[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 1 21:10:40 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bea31b07 by security tracker role at 2020-10-01T20:10:28+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,615 @@
+CVE-2020-26510
+ RESERVED
+CVE-2020-26509
+ RESERVED
+CVE-2020-26508
+ RESERVED
+CVE-2020-26507
+ RESERVED
+CVE-2020-26506
+ RESERVED
+CVE-2020-26505
+ RESERVED
+CVE-2020-26504
+ RESERVED
+CVE-2020-26503
+ RESERVED
+CVE-2020-26502
+ RESERVED
+CVE-2020-26501
+ RESERVED
+CVE-2020-26500
+ RESERVED
+CVE-2020-26499
+ RESERVED
+CVE-2020-26498
+ RESERVED
+CVE-2020-26497
+ RESERVED
+CVE-2020-26496
+ RESERVED
+CVE-2020-26495
+ RESERVED
+CVE-2020-26494
+ RESERVED
+CVE-2020-26493
+ RESERVED
+CVE-2020-26492
+ RESERVED
+CVE-2020-26491
+ RESERVED
+CVE-2020-26490
+ RESERVED
+CVE-2020-26489
+ RESERVED
+CVE-2020-26488
+ RESERVED
+CVE-2020-26487
+ RESERVED
+CVE-2020-26486
+ RESERVED
+CVE-2020-26485
+ RESERVED
+CVE-2020-26484
+ RESERVED
+CVE-2020-26483
+ RESERVED
+CVE-2020-26482
+ RESERVED
+CVE-2020-26481
+ RESERVED
+CVE-2020-26480
+ RESERVED
+CVE-2020-26479
+ RESERVED
+CVE-2020-26478
+ RESERVED
+CVE-2020-26477
+ RESERVED
+CVE-2020-26476
+ RESERVED
+CVE-2020-26475
+ RESERVED
+CVE-2020-26474
+ RESERVED
+CVE-2020-26473
+ RESERVED
+CVE-2020-26472
+ RESERVED
+CVE-2020-26471
+ RESERVED
+CVE-2020-26470
+ RESERVED
+CVE-2020-26469
+ RESERVED
+CVE-2020-26468
+ RESERVED
+CVE-2020-26467
+ RESERVED
+CVE-2020-26466
+ RESERVED
+CVE-2020-26465
+ RESERVED
+CVE-2020-26464
+ RESERVED
+CVE-2020-26463
+ RESERVED
+CVE-2020-26462
+ RESERVED
+CVE-2020-26461
+ RESERVED
+CVE-2020-26460
+ RESERVED
+CVE-2020-26459
+ RESERVED
+CVE-2020-26458
+ RESERVED
+CVE-2020-26457
+ RESERVED
+CVE-2020-26456
+ RESERVED
+CVE-2020-26455
+ RESERVED
+CVE-2020-26454
+ RESERVED
+CVE-2020-26453
+ RESERVED
+CVE-2020-26452
+ RESERVED
+CVE-2020-26451
+ RESERVED
+CVE-2020-26450
+ RESERVED
+CVE-2020-26449
+ RESERVED
+CVE-2020-26448
+ RESERVED
+CVE-2020-26447
+ RESERVED
+CVE-2020-26446
+ RESERVED
+CVE-2020-26445
+ RESERVED
+CVE-2020-26444
+ RESERVED
+CVE-2020-26443
+ RESERVED
+CVE-2020-26442
+ RESERVED
+CVE-2020-26441
+ RESERVED
+CVE-2020-26440
+ RESERVED
+CVE-2020-26439
+ RESERVED
+CVE-2020-26438
+ RESERVED
+CVE-2020-26437
+ RESERVED
+CVE-2020-26436
+ RESERVED
+CVE-2020-26435
+ RESERVED
+CVE-2020-26434
+ RESERVED
+CVE-2020-26433
+ RESERVED
+CVE-2020-26432
+ RESERVED
+CVE-2020-26431
+ RESERVED
+CVE-2020-26430
+ RESERVED
+CVE-2020-26429
+ RESERVED
+CVE-2020-26428
+ RESERVED
+CVE-2020-26427
+ RESERVED
+CVE-2020-26426
+ RESERVED
+CVE-2020-26425
+ RESERVED
+CVE-2020-26424
+ RESERVED
+CVE-2020-26423
+ RESERVED
