED CVE-2020-3515 RESERVED CVE-2020-3514 RESERVED CVE-2020-3513 RESERVED CVE-2020-3512 RESERVED CVE-2020-3511 RESERVED CVE-2020-3510 RESERVED CVE-2020-3509 RESERVED CVE-2020-3508 RESERVED CVE-2020-3507 RESERVED CVE-2020-3506 RESERVED CVE-2020-3505 RESERVED CVE-2020-3504 RESERVED CVE-2020-3503 RESERVED CVE-2020-3502 RESERVED CVE-2020-3501 RESERVED CVE-2020-3500 RESERVED CVE-2020-3499 RESERVED CVE-2020-3498 RESERVED CVE-2020-3497 RESERVED CVE-2020-3496 RESERVED CVE-2020-3495 RESERVED CVE-2020-3494 RESERVED CVE-2020-3493 RESERVED CVE-2020-3492 RESERVED CVE-2020-3491 RESERVED CVE-2020-3490 RESERVED CVE-2020-3489 RESERVED CVE-2020-3488 RESERVED CVE-2020-3487 RESERVED CVE-2020-3486 RESERVED CVE-2020-3485 RESERVED CVE-2020-3484 RESERVED CVE-2020-3483 RESERVED CVE-2020-3482 RESERVED CVE-2020-3481 RESERVED CVE-2020-3480 RESERVED CVE-2020-3479 RESERVED CVE-2020-3478 RESERVED CVE-2020-3477 RESERVED CVE-2020-3476 RESERVED CVE-2020-3475 RESERVED CVE-2020-3474 RESERVED CVE-2020-3473 RESERVED CVE-2020-3472 RESERVED CVE-2020-3471 RESERVED CVE-2020-3470 RESERVED CVE-2020-3469 RESERVED CVE-2020-3468 RESERVED CVE-2020-3467 RESERVED CVE-2020-3466 RESERVED CVE-2020-3465 RESERVED CVE-2020-3464 RESERVED CVE-2020-3463 RESERVED CVE-2020-3462 RESERVED CVE-2020-3461 RESERVED CVE-2020-3460 RESERVED CVE-2020-3459 RESERVED CVE-2020-3458 RESERVED CVE-2020-3457 RESERVED CVE-2020-3456 RESERVED CVE-2020-3455 RESERVED CVE-2020-3454 RESERVED CVE-2020-3453 RESERVED CVE-2020-3452 RESERVED CVE-2020-3451 RESERVED CVE-2020-3450 RESERVED CVE-2020-3449 RESERVED CVE-2020-3448 RESERVED CVE-2020-3447 RESERVED CVE-2020-3446 RESERVED CVE-2020-3445 RESERVED CVE-2020-3444 RESERVED CVE-2020-3443 RESERVED CVE-2020-3442 RESERVED CVE-2020-3441 RESERVED CVE-2020-3440 RESERVED CVE-2020-3439 RESERVED CVE-2020-3438 RESERVED CVE-2020-3437 RESERVED CVE-2020-3436 RESERVED CVE-2020-3435 RESERVED CVE-2020-3434 RESERVED CVE-2020-3433 RESERVED CVE-2020-3432 RESERVED CVE-2020-3431 RESERVED CVE-2020-3430 RESERVED CVE-2020-3429 RESERVED CVE-2020-3428 RESERVED CVE-2020-3427 RESERVED CVE-2020-3426 RESERVED CVE-2020-3425 RESERVED CVE-2020-3424 RESERVED CVE-2020-3423 RESERVED CVE-2020-3422 RESERVED CVE-2020-3421 RESERVED CVE-2020-3420 RESERVED CVE-2020-3419 RESERVED CVE-2020-3418 RESERVED CVE-2020-3417 RESERVED CVE-2020-3416 RESERVED CVE-2020-3415 RESERVED CVE-2020-3414 RESERVED CVE-2020-3413 RESERVED CVE-2020-3412 RESERVED CVE-2020-3411 RESERVED CVE-2020-3410 RESERVED CVE-2020-3409 RESERVED CVE-2020-3408 RESERVED CVE-2020-3407 RESERVED CVE-2020-3406 RESERVED CVE-2020-3405 RESERVED CVE-2020-3404 RESERVED CVE-2020-3403 RESERVED CVE-2020-3402 RESERVED CVE-2020-3401 RESERVED CVE-2020-3400 RESERVED CVE-2020-3399 RESERVED CVE-2020-3398 RESERVED CVE-2020-3397 RESERVED CVE-2020-3396 RESERVED CVE-2020-3395 RESERVED CVE-2020-3394 RESERVED CVE-2020-3393 RESERVED CVE-2020-3392 RESERVED CVE-2020-3391 RESERVED CVE-2020-3390 RESERVED CVE-2020-3389 RESERVED CVE-2020-3388 RESERVED CVE-2020-3387 RESERVED CVE-2020-3386 RESERVED CVE-2020-3385 RESERVED CVE-2020-3384 RESERVED CVE-2020-3383 RESERVED CVE-2020-3382 RESERVED CVE-2020-3381 RESERVED CVE-2020-3380 RESERVED CVE-2020-3379 RESERVED CVE-2020-3378 RESERVED CVE-2020-3377 RESERVED CVE-2020-3376 RESERVED CVE-2020-3375 RESERVED CVE-2020-3374 RESERVED CVE-2020-3373 RESERVED CVE-2020-3372 RESERVED CVE-2020-3371 RESERVED CVE-2020-3370 RESERVED CVE-2020-3369 RESERVED CVE-2020-3368 RESERVED CVE-2020-3367 RESERVED CVE-2020-3366 RESERVED CVE-2020-3365 RESERVED CVE-2020-3364 RESERVED CVE-2020-3363 RESERVED CVE-2020-3362 RESERVED CVE-2020-3361 RESERVED CVE-2020-3360 RESERVED CVE-2020-3359 RESERVED CVE-2020-3358 RESERVED CVE-2020-3357 RESERVED CVE-2020-3356 RESERVED CVE-2020-3355 RESERVED CVE-2020-3354 RESERVED CVE-2020-3353 RESERVED CVE-2020-3352 RESERVED CVE-2020-3351 RESERVED CVE-2020-3350 RESERVED CVE-2020-3349 RESERVED CVE-2020-3348 RESERVED CVE-2020-3347 RESERVED CVE-2020-3346 RESERVED CVE-2020-3345 RESERVED CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...) TODO: check CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...) TODO: check CVE-2020-3342 RESERVED CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVirus (C ...) {DLA-2215-1} - clamav 0.102.3+dfsg-1 [buster] - clamav (ClamAV is updated via -updates) [stretch] - clamav (ClamAV is updated via -updates) NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html CVE-2020-3340 RESERVED CVE-2020-3339 RESERVED CVE-2020-3338 RESERVED CVE-2020-3337 RESERVED CVE-2020-3336 RESERVED CVE-2020-3335 RESERVED CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Securit ...) NOT-FOR-US: Cisco CVE-2020-3333 RESERVED CVE-2020-3332 RESERVED CVE-2020-3331 RESERVED CVE-2020-3330 RESERVED CVE-2020-3329 (A vulnerability in role-based access control of Cisco Integrated Manag ...) NOT-FOR-US: Cisco CVE-2020-3328 RESERVED CVE-2020-3327 (A vulnerability in the ARJ archive parsing module in Clam AntiVirus (C ...) {DLA-2215-1} - clamav 0.102.3+dfsg-1 [buster] - clamav (ClamAV is updated via -updates) [stretch] - clamav (ClamAV is updated via -updates) NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html CVE-2020-3326 RESERVED CVE-2020-3325 RESERVED CVE-2020-3324 RESERVED CVE-2020-3323 RESERVED CVE-2020-3322 RESERVED CVE-2020-3321 RESERVED CVE-2020-3320 RESERVED CVE-2020-3319 RESERVED CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...) NOT-FOR-US: Cisco CVE-2020-3317 RESERVED CVE-2020-3316 RESERVED CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Snort d ...) NOT-FOR-US: Cisco CVE-2020-3314 (A vulnerability in the file scan process of Cisco AMP for Endpoints Ma ...) TODO: check CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...) NOT-FOR-US: Cisco CVE-2020-3312 (A vulnerability in the application policy configuration of Cisco Firep ...) NOT-FOR-US: Cisco CVE-2020-3311 (A vulnerability in the web interface of Cisco Firepower Management Cen ...) NOT-FOR-US: Cisco CVE-2020-3310 (A vulnerability in the XML parser code of Cisco Firepower Device Manag ...) NOT-FOR-US: Cisco CVE-2020-3309 (A vulnerability in Cisco Firepower Device Manager (FDM) On-Box softwar ...) NOT-FOR-US: Cisco CVE-2020-3308 (A vulnerability in the Image Signature Verification feature of Cisco F ...) NOT-FOR-US: Cisco CVE-2020-3307 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...) NOT-FOR-US: Cisco CVE-2020-3306 (A vulnerability in the DHCP module of Cisco Adaptive Security Applianc ...) NOT-FOR-US: Cisco CVE-2020-3305 (A vulnerability in the implementation of the Border Gateway Protocol ( ...) NOT-FOR-US: Cisco CVE-2020-3304 RESERVED CVE-2020-3303 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...) NOT-FOR-US: Cisco CVE-2020-3302 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...) NOT-FOR-US: Cisco CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...) NOT-FOR-US: Cisco CVE-2020-3300 RESERVED CVE-2020-3299 RESERVED CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...) NOT-FOR-US: Cisco CVE-2020-3297 RESERVED CVE-2020-3296 RESERVED CVE-2020-3295 RESERVED CVE-2020-3294 RESERVED CVE-2020-3293 RESERVED CVE-2020-3292 RESERVED CVE-2020-3291 RESERVED CVE-2020-3290 RESERVED CVE-2020-3289 RESERVED CVE-2020-3288 RESERVED CVE-2020-3287 RESERVED CVE-2020-3286 RESERVED CVE-2020-3285 (A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) ...) NOT-FOR-US: Cisco CVE-2020-3284 RESERVED CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...) NOT-FOR-US: Cisco CVE-2020-3282 RESERVED CVE-2020-3281 RESERVED CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of Cisco Unifi ...) TODO: check CVE-2020-3279 RESERVED CVE-2020-3278 RESERVED CVE-2020-3277 RESERVED CVE-2020-3276 RESERVED CVE-2020-3275 RESERVED CVE-2020-3274 RESERVED CVE-2020-3273 (A vulnerability in the 802.11 Generic Advertisement Service (GAS) fram ...) NOT-FOR-US: Cisco CVE-2020-3272 (A vulnerability in the DHCP server of Cisco Prime Network Registrar co ...) TODO: check CVE-2020-3271 RESERVED CVE-2020-3270 RESERVED CVE-2020-3269 RESERVED CVE-2020-3268 RESERVED CVE-2020-3267 RESERVED CVE-2020-3266 (A vulnerability in the CLI of Cisco SD-WAN Solution software could all ...) NOT-FOR-US: Cisco CVE-2020-3265 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3264 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3263 RESERVED CVE-2020-3262 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2020-3261 (A vulnerability in the web-based management interface of Cisco Mobilit ...) NOT-FOR-US: Cisco CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software could a ...) NOT-FOR-US: Cisco CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3258 RESERVED CVE-2020-3257 RESERVED CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco Hosted ...) NOT-FOR-US: Cisco CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco Firepo ...) NOT-FOR-US: Cisco CVE-2020-3254 (Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) ...) NOT-FOR-US: Cisco CVE-2020-3253 (A vulnerability in the support tunnel feature of Cisco Firepower Threa ...) NOT-FOR-US: Cisco CVE-2020-3252 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3251 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3250 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3249 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3248 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3246 (A vulnerability in the web server of Cisco Umbrella could allow an una ...) NOT-FOR-US: Cisco CVE-2020-3245 RESERVED CVE-2020-3244 RESERVED CVE-2020-3243 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3242 RESERVED CVE-2020-3241 RESERVED CVE-2020-3240 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3239 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3238 RESERVED CVE-2020-3237 RESERVED CVE-2020-3236 RESERVED CVE-2020-3235 RESERVED CVE-2020-3234 RESERVED CVE-2020-3233 RESERVED CVE-2020-3232 RESERVED CVE-2020-3231 RESERVED CVE-2020-3230 RESERVED CVE-2020-3229 RESERVED CVE-2020-3228 RESERVED CVE-2020-3227 RESERVED CVE-2020-3226 RESERVED CVE-2020-3225 RESERVED CVE-2020-3224 RESERVED CVE-2020-3223 RESERVED CVE-2020-3222 RESERVED CVE-2020-3221 RESERVED CVE-2020-3220 RESERVED CVE-2020-3219 RESERVED CVE-2020-3218 RESERVED CVE-2020-3217 RESERVED CVE-2020-3216 RESERVED CVE-2020-3215 RESERVED CVE-2020-3214 RESERVED CVE-2020-3213 RESERVED CVE-2020-3212 RESERVED CVE-2020-3211 RESERVED CVE-2020-3210 RESERVED CVE-2020-3209 RESERVED CVE-2020-3208 RESERVED CVE-2020-3207 RESERVED CVE-2020-3206 RESERVED CVE-2020-3205 RESERVED CVE-2020-3204 RESERVED CVE-2020-3203 RESERVED CVE-2020-3202 RESERVED CVE-2020-3201 RESERVED CVE-2020-3200 RESERVED CVE-2020-3199 RESERVED CVE-2020-3198 RESERVED CVE-2020-3197 RESERVED CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...) NOT-FOR-US: Cisco CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...) NOT-FOR-US: Cisco CVE-2020-3194 (A vulnerability in Cisco Webex Network Recording Player for Microsoft ...) NOT-FOR-US: Cisco CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2020-3191 (A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR Software ...) NOT-FOR-US: Cisco CVE-2020-3189 (A vulnerability in the VPN System Logging functionality for Cisco Fire ...) NOT-FOR-US: Cisco CVE-2020-3188 (A vulnerability in how Cisco Firepower Threat Defense (FTD) Software h ...) NOT-FOR-US: Cisco CVE-2020-3187 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3186 (A vulnerability in the management access list configuration of Cisco F ...) NOT-FOR-US: Cisco CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco TelePre ...) NOT-FOR-US: Cisco CVE-2020-3184 (A vulnerability in the web-based management interface of Cisco Prime C ...) TODO: check CVE-2020-3183 RESERVED CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuration of ...) NOT-FOR-US: Cisco CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...) NOT-FOR-US: Cisco CVE-2020-3180 RESERVED CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...) NOT-FOR-US: Cisco CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Softwar ...) NOT-FOR-US: Cisco CVE-2020-3177 (A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) ...) NOT-FOR-US: Cisco CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...) NOT-FOR-US: Cisco CVE-2020-3174 (A vulnerability in the anycast gateway feature of Cisco NX-OS Software ...) NOT-FOR-US: Cisco CVE-2020-3173 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...) NOT-FOR-US: Cisco CVE-2020-3172 (A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS ...) NOT-FOR-US: Cisco CVE-2020-3171 (A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS ...) NOT-FOR-US: Cisco CVE-2020-3170 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2020-3169 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3168 (A vulnerability in the Secure Login Enhancements capability of Cisco N ...) NOT-FOR-US: Cisco CVE-2020-3167 (A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manage ...) NOT-FOR-US: Cisco CVE-2020-3166 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3165 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...) NOT-FOR-US: Cisco CVE-2020-3164 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...) NOT-FOR-US: Cisco CVE-2020-3162 (A vulnerability in the Constrained Application Protocol (CoAP) impleme ...) NOT-FOR-US: Cisco CVE-2020-3161 (A vulnerability in the web server for Cisco IP Phones could allow an u ...) NOT-FOR-US: Cisco CVE-2020-3160 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...) NOT-FOR-US: Cisco CVE-2020-3159 (A vulnerability in the web-based management interface of Cisco Finesse ...) NOT-FOR-US: Cisco CVE-2020-3158 (A vulnerability in the High Availability (HA) service of Cisco Smart S ...) NOT-FOR-US: Cisco CVE-2020-3157 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-3156 (A vulnerability in the logging component of Cisco Identity Services En ...) NOT-FOR-US: Cisco CVE-2020-3155 (A vulnerability in the SSL implementation of the Cisco Intelligent Pro ...) NOT-FOR-US: Cisco CVE-2020-3154 (A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could ...) NOT-FOR-US: Cisco CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect Secure ...) NOT-FOR-US: Cisco CVE-2020-3152 RESERVED CVE-2020-3151 RESERVED CVE-2020-3150 RESERVED CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...) NOT-FOR-US: Cisco CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...) NOT-FOR-US: Cisco CVE-2020-3146 RESERVED CVE-2020-3145 RESERVED CVE-2020-3144 RESERVED CVE-2020-3143 RESERVED CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...) NOT-FOR-US: Cisco CVE-2020-3141 RESERVED CVE-2020-3140 RESERVED CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...) NOT-FOR-US: Cisco CVE-2020-3138 (A vulnerability in the upgrade component of Cisco Enterprise NFV Infra ...) NOT-FOR-US: Cisco CVE-2020-3137 RESERVED CVE-2020-3136 (A vulnerability in the web-based management interface of Cisco Jabber ...) NOT-FOR-US: Cisco CVE-2020-3135 RESERVED CVE-2020-3134 (A vulnerability in the zip decompression engine of Cisco AsyncOS Softw ...) NOT-FOR-US: Cisco CVE-2020-3133 RESERVED CVE-2020-3132 (A vulnerability in the email message scanning feature of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3131 (A vulnerability in the Cisco Webex Teams client for Windows could allo ...) NOT-FOR-US: Cisco CVE-2020-3130 RESERVED CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...) NOT-FOR-US: Cisco CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2020-3126 (vulnerability within the Multimedia Viewer feature of Cisco Webex Meet ...) NOT-FOR-US: Cisco CVE-2020-3125 (A vulnerability in the Kerberos authentication feature of Cisco Adapti ...) NOT-FOR-US: Cisco CVE-2020-3124 RESERVED CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...) - clamav 0.102.2+dfsg-1 (bug #950944) [buster] - clamav 0.102.2+dfsg-0+deb10u1 [stretch] - clamav (ClamAV is updated via -updates) [jessie] - clamav (Vulnerable code introduced in 0.102.x) NOTE: https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html CVE-2020-3122 RESERVED CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2020-3120 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3119 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3118 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3117 RESERVED CVE-2020-3116 RESERVED CVE-2020-3115 (A vulnerability in the CLI of the Cisco SD-WAN Solution vManage softwa ...) NOT-FOR-US: Cisco CVE-2020-3114 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3113 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3112 (A vulnerability in the REST API endpoint of Cisco Data Center Network ...) NOT-FOR-US: Cisco CVE-2020-3111 (A vulnerability in the Cisco Discovery Protocol implementation for the ...) NOT-FOR-US: Cisco CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation for the ...) NOT-FOR-US: Cisco CVE-2020-3109 RESERVED CVE-2020-3108 RESERVED CVE-2020-3107 RESERVED CVE-2020-3106 RESERVED CVE-2020-3105 RESERVED CVE-2020-3104 RESERVED CVE-2020-3103 RESERVED CVE-2020-3102 RESERVED CVE-2020-3101 RESERVED CVE-2020-3100 RESERVED CVE-2020-3099 RESERVED CVE-2020-3098 RESERVED CVE-2020-3097 RESERVED CVE-2020-3096 RESERVED CVE-2020-3095 RESERVED CVE-2020-3094 RESERVED CVE-2020-3093 RESERVED CVE-2020-3092 RESERVED CVE-2020-3091 RESERVED CVE-2020-3090 RESERVED CVE-2020-3089 RESERVED CVE-2020-3088 RESERVED CVE-2020-3087 RESERVED CVE-2020-3086 RESERVED CVE-2020-3085 RESERVED CVE-2020-3084 RESERVED CVE-2020-3083 RESERVED CVE-2020-3082 RESERVED CVE-2020-3081 RESERVED CVE-2020-3080 RESERVED CVE-2020-3079 RESERVED CVE-2020-3078 RESERVED CVE-2020-3077 RESERVED CVE-2020-3076 RESERVED CVE-2020-3075 RESERVED CVE-2020-3074 RESERVED CVE-2020-3073 RESERVED CVE-2020-3072 RESERVED CVE-2020-3071 RESERVED CVE-2020-3070 RESERVED CVE-2020-3069 RESERVED CVE-2020-3068 RESERVED CVE-2020-3067 RESERVED CVE-2020-3066 RESERVED CVE-2020-3065 RESERVED CVE-2020-3064 RESERVED CVE-2020-3063 RESERVED CVE-2020-3062 RESERVED CVE-2020-3061 RESERVED CVE-2020-3060 RESERVED CVE-2020-3059 RESERVED CVE-2020-3058 RESERVED CVE-2020-3057 RESERVED CVE-2020-3056 RESERVED CVE-2020-3055 RESERVED CVE-2020-3054 RESERVED CVE-2020-3053 RESERVED CVE-2020-3052 RESERVED CVE-2020-3051 RESERVED CVE-2020-3050 RESERVED CVE-2020-3049 RESERVED CVE-2020-3048 RESERVED CVE-2020-3047 RESERVED CVE-2020-3046 RESERVED CVE-2020-3045 RESERVED CVE-2020-3044 RESERVED CVE-2020-3043 RESERVED CVE-2020-3042 RESERVED CVE-2020-3041 RESERVED CVE-2020-3040 RESERVED CVE-2020-3039 RESERVED CVE-2020-3038 RESERVED CVE-2020-3037 RESERVED CVE-2020-3036 RESERVED CVE-2020-3035 RESERVED CVE-2020-3034 RESERVED CVE-2020-3033 RESERVED CVE-2020-3032 RESERVED CVE-2020-3031 RESERVED CVE-2020-3030 RESERVED CVE-2020-3029 RESERVED CVE-2020-3028 RESERVED CVE-2020-3027 RESERVED CVE-2020-3026 RESERVED CVE-2020-3025 RESERVED CVE-2020-3024 RESERVED CVE-2020-3023 RESERVED CVE-2020-3022 RESERVED CVE-2020-3021 RESERVED CVE-2020-3020 RESERVED CVE-2020-3019 RESERVED CVE-2020-3018 RESERVED CVE-2020-3017 RESERVED CVE-2020-3016 RESERVED CVE-2020-3015 RESERVED CVE-2020-3014 RESERVED CVE-2020-3013 RESERVED CVE-2020-3012 RESERVED CVE-2020-3011 RESERVED CVE-2020-3010 RESERVED CVE-2020-3009 RESERVED CVE-2020-3008 RESERVED CVE-2020-3007 RESERVED CVE-2020-3006 RESERVED CVE-2020-3005 RESERVED CVE-2020-3004 RESERVED CVE-2020-3003 RESERVED CVE-2020-3002 RESERVED CVE-2020-3001 RESERVED CVE-2020-3000 RESERVED CVE-2020-2999 RESERVED CVE-2020-2998 RESERVED CVE-2020-2997 RESERVED CVE-2020-2996 RESERVED CVE-2020-2995 RESERVED CVE-2020-2994 RESERVED CVE-2020-2993 RESERVED CVE-2020-2992 RESERVED CVE-2020-2991 RESERVED CVE-2020-2990 RESERVED CVE-2020-2989 RESERVED CVE-2020-2988 RESERVED CVE-2020-2987 RESERVED CVE-2020-2986 RESERVED CVE-2020-2985 RESERVED CVE-2020-2984 RESERVED CVE-2020-2983 RESERVED CVE-2020-2982 RESERVED CVE-2020-2981 RESERVED CVE-2020-2980 RESERVED CVE-2020-2979 RESERVED CVE-2020-2978 RESERVED CVE-2020-2977 RESERVED CVE-2020-2976 RESERVED CVE-2020-2975 RESERVED CVE-2020-2974 RESERVED CVE-2020-2973 RESERVED CVE-2020-2972 RESERVED CVE-2020-2971 RESERVED CVE-2020-2970 RESERVED CVE-2020-2969 RESERVED CVE-2020-2968 RESERVED CVE-2020-2967 RESERVED CVE-2020-2966 RESERVED CVE-2020-2965 RESERVED CVE-2020-2964 (Vulnerability in the Oracle Financial Services Data Foundation product ...) NOT-FOR-US: Oracle CVE-2020-2963 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2962 RESERVED CVE-2020-2961 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2960 RESERVED CVE-2020-2959 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2958 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2957 RESERVED CVE-2020-2956 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2955 (Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2020-2954 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...) NOT-FOR-US: Oracle CVE-2020-2953 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2952 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2020-2951 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2950 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2949 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2948 RESERVED CVE-2020-2947 (Vulnerability in the PeopleSoft Enterprise HCM Absence Management prod ...) NOT-FOR-US: Oracle CVE-2020-2946 (Vulnerability in the Application Performance Management product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2945 (Vulnerability in the Oracle Financial Services Deposit Insurance Calcu ...) NOT-FOR-US: Oracle CVE-2020-2944 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle Solaris CVE-2020-2943 (Vulnerability in the Oracle Financial Services Liquidity Risk Measurem ...) NOT-FOR-US: Oracle CVE-2020-2942 (Vulnerability in the Oracle Financial Services Price Creation and Disc ...) NOT-FOR-US: Oracle CVE-2020-2941 (Vulnerability in the Oracle Financial Services Funds Transfer Pricing ...) NOT-FOR-US: Oracle CVE-2020-2940 (Vulnerability in the Oracle Financial Services Profitability Managemen ...) NOT-FOR-US: Oracle CVE-2020-2939 (Vulnerability in the Oracle Financial Services Asset Liability Managem ...) NOT-FOR-US: Oracle CVE-2020-2938 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...) NOT-FOR-US: Oracle CVE-2020-2937 (Vulnerability in the Oracle Insurance Accounting Analyzer product of O ...) NOT-FOR-US: Oracle CVE-2020-2936 (Vulnerability in the Oracle Financial Services Balance Sheet Planning ...) NOT-FOR-US: Oracle CVE-2020-2935 (Vulnerability in the Oracle Financial Services Hedge Management and IF ...) NOT-FOR-US: Oracle CVE-2020-2934 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - mysql-connector-java [stretch] - mysql-connector-java (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Stretch) [jessie] - mysql-connector-java (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Jessie) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2933 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - mysql-connector-java [stretch] - mysql-connector-java (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Stretch) [jessie] - mysql-connector-java (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Jessie) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2932 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2931 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2930 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2929 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2928 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2927 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2926 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2925 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2924 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2923 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2922 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2921 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2920 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...) NOT-FOR-US: Oracle CVE-2020-2919 RESERVED CVE-2020-2918 RESERVED CVE-2020-2917 RESERVED CVE-2020-2916 RESERVED CVE-2020-2915 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2914 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2913 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2912 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...) NOT-FOR-US: Oracle CVE-2020-2911 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2910 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2909 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2908 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2907 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2906 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...) NOT-FOR-US: Oracle CVE-2020-2905 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2904 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2903 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2902 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2901 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2900 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2899 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...) NOT-FOR-US: Oracle CVE-2020-2898 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2897 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2896 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2895 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2894 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2893 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2892 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2891 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...) NOT-FOR-US: Oracle CVE-2020-2890 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2889 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2888 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2887 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2020-2886 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2885 (Vulnerability in the Oracle Document Management and Collaboration prod ...) NOT-FOR-US: Oracle CVE-2020-2884 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2883 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2882 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2881 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2880 (Vulnerability in the Oracle Learning Management product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-2879 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2878 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2877 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2020-2876 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2875 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) - mysql-connector-java [stretch] - mysql-connector-java (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Stretch) [jessie] - mysql-connector-java (Oracle doesn't disclose details, but CVSS score is marginal, so seems fine to ignore for Jessie) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2874 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2873 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2020-2872 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2871 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2870 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2869 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2868 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2867 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2866 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2865 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) NOT-FOR-US: Oracle CVE-2020-2864 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-2863 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2862 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2861 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2860 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2859 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2858 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2857 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2856 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2855 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2854 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2853 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2852 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2851 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle Solaris CVE-2020-2850 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2849 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2848 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2847 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2846 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2845 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2844 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2843 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2842 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2841 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2840 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2839 (Vulnerability in the Oracle Service Intelligence product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2838 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) NOT-FOR-US: Oracle CVE-2020-2837 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2836 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2835 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2834 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2833 (Vulnerability in the Oracle Quoting product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-2832 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2831 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2830 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2829 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2828 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2827 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2826 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2825 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2824 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2823 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) NOT-FOR-US: Oracle CVE-2020-2822 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-2821 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-2820 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) NOT-FOR-US: Oracle CVE-2020-2819 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2818 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2817 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2816 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2815 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2814 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2813 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2812 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2811 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2810 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-2809 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2808 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2807 (Vulnerability in the Oracle Marketing Encyclopedia System product of O ...) NOT-FOR-US: Oracle CVE-2020-2806 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2805 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2804 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2803 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2802 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2801 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2800 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2799 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2798 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2797 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2796 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2795 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2794 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2793 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-2792 RESERVED CVE-2020-2791 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2790 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2789 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2788 RESERVED CVE-2020-2787 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2786 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2785 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2784 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2783 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2782 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2780 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2779 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2778 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2777 (Vulnerability in the Hyperion Financial Management product of Oracle H ...) NOT-FOR-US: Oracle CVE-2020-2776 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2775 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2774 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2773 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2772 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2771 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle Solaris CVE-2020-2770 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2769 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...) NOT-FOR-US: Oracle CVE-2020-2768 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-cluster (bug #833356) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2767 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2766 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2765 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2764 (Vulnerability in the Java SE product of Oracle Java SE (component: Adv ...) NOT-FOR-US: Java Advanced Management Console CVE-2020-2763 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2762 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2761 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2760 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2759 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2758 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2757 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2756 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2755 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 CVE-2020-2754 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 CVE-2020-2753 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2752 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2751 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2750 (Vulnerability in the Oracle General Ledger product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2020-2749 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2748 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2747 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2020-2746 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2020-2745 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2020-2744 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2743 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2742 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2741 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2740 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2020-2739 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2738 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2737 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2736 RESERVED CVE-2020-2735 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2020-2734 (Vulnerability in the RDBMS/Optimizer component of Oracle Database Serv ...) NOT-FOR-US: Oracle CVE-2020-2733 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor handled instr ...) {DSA-4667-1} - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c NOTE: https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d CVE-2020-2731 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2730 (Vulnerability in the Oracle Financial Services Revenue Management and ...) NOT-FOR-US: Oracle CVE-2020-2729 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2728 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2727 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2726 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2725 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2724 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2723 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2722 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2721 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2720 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2719 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2718 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2717 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2716 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2715 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2714 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2713 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2712 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2711 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2710 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2709 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...) NOT-FOR-US: Oracle CVE-2020-2708 RESERVED CVE-2020-2707 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2705 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2702 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2701 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2700 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2699 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2697 (Vulnerability in the Oracle Hospitality Suites Management component of ...) NOT-FOR-US: Oracle CVE-2020-2696 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2695 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) NOT-FOR-US: Oracle CVE-2020-2694 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2693 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2692 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2691 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2690 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2689 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2688 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-2687 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2686 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2685 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2684 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2683 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2682 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2681 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2680 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2679 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2678 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2677 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2676 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2675 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2673 (Vulnerability in the Oracle Application Testing Suite product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2672 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2671 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2670 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2669 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2668 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2667 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2666 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2665 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2664 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2663 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2662 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2661 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2660 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DLA-2128-1} - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2658 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2656 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2655 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4605-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 CVE-2020-2654 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2653 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2652 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2651 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2650 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2649 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2648 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2647 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2646 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2645 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2644 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2643 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2642 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2641 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2640 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2639 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2638 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2637 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2636 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2635 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2634 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2633 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2632 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2631 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2630 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2629 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2628 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2627 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2626 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2625 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2624 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2622 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2621 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2620 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2619 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2618 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2617 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2616 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2615 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2614 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...) NOT-FOR-US: Oracle CVE-2020-2613 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2612 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2611 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2610 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2609 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2608 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2607 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2603 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2601 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2599 (Vulnerability in the Oracle Hospitality Cruise Materials Management pr ...) NOT-FOR-US: Oracle CVE-2020-2598 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2597 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2596 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2595 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2594 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2592 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...) NOT-FOR-US: Oracle CVE-2020-2591 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2589 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2588 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2587 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2586 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2585 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) - openjfx 11+26-1 [stretch] - openjfx (Minor issue) NOTE: This only affects JavaFX 8, so marking the first post 8 version as fixed CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-2581 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2580 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2579 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2578 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2576 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2575 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) - mariadb-10.3 1:10.3.22-1 [buster] - mariadb-10.3 1:10.3.22-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.44-0+deb9u1 NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL NOTE: Fixed in MariaDB: 5.5.67, 10.1.44, 10.2.31, 10.3.22, 10.4.12 CVE-2020-2573 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2572 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2571 (Vulnerability in the Oracle VM Server for SPARC product of Oracle Syst ...) NOT-FOR-US: Oracle CVE-2020-2570 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2569 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...) NOT-FOR-US: Oracle CVE-2020-2568 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...) NOT-FOR-US: Oracle CVE-2020-2567 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2566 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2565 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2564 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2563 (Vulnerability in the Hyperion Financial Close Management product of Or ...) NOT-FOR-US: Oracle CVE-2020-2562 RESERVED CVE-2020-2561 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...) NOT-FOR-US: Oracle CVE-2020-2560 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2559 