[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Tue Aug 18 09:10:20 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
b9c8d891 by security tracker role at 2020-08-18T08:10:12+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -16580,7 +16580,7 @@ CVE-2020-16147
RESERVED
CVE-2020-16146
RESERVED
-CVE-2020-16145 (Roundcube Webmail before 1.4.8 allows stored XSS in HTML messages duri ...)
+CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ...)
{DSA-4744-1 DLA-2322-1}
- roundcube 1.4.8+dfsg.1-1 (bug #968216)
NOTE: https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 (1.4.8)
@@ -18946,8 +18946,8 @@ CVE-2020-15154
RESERVED
CVE-2020-15153
RESERVED
-CVE-2020-15152
- RESERVED
+CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Side Req ...)
+ TODO: check
CVE-2020-15151
RESERVED
CVE-2020-15150
@@ -22174,8 +22174,8 @@ CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6
NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/4
NOTE: https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e (8.5.57)
NOTE: https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399 (9.0.37)
-CVE-2020-13933
- RESERVED
+CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ...)
+ TODO: check
CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT p ...)
NOT-FOR-US: Apache ActiveMQ Artemis
NOTE: https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt
@@ -24066,8 +24066,8 @@ CVE-2020-13185
RESERVED
CVE-2020-13184
RESERVED
-CVE-2020-13183
- RESERVED
+CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management Console pr ...)
+ TODO: check
CVE-2020-13182
RESERVED
CVE-2020-13181
@@ -24753,7 +24753,7 @@ CVE-2020-12869
CVE-2020-12868
RESERVED
CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...)
- {DLA-2231-1}
+ {DLA-2332-1 DLA-2231-1}
[experimental] - sane-backends 1.0.30-1~experimental1
- sane-backends <unfixed> (bug #961302)
[buster] - sane-backends <no-dsa> (Minor issue)
@@ -24773,6 +24773,7 @@ CVE-2020-12866 (A NULL pointer dereference in SANE Backends before 1.0.30 allows
NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access)
NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix)
CVE-2020-12865 (A heap buffer overflow in SANE Backends before 1.0.30 may allow a mali ...)
+ {DLA-2332-1}
[experimental] - sane-backends 1.0.30-1~experimental1
- sane-backends <unfixed> (bug #961302)
[buster] - sane-backends <no-dsa> (Minor issue)
@@ -24793,6 +24794,7 @@ CVE-2020-12864 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a
NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access)
NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix)
CVE-2020-12863 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...)
+ {DLA-2332-1}
[experimental] - sane-backends 1.0.30-1~experimental1
- sane-backends <unfixed> (bug #961302)
[buster] - sane-backends <no-dsa> (Minor issue)
@@ -24802,6 +24804,7 @@ CVE-2020-12863 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a
NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html
NOTE: https://gitlab.com/sane-project/backends/-/commit/db9480b09ea807e52029f2334769a55d4b95e45b (1.0.30)
CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...)
+ {DLA-2332-1}
[experimental] - sane-backends 1.0.30-1~experimental1
- sane-backends <unfixed> (bug #961302)
[buster] - sane-backends <no-dsa> (Minor issue)
@@ -25778,8 +25781,8 @@ CVE-2020-12482
RESERVED
CVE-2020-12481
RESERVED
-CVE-2020-12480
- RESERVED
+CVE-2020-12480 (In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed ...)
+ TODO: check
CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...)
- teampass <itp> (bug #730180)
CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...)
@@ -48971,7 +48974,7 @@ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4
NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/
CVE-2019-19949 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
- {DSA-4712-1 DLA-2049-1}
+ {DSA-4712-1 DLA-2333-1 DLA-2049-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #947309)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1561
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d17c047f7bff7c0edbf304470cd2ab9d02fbf617 (7.x)
@@ -57557,8 +57560,8 @@ CVE-2020-1599
RESERVED
CVE-2020-1598
RESERVED
-CVE-2020-1597
- RESERVED
+CVE-2020-1597 (A denial of service vulnerability exists when ASP.NET Core improperly ...)
+ TODO: check
CVE-2020-1596
RESERVED
CVE-2020-1595
@@ -57569,262 +57572,262 @@ CVE-2020-1593
RESERVED
CVE-2020-1592
RESERVED
-CVE-2020-1591
- RESERVED
+CVE-2020-1591 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ TODO: check
CVE-2020-1590
RESERVED
CVE-2020-1589
RESERVED
CVE-2020-1588
RESERVED
-CVE-2020-1587
- RESERVED
+CVE-2020-1587 (An elevation of privilege vulnerability exists when the Windows Ancill ...)
