CVE-2020-36505 (The Delete All Comments Easily WordPress plugin through 1.3 is lacking ...) NOT-FOR-US: WordPress plugin CVE-2020-36504 (The WP-Pro-Quiz WordPress plugin through 0.37 does not have CSRF check ...) NOT-FOR-US: WordPress plugin CVE-2020-36503 (The Connections Business Directory WordPress plugin before 9.7 does no ...) NOT-FOR-US: WordPress plugin CVE-2020-36502 (Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-si ...) NOT-FOR-US: Swift File Transfer Mobile CVE-2020-36501 (Multiple cross-site scripting (XSS) vulnerabilities in the Support mod ...) NOT-FOR-US: SugarCRM CVE-2020-36500 RESERVED CVE-2020-36499 (TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to cont ...) NOT-FOR-US: TAO Open Source Assessment Platform CVE-2020-36498 (Macrob7 Macs Framework Content Management System - 1.14f contains a cr ...) NOT-FOR-US: Macrob7 Macs Framework Content Management System CVE-2020-36497 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36496 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36495 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36494 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36493 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36492 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36491 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36490 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-36489 (Dropouts Technologies LLP Air Share v1.2 was discovered to contain a c ...) NOT-FOR-US: Dropouts Technologies LLP Air Share CVE-2020-36488 (An issue in the FTP server of Sky File v2.1.0 allows attackers to perf ...) NOT-FOR-US: Sky File CVE-2020-36487 RESERVED CVE-2020-36486 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain ...) NOT-FOR-US: Swift File Transfer Mobile CVE-2020-36485 (Portable Ltd Playable v9.18 was discovered to contain an arbitrary fil ...) NOT-FOR-US: Portable Ltd Playable CVE-2020-36484 RESERVED CVE-2020-36483 RESERVED CVE-2020-36482 RESERVED CVE-2020-36481 RESERVED CVE-2020-36480 RESERVED CVE-2020-36479 RESERVED CVE-2020-36478 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...) {DLA-2826-1} - mbedtls 2.16.9-0.1 NOTE: https://github.com/ARMmbed/mbedtls/issues/3629 NOTE: https://github.com/ARMmbed/mbedtls/commit/ca17ebfbc02b57e2bcb42efe64a5f2002c756ea8 (development) CVE-2020-36477 (An issue was discovered in Mbed TLS before 2.24.0. The verification of ...) - mbedtls [stretch] - mbedtls (2.4 not affected) NOTE: https://github.com/ARMmbed/mbedtls/issues/3498 NOTE: https://github.com/ARMmbed/mbedtls/commit/f3e4bd8632b71dc491e52e6df87dc3e409d2b869 (development) CVE-2020-36476 (An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 L ...) {DLA-2826-1} - mbedtls 2.16.9-0.1 NOTE: https://github.com/ARMmbed/mbedtls/commit/a321413807927d6e295cec8677733bbde6aeec34 (development) NOTE: https://github.com/ARMmbed/mbedtls/commit/ef73875913c66767e7a954aa0b68f42f0756d9b2 (mbedtls-2.7) CVE-2020-36475 (An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 L ...) {DLA-2826-1} - mbedtls 2.16.9-0.1 NOTE: https://github.com/ARMmbed/mbedtls/commit/9246d041500b96fb0694cbda1d833e420696827e CVE-2020-36474 (SafeCurl before 0.9.2 has a DNS rebinding vulnerability. ...) NOT-FOR-US: SafeCurl CVE-2020-36473 (UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and th ...) NOT-FOR-US: UCWeb UC CVE-2020-36472 (An issue was discovered in the max7301 crate before 0.2.0 for Rust. Th ...) NOT-FOR-US: Rust crate max7301 CVE-2020-36471 (An issue was discovered in the generator crate before 0.7.0 for Rust. ...) - rust-generator (bug #992047) [bullseye] - rust-generator (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0151.html CVE-2020-36470 (An issue was discovered in the disrustor crate through 2020-12-17 for ...) NOT-FOR-US: Rust crate disrustor CVE-2020-36469 (An issue was discovered in the appendix crate through 2020-11-15 for R ...) NOT-FOR-US: Rust crate appendix CVE-2020-36468 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...) NOT-FOR-US: Rust crate cgc CVE-2020-36467 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...) NOT-FOR-US: Rust crate cgc CVE-2020-36466 (An issue was discovered in the cgc crate through 2020-12-10 for Rust. ...) NOT-FOR-US: Rust crate cgc CVE-2020-36465 (An issue was discovered in the generic-array crate before 0.13.3 for R ...) - rust-generic-array 0.14.4-1 [buster] - rust-generic-array (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0146.html CVE-2020-36464 (An issue was discovered in the heapless crate before 0.6.1 for Rust. T ...) NOT-FOR-US: Rust crate heapless CVE-2020-36463 (An issue was discovered in the multiqueue crate through 2020-12-25 for ...) NOT-FOR-US: Rust crate multiqueue CVE-2020-36462 (An issue was discovered in the syncpool crate before 0.1.6 for Rust. T ...) NOT-FOR-US: Rust crate syncpool CVE-2020-36461 (An issue was discovered in the noise_search crate through 2020-12-10 f ...) NOT-FOR-US: Rust crate noise_search CVE-2020-36460 (An issue was discovered in the model crate through 2020-11-10 for Rust ...) NOT-FOR-US: Rust crate model CVE-2020-36459 (An issue was discovered in the dces crate through 2020-12-09 for Rust. ...) NOT-FOR-US: Rust crate dces CVE-2020-36458 (An issue was discovered in the lexer crate through 2020-11-10 for Rust ...) NOT-FOR-US: Rust crate lexer CVE-2020-36457 (An issue was discovered in the lever crate before 0.1.1 for Rust. Atom ...) NOT-FOR-US: Rust crate lever CVE-2020-36456 (An issue was discovered in the toolshed crate through 2020-11-15 for R ...) NOT-FOR-US: Rust crate toolshed CVE-2020-36455 (An issue was discovered in the slock crate through 2020-11-17 for Rust ...) NOT-FOR-US: Rust crate slock CVE-2020-36454 (An issue was discovered in the parc crate through 2020-11-14 for Rust. ...) NOT-FOR-US: Rust crate parc CVE-2020-36453 (An issue was discovered in the scottqueue crate through 2020-11-15 for ...) NOT-FOR-US: Rust crate scottqueue CVE-2020-36452 (An issue was discovered in the array-tools crate before 0.3.2 for Rust ...) NOT-FOR-US: Rust crate array-tools CVE-2020-36451 (An issue was discovered in the rcu_cell crate through 2020-11-14 for R ...) NOT-FOR-US: Rust crate rcu_cell CVE-2020-36450 (An issue was discovered in the bunch crate through 2020-11-12 for Rust ...) NOT-FOR-US: Rust crate bunch CVE-2020-36449 (An issue was discovered in the kekbit crate before 0.3.4 for Rust. For ...) NOT-FOR-US: Rust crate kekbit CVE-2020-36448 (An issue was discovered in the cache crate through 2020-11-24 for Rust ...) NOT-FOR-US: Rust crate cache CVE-2020-36447 (An issue was discovered in the v9 crate through 2020-12-18 for Rust. T ...) NOT-FOR-US: Rust crate v9 CVE-2020-36446 (An issue was discovered in the signal-simple crate through 2020-11-15 ...) NOT-FOR-US: Rust crate signal-simple CVE-2020-36445 (An issue was discovered in the convec crate through 2020-11-24 for Rus ...) NOT-FOR-US: Rust crate convec CVE-2020-36444 (An issue was discovered in the async-coap crate through 2020-12-08 for ...) NOT-FOR-US: Rust crate async-coap CVE-2020-36443 (An issue was discovered in the libp2p-deflate crate before 0.27.1 for ...) NOT-FOR-US: Rust crate libp2p-deflate CVE-2020-36442 (An issue was discovered in the beef crate before 0.5.0 for Rust. beef: ...) NOT-FOR-US: Rust crate beef CVE-2020-36441 (An issue was discovered in the abox crate before 0.4.1 for Rust. It im ...) NOT-FOR-US: Rust crate abox CVE-2020-36440 (An issue was discovered in the libsbc crate before 0.1.5 for Rust. For ...) NOT-FOR-US: Rust crate libsbc CVE-2020-36439 (An issue was discovered in the ticketed_lock crate before 0.3.0 for Ru ...) NOT-FOR-US: Rust crate ticketed_lock CVE-2020-36438 (An issue was discovered in the tiny_future crate before 0.4.0 for Rust ...) NOT-FOR-US: Rust crate tiny_future CVE-2020-36437 (An issue was discovered in the conqueue crate before 0.4.0 for Rust. T ...) NOT-FOR-US: Rust crate conqueue CVE-2020-36436 (An issue was discovered in the unicycle crate before 0.7.1 for Rust. P ...) NOT-FOR-US: Rust crate unicycle CVE-2020-36435 (An issue was discovered in the ruspiro-singleton crate before 0.4.1 fo ...) NOT-FOR-US: Rust crate ruspiro-singleton CVE-2020-36434 (An issue was discovered in the sys-info crate before 0.8.0 for Rust. s ...) NOT-FOR-US: Rust crate sys-info CVE-2020-36433 (An issue was discovered in the chunky crate through 2020-08-25 for Rus ...) NOT-FOR-US: Rust crate chunky CVE-2020-36432 (An issue was discovered in the alg_ds crate through 2020-08-25 for Rus ...) NOT-FOR-US: Rust crate alg_ds CVE-2020-36431 (Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm. ...) NOT-FOR-US: Unicorn Engine CVE-2020-36430 (libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode ...) - libass 1:0.15.0-2 [buster] - libass (Vulnerable code not present) [stretch] - libass (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26674 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libass/OSV-2020-2099.yaml NOTE: Introduced by: https://github.com/libass/libass/commit/910211f1c0078e37546f73e95306724358b89be2 (0.15.0) NOTE: Fixed by: https://github.com/libass/libass/commit/017137471d0043e0321e377ed8da48e45a3ec632 (0.15.1) CVE-2020-36429 (Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds ...) NOT-FOR-US: open62541 CVE-2020-36428 (matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-base ...) - libmatio (bug #991370) [bullseye] - libmatio (Minor issue) [buster] - libmatio (Vulnerable code not present, introduced in 1.5.18) [stretch] - libmatio (Vulnerable code not present, introduced in 1.5.18) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21421 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/matio/OSV-2020-799.yaml CVE-2020-36427 (GNOME gThumb before 3.10.1 allows an application crash via a malformed ...) - gthumb 3:3.11.1-0.1 (unimportant) NOTE: https://mail.gnome.org/archives/gthumb-list/2020-September/msg00001.html NOTE: https://github.com/GNOME/gthumb/commit/e79b4519cc6e27388ddd3f095e97d1559cb47616 NOTE: Crash in CLI tool, no security impact CVE-2020-36426 (An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_cr ...) - mbedtls 2.16.9-0.1 [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) CVE-2020-36425 (An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly ...) - mbedtls 2.16.9-0.1 [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) NOTE: https://github.com/ARMmbed/mbedtls/issues/3340 NOTE: https://github.com/ARMmbed/mbedtls/pull/3433 CVE-2020-36424 (An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can ...) - mbedtls 2.16.9-0.1 [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-2 CVE-2020-36423 (An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attack ...) - mbedtls 2.16.9-0.1 [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) CVE-2020-36422 (An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel ...) - mbedtls 2.16.9-0.1 [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) CVE-2020-36421 (An issue was discovered in Arm Mbed TLS before 2.23.0. Because of a si ...) - mbedtls 2.16.9-0.1 [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) NOTE: https://github.com/ARMmbed/mbedtls/issues/3394 CVE-2020-36420 (** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is o ...) - polipo [buster] - polipo (Minor issue) [stretch] - polipo (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/11/18/1 CVE-2020-36419 RESERVED CVE-2020-36418 RESERVED CVE-2020-36417 RESERVED CVE-2020-36416 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36415 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36414 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36413 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36412 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36411 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36410 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36409 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36408 (A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 ...) NOT-FOR-US: CMS Made Simple CVE-2020-36407 (libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataF ...) - libavif 0.8.2-1 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24811 NOTE: https://github.com/AOMediaCodec/libavif/commit/0a8e7244d494ae98e9756355dfbfb6697ded2ff9 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libavif/OSV-2020-1597.yaml CVE-2020-36406 (uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in u ...) NOT-FOR-US: uWebSockets CVE-2020-36405 (Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::get ...) NOT-FOR-US: keystone engine CVE-2020-36404 (Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl& ...) NOT-FOR-US: keystone engine CVE-2020-36403 (HTSlib 1.10 through 1.10.2 allows out-of-bounds write access in vcf_pa ...) - htslib 1.11-1 [buster] - htslib (Minor issue) [stretch] - htslib (Vulnerable code added later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24097 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/htslib/OSV-2020-955.yaml NOTE: https://github.com/samtools/htslib/commit/dcd4b7304941a8832fba2d0fc4c1e716e7a4e72c CVE-2020-36402 (Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLi ...) NOT-FOR-US: Solidity CVE-2020-36401 (mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_f ...) - mruby 2.1.2-3 (bug #990540) [buster] - mruby (Minor issue) [stretch] - mruby (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23801 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/mruby/OSV-2020-744.yaml NOTE: https://github.com/mruby/mruby/commit/97319697c8f9f6ff27b32589947e1918e3015503 CVE-2020-36400 (ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, ...) - zeromq3 (Never affected a released version) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26042 NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/libzmq/OSV-2020-1887.yaml NOTE: Introduced by: https://github.com/zeromq/libzmq/commit/b56195e995e0875afabf405826d97b1dd9817bb0 (v4.3.3) NOTE: Fixed by: https://github.com/zeromq/libzmq/commit/397ac80850bf8d010fae23dd215db0ee2c677306 (v4.3.3) CVE-2020-36399 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...) - phplist (bug #612288) CVE-2020-36398 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...) - phplist (bug #612288) CVE-2020-36397 (A stored cross site scripting (XSS) vulnerability in the /admin/contac ...) NOT-FOR-US: LavaLite CVE-2020-36396 (A stored cross site scripting (XSS) vulnerability in the /admin/roles/ ...) NOT-FOR-US: LavaLite CVE-2020-36395 (A stored cross site scripting (XSS) vulnerability in the /admin/user/t ...) NOT-FOR-US: LavaLite CVE-2020-36394 (pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux- ...) - pam (Vulnerable code introduced and fixed in v1.4.0) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171721 NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/5 NOTE: https://github.com/linux-pam/linux-pam/commit/27ded8954a1235bb65ffc9c730ae5a50b1dfed61 CVE-2020-36393 RESERVED CVE-2020-36392 RESERVED CVE-2020-36391 RESERVED CVE-2020-36390 RESERVED CVE-2020-36389 (In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEdit ...) - civicrm 5.28.4+dfsg1-1 NOTE: https://civicrm.org/advisory/civi-sa-2020-11-csrf-ckeditor-configuration-form CVE-2020-36388 (In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, user ...) - civicrm 5.24.5+dfsg1-1 NOTE: https://civicrm.org/advisory/civi-sa-2020-03 CVE-2020-36387 (An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring. ...) - linux 5.7.17-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6d816e088c359866f9867057e04f244c608c42fe CVE-2020-36386 (An issue was discovered in the Linux kernel before 5.8.1. net/bluetoot ...) - linux 5.7.17-1 [buster] - linux 4.19.146-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/51c19bf3d5cfaa66571e4b88ba2a6f6295311101 CVE-2020-36384 (PageLayer before 1.3.5 allows reflected XSS via color settings. ...) NOT-FOR-US: PageLayer CVE-2020-36383 (PageLayer before 1.3.5 allows reflected XSS via the font-size paramete ...) NOT-FOR-US: PageLayer CVE-2020-36385 (An issue was discovered in the Linux kernel before 5.10. drivers/infin ...) - linux 5.10.4-1 NOTE: https://git.kernel.org/linus/f5449e74802c1112dea984aec8af7a33c4516af1 CVE-2020-36382 (OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigge ...) NOT-FOR-US: OpenVPN Access Server (security impact for src:openvpn covered by CVE-2020-15078) CVE-2020-36381 (An issue was discovered in the singleCrunch function in shenzhim aaptj ...) NOT-FOR-US: aaptjs CVE-2020-36380 (An issue was discovered in the crunch function in shenzhim aaptjs 1.3. ...) NOT-FOR-US: aaptjs CVE-2020-36379 (An issue was discovered in the remove function in shenzhim aaptjs 1.3. ...) NOT-FOR-US: aaptjs CVE-2020-36378 (An issue was discovered in the packageCmd function in shenzhim aaptjs ...) NOT-FOR-US: aaptjs CVE-2020-36377 (An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, ...) NOT-FOR-US: aaptjs CVE-2020-36376 (An issue was discovered in the list function in shenzhim aaptjs 1.3.1, ...) NOT-FOR-US: aaptjs CVE-2020-36375 (Stack overflow vulnerability in parse_equality Cesanta MJS 1.20.1, all ...) NOT-FOR-US: Cesanta MJS CVE-2020-36374 (Stack overflow vulnerability in parse_comparison Cesanta MJS 1.20.1, a ...) NOT-FOR-US: Cesanta MJS CVE-2020-36373 (Stack overflow vulnerability in parse_shifts Cesanta MJS 1.20.1, allow ...) NOT-FOR-US: Cesanta MJS CVE-2020-36372 (Stack overflow vulnerability in parse_plus_minus Cesanta MJS 1.20.1, a ...) NOT-FOR-US: Cesanta MJS CVE-2020-36371 (Stack overflow vulnerability in parse_mul_div_rem Cesanta MJS 1.20.1, ...) NOT-FOR-US: Cesanta MJS CVE-2020-36370 (Stack overflow vulnerability in parse_unary Cesanta MJS 1.20.1, allows ...) NOT-FOR-US: Cesanta MJS CVE-2020-36369 (Stack overflow vulnerability in parse_statement_list Cesanta MJS 1.20. ...) NOT-FOR-US: Cesanta MJS CVE-2020-36368 (Stack overflow vulnerability in parse_statement Cesanta MJS 1.20.1, al ...) NOT-FOR-US: Cesanta MJS CVE-2020-36367 (Stack overflow vulnerability in parse_block Cesanta MJS 1.20.1, allows ...) NOT-FOR-US: Cesanta MJS CVE-2020-36366 (Stack overflow vulnerability in parse_value Cesanta MJS 1.20.1, allows ...) NOT-FOR-US: Cesanta MJS CVE-2020-36365 (Smartstore (aka SmartStoreNET) before 4.1.0 allows CommonController.Cl ...) NOT-FOR-US: Smartstore (aka SmartStoreNET) CVE-2020-36364 (An issue was discovered in Smartstore (aka SmartStoreNET) before 4.1.0 ...) NOT-FOR-US: Smartstore (aka SmartStoreNET) CVE-2020-36363 (Amazon AWS CloudFront TLSv1.2_2019 allows TLS_ECDHE_RSA_WITH_AES_128_C ...) NOT-FOR-US: Amazon AWS CloudFront CVE-2020-36362 RESERVED CVE-2020-36361 RESERVED CVE-2020-36360 RESERVED CVE-2020-36359 RESERVED CVE-2020-36358 RESERVED CVE-2020-36357 RESERVED CVE-2020-36356 RESERVED CVE-2020-36355 RESERVED CVE-2020-36354 RESERVED CVE-2020-36353 RESERVED CVE-2020-36352 RESERVED CVE-2020-36351 RESERVED CVE-2020-36350 RESERVED CVE-2020-36349 RESERVED CVE-2020-36348 RESERVED CVE-2020-36347 RESERVED CVE-2020-36346 RESERVED CVE-2020-36345 RESERVED CVE-2020-36344 RESERVED CVE-2020-36343 RESERVED CVE-2020-36342 RESERVED CVE-2020-36341 RESERVED CVE-2020-36340 RESERVED CVE-2020-36339 RESERVED CVE-2020-36338 RESERVED CVE-2020-36337 RESERVED CVE-2020-36336 RESERVED CVE-2020-36335 RESERVED CVE-2020-36332 (A flaw was found in libwebp in versions before 1.0.1. When reading a f ...) {DSA-4930-1} - libwebp 0.6.1-2.1 [stretch] - libwebp (Patch is too destructive to implement it; Minor issue) NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=391 NOTE: https://chromium.googlesource.com/webm/libwebp/+/39cb9aad85ca7bb1d193013460db1f8cc6bff109 CVE-2020-36331 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=388 NOTE: https://chromium.googlesource.com/webm/libwebp/+/be738c6d396fa5a272c1b209be4379a7532debfe CVE-2020-36330 (A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=386 NOTE: https://chromium.googlesource.com/webm/libwebp/+/2c70ad76c94db5427d37ab4b85dc89b94dd75e01 CVE-2020-36329 (A flaw was found in libwebp in versions before 1.0.1. A use-after-free ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=385 NOTE: https://chromium.googlesource.com/webm/libwebp/+/569001f19fc81fcb5ab358f587a54c62e7c4665c CVE-2020-36328 (A flaw was found in libwebp in versions before 1.0.1. A heap-based buf ...) {DSA-4930-1 DLA-2677-1} - libwebp 0.6.1-2.1 NOTE: https://bugs.chromium.org/p/webp/issues/detail?id=383 NOTE: https://chromium.googlesource.com/webm/libwebp/+/71ed73cf86132394ea25ae9c7ed431e0d71043f5 CVE-2020-36327 (Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes choos ...) - bundler [buster] - bundler (Minor issue) [stretch] - bundler (Invasive change, hard to backport; chances of regression) - rubygems [bullseye] - rubygems (Minor issue) NOTE: https://github.com/rubygems/rubygems/issues/3982 CVE-2020-36326 (PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Des ...) - libphp-phpmailer 6.2.0-2 (bug #988732) [buster] - libphp-phpmailer (Regression introduced in 6.1.8) [stretch] - libphp-phpmailer (Regression introduced in 6.1.8) NOTE: Introduced by: https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9 (6.1.8) NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/26f2848d3bbb57add5f34a467a1e3b2f9ce5cd2a (v6.4.1) NOTE: Also backport: https://github.com/PHPMailer/PHPMailer/commit/7f267fb4aadfcf62e3ddc50494c469c6b9c4405a (v6.4.1) CVE-2020-36325 (** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due ...) - jansson (unimportant) NOTE: https://github.com/akheron/jansson/issues/548 NOTE: Disputed security impact (only if programmer fails to follow API specifications) CVE-2020-13672 [SA-CORE-2021-002] RESERVED {DLA-2637-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2021-002 CVE-2020-36324 (Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflect ...) NOT-FOR-US: Wikimedia Quarry CVE-2020-36323 (In the standard library in Rust before 1.52.0, there is an optimizatio ...) - rustc 1.53.0+dfsg1-1 [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/80335 NOTE: https://github.com/rust-lang/rust/pull/81728 CVE-2020-36322 (An issue was discovered in the FUSE filesystem implementation in the L ...) {DLA-2689-1} - linux 5.10.9-1 NOTE: https://git.kernel.org/linus/5d069dbe8aaf2a197142558b6fb2978189ba3454 CVE-2020-36334 (themegrill-demo-importer before 1.6.3 allows CSRF, as demonstrated by ...) NOT-FOR-US: WordPress plugin themegrill-demo-importer CVE-2020-36333 (themegrill-demo-importer before 1.6.2 does not require authentication ...) NOT-FOR-US: WordPress plugin themegrill-demo-importer CVE-2020-36321 (Improper URL validation in development mode handler in com.vaadin:flow ...) NOT-FOR-US: Vaadin CVE-2020-36320 (Unsafe validation RegEx in EmailValidator class in com.vaadin:vaadin-s ...) NOT-FOR-US: Vaadin CVE-2020-36319 (Insecure configuration of default ObjectMapper in com.vaadin:flow-serv ...) NOT-FOR-US: Vaadin CVE-2020-36318 (In the standard library in Rust before 1.49.0, VecDeque::make_contiguo ...) - rustc 1.53.0+dfsg1-1 (bug #986803) [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/79808 NOTE: https://github.com/rust-lang/rust/pull/79814 CVE-2020-36317 (In the standard library in Rust before 1.49.0, String::retain() functi ...) - rustc 1.53.0+dfsg1-1 (bug #986803) [bullseye] - rustc (Minor issue) [buster] - rustc (Minor issue) [stretch] - rustc (Minor issue) NOTE: https://github.com/rust-lang/rust/issues/78498 NOTE: https://github.com/rust-lang/rust/pull/78499 CVE-2020-36316 (In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 ...) NOT-FOR-US: RELIC CVE-2020-36315 (In RELIC before 2020-08-01, RSA PKCS#1 v1.5 signature forgery can occu ...) NOT-FOR-US: RELIC CVE-2020-36314 (fr-archive-libarchive.c in GNOME file-roller through 3.38.0, as used b ...) - file-roller 3.38.1-1 [buster] - file-roller (Minor issue) [stretch] - file-roller (Minor issue; can be fixed in next update) NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/e970f4966bf388f6e7c277357c8b186c645683ae NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/issues/108 CVE-2020-36313 (An issue was discovered in the Linux kernel before 5.7. The KVM subsys ...) - linux (No released version affected by the vulnerability) NOTE: Fixed by: https://git.kernel.org/linus/0774a964ef561b7170d8d1b1bfe6f88002b6d219 CVE-2020-36312 (An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kv ...) - linux 5.8.10-1 [buster] - linux 4.19.152-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/f65886606c2d3b562716de030706dfe1bea4ed5e CVE-2020-36311 (An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/s ...) {DSA-4941-1 DLA-2714-1} - linux 5.9.1-1 [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/7be74942f184fdfba34ddd19a0d995deb34d4a03 CVE-2020-36310 (An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/s ...) - linux 5.8.7-1 [stretch] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/e72436bc3a5206f95bb384e741154166ddb3202e CVE-2020-36309 (ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty ...) - nginx (bug #986787) [bullseye] - nginx (Minor issue, too intrusive to backport, see #986787) [buster] - nginx (Minor issue, too intrusive to backport, see #986787) [stretch] - nginx (Minor issue; can be fixed in next update) NOTE: https://github.com/openresty/lua-nginx-module/pull/1654 CVE-2020-36308 (Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discov ...) {DLA-2658-1} - redmine 4.0.7-1 CVE-2020-36307 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile ...) {DLA-2658-1} - redmine 4.0.7-1 CVE-2020-36306 (Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url f ...) {DLA-2658-1} - redmine 4.0.7-1 CVE-2020-36305 RESERVED CVE-2020-36304 RESERVED CVE-2020-36303 RESERVED CVE-2020-36302 RESERVED CVE-2020-36301 RESERVED CVE-2020-36300 RESERVED CVE-2020-36299 RESERVED CVE-2020-36298 RESERVED CVE-2020-36297 RESERVED CVE-2020-36296 RESERVED CVE-2020-36295 RESERVED CVE-2020-36294 RESERVED CVE-2020-36293 RESERVED CVE-2020-36292 RESERVED CVE-2020-36291 RESERVED CVE-2020-36290 RESERVED CVE-2020-36289 (Affected versions of Atlassian Jira Server and Data Center allow an un ...) NOT-FOR-US: Atlassian CVE-2020-36288 (The issue navigation and search view in Jira Server and Data Center be ...) NOT-FOR-US: Atlassian CVE-2020-36287 (The dashboard gadgets preference resource of the Atlassian gadgets plu ...) NOT-FOR-US: Atlassian CVE-2020-36286 (The membersOf JQL search function in Jira Server and Data Center befor ...) NOT-FOR-US: Atlassian CVE-2020-36285 (Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Impro ...) NOT-FOR-US: Union Pay CVE-2020-36284 (Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper ...) NOT-FOR-US: Union Pay CVE-2020-36283 (HID OMNIKEY 5427 and OMNIKEY 5127 readers are vulnerable to CSRF when ...) NOT-FOR-US: HID OMNIKEY 5427 and OMNIKEY 5127 readers CVE-2020-36282 (JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vuln ...) NOT-FOR-US: JMS Client for RabbitMQ CVE-2020-36281 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFew ...) {DLA-2612-1} - leptonlib 1.79.0-1.1 (bug #985089) [buster] - leptonlib (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22140 NOTE: https://github.com/DanBloomberg/leptonica/commit/5ee24b398bb67666f6d173763eaaedd9c36fb1e5 CVE-2020-36280 (Leptonica before 1.80.0 allows a heap-based buffer over-read in pixRea ...) - leptonlib 1.79.0-1.1 (bug #985089) [buster] - leptonlib (Minor issue) [stretch] - leptonlib (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23654 NOTE: https://github.com/DanBloomberg/leptonica/commit/5ba34b1fe741d69d43a6c8cf767756997eadd87c CVE-2020-36279 (Leptonica before 1.80.0 allows a heap-based buffer over-read in raster ...) {DLA-2612-1} - leptonlib 1.79.0-1.1 (bug #985089) [buster] - leptonlib (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22512 NOTE: https://github.com/DanBloomberg/leptonica/commit/3c18c43b6a3f753f0dfff99610d46ad46b8bfac4 CVE-2020-36278 (Leptonica before 1.80.0 allows a heap-based buffer over-read in findNe ...) {DLA-2612-1} - leptonlib 1.79.0-1.1 (bug #985089) [buster] - leptonlib (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=23433 NOTE: https://github.com/DanBloomberg/leptonica/commit/8d6e1755518cfb98536d6c3daf0601f226d16842 CVE-2020-36277 (Leptonica before 1.80.0 allows a denial of service (application crash) ...) {DLA-2612-1} - leptonlib 1.79.0-1.1 (bug #985089) [buster] - leptonlib (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21997 NOTE: https://github.com/DanBloomberg/leptonica/pull/499 CVE-2020-36276 RESERVED CVE-2020-36275 RESERVED CVE-2020-36274 RESERVED CVE-2020-36273 RESERVED CVE-2020-36272 RESERVED CVE-2020-36271 RESERVED CVE-2020-36270 RESERVED CVE-2020-36269 RESERVED CVE-2020-36268 RESERVED CVE-2020-36267 RESERVED CVE-2020-36266 RESERVED CVE-2020-36265 RESERVED CVE-2020-36264 RESERVED CVE-2020-36263 RESERVED CVE-2020-36262 RESERVED CVE-2020-36261 RESERVED CVE-2020-36260 RESERVED CVE-2020-36259 RESERVED CVE-2020-36258 RESERVED CVE-2020-36257 RESERVED CVE-2020-36256 RESERVED CVE-2020-36255 (An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel ...) NOT-FOR-US: ScottBrady.IdentityModel CVE-2020-35358 (DomainMOD domainmod-v4.15.0 is affected by an insufficient session exp ...) NOT-FOR-US: DomainMOD CVE-2020-36254 (scp.c in Dropbear before 2020.79 mishandles the filename of . or an em ...) - dropbear 2020.79-1 [buster] - dropbear (Minor issue) [stretch] - dropbear (Minor issue) NOTE: https://github.com/mkj/dropbear/commit/8f8a3dff705fad774a10864a2e3dbcfa9779ceff CVE-2020-36253 RESERVED CVE-2020-36252 (ownCloud Server 10.x before 10.3.1 allows an attacker, who has one out ...) - owncloud CVE-2020-36251 (ownCloud Server before 10.3.0 allows an attacker, who has received non ...) - owncloud CVE-2020-36250 (In the ownCloud application before 2.15 for Android, the lock protecti ...) NOT-FOR-US: ownCloud app for Android CVE-2020-36249 (The File Firewall before 2.8.0 for ownCloud Server does not properly e ...) NOT-FOR-US: ownCloud addon CVE-2020-36248 (The ownCloud application before 2.15 for Android allows attackers to u ...) NOT-FOR-US: ownCloud app for Android CVE-2020-36247 (Open OnDemand before 1.5.7 and 1.6.x before 1.6.22 allows CSRF. ...) NOT-FOR-US: Open OnDemand CVE-2020-36246 (Amaze File Manager before 3.5.1 allows attackers to obtain root privil ...) NOT-FOR-US: Amaze File Manager CVE-2020-36245 (GramAddict through 1.2.3 allows remote attackers to execute arbitrary ...) NOT-FOR-US: GramAddict CVE-2020-36244 (The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to ...) - dlt-daemon 2.18.6-1 [buster] - dlt-daemon (Minor issue) NOTE: https://github.com/GENIVI/dlt-daemon/issues/265 NOTE: https://github.com/GENIVI/dlt-daemon/pull/269 NOTE: https://github.com/GENIVI/dlt-daemon/commit/af734fe097ed379b0aa5fcf551886b1ce5098052 (v2.18.6) CVE-2020-36243 (The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injecti ...) NOT-FOR-US: OpenEMR CVE-2020-36242 (In the cryptography package before 3.3.2 for Python, certain sequences ...) - python-cryptography 3.3.2-1 [buster] - python-cryptography (Minor issue) [stretch] - python-cryptography (Vulnerable code introduced later) NOTE: https://github.com/pyca/cryptography/issues/5615 CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNO ...) - gnome-autoar 0.2.4-3 (bug #982737) [buster] - gnome-autoar (Minor issue) [stretch] - gnome-autoar (Minor issue) NOTE: Fixed by: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429 NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7 NOTE: Regression fix: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/cc4e8b7ccc973ac69d75a7423fbe1bcdc51e2cb3 NOTE: When fixing the issue make sure to apply as well the followup fix: NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/8109c368c6cfdb593faaf698c2bf5da32bb1ace4 NOTE: to not open CVE-2021-28650. CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...) NOT-FOR-US: Atlassian CVE-2020-36239 (Jira Data Center, Jira Core Data Center, Jira Software Data Center fro ...) NOT-FOR-US: Atlassian CVE-2020-36238 (The /rest/api/1.0/render resource in Jira Server and Data Center befor ...) NOT-FOR-US: Atlassian CVE-2020-36237 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) NOT-FOR-US: Atlassian CVE-2020-36236 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-36235 (Affected versions of Atlassian Jira Server and Data Center allow unaut ...) NOT-FOR-US: Atlassian CVE-2020-36234 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-36233 (The Microsoft Windows Installer for Atlassian Bitbucket Server and Dat ...) NOT-FOR-US: Atlassian CVE-2020-36232 (The MessageBundleWhiteList class of atlassian-gadgets before version 4 ...) NOT-FOR-US: Atlassian CVE-2020-36231 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-36230 (A flaw was discovered in OpenLDAP before 2.4.57 leading in an assertio ...) {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9423 NOTE: https://git.openldap.org/openldap/openldap/-/commit/8c1d96ee36ed98b32cd0e28b7069c7b8ea09d793 (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36229 (A flaw was discovered in ldap_X509dn2bv in OpenLDAP before 2.4.57 lead ...) {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9425 NOTE: https://git.openldap.org/openldap/openldap/-/commit/4bdfffd2889c0c5cdf58bebafbdc8fce4bb2bff0 (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36228 (An integer underflow was discovered in OpenLDAP before 2.4.57 leading ...) {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9427 NOTE: https://git.openldap.org/openldap/openldap/-/commit/91dccd25c347733b365adc74cb07d074512ed5ad (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36227 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an infinite ...) {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9428 NOTE: https://git.openldap.org/openldap/openldap/-/commit/9d0e8485f3113505743baabf1167e01e4558ccf5 (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36226 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a memch-> ...) {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://bugs.openldap.org/show_bug.cgi?id=9413 NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57) NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids CVE-2020-36225 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a double fr ...) {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://bugs.openldap.org/show_bug.cgi?id=9412 NOTE: https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57) NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids CVE-2020-36224 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an invalid ...) {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9409 NOTE: https://git.openldap.org/openldap/openldap/-/commit/554dff1927176579d652f2fe60c90e9abbad4c65 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://git.openldap.org/openldap/openldap/-/commit/c0b61a9486508e5202aa2e0cfb68c9813731b439 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://git.openldap.org/openldap/openldap/-/commit/5a2017d4e61a6ddc4dcb4415028e0d08eb6bca26 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://git.openldap.org/openldap/openldap/-/commit/d169e7958a3e0dc70f59c8374bf8a59833b7bdd8 (OPENLDAP_REL_ENG_2_4_57) NOTE: CVE-2020-36224, CVE-2020-36225 and CVE-2020-36226 are related but differend ids CVE-2020-36223 (A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd cra ...) {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9408 NOTE: https://git.openldap.org/openldap/openldap/-/commit/21981053a1195ae1555e23df4d9ac68d34ede9dd (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36222 (A flaw was discovered in OpenLDAP before 2.4.57 leading to an assertio ...) {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9406 NOTE: https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed (OPENLDAP_REL_ENG_2_4_57) NOTE: https://git.openldap.org/openldap/openldap/-/commit/02dfc32d658fadc25e4040f78e36592f6e1e1ca0 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://bugs.openldap.org/show_bug.cgi?id=9407 NOTE: https://git.openldap.org/openldap/openldap/-/commit/6ed057b5b728b50746c869bcc9c1f85d0bbbf6ed (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36221 (An integer underflow was discovered in OpenLDAP before 2.4.57 leading ...) {DSA-4845-1 DLA-2544-1} - openldap 2.4.57+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9404 NOTE: https://git.openldap.org/openldap/openldap/-/commit/38ac838e4150c626bbfa0082b7e2cf3a2bb4df31 (OPENLDAP_REL_ENG_2_4_57) NOTE: https://bugs.openldap.org/show_bug.cgi?id=9424 NOTE: https://git.openldap.org/openldap/openldap/-/commit/58c1748e81c843c5b6e61648d2a4d1d82b47e842 (OPENLDAP_REL_ENG_2_4_57) CVE-2020-36220 (An issue was discovered in the va-ts crate before 0.0.4 for Rust. Beca ...) NOT-FOR-US: Rust crate va-ts CVE-2020-36219 (An issue was discovered in the atomic-option crate through 2020-10-31 ...) NOT-FOR-US: Rust crate atomic-option CVE-2020-36218 (An issue was discovered in the buttplug crate before 1.0.4 for Rust. B ...) NOT-FOR-US: Rust crate buttplug CVE-2020-36217 (An issue was discovered in the may_queue crate through 2020-11-10 for ...) NOT-FOR-US: Rust crate may_queue CVE-2020-36216 (An issue was discovered in Input<R> in the eventio crate before ...) NOT-FOR-US: Rust crate eventio CVE-2020-36215 (An issue was discovered in the hashconsing crate before 1.1.0 for Rust ...) NOT-FOR-US: Rust crate hashconsing CVE-2020-36214 (An issue was discovered in the multiqueue2 crate before 0.1.7 for Rust ...) NOT-FOR-US: Rust crate multiqueue2 CVE-2020-36213 (An issue was discovered in the abi_stable crate before 0.9.1 for Rust. ...) NOT-FOR-US: Rust crate abi_stable CVE-2020-36212 (An issue was discovered in the abi_stable crate before 0.9.1 for Rust. ...) NOT-FOR-US: Rust crate abi_stable CVE-2020-36211 (An issue was discovered in the gfwx crate before 0.3.0 for Rust. Becau ...) NOT-FOR-US: Rust crate gfwx CVE-2020-36210 (An issue was discovered in the autorand crate before 0.2.3 for Rust. B ...) NOT-FOR-US: Rust crate autorand CVE-2020-36209 (An issue was discovered in the late-static crate before 0.4.0 for Rust ...) NOT-FOR-US: Rust crate late-static CVE-2020-36208 (An issue was discovered in the conquer-once crate before 0.3.2 for Rus ...) NOT-FOR-US: Rust crate conquer-once CVE-2020-36207 (An issue was discovered in the aovec crate through 2020-12-10 for Rust ...) NOT-FOR-US: Rust crate aovec CVE-2020-36206 (An issue was discovered in the rusb crate before 0.7.0 for Rust. Becau ...) NOT-FOR-US: Rust crate rusb CVE-2020-36205 (An issue was discovered in the xcb crate through 2020-12-10 for Rust. ...) - rust-xcb NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0097.html CVE-2020-36204 (An issue was discovered in the im crate through 2020-11-09 for Rust. B ...) NOT-FOR-US: Rust crate im CVE-2020-36203 (An issue was discovered in the reffers crate through 2020-12-01 for Ru ...) NOT-FOR-US: Rust crate reffers CVE-2020-36202 (An issue was discovered in the async-h1 crate before 2.3.0 for Rust. R ...) NOT-FOR-US: Rust crate async-h1 CVE-2020-36201 (An issue was discovered in certain Xerox WorkCentre products. They do ...) NOT-FOR-US: Xerox CVE-2020-36200 (TinyCheck before commits 9fd360d and ea53de8 allowed an authenticated ...) NOT-FOR-US: TinyCheck CVE-2020-36199 (TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command ...) NOT-FOR-US: TinyCheck CVE-2020-36198 (A command injection vulnerability has been reported to affect certain ...) NOT-FOR-US: QNAP CVE-2020-36197 (An improper access control vulnerability has been reported to affect e ...) NOT-FOR-US: QNAP CVE-2020-36196 (A stored XSS vulnerability has been reported to affect QNAP NAS runnin ...) NOT-FOR-US: QNAP CVE-2020-36195 (An SQL injection vulnerability has been reported to affect QNAP NAS ru ...) NOT-FOR-US: QNAP CVE-2020-36194 (An XSS vulnerability has been reported to affect QNAP NAS running QTS ...) NOT-FOR-US: QNAP CVE-2020-36192 (An issue was discovered in the Source Integration plugin before 2.4.1 ...) NOT-FOR-US: Source Integration plugin for MantisBT CVE-2020-36191 (JupyterHub 1.1.0 allows CSRF in the admin panel via a request that lac ...) - jupyterhub NOTE: https://github.com/jupyterhub/jupyterhub/issues/3304 CVE-2020-36190 (RailsAdmin (aka rails_admin) before 1.4.3 and 2.x before 2.0.2 allows ...) NOT-FOR-US: RailsAdmin CVE-2020-36189 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2996 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4 CVE-2020-36188 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2996 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/33d96c13fe18a2dad01b19ce195548c9acea9da4 CVE-2020-36187 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2997 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1 CVE-2020-36186 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2997 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/3e8fa3beea49ea62109df9e643c9cb678dabdde1 CVE-2020-36185 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2998 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a CVE-2020-36184 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2998 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/567194c53ae91f0a14dc27239afb739b1c10448a CVE-2020-36183 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/3003 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/1cddeaf9524e903d08a91fdd9f3dde46d2a68536 CVE-2020-36182 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/3004 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b CVE-2020-36181 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/3004 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b CVE-2020-36180 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/3004 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b CVE-2020-36179 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/3004 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/3ded28aece694d0df39c9f0fa1ff385b14a8656b CVE-2020-36178 (oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 d ...) NOT-FOR-US: TP-Link CVE-2020-36177 (RsaPad_PSS in wolfcrypt/src/rsa.c in wolfSSL before 4.6.0 has an out-o ...) - wolfssl 4.6.0-1 (bug #979534) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26567 NOTE: https://github.com/wolfSSL/wolfssl/commit/fb2288c46dd4c864b78f00a47a364b96a09a5c0f NOTE: https://github.com/wolfSSL/wolfssl/pull/3426 CVE-2020-36176 (The iThemes Security (formerly Better WP Security) plugin before 7.7.0 ...) NOT-FOR-US: iThemes Security (formerly Better WP Security) plugin for WordPress CVE-2020-36175 (The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2020-36174 (The Ninja Forms plugin before 3.4.27.1 for WordPress allows CSRF via s ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2020-36173 (The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2020-36172 (The Advanced Custom Fields plugin before 5.8.12 for WordPress mishandl ...) NOT-FOR-US: Advanced Custom Fields plugin for WordPress CVE-2020-36171 (The Elementor Website Builder plugin before 3.0.14 for WordPress does ...) NOT-FOR-US: Elementor Website Builder plugin for WordPress CVE-2020-36170 (The Ultimate Member plugin before 2.1.13 for WordPress mishandles hidd ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2020-36169 (An issue was discovered in Veritas NetBackup through 8.3.0.1 and OpsCe ...) NOT-FOR-US: Veritas CVE-2020-36168 (An issue was discovered in Veritas Resiliency Platform 3.4 and 3.5. It ...) NOT-FOR-US: Veritas CVE-2020-36167 (An issue was discovered in the server in Veritas Backup Exec through 1 ...) NOT-FOR-US: Veritas CVE-2020-36166 (An issue was discovered in Veritas InfoScale 7.x through 7.4.2 on Wind ...) NOT-FOR-US: Veritas CVE-2020-36165 (An issue was discovered in Veritas Desktop and Laptop Option (DLO) bef ...) NOT-FOR-US: Veritas CVE-2020-36164 (An issue was discovered in Veritas Enterprise Vault through 14.0. On s ...) NOT-FOR-US: Veritas CVE-2020-36163 (An issue was discovered in Veritas NetBackup and OpsCenter through 8.3 ...) NOT-FOR-US: Veritas CVE-2020-36162 (An issue was discovered in Veritas CloudPoint before 8.3.0.1+hotfix. T ...) NOT-FOR-US: Veritas CVE-2020-36161 (An issue was discovered in Veritas APTARE 10.4 before 10.4P9 and 10.5 ...) NOT-FOR-US: Veritas CVE-2020-36160 (An issue was discovered in Veritas System Recovery before 21.2. On sta ...) NOT-FOR-US: Veritas CVE-2020-36159 (Veritas Desktop and Laptop Option (DLO) before 9.5 disclosed operation ...) NOT-FOR-US: Veritas CVE-2020-36158 (mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifie ...) {DSA-4843-1 DLA-2586-1 DLA-2557-1} - linux 5.10.5-1 NOTE: https://git.kernel.org/linus/5c455c5ab332773464d02ba17015acdca198f03d (5.11-rc1) CVE-2020-36157 (An issue was discovered in the Ultimate Member plugin before 2.1.12 fo ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2020-36156 (An issue was discovered in the Ultimate Member plugin before 2.1.12 fo ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2020-36155 (An issue was discovered in the Ultimate Member plugin before 2.1.12 fo ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2020-36154 (The Application Wrapper in Pearson VUE VTS Installer 2.3.1911 has Full ...) NOT-FOR-US: Pearson VUE VTS Installer CVE-2020-36153 RESERVED CVE-2020-36152 (Buffer overflow in readDataVar in hdf/dataobject.c in Symonics libmyso ...) - libmysofa 1.2~dfsg0-1 [buster] - libmysofa (Minor issue) NOTE: https://github.com/hoene/libmysofa/issues/136 NOTE: https://github.com/hoene/libmysofa/pull/146 CVE-2020-36151 (Incorrect handling of input data in mysofa_resampler_reset_mem functio ...) - libmysofa 1.2~dfsg0-1 [buster] - libmysofa (Minor issue) NOTE: https://github.com/hoene/libmysofa/issues/134 NOTE: https://github.com/hoene/libmysofa/pull/146 CVE-2020-36150 (Incorrect handling of input data in loudness function in the libmysofa ...) - libmysofa 1.2~dfsg0-1 [buster] - libmysofa (Minor issue) NOTE: https://github.com/hoene/libmysofa/issues/135 NOTE: https://github.com/hoene/libmysofa/pull/146 CVE-2020-36149 (Incorrect handling of input data in changeAttribute function in the li ...) - libmysofa 1.2~dfsg0-1 [buster] - libmysofa (Minor issue) NOTE: https://github.com/hoene/libmysofa/issues/137 NOTE: https://github.com/hoene/libmysofa/pull/146 CVE-2020-36148 (Incorrect handling of input data in verifyAttribute function in the li ...) - libmysofa 1.2~dfsg0-1 [buster] - libmysofa (Minor issue) NOTE: https://github.com/hoene/libmysofa/issues/138 NOTE: https://github.com/hoene/libmysofa/pull/145 CVE-2020-36147 RESERVED CVE-2020-36146 RESERVED CVE-2020-36145 RESERVED CVE-2020-36144 (Redash 8.0.0 is affected by LDAP Injection. There is an information le ...) NOT-FOR-US: Redash CVE-2020-36143 RESERVED CVE-2020-36142 (BloofoxCMS 0.5.2.1 allows Directory traversal vulnerability by inserti ...) NOT-FOR-US: BloofoxCMS CVE-2020-36141 (BloofoxCMS 0.5.2.1 allows Unrestricted File Upload vulnerability via b ...) NOT-FOR-US: BloofoxCMS CVE-2020-36140 (BloofoxCMS 0.5.2.1 allows Cross-Site Request Forgery (CSRF) via 'mode= ...) NOT-FOR-US: BloofoxCMS CVE-2020-36139 (BloofoxCMS 0.5.2.1 allows Reflected Cross-Site Scripting (XSS) vulnera ...) NOT-FOR-US: BloofoxCMS CVE-2020-36138 RESERVED CVE-2020-36137 RESERVED CVE-2020-36136 RESERVED CVE-2020-36135 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...) - aom 3.2.0-1 [bullseye] - aom (Vulnerable code introduced later) [buster] - aom (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2910&q=&can=1 NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911 NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.0.1) CVE-2020-36134 (AOM v2.0.1 was discovered to contain a segmentation violation via the ...) - aom 3.2.0-1 [bullseye] - aom (Vulnerable code introduced later) [buster] - aom (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2914 NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2940 NOTE: https://aomedia.googlesource.com/aom/+/5a1b33b710050b69557d26cf53d4943325481beb (v2.0.1) CVE-2020-36133 (AOM v2.0.1 was discovered to contain a global buffer overflow via the ...) - aom 3.2.0-1 [bullseye] - aom (Vulnerable code introduced later) [buster] - aom (Vulnerable code introduced later) NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2913&q=&can=1 NOTE: https://aomedia.googlesource.com/aom/+/5c9bc4181071684d157fc47c736acf6c69a85d85 (v3.0.0) CVE-2020-36132 RESERVED CVE-2020-36131 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...) - aom 3.2.0-1 [bullseye] - aom (Vulnerable code introduced later) [buster] - aom (Vulnerable code introduced later) NOTE: https://aomedia.googlesource.com/aom/+/94bcbfe76b0fd5b8ac03645082dc23a88730c949 (v2.0.1) NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2911&q=&can=1 CVE-2020-36130 (AOM v2.0.1 was discovered to contain a NULL pointer dereference via th ...) - aom 3.2.0-1 [bullseye] - aom (Vulnerable code introduced later) [buster] - aom (Vulnerable code introduced later) NOTE: https://aomedia.googlesource.com/aom/+/be4ee75fd762d361d0679cc892e4c74af8140093%5E%21/#F0 (v2.0.1) NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2905&q=&can=1 CVE-2020-36129 (AOM v2.0.1 was discovered to contain a stack buffer overflow via the c ...) - aom 3.2.0-1 [bullseye] - aom (Vulnerable code introduced later) [buster] - aom (Vulnerable code introduced later) NOTE: https://aomedia.googlesource.com/aom/+/7a20d10027fd91fbe11e38182a1d45238e102c4a%5E%21/#F0 (v3.0.0) NOTE: https://bugs.chromium.org/p/aomedia/issues/detail?id=2912&q=&can=1 CVE-2020-36128 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...) NOT-FOR-US: Pax Technology PAXSTORE CVE-2020-36127 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...) NOT-FOR-US: Pax Technology PAXSTORE CVE-2020-36126 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...) NOT-FOR-US: Pax Technology PAXSTORE CVE-2020-36125 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...) NOT-FOR-US: Pax Technology PAXSTORE CVE-2020-36124 (Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by ...) NOT-FOR-US: Pax Technology PAXSTORE CVE-2020-36123 RESERVED CVE-2020-36122 RESERVED CVE-2020-36121 RESERVED CVE-2020-36120 (Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsix ...) - libsixel (bug #988159) [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue; can be fixed in next update) NOTE: https://github.com/saitoha/libsixel/issues/143 CVE-2020-36119 RESERVED CVE-2020-36118 RESERVED CVE-2020-36117 RESERVED CVE-2020-36116 RESERVED CVE-2020-36115 (Stored Cross Site Scripting (XSS) vulnerability in EGavilan Media CRUD ...) NOT-FOR-US: EGavilan CVE-2020-36114 RESERVED CVE-2020-36113 RESERVED CVE-2020-36112 (CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-b ...) NOT-FOR-US: CSE Bookstore CVE-2020-36111 RESERVED CVE-2020-36110 RESERVED CVE-2020-36109 (ASUS RT-AX86U router firmware below version under 9.0.0.4_386 has a bu ...) NOT-FOR-US: ASUS RT-AX86U router firmware CVE-2020-36108 RESERVED CVE-2020-36107 RESERVED CVE-2020-36106 RESERVED CVE-2020-36105 RESERVED CVE-2020-36104 RESERVED CVE-2020-36103 RESERVED CVE-2020-36102 RESERVED CVE-2020-36101 RESERVED CVE-2020-36100 RESERVED CVE-2020-36099 RESERVED CVE-2020-36098 RESERVED CVE-2020-36097 RESERVED CVE-2020-36096 RESERVED CVE-2020-36095 RESERVED CVE-2020-36094 RESERVED CVE-2020-36093 RESERVED CVE-2020-36092 RESERVED CVE-2020-36091 RESERVED CVE-2020-36090 RESERVED CVE-2020-36089 RESERVED CVE-2020-36088 RESERVED CVE-2020-36087 RESERVED CVE-2020-36086 RESERVED CVE-2020-36085 RESERVED CVE-2020-36084 RESERVED CVE-2020-36083 RESERVED CVE-2020-36082 RESERVED CVE-2020-36081 RESERVED CVE-2020-36080 RESERVED CVE-2020-36079 (** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arb ...) NOT-FOR-US: Zenphoto CVE-2020-36078 RESERVED CVE-2020-36077 RESERVED CVE-2020-36076 RESERVED CVE-2020-36075 RESERVED CVE-2020-36074 RESERVED CVE-2020-36073 RESERVED CVE-2020-36072 RESERVED CVE-2020-36071 RESERVED CVE-2020-36070 RESERVED CVE-2020-36069 RESERVED CVE-2020-36068 RESERVED CVE-2020-36067 (GJSON <=v1.6.5 allows attackers to cause a denial of service (panic ...) - golang-github-tidwall-gjson 1.6.7-1 [buster] - golang-github-tidwall-gjson (Minor issue) NOTE: https://github.com/tidwall/gjson/issues/196 NOTE: https://github.com/tidwall/gjson/commit/bf4efcb3c18d1825b2988603dea5909140a5302b CVE-2020-36066 (GJSON <1.6.5 allows attackers to cause a denial of service (remote) ...) - golang-github-tidwall-gjson 1.6.7-1 [buster] - golang-github-tidwall-gjson (Minor issue) NOTE: https://github.com/tidwall/gjson/issues/195 NOTE: https://github.com/tidwall/match/commit/c2f534168b739a7ec1821a33839fb2f029f26bbc NOTE: fix in golang-github-tidwall-gjson is dependency on golang-github-tidwall-match v1.0.3 CVE-2020-36065 RESERVED CVE-2020-36064 RESERVED CVE-2020-36063 RESERVED CVE-2020-36062 RESERVED CVE-2020-36061 RESERVED CVE-2020-36060 RESERVED CVE-2020-36059 RESERVED CVE-2020-36058 RESERVED CVE-2020-36057 RESERVED CVE-2020-36056 RESERVED CVE-2020-36055 RESERVED CVE-2020-36054 RESERVED CVE-2020-36053 RESERVED CVE-2020-36052 (Directory traversal vulnerability in post-edit.php in MiniCMS V1.10 al ...) NOT-FOR-US: MiniCMS CVE-2020-36051 (Directory traversal vulnerability in page_edit.php in MiniCMS V1.10 al ...) NOT-FOR-US: MiniCMS CVE-2020-36050 RESERVED CVE-2020-36049 (socket.io-parser before 3.4.1 allows attackers to cause a denial of se ...) - node-socket.io-parser 3.4.1-1 [buster] - node-socket.io-parser (Minor issue) NOTE: https://blog.caller.xyz/socketio-engineio-dos/ NOTE: https://github.com/socketio/socket.io-parser/commit/dcb942d24db97162ad16a67c2a0cf30875342d55 CVE-2020-36048 (Engine.IO before 4.0.0 allows attackers to cause a denial of service ( ...) NOT-FOR-US: Engine.IO CVE-2020-36047 RESERVED CVE-2020-36046 RESERVED CVE-2020-36045 RESERVED CVE-2020-36044 RESERVED CVE-2020-36043 RESERVED CVE-2020-36042 RESERVED CVE-2020-36041 RESERVED CVE-2020-36040 RESERVED CVE-2020-36039 RESERVED CVE-2020-36038 RESERVED CVE-2020-36037 RESERVED CVE-2020-36036 RESERVED CVE-2020-36035 RESERVED CVE-2020-36034 RESERVED CVE-2020-36033 (SQL injection vulnerability in SourceCodester Water Billing System 1.0 ...) NOT-FOR-US: SourceCodester CVE-2020-36032 RESERVED CVE-2020-36031 RESERVED CVE-2020-36030 RESERVED CVE-2020-36029 RESERVED CVE-2020-36028 RESERVED CVE-2020-36027 RESERVED CVE-2020-36026 RESERVED CVE-2020-36025 RESERVED CVE-2020-36024 RESERVED CVE-2020-36023 RESERVED CVE-2020-36022 RESERVED CVE-2020-36021 RESERVED CVE-2020-36020 RESERVED CVE-2020-36019 RESERVED CVE-2020-36018 RESERVED CVE-2020-36017 RESERVED CVE-2020-36016 RESERVED CVE-2020-36015 RESERVED CVE-2020-36014 RESERVED CVE-2020-36013 RESERVED CVE-2020-36012 (Stored XSS vulnerability in BDTASK Multi-Store Inventory Management Sy ...) NOT-FOR-US: BDTASK Multi-Store Inventory Management System CVE-2020-36011 (A cross-site scripting (XSS) issue in Add Patient Form in QDOCS Smart ...) NOT-FOR-US: QDOCS Smart Hospital Management System CVE-2020-36010 RESERVED CVE-2020-36009 (OBottle 2.0 in \c\g.php contains an arbitrary file download vulnerabil ...) NOT-FOR-US: OBottle CVE-2020-36008 (OBottle 2.0 in \c\t.php contains an arbitrary file write vulnerability ...) NOT-FOR-US: OBottle CVE-2020-36007 (AppCMS 2.0.101 in /admin/template/tpl_app.php has a cross site scripti ...) NOT-FOR-US: AppCMS CVE-2020-36006 (AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulne ...) NOT-FOR-US: AppCMS CVE-2020-36005 (AppCMS 2.0.101 in /admin/app.php has an arbitrary file deletion vulner ...) NOT-FOR-US: AppCMS CVE-2020-36004 (AppCMS 2.0.101 in /admin/download_frame.php has a SQL injection vulner ...) NOT-FOR-US: AppCMS CVE-2020-36003 (The id parameter in detail.php of Online Book Store v1.0 is vulnerable ...) NOT-FOR-US: Online Book Store CVE-2020-36002 (Seat-Reservation-System 1.0 has a SQL injection vulnerability in index ...) NOT-FOR-US: Seat-Reservation-System CVE-2020-36001 RESERVED CVE-2020-36000 RESERVED CVE-2020-35999 RESERVED CVE-2020-35998 RESERVED CVE-2020-35997 RESERVED CVE-2020-35996 RESERVED CVE-2020-35995 RESERVED CVE-2020-35994 RESERVED CVE-2020-35993 RESERVED CVE-2020-35992 RESERVED CVE-2020-35991 RESERVED CVE-2020-35990 RESERVED CVE-2020-35989 RESERVED CVE-2020-35988 RESERVED CVE-2020-35987 (A stored cross site scripting (XSS) vulnerability in the 'Entities Lis ...) NOT-FOR-US: Rukovoditel CVE-2020-35986 (A stored cross site scripting (XSS) vulnerability in the 'Users Access ...) NOT-FOR-US: Rukovoditel CVE-2020-35985 (A stored cross site scripting (XSS) vulnerability in the 'Global Lists ...) NOT-FOR-US: Rukovoditel CVE-2020-35984 (A stored cross site scripting (XSS) vulnerability in the 'Users Alerts ...) NOT-FOR-US: Rukovoditel CVE-2020-35983 RESERVED CVE-2020-35982 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an i ...) - gpac 1.0.1+dfsg1-4 (bug #987374) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/a4eb327049132359cae54b59faec9e2f14c5a619 NOTE: https://github.com/gpac/gpac/issues/1660 CVE-2020-35981 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an i ...) - gpac 1.0.1+dfsg1-4 (bug #987374) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/commit/dae9900580a8888969481cd72035408091edb11b NOTE: https://github.com/gpac/gpac/issues/1659 CVE-2020-35980 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a us ...) - gpac (bug #987374; bug #990691) [bullseye] - gpac (Minor issue) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Vulnerable code introduced later) [buster] - ccextractor (Vulnerable code introduced later) NOTE: https://github.com/gpac/gpac/commit/5aba27604d957e960d8069d85ccaf868f8a7b07a NOTE: https://github.com/gpac/gpac/issues/1661 CVE-2020-35979 (An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap ...) - gpac 1.0.1+dfsg1-4 (bug #987374) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/b15020f54aff24aaeb64b80771472be8e64a7adc NOTE: https://github.com/gpac/gpac/issues/1662 CVE-2020-35978 RESERVED CVE-2020-35977 RESERVED CVE-2020-35976 RESERVED CVE-2020-35975 RESERVED CVE-2020-35974 RESERVED CVE-2020-35973 (An issue was discovered in zzcms2020. There is a XSS vulnerability tha ...) NOT-FOR-US: zzcms CVE-2020-35972 (An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability ...) NOT-FOR-US: YzmCMS CVE-2020-35971 (A storage XSS vulnerability is found in YzmCMS v5.8, which can be used ...) NOT-FOR-US: YzmCMS CVE-2020-35970 (An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability i ...) NOT-FOR-US: YzmCMS CVE-2020-35969 RESERVED CVE-2020-35968 RESERVED CVE-2020-35967 RESERVED CVE-2020-35966 RESERVED CVE-2020-35965 (decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds ...) {DSA-4990-1 DLA-2537-1} - ffmpeg 7:4.3.1-6 (bug #979999) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26532 NOTE: https://github.com/FFmpeg/FFmpeg/commit/3e5959b3457f7f1856d997261e6ac672bba49e8b NOTE: https://github.com/FFmpeg/FFmpeg/commit/b0a8b40294ea212c1938348ff112ef1b9bf16bb3 CVE-2020-35964 (track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bo ...) - ffmpeg 7:4.3.1-6 (bug #980000) [buster] - ffmpeg (Vulnerable code not present) [stretch] - ffmpeg (Vulnerable code introduced later) NOTE: https://github.com/FFmpeg/FFmpeg/commit/27a99e2c7d450fef15594671eef4465c8a166bd7 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26622 CVE-2020-35963 (flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out- ...) NOT-FOR-US: Fluent Bit CVE-2020-35962 (The sellTokenForLRC function in the vault protocol in the smart contra ...) NOT-FOR-US: Loopring (LRC) Ethereum token CVE-2020-35961 RESERVED CVE-2020-35960 RESERVED CVE-2020-35959 RESERVED CVE-2020-35958 RESERVED CVE-2020-35957 RESERVED CVE-2020-35956 RESERVED CVE-2020-35955 RESERVED CVE-2020-35954 RESERVED CVE-2020-35953 RESERVED CVE-2020-35952 (login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-3 ...) NOT-FOR-US: PHP-Fusion CVE-2020-35951 (An issue was discovered in the Quiz and Survey Master plugin before 7. ...) NOT-FOR-US: Quiz and Survey Master plugin for WordPress CVE-2020-35950 (An issue was discovered in the XCloner Backup and Restore plugin befor ...) NOT-FOR-US: XCloner Backup and Restore plugin for WordPress CVE-2020-35949 (An issue was discovered in the Quiz and Survey Master plugin before 7. ...) NOT-FOR-US: Quiz and Survey Master plugin for WordPress CVE-2020-35948 (An issue was discovered in the XCloner Backup and Restore plugin befor ...) NOT-FOR-US: XCloner Backup and Restore plugin for WordPress CVE-2020-35947 (An issue was discovered in the PageLayer plugin before 1.1.2 for WordP ...) NOT-FOR-US: PageLayer plugin for WordPress CVE-2020-35946 (An issue was discovered in the All in One SEO Pack plugin before 3.6.2 ...) NOT-FOR-US: All in One SEO Pack plugin for WordPress CVE-2020-35945 (An issue was discovered in the Divi Builder plugin, Divi theme, and Di ...) NOT-FOR-US: Divi Builder plugin, Divi theme, and Divi Extra theme for WordPress CVE-2020-35944 (An issue was discovered in the PageLayer plugin before 1.1.2 for WordP ...) NOT-FOR-US: PageLayer plugin for WordPress CVE-2020-35943 (A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugi ...) NOT-FOR-US: NextGEN Gallery plugin for WordPress CVE-2020-35942 (A Cross-Site Request Forgery (CSRF) issue in the NextGEN Gallery plugi ...) NOT-FOR-US: NextGEN Gallery plugin for WordPress CVE-2020-35941 RESERVED CVE-2020-35940 RESERVED CVE-2020-35939 (PHP Object injection vulnerabilities in the Team Showcase plugin befor ...) NOT-FOR-US: Team Showcase plugin for WordPress CVE-2020-35938 (PHP Object injection vulnerabilities in the Post Grid plugin before 2. ...) NOT-FOR-US: Post Grid plugin for WordPress CVE-2020-35937 (Stored Cross-Site Scripting (XSS) vulnerabilities in the Team Showcase ...) NOT-FOR-US: Team Showcase plugin for WordPress CVE-2020-35936 (Stored Cross-Site Scripting (XSS) vulnerabilities in the Post Grid plu ...) NOT-FOR-US: Post Grid plugin for WordPress CVE-2020-35935 (The Advanced Access Manager plugin before 6.6.2 for WordPress allows p ...) NOT-FOR-US: Advanced Access Manager plugin for WordPress CVE-2020-35934 (The Advanced Access Manager plugin before 6.6.2 for WordPress displays ...) NOT-FOR-US: Advanced Access Manager plugin for WordPress CVE-2020-35933 (A Reflected Authenticated Cross-Site Scripting (XSS) vulnerability in ...) NOT-FOR-US: Newsletter plugin for WordPress CVE-2020-35932 (Insecure Deserialization in the Newsletter plugin before 6.8.2 for Wor ...) NOT-FOR-US: Newsletter plugin for WordPress CVE-2020-35931 (An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1. ...) NOT-FOR-US: Foxit Reader CVE-2020-35930 (Seo Panel 4.8.0 allows stored XSS by an Authenticated User via the url ...) NOT-FOR-US: Seo Panel CVE-2020-35929 (In TinyCheck before commits 9fd360d and ea53de8, the installation scri ...) NOT-FOR-US: TinyCheck CVE-2020-35928 (An issue was discovered in the concread crate before 0.2.6 for Rust. A ...) NOT-FOR-US: concread rust crate CVE-2020-35927 (An issue was discovered in the thex crate through 2020-12-08 for Rust. ...) NOT-FOR-US: thex rust crate CVE-2020-35926 (An issue was discovered in the nanorand crate before 0.5.1 for Rust. I ...) NOT-FOR-US: nanorand rust crate CVE-2020-35925 (An issue was discovered in the magnetic crate before 2.0.1 for Rust. M ...) NOT-FOR-US: magnetic rust crate CVE-2020-35924 (An issue was discovered in the try-mutex crate before 0.3.0 for Rust. ...) NOT-FOR-US: try-mutex rust crate CVE-2020-35923 (An issue was discovered in the ordered-float crate before 1.1.1 and 2. ...) NOT-FOR-US: ordered-float rust crate CVE-2020-35922 (An issue was discovered in the mio crate before 0.7.6 for Rust. It has ...) - rust-mio (Vulnerable code introduced later) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0081.html NOTE: https://github.com/tokio-rs/mio/issues/1386 CVE-2020-35920 (An issue was discovered in the socket2 crate before 0.3.16 for Rust. I ...) - rust-socket2 0.3.19-1 [buster] - rust-socket2 (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0079.html NOTE: https://github.com/rust-lang/socket2-rs/issues/119 CVE-2020-35918 (An issue was discovered in the branca crate before 0.10.0 for Rust. De ...) NOT-FOR-US: branca rust crate CVE-2020-35917 (An issue was discovered in the pyo3 crate before 0.12.4 for Rust. Ther ...) NOT-FOR-US: pyo3 rust crate CVE-2020-35915 (An issue was discovered in the futures-intrusive crate before 0.4.0 fo ...) NOT-FOR-US: futures-intrusive rust crate CVE-2020-35909 (An issue was discovered in the multihash crate before 0.11.3 for Rust. ...) NOT-FOR-US: multihash rust crate CVE-2020-35908 (An issue was discovered in the futures-util crate before 0.3.2 for Rus ...) NOT-FOR-US: futures-util rust crate CVE-2020-35907 (An issue was discovered in the futures-task crate before 0.3.5 for Rus ...) - rust-futures-task (Fixed before the initial upload to Debian) NOTE: https://github.com/rust-lang/futures-rs/issues/2091 NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0061.html CVE-2020-35906 (An issue was discovered in the futures-task crate before 0.3.6 for Rus ...) - rust-futures-task (Fixed before the initial upload to Debian) NOTE: https://github.com/rust-lang/futures-rs/pull/2206 NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0060.html CVE-2020-35905 (An issue was discovered in the futures-util crate before 0.3.7 for Rus ...) NOT-FOR-US: futures-util rust crate CVE-2020-35904 (An issue was discovered in the crossbeam-channel crate before 0.4.4 fo ...) - rust-crossbeam-channel 0.4.4-1 [buster] - rust-crossbeam-channel (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0052.html NOTE: https://github.com/crossbeam-rs/crossbeam/pull/533 CVE-2020-35903 (An issue was discovered in the dync crate before 0.5.0 for Rust. VecCo ...) NOT-FOR-US: dync rust create CVE-2020-35902 (An issue was discovered in the actix-codec crate before 0.3.0-beta.1 f ...) NOT-FOR-US: actix-codec rust crate CVE-2020-35901 (An issue was discovered in the actix-http crate before 2.0.0-alpha.1 f ...) NOT-FOR-US: actix-http rust crate CVE-2020-35900 (An issue was discovered in the array-queue crate through 2020-09-26 fo ...) NOT-FOR-US: array-queue rust crate CVE-2020-35899 (An issue was discovered in the actix-service crate before 1.0.6 for Ru ...) NOT-FOR-US: actix-service rust crate CVE-2020-35898 (An issue was discovered in the actix-utils crate before 2.0.0 for Rust ...) NOT-FOR-US: actix-utils rust crate CVE-2020-35897 (An issue was discovered in the atom crate before 0.3.6 for Rust. An un ...) NOT-FOR-US: atom rust crate CVE-2020-35896 (An issue was discovered in the ws crate through 2020-09-25 for Rust. T ...) NOT-FOR-US: ws rust crate CVE-2020-35895 (An issue was discovered in the stack crate before 0.3.1 for Rust. Arra ...) NOT-FOR-US: stack rust crate CVE-2020-35894 (An issue was discovered in the obstack crate before 0.1.4 for Rust. Un ...) NOT-FOR-US: obstack rust crate CVE-2020-35893 (An issue was discovered in the simple-slab crate before 0.3.3 for Rust ...) NOT-FOR-US: simple-slab rust crate CVE-2020-35892 (An issue was discovered in the simple-slab crate before 0.3.3 for Rust ...) NOT-FOR-US: simple-slab rust crate CVE-2020-35891 (An issue was discovered in the ordnung crate through 2020-09-03 for Ru ...) NOT-FOR-US: ordnung rust crate CVE-2020-35890 (An issue was discovered in the ordnung crate through 2020-09-03 for Ru ...) NOT-FOR-US: ordnung rust crate CVE-2020-35889 (An issue was discovered in the crayon crate through 2020-08-31 for Rus ...) NOT-FOR-US: crayon rust crate CVE-2020-35888 (An issue was discovered in the arr crate through 2020-08-25 for Rust. ...) NOT-FOR-US: arr rust crate CVE-2020-35887 (An issue was discovered in the arr crate through 2020-08-25 for Rust. ...) NOT-FOR-US: arr rust crate CVE-2020-35886 (An issue was discovered in the arr crate through 2020-08-25 for Rust. ...) NOT-FOR-US: arr rust crate CVE-2020-35885 (An issue was discovered in the alpm-rs crate through 2020-08-20 for Ru ...) NOT-FOR-US: alpm-rs rust crate CVE-2020-35884 (An issue was discovered in the tiny_http crate through 2020-06-16 for ...) NOT-FOR-US: tiny_http rust crate CVE-2020-35883 (An issue was discovered in the mozwire crate through 2020-08-18 for Ru ...) NOT-FOR-US: mozwire rust crate CVE-2020-35882 (An issue was discovered in the rocket crate before 0.4.5 for Rust. Loc ...) NOT-FOR-US: rocket rust crate CVE-2020-35881 (An issue was discovered in the traitobject crate through 2020-06-01 fo ...) NOT-FOR-US: traitobject rust crate CVE-2020-35880 (An issue was discovered in the bigint crate through 2020-05-07 for Rus ...) NOT-FOR-US: bigint rust create (different from rust-num-bigint) CVE-2020-35879 (An issue was discovered in the rulinalg crate through 2020-02-11 for R ...) NOT-FOR-US: rulinalg rust crate CVE-2020-35878 (An issue was discovered in the ozone crate through 2020-07-04 for Rust ...) NOT-FOR-US: ozone rust crate CVE-2020-35877 (An issue was discovered in the ozone crate through 2020-07-04 for Rust ...) NOT-FOR-US: ozone rust crate CVE-2020-35876 (An issue was discovered in the rio crate through 2020-05-11 for Rust. ...) NOT-FOR-US: rio rust crate CVE-2020-35875 (An issue was discovered in the tokio-rustls crate before 0.13.1 for Ru ...) NOT-FOR-US: Rust crate tokio-rustls NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0019.html CVE-2020-35874 (An issue was discovered in the internment crate through 2020-05-28 for ...) NOT-FOR-US: internment rust crate CVE-2020-35873 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...) NOT-FOR-US: rusqlite rust crate CVE-2020-35872 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...) NOT-FOR-US: rusqlite rust crate CVE-2020-35871 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...) NOT-FOR-US: rusqlite rust crate CVE-2020-35870 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...) NOT-FOR-US: rusqlite rust crate CVE-2020-35869 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...) NOT-FOR-US: rusqlite rust crate CVE-2020-35868 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...) NOT-FOR-US: rusqlite rust crate CVE-2020-35867 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...) NOT-FOR-US: rusqlite rust crate CVE-2020-35866 (An issue was discovered in the rusqlite crate before 0.23.0 for Rust. ...) NOT-FOR-US: rusqlite rust crate CVE-2020-35865 (An issue was discovered in the os_str_bytes crate before 2.0.0 for Rus ...) NOT-FOR-US: Rust os_str_bytes CVE-2020-35864 (An issue was discovered in the flatbuffers crate through 2020-04-11 fo ...) NOT-FOR-US: flatbuffers rust crate CVE-2020-35863 (An issue was discovered in the hyper crate before 0.12.34 for Rust. HT ...) - rust-hyper 0.12.35-1 NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0008.html NOTE: https://github.com/hyperium/hyper/issues/1925 CVE-2020-35862 (An issue was discovered in the bitvec crate before 0.17.4 for Rust. Bi ...) NOT-FOR-US: bitvec rust crate CVE-2020-35860 (An issue was discovered in the cbox crate through 2020-03-19 for Rust. ...) NOT-FOR-US: cbox rust crate CVE-2020-35859 (An issue was discovered in the lucet-runtime-internals crate before 0. ...) NOT-FOR-US: lucet-runtime-internals rust crate CVE-2020-35858 (An issue was discovered in the prost crate before 0.6.1 for Rust. Ther ...) NOT-FOR-US: prost rust crate CVE-2020-35857 (An issue was discovered in the trust-dns-server crate before 0.18.1 fo ...) NOT-FOR-US: Rust trust-dns-server CVE-2020-35856 (SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by ...) NOT-FOR-US: SolarWinds CVE-2020-35855 RESERVED CVE-2020-35854 (Textpattern 4.8.4 is affected by cross-site scripting (XSS) in the Bod ...) NOT-FOR-US: Textpattern CMS CVE-2020-35853 (4images Image Gallery Management System 1.7.11 is affected by cross-si ...) NOT-FOR-US: 4images Image Gallery Management System CVE-2020-35852 (Chatbox is affected by cross-site scripting (XSS). An attacker has to ...) NOT-FOR-US: Chatbox CVE-2020-35851 (HGiga MailSherlock does not validate specific parameters properly. Att ...) NOT-FOR-US: HGiga MailSherlock CVE-2020-35850 (** DISPUTED ** An SSRF issue was discovered in cockpit-project.org Coc ...) NOTE: Bug disputed by upstream NOTE: https://github.com/cockpit-project/cockpit/issues/15077 CVE-2020-35849 (An issue was discovered in MantisBT before 2.24.4. An incorrect access ...) - mantis CVE-2020-35848 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...) NOT-FOR-US: Agentejo Cockpit CVE-2020-35847 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...) NOT-FOR-US: Agentejo Cockpit CVE-2020-35846 (Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controll ...) NOT-FOR-US: Agentejo Cockpit CVE-2020-35845 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...) NOT-FOR-US: FastStone Image Viewer CVE-2020-35844 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...) NOT-FOR-US: FastStone Image Viewer CVE-2020-35843 (FastStone Image Viewer 7.5 has an out-of-bounds write (via a crafted i ...) NOT-FOR-US: FastStone Image Viewer CVE-2020-35842 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) NOT-FOR-US: Netgear CVE-2020-35841 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) NOT-FOR-US: Netgear CVE-2020-35840 (Certain NETGEAR devices are affected by stored XSS. This affects D6200 ...) NOT-FOR-US: Netgear CVE-2020-35839 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35838 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35837 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35836 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35835 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35834 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35833 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35832 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35831 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35830 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35829 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35828 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35827 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35826 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35825 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35824 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35823 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35822 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35821 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35820 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35819 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35818 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35817 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35816 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35815 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35814 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35813 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35812 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35811 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35810 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35809 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35808 (Certain NETGEAR devices are affected by stored XSS. This affects D6100 ...) NOT-FOR-US: Netgear CVE-2020-35807 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35806 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35805 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-35804 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2020-35803 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2020-35802 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2020-35801 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2020-35800 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2020-35799 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2020-35798 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2020-35797 (NETGEAR NMS300 devices before 1.6.0.27 are affected by command injecti ...) NOT-FOR-US: Netgear CVE-2020-35796 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2020-35795 (Certain NETGEAR devices are affected by a buffer overflow by an unauth ...) NOT-FOR-US: Netgear CVE-2020-35794 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-35793 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-35792 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-35791 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-35790 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-35789 (NETGEAR NMS300 devices before 1.6.0.27 are affected by command injecti ...) NOT-FOR-US: Netgear CVE-2020-35788 (NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overfl ...) NOT-FOR-US: Netgear CVE-2020-35787 (Certain NETGEAR devices are affected by a buffer overflow by an authen ...) NOT-FOR-US: Netgear CVE-2020-35786 (NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflo ...) NOT-FOR-US: Netgear CVE-2020-35785 (NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authenticat ...) NOT-FOR-US: Netgear CVE-2020-35784 (Certain NETGEAR devices are affected by lack of access control at the ...) NOT-FOR-US: Netgear CVE-2020-35783 (Certain NETGEAR devices are affected by lack of access control at the ...) NOT-FOR-US: Netgear CVE-2020-35782 (Certain NETGEAR devices are affected by lack of access control at the ...) NOT-FOR-US: Netgear CVE-2020-35781 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...) NOT-FOR-US: Netgear CVE-2020-35780 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...) NOT-FOR-US: Netgear CVE-2020-35779 (NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of servi ...) NOT-FOR-US: Netgear CVE-2020-35778 (Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 be ...) NOT-FOR-US: Netgear CVE-2020-35777 (NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command inj ...) NOT-FOR-US: Netgear CVE-2020-35776 (A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk version ...) - asterisk 1:16.16.1~dfsg-1 (bug #983158) [buster] - asterisk (Minor issue) [stretch] - asterisk (Minor issue) NOTE: https://downloads.asterisk.org/pub/security/AST-2021-001.html NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29227 CVE-2020-35775 (CITSmart before 9.1.2.23 allows LDAP Injection. ...) NOT-FOR-US: CITSmart CVE-2020-35774 (server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (a ...) NOT-FOR-US: Twitter TwitterServer CVE-2020-35773 (The site-offline plugin before 1.4.4 for WordPress lacks certain wp_cr ...) NOT-FOR-US: site-offline plugin for WordPress CVE-2020-35772 RESERVED CVE-2020-35771 RESERVED CVE-2020-35770 RESERVED CVE-2020-35769 (miniserv.pl in Webmin 1.962 on Windows mishandles special characters i ...) - webmin CVE-2020-35768 RESERVED CVE-2020-35767 RESERVED CVE-2020-35766 (The test suite in libopendkim in OpenDKIM through 2.10.3 allows local ...) - opendkim (unimportant) NOTE: https://github.com/trusteddomainproject/OpenDKIM/issues/113 CVE-2020-35765 (doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho Manag ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-35764 RESERVED CVE-2020-35763 RESERVED CVE-2020-35762 (bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' pa ...) NOT-FOR-US: bloofoxCMS CVE-2020-35761 (bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers t ...) NOT-FOR-US: bloofoxCMS CVE-2020-35760 (bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allo ...) NOT-FOR-US: bloofoxCMS CVE-2020-35759 (bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an att ...) NOT-FOR-US: bloofoxCMS CVE-2020-35758 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...) NOT-FOR-US: Libre Wireless LS9 LS1.5/p7040 devices CVE-2020-35757 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...) NOT-FOR-US: Libre Wireless LS9 LS1.5/p7040 devices CVE-2020-35756 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...) NOT-FOR-US: Libre Wireless LS9 LS1.5/p7040 devices CVE-2020-35755 (An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. The ...) NOT-FOR-US: Libre Wireless LS9 LS1.5/p7040 devices CVE-2020-35754 (OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authe ...) NOT-FOR-US: OpenSolution Quick.CMS CVE-2020-35753 (The job posting recommendation form in Persis Human Resource Managemen ...) NOT-FOR-US: Persis Human Resource Management Portal CVE-2020-35752 (Baby Care System 1.0 is affected by a cross-site scripting (XSS) vulne ...) NOT-FOR-US: Baby Care System CVE-2020-35751 RESERVED CVE-2020-35750 RESERVED CVE-2020-35749 (Directory traversal vulnerability in class-simple_job_board_resume_dow ...) NOT-FOR-US: Simple Board Job plugin for WordPress CVE-2020-35748 (Cross-site scripting (XSS) vulnerability in models/list-table.php in t ...) NOT-FOR-US: FV Flowplayer Video Player plugin for WordPress CVE-2020-35747 RESERVED CVE-2020-35746 RESERVED CVE-2020-35745 (PHPGURUKUL Hospital Management System V 4.0 does not properly restrict ...) NOT-FOR-US: PHPGURUKUL Hospital Management System CVE-2020-35744 RESERVED CVE-2020-35743 (HGiga MailSherlock contains a SQL injection flaw. Attackers can inject ...) NOT-FOR-US: HGiga MailSherlock CVE-2020-35742 (HGiga MailSherlock contains a vulnerability of SQL Injection. Attacker ...) NOT-FOR-US: HGiga MailSherlock CVE-2020-35741 (HGiga MailSherlock does not validate user parameters on multiple login ...) NOT-FOR-US: HGiga MailSherlock CVE-2020-35740 (HGiga MailSherlock does not validate specific URL parameters properly ...) NOT-FOR-US: HGiga MailSherlock CVE-2020-35739 RESERVED CVE-2020-35738 (WavPack 5.3.0 has an out-of-bounds write in WavpackPackSamples in pack ...) {DLA-2525-1} - wavpack 5.3.0-2 (bug #978548) [buster] - wavpack (Minor issue) NOTE: https://github.com/dbry/WavPack/issues/91 NOTE: https://github.com/dbry/WavPack/commit/63f3ec70129843dd64e11aa4c21c4a1cf00c9f1c NOTE: https://github.com/dbry/WavPack/commit/89df160596132e3bd666322e1c20b2ebd4b92cd0 CVE-2020-35737 (In Correspondence Management System (corms) in Newgen eGov 12.0, an at ...) NOT-FOR-US: Correspondence Management System (corms) in Newgen eGov CVE-2020-35736 (GateOne 1.1 allows arbitrary file download without authentication via ...) NOT-FOR-US: GateOne CVE-2020-35735 (Vidyo 02-09-/D allows clickjacking via the portal/ URI. ...) NOT-FOR-US: Vidyo CVE-2020-35734 (** UNSUPPORTED WHEN ASSIGNED ** Sruu.pl in Batflat 1.3.6 allows an aut ...) NOT-FOR-US: Batflat CVE-2020-35733 (An issue was discovered in Erlang/OTP before 23.2.2. The ssl applicati ...) - erlang 1:23.2.2+dfsg-1 (bug #980199) [buster] - erlang (Vulnerable code introduced later) [stretch] - erlang (Vulnerable code introduced later) NOTE: https://erlang.org/pipermail/erlang-questions/2021-January/100357.html NOTE: Introduced in: https://github.com/erlang/otp/commit/d24a220c3b867caef83026ba31d2656366da4322 (OTP-23.2) NOTE: Fixed by: https://github.com/erlang/otp/commit/a59f3c4d2be19343f43c46241d0f4e30dd5563de (OTP-23.2.2) NOTE: Fixed by: https://github.com/erlang/otp/commit/c515e8d74fb92430c619eaa2dd00c89d94c6770a (OTP-23.2.2) NOTE: Fixed by: https://github.com/erlang/otp/commit/11a098cb0bcc30d7c424f01c60bfefd1deece287 (OTP-23.2.2) NOTE: Fixed by: https://github.com/erlang/otp/commit/95222bb877515345d6716f3bc36139ab52211af0 (OTP-23.2.2) CVE-2020-35732 RESERVED CVE-2020-35731 RESERVED CVE-2020-35730 (An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x ...) {DSA-4821-1 DLA-2508-1} - roundcube 1.4.10+dfsg.1-1 (bug #978491) NOTE: https://github.com/roundcube/roundcubemail/commit/0bceba301aa621ecc0263eac17beee2a4cef0c6d (1.4.10) NOTE: https://github.com/roundcube/roundcubemail/commit/a06ec1dcf9c972d302b16e1ac6aa079a4f6a1c3e (1.3.16) NOTE: https://github.com/roundcube/roundcubemail/commit/47e4d44f62ea16f923761d57f1773a66d51afad4 (1.2.13) CVE-2020-35729 (KLog Server 2.4.1 allows OS command injection via shell metacharacters ...) NOT-FOR-US: KLog Server CVE-2020-35728 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2999 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/1ca0388c2fb37ac6a06f1c188ae89c41e3e15e84 CVE-2020-35727 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35726 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35725 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35724 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35723 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35722 (** UNSUPPORTED WHEN ASSIGNED ** CSRF in Web Compliance Manager in Ques ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35721 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35720 (** UNSUPPORTED WHEN ASSIGNED ** Stored XSS in Quest Policy Authority 8 ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35719 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35718 RESERVED CVE-2020-35717 (zonote through 0.4.0 allows XSS via a crafted note, with resultant Rem ...) NOT-FOR-US: zonote CVE-2020-35716 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attacker ...) NOT-FOR-US: Belkin LINKSYS RE6500 devices CVE-2020-35715 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenti ...) NOT-FOR-US: Belkin LINKSYS RE6500 devices CVE-2020-35714 (Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authentic ...) NOT-FOR-US: Belkin LINKSYS RE6500 devices CVE-2020-35713 (Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attacker ...) NOT-FOR-US: Belkin LINKSYS RE6500 devices CVE-2020-35712 (Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configura ...) NOT-FOR-US: Esri ArcGIS Server CVE-2020-35710 (Parallels Remote Application Server (RAS) 18 allows remote attackers t ...) NOT-FOR-US: Parallels Remote Application Server (RAS) CVE-2020-35709 (bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with ...) NOT-FOR-US: bloofoxCMS CVE-2020-35711 (An issue has been discovered in the arc-swap crate before 0.4.8 (and 1 ...) - rust-arc-swap 0.4.8-1 (bug #985090) [buster] - rust-arc-swap (Minor issue) NOTE: https://github.com/vorner/arc-swap/issues/45 NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0091.html CVE-2020-35708 (phpList 3.5.9 allows SQL injection by admins who provide a crafted fou ...) - phplist (bug #612288) CVE-2020-35707 (Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the ...) NOT-FOR-US: Daybyday CVE-2020-35706 (Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Pr ...) NOT-FOR-US: Daybyday CVE-2020-35705 (Daybyday 2.1.0 allows stored XSS via the Name parameter to the New Use ...) NOT-FOR-US: Daybyday CVE-2020-35704 (Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Le ...) NOT-FOR-US: Daybyday CVE-2020-35703 RESERVED CVE-2020-35702 (** DISPUTED ** DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 ...) - poppler (Vulnerable code introduced later) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011 NOTE: Introduced by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/f1c3ded779582aef5f2cbaf29bc5da7a8eae6f69 NOTE: Fixed by: https://gitlab.freedesktop.org/poppler/poppler/-/commit/ae614bf8ab42c9d0c7ac57ecdfdcbcfc4ff6c639 CVE-2020-35701 (An issue was discovered in Cacti 1.2.x through 1.2.16. A SQL injection ...) - cacti 1.2.16+ds1-2 (bug #979998) [buster] - cacti 1.2.2+ds1-2+deb10u4 [stretch] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/issues/4022 NOTE: https://asaf.me/2020/12/15/cacti-1-2-0-to-1-2-16-sql-injection/ NOTE: Introduced in: https://github.com/Cacti/cacti/commit/6e1b8431b77efe55ba5115e35fe045e101dd619b (1.2.0) NOTE: Fixed by: https://github.com/Cacti/cacti/commit/565e0604a53f4988dc5b544d01f4a631eaa80d82 CVE-2020-35700 (A second-order SQL injection issue in Widgets/TopDevicesController.php ...) NOT-FOR-US: LibreNMS CVE-2020-35699 RESERVED CVE-2020-35698 RESERVED CVE-2020-35697 RESERVED CVE-2020-35696 RESERVED CVE-2020-35695 RESERVED CVE-2020-35694 RESERVED CVE-2020-35693 (On some Samsung phones and tablets running Android through 7.1.1, it i ...) NOT-FOR-US: Samsung CVE-2020-35692 RESERVED CVE-2020-35691 RESERVED CVE-2020-35690 RESERVED CVE-2020-35689 RESERVED CVE-2020-35688 RESERVED CVE-2020-35687 (PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to ...) NOT-FOR-US: PHP-Fusion CVE-2020-35686 (The SECOMN service in Sound Research DCHU model software component mod ...) NOT-FOR-US: Sound Research CVE-2020-35685 (An issue was discovered in HCC Nichestack 3.0. The code that generates ...) NOT-FOR-US: HCC Nichestack CVE-2020-35684 (An issue was discovered in HCC Nichestack 3.0. The code that parses TC ...) NOT-FOR-US: HCC Nichestack CVE-2020-35683 (An issue was discovered in HCC Nichestack 3.0. The code that parses IC ...) NOT-FOR-US: HCC Nichestack CVE-2020-35682 (Zoho ManageEngine ServiceDesk Plus before 11134 allows an Authenticati ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2020-35681 (Django Channels 3.x before 3.0.3 allows remote attackers to obtain sen ...) - python-django-channels 3.0.3-1 (bug #979376) [buster] - python-django-channels (Minor issue) NOTE: https://channels.readthedocs.io/en/latest/releases/3.0.3.html NOTE: https://github.com/django/channels/commit/e85874d9630474986a6937430eac52db79a2a022 (3.0.3) CVE-2020-35680 (smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurati ...) - opensmtpd 6.8.0p2-1 (bug #978039) [buster] - opensmtpd (Minor issue) [stretch] - opensmtpd (new filter grammar support added in ec69ed85b6c) NOTE: https://github.com/openbsd/src/commit/6c3220444ed06b5796dedfd53a0f4becd903c0d1 NOTE: https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html CVE-2020-35679 (smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, whi ...) - opensmtpd 6.8.0p2-1 (bug #978038) [buster] - opensmtpd (Minor issue) [stretch] - opensmtpd (regex table supported added > 6.4.0 according to CHANGES.md) NOTE: https://github.com/openbsd/src/commit/79a034b4aed29e965f45a13409268290c9910043 NOTE: https://www.mail-archive.com/misc@opensmtpd.org/msg05188.html CVE-2020-35678 (Autobahn|Python before 20.12.3 allows redirect header injection. ...) - python-autobahn 17.10.1+dfsg1-7 (bug #978416) [buster] - python-autobahn (Minor issue) [stretch] - python-autobahn (Need a package which is not in this suite) NOTE: https://github.com/crossbario/autobahn-python/pull/1439 NOTE: https://github.com/crossbario/autobahn-python/commit/f7b7ad5c1066bdcc551775b73da15dca5c111623 (v20.12.3) CVE-2020-35677 (BigProf Online Invoicing System before 4.0 fails to adequately sanitiz ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2020-35676 (BigProf Online Invoicing System before 3.1 fails to correctly sanitize ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2020-35675 (BigProf Online Invoicing System before 3.0 offers a functionality that ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2020-35674 (BigProf Online Invoicing System before 2.9 suffers from an unauthentic ...) NOT-FOR-US: BigProf Online Invoicing System CVE-2020-35673 RESERVED CVE-2020-35672 RESERVED CVE-2020-35671 RESERVED CVE-2020-35670 RESERVED CVE-2020-35669 (An issue was discovered in the http package through 0.12.2 for Dart. I ...) NOT-FOR-US: Dart http CVE-2020-35668 (RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that lead ...) NOT-FOR-US: RedisGraph CVE-2020-35667 (JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-35666 (Steedos Platform through 1.21.24 allows NoSQL injection because the /a ...) NOT-FOR-US: Steedos Platform CVE-2020-35665 (An unauthenticated command-execution vulnerability exists in TerraMast ...) NOT-FOR-US: TerraMaster TOS CVE-2020-35664 (An issue was discovered in Acronis Cyber Protect before 15 Update 1 bu ...) NOT-FOR-US: Acronis CVE-2020-35663 RESERVED CVE-2020-35662 (In SaltStack Salt before 3002.5, when authenticating to services using ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2020-35661 RESERVED CVE-2020-35660 (Cross Site Scripting (XSS) in Monica before 2.19.1 via the journal pag ...) NOT-FOR-US: Monica CVE-2020-35659 (The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. ...) NOT-FOR-US: Pi-hole CVE-2020-35658 (SpamTitan before 7.09 allows attackers to tamper with backups, because ...) NOT-FOR-US: SpamTitan CVE-2020-35657 (Jaws through 1.8.0 allows remote authenticated administrators to execu ...) NOT-FOR-US: Jaws CVE-2020-35656 (Jaws through 1.8.0 allows remote authenticated administrators to execu ...) NOT-FOR-US: Jaws CVE-2020-35655 (In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read whe ...) - pillow 8.1.0-1 [buster] - pillow (Minor issue) [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security NOTE: https://github.com/python-pillow/Pillow/pull/5173 NOTE: https://github.com/python-pillow/Pillow/commit/120eea2e4547a7d1826afdf01563035844f0b7d5 NOTE: Introduced in https://github.com/python-pillow/Pillow/commit/a90dc4910045f5c6c119b582d4fd2e4841cd51f8 (4.3.0) CVE-2020-35654 (In Pillow before 8.1.0, TiffDecode has a heap-based buffer overflow wh ...) - pillow 8.1.0-1 [buster] - pillow (Vulnerable code not present) [stretch] - pillow (Vulnerable code introduced later) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security NOTE: https://github.com/python-pillow/Pillow/pull/5175 NOTE: https://github.com/python-pillow/Pillow/commit/eb8c1206d6b170d4e798a00db7432e023853da5c NOTE: Introduced in: https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0) CVE-2020-35653 (In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding ...) {DLA-2716-1} - pillow 8.1.0-1 [buster] - pillow (Minor issue) NOTE: https://pillow.readthedocs.io/en/stable/releasenotes/8.1.0.html#security NOTE: https://github.com/python-pillow/Pillow/pull/5174 NOTE: https://github.com/python-pillow/Pillow/commit/2f409261eb1228e166868f8f0b5da5cda52e55bf CVE-2020-35652 (An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk b ...) - asterisk 1:16.15.1~dfsg-1 (bug #979372) [buster] - asterisk (Minor issue) [stretch] - asterisk (Minor issue) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29191 NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29219 NOTE: https://downloads.asterisk.org/pub/security/AST-2020-003.html NOTE: https://downloads.asterisk.org/pub/security/AST-2020-003-13.diff (Asterisk 13.x) NOTE: https://downloads.asterisk.org/pub/security/AST-2020-003-16.diff (Asterisk 16.x) NOTE: https://downloads.asterisk.org/pub/security/AST-2020-004.html CVE-2020-35651 RESERVED CVE-2020-35650 (Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups ...) NOT-FOR-US: Uncanny Groups for LearnDash CVE-2020-35649 RESERVED CVE-2020-35648 RESERVED CVE-2020-35647 RESERVED CVE-2020-35646 RESERVED CVE-2020-35645 RESERVED CVE-2020-35644 RESERVED CVE-2020-35643 RESERVED CVE-2020-35642 RESERVED CVE-2020-35641 RESERVED CVE-2020-35640 RESERVED CVE-2020-35639 RESERVED CVE-2020-35638 RESERVED CVE-2020-35637 RESERVED CVE-2020-35636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) {DLA-2649-1} - cgal 5.2-3 (bug #985671) [buster] - cgal (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 CVE-2020-35635 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) {DLA-2649-1} - cgal 5.2-3 (bug #985671) [buster] - cgal (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 CVE-2020-35634 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) {DLA-2649-1} - cgal 5.2-3 (bug #985671) [buster] - cgal (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 CVE-2020-35633 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) {DLA-2649-1} - cgal 5.2-3 (bug #985671) [buster] - cgal (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 CVE-2020-35632 RESERVED CVE-2020-35631 RESERVED CVE-2020-35630 RESERVED CVE-2020-35629 RESERVED CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) {DLA-2649-1} - cgal 5.2-3 (bug #985671) [buster] - cgal (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 CVE-2020-35627 (Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vul ...) NOT-FOR-US: Ultimate WooCommerce Gift Cards CVE-2020-35626 (An issue was discovered in the PushToWatch extension for MediaWiki thr ...) NOT-FOR-US: PushToWatch MediaWiki extension CVE-2020-35625 (An issue was discovered in the Widgets extension for MediaWiki through ...) NOT-FOR-US: Widgets MediaWiki extension CVE-2020-35624 (An issue was discovered in the SecurePoll extension for MediaWiki thro ...) NOT-FOR-US: SecurePoll MediaWiki extension CVE-2020-35623 (An issue was discovered in the CasAuth extension for MediaWiki through ...) NOT-FOR-US: CasAuth MediaWiki extension CVE-2020-35622 (An issue was discovered in the GlobalUsage extension for MediaWiki thr ...) NOT-FOR-US: GlobalUsage MediaWiki extension CVE-2020-35621 REJECTED CVE-2020-35620 REJECTED CVE-2020-35619 REJECTED CVE-2020-35618 REJECTED CVE-2020-35617 REJECTED CVE-2020-35616 (An issue was discovered in Joomla! 1.7.0 through 3.9.22. Lack of input ...) NOT-FOR-US: Joomla! CVE-2020-35615 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. A missing tok ...) NOT-FOR-US: Joomla! CVE-2020-35614 (An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper hand ...) NOT-FOR-US: Joomla! CVE-2020-35613 (An issue was discovered in Joomla! 3.0.0 through 3.9.22. Improper filt ...) NOT-FOR-US: Joomla! CVE-2020-35612 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The folder pa ...) NOT-FOR-US: Joomla! CVE-2020-35611 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The globlal c ...) NOT-FOR-US: Joomla! CVE-2020-35610 (An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosugge ...) NOT-FOR-US: Joomla! CVE-2020-35609 (A denial-of-service vulnerability exists in the asynchronous ioctl fun ...) NOT-FOR-US: Microsoft Azure Sphere CVE-2020-35608 (A code execution vulnerability exists in the normal world’s sign ...) NOT-FOR-US: Microsoft Azure Sphere CVE-2020-35607 RESERVED CVE-2020-35606 (Arbitrary command execution can occur in Webmin through 1.962. Any use ...) - webmin CVE-2020-35605 (The Graphics Protocol feature in graphics.c in kitty before 0.19.3 all ...) {DSA-4819-1} - kitty 0.19.3-1 NOTE: https://github.com/kovidgoyal/kitty/commit/82c137878c2b99100a3cdc1c0f0efea069313901 (v0.19.3) NOTE: https://github.com/kovidgoyal/kitty/issues/3128 CVE-2020-35604 (An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. ...) NOT-FOR-US: Kronos WebTA CVE-2020-35603 RESERVED CVE-2020-35602 RESERVED CVE-2020-35601 RESERVED CVE-2020-35600 RESERVED CVE-2020-35599 RESERVED CVE-2020-35598 (ACS Advanced Comment System 1.0 is affected by Directory Traversal via ...) NOT-FOR-US: ACS Advanced Comment System CVE-2020-35597 RESERVED CVE-2020-35596 RESERVED CVE-2020-35595 RESERVED CVE-2020-35594 (Zoho ManageEngine ADManager Plus before 7066 allows XSS. ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-35593 RESERVED CVE-2020-35592 (Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the a ...) NOT-FOR-US: Pi-hole CVE-2020-35591 (Pi-hole 5.0, 5.1, and 5.1.1 allows Session Fixation. The application d ...) NOT-FOR-US: Pi-hole CVE-2020-35590 (LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin bef ...) NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress CVE-2020-35589 (The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress a ...) NOT-FOR-US: limit-login-attempts-reloaded plugin for WordPress CVE-2020-35588 RESERVED CVE-2020-35587 (** DISPUTED ** In Solstice Pod before 3.0.3, the firmware can easily b ...) NOT-FOR-US: Solstice Pod CVE-2020-35586 (In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password ...) NOT-FOR-US: Solstice Pod CVE-2020-35585 (In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enume ...) NOT-FOR-US: Solstice Pod CVE-2020-35584 (In Solstice Pod before 3.0.3, the web services allow users to connect ...) NOT-FOR-US: Solstice Pod CVE-2020-35583 RESERVED CVE-2020-35582 (A stored cross-site scripting (XSS) issue in Envira Gallery Lite befor ...) NOT-FOR-US: Envira Gallery Lite CVE-2020-35581 (A stored cross-site scripting (XSS) issue in Envira Gallery Lite befor ...) NOT-FOR-US: Envira Gallery Lite CVE-2020-35580 (A local file inclusion vulnerability in the FileServlet in all SearchB ...) NOT-FOR-US: searchblox CVE-2020-35579 (tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%& ...) NOT-FOR-US: tindy2013 CVE-2020-35578 (An issue was discovered in the Manage Plugins page in Nagios XI before ...) NOT-FOR-US: Nagios XI CVE-2020-35577 (In Endalia Selection Portal before 4.205.0, an Insecure Direct Object ...) NOT-FOR-US: Endalia Selection Portal CVE-2020-35576 (A Command Injection issue in the traceroute feature on TP-Link TL-WR84 ...) NOT-FOR-US: TP-Link CVE-2020-35575 (A password-disclosure issue in the web interface on certain TP-Link de ...) NOT-FOR-US: TP-Link CVE-2020-35574 RESERVED CVE-2020-35572 (Adminer through 4.7.8 allows XSS via the history parameter to the defa ...) - adminer 4.7.9-1 [buster] - adminer (Minor issue) [stretch] - adminer (Vulnerable code introduced in v4.7.0) NOTE: https://sourceforge.net/p/adminer/bugs-and-features/775/ NOTE: https://github.com/vrana/adminer/security/advisories/GHSA-9pgx-gcph-mpqr NOTE: https://github.com/vrana/adminer/commit/5c395afc098e501be3417017c6421968aac477bd (v4.7.9) CVE-2020-35571 (An issue was discovered in MantisBT through 2.24.3. In the helper_ensu ...) - mantis CVE-2020-35573 (srs2.c in PostSRSd before 1.10 allows remote attackers to cause a deni ...) {DLA-2502-1} - postsrsd 1.10-1 [buster] - postsrsd 1.5-2+deb10u1 NOTE: https://github.com/roehling/postsrsd/commit/4733fb11f6bec6524bb8518c5e1a699288c26bac (1.10) CVE-2020-35570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35567 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35566 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35565 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35564 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35563 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35562 RESERVED CVE-2020-35561 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35560 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35559 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35558 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35557 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT CVE-2020-35556 (An issue was discovered in Acronis Cyber Protect before 15 Update 1 bu ...) NOT-FOR-US: Acronis CVE-2020-35555 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) NOT-FOR-US: LG mobile devices CVE-2020-35554 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-35553 (An issue was discovered on Samsung mobile devices with Q(10.0) and R(1 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-35552 (An issue was discovered in the GPS daemon on Samsung mobile devices wi ...) NOT-FOR-US: Samsung mobile devices CVE-2020-35551 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-35550 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-35549 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-35548 (An issue was discovered in Finder on Samsung mobile devices with Q(10. ...) NOT-FOR-US: Samsung mobile devices CVE-2020-35547 (A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 ...) NOT-FOR-US: Mitel CVE-2020-35546 RESERVED CVE-2020-35545 (Time-based SQL injection exists in Spotweb 1.4.9 via the query string. ...) - spotweb (bug #977719) [buster] - spotweb (Minor issue) [stretch] - spotweb (Minor issue) NOTE: https://github.com/spotweb/spotweb/issues/629 NOTE: https://github.com/spotweb/spotweb/commit/fefb39ad143caad021ad496427617db79c42aff2 NOTE: https://github.com/spotweb/spotweb/commit/25c1f89f0202af5d5d224b906ff9d9313f017aa6 NOTE: When fixing the issue make sure to apply the complete fix for CVE-2020-35545 NOTE: and not open CVE-2021-3286. Cf. NOTE: https://github.com/spotweb/spotweb/issues/653 CVE-2020-35544 RESERVED CVE-2020-35543 RESERVED CVE-2020-35542 (Unisys Data Exchange Management Studio through 5.0.34 doesn't sanitize ...) NOT-FOR-US: Unisys CVE-2020-35541 REJECTED CVE-2020-35540 REJECTED CVE-2020-35539 RESERVED CVE-2020-35538 RESERVED CVE-2020-35537 RESERVED CVE-2020-35536 RESERVED CVE-2020-35535 RESERVED CVE-2020-35534 RESERVED CVE-2020-35533 RESERVED CVE-2020-35532 RESERVED CVE-2020-35531 RESERVED CVE-2020-35530 RESERVED CVE-2020-35529 RESERVED CVE-2020-35528 RESERVED CVE-2020-35527 RESERVED CVE-2020-35526 RESERVED CVE-2020-35525 RESERVED CVE-2020-35524 (A heap-based buffer overflow flaw was found in libtiff in the handling ...) {DSA-4869-1 DLA-2694-1} - tiff 4.1.0+git201212-1 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/7be2e452ddcf6d7abca88f41d3761e6edab72b22 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/159 CVE-2020-35523 (An integer overflow flaw was found in libtiff that exists in the tif_g ...) {DSA-4869-1 DLA-2694-1} - tiff 4.1.0+git201212-1 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/c8d613ef497058fe653c467fc84c70a62a4a71b2 NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/160 CVE-2020-35522 (In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A craf ...) - tiff 4.1.0+git201212-1 (unimportant) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/98a254f5b92cea22f5436555ff7fceb12afee84d NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165 NOTE: Crash in CLI tool, no security impact CVE-2020-35521 (A flaw was found in libtiff. Due to a memory allocation failure in tif ...) - tiff 4.1.0+git201212-1 (unimportant) NOTE: https://gitlab.com/libtiff/libtiff/-/commit/b5a935d96b21cda0f434230cdf8ca958cd8b4eef NOTE: https://gitlab.com/libtiff/libtiff/-/merge_requests/165 NOTE: Crash in CLI tool, no security impact CVE-2020-35520 RESERVED CVE-2020-35519 (An out-of-bounds (OOB) memory access flaw was found in x25_bind in net ...) - linux 5.9.15-1 [buster] - linux 4.19.171-1 [stretch] - linux 4.9.258-1 NOTE: https://www.openwall.com/lists/oss-security/2021/03/17/17 CVE-2020-35518 (When binding against a DN during authentication, the reply from 389-ds ...) - 389-ds-base 1.4.4.10-1 [buster] - 389-ds-base (Vulnerable code introduced later) [stretch] - 389-ds-base (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1905565 NOTE: https://github.com/389ds/389-ds-base/issues/4480 NOTE: https://github.com/389ds/389-ds-base/commit/cc0f69283abc082488824702dae485b8eae938bc (master) NOTE: https://github.com/389ds/389-ds-base/commit/38b97faef8a6421a7a638ecdbf0b341e2b3f9ab3 (1.4.4.10) NOTE: Introduced as side-effect of https://github.com/389ds/389-ds-base/issues/2535 CVE-2020-35517 (A flaw was found in qemu. A host privilege escalation issue was found ...) - qemu 1:5.2+dfsg-5 (bug #980814) [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05461.html NOTE: https://www.openwall.com/lists/oss-security/2021/01/22/1 CVE-2020-35516 RESERVED CVE-2020-35515 RESERVED CVE-2020-35514 (An insecure modification flaw in the /etc/kubernetes/kubeconfig file w ...) NOT-FOR-US: OpenShift CVE-2020-35513 (A flaw incorrect umask during file or directory modification in the Li ...) - linux 4.16.5-1 [stretch] - linux (Vulnerable code introduce later) NOTE: https://git.kernel.org/linus/880a3a5325489a143269a8e172e7563ebf9897bc NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1911309 CVE-2020-35512 (A use-after-free flaw was found in D-Bus Development branch <= 1.13 ...) - dbus 1.12.20-1 [buster] - dbus 1.12.20-0+deb10u1 [stretch] - dbus 1.10.32-0+deb9u1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909101 NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/305 NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/2b7948ef907669e844b52c4fa2268d6e3162a70c (dbus-1.13.18) NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/f3b2574f0c9faa32a59efec905921f7ef4438a60 (dbus-1.12.20) NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/commit/dc94fe3d31adf72259adc31f343537151a6c0bdd (dbus-1.10.32) CVE-2020-35511 RESERVED CVE-2020-35510 (A flaw was found in jboss-remoting in versions before 5.0.20.SP1-redha ...) - libjboss-remoting-java CVE-2020-35509 RESERVED NOT-FOR-US: Keycloak CVE-2020-35508 (A flaw possibility of race condition and incorrect initialization of t ...) - linux 5.9.9-1 [buster] - linux 4.19.160-1 [stretch] - linux 4.9.246-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902724 CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in binutil ...) - binutils 2.33.50.20200107-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25308 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a0fb7be96e0ce79e1ae429bc1ba913e5244d537 NOTE: binutils not covered by security support CVE-2020-35506 (A use-after-free vulnerability was found in the am53c974 SCSI host bus ...) [experimental] - qemu 1:6.0+dfsg-1~exp0 - qemu 1:6.0+dfsg-3 (bug #984454) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996 NOTE: https://bugs.launchpad.net/qemu/+bug/1909247 CVE-2020-35505 (A NULL pointer dereference flaw was found in the am53c974 SCSI host bu ...) [experimental] - qemu 1:6.0+dfsg-1~exp0 - qemu 1:6.0+dfsg-3 (bug #984455) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909769 NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer) CVE-2020-35504 (A NULL pointer dereference flaw was found in the SCSI emulation suppor ...) [experimental] - qemu 1:6.0+dfsg-1~exp0 - qemu 1:6.0+dfsg-3 (bug #979679) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909766 NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=0db895361b8a82e1114372ff9f48 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e392255766071c8cac480da3a9ae NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=e5455b8c1c6170c788f3c0fd577c NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=c5fef9112b15c4b5494791cdf8bb NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=7b320a8e67a534925048cbabfa51 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=99545751734035b76bd372c4e721 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=fa7505c154d4d00ad89a747be2ed NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=fbc6510e3379fa8f8370bf71198f NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=0ebb5fd80589835153a0c2baa1b8 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=324c8809897c8c53ad05c3a7147d NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=607206948cacda4a80be5b976dba CVE-2020-35503 (A NULL pointer dereference flaw was found in the megasas-gen2 SCSI hos ...) - qemu (bug #979678) [bullseye] - qemu (Minor issue) [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910346 CVE-2020-35502 (A flaw was found in Privoxy in versions before 3.0.29. Memory leaks wh ...) {DLA-2548-1} - privoxy 3.0.29-1 [buster] - privoxy 3.0.28-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/02/03/3 NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=bbd53f1010b3d6a7b55d0094b2370c3a49322ddb (3.0.29) NOTE: https://www.privoxy.org/gitweb/?p=privoxy.git;a=commit;h=4490d451f9b61baada414233897a83ec8d9908aa (3.0.29) CVE-2020-35501 RESERVED - linux (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2021/02/18/1 NOTE: https://lore.kernel.org/linux-audit/7230785.EvYhyI6sBW@x2/ NOTE: Negligible security impact CVE-2020-35500 REJECTED CVE-2020-35499 (A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 ...) - linux 5.10.4-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1910048 NOTE: https://git.kernel.org/linus/f6b8c6b5543983e9de29dc14716bfa4eb3f157c4 CVE-2020-35498 (A vulnerability was found in openvswitch. A limitation in the implemen ...) {DSA-4852-1 DLA-2571-1} - openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-5 (bug #982493) NOTE: master: https://github.com/openvswitch/ovs/commit/79349cbab0b2a755140eedb91833ad2760520a83 NOTE: 2.15: https://github.com/openvswitch/ovs/commit/0625dc79aec73b966f206e55655a2816696246d0 NOTE: 2.10: https://github.com/openvswitch/ovs/commit/79cec1a736b91548ec882d840986a11affda1068 NOTE: 2.6: https://github.com/openvswitch/ovs/commit/673c08eee8c8d4f2999ddd31524de7ff0f72b559 NOTE: https://www.openwall.com/lists/oss-security/2021/02/10/4 CVE-2020-35497 (A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authent ...) NOT-FOR-US: ovirt-engine CVE-2020-35496 (There's a flaw in bfd_pef_scan_start_address() of bfd/pef.c in binutil ...) - binutils 2.33.50.20200107-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25308 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a0fb7be96e0ce79e1ae429bc1ba913e5244d537 NOTE: binutils not covered by security support CVE-2020-35495 (There's a flaw in binutils /bfd/pef.c. An attacker who is able to subm ...) - binutils 2.33.50.20200107-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25306 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7a0fb7be96e0ce79e1ae429bc1ba913e5244d537 CVE-2020-35494 (There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is ab ...) - binutils 2.33.50.20200107-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25319 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2c5b6e1a1c406cbe06e2d6f77861764ebd01b9ce CVE-2020-35493 (A flaw exists in binutils in bfd/pef.c. An attacker who is able to sub ...) - binutils 2.33.50.20200107-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25307 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2a3559d54602cecfec6d90f792be4a70ad918ab NOTE: NOTE: binutils not covered by security support CVE-2020-35492 (A flaw was found in cairo's image-compositor.c in all versions prior t ...) {DLA-2518-1} - cairo 1.16.0-5 (bug #978658) [buster] - cairo 1.16.0-4+deb10u1 NOTE: https://gitlab.freedesktop.org/cairo/cairo/-/issues/437 NOTE: Introduced by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/c986a7310bb06582b7d8a566d5f007ba4e5e75bf (1.12.12) NOTE: Fixed by: https://gitlab.freedesktop.org/cairo/cairo/-/commit/03a820b173ed1fdef6ff14b4468f5dbc02ff59be NOTE: Minor cleanup for test: https://gitlab.freedesktop.org/cairo/cairo/-/commit/8bc14a6bba3bc8a64ff0749c74d9b96305bf6429 NOTE: Additional meson support (test): https://gitlab.freedesktop.org/cairo/cairo/-/commit/0677e0a94968447e132c69f58cb04e5377e0c828 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1898396 CVE-2020-35491 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2986 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d CVE-2020-35490 (FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2986 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/41b8bdb5ccc1d8edb71acf1c8234da235a24249d CVE-2020-35489 (The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPr ...) NOT-FOR-US: contact-form-7 (aka Contact Form 7) plugin for WordPress CVE-2020-35488 (The fileop module of the NXLog service in NXLog Community Edition 2.10 ...) NOT-FOR-US: NXLog CVE-2020-35487 RESERVED CVE-2020-35486 RESERVED CVE-2020-35485 RESERVED CVE-2020-35484 RESERVED CVE-2020-35483 (AnyDesk before 6.1.0 on Windows, when run in portable mode on a system ...) NOT-FOR-US: AnyDesk CVE-2020-35482 (SolarWinds Serv-U before 15.2.2 allows authenticated reflected XSS. ...) NOT-FOR-US: SolarWinds CVE-2020-35481 (SolarWinds Serv-U before 15.2.2 allows Unauthenticated Macro Injection ...) NOT-FOR-US: SolarWinds CVE-2020-35480 (An issue was discovered in MediaWiki before 1.35.1. Missing users (acc ...) {DSA-4816-1 DLA-2504-1} - mediawiki 1:1.35.1-1 NOTE: https://phabricator.wikimedia.org/T120883 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html CVE-2020-35479 (MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language ...) {DSA-4816-1 DLA-2504-1} - mediawiki 1:1.35.1-1 NOTE: https://phabricator.wikimedia.org/T268938 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html CVE-2020-35478 (MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWik ...) - mediawiki 1:1.35.1-1 [buster] - mediawiki (Introduced in 1.33) [stretch] - mediawiki (Introduced in 1.33) NOTE: https://phabricator.wikimedia.org/T268938 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html CVE-2020-35477 (MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries ...) {DSA-4816-1 DLA-2504-1} - mediawiki 1:1.35.1-1 NOTE: https://phabricator.wikimedia.org/T205908 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html CVE-2020-35476 (A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 ...) NOT-FOR-US: OpenTSDB CVE-2020-35475 (In MediaWiki before 1.35.1, the messages userrights-expiry-current and ...) {DSA-4816-1} - mediawiki 1:1.35.1-1 [stretch] - mediawiki (Introduced in 1.29) NOTE: https://phabricator.wikimedia.org/T268917 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html CVE-2020-35474 (In MediaWiki before 1.35.1, the combination of Html::rawElement and Me ...) - mediawiki 1:1.35.1-1 [buster] - mediawiki (Introduced in 1.35) [stretch] - mediawiki (Introduced in 1.35) NOTE: https://phabricator.wikimedia.org/T268894 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html CVE-2020-35473 RESERVED CVE-2020-35472 RESERVED CVE-2020-35471 (Envoy before 1.16.1 mishandles dropped and truncated datagrams, as dem ...) - envoyproxy (bug #987544) CVE-2020-35470 (Envoy before 1.16.1 logs an incorrect downstream address because it co ...) - envoyproxy (bug #987544) CVE-2020-35469 (The Software AG Terracotta Server OSS Docker image 5.4.1 contains a bl ...) NOT-FOR-US: Software AG Terracotta Server OSS Docker image CVE-2020-35468 (The Appbase streams Docker image 2.1.2 contains a blank password for t ...) NOT-FOR-US: Appbase streams Docker image CVE-2020-35467 (The Docker Docs Docker image through 2020-12-14 contains a blank passw ...) NOT-FOR-US: Docker Docs Docker image CVE-2020-35466 (The Blackfire Docker image through 2020-12-14 contains a blank passwor ...) NOT-FOR-US: Blackfire Docker image CVE-2020-35465 (The FullArmor HAPI File Share Mount Docker image through 2020-12-14 co ...) NOT-FOR-US: FullArmor HAPI File Share Mount Docker image CVE-2020-35464 (Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank p ...) NOT-FOR-US: Weave Cloud Agent Docker image CVE-2020-35463 (Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank ...) NOT-FOR-US: Instana Dynamic APM Docker image CVE-2020-35462 (Version 3.16.0 of the CoScale agent Docker image contains a blank pass ...) NOT-FOR-US: CoScale agent Docker image CVE-2020-35461 RESERVED CVE-2020-35460 (common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows dir ...) NOT-FOR-US: Packwood MPXJ CVE-2020-35459 (An issue was discovered in ClusterLabs crmsh through 4.2.1. Local atta ...) {DLA-2533-1} - crmsh 4.2.1-2 (bug #985376) [buster] - crmsh 4.0.0~git20190108.3d56538-3+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/3 CVE-2020-35458 (An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There ...) - hawk (bug #634344) CVE-2020-35457 (** DISPUTED ** GNOME GLib before 2.65.3 has an integer overflow, that ...) - glib2.0 2.66.0-1 (unimportant) NOTE: https://gitlab.gnome.org/GNOME/glib/-/commit/63c5b62f0a984fac9a9700b12f54fe878e016a5d NOTE: https://gitlab.gnome.org/GNOME/glib/-/issues/2197 NOTE: Upstream position is that it is not realistically a security issue. CVE-2020-35456 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...) NOT-FOR-US: Taidii Diibear Android application CVE-2020-35455 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...) NOT-FOR-US: Taidii Diibear Android application CVE-2020-35454 (The Taidii Diibear Android application 2.4.0 and all its derivatives a ...) NOT-FOR-US: Taidii Diibear Android application CVE-2020-35453 (HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorre ...) NOT-FOR-US: HashiCorp Vault CVE-2020-35452 (Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest ...) {DSA-4937-1 DLA-2706-1} [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-35452 NOTE: https://github.com/apache/httpd/commit/3b6431eb9c9dba603385f70a2131ab4a01bf0d3b CVE-2020-35451 (There is a race condition in OozieSharelibCLI in Apache Oozie before v ...) NOT-FOR-US: Apache Oozie CVE-2020-35450 (Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler fo ...) - gobby 0.6.0~20201227~b98f4d2-1 (bug #978446) [buster] - gobby (Minor issue) [stretch] - gobby (Minor issue) NOTE: https://github.com/gobby/gobby/issues/183 NOTE: https://github.com/gobby/gobby/pull/184 NOTE: https://github.com/gobby/gobby/commit/6f34307bff645eb2935d82deee0119ec89866118 CVE-2020-35449 RESERVED CVE-2020-35448 (An issue was discovered in the Binary File Descriptor (BFD) library (a ...) - binutils (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26574 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8642dafaef21aa6747cec01df1977e9c52eb4679 NOTE: binutils not covered by security support CVE-2020-35447 RESERVED CVE-2020-35446 RESERVED CVE-2020-35445 RESERVED CVE-2020-35444 RESERVED CVE-2020-35443 RESERVED CVE-2020-35442 (FDCMS (also known as Fangfa Content Management System) 4.0 allows remo ...) NOT-FOR-US: FDCMS (Fangfa Content Management System) CVE-2020-35441 (FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end ...) NOT-FOR-US: FDCMS (Fangfa Content Management System) CVE-2020-35440 RESERVED CVE-2020-35439 RESERVED CVE-2020-35438 (Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin ...) NOT-FOR-US: kk-star-ratings CVE-2020-35437 (Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through t ...) NOT-FOR-US: Subrion CMS CVE-2020-35436 RESERVED CVE-2020-35435 RESERVED CVE-2020-35434 RESERVED CVE-2020-35433 RESERVED CVE-2020-35432 RESERVED CVE-2020-35431 RESERVED CVE-2020-35430 (SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemCon ...) NOT-FOR-US: Inxedu CVE-2020-35429 RESERVED CVE-2020-35428 RESERVED CVE-2020-35427 (SQL injection vulnerability in PHPGurukul Employee Record Management S ...) NOT-FOR-US: PHPGurukul Employee Record Management CVE-2020-35426 RESERVED CVE-2020-35425 RESERVED CVE-2020-35424 RESERVED CVE-2020-35423 RESERVED CVE-2020-35422 RESERVED CVE-2020-35421 RESERVED CVE-2020-35420 RESERVED CVE-2020-35419 (Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LAN ...) NOT-FOR-US: Group Office CRM CVE-2020-35418 (Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4 ...) NOT-FOR-US: Group Office CRM CVE-2020-35417 RESERVED CVE-2020-35416 (Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabber ...) NOT-FOR-US: PHPJabbers Appointment Scheduler CVE-2020-35415 RESERVED CVE-2020-35414 RESERVED CVE-2020-35413 RESERVED CVE-2020-35412 RESERVED CVE-2020-35411 RESERVED CVE-2020-35410 RESERVED CVE-2020-35409 RESERVED CVE-2020-35408 RESERVED CVE-2020-35407 RESERVED CVE-2020-35406 RESERVED CVE-2020-35405 RESERVED CVE-2020-35404 RESERVED CVE-2020-35403 RESERVED CVE-2020-35402 RESERVED CVE-2020-35401 RESERVED CVE-2020-35400 RESERVED CVE-2020-35399 RESERVED CVE-2020-35398 RESERVED CVE-2020-35397 RESERVED CVE-2020-35396 (EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting ( ...) NOT-FOR-US: EGavilan Barcodes generator CVE-2020-35395 (XSS in the Add Expense Component of EGavilan Media Expense Management ...) NOT-FOR-US: EGavilan Media Expense Management System CVE-2020-35394 RESERVED CVE-2020-35393 RESERVED CVE-2020-35392 RESERVED CVE-2020-35391 (Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sen ...) NOT-FOR-US: Tenda CVE-2020-35390 RESERVED CVE-2020-35389 RESERVED CVE-2020-35388 (rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive info ...) NOT-FOR-US: rainrocka xinhu CVE-2020-35387 RESERVED CVE-2020-35386 RESERVED CVE-2020-35385 RESERVED CVE-2020-35384 RESERVED CVE-2020-35383 RESERVED CVE-2020-35382 (SQL Injection in Classbooking before 2.4.1 via the username field of a ...) NOT-FOR-US: Classbooking CVE-2020-35381 (jsonparser 1.0.0 allows attackers to cause a denial of service (panic: ...) - golang-github-buger-jsonparser 1.1.1-1 (bug #978445) [buster] - golang-github-buger-jsonparser (Minor issue) NOTE: https://github.com/buger/jsonparser/issues/219 CVE-2020-35380 (GJSON before 1.6.4 allows attackers to cause a denial of service via c ...) - golang-github-tidwall-gjson 1.6.7-1 (bug #977622) NOTE: https://github.com/tidwall/gjson/issues/192 NOTE: https://github.com/tidwall/gjson/commit/f0ee9ebde4b619767ae4ac03e8e42addb530f6bc (v1.6.4) CVE-2020-35379 RESERVED CVE-2020-35378 (SQL Injection in the login page in Online Bus Ticket Reservation 1.0 a ...) NOT-FOR-US: Online Bus Ticket Reservation CVE-2020-35377 RESERVED CVE-2020-35376 (Xpdf 4.02 allows stack consumption because of an incorrect subroutine ...) - xpdf (Debian uses poppler, which is not affected) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42066 CVE-2020-35375 RESERVED CVE-2020-35374 RESERVED CVE-2020-35373 (In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated ...) NOT-FOR-US: Fiyo CMS CVE-2020-35372 RESERVED CVE-2020-35371 RESERVED CVE-2020-35370 (A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticate ...) NOT-FOR-US: Raysync CVE-2020-35369 RESERVED CVE-2020-35368 RESERVED CVE-2020-35367 RESERVED CVE-2020-35366 RESERVED CVE-2020-35365 RESERVED CVE-2020-35364 (Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to ...) NOT-FOR-US: Beijing Huorong Internet Security CVE-2020-35363 RESERVED CVE-2020-35362 (DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal ...) NOT-FOR-US: DEXT5Upload CVE-2020-35361 RESERVED CVE-2020-35360 RESERVED CVE-2020-35359 (Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server ...) NOTE: Bogus issue, can be configured using MaxClientsPerIP in pure-ftpd.conf configuration file CVE-2020-35357 RESERVED CVE-2020-35356 RESERVED CVE-2020-35355 RESERVED CVE-2020-35354 RESERVED CVE-2020-35353 RESERVED CVE-2020-35352 RESERVED CVE-2020-35351 RESERVED CVE-2020-35350 RESERVED CVE-2020-35349 (Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_ti ...) NOT-FOR-US: Savsoft Quiz CVE-2020-35348 RESERVED CVE-2020-35347 (CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator ...) NOT-FOR-US: CXUUCMS CVE-2020-35346 (CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allow ...) NOT-FOR-US: CXUUCMS CVE-2020-35345 RESERVED CVE-2020-35344 RESERVED CVE-2020-35343 RESERVED CVE-2020-35342 RESERVED CVE-2020-35341 RESERVED CVE-2020-35340 (A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 ...) NOT-FOR-US: ExpertPDF CVE-2020-35339 (In 74cms version 5.0.1, there is a remote code execution vulnerability ...) NOT-FOR-US: 74cms CVE-2020-35338 (The Web Administrative Interface in Mobile Viewpoint Wireless Multiple ...) NOT-FOR-US: Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server CVE-2020-35337 (ThinkSAAS before 3.38 contains a SQL injection vulnerability through a ...) NOT-FOR-US: ThinkSAAS CVE-2020-35336 RESERVED CVE-2020-35335 RESERVED CVE-2020-35334 RESERVED CVE-2020-35333 RESERVED CVE-2020-35332 RESERVED CVE-2020-35331 RESERVED CVE-2020-35330 RESERVED CVE-2020-35329 (Courier Management System 1.0 1.0 is affected by SQL Injection via 'MU ...) NOT-FOR-US: Courier Management System CVE-2020-35328 (Courier Management System 1.0 - 'First Name' Stored XSS ...) NOT-FOR-US: Courier Management System CVE-2020-35327 (SQL injection vulnerability was discovered in Courier Management Syste ...) NOT-FOR-US: Courier Management System CVE-2020-35326 RESERVED CVE-2020-35325 RESERVED CVE-2020-35324 RESERVED CVE-2020-35323 RESERVED CVE-2020-35322 RESERVED CVE-2020-35321 RESERVED CVE-2020-35320 RESERVED CVE-2020-35319 RESERVED CVE-2020-35318 RESERVED CVE-2020-35317 RESERVED CVE-2020-35316 RESERVED CVE-2020-35315 RESERVED CVE-2020-35314 (A remote code execution vulnerability in the installUpdateThemePluginA ...) NOT-FOR-US: WonderCMS CVE-2020-35313 (A server-side request forgery (SSRF) vulnerability in the addCustomThe ...) NOT-FOR-US: WonderCMS CVE-2020-35312 RESERVED CVE-2020-35311 RESERVED CVE-2020-35310 REJECTED CVE-2020-35309 (Bakeshop Online Ordering System in PHP/MySQLi 1.0 is affected by cross ...) NOT-FOR-US: Bakeshop Online Ordering System in PHP/MySQLi CVE-2020-35308 (CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability ...) NOT-FOR-US: CONQUEST DICOM SERVER CVE-2020-35307 RESERVED CVE-2020-35306 RESERVED CVE-2020-35305 RESERVED CVE-2020-35304 RESERVED CVE-2020-35303 RESERVED CVE-2020-35302 RESERVED CVE-2020-35301 RESERVED CVE-2020-35300 RESERVED CVE-2020-35299 RESERVED CVE-2020-35298 RESERVED CVE-2020-35297 RESERVED CVE-2020-35296 (ThinkAdmin v6 has default administrator credentials, which allows atta ...) NOT-FOR-US: ThinkAdmin CVE-2020-35295 RESERVED CVE-2020-35294 RESERVED CVE-2020-35293 RESERVED CVE-2020-35292 RESERVED CVE-2020-35291 RESERVED CVE-2020-35290 RESERVED CVE-2020-35289 RESERVED CVE-2020-35288 RESERVED CVE-2020-35287 RESERVED CVE-2020-35286 RESERVED CVE-2020-35285 RESERVED CVE-2020-35284 (Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory trav ...) NOT-FOR-US: Flamingo (aka FlamingoIM) CVE-2020-35283 RESERVED CVE-2020-35282 RESERVED CVE-2020-35281 RESERVED CVE-2020-35280 RESERVED CVE-2020-35279 RESERVED CVE-2020-35278 RESERVED CVE-2020-35277 RESERVED CVE-2020-35276 (EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An at ...) NOT-FOR-US: EgavilanMedia ECM Address Book CVE-2020-35275 (Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user c ...) NOT-FOR-US: Coastercms CVE-2020-35274 (DotCMS Add Template with admin panel 20.11 is affected by cross-site S ...) NOT-FOR-US: DotCMS CVE-2020-35273 (EgavilanMedia User Registration & Login System with Admin Panel 1. ...) NOT-FOR-US: EgavilanMedia User Registration & Login System with Admin Panel CVE-2020-35272 (Employee Performance Evaluation System in PHP/MySQLi with Source Code ...) NOT-FOR-US: Employee Performance Evaluation System in PHP/MySQLi with Source Code CVE-2020-35271 (Employee Performance Evaluation System in PHP/MySQLi with Source Code ...) NOT-FOR-US: Employee Performance Evaluation System in PHP/MySQLi with Source Code CVE-2020-35270 (Student Result Management System In PHP With Source Code is affected b ...) NOT-FOR-US: Student Result Management System In PHP With Source Code CVE-2020-35269 (Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross ...) - nagios4 (unimportant) NOTE: https://gist.github.com/MoSalah20/d1d40b43eafba0bd22ee4cddecad3cbc NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/809 NOTE: Negligible security impact, only affects inherently insecure setups CVE-2020-35268 RESERVED CVE-2020-35267 RESERVED CVE-2020-35266 RESERVED CVE-2020-35265 RESERVED CVE-2020-35264 RESERVED CVE-2020-35263 (EgavilanMedia User Registration & Login System 1.0 is affected by ...) NOT-FOR-US: EgavilanMedia User Registration & Login System CVE-2020-35262 (Cross Site Scripting (XSS) vulnerability in Digisol DG-HR3400 can be e ...) NOT-FOR-US: Digisol CVE-2020-35261 RESERVED CVE-2020-35260 RESERVED CVE-2020-35259 RESERVED CVE-2020-35258 RESERVED CVE-2020-35257 RESERVED CVE-2020-35256 RESERVED CVE-2020-35255 RESERVED CVE-2020-35254 RESERVED CVE-2020-35253 RESERVED CVE-2020-35252 (Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter ...) NOT-FOR-US: User Registration & Login System CVE-2020-35251 RESERVED CVE-2020-35250 RESERVED CVE-2020-35249 (Cross Site Scripting (XSS) vulnerability in ElkarBackup 1.3.3, allows ...) NOT-FOR-US: ElkarBackup CVE-2020-35248 RESERVED CVE-2020-35247 RESERVED CVE-2020-35246 RESERVED CVE-2020-35245 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...) NOT-FOR-US: Flamingo (aka FlamingoIM) CVE-2020-35244 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...) NOT-FOR-US: Flamingo (aka FlamingoIM) CVE-2020-35243 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...) NOT-FOR-US: Flamingo (aka FlamingoIM) CVE-2020-35242 (Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulne ...) NOT-FOR-US: Flamingo (aka FlamingoIM) CVE-2020-35241 (FlatPress 1.0.3 is affected by cross-site scripting (XSS) in the Blog ...) NOT-FOR-US: FlatPress CVE-2020-35240 (** DISPUTED ** FluxBB 1.5.11 is affected by cross-site scripting (XSS ...) NOT-FOR-US: FluxBB CVE-2020-35239 (A vulnerability exists in CakePHP versions 4.0.x through 4.1.3. The Cs ...) - cakephp (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/cakephp/cakephp/commit/d2da5346a6cddab284f8cf94e38f90d897595fe8 (4.0.10) NOTE: Introduced after: https://github.com/cakephp/cakephp/commit/45474a4a9ca10e7c16db40180d086e4144006a9b (3.5.0-RC1) CVE-2020-35238 RESERVED CVE-2020-35237 RESERVED CVE-2020-35236 (The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incor ...) NOT-FOR-US: amazee.io Lagoon CVE-2020-35235 (** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal. ...) NOT-FOR-US: WordPress plugin secure-file-manager CVE-2020-35234 (The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrato ...) NOT-FOR-US: WordPress plugin easy-wp-smtp CVE-2020-35233 (The TFTP server fails to handle multiple connections on NETGEAR JGS516 ...) NOT-FOR-US: Netgear CVE-2020-35232 REJECTED CVE-2020-35231 (The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.4 ...) NOT-FOR-US: Netgear CVE-2020-35230 (Multiple integer overflow parameters were found in the web administrat ...) NOT-FOR-US: Netgear CVE-2020-35229 (The authentication token required to execute NSDP write requests on NE ...) NOT-FOR-US: Netgear CVE-2020-35228 (A cross-site scripting (XSS) vulnerability in the administration web p ...) NOT-FOR-US: Netgear CVE-2020-35227 (A buffer overflow vulnerability in the access control section on NETGE ...) NOT-FOR-US: Netgear CVE-2020-35226 (NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated user ...) NOT-FOR-US: Netgear CVE-2020-35225 (The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.4 ...) NOT-FOR-US: Netgear CVE-2020-35224 (A buffer overflow vulnerability in the NSDP protocol authentication me ...) NOT-FOR-US: Netgear CVE-2020-35223 (The CSRF protection mechanism implemented in the web administration pa ...) NOT-FOR-US: Netgear CVE-2020-35222 REJECTED CVE-2020-35221 (The hashing algorithm implemented for NSDP password authentication on ...) NOT-FOR-US: Netgear CVE-2020-35220 REJECTED CVE-2020-35219 (The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to acce ...) NOT-FOR-US: ASUS CVE-2020-35218 RESERVED CVE-2020-35217 (Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSR ...) NOT-FOR-US: Vert.x-Web framework CVE-2020-35216 RESERVED CVE-2020-35215 RESERVED CVE-2020-35214 RESERVED CVE-2020-35213 RESERVED CVE-2020-35212 RESERVED CVE-2020-35211 RESERVED CVE-2020-35210 RESERVED CVE-2020-35209 RESERVED CVE-2020-35208 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...) NOT-FOR-US: LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app for iOS CVE-2020-35207 (** DISPUTED ** An issue was discovered in the LogMein LastPass Passwor ...) NOT-FOR-US: LogMein LastPass Password Manager (aka com.lastpass.ilastpass) app for iOS CVE-2020-35206 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manage ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35205 (** UNSUPPORTED WHEN ASSIGNED ** Server Side Request Forgery (SSRF) in ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35204 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Quest Policy Authorit ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35203 (** UNSUPPORTED WHEN ASSIGNED ** Reflected XSS in Web Compliance Manage ...) NOT-FOR-US: Quest Policy Authority CVE-2020-35202 (Ignite Realtime Openfire 4.6.0 has plugins/dbaccess/db-access.jsp sql ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-35201 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp users Stored XS ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-35200 (Ignite Realtime Openfire 4.6.0 has plugins/clientcontrol/spark-form.js ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-35199 (Ignite Realtime Openfire 4.6.0 has create-bookmark.jsp groupchatJID St ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-35198 (An issue was discovered in Wind River VxWorks 7. The memory allocator ...) NOT-FOR-US: Wind River VxWorks 7 CVE-2020-35197 (The official memcached docker images before 1.5.11-alpine (Alpine spec ...) NOT-FOR-US: memcached docker images before 1.5.11-alpine (Alpine specific) CVE-2020-35196 (The official rabbitmq docker images before 3.7.13-beta.1-management-al ...) NOT-FOR-US: rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) CVE-2020-35195 (The official haproxy docker images before 1.8.18-alpine (Alpine specif ...) NOT-FOR-US: haproxy docker images before 1.8.18-alpine (Alpine specific) CVE-2020-35194 REJECTED CVE-2020-35193 (The official sonarqube docker images before alpine (Alpine specific) c ...) NOT-FOR-US: sonarqube docker images before alpine (Alpine specific) CVE-2020-35192 (The official vault docker images before 0.11.6 contain a blank passwor ...) NOT-FOR-US: vault docker images CVE-2020-35191 (The official drupal docker images before 8.5.10-fpm-alpine (Alpine spe ...) NOT-FOR-US: drupal docker images CVE-2020-35190 (The official plone Docker images before version of 4.3.18-alpine (Alpi ...) NOT-FOR-US: plone Docker images CVE-2020-35189 (The official kong docker images before 1.0.2-alpine (Alpine specific) ...) NOT-FOR-US: kong docker images before 1.0.2-alpine (Alpine specific) CVE-2020-35188 REJECTED CVE-2020-35187 (The official telegraf docker images before 1.9.4-alpine (Alpine specif ...) NOT-FOR-US: telegraf docker images before 1.9.4-alpine (Alpine specific) CVE-2020-35186 (The official adminer docker images before 4.7.0-fastcgi contain a blan ...) NOT-FOR-US: adminer docker images CVE-2020-35185 (The official ghost docker images before 2.16.1-alpine (Alpine specific ...) NOT-FOR-US: ghost docker images (Alpine specific) CVE-2020-35184 (The official composer docker images before 1.8.3 contain a blank passw ...) NOT-FOR-US: composer docker images CVE-2020-35183 RESERVED CVE-2020-35182 RESERVED CVE-2020-35181 RESERVED CVE-2020-35180 RESERVED CVE-2020-35179 RESERVED CVE-2020-35178 RESERVED CVE-2020-35177 (HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enume ...) NOT-FOR-US: HashiCorp Vault CVE-2020-35176 (In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial a ...) {DLA-2506-1} - awstats 7.8-2 (bug #977190) [buster] - awstats 7.6+dfsg-2+deb10u1 NOTE: https://github.com/eldy/awstats/issues/195 NOTE: https://github.com/eldy/AWStats/commit/96756d7f40e002cc1e6ba72c633fb66b92e54f49 CVE-2020-35175 (Frappe Framework 12 and 13 does not properly validate the HTTP method ...) NOT-FOR-US: Frappe Framework CVE-2020-35174 RESERVED CVE-2020-35173 (The Amaze File Manager application before 3.4.2 for Android does not p ...) NOT-FOR-US: Amaze File Manager application for Android CVE-2020-35172 RESERVED CVE-2020-35171 RESERVED CVE-2020-35170 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.9, Dell EMC Un ...) NOT-FOR-US: Dell EMC Unisphere for PowerMax CVE-2020-35169 RESERVED CVE-2020-35168 RESERVED CVE-2020-35167 RESERVED CVE-2020-35166 RESERVED CVE-2020-35165 RESERVED CVE-2020-35164 RESERVED CVE-2020-35163 RESERVED CVE-2020-35162 RESERVED CVE-2020-35161 RESERVED CVE-2020-35160 RESERVED CVE-2020-35159 RESERVED CVE-2020-35158 RESERVED CVE-2020-35157 RESERVED CVE-2020-35156 RESERVED CVE-2020-35155 RESERVED CVE-2020-35154 RESERVED CVE-2020-35153 RESERVED CVE-2020-35152 (Cloudflare WARP for Windows allows privilege escalation due to an unqu ...) NOT-FOR-US: Cloudflare WARP for Windows CVE-2020-35151 (The Online Marriage Registration System 1.0 post parameter "searchdata ...) NOT-FOR-US: Online Marriage Registration System CVE-2020-35150 RESERVED CVE-2020-35149 (lib/utils.js in mquery before 3.2.3 allows a pollution attack because ...) NOT-FOR-US: Node mquery CVE-2020-35148 RESERVED CVE-2020-35147 RESERVED CVE-2020-35146 RESERVED CVE-2020-35145 (Acronis True Image for Windows prior to 2021 Update 3 allowed local pr ...) NOT-FOR-US: Acronis CVE-2020-35144 REJECTED CVE-2020-35143 RESERVED CVE-2020-35142 RESERVED CVE-2020-35141 RESERVED CVE-2020-35140 RESERVED CVE-2020-35139 RESERVED CVE-2020-35138 (** DISPUTED ** The MobileIron agents through 2021-03-22 for Android an ...) NOT-FOR-US: MobileIron CVE-2020-35137 REJECTED CVE-2020-35136 (Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. ...) - dolibarr CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows ...) NOT-FOR-US: ultimate-category-excluder plugin for WordPress CVE-2020-35134 RESERVED CVE-2020-35133 (irfanView 4.56 contains an error processing parsing files of type .pcx ...) NOT-FOR-US: irfanView CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that a ...) - phpldapadmin (bug #987355) NOTE: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1906474 NOTE: https://github.com/leenooks/phpLDAPadmin/commit/c87571f6b7be15d5cd8b26381b6eb31ad03d28e2 NOTE: https://github.com/leenooks/phpLDAPadmin/issues/130 NOTE: unclear whether the issue is completely fixed, cf. https://github.com/leenooks/phpLDAPadmin/issues/130#issuecomment-745152260 CVE-2020-35131 (Cockpit before 0.6.1 allows an attacker to inject custom PHP code and ...) NOT-FOR-US: Agentejo Cockpit CVE-2020-35130 RESERVED CVE-2020-35129 (Mautic before 3.2.4 is affected by stored XSS. An attacker with access ...) NOT-FOR-US: Mautic CVE-2020-35128 (Mautic before 3.2.4 is affected by stored XSS. An attacker with permis ...) NOT-FOR-US: Mautic CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.j ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct ...) NOT-FOR-US: Typesetter CMS CVE-2020-35125 (A cross-site scripting (XSS) vulnerability in the forms component of M ...) NOT-FOR-US: Mautic CVE-2020-35124 (A cross-site scripting (XSS) vulnerability in the assets component of ...) NOT-FOR-US: Mautic CVE-2020-35123 (In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-35122 (An issue was discovered in the Keysight Database Connector plugin befo ...) NOT-FOR-US: Keysight Database Connector plugin for Confluence CVE-2020-35121 (An issue was discovered in the Keysight Database Connector plugin befo ...) NOT-FOR-US: Keysight Database Connector plugin for Confluence CVE-2020-35120 RESERVED CVE-2020-35119 RESERVED CVE-2020-35118 RESERVED CVE-2020-35117 RESERVED CVE-2020-35116 RESERVED CVE-2020-35115 RESERVED CVE-2020-35114 (Mozilla developers reported memory safety bugs present in Firefox 83. ...) - firefox 84.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35114 CVE-2020-35113 (Mozilla developers reported memory safety bugs present in Firefox 83 a ...) {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1} - firefox 84.0-1 - firefox-esr 78.6.0esr-1 - thunderbird 1:78.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35113 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35113 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35113 CVE-2020-35112 (If a user downloaded a file lacking an extension on Windows, and then ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35112 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35112 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35112 CVE-2020-35111 (When an extension with the proxy permission registered to receive < ...) {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1} - firefox 84.0-1 - firefox-esr 78.6.0esr-1 - thunderbird 1:78.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-35111 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-35111 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-35111 CVE-2020-35110 REJECTED CVE-2020-35109 RESERVED CVE-2020-35108 RESERVED CVE-2020-35107 RESERVED CVE-2020-35106 RESERVED CVE-2020-35096 RESERVED CVE-2020-35090 REJECTED CVE-2020-35076 REJECTED CVE-2020-35061 RESERVED CVE-2020-35037 (The Events Manager WordPress plugin before 5.9.8 does not sanitise and ...) NOT-FOR-US: WordPress plugin events-manager CVE-2020-35030 RESERVED CVE-2020-35017 RESERVED CVE-2020-35012 (The Events Manager WordPress plugin before 5.9.8 does not sanitise and ...) NOT-FOR-US: WordPress plugin events-manager CVE-2020-35001 RESERVED CVE-2020-29670 RESERVED CVE-2020-29669 (In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Gue ...) NOT-FOR-US: Macally WIFISD2-2A82 Media and Travel Router CVE-2020-29668 (Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API ...) {DSA-4818-1 DLA-2499-1} - sympa 6.2.58~dfsg-2 (bug #976020) NOTE: https://github.com/sympa-community/sympa/issues/1041 NOTE: https://github.com/sympa-community/sympa/pull/1044 CVE-2020-29667 (In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker ab ...) NOT-FOR-US: Lan ATMService M3 ATM Monitoring System CVE-2020-29666 (In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-l ...) NOT-FOR-US: Lan ATMService M3 ATM Monitoring System CVE-2020-29665 RESERVED CVE-2020-29664 (A command injection issue in dji_sys in DJI Mavic 2 Remote Controller ...) NOT-FOR-US: DJI Mavic 2 Remote Controller firmware CVE-2020-29663 (Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked ...) - icinga2 2.12.3-1 [buster] - icinga2 (Minor issue) [stretch] - icinga2 (Vulnerable code not present) NOTE: https://github.com/Icinga/icinga2/security/advisories/GHSA-pcmr-2p2f-r7j6 NOTE: https://github.com/Icinga/icinga2/commit/abbd7d5494369af8bbf8fc12f5dc1a0f05a1f817 NOTE: https://github.com/Icinga/icinga2/commit/cae22a89da9e6a381904c3b207e5a3f93f6ed838 CVE-2020-29662 (In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s ...) NOT-FOR-US: Harbor CVE-2020-29661 (A locking issue was discovered in the tty subsystem of the Linux kerne ...) {DSA-4843-1 DLA-2586-1 DLA-2557-1} - linux 5.9.15-1 NOTE: https://git.kernel.org/linus/54ffccbf053b5b6ca4f6e45094b942fab92a25fc NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125 NOTE: https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html CVE-2020-29660 (A locking inconsistency issue was discovered in the tty subsystem of t ...) {DSA-4843-1 DLA-2586-1 DLA-2557-1} - linux 5.9.15-1 NOTE: https://git.kernel.org/linus/c8bcd9c5be24fb9e6132e97da5a35e55a83e36b9 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2125 NOTE: https://googleprojectzero.blogspot.com/2021/10/how-simple-linux-kernel-memory.html CVE-2020-29659 (A buffer overflow in the web server of Flexense DupScout Enterprise 10 ...) NOT-FOR-US: Flexense DupScout Enterprise CVE-2020-29658 (Zoho ManageEngine Application Control Plus before 100523 has an insecu ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-29657 (In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unh ...) - iotjs (bug #977736; unimportant) NOTE: https://github.com/jerryscript-project/jerryscript/issues/4244 NOTE: Does not affect code built in into the library CVE-2020-29656 (An information disclosure vulnerability exists in RT-AC88U Download Ma ...) NOT-FOR-US: RT-AC88U Download Master CVE-2020-29655 (An injection vulnerability exists in RT-AC88U Download Master before 3 ...) NOT-FOR-US: RT-AC88U Download Master CVE-2020-29654 (Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that lea ...) NOT-FOR-US: Western Digital Dashboard CVE-2020-29653 RESERVED CVE-2020-29652 (A nil pointer dereference in the golang.org/x/crypto/ssh component thr ...) - golang-go.crypto 1:0.0~git20201221.eec23a3-1 [buster] - golang-go.crypto (Vulnerable code not present) [stretch] - golang-go.crypto (Vulnerable code not present) NOTE: https://go-review.googlesource.com/c/crypto/+/278852 NOTE: https://groups.google.com/g/golang-announce/c/ouZIlBimOsE?pli=1 NOTE: Introduced in: https://github.com/golang/crypto/commit/cbcb750295291b33242907a04be40e80801d0cfc (2019-05-10) CVE-2020-29651 (A denial of service via regular expression in the py.path.svnwc compon ...) - python-py 1.10.0-1 [buster] - python-py (Minor issue) [stretch] - python-py (Minor issue) - pypy (unimportant) - pypy3 (unimportant) NOTE: https://github.com/pytest-dev/py/issues/256 NOTE: https://github.com/pytest-dev/py/pull/257 NOTE: https://github.com/pytest-dev/py/commit/4a9017dc6199d2a564b6e4b0aa39d6d8870e4144 CVE-2020-29650 RESERVED CVE-2020-29649 RESERVED CVE-2020-29648 RESERVED CVE-2020-29647 RESERVED CVE-2020-29646 RESERVED CVE-2020-29645 RESERVED CVE-2020-29644 RESERVED CVE-2020-29643 RESERVED CVE-2020-29642 RESERVED CVE-2020-29641 RESERVED CVE-2020-29640 RESERVED CVE-2020-29639 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-29638 RESERVED CVE-2020-29637 RESERVED CVE-2020-29636 RESERVED CVE-2020-29635 RESERVED CVE-2020-29634 RESERVED CVE-2020-29633 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2020-29632 RESERVED CVE-2020-29631 RESERVED CVE-2020-29630 RESERVED CVE-2020-29629 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-29628 RESERVED CVE-2020-29627 RESERVED CVE-2020-29626 RESERVED CVE-2020-29625 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-29624 (A memory corruption issue existed in the processing of font files. Thi ...) NOT-FOR-US: Apple CVE-2020-29623 ("Clear History and Website Data" did not clear the history. The issue ...) {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.6-1 NOTE: https://webkitgtk.org/security/WSA-2021-0002.html CVE-2020-29622 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2020-29621 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-29620 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2020-29619 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-29618 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-29617 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-29616 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-29615 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-29614 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-29613 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-29612 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-29611 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-29610 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-29609 RESERVED CVE-2020-29608 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-29607 (A file upload restriction bypass vulnerability in Pluck CMS before 4.7 ...) NOT-FOR-US: Pluck CMS CVE-2020-35921 (An issue was discovered in the miow crate before 0.3.6 for Rust. It ha ...) - rust-miow 0.3.6-1 (bug #976871) [buster] - rust-miow (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0080.html NOTE: https://github.com/yoshuawuyts/miow/issues/38 CVE-2020-35919 (An issue was discovered in the net2 crate before 0.2.36 for Rust. It h ...) - rust-net2 0.2.37-1 (bug #976870) [buster] - rust-net2 (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0078.html NOTE: https://github.com/deprecrated/net2-rs/issues/105 CVE-2020-35916 (An issue was discovered in the image crate before 0.23.12 for Rust. A ...) - rust-image (bug #976869) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0073.html NOTE: https://github.com/image-rs/image/issues/1357 CVE-2020-29606 REJECTED CVE-2020-29605 (An issue was discovered in MantisBT before 2.24.4. Due to insufficient ...) - mantis CVE-2020-29604 (An issue was discovered in MantisBT before 2.24.4. A missing access ch ...) - mantis CVE-2020-29603 (In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileg ...) - mantis CVE-2020-29602 (The official irssi docker images before 1.1-alpine (Alpine specific) c ...) NOT-FOR-US: irssi Docker images CVE-2020-29601 (The official notary docker images before signer-0.6.1-1 contain a blan ...) NOT-FOR-US: notary Docker images CVE-2020-29600 (In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute ...) {DLA-2506-1} - awstats 7.8-1 (bug #891469) [buster] - awstats 7.6+dfsg-2+deb10u1 NOTE: https://github.com/eldy/awstats/issues/90 NOTE: https://github.com/eldy/awstats/commit/d4d815d0caae3dbae83ac70a1ae4581bd57cf376 CVE-2020-29599 (ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the - ...) {DLA-2523-1} - imagemagick 8:6.9.11.57+dfsg-1 (bug #977205) [buster] - imagemagick (Minor issue, 200-disable-ghostscript-formats.patch addresses this) NOTE: https://github.com/ImageMagick/ImageMagick/discussions/2851 NOTE: https://insert-script.blogspot.com/2020/11/imagemagick-shell-injection-via-pdf.html NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a9e63436aa04c805fe3f9e2ed242dfa4621df823 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/68154c05cf40a80b6f2e2dd9fdc4428570f875f0 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/89a1c73ee2693ded91a72d00bdf3aba410f349f1 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a7b2d8328c539da6e79a118a0b8e97462c7daa77 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/2eead004825d31e8f49022f0bc4ca0d3457b0bb1 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/20f520ed5c8541ae6646bc38d9d3b480785be6c3 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a2b3dd8455da2f17849b55e6b6ddcce587e4a323 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7b0cce080345e5b7ef26d122f18809c93a19a80e NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/875fdf773d6e822364f876bed14c1785a01b45a7 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ab2e97d2f7520d1d9ff36ef421caf2a899e14ce4 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/869e38717fa91325da87c2a4cedc148a770a07ec NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/226804980651bb4eb5f3ba3b9d7e992f2eda4710 NOTE: ImageMagick6 (bugfix): https://github.com/ImageMagick/ImageMagick6/commit/83ec5b5b8ee7cae891fff59340be207b513a030d (6.9.11-41) NOTE: Issue mitigated by disabling ghostscript handled formats based on -SAFER insecurity, NOTE: cf 200-disable-ghostscript-formats.patch in 8:6.9.10.23+dfsg-2.1+deb10u1, but opens NOTE: #964090. NOTE: 2 vectors for IM6: NOTE: - stealth (ps:* delegates, hard-coded options) NOTE: broken between 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2) and 8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1) NOTE: '-authenticate' replaced by '-define authenticate=' between 8787fc6de99078fde055bd400b14e1ce3a2971f9 (6.9.8-1) and 83ec5b above NOTE: - bimodal ('-define delegate:bimodal=true' + pdf->(e)ps delegates, %a expansion) after 78c7532f3ff5424de06e5d807cbb35c041bd2990 (6.9.4-2) CVE-2020-29598 REJECTED CVE-2020-29597 (IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file ...) NOT-FOR-US: IncomCMS CVE-2020-29596 (MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial o ...) NOT-FOR-US: MiniWeb HTTP server CVE-2020-29595 (PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 ...) NOT-FOR-US: ACDSee Photo Studio Studio Professional CVE-2020-29594 (Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x be ...) NOT-FOR-US: Rocket.Chat CVE-2020-29593 (An issue was discovered in Orchard before 1.10. The Media Settings All ...) NOT-FOR-US: Orchard CMS CVE-2020-29592 (An issue was discovered in Orchard before 1.10. A broken access contro ...) NOT-FOR-US: Orchard CMS CVE-2020-29591 (Versions of the Official registry Docker images through 2.7.0 contain ...) NOT-FOR-US: registry Docker image CVE-2020-29590 REJECTED CVE-2020-29589 REJECTED CVE-2020-29588 RESERVED CVE-2020-29587 (SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creat ...) NOT-FOR-US: SimplCommerce CVE-2020-29586 RESERVED CVE-2020-29585 RESERVED CVE-2020-29584 RESERVED CVE-2020-29583 (Firmware version 4.60 of Zyxel USG devices contains an undocumented ac ...) NOT-FOR-US: Zyxel CVE-2020-29582 (In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for ...) - kotlin (bug #1001037) NOTE: https://youtrack.jetbrains.com/issue/KT-42181 (not public) CVE-2020-29581 (The official spiped docker images before 1.5-alpine contain a blank pa ...) NOT-FOR-US: spiped Docker images CVE-2020-29580 (The official storm Docker images before 1.2.1 contain a blank password ...) NOT-FOR-US: storm Docker images CVE-2020-29579 (The official Express Gateway Docker images before 1.14.0 contain a bla ...) NOT-FOR-US: Express Gateway Docker images CVE-2020-29578 (The official piwik Docker images before fpm-alpine (Alpine specific) c ...) NOT-FOR-US: piwik Docker images CVE-2020-29577 (The official znc docker images before 1.7.1-slim contain a blank passw ...) NOT-FOR-US: znc Docker images CVE-2020-29576 (The official eggdrop Docker images before 1.8.4rc2 contain a blank pas ...) NOT-FOR-US: eggdrop Docker images CVE-2020-29575 (The official elixir Docker images before 1.8.0-alpine (Alpine specific ...) NOT-FOR-US: elixir Docker images CVE-2020-29574 (An SQL injection vulnerability in the WebAdmin of Cyberoam OS through ...) NOT-FOR-US: WebAdmin of Cyberoam OS CVE-2020-29573 (sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) befo ...) - glibc 2.23-1 NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26649 NOTE: https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1905213#c5 NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;h=d81f90ccd0109de9ed78aeeb8d86e2c6d4600690 (glibc-2.22) NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;h=8df4e219e43a4a257d0759b54fef8c488e2f282e (glibc-2.23) CVE-2020-29572 (app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp ...) NOT-FOR-US: MISP CVE-2020-29571 (An issue was discovered in Xen through 4.14.x. A bounds check common t ...) {DSA-4812-1} - xen 4.14.0+88-g1d1d1f5391-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-359.html CVE-2020-29570 (An issue was discovered in Xen through 4.14.x. Recording of the per-vC ...) {DSA-4812-1} - xen 4.14.0+88-g1d1d1f5391-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-358.html CVE-2020-29569 (An issue was discovered in the Linux kernel through 5.10.1, as used wi ...) {DSA-4843-1 DLA-2586-1 DLA-2557-1} - linux 5.9.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-350.html CVE-2020-29568 (An issue was discovered in Xen through 4.14.x. Some OSes (such as Linu ...) {DSA-4843-1 DLA-2586-1 DLA-2557-1} - linux 5.9.15-1 NOTE: https://xenbits.xen.org/xsa/advisory-349.html CVE-2020-29567 (An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs t ...) - xen 4.14.0+88-g1d1d1f5391-1 [buster] - xen (Only affects 4.14) [stretch] - xen (Only affects 4.14) NOTE: https://xenbits.xen.org/xsa/advisory-356.html CVE-2020-29566 (An issue was discovered in Xen through 4.14.x. When they require assis ...) {DSA-4812-1} - xen 4.14.0+88-g1d1d1f5391-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-348.html CVE-2020-29565 (An issue was discovered in OpenStack Horizon before 15.3.2, 16.x befor ...) {DSA-4820-1} - horizon 3:18.6.1-1 (bug #976872) [stretch] - horizon (Minor issue) NOTE: https://bugs.launchpad.net/horizon/+bug/1865026 NOTE: https://review.opendev.org/c/openstack/horizon/+/758841/ NOTE: https://review.opendev.org/c/openstack/horizon/+/758843/ NOTE: https://opendev.org/openstack/horizon/commit/252467100f75587e18df9c43ed5802ee8f0017fa CVE-2020-29564 (The official Consul Docker images 0.7.1 through 1.4.2 contain a blank ...) NOT-FOR-US: Consul Docker images CVE-2020-29563 (An issue was discovered on Western Digital My Cloud OS 5 devices befor ...) NOT-FOR-US: Western Digital My Cloud OS CVE-2020-29562 (The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2 ...) - glibc 2.31-7 (bug #976391) [buster] - glibc (Vulnerability introduced later in 2.30) [stretch] - glibc (Vulnerability introduced later in 2.30) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26923 NOTE: https://sourceware.org/pipermail/libc-alpha/2020-November/119822.html NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=228edd356f03bf62dcf2b1335f25d43c602ee68d CVE-2020-29561 (An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does ...) NOT-FOR-US: SonicBOOM riscv-boom CVE-2020-29560 RESERVED CVE-2020-29559 RESERVED CVE-2020-29558 RESERVED CVE-2020-29557 (An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 bef ...) NOT-FOR-US: D-Link CVE-2020-29556 (The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an aut ...) NOT-FOR-US: Grav CMS CVE-2020-29555 (The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows ...) NOT-FOR-US: Grav CMS CVE-2020-29554 RESERVED CVE-2020-29553 (The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to ex ...) NOT-FOR-US: Grav CMS CVE-2020-29552 (An issue was discovered in URVE Build 24.03.2020. By using the _intern ...) NOT-FOR-US: URVE CVE-2020-29551 (An issue was discovered in URVE Build 24.03.2020. Using the _internal/ ...) NOT-FOR-US: URVE CVE-2020-29550 (An issue was discovered in URVE Build 24.03.2020. The password of an i ...) NOT-FOR-US: URVE CVE-2020-29549 RESERVED CVE-2020-29548 (An issue was discovered in SmarterTools SmarterMail through 100.0.7537 ...) NOT-FOR-US: SmarterTools CVE-2020-29547 RESERVED - citadel [buster] - citadel (Minor issue) [stretch] - citadel (Minor issue, revisit when fixed upstream) NOTE: https://uncensored.citadel.org/readfwd?go=Citadel Security?view=0?start_reading_at=2099264259#2099264259 NOTE: https://nostarttls.secvuln.info/ NOTE: CVE-2020-29547 and CVE-2021-37845 seem like dupes CVE-2020-29546 RESERVED CVE-2020-29545 RESERVED CVE-2020-29544 RESERVED CVE-2020-29543 RESERVED CVE-2020-29542 RESERVED CVE-2020-29541 RESERVED CVE-2020-29540 (API calls in the Translation API feature in Systran Pure Neural Server ...) NOT-FOR-US: Systran Pure Neural Server CVE-2020-29539 (A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pur ...) NOT-FOR-US: Systran Pure Neural Server CVE-2020-29538 (Archer before 6.9 P1 (6.9.0.1) contains an improper access control vul ...) NOT-FOR-US: Archer CVE-2020-29537 (Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnera ...) NOT-FOR-US: Archer CVE-2020-29536 (Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerab ...) NOT-FOR-US: Archer CVE-2020-29535 (Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A ...) NOT-FOR-US: Archer CVE-2020-29533 RESERVED CVE-2020-29532 RESERVED CVE-2020-29531 RESERVED CVE-2020-29530 RESERVED CVE-2020-29534 (An issue was discovered in the Linux kernel before 5.9.3. io_uring tak ...) - linux 5.9.6-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2089 NOTE: https://git.kernel.org/linus/0f2122045b946241a9e549c2a76cea54fa58a7ff CVE-2020-29529 (HashiCorp go-slug up to 0.4.3 did not fully protect against directory ...) - golang-github-hashicorp-go-slug 0.5.0-1 (bug #976873) NOTE: https://github.com/hashicorp/go-slug/pull/12 CVE-2020-29528 RESERVED CVE-2020-29527 RESERVED CVE-2020-29526 RESERVED CVE-2020-29525 RESERVED CVE-2020-29524 RESERVED CVE-2020-29523 RESERVED CVE-2020-29522 RESERVED CVE-2020-29521 RESERVED CVE-2020-29520 RESERVED CVE-2020-29519 RESERVED CVE-2020-29518 RESERVED CVE-2020-29517 RESERVED CVE-2020-29516 RESERVED CVE-2020-29515 RESERVED CVE-2020-29514 RESERVED CVE-2020-29513 RESERVED CVE-2020-29512 RESERVED CVE-2020-29511 (The encoding/xml package in Go (all versions) does not correctly prese ...) - golang-1.15 (unimportant) - golang-1.11 (unimportant) - golang-1.8 [stretch] - golang-1.8 (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship) - golang-1.7 [stretch] - golang-1.7 (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship) NOTE: https://github.com/golang/go/issues/43168 NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ NOTE: Upstream considers this WONTFIX and requires validation/updates in potentially affected SAML libs CVE-2020-29510 (The encoding/xml package in Go versions 1.15 and earlier does not corr ...) - golang-1.15 (unimportant) - golang-1.11 (unimportant) - golang-1.8 [stretch] - golang-1.8 (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship) - golang-1.7 [stretch] - golang-1.7 (deemed unfixable by upstream who shifts responsibility to saml packages we don't ship) NOTE: https://github.com/golang/go/issues/43168 NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ NOTE: Upstream considers this WONTFIX and requires validation/updates in potentially affected SAML libs CVE-2020-29509 (The encoding/xml package in Go (all versions) does not correctly prese ...) - golang-github-russellhaering-gosaml2 (bug #948190) - golang-1.15 (unimportant) - golang-1.11 (unimportant) - golang-1.8 (unimportant) - golang-1.7 (unimportant) NOTE: Golang upstream does not consider the issue to be fixable in Go, instead NOTE: shifts responsibility to saml packages. NOTE: https://github.com/golang/go/issues/43168 NOTE: https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/ NOTE: https://github.com/russellhaering/gosaml2/security/advisories/GHSA-xhqq-x44f-9fgg CVE-2020-29508 RESERVED CVE-2020-29507 RESERVED CVE-2020-29506 RESERVED CVE-2020-29505 RESERVED CVE-2020-29504 RESERVED CVE-2020-29503 (Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file per ...) NOT-FOR-US: EMC PowerStore CVE-2020-29502 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...) NOT-FOR-US: EMC PowerStore CVE-2020-29501 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...) NOT-FOR-US: EMC PowerStore CVE-2020-29500 (Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Te ...) NOT-FOR-US: EMC PowerStore CVE-2020-29499 (Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Comm ...) NOT-FOR-US: EMC PowerStore CVE-2020-29498 (Dell Wyse Management Suite versions prior to 3.1 contain an open redir ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2020-29497 (Dell Wyse Management Suite versions prior to 3.1 contain a stored cros ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2020-29496 (Dell Wyse Management Suite versions prior to 3.1 contain a stored cros ...) NOT-FOR-US: Dell Wyse Management Suite CVE-2020-29495 (DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Comma ...) NOT-FOR-US: Dell EMC Avamar Server CVE-2020-29494 (Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Trav ...) NOT-FOR-US: Dell EMC Avamar Server CVE-2020-29493 (DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injec ...) NOT-FOR-US: Dell EMC Avamar Server CVE-2020-29492 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...) NOT-FOR-US: Dell Wyse ThinOS CVE-2020-29491 (Dell Wyse ThinOS 8.6 and prior versions contain an insecure default co ...) NOT-FOR-US: Dell Wyse ThinOS CVE-2020-29490 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...) NOT-FOR-US: EMC CVE-2020-29489 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...) NOT-FOR-US: EMC CVE-2020-29488 RESERVED CVE-2020-29487 (An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstor ...) NOT-FOR-US: xapi CVE-2020-29486 (An issue was discovered in Xen through 4.14.x. Nodes in xenstore have ...) {DSA-4812-1} - xen 4.14.0+88-g1d1d1f5391-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-352.html CVE-2020-29485 (An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a ...) {DSA-4812-1} - xen 4.14.0+88-g1d1d1f5391-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-330.html CVE-2020-29484 (An issue was discovered in Xen through 4.14.x. When a Xenstore watch f ...) {DSA-4812-1} - xen 4.14.0+88-g1d1d1f5391-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-324.html CVE-2020-29483 (An issue was discovered in Xen through 4.14.x. Xenstored and guests co ...) {DSA-4812-1} - xen 4.14.0+88-g1d1d1f5391-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-325.html CVE-2020-29482 (An issue was discovered in Xen through 4.14.x. A guest may access xens ...) {DSA-4812-1} - xen 4.14.0+88-g1d1d1f5391-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-323.html CVE-2020-29481 (An issue was discovered in Xen through 4.14.x. Access rights of Xensto ...) {DSA-4812-1} - xen 4.14.0+88-g1d1d1f5391-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-322.html CVE-2020-29480 (An issue was discovered in Xen through 4.14.x. Neither xenstore implem ...) {DSA-4812-1} - xen 4.14.0+88-g1d1d1f5391-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-115.html CVE-2020-29479 (An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored ...) {DSA-4812-1} - xen 4.14.0+88-g1d1d1f5391-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-353.html CVE-2020-29478 (CA Service Catalog 17.2 and 17.3 contain a vulnerability in the defaul ...) NOT-FOR-US: CA Service Catalog CVE-2020-29477 (Invision Community 4.5.4 is affected by cross-site scripting (XSS) in ...) NOT-FOR-US: Invision Community CVE-2020-29476 RESERVED CVE-2020-29475 (nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in th ...) NOT-FOR-US: nopCommerce Store CVE-2020-29474 (EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerabi ...) NOT-FOR-US: EGavilan Media EGM Address Book CVE-2020-29473 RESERVED CVE-2020-29472 (EGavilan Media Under Construction page with cPanel 1.0 contains a SQL ...) NOT-FOR-US: cPanel CVE-2020-29471 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Prof ...) NOT-FOR-US: OpenCart CVE-2020-29470 (OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subj ...) NOT-FOR-US: OpenCart CVE-2020-29469 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu ...) NOT-FOR-US: WonderCMS CVE-2020-29468 RESERVED CVE-2020-29467 RESERVED CVE-2020-29466 RESERVED CVE-2020-29465 RESERVED CVE-2020-29464 RESERVED CVE-2020-29463 RESERVED CVE-2020-29462 RESERVED CVE-2020-29461 RESERVED CVE-2020-29460 RESERVED CVE-2020-29459 RESERVED CVE-2020-29458 (Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. ...) NOT-FOR-US: Textpattern CMS CVE-2020-29457 (A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4. ...) NOT-FOR-US: OPC UA .NET CVE-2020-29456 (Multiple cross-site scripting (XSS) vulnerabilities in Papermerge befo ...) NOT-FOR-US: Papermerge CVE-2020-29455 (A cross-Site Scripting (XSS) vulnerability in this.showInvalid and thi ...) NOT-FOR-US: SmartyStreets liveAddressPlugin.js CVE-2020-29454 (Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user ...) NOT-FOR-US: Umbraco CMS CVE-2020-29453 (The CachingResourceDownloadRewriteRule class in Jira Server and Jira D ...) NOT-FOR-US: Atlassian CVE-2020-29452 RESERVED CVE-2020-29451 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-29450 (Affected versions of Atlassian Confluence Server and Data Center allow ...) NOT-FOR-US: Atlassian CVE-2020-29449 RESERVED CVE-2020-29448 (The ConfluenceResourceDownloadRewriteRule class in Confluence Server a ...) NOT-FOR-US: Atlassian CVE-2020-29447 (Affected versions of Atlassian Crucible allow remote attackers to impa ...) NOT-FOR-US: Atlassian CVE-2020-29446 (Affected versions of Atlassian Fisheye & Crucible allow remote att ...) NOT-FOR-US: Atlassian CVE-2020-29445 (Affected versions of Confluence Server before 7.4.8, and versions from ...) NOT-FOR-US: Atlassian CVE-2020-29444 (Affected versions of Team Calendar in Confluence Server before 7.11.0 ...) NOT-FOR-US: Atlassian CVE-2020-29443 (ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of- ...) {DLA-2560-1} - qemu 1:5.2+dfsg-11 (bug #983575) [buster] - qemu (Fix along in future DSA) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg04255.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=813212288970c39b1800f63e83ac6e96588095c6 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b8d7f1bc59276fec85e4d09f1567613a3e14d31e NOTE: https://www.openwall.com/lists/oss-security/2021/01/18/2 CVE-2020-29442 RESERVED CVE-2020-29441 (An issue was discovered in the Upload Widget in OutSystems Platform 10 ...) NOT-FOR-US: Upload Widget in OutSystems Platform 10 CVE-2020-29440 (Tesla Model X vehicles before 2020-11-23 do not perform certificate va ...) NOT-FOR-US: Tesla Model X vehicles CVE-2020-29439 (Tesla Model X vehicles before 2020-11-23 have key fobs that rely on fi ...) NOT-FOR-US: Tesla Model X vehicles CVE-2020-29438 (Tesla Model X vehicles before 2020-11-23 have key fobs that accept fir ...) NOT-FOR-US: Tesla Model X vehicles CVE-2020-29437 (SQL injection in the Buzz module of OrangeHRM through 4.6 allows remot ...) NOT-FOR-US: OrangeHRM CVE-2020-29436 (Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-29435 RESERVED CVE-2020-29434 RESERVED CVE-2020-29433 RESERVED CVE-2020-29432 RESERVED CVE-2020-29431 RESERVED CVE-2020-29430 RESERVED CVE-2020-29429 RESERVED CVE-2020-29428 RESERVED CVE-2020-29427 RESERVED CVE-2020-29426 RESERVED CVE-2020-29425 RESERVED CVE-2020-29424 RESERVED CVE-2020-29423 RESERVED CVE-2020-29422 RESERVED CVE-2020-29421 RESERVED CVE-2020-29420 RESERVED CVE-2020-29419 RESERVED CVE-2020-29418 RESERVED CVE-2020-29417 RESERVED CVE-2020-29416 RESERVED CVE-2020-29415 RESERVED CVE-2020-29414 RESERVED CVE-2020-29413 RESERVED CVE-2020-29412 RESERVED CVE-2020-29411 RESERVED CVE-2020-29410 RESERVED CVE-2020-29409 RESERVED CVE-2020-29408 RESERVED CVE-2020-29407 RESERVED CVE-2020-29406 RESERVED CVE-2020-29405 RESERVED CVE-2020-29404 RESERVED CVE-2020-29403 RESERVED CVE-2020-29402 RESERVED CVE-2020-29401 RESERVED CVE-2020-29400 RESERVED CVE-2020-29399 RESERVED CVE-2020-29398 RESERVED CVE-2020-29397 RESERVED CVE-2020-29396 (A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterp ...) - odoo (Fixed before initial upload to Debian) NOTE: https://github.com/odoo/odoo/issues/63712 CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS v ...) NOT-FOR-US: EventON plugin for WordPress CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in dlt_common.c from ...) - dlt-daemon 2.18.5-0.3 (bug #976228) [buster] - dlt-daemon (Minor issue) NOTE: https://github.com/GENIVI/dlt-daemon/issues/274 NOTE: https://github.com/GENIVI/dlt-daemon/pull/275 NOTE: https://github.com/GENIVI/dlt-daemon/commit/ff4f44c159df6f44b48bd38c9d2f104eb360be11 CVE-2020-29393 RESERVED CVE-2020-29392 (The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* ...) NOT-FOR-US: Estil Hill Lock Password Manager Safe app for iOS CVE-2020-29391 RESERVED CVE-2020-29390 (Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi ...) NOT-FOR-US: Zeroshell CVE-2020-29389 (The official Crux Linux Docker images 3.0 through 3.4 contain a blank ...) NOT-FOR-US: Crux Linux Docker images CVE-2020-29388 RESERVED CVE-2020-29387 RESERVED CVE-2020-29386 RESERVED CVE-2020-29385 (GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of serv ...) - gdk-pixbuf 2.42.2+dfsg-1 (bug #977166) [buster] - gdk-pixbuf (Vulnerable code not present) [stretch] - gdk-pixbuf (Vulnerable code not present) NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/commit/bdd3acbd48a575d418ba6bf1b32d7bda2fae1c81 NOTE: https://gitlab.gnome.org/GNOME/gdk-pixbuf/-/issues/164 CVE-2020-29384 (An issue was discovered in PNGOUT 2020-01-15. When compressing a craft ...) NOT-FOR-US: PNGOUT CVE-2020-29383 (An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1. ...) NOT-FOR-US: V-SOL devices CVE-2020-29382 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 ...) NOT-FOR-US: V-SOL devices CVE-2020-29381 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4 ...) NOT-FOR-US: V-SOL devices CVE-2020-29380 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4 ...) NOT-FOR-US: V-SOL devices CVE-2020-29379 (An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1. ...) NOT-FOR-US: V-SOL devices CVE-2020-29378 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4 ...) NOT-FOR-US: V-SOL devices CVE-2020-29377 (An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The stri ...) NOT-FOR-US: V-SOL devices CVE-2020-29376 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4 ...) NOT-FOR-US: V-SOL devices CVE-2020-29375 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4 ...) NOT-FOR-US: V-SOL devices CVE-2020-29374 (An issue was discovered in the Linux kernel before 5.7.3, related to m ...) {DLA-2690-1 DLA-2689-1} - linux 5.7.6-1 [buster] - linux 4.19.194-1 NOTE: https://git.kernel.org/linus/17839856fd588f4ab6b789f482ed3ffd7c403e1f NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 CVE-2020-29373 (An issue was discovered in fs/io_uring.c in the Linux kernel before 5. ...) - linux 5.6.7-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/ff002b30181d30cdfbca316dadd099c3ca0d739c NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2011 CVE-2020-29372 (An issue was discovered in do_madvise in mm/madvise.c in the Linux ker ...) - linux 5.6.14-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/bc0c4d1e176eeb614dc8734fc3ace34292771f11 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2029 CVE-2020-29371 (An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the ...) - linux 5.8.7-1 [buster] - linux 4.19.146-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/bcf85fcedfdd17911982a3e3564fcfec7b01eebd NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2077 CVE-2020-29370 (An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the L ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/fd4d9c7d0c71866ec0c2825189ebd2ce35bd95b8 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2022 CVE-2020-29369 (An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11 ...) - linux 5.7.17-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/246c320a8cfe0b11d81a4af38fa9985ef0cc9a4c NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2056 CVE-2020-29368 (An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the ...) - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/c444eb564fb16645c172d550359cb3d75fe8a040 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 CVE-2020-29367 (blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffe ...) NOT-FOR-US: C-Blosc2 CVE-2020-29366 RESERVED CVE-2020-29365 RESERVED CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines vulnerable to stored x ...) NOT-FOR-US: NetArt News Lister CVE-2020-29363 (An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-base ...) {DSA-4822-1} - p11-kit 0.23.22-1 [stretch] - p11-kit (Vulnerable code introduced later) NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5j67-fw89-fp6x NOTE: https://github.com/p11-glue/p11-kit/commit/2617f3ef888e103324a28811886b99ed0a56346d (0.23.22) NOTE: Introduced in https://github.com/p11-glue/p11-kit/commit/ba49b85ecf280e7fb6eec96c3ef33c50122e75a6 (0.23.6) CVE-2020-29362 (An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-base ...) {DSA-4822-1 DLA-2513-1} - p11-kit 0.23.22-1 NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-5wpq-43j2-6qwc NOTE: https://github.com/p11-glue/p11-kit/commit/bda2f543ff8e0195c90e849379ef1585d00677bc (0.23.22) NOTE: Introduced in https://github.com/p11-glue/p11-kit/commit/c785ab66890ad7b73c556d6afdf2bb8a32dd50e2 (0.21.1) CVE-2020-29361 (An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple in ...) {DSA-4822-1 DLA-2513-1} - p11-kit 0.23.22-1 NOTE: https://lists.freedesktop.org/archives/p11-glue/2020-December/000712.html NOTE: https://github.com/p11-glue/p11-kit/security/advisories/GHSA-q4r3-hm6m-mvc2 NOTE: https://github.com/p11-glue/p11-kit/commit/5307a1d21a50cacd06f471a873a018d23ba4b963 (0.23.22) NOTE: https://github.com/p11-glue/p11-kit/commit/bd670b1d4984b27d6a397b9ddafaf89ab26e4e7f (0.23.22) CVE-2020-29360 RESERVED CVE-2020-29359 RESERVED CVE-2020-29358 RESERVED CVE-2020-29357 RESERVED CVE-2020-29356 RESERVED CVE-2020-29355 RESERVED CVE-2020-29354 RESERVED CVE-2020-29353 RESERVED CVE-2020-29352 RESERVED CVE-2020-29351 RESERVED CVE-2020-29350 RESERVED CVE-2020-29349 RESERVED CVE-2020-29348 RESERVED CVE-2020-29347 RESERVED CVE-2020-29346 RESERVED CVE-2020-29345 RESERVED CVE-2020-29344 RESERVED CVE-2020-29343 RESERVED CVE-2020-29342 RESERVED CVE-2020-29341 RESERVED CVE-2020-29340 RESERVED CVE-2020-29339 RESERVED CVE-2020-29338 RESERVED CVE-2020-29337 RESERVED CVE-2020-29336 RESERVED CVE-2020-29335 RESERVED CVE-2020-29334 RESERVED CVE-2020-29333 RESERVED CVE-2020-29332 RESERVED CVE-2020-29331 RESERVED CVE-2020-29330 RESERVED CVE-2020-29329 RESERVED CVE-2020-29328 RESERVED CVE-2020-29327 RESERVED CVE-2020-29326 RESERVED CVE-2020-29325 RESERVED CVE-2020-29324 (The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials di ...) NOT-FOR-US: D-Link CVE-2020-29323 (The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to cred ...) NOT-FOR-US: D-Link CVE-2020-29322 (The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosur ...) NOT-FOR-US: D-Link CVE-2020-29321 (The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosur ...) NOT-FOR-US: D-Link CVE-2020-29320 RESERVED CVE-2020-29319 RESERVED CVE-2020-29318 RESERVED CVE-2020-29317 RESERVED CVE-2020-29316 RESERVED CVE-2020-29315 (ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows r ...) NOT-FOR-US: ThinkAdmin CVE-2020-29314 RESERVED CVE-2020-29313 RESERVED CVE-2020-29312 RESERVED CVE-2020-29311 (Ubilling v1.0.9 allows Remote Command Execution as Root user by execut ...) NOT-FOR-US: Ubilling CVE-2020-29310 RESERVED CVE-2020-29309 RESERVED CVE-2020-29308 RESERVED CVE-2020-29307 RESERVED CVE-2020-29306 RESERVED CVE-2020-29305 RESERVED CVE-2020-29304 (A cross-site scripting (XSS) vulnerability exists in the SabaiApps Wor ...) NOT-FOR-US: SabaiApps WordPress Directories Pro plugin CVE-2020-29303 (A cross-site scripting (XSS) vulnerability in the SabaiApp Directories ...) NOT-FOR-US: SabaiApp Directories Pro plugin for WordPress CVE-2020-29302 RESERVED CVE-2020-29301 RESERVED CVE-2020-29300 RESERVED CVE-2020-29299 (Certain Zyxel products allow command injection by an admin via an inpu ...) NOT-FOR-US: Zyxel CVE-2020-29298 RESERVED CVE-2020-29297 RESERVED CVE-2020-29296 RESERVED CVE-2020-29295 RESERVED CVE-2020-29294 RESERVED CVE-2020-29293 RESERVED CVE-2020-29292 RESERVED CVE-2020-29291 RESERVED CVE-2020-29290 RESERVED CVE-2020-29289 RESERVED CVE-2020-29288 (An SQL injection vulnerability was discovered in Gym Management System ...) NOT-FOR-US: Gym Management System CVE-2020-29287 (An SQL injection vulnerability was discovered in Car Rental Management ...) NOT-FOR-US: Car Rental Management System CVE-2020-29286 RESERVED CVE-2020-29285 (SQL injection vulnerability was discovered in Point of Sales in PHP/PD ...) NOT-FOR-US: Point of Sales in PHP/PDO CVE-2020-29284 (The file view-chair-list.php in Multi Restaurant Table Reservation Sys ...) NOT-FOR-US: Multi Restaurant Table Reservation System CVE-2020-29283 (An SQL injection vulnerability was discovered in Online Doctor Appoint ...) NOT-FOR-US: Online Doctor Appointment Booking System CVE-2020-29282 (SQL injection vulnerability in BloodX 1.0 allows attackers to bypass a ...) NOT-FOR-US: BloodX CVE-2020-29281 RESERVED CVE-2020-29280 (The Victor CMS v1.0 application is vulnerable to SQL injection via the ...) NOT-FOR-US: Victor CMS CVE-2020-29279 (PHP remote file inclusion in the assign_resume_tpl method in Applicati ...) NOT-FOR-US: 74CMS CVE-2020-29278 RESERVED CVE-2020-29277 RESERVED CVE-2020-29276 RESERVED CVE-2020-29275 RESERVED CVE-2020-29274 RESERVED CVE-2020-29273 RESERVED CVE-2020-29272 RESERVED CVE-2020-29271 RESERVED CVE-2020-29270 RESERVED CVE-2020-29269 RESERVED CVE-2020-29268 RESERVED CVE-2020-29267 RESERVED CVE-2020-29266 RESERVED CVE-2020-29265 RESERVED CVE-2020-29264 RESERVED CVE-2020-29263 RESERVED CVE-2020-29262 RESERVED CVE-2020-29261 RESERVED CVE-2020-29260 RESERVED CVE-2020-29259 (Cross-site scripting (XSS) vulnerability in Online Examination System ...) NOT-FOR-US: Online Examination System CVE-2020-29258 (Cross-site scripting (XSS) vulnerability in Online Examination System ...) NOT-FOR-US: Online Examination System CVE-2020-29257 (Cross-site scripting (XSS) vulnerability in Online Examination System ...) NOT-FOR-US: Online Examination System CVE-2020-29256 RESERVED CVE-2020-29255 RESERVED CVE-2020-29254 (TikiWiki 21.2 allows templates to be edited without CSRF protection. T ...) - tikiwiki CVE-2020-29253 RESERVED CVE-2020-29252 RESERVED CVE-2020-29251 RESERVED CVE-2020-29250 (CXUUCMS V3 allows XSS via the first and third input fields to /public/ ...) NOT-FOR-US: CXUUCMS CVE-2020-29249 (CXUUCMS V3 allows class="layui-input" XSS. ...) NOT-FOR-US: CXUUCMS CVE-2020-29248 RESERVED CVE-2020-29247 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin ...) NOT-FOR-US: WonderCMS CVE-2020-29246 RESERVED CVE-2020-29245 (dhowden tag before 2020-11-19 allows "panic: runtime error: slice boun ...) NOT-FOR-US: dhowden tag CVE-2020-29244 (dhowden tag before 2020-11-19 allows "panic: runtime error: slice boun ...) NOT-FOR-US: dhowden tag CVE-2020-29243 (dhowden tag before 2020-11-19 allows "panic: runtime error: index out ...) NOT-FOR-US: dhowden tag CVE-2020-29242 (dhowden tag before 2020-11-19 allows "panic: runtime error: index out ...) NOT-FOR-US: dhowden tag CVE-2020-29241 (Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scri ...) NOT-FOR-US: Online News Portal using PHP/MySQLi CVE-2020-29240 (Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacke ...) NOT-FOR-US: Lepton-CMS CVE-2020-29239 (Online Birth Certificate System Project V 1.0 is affected by cross-sit ...) NOT-FOR-US: Online Birth Certificate System Project CVE-2020-29238 (An integer buffer overflow in the Nginx webserver of ExpressVPN Router ...) NOT-FOR-US: ExpressVPN CVE-2020-29237 RESERVED CVE-2020-29236 RESERVED CVE-2020-29235 RESERVED CVE-2020-29234 RESERVED CVE-2020-29233 (WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page ...) NOT-FOR-US: WonderCMS CVE-2020-29232 RESERVED CVE-2020-29231 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...) NOT-FOR-US: EGavilanMedia User Registration and Login System With Admin Panel CVE-2020-29230 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...) NOT-FOR-US: EGavilanMedia User Registration and Login System With Admin Panel CVE-2020-29229 RESERVED CVE-2020-29228 (EGavilanMedia User Registration and Login System With Admin Panel 1.0 ...) NOT-FOR-US: EGavilanMedia User Registration and Login System With Admin Panel CVE-2020-29227 (An issue was discovered in Car Rental Management System 1.0. An unauth ...) NOT-FOR-US: Car Rental Management System CVE-2020-29226 RESERVED CVE-2020-29225 RESERVED CVE-2020-29224 RESERVED CVE-2020-29223 RESERVED CVE-2020-29222 RESERVED CVE-2020-29221 RESERVED CVE-2020-29220 RESERVED CVE-2020-29219 RESERVED CVE-2020-29218 RESERVED CVE-2020-29217 RESERVED CVE-2020-29216 RESERVED CVE-2020-29215 (A Cross Site Scripting in SourceCodester Employee Management System 1. ...) NOT-FOR-US: SourceCodester CVE-2020-29214 (SQL injection vulnerability in SourceCodester Alumni Management System ...) NOT-FOR-US: SourceCodester CVE-2020-29213 RESERVED CVE-2020-29212 RESERVED CVE-2020-29211 RESERVED CVE-2020-29210 RESERVED CVE-2020-29209 RESERVED CVE-2020-29208 RESERVED CVE-2020-29207 RESERVED CVE-2020-29206 RESERVED CVE-2020-29205 (XSS in signup form in Project Worlds Online Examination System 1.0 all ...) NOT-FOR-US: Project Worlds Online Examination System CVE-2020-29204 (XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-charact ...) NOT-FOR-US: XXL-JOB CVE-2020-29203 (struct2json before 2020-11-18 is affected by a Buffer Overflow because ...) NOT-FOR-US: struct2json CVE-2020-29202 RESERVED CVE-2020-29201 RESERVED CVE-2020-29200 RESERVED CVE-2020-29199 RESERVED CVE-2020-29198 RESERVED CVE-2020-29197 RESERVED CVE-2020-29196 RESERVED CVE-2020-29195 RESERVED CVE-2020-29194 (Panasonic Security System WV-S2231L 4.25 allows a denial of service of ...) NOT-FOR-US: Panasonic CVE-2020-29193 (Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded pa ...) NOT-FOR-US: Panasonic CVE-2020-29192 RESERVED CVE-2020-29191 RESERVED CVE-2020-29190 RESERVED CVE-2020-29189 (Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 ...) NOT-FOR-US: TerraMaster TOS CVE-2020-29188 RESERVED CVE-2020-29187 RESERVED CVE-2020-29186 RESERVED CVE-2020-29185 RESERVED CVE-2020-29184 RESERVED CVE-2020-29183 RESERVED CVE-2020-29182 RESERVED CVE-2020-29181 RESERVED CVE-2020-29180 RESERVED CVE-2020-29179 RESERVED CVE-2020-29178 RESERVED CVE-2020-29177 (Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file dele ...) NOT-FOR-US: Z-BlogPHP CVE-2020-29176 (An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows ...) NOT-FOR-US: Z-BlogPHP CVE-2020-29175 RESERVED CVE-2020-29174 RESERVED CVE-2020-29173 RESERVED CVE-2020-29172 (A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plug ...) NOT-FOR-US: LiteSpeed Cache plugin for WordPress CVE-2020-29171 (Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklis ...) NOT-FOR-US: Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin for WordPress CVE-2020-29170 RESERVED CVE-2020-29169 RESERVED CVE-2020-29168 RESERVED CVE-2020-29167 RESERVED CVE-2020-29166 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by fil ...) NOT-FOR-US: PacsOne Server (PACS Server In One Box) CVE-2020-29165 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by inc ...) NOT-FOR-US: PacsOne Server (PACS Server In One Box) CVE-2020-29164 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cro ...) NOT-FOR-US: PacsOne Server (PACS Server In One Box) CVE-2020-29163 (PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL ...) NOT-FOR-US: PacsOne Server (PACS Server In One Box) CVE-2020-29162 RESERVED CVE-2020-29161 RESERVED CVE-2020-29160 (An issue was discovered in Zammad before 3.5.1. A REST API call allows ...) - zammad (bug #841355) CVE-2020-29159 (An issue was discovered in Zammad before 3.5.1. The default signup Rol ...) - zammad (bug #841355) CVE-2020-29158 (An issue was discovered in Zammad before 3.5.1. An Agent with Customer ...) - zammad (bug #841355) CVE-2020-29157 (An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform ...) NOT-FOR-US: RAONWIZ K Editor CVE-2020-29156 (The WooCommerce plugin before 4.7.0 for WordPress allows remote attack ...) NOT-FOR-US: WooCommerce plugin for WordPress CVE-2020-29155 RESERVED CVE-2020-29154 RESERVED CVE-2020-29153 RESERVED CVE-2020-29152 RESERVED CVE-2020-29151 RESERVED CVE-2020-29150 RESERVED CVE-2020-29149 RESERVED CVE-2020-29148 RESERVED CVE-2020-29147 (A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of W ...) NOT-FOR-US: Wayang-CMS CVE-2020-29146 (A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS ...) NOT-FOR-US: Wayang-CMS CVE-2020-29145 (In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web bas ...) NOT-FOR-US: Ericsson CVE-2020-29144 (In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base ...) NOT-FOR-US: Ericsson CVE-2020-29143 (A SQL injection vulnerability in interface/reports/non_reported.php in ...) NOT-FOR-US: OpenEMR CVE-2020-29142 (A SQL injection vulnerability in interface/usergroup/usergroup_admin.p ...) NOT-FOR-US: OpenEMR CVE-2020-29141 RESERVED CVE-2020-29140 (A SQL injection vulnerability in interface/reports/immunization_report ...) NOT-FOR-US: OpenEMR CVE-2020-29139 (A SQL injection vulnerability in interface/main/finder/patient_select. ...) NOT-FOR-US: OpenEMR CVE-2020-29138 (Incorrect Access Control in the configuration backup path in SAGEMCOM ...) NOT-FOR-US: SAGEMCOM CVE-2020-29137 (cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interf ...) NOT-FOR-US: cPanel CVE-2020-29136 (In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approa ...) NOT-FOR-US: cPanel CVE-2020-29135 (cPanel before 90.0.17 has multiple instances of URL parameter injectio ...) NOT-FOR-US: cPanel CVE-2020-29134 (The TOTVS Fluig platform allows path traversal through the parameter " ...) NOT-FOR-US: TOTVS Fluig Luke CVE-2020-29133 (jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal ...) NOT-FOR-US: Coremail XT CVE-2020-29132 RESERVED CVE-2020-29131 RESERVED CVE-2020-29130 (slirp.c in libslirp through 4.3.1 has a buffer over-read because it tr ...) {DLA-2560-1} - libslirp 4.4.0-1 - qemu 1:4.1-2 [buster] - qemu (Fix along in future DSA) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f (v4.4.0) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-2j37-w439-87q3 CVE-2020-29129 (ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tri ...) - libslirp 4.4.0-1 - qemu 1:4.1-2 [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/2e1dcbc0c2af64fcb17009eaf2ceedd81be2b27f (v4.4.0) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: NC-SI introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=47bb83cad45eb7ce194a8ffd18f73c98edb46aec (QEMU v2.10) NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-2j37-w439-87q3 CVE-2020-29128 (petl before 1.68, in some configurations, allows resolution of entitie ...) NOT-FOR-US: petl CVE-2020-29127 (An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices th ...) NOT-FOR-US: Fujitsu CVE-2020-29126 RESERVED CVE-2020-29125 RESERVED CVE-2020-29124 RESERVED CVE-2020-29123 RESERVED CVE-2020-29122 RESERVED CVE-2020-29121 RESERVED CVE-2020-29120 RESERVED CVE-2020-29119 RESERVED CVE-2020-29118 RESERVED CVE-2020-29117 RESERVED CVE-2020-29116 RESERVED CVE-2020-29115 RESERVED CVE-2020-29114 RESERVED CVE-2020-29113 RESERVED CVE-2020-29112 RESERVED CVE-2020-29111 RESERVED CVE-2020-29110 RESERVED CVE-2020-29109 RESERVED CVE-2020-29108 RESERVED CVE-2020-29107 RESERVED CVE-2020-29106 RESERVED CVE-2020-29105 RESERVED CVE-2020-29104 RESERVED CVE-2020-29103 RESERVED CVE-2020-29102 RESERVED CVE-2020-29101 RESERVED CVE-2020-29100 RESERVED CVE-2020-29099 RESERVED CVE-2020-29098 RESERVED CVE-2020-29097 RESERVED CVE-2020-29096 RESERVED CVE-2020-29095 RESERVED CVE-2020-29094 RESERVED CVE-2020-29093 RESERVED CVE-2020-29092 RESERVED CVE-2020-29091 RESERVED CVE-2020-29090 RESERVED CVE-2020-29089 RESERVED CVE-2020-29088 RESERVED CVE-2020-29087 RESERVED CVE-2020-29086 RESERVED CVE-2020-29085 RESERVED CVE-2020-29084 RESERVED CVE-2020-29083 RESERVED CVE-2020-29082 RESERVED CVE-2020-29081 RESERVED CVE-2020-29080 RESERVED CVE-2020-29079 RESERVED CVE-2020-29078 RESERVED CVE-2020-29077 RESERVED CVE-2020-29076 RESERVED CVE-2020-29075 (Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.3001 ...) NOT-FOR-US: Adobe CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which all ...) {DSA-4799-1 DLA-2490-1} - x11vnc 0.9.16-5 (bug #975875) NOTE: https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a CVE-2020-29073 RESERVED CVE-2020-29072 (A Cross-Site Script Inclusion vulnerability was found on LiquidFiles b ...) NOT-FOR-US: LiquidFiles CVE-2020-29071 (An XSS issue was found in the Shares feature of LiquidFiles before 3.3 ...) NOT-FOR-US: LiquidFiles CVE-2020-29070 (osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user en ...) NOT-FOR-US: osCommerce CVE-2020-29069 (_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network ...) NOT-FOR-US: Modern Honey Network CVE-2020-29068 RESERVED CVE-2020-29067 RESERVED CVE-2020-29066 RESERVED CVE-2020-29065 REJECTED CVE-2020-29064 RESERVED CVE-2020-29063 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) NOT-FOR-US: CDATA CVE-2020-29062 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) NOT-FOR-US: CDATA CVE-2020-29061 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) NOT-FOR-US: CDATA CVE-2020-29060 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) NOT-FOR-US: CDATA CVE-2020-29059 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) NOT-FOR-US: CDATA CVE-2020-29058 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) NOT-FOR-US: CDATA CVE-2020-29057 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) NOT-FOR-US: CDATA CVE-2020-29056 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) NOT-FOR-US: CDATA CVE-2020-29055 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) NOT-FOR-US: CDATA CVE-2020-29054 (An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, ...) NOT-FOR-US: CDATA CVE-2020-29053 (HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_da ...) NOT-FOR-US: HRSALE CVE-2020-29052 RESERVED CVE-2020-29051 RESERVED CVE-2020-29050 [arbitrary file reads by scattered file snippets] RESERVED - sphinxsearch 2.2.11-3 NOTE: Backported for sphinxsearch from: https://github.com/manticoresoftware/manticoresearch/commit/66b5761ad258c60b1866a8e1333f86e74f48035 CVE-2020-29049 RESERVED CVE-2020-29048 RESERVED CVE-2020-29047 (The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote ...) NOT-FOR-US: wp-hotel-booking plugin for WordPress CVE-2020-29046 RESERVED CVE-2020-29045 (The food-and-drink-menu plugin through 2.2.0 for WordPress allows remo ...) NOT-FOR-US: Wordpress plugin CVE-2020-29044 RESERVED CVE-2020-29043 (An issue was discovered in BigBlueButton through 2.2.29. When at attac ...) NOT-FOR-US: BigBlueButton CVE-2020-29042 (An issue was discovered in BigBlueButton through 2.2.29. A brute-force ...) NOT-FOR-US: BigBlueButton CVE-2020-29041 (A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticat ...) NOT-FOR-US: Web-Sesame CVE-2020-29040 (An issue was discovered in Xen through 4.14.x allowing x86 HVM guest O ...) - xen 4.14.0+88-g1d1d1f5391-1 (bug #976109) [buster] - xen (Patches for XSA-346 not applied) [stretch] - xen (Patches for XSA-346 not applied) NOTE: https://xenbits.xen.org/xsa/advisory-355.html NOTE: Issue introduced by changes for XSA-346. CVE-2020-29039 RESERVED CVE-2020-29038 RESERVED CVE-2020-29037 RESERVED CVE-2020-29036 RESERVED CVE-2020-29035 RESERVED CVE-2020-29034 RESERVED CVE-2020-29033 RESERVED CVE-2020-29032 (Upload of Code Without Integrity Check vulnerability in firmware archi ...) NOT-FOR-US: Secomea GateManager CVE-2020-29031 (An Insecure Direct Object Reference vulnerability exists in the web UI ...) NOT-FOR-US: GateManager CVE-2020-29030 (Cross-Site Request Forgery (CSRF) vulnerability in web GUI of Secomea ...) NOT-FOR-US: Secomea GateManager CVE-2020-29029 (Improper Input Validation, Cross-site Scripting (XSS) vulnerability in ...) NOT-FOR-US: Secomea GateManager CVE-2020-29028 (Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateMan ...) NOT-FOR-US: Secomea GateManager CVE-2020-29027 (Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager ...) NOT-FOR-US: Secomea CVE-2020-29026 (A directory traversal vulnerability exists in the file upload function ...) NOT-FOR-US: GateManager CVE-2020-29025 (A vulnerability in SiteManager-Embedded (SM-E) Web server which may al ...) NOT-FOR-US: Secomea CVE-2020-29024 (Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerabi ...) NOT-FOR-US: Secomea CVE-2020-29023 (Improper Encoding or Escaping of Output from CSV Report Generator of S ...) NOT-FOR-US: Secomea CVE-2020-29022 (Failure to Sanitize host header value on output in the GateManager Web ...) NOT-FOR-US: Secomea CVE-2020-29021 (A vulnerability in web UI input field of GateManager allows authentica ...) NOT-FOR-US: GateManager CVE-2020-29020 (Improper Access Control vulnerability in web service of Secomea SiteMa ...) NOT-FOR-US: Secomea CVE-2020-29019 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through ...) NOT-FOR-US: Fortiguard CVE-2020-29018 (A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allo ...) NOT-FOR-US: Fortiguard CVE-2020-29017 (An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3 ...) NOT-FOR-US: Fortiguard CVE-2020-29016 (A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through ...) NOT-FOR-US: Fortiguard CVE-2020-29015 (A blind SQL injection in the user interface of FortiWeb 6.3.0 through ...) NOT-FOR-US: Fortiguard CVE-2020-29014 (A concurrent execution using shared resource with improper synchroniza ...) NOT-FOR-US: Fortiguard CVE-2020-29013 RESERVED CVE-2020-29012 (An insufficient session expiration vulnerability in FortiSandbox versi ...) NOT-FOR-US: FortiGuard CVE-2020-29011 (Instances of SQL Injection vulnerabilities in the checksum search and ...) NOT-FOR-US: FortiSandbox CVE-2020-29010 RESERVED CVE-2020-29009 RESERVED CVE-2020-29008 RESERVED CVE-2020-29007 RESERVED NOT-FOR-US: Score MediaWiki extension NOTE: https://seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/ NOTE: https://phabricator.wikimedia.org/T257062 NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory CVE-2020-29006 (MISP before 2.4.135 lacks an ACL check, related to app/Controller/Gala ...) NOT-FOR-US: MISP CVE-2020-29005 (The API in the Push extension for MediaWiki through 1.35 used cleartex ...) NOT-FOR-US: Push extension for MediaWiki CVE-2020-29004 (The API in the Push extension for MediaWiki through 1.35 did not requi ...) NOT-FOR-US: Push extension for MediaWiki CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via an answ ...) NOT-FOR-US: PollNY MediaWiki extension CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki ...) NOT-FOR-US: CologneBlue MediaWiki skin CVE-2020-29001 (An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW0 ...) NOT-FOR-US: Geeni CVE-2020-29000 (An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A v ...) NOT-FOR-US: Geeni CVE-2020-28999 (An issue was discovered in Apexis Streaming Video Web Application on G ...) NOT-FOR-US: Geeni CVE-2020-28998 (An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A v ...) NOT-FOR-US: Geeni CVE-2020-28997 RESERVED CVE-2020-28996 RESERVED CVE-2020-28995 RESERVED CVE-2020-28994 (A SQL injection vulnerability was discovered in Karenderia Multiple Re ...) NOT-FOR-US: Karenderia Multiple Restaurant System CVE-2020-28993 (A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadba ...) NOT-FOR-US: ATX miniCMTS200a Broadband Gateway CVE-2020-28992 RESERVED CVE-2020-28991 (Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git proto ...) - gitea CVE-2020-28990 RESERVED CVE-2020-28989 RESERVED CVE-2020-28988 RESERVED CVE-2020-28987 RESERVED CVE-2020-28986 RESERVED CVE-2020-28985 RESERVED CVE-2020-28983 RESERVED CVE-2020-28982 RESERVED CVE-2020-28981 RESERVED CVE-2020-28980 RESERVED CVE-2020-28979 RESERVED CVE-2020-28978 (The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability ...) NOT-FOR-US: Canto plugin for WordPress CVE-2020-28977 (The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability ...) NOT-FOR-US: Canto plugin for WordPress CVE-2020-28976 (The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerabili ...) NOT-FOR-US: Canto plugin for WordPress CVE-2020-28984 (prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does ...) {DSA-4798-1 DLA-2505-1} - spip 3.2.8-1 NOTE: https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8 CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used i ...) NOTE: disputed libsvm non issue CVE-2020-28973 (The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to p ...) NOT-FOR-US: ABUS Secvest wireless alarm system FUAA50000 CVE-2020-28972 (In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsp ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2020-26235 (In Rust time crate from version 0.2.7 and before version 0.2.23, unix- ...) - rust-time (Vulnerable methods introduced in v0.2.7) NOTE: https://github.com/time-rs/time/security/advisories/GHSA-wcg3-cvx6-7396 NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0071.html NOTE: https://github.com/time-rs/time/issues/293 NOTE: Introduced by: https://github.com/time-rs/time/commit/5f1c4927124fefbd8d2886f83a574beb381411e9 (v0.2.7) NOTE: Deprecated in: https://github.com/time-rs/time/commit/f153a1ca5fdfec979f16c49619e6034cc67e186d (v0.2.23) CVE-2020-35914 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...) - rust-lock-api (bug #975319) [bullseye] - rust-lock-api (Minor issue) [buster] - rust-lock-api (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html NOTE: https://github.com/Amanieu/parking_lot/pull/262 CVE-2020-35913 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...) - rust-lock-api (bug #975319) [bullseye] - rust-lock-api (Minor issue) [buster] - rust-lock-api (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html NOTE: https://github.com/Amanieu/parking_lot/pull/262 CVE-2020-35912 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...) - rust-lock-api (bug #975319) [bullseye] - rust-lock-api (Minor issue) [buster] - rust-lock-api (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html NOTE: https://github.com/Amanieu/parking_lot/pull/262 CVE-2020-35911 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...) - rust-lock-api (bug #975319) [bullseye] - rust-lock-api (Minor issue) [buster] - rust-lock-api (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html NOTE: https://github.com/Amanieu/parking_lot/pull/262 CVE-2020-35910 (An issue was discovered in the lock_api crate before 0.4.2 for Rust. A ...) - rust-lock-api (bug #975319) [bullseye] - rust-lock-api (Minor issue) [buster] - rust-lock-api (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0070.html NOTE: https://github.com/Amanieu/parking_lot/pull/262 CVE-2020-28971 (An issue was discovered on Western Digital My Cloud OS 5 devices befor ...) NOT-FOR-US: Western Digital My Cloud OS 5 devices CVE-2020-28970 (An issue was discovered on Western Digital My Cloud OS 5 devices befor ...) NOT-FOR-US: Western Digital My Cloud OS 5 devices CVE-2020-28969 (Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allo ...) NOT-FOR-US: Aplioxio PDF ShapingUp CVE-2020-28968 (Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vul ...) NOT-FOR-US: Draytek VigorAP 1000C CVE-2020-28967 (FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'cu ...) NOT-FOR-US: FlashGet CVE-2020-28966 RESERVED CVE-2020-28965 RESERVED CVE-2020-28964 (Internet Download Manager 6.37.11.1 was discovered to contain a stack ...) NOT-FOR-US: Internet Download Manager CVE-2020-28963 (Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to ...) NOT-FOR-US: Passcovery Co. Ltd ZIP Password Recovery CVE-2020-28962 RESERVED CVE-2020-28961 (Perfex CRM v2.4.4 was discovered to contain a stored cross-site script ...) NOT-FOR-US: Perfex CRM CVE-2020-28960 (Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection ...) NOT-FOR-US: Chichen Tech CMS CVE-2020-28959 RESERVED CVE-2020-28958 RESERVED CVE-2020-28957 (Multiple cross-site scripting (XSS) vulnerabilities in the Customer Ad ...) NOT-FOR-US: Foxlor CVE-2020-28956 (Multiple cross-site scripting (XSS) vulnerabilities in the Sales modul ...) NOT-FOR-US: SugarCRM CVE-2020-28955 (SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS ...) NOT-FOR-US: SugarCRM CVE-2020-28954 (web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 la ...) NOT-FOR-US: BigBlueButton CVE-2020-28953 (In BigBlueButton before 2.2.29, a user can vote more than once in a si ...) NOT-FOR-US: BigBlueButton CVE-2020-28952 (An issue was discovered on Athom Homey and Homey Pro devices before 5. ...) NOT-FOR-US: Athom Homey CVE-2020-28951 (libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter ...) NOT-FOR-US: libuci in OpenWrt CVE-2020-28950 (The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4 ...) NOT-FOR-US: installer of Kaspersky Anti-Ransomware Tool (KART) CVE-2020-36193 (Tar.php in Archive_Tar through 1.4.11 allows write operations with Dir ...) {DSA-4894-1 DLA-2621-1 DLA-2530-1} - drupal7 - php-pear 1:1.10.12+submodules+notgz+20210212-1 (bug #980428) NOTE: https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916 NOTE: https://github.com/pear/Archive_Tar/commit/dc721bd8616e05ea89b7abcff4cf1e3e96963183 NOTE: https://github.com/pear/Archive_Tar/commit/b6da5c32254162fa0752616479fb3d3c5297c1cf NOTE: https://github.com/pear/Archive_Tar/commit/7d8782d95f74b5889bfaaad43e74086f1918ec2b NOTE: https://www.drupal.org/sa-core-2021-001 CVE-2020-28949 (Archive_Tar through 1.4.10 has :// filename sanitization only to addre ...) {DSA-4817-1 DLA-2466-1 DLA-2465-1} - drupal7 - php-pear 1:1.10.9+submodules+notgz-1.1 (bug #976108) NOTE: https://github.com/pear/Archive_Tar/issues/33 NOTE: https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da NOTE: https://www.drupal.org/sa-core-2020-013 CVE-2020-28948 (Archive_Tar through 1.4.10 allows an unserialization attack because ph ...) {DSA-4817-1 DLA-2466-1 DLA-2465-1} - drupal7 - php-pear 1:1.10.9+submodules+notgz-1.1 (bug #976108) NOTE: https://github.com/pear/Archive_Tar/issues/33 NOTE: https://github.com/pear/Archive_Tar/commit/0670a05fdab997036a3fc3ef113b8f5922e574da NOTE: https://www.drupal.org/sa-core-2020-013 CVE-2020-28947 (In MISP 2.4.134, XSS exists in the template element index view because ...) NOT-FOR-US: MISP CVE-2020-28946 (An improper webserver configuration on Plum IK-401 devices with firmwa ...) NOT-FOR-US: Plum IK-401 devices CVE-2020-28945 (OX App Suite 7.10.4 and earlier allows XSS via crafted content to reac ...) NOT-FOR-US: OX App Suite CVE-2020-28944 (OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS serve ...) NOT-FOR-US: OX Guard CVE-2020-28943 (OX App Suite 7.10.4 and earlier allows SSRF via a snippet. ...) NOT-FOR-US: OX App Suite CVE-2020-28942 (An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST ...) NOT-FOR-US: PrimeKey EJBCA CVE-2020-28941 (An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c i ...) {DLA-2483-1} - linux 5.9.11-1 [buster] - linux 4.19.160-1 [stretch] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2020/11/19/3 CVE-2020-28940 (On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admi ...) NOT-FOR-US: Western Digital My Cloud OS 5 devices CVE-2020-28939 (OpenClinic version 0.8.2 is affected by a medical/test_new.php insecur ...) NOT-FOR-US: OpenClinic CVE-2020-28938 (OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in ...) NOT-FOR-US: OpenClinic CVE-2020-28937 (OpenClinic version 0.8.2 is affected by a missing authentication vulne ...) NOT-FOR-US: OpenClinic CVE-2020-28936 RESERVED CVE-2020-28935 (NLnet Labs Unbound, up to and including version 1.12.0, and NLnet Labs ...) {DLA-2556-1} - nsd 4.3.4-1 [buster] - nsd (Minor issue) [stretch] - nsd (Minor issue) - unbound 1.13.0-1 (bug #977165) [buster] - unbound (Minor issue) [stretch] - unbound (DSA 4694-1) NOTE: https://www.nlnetlabs.nl/downloads/nsd/CVE-2020-28935.txt NOTE: https://github.com/NLnetLabs/nsd/commit/a4caec3137a1bc9eca05d38d66e2bce572ca9bd3 (NSD_4_3_4_RC1) NOTE: https://github.com/NLnetLabs/unbound/issues/303 NOTE: Fixed by: https://github.com/NLnetLabs/unbound/commit/ad387832979b6ce4c93f64fe706301cd7d034e87 (release-1.13.0rc1) CVE-2020-28934 RESERVED CVE-2020-28933 RESERVED CVE-2020-28932 RESERVED CVE-2020-28931 (Lack of an anti-CSRF token in the entire administrative interface in E ...) NOT-FOR-US: EPSON CVE-2020-28930 (A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete us ...) NOT-FOR-US: Epson CVE-2020-28929 (Unrestricted access to the log downloader functionality in EPSON EPS T ...) NOT-FOR-US: Epson CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular combinati ...) {DLA-2474-1} - musl 1.2.2-1 (bug #975365) [buster] - musl (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4 CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User Registration sectio ...) NOT-FOR-US: Magicpin CVE-2020-28926 (ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code exe ...) {DSA-4806-1 DLA-2489-1} - minidlna 1.2.1+dfsg-3 (bug #976595) NOTE: https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/ NOTE: https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a (v1_3_0) CVE-2020-28925 (Bolt before 3.7.2 does not restrict filter options in a Request in the ...) NOT-FOR-US: Bolt CMS CVE-2020-28924 (An issue was discovered in Rclone before 1.53.3. Due to the use of a w ...) - rclone 1.53.3-1 (bug #975324) [buster] - rclone (Vulnerable code introduced later) [stretch] - rclone (Vulnerable code introduced later) NOTE: https://github.com/rclone/rclone/issues/4783 NOTE: Introduced by: https://github.com/rclone/rclone/commit/193c30d57038017370594d5bc8ee9bc32580ddf2 (v1.49.0) NOTE: Fixed by: https://github.com/rclone/rclone/commit/7985df37681f54d013816a4641da4f9b085b3aa5 (master) NOTE: Fixed by: https://github.com/rclone/rclone/commit/f0905499e340f9e73e2552cf0c8b79cbf14ecbc4 (master) NOTE: Fixed by: https://github.com/rclone/rclone/commit/4c215cc81ec6143ae3c64633700cb341ca28df2d (v1.53.3) NOTE: Fixed by: https://github.com/rclone/rclone/commit/c8b11d27e1fe261fdfba6b8910fda69356c9c777 (v1.53.3) CVE-2020-28923 (An issue was discovered in Play Framework 2.8.0 through 2.8.4. Careful ...) NOT-FOR-US: Play Framework CVE-2020-28922 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...) NOT-FOR-US: Devid Espenschied PC Analyser CVE-2020-28921 (An issue was discovered in Devid Espenschied PC Analyser through 4.10. ...) NOT-FOR-US: Devid Espenschied PC Analyser CVE-2020-28920 RESERVED CVE-2020-28919 RESERVED CVE-2020-28918 (DualShield 5.9.8.0821 allows username enumeration on its login form. A ...) NOT-FOR-US: DualShield CVE-2020-28917 (An issue was discovered in the view_statistics (aka View frontend stat ...) NOT-FOR-US: TYPO3 extension CVE-2020-28916 (hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX desc ...) {DLA-2560-1} - qemu 1:5.2+dfsg-1 (bug #976388; bug #974687) [buster] - qemu (Fix along in future DSA) NOTE: https://www.openwall.com/lists/oss-security/2020/12/01/2 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03185.html NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893895 (duplicate) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-11/msg03552.html (duplicate) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=c2cb511634012344e3d0fe49a037a33b12d8a98a (v5.2.0-rc3) CVE-2020-28915 (A buffer over-read (at the framebuffer layer) in the fbcon code in the ...) - linux 5.9.1-1 [buster] - linux 4.19.152-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/5af08640795b2b9a940c9266c0260455377ae262 CVE-2020-28914 (An improper file permissions vulnerability affects Kata Containers pri ...) NOT-FOR-US: Kata Containers CVE-2020-28913 RESERVED CVE-2020-28912 (With MariaDB running on Windows, when local clients connect to the ser ...) - mariadb-10.5 (Only affects MariaDB on Windows) - mariadb-10.3 (Only affects MariaDB on Windows) - mariadb-10.1 (Only affects MariaDB on Windows) NOTE: https://jira.mariadb.org/browse/MDEV-24040 NOTE: https://github.com/MariaDB/server/commit/3829b408d6 CVE-2020-28911 (Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low ...) NOT-FOR-US: Nagios Fusion CVE-2020-28910 (Creation of a Temporary Directory with Insecure Permissions in Nagios ...) NOT-FOR-US: Nagios XI CVE-2020-28909 (Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows f ...) NOT-FOR-US: Nagios Fusion CVE-2020-28908 (Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privil ...) NOT-FOR-US: Nagios Fusion CVE-2020-28907 (Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlie ...) NOT-FOR-US: Nagios Fusion CVE-2020-28906 (Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios F ...) NOT-FOR-US: Nagios XI CVE-2020-28905 (Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an ...) NOT-FOR-US: Nagios Fusion CVE-2020-28904 (Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earli ...) NOT-FOR-US: Nagios Fusion CVE-2020-28903 (Improper input validation in Nagios Fusion 4.1.8 and earlier allows a ...) NOT-FOR-US: Nagios Fusion CVE-2020-28902 (Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege ...) NOT-FOR-US: Nagios Fusion CVE-2020-28901 (Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privil ...) NOT-FOR-US: Nagios Fusion CVE-2020-28900 (Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 ...) NOT-FOR-US: Nagios Fusion CVE-2020-28899 (The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does ...) NOT-FOR-US: ZyXEL CVE-2020-28898 (In QED ResourceXpress through 4.9k, a large numeric or alphanumeric va ...) NOT-FOR-US: QED ResourceXpress CVE-2020-28897 RESERVED CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $s ...) {DLA-2472-1} - mutt 2.0.2-1 [buster] - mutt 1.10.1-2.1+deb10u4 - neomutt 20201120+dfsg.1-1 [buster] - neomutt 20180716+dfsg.1-1+deb10u2 NOTE: https://gitlab.com/muttmua/mutt/-/commit/04b06aaa3e0cc0022b9b01dbca2863756ebbf59a NOTE: https://github.com/neomutt/neomutt/commit/9c36717a3e2af1f2c1b7242035455ec8112b4b06 CVE-2020-28895 (In Wind River VxWorks, memory allocator has a possible overflow in cal ...) NOT-FOR-US: Wind River VxWorks CVE-2020-28894 RESERVED CVE-2020-28893 RESERVED CVE-2020-28892 RESERVED CVE-2020-28891 RESERVED CVE-2020-28890 RESERVED CVE-2020-28889 RESERVED CVE-2020-28888 RESERVED CVE-2020-28887 RESERVED CVE-2020-28886 RESERVED CVE-2020-28885 RESERVED CVE-2020-28884 RESERVED CVE-2020-28883 RESERVED CVE-2020-28882 RESERVED CVE-2020-28881 RESERVED CVE-2020-28880 RESERVED CVE-2020-28879 RESERVED CVE-2020-28878 RESERVED CVE-2020-28877 (Buffer overflow in in the copy_msg_element function for the devDiscove ...) NOT-FOR-US: TP-Link CVE-2020-28876 RESERVED CVE-2020-28875 RESERVED CVE-2020-28874 (reset-password.php in ProjectSend before r1295 allows remote attackers ...) NOT-FOR-US: ProjectSend CVE-2020-28873 (Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability b ...) NOT-FOR-US: Fluxbb CVE-2020-28872 (An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/ ...) NOT-FOR-US: Monitorr CVE-2020-28871 (Remote code execution in Monitorr v1.7.6m in upload.php allows an unau ...) NOT-FOR-US: Monitorr CVE-2020-28870 (In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code o ...) NOT-FOR-US: InoERP CVE-2020-28869 RESERVED CVE-2020-28868 RESERVED CVE-2020-28867 RESERVED CVE-2020-28866 RESERVED CVE-2020-28865 RESERVED CVE-2020-28864 (Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to caus ...) NOT-FOR-US: WinSCP CVE-2020-28863 RESERVED CVE-2020-28862 RESERVED CVE-2020-28861 (OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to ...) NOT-FOR-US: OpenAsset Digital Asset Management (DAM) CVE-2020-28860 (OpenAssetDigital Asset Management (DAM) through 12.0.19 does not corre ...) NOT-FOR-US: OpenAsset Digital Asset Management (DAM) CVE-2020-28859 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...) NOT-FOR-US: OpenAsset Digital Asset Management (DAM) CVE-2020-28858 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...) NOT-FOR-US: OpenAsset Digital Asset Management (DAM) CVE-2020-28857 (OpenAsset Digital Asset Management (DAM) through 12.0.19, does not cor ...) NOT-FOR-US: OpenAsset Digital Asset Management (DAM) CVE-2020-28856 (OpenAsset Digital Asset Management (DAM) through 12.0.19 does not corr ...) NOT-FOR-US: OpenAsset Digital Asset Management (DAM) CVE-2020-28855 RESERVED CVE-2020-28854 RESERVED CVE-2020-28853 RESERVED CVE-2020-28852 (In x/text in Go before v0.3.5, a "slice bounds out of range" panic occ ...) - golang-golang-x-text 0.3.5-1 (bug #980002) - golang-x-text [stretch] - golang-x-text (Minor issue. Golang has limited support in stretch.) NOTE: https://github.com/golang/go/issues/42536 NOTE: https://github.com/golang/text/commit/4482a914f52311356f6f4b7a695d4075ca22c0c6 (v0.3.5) CVE-2020-28851 (In x/text in Go 1.15.4, an "index out of range" panic occurs in langua ...) - golang-golang-x-text 0.3.6-1 (bug #980001) - golang-x-text [stretch] - golang-x-text (Minor issue. Golang has limited support in stretch.) NOTE: https://github.com/golang/go/issues/42535 CVE-2020-28850 RESERVED CVE-2020-28849 RESERVED CVE-2020-28848 RESERVED CVE-2020-28847 RESERVED CVE-2020-28846 (Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 ...) NOT-FOR-US: SeaCMS CVE-2020-28845 (A CSV injection vulnerability in the Admin portal for Netskope 75.0 al ...) NOT-FOR-US: Admin portal for Netskope CVE-2020-28844 RESERVED CVE-2020-28843 RESERVED CVE-2020-28842 RESERVED CVE-2020-28841 (MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cau ...) NOT-FOR-US: DriverGenius CVE-2020-28840 RESERVED CVE-2020-28839 RESERVED CVE-2020-28838 (Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Open ...) NOT-FOR-US: OpenCart CVE-2020-28837 RESERVED CVE-2020-28836 RESERVED CVE-2020-28835 RESERVED CVE-2020-28834 RESERVED CVE-2020-28833 RESERVED CVE-2020-28832 RESERVED CVE-2020-28831 RESERVED CVE-2020-28830 RESERVED CVE-2020-28829 RESERVED CVE-2020-28828 RESERVED CVE-2020-28827 RESERVED CVE-2020-28826 RESERVED CVE-2020-28825 RESERVED CVE-2020-28824 RESERVED CVE-2020-28823 RESERVED CVE-2020-28822 RESERVED CVE-2020-28821 RESERVED CVE-2020-28820 RESERVED CVE-2020-28819 RESERVED CVE-2020-28818 RESERVED CVE-2020-28817 RESERVED CVE-2020-28816 RESERVED CVE-2020-28815 RESERVED CVE-2020-28814 RESERVED CVE-2020-28813 RESERVED CVE-2020-28812 RESERVED CVE-2020-28811 RESERVED CVE-2020-28810 RESERVED CVE-2020-28809 RESERVED CVE-2020-28808 RESERVED CVE-2020-28807 RESERVED CVE-2020-28806 RESERVED CVE-2020-28805 RESERVED CVE-2020-28804 RESERVED CVE-2020-28803 RESERVED CVE-2020-28802 RESERVED CVE-2020-28801 RESERVED CVE-2020-28800 RESERVED CVE-2020-28799 RESERVED CVE-2020-28798 RESERVED CVE-2020-28797 RESERVED CVE-2020-28796 RESERVED CVE-2020-28795 RESERVED CVE-2020-28794 RESERVED CVE-2020-28793 RESERVED CVE-2020-28792 RESERVED CVE-2020-28791 RESERVED CVE-2020-28790 RESERVED CVE-2020-28789 RESERVED CVE-2020-28788 RESERVED CVE-2020-28787 RESERVED CVE-2020-28786 RESERVED CVE-2020-28785 RESERVED CVE-2020-28784 RESERVED CVE-2020-28783 RESERVED CVE-2020-28782 RESERVED CVE-2020-28781 RESERVED CVE-2020-28780 RESERVED CVE-2020-28779 RESERVED CVE-2020-28778 RESERVED CVE-2020-28777 RESERVED CVE-2020-28776 RESERVED CVE-2020-28775 RESERVED CVE-2020-28774 RESERVED CVE-2020-28773 RESERVED CVE-2020-28772 RESERVED CVE-2020-28771 RESERVED CVE-2020-28770 RESERVED CVE-2020-28769 RESERVED CVE-2020-28768 RESERVED CVE-2020-28767 RESERVED CVE-2020-28766 RESERVED CVE-2020-28765 RESERVED CVE-2020-28764 RESERVED CVE-2020-28763 RESERVED CVE-2020-28762 RESERVED CVE-2020-28761 RESERVED CVE-2020-28760 RESERVED CVE-2020-28759 (** DISPUTED ** The serializer module in OAID Tengine lite-v1.0 has a B ...) NOT-FOR-US: OAID Tengine CVE-2020-28758 RESERVED CVE-2020-28757 RESERVED CVE-2020-28756 RESERVED CVE-2020-28755 RESERVED CVE-2020-28754 RESERVED CVE-2020-28753 RESERVED CVE-2020-28752 RESERVED CVE-2020-28751 RESERVED CVE-2020-28750 RESERVED CVE-2020-28749 RESERVED CVE-2020-28748 RESERVED CVE-2020-28747 RESERVED CVE-2020-28746 RESERVED CVE-2020-28745 RESERVED CVE-2020-28744 RESERVED CVE-2020-28743 RESERVED CVE-2020-28742 RESERVED CVE-2020-28741 RESERVED CVE-2020-28740 RESERVED CVE-2020-28739 RESERVED CVE-2020-28738 RESERVED CVE-2020-28737 RESERVED CVE-2020-28736 (Plone before 5.2.3 allows XXE attacks via a feature that is protected ...) NOT-FOR-US: Plone CVE-2020-28735 (Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (onl ...) NOT-FOR-US: Plone CVE-2020-28734 (Plone before 5.2.3 allows XXE attacks via a feature that is explicitly ...) NOT-FOR-US: Plone CVE-2020-28733 RESERVED CVE-2020-28732 RESERVED CVE-2020-28731 RESERVED CVE-2020-28730 RESERVED CVE-2020-28729 RESERVED CVE-2020-28728 RESERVED CVE-2020-28727 (Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid p ...) NOT-FOR-US: SeedDMS CVE-2020-28726 (Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter ...) NOT-FOR-US: SeedDMS CVE-2020-28725 RESERVED CVE-2020-28724 (Open redirect vulnerability in werkzeug before 0.11.6 via a double sla ...) - python-werkzeug 0.11.9+dfsg1-1 NOTE: https://github.com/pallets/werkzeug/issues/822 NOTE: https://github.com/pallets/werkzeug/pull/890 CVE-2020-28723 (Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. ...) NOT-FOR-US: CloudAvid CVE-2020-28722 (Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 c ...) NOT-FOR-US: Deskpro Cloud Platform CVE-2020-28721 RESERVED CVE-2020-28720 RESERVED CVE-2020-28719 RESERVED CVE-2020-28718 RESERVED CVE-2020-28717 RESERVED CVE-2020-28716 RESERVED CVE-2020-28715 RESERVED CVE-2020-28714 RESERVED CVE-2020-28713 (Incorrect access control in push notification service in Night Owl Sma ...) NOT-FOR-US: Night Owl Smart Doorbell CVE-2020-28712 RESERVED CVE-2020-28711 RESERVED CVE-2020-28710 RESERVED CVE-2020-28709 RESERVED CVE-2020-28708 RESERVED CVE-2020-28707 (The Stockdio Historical Chart plugin before 2.8.1 for WordPress is aff ...) NOT-FOR-US: Stockdio Historical Chart plugin for WordPress CVE-2020-28706 RESERVED CVE-2020-28705 (FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerabi ...) NOT-FOR-US: FUEL CMS CVE-2020-28704 RESERVED CVE-2020-28703 RESERVED CVE-2020-28702 (A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 al ...) NOT-FOR-US: PybbsCMS CVE-2020-28701 RESERVED CVE-2020-28700 RESERVED CVE-2020-28699 RESERVED CVE-2020-28698 RESERVED CVE-2020-28697 RESERVED CVE-2020-28696 RESERVED CVE-2020-28695 (Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices ...) NOT-FOR-US: Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices CVE-2020-28694 RESERVED CVE-2020-28693 (An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an ...) NOT-FOR-US: HorizontCMS CVE-2020-28692 (In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and ...) NOT-FOR-US: Gila CMS CVE-2020-28691 RESERVED CVE-2020-28690 RESERVED CVE-2020-28689 RESERVED CVE-2020-28688 (The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCR ...) NOT-FOR-US: Artworks Gallery CVE-2020-28687 (The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASC ...) NOT-FOR-US: Artworks Gallery CVE-2020-28686 RESERVED CVE-2020-28685 RESERVED CVE-2020-28684 RESERVED CVE-2020-28683 RESERVED CVE-2020-28682 RESERVED CVE-2020-28681 RESERVED CVE-2020-28680 RESERVED CVE-2020-28679 RESERVED CVE-2020-28678 RESERVED CVE-2020-28677 RESERVED CVE-2020-28676 RESERVED CVE-2020-28675 RESERVED CVE-2020-28674 RESERVED CVE-2020-28673 RESERVED CVE-2020-28672 (MonoCMS Blog 1.0 is affected by incorrect access control that can lead ...) NOT-FOR-US: MonoCMS Blog CVE-2020-28671 RESERVED CVE-2020-28670 RESERVED CVE-2020-28669 RESERVED CVE-2020-28668 RESERVED CVE-2020-28667 RESERVED CVE-2020-28666 RESERVED CVE-2020-28665 RESERVED CVE-2020-28664 RESERVED CVE-2020-28663 RESERVED CVE-2020-28662 RESERVED CVE-2020-28661 RESERVED CVE-2020-28660 RESERVED CVE-2020-28659 RESERVED CVE-2020-28658 RESERVED CVE-2020-28657 (In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) a ...) NOT-FOR-US: bPanel CVE-2020-28656 (The update functionality of the Discover Media infotainment system in ...) NOT-FOR-US: 3Discover Media infotainment system in Volkswagen Polo 2019 vehicles CVE-2020-28655 RESERVED CVE-2020-28654 RESERVED CVE-2020-28653 (Zoho ManageEngine OpManager Stable build before 125203 (and Released b ...) NOT-FOR-US: Zoho ManageEngine OpManager Stable CVE-2020-28652 RESERVED CVE-2020-28651 RESERVED CVE-2020-28650 (The WPBakery plugin before 6.4.1 for WordPress allows XSS because it c ...) NOT-FOR-US: WPBakery plugin for WordPress CVE-2020-28649 (The orbisius-child-theme-creator plugin before 1.5.2 for WordPress all ...) NOT-FOR-US: orbisius-child-theme-creator plugin for WordPress CVE-2020-28648 (Improper input validation in the Auto-Discovery component of Nagios XI ...) NOT-FOR-US: Nagios XI CVE-2020-28647 (In Progress MOVEit Transfer before 2020.1, a malicious user could craf ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2020-28646 (ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop ...) - owncloud CVE-2020-28645 (Deleting users with certain names caused system files to be deleted. R ...) - owncloud CVE-2020-28644 (The CSRF (Cross Site Request Forgery) token check was improperly imple ...) - owncloud CVE-2020-28643 RESERVED CVE-2020-28642 (In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail gener ...) NOT-FOR-US: InfiniteWP Admin Panel CVE-2020-28641 (In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an a ...) NOT-FOR-US: Malwarebytes Free CVE-2020-28640 RESERVED CVE-2020-28639 RESERVED CVE-2020-28638 (ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-c ...) - tomb 2.8+dfsg1-1 (bug #974719; bug #975084) [buster] - tomb (Vulnerability introduced later) NOTE: https://github.com/dyne/Tomb/issues/385 NOTE: Introduced by: https://github.com/dyne/Tomb/commit/477ab204439ddb88d7293d3c35a29e29751feda9 (v2.6) NOTE: https://github.com/dyne/Tomb/pull/386 NOTE: Attempted to be fixed via: https://github.com/dyne/Tomb/commit/15c894dfb41db3ea3290bdf8f958fd9e3503c4bb NOTE: which only hides the problem. NOTE: https://github.com/dyne/Tomb/issues/392 CVE-2020-28637 RESERVED CVE-2020-28636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) {DLA-2649-1} - cgal 5.2-3 (bug #985671) [buster] - cgal (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 CVE-2020-28635 RESERVED CVE-2020-28634 RESERVED CVE-2020-28633 RESERVED CVE-2020-28632 RESERVED CVE-2020-28631 RESERVED CVE-2020-28630 RESERVED CVE-2020-28629 RESERVED CVE-2020-28628 RESERVED CVE-2020-28627 RESERVED CVE-2020-28626 RESERVED CVE-2020-28625 RESERVED CVE-2020-28624 RESERVED CVE-2020-28623 RESERVED CVE-2020-28622 RESERVED CVE-2020-28621 RESERVED CVE-2020-28620 RESERVED CVE-2020-28619 RESERVED CVE-2020-28618 RESERVED CVE-2020-28617 RESERVED CVE-2020-28616 RESERVED CVE-2020-28615 RESERVED CVE-2020-28614 RESERVED CVE-2020-28613 RESERVED CVE-2020-28612 RESERVED CVE-2020-28611 RESERVED CVE-2020-28610 RESERVED CVE-2020-28609 RESERVED CVE-2020-28608 RESERVED CVE-2020-28607 RESERVED CVE-2020-28606 RESERVED CVE-2020-28605 RESERVED CVE-2020-28604 RESERVED CVE-2020-28603 RESERVED CVE-2020-28602 RESERVED CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) {DLA-2649-1} - cgal 5.2-3 (bug #985671) [buster] - cgal (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1225 CVE-2020-28600 (An out-of-bounds write vulnerability exists in the import_stl.cc:impor ...) - openscad 2021.01-1 (bug #996020) [buster] - openscad (Minor issue) [stretch] - openscad (Vulnerable code introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1224 NOTE: introduced at https://github.com/openscad/openscad/commit/25ec72ce0770115ad62c17fe10ee7464ac256391 NOTE: vulnerable code removed at https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874 CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import_stl.c ...) - openscad 2021.01-1 (bug #996020) [buster] - openscad (Minor issue) [stretch] - openscad (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1223 NOTE: https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874 CVE-2020-28598 (An out-of-bounds write vulnerability exists in the Admesh stl_fix_norm ...) NOT-FOR-US: Prusa Research PrusaSlicer CVE-2020-28597 (A predictable seed vulnerability exists in the password reset function ...) NOT-FOR-US: Epignosis EfrontPro CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...) NOT-FOR-US: PrusaSlicer CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() ...) NOT-FOR-US: PrusaSlicer CVE-2020-28594 (A use-after-free vulnerability exists in the _3MF_Importer::_handle_en ...) NOT-FOR-US: PrusaSlicer CVE-2020-28593 (A unauthenticated backdoor exists in the configuration server function ...) NOT-FOR-US: Cosori Smart 5.8-Quart Air Fryer CS158-AF CVE-2020-28592 (A heap-based buffer overflow vulnerability exists in the configuration ...) NOT-FOR-US: Cosori Smart 5.8-Quart Air Fryer CS158-AF CVE-2020-28591 (An out-of-bounds read vulnerability exists in the AMF File AMFParserCo ...) - slic3r 1.3.0+dfsg1-4 (unimportant; bug #985620) [stretch] - slic3r (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1215 NOTE: https://github.com/slic3r/Slic3r/issues/5061 NOTE: https://github.com/slic3r/Slic3r/pull/5063 NOTE: Crash in enduser application, no security impact CVE-2020-28590 (An out-of-bounds read vulnerability exists in the Obj File TriangleMes ...) - slic3r (unimportant) [stretch] - slic3r (Vulnerable code not present) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1213 NOTE: https://github.com/slic3r/Slic3r/issues/5074 NOTE: Crash in enduser application, no security impact CVE-2020-28589 (An improper array index validation vulnerability exists in the LoadObj ...) - tinyobjloader NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1212 CVE-2020-28588 (An information disclosure vulnerability exists in the /proc/pid/syscal ...) - linux 5.9.15-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4f134b89a24b965991e7c345b9a4591821f7c2a6 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211 CVE-2020-28587 (A specially crafted document can cause the document parser to copy dat ...) NOT-FOR-US: SoftMaker CVE-2020-28586 RESERVED CVE-2020-28585 RESERVED CVE-2020-28584 RESERVED CVE-2020-28583 (An improper access control information disclosure vulnerability in Tre ...) NOT-FOR-US: Trend Micro CVE-2020-28582 (An improper access control information disclosure vulnerability in Tre ...) NOT-FOR-US: Trend Micro CVE-2020-28581 (A command injection vulnerability in ModifyVLANItem of Trend Micro Int ...) NOT-FOR-US: Trend Micro CVE-2020-28580 (A command injection vulnerability in AddVLANItem of Trend Micro InterS ...) NOT-FOR-US: Trend Micro CVE-2020-28579 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-28578 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-28577 (An improper access control information disclosure vulnerability in Tre ...) NOT-FOR-US: Trend Micro CVE-2020-28576 (An improper access control information disclosure vulnerability in Tre ...) NOT-FOR-US: Trend Micro CVE-2020-28575 (A heap-based buffer overflow privilege escalation vulnerability in Tre ...) NOT-FOR-US: Trend Micro CVE-2020-28574 (A unauthenticated path traversal arbitrary remote file deletion vulner ...) NOT-FOR-US: Trend Micro CVE-2020-28573 (An improper access control information disclosure vulnerability in Tre ...) NOT-FOR-US: Trend Micro CVE-2020-28572 (A vulnerability in Trend Micro Apex One could allow an unprivileged us ...) NOT-FOR-US: Trend Micro CVE-2020-28571 RESERVED CVE-2020-28570 RESERVED CVE-2020-28569 RESERVED CVE-2020-28568 RESERVED CVE-2020-28567 RESERVED CVE-2020-28566 RESERVED CVE-2020-28565 RESERVED CVE-2020-28564 RESERVED CVE-2020-28563 RESERVED CVE-2020-28562 RESERVED CVE-2020-28561 RESERVED CVE-2020-28560 RESERVED CVE-2020-28559 RESERVED CVE-2020-28558 RESERVED CVE-2020-28557 RESERVED CVE-2020-28556 RESERVED CVE-2020-28555 RESERVED CVE-2020-28554 RESERVED CVE-2020-28553 RESERVED CVE-2020-28552 RESERVED CVE-2020-28551 RESERVED CVE-2020-28550 RESERVED CVE-2020-28549 RESERVED CVE-2020-28548 RESERVED CVE-2020-28547 RESERVED CVE-2020-28546 RESERVED CVE-2020-28545 RESERVED CVE-2020-28544 RESERVED CVE-2020-28543 RESERVED CVE-2020-28542 RESERVED CVE-2020-28541 RESERVED CVE-2020-28540 RESERVED CVE-2020-28539 RESERVED CVE-2020-28538 RESERVED CVE-2020-28537 RESERVED CVE-2020-28536 RESERVED CVE-2020-28535 RESERVED CVE-2020-28534 RESERVED CVE-2020-28533 RESERVED CVE-2020-28532 RESERVED CVE-2020-28531 RESERVED CVE-2020-28530 RESERVED CVE-2020-28529 RESERVED CVE-2020-28528 RESERVED CVE-2020-28527 RESERVED CVE-2020-28526 RESERVED CVE-2020-28525 RESERVED CVE-2020-28524 RESERVED CVE-2020-28523 RESERVED CVE-2020-28522 RESERVED CVE-2020-28521 RESERVED CVE-2020-28520 RESERVED CVE-2020-28519 RESERVED CVE-2020-28518 RESERVED CVE-2020-28517 RESERVED CVE-2020-28516 RESERVED CVE-2020-28515 RESERVED CVE-2020-28514 RESERVED CVE-2020-28513 RESERVED CVE-2020-28512 RESERVED CVE-2020-28511 RESERVED CVE-2020-28510 RESERVED CVE-2020-28509 RESERVED CVE-2020-28508 RESERVED CVE-2020-28507 RESERVED CVE-2020-28506 RESERVED CVE-2020-28505 RESERVED CVE-2020-28504 RESERVED CVE-2020-28503 (The package copy-props before 2.0.5 are vulnerable to Prototype Pollut ...) NOT-FOR-US: Node copy-props CVE-2020-28502 (This affects the package xmlhttprequest before 1.7.0; all versions of ...) - node-xmlhttprequest 1.8.0-1 [stretch] - node-xmlhttprequest (Nodejs in stretch not covered by security support) - node-xmlhttprequest-ssl [buster] - node-xmlhttprequest-ssl (Minor issue, should possibly be removed from stable as well) [stretch] - node-xmlhttprequest-ssl (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUEST-1082935 NOTE: https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936 CVE-2020-28501 (This affects the package es6-crawler-detect before 3.1.3. No limitatio ...) NOT-FOR-US: Node es6-crawler-detect CVE-2020-28500 (Lodash versions prior to 4.17.21 are vulnerable to Regular Expression ...) - node-lodash 4.17.21+dfsg+~cs8.31.173-1 (bug #985086) [buster] - node-lodash (Minor issue) [stretch] - node-lodash (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-LODASH-1018905 CVE-2020-28499 (All versions of package merge are vulnerable to Prototype Pollution vi ...) NOTE: Only bogus references listed, unclear what this is about CVE-2020-28498 (The package elliptic before 6.5.4 are vulnerable to Cryptographic Issu ...) - node-elliptic 6.5.4~dfsg-1 [buster] - node-elliptic (Minor issue) NOTE: https://github.com/indutny/elliptic/commit/441b7428b0e8f6636c42118ad2aaa186d3c34c3f NOTE: https://github.com/christianlundkvist/blog/blob/master/2020_05_26_secp256k1_twist_attacks/secp256k1_twist_attacks.md CVE-2020-28497 RESERVED CVE-2020-28496 (This affects the package three before 0.125.0. This can happen when ha ...) - three.js (Vulnerable code introduced later, #988726) NOTE: https://github.com/mrdoob/three.js/pull/21143/commits/4a582355216b620176a291ff319d740e619d583e NOTE: https://github.com/mrdoob/three.js/issues/21132 CVE-2020-28495 (This affects the package total.js before 3.4.7. The set function can b ...) NOT-FOR-US: Node total.js CVE-2020-28494 (This affects the package total.js before 3.4.7. The issue occurs in th ...) NOT-FOR-US: Node total.js CVE-2020-28493 (This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDo ...) - jinja2 2.11.3-1 (bug #982736) [buster] - jinja2 (Minor issue) [stretch] - jinja2 (Minor issue) NOTE: https://github.com/pallets/jinja/pull/1343 NOTE: https://snyk.io/vuln/SNYK-PYTHON-JINJA2-1012994 CVE-2020-28492 REJECTED CVE-2020-28491 (This affects the package com.fasterxml.jackson.dataformat:jackson-data ...) - jackson-dataformat-cbor (bug #983664) [bullseye] - jackson-dataformat-cbor (Minor issue) [buster] - jackson-dataformat-cbor (Minor issue) [stretch] - jackson-dataformat-cbor (Minor issue; https://people.debian.org/~abhijith/CVE-2020-28491.txt) NOTE: https://github.com/FasterXML/jackson-dataformats-binary/commit/de072d314af8f5f269c8abec6930652af67bc8e6 NOTE: https://github.com/FasterXML/jackson-dataformats-binary/issues/186 CVE-2020-28490 (The package async-git before 1.13.2 are vulnerable to Command Injectio ...) NOT-FOR-US: Node async-git CVE-2020-28489 RESERVED CVE-2020-28488 REJECTED CVE-2020-28487 (This affects the package vis-timeline before 7.4.4. An attacker with t ...) NOT-FOR-US: vis-timeline CVE-2020-28486 RESERVED CVE-2020-28485 RESERVED CVE-2020-28484 RESERVED CVE-2020-28483 (This affects all versions of package github.com/gin-gonic/gin. When gi ...) - golang-github-gin-gonic-gin (bug #988943) [bullseye] - golang-github-gin-gonic-gin (Minor issue) [buster] - golang-github-gin-gonic-gin (Minor issue) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGINGONICGIN-1041736 NOTE: https://github.com/gin-gonic/gin/pull/2474 NOTE: https://github.com/gin-gonic/gin/commit/c9ea8ece4a3881028f7f715f008414346a7f4b88 CVE-2020-28482 (This affects the package fastify-csrf before 3.0.0. 