+CVE-2020-26422
+ RESERVED
+CVE-2020-26421
+ RESERVED
+CVE-2020-26420
+ RESERVED
+CVE-2020-26419
+ RESERVED
+CVE-2020-26418
+ RESERVED
+CVE-2020-26417
+ RESERVED
+CVE-2020-26416
+ RESERVED
+CVE-2020-26415
+ RESERVED
+CVE-2020-26414
+ RESERVED
+CVE-2020-26413
+ RESERVED
+CVE-2020-26412
+ RESERVED
+CVE-2020-26411
+ RESERVED
+CVE-2020-26410
+ RESERVED
+CVE-2020-26409
+ RESERVED
+CVE-2020-26408
+ RESERVED
+CVE-2020-26407
+ RESERVED
+CVE-2020-26406
+ RESERVED
+CVE-2020-26405
+ RESERVED
+CVE-2020-26404
+ RESERVED
+CVE-2020-26403
+ RESERVED
+CVE-2020-26402
+ RESERVED
+CVE-2020-26401
+ RESERVED
+CVE-2020-26400
+ RESERVED
+CVE-2020-26399
+ RESERVED
+CVE-2020-26398
+ RESERVED
+CVE-2020-26397
+ RESERVED
+CVE-2020-26396
+ RESERVED
+CVE-2020-26395
+ RESERVED
+CVE-2020-26394
+ RESERVED
+CVE-2020-26393
+ RESERVED
+CVE-2020-26392
+ RESERVED
+CVE-2020-26391
+ RESERVED
+CVE-2020-26390
+ RESERVED
+CVE-2020-26389
+ RESERVED
+CVE-2020-26388
+ RESERVED
+CVE-2020-26387
+ RESERVED
+CVE-2020-26386
+ RESERVED
+CVE-2020-26385
+ RESERVED
+CVE-2020-26384
+ RESERVED
+CVE-2020-26383
+ RESERVED
+CVE-2020-26382
+ RESERVED
+CVE-2020-26381
+ RESERVED
+CVE-2020-26380
+ RESERVED
+CVE-2020-26379
+ RESERVED
+CVE-2020-26378
+ RESERVED
+CVE-2020-26377
+ RESERVED
+CVE-2020-26376
+ RESERVED
+CVE-2020-26375
+ RESERVED
+CVE-2020-26374
+ RESERVED
+CVE-2020-26373
+ RESERVED
+CVE-2020-26372
+ RESERVED
+CVE-2020-26371
+ RESERVED
+CVE-2020-26370
+ RESERVED
+CVE-2020-26369
+ RESERVED
+CVE-2020-26368
+ RESERVED
+CVE-2020-26367
+ RESERVED
+CVE-2020-26366
+ RESERVED
+CVE-2020-26365
+ RESERVED
+CVE-2020-26364
+ RESERVED
+CVE-2020-26363
+ RESERVED
+CVE-2020-26362
+ RESERVED
+CVE-2020-26361
+ RESERVED
+CVE-2020-26360
+ RESERVED
+CVE-2020-26359
+ RESERVED
+CVE-2020-26358
+ RESERVED
+CVE-2020-26357
+ RESERVED
+CVE-2020-26356
+ RESERVED
+CVE-2020-26355
+ RESERVED
+CVE-2020-26354
+ RESERVED
+CVE-2020-26353
+ RESERVED
+CVE-2020-26352
+ RESERVED
+CVE-2020-26351
+ RESERVED
+CVE-2020-26350
+ RESERVED
+CVE-2020-26349
+ RESERVED
+CVE-2020-26348
+ RESERVED
+CVE-2020-26347
+ RESERVED
+CVE-2020-26346
+ RESERVED
+CVE-2020-26345
+ RESERVED
+CVE-2020-26344
+ RESERVED
+CVE-2020-26343
+ RESERVED
+CVE-2020-26342
+ RESERVED
+CVE-2020-26341
+ RESERVED
+CVE-2020-26340
+ RESERVED
+CVE-2020-26339
+ RESERVED
+CVE-2020-26338
+ RESERVED
+CVE-2020-26337
+ RESERVED
+CVE-2020-26336
+ RESERVED
+CVE-2020-26335
+ RESERVED
+CVE-2020-26334
+ RESERVED
+CVE-2020-26333
+ RESERVED
+CVE-2020-26332
+ RESERVED
+CVE-2020-26331
+ RESERVED
+CVE-2020-26330
+ RESERVED
+CVE-2020-26329
+ RESERVED
+CVE-2020-26328
+ RESERVED
+CVE-2020-26327
+ RESERVED
+CVE-2020-26326
+ RESERVED
+CVE-2020-26325