+ TODO: check
CVE-2020-1586
RESERVED
-CVE-2020-1585
- RESERVED
-CVE-2020-1584
- RESERVED
-CVE-2020-1583
- RESERVED
-CVE-2020-1582
- RESERVED
-CVE-2020-1581
- RESERVED
-CVE-2020-1580
- RESERVED
-CVE-2020-1579
- RESERVED
-CVE-2020-1578
- RESERVED
-CVE-2020-1577
- RESERVED
+CVE-2020-1585 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ TODO: check
+CVE-2020-1584 (An elevation of privilege vulnerability exists in the way that the dns ...)
+ TODO: check
+CVE-2020-1583 (An information disclosure vulnerability exists when Microsoft Word imp ...)
+ TODO: check
+CVE-2020-1582 (A remote code execution vulnerability exists in Microsoft Access softw ...)
+ TODO: check
+CVE-2020-1581 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ TODO: check
+CVE-2020-1580 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ TODO: check
+CVE-2020-1579 (An elevation of privilege vulnerability exists when the Windows Functi ...)
+ TODO: check
+CVE-2020-1578 (An information disclosure vulnerability exists in the Windows kernel t ...)
+ TODO: check
+CVE-2020-1577 (An information disclosure vulnerability exists when DirectWrite improp ...)
+ TODO: check
CVE-2020-1576
RESERVED
CVE-2020-1575
RESERVED
-CVE-2020-1574
- RESERVED
-CVE-2020-1573
- RESERVED
+CVE-2020-1574 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ TODO: check
+CVE-2020-1573 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ TODO: check
CVE-2020-1572
RESERVED
-CVE-2020-1571
- RESERVED
-CVE-2020-1570
- RESERVED
-CVE-2020-1569
- RESERVED
-CVE-2020-1568
- RESERVED
-CVE-2020-1567
- RESERVED
-CVE-2020-1566
- RESERVED
-CVE-2020-1565
- RESERVED
-CVE-2020-1564
- RESERVED
-CVE-2020-1563
- RESERVED
-CVE-2020-1562
- RESERVED
-CVE-2020-1561
- RESERVED
-CVE-2020-1560
- RESERVED
+CVE-2020-1571 (An elevation of privilege vulnerability exists in Windows Setup in the ...)
+ TODO: check
+CVE-2020-1570 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
+CVE-2020-1569 (A remote code execution vulnerability exists when Microsoft Edge impro ...)
+ TODO: check
+CVE-2020-1568 (A remote code execution vulnerability exists when Microsoft Edge PDF R ...)
+ TODO: check
+CVE-2020-1567 (A remote code execution vulnerability exists in the way that the MSHTM ...)
+ TODO: check
+CVE-2020-1566 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2020-1565 (An elevation of privilege vulnerability exists when the "Publ ...)
+ TODO: check
+CVE-2020-1564 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ TODO: check
+CVE-2020-1563 (A remote code execution vulnerability exists in Microsoft Office softw ...)
+ TODO: check
+CVE-2020-1562 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ TODO: check
+CVE-2020-1561 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ TODO: check
+CVE-2020-1560 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ TODO: check
CVE-2020-1559
RESERVED
-CVE-2020-1558
- RESERVED
-CVE-2020-1557
- RESERVED
-CVE-2020-1556
- RESERVED
-CVE-2020-1555
- RESERVED
-CVE-2020-1554
- RESERVED
-CVE-2020-1553
- RESERVED
-CVE-2020-1552
- RESERVED
-CVE-2020-1551
- RESERVED
-CVE-2020-1550
- RESERVED
-CVE-2020-1549
- RESERVED
-CVE-2020-1548
- RESERVED
-CVE-2020-1547
- RESERVED
-CVE-2020-1546
- RESERVED
-CVE-2020-1545
- RESERVED
-CVE-2020-1544
- RESERVED
-CVE-2020-1543
- RESERVED
-CVE-2020-1542
- RESERVED
-CVE-2020-1541
- RESERVED
-CVE-2020-1540
- RESERVED
-CVE-2020-1539
- RESERVED
-CVE-2020-1538
- RESERVED
-CVE-2020-1537
- RESERVED
-CVE-2020-1536
- RESERVED
-CVE-2020-1535
- RESERVED
-CVE-2020-1534
- RESERVED
-CVE-2020-1533
- RESERVED
+CVE-2020-1558 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ TODO: check
+CVE-2020-1557 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ TODO: check
+CVE-2020-1556 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-1555 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
+CVE-2020-1554 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ TODO: check
+CVE-2020-1553 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
+ TODO: check
+CVE-2020-1552 (An elevation of privilege vulnerability exists when the Windows Work F ...)
