Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
420593ef by security tracker role at 2020-12-09T08:10:20+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,593 @@
+CVE-2021-1985
+ RESERVED
+CVE-2021-1984
+ RESERVED
+CVE-2021-1983
+ RESERVED
+CVE-2021-1982
+ RESERVED
+CVE-2021-1981
+ RESERVED
+CVE-2021-1980
+ RESERVED
+CVE-2021-1979
+ RESERVED
+CVE-2021-1978
+ RESERVED
+CVE-2021-1977
+ RESERVED
+CVE-2021-1976
+ RESERVED
+CVE-2021-1975
+ RESERVED
+CVE-2021-1974
+ RESERVED
+CVE-2021-1973
+ RESERVED
+CVE-2021-1972
+ RESERVED
+CVE-2021-1971
+ RESERVED
+CVE-2021-1970
+ RESERVED
+CVE-2021-1969
+ RESERVED
+CVE-2021-1968
+ RESERVED
+CVE-2021-1967
+ RESERVED
+CVE-2021-1966
+ RESERVED
+CVE-2021-1965
+ RESERVED
+CVE-2021-1964
+ RESERVED
+CVE-2021-1963
+ RESERVED
+CVE-2021-1962
+ RESERVED
+CVE-2021-1961
+ RESERVED
+CVE-2021-1960
+ RESERVED
+CVE-2021-1959
+ RESERVED
+CVE-2021-1958
+ RESERVED
+CVE-2021-1957
+ RESERVED
+CVE-2021-1956
+ RESERVED
+CVE-2021-1955
+ RESERVED
+CVE-2021-1954
+ RESERVED
+CVE-2021-1953
+ RESERVED
+CVE-2021-1952
+ RESERVED
+CVE-2021-1951
+ RESERVED
+CVE-2021-1950
+ RESERVED
+CVE-2021-1949
+ RESERVED
+CVE-2021-1948
+ RESERVED
+CVE-2021-1947
+ RESERVED
+CVE-2021-1946
+ RESERVED
+CVE-2021-1945
+ RESERVED
+CVE-2021-1944
+ RESERVED
+CVE-2021-1943
+ RESERVED
+CVE-2021-1942
+ RESERVED
+CVE-2021-1941
+ RESERVED
+CVE-2021-1940
+ RESERVED
+CVE-2021-1939
+ RESERVED
+CVE-2021-1938
+ RESERVED
+CVE-2021-1937
+ RESERVED
+CVE-2021-1936
+ RESERVED
+CVE-2021-1935
+ RESERVED
+CVE-2021-1934
+ RESERVED
+CVE-2021-1933
+ RESERVED
+CVE-2021-1932
+ RESERVED
+CVE-2021-1931
+ RESERVED
+CVE-2021-1930
+ RESERVED
+CVE-2021-1929
+ RESERVED
+CVE-2021-1928
+ RESERVED
+CVE-2021-1927
+ RESERVED
+CVE-2021-1926
+ RESERVED
+CVE-2021-1925
+ RESERVED
+CVE-2021-1924
+ RESERVED
+CVE-2021-1923
+ RESERVED
+CVE-2021-1922
+ RESERVED
+CVE-2021-1921
+ RESERVED
+CVE-2021-1920
+ RESERVED
+CVE-2021-1919
+ RESERVED
+CVE-2021-1918
+ RESERVED
+CVE-2021-1917
+ RESERVED
+CVE-2021-1916
+ RESERVED
+CVE-2021-1915
+ RESERVED
+CVE-2021-1914
+ RESERVED
+CVE-2021-1913
+ RESERVED
+CVE-2021-1912
+ RESERVED
+CVE-2021-1911
+ RESERVED
+CVE-2021-1910
+ RESERVED
+CVE-2021-1909
+ RESERVED
+CVE-2021-1908
+ RESERVED
+CVE-2021-1907
+ RESERVED
+CVE-2021-1906
+ RESERVED
+CVE-2021-1905
+ RESERVED
+CVE-2021-1904
+ RESERVED
+CVE-2021-1903
+ RESERVED
+CVE-2021-1902
+ RESERVED
+CVE-2021-1901
+ RESERVED
+CVE-2021-1900
+ RESERVED
+CVE-2021-1899
+ RESERVED
+CVE-2021-1898
+ RESERVED
+CVE-2021-1897
+ RESERVED
+CVE-2021-1896
+ RESERVED
+CVE-2021-1895
+ RESERVED
+CVE-2021-1894
+ RESERVED
+CVE-2021-1893
+ RESERVED
+CVE-2021-1892
+ RESERVED
+CVE-2021-1891
+ RESERVED
+CVE-2021-1890
+ RESERVED
+CVE-2021-1889
+ RESERVED
+CVE-2021-1888
+ RESERVED
+CVE-2021-1887
+ RESERVED
+CVE-2021-1886
+ RESERVED
+CVE-2021-1885
+ RESERVED
+CVE-2021-1884
+ RESERVED
+CVE-2021-1883
+ RESERVED
+CVE-2021-1882
+ RESERVED
+CVE-2021-1881
+ RESERVED
+CVE-2021-1880
+ RESERVED
+CVE-2021-1879
+ RESERVED
+CVE-2021-1878
+ RESERVED
+CVE-2021-1877
+ RESERVED
+CVE-2021-1876
+ RESERVED
+CVE-2021-1875
+ RESERVED
+CVE-2021-1874
+ RESERVED
+CVE-2021-1873
+ RESERVED
+CVE-2021-1872
+ RESERVED
+CVE-2021-1871
+ RESERVED
+CVE-2021-1870
+ RESERVED
+CVE-2021-1869
+ RESERVED
+CVE-2021-1868
+ RESERVED
+CVE-2021-1867
+ RESERVED
+CVE-2021-1866
+ RESERVED
+CVE-2021-1865
+ RESERVED
+CVE-2021-1864
+ RESERVED
+CVE-2021-1863
+ RESERVED
+CVE-2021-1862
+ RESERVED
+CVE-2021-1861
+ RESERVED
+CVE-2021-1860
+ RESERVED
+CVE-2021-1859
+ RESERVED
+CVE-2021-1858
+ RESERVED
+CVE-2021-1857
+ RESERVED
+CVE-2021-1856
+ RESERVED
+CVE-2021-1855
+ RESERVED
+CVE-2021-1854
+ RESERVED
+CVE-2021-1853
+ RESERVED
+CVE-2021-1852
+ RESERVED
+CVE-2021-1851
+ RESERVED
+CVE-2021-1850
+ RESERVED
+CVE-2021-1849
+ RESERVED
+CVE-2021-1848
+ RESERVED
+CVE-2021-1847
+ RESERVED
+CVE-2021-1846
+ RESERVED
+CVE-2021-1845
+ RESERVED
+CVE-2021-1844
+ RESERVED
+CVE-2021-1843
+ RESERVED
+CVE-2021-1842
+ RESERVED
+CVE-2021-1841
+ RESERVED
+CVE-2021-1840
+ RESERVED
+CVE-2021-1839
+ RESERVED
+CVE-2021-1838
+ RESERVED
+CVE-2021-1837
+ RESERVED
+CVE-2021-1836
+ RESERVED
+CVE-2021-1835
+ RESERVED
+CVE-2021-1834
+ RESERVED
+CVE-2021-1833
+ RESERVED
+CVE-2021-1832
+ RESERVED
+CVE-2021-1831
