Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
823475de by security tracker role at 2020-11-03T08:10:17+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,281 @@
+CVE-2020-28195
+ RESERVED
+CVE-2020-28194
+ RESERVED
+CVE-2020-28193
+ RESERVED
+CVE-2020-28192
+ RESERVED
+CVE-2020-28191
+ RESERVED
+CVE-2020-28190
+ RESERVED
+CVE-2020-28189
+ RESERVED
+CVE-2020-28188
+ RESERVED
+CVE-2020-28187
+ RESERVED
+CVE-2020-28186
+ RESERVED
+CVE-2020-28185
+ RESERVED
+CVE-2020-28184
+ RESERVED
+CVE-2020-28183
+ RESERVED
+CVE-2020-28182
+ RESERVED
+CVE-2020-28181
+ RESERVED
+CVE-2020-28180
+ RESERVED
+CVE-2020-28179
+ RESERVED
+CVE-2020-28178
+ RESERVED
+CVE-2020-28177
+ RESERVED
+CVE-2020-28176
+ RESERVED
+CVE-2020-28175
+ RESERVED
+CVE-2020-28174
+ RESERVED
+CVE-2020-28173
+ RESERVED
+CVE-2020-28172
+ RESERVED
+CVE-2020-28171
+ RESERVED
+CVE-2020-28170
+ RESERVED
+CVE-2020-28169
+ RESERVED
+CVE-2020-28168
+ RESERVED
+CVE-2020-28167
+ RESERVED
+CVE-2020-28166
+ RESERVED
+CVE-2020-28165
+ RESERVED
+CVE-2020-28164
+ RESERVED
+CVE-2020-28163
+ RESERVED
+CVE-2020-28162
+ RESERVED
+CVE-2020-28161
+ RESERVED
+CVE-2020-28160
+ RESERVED
+CVE-2020-28159
+ RESERVED
+CVE-2020-28158
+ RESERVED
+CVE-2020-28157
+ RESERVED
+CVE-2020-28156
+ RESERVED
+CVE-2020-28155
+ RESERVED
+CVE-2020-28154
+ RESERVED
+CVE-2020-28153
+ RESERVED
+CVE-2020-28152
+ RESERVED
+CVE-2020-28151
+ RESERVED
+CVE-2020-28150
+ RESERVED
+CVE-2020-28149
+ RESERVED
+CVE-2020-28148
+ RESERVED
+CVE-2020-28147
+ RESERVED
+CVE-2020-28146
+ RESERVED
+CVE-2020-28145
+ RESERVED
+CVE-2020-28144
+ RESERVED
+CVE-2020-28143
+ RESERVED
+CVE-2020-28142
+ RESERVED
+CVE-2020-28141
+ RESERVED
+CVE-2020-28140
+ RESERVED
+CVE-2020-28139
+ RESERVED
+CVE-2020-28138
+ RESERVED
+CVE-2020-28137
+ RESERVED
+CVE-2020-28136
+ RESERVED
+CVE-2020-28135
+ RESERVED
+CVE-2020-28134
+ RESERVED
+CVE-2020-28133
+ RESERVED
+CVE-2020-28132
+ RESERVED
+CVE-2020-28131
+ RESERVED
+CVE-2020-28130
+ RESERVED
+CVE-2020-28129
+ RESERVED
+CVE-2020-28128
+ RESERVED
+CVE-2020-28127
+ RESERVED
+CVE-2020-28126
+ RESERVED
+CVE-2020-28125
+ RESERVED
+CVE-2020-28124
+ RESERVED
+CVE-2020-28123
+ RESERVED
+CVE-2020-28122
+ RESERVED
+CVE-2020-28121
+ RESERVED
+CVE-2020-28120
+ RESERVED
+CVE-2020-28119
+ RESERVED
+CVE-2020-28118
+ RESERVED
+CVE-2020-28117
+ RESERVED
+CVE-2020-28116
+ RESERVED
+CVE-2020-28115
+ RESERVED
+CVE-2020-28114
+ RESERVED
+CVE-2020-28113
+ RESERVED
+CVE-2020-28112
+ RESERVED
+CVE-2020-28111
+ RESERVED
+CVE-2020-28110
+ RESERVED
+CVE-2020-28109
+ RESERVED
+CVE-2020-28108
+ RESERVED
+CVE-2020-28107
+ RESERVED
+CVE-2020-28106
+ RESERVED
+CVE-2020-28105
+ RESERVED
+CVE-2020-28104
+ RESERVED
+CVE-2020-28103
+ RESERVED
+CVE-2020-28102
+ RESERVED
+CVE-2020-28101
+ RESERVED
+CVE-2020-28100
+ RESERVED
+CVE-2020-28099
+ RESERVED
+CVE-2020-28098
+ RESERVED
+CVE-2020-28097
+ RESERVED
+CVE-2020-28096
+ RESERVED
+CVE-2020-28095
+ RESERVED
+CVE-2020-28094
+ RESERVED
+CVE-2020-28093
+ RESERVED
+CVE-2020-28092
+ RESERVED
+CVE-2020-28091
+ RESERVED
+CVE-2020-28090
+ RESERVED
+CVE-2020-28089
+ RESERVED
+CVE-2020-28088
+ RESERVED
+CVE-2020-28087
+ RESERVED
+CVE-2020-28086
+ RESERVED
+CVE-2020-28085
+ RESERVED
