[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Mon Dec 14 20:10:26 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
69f69d0a by security tracker role at 2020-12-14T20:10:18+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,425 @@
+CVE-2020-35452
+ RESERVED
+CVE-2020-35451
+ RESERVED
+CVE-2020-35450
+ RESERVED
+CVE-2020-35449
+ RESERVED
+CVE-2020-35448
+ RESERVED
+CVE-2020-35447
+ RESERVED
+CVE-2020-35446
+ RESERVED
+CVE-2020-35445
+ RESERVED
+CVE-2020-35444
+ RESERVED
+CVE-2020-35443
+ RESERVED
+CVE-2020-35442
+ RESERVED
+CVE-2020-35441
+ RESERVED
+CVE-2020-35440
+ RESERVED
+CVE-2020-35439
+ RESERVED
+CVE-2020-35438
+ RESERVED
+CVE-2020-35437
+ RESERVED
+CVE-2020-35436
+ RESERVED
+CVE-2020-35435
+ RESERVED
+CVE-2020-35434
+ RESERVED
+CVE-2020-35433
+ RESERVED
+CVE-2020-35432
+ RESERVED
+CVE-2020-35431
+ RESERVED
+CVE-2020-35430
+ RESERVED
+CVE-2020-35429
+ RESERVED
+CVE-2020-35428
+ RESERVED
+CVE-2020-35427
+ RESERVED
+CVE-2020-35426
+ RESERVED
+CVE-2020-35425
+ RESERVED
+CVE-2020-35424
+ RESERVED
+CVE-2020-35423
+ RESERVED
+CVE-2020-35422
+ RESERVED
+CVE-2020-35421
+ RESERVED
+CVE-2020-35420
+ RESERVED
+CVE-2020-35419
+ RESERVED
+CVE-2020-35418
+ RESERVED
+CVE-2020-35417
+ RESERVED
+CVE-2020-35416
+ RESERVED
+CVE-2020-35415
+ RESERVED
+CVE-2020-35414
+ RESERVED
+CVE-2020-35413
+ RESERVED
+CVE-2020-35412
+ RESERVED
+CVE-2020-35411
+ RESERVED
+CVE-2020-35410
+ RESERVED
+CVE-2020-35409
+ RESERVED
+CVE-2020-35408
+ RESERVED
+CVE-2020-35407
+ RESERVED
+CVE-2020-35406
+ RESERVED
+CVE-2020-35405
+ RESERVED
+CVE-2020-35404
+ RESERVED
+CVE-2020-35403
+ RESERVED
+CVE-2020-35402
+ RESERVED
+CVE-2020-35401
+ RESERVED
+CVE-2020-35400
+ RESERVED
+CVE-2020-35399
+ RESERVED
+CVE-2020-35398
+ RESERVED
+CVE-2020-35397
+ RESERVED
+CVE-2020-35396
+ RESERVED
+CVE-2020-35395
+ RESERVED
+CVE-2020-35394
+ RESERVED
+CVE-2020-35393
+ RESERVED
+CVE-2020-35392
+ RESERVED
+CVE-2020-35391
+ RESERVED
+CVE-2020-35390
+ RESERVED
+CVE-2020-35389
+ RESERVED
+CVE-2020-35388
+ RESERVED
+CVE-2020-35387
+ RESERVED
+CVE-2020-35386
+ RESERVED
+CVE-2020-35385
+ RESERVED
+CVE-2020-35384
+ RESERVED
+CVE-2020-35383
+ RESERVED
+CVE-2020-35382 (SQL Injection in Classbooking before 2.4.1 via the username field of a ...)
+ TODO: check
+CVE-2020-35381
+ RESERVED
+CVE-2020-35380
+ RESERVED
+CVE-2020-35379
+ RESERVED
+CVE-2020-35378 (SQL Injection in the login page in Online Bus Ticket Reservation 1.0 a ...)