+ TODO: check
+CVE-2020-1551 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1550 (An elevation of privilege vulnerability exists when the Windows CDP Us ...)
+ TODO: check
+CVE-2020-1549 (An elevation of privilege vulnerability exists when the Windows CDP Us ...)
+ TODO: check
+CVE-2020-1548 (An information disclosure vulnerability exists when the Windows WaasMe ...)
+ TODO: check
+CVE-2020-1547 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1546 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1545 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1544 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1543 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1542 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1541 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1540 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1539 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1538 (An elevation of privilege vulnerability exists when the Windows UPnP D ...)
+ TODO: check
+CVE-2020-1537 (An elevation of privilege vulnerability exists when the Windows Remote ...)
+ TODO: check
+CVE-2020-1536 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1535 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1534 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-1533 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
CVE-2020-1532
RESERVED
-CVE-2020-1531
- RESERVED
-CVE-2020-1530
- RESERVED
-CVE-2020-1529
- RESERVED
-CVE-2020-1528
- RESERVED
-CVE-2020-1527
- RESERVED
-CVE-2020-1526
- RESERVED
-CVE-2020-1525
- RESERVED
-CVE-2020-1524
- RESERVED
+CVE-2020-1531 (An elevation of privilege vulnerability exists when the Windows Accoun ...)
+ TODO: check
+CVE-2020-1530 (An elevation of privilege vulnerability exists when Windows Remote Acc ...)
+ TODO: check
+CVE-2020-1529 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-1528 (An elevation of privilege vulnerability exists when the Windows Radio ...)
+ TODO: check
+CVE-2020-1527 (An elevation of privilege vulnerability exists when the Windows Custom ...)
+ TODO: check
+CVE-2020-1526 (An elevation of privilege vulnerability exists when the Windows Networ ...)
+ TODO: check
+CVE-2020-1525 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ TODO: check
+CVE-2020-1524 (An elevation of privilege vulnerability exists when the Windows Speech ...)
+ TODO: check
CVE-2020-1523
RESERVED
-CVE-2020-1522
- RESERVED
-CVE-2020-1521
- RESERVED
-CVE-2020-1520
- RESERVED
-CVE-2020-1519
- RESERVED
-CVE-2020-1518
- RESERVED
-CVE-2020-1517
- RESERVED
-CVE-2020-1516
- RESERVED
-CVE-2020-1515
- RESERVED
+CVE-2020-1522 (An elevation of privilege vulnerability exists when the Windows Speech ...)
+ TODO: check
+CVE-2020-1521 (An elevation of privilege vulnerability exists when the Windows Speech ...)
+ TODO: check
+CVE-2020-1520 (A remote code execution vulnerability exists when the Windows Font Dri ...)
+ TODO: check
+CVE-2020-1519 (An elevation of privilege vulnerability exists when the Windows UPnP D ...)
+ TODO: check
+CVE-2020-1518 (An elevation of privilege vulnerability exists when the Windows File S ...)
+ TODO: check
+CVE-2020-1517 (An elevation of privilege vulnerability exists when the Windows File S ...)
+ TODO: check
+CVE-2020-1516 (An elevation of privilege vulnerability exists when the Windows Work F ...)
+ TODO: check
+CVE-2020-1515 (An elevation of privilege vulnerability exists when the Windows Teleph ...)
+ TODO: check
CVE-2020-1514
RESERVED
-CVE-2020-1513
- RESERVED
-CVE-2020-1512
- RESERVED
-CVE-2020-1511
- RESERVED
-CVE-2020-1510
- RESERVED
-CVE-2020-1509
- RESERVED
+CVE-2020-1513 (An elevation of privilege vulnerability exists when the Windows CSC Se ...)
+ TODO: check
+CVE-2020-1512 (An information disclosure vulnerability exists when the Windows State ...)
+ TODO: check
+CVE-2020-1511 (An elevation of privilege vulnerability exists when Connected User Exp ...)
