[Git][security-tracker-team/security-tracker][master] automatic update
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 22 21:10:39 BST 2020
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
5aa391fb by security tracker role at 2020-10-22T20:10:32+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,465 @@
+CVE-2021-0200
+ RESERVED
+CVE-2021-0199
+ RESERVED
+CVE-2021-0198
+ RESERVED
+CVE-2021-0197
+ RESERVED
+CVE-2021-0196
+ RESERVED
+CVE-2021-0195
+ RESERVED
+CVE-2021-0194
+ RESERVED
+CVE-2021-0193
+ RESERVED
+CVE-2021-0192
+ RESERVED
+CVE-2021-0191
+ RESERVED
+CVE-2021-0190
+ RESERVED
+CVE-2021-0189
+ RESERVED
+CVE-2021-0188
+ RESERVED
+CVE-2021-0187
+ RESERVED
+CVE-2021-0186
+ RESERVED
+CVE-2021-0185
+ RESERVED
+CVE-2021-0184
+ RESERVED
+CVE-2021-0183
+ RESERVED
+CVE-2021-0182
+ RESERVED
+CVE-2021-0181
+ RESERVED
+CVE-2021-0180
+ RESERVED
+CVE-2021-0179
+ RESERVED
+CVE-2021-0178
+ RESERVED
+CVE-2021-0177
+ RESERVED
+CVE-2021-0176
+ RESERVED
+CVE-2021-0175
+ RESERVED
+CVE-2021-0174
+ RESERVED
+CVE-2021-0173
+ RESERVED
+CVE-2021-0172
+ RESERVED
+CVE-2021-0171
+ RESERVED
+CVE-2021-0170
+ RESERVED
+CVE-2021-0169
+ RESERVED
+CVE-2021-0168
+ RESERVED
+CVE-2021-0167
+ RESERVED
+CVE-2021-0166
+ RESERVED
+CVE-2021-0165
+ RESERVED
+CVE-2021-0164
+ RESERVED
+CVE-2021-0163
+ RESERVED
+CVE-2021-0162
+ RESERVED
+CVE-2021-0161
+ RESERVED
+CVE-2021-0160
+ RESERVED
+CVE-2021-0159
+ RESERVED
+CVE-2021-0158
+ RESERVED
+CVE-2021-0157
+ RESERVED
+CVE-2021-0156
+ RESERVED
+CVE-2021-0155
+ RESERVED
+CVE-2021-0154
+ RESERVED
+CVE-2021-0153
+ RESERVED
+CVE-2021-0152
+ RESERVED
+CVE-2021-0151
+ RESERVED
+CVE-2021-0150
+ RESERVED
+CVE-2021-0149
+ RESERVED
+CVE-2021-0148
+ RESERVED
+CVE-2021-0147
+ RESERVED
+CVE-2021-0146
+ RESERVED
+CVE-2021-0145
+ RESERVED
+CVE-2021-0144
+ RESERVED
+CVE-2021-0143
+ RESERVED
+CVE-2021-0142
+ RESERVED
+CVE-2021-0141
+ RESERVED
+CVE-2021-0140
+ RESERVED
+CVE-2021-0139
+ RESERVED
+CVE-2021-0138
+ RESERVED
+CVE-2021-0137
+ RESERVED
+CVE-2021-0136
+ RESERVED
+CVE-2021-0135
+ RESERVED
+CVE-2021-0134
+ RESERVED
+CVE-2021-0133
+ RESERVED
+CVE-2021-0132
+ RESERVED
+CVE-2021-0131
+ RESERVED
+CVE-2021-0130
+ RESERVED
+CVE-2021-0129
+ RESERVED
+CVE-2021-0128
+ RESERVED
+CVE-2021-0127
+ RESERVED
+CVE-2021-0126
+ RESERVED
+CVE-2021-0125
+ RESERVED
+CVE-2021-0124
+ RESERVED
+CVE-2021-0123
+ RESERVED
+CVE-2021-0122
+ RESERVED
+CVE-2021-0121
+ RESERVED
+CVE-2021-0120
+ RESERVED
+CVE-2021-0119
+ RESERVED
+CVE-2021-0118
+ RESERVED
+CVE-2021-0117
+ RESERVED
+CVE-2021-0116
+ RESERVED
+CVE-2021-0115
+ RESERVED
+CVE-2021-0114
+ RESERVED
+CVE-2021-0113
+ RESERVED
+CVE-2021-0112
+ RESERVED
+CVE-2021-0111
+ RESERVED
+CVE-2021-0110
+ RESERVED
+CVE-2021-0109
+ RESERVED
+CVE-2021-0108
+ RESERVED
+CVE-2021-0107
+ RESERVED
+CVE-2021-0106
+ RESERVED
+CVE-2021-0105
+ RESERVED
+CVE-2021-0104
+ RESERVED