+ TODO: check
+CVE-2020-35377
+ RESERVED
+CVE-2020-35376
+ RESERVED
+CVE-2020-35375
+ RESERVED
+CVE-2020-35374
+ RESERVED
+CVE-2020-35373
+ RESERVED
+CVE-2020-35372
+ RESERVED
+CVE-2020-35371
+ RESERVED
+CVE-2020-35370
+ RESERVED
+CVE-2020-35369
+ RESERVED
+CVE-2020-35368
+ RESERVED
+CVE-2020-35367
+ RESERVED
+CVE-2020-35366
+ RESERVED
+CVE-2020-35365
+ RESERVED
+CVE-2020-35364
+ RESERVED
+CVE-2020-35363
+ RESERVED
+CVE-2020-35362
+ RESERVED
+CVE-2020-35361
+ RESERVED
+CVE-2020-35360
+ RESERVED
+CVE-2020-35359
+ RESERVED
+CVE-2020-35358
+ RESERVED
+CVE-2020-35357
+ RESERVED
+CVE-2020-35356
+ RESERVED
+CVE-2020-35355
+ RESERVED
+CVE-2020-35354
+ RESERVED
+CVE-2020-35353
+ RESERVED
+CVE-2020-35352
+ RESERVED
+CVE-2020-35351
+ RESERVED
+CVE-2020-35350
+ RESERVED
+CVE-2020-35349
+ RESERVED
+CVE-2020-35348
+ RESERVED
+CVE-2020-35347
+ RESERVED
+CVE-2020-35346
+ RESERVED
+CVE-2020-35345
+ RESERVED
+CVE-2020-35344
+ RESERVED
+CVE-2020-35343
+ RESERVED
+CVE-2020-35342
+ RESERVED
+CVE-2020-35341
+ RESERVED
+CVE-2020-35340
+ RESERVED
+CVE-2020-35339
+ RESERVED
+CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...)
+ TODO: check
+CVE-2020-35337
+ RESERVED
+CVE-2020-35336
+ RESERVED
+CVE-2020-35335
+ RESERVED
+CVE-2020-35334
+ RESERVED
+CVE-2020-35333
+ RESERVED
+CVE-2020-35332
+ RESERVED
+CVE-2020-35331
+ RESERVED
+CVE-2020-35330
+ RESERVED
+CVE-2020-35329
+ RESERVED
+CVE-2020-35328
+ RESERVED
+CVE-2020-35327
+ RESERVED
+CVE-2020-35326
+ RESERVED
+CVE-2020-35325
+ RESERVED
+CVE-2020-35324
+ RESERVED
+CVE-2020-35323
+ RESERVED
+CVE-2020-35322
+ RESERVED
+CVE-2020-35321
+ RESERVED
+CVE-2020-35320
+ RESERVED
+CVE-2020-35319
+ RESERVED
+CVE-2020-35318
+ RESERVED
+CVE-2020-35317
+ RESERVED
+CVE-2020-35316
+ RESERVED
+CVE-2020-35315
+ RESERVED
+CVE-2020-35314
+ RESERVED
+CVE-2020-35313
+ RESERVED
+CVE-2020-35312
+ RESERVED
+CVE-2020-35311
+ RESERVED
+CVE-2020-35310
+ RESERVED
+CVE-2020-35309
+ RESERVED
+CVE-2020-35308
+ RESERVED
+CVE-2020-35307
+ RESERVED
+CVE-2020-35306
+ RESERVED
+CVE-2020-35305
+ RESERVED
+CVE-2020-35304
+ RESERVED
+CVE-2020-35303
+ RESERVED
+CVE-2020-35302
+ RESERVED
+CVE-2020-35301
+ RESERVED
+CVE-2020-35300
+ RESERVED
+CVE-2020-35299
+ RESERVED
+CVE-2020-35298
+ RESERVED
+CVE-2020-35297
+ RESERVED
+CVE-2020-35296
+ RESERVED
+CVE-2020-35295
+ RESERVED
+CVE-2020-35294
+ RESERVED
+CVE-2020-35293
+ RESERVED
+CVE-2020-35292
+ RESERVED
+CVE-2020-35291
+ RESERVED
+CVE-2020-35290
+ RESERVED
+CVE-2020-35289
+ RESERVED
+CVE-2020-35288
+ RESERVED
+CVE-2020-35287
+ RESERVED
+CVE-2020-35286
+ RESERVED
+CVE-2020-35285
+ RESERVED
+CVE-2020-35284
+ RESERVED
+CVE-2020-35283
+ RESERVED
+CVE-2020-35282
+ RESERVED
+CVE-2020-35281
+ RESERVED
+CVE-2020-35280
+ RESERVED
+CVE-2020-35279
+ RESERVED
+CVE-2020-35278
+ RESERVED
+CVE-2020-35277
+ RESERVED
+CVE-2020-35276
+ RESERVED
+CVE-2020-35275
+ RESERVED
+CVE-2020-35274
+ RESERVED
+CVE-2020-35273
+ RESERVED
+CVE-2020-35272
+ RESERVED
+CVE-2020-35271
+ RESERVED
+CVE-2020-35270
+ RESERVED
+CVE-2020-35269
+ RESERVED
+CVE-2020-35268
+ RESERVED
+CVE-2020-35267
+ RESERVED
+CVE-2020-35266
