diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-06-09 20:10:20 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-06-09 20:10:20 +0000 |
commit | 04df7692f62ef48231613b4730aed4e8cac58307 (patch) | |
tree | b547b316788ed2e87b634601d95e6c008843993a | |
parent | 986f14478a38ec3e6fa5c6dc8795f65f6d890e14 (diff) |
automatic update
-rw-r--r-- | data/CVE/2015.list | 1 | ||||
-rw-r--r-- | data/CVE/2018.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 11 | ||||
-rw-r--r-- | data/CVE/2020.list | 319 |
4 files changed, 192 insertions, 147 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 7628c29e11..fbe24e78a7 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1850,6 +1850,7 @@ CVE-2015-8865 (The file_check_mem function in funcs.c in file before 5.23, as us NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/4e614ba041e24af8351afbb49c92444c0850f23b CVE-2015-8839 (Multiple race conditions in the ext4 filesystem implementation in the ...) + {DLA-2241-1} - linux 4.5.1-1 [wheezy] - linux <ignored> (Too much work to backport) NOTE: https://git.kernel.org/linus/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b (v4.5-rc1) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 8a7ac6e942..01d908b9f0 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -17615,26 +17615,26 @@ CVE-2018-14614 (An issue was discovered in the Linux kernel through 4.17.10. The [jessie] - linux <ignored> (Hard to backport and low priority outside of Android) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=200419 CVE-2018-14613 (An issue was discovered in the Linux kernel through 4.17.10. There is ...) - {DLA-1715-1} + {DLA-2241-1 DLA-1715-1} - linux 4.19.9-1 [stretch] - linux 4.9.144-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199849 NOTE: https://patchwork.kernel.org/patch/10503147/ CVE-2018-14612 (An issue was discovered in the Linux kernel through 4.17.10. There is ...) - {DLA-1715-1} + {DLA-2241-1 DLA-1715-1} - linux 4.18.8-1 [stretch] - linux 4.9.144-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199847 NOTE: https://patchwork.kernel.org/patch/10503403/ NOTE: https://patchwork.kernel.org/patch/10503413/ CVE-2018-14611 (An issue was discovered in the Linux kernel through 4.17.10. There is ...) - {DLA-1715-1} + {DLA-2241-1 DLA-1715-1} - linux 4.19.9-1 [stretch] - linux 4.9.144-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199839 NOTE: https://patchwork.kernel.org/patch/10503099/ CVE-2018-14610 (An issue was discovered in the Linux kernel through 4.17.10. There is ...) - {DLA-1715-1} + {DLA-2241-1 DLA-1715-1} - linux 4.19.9-1 [stretch] - linux 4.9.144-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199837 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 0591ab44e3..09c55b91b8 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -54,6 +54,7 @@ CVE-2019-20812 (An issue was discovered in the Linux kernel before 5.4.7. The pr [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/b43d1f9f7067c6759b1051e8ecb84e82cef569fe CVE-2019-20811 (An issue was discovered in the Linux kernel before 5.0.6. In rx_queue_ ...) + {DSA-4698-1 DLA-2242-1} - linux 4.19.37-1 [jessie] - linux 3.16.72-1 NOTE: https://git.kernel.org/linus/a3e23f719f5c4a38ffb3d30c8d7632a4ed8ccd9e @@ -76,6 +77,7 @@ CVE-2019-20807 (In Vim before 8.1.0881, users can circumvent the rvim restricted [jessie] - vim <no-dsa> (Minor issue) NOTE: https://github.com/vim/vim/commit/8c62a08faf89663e5633dc5036cd8695c80f1075 CVE-2019-20806 (An issue was discovered in the Linux kernel before 5.2. There is a NUL ...) + {DSA-4698-1 DLA-2242-1} - linux 5.2.6-1 [buster] - linux 4.19.118-1 [jessie] - linux <not-affected> (Vulnerable code introduced later) @@ -453,6 +455,7 @@ CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x NOTE: Introduced in https://github.com/varnishcache/varnish-cache/commit/62932b422f311ed1224f14a216169bcdc1b77a2d (5.0) NOTE: Case #3 implies labels introduced in https://github.com/varnishcache/varnish-cache/commit/34350d5e183ef4e04285729d1f63b784d1bc6454 (5.0) CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...) + {DLA-2241-1} - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 @@ -2752,6 +2755,7 @@ CVE-2019-19769 (In the Linux kernel 5.3.10, there is a use-after-free (read) in NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205705 NOTE: https://git.kernel.org/linus/6d390e4b5d48ec03bb87e63cf0a2bff5f4e116da CVE-2019-19768 (In the Linux kernel 5.4.0-rc2, there is a use-after-free (read) in the ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=205711 @@ -3598,6 +3602,7 @@ CVE-2019-19464 (The CBC Gem application before 9.24.1 for Android and before 9.2 CVE-2019-19463 (The Anhui Huami Mi Fit application before 4.0.11 for Android has an Un ...) NOT-FOR-US: Anhui Huami Mi Fit application for Android CVE-2019-19462 (relay_open in kernel/relay.c in the Linux kernel through 5.4.1 allows ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux <unfixed> [jessie] - linux <not-affected> (Vulnerability introduced