[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Sat Oct 17 09:10:29 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
76d95499 by security tracker role at 2020-10-17T08:10:22+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,4 +1,10 @@
-CVE-2020-27194 [bpf: Fix scalar32_min_max_or bounds tracking]
+CVE-2020-27193
+ RESERVED
+CVE-2020-27192
+ RESERVED
+CVE-2020-27191
+ RESERVED
+CVE-2020-27194 (An issue was discovered in the Linux kernel before 5.8.15. scalar32_mi ...)
- linux <unfixed>
[buster] - linux <not-affected> (Vulnerable code not present)
[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -4289,8 +4295,8 @@ CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XS
NOT-FOR-US: yWorks yEd Desktop
CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...)
NOT-FOR-US: yWorks yEd Desktop
-CVE-2020-25214
- RESERVED
+CVE-2020-25214 (In the client in Overwolf 0.149.2.30, a channel can be accessed or inf ...)
+ TODO: check
CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...)
NOT-FOR-US: File Manager (wp-file-manager) plugin for WordPress
CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...)
@@ -4954,7 +4960,7 @@ CVE-2020-24918
CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxA ...)
NOT-FOR-US: osTicket
CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulner ...)
- {DLA-2384-1}
+ {DSA-4773-1 DLA-2384-1}
- yaws 2.0.8+dfsg-1
NOTE: https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1
NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection
@@ -6111,7 +6117,7 @@ CVE-2020-24381 (** DISPUTED ** GUnet Open eClass Platform (aka openeclass) throu
CVE-2020-24380
RESERVED
CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vul ...)
- {DLA-2384-1}
+ {DSA-4773-1 DLA-2384-1}
- yaws 2.0.8+dfsg-1
NOTE: https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c
NOTE: https://github.com/vulnbe/poc-yaws-dav-xxe
@@ -20934,10 +20940,10 @@ CVE-2020-17025
RESERVED
CVE-2020-17024
RESERVED
-CVE-2020-17023
- RESERVED
-CVE-2020-17022
- RESERVED
+CVE-2020-17023 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
+ TODO: check
+CVE-2020-17022 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ TODO: check
CVE-2020-17021
RESERVED
CVE-2020-17020
@@ -20974,8 +20980,8 @@ CVE-2020-17005
RESERVED
CVE-2020-17004
RESERVED
-CVE-2020-17003
- RESERVED
+CVE-2020-17003 (A remote code execution vulnerability exists when the Base3D rendering ...)
+ TODO: check
CVE-2020-17002
RESERVED
CVE-2020-17001
@@ -20990,8 +20996,8 @@ CVE-2020-16997
RESERVED
CVE-2020-16996
RESERVED
-CVE-2020-16995
- RESERVED
+CVE-2020-16995 (An elevation of privilege vulnerability exists in Network Watcher Agen ...)
+ TODO: check
CVE-2020-16994
RESERVED
CVE-2020-16993
@@ -21020,34 +21026,34 @@ CVE-2020-16982
RESERVED
CVE-2020-16981
RESERVED
-CVE-2020-16980
- RESERVED
+CVE-2020-16980 (An elevation of privilege vulnerability exists when the Windows iSCSI ...)
+ TODO: check
CVE-2020-16979
RESERVED
-CVE-2020-16978
- RESERVED
-CVE-2020-16977
- RESERVED
-CVE-2020-16976
- RESERVED
-CVE-2020-16975
- RESERVED
-CVE-2020-16974
- RESERVED
-CVE-2020-16973
- RESERVED
-CVE-2020-16972
- RESERVED
+CVE-2020-16978 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ TODO: check
+CVE-2020-16977 (A remote code execution vulnerability exists in Visual Studio Code whe ...)
+ TODO: check
+CVE-2020-16976 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-16975 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-16974 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-16973 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-16972 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
CVE-2020-16971
RESERVED
CVE-2020-16970
RESERVED
-CVE-2020-16969
- RESERVED
-CVE-2020-16968
- RESERVED
-CVE-2020-16967
- RESERVED
+CVE-2020-16969 (An information disclosure vulnerability exists in how Microsoft Exchan ...)
+ TODO: check
+CVE-2020-16968 (A remote code execution vulnerability exists when the Windows Camera C ...)
+ TODO: check
+CVE-2020-16967 (A remote code execution vulnerability exists when the Windows Camera C ...)