1. The generated c ...) NOT-FOR-US: Node fastify-csrf CVE-2020-28481 (The package socket.io before 2.4.0 are vulnerable to Insecure Defaults ...) NOT-FOR-US: Node socket.io CVE-2020-28480 (The package jointjs before 3.3.0 are vulnerable to Prototype Pollution ...) NOT-FOR-US: Node jointjs CVE-2020-28479 (The package jointjs before 3.3.0 are vulnerable to Denial of Service ( ...) NOT-FOR-US: Node jointjs CVE-2020-28478 (This affects the package gsap before 3.6.0. ...) NOT-FOR-US: Node gsap CVE-2020-28477 (This affects all versions of package immer. ...) NOT-FOR-US: Node immer CVE-2020-28476 REJECTED CVE-2020-28475 RESERVED CVE-2020-28474 RESERVED CVE-2020-28473 (The package bottle from 0 and before 0.12.19 are vulnerable to Web Cac ...) {DLA-2531-1} - python-bottle 0.12.19-1 [buster] - python-bottle 0.12.15-2+deb10u1 NOTE: https://snyk.io/vuln/SNYK-PYTHON-BOTTLE-1017108 NOTE: Fixed by: https://github.com/bottlepy/bottle/commit/57a2f22e0c1d2b328c4f54bf75741d74f47f1a6b (0.12.19) CVE-2020-28472 (This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0- ...) NOT-FOR-US: aws-sdk-js CVE-2020-28471 RESERVED CVE-2020-28470 (This affects the package @scullyio/scully before 1.0.9. The transfer s ...) NOT-FOR-US: scully CVE-2020-28469 (This affects the package glob-parent before 5.1.2. The enclosure regex ...) - node-glob-parent 5.1.1+~5.1.0-2 [buster] - node-glob-parent 3.1.0-1+deb10u1 [stretch] - node-glob-parent (Minor issue; can be fixed in next update) NOTE: https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 NOTE: https://github.com/gulpjs/glob-parent/commit/f9231168b0041fea3f8f954b3cceb56269fc6366 CVE-2020-28468 (This affects the package pwntools before 4.3.1. The shellcraft generat ...) NOT-FOR-US: pwntools CVE-2020-28467 RESERVED CVE-2020-28466 (This affects all versions of package github.com/nats-io/nats-server/se ...) NOT-FOR-US: nats-server CVE-2020-28465 RESERVED CVE-2020-28464 (This affects the package djv before 2.1.4. By controlling the schema f ...) NOT-FOR-US: Node djv CVE-2020-28463 (All versions of package reportlab are vulnerable to Server-side Reques ...) - python-reportlab [bullseye] - python-reportlab (Minor issue) [buster] - python-reportlab (Minor issue) [stretch] - python-reportlab (Can be fixed in next DLA) NOTE: https://snyk.io/vuln/SNYK-PYTHON-REPORTLAB-1022145 CVE-2020-28462 RESERVED CVE-2020-28461 RESERVED CVE-2020-28460 (This affects the package multi-ini before 2.1.2. It is possible to pol ...) NOT-FOR-US: Node multi-ini CVE-2020-28459 RESERVED CVE-2020-28458 (All versions of package datatables.net are vulnerable to Prototype Pol ...) NOT-FOR-US: Node datatables.net CVE-2020-28457 (This affects the package s-cart/core before 4.4. The search functional ...) NOT-FOR-US: s-cart/core CVE-2020-28456 (The package s-cart/core before 4.4 are vulnerable to Cross-site Script ...) NOT-FOR-US: s-cart/core CVE-2020-28455 RESERVED CVE-2020-28454 RESERVED CVE-2020-28453 RESERVED CVE-2020-28452 (This affects the package com.softwaremill.akka-http-session:core_2.12 ...) NOT-FOR-US: akka-http-session CVE-2020-28451 RESERVED CVE-2020-28450 (This affects all versions of package decal. The vulnerability is in th ...) NOT-FOR-US: Node decal CVE-2020-28449 (This affects all versions of package decal. The vulnerability is in th ...) NOT-FOR-US: Node decal CVE-2020-28448 (This affects the package multi-ini before 2.1.1. It is possible to pol ...) NOT-FOR-US: Node multi-ini CVE-2020-28447 RESERVED CVE-2020-28446 RESERVED CVE-2020-28445 RESERVED CVE-2020-28444 RESERVED CVE-2020-28443 RESERVED CVE-2020-28442 (All versions of package js-data are vulnerable to Prototype Pollution ...) NOT-FOR-US: Node js-data CVE-2020-28441 RESERVED CVE-2020-28440 (All versions of package corenlp-js-interface are vulnerable to Command ...) NOT-FOR-US: corenlp-js-interface CVE-2020-28439 (This affects all versions of package corenlp-js-prefab. The injection ...) NOT-FOR-US: corenlp-js-prefab CVE-2020-28438 RESERVED CVE-2020-28437 RESERVED CVE-2020-28436 RESERVED CVE-2020-28435 RESERVED CVE-2020-28434 RESERVED CVE-2020-28433 RESERVED CVE-2020-28432 REJECTED CVE-2020-28431 REJECTED CVE-2020-28430 REJECTED CVE-2020-28429 (All versions of package geojson2kml are vulnerable to Command Injectio ...) NOT-FOR-US: Node geojson2kml CVE-2020-28428 RESERVED CVE-2020-28427 RESERVED CVE-2020-28426 (All versions of package kill-process-on-port are vulnerable to Command ...) NOT-FOR-US: Node kill-process-on-port CVE-2020-28425 RESERVED CVE-2020-28424 RESERVED CVE-2020-28423 RESERVED CVE-2020-28422 RESERVED CVE-2020-28421 (CA Unified Infrastructure Management 20.1 and earlier contains a vulne ...) NOT-FOR-US: CA Unified Infrastructure Management CVE-2020-28420 RESERVED CVE-2020-28419 (During installation with certain driver software or application packag ...) NOT-FOR-US: HP CVE-2020-28418 RESERVED CVE-2020-28417 RESERVED CVE-2020-28416 (HP has identified a security vulnerability with the I.R.I.S. OCR (Opti ...) NOT-FOR-US: HP CVE-2020-25710 (A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allo ...) {DSA-4792-1 DLA-2481-1} - openldap 2.4.56+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9384 NOTE: https://git.openldap.org/openldap/openldap/-/commit/bdb0d459187522a6063df13871b82ba8dcc6efe2 (OPENLDAP_REL_ENG_2_4_56) CVE-2020-25709 (A flaw was found in OpenLDAP. This flaw allows an attacker who can sen ...) {DSA-4792-1 DLA-2481-1} - openldap 2.4.56+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9383 NOTE: https://git.openldap.org/openldap/openldap/-/commit/67670f4544e28fb09eb7319c39f404e1d3229e65 (OPENLDAP_REL_ENG_2_4_56) CVE-2020-28415 (A reflected cross-site scripting (XSS) vulnerability exists in the Tra ...) NOT-FOR-US: TranzWare Payment Gateway CVE-2020-28414 (A reflected cross-site scripting (XSS) vulnerability exists in the Tra ...) NOT-FOR-US: TranzWare Payment Gateway CVE-2020-28413 (In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" ...) - mantis CVE-2020-28412 RESERVED CVE-2020-28411 RESERVED CVE-2020-28410 RESERVED CVE-2020-28409 (The server in Dundas BI through 8.0.0.1001 allows XSS via addition of ...) NOT-FOR-US: Dundas BI CVE-2020-28408 (The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML labe ...) NOT-FOR-US: Dundas BI CVE-2020-28407 RESERVED - swtpm (bug #941199) CVE-2020-28406 (An improper authorization vulnerability exists in Star Practice Manage ...) NOT-FOR-US: Star Practice Management Web CVE-2020-28405 (An improper authorization vulnerability exists in Star Practice Manage ...) NOT-FOR-US: Star Practice Management Web CVE-2020-28404 (An improper authorization vulnerability exists in Star Practice Manage ...) NOT-FOR-US: Star Practice Management Web CVE-2020-28403 (A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Pract ...) NOT-FOR-US: Star Practice Management Web CVE-2020-28402 (An improper authorization vulnerability exists in Star Practice Manage ...) NOT-FOR-US: Star Practice Management Web CVE-2020-28401 (An improper authorization vulnerability exists in Star Practice Manage ...) NOT-FOR-US: Star Practice Management Web CVE-2020-28400 (A vulnerability has been identified in Development/Evaluation Kits for ...) NOT-FOR-US: Siemens CVE-2020-28399 RESERVED CVE-2020-28398 RESERVED CVE-2020-28397 (A vulnerability has been identified in SIMATIC Drive Controller family ...) NOT-FOR-US: Siemens CVE-2020-28396 (A vulnerability has been identified in SICAM A8000 CP-8000 (All versio ...) NOT-FOR-US: Siemens CVE-2020-28395 (A vulnerability has been identified in SCALANCE X-300 switch family (i ...) NOT-FOR-US: Siemens CVE-2020-28394 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: Siemens CVE-2020-28393 (An unauthenticated remote attacker could create a permanent denial-of- ...) NOT-FOR-US: Siemens CVE-2020-28392 (A vulnerability has been identified in SIMARIS configuration (All vers ...) NOT-FOR-US: Siemens CVE-2020-28391 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2020-28390 (A vulnerability has been identified in Opcenter Execution Core (V8.2), ...) NOT-FOR-US: Siemens CVE-2020-28389 RESERVED CVE-2020-28388 (A vulnerability has been identified in Capital VSTAR (All versions), N ...) NOT-FOR-US: Siemens CVE-2020-28387 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens CVE-2020-28386 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens CVE-2020-28385 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...) NOT-FOR-US: Siemens CVE-2020-28384 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens CVE-2020-28383 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: Siemens CVE-2020-28382 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens CVE-2020-28381 (A vulnerability has been identified in Solid Edge SE2020 (All Versions ...) NOT-FOR-US: Siemens CVE-2020-28380 RESERVED CVE-2020-28379 RESERVED CVE-2020-28378 RESERVED CVE-2020-28377 RESERVED CVE-2020-28376 RESERVED CVE-2020-28375 RESERVED CVE-2020-28374 (In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10. ...) {DSA-4843-1 DLA-2586-1 DLA-2557-1} - linux 5.10.9-1 NOTE: https://git.kernel.org/linus/2896c93811e39d63a4d9b63ccf12a8fbc226e5e4 NOTE: https://www.openwall.com/lists/oss-security/2021/01/12/12 CVE-2020-28373 (upnpd on certain NETGEAR devices allows remote (LAN) attackers to exec ...) NOT-FOR-US: Netgear CVE-2020-28372 RESERVED CVE-2020-28371 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...) NOT-FOR-US: ReadyTalk Avian CVE-2020-28370 RESERVED CVE-2020-28369 RESERVED CVE-2020-28368 (Xen through 4.14.x allows guest OS administrators to obtain sensitive ...) {DSA-4804-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-351.html CVE-2020-28367 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. ...) {DLA-2460-1} - golang-1.15 1.15.5-1 - golang-1.11 - golang-1.8 - golang-1.7 [stretch] - golang-1.7 (validation of cgo flags first introduced in golang-1.8 / CVE-2018-6574) NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ NOTE: https://github.com/golang/go/issues/42556 CVE-2020-28366 (Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. ...) - golang-1.15 1.15.5-1 - golang-1.11 - golang-1.8 [stretch] - golang-1.8 (Minor issue, too intrusive to backport) - golang-1.7 [stretch] - golang-1.7 (Minor issue, too intrusive to backport) NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ NOTE: https://github.com/golang/go/issues/42559 CVE-2020-28365 (** UNSUPPORTED WHEN ASSIGNED ** Sentrifugo 3.2 allows Stored Cross-Sit ...) NOT-FOR-US: Sentrifugo CVE-2020-28364 (A stored cross-site scripting (XSS) vulnerability affects the Web UI i ...) NOT-FOR-US: Locust CVE-2020-28363 RESERVED CVE-2020-28362 (Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. ...) - golang-1.15 1.15.5-1 - golang-1.11 (Vulnerable code introduced later) - golang-1.8 (Vulnerable code introduced later) - golang-1.7 (Vulnerable code introduced later) NOTE: https://groups.google.com/g/golang-announce/c/NpBGTTmKzpM/m/fLguyiM2CAAJ NOTE: https://github.com/golang/go/issues/42552 NOTE: Introduced in: https://github.com/golang/go/commit/194ae3236d81cf16dc39b955efc1b9202b59d067 (go1.14beta1) NOTE: Fixed by: https://github.com/golang/go/commit/1e1fa5903b760c6714ba17e50bf850b01f49135c CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 co ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.9-1 [buster] - linux 4.19.160-1 NOTE: https://git.kernel.org/linus/3c4e0dff2095c579b142d5a0693257f1c58b4804 NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/2 CVE-2020-28361 (Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy So ...) - kamailio 5.4.0-1 [buster] - kamailio (Minor issue) [stretch] - kamailio (Minor issue) NOTE: https://packetstormsecurity.com/files/159030/Kamailio-5.4.0-Header-Smuggling.html CVE-2020-28360 (Insufficient RegEx in private-ip npm package v1.0.5 and below insuffic ...) NOT-FOR-US: Node private-ip CVE-2020-28359 RESERVED CVE-2020-28358 RESERVED CVE-2020-28357 RESERVED CVE-2020-28356 RESERVED CVE-2020-28355 RESERVED CVE-2020-28354 RESERVED CVE-2020-28353 RESERVED CVE-2020-28352 RESERVED CVE-2020-28351 (The conferencing component on Mitel ShoreTel 19.46.1802.0 devices coul ...) NOT-FOR-US: Mitel CVE-2020-28350 (A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates ...) NOT-FOR-US: SOWA SowaSQL CVE-2020-28349 (** DISPUTED ** An inaccurate frame deduplication process in ChirpStack ...) NOT-FOR-US: ChirpStack Network Server CVE-2020-28348 (HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker ...) - nomad 0.10.9+dfsg1-1 (bug #976593) NOTE: https://github.com/hashicorp/nomad/issues/9303 CVE-2020-28347 (tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows rem ...) NOT-FOR-US: TP-Link CVE-2020-28346 (ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer ...) NOT-FOR-US: ACRN CVE-2020-28345 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) NOT-FOR-US: LG mobile devices CVE-2020-28344 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-28343 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-28342 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-28341 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-28340 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-28339 (The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 fo ...) NOT-FOR-US: usc-e-shop (aka Collne Welcart e-Commerce) plugin for WordPress CVE-2020-28338 RESERVED CVE-2020-28337 (A directory traversal issue in the Utils/Unzip module in Microweber th ...) NOT-FOR-US: Microweber CVE-2020-28336 RESERVED CVE-2020-28335 RESERVED CVE-2020-28334 (Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 ...) NOT-FOR-US: Barco wePresent WiPG-1600W devices CVE-2020-28333 (Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affect ...) NOT-FOR-US: Barco wePresent WiPG-1600W devices CVE-2020-28332 (Barco wePresent WiPG-1600W devices download code without an Integrity ...) NOT-FOR-US: Barco wePresent WiPG-1600W devices CVE-2020-28331 (Barco wePresent WiPG-1600W devices have Improper Access Control. Affec ...) NOT-FOR-US: Barco wePresent WiPG-1600W devices CVE-2020-28330 (Barco wePresent WiPG-1600W devices have Unprotected Transport of Crede ...) NOT-FOR-US: Barco wePresent WiPG-1600W devices CVE-2020-28329 (Barco wePresent WiPG-1600W firmware includes a hardcoded API account a ...) NOT-FOR-US: Barco wePresent WiPG-1600W devices CVE-2020-28328 (SuiteCRM before 7.11.17 is vulnerable to remote code execution via the ...) NOT-FOR-US: SuiteCRM CVE-2020-28327 (A res_pjsip_session crash was discovered in Asterisk Open Source 13.x ...) - asterisk 1:16.15.0~dfsg-1 (bug #974712) [buster] - asterisk (Minor issue) [stretch] - asterisk (Minor issue) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29057 NOTE: http://downloads.asterisk.org/pub/security/AST-2020-001.html NOTE: https://www.openwall.com/lists/oss-security/2020/11/06/1 CVE-2020-28326 REJECTED CVE-2020-28325 REJECTED CVE-2020-28324 REJECTED CVE-2020-28323 REJECTED CVE-2020-28322 REJECTED CVE-2020-28321 REJECTED CVE-2020-28320 REJECTED CVE-2020-28319 REJECTED CVE-2020-28318 REJECTED CVE-2020-28317 REJECTED CVE-2020-28316 REJECTED CVE-2020-28315 REJECTED CVE-2020-28314 REJECTED CVE-2020-28313 REJECTED CVE-2020-28312 REJECTED CVE-2020-28311 REJECTED CVE-2020-28310 REJECTED CVE-2020-28309 REJECTED CVE-2020-28308 REJECTED CVE-2020-28307 REJECTED CVE-2020-28306 REJECTED CVE-2020-28305 REJECTED CVE-2020-28304 REJECTED CVE-2020-28303 REJECTED CVE-2020-28302 REJECTED CVE-2020-28301 REJECTED CVE-2020-28300 REJECTED CVE-2020-28299 REJECTED CVE-2020-28298 REJECTED CVE-2020-28297 REJECTED CVE-2020-28296 REJECTED CVE-2020-28295 REJECTED CVE-2020-28294 REJECTED CVE-2020-28293 REJECTED CVE-2020-28292 REJECTED CVE-2020-28291 REJECTED CVE-2020-28290 REJECTED CVE-2020-28289 REJECTED CVE-2020-28288 REJECTED CVE-2020-28287 REJECTED CVE-2020-28286 REJECTED CVE-2020-28285 REJECTED CVE-2020-28284 REJECTED CVE-2020-28283 (Prototype pollution vulnerability in 'libnested' versions 0.0.0 throug ...) NOT-FOR-US: libnested CVE-2020-28282 (Prototype pollution vulnerability in 'getobject' version 0.1.0 allows ...) - node-getobject 1.0.2-1 [bullseye] - node-getobject (Minor issue) [buster] - node-getobject (Minor issue) [stretch] - node-getobject (Minor issue) NOTE: https://github.com/cowboy/node-getobject/commit/84071748fa407caa8f824e0d0b9c1cde9ec56633 (v1.0.0) CVE-2020-28281 (Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 ...) NOT-FOR-US: react-atomic-organism CVE-2020-28280 (Prototype pollution vulnerability in 'predefine' versions 0.0.0 throug ...) NOT-FOR-US: Node predefine CVE-2020-28279 (Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 thro ...) NOT-FOR-US: flattenizer CVE-2020-28278 (Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0 ...) NOT-FOR-US: Node shvl CVE-2020-28277 (Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0 ...) NOT-FOR-US: Node dset CVE-2020-28276 (Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through ...) NOT-FOR-US: Node deep-set CVE-2020-28275 REJECTED CVE-2020-28274 (Prototype pollution vulnerability in 'deepref' versions 1.1.1 through ...) NOT-FOR-US: Node deepref CVE-2020-28273 (Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2 ...) NOT-FOR-US: Node set-in CVE-2020-28272 (Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2 ...) NOT-FOR-US: Node keyget CVE-2020-28271 (Prototype pollution vulnerability in 'deephas' versions 1.0.0 through ...) NOT-FOR-US: Node deephas CVE-2020-28270 (Prototype pollution vulnerability in 'object-hierarchy-access' version ...) NOT-FOR-US: Node object-hierarchy-access CVE-2020-28269 (Prototype pollution vulnerability in 'field' versions 0.0.1 through 1. ...) NOT-FOR-US: Node field CVE-2020-28268 (Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 ...) NOT-FOR-US: Node controlled-merge CVE-2020-28267 (Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 ...) NOT-FOR-US: Node strikeentco/set CVE-2020-28266 RESERVED CVE-2020-28265 RESERVED CVE-2020-28264 RESERVED CVE-2020-28263 RESERVED CVE-2020-28262 RESERVED CVE-2020-28261 RESERVED CVE-2020-28260 RESERVED CVE-2020-28259 RESERVED CVE-2020-28258 RESERVED CVE-2020-28257 RESERVED CVE-2020-28256 RESERVED CVE-2020-28255 RESERVED CVE-2020-28254 RESERVED CVE-2020-28253 RESERVED CVE-2020-28252 RESERVED CVE-2020-28251 (NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sen ...) NOT-FOR-US: NETSCOUT AirMagnet Enterprise CVE-2020-28250 (Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user ...) NOT-FOR-US: Cellinx NVT Web Server CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. ...) NOT-FOR-US: Joplin CVE-2020-28248 (An integer overflow in the PngImg::InitStorage_() function of png-img ...) NOT-FOR-US: png-img CVE-2020-28247 (The lettre library through 0.10.0-alpha for Rust allows arbitrary send ...) NOT-FOR-US: Node lettre CVE-2020-28246 RESERVED CVE-2020-28245 RESERVED CVE-2020-28244 RESERVED CVE-2020-28243 (An issue was discovered in SaltStack Salt before 3002.5. The minion's ...) {DLA-2815-1} - salt 3002.5+dfsg1-1 (bug #983632) [buster] - salt 2018.3.4+dfsg1-6+deb10u3 NOTE: https://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/ CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...) - asterisk 1:16.15.0~dfsg-1 (bug #974713) [buster] - asterisk (Minor issue) [stretch] - asterisk (Minor issue) NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-29013 NOTE: http://downloads.asterisk.org/pub/security/AST-2020-002.html CVE-2020-28241 (libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_en ...) {DLA-2445-1} - libmaxminddb 1.4.3-1 (bug #973878) [buster] - libmaxminddb 1.3.2-1+deb10u1 NOTE: https://github.com/maxmind/libmaxminddb/issues/236 NOTE: https://github.com/maxmind/libmaxminddb/pull/237 CVE-2020-28240 RESERVED CVE-2020-28239 RESERVED CVE-2020-28238 RESERVED CVE-2020-28237 RESERVED CVE-2020-28236 RESERVED CVE-2020-28235 RESERVED CVE-2020-28234 RESERVED CVE-2020-28233 RESERVED CVE-2020-28232 RESERVED CVE-2020-28231 RESERVED CVE-2020-28230 RESERVED CVE-2020-28229 RESERVED CVE-2020-28228 RESERVED CVE-2020-28227 RESERVED CVE-2020-28226 RESERVED CVE-2020-28225 RESERVED CVE-2020-28224 RESERVED CVE-2020-28223 RESERVED CVE-2020-28222 RESERVED CVE-2020-28221 (A CWE-20: Improper Input Validation vulnerability exists in EcoStruxur ...) NOT-FOR-US: EcoStruxure Operator Terminal Expert and Pro-face BLUE CVE-2020-28220 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) NOT-FOR-US: Modicon CVE-2020-28219 (A CWE-522: Insufficiently Protected Credentials vulnerability exists i ...) NOT-FOR-US: EcoStruxure Geo SCADA Expert CVE-2020-28218 (A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulne ...) NOT-FOR-US: Easergy T300 CVE-2020-28217 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists i ...) NOT-FOR-US: Easergy T300 CVE-2020-28216 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists i ...) NOT-FOR-US: Easergy T300 CVE-2020-28215 (A CWE-862: Missing Authorization vulnerability exists in Easergy T300 ...) NOT-FOR-US: Easergy T300 CVE-2020-28214 (A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability ...) NOT-FOR-US: Modicon CVE-2020-28213 (A CWE-494: Download of Code Without Integrity Check vulnerability exis ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-28212 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-28211 (A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulat ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-28210 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: EcoStruxure Building Operation WebStation CVE-2020-28209 (A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStru ...) NOT-FOR-US: EcoStruxure Building Operation Enterprise Server installer CVE-2020-28208 (An email address enumeration vulnerability exists in the password rese ...) NOT-FOR-US: Rocket.Chat CVE-2020-28207 RESERVED CVE-2020-28206 (An issue was discovered in Bitrix24 Bitrix Framework (1c site manageme ...) NOT-FOR-US: Bitrix24 Bitrix Framework CVE-2020-28205 RESERVED CVE-2020-28204 RESERVED CVE-2020-28203 (An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 an ...) NOT-FOR-US: Foxit Reader CVE-2020-28202 RESERVED CVE-2020-28201 RESERVED CVE-2020-28200 (The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource ...) - dovecot 1:2.3.16+dfsg1-1 (bug #990566; bug #991323) [bullseye] - dovecot (Minor issue, fix along with next update) [buster] - dovecot (Minor issue, fix along with next update) [stretch] - dovecot (Minor issue) NOTE: https://dovecot.org/pipermail/dovecot-news/2021-June/000460.html NOTE: https://www.openwall.com/lists/oss-security/2021/06/28/3 CVE-2020-28199 (best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive ...) NOT-FOR-US: Amazon Pay Plugin for Shopware CVE-2020-28198 (** UNSUPPORTED WHEN ASSIGNED ** The 'id' parameter of IBM Tivoli Stora ...) NOT-FOR-US: IBM CVE-2020-28197 RESERVED CVE-2020-28196 (MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow ...) {DSA-4795-1 DLA-2437-1} [experimental] - krb5 1.18.2-1 - krb5 1.18.3-1 (bug #973880) NOTE: https://github.com/krb5/krb5/commit/57415dda6cf04e73ffc3723be518eddfae599bfd CVE-2020-28195 RESERVED CVE-2020-28194 (Variable underflow exists in accel-ppp radius/packet.c when receiving ...) NOT-FOR-US: ACCEL-PPP CVE-2020-28193 RESERVED CVE-2020-28192 RESERVED CVE-2020-28191 RESERVED CVE-2020-28190 (TerraMaster TOS <= 4.2.06 was found to check for updates (of both s ...) NOT-FOR-US: TerraMaster TOS CVE-2020-28189 REJECTED CVE-2020-28188 (Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= ...) NOT-FOR-US: TerraMaster TOS CVE-2020-28187 (Multiple directory traversal vulnerabilities in TerraMaster TOS <= ...) NOT-FOR-US: TerraMaster TOS CVE-2020-28186 (Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthen ...) NOT-FOR-US: TerraMaster TOS CVE-2020-28185 (User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows ...) NOT-FOR-US: TerraMaster TOS CVE-2020-28184 (Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2. ...) NOT-FOR-US: TerraMaster TOS CVE-2020-28183 (SQL injection vulnerability in SourceCodester Water Billing System 1.0 ...) NOT-FOR-US: SourceCodester Water Billing System CVE-2020-28182 RESERVED CVE-2020-28181 RESERVED CVE-2020-28180 RESERVED CVE-2020-28179 RESERVED CVE-2020-28178 RESERVED CVE-2020-28177 RESERVED CVE-2020-28176 RESERVED CVE-2020-28175 (There is a local privilege escalation vulnerability in Alfredo Milani ...) NOT-FOR-US: Alfredo Milani Comparetti SpeedFan CVE-2020-28174 RESERVED CVE-2020-28173 (Simple College Website 1.0 allows a user to conduct remote code execut ...) NOT-FOR-US: Simple College Website CVE-2020-28172 (A SQL injection vulnerability in Simple College Website 1.0 allows rem ...) NOT-FOR-US: Simple College Website CVE-2020-28171 RESERVED CVE-2020-28170 RESERVED CVE-2020-28169 (The td-agent-builder plugin before 2020-12-18 for Fluentd allows attac ...) NOT-FOR-US: Fluentd plugin CVE-2020-28168 (Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) ...) - node-axios 0.21.1+dfsg-1 (bug #975305) [buster] - node-axios (Minor issue) NOTE: https://github.com/axios/axios/issues/3369 CVE-2020-28167 RESERVED CVE-2020-28166 RESERVED CVE-2020-28165 (The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary f ...) NOT-FOR-US: EasyCorp ZenTao PMS CVE-2020-28164 RESERVED CVE-2020-28163 RESERVED - dwarfutils 20201201-1 [buster] - dwarfutils (Minor issue) NOTE: https://github.com/davea42/libdwarf-code/commit/faf99408e3f9f706fc3809dd400e831f989778d3 NOTE: https://www.prevanders.net/dwarfbug.html#DW202010-003 CVE-2020-28162 RESERVED CVE-2020-28161 RESERVED CVE-2020-28160 RESERVED CVE-2020-28159 RESERVED CVE-2020-28158 RESERVED CVE-2020-28157 RESERVED CVE-2020-28156 RESERVED CVE-2020-28155 RESERVED CVE-2020-28154 RESERVED CVE-2020-28153 RESERVED CVE-2020-28152 RESERVED CVE-2020-28151 RESERVED CVE-2020-28150 (I-Net Software Clear Reports 20.10.136 web application accepts a user- ...) NOT-FOR-US: I-Net Software Clear Reports CVE-2020-28149 (myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impac ...) NOT-FOR-US: myDBR CVE-2020-28148 RESERVED CVE-2020-28147 RESERVED CVE-2020-28146 (Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and ...) NOT-FOR-US: Eyoucms CVE-2020-28145 (Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0 ...) NOT-FOR-US: wuzhicms CVE-2020-28144 (Certain Moxa Inc products are affected by an improper restriction of o ...) NOT-FOR-US: Moxa CVE-2020-28143 RESERVED CVE-2020-28142 RESERVED CVE-2020-28141 (The messaging subsystem in the Online Discussion Forum 1.0 is vulnerab ...) NOT-FOR-US: Online Discussion Forum CVE-2020-28140 (SourceCodester Online Clothing Store 1.0 is affected by an arbitrary f ...) NOT-FOR-US: SourceCodester Online Clothing Store CVE-2020-28139 (SourceCodester Online Clothing Store 1.0 is affected by a cross-site s ...) NOT-FOR-US: SourceCodester Online Clothing Store CVE-2020-28138 (SourceCodester Online Clothing Store 1.0 is affected by a SQL Injectio ...) NOT-FOR-US: SourceCodester Online Clothing Store CVE-2020-28137 (Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, al ...) NOT-FOR-US: Genexis Platinum CVE-2020-28136 (An Arbitrary File Upload is discovered in SourceCodester Tourism Manag ...) NOT-FOR-US: SourceCodester Tourism Management System CVE-2020-28135 RESERVED CVE-2020-28134 RESERVED CVE-2020-28133 (An issue was discovered in SourceCodester Simple Grocery Store Sales A ...) NOT-FOR-US: SourceCodester Simple Grocery Store Sales And Inventory System CVE-2020-28132 RESERVED CVE-2020-28131 RESERVED CVE-2020-28130 (An Arbitrary File Upload in the Upload Image component in SourceCodest ...) NOT-FOR-US: SourceCodester Online Library Management System CVE-2020-28129 (Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym ...) NOT-FOR-US: SourceCodester Gym Management System CVE-2020-28128 RESERVED CVE-2020-28127 RESERVED CVE-2020-28126 RESERVED CVE-2020-28125 RESERVED CVE-2020-28124 (Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. ...) NOT-FOR-US: LavaLite CVE-2020-28123 RESERVED CVE-2020-28122 RESERVED CVE-2020-28121 RESERVED CVE-2020-28120 RESERVED CVE-2020-28119 (Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows fo ...) NOT-FOR-US: 53KF CVE-2020-28118 RESERVED CVE-2020-28117 RESERVED CVE-2020-28116 RESERVED CVE-2020-28115 (SQL Injection vulnerability in "Documents component" found in AudimexE ...) NOT-FOR-US: AudimexEE CVE-2020-28114 RESERVED CVE-2020-28113 RESERVED CVE-2020-28112 RESERVED CVE-2020-28111 RESERVED CVE-2020-28110 RESERVED CVE-2020-28109 RESERVED CVE-2020-28108 RESERVED CVE-2020-28107 RESERVED CVE-2020-28106 RESERVED CVE-2020-28105 RESERVED CVE-2020-28104 RESERVED CVE-2020-28103 RESERVED CVE-2020-28102 RESERVED CVE-2020-28101 RESERVED CVE-2020-28100 RESERVED CVE-2020-28099 RESERVED CVE-2020-28098 RESERVED CVE-2020-28097 (The vgacon subsystem in the Linux kernel before 5.8.10 mishandles soft ...) - linux 5.8.10-1 [buster] - linux 4.19.146-1 [stretch] - linux 4.9.240-1 NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/1 CVE-2020-28096 (FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART acc ...) NOT-FOR-US: FOSCAM FHD CVE-2020-28095 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP PO ...) NOT-FOR-US: Tenda CVE-2020-28094 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default set ...) NOT-FOR-US: Tenda CVE-2020-28093 (On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, ...) NOT-FOR-US: Tenda CVE-2020-28092 (PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=T ...) NOT-FOR-US: PESCMS Team CVE-2020-28091 (cxuucms v3 has a SQL injection vulnerability, which can lead to the le ...) NOT-FOR-US: cxuucms CVE-2020-28090 RESERVED CVE-2020-28089 RESERVED CVE-2020-28088 (An arbitrary file upload vulnerability in /jeecg-boot/sys/common/uploa ...) NOT-FOR-US: jeecg-boot CMS CVE-2020-28087 (A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of ...) NOT-FOR-US: jeecg-boot CMS CVE-2020-28086 (pass through 1.7.3 has a possibility of using a password for an uninte ...) - password-store (unimportant) NOTE: https://lists.zx2c4.com/pipermail/password-store/2014-March/000498.html NOTE: Negligible security impact, where needed signing commits can be a solution, and NOTE: possible since https://git.zx2c4.com/password-store/commit/?id=9ef311d868248682a11c8cb8c0177bc9949be7b9 CVE-2020-28085 RESERVED CVE-2020-28084 RESERVED CVE-2020-28083 RESERVED CVE-2020-28082 RESERVED CVE-2020-28081 RESERVED CVE-2020-28080 RESERVED CVE-2020-28079 RESERVED CVE-2020-28078 RESERVED CVE-2020-28077 RESERVED CVE-2020-28076 RESERVED CVE-2020-28075 RESERVED CVE-2020-28074 (SourceCodester Online Health Care System 1.0 is affected by SQL Inject ...) NOT-FOR-US: SourceCodester Online Health Care System CVE-2020-28073 (SourceCodester Library Management System 1.0 is affected by SQL Inject ...) NOT-FOR-US: SourceCodester Library Management System CVE-2020-28072 (A Remote Code Execution vulnerability exists in DourceCodester Alumni ...) NOT-FOR-US: DourceCodester Alumni Management System CVE-2020-28071 (SourceCodester Alumni Management System 1.0 is affected by cross-site ...) NOT-FOR-US: SourceCodester Alumni Management System CVE-2020-28070 (SourceCodester Alumni Management System 1.0 is affected by SQL injecti ...) NOT-FOR-US: SourceCodester Alumni Management System CVE-2020-28069 RESERVED CVE-2020-28068 RESERVED CVE-2020-28067 RESERVED CVE-2020-28066 RESERVED CVE-2020-28065 RESERVED CVE-2020-28064 RESERVED CVE-2020-28063 (A file upload issue exists in all versions of ArticleCMS which allows ...) NOT-FOR-US: ArticleCMS CVE-2020-28062 RESERVED CVE-2020-28061 RESERVED CVE-2020-28060 RESERVED CVE-2020-28059 RESERVED CVE-2020-28058 RESERVED CVE-2020-28057 RESERVED CVE-2020-28056 RESERVED CVE-2020-28055 (A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 ...) NOT-FOR-US: TCL Android Smart TV series CVE-2020-28054 (JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to a ...) NOT-FOR-US: JamoDat TSMManager Collector CVE-2020-28053 (HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed opera ...) - consul 1.8.6+dfsg1-1 (bug #975584) [buster] - consul (Vulnerable code introduced later) NOTE: https://github.com/hashicorp/consul/issues/9240 NOTE: https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#186-november-19-2020 CVE-2020-28052 (An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 an ...) - bouncycastle 1.65-2 (bug #977683) [buster] - bouncycastle (Vulnerability introduced later) [stretch] - bouncycastle (Vulnerability introduced later) NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-28052 NOTE: https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/ NOTE: Introduced in: https://github.com/bcgit/bc-java/commit/00dfe74aeb4f6300dd56b34b5e6986ce6658617e (r1rv65) NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219 (r1rv67) CVE-2020-28051 RESERVED CVE-2020-28050 (Zoho ManageEngine Desktop Central before build 10.0.647 allows a singl ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-28049 (An issue was discovered in SDDM before 0.19.0. It incorrectly starts t ...) {DSA-4783-1 DLA-2436-1} - sddm 0.19.0-1 (bug #973748) NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/2 NOTE: https://github.com/sddm/sddm/commit/be202f533ab98a684c6a007e8d5b4357846bc222 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1177201 CVE-2020-28048 RESERVED CVE-2020-28047 (AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scr ...) NOT-FOR-US: AudimexEE CVE-2020-27347 (In tmux before version 3.1c the function input_csi_dispatch_sgr_colon( ...) - tmux 3.1c-1 [buster] - tmux (Vulnerable code introduced later) [stretch] - tmux (Vulnerable code introduced later) NOTE: https://www.openbsd.org/errata68.html (003: SECURITY FIX: October 29, 2020) NOTE: Introduced by: https://github.com/tmux/tmux/commit/4e3d6612845e190a490f40cce79c858dadaee74b (2.9) NOTE: Fixed by: https://github.com/tmux/tmux/commit/a868bacb46e3c900530bed47a1c6f85b0fbe701c NOTE: https://www.openwall.com/lists/oss-security/2020/11/05/3 CVE-2020-28046 (An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker ...) NOT-FOR-US: ProlinOS CVE-2020-28045 (An unsigned-library issue was discovered in ProlinOS through 2.4.161.8 ...) NOT-FOR-US: ProlinOS CVE-2020-28044 (An attacker with physical access to a PAX Point Of Sale device with Pr ...) NOT-FOR-US: ProlinOS CVE-2020-28043 (MISP through 2.4.133 allows SSRF in the REST client via the use_full_p ...) NOT-FOR-US: MISP CVE-2020-28042 (ServiceStack before 5.9.2 mishandles JWT signature verification unless ...) NOT-FOR-US: ServiceStack CVE-2020-28041 (The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 ...) NOT-FOR-US: Netgear CVE-2020-28040 (WordPress before 5.5.2 allows CSRF attacks that change a theme's backg ...) {DSA-4784-1 DLA-2429-1} - wordpress 5.5.3+dfsg1-1 (bug #973562) NOTE: https://blog.wpscan.com/2020/10/30/wordpress-5.5.2-security-release.html NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ CVE-2020-28039 (is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 al ...) {DSA-4784-1 DLA-2429-1} - wordpress 5.5.3+dfsg1-1 (bug #973562) NOTE: https://github.com/WordPress/wordpress-develop/commit/d5ddd6d4be1bc9fd16b7796842e6fb26315705ad NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ NOTE: https://wpscan.com/vulnerability/10452 CVE-2020-28038 (WordPress before 5.5.2 allows stored XSS via post slugs. ...) {DSA-4784-1 DLA-2429-1} - wordpress 5.5.3+dfsg1-1 (bug #973562) NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ CVE-2020-28037 (is_blog_installed in wp-includes/functions.php in WordPress before 5.5 ...) {DSA-4784-1 DLA-2429-1} - wordpress 5.5.3+dfsg1-1 (bug #973562) NOTE: https://github.com/WordPress/wordpress-develop/commit/2ca15d1e5ce70493c5c0c096ca0c76503d6da07c NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ NOTE: https://wpscan.com/vulnerability/10450 CVE-2020-28036 (wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allow ...) {DSA-4784-1 DLA-2429-1} - wordpress 5.5.3+dfsg1-1 (bug #973562) NOTE: https://github.com/WordPress/wordpress-develop/commit/c9e6b98968025b1629015998d12c3102165a7d32 NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ NOTE: https://wpscan.com/vulnerability/10449 CVE-2020-28035 (WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC ...) {DSA-4784-1 DLA-2429-1} - wordpress 5.5.3+dfsg1-1 (bug #973562) NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ CVE-2020-28034 (WordPress before 5.5.2 allows XSS associated with global variables. ...) {DSA-4784-1 DLA-2429-1} - wordpress 5.5.3+dfsg1-1 (bug #973562) NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ CVE-2020-28033 (WordPress before 5.5.2 mishandles embeds from disabled sites on a mult ...) {DSA-4784-1 DLA-2429-1} - wordpress 5.5.3+dfsg1-1 (bug #973562) NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ CVE-2020-28032 (WordPress before 5.5.2 mishandles deserialization requests in wp-inclu ...) {DSA-4784-1 DLA-2429-1} - wordpress 5.5.3+dfsg1-1 (bug #973562) NOTE: https://github.com/WordPress/wordpress-develop/commit/add6bedf3a53b647d0ebda2970057912d3cd79d3 NOTE: https://wordpress.org/news/2020/10/wordpress-5-5-2-security-and-maintenance-release/ NOTE: https://wpscan.com/vulnerability/10446 CVE-2020-28031 (eramba through c2.8.1 allows HTTP Host header injection with (for exam ...) NOT-FOR-US: eramba CVE-2020-28030 (In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was ...) {DLA-2547-1} - wireshark 3.2.8-0.1 (bug #974689) [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://gitlab.com/wireshark/wireshark/-/commit/b287e7165e8aa89cde6ae37e7c257c5d87d16b9b NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16887 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-15.html CVE-2020-28029 RESERVED CVE-2020-28028 RESERVED CVE-2020-28027 RESERVED CVE-2020-28026 (Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, r ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28025 (Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bo ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: Introduced by: https://git.exim.org/exim.git/commit/80a47a2c9633437d4ceebd214cd44abfbd4f4543 (exim-4_70_RC3) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28024 (Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unaut ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28023 (Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may dis ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: Introduced by: https://git.exim.org/exim.git/commit/18481de384caecff421f23f715be916403f5d0ee (exim-4_88_RC1) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28022 (Exim 4 before 4.94.2 has Improper Restriction of Write Operations with ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: Introduced by: https://git.exim.org/exim.git/commit/d7a2c8337f7b615763d4429ab27653862756b6fb (exim-4_89_RC1) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28021 (Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. A ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28020 (Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in whic ...) {DLA-2650-1} - exim4 4.92~RC5-1 NOTE: Fixed by: https://git.exim.org/exim.git/commit/56ac062a3ff94fc4e1bbfc2293119c079a4e980b (exim-4.92-RC5) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28019 (Exim 4 before 4.94.2 has Improper Initialization that can lead to recu ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: Introduced by: https://git.exim.org/exim.git/commit/7e3ce68e68ab9b8906a637d352993abf361554e2 (exim-4_88_RC1) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28018 (Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain si ...) - exim4 4.94.2-1 (unimportant) [buster] - exim4 4.92-8+deb10u6 [stretch] - exim4 (Vulnerable code introduced later) NOTE: Introduced by: https://git.exim.org/exim.git/commit/a5ffa9b475a426bc73366db01f7cc92a3811bc3a (exim-4_90_RC1) NOTE: Debian Exim is built with GnuTLS, not OpenSSL. NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28017 (Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in rec ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28016 (Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because ...) - exim4 4.94.2-1 [buster] - exim4 (Vulnerable code introduced later) [stretch] - exim4 (Vulnerable code introduced later) NOTE: Introduced by: https://git.exim.org/exim.git/commit/3c90bbcdc7cf73298156f7bcd5f5e750e7814e72 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28015 (Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. L ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28014 (Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28013 (Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mish ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28012 (Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28011 (Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run vi ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28010 (Exim 4 before 4.94.2 allows Out-of-bounds Write because the main funct ...) {DSA-4912-1} - exim4 4.94.2-1 [stretch] - exim4 (Vulnerable code introduced later) NOTE: Introduced by: https://git.exim.org/exim.git/commit/805fd869d551c36d1d77ab2b292a7008d643ca79 (exim-4.92-RC1) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28009 (Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow becaus ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28008 (Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Bec ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-28007 (Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Bec ...) {DSA-4912-1 DLA-2650-1} - exim4 4.94.2-1 NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/7 CVE-2020-25692 (A NULL pointer dereference was found in OpenLDAP server and was fixed ...) {DSA-4782-1 DLA-2425-1} - openldap 2.4.55+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9370 NOTE: https://git.openldap.org/openldap/openldap/-/commit/4c774220a752bf8e3284984890dc0931fe73165d CVE-2020-28006 RESERVED CVE-2020-28005 (httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) al ...) NOT-FOR-US: TP-Link CVE-2020-28004 RESERVED CVE-2020-28003 RESERVED CVE-2020-28002 (In SonarQube 8.4.2.36762, an external attacker can achieve authenticat ...) NOT-FOR-US: SonarQube CVE-2020-28001 (SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. ...) NOT-FOR-US: SolarWinds CVE-2020-28000 RESERVED CVE-2020-27999 RESERVED CVE-2020-27998 (An issue was discovered in FastReport before 2020.4.0. It lacks a Scri ...) NOT-FOR-US: FastReport CVE-2020-27997 (An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross S ...) NOT-FOR-US: SmartStoreNET CVE-2020-27996 (An issue was discovered in SmartStoreNET before 4.0.1. It does not pro ...) NOT-FOR-US: SmartStoreNET CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14 before 1456 ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-27994 (SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Travers ...) NOT-FOR-US: SolarWinds CVE-2020-27993 (Hrsale 2.0.0 allows download?type=files&filename=../ directory tra ...) NOT-FOR-US: Hrsale CVE-2020-27992 (Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse ...) NOT-FOR-US: Dr.Fone CVE-2020-27991 (Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Em ...) NOT-FOR-US: Nagios XI CVE-2020-27990 (Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (ad ...) NOT-FOR-US: Nagios XI CVE-2020-27989 (Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit D ...) NOT-FOR-US: Nagios XI CVE-2020-27988 (Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username ...) NOT-FOR-US: Nagios XI CVE-2020-27987 RESERVED CVE-2020-27986 (** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discov ...) NOT-FOR-US: SonarQube CVE-2020-27985 (Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, ...) NOT-FOR-US: Security Onion CVE-2020-27984 RESERVED CVE-2020-27983 RESERVED CVE-2020-27982 (IceWarp 11.4.5.0 allows XSS via the language parameter. ...) NOT-FOR-US: IceWarp Webmail Server CVE-2020-27981 REJECTED CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WL ...) NOT-FOR-US: Genexis Platinum-4410 P4410-V2-1.28 devices CVE-2020-27979 RESERVED CVE-2020-27978 (Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service ...) NOT-FOR-US: Shibboleth Identify Provider (Debian only packages the SP) CVE-2020-27977 (CapaSystems CapaInstaller before 6.0.101 does not properly assign, mod ...) NOT-FOR-US: CapaSystems CapaInstaller CVE-2020-27976 (osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remot ...) NOT-FOR-US: osCommerce Phoenix CE CVE-2020-27975 (osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php ...) NOT-FOR-US: osCommerce Phoenix CE CVE-2020-27974 (NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_B ...) NOT-FOR-US: NeoPost Mail Accounting Software Pro CVE-2020-27973 RESERVED CVE-2020-27972 RESERVED CVE-2020-27971 RESERVED CVE-2020-27970 (Yandex Browser before 20.10.0 allows remote attackers to spoof the add ...) NOT-FOR-US: Yandex Browser CVE-2020-27969 (Yandex Browser for Android 20.8.4 allows remote attackers to perform S ...) NOT-FOR-US: Yandex Browser CVE-2020-27968 RESERVED CVE-2020-27967 RESERVED CVE-2020-27966 RESERVED CVE-2020-27965 RESERVED CVE-2020-27964 RESERVED CVE-2020-27963 RESERVED CVE-2020-27962 RESERVED CVE-2020-27961 RESERVED CVE-2020-27960 RESERVED CVE-2020-27959 RESERVED CVE-2020-27958 RESERVED CVE-2020-27957 (The RandomGameUnit extension for MediaWiki through 1.35 was not proper ...) NOT-FOR-US: MediaWiki extension CVE-2020-27956 (An Arbitrary File Upload in the Upload Image component in SourceCodest ...) NOT-FOR-US: SourceCodester Car Rental Management System CVE-2020-27955 (Git LFS 2.12.0 allows Remote Code Execution. ...) - git-lfs (Windows-specific) NOTE: https://legalhackers.com/advisories/Git-LFS-RCE-Exploit-CVE-2020-27955.html CVE-2020-27954 RESERVED CVE-2020-27953 RESERVED CVE-2020-27952 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-27951 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-27950 (A memory initialization issue was addressed. This issue is fixed in ma ...) NOT-FOR-US: Apple CVE-2020-27949 (This issue was addressed with improved checks to prevent unauthorized ...) NOT-FOR-US: Apple CVE-2020-27948 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-27947 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-27946 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-27945 (An integer overflow was addressed with improved input validation. This ...) NOT-FOR-US: Apple CVE-2020-27944 (A memory corruption issue existed in the processing of font files. Thi ...) NOT-FOR-US: Apple CVE-2020-27943 (A memory corruption issue existed in the processing of font files. Thi ...) NOT-FOR-US: Apple CVE-2020-27942 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-27941 (A validation issue was addressed with improved logic. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-27940 (This issue was addressed with improved file handling. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-27939 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-27938 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-27937 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-27936 (An out-of-bounds read issue existed that led to the disclosure of kern ...) NOT-FOR-US: Apple CVE-2020-27935 (Multiple issues were addressed with improved logic. This issue is fixe ...) NOT-FOR-US: Apple CVE-2020-27934 RESERVED CVE-2020-27933 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-27932 (A type confusion issue was addressed with improved state handling. Thi ...) NOT-FOR-US: Apple CVE-2020-27931 (A memory corruption issue existed in the processing of font files. Thi ...) NOT-FOR-US: Apple CVE-2020-27930 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-27929 (A logic issue existed in the handling of Group FaceTime calls. The iss ...) NOT-FOR-US: Apple CVE-2020-27928 RESERVED CVE-2020-27927 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-27926 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-27925 (An issue existed in the handling of incoming calls. The issue was addr ...) NOT-FOR-US: Apple CVE-2020-27924 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-27923 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-27922 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-27921 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2020-27920 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-27919 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-27918 (A use after free issue was addressed with improved memory management. ...) {DSA-4877-1} - webkit2gtk 2.30.6-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.6-1 NOTE: https://webkitgtk.org/security/WSA-2021-0002.html CVE-2020-27917 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-27916 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-27915 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-27914 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-27913 RESERVED CVE-2020-27912 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-27911 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-27910 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-27909 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-27908 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-27907 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-27906 (Multiple integer overflows were addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2020-27905 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-27904 (A logic issue existed resulting in memory corruption. This was address ...) NOT-FOR-US: Apple CVE-2020-27903 (This issue was addressed by removing the vulnerable code. This issue i ...) NOT-FOR-US: Apple CVE-2020-27902 (An authentication issue was addressed with improved state management. ...) NOT-FOR-US: Apple CVE-2020-27901 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-27900 (An issue existed in the handling of snapshots. The issue was resolved ...) NOT-FOR-US: Apple CVE-2020-27899 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-27898 (A denial of service issue was addressed with improved state handling. ...) NOT-FOR-US: Apple CVE-2020-27897 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-27896 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2020-27895 (An information disclosure issue existed in the transition of program s ...) NOT-FOR-US: Apple CVE-2020-27894 (The issue was addressed with additional user controls. This issue is f ...) NOT-FOR-US: Apple CVE-2020-27893 (An issue existed in screen sharing. This issue was addressed with impr ...) NOT-FOR-US: Apple CVE-2020-27892 (The Zigbee protocol implementation on Texas Instruments CC2538 devices ...) NOT-FOR-US: Texas Instruments CC2538 devices CVE-2020-27891 (The Zigbee protocol implementation on Texas Instruments CC2538 devices ...) NOT-FOR-US: Texas Instruments CC2538 devices CVE-2020-27890 (The Zigbee protocol implementation on Texas Instruments CC2538 devices ...) NOT-FOR-US: Texas Instruments CC2538 devices CVE-2020-27889 RESERVED CVE-2020-27888 (An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC- ...) NOT-FOR-US: Ubiquiti CVE-2020-27887 (An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authent ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-27886 (An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. T ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-27885 (Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By ...) NOT-FOR-US: WSO2 API Manager CVE-2020-27884 RESERVED CVE-2020-27883 RESERVED CVE-2020-27882 RESERVED CVE-2020-27881 RESERVED CVE-2020-27880 RESERVED CVE-2020-27879 RESERVED CVE-2020-27878 RESERVED CVE-2020-27877 RESERVED CVE-2020-27876 RESERVED CVE-2020-27875 RESERVED CVE-2020-27874 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: WeChat CVE-2020-27873 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: Netgear CVE-2020-27872 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2020-27871 (This vulnerability allows remote attackers to create arbitrary files o ...) NOT-FOR-US: SolarWinds CVE-2020-27870 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: SolarWinds CVE-2020-27869 (This vulnerability allows remote attackers to escalate privileges on a ...) NOT-FOR-US: SolarWinds CVE-2020-27868 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Qognify CVE-2020-27867 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-27866 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2020-27865 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2020-27864 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2020-27863 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: D-Link CVE-2020-27862 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2020-27861 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-27860 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-27859 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: NEC ESMPRO Manager CVE-2020-27858 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CA Arcserve CVE-2020-27857 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-27856 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-27855 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-27854 RESERVED CVE-2020-27853 (Wire before 2020-10-16 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Wire app CVE-2020-27852 (A stored Cross-Site Scripting (XSS) vulnerability in the survey featur ...) NOT-FOR-US: Rocketgenius Gravity Forms CVE-2020-27851 (Multiple stored HTML injection vulnerabilities in the "poll" and "quiz ...) NOT-FOR-US: Rocketgenius Gravity Forms CVE-2020-27850 (A stored Cross-Site Scripting (XSS) vulnerability in forms import feat ...) NOT-FOR-US: Rocketgenius Gravity Forms CVE-2020-27849 RESERVED CVE-2020-27848 (dotCMS before 20.10.1 allows SQL injection, as demonstrated by the /ap ...) NOT-FOR-US: dotCMS CVE-2020-27847 (A vulnerability exists in the SAML connector of the github.com/dexidp/ ...) NOT-FOR-US: github.com/dexidp/dex CVE-2020-27846 (A signature verification vulnerability exists in crewjam/saml. This fl ...) NOT-FOR-US: github.com/crewjam/saml CVE-2020-27845 (There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior t ...) {DSA-4882-1 DLA-2550-1} - openjpeg2 2.4.0-1 NOTE: https://github.com/uclouvain/openjpeg/issues/1302 NOTE: https://github.com/uclouvain/openjpeg/commit/8f5aff1dff510a964d3901d0fba281abec98ab63 (v2.4.0) CVE-2020-27844 (A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior ...) - openjpeg2 (Vulnerable code introduced and fixed in 2.4.0) NOTE: https://github.com/uclouvain/openjpeg/issues/1299 NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/73fdf28342e4594019af26eb6a347a34eceb6296 (v2.4.0) NOTE: Introduced by: https://github.com/uclouvain/openjpeg/commit/4edb8c83374f52cd6a8f2c7c875e8ffacccb5fa5 CVE-2020-27843 (A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw all ...) {DSA-4882-1} - openjpeg2 2.4.0-1 (bug #983663) [stretch] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1297 NOTE: Partial fix (preventing the out of bounds access): https://github.com/uclouvain/openjpeg/commit/38d661a3897052c7ff0b39b30c29cb067e130121 (2.4.0) CVE-2020-27842 (There's a flaw in openjpeg's t2 encoder in versions prior to 2.4.0. An ...) {DSA-4882-1} - openjpeg2 2.4.0-1 [stretch] - openjpeg2 (Minor issue) NOTE: https://github.com/uclouvain/openjpeg/issues/1294 CVE-2020-27841 (There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openj ...) {DSA-4882-1 DLA-2550-1} - openjpeg2 2.4.0-1 NOTE: https://github.com/uclouvain/openjpeg/issues/1293 NOTE: https://github.com/rouault/openjpeg/commit/00383e162ae2f8fc951f5745bf1011771acb8dce (v2.4.0) CVE-2020-27840 (A flaw was found in samba. Spaces used in a string around a domain nam ...) {DSA-4884-1 DLA-2611-1} - ldb 2:2.2.0-3.1 (bug #985936) - samba (unimportant) NOTE: https://www.samba.org/samba/security/CVE-2020-27840.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14595 NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=1996b79f376b459bb964a6344ca5f264e7d6e2ec NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=dbb3e65f7e382adf5fa6a6afb3d8684aca3f201a NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9532c44baea130db74f866e1472cb871936cd3dd NOTE: Samba uses the System ldb library CVE-2020-27839 (A flaw was found in ceph-dashboard. The JSON Web Token (JWT) used for ...) - ceph 14.2.18-1 (bug #985670) [buster] - ceph (Minor issue) [stretch] - ceph (dashboard introduced in 12.1.0) NOTE: https://tracker.ceph.com/issues/44591 NOTE: https://github.com/ceph/ceph/pull/38259 NOTE: https://github.com/ceph/ceph/commit/23f2604d6f9ac16779b4ac43aab6e4e434f2e8ec NOTE: https://github.com/ceph/ceph/commit/843b2e9cd4cb996165d1818ebff125f1414f90c5 (nautilus) CVE-2020-27838 (A flaw was found in keycloak in versions prior to 13.0.0. The client r ...) NOT-FOR-US: Keycloak CVE-2020-27837 (A flaw was found in GDM in versions prior to 3.38.2.1. A race conditio ...) - gdm3 3.38.2.1-1 [buster] - gdm3 (Minor issue) [stretch] - gdm3 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/gdm/-/issues/660 NOTE: https://gitlab.gnome.org/GNOME/gdm/-/commit/dcdbaaa04012541ad2813cf83559d91d52f208b9 (master) NOTE: https://gitlab.gnome.org/GNOME/gdm/-/commit/9b6d9b24a5f69674447c7bc9aacfab0988b914bd (3.38.2.1) CVE-2020-27836 RESERVED NOT-FOR-US: OpenShift CVE-2020-27835 (A use after free in the Linux kernel infiniband hfi1 driver in version ...) - linux 5.9.15-1 NOTE: https://git.kernel.org/linus/3d2a9d642512c21a12d19b9250e7a835dcb41a79 CVE-2020-27834 [attacker can send the same request over and over again without changing the CSRF token] RESERVED NOTE: Bogus report for Zabbix, no actionable information: NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1907497 NOTE: http://almorabea.net/cves/zabbix.txt CVE-2020-27833 (A Zip Slip vulnerability was found in the oc binary in openshift-clien ...) NOT-FOR-US: OpenShift CVE-2020-27832 (A flaw was found in Red Hat Quay, where it has a persistent Cross-site ...) NOT-FOR-US: Quay CVE-2020-27831 (A flaw was found in Red Hat Quay, where it does not properly protect t ...) NOT-FOR-US: Quay CVE-2020-27830 (A vulnerability was found in Linux Kernel where in the spk_ttyio_recei ...) {DSA-4843-1 DLA-2557-1} - linux 5.9.15-1 [stretch] - linux (Vulnerability introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/1 NOTE: https://git.kernel.org/linus/f0992098cadb4c9c6a00703b66cafe604e178fea CVE-2020-27829 (A heap based buffer overflow in coders/tiff.c may result in program cr ...) - imagemagick 8:6.9.11.57+dfsg-1 [buster] - imagemagick (Vulnerable code not present) [stretch] - imagemagick (vulnerable code was introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ee5059cd3ac8d82714a1ab1321399b88539abf0 NOTE: https://github.com/ImageMagick/ImageMagick6/commit/e30be60bd97313b80e2701239728a3f47c570817 NOTE: Introduced in https://github.com/ImageMagick/ImageMagick6/commit/b874d50070557eb98bdc6a3095ef4769af583dd2 CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Cr ...) - jasper NOTE: https://github.com/jasper-software/jasper/issues/252 NOTE: https://github.com/jasper-software/jasper/pull/253 CVE-2020-27827 (A flaw was found in multiple versions of OpenvSwitch. Specially crafte ...) {DSA-4836-1 DLA-2571-1} - lldpd 1.0.8-1 [buster] - lldpd (Minor issue) [stretch] - lldpd (Minor issue) - openvswitch 2.15.0~git20210104.def6eb1ea+dfsg1-4 (bug #980132) NOTE: https://github.com/openvswitch/ovs/pull/337 NOTE: https://github.com/lldpd/lldpd/commit/a8d3c90feca548fc0656d95b5d278713db86ff61 NOTE: https://mail.openvswitch.org/pipermail/ovs-announce/2021-January/000269.html NOTE: https://github.com/openvswitch/ovs/commit/78e712c0b1dacc2f12d2a03d98f083d8672867f0 CVE-2020-27826 (A flaw was found in Keycloak before version 12.0.0 where it is possibl ...) NOT-FOR-US: Keycloak CVE-2020-27825 (A use-after-free flaw was found in kernel/trace/ring_buffer.c in Linux ...) {DSA-4843-1 DLA-2586-1 DLA-2557-1} - linux 5.9.6-1 NOTE: https://git.kernel.org/linus/bbeb97464eefc65f506084fd9f18f21653e01137 CVE-2020-27824 (A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_expli ...) {DSA-4882-1 DLA-2550-1} - openjpeg2 2.4.0-1 NOTE: https://github.com/uclouvain/openjpeg/issues/1286 NOTE: https://github.com/uclouvain/openjpeg/commit/6daf5f3e1ec6eff03b7982889874a3de6617db8d (v2.4.0) CVE-2020-27823 (A flaw was found in OpenJPEG’s encoder. This flaw allows an atta ...) {DSA-4882-1 DLA-2550-1} - openjpeg2 2.4.0-1 NOTE: https://github.com/uclouvain/openjpeg/issues/1284 NOTE: https://github.com/uclouvain/openjpeg/commit/b2072402b7e14d22bba6fb8cde2a1e9996e9a919 (v2.4.0) CVE-2020-27822 (A flaw was found in Wildfly affecting versions 19.0.0.Final, 19.1.0.Fi ...) - wildfly (bug #752018) CVE-2020-27821 (A flaw was found in the memory management API of QEMU during the initi ...) - qemu 1:5.2+dfsg-3 (bug #977616) [buster] - qemu (Fix along in future update) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902651 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=4bfb024bc76973d40a359476dc0291f46e435442 NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=48564041a73adbbff52834f9edbe3806fceefab7 (v3.0) CVE-2020-27820 (A vulnerability was found in Linux kernel, where a use-after-frees in ...) - linux 5.15.5-1 (unimportant) NOTE: No security impact, requires physical access to the computer CVE-2020-27819 (An issue was discovered in libxls before and including 1.6.1 when read ...) - r-cran-readxl (Embeds libxls, but not affected) NOTE: https://github.com/libxls/libxls/issues/84 CVE-2020-27818 (A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. ...) - pngcheck 2.3.0-13 (bug #976350) [buster] - pngcheck 2.3.0-7+deb10u1 [stretch] - pngcheck (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1902011 NOTE: Patch applied in Fedora: https://src.fedoraproject.org/rpms/pngcheck/blob/cc48791e34201caf7b686084b735d06cef66c974/f/pngcheck-2.4.0-overflow-bz1897485.patch CVE-2020-27817 REJECTED CVE-2020-27816 (The elasticsearch-operator does not validate the namespace where kiban ...) NOT-FOR-US: OpenShift Elasticsearch operator CVE-2020-27815 (A flaw was found in the JFS filesystem code in the Linux Kernel which ...) {DSA-4843-1 DLA-2586-1 DLA-2557-1} - linux 5.10.4-1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/30/5 CVE-2020-27814 (A heap-buffer overflow was found in the way openjpeg2 handled certain ...) {DSA-4882-1 DLA-2550-1} - openjpeg2 2.4.0-1 NOTE: https://github.com/uclouvain/openjpeg/issues/1283 NOTE: https://github.com/uclouvain/openjpeg/commit/eaa098b59b346cb88e4d10d505061f669d7134fc (v2.4.0) NOTE: https://github.com/uclouvain/openjpeg/commit/15cf3d95814dc931ca0ecb132f81cb152e051bae (v2.4.0) NOTE: https://github.com/uclouvain/openjpeg/commit/649298dcf84b2f20cfe458d887c1591db47372a6 NOTE: https://github.com/uclouvain/openjpeg/commit/4ce7d285a55d29b79880d0566d4b010fe1907aa9 CVE-2020-27813 (An integer overflow vulnerability exists with the length of websocket ...) {DLA-2520-1} - golang-github-gorilla-websocket (Fixed with first upload to Debian with renamed source package) - golang-websocket NOTE: https://github.com/gorilla/websocket/security/advisories/GHSA-jf24-p9p9-4rjh NOTE: https://github.com/gorilla/websocket/commit/5b740c29263eb386f33f265561c8262522f19d37 (v1.4.1) CVE-2020-27812 RESERVED CVE-2020-27811 RESERVED CVE-2020-27810 RESERVED CVE-2020-27809 RESERVED CVE-2020-27808 RESERVED CVE-2020-27807 RESERVED CVE-2020-27806 RESERVED CVE-2020-27805 RESERVED CVE-2020-27804 RESERVED CVE-2020-27803 RESERVED CVE-2020-27802 RESERVED CVE-2020-27801 RESERVED CVE-2020-27800 RESERVED CVE-2020-27799 RESERVED CVE-2020-27798 RESERVED CVE-2020-27797 RESERVED CVE-2020-27796 RESERVED CVE-2020-27795 RESERVED CVE-2020-27794 RESERVED CVE-2020-27793 RESERVED CVE-2020-27792 RESERVED CVE-2020-27791 RESERVED CVE-2020-27790 RESERVED CVE-2020-27789 RESERVED CVE-2020-27788 RESERVED CVE-2020-27787 RESERVED CVE-2020-27786 (A flaw was found in the Linux kernel’s implementation of MIDI, w ...) - linux 5.6.14-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/c1f6e3c818dd734c30f6a7eeebf232ba2cf3181d CVE-2020-27785 REJECTED CVE-2020-27784 RESERVED CVE-2020-27783 (A XSS vulnerability was discovered in python-lxml's clean module. The ...) {DSA-4810-1 DLA-2467-1} - lxml 4.6.2-1 NOTE: https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e (lxml-4.6.1) NOTE: https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7 (lxml-4.6.2) CVE-2020-27782 (A flaw was found in the Undertow AJP connector. Malicious requests and ...) - undertow 2.2.4-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1901304 NOTE: https://issues.redhat.com/browse/UNDERTOW-1824 NOTE: https://github.com/undertow-io/undertow/commit/fdac349cbcd1da41fe8b9d4e7ebbab6879990c2a (2.2.4.Final) CVE-2020-27781 (User credentials can be manipulated and stolen by Native CephFS consum ...) - ceph 14.2.16-1 (bug #985670) [buster] - ceph (Minor issue) [stretch] - ceph (Minor issue) NOTE: https://bugs.launchpad.net/manila/+bug/1904015 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1900109 NOTE: https://github.com/ceph/ceph/commit/1b8a634fdcd94dfb3ba650793fb1b6d09af65e05 (octopus) NOTE: https://github.com/ceph/ceph/commit/7e3e4e73783a98bb07ab399438eb3aab41a6fc8b (nautilus) NOTE: https://github.com/ceph/ceph/commit/956ceb853a58f6b6847b31fac34f2f0228a70579 (luminous) CVE-2020-27780 (A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it ...) - pam (Only affects 1.5.0) NOTE: https://github.com/linux-pam/linux-pam/issues/284 NOTE: Introduced by: https://github.com/linux-pam/linux-pam/commit/af0faf666c5008e54dfe43684f210e3581ff1bca (v1.5.0) NOTE: Fixed by: https://github.com/linux-pam/linux-pam/commit/30fdfb90d9864bcc254a62760aaa149d373fd4eb CVE-2020-27779 (A flaw was found in grub2 in versions prior to 2.06. The cutmem comman ...) {DSA-4867-1} - grub2 2.04-16 [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...) - poppler 0.85.0-2 [buster] - poppler (Minor issue) [stretch] - poppler (Minor issue; maybe worth fixing later) NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/issues/742 NOTE: https://gitlab.freedesktop.org/poppler/poppler/-/commit/30c731b487190c02afff3f036736a392eb60cd9a (poppler-0.76.0) CVE-2020-27777 (A flaw was found in the way RTAS handled memory accesses in userspace ...) {DLA-2483-1} - linux 5.9.6-1 [buster] - linux 4.19.160-1 [stretch] - linux (Only an issue when Secure Boot is implemented) NOTE: https://git.kernel.org/linus/bd59380c5ba4147dcbaad3e582b55ccfd120b764 CVE-2020-27776 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1736 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/0c92913ec5705300943703f1795f34c0cc25164e NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5 CVE-2020-27775 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1737 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a2166bfb1049bac4c0f7b8b5d3ef86a1f48470b2 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/78d9987ae80a95865c9f139afde0dcf3fd832ddc CVE-2020-27774 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1743 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/29cee9152d1b5487cfd19443ca48935eea0cabe2 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/052175e4b190598141fbcc64641cd5ee4db3602d CVE-2020-27773 (A flaw was found in ImageMagick in MagickCore/gem-private.h. An attack ...) {DLA-2523-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1739 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/3d71aa8265ffaaf686021a6fbd54c037f71ee3a2 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/be6ffd9f283c2681d74469db8b000701665cf034 CVE-2020-27772 (A flaw was found in ImageMagick in coders/bmp.c. An attacker who submi ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1749 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a1142af44f61c038ad3eccc099c5b9548b507846 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7f819ef8855608d9cb1ded5e4f30cdfff1da7c11 CVE-2020-27771 (In RestoreMSCWarning() of /coders/pdf.c there are several areas where ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1753 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/872ffe6d0131beec8b47568a4874ffaca91a872e NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/9dd1c7e1f8f6c137bfd3293be2554f59456c7b62 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/a07ecde4c1c3a3efaa628434adc903295f6bb2b3 CVE-2020-27770 (Due to a missing check for 0 value of `replace_extent`, it is possible ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1721 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/be90a5395695f0d19479a5d46b06c678be7f7927 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c01495f91ac71c5205f52713430b68e80d851149 CVE-2020-27769 (In ImageMagick versions before 7.0.9-0, there are outside the range of ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1740 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7b058696133c6d36e0b48a454e357482db71982e NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/7661113a654c9c822c23a8fb8aa1b021fc7fbe9d CVE-2020-27768 (In ImageMagick, there is an outside the range of representable values ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1751 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/95d4e94e0353e503b71a53f5e6fad173c7c70c90 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/8c6e86f81968fab1710317d87b00c608108e6a2a CVE-2020-27767 (A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker w ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1741 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/564f2a35e523e2b6cce9485018157f03ec05a947 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c2f66e7fc9189a652f77a021bd047c4146d634d1 CVE-2020-27766 (A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1734 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/29cee9152d1b5487cfd19443ca48935eea0cabe2 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/052175e4b190598141fbcc64641cd5ee4db3602d NOTE: Same fix as CVE-2020-27774 CVE-2020-27765 (A flaw was found in ImageMagick in MagickCore/segment.c. An attacker w ...) {DLA-2523-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1730 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a4c89f2a61069ad7637bc7749cc1a839de442526 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/4321934be544bc2888c6799fd6b50d8188a3d832 CVE-2020-27764 (In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOp ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1735 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e21bc8a58b4ae38d24c7e283837cc279f35b6a5 CVE-2020-27763 (A flaw was found in ImageMagick in MagickCore/resize.c. An attacker wh ...) {DLA-2523-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1718 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/43539e67a47d2f8de832d33a5b26dc2a7a12294f NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/cc0944d57f846c839905d573503ab055b34090e4 CVE-2020-27762 (A flaw was found in ImageMagick in coders/hdr.c. An attacker who submi ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1713 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/7db3fa20893d557259da6e99e111954de83d2495 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3e10f7c3c9f0394dfd6ebd372bc34a172dabc8ff CVE-2020-27761 (WritePALMImage() in /coders/palm.c used size_t casts in several areas ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1726 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/db5e12e24f1378ce8c93a5c35991dcdd23a67bb0 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/14c90fb315eb3666a4cf6d784cbde74c69c934ec CVE-2020-27760 (In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` v ...) {DLA-2523-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1717 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/c5fcdea6a6ae27cf3db20c28b176e87b1a584e06 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/83cd04f580ccf4cc194813777c1fcfba78e602aa CVE-2020-27759 (In IntensityCompare() of /MagickCore/quantize.c, a double value was be ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1720 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/d44f8a35558951a21367d306a42e5a097f3a43fe NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/460dea07066e2001bc4671fcd8d53233f0fc29b3 CVE-2020-27758 (A flaw was found in ImageMagick in coders/txt.c. An attacker who submi ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1719 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f0a8d407b2801174fd8923941a9e7822f7f9a506 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e5e15b4456c825f78554e2ef1cc6344fa1218448 CVE-2020-27757 (A floating point math calculation in ScaleAnyToQuantum() of /MagickCor ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1712 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/e88532bd4418e95b70cbc415fe911d22ab27a5fd NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ded073520c133421f842160d3a9e207788f55a90 CVE-2020-27756 (In ParseMetaGeometry() of MagickCore/geometry.c, image height and widt ...) - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) [stretch] - imagemagick (Vulnerable code introduced later) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1725 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f35eca82b0c294ff9d0ccad104a881c3ae2ba913 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/d3d96f05950275b916207bf9df03640ef3e9fd6e NOTE: Introduced in https://github.com/ImageMagick/ImageMagick6/commit/7dd318e6f7f86eb41e474e3131c59ea26af6c1b2 (6.9.9-34) CVE-2020-27755 (in SetImageExtent() of /MagickCore/image.c, an incorrect image depth s ...) - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1756 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f28e9e56e1b56d4e1f09d2a56d70892ae295d6a4 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/f9191f9e388330c8e22661b42092cc78a29a5d6f CVE-2020-27754 (In IntensityCompare() of /magick/quantize.c, there are calls to PixelP ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1754 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick6/commit/d5df600d43c8706df513a3273d09aee6f54a9233 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/d5df600d43c8706df513a3273d09aee6f54a9233 CVE-2020-27753 (There are several memory leaks in the MIFF coder in /coders/miff.c due ...) - imagemagick 8:6.9.11.24+dfsg-1 (unimportant) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1757 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/bb3acad195de95db86c7509d8072db01890470e0 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6f5d3d2cd94eb8361e07546c4bf72cb60681b984 CVE-2020-27752 (A flaw was found in ImageMagick in MagickCore/quantum-private.h. An at ...) - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) [stretch] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1752 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a9d563d3d73874312080d30dc4ba07cecad56192 NOTE: CVE-2020-27752 and CVE-2020-25664 were not reproducible by upstream. NOTE: Previous patch was reverted. Original POC no longer available. It is NOTE: impossible to determine whether there was a possible security vulnerability NOTE: in the first place. CVE-2020-27751 (A flaw was found in ImageMagick in MagickCore/quantum-export.c. An att ...) {DLA-2672-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1727 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/f60d59cc3a7e3402d403361e0985ffa56f746a82 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/879bb6a13ece5508cd983bc3d64ced23900b60ee CVE-2020-27750 (A flaw was found in ImageMagick in MagickCore/colorspace-private.h and ...) {DLA-2523-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1711 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a81ca9a1b46a96be83682af3389f0a6f3d0d389d NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c7038e710ad0204d6cb37a0229fc55f6f8a8662f CVE-2020-27749 (A flaw was found in grub2 in versions prior to 2.06. Variable names pr ...) {DSA-4867-1} - grub2 2.04-16 [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-27748 (A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and ...) - xdg-utils (bug #975370) [bullseye] - xdg-utils (Minor issue; regression potential; revisit when fixed upstream) [buster] - xdg-utils (Minor issue; regression potential; revisit when fixed upstream) [stretch] - xdg-utils (Minor issue; regression potential; revisit when fixed upstream) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899769 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1613425 NOTE: https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177 NOTE: Introduced by: https://gitlab.freedesktop.org/xdg/xdg-utils/-/commit/53bd27e8d0ab37f64638d27a8ddd328a297351fe NOTE: Proposed change: https://gitlab.freedesktop.org/xdg/xdg-utils/-/merge_requests/28 CVE-2020-27747 (An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973 ...) NOT-FOR-US: Click Studios Passwordstate CVE-2020-27746 (Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Informa ...) {DSA-4841-1} - slurm-wlm (Fixed with first upload to Debian with renamed source package) - slurm-llnl (bug #974722) [stretch] - slurm-llnl (Minor issue) NOTE: https://www.schedmd.com/news.php?id=240 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html NOTE: https://github.com/SchedMD/slurm/commit/07309deb45c33e735e191faf9dd31cca1054a15c NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix CVE-2020-27745 (Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflo ...) {DSA-4841-1} - slurm-wlm (Fixed with first upload to Debian with renamed source package) - slurm-llnl (bug #974721) [stretch] - slurm-llnl (Minor issue) NOTE: https://www.schedmd.com/news.php?id=240 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000045.html NOTE: https://github.com/SchedMD/slurm/commit/c3142dd87e06621ff148791c3d2f298b5c0b3a81 NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix CVE-2020-27744 (An issue was discovered on Western Digital My Cloud NAS devices before ...) NOT-FOR-US: Western Digital My Cloud NAS devices CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAN ...) - libpam-tacplus (Vulnerable code added later) NOTE: https://github.com/kravietz/pam_tacplus/pull/163 NOTE: https://github.com/kravietz/pam_tacplus/security/advisories/GHSA-rp3p-jm35-jv76 NOTE: Introduced with: https://github.com/kravietz/pam_tacplus/commit/6fac2504657b8d98fcd627d60ebdbffcf0253b81 (v1.5.0-beta.1) NOTE: Fixed by: https://github.com/kravietz/pam_tacplus/commit/c9bed7496e81e550ee22746f23bbb11be2e046ed (v1.6.1) NOTE: Fixed by: https://github.com/kravietz/pam_tacplus/commit/bceaab0cd51a09b88f40f19da799ac7390264bf8 (v1.6.1) CVE-2020-27742 (An Insecure Direct Object Reference vulnerability in Citadel WebCit th ...) - webcit (bug #973385) [buster] - webcit (Minor issue) [stretch] - webcit (Minor issue) CVE-2020-27741 (Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit ...) - webcit (bug #973385) [buster] - webcit (Minor issue) [stretch] - webcit (Minor issue) CVE-2020-27740 (Citadel WebCit through 926 allows unauthenticated remote attackers to ...) - webcit (bug #973385) [buster] - webcit (Minor issue) [stretch] - webcit (Minor issue) CVE-2020-27739 (A Weak Session Management vulnerability in Citadel WebCit through 926 ...) - webcit (bug #973385) [buster] - webcit (Minor issue) [stretch] - webcit (Minor issue) CVE-2020-27738 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) CVE-2020-27737 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) CVE-2020-27736 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) CVE-2020-27735 (An XSS issue was discovered in Wing FTP 6.4.4. An arbitrary IFRAME ele ...) NOT-FOR-US: Wing FTP CVE-2020-27734 RESERVED CVE-2020-27733 (Zoho ManageEngine Applications Manager before 14 build 14880 allows an ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-27732 RESERVED CVE-2020-27731 RESERVED CVE-2020-27730 (In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller ...) NOT-FOR-US: NGINX Controller CVE-2020-27729 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27728 (On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27727 (On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27726 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27725 (In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12. ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27724 (In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27723 (In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual se ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27722 (In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27721 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27720 (On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27719 (On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27718 (When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27717 (On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27716 (On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27715 (On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to th ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27714 (On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27713 (In certain configurations on version 13.1.3.4, when a BIG-IP AFM HTTP ...) NOT-FOR-US: F5 BIG-IP CVE-2020-27712 RESERVED CVE-2020-27711 RESERVED CVE-2020-27710 RESERVED CVE-2020-27709 RESERVED CVE-2020-27708 (A vulnerability exists in the Origin Client that could allow a non-Adm ...) NOT-FOR-US: Electronic Arts CVE-2020-27707 RESERVED CVE-2020-27706 RESERVED CVE-2020-27705 RESERVED CVE-2020-27704 RESERVED CVE-2020-27703 RESERVED CVE-2020-27702 RESERVED CVE-2020-27701 RESERVED CVE-2020-27700 RESERVED CVE-2020-27699 RESERVED CVE-2020-27698 RESERVED CVE-2020-27697 (Trend Micro Security 2020 (Consumer) contains a vulnerability in the i ...) NOT-FOR-US: Trend Micro CVE-2020-27696 (Trend Micro Security 2020 (Consumer) contains a vulnerability in the i ...) NOT-FOR-US: Trend Micro CVE-2020-27695 (Trend Micro Security 2020 (Consumer) contains a vulnerability in the i ...) NOT-FOR-US: Trend Micro CVE-2020-27694 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) NOT-FOR-US: Trend Micro CVE-2020-27693 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) NOT-FOR-US: Trend Micro CVE-2020-27692 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...) NOT-FOR-US: Relish (Verve Connect) VH510 device CVE-2020-27691 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...) NOT-FOR-US: Relish (Verve Connect) VH510 device CVE-2020-27690 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...) NOT-FOR-US: Relish (Verve Connect) VH510 device CVE-2020-27689 (The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0 ...) NOT-FOR-US: Relish (Verve Connect) VH510 device CVE-2020-27688 (RVToolsPasswordEncryption.exe in RVTools 4.0.6 allows users to encrypt ...) NOT-FOR-US: RVTools CVE-2020-27687 (ThingsBoard before v3.2 is vulnerable to Host header injection in pass ...) NOT-FOR-US: ThingsBoard CVE-2020-27686 RESERVED CVE-2020-27685 RESERVED CVE-2020-27684 RESERVED CVE-2020-27683 RESERVED CVE-2020-27682 RESERVED CVE-2020-27681 RESERVED CVE-2020-27680 RESERVED CVE-2020-27679 RESERVED CVE-2020-27678 (An issue was discovered in illumos before 2020-10-22, as used in OmniO ...) NOT-FOR-US: illumos CVE-2020-27677 RESERVED CVE-2020-27676 RESERVED CVE-2020-27669 RESERVED CVE-2020-27668 RESERVED CVE-2020-27667 RESERVED CVE-2020-27666 (Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview fea ...) NOT-FOR-US: Strapi CVE-2020-27665 (In Strapi before 3.2.5, there is no admin::hasPermissions restriction ...) NOT-FOR-US: Strapi CVE-2020-27664 (admin/src/containers/InputModalStepperProvider/index.js in Strapi befo ...) NOT-FOR-US: Strapi CVE-2020-27663 (In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct ...) - glpi CVE-2020-27662 (In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object ...) - glpi CVE-2020-27661 (A divide-by-zero issue was found in dwc2_handle_packet in hw/usb/hcd-d ...) - qemu 1:5.2+dfsg-1 (bug #972864) [buster] - qemu (Fix along in future DSA) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03 (v5.2.0-rc0) CVE-2020-27660 (SQL injection vulnerability in request.cgi in Synology SafeAccess befo ...) NOT-FOR-US: Synology CVE-2020-27659 (Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAc ...) NOT-FOR-US: Synology CVE-2020-27658 (Synology Router Manager (SRM) before 1.2.4-8081 does not include the H ...) NOT-FOR-US: Synology Router Manager (SRM) CVE-2020-27657 (Cleartext transmission of sensitive information vulnerability in DDNS ...) NOT-FOR-US: Synology Router Manager (SRM) CVE-2020-27656 (Cleartext transmission of sensitive information vulnerability in DDNS ...) NOT-FOR-US: Synology CVE-2020-27655 (Improper access control vulnerability in Synology Router Manager (SRM) ...) NOT-FOR-US: Synology CVE-2020-27654 (Improper access control vulnerability in lbd in Synology Router Manage ...) NOT-FOR-US: Synology CVE-2020-27653 (Algorithm downgrade vulnerability in QuickConnect in Synology Router M ...) NOT-FOR-US: Synology CVE-2020-27652 (Algorithm downgrade vulnerability in QuickConnect in Synology DiskStat ...) NOT-FOR-US: Synology CVE-2020-27651 (Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secur ...) NOT-FOR-US: Synology CVE-2020-27650 (Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set t ...) NOT-FOR-US: Synology CVE-2020-27649 (Improper certificate validation vulnerability in OpenVPN client in Syn ...) NOT-FOR-US: Synology CVE-2020-27648 (Improper certificate validation vulnerability in OpenVPN client in Syn ...) NOT-FOR-US: Synology CVE-2020-27647 RESERVED CVE-2020-27646 (Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1 ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-27645 (The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unqu ...) NOT-FOR-US: 1E Client CVE-2020-27644 (The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unqu ...) NOT-FOR-US: 1E Client CVE-2020-27643 (The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0 ...) NOT-FOR-US: 1E Client CVE-2020-27642 (A cross-site scripting (XSS) vulnerability exists in the 'merge accoun ...) NOT-FOR-US: BigBlueButton CVE-2020-27641 REJECTED CVE-2020-27640 (The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with ...) NOT-FOR-US: Mitel CVE-2020-27639 (The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phone ...) NOT-FOR-US: Mitel CVE-2020-27637 (The R programming language’s default package manager CRAN is aff ...) - r-base 4.0.3-1 [buster] - r-base (Minor issue) [stretch] - r-base (Minor issue) NOTE: https://labs.bishopfox.com/advisories/cran-version-4.0.2 CVE-2020-27636 RESERVED CVE-2020-27635 RESERVED CVE-2020-27634 RESERVED CVE-2020-27633 RESERVED CVE-2020-27632 (In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is ...) NOT-FOR-US: Siemens SIMATIC MV400 CVE-2020-27631 RESERVED CVE-2020-27630 RESERVED CVE-2020-27629 (In JetBrains TeamCity before 2020.1.5, secure dependency parameters co ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-27628 (In JetBrains TeamCity before 2020.1.5, the Guest user had access to au ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-27627 (JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection. ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-27626 (JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF. ...) NOT-FOR-US: JetBrains CVE-2020-27625 (In JetBrains YouTrack before 2020.3.888, notifications might have ment ...) NOT-FOR-US: JetBrains CVE-2020-27624 (JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF. ...) NOT-FOR-US: JetBrains CVE-2020-27623 (JetBrains IdeaVim before version 0.58 might have caused an information ...) NOT-FOR-US: JetBrains CVE-2020-27622 (In JetBrains IntelliJ IDEA before 2020.2, the built-in web server coul ...) - intellij-idea (bug #747616) CVE-2020-27621 (The FileImporter extension in MediaWiki through 1.35.0 was not properl ...) NOT-FOR-US: MediaWiki extension CVE-2020-27620 (The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because Me ...) NOT-FOR-US: MediaWiki extension CVE-2020-27619 (In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK ...) - python3.9 (unimportant) - python3.8 (unimportant) - python3.7 (unimportant) NOTE: https://python-security.readthedocs.io/vuln/cjk-codec-download-eval.html NOTE: https://github.com/python/cpython/commit/2ef5caa58febc8968e670e39e3d37cf8eef3cab8 (master) NOTE: https://github.com/python/cpython/commit/a8bf44d04915f7366d9f8dfbf84822ac37a4bab3 (master) NOTE: https://github.com/python/cpython/commit/b664a1df4ee71d3760ab937653b10997081b1794 (3.9) NOTE: https://github.com/python/cpython/commit/6c6c256df3636ff6f6136820afaefa5a10a3ac33 (3.8) NOTE: https://github.com/python/cpython/commit/43e523103886af66d6c27cd72431b5d9d14cd2a9 (3.7) NOTE: https://bugs.python.org/issue41944 NOTE: Only affects the testsuite CVE-2020-27618 (The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and ...) - glibc 2.31-5 (bug #973914) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=26224 NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=9a99c682144bdbd40792ebf822fe9264e0376fb5 CVE-2020-27617 (eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to t ...) {DLA-2469-1} - qemu 1:5.2+dfsg-1 (bug #973324) [buster] - qemu (Fix along in future DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06023.html NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=7564bf7701f00214cdc8a678a9f7df765244def1 (v5.2.0-rc2) CVE-2020-27616 (ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outsi ...) - qemu 1:5.2+dfsg-1 (bug #975265) [buster] - qemu (Vulnerable code introduced in ATI VGA device emulation added later) [stretch] - qemu (Vulnerable code introduced in ATI VGA device emulation added later) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg06080.