+CVE-2020-28084
+ RESERVED
+CVE-2020-28083
+ RESERVED
+CVE-2020-28082
+ RESERVED
+CVE-2020-28081
+ RESERVED
+CVE-2020-28080
+ RESERVED
+CVE-2020-28079
+ RESERVED
+CVE-2020-28078
+ RESERVED
+CVE-2020-28077
+ RESERVED
+CVE-2020-28076
+ RESERVED
+CVE-2020-28075
+ RESERVED
+CVE-2020-28074
+ RESERVED
+CVE-2020-28073
+ RESERVED
+CVE-2020-28072
+ RESERVED
+CVE-2020-28071
+ RESERVED
+CVE-2020-28070
+ RESERVED
+CVE-2020-28069
+ RESERVED
+CVE-2020-28068
+ RESERVED
+CVE-2020-28067
+ RESERVED
+CVE-2020-28066
+ RESERVED
+CVE-2020-28065
+ RESERVED
+CVE-2020-28064
+ RESERVED
+CVE-2020-28063
+ RESERVED
+CVE-2020-28062
+ RESERVED
+CVE-2020-28061
+ RESERVED
+CVE-2020-28060
+ RESERVED
+CVE-2020-28059
+ RESERVED
+CVE-2020-28058
+ RESERVED
+CVE-2020-28057
+ RESERVED
CVE-2020-28056
RESERVED
CVE-2020-28055
@@ -38,37 +316,46 @@ CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT
signature verification
CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000
1.0.9.64_10.2.64 ...)
NOT-FOR-US: Netgear
CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a
theme's backg ...)
+ {DLA-2429-1}
- wordpress <unfixed> (bug #973562)
NOTE:
https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
CVE-2020-28039 (is_protected_meta in wp-includes/meta.php in WordPress before
5.5.2 al ...)
+ {DLA-2429-1}
- wordpress <unfixed> (bug #973562)
NOTE:
https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
NOTE: https://wpscan.com/vulnerability/10452
CVE-2020-28038 (WordPress before 5.5.2 allows stored XSS via post slugs. ...)
+ {DLA-2429-1}
- wordpress <unfixed> (bug #973562)
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
CVE-2020-28037 (is_blog_installed in wp-includes/functions.php in WordPress
before 5.5 ...)
+ {DLA-2429-1}
- wordpress <unfixed> (bug #973562)
NOTE:
https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
NOTE: https://wpscan.com/vulnerability/10450
CVE-2020-28036 (wp-includes/class-wp-xmlrpc-server.php in WordPress before
5.5.2 allow ...)
+ {DLA-2429-1}
- wordpress <unfixed> (bug #973562)
NOTE:
https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
NOTE: https://wpscan.com/vulnerability/10449
CVE-2020-28035 (WordPress before 5.5.2 allows attackers to gain privileges via
XML-RPC ...)
+ {DLA-2429-1}
- wordpress <unfixed> (bug #973562)
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
CVE-2020-28034 (WordPress before 5.5.2 allows XSS associated with global
variables. ...)
+ {DLA-2429-1}
- wordpress <unfixed> (bug #973562)
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
CVE-2020-28033 (WordPress before 5.5.2 mishandles embeds from disabled sites
on a mult ...)
+ {DLA-2429-1}
- wordpress <unfixed> (bug #973562)
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
CVE-2020-28032 (WordPress before 5.5.2 mishandles deserialization requests in
wp-inclu ...)
+ {DLA-2429-1}
- wordpress <unfixed> (bug #973562)
NOTE:
https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3
NOTE:
https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/
@@ -2940,8 +3227,8 @@ CVE-2020-26941
RESERVED
CVE-2020-26940
RESERVED
-CVE-2020-26939
- RESERVED
+CVE-2020-26939 (In Legion of the Bouncy Castle BC before 1.55 and BC-FJA
before 1.0.1. ...)