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2558 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2557 (Vulnerability in the Oracle Demantra Demand Management product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2556 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2555 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2554 RESERVED CVE-2020-2553 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2551 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2550 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2549 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2548 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2547 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2546 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2545 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2020-2544 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2543 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2542 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2541 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2540 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2539 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2538 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2537 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2536 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2535 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2534 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-2533 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-2532 RESERVED CVE-2020-2531 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2530 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2020-2529 RESERVED CVE-2020-2528 RESERVED CVE-2020-2527 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2526 RESERVED CVE-2020-2525 RESERVED CVE-2020-2524 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2523 RESERVED CVE-2020-2522 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2521 RESERVED CVE-2020-2520 RESERVED CVE-2020-2519 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2518 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2020-2517 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2516 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2515 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2514 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2513 RESERVED CVE-2020-2512 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2511 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2510 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2509 RESERVED CVE-2020-2508 RESERVED CVE-2020-2507 RESERVED CVE-2020-2506 RESERVED CVE-2020-2505 RESERVED CVE-2020-2504 RESERVED CVE-2020-2503 RESERVED CVE-2020-2502 RESERVED CVE-2020-2501 RESERVED CVE-2020-2500 RESERVED CVE-2020-2499 RESERVED CVE-2020-2498 RESERVED CVE-2020-2497 RESERVED CVE-2020-2496 RESERVED CVE-2020-2495 RESERVED CVE-2020-2494 RESERVED CVE-2020-2493 RESERVED CVE-2020-2492 RESERVED CVE-2020-2491 RESERVED CVE-2020-2490 RESERVED CVE-2020-2489 RESERVED CVE-2020-2488 RESERVED CVE-2020-2487 RESERVED CVE-2020-2486 RESERVED CVE-2020-2485 RESERVED CVE-2020-2484 RESERVED CVE-2020-2483 RESERVED CVE-2020-2482 RESERVED CVE-2020-2481 RESERVED CVE-2020-2480 RESERVED CVE-2020-2479 RESERVED CVE-2020-2478 RESERVED CVE-2020-2477 RESERVED CVE-2020-2476 RESERVED CVE-2020-2475 RESERVED CVE-2020-2474 RESERVED CVE-2020-2473 RESERVED CVE-2020-2472 RESERVED CVE-2020-2471 RESERVED CVE-2020-2470 RESERVED CVE-2020-2469 RESERVED CVE-2020-2468 RESERVED CVE-2020-2467 RESERVED CVE-2020-2466 RESERVED CVE-2020-2465 RESERVED CVE-2020-2464 RESERVED CVE-2020-2463 RESERVED CVE-2020-2462 RESERVED CVE-2020-2461 RESERVED CVE-2020-2460 RESERVED CVE-2020-2459 RESERVED CVE-2020-2458 RESERVED CVE-2020-2457 RESERVED CVE-2020-2456 RESERVED CVE-2020-2455 RESERVED CVE-2020-2454 RESERVED CVE-2020-2453 RESERVED CVE-2020-2452 RESERVED CVE-2020-2451 RESERVED CVE-2020-2450 RESERVED CVE-2020-2449 RESERVED CVE-2020-2448 RESERVED CVE-2020-2447 RESERVED CVE-2020-2446 RESERVED CVE-2020-2445 RESERVED CVE-2020-2444 RESERVED CVE-2020-2443 RESERVED CVE-2020-2442 RESERVED CVE-2020-2441 RESERVED CVE-2020-2440 RESERVED CVE-2020-2439 RESERVED CVE-2020-2438 RESERVED CVE-2020-2437 RESERVED CVE-2020-2436 RESERVED CVE-2020-2435 RESERVED CVE-2020-2434 RESERVED CVE-2020-2433 RESERVED CVE-2020-2432 RESERVED CVE-2020-2431 RESERVED CVE-2020-2430 RESERVED CVE-2020-2429 RESERVED CVE-2020-2428 RESERVED CVE-2020-2427 RESERVED CVE-2020-2426 RESERVED CVE-2020-2425 RESERVED CVE-2020-2424 RESERVED CVE-2020-2423 RESERVED CVE-2020-2422 RESERVED CVE-2020-2421 RESERVED CVE-2020-2420 RESERVED CVE-2020-2419 RESERVED CVE-2020-2418 RESERVED CVE-2020-2417 RESERVED CVE-2020-2416 RESERVED CVE-2020-2415 RESERVED CVE-2020-2414 RESERVED CVE-2020-2413 RESERVED CVE-2020-2412 RESERVED CVE-2020-2411 RESERVED CVE-2020-2410 RESERVED CVE-2020-2409 RESERVED CVE-2020-2408 RESERVED CVE-2020-2407 RESERVED CVE-2020-2406 RESERVED CVE-2020-2405 RESERVED CVE-2020-2404 RESERVED CVE-2020-2403 RESERVED CVE-2020-2402 RESERVED CVE-2020-2401 RESERVED CVE-2020-2400 RESERVED CVE-2020-2399 RESERVED CVE-2020-2398 RESERVED CVE-2020-2397 RESERVED CVE-2020-2396 RESERVED CVE-2020-2395 RESERVED CVE-2020-2394 RESERVED CVE-2020-2393 RESERVED CVE-2020-2392 RESERVED CVE-2020-2391 RESERVED CVE-2020-2390 RESERVED CVE-2020-2389 RESERVED CVE-2020-2388 RESERVED CVE-2020-2387 RESERVED CVE-2020-2386 RESERVED CVE-2020-2385 RESERVED CVE-2020-2384 RESERVED CVE-2020-2383 RESERVED CVE-2020-2382 RESERVED CVE-2020-2381 RESERVED CVE-2020-2380 RESERVED CVE-2020-2379 RESERVED CVE-2020-2378 RESERVED CVE-2020-2377 RESERVED CVE-2020-2376 RESERVED CVE-2020-2375 RESERVED CVE-2020-2374 RESERVED CVE-2020-2373 RESERVED CVE-2020-2372 RESERVED CVE-2020-2371 RESERVED CVE-2020-2370 RESERVED CVE-2020-2369 RESERVED CVE-2020-2368 RESERVED CVE-2020-2367 RESERVED CVE-2020-2366 RESERVED CVE-2020-2365 RESERVED CVE-2020-2364 RESERVED CVE-2020-2363 RESERVED CVE-2020-2362 RESERVED CVE-2020-2361 RESERVED CVE-2020-2360 RESERVED CVE-2020-2359 RESERVED CVE-2020-2358 RESERVED CVE-2020-2357 RESERVED CVE-2020-2356 RESERVED CVE-2020-2355 RESERVED CVE-2020-2354 RESERVED CVE-2020-2353 RESERVED CVE-2020-2352 RESERVED CVE-2020-2351 RESERVED CVE-2020-2350 RESERVED CVE-2020-2349 RESERVED CVE-2020-2348 RESERVED CVE-2020-2347 RESERVED CVE-2020-2346 RESERVED CVE-2020-2345 RESERVED CVE-2020-2344 RESERVED CVE-2020-2343 RESERVED CVE-2020-2342 RESERVED CVE-2020-2341 RESERVED CVE-2020-2340 RESERVED CVE-2020-2339 RESERVED CVE-2020-2338 RESERVED CVE-2020-2337 RESERVED CVE-2020-2336 RESERVED CVE-2020-2335 RESERVED CVE-2020-2334 RESERVED CVE-2020-2333 RESERVED CVE-2020-2332 RESERVED CVE-2020-2331 RESERVED CVE-2020-2330 RESERVED CVE-2020-2329 RESERVED CVE-2020-2328 RESERVED CVE-2020-2327 RESERVED CVE-2020-2326 RESERVED CVE-2020-2325 RESERVED CVE-2020-2324 RESERVED CVE-2020-2323 RESERVED CVE-2020-2322 RESERVED CVE-2020-2321 RESERVED CVE-2020-2320 RESERVED CVE-2020-2319 RESERVED CVE-2020-2318 RESERVED CVE-2020-2317 RESERVED CVE-2020-2316 RESERVED CVE-2020-2315 RESERVED CVE-2020-2314 RESERVED CVE-2020-2313 RESERVED CVE-2020-2312 RESERVED CVE-2020-2311 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-2310 RESERVED CVE-2020-2309 RESERVED CVE-2020-2308 RESERVED CVE-2020-2307 RESERVED CVE-2020-2306 RESERVED CVE-2020-2305 RESERVED CVE-2020-2304 RESERVED CVE-2020-2303 RESERVED CVE-2020-2302 RESERVED CVE-2020-2301 RESERVED CVE-2020-2300 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-2299 RESERVED CVE-2020-2298 RESERVED CVE-2020-2297 RESERVED CVE-2020-2296 RESERVED CVE-2020-2295 RESERVED CVE-2020-2294 RESERVED CVE-2020-2293 RESERVED CVE-2020-2292 RESERVED CVE-2020-2291 RESERVED CVE-2020-2290 RESERVED CVE-2020-2289 RESERVED CVE-2020-2288 RESERVED CVE-2020-2287 RESERVED CVE-2020-2286 RESERVED CVE-2020-2285 RESERVED CVE-2020-2284 RESERVED CVE-2020-2283 RESERVED CVE-2020-2282 RESERVED CVE-2020-2281 RESERVED CVE-2020-2280 RESERVED CVE-2020-2279 RESERVED CVE-2020-2278 RESERVED CVE-2020-2277 RESERVED CVE-2020-2276 RESERVED CVE-2020-2275 RESERVED CVE-2020-2274 RESERVED CVE-2020-2273 RESERVED CVE-2020-2272 RESERVED CVE-2020-2271 RESERVED CVE-2020-2270 RESERVED CVE-2020-2269 RESERVED CVE-2020-2268 RESERVED CVE-2020-2267 RESERVED CVE-2020-2266 RESERVED CVE-2020-2265 RESERVED CVE-2020-2264 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-2263 RESERVED CVE-2020-2262 RESERVED CVE-2020-2261 RESERVED CVE-2020-2260 RESERVED CVE-2020-2259 RESERVED CVE-2020-2258 RESERVED CVE-2020-2257 RESERVED CVE-2020-2256 RESERVED CVE-2020-2255 RESERVED CVE-2020-2254 RESERVED CVE-2020-2253 RESERVED CVE-2020-2252 RESERVED CVE-2020-2251 RESERVED CVE-2020-2250 RESERVED CVE-2020-2249 RESERVED CVE-2020-2248 RESERVED CVE-2020-2247 RESERVED CVE-2020-2246 RESERVED CVE-2020-2245 RESERVED CVE-2020-2244 RESERVED CVE-2020-2243 RESERVED CVE-2020-2242 RESERVED CVE-2020-2241 RESERVED CVE-2020-2240 RESERVED CVE-2020-2239 RESERVED CVE-2020-2238 RESERVED CVE-2020-2237 RESERVED CVE-2020-2236 RESERVED CVE-2020-2235 RESERVED CVE-2020-2234 RESERVED CVE-2020-2233 RESERVED CVE-2020-2232 RESERVED CVE-2020-2231 RESERVED CVE-2020-2230 RESERVED CVE-2020-2229 RESERVED CVE-2020-2228 RESERVED CVE-2020-2227 RESERVED CVE-2020-2226 RESERVED CVE-2020-2225 RESERVED CVE-2020-2224 RESERVED CVE-2020-2223 RESERVED CVE-2020-2222 RESERVED CVE-2020-2221 RESERVED CVE-2020-2220 RESERVED CVE-2020-2219 RESERVED CVE-2020-2218 RESERVED CVE-2020-2217 RESERVED CVE-2020-2216 RESERVED CVE-2020-2215 RESERVED CVE-2020-2214 RESERVED CVE-2020-2213 RESERVED CVE-2020-2212 RESERVED CVE-2020-2211 RESERVED CVE-2020-2210 RESERVED CVE-2020-2209 RESERVED CVE-2020-2208 RESERVED CVE-2020-2207 RESERVED CVE-2020-2206 RESERVED CVE-2020-2205 RESERVED CVE-2020-2204 RESERVED CVE-2020-2203 RESERVED CVE-2020-2202 RESERVED CVE-2020-2201 RESERVED CVE-2020-2200 RESERVED CVE-2020-2199 RESERVED CVE-2020-2198 RESERVED CVE-2020-2197 RESERVED CVE-2020-2196 RESERVED CVE-2020-2195 RESERVED CVE-2020-2194 RESERVED CVE-2020-2193 RESERVED CVE-2020-2192 RESERVED CVE-2020-2191 RESERVED CVE-2020-2190 RESERVED CVE-2020-2189 (Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2188 (A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2020-2187 (Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts s ...) NOT-FOR-US: Jenkins plugin CVE-2020-2186 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2185 (Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH hos ...) NOT-FOR-US: Jenkins plugin CVE-2020-2184 (A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 ...) NOT-FOR-US: Jenkins plugin CVE-2020-2183 (Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper perm ...) NOT-FOR-US: Jenkins plugin CVE-2020-2182 (Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e ...) NOT-FOR-US: Jenkins plugin CVE-2020-2181 (Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e ...) NOT-FOR-US: Jenkins plugin CVE-2020-2180 (Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML p ...) NOT-FOR-US: Jenkins plugin CVE-2020-2179 (Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML ...) NOT-FOR-US: Jenkins plugin CVE-2020-2178 (Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2177 (Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in ...) NOT-FOR-US: Jenkins plugin CVE-2020-2176 (Multiple form validation endpoints in Jenkins useMango Runner Plugin 1 ...) NOT-FOR-US: Jenkins plugin CVE-2020-2175 (Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape rep ...) NOT-FOR-US: Jenkins plugin CVE-2020-2174 (Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape var ...) NOT-FOR-US: Jenkins plugin CVE-2020-2173 (Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Pol ...) NOT-FOR-US: Jenkins plugin CVE-2020-2172 (Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2171 (Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML ...) NOT-FOR-US: Jenkins plugin CVE-2020-2170 (Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package nam ...) NOT-FOR-US: Jenkins plugin CVE-2020-2169 (A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2020-2168 (Jenkins Azure Container Service Plugin 1.0.1 and earlier does not conf ...) NOT-FOR-US: Jenkins plugin CVE-2020-2167 (Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configur ...) NOT-FOR-US: Jenkins plugin CVE-2020-2166 (Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2165 (Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured pass ...) NOT-FOR-US: Jenkins plugin CVE-2020-2164 (Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory se ...) NOT-FOR-US: Jenkins plugin CVE-2020-2163 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processe ...) NOT-FOR-US: Jenkins CVE-2020-2162 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Conten ...) NOT-FOR-US: Jenkins CVE-2020-2161 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly e ...) NOT-FOR-US: Jenkins CVE-2020-2160 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different repr ...) NOT-FOR-US: Jenkins CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job ...) NOT-FOR-US: Jenkins CryptoMove Plugin CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its YAML pa ...) NOT-FOR-US: Jenkins Literate Plugin CVE-2020-2157 (Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured c ...) NOT-FOR-US: Jenkins Skytap Cloud CI Plugin CVE-2020-2156 (Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured crede ...) NOT-FOR-US: Jenkins DeployHub Plugin CVE-2020-2155 (Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configur ...) NOT-FOR-US: Jenkins OpenShift Deployer Plugin CVE-2020-2154 (Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores ...) NOT-FOR-US: Jenkins Zephyr for JIRA Test Management Plugin CVE-2020-2153 (Jenkins Backlog Plugin 2.4 and earlier transmits configured credential ...) NOT-FOR-US: Jenkins Backlog Plugin CVE-2020-2152 (Jenkins Subversion Release Manager Plugin 1.2 and earlier does not esc ...) NOT-FOR-US: Jenkins Subversion Release Manager Plugin CVE-2020-2151 (Jenkins Quality Gates Plugin 2.5 and earlier transmits configured cred ...) NOT-FOR-US: Jenkins Quality Gates Plugin CVE-2020-2150 (Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configu ...) NOT-FOR-US: Jenkins Sonar Quality Gates Plugin CVE-2020-2149 (Jenkins Repository Connector Plugin 1.2.6 and earlier transmits config ...) NOT-FOR-US: Jenkins Repository Connector Plugin CVE-2020-2148 (A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier all ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2147 (A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2146 (Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys w ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2145 (Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier sto ...) NOT-FOR-US: Jenkins Zephyr Enterprise Test Management Plugin CVE-2020-2144 (Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML pa ...) NOT-FOR-US: Jenkins Rundeck Plugin CVE-2020-2143 (Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credent ...) NOT-FOR-US: Jenkins Logstash Plugin CVE-2020-2142 (A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier al ...) NOT-FOR-US: Jenkins P4 Plugin CVE-2020-2141 (A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.1 ...) NOT-FOR-US: Jenkins P4 Plugin CVE-2020-2140 (Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error m ...) NOT-FOR-US: Jenkins Audit Trail Plugin CVE-2020-2139 (An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 ...) NOT-FOR-US: Jenkins Cobertura Plugin CVE-2020-2138 (Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML p ...) NOT-FOR-US: Jenkins Cobertura Plugin CVE-2020-2137 (Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML f ...) NOT-FOR-US: Jenkins Timestamper Plugin CVE-2020-2136 (Jenkins Git Plugin 4.2.0 and earlier does not escape the error message ...) NOT-FOR-US: Jenkins Git Plugin CVE-2020-2135 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2020-2134 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2131 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencryp ...) NOT-FOR-US: Jenkins plugin CVE-2020-2130 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencry ...) NOT-FOR-US: Jenkins plugin CVE-2020-2129 (Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencr ...) NOT-FOR-US: Jenkins plugin CVE-2020-2128 (Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a passw ...) NOT-FOR-US: Jenkins plugin CVE-2020-2127 (Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stor ...) NOT-FOR-US: Jenkins plugin CVE-2020-2126 (Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2020-2125 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG ...) NOT-FOR-US: Jenkins plugin CVE-2020-2124 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier sto ...) NOT-FOR-US: Jenkins plugin CVE-2020-2123 (Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2122 (Jenkins Brakeman Plugin 0.12 and earlier did not escape values receive ...) NOT-FOR-US: Jenkins plugin CVE-2020-2121 (Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not con ...) NOT-FOR-US: Jenkins plugin CVE-2020-2120 (Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2119 (Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credent ...) NOT-FOR-US: Jenkins plugin CVE-2020-2118 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2117 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2116 (A cross-site request forgery vulnerability in Jenkins Pipeline GitHub ...) NOT-FOR-US: Jenkins plugin CVE-2020-2115 (Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parse ...) NOT-FOR-US: Jenkins plugin CVE-2020-2114 (Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured cr ...) NOT-FOR-US: Jenkins plugin CVE-2020-2113 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the de ...) NOT-FOR-US: Jenkins plugin CVE-2020-2112 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2111 (Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error ...) NOT-FOR-US: Jenkins plugin CVE-2020-2110 (Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2109 (Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2108 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwor ...) NOT-FOR-US: Jenkins plugin CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earli ...) NOT-FOR-US: Jenkins CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with ...) NOT-FOR-US: Jenkins CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session ide ...) NOT-FOR-US: Jenkins CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant ...) NOT-FOR-US: Jenkins CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a const ...) NOT-FOR-US: Jenkins CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a ...) NOT-FOR-US: Jenkins CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses e ...) NOT-FOR-US: Jenkins CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...) NOT-FOR-US: Jenkins plugin CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform permission chec ...) NOT-FOR-US: Jenkins plugin CVE-2020-2096 (Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project n ...) NOT-FOR-US: Jenkins plugin CVE-2020-2095 (Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored ...) NOT-FOR-US: Jenkins plugin CVE-2020-2094 (A missing permission check in Jenkins Health Advisor by CloudBees Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2093 (A cross-site request forgery vulnerability in Jenkins Health Advisor b ...) NOT-FOR-US: Jenkins plugin CVE-2020-2092 (Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure it ...) NOT-FOR-US: Jenkins plugin CVE-2020-2091 (A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2020-2090 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2089 RESERVED CVE-2020-2088 RESERVED CVE-2020-2087 RESERVED CVE-2020-2086 RESERVED CVE-2020-2085 RESERVED CVE-2020-2084 RESERVED CVE-2020-2083 RESERVED CVE-2020-2082 RESERVED CVE-2020-2081 RESERVED CVE-2020-2080 RESERVED CVE-2020-2079 RESERVED CVE-2020-2078 RESERVED CVE-2020-2077 RESERVED CVE-2020-2076 RESERVED CVE-2020-2075 RESERVED CVE-2020-2074 RESERVED CVE-2020-2073 RESERVED CVE-2020-2072 RESERVED CVE-2020-2071 RESERVED CVE-2020-2070 RESERVED CVE-2020-2069 RESERVED CVE-2020-2068 RESERVED CVE-2020-2067 RESERVED CVE-2020-2066 RESERVED CVE-2020-2065 RESERVED CVE-2020-2064 RESERVED CVE-2020-2063 RESERVED CVE-2020-2062 RESERVED CVE-2020-2061 RESERVED CVE-2020-2060 RESERVED CVE-2020-2059 RESERVED CVE-2020-2058 RESERVED CVE-2020-2057 RESERVED CVE-2020-2056 RESERVED CVE-2020-2055 RESERVED CVE-2020-2054 RESERVED CVE-2020-2053 RESERVED CVE-2020-2052 RESERVED CVE-2020-2051 RESERVED CVE-2020-2050 RESERVED CVE-2020-2049 RESERVED CVE-2020-2048 RESERVED CVE-2020-2047 RESERVED CVE-2020-2046 RESERVED CVE-2020-2045 RESERVED CVE-2020-2044 RESERVED CVE-2020-2043 RESERVED CVE-2020-2042 RESERVED CVE-2020-2041 RESERVED CVE-2020-2040 RESERVED CVE-2020-2039 RESERVED CVE-2020-2038 RESERVED CVE-2020-2037 RESERVED CVE-2020-2036 RESERVED CVE-2020-2035 RESERVED CVE-2020-2034 RESERVED CVE-2020-2033 RESERVED CVE-2020-2032 RESERVED CVE-2020-2031 RESERVED CVE-2020-2030 RESERVED CVE-2020-2029 RESERVED CVE-2020-2028 RESERVED CVE-2020-2027 RESERVED CVE-2020-2026 RESERVED CVE-2020-2025 (Kata Containers before 1.11.0 on Cloud Hypervisor persists guest files ...) TODO: check CVE-2020-2024 (An improper link resolution vulnerability affects Kata Containers vers ...) TODO: check CVE-2020-2023 RESERVED CVE-2020-2022 RESERVED CVE-2020-2021 RESERVED CVE-2020-2020 RESERVED CVE-2020-2019 RESERVED CVE-2020-2018 (An authentication bypass vulnerability in the Panorama context switchi ...) NOT-FOR-US: PAN-OS CVE-2020-2017 (A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Pa ...) NOT-FOR-US: PAN-OS CVE-2020-2016 (A race condition due to insecure creation of a file in a temporary dir ...) NOT-FOR-US: PAN-OS CVE-2020-2015 (A buffer overflow vulnerability in the PAN-OS management server allows ...) NOT-FOR-US: PAN-OS CVE-2020-2014 (An OS Command Injection vulnerability in PAN-OS management server allo ...) NOT-FOR-US: PAN-OS CVE-2020-2013 (A cleartext transmission of sensitive information vulnerability in Pal ...) NOT-FOR-US: PAN-OS CVE-2020-2012 (Improper restriction of XML external entity reference ('XXE') vulnerab ...) NOT-FOR-US: PAN-OS CVE-2020-2011 (An improper input validation vulnerability in the configuration daemon ...) NOT-FOR-US: PAN-OS CVE-2020-2010 (An OS command injection vulnerability in PAN-OS management interface a ...) NOT-FOR-US: PAN-OS CVE-2020-2009 (An external control of filename vulnerability in the SD WAN component ...) NOT-FOR-US: PAN-OS CVE-2020-2008 (An OS command injection and external control of filename vulnerability ...) NOT-FOR-US: PAN-OS CVE-2020-2007 (An OS command injection vulnerability in the management server compone ...) NOT-FOR-US: PAN-OS CVE-2020-2006 (A stack-based buffer overflow vulnerability in the management server c ...) NOT-FOR-US: PAN-OS CVE-2020-2005 (A cross-site scripting (XSS) vulnerability exists when visiting malici ...) NOT-FOR-US: PAN-OS CVE-2020-2004 (Under