+ RESERVED
+CVE-2020-35265
+ RESERVED
+CVE-2020-35264
+ RESERVED
+CVE-2020-35263
+ RESERVED
+CVE-2020-35262
+ RESERVED
+CVE-2020-35261
+ RESERVED
+CVE-2020-35260
+ RESERVED
+CVE-2020-35259
+ RESERVED
+CVE-2020-35258
+ RESERVED
+CVE-2020-35257
+ RESERVED
+CVE-2020-35256
+ RESERVED
+CVE-2020-35255
+ RESERVED
+CVE-2020-35254
+ RESERVED
+CVE-2020-35253
+ RESERVED
+CVE-2020-35252
+ RESERVED
+CVE-2020-35251
+ RESERVED
+CVE-2020-35250
+ RESERVED
+CVE-2020-35249
+ RESERVED
+CVE-2020-35248
+ RESERVED
+CVE-2020-35247
+ RESERVED
+CVE-2020-35246
+ RESERVED
+CVE-2020-35245
+ RESERVED
+CVE-2020-35244
+ RESERVED
+CVE-2020-35243
+ RESERVED
+CVE-2020-35242
+ RESERVED
CVE-2020-35241
RESERVED
CVE-2020-35240
@@ -3021,8 +3443,8 @@ CVE-2020-29229
RESERVED
CVE-2020-29228
RESERVED
-CVE-2020-29227
- RESERVED
+CVE-2020-29227 (An issue was discovered in Car Rental Management System 1.0. An unauth ...)
+ TODO: check
CVE-2020-29226
RESERVED
CVE-2020-29225
@@ -3845,14 +4267,14 @@ CVE-2020-28861
RESERVED
CVE-2020-28860
RESERVED
-CVE-2020-28859
- RESERVED
-CVE-2020-28858
- RESERVED
-CVE-2020-28857
- RESERVED
-CVE-2020-28856
- RESERVED
+CVE-2020-28859 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
+ TODO: check
+CVE-2020-28858 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
+ TODO: check
+CVE-2020-28857 (OpenAsset Digital Asset Management (DAM) through 12.0.19, does not cor ...)
+ TODO: check
+CVE-2020-28856 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...)
+ TODO: check
CVE-2020-28855
RESERVED
CVE-2020-28854
@@ -6042,7 +6464,7 @@ CVE-2020-28362 (Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Serv
NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ
NOTE: https://github.com/golang/go/issues/42552
CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 co ...)
- {DLA-2483-1}
+ {DLA-2494-1 DLA-2483-1}
- linux 5.9.9-1
[buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/3c4e0dff2095c579b142d5a0693257f1c58b4804
@@ -10004,12 +10426,12 @@ CVE-2020-27602 (BigBlueButton before 2.2.7 does not have a protection mechanism
CVE-2020-27601 (In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat do ...)
NOT-FOR-US: BigBlueButton
CVE-2020-27673 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
- {DLA-2483-1}
+ {DLA-2494-1 DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://xenbits.xen.org/xsa/advisory-332.html
CVE-2020-27675 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...)
- {DLA-2483-1}
+ {DLA-2494-1 DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://xenbits.xen.org/xsa/advisory-331.html
@@ -14239,13 +14661,13 @@ CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_i
NOTE: https://github.com/Cacti/cacti/issues/3723
NOTE: https://github.com/Cacti/cacti/commit/39458efcd5286d50e6b7f905fedcdc1059354e6e
CVE-2020-25705 (A flaw in the way reply ICMP packets are limited in the Linux kernel f ...)
- {DLA-2483-1}
+ {DLA-2494-1 DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5
NOTE: https://www.saddns.net/
CVE-2020-25704 (A flaw memory leak in the Linux kernel performance monitoring subsyste ...)
