Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: bea31b07 by security tracker role at 2020-10-01T20:10:28+00:00 automatic update - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,615 @@ +CVE-2020-26510 + RESERVED +CVE-2020-26509 + RESERVED +CVE-2020-26508 + RESERVED +CVE-2020-26507 + RESERVED +CVE-2020-26506 + RESERVED +CVE-2020-26505 + RESERVED +CVE-2020-26504 + RESERVED +CVE-2020-26503 + RESERVED +CVE-2020-26502 + RESERVED +CVE-2020-26501 + RESERVED +CVE-2020-26500 + RESERVED +CVE-2020-26499 + RESERVED +CVE-2020-26498 + RESERVED +CVE-2020-26497 + RESERVED +CVE-2020-26496 + RESERVED +CVE-2020-26495 + RESERVED +CVE-2020-26494 + RESERVED +CVE-2020-26493 + RESERVED +CVE-2020-26492 + RESERVED +CVE-2020-26491 + RESERVED +CVE-2020-26490 + RESERVED +CVE-2020-26489 + RESERVED +CVE-2020-26488 + RESERVED +CVE-2020-26487 + RESERVED +CVE-2020-26486 + RESERVED +CVE-2020-26485 + RESERVED +CVE-2020-26484 + RESERVED +CVE-2020-26483 + RESERVED +CVE-2020-26482 + RESERVED +CVE-2020-26481 + RESERVED +CVE-2020-26480 + RESERVED +CVE-2020-26479 + RESERVED +CVE-2020-26478 + RESERVED +CVE-2020-26477 + RESERVED +CVE-2020-26476 + RESERVED +CVE-2020-26475 + RESERVED +CVE-2020-26474 + RESERVED +CVE-2020-26473 + RESERVED +CVE-2020-26472 + RESERVED +CVE-2020-26471 + RESERVED +CVE-2020-26470 + RESERVED +CVE-2020-26469 + RESERVED +CVE-2020-26468 + RESERVED +CVE-2020-26467 + RESERVED +CVE-2020-26466 + RESERVED +CVE-2020-26465 + RESERVED +CVE-2020-26464 + RESERVED +CVE-2020-26463 + RESERVED +CVE-2020-26462 + RESERVED +CVE-2020-26461 + RESERVED +CVE-2020-26460 + RESERVED +CVE-2020-26459 + RESERVED +CVE-2020-26458 + RESERVED +CVE-2020-26457 + RESERVED +CVE-2020-26456 + RESERVED +CVE-2020-26455 + RESERVED +CVE-2020-26454 + RESERVED +CVE-2020-26453 + RESERVED +CVE-2020-26452 + RESERVED +CVE-2020-26451 + RESERVED +CVE-2020-26450 + RESERVED +CVE-2020-26449 + RESERVED +CVE-2020-26448 + RESERVED +CVE-2020-26447 + RESERVED +CVE-2020-26446 + RESERVED +CVE-2020-26445 + RESERVED +CVE-2020-26444 + RESERVED +CVE-2020-26443 + RESERVED +CVE-2020-26442 + RESERVED +CVE-2020-26441 + RESERVED +CVE-2020-26440 + RESERVED +CVE-2020-26439 + RESERVED +CVE-2020-26438 + RESERVED +CVE-2020-26437 + RESERVED +CVE-2020-26436 + RESERVED +CVE-2020-26435 + RESERVED +CVE-2020-26434 + RESERVED +CVE-2020-26433 + RESERVED +CVE-2020-26432 + RESERVED +CVE-2020-26431 + RESERVED +CVE-2020-26430 + RESERVED +CVE-2020-26429 + RESERVED +CVE-2020-26428 + RESERVED +CVE-2020-26427 + RESERVED +CVE-2020-26426 + RESERVED +CVE-2020-26425 + RESERVED +CVE-2020-26424 + RESERVED +CVE-2020-26423 + RESERVED +CVE-2020-26422 + RESERVED +CVE-2020-26421 + RESERVED +CVE-2020-26420 + RESERVED +CVE-2020-26419 + RESERVED +CVE-2020-26418 + RESERVED +CVE-2020-26417 + RESERVED +CVE-2020-26416 + RESERVED +CVE-2020-26415 + RESERVED +CVE-2020-26414 + RESERVED +CVE-2020-26413 + RESERVED +CVE-2020-26412 + RESERVED +CVE-2020-26411 + RESERVED +CVE-2020-26410 + RESERVED +CVE-2020-26409 + RESERVED +CVE-2020-26408 + RESERVED +CVE-2020-26407 + RESERVED +CVE-2020-26406 + RESERVED +CVE-2020-26405 + RESERVED +CVE-2020-26404 + RESERVED +CVE-2020-26403 + RESERVED +CVE-2020-26402 + RESERVED +CVE-2020-26401 + RESERVED +CVE-2020-26400 + RESERVED +CVE-2020-26399 + RESERVED +CVE-2020-26398 + RESERVED +CVE-2020-26397 + RESERVED +CVE-2020-26396 + RESERVED +CVE-2020-26395 + RESERVED +CVE-2020-26394 + RESERVED +CVE-2020-26393 + RESERVED +CVE-2020-26392 + RESERVED +CVE-2020-26391 + RESERVED +CVE-2020-26390 + RESERVED +CVE-2020-26389 + RESERVED +CVE-2020-26388 + RESERVED +CVE-2020-26387 + RESERVED +CVE-2020-26386 + RESERVED +CVE-2020-26385 + RESERVED +CVE-2020-26384 + RESERVED +CVE-2020-26383 + RESERVED +CVE-2020-26382 + RESERVED +CVE-2020-26381 + RESERVED +CVE-2020-26380 + RESERVED +CVE-2020-26379 + RESERVED +CVE-2020-26378 + RESERVED +CVE-2020-26377 + RESERVED +CVE-2020-26376 + RESERVED +CVE-2020-26375 + RESERVED +CVE-2020-26374 + RESERVED +CVE-2020-26373 + RESERVED +CVE-2020-26372 + RESERVED +CVE-2020-26371 + RESERVED +CVE-2020-26370 + RESERVED +CVE-2020-26369 + RESERVED +CVE-2020-26368 + RESERVED +CVE-2020-26367 + RESERVED +CVE-2020-26366 + RESERVED +CVE-2020-26365 + RESERVED +CVE-2020-26364 + RESERVED +CVE-2020-26363 + RESERVED +CVE-2020-26362 + RESERVED +CVE-2020-26361 + RESERVED +CVE-2020-26360 + RESERVED +CVE-2020-26359 + RESERVED +CVE-2020-26358 + RESERVED +CVE-2020-26357 + RESERVED +CVE-2020-26356 + RESERVED +CVE-2020-26355 + RESERVED +CVE-2020-26354 + RESERVED +CVE-2020-26353 + RESERVED +CVE-2020-26352 + RESERVED +CVE-2020-26351 + RESERVED +CVE-2020-26350 + RESERVED +CVE-2020-26349 + RESERVED +CVE-2020-26348 + RESERVED +CVE-2020-26347 + RESERVED +CVE-2020-26346 + RESERVED +CVE-2020-26345 + RESERVED +CVE-2020-26344 + RESERVED +CVE-2020-26343 + RESERVED +CVE-2020-26342 + RESERVED +CVE-2020-26341 + RESERVED +CVE-2020-26340 + RESERVED +CVE-2020-26339 + RESERVED +CVE-2020-26338 + RESERVED +CVE-2020-26337 + RESERVED +CVE-2020-26336 + RESERVED +CVE-2020-26335 + RESERVED +CVE-2020-26334 + RESERVED +CVE-2020-26333 + RESERVED +CVE-2020-26332 + RESERVED +CVE-2020-26331 + RESERVED +CVE-2020-26330 + RESERVED +CVE-2020-26329 + RESERVED +CVE-2020-26328 + RESERVED +CVE-2020-26327 + RESERVED +CVE-2020-26326 + RESERVED +CVE-2020-26325 + RESERVED +CVE-2020-26324 + RESERVED +CVE-2020-26323 + RESERVED +CVE-2020-26322 + RESERVED +CVE-2020-26321 + RESERVED +CVE-2020-26320 + RESERVED +CVE-2020-26319 + RESERVED +CVE-2020-26318 + RESERVED +CVE-2020-26317 + RESERVED +CVE-2020-26316 + RESERVED +CVE-2020-26315 + RESERVED +CVE-2020-26314 + RESERVED +CVE-2020-26313 + RESERVED +CVE-2020-26312 + RESERVED +CVE-2020-26311 + RESERVED +CVE-2020-26310 + RESERVED +CVE-2020-26309 + RESERVED +CVE-2020-26308 + RESERVED +CVE-2020-26307 + RESERVED +CVE-2020-26306 + RESERVED +CVE-2020-26305 + RESERVED +CVE-2020-26304 + RESERVED +CVE-2020-26303 + RESERVED +CVE-2020-26302 + RESERVED +CVE-2020-26301 + RESERVED +CVE-2020-26300 + RESERVED +CVE-2020-26299 + RESERVED +CVE-2020-26298 + RESERVED +CVE-2020-26297 + RESERVED +CVE-2020-26296 + RESERVED +CVE-2020-26295 + RESERVED +CVE-2020-26294 + RESERVED +CVE-2020-26293 + RESERVED +CVE-2020-26292 + RESERVED +CVE-2020-26291 + RESERVED +CVE-2020-26290 + RESERVED +CVE-2020-26289 + RESERVED +CVE-2020-26288 + RESERVED +CVE-2020-26287 + RESERVED +CVE-2020-26286 + RESERVED +CVE-2020-26285 + RESERVED +CVE-2020-26284 + RESERVED +CVE-2020-26283 + RESERVED +CVE-2020-26282 + RESERVED +CVE-2020-26281 + RESERVED +CVE-2020-26280 + RESERVED +CVE-2020-26279 + RESERVED +CVE-2020-26278 + RESERVED +CVE-2020-26277 + RESERVED +CVE-2020-26276 + RESERVED +CVE-2020-26275 + RESERVED +CVE-2020-26274 + RESERVED +CVE-2020-26273 + RESERVED +CVE-2020-26272 + RESERVED +CVE-2020-26271 + RESERVED +CVE-2020-26270 + RESERVED +CVE-2020-26269 + RESERVED +CVE-2020-26268 + RESERVED +CVE-2020-26267 + RESERVED +CVE-2020-26266 + RESERVED +CVE-2020-26265 + RESERVED +CVE-2020-26264 + RESERVED +CVE-2020-26263 + RESERVED +CVE-2020-26262 + RESERVED +CVE-2020-26261 + RESERVED +CVE-2020-26260 + RESERVED +CVE-2020-26259 + RESERVED +CVE-2020-26258 + RESERVED +CVE-2020-26257 + RESERVED +CVE-2020-26256 + RESERVED +CVE-2020-26255 + RESERVED +CVE-2020-26254 + RESERVED +CVE-2020-26253 + RESERVED +CVE-2020-26252 + RESERVED +CVE-2020-26251 + RESERVED +CVE-2020-26250 + RESERVED +CVE-2020-26249 + RESERVED +CVE-2020-26248 + RESERVED +CVE-2020-26247 + RESERVED +CVE-2020-26246 + RESERVED +CVE-2020-26245 + RESERVED +CVE-2020-26244 + RESERVED +CVE-2020-26243 + RESERVED +CVE-2020-26242 + RESERVED +CVE-2020-26241 + RESERVED +CVE-2020-26240 + RESERVED +CVE-2020-26239 + RESERVED +CVE-2020-26238 + RESERVED +CVE-2020-26237 + RESERVED +CVE-2020-26236 + RESERVED +CVE-2020-26235 + RESERVED +CVE-2020-26234 + RESERVED +CVE-2020-26233 + RESERVED +CVE-2020-26232 + RESERVED +CVE-2020-26231 + RESERVED +CVE-2020-26230 + RESERVED +CVE-2020-26229 + RESERVED +CVE-2020-26228 + RESERVED +CVE-2020-26227 + RESERVED +CVE-2020-26226 + RESERVED +CVE-2020-26225 + RESERVED +CVE-2020-26224 + RESERVED +CVE-2020-26223 + RESERVED +CVE-2020-26222 + RESERVED +CVE-2020-26221 + RESERVED +CVE-2020-26220 + RESERVED +CVE-2020-26219 + RESERVED +CVE-2020-26218 + RESERVED +CVE-2020-26217 + RESERVED +CVE-2020-26216 + RESERVED +CVE-2020-26215 + RESERVED +CVE-2020-26214 + RESERVED +CVE-2020-26213 + RESERVED +CVE-2020-26212 + RESERVED +CVE-2020-26211 + RESERVED +CVE-2020-26210 + RESERVED +CVE-2020-26209 + RESERVED +CVE-2020-26208 + RESERVED +CVE-2020-26207 + RESERVED +CVE-2020-26206 + RESERVED +CVE-2020-26205 + RESERVED CVE-2020-26204 RESERVED CVE-2020-26203 @@ -475,8 +1087,8 @@ CVE-2020-25992 RESERVED CVE-2020-25991 RESERVED -CVE-2020-25990 - RESERVED +CVE-2020-25990 (WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' ...) + TODO: check CVE-2020-25989 RESERVED CVE-2020-25988 @@ -1344,6 +1956,7 @@ CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590 CVE-2020-25613 [Potential HTTP Request Smuggling Vulnerability in WEBrick] RESERVED + {DLA-2392-1 DLA-2391-1} - ruby2.7 2.7.1-4 - ruby2.5 <removed> - ruby2.3 <removed> @@ -2263,8 +2876,8 @@ CVE-2020-25202 RESERVED CVE-2020-25201 RESERVED -CVE-2020-25200 - RESERVED +CVE-2020-25200 (Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames ...) + TODO: check CVE-2019-20916 (The pip package before 19.2 for Python allows Directory Traversal when ...) {DLA-2370-1} - python-pip 20.0.2-1 @@ -2656,11 +3269,9 @@ CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttPro NOT-FOR-US: MPXJ CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...) NOT-FOR-US: jitsi-meet-electron -CVE-2020-25018 - RESERVED +CVE-2020-25018 (Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) -CVE-2020-25017 - RESERVED +CVE-2020-25017 (Envoy through 1.15.0 only considers the first value when multiple head ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...) NOT-FOR-US: Genexis Platinum 4410 V2-1.28 @@ -3004,10 +3615,10 @@ CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20 [buster] - rust-rgb <no-dsa> (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0029.html NOTE: https://github.com/kornelski/rust-rgb/issues/35 -CVE-2020-24861 - RESERVED -CVE-2020-24860 - RESERVED +CVE-2020-24861 (GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings p ...) + TODO: check +CVE-2020-24860 (CMS Made Simple 2.2.14 allows an authenticated user with access to the ...) + TODO: check CVE-2020-24859 RESERVED CVE-2020-24858 @@ -3514,8 +4125,8 @@ CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exp NOT-FOR-US: Sonatype CVE-2020-24621 (A remote code execution (RCE) vulnerability was discovered in the html ...) NOT-FOR-US: OpenMRS -CVE-2020-24620 - RESERVED +CVE-2020-24620 (Unisys Stealth(core) before 4.0.132 stores Passwords in a Recoverable ...) + TODO: check CVE-2020-24619 (In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuse ...) NOT-FOR-US: Shotcut CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020. ...) @@ -4093,6 +4704,7 @@ CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin CVE-2020-24362 RESERVED CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...) + {DLA-2393-1} - snmptt 1.4.2-1 NOTE: https://sourceforge.net/p/snmptt/git/ci/f6aef5223bc9ed8126268a273ac9f5c341af835a CVE-2020-24360 @@ -19221,8 +19833,7 @@ CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite re NOTE: https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo NOTE: https://github.com/golang/go/issues/40618 NOTE: Fixed in 1.15~rc2, 1.14.7, 1.13.15 -CVE-2020-16844 - RESERVED +CVE-2020-16844 (In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users ...) NOT-FOR-US: Istio CVE-2020-16843 (In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the netw ...) NOT-FOR-US: Firecracker @@ -21877,8 +22488,7 @@ CVE-2020-15680 RESERVED CVE-2020-15679 RESERVED -CVE-2020-15678 - RESERVED +CVE-2020-15678 (When recursing through graphical layers while scrolling, an iterator m ...) {DSA-4768-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 @@ -21886,8 +22496,7 @@ CVE-2020-15678 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15678 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15678 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15678 -CVE-2020-15677 - RESERVED +CVE-2020-15677 (By exploiting an Open Redirect vulnerability on a website, an attacker ...) {DSA-4768-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 @@ -21895,8 +22504,7 @@ CVE-2020-15677 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15677 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15677 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15677 -CVE-2020-15676 - RESERVED +CVE-2020-15676 (Firefox sometimes ran the onload handler for SVG elements that the DOM ...) {DSA-4768-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 @@ -21904,16 +22512,13 @@ CVE-2020-15676 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15676 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15676 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15676 -CVE-2020-15675 - RESERVED +CVE-2020-15675 (When processing surfaces, the lifetime may outlive a persistent buffer ...) - firefox 81.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15675 -CVE-2020-15674 - RESERVED +CVE-2020-15674 (Mozilla developers reported memory safety bugs present in Firefox 80. ...) - firefox 81.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15674 -CVE-2020-15673 - RESERVED +CVE-2020-15673 (Mozilla developers reported memory safety bugs present in Firefox 80 a ...) {DSA-4768-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 @@ -21923,37 +22528,30 @@ CVE-2020-15673 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15673 CVE-2020-15672 RESERVED -CVE-2020-15671 - RESERVED -CVE-2020-15670 - RESERVED +CVE-2020-15671 (When typing in a password under certain conditions, a race may have oc ...) + TODO: check +CVE-2020-15670 (Mozilla developers reported memory safety bugs present in Firefox for ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670 -CVE-2020-15669 - RESERVED +CVE-2020-15669 (When aborting an operation, such as a fetch, an abort signal may be de ...) {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1} - firefox-esr 68.12.0esr-1 - thunderbird 1:68.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15669 -CVE-2020-15668 - RESERVED +CVE-2020-15668 (A lock was missing when accessing a data structure and importing certi ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15668 -CVE-2020-15667 - RESERVED +CVE-2020-15667 (When processing a MAR update file, after the signature has been valida ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15667 -CVE-2020-15666 - RESERVED +CVE-2020-15666 (When trying to load a non-video in an audio/video context the exact st ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15666 -CVE-2020-15665 - RESERVED +CVE-2020-15665 (Firefox did not reset the address bar after the beforeunload dialog wa ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665 -CVE-2020-15664 - RESERVED +CVE-2020-15664 (By holding a reference