+ TODO: check
CVE-2020-16966
RESERVED
CVE-2020-16965
@@ -21066,152 +21072,152 @@ CVE-2020-16959
RESERVED
CVE-2020-16958
RESERVED
-CVE-2020-16957
- RESERVED
-CVE-2020-16956
- RESERVED
-CVE-2020-16955
- RESERVED
-CVE-2020-16954
- RESERVED
-CVE-2020-16953
- RESERVED
-CVE-2020-16952
- RESERVED
-CVE-2020-16951
- RESERVED
-CVE-2020-16950
- RESERVED
-CVE-2020-16949
- RESERVED
-CVE-2020-16948
- RESERVED
-CVE-2020-16947
- RESERVED
-CVE-2020-16946
- RESERVED
-CVE-2020-16945
- RESERVED
-CVE-2020-16944
- RESERVED
-CVE-2020-16943
- RESERVED
-CVE-2020-16942
- RESERVED
-CVE-2020-16941
- RESERVED
-CVE-2020-16940
- RESERVED
-CVE-2020-16939
- RESERVED
-CVE-2020-16938
- RESERVED
-CVE-2020-16937
- RESERVED
-CVE-2020-16936
- RESERVED
-CVE-2020-16935
- RESERVED
-CVE-2020-16934
- RESERVED
-CVE-2020-16933
- RESERVED
-CVE-2020-16932
- RESERVED
-CVE-2020-16931
- RESERVED
-CVE-2020-16930
- RESERVED
-CVE-2020-16929
- RESERVED
-CVE-2020-16928
- RESERVED
-CVE-2020-16927
- RESERVED
+CVE-2020-16957 (A remote code execution vulnerability exists when the Microsoft Office ...)
+ TODO: check
+CVE-2020-16956 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
+ TODO: check
+CVE-2020-16955 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ TODO: check
+CVE-2020-16954 (A remote code execution vulnerability exists in Microsoft Office softw ...)
+ TODO: check
+CVE-2020-16953 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ TODO: check
+CVE-2020-16952 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ TODO: check
+CVE-2020-16951 (A remote code execution vulnerability exists in Microsoft SharePoint w ...)
+ TODO: check
+CVE-2020-16950 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ TODO: check
+CVE-2020-16949 (A denial of service vulnerability exists in Microsoft Outlook software ...)
+ TODO: check
+CVE-2020-16948 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ TODO: check
+CVE-2020-16947 (A remote code execution vulnerability exists in Microsoft Outlook soft ...)
+ TODO: check
+CVE-2020-16946 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ TODO: check
+CVE-2020-16945 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...)
+ TODO: check
+CVE-2020-16944 (This vulnerability is caused when SharePoint Server does not properly ...)
+ TODO: check
+CVE-2020-16943 (An elevation of privilege vulnerability exists in Microsoft Dynamics 3 ...)
+ TODO: check
+CVE-2020-16942 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ TODO: check
+CVE-2020-16941 (An information disclosure vulnerability exists when Microsoft SharePoi ...)
+ TODO: check
+CVE-2020-16940 (An elevation of privilege vulnerability exists when the Windows User P ...)
+ TODO: check
+CVE-2020-16939 (An elevation of privilege vulnerability exists when Group Policy impro ...)
+ TODO: check
+CVE-2020-16938 (An information disclosure vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2020-16937 (An information disclosure vulnerability exists when the .NET Framework ...)
+ TODO: check
+CVE-2020-16936 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-16935 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ TODO: check
+CVE-2020-16934 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ TODO: check
+CVE-2020-16933 (A security feature bypass vulnerability exists in Microsoft Word softw ...)
+ TODO: check
+CVE-2020-16932 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2020-16931 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2020-16930 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2020-16929 (A remote code execution vulnerability exists in Microsoft Excel softwa ...)
+ TODO: check
+CVE-2020-16928 (An elevation of privilege vulnerability exists in the way that Microso ...)
+ TODO: check
+CVE-2020-16927 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...)
+ TODO: check
CVE-2020-16926
RESERVED
CVE-2020-16925
RESERVED
-CVE-2020-16924
- RESERVED
-CVE-2020-16923
- RESERVED
-CVE-2020-16922
- RESERVED
-CVE-2020-16921
- RESERVED
-CVE-2020-16920
- RESERVED
-CVE-2020-16919
- RESERVED
-CVE-2020-16918
- RESERVED
+CVE-2020-16924 (A remote code execution vulnerability exists when the Windows Jet Data ...)