+ RESERVED
+CVE-2021-1830
+ RESERVED
+CVE-2021-1829
+ RESERVED
+CVE-2021-1828
+ RESERVED
+CVE-2021-1827
+ RESERVED
+CVE-2021-1826
+ RESERVED
+CVE-2021-1825
+ RESERVED
+CVE-2021-1824
+ RESERVED
+CVE-2021-1823
+ RESERVED
+CVE-2021-1822
+ RESERVED
+CVE-2021-1821
+ RESERVED
+CVE-2021-1820
+ RESERVED
+CVE-2021-1819
+ RESERVED
+CVE-2021-1818
+ RESERVED
+CVE-2021-1817
+ RESERVED
+CVE-2021-1816
+ RESERVED
+CVE-2021-1815
+ RESERVED
+CVE-2021-1814
+ RESERVED
+CVE-2021-1813
+ RESERVED
+CVE-2021-1812
+ RESERVED
+CVE-2021-1811
+ RESERVED
+CVE-2021-1810
+ RESERVED
+CVE-2021-1809
+ RESERVED
+CVE-2021-1808
+ RESERVED
+CVE-2021-1807
+ RESERVED
+CVE-2021-1806
+ RESERVED
+CVE-2021-1805
+ RESERVED
+CVE-2021-1804
+ RESERVED
+CVE-2021-1803
+ RESERVED
+CVE-2021-1802
+ RESERVED
+CVE-2021-1801
+ RESERVED
+CVE-2021-1800
+ RESERVED
+CVE-2021-1799
+ RESERVED
+CVE-2021-1798
+ RESERVED
+CVE-2021-1797
+ RESERVED
+CVE-2021-1796
+ RESERVED
+CVE-2021-1795
+ RESERVED
+CVE-2021-1794
+ RESERVED
+CVE-2021-1793
+ RESERVED
+CVE-2021-1792
+ RESERVED
+CVE-2021-1791
+ RESERVED
+CVE-2021-1790
+ RESERVED
+CVE-2021-1789
+ RESERVED
+CVE-2021-1788
+ RESERVED
+CVE-2021-1787
+ RESERVED
+CVE-2021-1786
+ RESERVED
+CVE-2021-1785
+ RESERVED
+CVE-2021-1784
+ RESERVED
+CVE-2021-1783
+ RESERVED
+CVE-2021-1782
+ RESERVED
+CVE-2021-1781
+ RESERVED
+CVE-2021-1780
+ RESERVED
+CVE-2021-1779
+ RESERVED
+CVE-2021-1778
+ RESERVED
+CVE-2021-1777
+ RESERVED
+CVE-2021-1776
+ RESERVED
+CVE-2021-1775
+ RESERVED
+CVE-2021-1774
+ RESERVED
+CVE-2021-1773
+ RESERVED
+CVE-2021-1772
+ RESERVED
+CVE-2021-1771
+ RESERVED
+CVE-2021-1770
+ RESERVED
+CVE-2021-1769
+ RESERVED
+CVE-2021-1768
+ RESERVED
+CVE-2021-1767
+ RESERVED
+CVE-2021-1766
+ RESERVED
+CVE-2021-1765
+ RESERVED
+CVE-2021-1764
+ RESERVED
+CVE-2021-1763
+ RESERVED
+CVE-2021-1762
+ RESERVED
+CVE-2021-1761
+ RESERVED
+CVE-2021-1760
+ RESERVED
+CVE-2021-1759
+ RESERVED
+CVE-2021-1758
+ RESERVED
+CVE-2021-1757
+ RESERVED
+CVE-2021-1756
+ RESERVED
+CVE-2021-1755
+ RESERVED
+CVE-2021-1754
+ RESERVED
+CVE-2021-1753
+ RESERVED
+CVE-2021-1752
+ RESERVED
+CVE-2021-1751
+ RESERVED
+CVE-2021-1750
+ RESERVED
+CVE-2021-1749
+ RESERVED
+CVE-2021-1748
+ RESERVED
+CVE-2021-1747
+ RESERVED
+CVE-2021-1746
+ RESERVED
+CVE-2021-1745
+ RESERVED
+CVE-2021-1744
+ RESERVED
+CVE-2021-1743
+ RESERVED
+CVE-2021-1742
+ RESERVED
+CVE-2021-1741
+ RESERVED
+CVE-2021-1740
+ RESERVED
+CVE-2021-1739
+ RESERVED
+CVE-2021-1738
+ RESERVED
+CVE-2021-1737
+ RESERVED
+CVE-2021-1736
+ RESERVED
+CVE-2020-29651 (A denial of service via regular expression in the
py.path.svnwc compon ...)
+ TODO: check
+CVE-2020-29650
+ RESERVED
+CVE-2020-29649
+ RESERVED
+CVE-2020-29648
+ RESERVED
+CVE-2020-29647
+ RESERVED
+CVE-2020-29646
+ RESERVED
+CVE-2020-29645
+ RESERVED
+CVE-2020-29644
+ RESERVED
+CVE-2020-29643
+ RESERVED
+CVE-2020-29642
+ RESERVED
+CVE-2020-29641
+ RESERVED
+CVE-2020-29640
+ RESERVED
+CVE-2020-29639
+ RESERVED
+CVE-2020-29638
+ RESERVED
+CVE-2020-29637
+ RESERVED
+CVE-2020-29636
+ RESERVED
+CVE-2020-29635
+ RESERVED
+CVE-2020-29634
+ RESERVED
+CVE-2020-29633
+ RESERVED
+CVE-2020-29632
+ RESERVED
+CVE-2020-29631
+ RESERVED
+CVE-2020-29630
+ RESERVED
+CVE-2020-29629
+ RESERVED
+CVE-2020-29628
+ RESERVED
+CVE-2020-29627
+ RESERVED
+CVE-2020-29626
+ RESERVED
+CVE-2020-29625
+ RESERVED
+CVE-2020-29624
+ RESERVED
+CVE-2020-29623
+ RESERVED
+CVE-2020-29622
+ RESERVED
+CVE-2020-29621
+ RESERVED
+CVE-2020-29620
+ RESERVED
+CVE-2020-29619
+ RESERVED
+CVE-2020-29618
+ RESERVED
+CVE-2020-29617
+ RESERVED
+CVE-2020-29616
+ RESERVED
+CVE-2020-29615
+ RESERVED
+CVE-2020-29614
+ RESERVED
+CVE-2020-29613
+ RESERVED
+CVE-2020-29612
+ RESERVED
+CVE-2020-29611
+ RESERVED
+CVE-2020-29610
+ RESERVED
+CVE-2020-29609
+ RESERVED
+CVE-2020-29608
+ RESERVED
+CVE-2020-29607
+ RESERVED
CVE-2020-XXXX [RUSTSEC-2020-0080: miow: `miow` invalidly assumes the memory
layout of std::net::SocketAddr]
- rust-miow <unfixed> (bug #976871)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0080.html
@@ -22,10 +612,10 @@ CVE-2020-29604
RESERVED
CVE-2020-29603
RESERVED
-CVE-2020-29602
- RESERVED
-CVE-2020-29601
- RESERVED
+CVE-2020-29602 (The official irssi docker images before 1.1-alpine (Alpine
specific) c ...)
