Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
18ea2500 by security tracker role at 2020-06-11T08:10:16+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,79 @@
+CVE-2020-14018
+ RESERVED
+CVE-2020-14017
+ RESERVED
+CVE-2020-14016
+ RESERVED
+CVE-2020-14015
+ RESERVED
+CVE-2020-14014
+ RESERVED
+CVE-2020-14013
+ RESERVED
+CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a
Knowledgebase C ...)
+ TODO: check
+CVE-2020-14011
+ RESERVED
+CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected
XSS via t ...)
+ TODO: check
+CVE-2020-14009
+ RESERVED
+CVE-2020-14008
+ RESERVED
+CVE-2020-14007
+ RESERVED
+CVE-2020-14006
+ RESERVED
+CVE-2020-14005
+ RESERVED
+CVE-2020-14004
+ RESERVED
+CVE-2020-14003
+ RESERVED
+CVE-2020-14002
+ RESERVED
+CVE-2020-14001
+ RESERVED
+CVE-2020-14000
+ RESERVED
+CVE-2020-13999
+ RESERVED
+CVE-2020-13998 (** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5,
when 2FA ...)
+ TODO: check
+CVE-2020-13997
+ RESERVED
+CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL
injection at ...)
+ TODO: check
+CVE-2020-13995
+ RESERVED
+CVE-2020-13994
+ RESERVED
+CVE-2020-13993
+ RESERVED
+CVE-2020-13992
+ RESERVED
+CVE-2020-13991
+ RESERVED
+CVE-2020-13990
+ RESERVED
+CVE-2020-13989
+ RESERVED
+CVE-2020-13988
+ RESERVED
+CVE-2020-13987
+ RESERVED
+CVE-2020-13986
+ RESERVED
+CVE-2020-13985
+ RESERVED
+CVE-2020-13984
+ RESERVED
+CVE-2020-13983
+ RESERVED
+CVE-2020-13982
+ RESERVED
+CVE-2020-13981
+ RESERVED
CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated
users to c ...)
NOT-FOR-US: OpenCart
CVE-2020-13979
@@ -139,8 +215,8 @@ CVE-2020-13913
RESERVED
CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows
local users ...)
NOT-FOR-US: SolarWinds Advanced Monitoring Agent
-CVE-2020-13911
- RESERVED
+CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger
XSS via a ...)
+ TODO: check
CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds
read in nf ...)
NOT-FOR-US: Pengutronix Barebox
CVE-2020-13909 (The Ignition page before 2.0.5 for Laravel mishandles globals,
_get, _ ...)
@@ -149,10 +225,10 @@ CVE-2020-13908
RESERVED
CVE-2020-13907
RESERVED
-CVE-2020-13906
- RESERVED
-CVE-2020-13905
- RESERVED
+CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation
starting at F ...)
+ TODO: check
+CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation
starting at F ...)
+ TODO: check
CVE-2020-13904 (FFmpeg 4.2.3 has a use-after-free via a crafted EXTINF
duration in an ...)
- ffmpeg <unfixed>
NOTE:
https://patchwork.ffmpeg.org/project/ffmpeg/patch/[email protected]/
@@ -161,14 +237,14 @@ CVE-2020-13903
RESERVED
CVE-2020-13902 (ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer
over-re ...)
TODO: check
-CVE-2020-13901
- RESERVED
-CVE-2020-13900
- RESERVED
-CVE-2020-13899
- RESERVED
-CVE-2020-13898
- RESERVED
+CVE-2020-13901 (An issue was discovered in janus-gateway (aka Janus WebRTC
Server) thr ...)
+ TODO: check
+CVE-2020-13900 (An issue was discovered in janus-gateway (aka Janus WebRTC
Server) thr ...)
+ TODO: check
+CVE-2020-13899 (An issue was discovered in janus-gateway (aka Janus WebRTC
Server) thr ...)
+ TODO: check
+CVE-2020-13898 (An issue was discovered in janus-gateway (aka Janus WebRTC
Server) thr ...)
+ TODO: check
CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS. ...)
NOT-FOR-US: HESK
CVE-2020-13896
@@ -177,8 +253,8 @@ CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor
through 3.5.1402961 a
NOT-FOR-US: DEXT5 Editor
CVE-2020-13893
RESERVED
-CVE-2020-13892
- RESERVED
+CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS.
...)
+ TODO: check
CVE-2020-13891
RESERVED
CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS
via an A ...)
@@ -226,8 +302,8 @@ CVE-2020-13874
RESERVED
CVE-2020-13873
RESERVED
-CVE-2020-13872
- RESERVED
+CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it
easier for at ...)
+ TODO: check
CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in
select.c bec ...)
- sqlite3 3.32.2-2
NOTE: Fixed by: https://www.sqlite.org/src/info/79eff1d0383179c4
@@ -264,18 +340,18 @@ CVE-2020-13857
RESERVED
CVE-2020-13856
RESERVED
-CVE-2020-13855
- RESERVED
-CVE-2020-13854
- RESERVED
-CVE-2020-13853
- RESERVED
-CVE-2020-13852
- RESERVED
-CVE-2020-13851
- RESERVED
-CVE-2020-13850
- RESERVED
+CVE-2020-13855 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading
to remot ...)
+ TODO: check
+CVE-2020-13854 (Artica Pandora FMS 7.44 allows privilege escalation. ...)
+ TODO: check
+CVE-2020-13853 (Artica Pandora FMS 7.44 has persistent XSS in the Messages
feature. ...)
+ TODO: check
+CVE-2020-13852 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading
to remot ...)
+ TODO: check
+CVE-2020-13851 (Artica Pandora FMS 7.44 allows remote command execution via
the events ...)
+ TODO: check
+CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a
web folder ...)
+ TODO: check
CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout
value of 1. ...)
TODO: check
CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows
remote attac ...)
@@ -472,11 +548,13 @@ CVE-2018-21236 (An issue was discovered in Foxit Reader
before 2.4.4. It has a N
NOT-FOR-US: Foxit Reader
CVE-2018-21235 (An issue was discovered in Foxit E-mail advertising system
before Sept ...)
NOT-FOR-US: Foxit E-mail advertising system
-CVE-2020-13965 (An issue was discovered in Roundcube Webmail before 1.3.12.
There is X ...)
+CVE-2020-13965 (An issue was discovered in Roundcube Webmail before 1.3.12 and
1.4.x b ...)
+ {DSA-4700-1}
- roundcube 1.4.5+dfsg.1-1 (bug #962124)
NOTE: 1.4.x:
https://github.com/roundcube/roundcubemail/commit/ccaccae6653031b809b4347a60021951e19a0e43
NOTE: 1.3.x:
https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3
-CVE-2020-13964 (An issue was discovered in Roundcube Webmail before 1.3.12.
include/rc ...)
+CVE-2020-13964 (An issue was discovered in Roundcube Webmail before 1.3.12 and
1.4.x b ...)
+ {DSA-4700-1}
- roundcube 1.4.5+dfsg.1-1 (bug #962123)
NOTE: 1.4.x:
https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5
NOTE: 1.3.x:
https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19
@@ -1272,10 +1350,10 @@ CVE-2020-13447
RESERVED
CVE-2020-13446
RESERVED
-CVE-2020-13445
- RESERVED
-CVE-2020-13444
- RESERVED
+CVE-2020-13445 (In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix
pack 92, ...)
+ TODO: check
+CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before
fix pack 9 ...)
+ TODO: check
CVE-2020-13443
RESERVED
CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in
DEXT5 t ...)
@@ -1674,16 +1752,16 @@ CVE-2020-13273
RESERVED
CVE-2020-13272
RESERVED
-CVE-2020-13271
- RESERVED
-CVE-2020-13270
- RESERVED
-CVE-2020-13269
- RESERVED
-CVE-2020-13268
- RESERVED
-CVE-2020-13267
- RESERVED
+CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the
execution of a ...)
+ TODO: check
+CVE-2020-13270 (Missing permission check on fork relation creation in GitLab
CE/EE 11. ...)
+ TODO: check
+CVE-2020-13269 (A Reflected Cross-Site Scripting vulnerability allowed the
execution o ...)
+ TODO: check
+CVE-2020-13268 (A specially crafted request could be used to confirm the
existence of ...)