certain circumstances a user's password may be logged in clearte ...) NOT-FOR-US: PAN-OS CVE-2020-2003 (An external control of filename vulnerability in the command processin ...) NOT-FOR-US: PAN-OS CVE-2020-2002 (An authentication bypass by spoofing vulnerability exists in the authe ...) NOT-FOR-US: PAN-OS CVE-2020-2001 (An external control of path and data vulnerability in the Palo Alto Ne ...) NOT-FOR-US: PAN-OS CVE-2020-2000 RESERVED CVE-2020-1999 RESERVED CVE-2020-1998 (An improper authorization vulnerability in PAN-OS that mistakenly uses ...) NOT-FOR-US: PAN-OS CVE-2020-1997 (An open redirection vulnerability in the GlobalProtect component of Pa ...) NOT-FOR-US: PAN-OS CVE-2020-1996 (A missing authorization vulnerability in the management server compone ...) NOT-FOR-US: PAN-OS CVE-2020-1995 (A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS ...) NOT-FOR-US: PAN-OS CVE-2020-1994 (A predictable temporary file vulnerability in PAN-OS allows a local au ...) NOT-FOR-US: PAN-OS CVE-2020-1993 (The GlobalProtect Portal feature in PAN-OS does not set a new session ...) NOT-FOR-US: PAN-OS CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1990 (A stack-based buffer overflow vulnerability in the management server c ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1989 (An incorrect privilege assignment vulnerability when writing applicati ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1988 (An unquoted search path vulnerability in the Windows release of Global ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1987 (An information exposure vulnerability in the logging component of Palo ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1986 (Improper input validation vulnerability in Secdo allows an authenticat ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in S ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...) {DSA-4665-1} - qemu 1:4.1-2 - qemu-kvm - libslirp 4.2.0-2 - slirp4netns 1.0.1-1 [buster] - slirp4netns (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9bd6c5913271eabcb7768a58197ed3301fe19f2d NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. CVE-2020-1982 RESERVED CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local ...) NOT-FOR-US: PAN-OS CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...) NOT-FOR-US: PAN-OS CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...) NOT-FOR-US: PAN-OS CVE-2020-1978 (TechSupport files generated on Palo Alto Networks VM Series firewalls ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...) NOT-FOR-US: Palo Alto CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...) NOT-FOR-US: Palo Alto Networks GlobalProtect software CVE-2020-1975 (Missing XML validation vulnerability in the PAN-OS web interface on Pa ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-1974 RESERVED CVE-2020-1973 RESERVED CVE-2020-1972 RESERVED CVE-2020-1971 RESERVED CVE-2020-1970 RESERVED CVE-2020-1969 RESERVED CVE-2020-1968 RESERVED CVE-2020-1967 (Server or client applications that call the SSL_check_chain() function ...) {DSA-4661-1} - openssl 1.1.1g-1 [stretch] - openssl (Only affects 1.1.1d to 1.1.1f) [jessie] - openssl (Only affects 1.1.1d to 1.1.1f) - openssl1.0 (Only affects 1.1.1d to 1.1.1f) NOTE: https://www.openssl.org/news/secadv/20200421.txt CVE-2020-1966 RESERVED CVE-2020-1965 RESERVED CVE-2020-1964 (It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-inc ...) NOT-FOR-US: Apache Heron CVE-2020-1963 RESERVED CVE-2020-1962 REJECTED CVE-2020-1961 (Vulnerability to Server-Side Template Injection on Mail templates for ...) NOT-FOR-US: Apache Syncope CVE-2020-1960 (A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 ...) NOT-FOR-US: Apache Flink CVE-2020-1959 (A Server-Side Template Injection was identified in Apache Syncope prio ...) NOT-FOR-US: Apache Syncope CVE-2020-1958 (When LDAP authentication is enabled in Apache Druid 0.17.0, callers of ...) - druid (bug #825797) CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...) {DLA-2181-1} - shiro (bug #955018) NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2 NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139 NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322 CVE-2020-1956 (Kylin has some restful apis which will concatenate os command with the ...) NOT-FOR-US: Apache Kylin CVE-2020-1955 (CouchDB version 3.0.0 shipped with a new configuration setting that go ...) - couchdb CVE-2020-1954 (Apache CXF has the ability to integrate with JMX by registering an Ins ...) NOT-FOR-US: Apache CXF CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML ...) - commons-configuration2 2.7-1 (bug #954713) NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1 CVE-2020-1952 (An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. W ...) NOT-FOR-US: Apache IoTDB CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite loop in ...) {DLA-2161-1} - tika (bug #954302) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/4 CVE-2020-1950 (A carefully crafted or corrupt PSD file can cause excessive memory usa ...) {DLA-2161-1} - tika (bug #954303) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/3 CVE-2020-1949 (Scripts in Sling CMS before 0.16.0 do not property escape the Sling Se ...) NOT-FOR-US: Apache Sling CVE-2020-1948 RESERVED CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingS ...) NOT-FOR-US: Apache ShardingSphere CVE-2020-1946 RESERVED CVE-2020-1945 (Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default tempora ...) - ant 1.10.8-1 (low; bug #960630) [buster] - ant (Minor issue) [stretch] - ant (Minor issue) [jessie] - ant (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/05/13/1 NOTE: https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (1.9.15) NOTE: https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (1.9.15) NOTE: https://github.com/apache/ant/commit/d591851ae3921172bb825b5a5344afa3de0e28ca (10.8) NOTE: https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (10.8) NOTE: https://github.com/apache/ant/commit/041b058c7bf10a94d56db3ca9dba38cf90ab9943 (10.8) NOTE: https://github.com/apache/ant/commit/a8645a151bc706259fb1789ef587d05482d98612 (10.8) NOTE: https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (10.8) CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...) {DSA-4672-1} - trafficserver 8.0.6+ds-1 NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/commit/5830bc72611e85e7a31098ce86710242f29076dc CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized, allowing ...) NOT-FOR-US: Apache OFBiz CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated ...) NOT-FOR-US: Apache NiFi CVE-2020-1941 (In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open ...) - activemq (unimportant) NOTE: Admin console not enabled in the Debian package, see #702670) NOTE: Fixed in 5.15.12 CVE-2020-1940 (The optional initial password change and password expiration features ...) NOT-FOR-US: Apache Jackrabbit Oak CVE-2020-1939 (The Apache NuttX (Incubating) project provides an optional separate "a ...) NOT-FOR-US: Apache NuttX CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...) {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1} - tomcat9 9.0.31-1 (bug #952437) - tomcat8 (bug #952438) - tomcat7 (bug #952436) NOTE: AJP disabled in Debian in default configuration since 2008 NOTE: fixed in upstream versions 9.0.31, 8.5.51, 7.0.100 NOTE: https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487 NOTE: https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb (9.0.31) NOTE: https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad (9.0.31) NOTE: https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72 (7.0.100) NOTE: https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2 (7.0.100) NOTE: https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba (7.0.100) NOTE: https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645 (7.0.100) CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the user ...) NOT-FOR-US: Apache Kylin CVE-2020-1936 RESERVED CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...) {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1} - tomcat9 9.0.31-1 - tomcat8 - tomcat7 NOTE: https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d (7.0.100) CVE-2020-1934 (In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitial ...) - apache2 2.4.43-1 (low) [buster] - apache2 (Minor issue) [stretch] - apache2 (Minor issue) [jessie] - apache2 (Minor issue) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1934 NOTE: Upstream patch: https://svn.apache.org/r1873745 CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Maliciou ...) NOT-FOR-US: Apache NiFi CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...) NOT-FOR-US: Apache Superset CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) {DSA-4615-1 DLA-2107-1} - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784 (restricted) CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) {DSA-4615-1 DLA-2107-1} - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648 (restricted) CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an ...) NOT-FOR-US: Apache Beam MongoDB connector CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...) NOT-FOR-US: Apache NiFi CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_r ...) - apache2 2.4.43-1 (low) [buster] - apache2 (Minor issue) [stretch] - apache2 (Minor issue) [jessie] - apache2 (Minor issue) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927 NOTE: https://svn.apache.org/r1873905 NOTE: https://svn.apache.org/r1874191 CVE-2020-1926 RESERVED CVE-2020-1925 (Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperI ...) NOT-FOR-US: Olingo CVE-2020-1924 RESERVED CVE-2020-1923 RESERVED CVE-2020-1922 RESERVED CVE-2020-1921 RESERVED CVE-2020-1920 RESERVED CVE-2020-1919 RESERVED CVE-2020-1918 RESERVED CVE-2020-1917 RESERVED CVE-2020-1916 RESERVED CVE-2020-1915 RESERVED CVE-2020-1914 RESERVED CVE-2020-1913 RESERVED CVE-2020-1912 RESERVED CVE-2020-1911 RESERVED CVE-2020-1910 RESERVED CVE-2020-1909 RESERVED CVE-2020-1908 RESERVED CVE-2020-1907 RESERVED CVE-2020-1906 RESERVED CVE-2020-1905 RESERVED CVE-2020-1904 RESERVED CVE-2020-1903 RESERVED CVE-2020-1902 RESERVED CVE-2020-1901 RESERVED CVE-2020-1900 RESERVED CVE-2020-1899 RESERVED CVE-2020-1898 RESERVED CVE-2020-1897 (A use-after-free is possible due to an error in lifetime management in ...) TODO: check CVE-2020-1896 RESERVED CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...) NOT-FOR-US: Instagram for Android CVE-2020-1894 RESERVED CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...) - hhvm CVE-2020-1892 (Insufficient boundary checks when decoding JSON in JSON_parser allows ...) - hhvm CVE-2020-1891 RESERVED CVE-2020-1890 RESERVED CVE-2020-1889 RESERVED CVE-2020-1888 (Insufficient boundary checks when decoding JSON in handleBackslash rea ...) - hhvm CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions after ...) - osquery (bug #803502) CVE-2020-1886 RESERVED CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...) NOT-FOR-US: Oculus Desktop CVE-2020-1884 RESERVED CVE-2020-1883 RESERVED CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...) NOT-FOR-US: Huawei CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1880 (Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00 ...) NOT-FOR-US: Huawei CVE-2020-1879 (There is an improper integrity checking vulnerability on some huawei p ...) NOT-FOR-US: Huawei CVE-2020-1878 (Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D ...) NOT-FOR-US: Huawei CVE-2020-1877 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...) NOT-FOR-US: Huawei CVE-2020-1876 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...) NOT-FOR-US: Huawei CVE-2020-1875 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...) NOT-FOR-US: Huawei CVE-2020-1874 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...) NOT-FOR-US: Huawei CVE-2020-1873 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E ...) NOT-FOR-US: Huawei CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...) NOT-FOR-US: Huawei CVE-2020-1870 RESERVED CVE-2020-1869 RESERVED CVE-2020-1868 RESERVED CVE-2020-1867 RESERVED CVE-2020-1866 RESERVED CVE-2020-1865 RESERVED CVE-2020-1864 (Some Huawei products have a security vulnerability due to improper aut ...) NOT-FOR-US: Huawei CVE-2020-1863 (Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, an ...) NOT-FOR-US: Huawei CVE-2020-1862 (There is a double free vulnerability in some Huawei products. A local ...) NOT-FOR-US: Huawei CVE-2020-1861 (CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700 ...) NOT-FOR-US: Huawei CVE-2020-1860 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1859 RESERVED CVE-2020-1858 (Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V ...) NOT-FOR-US: Huawei CVE-2020-1857 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1856 (Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG ...) NOT-FOR-US: Huawei CVE-2020-1855 (Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-55 ...) NOT-FOR-US: Huawei CVE-2020-1854 RESERVED CVE-2020-1853 (GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. ...) NOT-FOR-US: Huawei CVE-2020-1852 RESERVED CVE-2020-1851 RESERVED CVE-2020-1850 RESERVED CVE-2020-1849 RESERVED CVE-2020-1848 RESERVED CVE-2020-1847 RESERVED CVE-2020-1846 RESERVED CVE-2020-1845 (Huawei PCManager product with versions earlier than 10.0.5.53 have a l ...) NOT-FOR-US: Huawei CVE-2020-1844 (PCManager with versions earlier than 10.0.5.51 have a privilege escala ...) NOT-FOR-US: Huawei CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...) NOT-FOR-US: Huawei CVE-2020-1842 (Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version ...) NOT-FOR-US: Huawei CVE-2020-1841 (Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6 ...) NOT-FOR-US: Huawei CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...) NOT-FOR-US: Huawei CVE-2020-1839 RESERVED CVE-2020-1838 RESERVED CVE-2020-1837 RESERVED CVE-2020-1836 RESERVED CVE-2020-1835 RESERVED CVE-2020-1834 RESERVED CVE-2020-1833 RESERVED CVE-2020-1832 RESERVED CVE-2020-1831 RESERVED CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...) NOT-FOR-US: Huawei CVE-2020-1828 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...) NOT-FOR-US: Huawei CVE-2020-1825 RESERVED CVE-2020-1824 RESERVED CVE-2020-1823 RESERVED CVE-2020-1822 RESERVED CVE-2020-1821 RESERVED CVE-2020-1820 RESERVED CVE-2020-1819 RESERVED CVE-2020-1818 RESERVED CVE-2020-1817 (Huawei PCManager with versions earlier than 10.0.1.36 has a privilege ...) NOT-FOR-US: Huawei CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1814 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1813 RESERVED CVE-2020-1812 (HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P ...) NOT-FOR-US: Huawei CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) NOT-FOR-US: Huawei CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...) NOT-FOR-US: Huawei CVE-2020-1809 RESERVED CVE-2020-1808 (Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 wi ...) NOT-FOR-US: Huawei CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...) NOT-FOR-US: Huawei CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) NOT-FOR-US: Huawei CVE-2020-1805 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) NOT-FOR-US: Huawei CVE-2020-1804 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) NOT-FOR-US: Huawei CVE-2020-1803 (Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C63 ...) NOT-FOR-US: Huawei CVE-2020-1802 (There is an insufficient integrity validation vulnerability in several ...) NOT-FOR-US: Huawei CVE-2020-1801 (There is an improper authentication vulnerability in several smartphon ...) NOT-FOR-US: Huawei CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P ...) NOT-FOR-US: Huawei CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00 ...) TODO: check CVE-2020-1798 RESERVED CVE-2020-1797 RESERVED CVE-2020-1796 (There is an improper authorization vulnerability in several smartphone ...) NOT-FOR-US: Huawei CVE-2020-1795 (There is a logic error vulnerability in several smartphones. The softw ...) NOT-FOR-US: Huawei CVE-2020-1794 (There is an improper authentication vulnerability in several smartphon ...) NOT-FOR-US: Huawei CVE-2020-1793 (There is an improper authentication vulnerability in several smartphon ...) NOT-FOR-US: Huawei CVE-2020-1792 (Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C ...) NOT-FOR-US: Huawei CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...) NOT-FOR-US: Huawei CVE-2020-1790 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) NOT-FOR-US: Huawei CVE-2020-1789 (Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with ve ...) NOT-FOR-US: Huawei CVE-2020-1788 (Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P ...) NOT-FOR-US: Huawei CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...) NOT-FOR-US: Huawei CVE-2020-1786 (HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69 ...) NOT-FOR-US: Huawei CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of ser ...) NOT-FOR-US: Huawei CVE-2020-1784 RESERVED CVE-2020-1783 RESERVED CVE-2020-1782 RESERVED CVE-2020-1781 RESERVED CVE-2020-1780 RESERVED CVE-2020-1779 RESERVED CVE-2020-1778 RESERVED CVE-2020-1777 RESERVED CVE-2020-1776 RESERVED CVE-2020-1775 RESERVED CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported file has ...) {DLA-2198-1} - otrs2 6.0.28-1 (bug #959448) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/ NOTE: Fixed in 7.0.17, 6.0.28 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342 CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (Too intrusive to backport) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e NOTE: OTRS5: https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77 CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...) {DLA-2198-1} - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b NOTE: OTRS5: https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7 CVE-2020-1771 (Attacker is able craft an article with a link to the customer address ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (Vulnerable code introduced in later version) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/ NOTE: Fixed in 7.0.16, 6.0.27 NOTE: https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2 CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...) {DLA-2198-1} - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95 NOTE: OTRS5: https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (https://lists.debian.org/debian-lts/2020/04/msg00040.html) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/1b74e24582c946d02209acfc248d4ba451251f93 NOTE: OTRS5: https://github.com/OTRS/otrs/commit/7974ea582211c13730d223fc4dcdffa542af423f CVE-2020-1768 (The external frontend system uses numerous background calls to the bac ...) - otrs2 (Only affects 7.0.x series) NOTE: https://community.otrs.com/security-advisory-2020-04/ CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then Agent ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/ NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570 CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/ NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6) NOTE: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a (OTRS5) CVE-2020-1765 (An improper control of parameters allows the spoofing of the from fiel ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/ NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6) NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5) CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default configurat ...) NOT-FOR-US: Kiali CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon of lib ...) {DSA-4684-1} - libreswan 3.32-1 (bug #960458) NOTE: Introduced by: https://github.com/libreswan/libreswan/commit/fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 (v3.27) NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 NOTE: https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt CVE-2020-1762 (An insufficient JWT validation vulnerability was found in Kiali versio ...) NOT-FOR-US: Kiali CVE-2020-1761 RESERVED NOT-FOR-US: OpenShift CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports request ...) {DLA-2171-1} - ceph 14.2.9-1 (bug #956142) NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/8aa1f77363ec32bdc57744a143035033291ab5e1 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/18eb4d918b27d362312c29a3bbd57a421897c0a5 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/1bf14094fec34770d2cc74317f4238ccb2dfef98 NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/1 CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Opensh ...) - ceph 14.2.9-1 (bug #956139) [buster] - ceph (Vulnerable code not present) [stretch] - ceph (Vulnerable code not present) [jessie] - ceph (Vulnerable code not present) NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/fe387e02b11df98357d8cdbfa3b1f1d5f2bb3f74 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/84d2e215969cde830b086d11544aeb3666614211 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/659ec7dc6e30fe961832f813da007f49e603a33d NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2 CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where it does ...) NOT-FOR-US: Keycloak CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to undertow- ...) - undertow NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1752770 CVE-2020-1756 RESERVED CVE-2020-1755 RESERVED CVE-2020-1754 RESERVED CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...) - ansible [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1811008 NOTE: https://github.com/ansible-collections/kubernetes/pull/51 NOTE: Fixing commit only introduces a warning about disclosure when using certain NOTE: options. CVE-2020-1752 (A use-after-free vulnerability introduced in glibc upstream version 2. ...) - glibc 2.30-3 (bug #953788) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25414 NOTE: Introduced in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f2962a71959fd254a7a223437ca4b63b9e81130c (2.14) NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c CVE-2020-1751 (An out-of-bounds write vulnerability was found in glibc before 2.31 wh ...) - glibc 2.30-3 [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25423 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d93769405996dfc11d216ddbe415946617b5a494 CVE-2020-1750 RESERVED NOT-FOR-US: OpenShift machine-config-operator CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup] RESERVED - linux 5.4.6-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2 CVE-2020-1748 RESERVED CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions befor ...) - pyyaml 5.3-2 (bug #953013) [buster] - pyyaml (Loader/Constructor classes are unsafe in this version) [stretch] - pyyaml (Loader/Constructor classes are unsafe in this