CVE-2020-11684 RESERVED CVE-2020-11683 RESERVED CVE-2020-11682 RESERVED CVE-2020-11681 RESERVED CVE-2020-11680 RESERVED CVE-2020-11679 RESERVED CVE-2020-11678 RESERVED CVE-2020-11677 RESERVED CVE-2020-11676 RESERVED CVE-2020-11675 RESERVED CVE-2020-11674 RESERVED CVE-2020-11673 RESERVED CVE-2020-11672 RESERVED CVE-2020-11671 RESERVED CVE-2020-11670 RESERVED CVE-2020-11669 RESERVED CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) - linux NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 CVE-2020-11667 RESERVED CVE-2020-11666 RESERVED CVE-2020-11665 RESERVED CVE-2020-11664 RESERVED CVE-2020-11663 RESERVED CVE-2020-11662 RESERVED CVE-2020-11661 RESERVED CVE-2020-11660 RESERVED CVE-2020-11659 RESERVED CVE-2020-11658 RESERVED CVE-2020-11657 RESERVED CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) TODO: check CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) TODO: check CVE-2020-11654 RESERVED CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...) - varnish (bug #956307) [stretch] - varnish (Only affects 6.x) [jessie] - varnish (Only affects 6.x) NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005 NOTE: https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62 CVE-2020-11652 RESERVED CVE-2020-11651 RESERVED CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS 11.2 and 11.3 before 11.3 ...) NOT-FOR-US: FreeNAS CVE-2020-11649 RESERVED CVE-2020-11648 RESERVED CVE-2020-11647 RESERVED CVE-2020-11646 RESERVED CVE-2020-11645 RESERVED CVE-2020-11644 RESERVED CVE-2020-11643 RESERVED CVE-2020-11642 RESERVED CVE-2020-11641 RESERVED CVE-2020-11640 RESERVED CVE-2020-11639 RESERVED CVE-2020-11638 RESERVED CVE-2020-11637 RESERVED CVE-2020-11636 RESERVED CVE-2020-11635 RESERVED CVE-2020-11634 RESERVED CVE-2020-11633 RESERVED CVE-2020-11632 RESERVED CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11629 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11628 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11627 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11625 RESERVED CVE-2020-11624 RESERVED CVE-2020-11623 RESERVED CVE-2020-11622 RESERVED CVE-2020-11621 RESERVED CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2682 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2680 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11618 RESERVED CVE-2020-11617 RESERVED CVE-2020-11616 RESERVED CVE-2020-11615 RESERVED CVE-2020-11614 RESERVED CVE-2020-11613 RESERVED CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...) - netty 1:4.1.48-1 NOTE: https://github.com/netty/netty/issues/6168 NOTE: https://github.com/netty/netty/pull/9924 NOTE: https://github.com/netty/netty/commit/1543218d3e7afcb33a90b728b14370395a3deca0 CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The buildMess ...) NOT-FOR-US: xdLocalStorage CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...) NOT-FOR-US: xdLocalStorage CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...) - linux NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205 CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...) - linux NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 CVE-2020-11607 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11606 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11605 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11604 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11603 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11602 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11601 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11599 (An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. Ge ...) NOT-FOR-US: CIPPlanner CVE-2020-11598 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upl ...) NOT-FOR-US: CIPPlanner CVE-2020-11597 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11596 (A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Bu ...) NOT-FOR-US: CIPPlanner CVE-2020-11595 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11594 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11593 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11592 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11591 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11590 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11589 (An Insecure Direct Object Reference issue was discovered in CIPPlanner ...) NOT-FOR-US: CIPPlanner CVE-2020-11588 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11587 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11586 (An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. ...) NOT-FOR-US: CIPPlanner CVE-2020-11585 (There is an information disclosure issue in DNN (formerly DotNetNuke) ...) NOT-FOR-US: DNN (formerly DotNetNuke) CVE-2020-11584 RESERVED CVE-2020-11583 RESERVED CVE-2020-11582 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11581 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11579 RESERVED CVE-2020-11578 RESERVED CVE-2020-11577 RESERVED CVE-2020-11576 (Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumerat ...) NOT-FOR-US: Argo CVE-2020-11575 RESERVED CVE-2020-11574 RESERVED CVE-2020-11573 RESERVED CVE-2020-11572 RESERVED CVE-2020-11571 RESERVED CVE-2020-11570 RESERVED CVE-2020-11569 RESERVED CVE-2020-11568 RESERVED CVE-2020-11567 RESERVED CVE-2020-11566 RESERVED CVE-2020-11565 (An issue was discovered in the Linux kernel through 5.6.2. mpol_parse_ ...) - linux NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd CVE-2020-11564 RESERVED CVE-2020-11563 RESERVED CVE-2020-11562 RESERVED CVE-2020-11561 (In NCH Express Invoice 7.25, an authenticated low-privilege user can e ...) NOT-FOR-US: NCH Express Invoice CVE-2020-11560 (NCH Express Invoice 7.25 allows local users to discover the cleartext ...) NOT-FOR-US: NCH Express Invoice CVE-2020-11559 RESERVED CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...) - gpac NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c NOTE: https://github.com/gpac/gpac/issues/1440 TODO: check CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11555 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11554 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11552 RESERVED CVE-2020-11551 RESERVED CVE-2020-11550 RESERVED CVE-2020-11549 RESERVED CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...) NOT-FOR-US: Search Meter plugin for WordPress CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-11546 RESERVED CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to multiple ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11543 (OpsRamp Gateway 3.0.0 has a backdoor account vadmin with the password ...) NOT-FOR-US: OpsRamp Gateway CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices CVE-2020-11541 RESERVED CVE-2020-11540 RESERVED CVE-2020-11539 RESERVED CVE-2020-11538 RESERVED CVE-2020-11537 RESERVED CVE-2020-11536 RESERVED CVE-2020-11535 RESERVED CVE-2020-11534 RESERVED CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...) NOT-FOR-US: Ivanti Workspace Control CVE-2020-11532 RESERVED CVE-2020-11531 RESERVED CVE-2020-11530 RESERVED CVE-2020-11529 (Common/Grav.php in Grav before 1.6.23 has an Open Redirect. ...) NOT-FOR-US: Grav CMS CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) ...) TODO: check CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...) NOT-FOR-US: Zoho CVE-2020-11526 RESERVED CVE-2020-11525 RESERVED CVE-2020-11524 RESERVED CVE-2020-11523 RESERVED CVE-2020-11522 RESERVED CVE-2020-11521 RESERVED CVE-2020-11520 RESERVED CVE-2020-11519 RESERVED CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticate ...) NOT-FOR-US: Zoho CVE-2020-11517 RESERVED CVE-2020-11516 (Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for W ...) NOT-FOR-US: Contact Form 7 Datepicker plugin for WordPress CVE-2020-11515 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) NOT-FOR-US: Rank Math plugin for WordPress CVE-2020-11514 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) NOT-FOR-US: Rank Math plugin for WordPress CVE-2020-11513 RESERVED CVE-2020-11512 (Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 ...) NOT-FOR-US: IMPress for IDX Broker WordPress plugin CVE-2020-11511 RESERVED CVE-2020-11510 RESERVED CVE-2020-11509 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) NOT-FOR-US: WP Lead Plus X plugin for WordPress CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) NOT-FOR-US: WP Lead Plus X plugin for WordPress CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0. ...) NOT-FOR-US: Malwarebytes AdwCleaner CVE-2020-11506 RESERVED CVE-2020-11505 RESERVED CVE-2020-11504 RESERVED CVE-2020-11503 RESERVED CVE-2020-11502 RESERVED CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...) NOT-FOR-US: Zoom CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when upd ...) NOT-FOR-US: Firmware Analysis and Comparison Tool CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...) NOT-FOR-US: Slack Nebula CVE-2020-11497 RESERVED CVE-2020-11496 RESERVED CVE-2020-11495 RESERVED CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...) - linux NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ CVE-2020-11493 RESERVED CVE-2020-11492 RESERVED CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11489 RESERVED CVE-2020-11488 RESERVED CVE-2020-11487 RESERVED CVE-2020-11486 RESERVED CVE-2020-11485 RESERVED CVE-2020-11484 RESERVED CVE-2020-11483 RESERVED CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...) {DSA-4652-1} - gnutls28 3.6.13-2 (bug #955556) [stretch] - gnutls28 (Vulnerable code introduced later) [jessie] - gnutls28 (Vulnerable code introduced later) NOTE: https://gitlab.com/gnutls/gnutls/-/issues/960 NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/c01011c2d8533dbbbe754e49e256c109cb848d0d (3.6.13) NOTE: Broken-by: https://gitlab.com/gnutls/gnutls/-/commit/bcf4de0371efbdf0846388e2df0cb14b5db09954 (gnutls_3_6_3) CVE-2020-11482 RESERVED CVE-2020-11481 RESERVED CVE-2020-11480 RESERVED CVE-2020-11479 RESERVED CVE-2020-11478 RESERVED CVE-2020-11477 RESERVED CVE-2020-11476 RESERVED CVE-2020-11475 RESERVED CVE-2020-11474 RESERVED CVE-2020-11473 RESERVED CVE-2020-11472 RESERVED CVE-2020-11471 RESERVED CVE-2020-11470 (Zoom Client for Meetings through 4.6.8 on macOS has the disable-librar ...) NOT-FOR-US: Zoom CVE-2020-11469 (Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to ...) NOT-FOR-US: Zoom CVE-2020-11468 RESERVED CVE-2020-11467 (An issue was discovered in Deskpro before 2019.8.0. This product enabl ...) NOT-FOR-US: Deskpro CVE-2020-11466 (An issue was discovered in Deskpro before 2019.8.0. The /api/tickets e ...) NOT-FOR-US: Deskpro CVE-2020-11465 (An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* en ...) NOT-FOR-US: Deskpro CVE-2020-11464 (An issue was discovered in Deskpro before 2019.8.0. The /api/people en ...) NOT-FOR-US: Deskpro CVE-2020-11463 (An issue was discovered in Deskpro before 2019.8.0. The /api/email_acc ...) NOT-FOR-US: Deskpro CVE-2020-11462 RESERVED CVE-2020-11461 RESERVED CVE-2020-11460 RESERVED CVE-2020-11459 RESERVED CVE-2020-11458 (app/Model/feed.php in MISP before 2.4.124 allows administrators to cho ...) NOT-FOR-US: MISP CVE-2020-11457 (pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php ...) NOT-FOR-US: pfSense CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored XSS in application/views/ad ...) - limesurvey (bug #472802) CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal vulnerabilit ...) - limesurvey (bug #472802) CVE-2020-11454 (Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Contain ...) NOT-FOR-US: Microstrategy Web CVE-2020-11453 (Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in ...) NOT-FOR-US: Microstrategy Web CVE-2020-11452 (Microstrategy Web 10.4 includes functionality to allow users to import ...) NOT-FOR-US: Microstrategy Web CVE-2020-11451 (The Upload Visualization plugin in the Microstrategy Web 10.4 admin pa ...) NOT-FOR-US: Microstrategy Web CVE-2020-11450 (Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture ...) NOT-FOR-US: Microstrategy Web CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices. An atta ...) NOT-FOR-US: Technicolor devices CVE-2020-11448 RESERVED CVE-2020-11447 RESERVED CVE-2020-11446 RESERVED CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote attackers to byp ...) NOT-FOR-US: TP-Link CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has I ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-11443 RESERVED CVE-2020-11442 RESERVED CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated ...) - phpmyadmin [jessie] - phpmyadmin (The pma_error display code does not exist in this version) NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056 CVE-2020-11440 RESERVED CVE-2020-11439 RESERVED CVE-2020-11438 RESERVED CVE-2020-11437 RESERVED CVE-2020-11436 RESERVED CVE-2020-11435 RESERVED CVE-2020-11434 RESERVED CVE-2020-11433 RESERVED CVE-2020-11432 RESERVED CVE-2020-11431 RESERVED CVE-2020-11430 RESERVED CVE-2020-11429 RESERVED CVE-2020-11428 RESERVED CVE-2020-11427 RESERVED CVE-2020-11426 RESERVED CVE-2020-11425 RESERVED CVE-2020-11424 RESERVED CVE-2020-11423 RESERVED CVE-2020-11422 RESERVED CVE-2020-11421 RESERVED CVE-2020-11420 RESERVED CVE-2020-11419 RESERVED CVE-2020-11418 RESERVED CVE-2020-11417 RESERVED CVE-2020-11416 RESERVED CVE-2020-11415 RESERVED CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...) NOT-FOR-US: Progress Telerik UI CVE-2020-11413 RESERVED CVE-2020-11412 RESERVED CVE-2020-11411 RESERVED CVE-2020-11410 RESERVED CVE-2020-11409 RESERVED CVE-2020-11408 RESERVED CVE-2020-11407 RESERVED CVE-2020-11406 RESERVED CVE-2020-11405 RESERVED CVE-2020-11404 RESERVED CVE-2020-11403 RESERVED CVE-2020-11402 RESERVED CVE-2020-11401 RESERVED CVE-2020-11400 RESERVED CVE-2020-11399 RESERVED CVE-2020-11398 RESERVED CVE-2020-11397 RESERVED CVE-2020-11396 RESERVED CVE-2020-11395 RESERVED CVE-2020-11394 RESERVED CVE-2020-11393 RESERVED CVE-2020-11392 RESERVED CVE-2020-11391 RESERVED CVE-2020-11390 RESERVED CVE-2020-11389 RESERVED CVE-2020-11388 RESERVED CVE-2020-11387 RESERVED CVE-2020-11386 RESERVED CVE-2020-11385 RESERVED CVE-2020-11384 RESERVED CVE-2020-11383 RESERVED CVE-2020-11382 RESERVED CVE-2020-11381 RESERVED CVE-2020-11380 RESERVED CVE-2020-11379 RESERVED CVE-2020-11378 RESERVED CVE-2020-11377 RESERVED CVE-2020-11376 RESERVED CVE-2020-11375 RESERVED CVE-2020-11374 RESERVED CVE-2020-11373 RESERVED CVE-2020-11372 RESERVED CVE-2020-11371 RESERVED CVE-2020-11370 RESERVED CVE-2020-11369 RESERVED CVE-2020-11368 RESERVED CVE-2020-11367 RESERVED CVE-2020-11366 RESERVED CVE-2020-11365 RESERVED CVE-2020-11364 RESERVED CVE-2020-11363 RESERVED CVE-2020-11362 RESERVED CVE-2020-11361 RESERVED CVE-2020-11360 RESERVED CVE-2020-11359 RESERVED CVE-2020-11358 RESERVED CVE-2020-11357 RESERVED CVE-2020-11356 RESERVED CVE-2020-11355 RESERVED CVE-2020-11354 RESERVED CVE-2020-11353 RESERVED CVE-2020-11352 RESERVED CVE-2020-11351 RESERVED CVE-2020-11350 RESERVED CVE-2020-11349 RESERVED CVE-2020-11348 RESERVED CVE-2020-11347 RESERVED CVE-2020-11346 RESERVED CVE-2020-11345 RESERVED CVE-2020-11344 RESERVED CVE-2020-11343 RESERVED CVE-2020-11342 RESERVED CVE-2020-11341 RESERVED CVE-2020-11340 RESERVED CVE-2020-11339 RESERVED CVE-2020-11338 RESERVED CVE-2020-11337 RESERVED CVE-2020-11336 RESERVED CVE-2020-11335 RESERVED CVE-2020-11334 RESERVED CVE-2020-11333 RESERVED CVE-2020-11332 RESERVED CVE-2020-11331 RESERVED CVE-2020-11330 RESERVED CVE-2020-11329 RESERVED CVE-2020-11328 RESERVED CVE-2020-11327 RESERVED CVE-2020-11326 RESERVED CVE-2020-11325 RESERVED CVE-2020-11324 RESERVED CVE-2020-11323 RESERVED CVE-2020-11322 RESERVED CVE-2020-11321 RESERVED CVE-2020-11320 RESERVED CVE-2020-11319 RESERVED CVE-2020-11318 RESERVED CVE-2020-11317 RESERVED CVE-2020-11316 RESERVED CVE-2020-11315 RESERVED CVE-2020-11314 RESERVED CVE-2020-11313 RESERVED CVE-2020-11312 RESERVED CVE-2020-11311 RESERVED CVE-2020-11310 RESERVED CVE-2020-11309 RESERVED CVE-2020-11308 RESERVED CVE-2020-11307 RESERVED CVE-2020-11306 RESERVED CVE-2020-11305 RESERVED CVE-2020-11304 RESERVED CVE-2020-11303 RESERVED CVE-2020-11302 RESERVED CVE-2020-11301 RESERVED CVE-2020-11300 RESERVED CVE-2020-11299 RESERVED CVE-2020-11298 RESERVED CVE-2020-11297 RESERVED CVE-2020-11296 RESERVED CVE-2020-11295 RESERVED CVE-2020-11294 RESERVED CVE-2020-11293 RESERVED CVE-2020-11292 RESERVED CVE-2020-11291 RESERVED CVE-2020-11290 RESERVED CVE-2020-11289 RESERVED CVE-2020-11288 RESERVED CVE-2020-11287 RESERVED CVE-2020-11286 RESERVED CVE-2020-11285 RESERVED CVE-2020-11284 RESERVED CVE-2020-11283 RESERVED CVE-2020-11282 RESERVED CVE-2020-11281 RESERVED CVE-2020-11280 RESERVED CVE-2020-11279 RESERVED CVE-2020-11278 RESERVED CVE-2020-11277 RESERVED CVE-2020-11276 RESERVED CVE-2020-11275 RESERVED CVE-2020-11274 RESERVED CVE-2020-11273 RESERVED CVE-2020-11272 RESERVED CVE-2020-11271 RESERVED CVE-2020-11270 RESERVED CVE-2020-11269 RESERVED CVE-2020-11268 RESERVED CVE-2020-11267 RESERVED CVE-2020-11266 RESERVED CVE-2020-11265 RESERVED CVE-2020-11264 RESERVED CVE-2020-11263 RESERVED CVE-2020-11262 RESERVED CVE-2020-11261 RESERVED CVE-2020-11260 RESERVED CVE-2020-11259 RESERVED CVE-2020-11258 RESERVED CVE-2020-11257 RESERVED CVE-2020-11256 RESERVED CVE-2020-11255 RESERVED CVE-2020-11254 RESERVED CVE-2020-11253 RESERVED CVE-2020-11252 RESERVED CVE-2020-11251 RESERVED CVE-2020-11250 RESERVED CVE-2020-11249 RESERVED CVE-2020-11248 RESERVED CVE-2020-11247 RESERVED CVE-2020-11246 RESERVED CVE-2020-11245 RESERVED CVE-2020-11244 RESERVED CVE-2020-11243 RESERVED CVE-2020-11242 RESERVED CVE-2020-11241 RESERVED CVE-2020-11240 RESERVED CVE-2020-11239 RESERVED CVE-2020-11238 RESERVED CVE-2020-11237 RESERVED CVE-2020-11236 RESERVED CVE-2020-11235 RESERVED CVE-2020-11234 RESERVED CVE-2020-11233 RESERVED CVE-2020-11232 RESERVED CVE-2020-11231 RESERVED CVE-2020-11230 RESERVED CVE-2020-11229 RESERVED CVE-2020-11228 RESERVED CVE-2020-11227 RESERVED CVE-2020-11226 RESERVED CVE-2020-11225 RESERVED CVE-2020-11224 RESERVED CVE-2020-11223 RESERVED CVE-2020-11222 RESERVED CVE-2020-11221 RESERVED CVE-2020-11220 RESERVED CVE-2020-11219 RESERVED CVE-2020-11218 RESERVED CVE-2020-11217 RESERVED CVE-2020-11216 RESERVED CVE-2020-11215 RESERVED CVE-2020-11214 RESERVED CVE-2020-11213 RESERVED CVE-2020-11212 RESERVED CVE-2020-11211 RESERVED CVE-2020-11210 RESERVED CVE-2020-11209 RESERVED CVE-2020-11208 RESERVED CVE-2020-11207 RESERVED CVE-2020-11206 RESERVED CVE-2020-11205 RESERVED CVE-2020-11204 RESERVED CVE-2020-11203 RESERVED CVE-2020-11202 RESERVED CVE-2020-11201 RESERVED CVE-2020-11200 RESERVED CVE-2020-11199 RESERVED CVE-2020-11198 RESERVED CVE-2020-11197 RESERVED CVE-2020-11196 RESERVED CVE-2020-11195 RESERVED CVE-2020-11194 RESERVED CVE-2020-11193 RESERVED CVE-2020-11192 RESERVED CVE-2020-11191 RESERVED CVE-2020-11190 RESERVED CVE-2020-11189 RESERVED CVE-2020-11188 RESERVED CVE-2020-11187 RESERVED CVE-2020-11186 RESERVED CVE-2020-11185 RESERVED CVE-2020-11184 RESERVED CVE-2020-11183 RESERVED CVE-2020-11182 RESERVED CVE-2020-11181 RESERVED CVE-2020-11180 RESERVED CVE-2020-11179 RESERVED CVE-2020-11178 RESERVED CVE-2020-11177 RESERVED CVE-2020-11176 RESERVED CVE-2020-11175 RESERVED CVE-2020-11174 RESERVED CVE-2020-11173 RESERVED CVE-2020-11172 RESERVED CVE-2020-11171 RESERVED CVE-2020-11170 RESERVED CVE-2020-11169 RESERVED CVE-2020-11168 RESERVED CVE-2020-11167 RESERVED CVE-2020-11166 RESERVED CVE-2020-11165 RESERVED CVE-2020-11164 RESERVED CVE-2020-11163 RESERVED CVE-2020-11162 RESERVED CVE-2020-11161 RESERVED CVE-2020-11160 RESERVED CVE-2020-11159 RESERVED CVE-2020-11158 RESERVED CVE-2020-11157 RESERVED CVE-2020-11156 RESERVED CVE-2020-11155 RESERVED CVE-2020-11154 RESERVED CVE-2020-11153 RESERVED CVE-2020-11152 RESERVED CVE-2020-11151 RESERVED CVE-2020-11150 RESERVED CVE-2020-11149 RESERVED CVE-2020-11148 RESERVED CVE-2020-11147 RESERVED CVE-2020-11146 RESERVED CVE-2020-11145 RESERVED CVE-2020-11144 RESERVED CVE-2020-11143 RESERVED CVE-2020-11142 RESERVED CVE-2020-11141 RESERVED CVE-2020-11140 RESERVED CVE-2020-11139 RESERVED CVE-2020-11138 RESERVED CVE-2020-11137 RESERVED CVE-2020-11136 RESERVED CVE-2020-11135 RESERVED CVE-2020-11134 RESERVED CVE-2020-11133 RESERVED CVE-2020-11132 RESERVED CVE-2020-11131 RESERVED CVE-2020-11130 RESERVED CVE-2020-11129 RESERVED CVE-2020-11128 RESERVED CVE-2020-11127 RESERVED CVE-2020-11126 RESERVED CVE-2020-11125 RESERVED CVE-2020-11124 RESERVED CVE-2020-11123 RESERVED CVE-2020-11122 RESERVED CVE-2020-11121 RESERVED CVE-2020-11120 RESERVED CVE-2020-11119 RESERVED CVE-2020-11118 RESERVED CVE-2020-11117 RESERVED CVE-2020-11116 RESERVED CVE-2020-11115 RESERVED CVE-2020-11114 RESERVED CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...) - bubblewrap 0.4.1-1 (low; bug #955441) [buster] - bubblewrap (Introduced in 0.4.0) [stretch] - bubblewrap (Introduced in 0.4.0) NOTE: https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj NOTE: https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240 CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2670 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2666 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2664 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11110 RESERVED CVE-2020-11109 RESERVED CVE-2020-11108 RESERVED CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , ...) NOT-FOR-US: XAMPP CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) NOT-FOR-US: Responsive Filemanager CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It employs c ...) NOT-FOR-US: USC iLab cereal CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...) NOT-FOR-US: USC iLab cereal CVE-2020-11103 RESERVED CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ...) - qemu (bug #956145) [buster] - qemu (Vulnerable code/Tulip NIC emulator added later) [stretch] - qemu (Vulnerable code/Tulip NIC emulator added later) [jessie] - qemu (Vulnerable code/Tulip NIC emulator added later) - qemu-kvm (Vulnerable code/Tulip NIC emulator added later) NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 (v5.0.0-rc1) CVE-2020-11101 RESERVED CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...) {DSA-4649-1} - haproxy 2.0.13-2 [stretch] - haproxy (Vulnerable code introduced in 1.8) [jessie] - haproxy (Vulnerable code introduced in 1.8) NOTE: https://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=f17f86304f187b0f10ca6a8d46346afd9851a543 CVE-2020-11099 RESERVED CVE-2020-11098 RESERVED CVE-2020-11097 RESERVED CVE-2020-11096 RESERVED CVE-2020-11095 RESERVED CVE-2020-11094 RESERVED CVE-2020-11093 RESERVED CVE-2020-11092 RESERVED CVE-2020-11091 RESERVED CVE-2020-11090 RESERVED CVE-2020-11089 RESERVED CVE-2020-11088 RESERVED CVE-2020-11087 RESERVED CVE-2020-11086 RESERVED CVE-2020-11085 RESERVED CVE-2020-11084 RESERVED CVE-2020-11083 RESERVED CVE-2020-11082 RESERVED CVE-2020-11081 RESERVED CVE-2020-11080 RESERVED CVE-2020-11079 RESERVED CVE-2020-11078 RESERVED CVE-2020-11077 RESERVED CVE-2020-11076 RESERVED CVE-2020-11075 RESERVED CVE-2020-11074 RESERVED CVE-2020-11073 RESERVED CVE-2020-11072 RESERVED CVE-2020-11071 RESERVED CVE-2020-11070 RESERVED CVE-2020-11069 RESERVED CVE-2020-11068 RESERVED CVE-2020-11067 RESERVED CVE-2020-11066 RESERVED CVE-2020-11065 RESERVED CVE-2020-11064 RESERVED CVE-2020-11063 RESERVED CVE-2020-11062 RESERVED CVE-2020-11061 RESERVED CVE-2020-11060 RESERVED CVE-2020-11059 RESERVED CVE-2020-11058 RESERVED CVE-2020-11057 RESERVED CVE-2020-11056 RESERVED CVE-2020-11055 RESERVED CVE-2020-11054 RESERVED CVE-2020-11053 RESERVED CVE-2020-11052 RESERVED CVE-2020-11051 RESERVED CVE-2020-11050 RESERVED CVE-2020-11049 RESERVED CVE-2020-11048 RESERVED CVE-2020-11047 RESERVED CVE-2020-11046 RESERVED CVE-2020-11045 RESERVED CVE-2020-11044 RESERVED CVE-2020-11043 RESERVED CVE-2020-11042 RESERVED CVE-2020-11041 RESERVED CVE-2020-11040 RESERVED CVE-2020-11039 RESERVED CVE-2020-11038 RESERVED CVE-2020-11037 RESERVED CVE-2020-11036 RESERVED CVE-2020-11035 RESERVED CVE-2020-11034 RESERVED CVE-2020-11033 RESERVED CVE-2020-11032 RESERVED CVE-2020-11031 RESERVED CVE-2020-11030 RESERVED CVE-2020-11029 RESERVED CVE-2020-11028 RESERVED CVE-2020-11027 RESERVED CVE-2020-11026 RESERVED CVE-2020-11025 RESERVED CVE-2020-11024 RESERVED CVE-2020-11023 RESERVED CVE-2020-11022 RESERVED CVE-2020-11021 RESERVED CVE-2020-11020 RESERVED CVE-2020-11019 RESERVED CVE-2020-11018 RESERVED CVE-2020-11017 RESERVED CVE-2020-11016 RESERVED CVE-2020-11015 RESERVED CVE-2020-11014 RESERVED CVE-2020-11013 RESERVED CVE-2020-11012 RESERVED CVE-2020-11011 RESERVED CVE-2020-11010 RESERVED CVE-2020-11009 RESERVED CVE-2020-11008 RESERVED CVE-2020-11007 RESERVED CVE-2020-11006 RESERVED CVE-2020-11005 RESERVED CVE-2020-11004 RESERVED CVE-2020-11003 RESERVED CVE-2020-11002 RESERVED CVE-2020-11001 RESERVED CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps that re ...) NOT-FOR-US: GreenBrowser CVE-2020-10999 RESERVED CVE-2020-10998 RESERVED CVE-2020-10997 RESERVED CVE-2020-10996 RESERVED CVE-2020-10995 RESERVED CVE-2020-10994 RESERVED CVE-2020-10993 (Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader. ...) NOT-FOR-US: Osmand CVE-2020-10992 (Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorMa ...) NOT-FOR-US: Azkaban CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXml ...) NOT-FOR-US: Mulesoft APIkit CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28 because of the ...) NOT-FOR-US: Accenture Mercury CVE-2020-10989 RESERVED CVE-2020-10988 RESERVED CVE-2020-10987 RESERVED CVE-2020-10986 RESERVED CVE-2020-10985 RESERVED CVE-2020-10984 RESERVED CVE-2020-10983 RESERVED CVE-2020-10982 RESERVED CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10980 (GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogB ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10979 (GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pip ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10978 (GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10977 (GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when mov ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10976 (GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when qu ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerab ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10974 RESERVED CVE-2020-10973 RESERVED CVE-2020-10972 RESERVED CVE-2020-10971 RESERVED CVE-2020-10970 RESERVED CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2642 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2662 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10967 RESERVED CVE-2020-XXXX [RUSTSEC-2020-0006: bumpalo: Flaw in `realloc` allows reading unknown memory] - rust-bumpalo 3.2.1-1 (bug #955151) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0006.html NOTE: https://github.com/fitzgen/bumpalo/issues/69 CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...) NOT-FOR-US: VESTA Control Panel CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...) NOT-FOR-US: Teradici PCoIP Management Console CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...) - serendipity CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...) NOT-FOR-US: FrozenNode Laravel-Administrator CVE-2020-10962 RESERVED CVE-2020-10961 RESERVED CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading Style Shee ...) {DSA-4651-1} - mediawiki 1:1.31.7-1 [stretch] - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T246602 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html CVE-2020-10959 [mediawiki: User content can redirect the logout button to different URL] RESERVED - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T232932 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html CVE-2020-10958 RESERVED CVE-2020-10957 RESERVED CVE-2020-10956 (GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a proje ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10955 (GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10954 (GitLab through 12.9 is affected by a potential DoS in repository archi ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10953 (In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a pat ...) - gitlab (Only affects GitLab EE 11.7 and later) NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10952 (GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push doc ...) [experimental] - gitlab 12.8.8-1 - gitlab NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10951 RESERVED CVE-2020-10950 RESERVED CVE-2020-10949 RESERVED CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) ...) NOT-FOR-US: Jon Hedley AlienForm2 CVE-2020-10947 RESERVED CVE-2020-10946 RESERVED CVE-2020-10945 RESERVED CVE-2020-10944 RESERVED CVE-2020-10943 RESERVED CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...) - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4) CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive inform ...) - mbedtls 2.16.5-1 NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 CVE-2020-10940 (Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER ...) NOT-FOR-US: PHOENIX CONTACT CVE-2020-10939 (Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT thro ...) NOT-FOR-US: PHOENIX CONTACT CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resultant hea ...) - graphicsmagick 1.4+really1.3.34-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce CVE-2020-10937 RESERVED CVE-2020-10936 RESERVED CVE-2020-10935 RESERVED CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. ...) NOT-FOR-US: Acyba AcyMailing CVE-2020-10933 RESERVED CVE-2020-10932 RESERVED CVE-2020-10930 RESERVED CVE-2020-10929 RESERVED CVE-2020-10928 RESERVED CVE-2020-10927 RESERVED CVE-2020-10926 RESERVED CVE-2020-10925 RESERVED CVE-2020-10924 RESERVED CVE-2020-10923 RESERVED CVE-2020-10922 RESERVED CVE-2020-10921 RESERVED CVE-2020-10920 RESERVED CVE-2020-10919 RESERVED CVE-2020-10918 RESERVED CVE-2020-10917 RESERVED CVE-2020-10916 RESERVED CVE-2020-10915 RESERVED CVE-2020-10914 RESERVED CVE-2020-10913 RESERVED CVE-2020-10912 RESERVED CVE-2020-10911 RESERVED CVE-2020-10910 RESERVED CVE-2020-10909 RESERVED CVE-2020-10908 RESERVED CVE-2020-10907 RESERVED CVE-2020-10906 RESERVED CVE-2020-10905 RESERVED CVE-2020-10904 RESERVED CVE-2020-10903 RESERVED CVE-2020-10902 RESERVED CVE-2020-10901 RESERVED CVE-2020-10900 RESERVED CVE-2020-10899 RESERVED CVE-2020-10898 RESERVED CVE-2020-10897 RESERVED CVE-2020-10896 RESERVED CVE-2020-10895 RESERVED CVE-2020-10894 RESERVED CVE-2020-10893 RESERVED CVE-2020-10892 RESERVED CVE-2020-10891 RESERVED CVE-2020-10890 RESERVED CVE-2020-10889 RESERVED CVE-2020-10888 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: TP-Link CVE-2020-10887 (This vulnerability allows a firewall bypass on affected installations ...) NOT-FOR-US: TP-Link CVE-2020-10886 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10885 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10884 (This vulnerability allows network-adjacent attackers execute arbitrary ...) NOT-FOR-US: TP-Link CVE-2020-10883 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: TP-Link CVE-2020-10882 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2020-10881 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10880 RESERVED CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...) NOT-FOR-US: rConfig CVE-2020-10878 RESERVED CVE-2020-10877 RESERVED CVE-2020-10876 RESERVED CVE-2020-10875 (Motorola FX9500 devices allow remote attackers to conduct absolute pat ...) NOT-FOR-US: Motorola devices CVE-2020-10874 (Motorola FX9500 devices allow remote attackers to read database files. ...) NOT-FOR-US: Motorola devices CVE-2020-10873 RESERVED CVE-2020-10872 RESERVED CVE-2020-10871 (** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attack ...) NOT-FOR-US: OpenWrt LuCI CVE-2020-10870 (Zim through 0.72.1 creates temporary directories with predictable name ...) - zim (unimportant; bug #954810) NOTE: https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028 NOTE: Negligible security impact CVE-2020-10869 RESERVED CVE-2020-10868 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10867 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10866 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10865 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10864 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10863 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10862 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10861 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An Arbitrary Mem ...) NOT-FOR-US: Avast Antivirus CVE-2020-10859 RESERVED CVE-2020-10858 RESERVED CVE-2020-10857 RESERVED CVE-2020-10856 RESERVED CVE-2020-10931 (Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial ...) - memcached 1.6.2-1 (bug #954808) [buster] - memcached (Introduced in 1.6) [stretch] - memcached (Introduced in 1.6) [jessie] - memcached (Introduced in 1.6) NOTE: https://github.com/memcached/memcached/issues/629 NOTE: https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305 CVE-2020-10855 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10854 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10853 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10852 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10851 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10850 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10849 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10848 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10847 (An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10846 (An issue was discovered on Samsung mobile devices with P(9.x) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10845 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10844 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10843 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10842 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10841 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10840 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10839 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10837 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10835 (An issue was discovered on Samsung mobile devices with any (before Feb ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10834 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10833 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10832 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10831 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10830 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10829 (An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10828 (A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, ...) NOT-FOR-US: Draytek CVE-2020-10827 (A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, ...) NOT-FOR-US: Draytek CVE-2020-10826 (/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B d ...) NOT-FOR-US: Draytek CVE-2020-10825 (A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 de ...) NOT-FOR-US: Draytek CVE-2020-10824 (A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket ...) NOT-FOR-US: Draytek CVE-2020-10823 (A stack-based buffer overflow in /cgi-bin/activate.cgi through var par ...) NOT-FOR-US: Draytek CVE-2020-10822 RESERVED CVE-2020-10821 (Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. ...) NOT-FOR-US: Nagios XI CVE-2020-10820 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) NOT-FOR-US: Nagios XI CVE-2020-10819 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) NOT-FOR-US: Nagios XI CVE-2020-10818 (Artica Proxy 4.26 allows remote command execution for an authenticated ...) NOT-FOR-US: Artica Proxy CVE-2020-10817 (The custom-searchable-data-entry-system (aka Custom Searchable Data En ...) NOT-FOR-US: custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin for WordPress CVE-2020-10816 RESERVED CVE-2020-10815 RESERVED CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...) TODO: check CVE-2020-10813 RESERVED CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) - hdf5 NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4 NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/ TODO: check details CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) - hdf5 NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 NOTE: https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/ TODO: check details CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) - hdf5 NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3 NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/ TODO: check details CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) - hdf5 NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1 NOTE: https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/ TODO: check details CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injectio ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass (for RES ...) NOT-FOR-US: Caldera CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before ...) NOT-FOR-US: eZ Publish Kernel CVE-2020-10805 RESERVED CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954667) [stretch] - phpmyadmin (Minor issue) [jessie] - phpmyadmin (Vulnerable code not present) NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/56b43527196b0349ec2bea8ca711667e5aa75c65 NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/d55abcd5ffa1ea8785f1217f5b7d78a8a54b8542 NOTE: https://www.phpmyadmin.net/security/PMASA-2020-2/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80 CVE-2020-10803 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) {DLA-2154-1} - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954666) [stretch] - phpmyadmin (Minor issue) NOTE: https://www.phpmyadmin.net/security/PMASA-2020-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) {DLA-2154-1} - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954665) [stretch] - phpmyadmin (Minor issue) NOTE: https://www.phpmyadmin.net/security/PMASA-2020-3/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe CVE-2020-10801 RESERVED CVE-2020-10800 (lix through 15.8.7 allows man-in-the-middle attackers to execute arbit ...) NOT-FOR-US: lix node (different from src:lix) CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks via an ...) NOT-FOR-US: svglib CVE-2020-10798 RESERVED CVE-2020-10797 RESERVED CVE-2020-10796 RESERVED CVE-2020-10795 RESERVED CVE-2020-10794 RESERVED CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to ga ...) - codeigniter (bug #471583) CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10791 (app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10790 (openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that allows attack ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a941523 ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10787 RESERVED CVE-2020-10786 RESERVED CVE-2020-10785 RESERVED CVE-2020-10784 RESERVED CVE-2020-10783 RESERVED CVE-2020-10782 RESERVED CVE-2020-10781 RESERVED CVE-2020-10780 RESERVED CVE-2020-10779 RESERVED CVE-2020-10778 RESERVED CVE-2020-10777 RESERVED CVE-2020-10776 RESERVED CVE-2020-10775 RESERVED CVE-2020-10774 RESERVED CVE-2020-10773 RESERVED CVE-2020-10772 RESERVED CVE-2020-10771 RESERVED CVE-2020-10770 RESERVED CVE-2020-10769 RESERVED CVE-2020-10768 RESERVED CVE-2020-10767 RESERVED CVE-2020-10766 RESERVED CVE-2020-10765 RESERVED CVE-2020-10764 RESERVED CVE-2020-10763 RESERVED CVE-2020-10762 RESERVED CVE-2020-10761 RESERVED CVE-2020-10760 RESERVED CVE-2020-10759 RESERVED CVE-2020-10758 RESERVED CVE-2020-10757 RESERVED CVE-2020-10756 RESERVED CVE-2020-10755 RESERVED CVE-2020-10754 RESERVED CVE-2020-10753 RESERVED CVE-2020-10752 RESERVED CVE-2020-10751 RESERVED CVE-2020-10750 RESERVED CVE-2020-10749 RESERVED CVE-2020-10748 RESERVED CVE-2020-10747 RESERVED CVE-2020-10746 RESERVED CVE-2020-10745 RESERVED CVE-2020-10744 RESERVED CVE-2020-10743 RESERVED CVE-2020-10742 RESERVED CVE-2020-10741 RESERVED CVE-2020-10740 RESERVED CVE-2020-10739 RESERVED CVE-2020-10738 RESERVED CVE-2020-10737 RESERVED CVE-2020-10736 RESERVED CVE-2020-10735 RESERVED CVE-2020-10734 RESERVED CVE-2020-10733 RESERVED CVE-2020-10732 RESERVED CVE-2020-10731 RESERVED CVE-2020-10730 RESERVED CVE-2020-10729 RESERVED CVE-2020-10728 RESERVED CVE-2020-10727 RESERVED CVE-2020-10726 RESERVED CVE-2020-10725 RESERVED CVE-2020-10724 RESERVED CVE-2020-10723 RESERVED CVE-2020-10722 RESERVED CVE-2020-10721 RESERVED CVE-2020-10720 RESERVED CVE-2020-10719 RESERVED CVE-2020-10718 RESERVED CVE-2020-10717 RESERVED CVE-2020-10716 RESERVED CVE-2020-10715 RESERVED CVE-2020-10714 RESERVED CVE-2020-10713 RESERVED CVE-2020-10712 RESERVED CVE-2020-10711 RESERVED CVE-2020-10710 RESERVED CVE-2020-10709 RESERVED CVE-2020-10708 RESERVED CVE-2020-10707 [compression/decompression codecs don't enforce limits on buffer allocation sizes] RESERVED - netty 1:4.1.48-1 NOTE: https://github.com/netty/netty/pull/9924 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1816216 TODO: This seem to be a duplicate of CVE-2020-11612, pending request with Red Hat secalert CVE-2020-10706 RESERVED CVE-2020-10705 RESERVED CVE-2020-10704 RESERVED CVE-2020-10703 [Potential denial of service via active pool without target path] RESERVED - libvirt 6.0.0-2 [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725 NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1) CVE-2020-10702 [weak signature generation in Pointer Authentication support for ARM] RESERVED - qemu [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) - qemu-kvm (Vulnerable code introduced later) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0) CVE-2020-10701 [guest agent timeout can be set under read-only mode leading to DoS] RESERVED - libvirt (bug #955841) [buster] - libvirt (Vulnerable code introduced later) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=95f5ac9ae52455e9da47afc95fa31c9456ac27ae (v5.10.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 (v6.2.0-rc1) CVE-2020-10700 RESERVED CVE-2020-10699 RESERVED - targetcli-fb (Vulnerable code introduced later) NOTE: https://github.com/open-iscsi/targetcli-fb/issues/162 NOTE: Introduced in: https://github.com/open-iscsi/targetcli-fb/commit/ad37f94ae72d0e3d5963ce182e2897c84af9c039 (v2.1.50) NOTE: Fixed by: https://github.com/open-iscsi/targetcli-fb/commit/6e4f39357a90a914d11bac21cc2d2b52c07c213d CVE-2020-10698 RESERVED NOT-FOR-US: Ansible Tower CVE-2020-10697 RESERVED NOT-FOR-US: Ansible Tower CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5. ...) - golang-github-containers-buildah NOTE: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed CVE-2020-10695 RESERVED NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container CVE-2020-10694 RESERVED CVE-2020-10693 RESERVED CVE-2020-10692 RESERVED CVE-2020-10691 RESERVED - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817161 TODO: check upstream details CVE-2020-10690 RESERVED CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where it did ...) NOT-FOR-US: Eclipse Che CVE-2020-10688 RESERVED - resteasy - resteasy3.0 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974 NOTE: https://github.com/quarkusio/quarkus/issues/7248 NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted) TODO: check details, not much information provided by Red Hat. CVE-2020-10687 RESERVED CVE-2020-10686 RESERVED CVE-2020-10685 [modules which use files encrypted with vault are not properly cleaned up] RESERVED - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627 CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519 CVE-2020-10683 RESERVED CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...) NOT-FOR-US: CMS Made Simple CVE-2020-10681 (The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd fi ...) NOT-FOR-US: CMS Made Simple CVE-2020-10680 RESERVED CVE-2020-10679 RESERVED CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-premises A ...) NOT-FOR-US: Octopus Deploy CVE-2020-10677 RESERVED CVE-2020-10676 RESERVED CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows attacker ...) - golang-github-buger-jsonparser 0.0~git20200322.0.f7e751e-1 (bug #954373) NOTE: https://github.com/buger/jsonparser/issues/188 NOTE: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717 CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2153-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2660 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2153-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2659 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missi ...) NOT-FOR-US: Canon CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10669 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10666 RESERVED CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...) - libperlspeak-perl (bug #954238) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173 CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-10664 RESERVED CVE-2020-10663 RESERVED CVE-2020-10662 RESERVED CVE-2020-10661 (HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may ...) NOT-FOR-US: HashiCorp Vault CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, ...) NOT-FOR-US: HashiCorp Vault CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...) NOT-FOR-US: Entrust Entelligence Security Provider (ESP) CVE-2020-10658 RESERVED CVE-2020-10657 RESERVED CVE-2020-10656 RESERVED CVE-2020-10655 RESERVED CVE-2020-10654 RESERVED CVE-2020-10653 RESERVED CVE-2020-10652 RESERVED CVE-2020-10651 RESERVED CVE-2020-10650 RESERVED CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 ...) NOT-FOR-US: ASUS Device Activation CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...) - u-boot [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5 NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/ CVE-2020-10647 RESERVED CVE-2020-10646 RESERVED CVE-2020-10645 RESERVED CVE-2020-10644 RESERVED CVE-2020-10643 RESERVED CVE-2020-10642 RESERVED CVE-2020-10641 RESERVED CVE-2020-10640 RESERVED CVE-2020-10639 RESERVED CVE-2020-10638 RESERVED CVE-2020-10637 RESERVED CVE-2020-10636 RESERVED CVE-2020-10635 RESERVED CVE-2020-10634 RESERVED CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...) NOT-FOR-US: eWON Flexy and Cosy CVE-2020-10632 RESERVED CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10630 RESERVED CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10628 RESERVED CVE-2020-10627 RESERVED CVE-2020-10626 RESERVED CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10624 RESERVED CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10622 RESERVED CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10620 RESERVED CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10618 RESERVED CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10616 RESERVED CVE-2020-10615 RESERVED CVE-2020-10614 RESERVED CVE-2020-10613 RESERVED CVE-2020-10612 RESERVED CVE-2020-10611 RESERVED CVE-2020-10610 RESERVED CVE-2020-10609 RESERVED CVE-2020-10608 RESERVED CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer ...) NOT-FOR-US: Advantech WebAccess CVE-2020-10606 RESERVED CVE-2020-10605 RESERVED CVE-2020-10604 RESERVED CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10602 RESERVED CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-10600 RESERVED CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES ...) NOT-FOR-US: Pyxis CVE-2020-10597 (The affected insulin pump is designed to communicate using a wireless ...) NOT-FOR-US: Insulet CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...) NOT-FOR-US: OpenCart CVE-2020-10595 (pam-krb5 before 4.9 has a buffer overflow that might cause remote code ...) {DSA-4648-1 DLA-2166-1} - libpam-krb5 4.9-1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/31/1 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...) NOT-FOR-US: drf-jwt CVE-2020-10593 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) - tor 0.4.2.7-1 [buster] - tor (Only affects tor 0.4.0.1-alpha onwards) [stretch] - tor (Only affects tor 0.4.0.1-alpha onwards) [jessie] - tor (Only affects tor 0.4.0.1-alpha onwards) NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 NOTE: https://bugs.torproject.org/33619 CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) {DSA-4644-1} - tor 0.4.2.7-1 [stretch] - tor (See DSA 4644) [jessie] - tor (Not supported in jessie LTS) NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 NOTE: https://bugs.torproject.org/33120 CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...) NOT-FOR-US: Walmart Labs Concord CVE-2020-10590 RESERVED CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) NOT-FOR-US: v2rayL CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) NOT-FOR-US: v2rayL CVE-2020-10587 (antiX and MX Linux allow local users to achieve root access via "persi ...) NOT-FOR-US: antiX and MX Linux CVE-2020-10586 RESERVED CVE-2020-10585 RESERVED CVE-2020-10584 RESERVED CVE-2020-10583 RESERVED CVE-2020-10582 RESERVED CVE-2020-10581 RESERVED CVE-2020-10580 RESERVED CVE-2020-10579 RESERVED CVE-2020-10578 (An arbitrary file read vulnerability exists in system/controller/backe ...) NOT-FOR-US: QCMS CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has multiple c ...) - janus 0.9.2-1 (bug #954668) NOTE: https://github.com/meetecho/janus-gateway/pull/1990 CVE-2020-10576 (An issue was discovered in Janus through 0.9.1. plugins/janus_voicemai ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1993 CVE-2020-10575 (An issue was discovered in Janus through 0.9.1. plugins/janus_videocal ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1994 CVE-2020-10574 (An issue was discovered in Janus through 0.9.1. janus.c tries to use a ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1989 CVE-2020-10573 (An issue was discovered in Janus through 0.9.1. janus_audiobridge.c ha ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1988 CVE-2020-10572 RESERVED CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython implemen ...) NOT-FOR-US: psd-tools CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is ...) NOT-FOR-US: Telegram for Android CVE-2020-10569 RESERVED CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...) NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress CVE-2020-10567 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) NOT-FOR-US: Responsive Filemanager CVE-2020-10566 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) NOT-FOR-US: FreeBSD CVE-2020-10565 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) NOT-FOR-US: FreeBSD CVE-2020-10564 (An issue was discovered in the File Upload plugin before 4.13.0 for Wo ...) NOT-FOR-US: File Upload plugin for WordPress CVE-2020-10563 (An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.ph ...) NOT-FOR-US: DEVOME GRR CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.p ...) NOT-FOR-US: DEVOME GRR CVE-2020-10561 RESERVED CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN) through 5 ...) NOT-FOR-US: Open Source Social Network (OSSN) CVE-2020-10559 RESERVED CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before ...) NOT-FOR-US: driving interface of Tesla Model 3 vehicles CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...) NOT-FOR-US: AContent CVE-2020-10556 RESERVED CVE-2020-10555 RESERVED CVE-2020-10554 RESERVED CVE-2020-10553 RESERVED CVE-2020-10552 RESERVED CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...) NOT-FOR-US: QQBrowser CVE-2020-10550 RESERVED CVE-2020-10549 RESERVED CVE-2020-10548 RESERVED CVE-2020-10547 RESERVED CVE-2020-10546 RESERVED CVE-2020-10545 RESERVED CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFac ...) NOT-FOR-US: PrimeTek PrimeFaces CVE-2020-10543 RESERVED CVE-2020-10542 RESERVED CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code executi ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...) NOT-FOR-US: Untis WebUntis CVE-2020-10539 RESERVED CVE-2020-10538 RESERVED CVE-2020-10537 RESERVED CVE-2020-10536 RESERVED CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...) NOT-FOR-US: MediaWiki extension CVE-2020-10535 (GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote at ...) - gitlab (Only affects Gitlab 12.8.x) NOTE: https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/ CVE-2020-10533 RESERVED CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allo ...) NOT-FOR-US: AD Helper component in WatchGuard Fireware CVE-2020-10531 (An issue was discovered in International Components for Unicode (ICU) ...) {DSA-4646-1 DLA-2151-1} [experimental] - icu 66.1-2 - icu 63.2-3 (bug #953747) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public) NOTE: Upstream ICU bug: https://unicode-org.atlassian.net/browse/ICU-20958 (private) NOTE: Fixed by: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca NOTE: https://github.com/unicode-org/icu/pull/971 CVE-2020-10530 RESERVED CVE-2020-10529 RESERVED CVE-2020-10528 RESERVED CVE-2020-10527 RESERVED CVE-2020-10526 RESERVED CVE-2020-10525 RESERVED CVE-2020-10524 RESERVED CVE-2020-10523 RESERVED CVE-2020-10522 RESERVED CVE-2020-10521 RESERVED CVE-2020-10520 RESERVED CVE-2020-10519 RESERVED CVE-2020-10518 RESERVED CVE-2020-10517 RESERVED CVE-2020-10516 RESERVED CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...) NOT-FOR-US: STARFACE UCC Client CVE-2020-10514 RESERVED CVE-2020-10513 RESERVED CVE-2020-10512 RESERVED CVE-2020-10511 RESERVED CVE-2020-10510 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10509 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10508 (Sunnet eHRD, a human training and development management system, impro ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10507 RESERVED CVE-2020-10506 RESERVED CVE-2020-10505 RESERVED CVE-2020-10504 (CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10503 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10502 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10501 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10500 (CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10499 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10498 (CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10497 (CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Lan ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10496 (CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10495 (CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10494 (CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10493 (CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10492 (CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Lang ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10491 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10490 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10489 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10488 (CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10487 (CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10486 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10485 (CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10484 (CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10483 (CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 a ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10482 (CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10481 (CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10480 (CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10479 (CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 a ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10478 (CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10477 (Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi- ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10476 (Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10475 (Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Mul ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10474 (Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10473 (Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10472 (Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard M ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10471 (Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10470 (Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10469 (Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10468 (Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10467 (Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10466 (Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10465 (Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10464 (Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10463 (Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10462 (Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-L ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10461 (The way comments in article.php (vulnerable function in include/functi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10460 (admin/include/operations.php (via admin/email-harvester.php) in Chadha ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10459 (Path Traversal in admin/assetmanager/assetmanager.php (vulnerable func ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10458 (Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Sta ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10457 (Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10456 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10455 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10454 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10453 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10452 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10451 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10450 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10449 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10448 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10447 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10446 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10445 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10444 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10443 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10442 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10441 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10440 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10439 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10438 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10437 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10436 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10435 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10434 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10433 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10432 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10431 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10430 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10429 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10428 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10427 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10426 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10425 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10424 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10423 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10422 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10421 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10420 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10419 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10418 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10417 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10416 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10415 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10414 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10413 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10412 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10411 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10410 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10409 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10408 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10407 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10406 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10405 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10404 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10403 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10402 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10401 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10400 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10399 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10398 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10397 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10396 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10395 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10394 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10393 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10392 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10391 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10390 (OS Command Injection in export.php (vulnerable function called from in ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10389 (admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allo ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10388 (The way the Referer header in article.php is handled in Chadha PHPKB S ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10387 (Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10386 (admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Lang ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10385 (A stored cross-site scripting (XSS) vulnerability exists in the WPForm ...) NOT-FOR-US: WPForms Contact Form plugin for WordPress CVE-2020-10384 RESERVED CVE-2020-10383 RESERVED CVE-2020-10382 RESERVED CVE-2020-10381 RESERVED CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...) - rmysql 0.10.20-1 [jessie] - rmysql (Minor issue) NOTE: Fixed by: https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32 NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40 CVE-2020-10379 RESERVED CVE-2020-10378 RESERVED CVE-2020-10377 RESERVED CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...) NOT-FOR-US: Technicolor CVE-2020-10375 RESERVED CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-10373 RESERVED CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...) NOT-FOR-US: Ramp AltitudeCDN Altimeter CVE-2020-10371 RESERVED CVE-2020-10370 RESERVED CVE-2020-10369 RESERVED CVE-2020-10368 RESERVED CVE-2020-10367 RESERVED CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...) NOT-FOR-US: LogicalDoc CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...) NOT-FOR-US: LogicalDoc CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...) NOT-FOR-US: SSH daemon on MikroTik routers CVE-2020-10363 RESERVED CVE-2020-10362 RESERVED CVE-2020-10361 RESERVED CVE-2020-10360 RESERVED CVE-2020-10359 RESERVED CVE-2020-10358 RESERVED CVE-2020-10357 RESERVED CVE-2020-10356 RESERVED CVE-2020-10355 RESERVED CVE-2020-10354 RESERVED CVE-2020-10353 RESERVED CVE-2020-10352 RESERVED CVE-2020-10351 RESERVED CVE-2020-10350 RESERVED CVE-2020-10349 RESERVED CVE-2020-10348 RESERVED CVE-2020-10347 RESERVED CVE-2020-10346 RESERVED CVE-2020-10345 RESERVED CVE-2020-10344 RESERVED CVE-2020-10343 RESERVED CVE-2020-10342 RESERVED CVE-2020-10341 RESERVED CVE-2020-10340 RESERVED CVE-2020-10339 RESERVED CVE-2020-10338 RESERVED CVE-2020-10337 RESERVED CVE-2020-10336 RESERVED CVE-2020-10335 RESERVED CVE-2020-10334 RESERVED CVE-2020-10333 RESERVED CVE-2020-10332 RESERVED CVE-2020-10331 RESERVED CVE-2020-10330 RESERVED CVE-2020-10329 RESERVED CVE-2020-10328 RESERVED CVE-2020-10327 RESERVED CVE-2020-10326 RESERVED CVE-2020-10325 RESERVED CVE-2020-10324 RESERVED CVE-2020-10323 RESERVED CVE-2020-10322 RESERVED CVE-2020-10321 RESERVED CVE-2020-10320 RESERVED CVE-2020-10319 RESERVED CVE-2020-10318 RESERVED CVE-2020-10317 RESERVED CVE-2020-10316 RESERVED CVE-2020-10315 RESERVED CVE-2020-10314 RESERVED CVE-2020-10313 RESERVED CVE-2020-10312 RESERVED CVE-2020-10311 RESERVED CVE-2020-10310 RESERVED CVE-2020-10309 RESERVED CVE-2020-10308 RESERVED CVE-2020-10307 RESERVED CVE-2020-10306 RESERVED CVE-2020-10305 RESERVED CVE-2020-10304 RESERVED CVE-2020-10303 RESERVED CVE-2020-10302 RESERVED CVE-2020-10301 RESERVED CVE-2020-10300 RESERVED CVE-2020-10299 RESERVED CVE-2020-10298 RESERVED CVE-2020-10297 RESERVED CVE-2020-10296 RESERVED CVE-2020-10295 RESERVED CVE-2020-10294 RESERVED CVE-2020-10293 RESERVED CVE-2020-10292 RESERVED CVE-2020-10291 RESERVED CVE-2020-10290 RESERVED CVE-2020-10289 RESERVED CVE-2020-10288 RESERVED CVE-2020-10287 RESERVED CVE-2020-10286 RESERVED CVE-2020-10285 RESERVED CVE-2020-10284 RESERVED CVE-2020-10283 RESERVED CVE-2020-10282 RESERVED CVE-2020-10281 RESERVED CVE-2020-10280 RESERVED CVE-2020-10279 RESERVED CVE-2020-10278 RESERVED CVE-2020-10277 RESERVED CVE-2020-10276 RESERVED CVE-2020-10275 RESERVED CVE-2020-10274 RESERVED CVE-2020-10273 RESERVED CVE-2020-10272 RESERVED CVE-2020-10271 RESERVED CVE-2020-10270 RESERVED CVE-2020-10269 RESERVED CVE-2020-10268 RESERVED CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...) NOT-FOR-US: Universal Robots control box CB CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...) NOT-FOR-US: Universal Robots+ CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, ...) NOT-FOR-US: Universal Robots+ CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards al ...) NOT-FOR-US: CB3 SW CVE-2020-10263 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Atta ...) NOT-FOR-US: XIAOMI CVE-2020-10262 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Att ...) NOT-FOR-US: XIAOMI CVE-2020-10261 RESERVED CVE-2020-10260 RESERVED CVE-2020-10259 RESERVED CVE-2020-10258 RESERVED CVE-2020-10257 (The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks acces ...) NOT-FOR-US: ThemeREX Addons plugin for WordPress CVE-2020-10256 RESERVED CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...) NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips CVE-2020-10254 RESERVED CVE-2020-10253 RESERVED CVE-2020-10252 RESERVED CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...) - imagemagick (bug #953741) [stretch] - imagemagick (Vulnerable code introduced later with HEIC image format support) [jessie] - imagemagick (Vulnerable code introduced later with HEIC image format support) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/868aad754ee599eb7153b84d610f2ecdf7b339f6 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3456724dff047db5adb32f8cf70c903c1b7d16d4 CVE-2020-10250 (BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitra ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10249 (BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10248 (BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwo ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is ...) NOT-FOR-US: MISP CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is ...) NOT-FOR-US: MISP CVE-2020-10245 (CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control run ...) NOT-FOR-US: CODESYS CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...) NOT-FOR-US: JPaseto CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...) NOT-FOR-US: Joomla! CVE-2020-10242 (An issue was discovered in Joomla! before 3.9.16. Inadequate handling ...) NOT-FOR-US: Joomla! CVE-2020-10241 (An issue was discovered in Joomla! before 3.9.16. Missing token checks ...) NOT-FOR-US: Joomla! CVE-2020-10240 (An issue was discovered in Joomla! before 3.9.16. Missing length check ...) NOT-FOR-US: Joomla! CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect Access Con ...) NOT-FOR-US: Joomla! CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various actions in c ...) NOT-FOR-US: Joomla! CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...) NOT-FOR-US: Froxlor CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...) NOT-FOR-US: Froxlor CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...) NOT-FOR-US: Froxlor CVE-2020-10234 RESERVED CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...) - sleuthkit (unimportant) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829 NOTE: Crash in CLI tool, no security impact CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack ...) {DLA-2137-1} - sleuthkit (low; bug #953976) [buster] - sleuthkit (Minor issue) [stretch] - sleuthkit (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836 NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1 CVE-2020-10231 (TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_17 ...) NOT-FOR-US: TP-Link CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-10229 RESERVED CVE-2020-10228 RESERVED CVE-2020-10227 RESERVED CVE-2020-10226 RESERVED CVE-2020-10225 (An unauthenticated file upload vulnerability has been identified in ad ...) NOT-FOR-US: PHPGurukul Job Portal CVE-2020-10224 (An unauthenticated file upload vulnerability has been identified in ad ...) NOT-FOR-US: PHPGurukul Online Book Store CVE-2020-10223 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode ...) NOT-FOR-US: npdf.dll in Nitro Pro CVE-2020-10222 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corrupt ...) NOT-FOR-US: npdf.dll in Nitro Pro CVE-2020-10221 (lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows re ...) NOT-FOR-US: rConfig CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interface is ...) NOT-FOR-US: rConfig CVE-2020-10219 RESERVED CVE-2020-10218 (A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 ...) NOT-FOR-US: Sapplica Sentrifugo CVE-2020-10217 RESERVED CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10215 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10214 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is ...) NOT-FOR-US: D-Link CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...) NOT-FOR-US: Responsive FileManager CVE-2020-10211 RESERVED CVE-2020-10210 RESERVED CVE-2020-10209 RESERVED CVE-2020-10208 RESERVED CVE-2020-10207 RESERVED CVE-2020-10206 RESERVED CVE-2020-10205 RESERVED CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10203 (Sonatype Nexus Repository before 3.21.2 allows XSS. ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10202 RESERVED CVE-2020-10201 RESERVED CVE-2020-10200 RESERVED CVE-2020-10199 (Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10198 RESERVED CVE-2020-10197 RESERVED CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 for Wor ...) NOT-FOR-US: popup-builder plugin for WordPress CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...) NOT-FOR-US: popup-builder plugin for WordPress CVE-2020-10194 (cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8. ...) NOT-FOR-US: Zimbra CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...) NOT-FOR-US: ESET Archive Support Module CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...) NOT-FOR-US: Munkireport CVE-2020-10191 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) NOT-FOR-US: Munkireport CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) NOT-FOR-US: Munkireport CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...) - inetutils (bug #956084) - netkit-telnet 0.17-18woody2 (bug #953477) - netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478) NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html NOTE: https://github.com/marado/netkit-telnet-ssl/issues/5 NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2020-04/msg00010.html CVE-2020-10187 RESERVED CVE-2020-10186 RESERVED CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...) {DLA-2141-1} - yubikey-val NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 CVE-2020-10184 (The verify endpoint in YubiKey Validation Server before 2.40 does not ...) {DLA-2141-1} - yubikey-val NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 CVE-2020-10183 RESERVED CVE-2020-10182 RESERVED CVE-2020-10181 (goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4. ...) NOT-FOR-US: Sumavision Enhanced Multimedia Router CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...) NOT-FOR-US: ESET AV parsing engine CVE-2020-10179 RESERVED CVE-2020-10178 RESERVED CVE-2020-10177 RESERVED CVE-2020-10176 RESERVED CVE-2020-10175 REJECTED CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely ...) - timeshift 20.03+ds-1 (bug #953385) [buster] - timeshift (Will be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2020/03/06/3 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1165802 NOTE: https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462 CVE-2020-10173 (Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Mult ...) NOT-FOR-US: Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices CVE-2020-10172 RESERVED CVE-2020-10171 RESERVED CVE-2020-10170 RESERVED CVE-2020-10169 RESERVED CVE-2020-10168 RESERVED CVE-2020-10167 RESERVED CVE-2020-10166 RESERVED CVE-2020-10165 RESERVED CVE-2020-10164 RESERVED CVE-2020-10163 RESERVED CVE-2020-10162 RESERVED CVE-2020-10161 RESERVED CVE-2020-10160 RESERVED CVE-2020-10159 RESERVED CVE-2020-10158 RESERVED CVE-2020-10157 RESERVED CVE-2020-10156 RESERVED CVE-2020-10155 RESERVED CVE-2020-10154 RESERVED CVE-2020-10153 RESERVED CVE-2020-10152 RESERVED CVE-2020-10151 RESERVED CVE-2020-10150 RESERVED CVE-2020-10149 RESERVED CVE-2020-10148 RESERVED CVE-2020-10147 RESERVED CVE-2020-10146 RESERVED CVE-2020-10145 RESERVED CVE-2020-10144 RESERVED CVE-2020-10143 RESERVED CVE-2020-10142 RESERVED CVE-2020-10141 RESERVED CVE-2020-10140 RESERVED CVE-2020-10139 RESERVED CVE-2020-10138 RESERVED CVE-2020-10137 RESERVED CVE-2020-10136 RESERVED CVE-2020-10135 RESERVED CVE-2020-10134 RESERVED CVE-2020-10133 RESERVED CVE-2020-10132 RESERVED CVE-2020-10131 RESERVED CVE-2020-10130 RESERVED CVE-2020-10129 RESERVED CVE-2020-10128 RESERVED CVE-2020-10127 RESERVED CVE-2020-10126 RESERVED CVE-2020-10125 RESERVED CVE-2020-10124 RESERVED CVE-2020-10123 RESERVED CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to delete arbit ...) NOT-FOR-US: cPanel CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code execution ...) NOT-FOR-US: cPanel CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code executio ...) NOT-FOR-US: cPanel CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote code exe ...) NOT-FOR-US: cPanel CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files via Brandi ...) NOT-FOR-US: cPanel CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in the Mar ...) NOT-FOR-US: cPanel CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended restrictions ...) NOT-FOR-US: cPanel CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code ex ...) NOT-FOR-US: cPanel CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file editor ...) NOT-FOR-US: cPanel CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary character-set sp ...) NOT-FOR-US: cPanel CVE-2020-10112 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poison ...) NOT-FOR-US: Citrix CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent ...) NOT-FOR-US: Citrix CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information ...) NOT-FOR-US: Citrix CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) {DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted (Minor issue) [stretch] - twisted (Minor issue) NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) {DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted (Minor issue) [stretch] - twisted (Minor issue) NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2020-10106 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injec ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2020-10105 (An issue was discovered in Zammad 3.0 through 3.2. It returns source c ...) - zammad (bug #841355) CVE-2020-10104 (An issue was discovered in Zammad 3.0 through 3.2. After authenticatio ...) - zammad (bug #841355) CVE-2020-10103 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10102 (An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password ...) - zammad (bug #841355) CVE-2020-10101 (An issue was discovered in Zammad 3.0 through 3.2. The WebSocket serve ...) - zammad (bug #841355) CVE-2020-10100 (An issue was discovered in Zammad 3.0 through 3.2. It allows for users ...) - zammad (bug #841355) CVE-2020-10099 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10098 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10097 (An issue was discovered in Zammad 3.0 through 3.2. It may respond with ...) - zammad (bug #841355) CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not prevent ...) - zammad (bug #841355) CVE-2020-10095 RESERVED CVE-2020-10094 RESERVED CVE-2020-10093 RESERVED CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...) - gitlab (Only affects Gitlab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...) - gitlab (Only affects Gitlab 12.3.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain con ...) - gitlab (Only affects Gitlab 12.7 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of servi ...) - gitlab (Only affects Gitlab 12.2 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation re ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting v ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error h ...) - gitlab (Only affects Gitlab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10072 RESERVED CVE-2020-10071 RESERVED CVE-2020-10070 RESERVED CVE-2020-10069 RESERVED CVE-2020-10068 RESERVED CVE-2020-10067 RESERVED CVE-2020-10066 RESERVED CVE-2020-10065 RESERVED CVE-2020-10064 RESERVED CVE-2020-10063 RESERVED CVE-2020-10062 RESERVED CVE-2020-10061 RESERVED CVE-2020-10060 RESERVED CVE-2020-10059 RESERVED CVE-2020-10058 RESERVED CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...) NOT-FOR-US: GeniXCMS CVE-2020-10056 RESERVED CVE-2020-10055 RESERVED CVE-2020-10054 RESERVED CVE-2020-10053 RESERVED CVE-2020-10052 RESERVED CVE-2020-10051 RESERVED CVE-2020-10050 RESERVED CVE-2020-10049 RESERVED CVE-2020-10048 RESERVED CVE-2020-10047 RESERVED CVE-2020-10046 RESERVED CVE-2020-10045 RESERVED CVE-2020-10044 RESERVED CVE-2020-10043 RESERVED CVE-2020-10042 RESERVED CVE-2020-10041 RESERVED CVE-2020-10040 RESERVED CVE-2020-10039 RESERVED CVE-2020-10038 RESERVED CVE-2020-10037 RESERVED CVE-2020-10036 RESERVED CVE-2020-10035 RESERVED CVE-2020-10034 RESERVED CVE-2020-10033 RESERVED CVE-2020-10032 RESERVED CVE-2020-10031 RESERVED CVE-2020-10030 RESERVED CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...) - glibc 2.30-1 (bug #953108) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25487 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a CVE-2020-9999 RESERVED CVE-2020-9998 RESERVED CVE-2020-9997 RESERVED CVE-2020-9996 RESERVED CVE-2020-9995 RESERVED CVE-2020-9994 RESERVED CVE-2020-9993 RESERVED CVE-2020-9992 RESERVED CVE-2020-9991 RESERVED CVE-2020-9990 RESERVED CVE-2020-9989 RESERVED CVE-2020-9988 RESERVED CVE-2020-9987 RESERVED CVE-2020-9986 RESERVED CVE-2020-9985 RESERVED CVE-2020-9984 RESERVED CVE-2020-9983 RESERVED CVE-2020-9982 RESERVED CVE-2020-9981 RESERVED CVE-2020-9980 RESERVED CVE-2020-9979 RESERVED CVE-2020-9978 RESERVED CVE-2020-9977 RESERVED CVE-2020-9976 RESERVED CVE-2020-9975 RESERVED CVE-2020-9974 RESERVED CVE-2020-9973 RESERVED CVE-2020-9972 RESERVED CVE-2020-9971 RESERVED CVE-2020-9970 RESERVED CVE-2020-9969 RESERVED CVE-2020-9968 RESERVED CVE-2020-9967 RESERVED CVE-2020-9966 RESERVED CVE-2020-9965 RESERVED CVE-2020-9964 RESERVED CVE-2020-9963 RESERVED CVE-2020-9962 RESERVED CVE-2020-9961 RESERVED CVE-2020-9960 RESERVED CVE-2020-9959 RESERVED CVE-2020-9958 RESERVED CVE-2020-9957 RESERVED CVE-2020-9956 RESERVED CVE-2020-9955 RESERVED CVE-2020-9954 RESERVED CVE-2020-9953 RESERVED CVE-2020-9952 RESERVED CVE-2020-9951 RESERVED CVE-2020-9950 RESERVED CVE-2020-9949 RESERVED CVE-2020-9948 RESERVED CVE-2020-9947 RESERVED CVE-2020-9946 RESERVED CVE-2020-9945 RESERVED CVE-2020-9944 RESERVED CVE-2020-9943 RESERVED CVE-2020-9942 RESERVED CVE-2020-9941 RESERVED CVE-2020-9940 RESERVED CVE-2020-9939 RESERVED CVE-2020-9938 RESERVED CVE-2020-9937 RESERVED CVE-2020-9936 RESERVED CVE-2020-9935 RESERVED CVE-2020-9934 RESERVED CVE-2020-9933 RESERVED CVE-2020-9932 RESERVED CVE-2020-9931 RESERVED CVE-2020-9930 RESERVED CVE-2020-9929 RESERVED CVE-2020-9928 RESERVED CVE-2020-9927 RESERVED CVE-2020-9926 RESERVED CVE-2020-9925 RESERVED CVE-2020-9924 RESERVED CVE-2020-9923 RESERVED CVE-2020-9922 RESERVED CVE-2020-9921 RESERVED CVE-2020-9920 RESERVED CVE-2020-9919 RESERVED CVE-2020-9918 RESERVED CVE-2020-9917 RESERVED CVE-2020-9916 RESERVED CVE-2020-9915 RESERVED CVE-2020-9914 RESERVED CVE-2020-9913 RESERVED CVE-2020-9912 RESERVED CVE-2020-9911 RESERVED CVE-2020-9910 RESERVED CVE-2020-9909 RESERVED CVE-2020-9908 RESERVED CVE-2020-9907 RESERVED CVE-2020-9906 RESERVED CVE-2020-9905 RESERVED CVE-2020-9904 RESERVED CVE-2020-9903 RESERVED CVE-2020-9902 RESERVED CVE-2020-9901 RESERVED CVE-2020-9900 RESERVED CVE-2020-9899 RESERVED CVE-2020-9898 RESERVED CVE-2020-9897 RESERVED CVE-2020-9896 RESERVED CVE-2020-9895 RESERVED CVE-2020-9894 RESERVED CVE-2020-9893 RESERVED CVE-2020-9892 RESERVED CVE-2020-9891 RESERVED CVE-2020-9890 RESERVED CVE-2020-9889 RESERVED CVE-2020-9888 RESERVED CVE-2020-9887 RESERVED CVE-2020-9886 RESERVED CVE-2020-9885 RESERVED CVE-2020-9884 RESERVED CVE-2020-9883 RESERVED CVE-2020-9882 RESERVED CVE-2020-9881 RESERVED CVE-2020-9880 RESERVED CVE-2020-9879 RESERVED CVE-2020-9878 RESERVED CVE-2020-9877 RESERVED CVE-2020-9876 RESERVED CVE-2020-9875 RESERVED CVE-2020-9874 RESERVED CVE-2020-9873 RESERVED CVE-2020-9872 RESERVED CVE-2020-9871 RESERVED CVE-2020-9870 RESERVED CVE-2020-9869 RESERVED CVE-2020-9868 RESERVED CVE-2020-9867 RESERVED CVE-2020-9866 RESERVED CVE-2020-9865 RESERVED CVE-2020-9864 RESERVED CVE-2020-9863 RESERVED CVE-2020-9862 RESERVED CVE-2020-9861 RESERVED CVE-2020-9860 RESERVED CVE-2020-9859 RESERVED CVE-2020-9858 RESERVED CVE-2020-9857 RESERVED CVE-2020-9856 RESERVED CVE-2020-9855 RESERVED CVE-2020-9854 RESERVED CVE-2020-9853 RESERVED CVE-2020-9852 RESERVED CVE-2020-9851 RESERVED CVE-2020-9850 RESERVED CVE-2020-9849 RESERVED CVE-2020-9848 RESERVED CVE-2020-9847 RESERVED CVE-2020-9846 RESERVED CVE-2020-9845 RESERVED CVE-2020-9844 RESERVED CVE-2020-9843 RESERVED CVE-2020-9842 RESERVED CVE-2020-9841 RESERVED CVE-2020-9840 RESERVED CVE-2020-9839 RESERVED CVE-2020-9838 RESERVED CVE-2020-9837 RESERVED CVE-2020-9836 RESERVED CVE-2020-9835 RESERVED CVE-2020-9834 RESERVED CVE-2020-9833 RESERVED CVE-2020-9832 RESERVED CVE-2020-9831 RESERVED CVE-2020-9830 RESERVED CVE-2020-9829 RESERVED CVE-2020-9828 RESERVED CVE-2020-9827 RESERVED CVE-2020-9826 RESERVED CVE-2020-9825 RESERVED CVE-2020-9824 RESERVED CVE-2020-9823 RESERVED CVE-2020-9822 RESERVED CVE-2020-9821 RESERVED CVE-2020-9820 RESERVED CVE-2020-9819 RESERVED CVE-2020-9818 RESERVED CVE-2020-9817 RESERVED CVE-2020-9816 RESERVED CVE-2020-9815 RESERVED CVE-2020-9814 RESERVED CVE-2020-9813 RESERVED CVE-2020-9812 RESERVED CVE-2020-9811 RESERVED CVE-2020-9810 RESERVED CVE-2020-9809 RESERVED CVE-2020-9808 RESERVED CVE-2020-9807 RESERVED CVE-2020-9806 RESERVED CVE-2020-9805 RESERVED CVE-2020-9804 RESERVED CVE-2020-9803 RESERVED CVE-2020-9802 RESERVED CVE-2020-9801 RESERVED CVE-2020-9800 RESERVED CVE-2020-9799 RESERVED CVE-2020-9798 RESERVED CVE-2020-9797 RESERVED CVE-2020-9796 RESERVED CVE-2020-9795 RESERVED CVE-2020-9794 RESERVED CVE-2020-9793 RESERVED CVE-2020-9792 RESERVED CVE-2020-9791 RESERVED CVE-2020-9790 RESERVED CVE-2020-9789 RESERVED CVE-2020-9788 RESERVED CVE-2020-9787 RESERVED CVE-2020-9786 RESERVED CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple Safari CVE-2020-9783 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9782 RESERVED CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...) NOT-FOR-US: Apple CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...) NOT-FOR-US: Apple CVE-2020-9779 RESERVED CVE-2020-9778 RESERVED CVE-2020-9777 (An issue existed in the selection of video file by Mail. The issue was ...) NOT-FOR-US: Apple CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in picture ...) NOT-FOR-US: Apple CVE-2020-9774 RESERVED CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...) NOT-FOR-US: Apple CVE-2020-9772 RESERVED CVE-2020-9771 RESERVED CVE-2020-9770 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. This i ...) NOT-FOR-US: Apple CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9767 RESERVED CVE-2020-10028 RESERVED CVE-2020-10027 RESERVED CVE-2020-10026 RESERVED CVE-2020-10025 RESERVED CVE-2020-10024 RESERVED CVE-2020-10023 RESERVED CVE-2020-10022 RESERVED CVE-2020-10021 RESERVED CVE-2020-10020 REJECTED CVE-2020-10019 RESERVED CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the ...) {DSA-4641-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0003.html CVE-2020-10017 RESERVED CVE-2020-10016 RESERVED CVE-2020-10015 RESERVED CVE-2020-10014 RESERVED CVE-2020-10013 RESERVED CVE-2020-10012 RESERVED CVE-2020-10011 RESERVED CVE-2020-10010 RESERVED CVE-2020-10009 RESERVED CVE-2020-10008 RESERVED CVE-2020-10007 RESERVED CVE-2020-10006 RESERVED CVE-2020-10005 RESERVED CVE-2020-10004 RESERVED CVE-2020-10003 RESERVED CVE-2020-10002 RESERVED CVE-2020-10001 RESERVED CVE-2020-10000 RESERVED CVE-2020-9766 RESERVED CVE-2020-9765 RESERVED CVE-2020-9764 RESERVED CVE-2020-9763 RESERVED CVE-2020-9762 RESERVED CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...) NOT-FOR-US: UNCTAD ASYCUDA World CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affe ...) {DLA-2157-1} - weechat 2.7.1-1 [buster] - weechat (Minor issue) [stretch] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d CVE-2020-9759 (An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affe ...) {DLA-2157-1} - weechat 2.7.1-1 [buster] - weechat (Minor issue) [stretch] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...) NOT-FOR-US: LiveZilla Live Chat CVE-2020-9757 (The Seomatic component before 3.2.46 for Craft CMS allows Server-Side ...) NOT-FOR-US: Seomatic component for Craft CMS CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...) NOT-FOR-US: Patriot Viper RGB Driver CVE-2020-9755 RESERVED CVE-2020-9754 RESERVED CVE-2020-9753 RESERVED CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...) NOT-FOR-US: Naver Cloud Explorer CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an ...) NOT-FOR-US: Naver Cloud Explorer CVE-2020-9750 RESERVED CVE-2020-9749 RESERVED CVE-2020-9748 RESERVED CVE-2020-9747 RESERVED CVE-2020-9746 RESERVED CVE-2020-9745 RESERVED CVE-2020-9744 RESERVED CVE-2020-9743 RESERVED CVE-2020-9742 RESERVED CVE-2020-9741 RESERVED CVE-2020-9740 RESERVED CVE-2020-9739 RESERVED CVE-2020-9738 RESERVED CVE-2020-9737 RESERVED CVE-2020-9736 RESERVED CVE-2020-9735 RESERVED CVE-2020-9734 RESERVED CVE-2020-9733 RESERVED CVE-2020-9732 RESERVED CVE-2020-9731 RESERVED CVE-2020-9730 RESERVED CVE-2020-9729 RESERVED CVE-2020-9728 RESERVED CVE-2020-9727 RESERVED CVE-2020-9726 RESERVED CVE-2020-9725 RESERVED CVE-2020-9724 RESERVED CVE-2020-9723 RESERVED CVE-2020-9722 RESERVED CVE-2020-9721 RESERVED CVE-2020-9720 RESERVED CVE-2020-9719 RESERVED CVE-2020-9718 RESERVED CVE-2020-9717 RESERVED CVE-2020-9716 RESERVED CVE-2020-9715 RESERVED CVE-2020-9714 RESERVED CVE-2020-9713 RESERVED CVE-2020-9712 RESERVED CVE-2020-9711 RESERVED CVE-2020-9710 RESERVED CVE-2020-9709 RESERVED CVE-2020-9708 RESERVED CVE-2020-9707 RESERVED CVE-2020-9706 RESERVED CVE-2020-9705 RESERVED CVE-2020-9704 RESERVED CVE-2020-9703 RESERVED CVE-2020-9702 RESERVED CVE-2020-9701 RESERVED CVE-2020-9700 RESERVED CVE-2020-9699 RESERVED CVE-2020-9698 RESERVED CVE-2020-9697 RESERVED CVE-2020-9696 RESERVED CVE-2020-9695 RESERVED CVE-2020-9694 RESERVED CVE-2020-9693 RESERVED CVE-2020-9692 RESERVED CVE-2020-9691 RESERVED CVE-2020-9690 RESERVED CVE-2020-9689 RESERVED CVE-2020-9688 RESERVED CVE-2020-9687 RESERVED CVE-2020-9686 RESERVED CVE-2020-9685 RESERVED CVE-2020-9684 RESERVED CVE-2020-9683 RESERVED CVE-2020-9682 RESERVED CVE-2020-9681 RESERVED CVE-2020-9680 RESERVED CVE-2020-9679 RESERVED CVE-2020-9678 RESERVED CVE-2020-9677 RESERVED CVE-2020-9676 RESERVED CVE-2020-9675 RESERVED CVE-2020-9674 RESERVED CVE-2020-9673 RESERVED CVE-2020-9672 RESERVED CVE-2020-9671 RESERVED CVE-2020-9670 RESERVED CVE-2020-9669 RESERVED CVE-2020-9668 RESERVED CVE-2020-9667 RESERVED CVE-2020-9666 RESERVED CVE-2020-9665 RESERVED CVE-2020-9664 RESERVED CVE-2020-9663 RESERVED CVE-2020-9662 RESERVED CVE-2020-9661 RESERVED CVE-2020-9660 RESERVED CVE-2020-9659 RESERVED CVE-2020-9658 RESERVED CVE-2020-9657 RESERVED CVE-2020-9656 RESERVED CVE-2020-9655 RESERVED CVE-2020-9654 RESERVED CVE-2020-9653 RESERVED CVE-2020-9652 RESERVED CVE-2020-9651 RESERVED CVE-2020-9650 RESERVED CVE-2020-9649 RESERVED CVE-2020-9648 RESERVED CVE-2020-9647 RESERVED CVE-2020-9646 RESERVED CVE-2020-9645 RESERVED CVE-2020-9644 RESERVED CVE-2020-9643 RESERVED CVE-2020-9642 RESERVED CVE-2020-9641 RESERVED CVE-2020-9640 RESERVED CVE-2020-9639 RESERVED CVE-2020-9638 RESERVED CVE-2020-9637 RESERVED CVE-2020-9636 RESERVED CVE-2020-9635 RESERVED CVE-2020-9634 RESERVED CVE-2020-9633 RESERVED CVE-2020-9632 RESERVED CVE-2020-9631 RESERVED CVE-2020-9630 RESERVED CVE-2020-9629 RESERVED CVE-2020-9628 RESERVED CVE-2020-9627 RESERVED CVE-2020-9626 RESERVED CVE-2020-9625 RESERVED CVE-2020-9624 RESERVED CVE-2020-9623 RESERVED CVE-2020-9622 RESERVED CVE-2020-9621 RESERVED CVE-2020-9620 RESERVED CVE-2020-9619 RESERVED CVE-2020-9618 RESERVED CVE-2020-9617 RESERVED CVE-2020-9616 RESERVED CVE-2020-9615 RESERVED CVE-2020-9614 RESERVED CVE-2020-9613 RESERVED CVE-2020-9612 RESERVED CVE-2020-9611 RESERVED CVE-2020-9610 RESERVED CVE-2020-9609 RESERVED CVE-2020-9608 RESERVED CVE-2020-9607 RESERVED CVE-2020-9606 RESERVED CVE-2020-9605 RESERVED CVE-2020-9604 RESERVED CVE-2020-9603 RESERVED CVE-2020-9602 RESERVED CVE-2020-9601 RESERVED CVE-2020-9600 RESERVED CVE-2020-9599 RESERVED CVE-2020-9598 RESERVED CVE-2020-9597 RESERVED CVE-2020-9596 RESERVED CVE-2020-9595 RESERVED CVE-2020-9594 RESERVED CVE-2020-9593 RESERVED CVE-2020-9592 RESERVED CVE-2020-9591 RESERVED CVE-2020-9590 RESERVED CVE-2020-9589 RESERVED CVE-2020-9588 RESERVED CVE-2020-9587 RESERVED CVE-2020-9586 RESERVED CVE-2020-9585 RESERVED CVE-2020-9584 RESERVED CVE-2020-9583 RESERVED CVE-2020-9582 RESERVED CVE-2020-9581 RESERVED CVE-2020-9580 RESERVED CVE-2020-9579 RESERVED CVE-2020-9578 RESERVED CVE-2020-9577 RESERVED CVE-2020-9576 RESERVED CVE-2020-9575 RESERVED CVE-2020-9574 RESERVED CVE-2020-9573 RESERVED CVE-2020-9572 RESERVED CVE-2020-9571 RESERVED CVE-2020-9570 RESERVED CVE-2020-9569 RESERVED CVE-2020-9568 RESERVED CVE-2020-9567 RESERVED CVE-2020-9566 RESERVED CVE-2020-9565 RESERVED CVE-2020-9564 RESERVED CVE-2020-9563 RESERVED CVE-2020-9562 RESERVED CVE-2020-9561 RESERVED CVE-2020-9560 RESERVED CVE-2020-9559 RESERVED CVE-2020-9558 RESERVED CVE-2020-9557 RESERVED CVE-2020-9556 RESERVED CVE-2020-9555 RESERVED CVE-2020-9554 RESERVED CVE-2020-9553 RESERVED CVE-2020-9552 (Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerabi ...) NOT-FOR-US: Adobe CVE-2020-9551 (Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. ...) NOT-FOR-US: Adobe CVE-2020-9550 (Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication b ...) NOT-FOR-US: Rubetek SmartHome 2020 devices CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ...) {DLA-2134-1} - pdfresurrect 0.20-1 (unimportant; bug #952948) NOTE: https://github.com/enferex/pdfresurrect/issues/8 NOTE: Crash in CLI tool, no security impact CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2631 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9545 (Pale Moon 28.x before 28.8.4 has a segmentation fault related to modul ...) NOT-FOR-US: Pale Moon CVE-2020-9544 (An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The ad ...) NOT-FOR-US: D-Link CVE-2020-9543 (OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9 ...) - manila 1:9.0.0-5 (bug #953581) [buster] - manila (Minor issue) [stretch] - manila (Minor issue) NOTE: https://bugs.launchpad.net/manila/+bug/1861485 NOTE: https://security.openstack.org/ossa/OSSA-2020-002.html CVE-2020-9542 RESERVED CVE-2020-9541 RESERVED CVE-2020-9540 (Sophos HitmanPro.Alert before build 861 allows local elevation of priv ...) NOT-FOR-US: Sophos CVE-2020-9539 RESERVED CVE-2020-9538 RESERVED CVE-2020-9537 RESERVED CVE-2020-9536 RESERVED CVE-2020-9535 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) NOT-FOR-US: D-Link CVE-2020-9534 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) NOT-FOR-US: D-Link CVE-2020-9533 RESERVED CVE-2020-9532 RESERVED CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In t ...) NOT-FOR-US: Xiaomi CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The ...) NOT-FOR-US: Xiaomi CVE-2020-9529 RESERVED CVE-2020-9528 RESERVED CVE-2020-9527 RESERVED CVE-2020-9526 RESERVED CVE-2020-9525 RESERVED CVE-2020-9524 RESERVED CVE-2020-9523 RESERVED CVE-2020-9522 RESERVED CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus Service M ...) NOT-FOR-US: Micro Focus CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...) NOT-FOR-US: Micro Focus Vibe CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...) NOT-FOR-US: Micro Focus CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...) NOT-FOR-US: Micro Focus CVE-2020-9517 (There is an improper restriction of rendered UI layers or frames vulne ...) NOT-FOR-US: Micro Focus CVE-2020-9516 RESERVED CVE-2020-9515 RESERVED CVE-2020-9514 (An issue was discovered in the IMPress for IDX Broker plugin before 2. ...) NOT-FOR-US: IMPress for IDX Broker plugin for WordPress CVE-2020-9513 RESERVED CVE-2020-9512 RESERVED CVE-2020-9511 RESERVED CVE-2020-9510 RESERVED CVE-2020-9509 RESERVED CVE-2020-9508 RESERVED CVE-2020-9507 RESERVED CVE-2020-9506 RESERVED CVE-2020-9505 RESERVED CVE-2020-9504 RESERVED CVE-2020-9503 RESERVED CVE-2020-9502 RESERVED CVE-2020-9501 RESERVED CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...) NOT-FOR-US: Dahua CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...) NOT-FOR-US: Dahua CVE-2020-9498 RESERVED CVE-2020-9497 RESERVED CVE-2020-9496 RESERVED CVE-2020-9495 RESERVED CVE-2020-9494 RESERVED CVE-2020-9493 RESERVED CVE-2020-9492 RESERVED CVE-2020-9491 RESERVED CVE-2020-9490 RESERVED CVE-2020-9489 RESERVED CVE-2020-9488 RESERVED CVE-2020-9487 RESERVED CVE-2020-9486 RESERVED CVE-2020-9485 RESERVED CVE-2020-9484 RESERVED CVE-2020-9483 RESERVED CVE-2020-9482 RESERVED CVE-2020-9481 RESERVED CVE-2020-9480 RESERVED CVE-2020-9479 RESERVED CVE-2020-9478 RESERVED CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...) NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...) NOT-FOR-US: ARRIS TG1692A devices CVE-2020-9475 RESERVED CVE-2020-9474 RESERVED CVE-2020-9473 REJECTED CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...) NOT-FOR-US: Umbraco CMS CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...) NOT-FOR-US: Umbraco CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...) NOT-FOR-US: Wing FTP Server CVE-2020-9469 RESERVED CVE-2020-9468 (The Community plugin 2.9.e-beta for Piwigo allows users to set image i ...) - piwigo CVE-2020-9467 (Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php reque ...) - piwigo CVE-2020-9466 (The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV ...) NOT-FOR-US: Export Users to CSV plugin for WordPress CVE-2020-9465 (An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP B ...) NOT-FOR-US: BECKHOFF Ethernet TCP/IP Bus Coupler BK9000 CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary ...) - centreon-web (bug #913903) CVE-2020-9462 RESERVED CVE-2020-9461 RESERVED CVE-2020-9460 RESERVED CVE-2020-9459 (Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webn ...) NOT-FOR-US: Webnus Modern Events Calendar Lite plugin for WordPress CVE-2020-9458 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the exp ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9457 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9456 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the use ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9455 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 f ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9453 RESERVED CVE-2020-9452 RESERVED CVE-2020-9451 RESERVED CVE-2020-9450 RESERVED CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB! ...) NOT-FOR-US: BlaB! CVE-2020-9448 RESERVED CVE-2020-9447 (There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0. ...) NOT-FOR-US: GwtUpload CVE-2020-9446 RESERVED CVE-2020-9445 RESERVED CVE-2020-9444 RESERVED CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an Electron web ...) NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server) CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...) NOT-FOR-US: OpenVPN Connect on Windows CVE-2020-9441 RESERVED CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...) NOT-FOR-US: CKEditor plugin CVE-2020-9439 RESERVED CVE-2020-9438 RESERVED CVE-2020-9437 RESERVED CVE-2020-9436 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) NOT-FOR-US: PHOENIX CVE-2020-9435 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) NOT-FOR-US: PHOENIX CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 cert ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certi ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9427 RESERVED CVE-2020-9426 RESERVED CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...) NOT-FOR-US: rConfig CVE-2020-9424 RESERVED CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...) NOT-FOR-US: LogicalDoc CVE-2020-9422 RESERVED CVE-2020-9421 RESERVED CVE-2020-9420 RESERVED CVE-2020-9419 RESERVED CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Minor issue, can be fixed along in next DLA) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850 CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790 CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) - wireshark 3.2.2-1 (low) [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9fe2de783dbcbe74144678d60a4e3923367044b2 CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This ...) - wireshark 3.2.2-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-06.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73c5fff899f253c44a72657048aec7db6edee571 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2530f740d67d41908e84434bb5ec99480c2ac2e CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...) NOT-FOR-US: PDFescape CVE-2020-9417 RESERVED CVE-2020-9416 RESERVED CVE-2020-9415 RESERVED CVE-2020-9414 RESERVED CVE-2020-9413 RESERVED CVE-2020-9412 RESERVED CVE-2020-9411 RESERVED CVE-2020-9410 RESERVED CVE-2020-9409 RESERVED CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain sensitive ...) NOT-FOR-US: IBL Online Weather CVE-2020-9406 (IBL Online Weather before 4.3.5a allows unauthenticated eval injection ...) NOT-FOR-US: IBL Online Weather CVE-2020-9405 (IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS ...) NOT-FOR-US: IBL Online Weather CVE-2020-9404 RESERVED CVE-2020-9403 RESERVED CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...) - python-django 2:2.2.11-1 (low; bug #953102) [buster] - python-django (Can be fixed along in a future DSA) [stretch] - python-django (Can be fixed along in a future DSA) [jessie] - python-django (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/03/04/1 NOTE: Introduced by: https://github.com/django/django/commit/fcf494b48fea7c0c55ea29721ba0b2d250351ff8 NOTE: Fixed by: https://github.com/django/django/commit/fe886a3b58a93cfbe8864b485f93cb6d426cd1f2 (v2.2) NOTE: Fixed by: https://github.com/django/django/commit/02d97f3c9a88adc890047996e5606180bd1c6166 (v1.11) CVE-2020-9401 RESERVED CVE-2020-9400 RESERVED CVE-2020-9399 (The Avast AV parsing engine allows virus-detection bypass via a crafte ...) NOT-FOR-US: Avast AV parsing engine CVE-2020-9398 (ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_a ...) NOT-FOR-US: ISPConfig CVE-2020-9397 RESERVED CVE-2020-9396 RESERVED CVE-2020-9395 RESERVED CVE-2020-9394 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9390 RESERVED CVE-2020-9389 RESERVED CVE-2020-9388 RESERVED CVE-2020-9387 RESERVED CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) - mahara CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 ...) - linux 5.5.13-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...) - zint (bug #732141) CVE-2020-9384 RESERVED CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...) - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3 CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 for Med ...) NOT-FOR-US: Widgets extension for MediaWiki CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers to exe ...) NOT-FOR-US: Total.js CMS CVE-2020-9380 (IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to exe ...) NOT-FOR-US: IPTV Smarters WEB TV PLAYER CVE-2020-9379 (The Software Development Kit of the MiContact Center Business with Sit ...) NOT-FOR-US: Mitel CVE-2020-9378 RESERVED CVE-2020-9377 RESERVED CVE-2020-9376 RESERVED CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows re ...) NOT-FOR-US: TP-Link CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...) NOT-FOR-US: TP-Link CVE-2020-9373 RESERVED CVE-2020-9372 (The Appointment Booking Calendar plugin before 1.3.35 for WordPress al ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin before 1. ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. ...) NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial ...) - sympa 6.2.40~dfsg-4 (low; bug #952428) [buster] - sympa (Minor issue) [stretch] - sympa (Vulnerability introduced later in 6.2.38) [jessie] - sympa (Vulnerability introduced later in 6.2.38) NOTE: https://github.com/sympa-community/sympa/issues/886 NOTE: https://sympa-community.github.io/security/2020-001.html NOTE: Upstream patch: https://github.com/sympa-community/sympa/releases/download/6.2.54/sympa-6.2.52-sa-2020-001.patch CVE-2020-9368 RESERVED CVE-2020-9367 RESERVED CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ...) - pure-ftpd 1.0.49-3 (bug #952471) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) [jessie] - pure-ftpd (Vulnerable code does not exist) NOTE: https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b CVE-2020-9364 (An issue was discovered in helpers/mailer.php in the Creative Contact ...) NOT-FOR-US: Creative Contact Form extension for Joomla! CVE-2020-9363 (The Sophos AV parsing engine before 2020-01-14 allows virus-detection ...) NOT-FOR-US: Sophos AV CVE-2020-9362 (The Quick Heal AV parsing engine (November 2019) allows virus-detectio ...) NOT-FOR-US: Quick Heal AV parsing engine CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 treated ...) - screen 4.8.0-1 (bug #950896) [buster] - screen (Vulnerable code introduced in v4.7.0) [stretch] - screen (Vulnerable code introduced in v4.7.0) [jessie] - screen (Vulnerable code introduced in v4.7.0) NOTE: https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html NOTE: https://www.openwall.com/lists/oss-security/2020/02/06/3 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b (v4.8.0) NOTE: Follow-up: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a (v4.8.0) NOTE: Introduced due to: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 (v4.7.0) CVE-2020-9361 RESERVED CVE-2020-9360 RESERVED CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...) {DLA-2159-1} - okular 4:19.12.3-2 (bug #954891) [buster] - okular (Minor issue) [stretch] - okular (Minor issue) NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244 NOTE: https://kde.org/info/security/advisory-20200312-1.txt NOTE: https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC) CVE-2020-9358 RESERVED CVE-2020-9357 RESERVED CVE-2020-9356 RESERVED CVE-2020-9354 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) NOT-FOR-US: SmartClient CVE-2020-9353 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) NOT-FOR-US: SmartClient CVE-2020-9352 (An issue was discovered in SmartClient 12.0. Unauthenticated exploitat ...) NOT-FOR-US: SmartClient CVE-2020-9351 (An issue was discovered in SmartClient 12.0. If an unauthenticated att ...) NOT-FOR-US: SmartClient CVE-2020-9350 (Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph templ ...) NOT-FOR-US: Graph Builder in SAS Visual Analytics CVE-2020-9349 (The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmwar ...) NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP CVE-2020-9348 RESERVED CVE-2020-9347 (** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.x has ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9345 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) NOT-FOR-US: signoPAD-API/Web CVE-2020-9344 (Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at ...) NOT-FOR-US: Subversion ALM CVE-2020-9343 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) NOT-FOR-US: signoPAD-API/Web CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows virus-detectio ...) NOT-FOR-US: F-Secure AV parsing engine CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator ...) NOT-FOR-US: CandidATS CVE-2020-9340 (fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandid ...) NOT-FOR-US: fauzantrif eLection CVE-2020-9339 (SOPlanning 1.45 allows XSS via the Name or Comment to status.php. ...) NOT-FOR-US: SOPlanning CVE-2020-9338 (SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. ...) NOT-FOR-US: SOPlanning CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encod ...) NOT-FOR-US: GolfBuddy Course Manager CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings ...) NOT-FOR-US: fauzantrif eLection CVE-2020-6816 (In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCD ...) {DSA-4643-1} - python-bleach 3.1.3-1 (bug #954236) [stretch] - python-bleach (Requires invasive changes to address issue) [jessie] - python-bleach (Requires invasive change to address issue) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 NOTE: https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986 CVE-2020-6802 (In Mozilla Bleach before 3.11, a mutation XSS affects users calling bl ...) {DSA-4636-1} - python-bleach 3.1.1-1 (bug #951907) [stretch] - python-bleach (Requires invasive changes to address issue) [jessie] - python-bleach (Fix too invasive in jessie; uses external html5 parser) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r NOTE: https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd CVE-2020-9335 (Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery p ...) NOT-FOR-US: 10Web Photo Gallery plugin for WordPress CVE-2020-9334 (A stored XSS vulnerability exists in the Envira Photo Gallery plugin t ...) NOT-FOR-US: Envira Photo Gallery plugin for WordPress CVE-2020-9333 RESERVED CVE-2020-9332 RESERVED CVE-2020-9331 RESERVED CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...) NOT-FOR-US: Xerox CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...) NOT-FOR-US: Go Git Service CVE-2020-9328 RESERVED CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...) - sqlite3 3.31.1-3 (bug #951835) [buster] - sqlite3 (Minor issue) [stretch] - sqlite3 (Minor issue) [jessie] - sqlite3 (vulnerable code not present) NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380 NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900 CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...) NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory E ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9322 RESERVED CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...) NOT-FOR-US: Traefik CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a ...) NOT-FOR-US: Avira CVE-2020-9319 RESERVED CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...) NOT-FOR-US: Red Gate SQL Monitor CVE-2020-9317 RESERVED CVE-2020-9316 RESERVED CVE-2020-9315 RESERVED CVE-2020-9314 RESERVED CVE-2020-9313 RESERVED CVE-2020-9312 RESERVED CVE-2020-9311 RESERVED CVE-2020-9310 RESERVED CVE-2020-9309 RESERVED CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...) - libarchive 3.4.0-2 (bug #951759) [buster] - libarchive (rar5 support added in 3.4.0) [stretch] - libarchive (rar5 support added in 3.4.0) [jessie] - libarchive (rar5 support added in 3.4.0) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 NOTE: https://github.com/libarchive/libarchive/pull/1326 NOTE: https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a CVE-2020-9307 RESERVED CVE-2020-9306 RESERVED CVE-2020-9305 RESERVED CVE-2020-9304 RESERVED CVE-2020-9303 RESERVED CVE-2020-9302 RESERVED CVE-2020-9301 RESERVED CVE-2020-9300 RESERVED CVE-2020-9299 RESERVED CVE-2020-9298 RESERVED CVE-2020-9297 RESERVED CVE-2020-9296 RESERVED CVE-2020-9295 RESERVED CVE-2020-9294 RESERVED CVE-2020-9293 RESERVED CVE-2020-9292 RESERVED CVE-2020-9291 RESERVED CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online ...) NOT-FOR-US: Fortiguard CVE-2020-9289 RESERVED CVE-2020-9288 RESERVED CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...) NOT-FOR-US: Fortiguard CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...) NOT-FOR-US: Fortiguard CVE-2020-9285 RESERVED CVE-2020-9284 RESERVED CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...) - golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462) [buster] - golang-go.crypto (Minor issue) [stretch] - golang-go.crypto (Minor issue) [jessie] - golang-go.crypto (Minor issue) NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236 CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) - mahara CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) NOT-FOR-US: CKEditor plugin CVE-2020-9280 RESERVED CVE-2020-9279 RESERVED CVE-2020-9278 RESERVED CVE-2020-9277 RESERVED CVE-2020-9276 RESERVED CVE-2020-9275 RESERVED CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...) {DLA-2123-1} - pure-ftpd 1.0.49-4 (bug #952666) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) NOTE: https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa NOTE: though the CVE description does not specifically say, the issue seems to be an NOTE: out-of-bounds memory read which may result in information disclosure; NOTE: probably not the end of the world, but it is made worse by use of the rather NOTE: unsafe strcmp() instead of strncmp() in the vulnerable functions CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...) {DSA-4635-1 DLA-2115-2 DLA-2115-1} - proftpd-dfsg 1.3.6c-2 (bug #951800) NOTE: https://github.com/proftpd/proftpd/issues/903 NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master) NOTE: https://github.com/proftpd/proftpd/commit/f8047a1ed0e0eb15193f555c4cbbb281e705c5c3 (master) NOTE: https://github.com/proftpd/proftpd/commit/e845abc1bd86eebec7a0342fded908a1b0f1996b (1.3.6c) NOTE: https://github.com/proftpd/proftpd/commit/cd9036f4ef7a05c107f0ffcb19a018b20267c531 (1.3.6-branch) CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...) - proftpd-dfsg 1.3.6c-1 (unimportant) NOTE: https://github.com/proftpd/proftpd/issues/902 NOTE: Debian does not build mod_cap and does not use the embedded libcap. NOTE: Sourcewise fixed in 1.3.6c by updating to the lastest libcap. CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...) NOT-FOR-US: ICE Hrm CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via ...) NOT-FOR-US: ICE Hrm CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...) NOT-FOR-US: SOPlanning CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, ...) NOT-FOR-US: SOPlanning CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) NOT-FOR-US: SOPlanning CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) NOT-FOR-US: SOPlanning CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...) NOT-FOR-US: phpMyChat-Plus CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...) NOT-FOR-US: ESET CVE-2020-9263 RESERVED CVE-2020-9262 RESERVED CVE-2020-9261 RESERVED CVE-2020-9260 RESERVED CVE-2020-9259 RESERVED CVE-2020-9258 RESERVED CVE-2020-9257 RESERVED CVE-2020-9256 RESERVED CVE-2020-9255 RESERVED CVE-2020-9254 RESERVED CVE-2020-9253 RESERVED CVE-2020-9252 RESERVED CVE-2020-9251 RESERVED CVE-2020-9250 RESERVED CVE-2020-9249 RESERVED CVE-2020-9248 RESERVED CVE-2020-9247 RESERVED CVE-2020-9246 RESERVED CVE-2020-9245 RESERVED CVE-2020-9244 RESERVED CVE-2020-9243 RESERVED CVE-2020-9242 RESERVED CVE-2020-9241 RESERVED CVE-2020-9240 RESERVED CVE-2020-9239 RESERVED CVE-2020-9238 RESERVED CVE-2020-9237 RESERVED CVE-2020-9236 RESERVED CVE-2020-9235 RESERVED CVE-2020-9234 RESERVED CVE-2020-9233 RESERVED CVE-2020-9232 RESERVED CVE-2020-9231 RESERVED CVE-2020-9230 RESERVED CVE-2020-9229 RESERVED CVE-2020-9228 RESERVED CVE-2020-9227 RESERVED CVE-2020-9226 RESERVED CVE-2020-9225 RESERVED CVE-2020-9224 RESERVED CVE-2020-9223 RESERVED CVE-2020-9222 RESERVED CVE-2020-9221 RESERVED CVE-2020-9220 RESERVED CVE-2020-9219 RESERVED CVE-2020-9218 RESERVED CVE-2020-9217 RESERVED CVE-2020-9216 RESERVED CVE-2020-9215 RESERVED CVE-2020-9214 RESERVED CVE-2020-9213 RESERVED CVE-2020-9212 RESERVED CVE-2020-9211 RESERVED CVE-2020-9210 RESERVED CVE-2020-9209 RESERVED CVE-2020-9208 RESERVED CVE-2020-9207 RESERVED CVE-2020-9206 RESERVED CVE-2020-9205 RESERVED CVE-2020-9204 RESERVED CVE-2020-9203 RESERVED CVE-2020-9202 RESERVED CVE-2020-9201 RESERVED CVE-2020-9200 RESERVED CVE-2020-9199 RESERVED CVE-2020-9198 RESERVED CVE-2020-9197 RESERVED CVE-2020-9196 RESERVED CVE-2020-9195 RESERVED CVE-2020-9194 RESERVED CVE-2020-9193 RESERVED CVE-2020-9192 RESERVED CVE-2020-9191 RESERVED CVE-2020-9190 RESERVED CVE-2020-9189 RESERVED CVE-2020-9188 RESERVED CVE-2020-9187 RESERVED CVE-2020-9186 RESERVED CVE-2020-9185 RESERVED CVE-2020-9184 RESERVED CVE-2020-9183 RESERVED CVE-2020-9182 RESERVED CVE-2020-9181 RESERVED CVE-2020-9180 RESERVED CVE-2020-9179 RESERVED CVE-2020-9178 RESERVED CVE-2020-9177 RESERVED CVE-2020-9176 RESERVED CVE-2020-9175 RESERVED CVE-2020-9174 RESERVED CVE-2020-9173 RESERVED CVE-2020-9172 RESERVED CVE-2020-9171 RESERVED CVE-2020-9170 RESERVED CVE-2020-9169 RESERVED CVE-2020-9168 RESERVED CVE-2020-9167 RESERVED CVE-2020-9166 RESERVED CVE-2020-9165 RESERVED CVE-2020-9164 RESERVED CVE-2020-9163 RESERVED CVE-2020-9162 RESERVED CVE-2020-9161 RESERVED CVE-2020-9160 RESERVED CVE-2020-9159 RESERVED CVE-2020-9158 RESERVED CVE-2020-9157 RESERVED CVE-2020-9156 RESERVED CVE-2020-9155 RESERVED CVE-2020-9154 RESERVED CVE-2020-9153 RESERVED CVE-2020-9152 RESERVED CVE-2020-9151 RESERVED CVE-2020-9150 RESERVED CVE-2020-9149 RESERVED CVE-2020-9148 RESERVED CVE-2020-9147 RESERVED CVE-2020-9146 RESERVED CVE-2020-9145 RESERVED CVE-2020-9144 RESERVED CVE-2020-9143 RESERVED CVE-2020-9142 RESERVED CVE-2020-9141 RESERVED CVE-2020-9140 RESERVED CVE-2020-9139 RESERVED CVE-2020-9138 RESERVED CVE-2020-9137 RESERVED CVE-2020-9136 RESERVED CVE-2020-9135 RESERVED CVE-2020-9134 RESERVED CVE-2020-9133 RESERVED CVE-2020-9132 RESERVED CVE-2020-9131 RESERVED CVE-2020-9130 RESERVED CVE-2020-9129 RESERVED CVE-2020-9128 RESERVED CVE-2020-9127 RESERVED CVE-2020-9126 RESERVED CVE-2020-9125 RESERVED CVE-2020-9124 RESERVED CVE-2020-9123 RESERVED CVE-2020-9122 RESERVED CVE-2020-9121 RESERVED CVE-2020-9120 RESERVED CVE-2020-9119 RESERVED CVE-2020-9118 RESERVED CVE-2020-9117 RESERVED CVE-2020-9116 RESERVED CVE-2020-9115 RESERVED CVE-2020-9114 RESERVED CVE-2020-9113 RESERVED CVE-2020-9112 RESERVED CVE-2020-9111 RESERVED CVE-2020-9110 RESERVED CVE-2020-9109 RESERVED CVE-2020-9108 RESERVED CVE-2020-9107 RESERVED CVE-2020-9106 RESERVED CVE-2020-9105 RESERVED CVE-2020-9104 RESERVED CVE-2020-9103 RESERVED CVE-2020-9102 RESERVED CVE-2020-9101 RESERVED CVE-2020-9100 RESERVED CVE-2020-9099 RESERVED CVE-2020-9098 RESERVED CVE-2020-9097 RESERVED CVE-2020-9096 RESERVED CVE-2020-9095 RESERVED CVE-2020-9094 RESERVED CVE-2020-9093 RESERVED CVE-2020-9092 RESERVED CVE-2020-9091 RESERVED CVE-2020-9090 RESERVED CVE-2020-9089 RESERVED CVE-2020-9088 RESERVED CVE-2020-9087 RESERVED CVE-2020-9086 RESERVED CVE-2020-9085 RESERVED CVE-2020-9084 RESERVED CVE-2020-9083 RESERVED CVE-2020-9082 RESERVED CVE-2020-9081 RESERVED CVE-2020-9080 RESERVED CVE-2020-9079 RESERVED CVE-2020-9078 RESERVED CVE-2020-9077 RESERVED CVE-2020-9076 RESERVED CVE-2020-9075 RESERVED CVE-2020-9074 RESERVED CVE-2020-9073 RESERVED CVE-2020-9072 RESERVED CVE-2020-9071 RESERVED CVE-2020-9070 RESERVED CVE-2020-9069 RESERVED CVE-2020-9068 RESERVED CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...) NOT-FOR-US: Huawei CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169 ...) NOT-FOR-US: Huawei CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203( ...) NOT-FOR-US: Huawei CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...) NOT-FOR-US: Huawei CVE-2020-9063 RESERVED CVE-2020-9062 RESERVED CVE-2020-9061 RESERVED CVE-2020-9060 RESERVED CVE-2020-9059 RESERVED CVE-2020-9058 RESERVED CVE-2020-9057 RESERVED CVE-2020-9056 RESERVED CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...) NOT-FOR-US: Versiant LYNX Customer Service Portal CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...) NOT-FOR-US: ZyXEL CVE-2020-9053 RESERVED CVE-2020-9052 RESERVED CVE-2020-9051 RESERVED CVE-2020-9050 RESERVED CVE-2020-9049 RESERVED CVE-2020-9048 RESERVED CVE-2020-9047 RESERVED CVE-2020-9046 RESERVED CVE-2020-9045 RESERVED CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...) NOT-FOR-US: Johnson Controls CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...) NOT-FOR-US: wpCentral plugin for WordPress CVE-2020-9042 RESERVED CVE-2020-9041 RESERVED CVE-2020-9040 RESERVED CVE-2020-9039 (Couchbase Server 4.x and 5.x before 6.0.0 has Insecure Permissions for ...) NOT-FOR-US: Couchbase CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...) NOT-FOR-US: Joplin CVE-2020-9037 RESERVED CVE-2020-9036 RESERVED CVE-2020-9035 RESERVED CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...) {DSA-4637-1} - network-manager-ssh 1.2.11-1 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803499 CVE-2020-9034 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9033 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9032 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9031 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9030 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9029 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9028 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9027 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) NOT-FOR-US: ELTEX devices CVE-2020-9026 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) NOT-FOR-US: ELTEX devices CVE-2020-9025 (Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9024 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world- ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9023 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two us ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9022 (An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 de ...) NOT-FOR-US: Xirrus devices CVE-2020-9021 (Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1. ...) NOT-FOR-US: Post Oak AWAM Bluetooth Field Device CVE-2020-9020 (Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9019 (The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via th ...) NOT-FOR-US: WPJobBoard plugin for WordPress CVE-2020-9018 (LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF ...) NOT-FOR-US: LiteCart CVE-2020-9017 (LiteCart through 2.2.1 allows CSV injection via a customer's profile. ...) NOT-FOR-US: LiteCart CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, ...) - dolibarr CVE-2020-9015 (** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20 ...) NOT-FOR-US: Arista devices CVE-2020-9014 RESERVED CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...) NOT-FOR-US: Arvato Skillpipe CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People functi ...) NOT-FOR-US: Gluu Identity Configuration CVE-2020-9011 RESERVED CVE-2020-9010 RESERVED CVE-2020-9009 RESERVED CVE-2020-9008 (Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/Pe ...) NOT-FOR-US: Blackboard Learn/PeopleTool CVE-2020-9007 (Codoforum 4.8.8 allows self-XSS via the title of a new topic. ...) NOT-FOR-US: Codoforum CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulner ...) NOT-FOR-US: Popup Builder plugin for WordPress CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attack ...) NOT-FOR-US: Dota 2 CVE-2020-9004 RESERVED CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...) NOT-FOR-US: Modula Image Gallery plugin for WordPress CVE-2020-9002 RESERVED CVE-2020-9001 RESERVED CVE-2020-9000 RESERVED CVE-2020-8999 RESERVED CVE-2020-8998 REJECTED CVE-2020-8997 (Older generation Abbott FreeStyle Libre sensors allow remote attackers ...) NOT-FOR-US: Abbott FreeStyle Libre CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to read ...) NOT-FOR-US: AnyShare Cloud CVE-2020-8995 RESERVED CVE-2020-8994 (An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1. ...) NOT-FOR-US: XIAOMI AI speaker MDZ-25-DT CVE-2020-8993 RESERVED CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...) - linux 5.5.13-1 NOTE: https://patchwork.ozlabs.org/patch/1236118/ CVE-2020-8991 (** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.0 ...) - lvm2 2.03.01-2 [stretch] - lvm2 (Minor issue) [jessie] - lvm2 (Minor issue) NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701 NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code) CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow ...) NOT-FOR-US: Western Digital My Cloud Home CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...) NOT-FOR-US: Voatz application for Android CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...) NOT-FOR-US: Voatz application for Android CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 pr ...) NOT-FOR-US: Avast AntiTrack CVE-2020-8986 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly c ...) NOT-FOR-US: ZendTo CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unl ...) NOT-FOR-US: ZendTo CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address s ...) NOT-FOR-US: ZendTo CVE-2020-8983 RESERVED CVE-2020-8982 RESERVED CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...) NOT-FOR-US: Source Integration plugin for MantisBT CVE-2020-8980 RESERVED CVE-2020-8979 RESERVED CVE-2020-8978 RESERVED CVE-2020-8977 RESERVED CVE-2020-8976 RESERVED CVE-2020-8975 RESERVED CVE-2020-8974 RESERVED CVE-2020-8973 RESERVED CVE-2020-8972 RESERVED CVE-2020-8971 RESERVED CVE-2020-8970 RESERVED CVE-2020-8969 RESERVED CVE-2020-8968 RESERVED CVE-2020-8967 RESERVED CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...) NOT-FOR-US: Tiki-Wiki Groupware CVE-2020-8965 RESERVED CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) NOT-FOR-US: TimeTools devices CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) NOT-FOR-US: TimeTools devices CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...) NOT-FOR-US: D-Link CVE-2020-8961 (An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. ...) TODO: check CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...) NOT-FOR-US: Western Digital mycloud.com CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...) NOT-FOR-US: Western Digital CVE-2020-8958 RESERVED CVE-2020-8957 RESERVED CVE-2020-8956 RESERVED CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...) {DLA-2157-1} - weechat 2.7.1-1 (bug #951289) [buster] - weechat (Minor issue) [stretch] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da CVE-2020-8954 RESERVED CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the logout.jsp ti ...) NOT-FOR-US: Fiserv Accurate Reconciliation CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0 allows XSS via the Source or Des ...) NOT-FOR-US: Fiserv Accurate Reconciliation CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...) NOT-FOR-US: Radeon AMD User Experience Program Launcher CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...) NOT-FOR-US: Gocloud devices CVE-2020-8948 RESERVED CVE-2020-8947 (functions_netflow.php in Artica Pandora FMS 7.0 allows remote attacker ...) NOT-FOR-US: Pandora FMS CVE-2020-8946 (Netis WF2471 v1.2.30142 devices allow an authenticated attacker to exe ...) NOT-FOR-US: Netis devices CVE-2020-8945 (The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...) - golang-github-proglottis-gpgme 0.1.1-1 (bug #951372) NOTE: https://github.com/proglottis/gpgme/pull/23 CVE-2020-8944 RESERVED CVE-2020-8943 RESERVED CVE-2020-8942 RESERVED CVE-2020-8941 RESERVED CVE-2020-8940 RESERVED CVE-2020-8939 RESERVED CVE-2020-8938 RESERVED CVE-2020-8937 RESERVED CVE-2020-8936 RESERVED CVE-2020-8935 RESERVED CVE-2020-8934 RESERVED CVE-2020-8933 RESERVED CVE-2020-8932 RESERVED CVE-2020-8931 RESERVED CVE-2020-8930 RESERVED CVE-2020-8929 RESERVED CVE-2020-8928 RESERVED CVE-2020-8927 RESERVED CVE-2020-8926 RESERVED CVE-2020-8925 RESERVED CVE-2020-8924 RESERVED CVE-2020-8923 (An improper HTML sanitization in Dart versions up to and including 2.7 ...) NOT-FOR-US: Dart (different from src:dart) CVE-2020-8922 RESERVED CVE-2020-8921 RESERVED CVE-2020-8920 RESERVED CVE-2020-8919 RESERVED CVE-2020-8918 RESERVED CVE-2020-8917 RESERVED CVE-2020-8916 RESERVED CVE-2020-8915 RESERVED CVE-2020-8914 RESERVED CVE-2020-8913 RESERVED CVE-2020-8912 RESERVED CVE-2020-8911 RESERVED CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...) - chromium [stretch] - chromium (see DSA 4562) NOTE: https://github.com/google/closure-library/commit/294fc00b01d248419d8f8de37580adf2a0024fc9 CVE-2020-8909 RESERVED CVE-2020-8908 RESERVED CVE-2020-8907 RESERVED CVE-2020-8906 RESERVED CVE-2020-8905 RESERVED CVE-2020-8904 RESERVED CVE-2020-8903 RESERVED CVE-2020-8902 RESERVED CVE-2020-8901 RESERVED CVE-2020-8900 RESERVED CVE-2020-8899 RESERVED CVE-2020-8898 RESERVED CVE-2020-8897 RESERVED CVE-2020-8896 RESERVED CVE-2020-8895 RESERVED CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...) NOT-FOR-US: MISP CVE-2020-8893 (An issue was discovered in MISP before 2.4.121. The Galaxy view contai ...) NOT-FOR-US: MISP CVE-2020-8892 (An issue was discovered in MISP before 2.4.121. It did not consider th ...) NOT-FOR-US: MISP CVE-2020-8891 (An issue was discovered in MISP before 2.4.121. It did not canonicaliz ...) NOT-FOR-US: MISP CVE-2020-8890 (An issue was discovered in MISP before 2.4.121. It mishandled time ske ...) NOT-FOR-US: MISP CVE-2020-8889 RESERVED CVE-2020-8888 RESERVED CVE-2020-8887 RESERVED CVE-2020-8886 RESERVED CVE-2020-8885 RESERVED CVE-2020-8884 RESERVED CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8881 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8880 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8879 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8876 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels CVE-2020-8875 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8874 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8873 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8870 RESERVED CVE-2020-8869 RESERVED CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Quest Foglight Evolve CVE-2020-8867 RESERVED CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...) {DLA-2162-1} - php-horde-form (bug #955020) NOTE: https://lists.horde.org/archives/announce/2020/001288.html NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-275/ NOTE: https://github.com/horde/Form/commit/813f8e7e9479fad4546b89c569325ee9eef60b0f CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP files ...) - php-horde-trean (bug #955019) [buster] - php-horde-trean (Minor issue) [stretch] - php-horde-trean (Minor issue) [jessie] - php-horde-trean (Minor issue) NOTE: https://lists.horde.org/archives/announce/2020/001286.html NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-276/ NOTE: https://github.com/horde/trean/commit/db0714a0c04d87bda9e2852f1b0d259fc281ca75 NOTE: https://github.com/horde/trean/commit/055029f551501803d7e293a48316e2cf31307908 CVE-2020-8864 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8863 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Samsung Galaxy S10 Firmware CVE-2020-8859 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: elog CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Moxa CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8856 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8855 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8854 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8853 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8852 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2020-8851 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8850 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8849 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8848 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8847 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8846 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...) NOT-FOR-US: itsio CVE-2020-8842 RESERVED CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...) NOT-FOR-US: TestLink CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...) {DLA-2111-1} - jackson-databind [buster] - jackson-databind (Minor issue; can be fixed via a point release) [stretch] - jackson-databind (Minor issue; can be fixed via a point release) NOTE: https://github.com/FasterXML/jackson-databind/issues/2620 NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter dev ...) NOT-FOR-US: CHIYU BF-430 232/485 TCP/IP Converter devices CVE-2020-8838 (An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-8837 RESERVED CVE-2020-8836 RESERVED CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/veri ...) - linux 5.5.13-2 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f2d67fec0b43edce8c416101cdc52e71145b5fef CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting use of ...) - linux 4.18.6-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2 CVE-2020-8833 RESERVED CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...) - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817047 TODO: check (in kernel-sec) if we have incomplete fix CVE-2020-8831 RESERVED CVE-2020-8830 RESERVED CVE-2020-8829 RESERVED CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...) NOT-FOR-US: Argo CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...) NOT-FOR-US: Argo CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...) NOT-FOR-US: Argo CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...) NOT-FOR-US: Vanilla Forums CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...) NOT-FOR-US: Hitron devices CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerab ...) NOT-FOR-US: SockJS CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices ...) NOT-FOR-US: Digi TransPort CVE-2020-8821 RESERVED CVE-2020-8820 RESERVED CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3.1.15 ...) NOT-FOR-US: CardGate Payments plugin for WooCommerce CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...) NOT-FOR-US: CardGate Payments plugin for Magento CVE-2020-8817 RESERVED CVE-2020-8816 RESERVED CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam ...) NOT-FOR-US: BearFTP CVE-2020-8814 RESERVED CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...) - cacti 1.2.10+ds1-1 (bug #951832) [stretch] - cacti (Vulnerable code not present) [jessie] - cacti (Vulnerable code not present) NOTE: https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129 NOTE: https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ NOTE: https://github.com/Cacti/cacti/issues/3285 NOTE: https://github.com/Cacti/cacti/commit/fea919e8fe05bb730c802054661fd3a7ec029784 CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert m ...) NOT-FOR-US: Bludit CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated ...) NOT-FOR-US: Bludit CVE-2020-8810 (An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301 ...) NOT-FOR-US: Gurux CVE-2020-8809 (Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add- ...) NOT-FOR-US: Gurux CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...) NOT-FOR-US: CORSAIR iCUE CVE-2020-8807 RESERVED CVE-2020-8806 RESERVED CVE-2020-8805 RESERVED CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...) NOT-FOR-US: SuiteCRM CVE-2020-8803 (SuiteCRM through 7.11.11 allows Directory Traversal to include arbitra ...) NOT-FOR-US: SuiteCRM CVE-2020-8802 (SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveH ...) NOT-FOR-US: SuiteCRM CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization. ...) NOT-FOR-US: SuiteCRM CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...) NOT-FOR-US: SuiteCRM CVE-2020-8799 RESERVED CVE-2020-8798 RESERVED CVE-2020-8797 RESERVED CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a gro ...) - gitlab (Only affects EE version) NOTE: https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/ CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an out- ...) {DSA-4634-1} - opensmtpd 6.6.4p1-1 (bug #952453) NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5 NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ NOTE: https://www.openwall.com/lists/oss-security/2020/02/26/1 CVE-2020-8793 (OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ...) - opensmtpd 6.6.4p1-1 (unimportant; bug #952453) [buster] - opensmtpd 6.0.3p1-5+deb10u4 [stretch] - opensmtpd 6.0.2p1-2+deb9u3 NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/4 NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ NOTE: Neutralised by kernel hardening CVE-2020-8792 RESERVED CVE-2020-8791 RESERVED CVE-2020-8790 RESERVED CVE-2020-8789 RESERVED CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...) NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8786 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8785 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8782 RESERVED CVE-2020-8781 RESERVED CVE-2020-8780 RESERVED CVE-2020-8779 RESERVED CVE-2020-8778 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8777 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8776 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8775 RESERVED CVE-2020-8774 RESERVED CVE-2020-8773 RESERVED CVE-2020-8772 (The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missin ...) NOT-FOR-US: InfiniteWP Client plugin for WordPress CVE-2020-8771 (The Time Capsule plugin before 1.21.16 for WordPress has an authentica ...) NOT-FOR-US: Time Capsule plugin for WordPress CVE-2020-8770 RESERVED CVE-2020-8769 RESERVED CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...) NOT-FOR-US: PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L) CVE-2020-8767 RESERVED CVE-2020-8766 RESERVED CVE-2020-8765 RESERVED CVE-2020-8764 RESERVED CVE-2020-8763 RESERVED CVE-2020-8762 RESERVED CVE-2020-8761 RESERVED CVE-2020-8760 RESERVED CVE-2020-8759 RESERVED CVE-2020-8758 RESERVED CVE-2020-8757 RESERVED CVE-2020-8756 RESERVED CVE-2020-8755 RESERVED CVE-2020-8754 RESERVED CVE-2020-8753 RESERVED CVE-2020-8752 RESERVED CVE-2020-8751 RESERVED CVE-2020-8750 RESERVED CVE-2020-8749 RESERVED CVE-2020-8748 RESERVED CVE-2020-8747 RESERVED CVE-2020-8746 RESERVED CVE-2020-8745 RESERVED CVE-2020-8744 RESERVED CVE-2020-8743 RESERVED CVE-2020-8742 RESERVED CVE-2020-8741 RESERVED CVE-2020-8740 RESERVED CVE-2020-8739 RESERVED CVE-2020-8738 RESERVED CVE-2020-8737 RESERVED CVE-2020-8736 RESERVED CVE-2020-8735 RESERVED CVE-2020-8734 RESERVED CVE-2020-8733 RESERVED CVE-2020-8732 RESERVED CVE-2020-8731 RESERVED CVE-2020-8730 RESERVED CVE-2020-8729 RESERVED CVE-2020-8728 RESERVED CVE-2020-8727 RESERVED CVE-2020-8726 RESERVED CVE-2020-8725 RESERVED CVE-2020-8724 RESERVED CVE-2020-8723 RESERVED CVE-2020-8722 RESERVED CVE-2020-8721 RESERVED CVE-2020-8720 RESERVED CVE-2020-8719 RESERVED CVE-2020-8718 RESERVED CVE-2020-8717 RESERVED CVE-2020-8716 RESERVED CVE-2020-8715 RESERVED CVE-2020-8714 RESERVED CVE-2020-8713 RESERVED CVE-2020-8712 RESERVED CVE-2020-8711 RESERVED CVE-2020-8710 RESERVED CVE-2020-8709 RESERVED CVE-2020-8708 RESERVED CVE-2020-8707 RESERVED CVE-2020-8706 RESERVED CVE-2020-8705 RESERVED CVE-2020-8704 RESERVED CVE-2020-8703 RESERVED CVE-2020-8702 RESERVED CVE-2020-8701 RESERVED CVE-2020-8700 RESERVED CVE-2020-8699 RESERVED CVE-2020-8698 RESERVED CVE-2020-8697 RESERVED CVE-2020-8696 RESERVED CVE-2020-8695 RESERVED CVE-2020-8694 RESERVED CVE-2020-8693 RESERVED CVE-2020-8692 RESERVED CVE-2020-8691 RESERVED CVE-2020-8690 RESERVED CVE-2020-8689 RESERVED CVE-2020-8688 RESERVED CVE-2020-8687 RESERVED CVE-2020-8686 RESERVED CVE-2020-8685 RESERVED CVE-2020-8684 RESERVED CVE-2020-8683 RESERVED CVE-2020-8682 RESERVED CVE-2020-8681 RESERVED CVE-2020-8680 RESERVED CVE-2020-8679 RESERVED CVE-2020-8678 RESERVED CVE-2020-8677 RESERVED CVE-2020-8676 RESERVED CVE-2020-8675 RESERVED CVE-2020-8674 RESERVED CVE-2020-8673 RESERVED CVE-2020-8672 RESERVED CVE-2020-8671 RESERVED CVE-2020-8670 RESERVED CVE-2020-8669 RESERVED CVE-2020-8668 RESERVED CVE-2020-8667 RESERVED CVE-2020-8666 RESERVED CVE-2020-8665 RESERVED CVE-2020-8664 (CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8663 RESERVED CVE-2020-8662 RESERVED CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...) NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress CVE-2020-8657 (An issue was discovered in EyesOfNetwork 5.3. The installation uses th ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8656 (An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2. ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8655 (An issue was discovered in EyesOfNetwork 5.3. The sudoers configuratio ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8654 (An issue was discovered in EyesOfNetwork 5.3. An authenticated web use ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8653 RESERVED CVE-2020-8652 RESERVED CVE-2020-8651 RESERVED CVE-2020-8650 RESERVED CVE-2020-8646 RESERVED CVE-2020-8645 (An issue was discovered in Simplejobscript.com SJS through 1.66. There ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-8644 (PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. ...) NOT-FOR-US: PlaySMS CVE-2020-8643 RESERVED CVE-2020-8642 RESERVED CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...) NOT-FOR-US: Lotus Core CMS CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5 CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8640 RESERVED CVE-2020-8639 (An unrestricted file upload vulnerability in keywordsImport.php in Tes ...) NOT-FOR-US: TestLink CVE-2020-8638 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) NOT-FOR-US: TestLink CVE-2020-8637 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) NOT-FOR-US: TestLink CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...) NOT-FOR-US: OpServices OpMon CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) NOT-FOR-US: Wing FTP Server CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) NOT-FOR-US: Wing FTP Server CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...) {DLA-2113-1} - cloud-init 19.4-2 (bug #951363) [buster] - cloud-init (Minor issue) [stretch] - cloud-init (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 NOTE: https://github.com/canonical/cloud-init/pull/189 NOTE: https://github.com/canonical/cloud-init/commit/42788bf24a1a0a5421a2d00a7f59b59e38ba1a14 CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...) {DLA-2113-1} - cloud-init 19.4-2 (bug #951362) [buster] - cloud-init (Minor issue) [stretch] - cloud-init (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 NOTE: https://github.com/canonical/cloud-init/pull/204 CVE-2020-8630 RESERVED CVE-2020-8629 RESERVED CVE-2020-8628 RESERVED CVE-2020-8627 RESERVED CVE-2020-8626 RESERVED CVE-2020-8625 RESERVED CVE-2020-8624 RESERVED CVE-2020-8623 RESERVED CVE-2020-8622 RESERVED CVE-2020-8621 RESERVED CVE-2020-8620 RESERVED CVE-2020-8619 RESERVED CVE-2020-8618 RESERVED CVE-2020-8617 RESERVED CVE-2020-8616 RESERVED CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...) NOT-FOR-US: Tutor LMS plugin for WordPress CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An att ...) NOT-FOR-US: Askey devices CVE-2020-8613 RESERVED CVE-2020-8612 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2020-8611 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2020-8610 RESERVED CVE-2020-8609 RESERVED CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...) {DLA-2144-1 DLA-2142-1} - libslirp - qemu 1:4.1-2 [buster] - qemu (Minor issue) [stretch] - qemu (Minor issue) - qemu-kvm - slirp - slirp4netns [buster] - slirp4netns (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775 NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. CVE-2020-8607 RESERVED CVE-2020-8606 RESERVED CVE-2020-8605 RESERVED CVE-2020-8604 RESERVED CVE-2020-8603 RESERVED CVE-2020-8602 RESERVED CVE-2020-8601 (Trend Micro Vulnerability Protection 2.0 is affected by a vulnerabilit ...) NOT-FOR-US: Trend Micro CVE-2020-8600 (Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected ...) NOT-FOR-US: Trend Micro CVE-2020-8599 (Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnera ...) NOT-FOR-US: Trend Micro CVE-2020-8598 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overf ...) {DSA-4632-1 DLA-2097-1} - lwip 2.1.2+dfsg1-5 (bug #951291) [buster] - lwip (Minor issue) [experimental] - ppp 2.4.8-1+1~exp1 - ppp (bug #950618) NOTE: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86 NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...) NOT-FOR-US: Participants Database plugin for WordPress CVE-2020-8595 (Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and ...) NOT-FOR-US: itsio CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2020-8593 RESERVED CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...) NOT-FOR-US: eG Manager CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLogi ...) NOT-FOR-US: eG Manager CVE-2020-8590 RESERVED CVE-2020-8589 RESERVED CVE-2020-8588 RESERVED CVE-2020-8587 RESERVED CVE-2020-8586 RESERVED CVE-2020-8585 RESERVED CVE-2020-8584 RESERVED CVE-2020-8583 RESERVED CVE-2020-8582 RESERVED CVE-2020-8581 RESERVED CVE-2020-8580 RESERVED CVE-2020-8579 RESERVED CVE-2020-8578 RESERVED CVE-2020-8577 RESERVED CVE-2020-8576 RESERVED CVE-2020-8575 RESERVED CVE-2020-8574 RESERVED CVE-2020-8573 RESERVED CVE-2020-8572 RESERVED CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...) NOT-FOR-US: StorageGRID CVE-2020-8570 RESERVED CVE-2020-8569 RESERVED CVE-2020-8568 RESERVED CVE-2020-8567 RESERVED CVE-2020-8566 RESERVED CVE-2020-8565 RESERVED CVE-2020-8564 RESERVED CVE-2020-8563 RESERVED CVE-2020-8562 RESERVED CVE-2020-8561 RESERVED CVE-2020-8560 RESERVED CVE-2020-8559 RESERVED CVE-2020-8558 RESERVED CVE-2020-8557 RESERVED CVE-2020-8556 RESERVED CVE-2020-8555 RESERVED CVE-2020-8554 RESERVED CVE-2020-8553 RESERVED CVE-2020-8552 (The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/89378 CVE-2020-8551 (The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1. ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/89377 CVE-2020-8550 RESERVED CVE-2020-8549 (Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPre ...) NOT-FOR-US: Strong Testimonials plugin for WordPress CVE-2020-8548 (massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resu ...) NOT-FOR-US: massCode CVE-2020-8547 (phpList 3.5.0 allows type juggling for admin login bypass because == i ...) - phplist (bug #612288) CVE-2020-8546 RESERVED CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...) NOT-FOR-US: AIL framework CVE-2020-8544 RESERVED CVE-2020-8543 RESERVED CVE-2020-8542 RESERVED CVE-2020-8541 RESERVED CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8539 RESERVED CVE-2020-8538 RESERVED CVE-2020-8537 RESERVED CVE-2020-8536 RESERVED CVE-2020-8535 RESERVED CVE-2020-8534 RESERVED CVE-2020-8533 RESERVED CVE-2020-8532 RESERVED CVE-2020-8531 RESERVED CVE-2020-8530 RESERVED CVE-2020-8529 RESERVED CVE-2020-8528 RESERVED CVE-2020-8527 RESERVED CVE-2020-8526 RESERVED CVE-2020-8525 RESERVED CVE-2020-8524 RESERVED CVE-2020-8523 RESERVED CVE-2020-8522 RESERVED CVE-2020-8521 RESERVED CVE-2020-8520 RESERVED CVE-2020-8519 RESERVED CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...) - php-horde-data (bug #951537) [jessie] - php-horde-data (Minor issue) NOTE: https://lists.horde.org/archives/announce/2020/001285.html NOTE: https://github.com/horde/Data/commit/78ad0c2390176cdde7260a271bc6ddd86f4c9c0e CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) - squid 4.10-1 (unimportant) - squid3 (unimportant) NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_3.txt NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-c62d2b43ad4962ea44aa0c5edb4cc99cb83a413d.patch NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch NOTE: Debian binary packages are not build with --enable-external-acl-helpers="[...]LM_group[...". CVE-2020-8516 (** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0 ...) - tor (unimportant) NOTE: Not considered a bug / explicit design choice by upstream NOTE: https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html NOTE: https://trac.torproject.org/projects/tor/ticket/33129 NOTE: http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3. ...) NOT-FOR-US: DrayTek devices CVE-2020-8514 (An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a direc ...) NOT-FOR-US: Rumpus on macOS CVE-2020-8513 RESERVED CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webma ...) NOT-FOR-US: IceWarp Webmail Server CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute arbitr ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...) NOT-FOR-US: phpABook CVE-2020-8509 (Zoho ManageEngine Desktop Central allows unauthenticated users to acce ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...) NOT-FOR-US: Norman Malware Cleaner CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...) NOT-FOR-US: Citytv Video application for Android and iOS CVE-2020-8506 (The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Un ...) NOT-FOR-US: Global TV application for Android and iOS CVE-2020-8505 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) NOT-FOR-US: School Management Software PHP/mySQL CVE-2020-8504 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) NOT-FOR-US: School Management Software PHP/mySQL CVE-2020-8503 (Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.10 ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8502 RESERVED CVE-2020-8501 RESERVED CVE-2020-8500 (** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8499 RESERVED CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin befo ...) NOT-FOR-US: shortcode functionality of the GistPress plugin for WordPress CVE-2020-8497 (In Artica Pandora FMS through 7.42, an unauthenticated attacker can re ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...) - python3.8 - python3.7 [buster] - python3.7 (Minor issue) - python3.5 [stretch] - python3.5 (Minor issue) - python3.4 [jessie] - python3.4 (Minor issue) - python2.7 [buster] - python2.7 (Minor issue) [stretch] - python2.7 (Minor issue) [jessie] - python2.7 (Minor issue) NOTE: https://bugs.python.org/issue39503 NOTE: https://github.com/python/cpython/pull/18284 NOTE: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html NOTE: https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 (master) CVE-2020-8491 RESERVED CVE-2020-8490 RESERVED CVE-2020-8489 RESERVED CVE-2020-8488 RESERVED CVE-2020-8487 RESERVED CVE-2020-8486 RESERVED CVE-2020-8485 RESERVED CVE-2020-8484 RESERVED CVE-2020-8483 RESERVED CVE-2020-8482 RESERVED CVE-2020-8481 RESERVED CVE-2020-8480 RESERVED CVE-2020-8479 RESERVED CVE-2020-8478 RESERVED CVE-2020-8477 RESERVED CVE-2020-8476 RESERVED CVE-2020-8475 RESERVED CVE-2020-8474 RESERVED CVE-2020-8473 RESERVED CVE-2020-8472 RESERVED CVE-2020-8471 RESERVED CVE-2020-8470 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8469 (Trend Micro Password Manager for Windows version 5.0 is affected by a ...) NOT-FOR-US: Trend Micro CVE-2020-8468 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8467 (A migration tool component of Trend Micro Apex One (2019) and OfficeSc ...) NOT-FOR-US: Trend Micro CVE-2020-8466 RESERVED CVE-2020-8465 RESERVED CVE-2020-8464 RESERVED CVE-2020-8463 RESERVED CVE-2020-8462 RESERVED CVE-2020-8461 RESERVED CVE-2020-8460 RESERVED CVE-2020-8459 RESERVED CVE-2020-8458 RESERVED CVE-2020-8457 RESERVED CVE-2020-8456 RESERVED CVE-2020-8455 RESERVED CVE-2020-8454 RESERVED CVE-2020-8453 RESERVED CVE-2020-8452 RESERVED CVE-2020-8451 RESERVED CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer ...) - squid 4.10-1 (bug #950802) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) - squid 4.10-1 (bug #950802) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8446 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8445 (In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-ana ...) - ossec-hids (bug #361954) CVE-2020-8444 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8441 (JYaml through 1.3 allows remote code execution during deserialization ...) NOT-FOR-US: JYaml CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-8439 (Monstra CMS through 3.0.4 allows remote authenticated users to take ov ...) NOT-FOR-US: Monstra CMS CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...) NOT-FOR-US: Ruckus devices CVE-2020-8437 (The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505 ...) NOT-FOR-US: uTorrent CVE-2020-8436 (XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPre ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-8435 (An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for Wo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-8434 RESERVED CVE-2020-8433 RESERVED CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...) - u-boot 2020.01+dfsg-2 (low) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396799.html NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396853.html CVE-2020-8431 RESERVED CVE-2020-8430 RESERVED CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not ...) NOT-FOR-US: Kinetica CVE-2020-8427 (Kaseya Traverse before 9.5.20 allows OS command injection attacks agai ...) NOT-FOR-US: Kaseya Traverse CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...) NOT-FOR-US: Elementor plugin for WordPress CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmwa ...) NOT-FOR-US: TP-Link CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...) NOT-FOR-US: Joomla! CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...) NOT-FOR-US: Joomla! CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...) NOT-FOR-US: Joomla! CVE-2020-8418 RESERVED CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) NOT-FOR-US: Code Snippets plugin for WordPress CVE-2020-8416 (IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial ...) NOT-FOR-US: BearFTP CVE-2020-8415 RESERVED CVE-2020-8414 RESERVED CVE-2020-8413 RESERVED CVE-2020-8412 RESERVED CVE-2020-8411 RESERVED CVE-2020-8410 RESERVED CVE-2020-8409 RESERVED CVE-2020-8408 RESERVED CVE-2020-8407 RESERVED CVE-2020-8406 RESERVED CVE-2020-8405 RESERVED CVE-2020-8404 RESERVED CVE-2020-8403 RESERVED CVE-2020-8402 RESERVED CVE-2020-8401 RESERVED CVE-2020-8400 RESERVED CVE-2020-8399 RESERVED CVE-2020-8398 RESERVED CVE-2020-8397 RESERVED CVE-2020-8396 RESERVED CVE-2020-8395 RESERVED CVE-2020-8394 RESERVED CVE-2020-8393 RESERVED CVE-2020-8392 RESERVED CVE-2020-8391 RESERVED CVE-2020-8390 RESERVED CVE-2020-8389 RESERVED CVE-2020-8388 RESERVED CVE-2020-8387 RESERVED CVE-2020-8386 RESERVED CVE-2020-8385 RESERVED CVE-2020-8384 RESERVED CVE-2020-8383 RESERVED CVE-2020-8382 RESERVED CVE-2020-8381 RESERVED CVE-2020-8380 RESERVED CVE-2020-8379 RESERVED CVE-2020-8378 RESERVED CVE-2020-8377 RESERVED CVE-2020-8376 RESERVED CVE-2020-8375 RESERVED CVE-2020-8374 RESERVED CVE-2020-8373 RESERVED CVE-2020-8372 RESERVED CVE-2020-8371 RESERVED CVE-2020-8370 RESERVED CVE-2020-8369 RESERVED CVE-2020-8368 RESERVED CVE-2020-8367 RESERVED CVE-2020-8366 RESERVED CVE-2020-8365 RESERVED CVE-2020-8364 RESERVED CVE-2020-8363 RESERVED CVE-2020-8362 RESERVED CVE-2020-8361 RESERVED CVE-2020-8360 RESERVED CVE-2020-8359 RESERVED CVE-2020-8358 RESERVED CVE-2020-8357 RESERVED CVE-2020-8356 RESERVED CVE-2020-8355 RESERVED CVE-2020-8354 RESERVED CVE-2020-8353 RESERVED CVE-2020-8352 RESERVED CVE-2020-8351 RESERVED CVE-2020-8350 RESERVED CVE-2020-8349 RESERVED CVE-2020-8348 RESERVED CVE-2020-8347 RESERVED CVE-2020-8346 RESERVED CVE-2020-8345 RESERVED CVE-2020-8344 RESERVED CVE-2020-8343 RESERVED CVE-2020-8342 RESERVED CVE-2020-8341 RESERVED CVE-2020-8340 RESERVED CVE-2020-8339 RESERVED CVE-2020-8338 RESERVED CVE-2020-8337 RESERVED CVE-2020-8336 RESERVED CVE-2020-8335 RESERVED CVE-2020-8334 RESERVED CVE-2020-8333 RESERVED CVE-2020-8332 RESERVED CVE-2020-8331 RESERVED CVE-2020-8330 RESERVED CVE-2020-8329 RESERVED CVE-2020-8328 RESERVED CVE-2020-8327 RESERVED CVE-2020-8326 RESERVED CVE-2020-8325 RESERVED CVE-2020-8324 RESERVED CVE-2020-8323 RESERVED CVE-2020-8322 RESERVED CVE-2020-8321 RESERVED CVE-2020-8320 RESERVED CVE-2020-8319 RESERVED CVE-2020-8318 RESERVED CVE-2020-8317 RESERVED CVE-2020-8316 RESERVED CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...) - linux 5.4.19-1 [jessie] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6 CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ...) - python3.8 (Windows-specific) - python3.7 (Windows-specific) NOTE: https://bugs.python.org/issue39401 CVE-2020-8314 RESERVED CVE-2020-8313 RESERVED CVE-2020-8312 RESERVED CVE-2020-8311 RESERVED CVE-2020-8310 RESERVED CVE-2020-8309 RESERVED CVE-2020-8308 RESERVED CVE-2020-8307 RESERVED CVE-2020-8306 RESERVED CVE-2020-8305 RESERVED CVE-2020-8304 RESERVED CVE-2020-8303 RESERVED CVE-2020-8302 RESERVED CVE-2020-8301 RESERVED CVE-2020-8300 RESERVED CVE-2020-8299 RESERVED CVE-2020-8298 RESERVED CVE-2020-8297 RESERVED CVE-2020-8296 RESERVED CVE-2020-8295 RESERVED CVE-2020-8294 RESERVED CVE-2020-8293 RESERVED CVE-2020-8292 RESERVED CVE-2020-8291 RESERVED CVE-2020-8290 RESERVED CVE-2020-8289 RESERVED CVE-2020-8288 RESERVED CVE-2020-8287 RESERVED CVE-2020-8286 RESERVED CVE-2020-8285 RESERVED CVE-2020-8284 RESERVED CVE-2020-8283 RESERVED CVE-2020-8282 RESERVED CVE-2020-8281 RESERVED CVE-2020-8280 RESERVED CVE-2020-8279 RESERVED CVE-2020-8278 RESERVED CVE-2020-8277 RESERVED CVE-2020-8276 RESERVED CVE-2020-8275 RESERVED CVE-2020-8274 RESERVED CVE-2020-8273 RESERVED CVE-2020-8272 RESERVED CVE-2020-8271 RESERVED CVE-2020-8270 RESERVED CVE-2020-8269 RESERVED CVE-2020-8268 RESERVED CVE-2020-8267 RESERVED CVE-2020-8266 RESERVED CVE-2020-8265 RESERVED CVE-2020-8264 RESERVED CVE-2020-8263 RESERVED CVE-2020-8262 RESERVED CVE-2020-8261 RESERVED CVE-2020-8260 RESERVED CVE-2020-8259 RESERVED CVE-2020-8258 RESERVED CVE-2020-8257 RESERVED CVE-2020-8256 RESERVED CVE-2020-8255 RESERVED CVE-2020-8254 RESERVED CVE-2020-8253 RESERVED CVE-2020-8252 RESERVED CVE-2020-8251 RESERVED CVE-2020-8250 RESERVED CVE-2020-8249 RESERVED CVE-2020-8248 RESERVED CVE-2020-8247 RESERVED CVE-2020-8246 RESERVED CVE-2020-8245 RESERVED CVE-2020-8244 RESERVED CVE-2020-8243 RESERVED CVE-2020-8242 RESERVED CVE-2020-8241 RESERVED CVE-2020-8240 RESERVED CVE-2020-8239 RESERVED CVE-2020-8238 RESERVED CVE-2020-8237 RESERVED CVE-2020-8236 RESERVED CVE-2020-8235 RESERVED CVE-2020-8234 RESERVED CVE-2020-8233 RESERVED CVE-2020-8232 RESERVED CVE-2020-8231 RESERVED CVE-2020-8230 RESERVED CVE-2020-8229 RESERVED CVE-2020-8228 RESERVED CVE-2020-8227 RESERVED CVE-2020-8226 RESERVED CVE-2020-8225 RESERVED CVE-2020-8224 RESERVED CVE-2020-8223 RESERVED CVE-2020-8222 RESERVED CVE-2020-8221 RESERVED CVE-2020-8220 RESERVED CVE-2020-8219 RESERVED CVE-2020-8218 RESERVED CVE-2020-8217 RESERVED CVE-2020-8216 RESERVED CVE-2020-8215 RESERVED CVE-2020-8214 RESERVED CVE-2020-8213 RESERVED CVE-2020-8212 RESERVED CVE-2020-8211 RESERVED CVE-2020-8210 RESERVED CVE-2020-8209 RESERVED CVE-2020-8208 RESERVED CVE-2020-8207 RESERVED CVE-2020-8206 RESERVED CVE-2020-8205 RESERVED CVE-2020-8204 RESERVED CVE-2020-8203 RESERVED CVE-2020-8202 RESERVED CVE-2020-8201 RESERVED CVE-2020-8200 RESERVED CVE-2020-8199 RESERVED CVE-2020-8198 RESERVED CVE-2020-8197 RESERVED CVE-2020-8196 RESERVED CVE-2020-8195 RESERVED CVE-2020-8194 RESERVED CVE-2020-8193 RESERVED CVE-2020-8192 RESERVED CVE-2020-8191 RESERVED CVE-2020-8190 RESERVED CVE-2020-8189 RESERVED CVE-2020-8188 RESERVED CVE-2020-8187 RESERVED CVE-2020-8186 RESERVED CVE-2020-8185 RESERVED CVE-2020-8184 RESERVED CVE-2020-8183 RESERVED CVE-2020-8182 RESERVED CVE-2020-8181 RESERVED CVE-2020-8180 RESERVED CVE-2020-8179 RESERVED CVE-2020-8178 RESERVED CVE-2020-8177 RESERVED CVE-2020-8176 RESERVED CVE-2020-8175 RESERVED CVE-2020-8174 RESERVED CVE-2020-8173 RESERVED CVE-2020-8172 RESERVED CVE-2020-8171 RESERVED CVE-2020-8170 RESERVED CVE-2020-8169 RESERVED CVE-2020-8168 RESERVED CVE-2020-8167 RESERVED CVE-2020-8166 RESERVED CVE-2020-8165 RESERVED CVE-2020-8164 RESERVED CVE-2020-8163 RESERVED CVE-2020-8162 RESERVED CVE-2020-8161 RESERVED CVE-2020-8160 RESERVED CVE-2020-8159 RESERVED CVE-2020-8158 RESERVED CVE-2020-8157 RESERVED CVE-2020-8156 RESERVED CVE-2020-8155 RESERVED CVE-2020-8154 RESERVED CVE-2020-8153 RESERVED CVE-2020-8152 RESERVED CVE-2020-8151 RESERVED CVE-2020-8150 RESERVED CVE-2020-8149 RESERVED CVE-2020-8148 RESERVED CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...) NOT-FOR-US: Node utils-extend CVE-2020-8146 (In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privi ...) NOT-FOR-US: UniFi CVE-2020-8145 (The UniFi Video Server (Windows) web interface configuration restore f ...) NOT-FOR-US: UniFi CVE-2020-8144 (The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web i ...) NOT-FOR-US: UniFi CVE-2020-8143 (An Open Redirect vulnerability was discovered in Revive Adserver versi ...) NOT-FOR-US: Revive Adserver CVE-2020-8142 (A security restriction bypass vulnerability has been discovered in Rev ...) NOT-FOR-US: Revive Adserver CVE-2020-8141 (The dot package v1.1.2 uses Function() to compile templates. This can ...) - node-dot 1.1.3+ds-1 [buster] - node-dot (Will be fixed via point release) NOTE: https://hackerone.com/reports/390929 CVE-2020-8140 (A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed t ...) - nextcloud-desktop (MacOS-specific) CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1, < 1 ...) - nextcloud-server (bug #941708) CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server < 1 ...) - nextcloud-server (bug #941708) CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...) NOT-FOR-US: Node blamer CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5 allo ...) NOT-FOR-US: Node fastify-multipart CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request ...) NOT-FOR-US: Node uppy CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...) NOT-FOR-US: Ghost CMS CVE-2020-8133 RESERVED CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...) NOT-FOR-US: Node pdf-image package CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...) - node-yarnpkg 1.22.4-2 (bug #952912) NOTE: https://hackerone.com/reports/730239 NOTE: https://github.com/yarnpkg/yarn/pull/7831 CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake < 12.3. ...) {DLA-2120-1} - rake 12.3.3-1 [buster] - rake (Minor issue) [stretch] - rake (Minor issue) NOTE: https://hackerone.com/reports/651518 NOTE: Fixed by: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee (v12.3.3) CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...) NOT-FOR-US: script-manager nodejs module CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities ...) NOT-FOR-US: jsreport CVE-2020-8127 (Insufficient validation in cross-origin communication (postMessage) in ...) NOT-FOR-US: reveal.js CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...) NOT-FOR-US: Ubiquiti Networks EdgeSwitch CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...) NOT-FOR-US: klona node module CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...) - node-url-parse 1.4.7-1 [buster] - node-url-parse (Minor issue) [stretch] - node-url-parse (Nodejs in stretch not covered by security support) NOTE: https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b NOTE: https://hackerone.com/reports/496293 CVE-2020-8123 (A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that ...) NOT-FOR-US: strapi CVE-2020-8122 (A missing check in Nextcloud Server 14.0.3 could give recipient the po ...) - nextcloud-server (bug #941708) CVE-2020-8121 (A bug in Nextcloud Server 14.0.4 could expose more data in reshared li ...) - nextcloud-server (bug #941708) CVE-2020-8120 (A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16. ...) - nextcloud-server (bug #941708) CVE-2020-8119 (Improper authorization in Nextcloud server 17.0.0 causes leaking of pr ...) - nextcloud-server (bug #941708) CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud server 16.0. ...) - nextcloud-server (bug #941708) CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3 causes ...) - nextcloud-server (bug #941708) CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package version 5.1. ...) - node-dot-prop 5.2.0-1 [buster] - node-dot-prop (Minor issue) NOTE: https://hackerone.com/reports/719856 NOTE: https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2 CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...) NOT-FOR-US: Revive Adserver CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...) {DLA-2089-1} - openjpeg2 (bug #950184) [buster] - openjpeg2 (Minor issue) [stretch] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1231 CVE-2020-8111 RESERVED CVE-2020-8110 RESERVED CVE-2020-8109 RESERVED CVE-2020-8108 RESERVED CVE-2020-8107 RESERVED CVE-2020-8106 RESERVED CVE-2020-8105 RESERVED CVE-2020-8104 RESERVED CVE-2020-8103 RESERVED CVE-2020-8102 RESERVED CVE-2020-8101 RESERVED CVE-2020-8100 RESERVED CVE-2020-8099 RESERVED CVE-2020-8098 RESERVED CVE-2020-8097 RESERVED CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level Antimalw ...) NOT-FOR-US: Bitdefender CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion ...) NOT-FOR-US: Bitdefender Total Security CVE-2020-8094 RESERVED CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...) NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...) NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...) NOT-FOR-US: TYPO3 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) NOT-FOR-US: A1 WLAN Box ADB VV2220v2 devices CVE-2020-8089 (Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to th ...) - piwigo CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login bypass ...) NOT-FOR-US: UseBB CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...) NOT-FOR-US: SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices CVE-2020-8086 (The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01 ...) {DSA-4612-1} - prosody-modules 0.0~hg20200128.09e7e880e056+dfsg-1 NOTE: https://hg.prosody.im/prosody-modules/rev/f2b29183ef08 NOTE: https://prosody.im/security/advisory_20200128/ CVE-2020-8085 RESERVED CVE-2020-8084 RESERVED CVE-2020-8083 RESERVED CVE-2020-8082 RESERVED CVE-2020-8081 RESERVED CVE-2020-8080 RESERVED CVE-2020-8079 RESERVED CVE-2020-8078 RESERVED CVE-2020-8077 RESERVED CVE-2020-8076 RESERVED CVE-2020-8075 RESERVED CVE-2020-8074 RESERVED CVE-2020-8073 RESERVED CVE-2020-8072 RESERVED CVE-2020-8071 RESERVED CVE-2020-8070 RESERVED CVE-2020-8069 RESERVED CVE-2020-8068 RESERVED CVE-2020-8067 RESERVED CVE-2020-8066 RESERVED CVE-2020-8065 RESERVED CVE-2020-8064 RESERVED CVE-2020-8063 RESERVED CVE-2020-8062 RESERVED CVE-2020-8061 RESERVED CVE-2020-8060 RESERVED CVE-2020-8059 RESERVED CVE-2020-8058 RESERVED CVE-2020-8057 RESERVED CVE-2020-8056 RESERVED CVE-2020-8055 RESERVED CVE-2020-8054 RESERVED CVE-2020-8053 RESERVED CVE-2020-8052 RESERVED CVE-2020-8051 RESERVED CVE-2020-8050 RESERVED CVE-2020-8049 RESERVED CVE-2020-8048 RESERVED CVE-2020-8047 RESERVED CVE-2020-8046 RESERVED CVE-2020-8045 RESERVED CVE-2020-8044 RESERVED CVE-2020-8043 RESERVED CVE-2020-8042 RESERVED CVE-2020-8041 RESERVED CVE-2020-8040 RESERVED CVE-2020-8039 RESERVED CVE-2020-8038 RESERVED CVE-2020-8037 RESERVED CVE-2020-8036 RESERVED CVE-2020-8035 RESERVED CVE-2020-8034 RESERVED CVE-2020-8033 RESERVED CVE-2020-8032 RESERVED CVE-2020-8031 RESERVED CVE-2020-8030 RESERVED CVE-2020-8029 RESERVED CVE-2020-8028 RESERVED CVE-2020-8027 RESERVED CVE-2020-8026 RESERVED CVE-2020-8025 RESERVED CVE-2020-8024 RESERVED CVE-2020-8023 RESERVED CVE-2020-8022 RESERVED CVE-2020-8021 RESERVED CVE-2020-8020 RESERVED CVE-2020-8019 RESERVED CVE-2020-8018 RESERVED CVE-2020-8017 (A Race Condition Enabling Link Following vulnerability in the cron job ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8016 (A Race Condition Enabling Link Following vulnerability in the packagin ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8015 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8014 RESERVED CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of S ...) NOT-FOR-US: chkstat CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...) NOT-FOR-US: AVB MOTU devices CVE-2020-8008 RESERVED CVE-2020-8007 RESERVED CVE-2020-8006 RESERVED CVE-2020-8005 RESERVED CVE-2020-8004 (STMicroelectronics STM32F1 devices have Incorrect Access Control. ...) NOT-FOR-US: STMicroelectronics STM32F1 devices CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...) - virglrenderer 0.8.2-1 (bug #949954) [buster] - virglrenderer (Minor issue) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42 CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...) - virglrenderer 0.8.2-1 (bug #949954) [buster] - virglrenderer (Minor issue) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5 CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a hardcoded pass ...) NOT-FOR-US: Intellian Aptus application for Android CVE-2020-8000 (Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7999 (The Intellian Aptus application 1.0.2 for Android has hardcoded values ...) NOT-FOR-US: Intellian Aptus application for Android CVE-2020-7998 (An arbitrary file upload vulnerability has been discovered in the Supe ...) NOT-FOR-US: Super File Explorer app for iOS CVE-2020-7997 (ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Na ...) NOT-FOR-US: ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices CVE-2020-7996 (htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via th ...) - dolibarr CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allow ...) - dolibarr CVE-2020-7994 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 ...) - dolibarr CVE-2020-7993 (Prototype 1.6.0.1 allows remote authenticated users to forge ticket cr ...) NOT-FOR-US: Prototype node module CVE-2020-7992 RESERVED CVE-2020-7991 (Adive Framework 2.0.8 has admin/config CSRF to change the Administrato ...) NOT-FOR-US: Adive Framework CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS. ...) NOT-FOR-US: Adive Framework CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...) NOT-FOR-US: Adive Framework CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4 ...) NOT-FOR-US: phpIPAM CVE-2020-7987 RESERVED CVE-2020-7986 RESERVED CVE-2020-7985 RESERVED CVE-2020-7984 (SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allow ...) NOT-FOR-US: SolarWinds CVE-2020-7983 RESERVED CVE-2020-7982 (An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and ...) NOT-FOR-US: OpenWrt CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) - ruby-geocoder 1.5.1-3 (bug #949870) NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7979 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...) - gitlab (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7978 (GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. ...) - gitlab (Only affects Gitlab EE 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7977 (GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. ...) - gitlab (Only affects Gitlab EE 8.8 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7976 (GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. ...) - gitlab (Only affects Gitlab EE 12.4 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7975 REJECTED CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure. ...) - gitlab (Only affects Gitlab EE 10.1 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7973 (GitLab through 12.7.2 allows XSS. ...) [experimental] - gitlab 12.6.7-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). ...) - gitlab (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS. ...) - gitlab (Only affects Gitlab EE 11.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7970 RESERVED CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. ...) - gitlab (Only affects Gitlab EE 8.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. ...) [experimental] - gitlab 12.6.7-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). ...) - gitlab (ONly affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7966 (GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. ...) - gitlab (Only affects Gitlab EE 11.11 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...) NOT-FOR-US: webargs CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect ...) NOT-FOR-US: Mirumee Saleor CVE-2020-7963 RESERVED CVE-2020-7962 RESERVED CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE ...) NOT-FOR-US: Liferay Portal CVE-2020-7960 RESERVED CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...) NOT-FOR-US: LabVantage LIMS CVE-2020-7958 RESERVED CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...) - dovecot (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/2 CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...) - nomad 0.10.3+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7003 CVE-2020-7955 (HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...) - consul 1.7.0+dfsg1-1 (bug #950736) NOTE: https://github.com/hashicorp/consul/issues/7160 NOTE: Fixed in 1.6.3. CVE-2020-7954 (An issue was discovered in OpServices OpMon 9.3.2. Starting from the a ...) NOT-FOR-US: OpServices OpMon CVE-2020-7953 (An issue was discovered in OpServices OpMon 9.3.2. Without authenticat ...) NOT-FOR-US: OpServices OpMon CVE-2020-7952 (rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attacke ...) NOT-FOR-US: rendersystemdx9.dll in Valve Dota 2 CVE-2020-7951 (meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to ...) NOT-FOR-US: Dota 2 CVE-2020-7950 (meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to ...) NOT-FOR-US: Dota 2 CVE-2020-7949 (schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers ...) NOT-FOR-US: Dota 2 CVE-2020-7948 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-7946 RESERVED CVE-2020-7945 RESERVED CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...) NOT-FOR-US: Puppet Enterprise CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...) - puppet (low) [stretch] - puppet (Minor issue) [buster] - puppet (Minor issue) [jessie] - puppet (vulnerable code not present) - puppetdb (low) [buster] - puppetdb (Minor issue) NOTE: https://puppet.com/security/cve/CVE-2020-7943/ NOTE: https://github.com/puppetlabs/puppet_metrics_dashboard/pull/92 CVE-2020-7942 (Previously, Puppet operated on a model that a node with a valid certif ...) - puppet (unimportant) NOTE: This CVE assignment is for switching the default setting of strict_hostname_checking, NOTE: the option is available in older Puppet releases (such as 4.8 from Stretch) NOTE: https://puppet.com/security/cve/CVE-2020-7942/ CVE-2020-7941 (A privilege escalation issue in plone.app.contenttypes in Plone 4.3 th ...) NOT-FOR-US: Plone CVE-2020-7940 (Missing password strength checks on some forms in Plone 4.3 through 5. ...) NOT-FOR-US: Plone CVE-2020-7939 (SQL Injection in DTML or in connection objects in Plone 4.0 through 5. ...) NOT-FOR-US: Plone CVE-2020-7938 (plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain ...) NOT-FOR-US: Plone CVE-2020-7937 (An XSS issue in the title field in Plone 5.0 through 5.2.1 allows user ...) NOT-FOR-US: Plone CVE-2020-7936 (An open redirect on the login form (and possibly other places) in Plon ...) NOT-FOR-US: Plone CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1, the First Name, Middle Name, ...) NOT-FOR-US: LifeRay Portal CVE-2020-7933 RESERVED CVE-2020-7932 RESERVED CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...) NOT-FOR-US: JFrog Artifactory CVE-2020-7930 RESERVED CVE-2020-7929 RESERVED CVE-2020-7928 RESERVED CVE-2020-7927 RESERVED CVE-2020-7926 RESERVED CVE-2020-7925 RESERVED CVE-2020-7924 RESERVED CVE-2020-7923 RESERVED CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...) NOT-FOR-US: MongoDB Enterprise CVE-2020-7921 RESERVED CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...) NOT-FOR-US: Percona Monitoring and Management (PMM) CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte ...) - golang-1.14 1.14~rc1-1 - golang-1.13 1.13.7-1 - golang-1.11 [buster] - golang-1.11 (Minor issue, can be fixed along in next DSA) NOTE: https://github.com/golang/go/issues/36837 NOTE: https://github.com/golang/go/commit/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574 (master) NOTE: https://github.com/golang/go/issues/36838 (Go 1.13) NOTE: https://github.com/golang/go/commit/f938e06d0623d0e1de202575d16f1e126741f6e0 (go1.13.7) TODO: check older versions than golang-1.11 CVE-2020-7918 (An insecure direct object reference in webmail in totemo totemomail 7. ...) NOT-FOR-US: totemo totemomail CVE-2020-7917 RESERVED CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...) NOT-FOR-US: LearnPress plugin for WordPress CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...) NOT-FOR-US: Eaton devices CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...) - intellij-idea (bug #747616) CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...) NOT-FOR-US: JetBrains CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could ...) NOT-FOR-US: JetBrains CVE-2020-7911 (In JetBrains TeamCity before 2019.2, several user-level pages were vul ...) NOT-FOR-US: JetBrains CVE-2020-7910 (JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack ...) NOT-FOR-US: JetBrains CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwords co ...) NOT-FOR-US: JetBrains CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...) NOT-FOR-US: JetBrains CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...) NOT-FOR-US: JetBrains Scala plugin CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...) NOT-FOR-US: JetBrains CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...) - intellij-idea (bug #747616) CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...) - intellij-idea (bug #747616) CVE-2020-7903 RESERVED CVE-2020-7902 RESERVED CVE-2020-7901 RESERVED CVE-2020-7900 RESERVED CVE-2020-7899 RESERVED CVE-2020-7898 RESERVED CVE-2020-7897 RESERVED CVE-2020-7896 RESERVED CVE-2020-7895 RESERVED CVE-2020-7894 RESERVED CVE-2020-7893 RESERVED CVE-2020-7892 RESERVED CVE-2020-7891 RESERVED CVE-2020-7890 RESERVED CVE-2020-7889 RESERVED CVE-2020-7888 RESERVED CVE-2020-7887 RESERVED CVE-2020-7886 RESERVED CVE-2020-7885 RESERVED CVE-2020-7884 RESERVED CVE-2020-7883 RESERVED CVE-2020-7882 RESERVED CVE-2020-7881 RESERVED CVE-2020-7880 RESERVED CVE-2020-7879 RESERVED CVE-2020-7878 RESERVED CVE-2020-7877 RESERVED CVE-2020-7876 RESERVED CVE-2020-7875 RESERVED CVE-2020-7874 RESERVED CVE-2020-7873 RESERVED CVE-2020-7872 RESERVED CVE-2020-7871 RESERVED CVE-2020-7870 RESERVED CVE-2020-7869 RESERVED CVE-2020-7868 RESERVED CVE-2020-7867 RESERVED CVE-2020-7866 RESERVED CVE-2020-7865 RESERVED CVE-2020-7864 RESERVED CVE-2020-7863 RESERVED CVE-2020-7862 RESERVED CVE-2020-7861 RESERVED CVE-2020-7860 RESERVED CVE-2020-7859 RESERVED CVE-2020-7858 RESERVED CVE-2020-7857 RESERVED CVE-2020-7856 RESERVED CVE-2020-7855 RESERVED CVE-2020-7854 RESERVED CVE-2020-7853 RESERVED CVE-2020-7852 RESERVED CVE-2020-7851 RESERVED CVE-2020-7850 RESERVED CVE-2020-7849 RESERVED CVE-2020-7848 RESERVED CVE-2020-7847 RESERVED CVE-2020-7846 RESERVED CVE-2020-7845 RESERVED CVE-2020-7844 RESERVED CVE-2020-7843 RESERVED CVE-2020-7842 RESERVED CVE-2020-7841 RESERVED CVE-2020-7840 RESERVED CVE-2020-7839 RESERVED CVE-2020-7838 RESERVED CVE-2020-7837 RESERVED CVE-2020-7836 RESERVED CVE-2020-7835 RESERVED CVE-2020-7834 RESERVED CVE-2020-7833 RESERVED CVE-2020-7832 RESERVED CVE-2020-7831 RESERVED CVE-2020-7830 RESERVED CVE-2020-7829 RESERVED CVE-2020-7828 RESERVED CVE-2020-7827 RESERVED CVE-2020-7826 RESERVED CVE-2020-7825 RESERVED CVE-2020-7824 RESERVED CVE-2020-7823 RESERVED CVE-2020-7822 RESERVED CVE-2020-7821 RESERVED CVE-2020-7820 RESERVED CVE-2020-7819 RESERVED CVE-2020-7818 RESERVED CVE-2020-7817 RESERVED CVE-2020-7816 RESERVED CVE-2020-7815 RESERVED CVE-2020-7814 RESERVED CVE-2020-7813 RESERVED CVE-2020-7812 RESERVED CVE-2020-7811 RESERVED CVE-2020-7810 RESERVED CVE-2020-7809 RESERVED CVE-2020-7808 RESERVED CVE-2020-7807 RESERVED CVE-2020-7806 RESERVED CVE-2020-7805 RESERVED CVE-2020-7804 RESERVED CVE-2020-7803 RESERVED CVE-2020-7802 RESERVED CVE-2020-7801 RESERVED CVE-2020-7800 RESERVED CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An authenticated ...) NOT-FOR-US: FusionAuth CVE-2020-7798 RESERVED CVE-2020-7797 RESERVED CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF whe ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-7795 RESERVED CVE-2020-7794 RESERVED CVE-2020-7793 RESERVED CVE-2020-7792 RESERVED CVE-2020-7791 RESERVED CVE-2020-7790 RESERVED CVE-2020-7789 RESERVED CVE-2020-7788 RESERVED CVE-2020-7787 RESERVED CVE-2020-7786 RESERVED CVE-2020-7785 RESERVED CVE-2020-7784 RESERVED CVE-2020-7783 RESERVED CVE-2020-7782 RESERVED CVE-2020-7781 RESERVED CVE-2020-7780 RESERVED CVE-2020-7779 RESERVED CVE-2020-7778 RESERVED CVE-2020-7777 RESERVED CVE-2020-7776 RESERVED CVE-2020-7775 RESERVED CVE-2020-7774 RESERVED CVE-2020-7773 RESERVED CVE-2020-7772 RESERVED CVE-2020-7771 RESERVED CVE-2020-7770 RESERVED CVE-2020-7769 RESERVED CVE-2020-7768 RESERVED CVE-2020-7767 RESERVED CVE-2020-7766 RESERVED CVE-2020-7765 RESERVED CVE-2020-7764 RESERVED CVE-2020-7763 RESERVED CVE-2020-7762 RESERVED CVE-2020-7761 RESERVED CVE-2020-7760 RESERVED CVE-2020-7759 RESERVED CVE-2020-7758 RESERVED CVE-2020-7757 RESERVED CVE-2020-7756 RESERVED CVE-2020-7755 RESERVED CVE-2020-7754 RESERVED CVE-2020-7753 RESERVED CVE-2020-7752 RESERVED CVE-2020-7751 RESERVED CVE-2020-7750 RESERVED CVE-2020-7749 RESERVED CVE-2020-7748 RESERVED CVE-2020-7747 RESERVED CVE-2020-7746 RESERVED CVE-2020-7745 RESERVED CVE-2020-7744 RESERVED CVE-2020-7743 RESERVED CVE-2020-7742 RESERVED CVE-2020-7741 RESERVED CVE-2020-7740 RESERVED CVE-2020-7739 RESERVED CVE-2020-7738 RESERVED CVE-2020-7737 RESERVED CVE-2020-7736 RESERVED CVE-2020-7735 RESERVED CVE-2020-7734 RESERVED CVE-2020-7733 RESERVED CVE-2020-7732 RESERVED CVE-2020-7731 RESERVED CVE-2020-7730 RESERVED CVE-2020-7729 RESERVED CVE-2020-7728 RESERVED CVE-2020-7727 RESERVED CVE-2020-7726 RESERVED CVE-2020-7725 RESERVED CVE-2020-7724 RESERVED CVE-2020-7723 RESERVED CVE-2020-7722 RESERVED CVE-2020-7721 RESERVED CVE-2020-7720 RESERVED CVE-2020-7719 RESERVED CVE-2020-7718 RESERVED CVE-2020-7717 RESERVED CVE-2020-7716 RESERVED CVE-2020-7715 RESERVED CVE-2020-7714 RESERVED CVE-2020-7713 RESERVED CVE-2020-7712 RESERVED CVE-2020-7711 RESERVED CVE-2020-7710 RESERVED CVE-2020-7709 RESERVED CVE-2020-7708 RESERVED CVE-2020-7707 RESERVED CVE-2020-7706 RESERVED CVE-2020-7705 RESERVED CVE-2020-7704 RESERVED CVE-2020-7703 RESERVED CVE-2020-7702 RESERVED CVE-2020-7701 RESERVED CVE-2020-7700 RESERVED CVE-2020-7699 RESERVED CVE-2020-7698 RESERVED CVE-2020-7697 RESERVED CVE-2020-7696 RESERVED CVE-2020-7695 RESERVED CVE-2020-7694 RESERVED CVE-2020-7693 RESERVED CVE-2020-7692 RESERVED CVE-2020-7691 RESERVED CVE-2020-7690 RESERVED CVE-2020-7689 RESERVED CVE-2020-7688 RESERVED CVE-2020-7687 RESERVED CVE-2020-7686 RESERVED CVE-2020-7685 RESERVED CVE-2020-7684 RESERVED CVE-2020-7683 RESERVED CVE-2020-7682 RESERVED CVE-2020-7681 RESERVED CVE-2020-7680 RESERVED CVE-2020-7679 RESERVED CVE-2020-7678 RESERVED CVE-2020-7677 RESERVED CVE-2020-7676 RESERVED CVE-2020-7675 RESERVED CVE-2020-7674 RESERVED CVE-2020-7673 RESERVED CVE-2020-7672 RESERVED CVE-2020-7671 RESERVED CVE-2020-7670 RESERVED CVE-2020-7669 RESERVED CVE-2020-7668 RESERVED CVE-2020-7667 RESERVED CVE-2020-7666 RESERVED CVE-2020-7665 RESERVED CVE-2020-7664 RESERVED CVE-2020-7663 RESERVED CVE-2020-7662 RESERVED CVE-2020-7661 RESERVED CVE-2020-7660 RESERVED CVE-2020-7659 RESERVED CVE-2020-7658 RESERVED CVE-2020-7657 RESERVED CVE-2020-7656 RESERVED CVE-2020-7655 RESERVED CVE-2020-7654 RESERVED CVE-2020-7653 RESERVED CVE-2020-7652 RESERVED CVE-2020-7651 RESERVED CVE-2020-7650 RESERVED CVE-2020-7649 RESERVED CVE-2020-7648 RESERVED CVE-2020-7647 RESERVED CVE-2020-7646 RESERVED CVE-2020-7645 RESERVED CVE-2020-7644 RESERVED CVE-2020-7643 RESERVED CVE-2020-7642 RESERVED CVE-2020-7641 RESERVED CVE-2020-7640 RESERVED CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...) NOT-FOR-US: Node eivindfjeldstad-dot CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...) NOT-FOR-US: Node confinit CVE-2020-7637 (class-transformer through 0.2.3 is vulnerable to Prototype Pollution. ...) NOT-FOR-US: Node class-transformer CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows ...) NOT-FOR-US: Node adb-driver CVE-2020-7635 (compass-compile through 0.0.1 is vulnerable to Command Injection.It al ...) NOT-FOR-US: Node compass-compile CVE-2020-7634 (heroku-addonpool through 0.1.15 is vulnerable to Command Injection. ...) NOT-FOR-US: Node heroku-addonpool CVE-2020-7633 (apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injectio ...) NOT-FOR-US: Node apiconnect-cli-plugins CVE-2020-7632 (node-mpv through 1.4.3 is vulnerable to Command Injection. It allows e ...) NOT-FOR-US: Node node-mpv CVE-2020-7631 (diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allow ...) NOT-FOR-US: Node diskusage-ng CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection. It al ...) NOT-FOR-US: git-add-remote node module CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...) NOT-FOR-US: install-package node module CVE-2020-7628 (install-package through 1.1.6 is vulnerable to Command Injection. It a ...) NOT-FOR-US: install-package node module CVE-2020-7627 (node-key-sender through 1.0.11 is vulnerable to Command Injection. It ...) NOT-FOR-US: node-key-sender node module CVE-2020-7626 (karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows ...) NOT-FOR-US: karma-mojo node module CVE-2020-7625 (op-browser through 1.0.6 is vulnerable to Command Injection. It allows ...) NOT-FOR-US: op-browser node module CVE-2020-7624 (effect through 1.0.4 is vulnerable to Command Injection. It allows exe ...) NOT-FOR-US: effect node module CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It allows ex ...) NOT-FOR-US: Node jscover CVE-2020-7622 (All versions of Jooby before 2.2.1 are vulnerable to HTTP Response Spl ...) NOT-FOR-US: Jooby CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command Injecti ...) NOT-FOR-US: Node strong-nginx-controller CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It all ...) NOT-FOR-US: Node pomelo-monitor CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. It is p ...) NOT-FOR-US: get-git-data node module CVE-2020-7618 (sds through 3.2.0 is vulnerable to Prototype Pollution.The library cou ...) NOT-FOR-US: Node sds CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...) NOT-FOR-US: Node ini-parser CVE-2020-7616 (express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollu ...) NOT-FOR-US: Node express-mock-middleware CVE-2020-7615 (fsa through 0.5.1 is vulnerable to Command Injection. The first argume ...) NOT-FOR-US: Node fsa CVE-2020-7614 (npm-programmatic through 0.0.12 is vulnerable to Command Injection.The ...) NOT-FOR-US: npm-programmatic CVE-2020-7613 (clamscan through 1.2.0 is vulnerable to Command Injection. It is possi ...) NOT-FOR-US: Node clamscan CVE-2020-7612 RESERVED CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...) NOT-FOR-US: io.micronaut:micronaut-http-client CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...) TODO: check, might affect node-mongodb embedding bson CVE-2020-7609 RESERVED CVE-2020-7608 (yargs-parser could be tricked into adding or modifying properties of O ...) - node-yargs-parser 18.1.1-1 [buster] - node-yargs-parser (Minor issue; can be fixed via point release) [stretch] - node-yargs-parser (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 NOTE: https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2 NOTE: https://gist.github.com/Kirill89/dcd8100d010896157a36624119439832 CVE-2020-7607 (gulp-styledocco through 0.0.3 allows execution of arbitrary commands. ...) NOT-FOR-US: Node gulp-styledocco CVE-2020-7606 (docker-compose-remote-api through 0.1.4 allows execution of arbitrary ...) NOT-FOR-US: Node docker-compose-remote-api CVE-2020-7605 (gulp-tape through 1.0.0 allows execution of arbitrary commands. It is ...) NOT-FOR-US: Node gulp-tape CVE-2020-7604 (pulverizr through 0.7.0 allows execution of arbitrary commands. Within ...) NOT-FOR-US: Node pulverizr CVE-2020-7603 (closure-compiler-stream through 0.1.15 allows execution of arbitrary c ...) NOT-FOR-US: closure-compiler-stream CVE-2020-7602 (node-prompt-here through 1.0.1 allows execution of arbitrary commands. ...) NOT-FOR-US: Node node-prompt-here CVE-2020-7601 (gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. I ...) NOT-FOR-US: Node gulp-scss-lint CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object properties. The ...) NOT-FOR-US: querymen nodejs module CVE-2020-7599 (All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable ...) NOT-FOR-US: com.gradle.plugin-publish CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying proper ...) - node-minimist 1.2.5-1 (bug #953762) [buster] - node-minimist (Minor issue) [stretch] - node-minimist (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 NOTE: POC: https://gist.github.com/Kirill89/47feb345b09bf081317f08dd43403a8a NOTE: Fixed by: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94 CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to execut ...) NOT-FOR-US: codecov-node nodejs module CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...) NOT-FOR-US: Codecov npm module CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...) - libxml2 2.9.10+dfsg-2.1 (bug #949582) [buster] - libxml2 (Minor issue) [stretch] - libxml2 (Minor issue) [jessie] - libxml2 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5 CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...) NOT-FOR-US: MultiTech Conduit MTCDT-LVW2-24XX devices CVE-2020-7593 RESERVED CVE-2020-7592 RESERVED CVE-2020-7591 RESERVED CVE-2020-7590 RESERVED CVE-2020-7589 RESERVED CVE-2020-7588 RESERVED CVE-2020-7587 RESERVED CVE-2020-7586 RESERVED CVE-2020-7585 RESERVED CVE-2020-7584 RESERVED CVE-2020-7583 RESERVED CVE-2020-7582 RESERVED CVE-2020-7581 RESERVED CVE-2020-7580 RESERVED CVE-2020-7579 (A vulnerability has been identified in Spectrum Power™ 5 (All ve ...) NOT-FOR-US: Siemens CVE-2020-7578 RESERVED CVE-2020-7577 RESERVED CVE-2020-7576 RESERVED CVE-2020-7575 RESERVED CVE-2020-7574 RESERVED CVE-2020-7573 RESERVED CVE-2020-7572 RESERVED CVE-2020-7571 RESERVED CVE-2020-7570 RESERVED CVE-2020-7569 RESERVED CVE-2020-7568 RESERVED CVE-2020-7567 RESERVED CVE-2020-7566 RESERVED CVE-2020-7565 RESERVED CVE-2020-7564 RESERVED CVE-2020-7563 RESERVED CVE-2020-7562 RESERVED CVE-2020-7561 RESERVED CVE-2020-7560 RESERVED CVE-2020-7559 RESERVED CVE-2020-7558 RESERVED CVE-2020-7557 RESERVED CVE-2020-7556 RESERVED CVE-2020-7555 RESERVED CVE-2020-7554 RESERVED CVE-2020-7553 RESERVED CVE-2020-7552 RESERVED CVE-2020-7551 RESERVED CVE-2020-7550 RESERVED CVE-2020-7549 RESERVED CVE-2020-7548 RESERVED CVE-2020-7547 RESERVED CVE-2020-7546 RESERVED CVE-2020-7545 RESERVED CVE-2020-7544 RESERVED CVE-2020-7543 RESERVED CVE-2020-7542 RESERVED CVE-2020-7541 RESERVED CVE-2020-7540 RESERVED CVE-2020-7539 RESERVED CVE-2020-7538 RESERVED CVE-2020-7537 RESERVED CVE-2020-7536 RESERVED CVE-2020-7535 RESERVED CVE-2020-7534 RESERVED CVE-2020-7533 RESERVED CVE-2020-7532 RESERVED CVE-2020-7531 RESERVED CVE-2020-7530 RESERVED CVE-2020-7529 RESERVED CVE-2020-7528 RESERVED CVE-2020-7527 RESERVED CVE-2020-7526 RESERVED CVE-2020-7525 RESERVED CVE-2020-7524 RESERVED CVE-2020-7523 RESERVED CVE-2020-7522 RESERVED CVE-2020-7521 RESERVED CVE-2020-7520 RESERVED CVE-2020-7519 RESERVED CVE-2020-7518 RESERVED CVE-2020-7517 RESERVED CVE-2020-7516 RESERVED CVE-2020-7515 RESERVED CVE-2020-7514 RESERVED CVE-2020-7513 RESERVED CVE-2020-7512 RESERVED CVE-2020-7511 RESERVED CVE-2020-7510 RESERVED CVE-2020-7509 RESERVED CVE-2020-7508 RESERVED CVE-2020-7507 RESERVED CVE-2020-7506 RESERVED CVE-2020-7505 RESERVED CVE-2020-7504 RESERVED CVE-2020-7503 RESERVED CVE-2020-7502 RESERVED CVE-2020-7501 RESERVED CVE-2020-7500 RESERVED CVE-2020-7499 RESERVED CVE-2020-7498 RESERVED CVE-2020-7497 RESERVED CVE-2020-7496 RESERVED CVE-2020-7495 RESERVED CVE-2020-7494 RESERVED CVE-2020-7493 RESERVED CVE-2020-7492 RESERVED CVE-2020-7491 RESERVED CVE-2020-7490 RESERVED CVE-2020-7489 RESERVED CVE-2020-7488 RESERVED CVE-2020-7487 RESERVED CVE-2020-7486 RESERVED CVE-2020-7485 RESERVED CVE-2020-7484 RESERVED CVE-2020-7483 RESERVED CVE-2020-7482 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: Andover Continuum CVE-2020-7481 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: Andover Continuum CVE-2020-7480 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) NOT-FOR-US: Andover Continuum CVE-2020-7479 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: IGSS CVE-2020-7478 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: IGSS CVE-2020-7477 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Quantum Ethernet Network module CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Instal ...) NOT-FOR-US: ZigBee Installation Kit CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...) NOT-FOR-US: ProSoft Configurator CVE-2020-7473 RESERVED CVE-2020-7472 RESERVED CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...) {DSA-4629-1} - python-django 2:2.2.10-1 (bug #950581) [jessie] - python-django (Vulnerable code introduced in Django ~1.9) NOTE: https://www.djangoproject.com/weblog/2020/feb/03/security-releases/ NOTE: https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 (master) NOTE: https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b (3.0.3) NOTE: https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147 (2.2.10) NOTE: https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd (1.11.28) CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the ...) NOT-FOR-US: Sonoff TH 10 and 16 devices CVE-2020-7469 RESERVED CVE-2020-7468 RESERVED CVE-2020-7467 RESERVED CVE-2020-7466 RESERVED CVE-2020-7465 RESERVED CVE-2020-7464 RESERVED CVE-2020-7463 RESERVED CVE-2020-7462 RESERVED CVE-2020-7461 RESERVED CVE-2020-7460 RESERVED CVE-2020-7459 RESERVED CVE-2020-7458 RESERVED CVE-2020-7457 RESERVED CVE-2020-7456 RESERVED CVE-2020-7455 RESERVED CVE-2020-7454 RESERVED CVE-2020-7453 RESERVED CVE-2020-7452 RESERVED CVE-2020-7451 RESERVED CVE-2020-7450 (In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEAS ...) NOT-FOR-US: FreeBSD CVE-2020-7449 RESERVED CVE-2020-7448 RESERVED CVE-2020-7447 RESERVED CVE-2020-7446 RESERVED CVE-2020-7445 RESERVED CVE-2020-7444 RESERVED CVE-2020-7443 RESERVED CVE-2020-7442 RESERVED CVE-2020-7441 RESERVED CVE-2020-7440 RESERVED CVE-2020-7439 RESERVED CVE-2020-7438 RESERVED CVE-2020-7437 RESERVED CVE-2020-7436 RESERVED CVE-2020-7435 RESERVED CVE-2020-7434 RESERVED CVE-2020-7433 RESERVED CVE-2020-7432 RESERVED CVE-2020-7431 RESERVED CVE-2020-7430 RESERVED CVE-2020-7429 RESERVED CVE-2020-7428 RESERVED CVE-2020-7427 RESERVED CVE-2020-7426 RESERVED CVE-2020-7425 RESERVED CVE-2020-7424 RESERVED CVE-2020-7423 RESERVED CVE-2020-7422 RESERVED CVE-2020-7421 RESERVED CVE-2020-7420 RESERVED CVE-2020-7419 RESERVED CVE-2020-7418 RESERVED CVE-2020-7417 RESERVED CVE-2020-7416 RESERVED CVE-2020-7415 RESERVED CVE-2020-7414 RESERVED CVE-2020-7413 RESERVED CVE-2020-7412 RESERVED CVE-2020-7411 RESERVED CVE-2020-7410 RESERVED CVE-2020-7409 RESERVED CVE-2020-7408 RESERVED CVE-2020-7407 RESERVED CVE-2020-7406 RESERVED CVE-2020-7405 RESERVED CVE-2020-7404 RESERVED CVE-2020-7403 RESERVED CVE-2020-7402 RESERVED CVE-2020-7401 RESERVED CVE-2020-7400 RESERVED CVE-2020-7399 RESERVED CVE-2020-7398 RESERVED CVE-2020-7397 RESERVED CVE-2020-7396 RESERVED CVE-2020-7395 RESERVED CVE-2020-7394 RESERVED CVE-2020-7393 RESERVED CVE-2020-7392 RESERVED CVE-2020-7391 RESERVED CVE-2020-7390 RESERVED CVE-2020-7389 RESERVED CVE-2020-7388 RESERVED CVE-2020-7387 RESERVED CVE-2020-7386 RESERVED CVE-2020-7385 RESERVED CVE-2020-7384 RESERVED CVE-2020-7383 RESERVED CVE-2020-7382 RESERVED CVE-2020-7381 RESERVED CVE-2020-7380 RESERVED CVE-2020-7379 RESERVED CVE-2020-7378 RESERVED CVE-2020-7377 RESERVED CVE-2020-7376 RESERVED CVE-2020-7375 RESERVED CVE-2020-7374 RESERVED CVE-2020-7373 RESERVED CVE-2020-7372 RESERVED CVE-2020-7371 RESERVED CVE-2020-7370 RESERVED CVE-2020-7369 RESERVED CVE-2020-7368 RESERVED CVE-2020-7367 RESERVED CVE-2020-7366 RESERVED CVE-2020-7365 RESERVED CVE-2020-7364 RESERVED CVE-2020-7363 RESERVED CVE-2020-7362 RESERVED CVE-2020-7361 RESERVED CVE-2020-7360 RESERVED CVE-2020-7359 RESERVED CVE-2020-7358 RESERVED CVE-2020-7357 RESERVED CVE-2020-7356 RESERVED CVE-2020-7355 RESERVED CVE-2020-7354 RESERVED CVE-2020-7353 RESERVED CVE-2020-7352 RESERVED CVE-2020-7351 RESERVED CVE-2020-7350 RESERVED CVE-2020-7349 RESERVED CVE-2020-7348 RESERVED CVE-2020-7347 RESERVED CVE-2020-7346 RESERVED CVE-2020-7345 RESERVED CVE-2020-7344 RESERVED CVE-2020-7343 RESERVED CVE-2020-7342 RESERVED CVE-2020-7341 RESERVED CVE-2020-7340 RESERVED CVE-2020-7339 RESERVED CVE-2020-7338 RESERVED CVE-2020-7337 RESERVED CVE-2020-7336 RESERVED CVE-2020-7335 RESERVED CVE-2020-7334 RESERVED CVE-2020-7333 RESERVED CVE-2020-7332 RESERVED CVE-2020-7331 RESERVED CVE-2020-7330 RESERVED CVE-2020-7329 RESERVED CVE-2020-7328 RESERVED CVE-2020-7327 RESERVED CVE-2020-7326 RESERVED CVE-2020-7325 RESERVED CVE-2020-7324 RESERVED CVE-2020-7323 RESERVED CVE-2020-7322 RESERVED CVE-2020-7321 RESERVED CVE-2020-7320 RESERVED CVE-2020-7319 RESERVED CVE-2020-7318 RESERVED CVE-2020-7317 RESERVED CVE-2020-7316 RESERVED CVE-2020-7315 RESERVED CVE-2020-7314 RESERVED CVE-2020-7313 RESERVED CVE-2020-7312 RESERVED CVE-2020-7311 RESERVED CVE-2020-7310 RESERVED CVE-2020-7309 RESERVED CVE-2020-7308 RESERVED CVE-2020-7307 RESERVED CVE-2020-7306 RESERVED CVE-2020-7305 RESERVED CVE-2020-7304 RESERVED CVE-2020-7303 RESERVED CVE-2020-7302 RESERVED CVE-2020-7301 RESERVED CVE-2020-7300 RESERVED CVE-2020-7299 RESERVED CVE-2020-7298 RESERVED CVE-2020-7297 RESERVED CVE-2020-7296 RESERVED CVE-2020-7295 RESERVED CVE-2020-7294 RESERVED CVE-2020-7293 RESERVED CVE-2020-7292 RESERVED CVE-2020-7291 RESERVED CVE-2020-7290 RESERVED CVE-2020-7289 RESERVED CVE-2020-7288 RESERVED CVE-2020-7287 RESERVED CVE-2020-7286 RESERVED CVE-2020-7285 RESERVED CVE-2020-7284 RESERVED CVE-2020-7283 RESERVED CVE-2020-7282 RESERVED CVE-2020-7281 RESERVED CVE-2020-7280 RESERVED CVE-2020-7279 RESERVED CVE-2020-7278 RESERVED CVE-2020-7277 RESERVED CVE-2020-7276 RESERVED CVE-2020-7275 RESERVED CVE-2020-7274 RESERVED CVE-2020-7273 RESERVED CVE-2020-7272 RESERVED CVE-2020-7271 RESERVED CVE-2020-7270 RESERVED CVE-2020-7269 RESERVED CVE-2020-7268 RESERVED CVE-2020-7267 RESERVED CVE-2020-7266 RESERVED CVE-2020-7265 RESERVED CVE-2020-7264 RESERVED CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...) NOT-FOR-US: ENS for Windows CVE-2020-7262 RESERVED CVE-2020-7261 RESERVED CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee Application ...) NOT-FOR-US: McAfee CVE-2020-7259 RESERVED CVE-2020-7258 (Cross site scripting vulnerability in McAfee Network Security Manageme ...) NOT-FOR-US: McAfee CVE-2020-7257 RESERVED CVE-2020-7256 (Cross site scripting vulnerability in McAfee Network Security Manageme ...) NOT-FOR-US: McAfee CVE-2020-7255 RESERVED CVE-2020-7254 (Privilege Escalation vulnerability in the command line interface in Mc ...) NOT-FOR-US: McAfee CVE-2020-7253 (Improper access control vulnerability in masvc.exe in McAfee Agent (MA ...) NOT-FOR-US: McAfee CVE-2020-7252 (Unquoted service executable path in DXL Broker in McAfee Data eXchange ...) NOT-FOR-US: McAfee CVE-2020-7251 (Improper access control vulnerability in Configuration Tool in McAfee ...) NOT-FOR-US: McAfee CVE-2020-7250 RESERVED CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...) NOT-FOR-US: SMC D3G0804W devices CVE-2020-7248 (libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged ...) NOT-FOR-US: libubox in OpenWrt CVE-2020-XXXX [opensmtpd DoS via opportunistic TLS downgrade] - opensmtpd 6.6.2p1-1 (bug #950121) [stretch] - opensmtpd 6.0.2p1-2+deb9u2 [buster] - opensmtpd 6.0.3p1-5+deb10u3 NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/018_smtpd_tls.patch.sig CVE-2020-7247 (smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6 ...) {DSA-4611-1} - opensmtpd 6.6.2p1-1 (bug #950121) NOTE: https://www.openwall.com/lists/oss-security/2020/01/28/3 NOTE: Fixed by: https://github.com/OpenSMTPD/OpenSMTPD/commit/2afab2297347342f81fa31a75bbbf7dbee614fda NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/019_smtpd_exec.patch.sig NOTE: The issue is exploitable after switching "to new grammar", which is included NOTE: in portable sync commit: NOTE: https://github.com/OpenSMTPD/OpenSMTPD/commit/be6ef06cba9484d008d9f057e6b25d863cf278ff (opensmtpd-6.4.0) CVE-2020-7246 (A remote code execution (RCE) vulnerability exists in qdPM 9.1 and ear ...) NOT-FOR-US: qdPM CVE-2020-7245 (Incorrect username validation in the registration process of CTFd v2.0 ...) NOT-FOR-US: CTFd CVE-2020-7244 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7243 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7242 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7241 (The WP Database Backup plugin through 5.5 for WordPress stores downloa ...) NOT-FOR-US: WP Database Backup plugin for WordPress CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers ...) NOT-FOR-US: Meinberg Lantime M300 and M1000 devices CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...) NOT-FOR-US: conversation-watson plugin for WordPress CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...) {DLA-2110-1 DLA-2109-1} - netty 1:4.1.45-1 (bug #950967) - netty-3.9 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225 NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1 NOTE: Issue exists because of incomplete fix for CVE-2019-16869. NOTE: https://github.com/netty/netty/issues/9861#issuecomment-582307539 (same fix as CVE-2019-20445) CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...) - cacti 1.2.9+ds1-1 (bug #949997) [jessie] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/issues/3201 NOTE: https://github.com/Cacti/cacti/commit/5010719dbd160198be3e07bb994cf237e3af1308 CVE-2020-7236 (UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= ...) NOT-FOR-US: UHP UHP-100 devices CVE-2020-7235 (UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= ...) NOT-FOR-US: UHP UHP-100 devices CVE-2020-7234 (Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the S ...) NOT-FOR-US: Ruckus ZoneFlex R310 devices CVE-2020-7233 (KMS Controls BAC-A1616BC BACnet devices have a cleartext password of s ...) NOT-FOR-US: KMS Controls BAC-A1616BC BACnet devices CVE-2020-7232 (Evoko Home 1.31 devices allow remote attackers to obtain sensitive inf ...) NOT-FOR-US: Evoko Home devices CVE-2020-7231 (Evoko Home 1.31 devices provide different error messages for failed lo ...) NOT-FOR-US: Evoko Home devices CVE-2020-7230 RESERVED CVE-2020-7229 (An issue was discovered in Simplejobscript.com SJS before 1.65. There ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-7228 (The Calculated Fields Form plugin through 1.0.353 for WordPress suffer ...) NOT-FOR-US: Calculated Fields Form plugin for WordPress CVE-2020-7227 (Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosur ...) NOT-FOR-US: Westermo MRD-315 devices CVE-2020-7226 (CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and ...) NOT-FOR-US: cryptacular CVE-2020-7225 RESERVED CVE-2020-7224 RESERVED CVE-2020-7223 RESERVED CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06- ...) NOT-FOR-US: Amcrest Web Server CVE-2020-7221 (mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege es ...) - mariadb-10.3 (Only affects MariaDB 10.4.7 through 10.4.11) - mariadb-10.1 (Only affects MariaDB 10.4.7 through 10.4.11) CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...) NOT-FOR-US: HashiCorp Vault CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...) - consul 1.7.0+dfsg1-1 (bug #950736) NOTE: https://github.com/hashicorp/consul/issues/7159 NOTE: Fixed in 1.6.3. CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded res ...) - nomad 0.10.3+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7002 CVE-2020-7217 (An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0. ...) NOT-FOR-US: openSUSE wicked CVE-2020-7216 (An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and e ...) NOT-FOR-US: openSUSE wicked CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7.90.99 ...) NOT-FOR-US: Gallagher Command Centre CVE-2020-7214 RESERVED CVE-2020-7213 (Parallels 13 uses cleartext HTTP as part of the update process, allowi ...) NOT-FOR-US: Parallels CVE-2020-7212 (The _encode_invalid_chars function in util/url.py in the urllib3 libra ...) - python-urllib3 1.25.8-1 [buster] - python-urllib3 (Vulnerable code introduced later) [stretch] - python-urllib3 (Vulnerable code introduced later) [jessie] - python-urllib3 (Vulnerable code introduced later) NOTE: https://github.com/urllib3/urllib3/pull/1787 NOTE: Introduced by: https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a (1.25.2) NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/a2697e7c6b275f05879b60f593c5854a816489f0 (1.25.8) CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ ...) - libslirp (unimportant) NOTE: https://bugs.launchpad.net/qemu/+bug/1812451 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...) NOT-FOR-US: Umbraco CMS CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution w ...) NOT-FOR-US: LinuxKI CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved i ...) NOT-FOR-US: LinuxKI CVE-2020-7207 RESERVED CVE-2020-7206 RESERVED CVE-2020-7205 RESERVED CVE-2020-7204 RESERVED CVE-2020-7203 RESERVED CVE-2020-7202 RESERVED CVE-2020-7201 RESERVED CVE-2020-7200 RESERVED CVE-2020-7199 RESERVED CVE-2020-7198 RESERVED CVE-2020-7197 RESERVED CVE-2020-7196 RESERVED CVE-2020-7195 RESERVED CVE-2020-7194 RESERVED CVE-2020-7193 RESERVED CVE-2020-7192 RESERVED CVE-2020-7191 RESERVED CVE-2020-7190 RESERVED CVE-2020-7189 RESERVED CVE-2020-7188 RESERVED CVE-2020-7187 RESERVED CVE-2020-7186 RESERVED CVE-2020-7185 RESERVED CVE-2020-7184 RESERVED CVE-2020-7183 RESERVED CVE-2020-7182 RESERVED CVE-2020-7181 RESERVED CVE-2020-7180 RESERVED CVE-2020-7179 RESERVED CVE-2020-7178 RESERVED CVE-2020-7177 RESERVED CVE-2020-7176 RESERVED CVE-2020-7175 RESERVED CVE-2020-7174 RESERVED CVE-2020-7173 RESERVED CVE-2020-7172 RESERVED CVE-2020-7171 RESERVED CVE-2020-7170 RESERVED CVE-2020-7169 RESERVED CVE-2020-7168 RESERVED CVE-2020-7167 RESERVED CVE-2020-7166 RESERVED CVE-2020-7165 RESERVED CVE-2020-7164 RESERVED CVE-2020-7163 RESERVED CVE-2020-7162 RESERVED CVE-2020-7161 RESERVED CVE-2020-7160 RESERVED CVE-2020-7159 RESERVED CVE-2020-7158 RESERVED CVE-2020-7157 RESERVED CVE-2020-7156 RESERVED CVE-2020-7155 RESERVED CVE-2020-7154 RESERVED CVE-2020-7153 RESERVED CVE-2020-7152 RESERVED CVE-2020-7151 RESERVED CVE-2020-7150 RESERVED CVE-2020-7149 RESERVED CVE-2020-7148 RESERVED CVE-2020-7147 RESERVED CVE-2020-7146 RESERVED CVE-2020-7145 RESERVED CVE-2020-7144 RESERVED CVE-2020-7143 RESERVED CVE-2020-7142 RESERVED CVE-2020-7141 RESERVED CVE-2020-7140 RESERVED CVE-2020-7139 RESERVED CVE-2020-7138 RESERVED CVE-2020-7137 RESERVED CVE-2020-7136 RESERVED CVE-2020-7135 RESERVED CVE-2020-7134 RESERVED CVE-2020-7133 RESERVED CVE-2020-7132 RESERVED CVE-2020-7131 RESERVED CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote information discl ...) NOT-FOR-US: HPE CVE-2020-7129 RESERVED CVE-2020-7128 RESERVED CVE-2020-7127 RESERVED CVE-2020-7126 RESERVED CVE-2020-7125 RESERVED CVE-2020-7124 RESERVED CVE-2020-7123 RESERVED CVE-2020-7122 RESERVED CVE-2020-7121 RESERVED CVE-2020-7120 RESERVED CVE-2020-7119 RESERVED CVE-2020-7118 RESERVED CVE-2020-7117 RESERVED CVE-2020-7116 RESERVED CVE-2020-7115 RESERVED CVE-2020-7114 RESERVED CVE-2020-7113 RESERVED CVE-2020-7112 RESERVED CVE-2020-7111 RESERVED CVE-2020-7110 RESERVED CVE-2020-7109 (The Elementor Page Builder plugin before 2.8.4 for WordPress does not ...) NOT-FOR-US: Elementor Page Builder plugin for WordPress CVE-2020-7108 (The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ...) NOT-FOR-US: LearnDash LMS plugin for WordPress CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Dis ...) NOT-FOR-US: Ultimate FAQ plugin for WordPress CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...) {DLA-2069-1} - cacti 1.2.9+ds1-1 (bug #949996) [buster] - cacti (can be fixed along with more important issues) [stretch] - cacti (can be fixed along with more important issues) NOTE: https://github.com/Cacti/cacti/issues/3191 NOTE: https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9 NOTE: https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464 NOTE: https://github.com/Cacti/cacti/commit/b1c70e19466a6e69284e24cde437b55ccc454bee CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...) {DLA-2083-1} - hiredis 0.14.0-5 (bug #949995) [buster] - hiredis (Minor issue) [stretch] - hiredis (Minor issue) NOTE: https://github.com/redis/hiredis/pull/754 NOTE: https://github.com/redis/hiredis/pull/756 CVE-2020-7104 (The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via th ...) NOT-FOR-US: chained-quiz plugin for WordPress CVE-2020-7103 RESERVED CVE-2020-7102 RESERVED CVE-2020-7101 RESERVED CVE-2020-7100 RESERVED CVE-2020-7099 RESERVED CVE-2020-7098 RESERVED CVE-2020-7097 RESERVED CVE-2020-7096 RESERVED CVE-2020-7095 RESERVED CVE-2020-7094 RESERVED CVE-2020-7093 RESERVED CVE-2020-7092 RESERVED CVE-2020-7091 RESERVED CVE-2020-7090 RESERVED CVE-2020-7089 RESERVED CVE-2020-7088 RESERVED CVE-2020-7087 RESERVED CVE-2020-7086 RESERVED CVE-2020-7085 RESERVED CVE-2020-7084 RESERVED CVE-2020-7083 RESERVED CVE-2020-7082 RESERVED CVE-2020-7081 RESERVED CVE-2020-7080 RESERVED CVE-2020-7079 RESERVED CVE-2020-7078 RESERVED CVE-2020-7077 RESERVED CVE-2020-7076 RESERVED CVE-2020-7075 RESERVED CVE-2020-7074 RESERVED CVE-2020-7073 RESERVED CVE-2020-7072 RESERVED CVE-2020-7071 RESERVED CVE-2020-7070 RESERVED CVE-2020-7069 RESERVED CVE-2020-7068 RESERVED CVE-2020-7067 RESERVED CVE-2020-7066 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...) - php7.4 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29 NOTE: PHP Bug: https://bugs.php.net/79329 CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using ...) - php7.4 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.4, 7.3.16 NOTE: PHP Bug: https://bugs.php.net/79371 CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...) - php7.4 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29 NOTE: PHP Bug: https://bugs.php.net/79282 CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...) {DLA-2160-1} - php7.4 7.4.3-1 - php7.3 7.3.15-1 [buster] - php7.3 (Minor issue, can be fixed along in a future DSA) - php7.0 [stretch] - php7.0 (Minor issue, can be fixed along in a future DSA) - php5 NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28 NOTE: PHP Bug: http://bugs.php.net/79082 CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...) {DLA-2160-1} - php7.4 7.4.3-1 - php7.3 7.3.15-1 [buster] - php7.3 (Minor issue, can be fixed along in a future DSA) - php7.0 [stretch] - php7.0 (Minor issue, can be fixed along in a future DSA) - php5 NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28 NOTE: PHP Bug: http://bugs.php.net/79221 CVE-2020-7061 (In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...) - php7.4 (Windows specific issue) - php7.3 (Windows specific issue) - php7.0 (Windows specific issue) - php5 (Windows specific issue) NOTE: Fixed in PHP 7.4.3, 7.3.15 NOTE: PHP Bug: http://bugs.php.net/79171 CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings, ...) {DSA-4628-1 DSA-4626-1 DLA-2124-1} - php7.4 7.4.2-7 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27 NOTE: PHP Bug: http://bugs.php.net/79037 CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP ...) {DSA-4628-1 DSA-4626-1 DLA-2124-1} - php7.4 7.4.2-7 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27 NOTE: PHP Bug: https://bugs.php.net/79099 CVE-2020-7058 (** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execut ...) - cacti (unimportant) NOTE: https://github.com/Cacti/cacti/issues/3186 NOTE: Properly configured in there is no security impact, cf. NOTE: https://github.com/Cacti/cacti/issues/3186#issuecomment-574444803 CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a d ...) NOT-FOR-US: Hikvision CVE-2020-7056 RESERVED CVE-2020-7055 RESERVED CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in li ...) NOT-FOR-US: libIEC61850 CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...) - linux 5.2.6-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/ CVE-2020-7052 (CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow unco ...) NOT-FOR-US: CODESYS CVE-2020-7051 (Codologic Codoforum through 4.8.4 allows stored XSS in the login area. ...) NOT-FOR-US: Codoforum CVE-2020-7050 (Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creati ...) NOT-FOR-US: Codoforum CVE-2020-7049 RESERVED CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...) NOT-FOR-US: Wordpress plugin CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...) NOT-FOR-US: Wordpress plugin CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 ...) - dovecot (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1 CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...) - wireshark 3.2.0-1 [buster] - wireshark (Can be fixed along in next 3.0.x DSA) [stretch] - wireshark (Can be fixed along in next DSA/update to 3.0) [jessie] - wireshark (Doesn't support request-respone tracking in affected code passage, yet) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d NOTE: https://www.wireshark.org/security/wnpa-sec-2020-02.html CVE-2020-7044 (In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This ...) - wireshark 3.2.1-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) [jessie] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f90a3720b73ca140403315126e2a478c4f70ca03 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-01.html CVE-2020-7043 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 (unimportant) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8 NOTE: No version of openfortivpn was shipped with OpenSSL < 1.0.2, marking as unimportant CVE-2020-7042 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 [buster] - openfortivpn (Minor issue) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3 CVE-2020-7041 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 [buster] - openfortivpn (Minor issue) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91 CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...) {DLA-2095-1} - storebackup (bug #949393) [buster] - storebackup (Minor issue) [stretch] - storebackup (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1156767 NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3 NOTE: SuSE provided patch: https://www.openwall.com/lists/oss-security/2020/01/20/3/1 CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...) {DSA-4616-1 DLA-2090-1 DLA-2076-1} - libslirp 4.1.0-2 (bug #949084) - qemu 1:4.1-2 - qemu-kvm - slirp 1:1.0.17-10 (bug #949085) [buster] - slirp (Minor issue; can be fixed via point release) [stretch] - slirp (Minor issue; can be fixed via point release) NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/2 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. CVE-2020-7038 RESERVED CVE-2020-7037 RESERVED CVE-2020-7036 RESERVED CVE-2020-7035 RESERVED CVE-2020-7034 RESERVED CVE-2020-7033 RESERVED CVE-2020-7032 RESERVED CVE-2020-7031 RESERVED CVE-2020-7030 RESERVED CVE-2020-7029 RESERVED CVE-2020-7028 RESERVED CVE-2020-7027 RESERVED CVE-2020-7026 RESERVED CVE-2020-7025 RESERVED CVE-2020-7024 RESERVED CVE-2020-7023 RESERVED CVE-2020-7022 RESERVED CVE-2020-7021 RESERVED CVE-2020-7020 RESERVED CVE-2020-7019 RESERVED CVE-2020-7018 RESERVED CVE-2020-7017 RESERVED CVE-2020-7016 RESERVED CVE-2020-7015 RESERVED CVE-2020-7014 RESERVED CVE-2020-7013 RESERVED CVE-2020-7012 RESERVED CVE-2020-7011 RESERVED CVE-2020-7010 RESERVED CVE-2020-7009 (Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 ...) - elasticsearch CVE-2020-7008 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker ...) NOT-FOR-US: Moxa CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), ...) NOT-FOR-US: Systech Corporation CVE-2020-7005 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...) NOT-FOR-US: Honeywell CVE-2020-7004 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...) NOT-FOR-US: Moxa CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...) NOT-FOR-US: McAfee CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected ...) NOT-FOR-US: Moxa CVE-2020-7000 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-6999 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the p ...) NOT-FOR-US: Moxa CVE-2020-6998 RESERVED CVE-2020-6997 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive inf ...) NOT-FOR-US: Moxa CVE-2020-6996 RESERVED CVE-2020-6995 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6994 (A buffer overflow vulnerability was found in some devices of Hirschman ...) NOT-FOR-US: Hirschmann Automation and Control HiOS and HiSecOS CVE-2020-6993 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6992 RESERVED CVE-2020-6991 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password ...) NOT-FOR-US: Moxa CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6989 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6988 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6987 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a series ...) NOT-FOR-US: Omron CVE-2020-6985 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6983 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6982 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injecti ...) NOT-FOR-US: Honeywell CVE-2020-6981 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker m ...) NOT-FOR-US: Moxa CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6979 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected ...) NOT-FOR-US: Moxa CVE-2020-6978 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...) NOT-FOR-US: Honeywell CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...) NOT-FOR-US: GE CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...) NOT-FOR-US: Delta Industrial Automation CNCSoft ScreenEditor CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6974 (Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a pa ...) NOT-FOR-US: Honeywell CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6972 (In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell F ...) NOT-FOR-US: Honeywell CVE-2020-6971 (In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the Va ...) NOT-FOR-US: Emerson CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA ...) NOT-FOR-US: Emerson OpenEnterprise SCADA Server CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...) NOT-FOR-US: AutomationDirect CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to escalate app ...) NOT-FOR-US: Honeywell CVE-2020-6967 (In Rockwell Automation all versions of FactoryTalk Diagnostics softwar ...) NOT-FOR-US: Rockwell CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6965 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6964 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6963 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6962 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6961 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6960 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...) NOT-FOR-US: Honeywell CVE-2020-6959 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...) NOT-FOR-US: Honeywell CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrappe ...) NOT-FOR-US: Yet Another Java Service Wrapper (YAJSW) CVE-2020-6957 RESERVED CVE-2020-6956 RESERVED CVE-2020-6955 (An issue was discovered on Cayin SMP-PRO4 devices. They allow image_pr ...) NOT-FOR-US: Cayin SMP-PRO4 devices CVE-2020-6954 (An issue was discovered on Cayin SMP-PRO4 devices. A user can discover ...) NOT-FOR-US: Cayin SMP-PRO4 devices CVE-2020-6953 RESERVED CVE-2020-6952 RESERVED CVE-2020-6951 RESERVED CVE-2020-6950 RESERVED - mojarra (Vulnerable code introduced later) NOTE: https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 CVE-2020-6949 (A privilege escalation issue was discovered in the postUser function i ...) NOT-FOR-US: HashBrown CMS CVE-2020-6948 (A remote code execution issue was discovered in HashBrown CMS through ...) NOT-FOR-US: HashBrown CMS CVE-2020-6947 RESERVED CVE-2020-6946 RESERVED CVE-2020-6945 RESERVED CVE-2020-6944 RESERVED CVE-2020-6943 RESERVED CVE-2020-6942 RESERVED CVE-2020-6941 RESERVED CVE-2020-6940 RESERVED CVE-2020-6939 RESERVED CVE-2020-6938 RESERVED CVE-2020-6937 RESERVED CVE-2020-6936 RESERVED CVE-2020-6935 RESERVED CVE-2020-6934 RESERVED CVE-2020-6933 RESERVED CVE-2020-6932 RESERVED CVE-2020-6931 RESERVED CVE-2020-6930 RESERVED CVE-2020-6929 RESERVED CVE-2020-6928 RESERVED CVE-2020-6927 RESERVED CVE-2020-6926 RESERVED CVE-2020-6925 RESERVED CVE-2020-6924 RESERVED CVE-2020-6923 RESERVED CVE-2020-6922 RESERVED CVE-2020-6921 RESERVED CVE-2020-6920 RESERVED CVE-2020-6919 RESERVED CVE-2020-6918 RESERVED CVE-2020-6917 RESERVED CVE-2020-6916 RESERVED CVE-2020-6915 RESERVED CVE-2020-6914 RESERVED CVE-2020-6913 RESERVED CVE-2020-6912 RESERVED CVE-2020-6911 RESERVED CVE-2020-6910 RESERVED CVE-2020-6909 RESERVED CVE-2020-6908 RESERVED CVE-2020-6907 RESERVED CVE-2020-6906 RESERVED CVE-2020-6905 RESERVED CVE-2020-6904 RESERVED CVE-2020-6903 RESERVED CVE-2020-6902 RESERVED CVE-2020-6901 RESERVED CVE-2020-6900 RESERVED CVE-2020-6899 RESERVED CVE-2020-6898 RESERVED CVE-2020-6897 RESERVED CVE-2020-6896 RESERVED CVE-2020-6895 RESERVED CVE-2020-6894 RESERVED CVE-2020-6893 RESERVED CVE-2020-6892 RESERVED CVE-2020-6891 RESERVED CVE-2020-6890 RESERVED CVE-2020-6889 RESERVED CVE-2020-6888 RESERVED CVE-2020-6887 RESERVED CVE-2020-6886 RESERVED CVE-2020-6885 RESERVED CVE-2020-6884 RESERVED CVE-2020-6883 RESERVED CVE-2020-6882 RESERVED CVE-2020-6881 RESERVED CVE-2020-6880 RESERVED CVE-2020-6879 RESERVED CVE-2020-6878 RESERVED CVE-2020-6877 RESERVED CVE-2020-6876 RESERVED CVE-2020-6875 RESERVED CVE-2020-6874 RESERVED CVE-2020-6873 RESERVED CVE-2020-6872 RESERVED CVE-2020-6871 RESERVED CVE-2020-6870 RESERVED CVE-2020-6869 RESERVED CVE-2020-6868 RESERVED CVE-2020-6867 RESERVED CVE-2020-6866 RESERVED CVE-2020-6865 RESERVED CVE-2020-6864 (ZTE E8820V3 router product is impacted by an information leak vulnerab ...) NOT-FOR-US: ZTE CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and access cont ...) NOT-FOR-US: ZTE CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Informati ...) NOT-FOR-US: ZTE F6x2W CVE-2020-6861 RESERVED CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...) - libmysofa 1.0~dfsg0-1 (bug #949325) [buster] - libmysofa (Minor issue) NOTE: https://github.com/hoene/libmysofa/issues/96 NOTE: https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85 CVE-2020-6859 (Multiple Insecure Direct Object Reference vulnerabilities in includes/ ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2020-6858 (Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to ...) NOT-FOR-US: Hotels Styx CVE-2020-6857 (CarbonFTP v1.4 uses insecure proprietary password encryption with a ha ...) NOT-FOR-US: CarbonFTP CVE-2020-6856 (An XML External Entity (XEE) vulnerability exists in the JOC Cockpit c ...) NOT-FOR-US: JOC Cockpit component of SOS JobScheduler CVE-2020-6855 (A large or infinite loop vulnerability in the JOC Cockpit component of ...) NOT-FOR-US: JOC Cockpit component of SOS JobScheduler CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit componen ...) NOT-FOR-US: JOC Cockpit, different from src:cockpit CVE-2020-6853 RESERVED CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3. ...) NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...) {DLA-2081-1} - openjpeg2 (bug #950000) [buster] - openjpeg2 (Minor issue) [stretch] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1228 NOTE: https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04 CVE-2020-6850 (Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4 ...) NOT-FOR-US: miniorange-saml-20-single-sign-on plugin for WordPress CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allo ...) NOT-FOR-US: marketo-forms-and-tracking plugin for WordPress CVE-2020-6848 (Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Na ...) NOT-FOR-US: Axper Vision II 4 devices CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is exec ...) NOT-FOR-US: OpenTrade CVE-2020-6846 RESERVED CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no ReadOnly ...) NOT-FOR-US: TopManage CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vulnerab ...) NOT-FOR-US: TopManage CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2020-6842 (D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated ...) NOT-FOR-US: D-Link CVE-2020-6841 (D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to ...) NOT-FOR-US: D-Link CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mru ...) - mruby (Vulnerable code introduced later) NOTE: https://github.com/mruby/mruby/issues/4927 NOTE: Introduced by: https://github.com/mruby/mruby/commit/694089fafe4eae36c379a3d918d540eb0c4b8661 NOTE: Fixed by: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 CVE-2020-6839 (In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_ ...) - mruby (Vulnerable code not present) NOTE: https://github.com/mruby/mruby/issues/4929 NOTE: Introduced by: https://github.com/mruby/mruby/commit/2532e625edc2457447369e36e2ecf7882d872ef9 NOTE: Fixed by: https://github.com/mruby/mruby/commit/2124b9b4c95e66e63b1eb26a8dab49753b82fd6c CVE-2020-6838 (In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems ...) - mruby (Vulnerable code not present) NOTE: Introduced by: https://github.com/mruby/mruby/commit/694089fafe4eae36c379a3d918d540eb0c4b8661 NOTE: https://github.com/mruby/mruby/issues/4926 NOTE: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 NOTE: https://github.com/mruby/mruby/commit/70e574689664c10ed2c47581999cc2ce3e3c5afb NOTE: https://github.com/mruby/mruby/commit/2742ded32fe18f88833d76b297f5c2170b6880c3 CVE-2020-6837 RESERVED CVE-2020-6836 (grammar-parser.jison in the hot-formula-parser package before 3.0.1 fo ...) NOT-FOR-US: hot-formula-parser Node package CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a heap-based off ...) - bftpd (bug #640469) CVE-2020-6834 RESERVED CVE-2020-6833 (An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhors ...) - gitlab (Only affects Gitlab EE 11.3 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 throug ...) - gitlab (Only affects GitLab EE 8.9.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/ CVE-2020-6831 RESERVED CVE-2020-6830 RESERVED CVE-2020-6829 RESERVED CVE-2020-6828 RESERVED - firefox-esr (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6828 CVE-2020-6827 RESERVED - firefox-esr (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6827 CVE-2020-6826 RESERVED - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6826 CVE-2020-6825 RESERVED {DSA-4655-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6825 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6825 CVE-2020-6824 RESERVED - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6824 CVE-2020-6823 RESERVED - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6823 CVE-2020-6822 RESERVED {DSA-4655-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6822 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6822 CVE-2020-6821 RESERVED {DSA-4655-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6821 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821 CVE-2020-6820 RESERVED {DSA-4653-1 DLA-2170-1} - firefox 74.0.1-1 - firefox-esr 68.6.1esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820 CVE-2020-6819 RESERVED {DSA-4653-1 DLA-2170-1} - firefox 74.0.1-1 - firefox-esr 68.6.1esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819 CVE-2020-6818 RESERVED CVE-2020-6817 [Regular expression denial of service] RESERVED {DLA-2167-1} - python-bleach 3.1.4-1 (bug #955388) [buster] - python-bleach (Minor issue; some regression potential) [stretch] - python-bleach (Minor issue; some regression potential) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 NOTE: https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69 NOTE: https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7 NOTE: Regression report: https://github.com/mozilla/bleach/pull/530 CVE-2020-6815 (Mozilla developers reported memory safety and script safety bugs prese ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815 CVE-2020-6814 (Mozilla developers reported memory safety bugs present in Firefox and ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6814 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814 CVE-2020-6813 (When protecting CSS blocks with the nonce feature of Content Security ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813 CVE-2020-6812 (The first time AirPods are connected to an iPhone, they become named a ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812 CVE-2020-6811 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811 CVE-2020-6810 (After a website had entered fullscreen mode, it could have used a prev ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810 CVE-2020-6809 (When a Web Extension had the all-urls permission and made a fetch requ ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809 CVE-2020-6808 (When a JavaScript URL (javascript:) is evaluated and the result is a s ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808 CVE-2020-6807 (When a device was changed while a stream was about to be destroyed, th ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6807 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807 CVE-2020-6806 (By carefully crafting promise resolutions, it was possible to cause an ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6806 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806 CVE-2020-6805 (When removing data about an origin whose tab was recently closed, a us ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6805 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6805 CVE-2020-6804 (A reflected XSS vulnerability exists within the gateway, allowing an a ...) NOT-FOR-US: Mozilla IOT CVE-2020-6803 (An open redirect is present on the gateway's login page, which could c ...) NOT-FOR-US: Mozilla IOT CVE-2020-6801 (Mozilla developers reported memory safety bugs present in Firefox 72. ...) - firefox 73.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801 CVE-2020-6800 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6800 CVE-2020-6799 (Command line arguments could have been injected during Firefox invocat ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6799 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799 CVE-2020-6798 (If a template tag was used in a select tag, the parser could be confus ...) {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6798 CVE-2020-6797 (By downloading a file with the .fileloc extension, a semi-privileged e ...) - firefox (Only affects Mac OSX) - firefox-esr (Only affects Mac OSX) - thunderbird (Only affects Mac OSX) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797 CVE-2020-6796 (A content process could have modified shared memory relating to crash ...) {DSA-4620-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796 CVE-2020-6795 (When processing a message that contains multiple S/MIME signatures, a ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6795 CVE-2020-6794 (If a user saved passwords before Thunderbird 60 and then later set a m ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6794 CVE-2020-6793 (When processing an email message with an ill-formed envelope, Thunderb ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6793 CVE-2020-6792 (When deriving an identifier for an email message, uninitialized memory ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6792 CVE-2020-6791 RESERVED CVE-2020-6790 RESERVED CVE-2020-6789 RESERVED CVE-2020-6788 RESERVED CVE-2020-6787 RESERVED CVE-2020-6786 RESERVED CVE-2020-6785 RESERVED CVE-2020-6784 RESERVED CVE-2020-6783 RESERVED CVE-2020-6782 RESERVED CVE-2020-6781 RESERVED CVE-2020-6780 RESERVED CVE-2020-6779 RESERVED CVE-2020-6778 RESERVED CVE-2020-6777 RESERVED CVE-2020-6776 RESERVED CVE-2020-6775 RESERVED CVE-2020-6774 RESERVED CVE-2020-6773 RESERVED CVE-2020-6772 RESERVED CVE-2020-6771 RESERVED CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...) NOT-FOR-US: BVMS Mobile Video Service (BVMS MVS) CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...) NOT-FOR-US: Bosch CVE-2020-6768 (A path traversal vulnerability in the Bosch Video Management System (B ...) NOT-FOR-US: Bosch CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management System (B ...) NOT-FOR-US: Bosch CVE-2020-6766 RESERVED CVE-2020-6765 RESERVED CVE-2020-6764 REJECTED CVE-2020-6763 RESERVED CVE-2020-6762 RESERVED CVE-2020-6761 RESERVED CVE-2020-6760 (Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS com ...) NOT-FOR-US: Schmid ZI 620 V400 VPN 090 routers CVE-2020-6759 RESERVED CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6757 (contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150 ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (K ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6755 RESERVED CVE-2020-6754 (dotCMS before 5.2.4 is vulnerable to directory traversal, leading to i ...) NOT-FOR-US: dotCMS CVE-2020-6753 (The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-6752 RESERVED CVE-2020-6751 RESERVED CVE-2020-6750 (GSocketClient in GNOME GLib through 2.62.4 may occasionally connect di ...) - glib2.0 2.62.5-1 (bug #948554) [buster] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) [stretch] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) [jessie] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1989 CVE-2020-6749 RESERVED CVE-2020-6748 RESERVED CVE-2020-6747 RESERVED CVE-2020-6746 RESERVED CVE-2020-6745 RESERVED CVE-2020-6744 RESERVED CVE-2020-6743 RESERVED CVE-2020-6742 RESERVED CVE-2020-6741 RESERVED CVE-2020-6740 RESERVED CVE-2020-6739 RESERVED CVE-2020-6738 RESERVED CVE-2020-6737 RESERVED CVE-2020-6736 RESERVED CVE-2020-6735 RESERVED CVE-2020-6734 RESERVED CVE-2020-6733 RESERVED CVE-2020-6732 RESERVED CVE-2020-6731 RESERVED CVE-2020-6730 RESERVED CVE-2020-6729 RESERVED CVE-2020-6728 RESERVED CVE-2020-6727 RESERVED CVE-2020-6726 RESERVED CVE-2020-6725 RESERVED CVE-2020-6724 RESERVED CVE-2020-6723 RESERVED CVE-2020-6722 RESERVED CVE-2020-6721 RESERVED CVE-2020-6720 RESERVED CVE-2020-6719 RESERVED CVE-2020-6718 RESERVED CVE-2020-6717 RESERVED CVE-2020-6716 RESERVED CVE-2020-6715 RESERVED CVE-2020-6714 RESERVED CVE-2020-6713 RESERVED CVE-2020-6712 RESERVED CVE-2020-6711 RESERVED CVE-2020-6710 RESERVED CVE-2020-6709 RESERVED CVE-2020-6708 RESERVED CVE-2020-6707 RESERVED CVE-2020-6706 RESERVED CVE-2020-6705 RESERVED CVE-2020-6704 RESERVED CVE-2020-6703 RESERVED CVE-2020-6702 RESERVED CVE-2020-6701 RESERVED CVE-2020-6700 RESERVED CVE-2020-6699 RESERVED CVE-2020-6698 RESERVED CVE-2020-6697 RESERVED CVE-2020-6696 RESERVED CVE-2020-6695 RESERVED CVE-2020-6694 RESERVED CVE-2020-6693 RESERVED CVE-2020-6692 RESERVED CVE-2020-6691 RESERVED CVE-2020-6690 RESERVED CVE-2020-6689 RESERVED CVE-2020-6688 RESERVED CVE-2020-6687 RESERVED CVE-2020-6686 RESERVED CVE-2020-6685 RESERVED CVE-2020-6684 RESERVED CVE-2020-6683 RESERVED CVE-2020-6682 RESERVED CVE-2020-6681 RESERVED CVE-2020-6680 RESERVED CVE-2020-6679 RESERVED CVE-2020-6678 RESERVED CVE-2020-6677 RESERVED CVE-2020-6676 RESERVED CVE-2020-6675 RESERVED CVE-2020-6674 RESERVED CVE-2020-6673 RESERVED CVE-2020-6672 RESERVED CVE-2020-6671 RESERVED CVE-2020-6670 RESERVED CVE-2020-6669 RESERVED CVE-2020-6668 RESERVED CVE-2020-6667 RESERVED CVE-2020-6666 RESERVED CVE-2020-6665 RESERVED CVE-2020-6664 RESERVED CVE-2020-6663 RESERVED CVE-2020-6662 RESERVED CVE-2020-6661 RESERVED CVE-2020-6660 RESERVED CVE-2020-6659 RESERVED CVE-2020-6658 RESERVED CVE-2020-6657 RESERVED CVE-2020-6656 RESERVED CVE-2020-6655 RESERVED CVE-2020-6654 RESERVED CVE-2020-6653 RESERVED CVE-2020-6652 RESERVED CVE-2020-6651 RESERVED CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by ‘Eval In ...) NOT-FOR-US: UPS companion software CVE-2020-6649 RESERVED CVE-2020-6648 RESERVED CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of ...) NOT-FOR-US: Fortiguard CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...) NOT-FOR-US: Fortiguard CVE-2020-6645 RESERVED CVE-2020-6644 RESERVED CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...) NOT-FOR-US: Fortinet CVE-2020-6642 RESERVED CVE-2020-6641 RESERVED CVE-2020-6640 RESERVED CVE-2020-6639 RESERVED CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...) NOT-FOR-US: Grin CVE-2020-6637 RESERVED CVE-2020-6636 RESERVED CVE-2020-6635 RESERVED CVE-2020-6634 RESERVED CVE-2020-6633 RESERVED CVE-2020-6632 (In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a Q ...) NOT-FOR-US: PrestaShop CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) - gpac [jessie] - gpac (Minor issue, clean crash, MP42TS not shipped, incomplete patch) NOTE: https://github.com/gpac/gpac/issues/1378 NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) - gpac [jessie] - gpac (Minor issue, clean crash, MP42TS not shipped, incomplete patch) NOTE: https://github.com/gpac/gpac/issues/1377 NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS CVE-2020-6629 (Ming (aka libming) 0.4.8 has z NULL pointer dereference in the functio ...) - ming NOTE: https://github.com/libming/libming/issues/190 CVE-2020-6628 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the func ...) - ming NOTE: https://github.com/libming/libming/issues/191 CVE-2020-6627 RESERVED CVE-2020-6626 RESERVED CVE-2020-6625 (jhead through 3.04 has a heap-based buffer over-read in Get32s when ca ...) - jhead (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746 NOTE: Crash in CLI tool, no security impact CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_DQT in ...) - jhead (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744 NOTE: Crash in CLI tool, no security impact CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) - libstb (low; bug #949560) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/865 NOTE: Potentially affects mame, embree, libtcod, sumo, goxel, mesa, godot, dart CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (low; bug #949559) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/869 CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...) - libstb (low; bug #949558) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/867 CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (low; bug #949557) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/868 CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...) - libstb (low; bug #949556) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/863 CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (low; bug #949555) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/866 CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) - libstb (low; bug #949554) [buster] - libstb (Minor issue) NOTE: https://github.com/nothings/stb/issues/867 CVE-2020-6616 RESERVED CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...) - libredwg (bug #595191) CVE-2020-6614 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read ...) - libredwg (bug #595191) CVE-2020-6613 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_searc ...) - libredwg (bug #595191) CVE-2020-6612 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_comp ...) - libredwg (bug #595191) CVE-2020-6611 (GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_own ...) - libredwg (bug #595191) CVE-2020-6610 (GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation i ...) - libredwg (bug #595191) CVE-2020-6609 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_page ...) - libredwg (bug #595191) CVE-2020-6608 RESERVED CVE-2020-6607 RESERVED CVE-2020-6606 RESERVED CVE-2020-6605 RESERVED CVE-2020-6604 RESERVED CVE-2020-6603 RESERVED CVE-2020-6602 RESERVED CVE-2020-6601 RESERVED CVE-2020-6600 RESERVED CVE-2020-6599 RESERVED CVE-2020-6598 RESERVED CVE-2020-6597 RESERVED CVE-2020-6596 RESERVED CVE-2020-6595 RESERVED CVE-2020-6594 RESERVED CVE-2020-6593 RESERVED CVE-2020-6592 RESERVED CVE-2020-6591 RESERVED CVE-2020-6590 RESERVED CVE-2020-6589 RESERVED CVE-2020-6588 RESERVED CVE-2020-6587 RESERVED CVE-2020-6586 (Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a ...) NOT-FOR-US: Nagios Log Server CVE-2020-6585 (Nagios Log Server 2.1.3 has CSRF. ...) NOT-FOR-US: Nagios Log Server CVE-2020-6584 (Nagios Log Server 2.1.3 has Incorrect Access Control. ...) NOT-FOR-US: Nagios Log Server CVE-2020-6583 (BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be ...) NOT-FOR-US: BigProf Online Invoicing System (OIS) CVE-2020-6582 (Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by ...) - nagios-nrpe 4.0.0-1 [buster] - nagios-nrpe (Minor issue) [stretch] - nagios-nrpe (Minor issue) [jessie] - nagios-nrpe (Minor issue) NOTE: https://herolab.usd.de/security-advisories/usd-2020-0001/ NOTE: https://github.com/NagiosEnterprises/nrpe/commit/b84f9b8c9d290dd02e139df8dad1c3eb690c1213 NOTE: https://github.com/NagiosEnterprises/nrpe/commit/8e3bea4e1b1937e395a182729762aa8894e8649e NOTE: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197 (part validating incoming buffer size) CVE-2020-6581 (Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nas ...) - nagios-nrpe 4.0.0-1 [buster] - nagios-nrpe (Minor issue) [stretch] - nagios-nrpe (Minor issue) [jessie] - nagios-nrpe (Vulnerable code introduced later) NOTE: https://herolab.usd.de/security-advisories/usd-2020-0002/ NOTE: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197 (part for proper processing of nasty_metachars) CVE-2020-6580 RESERVED CVE-2020-6579 RESERVED CVE-2020-6578 RESERVED CVE-2020-6577 RESERVED CVE-2020-6576 RESERVED CVE-2020-6575 RESERVED CVE-2020-6574 RESERVED CVE-2020-6573 RESERVED CVE-2020-6572 RESERVED CVE-2020-6571 RESERVED CVE-2020-6570 RESERVED CVE-2020-6569 RESERVED CVE-2020-6568 RESERVED CVE-2020-6567 RESERVED CVE-2020-6566 RESERVED CVE-2020-6565 RESERVED CVE-2020-6564 RESERVED CVE-2020-6563 RESERVED CVE-2020-6562 RESERVED CVE-2020-6561 RESERVED CVE-2020-6560 RESERVED CVE-2020-6559 RESERVED CVE-2020-6558 RESERVED CVE-2020-6557 RESERVED CVE-2020-6556 RESERVED CVE-2020-6555 RESERVED CVE-2020-6554 RESERVED CVE-2020-6553 RESERVED CVE-2020-6552 RESERVED CVE-2020-6551 RESERVED CVE-2020-6550 RESERVED CVE-2020-6549 RESERVED CVE-2020-6548 RESERVED CVE-2020-6547 RESERVED CVE-2020-6546 RESERVED CVE-2020-6545 RESERVED CVE-2020-6544 RESERVED CVE-2020-6543 RESERVED CVE-2020-6542 RESERVED CVE-2020-6541 RESERVED CVE-2020-6540 RESERVED CVE-2020-6539 RESERVED CVE-2020-6538 RESERVED CVE-2020-6537 RESERVED CVE-2020-6536 RESERVED CVE-2020-6535 RESERVED CVE-2020-6534 RESERVED CVE-2020-6533 RESERVED CVE-2020-6532 RESERVED CVE-2020-6531 RESERVED CVE-2020-6530 RESERVED CVE-2020-6529 RESERVED CVE-2020-6528 RESERVED CVE-2020-6527 RESERVED CVE-2020-6526 RESERVED CVE-2020-6525 RESERVED CVE-2020-6524 RESERVED CVE-2020-6523 RESERVED CVE-2020-6522 RESERVED CVE-2020-6521 RESERVED CVE-2020-6520 RESERVED CVE-2020-6519 RESERVED CVE-2020-6518 RESERVED CVE-2020-6517 RESERVED CVE-2020-6516 RESERVED CVE-2020-6515 RESERVED CVE-2020-6514 RESERVED CVE-2020-6513 RESERVED CVE-2020-6512 RESERVED CVE-2020-6511 RESERVED CVE-2020-6510 RESERVED CVE-2020-6509 RESERVED CVE-2020-6508 RESERVED CVE-2020-6507 RESERVED CVE-2020-6506 RESERVED CVE-2020-6505 RESERVED CVE-2020-6504 RESERVED CVE-2020-6503 RESERVED CVE-2020-6502 RESERVED CVE-2020-6501 RESERVED CVE-2020-6500 RESERVED CVE-2020-6499 RESERVED CVE-2020-6498 RESERVED CVE-2020-6497 RESERVED CVE-2020-6496 RESERVED CVE-2020-6495 RESERVED CVE-2020-6494 RESERVED CVE-2020-6493 RESERVED CVE-2020-6492 RESERVED CVE-2020-6491 RESERVED CVE-2020-6490 RESERVED CVE-2020-6489 RESERVED CVE-2020-6488 RESERVED CVE-2020-6487 RESERVED CVE-2020-6486 RESERVED CVE-2020-6485 RESERVED CVE-2020-6484 RESERVED CVE-2020-6483 RESERVED CVE-2020-6482 RESERVED CVE-2020-6481 RESERVED CVE-2020-6480 RESERVED CVE-2020-6479 RESERVED CVE-2020-6478 RESERVED CVE-2020-6477 RESERVED CVE-2020-6476 RESERVED CVE-2020-6475 RESERVED CVE-2020-6474 RESERVED CVE-2020-6473 RESERVED CVE-2020-6472 RESERVED CVE-2020-6471 RESERVED CVE-2020-6470 RESERVED CVE-2020-6469 RESERVED CVE-2020-6468 RESERVED CVE-2020-6467 RESERVED CVE-2020-6466 RESERVED CVE-2020-6465 RESERVED CVE-2020-6464 RESERVED CVE-2020-6463 RESERVED CVE-2020-6462 RESERVED CVE-2020-6461 RESERVED CVE-2020-6460 RESERVED CVE-2020-6459 RESERVED CVE-2020-6458 RESERVED CVE-2020-6457 RESERVED CVE-2020-6456 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6455 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6454 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6453 RESERVED CVE-2020-6452 RESERVED {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6451 RESERVED {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6450 RESERVED {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6448 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6447 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6446 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6445 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6444 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6443 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6442 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6441 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6440 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6439 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6438 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6437 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6436 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6435 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6434 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6433 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6432 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6431 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6430 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6429 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6428 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6427 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6426 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6425 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6424 (Use after free in media in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6423 RESERVED - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6422 (Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6421 RESERVED CVE-2020-6420 (Insufficient policy enforcement in media in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.132-1 [stretch] - chromium (see DSA 4562) CVE-2020-6419 RESERVED CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...) {DSA-4638-1} - chromium 80.0.3987.122-1 [stretch] - chromium (see DSA 4562) CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome prior to 80 ...) - chromium (debian package does not support the chromium installer) CVE-2020-6416 (Insufficient data validation in streams in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6415 (Inappropriate implementation in JavaScript in Google Chrome prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6414 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6413 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6412 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6411 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6410 (Insufficient policy enforcement in navigation in Google Chrome prior t ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6409 (Inappropriate implementation in Omnibox in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6408 (Insufficient policy enforcement in CORS in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6407 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...) {DSA-4638-1} - chromium 80.0.3987.122-1 [stretch] - chromium (see DSA 4562) CVE-2020-6406 (Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6405 (Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 al ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6404 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6403 (Incorrect implementation in Omnibox in Google Chrome on iOS prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6402 (Insufficient policy enforcement in downloads in Google Chrome on OS X ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6401 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6400 (Inappropriate implementation in CORS in Google Chrome prior to 80.0.39 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6399 (Insufficient policy enforcement in AppCache in Google Chrome prior to ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6398 (Use of uninitialized data in PDFium in Google Chrome prior to 80.0.398 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6397 (Inappropriate implementation in sharing in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6396 (Inappropriate implementation in Skia in Google Chrome prior to 80.0.39 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6395 (Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6394 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6393 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6392 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6391 (Insufficient validation of untrusted input in Blink in Google Chrome p ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6390 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6389 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6388 (Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6387 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6386 (Use after free in speech in Google Chrome prior to 80.0.3987.116 allow ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6385 (Insufficient policy enforcement in storage in Google Chrome prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6384 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 all ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6383 (Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6382 (Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 al ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6381 (Integer overflow in JavaScript in Google