+CVE-2021-0103
+ RESERVED
+CVE-2021-0102
+ RESERVED
+CVE-2021-0101
+ RESERVED
+CVE-2021-0100
+ RESERVED
+CVE-2021-0099
+ RESERVED
+CVE-2021-0098
+ RESERVED
+CVE-2021-0097
+ RESERVED
+CVE-2021-0096
+ RESERVED
+CVE-2021-0095
+ RESERVED
+CVE-2021-0094
+ RESERVED
+CVE-2021-0093
+ RESERVED
+CVE-2021-0092
+ RESERVED
+CVE-2021-0091
+ RESERVED
+CVE-2021-0090
+ RESERVED
+CVE-2021-0089
+ RESERVED
+CVE-2021-0088
+ RESERVED
+CVE-2021-0087
+ RESERVED
+CVE-2021-0086
+ RESERVED
+CVE-2021-0085
+ RESERVED
+CVE-2021-0084
+ RESERVED
+CVE-2021-0083
+ RESERVED
+CVE-2021-0082
+ RESERVED
+CVE-2021-0081
+ RESERVED
+CVE-2021-0080
+ RESERVED
+CVE-2021-0079
+ RESERVED
+CVE-2021-0078
+ RESERVED
+CVE-2021-0077
+ RESERVED
+CVE-2021-0076
+ RESERVED
+CVE-2021-0075
+ RESERVED
+CVE-2021-0074
+ RESERVED
+CVE-2021-0073
+ RESERVED
+CVE-2021-0072
+ RESERVED
+CVE-2021-0071
+ RESERVED
+CVE-2021-0070
+ RESERVED
+CVE-2021-0069
+ RESERVED
+CVE-2021-0068
+ RESERVED
+CVE-2021-0067
+ RESERVED
+CVE-2021-0066
+ RESERVED
+CVE-2021-0065
+ RESERVED
+CVE-2021-0064
+ RESERVED
+CVE-2021-0063
+ RESERVED
+CVE-2021-0062
+ RESERVED
+CVE-2021-0061
+ RESERVED
+CVE-2021-0060
+ RESERVED
+CVE-2021-0059
+ RESERVED
+CVE-2021-0058
+ RESERVED
+CVE-2021-0057
+ RESERVED
+CVE-2021-0056
+ RESERVED
+CVE-2021-0055
+ RESERVED
+CVE-2021-0054
+ RESERVED
+CVE-2021-0053
+ RESERVED
+CVE-2021-0052
+ RESERVED
+CVE-2021-0051
+ RESERVED
+CVE-2021-0050
+ RESERVED
+CVE-2021-0049
+ RESERVED
+CVE-2021-0048
+ RESERVED
+CVE-2021-0047
+ RESERVED
+CVE-2021-0046
+ RESERVED
+CVE-2021-0045
+ RESERVED
+CVE-2021-0044
+ RESERVED
+CVE-2021-0043
+ RESERVED
+CVE-2021-0042
+ RESERVED
+CVE-2021-0041
+ RESERVED
+CVE-2021-0040
+ RESERVED
+CVE-2021-0039
+ RESERVED
+CVE-2021-0038
+ RESERVED
+CVE-2021-0037
+ RESERVED
+CVE-2021-0036
+ RESERVED
+CVE-2021-0035
+ RESERVED
+CVE-2021-0034
+ RESERVED
+CVE-2021-0033
+ RESERVED
+CVE-2021-0032
+ RESERVED
+CVE-2021-0031
+ RESERVED
+CVE-2021-0030
+ RESERVED
+CVE-2021-0029
+ RESERVED
+CVE-2021-0028
+ RESERVED
+CVE-2021-0027
+ RESERVED
+CVE-2021-0026
+ RESERVED
+CVE-2021-0025
+ RESERVED
+CVE-2021-0024
+ RESERVED
+CVE-2021-0023
+ RESERVED
+CVE-2021-0022
+ RESERVED
+CVE-2021-0021
+ RESERVED
+CVE-2021-0020
+ RESERVED
+CVE-2021-0019
+ RESERVED
+CVE-2021-0018
+ RESERVED
+CVE-2021-0017
+ RESERVED
+CVE-2021-0016
+ RESERVED
+CVE-2021-0015
+ RESERVED
+CVE-2021-0014
+ RESERVED
+CVE-2021-0013
+ RESERVED
+CVE-2021-0012
+ RESERVED
+CVE-2021-0011
+ RESERVED
+CVE-2021-0010
+ RESERVED
+CVE-2021-0009
+ RESERVED
+CVE-2021-0008
+ RESERVED
+CVE-2021-0007
+ RESERVED
+CVE-2021-0006
+ RESERVED
+CVE-2021-0005
+ RESERVED
+CVE-2021-0004
+ RESERVED
+CVE-2021-0003
+ RESERVED
+CVE-2021-0002
+ RESERVED
+CVE-2021-0001
+ RESERVED
+CVE-2020-27669
+ RESERVED
+CVE-2020-27668
+ RESERVED
+CVE-2020-27667
+ RESERVED
+CVE-2020-27666 (Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview fea ...)
