[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Mar 26 08:10:58 GMT 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
954870b6 by security tracker role at 2020-03-26T08:10:51+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...)
+ TODO: check
+CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...)
+ TODO: check
+CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...)
+ TODO: check
+CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...)
+ TODO: check
+CVE-2020-10962
+ RESERVED
+CVE-2020-10961
+ RESERVED
+CVE-2020-10960
+ RESERVED
+CVE-2020-10959
+ RESERVED
+CVE-2020-10958
+ RESERVED
+CVE-2020-10957
+ RESERVED
+CVE-2020-10956
+ RESERVED
+CVE-2020-10955
+ RESERVED
+CVE-2020-10954
+ RESERVED
+CVE-2020-10953
+ RESERVED
+CVE-2020-10952
+ RESERVED
CVE-2020-10951
RESERVED
CVE-2020-10950
@@ -128,22 +158,22 @@ CVE-2020-10890
RESERVED
CVE-2020-10889
RESERVED
-CVE-2020-10888
- RESERVED
-CVE-2020-10887
- RESERVED
-CVE-2020-10886
- RESERVED
-CVE-2020-10885
- RESERVED
-CVE-2020-10884
- RESERVED
-CVE-2020-10883
- RESERVED
-CVE-2020-10882
- RESERVED
-CVE-2020-10881
- RESERVED
+CVE-2020-10888 (This vulnerability allows remote attackers to bypass authentication on ...)
+ TODO: check
+CVE-2020-10887 (This vulnerability allows a firewall bypass on affected installations ...)
+ TODO: check
+CVE-2020-10886 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-10885 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
+CVE-2020-10884 (This vulnerability allows network-adjacent attackers execute arbitrary ...)
+ TODO: check
+CVE-2020-10883 (This vulnerability allows local attackers to escalate privileges on af ...)
+ TODO: check
+CVE-2020-10882 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+ TODO: check
+CVE-2020-10881 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+ TODO: check
CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
TODO: check
CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
@@ -1765,8 +1795,8 @@ CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool. Th
NOT-FOR-US: MISP
CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is ...)
NOT-FOR-US: MISP
-CVE-2020-10245
- RESERVED
+CVE-2020-10245 (CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control run ...)
+ TODO: check
CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...)
NOT-FOR-US: JPaseto
CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...)
@@ -3363,8 +3393,8 @@ CVE-2020-9522
RESERVED
CVE-2020-9521
RESERVED
-CVE-2020-9520
- RESERVED
+CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...)
+ TODO: check
CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...)
NOT-FOR-US: Micro Focus
CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...)
@@ -9614,12 +9644,10 @@ CVE-2020-6818
RESERVED
CVE-2020-6817
RESERVED
-CVE-2020-6815
- RESERVED
+CVE-2020-6815 (Mozilla developers reported memory safety and script safety bugs prese ...)
- firefox 74.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
-CVE-2020-6814
- RESERVED
+CVE-2020-6814 (Mozilla developers reported memory safety bugs present in Firefox and ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -9627,12 +9655,10 @@ CVE-2020-6814
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6814
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814
-CVE-2020-6813
- RESERVED
+CVE-2020-6813 (When protecting CSS blocks with the nonce feature of Content Security ...)
- firefox 74.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
-CVE-2020-6812
- RESERVED
+CVE-2020-6812 (The first time AirPods are connected to an iPhone, they become named a ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -9640,8 +9666,7 @@ CVE-2020-6812
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6812
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
-CVE-2020-6811
- RESERVED
+CVE-2020-6811 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -9649,20 +9674,16 @@ CVE-2020-6811
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
-CVE-2020-6810
- RESERVED
+CVE-2020-6810 (After a website had entered fullscreen mode, it could have used a prev ...)
- firefox 74.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810
-CVE-2020-6809
- RESERVED
+CVE-2020-6809 (When a Web Extension had the all-urls permission and made a fetch requ ...)