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ca1f9cbfdce4d63b10d57de80fef89a89d92a540 (v5.2.0-rc1) CVE-2020-27615 (The Loginizer plugin before 1.6.4 for WordPress allows SQL injection ( ...) NOT-FOR-US: Loginizer plugin for WordPress CVE-2020-27614 (AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the ...) NOT-FOR-US: AnyDesk for macOS CVE-2020-27638 (receive.c in fastd before v21 allows denial of service (assertion fail ...) {DLA-2414-1} - fastd 21-1 (bug #972521) [buster] - fastd 18-3+deb10u1 NOTE: https://github.com/NeoRaider/fastd/commit/737925113363b6130879729cdff9ccc46c33eaea CVE-2020-27613 (The installation procedure in BigBlueButton before 2.2.17 uses ClueCon ...) NOT-FOR-US: BigBlueButton CVE-2020-27612 (Greenlight in BigBlueButton through 2.2.28 places usernames in room UR ...) NOT-FOR-US: BigBlueButton CVE-2020-27611 (BigBlueButton through 2.2.28 uses STUN/TURN resources from a third par ...) NOT-FOR-US: BigBlueButton CVE-2020-27610 (The installation procedure in BigBlueButton before 2.2.28 (or earlier) ...) NOT-FOR-US: BigBlueButton CVE-2020-27609 (BigBlueButton through 2.2.28 records a video meeting despite the deact ...) NOT-FOR-US: BigBlueButton CVE-2020-27608 (In BigBlueButton before 2.2.6, uploaded presentations are sent to clie ...) NOT-FOR-US: BigBlueButton CVE-2020-27607 (In BigBlueButton before 2.2.28 (or earlier), the client-side Mute butt ...) NOT-FOR-US: BigBlueButton CVE-2020-27606 (BigBlueButton before 2.2.28 (or earlier) does not set the secure flag ...) NOT-FOR-US: BigBlueButton CVE-2020-27605 (BigBlueButton through 2.2.28 uses Ghostscript for processing of upload ...) NOT-FOR-US: BigBlueButton CVE-2020-27604 (BigBlueButton before 2.3 does not implement LibreOffice sandboxing. Th ...) NOT-FOR-US: BigBlueButton CVE-2020-27603 (BigBlueButton before 2.2.27 has an unsafe JODConverter setting in whic ...) NOT-FOR-US: BigBlueButton CVE-2020-27602 (BigBlueButton before 2.2.7 does not have a protection mechanism for se ...) NOT-FOR-US: BigBlueButton CVE-2020-27601 (In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat do ...) NOT-FOR-US: BigBlueButton CVE-2020-27673 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.6-1 [buster] - linux 4.19.160-1 NOTE: https://xenbits.xen.org/xsa/advisory-332.html CVE-2020-27675 (An issue was discovered in the Linux kernel through 5.9.1, as used wit ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.6-1 [buster] - linux 4.19.160-1 NOTE: https://xenbits.xen.org/xsa/advisory-331.html CVE-2020-27674 (An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS ...) {DSA-4804-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-286.html CVE-2020-27672 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...) {DSA-4804-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-345.html CVE-2020-27671 (An issue was discovered in Xen through 4.14.x allowing x86 HVM and PVH ...) {DSA-4804-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-346.html CVE-2020-27670 (An issue was discovered in Xen through 4.14.x allowing x86 guest OS us ...) {DSA-4804-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-347.html CVE-2020-27600 (HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-84 ...) NOT-FOR-US: D-Link CVE-2020-27599 RESERVED CVE-2020-27598 RESERVED CVE-2020-27597 RESERVED CVE-2020-27596 RESERVED CVE-2020-27595 RESERVED CVE-2020-27594 RESERVED CVE-2020-27593 RESERVED CVE-2020-27592 RESERVED CVE-2020-27591 RESERVED CVE-2020-27590 RESERVED CVE-2020-27589 (Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - ...) NOT-FOR-US: hub-rest-api-python CVE-2020-27588 RESERVED CVE-2020-27587 (Quick Heal Total Security before 19.0 allows attackers with local admi ...) NOT-FOR-US: Quick Heal Total Security CVE-2020-27586 (Quick Heal Total Security before version 19.0 transmits quarantine and ...) NOT-FOR-US: Quick Heal Total Security CVE-2020-27585 (Quick Heal Total Security before 19.0 allows attackers with local admi ...) NOT-FOR-US: Quick Heal Total Security CVE-2020-27584 RESERVED CVE-2020-27583 (** UNSUPPORTED WHEN ASSIGNED ** IBM InfoSphere Information Server 8.5. ...) NOT-FOR-US: IBM CVE-2020-27582 RESERVED CVE-2020-27581 RESERVED CVE-2020-27580 RESERVED CVE-2020-27579 RESERVED CVE-2020-27578 RESERVED CVE-2020-27577 RESERVED CVE-2020-27576 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XS ...) NOT-FOR-US: Maxum Rumpus CVE-2020-27575 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vuln ...) NOT-FOR-US: Maxum Rumpus CVE-2020-27574 (Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forge ...) NOT-FOR-US: Maxum Rumpus CVE-2020-27573 RESERVED CVE-2020-27572 RESERVED CVE-2020-27571 RESERVED CVE-2020-27570 RESERVED CVE-2020-27569 (Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. ...) NOT-FOR-US: Aviatrix VPN Client CVE-2020-27568 (Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Sever ...) NOT-FOR-US: Aviatrix Controller CVE-2020-27567 RESERVED CVE-2020-27566 RESERVED CVE-2020-27565 RESERVED CVE-2020-27564 RESERVED CVE-2020-27563 RESERVED CVE-2020-27562 RESERVED CVE-2020-27561 RESERVED CVE-2020-27560 (ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames i ...) {DLA-2523-1} - imagemagick 8:6.9.11.57+dfsg-1 (bug #972797) [buster] - imagemagick (Minor issue) NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/ef59bd764f88d893f1219fee8ba696a5d3f8c1c4 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6e3b13c7ef94d72b40fba91987897c4326717a46 CVE-2020-27559 RESERVED CVE-2020-27558 (Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 201 ...) NOT-FOR-US: BASETech CVE-2020-27557 (Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT ...) NOT-FOR-US: BASETech CVE-2020-27556 (A predictable device ID in BASETech GE-131 BT-1837836 firmware 2018092 ...) NOT-FOR-US: BASETech CVE-2020-27555 (Use of default credentials for the telnet server in BASETech GE-131 BT ...) NOT-FOR-US: BASETech CVE-2020-27554 (Cleartext Transmission of Sensitive Information vulnerability in BASET ...) NOT-FOR-US: BASETech CVE-2020-27553 (In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the ...) NOT-FOR-US: BASETech CVE-2020-27552 RESERVED CVE-2020-27551 RESERVED CVE-2020-27550 RESERVED CVE-2020-27549 RESERVED CVE-2020-27548 RESERVED CVE-2020-27547 RESERVED CVE-2020-27546 RESERVED CVE-2020-27545 RESERVED - dwarfutils 20201201-1 [buster] - dwarfutils (Minor issue) NOTE: https://www.prevanders.net/dwarfbug.html#DW202010-001 NOTE: https://github.com/davea42/libdwarf-code/commit/95f634808c01f1c61bbec56ed2395af997f397ea CVE-2020-27544 RESERVED CVE-2020-27543 (The restify-paginate package 0.0.5 for Node.js allows remote attackers ...) NOT-FOR-US: Node restify-paginate CVE-2020-27542 (Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. ...) NOT-FOR-US: Rostelecom CS-C2SHW CVE-2020-27541 (Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. Agen ...) NOT-FOR-US: Rostelecom CS-C2SHW CVE-2020-27540 (Bash injection vulnerability and bypass of signature verification in R ...) NOT-FOR-US: Rostelecom CS-C2SHW CVE-2020-27539 (Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW ...) NOT-FOR-US: Rostelecom CS-C2SHW CVE-2020-27538 RESERVED CVE-2020-27537 RESERVED CVE-2020-27536 RESERVED CVE-2020-27535 RESERVED CVE-2020-27534 (util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 c ...) - docker.io (Windows-specific) CVE-2020-27533 (A Cross Site Scripting (XSS) issue was discovered in the search featur ...) NOT-FOR-US: DedeCMS CVE-2020-27532 RESERVED CVE-2020-27531 RESERVED CVE-2020-27530 RESERVED CVE-2020-27529 RESERVED CVE-2020-27528 RESERVED CVE-2020-27527 RESERVED CVE-2020-27526 RESERVED CVE-2020-27525 RESERVED CVE-2020-27524 (On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multi ...) NOT-FOR-US: Audi CVE-2020-27523 (Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string sp ...) NOT-FOR-US: Solstice-Pod CVE-2020-27522 RESERVED CVE-2020-27521 RESERVED CVE-2020-27520 RESERVED CVE-2020-27519 (Pritunl Client v1.2.2550.20 contains a local privilege escalation vuln ...) NOT-FOR-US: Pritunl Client CVE-2020-27518 (All versions of Windscribe VPN for Mac and Windows <= v2.02.10 cont ...) NOT-FOR-US: Windscribe VPN CVE-2020-27517 RESERVED CVE-2020-27516 RESERVED CVE-2020-27515 (A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows ...) NOT-FOR-US: Savsoft Quiz CVE-2020-27514 RESERVED CVE-2020-27513 RESERVED CVE-2020-27512 RESERVED CVE-2020-27511 (An issue was discovered in the stripTags and unescapeHTML components i ...) - prototypejs (bug #991898) [bullseye] - prototypejs (Minor issue) [stretch] - prototypejs (Minor issue) NOTE: https://github.com/prototypejs/prototype/blame/dee2f7d8611248abce81287e1be4156011953c90/src/prototype/lang/string.js#L283 NOTE: https://github.com/yetingli/PoCs/blob/main/CVE-2020-27511/Prototype.md NOTE: CVE mentions newer version but vulnerable code exists in older versions too NOTE: https://sources.debian.org/src/prototypejs/1.7.1-3/prototype-1.7.1.js/#L617 CVE-2020-27510 RESERVED CVE-2020-27509 RESERVED CVE-2020-27508 (In two-factor authentication, the system also sending 2fa secret key i ...) NOT-FOR-US: Frappe Framework CVE-2020-27507 RESERVED CVE-2020-27506 RESERVED CVE-2020-27505 RESERVED CVE-2020-27504 RESERVED CVE-2020-27503 RESERVED CVE-2020-27502 RESERVED CVE-2020-27501 RESERVED CVE-2020-27500 RESERVED CVE-2020-27499 RESERVED CVE-2020-27498 RESERVED CVE-2020-27497 RESERVED CVE-2020-27496 RESERVED CVE-2020-27495 RESERVED CVE-2020-27494 RESERVED CVE-2020-27493 RESERVED CVE-2020-27492 RESERVED CVE-2020-27491 RESERVED CVE-2020-27490 RESERVED CVE-2020-27489 RESERVED CVE-2020-27488 (Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are ...) NOT-FOR-US: Loxone Miniserver devices CVE-2020-27487 RESERVED CVE-2020-27486 (Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The ...) NOT-FOR-US: Garmin CVE-2020-27485 (Garmin Forerunner 235 before 8.20 is affected by: Array index error. T ...) NOT-FOR-US: Garmin CVE-2020-27484 (Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. Th ...) NOT-FOR-US: Garmin CVE-2020-27483 (Garmin Forerunner 235 before 8.20 is affected by: Array index error. T ...) NOT-FOR-US: Garmin CVE-2020-27482 RESERVED CVE-2020-27481 (An unauthenticated SQL Injection vulnerability in Good Layers LMS Plug ...) NOT-FOR-US: Good Layers LMS Plugin for WordPress CVE-2020-27480 RESERVED CVE-2020-27479 RESERVED CVE-2020-27478 RESERVED CVE-2020-27477 RESERVED CVE-2020-27476 RESERVED CVE-2020-27475 RESERVED CVE-2020-27474 RESERVED CVE-2020-27473 RESERVED CVE-2020-27472 RESERVED CVE-2020-27471 RESERVED CVE-2020-27470 RESERVED CVE-2020-27469 RESERVED CVE-2020-27468 RESERVED CVE-2020-27467 RESERVED CVE-2020-27466 (An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemp ...) NOT-FOR-US: rConfig CVE-2020-27465 RESERVED CVE-2020-27464 (An insecure update feature in the /updater.php component of rConfig 3. ...) NOT-FOR-US: rConfig CVE-2020-27463 RESERVED CVE-2020-27462 RESERVED CVE-2020-27461 (A remote code execution vulnerability in SEOPanel 4.6.0 has been fixed ...) NOT-FOR-US: SEOPanel CVE-2020-27460 RESERVED CVE-2020-27459 (Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a ...) NOT-FOR-US: Chronoforeum CVE-2020-27458 RESERVED CVE-2020-27457 RESERVED CVE-2020-27456 RESERVED CVE-2020-27455 RESERVED CVE-2020-27454 RESERVED CVE-2020-27453 RESERVED CVE-2020-27452 RESERVED CVE-2020-27451 RESERVED CVE-2020-27450 RESERVED CVE-2020-27449 RESERVED CVE-2020-27448 RESERVED CVE-2020-27447 RESERVED CVE-2020-27446 RESERVED CVE-2020-27445 RESERVED CVE-2020-27444 RESERVED CVE-2020-27443 RESERVED CVE-2020-27442 RESERVED CVE-2020-27441 RESERVED CVE-2020-27440 RESERVED CVE-2020-27439 RESERVED CVE-2020-27438 RESERVED CVE-2020-27437 RESERVED CVE-2020-27436 RESERVED CVE-2020-27435 RESERVED CVE-2020-27434 RESERVED CVE-2020-27433 RESERVED CVE-2020-27432 RESERVED CVE-2020-27431 RESERVED CVE-2020-27430 RESERVED CVE-2020-27429 RESERVED CVE-2020-27428 RESERVED CVE-2020-27427 RESERVED CVE-2020-27426 RESERVED CVE-2020-27425 RESERVED CVE-2020-27424 RESERVED CVE-2020-27423 (Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password rese ...) NOT-FOR-US: Anuko Time Tracker CVE-2020-27422 (In Anuko Time Tracker v1.19.23.5311, the password reset link emailed t ...) NOT-FOR-US: Anuko Time Tracker CVE-2020-27421 RESERVED CVE-2020-27420 RESERVED CVE-2020-27419 RESERVED CVE-2020-27418 RESERVED CVE-2020-27417 RESERVED CVE-2020-27416 RESERVED CVE-2020-27415 RESERVED CVE-2020-27414 (Mahavitaran android application 7.50 and prior transmit sensitive info ...) NOT-FOR-US: Mahavitaran android application CVE-2020-27413 RESERVED CVE-2020-27412 RESERVED CVE-2020-27411 RESERVED CVE-2020-27410 RESERVED CVE-2020-27409 (OpenSIS Community Edition before 7.5 is affected by a cross-site scrip ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-27408 (OpenSIS Community Edition through 7.6 is affected by incorrect access ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-27407 RESERVED CVE-2020-27406 (Cross Site Scripting (XSS) vulnerability in DynPG 4.9.1, allows authen ...) NOT-FOR-US: DynPG CVE-2020-27405 RESERVED CVE-2020-27404 RESERVED CVE-2020-27403 (A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 ...) NOT-FOR-US: TCL Android Smart TV series CVE-2020-27402 (The HK1 Box S905X3 TV Box contains a vulnerability that allows a local ...) NOT-FOR-US: HK1 Box S905X3 TV Box CVE-2020-27401 RESERVED CVE-2020-27400 RESERVED CVE-2020-27399 RESERVED CVE-2020-27398 RESERVED CVE-2020-27397 (Marital - Online Matrimonial Project In PHP version 1.0 suffers from a ...) NOT-FOR-US: Marital - Online Matrimonial Project CVE-2020-27396 RESERVED CVE-2020-27395 RESERVED CVE-2020-27394 RESERVED CVE-2020-27393 RESERVED CVE-2020-27392 RESERVED CVE-2020-27391 RESERVED CVE-2020-27390 RESERVED CVE-2020-27389 RESERVED CVE-2020-27388 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in th ...) NOT-FOR-US: YOURLS Admin Panel CVE-2020-27387 (An unrestricted file upload issue in HorizontCMS through 1.0.0-beta al ...) NOT-FOR-US: HorizontCMS CVE-2020-27386 (An unrestricted file upload issue in FlexDotnetCMS before v1.5.9 allow ...) NOT-FOR-US: FlexDotnetCMS CVE-2020-27385 (Incorrect Access Control in the FileEditor (/Admin/Views/FileEditor/) ...) NOT-FOR-US: FlexDotnetCMS CVE-2020-27384 (The Gw2-64.exe in Guild Wars 2 launcher version 106916 suffers from an ...) NOT-FOR-US: Guild Wars 2 launcher CVE-2020-27383 (Battle.net.exe in Battle.Net 1.27.1.12428 suffers from an elevation of ...) NOT-FOR-US: Battle.Net CVE-2020-27382 RESERVED CVE-2020-27381 RESERVED CVE-2020-27380 RESERVED CVE-2020-27379 (Cross Site Request Forgery (CSRF) vulnerability in Booking Core - Ulti ...) NOT-FOR-US: Booking Core - Ultimate Booking System Booking Core CVE-2020-27378 RESERVED CVE-2020-27377 (A cross-site scripting (XSS) vulnerability was discovered in the Admin ...) NOT-FOR-US: CMS Made Simple CVE-2020-27376 RESERVED CVE-2020-27375 RESERVED CVE-2020-27374 RESERVED CVE-2020-27373 RESERVED CVE-2020-27372 (A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1 ...) - brandy (unimportant) NOTE: https://sourceforge.net/p/brandy/bugs/10/ NOTE: Negligible security impact CVE-2020-27371 RESERVED CVE-2020-27370 RESERVED CVE-2020-27369 RESERVED CVE-2020-27368 (Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V ...) NOT-FOR-US: TOTOLINK CVE-2020-27367 RESERVED CVE-2020-27366 RESERVED CVE-2020-27365 RESERVED CVE-2020-27364 RESERVED CVE-2020-27363 RESERVED CVE-2020-27362 (An issue exists within the SSH console of Akkadian Provisioning Manage ...) NOT-FOR-US: Akkadian CVE-2020-27361 (An issue exists within Akkadian Provisioning Manager 4.50.02 which all ...) NOT-FOR-US: Akkadian CVE-2020-27360 RESERVED CVE-2020-27359 (A cross-site scripting (XSS) issue in REDCap 8.11.6 through 9.x before ...) NOT-FOR-US: REDCap CVE-2020-27358 (An issue was discovered in REDCap 8.11.6 through 9.x before 10. The me ...) NOT-FOR-US: REDCap CVE-2020-27357 RESERVED CVE-2020-27356 RESERVED CVE-2020-27355 RESERVED CVE-2020-27354 RESERVED CVE-2020-27353 RESERVED CVE-2020-27352 RESERVED - snapd 2.49-1 [buster] - snapd (Minor issue) [stretch] - snapd (Minor issue) NOTE: https://ubuntu.com/security/notices/USN-4728-1 NOTE: https://github.com/docker-snap/docker-snap/security/advisories/GHSA-798c-v3jq-h646 NOTE: https://bugs.launchpad.net/snapd/+bug/1910456 CVE-2020-27351 (Various memory and file descriptor leaks were found in apt-python file ...) {DSA-4809-1 DLA-2488-1} - python-apt 2.1.7 NOTE: https://bugs.launchpad.net/bugs/1899193 CVE-2020-27350 (APT had several integer overflows and underflows while parsing .deb pa ...) {DSA-4808-1 DLA-2487-1} - apt 2.1.13 NOTE: https://bugs.launchpad.net/bugs/1899193 CVE-2020-27349 (Aptdaemon performed policykit checks after interacting with potentiall ...) - aptdaemon NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1899193 CVE-2020-27348 (In some conditions, a snap package built by snapcraft includes the cur ...) NOT-FOR-US: snapcraft CVE-2020-27346 REJECTED CVE-2020-27345 RESERVED CVE-2020-27344 (The cm-download-manager plugin before 2.8.0 for WordPress allows XSS. ...) NOT-FOR-US: cm-download-manager plugin for WordPress CVE-2020-27343 RESERVED CVE-2020-27342 RESERVED CVE-2020-27341 RESERVED CVE-2020-27340 (The online help portal of Mitel MiCollab before 9.2 could allow an att ...) NOT-FOR-US: Mitel CVE-2020-27339 (In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not cor ...) NOT-FOR-US: Insyde CVE-2020-27338 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input ...) NOT-FOR-US: Treck CVE-2020-27337 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input ...) NOT-FOR-US: Treck CVE-2020-27336 (An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input ...) NOT-FOR-US: Treck CVE-2020-27335 RESERVED CVE-2020-27334 RESERVED CVE-2020-27333 RESERVED CVE-2020-27332 RESERVED CVE-2020-27331 RESERVED CVE-2020-27330 RESERVED CVE-2020-27329 RESERVED CVE-2020-27328 RESERVED CVE-2020-27327 RESERVED CVE-2020-27326 RESERVED CVE-2020-27325 RESERVED CVE-2020-27324 RESERVED CVE-2020-27323 RESERVED CVE-2020-27322 RESERVED CVE-2020-27321 RESERVED CVE-2020-27320 RESERVED CVE-2020-27319 RESERVED CVE-2020-27318 RESERVED CVE-2020-27317 RESERVED CVE-2020-27316 RESERVED CVE-2020-27315 RESERVED CVE-2020-27314 RESERVED CVE-2020-27313 RESERVED CVE-2020-27312 RESERVED CVE-2020-27311 RESERVED CVE-2020-27310 RESERVED CVE-2020-27309 RESERVED CVE-2020-27308 RESERVED CVE-2020-27307 RESERVED CVE-2020-27306 RESERVED CVE-2020-27305 RESERVED CVE-2020-27304 (The CivetWeb web library does not validate uploaded filepaths when run ...) - civetweb 1.15+dfsg-1 (unimportant) NOTE: vulnerable code is an example, not packaged by Debian but present in source package NOTE: https://groups.google.com/g/civetweb/c/yPBxNXdGgJQ NOTE: https://github.com/civetweb/civetweb/commit/b2ed60c589172b37f3d705c69d84313eeb8348b1 NOTE: https://github.com/civetweb/civetweb/commit/e489ff4f05647126ffa62d3a54f50bf7b7380776#diff-da20af5c7c76edbce3228777f142173af544c0202af876e8d5618f839f9ab2ac CVE-2020-27303 RESERVED CVE-2020-27302 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...) NOT-FOR-US: Realtek CVE-2020-27301 (A stack buffer overflow in Realtek RTL8710 (and other Ameba-based devi ...) NOT-FOR-US: Realtek CVE-2020-27300 RESERVED CVE-2020-27299 (The affected product is vulnerable to an out-of-bounds read, which may ...) NOT-FOR-US: OPC UA Tunneller CVE-2020-27298 (Philips Interventional Workspot (Release 1.3.2, 1.4.0, 1.4.1, 1.4.3, 1 ...) NOT-FOR-US: Philips CVE-2020-27297 (The affected product is vulnerable to a heap-based buffer overflow, wh ...) NOT-FOR-US: OPC UA Tunneller CVE-2020-27296 RESERVED CVE-2020-27295 (The affected product has uncontrolled resource consumption issues, whi ...) NOT-FOR-US: OPC UA Tunneller CVE-2020-27294 RESERVED CVE-2020-27293 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a type conf ...) NOT-FOR-US: Delta Electronics CNCSoft-B CVE-2020-27292 RESERVED CVE-2020-27291 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable t ...) NOT-FOR-US: Delta Electronics CNCSoft-B CVE-2020-27290 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an inf ...) NOT-FOR-US: Hamilton Medical CVE-2020-27289 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior has a null poin ...) NOT-FOR-US: Delta Electronics CNCSoft-B CVE-2020-27288 (An untrusted pointer dereference has been identified in the way TPEdit ...) NOT-FOR-US: Delta Electronics (Delta) CVE-2020-27287 (Delta Electronics CNCSoft-B Versions 1.0.0.2 and prior is vulnerable t ...) NOT-FOR-US: Delta Electronics CNCSoft-B CVE-2020-27286 RESERVED CVE-2020-27285 (The default configuration of Crimson 3.1 (Build versions prior to 3119 ...) NOT-FOR-US: Crimson CVE-2020-27284 (TPEditor (v1.98 and prior) is vulnerable to two out-of-bounds write in ...) NOT-FOR-US: Delta Electronics (Delta) CVE-2020-27283 (An attacker could send a specially crafted message to Crimson 3.1 (Bui ...) NOT-FOR-US: Crimson CVE-2020-27282 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, an XML ...) NOT-FOR-US: Hamilton Medical CVE-2020-27281 (A stack-based buffer overflow may exist in Delta Electronics CNCSoft S ...) NOT-FOR-US: Delta Electronics CNCSoft ScreenEditor CVE-2020-27280 (A use after free issue has been identified in the way ISPSoft(v3.12 an ...) NOT-FOR-US: Delta Electronics (Delta) CVE-2020-27279 (A NULL pointer deference vulnerability has been identified in the prot ...) NOT-FOR-US: Crimson CVE-2020-27278 (In Hamilton Medical AG,T1-Ventillator versions 2.2.3 and prior, hard-c ...) NOT-FOR-US: Hamilton Medical CVE-2020-27277 (Delta Electronics DOPSoft Version 4.0.8.21 and prior has a null pointe ...) NOT-FOR-US: Delta Electronics DOPSoft CVE-2020-27276 (SOOIL Developments Co Ltd DiabecareRS,AnyDana-i & AnyDana-A, the c ...) NOT-FOR-US: SOOIL Developments Co., Ltd. CVE-2020-27275 (Delta Electronics DOPSoft Version 4.0.8.21 and prior is vulnerable to ...) NOT-FOR-US: Delta Electronics DOPSoft CVE-2020-27274 (Some parsing functions in the affected product do not check the return ...) NOT-FOR-US: OPC UA Tunneller CVE-2020-27273 RESERVED CVE-2020-27272 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The commun ...) NOT-FOR-US: SOOIL Developments Co., Ltd. CVE-2020-27271 RESERVED CVE-2020-27270 (SOOIL Developments CoLtd DiabecareRS, AnyDana-i ,AnyDana-A, communicat ...) NOT-FOR-US: SOOIL Developments Co., Ltd. CVE-2020-27269 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...) NOT-FOR-US: SOOIL Developments Co., Ltd. CVE-2020-27268 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...) NOT-FOR-US: SOOIL Developments Co., Ltd. CVE-2020-27267 (KEPServerEX v6.0 to v6.9, ThingWorx Kepware Server v6.8 and v6.9, Thin ...) NOT-FOR-US: KEPServerEX CVE-2020-27266 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...) NOT-FOR-US: SOOIL Developments Co., Ltd. CVE-2020-27265 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, Th ...) NOT-FOR-US: KEPServerEX CVE-2020-27264 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...) NOT-FOR-US: SOOIL Developments Co., Ltd. CVE-2020-27263 (KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, Th ...) NOT-FOR-US: KEPServerEX CVE-2020-27262 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7. ...) NOT-FOR-US: Innokas Yhtyma Oy CVE-2020-27261 (The Omron CX-One Version 4.60 and prior is vulnerable to a stack-based ...) NOT-FOR-US: Omron CX-One CVE-2020-27260 (Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7. ...) NOT-FOR-US: Innokas Yhtyma Oy CVE-2020-27259 (The Omron CX-One Version 4.60 and prior may allow an attacker to suppl ...) NOT-FOR-US: Omron CX-One CVE-2020-27258 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...) NOT-FOR-US: SOOIL Developments Co., Ltd. CVE-2020-27257 (This vulnerability allows local attackers to execute arbitrary code du ...) NOT-FOR-US: Omron CX-One CVE-2020-27256 (In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, ...) NOT-FOR-US: SOOIL Developments Co., Ltd. CVE-2020-27255 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...) NOT-FOR-US: FactoryTalk CVE-2020-27254 (Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, X ...) NOT-FOR-US: Emerson CVE-2020-27253 (A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx ...) NOT-FOR-US: FactoryTalk CVE-2020-27252 (Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race ...) NOT-FOR-US: Medtronic MyCareLink Smart 25000 CVE-2020-27251 (A heap overflow vulnerability exists within FactoryTalk Linx Version 6 ...) NOT-FOR-US: FactoryTalk CVE-2020-27250 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1 ...) NOT-FOR-US: SoftMaker CVE-2020-27249 (A specially crafted document can cause the document parser to copy dat ...) NOT-FOR-US: SoftMaker CVE-2020-27248 (A specially crafted document can cause the document parser to copy dat ...) NOT-FOR-US: SoftMaker CVE-2020-27247 (A specially crafted document can cause the document parser to copy dat ...) NOT-FOR-US: SoftMaker CVE-2020-27246 (An exploitable SQL injection vulnerability exists in ‘listImmoLa ...) NOT-FOR-US: OpenClinic CVE-2020-27245 (An exploitable SQL injection vulnerability exists in ‘listImmoLa ...) NOT-FOR-US: OpenClinic CVE-2020-27244 (An exploitable SQL injection vulnerability exists in ‘listImmoLa ...) NOT-FOR-US: OpenClinic CVE-2020-27243 (An exploitable SQL injection vulnerability exists in ‘listImmoLa ...) NOT-FOR-US: OpenClinic CVE-2020-27242 (An exploitable SQL injection vulnerability exists in ‘listImmoLa ...) NOT-FOR-US: OpenClinic CVE-2020-27241 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) NOT-FOR-US: OpenClinic CVE-2020-27240 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) NOT-FOR-US: OpenClinic CVE-2020-27239 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) NOT-FOR-US: OpenClinic CVE-2020-27238 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) NOT-FOR-US: OpenClinic CVE-2020-27237 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) NOT-FOR-US: OpenClinic CVE-2020-27236 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) NOT-FOR-US: OpenClinic CVE-2020-27235 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) NOT-FOR-US: OpenClinic CVE-2020-27234 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) NOT-FOR-US: OpenClinic CVE-2020-27233 (An exploitable SQL injection vulnerability exists in ‘getAssets. ...) NOT-FOR-US: OpenClinic CVE-2020-27232 (An exploitable SQL injection vulnerability exists in ‘manageServ ...) NOT-FOR-US: OpenClinic CVE-2020-27231 (A number of exploitable SQL injection vulnerabilities exists in ‘ ...) NOT-FOR-US: OpenClinic CVE-2020-27230 (A number of exploitable SQL injection vulnerabilities exists in ‘ ...) NOT-FOR-US: OpenClinic CVE-2020-27229 (A number of exploitable SQL injection vulnerabilities exists in ‘ ...) NOT-FOR-US: OpenClinic CVE-2020-27228 (An incorrect default permissions vulnerability exists in the installat ...) NOT-FOR-US: OpenClinic CVE-2020-27227 (An exploitable unatuhenticated command injection exists in the OpenCli ...) NOT-FOR-US: OpenClinic CVE-2020-27226 (An exploitable SQL injection vulnerability exists in ‘quickFile. ...) NOT-FOR-US: OpenClinic CVE-2020-27225 (In versions 4.18 and earlier of the Eclipse Platform, the Help Subsyst ...) - eclipse [stretch] - eclipse (Minor issue) CVE-2020-27224 (In Eclipse Theia versions up to and including 1.2.0, the Markdown Prev ...) NOT-FOR-US: Eclipse Theia CVE-2020-27223 (In Eclipse Jetty 9.4.6.v20170531 to 9.4.36.v20210114 (inclusive), 10.0 ...) {DSA-4949-1} - jetty9 9.4.38-1 [stretch] - jetty9 (Vulnerable code introduced later) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=571128 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-m394-8rww-3jr7 NOTE: https://github.com/eclipse/jetty.project/issues/5963 NOTE: https://github.com/eclipse/jetty.project/commit/10e531756b972162eed402c44d0244f7f6b85131 NOTE: Introduced by https://github.com/eclipse/jetty.project/commit/cb84946467dc55826a8021ea2592ba58252863c9 (jetty-9.4.6.v20170531) CVE-2020-27222 (In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based ( ...) NOT-FOR-US: Eclipse Californium CVE-2020-27221 (In Eclipse OpenJ9 up to and including version 0.23, there is potential ...) NOT-FOR-US: Eclipse OpenJ9 CVE-2020-27220 (The Eclipse Hono AMQP and MQTT protocol adapters do not check whether ...) NOT-FOR-US: Eclipse Hono CVE-2020-27219 (In all version of Eclipse Hawkbit prior to 0.3.0M7, the HTTP 404 (Not ...) NOT-FOR-US: Eclipse Hawkbit CVE-2020-27218 (In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 ...) - jetty9 9.4.35-1 (bug #976211) [buster] - jetty9 (Minor issue, too intrusive to backport, patch introduces regressions, workarounds exist) [stretch] - jetty9 (Minor issue, request smuggling in specific conditions, invasive, patch introduces regressions, workarounds exist) NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=568892 NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-86wm-rrjm-8wh8 NOTE: https://github.com/eclipse/jetty.project/issues/5605 CVE-2020-27217 (In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does ...) NOT-FOR-US: Eclipse Hono CVE-2020-27216 (In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thr ...) {DSA-4949-1 DLA-2661-1} - jetty9 9.4.33-1 - jetty8 - jetty NOTE: https://bugs.eclipse.org/bugs/show_bug.cgi?id=567921 NOTE: https://github.com/eclipse/jetty.project/commit/53e0e0e9b25a6309bf24ee3b10984f4145701edb NOTE: https://github.com/eclipse/jetty.project/commit/9ad6beb80543b392c91653f6bfce233fc75b9d5f NOTE: https://github.com/eclipse/jetty.project/security/advisories/GHSA-g3wg-6mcf-8jj6 CVE-2020-27215 RESERVED CVE-2020-27214 RESERVED CVE-2020-27213 RESERVED CVE-2020-27212 (STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect a ...) NOT-FOR-US: STMicroelectronics STM32L4 devices CVE-2020-27211 (Nordic Semiconductor nRF52840 devices through 2020-10-19 have improper ...) NOT-FOR-US: Nordic Semiconductor nRF52840 devices CVE-2020-27210 RESERVED CVE-2020-27209 (The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simp ...) NOT-FOR-US: micro-ecc CVE-2020-27208 (The flash read-out protection (RDP) level is not enforced during the d ...) NOT-FOR-US: SoloKeys Solo CVE-2020-27207 (Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sq ...) NOT-FOR-US: Zetetic SQLCipher CVE-2020-27206 RESERVED CVE-2020-27205 RESERVED CVE-2020-27204 RESERVED CVE-2020-27203 RESERVED CVE-2020-27202 RESERVED CVE-2020-27201 RESERVED CVE-2020-27200 RESERVED CVE-2020-27199 (The Magic Home Pro application 1.5.1 for Android allows Authentication ...) NOT-FOR-US: Magic Home Pro application for Android CVE-2020-27198 RESERVED CVE-2020-27197 (** DISPUTED ** TAXII libtaxii through 1.1.117, as used in EclecticIQ O ...) NOT-FOR-US: TAXII libtaxii CVE-2020-27196 (An issue was discovered in PlayJava in Play Framework 2.6.0 through 2. ...) NOT-FOR-US: Play Framework CVE-2020-27195 (HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client ...) - nomad 0.10.9+dfsg1-1 (bug #972795) NOTE: https://github.com/hashicorp/nomad/issues/9129 NOTE: https://github.com/hashicorp/nomad/commit/a8ea7c5f421297db434b45046fca7a9deef6df85 (0.12.6) CVE-2020-27193 (A cross-site scripting (XSS) vulnerability in the Color Dialog plugin ...) NOT-FOR-US: CKEditor plugin CVE-2020-27192 (BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs. ...) NOT-FOR-US: BinaryNights ForkLift CVE-2020-27191 (LionWiki before 3.2.12 allows an unauthenticated user to read files as ...) NOT-FOR-US: LionWiki CVE-2020-27194 (An issue was discovered in the Linux kernel before 5.8.15. scalar32_mi ...) - linux 5.9.1-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/5b9fbeb75b6a98955f628e205ac26689bcb1383e CVE-2020-27190 RESERVED CVE-2020-27189 RESERVED CVE-2020-27188 RESERVED CVE-2020-27187 (An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. T ...) - kpmcore 4.2.0-1 [buster] - kpmcore (kpmcore_externalcommand not yet present) [stretch] - kpmcore (kpmcore_externalcommand not yet present) NOTE: https://kde.org/info/security/advisory-20201017-1.txt NOTE: https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed (fix) NOTE: https://invent.kde.org/system/kpmcore/-/commit/7ec4b611dcf822439b081613cca4184689266454 (removes KF5 5.73 dependency) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1890199 CVE-2020-27186 RESERVED CVE-2020-27185 (Cleartext transmission of sensitive information via Moxa Service in NP ...) NOT-FOR-US: Moxa Service in NPort IA5000A series serial devices CVE-2020-27184 (The NPort IA5000A Series devices use Telnet as one of the network devi ...) NOT-FOR-US: NPort IA5000A Series devices CVE-2020-27183 (A RemoteFunctions endpoint with missing access control in konzept-ix p ...) NOT-FOR-US: konzept-ix publiXone CVE-2020-27182 (Multiple cross-site scripting (XSS) vulnerabilities in konzept-ix publ ...) NOT-FOR-US: konzept-ix publiXone CVE-2020-27181 (A hardcoded AES key in CipherUtils.java in the Java applet of konzept- ...) NOT-FOR-US: konzept-ix publiXone CVE-2020-27180 (konzept-ix publiXone before 2020.015 allows attackers to download file ...) NOT-FOR-US: konzept-ix publiXone CVE-2020-27179 (konzept-ix publiXone before 2020.015 allows attackers to take over arb ...) NOT-FOR-US: konzept-ix publiXone CVE-2020-27178 (Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4 ...) NOT-FOR-US: Apereo CAS CVE-2020-27177 RESERVED CVE-2020-27176 (Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote C ...) NOT-FOR-US: Mark Text CVE-2020-27175 RESERVED CVE-2020-27174 (In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the ...) NOT-FOR-US: Firecracker CVE-2020-27173 (In vm-superio before 0.1.1, the serial console FIFO can grow to unlimi ...) NOT-FOR-US: vm-superio CVE-2020-27172 (An issue was discovered in G-Data before 25.5.9.25 using Symbolic link ...) NOT-FOR-US: G-Data CVE-2020-27171 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...) {DLA-2610-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 [stretch] - linux (Vulnerability introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/3 CVE-2020-27170 (An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/ ...) {DLA-2610-1} - linux 5.10.24-1 [buster] - linux 4.19.181-1 [stretch] - linux (Vulnerability introduced later) NOTE: https://www.openwall.com/lists/oss-security/2021/03/19/2 CVE-2020-27169 RESERVED CVE-2020-27168 RESERVED CVE-2020-27167 RESERVED CVE-2020-27166 RESERVED CVE-2020-27165 REJECTED CVE-2020-27164 RESERVED CVE-2020-27163 (phpRedisAdmin before 1.13.2 allows XSS via the login.php username para ...) NOT-FOR-US: phpRedisAdmin CVE-2020-27162 RESERVED CVE-2020-27161 RESERVED CVE-2020-27160 (Addressed remote code execution vulnerability in AvailableApps.php tha ...) NOT-FOR-US: Western Digital My Cloud NAS devices CVE-2020-27159 (Addressed remote code execution vulnerability in DsdkProxy.php due to ...) NOT-FOR-US: Western Digital My Cloud NAS devices CVE-2020-27158 (Addressed remote code execution vulnerability in cgi_api.php that allo ...) NOT-FOR-US: Western Digital My Cloud NAS devices CVE-2020-27157 (Veritas APTARE versions prior to 10.5 included code that bypassed the ...) NOT-FOR-US: Veritas CVE-2020-27156 (Veritas APTARE versions prior to 10.5 did not perform adequate authori ...) NOT-FOR-US: Veritas CVE-2020-27155 (An issue was discovered in Octopus Deploy through 2020.4.4. If enabled ...) NOT-FOR-US: Octopus Deploy CVE-2020-27154 (The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Win ...) NOT-FOR-US: Mitel CVE-2020-27152 (An issue was discovered in ioapic_lazy_update_eoi in arch/x86/kvm/ioap ...) - linux 5.9.6-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888886 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=208767 NOTE: https://git.kernel.org/linus/77377064c3a94911339f13ce113b3abf265e06da CVE-2020-27151 (An issue was discovered in Kata Containers through 1.11.3 and 2.x thro ...) NOT-FOR-US: Kata Containers CVE-2020-27153 (In BlueZ before 5.55, a double free was found in the gatttool disconne ...) {DSA-4951-1 DLA-2410-1} - bluez 5.55-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1884817 NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=1cd644db8c23a2f530ddb93cebed7dacc5f5721a CVE-2020-27150 (In multiple versions of NPort IA5000A Series, the result of exporting ...) NOT-FOR-US: NPort IA5000A Series devices CVE-2020-27149 (By exploiting a vulnerability in NPort IA5150A/IA5250A Series before v ...) NOT-FOR-US: NPort IA5150A/IA5250A Series devices CVE-2020-27148 (The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange ...) NOT-FOR-US: TIBCO CVE-2020-27147 (The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress c ...) NOT-FOR-US: TIBCO CVE-2020-27146 (The Core component of TIBCO Software Inc.'s TIBCO iProcess Workspace ( ...) NOT-FOR-US: TIBCO CVE-2020-27145 RESERVED CVE-2020-27144 RESERVED CVE-2020-27143 RESERVED CVE-2020-27142 RESERVED CVE-2020-27141 RESERVED CVE-2020-27140 RESERVED CVE-2020-27139 RESERVED CVE-2020-27138 RESERVED CVE-2020-27137 RESERVED CVE-2020-27136 RESERVED CVE-2020-27135 RESERVED CVE-2020-27134 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...) NOT-FOR-US: Cisco CVE-2020-27133 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...) NOT-FOR-US: Cisco CVE-2020-27132 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...) NOT-FOR-US: Cisco CVE-2020-27131 (Multiple vulnerabilities in the Java deserialization function that is ...) NOT-FOR-US: Cisco CVE-2020-27130 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...) NOT-FOR-US: Cisco CVE-2020-27129 (A vulnerability in the remote management feature of Cisco SD-WAN vMana ...) NOT-FOR-US: Cisco CVE-2020-27128 (A vulnerability in the application data endpoints of Cisco SD-WAN vMan ...) NOT-FOR-US: Cisco CVE-2020-27127 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...) NOT-FOR-US: Cisco CVE-2020-27126 (A vulnerability in an API of Cisco Webex Meetings could allow an unaut ...) NOT-FOR-US: Cisco CVE-2020-27125 (A vulnerability in Cisco Security Manager could allow an unauthenticat ...) NOT-FOR-US: Cisco CVE-2020-27124 RESERVED CVE-2020-27123 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) NOT-FOR-US: Cisco CVE-2020-27122 (A vulnerability in the Microsoft Active Directory integration of Cisco ...) NOT-FOR-US: Cisco CVE-2020-27121 (A vulnerability in Cisco Unified Communications Manager IM &amp; P ...) NOT-FOR-US: Cisco CVE-2020-27120 RESERVED CVE-2020-27119 RESERVED CVE-2020-27118 RESERVED CVE-2020-27117 RESERVED CVE-2020-27116 RESERVED CVE-2020-27115 RESERVED CVE-2020-27114 RESERVED CVE-2020-27113 RESERVED CVE-2020-27112 RESERVED CVE-2020-27111 RESERVED CVE-2020-27110 RESERVED CVE-2020-27109 RESERVED CVE-2020-27108 RESERVED CVE-2020-27107 RESERVED CVE-2020-27106 RESERVED CVE-2020-27105 RESERVED CVE-2020-27104 RESERVED CVE-2020-27103 RESERVED CVE-2020-27102 RESERVED CVE-2020-27101 RESERVED CVE-2020-27100 RESERVED CVE-2020-27099 RESERVED CVE-2020-27098 (In checkGrantUriPermission of UriGrantsManagerService.java, there is a ...) NOT-FOR-US: Android CVE-2020-27097 (In checkGrantUriPermission of UriGrantsManagerService.java, there is a ...) NOT-FOR-US: Android CVE-2020-27096 RESERVED CVE-2020-27095 RESERVED CVE-2020-27094 RESERVED CVE-2020-27093 RESERVED CVE-2020-27092 RESERVED CVE-2020-27091 RESERVED CVE-2020-27090 RESERVED CVE-2020-27089 RESERVED CVE-2020-27088 RESERVED CVE-2020-27087 RESERVED CVE-2020-27086 RESERVED CVE-2020-27085 RESERVED CVE-2020-27084 RESERVED CVE-2020-27083 RESERVED CVE-2020-27082 RESERVED CVE-2020-27081 RESERVED CVE-2020-27080 RESERVED CVE-2020-27079 RESERVED CVE-2020-27078 RESERVED CVE-2020-27077 RESERVED CVE-2020-27076 RESERVED CVE-2020-27075 RESERVED CVE-2020-27074 RESERVED CVE-2020-27073 RESERVED CVE-2020-27072 RESERVED CVE-2020-27071 RESERVED CVE-2020-27070 RESERVED CVE-2020-27069 RESERVED CVE-2020-27068 (In the nl80211_policy policy of nl80211.c, there is a possible out of ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/ea75080110a4c1fa011b0a73cb8f42227143ee3e CVE-2020-27067 (In the l2tp subsystem, there is a possible use after free due to a rac ...) - linux 4.15.4-1 [stretch] - linux 4.9.228-1 CVE-2020-27066 (In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possib ...) - linux 5.5.17-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01 CVE-2020-27065 RESERVED CVE-2020-27064 RESERVED CVE-2020-27063 RESERVED CVE-2020-27062 RESERVED CVE-2020-27061 RESERVED CVE-2020-27060 RESERVED CVE-2020-27059 (In onAuthenticated of AuthenticationClient.java, there is a possible t ...) NOT-FOR-US: Android CVE-2020-27058 RESERVED CVE-2020-27057 (In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, the ...) NOT-FOR-US: Android media framework CVE-2020-27056 (In SELinux policies of mls, there is a missing permission check. This ...) NOT-FOR-US: Android CVE-2020-27055 (In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigCon ...) NOT-FOR-US: Android CVE-2020-27054 (In onFactoryReset of BluetoothManagerService.java, there is a missing ...) NOT-FOR-US: Android CVE-2020-27053 (In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a p ...) NOT-FOR-US: Android CVE-2020-27052 (In getLockTaskLaunchMode of ActivityRecord.java, there is a possible w ...) NOT-FOR-US: Android CVE-2020-27051 (In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-27050 (In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-27049 (In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2020-27048 (In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds wr ...) NOT-FOR-US: Android CVE-2020-27047 (In ce_t4t_update_binary of ce_t4t.cc, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2020-27046 (In nfc_ncif_proc_ee_action of nfc_ncif.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2020-27045 (In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds wr ...) NOT-FOR-US: Android CVE-2020-27044 (In restartWrite of Parcel.cpp, there is a possible memory corruption d ...) NOT-FOR-US: Android CVE-2020-27043 (In nfc_enabled of nfc_main.cc, there is a possible out of bounds read ...) NOT-FOR-US: Android CVE-2020-27042 RESERVED CVE-2020-27041 (In showProvisioningNotification of ConnectivityService.java, there is ...) NOT-FOR-US: Android CVE-2020-27040 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-27039 (In postNotification of ServiceRecord.java, there is a possible permiss ...) NOT-FOR-US: Android CVE-2020-27038 (In process of C2SoftVorbisDec.cpp, there is a possible resource exhaus ...) NOT-FOR-US: Android media framework CVE-2020-27037 (In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-27036 (In phNxpNciHal_send_ext_cmd of phNxpNciHal_ext.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-27035 (In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible us ...) NOT-FOR-US: Android media framework CVE-2020-27034 (In createSimSelectNotification of SimSelectNotification.java, there is ...) NOT-FOR-US: Android CVE-2020-27033 (In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out o ...) NOT-FOR-US: Android CVE-2020-27032 (In getRadioAccessFamily of PhoneInterfaceManager.java, there is a poss ...) NOT-FOR-US: Android CVE-2020-27031 (In nfc_data_event of nfc_ncif.cc, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2020-27030 (In onCreate of HandleApiCalls.java, there is a possible permission byp ...) NOT-FOR-US: Android CVE-2020-27029 (In TextView of TextView.java, there is a possible app hang due to impr ...) NOT-FOR-US: Android CVE-2020-27028 (In filter_incoming_event of hci_layer.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2020-27027 (In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out o ...) NOT-FOR-US: Android CVE-2020-27026 (During boot, the device unlock interface behaves differently depending ...) NOT-FOR-US: Android CVE-2020-27025 (In EapFailureNotifier.java and SimRequiredNotifier.java, there is a po ...) NOT-FOR-US: Android CVE-2020-27024 (In smp_br_state_machine_event of smp_br_main.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2020-27023 (In setErrorPlaybackState of BluetoothMediaBrowserService.java, there i ...) NOT-FOR-US: Android CVE-2020-27022 RESERVED CVE-2020-27021 (In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2020-27020 (Password generator feature in Kaspersky Password Manager was not compl ...) NOT-FOR-US: Kaspersky Password Manager CVE-2020-27019 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) NOT-FOR-US: Trend Micro CVE-2020-27018 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) NOT-FOR-US: Trend Micro CVE-2020-27017 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) NOT-FOR-US: Trend Micro CVE-2020-27016 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...) NOT-FOR-US: Trend Micro CVE-2020-27015 (Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Messag ...) NOT-FOR-US: Trend Micro CVE-2020-27014 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a race conditio ...) NOT-FOR-US: Trend Micro CVE-2020-27013 (Trend Micro Antivirus for Mac 2020 (Consumer) contains a vulnerability ...) NOT-FOR-US: Trend Micro CVE-2020-27012 RESERVED CVE-2020-27011 RESERVED CVE-2020-27010 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...) NOT-FOR-US: Trend Micro CVE-2020-27009 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) CVE-2020-27008 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-27007 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-27006 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-27005 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-27004 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-27003 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-27002 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-27001 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-27000 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26999 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26998 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26997 (A vulnerability has been identified in Solid Edge SE2020 (All versions ...) NOT-FOR-US: Solid Edge (Siemens) CVE-2020-26996 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26995 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26994 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26993 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26992 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26991 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26990 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26989 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26988 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26987 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26986 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26985 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26984 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26983 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26982 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26981 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26980 (A vulnerability has been identified in JT2Go (All versions < V13.1. ...) NOT-FOR-US: JT2Go CVE-2020-26979 (When a user typed a URL in the address bar or the search bar and quick ...) - firefox 84.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26979 CVE-2020-26978 (Using techniques that built on the slipstream research, a malicious we ...) {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1} - firefox 84.0-1 - firefox-esr 78.6.0esr-1 - thunderbird 1:78.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26978 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26978 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26978 CVE-2020-26977 (By attempting to connect a website using an unresponsive port, an atta ...) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26977 CVE-2020-26976 (When a HTTPS pages was embedded in a HTTP page, and there was a servic ...) {DSA-4842-1 DSA-4840-1 DLA-2541-1 DLA-2539-1} - firefox 84.0-1 - firefox-esr 78.7.0esr-1 - thunderbird 1:78.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-04/#CVE-2020-26976 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26976 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-26976 CVE-2020-26975 (When a malicious application installed on the user's device broadcast ...) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26975 CVE-2020-26974 (When flex-basis was used on a table wrapper, a StyleGenericFlexBasis o ...) {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1} - firefox 84.0-1 - firefox-esr 78.6.0esr-1 - thunderbird 1:78.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26974 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26974 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26974 CVE-2020-26973 (Certain input to the CSS Sanitizer confused it, resulting in incorrect ...) {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1} - firefox 84.0-1 - firefox-esr 78.6.0esr-1 - thunderbird 1:78.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26973 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26973 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26973 CVE-2020-26972 (The lifecycle of IPC Actors allows managed actors to outlive their man ...) - firefox 84.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26972 CVE-2020-26971 (Certain blit values provided by the user were not properly constrained ...) {DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1} - firefox 84.0-1 - firefox-esr 78.6.0esr-1 - thunderbird 1:78.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-26971 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-26971 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-26971 CVE-2020-26970 (When reading SMTP server status codes, Thunderbird writes an integer v ...) {DSA-4802-1 DLA-2479-1} - thunderbird 1:78.5.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-53/#CVE-2020-26970 CVE-2020-26969 (Mozilla developers reported memory safety bugs present in Firefox 82. ...) - firefox 83.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26969 CVE-2020-26968 (Mozilla developers reported memory safety bugs present in Firefox 82 a ...) {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26968 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26968 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26968 CVE-2020-26967 (When listening for page changes with a Mutation Observer, a malicious ...) - firefox 83.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26967 CVE-2020-26966 (Searching for a single word from the address bar caused an mDNS reques ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26966 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26966 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26966 CVE-2020-26965 (Some websites have a feature "Show Password" where clicking a button w ...) {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26965 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26965 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26965 CVE-2020-26964 (If the Remote Debugging via USB feature was enabled in Firefox for And ...) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26964 CVE-2020-26963 (Repeated calls to the history and location interfaces could have been ...) - firefox 83.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26963 CVE-2020-26962 (Cross-origin iframes that contained a login form could have been recog ...) - firefox 83.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26962 CVE-2020-26961 (When DNS over HTTPS is in use, it intentionally filters RFC1918 and re ...) {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26961 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26961 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26961 CVE-2020-26960 (If the Compact() method was called on an nsTArray, the array could hav ...) {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26960 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26960 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26960 CVE-2020-26959 (During browser shutdown, reference decrementing could have occured on ...) {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26959 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26959 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26959 CVE-2020-26958 (Firefox did not block execution of scripts with incorrect MIME types w ...) {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26958 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26958 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26958 CVE-2020-26957 (OneCRL was non-functional in the new Firefox for Android due to a miss ...) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26957 CVE-2020-26956 (In some cases, removing HTML elements during sanitization would keep e ...) {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26956 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26956 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26956 CVE-2020-26955 (When a user downloaded a file in Firefox for Android, if a cookie is s ...) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26955 CVE-2020-26954 (When accepting a malicious intent from other installed apps, Firefox f ...) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26954 CVE-2020-26953 (It was possible to cause the browser to enter fullscreen mode without ...) {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26953 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26953 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26953 CVE-2020-26952 (Incorrect bookkeeping of functions inlined during JIT compilation coul ...) - firefox 83.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26952 CVE-2020-26951 (A parsing and event loading mismatch in Firefox's SVG code could have ...) {DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-26951 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-26951 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-26951 CVE-2020-26950 (In certain circumstances, the MCallGetProperty opcode can be emitted w ...) {DSA-4790-1 DSA-4788-1 DLA-2449-1 DLA-2448-1} - firefox 82.0.3-1 - firefox-esr 78.4.1esr-1 - thunderbird 1:78.4.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950 CVE-2020-26949 RESERVED CVE-2020-26948 (Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ...) NOT-FOR-US: Emby Server CVE-2020-26947 (monero-wallet-gui in Monero GUI before 0.17.1.0 includes the . directo ...) NOT-FOR-US: monero-wallet-gui CVE-2020-26946 RESERVED CVE-2020-26945 (MyBatis before 3.5.6 mishandles deserialization of object streams. ...) NOT-FOR-US: MyBatis CVE-2020-26944 (An issue was discovered in Aptean Product Configurator 4.61.0000 on Wi ...) NOT-FOR-US: Aptean CVE-2020-26943 (An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2. ...) NOT-FOR-US: blazar-dashboard CVE-2020-26942 RESERVED CVE-2020-26941 (A local (authenticated) low-privileged user can exploit a behavior in ...) NOT-FOR-US: IBM CVE-2020-26940 RESERVED CVE-2020-26939 (In Legion of the Bouncy Castle BC before 1.61 and BC-FJA before 1.0.1. ...) {DLA-2433-1} - bouncycastle 1.61-1 [buster] - bouncycastle (Minor issue) NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-26939 NOTE: https://github.com/bcgit/bc-java/commit/930f8b274c4f1f3a46e68b5441f1e7fadb57e8c1 (r1rv61) CVE-2020-26938 RESERVED CVE-2020-26937 RESERVED CVE-2020-26936 (Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF at ...) NOT-FOR-US: Cloudera Data Engineering (CDE) CVE-2020-26935 (An issue was discovered in SearchController in phpMyAdmin before 4.9.6 ...) {DLA-2413-1} - phpmyadmin 4:4.9.7+dfsg1-1 (bug #972000) NOTE: https://www.phpmyadmin.net/security/PMASA-2020-6/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d09ab9bc9d634ad08b866d42bb8c4109869d38d2 CVE-2020-26934 (phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the tr ...) {DLA-2413-1} - phpmyadmin 4:4.9.7+dfsg1-1 (bug #971999) NOTE: https://www.phpmyadmin.net/security/PMASA-2020-5/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/19df63b0365621427697edc185ff7c9c5707c523 CVE-2020-26933 (Trusted Computing Group (TCG) Trusted Platform Module Library Family 2 ...) NOT-FOR-US: Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification CVE-2020-26931 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2020-26930 (NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect conf ...) NOT-FOR-US: Netgear CVE-2020-26929 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-26928 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2020-26927 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2020-26926 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2020-26925 (NETGEAR GS808E devices before 1.7.1.0 are affected by denial of servic ...) NOT-FOR-US: Netgear CVE-2020-26924 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2020-26923 (Certain NETGEAR devices are affected by stored XSS. This affects WC750 ...) NOT-FOR-US: Netgear CVE-2020-26922 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-26921 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2020-26920 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2020-26919 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of acces ...) NOT-FOR-US: Netgear CVE-2020-26918 (Certain NETGEAR devices are affected by stored XSS. This affects EX700 ...) NOT-FOR-US: Netgear CVE-2020-26917 (Certain NETGEAR devices are affected by stored XSS. This affects EX700 ...) NOT-FOR-US: Netgear CVE-2020-26916 (Certain NETGEAR devices are affected by incorrect configuration of sec ...) NOT-FOR-US: Netgear CVE-2020-26915 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-26914 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-26913 (Certain NETGEAR devices are affected by a stack-based buffer overflow ...) NOT-FOR-US: Netgear CVE-2020-26912 (Certain NETGEAR devices are affected by CSRF. This affects D6200 befor ...) NOT-FOR-US: Netgear CVE-2020-26911 (Certain NETGEAR devices are affected by lack of access control at the ...) NOT-FOR-US: Netgear CVE-2020-26910 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-26909 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2020-26908 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2020-26907 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2020-26906 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: Netgear CVE-2020-26905 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: Netgear CVE-2020-26904 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: Netgear CVE-2020-26903 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: Netgear CVE-2020-26902 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2020-26901 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2020-26900 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: Netgear CVE-2020-26899 (Certain NETGEAR devices are affected by disclosure of sensitive inform ...) NOT-FOR-US: Netgear CVE-2020-26898 (NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect config ...) NOT-FOR-US: Netgear CVE-2020-26897 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: Netgear CVE-2020-26896 (Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerabili ...) - lnd (bug #886577) CVE-2020-26895 (Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accept ...) - lnd (bug #886577) CVE-2020-26894 (LiveCode v9.6.1 on Windows allows local, low-privileged users to gain ...) NOT-FOR-US: New Millennium CVE-2020-26893 (An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor c ...) NOT-FOR-US: ClamXAV CVE-2020-26892 (The JWT library in NATS nats-server before 2.1.9 has Incorrect Access ...) - golang-github-nats-io-jwt (bug #988950) [buster] - golang-github-nats-io-jwt (Minor issue) NOTE: https://advisories.nats.io/CVE/CVE-2020-26892.txt CVE-2020-26891 (AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS d ...) - matrix-synapse 1.21.1-1 NOTE: https://github.com/matrix-org/synapse/pull/8444 CVE-2020-26890 (Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Inf ...) - matrix-synapse 1.20.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-4mp3-385r-v63f CVE-2020-26889 RESERVED CVE-2020-26888 RESERVED CVE-2020-26887 (FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Reb ...) NOT-FOR-US: Fritz OS CVE-2020-26886 (Softaculous before 5.5.7 is affected by a code execution vulnerability ...) NOT-FOR-US: Softaculous CVE-2020-26885 (An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability ...) NOT-FOR-US: 2sxc CVE-2020-26884 (RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulner ...) NOT-FOR-US: RSA Archer CVE-2020-26883 (In Play Framework 2.6.0 through 2.8.2, stack consumption can occur bec ...) NOT-FOR-US: Play Framework CVE-2020-26882 (In Play Framework 2.6.0 through 2.8.2, data amplification can occur wh ...) NOT-FOR-US: Play Framework CVE-2020-26881 RESERVED CVE-2020-26880 (Sympa through 6.2.57b.2 allows a local privilege escalation from the s ...) - sympa (bug #972114) [bullseye] - sympa (Revisit when fixed upstream; most setups mitigated) [buster] - sympa (Revisit when fixed upstream; most setups mitigated) [stretch] - sympa (Mitigated, revisit when fixed upstream) NOTE: https://github.com/sympa-community/sympa/issues/1009 NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420 NOTE: https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235 NOTE: Mitigation: https://salsa.debian.org/sympa-team/sympa/-/commit/b904d5257beb135127f663ad8f6865c1b59efd50 NOTE: Mitigation present in 6.2.58~dfsg-2, 6.2.40~dfsg-1+deb10u1 and 6.2.16~dfsg-3+deb9u4 NOTE: uploads. CVE-2020-26879 (Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded ...) NOT-FOR-US: Ruckus CVE-2020-26878 (Ruckus through 1.5.1.0.21 is affected by remote command injection. An ...) NOT-FOR-US: Ruckus CVE-2020-26877 RESERVED CVE-2020-26876 (The wp-courses plugin through 2.0.27 for WordPress allows remote attac ...) NOT-FOR-US: Wordpress plugin CVE-2020-26875 RESERVED CVE-2020-26874 RESERVED CVE-2020-26873 RESERVED CVE-2020-26872 RESERVED CVE-2020-26871 RESERVED CVE-2020-26870 (Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs becaus ...) {DLA-2419-1} - dompurify.js NOTE: https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ NOTE: https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d CVE-2020-26869 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable to infor ...) NOT-FOR-US: PcVue CVE-2020-26868 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a den ...) NOT-FOR-US: PcVue CVE-2020-26867 (ARC Informatique PcVue prior to version 12.0.17 is vulnerable due to t ...) NOT-FOR-US: PcVue CVE-2020-26866 RESERVED CVE-2020-26865 RESERVED CVE-2020-26864 RESERVED CVE-2020-26863 RESERVED CVE-2020-26862 RESERVED CVE-2020-26861 RESERVED CVE-2020-26860 RESERVED CVE-2020-26859 RESERVED CVE-2020-26858 RESERVED CVE-2020-26857 RESERVED CVE-2020-26856 RESERVED CVE-2020-26855 RESERVED CVE-2020-26854 RESERVED CVE-2020-26853 RESERVED CVE-2020-26852 RESERVED CVE-2020-26851 RESERVED CVE-2020-26850 RESERVED CVE-2020-26849 RESERVED CVE-2020-26848 RESERVED CVE-2020-26847 RESERVED CVE-2020-26846 RESERVED CVE-2020-26845 RESERVED CVE-2020-26844 RESERVED CVE-2020-26843 RESERVED CVE-2020-26842 RESERVED CVE-2020-26841 RESERVED CVE-2020-26840 RESERVED CVE-2020-26839 RESERVED CVE-2020-26838 (SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, ...) NOT-FOR-US: SAP CVE-2020-26837 (SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, ...) NOT-FOR-US: SAP CVE-2020-26836 (SAP Solution Manager (Trace Analysis), version - 720, allows for misus ...) NOT-FOR-US: SAP CVE-2020-26835 (SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does ...) NOT-FOR-US: SAP CVE-2020-26834 (SAP HANA Database, version - 2.0, does not correctly validate the user ...) NOT-FOR-US: SAP CVE-2020-26833 RESERVED CVE-2020-26832 (SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 201 ...) NOT-FOR-US: SAP CVE-2020-26831 (SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, ...) NOT-FOR-US: SAP CVE-2020-26830 (SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, ...) NOT-FOR-US: SAP CVE-2020-26829 (SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7. ...) NOT-FOR-US: SAP CVE-2020-26828 (SAP Disclosure Management, version - 10.1, provides capabilities for a ...) NOT-FOR-US: SAP CVE-2020-26827 RESERVED CVE-2020-26826 (Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7. ...) NOT-FOR-US: SAP CVE-2020-26825 (SAP Fiori Launchpad (News tile Application), versions - 750,751,752,75 ...) NOT-FOR-US: SAP CVE-2020-26824 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...) NOT-FOR-US: SAP CVE-2020-26823 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...) NOT-FOR-US: SAP CVE-2020-26822 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...) NOT-FOR-US: SAP CVE-2020-26821 (SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthent ...) NOT-FOR-US: SAP CVE-2020-26820 (SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows ...) NOT-FOR-US: SAP CVE-2020-26819 (SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752 ...) NOT-FOR-US: SAP CVE-2020-26818 (SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752 ...) NOT-FOR-US: SAP CVE-2020-26817 (SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open m ...) NOT-FOR-US: SAP CVE-2020-26816 (SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, ...) NOT-FOR-US: SAP CVE-2020-26815 (SAP Fiori Launchpad (News tile Application), versions - 750,751,752,75 ...) NOT-FOR-US: SAP CVE-2020-26814 (SAP Process Integration (PGP Module - Business-to-Business Add On), ve ...) NOT-FOR-US: SAP CVE-2020-26813 RESERVED CVE-2020-26812 RESERVED CVE-2020-26811 (SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, ...) NOT-FOR-US: SAP CVE-2020-26810 (SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, ...) NOT-FOR-US: SAP CVE-2020-26809 (SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker ...) NOT-FOR-US: SAP CVE-2020-26808 (SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011 ...) NOT-FOR-US: SAP CVE-2020-26807 (SAP ERP Client for E-Bilanz, version - 1.0, installation sets Incorrec ...) NOT-FOR-US: SAP CVE-2020-26806 (admin/file.do in ObjectPlanet Opinio before 7.15 allows Unrestricted F ...) NOT-FOR-US: ObjectPlanet Opinio CVE-2020-26805 (In Sentrifugo 3.2, admin can edit employee's informations via this end ...) NOT-FOR-US: Sentrifugo CVE-2020-26804 (In Sentrifugo 3.2, users can share an announcement under "Organization ...) NOT-FOR-US: Sentrifugo CVE-2020-26803 (In Sentrifugo 3.2, users can upload an image under "Assets -> Add" ...) NOT-FOR-US: Sentrifugo CVE-2020-26802 (forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in ...) NOT-FOR-US: forma.lms CVE-2020-26801 (A stored cross-site scripting (XSS) vulnerability was discovered in /F ...) NOT-FOR-US: TrippLite CVE-2020-26800 (A stack overflow vulnerability in Aleth Ethereum C++ client version &l ...) NOT-FOR-US: Aleth Ethereum CVE-2020-26799 RESERVED CVE-2020-26798 RESERVED CVE-2020-26797 (Mediainfo before version 20.08 has a heap buffer overflow vulnerabilit ...) {DLA-2603-1} - libmediainfo 20.09+dfsg-2 (bug #985554) [buster] - libmediainfo (Minor issue) NOTE: https://sourceforge.net/p/mediainfo/bugs/1154/ NOTE: https://github.com/MediaArea/MediaInfoLib/commit/7bab1c3a043784be2c90f2e54a0e5a8d7263eead CVE-2020-26796 RESERVED CVE-2020-26795 RESERVED CVE-2020-26794 RESERVED CVE-2020-26793 RESERVED CVE-2020-26792 RESERVED CVE-2020-26791 RESERVED CVE-2020-26790 RESERVED CVE-2020-26789 RESERVED CVE-2020-26788 RESERVED CVE-2020-26787 RESERVED CVE-2020-26786 RESERVED CVE-2020-26785 RESERVED CVE-2020-26784 RESERVED CVE-2020-26783 RESERVED CVE-2020-26782 RESERVED CVE-2020-26781 RESERVED CVE-2020-26780 RESERVED CVE-2020-26779 RESERVED CVE-2020-26778 RESERVED CVE-2020-26777 RESERVED CVE-2020-26776 RESERVED CVE-2020-26775 RESERVED CVE-2020-26774 RESERVED CVE-2020-26773 (Restaurant Reservation System 1.0 suffers from an authenticated SQL in ...) NOT-FOR-US: Restaurant Reservation System CVE-2020-26772 (Command Injection in PPGo_Jobs v2.8.0 allows remote attackers to execu ...) NOT-FOR-US: PPGo_Jobs CVE-2020-26771 RESERVED CVE-2020-26770 RESERVED CVE-2020-26769 RESERVED CVE-2020-26768 (Formstone <=1.4.16 is vulnerable to a Reflected Cross-Site Scriptin ...) NOT-FOR-US: Formstone CVE-2020-26767 RESERVED CVE-2020-26766 (A Cross Site Request Forgery (CSRF) vulnerability exists in the logins ...) NOT-FOR-US: PHPGurukul User Registration & Login and User Management System CVE-2020-26765 RESERVED CVE-2020-26764 RESERVED CVE-2020-26763 (The Rocket.Chat desktop application 2.17.11 opens external links witho ...) NOT-FOR-US: Rocket.Chat desktop application CVE-2020-26762 (A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3. ...) NOT-FOR-US: Edimax IP-Camera CVE-2020-26761 RESERVED CVE-2020-26760 RESERVED CVE-2020-26759 (clickhouse-driver before 0.1.5 allows a malicious clickhouse server to ...) - python-clickhouse-driver 0.2.0-1 NOTE: https://github.com/mymarilyn/clickhouse-driver/commit/3e990547e064b8fca916b23a0f7d6fe8c63c7f6b NOTE: https://github.com/mymarilyn/clickhouse-driver/commit/d708ed548e1d6f254ba81a21de8ba543a53b5598 CVE-2020-26758 RESERVED CVE-2020-26757 RESERVED CVE-2020-26756 RESERVED CVE-2020-26755 RESERVED CVE-2020-26754 RESERVED CVE-2020-26753 RESERVED CVE-2020-26752 RESERVED CVE-2020-26751 RESERVED CVE-2020-26750 RESERVED CVE-2020-26749 RESERVED CVE-2020-26748 RESERVED CVE-2020-26747 RESERVED CVE-2020-26746 RESERVED CVE-2020-26745 RESERVED CVE-2020-26744 RESERVED CVE-2020-26743 RESERVED CVE-2020-26742 RESERVED CVE-2020-26741 RESERVED CVE-2020-26740 RESERVED CVE-2020-26739 RESERVED CVE-2020-26738 RESERVED CVE-2020-26737 RESERVED CVE-2020-26736 RESERVED CVE-2020-26735 RESERVED CVE-2020-26734 RESERVED CVE-2020-26733 (Cross Site Scripting (XSS) in Configuration page in SKYWORTH GN542VF H ...) NOT-FOR-US: SKYWORTH GN542VF Hardware CVE-2020-26732 (Skyworth GN542VF Boa version 0.94.13 does not set the Secure flag for ...) NOT-FOR-US: Skyworth GN542VF Boa CVE-2020-26731 RESERVED CVE-2020-26730 RESERVED CVE-2020-26729 RESERVED CVE-2020-26728 RESERVED CVE-2020-26727 RESERVED CVE-2020-26726 RESERVED CVE-2020-26725 RESERVED CVE-2020-26724 RESERVED CVE-2020-26723 RESERVED CVE-2020-26722 RESERVED CVE-2020-26721 RESERVED CVE-2020-26720 RESERVED CVE-2020-26719 RESERVED CVE-2020-26718 RESERVED CVE-2020-26717 RESERVED CVE-2020-26716 RESERVED CVE-2020-26715 RESERVED CVE-2020-26714 RESERVED CVE-2020-26713 (REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function wi ...) NOT-FOR-US: REDCap CVE-2020-26712 (REDCap 10.3.4 contains a SQL injection vulnerability in the ToDoList f ...) NOT-FOR-US: REDCap CVE-2020-26711 RESERVED CVE-2020-26710 RESERVED CVE-2020-26709 RESERVED CVE-2020-26708 RESERVED CVE-2020-26707 (An issue was discovered in the add function in Shenzhim AAPTJS 1.3.1 w ...) NOT-FOR-US: aaptjs CVE-2020-26706 RESERVED CVE-2020-26705 (The parseXML function in Easy-XML 0.5.0 was discovered to have a XML E ...) NOT-FOR-US: python-easy_xml CVE-2020-26704 RESERVED CVE-2020-26703 RESERVED CVE-2020-26702 RESERVED CVE-2020-26701 (Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa ...) NOT-FOR-US: Kaa IoT Platform CVE-2020-26700 RESERVED CVE-2020-26699 RESERVED CVE-2020-26698 RESERVED CVE-2020-26697 RESERVED CVE-2020-26696 RESERVED CVE-2020-26695 RESERVED CVE-2020-26694 RESERVED CVE-2020-26693 (A stored cross-site scripting (XSS) vulnerability was discovered in pf ...) NOT-FOR-US: pfSense CVE-2020-26692 RESERVED CVE-2020-26691 RESERVED CVE-2020-26690 RESERVED CVE-2020-26689 RESERVED CVE-2020-26688 RESERVED CVE-2020-26687 RESERVED CVE-2020-26686 RESERVED CVE-2020-26685 RESERVED CVE-2020-26684 RESERVED CVE-2020-26683 RESERVED CVE-2020-26682 (In libass 0.14.0, the `ass_outline_construct`'s call to `outline_strok ...) - libass 1:0.15.0-1 (bug #975108) [buster] - libass (Minor issue) [stretch] - libass (Vulnerable code not present) NOTE: https://github.com/libass/libass/issues/431 NOTE: https://github.com/libass/libass/pull/432 CVE-2020-26681 RESERVED CVE-2020-26680 (In vFairs 3.3, any user logged in to a vFairs virtual conference or ev ...) NOT-FOR-US: vFairs CVE-2020-26679 (vFairs 3.3 is affected by Insecure Permissions. Any user logged in to ...) NOT-FOR-US: vFairs CVE-2020-26678 (vFairs 3.3 is affected by Remote Code Execution. Any user logged in to ...) NOT-FOR-US: vFairs CVE-2020-26677 (Any user logged in to a vFairs 3.3 virtual conference or event can per ...) NOT-FOR-US: vFairs CVE-2020-26676 RESERVED CVE-2020-26675 RESERVED CVE-2020-26674 RESERVED CVE-2020-26673 RESERVED CVE-2020-26672 (Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site S ...) NOT-FOR-US: Testimonial Rotator Wordpress Plugin CVE-2020-26671 RESERVED CVE-2020-26670 (A vulnerability has been discovered in BigTree CMS 4.4.10 and earlier ...) NOT-FOR-US: BigTree CMS CVE-2020-26669 (A stored cross-site scripting (XSS) vulnerability was discovered in Bi ...) NOT-FOR-US: BigTree CMS CVE-2020-26668 (A SQL injection vulnerability was discovered in /core/feeds/custom.php ...) NOT-FOR-US: BigTree CMS CVE-2020-26667 RESERVED CVE-2020-26666 RESERVED CVE-2020-26665 RESERVED CVE-2020-26664 (A vulnerability in EbmlTypeDispatcher::send in VideoLAN VLC media play ...) {DSA-4834-1} - vlc 3.0.12-1 (low; bug #979676) [stretch] - vlc (Minor issue, wait for next LTS release) NOTE: https://code.videolan.org/videolan/vlc-3.0/-/commit/ec1f55ee9ace5cc675395a1bc9700d99679e7e8c (3.0.12) NOTE: https://gist.githubusercontent.com/henices/db11664dd45b9f322f8514d182aef5ea/raw/d56940c8bf211992bf4f3309a85bb2b69383e511/CVE-2020-26664.txt CVE-2020-26663 RESERVED CVE-2020-26662 RESERVED CVE-2020-26661 RESERVED CVE-2020-26660 RESERVED CVE-2020-26659 RESERVED CVE-2020-26658 RESERVED CVE-2020-26657 RESERVED CVE-2020-26656 RESERVED CVE-2020-26655 RESERVED CVE-2020-26654 RESERVED CVE-2020-26653 RESERVED CVE-2020-26652 RESERVED CVE-2020-26651 RESERVED CVE-2020-26650 (AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php ...) NOT-FOR-US: AtomXCMS CVE-2020-26649 (AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.ph ...) NOT-FOR-US: AtomXCMS CVE-2020-26648 RESERVED CVE-2020-26647 RESERVED CVE-2020-26646 RESERVED CVE-2020-26645 RESERVED CVE-2020-26644 RESERVED CVE-2020-26643 RESERVED CVE-2020-26642 (A cross-site scripting (XSS) vulnerability has been discovered in the ...) NOT-FOR-US: SeaCMS CVE-2020-26641 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in iC ...) NOT-FOR-US: iCMS CVE-2020-26640 RESERVED CVE-2020-26639 RESERVED CVE-2020-26638 RESERVED CVE-2020-26637 RESERVED CVE-2020-26636 RESERVED CVE-2020-26635 RESERVED CVE-2020-26634 RESERVED CVE-2020-26633 RESERVED CVE-2020-26632 RESERVED CVE-2020-26631 RESERVED CVE-2020-26630 RESERVED CVE-2020-26629 RESERVED CVE-2020-26628 RESERVED CVE-2020-26627 RESERVED CVE-2020-26626 RESERVED CVE-2020-26625 RESERVED CVE-2020-26624 RESERVED CVE-2020-26623 RESERVED CVE-2020-26622 RESERVED CVE-2020-26621 RESERVED CVE-2020-26620 RESERVED CVE-2020-26619 RESERVED CVE-2020-26618 RESERVED CVE-2020-26617 RESERVED CVE-2020-26616 RESERVED CVE-2020-26615 RESERVED CVE-2020-26614 RESERVED CVE-2020-26613 RESERVED CVE-2020-26612 RESERVED CVE-2020-26611 RESERVED CVE-2020-26610 RESERVED CVE-2020-26609 (fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) v ...) NOT-FOR-US: fastadmin CVE-2020-26608 RESERVED CVE-2020-26607 (An issue was discovered in TimaService on Samsung mobile devices with ...) NOT-FOR-US: Samsung mobile devices CVE-2020-26606 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-26605 (An issue was discovered on Samsung mobile devices with Q(10.0) and R(1 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-26604 (An issue was discovered in SystemUI on Samsung mobile devices with O(8 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-26603 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-26602 (An issue was discovered in EthernetNetwork on Samsung mobile devices w ...) NOT-FOR-US: Samsung mobile devices CVE-2020-26601 (An issue was discovered in DirEncryptService on Samsung mobile devices ...) NOT-FOR-US: Samsung mobile devices CVE-2020-26600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-26599 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-26598 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-26597 (An issue was discovered on LG mobile devices with Android OS 9.0 and 1 ...) NOT-FOR-US: LG mobile devices CVE-2020-26596 (The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for ...) NOT-FOR-US: Wordpress plugin CVE-2020-26595 RESERVED CVE-2020-26594 RESERVED CVE-2020-26593 RESERVED CVE-2020-26592 RESERVED CVE-2020-26591 RESERVED CVE-2020-26590 RESERVED CVE-2020-26589 RESERVED CVE-2020-26588 RESERVED CVE-2020-26587 RESERVED CVE-2020-26586 RESERVED CVE-2020-26585 RESERVED CVE-2020-26584 (An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. The ...) NOT-FOR-US: Sage CVE-2020-26583 (An issue was discovered in Sage DPW 2020_06_x before 2020_06_002. It a ...) NOT-FOR-US: Sage CVE-2020-26582 (D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users ...) NOT-FOR-US: D-Link CVE-2020-26581 RESERVED CVE-2020-26580 RESERVED CVE-2020-26579 RESERVED CVE-2020-26578 RESERVED CVE-2020-26577 RESERVED CVE-2020-26576 RESERVED CVE-2020-26575 (In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) di ...) {DLA-2547-1} - wireshark 3.2.8-0.1 (bug #974688) [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://gitlab.com/wireshark/wireshark/-/commit/3ff940652962c099b73ae3233322b8697b0d10ab NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16887 NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/467 NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/471 NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/472 NOTE: https://gitlab.com/wireshark/wireshark/-/merge_requests/473 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-14 CVE-2020-26574 (** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is a ...) NOT-FOR-US: Leostream CVE-2020-26573 RESERVED CVE-2020-26572 (The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a ...) {DLA-2832-1} - opensc 0.21.0-1 (bug #972035) [buster] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22967 NOTE: https://github.com/OpenSC/OpenSC/commit/9d294de90d1cc66956389856e60b6944b27b4817 (0.21.0-rc1) CVE-2020-26571 (The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 ...) {DLA-2832-1} - opensc 0.21.0-1 (bug #972036) [buster] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20612 NOTE: https://github.com/OpenSC/OpenSC/commit/ed55fcd2996930bf58b9bb57e9ba7b1f3a753c43 (0.21.0-rc1) CVE-2020-26570 (The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 ha ...) {DLA-2832-1} - opensc 0.21.0-1 (bug #972037) [buster] - opensc (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=24316 NOTE: https://github.com/OpenSC/OpenSC/commit/6903aebfddc466d966c7b865fae34572bf3ed23e (0.21.0-rc1) CVE-2020-26569 (In EVPN VxLAN setups in Arista EOS, specific malformed packets can lea ...) NOT-FOR-US: Arista CVE-2020-26568 RESERVED CVE-2020-26567 (An issue was discovered on D-Link DSR-250N before 3.17B devices. The C ...) NOT-FOR-US: D-Link CVE-2020-26566 (A Denial of Service condition in Motion-Project Motion 3.2 through 4.3 ...) - motion 4.3.2-1 (bug #972986) [buster] - motion (Vulnerable code introduced in 4.2) [stretch] - motion (Vulnerable code introduced in 4.2) NOTE: https://github.com/Motion-Project/motion/security/advisories/GHSA-6f7x-grw7-fw24 NOTE: https://github.com/Motion-Project/motion/issues/1227#issuecomment-715927776 NOTE: https://github.com/Motion-Project/motion/pull/1232 CVE-2020-26565 (ObjectPlanet Opinio before 7.14 allows Expression Language Injection v ...) NOT-FOR-US: ObjectPlanet Opinio CVE-2020-26564 (ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: mo ...) NOT-FOR-US: ObjectPlanet Opinio CVE-2020-26563 (ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/ad ...) NOT-FOR-US: ObjectPlanet Opinio CVE-2020-26562 RESERVED CVE-2020-26561 (** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_ ...) NOT-FOR-US: Belkin CVE-2020-26560 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0. ...) - linux NOTE: https://kb.cert.org/vuls/id/799380 NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-mesh/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959994 CVE-2020-26559 (Bluetooth Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0. ...) - linux NOTE: https://kb.cert.org/vuls/id/799380 NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/authvalue-leak/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960011 CVE-2020-26558 (Bluetooth LE and BR/EDR secure pairing in Bluetooth Core Specification ...) {DSA-4951-1 DLA-2692-1 DLA-2690-1 DLA-2689-1} - bluez 5.55-3.1 (bug #989614) - linux 5.10.40-1 [buster] - linux 4.19.194-1 NOTE: https://kb.cert.org/vuls/id/799380 NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/passkey-entry/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1918602 NOTE: https://git.kernel.org/linus/6d19628f539fccf899298ff02ee4c73e4bf6df3f NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00517.html NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=00da0fb4972cf59e1c075f313da81ea549cb8738 CVE-2020-26557 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...) - linux NOTE: https://kb.cert.org/vuls/id/799380 NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/predicatable-authvalue/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960009 CVE-2020-26556 (Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may perm ...) - linux NOTE: https://kb.cert.org/vuls/id/799380 NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/malleable/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1960012 CVE-2020-26555 (Bluetooth legacy BR/EDR PIN code pairing in Bluetooth Core Specificati ...) - linux NOTE: https://kb.cert.org/vuls/id/799380 NOTE: https://www.bluetooth.com/learn-about-bluetooth/key-attributes/bluetooth-security/impersonation-pin-pairing/ NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1918601 CVE-2020-26554 (REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML ...) NOT-FOR-US: REDDOXX MailDepot CVE-2020-26553 (An issue was discovered in Aviatrix Controller before R6.0.2483. Sever ...) NOT-FOR-US: Aviatrix CVE-2020-26552 (An issue was discovered in Aviatrix Controller before R6.0.2483. Multi ...) NOT-FOR-US: Aviatrix CVE-2020-26551 (An issue was discovered in Aviatrix Controller before R5.3.1151. Encry ...) NOT-FOR-US: Aviatrix CVE-2020-26550 (An issue was discovered in Aviatrix Controller before R5.3.1151. An en ...) NOT-FOR-US: Aviatrix CVE-2020-26549 (An issue was discovered in Aviatrix Controller before R5.4.1290. The h ...) NOT-FOR-US: Aviatrix CVE-2020-26548 (An issue was discovered in Aviatrix Controller before R5.4.1290. There ...) NOT-FOR-US: Aviatrix CVE-2020-26547 (Monal before 4.9 does not implement proper sender verification on MAM ...) NOT-FOR-US: Monal CVE-2020-26546 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in HelpDeskZ 1 ...) NOT-FOR-US: HelpDeskZ CVE-2020-26545 RESERVED CVE-2020-26544 RESERVED CVE-2020-26543 RESERVED CVE-2020-26542 (An issue was discovered in the MongoDB Simple LDAP plugin through 2020 ...) NOT-FOR-US: MongoDB plugin CVE-2020-26541 (The Linux kernel through 5.8.13 does not properly enforce the Secure B ...) - linux 5.14.6-1 [bullseye] - linux 5.10.70-1 [stretch] - linux (Secure Boot key import not supported) NOTE: https://lkml.org/lkml/2020/9/15/1871 CVE-2020-26540 (An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on m ...) NOT-FOR-US: Foxit Reader CVE-2020-26539 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Wh ...) NOT-FOR-US: Foxit Reader CVE-2020-26538 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It ...) NOT-FOR-US: Foxit Reader CVE-2020-26537 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In ...) NOT-FOR-US: Foxit Reader CVE-2020-26536 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Th ...) NOT-FOR-US: Foxit Reader CVE-2020-26535 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If ...) NOT-FOR-US: Foxit Reader CVE-2020-26534 (An issue was discovered in Foxit Reader and PhantomPDF before 10.1. Th ...) NOT-FOR-US: Foxit Reader CVE-2020-26533 RESERVED CVE-2020-26532 RESERVED CVE-2020-26531 RESERVED CVE-2020-26530 RESERVED CVE-2020-26529 RESERVED CVE-2020-26528 RESERVED CVE-2020-26527 (An issue was discovered in API/api/Version in Damstra Smart Asset 2020 ...) NOT-FOR-US: Damstra Smart Asset CVE-2020-26526 (An issue was discovered in Damstra Smart Asset 2020.7. It is possible ...) NOT-FOR-US: Damstra Smart Asset CVE-2020-26525 (Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset ori ...) NOT-FOR-US: Damstra Smart Asset CVE-2020-26524 (CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. ...) NOT-FOR-US: CodeLathe FileCloud CVE-2020-26523 (Froala Editor before 3.2.2 allows XSS via pasted content. ...) NOT-FOR-US: Froala Editor CVE-2020-26522 (A cross-site request forgery (CSRF) vulnerability in mod/user/act_user ...) NOT-FOR-US: Garfield Petshop CVE-2020-26521 (The JWT library in NATS nats-server before 2.1.9 allows a denial of se ...) - golang-github-nats-io-jwt (bug #988950) [buster] - golang-github-nats-io-jwt (Minor issue) NOTE: https://advisories.nats.io/CVE/CVE-2020-26521.txt CVE-2020-26520 RESERVED CVE-2020-26519 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write when pa ...) {DSA-4794-1 DLA-2589-1} - mupdf 1.17.0+ds1-1.1 (bug #971595) NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=af1e390a2c7abceb32676ec684cd1dbb92907ce8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702937 CVE-2020-26518 (Artica Pandora FMS before 743 allows unauthenticated attackers to cond ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-26517 (A cross-site scripting (XSS) issue was discovered in Intland codeBeame ...) NOT-FOR-US: intland codeBeamer CVE-2020-26516 (A CSRF issue was discovered in Intland codeBeamer ALM 10.x through 10. ...) NOT-FOR-US: intland codeBeamer CVE-2020-26515 (An insufficiently protected credentials issue was discovered in Intlan ...) NOT-FOR-US: intland codeBeamer CVE-2020-26514 RESERVED CVE-2020-26513 (An issue was discovered in Intland codeBeamer ALM 10.x through 10.1.SP ...) NOT-FOR-US: Intland codeBeamer ALM CVE-2020-26512 RESERVED CVE-2020-26511 (The wpo365-login plugin before v11.7 for WordPress allows use of a sym ...) NOT-FOR-US: wpo365-login plugin for WordPress CVE-2020-26510 (Airleader Master <= 6.21 devices have default credentials that can ...) NOT-FOR-US: Airleader Master CVE-2020-26509 (Airleader Master and Easy <= 6.21 devices have default credentials ...) NOT-FOR-US: Airleader Master and Easy CVE-2020-26508 (The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices all ...) NOT-FOR-US: Canon devices CVE-2020-26507 (A CSV Injection (also known as Formula Injection) vulnerability in the ...) NOT-FOR-US: Marmind web application CVE-2020-26506 (An Authorization Bypass vulnerability in the Marmind web application w ...) NOT-FOR-US: Marmind web application CVE-2020-26505 (A Stored Cross-Site Scripting (XSS) vulnerability in the “Marmin ...) NOT-FOR-US: Marmind web application CVE-2020-26504 RESERVED CVE-2020-26503 RESERVED CVE-2020-26502 RESERVED CVE-2020-26501 RESERVED CVE-2020-26500 RESERVED CVE-2020-26499 RESERVED CVE-2020-26498 RESERVED CVE-2020-26497 RESERVED CVE-2020-26496 RESERVED CVE-2020-26495 RESERVED CVE-2020-26494 RESERVED CVE-2020-26493 RESERVED CVE-2020-26492 RESERVED CVE-2020-26491 RESERVED CVE-2020-26490 RESERVED CVE-2020-26489 RESERVED CVE-2020-26488 RESERVED CVE-2020-26487 RESERVED CVE-2020-26486 RESERVED CVE-2020-26485 RESERVED CVE-2020-26484 RESERVED CVE-2020-26483 RESERVED CVE-2020-26482 RESERVED CVE-2020-26481 RESERVED CVE-2020-26480 RESERVED CVE-2020-26479 RESERVED CVE-2020-26478 RESERVED CVE-2020-26477 RESERVED CVE-2020-26476 RESERVED CVE-2020-26475 RESERVED CVE-2020-26474 RESERVED CVE-2020-26473 RESERVED CVE-2020-26472 RESERVED CVE-2020-26471 RESERVED CVE-2020-26470 RESERVED CVE-2020-26469 RESERVED CVE-2020-26468 RESERVED CVE-2020-26467 RESERVED CVE-2020-26466 RESERVED CVE-2020-26465 RESERVED CVE-2020-26464 RESERVED CVE-2020-26463 RESERVED CVE-2020-26462 RESERVED CVE-2020-26461 RESERVED CVE-2020-26460 RESERVED CVE-2020-26459 RESERVED CVE-2020-26458 RESERVED CVE-2020-26457 RESERVED CVE-2020-26456 RESERVED CVE-2020-26455 RESERVED CVE-2020-26454 RESERVED CVE-2020-26453 RESERVED CVE-2020-26452 RESERVED CVE-2020-26451 RESERVED CVE-2020-26450 RESERVED CVE-2020-26449 RESERVED CVE-2020-26448 RESERVED CVE-2020-26447 RESERVED CVE-2020-26446 RESERVED CVE-2020-26445 RESERVED CVE-2020-26444 RESERVED CVE-2020-26443 RESERVED CVE-2020-26442 RESERVED CVE-2020-26441 RESERVED CVE-2020-26440 RESERVED CVE-2020-26439 RESERVED CVE-2020-26438 RESERVED CVE-2020-26437 RESERVED CVE-2020-26436 RESERVED CVE-2020-26435 RESERVED CVE-2020-26434 RESERVED CVE-2020-26433 RESERVED CVE-2020-26432 RESERVED CVE-2020-26431 RESERVED CVE-2020-26430 RESERVED CVE-2020-26429 RESERVED CVE-2020-26428 RESERVED CVE-2020-26427 RESERVED CVE-2020-26426 RESERVED CVE-2020-26425 RESERVED CVE-2020-26424 RESERVED CVE-2020-26423 RESERVED CVE-2020-26422 (Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows d ...) - wireshark (Vulnerable code never present in a released version) NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17073 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-20.html CVE-2020-26421 (Crash in USB HID protocol dissector and possibly other dissectors in W ...) {DLA-2547-1} - wireshark 3.4.1-1 [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://gitlab.com/wireshark/wireshark/-/commit/d5f2657825e63e4126ebd7d13a59f3c6e8a9e4e1 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16958 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-17.html CVE-2020-26420 (Memory leak in RTPS protocol dissector in Wireshark 3.4.0 and 3.2.0 to ...) - wireshark 3.4.1-1 [buster] - wireshark (Vulnerable code was introduced in 3.2.0) [stretch] - wireshark (Vulnerable code was introduced in 3.2.0) NOTE: https://gitlab.com/wireshark/wireshark/-/commit/33e63d19e5496c151bad69f65cdbc7cba2b4c211 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16994 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-18.html CVE-2020-26419 (Memory leak in the dissection engine in Wireshark 3.4.0 allows denial ...) - wireshark 3.4.1-1 [buster] - wireshark (Vulnerable code was introduced in 3.4.0) [stretch] - wireshark (Vulnerable code was introduced in 3.4.0) NOTE: https://gitlab.com/wireshark/wireshark/-/commit/a9fc769d7bb4b491efb61c699d57c9f35269d871 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/17032 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-19.html CVE-2020-26418 (Memory leak in Kafka protocol dissector in Wireshark 3.4.0 and 3.2.0 t ...) {DLA-2547-1} - wireshark 3.4.1-1 [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://gitlab.com/wireshark/wireshark/-/commit/f4374967bbf9c12746b8ec3cd54dddada9dd353e NOTE: https://gitlab.com/wireshark/wireshark/-/commit/c7e6b798255e9d78d88abb84b951ca7815e0f880 NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16739 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-16.html CVE-2020-26417 (Information disclosure via GraphQL in GitLab CE/EE 13.1 and later expo ...) - gitlab 13.4.7-1 CVE-2020-26416 (Information disclosure in Advanced Search component of GitLab EE start ...) - gitlab (Specific to EE) CVE-2020-26415 (Information about the starred projects for private user profiles was e ...) - gitlab 13.4.7-1 CVE-2020-26414 (An issue has been discovered in GitLab affecting all versions starting ...) [experimental] - gitlab 13.5.6-1 - gitlab NOTE: https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/ CVE-2020-26413 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 13.4.7-1 CVE-2020-26412 (Removed group members were able to use the To-Do functionality to retr ...) - gitlab (Specific to EE) CVE-2020-26411 (A potential DOS vulnerability was discovered in all versions of Gitlab ...) - gitlab 13.4.7-1 NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ CVE-2020-26410 RESERVED CVE-2020-26409 (A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>= ...) - gitlab 13.4.7-1 NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ CVE-2020-26408 (A limited information disclosure vulnerability exists in Gitlab CE/EE ...) - gitlab 13.4.7-1 NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ CVE-2020-26407 (A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13 ...) - gitlab 13.4.7-1 NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ CVE-2020-26406 (Certain SAST CiConfiguration information could be viewed by unauthoriz ...) - gitlab (Specific to EE) CVE-2020-26405 (Path traversal vulnerability in package upload functionality in GitLab ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-26404 RESERVED CVE-2020-26403 RESERVED CVE-2020-26402 RESERVED CVE-2020-26401 RESERVED CVE-2020-26400 RESERVED CVE-2020-26399 RESERVED CVE-2020-26398 RESERVED CVE-2020-26397 RESERVED CVE-2020-26396 RESERVED CVE-2020-26395 RESERVED CVE-2020-26394 RESERVED CVE-2020-26393 RESERVED CVE-2020-26392 RESERVED CVE-2020-26391 RESERVED CVE-2020-26390 RESERVED CVE-2020-26389 RESERVED CVE-2020-26388 RESERVED CVE-2020-26387 RESERVED CVE-2020-26386 RESERVED CVE-2020-26385 RESERVED CVE-2020-26384 RESERVED CVE-2020-26383 RESERVED CVE-2020-26382 RESERVED CVE-2020-26381 RESERVED CVE-2020-26380 RESERVED CVE-2020-26379 RESERVED CVE-2020-26378 RESERVED CVE-2020-26377 RESERVED CVE-2020-26376 RESERVED CVE-2020-26375 RESERVED CVE-2020-26374 RESERVED CVE-2020-26373 RESERVED CVE-2020-26372 RESERVED CVE-2020-26371 RESERVED CVE-2020-26370 RESERVED CVE-2020-26369 RESERVED CVE-2020-26368 RESERVED CVE-2020-26367 RESERVED CVE-2020-26366 RESERVED CVE-2020-26365 RESERVED CVE-2020-26364 RESERVED CVE-2020-26363 RESERVED CVE-2020-26362 RESERVED CVE-2020-26361 RESERVED CVE-2020-26360 RESERVED CVE-2020-26359 RESERVED CVE-2020-26358 RESERVED CVE-2020-26357 RESERVED CVE-2020-26356 RESERVED CVE-2020-26355 RESERVED CVE-2020-26354 RESERVED CVE-2020-26353 RESERVED CVE-2020-26352 RESERVED CVE-2020-26351 RESERVED CVE-2020-26350 RESERVED CVE-2020-26349 RESERVED CVE-2020-26348 RESERVED CVE-2020-26347 RESERVED CVE-2020-26346 RESERVED CVE-2020-26345 RESERVED CVE-2020-26344 RESERVED CVE-2020-26343 RESERVED CVE-2020-26342 RESERVED CVE-2020-26341 RESERVED CVE-2020-26340 RESERVED CVE-2020-26339 RESERVED CVE-2020-26338 RESERVED CVE-2020-26337 RESERVED CVE-2020-26336 RESERVED CVE-2020-26335 RESERVED CVE-2020-26334 RESERVED CVE-2020-26333 RESERVED CVE-2020-26332 RESERVED CVE-2020-26331 RESERVED CVE-2020-26330 RESERVED CVE-2020-26329 RESERVED CVE-2020-26328 RESERVED CVE-2020-26327 RESERVED CVE-2020-26326 RESERVED CVE-2020-26325 RESERVED CVE-2020-26324 RESERVED CVE-2020-26323 RESERVED CVE-2020-26322 RESERVED CVE-2020-26321 RESERVED CVE-2020-26320 RESERVED CVE-2020-26319 RESERVED CVE-2020-26318 RESERVED CVE-2020-26317 RESERVED CVE-2020-26316 RESERVED CVE-2020-26315 RESERVED CVE-2020-26314 RESERVED CVE-2020-26313 RESERVED CVE-2020-26312 RESERVED CVE-2020-26311 RESERVED CVE-2020-26310 RESERVED CVE-2020-26309 RESERVED CVE-2020-26308 RESERVED CVE-2020-26307 RESERVED CVE-2020-26306 RESERVED CVE-2020-26305 RESERVED CVE-2020-26304 RESERVED CVE-2020-26303 RESERVED CVE-2020-26302 RESERVED CVE-2020-26301 (ssh2 is client and server modules written in pure JavaScript for node. ...) NOT-FOR-US: Node ssh2 CVE-2020-26300 (systeminformation is an npm package that provides system and OS inform ...) NOT-FOR-US: Node systeminformation CVE-2020-26299 (ftp-srv is an open-source FTP server designed to be simple yet configu ...) NOT-FOR-US: Node ftp-srv CVE-2020-26298 (Redcarpet is a Ruby library for Markdown processing. In Redcarpet befo ...) {DSA-4831-1 DLA-2526-1} - ruby-redcarpet 3.5.1-1 (bug #980057) NOTE: https://github.com/advisories/GHSA-q3wr-qw3g-3p4h NOTE: https://github.com/vmg/redcarpet/commit/a699c82292b17c8e6a62e1914d5eccc252272793 CVE-2020-26297 (mdBook is a utility to create modern online books from Markdown files ...) NOT-FOR-US: mdBook CVE-2020-26296 (Vega is a visualization grammar, a declarative format for creating, sa ...) - kibana (bug #700337) NOTE: https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915 CVE-2020-26295 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...) NOT-FOR-US: OpenMage CVE-2020-26294 (Vela is a Pipeline Automation (CI/CD) framework built on Linux contain ...) NOT-FOR-US: Vela CVE-2020-26293 (HtmlSanitizer is a .NET library for cleaning HTML fragments and docume ...) NOT-FOR-US: HtmlSanitizer CVE-2020-26292 (Creeper is an experimental dynamic, interpreted language. The binary r ...) NOT-FOR-US: Creeper CVE-2020-26291 (URI.js is a javascript URL mutation library (npm package urijs). In UR ...) NOT-FOR-US: Node urijs CVE-2020-26290 (Dex is a federated OpenID Connect provider written in Go. In Dex befor ...) NOT-FOR-US: Dex OIDC provider (differnet from src:dex) CVE-2020-26289 (date-and-time is an npm package for manipulating date and time. In dat ...) NOT-FOR-US: Node date-and-time (different from src:node-date-time) CVE-2020-26288 (Parse Server is an open source backend that can be deployed to any inf ...) NOT-FOR-US: Node parse-server CVE-2020-26287 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...) NOT-FOR-US: HedgeDoc CVE-2020-26286 (HedgeDoc is a collaborative platform for writing and sharing markdown. ...) NOT-FOR-US: HedgeDoc CVE-2020-26285 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...) NOT-FOR-US: OpenMage CVE-2020-26284 (Hugo is a fast and Flexible Static Site Generator built in Go. Hugo de ...) - hugo 0.79.1-1 (unimportant) NOTE: https://github.com/gohugoio/hugo/security/advisories/GHSA-8j34-9876-pvfq CVE-2020-26283 (go-ipfs is an open-source golang implementation of IPFS which is a glo ...) - ipfs (bug #779893) CVE-2020-26282 (BrowserUp Proxy allows you to manipulate HTTP requests and responses, ...) NOT-FOR-US: BrowserUp Proxy CVE-2020-26281 (async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). Ther ...) NOT-FOR-US: Rust async-h1 CVE-2020-26280 (OpenSlides is a free, Web-based presentation and assembly system for m ...) NOT-FOR-US: OpenSlides CVE-2020-26279 (go-ipfs is an open-source golang implementation of IPFS which is a glo ...) - ipfs (bug #779893) CVE-2020-26278 (Weave Net is open source software which creates a virtual network that ...) NOT-FOR-US: Weave Net CVE-2020-26277 (DBdeployer is a tool that deploys MySQL database servers easily. In DB ...) NOT-FOR-US: DBdeployer CVE-2020-26276 (Fleet is an open source osquery manager. In Fleet before version 3.5.1 ...) NOT-FOR-US: Fleet (osquery frontend) CVE-2020-26275 (The Jupyter Server provides the backend (i.e. the core services, APIs, ...) - jupyter-server 1.1.1-1 NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-9f66-54xg-pc2c CVE-2020-26274 (In systeminformation (npm package) before version 4.31.1 there is a co ...) NOT-FOR-US: Node systeminformation CVE-2020-26273 (osquery is a SQL powered operating system instrumentation, monitoring, ...) - osquery (bug #803502) CVE-2020-26272 (The Electron framework lets you write cross-platform desktop applicati ...) - electron (bug #842420) CVE-2020-26271 (In affected versions of TensorFlow under certain cases, loading a save ...) - tensorflow (bug #804612) CVE-2020-26270 (In affected versions of TensorFlow running an LSTM/GRU model where the ...) - tensorflow (bug #804612) CVE-2020-26269 (In TensorFlow release candidate versions 2.4.0rc*, the general impleme ...) - tensorflow (bug #804612) CVE-2020-26268 (In affected versions of TensorFlow the tf.raw_ops.ImmutableConst opera ...) - tensorflow (bug #804612) CVE-2020-26267 (In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute ...) - tensorflow (bug #804612) CVE-2020-26266 (In affected versions of TensorFlow under certain cases a saved model c ...) - tensorflow (bug #804612) CVE-2020-26265 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) - golang-github-go-ethereum (bug #890541) CVE-2020-26264 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) - golang-github-go-ethereum (bug #890541) CVE-2020-26263 (tlslite-ng is an open source python library that implements SSL and TL ...) - tlslite-ng [buster] - tlslite-ng (Minor issue) [stretch] - tlslite-ng (Timing attack issue; can be fixed in next DLA) NOTE: https://github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7 NOTE: https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368 NOTE: https://github.com/tlsfuzzer/tlslite-ng/pull/438 NOTE: https://github.com/tlsfuzzer/tlslite-ng/pull/439 CVE-2020-26262 (Coturn is free open source implementation of TURN and STUN Server. Cot ...) {DSA-4829-1 DLA-2522-1} - coturn 4.5.2-1 NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-6g6j-r9rf-cm7p NOTE: https://github.com/coturn/coturn/commit/ff5e5478a3e1b426bad053828099403cfc5c1f5f NOTE: https://github.com/coturn/coturn/commit/af50d63a152cd9505d38f02bc552848748805e7b NOTE: https://github.com/coturn/coturn/commit/6c774b9fb8d9d76576ece10a6429172ed3800466 NOTE: https://github.com/coturn/coturn/commit/560684c894498285f9e4271f3c924ebf01f36307 NOTE: https://github.com/coturn/coturn/commit/649cbf966181846ecdd7847e4543dd287a78d295 NOTE: https://github.com/coturn/coturn/commit/9c7deff4b8ed8c323c87b9ede75481bd6bc3154d NOTE: https://github.com/coturn/coturn/commit/dd0ffdb51a4cddaf1d6662079fa91f6f32bd26a8 NOTE: https://github.com/coturn/coturn/commit/d84028b6dbc9eb7d3f8828ec37ae02a0963257b6 CVE-2020-26261 (jupyterhub-systemdspawner enables JupyterHub to spawn single-user note ...) NOT-FOR-US: jupyterhub-systemdspawner for JupyterHub CVE-2020-26260 (BookStack is a platform for storing and organising information and doc ...) NOT-FOR-US: BookStack CVE-2020-26259 (XStream is a Java library to serialize objects to XML and back again. ...) {DSA-4828-1 DLA-2507-1} - libxstream-java 1.4.15-1 (bug #977624) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-jfvx-7wrx-43fh NOTE: https://x-stream.github.io/CVE-2020-26259.html CVE-2020-26258 (XStream is a Java library to serialize objects to XML and back again. ...) {DSA-4828-1 DLA-2507-1} - libxstream-java 1.4.15-1 (bug #977625) NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-4cch-wxpw-8p28 NOTE: https://x-stream.github.io/CVE-2020-26258.html CVE-2020-26257 (Matrix is an ecosystem for open federated Instant Messaging and VoIP. ...) - matrix-synapse 1.24.0-1 NOTE: https://github.com/matrix-org/synapse/security/advisories/GHSA-hxmp-pqch-c8mm NOTE: https://github.com/matrix-org/synapse/pull/8776 NOTE: https://github.com/matrix-org/synapse/commit/3ce2f303f15f6ac3dc352298972dc6e04d9b7a8b CVE-2020-26256 (Fast-csv is an npm package for parsing and formatting CSVs or any othe ...) NOT-FOR-US: Node fast-csv CVE-2020-26255 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.4.5, and ...) NOT-FOR-US: Kirby CMS CVE-2020-26254 (omniauth-apple is the OmniAuth strategy for "Sign In with Apple" (Ruby ...) NOT-FOR-US: omniauth-apple CVE-2020-26253 (Kirby is a CMS. In Kirby CMS (getkirby/cms) before version 3.3.6, and ...) NOT-FOR-US: Kirby CMS CVE-2020-26252 (OpenMage is a community-driven alternative to Magento CE. In OpenMage ...) NOT-FOR-US: OpenMage CVE-2020-26251 (Open Zaak is a modern, open-source data- and services-layer to enable ...) NOT-FOR-US: Open Zaak CVE-2020-26250 (OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthent ...) NOT-FOR-US: JupyterHub login mechanism CVE-2020-26249 (Red Discord Bot Dashboard is an easy-to-use interactive web dashboard ...) NOT-FOR-US: Red Discord Bot Dashboard CVE-2020-26248 (In the PrestaShop module "productcomments" before version 4.2.1, an at ...) NOT-FOR-US: PrestaShop module CVE-2020-26247 (Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers wit ...) {DLA-2678-1} - ruby-nokogiri 1.11.1+dfsg-1 (low; bug #978967) [buster] - ruby-nokogiri (Minor issue) NOTE: https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-vr8q-g5c7-m54m NOTE: https://github.com/sparklemotion/nokogiri/commit/9c87439d9afa14a365ff13e73adc809cb2c3d97b (v1.11.0.rc4) CVE-2020-26246 (Pimcore is an open source digital experience platform. In Pimcore befo ...) NOT-FOR-US: Pimcore CVE-2020-26245 (npm package systeminformation before version 4.30.5 is vulnerable to P ...) NOT-FOR-US: Node systeminformation CVE-2020-26244 (Python oic is a Python OpenID Connect implementation. In Python oic be ...) NOT-FOR-US: Python oic CVE-2020-26243 (Nanopb is a small code-size Protocol Buffers implementation. In Nanopb ...) - nanopb 0.4.4-1 (bug #975838) NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-85rr-4rh9-hhwh NOTE: https://github.com/nanopb/nanopb/commit/edf6dcbffee4d614ac0c2c1b258ab95185bdb6e9 (0.4.4) NOTE: https://github.com/nanopb/nanopb/issues/615 CVE-2020-26242 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) - golang-github-go-ethereum (bug #890541) CVE-2020-26241 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) - golang-github-go-ethereum (bug #890541) CVE-2020-26240 (Go Ethereum, or "Geth", is the official Golang implementation of the E ...) - golang-github-go-ethereum (bug #890541) CVE-2020-26239 (Scratch Addons is a WebExtension that supports both Chrome and Firefox ...) NOT-FOR-US: Scratch Addons CVE-2020-26238 (Cron-utils is a Java library to parse, validate, migrate crons as well ...) NOT-FOR-US: cron-utils Java library CVE-2020-26237 (Highlight.js is a syntax highlighter written in JavaScript. Highlight. ...) {DLA-2511-1} - highlight.js 9.18.1+dfsg1-3 (bug #976446) [buster] - highlight.js 9.12.0+dfsg1-4+deb10u1 NOTE: https://github.com/highlightjs/highlight.js/security/advisories/GHSA-vfrc-7r7c-w9mx NOTE: https://github.com/highlightjs/highlight.js/pull/2636 NOTE: https://github.com/highlightjs/highlight.js/commit/7241013ae011a585983e176ddc0489a7a52f6bb0 CVE-2020-26236 (In ScratchVerifier before commit a603769, an attacker can hijack the v ...) NOT-FOR-US: ScratchVerifier CVE-2020-26234 (Opencast before versions 8.9 and 7.9 disables HTTPS hostname verificat ...) NOT-FOR-US: Opencast CVE-2020-26233 (Git Credential Manager Core (GCM Core) is a secure Git credential help ...) NOT-FOR-US: Git Credential Manager CVE-2020-26232 (Jupyter Server before version 1.0.6 has an Open redirect vulnerability ...) - jupyter-server 1.0.7-1 NOTE: https://github.com/jupyter-server/jupyter_server/security/advisories/GHSA-grfj-wjv9-4f9v NOTE: https://github.com/jupyter-server/jupyter_server/commit/61ab548bf9186ab7323d8fa7bd0e12ae23555a28 (1.0.6) CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app for Spa ...) NOT-FOR-US: Radar COVID CVE-2020-26229 (TYPO3 is an open source PHP based web content management system. In TY ...) NOT-FOR-US: TYPO3 CVE-2020-26228 (TYPO3 is an open source PHP based web content management system. In TY ...) NOT-FOR-US: TYPO3 CVE-2020-26227 (TYPO3 is an open source PHP based web content management system. In TY ...) NOT-FOR-US: TYPO3 CVE-2020-26226 (In the npm package semantic-release before version 17.2.3, secrets tha ...) NOT-FOR-US: semantic-release nodejs module CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an attacker could ...) NOT-FOR-US: PrestaShop CVE-2020-26224 (In PrestaShop before version 1.7.6.9 an attacker is able to list all t ...) NOT-FOR-US: PrestaShop CVE-2020-26223 (Spree is a complete open source e-commerce solution built with Ruby on ...) NOT-FOR-US: Spree CVE-2020-26222 (Dependabot is a set of packages for automated dependency management fo ...) NOT-FOR-US: Dependabot CVE-2020-26221 (touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting ...) NOT-FOR-US: touchbase.ai CVE-2020-26220 (toucbase.ai before version 2.0 leaks information by not stripping exif ...) NOT-FOR-US: touchbase.ai CVE-2020-26219 (touchbase.ai before version 2.0 is vulnerable to Open Redirect. Impact ...) NOT-FOR-US: touchbase.ai CVE-2020-26218 (touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. ...) NOT-FOR-US: touchbase.ai CVE-2020-26217 (XStream before version 1.4.14 is vulnerable to Remote Code Execution.T ...) {DSA-4811-1 DLA-2471-1} - libxstream-java 1.4.14-1 NOTE: https://x-stream.github.io/CVE-2020-26217.html NOTE: https://github.com/x-stream/xstream/security/advisories/GHSA-mw36-7c6c-q4q2 NOTE: https://github.com/x-stream/xstream/commit/0fec095d534126931c99fd38e9c6d41f5c685c1a CVE-2020-26216 (TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 ...) NOT-FOR-US: TYPO3 Fluid CVE-2020-26215 (Jupyter Notebook before version 6.1.5 has an Open redirect vulnerabili ...) {DLA-2477-1} - jupyter-notebook 6.1.5-1 [buster] - jupyter-notebook (Minor issue) NOTE: https://github.com/jupyter/notebook/security/advisories/GHSA-c7vm-f5p4-8fqh NOTE: https://github.com/jupyter/notebook/commit/2e1c56b0c4a903606d4a2eb13e32409296b9799d CVE-2020-26214 (In Alerta before version 8.1.0, users may be able to bypass LDAP authe ...) NOT-FOR-US: Alerta CVE-2020-26213 (In teler before version 0.0.1, if you run teler inside a Docker contai ...) NOT-FOR-US: Alerta CVE-2020-26212 (GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Fr ...) - glpi CVE-2020-26211 (In BookStack before version 0.30.4, a user with permissions to edit a ...) NOT-FOR-US: BookStack app CVE-2020-26210 (In BookStack before version 0.30.4, a user with permissions to edit a ...) NOT-FOR-US: BookStack app CVE-2020-26209 RESERVED CVE-2020-26208 RESERVED CVE-2020-26207 (DatabaseSchemaViewer before version 2.7.4.3 is vulnerable to arbitrary ...) NOT-FOR-US: DatabaseSchemaViewer CVE-2020-26206 RESERVED CVE-2020-26205 (Sal is a multi-tenanted reporting dashboard for Munki with the ability ...) NOT-FOR-US: Sal CVE-2020-26204 RESERVED CVE-2020-26203 RESERVED CVE-2020-26202 RESERVED CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak pass ...) NOT-FOR-US: Askey CVE-2020-26200 (A component of Kaspersky custom boot loader allowed loading of untrust ...) NOT-FOR-US: Kaspersky products CVE-2020-26199 (Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 ...) NOT-FOR-US: EMC CVE-2020-26198 (Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a ...) NOT-FOR-US: EMC CVE-2020-26197 (Dell PowerScale OneFS 8.1.0 - 9.1.0 contains an LDAP Provider inabilit ...) NOT-FOR-US: Dell PowerScale OneFS CVE-2020-26196 (Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restor ...) NOT-FOR-US: EMC CVE-2020-26195 (Dell EMC PowerScale OneFS versions 8.1.2 – 9.1.0 contain an issu ...) NOT-FOR-US: EMC CVE-2020-26194 (Dell EMC PowerScale OneFS versions 8.1.2 and 8.2.2 contain an Incorrec ...) NOT-FOR-US: EMC CVE-2020-26193 (Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain an improper i ...) NOT-FOR-US: EMC CVE-2020-26192 (Dell EMC PowerScale OneFS versions 8.2.0 - 9.1.0 contain a privilege e ...) NOT-FOR-US: EMC CVE-2020-26191 (Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege e ...) NOT-FOR-US: EMC CVE-2020-26190 RESERVED CVE-2020-26189 RESERVED CVE-2020-26188 RESERVED CVE-2020-26187 RESERVED CVE-2020-26186 (Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS Ru ...) NOT-FOR-US: Dell Inspiron 5675 BIOS CVE-2020-26185 RESERVED CVE-2020-26184 RESERVED CVE-2020-26183 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper auth ...) NOT-FOR-US: EMC CVE-2020-26182 (Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect pri ...) NOT-FOR-US: EMC CVE-2020-26181 (Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale O ...) NOT-FOR-US: EMC CVE-2020-26180 (Dell EMC Isilon OneFS supported versions 8.1 and later and Dell EMC Po ...) NOT-FOR-US: EMC CVE-2020-26179 RESERVED CVE-2020-26178 (In tangro Business Workflow before 1.18.1, knowing an attachment ID, i ...) NOT-FOR-US: tangro Business Workflow CVE-2020-26177 (In tangro Business Workflow before 1.18.1, a user's profile contains s ...) NOT-FOR-US: tangro Business Workflow CVE-2020-26176 (An issue was discovered in tangro Business Workflow before 1.18.1. No ...) NOT-FOR-US: tangro Business Workflow CVE-2020-26175 (In tangro Business Workflow before 1.18.1, an attacker can manipulate ...) NOT-FOR-US: tangro Business Workflow CVE-2020-26174 (tangro Business Workflow before 1.18.1 requests a list of allowed file ...) NOT-FOR-US: tangro Business Workflow CVE-2020-26173 (An incorrect access control implementation in Tangro Business Workflow ...) NOT-FOR-US: tangro Business Workflow CVE-2020-26172 (Every login in tangro Business Workflow before 1.18.1 generates the sa ...) NOT-FOR-US: tangro Business Workflow CVE-2020-26171 (In tangro Business Workflow before 1.18.1, the documentId of attachmen ...) NOT-FOR-US: tangro Business Workflow CVE-2020-26170 RESERVED CVE-2020-26169 RESERVED CVE-2020-26168 (The LDAP authentication method in LdapLoginModule in Hazelcast IMDG En ...) NOT-FOR-US: Hazelcast CVE-2020-26167 (In FUEL CMS 11.4.12 and before, the page preview feature allows an ano ...) NOT-FOR-US: FUEL CMS CVE-2020-26166 (The file upload functionality in qdPM 9.1 doesn't check the file descr ...) NOT-FOR-US: qdPM CVE-2020-26165 (qdPM through 9.1 allows PHP Object Injection via timeReportActions::ex ...) NOT-FOR-US: qdPM CVE-2020-26164 (In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the ...) - kdeconnect 20.08.2-1 (bug #971736) [buster] - kdeconnect (Minor issue) [stretch] - kdeconnect (Minor issue) NOTE: https://kde.org/info/security/advisory-20201002-1.txt NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/f183b5447bad47655c21af87214579f03bf3a163 NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/b279c52101d3f7cc30a26086d58de0b5f1c547fa NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/d35b88c1b25fe13715f9170f18674d476ca9acdc NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/b496e66899e5bc9547b6537a7f44ab44dd0aaf38 NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/5310eae85dbdf92fba30375238a2481f2e34943e NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/721ba9faafb79aac73973410ee1dd3624ded97a5 NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/ae58b9dec49c809b85b5404cee17946116f8a706 NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/66c768aa9e7fba30b119c8b801efd49ed1270b0a NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/85b691e40f525e22ca5cc4ebe79c361d71d7dc05 NOTE: https://invent.kde.org/network/kdeconnect-kde/-/commit/48180b46552d40729a36b7431e97bbe2b5379306 NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/4 CVE-2020-26163 (BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Ori ...) NOT-FOR-US: BigBlueButton Greenlight CVE-2020-26162 (Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073 ...) NOT-FOR-US: Xerox CVE-2020-26161 (In Octopus Deploy through 2020.4.2, an attacker could redirect users t ...) NOT-FOR-US: Octopus Deploy CVE-2020-26160 (jwt-go before 4.0.0-preview1 allows attackers to bypass intended acces ...) - golang-github-dgrijalva-jwt-go 3.2.0-3 (bug #971556) [buster] - golang-github-dgrijalva-jwt-go (vulnerable code not present until version 3.0.0) [stretch] - golang-github-dgrijalva-jwt-go (vulnerable code not present until version 3.0.0) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMDGRIJALVAJWTGO-596515 NOTE: https://github.com/dgrijalva/jwt-go/issues/422 NOTE: https://github.com/dgrijalva/jwt-go/pull/286 CVE-2020-26159 REJECTED CVE-2020-26158 (Leanote Desktop through 2.6.2 allows XSS because a note's title is mis ...) NOT-FOR-US: Leanote Desktop CVE-2020-26157 (Leanote Desktop through 2.6.2 allows XSS because a note's title is mis ...) NOT-FOR-US: Leanote Desktop CVE-2020-26156 REJECTED CVE-2020-26155 (Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31 ...) NOT-FOR-US: Utimaco SecurityServer CVE-2020-26153 (A cross-site scripting (XSS) vulnerability in wp-content/plugins/event ...) NOT-FOR-US: Event Espresso Core plugin for WordPress CVE-2020-26152 RESERVED CVE-2020-26151 RESERVED CVE-2020-26150 (info.php in Logaritmo Aware CallManager 2012 allows remote attackers t ...) NOT-FOR-US: Logaritmo Aware CallManager 2012 CVE-2020-26149 (NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno ...) NOT-FOR-US: nats.js CVE-2020-26154 (url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when ...) {DSA-4800-1 DLA-2450-1} - libproxy 0.4.15-15 (bug #968366) NOTE: https://github.com/libproxy/libproxy/pull/126 NOTE: https://github.com/libproxy/libproxy/commit/4411b523545b22022b4be7d0cac25aa170ae1d3e CVE-2020-26148 (md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigge ...) - md4c 0.4.5-2 (bug #971396) NOTE: https://github.com/mity/md4c/issues/130 NOTE: https://github.com/mity/md4c/commit/22ca89a3008966c4316d6b0a158b1a49f9038df0 CVE-2020-26147 (An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.30c4394bb835.I5acfdb552cc1d20c339c262315950b3eac491397@changeid/ CVE-2020-26146 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The ...) NOT-FOR-US: Samsung CVE-2020-26145 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The ...) - linux 5.10.46-1 NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.5a0bd289bda8.Idd6ebea20038fb1cfee6de924aa595e5647c9eae@changeid/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.9ca6ca7945a9.I1e18b514590af17c155bda86699bc3a971a8dcf4@changeid/ CVE-2020-26144 (An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The ...) NOT-FOR-US: Samsung CVE-2020-26143 (An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for ...) - linux NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ CVE-2020-26142 (An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WP ...) - linux NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ CVE-2020-26141 (An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for ...) - linux 5.10.46-1 NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.c3f1d42c6746.I795593fcaae941c471425b8c7d5f7bb185d29142@changeid/ CVE-2020-26140 (An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for ...) - linux NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ CVE-2020-26139 (An issue was discovered in the kernel in NetBSD 7.1. An Access Point ( ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.cb327ed0cabe.Ib7dcffa2a31f0913d660de65ba3c8aca75b1d10f@changeid/ CVE-2020-26138 (In SilverStripe through 4.6.0-rc1, a FormField with square brackets in ...) NOT-FOR-US: SilverStripe CVE-2020-26137 (urllib3 before 1.25.9 allows CRLF injection if the attacker controls t ...) {DLA-2686-1} - python-urllib3 1.25.9-1 [buster] - python-urllib3 (Minor issue) NOTE: https://bugs.python.org/issue39603 NOTE: https://github.com/urllib3/urllib3/commit/1dd69c5c5982fae7c87a620d487c2ebf7a6b436b (1.25.9) NOTE: https://github.com/urllib3/urllib3/pull/1800 CVE-2020-26136 (In SilverStripe through 4.6.0-rc1, GraphQL doesn't honour MFA (multi-f ...) NOT-FOR-US: Silverstripe CMS CVE-2020-26135 (Live Helper Chat before 3.44v allows reflected XSS via the setsettinga ...) NOT-FOR-US: Live Helper Chat CVE-2020-26134 (Live Helper Chat before 3.44v allows stored XSS in chat messages with ...) NOT-FOR-US: Live Helper Chat CVE-2020-26133 (An issue was discovered in Dual DHCP DNS Server 7.40. Due to insuffici ...) NOT-FOR-US: Dual DHCP DNS Server CVE-2020-26132 (An issue was discovered in Home DNS Server 0.10. Due to insufficient a ...) NOT-FOR-US: Home DNS Server CVE-2020-26131 (Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHC ...) NOT-FOR-US: Open DHCP Server CVE-2020-26130 (Issues were discovered in Open TFTP Server multithreaded 1.66 and Open ...) NOT-FOR-US: Open TFTP Server CVE-2020-26129 (In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible. ...) NOT-FOR-US: JetBrains CVE-2020-26128 RESERVED CVE-2020-26127 RESERVED CVE-2020-26126 RESERVED CVE-2020-26125 RESERVED CVE-2020-26124 (openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticate ...) NOT-FOR-US: openmediavault CVE-2020-26123 RESERVED CVE-2020-26122 (Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remot ...) NOT-FOR-US: Inspur NF5266M5 CVE-2020-26121 (An issue was discovered in the FileImporter extension for MediaWiki be ...) NOT-FOR-US: FileImporter MediaWiki extension CVE-2020-26120 (XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 ...) NOT-FOR-US: MobileFrontend MediaWiki extension CVE-2020-26119 RESERVED CVE-2020-26118 (In SmartBear Collaborator Server through 13.3.13302, use of the Google ...) NOT-FOR-US: SmartBear Collaborator Server CVE-2020-26117 (In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1 ...) {DLA-2396-1} - tigervnc 1.10.1+dfsg-9 (bug #971272) [buster] - tigervnc 1.9.0+dfsg-3+deb10u3 NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1176733 NOTE: https://github.com/TigerVNC/tigervnc/commit/20dea801e747318525a5859fe4f37c52b05310cb (v1.11.0) NOTE: https://github.com/TigerVNC/tigervnc/commit/7399eab79a4365434d26494fa1628ce1eb91562b (v1.11.0) NOTE: https://github.com/TigerVNC/tigervnc/commit/b30f10c681ec87720cff85d490f67098568a9cba (master) NOTE: https://github.com/TigerVNC/tigervnc/commit/f029745f63ac7d22fb91639b2cb5b3ab56134d6e (master) CVE-2020-26116 (http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x be ...) {DLA-2456-1} - python3.9 3.9.0~b5-1 - python3.8 3.8.5-1 - python3.7 [buster] - python3.7 3.7.3-2+deb10u3 - python3.5 NOTE: https://bugs.python.org/issue39603 NOTE: https://python-security.readthedocs.io/vuln/http-header-injection-method.html NOTE: https://github.com/python/cpython/commit/8ca8a2e8fb068863c1138f07e3098478ef8be12e (master) NOTE: https://github.com/python/cpython/commit/27b811057ff5e93b68798e278c88358123efdc71 (v3.9.0b5) NOTE: https://github.com/python/cpython/commit/668d321476d974c4f51476b33aaca870272523bf (v3.8.5) NOTE: https://github.com/python/cpython/commit/ca75fec1ed358f7324272608ca952b2d8226d11a (v3.7.9) NOTE: https://github.com/python/cpython/commit/f02de961b9f19a5db0ead56305fe0057a78787ae (v3.6.12) NOTE: https://github.com/python/cpython/commit/524b8de630036a29ca340bc2ae6fd6dc7dda8f40 (v3.5.10) CVE-2020-26115 (cPanel before 90.0.10 allows self XSS via the Cron Editor interface (S ...) NOT-FOR-US: cPanel CVE-2020-26114 (cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC ...) NOT-FOR-US: cPanel CVE-2020-26113 (cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interf ...) NOT-FOR-US: cPanel CVE-2020-26112 (The email quota cache in cPanel before 90.0.10 allows overwriting of f ...) NOT-FOR-US: cPanel CVE-2020-26111 (cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interf ...) NOT-FOR-US: cPanel CVE-2020-26110 (cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC inte ...) NOT-FOR-US: cPanel CVE-2020-26109 (cPanel before 88.0.13 allows bypass of a protection mechanism that att ...) NOT-FOR-US: cPanel CVE-2020-26108 (cPanel before 88.0.13 mishandles file-extension dispatching, leading t ...) NOT-FOR-US: cPanel CVE-2020-26107 (cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDN ...) NOT-FOR-US: cPanel CVE-2020-26106 (cPanel before 88.0.3 has weak permissions (world readable) for the pro ...) NOT-FOR-US: cPanel CVE-2020-26105 (In cPanel before 88.0.3, insecure chkservd test credentials are used o ...) NOT-FOR-US: cPanel CVE-2020-26104 (In cPanel before 88.0.3, an insecure SRS secret is used on a templated ...) NOT-FOR-US: cPanel CVE-2020-26103 (In cPanel before 88.0.3, an insecure site password is used for Mailman ...) NOT-FOR-US: cPanel CVE-2020-26102 (In cPanel before 88.0.3, an insecure auth policy API key is used by Do ...) NOT-FOR-US: cPanel CVE-2020-26101 (In cPanel before 88.0.3, insecure RNDC credentials are used for BIND o ...) NOT-FOR-US: cPanel CVE-2020-26100 (chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). ...) NOT-FOR-US: cPanel CVE-2020-26099 (cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting p ...) NOT-FOR-US: cPanel CVE-2020-26098 (cPanel before 88.0.3 mishandles the Exim filter path, leading to remot ...) NOT-FOR-US: cPanel CVE-2020-26097 (** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology ...) NOT-FOR-US: PLANET Technology Corp NVR-915 and NVR-1615 CVE-2020-26096 RESERVED CVE-2020-26095 RESERVED CVE-2020-26094 RESERVED CVE-2020-26093 RESERVED CVE-2020-26092 RESERVED CVE-2020-26091 RESERVED CVE-2020-26090 RESERVED CVE-2020-26089 RESERVED CVE-2020-26087 RESERVED CVE-2020-26086 (A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence ...) NOT-FOR-US: Cisco CVE-2020-26085 (Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS ...) NOT-FOR-US: Cisco CVE-2020-26084 (A vulnerability in the REST API of Cisco Edge Fog Fabric could allow a ...) NOT-FOR-US: Cisco CVE-2020-26083 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-26082 RESERVED CVE-2020-26081 (Multiple vulnerabilities in the web UI of Cisco IoT Field Network Dire ...) NOT-FOR-US: Cisco CVE-2020-26080 (A vulnerability in the user management functionality of Cisco IoT Fiel ...) NOT-FOR-US: Cisco CVE-2020-26079 (A vulnerability in the web UI of Cisco IoT Field Network Director (FND ...) NOT-FOR-US: Cisco CVE-2020-26078 (A vulnerability in the file system of Cisco IoT Field Network Director ...) NOT-FOR-US: Cisco CVE-2020-26077 (A vulnerability in the access control functionality of Cisco IoT Field ...) NOT-FOR-US: Cisco CVE-2020-26076 (A vulnerability in Cisco IoT Field Network Director (FND) could allow ...) NOT-FOR-US: Cisco CVE-2020-26075 (A vulnerability in the REST API of Cisco IoT Field Network Director (F ...) NOT-FOR-US: Cisco CVE-2020-26074 RESERVED CVE-2020-26073 RESERVED CVE-2020-26072 (A vulnerability in the SOAP API of Cisco IoT Field Network Director (F ...) NOT-FOR-US: Cisco CVE-2020-26071 RESERVED CVE-2020-26070 (A vulnerability in the ingress packet processing function of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-26069 RESERVED CVE-2020-26068 (A vulnerability in the xAPI service of Cisco Telepresence CE Software ...) NOT-FOR-US: Cisco CVE-2020-26067 RESERVED CVE-2020-26066 RESERVED CVE-2020-26065 RESERVED CVE-2020-26064 RESERVED CVE-2020-26063 RESERVED CVE-2020-26062 RESERVED CVE-2020-26088 (A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock. ...) {DLA-2420-1 DLA-2385-1} - linux 5.7.17-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/26896f01467a28651f7a536143fe5ac8449d4041 CVE-2020-26061 (ClickStudios Passwordstate Password Reset Portal prior to build 8501 i ...) NOT-FOR-US: ClickStudios Passwordstate Password Reset Portal CVE-2020-26060 RESERVED CVE-2020-26059 RESERVED CVE-2020-26058 RESERVED CVE-2020-26057 RESERVED CVE-2020-26056 RESERVED CVE-2020-26055 RESERVED CVE-2020-26054 RESERVED CVE-2020-26053 REJECTED CVE-2020-26052 (Online Marriage Registration System 1.0 is affected by stored cross-si ...) NOT-FOR-US: Online Marriage Registration System CVE-2020-26051 (College Management System Php 1.0 suffers from SQL injection vulnerabi ...) NOT-FOR-US: College Management System Php CVE-2020-26050 (SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local pr ...) NOT-FOR-US: SaferVPN for Windows CVE-2020-26049 (Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is r ...) NOT-FOR-US: Nifty-PM CPE CVE-2020-26048 (The file manager option in CuppaCMS before 2019-11-12 allows an authen ...) NOT-FOR-US: CuppaCMS CVE-2020-26047 RESERVED CVE-2020-26046 (FUEL CMS 1.4.11 has stored XSS in Blocks/Navigation/Site variables. Th ...) NOT-FOR-US: FUEL CMS CVE-2020-26045 (FUEL CMS 1.4.11 allows SQL Injection via parameter 'name' in /fuel/per ...) NOT-FOR-US: FUEL CMS CVE-2020-26044 RESERVED CVE-2020-26043 (An issue was discovered in Hoosk CMS v1.8.0. There is a XSS vulnerabil ...) NOT-FOR-US: Hoosk CMS CVE-2020-26042 (An issue was discovered in Hoosk CMS v1.8.0. There is a SQL injection ...) NOT-FOR-US: Hoosk CMS CVE-2020-26041 (An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code E ...) NOT-FOR-US: Hoosk CMS CVE-2020-26040 RESERVED CVE-2020-26039 RESERVED CVE-2020-26038 RESERVED CVE-2020-26037 RESERVED CVE-2020-26036 RESERVED CVE-2020-26035 (An issue was discovered in Zammad before 3.4.1. There is Stored XSS vi ...) - zammad (bug #841355) CVE-2020-26034 (An account-enumeration issue was discovered in Zammad before 3.4.1. Th ...) - zammad (bug #841355) CVE-2020-26033 (An issue was discovered in Zammad before 3.4.1. The Tag and Link REST ...) - zammad (bug #841355) CVE-2020-26032 (An SSRF issue was discovered in Zammad before 3.4.1. The SMS configura ...) - zammad (bug #841355) CVE-2020-26031 (An issue was discovered in Zammad before 3.4.1. The global-search feat ...) - zammad (bug #841355) CVE-2020-26030 (An issue was discovered in Zammad before 3.4.1. There is an authentica ...) - zammad (bug #841355) CVE-2020-26029 (An issue was discovered in Zammad before 3.4.1. There are wrong author ...) - zammad (bug #841355) CVE-2020-26028 (An issue was discovered in Zammad before 3.4.1. Admin Users without a ...) - zammad (bug #841355) CVE-2020-26027 RESERVED CVE-2020-26026 RESERVED CVE-2020-26025 RESERVED CVE-2020-26024 RESERVED CVE-2020-26023 RESERVED CVE-2020-26022 RESERVED CVE-2020-26021 RESERVED CVE-2020-26020 RESERVED CVE-2020-26019 RESERVED CVE-2020-26018 RESERVED CVE-2020-26017 RESERVED CVE-2020-26016 RESERVED CVE-2020-26015 RESERVED CVE-2020-26014 RESERVED CVE-2020-26013 RESERVED CVE-2020-26012 RESERVED CVE-2020-26011 RESERVED CVE-2020-26010 RESERVED CVE-2020-26009 RESERVED CVE-2020-26008 RESERVED CVE-2020-26007 RESERVED CVE-2020-26006 (Project Worlds Online Examination System 1.0 is affected by Cross Site ...) NOT-FOR-US: Project Worlds Online Examination System CVE-2020-26005 RESERVED CVE-2020-26004 RESERVED CVE-2020-26003 RESERVED CVE-2020-26002 RESERVED CVE-2020-26001 RESERVED CVE-2020-26000 RESERVED CVE-2020-25999 RESERVED CVE-2020-25998 RESERVED CVE-2020-25997 RESERVED CVE-2020-25996 RESERVED CVE-2020-25995 RESERVED CVE-2020-25994 RESERVED CVE-2020-25993 RESERVED CVE-2020-25992 RESERVED CVE-2020-25991 RESERVED CVE-2020-25990 (WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' ...) NOT-FOR-US: WebsiteBaker CVE-2020-25989 (Privilege escalation via arbitrary file write in pritunl electron clie ...) NOT-FOR-US: pritunl-client CVE-2020-25988 (UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2 ...) NOT-FOR-US: Genexis Platinum 4410 Router CVE-2020-25987 (MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in ...) NOT-FOR-US: MonoCMS Blog CVE-2020-25986 (A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 ...) NOT-FOR-US: MonoCMS Blog CVE-2020-25985 (MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenti ...) NOT-FOR-US: MonoCMS Blog CVE-2020-25984 RESERVED CVE-2020-25983 RESERVED CVE-2020-25982 RESERVED CVE-2020-25981 RESERVED CVE-2020-25980 RESERVED CVE-2020-25979 RESERVED CVE-2020-25978 RESERVED CVE-2020-25977 RESERVED CVE-2020-25976 RESERVED CVE-2020-25975 RESERVED CVE-2020-25974 RESERVED CVE-2020-25973 RESERVED CVE-2020-25972 RESERVED CVE-2020-25971 RESERVED CVE-2020-25970 RESERVED CVE-2020-25969 RESERVED CVE-2020-25968 RESERVED CVE-2020-25967 (The member center function in fastadmin V1.0.0.20200506_beta is vulner ...) NOT-FOR-US: fastadmin CVE-2020-25966 (** DISPUTED ** Sectona Spectra before 3.4.0 has a vulnerable SOAP API ...) NOT-FOR-US: Sectona Spectra CVE-2020-25965 RESERVED CVE-2020-25964 RESERVED CVE-2020-25963 RESERVED CVE-2020-25962 RESERVED CVE-2020-25961 RESERVED CVE-2020-25960 RESERVED CVE-2020-25959 RESERVED CVE-2020-25958 RESERVED CVE-2020-25957 RESERVED CVE-2020-25956 RESERVED CVE-2020-25955 (SourceCodester Student Management System Project in PHP version 1.0 is ...) NOT-FOR-US: SourceCodester Student Management System Project CVE-2020-25954 RESERVED CVE-2020-25953 RESERVED CVE-2020-25952 (SQL injection vulnerability in PHPGurukul User Registration & Logi ...) NOT-FOR-US: PHPGurukul CVE-2020-25951 RESERVED CVE-2020-25950 (Advanced Webhost Billing System 3.7.0 is affected by Cross Site Reques ...) NOT-FOR-US: Advanced Webhost Billing System CVE-2020-25949 RESERVED CVE-2020-25948 RESERVED CVE-2020-25947 RESERVED CVE-2020-25946 RESERVED CVE-2020-25945 RESERVED CVE-2020-25944 RESERVED CVE-2020-25943 RESERVED CVE-2020-25942 RESERVED CVE-2020-25941 RESERVED CVE-2020-25940 RESERVED CVE-2020-25939 RESERVED CVE-2020-25938 RESERVED CVE-2020-25937 RESERVED CVE-2020-25936 RESERVED CVE-2020-25935 RESERVED CVE-2020-25934 RESERVED CVE-2020-25933 RESERVED CVE-2020-25932 RESERVED CVE-2020-25931 RESERVED CVE-2020-25930 RESERVED CVE-2020-25929 RESERVED CVE-2020-25928 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: ...) NOT-FOR-US: InterNiche NicheStack TCP/IP CVE-2020-25927 (The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: ...) NOT-FOR-US: InterNiche NicheStack TCP/IP CVE-2020-25926 (The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: I ...) NOT-FOR-US: InterNiche NicheStack TCP/IP CVE-2020-25925 (Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10 ...) NOT-FOR-US: IceWarp CVE-2020-25924 RESERVED CVE-2020-25923 RESERVED CVE-2020-25922 RESERVED CVE-2020-25921 RESERVED CVE-2020-25920 RESERVED CVE-2020-25919 RESERVED CVE-2020-25918 RESERVED CVE-2020-25917 (Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Acce ...) NOT-FOR-US: Stratodesk NoTouch Center CVE-2020-25916 RESERVED CVE-2020-25915 RESERVED CVE-2020-25914 RESERVED CVE-2020-25913 RESERVED CVE-2020-25912 (A XML External Entity (XXE) vulnerability was discovered in symphony\l ...) NOT-FOR-US: Symphony CMS CVE-2020-25911 (A XML External Entity (XXE) vulnerability was discovered in the modRes ...) NOT-FOR-US: MODX CMS CVE-2020-25910 RESERVED CVE-2020-25909 RESERVED CVE-2020-25908 RESERVED CVE-2020-25907 RESERVED CVE-2020-25906 RESERVED CVE-2020-25905 RESERVED CVE-2020-25904 RESERVED CVE-2020-25903 RESERVED CVE-2020-25902 (** DISPUTED ** Blackboard Collaborate Ultra 20.02 is affected by a cro ...) NOT-FOR-US: Blackboard Collaborate Ultra CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to r ...) NOT-FOR-US: Spiceworks CVE-2020-25900 RESERVED CVE-2020-25899 RESERVED CVE-2020-25898 RESERVED CVE-2020-25897 RESERVED CVE-2020-25896 RESERVED CVE-2020-25895 RESERVED CVE-2020-25894 RESERVED CVE-2020-25893 RESERVED CVE-2020-25892 RESERVED CVE-2020-25891 RESERVED CVE-2020-25890 (The web application of Kyocera printer (ECOSYS M2640IDW) is affected b ...) NOT-FOR-US: Kyocera printer CVE-2020-25889 (Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL ...) NOT-FOR-US: Online Bus Booking System Project Using PHP/MySQL CVE-2020-25888 RESERVED CVE-2020-25887 RESERVED CVE-2020-25886 RESERVED CVE-2020-25885 RESERVED CVE-2020-25884 RESERVED CVE-2020-25883 RESERVED CVE-2020-25882 RESERVED CVE-2020-25881 (A vulnerability was discovered in the filename parameter in pathindex. ...) NOT-FOR-US: RKCMS CVE-2020-25880 RESERVED CVE-2020-25879 (A stored cross site scripting (XSS) vulnerability in the 'Manage Users ...) NOT-FOR-US: Codoforum CVE-2020-25878 (A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' ...) NOT-FOR-US: BlackCat CMS CVE-2020-25877 (A stored cross site scripting (XSS) vulnerability in the 'Add Page' fe ...) NOT-FOR-US: BlackCat CMS CVE-2020-25876 (A stored cross site scripting (XSS) vulnerability in the 'Pages' featu ...) NOT-FOR-US: Codoforum CVE-2020-25875 (A stored cross site scripting (XSS) vulnerability in the 'Smileys' fea ...) NOT-FOR-US: Codoforum CVE-2020-25874 RESERVED CVE-2020-25873 (A directory traversal vulnerability in the component system/manager/cl ...) NOT-FOR-US: Baijiacms CVE-2020-25872 (A vulnerability exists within the FileManagerController.php function i ...) NOT-FOR-US: FrogCMS CVE-2020-25871 RESERVED CVE-2020-25870 RESERVED CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 and 1.3 ...) NOT-FOR-US: CentralAuth MediaWiki extension NOTE: The extension requires some new infrastructure code which was added to the NOTE: MediaWiki 1.31.9 / 1.34.3 security releases announced at NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html NOTE: https://phabricator.wikimedia.org/T260485 CVE-2020-25868 (Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Valida ...) NOT-FOR-US: Pexip CVE-2020-25867 (SoPlanning before 1.47 doesn't correctly check the security key used t ...) NOT-FOR-US: SoPlanning CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dis ...) - wireshark 3.2.7-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-13.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16866 CVE-2020-25865 RESERVED CVE-2020-25864 (HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value ( ...) - consul 1.8.7+dfsg1-2 (bug #987351) [buster] - consul (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1950275 NOTE: https://github.com/hashicorp/consul/pull/10023 CVE-2020-25863 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...) {DLA-2547-1} - wireshark 3.2.7-1 [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-11.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16741 CVE-2020-25862 (In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the ...) {DLA-2547-1} - wireshark 3.2.7-1 [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-12.html NOTE: https://gitlab.com/wireshark/wireshark/-/issues/16816 CVE-2020-25861 RESERVED CVE-2020-25860 (The install.c module in the Pengutronix RAUC update client prior to ve ...) - rauc 1.5-1 NOTE: https://github.com/rauc/rauc/security/advisories/GHSA-cgf3-h62j-w9vv CVE-2020-25859 (The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to ve ...) NOT-FOR-US: Qualcomm QCMAP CVE-2020-25858 (The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior ...) NOT-FOR-US: Qualcomm QCMAP CVE-2020-25857 (The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Modul ...) NOT-FOR-US: Realtek CVE-2020-25856 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...) NOT-FOR-US: Realtek CVE-2020-25855 (The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior t ...) NOT-FOR-US: Realtek CVE-2020-25854 (The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module pri ...) NOT-FOR-US: Realtek CVE-2020-25853 (The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to ...) NOT-FOR-US: Realtek CVE-2020-25852 RESERVED CVE-2020-25851 RESERVED CVE-2020-25850 (The function, view the source code, of HGiga MailSherlock does not val ...) NOT-FOR-US: HGiga MailSherlock CVE-2020-25849 (MailGates and MailAudit products contain Command Injection flaw, which ...) NOT-FOR-US: MailGates and MailAudit CVE-2020-25848 (HGiga MailSherlock contains weak authentication flaw that attackers gr ...) NOT-FOR-US: HGiga MailSherlock CVE-2020-25847 (This command injection vulnerability allows attackers to execute arbit ...) NOT-FOR-US: QNAP CVE-2020-25846 (The digest generation function of NHIServiSignAdapter has not been ver ...) NOT-FOR-US: NHIServiSignAdapter CVE-2020-25845 (Multiple functions of NHIServiSignAdapter failed to verify the users&# ...) NOT-FOR-US: NHIServiSignAdapter CVE-2020-25844 (The digest generation function of NHIServiSignAdapter has not been ver ...) NOT-FOR-US: NHIServiSignAdapter CVE-2020-25843 (NHIServiSignAdapter fails to verify the length of digital credential f ...) NOT-FOR-US: NHIServiSignAdapter CVE-2020-25842 (The encryption function of NHIServiSignAdapter fail to verify the file ...) NOT-FOR-US: NHIServiSignAdapter CVE-2020-25841 RESERVED CVE-2020-25840 (Cross-Site scripting vulnerability in Micro Focus Access Manager produ ...) NOT-FOR-US: Micro Focus CVE-2020-25839 (NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected b ...) NOT-FOR-US: NetIQ Identity Manager CVE-2020-25838 (Unauthorized disclosure of sensitive information vulnerability in Micr ...) NOT-FOR-US: Micro Focus CVE-2020-25837 (Sensitive information disclosure vulnerability in Micro Focus Self Ser ...) NOT-FOR-US: Micro Focus CVE-2020-25836 RESERVED CVE-2020-25835 RESERVED CVE-2020-25834 (Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger prod ...) NOT-FOR-US: Micro Focus CVE-2020-25833 (Persistent cross-Site Scripting vulnerability on Micro Focus IDOL prod ...) NOT-FOR-US: Micro Focus CVE-2020-25832 (Reflected Cross Site scripting vulnerability on Micro Focus Filr produ ...) NOT-FOR-US: Micro Focus CVE-2020-25831 RESERVED CVE-2020-25830 (An issue was discovered in MantisBT before 2.24.3. Improper escaping o ...) - mantis CVE-2020-25829 (An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x befo ...) - pdns-recursor 4.3.5-1 (bug #972159) [buster] - pdns-recursor (Minor issue) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-07.html CVE-2020-25828 (An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through ...) {DSA-4767-1 DLA-2379-1} - mediawiki 1:1.35.0-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html NOTE: https://phabricator.wikimedia.org/T115888 CVE-2020-25827 (An issue was discovered in the OATHAuth extension in MediaWiki before ...) {DSA-4767-1 DLA-2379-1} - mediawiki 1:1.35.0-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html NOTE: https://phabricator.wikimedia.org/T251661 CVE-2020-25826 (PingID Integration for Windows Login before 2.4.2 allows local users t ...) NOT-FOR-US: PingID Integration for Windows Login CVE-2020-25825 (In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensit ...) NOT-FOR-US: Octopus Deploy CVE-2020-25824 (Telegram Desktop through 2.4.3 does not require passcode entry upon pu ...) NOTE: Nonsense CVE allocation for Telegram desktop client, with an desktop not protected NOTE: by a screen lock anything can happen anyway CVE-2020-25823 RESERVED CVE-2020-25822 RESERVED CVE-2020-25821 (** UNSUPPORTED WHEN ASSIGNED ** peg-markdown 0.4.14 has a NULL pointer ...) NOT-FOR-US: peg-markdown CVE-2020-25820 (BigBlueButton before 2.2.27 allows remote authenticated users to read ...) NOT-FOR-US: BigBlueButton CVE-2020-25819 RESERVED CVE-2020-25818 RESERVED CVE-2020-25817 (SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentP ...) NOT-FOR-US: Silverstripe CMS CVE-2020-25816 (HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed le ...) NOT-FOR-US: HashiCorp Vault CVE-2020-25815 (An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34 ...) - mediawiki 1:1.35.0-1 [buster] - mediawiki (Vulnerable code introduced in 1.32) [stretch] - mediawiki (Vulnerable code introduced later) NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html NOTE: https://phabricator.wikimedia.org/T256171 CVE-2020-25814 (In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, X ...) {DSA-4767-1 DLA-2379-1} - mediawiki 1:1.35.0-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html NOTE: https://phabricator.wikimedia.org/T86738 CVE-2020-25813 (In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, S ...) {DSA-4767-1 DLA-2379-1} - mediawiki 1:1.35.0-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html NOTE: https://phabricator.wikimedia.org/T232568 CVE-2020-25812 (An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special: ...) {DSA-4767-1} - mediawiki 1:1.35.0-1 [stretch] - mediawiki (Vulnerable code introduced later) NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html NOTE: https://phabricator.wikimedia.org/T255918 CVE-2020-25811 RESERVED CVE-2020-25810 RESERVED CVE-2020-25809 RESERVED CVE-2020-25808 RESERVED CVE-2020-25807 RESERVED CVE-2020-25806 RESERVED CVE-2020-25805 RESERVED CVE-2020-25804 RESERVED CVE-2020-25803 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) NOT-FOR-US: Crafter Studio of Crafter CMS CVE-2020-25802 (Improper Control of Dynamically-Managed Code Resources vulnerability i ...) NOT-FOR-US: Crafter Studio of Crafter CMS CVE-2020-25801 RESERVED CVE-2020-25800 RESERVED CVE-2020-25799 (LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quo ...) - limesurvey (bug #472802) CVE-2020-25798 (A stored cross-site scripting (XSS) vulnerability in LimeSurvey before ...) - limesurvey (bug #472802) CVE-2020-25797 (LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add ...) - limesurvey (bug #472802) CVE-2020-25790 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to upload ...) NOT-FOR-US: Typesetter CMS CVE-2020-25789 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...) - tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633) [buster] - tt-rss (Minor issue) NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799 NOTE: https://git.tt-rss.org/fox/tt-rss/commit/da5af2fae091041cca27b24b6f0e69e4a6d0dc60 CVE-2020-25788 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...) - tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633) [buster] - tt-rss (Minor issue) NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799 NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef CVE-2020-25787 (An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-1 ...) - tt-rss 21~git20210204.b4cbc79+dfsg-1 (bug #970633) [buster] - tt-rss (Minor issue) NOTE: https://community.tt-rss.org/t/heads-up-several-vulnerabilities-fixed/3799 NOTE: https://git.tt-rss.org/fox/tt-rss/commit/c3d14e1fa54c7dade7b1b7955575e2991396d7ef CVE-2020-25786 (** UNSUPPORTED WHEN ASSIGNED ** webinc/js/info.php on D-Link DIR-816L ...) NOT-FOR-US: D-Link CVE-2020-25785 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...) NOT-FOR-US: Accfly Wireless Security IR Camera System 720P CVE-2020-25784 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...) NOT-FOR-US: Accfly Wireless Security IR Camera System 720P CVE-2020-25783 (An issue was discovered on Accfly Wireless Security IR Camera System 7 ...) NOT-FOR-US: Accfly Wireless Security IR Camera System 720P CVE-2020-25782 (An issue was discovered on Accfly Wireless Security IR Camera 720P Sys ...) NOT-FOR-US: Accfly Wireless Security IR Camera System 720P CVE-2020-25781 (An issue was discovered in file_download.php in MantisBT before 2.24.3 ...) - mantis CVE-2020-25796 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...) - rust-sized-chunks 0.6.5-1 (bug #970586) [bullseye] - rust-sized-chunks (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html NOTE: https://github.com/bodil/sized-chunks/issues/11 CVE-2020-25795 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...) - rust-sized-chunks 0.6.5-1 (bug #970586) [bullseye] - rust-sized-chunks (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html NOTE: https://github.com/bodil/sized-chunks/issues/11 CVE-2020-25794 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...) - rust-sized-chunks 0.6.5-1 (bug #970586) [bullseye] - rust-sized-chunks (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html NOTE: https://github.com/bodil/sized-chunks/issues/11 CVE-2020-25793 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...) - rust-sized-chunks 0.6.5-1 (bug #970586) [bullseye] - rust-sized-chunks (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html NOTE: https://github.com/bodil/sized-chunks/issues/11 CVE-2020-25792 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...) - rust-sized-chunks 0.6.5-1 (bug #970586) [bullseye] - rust-sized-chunks (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html NOTE: https://github.com/bodil/sized-chunks/issues/11 CVE-2020-25791 (An issue was discovered in the sized-chunks crate through 0.6.2 for Ru ...) - rust-sized-chunks 0.6.5-1 (bug #970586) [bullseye] - rust-sized-chunks (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html NOTE: https://github.com/bodil/sized-chunks/issues/11 CVE-2020-25780 (In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before ...) NOT-FOR-US: Commvault CVE-2020-25779 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in w ...) NOT-FOR-US: Trend Micro CVE-2020-25778 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a ...) NOT-FOR-US: Trend Micro CVE-2020-25777 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a speci ...) NOT-FOR-US: Trend Micro CVE-2020-25776 (Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbo ...) NOT-FOR-US: Trend Micro CVE-2020-25775 (The Trend Micro Security 2020 (v16) consumer family of products is vul ...) NOT-FOR-US: Trend Micro CVE-2020-25774 (A vulnerability in the Trend Micro Apex One ServerMigrationTool compon ...) NOT-FOR-US: Trend Micro CVE-2020-25773 (A vulnerability in the Trend Micro Apex One ServerMigrationTool compon ...) NOT-FOR-US: Trend Micro CVE-2020-25772 (An out-of-bounds read information disclosure vulnerabilities in Trend ...) NOT-FOR-US: Trend Micro CVE-2020-25771 (An out-of-bounds read information disclosure vulnerabilities in Trend ...) NOT-FOR-US: Trend Micro CVE-2020-25770 (An out-of-bounds read information disclosure vulnerabilities in Trend ...) NOT-FOR-US: Trend Micro CVE-2020-25769 RESERVED CVE-2020-25768 (Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 hav ...) NOT-FOR-US: Contao CMS CVE-2020-25767 (An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_c ...) NOT-FOR-US: HCC Embedded NicheStack CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...) NOT-FOR-US: MISP CVE-2020-25765 (Addressed remote code execution vulnerability in reg_device.php due to ...) NOT-FOR-US: Western Digital My Cloud Devices CVE-2020-25764 RESERVED CVE-2020-25763 (Seat Reservation System version 1.0 suffers from an Unauthenticated Fi ...) NOT-FOR-US: Seat Reservation System CVE-2020-25762 (An issue was discovered in SourceCodester Seat Reservation System 1.0. ...) NOT-FOR-US: SourceCodester Seat Reservation System CVE-2020-25761 (Projectworlds Visitor Management System in PHP 1.0 allows XSS. The fil ...) NOT-FOR-US: Projectworlds Visitor Management System in PHP CVE-2020-25760 (Projectworlds Visitor Management System in PHP 1.0 allows SQL Injectio ...) NOT-FOR-US: Projectworlds Visitor Management System in PHP CVE-2020-25759 (An issue was discovered on D-Link DSR-250 3.17 devices. Certain functi ...) NOT-FOR-US: D-Link CVE-2020-25758 (An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient v ...) NOT-FOR-US: D-Link CVE-2020-25757 (A lack of input validation and access controls in Lua CGIs on D-Link D ...) NOT-FOR-US: D-Link CVE-2020-25756 (** DISPUTED ** A buffer overflow vulnerability exists in the mg_get_ht ...) NOT-FOR-US: Cesanta Mongoose NOTE: smplayer embeds a copy, which is unused in any released version and disabled since 18.5.0~ds1-1 CVE-2020-25755 (An issue was discovered on Enphase Envoy R3.x and D4.x (and other curr ...) NOT-FOR-US: Enphase Envoy CVE-2020-25754 (An issue was discovered on Enphase Envoy R3.x and D4.x devices. There ...) NOT-FOR-US: Enphase Envoy CVE-2020-25753 (An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 ...) NOT-FOR-US: Enphase Envoy CVE-2020-25752 (An issue was discovered on Enphase Envoy R3.x and D4.x devices. There ...) NOT-FOR-US: Enphase Envoy CVE-2020-25751 (The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via ...) NOT-FOR-US: paGO Commerce plugin for Joomla! CVE-2020-25750 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in DotPlant2 b ...) NOT-FOR-US: DotPlant2 CVE-2020-25749 (The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 ca ...) NOT-FOR-US: Rubetek CVE-2020-25748 (A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3 ...) NOT-FOR-US: Rubetek CVE-2020-25747 (The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (f ...) NOT-FOR-US: Rubetek CVE-2020-25746 (QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local att ...) NOT-FOR-US: QED ResourceXpress Qubi3 devices CVE-2020-25745 RESERVED CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to ...) NOT-FOR-US: SaferVPN CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereferen ...) - qemu (bug #970940) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in next qemu DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1 CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...) - qemu (bug #971390) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in next qemu DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1 CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ...) - qemu (bug #970939) [bullseye] - qemu (Minor issue, revisit when fixed upstream) [buster] - qemu (Fix along in next qemu DSA) [stretch] - qemu (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Ffdc_nullptr1 CVE-2020-25740 RESERVED CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Mult ...) {DLA-2380-1} - ruby-gon 6.4.0-1 (bug #970938) [buster] - ruby-gon (Minor issue) NOTE: https://github.com/gazay/gon/commit/fe3c7b2191a992386dc9edd37de5447a4e809bc7 CVE-2020-25738 (CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers ...) NOT-FOR-US: CyberArk Endpoint Privilege Manager (EPM) CVE-2020-25737 (An elevation of privilege vulnerability exists in Hackolade versions p ...) NOT-FOR-US: Hackolade CVE-2020-25736 (Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows ...) NOT-FOR-US: Acronis CVE-2020-25735 (webTareas through 2.1 allows XSS in clients/editclient.php, extensions ...) NOT-FOR-US: webTareas CVE-2020-25734 (webTareas through 2.1 allows files/Default/ Directory Listing. ...) NOT-FOR-US: webTareas CVE-2020-25733 (webTareas through 2.1 allows upload of the dangerous .exe and .shtml f ...) NOT-FOR-US: webTareas CVE-2020-25732 RESERVED CVE-2020-25731 RESERVED CVE-2020-25730 RESERVED CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the connkey parameter to downloa ...) - zoneminder 1.34.21-1 (unimportant) NOTE: https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413 NOTE: Only supported for trusted users/behind auth, see README.debian.security CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a broken algor ...) NOT-FOR-US: Reset Password add-on for Alfresco CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS- ...) NOT-FOR-US: Reset Password add-on for Alfresco CVE-2020-25726 REJECTED CVE-2020-25725 (In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOut ...) - xpdf (Debian uses poppler, which is not affected) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=41915 CVE-2020-25724 (A flaw was found in RESTEasy, where an incorrect response to an HTTP r ...) - resteasy - resteasy3.0 [bullseye] - resteasy3.0 (Minor issue) [buster] - resteasy3.0 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1899354 (lacks details ATM) CVE-2020-25723 (A reachable assertion issue was found in the USB EHCI emulation code o ...) {DLA-2469-1} - qemu 1:5.2+dfsg-1 (bug #975276) [buster] - qemu (Fix along in future DSA) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=2fdb42d840400d58f2e706ecca82c142b97bcbd6 (v5.2.0-rc0) CVE-2020-25722 [AD DC UPN vs samAccountName not checked] RESERVED {DSA-5003-1} - samba 2:4.13.14+dfsg-1 [buster] - samba (Intrusive backport; affects Samba as AD DC) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14564 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 NOTE: https://www.samba.org/samba/security/CVE-2020-25722.html CVE-2020-25721 [[Kerberos acceptors need easy access to stable AD identifiers (eg objectSid)] RESERVED {DSA-5003-1} - samba 2:4.13.14+dfsg-1 [buster] - samba (Intrusive backport; affects Samba as AD DC) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14557 NOTE: https://www.samba.org/samba/security/CVE-2020-25721.html CVE-2020-25720 RESERVED CVE-2020-25719 [AD DC Username based races when no PAC is given] RESERVED {DSA-5003-1} - samba 2:4.13.14+dfsg-1 [buster] - samba (Intrusive backport; affects Samba as AD DC) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14561 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 NOTE: https://www.samba.org/samba/security/CVE-2020-25719.html CVE-2020-25718 [An RODC can issue (forge) administrator tickets to other servers] RESERVED {DSA-5003-1} - samba 2:4.13.14+dfsg-1 [buster] - samba (Intrusive backport; affects Samba as AD DC) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14558 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 NOTE: https://www.samba.org/samba/security/CVE-2020-25718.html CVE-2020-25717 [A user on the domain can become root on domain members] RESERVED {DSA-5015-1 DSA-5003-1} - samba 2:4.13.14+dfsg-1 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14556 NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14725 NOTE: https://www.samba.org/samba/security/CVE-2020-25717.html NOTE: A new parameter "min domain uid" (defaults to 1000) has been added, NOTE: which enforces that no UNIX uid below this value will be accepted. CVE-2020-25716 (A flaw was found in Cloudforms. A role-based privileges escalation fla ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-25715 (A flaw was found in pki-core 10.9.0. A specially crafted POST request ...) - dogtag-pki 11.0.0-1 (bug #988153) [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1891016 NOTE: https://github.com/dogtagpki/pki/commit/13f4c7fe7d71d42b46b25f3e8472ef7f35da5dd6 CVE-2020-25714 RESERVED CVE-2020-25713 (A malformed input file can lead to a segfault due to an out of bounds ...) - raptor - raptor2 2.0.14-1.2 (bug #974664) [buster] - raptor2 (Minor issue) [stretch] - raptor2 (Minor issue; reconsider when fixed upstream.) NOTE: https://bugs.librdf.org/mantis/view.php?id=650 CVE-2020-25712 (A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer over ...) {DSA-4803-1 DLA-2486-1} - xorg-server 2:1.20.10-1 (bug #976216) NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/87c64fc5b0db9f62f4e361444f4b60501ebf67b9 CVE-2020-25711 (A flaw was found in infinispan 10 REST API, where authorization permis ...) NOT-FOR-US: Infinispan CVE-2020-25708 (A divide by zero issue was found to occur in libvncserver-0.9.12. A ma ...) {DLA-2451-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Minor issue) NOTE: https://github.com/LibVNC/libvncserver/issues/409 NOTE: https://github.com/LibVNC/libvncserver/commit/673c07a75ed844d74676f3ccdcfdc706a7052dba CVE-2020-25707 REJECTED CVE-2020-25706 (A cross-site scripting (XSS) vulnerability exists in templates_import. ...) - cacti 1.2.14+ds1-1 [buster] - cacti (Minor issue) [stretch] - cacti (Vulnerable code introduced in 1.0.0) NOTE: https://github.com/Cacti/cacti/issues/3723 NOTE: https://github.com/Cacti/cacti/commit/39458efcd5286d50e6b7f905fedcdc1059354e6e NOTE: introduced by https://github.com/Cacti/cacti/commit/0ba5711f09338a7019ed5622701a7effd83ba701 CVE-2020-25705 (A flaw in ICMP packets in the Linux kernel may allow an attacker to qu ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.6-1 [buster] - linux 4.19.160-1 NOTE: https://git.kernel.org/linus/b38e7819cae946e2edf869e604af1e65a5d241c5 NOTE: https://www.saddns.net/ CVE-2020-25704 (A flaw memory leak in the Linux kernel performance monitoring subsyste ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.6-1 [buster] - linux 4.19.160-1 NOTE: https://git.kernel.org/linus/7bdb157cdebbf95a1cd94ed2e01b338714075d00 CVE-2020-25703 (The participants table download in Moodle always included user emails, ...) - moodle CVE-2020-25702 (In Moodle, it was possible to include JavaScript when re-naming conten ...) - moodle CVE-2020-25701 (If the upload course tool in Moodle was used to delete an enrollment m ...) - moodle CVE-2020-25700 (In moodle, some database module web services allowed students to add e ...) - moodle CVE-2020-25699 (In moodle, insufficient capability checks could lead to users with the ...) - moodle CVE-2020-25698 (Users' enrollment capabilities were not being sufficiently checked in ...) - moodle CVE-2020-25697 (A privilege escalation flaw was found in the Xorg-x11-server due to a ...) NOTE: Long-standing design limitation in X11, unlikely to get fixed until the world moves to Wayland NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/3 CVE-2020-25696 (A flaw was found in the psql interactive terminal of PostgreSQL in ver ...) {DLA-2478-1} - postgresql-13 13.1-1 - postgresql-12 - postgresql-11 [buster] - postgresql-11 11.10-0+deb10u1 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=a54dfbee1f1bad431793968918bbb8541dc860a0 (REL9_5_STABLE) CVE-2020-25695 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...) {DLA-2478-1} - postgresql-13 13.1-1 - postgresql-12 - postgresql-11 [buster] - postgresql-11 11.10-0+deb10u1 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=aefc625dedae52073e7d279feb43f6255f992ea7 (REL9_5_STABLE) CVE-2020-25694 (A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...) {DLA-2478-1} - postgresql-13 13.1-1 - postgresql-12 - postgresql-11 [buster] - postgresql-11 11.10-0+deb10u1 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/ NOTE: https://www.postgresql.org/message-id/flat/16604-933f4b8791227b15%40postgresql.org NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=56b46d3a1a620548b4728b48bd28cdf11d88e101 (REL9_5_STABLE) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=da129a04a6dea8c30eec2477c08d17736c92d431 (REL9_5_STABLE) NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=6997da09a41f613695575fbfcb213f14784c92bb (REL9_5_STABLE) CVE-2020-25693 (A flaw was found in CImg in versions prior to 2.9.3. Integer overflows ...) {DLA-2462-1} - cimg 2.9.4+dfsg-2 (bug #973770) [buster] - cimg (Minor issue) NOTE: https://github.com/dtschump/CImg/pull/295 NOTE: https://bugs.launchpad.net/ubuntu/+source/cimg/+bug/1900983 NOTE: Fixed by: https://github.com/dtschump/CImg/commit/4f184f89f9ab6785a6c90fd238dbaa6d901d3505 CVE-2020-25691 RESERVED - darkhttpd (bug #775096) CVE-2020-25690 (An out-of-bounds write flaw was found in FontForge in versions before ...) - fontforge (Insufficient patch for CVE-2020-5395 not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188 CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 21.0.0.F ...) - wildfly (bug #752018) CVE-2020-25688 (A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two ...) NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM) CVE-2020-25687 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...) {DSA-4844-1 DLA-2604-1} - dnsmasq 2.83-1 NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a CVE-2020-25686 (A flaw was found in dnsmasq before version 2.83. When receiving a quer ...) {DSA-4844-1} - dnsmasq 2.83-1 [stretch] - dnsmasq (Minor issue, off-path DNS-non-sec cache poisoning, mitigated by CVE-2020-25684 fix, invasive, regressions) NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=15b60ddf935a531269bb8c68198de012a4967156 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=6a6e06fbb0d4690507ceaf2bb6f0d8910f3d4914 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=04490bf622ac84891aad6f2dd2edf83725decdee (regression) NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=12af2b171de0d678d98583e2190789e544440e02 (regression) NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3f535da79e7a42104543ef5c7b5fa2bed819a78b (regression) NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=25e63f1e56f5acdcf91893a1b92ad1e0f2f552d8 (regression) NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=141a26f979b4bc959d8e866a295e24f8cf456920 (regression) NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=305cb79c5754d5554729b18a2c06fe7ce699687a (regression) CVE-2020-25685 (A flaw was found in dnsmasq before version 2.83. When getting a reply ...) {DSA-4844-1} - dnsmasq 2.83-1 [stretch] - dnsmasq (Minor issue, off-path DNS-non-sec cache poisoning, mitigated by CVE-2020-25684 fix, stretch uses SHA-1 and not CRC32) NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2d765867c597db18be9d876c9c17e2c0fe1953cd NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=2024f9729713fd657d65e64c2e4e471baa0a3e5b CVE-2020-25684 (A flaw was found in dnsmasq before version 2.83. When getting a reply ...) {DSA-4844-1 DLA-2604-1} - dnsmasq 2.83-1 NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=257ac0c5f7732cbc6aa96fdd3b06602234593aca CVE-2020-25683 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...) {DSA-4844-1 DLA-2604-1} - dnsmasq 2.83-1 NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a CVE-2020-25682 (A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerabili ...) {DSA-4844-1 DLA-2604-1} - dnsmasq 2.83-1 NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a CVE-2020-25681 (A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...) {DSA-4844-1 DLA-2604-1} - dnsmasq 2.83-1 NOTE: https://www.openwall.com/lists/oss-security/2021/01/19/1 NOTE: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a CVE-2020-25680 (A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a ...) NOT-FOR-US: JBCS httpd CVE-2020-25679 RESERVED CVE-2020-25678 (A flaw was found in ceph in versions prior to 16.y.z where ceph stores ...) - ceph 14.2.18-1 [buster] - ceph (Minor issue) [stretch] - ceph (Minor issue) NOTE: https://tracker.ceph.com/issues/37503 NOTE: https://github.com/ceph/ceph/pull/38614 (v14.2.17) CVE-2020-25677 (A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph ...) NOT-FOR-US: ceph Ansible module CVE-2020-25676 (In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), Inte ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1732 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/406da3af9e09649cda152663c179902edf5ab3ac NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/94aeb3c40d25aee1051ba8eb3a31601558ef2506 CVE-2020-25675 (In the CropImage() and CropImageToTiles() routines of MagickCore/trans ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1731 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/64dc80b2e1907f7f20bf34d4df9483f938b0de71 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/6b169173585127299f4724f7880b575879c7f033 CVE-2020-25674 (WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop wi ...) {DLA-2523-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1715 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/67b871032183a29d3ca0553db6ce1ae80fddb9aa NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/2fdff8e040cd4401498d89f3c3d1f89cffd118b0 CVE-2020-25673 (A vulnerability was found in Linux kernel where non-blocking socket in ...) - linux 5.10.38-1 [buster] - linux 4.19.194-1 [stretch] - linux 4.9.272-1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1 CVE-2020-25672 (A memory leak vulnerability was found in Linux kernel in llcp_sock_con ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.38-1 [bullseye] - linux (Minor issue, revisit once fixed upstream) [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1 CVE-2020-25671 (A vulnerability was found in Linux Kernel, where a refcount leak in ll ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.38-1 [bullseye] - linux (Minor issue, revisit once fixed upstream) [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1 CVE-2020-25670 (A vulnerability was found in Linux Kernel where refcount leak in llcp_ ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.38-1 [bullseye] - linux (Minor issue, revisit once fixed upstream) [buster] - linux 4.19.194-1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/01/1 CVE-2020-25669 (A vulnerability was found in the Linux Kernel where the function sunkb ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.11-1 [buster] - linux 4.19.160-1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/05/2 CVE-2020-25668 (A flaw was found in Linux Kernel because access to the global variable ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.6-1 [buster] - linux 4.19.160-1 NOTE: https://www.openwall.com/lists/oss-security/2020/10/30/1 NOTE: https://git.kernel.org/linus/90bfdeef83f1d6c696039b6a917190dcbbad3220 CVE-2020-25667 (TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a larg ...) - imagemagick (Introduced in v6.9.10-63 and fixed in 6.9.10-69, no vulnerable version in archive) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1748 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/986b5dff173413fa712db27eb677cdef15f0bab6 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/14ba3e46a66c4799d643c7b959792e185c6599c7 CVE-2020-25666 (There are 4 places in HistogramCompare() in MagickCore/histogram.c whe ...) {DLA-2602-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1750 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/94691f00839dbdf43edb1508af945ab19b388573 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/91ae12c57f3b9b23f2072462c27a8378b59f395e CVE-2020-25665 (The PALM image coder at coders/palm.c makes an improper call to Acquir ...) {DLA-2523-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1714 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/cfd829bd3581b092e0a267b3deba46fa90b9bc88 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/ca80e93cc887fb8971ceba2eead2c74e2b927df4 CVE-2020-25664 (In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper ca ...) - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) [stretch] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1716 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/1f450bb5ba53d275de6d1cd086c98a0b549ad393 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/27d3ddedb73f63fa984ff5b4d66e07eef654070f NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/e16a98540228f707a718dd09ac0b8cacd2a25d49 (revert) NOTE: possible incomplete/invalid fix, cf. CVE-2020-27752 that occurs after the fix CVE-2020-25663 (A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of ...) - imagemagick (Vulnerable code introduced in 7.x) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1723 NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/0c69c477e65d2a2695278ca614ffb9a3385137bc (7.0.8-56) NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8ed707a93fc4c7b3193dd562f07c4a1cc63cc19d (7.0.8-57) NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a47e7a994766b92b10d4a87df8c1c890c8b170f3 (7.0.9-0) CVE-2020-25662 (A Red Hat only CVE-2020-12352 regression issue was found in the way th ...) - linux (Red Hat-specific regression) CVE-2020-25661 (A Red Hat only CVE-2020-12351 regression issue was found in the way th ...) - linux (Red Hat-specific regression) CVE-2020-25660 (A flaw was found in the Cephx authentication protocol in versions befo ...) - ceph 14.2.15-1 (bug #975275) [buster] - ceph (Vulnerable code introduced later) [stretch] - ceph (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/11/17/4 NOTE: Proposed patches: https://www.openwall.com/lists/oss-security/2020/11/17/3 NOTE: Introduced by: https://github.com/ceph/ceph/commit/321548010578d6ff7bbf2e5ce8a550008b131423 (v15.1.0, backported to v14.2.5) NOTE: Fixed by: https://github.com/ceph/ceph/commit/6c14c2fb5650426285428dfe6ca1597e5ea1d07d (15.2.6) NOTE: Fixed by: https://github.com/ceph/ceph/commit/1316c82aae8c51b3fe10d8a8f0a87b60db54ee16 (15.2.6) NOTE: Fixed by: https://github.com/ceph/ceph/commit/bafdfec8f974f1a3f7d404bcfd0a4cfad784937d (15.2.6) NOTE: Fixed by: https://github.com/ceph/ceph/commit/2927fd91d41e505237cc73f9700e5c6a63e5cb4f (14.2.14) NOTE: Fixed by: https://github.com/ceph/ceph/commit/4c11203122d729c832a645c9e3f5092db4963840 (14.2.14) NOTE: Fixed by: https://github.com/ceph/ceph/commit/bb5d3d58bfcae96d2e5f796eaa74fc0987f79e77 (14.2.14) CVE-2020-25659 (python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks ...) - python-cryptography 3.2.1-1 (bug #973247) [buster] - python-cryptography (Minor issue) [stretch] - python-cryptography (Minor issue; risk of regression & marginal benefit) NOTE: https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889988 NOTE: https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 (3.2) CVE-2020-25658 (It was found that python-rsa is vulnerable to Bleichenbacher timing at ...) - python-rsa (bug #974685) [bullseye] - python-rsa (Minor issue) [buster] - python-rsa (Minor issue) [stretch] - python-rsa (Minor issue) NOTE: https://github.com/sybrenstuvel/python-rsa/issues/165 NOTE: Presumed fix upstream in 4.7 does not address the issue: NOTE: https://github.com/sybrenstuvel/python-rsa/issues/165#issuecomment-727580521 CVE-2020-25657 (A flaw was found in all released versions of m2crypto, where they are ...) - m2crypto (bug #975002) [bullseye] - m2crypto (Minor issue) [buster] - m2crypto (Minor issue) [stretch] - m2crypto (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1889823 NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/285 NOTE: https://gitlab.com/m2crypto/m2crypto/-/issues/282 (restricted) CVE-2020-25656 (A flaw was found in the Linux kernel. A use-after-free was found in th ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.6-1 [buster] - linux 4.19.160-1 NOTE: https://www.openwall.com/lists/oss-security/2020/10/16/1 CVE-2020-25655 (An issue was discovered in ManagedClusterView API, that could allow se ...) NOT-FOR-US: Red Hat open-cluster-management CVE-2020-25654 (An ACL bypass flaw was found in pacemaker. An attacker having a local ...) {DSA-4791-1 DLA-2519-1} - pacemaker 2.0.5~rc2-1 (bug #973254) NOTE: https://www.openwall.com/lists/oss-security/2020/10/27/1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1888191 CVE-2020-25653 (A race condition vulnerability was found in the way the spice-vdagentd ...) {DLA-2524-1} - spice-vdagent 0.20.0-2 (bug #973769) [buster] - spice-vdagent (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/51c415df82a52e9ec033225783c77df95f387891 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/5c50131797e985d0a5654c1fd7000ae945ed29a7 CVE-2020-25652 (A flaw was found in the spice-vdagentd daemon, where it did not proper ...) {DLA-2524-1} - spice-vdagent 0.20.0-2 (bug #973769) [buster] - spice-vdagent (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/91caa9223857708475d29df1768208fed1675340 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/812ca777469a377c84b9861d7d326bfc72563304 CVE-2020-25651 (A flaw was found in the SPICE file transfer protocol. File data from t ...) {DLA-2524-1} - spice-vdagent 0.20.0-2 (bug #973769) [buster] - spice-vdagent (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/9d35d8a86fb310fc1f29d428c0a96995948d2357 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/e4bfd1b632b6c14e8411dbe3565115a78cd3d256 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/b7db1c20c9f80154fb54392eb44add3486d3e427 CVE-2020-25650 (A flaw was found in the way the spice-vdagentd daemon handled file tra ...) {DLA-2524-1} - spice-vdagent 0.20.0-2 (bug #973769) [buster] - spice-vdagent (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/1 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/1a8b93ca6ac0b690339ab7f0afc6fc45d198d332 NOTE: https://gitlab.freedesktop.org/spice/linux/vd_agent/-/commit/9d35d8a86fb310fc1f29d428c0a96995948d2357 CVE-2020-25649 (A flaw was found in FasterXML Jackson Databind, where it did not have ...) {DLA-2406-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2589 NOTE: https://github.com/FasterXML/jackson-databind/commit/612f971b78c60202e9cd75a299050c8f2d724a59 (jackson-databind-2.11.0.rc1) CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) message ...) - nss 2:3.58-1 [buster] - nss (Minor issue) [stretch] - nss (Minor issue) NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 (private) NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361 CVE-2020-25647 (A flaw was found in grub2 in versions prior to 2.06. During USB device ...) {DSA-4867-1} - grub2 2.04-16 [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. openssl_priva ...) TODO: check CVE-2020-25645 (A flaw was found in the Linux kernel in versions before 5.9-rc7. Traff ...) {DSA-4774-1 DLA-2494-1 DLA-2417-1} - linux 5.8.14-1 NOTE: https://git.kernel.org/linus/34beb21594519ce64a55a498c2fe7d567bc1ca20 CVE-2020-25644 (A memory leak flaw was found in WildFly OpenSSL in versions prior to 1 ...) - wildfly (bug #752018) CVE-2020-25643 (A flaw was found in the HDLC_PPP module of the Linux kernel in version ...) {DSA-4774-1 DLA-2420-1 DLA-2417-1} - linux 5.8.14-1 NOTE: https://git.kernel.org/linus/66d42ed8b25b64eb63111a2b8582c5afc8bf1105 CVE-2020-25642 RESERVED CVE-2020-25641 (A flaw was found in the Linux kernel's implementation of biovecs in ve ...) {DLA-2420-1 DLA-2385-1} - linux 5.8.10-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124 CVE-2020-25640 (A flaw was discovered in WildFly before 21.0.0.Final where, Resource a ...) - wildfly (bug #752018) CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux kernel's GPU No ...) - linux 5.10.19-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://lists.freedesktop.org/archives/nouveau/2020-August/036682.html CVE-2020-25638 (A flaw was found in hibernate-core in versions prior to and including ...) {DSA-4908-1 DLA-2512-1} - libhibernate3-java 3.6.10.Final-11 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1881353 NOTE: Fixed by https://github.com/hibernate/hibernate-orm/commit/59fede7acaaa1579b561407aefa582311f7ebe78 CVE-2020-25637 (A double free memory issue was found to occur in the libvirt API, in v ...) {DLA-2395-1} - libvirt 6.8.0-1 (bug #971555) [buster] - libvirt (Minor issue) NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0977b8aa071de550e1a013d35e2c72615e65d520 (v1.2.14-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=955029bd0ad7ef96000f529ac38204a8f4a96401 (v6.8.0) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=50864dcda191eb35732dbd80fb6ca251a6bba923 (v6.8.0) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=e4116eaa44cb366b59f7fe98f4b88d04c04970ad (v6.8.0) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=a63b48c5ecef077bf0f909a85f453a605600cf05 (v6.8.0) CVE-2020-25636 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...) - ansible (Vulnerable connection/aws_ssm plugin not included) NOTE: https://github.com/ansible-collections/community.aws/issues/221 CVE-2020-25635 (A flaw was found in Ansible Base when using the aws_ssm connection plu ...) - ansible (Vulnerable connection/aws_ssm plugin not included) NOTE: https://github.com/ansible-collections/community.aws/issues/222 CVE-2020-25634 (A flaw was found in Red Hat 3scale’s API docs URL, where it is a ...) NOT-FOR-US: 3scale CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy up to ...) - resteasy (bug #970585) - resteasy3.0 [bullseye] - resteasy3.0 (Minor issue) [buster] - resteasy3.0 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042 CVE-2020-25632 (A flaw was found in grub2 in versions prior to 2.06. The rmmod impleme ...) {DSA-4867-1} - grub2 2.04-16 [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-25631 (A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 ...) - moodle CVE-2020-25630 (A vulnerability was found in Moodle where the decompressed size of zip ...) - moodle CVE-2020-25629 (A vulnerability was found in Moodle where users with "Log in as" capab ...) - moodle CVE-2020-25628 (The filter in the tag manager required extra sanitizing to prevent a r ...) - moodle CVE-2020-25627 (The moodlenetprofile user profile field required extra sanitizing to p ...) - moodle CVE-2020-25626 (A flaw was found in Django REST Framework versions before 3.12.0 and b ...) - djangorestframework 3.12.1-1 (bug #971554) [buster] - djangorestframework (Minor issue) [stretch] - djangorestframework (Minor issue) NOTE: https://github.com/encode/django-rest-framework/commit/4121b01b912668c049b26194a9a107c27a332429 NOTE: Fixed upstream in 3.12.0 and 3.11.2 CVE-2020-25625 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list ha ...) {DLA-2469-1} - qemu 1:5.2+dfsg-1 (bug #970542) [buster] - qemu (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05905.html NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/1 NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=1be90ebecc95b09a2ee5af3f60c412b45a766c4f (v5.2.0-rc0) CVE-2020-25624 (hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via ...) {DLA-2469-1} - qemu 1:5.2+dfsg-1 (bug #970541) [buster] - qemu (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05492.html NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=1328fe0c32d5474604105b8105310e944976b058 (v5.2.0-rc0) CVE-2020-25623 (Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Director ...) - erlang 1:23.1+dfsg-1 [buster] - erlang (Vulnerable code introduced later) [stretch] - erlang (Vulnerable code introduced later) NOTE: https://github.com/erlang/otp/releases/tag/OTP-23.1 CVE-2020-25622 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The Advanc ...) NOT-FOR-US: SolarWinds CVE-2020-25621 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The local ...) NOT-FOR-US: SolarWinds CVE-2020-25620 (An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded ...) NOT-FOR-US: SolarWinds CVE-2020-25619 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH co ...) NOT-FOR-US: SolarWinds CVE-2020-25618 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo c ...) NOT-FOR-US: SolarWinds CVE-2020-25617 (An issue was discovered in SolarWinds N-Central 12.3.0.670. The Advanc ...) NOT-FOR-US: SolarWinds CVE-2020-25616 RESERVED CVE-2020-25615 RESERVED CVE-2020-25614 (xmlquery before 1.3.1 lacks a check for whether a LoadURL response is ...) - golang-github-antchfx-xmlquery 1.3.3-1 NOTE: https://github.com/antchfx/xmlquery/issues/39 CVE-2020-25613 (An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, an ...) {DLA-2392-1 DLA-2391-1} - ruby2.7 2.7.1-4 - ruby2.5 [buster] - ruby2.5 2.5.5-3+deb10u3 - ruby2.3 - jruby (bug #972230) [buster] - jruby (Minor issue) NOTE: https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/ NOTE: Fix in webrick: https://github.com/ruby/webrick/commit/8946bb38b4d87549f0d99ed73c62c41933f97cc7 CVE-2020-25612 (The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an atta ...) NOT-FOR-US: Mitel CVE-2020-25611 (The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to ...) NOT-FOR-US: Mitel CVE-2020-25610 (The AWV component of Mitel MiCollab before 9.2 could allow an attacker ...) NOT-FOR-US: Mitel CVE-2020-25609 (The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow ...) NOT-FOR-US: Mitel CVE-2020-25608 (The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to ...) NOT-FOR-US: Mitel CVE-2020-25607 RESERVED CVE-2020-25606 (The AWV component of Mitel MiCollab before 9.2 could allow an attacker ...) NOT-FOR-US: Mitel CVE-2020-25605 (Cleartext transmission of sensitive information in Agora Video SDK pri ...) NOT-FOR-US: Agora Video SDK CVE-2020-25604 (An issue was discovered in Xen through 4.14.x. There is a race conditi ...) {DSA-4769-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-336.html CVE-2020-25603 (An issue was discovered in Xen through 4.14.x. There are missing memor ...) {DSA-4769-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-340.html CVE-2020-25602 (An issue was discovered in Xen through 4.14.x. An x86 PV guest can tri ...) {DSA-4769-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-333.html CVE-2020-25601 (An issue was discovered in Xen through 4.14.x. There is a lack of pree ...) {DSA-4769-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-344.html CVE-2020-25600 (An issue was discovered in Xen through 4.14.x. Out of bounds event cha ...) {DSA-4769-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-342.html CVE-2020-25599 (An issue was discovered in Xen through 4.14.x. There are evtchn_reset( ...) {DSA-4769-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-343.html CVE-2020-25598 (An issue was discovered in Xen 4.14.x. There is a missing unlock in th ...) - xen (No affected version (only > 4.12) ever uploaded to unstable) NOTE: https://xenbits.xen.org/xsa/advisory-334.html CVE-2020-25597 (An issue was discovered in Xen through 4.14.x. There is mishandling of ...) {DSA-4769-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-338.html CVE-2020-25596 (An issue was discovered in Xen through 4.14.x. x86 PV guest kernels ca ...) {DSA-4769-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-339.html CVE-2020-25595 (An issue was discovered in Xen through 4.14.x. The PCI passthrough cod ...) {DSA-4769-1} - xen 4.14.0+80-gd101b417b7-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-337.html CVE-2020-25594 (HashiCorp Vault and Vault Enterprise allowed for enumeration of Secret ...) NOT-FOR-US: HashiCorp Vault CVE-2020-25593 (Acronis True Image through 2021 on macOS allows local privilege escala ...) NOT-FOR-US: Acronis CVE-2020-25592 (In SaltStack Salt through 3002, salt-netapi improperly validates eauth ...) {DSA-4837-1 DLA-2480-1} - salt 3002.1+dfsg1-1 NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/25/2018.3.5.patch (2018.3.5) NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/25/2016.11.3.patch (2016.11.3) CVE-2020-25591 RESERVED CVE-2020-25590 RESERVED CVE-2020-25589 RESERVED CVE-2020-25588 RESERVED CVE-2020-25587 RESERVED CVE-2020-25586 RESERVED CVE-2020-25585 RESERVED CVE-2020-25584 (In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11. ...) NOT-FOR-US: FreeBSD CVE-2020-25583 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...) NOT-FOR-US: FreeBSD CVE-2020-25582 (In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12. ...) - kfreebsd-10 (unimportant) CVE-2020-25581 (In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12. ...) - kfreebsd-10 (unimportant) CVE-2020-25580 (In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12. ...) NOT-FOR-US: FreeBSD CVE-2020-25579 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...) - kfreebsd-10 (unimportant) CVE-2020-25578 (In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12. ...) - kfreebsd-10 (unimportant) CVE-2020-25577 (In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12. ...) NOT-FOR-US: FreeBSD CVE-2020-25572 RESERVED CVE-2020-25571 RESERVED CVE-2020-25570 RESERVED CVE-2020-25569 RESERVED CVE-2020-25568 RESERVED CVE-2020-25567 RESERVED CVE-2020-25566 (In SapphireIMS 5.0, it is possible to take over an account by sending ...) NOT-FOR-US: SapphireIMS CVE-2020-25565 (In SapphireIMS 5.0, it is possible to use the hardcoded credential in ...) NOT-FOR-US: SapphireIMS CVE-2020-25564 (In SapphireIMS 5.0, it is possible to create local administrator on an ...) NOT-FOR-US: SapphireIMS CVE-2020-25563 (In SapphireIMS 5.0, it is possible to create local administrator on an ...) NOT-FOR-US: SapphireIMS CVE-2020-25562 (In SapphireIMS 5.0, there is no CSRF token present in the entire appli ...) NOT-FOR-US: SapphireIMS CVE-2020-25561 (SapphireIMS 5 utilized default sapphire:ims credentials to connect the ...) NOT-FOR-US: SapphireIMS CVE-2020-25560 (In SapphireIMS 5.0, it is possible to use the hardcoded credential in ...) NOT-FOR-US: SapphireIMS CVE-2020-25559 (gnuplot 5.5 is affected by double free when executing print_set_output ...) - gnuplot (unimportant) NOTE: https://sourceforge.net/p/gnuplot/bugs/2312/ NOTE: No security impact, gnuplot can execute arbitrary commands and need to NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6). CVE-2020-25558 RESERVED CVE-2020-25557 (In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "usern ...) NOT-FOR-US: CMSuno CVE-2020-25556 RESERVED CVE-2020-25555 RESERVED CVE-2020-25554 RESERVED CVE-2020-25553 RESERVED CVE-2020-25552 RESERVED CVE-2020-25551 RESERVED CVE-2020-25550 RESERVED CVE-2020-25549 RESERVED CVE-2020-25548 RESERVED CVE-2020-25547 RESERVED CVE-2020-25546 RESERVED CVE-2020-25545 RESERVED CVE-2020-25544 RESERVED CVE-2020-25543 RESERVED CVE-2020-25542 RESERVED CVE-2020-25541 RESERVED CVE-2020-25540 (ThinkAdmin v6 is affected by a directory traversal vulnerability. An u ...) NOT-FOR-US: ThinkAdmin CVE-2020-25539 RESERVED CVE-2020-25538 (An authenticated attacker can inject malicious code into "lang" parame ...) NOT-FOR-US: CMSuno CVE-2020-25537 (File upload vulnerability exists in UCMS 1.5.0, and the attacker can t ...) NOT-FOR-US: UCMS CVE-2020-25536 RESERVED CVE-2020-25535 RESERVED CVE-2020-25534 RESERVED CVE-2020-25533 (An issue was discovered in Malwarebytes before 4.0 on macOS. A malicio ...) NOT-FOR-US: Malwarebytes on macOS CVE-2020-25532 RESERVED CVE-2020-25531 RESERVED CVE-2020-25530 RESERVED CVE-2020-25529 RESERVED CVE-2020-25528 RESERVED CVE-2020-25527 RESERVED CVE-2020-25526 RESERVED CVE-2020-25525 RESERVED CVE-2020-25524 RESERVED CVE-2020-25523 RESERVED CVE-2020-25522 RESERVED CVE-2020-25521 RESERVED CVE-2020-25520 RESERVED CVE-2020-25519 RESERVED CVE-2020-25518 RESERVED CVE-2020-25517 RESERVED CVE-2020-25516 (WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-si ...) NOT-FOR-US: WSO2 Enterprise Integrator CVE-2020-25515 (Sourcecodester Simple Library Management System 1.0 is affected by Ins ...) NOT-FOR-US: Sourcecodester Simple Library Management System CVE-2020-25514 (Sourcecodester Simple Library Management System 1.0 is affected by Inc ...) NOT-FOR-US: Sourcecodester Simple Library Management System CVE-2020-25513 RESERVED CVE-2020-25512 RESERVED CVE-2020-25511 RESERVED CVE-2020-25510 RESERVED CVE-2020-25509 RESERVED CVE-2020-25508 RESERVED CVE-2020-25507 (An incorrect permission assignment during the installation script of T ...) NOT-FOR-US: No Magic TeamworkCloud CVE-2020-25506 (D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injectio ...) NOT-FOR-US: D-Link CVE-2020-25505 RESERVED CVE-2020-25504 RESERVED CVE-2020-25503 RESERVED CVE-2020-25502 RESERVED CVE-2020-25501 RESERVED CVE-2020-25500 RESERVED CVE-2020-25499 (TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote use ...) NOT-FOR-US: TOTOLINK CVE-2020-25498 (Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can b ...) NOT-FOR-US: Beetel CVE-2020-25497 RESERVED CVE-2020-25496 RESERVED CVE-2020-25495 (A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerl ...) NOT-FOR-US: Xinuo SCO Openserver CVE-2020-25494 (Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute ...) NOT-FOR-US: Xinuo SCO Openserver CVE-2020-25493 (Oclean Mobile Application 2.1.2 communicates with an external website ...) NOT-FOR-US: Oclean Mobile Application CVE-2020-25492 RESERVED CVE-2020-25491 RESERVED CVE-2020-25490 (Lack of cryptographic signature verification in the Sqreen PHP agent d ...) NOT-FOR-US: Sqreen CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0 ...) NOT-FOR-US: Sqreen CVE-2020-25488 RESERVED CVE-2020-25487 (PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is af ...) NOT-FOR-US: PHPGURUKUL Zoo Management System CVE-2020-25486 RESERVED CVE-2020-25485 RESERVED CVE-2020-25484 RESERVED CVE-2020-25483 (An arbitrary command execution vulnerability exists in the fopen() fun ...) NOT-FOR-US: UCMS CVE-2020-25482 RESERVED CVE-2020-25481 RESERVED CVE-2020-25480 RESERVED CVE-2020-25479 RESERVED CVE-2020-25478 RESERVED CVE-2020-25477 RESERVED CVE-2020-25476 (Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cro ...) NOT-FOR-US: Liferay CMS Portal CVE-2020-25475 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injectio ...) NOT-FOR-US: SimplePHPscripts News Script PHP Pro CVE-2020-25474 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site S ...) NOT-FOR-US: SimplePHPscripts News Script PHP Pro CVE-2020-25473 (SimplePHPscripts News Script PHP Pro 2.3 does not properly set the Htt ...) NOT-FOR-US: SimplePHPscripts News Script PHP Pro CVE-2020-25472 (SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site R ...) NOT-FOR-US: SimplePHPscripts News Script PHP Pro CVE-2020-25471 RESERVED CVE-2020-25470 (AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability i ...) NOT-FOR-US: AntSword CVE-2020-25469 RESERVED CVE-2020-25468 RESERVED CVE-2020-25467 (A null pointer dereference was discovered lzo_decompress_buf in stream ...) - lrzip NOTE: https://bugs.launchpad.net/ubuntu/+source/lrzip/+bug/1893641 NOTE: https://github.com/ckolivas/lrzip/issues/163 TODO: check fixing commit CVE-2020-25466 (A SSRF vulnerability exists in the downloadimage interface of CRMEB 3. ...) NOT-FOR-US: CRMEB CVE-2020-25465 (Null Pointer Dereference. in xObjectBindingFromExpression at moddable/ ...) NOT-FOR-US: Moddable SDK CVE-2020-25464 (Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK ...) NOT-FOR-US: Moddable SDK CVE-2020-25463 (Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon. ...) NOT-FOR-US: Moddable SDK CVE-2020-25462 (Heap buffer overflow in the fxCheckArrowFunction function at moddable/ ...) NOT-FOR-US: Moddable SDK CVE-2020-25461 (Invalid Memory Access in the fxProxyGetter function in moddable/xs/sou ...) NOT-FOR-US: Moddable SDK CVE-2020-25460 RESERVED CVE-2020-25459 RESERVED CVE-2020-25458 RESERVED CVE-2020-25457 RESERVED CVE-2020-25456 RESERVED CVE-2020-25455 RESERVED CVE-2020-25454 (Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add re ...) - grocy (bug #969056) CVE-2020-25453 (An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vu ...) NOT-FOR-US: BlackCat CMS CVE-2020-25452 RESERVED CVE-2020-25451 RESERVED CVE-2020-25450 RESERVED CVE-2020-25449 (Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can ...) NOT-FOR-US: Arachnys Cabot CVE-2020-25448 RESERVED CVE-2020-25447 RESERVED CVE-2020-25446 RESERVED CVE-2020-25445 (The “Subscribe” feature in Ultimate Booking System Booking ...) NOT-FOR-US: Ultimate Booking System Booking Core CVE-2020-25444 (Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Bo ...) NOT-FOR-US: Booking Core - Ultimate Booking System Booking Core CVE-2020-25443 RESERVED CVE-2020-25442 RESERVED CVE-2020-25441 RESERVED CVE-2020-25440 RESERVED CVE-2020-25439 RESERVED CVE-2020-25438 RESERVED CVE-2020-25437 RESERVED CVE-2020-25436 RESERVED CVE-2020-25435 RESERVED CVE-2020-25434 RESERVED CVE-2020-25433 RESERVED CVE-2020-25432 RESERVED CVE-2020-25431 RESERVED CVE-2020-25430 RESERVED CVE-2020-25429 RESERVED CVE-2020-25428 RESERVED CVE-2020-25427 RESERVED CVE-2020-25426 RESERVED CVE-2020-25425 RESERVED CVE-2020-25424 RESERVED CVE-2020-25423 RESERVED CVE-2020-25422 (A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS ...) NOT-FOR-US: Mara CMS CVE-2020-25421 RESERVED CVE-2020-25420 RESERVED CVE-2020-25419 RESERVED CVE-2020-25418 RESERVED CVE-2020-25417 RESERVED CVE-2020-25416 RESERVED CVE-2020-25415 RESERVED CVE-2020-25414 (A local file inclusion vulnerability was discovered in the captcha fun ...) NOT-FOR-US: Monstra CMS CVE-2020-25413 RESERVED CVE-2020-25412 (com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write ...) - gnuplot (unimportant) NOTE: https://sourceforge.net/p/gnuplot/bugs/2303/ NOTE: No security impact, gnuplot can execute arbitrary commands and need to NOTE: come from a trusted source, see README.Debian.security (added in 5.2.6). CVE-2020-25411 (Projectworlds Online Examination System 1.0 is vulnerable to CSRF, whi ...) NOT-FOR-US: Projectworlds Online Examination System CVE-2020-25410 RESERVED CVE-2020-25409 (Projectsworlds College Management System Php 1.0 is vulnerable to SQL ...) NOT-FOR-US: Projectsworlds College Management System Php CVE-2020-25408 (A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWor ...) NOT-FOR-US: ProjectWorlds College Management System Php CVE-2020-25407 RESERVED CVE-2020-25406 (app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to ...) NOT-FOR-US: lemocms CVE-2020-25405 RESERVED CVE-2020-25404 RESERVED CVE-2020-25403 RESERVED CVE-2020-25402 RESERVED CVE-2020-25401 RESERVED CVE-2020-25400 (Cross domain policies in Taskcafe Project Management tool before versi ...) NOT-FOR-US: Taskcafe Project Management tool CVE-2020-25399 (Stored XSS in InterMind iMind Server through 3.13.65 allows any user t ...) NOT-FOR-US: InterMind iMind Server CVE-2020-25398 (CSV Injection exists in InterMind iMind Server through 3.13.65 via the ...) NOT-FOR-US: InterMind iMind Server CVE-2020-25397 RESERVED CVE-2020-25396 RESERVED CVE-2020-25395 RESERVED CVE-2020-25394 (A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 all ...) NOT-FOR-US: moziloCMS CVE-2020-25393 RESERVED CVE-2020-25392 (A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows att ...) NOT-FOR-US: CSZ CMS CVE-2020-25391 (A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers ...) NOT-FOR-US: CSZ CMS CVE-2020-25390 RESERVED CVE-2020-25389 RESERVED CVE-2020-25388 RESERVED CVE-2020-25387 RESERVED CVE-2020-25386 RESERVED CVE-2020-25385 (Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerab ...) NOT-FOR-US: Nagios Log Server CVE-2020-25384 RESERVED CVE-2020-25383 RESERVED CVE-2020-25382 RESERVED CVE-2020-25381 RESERVED CVE-2020-25380 (Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affe ...) NOT-FOR-US: Wordpress Plugin Store / Mike Rooijackers Recall Products CVE-2020-25379 (Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails t ...) NOT-FOR-US: Wordpress Plugin Store / Mike Rooijackers Recall Products CVE-2020-25378 (Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is ...) NOT-FOR-US: Wordpress Plugin Store / AccessPress Themes WP Floating Menu CVE-2020-25377 RESERVED CVE-2020-25376 RESERVED CVE-2020-25375 (Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affect ...) NOT-FOR-US: Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM CVE-2020-25374 (CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers t ...) NOT-FOR-US: CyberArk Privileged Session Manager (PSM) CVE-2020-25373 RESERVED CVE-2020-25372 RESERVED CVE-2020-25371 RESERVED CVE-2020-25370 RESERVED CVE-2020-25369 RESERVED CVE-2020-25368 (A command injection vulnerability was discovered in the HNAP1 protocol ...) NOT-FOR-US: D-Link CVE-2020-25367 (A command injection vulnerability was discovered in the HNAP1 protocol ...) NOT-FOR-US: D-Link CVE-2020-25366 (An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-8 ...) NOT-FOR-US: D-Link CVE-2020-25365 RESERVED CVE-2020-25364 RESERVED CVE-2020-25363 RESERVED CVE-2020-25362 (The id paramater in Online Shopping Alphaware 1.0 has been discovered ...) NOT-FOR-US: Online Shopping Alphaware CVE-2020-25361 RESERVED CVE-2020-25360 RESERVED CVE-2020-25359 (An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fix ...) NOT-FOR-US: rConfig CVE-2020-25358 RESERVED CVE-2020-25357 RESERVED CVE-2020-25356 RESERVED CVE-2020-25355 RESERVED CVE-2020-25354 RESERVED CVE-2020-25353 (A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 ha ...) NOT-FOR-US: rConfig CVE-2020-25352 (A stored cross-site scripting (XSS) vulnerability in the /devices.php ...) NOT-FOR-US: rConfig CVE-2020-25351 (An information disclosure vulnerability in rConfig 3.9.5 has been fixe ...) NOT-FOR-US: rConfig CVE-2020-25350 RESERVED CVE-2020-25349 RESERVED CVE-2020-25348 RESERVED CVE-2020-25347 RESERVED CVE-2020-25346 RESERVED CVE-2020-25345 RESERVED CVE-2020-25344 RESERVED CVE-2020-25343 (Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow ...) NOT-FOR-US: Symphony CMS CVE-2020-25342 RESERVED CVE-2020-25341 RESERVED CVE-2020-25340 (An issue was discovered in NFStream 5.2.0. Because some allocated modu ...) NOT-FOR-US: NFStream (not src:ndpi) CVE-2020-25339 RESERVED CVE-2020-25338 RESERVED CVE-2020-25337 RESERVED CVE-2020-25336 RESERVED CVE-2020-25335 RESERVED CVE-2020-25334 RESERVED CVE-2020-25333 RESERVED CVE-2020-25332 RESERVED CVE-2020-25331 RESERVED CVE-2020-25330 RESERVED CVE-2020-25329 RESERVED CVE-2020-25328 RESERVED CVE-2020-25327 RESERVED CVE-2020-25326 RESERVED CVE-2020-25325 RESERVED CVE-2020-25324 RESERVED CVE-2020-25323 RESERVED CVE-2020-25322 RESERVED CVE-2020-25321 RESERVED CVE-2020-25320 RESERVED CVE-2020-25319 RESERVED CVE-2020-25318 RESERVED CVE-2020-25317 RESERVED CVE-2020-25316 RESERVED CVE-2020-25315 RESERVED CVE-2020-25314 RESERVED CVE-2020-25313 RESERVED CVE-2020-25312 RESERVED CVE-2020-25311 RESERVED CVE-2020-25310 RESERVED CVE-2020-25309 RESERVED CVE-2020-25308 RESERVED CVE-2020-25307 RESERVED CVE-2020-25306 RESERVED CVE-2020-25305 RESERVED CVE-2020-25304 RESERVED CVE-2020-25303 RESERVED CVE-2020-25302 RESERVED CVE-2020-25301 RESERVED CVE-2020-25300 RESERVED CVE-2020-25299 RESERVED CVE-2020-25298 RESERVED CVE-2020-25297 RESERVED CVE-2020-25296 RESERVED CVE-2020-25295 RESERVED CVE-2020-25294 RESERVED CVE-2020-25293 RESERVED CVE-2020-25292 RESERVED CVE-2020-25291 (GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows r ...) NOT-FOR-US: Kingsoft WPS Office CVE-2020-25290 RESERVED CVE-2020-25289 (The VPN service in AVAST SecureLine before 5.6.4982.470 allows local u ...) NOT-FOR-US: VPN service in AVAST SecureLine CVE-2020-25288 (An issue was discovered in MantisBT before 2.24.3. When editing an Iss ...) - mantis CVE-2020-25287 (Pligg 2.0.3 allows remote authenticated users to execute arbitrary com ...) NOT-FOR-US: Pligg CMS CVE-2020-25285 (A race condition between hugetlb sysctl handlers in mm/hugetlb.c in th ...) {DLA-2420-1 DLA-2385-1} - linux 5.8.10-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/17743798d81238ab13050e8e2833699b54e15467 CVE-2020-25284 (The rbd block device driver in drivers/block/rbd.c in the Linux kernel ...) {DLA-2420-1 DLA-2385-1} - linux 5.8.10-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/f44d04e696feaf13d192d942c4f14ad2e117065a CVE-2020-25283 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-25282 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) NOT-FOR-US: LG mobile devices CVE-2020-25281 (An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-25280 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25279 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25278 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25277 RESERVED CVE-2020-25276 (An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. Wh ...) NOT-FOR-US: PrimeKey CVE-2020-25275 (Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and ...) {DSA-4825-1 DLA-2517-1} - dovecot 1:2.3.13+dfsg1-1 (bug #979363) NOTE: https://dovecot.org/pipermail/dovecot-news/2021-January/000451.html NOTE: https://github.com/dovecot/core/commit/67f792cb98267ee74c425772e766e7a2525c0d8f NOTE: https://github.com/dovecot/core/commit/6ae93c3936fc870c313a6fdf44a0999d4129d9b8 CVE-2020-25274 RESERVED CVE-2020-25273 (In SourceCodester Online Bus Booking System 1.0, there is Authenticati ...) NOT-FOR-US: SourceCodester Online Bus Booking System CVE-2020-25272 (In SourceCodester Online Bus Booking System 1.0, there is XSS through ...) NOT-FOR-US: SourceCodester Online Bus Booking System CVE-2020-25271 (PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/ ...) NOT-FOR-US: PHPGurukul hospital-management-system-in-php CVE-2020-25270 (PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, ...) NOT-FOR-US: PHPGurukul hostel-management-system CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...) {DSA-4764-1 DLA-2375-1} - inspircd 3.8.0-1 (bug #960650) NOTE: https://docs.inspircd.org/security/2020-01/ NOTE: https://github.com/inspircd/inspircd/commit/07d7dea334fc56642793aa5ae1e05ae3185c474b (v2) NOTE: https://github.com/inspircd/inspircd/commit/a9e107c646ac6d7310b55d0c2e0b06a9cec0a874 (v2) NOTE: https://github.com/inspircd/inspircd/commit/6f6fa13042f319bcd56ceed112c0a969337e4161 (v2) NOTE: https://github.com/inspircd/inspircd/commit/b3f1db9d162455af4b31edf231ba749140d37219 (v3) NOTE: https://github.com/inspircd/inspircd/commit/fbdd08043e97c2749ce2f03382559bba89abf47a (v3) NOTE: https://github.com/inspircd/inspircd/commit/b24a91181f58c7f7141de8995ff212993bcc333b (v3) CVE-2020-25268 (Remote Code Execution can occur via the external news feed in ILIAS 6. ...) NOT-FOR-US: ILIAS CVE-2020-25267 (An XSS issue exists in the question-pool file-upload preview feature i ...) NOT-FOR-US: ILIAS CVE-2020-25266 (AppImage appimaged before 1.0.3 does not properly check whether a down ...) NOT-FOR-US: AppImage appimaged CVE-2020-25265 (AppImage libappimage before 1.0.3 allows attackers to trigger an overw ...) - libappimage (bug #977192) [buster] - libappimage (Minor issue) NOTE: https://github.com/AppImage/libappimage/pull/146 NOTE: https://github.com/refi64/CVE-2020-25265-25266 CVE-2020-25264 RESERVED CVE-2020-25263 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the ...) NOT-FOR-US: PyroCMS CVE-2020-25262 (PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the ...) NOT-FOR-US: PyroCMS CVE-2020-25261 RESERVED CVE-2020-25260 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase CVE-2020-25259 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase CVE-2020-25258 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase CVE-2020-25257 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase CVE-2020-25256 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase CVE-2020-25255 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase CVE-2020-25254 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase CVE-2020-25253 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase CVE-2020-25252 (An issue was discovered in Hyland OnBase through 16.0.2.83 and below, ...) NOT-FOR-US: Hyland OnBase CVE-2020-25251 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase CVE-2020-25250 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase CVE-2020-25249 (An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.1 ...) NOT-FOR-US: Hyland OnBase CVE-2020-25248 (An issue was discovered in Hyland OnBase through 16.0.2.83 and below, ...) NOT-FOR-US: Hyland OnBase CVE-2020-25247 (An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x th ...) NOT-FOR-US: Hyland OnBase CVE-2020-25246 RESERVED CVE-2020-25245 (A vulnerability has been identified in DIGSI 4 (All versions < V4.9 ...) NOT-FOR-US: Siemens CVE-2020-25244 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...) NOT-FOR-US: Siemens CVE-2020-25243 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...) NOT-FOR-US: Siemens CVE-2020-25242 (A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced ( ...) NOT-FOR-US: Siemens CVE-2020-25241 (A vulnerability has been identified in SIMATIC MV400 family (All Versi ...) NOT-FOR-US: Siemens CVE-2020-25240 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2020-25239 (A vulnerability has been identified in SINEMA Remote Connect Server (A ...) NOT-FOR-US: Siemens CVE-2020-25238 (A vulnerability has been identified in PCS neo (Administration Console ...) NOT-FOR-US: Siemens CVE-2020-25237 (A vulnerability has been identified in SINEC NMS (All versions < V1 ...) NOT-FOR-US: Siemens CVE-2020-25236 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-25235 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-25234 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-25233 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-25232 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-25231 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-25230 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-25229 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-25228 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-25227 RESERVED CVE-2020-25226 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2020-25225 RESERVED CVE-2020-25224 RESERVED CVE-2020-25223 (A remote code execution vulnerability exists in the WebAdmin of Sophos ...) NOT-FOR-US: Sophos CVE-2020-25222 RESERVED CVE-2020-25221 (get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5 ...) - linux 5.8.7-1 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/9fa2dd946743ae6f30dc4830da19147bf100a7f2 CVE-2020-25220 (The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.1 ...) {DLA-2420-1} - linux (Vulnerable code not present and no partial CVE-2020-14356 fix backported) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868453 NOTE: https://www.spinics.net/lists/stable/msg405099.html CVE-2020-25219 (url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a rem ...) {DSA-4800-1 DLA-2372-1} - libproxy 0.4.15-15 (bug #971394) NOTE: https://github.com/libproxy/libproxy/issues/134 NOTE: https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0 CVE-2020-25218 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...) NOT-FOR-US: Grandstream GRP261x VoIP phone CVE-2020-25217 (Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) ...) NOT-FOR-US: Grandstream GRP261x VoIP phone CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...) NOT-FOR-US: yWorks yEd Desktop CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...) NOT-FOR-US: yWorks yEd Desktop CVE-2020-25214 (In the client in Overwolf 0.149.2.30, a channel can be accessed or inf ...) NOT-FOR-US: Overwolf CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...) NOT-FOR-US: File Manager (wp-file-manager) plugin for WordPress CVE-2020-25212 (A TOCTOU mismatch in the NFS client code in the Linux kernel before 5. ...) {DLA-2420-1 DLA-2385-1} - linux 5.7.17-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/b4487b93545214a9db8cbf32e86411677b0cca21 CVE-2020-25211 (In the Linux kernel through 5.8.7, local attackers able to inject conn ...) {DSA-4774-1 DLA-2420-1 DLA-2417-1} - linux 5.8.14-1 NOTE: https://git.kernel.org/linus/1cc5ef91d2ff94d2bf2de3b3585423e8a1051cb6 CVE-2020-25210 (In JetBrains YouTrack before 2020.3.7955, an attacker could access wor ...) NOT-FOR-US: JetBrains CVE-2020-25209 (In JetBrains YouTrack before 2020.3.6638, improper access control for ...) NOT-FOR-US: JetBrains CVE-2020-25208 (In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate ...) NOT-FOR-US: JetBrains CVE-2020-25207 (JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Exe ...) NOT-FOR-US: JetBrains CVE-2020-25206 (The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 a ...) NOT-FOR-US: F-Secure CVE-2020-25205 (The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 i ...) NOT-FOR-US: F-Secure CVE-2020-25204 (The God Kings application 0.60.1 for Android exposes a broadcast recei ...) NOT-FOR-US: God Kings application for Android CVE-2020-25203 (The Framer Preview application 12 for Android exposes com.framer.viewe ...) NOT-FOR-US: Framer Preview application CVE-2020-25576 (An issue was discovered in the rand_core crate before 0.4.2 for Rust. ...) - rust-rand-core 0.5.0-1 (bug #969911; low) [buster] - rust-rand-core (Minor issue) - rust-rand-core-0.3 (bug #970186; low) - rust-rand-core-0.2 (bug #970185; low) [buster] - rust-rand-core-0.2 (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0035.html NOTE: https://github.com/rust-random/rand/blob/master/rand_core/CHANGELOG.md#050---2019-06-06 CVE-2020-25574 (An issue was discovered in the http crate before 0.1.20 for Rust. An i ...) - rust-http 0.1.19-2 (bug #969896; low) [buster] - rust-http (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2019-0033.html NOTE: https://github.com/hyperium/http/issues/352 CVE-2020-25575 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in the failure ...) - rust-failure (bug #969839; low) [bullseye] - rust-failure (Minor issue; unmaintained upstream) [buster] - rust-failure (Minor issue; unmaintained upstream) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0036.html NOTE: https://github.com/rust-lang-nursery/failure/issues/336 CVE-2020-25202 RESERVED CVE-2020-25201 (HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a names ...) - consul 1.8.6+dfsg1-1 (bug #973892) [buster] - consul (Vulnerable code introduced later) NOTE: https://github.com/hashicorp/consul/pull/9024 NOTE: https://github.com/hashicorp/consul/blob/master/CHANGELOG.md#185-october-23-2020 CVE-2020-25200 (** DISPUTED ** Pritunl 1.29.2145.25 allows attackers to enumerate vali ...) NOT-FOR-US: Pritunl CVE-2020-25199 (A heap-based buffer overflow vulnerability exists within the WECON Lev ...) NOT-FOR-US: WECON LeviStudioU CVE-2020-25198 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...) NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware CVE-2020-25197 RESERVED CVE-2020-25196 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...) NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware CVE-2020-25195 (The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM ...) NOT-FOR-US: Host Engineering CVE-2020-25194 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...) NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware CVE-2020-25193 RESERVED CVE-2020-25192 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...) NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware CVE-2020-25191 (Incorrect permissions are set by default for an API entry-point of a s ...) NOT-FOR-US: National Instruments Corp. (NI) CVE-2020-25190 (The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2 ...) NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer overflo ...) NOT-FOR-US: Paradox IP150 CVE-2020-25188 (An attacker who convinces a valid user to open a specially crafted pro ...) NOT-FOR-US: LAquis SCADA CVE-2020-25187 (Medtronic MyCareLink Smart 25000 all versions are vulnerable when an a ...) NOT-FOR-US: Medtronic MyCareLink Smart 25000 CVE-2020-25186 (An XXE vulnerability exists within LeviStudioU Release Build 2019-09-2 ...) NOT-FOR-US: LeviStudioU Release CVE-2020-25185 (The affected product is vulnerable to five post-authentication buffer ...) NOT-FOR-US: Paradox IP150 CVE-2020-25184 RESERVED CVE-2020-25183 (Medtronic MyCareLink Smart 25000 all versions contain an authenticatio ...) NOT-FOR-US: Medtronic MyCareLink Smart 25000 CVE-2020-25182 RESERVED CVE-2020-25181 (WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer over ...) NOT-FOR-US: WECON PLC Editor CVE-2020-25180 RESERVED CVE-2020-25179 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...) NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products CVE-2020-25178 RESERVED CVE-2020-25177 (WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer ove ...) NOT-FOR-US: WECON PLC Editor CVE-2020-25176 RESERVED CVE-2020-25175 (GE Healthcare Imaging and Ultrasound Products may allow specific crede ...) NOT-FOR-US: GE Healthcare Imaging and Ultrasound Products CVE-2020-25174 (A DLL hijacking vulnerability in the B. Braun OnlineSuite Version AP 3 ...) NOT-FOR-US: B. Braun OnlineSuite Version AP CVE-2020-25173 (An attacker with local network access can obtain a fixed cryptography ...) NOT-FOR-US: Reolink P2P cameras CVE-2020-25172 (A relative path traversal attack in the B. Braun OnlineSuite Version A ...) NOT-FOR-US: B. Braun OnlineSuite Version AP CVE-2020-25171 (The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 ar ...) NOT-FOR-US: Fuji Electric CVE-2020-25170 (An Excel Macro Injection vulnerability exists in the export feature in ...) NOT-FOR-US: B. Braun OnlineSuite Version AP CVE-2020-25169 (The affected Reolink P2P products do not sufficiently protect data tra ...) NOT-FOR-US: Reolink P2P products CVE-2020-25168 RESERVED CVE-2020-25167 RESERVED CVE-2020-25166 RESERVED CVE-2020-25165 (BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alar ...) NOT-FOR-US: BD Alaris PC Unit CVE-2020-25164 RESERVED CVE-2020-25163 RESERVED CVE-2020-25162 RESERVED CVE-2020-25161 (The WADashboard component of WebAccess/SCADA Versions 9.0 and prior ma ...) NOT-FOR-US: WebAccess/SCADA CVE-2020-25160 RESERVED CVE-2020-25159 (499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack- ...) NOT-FOR-US: 499ES CVE-2020-25158 RESERVED CVE-2020-25157 (The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection ...) NOT-FOR-US: R-SeeNet CVE-2020-25156 RESERVED CVE-2020-25155 (The affected product transmits unencrypted sensitive information, whic ...) NOT-FOR-US: NEXCOM CVE-2020-25154 RESERVED CVE-2020-25153 (The built-in web service for MOXA NPort IAW5000A-I/O firmware version ...) NOT-FOR-US: MOXA NPort IAW5000A-I/O firmware CVE-2020-25152 RESERVED CVE-2020-25151 (The affected product does not properly validate input, which may allow ...) NOT-FOR-US: NEXCOM CVE-2020-25150 RESERVED CVE-2020-25149 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25148 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25147 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25146 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25145 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25144 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25143 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25142 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25141 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25140 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25139 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25138 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25137 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25136 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25135 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25134 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25133 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25132 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25131 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25130 (An issue was discovered in Observium Professional, Enterprise & Co ...) NOT-FOR-US: Observium CVE-2020-25129 RESERVED CVE-2020-25128 RESERVED CVE-2020-25127 RESERVED CVE-2020-25126 RESERVED CVE-2020-25124 (The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.p ...) NOT-FOR-US: vBulletin CVE-2020-25123 (The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smili ...) NOT-FOR-US: vBulletin CVE-2020-25122 (The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Ran ...) NOT-FOR-US: vBulletin CVE-2020-25121 (The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription E ...) NOT-FOR-US: vBulletin CVE-2020-25120 (The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php? ...) NOT-FOR-US: vBulletin CVE-2020-25119 (The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help ...) NOT-FOR-US: vBulletin CVE-2020-25118 (The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Setting ...) NOT-FOR-US: vBulletin CVE-2020-25117 (The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title t ...) NOT-FOR-US: vBulletin CVE-2020-25116 (The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title t ...) NOT-FOR-US: vBulletin CVE-2020-25115 (The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or ...) NOT-FOR-US: vBulletin CVE-2020-25114 RESERVED CVE-2020-25113 RESERVED CVE-2020-25112 (An issue was discovered in the IPv6 stack in Contiki through 3.0. Ther ...) NOT-FOR-US: Contiki CVE-2020-25111 (An issue was discovered in the IPv6 stack in Contiki through 3.0. Ther ...) NOT-FOR-US: Contiki CVE-2020-25110 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...) NOT-FOR-US: Nut/OS CVE-2020-25109 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...) NOT-FOR-US: Nut/OS CVE-2020-25108 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...) NOT-FOR-US: Nut/OS CVE-2020-25107 (An issue was discovered in the DNS implementation in Ethernut in Nut/O ...) NOT-FOR-US: Nut/OS CVE-2020-25106 (Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem ...) NOT-FOR-US: Nanosystems SupRemo CVE-2020-25105 (eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recove ...) NOT-FOR-US: eramba CVE-2020-25104 (eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted f ...) NOT-FOR-US: eramba CVE-2020-25103 RESERVED CVE-2020-25102 (silverstripe-advancedreports (aka the Advanced Reports module for Silv ...) NOT-FOR-US: silverstripe-advancedreports CVE-2020-25101 RESERVED CVE-2020-25125 (GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, le ...) - gnupg2 (Only affects versions 2.2.21 and 2.2.22) NOTE: https://dev.gnupg.org/T5050 NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2020q3/000448.html CVE-2020-25100 RESERVED CVE-2020-25099 RESERVED CVE-2020-25098 RESERVED CVE-2020-25097 (An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. D ...) {DSA-4873-1 DLA-2598-1} - squid 4.13-8 (bug #985068) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-jvf6-h9gj-pmj6 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_11.patch CVE-2020-25096 (LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Us ...) NOT-FOR-US: LogRhythm Platform Manager (PM) CVE-2020-25095 (LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface i ...) NOT-FOR-US: LogRhythm Platform Manager (PM) CVE-2020-25094 (LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit ...) NOT-FOR-US: LogRhythm Platform Manager (PM) CVE-2020-25093 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.p ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25092 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25091 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25090 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25089 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25088 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25087 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25086 (Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in applic ...) NOT-FOR-US: Ecommerce-CodeIgniter-Bootstrap CVE-2020-25085 (QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue ...) {DLA-2469-1} - qemu 1:5.2+dfsg-1 (bug #970540) [buster] - qemu (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg00733.