+ TODO: check
+CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the
execution on J ...)
+ TODO: check
CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE
12.8 and ...)
- gitlab <unfixed>
CVE-2020-13265
@@ -1754,8 +1832,8 @@ CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4
allows users with the 'Set
- dolibarr <removed>
CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded
.html file ...)
- dolibarr <removed>
-CVE-2020-13238
- RESERVED
+CVE-2020-13238 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow
attackers to ...)
+ TODO: check
CVE-2020-13237
RESERVED
CVE-2020-13236
@@ -1787,8 +1865,8 @@ CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site
scripting (XSS) vulnera
NOTE: https://github.com/phpipam/phpipam/issues/3025
CVE-2020-13224
RESERVED
-CVE-2020-13223
- RESERVED
+CVE-2020-13223 (HashiCorp Vault and Vault Enterprise before 1.3.6, and 1.4.2
before 1. ...)
+ TODO: check
CVE-2020-13222
RESERVED
CVE-2020-13221
@@ -1919,8 +1997,7 @@ CVE-2020-13162
RESERVED
CVE-2020-13161
RESERVED
-CVE-2020-13160
- RESERVED
+CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string
vulnerab ...)
NOT-FOR-US: AnyDesk
CVE-2020-13159
RESERVED
@@ -2623,8 +2700,8 @@ CVE-2020-12852 (The update feature for Pydio Cells 2.0.4
allows an administrator
NOT-FOR-US: Pydio Cells
CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or
overwrite e ...)
NOT-FOR-US: Pydio Cells
-CVE-2020-12850
- RESERVED
+CVE-2020-12850 (Pydio Cells Enterprise OVF version 2.0.4 has insecure
permissions that ...)
+ TODO: check
CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to
the web ...)
NOT-FOR-US: Pydio Cells
CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file
selecti ...)
@@ -2883,8 +2960,8 @@ CVE-2020-12759
RESERVED
CVE-2020-12758
RESERVED
-CVE-2020-12757
- RESERVED
+CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.x before 1.4.2 has
Incorrect ...)
+ TODO: check
CVE-2020-12756
RESERVED
CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE
kio-extras t ...)
@@ -2984,10 +3061,10 @@ CVE-2020-12716
RESERVED
CVE-2020-12715
RESERVED
-CVE-2020-12714
- RESERVED
-CVE-2020-12713
- RESERVED
+CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway
Virtual Applia ...)
+ TODO: check
+CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and
Profession ...)
+ TODO: check
CVE-2020-12712
RESERVED
CVE-2020-12711
@@ -4732,16 +4809,16 @@ CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4
and prior, Version 9.0.0
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12005
RESERVED
-CVE-2020-12004
- RESERVED
+CVE-2020-12004 (The affected product lacks proper authentication required to
query the ...)
+ TODO: check
CVE-2020-12003
RESERVED
CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version
9.0.0. Mult ...)
NOT-FOR-US: Advantech WebAccess Node
CVE-2020-12001
RESERVED
-CVE-2020-12000
- RESERVED
+CVE-2020-12000 (The affected product is vulnerable to the handling of
serialized data. ...)
+ TODO: check
CVE-2020-11999
RESERVED
CVE-2020-11998
@@ -4834,8 +4911,8 @@ CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow
in Scanner::fill in pa
NOTE: Vulnerability introduced in:
https://github.com/skvadrik/re2c/commit/1edd26a35457c5835afd58b8fa8330d33e7a1192
(1.2)
NOTE:
https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a#commitcomment-38652070
NOTE: Fixed by:
https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a
-CVE-2020-11957
- RESERVED
+CVE-2020-11957 (The Bluetooth Low Energy implementation in Cypress PSoC
Creator BLE 4. ...)
+ TODO: check
CVE-2020-11956
RESERVED
CVE-2020-11955
@@ -5835,8 +5912,8 @@ CVE-2020-11800
RESERVED
CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate
privile ...)
NOT-FOR-US: Z-Cron
-CVE-2020-11798
- RESERVED
+CVE-2020-11798 (A Directory Traversal vulnerability in the web conference
component of ...)
+ TODO: check
CVE-2020-11797
RESERVED
CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password
authentication imp ...)
@@ -6595,8 +6672,8 @@ CVE-2020-11624
RESERVED
CVE-2020-11623
RESERVED
-CVE-2020-11622
- RESERVED
+CVE-2020-11622 (A vulnerability exists in Arista’s Cloud EOS VM / vEOS
4.23.2M a ...)
+ TODO: check
CVE-2020-11621
RESERVED
CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the
interact ...)
@@ -7292,7 +7369,7 @@ CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains
a path traversal vulner
- limesurvey <itp> (bug #472802)
CVE-2020-11454 (Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML
Contain ...)
NOT-FOR-US: Microstrategy Web
-CVE-2020-11453 (Microstrategy Web 10.4 is vulnerable to Server-Side Request
Forgery in ...)
+CVE-2020-11453 (** DISPUTED ** Microstrategy Web 10.4 is vulnerable to
Server-Side Req ...)
NOT-FOR-US: Microstrategy Web
CVE-2020-11452 (Microstrategy Web 10.4 includes functionality to allow users
to import ...)
NOT-FOR-US: Microstrategy Web
@@ -8060,8 +8137,8 @@ CVE-2020-11092
RESERVED
CVE-2020-11091 (In Weave Net before version 2.6.3, an attacker able to run a
process a ...)
NOT-FOR-US: Weave Net
-CVE-2020-11090
- RESERVED
+CVE-2020-11090 (In Indy Node 1.12.2, there is an Uncontrolled Resource
Consumption vul ...)
+ TODO: check
CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp
function ...)
- freerdp2 2.1.1+dfsg1-1
[buster] - freerdp2 <no-dsa> (Minor issue)
@@ -9315,8 +9392,7 @@ CVE-2020-10756 [lirp: networking out-of-bounds read
information disclosure vulne
NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as
fixed.
NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that
version as fixed.
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11
-CVE-2020-10755
- RESERVED
+CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder
version ...)
- cinder <unfixed>
NOTE: https://bugs.launchpad.net/cinder/+bug/1823200
NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086
@@ -9484,15 +9560,14 @@ CVE-2020-10709
NOTE: https://github.com/ansible/awx/issues/6630
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033
CVE-2020-10708 [race condition in kernel/audit.c may allow low privilege users
trigger kernel panic]
- RESERVED
+ REJECTED
- linux <unfixed> (unimportant)
NOTE: Disputed and negligigle imapct
CVE-2020-10707
REJECTED
CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth
tokens ar ...)
NOT-FOR-US: OpenShift
-CVE-2020-10705
- RESERVED
+CVE-2020-10705 (A flaw was discovered in Undertow in versions before Undertow
2.1.1.Fi ...)
- undertow <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241
CVE-2020-10704 (A flaw was found when using samba as an Active Directory
Domain Contro ...)
@@ -9750,14 +9825,15 @@ CVE-2020-10648 (Das U-Boot through 2020.01 allows
attackers to bypass verified b
NOTE: http://www.openwall.com/lists/oss-security/2020/03/18/5
NOTE:
https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/
NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html
-CVE-2020-10647 (Wind River VxWorks tftp client library, as distributed in
VxWorks 6.9 ...)
+CVE-2020-10647
+ REJECTED
NOT-FOR-US: VxWorks
CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0
contains a h ...)
NOT-FOR-US: Fuji Electric V-Server Lite
CVE-2020-10645
RESERVED
-CVE-2020-10644
- RESERVED
+CVE-2020-10644 (The affected product lacks proper validation of user-supplied
data, wh ...)
+ TODO: check
CVE-2020-10643
RESERVED
CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.1.00 and
prior, an au ...)
@@ -11444,150 +11520,109 @@ CVE-2020-9860
RESERVED
CVE-2020-9859 (A memory consumption issue was addressed with improved memory
handling ...)
NOT-FOR-US: Apple
-CVE-2020-9858
- RESERVED
+CVE-2020-9858 (A dynamic library loading issue was addressed with improved
path searc ...)
NOT-FOR-US: Apple
CVE-2020-9857
RESERVED
-CVE-2020-9856
- RESERVED
+CVE-2020-9856 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
-CVE-2020-9855
- RESERVED
+CVE-2020-9855 (A validation issue existed in the handling of symlinks. This
issue was ...)