+ TODO: check
+CVE-2020-1510 (An information disclosure vulnerability exists when the win32k compone ...)
+ TODO: check
+CVE-2020-1509 (An elevation of privilege vulnerability exists in the Local Security A ...)
+ TODO: check
CVE-2020-1508
RESERVED
CVE-2020-1507
RESERVED
CVE-2020-1506
RESERVED
-CVE-2020-1505
- RESERVED
-CVE-2020-1504
- RESERVED
-CVE-2020-1503
- RESERVED
-CVE-2020-1502
- RESERVED
-CVE-2020-1501
- RESERVED
-CVE-2020-1500
- RESERVED
-CVE-2020-1499
- RESERVED
-CVE-2020-1498
- RESERVED
-CVE-2020-1497
- RESERVED
-CVE-2020-1496
- RESERVED
-CVE-2020-1495
- RESERVED
-CVE-2020-1494
- RESERVED
-CVE-2020-1493
- RESERVED
-CVE-2020-1492
- RESERVED
+CVE-2020-1505 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ TODO: check
+CVE-2020-1504 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2020-1503 (An information disclosure vulnerability exists when Microsoft Word imp ...)
+ TODO: check
+CVE-2020-1502 (An information disclosure vulnerability exists when Microsoft Word imp ...)
+ TODO: check
+CVE-2020-1501 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
+ TODO: check
+CVE-2020-1500 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
+ TODO: check
+CVE-2020-1499 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...)
+ TODO: check
+CVE-2020-1498 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2020-1497 (An information disclosure vulnerability exists when Microsoft Excel im ...)
+ TODO: check
+CVE-2020-1496 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2020-1495 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2020-1494 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2020-1493 (An information disclosure vulnerability exists when attaching files to ...)
+ TODO: check
+CVE-2020-1492 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ TODO: check
CVE-2020-1491
RESERVED
-CVE-2020-1490
- RESERVED
-CVE-2020-1489
- RESERVED
-CVE-2020-1488
- RESERVED
-CVE-2020-1487
- RESERVED
-CVE-2020-1486
- RESERVED
-CVE-2020-1485
- RESERVED
-CVE-2020-1484
- RESERVED
-CVE-2020-1483
- RESERVED
+CVE-2020-1490 (An elevation of privilege vulnerability exists when the Storage Servic ...)
+ TODO: check
+CVE-2020-1489 (An elevation of privilege vulnerability exists when the Windows CSC Se ...)
+ TODO: check
+CVE-2020-1488 (An elevation of privilege vulnerability exists when the Windows AppX D ...)
+ TODO: check
+CVE-2020-1487 (An information disclosure vulnerability exists when Media Foundation i ...)
+ TODO: check
+CVE-2020-1486 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2020-1485 (An information disclosure vulnerability exists when the Windows Image ...)
+ TODO: check
+CVE-2020-1484 (An elevation of privilege vulnerability exists when the Windows Work F ...)
+ TODO: check
+CVE-2020-1483 (A remote code execution vulnerability exists in Microsoft Outlook when ...)
+ TODO: check
CVE-2020-1482
RESERVED
CVE-2020-1481 (A remote code execution vulnerability exists in the ESLint extension f ...)
NOT-FOR-US: Microsoft
-CVE-2020-1480
- RESERVED
-CVE-2020-1479
- RESERVED
-CVE-2020-1478
- RESERVED
-CVE-2020-1477
- RESERVED
-CVE-2020-1476
- RESERVED
-CVE-2020-1475
- RESERVED
-CVE-2020-1474
- RESERVED
-CVE-2020-1473
- RESERVED
-CVE-2020-1472
- RESERVED
+CVE-2020-1480 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-1479 (An elevation of privilege vulnerability exists when DirectX improperly ...)
+ TODO: check
+CVE-2020-1478 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ TODO: check
+CVE-2020-1477 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ TODO: check
+CVE-2020-1476 (An elevation of privilege vulnerability exists when ASP.NET or .NET we ...)
+ TODO: check
+CVE-2020-1475 (An elevation of privilege vulnerability exists in the way that the srm ...)
+ TODO: check
+CVE-2020-1474 (An information disclosure vulnerability exists when the Windows Image ...)
+ TODO: check
+CVE-2020-1473 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ TODO: check
+CVE-2020-1472 (An elevation of privilege vulnerability exists when an attacker establ ...)