+ TODO: check
+CVE-2020-27665 (In Strapi before 3.2.5, there is no admin::hasPermissions restriction ...)
+ TODO: check
+CVE-2020-27664 (admin/src/containers/InputModalStepperProvider/index.js in Strapi befo ...)
+ TODO: check
+CVE-2020-27663
+ RESERVED
+CVE-2020-27662
+ RESERVED
+CVE-2020-27661
+ RESERVED
+CVE-2020-27660
+ RESERVED
+CVE-2020-27659
+ RESERVED
+CVE-2020-27658
+ RESERVED
+CVE-2020-27657
+ RESERVED
+CVE-2020-27656
+ RESERVED
+CVE-2020-27655
+ RESERVED
+CVE-2020-27654
+ RESERVED
+CVE-2020-27653
+ RESERVED
+CVE-2020-27652
+ RESERVED
+CVE-2020-27651
+ RESERVED
+CVE-2020-27650
+ RESERVED
+CVE-2020-27649
+ RESERVED
+CVE-2020-27648
+ RESERVED
+CVE-2020-27647
+ RESERVED
+CVE-2020-27646 (Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1 ...)
+ TODO: check
+CVE-2020-27645
+ RESERVED
+CVE-2020-27644
+ RESERVED
+CVE-2020-27643
+ RESERVED
+CVE-2020-27642 (A cross-site scripting (XSS) vulnerability exists in the 'merge accoun ...)
+ TODO: check
+CVE-2020-27641
+ RESERVED
+CVE-2020-27640
+ RESERVED
+CVE-2020-27639
+ RESERVED
CVE-2020-27637
RESERVED
CVE-2020-27636
@@ -56,7 +518,7 @@ CVE-2020-27615 (The Loginizer plugin before 1.6.4 for WordPress allows SQL injec
NOT-FOR-US: Loginizer plugin for WordPress
CVE-2020-27614
RESERVED
-CVE-2020-27638 [DoS'able memory leak on invalid packets]
+CVE-2020-27638 (receive.c in fastd before v21 allows denial of service (assertion fail ...)
- fastd 21-1 (bug #972521)
[buster] - fastd <no-dsa> (Will be fixed via point release)
NOTE: https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea
@@ -184,8 +646,8 @@ CVE-2020-27562
RESERVED
CVE-2020-27561
RESERVED
-CVE-2020-27560
- RESERVED
+CVE-2020-27560 (ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames i ...)
+ TODO: check
CVE-2020-27559
RESERVED
CVE-2020-27558
@@ -238,8 +700,8 @@ CVE-2020-27535
RESERVED
CVE-2020-27534
RESERVED
-CVE-2020-27533
- RESERVED
+CVE-2020-27533 (A Cross Site Scripting (XSS) issue was discovered in the search featur ...)
+ TODO: check
CVE-2020-27532
RESERVED
CVE-2020-27531
@@ -914,8 +1376,8 @@ CVE-2020-27197 (** DISPUTED ** TAXII libtaxii through 1.1.117, as used in Eclect
NOT-FOR-US: TAXII libtaxii
CVE-2020-27196
RESERVED
-CVE-2020-27195
- RESERVED
+CVE-2020-27195 (HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client ...)