later) CVE-2019-19461 (Post-authentication Stored XSS in Team Password Manager through 7.93.2 ...) @@ -3635,7 +3640,7 @@ CVE-2019-19448 (In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs - linux <unfixed> NOTE: https://github.com/bobfuzzer/CVE/tree/master/CVE-2019-19448 CVE-2019-19447 (In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, ...) - {DLA-2114-1} + {DLA-2241-1 DLA-2114-1} - linux 5.4.6-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 @@ -3924,6 +3929,7 @@ CVE-2019-19321 CVE-2019-19320 RESERVED CVE-2019-19319 (In the Linux kernel 5.0.21, a setxattr operation, after a mount of a c ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.2.6-1 [buster] - linux 4.19.87-1 CVE-2019-19318 (In the Linux kernel 5.3.11, mounting a crafted btrfs image twice can c ...) @@ -41638,6 +41644,7 @@ CVE-2019-5110 (Exploitable SQL injection vulnerabilities exist in the authentica CVE-2019-5109 (Exploitable SQL injection vulnerabilities exists in the authenticated ...) NOT-FOR-US: Forma LMS CVE-2019-5108 (An exploitable denial-of-service vulnerability exists in the Linux ker ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.3.7-1 [buster] - linux 4.19.98-1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0900 @@ -46294,6 +46301,7 @@ CVE-2019-3017 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtu - virtualbox 6.0.14-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) CVE-2019-3016 (In a Linux KVM guest that has PV TLB enabled, a process in the guest k ...) + {DSA-4699-1} - linux 5.4.19-1 [stretch] - linux <not-affected> (Vulnerability introduced later) [jessie] - linux <not-affected> (Vulnerability introduced later) @@ -48259,6 +48267,7 @@ CVE-2019-2184 (In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a CVE-2019-2183 (In generateServicesMap of RegisteredServicesCache.java, there is a pos ...) NOT-FOR-US: Android CVE-2019-2182 (In the Android kernel in the kernel MMU code there is a possible execu ...) + {DSA-4698-1 DLA-2242-1} - linux 4.16.5-1 [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: Fixed by: https://git.kernel.org/linus/15122ee2c515a253b0c66a3e618bc7ebe35105eb diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 1d0890f631..98c8453619 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,15 @@ +CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to c ...) + TODO: check +CVE-2020-13979 + RESERVED +CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has a ...) + TODO: check +CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has administrative access ...) + TODO: check +CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Di ...) + TODO: check +CVE-2020-13975 + RESERVED CVE-2020-13974 (An issue was discovered in the Linux kernel through 5.7.1. drivers/tty ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae @@ -1550,8 +1562,8 @@ CVE-2020-13268 RESERVED CVE-2020-13267 RESERVED -CVE-2020-13266 - RESERVED +CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...) + TODO: check CVE-2020-13265 RESERVED CVE-2020-13264 @@ -1785,8 +1797,8 @@ CVE-2020-13162 RESERVED CVE-2020-13161 RESERVED -CVE-2020-13160 - RESERVED +CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...) + TODO: check CVE-2020-13159 RESERVED CVE-2020-13158 @@ -1845,6 +1857,7 @@ CVE-2020-13132 CVE-2020-13131 RESERVED CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f CVE-2020-13130 @@ -2525,6 +2538,7 @@ CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. CVE-2020-12827 RESERVED CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...) + {DLA-2241-1} - linux 5.6.7-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da @@ -2672,13 +2686,16 @@ CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btre - linux <unfixed> NOTE: https://lkml.org/lkml/2020/4/26/87 CVE-2020-12770 (An issue was discovered in the Linux kernel through 5.6.11. sg_write l ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee (5.7-rc3) CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drivers/spi ...) + {DLA-2241-1} - linux 5.4.19-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6) CVE-2020-12768 (** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. ...) + {DSA-4699-1} - linux 5.6.7-1 (unimportant) [stretch] - linux <not-affected> (Vulnerability introduced later) [jessie] - linux <not-affected> (Vulnerability introduced later) @@ -2988,14 +3005,17 @@ CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_a - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1) CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1) CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1) CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.4.19-1 [buster] - linux 4.19.98-1 NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7) @@ -3395,6 +3415,7 @@ CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers [jessie] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6) CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3) CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...) @@ -3518,7 +3539,7 @@ CVE-2020-12411 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411 CVE-2020-12410 RESERVED - {DSA-4695-1} + {DSA-4695-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 @@ -3539,7 +3560,7 @@ CVE-2020-12407 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407 CVE-2020-12406 RESERVED - {DSA-4695-1} + {DSA-4695-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 @@ -3548,7 +3569,7 @@ CVE-2020-12406 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406 CVE-2020-12405 RESERVED - {DSA-4695-1} + {DSA-4695-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 @@ -3567,7 +3588,7 @@ CVE-2020-12400 RESERVED CVE-2020-12399 [Force a fixed length for DSA exponentiation] RESERVED - {DSA-4695-1} + {DSA-4695-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - nss 2:3.53-1 (bug #961752) @@ -4219,6 +4240,7 @@ CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Relea CVE-2020-12115 RESERVED CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.3.7-1 NOTE: https://www.openwall.com/lists/oss-security/2020/05/04/2 CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...) @@ -5304,6 +5326,7 @@ CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the po NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0 NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1 CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 @@ -5473,10 +5496,12 @@ CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The bui CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...) NOT-FOR-US: xdLocalStorage CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205 CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 @@ -5565,7 +5590,7 @@ CVE-2020-11567 CVE-2020-11566 RESERVED CVE-2020-11565 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.6 ...) - {DSA-4667-1} + {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd CVE-2020-11564 @@ -5744,6 +5769,7 @@ CVE-2020-11496 CVE-2020-11495 REJECTED CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ @@ -7156,7 +7182,7 @@ CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cr CVE-2020-10943 RESERVED CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...) - {DSA-4667-1} + {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4) CVE-2020-10941 (Arm Mbed TLS before 2.6.15 allows attackers to obtain sensitive inform ...) @@ -7574,8 +7600,7 @@ CVE-2020-10763 RESERVED CVE-2020-10762 RESERVED -CVE-2020-10761 [nbd: reachable assertion failure innbd_negotiate_send_rep_verr via remote client] - RESERVED +CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD) ...) - qemu <unfixed> [buster] - qemu <not-affected> (Vulnerable code introduced later) [stretch] - qemu <not-affected> (Vulnerable code introduced later) @@ -7596,8 +7621,8 @@ CVE-2020-10759 [Possible bypass in signature verification] NOTE: https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e CVE-2020-10758 RESERVED -CVE-2020-10757 - RESERVED +CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux <unfixed> NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9 CVE-2020-10756 [lirp: networking out-of-bounds read information disclosure vulnerability] @@ -7629,6 +7654,7 @@ CVE-2020-10753 CVE-2020-10752 RESERVED CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6 CVE-2020-10750 @@ -7690,6 +7716,7 @@ CVE-2020-10733 NOTE: https://www.postgresql.org/about/news/2038/ CVE-2020-10732 [uninitialized kernel data leak in userspace coredumps] RESERVED + {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux <unfixed> [jessie] - linux <ignored> (Does not affect supported architectures) NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1 @@ -7766,6 +7793,7 @@ CVE-2020-10713 CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...) NOT-FOR-US: image registry operator in OpenShift Container Platform CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's SELinu ...) + {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-1 [jessie] - linux <not-affected> (Vulnerability introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2 @@ -7858,6 +7886,7 @@ CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versio NOTE: https://github.com/ansible/ansible/pull/68596 NOTE: https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8 (stable-2.9) CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a race ...) + {DLA-2241-1} - linux 5.4.8-1 [buster] - linux 4.19.98-1 NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e @@ -9636,151 +9665,150 @@ CVE-2020-9860 RESERVED CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...) TODO: check -CVE-2020-9858 - RESERVED +CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...) + TODO: check CVE-2020-9857 RESERVED -CVE-2020-9856 - RESERVED -CVE-2020-9855 - RESERVED +CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...) + TODO: check CVE-2020-9854 RESERVED CVE-2020-9853 RESERVED -CVE-2020-9852 - RESERVED -CVE-2020-9851 - RESERVED -CVE-2020-9850 - RESERVED +CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...) + TODO: check +CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...) + TODO: check +CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check CVE-2020-9849 RESERVED -CVE-2020-9848 - RESERVED -CVE-2020-9847 - RESERVED +CVE-2020-9848 (An authorization issue was addressed with improved state management. T ...) + TODO: check +CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check CVE-2020-9846 RESERVED CVE-2020-9845 RESERVED -CVE-2020-9844 - RESERVED -CVE-2020-9843 - RESERVED -CVE-2020-9842 - RESERVED -CVE-2020-9841 - RESERVED +CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...) + TODO: check +CVE-2020-9843 (An input validation issue was addressed with improved input validation ...) + TODO: check +CVE-2020-9842 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...) + TODO: check CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...) NOT-FOR-US: SwiftNIO Extras -CVE-2020-9839 - RESERVED -CVE-2020-9838 - RESERVED -CVE-2020-9837 - RESERVED +CVE-2020-9839 (A race condition was addressed with improved state handling. This issu ...) + TODO: check +CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check +CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check CVE-2020-9836 RESERVED -CVE-2020-9835 - RESERVED -CVE-2020-9834 - RESERVED -CVE-2020-9833 - RESERVED -CVE-2020-9832 - RESERVED -CVE-2020-9831 - RESERVED -CVE-2020-9830 - RESERVED -CVE-2020-9829 - RESERVED +CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue was resol ...) + TODO: check +CVE-2020-9834 (A memory corruption issue was addressed with improved input validation ...) + TODO: check +CVE-2020-9833 (A memory initialization issue was addressed with improved memory handl ...) + TODO: check +CVE-2020-9832 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check +CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check +CVE-2020-9830 (A memory corruption issue was addressed with improved state management ...) + TODO: check +CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...) + TODO: check CVE-2020-9828 RESERVED -CVE-2020-9827 - RESERVED -CVE-2020-9826 - RESERVED -CVE-2020-9825 - RESERVED -CVE-2020-9824 - RESERVED -CVE-2020-9823 - RESERVED -CVE-2020-9822 - RESERVED -CVE-2020-9821 - RESERVED -CVE-2020-9820 - RESERVED -CVE-2020-9819 - RESERVED -CVE-2020-9818 - RESERVED -CVE-2020-9817 - RESERVED -CVE-2020-9816 - RESERVED -CVE-2020-9815 - RESERVED -CVE-2020-9814 - RESERVED -CVE-2020-9813 - RESERVED -CVE-2020-9812 - RESERVED -CVE-2020-9811 - RESERVED +CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...) + TODO: check +CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...) + TODO: check +CVE-2020-9825 (An access issue was addressed with additional sandbox restrictions. Th ...) + TODO: check +CVE-2020-9824 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2020-9823 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check +CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds checki ...) + TODO: check +CVE-2020-9821 (A memory corruption issue was addressed with improved state management ...) + TODO: check +CVE-2020-9820 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2020-9819 (A memory consumption issue was addressed with improved memory handling ...) + TODO: check +CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds checki ...) + TODO: check +CVE-2020-9817 (A permissions issue existed. This issue was addressed with improved pe ...) + TODO: check +CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds checki ...) + TODO: check +CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) + TODO: check +CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was address ...) + TODO: check +CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was address ...) + TODO: check +CVE-2020-9812 (An information disclosure issue was addressed with improved state mana ...) + TODO: check +CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...) + TODO: check CVE-2020-9810 RESERVED -CVE-2020-9809 - RESERVED -CVE-2020-9808 - RESERVED -CVE-2020-9807 - RESERVED -CVE-2020-9806 - RESERVED -CVE-2020-9805 - RESERVED -CVE-2020-9804 - RESERVED -CVE-2020-9803 - RESERVED -CVE-2020-9802 - RESERVED -CVE-2020-9801 - RESERVED -CVE-2020-9800 - RESERVED +CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...) + TODO: check +CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...) + TODO: check +CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...) + TODO: check +CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...) + TODO: check +CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...) + TODO: check +CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issue is ...) + TODO: check +CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...) + TODO: check CVE-2020-9799 RESERVED CVE-2020-9798 RESERVED -CVE-2020-9797 - RESERVED +CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...) + TODO: check CVE-2020-9796 RESERVED -CVE-2020-9795 - RESERVED -CVE-2020-9794 [unknown input leads to a memory corruption vulnerability] - RESERVED +CVE-2020-9795 (A use after free