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01439.html NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/6 NOTE: https://bugs.launchpad.net/qemu/+bug/1892960 NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fsdhci_oob_write1 NOTE: The second patch referenced appears not to be needed with the commited NOTE: fix and relates to the CVE-2020-17380 assignment. NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 (v5.2.0-rc0) CVE-2020-25084 (QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_p ...) {DLA-2560-1} - qemu 1:5.2+dfsg-1 (bug #970539) [buster] - qemu (Can be fixed along in next qemu DSA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08050.html NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-08/msg08043.html NOTE: https://www.openwall.com/lists/oss-security/2020/09/16/5 NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fxhci_uaf_2 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=21bc31524e8ca487e976f713b878d7338ee00df2 CVE-2020-25083 RESERVED CVE-2020-25082 (An attacker with physical access to Nuvoton Trusted Platform Module (N ...) NOT-FOR-US: Nuvoton CVE-2020-25081 RESERVED CVE-2020-25080 RESERVED CVE-2020-25079 (An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and ...) NOT-FOR-US: D-Link CVE-2020-25078 (An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and ...) NOT-FOR-US: D-Link CVE-2020-25077 RESERVED CVE-2020-25076 RESERVED CVE-2020-25075 RESERVED CVE-2020-25074 (The cache action in action/cache.py in MoinMoin through 1.9.10 allows ...) {DSA-4787-1 DLA-2446-1} - moin NOTE: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq NOTE: https://github.com/moinwiki/moin-1.9/commit/d1e5fc7d3708d877353ca64dd4aa7cfd1cde4cb4 (1.9.11) CVE-2020-25072 RESERVED CVE-2020-25071 (** DISPUTED ** Nifty Project Management Web Application 2020-08-26 all ...) NOT-FOR-US: Nifty Project Management Web Application CVE-2020-25070 (USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the ...) NOT-FOR-US: User-friendly SVN CVE-2020-25069 (USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute ...) NOT-FOR-US: User-friendly SVN CVE-2020-25073 (FreedomBox through 20.13 allows remote attackers to obtain sensitive i ...) - plinth 20.14 [buster] - plinth 19.1+deb10u1 [stretch] - plinth (Minor issue) NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/issues/1935 NOTE: https://salsa.debian.org/freedombox-team/freedombox/-/commit/822c322d20d12f81c6cfca47b66f900542a5aac2 CVE-2020-25068 (Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vuln ...) NOT-FOR-US: Setelsa Conacwin CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command injecti ...) NOT-FOR-US: Netgear CVE-2020-25066 (A heap-based buffer overflow in the Treck HTTP Server component before ...) NOT-FOR-US: Treck CVE-2020-25065 (An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-25064 (An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-25063 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-25062 (An issue was discovered on LG mobile devices with Android OS 9 and 10 ...) NOT-FOR-US: LG mobile devices CVE-2020-25061 (An issue was discovered on LG mobile devices with Android OS 9 and 10 ...) NOT-FOR-US: LG mobile devices CVE-2020-25060 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-25059 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-25058 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-25057 (An issue was discovered on LG mobile devices with Android OS 10 softwa ...) NOT-FOR-US: LG mobile devices CVE-2020-25056 (An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25055 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25054 (An issue was discovered on Samsung mobile devices with software throug ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25053 (An issue was discovered on Samsung mobile devices with Q(10.0) (exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25052 (An issue was discovered on Samsung mobile devices with Q(10.0) (exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25051 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25050 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25049 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25048 (An issue was discovered on Samsung mobile devices with Q(10.0) (with O ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25047 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25046 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-25045 (Installers of Kaspersky Security Center and Kaspersky Security Center ...) NOT-FOR-US: Kaspersky CVE-2020-25044 (Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable ...) NOT-FOR-US: Kaspersky CVE-2020-25043 (The installer of Kaspersky VPN Secure Connection prior to 5.0 was vuln ...) NOT-FOR-US: Kaspersky CVE-2020-25042 (An arbitrary file upload issue exists in Mara CMS 7.5. In order to exp ...) NOT-FOR-US: Mara CMS CVE-2020-25041 RESERVED CVE-2020-25040 (Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary ...) - singularity-container (bug #970465) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-jv9c-w74q-6762 CVE-2020-25039 (Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on tem ...) - singularity-container (bug #970465) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-w6v2-qchm-grj7 CVE-2020-25038 RESERVED CVE-2020-25037 (UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admi ...) NOT-FOR-US: UCOPIA Wi-Fi appliances CVE-2020-25036 (UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to ...) NOT-FOR-US: UCOPIA Wi-Fi appliances CVE-2020-25035 (UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root ...) NOT-FOR-US: UCOPIA Wi-Fi appliances CVE-2020-25034 (eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authentic ...) NOT-FOR-US: eMPS CVE-2020-25033 (The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for ...) NOT-FOR-US: Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin for WordPress CVE-2020-25032 (An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) ...) {DSA-4775-1} - python-flask-cors 3.0.9-1 (bug #969362) NOTE: https://github.com/corydolphin/flask-cors/commit/67c4b2cc98ae87cf1fa7df4f97fd81b40c79b895 CVE-2020-25031 (checkinstall 1.6.2, when used to create a package that contains a syml ...) - checkinstall (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/checkinstall/+bug/1861281 NOTE: Does not cross any reasonable trust boundary, the packages to be installed need to be NOTE: trusted to begin with, a rogue package can cause more harm than a 777 binary CVE-2020-25030 RESERVED CVE-2020-25029 RESERVED CVE-2020-25028 RESERVED CVE-2020-25027 RESERVED CVE-2020-25026 (The sf_event_mgt (aka Event management and registration) extension bef ...) NOT-FOR-US: Typo extension CVE-2020-25025 (The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x bef ...) NOT-FOR-US: Typo extension CVE-2020-25024 RESERVED CVE-2020-25023 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrC ...) NOT-FOR-US: Noise-Java CVE-2020-25022 (An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallba ...) NOT-FOR-US: Noise-Java CVE-2020-25021 (An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCi ...) NOT-FOR-US: Noise-Java CVE-2020-25020 (MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectRe ...) NOT-FOR-US: MPXJ CVE-2020-25019 (jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the E ...) NOT-FOR-US: jitsi-meet-electron CVE-2020-25018 (Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL ...) - envoyproxy (bug #987544) CVE-2020-25017 (Envoy through 1.15.0 only considers the first value when multiple head ...) - envoyproxy (bug #987544) CVE-2020-25015 (A specific router allows changing the Wi-Fi password remotely. Genexis ...) NOT-FOR-US: Genexis Platinum 4410 V2-1.28 CVE-2020-25014 (A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and ...) NOT-FOR-US: Zyxel CVE-2020-25013 (JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Ser ...) NOT-FOR-US: JetBrains CVE-2020-25012 RESERVED CVE-2020-25011 (A sensitive information disclosure vulnerability in Kyland KPS2204 6 P ...) NOT-FOR-US: Kyland CVE-2020-25010 (An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Man ...) NOT-FOR-US: Kyland CVE-2020-25009 RESERVED CVE-2020-25008 RESERVED CVE-2020-25007 RESERVED CVE-2020-25006 (Heybbs v1.2 has a SQL injection vulnerability in login.php file via th ...) NOT-FOR-US: Heybbs CVE-2020-25005 (Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ...) NOT-FOR-US: Heybbs CVE-2020-25004 (Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ...) NOT-FOR-US: Heybbs CVE-2020-25003 RESERVED CVE-2020-25002 RESERVED CVE-2020-25001 RESERVED CVE-2020-25000 RESERVED CVE-2020-24999 (There is an invalid memory access in the function fprintf located in E ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42029 CVE-2020-24998 RESERVED CVE-2020-24997 RESERVED CVE-2020-24996 (There is an invalid memory access in the function TextString::~TextStr ...) - xpdf (xpdf in Debian uses poppler, which is fixed) NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028 CVE-2020-24995 (Buffer overflow vulnerability in sniff_channel_order function in aacde ...) - ffmpeg (Only affects 4.4 development branches) NOTE: https://trac.ffmpeg.org/ticket/8845 NOTE: https://trac.ffmpeg.org/ticket/8859 NOTE: https://trac.ffmpeg.org/ticket/8860 NOTE: Support for 22.2 / channel_config 13 introduced in: NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 NOTE: Fixed by: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6f293353c94c7ce200f6e0975ae3de49787f91f NOTE: Introduced in https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9c0beaf0d3bb72f6e83b3b155a598a9ec28c8468 CVE-2020-24994 (Stack overflow in the parse_tag function in libass/ass_parse.c in liba ...) - libass 1:0.15.0-1 [buster] - libass (Minor issue) [stretch] - libass (Minor issue) NOTE: https://github.com/libass/libass/issues/422 NOTE: https://github.com/libass/libass/issues/423 NOTE: https://github.com/libass/libass/commit/6835731c2fe4164a0c50bc91d12c43b2a2b4e799 (0.15.0) CVE-2020-24993 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...) NOT-FOR-US: CmsWing CVE-2020-24992 (There is a cross site scripting vulnerability on CmsWing 1.3.7. This v ...) NOT-FOR-US: CmsWing CVE-2020-24991 RESERVED CVE-2020-24990 (An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing ...) NOT-FOR-US: QSC Q-SYS Core Manager CVE-2020-24989 RESERVED CVE-2020-24988 RESERVED CVE-2020-24987 (Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(631 ...) NOT-FOR-US: Tenda AC18 Router CVE-2020-24986 (Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File ...) NOT-FOR-US: Concrete5 CVE-2020-24985 (An issue was discovered in Quadbase EspressReports ES 7 Update 9. An a ...) NOT-FOR-US: Quadbase EspressReports CVE-2020-24984 (An issue was discovered in Quadbase EspressReports ES 7 Update 9. It a ...) NOT-FOR-US: Quadbase EspressReports CVE-2020-24983 (An issue was discovered in Quadbase EspressReports ES 7 Update 9. An u ...) NOT-FOR-US: Quadbase EspressReports CVE-2020-24982 (An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9 ...) NOT-FOR-US: Quadbase EspressDashboard CVE-2020-24981 (An Incorrect Access Control vulnerability exists in /ucms/chk.php in U ...) NOT-FOR-US: UCMS CVE-2020-24980 REJECTED CVE-2020-24979 REJECTED CVE-2020-24978 (In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline ...) - nasm 2.15.04-1 [buster] - nasm (Minor issue) [stretch] - nasm (Minor issue) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392712 NOTE: https://github.com/netwide-assembler/nasm/commit/8806c3ca007b84accac21dd88b900fb03614ceb7 CVE-2020-24977 (GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerabil ...) {DLA-2369-1} - libxml2 2.9.10+dfsg-6.2 (unimportant; bug #969529) [buster] - libxml2 2.9.4+dfsg1-7+deb10u2 NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178 NOTE: Fixed by: https://gitlab.gnome.org/GNOME/libxml2/-/commit/50f06b3efb638efb0abd95dc62dca05ae67882c2 NOTE: The issue is specific and restricted to xmllint: NOTE: https://gitlab.gnome.org/GNOME/libxml2/-/issues/178#note_892545 NOTE: and present before the 0b19f236a263 ("Fixed ICU to set flush correctly and NOTE: provide pivot buffer.") commit itself. NOTE: Crash in CLI tool, no security impact CVE-2020-24976 RESERVED CVE-2020-24975 RESERVED CVE-2020-24974 RESERVED CVE-2020-24973 RESERVED CVE-2020-24972 (The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG ...) - kleopatra 4:20.08.2-2 [buster] - kleopatra (Minor issue) [stretch] - kleopatra (Vulnerable code added to Debian in version 4:18.07.90-1) NOTE: Introduced via: https://dev.gnupg.org/rKLEOPATRAd1cd40bae47eb349e14750601223b6b5d9f71940 (v18.07.80+) NOTE: Fixed by: https://dev.gnupg.org/rKLEOPATRAb4bd63c1739900d94c04da03045e9445a5a5f54b NOTE: https://security.gentoo.org/glsa/202008-21 CVE-2020-24971 RESERVED CVE-2020-24970 RESERVED CVE-2020-24969 RESERVED CVE-2020-24968 RESERVED CVE-2020-24967 RESERVED CVE-2020-24966 RESERVED CVE-2020-24965 RESERVED CVE-2020-24964 RESERVED CVE-2020-24963 (An Authenticated Persistent XSS vulnerability was discovered in the Be ...) NOT-FOR-US: Best Support System CVE-2020-24962 RESERVED CVE-2020-24961 RESERVED CVE-2020-24960 RESERVED CVE-2020-24959 RESERVED CVE-2020-24958 RESERVED CVE-2020-24957 RESERVED CVE-2020-24956 RESERVED CVE-2020-24955 (SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local ...) NOT-FOR-US: SUPERAntiSyware Professional CVE-2020-24954 RESERVED CVE-2020-24953 RESERVED CVE-2020-24952 RESERVED CVE-2020-24951 RESERVED CVE-2020-24950 RESERVED CVE-2020-24949 (Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php all ...) NOT-FOR-US: PHP-Fusion CVE-2020-24948 (The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 doe ...) NOT-FOR-US: Autoptimize Wordpress Plugin CVE-2020-24947 RESERVED CVE-2020-24946 RESERVED CVE-2020-24945 RESERVED CVE-2020-24944 (picoquic (before 3rd of July 2020) allows attackers to cause a denial ...) NOT-FOR-US: picoquic CVE-2020-24943 RESERVED CVE-2020-24942 RESERVED CVE-2020-24941 (An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24. ...) NOT-FOR-US: Laravel CVE-2020-24940 (An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23. ...) NOT-FOR-US: Laravel CVE-2020-24939 (Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to ...) NOT-FOR-US: Stampit supermixer CVE-2020-24938 RESERVED CVE-2020-24937 RESERVED CVE-2020-24936 RESERVED CVE-2020-24935 RESERVED CVE-2020-24934 RESERVED CVE-2020-24933 RESERVED CVE-2020-24932 (An SQL Injection vulnerability exists in Sourcecodester Complaint Mana ...) NOT-FOR-US: Sourcecodester CVE-2020-24931 RESERVED CVE-2020-24930 (Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open ...) NOT-FOR-US: Wuzhi CMS CVE-2020-24929 RESERVED CVE-2020-24928 (managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted ...) NOT-FOR-US: PreMiD CVE-2020-24927 RESERVED CVE-2020-24926 RESERVED CVE-2020-24925 (A Sensitive Source Code Path Disclosure vulnerability is found in Elka ...) - elkarbackup (bug #865046) CVE-2020-24924 (A Persistent Cross-site Scripting vulnerability is found in ElkarBacku ...) - elkarbackup (bug #865046) CVE-2020-24923 RESERVED CVE-2020-24922 RESERVED CVE-2020-24921 RESERVED CVE-2020-24920 RESERVED CVE-2020-24919 RESERVED CVE-2020-24918 (A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Serve ...) NOT-FOR-US: Ambarella CVE-2020-24917 (osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxA ...) NOT-FOR-US: osTicket CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulner ...) {DSA-4773-1 DLA-2384-1} - yaws 2.0.8+dfsg-1 NOTE: https://github.com/erlyaws/yaws/commit/799b3b526d15b7a9bc43ae97165aeb085f18fac1 NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection CVE-2020-24915 RESERVED CVE-2020-24914 (A PHP object injection bug in profile.php in qcubed (all versions incl ...) NOT-FOR-US: qcubed CVE-2020-24913 (A SQL injection vulnerability in qcubed (all versions including 3.1.1) ...) NOT-FOR-US: qcubed CVE-2020-24912 (A reflected cross-site scripting (XSS) vulnerability in qcubed (all ve ...) NOT-FOR-US: qcubed CVE-2020-24911 RESERVED CVE-2020-24910 RESERVED CVE-2020-24909 RESERVED CVE-2020-24908 (Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges ...) - check-mk CVE-2020-24907 RESERVED CVE-2020-24906 RESERVED CVE-2020-24905 RESERVED CVE-2020-24904 RESERVED CVE-2020-24903 (Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scri ...) NOT-FOR-US: Cute Editor for ASP.NET CVE-2020-24902 (Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting ...) NOT-FOR-US: Quixplorer CVE-2020-24901 (The default installation of Krpano Panorama Viewer version <=1.20.8 ...) NOT-FOR-US: Krpano Panorama Viewer CVE-2020-24900 (The default installation of Krpano Panorama Viewer version <=1.20.8 ...) NOT-FOR-US: Krpano Panorama Viewer CVE-2020-24899 (Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerabi ...) NOT-FOR-US: Nagios XI CVE-2020-24898 (The Table Filter and Charts for Confluence Server app before 5.3.26 (f ...) NOT-FOR-US: Confluence Server app for Atlassian Confluence CVE-2020-24897 (The Table Filter and Charts for Confluence Server app before 5.3.25 (f ...) NOT-FOR-US: Confluence Server app for Atlassian Confluence CVE-2020-24896 RESERVED CVE-2020-24895 RESERVED CVE-2020-24894 RESERVED CVE-2020-24893 RESERVED CVE-2020-24892 RESERVED CVE-2020-24891 REJECTED CVE-2020-24890 (** DISPUTED ** libraw 20.0 has a null pointer dereference vulnerabilit ...) - libraw (unimportant) NOTE: https://github.com/LibRaw/LibRaw/issues/335 NOTE: https://github.com/LibRaw/LibRaw/issues/335#issuecomment-677637276 CVE-2020-24889 (A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::Ge ...) - libraw 0.20.2-1 [buster] - libraw (Minor issue) [stretch] - libraw (Minor issue) NOTE: https://github.com/LibRaw/LibRaw/issues/334 NOTE: https://github.com/LibRaw/LibRaw/commit/78d323ecbe6a9752aee6e97118a76d40704d73ee CVE-2020-24888 RESERVED CVE-2020-24887 RESERVED CVE-2020-24886 RESERVED CVE-2020-24885 RESERVED CVE-2020-24884 RESERVED CVE-2020-24883 RESERVED CVE-2020-24882 RESERVED CVE-2020-24881 (SSRF exists in osTicket before 1.14.3, where an attacker can add malic ...) NOT-FOR-US: osTicket CVE-2020-24880 RESERVED CVE-2020-24879 RESERVED CVE-2020-24878 RESERVED CVE-2020-24877 (A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php ...) NOT-FOR-US: zzzphp CVE-2020-24876 (Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 ...) NOT-FOR-US: Pancake CVE-2020-24875 RESERVED CVE-2020-24874 RESERVED CVE-2020-24873 RESERVED CVE-2020-24872 RESERVED CVE-2020-24871 RESERVED CVE-2020-24870 (Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_ ...) - libraw 0.20.2-1 [buster] - libraw (Vulnerable code not present) [stretch] - libraw (vulnerable code not present) NOTE: https://github.com/LibRaw/LibRaw/commit/4feaed4dea636cee4fee010f615881ccf76a096d NOTE: https://github.com/LibRaw/LibRaw/issues/330 CVE-2020-24869 RESERVED CVE-2020-24868 RESERVED CVE-2020-24867 RESERVED CVE-2020-24866 RESERVED CVE-2020-24865 RESERVED CVE-2020-24864 RESERVED CVE-2020-24863 (A memory corruption vulnerability was found in the kernel function ker ...) NOT-FOR-US: FreeBSD and MidnightBSD CVE-2020-24862 (The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has ...) NOT-FOR-US: Pharmacy Medical Store and Sale Point CVE-2020-25016 (A safety violation was discovered in the rgb crate before 0.8.20 for R ...) - rust-rgb (bug #969213) [bullseye] - rust-rgb (Minor issue) [buster] - rust-rgb (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0029.html NOTE: https://github.com/kornelski/rust-rgb/issues/35 CVE-2020-24861 (GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings p ...) NOT-FOR-US: GetSimple CMS CVE-2020-24860 (CMS Made Simple 2.2.14 allows an authenticated user with access to the ...) NOT-FOR-US: CMS Made Simple CVE-2020-24859 RESERVED CVE-2020-24858 RESERVED CVE-2020-24857 RESERVED CVE-2020-24856 RESERVED CVE-2020-24855 RESERVED CVE-2020-24854 RESERVED CVE-2020-24853 RESERVED CVE-2020-24852 RESERVED CVE-2020-24851 RESERVED CVE-2020-24850 RESERVED CVE-2020-24849 (A remote code execution vulnerability is identified in FruityWifi thro ...) NOT-FOR-US: FruityWifi CVE-2020-24848 (FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) N ...) NOT-FOR-US: FruityWifi CVE-2020-24847 (A Cross-Site Request Forgery (CSRF) vulnerability is identified in Fru ...) NOT-FOR-US: FruityWifi CVE-2020-24846 RESERVED CVE-2020-24845 RESERVED CVE-2020-24844 RESERVED CVE-2020-24843 RESERVED CVE-2020-24842 (PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can e ...) NOT-FOR-US: PNPSCADA CVE-2020-24841 (PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in ...) NOT-FOR-US: PNPSCADA CVE-2020-24840 RESERVED CVE-2020-24839 RESERVED CVE-2020-24838 (An integer overflow has been found in the the latest version of Issuer ...) NOT-FOR-US: Issuer CVE-2020-24837 (An integer underflow has been found in the latest version of ZCFees. T ...) NOT-FOR-US: ZCFees CVE-2020-24836 RESERVED CVE-2020-24835 RESERVED CVE-2020-24834 RESERVED CVE-2020-24833 RESERVED CVE-2020-24832 RESERVED CVE-2020-24831 RESERVED CVE-2020-24830 RESERVED CVE-2020-24829 (An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It ...) - gpac 1.0.1+dfsg1-2 NOTE: https://github.com/gpac/gpac/issues/1422 NOTE: https://github.com/gpac/gpac/commit/8c5e847185d74462d674ee7d28fb46c29dae6dd2 - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) CVE-2020-24828 RESERVED CVE-2020-24827 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...) - libelfin [bullseye] - libelfin (Minor issue) [buster] - libelfin (Minor issue) [stretch] - libelfin (Minor issue) NOTE: https://github.com/aclements/libelfin/issues/47 NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc181 CVE-2020-24826 (A vulnerability in the elf::section::as_strtab function of Libelfin v0 ...) - libelfin [bullseye] - libelfin (Minor issue) [buster] - libelfin (Minor issue) [stretch] - libelfin (Minor issue) NOTE: https://github.com/aclements/libelfin/issues/49 NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-elfsectionas_strtab-at-elfelfcc284 CVE-2020-24825 (A vulnerability in the line_table::line_table function of Libelfin v0. ...) - libelfin [bullseye] - libelfin (Minor issue) [buster] - libelfin (Minor issue) [stretch] - libelfin (Minor issue) NOTE: https://github.com/aclements/libelfin/issues/46 NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-line_tableline_table-at-dwarflinecc104 CVE-2020-24824 (A global buffer overflow issue in the dwarf::line_table::line_table fu ...) - libelfin [bullseye] - libelfin (Minor issue) [buster] - libelfin (Minor issue) [stretch] - libelfin (Minor issue) NOTE: https://github.com/aclements/libelfin/issues/48 NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#global-buffer-overflow-in-function-dwarfline_tableline_table-at-dwarflinecc107 CVE-2020-24823 (A vulnerability in the dwarf::to_string function of Libelfin v0.3 allo ...) - libelfin [bullseye] - libelfin (Minor issue) [buster] - libelfin (Minor issue) [stretch] - libelfin (Minor issue) NOTE: https://github.com/aclements/libelfin/issues/51 NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfto_string-at-dwarfvaluecc300 CVE-2020-24822 (A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 a ...) - libelfin [bullseye] - libelfin (Minor issue) [buster] - libelfin (Minor issue) [stretch] - libelfin (Minor issue) NOTE: https://github.com/aclements/libelfin/issues/50 NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursoruleb128-at-dwarfinternalhh154 CVE-2020-24821 (A vulnerability in the dwarf::cursor::skip_form function of Libelfin v ...) - libelfin [bullseye] - libelfin (Minor issue) [buster] - libelfin (Minor issue) [stretch] - libelfin (Minor issue) NOTE: https://github.com/aclements/libelfin/issues/52 NOTE: https://github.com/xiaoxiongwang/function_bugs/tree/master/libelfin#segv-in-function-dwarfcursorskip_form-at-dwarfcursorcc191 CVE-2020-24820 RESERVED CVE-2020-24819 RESERVED CVE-2020-24818 RESERVED CVE-2020-24817 RESERVED CVE-2020-24816 RESERVED CVE-2020-24815 (A Server-Side Request Forgery (SSRF) affecting the PDF generation in M ...) NOT-FOR-US: MicroStrategy CVE-2020-24814 RESERVED CVE-2020-24813 RESERVED CVE-2020-24812 RESERVED CVE-2020-24811 RESERVED CVE-2020-24810 RESERVED CVE-2020-24809 RESERVED CVE-2020-24808 RESERVED CVE-2020-24807 (** UNSUPPORTED WHEN ASSIGNED ** The socket.io-file package through 2.0 ...) NOT-FOR-US: Node socket.io-file CVE-2020-24806 RESERVED CVE-2020-24805 RESERVED CVE-2020-24804 RESERVED CVE-2020-24803 RESERVED CVE-2020-24802 RESERVED CVE-2020-24801 RESERVED CVE-2020-24800 RESERVED CVE-2020-24799 RESERVED CVE-2020-24798 RESERVED CVE-2020-24797 RESERVED CVE-2020-24796 RESERVED CVE-2020-24795 RESERVED CVE-2020-24794 (Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75. ...) NOT-FOR-US: Kentico CVE-2020-24793 RESERVED CVE-2020-24792 RESERVED CVE-2020-24791 (FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' paramete ...) NOT-FOR-US: FUEL CMS CVE-2020-24790 RESERVED CVE-2020-24789 RESERVED CVE-2020-24788 RESERVED CVE-2020-24787 RESERVED CVE-2020-24786 (An issue was discovered in Zoho ManageEngine Exchange Reporter Plus be ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-24785 RESERVED CVE-2020-24784 RESERVED CVE-2020-24783 RESERVED CVE-2020-24782 RESERVED CVE-2020-24781 RESERVED CVE-2020-24780 RESERVED CVE-2020-24779 RESERVED CVE-2020-24778 RESERVED CVE-2020-24777 RESERVED CVE-2020-24776 RESERVED CVE-2020-24775 RESERVED CVE-2020-24774 RESERVED CVE-2020-24773 RESERVED CVE-2020-24772 RESERVED CVE-2020-24771 RESERVED CVE-2020-24770 RESERVED CVE-2020-24769 RESERVED CVE-2020-24768 RESERVED CVE-2020-24767 RESERVED CVE-2020-24766 RESERVED CVE-2020-24765 (InterMind iMind Server through 3.13.65 allows remote unauthenticated a ...) NOT-FOR-US: InterMind iMind Server CVE-2020-24764 RESERVED CVE-2020-24763 RESERVED CVE-2020-24762 RESERVED CVE-2020-24761 RESERVED CVE-2020-24760 RESERVED CVE-2020-24759 RESERVED CVE-2020-24758 RESERVED CVE-2020-24757 RESERVED CVE-2020-24756 RESERVED CVE-2020-24755 (In Ubiquiti UniFi Video v3.10.13, when the executable starts, its firs ...) NOT-FOR-US: Ubiquiti UniFi Video CVE-2020-24754 RESERVED CVE-2020-24753 (A memory corruption vulnerability in Objective Open CBOR Run-time (ooc ...) NOT-FOR-US: Objective Open CBOR Run-time CVE-2020-24752 RESERVED CVE-2020-24751 RESERVED CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2798 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/6cc9f1a1af323cd156f5668a47e43bab324ae16f CVE-2020-24749 RESERVED CVE-2020-24748 RESERVED CVE-2020-24747 RESERVED CVE-2020-24746 RESERVED CVE-2020-24745 RESERVED CVE-2020-24744 RESERVED CVE-2020-24743 (An issue was found in /showReports.do Zoho ManageEngine Applications M ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-24742 (An issue has been fixed in Qt versions 5.14.0 where QPluginLoader atte ...) {DSA-4617-1} - qtbase-opensource-src 5.12.5+dfsg-8 - qtbase-opensource-src-gles 5.14.2+dfsg-3 - qt4-x11 (Vulnerable code introduced later) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/280730 NOTE: Introduced in https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=commitdiff;h=3146dadb42cb36aff83a62e831b8b4f4dc1562a7 (v5.6.0-alpha1) NOTE: Fixed by: https://codereview.qt-project.org/gitweb?p=qt/qtbase.git;a=commitdiff;h=bf131e8d2181b3404f5293546ed390999f760404 (v5.14.0-rc1) NOTE: Same fix as CVE-2020-0569 CVE-2020-24741 REJECTED CVE-2020-24740 (An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerab ...) NOT-FOR-US: Pluck CMS CVE-2020-24739 (A CSRF vulnerability was found in iCMS v7.0.0 in the background deleti ...) NOT-FOR-US: idreamsoft iCMS CVE-2020-24738 RESERVED CVE-2020-24737 RESERVED CVE-2020-24736 RESERVED CVE-2020-24735 RESERVED CVE-2020-24734 RESERVED CVE-2020-24733 RESERVED CVE-2020-24732 RESERVED CVE-2020-24731 RESERVED CVE-2020-24730 RESERVED CVE-2020-24729 RESERVED CVE-2020-24728 RESERVED CVE-2020-24727 RESERVED CVE-2020-24726 RESERVED CVE-2020-24725 RESERVED CVE-2020-24724 RESERVED CVE-2020-24723 (Cross Site Scripting (XSS) vulnerability in the Registration page of t ...) NOT-FOR-US: PHPGurukul CVE-2020-24722 (** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple E ...) NOT-FOR-US: GAEN (Google Apple Encounter Notification) protocol CVE-2020-24721 (An issue was discovered in the GAEN (aka Google/Apple Exposure Notific ...) NOT-FOR-US: GAEN (Google Apple Encounter Notification) protocol CVE-2020-24720 RESERVED CVE-2020-24719 (Exposed Erlang Cookie could lead to Remote Command Execution (RCE) att ...) NOT-FOR-US: Couchbase CVE-2020-24718 (bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE th ...) NOT-FOR-US: bhyve CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...) NOT-FOR-US: OpenZFS CVE-2020-24716 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permiss ...) NOT-FOR-US: OpenZFS CVE-2020-24715 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation ...) NOT-FOR-US: Scalyr CVE-2020-24714 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation ...) NOT-FOR-US: Scalyr CVE-2020-24713 (Gophish through 0.10.1 does not invalidate the gophish cookie upon log ...) NOT-FOR-US: Gophish CVE-2020-24712 (Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via ...) NOT-FOR-US: Gophish CVE-2020-24711 (The Reset button on the Account Settings page in Gophish before 0.11.0 ...) NOT-FOR-US: Gophish CVE-2020-24710 (Gophish before 0.11.0 allows SSRF attacks. ...) NOT-FOR-US: Gophish CVE-2020-24709 (Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via ...) NOT-FOR-US: Gophish CVE-2020-24708 (Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via ...) NOT-FOR-US: Gophish CVE-2020-24707 (Gophish before 0.11.0 allows the creation of CSV sheets that contain m ...) NOT-FOR-US: Gophish CVE-2020-24706 (An issue was discovered in certain WSO2 products. The Try It tool allo ...) NOT-FOR-US: WSO2 CVE-2020-24705 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...) NOT-FOR-US: WSO2 CVE-2020-24704 (An issue was discovered in certain WSO2 products. The Try It tool allo ...) NOT-FOR-US: WSO2 CVE-2020-24703 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...) NOT-FOR-US: WSO2 CVE-2020-24702 RESERVED CVE-2020-24701 (OX App Suite through 7.10.4 allows XSS via the app loading mechanism ( ...) NOT-FOR-US: OX App Suite CVE-2020-24700 (OX App Suite through 7.10.3 allows SSRF because GET requests are sent ...) NOT-FOR-US: OX App Suite CVE-2020-24699 (The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress al ...) NOT-FOR-US: Chamber Dashboard Business Directory plugin for WordPress CVE-2020-24698 (An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...) - pdns (unimportant) NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html NOTE: Debian packages not built with experimental GSS-TSIG support CVE-2020-24697 (An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...) - pdns (unimportant) NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html NOTE: Debian packages not built with experimental GSS-TSIG support CVE-2020-24696 (An issue was discovered in PowerDNS Authoritative through 4.3.0 when - ...) - pdns (unimportant) NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-06.html NOTE: Debian packages not built with experimental GSS-TSIG support CVE-2020-24695 RESERVED CVE-2020-24694 RESERVED CVE-2020-24693 (The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 co ...) NOT-FOR-US: Mitel CVE-2020-24692 (The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 co ...) NOT-FOR-US: Mitel CVE-2020-24691 RESERVED CVE-2020-24690 RESERVED CVE-2020-24689 RESERVED CVE-2020-24688 RESERVED CVE-2020-24687 RESERVED CVE-2020-24686 (The vulnerabilities can be exploited to cause the web visualization co ...) NOT-FOR-US: ABB AC500 V2 products CVE-2020-24685 (An unauthenticated specially crafted packet sent by an attacker over t ...) NOT-FOR-US: ABB CVE-2020-24684 RESERVED CVE-2020-24683 (The affected versions of S+ Operations (version 2.1 SP1 and earlier) u ...) NOT-FOR-US: ABB CVE-2020-24682 RESERVED CVE-2020-24681 RESERVED CVE-2020-24680 (In S+ Operations and S+ Historian, the passwords of internal users (no ...) NOT-FOR-US: ABB CVE-2020-24679 (A S+ Operations and S+ Historian service is subject to a DoS by specia ...) NOT-FOR-US: ABB CVE-2020-24678 (An authenticated user might execute malicious code under the user cont ...) NOT-FOR-US: ABB CVE-2020-24677 (Vulnerabilities in the S+ Operations and S+ Historian web applications ...) NOT-FOR-US: ABB CVE-2020-24676 (In Symphony Plus Operations and Symphony Plus Historian, some services ...) NOT-FOR-US: ABB CVE-2020-24675 (In S+ Operations and S+ History, it is possible that an unauthenticate ...) NOT-FOR-US: ABB CVE-2020-24674 (In S+ Operations and S+ Historian, not all client commands correctly c ...) NOT-FOR-US: ABB CVE-2020-24673 (In S+ Operations and S+ Historian, a successful SQL injection exploit ...) NOT-FOR-US: ABB CVE-2020-24672 (A vulnerability in Base Software for SoftControl allows an attacker to ...) NOT-FOR-US: ABB CVE-2020-24671 (Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL ...) NOT-FOR-US: Trace Financial CRESTBridge CVE-2020-24670 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...) NOT-FOR-US: Hitachi CVE-2020-24669 (The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x c ...) NOT-FOR-US: Hitachi CVE-2020-24668 (Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulner ...) NOT-FOR-US: Trace Financial CRESTBridge CVE-2020-24667 (Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL ...) NOT-FOR-US: Trace Financial CRESTBridge CVE-2020-24666 (The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x conta ...) NOT-FOR-US: Hitachi CVE-2020-24665 (The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...) NOT-FOR-US: Hitachi CVE-2020-24664 (The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x cont ...) NOT-FOR-US: Hitachi CVE-2020-24663 (Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnera ...) NOT-FOR-US: Trace Financial CRESTBridge CVE-2020-24662 (SmartStream Transaction Lifecycle Management (TLM) Reconciliation Prem ...) NOT-FOR-US: SmartStream Transaction Lifecycle Management CVE-2020-24661 (GNOME Geary before 3.36.3 mishandles pinned TLS certificate verificati ...) - geary 3.38.0.1-1 [buster] - geary (Minor issue) [stretch] - geary (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/geary/-/issues/866 NOTE: https://gitlab.gnome.org/GNOME/geary/commit/0d957559bbb4be81870c9fafba1c74f0926f59a3 CVE-2020-24660 (An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is ...) {DSA-4762-1 DLA-2367-1} - lemonldap-ng 2.0.9+ds-1 NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2290 CVE-2020-24659 (An issue was discovered in GnuTLS before 3.6.15. A server can trigger ...) - gnutls28 3.6.15-1 (bug #969547) [buster] - gnutls28 3.6.7-4+deb10u7 [stretch] - gnutls28 (Vulnerable code introduced later) NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-09-04 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1071 NOTE: https://gitlab.com/gnutls/gnutls/-/commit/29ee67c205855e848a0a26e6d0e4f65b6b943e0a CVE-2020-24658 (Arm Compiler 5 through 5.06u6 has an error in a stack protection featu ...) NOT-FOR-US: Arm Compiler CVE-2020-24657 RESERVED CVE-2020-24656 (Maltego before 4.2.12 allows XXE attacks. ...) NOT-FOR-US: Maltego CVE-2020-24655 (A race condition in the Twilio Authy 2-Factor Authentication applicati ...) NOT-FOR-US: Twilio Authy 2-Factor Authentication app CVE-2020-24654 (In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can ins ...) {DSA-4759-1} - ark 4:20.08.1-1 (bug #969437) [stretch] - ark (Vulnerable even after upstream patch) NOTE: https://github.com/KDE/ark/commit/8bf8c5ef07b0ac5e914d752681e470dea403a5bd NOTE: https://kde.org/info/security/advisory-20200827-1.txt CVE-2020-24653 (secure-store in Expo through 2.16.1 on iOS provides the insecure kSecA ...) NOT-FOR-US: secure-store in Expo on iOS CVE-2020-24652 (A addvsiinterfaceinfo expression language injection remote code execut ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-24651 (A syslogtempletselectwin expression language injection remote code exe ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-24650 (A legend expression language injection remote code execution vulnerabi ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-24649 (A remote bytemessageresource transformentity" input validation code ex ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-24648 (A accessmgrservlet classname deserialization of untrusted data remote ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-24647 (A remote accessmgrservlet classname input validation code execution vu ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-24646 (A tftpserver stack-based buffer overflow remote code execution vulnera ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-24645 RESERVED CVE-2020-24644 RESERVED CVE-2020-24643 RESERVED CVE-2020-24642 RESERVED CVE-2020-24641 (In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Fo ...) NOT-FOR-US: Aruba CVE-2020-24640 (There is a vulnerability caused by insufficient input validation that ...) NOT-FOR-US: Aruba CVE-2020-24639 (There is a vulnerability caused by unsafe Java deserialization that al ...) NOT-FOR-US: Aruba CVE-2020-24638 (Multiple authenticated remote command executions are possible in Airwa ...) NOT-FOR-US: Aruba CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for an atta ...) NOT-FOR-US: ArubaOS GRUB2 implementation (CVE specific to ArubaOS) CVE-2020-24636 (A remote execution of arbitrary commands vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2020-24635 (A remote execution of arbitrary commands vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...) NOT-FOR-US: Aruba CVE-2020-24633 (There are multiple buffer overflow vulnerabilities that could lead to ...) NOT-FOR-US: Aruba CVE-2020-24632 (A remote execution of arbitrary commandss vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2020-24631 (A remote execution of arbitrary commands vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2020-24630 (A remote operatoronlinelist_content privilege escalation vulnerability ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-24629 (A remote urlaccesscontroller authentication bypass vulnerability was d ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-24628 (A remote code injection vulnerability was discovered in HPE KVM IP Con ...) NOT-FOR-US: HPE CVE-2020-24627 (A remote stored xss vulnerability was discovered in HPE KVM IP Console ...) NOT-FOR-US: HPE CVE-2020-24626 (Unathenticated directory traversal in the ReceiverServlet class doPost ...) NOT-FOR-US: HPE CVE-2020-24625 (Unathenticated directory traversal in the ReceiverServlet class doGet( ...) NOT-FOR-US: HPE CVE-2020-24624 (Unathenticated directory traversal in the DownloadServlet class execut ...) NOT-FOR-US: HPE CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...) NOT-FOR-US: Hewlett Packard Enterprise Universal API Framework CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...) NOT-FOR-US: Sonatype CVE-2020-24621 (A remote code execution (RCE) vulnerability was discovered in the html ...) NOT-FOR-US: OpenMRS CVE-2020-24620 (Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable ...) NOT-FOR-US: Unisys CVE-2020-24619 (In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuse ...) NOT-FOR-US: Shotcut CVE-2020-24618 (In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020. ...) NOT-FOR-US: JetBrains CVE-2020-24617 (Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribe ...) NOT-FOR-US: Mailtrain CVE-2020-24616 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...) {DLA-2638-1} - jackson-databind 2.12.1-1 [buster] - jackson-databind 2.9.8-3+deb10u3 NOTE: https://github.com/FasterXML/jackson-databind/issues/2814 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. NOTE: https://github.com/FasterXML/jackson-databind/commit/3d97153944f7de9c19c1b3637b33d3cf1fbbe4d7 CVE-2020-24615 (Pexip Infinity before 24.1 has Improper Input Validation, leading to t ...) NOT-FOR-US: Pexip Infinity CVE-2020-24613 (wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_C ...) - wolfssl 4.5.0+dfsg-1 (bug #969663) NOTE: https://research.nccgroup.com/2020/08/24/technical-advisory-wolfssl-tls-1-3-client-man-in-the-middle-attack/ CVE-2020-24612 (An issue was discovered in the selinux-policy (aka Reference Policy) p ...) - refpolicy (Debian package doesn't ship pam-u2f config) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860888 NOTE: https://github.com/fedora-selinux/selinux-policy/commit/71e1989028802c7875d3436fd3966c587fa383fb CVE-2020-24611 RESERVED CVE-2020-24610 RESERVED CVE-2020-24609 (TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has X ...) NOT-FOR-US: Savsoft Quiz 5 CVE-2020-24608 RESERVED CVE-2020-24607 RESERVED CVE-2020-24605 RESERVED CVE-2020-24604 (A Reflected XSS vulnerability was discovered in Ignite Realtime Openfi ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-24603 RESERVED CVE-2020-24602 (Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vu ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-24601 (In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability al ...) NOT-FOR-US: Ignite Realtime Openfire CVE-2020-24600 RESERVED CVE-2020-24599 (An issue was discovered in Joomla! before 3.9.21. Lack of escaping in ...) NOT-FOR-US: Joomla! CVE-2020-24598 (An issue was discovered in Joomla! before 3.9.21. Lack of input valida ...) NOT-FOR-US: Joomla! CVE-2020-24597 RESERVED CVE-2020-24596 RESERVED CVE-2020-24595 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker ...) NOT-FOR-US: Mitel CVE-2020-24594 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthen ...) NOT-FOR-US: Mitel CVE-2020-24593 (Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote at ...) NOT-FOR-US: Mitel CVE-2020-24592 (Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker ...) NOT-FOR-US: Mitel CVE-2020-24591 (The Management Console in certain WSO2 products allows XXE attacks dur ...) NOT-FOR-US: WSO2 CVE-2020-24590 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...) NOT-FOR-US: WSO2 CVE-2020-24589 (The Management Console in WSO2 API Manager through 3.1.0 and API Micro ...) NOT-FOR-US: WSO2 CVE-2020-24588 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 [experimental] - firmware-nonfree 20210716-1~exp1 - firmware-nonfree 20210818-1 [bullseye] - firmware-nonfree (Non-free not supported) [buster] - firmware-nonfree (Non-free not supported) NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html NOTE: https://lore.kernel.org/linux-wireless/c4d8c2f040b368225b72a91e74ee282d9ceab4d5.camel@coelho.fi/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.25d93176ddaf.I9e265b597f2cd23eb44573f35b625947b386a9de@changeid/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.11968c725b5c.Idd166365ebea2771c0c0a38c78b5060750f90e17@changeid/ NOTE: Mitigation for similar attack to CVE-2020-24588: NOTE: https://lore.kernel.org/linux-wireless/20210511200110.0b2b886492f0.I23dd5d685fe16d3b0ec8106e8f01b59f499dffed@changeid/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.076543300172.I548e6e71f1ee9cad4b9a37bf212ae7db723587aa@changeid/ NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb CVE-2020-24587 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 [experimental] - firmware-nonfree 20210716-1~exp1 - firmware-nonfree 20210818-1 [bullseye] - firmware-nonfree (Non-free not supported) [buster] - firmware-nonfree (Non-free not supported) NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html NOTE: https://lore.kernel.org/linux-wireless/c4d8c2f040b368225b72a91e74ee282d9ceab4d5.camel@coelho.fi/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/ NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb CVE-2020-24586 (The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, ...) {DLA-2690-1 DLA-2689-1} - linux 5.10.46-1 [buster] - linux 4.19.194-1 [experimental] - firmware-nonfree 20210716-1~exp1 - firmware-nonfree 20210818-1 [bullseye] - firmware-nonfree (Non-free not supported) [buster] - firmware-nonfree (Non-free not supported) NOTE: https://papers.mathyvanhoef.com/usenix2021.pdf NOTE: https://www.fragattacks.com/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00473.html NOTE: https://lore.kernel.org/linux-wireless/c4d8c2f040b368225b72a91e74ee282d9ceab4d5.camel@coelho.fi/ NOTE: https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.3f8290e59823.I622a67769ed39257327a362cfc09c812320eb979@changeid/ NOTE: https://lore.kernel.org/linux-wireless/20210511200110.037aa5ca0390.I7bb888e2965a0db02a67075fcb5deb50eb7408aa@changeid/ NOTE: firmware-nonfree (iwlwifi-fw-2021-05-12) addressed the firmware part of the CVE NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=55d964905a2b6cd790cbbbb46640bb2fb520b0cb CVE-2020-24585 (An issue was discovered in the DTLS handshake implementation in wolfSS ...) - wolfssl 4.5.0+dfsg-1 (bug #969663) NOTE: https://github.com/wolfSSL/wolfssl/pull/3219 NOTE: https://github.com/wolfSSL/wolfssl/commit/3be7f3ea3a56d178acf0f7f84ee4ae8cbfee8915 (v4.5.0-stable) CVE-2020-24584 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...) - python-django 2:2.2.16-1 (bug #969367) [buster] - python-django (Fix along in future DSA) [stretch] - python-django (Requires Python 3.7+) NOTE: https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71 (master) NOTE: https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b (3.1.1) NOTE: https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554 (3.0.10) NOTE: https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f (2.2.16) CVE-2020-24583 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...) - python-django 2:2.2.16-1 (bug #969367) [buster] - python-django (Fix along in future DSA) [stretch] - python-django (Requires Python 3.7+) NOTE: https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9 (master) NOTE: https://github.com/django/django/commit/934430d22aa5d90c2ba33495ff69a6a1d997d584 (3.1.1) NOTE: https://github.com/django/django/commit/08892bffd275c79ee1f8f67639eb170aaaf1181e (3.0.10) NOTE: https://github.com/django/django/commit/375657a71c889c588f723469bd868bd1d40c369f (2.2.16) CVE-2020-24582 (Zulip Desktop before 5.4.3 allows XSS because string escaping is misha ...) NOT-FOR-US: Zulip Desktop CVE-2020-24581 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...) NOT-FOR-US: D-Link CVE-2020-24580 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...) NOT-FOR-US: D-Link CVE-2020-24579 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...) NOT-FOR-US: D-Link CVE-2020-24578 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...) NOT-FOR-US: D-Link CVE-2020-24577 (An issue was discovered on D-Link DSL-2888A devices with firmware prio ...) NOT-FOR-US: D-Link CVE-2020-24576 (Netskope Client through 77 allows low-privileged users to elevate thei ...) NOT-FOR-US: Netskope Client CVE-2020-24575 RESERVED CVE-2020-24574 (The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 ...) NOT-FOR-US: GOG Galaxy client CVE-2020-24573 (BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of ...) NOT-FOR-US: BAB TECHNOLOGIE GmbH eibPort CVE-2020-24572 (An issue was discovered in includes/webconsole.php in RaspAP 2.5. With ...) NOT-FOR-US: RaspAP CVE-2020-24571 (NexusQA NexusDB before 4.50.23 allows the reading of files via ../ dir ...) NOT-FOR-US: NexusDB CVE-2020-24570 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT LINE CVE-2020-24569 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT LINE CVE-2020-24568 (An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB CONNECT LINE CVE-2020-24567 (** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08- ...) NOT-FOR-US: voidtools CVE-2020-24566 (In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4. ...) NOT-FOR-US: Octopus Deploy CVE-2020-24565 (An out-of-bounds read information disclosure vulnerabilities in Trend ...) NOT-FOR-US: Trend Micro CVE-2020-24564 (An out-of-bounds read information disclosure vulnerabilities in Trend ...) NOT-FOR-US: Trend Micro CVE-2020-24563 (A vulnerability in Trend Micro Apex One may allow a local attacker to ...) NOT-FOR-US: Trend Micro CVE-2020-24562 (A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows ...) NOT-FOR-US: Trend Micro CVE-2020-24561 (A command injection vulnerability in Trend Micro ServerProtect for Lin ...) NOT-FOR-US: Trend Micro CVE-2020-24560 (An incomplete SSL server certification validation vulnerability in the ...) NOT-FOR-US: Trend Micro CVE-2020-24559 (A vulnerability in Trend Micro Apex One, Worry-Free Business Security ...) NOT-FOR-US: Trend Micro CVE-2020-24558 (A vulnerability in an Trend Micro Apex One, Worry-Free Business Securi ...) NOT-FOR-US: Trend Micro CVE-2020-24557 (A vulnerability in Trend Micro Apex One and Worry-Free Business Securi ...) NOT-FOR-US: Trend Micro CVE-2020-24556 (A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free ...) NOT-FOR-US: Trend Micro CVE-2020-24614 (Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 a ...) - fossil 1:2.12.1-1 [buster] - fossil (Minor issue) [stretch] - fossil (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/08/20/1 NOTE: https://fossil-scm.org/forum/info/a05ae3ce7760daf6 NOTE: https://fossil-scm.org/fossil/vdiff?branch=sec2020-2.12-patch&diff=1&w CVE-2020-24555 RESERVED CVE-2020-24554 (The redirect module in Liferay Portal before 7.3.3 does not limit the ...) NOT-FOR-US: Liferay CVE-2020-24553 (Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html ...) - golang-1.15 1.15.2-1 (bug #969661) - golang-1.14 (bug #969662) - golang-1.11 [buster] - golang-1.11 (Minor issue) - golang-1.8 [stretch] - golang-1.8 (Minor issue) - golang-1.7 [stretch] - golang-1.7 (Minor issue) NOTE: https://groups.google.com/forum/#!topic/golang-announce/8wqlSbkLdPs NOTE: https://github.com/golang/go/issues/40928 NOTE: https://github.com/golang/go/issues/41164 (1.14 backport) NOTE: https://github.com/golang/go/issues/41165 (1.15 backport) NOTE: https://www.redteam-pentesting.de/en/advisories/rt-sa-2020-004/-inconsistent-behavior-of-gos-cgi-and-fastcgi-transport-may-lead-to-cross-site-scripting CVE-2020-24552 (Atop Technology industrial 3G/4G gateway contains Command Injection vu ...) NOT-FOR-US: Atop Technology industrial 3G/4G gateway CVE-2020-24551 (IProom MMC+ Server login page does not validate specific parameters pr ...) NOT-FOR-US: IProom MMC+ Server CVE-2020-24550 (An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows ...) NOT-FOR-US: EpiServer Find CVE-2020-24549 (openMAINT before 1.1-2.4.2 allows remote authenticated users to run ar ...) NOT-FOR-US: openMAINT CVE-2020-24548 (Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSR ...) NOT-FOR-US: Ericom CVE-2020-24547 RESERVED CVE-2020-24546 RESERVED CVE-2020-24545 RESERVED CVE-2020-24544 RESERVED CVE-2020-24543 RESERVED CVE-2020-24542 RESERVED CVE-2020-24541 RESERVED CVE-2020-24540 RESERVED CVE-2020-24539 RESERVED CVE-2020-24538 RESERVED CVE-2020-24537 RESERVED CVE-2020-24536 RESERVED CVE-2020-24535 RESERVED CVE-2020-24534 RESERVED CVE-2020-24533 RESERVED CVE-2020-24532 RESERVED CVE-2020-24531 RESERVED CVE-2020-24530 RESERVED CVE-2020-24529 RESERVED CVE-2020-24528 RESERVED CVE-2020-24527 RESERVED CVE-2020-24526 RESERVED CVE-2020-24525 (Insecure inherited permissions in firmware update tool for some Intel( ...) NOT-FOR-US: Intel CVE-2020-24524 RESERVED CVE-2020-24523 RESERVED CVE-2020-24522 RESERVED CVE-2020-24521 RESERVED CVE-2020-24520 RESERVED CVE-2020-24519 RESERVED CVE-2020-24518 RESERVED CVE-2020-24517 RESERVED CVE-2020-24516 (Modification of assumed-immutable data in subsystem in Intel(R) CSME v ...) NOT-FOR-US: Intel CVE-2020-24515 (Protection mechanism failure in some Intel(R) RealSense(TM) IDs may al ...) NOT-FOR-US: Intel CVE-2020-24514 (Improper authentication in some Intel(R) RealSense(TM) IDs may allow a ...) NOT-FOR-US: Intel CVE-2020-24513 (Domain-bypass transient execution vulnerability in some Intel Atom(R) ...) {DSA-4934-1 DLA-2718-1} - intel-microcode 3.20210608.1 (bug #989615) NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00465.html CVE-2020-24512 (Observable timing discrepancy in some Intel(R) Processors may allow an ...) {DSA-4934-1 DLA-2718-1} - intel-microcode 3.20210608.1 (bug #989615) NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html CVE-2020-24511 (Improper isolation of shared resources in some Intel(R) Processors may ...) {DSA-4934-1 DLA-2718-1} - intel-microcode 3.20210608.1 (bug #989615) NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00464.html CVE-2020-24510 RESERVED CVE-2020-24509 (Insufficient control flow management in subsystem in Intel(R) SPS vers ...) NOT-FOR-US: Intel CVE-2020-24508 RESERVED CVE-2020-24507 (Improper initialization in a subsystem in the Intel(R) CSME versions b ...) NOT-FOR-US: Intel CVE-2020-24506 (Out of bound read in a subsystem in the Intel(R) CSME versions before ...) NOT-FOR-US: Intel CVE-2020-24505 (Insufficient input validation in the firmware for the Intel(R) 700-ser ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24504 (Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapt ...) - linux 5.14.6-1 [bullseye] - linux (Minor issue, too intrusive to backport) [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00462.html CVE-2020-24503 (Insufficient access control in some Intel(R) Ethernet E810 Adapter dri ...) NOT-FOR-US: Proprietary out-of-tree driver for Intel E810 CVE-2020-24502 (Improper input validation in some Intel(R) Ethernet E810 Adapter drive ...) NOT-FOR-US: Proprietary out-of-tree driver for Intel E810 CVE-2020-24501 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24500 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24499 RESERVED CVE-2020-24498 (Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24497 (Insufficient Access Control in the firmware for Intel(R) E810 Ethernet ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24496 (Insufficient input validation in the firmware for Intel(R) 722 Etherne ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24495 (Insufficient access control in the firmware for the Intel(R) 700-serie ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24494 (Insufficient access control in the firmware for the Intel(R) 722 Ether ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24493 (Insufficient access control in the firmware for the Intel(R) 700-serie ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24492 (Insufficient access control in the firmware for the Intel(R) 722 Ether ...) NOT-FOR-US: Intel NIC firmware CVE-2020-24491 (Debug message containing addresses of memory transactions in some Inte ...) NOT-FOR-US: Intel CVE-2020-24490 (Improper buffer restrictions in BlueZ may allow an unauthenticated use ...) {DLA-2420-1} - linux 5.7.17-1 [buster] - linux 4.19.146-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html NOTE: https://github.com/google/security-research/security/advisories/GHSA-ccx2-w2r4-x649 NOTE: Fixed by: https://git.kernel.org/linus/a2ec905d1e160a33b2e210e45ad30445ef26ce0e (5.8) CVE-2020-24489 (Incomplete cleanup in some Intel(R) VT-d products may allow an authent ...) {DSA-4934-1 DLA-2718-1} - intel-microcode 3.20210608.1 (bug #989615) NOTE: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/releases/tag/microcode-20210608 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00442.html CVE-2020-24488 RESERVED CVE-2020-24487 RESERVED CVE-2020-24486 (Improper input validation in the firmware for some Intel(R) Processors ...) NOT-FOR-US: Intel CVE-2020-24485 (Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux b ...) NOT-FOR-US: Intel CVE-2020-24484 RESERVED CVE-2020-24483 RESERVED CVE-2020-24482 (Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem ...) NOT-FOR-US: Intel CVE-2020-24481 (Insecure inherited permissions for the Intel(R) Quartus Prime Pro and ...) NOT-FOR-US: Intel CVE-2020-24480 (Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may al ...) NOT-FOR-US: Intel CVE-2020-24479 RESERVED CVE-2020-24478 RESERVED CVE-2020-24477 RESERVED CVE-2020-24476 RESERVED CVE-2020-24475 (Improper initialization in the BMC firmware for some Intel(R) Server B ...) NOT-FOR-US: Intel CVE-2020-24474 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...) NOT-FOR-US: Intel CVE-2020-24473 (Out of bounds write in the BMC firmware for some Intel(R) Server Board ...) NOT-FOR-US: Intel CVE-2020-24472 RESERVED CVE-2020-24471 RESERVED CVE-2020-24470 RESERVED CVE-2020-24469 RESERVED CVE-2020-24468 RESERVED CVE-2020-24467 RESERVED CVE-2020-24466 RESERVED CVE-2020-24465 RESERVED CVE-2020-24464 RESERVED CVE-2020-24463 RESERVED CVE-2020-24462 (Out of bounds write in the Intel(R) Graphics Driver before version 15. ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-24461 RESERVED CVE-2020-24460 (Incorrect default permissions in the Intel(R) DSA before version 20.8. ...) NOT-FOR-US: Intel CVE-2020-24459 RESERVED CVE-2020-24458 (Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (T ...) NOT-FOR-US: Intel CVE-2020-24457 (Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) ...) NOT-FOR-US: Intel CVE-2020-24456 (Incorrect default permissions in the Intel(R) Board ID Tool version v. ...) NOT-FOR-US: Intel CVE-2020-24455 (Missing initialization of a variable in the TPM2 source may allow a pr ...) - tpm2-tss 3.0.1-1 [buster] - tpm2-tss (Vulnerable code introduced later) NOTE: https://github.com/tpm2-software/tpm2-tss/commit/0cc5f0e12694f3780a8512fc37a7dbc542ea4330 (master) NOTE: https://github.com/tpm2-software/tpm2-tss/commit/9536b79cd5a13884a7e4de7a571f72530180c20b (3.0.1) NOTE: https://github.com/tpm2-software/tpm2-tss/commit/bf24b0ef0fa8de9300a323f70a097a1afd818439 (2.4.5) CVE-2020-24454 (Improper Restriction of XML External Entity Reference in subsystem for ...) NOT-FOR-US: Intel CVE-2020-24453 (Improper input validation in the Intel(R) EPID SDK before version 8, m ...) NOT-FOR-US: Intel CVE-2020-24452 (Improper input validation in the Intel(R) SGX Platform Software for Wi ...) NOT-FOR-US: Intel CVE-2020-24451 (Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memo ...) NOT-FOR-US: Intel CVE-2020-24450 (Improper conditions check in some Intel(R) Graphics Drivers before ver ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-24449 RESERVED CVE-2020-24448 (Uncaught exception in some Intel(R) Graphics Drivers before version 15 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-24447 (Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affe ...) NOT-FOR-US: Adobe CVE-2020-24446 RESERVED CVE-2020-24445 (AEM's Cloud Service offering, as well as version 6.5.6.0 (and below), ...) NOT-FOR-US: Adobe CVE-2020-24444 (AEM Forms SP6 add-on for AEM 6.5.6.0 and Forms add-on package for AEM ...) NOT-FOR-US: Adobe CVE-2020-24443 (Adobe Connect version 11.0 (and earlier) is affected by a reflected Cr ...) NOT-FOR-US: Adobe CVE-2020-24442 (Adobe Connect version 11.0 (and earlier) is affected by a reflected Cr ...) NOT-FOR-US: Adobe CVE-2020-24441 (Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not ...) NOT-FOR-US: Adobe CVE-2020-24440 (Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontroll ...) NOT-FOR-US: Adobe CVE-2020-24439 (Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 202 ...) NOT-FOR-US: Adobe CVE-2020-24438 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) NOT-FOR-US: Adobe CVE-2020-24437 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) NOT-FOR-US: Adobe CVE-2020-24436 (Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 ( ...) NOT-FOR-US: Adobe CVE-2020-24435 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) NOT-FOR-US: Adobe CVE-2020-24434 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) NOT-FOR-US: Adobe CVE-2020-24433 (Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.00 ...) NOT-FOR-US: Adobe CVE-2020-24432 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) NOT-FOR-US: Adobe CVE-2020-24431 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) NOT-FOR-US: Adobe CVE-2020-24430 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) NOT-FOR-US: Adobe CVE-2020-24429 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) NOT-FOR-US: Adobe CVE-2020-24428 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) NOT-FOR-US: Adobe CVE-2020-24427 (Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 ( ...) NOT-FOR-US: Adobe CVE-2020-24426 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) NOT-FOR-US: Adobe CVE-2020-24425 (Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled ...) NOT-FOR-US: Adobe CVE-2020-24424 (Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncont ...) NOT-FOR-US: Adobe CVE-2020-24423 (Adobe Media Encoder version 14.4 (and earlier) for Windows is affected ...) NOT-FOR-US: Adobe CVE-2020-24422 (Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and ...) NOT-FOR-US: Adobe CVE-2020-24421 (Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL poin ...) NOT-FOR-US: Adobe CVE-2020-24420 (Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected b ...) NOT-FOR-US: Adobe CVE-2020-24419 (Adobe After Effects version 17.1.1 (and earlier) for Windows is affect ...) NOT-FOR-US: Adobe CVE-2020-24418 (Adobe After Effects version 17.1.1 (and earlier) is affected by an out ...) NOT-FOR-US: Adobe CVE-2020-24417 RESERVED CVE-2020-24416 (Marketo Sales Insight plugin version 1.4355 (and earlier) is affected ...) NOT-FOR-US: Marketo Sales Insight plugin CVE-2020-24415 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2020-24414 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2020-24413 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2020-24412 (Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory ...) NOT-FOR-US: Adobe CVE-2020-24411 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2020-24410 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2020-24409 (Adobe Illustrator version 24.2 (and earlier) is affected by an out-of- ...) NOT-FOR-US: Adobe CVE-2020-24408 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by a per ...) NOT-FOR-US: Magento CVE-2020-24407 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an un ...) NOT-FOR-US: Magento CVE-2020-24406 (When in maintenance mode, Magento version 2.4.0 and 2.3.4 (and earlier ...) NOT-FOR-US: Magento CVE-2020-24405 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...) NOT-FOR-US: Magento CVE-2020-24404 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...) NOT-FOR-US: Magento CVE-2020-24403 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...) NOT-FOR-US: Magento CVE-2020-24402 (Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an inc ...) NOT-FOR-US: Magento CVE-2020-24401 (Magento versions 2.4.0 and 2.3.5p1 (and earlier) are affected by an in ...) NOT-FOR-US: Magento CVE-2020-24400 (Magento versions 2.4.0 and 2.3.5 (and earlier) are affected by an SQL ...) NOT-FOR-US: Magento CVE-2020-24399 RESERVED CVE-2020-24398 RESERVED CVE-2020-24397 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-24396 (homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH key ...) NOT-FOR-US: homee Brain Cube CVE-2020-24395 (The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28 ...) NOT-FOR-US: homee Brain Cube CVE-2020-24394 (In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) ca ...) - linux 5.7.6-1 (bug #962254) [buster] - linux 4.19.131-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/22cf8419f1319ff87ec759d0ebdff4cbafaee832 CVE-2020-24393 (TweetStream 2.6.1 uses the library eventmachine in an insecure way tha ...) NOT-FOR-US: TweetStream CVE-2020-24392 (In voloko twitter-stream 0.1.10, missing TLS hostname validation allow ...) - ruby-twitter-stream (bug #988733) [bullseye] - ruby-twitter-stream (Minor issue) [buster] - ruby-twitter-stream (Minor issue) [stretch] - ruby-twitter-stream (Minor issue) NOTE: https://securitylab.github.com/advisories/GHSL-2020-097-voloko-twitter-stream CVE-2020-24391 (mongo-express before 1.0.0 offers support for certain advanced syntax ...) NOT-FOR-US: mongo-express CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-24389 RESERVED CVE-2020-24388 (An issue was discovered in the _send_secure_msg() function of yubihsm- ...) NOT-FOR-US: yubihsm-shell CVE-2020-24387 (An issue was discovered in the yh_create_session() function of yubihsm ...) NOT-FOR-US: yubihsm-shell CVE-2020-24386 (An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, ...) {DSA-4825-1 DLA-2517-1} - dovecot 1:2.3.13+dfsg1-1 (bug #979363) NOTE: https://dovecot.org/pipermail/dovecot-news/2021-January/000450.html NOTE: https://github.com/dovecot/core/commit/00df2308b0733e810824545183d73276c416cdd3 NOTE: https://github.com/dovecot/core/commit/b4a9872b833b7985c7d0e7615f1b7fc812dd4c55 CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...) NOT-FOR-US: FreeBSD and MidnightBSD CVE-2020-24384 (A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GU ...) NOT-FOR-US: A10 Networks CVE-2020-24383 (An issue was discovered in FNET through 4.6.4. The code for processing ...) NOT-FOR-US: FNET CVE-2020-24382 RESERVED CVE-2020-24381 (GUnet Open eClass Platform (aka openeclass) before 3.11 might allow re ...) NOT-FOR-US: GUnet Open eClass Platform CVE-2020-24380 RESERVED CVE-2020-24379 (WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vul ...) {DSA-4773-1 DLA-2384-1} - yaws 2.0.8+dfsg-1 NOTE: https://github.com/erlyaws/yaws/commit/05a06345012598f5da55dbb4d041c8dc26e88e6c NOTE: https://github.com/vulnbe/poc-yaws-dav-xxe CVE-2020-24378 RESERVED CVE-2020-24377 (A DNS rebinding vulnerability in the Freebox OS web interface in Freeb ...) NOT-FOR-US: Freebox CVE-2020-24376 (A DNS rebinding vulnerability in the UPnP IGD implementations in Freeb ...) NOT-FOR-US: Freebox CVE-2020-24375 (A DNS rebinding vulnerability in the UPnP MediaServer implementation i ...) NOT-FOR-US: Freebox CVE-2020-24374 (A DNS rebinding vulnerability in Freebox v5 before 1.5.29. ...) NOT-FOR-US: Freebox CVE-2020-24373 (A CSRF vulnerability in the UPnP MediaServer implementation in Freebox ...) NOT-FOR-US: Freebox CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...) - luajit (unimportant) NOTE: https://github.com/LuaJIT/LuaJIT/issues/603 NOTE: No security impact, only "exploitable" with untrusted Lua code CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the ...) - lua5.4 5.4.1-1 (bug #971010) - lua5.3 (Vulnerable code introduced in 5.4.0) NOTE: https://github.com/lua/lua/commit/a6da1472c0c5e05ff249325f979531ad51533110 NOTE: https://www.lua.org/bugs.html#5.4.0-10 CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation faul ...) {DLA-2381-1} - lua5.4 5.4.1-1 (bug #971613) - lua5.3 5.3.6-1 (bug #988734) [bullseye] - lua5.3 (Minor issue) [buster] - lua5.3 (Minor issue) NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00324.html NOTE: (lua5.4) https://github.com/lua/lua/commit/a585eae6e7ada1ca9271607a4f48dfb17868ab7b NOTE: (lua5.3) https://github.com/lua/lua/commit/b5bc89846721375fe30772eb8c5ab2786f362bf9 CVE-2020-24369 (ldebug.c in Lua 5.4.0 attempts to access debug information via the lin ...) - lua5.4 5.4.1-1 (bug #971013) NOTE: https://github.com/lua/lua/commit/ae5b5ba529753c7a653901ffc29b5ea24c3fdf3a NOTE: https://www.lua.org/bugs.html#5.4.0-12 CVE-2020-24368 (Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Director ...) {DSA-4747-1 DLA-2343-1} - icingaweb2 2.8.2-1 (bug #968833) NOTE: https://icinga.com/2020/08/19/icinga-web-security-release-v2-6-4-v2-7-4-and-v2-8-2/ NOTE: https://github.com/Icinga/icingaweb2/issues/4226 NOTE: https://github.com/Icinga/icingaweb2/commit/5700caf5f2ebd8a20ce2bd9ca30cb471f8b7487e (support/2.6) NOTE: https://github.com/Icinga/icingaweb2/commit/3035efac65ca2f7977916bd117056aa411776dfd (master) CVE-2020-24367 (Incorrect file permissions in BlueStacks 4 through 4.230 on Windows al ...) NOT-FOR-US: BlueStacks CVE-2020-24366 (Sensitive information could be disclosed in the JetBrains YouTrack app ...) NOT-FOR-US: JetBrains CVE-2020-24365 (An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-12 ...) NOT-FOR-US: Gemtek devices CVE-2020-24364 (MineTime through 1.8.5 allows arbitrary command execution via the note ...) NOT-FOR-US: MineTime CVE-2020-24363 (TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticat ...) NOT-FOR-US: TP-Link CVE-2020-24362 RESERVED CVE-2020-24361 (SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, P ...) {DLA-2393-1} - snmptt 1.4.2-1 [buster] - snmptt (Minor issue) NOTE: https://sourceforge.net/p/snmptt/git/ci/f6aef5223bc9ed8126268a273ac9f5c341af835a CVE-2020-24360 (An issue with ARP packets in Arista’s EOS affecting the 7800R3, ...) NOT-FOR-US: Arista CVE-2020-24359 (HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrect ...) NOT-FOR-US: vault-ssh-helper CVE-2020-24358 RESERVED CVE-2020-24357 RESERVED CVE-2020-24356 (`cloudflared` versions prior to 2020.8.1 contain a local privilege esc ...) NOT-FOR-US: cloudflared CVE-2020-24355 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...) NOT-FOR-US: Zyxel CVE-2020-24354 (Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibl ...) NOT-FOR-US: Zyxel CVE-2020-24353 (Pega Platform before 8.4.0 has a XSS issue via stream rule parameters ...) NOT-FOR-US: Pega Platform CVE-2020-24352 (An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory ...) - qemu (unimportant; bug #968820) [buster] - qemu (Vulnerable code introduced in ATI VGA device emulation added later) [stretch] - qemu (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1847584 NOTE: Feature isn't production-ready/experimental: https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg05528.html CVE-2020-24351 RESERVED CVE-2020-24350 RESERVED CVE-2020-24349 (njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_va ...) NOT-FOR-US: njs CVE-2020-24348 (njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_jso ...) NOT-FOR-US: njs CVE-2020-24347 (njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvl ...) NOT-FOR-US: njs CVE-2020-24346 (njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_par ...) NOT-FOR-US: njs CVE-2020-24345 (** DISPUTED ** JerryScript through 2.3.0 allows stack consumption via ...) NOTE: Disputed JerryScript issue CVE-2020-24344 (JerryScript through 2.3.0 has a (function({a=arguments}){const argumen ...) - iotjs (bug #988213) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3976 NOTE: https://github.com/jerryscript-project/jerryscript/commit/841d536fce1ce29267cdf0ea12be4026e1c35d3a CVE-2020-24343 (Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of ...) - mujs (Didn't affect any released version of mujs) NOTE: https://github.com/ccxvii/mujs/issues/136 CVE-2020-24342 (Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring be ...) - lua5.4 5.4.1-1 (bug #971012) NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00052.html NOTE: https://github.com/lua/lua/commit/34affe7a63fc5d842580a9f23616d057e17dfe27 CVE-2020-24341 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The T ...) NOT-FOR-US: picoTCP (and picoTCP-NG) CVE-2020-24340 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The c ...) NOT-FOR-US: picoTCP (and picoTCP-NG) CVE-2020-24339 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The D ...) NOT-FOR-US: picoTCP (and picoTCP-NG) CVE-2020-24338 (An issue was discovered in picoTCP through 1.7.0. The DNS domain name ...) NOT-FOR-US: picoTCP CVE-2020-24337 (An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When ...) NOT-FOR-US: picoTCP (and picoTCP-NG) CVE-2020-24336 (An issue was discovered in Contiki through 3.0 and Contiki-NG through ...) NOT-FOR-US: Contiki CVE-2020-24335 (An issue was discovered in uIP through 1.0, as used in Contiki and Con ...) NOT-FOR-US: Contiki CVE-2020-24334 (The code that processes DNS responses in uIP through 1.0, as used in C ...) NOT-FOR-US: uIP CVE-2020-24333 (A vulnerability in Arista’s CloudVision Portal (CVP) prior to 20 ...) NOT-FOR-US: Arista CVE-2020-24332 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...) - trousers (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472 NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/ NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1 NOTE: In Debian, tcsd gets started under the tss user CVE-2020-24331 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...) - trousers (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472 NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/ NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1 NOTE: In Debian, tcsd gets started under the tss user CVE-2020-24330 (An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon ...) - trousers (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1164472 NOTE: https://sourceforge.net/p/trousers/mailman/message/37015817/ NOTE: https://www.openwall.com/lists/oss-security/2020/08/14/1 NOTE: In Debian, tcsd gets started under the tss user CVE-2020-24329 RESERVED CVE-2020-24328 RESERVED CVE-2020-24327 (Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2 ...) NOT-FOR-US: Discourse CVE-2020-24326 RESERVED CVE-2020-24325 RESERVED CVE-2020-24324 RESERVED CVE-2020-24323 RESERVED CVE-2020-24322 RESERVED CVE-2020-24321 RESERVED CVE-2020-24320 RESERVED CVE-2020-24319 RESERVED CVE-2020-24318 RESERVED CVE-2020-24317 RESERVED CVE-2020-24316 (WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the va ...) NOT-FOR-US: WP Plugin Rednumber Admin Menu CVE-2020-24315 (Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL stateme ...) NOT-FOR-US: Vinoj Cardoza WordPress Poll Plugin CVE-2020-24314 (Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitiz ...) NOT-FOR-US: Fahad Mahmood RSS Feed Widget Plugin CVE-2020-24313 (Etoile Web Design Ultimate Appointment Booking & Scheduling WordPr ...) NOT-FOR-US: Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin CVE-2020-24312 (mndpsingh287 WP File Manager v6.4 and lower fails to restrict external ...) NOT-FOR-US: mndpsingh287 WP File Manager CVE-2020-24311 RESERVED CVE-2020-24310 RESERVED CVE-2020-24309 RESERVED CVE-2020-24308 RESERVED CVE-2020-24307 RESERVED CVE-2020-24306 RESERVED CVE-2020-24305 RESERVED CVE-2020-24304 RESERVED CVE-2020-24303 (Grafana before 7.1.0-beta 1 allows XSS via a query alias for the Elast ...) - grafana CVE-2020-24302 RESERVED CVE-2020-24301 (Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a spec ...) NOT-FOR-US: HAPI FHIR Testpage Overlay CVE-2020-24300 RESERVED CVE-2020-24299 RESERVED CVE-2020-24298 RESERVED CVE-2020-24297 (httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remo ...) NOT-FOR-US: TP-Link CVE-2020-24296 RESERVED CVE-2020-24295 RESERVED CVE-2020-24294 RESERVED CVE-2020-24293 RESERVED CVE-2020-24292 RESERVED CVE-2020-24291 RESERVED CVE-2020-24290 RESERVED CVE-2020-24289 RESERVED CVE-2020-24288 RESERVED CVE-2020-24287 RESERVED CVE-2020-24286 RESERVED CVE-2020-24285 (INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to ...) NOT-FOR-US: intelbras CVE-2020-24284 RESERVED CVE-2020-24283 RESERVED CVE-2020-24282 RESERVED CVE-2020-24281 RESERVED CVE-2020-24280 RESERVED CVE-2020-24279 RESERVED CVE-2020-24278 RESERVED CVE-2020-24277 RESERVED CVE-2020-24276 RESERVED CVE-2020-24275 RESERVED CVE-2020-24274 RESERVED CVE-2020-24273 RESERVED CVE-2020-24272 RESERVED CVE-2020-24271 (A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an ad ...) NOT-FOR-US: EasyCMS CVE-2020-24270 RESERVED CVE-2020-24269 RESERVED CVE-2020-24268 RESERVED CVE-2020-24267 RESERVED CVE-2020-24266 (An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ...) - tcpreplay 4.3.4-1 (bug #972889; unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/617 NOTE: Crash in CLI tool, no security impact CVE-2020-24265 (An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap b ...) - tcpreplay 4.3.4-1 (bug #972890; unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/616 NOTE: Crash in CLI tool, no security impact CVE-2020-24264 (Portainer 1.24.1 and earlier is affected by incorrect access control t ...) NOT-FOR-US: Portainer CVE-2020-24263 (Portainer 1.24.1 and earlier is affected by an insecure permissions vu ...) NOT-FOR-US: Portainer CVE-2020-24262 RESERVED CVE-2020-24261 RESERVED CVE-2020-24260 RESERVED CVE-2020-24259 RESERVED CVE-2020-24258 RESERVED CVE-2020-24257 RESERVED CVE-2020-24256 RESERVED CVE-2020-24255 RESERVED CVE-2020-24254 RESERVED CVE-2020-24253 RESERVED CVE-2020-24252 RESERVED CVE-2020-24251 RESERVED CVE-2020-24250 RESERVED CVE-2020-24249 RESERVED CVE-2020-24248 RESERVED CVE-2020-24247 RESERVED CVE-2020-24246 (Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to ...) NOT-FOR-US: Peplink Balance CVE-2020-24245 RESERVED CVE-2020-24244 RESERVED CVE-2020-24243 RESERVED CVE-2020-24242 (In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_tex ...) - nasm 2.15.04-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392708 NOTE: https://github.com/netwide-assembler/nasm/commit/6299a3114ce0f3acd55d07de201a8ca2f0a83059 NOTE: Crash in CLI tool, no security impact CVE-2020-24241 (In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in ...) - nasm 2.15.04-1 (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392707 NOTE: https://github.com/netwide-assembler/nasm/commit/6ac6ac57e3d01ea8ed4ea47706eb724b59176461 NOTE: https://github.com/netwide-assembler/nasm/commit/78df8828a0a5d8e2d8ff3dced562bf1778ce2e6c NOTE: Crash in CLI tool, no security impact CVE-2020-24240 (GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/ob ...) - bison 2:3.7.2+dfsg-1 (unimportant) [buster] - bison (Vulnerable code introduced later) [stretch] - bison (Vulnerable code introduced later) NOTE: Introduced by: https://github.com/akimd/bison/commit/7346163840080f289f0adbadfbf5659c620d5fea (v3.5.91) NOTE: Fixed by: https://github.com/akimd/bison/commit/be95a4fe2951374676efc9454ffee8638faaf68d (v3.7.1) NOTE: https://lists.gnu.org/r/bug-bison/2020-07/msg00051.html NOTE: Crash in CLI tool, no security impact CVE-2020-24239 RESERVED CVE-2020-24238 RESERVED CVE-2020-24237 RESERVED CVE-2020-24236 RESERVED CVE-2020-24235 RESERVED CVE-2020-24234 RESERVED CVE-2020-24233 RESERVED CVE-2020-24232 RESERVED CVE-2020-24231 (Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. ...) NOT-FOR-US: Symmetric DS CVE-2020-24230 RESERVED CVE-2020-24229 RESERVED CVE-2020-24228 RESERVED CVE-2020-24227 (Playground Sessions v2.5.582 (and earlier) for Windows, stores the use ...) NOT-FOR-US: Playground Sessions for Windows CVE-2020-24226 RESERVED CVE-2020-24225 RESERVED CVE-2020-24224 RESERVED CVE-2020-24223 (Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the ...) NOT-FOR-US: Mara CMS CVE-2020-24222 RESERVED CVE-2020-24221 RESERVED CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...) NOT-FOR-US: ShopXO CVE-2020-24219 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...) NOT-FOR-US: URayTech IPTV/H.264/H.265 video encoders CVE-2020-24218 (An issue was discovered on URayTech IPTV/H.264/H.265 video encoders th ...) NOT-FOR-US: URayTech IPTV/H.264/H.265 video encoders CVE-2020-24217 (An issue was discovered in the box application on HiSilicon based IPTV ...) NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders CVE-2020-24216 (An issue was discovered in the box application on HiSilicon based IPTV ...) NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders CVE-2020-24215 (An issue was discovered in the box application on HiSilicon based IPTV ...) NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders CVE-2020-24214 (An issue was discovered in the box application on HiSilicon based IPTV ...) NOT-FOR-US: HiSilicon based IPTV/H.264/H.265 video encoders CVE-2020-24213 (An integer overflow was discovered in YGOPro ygocore v13.51. Attackers ...) NOT-FOR-US: ygocore CVE-2020-24212 REJECTED CVE-2020-24211 RESERVED CVE-2020-24210 RESERVED CVE-2020-24209 RESERVED CVE-2020-24208 (A SQL injection vulnerability in SourceCodester Online Shopping Alphaw ...) NOT-FOR-US: SourceCodester CVE-2020-24207 RESERVED CVE-2020-24206 RESERVED CVE-2020-24205 RESERVED CVE-2020-24204 RESERVED CVE-2020-24203 (Insecure File Permissions and Arbitrary File Upload in the upload pic ...) NOT-FOR-US: Projects World Travel Management System CVE-2020-24202 (File Upload component in Projects World House Rental v1.0 suffers from ...) NOT-FOR-US: Projects World House Rental CVE-2020-24201 RESERVED CVE-2020-24200 REJECTED CVE-2020-24199 (Arbitrary File Upload in the Vehicle Image Upload component in Project ...) NOT-FOR-US: Vehicle Image Upload component in Project Worlds Car Rental Management System CVE-2020-24198 (A persistent cross-site scripting vulnerability in Sourcecodester Stoc ...) NOT-FOR-US: Sourcecodester Stock Management System CVE-2020-24197 (A SQL injection vulnerability in the login component in Stock Manageme ...) NOT-FOR-US: Stock Management System CVE-2020-24196 (An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental ...) NOT-FOR-US: Online Bike Rental CVE-2020-24195 (An Arbitrary File Upload in the Upload Image component in Sourcecodest ...) NOT-FOR-US: Sourcecodester Online Bike Rental CVE-2020-24194 (A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in So ...) NOT-FOR-US: SourceCodester Daily Tracker System CVE-2020-24193 (A SQL injection vulnerability in login in Sourcecodetester Daily Track ...) NOT-FOR-US: Sourcecodetester Daily Tracker System CVE-2020-24192 RESERVED CVE-2020-24191 RESERVED CVE-2020-24190 RESERVED CVE-2020-24189 RESERVED CVE-2020-24188 (Cross-site scripting (XSS) vulnerability in the search functionality i ...) NOT-FOR-US: United Planet Intrexx Professional CVE-2020-24187 RESERVED CVE-2020-24186 (A Remote Code Execution vulnerability exists in the gVectors wpDiscuz ...) NOT-FOR-US: gVectors wpDiscuz plugin for WordPress CVE-2020-24185 RESERVED CVE-2020-24184 RESERVED CVE-2020-24183 RESERVED CVE-2020-24182 RESERVED CVE-2020-24181 RESERVED CVE-2020-24180 RESERVED CVE-2020-24179 RESERVED CVE-2020-24178 RESERVED CVE-2020-24177 RESERVED CVE-2020-24176 RESERVED CVE-2020-24175 (Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius ...) NOT-FOR-US: IZArc CVE-2020-24174 RESERVED CVE-2020-24173 RESERVED CVE-2020-24172 RESERVED CVE-2020-24171 RESERVED CVE-2020-24170 RESERVED CVE-2020-24169 RESERVED CVE-2020-24168 RESERVED CVE-2020-24167 RESERVED CVE-2020-24166 RESERVED CVE-2020-24165 RESERVED CVE-2020-24164 (A deserialization flaw is present in Taoensso Nippy before 2.14.2. In ...) NOT-FOR-US: Taoensso Nippy CVE-2020-24163 RESERVED CVE-2020-24162 (The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App ...) NOT-FOR-US: Shenzhen Tencent app CVE-2020-24161 (Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacki ...) NOT-FOR-US: Guangzhou NetEase Mail Master CVE-2020-24160 (Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vu ...) NOT-FOR-US: Shenzhen Tencent TIM Windows client CVE-2020-24159 (NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can ...) NOT-FOR-US: NetEase Youdao Dictionary CVE-2020-24158 (360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which ...) NOT-FOR-US: 360 Speed Browser CVE-2020-24157 RESERVED CVE-2020-24156 RESERVED CVE-2020-24155 RESERVED CVE-2020-24154 RESERVED CVE-2020-24153 RESERVED CVE-2020-24152 RESERVED CVE-2020-24151 RESERVED CVE-2020-24150 RESERVED CVE-2020-24149 (Server-side request forgery (SSRF) in the Podcast Importer SecondLine ...) NOT-FOR-US: Podcast Importer SecondLine (podcast-importer-secondline) plugin for WordPress CVE-2020-24148 (Server-side request forgery (SSRF) in the Import XML and RSS Feeds (im ...) NOT-FOR-US: Import XML and RSS Feeds (import-xml-feed) plugin for WordPress CVE-2020-24147 (Server-side request forgery (SSR) vulnerability in the WP Smart Import ...) NOT-FOR-US: WP Smart Import (wp-smart-import) plugin for WordPress CVE-2020-24146 (Directory traversal in the CM Download Manager (aka cm-download-manage ...) NOT-FOR-US: CM Download Manager (aka cm-download- manager) plugin for WordPress CVE-2020-24145 (Cross Site Scripting (XSS) vulnerability in the CM Download Manager (a ...) NOT-FOR-US: CM Download Manager (aka cm-download-manager) plugin for WordPress CVE-2020-24144 (Directory traversal in the Media File Organizer (aka media-file-organi ...) NOT-FOR-US: Media File Organizer (aka media-file- organizer) plugin for WordPress CVE-2020-24143 (Directory traversal in the Video Downloader for TikTok (aka downloader ...) NOT-FOR-US: Video Downloader for TikTok (aka downloader-tiktok) plugin for WordPress CVE-2020-24142 (Server-side request forgery in the Video Downloader for TikTok (aka do ...) NOT-FOR-US: Video Downloader for TikTok (aka downloader-tiktok) plugin for WordPress CVE-2020-24141 (Server-side request forgery in the WP-DownloadManager plugin 1.68.4 fo ...) NOT-FOR-US: WP-DownloadManager plugin for WordPress CVE-2020-24140 (Server-side request forgery in Wcms 0.3.2 let an attacker send crafted ...) NOT-FOR-US: wmcs CVE-2020-24139 (Server-side request forgery in Wcms 0.3.2 lets an attacker send crafte ...) NOT-FOR-US: wmcs CVE-2020-24138 (Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote a ...) NOT-FOR-US: wmcs CVE-2020-24137 (Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to ...) NOT-FOR-US: wmcs CVE-2020-24136 (Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary ...) NOT-FOR-US: wmcs CVE-2020-24135 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...) NOT-FOR-US: wmcs CVE-2020-24134 RESERVED CVE-2020-24133 (A heap buffer overflow vulnerability in the r_asm_swf_disass function ...) NOT-FOR-US: radare2 extras CVE-2020-24132 RESERVED CVE-2020-24131 RESERVED CVE-2020-24130 (A cross site request forgery (CSRF) vulnerability in the configure.htm ...) NOT-FOR-US: Ponzu CMS CVE-2020-24129 RESERVED CVE-2020-24128 RESERVED CVE-2020-24127 RESERVED CVE-2020-24126 RESERVED CVE-2020-24125 RESERVED CVE-2020-24124 RESERVED CVE-2020-24123 RESERVED CVE-2020-24122 RESERVED CVE-2020-24121 RESERVED CVE-2020-24120 RESERVED CVE-2020-24119 (A heap buffer overflow read was discovered in upx 4.0.0, because the c ...) - upx-ucl (unimportant) NOTE: https://github.com/upx/upx/issues/388 NOTE: https://github.com/upx/upx/commit/87b73e5cfdc12da94c251b2cd83bb01c7d9f616c CVE-2020-24118 RESERVED CVE-2020-24117 RESERVED CVE-2020-24116 RESERVED CVE-2020-24115 (In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials i ...) NOT-FOR-US: projectworlds Online Book Store CVE-2020-24114 RESERVED CVE-2020-24113 RESERVED CVE-2020-24112 RESERVED CVE-2020-24111 RESERVED CVE-2020-24110 RESERVED CVE-2020-24109 RESERVED CVE-2020-24108 RESERVED CVE-2020-24107 RESERVED CVE-2020-24106 RESERVED CVE-2020-24105 RESERVED CVE-2020-24104 (XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router. ...) NOT-FOR-US: PIX-Link Repeater/Router LV-WR07 CVE-2020-24103 RESERVED CVE-2020-24102 RESERVED CVE-2020-24101 RESERVED CVE-2020-24100 RESERVED CVE-2020-24099 RESERVED CVE-2020-24098 RESERVED CVE-2020-24097 RESERVED CVE-2020-24096 RESERVED CVE-2020-24095 RESERVED CVE-2020-24094 RESERVED CVE-2020-24093 RESERVED CVE-2020-24092 RESERVED CVE-2020-24091 RESERVED CVE-2020-24090 RESERVED CVE-2020-24089 RESERVED CVE-2020-24088 RESERVED CVE-2020-24087 RESERVED CVE-2020-24086 RESERVED CVE-2020-24085 (A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in ...) NOT-FOR-US: MISP CVE-2020-24084 RESERVED CVE-2020-24083 RESERVED CVE-2020-24082 RESERVED CVE-2020-24081 RESERVED CVE-2020-24080 RESERVED CVE-2020-24079 RESERVED CVE-2020-24078 RESERVED CVE-2020-24077 RESERVED CVE-2020-24076 RESERVED CVE-2020-24075 RESERVED CVE-2020-24074 (The decode program in silk-v3-decoder Version:20160922 Build By kn007 ...) NOT-FOR-US: silk-v3-decoder CVE-2020-24073 RESERVED CVE-2020-24072 RESERVED CVE-2020-24071 RESERVED CVE-2020-24070 RESERVED CVE-2020-24069 RESERVED CVE-2020-24068 RESERVED CVE-2020-24067 RESERVED CVE-2020-24066 RESERVED CVE-2020-24065 RESERVED CVE-2020-24064 RESERVED CVE-2020-24063 (The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php? ...) NOT-FOR-US: Canto plugin for WordPress CVE-2020-24062 RESERVED CVE-2020-24061 RESERVED CVE-2020-24060 RESERVED CVE-2020-24059 RESERVED CVE-2020-24058 RESERVED CVE-2020-24057 (The management website of the Verint S5120FD Verint_FW_0_42 unit featu ...) NOT-FOR-US: Verint CVE-2020-24056 (A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_ ...) NOT-FOR-US: Verint CVE-2020-24055 (Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320 ...) NOT-FOR-US: Verint CVE-2020-24054 (The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2 ...) NOT-FOR-US: Moog CVE-2020-24053 (Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credenti ...) NOT-FOR-US: Moog CVE-2020-24052 (Several XML External Entity (XXE) vulnerabilities in the Moog EXO Seri ...) NOT-FOR-US: Moog CVE-2020-24051 (The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF int ...) NOT-FOR-US: Moog CVE-2020-24050 RESERVED CVE-2020-24049 RESERVED CVE-2020-24048 RESERVED CVE-2020-24047 RESERVED CVE-2020-24046 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...) NOT-FOR-US: TitanHQ CVE-2020-24045 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...) NOT-FOR-US: TitanHQ CVE-2020-24044 RESERVED CVE-2020-24043 RESERVED CVE-2020-24042 RESERVED CVE-2020-24041 RESERVED CVE-2020-24040 RESERVED CVE-2020-24039 RESERVED CVE-2020-24038 (myFax version 229 logs sensitive information in the export log module ...) NOT-FOR-US: myFax CVE-2020-24037 RESERVED CVE-2020-24036 (PHP object injection in the Ajax endpoint of the backend in ForkCMS be ...) NOT-FOR-US: ForkCMS CVE-2020-24035 RESERVED CVE-2020-24034 (Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecu ...) NOT-FOR-US: Sagemcom F@ST 5280 routers CVE-2020-24033 (An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The f ...) NOT-FOR-US: fs.com S3900 CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cm ...) NOT-FOR-US: XoruX LPAR2RRD and STOR2RRD CVE-2020-24031 RESERVED CVE-2020-24030 (ForLogic Qualiex v1 and v3 has weak token expiration. This allows remo ...) NOT-FOR-US: ForLogic Qualiex CVE-2020-24029 (Because of unauthenticated password changes in ForLogic Qualiex v1 and ...) NOT-FOR-US: ForLogic Qualiex CVE-2020-24028 (ForLogic Qualiex v1 and v3 allows any authenticated customer to achiev ...) NOT-FOR-US: ForLogic Qualiex CVE-2020-24027 (In Live Networks, Inc., liblivemedia version 20200625, there is a pote ...) - liblivemedia [buster] - liblivemedia (Minor issue) [stretch] - liblivemedia (Minor issue) NOTE: http://lists.live555.com/pipermail/live-devel/2020-July/021662.html NOTE: Fixed in 2020.07.09 upstream, cf. NOTE: http://www.live555.com/liveMedia/public/changelog.txt CVE-2020-24026 (TinyShop, a free and open source mall based on RageFrame2, has a store ...) NOT-FOR-US: TinyShop CVE-2020-24025 (Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when r ...) - node-node-sass [bullseye] - node-node-sass (Minor issue) NOTE: https://github.com/sass/node-sass/pull/567#issuecomment-656609236 CVE-2020-24024 RESERVED CVE-2020-24023 RESERVED CVE-2020-24022 RESERVED CVE-2020-24021 RESERVED CVE-2020-24020 (Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad ...) - ffmpeg 7:4.3.1-1 [bullseye] - ffmpeg (Vulnerable code not present) [buster] - ffmpeg (Vulnerable code not present) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8718 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=584f396132aa19d21bb1e38ad9a5d428869290cb CVE-2020-24019 RESERVED CVE-2020-24018 RESERVED CVE-2020-24017 RESERVED CVE-2020-24016 RESERVED CVE-2020-24015 RESERVED CVE-2020-24014 RESERVED CVE-2020-24013 RESERVED CVE-2020-24012 RESERVED CVE-2020-24011 RESERVED CVE-2020-24010 RESERVED CVE-2020-24009 RESERVED CVE-2020-24008 (Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs ...) NOT-FOR-US: Umanni RH CVE-2020-24007 (Umanni RH 1.0 does not limit the number of authentication attempts. An ...) NOT-FOR-US: Umanni RH CVE-2020-24006 RESERVED CVE-2020-24005 RESERVED CVE-2020-24004 RESERVED CVE-2020-24003 (Microsoft Skype through 8.59.0.77 on macOS has the disable-library-val ...) NOT-FOR-US: Microsoft Skype on MacOS CVE-2020-24002 RESERVED CVE-2020-24001 RESERVED CVE-2020-24000 (SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to ...) NOT-FOR-US: eyoucms cms CVE-2020-23999 RESERVED CVE-2020-23998 RESERVED CVE-2020-23997 RESERVED CVE-2020-23996 (A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 an ...) NOT-FOR-US: ILIAS CVE-2020-23995 (An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 ...) NOT-FOR-US: ILIAS CVE-2020-23994 RESERVED CVE-2020-23993 RESERVED CVE-2020-23992 RESERVED CVE-2020-23991 RESERVED CVE-2020-23990 RESERVED CVE-2020-23989 (NeDi 1.9C allows pwsec.php oid XSS. ...) NOT-FOR-US: NeDi CVE-2020-23988 RESERVED CVE-2020-23987 RESERVED CVE-2020-23986 RESERVED CVE-2020-23985 RESERVED CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-s ...) NOT-FOR-US: Online Hotel Booking System Pro PHP CVE-2020-23983 (Michael-design iChat Realtime PHP Live Support System 1.6 has persiste ...) NOT-FOR-US: Michael-design iChat Realtime PHP Live Support System CVE-2020-23982 (DesignMasterEvents Conference management 1.0.0 has cross site scriptin ...) NOT-FOR-US: DesignMasterEvents Conference management CVE-2020-23981 (13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id pa ...) NOT-FOR-US: 13enforme CMS CVE-2020-23980 (DesignMasterEvents Conference management 1.0.0 allows SQL Injection vi ...) NOT-FOR-US: DesignMasterEvents Conference management CVE-2020-23979 (13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter ...) NOT-FOR-US: 13enforme CMS CVE-2020-23978 (SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the ...) NOT-FOR-US: Soluzione Globale Ecommerce CMS CVE-2020-23977 (KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 't ...) NOT-FOR-US: KandNconcepts Club CMS CVE-2020-23976 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection ...) NOT-FOR-US: Webexcels Ecommerce CMS CVE-2020-23975 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scr ...) NOT-FOR-US: Webexcels Ecommerce CMS CVE-2020-23974 (Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting ...) NOT-FOR-US: Create-Project Manager CVE-2020-23973 (KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php ...) NOT-FOR-US: KandNconcepts Club CMS CVE-2020-23972 (In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can ...) NOT-FOR-US: Joomla Component GMapFP CVE-2020-23971 (gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Pe ...) NOT-FOR-US: gmapfp.org Joomla Component GMapFP CVE-2020-23970 RESERVED CVE-2020-23969 RESERVED CVE-2020-23968 (Ilex International Sign&go Workstation Security Suite 7.1 allows e ...) NOT-FOR-US: Ilex International Sign&go Workstation Security Suite CVE-2020-23967 (Dr.Web Security Space versions 11 and 12 allow elevation of privilege ...) NOT-FOR-US: Dr.Web Security Space CVE-2020-23966 RESERVED CVE-2020-23965 RESERVED CVE-2020-23964 RESERVED CVE-2020-23963 RESERVED CVE-2020-23962 (A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allow ...) NOT-FOR-US: Catfish CMS CVE-2020-23961 RESERVED CVE-2020-23960 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Admi ...) NOT-FOR-US: Fork CMS CVE-2020-23959 RESERVED CVE-2020-23958 RESERVED CVE-2020-23957 (Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) ...) NOT-FOR-US: Pega Platform CVE-2020-23956 RESERVED CVE-2020-23955 RESERVED CVE-2020-23954 RESERVED CVE-2020-23953 RESERVED CVE-2020-23952 RESERVED CVE-2020-23951 RESERVED CVE-2020-23950 RESERVED CVE-2020-23949 RESERVED CVE-2020-23948 RESERVED CVE-2020-23947 RESERVED CVE-2020-23946 RESERVED CVE-2020-23945 (A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id ...) NOT-FOR-US: Victor CMS CVE-2020-23944 RESERVED CVE-2020-23943 RESERVED CVE-2020-23942 RESERVED CVE-2020-23941 RESERVED CVE-2020-23940 RESERVED CVE-2020-23939 RESERVED CVE-2020-23938 REJECTED CVE-2020-23937 RESERVED CVE-2020-23936 (PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Auth ...) NOT-FOR-US: PHPGurukul Vehicle Parking Management System CVE-2020-23935 (Kabir Alhasan Student Management System 1.0 is vulnerable to Authentic ...) NOT-FOR-US: Kabir Alhasan Student Management System CVE-2020-23934 (An issue was discovered in RiteCMS 2.2.1. An authenticated user can di ...) NOT-FOR-US: RiteCMS CVE-2020-23933 REJECTED CVE-2020-23932 (An issue was discovered in gpac before 1.0.1. A NULL pointer dereferen ...) - gpac 1.0.1+dfsg1-2 (bug #987374) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/ce01bd15f711d4575b7424b54b3a395ec64c1784 NOTE: https://github.com/gpac/gpac/issues/1566 CVE-2020-23931 (An issue was discovered in gpac before 1.0.1. The abst_box_read functi ...) - gpac 1.0.1+dfsg1-2 (bug #987374) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/093283e727f396130651280609e687cd4778e0d1 NOTE: https://github.com/gpac/gpac/issues/1564 NOTE: https://github.com/gpac/gpac/issues/1567 CVE-2020-23930 (An issue was discovered in gpac through 20200801. A NULL pointer deref ...) - gpac 1.0.1+dfsg1-2 (bug #987374) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/9eeac00b38348c664dfeae2525bba0cf1bc32349 NOTE: https://github.com/gpac/gpac/issues/1565 CVE-2020-23929 RESERVED CVE-2020-23928 (An issue was discovered in gpac before 1.0.1. The abst_box_read functi ...) - gpac 1.0.1+dfsg1-2 (bug #987374) [buster] - gpac (Vulnerable code not present) [stretch] - gpac (Vulnerable code not present) NOTE: https://github.com/gpac/gpac/commit/8e05648d6b4459facbc783025c5c42d301fef5c3 NOTE: https://github.com/gpac/gpac/issues/1568 NOTE: https://github.com/gpac/gpac/issues/1569 CVE-2020-23927 RESERVED CVE-2020-23926 RESERVED CVE-2020-23925 RESERVED CVE-2020-23924 RESERVED CVE-2020-23923 RESERVED CVE-2020-23922 (An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif ...) - giflib (bug #988151) [bullseye] - giflib (Minor issue) [buster] - giflib (Minor issue) [stretch] - giflib (Minor issue) NOTE: https://sourceforge.net/p/giflib/bugs/151/ CVE-2020-23921 (An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_c ...) NOT-FOR-US: fast_ber CVE-2020-23920 RESERVED CVE-2020-23919 RESERVED CVE-2020-23918 RESERVED CVE-2020-23917 RESERVED CVE-2020-23916 RESERVED CVE-2020-23915 (An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_es ...) TODO: retroarch and salmon embed peglib, check if it's actually a security issue NOTE: https://github.com/yhirose/cpp-peglib/commit/b3b29ce8f3acf3a32733d930105a17d7b0ba347e NOTE: https://github.com/yhirose/cpp-peglib/issues/122 CVE-2020-23914 (An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer ...) TODO: retroarch and salmon embed peglib, check if it's actually a security issue NOTE: https://github.com/yhirose/cpp-peglib/commit/0061f393de54cf0326621c079dc2988336d1ebb3 NOTE: https://github.com/yhirose/cpp-peglib/issues/121 CVE-2020-23913 RESERVED CVE-2020-23912 (An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer d ...) NOT-FOR-US: Bento4 CVE-2020-23911 RESERVED CVE-2020-23910 RESERVED CVE-2020-23909 RESERVED CVE-2020-23908 RESERVED CVE-2020-23907 (An issue was discovered in retdec v3.3. In function canSplitFunctionOn ...) NOT-FOR-US: retdec CVE-2020-23906 (FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of servi ...) - ffmpeg 7:4.3.1-1 [buster] - ffmpeg (Vulnerable code introduced later) [stretch] - ffmpeg (Vulnerable code introduced later) NOTE: Regressed since: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e045be92cdf5a2851900e8e85b815c29ae6f100a (n4.3) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ec59dc73f0cc8930bf5dae389cd76d049d537ca7 (n4.4) NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be84216c53a4ed81573c82320e9c4a20e9b349d9 (n4.3.1) CVE-2020-23905 RESERVED CVE-2020-23904 (A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers t ...) - speex [bullseye] - speex (Minor issue) [buster] - speex (Minor issue) [stretch] - speex (Minor issue) NOTE: https://github.com/xiph/speex/issues/14 CVE-2020-23903 (A Divide by Zero vulnerability in the function static int read_samples ...) - speex [bullseye] - speex (Minor issue) [buster] - speex (Minor issue) [stretch] - speex (Minor issue) NOTE: https://github.com/xiph/speex/issues/13 CVE-2020-23902 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...) NOT-FOR-US: WildBit Viewer CVE-2020-23901 (A User Mode Write AV in Editor+0x5d15 of WildBit Viewer v6.6 allows at ...) NOT-FOR-US: WildBit Viewer CVE-2020-23900 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...) NOT-FOR-US: WildBit Viewer CVE-2020-23899 (A User Mode Write AV in Editor+0x5f91 of WildBit Viewer v6.6 allows at ...) NOT-FOR-US: WildBit Viewer CVE-2020-23898 (A User Mode Write AV in Editor+0x5ea2 of WildBit Viewer v6.6 allows at ...) NOT-FOR-US: WildBit Viewer CVE-2020-23897 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x54dcec ...) NOT-FOR-US: WildBit Viewer CVE-2020-23896 (A User Mode Write AV in Editor+0x576b of WildBit Viewer v6.6 allows at ...) NOT-FOR-US: WildBit Viewer CVE-2020-23895 (A User Mode Write AV in Editor+0x76af of WildBit Viewer v6.6 allows at ...) NOT-FOR-US: WildBit Viewer CVE-2020-23894 (A User Mode Write AV in ntdll!RtlpCoalesceFreeBlocks+0x268 of WildBit ...) NOT-FOR-US: WildBit Viewer CVE-2020-23893 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x3c3682 ...) NOT-FOR-US: WildBit Viewer CVE-2020-23892 RESERVED CVE-2020-23891 (A User Mode Write AV in Editor+0x5cd7 of WildBit Viewer v6.6 allows at ...) NOT-FOR-US: WildBit Viewer CVE-2020-23890 (A buffer overflow in WildBit Viewer v6.6 allows attackers to cause a d ...) NOT-FOR-US: WildBit Viewer CVE-2020-23889 (A User Mode Write AV starting at Editor!TMethodImplementationIntercept ...) NOT-FOR-US: WildBit Viewer CVE-2020-23888 (A User Mode Write AV in Editor!TMethodImplementationIntercept+0x53f6c3 ...) NOT-FOR-US: WildBit Viewer CVE-2020-23887 (XnView MP v0.96.4 was discovered to contain a heap overflow which allo ...) NOT-FOR-US: XnView MP CVE-2020-23886 (XnView MP v0.96.4 was discovered to contain a heap overflow which allo ...) NOT-FOR-US: XnView MP CVE-2020-23885 RESERVED CVE-2020-23884 (A buffer overflow in Nomacs v3.15.0 allows attackers to cause a denial ...) - nomacs [buster] - nomacs (Minor issue) [stretch] - nomacs (Minor issue) NOTE: https://github.com/nomacs/nomacs/issues/516 CVE-2020-23883 RESERVED CVE-2020-23882 RESERVED CVE-2020-23881 RESERVED CVE-2020-23880 RESERVED CVE-2020-23879 (pdf2json v0.71 was discovered to contain a NULL pointer dereference in ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-23878 (pdf2json v0.71 was discovered to contain a stack buffer overflow in th ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-23877 (pdf2xml v2.0 was discovered to contain a stack buffer overflow in the ...) NOT-FOR-US: pdf2xml CVE-2020-23876 (pdf2xml v2.0 was discovered to contain a memory leak in the function T ...) NOT-FOR-US: pdf2xml CVE-2020-23875 RESERVED CVE-2020-23874 (pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the f ...) NOT-FOR-US: pdf2xml CVE-2020-23873 (pdf2xml v2.0 was discovered to contain a heap-buffer overflow in the f ...) NOT-FOR-US: pdf2xml CVE-2020-23872 (A NULL pointer dereference in the function TextPage::restoreState of p ...) NOT-FOR-US: pdf2xml CVE-2020-23871 RESERVED CVE-2020-23870 RESERVED CVE-2020-23869 RESERVED CVE-2020-23868 (NeDi 1.9C allows inc/rt-popup.php d XSS. ...) NOT-FOR-US: NeDi CVE-2020-23867 RESERVED CVE-2020-23866 RESERVED CVE-2020-23865 RESERVED CVE-2020-23864 (An issue exits in IOBit Malware Fighter version 8.0.2.547. Local escal ...) NOT-FOR-US: IOBit Malware Fighter CVE-2020-23863 RESERVED CVE-2020-23862 RESERVED CVE-2020-23861 (A heap-based buffer overflow vulnerability exists in LibreDWG 0.10.1 v ...) - libredwg (bug #595191) CVE-2020-23860 RESERVED CVE-2020-23859 RESERVED CVE-2020-23858 RESERVED CVE-2020-23857 RESERVED CVE-2020-23856 (Use-after-Free vulnerability in cflow 1.6 in the void call(char *name, ...) - cflow (unimportant; bug #988985) NOTE: https://lists.gnu.org/archive/html/bug-cflow/2020-07/msg00000.html NOTE: Crash in CLI tool, no security impact CVE-2020-23855 RESERVED CVE-2020-23854 RESERVED CVE-2020-23853 RESERVED CVE-2020-23852 (A heap based buffer overflow vulnerability exists in ffjpeg through 20 ...) NOT-FOR-US: ffjpeg CVE-2020-23851 (A stack-based buffer overflow vulnerability exists in ffjpeg through 2 ...) NOT-FOR-US: ffjpeg CVE-2020-23850 RESERVED CVE-2020-23849 (Stored XSS was discovered in the tree mode of jsoneditor before 9.0.2 ...) NOT-FOR-US: jsoneditor CVE-2020-23848 RESERVED CVE-2020-23847 RESERVED CVE-2020-23846 RESERVED CVE-2020-23845 RESERVED CVE-2020-23844 RESERVED CVE-2020-23843 RESERVED CVE-2020-23842 RESERVED CVE-2020-23841 RESERVED CVE-2020-23840 RESERVED CVE-2020-23839 (A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS ...) NOT-FOR-US: GetSimple CMS CVE-2020-23838 RESERVED CVE-2020-23837 (A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User pl ...) NOT-FOR-US: GetSimple CMS CVE-2020-23836 (A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in ...) NOT-FOR-US: OSWAPP Warehouse Inventory System CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...) NOT-FOR-US: SourceCodester Tailor Management System CVE-2020-23834 (Insecure Service File Permissions in the bd service in Real Time Logic ...) NOT-FOR-US: Real Time Logic BarracudaDrive CVE-2020-23833 (Projectworlds House Rental v1.0 suffers from an unauthenticated SQL In ...) NOT-FOR-US: Projectworlds House Rental CVE-2020-23832 (A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin ...) NOT-FOR-US: Projectworlds Car Rental Management System CVE-2020-23831 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...) NOT-FOR-US: SourceCodester Stock Management System CVE-2020-23830 (A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.ph ...) NOT-FOR-US: SourceCodester Stock Management System CVE-2020-23829 (interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suff ...) NOT-FOR-US: LibreHealth EHR CVE-2020-23828 (A File Upload vulnerability in SourceCodester Online Course Registrati ...) NOT-FOR-US: SourceCodester Online Course Registration CVE-2020-23827 RESERVED CVE-2020-23826 (** DISPUTED ** The Yale WIPC-303W 2.21 through 2.31 camera is vulnerab ...) NOT-FOR-US: Yale WIPC-303W camera CVE-2020-23825 RESERVED CVE-2020-23824 (ArGo Soft Mail Server 1.8.8.9 is affected by Cross Site Request Forger ...) NOT-FOR-US: ArGo Soft Mail Server CVE-2020-23823 RESERVED CVE-2020-23822 RESERVED CVE-2020-23821 RESERVED CVE-2020-23820 RESERVED CVE-2020-23819 RESERVED CVE-2020-23818 RESERVED CVE-2020-23817 RESERVED CVE-2020-23816 RESERVED CVE-2020-23815 RESERVED CVE-2020-23814 (Multiple cross-site scripting (XSS) vulnerabilities in xxl-job v2.2.0 ...) NOT-FOR-US: xxl-job CVE-2020-23813 RESERVED CVE-2020-23812 RESERVED CVE-2020-23811 (xxl-job 2.2.0 allows Information Disclosure of username, model, and pa ...) NOT-FOR-US: xxl-job CVE-2020-23810 RESERVED CVE-2020-23809 RESERVED CVE-2020-23808 RESERVED CVE-2020-23807 RESERVED CVE-2020-23806 RESERVED CVE-2020-23805 RESERVED CVE-2020-23804 RESERVED CVE-2020-23803 RESERVED CVE-2020-23802 RESERVED CVE-2020-23801 RESERVED CVE-2020-23800 RESERVED CVE-2020-23799 RESERVED CVE-2020-23798 RESERVED CVE-2020-23797 RESERVED CVE-2020-23796 RESERVED CVE-2020-23795 RESERVED CVE-2020-23794 RESERVED CVE-2020-23793 RESERVED CVE-2020-23792 RESERVED CVE-2020-23791 RESERVED CVE-2020-23790 (An Arbitrary File Upload vulnerability was discovered in the Golo Lara ...) NOT-FOR-US: Golo Laravel theme CVE-2020-23789 RESERVED CVE-2020-23788 RESERVED CVE-2020-23787 RESERVED CVE-2020-23786 RESERVED CVE-2020-23785 RESERVED CVE-2020-23784 RESERVED CVE-2020-23783 RESERVED CVE-2020-23782 RESERVED CVE-2020-23781 RESERVED CVE-2020-23780 RESERVED CVE-2020-23779 RESERVED CVE-2020-23778 RESERVED CVE-2020-23777 RESERVED CVE-2020-23776 (A SSRF vulnerability exists in Winmail 6.5 in app.php in the key param ...) NOT-FOR-US: Winmail CVE-2020-23775 RESERVED CVE-2020-23774 (A reflected XSS vulnerability exists in tohtml/convert.php of Winmail ...) NOT-FOR-US: Winmail CVE-2020-23773 RESERVED CVE-2020-23772 RESERVED CVE-2020-23771 RESERVED CVE-2020-23770 RESERVED CVE-2020-23769 RESERVED CVE-2020-23768 (An information disclosure vulnerability was discovered in alipay_funct ...) NOT-FOR-US: Alibaba payment interface on PHPPYUN CVE-2020-23767 RESERVED CVE-2020-23766 (An arbitrary file deletion vulnerability was discovered on htmly v2.7. ...) NOT-FOR-US: htmly CVE-2020-23765 (A file upload vulnerability was discovered in the file path /bl-plugin ...) NOT-FOR-US: Bludit CVE-2020-23764 RESERVED CVE-2020-23763 (SQL injection in admin.php in Online Book Store 1.0 allows remote atta ...) NOT-FOR-US: Online Book Store CVE-2020-23762 (Cross Site Scripting (XSS) vulnerability in the Larsens Calender plugi ...) NOT-FOR-US: Larsens calendar CVE-2020-23761 (Cross Site Scripting (XSS) vulnerability in subrion CMS Version <= ...) NOT-FOR-US: subrion CMS CVE-2020-23760 RESERVED CVE-2020-23759 RESERVED CVE-2020-23758 RESERVED CVE-2020-23757 RESERVED CVE-2020-23756 RESERVED CVE-2020-23755 RESERVED CVE-2020-23754 (Cross Site Scripting (XSS) vulnerability in infusions/member_poll_pane ...) NOT-FOR-US: PHP-Fusion CVE-2020-23753 RESERVED CVE-2020-23752 RESERVED CVE-2020-23751 RESERVED CVE-2020-23750 RESERVED CVE-2020-23749 RESERVED CVE-2020-23748 RESERVED CVE-2020-23747 RESERVED CVE-2020-23746 RESERVED CVE-2020-23745 RESERVED CVE-2020-23744 RESERVED CVE-2020-23743 RESERVED CVE-2020-23742 RESERVED CVE-2020-23741 (In AnyView (network police) network monitoring software 4.6.0.1, there ...) NOT-FOR-US: AnyView (network police) network monitoring software CVE-2020-23740 (In DriverGenius 9.61.5480.28 there is a local privilege escalation vul ...) NOT-FOR-US: DriverGenius CVE-2020-23739 RESERVED CVE-2020-23738 (There is a local denial of service vulnerability in Advanced SystemCar ...) NOT-FOR-US: Advanced SystemCare CVE-2020-23737 RESERVED CVE-2020-23736 (There is a local denial of service vulnerability in DaDa accelerator 5 ...) NOT-FOR-US: DaDa accelerator CVE-2020-23735 (In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escal ...) NOT-FOR-US: Saibo Cyber Game Accelerator CVE-2020-23734 RESERVED CVE-2020-23733 RESERVED CVE-2020-23732 RESERVED CVE-2020-23731 RESERVED CVE-2020-23730 RESERVED CVE-2020-23729 RESERVED CVE-2020-23728 RESERVED CVE-2020-23727 (There is a local denial of service vulnerability in the Antiy Zhijia T ...) NOT-FOR-US: Antiy Zhijia Terminal Defense System CVE-2020-23726 (There is a local denial of service vulnerability in Wise Care 365 5.5. ...) NOT-FOR-US: Wise Care 365 CVE-2020-23725 RESERVED CVE-2020-23724 RESERVED CVE-2020-23723 RESERVED CVE-2020-23722 (An issue was discovered in FUEL CMS 1.4.7. There is a escalation of pr ...) NOT-FOR-US: FUEL CMS CVE-2020-23721 (An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS ...) NOT-FOR-US: FUEL CMS CVE-2020-23720 RESERVED CVE-2020-23719 (Cross site scripting (XSS) vulnerability in application/controllers/Ad ...) NOT-FOR-US: xujinliang zibbs CVE-2020-23718 (Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allo ...) NOT-FOR-US: xujinliang zibbs CVE-2020-23717 RESERVED CVE-2020-23716 RESERVED CVE-2020-23715 (Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the ...) NOT-FOR-US: Webport CVE-2020-23714 RESERVED CVE-2020-23713 RESERVED CVE-2020-23712 RESERVED CVE-2020-23711 (SQL Injection vulnerability in NavigateCMS 2.9 via the URL encoded GET ...) NOT-FOR-US: NavigateCMS CVE-2020-23710 (Cross Site Scripting (XSS) vulneraiblity in LimeSurvey 4.2.5 on textbo ...) - limesurvey (bug #472802) CVE-2020-23709 RESERVED CVE-2020-23708 RESERVED CVE-2020-23707 (A heap-based buffer overflow vulnerability in the function ok_jpg_deco ...) NOT-FOR-US: ok-file-formats CVE-2020-23706 (A heap-based buffer overflow vulnerability in the function ok_jpg_deco ...) NOT-FOR-US: ok-file-formats CVE-2020-23705 (A global buffer overflow vulnerability in jfif_encode at jfif.c:701 of ...) NOT-FOR-US: ffjpeg CVE-2020-23704 RESERVED CVE-2020-23703 RESERVED CVE-2020-23702 (Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'Ne ...) NOT-FOR-US: PHP-Fusion CVE-2020-23701 RESERVED CVE-2020-23700 (Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the ...) NOT-FOR-US: LavaLite-CMS CVE-2020-23699 RESERVED CVE-2020-23698 RESERVED CVE-2020-23697 (Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page fe ...) NOT-FOR-US: Monstra CMS CVE-2020-23696 RESERVED CVE-2020-23695 RESERVED CVE-2020-23694 RESERVED CVE-2020-23693 RESERVED CVE-2020-23692 RESERVED CVE-2020-23691 (YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the ...) NOT-FOR-US: YFCMF CVE-2020-23690 RESERVED CVE-2020-23689 (In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments s ...) NOT-FOR-US: YFCMF CVE-2020-23688 RESERVED CVE-2020-23687 RESERVED CVE-2020-23686 (Cross site request forgery (CSRF) vulnerability in AyaCMS 3.1.2 allows ...) NOT-FOR-US: AyaCMS CVE-2020-23685 (SQL Injection vulnerability in 188Jianzhan v2.1.0, allows attackers to ...) NOT-FOR-US: 188Jianzhan CVE-2020-23684 RESERVED CVE-2020-23683 RESERVED CVE-2020-23682 RESERVED CVE-2020-23681 RESERVED CVE-2020-23680 (An issue was discovered in function StartPage in text2pdf.c in pdfcorn ...) NOT-FOR-US: pdfcorner text2pdf CVE-2020-23679 (Buffer overflow vulnerability in Renleilei1992 Linux_Network_Project 1 ...) NOT-FOR-US: Renleilei1992 Linux_Network_Project CVE-2020-23678 RESERVED CVE-2020-23677 RESERVED CVE-2020-23676 RESERVED CVE-2020-23675 RESERVED CVE-2020-23674 RESERVED CVE-2020-23673 RESERVED CVE-2020-23672 RESERVED CVE-2020-23671 RESERVED CVE-2020-23670 RESERVED CVE-2020-23669 RESERVED CVE-2020-23668 RESERVED CVE-2020-23667 RESERVED CVE-2020-23666 RESERVED CVE-2020-23665 RESERVED CVE-2020-23664 RESERVED CVE-2020-23663 RESERVED CVE-2020-23662 RESERVED CVE-2020-23661 RESERVED CVE-2020-23660 (webTareas v2.1 is affected by Cross Site Scripting (XSS) on "Search." ...) NOT-FOR-US: webTareas CVE-2020-23659 (WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the " ...) NOT-FOR-US: WebPort CVE-2020-23658 (PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infus ...) NOT-FOR-US: PHP-Fusion CVE-2020-23657 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...) NOT-FOR-US: NavigateCMS CVE-2020-23656 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...) NOT-FOR-US: NavigateCMS CVE-2020-23655 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) on module "C ...) NOT-FOR-US: NavigateCMS CVE-2020-23654 (NavigateCMS 2.9 is affected by Cross Site Scripting (XSS) via the modu ...) NOT-FOR-US: NavigateCMS CVE-2020-23653 (An insecure unserialize vulnerability was discovered in ThinkAdmin ver ...) NOT-FOR-US: ThinkAdmin CVE-2020-23652 RESERVED CVE-2020-23651 RESERVED CVE-2020-23650 RESERVED CVE-2020-23649 RESERVED CVE-2020-23648 RESERVED CVE-2020-23647 RESERVED CVE-2020-23646 RESERVED CVE-2020-23645 RESERVED CVE-2020-23644 (XSS exists in JIZHICMS 1.7.1 via index.php/Error/index?msg={XSS] to Ho ...) NOT-FOR-US: JIZHICMS CVE-2020-23643 (XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signatur ...) NOT-FOR-US: JIZHICMS CVE-2020-23642 RESERVED CVE-2020-23641 RESERVED CVE-2020-23640 RESERVED CVE-2020-23639 (A command injection vulnerability exists in Moxa Inc VPort 461 Series ...) NOT-FOR-US: Moxa CVE-2020-23638 RESERVED CVE-2020-23637 RESERVED CVE-2020-23636 RESERVED CVE-2020-23635 RESERVED CVE-2020-23634 RESERVED