+ TODO: check
CVE-2020-27193
RESERVED
CVE-2020-27192
@@ -1003,8 +1465,8 @@ CVE-2020-27157 (Veritas APTARE versions prior to 10.5 included code that bypasse
NOT-FOR-US: Veritas
CVE-2020-27156 (Veritas APTARE versions prior to 10.5 did not perform adequate authori ...)
NOT-FOR-US: Veritas
-CVE-2020-27155
- RESERVED
+CVE-2020-27155 (An issue was discovered in Octopus Deploy through 2020.4.4. If enabled ...)
+ TODO: check
CVE-2020-27154
RESERVED
CVE-2020-27152 [KVM: host stack overflow due to lazy update IOAPIC]
@@ -1535,7 +1997,7 @@ CVE-2020-26896 (Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulne
- lnd <itp> (bug #886577)
CVE-2020-26895 (Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accept ...)
- lnd <itp> (bug #886577)
-CVE-2020-26894 (Faulkner Wildlife Issues in the New Millennium 18.0.160 on Windows all ...)
+CVE-2020-26894 (LiveCode v9.6.1 on Windows allows local, low-privileged users to gain ...)
NOT-FOR-US: New Millennium
CVE-2020-26893 (An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor c ...)
NOT-FOR-US: ClamXAV
@@ -2032,10 +2494,10 @@ CVE-2020-26652
RESERVED
CVE-2020-26651
RESERVED
-CVE-2020-26650
- RESERVED
-CVE-2020-26649
- RESERVED
+CVE-2020-26650 (AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php ...)
+ TODO: check
+CVE-2020-26649 (AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.ph ...)
+ TODO: check
CVE-2020-26648
RESERVED
CVE-2020-26647
@@ -7804,8 +8266,8 @@ CVE-2020-24035
RESERVED
CVE-2020-24034 (Sagemcom F at ST 5280 routers using firmware version 1.150.61 have insecu ...)
NOT-FOR-US: Sagemcom F at ST 5280 routers
-CVE-2020-24033
- RESERVED
+CVE-2020-24033 (An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The f ...)
+ TODO: check
CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cm ...)
NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD
CVE-2020-24031
@@ -24368,8 +24830,8 @@ CVE-2020-15908 (tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) befor
NOT-FOR-US: Cauldron cbang
CVE-2020-15907 (In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before ...)
- mahara <removed>
-CVE-2020-15906
- RESERVED
+CVE-2020-15906 (tiki-login.php in Tiki before 21.2 sets the admin password to a blank ...)
+ TODO: check
CVE-2020-15905
RESERVED
CVE-2020-15904 (A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allo ...)
@@ -41408,42 +41870,42 @@ CVE-2020-9999
RESERVED
CVE-2020-9998
RESERVED
-CVE-2020-9997
- RESERVED
+CVE-2020-9997 (An information disclosure issue was addressed with improved state mana ...)
+ TODO: check
CVE-2020-9996
RESERVED
CVE-2020-9995
RESERVED
-CVE-2020-9994
- RESERVED
+CVE-2020-9994 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
CVE-2020-9993
RESERVED
CVE-2020-9992 (This issue was addressed by encrypting communications over the network ...)
NOT-FOR-US: Apple
CVE-2020-9991
RESERVED
-CVE-2020-9990
- RESERVED
+CVE-2020-9990 (A race condition was addressed with additional validation. This issue ...)
+ TODO: check
CVE-2020-9989
RESERVED
CVE-2020-9988
RESERVED
CVE-2020-9987
RESERVED
-CVE-2020-9986
- RESERVED
-CVE-2020-9985
- RESERVED
-CVE-2020-9984
- RESERVED
+CVE-2020-9986 (A file access issue existed with certain home folder files. This was a ...)
+ TODO: check
+CVE-2020-9985 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2020-9984 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Safari
CVE-2020-9982
RESERVED
CVE-2020-9981
RESERVED
-CVE-2020-9980
- RESERVED
+CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
CVE-2020-9979
RESERVED
CVE-2020-9978
@@ -41522,18 +41984,18 @@ CVE-2020-9942
RESERVED
CVE-2020-9941
RESERVED
-CVE-2020-9940
- RESERVED
-CVE-2020-9939
- RESERVED
-CVE-2020-9938
- RESERVED
-CVE-2020-9937
- RESERVED
+CVE-2020-9940 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2020-9939 (This issue was addressed with improved checks. This issue is fixed in ...)