+ TODO: check
+CVE-2020-29601 (The official notary docker images before signer-0.6.1-1
contain a blan ...)
+ TODO: check
CVE-2020-29600 (In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an
absolute ...)
- awstats <unfixed> (bug #891469)
NOTE: https://github.com/eldy/awstats/issues/90
@@ -66,20 +656,20 @@ CVE-2020-29583
RESERVED
CVE-2020-29582
RESERVED
-CVE-2020-29581
- RESERVED
-CVE-2020-29580
- RESERVED
-CVE-2020-29579
- RESERVED
-CVE-2020-29578
- RESERVED
-CVE-2020-29577
- RESERVED
-CVE-2020-29576
- RESERVED
-CVE-2020-29575
- RESERVED
+CVE-2020-29581 (The official spiped docker images before 1.5-alpine contain a
blank pa ...)
+ TODO: check
+CVE-2020-29580 (The official storm Docker images before 1.2.1 contain a blank
password ...)
+ TODO: check
+CVE-2020-29579 (The official Express Gateway Docker images before 1.14.0
contain a bla ...)
+ TODO: check
+CVE-2020-29578 (The official piwik Docker images before fpm-alpine (Alpine
specific) c ...)
+ TODO: check
+CVE-2020-29577 (The official znc docker images before 1.7.1-slim contain a
blank passw ...)
+ TODO: check
+CVE-2020-29576 (The official eggdrop Docker images before 1.8.4rc2 contain a
blank pas ...)
+ TODO: check
+CVE-2020-29575 (The official elixir Docker images before 1.8.0-alpine (Alpine
specific ...)
+ TODO: check
CVE-2020-29574
RESERVED
CVE-2020-29573 (sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or
libc6) befo ...)
@@ -109,8 +699,8 @@ CVE-2020-29565 (An issue was discovered in OpenStack
Horizon before 15.3.2, 16.x
NOTE: https://review.opendev.org/c/openstack/horizon/+/758841/
NOTE: https://review.opendev.org/c/openstack/horizon/+/758843/
NOTE:
https://opendev.org/openstack/horizon/commit/252467100f75587e18df9c43ed5802ee8f0017fa
-CVE-2020-29564
- RESERVED
+CVE-2020-29564 (The official Consul Docker images 0.7.1 through 1.4.2 contain
a blank ...)
+ TODO: check
CVE-2020-29563
RESERVED
CVE-2020-29562 (The iconv function in the GNU C Library (aka glibc or libc6)
2.30 to 2 ...)
@@ -161,10 +751,10 @@ CVE-2020-29542
RESERVED
CVE-2020-29541
RESERVED
-CVE-2020-29540
- RESERVED
-CVE-2020-29539
- RESERVED
+CVE-2020-29540 (API calls in the Translation API feature in Systran Pure
Neural Server ...)
+ TODO: check
+CVE-2020-29539 (A Cross-Site Scripting (XSS) issue in WebUI Translation in
Systran Pur ...)
+ TODO: check
CVE-2020-29538
RESERVED
CVE-2020-29537
@@ -1657,8 +2247,8 @@ CVE-2020-28948 (Archive_Tar through 1.4.10 allows an
unserialization attack beca
NOTE: https://www.drupal.org/sa-core-2020-013
CVE-2020-28947 (In MISP 2.4.134, XSS exists in the template element index view
because ...)
NOT-FOR-US: MISP
-CVE-2020-28946
- RESERVED
+CVE-2020-28946 (An improper webserver configuration on Plum IK-401 devices
with firmwa ...)
+ TODO: check
CVE-2020-28945
RESERVED
CVE-2020-28944
@@ -5761,8 +6351,8 @@ CVE-2020-28276
RESERVED
CVE-2020-28275
RESERVED
-CVE-2020-28274
- RESERVED
+CVE-2020-28274 (Prototype pollution vulnerability in 'deepref' versions 1.1.1
through ...)
+ TODO: check
CVE-2020-28273 (Prototype pollution vulnerability in 'set-in' versions 1.0.0
through 2 ...)
NOT-FOR-US: Node set-in
CVE-2020-28272 (Prototype pollution vulnerability in 'keyget' versions 1.0.0
through 2 ...)
@@ -6480,8 +7070,8 @@ CVE-2020-27952
RESERVED
CVE-2020-27951
RESERVED
-CVE-2020-27950
- RESERVED
+CVE-2020-27950 (A memory initialization issue was addressed. This issue is
fixed in ma ...)
+ TODO: check
CVE-2020-27949
RESERVED
CVE-2020-27948
@@ -6516,22 +7106,22 @@ CVE-2020-27934
RESERVED
CVE-2020-27933
RESERVED
-CVE-2020-27932
- RESERVED
+CVE-2020-27932 (A type confusion issue was addressed with improved state
handling. Thi ...)
+ TODO: check
CVE-2020-27931
RESERVED
-CVE-2020-27930
- RESERVED
-CVE-2020-27929
- RESERVED
+CVE-2020-27930 (A memory corruption issue was addressed with improved input
validation ...)
+ TODO: check
+CVE-2020-27929 (A logic issue existed in the handling of Group FaceTime calls.
The iss ...)
+ TODO: check
CVE-2020-27928
RESERVED
-CVE-2020-27927
- RESERVED
-CVE-2020-27926
- RESERVED
-CVE-2020-27925
- RESERVED
+CVE-2020-27927 (An out-of-bounds write issue was addressed with improved
bounds checki ...)
+ TODO: check
+CVE-2020-27926 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2020-27925 (An issue existed in the handling of incoming calls. The issue
was addr ...)
+ TODO: check
CVE-2020-27924
RESERVED
CVE-2020-27923
@@ -6544,56 +7134,56 @@ CVE-2020-27920
RESERVED
CVE-2020-27919
RESERVED
-CVE-2020-27918
- RESERVED
-CVE-2020-27917
- RESERVED
-CVE-2020-27916
- RESERVED
+CVE-2020-27918 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2020-27917 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2020-27916 (An out-of-bounds write was addressed with improved input
validation. T ...)