CVE-2020-23633 RESERVED CVE-2020-23632 RESERVED CVE-2020-23631 (Cross-site request forgery (CSRF) in admin/global/manage.php in WDJA C ...) NOT-FOR-US: WDJA CMS CVE-2020-23630 (A blind SQL injection vulnerability exists in zzcms ver201910 based on ...) NOT-FOR-US: zzcms CVE-2020-23629 RESERVED CVE-2020-23628 RESERVED CVE-2020-23627 RESERVED CVE-2020-23626 RESERVED CVE-2020-23625 RESERVED CVE-2020-23624 RESERVED CVE-2020-23623 RESERVED CVE-2020-23622 RESERVED CVE-2020-23621 RESERVED CVE-2020-23620 RESERVED CVE-2020-23619 RESERVED CVE-2020-23618 RESERVED CVE-2020-23617 RESERVED CVE-2020-23616 RESERVED CVE-2020-23615 RESERVED CVE-2020-23614 RESERVED CVE-2020-23613 RESERVED CVE-2020-23612 RESERVED CVE-2020-23611 RESERVED CVE-2020-23610 RESERVED CVE-2020-23609 RESERVED CVE-2020-23608 RESERVED CVE-2020-23607 RESERVED CVE-2020-23606 RESERVED CVE-2020-23605 RESERVED CVE-2020-23604 RESERVED CVE-2020-23603 RESERVED CVE-2020-23602 RESERVED CVE-2020-23601 RESERVED CVE-2020-23600 RESERVED CVE-2020-23599 RESERVED CVE-2020-23598 RESERVED CVE-2020-23597 RESERVED CVE-2020-23596 RESERVED CVE-2020-23595 RESERVED CVE-2020-23594 RESERVED CVE-2020-23593 RESERVED CVE-2020-23592 RESERVED CVE-2020-23591 RESERVED CVE-2020-23590 RESERVED CVE-2020-23589 RESERVED CVE-2020-23588 RESERVED CVE-2020-23587 RESERVED CVE-2020-23586 RESERVED CVE-2020-23585 RESERVED CVE-2020-23584 RESERVED CVE-2020-23583 RESERVED CVE-2020-23582 RESERVED CVE-2020-23581 RESERVED CVE-2020-23580 (Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message b ...) NOT-FOR-US: PbootCMS CVE-2020-23579 RESERVED CVE-2020-23578 RESERVED CVE-2020-23577 RESERVED CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site Scripting ...) NOT-FOR-US: Laborator Neon dashboard CVE-2020-23575 (A directory traversal vulnerability exists in Kyocera Printer d-COPIA2 ...) NOT-FOR-US: Kyocera CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...) NOT-FOR-US: Sysax Multi Server CVE-2020-23573 RESERVED CVE-2020-23572 (BEESCMS v4.0 was discovered to contain an arbitrary file upload vulner ...) NOT-FOR-US: BEESCMS CVE-2020-23571 RESERVED CVE-2020-23570 RESERVED CVE-2020-23569 RESERVED CVE-2020-23568 RESERVED CVE-2020-23567 (Irfanview v4.53 allows attackers to to cause a denial of service (DoS) ...) NOT-FOR-US: Irfanview CVE-2020-23566 (Irfanview v4.53 was discovered to contain an infinity loop via JPEG200 ...) NOT-FOR-US: Irfanview CVE-2020-23565 (Irfanview v4.53 allows attackers to execute arbitrary code via a craft ...) NOT-FOR-US: Irfanview CVE-2020-23564 RESERVED CVE-2020-23563 RESERVED CVE-2020-23562 RESERVED CVE-2020-23561 RESERVED CVE-2020-23560 RESERVED CVE-2020-23559 RESERVED CVE-2020-23558 RESERVED CVE-2020-23557 RESERVED CVE-2020-23556 RESERVED CVE-2020-23555 RESERVED CVE-2020-23554 RESERVED CVE-2020-23553 RESERVED CVE-2020-23552 RESERVED CVE-2020-23551 RESERVED CVE-2020-23550 RESERVED CVE-2020-23549 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...) NOT-FOR-US: IrfanView CVE-2020-23548 RESERVED CVE-2020-23547 RESERVED CVE-2020-23546 (IrfanView 4.54 allows attackers to cause a denial of service or possib ...) NOT-FOR-US: IrfanView CVE-2020-23545 RESERVED CVE-2020-23544 RESERVED CVE-2020-23543 RESERVED CVE-2020-23542 RESERVED CVE-2020-23541 RESERVED CVE-2020-23540 RESERVED CVE-2020-23539 (An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that ...) NOT-FOR-US: Realtek CVE-2020-23538 RESERVED CVE-2020-23537 RESERVED CVE-2020-23536 RESERVED CVE-2020-23535 RESERVED CVE-2020-23534 (A server-side request forgery (SSRF) vulnerability in Upgrade.php of g ...) NOT-FOR-US: gopeak masterlab CVE-2020-23533 (Union Pay up to 1.2.0, for web based versions contains a CWE-347: Impr ...) NOT-FOR-US: Union Pay CVE-2020-23532 RESERVED CVE-2020-23531 RESERVED CVE-2020-23530 RESERVED CVE-2020-23529 RESERVED CVE-2020-23528 RESERVED CVE-2020-23527 RESERVED CVE-2020-23526 RESERVED CVE-2020-23525 RESERVED CVE-2020-23524 RESERVED CVE-2020-23523 RESERVED CVE-2020-23522 (Pixelimity 1.0 has cross-site request forgery via the admin/setting.ph ...) NOT-FOR-US: Pixelimity CVE-2020-23521 RESERVED CVE-2020-23520 (imcat 5.2 allows an authenticated file upload and consequently remote ...) NOT-FOR-US: imcat CVE-2020-23519 RESERVED CVE-2020-23518 (Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - ...) NOT-FOR-US: UltimateKode Neo Billing - Accounting, Invoicing And CRM Software CVE-2020-23517 (Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS ...) NOT-FOR-US: Aryanic HighMail (High CMS) CVE-2020-23516 RESERVED CVE-2020-23515 RESERVED CVE-2020-23514 RESERVED CVE-2020-23513 RESERVED CVE-2020-23512 (VR CAM P1 Model P1 v1 has an incorrect access control vulnerability wh ...) NOT-FOR-US: VR CAM P1 Model P1 CVE-2020-23511 RESERVED CVE-2020-23510 RESERVED CVE-2020-23509 RESERVED CVE-2020-23508 RESERVED CVE-2020-23507 RESERVED CVE-2020-23506 RESERVED CVE-2020-23505 RESERVED CVE-2020-23504 RESERVED CVE-2020-23503 RESERVED CVE-2020-23502 RESERVED CVE-2020-23501 RESERVED CVE-2020-23500 RESERVED CVE-2020-23499 RESERVED CVE-2020-23498 RESERVED CVE-2020-23497 RESERVED CVE-2020-23496 RESERVED CVE-2020-23495 RESERVED CVE-2020-23494 RESERVED CVE-2020-23493 RESERVED CVE-2020-23492 RESERVED CVE-2020-23491 RESERVED CVE-2020-23490 (There was a local file disclosure vulnerability in AVideo < 8.9 via ...) NOT-FOR-US: AVideo CVE-2020-23489 (The import.json.php file before 8.9 for Avideo is vulnerable to a File ...) NOT-FOR-US: AVideo CVE-2020-23488 RESERVED CVE-2020-23487 RESERVED CVE-2020-23486 RESERVED CVE-2020-23485 RESERVED CVE-2020-23484 RESERVED CVE-2020-23483 RESERVED CVE-2020-23482 RESERVED CVE-2020-23481 (CMS Made Simple 2.2.14 was discovered to contain a cross-site scriptin ...) NOT-FOR-US: CMS Made Simple CVE-2020-23480 RESERVED CVE-2020-23479 RESERVED CVE-2020-23478 (Leo Editor v6.2.1 was discovered to contain a regular expression denia ...) NOT-FOR-US: Leo Editor CVE-2020-23477 RESERVED CVE-2020-23476 RESERVED CVE-2020-23475 RESERVED CVE-2020-23474 RESERVED CVE-2020-23473 RESERVED CVE-2020-23472 RESERVED CVE-2020-23471 RESERVED CVE-2020-23470 RESERVED CVE-2020-23469 (gmate v0.12+bionic contains a regular expression denial of service (Re ...) NOT-FOR-US: gmate CVE-2020-23468 RESERVED CVE-2020-23467 RESERVED CVE-2020-23466 RESERVED CVE-2020-23465 RESERVED CVE-2020-23464 RESERVED CVE-2020-23463 RESERVED CVE-2020-23462 RESERVED CVE-2020-23461 RESERVED CVE-2020-23460 RESERVED CVE-2020-23459 RESERVED CVE-2020-23458 RESERVED CVE-2020-23457 RESERVED CVE-2020-23456 RESERVED CVE-2020-23455 RESERVED CVE-2020-23454 RESERVED CVE-2020-23453 RESERVED CVE-2020-23452 RESERVED CVE-2020-23451 (Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead ...) NOT-FOR-US: Spiceworks CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed ...) NOT-FOR-US: Spiceworks CVE-2020-23449 (newbee-mall all versions are affected by incorrect access control to r ...) NOT-FOR-US: newbee-mall CVE-2020-23448 (newbee-mall all versions are affected by incorrect access control to r ...) NOT-FOR-US: newbee-mall CVE-2020-23447 (newbee-mall 1.0 is affected by cross-site scripting in shop-cart/settl ...) NOT-FOR-US: newbee-mall CVE-2020-23446 (Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenti ...) NOT-FOR-US: Verint Workforce Optimization suite CVE-2020-23445 RESERVED CVE-2020-23444 RESERVED CVE-2020-23443 RESERVED CVE-2020-23442 RESERVED CVE-2020-23441 RESERVED CVE-2020-23440 RESERVED CVE-2020-23439 RESERVED CVE-2020-23438 RESERVED CVE-2020-23437 RESERVED CVE-2020-23436 RESERVED CVE-2020-23435 RESERVED CVE-2020-23434 RESERVED CVE-2020-23433 RESERVED CVE-2020-23432 RESERVED CVE-2020-23431 RESERVED CVE-2020-23430 RESERVED CVE-2020-23429 RESERVED CVE-2020-23428 RESERVED CVE-2020-23427 RESERVED CVE-2020-23426 (zzcms 201910 contains an access control vulnerability through escalati ...) NOT-FOR-US: zzcms CVE-2020-23425 RESERVED CVE-2020-23424 RESERVED CVE-2020-23423 RESERVED CVE-2020-23422 RESERVED CVE-2020-23421 RESERVED CVE-2020-23420 RESERVED CVE-2020-23419 RESERVED CVE-2020-23418 RESERVED CVE-2020-23417 RESERVED CVE-2020-23416 RESERVED CVE-2020-23415 RESERVED CVE-2020-23414 RESERVED CVE-2020-23413 RESERVED CVE-2020-23412 RESERVED CVE-2020-23411 RESERVED CVE-2020-23410 RESERVED CVE-2020-23409 RESERVED CVE-2020-23408 RESERVED CVE-2020-23407 RESERVED CVE-2020-23406 RESERVED CVE-2020-23405 RESERVED CVE-2020-23404 RESERVED CVE-2020-23403 RESERVED CVE-2020-23402 RESERVED CVE-2020-23401 RESERVED CVE-2020-23400 RESERVED CVE-2020-23399 RESERVED CVE-2020-23398 RESERVED CVE-2020-23397 RESERVED CVE-2020-23396 RESERVED CVE-2020-23395 RESERVED CVE-2020-23394 RESERVED CVE-2020-23393 RESERVED CVE-2020-23392 RESERVED CVE-2020-23391 RESERVED CVE-2020-23390 RESERVED CVE-2020-23389 RESERVED CVE-2020-23388 RESERVED CVE-2020-23387 RESERVED CVE-2020-23386 RESERVED CVE-2020-23385 RESERVED CVE-2020-23384 RESERVED CVE-2020-23383 RESERVED CVE-2020-23382 RESERVED CVE-2020-23381 RESERVED CVE-2020-23380 RESERVED CVE-2020-23379 RESERVED CVE-2020-23378 RESERVED CVE-2020-23377 RESERVED CVE-2020-23376 (NoneCMS v1.3 has a CSRF vulnerability in public/index.php/admin/nav/ad ...) NOT-FOR-US: NoneCMS CVE-2020-23375 RESERVED CVE-2020-23374 (Cross-site scripting (XSS) vulnerability in admin/article/add.html in ...) NOT-FOR-US: NoneCMS CVE-2020-23373 (Cross-site scripting (XSS) vulnerability in admin/nav/add.html in none ...) NOT-FOR-US: NoneCMS CVE-2020-23372 RESERVED CVE-2020-23371 (Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor ...) NOT-FOR-US: NoneCMS CVE-2020-23370 (In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/ ...) NOT-FOR-US: YzmCMS CVE-2020-23369 (In YzmCMS 5.6, XSS was discovered in member/member_content/init.html v ...) NOT-FOR-US: YzmCMS CVE-2020-23368 RESERVED CVE-2020-23367 RESERVED CVE-2020-23366 RESERVED CVE-2020-23365 RESERVED CVE-2020-23364 RESERVED CVE-2020-23363 RESERVED CVE-2020-23362 RESERVED CVE-2020-23361 (phpList 3.5.3 allows type juggling for login bypass because == is used ...) - phplist (bug #612288) CVE-2020-23360 (oscommerce v2.3.4.1 has a functional problem in user registration and ...) NOT-FOR-US: oscommerce CVE-2020-23359 (WeBid 1.2.2 admin/newuser.php has an issue with password rechecking du ...) NOT-FOR-US: WeBid CVE-2020-23358 RESERVED CVE-2020-23357 RESERVED CVE-2020-23356 (dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type ju ...) NOT-FOR-US: nibbleblog CVE-2020-23355 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/use ...) NOT-FOR-US: Codiad CVE-2020-23354 RESERVED CVE-2020-23353 RESERVED CVE-2020-23352 (Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP l ...) NOT-FOR-US: Z-BlogPHP CVE-2020-23351 RESERVED CVE-2020-23350 RESERVED CVE-2020-23349 RESERVED CVE-2020-23348 RESERVED CVE-2020-23347 RESERVED CVE-2020-23346 RESERVED CVE-2020-23345 RESERVED CVE-2020-23344 RESERVED CVE-2020-23343 RESERVED CVE-2020-23342 (A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/ed ...) NOT-FOR-US: Anchor CMS CVE-2020-23341 (A reflected cross site scripting (XSS) vulnerability in the /header.tm ...) NOT-FOR-US: ATutor CVE-2020-23340 RESERVED CVE-2020-23339 RESERVED CVE-2020-23338 RESERVED CVE-2020-23337 RESERVED CVE-2020-23336 RESERVED CVE-2020-23335 RESERVED CVE-2020-23334 (A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTer ...) NOT-FOR-US: Bento4 CVE-2020-23333 (A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom ...) NOT-FOR-US: Bento4 CVE-2020-23332 (A heap-based buffer overflow exists in the AP4_StdcFileByteStream::Rea ...) NOT-FOR-US: Bento4 CVE-2020-23331 (An issue was discovered in Bento4 version 06c39d9. A NULL pointer dere ...) NOT-FOR-US: Bento4 CVE-2020-23330 (An issue was discovered in Bento4 version 06c39d9. A NULL pointer dere ...) NOT-FOR-US: Bento4 CVE-2020-23329 RESERVED CVE-2020-23328 RESERVED CVE-2020-23327 RESERVED CVE-2020-23326 RESERVED CVE-2020-23325 RESERVED CVE-2020-23324 RESERVED CVE-2020-23323 (There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3871 CVE-2020-23322 (There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRAC ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3869 CVE-2020-23321 (There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_ ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3870 CVE-2020-23320 (There is an Assertion in 'context_p->next_scanner_info_p->type = ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3835 CVE-2020-23319 (There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) > ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3834 CVE-2020-23318 RESERVED CVE-2020-23317 RESERVED CVE-2020-23316 RESERVED CVE-2020-23315 RESERVED CVE-2020-23314 (There is an Assertion 'block_found' failed at js-parser-statm.c:2003 p ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3825 CVE-2020-23313 (There is an Assertion 'scope_stack_p > context_p->scope_stack_p' ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3823 CVE-2020-23312 (There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCC ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3824 CVE-2020-23311 (There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE | ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3822 CVE-2020-23310 (There is an Assertion 'context_p->next_scanner_info_p->type == S ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3821 CVE-2020-23309 (There is an Assertion 'context_p->stack_depth == context_p->cont ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3820 CVE-2020-23308 (There is an Assertion 'context_p->stack_top_uint8 == LEXER_EXPRESSI ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3819 CVE-2020-23307 RESERVED CVE-2020-23306 (There is a stack-overflow at ecma-regexp-object.c:535 in ecma_regexp_m ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3753 CVE-2020-23305 RESERVED CVE-2020-23304 RESERVED CVE-2020-23303 (There is a heap-buffer-overflow at jmem-poolman.c:165 in jmem_pools_co ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3749 CVE-2020-23302 (There is a heap-use-after-free at ecma-helpers-string.c:772 in ecma_re ...) - iotjs (bug #989991) [bullseye] - iotjs (Minor issue) [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3748 CVE-2020-23301 RESERVED CVE-2020-23300 RESERVED CVE-2020-23299 RESERVED CVE-2020-23298 RESERVED CVE-2020-23297 RESERVED CVE-2020-23296 RESERVED CVE-2020-23295 RESERVED CVE-2020-23294 RESERVED CVE-2020-23293 RESERVED CVE-2020-23292 RESERVED CVE-2020-23291 RESERVED CVE-2020-23290 RESERVED CVE-2020-23289 RESERVED CVE-2020-23288 RESERVED CVE-2020-23287 RESERVED CVE-2020-23286 RESERVED CVE-2020-23285 RESERVED CVE-2020-23284 (Information disclosure in aspx pages in MV's IDCE application v1.0 all ...) NOT-FOR-US: IDCE CVE-2020-23283 (Information disclosure in Logon Page in MV's mConnect application v02. ...) NOT-FOR-US: mConnect CVE-2020-23282 (SQL injection in Logon Page in MV's mConnect application, v02.001.00, ...) NOT-FOR-US: mConnect CVE-2020-23281 RESERVED CVE-2020-23280 RESERVED CVE-2020-23279 RESERVED CVE-2020-23278 RESERVED CVE-2020-23277 RESERVED CVE-2020-23276 RESERVED CVE-2020-23275 RESERVED CVE-2020-23274 RESERVED CVE-2020-23273 (Heap-buffer overflow in the randomize_iparp function in edit_packet.c. ...) - tcpreplay 4.3.3-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/579 NOTE: Fixed in: https://github.com/appneta/tcpreplay/pull/588 NOTE: Fixed by: https://github.com/appneta/tcpreplay/commit/314ae7d70aa7630dc17dfdb06edacb131fa8fa99 (v4.3.3-beta1) NOTE: Crash in CLI tool, no security impact CVE-2020-23272 RESERVED CVE-2020-23271 RESERVED CVE-2020-23270 RESERVED CVE-2020-23269 (An issue was discovered in gpac 0.8.0. The stbl_GetSampleSize function ...) - gpac 1.0.1+dfsg1-2 NOTE: https://github.com/gpac/gpac/issues/1482 NOTE: fixed by fixes for related bugs, no specific commit identified upstream NOTE: poc tested with 1.0.1+dfsg1-4+deb11u1 NOTE: https://github.com/gpac/gpac/commit/e4ed32bf56fc02fb8a04b9e13f4d7bdae2b3ae12 (v0.9.0-preview) CVE-2020-23268 RESERVED CVE-2020-23267 (An issue was discovered in gpac 0.8.0. The gf_hinter_track_process fun ...) - gpac 1.0.1+dfsg1-2 NOTE: https://github.com/gpac/gpac/issues/1479 NOTE: fixed by fixes for related bugs, no specific commit identified upstream NOTE: poc tested with 1.0.1+dfsg1-4+deb11u1 NOTE: https://github.com/gpac/gpac/commit/b286aa0cdc0cb781e96430c8777d38f066a2c9f9 (v0.9.0, v0.8.1) CVE-2020-23266 (An issue was discovered in gpac 0.8.0. The OD_ReadUTF8String function ...) - gpac 1.0.1+dfsg1-2 NOTE: https://github.com/gpac/gpac/commit/47d8bc5b3ddeed6d775197ebefae7c94a45d9bf2 (v0.9.0, v0.8.1) NOTE: https://github.com/gpac/gpac/issues/1481 CVE-2020-23265 RESERVED CVE-2020-23264 (Cross-site request forgery (CSRF) in Fork-CMS before 5.8.2 allow remot ...) NOT-FOR-US: Fork CMS CVE-2020-23263 (Persistent Cross-site scripting vulnerability on Fork CMS version 5.8. ...) NOT-FOR-US: Fork CMS CVE-2020-23262 (An issue was discovered in ming-soft MCMS v5.0, where a malicious user ...) NOT-FOR-US: ming-soft MCMS CVE-2020-23261 RESERVED CVE-2020-23260 RESERVED CVE-2020-23259 RESERVED CVE-2020-23258 RESERVED CVE-2020-23257 RESERVED CVE-2020-23256 RESERVED CVE-2020-23255 RESERVED CVE-2020-23254 RESERVED CVE-2020-23253 RESERVED CVE-2020-23252 RESERVED CVE-2020-23251 RESERVED CVE-2020-23250 (GigaVUE-OS (GVOS) 5.4 - 5.9 uses a weak algorithm for a hash stored in ...) NOT-FOR-US: GigaVUE-OS CVE-2020-23249 (GigaVUE-OS (GVOS) 5.4 - 5.9 stores a Redis database password in plaint ...) NOT-FOR-US: GigaVUE-OS CVE-2020-23248 RESERVED CVE-2020-23247 RESERVED CVE-2020-23246 RESERVED CVE-2020-23245 RESERVED CVE-2020-23244 RESERVED CVE-2020-23243 (Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2. ...) NOT-FOR-US: NavigateCMS CVE-2020-23242 (Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when perfo ...) NOT-FOR-US: NavigateCMS CVE-2020-23241 (Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in ...) NOT-FOR-US: CMS Made Simple CVE-2020-23240 (Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via ...) NOT-FOR-US: CMS Made Simple CVE-2020-23239 (Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via ...) NOT-FOR-US: Textpattern CMS CVE-2020-23238 (Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via th ...) NOT-FOR-US: Evolution CMS CVE-2020-23237 RESERVED CVE-2020-23236 RESERVED CVE-2020-23235 RESERVED CVE-2020-23234 (Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 v ...) NOT-FOR-US: LavaLite CMS CVE-2020-23233 RESERVED CVE-2020-23232 RESERVED CVE-2020-23231 RESERVED CVE-2020-23230 RESERVED CVE-2020-23229 RESERVED CVE-2020-23228 RESERVED CVE-2020-23227 RESERVED CVE-2020-23226 (Multiple Cross Site Scripting (XSS) vulneratiblities exist in Cacti 1. ...) - cacti 1.2.13+ds1-1 [buster] - cacti (Minor issues) [stretch] - cacti (Minor issues; also requires semi-intrusive change to be backported) NOTE: https://github.com/Cacti/cacti/issues/3549 NOTE: https://github.com/Cacti/cacti/commit/8d5fbc48debddc91a66b5aed877060566c6b6232 (1.2.13) NOTE: https://github.com/Cacti/cacti/commit/74c011ba8635902713c530ded90bc0a045ca461d (1.2.13) NOTE: https://github.com/Cacti/cacti/commit/5e4c77e908d6ff895a97fb29e1b582160f8d4165 (1.2.13) NOTE: https://github.com/Cacti/cacti/commit/798f499eacc6b90e9e0e6a38db15edf564e3729f (1.2.13) NOTE: https://github.com/Cacti/cacti/commit/dc35a79b15eeb68a46205c7b06d812953fbbf94d (1.2.13) NOTE: https://github.com/Cacti/cacti/commit/72baf7b63bca7b1ee26f37f99be406ea20debf71 (1.2.13) NOTE: https://github.com/Cacti/cacti/commit/de5e60c97b55b17d8d9e7d9782426ac6e941500d (1.2.13) NOTE: https://github.com/Cacti/cacti/commit/a3233a1b3c3c25a325d334c69b4c94d56473cceb (1.2.13) NOTE: https://github.com/Cacti/cacti/commit/80ec47b08a06dddc4f2135562d29f2c619cc264f (1.2.13) CVE-2020-23225 RESERVED CVE-2020-23224 RESERVED CVE-2020-23223 RESERVED CVE-2020-23222 RESERVED CVE-2020-23221 RESERVED CVE-2020-23220 RESERVED CVE-2020-23219 (Monstra CMS 3.0.4 allows attackers to execute arbitrary code via a cra ...) NOT-FOR-US: Monstra CMS CVE-2020-23218 RESERVED CVE-2020-23217 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 all ...) - phplist (bug #612288) CVE-2020-23216 RESERVED CVE-2020-23215 RESERVED CVE-2020-23214 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 all ...) - phplist (bug #612288) CVE-2020-23213 RESERVED CVE-2020-23212 RESERVED CVE-2020-23211 RESERVED CVE-2020-23210 RESERVED CVE-2020-23209 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 all ...) - phplist (bug #612288) CVE-2020-23208 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 all ...) - phplist (bug #612288) CVE-2020-23207 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.3 all ...) - phplist (bug #612288) CVE-2020-23206 RESERVED CVE-2020-23205 (A stored cross site scripting (XSS) vulnerability in Monstra CMS versi ...) NOT-FOR-US: Monstra CMS CVE-2020-23204 RESERVED CVE-2020-23203 RESERVED CVE-2020-23202 RESERVED CVE-2020-23201 RESERVED CVE-2020-23200 RESERVED CVE-2020-23199 RESERVED CVE-2020-23198 RESERVED CVE-2020-23197 RESERVED CVE-2020-23196 RESERVED CVE-2020-23195 RESERVED CVE-2020-23194 (A stored cross site scripting (XSS) vulnerability in the "Import Subsc ...) - phplist (bug #612288) CVE-2020-23193 RESERVED CVE-2020-23192 (A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and ...) - phplist (bug #612288) CVE-2020-23191 RESERVED CVE-2020-23190 (A stored cross site scripting (XSS) vulnerability in the "Import email ...) - phplist (bug #612288) CVE-2020-23189 RESERVED CVE-2020-23188 RESERVED CVE-2020-23187 RESERVED CVE-2020-23186 RESERVED CVE-2020-23185 (A stored cross site scripting (XSS) vulnerability in /administration/s ...) NOT-FOR-US: PHP-Fusion CVE-2020-23184 (A stored cross site scripting (XSS) vulnerability in /administration/s ...) NOT-FOR-US: PHP-Fusion CVE-2020-23183 RESERVED CVE-2020-23182 (The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.ph ...) NOT-FOR-US: PHP-Fusion CVE-2020-23181 (A reflected cross site scripting (XSS) vulnerability in /administratio ...) NOT-FOR-US: PHP-Fusion CVE-2020-23180 RESERVED CVE-2020-23179 (A stored cross site scripting (XSS) vulnerability in administration/se ...) NOT-FOR-US: PHP-Fusion CVE-2020-23178 (An issue exists in PHP-Fusion 9.03.50 where session cookies are not de ...) NOT-FOR-US: PHP-Fusion CVE-2020-23177 RESERVED CVE-2020-23176 RESERVED CVE-2020-23175 RESERVED CVE-2020-23174 RESERVED CVE-2020-23173 RESERVED CVE-2020-23172 (A vulnerability in all versions of Kuba allows attackers to overwrite ...) NOT-FOR-US: Kuba CVE-2020-23171 (A vulnerability in all versions of Nim-lang allows unauthenticated att ...) NOT-FOR-US: nim-lang zip NOTE: The Nim compiler exists in Debian, nim-lang/zip is a ZIP wrapper written in Nim. CVE-2020-23170 RESERVED CVE-2020-23169 RESERVED CVE-2020-23168 RESERVED CVE-2020-23167 RESERVED CVE-2020-23166 RESERVED CVE-2020-23165 RESERVED CVE-2020-23164 RESERVED CVE-2020-23163 RESERVED CVE-2020-23162 (Sensitive information disclosure and weak encryption in Pyrescom Termo ...) NOT-FOR-US: Pyrescom Termod4 time management devices CVE-2020-23161 (Local file inclusion in Pyrescom Termod4 time management devices befor ...) NOT-FOR-US: Pyrescom Termod4 time management devices CVE-2020-23160 (Remote code execution in Pyrescom Termod4 time management devices befo ...) NOT-FOR-US: Pyrescom Termod4 time management devices CVE-2020-23159 RESERVED CVE-2020-23158 RESERVED CVE-2020-23157 RESERVED CVE-2020-23156 RESERVED CVE-2020-23155 RESERVED CVE-2020-23154 RESERVED CVE-2020-23153 RESERVED CVE-2020-23152 RESERVED CVE-2020-23151 (rConfig 3.9.5 allows command injection by sending a crafted GET reques ...) NOT-FOR-US: rConfig CVE-2020-23150 (A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allow ...) NOT-FOR-US: rConfig CVE-2020-23149 (The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsaniti ...) NOT-FOR-US: rConfig CVE-2020-23148 (The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsaniti ...) NOT-FOR-US: rConfig CVE-2020-23147 RESERVED CVE-2020-23146 RESERVED CVE-2020-23145 RESERVED CVE-2020-23144 RESERVED CVE-2020-23143 RESERVED CVE-2020-23142 RESERVED CVE-2020-23141 RESERVED CVE-2020-23140 (Microweber 1.1.18 is affected by insufficient session expiration. When ...) NOT-FOR-US: Microweber CVE-2020-23139 (Microweber 1.1.18 is affected by broken authentication and session man ...) NOT-FOR-US: Microweber CVE-2020-23138 (An unrestricted file upload vulnerability was discovered in the Microw ...) NOT-FOR-US: Microweber CVE-2020-23137 RESERVED CVE-2020-23136 (Microweber v1.1.18 is affected by no session expiry after log-out. ...) NOT-FOR-US: Microweber CVE-2020-23135 RESERVED CVE-2020-23134 RESERVED CVE-2020-23133 RESERVED CVE-2020-23132 RESERVED CVE-2020-23131 RESERVED CVE-2020-23130 REJECTED CVE-2020-23129 REJECTED CVE-2020-23128 (Chamilo LMS 1.11.10 does not properly manage privileges which could al ...) NOT-FOR-US: Chamilo LMS CVE-2020-23127 (Chamilo LMS 1.11.10 is affected by Cross Site Request Forgery (CSRF) v ...) NOT-FOR-US: Chamilo LMS CVE-2020-23126 (Chamilo LMS version 1.11.10 contains an XSS vulnerability in the perso ...) NOT-FOR-US: Chamilo LMS CVE-2020-23125 RESERVED CVE-2020-23124 RESERVED CVE-2020-23123 RESERVED CVE-2020-23122 RESERVED CVE-2020-23121 RESERVED CVE-2020-23120 RESERVED CVE-2020-23119 RESERVED CVE-2020-23118 RESERVED CVE-2020-23117 RESERVED CVE-2020-23116 RESERVED CVE-2020-23115 RESERVED CVE-2020-23114 RESERVED CVE-2020-23113 RESERVED CVE-2020-23112 RESERVED CVE-2020-23111 RESERVED CVE-2020-23110 RESERVED CVE-2020-23109 (Buffer overflow vulnerability in function convert_colorspace in heif_c ...) - libheif NOTE: https://github.com/strukturag/libheif/issues/207 CVE-2020-23108 RESERVED CVE-2020-23107 RESERVED CVE-2020-23106 RESERVED CVE-2020-23105 RESERVED CVE-2020-23104 RESERVED CVE-2020-23103 RESERVED CVE-2020-23102 RESERVED CVE-2020-23101 RESERVED CVE-2020-23100 RESERVED CVE-2020-23099 RESERVED CVE-2020-23098 RESERVED CVE-2020-23097 RESERVED CVE-2020-23096 RESERVED CVE-2020-23095 RESERVED CVE-2020-23094 RESERVED CVE-2020-23093 RESERVED CVE-2020-23092 RESERVED CVE-2020-23091 RESERVED CVE-2020-23090 RESERVED CVE-2020-23089 RESERVED CVE-2020-23088 RESERVED CVE-2020-23087 RESERVED CVE-2020-23086 RESERVED CVE-2020-23085 RESERVED CVE-2020-23084 RESERVED CVE-2020-23083 (Unrestricted File Upload in JEECG v4.0 and earlier allows remote attac ...) NOT-FOR-US: JEECG CVE-2020-23082 RESERVED CVE-2020-23081 RESERVED CVE-2020-23080 RESERVED CVE-2020-23079 (SSRF vulnerability in Halo <=1.3.2 exists in the SMTP configuration ...) NOT-FOR-US: Halo CVE-2020-23078 RESERVED CVE-2020-23077 RESERVED CVE-2020-23076 RESERVED CVE-2020-23075 RESERVED CVE-2020-23074 RESERVED CVE-2020-23073 RESERVED CVE-2020-23072 RESERVED CVE-2020-23071 RESERVED CVE-2020-23070 RESERVED CVE-2020-23069 (Path Traversal vulneraility exists in webTareas 2.0 via the extpath pa ...) NOT-FOR-US: webTareas CVE-2020-23068 RESERVED CVE-2020-23067 RESERVED CVE-2020-23066 RESERVED CVE-2020-23065 RESERVED CVE-2020-23064 RESERVED CVE-2020-23063 RESERVED CVE-2020-23062 RESERVED CVE-2020-23061 (Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contai ...) NOT-FOR-US: Dropouts Technologies LLP Super Backup CVE-2020-23060 (Internet Download Manager 6.37.11.1 was discovered to contain a stack ...) NOT-FOR-US: Internet Download Manager CVE-2020-23059 RESERVED CVE-2020-23058 (An issue in the authentication mechanism in Nong Ge File Explorer v1.4 ...) NOT-FOR-US: Nong Ge File Explorer CVE-2020-23057 RESERVED CVE-2020-23056 RESERVED CVE-2020-23055 (ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & W ...) NOT-FOR-US: ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 CVE-2020-23054 (A cross-site scripting (XSS) vulnerability in NSK User Agent String Sw ...) NOT-FOR-US: NSK User Agent String Switcher Service CVE-2020-23053 RESERVED CVE-2020-23052 (Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple ...) - mahara CVE-2020-23051 (Phpgurukul User Registration & User Management System v2.0 was dis ...) NOT-FOR-US: Phpgurukul User Registration & User Management System CVE-2020-23050 (TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to cont ...) NOT-FOR-US: TAO Open Source Assessment Platform CVE-2020-23049 (Fork CMS Content Management System v5.8.0 was discovered to contain a ...) NOT-FOR-US: Fork CMS CVE-2020-23048 (SeedDMS Content Management System v6.0.7 contains a persistent cross-s ...) NOT-FOR-US: SeedDMS CMS CVE-2020-23047 (Macrob7 Macs Framework Content Management System - 1.14f was discovere ...) NOT-FOR-US: Macrob7 Macs Framework Content Management System CVE-2020-23046 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-23045 (Macrob7 Macs Framework Content Management System - 1.14f was discovere ...) NOT-FOR-US: Macrob7 Macs Framework Content Management System CVE-2020-23044 (DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripti ...) NOT-FOR-US: DedeCMS CVE-2020-23043 (Tran Tu Air Sender v1.0.2 was discovered to contain an arbitrary file ...) NOT-FOR-US: Tran Tu Air Sender CVE-2020-23042 (Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contai ...) NOT-FOR-US: Dropouts Technologies LLP Super Backup CVE-2020-23041 (Dropouts Technologies LLP Air Share v1.2 was discovered to contain a c ...) NOT-FOR-US: Dropouts Technologies LLP Air Share CVE-2020-23040 (Sky File v2.1.0 contains a directory traversal vulnerability in the FT ...) NOT-FOR-US: Sky File CVE-2020-23039 (Folder Lock v3.4.5 was discovered to contain a stored cross-site scrip ...) NOT-FOR-US: Folder Lock CVE-2020-23038 (Swift File Transfer Mobile v1.1.2 and below was discovered to contain ...) NOT-FOR-US: Swift File Transfer Mobile CVE-2020-23037 (Portable Ltd Playable v9.18 contains a code injection vulnerability in ...) NOT-FOR-US: Portable Ltd Playable CVE-2020-23036 (MEDIA NAVI Inc SMACom v1.2 was discovered to contain an insecure sessi ...) NOT-FOR-US: MEDIA NAVI Inc SMACom CVE-2020-23035 RESERVED CVE-2020-23034 RESERVED CVE-2020-23033 RESERVED CVE-2020-23032 RESERVED CVE-2020-23031 RESERVED CVE-2020-23030 RESERVED CVE-2020-23029 RESERVED CVE-2020-23028 RESERVED CVE-2020-23027 RESERVED CVE-2020-23026 RESERVED CVE-2020-23025 RESERVED CVE-2020-23024 RESERVED CVE-2020-23023 RESERVED CVE-2020-23022 RESERVED CVE-2020-23021 RESERVED CVE-2020-23020 RESERVED CVE-2020-23019 RESERVED CVE-2020-23018 RESERVED CVE-2020-23017 RESERVED CVE-2020-23016 RESERVED CVE-2020-23015 (An open redirect issue was discovered in OPNsense through 20.1.5. The ...) NOT-FOR-US: OPNsense CVE-2020-23014 (APfell 1.4 is vulnerable to authenticated reflected cross-site scripti ...) NOT-FOR-US: APfell CVE-2020-23013 RESERVED CVE-2020-23012 RESERVED CVE-2020-23011 RESERVED CVE-2020-23010 RESERVED CVE-2020-23009 RESERVED CVE-2020-23008 RESERVED CVE-2020-23007 RESERVED CVE-2020-23006 RESERVED CVE-2020-23005 RESERVED CVE-2020-23004 RESERVED CVE-2020-23003 RESERVED CVE-2020-23002 RESERVED CVE-2020-23001 RESERVED CVE-2020-23000 RESERVED CVE-2020-22999 RESERVED CVE-2020-22998 RESERVED CVE-2020-22997 RESERVED CVE-2020-22996 RESERVED CVE-2020-22995 RESERVED CVE-2020-22994 RESERVED CVE-2020-22993 RESERVED CVE-2020-22992 RESERVED CVE-2020-22991 RESERVED CVE-2020-22990 RESERVED CVE-2020-22989 RESERVED CVE-2020-22988 RESERVED CVE-2020-22987 RESERVED CVE-2020-22986 RESERVED CVE-2020-22985 RESERVED CVE-2020-22984 RESERVED CVE-2020-22983 RESERVED CVE-2020-22982 RESERVED CVE-2020-22981 RESERVED CVE-2020-22980 RESERVED CVE-2020-22979 RESERVED CVE-2020-22978 RESERVED CVE-2020-22977 RESERVED CVE-2020-22976 RESERVED CVE-2020-22975 RESERVED CVE-2020-22974 RESERVED CVE-2020-22973 RESERVED CVE-2020-22972 RESERVED CVE-2020-22971 RESERVED CVE-2020-22970 RESERVED CVE-2020-22969 RESERVED CVE-2020-22968 RESERVED CVE-2020-22967 RESERVED CVE-2020-22966 RESERVED CVE-2020-22965 RESERVED CVE-2020-22964 RESERVED CVE-2020-22963 RESERVED CVE-2020-22962 RESERVED CVE-2020-22961 RESERVED CVE-2020-22960 RESERVED CVE-2020-22959 RESERVED CVE-2020-22958 RESERVED CVE-2020-22957 RESERVED CVE-2020-22956 RESERVED CVE-2020-22955 RESERVED CVE-2020-22954 RESERVED CVE-2020-22953 RESERVED CVE-2020-22952 RESERVED CVE-2020-22951 RESERVED CVE-2020-22950 RESERVED CVE-2020-22949 RESERVED CVE-2020-22948 RESERVED CVE-2020-22947 RESERVED CVE-2020-22946 RESERVED CVE-2020-22945 RESERVED CVE-2020-22944 RESERVED CVE-2020-22943 RESERVED CVE-2020-22942 RESERVED CVE-2020-22941 RESERVED CVE-2020-22940 RESERVED CVE-2020-22939 RESERVED CVE-2020-22938 RESERVED CVE-2020-22937 (A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 ...) NOT-FOR-US: EmpireCMS CVE-2020-22936 RESERVED CVE-2020-22935 RESERVED CVE-2020-22934 RESERVED CVE-2020-22933 RESERVED CVE-2020-22932 RESERVED CVE-2020-22931 RESERVED CVE-2020-22930 RESERVED CVE-2020-22929 RESERVED CVE-2020-22928 RESERVED CVE-2020-22927 RESERVED CVE-2020-22926 RESERVED CVE-2020-22925 RESERVED CVE-2020-22924 RESERVED CVE-2020-22923 RESERVED CVE-2020-22922 RESERVED CVE-2020-22921 RESERVED CVE-2020-22920 RESERVED CVE-2020-22919 RESERVED CVE-2020-22918 RESERVED CVE-2020-22917 RESERVED CVE-2020-22916 RESERVED CVE-2020-22915 RESERVED CVE-2020-22914 RESERVED CVE-2020-22913 RESERVED CVE-2020-22912 RESERVED CVE-2020-22911 RESERVED CVE-2020-22910 RESERVED CVE-2020-22909 RESERVED CVE-2020-22908 RESERVED CVE-2020-22907 (Stack overflow vulnerability in function jsi_evalcode_sub in jsish bef ...) NOT-FOR-US: jsish CVE-2020-22906 RESERVED CVE-2020-22905 RESERVED CVE-2020-22904 RESERVED CVE-2020-22903 RESERVED CVE-2020-22902 RESERVED CVE-2020-22901 RESERVED CVE-2020-22900 RESERVED CVE-2020-22899 RESERVED CVE-2020-22898 RESERVED CVE-2020-22897 RESERVED CVE-2020-22896 RESERVED CVE-2020-22895 RESERVED CVE-2020-22894 RESERVED CVE-2020-22893 RESERVED CVE-2020-22892 RESERVED CVE-2020-22891 RESERVED CVE-2020-22890 RESERVED CVE-2020-22889 RESERVED CVE-2020-22888 RESERVED CVE-2020-22887 RESERVED CVE-2020-22886 (Buffer overflow vulnerability in function jsG_markobject in jsgc.c in ...) - mujs 1.0.9-1 NOTE: https://github.com/ccxvii/mujs/issues/134 CVE-2020-22885 (Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in ...) - mujs 1.0.9-1 NOTE: https://github.com/ccxvii/mujs/issues/133 CVE-2020-22884 (Buffer overflow vulnerability in function jsvGetStringChars in Espruin ...) NOT-FOR-US: Espruino CVE-2020-22883 RESERVED CVE-2020-22882 (Issue was discovered in the fxParserTree function in moddable, allows ...) NOT-FOR-US: Moddable CVE-2020-22881 RESERVED CVE-2020-22880 RESERVED CVE-2020-22879 RESERVED CVE-2020-22878 RESERVED CVE-2020-22877 RESERVED CVE-2020-22876 (Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote a ...) NOT-FOR-US: QuickJS CVE-2020-22875 (Integer overflow vulnerability in function Jsi_ObjSetLength in jsish b ...) NOT-FOR-US: jsish CVE-2020-22874 (Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish ...) NOT-FOR-US: jsish CVE-2020-22873 (Buffer overflow vulnerability in function NumberToPrecisionCmd in jsis ...) NOT-FOR-US: jsish CVE-2020-22872 RESERVED CVE-2020-22871 RESERVED CVE-2020-22870 RESERVED CVE-2020-22869 RESERVED CVE-2020-22868 RESERVED CVE-2020-22867 RESERVED CVE-2020-22866 RESERVED CVE-2020-22865 RESERVED CVE-2020-22864 (A cross site scripting (XSS) vulnerability in the Insert Video functio ...) NOT-FOR-US: Froala WYSIWYG Editor CVE-2020-22863 RESERVED CVE-2020-22862 RESERVED CVE-2020-22861 RESERVED CVE-2020-22860 RESERVED CVE-2020-22859 RESERVED CVE-2020-22858 RESERVED CVE-2020-22857 RESERVED CVE-2020-22856 RESERVED CVE-2020-22855 RESERVED CVE-2020-22854 RESERVED CVE-2020-22853 RESERVED CVE-2020-22852 RESERVED CVE-2020-22851 RESERVED CVE-2020-22850 RESERVED CVE-2020-22849 RESERVED CVE-2020-22848 (A remote code execution (RCE) vulnerability in the \Playsong.php compo ...) NOT-FOR-US: cscms CVE-2020-22847 RESERVED CVE-2020-22846 RESERVED CVE-2020-22845 RESERVED CVE-2020-22844 RESERVED CVE-2020-22843 RESERVED CVE-2020-22842 (CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ...) NOT-FOR-US: CMS Made Simple CVE-2020-22841 (Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attac ...) NOT-FOR-US: b2evolution CMS CVE-2020-22840 (Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 ...) NOT-FOR-US: b2evolution CMS CVE-2020-22839 (Reflected cross-site scripting vulnerability (XSS) in the evoadm.php f ...) NOT-FOR-US: b2evolution CMS CVE-2020-22838 RESERVED CVE-2020-22837 RESERVED CVE-2020-22836 RESERVED CVE-2020-22835 RESERVED CVE-2020-22834 RESERVED CVE-2020-22833 RESERVED CVE-2020-22832 RESERVED CVE-2020-22831 RESERVED CVE-2020-22830 RESERVED CVE-2020-22829 RESERVED CVE-2020-22828 RESERVED CVE-2020-22827 RESERVED CVE-2020-22826 RESERVED CVE-2020-22825 RESERVED CVE-2020-22824 RESERVED CVE-2020-22823 RESERVED CVE-2020-22822 RESERVED CVE-2020-22821 RESERVED CVE-2020-22820 RESERVED CVE-2020-22819 RESERVED CVE-2020-22818 RESERVED CVE-2020-22817 RESERVED CVE-2020-22816 RESERVED CVE-2020-22815 RESERVED CVE-2020-22814 RESERVED CVE-2020-22813 RESERVED CVE-2020-22812 RESERVED CVE-2020-22811 RESERVED CVE-2020-22810 RESERVED CVE-2020-22809 (In Windscribe v1.83 Build 20, 'WindscribeService' has an Unquoted Serv ...) NOT-FOR-US: Windscribe CVE-2020-22808 (An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulne ...) NOT-FOR-US: yii2_fecshop CVE-2020-22807 (An issue was dicovered in vtiger crm 7.2. Union sql injection in the c ...) NOT-FOR-US: VTiger CRM CVE-2020-22806 RESERVED CVE-2020-22805 RESERVED CVE-2020-22804 RESERVED CVE-2020-22803 RESERVED CVE-2020-22802 RESERVED CVE-2020-22801 RESERVED CVE-2020-22800 RESERVED CVE-2020-22799 RESERVED CVE-2020-22798 RESERVED CVE-2020-22797 RESERVED CVE-2020-22796 RESERVED CVE-2020-22795 RESERVED CVE-2020-22794 RESERVED CVE-2020-22793 RESERVED CVE-2020-22792 RESERVED CVE-2020-22791 RESERVED CVE-2020-22790 (Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta ...) NOT-FOR-US: FME Server CVE-2020-22789 (Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Be ...) NOT-FOR-US: FME Server CVE-2020-22788 RESERVED CVE-2020-22787 RESERVED CVE-2020-22786 RESERVED CVE-2020-22785 (Etherpad < 1.8.3 is affected by a missing lock check which could ca ...) - etherpad-lite (bug #576998) CVE-2020-22784 (In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces ...) NOT-FOR-US: Etherpad UeberDB CVE-2020-22783 (Etherpad <1.8.3 stored passwords used by users insecurely in the da ...) - etherpad-lite (bug #576998) CVE-2020-22782 (Etherpad < 1.8.3 is affected by a denial of service in the import f ...) - etherpad-lite (bug #576998) CVE-2020-22781 (In Etherpad < 1.8.3, a specially crafted URI would raise an unhandl ...) - etherpad-lite (bug #576998) CVE-2020-22780 RESERVED CVE-2020-22779 RESERVED CVE-2020-22778 RESERVED CVE-2020-22777 RESERVED CVE-2020-22776 RESERVED CVE-2020-22775 RESERVED CVE-2020-22774 RESERVED CVE-2020-22773 RESERVED CVE-2020-22772 RESERVED CVE-2020-22771 RESERVED CVE-2020-22770 RESERVED CVE-2020-22769 RESERVED CVE-2020-22768 RESERVED CVE-2020-22767 RESERVED CVE-2020-22766 RESERVED CVE-2020-22765 (Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the ...) NOT-FOR-US: NukeViet cms CVE-2020-22764 RESERVED CVE-2020-22763 RESERVED CVE-2020-22762 RESERVED CVE-2020-22761 (Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via t ...) NOT-FOR-US: FlatPress CVE-2020-22760 RESERVED CVE-2020-22759 RESERVED CVE-2020-22758 RESERVED CVE-2020-22757 RESERVED CVE-2020-22756 RESERVED CVE-2020-22755 RESERVED CVE-2020-22754 RESERVED CVE-2020-22753 RESERVED CVE-2020-22752 RESERVED CVE-2020-22751 RESERVED CVE-2020-22750 RESERVED CVE-2020-22749 RESERVED CVE-2020-22748 RESERVED CVE-2020-22747 RESERVED CVE-2020-22746 RESERVED CVE-2020-22745 RESERVED CVE-2020-22744 RESERVED CVE-2020-22743 RESERVED CVE-2020-22742 RESERVED CVE-2020-22741 (An issue was discovered in Xuperchain 3.6.0 that allows for attackers ...) NOT-FOR-US: Xuperchain CVE-2020-22740 RESERVED CVE-2020-22739 RESERVED CVE-2020-22738 RESERVED CVE-2020-22737 RESERVED CVE-2020-22736 RESERVED CVE-2020-22735 RESERVED CVE-2020-22734 RESERVED CVE-2020-22733 RESERVED CVE-2020-22732 (CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions &g ...) NOT-FOR-US: CMS Made Simple (CMSMS) CVE-2020-22731 RESERVED CVE-2020-22730 RESERVED CVE-2020-22729 RESERVED CVE-2020-22728 RESERVED CVE-2020-22727 RESERVED CVE-2020-22726 RESERVED CVE-2020-22725 RESERVED CVE-2020-22724 (A remote command execution vulnerability exists in add_server_service ...) NOT-FOR-US: Mercury Router MER1200 CVE-2020-22723 (A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhiche ...) NOT-FOR-US: Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege ...) NOT-FOR-US: Rapid Software LLC Rapid SCADA CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8. ...) NOT-FOR-US: PNotes - Andrey Gruber PNotes.NET CVE-2020-22720 REJECTED CVE-2020-22719 (Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerabil ...) NOT-FOR-US: Shimo Document CVE-2020-22718 RESERVED CVE-2020-22717 RESERVED CVE-2020-22716 RESERVED CVE-2020-22715 RESERVED CVE-2020-22714 RESERVED CVE-2020-22713 RESERVED CVE-2020-22712 RESERVED CVE-2020-22711 RESERVED CVE-2020-22710 RESERVED CVE-2020-22709 RESERVED CVE-2020-22708 RESERVED CVE-2020-22707 RESERVED CVE-2020-22706 RESERVED CVE-2020-22705 RESERVED CVE-2020-22704 RESERVED CVE-2020-22703 RESERVED CVE-2020-22702 RESERVED CVE-2020-22701 RESERVED CVE-2020-22700 RESERVED CVE-2020-22699 RESERVED CVE-2020-22698 RESERVED CVE-2020-22697 RESERVED CVE-2020-22696 RESERVED CVE-2020-22695 RESERVED CVE-2020-22694 RESERVED CVE-2020-22693 RESERVED CVE-2020-22692 RESERVED CVE-2020-22691 RESERVED CVE-2020-22690 RESERVED CVE-2020-22689 RESERVED CVE-2020-22688 RESERVED CVE-2020-22687 RESERVED CVE-2020-22686 RESERVED CVE-2020-22685 RESERVED CVE-2020-22684 RESERVED CVE-2020-22683 RESERVED CVE-2020-22682 RESERVED CVE-2020-22681 RESERVED CVE-2020-22680 RESERVED CVE-2020-22679 (Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 a ...) - gpac 1.0.1+dfsg1-2 (unimportant) NOTE: https://github.com/gpac/gpac/issues/1345 NOTE: https://github.com/gpac/gpac/commit/6c1e7ddfae2ad4daeda7f7e544da34cb765d36c9 NOTE: Negligible security impact CVE-2020-22678 (An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulat ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1339 NOTE: https://github.com/gpac/gpac/commit/7644478ecfa25fd9505ee11ef12deb475cd97025 CVE-2020-22677 (An issue was discovered in gpac 0.8.0. The dump_data_hex function in b ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1341 NOTE: https://github.com/gpac/gpac/commit/a0e6aa849002863a63e6f9e9daecca47042954c4 CVE-2020-22676 RESERVED CVE-2020-22675 (An issue was discovered in gpac 0.8.0. The GetGhostNum function in stb ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1344 NOTE: https://github.com/gpac/gpac/commit/5aa8c4bbd970a3a77517b00528a596063efca1a9 CVE-2020-22674 (An issue was discovered in gpac 0.8.0. An invalid memory dereference e ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) [stretch] - gpac (Vulnerable code introduced later, in version 0.7.0) NOTE: https://github.com/gpac/gpac/issues/1346 NOTE: https://github.com/gpac/gpac/commit/6040a5981a9f51410bd18af8820afbd2748c2d76 CVE-2020-22673 (Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows ...) - gpac 1.0.1+dfsg1-2 (unimportant) NOTE: https://github.com/gpac/gpac/issues/1342 NOTE: https://github.com/gpac/gpac/commit/a0e6aa849002863a63e6f9e9daecca47042954c4 NOTE: Negligible security impact CVE-2020-22672 RESERVED CVE-2020-22671 RESERVED CVE-2020-22670 RESERVED CVE-2020-22669 RESERVED CVE-2020-22668 RESERVED CVE-2020-22667 RESERVED CVE-2020-22666 RESERVED CVE-2020-22665 RESERVED CVE-2020-22664 RESERVED CVE-2020-22663 RESERVED CVE-2020-22662 RESERVED CVE-2020-22661 RESERVED CVE-2020-22660 RESERVED CVE-2020-22659 RESERVED CVE-2020-22658 RESERVED CVE-2020-22657 RESERVED CVE-2020-22656 RESERVED CVE-2020-22655 RESERVED CVE-2020-22654 RESERVED CVE-2020-22653 RESERVED CVE-2020-22652 RESERVED CVE-2020-22651 RESERVED CVE-2020-22650 (A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 ...) NOT-FOR-US: AlienVault Ossim CVE-2020-22649 RESERVED CVE-2020-22648 RESERVED CVE-2020-22647 RESERVED CVE-2020-22646 RESERVED CVE-2020-22645 RESERVED CVE-2020-22644 RESERVED CVE-2020-22643 (Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, ...) NOT-FOR-US: Feehi CMS CVE-2020-22642 RESERVED CVE-2020-22641 RESERVED CVE-2020-22640 RESERVED CVE-2020-22639 RESERVED CVE-2020-22638 RESERVED CVE-2020-22637 RESERVED CVE-2020-22636 RESERVED CVE-2020-22635 RESERVED CVE-2020-22634 RESERVED CVE-2020-22633 RESERVED CVE-2020-22632 RESERVED CVE-2020-22631 RESERVED CVE-2020-22630 RESERVED CVE-2020-22629 RESERVED CVE-2020-22628 RESERVED CVE-2020-22627 RESERVED CVE-2020-22626 RESERVED CVE-2020-22625 RESERVED CVE-2020-22624 RESERVED CVE-2020-22623 RESERVED CVE-2020-22622 RESERVED CVE-2020-22621 RESERVED CVE-2020-22620 RESERVED CVE-2020-22619 RESERVED CVE-2020-22618 RESERVED CVE-2020-22617 (Ardour v5.12 contains a use-after-free vulnerability in the component ...) - ardour 1:6.0.0~ds0-1 [buster] - ardour (Minor issue) [stretch] - ardour (Minor issue) NOTE: https://tracker.ardour.org/view.php?id=7926 NOTE: https://github.com/Ardour/ardour/commit/96daa4036a425ff3f23a7dfcba57bfb0f942bec6 (6.0-pre1) CVE-2020-22616 RESERVED CVE-2020-22615 RESERVED CVE-2020-22614 RESERVED CVE-2020-22613 RESERVED CVE-2020-22612 RESERVED CVE-2020-22611 RESERVED CVE-2020-22610 RESERVED CVE-2020-22609 (Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket befor ...) NOT-FOR-US: osTicket CVE-2020-22608 (Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.1 ...) NOT-FOR-US: osTicket CVE-2020-22607 (Cross Site Scripting vulnerabilty in LimeSurvey 4.1.11+200316 via the ...) - limesurvey (bug #472802) CVE-2020-22606 RESERVED CVE-2020-22605 RESERVED CVE-2020-22604 RESERVED CVE-2020-22603 RESERVED CVE-2020-22602 RESERVED CVE-2020-22601 RESERVED CVE-2020-22600 RESERVED CVE-2020-22599 RESERVED CVE-2020-22598 RESERVED CVE-2020-22597 RESERVED CVE-2020-22596 RESERVED CVE-2020-22595 RESERVED CVE-2020-22594 RESERVED CVE-2020-22593 RESERVED CVE-2020-22592 RESERVED CVE-2020-22591 RESERVED CVE-2020-22590 RESERVED CVE-2020-22589 RESERVED CVE-2020-22588 RESERVED CVE-2020-22587 RESERVED CVE-2020-22586 RESERVED CVE-2020-22585 RESERVED CVE-2020-22584 RESERVED CVE-2020-22583 RESERVED CVE-2020-22582 RESERVED CVE-2020-22581 RESERVED CVE-2020-22580 RESERVED CVE-2020-22579 RESERVED CVE-2020-22578 RESERVED CVE-2020-22577 RESERVED CVE-2020-22576 RESERVED CVE-2020-22575 RESERVED CVE-2020-22574 RESERVED CVE-2020-22573 RESERVED CVE-2020-22572 RESERVED CVE-2020-22571 RESERVED CVE-2020-22570 RESERVED CVE-2020-22569 RESERVED CVE-2020-22568 RESERVED CVE-2020-22567 RESERVED CVE-2020-22566 RESERVED CVE-2020-22565 RESERVED CVE-2020-22564 RESERVED CVE-2020-22563 RESERVED CVE-2020-22562 RESERVED CVE-2020-22561 RESERVED CVE-2020-22560 RESERVED CVE-2020-22559 RESERVED CVE-2020-22558 RESERVED CVE-2020-22557 RESERVED CVE-2020-22556 RESERVED CVE-2020-22555 RESERVED CVE-2020-22554 RESERVED CVE-2020-22553 RESERVED CVE-2020-22552 (The Snap7 server component in version 1.4.1, when an attacker sends a ...) NOT-FOR-US: Snap7 CVE-2020-22551 RESERVED CVE-2020-22550 (Veno File Manager 3.5.6 is affected by a directory traversal vulnerabi ...) NOT-FOR-US: Veno File Manager CVE-2020-22549 RESERVED CVE-2020-22548 RESERVED CVE-2020-22547 RESERVED CVE-2020-22546 RESERVED CVE-2020-22545 RESERVED CVE-2020-22544 RESERVED CVE-2020-22543 RESERVED CVE-2020-22542 RESERVED CVE-2020-22541 RESERVED CVE-2020-22540 RESERVED CVE-2020-22539 RESERVED CVE-2020-22538 RESERVED CVE-2020-22537 RESERVED CVE-2020-22536 RESERVED CVE-2020-22535 (Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list ...) NOT-FOR-US: PbootCMS CVE-2020-22534 RESERVED CVE-2020-22533 RESERVED CVE-2020-22532 RESERVED CVE-2020-22531 RESERVED CVE-2020-22530 RESERVED CVE-2020-22529 RESERVED CVE-2020-22528 RESERVED CVE-2020-22527 RESERVED CVE-2020-22526 RESERVED CVE-2020-22525 RESERVED CVE-2020-22524 RESERVED CVE-2020-22523 RESERVED CVE-2020-22522 RESERVED CVE-2020-22521 RESERVED CVE-2020-22520 RESERVED CVE-2020-22519 RESERVED CVE-2020-22518 RESERVED CVE-2020-22517 RESERVED CVE-2020-22516 RESERVED CVE-2020-22515 RESERVED CVE-2020-22514 RESERVED CVE-2020-22513 RESERVED CVE-2020-22512 RESERVED CVE-2020-22511 RESERVED CVE-2020-22510 RESERVED CVE-2020-22509 RESERVED CVE-2020-22508 RESERVED CVE-2020-22507 RESERVED CVE-2020-22506 RESERVED CVE-2020-22505 RESERVED CVE-2020-22504 RESERVED CVE-2020-22503 RESERVED CVE-2020-22502 RESERVED CVE-2020-22501 RESERVED CVE-2020-22500 RESERVED CVE-2020-22499 RESERVED CVE-2020-22498 RESERVED CVE-2020-22497 RESERVED CVE-2020-22496 RESERVED CVE-2020-22495 RESERVED CVE-2020-22494 RESERVED CVE-2020-22493 RESERVED CVE-2020-22492 RESERVED CVE-2020-22491 RESERVED CVE-2020-22490 RESERVED CVE-2020-22489 RESERVED CVE-2020-22488 RESERVED CVE-2020-22487 RESERVED CVE-2020-22486 RESERVED CVE-2020-22485 RESERVED CVE-2020-22484 RESERVED CVE-2020-22483 RESERVED CVE-2020-22482 RESERVED CVE-2020-22481 (An issue was discovered in HFish 0.5.1. When a payload is inserted whe ...) NOT-FOR-US: HFish CVE-2020-22480 RESERVED CVE-2020-22479 RESERVED CVE-2020-22478 RESERVED CVE-2020-22477 RESERVED CVE-2020-22476 RESERVED CVE-2020-22475 ("Tasks" application version before 9.7.3 is affected by insecure permi ...) NOT-FOR-US: Tasks app CVE-2020-22474 (In webERP 4.15, the ManualContents.php file allows users to specify th ...) NOT-FOR-US: webERP CVE-2020-22473 RESERVED CVE-2020-22472 RESERVED CVE-2020-22471 RESERVED CVE-2020-22470 RESERVED CVE-2020-22469 RESERVED CVE-2020-22468 RESERVED CVE-2020-22467 RESERVED CVE-2020-22466 RESERVED CVE-2020-22465 RESERVED CVE-2020-22464 RESERVED CVE-2020-22463 RESERVED CVE-2020-22462 RESERVED CVE-2020-22461 RESERVED CVE-2020-22460 RESERVED CVE-2020-22459 RESERVED CVE-2020-22458 RESERVED CVE-2020-22457 RESERVED CVE-2020-22456 RESERVED CVE-2020-22455 RESERVED CVE-2020-22454 RESERVED CVE-2020-22453 (Untis WebUntis before 2020.9.6 allows XSS in multiple functions that s ...) NOT-FOR-US: Untis WebUntis CVE-2020-22452 RESERVED CVE-2020-22451 RESERVED CVE-2020-22450 RESERVED CVE-2020-22449 RESERVED CVE-2020-22448 RESERVED CVE-2020-22447 RESERVED CVE-2020-22446 RESERVED CVE-2020-22445 RESERVED CVE-2020-22444 RESERVED CVE-2020-22443 RESERVED CVE-2020-22442 RESERVED CVE-2020-22441 RESERVED CVE-2020-22440 RESERVED CVE-2020-22439 RESERVED CVE-2020-22438 RESERVED CVE-2020-22437 RESERVED CVE-2020-22436 RESERVED CVE-2020-22435 RESERVED CVE-2020-22434 RESERVED CVE-2020-22433 RESERVED CVE-2020-22432 RESERVED CVE-2020-22431 RESERVED CVE-2020-22430 RESERVED CVE-2020-22429 RESERVED CVE-2020-22428 (SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scr ...) NOT-FOR-US: SolarWinds CVE-2020-22427 (** DISPUTED ** NagiosXI 5.6.11 is affected by a remote code execution ...) NOT-FOR-US: Nagios XI CVE-2020-22426 RESERVED CVE-2020-22425 (Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, whe ...) - centreon-web (bug #913903) CVE-2020-22424 RESERVED CVE-2020-22423 RESERVED CVE-2020-22422 RESERVED CVE-2020-22421 RESERVED CVE-2020-22420 RESERVED CVE-2020-22419 RESERVED CVE-2020-22418 RESERVED CVE-2020-22417 RESERVED CVE-2020-22416 RESERVED CVE-2020-22415 RESERVED CVE-2020-22414 RESERVED CVE-2020-22413 RESERVED CVE-2020-22412 RESERVED CVE-2020-22411 RESERVED CVE-2020-22410 RESERVED CVE-2020-22409 RESERVED CVE-2020-22408 RESERVED CVE-2020-22407 RESERVED CVE-2020-22406 RESERVED CVE-2020-22405 RESERVED CVE-2020-22404 RESERVED CVE-2020-22403 (The express-cart package through 1.1.10 for Node.js allows CSRF. ...) NOT-FOR-US: Node express-cart CVE-2020-22402 RESERVED CVE-2020-22401 RESERVED CVE-2020-22400 RESERVED CVE-2020-22399 RESERVED CVE-2020-22398 RESERVED CVE-2020-22397 RESERVED CVE-2020-22396 RESERVED CVE-2020-22395 RESERVED CVE-2020-22394 (In YzmCMS v5.5 the member contribution function in the editor contains ...) NOT-FOR-US: YzmCMS CVE-2020-22393 RESERVED CVE-2020-22392 (Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 w ...) NOT-FOR-US: Subrion CMS CVE-2020-22391 RESERVED CVE-2020-22390 (Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name ...) NOT-FOR-US: Akaunting CVE-2020-22389 RESERVED CVE-2020-22388 RESERVED CVE-2020-22387 RESERVED CVE-2020-22386 RESERVED CVE-2020-22385 RESERVED CVE-2020-22384 RESERVED CVE-2020-22383 RESERVED CVE-2020-22382 RESERVED CVE-2020-22381 RESERVED CVE-2020-22380 RESERVED CVE-2020-22379 RESERVED CVE-2020-22378 RESERVED CVE-2020-22377 RESERVED CVE-2020-22376 RESERVED CVE-2020-22375 RESERVED CVE-2020-22374 RESERVED CVE-2020-22373 RESERVED CVE-2020-22372 RESERVED CVE-2020-22371 RESERVED CVE-2020-22370 RESERVED CVE-2020-22369 RESERVED CVE-2020-22368 RESERVED CVE-2020-22367 RESERVED CVE-2020-22366 RESERVED CVE-2020-22365 RESERVED CVE-2020-22364 RESERVED CVE-2020-22363 RESERVED CVE-2020-22362 RESERVED CVE-2020-22361 RESERVED CVE-2020-22360 RESERVED CVE-2020-22359 RESERVED CVE-2020-22358 RESERVED CVE-2020-22357 RESERVED CVE-2020-22356 RESERVED CVE-2020-22355 RESERVED CVE-2020-22354 RESERVED CVE-2020-22353 RESERVED CVE-2020-22352 (The gf_dash_segmenter_probe_input function in GPAC v0.8 allows attacke ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Vulnerable code added later) [stretch] - gpac (Vulnerable code added later) NOTE: https://github.com/gpac/gpac/issues/1423 NOTE: https://github.com/gpac/gpac/commit/e90526f3d2ec0dee4cddc5244eb115668f10341f NOTE: Vulnerable code was subsequently removed upstream. CVE-2020-22351 RESERVED CVE-2020-22350 RESERVED CVE-2020-22349 RESERVED CVE-2020-22348 RESERVED CVE-2020-22347 RESERVED CVE-2020-22346 RESERVED CVE-2020-22345 (/graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remot ...) - centreon-web (bug #913903) CVE-2020-22344 RESERVED CVE-2020-22343 RESERVED CVE-2020-22342 RESERVED CVE-2020-22341 RESERVED CVE-2020-22340 RESERVED CVE-2020-22339 RESERVED CVE-2020-22338 RESERVED CVE-2020-22337 RESERVED CVE-2020-22336 RESERVED CVE-2020-22335 RESERVED CVE-2020-22334 RESERVED CVE-2020-22333 RESERVED CVE-2020-22332 RESERVED CVE-2020-22331 RESERVED CVE-2020-22330 (Cross-Site Scripting (XSS) vulnerability in Subrion 4.2.1 via the titl ...) NOT-FOR-US: Subrion CVE-2020-22329 RESERVED CVE-2020-22328 RESERVED CVE-2020-22327 RESERVED CVE-2020-22326 RESERVED CVE-2020-22325 RESERVED CVE-2020-22324 RESERVED CVE-2020-22323 RESERVED CVE-2020-22322 RESERVED CVE-2020-22321 RESERVED CVE-2020-22320 RESERVED CVE-2020-22319 RESERVED CVE-2020-22318 RESERVED CVE-2020-22317 RESERVED CVE-2020-22316 RESERVED CVE-2020-22315 RESERVED CVE-2020-22314 RESERVED CVE-2020-22313 RESERVED CVE-2020-22312 (A cross-site scripting (XSS) vulnerability was discovered in the OJ/ad ...) NOT-FOR-US: HZNUOJ CVE-2020-22311 RESERVED CVE-2020-22310 RESERVED CVE-2020-22309 RESERVED CVE-2020-22308 RESERVED CVE-2020-22307 RESERVED CVE-2020-22306 RESERVED CVE-2020-22305 RESERVED CVE-2020-22304 RESERVED CVE-2020-22303 RESERVED CVE-2020-22302 RESERVED CVE-2020-22301 RESERVED CVE-2020-22300 RESERVED CVE-2020-22299 RESERVED CVE-2020-22298 RESERVED CVE-2020-22297 RESERVED CVE-2020-22296 RESERVED CVE-2020-22295 RESERVED CVE-2020-22294 RESERVED CVE-2020-22293 RESERVED CVE-2020-22292 RESERVED CVE-2020-22291 RESERVED CVE-2020-22290 RESERVED CVE-2020-22289 RESERVED CVE-2020-22288 RESERVED CVE-2020-22287 RESERVED CVE-2020-22286 RESERVED CVE-2020-22285 RESERVED CVE-2020-22284 (A buffer overflow vulnerability in the zepif_linkoutput() function of ...) - lwip (bug #991646) [bullseye] - lwip (Minor issue) [buster] - lwip (Minor issue) NOTE: https://savannah.nongnu.org/bugs/index.php?58554 NOTE: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=8363c24e45a32728e385cfc2c3c36d88a8a9e70b CVE-2020-22283 (A buffer overflow vulnerability in the icmp6_send_response_with_addrs_ ...) - lwip (bug #991645) [bullseye] - lwip (Minor issue) [buster] - lwip (Minor issue) NOTE: https://savannah.nongnu.org/bugs/index.php?58553 NOTE: Pre-requisite: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=d843e47a1d65451bd7f7aaa5017b408bd108be88 NOTE: Fixed by: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=489405839ae0fea8b99c4896f632eb688dc8a19a NOTE: Fixed by: https://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=488d4ad2460c3b41bef69724cad89c28a905eda9 CVE-2020-22282 RESERVED CVE-2020-22281 RESERVED CVE-2020-22280 RESERVED CVE-2020-22279 RESERVED CVE-2020-22278 (** DISPUTED ** phpMyAdmin through 5.0.2 allows CSV injection via Expor ...) NOTE: Disputed phpMyAdmin issue CVE-2020-22277 (Import and export users and customers WordPress Plugin through 1.15.5. ...) NOT-FOR-US: Import and export users and customers WordPress Plugin CVE-2020-22276 (WeForms Wordpress Plugin 1.4.7 allows CSV injection via a form's entry ...) NOT-FOR-US: WeForms Wordpress Plugin CVE-2020-22275 (Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an at ...) NOT-FOR-US: Easy Registration Forms (ER Forms) Wordpress Plugin CVE-2020-22274 (JomSocial (Joomla Social Network Extention) 4.7.6 allows CSV injection ...) NOT-FOR-US: JomSocial (Joomla Social Network Extention) CVE-2020-22273 (Neoflex Video Subscription System Version 2.0 is affected by CSRF whic ...) NOT-FOR-US: Neoflex Video Subscription System Version CVE-2020-22272 RESERVED CVE-2020-22271 RESERVED CVE-2020-22270 RESERVED CVE-2020-22269 RESERVED CVE-2020-22268 RESERVED CVE-2020-22267 RESERVED CVE-2020-22266 RESERVED CVE-2020-22265 RESERVED CVE-2020-22264 RESERVED CVE-2020-22263 RESERVED CVE-2020-22262 RESERVED CVE-2020-22261 RESERVED CVE-2020-22260 RESERVED CVE-2020-22259 RESERVED CVE-2020-22258 RESERVED CVE-2020-22257 RESERVED CVE-2020-22256 RESERVED CVE-2020-22255 RESERVED CVE-2020-22254 RESERVED CVE-2020-22253 RESERVED CVE-2020-22252 RESERVED CVE-2020-22251 (Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the logi ...) - phplist (bug #612288) CVE-2020-22250 RESERVED CVE-2020-22249 (Remote Code Execution vulnerability in phplist 3.5.1. The application ...) - phplist (bug #612288) CVE-2020-22248 RESERVED CVE-2020-22247 RESERVED CVE-2020-22246 RESERVED CVE-2020-22245 RESERVED CVE-2020-22244 RESERVED CVE-2020-22243 RESERVED CVE-2020-22242 RESERVED CVE-2020-22241 RESERVED CVE-2020-22240 RESERVED CVE-2020-22239 RESERVED CVE-2020-22238 RESERVED CVE-2020-22237 RESERVED CVE-2020-22236 RESERVED CVE-2020-22235 RESERVED CVE-2020-22234 RESERVED CVE-2020-22233 RESERVED CVE-2020-22232 RESERVED CVE-2020-22231 RESERVED CVE-2020-22230 RESERVED CVE-2020-22229 RESERVED CVE-2020-22228 RESERVED CVE-2020-22227 RESERVED CVE-2020-22226 (Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to conta ...) NOT-FOR-US: Stivasoft (Phpjabbers) Fundraising Script CVE-2020-22225 (Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to conta ...) NOT-FOR-US: Stivasoft (Phpjabbers) Fundraising Script CVE-2020-22224 (Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to conta ...) NOT-FOR-US: Stivasoft (Phpjabbers) Fundraising Script CVE-2020-22223 (Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to conta ...) NOT-FOR-US: Stivasoft (Phpjabbers) Fundraising Script CVE-2020-22222 (Stivasoft (Phpjabbers) Fundraising Script v1.0 was discovered to conta ...) NOT-FOR-US: Stivasoft (Phpjabbers) Fundraising Script CVE-2020-22221 RESERVED CVE-2020-22220 RESERVED CVE-2020-22219 RESERVED CVE-2020-22218 RESERVED CVE-2020-22217 RESERVED CVE-2020-22216 RESERVED CVE-2020-22215 RESERVED CVE-2020-22214 RESERVED CVE-2020-22213 RESERVED CVE-2020-22212 (SQL Injection in 74cms 3.2.0 via the id parameter to wap/wap-company-s ...) NOT-FOR-US: 74cms CVE-2020-22211 (SQL Injection in 74cms 3.2.0 via the key parameter to plus/ajax_street ...) NOT-FOR-US: 74cms CVE-2020-22210 (SQL Injection in 74cms 3.2.0 via the x parameter to ajax_officebuildin ...) NOT-FOR-US: 74cms CVE-2020-22209 (SQL Injection in 74cms 3.2.0 via the query parameter to plus/ajax_comm ...) NOT-FOR-US: 74cms CVE-2020-22208 (SQL Injection in 74cms 3.2.0 via the x parameter to plus/ajax_street.p ...) NOT-FOR-US: 74cms CVE-2020-22207 RESERVED CVE-2020-22206 (SQL Injection in ECShop 3.0 via the aid parameter to admin/affiliate_c ...) NOT-FOR-US: ECShop CVE-2020-22205 (SQL Injection in ECShop 3.0 via the id parameter to admin/shophelp.php ...) NOT-FOR-US: ECShop CVE-2020-22204 (SQL Injection in ECShop 2.7.6 via the goods_number parameter to flow.p ...) NOT-FOR-US: ECShop CVE-2020-22203 (SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php ...) NOT-FOR-US: phpCMS CVE-2020-22202 RESERVED CVE-2020-22201 (phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary ph ...) NOT-FOR-US: phpCMS CVE-2020-22200 (Directory Traversal vulnerability in phpCMS 9.1.13 via the q parameter ...) NOT-FOR-US: phpCMS CVE-2020-22199 (SQL Injection vulnerability in phpCMS 2007 SP6 build 0805 via the digg ...) NOT-FOR-US: phpCMS CVE-2020-22198 (SQL Injection vulnerability in DedeCMS 5.7 via mdescription parameter ...) NOT-FOR-US: DedeCMS CVE-2020-22197 RESERVED CVE-2020-22196 RESERVED CVE-2020-22195 RESERVED CVE-2020-22194 RESERVED CVE-2020-22193 RESERVED CVE-2020-22192 RESERVED CVE-2020-22191 RESERVED CVE-2020-22190 RESERVED CVE-2020-22189 RESERVED CVE-2020-22188 RESERVED CVE-2020-22187 RESERVED CVE-2020-22186 RESERVED CVE-2020-22185 RESERVED CVE-2020-22184 RESERVED CVE-2020-22183 RESERVED CVE-2020-22182 RESERVED CVE-2020-22181 RESERVED CVE-2020-22180 RESERVED CVE-2020-22179 RESERVED CVE-2020-22178 RESERVED CVE-2020-22177 RESERVED CVE-2020-22176 (PHPGurukul Hospital Management System in PHP v4.0 has a sensitive info ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22175 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22174 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22173 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22172 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22171 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22170 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22169 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22168 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22167 (PHPGurukul Hospital Management System in PHP v4.0 has a Persistent Cro ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22166 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22165 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22164 (PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection ...) NOT-FOR-US: PHPGurukul Hospital Management System in PHP CVE-2020-22163 RESERVED CVE-2020-22162 RESERVED CVE-2020-22161 RESERVED CVE-2020-22160 RESERVED CVE-2020-22159 RESERVED CVE-2020-22158 (MediaKind (formerly Ericsson) RX8200 5.13.3 devices are vulnerable to ...) NOT-FOR-US: Ericsson RX8200 5.13.3 devices CVE-2020-22157 RESERVED CVE-2020-22156 RESERVED CVE-2020-22155 RESERVED CVE-2020-22154 RESERVED CVE-2020-22153 RESERVED CVE-2020-22152 RESERVED CVE-2020-22151 RESERVED CVE-2020-22150 (A cross site scripting (XSS) vulnerability in /admin.php?page=permalin ...) - piwigo CVE-2020-22149 RESERVED CVE-2020-22148 (A stored cross site scripting (XSS) vulnerability in /admin.php?page=t ...) - piwigo CVE-2020-22147 RESERVED CVE-2020-22146 RESERVED CVE-2020-22145 RESERVED CVE-2020-22144 RESERVED CVE-2020-22143 RESERVED CVE-2020-22142 RESERVED CVE-2020-22141 RESERVED CVE-2020-22140 RESERVED CVE-2020-22139 RESERVED CVE-2020-22138 RESERVED CVE-2020-22137 RESERVED CVE-2020-22136 RESERVED CVE-2020-22135 RESERVED CVE-2020-22134 RESERVED CVE-2020-22133 RESERVED CVE-2020-22132 RESERVED CVE-2020-22131 RESERVED CVE-2020-22130 RESERVED CVE-2020-22129 RESERVED CVE-2020-22128 RESERVED CVE-2020-22127 RESERVED CVE-2020-22126 RESERVED CVE-2020-22125 RESERVED CVE-2020-22124 (A vulnerability in the \inc\config.php component of joyplus-cms v1.6 a ...) NOT-FOR-US: joyplus-cms CVE-2020-22123 RESERVED CVE-2020-22122 (A SQL injection vulnerability in /oa.php?c=Staff&a=read of Find a ...) NOT-FOR-US: LJCMS CVE-2020-22121 RESERVED CVE-2020-22120 (A remote code execution (RCE) vulnerability in /root/run/adm.php?admin ...) NOT-FOR-US: imcat CVE-2020-22119 RESERVED CVE-2020-22118 RESERVED CVE-2020-22117 RESERVED CVE-2020-22116 RESERVED CVE-2020-22115 RESERVED CVE-2020-22114 RESERVED CVE-2020-22113 RESERVED CVE-2020-22112 RESERVED CVE-2020-22111 RESERVED CVE-2020-22110 RESERVED CVE-2020-22109 RESERVED CVE-2020-22108 RESERVED CVE-2020-22107 RESERVED CVE-2020-22106 RESERVED CVE-2020-22105 RESERVED CVE-2020-22104 RESERVED CVE-2020-22103 RESERVED CVE-2020-22102 RESERVED CVE-2020-22101 RESERVED CVE-2020-22100 RESERVED CVE-2020-22099 RESERVED CVE-2020-22098 RESERVED CVE-2020-22097 RESERVED CVE-2020-22096 RESERVED CVE-2020-22095 RESERVED CVE-2020-22094 RESERVED CVE-2020-22093 RESERVED CVE-2020-22092 RESERVED CVE-2020-22091 RESERVED CVE-2020-22090 RESERVED CVE-2020-22089 RESERVED CVE-2020-22088 RESERVED CVE-2020-22087 RESERVED CVE-2020-22086 RESERVED CVE-2020-22085 RESERVED CVE-2020-22084 RESERVED CVE-2020-22083 (** DISPUTED ** jsonpickle through 1.4.1 allows remote code execution d ...) - jsonpickle (unimportant) NOTE: CVE assigment seems bogus, jsonpickle clearly states "jsonpickle can execute arbitrary Python code. NOTE: Do not load jsonpickles from untrusted unauthenticated sources", so this works as expected CVE-2020-22082 RESERVED CVE-2020-22081 RESERVED CVE-2020-22080 RESERVED CVE-2020-22079 (Stack-based buffer overflow in Tenda AC-10U AC1200 Router US_AC10UV1.0 ...) NOT-FOR-US: Tenda CVE-2020-22078 RESERVED CVE-2020-22077 RESERVED CVE-2020-22076 RESERVED CVE-2020-22075 RESERVED CVE-2020-22074 RESERVED CVE-2020-22073 RESERVED CVE-2020-22072 RESERVED CVE-2020-22071 RESERVED CVE-2020-22070 RESERVED CVE-2020-22069 RESERVED CVE-2020-22068 RESERVED CVE-2020-22067 RESERVED CVE-2020-22066 RESERVED CVE-2020-22065 RESERVED CVE-2020-22064 RESERVED CVE-2020-22063 RESERVED CVE-2020-22062 RESERVED CVE-2020-22061 RESERVED CVE-2020-22060 RESERVED CVE-2020-22059 RESERVED CVE-2020-22058 RESERVED CVE-2020-22057 RESERVED CVE-2020-22056 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://trac.ffmpeg.org/ticket/8304 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=daf2bef98ded7f8431fd04bf3324669329a923c1 NOTE: Negligible security impact CVE-2020-22055 RESERVED CVE-2020-22054 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) {DSA-4990-1 DLA-2818-1} - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8315 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6f2a3958cfac135c60b509a61a4fd39432d8f9a9 NOTE: Negligible security impact CVE-2020-22053 RESERVED CVE-2020-22052 RESERVED CVE-2020-22051 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://trac.ffmpeg.org/ticket/8313 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=673fce6d40d9a594fb7a0ea17d296b7d3d9ea856 NOTE: Negligible security impact CVE-2020-22050 RESERVED CVE-2020-22049 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) {DSA-4990-1 DLA-2818-1} - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8314 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=373c1c9b691fd4c6831b3a114a006b639304c2af NOTE: Negligible security impact CVE-2020-22048 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) {DLA-2818-1} - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8303 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fddef964e8aa4a2c123e470db1436a082ff6bcf3 NOTE: Negligible security impact CVE-2020-22047 RESERVED CVE-2020-22046 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) {DLA-2818-1} - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8294 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=097c917c147661f5378dae8fe3f7e46f43236426 NOTE: Negligible security impact CVE-2020-22045 RESERVED CVE-2020-22044 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) {DLA-2818-1} - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8295 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1d479300cbe0522c233b7d51148aea2b29bd29ad NOTE: Negligible security impact CVE-2020-22043 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (Patch is too destructive to implement it; Minor issue) NOTE: https://trac.ffmpeg.org/ticket/8284 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b288a7eb3d963a175e177b6219c8271076ee8590 NOTE: Negligible security impact CVE-2020-22042 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) {DSA-4998-1} - ffmpeg 7:4.4-5 (unimportant) [stretch] - ffmpeg (Patch can not be applied cleanly; Minor issue) NOTE: https://trac.ffmpeg.org/ticket/8267 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=426c16d61a9b5056a157a1a2a057a4e4d13eef84 CVE-2020-22041 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) {DLA-2818-1} - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8296 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3488e0977c671568731afa12b811adce9d4d807f CVE-2020-22040 (A Denial of Service vulnerability exists in FFmpeg 4.2 idue to a memor ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (Patch can not be applied cleanly; Minor issue) NOTE: https://trac.ffmpeg.org/ticket/8283 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1a0c584abc9709b1d11dbafef05d22e0937d7d19 CVE-2020-22039 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (Patch can not be applied cleanly; Minor issue) NOTE: https://trac.ffmpeg.org/ticket/8302 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a581bb66ea5eb981e2e498ca301df7d1ef15a6a3 CVE-2020-22038 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) - ffmpeg 7:4.4-5 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://trac.ffmpeg.org/ticket/8285 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7c32e9cf93b712f8463573a59ed4e98fd10fa013 CVE-2020-22037 (A Denial of Service vulnerability exists in FFmpeg 4.2 due to a memory ...) {DSA-4998-1 DSA-4990-1 DLA-2818-1} - ffmpeg 7:4.4.1-1 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8281 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7bba0dd6382e30d646cb406034a66199e071d713 CVE-2020-22036 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.3-2 NOTE: https://trac.ffmpeg.org/ticket/8261 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8c3166e1c302c3ba80d9742ae46161c0fa8e2606 NOTE: CVE-2020-22036 and CVE-2020-20899 are duplicates, reported to MITRE CVE-2020-22035 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in get ...) {DSA-4990-1} - ffmpeg 7:4.3-2 [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8262 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0749082eb93ea02fa4b770da86597450cec84054 CVE-2020-22034 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...) {DSA-4990-1} - ffmpeg 7:4.3-2 [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8236 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1331e001796c656a4a3c770a16121c15ec1db2ac CVE-2020-22033 (A heap-based Buffer Overflow Vulnerability exists FFmpeg 4.2 at libavf ...) {DSA-4990-1} - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8246 NOTE: https://trac.ffmpeg.org/ticket/8241 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02 CVE-2020-22032 (A heap-based Buffer Overflow vulnerability exists FFmpeg 4.2 at libavf ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.3-2 NOTE: https://trac.ffmpeg.org/ticket/8275 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=de598f82f8c3f8000e1948548e8088148e2b1f44 CVE-2020-22031 (A Heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.3-2 NOTE: https://trac.ffmpeg.org/ticket/8243 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0e68e8c93f9068596484ec8ba725586860e06fc8 CVE-2020-22030 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) {DSA-4990-1} - ffmpeg 7:4.3-2 [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8276 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e1b89c76f66343d1b495165664647317c66764bb CVE-2020-22029 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at lib ...) {DSA-4990-1} - ffmpeg 7:4.3-2 [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7fd1279703683ebb548ef7baa2f1519994496ae NOTE: https://trac.ffmpeg.org/ticket/8250 CVE-2020-22028 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in filter_verticall ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.3-2 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f069a9c2a65bc20c3462127623127df6dfd06c5b NOTE: https://trac.ffmpeg.org/ticket/8274 CVE-2020-22027 (A heap-based Buffer Overflow vulnerability exits in FFmpeg 4.2 in defl ...) {DSA-4990-1} - ffmpeg 7:4.3-2 [stretch] - ffmpeg (Required change too invasive, original patch need to be completely rewritten) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=e787f8fd7ee99ba0c3e0f086ce2ce59eea7ed86c NOTE: https://trac.ffmpeg.org/ticket/8242 CVE-2020-22026 (Buffer Overflow vulnerability exists in FFmpeg 4.2 in the config_input ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.3-2 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58bb9d3a3a6ede1c6cfb82bf671a5f138e6b2144 NOTE: https://trac.ffmpeg.org/ticket/8317 CVE-2020-22025 (A heap-based Buffer Overflow vulnerability exists in gaussian_blur at ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.3-2 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ccf4ab8c9aca0aee66bcc2914031a9c97ac0eeb8 NOTE: https://trac.ffmpeg.org/ticket/8260 CVE-2020-22024 (Buffer Overflow vulnerability in FFmpeg 4.2 at the lagfun_frame16 func ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg (Introduced in 4.2) [stretch] - ffmpeg (Introduced in 4.2) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=723d69f99cd26db9687ed2d24d06afaff624daf3 NOTE: https://trac.ffmpeg.org/ticket/8310 CVE-2020-22023 (A heap-based Buffer Overflow vulnerabililty exists in FFmpeg 4.2 in fi ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.3-2 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b567238741854b41f84f7457686b044eadfe29c NOTE: https://trac.ffmpeg.org/ticket/8244 CVE-2020-22022 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 in fil ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.3-2 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=07050d7bdc32d82e53ee5bb727f5882323d00dba NOTE: https://trac.ffmpeg.org/ticket/8264 CVE-2020-22021 (Buffer Overflow vulnerability in FFmpeg 4.2 at filter_edges function i ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=7971f62120a55c141ec437aa3f0bacc1c1a3526b NOTE: https://trac.ffmpeg.org/ticket/8240 CVE-2020-22020 (Buffer Overflow vulnerability in FFmpeg 4.2 in the build_diff_map func ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.3-2 NOTE: https://trac.ffmpeg.org/ticket/8239 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=ce5274c1385d55892a692998923802023526b765 CVE-2020-22019 (Buffer Overflow vulnerability in FFmpeg 4.2 at convolution_y_10bit in ...) {DSA-4990-1} - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8246 NOTE: https://trac.ffmpeg.org/ticket/8241 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=82ad1b76751bcfad5005440db48c46a4de5d6f02 CVE-2020-22018 RESERVED CVE-2020-22017 (A heap-based Buffer Overflow vulnerability exists in FFmpeg 4.2 at ff_ ...) {DSA-4990-1} - ffmpeg 7:4.3-2 [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8309 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d4d6b7b0355f3597cad3b8d12911790c73b5f96d CVE-2020-22016 (A heap-based Buffer Overflow vulnerability in FFmpeg 4.2 at libavcodec ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.2.2-1 NOTE: https://trac.ffmpeg.org/ticket/8183 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=58aa0ed8f10753ee90f4a4a1f4f3da803cf7c145 CVE-2020-22015 (Buffer Overflow vulnerability in FFmpeg 4.2 in mov_write_video_tag due ...) {DSA-4990-1 DLA-2742-1} - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) NOTE: https://trac.ffmpeg.org/ticket/8190 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4c1afa292520329eecd1cc7631bc59a8cca95c46 CVE-2020-22014 RESERVED CVE-2020-22013 RESERVED CVE-2020-22012 RESERVED CVE-2020-22011 RESERVED CVE-2020-22010 RESERVED CVE-2020-22009 RESERVED CVE-2020-22008 RESERVED CVE-2020-22007 RESERVED CVE-2020-22006 RESERVED CVE-2020-22005 RESERVED CVE-2020-22004 RESERVED CVE-2020-22003 RESERVED CVE-2020-22002 (An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability ex ...) NOT-FOR-US: Inim Electronics Smartliving SmartLAN/G/SI CVE-2020-22001 (HomeAutomation 3.3.2 suffers from an authentication bypass vulnerabili ...) NOT-FOR-US: HomeAutomation CVE-2020-22000 (HomeAutomation 3.3.2 suffers from an authenticated OS command executio ...) NOT-FOR-US: HomeAutomation CVE-2020-21999 (iWT Ltd FaceSentry Access Control System 6.4.8 suffers from an authent ...) NOT-FOR-US: iWT Ltd FaceSentry Access Control System CVE-2020-21998 (In HomeAutomation 3.3.2 input passed via the 'redirect' GET parameter ...) NOT-FOR-US: HomeAutomation CVE-2020-21997 (Smartwares HOME easy <=1.0.9 is vulnerable to an unauthenticated da ...) NOT-FOR-US: Smartwares HOME easy CVE-2020-21996 (AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot comm ...) NOT-FOR-US: AVE DOMINAplus CVE-2020-21995 (Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardc ...) NOT-FOR-US: Inim Electronics Smartliving SmartLAN/G/SI CVE-2020-21994 (AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclos ...) NOT-FOR-US: AVE DOMINAplus CVE-2020-21993 (In WEMS Limited Enterprise Manager 2.58, input passed to the GET param ...) NOT-FOR-US: WEMS Limited Enterprise Manager CVE-2020-21992 (Inim Electronics SmartLiving SmartLAN/G/SI <=6.x suffers from an au ...) NOT-FOR-US: Inim Electronics SmartLiving SmartLAN/G/SI CVE-2020-21991 (AVE DOMINAplus <=1.10.x suffers from an authentication bypass vulne ...) NOT-FOR-US: AVE DOMINAplus CVE-2020-21990 (Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway 0. ...) NOT-FOR-US: Emmanuel MyDomoAtHome (MDAH) REST API REST API Domoticz ISS Gateway CVE-2020-21989 (HomeAutomation 3.3.2 is affected by Cross Site Request Forgery (CSRF). ...) NOT-FOR-US: HomeAutomation CVE-2020-21988 RESERVED CVE-2020-21987 (HomeAutomation 3.3.2 is affected by persistent Cross Site Scripting (X ...) NOT-FOR-US: HomeAutomation CVE-2020-21986 RESERVED CVE-2020-21985 RESERVED CVE-2020-21984 RESERVED CVE-2020-21983 RESERVED CVE-2020-21982 RESERVED CVE-2020-21981 RESERVED CVE-2020-21980 RESERVED CVE-2020-21979 RESERVED CVE-2020-21978 RESERVED CVE-2020-21977 RESERVED CVE-2020-21976 (An arbitrary file upload in the <input type="file" name="user_image ...) NOT-FOR-US: NewsOne CMS CVE-2020-21975 RESERVED CVE-2020-21974 RESERVED CVE-2020-21973 RESERVED CVE-2020-21972 RESERVED CVE-2020-21971 RESERVED CVE-2020-21970 RESERVED CVE-2020-21969 RESERVED CVE-2020-21968 RESERVED CVE-2020-21967 RESERVED CVE-2020-21966 RESERVED CVE-2020-21965 RESERVED CVE-2020-21964 RESERVED CVE-2020-21963 RESERVED CVE-2020-21962 RESERVED CVE-2020-21961 RESERVED CVE-2020-21960 RESERVED CVE-2020-21959 RESERVED CVE-2020-21958 RESERVED CVE-2020-21957 RESERVED CVE-2020-21956 RESERVED CVE-2020-21955 RESERVED CVE-2020-21954 RESERVED CVE-2020-21953 RESERVED CVE-2020-21952 RESERVED CVE-2020-21951 RESERVED CVE-2020-21950 RESERVED CVE-2020-21949 RESERVED CVE-2020-21948 RESERVED CVE-2020-21947 RESERVED CVE-2020-21946 RESERVED CVE-2020-21945 RESERVED CVE-2020-21944 RESERVED CVE-2020-21943 RESERVED CVE-2020-21942 RESERVED CVE-2020-21941 RESERVED CVE-2020-21940 RESERVED CVE-2020-21939 RESERVED CVE-2020-21938 RESERVED CVE-2020-21937 (An command injection vulnerability in HNAP1/SetWLanApcliSettings of Mo ...) NOT-FOR-US: Motorola CVE-2020-21936 (An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Bui ...) NOT-FOR-US: Motorola CVE-2020-21935 (A command injection vulnerability in HNAP1/GetNetworkTomographySetting ...) NOT-FOR-US: Motorola CVE-2020-21934 (An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 ...) NOT-FOR-US: Motorola CVE-2020-21933 (An issue was discovered in Motorola CX2 router CX 1.0.2 Build 20190508 ...) NOT-FOR-US: Motorola CVE-2020-21932 (A vulnerability in /Login.html of Motorola CX2 router CX 1.0.2 Build 2 ...) NOT-FOR-US: Motorola CVE-2020-21931 RESERVED CVE-2020-21930 (A stored cross site scripting (XSS) vulnerability in the web_attr_2 fi ...) NOT-FOR-US: Eyoucms CVE-2020-21929 (A stored cross site scripting (XSS) vulnerability in the web_copyright ...) NOT-FOR-US: Eyoucms CVE-2020-21928 RESERVED CVE-2020-21927 RESERVED CVE-2020-21926 RESERVED CVE-2020-21925 RESERVED CVE-2020-21924 RESERVED CVE-2020-21923 RESERVED CVE-2020-21922 RESERVED CVE-2020-21921 RESERVED CVE-2020-21920 RESERVED CVE-2020-21919 RESERVED CVE-2020-21918 RESERVED CVE-2020-21917 RESERVED CVE-2020-21916 RESERVED CVE-2020-21915 RESERVED CVE-2020-21914 RESERVED CVE-2020-21913 (International Components for Unicode (ICU-20850) v66.1 was discovered ...) {DSA-5014-1 DLA-2784-1} - icu 67.1-2 NOTE: https://github.com/unicode-org/icu/pull/886 NOTE: https://unicode-org.atlassian.net/browse/ICU-20850 NOTE: https://github.com/unicode-org/icu/commit/727505bddab0bfd527f1db6697cb4d4f7febe4a9 CVE-2020-21912 RESERVED CVE-2020-21911 RESERVED CVE-2020-21910 RESERVED CVE-2020-21909 RESERVED CVE-2020-21908 RESERVED CVE-2020-21907 RESERVED CVE-2020-21906 RESERVED CVE-2020-21905 RESERVED CVE-2020-21904 RESERVED CVE-2020-21903 RESERVED CVE-2020-21902 RESERVED CVE-2020-21901 RESERVED CVE-2020-21900 RESERVED CVE-2020-21899 RESERVED CVE-2020-21898 RESERVED CVE-2020-21897 RESERVED CVE-2020-21896 RESERVED CVE-2020-21895 RESERVED CVE-2020-21894 RESERVED CVE-2020-21893 RESERVED CVE-2020-21892 RESERVED CVE-2020-21891 RESERVED CVE-2020-21890 RESERVED CVE-2020-21889 RESERVED CVE-2020-21888 RESERVED CVE-2020-21887 RESERVED CVE-2020-21886 RESERVED CVE-2020-21885 RESERVED CVE-2020-21884 (Unibox SMB 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Seri ...) NOT-FOR-US: UniBox CVE-2020-21883 (Unibox U-50 2.4 and UniBox Enterprise Series 2.4 and UniBox Campus Ser ...) NOT-FOR-US: UniBox CVE-2020-21882 RESERVED CVE-2020-21881 RESERVED CVE-2020-21880 RESERVED CVE-2020-21879 RESERVED CVE-2020-21878 RESERVED CVE-2020-21877 RESERVED CVE-2020-21876 RESERVED CVE-2020-21875 RESERVED CVE-2020-21874 RESERVED CVE-2020-21873 RESERVED CVE-2020-21872 RESERVED CVE-2020-21871 RESERVED CVE-2020-21870 RESERVED CVE-2020-21869 RESERVED CVE-2020-21868 RESERVED CVE-2020-21867 RESERVED CVE-2020-21866 RESERVED CVE-2020-21865 (ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerabili ...) NOT-FOR-US: ThinkPHP50-CMS CVE-2020-21864 RESERVED CVE-2020-21863 RESERVED CVE-2020-21862 RESERVED CVE-2020-21861 RESERVED CVE-2020-21860 RESERVED CVE-2020-21859 RESERVED CVE-2020-21858 RESERVED CVE-2020-21857 RESERVED CVE-2020-21856 RESERVED CVE-2020-21855 RESERVED CVE-2020-21854 (Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the syste ...) NOT-FOR-US: WDScanner CVE-2020-21853 RESERVED CVE-2020-21852 RESERVED CVE-2020-21851 RESERVED CVE-2020-21850 RESERVED CVE-2020-21849 RESERVED CVE-2020-21848 RESERVED CVE-2020-21847 RESERVED CVE-2020-21846 RESERVED CVE-2020-21845 (Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage u ...) NOT-FOR-US: Codoforum CVE-2020-21844 (GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: ...) - libredwg (bug #595191) CVE-2020-21843 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21842 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21841 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21840 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21839 (An issue was discovered in GNU LibreDWG 0.10. Crafted input will lead ...) - libredwg (bug #595191) CVE-2020-21838 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21837 RESERVED CVE-2020-21836 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21835 (A null pointer deference issue exists in GNU LibreDWG 0.10 via read_20 ...) - libredwg (bug #595191) CVE-2020-21834 (A null pointer deference issue exists in GNU LibreDWG 0.10 via get_bmp ...) - libredwg (bug #595191) CVE-2020-21833 (A heap based buffer overflow vulnerability exits in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21832 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21831 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21830 (A heap based buffer overflow vulneraibility exists in GNU LibreDWG 0.1 ...) - libredwg (bug #595191) CVE-2020-21829 RESERVED CVE-2020-21828 RESERVED CVE-2020-21827 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21826 RESERVED CVE-2020-21825 RESERVED CVE-2020-21824 RESERVED CVE-2020-21823 RESERVED CVE-2020-21822 RESERVED CVE-2020-21821 RESERVED CVE-2020-21820 RESERVED CVE-2020-21819 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21818 (A heap based buffer overflow vulnerability exists in GNU LibreDWG 0.10 ...) - libredwg (bug #595191) CVE-2020-21817 (A null pointer dereference issue exists in GNU LibreDWG 0.10.2641 via ...) - libredwg (bug #595191) CVE-2020-21816 (A heab based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) - libredwg (bug #595191) CVE-2020-21815 (A null pointer deference issue exists in GNU LibreDWG 0.10.2641 via ou ...) - libredwg (bug #595191) CVE-2020-21814 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) - libredwg (bug #595191) CVE-2020-21813 (A heap based buffer overflow issue exists in GNU LibreDWG 0.10.2641 vi ...) - libredwg (bug #595191) CVE-2020-21812 RESERVED CVE-2020-21811 RESERVED CVE-2020-21810 RESERVED CVE-2020-21809 (SQL Injection vulnerability in NukeViet CMS module Shops 4.0.29 and 4. ...) NOT-FOR-US: NukeViet CMS module Shops CVE-2020-21808 (SQL Injection vulnerability in NukeViet CMS 4.0.10 - 4.3.07 via:the to ...) NOT-FOR-US: NukeViet CMS CVE-2020-21807 RESERVED CVE-2020-21806 (SQL Injection Vulnerability in ECTouch v2 via the shop page in index.p ...) NOT-FOR-US: ECTouch CVE-2020-21805 RESERVED CVE-2020-21804 RESERVED CVE-2020-21803 RESERVED CVE-2020-21802 RESERVED CVE-2020-21801 RESERVED CVE-2020-21800 RESERVED CVE-2020-21799 RESERVED CVE-2020-21798 RESERVED CVE-2020-21797 RESERVED CVE-2020-21796 RESERVED CVE-2020-21795 RESERVED CVE-2020-21794 RESERVED CVE-2020-21793 RESERVED CVE-2020-21792 RESERVED CVE-2020-21791 RESERVED CVE-2020-21790 RESERVED CVE-2020-21789 RESERVED CVE-2020-21788 (In CRMEB 3.1.0+ strict domain name filtering leads to SSRF(Server-Side ...) NOT-FOR-US: CRMEB CVE-2020-21787 (CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/se ...) NOT-FOR-US: CRMEB CVE-2020-21786 (In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /syst ...) NOT-FOR-US: IBOS CVE-2020-21785 (In IBOS 4.5.4 Open, the database backup has Command Injection Vulnerab ...) NOT-FOR-US: IBOS CVE-2020-21784 (phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setu ...) NOT-FOR-US: phpwcms CVE-2020-21783 (In IBOS 4.5.4 the email function has a cross site scripting (XSS) vuln ...) NOT-FOR-US: IBOS CVE-2020-21782 RESERVED CVE-2020-21781 RESERVED CVE-2020-21780 RESERVED CVE-2020-21779 RESERVED CVE-2020-21778 RESERVED CVE-2020-21777 RESERVED CVE-2020-21776 RESERVED CVE-2020-21775 RESERVED CVE-2020-21774 RESERVED CVE-2020-21773 RESERVED CVE-2020-21772 RESERVED CVE-2020-21771 RESERVED CVE-2020-21770 RESERVED CVE-2020-21769 RESERVED CVE-2020-21768 RESERVED CVE-2020-21767 RESERVED CVE-2020-21766 RESERVED CVE-2020-21765 RESERVED CVE-2020-21764 RESERVED CVE-2020-21763 RESERVED CVE-2020-21762 RESERVED CVE-2020-21761 RESERVED CVE-2020-21760 RESERVED CVE-2020-21759 RESERVED CVE-2020-21758 RESERVED CVE-2020-21757 RESERVED CVE-2020-21756 RESERVED CVE-2020-21755 RESERVED CVE-2020-21754 RESERVED CVE-2020-21753 RESERVED CVE-2020-21752 RESERVED CVE-2020-21751 RESERVED CVE-2020-21750 RESERVED CVE-2020-21749 RESERVED CVE-2020-21748 RESERVED CVE-2020-21747 RESERVED CVE-2020-21746 RESERVED CVE-2020-21745 RESERVED CVE-2020-21744 RESERVED CVE-2020-21743 RESERVED CVE-2020-21742 RESERVED CVE-2020-21741 RESERVED CVE-2020-21740 RESERVED CVE-2020-21739 RESERVED CVE-2020-21738 RESERVED CVE-2020-21737 RESERVED CVE-2020-21736 RESERVED CVE-2020-21735 RESERVED CVE-2020-21734 RESERVED CVE-2020-21733 (Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdn ...) NOT-FOR-US: Sagemcom F@ST3686 CVE-2020-21732 (Rukovoditel Project Management app 2.6 is affected by: Cross Site Scri ...) NOT-FOR-US: Rukovoditel Project Management app CVE-2020-21731 (Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.1 ...) NOT-FOR-US: Gazie CVE-2020-21730 RESERVED CVE-2020-21729 (JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability ...) NOT-FOR-US: JEECMS CVE-2020-21728 RESERVED CVE-2020-21727 RESERVED CVE-2020-21726 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...) NOT-FOR-US: OpenSNS CVE-2020-21725 (OpenSNS v6.1.0 contains a blind SQL injection vulnerability in /Contro ...) NOT-FOR-US: OpenSNS CVE-2020-21724 RESERVED CVE-2020-21723 RESERVED CVE-2020-21722 RESERVED CVE-2020-21721 RESERVED CVE-2020-21720 RESERVED CVE-2020-21719 RESERVED CVE-2020-21718 RESERVED CVE-2020-21717 RESERVED CVE-2020-21716 RESERVED CVE-2020-21715 RESERVED CVE-2020-21714 RESERVED CVE-2020-21713 RESERVED CVE-2020-21712 RESERVED CVE-2020-21711 RESERVED CVE-2020-21710 RESERVED CVE-2020-21709 RESERVED CVE-2020-21708 RESERVED CVE-2020-21707 RESERVED CVE-2020-21706 RESERVED CVE-2020-21705 RESERVED CVE-2020-21704 RESERVED CVE-2020-21703 RESERVED CVE-2020-21702 RESERVED CVE-2020-21701 RESERVED CVE-2020-21700 RESERVED CVE-2020-21699 RESERVED CVE-2020-21698 RESERVED CVE-2020-21697 (A heap-use-after-free in the mpeg_mux_write_packet function in libavfo ...) {DSA-4998-1} - ffmpeg 7:4.4-5 [buster] - ffmpeg (Wait for 4.1.9) [stretch] - ffmpeg (Minor issue; can be fixed in next update) NOTE: https://trac.ffmpeg.org/ticket/8188 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=cfce16449cb815132f829d5a07beb138dfb2cba6 CVE-2020-21696 RESERVED CVE-2020-21695 RESERVED CVE-2020-21694 RESERVED CVE-2020-21693 RESERVED CVE-2020-21692 RESERVED CVE-2020-21691 RESERVED CVE-2020-21690 REJECTED CVE-2020-21689 RESERVED CVE-2020-21688 (A heap-use-after-free in the av_freep function in libavutil/mem.c of F ...) {DSA-4998-1} - ffmpeg 7:4.4-5 [buster] - ffmpeg (Wait for 4.1.9) [stretch] - ffmpeg (Minor issue; can be fixed in next update) NOTE: https://trac.ffmpeg.org/ticket/8186 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=22c3cd176079dd104ec7610ead697235b04396f1 CVE-2020-21687 RESERVED CVE-2020-21686 RESERVED CVE-2020-21685 RESERVED CVE-2020-21684 (A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2 ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/75/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21683 (A global buffer overflow in the shade_or_tint_name_after_declare_color ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/77/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/639c36010a120e97a6e82e7cd57cbf9dbf4b64f1/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21682 (A global buffer overflow in the set_fill component in genge.c of fig2d ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/72/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/4d4e1fdac467c386cba8706aa0067d5ab8da02d7/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21681 (A global buffer overflow in the set_color component in genge.c of fig2 ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/73/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/4d4e1fdac467c386cba8706aa0067d5ab8da02d7/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21680 (A stack-based buffer overflow in the put_arrow() component in genpict2 ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/74/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/3165d86c31c6323913239fdc6460be6ababd3826/ (3.2.8) NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/100e2789f8106f9cc0f7e4319c4ee7bda076c3ac/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21679 RESERVED CVE-2020-21678 (A global buffer overflow in the genmp_writefontmacro_latex component i ...) - fig2dev 1:3.2.8-1 (unimportant) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/71/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) NOTE: Crash in CLI tool, no security impact CVE-2020-21677 (A heap-based buffer overflow in the sixel_encoder_output_without_macro ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/123 NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d CVE-2020-21676 (A stack-based buffer overflow in the genpstrx_text() component in genp ...) {DLA-2778-1} - fig2dev 1:3.2.8-1 [buster] - fig2dev (Minor issue) [stretch] - fig2dev (Vulnerable code introduced later) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/76/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/acccc89c20206a5db1f463438ba444e35bcb400e/ (3.2.8) NOTE: Introduced by https://sourceforge.net/p/mcj/fig2dev/ci/102f607eea49785d4a9c9c24af85f046c23674de (3.2.7) CVE-2020-21675 (A stack-based buffer overflow in the genptk_text component in genptk.c ...) {DLA-2778-1} - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u3 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/78/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21674 (Heap-based buffer overflow in archive_string_append_from_wcs() (archiv ...) - libarchive (Vulnerable code not present in a released version) NOTE: https://github.com/libarchive/libarchive/issues/1298 NOTE: Introduced (around): https://github.com/libarchive/libarchive/commit/3566a5d6ba2458e68c7e42b23f00a57901c6eafb NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/4f085eea879e2be745f4d9bf57e8513ae48157f4 (v3.4.1) CVE-2020-21673 RESERVED CVE-2020-21672 RESERVED CVE-2020-21671 RESERVED CVE-2020-21670 RESERVED CVE-2020-21669 RESERVED CVE-2020-21668 RESERVED CVE-2020-21667 (In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the ' ...) NOT-FOR-US: fastadmin-tp6 CVE-2020-21666 RESERVED CVE-2020-21665 (In fastadmin V1.0.0.20191212_beta, when a user with administrator righ ...) NOT-FOR-US: fastadmin CVE-2020-21664 RESERVED CVE-2020-21663 RESERVED CVE-2020-21662 RESERVED CVE-2020-21661 RESERVED CVE-2020-21660 RESERVED CVE-2020-21659 RESERVED CVE-2020-21658 (A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attacker ...) NOT-FOR-US: WDJA CMS CVE-2020-21657 RESERVED CVE-2020-21656 (XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability ...) NOT-FOR-US: XYHCMS CVE-2020-21655 RESERVED CVE-2020-21654 (emlog v6.0 contains a vulnerability in the component admin\template.ph ...) NOT-FOR-US: emlog CVE-2020-21653 (Myucms v2.2.1 contains a server-side request forgery (SSRF) in the com ...) NOT-FOR-US: Myucms CVE-2020-21652 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...) NOT-FOR-US: Myucms CVE-2020-21651 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...) NOT-FOR-US: Myucms CVE-2020-21650 (Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in ...) NOT-FOR-US: Myucms CVE-2020-21649 (Myucms v2.2.1 contains a server-side request forgery (SSRF) in the com ...) NOT-FOR-US: Myucms CVE-2020-21648 (WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in t ...) NOT-FOR-US: WDJA CMS CVE-2020-21647 RESERVED CVE-2020-21646 RESERVED CVE-2020-21645 RESERVED CVE-2020-21644 RESERVED CVE-2020-21643 RESERVED CVE-2020-21642 RESERVED CVE-2020-21641 RESERVED CVE-2020-21640 RESERVED CVE-2020-21639 (Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cros ...) NOT-FOR-US: Ruijie CVE-2020-21638 RESERVED CVE-2020-21637 RESERVED CVE-2020-21636 RESERVED CVE-2020-21635 RESERVED CVE-2020-21634 RESERVED CVE-2020-21633 RESERVED CVE-2020-21632 RESERVED CVE-2020-21631 RESERVED CVE-2020-21630 RESERVED CVE-2020-21629 RESERVED CVE-2020-21628 RESERVED CVE-2020-21627 (Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability ...) NOT-FOR-US: Ruijie CVE-2020-21626 RESERVED CVE-2020-21625 RESERVED CVE-2020-21624 RESERVED CVE-2020-21623 RESERVED CVE-2020-21622 RESERVED CVE-2020-21621 RESERVED CVE-2020-21620 RESERVED CVE-2020-21619 RESERVED CVE-2020-21618 RESERVED CVE-2020-21617 RESERVED CVE-2020-21616 RESERVED CVE-2020-21615 RESERVED CVE-2020-21614 RESERVED CVE-2020-21613 RESERVED CVE-2020-21612 RESERVED CVE-2020-21611 RESERVED CVE-2020-21610 RESERVED CVE-2020-21609 RESERVED CVE-2020-21608 RESERVED CVE-2020-21607 RESERVED CVE-2020-21606 (libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_ ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/232 CVE-2020-21605 (libde265 v1.0.4 contains a segmentation fault in the apply_sao_interna ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/234 CVE-2020-21604 (libde265 v1.0.4 contains a heap buffer overflow fault in the _mm_loadl ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/231 CVE-2020-21603 (libde265 v1.0.4 contains a heap buffer overflow in the put_qpel_0_0_fa ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/240 CVE-2020-21602 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bi ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/242 CVE-2020-21601 (libde265 v1.0.4 contains a stack buffer overflow in the put_qpel_fallb ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/241 CVE-2020-21600 (libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pr ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/243 CVE-2020-21599 (libde265 v1.0.4 contains a heap buffer overflow in the de265_image::av ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/235 CVE-2020-21598 (libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unw ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/237 CVE-2020-21597 (libde265 v1.0.4 contains a heap buffer overflow in the mc_chroma funct ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/238 CVE-2020-21596 (libde265 v1.0.4 contains a global buffer overflow in the decode_CABAC_ ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/236 CVE-2020-21595 (libde265 v1.0.4 contains a heap buffer overflow in the mc_luma functio ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/239 CVE-2020-21594 (libde265 v1.0.4 contains a heap buffer overflow in the put_epel_hv_fal ...) - libde265 [bullseye] - libde265 (Minor issue, revisit when fixed upstream) [buster] - libde265 (Minor issue, revisit when fixed upstream) [stretch] - libde265 (Minor issue, revisit when fixed upstream) NOTE: https://github.com/strukturag/libde265/issues/233 CVE-2020-21593 RESERVED CVE-2020-21592 RESERVED CVE-2020-21591 RESERVED CVE-2020-21590 (Directory traversal in coreframe/app/template/admin/index.php in WUZHI ...) NOT-FOR-US: WUZHI CMS CVE-2020-21589 RESERVED CVE-2020-21588 (Buffer overflow in Core FTP LE v2.2 allows local attackers to cause a ...) NOT-FOR-US: Core FTP CVE-2020-21587 RESERVED CVE-2020-21586 RESERVED CVE-2020-21585 (Vulnerability in emlog v6.0.0 allows user to upload webshells via zip ...) NOT-FOR-US: emlog CVE-2020-21584 RESERVED CVE-2020-21583 RESERVED CVE-2020-21582 RESERVED CVE-2020-21581 RESERVED CVE-2020-21580 RESERVED CVE-2020-21579 RESERVED CVE-2020-21578 RESERVED CVE-2020-21577 RESERVED CVE-2020-21576 RESERVED CVE-2020-21575 RESERVED CVE-2020-21574 (Buffer overflow vulnerability in YotsuyaNight c-http v0.1.0, allows at ...) NOT-FOR-US: YotsuyaNight c-http CVE-2020-21573 (An issue was discoverered in in abhijitnathwani image-processing v0.1. ...) NOT-FOR-US: abhijitnathwani image-processing CVE-2020-21572 (Buffer overflow vulnerability in function src_parser_trans_stage_1_2_3 ...) NOT-FOR-US: trgil gilcc CVE-2020-21571 RESERVED CVE-2020-21570 RESERVED CVE-2020-21569 RESERVED CVE-2020-21568 RESERVED CVE-2020-21567 RESERVED CVE-2020-21566 RESERVED CVE-2020-21565 RESERVED CVE-2020-21564 (An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11. There is ...) NOT-FOR-US: Pluck CMS CVE-2020-21563 RESERVED CVE-2020-21562 RESERVED CVE-2020-21561 RESERVED CVE-2020-21560 RESERVED CVE-2020-21559 RESERVED CVE-2020-21558 RESERVED CVE-2020-21557 RESERVED CVE-2020-21556 RESERVED CVE-2020-21555 RESERVED CVE-2020-21554 RESERVED CVE-2020-21553 RESERVED CVE-2020-21552 RESERVED CVE-2020-21551 RESERVED CVE-2020-21550 RESERVED CVE-2020-21549 RESERVED CVE-2020-21548 (Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_enco ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/116 NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4) CVE-2020-21547 (Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_fun ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/114 NOTE: https://github.com/saitoha/libsixel/commit/9d0a7ff417b66d80a4bff714de1f27b24742f55a (v1.8.4) CVE-2020-21546 RESERVED CVE-2020-21545 RESERVED CVE-2020-21544 RESERVED CVE-2020-21543 RESERVED CVE-2020-21542 RESERVED CVE-2020-21541 RESERVED CVE-2020-21540 RESERVED CVE-2020-21539 RESERVED CVE-2020-21538 RESERVED CVE-2020-21537 RESERVED CVE-2020-21536 RESERVED CVE-2020-21535 (fig2dev 3.2.7b contains a segmentation fault in the gencgm_start funct ...) {DLA-2778-1} - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u2 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/62/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21534 (fig2dev 3.2.7b contains a global buffer overflow in the get_line funct ...) {DLA-2778-1} - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u2 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/58/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21533 (fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject ...) {DLA-2778-1} - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u2 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/59/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21532 (fig2dev 3.2.7b contains a global buffer overflow in the setfigfont fun ...) {DLA-2778-1} - fig2dev 1:3.2.8-1 [buster] - fig2dev (Minor issue) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/64/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/421afa17d8cb8dafcaf3e6044a70790fa4fe307b/ (3.2.8) NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/00cdedac7a0b029846dee891769a1e77df83a01b/ (3.2.8) CVE-2020-21531 (fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_i ...) {DLA-2778-1} - fig2dev 1:3.2.8-1 [buster] - fig2dev (Minor issue) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/63/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/2f8d1ae9763dcdc99b88a2b14849fe37174bcd69/ (3.2.8) CVE-2020-21530 (fig2dev 3.2.7b contains a segmentation fault in the read_objects funct ...) {DLA-2778-1} - fig2dev 1:3.2.7b-3 [buster] - fig2dev 1:3.2.7a-5+deb10u2 - transfig NOTE: https://sourceforge.net/p/mcj/tickets/61/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/41b9bb838a3d544539f6e68aa4f87d70ef7d45ce/ (3.2.8) CVE-2020-21529 (fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline f ...) {DLA-2778-1} - fig2dev 1:3.2.8-1 [buster] - fig2dev (Minor issue) - transfig NOTE: https://sourceforge.net/p/mcj/tickets/65/ NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/d70e4ba6308046f71cb51f67db8412155af52411/ (3.2.8) NOTE: https://sourceforge.net/p/mcj/fig2dev/ci/e3cee2576438f47a3b8678c6960472e625f8f7d7/ (3.2.8) CVE-2020-21528 RESERVED CVE-2020-21527 (There is an Arbitrary file deletion vulnerability in halo v1.1.3. A ba ...) NOT-FOR-US: Halo CVE-2020-21526 (An Arbitrary file writing vulnerability in halo v1.1.3. In an interfac ...) NOT-FOR-US: Halo CVE-2020-21525 (Halo V1.1.3 is affected by: Arbitrary File reading. In an interface th ...) NOT-FOR-US: Halo CVE-2020-21524 (There is a XML external entity (XXE) vulnerability in halo v1.1.3, The ...) NOT-FOR-US: Halo CVE-2020-21523 (A Server-Side Freemarker template injection vulnerability in halo CMS ...) NOT-FOR-US: Halo CVE-2020-21522 (An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal ...) NOT-FOR-US: Halo CVE-2020-21521 RESERVED CVE-2020-21520 RESERVED CVE-2020-21519 RESERVED CVE-2020-21518 RESERVED CVE-2020-21517 (Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gour ...) NOT-FOR-US: MetInfo CVE-2020-21516 RESERVED CVE-2020-21515 RESERVED CVE-2020-21514 RESERVED CVE-2020-21513 RESERVED CVE-2020-21512 RESERVED CVE-2020-21511 RESERVED CVE-2020-21510 RESERVED CVE-2020-21509 RESERVED CVE-2020-21508 RESERVED CVE-2020-21507 RESERVED CVE-2020-21506 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...) NOT-FOR-US: waimai Super Cms CVE-2020-21505 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...) NOT-FOR-US: waimai Super Cms CVE-2020-21504 (waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulner ...) NOT-FOR-US: waimai Super Cms CVE-2020-21503 (waimai Super Cms 20150505 has a logic flaw allowing attackers to modif ...) NOT-FOR-US: waimai Super Cms CVE-2020-21502 RESERVED CVE-2020-21501 RESERVED CVE-2020-21500 RESERVED CVE-2020-21499 RESERVED CVE-2020-21498 RESERVED CVE-2020-21497 RESERVED CVE-2020-21496 (A cross-site scripting (XSS) vulnerability in the component /admin/?se ...) NOT-FOR-US: Xiuno BBS CVE-2020-21495 (A cross-site scripting (XSS) vulnerability in the component /admin/?se ...) NOT-FOR-US: Xiuno BBS CVE-2020-21494 (A cross-site scripting (XSS) vulnerability in the component install\in ...) NOT-FOR-US: Xiuno BBS CVE-2020-21493 (An issue in the component route\user.php of Xiuno BBS v4.0.4 allows at ...) NOT-FOR-US: Xiuno BBS CVE-2020-21492 RESERVED CVE-2020-21491 RESERVED CVE-2020-21490 RESERVED CVE-2020-21489 RESERVED CVE-2020-21488 RESERVED CVE-2020-21487 RESERVED CVE-2020-21486 RESERVED CVE-2020-21485 RESERVED CVE-2020-21484 RESERVED CVE-2020-21483 (An arbitrary file upload vulnerability in Jizhicms v1.5 allows attacke ...) NOT-FOR-US: Jizhicms CVE-2020-21482 (A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attac ...) NOT-FOR-US: RGCMS CVE-2020-21481 (An arbitrary file upload vulnerability in RGCMS v1.06 allows attackers ...) NOT-FOR-US: RGCMS CVE-2020-21480 (An arbitrary file write vulnerability in RGCMS v1.06 allows attackers ...) NOT-FOR-US: RGCMS CVE-2020-21479 RESERVED CVE-2020-21478 RESERVED CVE-2020-21477 RESERVED CVE-2020-21476 RESERVED CVE-2020-21475 RESERVED CVE-2020-21474 RESERVED CVE-2020-21473 RESERVED CVE-2020-21472 RESERVED CVE-2020-21471 RESERVED CVE-2020-21470 RESERVED CVE-2020-21469 RESERVED CVE-2020-21468 (** DISPUTED ** A segmentation fault in the redis-server component of R ...) - redis (unimportant) NOTE: https://github.com/redis/redis/issues/6633 NOTE: Negligible security impact; disputed issue upstream and unreproducible. CVE-2020-21467 RESERVED CVE-2020-21466 RESERVED CVE-2020-21465 RESERVED CVE-2020-21464 RESERVED CVE-2020-21463 RESERVED CVE-2020-21462 RESERVED CVE-2020-21461 RESERVED CVE-2020-21460 RESERVED CVE-2020-21459 RESERVED CVE-2020-21458 RESERVED CVE-2020-21457 RESERVED CVE-2020-21456 RESERVED CVE-2020-21455 RESERVED CVE-2020-21454 RESERVED CVE-2020-21453 RESERVED CVE-2020-21452 (An issue was discovered in uniview ISC2500-S. This is an upload vulner ...) NOT-FOR-US: uniview ISC2500-S CVE-2020-21451 RESERVED CVE-2020-21450 RESERVED CVE-2020-21449 RESERVED CVE-2020-21448 RESERVED CVE-2020-21447 RESERVED CVE-2020-21446 RESERVED CVE-2020-21445 RESERVED CVE-2020-21444 RESERVED CVE-2020-21443 RESERVED CVE-2020-21442 RESERVED CVE-2020-21441 RESERVED CVE-2020-21440 RESERVED CVE-2020-21439 RESERVED CVE-2020-21438 RESERVED CVE-2020-21437 RESERVED CVE-2020-21436 RESERVED CVE-2020-21435 RESERVED CVE-2020-21434 (Maccms 10 contains a cross-site scripting (XSS) vulnerability in the E ...) NOT-FOR-US: Maccms CVE-2020-21433 RESERVED CVE-2020-21432 RESERVED CVE-2020-21431 (HongCMS v3.0 contains an arbitrary file read and write vulnerability i ...) NOT-FOR-US: HongCMS CVE-2020-21430 RESERVED CVE-2020-21429 RESERVED CVE-2020-21428 RESERVED CVE-2020-21427 RESERVED CVE-2020-21426 RESERVED CVE-2020-21425 RESERVED CVE-2020-21424 RESERVED CVE-2020-21423 RESERVED CVE-2020-21422 RESERVED CVE-2020-21421 RESERVED CVE-2020-21420 RESERVED CVE-2020-21419 RESERVED CVE-2020-21418 RESERVED CVE-2020-21417 RESERVED CVE-2020-21416 RESERVED CVE-2020-21415 RESERVED CVE-2020-21414 RESERVED CVE-2020-21413 RESERVED CVE-2020-21412 RESERVED CVE-2020-21411 RESERVED CVE-2020-21410 RESERVED CVE-2020-21409 RESERVED CVE-2020-21408 RESERVED CVE-2020-21407 RESERVED CVE-2020-21406 RESERVED CVE-2020-21405 RESERVED CVE-2020-21404 RESERVED CVE-2020-21403 RESERVED CVE-2020-21402 RESERVED CVE-2020-21401 RESERVED CVE-2020-21400 RESERVED CVE-2020-21399 RESERVED CVE-2020-21398 RESERVED CVE-2020-21397 RESERVED CVE-2020-21396 RESERVED CVE-2020-21395 RESERVED CVE-2020-21394 (SQL Injection vulnerability in Zhong Bang Technology Co., Ltd CRMEB ma ...) NOT-FOR-US: CRMEB mall system CVE-2020-21393 RESERVED CVE-2020-21392 RESERVED CVE-2020-21391 RESERVED CVE-2020-21390 RESERVED CVE-2020-21389 RESERVED CVE-2020-21388 RESERVED CVE-2020-21387 (A cross-site scripting (XSS) vulnerability in the parameter type_en of ...) NOT-FOR-US: Maccms CVE-2020-21386 (A Cross-Site Request Forgery (CSRF) in the component admin.php/admin/t ...) NOT-FOR-US: Maccms CVE-2020-21385 RESERVED CVE-2020-21384 RESERVED CVE-2020-21383 RESERVED CVE-2020-21382 RESERVED CVE-2020-21381 RESERVED CVE-2020-21380 RESERVED CVE-2020-21379 RESERVED CVE-2020-21378 (SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id par ...) NOT-FOR-US: SeaCMS CVE-2020-21377 (SQL injection vulnerability in yunyecms V2.0.1 via the selcart paramet ...) NOT-FOR-US: yunyecms CVE-2020-21376 RESERVED CVE-2020-21375 RESERVED CVE-2020-21374 RESERVED CVE-2020-21373 RESERVED CVE-2020-21372 RESERVED CVE-2020-21371 RESERVED CVE-2020-21370 RESERVED CVE-2020-21369 RESERVED CVE-2020-21368 RESERVED CVE-2020-21367 RESERVED CVE-2020-21366 RESERVED CVE-2020-21365 RESERVED CVE-2020-21364 RESERVED CVE-2020-21363 (An arbitrary file deletion vulnerability exists within Maccms10. ...) NOT-FOR-US: Maccms10 CVE-2020-21362 (A cross site scripting (XSS) vulnerability in the background search fu ...) NOT-FOR-US: Maccms10 CVE-2020-21361 RESERVED CVE-2020-21360 RESERVED CVE-2020-21359 (An arbitrary file upload vulnerability in the Template Upload function ...) NOT-FOR-US: Maccms10 CVE-2020-21358 (A cross site request forgery (CSRF) in Wage-CMS 1.5.x-dev allows attac ...) NOT-FOR-US: Wage-CMS CVE-2020-21357 (A stored cross site scripting (XSS) vulnerability in /admin.php?mod=us ...) NOT-FOR-US: PopojiCMS CVE-2020-21356 (An information disclosure vulnerability in upload.php of PopojiCMS 1.2 ...) NOT-FOR-US: PopojiCMS CVE-2020-21355 RESERVED CVE-2020-21354 RESERVED CVE-2020-21353 (A stored cross site scripting (XSS) vulnerability in /admin/snippets.p ...) NOT-FOR-US: GetSimple CMS CVE-2020-21352 RESERVED CVE-2020-21351 RESERVED CVE-2020-21350 RESERVED CVE-2020-21349 RESERVED CVE-2020-21348 RESERVED CVE-2020-21347 RESERVED CVE-2020-21346 RESERVED CVE-2020-21345 (Cross Site Scripting (XSS) vulnerability in Halo 1.1.3 via post publis ...) NOT-FOR-US: halo CVE-2020-21344 RESERVED CVE-2020-21343 RESERVED CVE-2020-21342 (Insecure permissions issue in zzcms 201910 via the reset any user pass ...) NOT-FOR-US: zzcms CVE-2020-21341 RESERVED CVE-2020-21340 RESERVED CVE-2020-21339 RESERVED CVE-2020-21338 RESERVED CVE-2020-21337 RESERVED CVE-2020-21336 RESERVED