+ TODO: check
+CVE-2020-9938 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2020-9937 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
CVE-2020-9936 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
-CVE-2020-9935
- RESERVED
+CVE-2020-9935 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2020-9934 (An issue existed in the handling of environment variables. This issue ...)
NOT-FOR-US: Apple
CVE-2020-9933 (An authorization issue was addressed with improved state management. T ...)
@@ -41544,12 +42006,12 @@ CVE-2020-9931 (A denial of service issue was addressed with improved input valid
NOT-FOR-US: Apple
CVE-2020-9930
RESERVED
-CVE-2020-9929
- RESERVED
-CVE-2020-9928
- RESERVED
-CVE-2020-9927
- RESERVED
+CVE-2020-9929 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2020-9928 (Multiple memory corruption issues were addressed with improved memory ...)
+ TODO: check
+CVE-2020-9927 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
CVE-2020-9926
RESERVED
CVE-2020-9925 (A logic issue was addressed with improved state management. This issue ...)
@@ -41559,18 +42021,18 @@ CVE-2020-9925 (A logic issue was addressed with improved state management. This
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
-CVE-2020-9924
- RESERVED
+CVE-2020-9924 (A logic issue was addressed with improved state management. This issue ...)
+ TODO: check
CVE-2020-9923 (A memory corruption issue was addressed with improved memory handling. ...)
NOT-FOR-US: Apple
CVE-2020-9922
RESERVED
-CVE-2020-9921
- RESERVED
-CVE-2020-9920
- RESERVED
-CVE-2020-9919
- RESERVED
+CVE-2020-9921 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2020-9920 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
+CVE-2020-9919 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
CVE-2020-9918 (An out-of-bounds read was addressed with improved input validation. Th ...)
NOT-FOR-US: Apple
CVE-2020-9917 (This issue was addressed with improved checks. This issue is fixed in ...)
@@ -41596,28 +42058,28 @@ CVE-2020-9910 (Multiple issues were addressed with improved logic. This issue is
NOT-FOR-US: Safari
CVE-2020-9909 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2020-9908
- RESERVED
+CVE-2020-9908 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2020-9907 (A memory corruption issue was addressed by removing the vulnerable cod ...)
NOT-FOR-US: Apple
-CVE-2020-9906
- RESERVED
-CVE-2020-9905
- RESERVED
-CVE-2020-9904
- RESERVED
+CVE-2020-9906 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2020-9905 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2020-9904 (A memory corruption issue was addressed with improved state management ...)
+ TODO: check
CVE-2020-9903 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Safari
-CVE-2020-9902
- RESERVED
-CVE-2020-9901
- RESERVED
-CVE-2020-9900
- RESERVED
-CVE-2020-9899
- RESERVED
-CVE-2020-9898
- RESERVED
+CVE-2020-9902 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2020-9901 (An issue existed within the path validation logic for symlinks. This i ...)
+ TODO: check
+CVE-2020-9900 (An issue existed within the path validation logic for symlinks. This i ...)
+ TODO: check
+CVE-2020-9899 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
+CVE-2020-9898 (This issue was addressed with improved entitlements. This issue is fix ...)
+ TODO: check
CVE-2020-9897
RESERVED
CVE-2020-9896
@@ -41643,8 +42105,8 @@ CVE-2020-9893 (A use after free issue was addressed with improved memory managem
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.4-1
NOTE: https://webkitgtk.org/security/WSA-2020-0007.html
-CVE-2020-9892
- RESERVED
+CVE-2020-9892 (Multiple memory corruption issues were addressed with improved state m ...)
+ TODO: check
CVE-2020-9891 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
CVE-2020-9890 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
@@ -41653,46 +42115,46 @@ CVE-2020-9889 (An out-of-bounds write issue was addressed with improved bounds c
NOT-FOR-US: Apple
CVE-2020-9888 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
NOT-FOR-US: Apple
-CVE-2020-9887
- RESERVED
+CVE-2020-9887 (A memory corruption issue was addressed with improved input validation ...)
+ TODO: check
CVE-2020-9886
RESERVED
CVE-2020-9885 (An issue existed in the handling of iMessage tapbacks. The issue was r ...)