issue was addressed with improved memory management. ...) + TODO: check +CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) - sqlite3 <undetermined> NOTE: https://vuldb.com/?id.155768 TODO: Try to get more information, as usual Apple advisories are too unspecific -CVE-2020-9793 - RESERVED -CVE-2020-9792 - RESERVED -CVE-2020-9791 - RESERVED -CVE-2020-9790 - RESERVED -CVE-2020-9789 - RESERVED -CVE-2020-9788 - RESERVED +CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...) + TODO: check +CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...) + TODO: check +CVE-2020-9791 (An out-of-bounds read was addressed with improved input validation. Th ...) + TODO: check +CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds checki ...) + TODO: check +CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds checki ...) + TODO: check +CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...) + TODO: check CVE-2020-9787 RESERVED CVE-2020-9786 @@ -10671,10 +10699,10 @@ CVE-2020-9414 RESERVED CVE-2020-9413 RESERVED -CVE-2020-9412 - RESERVED -CVE-2020-9411 - RESERVED +CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) + TODO: check +CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) + TODO: check CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...) NOT-FOR-US: TIBCO CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...) @@ -10741,6 +10769,7 @@ CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 becaus CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...) NOT-FOR-US: Subex CVE-2020-9383 (An issue was discovered in the Linux kernel through 5.5.6. set_fdc in ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3 @@ -12368,14 +12397,17 @@ CVE-2020-8642 CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...) NOT-FOR-US: Lotus Core CMS CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5 CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) + {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 @@ -13113,7 +13145,7 @@ CVE-2020-8317 CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...) NOT-FOR-US: Lenovo CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...) - {DSA-4667-1} + {DSA-4698-1 DSA-4667-1 DLA-2242-1} - linux 5.4.19-1 [jessie] - linux <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6 @@ -14577,7 +14609,7 @@ CVE-2020-7648 (All versions of snyk-broker before 4.72.2 are vulnerable to Arbit NOT-FOR-US: snyk-broker CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...) NOT-FOR-US: jooby -CVE-2020-7646 (curlrequest through 1.0.1 allows execution of arbitrary commands.It is ...) +CVE-2020-7646 (curlrequest through 1.0.1 allows reading any file by populating the fi ...) NOT-FOR-US: Noed curlrequest CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...) NOT-FOR-US: Node chrome-launcher @@ -19309,8 +19341,8 @@ CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7 NOT-FOR-US: XACK DNS CVE-2020-5590 RESERVED -CVE-2020-5589 - RESERVED +CVE-2020-5589 (Multiple SONY Wireless Headphones have vulnerability that someone with ...) + TODO: check CVE-2020-5588 RESERVED CVE-2020-5587 @@ -22934,8 +22966,8 @@ CVE-2020-3884 (An injection issue was addressed with improved validation. This i NOT-FOR-US: Apple CVE-2020-3883 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple -CVE-2020-3882 - RESERVED +CVE-2020-3882 (This issue was addressed with improved checks. This issue is fixed in ...) + TODO: check CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3880 @@ -25399,7 +25431,7 @@ CVE-2020-2734 (Vulnerability in the RDBMS/Optimizer component of Oracle Database CVE-2020-2733 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor handled instr ...) - {DSA-4667-1} + {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c @@ -27622,6 +27654,7 @@ CVE-2020-1750 NOT-FOR-US: OpenShift machine-config-operator CVE-2020-1749 [net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup] RESERVED + {DLA-2241-1} - linux 5.4.6-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2 @@ -30135,7 +30168,7 @@ CVE-2020-0558 (Improper buffer restrictions in kernel mode driver for Intel(R) P CVE-2020-0557 (Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi produc ...) NOT-FOR-US: Intel CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...) - {DSA-4647-1} + {DSA-4647-1 DLA-2240-1} - bluez 5.50-1.1 (bug #953770) NOTE: https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1 @@ -30193,6 +30226,7 @@ CVE-2020-0544 RESERVED CVE-2020-0543 [Special Register Buffer Data Sampling] RESERVED + {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - intel-microcode <unfixed> - linux <unfixed> NOTE: https://www.vusec.net/projects/crosstalk/ @@ -31405,6 +31439,7 @@ CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out o CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...) NOT-FOR-US: FPC components for Android CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...) + {DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux <ignored> (Driver is not enabled or supported) |