version) [jessie] - pyyaml (Loader/Constructor classes are unsafe in this version) NOTE: https://github.com/yaml/pyyaml/pull/386 CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine versio ...) - ansible [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805491 NOTE: https://github.com/ansible/ansible/pull/67866 CVE-2020-1745 (A file inclusion vulnerability was found in the AJP connector enabled ...) - undertow 2.0.30-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1807305 NOTE: Variant of the Ghostcat Tomcat vulnerability, CVE-2020-1938. NOTE: According to https://lists.jboss.org/pipermail/undertow-dev/2020-March/002422.html NOTE: the fix is: https://github.com/undertow-io/undertow/pull/859 CVE-2020-1744 (A flaw was found in keycloak before version 9.0.1. When configuring an ...) NOT-FOR-US: Keycloak CVE-2020-1743 RESERVED CVE-2020-1742 RESERVED NOT-FOR-US: OpenShift jenkins-slave-base-rhel7-container CVE-2020-1741 (A flaw was found in openshift-ansible. OpenShift Container Platform (O ...) NOT-FOR-US: openshift-ansible CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...) {DLA-2202-1} - ansible 2.9.7+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193 NOTE: https://github.com/ansible/ansible/issues/67798 NOTE: https://github.com/ansible/ansible/pull/68644 CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...) {DLA-2202-1} - ansible 2.9.7+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178 NOTE: https://github.com/ansible/ansible/issues/67797 NOTE: https://github.com/ansible/ansible/pull/67829 NOTE: https://github.com/ansible/ansible/commit/d91658ec0c8434c82c3ef98bfe9eb4e1027a43a3 CVE-2020-1738 (A flaw was found in Ansible Engine when the module package or service ...) - ansible (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802164 NOTE: https://github.com/ansible/ansible/issues/67796 NOTE: Marked unimportant as for exploitation it requires already a remote that is NOTE: compromised, cf. https://github.com/ansible/ansible/issues/67796#issuecomment-614656017 CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...) - ansible 2.9.7+dfsg-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154 NOTE: https://github.com/ansible/ansible/issues/67795 NOTE: https://github.com/ansible/ansible/pull/67799 NOTE: Issue in the win_unzip module which is executed only on Windows plattform CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using atomic_m ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802124 NOTE: https://github.com/ansible/ansible/issues/67794 CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is used. ...) - ansible [jessie] - ansible (No remote expansion in fetch module) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085 NOTE: https://github.com/ansible/ansible/issues/67793 NOTE: https://github.com/ansible/ansible/pull/68720 NOTE: Introduced in https://github.com/ansible/ansible/commit/e47f6137e5b897dec4319e7cb7791fb9b2cffb8d (1.8) CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ...) - ansible (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804 NOTE: https://github.com/ansible/ansible/issues/6550 NOTE: https://github.com/ansible/ansible/issues/67792 NOTE: Upstream considers this intended functionality and delegates it up to the NOTE: playbook author to ensure they use the quote filter. CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...) {DLA-2202-1} - ansible 2.9.7+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735 NOTE: https://github.com/ansible/ansible/issues/67791 NOTE: https://github.com/ansible/ansible/pull/68921 NOTE: https://github.com/ansible/ansible/commit/8077d8e40148fe77e2393caa5f2b2ea855149d63 NOTE: When applying the fix for CVE-2020-1733 make sure to apply complete fix to NOTE: not open up CVE-2020-10744. CVE-2020-1732 (A flaw was found in Soteria before 1.0.1, in a way that multiple reque ...) - wildfly (bug #752018) CVE-2020-1731 (A flaw was found in all versions of the Keycloak operator, before vers ...) NOT-FOR-US: Keycloak CVE-2020-1730 (A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in t ...) - libssh 0.9.4-1 (bug #956308) [buster] - libssh 0.8.7-1+deb10u1 [stretch] - libssh (Vulnerable code introduced later) [jessie] - libssh (Vulnerable code introduced later) NOTE: https://www.libssh.org/security/advisories/CVE-2020-1730.txt NOTE: https://bugs.libssh.org/T213 NOTE: Introduced by: https://git.libssh.org/projects/libssh.git/commit/?id=84a85803b4c83b8dac03b0d0aba58b48c98253e6 (libssh-0.8.0) NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b36272eac1b36982598c10de7af0a501582de07a CVE-2020-1729 RESERVED NOT-FOR-US: SmallRye Config CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the pages ...) NOT-FOR-US: Keycloak CVE-2020-1727 RESERVED NOT-FOR-US: Keycloak CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...) - libpod NOTE: Introduced in: https://github.com/containers/libpod/commit/997c4b56ed2121726e966afe9a102ed16ba78f93 (v1.6.0-rc1) NOTE: https://github.com/containers/libpod/pull/5168 NOTE: Fixed by: https://github.com/containers/libpod/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42 (v1.8.1-rc1) CVE-2020-1725 RESERVED CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This flaw allow ...) NOT-FOR-US: Keycloak CVE-2020-1723 RESERVED CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...) - freeipa NOTE: https://pagure.io/freeipa/issue/8268 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793071 CVE-2020-1721 RESERVED - dogtag-pki NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579 CVE-2020-1720 (A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", whe ...) {DSA-4623-1 DSA-4622-1 DLA-2105-1} - postgresql-12 12.2-1 - postgresql-11 - postgresql-9.6 - postgresql-9.4 NOTE: https://www.postgresql.org/about/news/2011/ NOTE: Fixed in 12.2, 11.7, 10.12, 9.6.17, 9.5.21, and 9.4.26 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b048f558dd7c26a0c630a2cff29d3d8981eaf6b9 CVE-2020-1719 RESERVED - wildfly (bug #752018) CVE-2020-1718 (A flaw was found in the reset credential flow in all Keycloak versions ...) NOT-FOR-US: Keycloak CVE-2020-1717 RESERVED CVE-2020-1716 RESERVED NOT-FOR-US: ceph-ansible CVE-2020-1715 RESERVED CVE-2020-1714 (A flaw was found in Keycloak before version 11.0.0, where the code bas ...) NOT-FOR-US: Keycloak CVE-2020-1713 RESERVED CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before versio ...) - systemd 244.2-1 (bug #950732) [buster] - systemd 241-7~deb10u4 [stretch] - systemd (Can be fixed via point release) [jessie] - systemd (Vulnerable code introduced later) NOTE: https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation) NOTE: https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 (preparation) NOTE: https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab (preparation) NOTE: https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b (preparation) NOTE: https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 (introduce new API) NOTE: https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb (use new function to fix CVE-2020-1712) NOTE: https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation) NOTE: https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971 CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...) {DLA-2144-1} - qemu 1:4.2-2 (bug #949731) [buster] - qemu 1:3.1+dfsg-8+deb10u4 [stretch] - qemu (Intrusive to backport, revisit later) - qemu-kvm NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html NOTE: https://www.openwall.com/lists/oss-security/2020/01/23/3 CVE-2020-1710 RESERVED CVE-2020-1709 (A vulnerability was found in all openshift/mediawiki 4.x.x versions pr ...) NOT-FOR-US: openshift CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all openshi ...) NOT-FOR-US: openshift CVE-2020-1707 (A vulnerability was found in all openshift/postgresql-apb 4.x.x versio ...) NOT-FOR-US: openshift CVE-2020-1706 (It has been found that in openshift-enterprise version 3.11 and opensh ...) NOT-FOR-US: openshift CVE-2020-1705 (A vulnerability was found in openshift/template-service-broker-operato ...) NOT-FOR-US: openshift CVE-2020-1704 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2020-1703 RESERVED - freeipa (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793049 NOTE: Disputed by upstream, works as intended CVE-2020-1702 RESERVED NOT-FOR-US: Red Hat container manager tooling CVE-2020-1701 RESERVED NOT-FOR-US: KubeVirt CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...) - ceph 14.2.7-1 [buster] - ceph (Minor issue) [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/42531 NOTE: https://github.com/ceph/ceph/pull/33017 NOTE: https://github.com/ceph/ceph/commit/ff72c50a2c43c57aead933eb4903ad1ca6d1748a CVE-2020-1699 (A path traversal flaw was found in the Ceph dashboard implemented in u ...) - ceph 14.2.6-4 (bug #949206) [buster] - ceph (Vulnerable code introduced later) [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/41320 NOTE: https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158 CVE-2020-1698 (A flaw was found in keycloak in versions before 9.0.0. A logged except ...) NOT-FOR-US: Keycloak CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to exter ...) NOT-FOR-US: Keycloak CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...) - dogtag-pki NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707 CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ...) - resteasy - resteasy3.0 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462 CVE-2020-1694 RESERVED CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...) NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...) - moodle CVE-2020-1691 RESERVED CVE-2020-1690 RESERVED NOT-FOR-US: openstack-selinux CVE-2020-1689 RESERVED CVE-2020-1688 RESERVED CVE-2020-1687 RESERVED CVE-2020-1686 RESERVED CVE-2020-1685 RESERVED CVE-2020-1684 RESERVED CVE-2020-1683 RESERVED CVE-2020-1682 RESERVED CVE-2020-1681 RESERVED CVE-2020-1680 RESERVED CVE-2020-1679 RESERVED CVE-2020-1678 RESERVED CVE-2020-1677 RESERVED CVE-2020-1676 RESERVED CVE-2020-1675 RESERVED CVE-2020-1674 RESERVED CVE-2020-1673 RESERVED CVE-2020-1672 RESERVED CVE-2020-1671 RESERVED CVE-2020-1670 RESERVED CVE-2020-1669 RESERVED CVE-2020-1668 RESERVED CVE-2020-1667 RESERVED CVE-2020-1666 RESERVED CVE-2020-1665 RESERVED CVE-2020-1664 RESERVED CVE-2020-1663 RESERVED CVE-2020-1662 RESERVED CVE-2020-1661 RESERVED CVE-2020-1660 RESERVED CVE-2020-1659 RESERVED CVE-2020-1658 RESERVED CVE-2020-1657 RESERVED CVE-2020-1656 RESERVED CVE-2020-1655 RESERVED CVE-2020-1654 RESERVED CVE-2020-1653 RESERVED CVE-2020-1652 RESERVED CVE-2020-1651 RESERVED CVE-2020-1650 RESERVED CVE-2020-1649 RESERVED CVE-2020-1648 RESERVED CVE-2020-1647 RESERVED CVE-2020-1646 RESERVED CVE-2020-1645 RESERVED CVE-2020-1644 RESERVED CVE-2020-1643 RESERVED CVE-2020-1642 RESERVED CVE-2020-1641 RESERVED CVE-2020-1640 RESERVED CVE-2020-1639 (When an attacker sends a specific crafted Ethernet Operation, Administ ...) NOT-FOR-US: Juniper CVE-2020-1638 (The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and J ...) NOT-FOR-US: Juniper CVE-2020-1637 (A vulnerability in Juniper Networks SRX Series device configured as a ...) NOT-FOR-US: Juniper CVE-2020-1636 RESERVED CVE-2020-1635 RESERVED CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and when sp ...) NOT-FOR-US: Juniper CVE-2020-1633 (Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos ...) NOT-FOR-US: Juniper CVE-2020-1632 (In a certain condition, receipt of a specific BGP UPDATE message might ...) NOT-FOR-US: Juniper CVE-2020-1631 (A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentic ...) NOT-FOR-US: Juniper CVE-2020-1630 (A privilege escalation vulnerability in Juniper Networks Junos OS devi ...) NOT-FOR-US: Juniper CVE-2020-1629 (A race condition vulnerability on Juniper Network Junos OS devices may ...) NOT-FOR-US: Juniper CVE-2020-1628 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...) NOT-FOR-US: Juniper CVE-2020-1627 (A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices ...) NOT-FOR-US: Juniper CVE-2020-1626 (A vulnerability in Juniper Networks Junos OS Evolved may allow an atta ...) NOT-FOR-US: Juniper CVE-2020-1625 (The kernel memory usage represented as "temp" via 'show system virtual ...) NOT-FOR-US: Juniper CVE-2020-1624 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1623 (A local, authenticated user with shell can view sensitive configuratio ...) NOT-FOR-US: Juniper CVE-2020-1622 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1621 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1620 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1619 (A privilege escalation vulnerability in Juniper Networks QFX10K Series ...) NOT-FOR-US: Juniper CVE-2020-1618 (On Juniper Networks EX and QFX Series, an authentication bypass vulner ...) NOT-FOR-US: Juniper CVE-2020-1617 (This issue occurs on Juniper Networks Junos OS devices which do not su ...) NOT-FOR-US: Juniper CVE-2020-1616 (Due to insufficient server-side login attempt limit enforcement, a vul ...) NOT-FOR-US: Juniper CVE-2020-1615 (The factory configuration for vMX installations, as shipped, includes ...) NOT-FOR-US: Juniper CVE-2020-1614 (A Use of Hard-coded Credentials vulnerability exists in the NFX250 Ser ...) NOT-FOR-US: Juniper CVE-2020-1613 (A vulnerability in the BGP FlowSpec implementation may cause a Juniper ...) NOT-FOR-US: Juniper CVE-2020-1612 RESERVED CVE-2020-1611 (A Local File Inclusion vulnerability in Juniper Networks Junos Space a ...) NOT-FOR-US: Juniper CVE-2020-1610 RESERVED CVE-2020-1609 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1608 (Receipt of a specific MPLS or IPv6 packet on the core facing interface ...) NOT-FOR-US: Juniper CVE-2020-1607 (Insufficient Cross-Site Scripting (XSS) protection in J-Web may potent ...) NOT-FOR-US: Juniper CVE-2020-1606 (A path traversal vulnerability in the Juniper Networks Junos OS device ...) NOT-FOR-US: Juniper CVE-2020-1605 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1604 (On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the ...) NOT-FOR-US: Juniper CVE-2020-1603 (Specific IPv6 packets sent by clients processed by the Routing Engine ...) NOT-FOR-US: Juniper CVE-2020-1602 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1601 (Certain types of malformed Path Computation Element Protocol (PCEP) pa ...) NOT-FOR-US: Juniper CVE-2020-1600 (In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an ...) NOT-FOR-US: Juniper CVE-2020-1599 RESERVED CVE-2020-1598 RESERVED CVE-2020-1597 RESERVED CVE-2020-1596 RESERVED CVE-2020-1595 RESERVED CVE-2020-1594 RESERVED CVE-2020-1593 RESERVED CVE-2020-1592 RESERVED CVE-2020-1591 RESERVED CVE-2020-1590 RESERVED CVE-2020-1589 RESERVED CVE-2020-1588 RESERVED CVE-2020-1587 RESERVED CVE-2020-1586 RESERVED CVE-2020-1585 RESERVED CVE-2020-1584 RESERVED CVE-2020-1583 RESERVED CVE-2020-1582 RESERVED CVE-2020-1581 RESERVED CVE-2020-1580 RESERVED CVE-2020-1579 RESERVED CVE-2020-1578 RESERVED CVE-2020-1577 RESERVED CVE-2020-1576 RESERVED CVE-2020-1575 RESERVED CVE-2020-1574 RESERVED CVE-2020-1573 RESERVED CVE-2020-1572 RESERVED CVE-2020-1571 RESERVED CVE-2020-1570 RESERVED CVE-2020-1569 RESERVED CVE-2020-1568 RESERVED CVE-2020-1567 RESERVED CVE-2020-1566 RESERVED CVE-2020-1565 RESERVED CVE-2020-1564 RESERVED CVE-2020-1563 RESERVED CVE-2020-1562 RESERVED CVE-2020-1561 RESERVED CVE-2020-1560 RESERVED CVE-2020-1559 RESERVED CVE-2020-1558 RESERVED CVE-2020-1557 RESERVED CVE-2020-1556 RESERVED CVE-2020-1555 RESERVED CVE-2020-1554 RESERVED CVE-2020-1553 RESERVED CVE-2020-1552 RESERVED CVE-2020-1551 RESERVED CVE-2020-1550 RESERVED CVE-2020-1549 RESERVED CVE-2020-1548 RESERVED CVE-2020-1547 RESERVED CVE-2020-1546 RESERVED CVE-2020-1545 RESERVED CVE-2020-1544 RESERVED CVE-2020-1543 RESERVED CVE-2020-1542 RESERVED CVE-2020-1541 RESERVED CVE-2020-1540 RESERVED CVE-2020-1539 RESERVED CVE-2020-1538 RESERVED CVE-2020-1537 RESERVED CVE-2020-1536 RESERVED CVE-2020-1535 RESERVED CVE-2020-1534 RESERVED CVE-2020-1533 RESERVED CVE-2020-1532 RESERVED CVE-2020-1531 RESERVED CVE-2020-1530 RESERVED CVE-2020-1529 RESERVED CVE-2020-1528 RESERVED CVE-2020-1527 RESERVED CVE-2020-1526 RESERVED CVE-2020-1525 RESERVED CVE-2020-1524 RESERVED CVE-2020-1523 RESERVED CVE-2020-1522 RESERVED CVE-2020-1521 RESERVED CVE-2020-1520 RESERVED CVE-2020-1519 RESERVED CVE-2020-1518 RESERVED CVE-2020-1517 RESERVED CVE-2020-1516 RESERVED CVE-2020-1515 RESERVED CVE-2020-1514 RESERVED CVE-2020-1513 RESERVED CVE-2020-1512 RESERVED CVE-2020-1511 RESERVED CVE-2020-1510 RESERVED CVE-2020-1509 RESERVED CVE-2020-1508 RESERVED CVE-2020-1507 RESERVED CVE-2020-1506 RESERVED CVE-2020-1505 RESERVED CVE-2020-1504 RESERVED CVE-2020-1503 RESERVED CVE-2020-1502 RESERVED CVE-2020-1501 RESERVED CVE-2020-1500 RESERVED CVE-2020-1499 RESERVED CVE-2020-1498 RESERVED CVE-2020-1497 RESERVED CVE-2020-1496 RESERVED CVE-2020-1495 RESERVED CVE-2020-1494 RESERVED CVE-2020-1493 RESERVED CVE-2020-1492 RESERVED CVE-2020-1491 RESERVED CVE-2020-1490 RESERVED CVE-2020-1489 RESERVED CVE-2020-1488 RESERVED CVE-2020-1487 RESERVED CVE-2020-1486 RESERVED CVE-2020-1485 RESERVED CVE-2020-1484 RESERVED CVE-2020-1483 RESERVED CVE-2020-1482 RESERVED CVE-2020-1481 RESERVED CVE-2020-1480 RESERVED CVE-2020-1479 RESERVED CVE-2020-1478 RESERVED CVE-2020-1477 RESERVED CVE-2020-1476 RESERVED CVE-2020-1475 RESERVED CVE-2020-1474 RESERVED CVE-2020-1473 RESERVED CVE-2020-1472 RESERVED CVE-2020-1471 RESERVED CVE-2020-1470 RESERVED CVE-2020-1469 RESERVED CVE-2020-1468 RESERVED CVE-2020-1467 RESERVED CVE-2020-1466 RESERVED CVE-2020-1465 RESERVED CVE-2020-1464 RESERVED CVE-2020-1463 RESERVED CVE-2020-1462 RESERVED CVE-2020-1461 RESERVED CVE-2020-1460 RESERVED CVE-2020-1459 RESERVED CVE-2020-1458 RESERVED CVE-2020-1457 RESERVED CVE-2020-1456 RESERVED CVE-2020-1455 RESERVED CVE-2020-1454 RESERVED CVE-2020-1453 RESERVED CVE-2020-1452 RESERVED CVE-2020-1451 RESERVED CVE-2020-1450 RESERVED CVE-2020-1449 RESERVED CVE-2020-1448 RESERVED CVE-2020-1447 RESERVED CVE-2020-1446 RESERVED CVE-2020-1445 RESERVED CVE-2020-1444 RESERVED CVE-2020-1443 RESERVED CVE-2020-1442 RESERVED CVE-2020-1441 RESERVED CVE-2020-1440 RESERVED CVE-2020-1439 RESERVED CVE-2020-1438 RESERVED CVE-2020-1437 RESERVED CVE-2020-1436 RESERVED CVE-2020-1435 RESERVED CVE-2020-1434 RESERVED CVE-2020-1433 RESERVED CVE-2020-1432 RESERVED CVE-2020-1431 RESERVED CVE-2020-1430 RESERVED CVE-2020-1429 RESERVED CVE-2020-1428 RESERVED CVE-2020-1427 RESERVED CVE-2020-1426 RESERVED CVE-2020-1425 RESERVED CVE-2020-1424 RESERVED CVE-2020-1423 RESERVED CVE-2020-1422 RESERVED CVE-2020-1421 RESERVED CVE-2020-1420 RESERVED CVE-2020-1419 RESERVED CVE-2020-1418 RESERVED CVE-2020-1417 RESERVED CVE-2020-1416 RESERVED CVE-2020-1415 RESERVED CVE-2020-1414 RESERVED CVE-2020-1413 RESERVED CVE-2020-1412 RESERVED CVE-2020-1411 RESERVED CVE-2020-1410 RESERVED CVE-2020-1409 RESERVED CVE-2020-1408 RESERVED CVE-2020-1407 RESERVED CVE-2020-1406 RESERVED CVE-2020-1405 RESERVED CVE-2020-1404 RESERVED CVE-2020-1403 RESERVED CVE-2020-1402 RESERVED CVE-2020-1401 RESERVED CVE-2020-1400 RESERVED CVE-2020-1399 RESERVED CVE-2020-1398 RESERVED CVE-2020-1397 RESERVED CVE-2020-1396 RESERVED CVE-2020-1395 RESERVED CVE-2020-1394 RESERVED CVE-2020-1393 RESERVED CVE-2020-1392 RESERVED CVE-2020-1391 RESERVED CVE-2020-1390 RESERVED CVE-2020-1389 RESERVED CVE-2020-1388 RESERVED CVE-2020-1387 RESERVED CVE-2020-1386 RESERVED CVE-2020-1385 RESERVED CVE-2020-1384 RESERVED CVE-2020-1383 RESERVED CVE-2020-1382 RESERVED CVE-2020-1381 RESERVED CVE-2020-1380 RESERVED CVE-2020-1379 RESERVED CVE-2020-1378 RESERVED CVE-2020-1377 RESERVED CVE-2020-1376 RESERVED CVE-2020-1375 RESERVED CVE-2020-1374 RESERVED CVE-2020-1373 RESERVED CVE-2020-1372 RESERVED CVE-2020-1371 RESERVED CVE-2020-1370 RESERVED CVE-2020-1369 RESERVED CVE-2020-1368 RESERVED CVE-2020-1367 RESERVED CVE-2020-1366 RESERVED CVE-2020-1365 RESERVED CVE-2020-1364 RESERVED CVE-2020-1363 RESERVED CVE-2020-1362 RESERVED CVE-2020-1361 RESERVED CVE-2020-1360 RESERVED CVE-2020-1359 RESERVED CVE-2020-1358 RESERVED CVE-2020-1357 RESERVED CVE-2020-1356 RESERVED CVE-2020-1355 RESERVED CVE-2020-1354 RESERVED CVE-2020-1353 RESERVED CVE-2020-1352 RESERVED CVE-2020-1351 RESERVED CVE-2020-1350 RESERVED CVE-2020-1349 RESERVED CVE-2020-1348 RESERVED CVE-2020-1347 RESERVED CVE-2020-1346 RESERVED CVE-2020-1345 RESERVED CVE-2020-1344 RESERVED CVE-2020-1343 RESERVED CVE-2020-1342 RESERVED CVE-2020-1341 RESERVED CVE-2020-1340 RESERVED CVE-2020-1339 RESERVED CVE-2020-1338 RESERVED CVE-2020-1337 RESERVED CVE-2020-1336 RESERVED CVE-2020-1335 RESERVED CVE-2020-1334 RESERVED CVE-2020-1333 RESERVED CVE-2020-1332 RESERVED CVE-2020-1331 RESERVED CVE-2020-1330 RESERVED CVE-2020-1329 RESERVED CVE-2020-1328 RESERVED CVE-2020-1327 RESERVED CVE-2020-1326 RESERVED CVE-2020-1325 RESERVED CVE-2020-1324 RESERVED CVE-2020-1323 RESERVED CVE-2020-1322 RESERVED CVE-2020-1321 RESERVED CVE-2020-1320 RESERVED CVE-2020-1319 RESERVED CVE-2020-1318 RESERVED CVE-2020-1317 RESERVED CVE-2020-1316 RESERVED CVE-2020-1315 RESERVED CVE-2020-1314 RESERVED CVE-2020-1313 RESERVED CVE-2020-1312 RESERVED CVE-2020-1311 RESERVED CVE-2020-1310 RESERVED CVE-2020-1309 RESERVED CVE-2020-1308 RESERVED CVE-2020-1307 RESERVED CVE-2020-1306 RESERVED CVE-2020-1305 RESERVED CVE-2020-1304 RESERVED CVE-2020-1303 RESERVED CVE-2020-1302 RESERVED CVE-2020-1301 RESERVED CVE-2020-1300 RESERVED CVE-2020-1299 RESERVED CVE-2020-1298 RESERVED CVE-2020-1297 RESERVED CVE-2020-1296 RESERVED CVE-2020-1295 RESERVED CVE-2020-1294 RESERVED CVE-2020-1293 RESERVED CVE-2020-1292 RESERVED CVE-2020-1291 RESERVED CVE-2020-1290 RESERVED CVE-2020-1289 RESERVED CVE-2020-1288 RESERVED CVE-2020-1287 RESERVED CVE-2020-1286 RESERVED CVE-2020-1285 RESERVED CVE-2020-1284 RESERVED CVE-2020-1283 RESERVED CVE-2020-1282 RESERVED CVE-2020-1281 RESERVED CVE-2020-1280 RESERVED CVE-2020-1279 RESERVED CVE-2020-1278 RESERVED CVE-2020-1277 RESERVED CVE-2020-1276 RESERVED CVE-2020-1275 RESERVED CVE-2020-1274 RESERVED CVE-2020-1273 RESERVED CVE-2020-1272 RESERVED CVE-2020-1271 RESERVED CVE-2020-1270 RESERVED CVE-2020-1269 RESERVED CVE-2020-1268 RESERVED CVE-2020-1267 RESERVED CVE-2020-1266 RESERVED CVE-2020-1265 RESERVED CVE-2020-1264 RESERVED CVE-2020-1263 RESERVED CVE-2020-1262 RESERVED CVE-2020-1261 RESERVED CVE-2020-1260 RESERVED CVE-2020-1259 RESERVED CVE-2020-1258 RESERVED CVE-2020-1257 RESERVED CVE-2020-1256 RESERVED CVE-2020-1255 RESERVED CVE-2020-1254 RESERVED CVE-2020-1253 RESERVED CVE-2020-1252 RESERVED CVE-2020-1251 RESERVED CVE-2020-1250 RESERVED CVE-2020-1249 RESERVED CVE-2020-1248 RESERVED CVE-2020-1247 RESERVED CVE-2020-1246 RESERVED CVE-2020-1245 RESERVED CVE-2020-1244 RESERVED CVE-2020-1243 RESERVED CVE-2020-1242 RESERVED CVE-2020-1241 RESERVED CVE-2020-1240 RESERVED CVE-2020-1239 RESERVED CVE-2020-1238 RESERVED CVE-2020-1237 RESERVED CVE-2020-1236 RESERVED CVE-2020-1235 RESERVED CVE-2020-1234 RESERVED