NOT-FOR-US: Apple
CVE-2020-9884 (An out-of-bounds write issue was addressed with improved bounds checki ...)
NOT-FOR-US: Apple
-CVE-2020-9883
- RESERVED
-CVE-2020-9882
- RESERVED
-CVE-2020-9881
- RESERVED
-CVE-2020-9880
- RESERVED
-CVE-2020-9879
- RESERVED
+CVE-2020-9883 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2020-9882 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2020-9881 (A buffer overflow issue was addressed with improved memory handling. T ...)
+ TODO: check
+CVE-2020-9880 (A buffer overflow was addressed with improved bounds checking. This is ...)
+ TODO: check
+CVE-2020-9879 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
CVE-2020-9878 (A buffer overflow issue was addressed with improved memory handling. T ...)
NOT-FOR-US: Apple
-CVE-2020-9877
- RESERVED
-CVE-2020-9876
- RESERVED
-CVE-2020-9875
- RESERVED
-CVE-2020-9874
- RESERVED
-CVE-2020-9873
- RESERVED
-CVE-2020-9872
- RESERVED
-CVE-2020-9871
- RESERVED
+CVE-2020-9877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
+ TODO: check
+CVE-2020-9876 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2020-9875 (An integer overflow was addressed through improved input validation. T ...)
+ TODO: check
+CVE-2020-9874 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2020-9873 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
+CVE-2020-9872 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
+CVE-2020-9871 (An out-of-bounds write issue was addressed with improved bounds checki ...)
+ TODO: check
CVE-2020-9870 (A logic issue was addressed with improved validation. This issue is fi ...)
NOT-FOR-US: Apple
-CVE-2020-9869
- RESERVED
-CVE-2020-9868
- RESERVED
+CVE-2020-9869 (A memory corruption issue was addressed with improved memory handling. ...)
+ TODO: check
+CVE-2020-9868 (A certificate validation issue existed when processing administrator a ...)
+ TODO: check
CVE-2020-9867
RESERVED
CVE-2020-9866
@@ -41701,8 +42163,8 @@ CVE-2020-9865 (A memory corruption issue was addressed by removing the vulnerabl
NOT-FOR-US: Apple
CVE-2020-9864 (A logic issue was addressed with improved restrictions. This issue is ...)
NOT-FOR-US: Apple
-CVE-2020-9863
- RESERVED
+CVE-2020-9863 (A memory initialization issue was addressed with improved memory handl ...)
+ TODO: check
CVE-2020-9862 (A command injection issue existed in Web Inspector. This issue was add ...)
{DSA-4739-1}
- webkit2gtk 2.28.4-1
@@ -41724,10 +42186,10 @@ CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixe
NOT-FOR-US: Apple
CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...)
NOT-FOR-US: Apple
-CVE-2020-9854
- RESERVED
-CVE-2020-9853
- RESERVED
+CVE-2020-9854 (A logic issue was addressed with improved validation. This issue is fi ...)
+ TODO: check
+CVE-2020-9853 (A memory corruption issue was addressed with improved validation. This ...)
+ TODO: check
CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...)
NOT-FOR-US: Apple
CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...)
@@ -41786,8 +42248,8 @@ CVE-2020-9830 (A memory corruption issue was addressed with improved state manag
NOT-FOR-US: Apple
CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...)
NOT-FOR-US: Apple
-CVE-2020-9828
- RESERVED
+CVE-2020-9828 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...)
NOT-FOR-US: Apple
CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...)
@@ -41822,8 +42284,8 @@ CVE-2020-9812 (An information disclosure issue was addressed with improved state
NOT-FOR-US: Apple
CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...)
NOT-FOR-US: Apple
-CVE-2020-9810
- RESERVED
+CVE-2020-9810 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...)
NOT-FOR-US: Apple
CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...)
@@ -41875,8 +42337,8 @@ CVE-2020-9798
RESERVED
CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...)
NOT-FOR-US: Apple
-CVE-2020-9796
- RESERVED
+CVE-2020-9796 (A race condition was addressed with improved state handling. This issu ...)
+ TODO: check
CVE-2020-9795 (A use after free issue was addressed with improved memory management. ...)
NOT-FOR-US: Apple
CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...)
@@ -41894,8 +42356,8 @@ CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds c
NOT-FOR-US: Apple
CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...)