NOT-FOR-US: Apple
CVE-2020-9854
RESERVED
CVE-2020-9853
RESERVED
-CVE-2020-9852
- RESERVED
+CVE-2020-9852 (An integer overflow was addressed through improved input
validation. T ...)
NOT-FOR-US: Apple
-CVE-2020-9851
- RESERVED
+CVE-2020-9851 (An access issue was addressed with improved access
restrictions. This ...)
NOT-FOR-US: Apple
-CVE-2020-9850
- RESERVED
+CVE-2020-9850 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
CVE-2020-9849
RESERVED
-CVE-2020-9848
- RESERVED
+CVE-2020-9848 (An authorization issue was addressed with improved state
management. T ...)
NOT-FOR-US: Apple
-CVE-2020-9847
- RESERVED
+CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9846
RESERVED
CVE-2020-9845
RESERVED
-CVE-2020-9844
- RESERVED
+CVE-2020-9844 (A double free issue was addressed with improved memory
management. Thi ...)
NOT-FOR-US: Apple
-CVE-2020-9843
- RESERVED
+CVE-2020-9843 (An input validation issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
-CVE-2020-9842
- RESERVED
+CVE-2020-9842 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
-CVE-2020-9841
- RESERVED
+CVE-2020-9841 (An integer overflow was addressed through improved input
validation. T ...)
NOT-FOR-US: Apple
CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed
with impr ...)
NOT-FOR-US: SwiftNIO Extras
-CVE-2020-9839
- RESERVED
+CVE-2020-9839 (A race condition was addressed with improved state handling.
This issu ...)
NOT-FOR-US: Apple
-CVE-2020-9838
- RESERVED
+CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2020-9837
- RESERVED
+CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9836
RESERVED
-CVE-2020-9835
- RESERVED
+CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue
was resol ...)
NOT-FOR-US: Apple
-CVE-2020-9834
- RESERVED
+CVE-2020-9834 (A memory corruption issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
-CVE-2020-9833
- RESERVED
+CVE-2020-9833 (A memory initialization issue was addressed with improved
memory handl ...)
NOT-FOR-US: Apple
-CVE-2020-9832
- RESERVED
+CVE-2020-9832 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
-CVE-2020-9831
- RESERVED
+CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2020-9830
- RESERVED
+CVE-2020-9830 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
-CVE-2020-9829
- RESERVED
+CVE-2020-9829 (A validation issue was addressed with improved input
sanitization. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9828
RESERVED
-CVE-2020-9827
- RESERVED
+CVE-2020-9827 (A denial of service issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
-CVE-2020-9826
- RESERVED
+CVE-2020-9826 (A denial of service issue was addressed with improved input
validation ...)
NOT-FOR-US: Apple
-CVE-2020-9825
- RESERVED
+CVE-2020-9825 (An access issue was addressed with additional sandbox
restrictions. Th ...)
NOT-FOR-US: Apple
-CVE-2020-9824
- RESERVED
+CVE-2020-9824 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
-CVE-2020-9823
- RESERVED
+CVE-2020-9823 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
-CVE-2020-9822
- RESERVED
+CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
NOT-FOR-US: Apple
-CVE-2020-9821
- RESERVED
+CVE-2020-9821 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
-CVE-2020-9820
- RESERVED
+CVE-2020-9820 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
-CVE-2020-9819
- RESERVED
+CVE-2020-9819 (A memory consumption issue was addressed with improved memory
handling ...)
NOT-FOR-US: Apple
-CVE-2020-9818
- RESERVED
+CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
NOT-FOR-US: Apple
-CVE-2020-9817
- RESERVED
+CVE-2020-9817 (A permissions issue existed. This issue was addressed with
improved pe ...)
NOT-FOR-US: Apple
-CVE-2020-9816
- RESERVED
+CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
NOT-FOR-US: Apple
-CVE-2020-9815
- RESERVED
+CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2020-9814
- RESERVED
+CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was
address ...)
NOT-FOR-US: Apple
-CVE-2020-9813
- RESERVED
+CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was
address ...)
NOT-FOR-US: Apple
-CVE-2020-9812
- RESERVED
+CVE-2020-9812 (An information disclosure issue was addressed with improved
state mana ...)
NOT-FOR-US: Apple
-CVE-2020-9811
- RESERVED
+CVE-2020-9811 (An information disclosure issue was addressed with improved
state mana ...)
NOT-FOR-US: Apple
CVE-2020-9810
RESERVED
CVE-2020-9809 (An information disclosure issue was addressed with improved
state mana ...)
NOT-FOR-US: Apple
-CVE-2020-9808
- RESERVED
+CVE-2020-9808 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
-CVE-2020-9807
- RESERVED
+CVE-2020-9807 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
CVE-2020-9806 (A memory corruption issue was addressed with improved state
management ...)
NOT-FOR-US: Apple
@@ -11623,14 +11658,11 @@ CVE-2020-9792 (A validation issue was addressed with
improved input sanitization
NOT-FOR-US: Apple
CVE-2020-9791 (An out-of-bounds read was addressed with improved input
validation. Th ...)
NOT-FOR-US: Apple
-CVE-2020-9790
- RESERVED
+CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
NOT-FOR-US: Apple
-CVE-2020-9789
- RESERVED
+CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
NOT-FOR-US: Apple
-CVE-2020-9788
- RESERVED
+CVE-2020-9788 (A validation issue was addressed with improved input
sanitization. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9787
RESERVED
@@ -12550,11 +12582,9 @@ CVE-2020-9414
RESERVED
CVE-2020-9413
RESERVED
-CVE-2020-9412
- RESERVED
+CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO
Managed Fil ...)
NOT-FOR-US: TIBCO
-CVE-2020-9411
- RESERVED
+CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO
Managed Fil ...)
NOT-FOR-US: TIBCO
CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO
JasperRe ...)
NOT-FOR-US: TIBCO
@@ -15103,20 +15133,20 @@ CVE-2020-8339
RESERVED
CVE-2020-8338
RESERVED
-CVE-2020-8337
- RESERVED
-CVE-2020-8336
- RESERVED
+CVE-2020-8337 (An unquoted search path vulnerability was reported in versions
prior t ...)
+ TODO: check
+CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on
some Th ...)
+ TODO: check
CVE-2020-8335
RESERVED
-CVE-2020-8334
- RESERVED
+CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo
ThinkP ...)
+ TODO: check
CVE-2020-8333
RESERVED
CVE-2020-8332
RESERVED
-CVE-2020-8331
- RESERVED
+CVE-2020-8331 (A potential vulnerability in the BIOS configuration of some
ThinkSyste ...)
+ TODO: check
CVE-2020-8330 (A denial of service vulnerability was reported in the firmware
prior t ...)
NOT-FOR-US: Lenovo
CVE-2020-8329 (A denial of service vulnerability was reported in the firmware
prior t ...)
@@ -15131,14 +15161,14 @@ CVE-2020-8325
RESERVED
CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem
for Leno ...)
NOT-FOR-US: Lenovo
-CVE-2020-8323
- RESERVED
-CVE-2020-8322
- RESERVED
-CVE-2020-8321
- RESERVED
-CVE-2020-8320
- RESERVED
+CVE-2020-8323 (A potential vulnerability in the SMI callback function used in
the Leg ...)
+ TODO: check
+CVE-2020-8322 (A potential vulnerability in the SMI callback function used in
the Leg ...)
+ TODO: check
+CVE-2020-8321 (A potential vulnerability in the SMI callback function used in
the Sys ...)
+ TODO: check
+CVE-2020-8320 (An internal shell was included in BIOS image in some ThinkPad
models t ...)
+ TODO: check
CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo
System Int ...)
NOT-FOR-US: Lenovo
CVE-2020-8318 (A privilege escalation vulnerability was reported in the
LenovoSystemU ...)
@@ -16710,18 +16740,18 @@ CVE-2020-7677
RESERVED
CVE-2020-7676 (angular.js prior to 1.8.0 allows cross site scripting. The
regex-based ...)
TODO: check
-CVE-2020-7675
- RESERVED
-CVE-2020-7674
- RESERVED
-CVE-2020-7673
- RESERVED
-CVE-2020-7672
- RESERVED
-CVE-2020-7671
- RESERVED
-CVE-2020-7670
- RESERVED
+CVE-2020-7675 (cd-messenger through 2.7.26 is vulnerable to Arbitrary Code
Execution. ...)