Chrome on ChromeOS and Androi ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6380 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6379 (Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6378 (Use after free in speech in Google Chrome prior to 79.0.3945.130 allow ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6377 (Use after free in audio in Google Chrome prior to 79.0.3945.117 allowe ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6376 RESERVED CVE-2020-6375 RESERVED CVE-2020-6374 RESERVED CVE-2020-6373 RESERVED CVE-2020-6372 RESERVED CVE-2020-6371 RESERVED CVE-2020-6370 RESERVED CVE-2020-6369 RESERVED CVE-2020-6368 RESERVED CVE-2020-6367 RESERVED CVE-2020-6366 RESERVED CVE-2020-6365 RESERVED CVE-2020-6364 RESERVED CVE-2020-6363 RESERVED CVE-2020-6362 RESERVED CVE-2020-6361 RESERVED CVE-2020-6360 RESERVED CVE-2020-6359 RESERVED CVE-2020-6358 RESERVED CVE-2020-6357 RESERVED CVE-2020-6356 RESERVED CVE-2020-6355 RESERVED CVE-2020-6354 RESERVED CVE-2020-6353 RESERVED CVE-2020-6352 RESERVED CVE-2020-6351 RESERVED CVE-2020-6350 RESERVED CVE-2020-6349 RESERVED CVE-2020-6348 RESERVED CVE-2020-6347 RESERVED CVE-2020-6346 RESERVED CVE-2020-6345 RESERVED CVE-2020-6344 RESERVED CVE-2020-6343 RESERVED CVE-2020-6342 RESERVED CVE-2020-6341 RESERVED CVE-2020-6340 RESERVED CVE-2020-6339 RESERVED CVE-2020-6338 RESERVED CVE-2020-6337 RESERVED CVE-2020-6336 RESERVED CVE-2020-6335 RESERVED CVE-2020-6334 RESERVED CVE-2020-6333 RESERVED CVE-2020-6332 RESERVED CVE-2020-6331 RESERVED CVE-2020-6330 RESERVED CVE-2020-6329 RESERVED CVE-2020-6328 RESERVED CVE-2020-6327 RESERVED CVE-2020-6326 RESERVED CVE-2020-6325 RESERVED CVE-2020-6324 RESERVED CVE-2020-6323 RESERVED CVE-2020-6322 RESERVED CVE-2020-6321 RESERVED CVE-2020-6320 RESERVED CVE-2020-6319 RESERVED CVE-2020-6318 RESERVED CVE-2020-6317 RESERVED CVE-2020-6316 RESERVED CVE-2020-6315 RESERVED CVE-2020-6314 RESERVED CVE-2020-6313 RESERVED CVE-2020-6312 RESERVED CVE-2020-6311 RESERVED CVE-2020-6310 RESERVED CVE-2020-6309 RESERVED CVE-2020-6308 RESERVED CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7. ...) NOT-FOR-US: SAP CVE-2020-6306 (Missing authorization check in a transaction within SAP Leasing (updat ...) NOT-FOR-US: SAP CVE-2020-6305 (PI Rest Adapter of SAP Process Integration (update provided in SAP_XIA ...) NOT-FOR-US: SAP CVE-2020-6304 (Improper input validation in SAP NetWeaver Internet Communication Mana ...) NOT-FOR-US: SAP CVE-2020-6303 (SAP Disclosure Management, before version 10.1, does not validate user ...) NOT-FOR-US: SAP CVE-2020-6302 RESERVED CVE-2020-6301 RESERVED CVE-2020-6300 RESERVED CVE-2020-6299 RESERVED CVE-2020-6298 RESERVED CVE-2020-6297 RESERVED CVE-2020-6296 RESERVED CVE-2020-6295 RESERVED CVE-2020-6294 RESERVED CVE-2020-6293 RESERVED CVE-2020-6292 RESERVED CVE-2020-6291 RESERVED CVE-2020-6290 RESERVED CVE-2020-6289 RESERVED CVE-2020-6288 RESERVED CVE-2020-6287 RESERVED CVE-2020-6286 RESERVED CVE-2020-6285 RESERVED CVE-2020-6284 RESERVED CVE-2020-6283 RESERVED CVE-2020-6282 RESERVED CVE-2020-6281 RESERVED CVE-2020-6280 RESERVED CVE-2020-6279 RESERVED CVE-2020-6278 RESERVED CVE-2020-6277 RESERVED CVE-2020-6276 RESERVED CVE-2020-6275 RESERVED CVE-2020-6274 RESERVED CVE-2020-6273 RESERVED CVE-2020-6272 RESERVED CVE-2020-6271 RESERVED CVE-2020-6270 RESERVED CVE-2020-6269 RESERVED CVE-2020-6268 RESERVED CVE-2020-6267 RESERVED CVE-2020-6266 RESERVED CVE-2020-6265 RESERVED CVE-2020-6264 RESERVED CVE-2020-6263 RESERVED CVE-2020-6262 RESERVED CVE-2020-6261 RESERVED CVE-2020-6260 RESERVED CVE-2020-6259 RESERVED CVE-2020-6258 RESERVED CVE-2020-6257 RESERVED CVE-2020-6256 RESERVED CVE-2020-6255 RESERVED CVE-2020-6254 RESERVED CVE-2020-6253 RESERVED CVE-2020-6252 RESERVED CVE-2020-6251 RESERVED CVE-2020-6250 RESERVED CVE-2020-6249 RESERVED CVE-2020-6248 RESERVED CVE-2020-6247 RESERVED CVE-2020-6246 RESERVED CVE-2020-6245 RESERVED CVE-2020-6244 RESERVED CVE-2020-6243 RESERVED CVE-2020-6242 RESERVED CVE-2020-6241 RESERVED CVE-2020-6240 RESERVED CVE-2020-6239 RESERVED CVE-2020-6238 RESERVED CVE-2020-6237 RESERVED CVE-2020-6236 RESERVED CVE-2020-6235 RESERVED CVE-2020-6234 RESERVED CVE-2020-6233 RESERVED CVE-2020-6232 RESERVED CVE-2020-6231 RESERVED CVE-2020-6230 RESERVED CVE-2020-6229 RESERVED CVE-2020-6228 RESERVED CVE-2020-6227 RESERVED CVE-2020-6226 RESERVED CVE-2020-6225 RESERVED CVE-2020-6224 RESERVED CVE-2020-6223 RESERVED CVE-2020-6222 RESERVED CVE-2020-6221 RESERVED CVE-2020-6220 RESERVED CVE-2020-6219 RESERVED CVE-2020-6218 RESERVED CVE-2020-6217 RESERVED CVE-2020-6216 RESERVED CVE-2020-6215 RESERVED CVE-2020-6214 RESERVED CVE-2020-6213 RESERVED CVE-2020-6212 RESERVED CVE-2020-6211 RESERVED CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode ...) NOT-FOR-US: SAP CVE-2020-6209 (SAP Disclosure Management, version 10.1, does not perform necessary au ...) NOT-FOR-US: SAP CVE-2020-6208 (SAP Business Objects Business Intelligence Platform (Crystal Reports), ...) NOT-FOR-US: SAP CVE-2020-6207 (SAP Solution Manager (User Experience Monitoring), version- 7.2, due t ...) NOT-FOR-US: SAP CVE-2020-6206 (SAP Cloud Platform Integration for Data Services, version 1.0, allows ...) NOT-FOR-US: SAP CVE-2020-6205 (SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS v ...) NOT-FOR-US: SAP CVE-2020-6204 (The selection query in SAP Treasury and Risk Management (Transaction M ...) NOT-FOR-US: SAP CVE-2020-6203 (SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7 ...) NOT-FOR-US: SAP CVE-2020-6202 (SAP NetWeaver Application Server Java (User Management Engine), versio ...) NOT-FOR-US: SAP CVE-2020-6201 (The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, ...) NOT-FOR-US: SAP CVE-2020-6200 (The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811 ...) NOT-FOR-US: SAP CVE-2020-6199 (The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EA ...) NOT-FOR-US: SAP CVE-2020-6198 (SAP Solution Manager (Diagnostics Agent), version 720, allows unencryp ...) NOT-FOR-US: SAP CVE-2020-6197 (SAP Enable Now, before version 1908, does not invalidate session token ...) NOT-FOR-US: SAP CVE-2020-6196 (SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an a ...) NOT-FOR-US: SAP CVE-2020-6195 RESERVED CVE-2020-6194 RESERVED CVE-2020-6193 (SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, ...) NOT-FOR-US: SAP CVE-2020-6192 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...) NOT-FOR-US: SAP CVE-2020-6191 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...) NOT-FOR-US: SAP CVE-2020-6190 (Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Appli ...) NOT-FOR-US: SAP CVE-2020-6189 (Certain settings page(s) in SAP Business Objects Business Intelligence ...) NOT-FOR-US: SAP CVE-2020-6188 (VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, ...) NOT-FOR-US: SAP CVE-2020-6187 (SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7. ...) NOT-FOR-US: SAP CVE-2020-6186 (SAP Host Agent, version 7.21, allows an attacker to cause a slowdown i ...) NOT-FOR-US: SAP CVE-2020-6185 (Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_B ...) NOT-FOR-US: SAP CVE-2020-6184 (Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_ ...) NOT-FOR-US: SAP CVE-2020-6183 (SAP Host Agent, version 7.21, allows an unprivileged user to read the ...) NOT-FOR-US: SAP CVE-2020-6182 RESERVED CVE-2020-6181 (Under some circumstances the SAML SSO implementation in the SAP NetWea ...) NOT-FOR-US: SAP CVE-2020-6180 RESERVED CVE-2020-6179 RESERVED CVE-2020-6178 (SAP Enable Now, before version 1911, sends the Session ID cookie value ...) NOT-FOR-US: SAP CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate an XM ...) NOT-FOR-US: SAP CVE-2020-6176 RESERVED CVE-2020-6175 (Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missin ...) NOT-FOR-US: Citrix CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper Verificatio ...) - python-tuf (bug #934151) CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolle ...) - python-tuf (bug #934151) CVE-2020-6172 RESERVED CVE-2020-6171 (A cross-site scripting (XSS) vulnerability in the index page of the CL ...) NOT-FOR-US: Clink Office CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P ...) NOT-FOR-US: Genexis CVE-2020-6169 RESERVED CVE-2020-6168 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6165 RESERVED CVE-2020-6164 RESERVED CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because ...) NOT-FOR-US: WikibaseMediaInfo MediaWiki extension CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain circumstances, an ...) - bftpd (bug #640469) CVE-2020-6161 RESERVED CVE-2020-6160 RESERVED CVE-2020-6159 RESERVED CVE-2020-6158 RESERVED CVE-2020-6157 RESERVED CVE-2020-6156 RESERVED CVE-2020-6155 RESERVED CVE-2020-6154 RESERVED CVE-2020-6153 RESERVED CVE-2020-6152 RESERVED CVE-2020-6151 RESERVED CVE-2020-6150 RESERVED CVE-2020-6149 RESERVED CVE-2020-6148 RESERVED CVE-2020-6147 RESERVED CVE-2020-6146 RESERVED CVE-2020-6145 RESERVED CVE-2020-6144 RESERVED CVE-2020-6143 RESERVED CVE-2020-6142 RESERVED CVE-2020-6141 RESERVED CVE-2020-6140 RESERVED CVE-2020-6139 RESERVED CVE-2020-6138 RESERVED CVE-2020-6137 RESERVED CVE-2020-6136 RESERVED CVE-2020-6135 RESERVED CVE-2020-6134 RESERVED CVE-2020-6133 RESERVED CVE-2020-6132 RESERVED CVE-2020-6131 RESERVED CVE-2020-6130 RESERVED CVE-2020-6129 RESERVED CVE-2020-6128 RESERVED CVE-2020-6127 RESERVED CVE-2020-6126 RESERVED CVE-2020-6125 RESERVED CVE-2020-6124 RESERVED CVE-2020-6123 RESERVED CVE-2020-6122 RESERVED CVE-2020-6121 RESERVED CVE-2020-6120 RESERVED CVE-2020-6119 RESERVED CVE-2020-6118 RESERVED CVE-2020-6117 RESERVED CVE-2020-6116 RESERVED CVE-2020-6115 RESERVED CVE-2020-6114 RESERVED CVE-2020-6113 RESERVED CVE-2020-6112 RESERVED CVE-2020-6111 RESERVED CVE-2020-6110 RESERVED CVE-2020-6109 RESERVED CVE-2020-6108 RESERVED CVE-2020-6107 RESERVED CVE-2020-6106 RESERVED CVE-2020-6105 RESERVED CVE-2020-6104 RESERVED CVE-2020-6103 RESERVED CVE-2020-6102 RESERVED CVE-2020-6101 RESERVED CVE-2020-6100 RESERVED CVE-2020-6099 RESERVED CVE-2020-6098 RESERVED CVE-2020-6097 RESERVED CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...) - glibc [jessie] - glibc (Vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25620 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019 CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstRTSPAu ...) - gst-rtsp-server1.0 1.16.2-3 (low) [buster] - gst-rtsp-server1.0 (Minor issue) [stretch] - gst-rtsp-server1.0 (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a CVE-2020-6094 RESERVED CVE-2020-6093 RESERVED CVE-2020-6092 RESERVED CVE-2020-6091 RESERVED CVE-2020-6090 RESERVED CVE-2020-6089 RESERVED CVE-2020-6088 RESERVED CVE-2020-6087 RESERVED CVE-2020-6086 RESERVED CVE-2020-6085 RESERVED CVE-2020-6084 RESERVED CVE-2020-6083 RESERVED CVE-2020-6082 RESERVED CVE-2020-6081 RESERVED CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource ...) - libmicrodns NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the resource ...) - libmicrodns NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the message-p ...) - libmicrodns NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001 CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the message-p ...) - libmicrodns NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000 CVE-2020-6076 RESERVED CVE-2020-6075 RESERVED CVE-2020-6074 RESERVED CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...) - libmicrodns NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996 CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-parsin ...) - libmicrodns NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995 CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the resource ...) - libmicrodns NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994 CVE-2020-6070 RESERVED CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6068 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6067 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6066 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6065 (An exploitable out-of-bounds write vulnerability exists in the bmp_par ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6064 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way CoTUR ...) - coturn (bug #951876) [buster] - coturn (Minor issue) [stretch] - coturn (Minor issue) [jessie] - coturn (Vulnerable code introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985 NOTE: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8 CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...) - coturn (bug #951876) [buster] - coturn (Minor issue) [stretch] - coturn (Minor issue) [jessie] - coturn (Vulnerable code introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984 NOTE: https://github.com/coturn/coturn/commit/51a7c2b9bf924890c7a3ff4db9c4976c5a93340a CVE-2020-6060 (A stack buffer overflow vulnerability exists in the way MiniSNMPD vers ...) NOT-FOR-US: MiniSNMPD CVE-2020-6059 (An exploitable out of bounds read vulnerability exists in the way Mini ...) NOT-FOR-US: MiniSNMPD CVE-2020-6058 (An exploitable out-of-bounds read vulnerability exists in the way Mini ...) NOT-FOR-US: MiniSNMPD CVE-2020-6057 RESERVED CVE-2020-6056 RESERVED CVE-2020-6055 RESERVED CVE-2020-6054 RESERVED CVE-2020-6053 RESERVED CVE-2020-6052 RESERVED CVE-2020-6051 RESERVED CVE-2020-6050 RESERVED CVE-2020-6049 RESERVED CVE-2020-6048 RESERVED CVE-2020-6047 RESERVED CVE-2020-6046 RESERVED CVE-2020-6045 RESERVED CVE-2020-6044 RESERVED CVE-2020-6043 RESERVED CVE-2020-6042 RESERVED CVE-2020-6041 RESERVED CVE-2020-6040 RESERVED CVE-2020-6039 RESERVED CVE-2020-6038 RESERVED CVE-2020-6037 RESERVED CVE-2020-6036 RESERVED CVE-2020-6035 RESERVED CVE-2020-6034 RESERVED CVE-2020-6033 RESERVED CVE-2020-6032 RESERVED CVE-2020-6031 RESERVED CVE-2020-6030 RESERVED CVE-2020-6029 RESERVED CVE-2020-6028 RESERVED CVE-2020-6027 RESERVED CVE-2020-6026 RESERVED CVE-2020-6025 RESERVED CVE-2020-6024 RESERVED CVE-2020-6023 RESERVED CVE-2020-6022 RESERVED CVE-2020-6021 RESERVED CVE-2020-6020 RESERVED CVE-2020-6019 RESERVED CVE-2020-6018 RESERVED CVE-2020-6017 RESERVED CVE-2020-6016 RESERVED CVE-2020-6015 RESERVED CVE-2020-6014 RESERVED CVE-2020-6013 RESERVED CVE-2020-6012 RESERVED CVE-2020-6011 RESERVED CVE-2020-6010 RESERVED CVE-2020-6009 (LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauth ...) NOT-FOR-US: LearnDash Wordpress plugin CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbi ...) NOT-FOR-US: LifterLMS Wordpress plugin CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...) NOT-FOR-US: Philips Hue Bridge model CVE-2020-6006 RESERVED CVE-2020-6005 RESERVED CVE-2020-6004 RESERVED CVE-2020-6003 RESERVED CVE-2020-6002 RESERVED CVE-2020-6001 RESERVED CVE-2020-6000 RESERVED CVE-2020-5999 RESERVED CVE-2020-5998 RESERVED CVE-2020-5997 RESERVED CVE-2020-5996 RESERVED CVE-2020-5995 RESERVED CVE-2020-5994 RESERVED CVE-2020-5993 RESERVED CVE-2020-5992 RESERVED CVE-2020-5991 RESERVED CVE-2020-5990 RESERVED CVE-2020-5989 RESERVED CVE-2020-5988 RESERVED CVE-2020-5987 RESERVED CVE-2020-5986 RESERVED CVE-2020-5985 RESERVED CVE-2020-5984 RESERVED CVE-2020-5983 RESERVED CVE-2020-5982 RESERVED CVE-2020-5981 RESERVED CVE-2020-5980 RESERVED CVE-2020-5979 RESERVED CVE-2020-5978 RESERVED CVE-2020-5977 RESERVED CVE-2020-5976 RESERVED CVE-2020-5975 RESERVED CVE-2020-5974 RESERVED CVE-2020-5973 RESERVED CVE-2020-5972 RESERVED CVE-2020-5971 RESERVED CVE-2020-5970 RESERVED CVE-2020-5969 RESERVED CVE-2020-5968 RESERVED CVE-2020-5967 RESERVED CVE-2020-5966 RESERVED CVE-2020-5965 RESERVED CVE-2020-5964 RESERVED CVE-2020-5963 RESERVED CVE-2020-5962 RESERVED CVE-2020-5961 (NVIDIA vGPU graphics driver for guest OS contains a vulnerability in w ...) NOT-FOR-US: NVIDIA vGPU graphics driver for guest OS CVE-2020-5960 (NVIDIA Virtual GPU Manager contains a vulnerability in the kernel modu ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5959 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5958 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5957 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: Nvidia driver for Windows CVE-2020-5956 RESERVED CVE-2020-5955 RESERVED CVE-2020-5954 RESERVED CVE-2020-5953 RESERVED CVE-2020-5952 RESERVED CVE-2020-5951 RESERVED CVE-2020-5950 RESERVED CVE-2020-5949 RESERVED CVE-2020-5948 RESERVED CVE-2020-5947 RESERVED CVE-2020-5946 RESERVED CVE-2020-5945 RESERVED CVE-2020-5944 RESERVED CVE-2020-5943 RESERVED CVE-2020-5942 RESERVED CVE-2020-5941 RESERVED CVE-2020-5940 RESERVED CVE-2020-5939 RESERVED CVE-2020-5938 RESERVED CVE-2020-5937 RESERVED CVE-2020-5936 RESERVED CVE-2020-5935 RESERVED CVE-2020-5934 RESERVED CVE-2020-5933 RESERVED CVE-2020-5932 RESERVED CVE-2020-5931 RESERVED CVE-2020-5930 RESERVED CVE-2020-5929 RESERVED CVE-2020-5928 RESERVED CVE-2020-5927 RESERVED CVE-2020-5926 RESERVED CVE-2020-5925 RESERVED CVE-2020-5924 RESERVED CVE-2020-5923 RESERVED CVE-2020-5922 RESERVED CVE-2020-5921 RESERVED CVE-2020-5920 RESERVED CVE-2020-5919 RESERVED CVE-2020-5918 RESERVED CVE-2020-5917 RESERVED CVE-2020-5916 RESERVED CVE-2020-5915 RESERVED CVE-2020-5914 RESERVED CVE-2020-5913 RESERVED CVE-2020-5912 RESERVED CVE-2020-5911 RESERVED CVE-2020-5910 RESERVED CVE-2020-5909 RESERVED CVE-2020-5908 RESERVED CVE-2020-5907 RESERVED CVE-2020-5906 RESERVED CVE-2020-5905 RESERVED CVE-2020-5904 RESERVED CVE-2020-5903 RESERVED CVE-2020-5902 RESERVED CVE-2020-5901 RESERVED CVE-2020-5900 RESERVED CVE-2020-5899 RESERVED CVE-2020-5898 RESERVED CVE-2020-5897 RESERVED CVE-2020-5896 RESERVED CVE-2020-5895 RESERVED CVE-2020-5894 RESERVED CVE-2020-5893 RESERVED CVE-2020-5892 RESERVED CVE-2020-5891 RESERVED CVE-2020-5890 RESERVED CVE-2020-5889 RESERVED CVE-2020-5888 RESERVED CVE-2020-5887 RESERVED CVE-2020-5886 RESERVED CVE-2020-5885 RESERVED CVE-2020-5884 RESERVED CVE-2020-5883 RESERVED CVE-2020-5882 RESERVED CVE-2020-5881 RESERVED CVE-2020-5880 RESERVED CVE-2020-5879 RESERVED CVE-2020-5878 RESERVED CVE-2020-5877 RESERVED CVE-2020-5876 RESERVED CVE-2020-5875 RESERVED CVE-2020-5874 RESERVED CVE-2020-5873 RESERVED CVE-2020-5872 RESERVED CVE-2020-5871 RESERVED CVE-2020-5870 RESERVED CVE-2020-5869 RESERVED CVE-2020-5868 RESERVED CVE-2020-5867 RESERVED CVE-2020-5866 RESERVED CVE-2020-5865 RESERVED CVE-2020-5864 RESERVED CVE-2020-5863 (In NGINX Controller versions prior to 3.2.0, an unauthenticated attack ...) NOT-FOR-US: NGINX Controller CVE-2020-5862 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5861 (On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in so ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5860 (On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5859 (On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5858 (On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5857 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5856 (On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specif ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5855 (When the Windows Logon Integration feature is configured for all versi ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5854 (On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5853 (In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5852 (Undisclosed traffic patterns received may cause a disruption of servic ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5851 (On impacted versions and platforms the Trusted Platform Module (TPM) s ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5850 RESERVED CVE-2020-5849 (Unraid 6.8.0 allows authentication bypass. ...) NOT-FOR-US: Unraid CVE-2020-5848 RESERVED CVE-2020-5847 (Unraid through 6.8.0 allows Remote Code Execution. ...) NOT-FOR-US: Unraid CVE-2020-5846 (An insecure file upload and code execution issue was discovered in Ahs ...) NOT-FOR-US: Ahsay Cloud Backup Suite CVE-2020-5845 RESERVED CVE-2020-5844 (index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pan ...) NOT-FOR-US: Pandora FMS CVE-2020-5843 (Codoforum 4.8.3 allows XSS in the admin dashboard via a category to th ...) NOT-FOR-US: Codoforum CVE-2020-5842 (Codoforum 4.8.3 allows XSS in the user registration page: via the user ...) NOT-FOR-US: Codoforum CVE-2020-5841 (An issue was discovered in OpServices OpMon 9.3.1-1. Using password ch ...) NOT-FOR-US: OpServices OpMon CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/R ...) NOT-FOR-US: HashBrown CMS CVE-2020-5839 RESERVED CVE-2020-5838 RESERVED CVE-2020-5837 RESERVED CVE-2020-5836 RESERVED CVE-2020-5835 RESERVED CVE-2020-5834 RESERVED CVE-2020-5833 RESERVED CVE-2020-5832 (Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6 ...) NOT-FOR-US: Symantec CVE-2020-5831 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5830 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5829 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5828 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5827 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5826 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5825 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5824 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5823 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5822 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5821 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5820 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5819 RESERVED CVE-2020-5818 RESERVED CVE-2020-5817 RESERVED CVE-2020-5816 RESERVED CVE-2020-5815 RESERVED CVE-2020-5814 RESERVED CVE-2020-5813 RESERVED CVE-2020-5812 RESERVED CVE-2020-5811 RESERVED CVE-2020-5810 RESERVED CVE-2020-5809 RESERVED CVE-2020-5808 RESERVED CVE-2020-5807 RESERVED CVE-2020-5806 RESERVED CVE-2020-5805 RESERVED CVE-2020-5804 RESERVED CVE-2020-5803 RESERVED CVE-2020-5802 RESERVED CVE-2020-5801 RESERVED CVE-2020-5800 RESERVED CVE-2020-5799 RESERVED CVE-2020-5798 RESERVED CVE-2020-5797 RESERVED CVE-2020-5796 RESERVED CVE-2020-5795 RESERVED CVE-2020-5794 RESERVED CVE-2020-5793 RESERVED CVE-2020-5792 RESERVED CVE-2020-5791 RESERVED CVE-2020-5790 RESERVED CVE-2020-5789 RESERVED CVE-2020-5788 RESERVED CVE-2020-5787 RESERVED CVE-2020-5786 RESERVED CVE-2020-5785 RESERVED CVE-2020-5784 RESERVED CVE-2020-5783 RESERVED CVE-2020-5782 RESERVED CVE-2020-5781 RESERVED CVE-2020-5780 RESERVED CVE-2020-5779 RESERVED CVE-2020-5778 RESERVED CVE-2020-5777 RESERVED CVE-2020-5776 RESERVED CVE-2020-5775 RESERVED CVE-2020-5774 RESERVED CVE-2020-5773 RESERVED CVE-2020-5772 RESERVED CVE-2020-5771 RESERVED CVE-2020-5770 RESERVED CVE-2020-5769 RESERVED CVE-2020-5768 RESERVED CVE-2020-5767 RESERVED CVE-2020-5766 RESERVED CVE-2020-5765 RESERVED CVE-2020-5764 RESERVED CVE-2020-5763 RESERVED CVE-2020-5762 RESERVED CVE-2020-5761 RESERVED CVE-2020-5760 RESERVED CVE-2020-5759 RESERVED CVE-2020-5758 RESERVED CVE-2020-5757 RESERVED CVE-2020-5756 RESERVED CVE-2020-5755 RESERVED CVE-2020-5754 RESERVED CVE-2020-5753 RESERVED CVE-2020-5752 RESERVED CVE-2020-5751 RESERVED CVE-2020-5750 RESERVED CVE-2020-5749 RESERVED CVE-2020-5748 RESERVED CVE-2020-5747 RESERVED CVE-2020-5746 RESERVED CVE-2020-5745 RESERVED CVE-2020-5744 RESERVED CVE-2020-5743 RESERVED CVE-2020-5742 RESERVED CVE-2020-5741 RESERVED CVE-2020-5740 RESERVED CVE-2020-5739 RESERVED CVE-2020-5738 RESERVED CVE-2020-5737 RESERVED CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...) NOT-FOR-US: Amcrest CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer overflo ...) NOT-FOR-US: Amcrest CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, unauth ...) NOT-FOR-US: SolarWinds CVE-2020-5733 RESERVED CVE-2020-5732 RESERVED CVE-2020-5731 RESERVED CVE-2020-5730 RESERVED CVE-2020-5729 RESERVED CVE-2020-5728 RESERVED CVE-2020-5727 RESERVED CVE-2020-5726 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5725 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5724 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5723 (The UCM6200 series 1.0.20.22 and below stores unencrypted user passwor ...) NOT-FOR-US: UCM6200 CVE-2020-5722 (The HTTP interface of the Grandstream UCM6200 series is vulnerable to ...) NOT-FOR-US: Grandstream CVE-2020-5721 RESERVED CVE-2020-5720 (MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerab ...) NOT-FOR-US: MikroTik WinBox CVE-2020-5719 RESERVED CVE-2020-5718 RESERVED CVE-2020-5717 RESERVED CVE-2020-5716 RESERVED CVE-2020-5715 RESERVED CVE-2020-5714 RESERVED CVE-2020-5713 RESERVED CVE-2020-5712 RESERVED CVE-2020-5711 RESERVED CVE-2020-5710 RESERVED CVE-2020-5709 RESERVED CVE-2020-5708 RESERVED CVE-2020-5707 RESERVED CVE-2020-5706 RESERVED CVE-2020-5705 RESERVED CVE-2020-5704 RESERVED CVE-2020-5703 RESERVED CVE-2020-5702 RESERVED CVE-2020-5701 RESERVED CVE-2020-5700 RESERVED CVE-2020-5699 RESERVED CVE-2020-5698 RESERVED CVE-2020-5697 RESERVED CVE-2020-5696 RESERVED CVE-2020-5695 RESERVED CVE-2020-5694 RESERVED CVE-2020-5693 RESERVED CVE-2020-5692 RESERVED CVE-2020-5691 RESERVED CVE-2020-5690 RESERVED CVE-2020-5689 RESERVED CVE-2020-5688 RESERVED CVE-2020-5687 RESERVED CVE-2020-5686 RESERVED CVE-2020-5685 RESERVED CVE-2020-5684 RESERVED CVE-2020-5683 RESERVED CVE-2020-5682 RESERVED CVE-2020-5681 RESERVED CVE-2020-5680 RESERVED CVE-2020-5679 RESERVED CVE-2020-5678 RESERVED CVE-2020-5677 RESERVED CVE-2020-5676 RESERVED CVE-2020-5675 RESERVED CVE-2020-5674 RESERVED CVE-2020-5673 RESERVED CVE-2020-5672 RESERVED CVE-2020-5671 RESERVED CVE-2020-5670 RESERVED CVE-2020-5669 RESERVED CVE-2020-5668 RESERVED CVE-2020-5667 RESERVED CVE-2020-5666 RESERVED CVE-2020-5665 RESERVED CVE-2020-5664 RESERVED CVE-2020-5663 RESERVED CVE-2020-5662 RESERVED CVE-2020-5661 RESERVED CVE-2020-5660 RESERVED CVE-2020-5659 RESERVED CVE-2020-5658 RESERVED CVE-2020-5657 RESERVED CVE-2020-5656 RESERVED CVE-2020-5655 RESERVED CVE-2020-5654 RESERVED CVE-2020-5653 RESERVED CVE-2020-5652 RESERVED CVE-2020-5651 RESERVED CVE-2020-5650 RESERVED CVE-2020-5649 RESERVED CVE-2020-5648 RESERVED CVE-2020-5647 RESERVED CVE-2020-5646 RESERVED CVE-2020-5645 RESERVED CVE-2020-5644 RESERVED CVE-2020-5643 RESERVED CVE-2020-5642 RESERVED CVE-2020-5641 RESERVED CVE-2020-5640 RESERVED CVE-2020-5639 RESERVED CVE-2020-5638 RESERVED CVE-2020-5637 RESERVED CVE-2020-5636 RESERVED CVE-2020-5635 RESERVED CVE-2020-5634 RESERVED CVE-2020-5633 RESERVED CVE-2020-5632 RESERVED CVE-2020-5631 RESERVED CVE-2020-5630 RESERVED CVE-2020-5629 RESERVED CVE-2020-5628 RESERVED CVE-2020-5627 RESERVED CVE-2020-5626 RESERVED CVE-2020-5625 RESERVED CVE-2020-5624 RESERVED CVE-2020-5623 RESERVED CVE-2020-5622 RESERVED CVE-2020-5621 RESERVED CVE-2020-5620 RESERVED CVE-2020-5619 RESERVED CVE-2020-5618 RESERVED CVE-2020-5617 RESERVED CVE-2020-5616 RESERVED CVE-2020-5615 RESERVED CVE-2020-5614 RESERVED CVE-2020-5613 RESERVED CVE-2020-5612 RESERVED CVE-2020-5611 RESERVED CVE-2020-5610 RESERVED CVE-2020-5609 RESERVED CVE-2020-5608 RESERVED CVE-2020-5607 RESERVED CVE-2020-5606 RESERVED CVE-2020-5605 RESERVED CVE-2020-5604 RESERVED CVE-2020-5603 RESERVED CVE-2020-5602 RESERVED CVE-2020-5601 RESERVED CVE-2020-5600 RESERVED CVE-2020-5599 RESERVED CVE-2020-5598 RESERVED CVE-2020-5597 RESERVED CVE-2020-5596 RESERVED CVE-2020-5595 RESERVED CVE-2020-5594 RESERVED CVE-2020-5593 RESERVED CVE-2020-5592 RESERVED CVE-2020-5591 RESERVED CVE-2020-5590 RESERVED CVE-2020-5589 RESERVED CVE-2020-5588 RESERVED CVE-2020-5587 RESERVED CVE-2020-5586 RESERVED CVE-2020-5585 RESERVED CVE-2020-5584 RESERVED CVE-2020-5583 RESERVED CVE-2020-5582 RESERVED CVE-2020-5581 RESERVED CVE-2020-5580 RESERVED CVE-2020-5579 RESERVED CVE-2020-5578 RESERVED CVE-2020-5577 RESERVED CVE-2020-5576 RESERVED CVE-2020-5575 RESERVED CVE-2020-5574 RESERVED CVE-2020-5573 RESERVED CVE-2020-5572 RESERVED CVE-2020-5571 RESERVED CVE-2020-5570 RESERVED CVE-2020-5569 RESERVED CVE-2020-5568 RESERVED CVE-2020-5567 RESERVED CVE-2020-5566 RESERVED CVE-2020-5565 RESERVED CVE-2020-5564 RESERVED CVE-2020-5563 RESERVED CVE-2020-5562 RESERVED CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...) NOT-FOR-US: Keijiban Tsumiki CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...) NOT-FOR-US: WL-Enq CVE-2020-5559 (Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remo ...) NOT-FOR-US: WL-Enq CVE-2020-5558 (CuteNews 2.0.1 allows remote authenticated attackers to execute arbitr ...) NOT-FOR-US: CuteNews CVE-2020-5557 (Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote att ...) NOT-FOR-US: CuteNews CVE-2020-5556 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5554 (Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 a ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute arbitrary PHP ...) NOT-FOR-US: mailform CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allows rem ...) NOT-FOR-US: mailform CVE-2020-5551 (Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenti ...) NOT-FOR-US: Toyota CVE-2020-5550 (Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earli ...) NOT-FOR-US: EasyBlocks CVE-2020-5549 (Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver ...) NOT-FOR-US: EasyBlocks CVE-2020-5548 (Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yam ...) NOT-FOR-US: Yamaha CVE-2020-5547 (Resource Management Errors vulnerability in TCP function included in t ...) NOT-FOR-US: Mitsubishi CVE-2020-5546 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...) NOT-FOR-US: Mitsubishi CVE-2020-5545 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...) NOT-FOR-US: Mitsubishi CVE-2020-5544 (Null Pointer Dereference vulnerability in TCP function included in the ...) NOT-FOR-US: Mitsubishi CVE-2020-5543 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...) NOT-FOR-US: Mitsubishi CVE-2020-5542 (Buffer error vulnerability in TCP function included in the firmware of ...) NOT-FOR-US: Mitsubishi CVE-2020-5541 RESERVED CVE-2020-5540 RESERVED CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do no ...) NOT-FOR-US: GRANDIT CVE-2020-5538 RESERVED CVE-2020-5537 RESERVED CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...) NOT-FOR-US: OpenBlocks IoT VX2 CVE-2020-5535 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...) NOT-FOR-US: OpenBlocks IoT VX2 CVE-2020-5534 (Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated a ...) NOT-FOR-US: Aterm WG2600HS firmware CVE-2020-5533 (Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 ...) NOT-FOR-US: Aterm WG2600HS firmware CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for ...) NOT-FOR-US: ilbo App CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI500 ...) NOT-FOR-US: Mitsubishi CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy Property Listi ...) NOT-FOR-US: Easy Property Listings plugin for WordPress CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...) - htmlunit NOTE: https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28 TODO: check details, might affect jenkins-htmlunit CVE-2020-5528 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...) - movabletype-opensource CVE-2020-5527 (When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC ...) NOT-FOR-US: Mitsubishi CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2. ...) NOT-FOR-US: AWMS Mobile App for Android and iOS CVE-2020-5525 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG120 ...) NOT-FOR-US: Aterm series firmware CVE-2020-5524 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG120 ...) NOT-FOR-US: Aterm series firmware CVE-2020-5523 (Android App 'MyPallete' and some of the Android banking applications b ...) NOT-FOR-US: MyPallete CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify ...) NOT-FOR-US: kantan netprint App for Android CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...) NOT-FOR-US: kantan netprint App for iOS CVE-2020-5520 (The netprint App for iOS 3.2.3 and earlier does not verify X.509 certi ...) NOT-FOR-US: netprint App for iOS CVE-2020-5519 (The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly ...) NOT-FOR-US: OpenLiteSpeed CVE-2020-5518 RESERVED CVE-2020-5517 RESERVED CVE-2020-5516 RESERVED CVE-2020-5515 (Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. ...) NOT-FOR-US: Gila CMS CVE-2020-5514 (Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous ...) NOT-FOR-US: Gila CMS CVE-2020-5513 (Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. ...) NOT-FOR-US: Gila CMS CVE-2020-5512 (Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. ...) NOT-FOR-US: Gila CMS CVE-2020-5511 (PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypas ...) NOT-FOR-US: PHPGurukul Small CRM CVE-2020-5510 (PHPGurukul Hostel Management System v2.0 allows SQL injection via the ...) NOT-FOR-US: PHPGurukul Hostel Management System CVE-2020-5509 (PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an ...) NOT-FOR-US: PHPGurukul Car Rental Project CVE-2020-5508 RESERVED CVE-2020-5507 RESERVED CVE-2020-5506 RESERVED CVE-2020-5505 (Freelancy v1.0.0 allows remote command execution via the "file":"data: ...) NOT-FOR-US: Freelancy CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists ...) {DLA-2060-1} - phpmyadmin 4:4.9.4+dfsg1-1 (bug #948718) [stretch] - phpmyadmin (Minor issue; can be fixed via point release) NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983 NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/ CVE-2020-5503 RESERVED CVE-2020-5502 (phpBB 3.2.8 allows a CSRF attack that can approve pending group member ...) NOT-FOR-US: phpBB CVE-2020-5501 (phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. ...) NOT-FOR-US: phpBB CVE-2020-5500 RESERVED CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...) NOT-FOR-US: Baidu Rust SGX SDK CVE-2020-5498 REJECTED CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect throug ...) NOT-FOR-US: MITREid Connect CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...) - fontforge (bug #948231) [buster] - fontforge (Minor issue) [stretch] - fontforge (Minor issue) [jessie] - fontforge (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/4085 CVE-2020-5495 RESERVED CVE-2020-5494 RESERVED CVE-2020-5493 RESERVED CVE-2020-5492 RESERVED CVE-2020-5491 RESERVED CVE-2020-5490 RESERVED CVE-2020-5489 RESERVED CVE-2020-5488 RESERVED CVE-2020-5487 RESERVED CVE-2020-5486 RESERVED CVE-2020-5485 RESERVED CVE-2020-5484 RESERVED CVE-2020-5483 RESERVED CVE-2020-5482 RESERVED CVE-2020-5481 RESERVED CVE-2020-5480 RESERVED CVE-2020-5479 RESERVED CVE-2020-5478 RESERVED CVE-2020-5477 RESERVED CVE-2020-5476 RESERVED CVE-2020-5475 RESERVED CVE-2020-5474 RESERVED CVE-2020-5473 RESERVED CVE-2020-5472 RESERVED CVE-2020-5471 RESERVED CVE-2020-5470 RESERVED CVE-2020-5469 RESERVED CVE-2020-5468 RESERVED CVE-2020-5467 RESERVED CVE-2020-5466 RESERVED CVE-2020-5465 RESERVED CVE-2020-5464 RESERVED CVE-2020-5463 RESERVED CVE-2020-5462 RESERVED CVE-2020-5461 RESERVED CVE-2020-5460 RESERVED CVE-2020-5459 RESERVED CVE-2020-5458 RESERVED CVE-2020-5457 RESERVED CVE-2020-5456 RESERVED CVE-2020-5455 RESERVED CVE-2020-5454 RESERVED CVE-2020-5453 RESERVED CVE-2020-5452 RESERVED CVE-2020-5451 RESERVED CVE-2020-5450 RESERVED CVE-2020-5449 RESERVED CVE-2020-5448 RESERVED CVE-2020-5447 RESERVED CVE-2020-5446 RESERVED CVE-2020-5445 RESERVED CVE-2020-5444 RESERVED CVE-2020-5443 RESERVED CVE-2020-5442 RESERVED CVE-2020-5441 RESERVED CVE-2020-5440 RESERVED CVE-2020-5439 RESERVED CVE-2020-5438 RESERVED CVE-2020-5437 RESERVED CVE-2020-5436 RESERVED CVE-2020-5435 RESERVED CVE-2020-5434 RESERVED CVE-2020-5433 RESERVED CVE-2020-5432 RESERVED CVE-2020-5431 RESERVED CVE-2020-5430 RESERVED CVE-2020-5429 RESERVED CVE-2020-5428 RESERVED CVE-2020-5427 RESERVED CVE-2020-5426 RESERVED CVE-2020-5425 RESERVED CVE-2020-5424 RESERVED CVE-2020-5423 RESERVED CVE-2020-5422 RESERVED CVE-2020-5421 RESERVED CVE-2020-5420 RESERVED CVE-2020-5419 RESERVED CVE-2020-5418 RESERVED CVE-2020-5417 RESERVED CVE-2020-5416 RESERVED CVE-2020-5415 RESERVED CVE-2020-5414 RESERVED CVE-2020-5413 RESERVED CVE-2020-5412 RESERVED CVE-2020-5411 RESERVED CVE-2020-5410 RESERVED CVE-2020-5409 RESERVED CVE-2020-5408 RESERVED CVE-2020-5407 RESERVED CVE-2020-5406 RESERVED CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...) NOT-FOR-US: Spring Cloud Config CVE-2020-5404 (The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and ...) NOT-FOR-US: Reactor Netty, different from src:netty CVE-2020-5403 (Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a UR ...) NOT-FOR-US: Reactor Netty, different from src:netty CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability ...) NOT-FOR-US: Cloud Foundry CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoR ...) NOT-FOR-US: Cloud Foundry CVE-2020-5400 (Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs ...) NOT-FOR-US: Cloud Foundry CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...) NOT-FOR-US: Cloud Foundry CredHub CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...) - libspring-java [jessie] - libspring-java (Vulnerable code not present) NOTE: https://pivotal.io/security/cve-2020-5398 NOTE: https://github.com/spring-projects/spring-framework/issues/24220 NOTE: https://github.com/spring-projects/spring-framework/commit/41f40c6c229d3b4f768718f1ec229d8f0ad76d76 NOTE: https://github.com/spring-projects/spring-framework/commit/956ffe68587c8d5f21135b5ce4650af0c2dea933 CVE-2020-5397 (Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ...) - libspring-java [jessie] - libspring-java (Vulnerable code not present) NOTE: https://pivotal.io/security/cve-2020-5397 NOTE: https://github.com/spring-projects/spring-framework/issues/24327 NOTE: https://github.com/spring-projects/spring-framework/commit/bc7d01048579430b4b2df668178809b63d3f1929 CVE-2020-5396 RESERVED CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...) - fontforge (bug #948231) [buster] - fontforge (Minor issue) [stretch] - fontforge (Minor issue) [jessie] - fontforge (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/4084 CVE-2020-5394 RESERVED CVE-2020-5393 (In Appspace On-Prem through 7.1.3, an adversary can steal a session to ...) NOT-FOR-US: Appspace On-Prem CVE-2020-5392 (A stored cross-site scripting (XSS) vulnerability exists in the Auth0 ...) NOT-FOR-US: Auth0 plugin for WordPress CVE-2020-5391 (Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 p ...) NOT-FOR-US: Auth0 plugin for WordPress CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML docum ...) {DSA-4630-1 DLA-2119-1} - python-pysaml2 4.5.0-7 (bug #949322) NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0) CVE-2020-5389 RESERVED CVE-2020-5388 RESERVED CVE-2020-5387 RESERVED CVE-2020-5386 RESERVED CVE-2020-5385 RESERVED CVE-2020-5384 RESERVED CVE-2020-5383 RESERVED CVE-2020-5382 RESERVED CVE-2020-5381 RESERVED CVE-2020-5380 RESERVED CVE-2020-5379 RESERVED CVE-2020-5378 RESERVED CVE-2020-5377 RESERVED CVE-2020-5376 RESERVED CVE-2020-5375 RESERVED CVE-2020-5374 RESERVED CVE-2020-5373 RESERVED CVE-2020-5372 RESERVED CVE-2020-5371 RESERVED CVE-2020-5370 RESERVED CVE-2020-5369 RESERVED CVE-2020-5368 RESERVED CVE-2020-5367 RESERVED CVE-2020-5366 RESERVED CVE-2020-5365 RESERVED CVE-2020-5364 RESERVED CVE-2020-5363 RESERVED CVE-2020-5362 RESERVED CVE-2020-5361 RESERVED CVE-2020-5360 RESERVED CVE-2020-5359 RESERVED CVE-2020-5358 RESERVED CVE-2020-5357 RESERVED CVE-2020-5356 RESERVED CVE-2020-5355 RESERVED CVE-2020-5354 RESERVED CVE-2020-5353 RESERVED CVE-2020-5352 RESERVED CVE-2020-5351 RESERVED CVE-2020-5350 RESERVED CVE-2020-5349 RESERVED CVE-2020-5348 (Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a ...) NOT-FOR-US: Dell CVE-2020-5347 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of s ...) NOT-FOR-US: Dell EMC Isilon OneFS CVE-2020-5346 RESERVED CVE-2020-5345 RESERVED CVE-2020-5344 (Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70. ...) NOT-FOR-US: EMC CVE-2020-5343 RESERVED CVE-2020-5342 (Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect ...) NOT-FOR-US: Dell CVE-2020-5341 RESERVED CVE-2020-5340 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...) NOT-FOR-US: RSA Authentication Manager CVE-2020-5339 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...) NOT-FOR-US: RSA Authentication Manager CVE-2020-5338 RESERVED CVE-2020-5337 RESERVED CVE-2020-5336 RESERVED CVE-2020-5335 RESERVED CVE-2020-5334 RESERVED CVE-2020-5333 RESERVED CVE-2020-5332 RESERVED CVE-2020-5331 RESERVED CVE-2020-5330 RESERVED CVE-2020-5329 RESERVED CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized ...) NOT-FOR-US: EMC CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...) NOT-FOR-US: Dell CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup configuration auth ...) NOT-FOR-US: Dell CVE-2020-5325 RESERVED CVE-2020-5324 (Dell Client Consumer and Commercial Platforms contain an Arbitrary Fil ...) NOT-FOR-US: Dell CVE-2020-5323 RESERVED CVE-2020-5322 RESERVED CVE-2020-5321 RESERVED CVE-2020-5320 RESERVED CVE-2020-5319 (Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prio ...) NOT-FOR-US: EMC CVE-2020-5318 (Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 co ...) NOT-FOR-US: EMC CVE-2020-5317 (Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A ...) NOT-FOR-US: EMC CVE-2020-5316 RESERVED CVE-2020-5315 RESERVED CVE-2020-5314 RESERVED CVE-2020-5313 (libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...) {DSA-4631-1 DLA-2057-1} - pillow 7.0.0-1 (bug #948224) NOTE: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b (6.2.2) CVE-2020-5312 (libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer ...) {DSA-4631-1 DLA-2057-1} - pillow 7.0.0-1 (bug #948224) NOTE: https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd (6.2.2) CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ...) - pillow 7.0.0-1 (bug #948224) [buster] - pillow 5.4.1-2+deb10u1 [stretch] - pillow (Vulnerable code not present) [jessie] - pillow (The vulnerable code was introduced later) NOTE: https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3 (6.2.2) CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...) - pillow 7.0.0-1 (bug #948224) [buster] - pillow (Vulnerability introduced later) [stretch] - pillow (Vulnerable code not present) [jessie] - pillow (The vulnerable code was introduced later) NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/f0436a4ddc954541fa10a531e2d9ea0c5ae2065d (5.3.0) NOTE: and https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0) NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 (6.2.2) CVE-2020-5309 RESERVED CVE-2020-5308 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, ...) NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System CVE-2020-5307 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL ...) NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display name, t ...) NOT-FOR-US: Codoforum CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of ...) NOT-FOR-US: Codoforum CVE-2020-5304 RESERVED CVE-2020-5303 RESERVED CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...) NOT-FOR-US: MH-WikiBot CVE-2020-5301 RESERVED CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect ...) NOT-FOR-US: ORY Hydra CVE-2020-5299 RESERVED CVE-2020-5298 RESERVED CVE-2020-5297 RESERVED CVE-2020-5296 RESERVED CVE-2020-5295 RESERVED CVE-2020-5294 RESERVED CVE-2020-5293 RESERVED CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vuln ...) NOT-FOR-US: Leantime CVE-2020-5290 (In RedpwnCTF before version 2.3, there is a session fixation vulnerabi ...) NOT-FOR-US: RedpwnCTF CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and ...) NOT-FOR-US: Elide CVE-2020-5288 RESERVED CVE-2020-5287 RESERVED CVE-2020-5286 RESERVED CVE-2020-5285 RESERVED CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal vulnerability ...) NOT-FOR-US: next.js CVE-2020-5283 (ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS ...) - viewvc [buster] - viewvc (Minor issue) [stretch] - viewvc (Minor issue) [jessie] - viewvc (Minor issue) NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-xpxf-fvqv-7mfg NOTE: https://github.com/viewvc/viewvc/commit/ad0f966e9a997b17d853a6972ea283d4dcd70fa8 NOTE: https://github.com/viewvc/viewvc/issues/211 CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...) NOT-FOR-US: Nick Chan Bot CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify configur ...) NOT-FOR-US: Perun CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file i ...) NOT-FOR-US: http4s CVE-2020-5279 RESERVED CVE-2020-5278 RESERVED CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5276 RESERVED CVE-2020-5275 (In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Fire ...) - symfony [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy NOTE: https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf CVE-2020-5274 (In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exc ...) - symfony [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler NOTE: https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad NOTE: https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db CVE-2020-5273 RESERVED CVE-2020-5272 RESERVED CVE-2020-5271 RESERVED CVE-2020-5270 RESERVED CVE-2020-5269 RESERVED CVE-2020-5268 RESERVED CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...) {DLA-2149-1} - rails 2:5.2.4.1+dfsg-2 (bug #954304) [buster] - rails (Minor issue) [stretch] - rails (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/19/1 NOTE: https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a (master) CVE-2020-5266 RESERVED CVE-2020-5265 RESERVED CVE-2020-5264 RESERVED CVE-2020-5263 (auth0.js (NPM package auth0-js) greater than version 8.0.0 and before ...) NOT-FOR-US: Node auth0-js CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...) NOT-FOR-US: EasyBuild CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...) NOT-FOR-US: ASP.NET CVE-2020-5260 RESERVED CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...) {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953587) [buster] - dojo (Minor issue) NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...) {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953585) [buster] - dojo (Minor issue) NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2 NOTE: https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by attri ...) NOT-FOR-US: Administrate ruby gem CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...) NOT-FOR-US: BookStack CVE-2020-5255 (In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not ...) - symfony [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header NOTE: https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6 CVE-2020-5254 (In NetHack before 3.6.6, some out-of-bound values for the hilite_statu ...) - nethack (bug #953978) [buster] - nethack (Minor issue) [stretch] - nethack (Vulnerable code introduced in 3.6.1) [jessie] - nethack (Vulnerable code introduced in 3.6.1) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9 NOTE: https://nethack.org/security/CVE-2020-5254.html NOTE: Fixed with: https://github.com/NetHack/NetHack/commit/abdd3254ae06dd1fbcff637c4c631783d5ed9741 (NetHack-3.6.6_Released) NOTE: Introduced with: https://github.com/NetHack/NetHack/commit/f8211f69f2008609b59fe4c9ba341ff1fa520825 (NetHack-3.6.1_RC01) CVE-2020-5253 (NetHack before version 3.6.0 allowed malicious use of escaping of char ...) - nethack 3.6.0-1 [jessie] - nethack (Not supported in jessie LTS) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m NOTE: https://github.com/NetHack/NetHack/commit/612755bfb5c412079795c68ba392df5d93874ed8 CVE-2020-5252 (The command-line "safety" package for Python has a potential security ...) NOT-FOR-US: safety Python module CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...) NOT-FOR-US: parser-server CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their addr ...) NOT-FOR-US: PrestaShop CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...) - puma 3.12.4-1 (bug #953122) NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58 NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3 CVE-2020-5248 RESERVED CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...) - puma 3.12.4-1 (bug #952766) NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v NOTE: https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3) NOTE: https://github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2) CVE-2020-5246 RESERVED CVE-2020-5245 (Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary cod ...) NOT-FOR-US: Dropwizard-Validation CVE-2020-5244 (In BuddyPress before 5.1.2, requests to a certain REST API endpoint ca ...) NOT-FOR-US: BuddyPress CVE-2020-5243 (uap-core before 0.7.3 is vulnerable to a denial of service attack when ...) - uap-core 1:0.8.0-1 (bug #952649) [buster] - uap-core (Minor issue) NOTE: https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p NOTE: https://github.com/ua-parser/uap-core/commit/a679b131697e7371f0441f4799940779efa2f27e NOTE: https://github.com/ua-parser/uap-core/commit/dd279cff09546dbd4174bd05d29c0e90c2cffa7c NOTE: https://github.com/ua-parser/uap-core/commit/7d92a383440c9742ec878273c90a4dcf8446f9af NOTE: https://github.com/ua-parser/uap-core/commit/e9a1c74dae9ecd4aa6385bd34ef6c7243f89b537 CVE-2020-5242 (openHAB before 2.5.2 allow a remote attacker to use REST calls to inst ...) NOT-FOR-US: openHAB CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...) NOT-FOR-US: matestack-ui-core Ruby gem CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user with access to the CMS can view ...) NOT-FOR-US: wagtail-2fa CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...) NOT-FOR-US: Mailu CVE-2020-5238 RESERVED CVE-2020-5237 (oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to uplo ...) NOT-FOR-US: oneup/uploader-bundle CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...) - waitress (Vulnerable code introduced later) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc NOTE: Introduced in: https://github.com/Pylons/waitress/commit/0bf98dadd8cae23830cb365cc6cb9cedd7f98db0 (v1.4.2) NOTE: https://github.com/Pylons/waitress/commit/6e46f9e3f014d64dd7d1e258eaf626e39870ee1f (v1.4.3) CVE-2020-5235 (There is a potentially exploitable out of memory condition In Nanopb b ...) - nanopb (Fixed before initial upload to Debian) NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-gcx3-7m76-287p NOTE: https://github.com/nanopb/nanopb/commit/45582f1f97f49e2abfdba1463d1e1027682d9856 NOTE: https://github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3 NOTE: https://github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2 CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vu ...) NOT-FOR-US: MessagePack for C# CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...) NOT-FOR-US: OAuth2 Proxy CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...) NOT-FOR-US: Ethereum CVE-2020-5231 (In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN ...) NOT-FOR-US: Opencast CVE-2020-5230 (Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for me ...) NOT-FOR-US: Opencast CVE-2020-5229 (Opencast before 8.1 stores passwords using the rather outdated and cry ...) NOT-FOR-US: Opencast CVE-2020-5228 (Opencast before 8.1 and 7.6 allows unauthorized public access to all m ...) NOT-FOR-US: Opencast CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of ...) NOT-FOR-US: Feedgen CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...) - simplesamlphp 1.18.4-1 [buster] - simplesamlphp (Vulnerable code introduced later) [stretch] - simplesamlphp (Vulnerable code introduced later) [jessie] - simplesamlphp (Vulnerable code introduced later) NOTE: https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w NOTE: https://simplesamlphp.org/security/202001-01 CVE-2020-5225 (Log injection in SimpleSAMLphp before version 1.18.4. The www/errorepo ...) - simplesamlphp 1.18.4-1 (low) [buster] - simplesamlphp (Minor issue) [stretch] - simplesamlphp (Minor issue) [jessie] - simplesamlphp (Minor issue) NOTE: https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww NOTE: https://simplesamlphp.org/security/202001-02 CVE-2020-5224 (In Django User Sessions (django-user-sessions) before 1.7.1, the views ...) NOT-FOR-US: Django User Sessions (django-user-sessions) CVE-2020-5223 (In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a p ...) NOT-FOR-US: PrivateBin CVE-2020-5222 (Opencast before 7.6 and 8.1 enables a remember-me cookie based on a ha ...) NOT-FOR-US: Opencast CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...) NOT-FOR-US: uftpd CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups to be ...) NOT-FOR-US: Sylius CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...) NOT-FOR-US: Angular Expressions CVE-2020-5218 (Affected versions of Sylius give attackers the ability to switch chann ...) NOT-FOR-US: Sylius CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) - ruby-secure-headers (bug #949999) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c NOTE: https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3 NOTE: https://github.com/twitter/secure_headers/issues/418 NOTE: https://github.com/twitter/secure_headers/pull/421 CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) - ruby-secure-headers (bug #949998) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg NOTE: https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0 CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...) - tensorflow (bug #804612) CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6 NOTE: Negligible security impact CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v NOTE: Negligible security impact CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56 NOTE: Negligible security impact CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value for the ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7 NOTE: Negligible security impact CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command line op ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 NOTE: Negligible security impact CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i can ...) - nethack (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8 NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 NOTE: Negligible security impact CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 negl ...) {DLA-2098-1} - ipmitool (bug #950761) NOTE: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp NOTE: https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 NOTE: https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10 NOTE: https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 NOTE: https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4 NOTE: https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10 NOTE: https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637 CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...) NOT-FOR-US: Ktor CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with an arb ...) NOT-FOR-US: Opencast CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...) NOT-FOR-US: Pow CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...) NOT-FOR-US: uftpd CVE-2020-5203 (In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code exec ...) NOT-FOR-US: Fat-Free Framework CVE-2020-5202 (apt-cacher-ng through 3.3 allows local users to obtain sensitive infor ...) - apt-cacher-ng 3.3.1-1 [buster] - apt-cacher-ng (Minor issue) [stretch] - apt-cacher-ng (Minor issue) [jessie] - apt-cacher-ng (Minor issue) NOTE: https://salsa.debian.org/blade/apt-cacher-ng/commit/3b91874b0c099b0ded1a94f1784fe1265082efbc CVE-2020-5201 RESERVED CVE-2020-5200 RESERVED CVE-2020-5199 RESERVED CVE-2020-5198 RESERVED CVE-2020-5197 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) [experimental] - gitlab 12.6.2-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2020-5196 (Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10 ...) NOT-FOR-US: Cerberus FTP Server Enterprise Edition CVE-2020-5195 (Reflected XSS through an IMG element in Cerberus FTP Server prior to v ...) NOT-FOR-US: Cerberus FTP Server CVE-2020-5194 (The zip API endpoint in Cerberus FTP Server 8 allows an authenticated ...) NOT-FOR-US: Cerberus FTP Server CVE-2020-5193 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5192 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5191 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5190 RESERVED CVE-2020-5189 RESERVED CVE-2020-5188 (DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. ...) NOT-FOR-US: DNN CVE-2020-5187 (DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 ...) NOT-FOR-US: DNN CVE-2020-5186 (DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). ...) NOT-FOR-US: DNN CVE-2020-5185 RESERVED CVE-2020-5184 RESERVED CVE-2020-5183 (FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption ...) NOT-FOR-US: FTPGetter Professional CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reve ...) NOT-FOR-US: J-BusinessDirectory extension for Joomla! CVE-2020-5181 RESERVED CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to se ...) NOT-FOR-US: Viscosity on Widnows and macOS CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 7.4.3 devices CVE-2020-5178 RESERVED CVE-2020-5177 RESERVED CVE-2020-5176 RESERVED CVE-2020-5175 RESERVED CVE-2020-5174 RESERVED CVE-2020-5173 RESERVED CVE-2020-5172 RESERVED CVE-2020-5171 RESERVED CVE-2020-5170 RESERVED CVE-2020-5169 RESERVED CVE-2020-5168 RESERVED CVE-2020-5167 RESERVED CVE-2020-5166 RESERVED CVE-2020-5165 RESERVED CVE-2020-5164 RESERVED CVE-2020-5163 RESERVED CVE-2020-5162 RESERVED CVE-2020-5161 RESERVED CVE-2020-5160 RESERVED CVE-2020-5159 RESERVED CVE-2020-5158 RESERVED CVE-2020-5157 RESERVED CVE-2020-5156 RESERVED CVE-2020-5155 RESERVED CVE-2020-5154 RESERVED CVE-2020-5153 RESERVED CVE-2020-5152 RESERVED CVE-2020-5151 RESERVED CVE-2020-5150 RESERVED CVE-2020-5149 RESERVED CVE-2020-5148 RESERVED CVE-2020-5147 RESERVED CVE-2020-5146 RESERVED CVE-2020-5145 RESERVED CVE-2020-5144 RESERVED CVE-2020-5143 RESERVED CVE-2020-5142 RESERVED CVE-2020-5141 RESERVED CVE-2020-5140 RESERVED CVE-2020-5139 RESERVED CVE-2020-5138 RESERVED CVE-2020-5137 RESERVED CVE-2020-5136 RESERVED CVE-2020-5135 RESERVED CVE-2020-5134 RESERVED CVE-2020-5133 RESERVED CVE-2020-5132 RESERVED CVE-2020-5131 RESERVED CVE-2020-5130 RESERVED CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows a ...) NOT-FOR-US: SonicWall CVE-2020-5128 RESERVED CVE-2020-5127 RESERVED CVE-2020-5126 RESERVED CVE-2020-5125 RESERVED CVE-2020-5124 RESERVED CVE-2020-5123 RESERVED CVE-2020-5122 RESERVED CVE-2020-5121 RESERVED CVE-2020-5120 RESERVED CVE-2020-5119 RESERVED CVE-2020-5118 RESERVED CVE-2020-5117 RESERVED CVE-2020-5116 RESERVED CVE-2020-5115 RESERVED CVE-2020-5114 RESERVED CVE-2020-5113 RESERVED CVE-2020-5112 RESERVED CVE-2020-5111 RESERVED CVE-2020-5110 RESERVED CVE-2020-5109 RESERVED CVE-2020-5108 RESERVED CVE-2020-5107 RESERVED CVE-2020-5106 RESERVED CVE-2020-5105 RESERVED CVE-2020-5104 RESERVED CVE-2020-5103 RESERVED CVE-2020-5102 RESERVED CVE-2020-5101 RESERVED CVE-2020-5100 RESERVED CVE-2020-5099 RESERVED CVE-2020-5098 RESERVED CVE-2020-5097 RESERVED CVE-2020-5096 RESERVED CVE-2020-5095 RESERVED CVE-2020-5094 RESERVED CVE-2020-5093 RESERVED CVE-2020-5092 RESERVED CVE-2020-5091 RESERVED CVE-2020-5090 RESERVED CVE-2020-5089 RESERVED CVE-2020-5088 RESERVED CVE-2020-5087 RESERVED CVE-2020-5086 RESERVED CVE-2020-5085 RESERVED CVE-2020-5084 RESERVED CVE-2020-5083 RESERVED CVE-2020-5082 RESERVED CVE-2020-5081 RESERVED CVE-2020-5080 RESERVED CVE-2020-5079 RESERVED CVE-2020-5078 RESERVED CVE-2020-5077 RESERVED CVE-2020-5076 RESERVED CVE-2020-5075 RESERVED CVE-2020-5074 RESERVED CVE-2020-5073 RESERVED CVE-2020-5072 RESERVED CVE-2020-5071 RESERVED CVE-2020-5070 RESERVED CVE-2020-5069 RESERVED CVE-2020-5068 RESERVED CVE-2020-5067 RESERVED CVE-2020-5066 RESERVED CVE-2020-5065 RESERVED CVE-2020-5064 RESERVED CVE-2020-5063 RESERVED CVE-2020-5062 RESERVED CVE-2020-5061 RESERVED CVE-2020-5060 RESERVED CVE-2020-5059 RESERVED CVE-2020-5058 RESERVED CVE-2020-5057 RESERVED CVE-2020-5056 RESERVED CVE-2020-5055 RESERVED CVE-2020-5054 RESERVED CVE-2020-5053 RESERVED CVE-2020-5052 RESERVED CVE-2020-5051 RESERVED CVE-2020-5050 RESERVED CVE-2020-5049 RESERVED CVE-2020-5048 RESERVED CVE-2020-5047 RESERVED CVE-2020-5046 RESERVED CVE-2020-5045 RESERVED CVE-2020-5044 RESERVED CVE-2020-5043 RESERVED CVE-2020-5042 RESERVED CVE-2020-5041 RESERVED CVE-2020-5040 RESERVED CVE-2020-5039 RESERVED CVE-2020-5038 RESERVED CVE-2020-5037 RESERVED CVE-2020-5036 RESERVED CVE-2020-5035 RESERVED CVE-2020-5034 RESERVED CVE-2020-5033 RESERVED CVE-2020-5032 RESERVED CVE-2020-5031 RESERVED CVE-2020-5030 RESERVED CVE-2020-5029 RESERVED CVE-2020-5028 RESERVED CVE-2020-5027 RESERVED CVE-2020-5026 RESERVED CVE-2020-5025 RESERVED CVE-2020-5024 RESERVED CVE-2020-5023 RESERVED CVE-2020-5022 RESERVED CVE-2020-5021 RESERVED CVE-2020-5020 RESERVED CVE-2020-5019 RESERVED CVE-2020-5018 RESERVED CVE-2020-5017 RESERVED CVE-2020-5016 RESERVED CVE-2020-5015 RESERVED CVE-2020-5014 RESERVED CVE-2020-5013 RESERVED CVE-2020-5012 RESERVED CVE-2020-5011 RESERVED CVE-2020-5010 RESERVED CVE-2020-5009 RESERVED CVE-2020-5008 RESERVED CVE-2020-5007 RESERVED CVE-2020-5006 RESERVED CVE-2020-5005 RESERVED CVE-2020-5004 RESERVED CVE-2020-5003 RESERVED CVE-2020-5002 RESERVED CVE-2020-5001 RESERVED CVE-2020-5000 RESERVED CVE-2020-4999 RESERVED CVE-2020-4998 RESERVED CVE-2020-4997 RESERVED CVE-2020-4996 RESERVED CVE-2020-4995 RESERVED CVE-2020-4994 RESERVED CVE-2020-4993 RESERVED CVE-2020-4992 RESERVED CVE-2020-4991 RESERVED CVE-2020-4990 RESERVED CVE-2020-4989 RESERVED CVE-2020-4988 RESERVED CVE-2020-4987 RESERVED CVE-2020-4986 RESERVED CVE-2020-4985 RESERVED CVE-2020-4984 RESERVED CVE-2020-4983 RESERVED CVE-2020-4982 RESERVED CVE-2020-4981 RESERVED CVE-2020-4980 RESERVED CVE-2020-4979 RESERVED CVE-2020-4978 RESERVED CVE-2020-4977 RESERVED CVE-2020-4976 RESERVED CVE-2020-4975 RESERVED CVE-2020-4974 RESERVED CVE-2020-4973 RESERVED CVE-2020-4972 RESERVED CVE-2020-4971 RESERVED CVE-2020-4970 RESERVED CVE-2020-4969 RESERVED CVE-2020-4968 RESERVED CVE-2020-4967 RESERVED CVE-2020-4966 