+ TODO: check
CVE-2020-26938
RESERVED
CVE-2020-26937
@@ -9428,8 +9715,8 @@ CVE-2020-23991
RESERVED
CVE-2020-23990
RESERVED
-CVE-2020-23989
- RESERVED
+CVE-2020-23989 (NeDi 1.9C allows pwsec.php oid XSS. ...)
+ TODO: check
CVE-2020-23988
RESERVED
CVE-2020-23987
@@ -9670,8 +9957,8 @@ CVE-2020-23870
RESERVED
CVE-2020-23869
RESERVED
-CVE-2020-23868
- RESERVED
+CVE-2020-23868 (NeDi 1.9C allows inc/rt-popup.php d XSS. ...)
+ TODO: check
CVE-2020-23867
RESERVED
CVE-2020-23866
@@ -25588,152 +25875,123 @@ CVE-2020-16013
RESERVED
CVE-2020-16012
RESERVED
-CVE-2020-16011
- RESERVED
-CVE-2020-16010
- RESERVED
-CVE-2020-16009
- RESERVED
-CVE-2020-16008
- RESERVED
-CVE-2020-16007
- RESERVED
-CVE-2020-16006
- RESERVED
-CVE-2020-16005
- RESERVED
-CVE-2020-16004
- RESERVED
-CVE-2020-16003
- RESERVED
+CVE-2020-16011 (Heap buffer overflow in UI in Google Chrome on Windows prior
to 86.0.4 ...)
+ TODO: check
+CVE-2020-16010 (Heap buffer overflow in UI in Google Chrome on Android prior
to 86.0.4 ...)
+ TODO: check
+CVE-2020-16009 (Inappropriate implementation in V8 in Google Chrome prior to
86.0.4240 ...)
+ TODO: check
+CVE-2020-16008 (Stack buffer overflow in WebRTC in Google Chrome prior to
86.0.4240.18 ...)
+ TODO: check
+CVE-2020-16007 (Insufficient data validation in installer in Google Chrome
prior to 86 ...)
+ TODO: check
+CVE-2020-16006 (Inappropriate implementation in V8 in Google Chrome prior to
86.0.4240 ...)
+ TODO: check
+CVE-2020-16005 (Insufficient policy enforcement in ANGLE in Google Chrome
prior to 86. ...)
+ TODO: check
+CVE-2020-16004 (Use after free in user interface in Google Chrome prior to
86.0.4240.1 ...)
+ TODO: check
+CVE-2020-16003 (Use after free in printing in Google Chrome prior to
86.0.4240.111 all ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16002
- RESERVED
+CVE-2020-16002 (Use after free in PDFium in Google Chrome prior to
86.0.4240.111 allow ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16001
- RESERVED
+CVE-2020-16001 (Use after free in media in Google Chrome prior to
86.0.4240.111 allowe ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-16000
- RESERVED
+CVE-2020-16000 (Inappropriate implementation in Blink in Google Chrome prior
to 86.0.4 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15999 [heap buffer overflow]
- RESERVED
+CVE-2020-15999 (Heap buffer overflow in Freetype in Google Chrome prior to
86.0.4240.1 ...)
{DSA-4777-1 DLA-2415-1}
- freetype 2.10.2+dfsg-4 (bug #972586)
NOTE: https://www.openwall.com/lists/oss-security/2020/10/20/7
NOTE: https://savannah.nongnu.org/bugs/?59308
NOTE:
https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd
NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2103
-CVE-2020-15998
- RESERVED
-CVE-2020-15997
- RESERVED
-CVE-2020-15996
- RESERVED
-CVE-2020-15995
- RESERVED
-CVE-2020-15994
- RESERVED
-CVE-2020-15993
- RESERVED
-CVE-2020-15992
- RESERVED
+CVE-2020-15998 (Use after free in USB in Google Chrome prior to 86.0.4240.99
allowed a ...)
+ TODO: check
+CVE-2020-15997 (Use after free in Mojo in Google Chrome prior to 86.0.4240.99
allowed ...)
+ TODO: check
+CVE-2020-15996 (Use after free in passwords in Google Chrome prior to
86.0.4240.99 all ...)
+ TODO: check
+CVE-2020-15995 (Out of bounds write in V8 in Google Chrome prior to
86.0.4240.99 allow ...)
+ TODO: check
+CVE-2020-15994 (Use after free in V8 in Google Chrome prior to 86.0.4240.99
allowed a ...)
+ TODO: check
+CVE-2020-15993 (Use after free in printing in Google Chrome prior to
86.0.4240.99 allo ...)