+ TODO: check
+CVE-2020-16923 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ TODO: check
+CVE-2020-16922 (A spoofing vulnerability exists when Windows incorrectly validates fil ...)
+ TODO: check
+CVE-2020-16921 (An information disclosure vulnerability exists in Text Services Framew ...)
+ TODO: check
+CVE-2020-16920 (An elevation of privilege vulnerability exists when the Windows Applic ...)
+ TODO: check
+CVE-2020-16919 (An information disclosure vulnerability exists when the Windows Enterp ...)
+ TODO: check
+CVE-2020-16918 (A remote code execution vulnerability exists when the Base3D rendering ...)
+ TODO: check
CVE-2020-16917
RESERVED
-CVE-2020-16916
- RESERVED
-CVE-2020-16915
- RESERVED
-CVE-2020-16914
- RESERVED
-CVE-2020-16913
- RESERVED
-CVE-2020-16912
- RESERVED
-CVE-2020-16911
- RESERVED
-CVE-2020-16910
- RESERVED
-CVE-2020-16909
- RESERVED
-CVE-2020-16908
- RESERVED
-CVE-2020-16907
- RESERVED
+CVE-2020-16916 (An elevation of privilege vulnerability exists when Windows improperly ...)
+ TODO: check
+CVE-2020-16915 (A memory corruption vulnerability exists when Windows Media Foundation ...)
+ TODO: check
+CVE-2020-16914 (An information disclosure vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-16913 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
+CVE-2020-16912 (An elevation of privilege vulnerability exists when the Windows Backup ...)
+ TODO: check
+CVE-2020-16911 (A remote code execution vulnerability exists in the way that the Windo ...)
+ TODO: check
+CVE-2020-16910 (A security feature bypass vulnerability exists when Microsoft Windows ...)
+ TODO: check
+CVE-2020-16909 (An elevation of privilege vulnerability exists in Windows Error Report ...)
+ TODO: check
+CVE-2020-16908 (An elevation of privilege vulnerability exists in Windows Setup in the ...)
+ TODO: check
+CVE-2020-16907 (An elevation of privilege vulnerability exists in Windows when the Win ...)
+ TODO: check
CVE-2020-16906
RESERVED
-CVE-2020-16905
- RESERVED
-CVE-2020-16904
- RESERVED
+CVE-2020-16905 (An elevation of privilege vulnerability exists in Windows Error Report ...)
+ TODO: check
+CVE-2020-16904 (An elevation of privilege vulnerability exists in the way Azure Functi ...)
+ TODO: check
CVE-2020-16903
RESERVED
-CVE-2020-16902
- RESERVED
-CVE-2020-16901
- RESERVED
-CVE-2020-16900
- RESERVED
-CVE-2020-16899
- RESERVED
-CVE-2020-16898
- RESERVED
-CVE-2020-16897
- RESERVED
-CVE-2020-16896
- RESERVED
-CVE-2020-16895
- RESERVED
-CVE-2020-16894
- RESERVED
+CVE-2020-16902 (An elevation of privilege vulnerability exists in the Windows Installe ...)
+ TODO: check
+CVE-2020-16901 (An information disclosure vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2020-16900 (An elevation of privilege vulnerability exists when the Windows Event ...)
+ TODO: check
+CVE-2020-16899 (A denial of service vulnerability exists when the Windows TCP/IP stack ...)
+ TODO: check
+CVE-2020-16898 (A remote code execution vulnerability exists when the Windows TCP/IP s ...)
+ TODO: check
+CVE-2020-16897 (An information disclosure vulnerability exists when NetBIOS over TCP ( ...)
+ TODO: check
+CVE-2020-16896 (An information disclosure vulnerability exists in Remote Desktop Proto ...)
+ TODO: check
+CVE-2020-16895 (An elevation of privilege vulnerability exists when Windows Error Repo ...)
+ TODO: check
+CVE-2020-16894 (A remote code execution vulnerability exists when Windows Network Addr ...)