- {DLA-2483-1}
+ {DLA-2494-1 DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://git.kernel.org/linus/7bdb157cdebbf95a1cd94ed2e01b338714075d00
@@ -14367,13 +14789,13 @@ CVE-2020-25670
NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1
CVE-2020-25669
RESERVED
- {DLA-2483-1}
+ {DLA-2494-1 DLA-2483-1}
- linux 5.9.11-1
[buster] - linux 4.19.160-1
NOTE: https://www.openwall.com/lists/oss-security/2020/11/05/2
CVE-2020-25668 [concurrency use-after-free in vt]
RESERVED
- {DLA-2483-1}
+ {DLA-2494-1 DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/30/1
@@ -14447,7 +14869,7 @@ CVE-2020-25657
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889823
NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/285
CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found in th ...)
- {DLA-2483-1}
+ {DLA-2494-1 DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://www.openwall.com/lists/oss-security/2020/10/16/1
@@ -14498,7 +14920,7 @@ CVE-2020-25647
CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. openssl_priva ...)
TODO: check
CVE-2020-25645 (A flaw was found in the Linux kernel in versions before 5.9-rc7. Traff ...)
- {DSA-4774-1 DLA-2417-1}
+ {DSA-4774-1 DLA-2494-1 DLA-2417-1}
- linux 5.8.14-1
NOTE: https://git.kernel.org/linus/34beb21594519ce64a55a498c2fe7d567bc1ca20
CVE-2020-25644 (A memory leak flaw was found in WildFly OpenSSL in versions prior to 1 ...)
@@ -15597,16 +16019,16 @@ CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffe
NOT-FOR-US: WECON PLC Editor
CVE-2020-25180
RESERVED
-CVE-2020-25179
- RESERVED
+CVE-2020-25179 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...)
+ TODO: check
CVE-2020-25178
RESERVED
CVE-2020-25177 (WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer ove ...)
NOT-FOR-US: WECON PLC Editor
CVE-2020-25176
RESERVED
-CVE-2020-25175
- RESERVED
+CVE-2020-25175 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...)
+ TODO: check
CVE-2020-25174 (A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3 ...)
NOT-FOR-US: B. Braun OnlineSuite Version AP
CVE-2020-25173
@@ -25890,8 +26312,8 @@ CVE-2020-20138
RESERVED
CVE-2020-20137
RESERVED
-CVE-2020-20136
- RESERVED
+CVE-2020-20136 (QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an ...)
+ TODO: check
CVE-2020-20135
RESERVED
CVE-2020-20134
@@ -31159,13 +31581,11 @@ CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like '/tr
- airflow <itp> (bug #819700)
CVE-2020-17514
RESERVED
-CVE-2020-17513
- RESERVED
+CVE-2020-17513 (In Apache Airflow versions prior to 1.10.13, the Charts and Query View ...)
- airflow <itp> (bug #819700)
CVE-2020-17512
RESERVED
-CVE-2020-17511
- RESERVED
+CVE-2020-17511 (In Airflow versions prior to 1.10.13, when creating a user using airfl ...)
- airflow <itp> (bug #819700)
CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...)
- shiro <unfixed>
@@ -31930,95 +32350,95 @@ CVE-2020-17161
RESERVED
CVE-2020-17160 (, aka 'RETRACTED'. ...)
TODO: check
-CVE-2020-17159 (, aka 'Visual Studio Code Java Extension Pack Remote Code Execution Vu ...)
+CVE-2020-17159 (Visual Studio Code Java Extension Pack Remote Code Execution Vulnerabi ...)
NOT-FOR-US: Microsoft
-CVE-2020-17158 (, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) ...)
+CVE-2020-17158 (Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote ...)
NOT-FOR-US: Microsoft
CVE-2020-17157
RESERVED
-CVE-2020-17156 (, aka 'Visual Studio Remote Code Execution Vulnerability'. ...)
+CVE-2020-17156 (Visual Studio Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17155
RESERVED
CVE-2020-17154
RESERVED
-CVE-2020-17153 (, aka 'Microsoft Edge for Android Spoofing Vulnerability'. ...)
+CVE-2020-17153 (Microsoft Edge for Android Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17152 (, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) ...)
+CVE-2020-17152 (Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote ...)
NOT-FOR-US: Microsoft
CVE-2020-17151
RESERVED
-CVE-2020-17150 (, aka 'Visual Studio Code Remote Code Execution Vulnerability'. ...)