+ TODO: check
CVE-2020-1471
RESERVED
-CVE-2020-1470
- RESERVED
+CVE-2020-1470 (An elevation of privilege vulnerability exists when the Windows Work F ...)
+ TODO: check
CVE-2020-1469 (A denial of service vulnerability exists when the .NET implementation ...)
NOT-FOR-US: Microsoft
CVE-2020-1468 (An information disclosure vulnerability exists when the Windows GDI co ...)
NOT-FOR-US: Microsoft
-CVE-2020-1467
- RESERVED
-CVE-2020-1466
- RESERVED
+CVE-2020-1467 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ TODO: check
+CVE-2020-1466 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...)
+ TODO: check
CVE-2020-1465 (An elevation of privilege vulnerability exists in Microsoft OneDrive t ...)
NOT-FOR-US: Microsoft
-CVE-2020-1464
- RESERVED
+CVE-2020-1464 (A spoofing vulnerability exists when Windows incorrectly validates fil ...)
+ TODO: check
CVE-2020-1463 (An elevation of privilege vulnerability exists in the way that the Sha ...)
NOT-FOR-US: Microsoft
CVE-2020-1462 (An information disclosure vulnerability exists when Skype for Business ...)
@@ -57833,16 +57836,16 @@ CVE-2020-1461 (An elevation of privilege vulnerability exists when the MpSigStub
NOT-FOR-US: Microsoft
CVE-2020-1460
RESERVED
-CVE-2020-1459
- RESERVED
+CVE-2020-1459 (An information disclosure vulnerability exists on ARM implementations ...)
+ TODO: check
CVE-2020-1458 (A remote code execution vulnerability exists when Microsoft Office imp ...)
NOT-FOR-US: Microsoft
CVE-2020-1457 (A remote code execution vulnerability exists in the way that Microsoft ...)
NOT-FOR-US: Microsoft
CVE-2020-1456 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
NOT-FOR-US: Microsoft
-CVE-2020-1455
- RESERVED
+CVE-2020-1455 (A denial of service vulnerability exists when Microsoft SQL Server Man ...)
+ TODO: check
CVE-2020-1454 (This vulnerability is caused when SharePoint Server does not properly ...)
NOT-FOR-US: Microsoft
CVE-2020-1453
@@ -57917,8 +57920,8 @@ CVE-2020-1419 (An information disclosure vulnerability exists when the Windows k
NOT-FOR-US: Microsoft
CVE-2020-1418 (An elevation of privilege vulnerability exists when the Windows Diagno ...)
NOT-FOR-US: Microsoft
-CVE-2020-1417
- RESERVED
+CVE-2020-1417 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ TODO: check
CVE-2020-1416 (An elevation of privilege vulnerability exists in Visual Studio and Vi ...)
NOT-FOR-US: Microsoft
CVE-2020-1415 (An elevation of privilege vulnerability exists when the Windows Runtim ...)
@@ -57985,20 +57988,20 @@ CVE-2020-1385 (An elevation of privilege vulnerability exists in the way that th
NOT-FOR-US: Microsoft
CVE-2020-1384 (An elevation of privilege vulnerability exists when the Windows Crypto ...)
NOT-FOR-US: Microsoft
-CVE-2020-1383
- RESERVED
+CVE-2020-1383 (An information disclosure vulnerability exists in RPC if the server ha ...)
+ TODO: check
CVE-2020-1382 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
NOT-FOR-US: Microsoft
CVE-2020-1381 (An elevation of privilege vulnerability exists when the Windows Graphi ...)
NOT-FOR-US: Microsoft
-CVE-2020-1380
- RESERVED
-CVE-2020-1379
- RESERVED
-CVE-2020-1378
- RESERVED
-CVE-2020-1377
- RESERVED
+CVE-2020-1380 (A remote code execution vulnerability exists in the way that the scrip ...)
+ TODO: check
+CVE-2020-1379 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ TODO: check
+CVE-2020-1378 (An elevation of privilege vulnerability exists when the Windows Kernel ...)
+ TODO: check
+CVE-2020-1377 (An elevation of privilege vulnerability exists when the Windows Kernel ...)
+ TODO: check
CVE-2020-1376
RESERVED
CVE-2020-1375 (An elevation of privilege vulnerability exists when Windows improperly ...)
@@ -58073,12 +58076,12 @@ CVE-2020-1341
RESERVED
CVE-2020-1340 (A spoofing vulnerability exists when the NuGetGallery does not properl ...)