+ TODO: check
CVE-2020-16893
RESERVED
-CVE-2020-16892
- RESERVED
-CVE-2020-16891
- RESERVED
-CVE-2020-16890
- RESERVED
-CVE-2020-16889
- RESERVED
+CVE-2020-16892 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-16891 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
+ TODO: check
+CVE-2020-16890 (An elevation of privilege vulnerability exists when the Windows kernel ...)
+ TODO: check
+CVE-2020-16889 (An information disclosure vulnerability exists when the Windows Kernel ...)
+ TODO: check
CVE-2020-16888
RESERVED
-CVE-2020-16887
- RESERVED
-CVE-2020-16886
- RESERVED
-CVE-2020-16885
- RESERVED
+CVE-2020-16887 (An elevation of privilege vulnerability exists in the way that the Win ...)
+ TODO: check
+CVE-2020-16886 (A security feature bypass vulnerability exists in the PowerShellGet V2 ...)
+ TODO: check
+CVE-2020-16885 (An elevation of privilege vulnerability exists when the Windows Storag ...)
+ TODO: check
CVE-2020-16884 (A remote code execution vulnerability exists in the way that the IEToE ...)
NOT-FOR-US: IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer
CVE-2020-16883
@@ -21226,10 +21232,10 @@ CVE-2020-16879 (An information disclosure vulnerability exists when a Windows Pr
NOT-FOR-US: Microsoft
CVE-2020-16878 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
NOT-FOR-US: Microsoft
-CVE-2020-16877
- RESERVED
-CVE-2020-16876
- RESERVED
+CVE-2020-16877 (An elevation of privilege vulnerability exists when Microsoft Windows ...)
+ TODO: check
+CVE-2020-16876 (An elevation of privilege vulnerability exists when the Windows Applic ...)
+ TODO: check
CVE-2020-16875 (A remote code execution vulnerability exists in Microsoft Exchange ser ...)
NOT-FOR-US: Microsoft
CVE-2020-16874 (A remote code execution vulnerability exists in Visual Studio when it ...)
@@ -21254,8 +21260,8 @@ CVE-2020-16865
RESERVED
CVE-2020-16864 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
NOT-FOR-US: Microsoft
-CVE-2020-16863
- RESERVED
+CVE-2020-16863 (A denial of service vulnerability exists in Windows Remote Desktop Ser ...)
+ TODO: check
CVE-2020-16862 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...)
NOT-FOR-US: Microsoft
CVE-2020-16861 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...)
@@ -24021,7 +24027,7 @@ CVE-2020-15680
CVE-2020-15679
RESERVED
CVE-2020-15678 (When recursing through graphical layers while scrolling, an iterator m ...)
- {DSA-4770-1 DSA-4768-1 DLA-2387-1}
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
- firefox 81.0-1
- firefox-esr 78.3.0esr-1
- thunderbird 1:78.3.1-1
@@ -24029,7 +24035,7 @@ CVE-2020-15678 (When recursing through graphical layers while scrolling, an iter
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15678
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15678
CVE-2020-15677 (By exploiting an Open Redirect vulnerability on a website, an attacker ...)
- {DSA-4770-1 DSA-4768-1 DLA-2387-1}
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
- firefox 81.0-1
- firefox-esr 78.3.0esr-1
- thunderbird 1:78.3.1-1
@@ -24037,7 +24043,7 @@ CVE-2020-15677 (By exploiting an Open Redirect vulnerability on a website, an at
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15677
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15677
CVE-2020-15676 (Firefox sometimes ran the onload handler for SVG elements that the DOM ...)
- {DSA-4770-1 DSA-4768-1 DLA-2387-1}
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
- firefox 81.0-1
- firefox-esr 78.3.0esr-1
- thunderbird 1:78.3.1-1
@@ -24051,7 +24057,7 @@ CVE-2020-15674 (Mozilla developers reported memory safety bugs present in Firefo
- firefox 81.0-1
NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15674
CVE-2020-15673 (Mozilla developers reported memory safety bugs present in Firefox 80 a ...)
- {DSA-4770-1 DSA-4768-1 DLA-2387-1}
+ {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1}
- firefox 81.0-1
- firefox-esr 78.3.0esr-1
- thunderbird 1:78.3.1-1
@@ -64297,103 +64303,73 @@ CVE-2019-18786 (In the Linux kernel through 5.3.8, f->fmt.sdr.reserved is uni
NOTE: https://patchwork.linuxtv.org/patch/59542/
CVE-2019-18780 (An arbitrary command injection vulnerability in the Cluster Server com ...)