CVE-2020-1233 RESERVED CVE-2020-1232 RESERVED CVE-2020-1231 RESERVED CVE-2020-1230 RESERVED CVE-2020-1229 RESERVED CVE-2020-1228 RESERVED CVE-2020-1227 RESERVED CVE-2020-1226 RESERVED CVE-2020-1225 RESERVED CVE-2020-1224 RESERVED CVE-2020-1223 RESERVED CVE-2020-1222 RESERVED CVE-2020-1221 RESERVED CVE-2020-1220 RESERVED CVE-2020-1219 RESERVED CVE-2020-1218 RESERVED CVE-2020-1217 RESERVED CVE-2020-1216 RESERVED CVE-2020-1215 RESERVED CVE-2020-1214 RESERVED CVE-2020-1213 RESERVED CVE-2020-1212 RESERVED CVE-2020-1211 RESERVED CVE-2020-1210 RESERVED CVE-2020-1209 RESERVED CVE-2020-1208 RESERVED CVE-2020-1207 RESERVED CVE-2020-1206 RESERVED CVE-2020-1205 RESERVED CVE-2020-1204 RESERVED CVE-2020-1203 RESERVED CVE-2020-1202 RESERVED CVE-2020-1201 RESERVED CVE-2020-1200 RESERVED CVE-2020-1199 RESERVED CVE-2020-1198 RESERVED CVE-2020-1197 RESERVED CVE-2020-1196 RESERVED CVE-2020-1195 (An elevation of privilege vulnerability exists in Microsoft Edge (Chro ...) TODO: check CVE-2020-1194 RESERVED CVE-2020-1193 RESERVED CVE-2020-1192 (A remote code execution vulnerability exists in Visual Studio Code whe ...) TODO: check CVE-2020-1191 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1190 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1189 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1188 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1187 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1186 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1185 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1184 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1183 RESERVED CVE-2020-1182 RESERVED CVE-2020-1181 RESERVED CVE-2020-1180 RESERVED CVE-2020-1179 (An information disclosure vulnerability exists when the Windows GDI co ...) TODO: check CVE-2020-1178 RESERVED CVE-2020-1177 RESERVED CVE-2020-1176 (A remote code execution vulnerability exists when the Windows Jet Data ...) TODO: check CVE-2020-1175 (A remote code execution vulnerability exists when the Windows Jet Data ...) TODO: check CVE-2020-1174 (A remote code execution vulnerability exists when the Windows Jet Data ...) TODO: check CVE-2020-1173 (A spoofing vulnerability exists in Microsoft Power BI Report Server in ...) TODO: check CVE-2020-1172 RESERVED CVE-2020-1171 (A remote code execution vulnerability exists in Visual Studio Code whe ...) TODO: check CVE-2020-1170 RESERVED CVE-2020-1169 RESERVED CVE-2020-1168 RESERVED CVE-2020-1167 RESERVED CVE-2020-1166 (An elevation of privilege vulnerability exists when Windows improperly ...) TODO: check CVE-2020-1165 (An elevation of privilege vulnerability exists when Windows improperly ...) TODO: check CVE-2020-1164 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1163 RESERVED CVE-2020-1162 RESERVED CVE-2020-1161 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: Microsoft .NET CVE-2020-1160 RESERVED CVE-2020-1159 RESERVED CVE-2020-1158 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1157 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1156 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1155 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1154 (An elevation of privilege vulnerability exists when the Windows Common ...) TODO: check CVE-2020-1153 (A remote code execution vulnerability exists in the way that Microsoft ...) TODO: check CVE-2020-1152 RESERVED CVE-2020-1151 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1150 (A memory corruption vulnerability exists when Windows Media Foundation ...) TODO: check CVE-2020-1149 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1148 RESERVED CVE-2020-1147 RESERVED CVE-2020-1146 RESERVED CVE-2020-1145 (An information disclosure vulnerability exists in the way that the Win ...) TODO: check CVE-2020-1144 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1143 (An elevation of privilege vulnerability exists in Windows when the Win ...) TODO: check CVE-2020-1142 (An elevation of privilege vulnerability exists in the way that the Win ...) TODO: check CVE-2020-1141 (An information disclosure vulnerability exists in the way that the Win ...) TODO: check CVE-2020-1140 (An elevation of privilege vulnerability exists when DirectX improperly ...) TODO: check CVE-2020-1139 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1138 (An elevation of privilege vulnerability exists when the Storage Servic ...) TODO: check CVE-2020-1137 (An elevation of privilege vulnerability exists in the way the Windows ...) TODO: check CVE-2020-1136 (A memory corruption vulnerability exists when Windows Media Foundation ...) TODO: check CVE-2020-1135 (An elevation of privilege vulnerability exists when the Windows Graphi ...) TODO: check CVE-2020-1134 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1133 RESERVED CVE-2020-1132 (An elevation of privilege vulnerability exists when Windows Error Repo ...) TODO: check CVE-2020-1131 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1130 RESERVED CVE-2020-1129 RESERVED CVE-2020-1128 RESERVED CVE-2020-1127 RESERVED CVE-2020-1126 (A memory corruption vulnerability exists when Windows Media Foundation ...) TODO: check CVE-2020-1125 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1124 (An elevation of privilege vulnerability exists when the Windows State ...) TODO: check CVE-2020-1123 (A denial of service vulnerability exists when Connected User Experienc ...) TODO: check CVE-2020-1122 RESERVED CVE-2020-1121 (An elevation of privilege vulnerability exists when Windows improperly ...) TODO: check CVE-2020-1120 RESERVED CVE-2020-1119 RESERVED CVE-2020-1118 (A denial of service vulnerability exists in the Windows implementation ...) TODO: check CVE-2020-1117 (A remote code execution vulnerability exists in the way that the Color ...) TODO: check CVE-2020-1116 (An information disclosure vulnerability exists when the Windows Client ...) TODO: check CVE-2020-1115 RESERVED CVE-2020-1114 (An elevation of privilege vulnerability exists when the Windows kernel ...) TODO: check CVE-2020-1113 (A security feature bypass vulnerability exists in Microsoft Windows wh ...) TODO: check CVE-2020-1112 (An elevation of privilege vulnerability exists when the Windows Backgr ...) TODO: check CVE-2020-1111 (An elevation of privilege vulnerability exists when Windows improperly ...) TODO: check CVE-2020-1110 (An elevation of privilege vulnerability exists when the Windows Update ...) TODO: check CVE-2020-1109 (An elevation of privilege vulnerability exists when the Windows Update ...) TODO: check CVE-2020-1108 (A denial of service vulnerability exists when .NET Core or .NET Framew ...) NOT-FOR-US: Microsoft .NET CVE-2020-1107 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) TODO: check CVE-2020-1106 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) TODO: check CVE-2020-1105 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) TODO: check CVE-2020-1104 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) TODO: check CVE-2020-1103 (An information disclosure vulnerability exists where certain modes of ...) TODO: check CVE-2020-1102 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) TODO: check CVE-2020-1101 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) TODO: check CVE-2020-1100 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) TODO: check CVE-2020-1099 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) TODO: check CVE-2020-1098 RESERVED CVE-2020-1097 RESERVED CVE-2020-1096 (A remote code execution vulnerability exists when Microsoft Edge PDF R ...) TODO: check CVE-2020-1095 RESERVED CVE-2020-1094 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-1093 (A remote code execution vulnerability exists in the way that the VBScr ...) TODO: check CVE-2020-1092 (A remote code execution vulnerability exists when Internet Explorer im ...) TODO: check CVE-2020-1091 RESERVED CVE-2020-1090 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1089 RESERVED CVE-2020-1088 (An elevation of privilege vulnerability exists in Windows Error Report ...) TODO: check CVE-2020-1087 (An elevation of privilege vulnerability exists in the way that the Win ...) TODO: check CVE-2020-1086 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1085 RESERVED CVE-2020-1084 (A Denial Of Service vulnerability exists when Connected User Experienc ...) TODO: check CVE-2020-1083 RESERVED CVE-2020-1082 (An elevation of privilege vulnerability exists in Windows Error Report ...) TODO: check CVE-2020-1081 (An elevation of privilege vulnerability exists when the Windows Printe ...) TODO: check CVE-2020-1080 RESERVED CVE-2020-1079 (An elevation of privilege vulnerability exists when the Windows fails ...) TODO: check CVE-2020-1078 (An elevation of privilege vulnerability exists in Windows Installer be ...) TODO: check CVE-2020-1077 (An elevation of privilege vulnerability exists when the Windows Runtim ...) TODO: check CVE-2020-1076 (A denial of service vulnerability exists when Windows improperly handl ...) TODO: check CVE-2020-1075 (An information disclosure vulnerability exists when Windows Subsystem ...) TODO: check CVE-2020-1074 RESERVED CVE-2020-1073 RESERVED CVE-2020-1072 (An information disclosure vulnerability exists when the Windows kernel ...) TODO: check CVE-2020-1071 (An elevation of privilege vulnerability exists when Windows improperly ...) TODO: check CVE-2020-1070 (An elevation of privilege vulnerability exists when the Windows Print ...) TODO: check CVE-2020-1069 (A remote code execution vulnerability exists in Microsoft SharePoint S ...) TODO: check CVE-2020-1068 (An elevation of privilege vulnerability exists in Windows Media Servic ...) TODO: check CVE-2020-1067 (A remote code execution vulnerability exists in the way that Windows h ...) TODO: check CVE-2020-1066 (An elevation of privilege vulnerability exists in .NET Framework which ...) TODO: check CVE-2020-1065 (A remote code execution vulnerability exists in the way that the Chakr ...) TODO: check CVE-2020-1064 (A remote code execution vulnerability exists in the way that the MSHTM ...) TODO: check CVE-2020-1063 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) TODO: check CVE-2020-1062 (A remote code execution vulnerability exists when Internet Explorer im ...) TODO: check CVE-2020-1061 (A remote code execution vulnerability exists in the way that the Micro ...) TODO: check CVE-2020-1060 (A remote code execution vulnerability exists in the way that the VBScr ...) TODO: check CVE-2020-1059 (A spoofing vulnerability exists when Microsoft Edge does not properly ...) TODO: check CVE-2020-1058 (A remote code execution vulnerability exists in the way that the VBScr ...) TODO: check CVE-2020-1057 RESERVED CVE-2020-1056 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...) TODO: check CVE-2020-1055 (A cross-site-scripting (XSS) vulnerability exists when Active Director ...) TODO: check CVE-2020-1054 (An elevation of privilege vulnerability exists in Windows when the Win ...) TODO: check CVE-2020-1053 RESERVED CVE-2020-1052 RESERVED CVE-2020-1051 (A remote code execution vulnerability exists when the Windows Jet Data ...) TODO: check CVE-2020-1050 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-1049 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-1048 (An elevation of privilege vulnerability exists when the Windows Print ...) TODO: check CVE-2020-1047 RESERVED CVE-2020-1046 RESERVED CVE-2020-1045 RESERVED CVE-2020-1044 RESERVED CVE-2020-1043 RESERVED CVE-2020-1042 RESERVED CVE-2020-1041 RESERVED CVE-2020-1040 RESERVED CVE-2020-1039 RESERVED CVE-2020-1038 RESERVED CVE-2020-1037 (A remote code execution vulnerability exists in the way that the Chakr ...) TODO: check CVE-2020-1036 RESERVED CVE-2020-1035 (A remote code execution vulnerability exists in the way that the VBScr ...) TODO: check CVE-2020-1034 RESERVED CVE-2020-1033 RESERVED CVE-2020-1032 RESERVED CVE-2020-1031 RESERVED CVE-2020-1030 RESERVED CVE-2020-1029 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-1028 (A memory corruption vulnerability exists when Windows Media Foundation ...) TODO: check CVE-2020-1027 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1026 (A Security Feature Bypass vulnerability exists in the MSR JavaScript C ...) NOT-FOR-US: Microsoft CVE-2020-1025 RESERVED CVE-2020-1024 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) TODO: check CVE-2020-1023 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) TODO: check CVE-2020-1022 (A remote code execution vulnerability exists in Microsoft Dynamics Bus ...) NOT-FOR-US: Microsoft CVE-2020-1021 (An elevation of privilege vulnerability exists in Windows Error Report ...) TODO: check CVE-2020-1020 (A remote code execution vulnerability exists in Microsoft Windows when ...) NOT-FOR-US: Microsoft CVE-2020-1019 (An elevation of privilege vulnerability exists in RMS Sharing App for ...) NOT-FOR-US: Microsoft CVE-2020-1018 (An information disclosure vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-1017 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1016 (An information disclosure vulnerability exists when the Windows Push N ...) NOT-FOR-US: Microsoft CVE-2020-1015 (An elevation of privilege vulnerability exists in the way that the Use ...) NOT-FOR-US: Microsoft CVE-2020-1014 (An elevation of privilege vulnerability exists in the Microsoft Window ...) NOT-FOR-US: Microsoft CVE-2020-1013 RESERVED CVE-2020-1012 RESERVED CVE-2020-1011 (An elevation of privilege vulnerability exists when the Windows System ...) NOT-FOR-US: Microsoft CVE-2020-1010 (An elevation of privilege vulnerability exists in Windows Block Level ...) TODO: check CVE-2020-1009 (An elevation of privilege vulnerability exists in the way that the Mic ...) NOT-FOR-US: Microsoft CVE-2020-1008 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1007 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1006 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1005 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-1004 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-1003 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1002 (An elevation of privilege vulnerability exists when the MpSigStub.exe ...) NOT-FOR-US: Microsoft CVE-2020-1001 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1000 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0999 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0998 RESERVED CVE-2020-0997 RESERVED CVE-2020-0996 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0995 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0994 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0993 (A denial of service vulnerability exists in Windows DNS when it fails ...) NOT-FOR-US: Microsoft CVE-2020-0992 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0991 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-0990 RESERVED CVE-2020-0989 RESERVED CVE-2020-0988 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0987 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0986 RESERVED CVE-2020-0985 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0984 (An elevation of privilege vulnerability exists when the Microsoft Auto ...) NOT-FOR-US: Microsoft CVE-2020-0983 (An elevation of privilege vulnerability exists when the Windows Delive ...) NOT-FOR-US: Microsoft CVE-2020-0982 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0981 (A security feature bypass vulnerability exists when Windows fails to p ...) NOT-FOR-US: Microsoft CVE-2020-0980 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0979 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0978 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0977 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0976 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0975 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0974 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0973 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0972 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0971 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0970 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0969 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0968 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0967 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0966 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0965 (A remoted code execution vulnerability exists in the way that Microsof ...) NOT-FOR-US: Microsoft CVE-2020-0964 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-0963 (An information disclosure vulnerability exists when the Windows GDI co ...) TODO: check CVE-2020-0962 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0961 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2020-0960 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0959 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0958 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0957 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0956 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0955 (An information disclosure vulnerability exists when certain central pr ...) NOT-FOR-US: Microsoft CVE-2020-0954 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0953 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0952 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0951 RESERVED CVE-2020-0950 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0949 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0948 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0947 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0946 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0945 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0944 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-0943 (An authentication bypass vulnerability exists in Microsoft YourPhoneCo ...) NOT-FOR-US: Microsoft CVE-2020-0942 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-0941 RESERVED CVE-2020-0940 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-0939 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0938 (A remote code execution vulnerability exists in Microsoft Windows when ...) NOT-FOR-US: Microsoft CVE-2020-0937 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0936 (An elevation of privilege vulnerability exists when a Windows schedule ...) NOT-FOR-US: Microsoft CVE-2020-0935 (An elevation of privilege vulnerability exists when the OneDrive for W ...) NOT-FOR-US: Microsoft CVE-2020-0934 (An elevation of privilege vulnerability exists when the Windows WpcDes ...) NOT-FOR-US: Microsoft CVE-2020-0933 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0932 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0931 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0930 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0929 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0928 RESERVED CVE-2020-0927 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0926 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0925 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0924 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0923 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0922 RESERVED CVE-2020-0921 RESERVED CVE-2020-0920 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0919 (An elevation of privilege vulnerability exists in Remote Desktop App f ...) NOT-FOR-US: Microsoft CVE-2020-0918 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...) NOT-FOR-US: Microsoft CVE-2020-0917 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...) NOT-FOR-US: Microsoft CVE-2020-0916 RESERVED CVE-2020-0915 RESERVED CVE-2020-0914 RESERVED CVE-2020-0913 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0912 RESERVED CVE-2020-0911 RESERVED CVE-2020-0910 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2020-0909 (A denial of service vulnerability exists when Hyper-V on a Windows Ser ...) TODO: check CVE-2020-0908 RESERVED CVE-2020-0907 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-0906 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0905 (An remote code execution vulnerability exists in Microsoft Dynamics Bu ...) NOT-FOR-US: Microsoft CVE-2020-0904 RESERVED CVE-2020-0903 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Excha ...) NOT-FOR-US: Microsoft CVE-2020-0902 (An elevation of privilege vulnerability exists in Service Fabric File ...) NOT-FOR-US: Microsoft CVE-2020-0901 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) TODO: check CVE-2020-0900 (An elevation of privilege vulnerability exists when the Visual Studio ...) NOT-FOR-US: Microsoft CVE-2020-0899 (An elevation of privilege vulnerability exists when Microsoft Visual S ...) NOT-FOR-US: Microsoft CVE-2020-0898 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0897 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0896 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0895 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0894 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0893 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0892 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0891 (This vulnerability is caused when SharePoint Server does not properly ...) NOT-FOR-US: Microsoft CVE-2020-0890 RESERVED CVE-2020-0889 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0888 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0887 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0886 RESERVED CVE-2020-0885 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0884 (A spoofing vulnerability exists in Microsoft Visual Studio as it inclu ...) NOT-FOR-US: Microsoft CVE-2020-0883 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-0882 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0881 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-0880 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0879 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0878 RESERVED CVE-2020-0877 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0876 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0875 RESERVED CVE-2020-0874 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0873 RESERVED CVE-2020-0872 (A remote code execution vulnerability exists in Application Inspector ...) NOT-FOR-US: Microsoft CVE-2020-0871 (An information disclosure vulnerability exists when Windows Network Co ...) NOT-FOR-US: Microsoft CVE-2020-0870 RESERVED CVE-2020-0869 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0868 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0867 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0866 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0865 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0864 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0863 (An information vulnerability exists when Windows Connected User Experi ...) NOT-FOR-US: Microsoft CVE-2020-0862 RESERVED CVE-2020-0861 (An information disclosure vulnerability exists when the Windows Networ ...) NOT-FOR-US: Microsoft CVE-2020-0860 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0859 (An information vulnerability exists when Windows Modules Installer Ser ...) NOT-FOR-US: Microsoft CVE-2020-0858 (An elevation of privilege vulnerability exists when the &quot;Publ ...) NOT-FOR-US: Microsoft CVE-2020-0857 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0856 RESERVED CVE-2020-0855 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0854 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-0853 (An information disclosure vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0852 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0851 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0850 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0849 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0848 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0847 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0846 RESERVED CVE-2020-0845 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0844 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-0843 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0842 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0841 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0840 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0839 RESERVED CVE-2020-0838 RESERVED CVE-2020-0837 RESERVED CVE-2020-0836 RESERVED CVE-2020-0835 (An elevation of privilege vulnerability exists when Windows Defender a ...) NOT-FOR-US: Microsoft CVE-2020-0834 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0833 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0832 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0831 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0830 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2020-0829 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0828 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0827 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0826 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0825 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0824 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-0823 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0822 (An elevation of privilege vulnerability exists when the Windows Langua ...) NOT-FOR-US: Microsoft CVE-2020-0821 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0820 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0819 (An elevation of privilege vulnerability exists when the Windows Device ...) NOT-FOR-US: Microsoft CVE-2020-0818 RESERVED CVE-2020-0817 RESERVED CVE-2020-0816 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2020-0815 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...) NOT-FOR-US: Microsoft CVE-2020-0814 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0813 (An information disclosure vulnerability exists when Chakra improperly ...) NOT-FOR-US: Microsoft CVE-2020-0812 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0811 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0810 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-0809 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0808 (An elevation of privilege vulnerability exists in the way the Provisio ...) NOT-FOR-US: Microsoft CVE-2020-0807 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0806 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0805 RESERVED CVE-2020-0804 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0803 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0802 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0801 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0800 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0799 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2020-0798 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0797 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0796 (A remote code execution vulnerability exists in the way that the Micro ...) NOT-FOR-US: Microsoft CVE-2020-0795 (This vulnerability is caused when SharePoint Server does not properly ...) NOT-FOR-US: Microsoft CVE-2020-0794 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2020-0793 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-0792 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0791 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0790 RESERVED CVE-2020-0789 (A denial of service vulnerability exists when the Visual Studio Extens ...) NOT-FOR-US: Microsoft CVE-2020-0788 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0787 (An elevation of privilege vulnerability exists when the Windows Backgr ...) NOT-FOR-US: Microsoft CVE-2020-0786 (A denial of service vulnerability exists when the Windows Tile Object ...) NOT-FOR-US: Microsoft CVE-2020-0785 (An elevation of privilege vulnerability exists when the Windows User P ...) NOT-FOR-US: Microsoft CVE-2020-0784 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0783 (An elevation of privilege vulnerability exists when the Windows Univer ...) NOT-FOR-US: Microsoft CVE-2020-0782 RESERVED CVE-2020-0781 (An elevation of privilege vulnerability exists when the Windows Univer ...) NOT-FOR-US: Microsoft CVE-2020-0780 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0779 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0778 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0777 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0776 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2020-0775 (An information disclosure vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0774 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0773 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0772 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0771 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-0770 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0769 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-0768 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2020-0767 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0766 RESERVED CVE-2020-0765 (An information disclosure vulnerability exists in the Remote Desktop C ...) NOT-FOR-US: Microsoft CVE-2020-0764 RESERVED CVE-2020-0763 (An elevation of privilege vulnerability exists when Windows Defender S ...) NOT-FOR-US: Microsoft CVE-2020-0762 (An elevation of privilege vulnerability exists when Windows Defender S ...) NOT-FOR-US: Microsoft CVE-2020-0761 RESERVED CVE-2020-0760 (A remote code execution vulnerability exists when Microsoft Office imp ...) NOT-FOR-US: Microsoft CVE-2020-0759 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0758 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...) NOT-FOR-US: Microsoft CVE-2020-0757 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0756 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0755 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0754 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0753 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0752 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0751 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0750 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0749 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0748 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0747 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2020-0746 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-0745 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0744 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0743 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0742 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0741 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0740 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0739 (An elevation of privilege vulnerability exists in the way that the dss ...) NOT-FOR-US: Microsoft CVE-2020-0738 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0737 (An elevation of privilege vulnerability exists in the way that the tap ...) NOT-FOR-US: Microsoft CVE-2020-0736 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0735 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0734 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0733 (An elevation of privilege vulnerability exists when the Windows Malici ...) NOT-FOR-US: Microsoft CVE-2020-0732 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0731 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0730 (An elevation of privilege vulnerability exists when the Windows User P ...) NOT-FOR-US: Microsoft CVE-2020-0729 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-0728 (An information vulnerability exists when Windows Modules Installer Ser ...) NOT-FOR-US: Microsoft CVE-2020-0727 (An elevation of privilege vulnerability exists when the Connected User ...) NOT-FOR-US: Microsoft CVE-2020-0726 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0725 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0724 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0723 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0722 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0721 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0720 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0719 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0718 RESERVED CVE-2020-0717 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0716 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0715 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0714 (An information disclosure vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0713 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0712 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0711 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0710 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0709 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0708 (A remote code execution vulnerability exists when the Windows Imaging ...) NOT-FOR-US: Microsoft CVE-2020-0707 (An elevation of privilege vulnerability exists when the Windows IME im ...) NOT-FOR-US: Microsoft CVE-2020-0706 (An information disclosure vulnerability exists in the way that affecte ...) NOT-FOR-US: Microsoft CVE-2020-0705 (An information disclosure vulnerability exists when the Windows Networ ...) NOT-FOR-US: Microsoft CVE-2020-0704 (An elevation of privilege vulnerability exists when the Windows Wirele ...) NOT-FOR-US: Microsoft CVE-2020-0703 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-0702 (A security feature bypass vulnerability exists in Surface Hub when pro ...) NOT-FOR-US: Microsoft CVE-2020-0701 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0700 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2020-0699 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0698 (An information disclosure vulnerability exists when the Telephony Serv ...) NOT-FOR-US: Microsoft CVE-2020-0697 (An elevation of privilege vulnerability exists in Microsoft Office OLi ...) NOT-FOR-US: Microsoft CVE-2020-0696 (A security feature bypass vulnerability exists in Microsoft Outlook so ...) NOT-FOR-US: Microsoft CVE-2020-0695 (A spoofing vulnerability exists when Office Online Server does not val ...) NOT-FOR-US: Microsoft CVE-2020-0694 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0693 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0692 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...) NOT-FOR-US: Microsoft CVE-2020-0691 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0690 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0689 (A security feature bypass vulnerability exists in secure boot, aka 'Mi ...) NOT-FOR-US: Microsoft CVE-2020-0688 (A remote code execution vulnerability exists in Microsoft Exchange sof ...) NOT-FOR-US: Microsoft CVE-2020-0687 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2020-0686 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0685 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0684 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-0683 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0682 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0681 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0680 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0679 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0678 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0677 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0676 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0675 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0674 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0673 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0672 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0671 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0670 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0669 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0668 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0667 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0666 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0665 (An elevation of privilege vulnerability exists in Active Directory For ...) NOT-FOR-US: Microsoft CVE-2020-0664 RESERVED CVE-2020-0663 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...) NOT-FOR-US: Microsoft CVE-2020-0662 (A remote code execution vulnerability exists in the way that Windows h ...) NOT-FOR-US: Microsoft CVE-2020-0661 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0660 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...) NOT-FOR-US: Microsoft CVE-2020-0659 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2020-0658 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0657 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-0656 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-0655 (A remote code execution vulnerability exists in Remote Desktop Service ...) NOT-FOR-US: Microsoft CVE-2020-0654 (A security feature bypass vulnerability exists in Microsoft OneDrive A ...) NOT-FOR-US: Microsoft CVE-2020-0653 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0652 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-0651 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0650 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0649 RESERVED CVE-2020-0648 RESERVED CVE-2020-0647 (A spoofing vulnerability exists when Office Online does not validate o ...) NOT-FOR-US: Microsoft CVE-2020-0646 (A remote code execution vulnerability exists when the Microsoft .NET F ...) NOT-FOR-US: Microsoft CVE-2020-0645 (A tampering vulnerability exists when Microsoft IIS Server improperly ...) NOT-FOR-US: Microsoft CVE-2020-0644 (An elevation of privilege vulnerability exists when Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2020-0643 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0642 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0641 (An elevation of privilege vulnerability exists in Windows Media Servic ...) NOT-FOR-US: Microsoft CVE-2020-0640 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-0639 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0638 (An elevation of privilege vulnerability exists in the way the Update N ...) NOT-FOR-US: Microsoft CVE-2020-0637 (An information disclosure vulnerability exists when Remote Desktop Web ...) NOT-FOR-US: Microsoft CVE-2020-0636 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0635 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2020-0634 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-0633 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0632 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0631 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0630 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0629 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0628 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0627 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0626 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0625 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0624 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0623 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0622 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0621 (A security feature bypass vulnerability exists in Windows 10 when thir ...) NOT-FOR-US: Microsoft CVE-2020-0620 (An elevation of privilege vulnerability exists when Microsoft Cryptogr ...) NOT-FOR-US: Microsoft CVE-2020-0619 RESERVED CVE-2020-0618 (A remote code execution vulnerability exists in Microsoft SQL Server R ...) NOT-FOR-US: Microsoft CVE-2020-0617 (A denial of service vulnerability exists when Microsoft Hyper-V Virtua ...) NOT-FOR-US: Microsoft CVE-2020-0616 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2020-0615 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0614 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0613 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0612 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...) NOT-FOR-US: Microsoft CVE-2020-0611 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0610 (A remote code execution vulnerability exists in Windows Remote Desktop ...) NOT-FOR-US: Microsoft CVE-2020-0609 (A remote code execution vulnerability exists in Windows Remote Desktop ...) NOT-FOR-US: Microsoft CVE-2020-0608 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0607 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-0606 (A remote code execution vulnerability exists in .NET software when the ...) NOT-FOR-US: Microsoft CVE-2020-0605 (A remote code execution vulnerability exists in .NET software when the ...) NOT-FOR-US: Microsoft CVE-2020-0604 RESERVED CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core software ...) NOT-FOR-US: Microsoft CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: Microsoft CVE-2020-0601 (A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32. ...) NOT-FOR-US: Microsoft CVE-2020-0600 (Improper buffer restrictions in firmware for some Intel(R) NUC may all ...) NOT-FOR-US: Intel CVE-2020-0599 RESERVED CVE-2020-0598 (Uncontrolled search path in the installer for the Intel(R) Binary Conf ...) NOT-FOR-US: Intel CVE-2020-0597 RESERVED CVE-2020-0596 RESERVED CVE-2020-0595 RESERVED CVE-2020-0594 RESERVED CVE-2020-0593 RESERVED CVE-2020-0592 RESERVED CVE-2020-0591 RESERVED CVE-2020-0590 RESERVED CVE-2020-0589 RESERVED CVE-2020-0588 RESERVED CVE-2020-0587 RESERVED CVE-2020-0586 RESERVED CVE-2020-0585 RESERVED CVE-2020-0584 RESERVED CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart Sound Tech ...) NOT-FOR-US: Intel CVE-2020-0582 RESERVED CVE-2020-0581 RESERVED CVE-2020-0580 RESERVED CVE-2020-0579 RESERVED CVE-2020-0578 (Improper conditions check for Intel(R) Modular Server MFS2600KISPP Com ...) NOT-FOR-US: Intel CVE-2020-0577 (Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Com ...) NOT-FOR-US: Intel CVE-2020-0576 (Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module ...) NOT-FOR-US: Intel CVE-2020-0575 RESERVED CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...) NOT-FOR-US: Intel CVE-2020-0573 RESERVED CVE-2020-0572 RESERVED CVE-2020-0571 RESERVED CVE-2020-0570 RESERVED - qtbase-opensource-src 5.12.5+dfsg-8 [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3 [stretch] - qtbase-opensource-src (Only affects 5.12.0 through 5.14.0) [jessie] - qtbase-opensource-src (Only affects 5.12.0 through 5.14.0) NOTE: https://bugreports.qt.io/browse/QTBUG-81272 NOTE: Patch: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63fb16b2df239f82a89d2bf05dd NOTE: https://lists.qt-project.org/pipermail/development/2020-January/038534.html CVE-2020-0569 RESERVED {DSA-4617-1 DLA-2092-1} - qtbase-opensource-src 5.12.5+dfsg-8 NOTE: Patch for 5.6.0 through 5.13.2: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404 NOTE: Patch for 5.0.0 through 5.5.1: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d CVE-2020-0568 (Race condition in the Intel(R) Driver and Support Assistant before ver ...) NOT-FOR-US: Intel CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before version ...) NOT-FOR-US: Intel graphics driver for Windows CVE-2020-0566 RESERVED CVE-2020-0565 (Uncontrolled search path in Intel(R) Graphics Drivers before version 2 ...) NOT-FOR-US: Intel graphics driver for Windows CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for Windows be ...) NOT-FOR-US: Intel CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before version ...) NOT-FOR-US: Intel CVE-2020-0562 (Improper permissions in the installer for Intel(R) RWC2, all versions, ...) NOT-FOR-US: Intel CVE-2020-0561 (Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may ...) NOT-FOR-US: Intel CVE-2020-0560 (Improper permissions in the installer for the Intel(R) Renesas Electro ...) NOT-FOR-US: Intel CVE-2020-0559 RESERVED CVE-2020-0558 (Improper buffer restrictions in kernel mode driver for Intel(R) PROSet ...) NOT-FOR-US: Intel CVE-2020-0557 (Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi produc ...) NOT-FOR-US: Intel CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...) {DSA-4647-1} - bluez 5.50-1.1 (bug #953770) NOTE: https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1 NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html NOTE: Second commit introduces new configuration option "ClassicBondedOnly" which defaults NOTE: to false, and allows to make sure that input connections only come from bonded NOTE: device connections. NOTE: Followup commits to avoid (functional) regression: NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519 NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e CVE-2020-0555 RESERVED CVE-2020-0554 RESERVED CVE-2020-0553 RESERVED CVE-2020-0552 RESERVED CVE-2020-0551 (Load value injection in some Intel(R) Processors utilizing speculative ...) NOTE: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection NOTE: https://xenbits.xen.org/xsa/advisory-315.html NOTE: https://lviattack.eu/ NOTE: No mitigation will provided by this issue in software, primarily impacts Intel SGX NOTE: binutils/toolchain updates will include a patch that optionally emits lfence NOTE: instructions in problematic situations (but have performance impact), cf. NOTE: https://sourceware.org/pipermail/binutils/2020-March/110175.html CVE-2020-0550 (Improper data forwarding in some data cache for some Intel(R) Processo ...) NOTE: Intel is (currently) no planning to release microcode updates to mitigate issue. NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling NOTE: https://software.intel.com/security-software-guidance/insights/processors-affected-snoop-assisted-l1-data-sampling CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...) - intel-microcode [buster] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) [stretch] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) [jessie] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling NOTE: https://cacheoutattack.com/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated ...) - intel-microcode [buster] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) [stretch] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) [jessie] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html CVE-2020-0547 (Incorrect default permissions in the installer for Intel(R) Data Migra ...) NOT-FOR-US: Intel CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Modu ...) NOT-FOR-US: Intel CVE-2020-0545 RESERVED CVE-2020-0544 RESERVED CVE-2020-0543 RESERVED CVE-2020-0542 RESERVED CVE-2020-0541 RESERVED CVE-2020-0540 RESERVED CVE-2020-0539 RESERVED CVE-2020-0538 RESERVED CVE-2020-0537 RESERVED CVE-2020-0536 RESERVED CVE-2020-0535 RESERVED CVE-2020-0534 RESERVED CVE-2020-0533 RESERVED CVE-2020-0532 RESERVED CVE-2020-0531 RESERVED CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may allow an ...) NOT-FOR-US: Intel CVE-2020-0529 RESERVED CVE-2020-0528 RESERVED CVE-2020-0527 RESERVED CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...) NOT-FOR-US: Intel CVE-2020-0525 RESERVED CVE-2020-0524 RESERVED CVE-2020-0523 RESERVED CVE-2020-0522 RESERVED CVE-2020-0521 RESERVED CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...) NOT-FOR-US: Intel CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0518 RESERVED CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) Graphic ...) NOT-FOR-US: Intel CVE-2020-0514 (Improper default permissions in the installer for Intel(R) Graphics Dr ...) NOT-FOR-US: Intel CVE-2020-0513 RESERVED CVE-2020-0512 RESERVED CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics Drivers befo ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0510 RESERVED CVE-2020-0509 RESERVED CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...) NOT-FOR-US: Intel CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before versions 15. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before versions 1 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0505 (Improper conditions check in Intel(R) Graphics Drivers before versions ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0504 (Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0503 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0502 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0501 (Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0500 RESERVED CVE-2020-0499 RESERVED CVE-2020-0498 RESERVED CVE-2020-0497 RESERVED CVE-2020-0496 RESERVED CVE-2020-0495 RESERVED CVE-2020-0494 RESERVED CVE-2020-0493 RESERVED CVE-2020-0492 RESERVED CVE-2020-0491 RESERVED CVE-2020-0490 RESERVED CVE-2020-0489 RESERVED CVE-2020-0488 RESERVED CVE-2020-0487 RESERVED CVE-2020-0486 RESERVED CVE-2020-0485 RESERVED CVE-2020-0484 RESERVED CVE-2020-0483 RESERVED CVE-2020-0482 RESERVED CVE-2020-0481 RESERVED CVE-2020-0480 RESERVED CVE-2020-0479 RESERVED CVE-2020-0478 RESERVED CVE-2020-0477 RESERVED CVE-2020-0476 RESERVED CVE-2020-0475 RESERVED CVE-2020-0474 RESERVED CVE-2020-0473 RESERVED CVE-2020-0472 RESERVED CVE-2020-0471 RESERVED CVE-2020-0470 RESERVED CVE-2020-0469 RESERVED CVE-2020-0468 RESERVED CVE-2020-0467 RESERVED CVE-2020-0466 RESERVED CVE-2020-0465 RESERVED CVE-2020-0464 RESERVED CVE-2020-0463 RESERVED CVE-2020-0462 RESERVED CVE-2020-0461 RESERVED CVE-2020-0460 RESERVED CVE-2020-0459 RESERVED CVE-2020-0458 RESERVED CVE-2020-0457 RESERVED CVE-2020-0456 RESERVED CVE-2020-0455 RESERVED CVE-2020-0454 RESERVED CVE-2020-0453 RESERVED CVE-2020-0452 RESERVED CVE-2020-0451 RESERVED CVE-2020-0450 RESERVED CVE-2020-0449 RESERVED CVE-2020-0448 RESERVED CVE-2020-0447 RESERVED CVE-2020-0446 RESERVED CVE-2020-0445 RESERVED CVE-2020-0444 RESERVED CVE-2020-0443 RESERVED CVE-2020-0442 RESERVED CVE-2020-0441 RESERVED CVE-2020-0440 RESERVED CVE-2020-0439 RESERVED CVE-2020-0438 RESERVED CVE-2020-0437 RESERVED CVE-2020-0436 RESERVED CVE-2020-0435 RESERVED CVE-2020-0434 RESERVED CVE-2020-0433 RESERVED CVE-2020-0432 RESERVED CVE-2020-0431 RESERVED CVE-2020-0430 RESERVED CVE-2020-0429 RESERVED CVE-2020-0428 RESERVED CVE-2020-0427 RESERVED CVE-2020-0426 RESERVED CVE-2020-0425 RESERVED CVE-2020-0424 RESERVED CVE-2020-0423 RESERVED CVE-2020-0422 RESERVED CVE-2020-0421 RESERVED CVE-2020-0420 RESERVED CVE-2020-0419 RESERVED CVE-2020-0418 RESERVED CVE-2020-0417 RESERVED CVE-2020-0416 RESERVED CVE-2020-0415 RESERVED CVE-2020-0414 RESERVED CVE-2020-0413 RESERVED CVE-2020-0412 RESERVED CVE-2020-0411 RESERVED CVE-2020-0410 RESERVED CVE-2020-0409 RESERVED CVE-2020-0408 RESERVED CVE-2020-0407 RESERVED CVE-2020-0406 RESERVED CVE-2020-0405 RESERVED CVE-2020-0404 RESERVED CVE-2020-0403 RESERVED CVE-2020-0402 RESERVED CVE-2020-0401 RESERVED CVE-2020-0400 RESERVED CVE-2020-0399 RESERVED CVE-2020-0398 RESERVED CVE-2020-0397 RESERVED CVE-2020-0396 RESERVED CVE-2020-0395 RESERVED CVE-2020-0394 RESERVED CVE-2020-0393 RESERVED CVE-2020-0392 RESERVED CVE-2020-0391 RESERVED CVE-2020-0390 RESERVED CVE-2020-0389 RESERVED CVE-2020-0388 RESERVED CVE-2020-0387 RESERVED CVE-2020-0386 RESERVED CVE-2020-0385 RESERVED CVE-2020-0384 RESERVED CVE-2020-0383 RESERVED CVE-2020-0382 RESERVED CVE-2020-0381 RESERVED CVE-2020-0380 RESERVED CVE-2020-0379 RESERVED CVE-2020-0378 RESERVED CVE-2020-0377 RESERVED CVE-2020-0376 RESERVED CVE-2020-0375 RESERVED CVE-2020-0374 RESERVED CVE-2020-0373 RESERVED CVE-2020-0372 RESERVED CVE-2020-0371 RESERVED CVE-2020-0370 RESERVED CVE-2020-0369 RESERVED CVE-2020-0368 RESERVED CVE-2020-0367 RESERVED CVE-2020-0366 RESERVED CVE-2020-0365 RESERVED CVE-2020-0364 RESERVED CVE-2020-0363 RESERVED CVE-2020-0362 RESERVED CVE-2020-0361 RESERVED CVE-2020-0360 RESERVED CVE-2020-0359 RESERVED CVE-2020-0358 RESERVED CVE-2020-0357 RESERVED CVE-2020-0356 RESERVED CVE-2020-0355 RESERVED CVE-2020-0354 RESERVED CVE-2020-0353 RESERVED CVE-2020-0352 RESERVED CVE-2020-0351 RESERVED CVE-2020-0350 RESERVED CVE-2020-0349 RESERVED CVE-2020-0348 RESERVED CVE-2020-0347 RESERVED CVE-2020-0346 RESERVED CVE-2020-0345 RESERVED CVE-2020-0344 RESERVED CVE-2020-0343 RESERVED CVE-2020-0342 RESERVED CVE-2020-0341 RESERVED CVE-2020-0340 RESERVED CVE-2020-0339 RESERVED CVE-2020-0338 RESERVED CVE-2020-0337 RESERVED CVE-2020-0336 RESERVED CVE-2020-0335 RESERVED CVE-2020-0334 RESERVED CVE-2020-0333 RESERVED CVE-2020-0332 RESERVED CVE-2020-0331 RESERVED CVE-2020-0330 RESERVED CVE-2020-0329 RESERVED CVE-2020-0328 RESERVED CVE-2020-0327 RESERVED CVE-2020-0326 RESERVED CVE-2020-0325 RESERVED CVE-2020-0324 RESERVED CVE-2020-0323 RESERVED CVE-2020-0322 RESERVED CVE-2020-0321 RESERVED CVE-2020-0320 RESERVED CVE-2020-0319 RESERVED CVE-2020-0318 RESERVED CVE-2020-0317 RESERVED CVE-2020-0316 RESERVED CVE-2020-0315 RESERVED CVE-2020-0314 RESERVED CVE-2020-0313 RESERVED CVE-2020-0312 RESERVED CVE-2020-0311 RESERVED CVE-2020-0310 RESERVED CVE-2020-0309 RESERVED CVE-2020-0308 RESERVED CVE-2020-0307 RESERVED CVE-2020-0306 RESERVED CVE-2020-0305 RESERVED CVE-2020-0304 RESERVED CVE-2020-0303 RESERVED CVE-2020-0302 RESERVED CVE-2020-0301 RESERVED CVE-2020-0300 RESERVED CVE-2020-0299 RESERVED CVE-2020-0298 RESERVED CVE-2020-0297 RESERVED CVE-2020-0296 RESERVED CVE-2020-0295 RESERVED CVE-2020-0294 RESERVED CVE-2020-0293 RESERVED CVE-2020-0292 RESERVED CVE-2020-0291 RESERVED CVE-2020-0290 RESERVED CVE-2020-0289 RESERVED CVE-2020-0288 RESERVED CVE-2020-0287 RESERVED CVE-2020-0286 RESERVED CVE-2020-0285 RESERVED CVE-2020-0284 RESERVED CVE-2020-0283 RESERVED CVE-2020-0282 RESERVED CVE-2020-0281 RESERVED CVE-2020-0280 RESERVED CVE-2020-0279 RESERVED CVE-2020-0278 RESERVED CVE-2020-0277 RESERVED CVE-2020-0276 RESERVED CVE-2020-0275 RESERVED CVE-2020-0274 RESERVED CVE-2020-0273 RESERVED CVE-2020-0272 RESERVED CVE-2020-0271 RESERVED CVE-2020-0270 RESERVED CVE-2020-0269 RESERVED CVE-2020-0268 RESERVED CVE-2020-0267 RESERVED CVE-2020-0266 RESERVED CVE-2020-0265 RESERVED CVE-2020-0264 RESERVED CVE-2020-0263 RESERVED CVE-2020-0262 RESERVED CVE-2020-0261 RESERVED CVE-2020-0260 RESERVED CVE-2020-0259 RESERVED CVE-2020-0258 RESERVED CVE-2020-0257 RESERVED CVE-2020-0256 RESERVED CVE-2020-0255 RESERVED CVE-2020-0254 RESERVED CVE-2020-0253 RESERVED CVE-2020-0252 RESERVED CVE-2020-0251 RESERVED CVE-2020-0250 RESERVED CVE-2020-0249 RESERVED CVE-2020-0248 RESERVED CVE-2020-0247 RESERVED CVE-2020-0246 RESERVED CVE-2020-0245 RESERVED CVE-2020-0244 RESERVED CVE-2020-0243 RESERVED CVE-2020-0242 RESERVED CVE-2020-0241 RESERVED CVE-2020-0240 RESERVED CVE-2020-0239 RESERVED CVE-2020-0238 RESERVED CVE-2020-0237 RESERVED CVE-2020-0236 RESERVED CVE-2020-0235 RESERVED CVE-2020-0234 RESERVED CVE-2020-0233 RESERVED CVE-2020-0232 RESERVED CVE-2020-0231 RESERVED CVE-2020-0230 RESERVED CVE-2020-0229 RESERVED CVE-2020-0228 RESERVED CVE-2020-0227 RESERVED CVE-2020-0226 RESERVED CVE-2020-0225 RESERVED CVE-2020-0224 RESERVED CVE-2020-0223 RESERVED CVE-2020-0222 RESERVED CVE-2020-0221 (Airbrush FW's scratch memory allocator is susceptible to numeric overf ...) TODO: check CVE-2020-0220 (In crus_afe_callback of msm-cirrus-playback.c, there is a possible out ...) TODO: check CVE-2020-0219 RESERVED CVE-2020-0218 RESERVED CVE-2020-0217 RESERVED CVE-2020-0216 RESERVED CVE-2020-0215 RESERVED CVE-2020-0214 RESERVED CVE-2020-0213 RESERVED CVE-2020-0212 RESERVED CVE-2020-0211 RESERVED CVE-2020-0210 RESERVED CVE-2020-0209 RESERVED CVE-2020-0208 RESERVED CVE-2020-0207 RESERVED CVE-2020-0206 RESERVED CVE-2020-0205 RESERVED CVE-2020-0204 RESERVED CVE-2020-0203 RESERVED CVE-2020-0202 RESERVED CVE-2020-0201 RESERVED CVE-2020-0200 RESERVED CVE-2020-0199 RESERVED CVE-2020-0198 RESERVED CVE-2020-0197 RESERVED CVE-2020-0196 RESERVED CVE-2020-0195 RESERVED CVE-2020-0194 RESERVED CVE-2020-0193 RESERVED CVE-2020-0192 RESERVED CVE-2020-0191 RESERVED CVE-2020-0190 RESERVED CVE-2020-0189 RESERVED CVE-2020-0188 RESERVED CVE-2020-0187 RESERVED CVE-2020-0186 RESERVED CVE-2020-0185 RESERVED CVE-2020-0184 RESERVED CVE-2020-0183 RESERVED CVE-2020-0182 RESERVED CVE-2020-0181 RESERVED CVE-2020-0180 RESERVED CVE-2020-0179 RESERVED CVE-2020-0178 RESERVED CVE-2020-0177 RESERVED CVE-2020-0176 RESERVED CVE-2020-0175 RESERVED CVE-2020-0174 RESERVED CVE-2020-0173 RESERVED CVE-2020-0172 RESERVED CVE-2020-0171 RESERVED CVE-2020-0170 RESERVED CVE-2020-0169 RESERVED CVE-2020-0168 RESERVED CVE-2020-0167 RESERVED CVE-2020-0166 RESERVED CVE-2020-0165 RESERVED CVE-2020-0164 RESERVED CVE-2020-0163 RESERVED CVE-2020-0162 RESERVED CVE-2020-0161 RESERVED CVE-2020-0160 RESERVED CVE-2020-0159 RESERVED CVE-2020-0158 RESERVED CVE-2020-0157 RESERVED CVE-2020-0156 RESERVED CVE-2020-0155 RESERVED CVE-2020-0154 RESERVED CVE-2020-0153 RESERVED CVE-2020-0152 RESERVED CVE-2020-0151 RESERVED CVE-2020-0150 RESERVED CVE-2020-0149 RESERVED CVE-2020-0148 RESERVED CVE-2020-0147 RESERVED CVE-2020-0146 RESERVED CVE-2020-0145 RESERVED CVE-2020-0144 RESERVED CVE-2020-0143 RESERVED CVE-2020-0142 RESERVED CVE-2020-0141 RESERVED CVE-2020-0140 RESERVED CVE-2020-0139 RESERVED CVE-2020-0138 RESERVED CVE-2020-0137 RESERVED CVE-2020-0136 RESERVED CVE-2020-0135 RESERVED CVE-2020-0134 RESERVED CVE-2020-0133 RESERVED CVE-2020-0132 RESERVED CVE-2020-0131 RESERVED CVE-2020-0130 RESERVED CVE-2020-0129 RESERVED CVE-2020-0128 RESERVED CVE-2020-0127 RESERVED CVE-2020-0126 RESERVED CVE-2020-0125 RESERVED CVE-2020-0124 RESERVED CVE-2020-0123 RESERVED CVE-2020-0122 RESERVED CVE-2020-0121 RESERVED CVE-2020-0120 RESERVED CVE-2020-0119 RESERVED CVE-2020-0118 RESERVED CVE-2020-0117 RESERVED CVE-2020-0116 RESERVED CVE-2020-0115 RESERVED CVE-2020-0114 RESERVED CVE-2020-0113 RESERVED CVE-2020-0112 RESERVED CVE-2020-0111 RESERVED CVE-2020-0110 (In psi_write of psi.c, there is a possible out of bounds write due to ...) - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/6fcca0fa48118e6d63733eb4644c6cd880c15b8f (5.6-rc2) CVE-2020-0109 (In simulatePackageSuspendBroadcast of NotificationManagerService.java, ...) NOT-FOR-US: Android CVE-2020-0108 RESERVED CVE-2020-0107 RESERVED CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0105 (In onKeyguardVisibilityChanged of key_store_service.cpp, there is a mi ...) NOT-FOR-US: Android CVE-2020-0104 (In onShowingStateChanged of KeyguardStateMonitor.java, there is a poss ...) NOT-FOR-US: Android CVE-2020-0103 (In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0102 (In GattServer::SendResponse of gatt_server.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0101 (In BnCrypto::onTransact of ICrypto.cpp, there is a possible informatio ...) TODO: check CVE-2020-0100 (In onTransact of IHDCP.cpp, there is a possible out of bounds read due ...) TODO: check CVE-2020-0099 RESERVED CVE-2020-0098 (In navigateUpToLocked of ActivityStack.java, there is a possible permi ...) NOT-FOR-US: Android CVE-2020-0097 (In various methods of PackageManagerService.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0096 (In startActivities of ActivityStartController.java, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0095 RESERVED CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possi ...) TODO: check CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a possible out o ...) {DLA-2214-1} - libexif 0.6.21-8 [buster] - libexif (Minor issue) [stretch] - libexif (Minor issue) NOTE: https://github.com/libexif/libexif/issues/42 NOTE: https://github.com/libexif/libexif/commit/5ae5973bed1947f4d447dc80b76d5cefadd90133 CVE-2020-0092 (In setHideSensitive of NotificationStackScrollLayout.java, there is a ...) NOT-FOR-US: Android CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for meta fac ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0090 (An improper authorization in the receiver component of Email.Product: ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0089 RESERVED CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible re ...) NOT-FOR-US: Android Media Framework CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...) NOT-FOR-US: Android CVE-2020-0086 (In readCString of Parcel.cpp, there is a possible out of bounds write ...) NOT-FOR-US: Android Media Framework CVE-2020-0085 (In setBluetoothTethering of PanService.java, there is a possible permi ...) NOT-FOR-US: Android CVE-2020-0084 (In several functions of NotificationManagerService.java, there are mis ...) NOT-FOR-US: Android CVE-2020-0083 (In setRequirePmfInternal of sta_network.cpp, there is a possible defau ...) NOT-FOR-US: Android CVE-2020-0082 (In ExternalVibration of ExternalVibration.java, there is a possible ac ...) NOT-FOR-US: Android CVE-2020-0081 (In finalize of AssetManager.java, there is possible memory corruption ...) NOT-FOR-US: Android CVE-2020-0080 (In onOpActiveChanged and related methods of AppOpsControllerImpl.java, ...) NOT-FOR-US: Android CVE-2020-0079 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0078 (In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2020-0077 (In authorize_enroll of the FPC IRIS TrustZone app, there is a possible ...) NOT-FOR-US: Android CVE-2020-0076 (In get_auth_result of the FPC IRIS TrustZone app, there is a possible ...) NOT-FOR-US: Android CVE-2020-0075 (In set_shared_key of the FPC IRIS TrustZone app, there is a possible o ...) NOT-FOR-US: Android CVE-2020-0074 RESERVED CVE-2020-0073 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-0072 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-0071 (In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a pos ...) NOT-FOR-US: Android CVE-2020-0070 (In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0069 (In the ioctl handlers of the Mediatek Command Queue driver, there is a ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0068 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0067 (In f2fs_xattr_generic_list of xattr.c, there is a possible out of boun ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [jessie] - linux (f2fs is not supportable) NOTE: https://git.kernel.org/linus/688078e7f36c293dae25b338ddc9e0a2790f6e06 CVE-2020-0066 (In the netlink driver, there is a possible out of bounds write due to ...) - linux 4.2.5-1 [jessie] - linux 3.16.7-ckt20-1 NOTE: https://git.kernel.org/linus/db65a3aaf29ecce2e34271d52e8d2336b97bd9fe CVE-2020-0065 (An improper authorization in the receiver component of the Android Sui ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0064 (An improper authorization while processing the provisioning data.Produ ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0063 (In SurfaceFlinger, it is possible to override UI confirmation screen p ...) NOT-FOR-US: Android CVE-2020-0062 (In Euicc, there is a possible information disclosure due to an include ...) NOT-FOR-US: Android CVE-2020-0061 (In Pixel Recorder, there is a possible permissions bypass allowing arb ...) NOT-FOR-US: Android CVE-2020-0060 (In query of SmsProvider.java and MmsSmsProvider.java, there is a possi ...) NOT-FOR-US: Android CVE-2020-0059 (In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.c ...) NOT-FOR-US: Android CVE-2020-0058 (In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0057 (In btm_process_inq_results of btm_inq.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2020-0056 (In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0055 (In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a poss ...) NOT-FOR-US: Android CVE-2020-0054 (In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java ...) NOT-FOR-US: Android CVE-2020-0053 (In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanD ...) NOT-FOR-US: Android CVE-2020-0052 (In smsSelected of AnswerFragment.java, there is a way to send an SMS f ...) NOT-FOR-US: Android CVE-2020-0051 (In onCreate of SettingsHomepageActivity, there is a possible tapjackin ...) NOT-FOR-US: Android CVE-2020-0050 (In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2020-0049 (In onReadBuffer() of StreamingSource.cpp, there is a possible informat ...) NOT-FOR-US: Android media framework CVE-2020-0048 (In onTransact of IAudioFlinger.cpp, there is a possible stack informat ...) NOT-FOR-US: Android media framework CVE-2020-0047 (In setMasterMute of AudioService.java, there is a missing permission c ...) NOT-FOR-US: Android media framework CVE-2020-0046 (In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible ...) NOT-FOR-US: Android media framework CVE-2020-0045 (In StatsService::command of StatsService.cpp, there is possible memory ...) NOT-FOR-US: Android CVE-2020-0044 (In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds re ...) NOT-FOR-US: FPC components for Android CVE-2020-0043 (In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bou ...) NOT-FOR-US: FPC components for Android CVE-2020-0042 (In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a poss ...) NOT-FOR-US: FPC components for Android CVE-2020-0041 (In binder_transaction of binder.c, there is a possible out of bounds w ...) - linux 5.4.6-1 [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2 CVE-2020-0040 RESERVED NOTE: Duplicate of CVE-2019-15239, will be rejected CVE-2020-0039 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...) NOT-FOR-US: Android CVE-2020-0038 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...) NOT-FOR-US: Android CVE-2020-0037 (In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2020-0036 (In hasPermissions of PermissionMonitor.java, there is a possible acces ...) NOT-FOR-US: Android CVE-2020-0035 (In query of TelephonyProvider.java, there is a possible access to SIM ...) NOT-FOR-US: Android CVE-2020-0034 (In vp8_decode_frame of decodeframe.c, there is a possible out of bound ...) {DLA-2136-1} - libvpx 1.7.0-3 [stretch] - libvpx (Minor issue) NOTE: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a CVE-2020-0033 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) NOT-FOR-US: Android media framework CVE-2020-0032 (In ih264d_release_display_bufs of ih264d_utils.c, there is a possible ...) NOT-FOR-US: Android media framework CVE-2020-0031 (In triggerAugmentedAutofillLocked and related functions of Session.jav ...) NOT-FOR-US: Android CVE-2020-0030 (In binder_thread_release of binder.c, there is a possible use after fr ...) - linux 4.15.11-1 NOTE: Fixed by: https://git.kernel.org/linus/5eeb2ca02a2f6084fc57ae5c244a38baab07033a CVE-2020-0029 (In the WifiConfigManager, there is a possible storage of location hist ...) NOT-FOR-US: Android CVE-2020-0028 (In notifyNetworkTested and related functions of NetworkMonitor.java, t ...) NOT-FOR-US: Android CVE-2020-0027 (In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of ...) NOT-FOR-US: Android CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible memory corru ...) NOT-FOR-US: Android CVE-2020-0025 RESERVED CVE-2020-0024 (In onCreate of SettingsBaseActivity.java, there is a possible unauthor ...) NOT-FOR-US: Android CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there is a pos ...) NOT-FOR-US: Android CVE-2020-0022 (In reassemble_and_dispatch of packet_fragmenter.cc, there is possible ...) NOT-FOR-US: Android CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there is a p ...) NOT-FOR-US: Android CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible failur ...) NOT-FOR-US: Android CVE-2020-0019 RESERVED CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there is a p ...) NOT-FOR-US: Android CVE-2020-0017 (In multiple places, it was possible for the primary user’s dicti ...) NOT-FOR-US: Android CVE-2020-0016 RESERVED CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to overlay ...) NOT-FOR-US: Android CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TOAST w ...) NOT-FOR-US: Android CVE-2020-0013 RESERVED CVE-2020-0012 (In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible ...) NOT-FOR-US: FPC components for Android CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bou ...) NOT-FOR-US: FPC components for Android CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...) NOT-FOR-US: FPC components for Android CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [jessie] - linux (Driver is not enabled or supported) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1949 CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there ...) NOT-FOR-US: Android CVE-2020-0007 (In flattenString8 of Sensor.cpp, there is a possible information discl ...) NOT-FOR-US: Android CVE-2020-0006 (In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0005 (In btm_read_remote_ext_features_complete of btm_acl.cc, there is a pos ...) NOT-FOR-US: Android CVE-2020-0004 (In generateCrop of WallpaperManagerService.java, there is a possible s ...) NOT-FOR-US: Android CVE-2020-0003 (In onCreate of InstallStart.java, there is a possible package validati ...) NOT-FOR-US: Android CVE-2020-0002 (In ih264d_init_decoder of ih264d_api.c, there is a possible out of bou ...) NOT-FOR-US: Android Media Framework CVE-2020-0001 (In getProcessRecordLocked of ActivityManagerService.java isolated apps ...) NOT-FOR-US: Android