NOT-FOR-US: Microsoft
-CVE-2020-1339
- RESERVED
+CVE-2020-1339 (A remote code execution vulnerability exists when Windows Media Audio ...)
+ TODO: check
CVE-2020-1338
RESERVED
-CVE-2020-1337
- RESERVED
+CVE-2020-1337 (An elevation of privilege vulnerability exists when the Windows Print ...)
+ TODO: check
CVE-2020-1336 (An elevation of privilege vulnerability exists in the way that the Win ...)
NOT-FOR-US: Microsoft
CVE-2020-1335
@@ -58387,8 +58390,8 @@ CVE-2020-1184 (An elevation of privilege vulnerability exists when the Windows S
NOT-FOR-US: Microsoft
CVE-2020-1183 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
NOT-FOR-US: Microsoft
-CVE-2020-1182
- RESERVED
+CVE-2020-1182 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
+ TODO: check
CVE-2020-1181 (A remote code execution vulnerability exists in Microsoft SharePoint S ...)
NOT-FOR-US: Microsoft
CVE-2020-1180
@@ -58659,8 +58662,8 @@ CVE-2020-1048 (An elevation of privilege vulnerability exists when the Windows P
NOT-FOR-US: Microsoft
CVE-2020-1047
RESERVED
-CVE-2020-1046
- RESERVED
+CVE-2020-1046 (A remote code execution vulnerability exists when Microsoft .NET Frame ...)
+ TODO: check
CVE-2020-1045
RESERVED
CVE-2020-1044
@@ -59543,8 +59546,8 @@ CVE-2020-0606 (A remote code execution vulnerability exists in .NET software whe
NOT-FOR-US: Microsoft
CVE-2020-0605 (A remote code execution vulnerability exists in .NET software when the ...)
NOT-FOR-US: Microsoft
-CVE-2020-0604
- RESERVED
+CVE-2020-0604 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
+ TODO: check
CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core software ...)
NOT-FOR-US: Microsoft
CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core improperly ...)
@@ -71400,7 +71403,7 @@ CVE-2019-14982 (In Exiv2 before v0.27.2, there is an integer overflow vulnerabil
NOTE: https://github.com/Exiv2/exiv2/issues/960
NOTE: https://github.com/Exiv2/exiv2/pull/962/commits/e925bc5addd881543fa503470c8a859e112cca62
CVE-2019-14981 (In ImageMagick 7.x before 7.0.8-41 and 6.x before 6.9.10-41, there is ...)
- {DSA-4712-1 DLA-1968-1}
+ {DSA-4712-1 DLA-2333-1 DLA-1968-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #955025)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1552
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b522d2d857d2f75b659936b59b0da9df1682c256
@@ -77544,7 +77547,7 @@ CVE-2019-13455 (In Xymon through 4.3.28, a stack-based buffer overflow vulnerabi
[stretch] - xymon 4.3.28-2+deb9u1
NOTE: https://lists.xymon.com/archive/2019-July/046570.html
CVE-2019-13454 (ImageMagick 7.0.8-54 Q16 allows Division by Zero in RemoveDuplicateLay ...)
- {DSA-4712-1}
+ {DSA-4712-1 DLA-2333-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931740)
[jessie] - imagemagick <ignored> (low impact issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1629
@@ -77977,7 +77980,7 @@ CVE-2019-13298 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer overflow at Mag
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1611
NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4fc44b58a14f76b1ac997517d742ee12c9dc5d3
CVE-2019-13297 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
- {DSA-4712-1 DLA-1888-1}
+ {DSA-4712-1 DLA-2333-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931455)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1609
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/35c7032723d85eee7318ff6c82f031fa2666b773
@@ -77988,7 +77991,7 @@ CVE-2019-13296 (ImageMagick 7.0.8-50 Q16 has direct memory leaks in AcquireMagic
NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce08a3691a8ac29125e29fc41967b3737fa3f425
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1604
CVE-2019-13295 (ImageMagick 7.0.8-50 Q16 has a heap-based buffer over-read at MagickCo ...)