+ TODO: check
+CVE-2020-15992 (Insufficient policy enforcement in networking in Google Chrome
prior t ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15991
- RESERVED
+CVE-2020-15991 (Use after free in password manager in Google Chrome prior to
86.0.4240 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15990
- RESERVED
+CVE-2020-15990 (Use after free in autofill in Google Chrome prior to
86.0.4240.75 allo ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15989
- RESERVED
+CVE-2020-15989 (Uninitialized data in PDFium in Google Chrome prior to
86.0.4240.75 al ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15988
- RESERVED
+CVE-2020-15988 (Insufficient policy enforcement in downloads in Google Chrome
on Windo ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15987
- RESERVED
+CVE-2020-15987 (Use after free in WebRTC in Google Chrome prior to
86.0.4240.75 allowe ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15986
- RESERVED
+CVE-2020-15986 (Integer overflow in media in Google Chrome prior to
86.0.4240.75 allow ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15985
- RESERVED
+CVE-2020-15985 (Inappropriate implementation in Blink in Google Chrome prior
to 86.0.4 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15984
- RESERVED
+CVE-2020-15984 (Insufficient policy enforcement in Omnibox in Google Chrome on
iOS pri ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15983
- RESERVED
+CVE-2020-15983 (Insufficient data validation in webUI in Google Chrome on
ChromeOS pri ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15982
- RESERVED
+CVE-2020-15982 (Inappropriate implementation in cache in Google Chrome prior
to 86.0.4 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15981
- RESERVED
+CVE-2020-15981 (Out of bounds read in audio in Google Chrome prior to
86.0.4240.75 all ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15980
- RESERVED
+CVE-2020-15980 (Insufficient policy enforcement in Intents in Google Chrome on
Android ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15979
- RESERVED
+CVE-2020-15979 (Inappropriate implementation in V8 in Google Chrome prior to
86.0.4240 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15978
- RESERVED
+CVE-2020-15978 (Insufficient data validation in navigation in Google Chrome on
Android ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15977
- RESERVED
+CVE-2020-15977 (Insufficient data validation in dialogs in Google Chrome on OS
X prior ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15976
- RESERVED
+CVE-2020-15976 (Use after free in WebXR in Google Chrome on Android prior to
86.0.4240 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15975
- RESERVED
+CVE-2020-15975 (Integer overflow in SwiftShader in Google Chrome prior to
86.0.4240.75 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15974
- RESERVED
+CVE-2020-15974 (Integer overflow in Blink in Google Chrome prior to
86.0.4240.75 allow ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15973
- RESERVED
+CVE-2020-15973 (Insufficient policy enforcement in extensions in Google Chrome
prior t ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15972
- RESERVED
+CVE-2020-15972 (Use after free in audio in Google Chrome prior to 86.0.4240.75
allowed ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15971
- RESERVED
+CVE-2020-15971 (Use after free in printing in Google Chrome prior to
86.0.4240.75 allo ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15970
- RESERVED
+CVE-2020-15970 (Use after free in NFC in Google Chrome prior to 86.0.4240.75
allowed a ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15969
- RESERVED
+CVE-2020-15969 (Use after free in WebRTC in Google Chrome prior to
86.0.4240.75 allowe ...)
{DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1}
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
@@ -25743,12 +26001,10 @@ CVE-2020-15969
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15969
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15969
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15969
-CVE-2020-15968
- RESERVED
+CVE-2020-15968 (Use after free in Blink in Google Chrome prior to 86.0.4240.75
allowed ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-15967
- RESERVED
+CVE-2020-15967 (Use after free in payments in Google Chrome prior to
86.0.4240.75 allo ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-15966 (Insufficient policy enforcement in extensions in Google Chrome
prior t ...)
@@ -43265,8 +43521,8 @@ CVE-2020-9862 (A command injection issue existed in Web
Inspector. This issue wa
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.28.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
-CVE-2020-9861
- RESERVED
+CVE-2020-9861 (A stack overflow issue existed in Swift for Linux. The issue
was addre ...)
+ TODO: check
CVE-2020-9860 (A custom URL scheme handling issue was addressed with improved
input v ...)
NOT-FOR-US: Apple
CVE-2020-9859 (A memory consumption issue was addressed with improved memory
handling ...)
@@ -51477,8 +51733,7 @@ CVE-2020-6559 (Use after free in presentation API in
Google Chrome prior to 85.0
CVE-2020-6558 (Insufficient policy enforcement in iOSWeb in Google Chrome on
iOS prio ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
-CVE-2020-6557
- RESERVED
+CVE-2020-6557 (Inappropriate implementation in networking in Google Chrome
prior to 8 ...)
- chromium <unfixed>
[stretch] - chromium <end-of-life> (see DSA 4562)
CVE-2020-6556 (Heap buffer overflow in SwiftShader in Google Chrome prior to
84.0.414 ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/823475def3044c8e3f4cc101f6c4a86fa0acacf6
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/823475def3044c8e3f4cc101f6c4a86fa0acacf6
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