+ TODO: check
+CVE-2020-7674 (access-policy through 3.1.0 is vulnerable to Arbitrary Code
Execution. ...)
+ TODO: check
+CVE-2020-7673 (node-extend through 0.2.0 is vulnerable to Arbitrary Code
Execution. U ...)
+ TODO: check
+CVE-2020-7672 (mosc through 1.0.0 is vulnerable to Arbitrary Code Execution.
User inp ...)
+ TODO: check
+CVE-2020-7671 (goliath through 1.0.6 allows request smuggling attacks where
goliath i ...)
+ TODO: check
+CVE-2020-7670 (agoo through 2.12.3 allows request smuggling attacks where agoo
is use ...)
+ TODO: check
CVE-2020-7669
RESERVED
CVE-2020-7668
@@ -16904,16 +16934,16 @@ CVE-2020-7591
RESERVED
CVE-2020-7590
RESERVED
-CVE-2020-7589
- RESERVED
+CVE-2020-7589 (A vulnerability has been identified in LOGO!8 BM (incl. SIPLUS
variant ...)
+ TODO: check
CVE-2020-7588
RESERVED
CVE-2020-7587
RESERVED
-CVE-2020-7586
- RESERVED
-CVE-2020-7585
- RESERVED
+CVE-2020-7586 (A vulnerability has been identified in SIMATIC PCS 7 (All
versions), S ...)
+ TODO: check
+CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 (All
versions), S ...)
+ TODO: check
CVE-2020-7584
RESERVED
CVE-2020-7583
@@ -16922,8 +16952,8 @@ CVE-2020-7582
RESERVED
CVE-2020-7581
RESERVED
-CVE-2020-7580
- RESERVED
+CVE-2020-7580 (A vulnerability has been identified in SIMATIC Automation Tool
(All ve ...)
+ TODO: check
CVE-2020-7579 (A vulnerability has been identified in Spectrum Power™ 5
(All ve ...)
NOT-FOR-US: Siemens
CVE-2020-7578
@@ -17193,8 +17223,8 @@ CVE-2020-7458
RESERVED
CVE-2020-7457
RESERVED
-CVE-2020-7456
- RESERVED
+CVE-2020-7456 (In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6,
11.4-ST ...)
+ TODO: check
CVE-2020-7455 (In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5,
11.4-ST ...)
NOT-FOR-US: FreeBSD
CVE-2020-7454 (In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5,
11.4-ST ...)
@@ -17547,10 +17577,10 @@ CVE-2020-7282
RESERVED
CVE-2020-7281
RESERVED
-CVE-2020-7280
- RESERVED
-CVE-2020-7279
- RESERVED
+CVE-2020-7280 (Privilege Escalation vulnerability during daily DAT updates
when using ...)
+ TODO: check
+CVE-2020-7279 (DLL Search Order Hijacking Vulnerability in the installer
component of ...)
+ TODO: check
CVE-2020-7278 (Exploiting incorrectly configured access control security
levels vulne ...)
NOT-FOR-US: McAfee
CVE-2020-7277 (Protection mechanism failure in all processes in McAfee
Endpoint Secur ...)
@@ -20139,46 +20169,46 @@ CVE-2020-6281
RESERVED
CVE-2020-6280
RESERVED
-CVE-2020-6279
- RESERVED
+CVE-2020-6279 (OData APIs and JobApplicationInterview and JobApplication
export permi ...)
+ TODO: check
CVE-2020-6278
RESERVED
CVE-2020-6277
RESERVED
CVE-2020-6276
RESERVED
-CVE-2020-6275
- RESERVED
+CVE-2020-6275 (SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730,
731, 740 ...)
+ TODO: check
CVE-2020-6274
RESERVED
CVE-2020-6273
RESERVED
CVE-2020-6272
RESERVED
-CVE-2020-6271
- RESERVED
-CVE-2020-6270
- RESERVED
-CVE-2020-6269
- RESERVED
-CVE-2020-6268
- RESERVED
+CVE-2020-6271 (SAP Solution Manager (Problem Context Manager), version 7.2,
does not ...)
+ TODO: check
+CVE-2020-6270 (SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711,
740, 75 ...)
+ TODO: check
+CVE-2020-6269 (Under certain conditions SAP Business Objects Business
Intelligence Pl ...)
+ TODO: check
+CVE-2020-6268 (Statutory Reporting for Insurance Companies in SAP ERP
(EA-FINSERV ver ...)
+ TODO: check
CVE-2020-6267
RESERVED
-CVE-2020-6266
- RESERVED
-CVE-2020-6265
- RESERVED
-CVE-2020-6264
- RESERVED
-CVE-2020-6263
- RESERVED
+CVE-2020-6266 (SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400,
allows an at ...)
+ TODO: check
+CVE-2020-6265 (SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP
Commerce (Data ...)
+ TODO: check
+CVE-2020-6264 (SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an
attacker ...)
+ TODO: check
+CVE-2020-6263 (Standalone clients connecting to SAP NetWeaver AS Java via P4
Protocol ...)
+ TODO: check
CVE-2020-6262 (Service Data Download in SAP Application Server ABAP (ST-PI,
before ve ...)
NOT-FOR-US: SAP
CVE-2020-6261
RESERVED
-CVE-2020-6260
- RESERVED
+CVE-2020-6260 (SAP Solution Manager (Trace Analysis), version 7.20, allows an
attacke ...)
+ TODO: check
CVE-2020-6259 (Under certain conditions SAP Adaptive Server Enterprise,
versions 15.7 ...)
NOT-FOR-US: SAP
CVE-2020-6258 (SAP Identity Management, version 8.0, does not perform
necessary autho ...)
@@ -20205,8 +20235,8 @@ CVE-2020-6248 (SAP Adaptive Server Enterprise (Backup
Server), version 16.0, doe
NOT-FOR-US: SAP
CVE-2020-6247 (SAP Business Objects Business Intelligence Platform, version
4.2, allo ...)
NOT-FOR-US: SAP
-CVE-2020-6246
- RESERVED
+CVE-2020-6246 (SAP NetWeaver AS ABAP Business Server Pages Test Application
SBSPEXT_T ...)
+ TODO: check
CVE-2020-6245 (SAP Business Objects Business Intelligence Platform, version
4.2, allo ...)
NOT-FOR-US: SAP
CVE-2020-6244 (SAP Business Client, version 7.0, allows an attacker after a
successfu ...)
@@ -20219,8 +20249,8 @@ CVE-2020-6241 (SAP Adaptive Server Enterprise, version
16.0, allows an authentic
NOT-FOR-US: SAP
CVE-2020-6240 (SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750,
752, 75 ...)
NOT-FOR-US: SAP
-CVE-2020-6239
- RESERVED
+CVE-2020-6239 (Under certain conditions SAP Business One (Backup service),
versions 9 ...)
+ TODO: check
CVE-2020-6238 (SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not
process ...)
NOT-FOR-US: SAP
CVE-2020-6237 (Under certain conditions, SAP Business Objects Business
Intelligence P ...)
@@ -21599,10 +21629,10 @@ CVE-2020-5595
RESERVED
CVE-2020-5594
RESERVED
-CVE-2020-5593
- RESERVED
-CVE-2020-5592
- RESERVED
+CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct
PHP cod ...)
+ TODO: check
+CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior
to 1.5.7 ...)
+ TODO: check
CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23,
1.7.0 to ...)
NOT-FOR-US: XACK DNS
CVE-2020-5590
@@ -22144,10 +22174,10 @@ CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and
earlier contain a remotesuppor
NOT-FOR-US: EMC
CVE-2020-5364 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an
SNMPv2 vul ...)
NOT-FOR-US: EMC
-CVE-2020-5363
- RESERVED
-CVE-2020-5362
- RESERVED
+CVE-2020-5363 (Select Dell Client Consumer and Commercial platforms include an
issue ...)
+ TODO: check
+CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an
improper auth ...)
+ TODO: check
CVE-2020-5361
RESERVED
CVE-2020-5360
@@ -24588,16 +24618,16 @@ CVE-2020-4438
RESERVED
CVE-2020-4437
RESERVED
-CVE-2020-4436
- RESERVED
-CVE-2020-4435
- RESERVED
-CVE-2020-4434
- RESERVED
-CVE-2020-4433
- RESERVED
-CVE-2020-4432
- RESERVED
+CVE-2020-4436 (Certain IBM Aspera applications are vulnerable to buffer
overflow afte ...)
+ TODO: check
+CVE-2020-4435 (Certain IBM Aspera applications are vulnerable to arbitrary
memory cor ...)
+ TODO: check
+CVE-2020-4434 (Certain IBM Aspera applications are vulnerable to buffer
overflow base ...)
+ TODO: check
+CVE-2020-4433 (Certain IBM Aspera applications are vulnerable to a stack-based
buffer ...)
+ TODO: check
+CVE-2020-4432 (Certain IBM Aspera applications are vulnerable to command
injection af ...)
+ TODO: check
CVE-2020-4431 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site
scripting ...)
NOT-FOR-US: IBM
CVE-2020-4430 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could
allow a rem ...)
@@ -25374,8 +25404,8 @@ CVE-2020-4045
RESERVED
CVE-2020-4044
RESERVED
-CVE-2020-4043
- RESERVED
+CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an
unserializati ...)
+ TODO: check
CVE-2020-4042
RESERVED
CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded
files was v ...)
@@ -31230,28 +31260,28 @@ CVE-2020-2035
RESERVED
CVE-2020-2034
RESERVED
-CVE-2020-2033
- RESERVED
-CVE-2020-2032
- RESERVED
+CVE-2020-2033 (When the pre-logon feature is enabled, a missing certification
validat ...)
+ TODO: check
+CVE-2020-2032 (A race condition vulnerability Palo Alto Networks GlobalProtect
app on ...)
+ TODO: check
CVE-2020-2031
RESERVED
CVE-2020-2030
RESERVED
-CVE-2020-2029
- RESERVED
-CVE-2020-2028
- RESERVED
-CVE-2020-2027
- RESERVED
-CVE-2020-2026
- RESERVED
+CVE-2020-2029 (An OS Command Injection vulnerability in the PAN-OS web
management int ...)
+ TODO: check
+CVE-2020-2028 (An OS Command Injection vulnerability in PAN-OS management
server allo ...)
+ TODO: check
+CVE-2020-2027 (A buffer overflow vulnerability in the authd component of the
PAN-OS m ...)
+ TODO: check
+CVE-2020-2026 (A malicious guest compromised before a container creation (e.g.
a mali ...)
+ TODO: check
CVE-2020-2025 (Kata Containers before 1.11.0 on Cloud Hypervisor persists
guest files ...)
NOT-FOR-US: Kata Containers
CVE-2020-2024 (An improper link resolution vulnerability affects Kata
Containers vers ...)
NOT-FOR-US: Kata Containers
-CVE-2020-2023
- RESERVED
+CVE-2020-2023 (Kata Containers doesn't restrict containers from accessing the
guest's ...)
+ TODO: check
CVE-2020-2022
RESERVED
CVE-2020-2021
@@ -35164,8 +35194,8 @@ CVE-2020-1350
RESERVED
CVE-2020-1349
RESERVED
-CVE-2020-1348
- RESERVED
+CVE-2020-1348 (An information disclosure vulnerability exists when the Windows
GDI co ...)
+ TODO: check
CVE-2020-1347
RESERVED
CVE-2020-1346
@@ -35174,14 +35204,14 @@ CVE-2020-1345
RESERVED
CVE-2020-1344
RESERVED
-CVE-2020-1343
- RESERVED
+CVE-2020-1343 (An information disclosure vulnerability exists in Visual Studio
Code L ...)
+ TODO: check
CVE-2020-1342
RESERVED
CVE-2020-1341
RESERVED
-CVE-2020-1340
- RESERVED
+CVE-2020-1340 (A spoofing vulnerability exists when the NuGetGallery does not
properl ...)
+ TODO: check
CVE-2020-1339
RESERVED
CVE-2020-1338
@@ -35192,288 +35222,288 @@ CVE-2020-1336
RESERVED
CVE-2020-1335
RESERVED
-CVE-2020-1334
- RESERVED
+CVE-2020-1334 (An elevation of privilege vulnerability exists when the Windows
Runtim ...)
+ TODO: check
CVE-2020-1333
RESERVED
CVE-2020-1332
RESERVED
-CVE-2020-1331
- RESERVED
+CVE-2020-1331 (A spoofing vulnerability exists when System Center Operations
Manager ...)
+ TODO: check
CVE-2020-1330
RESERVED
-CVE-2020-1329
- RESERVED
+CVE-2020-1329 (A spoofing vulnerability exists when Microsoft Bing Search for
Android ...)
+ TODO: check
CVE-2020-1328
RESERVED
-CVE-2020-1327
- RESERVED
+CVE-2020-1327 (A spoofing vulnerability exists in Microsoft Azure DevOps
Server when ...)
+ TODO: check
CVE-2020-1326
RESERVED
CVE-2020-1325
RESERVED
-CVE-2020-1324
- RESERVED
-CVE-2020-1323
- RESERVED
-CVE-2020-1322
- RESERVED
-CVE-2020-1321
- RESERVED
-CVE-2020-1320
- RESERVED
+CVE-2020-1324 (An elevation of privilege (user to user) vulnerability exists
in Windo ...)
+ TODO: check
+CVE-2020-1323 (An open redirect vulnerability exists in Microsoft SharePoint
that cou ...)
+ TODO: check
+CVE-2020-1322 (An information disclosure vulnerability exists when Microsoft
Project ...)
+ TODO: check
+CVE-2020-1321 (A remote code execution vulnerability exists in Microsoft
Office softw ...)
+ TODO: check
+CVE-2020-1320 (A cross-site-scripting (XSS) vulnerability exists when
Microsoft Share ...)
+ TODO: check
CVE-2020-1319
RESERVED
-CVE-2020-1318
- RESERVED
-CVE-2020-1317
- RESERVED
-CVE-2020-1316
- RESERVED
-CVE-2020-1315
- RESERVED
-CVE-2020-1314
- RESERVED
-CVE-2020-1313
- RESERVED
-CVE-2020-1312
- RESERVED
-CVE-2020-1311
- RESERVED
-CVE-2020-1310
- RESERVED
-CVE-2020-1309
- RESERVED
+CVE-2020-1318 (A cross-site-scripting (XSS) vulnerability exists when
Microsoft Share ...)
+ TODO: check
+CVE-2020-1317 (An elevation of privilege vulnerability exists when Group
Policy impro ...)
+ TODO: check
+CVE-2020-1316 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2020-1315 (An information disclosure vulnerability exists when Internet
Explorer ...)
+ TODO: check
+CVE-2020-1314 (An elevation of privilege vulnerability exists in Windows Text
Service ...)
+ TODO: check
+CVE-2020-1313 (An elevation of privilege vulnerability exists when the Windows
Update ...)
+ TODO: check
+CVE-2020-1312 (An elevation of privilege vulnerability exists in Windows
Installer be ...)
+ TODO: check
+CVE-2020-1311 (An elevation of privilege vulnerability exists when Component
Object M ...)
+ TODO: check
+CVE-2020-1310 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2020-1309 (An elevation of privilege vulnerability exists when the
Microsoft Stor ...)
+ TODO: check
CVE-2020-1308
RESERVED
-CVE-2020-1307
- RESERVED
-CVE-2020-1306
- RESERVED
-CVE-2020-1305
- RESERVED
-CVE-2020-1304
- RESERVED
+CVE-2020-1307 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2020-1306 (An elevation of privilege vulnerability exists when the Windows
Runtim ...)
+ TODO: check
+CVE-2020-1305 (An elevation of privilege vulnerability exists when the Windows
State ...)
+ TODO: check
+CVE-2020-1304 (An elevation of privilege vulnerability exists when the Windows
Runtim ...)
+ TODO: check
CVE-2020-1303
RESERVED
-CVE-2020-1302
- RESERVED
-CVE-2020-1301
- RESERVED
-CVE-2020-1300
- RESERVED
-CVE-2020-1299
- RESERVED
-CVE-2020-1298
- RESERVED
-CVE-2020-1297
- RESERVED
-CVE-2020-1296
- RESERVED
-CVE-2020-1295
- RESERVED
-CVE-2020-1294
- RESERVED
-CVE-2020-1293
- RESERVED
-CVE-2020-1292
- RESERVED
-CVE-2020-1291
- RESERVED
-CVE-2020-1290
- RESERVED
-CVE-2020-1289
- RESERVED
+CVE-2020-1302 (An elevation of privilege vulnerability exists in Windows
Installer be ...)