RESERVED CVE-2020-4965 RESERVED CVE-2020-4964 RESERVED CVE-2020-4963 RESERVED CVE-2020-4962 RESERVED CVE-2020-4961 RESERVED CVE-2020-4960 RESERVED CVE-2020-4959 RESERVED CVE-2020-4958 RESERVED CVE-2020-4957 RESERVED CVE-2020-4956 RESERVED CVE-2020-4955 RESERVED CVE-2020-4954 RESERVED CVE-2020-4953 RESERVED CVE-2020-4952 RESERVED CVE-2020-4951 RESERVED CVE-2020-4950 RESERVED CVE-2020-4949 RESERVED CVE-2020-4948 RESERVED CVE-2020-4947 RESERVED CVE-2020-4946 RESERVED CVE-2020-4945 RESERVED CVE-2020-4944 RESERVED CVE-2020-4943 RESERVED CVE-2020-4942 RESERVED CVE-2020-4941 RESERVED CVE-2020-4940 RESERVED CVE-2020-4939 RESERVED CVE-2020-4938 RESERVED CVE-2020-4937 RESERVED CVE-2020-4936 RESERVED CVE-2020-4935 RESERVED CVE-2020-4934 RESERVED CVE-2020-4933 RESERVED CVE-2020-4932 RESERVED CVE-2020-4931 RESERVED CVE-2020-4930 RESERVED CVE-2020-4929 RESERVED CVE-2020-4928 RESERVED CVE-2020-4927 RESERVED CVE-2020-4926 RESERVED CVE-2020-4925 RESERVED CVE-2020-4924 RESERVED CVE-2020-4923 RESERVED CVE-2020-4922 RESERVED CVE-2020-4921 RESERVED CVE-2020-4920 RESERVED CVE-2020-4919 RESERVED CVE-2020-4918 RESERVED CVE-2020-4917 RESERVED CVE-2020-4916 RESERVED CVE-2020-4915 RESERVED CVE-2020-4914 RESERVED CVE-2020-4913 RESERVED CVE-2020-4912 RESERVED CVE-2020-4911 RESERVED CVE-2020-4910 RESERVED CVE-2020-4909 RESERVED CVE-2020-4908 RESERVED CVE-2020-4907 RESERVED CVE-2020-4906 RESERVED CVE-2020-4905 RESERVED CVE-2020-4904 RESERVED CVE-2020-4903 RESERVED CVE-2020-4902 RESERVED CVE-2020-4901 RESERVED CVE-2020-4900 RESERVED CVE-2020-4899 RESERVED CVE-2020-4898 RESERVED CVE-2020-4897 RESERVED CVE-2020-4896 RESERVED CVE-2020-4895 RESERVED CVE-2020-4894 RESERVED CVE-2020-4893 RESERVED CVE-2020-4892 RESERVED CVE-2020-4891 RESERVED CVE-2020-4890 RESERVED CVE-2020-4889 RESERVED CVE-2020-4888 RESERVED CVE-2020-4887 RESERVED CVE-2020-4886 RESERVED CVE-2020-4885 RESERVED CVE-2020-4884 RESERVED CVE-2020-4883 RESERVED CVE-2020-4882 RESERVED CVE-2020-4881 RESERVED CVE-2020-4880 RESERVED CVE-2020-4879 RESERVED CVE-2020-4878 RESERVED CVE-2020-4877 RESERVED CVE-2020-4876 RESERVED CVE-2020-4875 RESERVED CVE-2020-4874 RESERVED CVE-2020-4873 RESERVED CVE-2020-4872 RESERVED CVE-2020-4871 RESERVED CVE-2020-4870 RESERVED CVE-2020-4869 RESERVED CVE-2020-4868 RESERVED CVE-2020-4867 RESERVED CVE-2020-4866 RESERVED CVE-2020-4865 RESERVED CVE-2020-4864 RESERVED CVE-2020-4863 RESERVED CVE-2020-4862 RESERVED CVE-2020-4861 RESERVED CVE-2020-4860 RESERVED CVE-2020-4859 RESERVED CVE-2020-4858 RESERVED CVE-2020-4857 RESERVED CVE-2020-4856 RESERVED CVE-2020-4855 RESERVED CVE-2020-4854 RESERVED CVE-2020-4853 RESERVED CVE-2020-4852 RESERVED CVE-2020-4851 RESERVED CVE-2020-4850 RESERVED CVE-2020-4849 RESERVED CVE-2020-4848 RESERVED CVE-2020-4847 RESERVED CVE-2020-4846 RESERVED CVE-2020-4845 RESERVED CVE-2020-4844 RESERVED CVE-2020-4843 RESERVED CVE-2020-4842 RESERVED CVE-2020-4841 RESERVED CVE-2020-4840 RESERVED CVE-2020-4839 RESERVED CVE-2020-4838 RESERVED CVE-2020-4837 RESERVED CVE-2020-4836 RESERVED CVE-2020-4835 RESERVED CVE-2020-4834 RESERVED CVE-2020-4833 RESERVED CVE-2020-4832 RESERVED CVE-2020-4831 RESERVED CVE-2020-4830 RESERVED CVE-2020-4829 RESERVED CVE-2020-4828 RESERVED CVE-2020-4827 RESERVED CVE-2020-4826 RESERVED CVE-2020-4825 RESERVED CVE-2020-4824 RESERVED CVE-2020-4823 RESERVED CVE-2020-4822 RESERVED CVE-2020-4821 RESERVED CVE-2020-4820 RESERVED CVE-2020-4819 RESERVED CVE-2020-4818 RESERVED CVE-2020-4817 RESERVED CVE-2020-4816 RESERVED CVE-2020-4815 RESERVED CVE-2020-4814 RESERVED CVE-2020-4813 RESERVED CVE-2020-4812 RESERVED CVE-2020-4811 RESERVED CVE-2020-4810 RESERVED CVE-2020-4809 RESERVED CVE-2020-4808 RESERVED CVE-2020-4807 RESERVED CVE-2020-4806 RESERVED CVE-2020-4805 RESERVED CVE-2020-4804 RESERVED CVE-2020-4803 RESERVED CVE-2020-4802 RESERVED CVE-2020-4801 RESERVED CVE-2020-4800 RESERVED CVE-2020-4799 RESERVED CVE-2020-4798 RESERVED CVE-2020-4797 RESERVED CVE-2020-4796 RESERVED CVE-2020-4795 RESERVED CVE-2020-4794 RESERVED CVE-2020-4793 RESERVED CVE-2020-4792 RESERVED CVE-2020-4791 RESERVED CVE-2020-4790 RESERVED CVE-2020-4789 RESERVED CVE-2020-4788 RESERVED CVE-2020-4787 RESERVED CVE-2020-4786 RESERVED CVE-2020-4785 RESERVED CVE-2020-4784 RESERVED CVE-2020-4783 RESERVED CVE-2020-4782 RESERVED CVE-2020-4781 RESERVED CVE-2020-4780 RESERVED CVE-2020-4779 RESERVED CVE-2020-4778 RESERVED CVE-2020-4777 RESERVED CVE-2020-4776 RESERVED CVE-2020-4775 RESERVED CVE-2020-4774 RESERVED CVE-2020-4773 RESERVED CVE-2020-4772 RESERVED CVE-2020-4771 RESERVED CVE-2020-4770 RESERVED CVE-2020-4769 RESERVED CVE-2020-4768 RESERVED CVE-2020-4767 RESERVED CVE-2020-4766 RESERVED CVE-2020-4765 RESERVED CVE-2020-4764 RESERVED CVE-2020-4763 RESERVED CVE-2020-4762 RESERVED CVE-2020-4761 RESERVED CVE-2020-4760 RESERVED CVE-2020-4759 RESERVED CVE-2020-4758 RESERVED CVE-2020-4757 RESERVED CVE-2020-4756 RESERVED CVE-2020-4755 RESERVED CVE-2020-4754 RESERVED CVE-2020-4753 RESERVED CVE-2020-4752 RESERVED CVE-2020-4751 RESERVED CVE-2020-4750 RESERVED CVE-2020-4749 RESERVED CVE-2020-4748 RESERVED CVE-2020-4747 RESERVED CVE-2020-4746 RESERVED CVE-2020-4745 RESERVED CVE-2020-4744 RESERVED CVE-2020-4743 RESERVED CVE-2020-4742 RESERVED CVE-2020-4741 RESERVED CVE-2020-4740 RESERVED CVE-2020-4739 RESERVED CVE-2020-4738 RESERVED CVE-2020-4737 RESERVED CVE-2020-4736 RESERVED CVE-2020-4735 RESERVED CVE-2020-4734 RESERVED CVE-2020-4733 RESERVED CVE-2020-4732 RESERVED CVE-2020-4731 RESERVED CVE-2020-4730 RESERVED CVE-2020-4729 RESERVED CVE-2020-4728 RESERVED CVE-2020-4727 RESERVED CVE-2020-4726 RESERVED CVE-2020-4725 RESERVED CVE-2020-4724 RESERVED CVE-2020-4723 RESERVED CVE-2020-4722 RESERVED CVE-2020-4721 RESERVED CVE-2020-4720 RESERVED CVE-2020-4719 RESERVED CVE-2020-4718 RESERVED CVE-2020-4717 RESERVED CVE-2020-4716 RESERVED CVE-2020-4715 RESERVED CVE-2020-4714 RESERVED CVE-2020-4713 RESERVED CVE-2020-4712 RESERVED CVE-2020-4711 RESERVED CVE-2020-4710 RESERVED CVE-2020-4709 RESERVED CVE-2020-4708 RESERVED CVE-2020-4707 RESERVED CVE-2020-4706 RESERVED CVE-2020-4705 RESERVED CVE-2020-4704 RESERVED CVE-2020-4703 RESERVED CVE-2020-4702 RESERVED CVE-2020-4701 RESERVED CVE-2020-4700 RESERVED CVE-2020-4699 RESERVED CVE-2020-4698 RESERVED CVE-2020-4697 RESERVED CVE-2020-4696 RESERVED CVE-2020-4695 RESERVED CVE-2020-4694 RESERVED CVE-2020-4693 RESERVED CVE-2020-4692 RESERVED CVE-2020-4691 RESERVED CVE-2020-4690 RESERVED CVE-2020-4689 RESERVED CVE-2020-4688 RESERVED CVE-2020-4687 RESERVED CVE-2020-4686 RESERVED CVE-2020-4685 RESERVED CVE-2020-4684 RESERVED CVE-2020-4683 RESERVED CVE-2020-4682 RESERVED CVE-2020-4681 RESERVED CVE-2020-4680 RESERVED CVE-2020-4679 RESERVED CVE-2020-4678 RESERVED CVE-2020-4677 RESERVED CVE-2020-4676 RESERVED CVE-2020-4675 RESERVED CVE-2020-4674 RESERVED CVE-2020-4673 RESERVED CVE-2020-4672 RESERVED CVE-2020-4671 RESERVED CVE-2020-4670 RESERVED CVE-2020-4669 RESERVED CVE-2020-4668 RESERVED CVE-2020-4667 RESERVED CVE-2020-4666 RESERVED CVE-2020-4665 RESERVED CVE-2020-4664 RESERVED CVE-2020-4663 RESERVED CVE-2020-4662 RESERVED CVE-2020-4661 RESERVED CVE-2020-4660 RESERVED CVE-2020-4659 RESERVED CVE-2020-4658 RESERVED CVE-2020-4657 RESERVED CVE-2020-4656 RESERVED CVE-2020-4655 RESERVED CVE-2020-4654 RESERVED CVE-2020-4653 RESERVED CVE-2020-4652 RESERVED CVE-2020-4651 RESERVED CVE-2020-4650 RESERVED CVE-2020-4649 RESERVED CVE-2020-4648 RESERVED CVE-2020-4647 RESERVED CVE-2020-4646 RESERVED CVE-2020-4645 RESERVED CVE-2020-4644 RESERVED CVE-2020-4643 RESERVED CVE-2020-4642 RESERVED CVE-2020-4641 RESERVED CVE-2020-4640 RESERVED CVE-2020-4639 RESERVED CVE-2020-4638 RESERVED CVE-2020-4637 RESERVED CVE-2020-4636 RESERVED CVE-2020-4635 RESERVED CVE-2020-4634 RESERVED CVE-2020-4633 RESERVED CVE-2020-4632 RESERVED CVE-2020-4631 RESERVED CVE-2020-4630 RESERVED CVE-2020-4629 RESERVED CVE-2020-4628 RESERVED CVE-2020-4627 RESERVED CVE-2020-4626 RESERVED CVE-2020-4625 RESERVED CVE-2020-4624 RESERVED CVE-2020-4623 RESERVED CVE-2020-4622 RESERVED CVE-2020-4621 RESERVED CVE-2020-4620 RESERVED CVE-2020-4619 RESERVED CVE-2020-4618 RESERVED CVE-2020-4617 RESERVED CVE-2020-4616 RESERVED CVE-2020-4615 RESERVED CVE-2020-4614 RESERVED CVE-2020-4613 RESERVED CVE-2020-4612 RESERVED CVE-2020-4611 RESERVED CVE-2020-4610 RESERVED CVE-2020-4609 RESERVED CVE-2020-4608 RESERVED CVE-2020-4607 RESERVED CVE-2020-4606 RESERVED CVE-2020-4605 RESERVED CVE-2020-4604 RESERVED CVE-2020-4603 RESERVED CVE-2020-4602 RESERVED CVE-2020-4601 RESERVED CVE-2020-4600 RESERVED CVE-2020-4599 RESERVED CVE-2020-4598 RESERVED CVE-2020-4597 RESERVED CVE-2020-4596 RESERVED CVE-2020-4595 RESERVED CVE-2020-4594 RESERVED CVE-2020-4593 RESERVED CVE-2020-4592 RESERVED CVE-2020-4591 RESERVED CVE-2020-4590 RESERVED CVE-2020-4589 RESERVED CVE-2020-4588 RESERVED CVE-2020-4587 RESERVED CVE-2020-4586 RESERVED CVE-2020-4585 RESERVED CVE-2020-4584 RESERVED CVE-2020-4583 RESERVED CVE-2020-4582 RESERVED CVE-2020-4581 RESERVED CVE-2020-4580 RESERVED CVE-2020-4579 RESERVED CVE-2020-4578 RESERVED CVE-2020-4577 RESERVED CVE-2020-4576 RESERVED CVE-2020-4575 RESERVED CVE-2020-4574 RESERVED CVE-2020-4573 RESERVED CVE-2020-4572 RESERVED CVE-2020-4571 RESERVED CVE-2020-4570 RESERVED CVE-2020-4569 RESERVED CVE-2020-4568 RESERVED CVE-2020-4567 RESERVED CVE-2020-4566 RESERVED CVE-2020-4565 RESERVED CVE-2020-4564 RESERVED CVE-2020-4563 RESERVED CVE-2020-4562 RESERVED CVE-2020-4561 RESERVED CVE-2020-4560 RESERVED CVE-2020-4559 RESERVED CVE-2020-4558 RESERVED CVE-2020-4557 RESERVED CVE-2020-4556 RESERVED CVE-2020-4555 RESERVED CVE-2020-4554 RESERVED CVE-2020-4553 RESERVED CVE-2020-4552 RESERVED CVE-2020-4551 RESERVED CVE-2020-4550 RESERVED CVE-2020-4549 RESERVED CVE-2020-4548 RESERVED CVE-2020-4547 RESERVED CVE-2020-4546 RESERVED CVE-2020-4545 RESERVED CVE-2020-4544 RESERVED CVE-2020-4543 RESERVED CVE-2020-4542 RESERVED CVE-2020-4541 RESERVED CVE-2020-4540 RESERVED CVE-2020-4539 RESERVED CVE-2020-4538 RESERVED CVE-2020-4537 RESERVED CVE-2020-4536 RESERVED CVE-2020-4535 RESERVED CVE-2020-4534 RESERVED CVE-2020-4533 RESERVED CVE-2020-4532 RESERVED CVE-2020-4531 RESERVED CVE-2020-4530 RESERVED CVE-2020-4529 RESERVED CVE-2020-4528 RESERVED CVE-2020-4527 RESERVED CVE-2020-4526 RESERVED CVE-2020-4525 RESERVED CVE-2020-4524 RESERVED CVE-2020-4523 RESERVED CVE-2020-4522 RESERVED CVE-2020-4521 RESERVED CVE-2020-4520 RESERVED CVE-2020-4519 RESERVED CVE-2020-4518 RESERVED CVE-2020-4517 RESERVED CVE-2020-4516 RESERVED CVE-2020-4515 RESERVED CVE-2020-4514 RESERVED CVE-2020-4513 RESERVED CVE-2020-4512 RESERVED CVE-2020-4511 RESERVED CVE-2020-4510 RESERVED CVE-2020-4509 RESERVED CVE-2020-4508 RESERVED CVE-2020-4507 RESERVED CVE-2020-4506 RESERVED CVE-2020-4505 RESERVED CVE-2020-4504 RESERVED CVE-2020-4503 RESERVED CVE-2020-4502 RESERVED CVE-2020-4501 RESERVED CVE-2020-4500 RESERVED CVE-2020-4499 RESERVED CVE-2020-4498 RESERVED CVE-2020-4497 RESERVED CVE-2020-4496 RESERVED CVE-2020-4495 RESERVED CVE-2020-4494 RESERVED CVE-2020-4493 RESERVED CVE-2020-4492 RESERVED CVE-2020-4491 RESERVED CVE-2020-4490 RESERVED CVE-2020-4489 RESERVED CVE-2020-4488 RESERVED CVE-2020-4487 RESERVED CVE-2020-4486 RESERVED CVE-2020-4485 RESERVED CVE-2020-4484 RESERVED CVE-2020-4483 RESERVED CVE-2020-4482 RESERVED CVE-2020-4481 RESERVED CVE-2020-4480 RESERVED CVE-2020-4479 RESERVED CVE-2020-4478 RESERVED CVE-2020-4477 RESERVED CVE-2020-4476 RESERVED CVE-2020-4475 RESERVED CVE-2020-4474 RESERVED CVE-2020-4473 RESERVED CVE-2020-4472 RESERVED CVE-2020-4471 RESERVED CVE-2020-4470 RESERVED CVE-2020-4469 RESERVED CVE-2020-4468 RESERVED CVE-2020-4467 RESERVED CVE-2020-4466 RESERVED CVE-2020-4465 RESERVED CVE-2020-4464 RESERVED CVE-2020-4463 RESERVED CVE-2020-4462 RESERVED CVE-2020-4461 RESERVED CVE-2020-4460 RESERVED CVE-2020-4459 RESERVED CVE-2020-4458 RESERVED CVE-2020-4457 RESERVED CVE-2020-4456 RESERVED CVE-2020-4455 RESERVED CVE-2020-4454 RESERVED CVE-2020-4453 RESERVED CVE-2020-4452 RESERVED CVE-2020-4451 RESERVED CVE-2020-4450 RESERVED CVE-2020-4449 RESERVED CVE-2020-4448 RESERVED CVE-2020-4447 RESERVED CVE-2020-4446 RESERVED CVE-2020-4445 RESERVED CVE-2020-4444 RESERVED CVE-2020-4443 RESERVED CVE-2020-4442 RESERVED CVE-2020-4441 RESERVED CVE-2020-4440 RESERVED CVE-2020-4439 RESERVED CVE-2020-4438 RESERVED CVE-2020-4437 RESERVED CVE-2020-4436 RESERVED CVE-2020-4435 RESERVED CVE-2020-4434 RESERVED CVE-2020-4433 RESERVED CVE-2020-4432 RESERVED CVE-2020-4431 RESERVED CVE-2020-4430 RESERVED CVE-2020-4429 RESERVED CVE-2020-4428 RESERVED CVE-2020-4427 RESERVED CVE-2020-4426 RESERVED CVE-2020-4425 RESERVED CVE-2020-4424 RESERVED CVE-2020-4423 RESERVED CVE-2020-4422 RESERVED CVE-2020-4421 RESERVED CVE-2020-4420 RESERVED CVE-2020-4419 RESERVED CVE-2020-4418 RESERVED CVE-2020-4417 RESERVED CVE-2020-4416 RESERVED CVE-2020-4415 RESERVED CVE-2020-4414 RESERVED CVE-2020-4413 RESERVED CVE-2020-4412 RESERVED CVE-2020-4411 RESERVED CVE-2020-4410 RESERVED CVE-2020-4409 RESERVED CVE-2020-4408 RESERVED CVE-2020-4407 RESERVED CVE-2020-4406 RESERVED CVE-2020-4405 RESERVED CVE-2020-4404 RESERVED CVE-2020-4403 RESERVED CVE-2020-4402 RESERVED CVE-2020-4401 RESERVED CVE-2020-4400 RESERVED CVE-2020-4399 RESERVED CVE-2020-4398 RESERVED CVE-2020-4397 RESERVED CVE-2020-4396 RESERVED CVE-2020-4395 RESERVED CVE-2020-4394 RESERVED CVE-2020-4393 RESERVED CVE-2020-4392 RESERVED CVE-2020-4391 RESERVED CVE-2020-4390 RESERVED CVE-2020-4389 RESERVED CVE-2020-4388 RESERVED CVE-2020-4387 RESERVED CVE-2020-4386 RESERVED CVE-2020-4385 RESERVED CVE-2020-4384 RESERVED CVE-2020-4383 RESERVED CVE-2020-4382 RESERVED CVE-2020-4381 RESERVED CVE-2020-4380 RESERVED CVE-2020-4379 RESERVED CVE-2020-4378 RESERVED CVE-2020-4377 RESERVED CVE-2020-4376 RESERVED CVE-2020-4375 RESERVED CVE-2020-4374 RESERVED CVE-2020-4373 RESERVED CVE-2020-4372 RESERVED CVE-2020-4371 RESERVED CVE-2020-4370 RESERVED CVE-2020-4369 RESERVED CVE-2020-4368 RESERVED CVE-2020-4367 RESERVED CVE-2020-4366 RESERVED CVE-2020-4365 RESERVED CVE-2020-4364 RESERVED CVE-2020-4363 RESERVED CVE-2020-4362 RESERVED CVE-2020-4361 RESERVED CVE-2020-4360 RESERVED CVE-2020-4359 RESERVED CVE-2020-4358 RESERVED CVE-2020-4357 RESERVED CVE-2020-4356 RESERVED CVE-2020-4355 RESERVED CVE-2020-4354 RESERVED CVE-2020-4353 RESERVED CVE-2020-4352 RESERVED CVE-2020-4351 RESERVED CVE-2020-4350 RESERVED CVE-2020-4349 RESERVED CVE-2020-4348 RESERVED CVE-2020-4347 RESERVED CVE-2020-4346 RESERVED CVE-2020-4345 RESERVED CVE-2020-4344 RESERVED CVE-2020-4343 RESERVED CVE-2020-4342 RESERVED CVE-2020-4341 RESERVED CVE-2020-4340 RESERVED CVE-2020-4339 RESERVED CVE-2020-4338 RESERVED CVE-2020-4337 RESERVED CVE-2020-4336 RESERVED CVE-2020-4335 RESERVED CVE-2020-4334 RESERVED CVE-2020-4333 RESERVED CVE-2020-4332 RESERVED CVE-2020-4331 RESERVED CVE-2020-4330 RESERVED CVE-2020-4329 RESERVED CVE-2020-4328 RESERVED CVE-2020-4327 RESERVED CVE-2020-4326 RESERVED CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0 ...) NOT-FOR-US: IBM CVE-2020-4324 RESERVED CVE-2020-4323 RESERVED CVE-2020-4322 RESERVED CVE-2020-4321 RESERVED CVE-2020-4320 RESERVED CVE-2020-4319 RESERVED CVE-2020-4318 RESERVED CVE-2020-4317 RESERVED CVE-2020-4316 RESERVED CVE-2020-4315 RESERVED CVE-2020-4314 RESERVED CVE-2020-4313 RESERVED CVE-2020-4312 RESERVED CVE-2020-4311 RESERVED CVE-2020-4310 RESERVED CVE-2020-4309 (IBM Content Navigator 3.0CD could disclose sensitive information to an ...) NOT-FOR-US: IBM CVE-2020-4308 RESERVED CVE-2020-4307 RESERVED CVE-2020-4306 RESERVED CVE-2020-4305 RESERVED CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...) NOT-FOR-US: IBM CVE-2020-4303 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...) NOT-FOR-US: IBM CVE-2020-4302 RESERVED CVE-2020-4301 RESERVED CVE-2020-4300 RESERVED CVE-2020-4299 RESERVED CVE-2020-4298 RESERVED CVE-2020-4297 RESERVED CVE-2020-4296 RESERVED CVE-2020-4295 RESERVED CVE-2020-4294 RESERVED CVE-2020-4293 RESERVED CVE-2020-4292 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and ...) NOT-FOR-US: IBM CVE-2020-4291 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4290 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4289 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4288 RESERVED CVE-2020-4287 RESERVED CVE-2020-4286 RESERVED CVE-2020-4285 RESERVED CVE-2020-4284 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4283 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and ...) NOT-FOR-US: IBM CVE-2020-4282 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4281 RESERVED CVE-2020-4280 RESERVED CVE-2020-4279 RESERVED CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Sp ...) NOT-FOR-US: IBM CVE-2020-4277 RESERVED CVE-2020-4276 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...) NOT-FOR-US: IBM CVE-2020-4275 RESERVED CVE-2020-4274 RESERVED CVE-2020-4273 (IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attack ...) NOT-FOR-US: IBM CVE-2020-4272 RESERVED CVE-2020-4271 RESERVED CVE-2020-4270 RESERVED CVE-2020-4269 RESERVED CVE-2020-4268 RESERVED CVE-2020-4267 RESERVED CVE-2020-4266 RESERVED CVE-2020-4265 RESERVED CVE-2020-4264 RESERVED CVE-2020-4263 RESERVED CVE-2020-4262 RESERVED CVE-2020-4261 RESERVED CVE-2020-4260 RESERVED CVE-2020-4259 RESERVED CVE-2020-4258 RESERVED CVE-2020-4257 RESERVED CVE-2020-4256 RESERVED CVE-2020-4255 RESERVED CVE-2020-4254 RESERVED CVE-2020-4253 (IBM Content Navigator 3.0CD does not invalidate session after logout w ...) NOT-FOR-US: IBM CVE-2020-4252 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...) NOT-FOR-US: IBM CVE-2020-4251 RESERVED CVE-2020-4250 RESERVED CVE-2020-4249 RESERVED CVE-2020-4248 RESERVED CVE-2020-4247 RESERVED CVE-2020-4246 RESERVED CVE-2020-4245 RESERVED CVE-2020-4244 RESERVED CVE-2020-4243 RESERVED CVE-2020-4242 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...) NOT-FOR-US: IBM CVE-2020-4241 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...) NOT-FOR-US: IBM CVE-2020-4240 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4239 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remot ...) NOT-FOR-US: IBM CVE-2020-4238 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4237 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4236 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an auth ...) NOT-FOR-US: IBM CVE-2020-4235 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4234 RESERVED CVE-2020-4233 RESERVED CVE-2020-4232 RESERVED CVE-2020-4231 RESERVED CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2020-4229 RESERVED CVE-2020-4228 RESERVED CVE-2020-4227 RESERVED CVE-2020-4226 RESERVED CVE-2020-4225 RESERVED CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...) NOT-FOR-US: IBM CVE-2020-4223 RESERVED CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM Spectrum Protect Plus CVE-2020-4221 RESERVED CVE-2020-4220 RESERVED CVE-2020-4219 RESERVED CVE-2020-4218 RESERVED CVE-2020-4217 (The IBM Spectrum Scale 4.2 and 5.0 file system component is affected b ...) NOT-FOR-US: IBM CVE-2020-4216 RESERVED CVE-2020-4215 RESERVED CVE-2020-4214 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4213 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4212 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4211 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4210 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4209 RESERVED CVE-2020-4208 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded cr ...) NOT-FOR-US: IBM CVE-2020-4207 (IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 ...) NOT-FOR-US: IBM CVE-2020-4206 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4205 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an aut ...) NOT-FOR-US: IBM CVE-2020-4204 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4203 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially ...) NOT-FOR-US: IBM CVE-2020-4202 RESERVED CVE-2020-4201 RESERVED CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2020-4199 (IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request f ...) NOT-FOR-US: IBM CVE-2020-4198 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored loc ...) NOT-FOR-US: IBM CVE-2020-4196 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2020-4195 RESERVED CVE-2020-4194 RESERVED CVE-2020-4193 RESERVED CVE-2020-4192 RESERVED CVE-2020-4191 RESERVED CVE-2020-4190 RESERVED CVE-2020-4189 RESERVED CVE-2020-4188 RESERVED CVE-2020-4187 RESERVED CVE-2020-4186 RESERVED CVE-2020-4185 RESERVED CVE-2020-4184 RESERVED CVE-2020-4183 RESERVED CVE-2020-4182 RESERVED CVE-2020-4181 RESERVED CVE-2020-4180 RESERVED CVE-2020-4179 RESERVED CVE-2020-4178 RESERVED CVE-2020-4177 RESERVED CVE-2020-4176 RESERVED CVE-2020-4175 RESERVED CVE-2020-4174 RESERVED CVE-2020-4173 RESERVED CVE-2020-4172 RESERVED CVE-2020-4171 RESERVED CVE-2020-4170 RESERVED CVE-2020-4169 RESERVED CVE-2020-4168 RESERVED CVE-2020-4167 RESERVED CVE-2020-4166 RESERVED CVE-2020-4165 RESERVED CVE-2020-4164 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under special ...) NOT-FOR-US: IBM CVE-2020-4162 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2020-4161 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2020-4160 RESERVED CVE-2020-4159 RESERVED CVE-2020-4158 RESERVED CVE-2020-4157 RESERVED CVE-2020-4156 RESERVED CVE-2020-4155 RESERVED CVE-2020-4154 RESERVED CVE-2020-4153 RESERVED CVE-2020-4152 RESERVED CVE-2020-4151 RESERVED CVE-2020-4150 RESERVED CVE-2020-4149 RESERVED CVE-2020-4148 RESERVED CVE-2020-4147 RESERVED CVE-2020-4146 RESERVED CVE-2020-4145 RESERVED CVE-2020-4144 RESERVED CVE-2020-4143 RESERVED CVE-2020-4142 RESERVED CVE-2020-4141 RESERVED CVE-2020-4140 RESERVED CVE-2020-4139 RESERVED CVE-2020-4138 RESERVED CVE-2020-4137 RESERVED CVE-2020-4136 RESERVED CVE-2020-4135 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4134 RESERVED CVE-2020-4133 RESERVED CVE-2020-4132 RESERVED CVE-2020-4131 RESERVED CVE-2020-4130 RESERVED CVE-2020-4129 RESERVED CVE-2020-4128 RESERVED CVE-2020-4127 RESERVED CVE-2020-4126 RESERVED CVE-2020-4125 RESERVED CVE-2020-4124 RESERVED CVE-2020-4123 RESERVED CVE-2020-4122 RESERVED CVE-2020-4121 RESERVED CVE-2020-4120 RESERVED CVE-2020-4119 RESERVED CVE-2020-4118 RESERVED CVE-2020-4117 RESERVED CVE-2020-4116 RESERVED CVE-2020-4115 RESERVED CVE-2020-4114 RESERVED CVE-2020-4113 RESERVED CVE-2020-4112 RESERVED CVE-2020-4111 RESERVED CVE-2020-4110 RESERVED CVE-2020-4109 RESERVED CVE-2020-4108 RESERVED CVE-2020-4107 RESERVED CVE-2020-4106 RESERVED CVE-2020-4105 RESERVED CVE-2020-4104 RESERVED CVE-2020-4103 RESERVED CVE-2020-4102 RESERVED CVE-2020-4101 RESERVED CVE-2020-4100 RESERVED CVE-2020-4099 RESERVED CVE-2020-4098 RESERVED CVE-2020-4097 RESERVED CVE-2020-4096 RESERVED CVE-2020-4095 RESERVED CVE-2020-4094 RESERVED CVE-2020-4093 RESERVED CVE-2020-4092 RESERVED CVE-2020-4091 RESERVED CVE-2020-4090 RESERVED CVE-2020-4089 RESERVED CVE-2020-4088 RESERVED CVE-2020-4087 RESERVED CVE-2020-4086 RESERVED CVE-2020-4085 RESERVED CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scri ...) NOT-FOR-US: HCL Connections CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...) NOT-FOR-US: HCL Connections CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...) NOT-FOR-US: HCL Connections CVE-2020-4081 RESERVED CVE-2020-4080 RESERVED CVE-2020-4079 RESERVED CVE-2020-4078 RESERVED CVE-2020-4077 RESERVED CVE-2020-4076 RESERVED CVE-2020-4075 RESERVED CVE-2020-4074 RESERVED CVE-2020-4073 RESERVED CVE-2020-4072 RESERVED CVE-2020-4071 RESERVED CVE-2020-4070 RESERVED CVE-2020-4069 RESERVED CVE-2020-4068 RESERVED CVE-2020-4067 RESERVED CVE-2020-4066 RESERVED CVE-2020-4065 RESERVED CVE-2020-4064 RESERVED CVE-2020-4063 RESERVED CVE-2020-4062 RESERVED CVE-2020-4061 RESERVED CVE-2020-4060 RESERVED CVE-2020-4059 RESERVED CVE-2020-4058 RESERVED CVE-2020-4057 RESERVED CVE-2020-4056 RESERVED CVE-2020-4055 RESERVED CVE-2020-4054 RESERVED CVE-2020-4053 RESERVED CVE-2020-4052 RESERVED CVE-2020-4051 RESERVED CVE-2020-4050 RESERVED CVE-2020-4049 RESERVED CVE-2020-4048 RESERVED CVE-2020-4047 RESERVED CVE-2020-4046 RESERVED CVE-2020-4045 RESERVED CVE-2020-4044 RESERVED CVE-2020-4043 RESERVED CVE-2020-4042 RESERVED CVE-2020-4041 RESERVED CVE-2020-4040 RESERVED CVE-2020-4039 RESERVED CVE-2020-4038 RESERVED CVE-2020-4037 RESERVED CVE-2020-4036 RESERVED CVE-2020-4035 RESERVED CVE-2020-4034 RESERVED CVE-2020-4033 RESERVED CVE-2020-4032 RESERVED CVE-2020-4031 RESERVED CVE-2020-4030 RESERVED CVE-2020-4029 RESERVED CVE-2020-4028 RESERVED CVE-2020-4027 RESERVED CVE-2020-4026 RESERVED CVE-2020-4025 RESERVED CVE-2020-4024 RESERVED CVE-2020-4023 RESERVED CVE-2020-4022 RESERVED CVE-2020-4021 RESERVED CVE-2020-4020 RESERVED CVE-2020-4019 RESERVED CVE-2020-4018 RESERVED CVE-2020-4017 RESERVED CVE-2020-4016 RESERVED CVE-2020-4015 RESERVED CVE-2020-4014 RESERVED CVE-2020-4013 RESERVED CVE-2020-4012 RESERVED CVE-2020-4011 RESERVED CVE-2020-4010 RESERVED CVE-2020-4009 RESERVED CVE-2020-4008 RESERVED CVE-2020-4007 RESERVED CVE-2020-4006 RESERVED CVE-2020-4005 RESERVED CVE-2020-4004 RESERVED CVE-2020-4003 RESERVED CVE-2020-4002 RESERVED CVE-2020-4001 RESERVED CVE-2020-4000 RESERVED CVE-2020-3999 RESERVED CVE-2020-3998 RESERVED CVE-2020-3997 RESERVED CVE-2020-3996 RESERVED CVE-2020-3995 RESERVED CVE-2020-3994 RESERVED CVE-2020-3993 RESERVED CVE-2020-3992 RESERVED CVE-2020-3991 RESERVED CVE-2020-3990 RESERVED CVE-2020-3989 RESERVED CVE-2020-3988 RESERVED CVE-2020-3987 RESERVED CVE-2020-3986 RESERVED CVE-2020-3985 RESERVED CVE-2020-3984 RESERVED CVE-2020-3983 RESERVED CVE-2020-3982 RESERVED CVE-2020-3981 RESERVED CVE-2020-3980 RESERVED CVE-2020-3979 RESERVED CVE-2020-3978 RESERVED CVE-2020-3977 RESERVED CVE-2020-3976 RESERVED CVE-2020-3975 RESERVED CVE-2020-3974 RESERVED CVE-2020-3973 RESERVED CVE-2020-3972 RESERVED CVE-2020-3971 RESERVED CVE-2020-3970 RESERVED CVE-2020-3969 RESERVED CVE-2020-3968 RESERVED CVE-2020-3967 RESERVED CVE-2020-3966 RESERVED CVE-2020-3965 RESERVED CVE-2020-3964 RESERVED CVE-2020-3963 RESERVED CVE-2020-3962 RESERVED CVE-2020-3961 RESERVED CVE-2020-3960 RESERVED CVE-2020-3959 RESERVED CVE-2020-3958 RESERVED CVE-2020-3957 RESERVED CVE-2020-3956 RESERVED CVE-2020-3955 RESERVED CVE-2020-3954 RESERVED CVE-2020-3953 RESERVED CVE-2020-3952 RESERVED CVE-2020-3951 (VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows ...) NOT-FOR-US: VMware CVE-2020-3950 (VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11. ...) NOT-FOR-US: VMware CVE-2020-3949 RESERVED CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and ...) NOT-FOR-US: VMware CVE-2020-3947 (VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2 ...) NOT-FOR-US: VMware CVE-2020-3946 RESERVED CVE-2020-3945 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3944 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3943 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3942 RESERVED CVE-2020-3941 (The repair operation of VMware Tools for Windows 10.x.y has a race con ...) NOT-FOR-US: VMware Tools for Windows CVE-2020-3940 (VMware Workspace ONE SDK and dependent mobile application updates addr ...) NOT-FOR-US: VMware CVE-2020-3939 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3938 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3937 (SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, a ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3936 (UltraLog Express device management interface does not properly filter ...) NOT-FOR-US: UltraLog Express CVE-2020-3935 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3934 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3933 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance Manage ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3932 RESERVED CVE-2020-3931 RESERVED CVE-2020-3930 RESERVED CVE-2020-3929 RESERVED CVE-2020-3928 RESERVED CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3924 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...) NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series CVE-2020-3923 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...) NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series CVE-2020-3922 (LisoMail, by ArmorX, allows SQL Injections, attackers can access the d ...) NOT-FOR-US: LisoMail CVE-2020-3921 (UltraLog Express device management software stores user’s inform ...) NOT-FOR-US: UltraLog Express CVE-2020-3920 (UltraLog Express device management interface does not properly perform ...) NOT-FOR-US: UltraLog Express CVE-2020-3919 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3918 RESERVED CVE-2020-3917 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2020-3916 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2020-3915 RESERVED CVE-2020-3914 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3913 (A permissions issue existed. This issue was addressed with improved pe ...) NOT-FOR-US: Apple CVE-2020-3912 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3911 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2020-3910 (A buffer overflow was addressed with improved size validation. This is ...) - libxml2 CVE-2020-3909 (A buffer overflow was addressed with improved bounds checking. This is ...) - libxml2 CVE-2020-3908 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3907 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3906 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3905 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3904 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-3903 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3902 (An input validation issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3901 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2020-3900 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3899 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2020-3898 RESERVED CVE-2020-3897 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2020-3896 RESERVED CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3894 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2020-3893 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3892 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3891 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3890 (The issue was addressed with improved deletion. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3889 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3888 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3886 RESERVED CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3884 (An injection issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2020-3883 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3882 RESERVED CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3880 RESERVED CVE-2020-3879 RESERVED CVE-2020-3878 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3877 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3876 RESERVED CVE-2020-3875 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-3874 (An issued existed in the naming of screenshots. The issue was correcte ...) NOT-FOR-US: Apple CVE-2020-3873 (This issue was addressed with improved setting propagation. This issue ...) NOT-FOR-US: Apple CVE-2020-3872 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3871 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3870 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3869 (An issue existed in the handling of the local user's self-view. The is ...) NOT-FOR-US: Apple CVE-2020-3868 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3867 (A logic issue was addressed with improved state management. This issue ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3866 (This was addressed with additional checks by Gatekeeper on files mount ...) NOT-FOR-US: Apple CVE-2020-3865 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3864 RESERVED {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3863 RESERVED CVE-2020-3862 (A denial of service issue was addressed with improved memory handling. ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3861 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2020-3860 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3859 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-3858 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3857 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3856 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3855 RESERVED CVE-2020-3854 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3853 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2020-3852 RESERVED CVE-2020-3851 RESERVED CVE-2020-3850 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3849 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3848 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3847 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3846 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2020-3845 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3844 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3843 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3842 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3841 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2020-3840 (An off by one issue existed in the handling of racoon configuration fi ...) NOT-FOR-US: Apple CVE-2020-3839 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-3838 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2020-3837 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3836 (An access issue was addressed with improved memory management. This is ...) NOT-FOR-US: Apple CVE-2020-3835 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2020-3834 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-3833 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-3832 RESERVED CVE-2020-3831 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-3830 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2020-3829 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-3828 (A lock screen issue allowed access to contacts on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2020-3827 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3826 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3825 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2020-3824 RESERVED CVE-2020-3823 RESERVED CVE-2020-3822 RESERVED CVE-2020-3821 RESERVED CVE-2020-3820 RESERVED CVE-2020-3819 RESERVED CVE-2020-3818 RESERVED CVE-2020-3817 RESERVED CVE-2020-3816 RESERVED CVE-2020-3815 RESERVED CVE-2020-3814 RESERVED CVE-2020-3813 RESERVED CVE-2020-3812 RESERVED CVE-2020-3811 RESERVED CVE-2020-3810 RESERVED CVE-2020-3809 RESERVED CVE-2020-3808 (Creative Cloud Desktop Application versions 5.0 and earlier have a tim ...) NOT-FOR-US: Adobe CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3805 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3804 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3803 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3802 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3801 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3800 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3799 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3798 RESERVED CVE-2020-3797 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3796 RESERVED CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file i ...) NOT-FOR-US: Adobe CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3791 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3790 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3789 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3788 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3787 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3786 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3785 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3784 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3783 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3782 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3781 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3780 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3779 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3778 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-3777 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3776 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3775 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3774 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3773 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3772 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3771 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3770 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...) NOT-FOR-US: Adobe CVE-2020-3768 RESERVED CVE-2020-3767 RESERVED CVE-2020-3766 (Adobe Genuine Integrity Service versions Version 6.4 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3761 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote ...) NOT-FOR-US: Adobe CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...) NOT-FOR-US: Adobe CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors ...) NOT-FOR-US: Adobe CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3757 (Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and ear ...) NOT-FOR-US: Adobe CVE-2020-3756 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3755 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3754 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3753 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3752 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3751 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3750 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3749 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3748 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3747 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3746 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3745 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3744 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3743 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3742 (Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.01 ...) NOT-FOR-US: Adobe CVE-2020-3741 (Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled re ...) NOT-FOR-US: Adobe CVE-2020-3740 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-3739 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-3738 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3737 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3736 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3735 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...) NOT-FOR-US: Adobe CVE-2020-3734 (Adobe Framemaker versions 2019.0.4 and below have a buffer error vulne ...) NOT-FOR-US: Adobe CVE-2020-3733 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3732 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3731 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...) NOT-FOR-US: Adobe CVE-2020-3730 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3729 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3728 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3727 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3726 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3725 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3724 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3723 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3722 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3721 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3720 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3709 RESERVED CVE-2020-3708 RESERVED CVE-2020-3707 RESERVED CVE-2020-3706 RESERVED CVE-2020-3705 RESERVED CVE-2020-3704 RESERVED CVE-2020-3703 RESERVED CVE-2020-3702 RESERVED CVE-2020-3701 RESERVED CVE-2020-3700 RESERVED CVE-2020-3699 RESERVED CVE-2020-3698 RESERVED CVE-2020-3697 RESERVED CVE-2020-3696 RESERVED CVE-2020-3695 RESERVED CVE-2020-3694 RESERVED CVE-2020-3693 RESERVED CVE-2020-3692 RESERVED CVE-2020-3691 RESERVED CVE-2020-3690 RESERVED CVE-2020-3689 RESERVED CVE-2020-3688 RESERVED CVE-2020-3687 RESERVED CVE-2020-3686 RESERVED CVE-2020-3685 RESERVED CVE-2020-3684 RESERVED CVE-2020-3683 RESERVED CVE-2020-3682 RESERVED CVE-2020-3681 RESERVED CVE-2020-3680 RESERVED CVE-2020-3679 RESERVED CVE-2020-3678 RESERVED CVE-2020-3677 RESERVED CVE-2020-3676 RESERVED CVE-2020-3675 RESERVED CVE-2020-3674 RESERVED CVE-2020-3673 RESERVED CVE-2020-3672 RESERVED CVE-2020-3671 RESERVED CVE-2020-3670 RESERVED CVE-2020-3669 RESERVED CVE-2020-3668 RESERVED CVE-2020-3667 RESERVED CVE-2020-3666 RESERVED CVE-2020-3665 RESERVED CVE-2020-3664 RESERVED CVE-2020-3663 RESERVED CVE-2020-3662 RESERVED CVE-2020-3661 RESERVED CVE-2020-3660 RESERVED CVE-2020-3659 RESERVED CVE-2020-3658 RESERVED CVE-2020-3657 RESERVED CVE-2020-3656 RESERVED CVE-2020-3655 RESERVED CVE-2020-3654 RESERVED CVE-2020-3653 RESERVED CVE-2020-3652 RESERVED CVE-2020-3651 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-3650 RESERVED CVE-2020-3649 RESERVED CVE-2020-3648 RESERVED CVE-2020-3647 RESERVED CVE-2020-3646 RESERVED CVE-2020-3645 RESERVED CVE-2020-3644 RESERVED CVE-2020-3643 RESERVED CVE-2020-3642 RESERVED CVE-2020-3641 RESERVED CVE-2020-3640 RESERVED CVE-2020-3639 RESERVED CVE-2020-3638 RESERVED CVE-2020-3637 RESERVED CVE-2020-3636 RESERVED CVE-2020-3635 RESERVED CVE-2020-3634 RESERVED CVE-2020-3633 RESERVED CVE-2020-3632 RESERVED CVE-2020-3631 RESERVED CVE-2020-3630 RESERVED CVE-2020-3629 RESERVED CVE-2020-3628 RESERVED CVE-2020-3627 RESERVED CVE-2020-3626 RESERVED CVE-2020-3625 RESERVED CVE-2020-3624 RESERVED CVE-2020-3623 RESERVED CVE-2020-3622 RESERVED CVE-2020-3621 RESERVED CVE-2020-3620 RESERVED CVE-2020-3619 RESERVED CVE-2020-3618 RESERVED CVE-2020-3617 RESERVED CVE-2020-3616 RESERVED CVE-2020-3615 RESERVED CVE-2020-3614 RESERVED CVE-2020-3613 RESERVED CVE-2020-3612 RESERVED CVE-2020-3611 RESERVED CVE-2020-3610 RESERVED CVE-2020-3609 RESERVED CVE-2020-3608 RESERVED CVE-2020-3607 RESERVED CVE-2020-3606 RESERVED CVE-2020-3605 RESERVED CVE-2020-3604 RESERVED CVE-2020-3603 RESERVED CVE-2020-3602 RESERVED CVE-2020-3601 RESERVED CVE-2020-3600 RESERVED CVE-2020-3599 RESERVED CVE-2020-3598 RESERVED CVE-2020-3597 RESERVED CVE-2020-3596 RESERVED CVE-2020-3595 RESERVED CVE-2020-3594 RESERVED CVE-2020-3593 RESERVED CVE-2020-3592 RESERVED CVE-2020-3591 RESERVED CVE-2020-3590 RESERVED CVE-2020-3589 RESERVED CVE-2020-3588 RESERVED CVE-2020-3587 RESERVED CVE-2020-3586 RESERVED CVE-2020-3585 RESERVED CVE-2020-3584 RESERVED CVE-2020-3583 RESERVED CVE-2020-3582 RESERVED CVE-2020-3581 RESERVED CVE-2020-3580 RESERVED CVE-2020-3579 RESERVED CVE-2020-3578 RESERVED CVE-2020-3577 RESERVED CVE-2020-3576 RESERVED CVE-2020-3575 RESERVED CVE-2020-3574 RESERVED CVE-2020-3573 RESERVED CVE-2020-3572 RESERVED CVE-2020-3571 RESERVED CVE-2020-3570 RESERVED CVE-2020-3569 RESERVED CVE-2020-3568 RESERVED CVE-2020-3567 RESERVED CVE-2020-3566 RESERVED CVE-2020-3565 RESERVED CVE-2020-3564 RESERVED CVE-2020-3563 RESERVED CVE-2020-3562 RESERVED CVE-2020-3561 RESERVED CVE-2020-3560 RESERVED CVE-2020-3559 RESERVED CVE-2020-3558 RESERVED CVE-2020-3557 RESERVED CVE-2020-3556 RESERVED CVE-2020-3555 RESERVED CVE-2020-3554 RESERVED CVE-2020-3553 RESERVED CVE-2020-3552 RESERVED CVE-2020-3551 RESERVED CVE-2020-3550 RESERVED CVE-2020-3549 RESERVED CVE-2020-3548 RESERVED CVE-2020-3547 RESERVED CVE-2020-3546 RESERVED CVE-2020-3545 RESERVED CVE-2020-3544 RESERVED CVE-2020-3543 RESERVED CVE-2020-3542 RESERVED CVE-2020-3541 RESERVED CVE-2020-3540 RESERVED CVE-2020-3539 RESERVED CVE-2020-3538 RESERVED CVE-2020-3537 RESERVED CVE-2020-3536 RESERVED CVE-2020-3535 RESERVED CVE-2020-3534 RESERVED CVE-2020-3533 RESERVED CVE-2020-3532 RESERVED CVE-2020-3531 RESERVED CVE-2020-3530 RESERVED CVE-2020-3529 RESERVED CVE-2020-3528 RESERVED CVE-2020-3527 RESERVED CVE-2020-3526 RESERVED CVE-2020-3525 RESERVED CVE-2020-3524 RESERVED CVE-2020-3523 RESERVED CVE-2020-3522 RESERVED CVE-2020-3521 RESERVED CVE-2020-3520 RESERVED CVE-2020-3519 RESERVED CVE-2020-3518 RESERVED CVE-2020-3517 RESERVED CVE-2020-3516 RESERVED CVE-2020-3515 RESERVED CVE-2020-3514 RESERVED CVE-2020-3513 RESERVED CVE-2020-3512 RESERVED CVE-2020-3511 RESERVED CVE-2020-3510 RESERVED CVE-2020-3509 RESERVED CVE-2020-3508 RESERVED CVE-2020-3507 RESERVED CVE-2020-3506 RESERVED CVE-2020-3505 RESERVED CVE-2020-3504 RESERVED CVE-2020-3503 RESERVED CVE-2020-3502 RESERVED CVE-2020-3501 RESERVED CVE-2020-3500 RESERVED CVE-2020-3499 RESERVED CVE-2020-3498 RESERVED CVE-2020-3497 RESERVED CVE-2020-3496 RESERVED CVE-2020-3495 RESERVED CVE-2020-3494 RESERVED CVE-2020-3493 RESERVED CVE-2020-3492 RESERVED CVE-2020-3491 RESERVED CVE-2020-3490 RESERVED CVE-2020-3489 RESERVED CVE-2020-3488 RESERVED CVE-2020-3487 RESERVED CVE-2020-3486 RESERVED CVE-2020-3485 RESERVED CVE-2020-3484 RESERVED CVE-2020-3483 RESERVED CVE-2020-3482 RESERVED CVE-2020-3481 RESERVED CVE-2020-3480 RESERVED CVE-2020-3479 RESERVED CVE-2020-3478 RESERVED CVE-2020-3477 RESERVED CVE-2020-3476 RESERVED CVE-2020-3475 RESERVED CVE-2020-3474 RESERVED CVE-2020-3473 RESERVED CVE-2020-3472 RESERVED CVE-2020-3471 RESERVED CVE-2020-3470 RESERVED CVE-2020-3469 RESERVED CVE-2020-3468 RESERVED CVE-2020-3467 RESERVED CVE-2020-3466 RESERVED CVE-2020-3465 RESERVED CVE-2020-3464 RESERVED CVE-2020-3463 RESERVED CVE-2020-3462 RESERVED CVE-2020-3461 RESERVED CVE-2020-3460 RESERVED CVE-2020-3459 RESERVED CVE-2020-3458 RESERVED CVE-2020-3457 RESERVED CVE-2020-3456 RESERVED CVE-2020-3455 RESERVED CVE-2020-3454 RESERVED CVE-2020-3453 RESERVED CVE-2020-3452 RESERVED CVE-2020-3451 RESERVED CVE-2020-3450 RESERVED CVE-2020-3449 RESERVED CVE-2020-3448 RESERVED CVE-2020-3447 RESERVED CVE-2020-3446 RESERVED CVE-2020-3445 RESERVED CVE-2020-3444 RESERVED CVE-2020-3443 RESERVED CVE-2020-3442 RESERVED CVE-2020-3441 RESERVED CVE-2020-3440 RESERVED CVE-2020-3439 RESERVED CVE-2020-3438 RESERVED CVE-2020-3437 RESERVED CVE-2020-3436 RESERVED CVE-2020-3435 RESERVED CVE-2020-3434 RESERVED CVE-2020-3433 RESERVED CVE-2020-3432 RESERVED CVE-2020-3431 RESERVED CVE-2020-3430 RESERVED CVE-2020-3429 RESERVED CVE-2020-3428 RESERVED CVE-2020-3427 RESERVED CVE-2020-3426 RESERVED CVE-2020-3425 RESERVED CVE-2020-3424 RESERVED CVE-2020-3423 RESERVED CVE-2020-3422 RESERVED CVE-2020-3421 RESERVED CVE-2020-3420 RESERVED CVE-2020-3419 RESERVED CVE-2020-3418 RESERVED CVE-2020-3417 RESERVED CVE-2020-3416 RESERVED CVE-2020-3415 RESERVED CVE-2020-3414 RESERVED CVE-2020-3413 RESERVED CVE-2020-3412 RESERVED CVE-2020-3411 RESERVED CVE-2020-3410 RESERVED CVE-2020-3409 RESERVED CVE-2020-3408 RESERVED CVE-2020-3407 RESERVED CVE-2020-3406 RESERVED CVE-2020-3405 RESERVED CVE-2020-3404 RESERVED CVE-2020-3403 RESERVED CVE-2020-3402 RESERVED CVE-2020-3401 RESERVED CVE-2020-3400 RESERVED CVE-2020-3399 RESERVED CVE-2020-3398 RESERVED CVE-2020-3397 RESERVED CVE-2020-3396 RESERVED CVE-2020-3395 RESERVED CVE-2020-3394 RESERVED CVE-2020-3393 RESERVED CVE-2020-3392 RESERVED CVE-2020-3391 RESERVED CVE-2020-3390 RESERVED CVE-2020-3389 RESERVED CVE-2020-3388 RESERVED CVE-2020-3387 RESERVED CVE-2020-3386 RESERVED CVE-2020-3385 RESERVED CVE-2020-3384 RESERVED CVE-2020-3383 RESERVED CVE-2020-3382 RESERVED CVE-2020-3381 RESERVED CVE-2020-3380 RESERVED CVE-2020-3379 RESERVED CVE-2020-3378 RESERVED CVE-2020-3377 RESERVED CVE-2020-3376 RESERVED CVE-2020-3375 RESERVED CVE-2020-3374 RESERVED CVE-2020-3373 RESERVED CVE-2020-3372 RESERVED CVE-2020-3371 RESERVED CVE-2020-3370 RESERVED CVE-2020-3369 RESERVED CVE-2020-3368 RESERVED CVE-2020-3367 RESERVED CVE-2020-3366 RESERVED CVE-2020-3365 RESERVED CVE-2020-3364 RESERVED CVE-2020-3363 RESERVED CVE-2020-3362 RESERVED CVE-2020-3361 RESERVED CVE-2020-3360 RESERVED CVE-2020-3359 RESERVED CVE-2020-3358 RESERVED CVE-2020-3357 RESERVED CVE-2020-3356 RESERVED CVE-2020-3355 RESERVED CVE-2020-3354 RESERVED CVE-2020-3353 RESERVED CVE-2020-3352 RESERVED CVE-2020-3351 RESERVED CVE-2020-3350 RESERVED CVE-2020-3349 RESERVED CVE-2020-3348 RESERVED CVE-2020-3347 RESERVED CVE-2020-3346 RESERVED CVE-2020-3345 RESERVED CVE-2020-3344 RESERVED CVE-2020-3343 RESERVED CVE-2020-3342 RESERVED CVE-2020-3341 RESERVED CVE-2020-3340 RESERVED CVE-2020-3339 RESERVED CVE-2020-3338 RESERVED CVE-2020-3337 RESERVED CVE-2020-3336 RESERVED CVE-2020-3335 RESERVED CVE-2020-3334 RESERVED CVE-2020-3333 RESERVED CVE-2020-3332 RESERVED CVE-2020-3331 RESERVED CVE-2020-3330 RESERVED CVE-2020-3329 RESERVED CVE-2020-3328 RESERVED CVE-2020-3327 RESERVED CVE-2020-3326 RESERVED CVE-2020-3325 RESERVED CVE-2020-3324 RESERVED CVE-2020-3323 RESERVED CVE-2020-3322 RESERVED CVE-2020-3321 RESERVED CVE-2020-3320 RESERVED CVE-2020-3319 RESERVED CVE-2020-3318 RESERVED CVE-2020-3317 RESERVED CVE-2020-3316 RESERVED CVE-2020-3315 RESERVED CVE-2020-3314 RESERVED CVE-2020-3313 RESERVED CVE-2020-3312 RESERVED CVE-2020-3311 RESERVED CVE-2020-3310 RESERVED CVE-2020-3309 RESERVED CVE-2020-3308 RESERVED CVE-2020-3307 RESERVED CVE-2020-3306 RESERVED CVE-2020-3305 RESERVED CVE-2020-3304 RESERVED CVE-2020-3303 RESERVED CVE-2020-3302 RESERVED CVE-2020-3301 RESERVED CVE-2020-3300 RESERVED CVE-2020-3299 RESERVED CVE-2020-3298 RESERVED CVE-2020-3297 RESERVED CVE-2020-3296 RESERVED CVE-2020-3295 RESERVED CVE-2020-3294 RESERVED CVE-2020-3293 RESERVED CVE-2020-3292 RESERVED CVE-2020-3291 RESERVED CVE-2020-3290 RESERVED CVE-2020-3289 RESERVED CVE-2020-3288 RESERVED CVE-2020-3287 RESERVED CVE-2020-3286 RESERVED CVE-2020-3285 RESERVED CVE-2020-3284 RESERVED CVE-2020-3283 RESERVED CVE-2020-3282 RESERVED CVE-2020-3281 RESERVED CVE-2020-3280 RESERVED CVE-2020-3279 RESERVED CVE-2020-3278 RESERVED CVE-2020-3277 RESERVED CVE-2020-3276 RESERVED CVE-2020-3275 RESERVED CVE-2020-3274 RESERVED CVE-2020-3273 RESERVED CVE-2020-3272 RESERVED CVE-2020-3271 RESERVED CVE-2020-3270 RESERVED CVE-2020-3269 RESERVED CVE-2020-3268 RESERVED CVE-2020-3267 RESERVED CVE-2020-3266 (A vulnerability in the CLI of Cisco SD-WAN Solution software could all ...) NOT-FOR-US: Cisco CVE-2020-3265 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3264 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3263 RESERVED CVE-2020-3262 RESERVED CVE-2020-3261 RESERVED CVE-2020-3260 RESERVED CVE-2020-3259 RESERVED CVE-2020-3258 RESERVED CVE-2020-3257 RESERVED CVE-2020-3256 RESERVED CVE-2020-3255 RESERVED CVE-2020-3254 RESERVED CVE-2020-3253 RESERVED CVE-2020-3252 RESERVED CVE-2020-3251 RESERVED CVE-2020-3250 RESERVED CVE-2020-3249 RESERVED CVE-2020-3248 RESERVED CVE-2020-3247 RESERVED CVE-2020-3246 RESERVED CVE-2020-3245 RESERVED CVE-2020-3244 RESERVED CVE-2020-3243 RESERVED CVE-2020-3242 RESERVED CVE-2020-3241 RESERVED CVE-2020-3240 RESERVED CVE-2020-3239 RESERVED CVE-2020-3238 RESERVED CVE-2020-3237 RESERVED CVE-2020-3236 RESERVED CVE-2020-3235 RESERVED CVE-2020-3234 RESERVED CVE-2020-3233 RESERVED CVE-2020-3232 RESERVED CVE-2020-3231 RESERVED CVE-2020-3230 RESERVED CVE-2020-3229 RESERVED CVE-2020-3228 RESERVED CVE-2020-3227 RESERVED CVE-2020-3226 RESERVED CVE-2020-3225 RESERVED CVE-2020-3224 RESERVED CVE-2020-3223 RESERVED CVE-2020-3222 RESERVED CVE-2020-3221 RESERVED CVE-2020-3220 RESERVED CVE-2020-3219 RESERVED CVE-2020-3218 RESERVED CVE-2020-3217 RESERVED CVE-2020-3216 RESERVED CVE-2020-3215 RESERVED CVE-2020-3214 RESERVED CVE-2020-3213 RESERVED CVE-2020-3212 RESERVED CVE-2020-3211 RESERVED CVE-2020-3210 RESERVED CVE-2020-3209 RESERVED CVE-2020-3208 RESERVED CVE-2020-3207 RESERVED CVE-2020-3206 RESERVED CVE-2020-3205 RESERVED CVE-2020-3204 RESERVED CVE-2020-3203 RESERVED CVE-2020-3202 RESERVED CVE-2020-3201 RESERVED CVE-2020-3200 RESERVED CVE-2020-3199 RESERVED CVE-2020-3198 RESERVED CVE-2020-3197 RESERVED CVE-2020-3196 RESERVED CVE-2020-3195 RESERVED CVE-2020-3194 RESERVED CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2020-3191 RESERVED CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR Software ...) NOT-FOR-US: Cisco CVE-2020-3189 RESERVED CVE-2020-3188 RESERVED CVE-2020-3187 RESERVED CVE-2020-3186 RESERVED CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco TelePre ...) NOT-FOR-US: Cisco CVE-2020-3184 RESERVED CVE-2020-3183 RESERVED CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuration of ...) NOT-FOR-US: Cisco CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...) NOT-FOR-US: Cisco CVE-2020-3180 RESERVED CVE-2020-3179 RESERVED CVE-2020-3178 RESERVED CVE-2020-3177 RESERVED CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...) NOT-FOR-US: Cisco CVE-2020-3174 (A vulnerability in the anycast gateway feature of Cisco NX-OS Software ...) NOT-FOR-US: Cisco CVE-2020-3173 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...) NOT-FOR-US: Cisco CVE-2020-3172 (A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS ...) NOT-FOR-US: Cisco CVE-2020-3171 (A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS ...) NOT-FOR-US: Cisco CVE-2020-3170 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2020-3169 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3168 (A vulnerability in the Secure Login Enhancements capability of Cisco N ...) NOT-FOR-US: Cisco CVE-2020-3167 (A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manage ...) NOT-FOR-US: Cisco CVE-2020-3166 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3165 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...) NOT-FOR-US: Cisco CVE-2020-3164 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...) NOT-FOR-US: Cisco CVE-2020-3162 RESERVED CVE-2020-3161 RESERVED CVE-2020-3160 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...) NOT-FOR-US: Cisco CVE-2020-3159 (A vulnerability in the web-based management interface of Cisco Finesse ...) NOT-FOR-US: Cisco CVE-2020-3158 (A vulnerability in the High Availability (HA) service of Cisco Smart S ...) NOT-FOR-US: Cisco CVE-2020-3157 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-3156 (A vulnerability in the logging component of Cisco Identity Services En ...) NOT-FOR-US: Cisco CVE-2020-3155 (A vulnerability in the SSL implementation of the Cisco Intelligent Pro ...) NOT-FOR-US: Cisco CVE-2020-3154 (A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could ...) NOT-FOR-US: Cisco CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect Secure ...) NOT-FOR-US: Cisco CVE-2020-3152 RESERVED CVE-2020-3151 RESERVED CVE-2020-3150 RESERVED CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...) NOT-FOR-US: Cisco CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...) NOT-FOR-US: Cisco CVE-2020-3146 RESERVED CVE-2020-3145 RESERVED CVE-2020-3144 RESERVED CVE-2020-3143 RESERVED CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...) NOT-FOR-US: Cisco CVE-2020-3141 RESERVED CVE-2020-3140 RESERVED CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...) NOT-FOR-US: Cisco CVE-2020-3138 (A vulnerability in the upgrade component of Cisco Enterprise NFV Infra ...) NOT-FOR-US: Cisco CVE-2020-3137 RESERVED CVE-2020-3136 (A vulnerability in the web-based management interface of Cisco Jabber ...) NOT-FOR-US: Cisco CVE-2020-3135 RESERVED CVE-2020-3134 (A vulnerability in the zip decompression engine of Cisco AsyncOS Softw ...) NOT-FOR-US: Cisco CVE-2020-3133 RESERVED CVE-2020-3132 (A vulnerability in the email message scanning feature of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3131 (A vulnerability in the Cisco Webex Teams client for Windows could allo ...) NOT-FOR-US: Cisco CVE-2020-3130 RESERVED CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...) NOT-FOR-US: Cisco CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2020-3126 RESERVED CVE-2020-3125 RESERVED CVE-2020-3124 RESERVED CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...) - clamav 0.102.2+dfsg-1 (bug #950944) [buster] - clamav (ClamAV is updated via -updates) [stretch] - clamav (ClamAV is updated via -updates) [jessie] - clamav (Vulnerable code introduced in 0.102.x) NOTE: https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html CVE-2020-3122 RESERVED CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2020-3120 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3119 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3118 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3117 RESERVED CVE-2020-3116 RESERVED CVE-2020-3115 (A vulnerability in the CLI of the Cisco SD-WAN Solution vManage softwa ...) NOT-FOR-US: Cisco CVE-2020-3114 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3113 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3112 (A vulnerability in the REST API endpoint of Cisco Data Center Network ...) NOT-FOR-US: Cisco CVE-2020-3111 (A vulnerability in the Cisco Discovery Protocol implementation for the ...) NOT-FOR-US: Cisco CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation for the ...) NOT-FOR-US: Cisco CVE-2020-3109 RESERVED CVE-2020-3108 RESERVED CVE-2020-3107 RESERVED CVE-2020-3106 RESERVED CVE-2020-3105 RESERVED CVE-2020-3104 RESERVED CVE-2020-3103 RESERVED CVE-2020-3102 RESERVED CVE-2020-3101 RESERVED CVE-2020-3100 RESERVED CVE-2020-3099 RESERVED CVE-2020-3098 RESERVED CVE-2020-3097 RESERVED CVE-2020-3096 RESERVED CVE-2020-3095 RESERVED CVE-2020-3094 RESERVED CVE-2020-3093 RESERVED CVE-2020-3092 RESERVED CVE-2020-3091 RESERVED CVE-2020-3090 RESERVED CVE-2020-3089 RESERVED CVE-2020-3088 RESERVED CVE-2020-3087 RESERVED CVE-2020-3086 RESERVED CVE-2020-3085 RESERVED CVE-2020-3084 RESERVED CVE-2020-3083 RESERVED CVE-2020-3082 RESERVED CVE-2020-3081 RESERVED CVE-2020-3080 RESERVED CVE-2020-3079 RESERVED CVE-2020-3078 RESERVED CVE-2020-3077 RESERVED CVE-2020-3076 RESERVED CVE-2020-3075 RESERVED CVE-2020-3074 RESERVED CVE-2020-3073 RESERVED CVE-2020-3072 RESERVED CVE-2020-3071 RESERVED CVE-2020-3070 RESERVED CVE-2020-3069 RESERVED CVE-2020-3068 RESERVED CVE-2020-3067 RESERVED CVE-2020-3066 RESERVED CVE-2020-3065 RESERVED CVE-2020-3064 RESERVED CVE-2020-3063 RESERVED CVE-2020-3062 RESERVED CVE-2020-3061 RESERVED CVE-2020-3060 RESERVED CVE-2020-3059 RESERVED CVE-2020-3058 RESERVED CVE-2020-3057 RESERVED CVE-2020-3056 RESERVED CVE-2020-3055 RESERVED CVE-2020-3054 RESERVED CVE-2020-3053 RESERVED CVE-2020-3052 RESERVED CVE-2020-3051 RESERVED CVE-2020-3050 RESERVED CVE-2020-3049 RESERVED CVE-2020-3048 RESERVED CVE-2020-3047 RESERVED CVE-2020-3046 RESERVED CVE-2020-3045 RESERVED CVE-2020-3044 RESERVED CVE-2020-3043 RESERVED CVE-2020-3042 RESERVED CVE-2020-3041 RESERVED CVE-2020-3040 RESERVED CVE-2020-3039 RESERVED CVE-2020-3038 RESERVED CVE-2020-3037 RESERVED CVE-2020-3036 RESERVED CVE-2020-3035 RESERVED CVE-2020-3034 RESERVED CVE-2020-3033 RESERVED CVE-2020-3032 RESERVED CVE-2020-3031 RESERVED CVE-2020-3030 RESERVED CVE-2020-3029 RESERVED CVE-2020-3028 RESERVED CVE-2020-3027 RESERVED CVE-2020-3026 RESERVED CVE-2020-3025 RESERVED CVE-2020-3024 RESERVED CVE-2020-3023 RESERVED CVE-2020-3022 RESERVED CVE-2020-3021 RESERVED CVE-2020-3020 RESERVED CVE-2020-3019 RESERVED CVE-2020-3018 RESERVED CVE-2020-3017 RESERVED CVE-2020-3016 RESERVED CVE-2020-3015 RESERVED CVE-2020-3014 RESERVED CVE-2020-3013 RESERVED CVE-2020-3012 RESERVED CVE-2020-3011 RESERVED CVE-2020-3010 RESERVED CVE-2020-3009 RESERVED CVE-2020-3008 RESERVED CVE-2020-3007 RESERVED CVE-2020-3006 RESERVED CVE-2020-3005 RESERVED CVE-2020-3004 RESERVED CVE-2020-3003 RESERVED CVE-2020-3002 RESERVED CVE-2020-3001 RESERVED CVE-2020-3000 RESERVED CVE-2020-2999 RESERVED CVE-2020-2998 RESERVED CVE-2020-2997 RESERVED CVE-2020-2996 RESERVED CVE-2020-2995 RESERVED CVE-2020-2994 RESERVED CVE-2020-2993 RESERVED CVE-2020-2992 RESERVED CVE-2020-2991 RESERVED CVE-2020-2990 RESERVED CVE-2020-2989 RESERVED CVE-2020-2988 RESERVED CVE-2020-2987 RESERVED CVE-2020-2986 RESERVED CVE-2020-2985 RESERVED CVE-2020-2984 RESERVED CVE-2020-2983 RESERVED CVE-2020-2982 RESERVED CVE-2020-2981 RESERVED CVE-2020-2980 RESERVED CVE-2020-2979 RESERVED CVE-2020-2978 RESERVED CVE-2020-2977 RESERVED CVE-2020-2976 RESERVED CVE-2020-2975 RESERVED CVE-2020-2974 RESERVED CVE-2020-2973 RESERVED CVE-2020-2972 RESERVED CVE-2020-2971 RESERVED CVE-2020-2970 RESERVED CVE-2020-2969 RESERVED CVE-2020-2968 RESERVED CVE-2020-2967 RESERVED CVE-2020-2966 RESERVED CVE-2020-2965 RESERVED CVE-2020-2964 RESERVED CVE-2020-2963 RESERVED CVE-2020-2962 RESERVED CVE-2020-2961 RESERVED CVE-2020-2960 RESERVED CVE-2020-2959 RESERVED CVE-2020-2958 RESERVED CVE-2020-2957 RESERVED CVE-2020-2956 RESERVED CVE-2020-2955 RESERVED CVE-2020-2954 RESERVED CVE-2020-2953 RESERVED CVE-2020-2952 RESERVED CVE-2020-2951 RESERVED CVE-2020-2950 RESERVED CVE-2020-2949 RESERVED CVE-2020-2948 RESERVED CVE-2020-2947 RESERVED CVE-2020-2946 RESERVED CVE-2020-2945 RESERVED CVE-2020-2944 RESERVED CVE-2020-2943 RESERVED CVE-2020-2942 RESERVED CVE-2020-2941 RESERVED CVE-2020-2940 RESERVED CVE-2020-2939 RESERVED CVE-2020-2938 RESERVED CVE-2020-2937 RESERVED CVE-2020-2936 RESERVED CVE-2020-2935 RESERVED CVE-2020-2934 RESERVED CVE-2020-2933 RESERVED CVE-2020-2932 RESERVED CVE-2020-2931 RESERVED CVE-2020-2930 RESERVED CVE-2020-2929 RESERVED CVE-2020-2928 RESERVED CVE-2020-2927 RESERVED CVE-2020-2926 RESERVED CVE-2020-2925 RESERVED CVE-2020-2924 RESERVED CVE-2020-2923 RESERVED CVE-2020-2922 RESERVED CVE-2020-2921 RESERVED CVE-2020-2920 RESERVED CVE-2020-2919 RESERVED CVE-2020-2918 RESERVED CVE-2020-2917 RESERVED CVE-2020-2916 RESERVED CVE-2020-2915 RESERVED CVE-2020-2914 RESERVED CVE-2020-2913 RESERVED CVE-2020-2912 RESERVED CVE-2020-2911 RESERVED CVE-2020-2910 RESERVED CVE-2020-2909 RESERVED CVE-2020-2908 RESERVED CVE-2020-2907 RESERVED CVE-2020-2906 RESERVED CVE-2020-2905 RESERVED CVE-2020-2904 RESERVED CVE-2020-2903 RESERVED CVE-2020-2902 RESERVED CVE-2020-2901 RESERVED CVE-2020-2900 RESERVED CVE-2020-2899 RESERVED CVE-2020-2898 RESERVED CVE-2020-2897 RESERVED CVE-2020-2896 RESERVED CVE-2020-2895 RESERVED CVE-2020-2894 RESERVED CVE-2020-2893 RESERVED CVE-2020-2892 RESERVED CVE-2020-2891 RESERVED CVE-2020-2890 RESERVED CVE-2020-2889 RESERVED CVE-2020-2888 RESERVED CVE-2020-2887 RESERVED CVE-2020-2886 RESERVED CVE-2020-2885 RESERVED CVE-2020-2884 RESERVED CVE-2020-2883 RESERVED CVE-2020-2882 RESERVED CVE-2020-2881 