NOT-FOR-US: Veritas InfoScale
-CVE-2020-1689
- RESERVED
+CVE-2020-1689 (On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series d ...)
NOT-FOR-US: Juniper
-CVE-2020-1688
- RESERVED
+CVE-2020-1688 (On Juniper Networks SRX Series and NFX Series, a local authenticated u ...)
NOT-FOR-US: Juniper
-CVE-2020-1687
- RESERVED
+CVE-2020-1687 (On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series d ...)
NOT-FOR-US: Juniper
-CVE-2020-1686
- RESERVED
+CVE-2020-1686 (On Juniper Networks Junos OS devices, receipt of a malformed IPv6 pack ...)
NOT-FOR-US: Juniper
-CVE-2020-1685
- RESERVED
+CVE-2020-1685 (When configuring stateless firewall filters in Juniper Networks EX4600 ...)
NOT-FOR-US: Juniper
-CVE-2020-1684
- RESERVED
+CVE-2020-1684 (On Juniper Networks SRX Series configured with application identificat ...)
NOT-FOR-US: Juniper
-CVE-2020-1683
- RESERVED
+CVE-2020-1683 (On Juniper Networks Junos OS devices, a specific SNMP OID poll causes ...)
NOT-FOR-US: Juniper
-CVE-2020-1682
- RESERVED
-CVE-2020-1681
- RESERVED
+CVE-2020-1682 (An input validation vulnerability exists in Juniper Networks Junos OS, ...)
+ TODO: check
+CVE-2020-1681 (Receipt of a specifically malformed NDP packet sent from the local are ...)
NOT-FOR-US: Juniper
-CVE-2020-1680
- RESERVED
+CVE-2020-1680 (On Juniper Networks MX Series with MS-MIC or MS-MPC card configured wi ...)
NOT-FOR-US: Juniper
-CVE-2020-1679
- RESERVED
+CVE-2020-1679 (On Juniper Networks PTX and QFX Series devices with packet sampling co ...)
NOT-FOR-US: Juniper
-CVE-2020-1678
- RESERVED
+CVE-2020-1678 (On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN ...)
NOT-FOR-US: Juniper
-CVE-2020-1677
- RESERVED
+CVE-2020-1677 (When SAML authentication is enabled, Juniper Networks Mist Cloud UI mi ...)
NOT-FOR-US: Juniper
-CVE-2020-1676
- RESERVED
+CVE-2020-1676 (When SAML authentication is enabled, Juniper Networks Mist Cloud UI mi ...)
NOT-FOR-US: Juniper
-CVE-2020-1675
- RESERVED
+CVE-2020-1675 (When Security Assertion Markup Language (SAML) authentication is enabl ...)
NOT-FOR-US: Juniper
-CVE-2020-1674
- RESERVED
+CVE-2020-1674 (Juniper Networks Junos OS and Junos OS Evolved fail to drop/discard de ...)
NOT-FOR-US: Juniper
-CVE-2020-1673
- RESERVED
+CVE-2020-1673 (Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks ...)
NOT-FOR-US: Juniper
-CVE-2020-1672
- RESERVED
+CVE-2020-1672 (On Juniper Networks Junos OS devices configured with DHCPv6 relay enab ...)
NOT-FOR-US: Juniper
-CVE-2020-1671
- RESERVED
+CVE-2020-1671 (On Juniper Networks Junos OS platforms configured as DHCPv6 local serv ...)
NOT-FOR-US: Juniper
-CVE-2020-1670
- RESERVED
+CVE-2020-1670 (On Juniper Networks EX4300 Series, receipt of a stream of specific IPv ...)
NOT-FOR-US: Juniper
-CVE-2020-1669
- RESERVED
+CVE-2020-1669 (The Juniper Device Manager (JDM) container, used by the disaggregated ...)
NOT-FOR-US: Juniper
-CVE-2020-1668
- RESERVED
+CVE-2020-1668 (On Juniper Networks EX2300 Series, receipt of a stream of specific mul ...)
NOT-FOR-US: Juniper
-CVE-2020-1667
- RESERVED
+CVE-2020-1667 (When DNS filtering is enabled on Juniper Networks Junos MX Series with ...)