+CVE-2020-17150 (Visual Studio Code Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17149
RESERVED
-CVE-2020-17148 (, aka 'Visual Studio Code Remote Development Extension Remote Code Exe ...)
+CVE-2020-17148 (Visual Studio Code Remote Development Extension Remote Code Execution ...)
NOT-FOR-US: Microsoft
-CVE-2020-17147 (, aka 'Dynamics CRM Webclient Cross-site Scripting Vulnerability'. ...)
+CVE-2020-17147 (Dynamics CRM Webclient Cross-site Scripting Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17146
RESERVED
-CVE-2020-17145 (, aka 'Azure DevOps Server and Team Foundation Services Spoofing Vulne ...)
+CVE-2020-17145 (Azure DevOps Server and Team Foundation Services Spoofing Vulnerabilit ...)
NOT-FOR-US: Microsoft
-CVE-2020-17144 (, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This C ...)
+CVE-2020-17144 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
-CVE-2020-17143 (, aka 'Microsoft Exchange Information Disclosure Vulnerability'. ...)
+CVE-2020-17143 (Microsoft Exchange Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17142 (, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This C ...)
+CVE-2020-17142 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
-CVE-2020-17141 (, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This C ...)
+CVE-2020-17141 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
-CVE-2020-17140 (, aka 'Windows SMB Information Disclosure Vulnerability'. ...)
+CVE-2020-17140 (Windows SMB Information Disclosure Vulnerability ...)
TODO: check
-CVE-2020-17139 (, aka 'Windows Overlay Filter Security Feature Bypass Vulnerability'. ...)
+CVE-2020-17139 (Windows Overlay Filter Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17138 (, aka 'Windows Error Reporting Information Disclosure Vulnerability'. ...)
+CVE-2020-17138 (Windows Error Reporting Information Disclosure Vulnerability This CVE ...)
NOT-FOR-US: Microsoft
-CVE-2020-17137 (, aka 'DirectX Graphics Kernel Elevation of Privilege Vulnerability'. ...)
+CVE-2020-17137 (DirectX Graphics Kernel Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17136 (, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege V ...)
+CVE-2020-17136 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2020-17135 (, aka 'Azure DevOps Server Spoofing Vulnerability'. ...)
+CVE-2020-17135 (Azure DevOps Server Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17134 (, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege V ...)
+CVE-2020-17134 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
NOT-FOR-US: Microsoft
-CVE-2020-17133 (, aka 'Microsoft Dynamics Business Central/NAV Information Disclosure' ...)
+CVE-2020-17133 (Microsoft Dynamics Business Central/NAV Information Disclosure ...)
NOT-FOR-US: Microsoft
-CVE-2020-17132 (, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This C ...)
+CVE-2020-17132 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
-CVE-2020-17131 (, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. ...)
+CVE-2020-17131 (Chakra Scripting Engine Memory Corruption Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17130 (, aka 'Microsoft Excel Security Feature Bypass Vulnerability'. ...)
+CVE-2020-17130 (Microsoft Excel Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17129 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
+CVE-2020-17129 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
NOT-FOR-US: Microsoft
-CVE-2020-17128 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
+CVE-2020-17128 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
NOT-FOR-US: Microsoft
-CVE-2020-17127 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
+CVE-2020-17127 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
NOT-FOR-US: Microsoft
-CVE-2020-17126 (, aka 'Microsoft Excel Information Disclosure Vulnerability'. ...)
+CVE-2020-17126 (Microsoft Excel Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17125 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
+CVE-2020-17125 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
NOT-FOR-US: Microsoft
-CVE-2020-17124 (, aka 'Microsoft PowerPoint Remote Code Execution Vulnerability'. ...)
+CVE-2020-17124 (Microsoft PowerPoint Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17123 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
+CVE-2020-17123 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
NOT-FOR-US: Microsoft
-CVE-2020-17122 (, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ...)
+CVE-2020-17122 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...)
NOT-FOR-US: Microsoft
-CVE-2020-17121 (, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This ...)
+CVE-2020-17121 (Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID i ...)
NOT-FOR-US: Microsoft
-CVE-2020-17120 (, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. ...)
+CVE-2020-17120 (Microsoft SharePoint Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17119 (, aka 'Microsoft Outlook Information Disclosure Vulnerability'. ...)