+ TODO: check
+CVE-2020-1301 (A remote code execution vulnerability exists in the way that
the Micro ...)
+ TODO: check
+CVE-2020-1300 (A remote code execution vulnerability exists when Microsoft
Windows fa ...)
+ TODO: check
+CVE-2020-1299 (A remote code execution vulnerability exists in Microsoft
Windows that ...)
+ TODO: check
+CVE-2020-1298 (A cross-site-scripting (XSS) vulnerability exists when
Microsoft Share ...)
+ TODO: check
+CVE-2020-1297 (A cross-site-scripting (XSS) vulnerability exists when
Microsoft Share ...)
+ TODO: check
+CVE-2020-1296 (A vulnerability exists in the way the Windows Diagnostics
&amp; fe ...)
+ TODO: check
+CVE-2020-1295 (An elevation of privilege vulnerability exists in Microsoft
SharePoint ...)
+ TODO: check
+CVE-2020-1294 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-1293 (An elevation of privilege vulnerability exists when the
Diagnostics Hu ...)
+ TODO: check
+CVE-2020-1292 (An elevation of privilege vulnerability exists in OpenSSH for
Windows ...)
+ TODO: check
+CVE-2020-1291 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-1290 (An information disclosure vulnerability exists when the win32k
compone ...)
+ TODO: check
+CVE-2020-1289 (A spoofing vulnerability exists when Microsoft SharePoint
Server does ...)
+ TODO: check
CVE-2020-1288
RESERVED
-CVE-2020-1287
- RESERVED
-CVE-2020-1286
- RESERVED
+CVE-2020-1287 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-1286 (A remote code execution vulnerability exists when the Windows
Shell do ...)
+ TODO: check
CVE-2020-1285
RESERVED
-CVE-2020-1284
- RESERVED
-CVE-2020-1283
- RESERVED
-CVE-2020-1282
- RESERVED
-CVE-2020-1281
- RESERVED
-CVE-2020-1280
- RESERVED
-CVE-2020-1279
- RESERVED
-CVE-2020-1278
- RESERVED
-CVE-2020-1277
- RESERVED
-CVE-2020-1276
- RESERVED
-CVE-2020-1275
- RESERVED
-CVE-2020-1274
- RESERVED
-CVE-2020-1273
- RESERVED
-CVE-2020-1272
- RESERVED
-CVE-2020-1271
- RESERVED
-CVE-2020-1270
- RESERVED
-CVE-2020-1269
- RESERVED
-CVE-2020-1268
- RESERVED
+CVE-2020-1284 (A denial of service vulnerability exists in the way that the
Microsoft ...)
+ TODO: check
+CVE-2020-1283 (A denial of service vulnerability exists when Windows
improperly handl ...)
+ TODO: check
+CVE-2020-1282 (An elevation of privilege vulnerability exists when the Windows
Runtim ...)
+ TODO: check
+CVE-2020-1281 (A remote code execution vulnerability exists when Microsoft
Windows OL ...)
+ TODO: check
+CVE-2020-1280 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-1279 (An elevation of privilege vulnerability exists when Windows
Lockscreen ...)
+ TODO: check
+CVE-2020-1278 (An elevation of privilege vulnerability exists when the
Diagnostics Hu ...)
+ TODO: check
+CVE-2020-1277 (An elevation of privilege vulnerability exists in Windows
Installer be ...)
+ TODO: check
+CVE-2020-1276 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2020-1275 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2020-1274 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2020-1273 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2020-1272 (An elevation of privilege vulnerability exists in the Windows
Installe ...)
+ TODO: check
+CVE-2020-1271 (An elevation of privilege vulnerability exists when the Windows
Backup ...)
+ TODO: check
+CVE-2020-1270 (An elevation of privilege vulnerability exists in the way that
the wla ...)
+ TODO: check
+CVE-2020-1269 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2020-1268 (An information disclosure vulnerability exists when a Windows
service ...)
+ TODO: check
CVE-2020-1267
RESERVED
-CVE-2020-1266
- RESERVED
-CVE-2020-1265
- RESERVED
-CVE-2020-1264
- RESERVED
-CVE-2020-1263
- RESERVED
-CVE-2020-1262
- RESERVED
-CVE-2020-1261
- RESERVED
-CVE-2020-1260
- RESERVED
-CVE-2020-1259
- RESERVED
-CVE-2020-1258
- RESERVED
-CVE-2020-1257
- RESERVED
+CVE-2020-1266 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2020-1265 (An elevation of privilege vulnerability exists when the Windows
Runtim ...)
+ TODO: check
+CVE-2020-1264 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2020-1263 (An information disclosure vulnerability exists in the way
Windows Erro ...)
+ TODO: check
+CVE-2020-1262 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
+CVE-2020-1261 (An information disclosure vulnerability exists in the way
Windows Erro ...)
+ TODO: check
+CVE-2020-1260 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
+CVE-2020-1259 (A security feature bypass vulnerability exists when Windows
Host Guard ...)
+ TODO: check
+CVE-2020-1258 (An elevation of privilege vulnerability exists when DirectX
improperly ...)
+ TODO: check
+CVE-2020-1257 (An elevation of privilege vulnerability exists when the
Diagnostics Hu ...)
+ TODO: check
CVE-2020-1256
RESERVED
-CVE-2020-1255
- RESERVED
-CVE-2020-1254
- RESERVED
-CVE-2020-1253
- RESERVED
+CVE-2020-1255 (An elevation of privilege vulnerability exists when the Windows
Backgr ...)
+ TODO: check
+CVE-2020-1254 (An elevation of privilege vulnerability exists when Windows
Modules In ...)
+ TODO: check
+CVE-2020-1253 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
CVE-2020-1252
RESERVED
-CVE-2020-1251
- RESERVED
+CVE-2020-1251 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
CVE-2020-1250
RESERVED
CVE-2020-1249
RESERVED
-CVE-2020-1248
- RESERVED
-CVE-2020-1247
- RESERVED
-CVE-2020-1246
- RESERVED
+CVE-2020-1248 (A remote code execution vulnerability exists in the way that
the Windo ...)
+ TODO: check
+CVE-2020-1247 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2020-1246 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
CVE-2020-1245
RESERVED
-CVE-2020-1244
- RESERVED
+CVE-2020-1244 (A denial of service vulnerability exists when Connected User
Experienc ...)
+ TODO: check
CVE-2020-1243
RESERVED
-CVE-2020-1242
- RESERVED
-CVE-2020-1241
- RESERVED
+CVE-2020-1242 (An information disclosure vulnerability exists in the way that
Microso ...)
+ TODO: check
+CVE-2020-1241 (A security feature bypass vulnerability exists when Windows
Kernel fai ...)
+ TODO: check
CVE-2020-1240
RESERVED
-CVE-2020-1239
- RESERVED
-CVE-2020-1238
- RESERVED
-CVE-2020-1237
- RESERVED
-CVE-2020-1236
- RESERVED
-CVE-2020-1235
- RESERVED
-CVE-2020-1234
- RESERVED
-CVE-2020-1233
- RESERVED
-CVE-2020-1232
- RESERVED
-CVE-2020-1231
- RESERVED
-CVE-2020-1230
- RESERVED
-CVE-2020-1229
- RESERVED
+CVE-2020-1239 (A memory corruption vulnerability exists when Windows Media
Foundation ...)
+ TODO: check
+CVE-2020-1238 (A memory corruption vulnerability exists when Windows Media
Foundation ...)
+ TODO: check
+CVE-2020-1237 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-1236 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
+ TODO: check
+CVE-2020-1235 (An elevation of privilege vulnerability exists when the Windows
Runtim ...)
+ TODO: check
+CVE-2020-1234 (An elevation of privilege vulnerability exists when Windows
Error Repo ...)
+ TODO: check
+CVE-2020-1233 (An elevation of privilege vulnerability exists when the Windows
Runtim ...)