RESERVED CVE-2020-2880 RESERVED CVE-2020-2879 RESERVED CVE-2020-2878 RESERVED CVE-2020-2877 RESERVED CVE-2020-2876 RESERVED CVE-2020-2875 RESERVED CVE-2020-2874 RESERVED CVE-2020-2873 RESERVED CVE-2020-2872 RESERVED CVE-2020-2871 RESERVED CVE-2020-2870 RESERVED CVE-2020-2869 RESERVED CVE-2020-2868 RESERVED CVE-2020-2867 RESERVED CVE-2020-2866 RESERVED CVE-2020-2865 RESERVED CVE-2020-2864 RESERVED CVE-2020-2863 RESERVED CVE-2020-2862 RESERVED CVE-2020-2861 RESERVED CVE-2020-2860 RESERVED CVE-2020-2859 RESERVED CVE-2020-2858 RESERVED CVE-2020-2857 RESERVED CVE-2020-2856 RESERVED CVE-2020-2855 RESERVED CVE-2020-2854 RESERVED CVE-2020-2853 RESERVED CVE-2020-2852 RESERVED CVE-2020-2851 RESERVED CVE-2020-2850 RESERVED CVE-2020-2849 RESERVED CVE-2020-2848 RESERVED CVE-2020-2847 RESERVED CVE-2020-2846 RESERVED CVE-2020-2845 RESERVED CVE-2020-2844 RESERVED CVE-2020-2843 RESERVED CVE-2020-2842 RESERVED CVE-2020-2841 RESERVED CVE-2020-2840 RESERVED CVE-2020-2839 RESERVED CVE-2020-2838 RESERVED CVE-2020-2837 RESERVED CVE-2020-2836 RESERVED CVE-2020-2835 RESERVED CVE-2020-2834 RESERVED CVE-2020-2833 RESERVED CVE-2020-2832 RESERVED CVE-2020-2831 RESERVED CVE-2020-2830 RESERVED CVE-2020-2829 RESERVED CVE-2020-2828 RESERVED CVE-2020-2827 RESERVED CVE-2020-2826 RESERVED CVE-2020-2825 RESERVED CVE-2020-2824 RESERVED CVE-2020-2823 RESERVED CVE-2020-2822 RESERVED CVE-2020-2821 RESERVED CVE-2020-2820 RESERVED CVE-2020-2819 RESERVED CVE-2020-2818 RESERVED CVE-2020-2817 RESERVED CVE-2020-2816 RESERVED CVE-2020-2815 RESERVED CVE-2020-2814 RESERVED CVE-2020-2813 RESERVED CVE-2020-2812 RESERVED CVE-2020-2811 RESERVED CVE-2020-2810 RESERVED CVE-2020-2809 RESERVED CVE-2020-2808 RESERVED CVE-2020-2807 RESERVED CVE-2020-2806 RESERVED CVE-2020-2805 RESERVED CVE-2020-2804 RESERVED CVE-2020-2803 RESERVED CVE-2020-2802 RESERVED CVE-2020-2801 RESERVED CVE-2020-2800 RESERVED CVE-2020-2799 RESERVED CVE-2020-2798 RESERVED CVE-2020-2797 RESERVED CVE-2020-2796 RESERVED CVE-2020-2795 RESERVED CVE-2020-2794 RESERVED CVE-2020-2793 RESERVED CVE-2020-2792 RESERVED CVE-2020-2791 RESERVED CVE-2020-2790 RESERVED CVE-2020-2789 RESERVED CVE-2020-2788 RESERVED CVE-2020-2787 RESERVED CVE-2020-2786 RESERVED CVE-2020-2785 RESERVED CVE-2020-2784 RESERVED CVE-2020-2783 RESERVED CVE-2020-2782 RESERVED CVE-2020-2781 RESERVED CVE-2020-2780 RESERVED CVE-2020-2779 RESERVED CVE-2020-2778 RESERVED CVE-2020-2777 RESERVED CVE-2020-2776 RESERVED CVE-2020-2775 RESERVED CVE-2020-2774 RESERVED CVE-2020-2773 RESERVED CVE-2020-2772 RESERVED CVE-2020-2771 RESERVED CVE-2020-2770 RESERVED CVE-2020-2769 RESERVED CVE-2020-2768 RESERVED CVE-2020-2767 RESERVED CVE-2020-2766 RESERVED CVE-2020-2765 RESERVED CVE-2020-2764 RESERVED CVE-2020-2763 RESERVED CVE-2020-2762 RESERVED CVE-2020-2761 RESERVED CVE-2020-2760 RESERVED CVE-2020-2759 RESERVED CVE-2020-2758 RESERVED CVE-2020-2757 RESERVED CVE-2020-2756 RESERVED CVE-2020-2755 RESERVED CVE-2020-2754 RESERVED CVE-2020-2753 RESERVED CVE-2020-2752 RESERVED CVE-2020-2751 RESERVED CVE-2020-2750 RESERVED CVE-2020-2749 RESERVED CVE-2020-2748 RESERVED CVE-2020-2747 RESERVED CVE-2020-2746 RESERVED CVE-2020-2745 RESERVED CVE-2020-2744 RESERVED CVE-2020-2743 RESERVED CVE-2020-2742 RESERVED CVE-2020-2741 RESERVED CVE-2020-2740 RESERVED CVE-2020-2739 RESERVED CVE-2020-2738 RESERVED CVE-2020-2737 RESERVED CVE-2020-2736 RESERVED CVE-2020-2735 RESERVED CVE-2020-2734 RESERVED CVE-2020-2733 RESERVED CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor handled instr ...) - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c NOTE: https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d CVE-2020-2731 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2730 (Vulnerability in the Oracle Financial Services Revenue Management and ...) NOT-FOR-US: Oracle CVE-2020-2729 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2728 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2727 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2726 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2725 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2724 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2723 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2722 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2721 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2720 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2719 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2718 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2717 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2716 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2715 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2714 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2713 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2712 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2711 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2710 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2709 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...) NOT-FOR-US: Oracle CVE-2020-2708 RESERVED CVE-2020-2707 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2706 RESERVED CVE-2020-2705 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2702 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2701 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2700 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2699 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2697 (Vulnerability in the Oracle Hospitality Suites Management component of ...) NOT-FOR-US: Oracle CVE-2020-2696 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2695 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) NOT-FOR-US: Oracle CVE-2020-2694 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2693 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2692 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2691 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2690 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2689 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2688 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-2687 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2686 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2685 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2684 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2683 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2682 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2681 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2680 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2679 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2678 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2677 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2676 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2675 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2673 (Vulnerability in the Oracle Application Testing Suite product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2672 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2671 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2670 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2669 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2668 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2667 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2666 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2665 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2664 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2663 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2662 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2661 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2660 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DLA-2128-1} - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2658 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2656 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2655 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4605-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 CVE-2020-2654 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2653 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2652 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2651 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2650 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2649 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2648 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2647 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2646 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2645 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2644 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2643 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2642 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2641 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2640 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2639 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2638 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2637 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2636 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2635 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2634 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2633 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2632 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2631 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2630 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2629 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2628 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2627 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2626 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2625 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2624 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2622 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2621 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2620 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2619 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2618 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2617 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2616 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2615 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2614 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...) NOT-FOR-US: Oracle CVE-2020-2613 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2612 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2611 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2610 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2609 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2608 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2607 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2603 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2601 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2599 (Vulnerability in the Oracle Hospitality Cruise Materials Management pr ...) NOT-FOR-US: Oracle CVE-2020-2598 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2597 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2596 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2595 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2594 RESERVED CVE-2020-2593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2592 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...) NOT-FOR-US: Oracle CVE-2020-2591 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2589 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2588 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2587 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2586 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2585 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) - openjfx 11+26-1 [stretch] - openjfx (Minor issue) NOTE: This only affects JavaFX 8, so marking the first post 8 version as fixed CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-2581 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2580 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2579 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2578 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2576 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2575 RESERVED CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) - mariadb-10.3 1:10.3.22-1 [buster] - mariadb-10.3 1:10.3.22-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.44-0+deb9u1 NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL NOTE: Fixed in MariaDB: 5.5.67, 10.1.44, 10.2.31, 10.3.22, 10.4.12 CVE-2020-2573 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2572 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2571 (Vulnerability in the Oracle VM Server for SPARC product of Oracle Syst ...) NOT-FOR-US: Oracle CVE-2020-2570 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2569 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...) NOT-FOR-US: Oracle CVE-2020-2568 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...) NOT-FOR-US: Oracle CVE-2020-2567 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2566 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2565 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2564 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2563 (Vulnerability in the Hyperion Financial Close Management product of Or ...) NOT-FOR-US: Oracle CVE-2020-2562 RESERVED CVE-2020-2561 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...) NOT-FOR-US: Oracle CVE-2020-2560 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2559 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2558 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2557 (Vulnerability in the Oracle Demantra Demand Management product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2556 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2555 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2554 RESERVED CVE-2020-2553 RESERVED CVE-2020-2552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2551 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2550 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2549 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2548 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2547 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2546 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2545 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2020-2544 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2543 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2542 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2541 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2540 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2539 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2538 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2537 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2536 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2535 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2534 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-2533 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-2532 RESERVED CVE-2020-2531 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2530 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2020-2529 RESERVED CVE-2020-2528 RESERVED CVE-2020-2527 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2526 RESERVED CVE-2020-2525 RESERVED CVE-2020-2524 RESERVED CVE-2020-2523 RESERVED CVE-2020-2522 RESERVED CVE-2020-2521 RESERVED CVE-2020-2520 RESERVED CVE-2020-2519 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2518 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2020-2517 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2516 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2515 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2514 RESERVED CVE-2020-2513 RESERVED CVE-2020-2512 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2511 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2510 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2509 RESERVED CVE-2020-2508 RESERVED CVE-2020-2507 RESERVED CVE-2020-2506 RESERVED CVE-2020-2505 RESERVED CVE-2020-2504 RESERVED CVE-2020-2503 RESERVED CVE-2020-2502 RESERVED CVE-2020-2501 RESERVED CVE-2020-2500 RESERVED CVE-2020-2499 RESERVED CVE-2020-2498 RESERVED CVE-2020-2497 RESERVED CVE-2020-2496 RESERVED CVE-2020-2495 RESERVED CVE-2020-2494 RESERVED CVE-2020-2493 RESERVED CVE-2020-2492 RESERVED CVE-2020-2491 RESERVED CVE-2020-2490 RESERVED CVE-2020-2489 RESERVED CVE-2020-2488 RESERVED CVE-2020-2487 RESERVED CVE-2020-2486 RESERVED CVE-2020-2485 RESERVED CVE-2020-2484 RESERVED CVE-2020-2483 RESERVED CVE-2020-2482 RESERVED CVE-2020-2481 RESERVED CVE-2020-2480 RESERVED CVE-2020-2479 RESERVED CVE-2020-2478 RESERVED CVE-2020-2477 RESERVED CVE-2020-2476 RESERVED CVE-2020-2475 RESERVED CVE-2020-2474 RESERVED CVE-2020-2473 RESERVED CVE-2020-2472 RESERVED CVE-2020-2471 RESERVED CVE-2020-2470 RESERVED CVE-2020-2469 RESERVED CVE-2020-2468 RESERVED CVE-2020-2467 RESERVED CVE-2020-2466 RESERVED CVE-2020-2465 RESERVED CVE-2020-2464 RESERVED CVE-2020-2463 RESERVED CVE-2020-2462 RESERVED CVE-2020-2461 RESERVED CVE-2020-2460 RESERVED CVE-2020-2459 RESERVED CVE-2020-2458 RESERVED CVE-2020-2457 RESERVED CVE-2020-2456 RESERVED CVE-2020-2455 RESERVED CVE-2020-2454 RESERVED CVE-2020-2453 RESERVED CVE-2020-2452 RESERVED CVE-2020-2451 RESERVED CVE-2020-2450 RESERVED CVE-2020-2449 RESERVED CVE-2020-2448 RESERVED CVE-2020-2447 RESERVED CVE-2020-2446 RESERVED CVE-2020-2445 RESERVED CVE-2020-2444 RESERVED CVE-2020-2443 RESERVED CVE-2020-2442 RESERVED CVE-2020-2441 RESERVED CVE-2020-2440 RESERVED CVE-2020-2439 RESERVED CVE-2020-2438 RESERVED CVE-2020-2437 RESERVED CVE-2020-2436 RESERVED CVE-2020-2435 RESERVED CVE-2020-2434 RESERVED CVE-2020-2433 RESERVED CVE-2020-2432 RESERVED CVE-2020-2431 RESERVED CVE-2020-2430 RESERVED CVE-2020-2429 RESERVED CVE-2020-2428 RESERVED CVE-2020-2427 RESERVED CVE-2020-2426 RESERVED CVE-2020-2425 RESERVED CVE-2020-2424 RESERVED CVE-2020-2423 RESERVED CVE-2020-2422 RESERVED CVE-2020-2421 RESERVED CVE-2020-2420 RESERVED CVE-2020-2419 RESERVED CVE-2020-2418 RESERVED CVE-2020-2417 RESERVED CVE-2020-2416 RESERVED CVE-2020-2415 RESERVED CVE-2020-2414 RESERVED CVE-2020-2413 RESERVED CVE-2020-2412 RESERVED CVE-2020-2411 RESERVED CVE-2020-2410 RESERVED CVE-2020-2409 RESERVED CVE-2020-2408 RESERVED CVE-2020-2407 RESERVED CVE-2020-2406 RESERVED CVE-2020-2405 RESERVED CVE-2020-2404 RESERVED CVE-2020-2403 RESERVED CVE-2020-2402 RESERVED CVE-2020-2401 RESERVED CVE-2020-2400 RESERVED CVE-2020-2399 RESERVED CVE-2020-2398 RESERVED CVE-2020-2397 RESERVED CVE-2020-2396 RESERVED CVE-2020-2395 RESERVED CVE-2020-2394 RESERVED CVE-2020-2393 RESERVED CVE-2020-2392 RESERVED CVE-2020-2391 RESERVED CVE-2020-2390 RESERVED CVE-2020-2389 RESERVED CVE-2020-2388 RESERVED CVE-2020-2387 RESERVED CVE-2020-2386 RESERVED CVE-2020-2385 RESERVED CVE-2020-2384 RESERVED CVE-2020-2383 RESERVED CVE-2020-2382 RESERVED CVE-2020-2381 RESERVED CVE-2020-2380 RESERVED CVE-2020-2379 RESERVED CVE-2020-2378 RESERVED CVE-2020-2377 RESERVED CVE-2020-2376 RESERVED CVE-2020-2375 RESERVED CVE-2020-2374 RESERVED CVE-2020-2373 RESERVED CVE-2020-2372 RESERVED CVE-2020-2371 RESERVED CVE-2020-2370 RESERVED CVE-2020-2369 RESERVED CVE-2020-2368 RESERVED CVE-2020-2367 RESERVED CVE-2020-2366 RESERVED CVE-2020-2365 RESERVED CVE-2020-2364 RESERVED CVE-2020-2363 RESERVED CVE-2020-2362 RESERVED CVE-2020-2361 RESERVED CVE-2020-2360 RESERVED CVE-2020-2359 RESERVED CVE-2020-2358 RESERVED CVE-2020-2357 RESERVED CVE-2020-2356 RESERVED CVE-2020-2355 RESERVED CVE-2020-2354 RESERVED CVE-2020-2353 RESERVED CVE-2020-2352 RESERVED CVE-2020-2351 RESERVED CVE-2020-2350 RESERVED CVE-2020-2349 RESERVED CVE-2020-2348 RESERVED CVE-2020-2347 RESERVED CVE-2020-2346 RESERVED CVE-2020-2345 RESERVED CVE-2020-2344 RESERVED CVE-2020-2343 RESERVED CVE-2020-2342 RESERVED CVE-2020-2341 RESERVED CVE-2020-2340 RESERVED CVE-2020-2339 RESERVED CVE-2020-2338 RESERVED CVE-2020-2337 RESERVED CVE-2020-2336 RESERVED CVE-2020-2335 RESERVED CVE-2020-2334 RESERVED CVE-2020-2333 RESERVED CVE-2020-2332 RESERVED CVE-2020-2331 RESERVED CVE-2020-2330 RESERVED CVE-2020-2329 RESERVED CVE-2020-2328 RESERVED CVE-2020-2327 RESERVED CVE-2020-2326 RESERVED CVE-2020-2325 RESERVED CVE-2020-2324 RESERVED CVE-2020-2323 RESERVED CVE-2020-2322 RESERVED CVE-2020-2321 RESERVED CVE-2020-2320 RESERVED CVE-2020-2319 RESERVED CVE-2020-2318 RESERVED CVE-2020-2317 RESERVED CVE-2020-2316 RESERVED CVE-2020-2315 RESERVED CVE-2020-2314 RESERVED CVE-2020-2313 RESERVED CVE-2020-2312 RESERVED CVE-2020-2311 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-2310 RESERVED CVE-2020-2309 RESERVED CVE-2020-2308 RESERVED CVE-2020-2307 RESERVED CVE-2020-2306 RESERVED CVE-2020-2305 RESERVED CVE-2020-2304 RESERVED CVE-2020-2303 RESERVED CVE-2020-2302 RESERVED CVE-2020-2301 RESERVED CVE-2020-2300 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-2299 RESERVED CVE-2020-2298 RESERVED CVE-2020-2297 RESERVED CVE-2020-2296 RESERVED CVE-2020-2295 RESERVED CVE-2020-2294 RESERVED CVE-2020-2293 RESERVED CVE-2020-2292 RESERVED CVE-2020-2291 RESERVED CVE-2020-2290 RESERVED CVE-2020-2289 RESERVED CVE-2020-2288 RESERVED CVE-2020-2287 RESERVED CVE-2020-2286 RESERVED CVE-2020-2285 RESERVED CVE-2020-2284 RESERVED CVE-2020-2283 RESERVED CVE-2020-2282 RESERVED CVE-2020-2281 RESERVED CVE-2020-2280 RESERVED CVE-2020-2279 RESERVED CVE-2020-2278 RESERVED CVE-2020-2277 RESERVED CVE-2020-2276 RESERVED CVE-2020-2275 RESERVED CVE-2020-2274 RESERVED CVE-2020-2273 RESERVED CVE-2020-2272 RESERVED CVE-2020-2271 RESERVED CVE-2020-2270 RESERVED CVE-2020-2269 RESERVED CVE-2020-2268 RESERVED CVE-2020-2267 RESERVED CVE-2020-2266 RESERVED CVE-2020-2265 RESERVED CVE-2020-2264 RESERVED NOT-FOR-US: Qualcomm components for Android CVE-2020-2263 RESERVED CVE-2020-2262 RESERVED CVE-2020-2261 RESERVED CVE-2020-2260 RESERVED CVE-2020-2259 RESERVED CVE-2020-2258 RESERVED CVE-2020-2257 RESERVED CVE-2020-2256 RESERVED CVE-2020-2255 RESERVED CVE-2020-2254 RESERVED CVE-2020-2253 RESERVED CVE-2020-2252 RESERVED CVE-2020-2251 RESERVED CVE-2020-2250 RESERVED CVE-2020-2249 RESERVED CVE-2020-2248 RESERVED CVE-2020-2247 RESERVED CVE-2020-2246 RESERVED CVE-2020-2245 RESERVED CVE-2020-2244 RESERVED CVE-2020-2243 RESERVED CVE-2020-2242 RESERVED CVE-2020-2241 RESERVED CVE-2020-2240 RESERVED CVE-2020-2239 RESERVED CVE-2020-2238 RESERVED CVE-2020-2237 RESERVED CVE-2020-2236 RESERVED CVE-2020-2235 RESERVED CVE-2020-2234 RESERVED CVE-2020-2233 RESERVED CVE-2020-2232 RESERVED CVE-2020-2231 RESERVED CVE-2020-2230 RESERVED CVE-2020-2229 RESERVED CVE-2020-2228 RESERVED CVE-2020-2227 RESERVED CVE-2020-2226 RESERVED CVE-2020-2225 RESERVED CVE-2020-2224 RESERVED CVE-2020-2223 RESERVED CVE-2020-2222 RESERVED CVE-2020-2221 RESERVED CVE-2020-2220 RESERVED CVE-2020-2219 RESERVED CVE-2020-2218 RESERVED CVE-2020-2217 RESERVED CVE-2020-2216 RESERVED CVE-2020-2215 RESERVED CVE-2020-2214 RESERVED CVE-2020-2213 RESERVED CVE-2020-2212 RESERVED CVE-2020-2211 RESERVED CVE-2020-2210 RESERVED CVE-2020-2209 RESERVED CVE-2020-2208 RESERVED CVE-2020-2207 RESERVED CVE-2020-2206 RESERVED CVE-2020-2205 RESERVED CVE-2020-2204 RESERVED CVE-2020-2203 RESERVED CVE-2020-2202 RESERVED CVE-2020-2201 RESERVED CVE-2020-2200 RESERVED CVE-2020-2199 RESERVED CVE-2020-2198 RESERVED CVE-2020-2197 RESERVED CVE-2020-2196 RESERVED CVE-2020-2195 RESERVED CVE-2020-2194 RESERVED CVE-2020-2193 RESERVED CVE-2020-2192 RESERVED CVE-2020-2191 RESERVED CVE-2020-2190 RESERVED CVE-2020-2189 RESERVED CVE-2020-2188 RESERVED CVE-2020-2187 RESERVED CVE-2020-2186 RESERVED CVE-2020-2185 RESERVED CVE-2020-2184 RESERVED CVE-2020-2183 RESERVED CVE-2020-2182 RESERVED CVE-2020-2181 RESERVED CVE-2020-2180 RESERVED CVE-2020-2179 RESERVED CVE-2020-2178 RESERVED CVE-2020-2177 RESERVED CVE-2020-2176 (Multiple form validation endpoints in Jenkins useMango Runner Plugin 1 ...) NOT-FOR-US: Jenkins plugin CVE-2020-2175 (Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape rep ...) NOT-FOR-US: Jenkins plugin CVE-2020-2174 (Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape var ...) NOT-FOR-US: Jenkins plugin CVE-2020-2173 (Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Pol ...) NOT-FOR-US: Jenkins plugin CVE-2020-2172 (Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2171 (Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML ...) NOT-FOR-US: Jenkins plugin CVE-2020-2170 (Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package nam ...) NOT-FOR-US: Jenkins plugin CVE-2020-2169 (A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2020-2168 (Jenkins Azure Container Service Plugin 1.0.1 and earlier does not conf ...) NOT-FOR-US: Jenkins plugin CVE-2020-2167 (Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configur ...) NOT-FOR-US: Jenkins plugin CVE-2020-2166 (Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2165 (Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured pass ...) NOT-FOR-US: Jenkins plugin CVE-2020-2164 (Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory se ...) NOT-FOR-US: Jenkins plugin CVE-2020-2163 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processe ...) NOT-FOR-US: Jenkins CVE-2020-2162 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Conten ...) NOT-FOR-US: Jenkins CVE-2020-2161 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly e ...) NOT-FOR-US: Jenkins CVE-2020-2160 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different repr ...) NOT-FOR-US: Jenkins CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job ...) NOT-FOR-US: Jenkins CryptoMove Plugin CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its YAML pa ...) NOT-FOR-US: Jenkins Literate Plugin CVE-2020-2157 (Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured c ...) NOT-FOR-US: Jenkins Skytap Cloud CI Plugin CVE-2020-2156 (Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured crede ...) NOT-FOR-US: Jenkins DeployHub Plugin CVE-2020-2155 (Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configur ...) NOT-FOR-US: Jenkins OpenShift Deployer Plugin CVE-2020-2154 (Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores ...) NOT-FOR-US: Jenkins Zephyr for JIRA Test Management Plugin CVE-2020-2153 (Jenkins Backlog Plugin 2.4 and earlier transmits configured credential ...) NOT-FOR-US: Jenkins Backlog Plugin CVE-2020-2152 (Jenkins Subversion Release Manager Plugin 1.2 and earlier does not esc ...) NOT-FOR-US: Jenkins Subversion Release Manager Plugin CVE-2020-2151 (Jenkins Quality Gates Plugin 2.5 and earlier transmits configured cred ...) NOT-FOR-US: Jenkins Quality Gates Plugin CVE-2020-2150 (Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configu ...) NOT-FOR-US: Jenkins Sonar Quality Gates Plugin CVE-2020-2149 (Jenkins Repository Connector Plugin 1.2.6 and earlier transmits config ...) NOT-FOR-US: Jenkins Repository Connector Plugin CVE-2020-2148 (A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier all ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2147 (A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2146 (Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys w ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2145 (Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier sto ...) NOT-FOR-US: Jenkins Zephyr Enterprise Test Management Plugin CVE-2020-2144 (Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML pa ...) NOT-FOR-US: Jenkins Rundeck Plugin CVE-2020-2143 (Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credent ...) NOT-FOR-US: Jenkins Logstash Plugin CVE-2020-2142 (A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier al ...) NOT-FOR-US: Jenkins P4 Plugin CVE-2020-2141 (A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.1 ...) NOT-FOR-US: Jenkins P4 Plugin CVE-2020-2140 (Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error m ...) NOT-FOR-US: Jenkins Audit Trail Plugin CVE-2020-2139 (An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 ...) NOT-FOR-US: Jenkins Cobertura Plugin CVE-2020-2138 (Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML p ...) NOT-FOR-US: Jenkins Cobertura Plugin CVE-2020-2137 (Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML f ...) NOT-FOR-US: Jenkins Timestamper Plugin CVE-2020-2136 (Jenkins Git Plugin 4.2.0 and earlier does not escape the error message ...) NOT-FOR-US: Jenkins Git Plugin CVE-2020-2135 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2020-2134 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2131 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencryp ...) NOT-FOR-US: Jenkins plugin CVE-2020-2130 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencry ...) NOT-FOR-US: Jenkins plugin CVE-2020-2129 (Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencr ...) NOT-FOR-US: Jenkins plugin CVE-2020-2128 (Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a passw ...) NOT-FOR-US: Jenkins plugin CVE-2020-2127 (Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stor ...) NOT-FOR-US: Jenkins plugin CVE-2020-2126 (Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2020-2125 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG ...) NOT-FOR-US: Jenkins plugin CVE-2020-2124 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier sto ...) NOT-FOR-US: Jenkins plugin CVE-2020-2123 (Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2122 (Jenkins Brakeman Plugin 0.12 and earlier did not escape values receive ...) NOT-FOR-US: Jenkins plugin CVE-2020-2121 (Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not con ...) NOT-FOR-US: Jenkins plugin CVE-2020-2120 (Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2119 (Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credent ...) NOT-FOR-US: Jenkins plugin CVE-2020-2118 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2117 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2116 (A cross-site request forgery vulnerability in Jenkins Pipeline GitHub ...) NOT-FOR-US: Jenkins plugin CVE-2020-2115 (Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parse ...) NOT-FOR-US: Jenkins plugin CVE-2020-2114 (Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured cr ...) NOT-FOR-US: Jenkins plugin CVE-2020-2113 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the de ...) NOT-FOR-US: Jenkins plugin CVE-2020-2112 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2111 (Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error ...) NOT-FOR-US: Jenkins plugin CVE-2020-2110 (Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2109 (Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2108 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwor ...) NOT-FOR-US: Jenkins plugin CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earli ...) NOT-FOR-US: Jenkins CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with ...) NOT-FOR-US: Jenkins CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session ide ...) NOT-FOR-US: Jenkins CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant ...) NOT-FOR-US: Jenkins CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a const ...) NOT-FOR-US: Jenkins CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a ...) NOT-FOR-US: Jenkins CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses e ...) NOT-FOR-US: Jenkins CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...) NOT-FOR-US: Jenkins plugin CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform permission chec ...) NOT-FOR-US: Jenkins plugin CVE-2020-2096 (Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project n ...) NOT-FOR-US: Jenkins plugin CVE-2020-2095 (Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored ...) NOT-FOR-US: Jenkins plugin CVE-2020-2094 (A missing permission check in Jenkins Health Advisor by CloudBees Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2093 (A cross-site request forgery vulnerability in Jenkins Health Advisor b ...) NOT-FOR-US: Jenkins plugin CVE-2020-2092 (Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure it ...) NOT-FOR-US: Jenkins plugin CVE-2020-2091 (A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2020-2090 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2089 RESERVED CVE-2020-2088 RESERVED CVE-2020-2087 RESERVED CVE-2020-2086 RESERVED CVE-2020-2085 RESERVED CVE-2020-2084 RESERVED CVE-2020-2083 RESERVED CVE-2020-2082 RESERVED CVE-2020-2081 RESERVED CVE-2020-2080 RESERVED CVE-2020-2079 RESERVED CVE-2020-2078 RESERVED CVE-2020-2077 RESERVED CVE-2020-2076 RESERVED CVE-2020-2075 RESERVED CVE-2020-2074 RESERVED CVE-2020-2073 RESERVED CVE-2020-2072 RESERVED CVE-2020-2071 RESERVED CVE-2020-2070 RESERVED CVE-2020-2069 RESERVED CVE-2020-2068 RESERVED CVE-2020-2067 RESERVED CVE-2020-2066 RESERVED CVE-2020-2065 RESERVED CVE-2020-2064 RESERVED CVE-2020-2063 RESERVED CVE-2020-2062 RESERVED CVE-2020-2061 RESERVED CVE-2020-2060 RESERVED CVE-2020-2059 RESERVED CVE-2020-2058 RESERVED CVE-2020-2057 RESERVED CVE-2020-2056 RESERVED CVE-2020-2055 RESERVED CVE-2020-2054 RESERVED CVE-2020-2053 RESERVED CVE-2020-2052 RESERVED CVE-2020-2051 RESERVED CVE-2020-2050 RESERVED CVE-2020-2049 RESERVED CVE-2020-2048 RESERVED CVE-2020-2047 RESERVED CVE-2020-2046 RESERVED CVE-2020-2045 RESERVED CVE-2020-2044 RESERVED CVE-2020-2043 RESERVED CVE-2020-2042 RESERVED CVE-2020-2041 RESERVED CVE-2020-2040 RESERVED CVE-2020-2039 RESERVED CVE-2020-2038 RESERVED CVE-2020-2037 RESERVED CVE-2020-2036 RESERVED CVE-2020-2035 RESERVED CVE-2020-2034 RESERVED CVE-2020-2033 RESERVED CVE-2020-2032 RESERVED CVE-2020-2031 RESERVED CVE-2020-2030 RESERVED CVE-2020-2029 RESERVED CVE-2020-2028 RESERVED CVE-2020-2027 RESERVED CVE-2020-2026 RESERVED CVE-2020-2025 RESERVED CVE-2020-2024 RESERVED CVE-2020-2023 RESERVED CVE-2020-2022 RESERVED CVE-2020-2021 RESERVED CVE-2020-2020 RESERVED CVE-2020-2019 RESERVED CVE-2020-2018 RESERVED CVE-2020-2017 RESERVED CVE-2020-2016 RESERVED CVE-2020-2015 RESERVED CVE-2020-2014 RESERVED CVE-2020-2013 RESERVED CVE-2020-2012 RESERVED CVE-2020-2011 RESERVED CVE-2020-2010 RESERVED CVE-2020-2009 RESERVED CVE-2020-2008 RESERVED CVE-2020-2007 RESERVED CVE-2020-2006 RESERVED CVE-2020-2005 RESERVED CVE-2020-2004 RESERVED CVE-2020-2003 RESERVED CVE-2020-2002 RESERVED CVE-2020-2001 RESERVED CVE-2020-2000 RESERVED CVE-2020-1999 RESERVED CVE-2020-1998 RESERVED CVE-2020-1997 RESERVED CVE-2020-1996 RESERVED CVE-2020-1995 RESERVED CVE-2020-1994 RESERVED CVE-2020-1993 RESERVED CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1990 (A stack-based buffer overflow vulnerability in the management server c ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1989 (An incorrect privilege assignment vulnerability when writing applicati ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1988 (An unquoted search path vulnerability in the Windows release of Global ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1987 (An information exposure vulnerability in the logging component of Palo ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1986 (Improper input validation vulnerability in Secdo allows an authenticat ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in S ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1983 RESERVED CVE-2020-1982 RESERVED CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local ...) NOT-FOR-US: PAN-OS CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...) NOT-FOR-US: PAN-OS CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...) NOT-FOR-US: PAN-OS CVE-2020-1978 (TechSupport files generated on Palo Alto Networks VM Series firewalls ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...) NOT-FOR-US: Palo Alto CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...) NOT-FOR-US: Palo Alto Networks GlobalProtect software CVE-2020-1975 (Missing XML validation vulnerability in the PAN-OS web interface on Pa ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-1974 RESERVED CVE-2020-1973 RESERVED CVE-2020-1972 RESERVED CVE-2020-1971 RESERVED CVE-2020-1970 RESERVED CVE-2020-1969 RESERVED CVE-2020-1968 RESERVED CVE-2020-1967 RESERVED CVE-2020-1966 RESERVED CVE-2020-1965 RESERVED CVE-2020-1964 RESERVED CVE-2020-1963 RESERVED CVE-2020-1962 RESERVED CVE-2020-1961 RESERVED CVE-2020-1960 RESERVED CVE-2020-1959 RESERVED CVE-2020-1958 (When LDAP authentication is enabled in Apache Druid 0.17.0, callers of ...) - druid (bug #825797) CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...) - shiro (bug #955018) NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2 NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139 NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322 CVE-2020-1956 RESERVED CVE-2020-1955 RESERVED CVE-2020-1954 (Apache CXF has the ability to integrate with JMX by registering an Ins ...) NOT-FOR-US: Apache CXF CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML ...) - commons-configuration2 2.7-1 (bug #954713) NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1 CVE-2020-1952 RESERVED CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite loop in ...) {DLA-2161-1} - tika (bug #954302) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/4 CVE-2020-1950 (A carefully crafted or corrupt PSD file can cause excessive memory usa ...) {DLA-2161-1} - tika (bug #954303) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/3 CVE-2020-1949 (Scripts in Sling CMS before 0.16.0 do not property escape the Sling Se ...) NOT-FOR-US: Apache Sling CVE-2020-1948 RESERVED CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingS ...) NOT-FOR-US: Apache ShardingSphere CVE-2020-1946 RESERVED CVE-2020-1945 RESERVED CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...) - trafficserver 8.0.6+ds-1 NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized, allowing ...) NOT-FOR-US: Apache OFBiz CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated ...) NOT-FOR-US: Apache NiFi CVE-2020-1941 RESERVED CVE-2020-1940 (The optional initial password change and password expiration features ...) NOT-FOR-US: Apache Jackrabbit Oak CVE-2020-1939 RESERVED CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...) {DLA-2133-1} - tomcat9 9.0.31-1 (bug #952437) - tomcat8 (bug #952438) [jessie] - tomcat8 (backport is intrusive because of API changes) - tomcat7 (bug #952436) NOTE: AJP disabled in Debian in default configuration since 2008 NOTE: fixed in upstream versions 9.0.31, 8.5.51, 7.0.100 NOTE: https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487 NOTE: https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb (9.0.31) NOTE: https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad (9.0.31) NOTE: https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72 (7.0.100) NOTE: https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2 (7.0.100) NOTE: https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba (7.0.100) NOTE: https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645 (7.0.100) CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the user ...) NOT-FOR-US: Apache Kylin CVE-2020-1936 RESERVED CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...) {DLA-2133-1} - tomcat9 9.0.31-1 - tomcat8 [jessie] - tomcat8 (backport is too intrusive) - tomcat7 NOTE: https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d (7.0.100) CVE-2020-1934 (In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitial ...) - apache2 2.4.43-1 (low) [buster] - apache2 (Minor issue) [stretch] - apache2 (Minor issue) [jessie] - apache2 (Minor issue) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1934 CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Maliciou ...) NOT-FOR-US: Apache NiFi CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...) NOT-FOR-US: Apache Superset CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) {DSA-4615-1 DLA-2107-1} - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784 (restricted) CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) {DSA-4615-1 DLA-2107-1} - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648 (restricted) CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an ...) NOT-FOR-US: Apache Beam MongoDB connector CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...) NOT-FOR-US: Apache NiFi CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_r ...) - apache2 2.4.43-1 (low) [buster] - apache2 (Minor issue) [stretch] - apache2 (Minor issue) [jessie] - apache2 (Minor issue) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927 CVE-2020-1926 RESERVED CVE-2020-1925 (Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperI ...) NOT-FOR-US: Olingo CVE-2020-1924 RESERVED CVE-2020-1923 RESERVED CVE-2020-1922 RESERVED CVE-2020-1921 RESERVED CVE-2020-1920 RESERVED CVE-2020-1919 RESERVED CVE-2020-1918 RESERVED CVE-2020-1917 RESERVED CVE-2020-1916 RESERVED CVE-2020-1915 RESERVED CVE-2020-1914 RESERVED CVE-2020-1913 RESERVED CVE-2020-1912 RESERVED CVE-2020-1911 RESERVED CVE-2020-1910 RESERVED CVE-2020-1909 RESERVED CVE-2020-1908 RESERVED CVE-2020-1907 RESERVED CVE-2020-1906 RESERVED CVE-2020-1905 RESERVED CVE-2020-1904 RESERVED CVE-2020-1903 RESERVED CVE-2020-1902 RESERVED CVE-2020-1901 RESERVED CVE-2020-1900 RESERVED CVE-2020-1899 RESERVED CVE-2020-1898 RESERVED CVE-2020-1897 RESERVED CVE-2020-1896 RESERVED CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...) NOT-FOR-US: Instagram for Android CVE-2020-1894 RESERVED CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...) - hhvm CVE-2020-1892 (Insufficient boundary checks when decoding JSON in JSON_parser allows ...) - hhvm CVE-2020-1891 RESERVED CVE-2020-1890 RESERVED CVE-2020-1889 RESERVED CVE-2020-1888 (Insufficient boundary checks when decoding JSON in handleBackslash rea ...) - hhvm CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions after ...) - osquery (bug #803502) CVE-2020-1886 RESERVED CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...) NOT-FOR-US: Oculus Desktop CVE-2020-1884 RESERVED CVE-2020-1883 RESERVED CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...) NOT-FOR-US: Huawei CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1880 RESERVED CVE-2020-1879 (There is an improper integrity checking vulnerability on some huawei p ...) NOT-FOR-US: Huawei CVE-2020-1878 (Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D ...) NOT-FOR-US: Huawei CVE-2020-1877 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...) NOT-FOR-US: Huawei CVE-2020-1876 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...) NOT-FOR-US: Huawei CVE-2020-1875 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...) NOT-FOR-US: Huawei CVE-2020-1874 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...) NOT-FOR-US: Huawei CVE-2020-1873 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E ...) NOT-FOR-US: Huawei CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...) NOT-FOR-US: Huawei CVE-2020-1870 RESERVED CVE-2020-1869 RESERVED CVE-2020-1868 RESERVED CVE-2020-1867 RESERVED CVE-2020-1866 RESERVED CVE-2020-1865 RESERVED CVE-2020-1864 (Some Huawei products have a security vulnerability due to improper aut ...) NOT-FOR-US: Huawei CVE-2020-1863 (Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, an ...) NOT-FOR-US: Huawei CVE-2020-1862 (There is a double free vulnerability in some Huawei products. A local ...) NOT-FOR-US: Huawei CVE-2020-1861 (CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700 ...) NOT-FOR-US: Huawei CVE-2020-1860 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1859 RESERVED CVE-2020-1858 (Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V ...) NOT-FOR-US: Huawei CVE-2020-1857 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1856 (Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG ...) NOT-FOR-US: Huawei CVE-2020-1855 (Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-55 ...) NOT-FOR-US: Huawei CVE-2020-1854 RESERVED CVE-2020-1853 (GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. ...) NOT-FOR-US: Huawei CVE-2020-1852 RESERVED CVE-2020-1851 RESERVED CVE-2020-1850 RESERVED CVE-2020-1849 RESERVED CVE-2020-1848 RESERVED CVE-2020-1847 RESERVED CVE-2020-1846 RESERVED CVE-2020-1845 RESERVED CVE-2020-1844 (PCManager with versions earlier than 10.0.5.51 have a privilege escala ...) NOT-FOR-US: Huawei CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...) NOT-FOR-US: Huawei CVE-2020-1842 (Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version ...) NOT-FOR-US: Huawei CVE-2020-1841 (Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6 ...) NOT-FOR-US: Huawei CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...) NOT-FOR-US: Huawei CVE-2020-1839 RESERVED CVE-2020-1838 RESERVED CVE-2020-1837 RESERVED CVE-2020-1836 RESERVED CVE-2020-1835 RESERVED CVE-2020-1834 RESERVED CVE-2020-1833 RESERVED CVE-2020-1832 RESERVED CVE-2020-1831 RESERVED CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...) NOT-FOR-US: Huawei CVE-2020-1828 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...) NOT-FOR-US: Huawei CVE-2020-1825 RESERVED CVE-2020-1824 RESERVED CVE-2020-1823 RESERVED CVE-2020-1822 RESERVED CVE-2020-1821 RESERVED CVE-2020-1820 RESERVED CVE-2020-1819 RESERVED CVE-2020-1818 RESERVED CVE-2020-1817 RESERVED CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1814 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1813 RESERVED CVE-2020-1812 (HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P ...) NOT-FOR-US: Huawei CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) NOT-FOR-US: Huawei CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...) NOT-FOR-US: Huawei CVE-2020-1809 RESERVED CVE-2020-1808 RESERVED CVE-2020-1807 RESERVED CVE-2020-1806 RESERVED CVE-2020-1805 RESERVED CVE-2020-1804 RESERVED CVE-2020-1803 RESERVED CVE-2020-1802 RESERVED CVE-2020-1801 RESERVED CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P ...) NOT-FOR-US: Huawei CVE-2020-1799 RESERVED CVE-2020-1798 RESERVED CVE-2020-1797 RESERVED CVE-2020-1796 (There is an improper authorization vulnerability in several smartphone ...) NOT-FOR-US: Huawei CVE-2020-1795 (There is a logic error vulnerability in several smartphones. The softw ...) NOT-FOR-US: Huawei CVE-2020-1794 (There is an improper authentication vulnerability in several smartphon ...) NOT-FOR-US: Huawei CVE-2020-1793 (There is an improper authentication vulnerability in several smartphon ...) NOT-FOR-US: Huawei CVE-2020-1792 (Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C ...) NOT-FOR-US: Huawei CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...) NOT-FOR-US: Huawei CVE-2020-1790 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) NOT-FOR-US: Huawei CVE-2020-1789 (Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with ve ...) NOT-FOR-US: Huawei CVE-2020-1788 (Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P ...) NOT-FOR-US: Huawei CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...) NOT-FOR-US: Huawei CVE-2020-1786 (HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69 ...) NOT-FOR-US: Huawei CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of ser ...) NOT-FOR-US: Huawei CVE-2020-1784 RESERVED CVE-2020-1783 RESERVED CVE-2020-1782 RESERVED CVE-2020-1781 RESERVED CVE-2020-1780 RESERVED CVE-2020-1779 RESERVED CVE-2020-1778 RESERVED CVE-2020-1777 RESERVED CVE-2020-1776 RESERVED CVE-2020-1775 RESERVED CVE-2020-1774 RESERVED CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e NOTE: OTRS5: https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77 CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b NOTE: OTRS5: https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7 CVE-2020-1771 (Attacker is able craft an article with a link to the customer address ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (Vulnerable code introduced in later version) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/ NOTE: Fixed in 7.0.16, 6.0.27 NOTE: https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2 CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95 NOTE: OTRS5: https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/1b74e24582c946d02209acfc248d4ba451251f93 NOTE: OTRS5: https://github.com/OTRS/otrs/commit/7974ea582211c13730d223fc4dcdffa542af423f CVE-2020-1768 (The external frontend system uses numerous background calls to the bac ...) - otrs2 (Only affects 7.0.x series) NOTE: https://community.otrs.com/security-advisory-2020-04/ CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then Agent ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/ NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570 CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/ NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6) NOTE: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a (OTRS5) CVE-2020-1765 (An improper control of parameters allows the spoofing of the from fiel ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/ NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6) NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5) CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default configurat ...) NOT-FOR-US: Kiali CVE-2020-1763 RESERVED CVE-2020-1762 RESERVED NOT-FOR-US: Kiali CVE-2020-1761 RESERVED NOT-FOR-US: OpenShift CVE-2020-1760 [header-splitting in RGW GetObject has a possible XSS] RESERVED {DLA-2171-1} - ceph (bug #956142) NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/8aa1f77363ec32bdc57744a143035033291ab5e1 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/18eb4d918b27d362312c29a3bbd57a421897c0a5 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/1bf14094fec34770d2cc74317f4238ccb2dfef98 NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/1 CVE-2020-1759 [ceph: secure mode of msgr2 breaks both confidentiality and integrity aspects for long-lived sessions] RESERVED - ceph (bug #956139) [buster] - ceph (Vulnerable code not present) [stretch] - ceph (Vulnerable code not present) [jessie] - ceph (Vulnerable code not present) NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/fe387e02b11df98357d8cdbfa3b1f1d5f2bb3f74 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/84d2e215969cde830b086d11544aeb3666614211 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/659ec7dc6e30fe961832f813da007f49e603a33d NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2 CVE-2020-1758 RESERVED CVE-2020-1757 RESERVED - undertow NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1752770 CVE-2020-1756 RESERVED CVE-2020-1755 RESERVED CVE-2020-1754 RESERVED CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...) - ansible [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1811008 NOTE: https://github.com/ansible-collections/kubernetes/pull/51 NOTE: Fixing commit only introduces a warning about disclosure when using certain NOTE: options. CVE-2020-1752 [use-after-free in glob() function when expanding ~user] RESERVED - glibc 2.30-3 (bug #953788) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25414 NOTE: Introduced in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f2962a71959fd254a7a223437ca4b63b9e81130c (2.14) NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c CVE-2020-1751 [array overflow in backtrace on powerpc] RESERVED - glibc 2.30-3 [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25423 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d93769405996dfc11d216ddbe415946617b5a494 CVE-2020-1750 RESERVED NOT-FOR-US: OpenShift machine-config-operator CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup] RESERVED - linux 5.4.6-1 NOTE: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2 CVE-2020-1748 RESERVED CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions befor ...) - pyyaml 5.3-2 (bug #953013) [buster] - pyyaml (Loader/Constructor classes are unsafe in this version) [stretch] - pyyaml (Loader/Constructor classes are unsafe in this version) [jessie] - pyyaml (Loader/Constructor classes are unsafe in this version) NOTE: https://github.com/yaml/pyyaml/pull/386 CVE-2020-1746 RESERVED - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805491 NOTE: https://github.com/ansible/ansible/pull/67866 CVE-2020-1745 [AJP File Read/Inclusion Vulnerability] RESERVED - undertow NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1807305 CVE-2020-1744 (A flaw was found in keycloak before version 9.0.1. When configuring an ...) NOT-FOR-US: Keycloak CVE-2020-1743 RESERVED CVE-2020-1742 RESERVED NOT-FOR-US: OpenShift jenkins-slave-base-rhel7-container CVE-2020-1741 RESERVED NOT-FOR-US: openshift-ansible CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193 NOTE: https://github.com/ansible/ansible/issues/67798 CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178 NOTE: https://github.com/ansible/ansible/issues/67797 CVE-2020-1738 (A flaw was found in Ansible Engine when the module package or service ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802164 NOTE: https://github.com/ansible/ansible/issues/67796 CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154 NOTE: https://github.com/ansible/ansible/issues/67795 CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using atomic_m ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802124 NOTE: https://github.com/ansible/ansible/issues/67794 CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is used. ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085 NOTE: https://github.com/ansible/ansible/issues/67793 CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804 NOTE: https://github.com/ansible/ansible/issues/6550 NOTE: https://github.com/ansible/ansible/issues/67792 CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735 CVE-2020-1732 RESERVED - wildfly (bug #752018) CVE-2020-1731 (A flaw was found in all versions of the Keycloak operator, before vers ...) NOT-FOR-US: Keycloak CVE-2020-1730 RESERVED - libssh 0.9.4-1 (bug #956308) [stretch] - libssh (Vulnerable code introduced later) [jessie] - libssh (Vulnerable code introduced later) NOTE: https://www.libssh.org/security/advisories/CVE-2020-1730.txt NOTE: https://bugs.libssh.org/T213 NOTE: Introduced by: https://git.libssh.org/projects/libssh.git/commit/?id=84a85803b4c83b8dac03b0d0aba58b48c98253e6 (libssh-0.8.0) NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b36272eac1b36982598c10de7af0a501582de07a CVE-2020-1729 RESERVED NOT-FOR-US: SmallRye Config CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the pages ...) NOT-FOR-US: Keycloak CVE-2020-1727 RESERVED CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...) - podman (bug #930440) CVE-2020-1725 RESERVED CVE-2020-1724 RESERVED CVE-2020-1723 RESERVED CVE-2020-1722 RESERVED CVE-2020-1721 RESERVED - dogtag-pki NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579 CVE-2020-1720 (A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", whe ...) {DSA-4623-1 DSA-4622-1 DLA-2105-1} - postgresql-12 12.2-1 - postgresql-11 - postgresql-9.6 - postgresql-9.4 NOTE: https://www.postgresql.org/about/news/2011/ NOTE: Fixed in 12.2, 11.7, 10.12, 9.6.17, 9.5.21, and 9.4.26 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b048f558dd7c26a0c630a2cff29d3d8981eaf6b9 CVE-2020-1719 RESERVED - wildfly (bug #752018) CVE-2020-1718 RESERVED CVE-2020-1717 RESERVED CVE-2020-1716 RESERVED NOT-FOR-US: ceph-ansible CVE-2020-1715 RESERVED CVE-2020-1714 RESERVED CVE-2020-1713 RESERVED CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before versio ...) - systemd 244.2-1 (bug #950732) [buster] - systemd (Can be fixed via point release) [stretch] - systemd (Can be fixed via point release) [jessie] - systemd (Vulnerable code introduced later) NOTE: https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation) NOTE: https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 (preparation) NOTE: https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab (preparation) NOTE: https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b (preparation) NOTE: https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 (introduce new API) NOTE: https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb (use new function to fix CVE-2020-1712) NOTE: https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation) NOTE: https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971 CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...) {DLA-2144-1} - qemu 1:4.2-2 (bug #949731) [buster] - qemu 1:3.1+dfsg-8+deb10u4 [stretch] - qemu (Intrusive to backport, revisit later) - qemu-kvm NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-01/msg05535.html NOTE: https://www.openwall.com/lists/oss-security/2020/01/23/3 CVE-2020-1710 RESERVED CVE-2020-1709 (A vulnerability was found in all openshift/mediawiki 4.x.x versions pr ...) NOT-FOR-US: openshift CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all openshi ...) NOT-FOR-US: openshift CVE-2020-1707 (A vulnerability was found in all openshift/postgresql-apb 4.x.x versio ...) NOT-FOR-US: openshift CVE-2020-1706 (It has been found that in openshift-enterprise version 3.11 and opensh ...) NOT-FOR-US: openshift CVE-2020-1705 (A vulnerability was found in openshift/template-service-broker-operato ...) NOT-FOR-US: openshift CVE-2020-1704 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2020-1703 RESERVED CVE-2020-1702 RESERVED NOT-FOR-US: Red Hat container manager tooling CVE-2020-1701 RESERVED NOT-FOR-US: KubeVirt CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...) - ceph 14.2.7-1 [buster] - ceph (Minor issue) [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/42531 NOTE: https://github.com/ceph/ceph/pull/33017 NOTE: https://github.com/ceph/ceph/commit/ff72c50a2c43c57aead933eb4903ad1ca6d1748a CVE-2020-1699 [improper URL checking leads to information disclosure] RESERVED - ceph 14.2.6-4 (bug #949206) [buster] - ceph (Vulnerable code introduced later) [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/41320 NOTE: https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158 CVE-2020-1698 RESERVED CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to exter ...) NOT-FOR-US: Keycloak CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...) - dogtag-pki NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707 CVE-2020-1695 RESERVED CVE-2020-1694 RESERVED CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...) NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...) - moodle CVE-2020-1691 RESERVED CVE-2020-1690 RESERVED NOT-FOR-US: openstack-selinux CVE-2020-1689 RESERVED CVE-2020-1688 RESERVED CVE-2020-1687 RESERVED CVE-2020-1686 RESERVED CVE-2020-1685 RESERVED CVE-2020-1684 RESERVED CVE-2020-1683 RESERVED CVE-2020-1682 RESERVED CVE-2020-1681 RESERVED CVE-2020-1680 RESERVED CVE-2020-1679 RESERVED CVE-2020-1678 RESERVED CVE-2020-1677 RESERVED CVE-2020-1676 RESERVED CVE-2020-1675 RESERVED CVE-2020-1674 RESERVED CVE-2020-1673 RESERVED CVE-2020-1672 RESERVED CVE-2020-1671 RESERVED CVE-2020-1670 RESERVED CVE-2020-1669 RESERVED CVE-2020-1668 RESERVED CVE-2020-1667 RESERVED CVE-2020-1666 RESERVED CVE-2020-1665 RESERVED CVE-2020-1664 RESERVED CVE-2020-1663 RESERVED CVE-2020-1662 RESERVED CVE-2020-1661 RESERVED CVE-2020-1660 RESERVED CVE-2020-1659 RESERVED CVE-2020-1658 RESERVED CVE-2020-1657 RESERVED CVE-2020-1656 RESERVED CVE-2020-1655 RESERVED CVE-2020-1654 RESERVED CVE-2020-1653 RESERVED CVE-2020-1652 RESERVED CVE-2020-1651 RESERVED CVE-2020-1650 RESERVED CVE-2020-1649 RESERVED CVE-2020-1648 RESERVED CVE-2020-1647 RESERVED CVE-2020-1646 RESERVED CVE-2020-1645 RESERVED CVE-2020-1644 RESERVED CVE-2020-1643 RESERVED CVE-2020-1642 RESERVED CVE-2020-1641 RESERVED CVE-2020-1640 RESERVED CVE-2020-1639 (When an attacker sends a specific crafted Ethernet Operation, Administ ...) NOT-FOR-US: Juniper CVE-2020-1638 (The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and J ...) NOT-FOR-US: Juniper CVE-2020-1637 (A vulnerability in Juniper Networks SRX Series device configured as a ...) NOT-FOR-US: Juniper CVE-2020-1636 RESERVED CVE-2020-1635 RESERVED CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and when sp ...) NOT-FOR-US: Juniper CVE-2020-1633 (Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos ...) NOT-FOR-US: Juniper CVE-2020-1632 RESERVED NOT-FOR-US: Juniper CVE-2020-1631 RESERVED CVE-2020-1630 (A privilege escalation vulnerability in Juniper Networks Junos OS devi ...) NOT-FOR-US: Juniper CVE-2020-1629 (A race condition vulnerability on Juniper Network Junos OS devices may ...) NOT-FOR-US: Juniper CVE-2020-1628 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...) NOT-FOR-US: Juniper CVE-2020-1627 (A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices ...) NOT-FOR-US: Juniper CVE-2020-1626 (A vulnerability in Juniper Networks Junos OS Evolved may allow an atta ...) NOT-FOR-US: Juniper CVE-2020-1625 (The kernel memory usage represented as "temp" via 'show system virtual ...) NOT-FOR-US: Juniper CVE-2020-1624 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1623 (A local, authenticated user with shell can view sensitive configuratio ...) NOT-FOR-US: Juniper CVE-2020-1622 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1621 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1620 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1619 (A privilege escalation vulnerability in Juniper Networks QFX10K Series ...) NOT-FOR-US: Juniper CVE-2020-1618 (On Juniper Networks EX and QFX Series, an authentication bypass vulner ...) NOT-FOR-US: Juniper CVE-2020-1617 (This issue occurs on Juniper Networks Junos OS devices which do not su ...) NOT-FOR-US: Juniper CVE-2020-1616 (Due to insufficient server-side login attempt limit enforcement, a vul ...) NOT-FOR-US: Juniper CVE-2020-1615 (The factory configuration for vMX installations, as shipped, includes ...) NOT-FOR-US: Juniper CVE-2020-1614 (A Use of Hard-coded Credentials vulnerability exists in the NFX250 Ser ...) NOT-FOR-US: Juniper CVE-2020-1613 (A vulnerability in the BGP FlowSpec implementation may cause a Juniper ...) NOT-FOR-US: Juniper CVE-2020-1612 RESERVED CVE-2020-1611 (A Local File Inclusion vulnerability in Juniper Networks Junos Space a ...) NOT-FOR-US: Juniper CVE-2020-1610 RESERVED CVE-2020-1609 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1608 (Receipt of a specific MPLS or IPv6 packet on the core facing interface ...) NOT-FOR-US: Juniper CVE-2020-1607 (Insufficient Cross-Site Scripting (XSS) protection in J-Web may potent ...) NOT-FOR-US: Juniper CVE-2020-1606 (A path traversal vulnerability in the Juniper Networks Junos OS device ...) NOT-FOR-US: Juniper CVE-2020-1605 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1604 (On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the ...) NOT-FOR-US: Juniper CVE-2020-1603 (Specific IPv6 packets sent by clients processed by the Routing Engine ...) NOT-FOR-US: Juniper CVE-2020-1602 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1601 (Certain types of malformed Path Computation Element Protocol (PCEP) pa ...) NOT-FOR-US: Juniper CVE-2020-1600 (In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an ...) NOT-FOR-US: Juniper CVE-2020-1599 RESERVED CVE-2020-1598 RESERVED CVE-2020-1597 RESERVED CVE-2020-1596 RESERVED CVE-2020-1595 RESERVED CVE-2020-1594 RESERVED CVE-2020-1593 RESERVED CVE-2020-1592 RESERVED CVE-2020-1591 RESERVED CVE-2020-1590 RESERVED CVE-2020-1589 RESERVED CVE-2020-1588 RESERVED CVE-2020-1587 RESERVED CVE-2020-1586 RESERVED CVE-2020-1585 RESERVED CVE-2020-1584 RESERVED CVE-2020-1583 RESERVED CVE-2020-1582 RESERVED CVE-2020-1581 RESERVED CVE-2020-1580 RESERVED CVE-2020-1579 RESERVED CVE-2020-1578 RESERVED CVE-2020-1577 RESERVED CVE-2020-1576 RESERVED CVE-2020-1575 RESERVED CVE-2020-1574 RESERVED CVE-2020-1573 RESERVED CVE-2020-1572 RESERVED CVE-2020-1571 RESERVED CVE-2020-1570 RESERVED CVE-2020-1569 RESERVED CVE-2020-1568 RESERVED CVE-2020-1567 RESERVED CVE-2020-1566 RESERVED CVE-2020-1565 RESERVED CVE-2020-1564 RESERVED CVE-2020-1563 RESERVED CVE-2020-1562 RESERVED CVE-2020-1561 RESERVED CVE-2020-1560 RESERVED CVE-2020-1559 RESERVED CVE-2020-1558 RESERVED CVE-2020-1557 RESERVED CVE-2020-1556 RESERVED CVE-2020-1555 RESERVED CVE-2020-1554 RESERVED CVE-2020-1553 RESERVED CVE-2020-1552 RESERVED CVE-2020-1551 RESERVED CVE-2020-1550 RESERVED CVE-2020-1549 RESERVED CVE-2020-1548 RESERVED CVE-2020-1547 RESERVED CVE-2020-1546 RESERVED CVE-2020-1545 RESERVED CVE-2020-1544 RESERVED CVE-2020-1543 RESERVED CVE-2020-1542 RESERVED CVE-2020-1541 RESERVED CVE-2020-1540 RESERVED CVE-2020-1539 RESERVED CVE-2020-1538 RESERVED CVE-2020-1537 RESERVED CVE-2020-1536 RESERVED CVE-2020-1535 RESERVED CVE-2020-1534 RESERVED CVE-2020-1533 RESERVED CVE-2020-1532 RESERVED CVE-2020-1531 RESERVED CVE-2020-1530 RESERVED CVE-2020-1529 RESERVED CVE-2020-1528 RESERVED CVE-2020-1527 RESERVED CVE-2020-1526 RESERVED CVE-2020-1525 RESERVED CVE-2020-1524 RESERVED CVE-2020-1523 RESERVED CVE-2020-1522 RESERVED CVE-2020-1521 RESERVED CVE-2020-1520 RESERVED CVE-2020-1519 RESERVED CVE-2020-1518 RESERVED CVE-2020-1517 RESERVED CVE-2020-1516 RESERVED CVE-2020-1515 RESERVED CVE-2020-1514 RESERVED CVE-2020-1513 RESERVED CVE-2020-1512 RESERVED CVE-2020-1511 RESERVED CVE-2020-1510 RESERVED CVE-2020-1509 RESERVED CVE-2020-1508 RESERVED CVE-2020-1507 RESERVED CVE-2020-1506 RESERVED CVE-2020-1505 RESERVED CVE-2020-1504 RESERVED CVE-2020-1503 RESERVED CVE-2020-1502 RESERVED CVE-2020-1501 RESERVED CVE-2020-1500 RESERVED CVE-2020-1499 RESERVED CVE-2020-1498 RESERVED CVE-2020-1497 RESERVED CVE-2020-1496 RESERVED CVE-2020-1495 RESERVED CVE-2020-1494 RESERVED CVE-2020-1493 RESERVED CVE-2020-1492 RESERVED CVE-2020-1491 RESERVED CVE-2020-1490 RESERVED CVE-2020-1489 RESERVED CVE-2020-1488 RESERVED CVE-2020-1487 RESERVED CVE-2020-1486 RESERVED CVE-2020-1485 RESERVED CVE-2020-1484 RESERVED CVE-2020-1483 RESERVED CVE-2020-1482 RESERVED CVE-2020-1481 RESERVED CVE-2020-1480 RESERVED CVE-2020-1479 RESERVED CVE-2020-1478 RESERVED CVE-2020-1477 RESERVED CVE-2020-1476 RESERVED CVE-2020-1475 RESERVED CVE-2020-1474 RESERVED CVE-2020-1473 RESERVED CVE-2020-1472 RESERVED CVE-2020-1471 RESERVED CVE-2020-1470 RESERVED CVE-2020-1469 RESERVED CVE-2020-1468 RESERVED CVE-2020-1467 RESERVED CVE-2020-1466 RESERVED CVE-2020-1465 RESERVED CVE-2020-1464 RESERVED CVE-2020-1463 RESERVED CVE-2020-1462 RESERVED CVE-2020-1461 RESERVED CVE-2020-1460 RESERVED CVE-2020-1459 RESERVED CVE-2020-1458 RESERVED CVE-2020-1457 RESERVED CVE-2020-1456 RESERVED CVE-2020-1455 RESERVED CVE-2020-1454 RESERVED CVE-2020-1453 RESERVED CVE-2020-1452 RESERVED CVE-2020-1451 RESERVED CVE-2020-1450 RESERVED CVE-2020-1449 RESERVED CVE-2020-1448 RESERVED CVE-2020-1447 RESERVED CVE-2020-1446 RESERVED CVE-2020-1445 RESERVED CVE-2020-1444 RESERVED CVE-2020-1443 RESERVED CVE-2020-1442 RESERVED CVE-2020-1441 RESERVED CVE-2020-1440 RESERVED CVE-2020-1439 RESERVED CVE-2020-1438 RESERVED CVE-2020-1437 RESERVED CVE-2020-1436 RESERVED CVE-2020-1435 RESERVED CVE-2020-1434 RESERVED CVE-2020-1433 RESERVED CVE-2020-1432 RESERVED CVE-2020-1431 RESERVED CVE-2020-1430 RESERVED CVE-2020-1429 RESERVED CVE-2020-1428 RESERVED CVE-2020-1427 RESERVED CVE-2020-1426 RESERVED CVE-2020-1425 RESERVED CVE-2020-1424 RESERVED CVE-2020-1423 RESERVED CVE-2020-1422 RESERVED CVE-2020-1421 RESERVED CVE-2020-1420 RESERVED CVE-2020-1419 RESERVED CVE-2020-1418 RESERVED CVE-2020-1417 RESERVED CVE-2020-1416 RESERVED CVE-2020-1415 RESERVED CVE-2020-1414 RESERVED CVE-2020-1413 RESERVED CVE-2020-1412 RESERVED CVE-2020-1411 RESERVED CVE-2020-1410 RESERVED CVE-2020-1409 RESERVED CVE-2020-1408 RESERVED CVE-2020-1407 RESERVED CVE-2020-1406 RESERVED CVE-2020-1405 RESERVED CVE-2020-1404 RESERVED CVE-2020-1403 RESERVED CVE-2020-1402 RESERVED CVE-2020-1401 RESERVED CVE-2020-1400 RESERVED CVE-2020-1399 RESERVED CVE-2020-1398 RESERVED CVE-2020-1397 RESERVED CVE-2020-1396 RESERVED CVE-2020-1395 RESERVED CVE-2020-1394 RESERVED CVE-2020-1393 RESERVED CVE-2020-1392 RESERVED CVE-2020-1391 RESERVED CVE-2020-1390 RESERVED CVE-2020-1389 RESERVED CVE-2020-1388 RESERVED CVE-2020-1387 RESERVED CVE-2020-1386 RESERVED CVE-2020-1385 RESERVED CVE-2020-1384 RESERVED CVE-2020-1383 RESERVED CVE-2020-1382 RESERVED CVE-2020-1381 RESERVED CVE-2020-1380 RESERVED CVE-2020-1379 RESERVED CVE-2020-1378 RESERVED CVE-2020-1377 RESERVED CVE-2020-1376 RESERVED CVE-2020-1375 RESERVED CVE-2020-1374 RESERVED CVE-2020-1373 RESERVED CVE-2020-1372 RESERVED CVE-2020-1371 RESERVED CVE-2020-1370 RESERVED CVE-2020-1369 RESERVED CVE-2020-1368 RESERVED CVE-2020-1367 RESERVED CVE-2020-1366 RESERVED CVE-2020-1365 RESERVED CVE-2020-1364 RESERVED CVE-2020-1363 RESERVED CVE-2020-1362 RESERVED CVE-2020-1361 RESERVED CVE-2020-1360 RESERVED CVE-2020-1359 RESERVED CVE-2020-1358 RESERVED CVE-2020-1357 RESERVED CVE-2020-1356 RESERVED CVE-2020-1355 RESERVED CVE-2020-1354 RESERVED CVE-2020-1353 RESERVED CVE-2020-1352 RESERVED CVE-2020-1351 RESERVED CVE-2020-1350 RESERVED CVE-2020-1349 RESERVED CVE-2020-1348 RESERVED CVE-2020-1347 RESERVED CVE-2020-1346 RESERVED CVE-2020-1345 RESERVED CVE-2020-1344 RESERVED CVE-2020-1343 RESERVED CVE-2020-1342 RESERVED CVE-2020-1341 RESERVED CVE-2020-1340 RESERVED CVE-2020-1339 RESERVED CVE-2020-1338 RESERVED CVE-2020-1337 RESERVED CVE-2020-1336 RESERVED CVE-2020-1335 RESERVED CVE-2020-1334 RESERVED CVE-2020-1333 RESERVED CVE-2020-1332 RESERVED CVE-2020-1331 RESERVED CVE-2020-1330 RESERVED CVE-2020-1329 RESERVED CVE-2020-1328 RESERVED CVE-2020-1327 RESERVED CVE-2020-1326 RESERVED CVE-2020-1325 RESERVED CVE-2020-1324 RESERVED CVE-2020-1323 RESERVED CVE-2020-1322 RESERVED CVE-2020-1321 RESERVED CVE-2020-1320 RESERVED CVE-2020-1319 RESERVED CVE-2020-1318 RESERVED CVE-2020-1317 RESERVED CVE-2020-1316 RESERVED CVE-2020-1315 RESERVED CVE-2020-1314 RESERVED CVE-2020-1313 RESERVED CVE-2020-1312 RESERVED CVE-2020-1311 RESERVED CVE-2020-1310 RESERVED CVE-2020-1309 RESERVED CVE-2020-1308 RESERVED CVE-2020-1307 RESERVED CVE-2020-1306 RESERVED CVE-2020-1305 RESERVED CVE-2020-1304 RESERVED CVE-2020-1303 RESERVED CVE-2020-1302 RESERVED CVE-2020-1301 RESERVED CVE-2020-1300 RESERVED CVE-2020-1299 RESERVED CVE-2020-1298 RESERVED CVE-2020-1297 RESERVED CVE-2020-1296 RESERVED CVE-2020-1295 RESERVED CVE-2020-1294 RESERVED CVE-2020-1293 RESERVED CVE-2020-1292 RESERVED CVE-2020-1291 RESERVED CVE-2020-1290 RESERVED CVE-2020-1289 RESERVED CVE-2020-1288 RESERVED CVE-2020-1287 RESERVED CVE-2020-1286 RESERVED CVE-2020-1285 RESERVED CVE-2020-1284 RESERVED CVE-2020-1283 RESERVED CVE-2020-1282 RESERVED CVE-2020-1281 RESERVED CVE-2020-1280 RESERVED CVE-2020-1279 RESERVED CVE-2020-1278 RESERVED CVE-2020-1277 RESERVED CVE-2020-1276 RESERVED CVE-2020-1275 RESERVED CVE-2020-1274 RESERVED CVE-2020-1273 RESERVED CVE-2020-1272 RESERVED CVE-2020-1271 RESERVED CVE-2020-1270 RESERVED CVE-2020-1269 RESERVED CVE-2020-1268 RESERVED CVE-2020-1267 RESERVED CVE-2020-1266 RESERVED CVE-2020-1265 RESERVED CVE-2020-1264 RESERVED CVE-2020-1263 RESERVED CVE-2020-1262 RESERVED CVE-2020-1261 RESERVED CVE-2020-1260 RESERVED CVE-2020-1259 RESERVED CVE-2020-1258 RESERVED CVE-2020-1257 RESERVED CVE-2020-1256 RESERVED CVE-2020-1255 RESERVED CVE-2020-1254 RESERVED CVE-2020-1253 RESERVED CVE-2020-1252 RESERVED CVE-2020-1251 RESERVED CVE-2020-1250 RESERVED CVE-2020-1249 RESERVED CVE-2020-1248 RESERVED CVE-2020-1247 RESERVED CVE-2020-1246 RESERVED CVE-2020-1245 RESERVED CVE-2020-1244 RESERVED CVE-2020-1243 RESERVED CVE-2020-1242 RESERVED CVE-2020-1241 RESERVED CVE-2020-1240 RESERVED CVE-2020-1239 RESERVED CVE-2020-1238 RESERVED CVE-2020-1237 RESERVED CVE-2020-1236 RESERVED CVE-2020-1235 RESERVED CVE-2020-1234 RESERVED CVE-2020-1233 RESERVED CVE-2020-1232 RESERVED CVE-2020-1231 RESERVED CVE-2020-1230 RESERVED CVE-2020-1229 RESERVED CVE-2020-1228 RESERVED CVE-2020-1227 RESERVED CVE-2020-1226 RESERVED CVE-2020-1225 RESERVED CVE-2020-1224 RESERVED CVE-2020-1223 RESERVED CVE-2020-1222 RESERVED CVE-2020-1221 RESERVED CVE-2020-1220 RESERVED CVE-2020-1219 RESERVED CVE-2020-1218 RESERVED CVE-2020-1217 RESERVED CVE-2020-1216 RESERVED CVE-2020-1215 RESERVED CVE-2020-1214 RESERVED CVE-2020-1213 RESERVED CVE-2020-1212 RESERVED CVE-2020-1211 RESERVED CVE-2020-1210 RESERVED CVE-2020-1209 RESERVED CVE-2020-1208 RESERVED CVE-2020-1207 RESERVED CVE-2020-1206 RESERVED CVE-2020-1205 RESERVED CVE-2020-1204 RESERVED CVE-2020-1203 RESERVED CVE-2020-1202 RESERVED CVE-2020-1201 RESERVED CVE-2020-1200 RESERVED CVE-2020-1199 RESERVED CVE-2020-1198 RESERVED CVE-2020-1197 RESERVED CVE-2020-1196 RESERVED CVE-2020-1195 RESERVED CVE-2020-1194 RESERVED CVE-2020-1193 RESERVED CVE-2020-1192 RESERVED CVE-2020-1191 RESERVED CVE-2020-1190 RESERVED CVE-2020-1189 RESERVED CVE-2020-1188 RESERVED CVE-2020-1187 RESERVED CVE-2020-1186 RESERVED CVE-2020-1185 RESERVED CVE-2020-1184 RESERVED CVE-2020-1183 RESERVED CVE-2020-1182 RESERVED CVE-2020-1181 RESERVED CVE-2020-1180 RESERVED CVE-2020-1179 RESERVED CVE-2020-1178 RESERVED CVE-2020-1177 RESERVED CVE-2020-1176 RESERVED CVE-2020-1175 RESERVED CVE-2020-1174 RESERVED CVE-2020-1173 RESERVED CVE-2020-1172 RESERVED CVE-2020-1171 RESERVED CVE-2020-1170 RESERVED CVE-2020-1169 RESERVED CVE-2020-1168 RESERVED CVE-2020-1167 RESERVED CVE-2020-1166 RESERVED CVE-2020-1165 RESERVED CVE-2020-1164 RESERVED CVE-2020-1163 RESERVED CVE-2020-1162 RESERVED CVE-2020-1161 RESERVED CVE-2020-1160 RESERVED CVE-2020-1159 RESERVED CVE-2020-1158 RESERVED CVE-2020-1157 RESERVED CVE-2020-1156 RESERVED CVE-2020-1155 RESERVED CVE-2020-1154 RESERVED CVE-2020-1153 RESERVED CVE-2020-1152 RESERVED CVE-2020-1151 RESERVED CVE-2020-1150 RESERVED CVE-2020-1149 RESERVED CVE-2020-1148 RESERVED CVE-2020-1147 RESERVED CVE-2020-1146 RESERVED CVE-2020-1145 RESERVED CVE-2020-1144 RESERVED CVE-2020-1143 RESERVED CVE-2020-1142 RESERVED CVE-2020-1141 RESERVED CVE-2020-1140 RESERVED CVE-2020-1139 RESERVED CVE-2020-1138 RESERVED CVE-2020-1137 RESERVED CVE-2020-1136 RESERVED CVE-2020-1135 RESERVED CVE-2020-1134 RESERVED CVE-2020-1133 RESERVED CVE-2020-1132 RESERVED CVE-2020-1131 RESERVED CVE-2020-1130 RESERVED CVE-2020-1129 RESERVED CVE-2020-1128 RESERVED CVE-2020-1127 RESERVED CVE-2020-1126 RESERVED CVE-2020-1125 RESERVED CVE-2020-1124 RESERVED CVE-2020-1123 RESERVED CVE-2020-1122 RESERVED CVE-2020-1121 RESERVED CVE-2020-1120 RESERVED CVE-2020-1119 RESERVED CVE-2020-1118 RESERVED CVE-2020-1117 RESERVED CVE-2020-1116 RESERVED CVE-2020-1115 RESERVED CVE-2020-1114 RESERVED CVE-2020-1113 RESERVED CVE-2020-1112 RESERVED CVE-2020-1111 RESERVED CVE-2020-1110 RESERVED CVE-2020-1109 RESERVED CVE-2020-1108 RESERVED CVE-2020-1107 RESERVED CVE-2020-1106 RESERVED CVE-2020-1105 RESERVED CVE-2020-1104 RESERVED CVE-2020-1103 RESERVED CVE-2020-1102 RESERVED CVE-2020-1101 RESERVED CVE-2020-1100 RESERVED CVE-2020-1099 RESERVED CVE-2020-1098 RESERVED CVE-2020-1097 RESERVED CVE-2020-1096 RESERVED CVE-2020-1095 RESERVED CVE-2020-1094 RESERVED CVE-2020-1093 RESERVED CVE-2020-1092 RESERVED CVE-2020-1091 RESERVED CVE-2020-1090 RESERVED CVE-2020-1089 RESERVED CVE-2020-1088 RESERVED CVE-2020-1087 RESERVED CVE-2020-1086 RESERVED CVE-2020-1085 RESERVED CVE-2020-1084 RESERVED CVE-2020-1083 RESERVED CVE-2020-1082 RESERVED CVE-2020-1081 RESERVED CVE-2020-1080 RESERVED CVE-2020-1079 RESERVED CVE-2020-1078 RESERVED CVE-2020-1077 RESERVED CVE-2020-1076 RESERVED CVE-2020-1075 RESERVED CVE-2020-1074 RESERVED CVE-2020-1073 RESERVED CVE-2020-1072 RESERVED CVE-2020-1071 RESERVED CVE-2020-1070 RESERVED CVE-2020-1069 RESERVED CVE-2020-1068 RESERVED CVE-2020-1067 RESERVED CVE-2020-1066 RESERVED CVE-2020-1065 RESERVED CVE-2020-1064 RESERVED CVE-2020-1063 RESERVED CVE-2020-1062 RESERVED CVE-2020-1061 RESERVED CVE-2020-1060 RESERVED CVE-2020-1059 RESERVED CVE-2020-1058 RESERVED CVE-2020-1057 RESERVED CVE-2020-1056 RESERVED CVE-2020-1055 RESERVED CVE-2020-1054 RESERVED CVE-2020-1053 RESERVED CVE-2020-1052 RESERVED CVE-2020-1051 RESERVED CVE-2020-1050 RESERVED CVE-2020-1049 RESERVED CVE-2020-1048 RESERVED CVE-2020-1047 RESERVED CVE-2020-1046 RESERVED CVE-2020-1045 RESERVED CVE-2020-1044 RESERVED CVE-2020-1043 RESERVED CVE-2020-1042 RESERVED CVE-2020-1041 RESERVED CVE-2020-1040 RESERVED CVE-2020-1039 RESERVED CVE-2020-1038 RESERVED CVE-2020-1037 RESERVED CVE-2020-1036 RESERVED CVE-2020-1035 RESERVED CVE-2020-1034 RESERVED CVE-2020-1033 RESERVED CVE-2020-1032 RESERVED CVE-2020-1031 RESERVED CVE-2020-1030 RESERVED CVE-2020-1029 RESERVED CVE-2020-1028 RESERVED CVE-2020-1027 RESERVED CVE-2020-1026 RESERVED CVE-2020-1025 RESERVED CVE-2020-1024 RESERVED CVE-2020-1023 RESERVED CVE-2020-1022 RESERVED CVE-2020-1021 RESERVED CVE-2020-1020 RESERVED CVE-2020-1019 RESERVED CVE-2020-1018 RESERVED CVE-2020-1017 RESERVED CVE-2020-1016 RESERVED CVE-2020-1015 RESERVED CVE-2020-1014 RESERVED CVE-2020-1013 RESERVED CVE-2020-1012 RESERVED CVE-2020-1011 RESERVED CVE-2020-1010 RESERVED CVE-2020-1009 RESERVED CVE-2020-1008 RESERVED CVE-2020-1007 RESERVED CVE-2020-1006 RESERVED CVE-2020-1005 RESERVED CVE-2020-1004 RESERVED CVE-2020-1003 RESERVED CVE-2020-1002 RESERVED CVE-2020-1001 RESERVED CVE-2020-1000 RESERVED CVE-2020-0999 RESERVED CVE-2020-0998 RESERVED CVE-2020-0997 RESERVED CVE-2020-0996 RESERVED CVE-2020-0995 RESERVED CVE-2020-0994 RESERVED CVE-2020-0993 RESERVED CVE-2020-0992 RESERVED CVE-2020-0991 RESERVED CVE-2020-0990 RESERVED CVE-2020-0989 RESERVED CVE-2020-0988 RESERVED CVE-2020-0987 RESERVED CVE-2020-0986 RESERVED CVE-2020-0985 RESERVED CVE-2020-0984 RESERVED CVE-2020-0983 RESERVED CVE-2020-0982 RESERVED CVE-2020-0981 RESERVED CVE-2020-0980 RESERVED CVE-2020-0979 RESERVED CVE-2020-0978 RESERVED CVE-2020-0977 RESERVED CVE-2020-0976 RESERVED CVE-2020-0975 RESERVED CVE-2020-0974 RESERVED CVE-2020-0973 RESERVED CVE-2020-0972 RESERVED CVE-2020-0971 RESERVED CVE-2020-0970 RESERVED CVE-2020-0969 RESERVED CVE-2020-0968 RESERVED CVE-2020-0967 RESERVED CVE-2020-0966 RESERVED CVE-2020-0965 RESERVED CVE-2020-0964 RESERVED CVE-2020-0963 RESERVED CVE-2020-0962 RESERVED CVE-2020-0961 RESERVED CVE-2020-0960 RESERVED CVE-2020-0959 RESERVED CVE-2020-0958 RESERVED CVE-2020-0957 RESERVED CVE-2020-0956 RESERVED CVE-2020-0955 RESERVED CVE-2020-0954 RESERVED CVE-2020-0953 RESERVED CVE-2020-0952 RESERVED CVE-2020-0951 RESERVED CVE-2020-0950 RESERVED CVE-2020-0949 RESERVED CVE-2020-0948 RESERVED CVE-2020-0947 RESERVED CVE-2020-0946 RESERVED CVE-2020-0945 RESERVED CVE-2020-0944 RESERVED CVE-2020-0943 RESERVED CVE-2020-0942 RESERVED CVE-2020-0941 RESERVED CVE-2020-0940 RESERVED CVE-2020-0939 RESERVED CVE-2020-0938 RESERVED CVE-2020-0937 RESERVED CVE-2020-0936 RESERVED CVE-2020-0935 RESERVED CVE-2020-0934 RESERVED CVE-2020-0933 RESERVED CVE-2020-0932 RESERVED CVE-2020-0931 RESERVED CVE-2020-0930 RESERVED CVE-2020-0929 RESERVED CVE-2020-0928 RESERVED CVE-2020-0927 RESERVED CVE-2020-0926 RESERVED CVE-2020-0925 RESERVED CVE-2020-0924 RESERVED CVE-2020-0923 RESERVED CVE-2020-0922 RESERVED CVE-2020-0921 RESERVED CVE-2020-0920 RESERVED CVE-2020-0919 RESERVED CVE-2020-0918 RESERVED CVE-2020-0917 RESERVED CVE-2020-0916 RESERVED CVE-2020-0915 RESERVED CVE-2020-0914 RESERVED CVE-2020-0913 RESERVED CVE-2020-0912 RESERVED CVE-2020-0911 RESERVED CVE-2020-0910 RESERVED CVE-2020-0909 RESERVED CVE-2020-0908 RESERVED CVE-2020-0907 RESERVED CVE-2020-0906 RESERVED CVE-2020-0905 (An remote code execution vulnerability exists in Microsoft Dynamics Bu ...) NOT-FOR-US: Microsoft CVE-2020-0904 RESERVED CVE-2020-0903 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Excha ...) NOT-FOR-US: Microsoft CVE-2020-0902 (An elevation of privilege vulnerability exists in Service Fabric File ...) NOT-FOR-US: Microsoft CVE-2020-0901 RESERVED CVE-2020-0900 RESERVED CVE-2020-0899 RESERVED CVE-2020-0898 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0897 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0896 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0895 RESERVED CVE-2020-0894 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0893 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0892 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0891 (This vulnerability is caused when SharePoint Server does not properly ...) NOT-FOR-US: Microsoft CVE-2020-0890 RESERVED CVE-2020-0889 RESERVED CVE-2020-0888 RESERVED CVE-2020-0887 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0886 RESERVED CVE-2020-0885 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0884 (A spoofing vulnerability exists in Microsoft Visual Studio as it inclu ...) NOT-FOR-US: Microsoft CVE-2020-0883 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-0882 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0881 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-0880 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0879 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0878 RESERVED CVE-2020-0877 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0876 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0875 RESERVED CVE-2020-0874 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0873 RESERVED CVE-2020-0872 (A remote code execution vulnerability exists in Application Inspector ...) NOT-FOR-US: Microsoft CVE-2020-0871 (An information disclosure vulnerability exists when Windows Network Co ...) NOT-FOR-US: Microsoft CVE-2020-0870 RESERVED CVE-2020-0869 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0868 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0867 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0866 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0865 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0864 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0863 (An information vulnerability exists when Windows Connected User Experi ...) NOT-FOR-US: Microsoft CVE-2020-0862 RESERVED CVE-2020-0861 (An information disclosure vulnerability exists when the Windows Networ ...) NOT-FOR-US: Microsoft CVE-2020-0860 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0859 (An information vulnerability exists when Windows Modules Installer Ser ...) NOT-FOR-US: Microsoft CVE-2020-0858 (An elevation of privilege vulnerability exists when the &quot;Publ ...) NOT-FOR-US: Microsoft CVE-2020-0857 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0856 RESERVED CVE-2020-0855 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0854 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-0853 (An information disclosure vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0852 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0851 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0850 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0849 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0848 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0847 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0846 RESERVED CVE-2020-0845 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0844 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-0843 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0842 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0841 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0840 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0839 RESERVED CVE-2020-0838 RESERVED CVE-2020-0837 RESERVED CVE-2020-0836 RESERVED CVE-2020-0835 RESERVED CVE-2020-0834 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0833 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0832 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0831 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0830 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2020-0829 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0828 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0827 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0826 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0825 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0824 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-0823 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0822 (An elevation of privilege vulnerability exists when the Windows Langua ...) NOT-FOR-US: Microsoft CVE-2020-0821 RESERVED CVE-2020-0820 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0819 (An elevation of privilege vulnerability exists when the Windows Device ...) NOT-FOR-US: Microsoft CVE-2020-0818 RESERVED CVE-2020-0817 RESERVED CVE-2020-0816 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2020-0815 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...) NOT-FOR-US: Microsoft CVE-2020-0814 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0813 (An information disclosure vulnerability exists when Chakra improperly ...) NOT-FOR-US: Microsoft CVE-2020-0812 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0811 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0810 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-0809 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0808 (An elevation of privilege vulnerability exists in the way the Provisio ...) NOT-FOR-US: Microsoft CVE-2020-0807 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0806 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0805 RESERVED CVE-2020-0804 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0803 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0802 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0801 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0800 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0799 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2020-0798 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0797 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0796 (A remote code execution vulnerability exists in the way that the Micro ...) NOT-FOR-US: Microsoft CVE-2020-0795 (This vulnerability is caused when SharePoint Server does not properly ...) NOT-FOR-US: Microsoft CVE-2020-0794 RESERVED CVE-2020-0793 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-0792 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0791 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0790 RESERVED CVE-2020-0789 (A denial of service vulnerability exists when the Visual Studio Extens ...) NOT-FOR-US: Microsoft CVE-2020-0788 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0787 (An elevation of privilege vulnerability exists when the Windows Backgr ...) NOT-FOR-US: Microsoft CVE-2020-0786 (A denial of service vulnerability exists when the Windows Tile Object ...) NOT-FOR-US: Microsoft CVE-2020-0785 (An elevation of privilege vulnerability exists when the Windows User P ...) NOT-FOR-US: Microsoft CVE-2020-0784 RESERVED CVE-2020-0783 (An elevation of privilege vulnerability exists when the Windows Univer ...) NOT-FOR-US: Microsoft CVE-2020-0782 RESERVED CVE-2020-0781 (An elevation of privilege vulnerability exists when the Windows Univer ...) NOT-FOR-US: Microsoft CVE-2020-0780 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0779 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0778 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0777 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0776 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2020-0775 (An information disclosure vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0774 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0773 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0772 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0771 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-0770 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0769 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-0768 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2020-0767 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0766 RESERVED CVE-2020-0765 (An information disclosure vulnerability exists in the Remote Desktop C ...) NOT-FOR-US: Microsoft CVE-2020-0764 RESERVED CVE-2020-0763 (An elevation of privilege vulnerability exists when Windows Defender S ...) NOT-FOR-US: Microsoft CVE-2020-0762 (An elevation of privilege vulnerability exists when Windows Defender S ...) NOT-FOR-US: Microsoft CVE-2020-0761 RESERVED CVE-2020-0760 RESERVED CVE-2020-0759 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0758 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...) NOT-FOR-US: Microsoft CVE-2020-0757 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0756 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0755 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0754 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0753 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0752 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0751 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0750 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0749 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0748 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0747 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2020-0746 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-0745 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0744 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0743 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0742 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0741 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0740 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0739 (An elevation of privilege vulnerability exists in the way that the dss ...) NOT-FOR-US: Microsoft CVE-2020-0738 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0737 (An elevation of privilege vulnerability exists in the way that the tap ...) NOT-FOR-US: Microsoft CVE-2020-0736 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0735 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0734 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0733 (An elevation of privilege vulnerability exists when the Windows Malici ...) NOT-FOR-US: Microsoft CVE-2020-0732 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0731 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0730 (An elevation of privilege vulnerability exists when the Windows User P ...) NOT-FOR-US: Microsoft CVE-2020-0729 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-0728 (An information vulnerability exists when Windows Modules Installer Ser ...) NOT-FOR-US: Microsoft CVE-2020-0727 (An elevation of privilege vulnerability exists when the Connected User ...) NOT-FOR-US: Microsoft CVE-2020-0726 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0725 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0724 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0723 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0722 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0721 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0720 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0719 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0718 RESERVED CVE-2020-0717 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0716 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0715 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0714 (An information disclosure vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0713 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0712 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0711 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0710 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0709 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0708 (A remote code execution vulnerability exists when the Windows Imaging ...) NOT-FOR-US: Microsoft CVE-2020-0707 (An elevation of privilege vulnerability exists when the Windows IME im ...) NOT-FOR-US: Microsoft CVE-2020-0706 (An information disclosure vulnerability exists in the way that affecte ...) NOT-FOR-US: Microsoft CVE-2020-0705 (An information disclosure vulnerability exists when the Windows Networ ...) NOT-FOR-US: Microsoft CVE-2020-0704 (An elevation of privilege vulnerability exists when the Windows Wirele ...) NOT-FOR-US: Microsoft CVE-2020-0703 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-0702 (A security feature bypass vulnerability exists in Surface Hub when pro ...) NOT-FOR-US: Microsoft CVE-2020-0701 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0700 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2020-0699 RESERVED CVE-2020-0698 (An information disclosure vulnerability exists when the Telephony Serv ...) NOT-FOR-US: Microsoft CVE-2020-0697 (An elevation of privilege vulnerability exists in Microsoft Office OLi ...) NOT-FOR-US: Microsoft CVE-2020-0696 (A security feature bypass vulnerability exists in Microsoft Outlook so ...) NOT-FOR-US: Microsoft CVE-2020-0695 (A spoofing vulnerability exists when Office Online Server does not val ...) NOT-FOR-US: Microsoft CVE-2020-0694 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0693 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0692 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...) NOT-FOR-US: Microsoft CVE-2020-0691 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0690 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0689 (A security feature bypass vulnerability exists in secure boot, aka 'Mi ...) NOT-FOR-US: Microsoft CVE-2020-0688 (A remote code execution vulnerability exists in Microsoft Exchange sof ...) NOT-FOR-US: Microsoft CVE-2020-0687 RESERVED CVE-2020-0686 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0685 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0684 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-0683 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0682 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0681 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0680 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0679 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0678 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0677 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0676 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0675 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0674 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0673 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0672 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0671 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0670 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0669 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0668 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0667 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0666 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0665 (An elevation of privilege vulnerability exists in Active Directory For ...) NOT-FOR-US: Microsoft CVE-2020-0664 RESERVED CVE-2020-0663 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...) NOT-FOR-US: Microsoft CVE-2020-0662 (A remote code execution vulnerability exists in the way that Windows h ...) NOT-FOR-US: Microsoft CVE-2020-0661 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0660 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...) NOT-FOR-US: Microsoft CVE-2020-0659 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2020-0658 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0657 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-0656 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-0655 (A remote code execution vulnerability exists in Remote Desktop Service ...) NOT-FOR-US: Microsoft CVE-2020-0654 (A security feature bypass vulnerability exists in Microsoft OneDrive A ...) NOT-FOR-US: Microsoft CVE-2020-0653 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0652 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-0651 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0650 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0649 RESERVED CVE-2020-0648 RESERVED CVE-2020-0647 (A spoofing vulnerability exists when Office Online does not validate o ...) NOT-FOR-US: Microsoft CVE-2020-0646 (A remote code execution vulnerability exists when the Microsoft .NET F ...) NOT-FOR-US: Microsoft CVE-2020-0645 (A tampering vulnerability exists when Microsoft IIS Server improperly ...) NOT-FOR-US: Microsoft CVE-2020-0644 (An elevation of privilege vulnerability exists when Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2020-0643 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0642 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0641 (An elevation of privilege vulnerability exists in Windows Media Servic ...) NOT-FOR-US: Microsoft CVE-2020-0640 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-0639 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0638 (An elevation of privilege vulnerability exists in the way the Update N ...) NOT-FOR-US: Microsoft CVE-2020-0637 (An information disclosure vulnerability exists when Remote Desktop Web ...) NOT-FOR-US: Microsoft CVE-2020-0636 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0635 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2020-0634 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-0633 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0632 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0631 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0630 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0629 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0628 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0627 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0626 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0625 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0624 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0623 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0622 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0621 (A security feature bypass vulnerability exists in Windows 10 when thir ...) NOT-FOR-US: Microsoft CVE-2020-0620 (An elevation of privilege vulnerability exists when Microsoft Cryptogr ...) NOT-FOR-US: Microsoft CVE-2020-0619 RESERVED CVE-2020-0618 (A remote code execution vulnerability exists in Microsoft SQL Server R ...) NOT-FOR-US: Microsoft CVE-2020-0617 (A denial of service vulnerability exists when Microsoft Hyper-V Virtua ...) NOT-FOR-US: Microsoft CVE-2020-0616 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2020-0615 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0614 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0613 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0612 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...) NOT-FOR-US: Microsoft CVE-2020-0611 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0610 (A remote code execution vulnerability exists in Windows Remote Desktop ...) NOT-FOR-US: Microsoft CVE-2020-0609 (A remote code execution vulnerability exists in Windows Remote Desktop ...) NOT-FOR-US: Microsoft CVE-2020-0608 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0607 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-0606 (A remote code execution vulnerability exists in .NET software when the ...) NOT-FOR-US: Microsoft CVE-2020-0605 (A remote code execution vulnerability exists in .NET software when the ...) NOT-FOR-US: Microsoft CVE-2020-0604 RESERVED CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core software ...) NOT-FOR-US: Microsoft CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: Microsoft CVE-2020-0601 (A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32. ...) NOT-FOR-US: Microsoft CVE-2020-0600 RESERVED CVE-2020-0599 RESERVED CVE-2020-0598 RESERVED CVE-2020-0597 RESERVED CVE-2020-0596 RESERVED CVE-2020-0595 RESERVED CVE-2020-0594 RESERVED CVE-2020-0593 RESERVED CVE-2020-0592 RESERVED CVE-2020-0591 RESERVED CVE-2020-0590 RESERVED CVE-2020-0589 RESERVED CVE-2020-0588 RESERVED CVE-2020-0587 RESERVED CVE-2020-0586 RESERVED CVE-2020-0585 RESERVED CVE-2020-0584 RESERVED CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart Sound Tech ...) NOT-FOR-US: Intel CVE-2020-0582 RESERVED CVE-2020-0581 RESERVED CVE-2020-0580 RESERVED CVE-2020-0579 RESERVED CVE-2020-0578 RESERVED CVE-2020-0577 RESERVED CVE-2020-0576 RESERVED CVE-2020-0575 RESERVED CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...) NOT-FOR-US: Intel CVE-2020-0573 RESERVED CVE-2020-0572 RESERVED CVE-2020-0571 RESERVED CVE-2020-0570 RESERVED - qtbase-opensource-src 5.12.5+dfsg-8 [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3 [stretch] - qtbase-opensource-src (Only affects 5.12.0 through 5.14.0) [jessie] - qtbase-opensource-src (Only affects 5.12.0 through 5.14.0) NOTE: https://bugreports.qt.io/browse/QTBUG-81272 NOTE: Patch: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63fb16b2df239f82a89d2bf05dd NOTE: https://lists.qt-project.org/pipermail/development/2020-January/038534.html CVE-2020-0569 RESERVED {DSA-4617-1 DLA-2092-1} - qtbase-opensource-src 5.12.5+dfsg-8 NOTE: Patch for 5.6.0 through 5.13.2: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404 NOTE: Patch for 5.0.0 through 5.5.1: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d CVE-2020-0568 RESERVED CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before version ...) NOT-FOR-US: Intel graphics driver for Windows CVE-2020-0566 RESERVED CVE-2020-0565 (Uncontrolled search path in Intel(R) Graphics Drivers before version 2 ...) NOT-FOR-US: Intel graphics driver for Windows CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for Windows be ...) NOT-FOR-US: Intel CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before version ...) NOT-FOR-US: Intel CVE-2020-0562 (Improper permissions in the installer for Intel(R) RWC2, all versions, ...) NOT-FOR-US: Intel CVE-2020-0561 (Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may ...) NOT-FOR-US: Intel CVE-2020-0560 (Improper permissions in the installer for the Intel(R) Renesas Electro ...) NOT-FOR-US: Intel CVE-2020-0559 RESERVED CVE-2020-0558 RESERVED CVE-2020-0557 RESERVED CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...) {DSA-4647-1} - bluez 5.50-1.1 (bug #953770) NOTE: https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1 NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html NOTE: Second commit introduces new configuration option "ClassicBondedOnly" which defaults NOTE: to false, and allows to make sure that input connections only come from bonded NOTE: device connections. NOTE: Followup commits to avoid (functional) regression: NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519 NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e CVE-2020-0555 RESERVED CVE-2020-0554 RESERVED CVE-2020-0553 RESERVED CVE-2020-0552 RESERVED CVE-2020-0551 (Load value injection in some Intel(R) Processors utilizing speculative ...) NOTE: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection NOTE: https://xenbits.xen.org/xsa/advisory-315.html NOTE: https://lviattack.eu/ NOTE: No mitigation will provided by this issue in software, primarily impacts Intel SGX NOTE: binutils/toolchain updates will include a patch that optionally emits lfence NOTE: instructions in problematic situations (but have performance impact), cf. NOTE: https://sourceware.org/pipermail/binutils/2020-March/110175.html CVE-2020-0550 (Improper data forwarding in some data cache for some Intel(R) Processo ...) NOTE: Intel is (currently) no planning to release microcode updates to mitigate issue. NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling NOTE: https://software.intel.com/security-software-guidance/insights/processors-affected-snoop-assisted-l1-data-sampling CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...) - intel-microcode [buster] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) [stretch] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) [jessie] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling NOTE: https://cacheoutattack.com/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated ...) - intel-microcode [buster] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) [stretch] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) [jessie] - intel-microcode (Minor issue; low impact if all mitigations for TAA and MDS were already previously applied) NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html CVE-2020-0547 RESERVED CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Modu ...) NOT-FOR-US: Intel CVE-2020-0545 RESERVED CVE-2020-0544 RESERVED CVE-2020-0543 RESERVED CVE-2020-0542 RESERVED CVE-2020-0541 RESERVED CVE-2020-0540 RESERVED CVE-2020-0539 RESERVED CVE-2020-0538 RESERVED CVE-2020-0537 RESERVED CVE-2020-0536 RESERVED CVE-2020-0535 RESERVED CVE-2020-0534 RESERVED CVE-2020-0533 RESERVED CVE-2020-0532 RESERVED CVE-2020-0531 RESERVED CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may allow an ...) NOT-FOR-US: Intel CVE-2020-0529 RESERVED CVE-2020-0528 RESERVED CVE-2020-0527 RESERVED CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...) NOT-FOR-US: Intel CVE-2020-0525 RESERVED CVE-2020-0524 RESERVED CVE-2020-0523 RESERVED CVE-2020-0522 RESERVED CVE-2020-0521 RESERVED CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...) NOT-FOR-US: Intel CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0518 RESERVED CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) Graphic ...) NOT-FOR-US: Intel CVE-2020-0514 (Improper default permissions in the installer for Intel(R) Graphics Dr ...) NOT-FOR-US: Intel CVE-2020-0513 RESERVED CVE-2020-0512 RESERVED CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics Drivers befo ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0510 RESERVED CVE-2020-0509 RESERVED CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...) NOT-FOR-US: Intel CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before versions 15. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before versions 1 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0505 (Improper conditions check in Intel(R) Graphics Drivers before versions ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0504 (Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0503 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0502 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0501 (Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0500 RESERVED CVE-2020-0499 RESERVED CVE-2020-0498 RESERVED CVE-2020-0497 RESERVED CVE-2020-0496 RESERVED CVE-2020-0495 RESERVED CVE-2020-0494 RESERVED CVE-2020-0493 RESERVED CVE-2020-0492 RESERVED CVE-2020-0491 RESERVED CVE-2020-0490 RESERVED CVE-2020-0489 RESERVED CVE-2020-0488 RESERVED CVE-2020-0487 RESERVED CVE-2020-0486 RESERVED CVE-2020-0485 RESERVED CVE-2020-0484 RESERVED CVE-2020-0483 RESERVED CVE-2020-0482 RESERVED CVE-2020-0481 RESERVED CVE-2020-0480 RESERVED CVE-2020-0479 RESERVED CVE-2020-0478 RESERVED CVE-2020-0477 RESERVED CVE-2020-0476 RESERVED CVE-2020-0475 RESERVED CVE-2020-0474 RESERVED CVE-2020-0473 RESERVED CVE-2020-0472 RESERVED CVE-2020-0471 RESERVED CVE-2020-0470 RESERVED CVE-2020-0469 RESERVED CVE-2020-0468 RESERVED CVE-2020-0467 RESERVED CVE-2020-0466 RESERVED CVE-2020-0465 RESERVED CVE-2020-0464 RESERVED CVE-2020-0463 RESERVED CVE-2020-0462 RESERVED CVE-2020-0461 RESERVED CVE-2020-0460 RESERVED CVE-2020-0459 RESERVED CVE-2020-0458 RESERVED CVE-2020-0457 RESERVED CVE-2020-0456 RESERVED CVE-2020-0455 RESERVED CVE-2020-0454 RESERVED CVE-2020-0453 RESERVED CVE-2020-0452 RESERVED CVE-2020-0451 RESERVED CVE-2020-0450 RESERVED CVE-2020-0449 RESERVED CVE-2020-0448 RESERVED CVE-2020-0447 RESERVED CVE-2020-0446 RESERVED CVE-2020-0445 RESERVED CVE-2020-0444 RESERVED CVE-2020-0443 RESERVED CVE-2020-0442 RESERVED CVE-2020-0441 RESERVED CVE-2020-0440 RESERVED CVE-2020-0439 RESERVED CVE-2020-0438 RESERVED CVE-2020-0437 RESERVED CVE-2020-0436 RESERVED CVE-2020-0435 RESERVED CVE-2020-0434 RESERVED CVE-2020-0433 RESERVED CVE-2020-0432 RESERVED CVE-2020-0431 RESERVED CVE-2020-0430 RESERVED CVE-2020-0429 RESERVED CVE-2020-0428 RESERVED CVE-2020-0427 RESERVED CVE-2020-0426 RESERVED CVE-2020-0425 RESERVED CVE-2020-0424 RESERVED CVE-2020-0423 RESERVED CVE-2020-0422 RESERVED CVE-2020-0421 RESERVED CVE-2020-0420 RESERVED CVE-2020-0419 RESERVED CVE-2020-0418 RESERVED CVE-2020-0417 RESERVED CVE-2020-0416 RESERVED CVE-2020-0415 RESERVED CVE-2020-0414 RESERVED CVE-2020-0413 RESERVED CVE-2020-0412 RESERVED CVE-2020-0411 RESERVED CVE-2020-0410 RESERVED CVE-2020-0409 RESERVED CVE-2020-0408 RESERVED CVE-2020-0407 RESERVED CVE-2020-0406 RESERVED CVE-2020-0405 RESERVED CVE-2020-0404 RESERVED CVE-2020-0403 RESERVED CVE-2020-0402 RESERVED CVE-2020-0401 RESERVED CVE-2020-0400 RESERVED CVE-2020-0399 RESERVED CVE-2020-0398 RESERVED CVE-2020-0397 RESERVED CVE-2020-0396 RESERVED CVE-2020-0395 RESERVED CVE-2020-0394 RESERVED CVE-2020-0393 RESERVED CVE-2020-0392 RESERVED CVE-2020-0391 RESERVED CVE-2020-0390 RESERVED CVE-2020-0389 RESERVED CVE-2020-0388 RESERVED CVE-2020-0387 RESERVED CVE-2020-0386 RESERVED CVE-2020-0385 RESERVED CVE-2020-0384 RESERVED CVE-2020-0383 RESERVED CVE-2020-0382 RESERVED CVE-2020-0381 RESERVED CVE-2020-0380 RESERVED CVE-2020-0379 RESERVED CVE-2020-0378 RESERVED CVE-2020-0377 RESERVED CVE-2020-0376 RESERVED CVE-2020-0375 RESERVED CVE-2020-0374 RESERVED CVE-2020-0373 RESERVED CVE-2020-0372 RESERVED CVE-2020-0371 RESERVED CVE-2020-0370 RESERVED CVE-2020-0369 RESERVED CVE-2020-0368 RESERVED CVE-2020-0367 RESERVED CVE-2020-0366 RESERVED CVE-2020-0365 RESERVED CVE-2020-0364 RESERVED CVE-2020-0363 RESERVED CVE-2020-0362 RESERVED CVE-2020-0361 RESERVED CVE-2020-0360 RESERVED CVE-2020-0359 RESERVED CVE-2020-0358 RESERVED CVE-2020-0357 RESERVED CVE-2020-0356 RESERVED CVE-2020-0355 RESERVED CVE-2020-0354 RESERVED CVE-2020-0353 RESERVED CVE-2020-0352 RESERVED CVE-2020-0351 RESERVED CVE-2020-0350 RESERVED CVE-2020-0349 RESERVED CVE-2020-0348 RESERVED CVE-2020-0347 RESERVED CVE-2020-0346 RESERVED CVE-2020-0345 RESERVED CVE-2020-0344 RESERVED CVE-2020-0343 RESERVED CVE-2020-0342 RESERVED CVE-2020-0341 RESERVED CVE-2020-0340 RESERVED CVE-2020-0339 RESERVED CVE-2020-0338 RESERVED CVE-2020-0337 RESERVED CVE-2020-0336 RESERVED CVE-2020-0335 RESERVED CVE-2020-0334 RESERVED CVE-2020-0333 RESERVED CVE-2020-0332 RESERVED CVE-2020-0331 RESERVED CVE-2020-0330 RESERVED CVE-2020-0329 RESERVED CVE-2020-0328 RESERVED CVE-2020-0327 RESERVED CVE-2020-0326 RESERVED CVE-2020-0325 RESERVED CVE-2020-0324 RESERVED CVE-2020-0323 RESERVED CVE-2020-0322 RESERVED CVE-2020-0321 RESERVED CVE-2020-0320 RESERVED CVE-2020-0319 RESERVED CVE-2020-0318 RESERVED CVE-2020-0317 RESERVED CVE-2020-0316 RESERVED CVE-2020-0315 RESERVED CVE-2020-0314 RESERVED CVE-2020-0313 RESERVED CVE-2020-0312 RESERVED CVE-2020-0311 RESERVED CVE-2020-0310 RESERVED CVE-2020-0309 RESERVED CVE-2020-0308 RESERVED CVE-2020-0307 RESERVED CVE-2020-0306 RESERVED CVE-2020-0305 RESERVED CVE-2020-0304 RESERVED CVE-2020-0303 RESERVED CVE-2020-0302 RESERVED CVE-2020-0301 RESERVED CVE-2020-0300 RESERVED CVE-2020-0299 RESERVED CVE-2020-0298 RESERVED CVE-2020-0297 RESERVED CVE-2020-0296 RESERVED CVE-2020-0295 RESERVED CVE-2020-0294 RESERVED CVE-2020-0293 RESERVED CVE-2020-0292 RESERVED CVE-2020-0291 RESERVED CVE-2020-0290 RESERVED CVE-2020-0289 RESERVED CVE-2020-0288 RESERVED CVE-2020-0287 RESERVED CVE-2020-0286 RESERVED CVE-2020-0285 RESERVED CVE-2020-0284 RESERVED CVE-2020-0283 RESERVED CVE-2020-0282 RESERVED CVE-2020-0281 RESERVED CVE-2020-0280 RESERVED CVE-2020-0279 RESERVED CVE-2020-0278 RESERVED CVE-2020-0277 RESERVED CVE-2020-0276 RESERVED CVE-2020-0275 RESERVED CVE-2020-0274 RESERVED CVE-2020-0273 RESERVED CVE-2020-0272 RESERVED CVE-2020-0271 RESERVED CVE-2020-0270 RESERVED CVE-2020-0269 RESERVED CVE-2020-0268 RESERVED CVE-2020-0267 RESERVED CVE-2020-0266 RESERVED CVE-2020-0265 RESERVED CVE-2020-0264 RESERVED CVE-2020-0263 RESERVED CVE-2020-0262 RESERVED CVE-2020-0261 RESERVED CVE-2020-0260 RESERVED CVE-2020-0259 RESERVED CVE-2020-0258 RESERVED CVE-2020-0257 RESERVED CVE-2020-0256 RESERVED CVE-2020-0255 RESERVED CVE-2020-0254 RESERVED CVE-2020-0253 RESERVED CVE-2020-0252 RESERVED CVE-2020-0251 RESERVED CVE-2020-0250 RESERVED CVE-2020-0249 RESERVED CVE-2020-0248 RESERVED CVE-2020-0247 RESERVED CVE-2020-0246 RESERVED CVE-2020-0245 RESERVED CVE-2020-0244 RESERVED CVE-2020-0243 RESERVED CVE-2020-0242 RESERVED CVE-2020-0241 RESERVED CVE-2020-0240 RESERVED CVE-2020-0239 RESERVED CVE-2020-0238 RESERVED CVE-2020-0237 RESERVED CVE-2020-0236 RESERVED CVE-2020-0235 RESERVED CVE-2020-0234 RESERVED CVE-2020-0233 RESERVED CVE-2020-0232 RESERVED CVE-2020-0231 RESERVED CVE-2020-0230 RESERVED CVE-2020-0229 RESERVED CVE-2020-0228 RESERVED CVE-2020-0227 RESERVED CVE-2020-0226 RESERVED CVE-2020-0225 RESERVED CVE-2020-0224 RESERVED CVE-2020-0223 RESERVED CVE-2020-0222 RESERVED CVE-2020-0221 RESERVED CVE-2020-0220 RESERVED CVE-2020-0219 RESERVED CVE-2020-0218 RESERVED CVE-2020-0217 RESERVED CVE-2020-0216 RESERVED CVE-2020-0215 RESERVED CVE-2020-0214 RESERVED CVE-2020-0213 RESERVED CVE-2020-0212 RESERVED CVE-2020-0211 RESERVED CVE-2020-0210 RESERVED CVE-2020-0209 RESERVED CVE-2020-0208 RESERVED CVE-2020-0207 RESERVED CVE-2020-0206 RESERVED CVE-2020-0205 RESERVED CVE-2020-0204 RESERVED CVE-2020-0203 RESERVED CVE-2020-0202 RESERVED CVE-2020-0201 RESERVED CVE-2020-0200 RESERVED CVE-2020-0199 RESERVED CVE-2020-0198 RESERVED CVE-2020-0197 RESERVED CVE-2020-0196 RESERVED CVE-2020-0195 RESERVED CVE-2020-0194 RESERVED CVE-2020-0193 RESERVED CVE-2020-0192 RESERVED CVE-2020-0191 RESERVED CVE-2020-0190 RESERVED CVE-2020-0189 RESERVED CVE-2020-0188 RESERVED CVE-2020-0187 RESERVED CVE-2020-0186 RESERVED CVE-2020-0185 RESERVED CVE-2020-0184 RESERVED CVE-2020-0183 RESERVED CVE-2020-0182 RESERVED CVE-2020-0181 RESERVED CVE-2020-0180 RESERVED CVE-2020-0179 RESERVED CVE-2020-0178 RESERVED CVE-2020-0177 RESERVED CVE-2020-0176 RESERVED CVE-2020-0175 RESERVED CVE-2020-0174 RESERVED CVE-2020-0173 RESERVED CVE-2020-0172 RESERVED CVE-2020-0171 RESERVED CVE-2020-0170 RESERVED CVE-2020-0169 RESERVED CVE-2020-0168 RESERVED CVE-2020-0167 RESERVED CVE-2020-0166 RESERVED CVE-2020-0165 RESERVED CVE-2020-0164 RESERVED CVE-2020-0163 RESERVED CVE-2020-0162 RESERVED CVE-2020-0161 RESERVED CVE-2020-0160 RESERVED CVE-2020-0159 RESERVED CVE-2020-0158 RESERVED CVE-2020-0157 RESERVED CVE-2020-0156 RESERVED CVE-2020-0155 RESERVED CVE-2020-0154 RESERVED CVE-2020-0153 RESERVED CVE-2020-0152 RESERVED CVE-2020-0151 RESERVED CVE-2020-0150 RESERVED CVE-2020-0149 RESERVED CVE-2020-0148 RESERVED CVE-2020-0147 RESERVED CVE-2020-0146 RESERVED CVE-2020-0145 RESERVED CVE-2020-0144 RESERVED CVE-2020-0143 RESERVED CVE-2020-0142 RESERVED CVE-2020-0141 RESERVED CVE-2020-0140 RESERVED CVE-2020-0139 RESERVED CVE-2020-0138 RESERVED CVE-2020-0137 RESERVED CVE-2020-0136 RESERVED CVE-2020-0135 RESERVED CVE-2020-0134 RESERVED CVE-2020-0133 RESERVED CVE-2020-0132 RESERVED CVE-2020-0131 RESERVED CVE-2020-0130 RESERVED CVE-2020-0129 RESERVED CVE-2020-0128 RESERVED CVE-2020-0127 RESERVED CVE-2020-0126 RESERVED CVE-2020-0125 RESERVED CVE-2020-0124 RESERVED CVE-2020-0123 RESERVED CVE-2020-0122 RESERVED CVE-2020-0121 RESERVED CVE-2020-0120 RESERVED CVE-2020-0119 RESERVED CVE-2020-0118 RESERVED CVE-2020-0117 RESERVED CVE-2020-0116 RESERVED CVE-2020-0115 RESERVED CVE-2020-0114 RESERVED CVE-2020-0113 RESERVED CVE-2020-0112 RESERVED CVE-2020-0111 RESERVED CVE-2020-0110 RESERVED CVE-2020-0109 RESERVED CVE-2020-0108 RESERVED CVE-2020-0107 RESERVED CVE-2020-0106 RESERVED CVE-2020-0105 RESERVED CVE-2020-0104 RESERVED CVE-2020-0103 RESERVED CVE-2020-0102 RESERVED CVE-2020-0101 RESERVED CVE-2020-0100 RESERVED CVE-2020-0099 RESERVED CVE-2020-0098 RESERVED CVE-2020-0097 RESERVED CVE-2020-0096 RESERVED CVE-2020-0095 RESERVED CVE-2020-0094 RESERVED CVE-2020-0093 RESERVED CVE-2020-0092 RESERVED CVE-2020-0091 RESERVED CVE-2020-0090 RESERVED CVE-2020-0089 RESERVED CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is a possible re ...) NOT-FOR-US: Android Media Framework CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...) NOT-FOR-US: Android CVE-2020-0086 (In readCString of Parcel.cpp, there is a possible out of bounds write ...) NOT-FOR-US: Android Media Framework CVE-2020-0085 (In setBluetoothTethering of PanService.java, there is a possible permi ...) NOT-FOR-US: Android CVE-2020-0084 (In several functions of NotificationManagerService.java, there are mis ...) NOT-FOR-US: Android CVE-2020-0083 (In setRequirePmfInternal of sta_network.cpp, there is a possible defau ...) NOT-FOR-US: Android CVE-2020-0082 RESERVED NOT-FOR-US: Android CVE-2020-0081 RESERVED NOT-FOR-US: Android CVE-2020-0080 RESERVED NOT-FOR-US: Android CVE-2020-0079 RESERVED CVE-2020-0078 RESERVED CVE-2020-0077 RESERVED NOT-FOR-US: Android CVE-2020-0076 RESERVED NOT-FOR-US: Android CVE-2020-0075 RESERVED NOT-FOR-US: Android CVE-2020-0074 RESERVED CVE-2020-0073 RESERVED NOT-FOR-US: Android CVE-2020-0072 RESERVED NOT-FOR-US: Android CVE-2020-0071 RESERVED NOT-FOR-US: Android CVE-2020-0070 RESERVED NOT-FOR-US: Android CVE-2020-0069 (In the ioctl handlers of the Mediatek Command Queue driver, there is a ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0068 RESERVED CVE-2020-0067 [f2fs: fix to avoid memory leakage in f2fs_listxattr] RESERVED - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/688078e7f36c293dae25b338ddc9e0a2790f6e06 CVE-2020-0066 (In the netlink driver, there is a possible out of bounds write due to ...) - linux 4.2.5-1 [jessie] - linux 3.16.7-ckt20-1 NOTE: https://git.kernel.org/linus/db65a3aaf29ecce2e34271d52e8d2336b97bd9fe CVE-2020-0065 RESERVED CVE-2020-0064 RESERVED CVE-2020-0063 (In SurfaceFlinger, it is possible to override UI confirmation screen p ...) NOT-FOR-US: Android CVE-2020-0062 (In Euicc, there is a possible information disclosure due to an include ...) NOT-FOR-US: Android CVE-2020-0061 (In Pixel Recorder, there is a possible permissions bypass allowing arb ...) NOT-FOR-US: Android CVE-2020-0060 (In query of SmsProvider.java and MmsSmsProvider.java, there is a possi ...) NOT-FOR-US: Android CVE-2020-0059 (In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.c ...) NOT-FOR-US: Android CVE-2020-0058 (In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0057 (In btm_process_inq_results of btm_inq.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2020-0056 (In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0055 (In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a poss ...) NOT-FOR-US: Android CVE-2020-0054 (In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java ...) NOT-FOR-US: Android CVE-2020-0053 (In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanD ...) NOT-FOR-US: Android CVE-2020-0052 (In smsSelected of AnswerFragment.java, there is a way to send an SMS f ...) NOT-FOR-US: Android CVE-2020-0051 (In onCreate of SettingsHomepageActivity, there is a possible tapjackin ...) NOT-FOR-US: Android CVE-2020-0050 (In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2020-0049 (In onReadBuffer() of StreamingSource.cpp, there is a possible informat ...) NOT-FOR-US: Android media framework CVE-2020-0048 (In onTransact of IAudioFlinger.cpp, there is a possible stack informat ...) NOT-FOR-US: Android media framework CVE-2020-0047 (In setMasterMute of AudioService.java, there is a missing permission c ...) NOT-FOR-US: Android media framework CVE-2020-0046 (In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible ...) NOT-FOR-US: Android media framework CVE-2020-0045 (In StatsService::command of StatsService.cpp, there is possible memory ...) NOT-FOR-US: Android CVE-2020-0044 (In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds re ...) NOT-FOR-US: FPC components for Android CVE-2020-0043 (In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bou ...) NOT-FOR-US: FPC components for Android CVE-2020-0042 (In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a poss ...) NOT-FOR-US: FPC components for Android CVE-2020-0041 (In binder_transaction of binder.c, there is a possible out of bounds w ...) - linux 5.4.6-1 NOTE: https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2 CVE-2020-0040 RESERVED NOTE: Duplicate of CVE-2019-15239, will be rejected CVE-2020-0039 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...) NOT-FOR-US: Android CVE-2020-0038 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...) NOT-FOR-US: Android CVE-2020-0037 (In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2020-0036 (In hasPermissions of PermissionMonitor.java, there is a possible acces ...) NOT-FOR-US: Android CVE-2020-0035 (In query of TelephonyProvider.java, there is a possible access to SIM ...) NOT-FOR-US: Android CVE-2020-0034 (In vp8_decode_frame of decodeframe.c, there is a possible out of bound ...) {DLA-2136-1} - libvpx 1.7.0-3 [stretch] - libvpx (Minor issue) NOTE: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a CVE-2020-0033 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) NOT-FOR-US: Android media framework CVE-2020-0032 (In ih264d_release_display_bufs of ih264d_utils.c, there is a possible ...) NOT-FOR-US: Android media framework CVE-2020-0031 (In triggerAugmentedAutofillLocked and related functions of Session.jav ...) NOT-FOR-US: Android CVE-2020-0030 (In binder_thread_release of binder.c, there is a possible use after fr ...) - linux 4.15.11-1 NOTE: Fixed by: https://git.kernel.org/linus/5eeb2ca02a2f6084fc57ae5c244a38baab07033a CVE-2020-0029 (In the WifiConfigManager, there is a possible storage of location hist ...) NOT-FOR-US: Android CVE-2020-0028 (In notifyNetworkTested and related functions of NetworkMonitor.java, t ...) NOT-FOR-US: Android CVE-2020-0027 (In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of ...) NOT-FOR-US: Android CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible memory corru ...) NOT-FOR-US: Android CVE-2020-0025 RESERVED CVE-2020-0024 RESERVED CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there is a pos ...) NOT-FOR-US: Android CVE-2020-0022 (In reassemble_and_dispatch of packet_fragmenter.cc, there is possible ...) NOT-FOR-US: Android CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there is a p ...) NOT-FOR-US: Android CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible failur ...) NOT-FOR-US: Android CVE-2020-0019 RESERVED CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there is a p ...) NOT-FOR-US: Android CVE-2020-0017 (In multiple places, it was possible for the primary user’s dicti ...) NOT-FOR-US: Android CVE-2020-0016 RESERVED CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to overlay ...) NOT-FOR-US: Android CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TOAST w ...) NOT-FOR-US: Android CVE-2020-0013 RESERVED CVE-2020-0012 (In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible ...) NOT-FOR-US: FPC components for Android CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bou ...) NOT-FOR-US: FPC components for Android CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...) NOT-FOR-US: FPC components for Android CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...) - linux 5.5.13-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1949 CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there ...) NOT-FOR-US: Android CVE-2020-0007 (In flattenString8 of Sensor.cpp, there is a possible information discl ...) NOT-FOR-US: Android CVE-2020-0006 (In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0005 (In btm_read_remote_ext_features_complete of btm_acl.cc, there is a pos ...) NOT-FOR-US: Android CVE-2020-0004 (In generateCrop of WallpaperManagerService.java, there is a possible s ...) NOT-FOR-US: Android CVE-2020-0003 (In onCreate of InstallStart.java, there is a possible package validati ...) NOT-FOR-US: Android CVE-2020-0002 (In ih264d_init_decoder of ih264d_api.c, there is a possible out of bou ...) NOT-FOR-US: Android Media Framework CVE-2020-0001 (In getProcessRecordLocked of ActivityManagerService.java isolated apps ...) NOT-FOR-US: Android