NOT-FOR-US: Juniper
-CVE-2020-1666
- RESERVED
+CVE-2020-1666 (The system console configuration option 'log-out-on-disconnect' In Jun ...)
NOT-FOR-US: Juniper
-CVE-2020-1665
- RESERVED
+CVE-2020-1665 (On Juniper Networks MX Series and EX9200 Series, in a certain conditio ...)
NOT-FOR-US: Juniper
-CVE-2020-1664
- RESERVED
+CVE-2020-1664 (A stack buffer overflow vulnerability in the device control daemon (DC ...)
NOT-FOR-US: Juniper
CVE-2020-1663
RESERVED
-CVE-2020-1662
- RESERVED
+CVE-2020-1662 (On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session ...)
NOT-FOR-US: Juniper
-CVE-2020-1661
- RESERVED
+CVE-2020-1661 (On Juniper Networks Junos OS devices configured as a DHCP forwarder, t ...)
NOT-FOR-US: Juniper
-CVE-2020-1660
- RESERVED
+CVE-2020-1660 (When DNS filtering is enabled on Juniper Networks Junos MX Series with ...)
NOT-FOR-US: Juniper
CVE-2020-1659
RESERVED
CVE-2020-1658
RESERVED
-CVE-2020-1657
- RESERVED
+CVE-2020-1657 (On SRX Series devices, a vulnerability in the key-management-daemon (k ...)
NOT-FOR-US: Juniper
-CVE-2020-1656
- RESERVED
+CVE-2020-1656 (The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd da ...)
NOT-FOR-US: Juniper
CVE-2020-1655 (When a device running Juniper Networks Junos OS with MPC7, MPC8, or MP ...)
NOT-FOR-US: Juniper
@@ -65226,8 +65202,8 @@ CVE-2020-1245 (An elevation of privilege vulnerability exists in Windows when th
NOT-FOR-US: Microsoft
CVE-2020-1244 (A denial of service vulnerability exists when Connected User Experienc ...)
NOT-FOR-US: Microsoft
-CVE-2020-1243
- RESERVED
+CVE-2020-1243 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...)
+ TODO: check
CVE-2020-1242 (An information disclosure vulnerability exists in the way that Microso ...)
NOT-FOR-US: Microsoft
CVE-2020-1241 (A security feature bypass vulnerability exists when Windows Kernel fai ...)
@@ -65378,8 +65354,8 @@ CVE-2020-1169 (An elevation of privilege vulnerability exists when the Windows R
NOT-FOR-US: Microsoft
CVE-2020-1168
RESERVED
-CVE-2020-1167
- RESERVED
+CVE-2020-1167 (A remote code execution vulnerability exists in the way that Microsoft ...)
+ TODO: check
CVE-2020-1166 (An elevation of privilege vulnerability exists when Windows improperly ...)
NOT-FOR-US: Microsoft
CVE-2020-1165 (An elevation of privilege vulnerability exists when Windows improperly ...)
@@ -65552,8 +65528,8 @@ CVE-2020-1082 (An elevation of privilege vulnerability exists in Windows Error R
NOT-FOR-US: Microsoft
CVE-2020-1081 (An elevation of privilege vulnerability exists when the Windows Printe ...)
NOT-FOR-US: Microsoft
-CVE-2020-1080
- RESERVED
+CVE-2020-1080 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...)
+ TODO: check
CVE-2020-1079 (An elevation of privilege vulnerability exists when the Windows fails ...)
NOT-FOR-US: Microsoft
CVE-2020-1078 (An elevation of privilege vulnerability exists in Windows Installer be ...)
@@ -65618,8 +65594,8 @@ CVE-2020-1049 (A cross site scripting vulnerability exists when Microsoft Dynami
NOT-FOR-US: Microsoft
CVE-2020-1048 (An elevation of privilege vulnerability exists when the Windows Print ...)
NOT-FOR-US: Microsoft
-CVE-2020-1047
- RESERVED
+CVE-2020-1047 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...)
+ TODO: check
CVE-2020-1046 (A remote code execution vulnerability exists when Microsoft .NET Frame ...)
NOT-FOR-US: Microsoft
CVE-2020-1045 (A security feature bypass vulnerability exists in the way Microsoft AS ...)