+CVE-2020-17119 (Microsoft Outlook Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17118 (, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This ...)
+CVE-2020-17118 (Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID i ...)
NOT-FOR-US: Microsoft
-CVE-2020-17117 (, aka 'Microsoft Exchange Remote Code Execution Vulnerability'. This C ...)
+CVE-2020-17117 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...)
NOT-FOR-US: Microsoft
CVE-2020-17116
RESERVED
-CVE-2020-17115 (, aka 'Microsoft SharePoint Spoofing Vulnerability'. ...)
+CVE-2020-17115 (Microsoft SharePoint Spoofing Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17114
RESERVED
@@ -32042,7 +32462,7 @@ CVE-2020-17105 (AV1 Video Extension Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17104 (Visual Studio Code JSHint Extension Remote Code Execution Vulnerabilit ...)
NOT-FOR-US: Microsoft
-CVE-2020-17103 (, aka 'Windows Cloud Files Mini Filter Driver Elevation of Privilege V ...)
+CVE-2020-17103 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...)
NOT-FOR-US: Microsoft
CVE-2020-17102 (WebP Image Extensions Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
@@ -32050,27 +32470,27 @@ CVE-2020-17101 (HEIF Image Extensions Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17100 (Visual Studio Tampering Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17099 (, aka 'Windows Lock Screen Security Feature Bypass Vulnerability'. ...)
+CVE-2020-17099 (Windows Lock Screen Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17098 (, aka 'Windows GDI+ Information Disclosure Vulnerability'. ...)
+CVE-2020-17098 (Windows GDI+ Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17097 (, aka 'Windows Digital Media Receiver Elevation of Privilege Vulnerabi ...)
+CVE-2020-17097 (Windows Digital Media Receiver Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17096 (, aka 'Windows NTFS Remote Code Execution Vulnerability'. ...)
+CVE-2020-17096 (Windows NTFS Remote Code Execution Vulnerability ...)
TODO: check
-CVE-2020-17095 (, aka 'Hyper-V Remote Code Execution Vulnerability'. ...)
+CVE-2020-17095 (Hyper-V Remote Code Execution Vulnerability ...)
TODO: check
-CVE-2020-17094 (, aka 'Windows Error Reporting Information Disclosure Vulnerability'. ...)
+CVE-2020-17094 (Windows Error Reporting Information Disclosure Vulnerability This CVE ...)
NOT-FOR-US: Microsoft
CVE-2020-17093
RESERVED
-CVE-2020-17092 (, aka 'Windows Network Connections Service Elevation of Privilege Vuln ...)
+CVE-2020-17092 (Windows Network Connections Service Elevation of Privilege Vulnerabili ...)
NOT-FOR-US: Microsoft
CVE-2020-17091 (Microsoft Teams Remote Code Execution Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17090 (Microsoft Defender for Endpoint Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-17089 (, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. ...)
+CVE-2020-17089 (Microsoft SharePoint Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17088 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...)
NOT-FOR-US: Microsoft
@@ -32244,7 +32664,7 @@ CVE-2020-17004 (Windows Graphics Component Information Disclosure Vulnerability
NOT-FOR-US: Microsoft
CVE-2020-17003 (A remote code execution vulnerability exists when the Base3D rendering ...)
NOT-FOR-US: Microsoft
-CVE-2020-17002 (, aka 'Azure SDK for C Security Feature Bypass Vulnerability'. ...)
+CVE-2020-17002 (Azure SDK for C Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-17001 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...)
NOT-FOR-US: Microsoft
@@ -32256,7 +32676,7 @@ CVE-2020-16998 (DirectX Elevation of Privilege Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-16997 (Remote Desktop Protocol Server Information Disclosure Vulnerability ...)
NOT-FOR-US: Microsoft
-CVE-2020-16996 (, aka 'Kerberos Security Feature Bypass Vulnerability'. ...)
+CVE-2020-16996 (Kerberos Security Feature Bypass Vulnerability ...)
TODO: check
CVE-2020-16995 (An elevation of privilege vulnerability exists in Network Watcher Agen ...)
NOT-FOR-US: Microsoft
@@ -32306,7 +32726,7 @@ CVE-2020-16973 (An elevation of privilege vulnerability exists when the Windows
NOT-FOR-US: Microsoft
CVE-2020-16972 (An elevation of privilege vulnerability exists when the Windows Backup ...)