+ TODO: check
+CVE-2020-1232 (An information disclosure vulnerability exists when Media
Foundation i ...)
+ TODO: check
+CVE-2020-1231 (An elevation of privilege vulnerability exists when the Windows
Runtim ...)
+ TODO: check
+CVE-2020-1230 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
+CVE-2020-1229 (A security feature bypass vulnerability exists in Microsoft
Outlook wh ...)
+ TODO: check
CVE-2020-1228
RESERVED
CVE-2020-1227
RESERVED
-CVE-2020-1226
- RESERVED
-CVE-2020-1225
- RESERVED
+CVE-2020-1226 (A remote code execution vulnerability exists in Microsoft Excel
softwa ...)
+ TODO: check
+CVE-2020-1225 (A remote code execution vulnerability exists in Microsoft Excel
softwa ...)
+ TODO: check
CVE-2020-1224
RESERVED
-CVE-2020-1223
- RESERVED
-CVE-2020-1222
- RESERVED
+CVE-2020-1223 (A remote code execution vulnerability exists when Microsoft
Word for A ...)
+ TODO: check
+CVE-2020-1222 (An elevation of privilege vulnerability exists when the
Microsoft Stor ...)
+ TODO: check
CVE-2020-1221
RESERVED
-CVE-2020-1220
- RESERVED
-CVE-2020-1219
- RESERVED
+CVE-2020-1220 (A spoofing vulnerability exists when theMicrosoft Edge
(Chromium-based ...)
+ TODO: check
+CVE-2020-1219 (A remote code execution vulnerability exists in the way that
Microsoft ...)
+ TODO: check
CVE-2020-1218
RESERVED
-CVE-2020-1217
- RESERVED
-CVE-2020-1216
- RESERVED
-CVE-2020-1215
- RESERVED
-CVE-2020-1214
- RESERVED
-CVE-2020-1213
- RESERVED
-CVE-2020-1212
- RESERVED
-CVE-2020-1211
- RESERVED
+CVE-2020-1217 (An information disclosure vulnerability exists when the Windows
Runtim ...)
+ TODO: check
+CVE-2020-1216 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
+CVE-2020-1215 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
+CVE-2020-1214 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
+CVE-2020-1213 (A remote code execution vulnerability exists in the way that
the VBScr ...)
+ TODO: check
+CVE-2020-1212 (An elevation of privilege vulnerability exists when an OLE
Automation ...)
+ TODO: check
+CVE-2020-1211 (An elevation of privilege vulnerability exists in the way that
the Con ...)
+ TODO: check
CVE-2020-1210
RESERVED
-CVE-2020-1209
- RESERVED
-CVE-2020-1208
- RESERVED
-CVE-2020-1207
- RESERVED
-CVE-2020-1206
- RESERVED
+CVE-2020-1209 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-1208 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
+ TODO: check
+CVE-2020-1207 (An elevation of privilege vulnerability exists in Windows when
the Win ...)
+ TODO: check
+CVE-2020-1206 (An information disclosure vulnerability exists in the way that
the Mic ...)
+ TODO: check
CVE-2020-1205
RESERVED
-CVE-2020-1204
- RESERVED
-CVE-2020-1203
- RESERVED
-CVE-2020-1202
- RESERVED
-CVE-2020-1201
- RESERVED
+CVE-2020-1204 (An elevation of privilege vulnerability exists when Windows
Mobile Dev ...)
+ TODO: check
+CVE-2020-1203 (An elevation of privilege vulnerability exists when the
Diagnostics Hu ...)
+ TODO: check
+CVE-2020-1202 (An elevation of privilege vulnerability exists when the
Diagnostics Hu ...)
+ TODO: check
+CVE-2020-1201 (An elevation of privilege vulnerability exists in the way the
Windows ...)
+ TODO: check
CVE-2020-1200
RESERVED
-CVE-2020-1199
- RESERVED
+CVE-2020-1199 (An elevation of privilege vulnerability exists when the Windows
Feedba ...)
+ TODO: check
CVE-2020-1198
RESERVED
-CVE-2020-1197
- RESERVED
-CVE-2020-1196
- RESERVED
+CVE-2020-1197 (An elevation of privilege vulnerability exists when Windows
Error Repo ...)
+ TODO: check
+CVE-2020-1196 (An elevation of privilege vulnerability exists in the way that
the pri ...)
+ TODO: check
CVE-2020-1195 (An elevation of privilege vulnerability exists in Microsoft
Edge (Chro ...)
NOT-FOR-US: Microsoft
-CVE-2020-1194
- RESERVED
+CVE-2020-1194 (A denial of service vulnerability exists when Windows Registry
imprope ...)
+ TODO: check
CVE-2020-1193
RESERVED
CVE-2020-1192 (A remote code execution vulnerability exists in Visual Studio
Code whe ...)
@@ -35494,20 +35524,20 @@ CVE-2020-1185 (An elevation of privilege
vulnerability exists when the Windows S
NOT-FOR-US: Microsoft
CVE-2020-1184 (An elevation of privilege vulnerability exists when the Windows
State ...)
NOT-FOR-US: Microsoft
-CVE-2020-1183
- RESERVED
+CVE-2020-1183 (A cross-site-scripting (XSS) vulnerability exists when
Microsoft Share ...)
+ TODO: check
CVE-2020-1182
RESERVED
-CVE-2020-1181
- RESERVED
+CVE-2020-1181 (A remote code execution vulnerability exists in Microsoft
SharePoint S ...)
+ TODO: check
CVE-2020-1180
RESERVED
CVE-2020-1179 (An information disclosure vulnerability exists when the Windows
GDI co ...)
NOT-FOR-US: Microsoft
-CVE-2020-1178
- RESERVED
-CVE-2020-1177
- RESERVED
+CVE-2020-1178 (An elevation of privilege vulnerability exists when Microsoft
SharePoi ...)
+ TODO: check
+CVE-2020-1177 (A cross-site-scripting (XSS) vulnerability exists when
Microsoft Share ...)
+ TODO: check
CVE-2020-1176 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
NOT-FOR-US: Microsoft
CVE-2020-1175 (A remote code execution vulnerability exists when the Windows
Jet Data ...)
@@ -35520,8 +35550,8 @@ CVE-2020-1172
RESERVED
CVE-2020-1171 (A remote code execution vulnerability exists in Visual Studio
Code whe ...)
NOT-FOR-US: Microsoft
-CVE-2020-1170
- RESERVED
+CVE-2020-1170 (An elevation of privilege vulnerability exists in Windows
Defender tha ...)
+ TODO: check
CVE-2020-1169
RESERVED
CVE-2020-1168
@@ -35534,14 +35564,14 @@ CVE-2020-1165 (An elevation of privilege
vulnerability exists when Windows impro
NOT-FOR-US: Microsoft
CVE-2020-1164 (An elevation of privilege vulnerability exists when the Windows
Runtim ...)
NOT-FOR-US: Microsoft
-CVE-2020-1163
- RESERVED
-CVE-2020-1162
- RESERVED
+CVE-2020-1163 (An elevation of privilege vulnerability exists in Windows
Defender tha ...)
+ TODO: check
+CVE-2020-1162 (An elevation of privilege (user to user) vulnerability exists
in Windo ...)
+ TODO: check
CVE-2020-1161 (A denial of service vulnerability exists when ASP.NET Core
improperly ...)
NOT-FOR-US: Microsoft .NET
-CVE-2020-1160
- RESERVED
+CVE-2020-1160 (An information disclosure vulnerability exists when the
Microsoft Wind ...)
+ TODO: check
CVE-2020-1159
RESERVED
CVE-2020-1158 (An elevation of privilege vulnerability exists when the Windows
Runtim ...)
@@ -35564,8 +35594,8 @@ CVE-2020-1150 (A memory corruption vulnerability exists
when Windows Media Found
NOT-FOR-US: Microsoft
CVE-2020-1149 (An elevation of privilege vulnerability exists when the Windows
Runtim ...)
NOT-FOR-US: Microsoft
-CVE-2020-1148
- RESERVED
+CVE-2020-1148 (A spoofing vulnerability exists when Microsoft SharePoint
Server does ...)
+ TODO: check
CVE-2020-1147
RESERVED
CVE-2020-1146
@@ -35620,8 +35650,8 @@ CVE-2020-1122
RESERVED
CVE-2020-1121 (An elevation of privilege vulnerability exists when Windows
improperly ...)