+ RESERVED
+CVE-2020-26324
+ RESERVED
+CVE-2020-26323
+ RESERVED
+CVE-2020-26322
+ RESERVED
+CVE-2020-26321
+ RESERVED
+CVE-2020-26320
+ RESERVED
+CVE-2020-26319
+ RESERVED
+CVE-2020-26318
+ RESERVED
+CVE-2020-26317
+ RESERVED
+CVE-2020-26316
+ RESERVED
+CVE-2020-26315
+ RESERVED
+CVE-2020-26314
+ RESERVED
+CVE-2020-26313
+ RESERVED
+CVE-2020-26312
+ RESERVED
+CVE-2020-26311
+ RESERVED
+CVE-2020-26310
+ RESERVED
+CVE-2020-26309
+ RESERVED
+CVE-2020-26308
+ RESERVED
+CVE-2020-26307
+ RESERVED
+CVE-2020-26306
+ RESERVED
+CVE-2020-26305
+ RESERVED
+CVE-2020-26304
+ RESERVED
+CVE-2020-26303
+ RESERVED
+CVE-2020-26302
+ RESERVED
+CVE-2020-26301
+ RESERVED
+CVE-2020-26300
+ RESERVED
+CVE-2020-26299
+ RESERVED
+CVE-2020-26298
+ RESERVED
+CVE-2020-26297
+ RESERVED
+CVE-2020-26296
+ RESERVED
+CVE-2020-26295
+ RESERVED
+CVE-2020-26294
+ RESERVED
+CVE-2020-26293
+ RESERVED
+CVE-2020-26292
+ RESERVED
+CVE-2020-26291
+ RESERVED
+CVE-2020-26290
+ RESERVED
+CVE-2020-26289
+ RESERVED
+CVE-2020-26288
+ RESERVED
+CVE-2020-26287
+ RESERVED
+CVE-2020-26286
+ RESERVED
+CVE-2020-26285
+ RESERVED
+CVE-2020-26284
+ RESERVED
+CVE-2020-26283
+ RESERVED
+CVE-2020-26282
+ RESERVED
+CVE-2020-26281
+ RESERVED
+CVE-2020-26280
+ RESERVED
+CVE-2020-26279
+ RESERVED
+CVE-2020-26278
+ RESERVED
+CVE-2020-26277
+ RESERVED
+CVE-2020-26276
+ RESERVED
+CVE-2020-26275
+ RESERVED
+CVE-2020-26274
+ RESERVED
+CVE-2020-26273
+ RESERVED
+CVE-2020-26272
+ RESERVED
+CVE-2020-26271
+ RESERVED
+CVE-2020-26270
+ RESERVED
+CVE-2020-26269
+ RESERVED
+CVE-2020-26268
+ RESERVED
+CVE-2020-26267
+ RESERVED
+CVE-2020-26266
+ RESERVED
+CVE-2020-26265
+ RESERVED
+CVE-2020-26264
+ RESERVED
+CVE-2020-26263
+ RESERVED
+CVE-2020-26262
+ RESERVED
+CVE-2020-26261
+ RESERVED
+CVE-2020-26260
+ RESERVED
+CVE-2020-26259
+ RESERVED
+CVE-2020-26258
+ RESERVED
+CVE-2020-26257
+ RESERVED
+CVE-2020-26256
+ RESERVED
+CVE-2020-26255
+ RESERVED
+CVE-2020-26254
+ RESERVED
+CVE-2020-26253
+ RESERVED
+CVE-2020-26252
+ RESERVED
+CVE-2020-26251
+ RESERVED
+CVE-2020-26250
+ RESERVED
+CVE-2020-26249
+ RESERVED
+CVE-2020-26248
+ RESERVED
+CVE-2020-26247
+ RESERVED
+CVE-2020-26246
+ RESERVED
+CVE-2020-26245
+ RESERVED
+CVE-2020-26244
+ RESERVED
+CVE-2020-26243
+ RESERVED
+CVE-2020-26242
+ RESERVED
+CVE-2020-26241
+ RESERVED
+CVE-2020-26240
+ RESERVED
+CVE-2020-26239
+ RESERVED
+CVE-2020-26238
+ RESERVED
+CVE-2020-26237
+ RESERVED
+CVE-2020-26236
+ RESERVED
+CVE-2020-26235
+ RESERVED
+CVE-2020-26234
+ RESERVED
+CVE-2020-26233
+ RESERVED
+CVE-2020-26232
+ RESERVED
+CVE-2020-26231
+ RESERVED
+CVE-2020-26230
+ RESERVED
+CVE-2020-26229
+ RESERVED
+CVE-2020-26228