NOT-FOR-US: Microsoft
-CVE-2020-16971 (, aka 'Azure SDK for Java Security Feature Bypass Vulnerability'. ...)
+CVE-2020-16971 (Azure SDK for Java Security Feature Bypass Vulnerability ...)
NOT-FOR-US: Microsoft
CVE-2020-16970 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...)
NOT-FOR-US: Microsoft
@@ -32320,19 +32740,19 @@ CVE-2020-16966
RESERVED
CVE-2020-16965
RESERVED
-CVE-2020-16964 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
+CVE-2020-16964 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2020-16963 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
+CVE-2020-16963 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2020-16962 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
+CVE-2020-16962 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2020-16961 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
+CVE-2020-16961 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2020-16960 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
+CVE-2020-16960 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2020-16959 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
+CVE-2020-16959 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
NOT-FOR-US: Microsoft
-CVE-2020-16958 (, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'. Th ...)
+CVE-2020-16958 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...)
NOT-FOR-US: Microsoft
CVE-2020-16957 (A remote code execution vulnerability exists when the Microsoft Office ...)
NOT-FOR-US: Microsoft
@@ -35213,8 +35633,8 @@ CVE-2020-15735
RESERVED
CVE-2020-15734
RESERVED
-CVE-2020-15733
- RESERVED
+CVE-2020-15733 (An Origin Validation Error vulnerability in the SafePay component of B ...)
+ TODO: check
CVE-2020-15732
RESERVED
CVE-2020-15731 (An improper Input Validation vulnerability in the code handling file r ...)
@@ -39050,7 +39470,7 @@ CVE-2020-14353
CVE-2020-14352 (A flaw was found in librepo in versions before 1.12.1. A directory tra ...)
NOT-FOR-US: librepo
CVE-2020-14351 (A flaw was found in the Linux kernel. A use-after-free memory flaw was ...)
- {DLA-2483-1}
+ {DLA-2494-1 DLA-2483-1}
- linux 5.9.6-1
[buster] - linux 4.19.160-1
NOTE: https://lore.kernel.org/lkml/20200910104153.1672460-1-jolsa@kernel.org/
@@ -39344,8 +39764,8 @@ CVE-2020-14270
RESERVED
CVE-2020-14269
RESERVED
-CVE-2020-14268
- RESERVED
+CVE-2020-14268 (A vulnerability in the MIME message handling of the Notes client (vers ...)
+ TODO: check
CVE-2020-14267
RESERVED
CVE-2020-14266
@@ -39392,8 +39812,8 @@ CVE-2020-14246
RESERVED
CVE-2020-14245
RESERVED
-CVE-2020-14244
- RESERVED
+CVE-2020-14244 (A vulnerability in the MIME message handling of the Domino server (ver ...)
+ TODO: check
CVE-2020-14243
RESERVED
CVE-2020-14242
@@ -55120,7 +55540,7 @@ CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Pr
- intel-microcode 3.20201110.1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some Intel( ...)
- {DLA-2483-1}
+ {DLA-2494-1 DLA-2483-1}
- linux 5.9.9-1
[buster] - linux 4.19.160-1
NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html
@@ -72914,7 +73334,7 @@ CVE-2020-1973
CVE-2020-1972
RESERVED
CVE-2020-1971 (The X.509 GeneralName type is a generic type for representing differen ...)
- {DSA-4807-1}
+ {DSA-4807-1 DLA-2493-1 DLA-2492-1}
- openssl 1.1.1i-1
- openssl1.0 <removed>
NOTE: https://www.openssl.org/news/secadv/20201208.txt
@@ -79978,6 +80398,7 @@ CVE-2020-0429 (In l2tp_session_delete and related functions of l2tp_core.c, ther
CVE-2020-0428 (In CamX code, there is a possible use after free due to a race conditi ...)
NOT-FOR-US: Android on Pixel
CVE-2020-0427 (In create_pinctrl of core.c, there is a possible out of bounds read du ...)
+ {DLA-2494-1}
- linux 5.4.8-1
[buster] - linux 4.19.98-1
NOTE: https://git.kernel.org/linus/be4c60b563edee3712d392aaeb0943a768df7023
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69f69d0a1efbbabf951a1af084f879b993c01c3f
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/69f69d0a1efbbabf951a1af084f879b993c01c3f
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201214/7f346b61/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list