- firefox 74.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809
-CVE-2020-6808
- RESERVED
+CVE-2020-6808 (When a JavaScript URL (javascript:) is evaluated and the result is a s ...)
- firefox 74.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
-CVE-2020-6807
- RESERVED
+CVE-2020-6807 (When a device was changed while a stream was about to be destroyed, th ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -9670,8 +9691,7 @@ CVE-2020-6807
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6807
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
-CVE-2020-6806
- RESERVED
+CVE-2020-6806 (By carefully crafting promise resolutions, it was possible to cause an ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -9679,8 +9699,7 @@ CVE-2020-6806
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6806
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
-CVE-2020-6805
- RESERVED
+CVE-2020-6805 (When removing data about an origin whose tab was recently closed, a us ...)
{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
- firefox 74.0-1
- firefox-esr 68.6.0esr-1
@@ -12950,10 +12969,10 @@ CVE-2020-5342 (Dell Digital Delivery versions prior to 3.5.2015 contain an incor
NOT-FOR-US: Dell
CVE-2020-5341
RESERVED
-CVE-2020-5340
- RESERVED
-CVE-2020-5339
- RESERVED
+CVE-2020-5340 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...)
+ TODO: check
+CVE-2020-5339 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...)
+ TODO: check
CVE-2020-5338
RESERVED
CVE-2020-5337
@@ -13769,8 +13788,8 @@ CVE-2020-5131
RESERVED
CVE-2020-5130
RESERVED
-CVE-2020-5129
- RESERVED
+CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows a ...)
+ TODO: check
CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...)
NOT-FOR-US: Nagios XI
CVE-2019-20196
@@ -17388,8 +17407,8 @@ CVE-2020-3810
RESERVED
CVE-2020-3809
RESERVED
-CVE-2020-3808
- RESERVED
+CVE-2020-3808 (Creative Cloud Desktop Application versions 5.0 and earlier have a tim ...)
+ TODO: check
CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
TODO: check
CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
@@ -17416,56 +17435,56 @@ CVE-2020-3796
RESERVED
CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
TODO: check
-CVE-2020-3794
- RESERVED
+CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file i ...)
+ TODO: check
CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
TODO: check
CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
TODO: check
-CVE-2020-3791
- RESERVED
-CVE-2020-3790
- RESERVED
-CVE-2020-3789
- RESERVED
-CVE-2020-3788
- RESERVED
-CVE-2020-3787
- RESERVED
-CVE-2020-3786
- RESERVED
-CVE-2020-3785
- RESERVED
-CVE-2020-3784
- RESERVED
-CVE-2020-3783
- RESERVED
-CVE-2020-3782
- RESERVED
-CVE-2020-3781
- RESERVED
-CVE-2020-3780
- RESERVED
-CVE-2020-3779
- RESERVED
-CVE-2020-3778
- RESERVED
-CVE-2020-3777
- RESERVED
-CVE-2020-3776
- RESERVED
-CVE-2020-3775
- RESERVED
-CVE-2020-3774
- RESERVED
-CVE-2020-3773
- RESERVED
-CVE-2020-3772
- RESERVED
-CVE-2020-3771
- RESERVED
-CVE-2020-3770
- RESERVED
+CVE-2020-3791 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3790 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3789 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3788 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3787 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3786 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3785 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3784 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3783 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3782 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3781 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3780 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3779 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3778 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...)
+ TODO: check
+CVE-2020-3777 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3776 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3775 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3774 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3773 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3772 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3771 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
+CVE-2020-3770 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+ TODO: check
CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...)
TODO: check
CVE-2020-3768
@@ -17482,8 +17501,8 @@ CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 201
NOT-FOR-US: Adobe
CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
NOT-FOR-US: Adobe
-CVE-2020-3761
- RESERVED
+CVE-2020-3761 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote ...)
+ TODO: check
CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...)
NOT-FOR-US: Adobe
CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/954870b6582fabdaca0d4a4a065c3ff672959ef1
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/954870b6582fabdaca0d4a4a065c3ff672959ef1
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200326/be46bcbb/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list