+ RESERVED
+CVE-2020-26227
+ RESERVED
+CVE-2020-26226
+ RESERVED
+CVE-2020-26225
+ RESERVED
+CVE-2020-26224
+ RESERVED
+CVE-2020-26223
+ RESERVED
+CVE-2020-26222
+ RESERVED
+CVE-2020-26221
+ RESERVED
+CVE-2020-26220
+ RESERVED
+CVE-2020-26219
+ RESERVED
+CVE-2020-26218
+ RESERVED
+CVE-2020-26217
+ RESERVED
+CVE-2020-26216
+ RESERVED
+CVE-2020-26215
+ RESERVED
+CVE-2020-26214
+ RESERVED
+CVE-2020-26213
+ RESERVED
+CVE-2020-26212
+ RESERVED
+CVE-2020-26211
+ RESERVED
+CVE-2020-26210
+ RESERVED
+CVE-2020-26209
+ RESERVED
+CVE-2020-26208
+ RESERVED
+CVE-2020-26207
+ RESERVED
+CVE-2020-26206
+ RESERVED
+CVE-2020-26205
+ RESERVED
CVE-2020-26204
RESERVED
CVE-2020-26203
@@ -475,8 +1087,8 @@ CVE-2020-25992
RESERVED
CVE-2020-25991
RESERVED
-CVE-2020-25990
- RESERVED
+CVE-2020-25990 (WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' ...)
+ TODO: check
CVE-2020-25989
RESERVED
CVE-2020-25988
@@ -1344,6 +1956,7 @@ CVE-2014-10402 (An issue was discovered in the DBI module through 1.643 for Perl
NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=99508#txn-1911590
CVE-2020-25613 [Potential HTTP Request Smuggling Vulnerability in WEBrick]
RESERVED
+ {DLA-2392-1 DLA-2391-1}
- ruby2.7 2.7.1-4
- ruby2.5 <removed>
- ruby2.3 <removed>
@@ -2263,8 +2876,8 @@ CVE-2020-25202
RESERVED
CVE-2020-25201
RESERVED
-CVE-2020-25200
- RESERVED
+CVE-2020-25200 (Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames ...)
+ TODO: check
CVE-2019-20916 (The pip package before 19.2 for Python allows Directory Traversal when ...)
{DLA-2370-1}
- python-pip 20.0.2-1
@@ -2656,11 +3269,9 @@ CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttPro
NOT-FOR-US: MPXJ
CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...)
NOT-FOR-US: jitsi-meet-electron
-CVE-2020-25018
- RESERVED
+CVE-2020-25018 (Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
-CVE-2020-25017
- RESERVED
+CVE-2020-25017 (Envoy through 1.15.0 only considers the first value when multiple head ...)
NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651)
CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...)
NOT-FOR-US: Genexis Platinum 4410 V2-1.28
@@ -3004,10 +3615,10 @@ CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20
[buster] - rust-rgb <no-dsa> (Minor issue)
NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0029.html
NOTE: https://github.com/kornelski/rust-rgb/issues/35
-CVE-2020-24861
- RESERVED
-CVE-2020-24860
- RESERVED
+CVE-2020-24861 (GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings p ...)
+ TODO: check
+CVE-2020-24860 (CMS Made Simple 2.2.14 allows an authenticated user with access to the ...)
