Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
954870b6 by security tracker role at 2020-03-26T08:10:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through
0.9.8-25 a ...)
+ TODO: check
+CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is
vulnerable to ...)
+ TODO: check
+CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to
execute ...)
+ TODO: check
+CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows
unrestricted fi ...)
+ TODO: check
+CVE-2020-10962
+ RESERVED
+CVE-2020-10961
+ RESERVED
+CVE-2020-10960
+ RESERVED
+CVE-2020-10959
+ RESERVED
+CVE-2020-10958
+ RESERVED
+CVE-2020-10957
+ RESERVED
+CVE-2020-10956
+ RESERVED
+CVE-2020-10955
+ RESERVED
+CVE-2020-10954
+ RESERVED
+CVE-2020-10953
+ RESERVED
+CVE-2020-10952
+ RESERVED
CVE-2020-10951
RESERVED
CVE-2020-10950
@@ -128,22 +158,22 @@ CVE-2020-10890
RESERVED
CVE-2020-10889
RESERVED
-CVE-2020-10888
- RESERVED
-CVE-2020-10887
- RESERVED
-CVE-2020-10886
- RESERVED
-CVE-2020-10885
- RESERVED
-CVE-2020-10884
- RESERVED
-CVE-2020-10883
- RESERVED
-CVE-2020-10882
- RESERVED
-CVE-2020-10881
- RESERVED
+CVE-2020-10888 (This vulnerability allows remote attackers to bypass
authentication on ...)
+ TODO: check
+CVE-2020-10887 (This vulnerability allows a firewall bypass on affected
installations ...)
+ TODO: check
+CVE-2020-10886 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10885 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
+CVE-2020-10884 (This vulnerability allows network-adjacent attackers execute
arbitrary ...)
+ TODO: check
+CVE-2020-10883 (This vulnerability allows local attackers to escalate
privileges on af ...)
+ TODO: check
+CVE-2020-10882 (This vulnerability allows network-adjacent attackers to
execute arbitr ...)
+ TODO: check
+CVE-2020-10881 (This vulnerability allows remote attackers to execute
arbitrary code o ...)
+ TODO: check
CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as
demonstr ...)
TODO: check
CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as
demonstr ...)
@@ -1765,8 +1795,8 @@ CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the
sighting popover tool. Th
NOT-FOR-US: MISP
CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters.
This is ...)
NOT-FOR-US: MISP
-CVE-2020-10245
- RESERVED
+CVE-2020-10245 (CODESYS V3 web server before 3.5.15.40, as used in CODESYS
Control run ...)
+ TODO: check
CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local
tokens. ...)
NOT-FOR-US: JPaseto
CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of
type cas ...)
@@ -3363,8 +3393,8 @@ CVE-2020-9522
RESERVED
CVE-2020-9521
RESERVED
-CVE-2020-9520
- RESERVED
+CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe,
affecti ...)
+ TODO: check
CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro
Focus Serv ...)
NOT-FOR-US: Micro Focus
CVE-2020-9518 (Login filter can access configuration files vulnerability in
Micro Foc ...)
@@ -9614,12 +9644,10 @@ CVE-2020-6818
RESERVED
CVE-2020-6817
RESERVED
-CVE-2020-6815
- RESERVED
+CVE-2020-6815 (Mozilla developers reported memory safety and script safety
bugs prese ...)
- firefox 74.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
-CVE-2020-6814
- RESERVED
+CVE-2020-6814 (Mozilla developers reported memory safety bugs present in
Firefox and ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -9627,12 +9655,10 @@ CVE-2020-6814
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6814
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814
-CVE-2020-6813
- RESERVED
+CVE-2020-6813 (When protecting CSS blocks with the nonce feature of Content
Security ...)
- firefox 74.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
-CVE-2020-6812
- RESERVED
+CVE-2020-6812 (The first time AirPods are connected to an iPhone, they become
named a ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -9640,8 +9666,7 @@ CVE-2020-6812
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6812
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
-CVE-2020-6811
- RESERVED
+CVE-2020-6811 (The 'Copy as cURL' feature of Devtools' network tab did not
properly e ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -9649,20 +9674,16 @@ CVE-2020-6811
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
-CVE-2020-6810
- RESERVED
+CVE-2020-6810 (After a website had entered fullscreen mode, it could have used
a prev ...)
- firefox 74.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810
-CVE-2020-6809
- RESERVED
+CVE-2020-6809 (When a Web Extension had the all-urls permission and made a
fetch requ ...)
- firefox 74.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809
-CVE-2020-6808
- RESERVED
+CVE-2020-6808 (When a JavaScript URL (javascript:) is evaluated and the result
is a s ...)
- firefox 74.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
-CVE-2020-6807
- RESERVED
+CVE-2020-6807 (When a device was changed while a stream was about to be
destroyed, th ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -9670,8 +9691,7 @@ CVE-2020-6807
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6807
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
-CVE-2020-6806
- RESERVED
+CVE-2020-6806 (By carefully crafting promise resolutions, it was possible to
cause an ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -9679,8 +9699,7 @@ CVE-2020-6806
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6806
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
-CVE-2020-6805
- RESERVED
+CVE-2020-6805 (When removing data about an origin whose tab was recently
closed, a us ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -12950,10 +12969,10 @@ CVE-2020-5342 (Dell Digital Delivery versions prior
to 3.5.2015 contain an incor
NOT-FOR-US: Dell
CVE-2020-5341
RESERVED
-CVE-2020-5340
- RESERVED
-CVE-2020-5339
- RESERVED
+CVE-2020-5340 (RSA Authentication Manager versions prior to 8.4 P10 contain a
stored ...)
+ TODO: check
+CVE-2020-5339 (RSA Authentication Manager versions prior to 8.4 P10 contain a
stored ...)
+ TODO: check
CVE-2020-5338
RESERVED
CVE-2020-5337
@@ -13769,8 +13788,8 @@ CVE-2020-5131
RESERVED
CVE-2020-5130
RESERVED
-CVE-2020-5129
- RESERVED
+CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server
allows a ...)
+ TODO: check
CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute
arbitrary ...)
NOT-FOR-US: Nagios XI
CVE-2019-20196
@@ -17388,8 +17407,8 @@ CVE-2020-3810
RESERVED
CVE-2020-3809
RESERVED
-CVE-2020-3808
- RESERVED
+CVE-2020-3808 (Creative Cloud Desktop Application versions 5.0 and earlier
have a tim ...)
+ TODO: check
CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
TODO: check
CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
@@ -17416,56 +17435,56 @@ CVE-2020-3796
RESERVED
CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
TODO: check
-CVE-2020-3794
- RESERVED
+CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a
file i ...)
+ TODO: check
CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
TODO: check
CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier,
2017.011 ...)
TODO: check
-CVE-2020-3791
- RESERVED
-CVE-2020-3790
- RESERVED
-CVE-2020-3789
- RESERVED
-CVE-2020-3788
- RESERVED
-CVE-2020-3787
- RESERVED
-CVE-2020-3786
- RESERVED
-CVE-2020-3785
- RESERVED
-CVE-2020-3784
- RESERVED
-CVE-2020-3783
- RESERVED
-CVE-2020-3782
- RESERVED
-CVE-2020-3781
- RESERVED
-CVE-2020-3780
- RESERVED
-CVE-2020-3779
- RESERVED
-CVE-2020-3778
- RESERVED
-CVE-2020-3777
- RESERVED
-CVE-2020-3776
- RESERVED
-CVE-2020-3775
- RESERVED
-CVE-2020-3774
- RESERVED
-CVE-2020-3773
- RESERVED
-CVE-2020-3772
- RESERVED
-CVE-2020-3771
- RESERVED
-CVE-2020-3770
- RESERVED
+CVE-2020-3791 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3790 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3789 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3788 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3787 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3786 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3785 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3784 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3783 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3782 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3781 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3780 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3779 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3778 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020
have an ...)
+ TODO: check
+CVE-2020-3777 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3776 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3775 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3774 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3773 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3772 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3771 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
+CVE-2020-3770 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and
Photoshop 202 ...)
+ TODO: check
CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a
server-side r ...)
TODO: check
CVE-2020-3768
@@ -17482,8 +17501,8 @@ CVE-2020-3763 (Adobe Acrobat and Reader versions
2019.021.20061 and earlier, 201
NOT-FOR-US: Adobe
CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier,
2017.011 ...)
NOT-FOR-US: Adobe
-CVE-2020-3761
- RESERVED
+CVE-2020-3761 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a
remote ...)
+ TODO: check
CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command
inject ...)
NOT-FOR-US: Adobe
CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer
errors ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/954870b6582fabdaca0d4a4a065c3ff672959ef1
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/954870b6582fabdaca0d4a4a065c3ff672959ef1
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