@@ -66184,8 +66160,8 @@ CVE-2020-0766 (An elevation of privilege vulnerability exists when the Microsoft
NOT-FOR-US: Microsoft
CVE-2020-0765 (An information disclosure vulnerability exists in the Remote Desktop C ...)
NOT-FOR-US: Microsoft
-CVE-2020-0764
- RESERVED
+CVE-2020-0764 (An elevation of privilege vulnerability exists when the Windows Storag ...)
+ TODO: check
CVE-2020-0763 (An elevation of privilege vulnerability exists when Windows Defender S ...)
NOT-FOR-US: Microsoft
CVE-2020-0762 (An elevation of privilege vulnerability exists when Windows Defender S ...)
@@ -87755,8 +87731,8 @@ CVE-2019-12307
RESERVED
CVE-2019-12306
RESERVED
-CVE-2019-12305
- RESERVED
+CVE-2019-12305 (In EZCast Pro II, the administrator password md5 hash is provided upon ...)
+ TODO: check
CVE-2019-12304
RESERVED
CVE-2019-12303 (In Rancher 2 through 2.2.3, Project owners can inject additional fluen ...)
@@ -125261,7 +125237,7 @@ CVE-2018-18559 (In the Linux kernel through 4.19, a use-after-free can occur due
NOTE: Fixed by: https://git.kernel.org/linus/15fe076edea787807a7cdc168df832544b58eba6
CVE-2018-18558 (An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 ...)
NOT-FOR-US: Espressif ESP-IDF
-CVE-2018-18557 (LibTIFF 4.0.9 (with JBIG enabled) decodes arbitrarily-sized JBIG into ...)
+CVE-2018-18557 (LibTIFF 3.9.3, 3.9.4, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta ...)
{DSA-4349-1 DLA-1557-1}
- tiff 4.0.9+git181026-1 (bug #911635)
- tiff3 <removed>
@@ -127476,7 +127452,7 @@ CVE-2018-17797 (An issue was discovered in zzcms 8.3. user/zssave.php allows rem
NOT-FOR-US: zzcms
CVE-2018-17796 (An issue was discovered in MRCMS (aka mushroom) through 3.1.2. The Web ...)
NOT-FOR-US: MRCMS
-CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 allows remot ...)
+CVE-2018-17795 (The function t2p_write_pdf in tiff2pdf.c in LibTIFF 4.0.9 and earlier ...)
- tiff 4.0.9-2
[stretch] - tiff 4.0.8-2+deb9u2
[jessie] - tiff 4.0.3-12.3+deb8u5
@@ -158558,7 +158534,7 @@ CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL
- mantis <removed>
[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
NOTE: https://mantisbt.org/bugs/view.php?id=23908
-CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid me ...)
+CVE-2018-6381 (In ZZIPlib 0.13.67, 0.13.66, 0.13.65, 0.13.64 and 0.13.63 there is a s ...)
{DLA-2258-1}
- zziplib 0.13.62-3.2 (bug #889096)
[stretch] - zziplib 0.13.62-3.2~deb9u1
@@ -183750,7 +183726,7 @@ CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_sam
NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
-CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in libmp3 ...)
+CVE-2017-15045 (LAME 3.99.5, 3.98.4, 3.98.2 and 3.98 has a heap-based buffer over-read ...)
- lame 3.99.5+repack1-8
[jessie] - lame 3.99.5+repack1-7+deb8u2
NOTE: https://sourceforge.net/p/lame/bugs/478/
@@ -207873,7 +207849,7 @@ CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of servi
NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608
-CVE-2016-10269 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service (he ...)
+CVE-2016-10269 (LibTIFF 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0beta7, 4.0.0, 4.0. ...)
{DSA-3844-1 DLA-877-1}
- tiff 4.0.7-2
- tiff3 <removed>
@@ -215659,7 +215635,7 @@ CVE-2016-10094 (Off-by-one error in the t2p_readwrite_pdf_image_tile function in
- tiff3 <not-affected> (vulnerable code introduced later)
NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
-CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote atta ...)
+CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 3.9.3, 3.9.4, 3.9. ...)
{DSA-3762-1 DLA-795-1}
- tiff 4.0.7-2
- tiff3 <removed>
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76d95499bfad4d96e12554f317ee497bb691dd4d
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/76d95499bfad4d96e12554f317ee497bb691dd4d
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201017/33980e0e/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list