+ TODO: check
CVE-2020-27915
RESERVED
CVE-2020-27914
RESERVED
CVE-2020-27913
RESERVED
-CVE-2020-27912
- RESERVED
-CVE-2020-27911
- RESERVED
-CVE-2020-27910
- RESERVED
-CVE-2020-27909
- RESERVED
+CVE-2020-27912 (An out-of-bounds write was addressed with improved input
validation. T ...)
+ TODO: check
+CVE-2020-27911 (An integer overflow was addressed through improved input
validation. T ...)
+ TODO: check
+CVE-2020-27910 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2020-27909 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2020-27908
RESERVED
CVE-2020-27907
RESERVED
-CVE-2020-27906
- RESERVED
-CVE-2020-27905
- RESERVED
-CVE-2020-27904
- RESERVED
-CVE-2020-27903
- RESERVED
-CVE-2020-27902
- RESERVED
+CVE-2020-27906 (Multiple integer overflows were addressed with improved input
validati ...)
+ TODO: check
+CVE-2020-27905 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
+CVE-2020-27904 (A logic issue existed resulting in memory corruption. This was
address ...)
+ TODO: check
+CVE-2020-27903 (This issue was addressed by removing the vulnerable code. This
issue i ...)
+ TODO: check
+CVE-2020-27902 (An authentication issue was addressed with improved state
management. ...)
+ TODO: check
CVE-2020-27901
RESERVED
-CVE-2020-27900
- RESERVED
+CVE-2020-27900 (An issue existed in the handling of snapshots. The issue was
resolved ...)
+ TODO: check
CVE-2020-27899
RESERVED
-CVE-2020-27898
- RESERVED
+CVE-2020-27898 (A denial of service issue was addressed with improved state
handling. ...)
+ TODO: check
CVE-2020-27897
RESERVED
-CVE-2020-27896
- RESERVED
-CVE-2020-27895
- RESERVED
-CVE-2020-27894
- RESERVED
+CVE-2020-27896 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2020-27895 (An information disclosure issue existed in the transition of
program s ...)
+ TODO: check
+CVE-2020-27894 (The issue was addressed with additional user controls. This
issue is f ...)
+ TODO: check
CVE-2020-27893
RESERVED
CVE-2020-27892 (The Zigbee protocol implementation on Texas Instruments CC2538
devices ...)
@@ -6947,8 +7537,7 @@ CVE-2020-27823 [Heap-buffer-overflow write in lib-openjp2]
NOTE:
https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919
CVE-2020-27822 (A flaw was found in Wildfly affecting versions 19.0.0.Final,
19.1.0.Fi ...)
- wildfly <itp> (bug #752018)
-CVE-2020-27821 [heap buffer overflow in msix_table_mmio_write() in
hw/pci/msix.c]
- RESERVED
+CVE-2020-27821 (A flaw was found in the memory management API of QEMU during
the initi ...)
- qemu 1:5.2+dfsg-1
[stretch] - qemu <postponed> (Fix along in future DLA)
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902651
@@ -7203,66 +7792,57 @@ CVE-2020-27759 (In IntensityCompare() of
/MagickCore/quantize.c, a double value
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1720
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/d44f8a35558951a21367d306a42e5a097f3a43fe
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/460dea07066e2001bc4671fcd8d53233f0fc29b3
-CVE-2020-27758
- RESERVED
+CVE-2020-27758 (A flaw was found in ImageMagick in coders/txt.c. An attacker
who submi ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1719
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/f0a8d407b2801174fd8923941a9e7822f7f9a506
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/e5e15b4456c825f78554e2ef1cc6344fa1218448
-CVE-2020-27757
- RESERVED
+CVE-2020-27757 (A floating point math calculation in ScaleAnyToQuantum() of
/MagickCor ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1712
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/e88532bd4418e95b70cbc415fe911d22ab27a5fd
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/ded073520c133421f842160d3a9e207788f55a90
-CVE-2020-27756
- RESERVED
+CVE-2020-27756 (In ParseMetaGeometry() of MagickCore/geometry.c, image height
and widt ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <postponed> (Minor issue, DoS/div0 while
package is mainly CLI)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1725
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/f35eca82b0c294ff9d0ccad104a881c3ae2ba913
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/d3d96f05950275b916207bf9df03640ef3e9fd6e
-CVE-2020-27755
- RESERVED
+CVE-2020-27755 (in SetImageExtent() of /MagickCore/image.c, an incorrect image
depth s ...)
- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1756
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/f28e9e56e1b56d4e1f09d2a56d70892ae295d6a4
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/f9191f9e388330c8e22661b42092cc78a29a5d6f
-CVE-2020-27754
- RESERVED
+CVE-2020-27754 (In IntensityCompare() of /magick/quantize.c, there are calls
to PixelP ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1754
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick6/commit/d5df600d43c8706df513a3273d09aee6f54a9233
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/d5df600d43c8706df513a3273d09aee6f54a9233
-CVE-2020-27753
- RESERVED
+CVE-2020-27753 (There are several memory leaks in the MIFF coder in
/coders/miff.c due ...)
- imagemagick 8:6.9.11.24+dfsg-1 (unimportant)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1757
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/bb3acad195de95db86c7509d8072db01890470e0
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/6f5d3d2cd94eb8361e07546c4bf72cb60681b984
-CVE-2020-27752
- RESERVED
+CVE-2020-27752 (A flaw was found in ImageMagick in
MagickCore/quantum-private.h. An at ...)
- imagemagick 8:6.9.11.24+dfsg-1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1752
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/a9d563d3d73874312080d30dc4ba07cecad56192
NOTE: ImageMagick6 commit provided by upstream pre-dates the vulnerable
version and is the same as CVE-2020-25664, clarification on-going
-CVE-2020-27751
- RESERVED
+CVE-2020-27751 (A flaw was found in ImageMagick in
MagickCore/quantum-export.c. An att ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN shift exponent
warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1727
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/f60d59cc3a7e3402d403361e0985ffa56f746a82
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/879bb6a13ece5508cd983bc3d64ced23900b60ee
-CVE-2020-27750
- RESERVED
+CVE-2020-27750 (A flaw was found in ImageMagick in
MagickCore/colorspace-private.h and ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <postponed> (Minor issue, DoS/div0 while
package is mainly CLI)
@@ -7991,8 +8571,8 @@ CVE-2020-27616 (ati_2d_blt in hw/display/ati_2d.c in QEMU
4.2.1 can encounter an
NOTE:
https://git.qemu.org/?p=qemu.git;a=commit;h=ca1f9cbfdce4d63b10d57de80fef89a89d92a540
(v5.2.0-rc1)
CVE-2020-27615 (The Loginizer plugin before 1.6.4 for WordPress allows SQL
injection ( ...)
NOT-FOR-US: Loginizer plugin for WordPress
-CVE-2020-27614
- RESERVED
+CVE-2020-27614 (AnyDesk for macOS versions 6.0.2 and older have a
vulnerability in the ...)
+ TODO: check
CVE-2020-27638 (receive.c in fastd before v21 allows denial of service
(assertion fail ...)
{DLA-2414-1}
- fastd 21-1 (bug #972521)
@@ -8560,8 +9140,8 @@ CVE-2020-27351
RESERVED
CVE-2020-27350
RESERVED
-CVE-2020-27349
- RESERVED
+CVE-2020-27349 (Aptdaemon performed policykit checks after interacting with
potentiall ...)
+ TODO: check
CVE-2020-27348 (In some conditions, a snap package built by snapcraft includes
the cur ...)
NOT-FOR-US: snapcraft
CVE-2020-27346
@@ -9346,17 +9926,14 @@ CVE-2020-26972
RESERVED
CVE-2020-26971
RESERVED
-CVE-2020-26970
- RESERVED
+CVE-2020-26970 (When reading SMTP server status codes, Thunderbird writes an
integer v ...)
{DSA-4802-1 DLA-2479-1}
- thunderbird 1:78.5.1-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970
-CVE-2020-26969
- RESERVED
+CVE-2020-26969 (Mozilla developers reported memory safety bugs present in
Firefox 82. ...)
- firefox 83.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969
-CVE-2020-26968
- RESERVED
+CVE-2020-26968 (Mozilla developers reported memory safety bugs present in
Firefox 82 a ...)
{DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
@@ -9364,20 +9941,17 @@ CVE-2020-26968
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26968
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26968
-CVE-2020-26967
- RESERVED
+CVE-2020-26967 (When listening for page changes with a Mutation Observer, a
malicious ...)
- firefox 83.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26967
-CVE-2020-26966
- RESERVED
+CVE-2020-26966 (Searching for a single word from the address bar caused an
mDNS reques ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26966
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26966
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26966
-CVE-2020-26965
- RESERVED
+CVE-2020-26965 (Some websites have a feature "Show Password" where clicking a
button w ...)
{DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
@@ -9385,20 +9959,16 @@ CVE-2020-26965
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26965
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26965
-CVE-2020-26964
- RESERVED
+CVE-2020-26964 (If the Remote Debugging via USB feature was enabled in Firefox
for And ...)
- firefox <not-affected> (Android specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26964
-CVE-2020-26963
- RESERVED
+CVE-2020-26963 (Repeated calls to the history and location interfaces could
have been ...)
- firefox 83.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26963
-CVE-2020-26962
- RESERVED
+CVE-2020-26962 (Cross-origin iframes that contained a login form could have
been recog ...)
- firefox 83.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962
-CVE-2020-26961
- RESERVED
+CVE-2020-26961 (When DNS over HTTPS is in use, it intentionally filters
RFC1918 and re ...)
{DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
@@ -9406,8 +9976,7 @@ CVE-2020-26961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26961
-CVE-2020-26960
- RESERVED
+CVE-2020-26960 (If the Compact() method was called on an nsTArray, the array
could hav ...)
{DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
@@ -9415,8 +9984,7 @@ CVE-2020-26960
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26960
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26960
-CVE-2020-26959
- RESERVED
+CVE-2020-26959 (During browser shutdown, reference decrementing could have
occured on ...)
{DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
@@ -9424,8 +9992,7 @@ CVE-2020-26959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26959
-CVE-2020-26958
- RESERVED
+CVE-2020-26958 (Firefox did not block execution of scripts with incorrect MIME
types w ...)
{DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
@@ -9433,12 +10000,10 @@ CVE-2020-26958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26958
-CVE-2020-26957
- RESERVED
+CVE-2020-26957 (OneCRL was non-functional in the new Firefox for Android due
to a miss ...)
- firefox <not-affected> (Android specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26957
-CVE-2020-26956
- RESERVED
+CVE-2020-26956 (In some cases, removing HTML elements during sanitization
would keep e ...)
{DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
@@ -9446,16 +10011,13 @@ CVE-2020-26956
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26956
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26956
-CVE-2020-26955
- RESERVED
+CVE-2020-26955 (When a user downloaded a file in Firefox for Android, if a
cookie is s ...)
- firefox <not-affected> (Android specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26955
-CVE-2020-26954
- RESERVED
+CVE-2020-26954 (When accepting a malicious intent from other installed apps,
Firefox f ...)
- firefox <not-affected> (Android specific)
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26954
-CVE-2020-26953
- RESERVED
+CVE-2020-26953 (It was possible to cause the browser to enter fullscreen mode
without ...)
{DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
@@ -9463,12 +10025,10 @@ CVE-2020-26953
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26953
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26953
-CVE-2020-26952
- RESERVED
+CVE-2020-26952 (Incorrect bookkeeping of functions inlined during JIT
compilation coul ...)
- firefox 83.0-1
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952
-CVE-2020-26951
- RESERVED
+CVE-2020-26951 (A parsing and event loading mismatch in Firefox's SVG code
could have ...)
{DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1}
- firefox 83.0-1
- firefox-esr 78.5.0esr-1
@@ -9476,8 +10036,7 @@ CVE-2020-26951
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26951
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951
NOTE:
https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26951
-CVE-2020-26950
- RESERVED
+CVE-2020-26950 (In certain circumstances, the MCallGetProperty opcode can be
emitted w ...)
{DSA-4790-1 DSA-4788-1 DLA-2449-1 DLA-2448-1}
- firefox 82.0.3-1
- firefox-esr 78.4.1esr-1
@@ -10970,12 +11529,12 @@ CVE-2020-26258
RESERVED
CVE-2020-26257
RESERVED
-CVE-2020-26256
- RESERVED
-CVE-2020-26255
- RESERVED
-CVE-2020-26254
- RESERVED
+CVE-2020-26256 (Fast-csv is an npm package for parsing and formatting CSVs or
any othe ...)
+ TODO: check
+CVE-2020-26255 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version
3.4.5, and ...)
+ TODO: check
+CVE-2020-26254 (omniauth-apple is the OmniAuth strategy for "Sign In with
Apple" (Ruby ...)
+ TODO: check
CVE-2020-26253 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version
3.3.6, and ...)
NOT-FOR-US: Kirby CMS
CVE-2020-26252
@@ -10984,8 +11543,8 @@ CVE-2020-26251
RESERVED
CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In
oauthent ...)
NOT-FOR-US: JupyterHub login mechanism
-CVE-2020-26249
- RESERVED
+CVE-2020-26249 (Red Discord Bot Dashboard is an easy-to-use interactive web
dashboard ...)
+ TODO: check
CVE-2020-26248 (In the PrestaShop module "productcomments" before version
4.2.1, an at ...)
NOT-FOR-US: PrestaShop module
CVE-2020-26247
@@ -11019,10 +11578,10 @@ CVE-2020-26237 (Highlight.js is a syntax highlighter
written in JavaScript. High
NOTE:
https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0
CVE-2020-26236 (In ScratchVerifier before commit a603769, an attacker can
hijack the v ...)
NOT-FOR-US: ScratchVerifier
-CVE-2020-26234
- RESERVED
-CVE-2020-26233
- RESERVED
+CVE-2020-26234 (Opencast before versions 8.9 and 7.9 disables HTTPS hostname
verificat ...)
+ TODO: check
+CVE-2020-26233 (Git Credential Manager Core (GCM Core) is a secure Git
credential help ...)
+ TODO: check
CVE-2020-26232 (Jupyter Server before version 1.0.6 has an Open redirect
vulnerability ...)
- jupyter-server 1.0.7-1
NOTE:
https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v
@@ -11662,8 +12221,8 @@ CVE-2020-25957
RESERVED
CVE-2020-25956
RESERVED
-CVE-2020-25955
- RESERVED
+CVE-2020-25955 (SourceCodester Student Management System Project in PHP
version 1.0 is ...)
+ TODO: check
CVE-2020-25954
RESERVED
CVE-2020-25953
@@ -11794,8 +12353,8 @@ CVE-2020-25891
RESERVED
CVE-2020-25890 (The web application of Kyocera printer (ECOSYS M2640IDW) is
affected b ...)
NOT-FOR-US: Kyocera printer
-CVE-2020-25889
- RESERVED
+CVE-2020-25889 (Online Bus Booking System Project Using PHP/MySQL version 1.0
has SQL ...)
+ TODO: check
CVE-2020-25888
RESERVED
CVE-2020-25887
@@ -12353,23 +12912,20 @@ CVE-2020-25678
NOTE: https://tracker.ceph.com/issues/37503
CVE-2020-25677 (Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf
with insecu ...)
NOT-FOR-US: ceph Ansible module
-CVE-2020-25676
- RESERVED
+CVE-2020-25676 (In CatromWeights(), MeshInterpolate(),
InterpolatePixelChannel(), Inte ...)
- imagemagick 8:6.9.11.24+dfsg-1
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1732
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/406da3af9e09649cda152663c179902edf5ab3ac
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/94aeb3c40d25aee1051ba8eb3a31601558ef2506
-CVE-2020-25675
- RESERVED
+CVE-2020-25675 (In the CropImage() and CropImageToTiles() routines of
MagickCore/trans ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1731
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/64dc80b2e1907f7f20bf34d4df9483f938b0de71
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/6b169173585127299f4724f7880b575879c7f033
-CVE-2020-25674
- RESERVED
+CVE-2020-25674 (WriteOnePNGImage() from coders/png.c (the PNG coder) has a for
loop wi ...)
- imagemagick 8:6.9.11.24+dfsg-1
[stretch] - imagemagick <postponed> (Minor issue, read heap overflow)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1715
@@ -12404,37 +12960,32 @@ CVE-2020-25668 [concurrency use-after-free in vt]
[buster] - linux 4.19.160-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/30/1
NOTE:
https://git.kernel.org/linus/90bfdeef83f1d6c696039b6a917190dcbbad3220
-CVE-2020-25667
- RESERVED
+CVE-2020-25667 (TIFFGetProfiles() in /coders/tiff.c calls strstr() which
causes a larg ...)
- imagemagick <not-affected> (Introduced in v6.9.10-63 and fixed in
6.9.10-69, no vulnerable version in archive)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1748
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/986b5dff173413fa712db27eb677cdef15f0bab6
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/14ba3e46a66c4799d643c7b959792e185c6599c7
-CVE-2020-25666
- RESERVED
+CVE-2020-25666 (There are 4 places in HistogramCompare() in
MagickCore/histogram.c whe ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <ignored> (Minor issue, UBSAN outside range
warning)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1750
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/94691f00839dbdf43edb1508af945ab19b388573
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/91ae12c57f3b9b23f2072462c27a8378b59f395e
-CVE-2020-25665
- RESERVED
+CVE-2020-25665 (The PALM image coder at coders/palm.c makes an improper call
to Acquir ...)
- imagemagick 8:6.9.11.24+dfsg-1
[buster] - imagemagick <ignored> (Minor issue)
[stretch] - imagemagick <postponed> (Minor issue, read heap overflow)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1714
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/cfd829bd3581b092e0a267b3deba46fa90b9bc88
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/ca80e93cc887fb8971ceba2eead2c74e2b927df4
-CVE-2020-25664
- RESERVED
+CVE-2020-25664 (In WriteOnePNGImage() of the PNG coder at coders/png.c, an
improper ca ...)
- imagemagick 8:6.9.11.24+dfsg-1
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1716
NOTE: ImageMagick:
https://github.com/ImageMagick/ImageMagick/commit/1f450bb5ba53d275de6d1cd086c98a0b549ad393
NOTE: ImageMagick6:
https://github.com/ImageMagick/ImageMagick6/commit/27d3ddedb73f63fa984ff5b4d66e07eef654070f
NOTE: possible incomplete fix, cf. CVE-2020-27752 that applies after
the fix
-CVE-2020-25663
- RESERVED
+CVE-2020-25663 (A call to ConformPixelInfo() in the SetImageAlphaChannel()
routine of ...)
- imagemagick <not-affected> (Vulnerable code introduced in 7.x)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1723
NOTE: Introduced by:
https://github.com/ImageMagick/ImageMagick/commit/0c69c477e65d2a2695278ca614ffb9a3385137bc
(7.0.8-56)
@@ -12589,8 +13140,8 @@ CVE-2020-25629 (A vulnerability was found in Moodle
where users with "Log in as"
- moodle <removed>
CVE-2020-25628 (The filter in the tag manager required extra sanitizing to
prevent a r ...)
- moodle <removed>
-CVE-2020-25627
- RESERVED
+CVE-2020-25627 (The moodlenetprofile user profile field required extra
sanitizing to p ...)
+ TODO: check
CVE-2020-25626 (A flaw was found in Django REST Framework versions before
3.12.0 and b ...)
- djangorestframework 3.12.1-1 (bug #971554)
[buster] - djangorestframework <no-dsa> (Minor issue)
@@ -29143,8 +29694,8 @@ CVE-2020-17533
RESERVED
CVE-2020-17532
RESERVED
-CVE-2020-17531
- RESERVED
+CVE-2020-17531 (A Java Serialization vulnerability was found in Apache
Tapestry 4. Apa ...)
+ TODO: check
CVE-2020-17530
RESERVED
- libstruts1.2-java <not-affected> (Specific to 2.x)
@@ -32134,8 +32685,8 @@ CVE-2020-16130
RESERVED
CVE-2020-16129
RESERVED
-CVE-2020-16128
- RESERVED
+CVE-2020-16128 (The aptdaemon DBus interface disclosed file existence
disclosure by se ...)
+ TODO: check
CVE-2020-16127 (An Ubuntu-specific modification to AccountsService in versions
before ...)
- accountsservice <not-affected> (Ubuntu-specific issue in
0010-set-language.patch)
CVE-2020-16126 (An Ubuntu-specific modification to AccountsService in versions
before ...)
@@ -37480,12 +38031,12 @@ CVE-2020-14209 (Dolibarr before 11.0.5 allows
low-privilege users to upload file
- dolibarr <removed>
CVE-2020-14208 (SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting
(XSS) in t ...)
NOT-FOR-US: SuiteCRM
-CVE-2020-14207
- RESERVED
-CVE-2020-14206
- RESERVED
-CVE-2020-14205
- RESERVED
+CVE-2020-14207 (The DiveBook plugin 1.1.4 for WordPress was prone to a SQL
injection w ...)
+ TODO: check
+CVE-2020-14206 (The DiveBook plugin 1.1.4 for WordPress is prone to
unauthenticated XS ...)
+ TODO: check
+CVE-2020-14205 (The DiveBook plugin 1.1.4 for WordPress is prone to improper
access co ...)
+ TODO: check
CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the
administration portal ...)
NOT-FOR-US: WebFOCUS Business Intelligence
CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site
Request F ...)
@@ -42656,7 +43207,7 @@ CVE-2019-20790 (OpenDMARC through 1.3.2 and 1.4.x, when
used with pypolicyd-spf
NOTE: https://bugs.launchpad.net/pypolicyd-spf/+bug/1838816
NOTE: https://sourceforge.net/p/opendmarc/tickets/235/
NOTE:
https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf
-CVE-2020-12266 (An issue was discovered on WAVLINK WL-WN579G3
M79X3.V5030.180719, WL-W ...)
+CVE-2020-12266 (An issue was discovered where there are multiple externally
accessible ...)
NOT-FOR-US: WAVLINK
CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable
to Arbit ...)
NOT-FOR-US: Node decompress
@@ -47172,7 +47723,7 @@ CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking
metadata and comments on vu
NOTE:
https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/
CVE-2020-10974 (An issue was discovered affecting a backup feature where a
crafted POS ...)
NOT-FOR-US: Wavlink
-CVE-2020-10973 (An issue was discovered on Wavlink WL-WN530HG4
M30HG4.V5030.191116 dev ...)
+CVE-2020-10973 (An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3,
Wavlink ...)
NOT-FOR-US: Wavlink
CVE-2020-10972 (An issue was discovered where a page is exposed that has the
current a ...)
NOT-FOR-US: Wavlink
@@ -49607,8 +50158,8 @@ CVE-2020-10148
RESERVED
CVE-2020-10147
RESERVED
-CVE-2020-10146
- RESERVED
+CVE-2020-10146 (The Microsoft Teams online service contains a stored
cross-site script ...)
+ TODO: check
CVE-2020-10145
RESERVED
CVE-2020-10144
@@ -49915,36 +50466,35 @@ CVE-2020-10029 (The GNU C Library (aka glibc or
libc6) before 2.32 could overflo
NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25487
NOTE:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f
NOTE:
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a
-CVE-2020-9999
- RESERVED
+CVE-2020-9999 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
CVE-2020-9998
RESERVED
CVE-2020-9997 (An information disclosure issue was addressed with improved
state mana ...)
NOT-FOR-US: Apple
-CVE-2020-9996
- RESERVED
+CVE-2020-9996 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
CVE-2020-9995
RESERVED
CVE-2020-9994 (A path handling issue was addressed with improved validation.
This iss ...)
NOT-FOR-US: Apple
-CVE-2020-9993
- RESERVED
+CVE-2020-9993 (The issue was addressed with improved UI handling. This issue
is fixed ...)
+ TODO: check
CVE-2020-9992 (This issue was addressed by encrypting communications over the
network ...)
NOT-FOR-US: Apple
-CVE-2020-9991 [A remote attacker may be able to cause a denial of service on
macOS]
- RESERVED
+CVE-2020-9991 (This issue was addressed with improved checks. This issue is
fixed in ...)
- sqlite3 <undetermined>
NOTE: No details available due to typical Apple intransparency
NOTE: https://support.apple.com/en-us/HT211931
NOTE:
https://www.rapid7.com/db/vulnerabilities/apple-osx-sqlite-cve-2020-9991/
CVE-2020-9990 (A race condition was addressed with additional validation. This
issue ...)
NOT-FOR-US: Apple
-CVE-2020-9989
- RESERVED
-CVE-2020-9988
- RESERVED
-CVE-2020-9987
- RESERVED
+CVE-2020-9989 (The issue was addressed with improved deletion. This issue is
fixed in ...)
+ TODO: check
+CVE-2020-9988 (The issue was addressed with improved deletion. This issue is
fixed in ...)
+ TODO: check
+CVE-2020-9987 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
CVE-2020-9986 (A file access issue existed with certain home folder files.
This was a ...)
NOT-FOR-US: Apple
CVE-2020-9985 (A buffer overflow issue was addressed with improved memory
handling. T ...)
@@ -49960,44 +50510,44 @@ CVE-2020-9983 (An out-of-bounds write issue was
addressed with improved bounds c
NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
CVE-2020-9982 (This issue was addressed with improved checks to prevent
unauthorized ...)
NOT-FOR-US: Apple
-CVE-2020-9981
- RESERVED
+CVE-2020-9981 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds
checki ...)
NOT-FOR-US: Apple
CVE-2020-9979 (A trust issue was addressed by removing a legacy API. This
issue is fi ...)
NOT-FOR-US: Apple
CVE-2020-9978
RESERVED
-CVE-2020-9977
- RESERVED
+CVE-2020-9977 (A validation issue existed in the entitlement verification.
This issue ...)
+ TODO: check
CVE-2020-9976 (A logic issue was addressed with improved state management.
This issue ...)
NOT-FOR-US: Apple
CVE-2020-9975
RESERVED
-CVE-2020-9974
- RESERVED
+CVE-2020-9974 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
CVE-2020-9973 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2020-9972
- RESERVED
+CVE-2020-9972 (A buffer overflow issue was addressed with improved memory
handling. T ...)
+ TODO: check
CVE-2020-9971
RESERVED
CVE-2020-9970
RESERVED
-CVE-2020-9969
- RESERVED
+CVE-2020-9969 (An access issue was addressed with additional sandbox
restrictions. Th ...)
+ TODO: check
CVE-2020-9968 (A logic issue was addressed with improved restrictions. This
issue is ...)
NOT-FOR-US: Apple
CVE-2020-9967
RESERVED
-CVE-2020-9966
- RESERVED
-CVE-2020-9965
- RESERVED
+CVE-2020-9966 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
+CVE-2020-9965 (An out-of-bounds read was addressed with improved input
validation. Th ...)
+ TODO: check
CVE-2020-9964 (A memory initialization issue was addressed with improved
memory handl ...)
NOT-FOR-US: Apple
-CVE-2020-9963
- RESERVED
+CVE-2020-9963 (The issue was addressed with improved handling of icon caches.
This is ...)
+ TODO: check
CVE-2020-9962
RESERVED
CVE-2020-9961 (An out-of-bounds read was addressed with improved input
validation. Th ...)
@@ -50014,8 +50564,8 @@ CVE-2020-9956
RESERVED
CVE-2020-9955
RESERVED
-CVE-2020-9954
- RESERVED
+CVE-2020-9954 (A buffer overflow issue was addressed with improved memory
handling. T ...)
+ TODO: check
CVE-2020-9953
RESERVED
CVE-2020-9952 (An input validation issue was addressed with improved input
validation ...)
@@ -50032,10 +50582,10 @@ CVE-2020-9951 (A use after free issue was addressed
with improved memory managem
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.30.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
-CVE-2020-9950
- RESERVED
-CVE-2020-9949
- RESERVED
+CVE-2020-9950 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
+CVE-2020-9949 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
CVE-2020-9948 (A type confusion issue was addressed with improved memory
handling. Th ...)
{DSA-4797-1}
- webkit2gtk 2.30.1-1
@@ -50043,18 +50593,18 @@ CVE-2020-9948 (A type confusion issue was addressed
with improved memory handlin
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.30.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0008.html
-CVE-2020-9947
- RESERVED
+CVE-2020-9947 (A use after free issue was addressed with improved memory
management. ...)
+ TODO: check
CVE-2020-9946 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
-CVE-2020-9945
- RESERVED
-CVE-2020-9944
- RESERVED
-CVE-2020-9943
- RESERVED
-CVE-2020-9942
- RESERVED
+CVE-2020-9945 (A spoofing issue existed in the handling of URLs. This issue
was addre ...)
+ TODO: check
+CVE-2020-9944 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2020-9943 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2020-9942 (An inconsistent user interface issue was addressed with
improved state ...)
+ TODO: check
CVE-2020-9941 (This issue was addressed with improved checks. This issue is
fixed in ...)
NOT-FOR-US: Apple
CVE-2020-9940 (A buffer overflow issue was addressed with improved memory
handling. T ...)
@@ -50098,8 +50648,8 @@ CVE-2020-9924 (A logic issue was addressed with
improved state management. This
NOT-FOR-US: Apple
CVE-2020-9923 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
-CVE-2020-9922
- RESERVED
+CVE-2020-9922 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
CVE-2020-9921 (A memory corruption issue was addressed with improved memory
handling. ...)
NOT-FOR-US: Apple
CVE-2020-9920 (A path handling issue was addressed with improved validation.
This iss ...)
@@ -50274,8 +50824,7 @@ CVE-2020-9850 (A logic issue was addressed with
improved restrictions. This issu
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.28.3-1
NOTE: https://webkitgtk.org/security/WSA-2020-0006.html
-CVE-2020-9849 [An information disclosure issue was addressed with improved
state management]
- RESERVED
+CVE-2020-9849 (An information disclosure issue was addressed with improved
state mana ...)
- sqlite3 <undetermined>
NOTE: No details available due to typical Apple intransparency
NOTE: https://support.apple.com/en-us/HT211931
@@ -50502,38 +51051,38 @@ CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE
WebKit through 2.26.4 (which ar
[jessie] - webkit2gtk <ignored> (Not covered by security support in
jessie)
- wpewebkit 2.28.0-1
NOTE: https://webkitgtk.org/security/WSA-2020-0003.html
-CVE-2020-10017
- RESERVED
-CVE-2020-10016
- RESERVED
+CVE-2020-10017 (An out-of-bounds write was addressed with improved input
validation. T ...)
+ TODO: check
+CVE-2020-10016 (A memory corruption issue was addressed with improved state
management ...)
+ TODO: check
CVE-2020-10015
RESERVED
-CVE-2020-10014
- RESERVED
-CVE-2020-10013
- RESERVED
-CVE-2020-10012
- RESERVED
-CVE-2020-10011
- RESERVED
-CVE-2020-10010
- RESERVED
-CVE-2020-10009
- RESERVED
+CVE-2020-10014 (A parsing issue in the handling of directory paths was
addressed with ...)
+ TODO: check
+CVE-2020-10013 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2020-10012 (An access issue was addressed with improved access
restrictions. This ...)
+ TODO: check
+CVE-2020-10011 (An out-of-bounds read was addressed with improved bounds
checking. Thi ...)
+ TODO: check
+CVE-2020-10010 (A path handling issue was addressed with improved validation.
This iss ...)
+ TODO: check
+CVE-2020-10009 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
CVE-2020-10008
RESERVED
-CVE-2020-10007
- RESERVED
-CVE-2020-10006
- RESERVED
+CVE-2020-10007 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2020-10006 (This issue was addressed with improved entitlements. This
issue is fix ...)
+ TODO: check
CVE-2020-10005
RESERVED
-CVE-2020-10004
- RESERVED
-CVE-2020-10003
- RESERVED
-CVE-2020-10002
- RESERVED
+CVE-2020-10004 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
+CVE-2020-10003 (An issue existed within the path validation logic for
symlinks. This i ...)
+ TODO: check
+CVE-2020-10002 (A logic issue was addressed with improved state management.
This issue ...)
+ TODO: check
CVE-2020-10001
RESERVED
CVE-2020-10000
@@ -70887,8 +71436,8 @@ CVE-2020-1973
RESERVED
CVE-2020-1972
RESERVED
-CVE-2020-1971 [EDIPARTYNAME NULL pointer de-reference]
- RESERVED
+CVE-2020-1971 (The X.509 GeneralName type is a generic type for representing
differen ...)
+ {DSA-4807-1}
- openssl 1.1.1i-1
- openssl1.0 <removed>
NOTE: https://www.openssl.org/news/secadv/20201208.txt
@@ -106335,7 +106884,7 @@ CVE-2019-9515 (Some HTTP/2 implementations are
vulnerable to a settings flood, p
NOTE: https://github.com/h2o/h2o/issues/2090
NOTE:
https://github.com/h2o/h2o/commit/743d6b6118c29b75d0b84ef7950a2721c32dfe3f
CVE-2019-9514 (Some HTTP/2 implementations are vulnerable to a reset flood,
potential ...)
- {DSA-4669-1 DSA-4520-1 DSA-4508-1 DSA-4503-1}
+ {DSA-4669-1 DSA-4520-1 DSA-4508-1 DSA-4503-1 DLA-2485-1}
- golang-1.13 1.13~beta1-3 (bug #934955)
- golang-1.12 1.12.8-1
- golang-1.11 1.11.13-1
@@ -106375,7 +106924,7 @@ CVE-2019-9513 (Some HTTP/2 implementations are
vulnerable to resource loops, pot
NOTE:
https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/
NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2
CVE-2019-9512 (Some HTTP/2 implementations are vulnerable to ping floods,
potentially ...)
- {DSA-4520-1 DSA-4508-1 DSA-4503-1}
+ {DSA-4520-1 DSA-4508-1 DSA-4503-1 DLA-2485-1}
- golang-1.13 1.13~beta1-3 (bug #934955)
- golang-1.12 1.12.8-1
- golang-1.11 1.11.13-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/420593ef2b06bd335ab2de9b664257258e4cd351
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/420593ef2b06bd335ab2de9b664257258e4cd351
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