- {DSA-4712-1 DLA-1888-1}
+ {DSA-4712-1 DLA-2333-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931457)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1608
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/55e6dc49f1a381d9d511ee2f888fdc3e3c3e3953
@@ -78886,19 +78889,19 @@ CVE-2019-12980 (In Ming (aka libming) 0.4.8, there is an integer overflow (cause
- ming <removed>
NOTE: https://github.com/libming/libming/pull/179/commits/2223f7a1e431455a1411bee77c90db94a6f8e8fe
CVE-2019-12979 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- {DSA-4712-1}
+ {DSA-4712-1 DLA-2333-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #931189)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1522
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/27b1c74979ac473a430e266ff6c4b645664bc805
CVE-2019-12978 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- {DSA-4712-1}
+ {DSA-4712-1 DLA-2333-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931190)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1519
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/ae1ded6140bfa8ae9f6dcba5413b72d98ed94614
CVE-2019-12977 (ImageMagick 7.0.8-34 has a "use of uninitialized value" vulnerability ...)
- {DSA-4712-1}
+ {DSA-4712-1 DLA-2333-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931191)
[jessie] - imagemagick <ignored> (minor security impact)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1518
@@ -78915,7 +78918,7 @@ CVE-2019-12975 (ImageMagick 7.0.8-34 has a memory leak vulnerability in the Writ
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/c01d8b02f3fa912a320ddad07a03212822f267ec
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b9c3aa197020ca091a21145cf46855afd4ddcb07
CVE-2019-12974 (A NULL pointer dereference in the function ReadPANGOImage in coders/pa ...)
- {DSA-4712-1 DLA-1888-1}
+ {DSA-4712-1 DLA-2333-1 DLA-1888-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #931196)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1515
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/b4391bdd60df0a77e97a6ef1674f2ffef0e19e24
@@ -82836,7 +82839,7 @@ CVE-2019-11598 (In ImageMagick 7.0.8-40 Q16, there is a heap-based buffer over-r
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1540#issuecomment-491504100
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/dd8efbac0b7fa9dd2da527ea3f629f39bf1c02cb
CVE-2019-11597 (In ImageMagick 7.0.8-43 Q16, there is a heap-based buffer over-read in ...)
- {DSA-4712-1 DLA-1785-1}
+ {DSA-4712-1 DLA-2333-1 DLA-1785-1}
- imagemagick 8:6.9.11.24+dfsg-1 (bug #928207)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1555
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/1d6c036f0388d7857c725342f7212b60e39a14c1
@@ -83175,7 +83178,7 @@ CVE-2019-11473 (coders/xwd.c in GraphicsMagick 1.3.31 allows attackers to cause
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/944dcbc457f8
NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53d4a99c6dad
CVE-2019-11472 (ReadXWDImage in coders/xwd.c in the XWD image parsing component of Ima ...)
- {DSA-4712-1}
+ {DSA-4712-1 DLA-2333-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927828)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1546
@@ -83186,7 +83189,7 @@ CVE-2019-11471 (libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::
NOTE: https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014
NOTE: https://github.com/strukturag/libheif/issues/123
CVE-2019-11470 (The cineon parsing component in ImageMagick 7.0.8-26 Q16 allows attack ...)
- {DSA-4712-1 DLA-1968-1}
+ {DSA-4712-1 DLA-2333-1 DLA-1968-1}
- imagemagick 8:6.9.11.24+dfsg-1 (low; bug #927830)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1472
NOTE: https://github.com/ImageMagick/ImageMagick6/commit/a0473b29add9521ffd4c74f6f623b418811762b0
@@ -86895,6 +86898,7 @@ CVE-2019-10132 (A vulnerability was found in libvirt >= 4.1.0 in the virtlock
[jessie] - libvirt <not-affected> (Vulnerable code introduced in 4.1.0-rc1)
NOTE: https://security.libvirt.org/2019/0003.html
CVE-2019-10131 (An off-by-one read vulnerability was discovered in ImageMagick before ...)
+ {DLA-2333-1}
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick 8:6.9.10.2+dfsg-2
[jessie] - imagemagick <no-dsa> (Minor issue)
@@ -101442,7 +101446,7 @@ CVE-2019-5026
REJECTED
CVE-2019-5025
REJECTED
-CVE-2019-5024 (A restricted environment escape vulnerability exists in the "kiosk mod ...)
+CVE-2019-5024 (A restricted environment escape vulnerability exists in the “kio ...)
NOT-FOR-US: Capsule Technologies SmartLinx Neuron
CVE-2019-5023 (An exploitable vulnerability exists in the grsecurity PaX patch for th ...)