+ TODO: check
CVE-2020-24859
RESERVED
CVE-2020-24858
@@ -3514,8 +4125,8 @@ CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exp
NOT-FOR-US: Sonatype
CVE-2020-24621 (A remote code execution (RCE) vulnerability was discovered in the html ...)
NOT-FOR-US: OpenMRS
-CVE-2020-24620
- RESERVED
+CVE-2020-24620 (Unisys Stealth(core) before 4.0.132 stores Passwords in a Recoverable ...)
+ TODO: check
CVE-2020-24619 (In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuse ...)
NOT-FOR-US: Shotcut
CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020. ...)
@@ -4093,6 +4704,7 @@ CVE-2016-11085 (php/qmn_options_questions_tab.php in the quiz-master-next plugin
CVE-2020-24362
RESERVED
CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...)
+ {DLA-2393-1}
- snmptt 1.4.2-1
NOTE: https://sourceforge.net/p/snmptt/git/ci/f6aef5223bc9ed8126268a273ac9f5c341af835a
CVE-2020-24360
@@ -19221,8 +19833,7 @@ CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite re
NOTE: https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo
NOTE: https://github.com/golang/go/issues/40618
NOTE: Fixed in 1.15~rc2, 1.14.7, 1.13.15
-CVE-2020-16844
- RESERVED
+CVE-2020-16844 (In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users ...)
NOT-FOR-US: Istio
CVE-2020-16843 (In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the netw ...)
NOT-FOR-US: Firecracker
@@ -21877,8 +22488,7 @@ CVE-2020-15680
RESERVED
CVE-2020-15679
RESERVED
-CVE-2020-15678
- RESERVED
+CVE-2020-15678 (When recursing through graphical layers while scrolling, an iterator m ...)
{DSA-4768-1 DLA-2387-1}
- firefox 81.0-1
- firefox-esr 78.3.0esr-1
@@ -21886,8 +22496,7 @@ CVE-2020-15678
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15678
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15678
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15678
-CVE-2020-15677
- RESERVED
+CVE-2020-15677 (By exploiting an Open Redirect vulnerability on a website, an attacker ...)
{DSA-4768-1 DLA-2387-1}
- firefox 81.0-1
- firefox-esr 78.3.0esr-1
@@ -21895,8 +22504,7 @@ CVE-2020-15677
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15677
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15677
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15677
-CVE-2020-15676
- RESERVED
+CVE-2020-15676 (Firefox sometimes ran the onload handler for SVG elements that the DOM ...)
{DSA-4768-1 DLA-2387-1}
- firefox 81.0-1
- firefox-esr 78.3.0esr-1
@@ -21904,16 +22512,13 @@ CVE-2020-15676
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15676
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15676
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15676
-CVE-2020-15675
- RESERVED
+CVE-2020-15675 (When processing surfaces, the lifetime may outlive a persistent buffer ...)
- firefox 81.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15675
-CVE-2020-15674
- RESERVED
+CVE-2020-15674 (Mozilla developers reported memory safety bugs present in Firefox 80. ...)
- firefox 81.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15674
-CVE-2020-15673
- RESERVED
+CVE-2020-15673 (Mozilla developers reported memory safety bugs present in Firefox 80 a ...)
{DSA-4768-1 DLA-2387-1}
- firefox 81.0-1
- firefox-esr 78.3.0esr-1
@@ -21923,37 +22528,30 @@ CVE-2020-15673
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15673
CVE-2020-15672
RESERVED
-CVE-2020-15671
- RESERVED
-CVE-2020-15670
- RESERVED
+CVE-2020-15671 (When typing in a password under certain conditions, a race may have oc ...)
+ TODO: check
+CVE-2020-15670 (Mozilla developers reported memory safety bugs present in Firefox for ...)
- firefox 80.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670
-CVE-2020-15669
- RESERVED
+CVE-2020-15669 (When aborting an operation, such as a fetch, an abort signal may be de ...)
{DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1}
- firefox-esr 68.12.0esr-1
- thunderbird 1:68.12.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15669
-CVE-2020-15668
- RESERVED
+CVE-2020-15668 (A lock was missing when accessing a data structure and importing certi ...)
- firefox 80.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15668
-CVE-2020-15667
- RESERVED
+CVE-2020-15667 (When processing a MAR update file, after the signature has been valida ...)