to the eval() function from an about:blank wind ...) {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1} - firefox 80.0-1 - firefox-esr 68.12.0esr-1 @@ -21961,8 +22559,7 @@ CVE-2020-15664 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15664 -CVE-2020-15663 - RESERVED +CVE-2020-15663 (If Firefox is installed to a user-writable directory, the Mozilla Main ...) - firefox <not-affected> (Only affects Windows) - firefox-esr <not-affected> (Only affects Windows) - thunderbird <not-affected> (Only affects Windows) @@ -22340,8 +22937,8 @@ CVE-2020-15535 (An issue was discovered in the bestsoftinc Car Rental System plu NOT-FOR-US: bestsoftinc Car Rental System plugin for WordPress CVE-2020-15534 RESERVED -CVE-2020-15533 - RESERVED +CVE-2020-15533 (In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 1468 ...) + TODO: check CVE-2019-20895 RESERVED CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...) @@ -23044,10 +23641,10 @@ CVE-2020-15230 RESERVED CVE-2020-15229 RESERVED -CVE-2020-15228 - RESERVED -CVE-2020-15227 - RESERVED +CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` and ` ...) + TODO: check +CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...) + TODO: check CVE-2020-15226 RESERVED CVE-2020-15225 @@ -42777,8 +43374,8 @@ CVE-2020-8111 RESERVED CVE-2020-8110 RESERVED -CVE-2020-8109 - RESERVED +CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that results ...) + TODO: check CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...) NOT-FOR-US: Bitdefender CVE-2020-8107 @@ -51751,8 +52348,8 @@ CVE-2020-4578 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulner NOT-FOR-US: IBM CVE-2020-4577 RESERVED -CVE-2020-4576 - RESERVED +CVE-2020-4576 (IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional co ...) + TODO: check CVE-2020-4575 (IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Vir ...) NOT-FOR-US: IBM CVE-2020-4574 (IBM Tivoli Key Lifecycle Manager does not require that users should ha ...) @@ -59972,8 +60569,8 @@ CVE-2020-1765 (An improper control of parameters allows the spoofing of the from NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5) CVE-2019-19394 (Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x bef ...) NOT-FOR-US: CFEngine Enterprise -CVE-2019-19393 - RESERVED +CVE-2019-19393 (The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to ...) + TODO: check CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...) NOT-FOR-US: forDNN.UsersExportImport module for DNN CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...) @@ -61448,7 +62045,7 @@ CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9 CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine fla ...) NOT-FOR-US: Adaware CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...) - {DLA-2096-1} + {DLA-2389-1 DLA-2096-1} - ruby-rack-cors 1.1.1-1 (bug #944849) NOTE: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4 @@ -61786,6 +62383,7 @@ CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the v [stretch] - tnef <no-dsa> (Minor issue; can be fixed via point release) NOTE: https://github.com/verdammelt/tnef/pull/40 CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count during ...) + {DLA-2390-1} - ruby-json-jwt 1.11.0-1 (bug #944850) NOTE: https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a CVE-2019-18847 (Enterprise Access Client Auto-Updater allows for Remote Code Execution ...) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bea31b079e4556884274f59059dd862579a12199 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bea31b079e4556884274f59059dd862579a12199 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list debian-security-tracker-commits@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits