[Git][security-tracker-team/security-tracker][master] automatic update

Salvatore Bonaccorso carnil at debian.org
Thu Mar 26 08:10:58 GMT 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
954870b6 by security tracker role at 2020-03-26T08:10:51+00:00
automatic update

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,33 @@
+CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...)
+	TODO: check
+CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...)
+	TODO: check
+CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...)
+	TODO: check
+CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...)
+	TODO: check
+CVE-2020-10962
+	RESERVED
+CVE-2020-10961
+	RESERVED
+CVE-2020-10960
+	RESERVED
+CVE-2020-10959
+	RESERVED
+CVE-2020-10958
+	RESERVED
+CVE-2020-10957
+	RESERVED
+CVE-2020-10956
+	RESERVED
+CVE-2020-10955
+	RESERVED
+CVE-2020-10954
+	RESERVED
+CVE-2020-10953
+	RESERVED
+CVE-2020-10952
+	RESERVED
 CVE-2020-10951
 	RESERVED
 CVE-2020-10950
@@ -128,22 +158,22 @@ CVE-2020-10890
 	RESERVED
 CVE-2020-10889
 	RESERVED
-CVE-2020-10888
-	RESERVED
-CVE-2020-10887
-	RESERVED
-CVE-2020-10886
-	RESERVED
-CVE-2020-10885
-	RESERVED
-CVE-2020-10884
-	RESERVED
-CVE-2020-10883
-	RESERVED
-CVE-2020-10882
-	RESERVED
-CVE-2020-10881
-	RESERVED
+CVE-2020-10888 (This vulnerability allows remote attackers to bypass authentication on ...)
+	TODO: check
+CVE-2020-10887 (This vulnerability allows a firewall bypass on affected installations  ...)
+	TODO: check
+CVE-2020-10886 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10885 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
+CVE-2020-10884 (This vulnerability allows network-adjacent attackers execute arbitrary ...)
+	TODO: check
+CVE-2020-10883 (This vulnerability allows local attackers to escalate privileges on af ...)
+	TODO: check
+CVE-2020-10882 (This vulnerability allows network-adjacent attackers to execute arbitr ...)
+	TODO: check
+CVE-2020-10881 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+	TODO: check
 CVE-2019-20632 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
 	TODO: check
 CVE-2019-20631 (An issue was discovered in libgpac.a in GPAC before 0.8.0, as demonstr ...)
@@ -1765,8 +1795,8 @@ CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool. Th
 	NOT-FOR-US: MISP
 CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is ...)
 	NOT-FOR-US: MISP
-CVE-2020-10245
-	RESERVED
+CVE-2020-10245 (CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control run ...)
+	TODO: check
 CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...)
 	NOT-FOR-US: JPaseto
 CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...)
@@ -3363,8 +3393,8 @@ CVE-2020-9522
 	RESERVED
 CVE-2020-9521
 	RESERVED
-CVE-2020-9520
-	RESERVED
+CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...)
+	TODO: check
 CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...)
 	NOT-FOR-US: Micro Focus
 CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...)
@@ -9614,12 +9644,10 @@ CVE-2020-6818
 	RESERVED
 CVE-2020-6817
 	RESERVED
-CVE-2020-6815
-	RESERVED
+CVE-2020-6815 (Mozilla developers reported memory safety and script safety bugs prese ...)
 	- firefox 74.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
-CVE-2020-6814
-	RESERVED
+CVE-2020-6814 (Mozilla developers reported memory safety bugs present in Firefox and  ...)
 	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
 	- firefox 74.0-1
 	- firefox-esr 68.6.0esr-1
@@ -9627,12 +9655,10 @@ CVE-2020-6814
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6814
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814
-CVE-2020-6813
-	RESERVED
+CVE-2020-6813 (When protecting CSS blocks with the nonce feature of Content Security  ...)
 	- firefox 74.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
-CVE-2020-6812
-	RESERVED
+CVE-2020-6812 (The first time AirPods are connected to an iPhone, they become named a ...)
 	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
 	- firefox 74.0-1
 	- firefox-esr 68.6.0esr-1
@@ -9640,8 +9666,7 @@ CVE-2020-6812
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6812
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
-CVE-2020-6811
-	RESERVED
+CVE-2020-6811 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...)
 	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
 	- firefox 74.0-1
 	- firefox-esr 68.6.0esr-1
@@ -9649,20 +9674,16 @@ CVE-2020-6811
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811
-CVE-2020-6810
-	RESERVED
+CVE-2020-6810 (After a website had entered fullscreen mode, it could have used a prev ...)
 	- firefox 74.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810
-CVE-2020-6809
-	RESERVED
+CVE-2020-6809 (When a Web Extension had the all-urls permission and made a fetch requ ...)
 	- firefox 74.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809
-CVE-2020-6808
-	RESERVED
+CVE-2020-6808 (When a JavaScript URL (javascript:) is evaluated and the result is a s ...)
 	- firefox 74.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
-CVE-2020-6807
-	RESERVED
+CVE-2020-6807 (When a device was changed while a stream was about to be destroyed, th ...)
 	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
 	- firefox 74.0-1
 	- firefox-esr 68.6.0esr-1
@@ -9670,8 +9691,7 @@ CVE-2020-6807
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6807
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
-CVE-2020-6806
-	RESERVED
+CVE-2020-6806 (By carefully crafting promise resolutions, it was possible to cause an ...)
 	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
 	- firefox 74.0-1
 	- firefox-esr 68.6.0esr-1
@@ -9679,8 +9699,7 @@ CVE-2020-6806
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6806
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
-CVE-2020-6805
-	RESERVED
+CVE-2020-6805 (When removing data about an origin whose tab was recently closed, a us ...)
 	{DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1}
 	- firefox 74.0-1
 	- firefox-esr 68.6.0esr-1
@@ -12950,10 +12969,10 @@ CVE-2020-5342 (Dell Digital Delivery versions prior to 3.5.2015 contain an incor
 	NOT-FOR-US: Dell
 CVE-2020-5341
 	RESERVED
-CVE-2020-5340
-	RESERVED
-CVE-2020-5339
-	RESERVED
+CVE-2020-5340 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored  ...)
+	TODO: check
+CVE-2020-5339 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored  ...)
+	TODO: check
 CVE-2020-5338
 	RESERVED
 CVE-2020-5337
@@ -13769,8 +13788,8 @@ CVE-2020-5131
 	RESERVED
 CVE-2020-5130
 	RESERVED
-CVE-2020-5129
-	RESERVED
+CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows a ...)
+	TODO: check
 CVE-2019-20197 (In Nagios XI 5.6.9, an authenticated user is able to execute arbitrary ...)
 	NOT-FOR-US: Nagios XI
 CVE-2019-20196
@@ -17388,8 +17407,8 @@ CVE-2020-3810
 	RESERVED
 CVE-2020-3809
 	RESERVED
-CVE-2020-3808
-	RESERVED
+CVE-2020-3808 (Creative Cloud Desktop Application versions 5.0 and earlier have a tim ...)
+	TODO: check
 CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
 	TODO: check
 CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
@@ -17416,56 +17435,56 @@ CVE-2020-3796
 	RESERVED
 CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
 	TODO: check
-CVE-2020-3794
-	RESERVED
+CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file i ...)
+	TODO: check
 CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
 	TODO: check
 CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...)
 	TODO: check
-CVE-2020-3791
-	RESERVED
-CVE-2020-3790
-	RESERVED
-CVE-2020-3789
-	RESERVED
-CVE-2020-3788
-	RESERVED
-CVE-2020-3787
-	RESERVED
-CVE-2020-3786
-	RESERVED
-CVE-2020-3785
-	RESERVED
-CVE-2020-3784
-	RESERVED
-CVE-2020-3783
-	RESERVED
-CVE-2020-3782
-	RESERVED
-CVE-2020-3781
-	RESERVED
-CVE-2020-3780
-	RESERVED
-CVE-2020-3779
-	RESERVED
-CVE-2020-3778
-	RESERVED
-CVE-2020-3777
-	RESERVED
-CVE-2020-3776
-	RESERVED
-CVE-2020-3775
-	RESERVED
-CVE-2020-3774
-	RESERVED
-CVE-2020-3773
-	RESERVED
-CVE-2020-3772
-	RESERVED
-CVE-2020-3771
-	RESERVED
-CVE-2020-3770
-	RESERVED
+CVE-2020-3791 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3790 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3789 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3788 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3787 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3786 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3785 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3784 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3783 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3782 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3781 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3780 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3779 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3778 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...)
+	TODO: check
+CVE-2020-3777 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3776 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3775 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3774 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3773 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3772 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3771 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
+CVE-2020-3770 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...)
+	TODO: check
 CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...)
 	TODO: check
 CVE-2020-3768
@@ -17482,8 +17501,8 @@ CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 201
 	NOT-FOR-US: Adobe
 CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
 	NOT-FOR-US: Adobe
-CVE-2020-3761
-	RESERVED
+CVE-2020-3761 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote ...)
+	TODO: check
 CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...)
 	NOT-FOR-US: Adobe
 CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/954870b6582fabdaca0d4a4a065c3ff672959ef1

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/954870b6582fabdaca0d4a4a065c3ff672959ef1
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200326/be46bcbb/attachment-0001.html>


More information about the debian-security-tracker-commits mailing list