- firefox 80.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15667
-CVE-2020-15666
- RESERVED
+CVE-2020-15666 (When trying to load a non-video in an audio/video context the exact st ...)
- firefox 80.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15666
-CVE-2020-15665
- RESERVED
+CVE-2020-15665 (Firefox did not reset the address bar after the beforeunload dialog wa ...)
- firefox 80.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665
-CVE-2020-15664
- RESERVED
+CVE-2020-15664 (By holding a reference to the eval() function from an about:blank wind ...)
{DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1}
- firefox 80.0-1
- firefox-esr 68.12.0esr-1
@@ -21961,8 +22559,7 @@ CVE-2020-15664
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15664
-CVE-2020-15663
- RESERVED
+CVE-2020-15663 (If Firefox is installed to a user-writable directory, the Mozilla Main ...)
- firefox <not-affected> (Only affects Windows)
- firefox-esr <not-affected> (Only affects Windows)
- thunderbird <not-affected> (Only affects Windows)
@@ -22340,8 +22937,8 @@ CVE-2020-15535 (An issue was discovered in the bestsoftinc Car Rental System plu
NOT-FOR-US: bestsoftinc Car Rental System plugin for WordPress
CVE-2020-15534
RESERVED
-CVE-2020-15533
- RESERVED
+CVE-2020-15533 (In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 1468 ...)
+ TODO: check
CVE-2019-20895
RESERVED
CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...)
@@ -23044,10 +23641,10 @@ CVE-2020-15230
RESERVED
CVE-2020-15229
RESERVED
-CVE-2020-15228
- RESERVED
-CVE-2020-15227
- RESERVED
+CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` and ` ...)
+ TODO: check
+CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...)
+ TODO: check
CVE-2020-15226
RESERVED
CVE-2020-15225
@@ -42777,8 +43374,8 @@ CVE-2020-8111
RESERVED
CVE-2020-8110
RESERVED
-CVE-2020-8109
- RESERVED
+CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that results ...)
+ TODO: check
CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...)
NOT-FOR-US: Bitdefender
CVE-2020-8107
@@ -51751,8 +52348,8 @@ CVE-2020-4578 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulner
NOT-FOR-US: IBM
CVE-2020-4577
RESERVED
-CVE-2020-4576
- RESERVED
+CVE-2020-4576 (IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional co ...)
+ TODO: check
CVE-2020-4575 (IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Vir ...)
NOT-FOR-US: IBM
CVE-2020-4574 (IBM Tivoli Key Lifecycle Manager does not require that users should ha ...)
@@ -59972,8 +60569,8 @@ CVE-2020-1765 (An improper control of parameters allows the spoofing of the from
NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5)
CVE-2019-19394 (Northern.tech CFEngine Enterprise before 3.10.7, 3.11.x and 3.12.x bef ...)
NOT-FOR-US: CFEngine Enterprise
-CVE-2019-19393
- RESERVED
+CVE-2019-19393 (The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to ...)
+ TODO: check
CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...)
NOT-FOR-US: forDNN.UsersExportImport module for DNN
CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...)
@@ -61448,7 +62045,7 @@ CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9
CVE-2019-18979 (Adaware antivirus 12.6.1005.11662 and 12.7.1055.0 has a quarantine fla ...)
NOT-FOR-US: Adaware
CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...)
- {DLA-2096-1}
+ {DLA-2389-1 DLA-2096-1}
- ruby-rack-cors 1.1.1-1 (bug #944849)
NOTE: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4
@@ -61786,6 +62383,7 @@ CVE-2019-18849 (In tnef before 1.4.18, an attacker may be able to write to the v
[stretch] - tnef <no-dsa> (Minor issue; can be fixed via point release)
NOTE: https://github.com/verdammelt/tnef/pull/40
CVE-2019-18848 (The json-jwt gem before 1.11.0 for Ruby lacks an element count during ...)
+ {DLA-2390-1}
- ruby-json-jwt 1.11.0-1 (bug #944850)
NOTE: https://github.com/nov/json-jwt/commit/ada16e772906efdd035e3df49cb2ae372f0f948a
CVE-2019-18847 (Enterprise Access Client Auto-Updater allows for Remote Code Execution ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bea31b079e4556884274f59059dd862579a12199
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bea31b079e4556884274f59059dd862579a12199
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201001/de770ee7/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list