NOT-FOR-US: Apple
-CVE-2020-9787
- RESERVED
+CVE-2020-9787 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
CVE-2020-9786
RESERVED
CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...)
@@ -41910,8 +42372,8 @@ CVE-2020-9781 (The issue was addressed by clearing website permission prompts af
NOT-FOR-US: Apple
CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...)
NOT-FOR-US: Apple
-CVE-2020-9779
- RESERVED
+CVE-2020-9779 (An out-of-bounds read was addressed with improved input validation. Th ...)
+ TODO: check
CVE-2020-9778
RESERVED
CVE-2020-9777 (An issue existed in the selection of video file by Mail. The issue was ...)
@@ -41924,10 +42386,10 @@ CVE-2020-9774
RESERVED
CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...)
NOT-FOR-US: Apple
-CVE-2020-9772
- RESERVED
-CVE-2020-9771
- RESERVED
+CVE-2020-9772 (A logic issue was addressed with improved restrictions. This issue is ...)
+ TODO: check
+CVE-2020-9771 (This issue was addressed with a new entitlement. This issue is fixed i ...)
+ TODO: check
CVE-2020-9770 (A logic issue was addressed with improved state management. This issue ...)
NOT-FOR-US: Apple
CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. This i ...)
@@ -48740,8 +49202,8 @@ CVE-2020-7022
RESERVED
CVE-2020-7021
RESERVED
-CVE-2020-7020
- RESERVED
+CVE-2020-7020 (Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disc ...)
+ TODO: check
CVE-2020-7019 (In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was f ...)
- elasticsearch <removed>
CVE-2020-7018 (Elastic Enterprise Search before 7.9.0 contain a credential exposure f ...)
@@ -57120,14 +57582,14 @@ CVE-2019-19905 (NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnera
NOTE: Negligible security impact
CVE-2020-3919 (A memory initialization issue was addressed with improved memory handl ...)
NOT-FOR-US: Apple
-CVE-2020-3918
- RESERVED
+CVE-2020-3918 (An access issue was addressed with additional sandbox restrictions. Th ...)
+ TODO: check
CVE-2020-3917 (This issue was addressed with a new entitlement. This issue is fixed i ...)
NOT-FOR-US: Apple
CVE-2020-3916 (An access issue was addressed with additional sandbox restrictions. Th ...)
NOT-FOR-US: Apple
-CVE-2020-3915
- RESERVED
+CVE-2020-3915 (A path handling issue was addressed with improved validation. This iss ...)
+ TODO: check
CVE-2020-3914 (A memory initialization issue was addressed with improved memory handl ...)
NOT-FOR-US: Apple
CVE-2020-3913 (A permissions issue existed. This issue was addressed with improved pe ...)
@@ -57180,8 +57642,7 @@ CVE-2020-3899 (A memory consumption issue was addressed with improved memory han
[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
- wpewebkit 2.28.2-1
NOTE: https://webkitgtk.org/security/WSA-2020-0005.html
-CVE-2020-3898 [heap based buffer overflow in libcups's ppdFindOption() in ppd-mark.c]
- RESERVED
+CVE-2020-3898 (A memory corruption issue was addressed with improved validation. This ...)
{DLA-2237-1}
- cups 2.3.1-12
[buster] - cups 2.2.10-6+deb10u3
@@ -75831,12 +76292,12 @@ CVE-2019-16131 (framework/admin/modulec_control.php in OKLite v1.2.25 has an Arb
NOT-FOR-US: OKLite
CVE-2019-16130 (YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.ph ...)
NOT-FOR-US: YII2-CMS
-CVE-2019-16129
- RESERVED
-CVE-2019-16128
- RESERVED
-CVE-2019-16127
- RESERVED
+CVE-2019-16129 (Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 ...)
+ TODO: check
+CVE-2019-16128 (Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 ...)
+ TODO: check
+CVE-2019-16127 (Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow. ...)
+ TODO: check
CVE-2019-16126 (Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaSc ...)
NOT-FOR-US: Grav CMS
CVE-2019-16125 (In Jobberbase 2.0, the parameter category is not sanitized in public/p ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa391fbc0eebce33a96d4f279b2c1fa87417302
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/5aa391fbc0eebce33a96d4f279b2c1fa87417302
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201022/2f31168d/attachment-0001.html>
More information about the debian-security-tracker-commits
mailing list