NOT-FOR-US: Microsoft
-CVE-2020-1120
- RESERVED
+CVE-2020-1120 (A denial of service vulnerability exists when Connected User
Experienc ...)
+ TODO: check
CVE-2020-1119
RESERVED
CVE-2020-1118 (A denial of service vulnerability exists in the Windows
implementation ...)
@@ -35714,8 +35744,8 @@ CVE-2020-1075 (An information disclosure vulnerability
exists when Windows Subsy
NOT-FOR-US: Microsoft
CVE-2020-1074
RESERVED
-CVE-2020-1073
- RESERVED
+CVE-2020-1073 (A remote code execution vulnerability exists in the way that
the Chakr ...)
+ TODO: check
CVE-2020-1072 (An information disclosure vulnerability exists when the Windows
kernel ...)
NOT-FOR-US: Microsoft
CVE-2020-1071 (An elevation of privilege vulnerability exists when Windows
improperly ...)
@@ -35888,8 +35918,8 @@ CVE-2020-0988 (A remote code execution vulnerability
exists when the Windows Jet
NOT-FOR-US: Microsoft
CVE-2020-0987 (An information disclosure vulnerability exists when the
Microsoft Wind ...)
NOT-FOR-US: Microsoft
-CVE-2020-0986
- RESERVED
+CVE-2020-0986 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
+ TODO: check
CVE-2020-0985 (An elevation of privilege vulnerability exists when the Windows
Update ...)
NOT-FOR-US: Microsoft
CVE-2020-0984 (An elevation of privilege vulnerability exists when the
Microsoft Auto ...)
@@ -36028,10 +36058,10 @@ CVE-2020-0918 (An elevation of privilege
vulnerability exists when Windows Hyper
NOT-FOR-US: Microsoft
CVE-2020-0917 (An elevation of privilege vulnerability exists when Windows
Hyper-V on ...)
NOT-FOR-US: Microsoft
-CVE-2020-0916
- RESERVED
-CVE-2020-0915
- RESERVED
+CVE-2020-0916 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
+CVE-2020-0915 (An elevation of privilege vulnerability exists in the way that
the Win ...)
+ TODO: check
CVE-2020-0914
RESERVED
CVE-2020-0913 (An elevation of privilege vulnerability exists when the Windows
kernel ...)
@@ -39198,32 +39228,24 @@ CVE-2020-0123
RESERVED
CVE-2020-0122
RESERVED
-CVE-2020-0121
- RESERVED
+CVE-2020-0121 (In updateUidProcState of AppOpsService.java, there is a
possible permi ...)
NOT-FOR-US: Android
CVE-2020-0120
RESERVED
NOT-FOR-US: Android Media Framework
-CVE-2020-0119
- RESERVED
+CVE-2020-0119 (In addOrUpdateNetworkInternal and related functions of
WifiConfigManag ...)
NOT-FOR-US: Android
-CVE-2020-0118
- RESERVED
+CVE-2020-0118 (In addListener of RegionSamplingThread.cpp, there is a possible
out of ...)
NOT-FOR-US: Android Media Framework
-CVE-2020-0117
- RESERVED
+CVE-2020-0117 (In aes_cmac of aes_cmac.cc, there is a possible out of bounds
write du ...)
NOT-FOR-US: Android
-CVE-2020-0116
- RESERVED
+CVE-2020-0116 (In checkSystemLocationAccess of LocationAccessPolicy.java,
there is a ...)
NOT-FOR-US: Android
-CVE-2020-0115
- RESERVED
+CVE-2020-0115 (In verifyIntentFiltersIfNeeded of PackageManagerService.java,
there is ...)
NOT-FOR-US: Android
-CVE-2020-0114
- RESERVED
+CVE-2020-0114 (In onCreateSliceProvider of KeyguardSliceProvider.java, there
is a pos ...)
NOT-FOR-US: Android
-CVE-2020-0113
- RESERVED
+CVE-2020-0113 (In sendCaptureResult of Camera3OutputUtils.cpp, there is a
possible ou ...)
NOT-FOR-US: Android Media Framework
CVE-2020-0112
RESERVED
@@ -75534,8 +75556,8 @@ CVE-2019-6198
RESERVED
CVE-2019-6197
RESERVED
-CVE-2019-6196
- RESERVED
+CVE-2019-6196 (A symbolic link vulnerability in some Lenovo installation
packages, pr ...)
+ TODO: check
CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller
(XCC) ver ...)
NOT-FOR-US: Lenovo
CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was
reported in ...)
@@ -75580,8 +75602,8 @@ CVE-2019-6175 (A denial of service vulnerability was
reported in Lenovo System U
NOT-FOR-US: Lenovo
CVE-2019-6174
RESERVED
-CVE-2019-6173
- RESERVED
+CVE-2019-6173 (A DLL search path vulnerability could allow privilege
escalation in so ...)
+ TODO: check
CVE-2019-6172 (A potential vulnerability in the SMI callback function in some
Lenovo ...)
NOT-FOR-US: Lenovo
CVE-2019-6171 (A vulnerability was reported in various BIOS versions of older
ThinkPa ...)
@@ -76786,15 +76808,15 @@ CVE-2019-5736 (runc through 1.0-rc6, as used in
Docker before 18.09.2 and other
NOTE: lxc: Fixed by:
https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d
NOTE: Not considered a security issue by LXC upstream
CVE-2019-5735
- RESERVED
+ REJECTED
CVE-2019-5734
RESERVED
CVE-2019-5733
RESERVED
CVE-2019-5732
- RESERVED
+ REJECTED
CVE-2019-5731
- RESERVED
+ REJECTED
CVE-2019-5730
RESERVED
CVE-2019-5729 (Splunk-SDK-Python before 1.6.6 does not properly verify
untrusted TLS ...)
@@ -79436,8 +79458,8 @@ CVE-2019-4578
RESERVED
CVE-2019-4577
RESERVED
-CVE-2019-4576
- RESERVED
+CVE-2019-4576 (IBM QRadar Network Packet Capture 7.3.0 - 7.3.3 Patch 1 and
7.4.0 GA d ...)
+ TODO: check
CVE-2019-4575
RESERVED
CVE-2019-4574
@@ -81676,16 +81698,16 @@ CVE-2019-3619 (Information Disclosure vulnerability
in the Agent Handler in McAf
NOT-FOR-US: McAfee
CVE-2019-3618
RESERVED
-CVE-2019-3617
- RESERVED
+CVE-2019-3617 (Privilege escalation vulnerability in McAfee Total Protection
(ToPS) f ...)
+ TODO: check
CVE-2019-3616
RESERVED
CVE-2019-3615 (Data Leakage Attacks vulnerability in the web interface in
McAfee Data ...)
NOT-FOR-US: McAfee
CVE-2019-3614
RESERVED
-CVE-2019-3613
- RESERVED
+CVE-2019-3613 (DLL Search Order Hijacking vulnerability in McAfee Agent (MA)
prior to ...)
+ TODO: check
CVE-2019-3612 (Information Disclosure vulnerability in McAfee DXL Platform and
TIE Se ...)
NOT-FOR-US: McAFee
CVE-2019-3611
@@ -81734,14 +81756,14 @@ CVE-2019-3590
RESERVED
CVE-2019-3589
RESERVED
-CVE-2019-3588
- RESERVED
+CVE-2019-3588 (Privilege Escalation vulnerability in Microsoft Windows client
(McTray ...)
+ TODO: check
CVE-2019-3587 (DLL Search Order Hijacking vulnerability in Microsoft Windows
client i ...)
NOT-FOR-US: McAfee
CVE-2019-3586 (Protection Mechanism Failure in the Firewall in McAfee Endpoint
Securi ...)
NOT-FOR-US: McAfee
-CVE-2019-3585
- RESERVED
+CVE-2019-3585 (Privilege Escalation vulnerability in Microsoft Windows client
(McTray ...)
+ TODO: check
CVE-2019-3584 (Exploitation of Authentication vulnerability in MVision
Endpoint in Mc ...)
NOT-FOR-US: McAfee
CVE-2019-3583
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18ea2500a29acc96aec05f8292d3b50c163b7d67
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/18ea2500a29acc96aec05f8292d3b50c163b7d67
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