- linux-grsec <removed>
@@ -105692,6 +105696,7 @@ CVE-2018-20469 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0
CVE-2018-20468 (An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A we ...)
NOT-FOR-US: Tyto Sahi Pro
CVE-2018-20467 (In coders/bmp.c in ImageMagick before 7.0.8-16, an input file can resu ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.10.23+dfsg-1 (low; bug #917326)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1408
@@ -119882,6 +119887,7 @@ CVE-2018-18025 (In ImageMagick 7.0.8-13 Q16, there is a heap-based buffer over-r
NOTE: https://github.com/ImageMagick/ImageMagick/commit/1a22fc0c8837838e60daecc0bf01648f359dd6fd
NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/394b3e6edf74d1337ce338927da053bb40c00ae9
CVE-2018-18024 (In ImageMagick 7.0.8-13 Q16, there is an infinite loop in the ReadBMPI ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.10.14+dfsg-1 (low)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1337
@@ -128989,6 +128995,7 @@ CVE-2016-10728 (An issue was discovered in Suricata before 3.1.2. If an ICMPv4 e
CVE-2018-14552
RESERVED
CVE-2018-14551 (The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 use ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.10.8+dfsg-1 (bug #904713)
[jessie] - imagemagick <not-affected> (vulnerable code not present)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/1221
@@ -140934,6 +140941,7 @@ CVE-2018-10179
CVE-2018-10178 (The FromDocToPDF extension before 13.611.13.2303 for Chrome allows rem ...)
NOT-FOR-US: FromDocToPDF extension for Ghrome
CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the ReadOneMNGIm ...)
+ {DLA-2333-1}
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick 8:6.9.10.2+dfsg-2 (bug #896018)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -143539,6 +143547,7 @@ CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-re
CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename acti ...)
NOT-FOR-US: DedeCMS
CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...)
+ {DLA-2333-1}
[experimental] - imagemagick 8:6.9.10.2+dfsg-1
- imagemagick 8:6.9.10.2+dfsg-2 (low; bug #894848)
[jessie] - imagemagick <ignored> (Minor issue)
@@ -143794,6 +143803,7 @@ CVE-2017-18253 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer der
NOTE: https://github.com/ImageMagick/ImageMagick/issues/794
NOTE: https://github.com/ImageMagick/ImageMagick/commit/de5deab202c340162b65f65bafbbe17b1eda2c1a
CVE-2017-18252 (An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList fun ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
@@ -143966,6 +143976,7 @@ CVE-2018-8961 (In libming 0.4.8, the decompilePUSHPARAM function of decompile.c
[wheezy] - ming 1:0.4.4-1.1+deb7u8
NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8960 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q1 ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.9.39+dfsg-1 (low)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
@@ -144415,6 +144426,7 @@ CVE-2018-8806 (In libming 0.4.8, there is a use-after-free in the decompileArith
CVE-2018-8805 (Yxcms building system (compatible cell phone) v1.4.7 has XSS via the c ...)
NOT-FOR-US: Yxcms
CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remot ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.9.39+dfsg-1 (low)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <ignored> (Minor issue)
@@ -148160,7 +148172,7 @@ CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the SAXP
NOTE: https://github.com/jgraph/mxgraph/issues/124
NOTE: https://bitbucket.org/jgraph/mxgraph2/commits/7d159ca3259b961cbb1c51b4ea42cb408c624ff1
CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q1 ...)
- {DLA-1293-1}
+ {DLA-2333-1 DLA-1293-1}
- imagemagick 8:6.9.9.39+dfsg-1 (low; bug #891291)
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/999
@@ -165492,6 +165504,7 @@ CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was foun
NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
NOTE: https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885941)
[jessie] - imagemagick <ignored> (Minor issue)
[wheezy] - imagemagick <not-affected> (vulnerable code not present, unreproducible)
@@ -183711,6 +183724,7 @@ CVE-2017-12806 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was fo
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/660
CVE-2017-12805 (In ImageMagick 7.0.6-6, a memory exhaustion vulnerability was found in ...)
+ {DLA-2333-1}
- imagemagick 8:6.9.9.34+dfsg-3
[jessie] - imagemagick <ignored> (Minor issue)
NOTE: https://github.com/ImageMagick/ImageMagick/issues/664
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9c8d891d32c372f2afbfdc51a48751cce9eb053
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b9c8d891d32c372f2afbfdc51a48751cce9eb053
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200818/d48e4a26/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list