CVE-2020-21335 RESERVED CVE-2020-21334 RESERVED CVE-2020-21333 (Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an ad ...) NOT-FOR-US: PublicCMS CVE-2020-21332 RESERVED CVE-2020-21331 RESERVED CVE-2020-21330 RESERVED CVE-2020-21329 RESERVED CVE-2020-21328 RESERVED CVE-2020-21327 RESERVED CVE-2020-21326 RESERVED CVE-2020-21325 RESERVED CVE-2020-21324 RESERVED CVE-2020-21323 RESERVED CVE-2020-21322 (An arbitrary file upload vulnerability in Feehi CMS v2.0.8 and below a ...) NOT-FOR-US: Feehi CMS CVE-2020-21321 (emlog v6.0 contains a Cross-Site Request Forgery (CSRF) via /admin/lin ...) NOT-FOR-US: emlog CMS CVE-2020-21320 RESERVED CVE-2020-21319 RESERVED CVE-2020-21318 RESERVED CVE-2020-21317 RESERVED CVE-2020-21316 (A Cross-site scripting (XSS) vulnerability exists in the comment secti ...) NOT-FOR-US: zrlog CVE-2020-21315 RESERVED CVE-2020-21314 RESERVED CVE-2020-21313 RESERVED CVE-2020-21312 RESERVED CVE-2020-21311 RESERVED CVE-2020-21310 RESERVED CVE-2020-21309 RESERVED CVE-2020-21308 RESERVED CVE-2020-21307 RESERVED CVE-2020-21306 RESERVED CVE-2020-21305 RESERVED CVE-2020-21304 RESERVED CVE-2020-21303 RESERVED CVE-2020-21302 RESERVED CVE-2020-21301 RESERVED CVE-2020-21300 RESERVED CVE-2020-21299 RESERVED CVE-2020-21298 RESERVED CVE-2020-21297 RESERVED CVE-2020-21296 RESERVED CVE-2020-21295 RESERVED CVE-2020-21294 RESERVED CVE-2020-21293 RESERVED CVE-2020-21292 RESERVED CVE-2020-21291 RESERVED CVE-2020-21290 RESERVED CVE-2020-21289 RESERVED CVE-2020-21288 RESERVED CVE-2020-21287 RESERVED CVE-2020-21286 RESERVED CVE-2020-21285 RESERVED CVE-2020-21284 RESERVED CVE-2020-21283 RESERVED CVE-2020-21282 RESERVED CVE-2020-21281 RESERVED CVE-2020-21280 RESERVED CVE-2020-21279 RESERVED CVE-2020-21278 RESERVED CVE-2020-21277 RESERVED CVE-2020-21276 RESERVED CVE-2020-21275 RESERVED CVE-2020-21274 RESERVED CVE-2020-21273 RESERVED CVE-2020-21272 RESERVED CVE-2020-21271 RESERVED CVE-2020-21270 RESERVED CVE-2020-21269 RESERVED CVE-2020-21268 RESERVED CVE-2020-21267 RESERVED CVE-2020-21266 (Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) ...) NOT-FOR-US: Broadleaf Commerce CVE-2020-21265 RESERVED CVE-2020-21264 RESERVED CVE-2020-21263 RESERVED CVE-2020-21262 RESERVED CVE-2020-21261 RESERVED CVE-2020-21260 RESERVED CVE-2020-21259 RESERVED CVE-2020-21258 RESERVED CVE-2020-21257 RESERVED CVE-2020-21256 RESERVED CVE-2020-21255 RESERVED CVE-2020-21254 RESERVED CVE-2020-21253 RESERVED CVE-2020-21252 RESERVED CVE-2020-21251 RESERVED CVE-2020-21250 (CSZ CMS v1.2.4 was discovered to contain an arbitrary file upload vuln ...) NOT-FOR-US: CSZ CMS CVE-2020-21249 RESERVED CVE-2020-21248 RESERVED CVE-2020-21247 RESERVED CVE-2020-21246 RESERVED CVE-2020-21245 RESERVED CVE-2020-21244 (An issue was discovered in FrontAccounting 2.4.7. There is a Directory ...) - frontaccounting CVE-2020-21243 RESERVED CVE-2020-21242 RESERVED CVE-2020-21241 RESERVED CVE-2020-21240 RESERVED CVE-2020-21239 RESERVED CVE-2020-21238 RESERVED CVE-2020-21237 RESERVED CVE-2020-21236 RESERVED CVE-2020-21235 RESERVED CVE-2020-21234 RESERVED CVE-2020-21233 RESERVED CVE-2020-21232 RESERVED CVE-2020-21231 RESERVED CVE-2020-21230 RESERVED CVE-2020-21229 RESERVED CVE-2020-21228 (JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in ...) NOT-FOR-US: JIZHICMS CVE-2020-21227 RESERVED CVE-2020-21226 RESERVED CVE-2020-21225 RESERVED CVE-2020-21224 (A Remote Code Execution vulnerability has been found in Inspur Cluster ...) NOT-FOR-US: Inspur ClusterEngine CVE-2020-21223 RESERVED CVE-2020-21222 RESERVED CVE-2020-21221 RESERVED CVE-2020-21220 RESERVED CVE-2020-21219 RESERVED CVE-2020-21218 RESERVED CVE-2020-21217 RESERVED CVE-2020-21216 RESERVED CVE-2020-21215 RESERVED CVE-2020-21214 RESERVED CVE-2020-21213 RESERVED CVE-2020-21212 RESERVED CVE-2020-21211 RESERVED CVE-2020-21210 RESERVED CVE-2020-21209 RESERVED CVE-2020-21208 RESERVED CVE-2020-21207 RESERVED CVE-2020-21206 RESERVED CVE-2020-21205 RESERVED CVE-2020-21204 RESERVED CVE-2020-21203 RESERVED CVE-2020-21202 RESERVED CVE-2020-21201 RESERVED CVE-2020-21200 RESERVED CVE-2020-21199 RESERVED CVE-2020-21198 RESERVED CVE-2020-21197 RESERVED CVE-2020-21196 RESERVED CVE-2020-21195 RESERVED CVE-2020-21194 RESERVED CVE-2020-21193 RESERVED CVE-2020-21192 RESERVED CVE-2020-21191 RESERVED CVE-2020-21190 RESERVED CVE-2020-21189 RESERVED CVE-2020-21188 RESERVED CVE-2020-21187 RESERVED CVE-2020-21186 RESERVED CVE-2020-21185 RESERVED CVE-2020-21184 RESERVED CVE-2020-21183 RESERVED CVE-2020-21182 RESERVED CVE-2020-21181 RESERVED CVE-2020-21180 (Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers ...) NOT-FOR-US: koa2-blog CVE-2020-21179 (Sql injection vulnerability in koa2-blog 1.0.0 allows remote attackers ...) NOT-FOR-US: koa2-blog CVE-2020-21178 RESERVED CVE-2020-21177 RESERVED CVE-2020-21176 (SQL injection vulnerability in the model.increment and model.decrement ...) NOT-FOR-US: ThinkJS CVE-2020-21175 RESERVED CVE-2020-21174 RESERVED CVE-2020-21173 RESERVED CVE-2020-21172 RESERVED CVE-2020-21171 RESERVED CVE-2020-21170 RESERVED CVE-2020-21169 RESERVED CVE-2020-21168 RESERVED CVE-2020-21167 RESERVED CVE-2020-21166 RESERVED CVE-2020-21165 RESERVED CVE-2020-21164 RESERVED CVE-2020-21163 RESERVED CVE-2020-21162 RESERVED CVE-2020-21161 RESERVED CVE-2020-21160 RESERVED CVE-2020-21159 RESERVED CVE-2020-21158 RESERVED CVE-2020-21157 RESERVED CVE-2020-21156 RESERVED CVE-2020-21155 RESERVED CVE-2020-21154 RESERVED CVE-2020-21153 RESERVED CVE-2020-21152 RESERVED CVE-2020-21151 RESERVED CVE-2020-21150 RESERVED CVE-2020-21149 RESERVED CVE-2020-21148 RESERVED CVE-2020-21147 (RockOA V1.9.8 is affected by a cross-site scripting (XSS) vulnerabilit ...) NOT-FOR-US: RockOA CVE-2020-21146 (Feehi CMS 2.0.8 is affected by a cross-site scripting (XSS) vulnerabil ...) NOT-FOR-US: Feehi CMS CVE-2020-21145 RESERVED CVE-2020-21144 RESERVED CVE-2020-21143 RESERVED CVE-2020-21142 (Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire ...) NOT-FOR-US: IPFire CVE-2020-21141 (iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (C ...) NOT-FOR-US: iCMS CVE-2020-21140 RESERVED CVE-2020-21139 (EC Cloud E-Commerce System v1.3 was discovered to contain a Cross-Site ...) NOT-FOR-US: EC Cloud E-Commerce System CVE-2020-21138 RESERVED CVE-2020-21137 RESERVED CVE-2020-21136 RESERVED CVE-2020-21135 RESERVED CVE-2020-21134 RESERVED CVE-2020-21133 (SQL Injection vulnerability in Metinfo 7.0.0 beta in member/getpasswor ...) NOT-FOR-US: Metinfo CVE-2020-21132 (SQL Injection vulnerability in Metinfo 7.0.0beta in index.php. ...) NOT-FOR-US: Metinfo CVE-2020-21131 (SQL Injection vulnerability in MetInfo 7.0.0beta via admin/?n=language ...) NOT-FOR-US: Metinfo CVE-2020-21130 (Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the grou ...) NOT-FOR-US: HisiPHP CVE-2020-21129 RESERVED CVE-2020-21128 RESERVED CVE-2020-21127 (MetInfo 7.0.0 contains a SQL injection vulnerability via admin/?n=logs ...) NOT-FOR-US: MetInfo CVE-2020-21126 (MetInfo 7.0.0 contains a Cross-Site Request Forgery (CSRF) via admin/? ...) NOT-FOR-US: MetInfo CVE-2020-21125 (An arbitrary file creation vulnerability in UReport 2.2.9 allows attac ...) NOT-FOR-US: UReport CVE-2020-21124 (UReport 2.2.9 allows attackers to execute arbitrary code due to a lack ...) NOT-FOR-US: UReport CVE-2020-21123 RESERVED CVE-2020-21122 (UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the de ...) NOT-FOR-US: UReport CVE-2020-21121 (Pligg CMS 2.0.2 contains a time-based SQL injection vulnerability via ...) NOT-FOR-US: Pligg CMS CVE-2020-21120 RESERVED CVE-2020-21119 RESERVED CVE-2020-21118 RESERVED CVE-2020-21117 RESERVED CVE-2020-21116 RESERVED CVE-2020-21115 RESERVED CVE-2020-21114 RESERVED CVE-2020-21113 RESERVED CVE-2020-21112 RESERVED CVE-2020-21111 RESERVED CVE-2020-21110 RESERVED CVE-2020-21109 RESERVED CVE-2020-21108 RESERVED CVE-2020-21107 RESERVED CVE-2020-21106 RESERVED CVE-2020-21105 RESERVED CVE-2020-21104 RESERVED CVE-2020-21103 RESERVED CVE-2020-21102 RESERVED CVE-2020-21101 (Cross Site Scriptiong vulnerabilityin Screenly screenly-ose all versio ...) NOT-FOR-US: Screenly CVE-2020-21100 RESERVED CVE-2020-21099 RESERVED CVE-2020-21098 RESERVED CVE-2020-21097 RESERVED CVE-2020-21096 RESERVED CVE-2020-21095 RESERVED CVE-2020-21094 RESERVED CVE-2020-21093 RESERVED CVE-2020-21092 RESERVED CVE-2020-21091 RESERVED CVE-2020-21090 RESERVED CVE-2020-21089 RESERVED CVE-2020-21088 (Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows rem ...) NOT-FOR-US: X2engine X2CRM CVE-2020-21087 (Cross Site Scripting (XSS) in X2Engine X2CRM v6.9 and older allows rem ...) NOT-FOR-US: X2engine X2CRM CVE-2020-21086 RESERVED CVE-2020-21085 RESERVED CVE-2020-21084 RESERVED CVE-2020-21083 RESERVED CVE-2020-21082 (A cross-site scripting (XSS) vulnerability in the background administr ...) NOT-FOR-US: Maccms CVE-2020-21081 (A cross-site request forgery (CSRF) in Maccms 8.0 causes administrator ...) NOT-FOR-US: Maccms CVE-2020-21080 RESERVED CVE-2020-21079 RESERVED CVE-2020-21078 RESERVED CVE-2020-21077 RESERVED CVE-2020-21076 RESERVED CVE-2020-21075 RESERVED CVE-2020-21074 RESERVED CVE-2020-21073 RESERVED CVE-2020-21072 RESERVED CVE-2020-21071 RESERVED CVE-2020-21070 RESERVED CVE-2020-21069 RESERVED CVE-2020-21068 RESERVED CVE-2020-21067 RESERVED CVE-2020-21066 (An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-ove ...) NOT-FOR-US: Bento4 CVE-2020-21065 RESERVED CVE-2020-21064 REJECTED CVE-2020-21063 RESERVED CVE-2020-21062 RESERVED CVE-2020-21061 RESERVED CVE-2020-21060 RESERVED CVE-2020-21059 RESERVED CVE-2020-21058 RESERVED CVE-2020-21057 (Directory Traversal vulnerability in FusionPBX 4.5.7, which allows a r ...) NOT-FOR-US: FusionPBX CVE-2020-21056 (Directory Traversal vulnerability exists in FusionPBX 4.5.7, which all ...) NOT-FOR-US: FusionPBX CVE-2020-21055 (A Directory Traversal vulnerability exists in FusionPBX 4.5.7 allows m ...) NOT-FOR-US: FusionPBX CVE-2020-21054 (Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.7 allows rem ...) NOT-FOR-US: FusionPBX CVE-2020-21053 (Cross Site Scriptiong (XSS) vulnerability exists in FusionPBX 4.5.7 al ...) NOT-FOR-US: FusionPBX CVE-2020-21052 RESERVED CVE-2020-21051 RESERVED CVE-2020-21050 (Libsixel prior to v1.8.3 contains a stack buffer overflow in the funct ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/commit/7808a06b88c11dbc502318cdd51fa374f8cd47ee (v1.8.3) NOTE: https://github.com/saitoha/libsixel/issues/75 CVE-2020-21049 (An invalid read in the stb_image.h component of libsixel prior to v1.8 ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/74 NOTE: https://github.com/saitoha/libsixel/commit/0b1e0b3f7b44233f84e5c9f512f8c90d6bbbe33d (v1.8.5) CVE-2020-21048 (An issue in the dither.c component of libsixel prior to v1.8.4 allows ...) - libsixel 1.8.6-1 [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/73 NOTE: https://github.com/saitoha/libsixel/commit/cb373ab6614c910407c5e5a93ab935144e62b037 (v1.8.4) NOTE: https://github.com/saitoha/libsixel/commit/26ac06f3623279348f0dce2d191a9b6ca0c80226 (v1.8.4) CVE-2020-21047 RESERVED CVE-2020-21046 RESERVED CVE-2020-21045 RESERVED CVE-2020-21044 RESERVED CVE-2020-21043 RESERVED CVE-2020-21042 RESERVED CVE-2020-21041 (Buffer Overflow vulnerability exists in FFmpeg 4.1 via apng_do_inverse ...) {DSA-4990-1 DLA-2742-1} [experimental] - ffmpeg 7:4.4-1 - ffmpeg 7:4.3.2-0+deb11u2 (bug #989439) [stretch] - ffmpeg (Wait for 4.1.9) NOTE: https://trac.ffmpeg.org/ticket/7989 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5d9f44da460f781a1604d537d0555b78e29438ba CVE-2020-21040 RESERVED CVE-2020-21039 RESERVED CVE-2020-21038 RESERVED CVE-2020-21037 RESERVED CVE-2020-21036 RESERVED CVE-2020-21035 RESERVED CVE-2020-21034 RESERVED CVE-2020-21033 RESERVED CVE-2020-21032 RESERVED CVE-2020-21031 RESERVED CVE-2020-21030 RESERVED CVE-2020-21029 RESERVED CVE-2020-21028 RESERVED CVE-2020-21027 RESERVED CVE-2020-21026 RESERVED CVE-2020-21025 RESERVED CVE-2020-21024 RESERVED CVE-2020-21023 RESERVED CVE-2020-21022 RESERVED CVE-2020-21021 RESERVED CVE-2020-21020 RESERVED CVE-2020-21019 RESERVED CVE-2020-21018 RESERVED CVE-2020-21017 RESERVED CVE-2020-21016 RESERVED CVE-2020-21015 RESERVED CVE-2020-21014 (emlog v6.0.0 contains an arbitrary file deletion vulnerability in admi ...) NOT-FOR-US: emlog CVE-2020-21013 (emlog v6.0.0 contains a SQL injection via /admin/comment.php. ...) NOT-FOR-US: emlog CVE-2020-21012 (Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to ...) NOT-FOR-US: Sourcecodester Hotel and Lodge Management System CVE-2020-21011 RESERVED CVE-2020-21010 RESERVED CVE-2020-21009 REJECTED CVE-2020-21008 RESERVED CVE-2020-21007 RESERVED CVE-2020-21006 RESERVED CVE-2020-21005 (WellCMS 2.0 beta3 is vulnerable to File Upload. A user can log in to t ...) NOT-FOR-US: WellCMS CVE-2020-21004 RESERVED CVE-2020-21003 (Pbootcms v2.0.3 is vulnerable to Cross Site Scripting (XSS) via admin. ...) NOT-FOR-US: Pbootcms CVE-2020-21002 RESERVED CVE-2020-21001 RESERVED CVE-2020-21000 RESERVED CVE-2020-20999 RESERVED CVE-2020-20998 RESERVED CVE-2020-20997 RESERVED CVE-2020-20996 RESERVED CVE-2020-20995 RESERVED CVE-2020-20994 RESERVED CVE-2020-20993 RESERVED CVE-2020-20992 RESERVED CVE-2020-20991 RESERVED CVE-2020-20990 (A cross site scripting (XSS) vulnerability in the /segments/edit.php c ...) NOT-FOR-US: DomainMOD CVE-2020-20989 (A cross-site request forgery (CSRF) in /admin/maintenance/ of Domainmo ...) NOT-FOR-US: DomainMOD CVE-2020-20988 (A cross site scripting (XSS) vulnerability in the /domains/cost-by-own ...) NOT-FOR-US: DomainMOD CVE-2020-20987 RESERVED CVE-2020-20986 RESERVED CVE-2020-20985 RESERVED CVE-2020-20984 RESERVED CVE-2020-20983 RESERVED CVE-2020-20982 (Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allo ...) NOT-FOR-US: shadoweb wdja CVE-2020-20981 (A SQL injection in the /admin/?n=logs&c=index&a=dolist compone ...) NOT-FOR-US: Metinfo CVE-2020-20980 RESERVED CVE-2020-20979 (An arbitrary file upload vulnerability in the move_uploaded_file() fun ...) NOT-FOR-US: LJCMS CVE-2020-20978 RESERVED CVE-2020-20977 (A stored cross site scripting (XSS) vulnerability in index.php/legend/ ...) NOT-FOR-US: UK CMS CVE-2020-20976 RESERVED CVE-2020-20975 (In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injectio ...) NOT-FOR-US: Gxlcms CVE-2020-20974 RESERVED CVE-2020-20973 RESERVED CVE-2020-20972 RESERVED CVE-2020-20971 RESERVED CVE-2020-20970 RESERVED CVE-2020-20969 RESERVED CVE-2020-20968 RESERVED CVE-2020-20967 RESERVED CVE-2020-20966 RESERVED CVE-2020-20965 RESERVED CVE-2020-20964 RESERVED CVE-2020-20963 RESERVED CVE-2020-20962 RESERVED CVE-2020-20961 RESERVED CVE-2020-20960 RESERVED CVE-2020-20959 RESERVED CVE-2020-20958 RESERVED CVE-2020-20957 RESERVED CVE-2020-20956 RESERVED CVE-2020-20955 RESERVED CVE-2020-20954 RESERVED CVE-2020-20953 RESERVED CVE-2020-20952 RESERVED CVE-2020-20951 (In Pluck-4.7.10-dev2 admin background, a remote command execution vuln ...) NOT-FOR-US: Pluck CMS CVE-2020-20950 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip L ...) NOT-FOR-US: Microchip Libraries for Applications CVE-2020-20949 (Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 crypt ...) NOT-FOR-US: STM32 cryptographic firmware library CVE-2020-20948 RESERVED CVE-2020-20947 RESERVED CVE-2020-20946 RESERVED CVE-2020-20945 RESERVED CVE-2020-20944 RESERVED CVE-2020-20943 RESERVED CVE-2020-20942 RESERVED CVE-2020-20941 RESERVED CVE-2020-20940 RESERVED CVE-2020-20939 RESERVED CVE-2020-20938 RESERVED CVE-2020-20937 RESERVED CVE-2020-20936 RESERVED CVE-2020-20935 RESERVED CVE-2020-20934 RESERVED CVE-2020-20933 RESERVED CVE-2020-20932 RESERVED CVE-2020-20931 RESERVED CVE-2020-20930 RESERVED CVE-2020-20929 RESERVED CVE-2020-20928 RESERVED CVE-2020-20927 RESERVED CVE-2020-20926 RESERVED CVE-2020-20925 RESERVED CVE-2020-20924 RESERVED CVE-2020-20923 RESERVED CVE-2020-20922 RESERVED CVE-2020-20921 RESERVED CVE-2020-20920 RESERVED CVE-2020-20919 RESERVED CVE-2020-20918 RESERVED CVE-2020-20917 RESERVED CVE-2020-20916 RESERVED CVE-2020-20915 RESERVED CVE-2020-20914 RESERVED CVE-2020-20913 RESERVED CVE-2020-20912 RESERVED CVE-2020-20911 RESERVED CVE-2020-20910 RESERVED CVE-2020-20909 RESERVED CVE-2020-20908 (Akaunting v1.3.17 was discovered to contain a stored cross-site script ...) NOT-FOR-US: Akaunting CVE-2020-20907 (MetInfo 7.0 beta is affected by a file modification vulnerability. Att ...) NOT-FOR-US: MetInfo CVE-2020-20906 RESERVED CVE-2020-20905 RESERVED CVE-2020-20904 RESERVED CVE-2020-20903 RESERVED CVE-2020-20902 (A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter ...) {DSA-4722-1} - ffmpeg 7:4.2.2-1 [stretch] - ffmpeg (Minor issue; can be fixed in next update) NOTE: https://trac.ffmpeg.org/ticket/8176 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5f0acc5064ed501cb40d4aaccae2b3ce5c4552fd (4.3) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2c78a76cb0443f8a12a5eadc3b58373aa2f4ab22 (4.3) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=b97aaf791f6ea3506a6252ecef6a1a0e9a542e04 (4.2.2) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=81672bf00f3b5a3c025034f4b2e33d67b72f3839 (4.2.2) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a0c91fb0f0641f9f35f650281a176657907097cf (4.1.5) CVE-2020-20901 REJECTED CVE-2020-20900 REJECTED CVE-2020-20899 REJECTED CVE-2020-20898 (Integer Overflow vulnerability in function filter16_prewitt in libavfi ...) - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/99f8d32129dd233d4eb2efa44678a0bc44869f23 (4.3) NOTE: https://trac.ffmpeg.org/ticket/8263 CVE-2020-20897 REJECTED CVE-2020-20896 (An issue was discovered in function latm_write_packet in libavformat/l ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg (Wait for 4.1.9) [stretch] - ffmpeg (Minor issue; can be fixed in next update) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/dd01947397b98e94c3f2a79d5820aaf4594f4d3b (4.3) NOTE: https://trac.ffmpeg.org/ticket/8273 CVE-2020-20895 REJECTED CVE-2020-20894 REJECTED CVE-2020-20893 REJECTED CVE-2020-20892 (An issue was discovered in function filter_frame in libavfilter/vf_len ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg (Minor issue) [stretch] - ffmpeg (Minor issue; can be fixed in next update) NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=19587c9332f5be4f6bc6d7b2b8ef3fd21dfeaa01 (4.3) NOTE: https://trac.ffmpeg.org/ticket/8265 CVE-2020-20891 (Buffer Overflow vulnerability in function config_input in libavfilter/ ...) - ffmpeg 7:4.3-2 [buster] - ffmpeg (Wait for 4.1.9) [stretch] - ffmpeg (Minor issue; can be fixed in next update) NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/64a805883d7223c868a683f0030837d859edd2ab (4.3) NOTE: https://trac.ffmpeg.org/ticket/8282 CVE-2020-20890 RESERVED CVE-2020-20889 RESERVED CVE-2020-20888 RESERVED CVE-2020-20887 RESERVED CVE-2020-20886 RESERVED CVE-2020-20885 RESERVED CVE-2020-20884 RESERVED CVE-2020-20883 RESERVED CVE-2020-20882 RESERVED CVE-2020-20881 RESERVED CVE-2020-20880 RESERVED CVE-2020-20879 RESERVED CVE-2020-20878 RESERVED CVE-2020-20877 RESERVED CVE-2020-20876 RESERVED CVE-2020-20875 RESERVED CVE-2020-20874 RESERVED CVE-2020-20873 RESERVED CVE-2020-20872 RESERVED CVE-2020-20871 RESERVED CVE-2020-20870 RESERVED CVE-2020-20869 RESERVED CVE-2020-20868 RESERVED CVE-2020-20867 RESERVED CVE-2020-20866 RESERVED CVE-2020-20865 RESERVED CVE-2020-20864 RESERVED CVE-2020-20863 RESERVED CVE-2020-20862 RESERVED CVE-2020-20861 RESERVED CVE-2020-20860 RESERVED CVE-2020-20859 RESERVED CVE-2020-20858 RESERVED CVE-2020-20857 RESERVED CVE-2020-20856 RESERVED CVE-2020-20855 RESERVED CVE-2020-20854 RESERVED CVE-2020-20853 RESERVED CVE-2020-20852 RESERVED CVE-2020-20851 RESERVED CVE-2020-20850 RESERVED CVE-2020-20849 RESERVED CVE-2020-20848 RESERVED CVE-2020-20847 RESERVED CVE-2020-20846 RESERVED CVE-2020-20845 RESERVED CVE-2020-20844 RESERVED CVE-2020-20843 RESERVED CVE-2020-20842 RESERVED CVE-2020-20841 RESERVED CVE-2020-20840 RESERVED CVE-2020-20839 RESERVED CVE-2020-20838 RESERVED CVE-2020-20837 RESERVED CVE-2020-20836 RESERVED CVE-2020-20835 RESERVED CVE-2020-20834 RESERVED CVE-2020-20833 RESERVED CVE-2020-20832 RESERVED CVE-2020-20831 RESERVED CVE-2020-20830 RESERVED CVE-2020-20829 RESERVED CVE-2020-20828 RESERVED CVE-2020-20827 RESERVED CVE-2020-20826 RESERVED CVE-2020-20825 RESERVED CVE-2020-20824 RESERVED CVE-2020-20823 RESERVED CVE-2020-20822 RESERVED CVE-2020-20821 RESERVED CVE-2020-20820 RESERVED CVE-2020-20819 RESERVED CVE-2020-20818 RESERVED CVE-2020-20817 RESERVED CVE-2020-20816 RESERVED CVE-2020-20815 RESERVED CVE-2020-20814 RESERVED CVE-2020-20813 RESERVED CVE-2020-20812 RESERVED CVE-2020-20811 RESERVED CVE-2020-20810 RESERVED CVE-2020-20809 RESERVED CVE-2020-20808 RESERVED CVE-2020-20807 RESERVED CVE-2020-20806 RESERVED CVE-2020-20805 RESERVED CVE-2020-20804 RESERVED CVE-2020-20803 RESERVED CVE-2020-20802 RESERVED CVE-2020-20801 RESERVED CVE-2020-20800 (An issue was discovered in MetInfo v7.0.0 beta. There is SQL Injection ...) NOT-FOR-US: MetInfo CVE-2020-20799 (JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerabilit ...) NOT-FOR-US: JeeCMS CVE-2020-20798 RESERVED CVE-2020-20797 (FlameCMS 3.3.5 contains a time-based blind SQL injection vulnerability ...) NOT-FOR-US: FlameCMS CVE-2020-20796 (FlameCMS 3.3.5 contains a SQL injection vulnerability in /master/artic ...) NOT-FOR-US: FlameCMS CVE-2020-20795 RESERVED CVE-2020-20794 RESERVED CVE-2020-20793 RESERVED CVE-2020-20792 RESERVED CVE-2020-20791 RESERVED CVE-2020-20790 RESERVED CVE-2020-20789 RESERVED CVE-2020-20788 RESERVED CVE-2020-20787 RESERVED CVE-2020-20786 RESERVED CVE-2020-20785 RESERVED CVE-2020-20784 RESERVED CVE-2020-20783 RESERVED CVE-2020-20782 RESERVED CVE-2020-20781 (A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?d ...) NOT-FOR-US: UCMS CVE-2020-20780 RESERVED CVE-2020-20779 RESERVED CVE-2020-20778 RESERVED CVE-2020-20777 RESERVED CVE-2020-20776 RESERVED CVE-2020-20775 RESERVED CVE-2020-20774 RESERVED CVE-2020-20773 RESERVED CVE-2020-20772 RESERVED CVE-2020-20771 RESERVED CVE-2020-20770 RESERVED CVE-2020-20769 RESERVED CVE-2020-20768 RESERVED CVE-2020-20767 RESERVED CVE-2020-20766 RESERVED CVE-2020-20765 RESERVED CVE-2020-20764 RESERVED CVE-2020-20763 RESERVED CVE-2020-20762 RESERVED CVE-2020-20761 RESERVED CVE-2020-20760 RESERVED CVE-2020-20759 RESERVED CVE-2020-20758 RESERVED CVE-2020-20757 RESERVED CVE-2020-20756 RESERVED CVE-2020-20755 RESERVED CVE-2020-20754 RESERVED CVE-2020-20753 RESERVED CVE-2020-20752 RESERVED CVE-2020-20751 RESERVED CVE-2020-20750 RESERVED CVE-2020-20749 RESERVED CVE-2020-20748 RESERVED CVE-2020-20747 RESERVED CVE-2020-20746 (A stack-based buffer overflow in the httpd server on Tenda AC9 V15.03. ...) NOT-FOR-US: Tenda CVE-2020-20745 RESERVED CVE-2020-20744 RESERVED CVE-2020-20743 RESERVED CVE-2020-20742 RESERVED CVE-2020-20741 (Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX90 ...) NOT-FOR-US: Beckhoff CVE-2020-20740 (PDFResurrect before 0.20 lack of header validation checks causes heap- ...) {DLA-2475-1} - pdfresurrect 0.21-1 [buster] - pdfresurrect (Minor issue) NOTE: https://github.com/enferex/pdfresurrect/commit/1b422459f07353adce2878806d5247d9e91fb397 (v0.21) NOTE: https://github.com/enferex/pdfresurrect/issues/14 CVE-2020-20739 (im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips befo ...) {DLA-2473-1} - vips 8.9.0-1 [buster] - vips 8.7.4-1+deb10u1 NOTE: https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a (v8.9.0-alpha1) NOTE: https://github.com/libvips/libvips/issues/1419 CVE-2020-20738 RESERVED CVE-2020-20737 RESERVED CVE-2020-20736 RESERVED CVE-2020-20735 RESERVED CVE-2020-20734 RESERVED CVE-2020-20733 RESERVED CVE-2020-20732 RESERVED CVE-2020-20731 RESERVED CVE-2020-20730 RESERVED CVE-2020-20729 RESERVED CVE-2020-20728 RESERVED CVE-2020-20727 RESERVED CVE-2020-20726 RESERVED CVE-2020-20725 RESERVED CVE-2020-20724 RESERVED CVE-2020-20723 RESERVED CVE-2020-20722 RESERVED CVE-2020-20721 RESERVED CVE-2020-20720 RESERVED CVE-2020-20719 RESERVED CVE-2020-20718 RESERVED CVE-2020-20717 RESERVED CVE-2020-20716 RESERVED CVE-2020-20715 RESERVED CVE-2020-20714 RESERVED CVE-2020-20713 RESERVED CVE-2020-20712 RESERVED CVE-2020-20711 RESERVED CVE-2020-20710 RESERVED CVE-2020-20709 RESERVED CVE-2020-20708 RESERVED CVE-2020-20707 RESERVED CVE-2020-20706 RESERVED CVE-2020-20705 RESERVED CVE-2020-20704 RESERVED CVE-2020-20703 RESERVED CVE-2020-20702 RESERVED CVE-2020-20701 (A stored cross site scripting (XSS) vulnerability in /app/config/of S- ...) NOT-FOR-US: S-CMS PHP CVE-2020-20700 (A stored cross site scripting (XSS) vulnerability in /app/form_add/of ...) NOT-FOR-US: S-CMS PHP CVE-2020-20699 (A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows at ...) NOT-FOR-US: S-CMS PHP CVE-2020-20698 (A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP ...) NOT-FOR-US: S-CMS PHP CVE-2020-20697 RESERVED CVE-2020-20696 (A cross-site scripting (XSS) vulnerability in /admin/content/post of G ...) NOT-FOR-US: GilaCMS CVE-2020-20695 (A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 a ...) NOT-FOR-US: GilaCMS CVE-2020-20694 RESERVED CVE-2020-20693 (A Cross-Site Request Forgery (CSRF) in GilaCMS v1.11.4 allows authenti ...) NOT-FOR-US: GilaCMS CVE-2020-20692 (GilaCMS v1.11.4 was discovered to contain a SQL injection vulnerabilit ...) NOT-FOR-US: GilaCMS CVE-2020-20691 (An issue in Monstra CMS v3.0.4 allows attackers to execute arbitrary w ...) NOT-FOR-US: Monstra CMS CVE-2020-20690 RESERVED CVE-2020-20689 RESERVED CVE-2020-20688 RESERVED CVE-2020-20687 RESERVED CVE-2020-20686 RESERVED CVE-2020-20685 RESERVED CVE-2020-20684 RESERVED CVE-2020-20683 RESERVED CVE-2020-20682 RESERVED CVE-2020-20681 RESERVED CVE-2020-20680 RESERVED CVE-2020-20679 RESERVED CVE-2020-20678 RESERVED CVE-2020-20677 RESERVED CVE-2020-20676 RESERVED CVE-2020-20675 (Nuishop v2.3 contains a SQL injection vulnerability in /goods/getGoods ...) NOT-FOR-US: Nuishop CVE-2020-20674 RESERVED CVE-2020-20673 RESERVED CVE-2020-20672 (An arbitrary file upload vulnerability in /admin/upload/uploadfile of ...) NOT-FOR-US: KiteCMS CVE-2020-20671 (A cross-site request forgery (CSRF) in KiteCMS V1.1 allows attackers t ...) NOT-FOR-US: KiteCMS CVE-2020-20670 (An arbitrary file upload vulnerability in /admin/media/upload of ZKEAC ...) NOT-FOR-US: ZKEACMS CVE-2020-20669 RESERVED CVE-2020-20668 RESERVED CVE-2020-20667 RESERVED CVE-2020-20666 RESERVED CVE-2020-20665 (rudp v0.6 was discovered to contain a memory leak in the component mai ...) NOT-FOR-US: rudp CVE-2020-20664 (libiec_iccp_mod v1.5 contains a segmentation violation in the componen ...) NOT-FOR-US: libiec_iccp_mod CVE-2020-20663 (libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component ...) NOT-FOR-US: libiec_iccp_mod CVE-2020-20662 (libiec_iccp_mod v1.5 contains a heap-buffer-overflow in the component ...) NOT-FOR-US: libiec_iccp_mod CVE-2020-20661 RESERVED CVE-2020-20660 RESERVED CVE-2020-20659 RESERVED CVE-2020-20658 (Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows ...) NOT-FOR-US: fcovatti libiec_iccp_mod CVE-2020-20657 (Buffer overflow vulnerability in fcovatti libiec_iccp_mod v1.5, allows ...) NOT-FOR-US: fcovatti libiec_iccp_mod CVE-2020-20656 RESERVED CVE-2020-20655 RESERVED CVE-2020-20654 RESERVED CVE-2020-20653 RESERVED CVE-2020-20652 RESERVED CVE-2020-20651 RESERVED CVE-2020-20650 RESERVED CVE-2020-20649 RESERVED CVE-2020-20648 RESERVED CVE-2020-20647 RESERVED CVE-2020-20646 RESERVED CVE-2020-20645 (Cross Site Scripting (XSS) vulnerability exists in EyouCMS1.3.6 in the ...) NOT-FOR-US: EyouCMS CVE-2020-20644 RESERVED CVE-2020-20643 RESERVED CVE-2020-20642 (Cross Site Request Forgery (CSRF) vulnerability exists in EyouCMS 1.3. ...) NOT-FOR-US: EyouCMS CVE-2020-20641 RESERVED CVE-2020-20640 (Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security ...) NOT-FOR-US: ECShop CVE-2020-20639 RESERVED CVE-2020-20638 RESERVED CVE-2020-20637 RESERVED CVE-2020-20636 RESERVED CVE-2020-20635 RESERVED CVE-2020-20634 (Elementor 2.9.5 and below WordPress plugin allows authenticated users ...) NOT-FOR-US: Wordpress plugin CVE-2020-20633 (ajax_policy_generator in admin/modules/cli-policy-generator/classes/cl ...) NOT-FOR-US: Wordpress plugin CVE-2020-20632 RESERVED CVE-2020-20631 RESERVED CVE-2020-20630 RESERVED CVE-2020-20629 RESERVED CVE-2020-20628 (controller/controller-comments.php in WP GDPR plugin through 2.1.1 has ...) NOT-FOR-US: WP GDPR plugin CVE-2020-20627 (The includes/gateways/stripe/includes/admin/admin-actions.php in GiveW ...) NOT-FOR-US: includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin for WordPress CVE-2020-20626 (lara-google-analytics.php in Lara Google Analytics plugin through 2.0. ...) NOT-FOR-US: Lara Google Analytics plugin for WordPress CVE-2020-20625 (Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthen ...) NOT-FOR-US: Sliced Invoices plugin for WordPress CVE-2020-20624 RESERVED CVE-2020-20623 RESERVED CVE-2020-20622 RESERVED CVE-2020-20621 RESERVED CVE-2020-20620 RESERVED CVE-2020-20619 RESERVED CVE-2020-20618 RESERVED CVE-2020-20617 RESERVED CVE-2020-20616 RESERVED CVE-2020-20615 RESERVED CVE-2020-20614 RESERVED CVE-2020-20613 RESERVED CVE-2020-20612 RESERVED CVE-2020-20611 RESERVED CVE-2020-20610 RESERVED CVE-2020-20609 RESERVED CVE-2020-20608 RESERVED CVE-2020-20607 RESERVED CVE-2020-20606 RESERVED CVE-2020-20605 RESERVED CVE-2020-20604 RESERVED CVE-2020-20603 RESERVED CVE-2020-20602 RESERVED CVE-2020-20601 RESERVED CVE-2020-20600 RESERVED CVE-2020-20599 RESERVED CVE-2020-20598 RESERVED CVE-2020-20597 RESERVED CVE-2020-20596 RESERVED CVE-2020-20595 RESERVED CVE-2020-20594 RESERVED CVE-2020-20593 RESERVED CVE-2020-20592 RESERVED CVE-2020-20591 RESERVED CVE-2020-20590 RESERVED CVE-2020-20589 RESERVED CVE-2020-20588 RESERVED CVE-2020-20587 RESERVED CVE-2020-20586 (A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s= ...) NOT-FOR-US: XYHCMS CVE-2020-20585 (A blind SQL injection in /admin/?n=logs&c=index&a=dode of Meti ...) NOT-FOR-US: Metinfo CVE-2020-20584 (A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows a ...) NOT-FOR-US: baigo CMS CVE-2020-20583 (A SQL injection vulnerability in /question.php of LJCMS Version v4.3.R ...) NOT-FOR-US: LJCMS CVE-2020-20582 (A server side request forgery (SSRF) vulnerability in /ApiAdminDomainS ...) NOT-FOR-US: MipCMS CVE-2020-20581 RESERVED CVE-2020-20580 RESERVED CVE-2020-20579 RESERVED CVE-2020-20578 RESERVED CVE-2020-20577 RESERVED CVE-2020-20576 RESERVED CVE-2020-20575 RESERVED CVE-2020-20574 RESERVED CVE-2020-20573 RESERVED CVE-2020-20572 RESERVED CVE-2020-20571 RESERVED CVE-2020-20570 RESERVED CVE-2020-20569 RESERVED CVE-2020-20568 RESERVED CVE-2020-20567 RESERVED CVE-2020-20566 RESERVED CVE-2020-20565 RESERVED CVE-2020-20564 RESERVED CVE-2020-20563 RESERVED CVE-2020-20562 RESERVED CVE-2020-20561 RESERVED CVE-2020-20560 RESERVED CVE-2020-20559 RESERVED CVE-2020-20558 RESERVED CVE-2020-20557 RESERVED CVE-2020-20556 RESERVED CVE-2020-20555 RESERVED CVE-2020-20554 RESERVED CVE-2020-20553 RESERVED CVE-2020-20552 RESERVED CVE-2020-20551 RESERVED CVE-2020-20550 RESERVED CVE-2020-20549 RESERVED CVE-2020-20548 RESERVED CVE-2020-20547 RESERVED CVE-2020-20546 RESERVED CVE-2020-20545 (Cross-Site Scripting (XSS) vulnerability in Zhiyuan G6 Government Coll ...) NOT-FOR-US: Zhiyuan G6 Government Collaboration System CVE-2020-20544 RESERVED CVE-2020-20543 RESERVED CVE-2020-20542 RESERVED CVE-2020-20541 RESERVED CVE-2020-20540 RESERVED CVE-2020-20539 RESERVED CVE-2020-20538 RESERVED CVE-2020-20537 RESERVED CVE-2020-20536 RESERVED CVE-2020-20535 RESERVED CVE-2020-20534 RESERVED CVE-2020-20533 RESERVED CVE-2020-20532 RESERVED CVE-2020-20531 RESERVED CVE-2020-20530 RESERVED CVE-2020-20529 RESERVED CVE-2020-20528 RESERVED CVE-2020-20527 RESERVED CVE-2020-20526 RESERVED CVE-2020-20525 RESERVED CVE-2020-20524 RESERVED CVE-2020-20523 RESERVED CVE-2020-20522 RESERVED CVE-2020-20521 RESERVED CVE-2020-20520 RESERVED CVE-2020-20519 RESERVED CVE-2020-20518 RESERVED CVE-2020-20517 RESERVED CVE-2020-20516 RESERVED CVE-2020-20515 RESERVED CVE-2020-20514 (A Cross-Site Request Forgery (CSRF) in Maccms v10 via admin.php/admin/ ...) NOT-FOR-US: Maccms CVE-2020-20513 RESERVED CVE-2020-20512 RESERVED CVE-2020-20511 RESERVED CVE-2020-20510 RESERVED CVE-2020-20509 RESERVED CVE-2020-20508 (Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerab ...) NOT-FOR-US: Shopkit CVE-2020-20507 RESERVED CVE-2020-20506 RESERVED CVE-2020-20505 RESERVED CVE-2020-20504 RESERVED CVE-2020-20503 RESERVED CVE-2020-20502 RESERVED CVE-2020-20501 RESERVED CVE-2020-20500 RESERVED CVE-2020-20499 RESERVED CVE-2020-20498 RESERVED CVE-2020-20497 RESERVED CVE-2020-20496 RESERVED CVE-2020-20495 (bludit v3.13.0 contains an arbitrary file deletion vulnerability in th ...) NOT-FOR-US: bludit NOTE: https://github.com/bludit/bludit CVE-2020-20494 RESERVED CVE-2020-20493 RESERVED CVE-2020-20492 RESERVED CVE-2020-20491 RESERVED CVE-2020-20490 (A heap buffer-overflow in the client_example1.c component of libiec_ic ...) NOT-FOR-US: libiec_iccp_mod NOTE: https://github.com/fcovatti/libiec_iccp_mod NOTE: IEC 61850 CVE-2020-20489 RESERVED CVE-2020-20488 RESERVED CVE-2020-20487 RESERVED CVE-2020-20486 (IEC104 v1.0 contains a stack-buffer overflow in the parameter Iec10x_S ...) NOT-FOR-US: IEC104 NOTE: https://github.com/airpig2011/IEC104 CVE-2020-20485 RESERVED CVE-2020-20484 RESERVED CVE-2020-20483 RESERVED CVE-2020-20482 RESERVED CVE-2020-20481 RESERVED CVE-2020-20480 RESERVED CVE-2020-20479 RESERVED CVE-2020-20478 RESERVED CVE-2020-20477 RESERVED CVE-2020-20476 RESERVED CVE-2020-20475 RESERVED CVE-2020-20474 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20473 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20472 (White Shark System (WSS) 1.3.2 has a sensitive information disclosure ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20471 (White Shark System (WSS) 1.3.2 has an unauthorized access vulnerabilit ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20470 (White Shark System (WSS) 1.3.2 has web site physical path leakage vuln ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20469 (White Shark System (WSS) 1.3.2 has a SQL injection vulnerability. The ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20468 (White Shark System (WSS) 1.3.2 is vulnerable to CSRF. Attackers can us ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20467 (White Shark System (WSS) 1.3.2 is vulnerable to sensitive information ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20466 (White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access vi ...) NOT-FOR-US: White Shark System (WSS) CVE-2020-20465 RESERVED CVE-2020-20464 RESERVED CVE-2020-20463 RESERVED CVE-2020-20462 RESERVED CVE-2020-20461 RESERVED CVE-2020-20460 RESERVED CVE-2020-20459 RESERVED CVE-2020-20458 RESERVED CVE-2020-20457 RESERVED CVE-2020-20456 RESERVED CVE-2020-20455 RESERVED CVE-2020-20454 RESERVED CVE-2020-20453 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aaccod ...) {DSA-4998-1 DSA-4990-1 DLA-2818-1} - ffmpeg 7:4.4.1-1 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8003 NOTE: Negligible security impact NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7a7f32c8ad0179a1a85d0a8cff35924e6d90be8 CVE-2020-20452 RESERVED CVE-2020-20451 (Denial of Service issue in FFmpeg 4.2 due to resource management error ...) {DLA-2818-1} - ffmpeg 7:4.3-2 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/8094 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=21265f42ecb265debe9fec1dbfd0cb7de5a8aefb NOTE: Negligible security impact CVE-2020-20450 (FFmpeg 4.2 is affected by null pointer dereference passed as argument ...) {DSA-4998-1} [experimental] - ffmpeg 7:4.4-1 - ffmpeg 7:4.4-5 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://trac.ffmpeg.org/ticket/7993 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=5400e4a50c61e53e1bc50b3e77201649bbe9c510 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3865b1952e5cf993b016d83ba78fe1deb63bbfad (4.3) NOTE: Negligible security impact CVE-2020-20449 RESERVED CVE-2020-20448 (FFmpeg 4.1.3 is affected by a Divide By Zero issue via libavcodec/rate ...) {DSA-4722-1} - ffmpeg 7:4.3-2 (unimportant) [stretch] - ffmpeg (vulnerable code is not present) NOTE: https://trac.ffmpeg.org/ticket/7990 NOTE: Negligible security impact NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8802e329c8317ca5ceb929df48a23eb0f9e852b2 NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=55279d699fa64d8eb1185d8db04ab4ed92e8dea2 CVE-2020-20447 RESERVED CVE-2020-20446 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/aacpsy ...) {DSA-4998-1 DSA-4990-1 DLA-2818-1} - ffmpeg 7:4.4.1-1 (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7995 NOTE: Negligible security impact NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/223b5e8ac9f6461bb13ed365419ec485c5b2b002 CVE-2020-20445 (FFmpeg 4.2 is affected by a Divide By Zero issue via libavcodec/lpc.h, ...) {DSA-4998-1 DSA-4990-1 DLA-2818-1} - ffmpeg (unimportant) NOTE: https://trac.ffmpeg.org/ticket/7996 NOTE: Negligible security impact NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/38d18fb57863bb9c54e68ae44aa780c5c282a184 CVE-2020-20444 (Jact OpenClinic 0.8.20160412 allows the attacker to read server files ...) NOT-FOR-US: Jact OpenClinic CVE-2020-20443 RESERVED CVE-2020-20442 RESERVED CVE-2020-20441 RESERVED CVE-2020-20440 RESERVED CVE-2020-20439 RESERVED CVE-2020-20438 RESERVED CVE-2020-20437 RESERVED CVE-2020-20436 RESERVED CVE-2020-20435 RESERVED CVE-2020-20434 RESERVED CVE-2020-20433 RESERVED CVE-2020-20432 RESERVED CVE-2020-20431 RESERVED CVE-2020-20430 RESERVED CVE-2020-20429 RESERVED CVE-2020-20428 RESERVED CVE-2020-20427 RESERVED CVE-2020-20426 RESERVED CVE-2020-20425 RESERVED CVE-2020-20424 RESERVED CVE-2020-20423 RESERVED CVE-2020-20422 RESERVED CVE-2020-20421 RESERVED CVE-2020-20420 RESERVED CVE-2020-20419 RESERVED CVE-2020-20418 RESERVED CVE-2020-20417 RESERVED CVE-2020-20416 RESERVED CVE-2020-20415 RESERVED CVE-2020-20414 RESERVED CVE-2020-20413 RESERVED CVE-2020-20412 (lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 ...) NOT-FOR-US: StepMania integration of libvorbis CVE-2020-20411 RESERVED CVE-2020-20410 RESERVED CVE-2020-20409 RESERVED CVE-2020-20408 RESERVED CVE-2020-20407 RESERVED CVE-2020-20406 (A stored XSS vulnerability exists in the Custom Link Attributes contro ...) NOT-FOR-US: Elementor Page Builder CVE-2020-20405 RESERVED CVE-2020-20404 RESERVED CVE-2020-20403 RESERVED CVE-2020-20402 RESERVED CVE-2020-20401 RESERVED CVE-2020-20400 RESERVED CVE-2020-20399 RESERVED CVE-2020-20398 RESERVED CVE-2020-20397 RESERVED CVE-2020-20396 RESERVED CVE-2020-20395 RESERVED CVE-2020-20394 RESERVED CVE-2020-20393 RESERVED CVE-2020-20392 (SQL Injection vulnerability in imcat v5.2 via the fm[auser] parameters ...) NOT-FOR-US: imcat CVE-2020-20391 (Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/sni ...) NOT-FOR-US: GetSimpleCMS CVE-2020-20390 RESERVED CVE-2020-20389 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in adm ...) NOT-FOR-US: GetSimpleCMS CVE-2020-20388 RESERVED CVE-2020-20387 RESERVED CVE-2020-20386 RESERVED CVE-2020-20385 RESERVED CVE-2020-20384 RESERVED CVE-2020-20383 RESERVED CVE-2020-20382 RESERVED CVE-2020-20381 RESERVED CVE-2020-20380 RESERVED CVE-2020-20379 RESERVED CVE-2020-20378 RESERVED CVE-2020-20377 RESERVED CVE-2020-20376 RESERVED CVE-2020-20375 RESERVED CVE-2020-20374 RESERVED CVE-2020-20373 RESERVED CVE-2020-20372 RESERVED CVE-2020-20371 RESERVED CVE-2020-20370 RESERVED CVE-2020-20369 RESERVED CVE-2020-20368 RESERVED CVE-2020-20367 RESERVED CVE-2020-20366 RESERVED CVE-2020-20365 RESERVED CVE-2020-20364 RESERVED CVE-2020-20363 (Crossi Site Scripting (XSS) vulnerability in PbootCMS 2.0.3 in admin.p ...) NOT-FOR-US: PbootCMS CVE-2020-20362 RESERVED CVE-2020-20361 RESERVED CVE-2020-20360 RESERVED CVE-2020-20359 RESERVED CVE-2020-20358 RESERVED CVE-2020-20357 RESERVED CVE-2020-20356 RESERVED CVE-2020-20355 RESERVED CVE-2020-20354 RESERVED CVE-2020-20353 RESERVED CVE-2020-20352 RESERVED CVE-2020-20351 RESERVED CVE-2020-20350 RESERVED CVE-2020-20349 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...) NOT-FOR-US: WTCMS CVE-2020-20348 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...) NOT-FOR-US: WTCMS CVE-2020-20347 (WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability i ...) NOT-FOR-US: WTCMS CVE-2020-20346 RESERVED CVE-2020-20345 (WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerabili ...) NOT-FOR-US: WTCMS CVE-2020-20344 (WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerabili ...) NOT-FOR-US: WTCMS CVE-2020-20343 (WTCMS 1.0 contains a cross-site request forgery (CSRF) vulnerability i ...) NOT-FOR-US: WTCMS CVE-2020-20342 RESERVED CVE-2020-20341 (YzmCMS v5.5 contains a server-side request forgery (SSRF) in the grab_ ...) NOT-FOR-US: YzmCMS CVE-2020-20340 (A SQL injection vulnerability in the 4.edu.php\conn\function.php compo ...) NOT-FOR-US: S-CMS CVE-2020-20339 RESERVED CVE-2020-20338 RESERVED CVE-2020-20337 RESERVED CVE-2020-20336 RESERVED CVE-2020-20335 RESERVED CVE-2020-20334 RESERVED CVE-2020-20333 RESERVED CVE-2020-20332 RESERVED CVE-2020-20331 RESERVED CVE-2020-20330 RESERVED CVE-2020-20329 RESERVED CVE-2020-20328 RESERVED CVE-2020-20327 RESERVED CVE-2020-20326 RESERVED CVE-2020-20325 RESERVED CVE-2020-20324 RESERVED CVE-2020-20323 RESERVED CVE-2020-20322 RESERVED CVE-2020-20321 RESERVED CVE-2020-20320 RESERVED CVE-2020-20319 RESERVED CVE-2020-20318 RESERVED CVE-2020-20317 RESERVED CVE-2020-20316 RESERVED CVE-2020-20315 RESERVED CVE-2020-20314 RESERVED CVE-2020-20313 RESERVED CVE-2020-20312 RESERVED CVE-2020-20311 RESERVED CVE-2020-20310 RESERVED CVE-2020-20309 RESERVED CVE-2020-20308 RESERVED CVE-2020-20307 RESERVED CVE-2020-20306 RESERVED CVE-2020-20305 RESERVED CVE-2020-20304 RESERVED CVE-2020-20303 RESERVED CVE-2020-20302 RESERVED CVE-2020-20301 RESERVED CVE-2020-20300 (SQL injection vulnerability in the wp_where function in WeiPHP 5.0. ...) NOT-FOR-US: WeiPHP CVE-2020-20299 (WeiPHP 5.0 does not properly restrict access to pages, related to usin ...) NOT-FOR-US: WeiPHP CVE-2020-20298 (Eval injection vulnerability in the parserCommom method in the ParserT ...) NOT-FOR-US: zzzphp CVE-2020-20297 RESERVED CVE-2020-20296 (An issue was found in CMSWing project version 1.3.8, Because the recha ...) NOT-FOR-US: CMSWing CVE-2020-20295 (An issue was found in CMSWing project version 1.3.8. Because the updat ...) NOT-FOR-US: CMSWing CVE-2020-20294 (An issue was found in CMSWing project version 1.3.8. Because the log f ...) NOT-FOR-US: CMSWing CVE-2020-20293 RESERVED CVE-2020-20292 RESERVED CVE-2020-20291 RESERVED CVE-2020-20290 (Directory traversal vulnerability in the yccms 3.3 project. The delete ...) NOT-FOR-US: yccms CVE-2020-20289 (Sql injection vulnerability in the yccms 3.3 project. The no_top funct ...) NOT-FOR-US: yccms CVE-2020-20288 RESERVED CVE-2020-20287 (Unrestricted file upload vulnerability in the yccms 3.3 project. The x ...) NOT-FOR-US: yccms CVE-2020-20286 RESERVED CVE-2020-20285 (There is a XSS in the user login page in zzcms 2019. Users can inject ...) NOT-FOR-US: zzcms CVE-2020-20284 RESERVED CVE-2020-20283 RESERVED CVE-2020-20282 RESERVED CVE-2020-20281 RESERVED CVE-2020-20280 RESERVED CVE-2020-20279 RESERVED CVE-2020-20278 RESERVED CVE-2020-20277 (There are multiple unauthenticated directory traversal vulnerabilities ...) NOT-FOR-US: uftpd CVE-2020-20276 (An unauthenticated stack-based buffer overflow vulnerability in common ...) NOT-FOR-US: uftpd CVE-2020-20275 RESERVED CVE-2020-20274 RESERVED CVE-2020-20273 RESERVED CVE-2020-20272 RESERVED CVE-2020-20271 RESERVED CVE-2020-20270 RESERVED CVE-2020-20269 (A specially crafted Markdown document could cause the execution of mal ...) NOT-FOR-US: Caret Editor CVE-2020-20268 RESERVED CVE-2020-20267 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20266 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20265 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20264 (Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced- ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20263 RESERVED CVE-2020-20262 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20261 RESERVED CVE-2020-20260 RESERVED CVE-2020-20259 RESERVED CVE-2020-20258 RESERVED CVE-2020-20257 RESERVED CVE-2020-20256 RESERVED CVE-2020-20255 RESERVED CVE-2020-20254 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corr ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20253 (Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20252 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...) NOT-FOR-US: Mikrotik CVE-2020-20251 RESERVED CVE-2020-20250 (Mikrotik RouterOs before stable version 6.47 suffers from a memory cor ...) NOT-FOR-US: Mikrotik CVE-2020-20249 (Mikrotik RouterOs before stable 6.47 suffers from a memory corruption ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20248 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20247 (Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory co ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20246 (Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulne ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20245 (Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulne ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20244 RESERVED CVE-2020-20243 RESERVED CVE-2020-20242 RESERVED CVE-2020-20241 RESERVED CVE-2020-20240 RESERVED CVE-2020-20239 RESERVED CVE-2020-20238 RESERVED CVE-2020-20237 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20236 (Mikrotik RouterOs 6.46.3 (stable tree) suffers from a memory corruptio ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20235 RESERVED CVE-2020-20234 RESERVED CVE-2020-20233 RESERVED CVE-2020-20232 RESERVED CVE-2020-20231 (Mikrotik RouterOs through stable version 6.48.3 suffers from a memory ...) NOT-FOR-US: Mikrotik CVE-2020-20230 (Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled reso ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20229 RESERVED CVE-2020-20228 RESERVED CVE-2020-20227 (Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnera ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20226 RESERVED CVE-2020-20225 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion ...) NOT-FOR-US: Mikrotik CVE-2020-20224 RESERVED CVE-2020-20223 RESERVED CVE-2020-20222 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20221 (Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncon ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20220 (Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruptio ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20219 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20218 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20217 (Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontroll ...) NOT-FOR-US: Mikrotik CVE-2020-20216 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik CVE-2020-20215 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik CVE-2020-20214 (Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion fa ...) NOT-FOR-US: Mikrotik RouterOs CVE-2020-20213 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaus ...) NOT-FOR-US: Mikrotik CVE-2020-20212 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from a memory corrup ...) NOT-FOR-US: Mikrotik CVE-2020-20211 (Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion fa ...) NOT-FOR-US: Mikrotik CVE-2020-20210 RESERVED CVE-2020-20209 RESERVED CVE-2020-20208 RESERVED CVE-2020-20207 RESERVED CVE-2020-20206 RESERVED CVE-2020-20205 RESERVED CVE-2020-20204 RESERVED CVE-2020-20203 RESERVED CVE-2020-20202 RESERVED CVE-2020-20201 RESERVED CVE-2020-20200 RESERVED CVE-2020-20199 RESERVED CVE-2020-20198 RESERVED CVE-2020-20197 RESERVED CVE-2020-20196 RESERVED CVE-2020-20195 RESERVED CVE-2020-20194 RESERVED CVE-2020-20193 RESERVED CVE-2020-20192 RESERVED CVE-2020-20191 RESERVED CVE-2020-20190 RESERVED CVE-2020-20189 (SQL Injection vulnerability in NewPK 1.1 via the title parameter to ad ...) NOT-FOR-US: NewPK CVE-2020-20188 RESERVED CVE-2020-20187 RESERVED CVE-2020-20186 RESERVED CVE-2020-20185 RESERVED CVE-2020-20184 (GateOne allows remote attackers to execute arbitrary commands via shel ...) NOT-FOR-US: GateOne CVE-2020-20183 (Insecure direct object reference vulnerability in Zyxel’s P1302- ...) NOT-FOR-US: Zyxel CVE-2020-20182 RESERVED CVE-2020-20181 RESERVED CVE-2020-20180 RESERVED CVE-2020-20179 RESERVED CVE-2020-20178 (Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest ve ...) NOT-FOR-US: Ethereum CVE-2020-20177 RESERVED CVE-2020-20176 RESERVED CVE-2020-20175 RESERVED CVE-2020-20174 RESERVED CVE-2020-20173 RESERVED CVE-2020-20172 RESERVED CVE-2020-20171 RESERVED CVE-2020-20170 RESERVED CVE-2020-20169 RESERVED CVE-2020-20168 RESERVED CVE-2020-20167 RESERVED CVE-2020-20166 RESERVED CVE-2020-20165 RESERVED CVE-2020-20164 RESERVED CVE-2020-20163 RESERVED CVE-2020-20162 RESERVED CVE-2020-20161 RESERVED CVE-2020-20160 RESERVED CVE-2020-20159 RESERVED CVE-2020-20158 RESERVED CVE-2020-20157 RESERVED CVE-2020-20156 RESERVED CVE-2020-20155 RESERVED CVE-2020-20154 RESERVED CVE-2020-20153 RESERVED CVE-2020-20152 RESERVED CVE-2020-20151 RESERVED CVE-2020-20150 RESERVED CVE-2020-20149 RESERVED CVE-2020-20148 RESERVED CVE-2020-20147 RESERVED CVE-2020-20146 RESERVED CVE-2020-20145 RESERVED CVE-2020-20144 RESERVED CVE-2020-20143 RESERVED CVE-2020-20142 (Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" compon ...) NOT-FOR-US: Flexmonster Pivot Table & Charts CVE-2020-20141 (Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) compone ...) NOT-FOR-US: Flexmonster Pivot Table & Charts CVE-2020-20140 (Cross Site Scripting (XSS) vulnerability in Remote Report component un ...) NOT-FOR-US: Flexmonster Pivot Table & Charts CVE-2020-20139 (Cross Site Scripting (XSS) vulnerability in the Remote JSON component ...) NOT-FOR-US: Flexmonster Pivot Table & Charts CVE-2020-20138 (Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow mo ...) NOT-FOR-US: CMS Made Simple (CMSMS) CVE-2020-20137 RESERVED CVE-2020-20136 (QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an ...) NOT-FOR-US: QuantConnect Lean CVE-2020-20135 RESERVED CVE-2020-20134 RESERVED CVE-2020-20133 RESERVED CVE-2020-20132 RESERVED CVE-2020-20131 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...) NOT-FOR-US: LaraCMS CVE-2020-20130 RESERVED CVE-2020-20129 (LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerabil ...) NOT-FOR-US: LaraCMS CVE-2020-20128 (LaraCMS v1.0.1 transmits sensitive information in cleartext which can ...) NOT-FOR-US: LaraCMS CVE-2020-20127 RESERVED CVE-2020-20126 RESERVED CVE-2020-20125 (EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability ...) NOT-FOR-US: EARCLINK ESPCMS-P8 CVE-2020-20124 (Wuzhi CMS v4.1.0 contains a remote code execution (RCE) vulnerability ...) NOT-FOR-US: Wuzhi CMS CVE-2020-20123 RESERVED CVE-2020-20122 (Wuzhi CMS v4.1 contains a SQL injection vulnerability in the checktitl ...) NOT-FOR-US: Wuzhi CMS CVE-2020-20121 RESERVED CVE-2020-20120 (ThinkPHP v3.2.3 and below contains a SQL injection vulnerability which ...) NOT-FOR-US: ThinkPHP CVE-2020-20119 RESERVED CVE-2020-20118 RESERVED CVE-2020-20117 RESERVED CVE-2020-20116 RESERVED CVE-2020-20115 RESERVED CVE-2020-20114 RESERVED CVE-2020-20113 RESERVED CVE-2020-20112 RESERVED CVE-2020-20111 RESERVED CVE-2020-20110 RESERVED CVE-2020-20109 RESERVED CVE-2020-20108 RESERVED CVE-2020-20107 RESERVED CVE-2020-20106 RESERVED CVE-2020-20105 RESERVED CVE-2020-20104 RESERVED CVE-2020-20103 RESERVED CVE-2020-20102 RESERVED CVE-2020-20101 RESERVED CVE-2020-20100 RESERVED CVE-2020-20099 RESERVED CVE-2020-20098 RESERVED CVE-2020-20097 RESERVED CVE-2020-20096 RESERVED CVE-2020-20095 RESERVED CVE-2020-20094 RESERVED CVE-2020-20093 RESERVED CVE-2020-20092 (File Upload vulnerability exists in ArticleCMS 1.0 via the image uploa ...) NOT-FOR-US: ArticleCMS CVE-2020-20091 RESERVED CVE-2020-20090 RESERVED CVE-2020-20089 RESERVED CVE-2020-20088 RESERVED CVE-2020-20087 RESERVED CVE-2020-20086 RESERVED CVE-2020-20085 RESERVED CVE-2020-20084 RESERVED CVE-2020-20083 RESERVED CVE-2020-20082 RESERVED CVE-2020-20081 RESERVED CVE-2020-20080 RESERVED CVE-2020-20079 RESERVED CVE-2020-20078 RESERVED CVE-2020-20077 RESERVED CVE-2020-20076 RESERVED CVE-2020-20075 RESERVED CVE-2020-20074 RESERVED CVE-2020-20073 RESERVED CVE-2020-20072 RESERVED CVE-2020-20071 RESERVED CVE-2020-20070 RESERVED CVE-2020-20069 RESERVED CVE-2020-20068 RESERVED CVE-2020-20067 RESERVED CVE-2020-20066 RESERVED CVE-2020-20065 RESERVED CVE-2020-20064 RESERVED CVE-2020-20063 RESERVED CVE-2020-20062 RESERVED CVE-2020-20061 RESERVED CVE-2020-20060 RESERVED CVE-2020-20059 RESERVED CVE-2020-20058 RESERVED CVE-2020-20057 RESERVED CVE-2020-20056 RESERVED CVE-2020-20055 RESERVED CVE-2020-20054 RESERVED CVE-2020-20053 RESERVED CVE-2020-20052 RESERVED CVE-2020-20051 RESERVED CVE-2020-20050 RESERVED CVE-2020-20049 RESERVED CVE-2020-20048 RESERVED CVE-2020-20047 RESERVED CVE-2020-20046 RESERVED CVE-2020-20045 RESERVED CVE-2020-20044 RESERVED CVE-2020-20043 RESERVED CVE-2020-20042 RESERVED CVE-2020-20041 RESERVED CVE-2020-20040 RESERVED CVE-2020-20039 RESERVED CVE-2020-20038 RESERVED CVE-2020-20037 RESERVED CVE-2020-20036 RESERVED CVE-2020-20035 RESERVED CVE-2020-20034 RESERVED CVE-2020-20033 RESERVED CVE-2020-20032 RESERVED CVE-2020-20031 RESERVED CVE-2020-20030 RESERVED CVE-2020-20029 RESERVED CVE-2020-20028 RESERVED CVE-2020-20027 RESERVED CVE-2020-20026 RESERVED CVE-2020-20025 RESERVED CVE-2020-20024 RESERVED CVE-2020-20023 RESERVED CVE-2020-20022 RESERVED CVE-2020-20021 RESERVED CVE-2020-20020 RESERVED CVE-2020-20019 RESERVED CVE-2020-20018 RESERVED CVE-2020-20017 RESERVED CVE-2020-20016 RESERVED CVE-2020-20015 RESERVED CVE-2020-20014 RESERVED CVE-2020-20013 RESERVED CVE-2020-20012 RESERVED CVE-2020-20011 RESERVED CVE-2020-20010 RESERVED CVE-2020-20009 RESERVED CVE-2020-20008 RESERVED CVE-2020-20007 RESERVED CVE-2020-20006 RESERVED CVE-2020-20005 RESERVED CVE-2020-20004 RESERVED CVE-2020-20003 RESERVED CVE-2020-20002 RESERVED CVE-2020-20001 RESERVED CVE-2020-20000 RESERVED CVE-2020-19999 RESERVED CVE-2020-19998 RESERVED CVE-2020-19997 RESERVED CVE-2020-19996 RESERVED CVE-2020-19995 RESERVED CVE-2020-19994 RESERVED CVE-2020-19993 RESERVED CVE-2020-19992 RESERVED CVE-2020-19991 RESERVED CVE-2020-19990 RESERVED CVE-2020-19989 RESERVED CVE-2020-19988 RESERVED CVE-2020-19987 RESERVED CVE-2020-19986 RESERVED CVE-2020-19985 RESERVED CVE-2020-19984 RESERVED CVE-2020-19983 RESERVED CVE-2020-19982 RESERVED CVE-2020-19981 RESERVED CVE-2020-19980 RESERVED CVE-2020-19979 RESERVED CVE-2020-19978 RESERVED CVE-2020-19977 RESERVED CVE-2020-19976 RESERVED CVE-2020-19975 RESERVED CVE-2020-19974 RESERVED CVE-2020-19973 RESERVED CVE-2020-19972 RESERVED CVE-2020-19971 RESERVED CVE-2020-19970 RESERVED CVE-2020-19969 RESERVED CVE-2020-19968 RESERVED CVE-2020-19967 RESERVED CVE-2020-19966 RESERVED CVE-2020-19965 RESERVED CVE-2020-19964 (A Cross Site Request Forgery (CSRF) vulnerability was discovered in PH ...) NOT-FOR-US: PHPMyWind CVE-2020-19963 RESERVED CVE-2020-19962 (A stored cross-site scripting (XSS) vulnerability in the getClientIp f ...) NOT-FOR-US: Chaoji CMS CVE-2020-19961 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) NOT-FOR-US: zz cms CVE-2020-19960 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) NOT-FOR-US: zz cms CVE-2020-19959 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) NOT-FOR-US: zz cms CVE-2020-19958 RESERVED CVE-2020-19957 (A SQL injection vulnerability has been discovered in zz cms version 20 ...) NOT-FOR-US: zz cms CVE-2020-19956 RESERVED CVE-2020-19955 RESERVED CVE-2020-19954 (An XML External Entity (XXE) vulnerability was discovered in /api/noti ...) NOT-FOR-US: S-CMS CVE-2020-19953 RESERVED CVE-2020-19952 RESERVED CVE-2020-19951 (A cross-site request forgery (CSRF) in /controller/pay.class.php of Yz ...) NOT-FOR-US: YzmCMS CVE-2020-19950 (A cross-site scripting (XSS) vulnerability in the /banner/add.html com ...) NOT-FOR-US: YzmCMS CVE-2020-19949 (A cross-site scripting (XSS) vulnerability in the /link/add.html compo ...) NOT-FOR-US: YzmCMS CVE-2020-19948 RESERVED CVE-2020-19947 RESERVED CVE-2020-19946 RESERVED CVE-2020-19945 RESERVED CVE-2020-19944 RESERVED CVE-2020-19943 RESERVED CVE-2020-19942 RESERVED CVE-2020-19941 RESERVED CVE-2020-19940 RESERVED CVE-2020-19939 RESERVED CVE-2020-19938 RESERVED CVE-2020-19937 RESERVED CVE-2020-19936 RESERVED CVE-2020-19935 RESERVED CVE-2020-19934 RESERVED CVE-2020-19933 RESERVED CVE-2020-19932 RESERVED CVE-2020-19931 RESERVED CVE-2020-19930 RESERVED CVE-2020-19929 RESERVED CVE-2020-19928 RESERVED CVE-2020-19927 RESERVED CVE-2020-19926 RESERVED CVE-2020-19925 RESERVED CVE-2020-19924 (In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS a ...) NOT-FOR-US: Boostnote CVE-2020-19923 RESERVED CVE-2020-19922 RESERVED CVE-2020-19921 RESERVED CVE-2020-19920 RESERVED CVE-2020-19919 RESERVED CVE-2020-19918 RESERVED CVE-2020-19917 RESERVED CVE-2020-19916 RESERVED CVE-2020-19915 (Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via ...) NOT-FOR-US: WUZHI CMS CVE-2020-19914 RESERVED CVE-2020-19913 RESERVED CVE-2020-19912 RESERVED CVE-2020-19911 RESERVED CVE-2020-19910 RESERVED CVE-2020-19909 RESERVED CVE-2020-19908 RESERVED CVE-2020-19907 (A command injection vulnerability in the sandcat plugin of Caldera 2.3 ...) NOT-FOR-US: Caldera plugin CVE-2020-19906 RESERVED CVE-2020-19905 RESERVED CVE-2020-19904 RESERVED CVE-2020-19903 RESERVED CVE-2020-19902 RESERVED CVE-2020-19901 RESERVED CVE-2020-19900 RESERVED CVE-2020-19899 RESERVED CVE-2020-19898 RESERVED CVE-2020-19897 RESERVED CVE-2020-19896 RESERVED CVE-2020-19895 RESERVED CVE-2020-19894 RESERVED CVE-2020-19893 RESERVED CVE-2020-19892 RESERVED CVE-2020-19891 (DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\ ...) NOT-FOR-US: DBHcms CVE-2020-19890 (DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\m ...) NOT-FOR-US: DBHcms CVE-2020-19889 (DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF ...) NOT-FOR-US: DBHcms CVE-2020-19888 (DBHcms v1.2.0 has an unauthorized operation vulnerability because ther ...) NOT-FOR-US: DBHcms CVE-2020-19887 (DBHcms v1.2.0 has a stored XSS vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19886 (DBHcms v1.2.0 has no CSRF protection mechanism,as demonstrated by CSRF ...) NOT-FOR-US: DBHcms CVE-2020-19885 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19884 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19883 (DBHcms v1.2.0 has a stored xss vulnerability as there is no security f ...) NOT-FOR-US: DBHcms CVE-2020-19882 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19881 (DBHcms v1.2.0 has a reflected xss vulnerability as there is no securit ...) NOT-FOR-US: DBHcms CVE-2020-19880 (DBHcms v1.2.0 has a stored xss vulnerability as there is no htmlspecia ...) NOT-FOR-US: DBHcms CVE-2020-19879 (DBHcms v1.2.0 has a stored xss vulnerability as there is no security f ...) NOT-FOR-US: DBHcms CVE-2020-19878 (DBHcms v1.2.0 has a sensitive information leaks vulnerability as there ...) NOT-FOR-US: DBHcms CVE-2020-19877 (DBHcms v1.2.0 has a directory traversal vulnerability as there is no d ...) NOT-FOR-US: DBHcms CVE-2020-19876 RESERVED CVE-2020-19875 RESERVED CVE-2020-19874 RESERVED CVE-2020-19873 RESERVED CVE-2020-19872 RESERVED CVE-2020-19871 RESERVED CVE-2020-19870 RESERVED CVE-2020-19869 RESERVED CVE-2020-19868 RESERVED CVE-2020-19867 RESERVED CVE-2020-19866 RESERVED CVE-2020-19865 RESERVED CVE-2020-19864 RESERVED CVE-2020-19863 RESERVED CVE-2020-19862 RESERVED CVE-2020-19861 RESERVED CVE-2020-19860 RESERVED CVE-2020-19859 RESERVED CVE-2020-19858 RESERVED CVE-2020-19857 RESERVED CVE-2020-19856 RESERVED CVE-2020-19855 (phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /i ...) NOT-FOR-US: phpwcms CVE-2020-19854 RESERVED CVE-2020-19853 (BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. ...) NOT-FOR-US: BlueCMS CVE-2020-19852 RESERVED CVE-2020-19851 RESERVED CVE-2020-19850 RESERVED CVE-2020-19849 RESERVED CVE-2020-19848 RESERVED CVE-2020-19847 RESERVED CVE-2020-19846 RESERVED CVE-2020-19845 RESERVED CVE-2020-19844 RESERVED CVE-2020-19843 RESERVED CVE-2020-19842 RESERVED CVE-2020-19841 RESERVED CVE-2020-19840 RESERVED CVE-2020-19839 RESERVED CVE-2020-19838 RESERVED CVE-2020-19837 RESERVED CVE-2020-19836 RESERVED CVE-2020-19835 RESERVED CVE-2020-19834 RESERVED CVE-2020-19833 RESERVED CVE-2020-19832 RESERVED CVE-2020-19831 RESERVED CVE-2020-19830 RESERVED CVE-2020-19829 RESERVED CVE-2020-19828 RESERVED CVE-2020-19827 RESERVED CVE-2020-19826 RESERVED CVE-2020-19825 RESERVED CVE-2020-19824 RESERVED CVE-2020-19823 RESERVED CVE-2020-19822 (A remote code execution (RCE) vulnerability in template_user.php of ZZ ...) NOT-FOR-US: ZZCMS CVE-2020-19821 (A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attac ...) NOT-FOR-US: DOYOCMS CVE-2020-19820 RESERVED CVE-2020-19819 RESERVED CVE-2020-19818 RESERVED CVE-2020-19817 RESERVED CVE-2020-19816 RESERVED CVE-2020-19815 RESERVED CVE-2020-19814 RESERVED CVE-2020-19813 RESERVED CVE-2020-19812 RESERVED CVE-2020-19811 RESERVED CVE-2020-19810 RESERVED CVE-2020-19809 RESERVED CVE-2020-19808 RESERVED CVE-2020-19807 RESERVED CVE-2020-19806 RESERVED CVE-2020-19805 RESERVED CVE-2020-19804 RESERVED CVE-2020-19803 RESERVED CVE-2020-19802 RESERVED CVE-2020-19801 RESERVED CVE-2020-19800 RESERVED CVE-2020-19799 RESERVED CVE-2020-19798 RESERVED CVE-2020-19797 RESERVED CVE-2020-19796 RESERVED CVE-2020-19795 RESERVED CVE-2020-19794 RESERVED CVE-2020-19793 RESERVED CVE-2020-19792 RESERVED CVE-2020-19791 RESERVED CVE-2020-19790 RESERVED CVE-2020-19789 RESERVED CVE-2020-19788 RESERVED CVE-2020-19787 RESERVED CVE-2020-19786 RESERVED CVE-2020-19785 RESERVED CVE-2020-19784 RESERVED CVE-2020-19783 RESERVED CVE-2020-19782 RESERVED CVE-2020-19781 RESERVED CVE-2020-19780 RESERVED CVE-2020-19779 RESERVED CVE-2020-19778 (Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote att ...) NOT-FOR-US: Shopxo CVE-2020-19777 RESERVED CVE-2020-19776 RESERVED CVE-2020-19775 RESERVED CVE-2020-19774 RESERVED CVE-2020-19773 RESERVED CVE-2020-19772 RESERVED CVE-2020-19771 RESERVED CVE-2020-19770 RESERVED CVE-2020-19769 (A lack of target address verification in the BurnMe() function of Rob ...) NOT-FOR-US: Rob The Bank CVE-2020-19768 (A lack of target address verification in the selfdestructs() function ...) NOT-FOR-US: ICOVO CVE-2020-19767 (A lack of target address verification in the destroycontract() functio ...) NOT-FOR-US: 0xRACER CVE-2020-19766 (The time check operation of PepeAuctionSale 1.0 can be rendered ineffe ...) NOT-FOR-US: PepeAuctionSale CVE-2020-19765 (An issue in the noReentrance() modifier of the Ethereum-based contract ...) NOT-FOR-US: Ethereum Accounting CVE-2020-19764 RESERVED CVE-2020-19763 RESERVED CVE-2020-19762 (Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows ...) NOT-FOR-US: Automated Logic Corporation (ALC) WebCTRL System CVE-2020-19761 RESERVED CVE-2020-19760 RESERVED CVE-2020-19759 RESERVED CVE-2020-19758 RESERVED CVE-2020-19757 RESERVED CVE-2020-19756 RESERVED CVE-2020-19755 RESERVED CVE-2020-19754 RESERVED CVE-2020-19753 RESERVED CVE-2020-19752 (The find_color_or_error function in gifsicle 1.92 contains a NULL poin ...) - gifsicle 1.93-2 (unimportant) NOTE: https://github.com/kohler/gifsicle/issues/140 NOTE: https://github.com/kohler/gifsicle/commit/eb9e083dcc0050996d79de2076ddc76011ad2f10 (v1.93) NOTE: Crash in CLI tool, no security impact CVE-2020-19751 (An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool functi ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1272 NOTE: https://github.com/gpac/gpac/commit/c26b0aa605aaea1f0ebe8d21fe1398d94680adf7 (v0.9.0-preview~20) CVE-2020-19750 (An issue was discovered in gpac 0.8.0. The strdup function in box_code ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1262 NOTE: https://github.com/gpac/gpac/commit/3fcf66c6031da966cf33ee89bcbefa2f8bec4b02 (v0.9.0-preview~20) CVE-2020-19749 RESERVED CVE-2020-19748 RESERVED CVE-2020-19747 RESERVED CVE-2020-19746 RESERVED CVE-2020-19745 RESERVED CVE-2020-19744 RESERVED CVE-2020-19743 RESERVED CVE-2020-19742 RESERVED CVE-2020-19741 RESERVED CVE-2020-19740 RESERVED CVE-2020-19739 RESERVED CVE-2020-19738 RESERVED CVE-2020-19737 RESERVED CVE-2020-19736 RESERVED CVE-2020-19735 RESERVED CVE-2020-19734 RESERVED CVE-2020-19733 RESERVED CVE-2020-19732 RESERVED CVE-2020-19731 RESERVED CVE-2020-19730 RESERVED CVE-2020-19729 RESERVED CVE-2020-19728 RESERVED CVE-2020-19727 RESERVED CVE-2020-19726 RESERVED CVE-2020-19725 RESERVED CVE-2020-19724 RESERVED CVE-2020-19723 RESERVED CVE-2020-19722 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1. ...) NOT-FOR-US: Bento4 CVE-2020-19721 (A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1 ...) NOT-FOR-US: Bento4 CVE-2020-19720 (An unhandled memory allocation failure in Core/AP4IkmsAtom.cpp of Bent ...) NOT-FOR-US: Bento4 CVE-2020-19719 (A buffer overflow vulnerability in Ap4ElstAtom.cpp of Bento 1.5.1-628 ...) NOT-FOR-US: Bento4 CVE-2020-19718 (An unhandled memory allocation failure in Core/Ap4Atom.cpp of Bento 1. ...) NOT-FOR-US: Bento4 CVE-2020-19717 (An unhandled memory allocation failure in Core/Ap48bdlAtom.cpp of Bent ...) NOT-FOR-US: Bento4 CVE-2020-19716 (A buffer overflow vulnerability in the Databuf function in types.cpp o ...) - exiv2 NOTE: https://github.com/Exiv2/exiv2/issues/980 TODO: check, unclear if fixed or not, upstream cannot reproduce as well in 0.27.1 as reported CVE-2020-19715 REJECTED CVE-2020-19714 RESERVED CVE-2020-19713 RESERVED CVE-2020-19712 RESERVED CVE-2020-19711 RESERVED CVE-2020-19710 RESERVED CVE-2020-19709 (Insufficient filtering of the tag parameters in feehicms 0.1.3 allows ...) NOT-FOR-US: feehicms CVE-2020-19708 RESERVED CVE-2020-19707 RESERVED CVE-2020-19706 RESERVED CVE-2020-19705 (thinkphp-zcms as of 20190715 allows SQL injection via index.php?m=home ...) NOT-FOR-US: thinkphp-zcms CVE-2020-19704 (A stored cross-site scripting (XSS) vulnerability via ResourceControll ...) NOT-FOR-US: Spring Boot admin NOTE: https://github.com/sail-y/spring-boot-admin CVE-2020-19703 (A cross-site scripting (XSS) vulnerability in the referer parameter of ...) NOT-FOR-US: Dzzoffice CVE-2020-19702 RESERVED CVE-2020-19701 RESERVED CVE-2020-19700 RESERVED CVE-2020-19699 RESERVED CVE-2020-19698 RESERVED CVE-2020-19697 RESERVED CVE-2020-19696 RESERVED CVE-2020-19695 RESERVED CVE-2020-19694 RESERVED CVE-2020-19693 RESERVED CVE-2020-19692 RESERVED CVE-2020-19691 RESERVED CVE-2020-19690 RESERVED CVE-2020-19689 RESERVED CVE-2020-19688 RESERVED CVE-2020-19687 RESERVED CVE-2020-19686 RESERVED CVE-2020-19685 RESERVED CVE-2020-19684 RESERVED CVE-2020-19683 RESERVED CVE-2020-19682 RESERVED CVE-2020-19681 RESERVED CVE-2020-19680 RESERVED CVE-2020-19679 RESERVED CVE-2020-19678 RESERVED CVE-2020-19677 RESERVED CVE-2020-19676 (Nacos 1.1.4 is affected by: Incorrect Access Control. An environment c ...) NOT-FOR-US: Nacos CVE-2020-19675 RESERVED CVE-2020-19674 RESERVED CVE-2020-19673 RESERVED CVE-2020-19672 (Niushop B2B2C Multi-business basic version V1.11, can bypass the admin ...) NOT-FOR-US: Niushop B2B2C Multi-business basic CVE-2020-19671 RESERVED CVE-2020-19670 (In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication ca ...) NOT-FOR-US: Niushop B2B2C Multi-Business Basic Edition CVE-2020-19669 (Cross Site Request Forgery (CSRF) vulnerability exists in Eyoucms 1.3. ...) NOT-FOR-US: Eyoucms CVE-2020-19668 (Unverified indexs into the array lead to out of bound access in the gi ...) - libsixel (bug #990799) [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/136 CVE-2020-19667 (Stack-based buffer overflow and unconditional jump in ReadXPMImage in ...) {DLA-2523-1} - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Minor issue) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1895 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/26538669546730c5b2dc36e7d48850f1f6928f94 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/5462fd4725018567764c8f66bed98b7ee3e23006 CVE-2020-19666 RESERVED CVE-2020-19665 RESERVED CVE-2020-19664 (DrayTek Vigor2960 1.5.1 allows remote command execution via shell meta ...) NOT-FOR-US: DrayTek Vigor2960 CVE-2020-19663 RESERVED CVE-2020-19662 RESERVED CVE-2020-19661 RESERVED CVE-2020-19660 RESERVED CVE-2020-19659 RESERVED CVE-2020-19658 RESERVED CVE-2020-19657 RESERVED CVE-2020-19656 RESERVED CVE-2020-19655 RESERVED CVE-2020-19654 RESERVED CVE-2020-19653 RESERVED CVE-2020-19652 RESERVED CVE-2020-19651 RESERVED CVE-2020-19650 RESERVED CVE-2020-19649 RESERVED CVE-2020-19648 RESERVED CVE-2020-19647 RESERVED CVE-2020-19646 RESERVED CVE-2020-19645 RESERVED CVE-2020-19644 RESERVED CVE-2020-19643 (Cross Site Scripting (XSS) vulnerability in INSMA Wifi Mini Spy 1080P ...) NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera CVE-2020-19642 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera CVE-2020-19641 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera CVE-2020-19640 (An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Ca ...) NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera CVE-2020-19639 (Cross Site Request Forgery (CSRF) vulnerability in INSMA Wifi Mini Spy ...) NOT-FOR-US: INSMA Wifi Mini Spy 1080P HD Security IP Camera CVE-2020-19638 RESERVED CVE-2020-19637 RESERVED CVE-2020-19636 RESERVED CVE-2020-19635 RESERVED CVE-2020-19634 RESERVED CVE-2020-19633 RESERVED CVE-2020-19632 RESERVED CVE-2020-19631 RESERVED CVE-2020-19630 RESERVED CVE-2020-19629 RESERVED CVE-2020-19628 RESERVED CVE-2020-19627 RESERVED CVE-2020-19626 (Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows re ...) NOT-FOR-US: craftcms CVE-2020-19625 (Remote Code Execution Vulnerability in tests/support/stores/test_grid_ ...) NOT-FOR-US: oria gridx CVE-2020-19624 RESERVED CVE-2020-19623 RESERVED CVE-2020-19622 RESERVED CVE-2020-19621 RESERVED CVE-2020-19620 RESERVED CVE-2020-19619 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signatur ...) NOT-FOR-US: mblog CVE-2020-19618 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post con ...) NOT-FOR-US: mblog CVE-2020-19617 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname ...) NOT-FOR-US: mblog CVE-2020-19616 (Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post hea ...) NOT-FOR-US: mblog CVE-2020-19615 RESERVED CVE-2020-19614 RESERVED CVE-2020-19613 (Server Side Request Forgery (SSRF) vulnerability in saveUrlAs function ...) NOT-FOR-US: sunkaifei FlyCMS CVE-2020-19612 RESERVED CVE-2020-19611 RESERVED CVE-2020-19610 RESERVED CVE-2020-19609 (Artifex MuPDF before 1.18.0 has a heap based buffer over-write in tiff ...) {DLA-2765-1} - mupdf 1.17.0+ds1-2 (bug #991401) [buster] - mupdf (Minor issue; can be fixed via point release) NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b7892cdc7fae62aa57d63ae62144e1f11b5f9275 NOTE: http://git.ghostscript.com/?p=mupdf.git;h=2c4f11f8dcdbd18c35a65e58cc789be0e46012a8 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701176 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=703076 CVE-2020-19608 RESERVED CVE-2020-19607 RESERVED CVE-2020-19606 RESERVED CVE-2020-19605 RESERVED CVE-2020-19604 RESERVED CVE-2020-19603 RESERVED CVE-2020-19602 RESERVED CVE-2020-19601 RESERVED CVE-2020-19600 RESERVED CVE-2020-19599 RESERVED CVE-2020-19598 RESERVED CVE-2020-19597 RESERVED CVE-2020-19596 (Buffer overflow vulnerability in Core FTP Server v1.2 Build 583, via a ...) NOT-FOR-US: Core FTP CVE-2020-19595 (Buffer overflow vulnerability in Core FTP Server v2 Build 697, via a c ...) NOT-FOR-US: Core FTP CVE-2020-19594 RESERVED CVE-2020-19593 RESERVED CVE-2020-19592 RESERVED CVE-2020-19591 RESERVED CVE-2020-19590 RESERVED CVE-2020-19589 RESERVED CVE-2020-19588 RESERVED CVE-2020-19587 RESERVED CVE-2020-19586 RESERVED CVE-2020-19585 RESERVED CVE-2020-19584 RESERVED CVE-2020-19583 RESERVED CVE-2020-19582 RESERVED CVE-2020-19581 RESERVED CVE-2020-19580 RESERVED CVE-2020-19579 RESERVED CVE-2020-19578 RESERVED CVE-2020-19577 RESERVED CVE-2020-19576 RESERVED CVE-2020-19575 RESERVED CVE-2020-19574 RESERVED CVE-2020-19573 RESERVED CVE-2020-19572 RESERVED CVE-2020-19571 RESERVED CVE-2020-19570 RESERVED CVE-2020-19569 RESERVED CVE-2020-19568 RESERVED CVE-2020-19567 RESERVED CVE-2020-19566 RESERVED CVE-2020-19565 RESERVED CVE-2020-19564 RESERVED CVE-2020-19563 RESERVED CVE-2020-19562 RESERVED CVE-2020-19561 RESERVED CVE-2020-19560 RESERVED CVE-2020-19559 RESERVED CVE-2020-19558 RESERVED CVE-2020-19557 RESERVED CVE-2020-19556 RESERVED CVE-2020-19555 RESERVED CVE-2020-19554 (Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPMana ...) NOT-FOR-US: ManageEngine CVE-2020-19553 (Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and ...) NOT-FOR-US: WUZHI CMS CVE-2020-19552 RESERVED CVE-2020-19551 (Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 i ...) NOT-FOR-US: WUZHI CMS CVE-2020-19550 RESERVED CVE-2020-19549 RESERVED CVE-2020-19548 RESERVED CVE-2020-19547 (Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id ...) NOT-FOR-US: PopojiCMS CVE-2020-19546 RESERVED CVE-2020-19545 RESERVED CVE-2020-19544 RESERVED CVE-2020-19543 RESERVED CVE-2020-19542 RESERVED CVE-2020-19541 RESERVED CVE-2020-19540 RESERVED CVE-2020-19539 RESERVED CVE-2020-19538 RESERVED CVE-2020-19537 RESERVED CVE-2020-19536 RESERVED CVE-2020-19535 RESERVED CVE-2020-19534 RESERVED CVE-2020-19533 RESERVED CVE-2020-19532 RESERVED CVE-2020-19531 RESERVED CVE-2020-19530 RESERVED CVE-2020-19529 RESERVED CVE-2020-19528 RESERVED CVE-2020-19527 (iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metac ...) NOT-FOR-US: idreamsoft iCMS CVE-2020-19526 RESERVED CVE-2020-19525 RESERVED CVE-2020-19524 RESERVED CVE-2020-19523 RESERVED CVE-2020-19522 RESERVED CVE-2020-19521 RESERVED CVE-2020-19520 RESERVED CVE-2020-19519 RESERVED CVE-2020-19518 RESERVED CVE-2020-19517 RESERVED CVE-2020-19516 RESERVED CVE-2020-19515 (qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install ...) NOT-FOR-US: qdPM CVE-2020-19514 RESERVED CVE-2020-19513 (Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows atta ...) NOT-FOR-US: FinalWire Ltd AIDA64 Engineer CVE-2020-19512 RESERVED CVE-2020-19511 (Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) clas ...) NOT-FOR-US: Typesetter CMS CVE-2020-19510 (Textpattern 4.7.3 contains an aribtrary file load via the file_insert ...) NOT-FOR-US: Textpattern CMS CVE-2020-19509 RESERVED CVE-2020-19508 RESERVED CVE-2020-19507 RESERVED CVE-2020-19506 RESERVED CVE-2020-19505 RESERVED CVE-2020-19504 RESERVED CVE-2020-19503 RESERVED CVE-2020-19502 RESERVED CVE-2020-19501 RESERVED CVE-2020-19500 RESERVED CVE-2020-19499 (An issue was discovered in heif::Box_iref::get_references in libheif 1 ...) - libheif 1.5.0-1 [buster] - libheif (Minor issue) NOTE: https://github.com/strukturag/libheif/commit/f7399b62d7fbc596f1b2871578c1d2053bedf1dd NOTE: https://github.com/strukturag/libheif/issues/138 CVE-2020-19498 (Floating point exception in function Fraction in libheif 1.4.0, allows ...) - libheif 1.5.0-1 [buster] - libheif (Minor issue) NOTE: https://github.com/strukturag/libheif/issues/139 NOTE: https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58 CVE-2020-19497 (Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tb ...) - libmatio 1.5.19-2 [buster] - libmatio (Minor issue) [stretch] - libmatio (Minor issue) NOTE: https://github.com/tbeu/matio/commit/5fa49ef9fc4368fe3d19b5fdaa36d8fa5e7f4606 (v1.5.18) NOTE: https://github.com/tbeu/matio/issues/121 CVE-2020-19496 RESERVED CVE-2020-19495 RESERVED CVE-2020-19494 RESERVED CVE-2020-19493 RESERVED CVE-2020-19492 (There is a floating point exception in ReadImage that leads to a Segme ...) - sam2p NOTE: https://github.com/pts/sam2p/commit/b953f63307c4a83fa4615a4863e3fb250205cd98 NOTE: https://github.com/pts/sam2p/issues/66 CVE-2020-19491 (There is an invalid memory access bug in cgif.c that leads to a Segmen ...) - sam2p NOTE: https://github.com/pts/sam2p/commit/1d62cf8964bfcafa6561c4c3bb66d4aa4c529a73 NOTE: https://github.com/pts/sam2p/issues/67 CVE-2020-19490 (tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixe ...) - tinyexr (Fixed with initial upload to Debian) NOTE: https://github.com/syoyo/tinyexr/issues/124 NOTE: https://github.com/syoyo/tinyexr/commit/a685e3332f61cd4e59324bf3f669d36973d64270 CVE-2020-19489 RESERVED CVE-2020-19488 (An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, ...) - gpac 1.0.1+dfsg1-2 NOTE: https://github.com/gpac/gpac/commit/6170024568f4dda310e98ef7508477b425c58d09 NOTE: https://github.com/gpac/gpac/issues/1263 CVE-2020-19487 RESERVED CVE-2020-19486 RESERVED CVE-2020-19485 RESERVED CVE-2020-19484 RESERVED CVE-2020-19483 RESERVED CVE-2020-19482 RESERVED CVE-2020-19481 (An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Bo ...) - gpac 1.0.1+dfsg1-2 [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) NOTE: https://github.com/gpac/gpac/commit/2320eb73afba753b39b7147be91f7be7afc0eeb7 NOTE: https://github.com/gpac/gpac/issues/1265 NOTE: https://github.com/gpac/gpac/issues/1266 NOTE: https://github.com/gpac/gpac/issues/1267 CVE-2020-19480 RESERVED CVE-2020-19479 RESERVED CVE-2020-19478 RESERVED CVE-2020-19477 RESERVED CVE-2020-19476 RESERVED CVE-2020-19475 (An issue has been found in function CCITTFaxStream::lookChar in PDF2JS ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19474 (An issue has been found in function Gfx::doShowText in PDF2JSON 0.70 t ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19473 (An issue has been found in function DCTStream::decodeImage in PDF2JSON ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19472 (An issue has been found in function DCTStream::readHuffSym in PDF2JSON ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19471 (An issue has been found in function DCTStream::decodeImage in PDF2JSON ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19470 (An issue has been found in function DCTStream::getChar in PDF2JSON 0.7 ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19469 (An issue has been found in function DCTStream::reset in PDF2JSON 0.70 ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19468 (An issue has been found in function EmbedStream::getChar in PDF2JSON 0 ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19467 (An issue has been found in function DCTStream::transformDataUnit in PD ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19466 (An issue has been found in function DCTStream::transformDataUnit in PD ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19465 (An issue has been found in function ObjectStream::getObject in PDF2JSO ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19464 (An issue has been found in function XRef::fetch in PDF2JSON 0.70 that ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19463 (An issue has been found in function vfprintf in PDF2JSON 0.70 that all ...) NOT-FOR-US: pdf2json NOTE: pdf2json bundles a 14 year old xpdf release (3.0.2), there's no point in NOTE: tracking whether this affects src:poppler CVE-2020-19462 RESERVED CVE-2020-19461 RESERVED CVE-2020-19460 RESERVED CVE-2020-19459 RESERVED CVE-2020-19458 RESERVED CVE-2020-19457 RESERVED CVE-2020-19456 RESERVED CVE-2020-19455 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...) NOT-FOR-US: jdownloads component for Joomla! CVE-2020-19454 RESERVED CVE-2020-19453 RESERVED CVE-2020-19452 RESERVED CVE-2020-19451 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...) NOT-FOR-US: jdownloads component for Joomla! CVE-2020-19450 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! vi ...) NOT-FOR-US: jdownloads component for Joomla! CVE-2020-19449 RESERVED CVE-2020-19448 RESERVED CVE-2020-19447 (SQL injection exists in the jdownloads 3.2.63 component for Joomla! co ...) NOT-FOR-US: jdownloads component for Joomla! CVE-2020-19446 RESERVED CVE-2020-19445 RESERVED CVE-2020-19444 RESERVED CVE-2020-19443 RESERVED CVE-2020-19442 RESERVED CVE-2020-19441 RESERVED CVE-2020-19440 RESERVED CVE-2020-19439 RESERVED CVE-2020-19438 RESERVED CVE-2020-19437 RESERVED CVE-2020-19436 RESERVED CVE-2020-19435 RESERVED CVE-2020-19434 RESERVED CVE-2020-19433 RESERVED CVE-2020-19432 RESERVED CVE-2020-19431 RESERVED CVE-2020-19430 RESERVED CVE-2020-19429 RESERVED CVE-2020-19428 RESERVED CVE-2020-19427 RESERVED CVE-2020-19426 RESERVED CVE-2020-19425 RESERVED CVE-2020-19424 RESERVED CVE-2020-19423 RESERVED CVE-2020-19422 RESERVED CVE-2020-19421 RESERVED CVE-2020-19420 RESERVED CVE-2020-19419 (Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 ...) NOT-FOR-US: Emerson Smart Wireless Gateway 1420 CVE-2020-19418 RESERVED CVE-2020-19417 (Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users ...) NOT-FOR-US: Emerson Smart Wireless Gateway 1420 CVE-2020-19416 RESERVED CVE-2020-19415 RESERVED CVE-2020-19414 RESERVED CVE-2020-19413 RESERVED CVE-2020-19412 RESERVED CVE-2020-19411 RESERVED CVE-2020-19410 RESERVED CVE-2020-19409 RESERVED CVE-2020-19408 RESERVED CVE-2020-19407 RESERVED CVE-2020-19406 RESERVED CVE-2020-19405 RESERVED CVE-2020-19404 RESERVED CVE-2020-19403 RESERVED CVE-2020-19402 RESERVED CVE-2020-19401 RESERVED CVE-2020-19400 RESERVED CVE-2020-19399 RESERVED CVE-2020-19398 RESERVED CVE-2020-19397 RESERVED CVE-2020-19396 RESERVED CVE-2020-19395 RESERVED CVE-2020-19394 RESERVED CVE-2020-19393 RESERVED CVE-2020-19392 RESERVED CVE-2020-19391 RESERVED CVE-2020-19390 RESERVED CVE-2020-19389 RESERVED CVE-2020-19388 RESERVED CVE-2020-19387 RESERVED CVE-2020-19386 RESERVED CVE-2020-19385 RESERVED CVE-2020-19384 RESERVED CVE-2020-19383 RESERVED CVE-2020-19382 RESERVED CVE-2020-19381 RESERVED CVE-2020-19380 RESERVED CVE-2020-19379 RESERVED CVE-2020-19378 RESERVED CVE-2020-19377 RESERVED CVE-2020-19376 RESERVED CVE-2020-19375 RESERVED CVE-2020-19374 RESERVED CVE-2020-19373 RESERVED CVE-2020-19372 RESERVED CVE-2020-19371 RESERVED CVE-2020-19370 RESERVED CVE-2020-19369 RESERVED CVE-2020-19368 RESERVED CVE-2020-19367 RESERVED CVE-2020-19366 RESERVED CVE-2020-19365 RESERVED CVE-2020-19364 (OpenEMR 5.0.1 allows an authenticated attacker to upload and execute m ...) NOT-FOR-US: OpenEMR CVE-2020-19363 (Vtiger CRM v7.2.0 allows an attacker to display hidden files, list dir ...) NOT-FOR-US: Vtiger CRM CVE-2020-19362 (Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the ...) NOT-FOR-US: Vtiger CRM CVE-2020-19361 (Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 ...) NOT-FOR-US: Medintux CVE-2020-19360 (Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper fil ...) NOT-FOR-US: FHEM CVE-2020-19359 RESERVED CVE-2020-19358 RESERVED CVE-2020-19357 RESERVED CVE-2020-19356 RESERVED CVE-2020-19355 RESERVED CVE-2020-19354 RESERVED CVE-2020-19353 RESERVED CVE-2020-19352 RESERVED CVE-2020-19351 RESERVED CVE-2020-19350 RESERVED CVE-2020-19349 RESERVED CVE-2020-19348 RESERVED CVE-2020-19347 RESERVED CVE-2020-19346 RESERVED CVE-2020-19345 RESERVED CVE-2020-19344 RESERVED CVE-2020-19343 RESERVED CVE-2020-19342 RESERVED CVE-2020-19341 RESERVED CVE-2020-19340 RESERVED CVE-2020-19339 RESERVED CVE-2020-19338 RESERVED CVE-2020-19337 RESERVED CVE-2020-19336 RESERVED CVE-2020-19335 RESERVED CVE-2020-19334 RESERVED CVE-2020-19333 RESERVED CVE-2020-19332 RESERVED CVE-2020-19331 RESERVED CVE-2020-19330 RESERVED CVE-2020-19329 RESERVED CVE-2020-19328 RESERVED CVE-2020-19327 RESERVED CVE-2020-19326 RESERVED CVE-2020-19325 RESERVED CVE-2020-19324 RESERVED CVE-2020-19323 RESERVED CVE-2020-19322 RESERVED CVE-2020-19321 RESERVED CVE-2020-19320 RESERVED CVE-2020-19319 RESERVED CVE-2020-19318 RESERVED CVE-2020-19317 RESERVED CVE-2020-19316 RESERVED CVE-2020-19315 RESERVED CVE-2020-19314 RESERVED CVE-2020-19313 RESERVED CVE-2020-19312 RESERVED CVE-2020-19311 RESERVED CVE-2020-19310 RESERVED CVE-2020-19309 RESERVED CVE-2020-19308 RESERVED CVE-2020-19307 RESERVED CVE-2020-19306 RESERVED CVE-2020-19305 (An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 ...) NOT-FOR-US: Metinfo CVE-2020-19304 (An issue in /admin/index.php?n=system&c=filept&a=doGetFileList ...) NOT-FOR-US: Metinfo CVE-2020-19303 (An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 ...) NOT-FOR-US: hdcms CVE-2020-19302 (An arbitrary file upload vulnerability in the avatar upload function o ...) NOT-FOR-US: vaeThink CVE-2020-19301 (A vulnerability in the vae_admin_rule database table of vaeThink v1.0. ...) NOT-FOR-US: vaeThink CVE-2020-19300 RESERVED CVE-2020-19299 RESERVED CVE-2020-19298 RESERVED CVE-2020-19297 RESERVED CVE-2020-19296 RESERVED CVE-2020-19295 (A reflected cross-site scripting (XSS) vulnerability in the /weibo/top ...) NOT-FOR-US: Jeesns CVE-2020-19294 (A stored cross-site scripting (XSS) vulnerability in the /article/comm ...) NOT-FOR-US: Jeesns CVE-2020-19293 (A stored cross-site scripting (XSS) vulnerability in the /article/add ...) NOT-FOR-US: Jeesns CVE-2020-19292 (A stored cross-site scripting (XSS) vulnerability in the /question/ask ...) NOT-FOR-US: Jeesns CVE-2020-19291 (A stored cross-site scripting (XSS) vulnerability in the /weibo/publis ...) NOT-FOR-US: Jeesns CVE-2020-19290 (A stored cross-site scripting (XSS) vulnerability in the /weibo/commen ...) NOT-FOR-US: Jeesns CVE-2020-19289 (A stored cross-site scripting (XSS) vulnerability in the /member/pictu ...) NOT-FOR-US: Jeesns CVE-2020-19288 (A stored cross-site scripting (XSS) vulnerability in the /localhost/u ...) NOT-FOR-US: Jeesns CVE-2020-19287 (A stored cross-site scripting (XSS) vulnerability in the /group/post c ...) NOT-FOR-US: Jeesns CVE-2020-19286 (A stored cross-site scripting (XSS) vulnerability in the /question/det ...) NOT-FOR-US: Jeesns CVE-2020-19285 (A stored cross-site scripting (XSS) vulnerability in the /group/apply ...) NOT-FOR-US: Jeesns CVE-2020-19284 (A stored cross-site scripting (XSS) vulnerability in the /group/commen ...) NOT-FOR-US: Jeesns CVE-2020-19283 (A reflected cross-site scripting (XSS) vulnerability in the /newVersio ...) NOT-FOR-US: Jeesns CVE-2020-19282 (A reflected cross-site scripting (XSS) vulnerability in Jeesns 1.4.2 a ...) NOT-FOR-US: Jeesns CVE-2020-19281 (A stored cross-site scripting (XSS) vulnerability in the /manage/login ...) NOT-FOR-US: Jeesns CVE-2020-19280 (Jeesns 1.4.2 contains a cross-site request forgery (CSRF) which allows ...) NOT-FOR-US: Jeesns CVE-2020-19279 RESERVED CVE-2020-19278 RESERVED CVE-2020-19277 RESERVED CVE-2020-19276 RESERVED CVE-2020-19275 (An Information Disclosure vulnerability exists in dhcms 2017-09-18 whe ...) NOT-FOR-US: dhcms CVE-2020-19274 (A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 ...) NOT-FOR-US: dhcms CVE-2020-19273 RESERVED CVE-2020-19272 RESERVED CVE-2020-19271 RESERVED CVE-2020-19270 RESERVED CVE-2020-19269 RESERVED CVE-2020-19268 (A cross-site request forgery (CSRF) in index.php/Dswjcms/User/tfAdd of ...) NOT-FOR-US: Dswjcms CVE-2020-19267 (An issue in index.php/Dswjcms/Basis/resources of Dswjcms 1.6.4 allows ...) NOT-FOR-US: Dswjcms CVE-2020-19266 (A stored cross-site scripting (XSS) vulnerability in the index.php/Dsw ...) NOT-FOR-US: Dswjcms CVE-2020-19265 (A stored cross-site scripting (XSS) vulnerability in the index.php/Dsw ...) NOT-FOR-US: Dswjcms CVE-2020-19264 (A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers ...) NOT-FOR-US: MipCMS CVE-2020-19263 (A cross-site request forgery (CSRF) in MipCMS v5.0.1 allows attackers ...) NOT-FOR-US: MipCMS CVE-2020-19262 RESERVED CVE-2020-19261 RESERVED CVE-2020-19260 RESERVED CVE-2020-19259 RESERVED CVE-2020-19258 RESERVED CVE-2020-19257 RESERVED CVE-2020-19256 RESERVED CVE-2020-19255 RESERVED CVE-2020-19254 RESERVED CVE-2020-19253 RESERVED CVE-2020-19252 RESERVED CVE-2020-19251 RESERVED CVE-2020-19250 RESERVED CVE-2020-19249 RESERVED CVE-2020-19248 RESERVED CVE-2020-19247 RESERVED CVE-2020-19246 RESERVED CVE-2020-19245 RESERVED CVE-2020-19244 RESERVED CVE-2020-19243 RESERVED CVE-2020-19242 RESERVED CVE-2020-19241 RESERVED CVE-2020-19240 RESERVED CVE-2020-19239 RESERVED CVE-2020-19238 RESERVED CVE-2020-19237 RESERVED CVE-2020-19236 RESERVED CVE-2020-19235 RESERVED CVE-2020-19234 RESERVED CVE-2020-19233 RESERVED CVE-2020-19232 RESERVED CVE-2020-19231 RESERVED CVE-2020-19230 RESERVED CVE-2020-19229 RESERVED CVE-2020-19228 RESERVED CVE-2020-19227 RESERVED CVE-2020-19226 RESERVED CVE-2020-19225 RESERVED CVE-2020-19224 RESERVED CVE-2020-19223 RESERVED CVE-2020-19222 RESERVED CVE-2020-19221 RESERVED CVE-2020-19220 RESERVED CVE-2020-19219 RESERVED CVE-2020-19218 RESERVED CVE-2020-19217 RESERVED CVE-2020-19216 RESERVED CVE-2020-19215 RESERVED CVE-2020-19214 RESERVED CVE-2020-19213 RESERVED CVE-2020-19212 RESERVED CVE-2020-19211 RESERVED CVE-2020-19210 RESERVED CVE-2020-19209 RESERVED CVE-2020-19208 RESERVED CVE-2020-19207 RESERVED CVE-2020-19206 RESERVED CVE-2020-19205 RESERVED CVE-2020-19204 (An authenticated Stored Cross-Site Scriptiong (XSS) vulnerability exis ...) NOT-FOR-US: IPFire CVE-2020-19203 (An authenticated Cross-Site Scripting (XSS) vulnerability was found in ...) NOT-FOR-US: Netgate pfSense Community Edition CVE-2020-19202 (An authenticated Stored XSS (Cross-site Scripting) exists in the "capt ...) NOT-FOR-US: IPFire CVE-2020-19201 (A Stored Cross-Site Scripting (XSS) vulnerability was found in status_ ...) NOT-FOR-US: Netgate pfSense CVE-2020-19200 RESERVED CVE-2020-19199 (A Cross Site Request Forgery (CSRF) vulnerability exists in PHPOK 5.2. ...) NOT-FOR-US: PHPOK CVE-2020-19198 RESERVED CVE-2020-19197 RESERVED CVE-2020-19196 RESERVED CVE-2020-19195 RESERVED CVE-2020-19194 RESERVED CVE-2020-19193 RESERVED CVE-2020-19192 RESERVED CVE-2020-19191 RESERVED CVE-2020-19190 RESERVED CVE-2020-19189 RESERVED CVE-2020-19188 RESERVED CVE-2020-19187 RESERVED CVE-2020-19186 RESERVED CVE-2020-19185 RESERVED CVE-2020-19184 RESERVED CVE-2020-19183 RESERVED CVE-2020-19182 RESERVED CVE-2020-19181 RESERVED CVE-2020-19180 RESERVED CVE-2020-19179 RESERVED CVE-2020-19178 RESERVED CVE-2020-19177 RESERVED CVE-2020-19176 RESERVED CVE-2020-19175 RESERVED CVE-2020-19174 RESERVED CVE-2020-19173 RESERVED CVE-2020-19172 RESERVED CVE-2020-19171 RESERVED CVE-2020-19170 RESERVED CVE-2020-19169 RESERVED CVE-2020-19168 RESERVED CVE-2020-19167 RESERVED CVE-2020-19166 RESERVED CVE-2020-19165 (PHPSHE 1.7 has SQL injection via the admin.php?mod=user&userlevel_ ...) NOT-FOR-US: PHPSHE CVE-2020-19164 RESERVED CVE-2020-19163 RESERVED CVE-2020-19162 RESERVED CVE-2020-19161 RESERVED CVE-2020-19160 RESERVED CVE-2020-19159 (Cross Site Request Forgery (CSRF) in LaikeTui v3 allows remote attacke ...) NOT-FOR-US: LaikeTui CVE-2020-19158 (Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows ...) NOT-FOR-US: S-CMS CVE-2020-19157 (Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers t ...) NOT-FOR-US: Wenku CMS CVE-2020-19156 (Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers t ...) NOT-FOR-US: Wordpress ari-adminer CVE-2020-19155 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) NOT-FOR-US: Jfinal CMS CVE-2020-19154 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) NOT-FOR-US: Jfinal CMS CVE-2020-19153 RESERVED CVE-2020-19152 RESERVED CVE-2020-19151 (Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attac ...) NOT-FOR-US: Jfinal CMS CVE-2020-19150 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) NOT-FOR-US: Jfinal CMS CVE-2020-19149 RESERVED CVE-2020-19148 (Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows rem ...) NOT-FOR-US: Jfinal CMS CVE-2020-19147 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) NOT-FOR-US: Jfinal CMS CVE-2020-19146 (Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote ...) NOT-FOR-US: Jfinal CMS CVE-2020-19145 RESERVED CVE-2020-19144 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...) {DLA-2777-1} - tiff 4.0.10+git190814-1 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2852 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/159 NOTE: Fixed around https://gitlab.com/libtiff/libtiff/-/commit/1fb9e731ef3e4ceb7af128ce298adb271088064f (v4.1.0) CVE-2020-19143 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...) {DSA-4997-1} - tiff 4.1.0+git201212-1 [stretch] - tiff (Vulnerable code introduced later) NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2851 NOTE: https://gitlab.com/libtiff/libtiff/-/issues/158 NOTE: Introduced with: https://gitlab.com/libtiff/libtiff/-/commit/9eacd59fecc4ef593ac17689bc530ab451c8ec14 (v4.0.10) NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/-/commit/54ce8c522078cd0f39861df71db848648ec28ade (v4.2.0) CVE-2020-19142 (iCMS 7 attackers to execute arbitrary OS commands via shell metacharac ...) NOT-FOR-US: idreamsoft iCMS CVE-2020-19141 RESERVED CVE-2020-19140 RESERVED CVE-2020-19139 RESERVED CVE-2020-19138 (Unrestricted Upload of File with Dangerous Type in DotCMS v5.2.3 and e ...) NOT-FOR-US: DotCMS CVE-2020-19137 (Incorrect Access Control in Autumn v1.0.4 and earlier allows remote at ...) NOT-FOR-US: Autumn CVE-2020-19136 RESERVED CVE-2020-19135 RESERVED CVE-2020-19134 RESERVED CVE-2020-19133 RESERVED CVE-2020-19132 RESERVED CVE-2020-19131 (Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial ...) {DLA-2777-1} - tiff 4.0.10+git190814-1 NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2831 NOTE: https://gitlab.com/libtiff/libtiff/merge_requests/61 NOTE: https://gitlab.com/libtiff/libtiff/-/commit/9cfa5c469109c207bf3b916c52e618d4400ba2c0 (v4.1.0) CVE-2020-19130 RESERVED CVE-2020-19129 RESERVED CVE-2020-19128 RESERVED CVE-2020-19127 RESERVED CVE-2020-19126 RESERVED CVE-2020-19125 RESERVED CVE-2020-19124 RESERVED CVE-2020-19123 RESERVED CVE-2020-19122 RESERVED CVE-2020-19121 RESERVED CVE-2020-19120 RESERVED CVE-2020-19119 RESERVED CVE-2020-19118 (Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_cod ...) NOT-FOR-US: YzmCMS CVE-2020-19117 RESERVED CVE-2020-19116 RESERVED CVE-2020-19115 RESERVED CVE-2020-19114 (SQL Injection vulnerability in Online Book Store v1.0 via the publishe ...) NOT-FOR-US: Online Book Store CVE-2020-19113 (Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin ...) NOT-FOR-US: Online Book Store CVE-2020-19112 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...) NOT-FOR-US: Online Book Store CVE-2020-19111 (Incorrect Access Control vulnerability in Online Book Store v1.0 via a ...) NOT-FOR-US: Online Book Store CVE-2020-19110 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...) NOT-FOR-US: Online Book Store CVE-2020-19109 (SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn ...) NOT-FOR-US: Online Book Store CVE-2020-19108 (SQL Injection vulnerability in Online Book Store v1.0 via the pubid pa ...) NOT-FOR-US: Online Book Store CVE-2020-19107 (SQL Injection vulnerability in Online Book Store v1.0 via the isbn par ...) NOT-FOR-US: Online Book Store CVE-2020-19106 RESERVED CVE-2020-19105 RESERVED CVE-2020-19104 RESERVED CVE-2020-19103 RESERVED CVE-2020-19102 RESERVED CVE-2020-19101 RESERVED CVE-2020-19100 RESERVED CVE-2020-19099 RESERVED CVE-2020-19098 RESERVED CVE-2020-19097 RESERVED CVE-2020-19096 RESERVED CVE-2020-19095 RESERVED CVE-2020-19094 RESERVED CVE-2020-19093 RESERVED CVE-2020-19092 RESERVED CVE-2020-19091 RESERVED CVE-2020-19090 RESERVED CVE-2020-19089 RESERVED CVE-2020-19088 RESERVED CVE-2020-19087 RESERVED CVE-2020-19086 RESERVED CVE-2020-19085 RESERVED CVE-2020-19084 RESERVED CVE-2020-19083 RESERVED CVE-2020-19082 RESERVED CVE-2020-19081 RESERVED CVE-2020-19080 RESERVED CVE-2020-19079 RESERVED CVE-2020-19078 RESERVED CVE-2020-19077 RESERVED CVE-2020-19076 RESERVED CVE-2020-19075 RESERVED CVE-2020-19074 RESERVED CVE-2020-19073 RESERVED CVE-2020-19072 RESERVED CVE-2020-19071 RESERVED CVE-2020-19070 RESERVED CVE-2020-19069 RESERVED CVE-2020-19068 RESERVED CVE-2020-19067 RESERVED CVE-2020-19066 RESERVED CVE-2020-19065 RESERVED CVE-2020-19064 RESERVED CVE-2020-19063 RESERVED CVE-2020-19062 RESERVED CVE-2020-19061 RESERVED CVE-2020-19060 RESERVED CVE-2020-19059 RESERVED CVE-2020-19058 RESERVED CVE-2020-19057 RESERVED CVE-2020-19056 RESERVED CVE-2020-19055 RESERVED CVE-2020-19054 RESERVED CVE-2020-19053 RESERVED CVE-2020-19052 RESERVED CVE-2020-19051 RESERVED CVE-2020-19050 RESERVED CVE-2020-19049 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to ...) NOT-FOR-US: MyBB CVE-2020-19048 (Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to ...) NOT-FOR-US: MyBB CVE-2020-19047 (Cross Site Request Forgey (CSRF) in iWebShop v5.3 allows remote atatck ...) NOT-FOR-US: iWebShop CVE-2020-19046 (Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to ex ...) NOT-FOR-US: S-CMS CVE-2020-19045 RESERVED CVE-2020-19044 RESERVED CVE-2020-19043 RESERVED CVE-2020-19042 RESERVED CVE-2020-19041 RESERVED CVE-2020-19040 RESERVED CVE-2020-19039 RESERVED CVE-2020-19038 (File Deletion vulnerability in Halo 0.4.3 via delBackup. ...) NOT-FOR-US: Halo CVE-2020-19037 (Incorrect Access Control vulnearbility in Halo 0.4.3, which allows a m ...) NOT-FOR-US: Halo CVE-2020-19036 RESERVED CVE-2020-19035 RESERVED CVE-2020-19034 RESERVED CVE-2020-19033 RESERVED CVE-2020-19032 RESERVED CVE-2020-19031 RESERVED CVE-2020-19030 RESERVED CVE-2020-19029 RESERVED CVE-2020-19028 RESERVED CVE-2020-19027 RESERVED CVE-2020-19026 RESERVED CVE-2020-19025 RESERVED CVE-2020-19024 RESERVED CVE-2020-19023 RESERVED CVE-2020-19022 RESERVED CVE-2020-19021 RESERVED CVE-2020-19020 RESERVED CVE-2020-19019 RESERVED CVE-2020-19018 RESERVED CVE-2020-19017 RESERVED CVE-2020-19016 RESERVED CVE-2020-19015 RESERVED CVE-2020-19014 RESERVED CVE-2020-19013 RESERVED CVE-2020-19012 RESERVED CVE-2020-19011 RESERVED CVE-2020-19010 RESERVED CVE-2020-19009 RESERVED CVE-2020-19008 RESERVED CVE-2020-19007 (Halo blog 1.2.0 allows users to submit comments on blog posts via /api ...) NOT-FOR-US: Halo blog CVE-2020-19006 RESERVED CVE-2020-19005 (zrlog v2.1.0 has a vulnerability with the permission check. If admin a ...) NOT-FOR-US: zrlog CVE-2020-19004 RESERVED CVE-2020-19003 (An issue in Gate One 1.2.0 allows attackers to bypass to the verificat ...) NOT-FOR-US: Gate One CVE-2020-19002 (Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers ...) NOT-FOR-US: Mezzanine CMS CVE-2020-19001 (Command Injection in Simiki v1.6.2.1 and prior allows remote attackers ...) NOT-FOR-US: Simiki CVE-2020-19000 (Cross Site Scripting (XSS) in Simiki v1.6.2.1 and prior allows remote ...) NOT-FOR-US: Simiki CVE-2020-18999 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...) NOT-FOR-US: Blog_mini CVE-2020-18998 (Cross Site Scripting (XSS) in Blog_mini v1.0 allows remote attackers t ...) NOT-FOR-US: Blog_mini CVE-2020-18997 RESERVED CVE-2020-18996 RESERVED CVE-2020-18995 RESERVED CVE-2020-18994 RESERVED CVE-2020-18993 RESERVED CVE-2020-18992 RESERVED CVE-2020-18991 RESERVED CVE-2020-18990 RESERVED CVE-2020-18989 RESERVED CVE-2020-18988 RESERVED CVE-2020-18987 RESERVED CVE-2020-18986 RESERVED CVE-2020-18985 RESERVED CVE-2020-18984 RESERVED CVE-2020-18983 RESERVED CVE-2020-18982 (Cross Sie Scripting (XSS) vulnerability in Halo 0.4.3 via CommentAutho ...) NOT-FOR-US: Halo CVE-2020-18981 RESERVED CVE-2020-18980 (Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr an ...) NOT-FOR-US: Halo CVE-2020-18979 (Cross Siste Scripting (XSS) vulnerablity in Halo 0.4.3 via the X-forwa ...) NOT-FOR-US: Halo CVE-2020-18978 RESERVED CVE-2020-18977 RESERVED CVE-2020-18976 (Buffer Overflow in Tcpreplay v4.3.2 allows attackers to cause a Denial ...) - tcpreplay 4.3.3-1 (unimportant) NOTE: https://github.com/appneta/tcpreplay/issues/556 NOTE: Crash in CLI tool, no security impact CVE-2020-18975 RESERVED CVE-2020-18974 (Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers ...) - nasm (unimportant) NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392568 NOTE: Crash in CLI tool, no security impact CVE-2020-18973 RESERVED CVE-2020-18972 (Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v ...) - libpodofo [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/49/ CVE-2020-18971 (Stack-based Buffer Overflow in PoDoFo v0.9.6 allows attackers to cause ...) - libpodofo [bullseye] - libpodofo (Minor issue) [buster] - libpodofo (Minor issue) [stretch] - libpodofo (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/podofo/tickets/48/ CVE-2020-18970 RESERVED CVE-2020-18969 RESERVED CVE-2020-18968 RESERVED CVE-2020-18967 RESERVED CVE-2020-18966 RESERVED CVE-2020-18965 RESERVED CVE-2020-18964 (Cross Site Request Forgery (CSRF) Vulnerability in ForestBlog latest v ...) NOT-FOR-US: ForestBlog CVE-2020-18963 RESERVED CVE-2020-18962 RESERVED CVE-2020-18961 RESERVED CVE-2020-18960 RESERVED CVE-2020-18959 RESERVED CVE-2020-18958 RESERVED CVE-2020-18957 RESERVED CVE-2020-18956 RESERVED CVE-2020-18955 RESERVED CVE-2020-18954 RESERVED CVE-2020-18953 RESERVED CVE-2020-18952 RESERVED CVE-2020-18951 RESERVED CVE-2020-18950 RESERVED CVE-2020-18949 RESERVED CVE-2020-18948 RESERVED CVE-2020-18947 RESERVED CVE-2020-18946 RESERVED CVE-2020-18945 RESERVED CVE-2020-18944 RESERVED CVE-2020-18943 RESERVED CVE-2020-18942 RESERVED CVE-2020-18941 RESERVED CVE-2020-18940 RESERVED CVE-2020-18939 RESERVED CVE-2020-18938 RESERVED CVE-2020-18937 RESERVED CVE-2020-18936 RESERVED CVE-2020-18935 RESERVED CVE-2020-18934 RESERVED CVE-2020-18933 RESERVED CVE-2020-18932 RESERVED CVE-2020-18931 RESERVED CVE-2020-18930 RESERVED CVE-2020-18929 RESERVED CVE-2020-18928 RESERVED CVE-2020-18927 RESERVED CVE-2020-18926 RESERVED CVE-2020-18925 RESERVED CVE-2020-18924 RESERVED CVE-2020-18923 RESERVED CVE-2020-18922 RESERVED CVE-2020-18921 RESERVED CVE-2020-18920 RESERVED CVE-2020-18919 RESERVED CVE-2020-18918 RESERVED CVE-2020-18917 (The plus/search.php component in DedeCMS 5.7 SP2 allows remote attacke ...) NOT-FOR-US: DedeCMS CVE-2020-18916 RESERVED CVE-2020-18915 RESERVED CVE-2020-18914 RESERVED CVE-2020-18913 (EARCLINK ESPCMS-P8 was discovered to contain a SQL injection vulnerabi ...) NOT-FOR-US: EARCLINK ESPCMS-P8 CVE-2020-18912 RESERVED CVE-2020-18911 RESERVED CVE-2020-18910 RESERVED CVE-2020-18909 RESERVED CVE-2020-18908 RESERVED CVE-2020-18907 RESERVED CVE-2020-18906 RESERVED CVE-2020-18905 RESERVED CVE-2020-18904 RESERVED CVE-2020-18903 RESERVED CVE-2020-18902 RESERVED CVE-2020-18901 RESERVED CVE-2020-18900 (** DISPUTED ** A heap-based buffer overflow in the libexe_io_handle_re ...) NOT-FOR-US: libyal CVE-2020-18899 (An uncontrolled memory allocation in DataBufdata(subBox.length-sizeof( ...) - exiv2 0.27.2-6 [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/742 NOTE: https://github.com/Exiv2/exiv2/commit/051b5d9df1f4669117937b7a40104404cc252993 (0.27.1) CVE-2020-18898 (A stack exhaustion issue in the printIFDStructure function of Exiv2 0. ...) - exiv2 (unimportant) NOTE: https://github.com/Exiv2/exiv2/issues/741 NOTE: Negligible security impact, issue in debugging only function CVE-2020-18897 (An use-after-free vulnerability in the libpff_item_tree_create_node fu ...) - libpff 20180714-1 [stretch] - libpff (Minor issue) NOTE: https://github.com/libyal/libpff/issues/61 NOTE: https://github.com/libyal/libpff/issues/62 NOTE: https://github.com/libyal/libpff/commit/effae88adfc9def45be0bb7ff27d20ce133d8c7c CVE-2020-18896 RESERVED CVE-2020-18895 RESERVED CVE-2020-18894 RESERVED CVE-2020-18893 RESERVED CVE-2020-18892 RESERVED CVE-2020-18891 RESERVED CVE-2020-18890 (Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insec ...) NOT-FOR-US: puppyCMS CVE-2020-18889 (Cross Site Request Forgery (CSRF) vulnerability in puppyCMS v5.1 that ...) NOT-FOR-US: puppyCMS CVE-2020-18888 (Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote m ...) NOT-FOR-US: puppyCMS CVE-2020-18887 RESERVED CVE-2020-18886 (Unrestricted File Upload in PHPMyWind v5.6 allows remote attackers to ...) NOT-FOR-US: PHPMyWind CVE-2020-18885 (Command Injection in PHPMyWind v5.6 allows remote attackers to execute ...) NOT-FOR-US: PHPMyWind CVE-2020-18884 RESERVED CVE-2020-18883 RESERVED CVE-2020-18882 RESERVED CVE-2020-18881 RESERVED CVE-2020-18880 RESERVED CVE-2020-18879 (Unrestricted File Upload in Bludit v3.8.1 allows remote attackers to e ...) NOT-FOR-US: Bludit CVE-2020-18878 (Directory Traversal in Skycaiji v1.3 allows remote attackers to obtain ...) NOT-FOR-US: Skycaiji CVE-2020-18877 (SQL Injection in Wuzhi CMS v4.1.0 allows remote attackers to obtain se ...) NOT-FOR-US: Wuzhi CMS CVE-2020-18876 RESERVED CVE-2020-18875 (Incorrect Access Control in DotCMS versions before 5.1 allows remote a ...) NOT-FOR-US: DotCMS CVE-2020-18874 RESERVED CVE-2020-18873 RESERVED CVE-2020-18872 RESERVED CVE-2020-18871 RESERVED CVE-2020-18870 RESERVED CVE-2020-18869 RESERVED CVE-2020-18868 RESERVED CVE-2020-18867 RESERVED CVE-2020-18866 RESERVED CVE-2020-18865 RESERVED CVE-2020-18864 RESERVED CVE-2020-18863 RESERVED CVE-2020-18862 RESERVED CVE-2020-18861 RESERVED CVE-2020-18860 RESERVED CVE-2020-18859 RESERVED CVE-2020-18858 RESERVED CVE-2020-18857 RESERVED CVE-2020-18856 RESERVED CVE-2020-18855 RESERVED CVE-2020-18854 RESERVED CVE-2020-18853 RESERVED CVE-2020-18852 RESERVED CVE-2020-18851 RESERVED CVE-2020-18850 RESERVED CVE-2020-18849 RESERVED CVE-2020-18848 RESERVED CVE-2020-18847 RESERVED CVE-2020-18846 RESERVED CVE-2020-18845 RESERVED CVE-2020-18844 RESERVED CVE-2020-18843 RESERVED CVE-2020-18842 RESERVED CVE-2020-18841 RESERVED CVE-2020-18840 RESERVED CVE-2020-18839 RESERVED CVE-2020-18838 RESERVED CVE-2020-18837 RESERVED CVE-2020-18836 RESERVED CVE-2020-18835 RESERVED CVE-2020-18834 RESERVED CVE-2020-18833 RESERVED CVE-2020-18832 RESERVED CVE-2020-18831 RESERVED CVE-2020-18830 RESERVED CVE-2020-18829 RESERVED CVE-2020-18828 RESERVED CVE-2020-18827 RESERVED CVE-2020-18826 RESERVED CVE-2020-18825 RESERVED CVE-2020-18824 RESERVED CVE-2020-18823 RESERVED CVE-2020-18822 RESERVED CVE-2020-18821 RESERVED CVE-2020-18820 RESERVED CVE-2020-18819 RESERVED CVE-2020-18818 RESERVED CVE-2020-18817 RESERVED CVE-2020-18816 RESERVED CVE-2020-18815 RESERVED CVE-2020-18814 RESERVED CVE-2020-18813 RESERVED CVE-2020-18812 RESERVED CVE-2020-18811 RESERVED CVE-2020-18810 RESERVED CVE-2020-18809 RESERVED CVE-2020-18808 RESERVED CVE-2020-18807 RESERVED CVE-2020-18806 RESERVED CVE-2020-18805 RESERVED CVE-2020-18804 RESERVED CVE-2020-18803 RESERVED CVE-2020-18802 RESERVED CVE-2020-18801 RESERVED CVE-2020-18800 RESERVED CVE-2020-18799 RESERVED CVE-2020-18798 RESERVED CVE-2020-18797 RESERVED CVE-2020-18796 RESERVED CVE-2020-18795 RESERVED CVE-2020-18794 RESERVED CVE-2020-18793 RESERVED CVE-2020-18792 RESERVED CVE-2020-18791 RESERVED CVE-2020-18790 RESERVED CVE-2020-18789 RESERVED CVE-2020-18788 RESERVED CVE-2020-18787 RESERVED CVE-2020-18786 RESERVED CVE-2020-18785 RESERVED CVE-2020-18784 RESERVED CVE-2020-18783 RESERVED CVE-2020-18782 RESERVED CVE-2020-18781 RESERVED CVE-2020-18780 RESERVED CVE-2020-18779 RESERVED CVE-2020-18778 (In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_ ...) - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1155 CVE-2020-18777 RESERVED CVE-2020-18776 (In Libav 12.3, there is a segmentation fault in vc1_decode_b_mb_intfr ...) - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1153 CVE-2020-18775 (In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_ ...) - libav NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1152 CVE-2020-18774 (A float point exception in the printLong function in tags_int.cpp of E ...) - exiv2 (unimportant) NOTE: https://github.com/Exiv2/exiv2/issues/759 NOTE: Negligible security impact CVE-2020-18773 (An invalid memory access in the decode function in iptc.cpp of Exiv2 0 ...) - exiv2 (unimportant) NOTE: https://github.com/Exiv2/exiv2/issues/760 NOTE: Negligible security impact CVE-2020-18772 RESERVED CVE-2020-18771 (Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Niko ...) - exiv2 0.27.2-6 [buster] - exiv2 (Minor issue) [stretch] - exiv2 (Minor issue) NOTE: https://github.com/Exiv2/exiv2/issues/756 CVE-2020-18770 RESERVED CVE-2020-18769 RESERVED CVE-2020-18768 RESERVED CVE-2020-18767 RESERVED CVE-2020-18766 (A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotel ...) NOT-FOR-US: AntSword CVE-2020-18765 RESERVED CVE-2020-18764 RESERVED CVE-2020-18763 RESERVED CVE-2020-18762 RESERVED CVE-2020-18761 RESERVED CVE-2020-18760 RESERVED CVE-2020-18759 (An information disclosure vulnerability exists in the EPA protocol of ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18758 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18757 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18756 (An arbitrary memory access vulnerability in the EPA protocol of Dut Co ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18755 RESERVED CVE-2020-18754 (An information disclosure vulnerability exists within Dut Computer Con ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18753 (An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows ...) NOT-FOR-US: Dut Computer Control Engineering Co.'s PLC MAC1100 CVE-2020-18752 RESERVED CVE-2020-18751 RESERVED CVE-2020-18750 (Buffer overflow in pdf2json 0.69 allows local users to execute arbitra ...) NOT-FOR-US: pdf2json CVE-2020-18749 RESERVED CVE-2020-18748 (Cross Site Scripting (XSS) in Typora v0.9.65 allows attackers to execu ...) NOT-FOR-US: Typora CVE-2020-18747 RESERVED CVE-2020-18746 (SQL Injection in AiteCMS v1.0 allows remote attackers to execute arbit ...) NOT-FOR-US: AiteCMS CVE-2020-18745 RESERVED CVE-2020-18744 RESERVED CVE-2020-18743 RESERVED CVE-2020-18742 RESERVED CVE-2020-18741 (Improper Authorization in ThinkSAAS v2.7 allows remote attackers to mo ...) NOT-FOR-US: ThinkSAAS CVE-2020-18740 RESERVED CVE-2020-18739 RESERVED CVE-2020-18738 RESERVED CVE-2020-18737 (An issue was discovered in Typora 0.9.67. There is an XSS vulnerabilit ...) NOT-FOR-US: Typora CVE-2020-18736 RESERVED CVE-2020-18735 (A heap buffer overflow in /src/dds_stream.c of Eclipse IOT Cyclone DDS ...) NOT-FOR-US: Eclipse IOT Cyclone CVE-2020-18734 (A stack buffer overflow in /ddsi/q_bitset.h of Eclipse IOT Cyclone DDS ...) NOT-FOR-US: Eclipse IOT Cyclone CVE-2020-18733 RESERVED CVE-2020-18732 RESERVED CVE-2020-18731 (A segmentation violation in the Iec104_Deal_FirmUpdate function of IEC ...) NOT-FOR-US: IEC104 CVE-2020-18730 (A segmentation violation in the Iec104_Deal_I function of IEC104 v1.0 ...) NOT-FOR-US: IEC104 CVE-2020-18729 RESERVED CVE-2020-18728 RESERVED CVE-2020-18727 RESERVED CVE-2020-18726 RESERVED CVE-2020-18725 RESERVED CVE-2020-18724 (Authenticated stored cross-site scripting (XSS) in the contact name fi ...) NOT-FOR-US: MDaemon webmail CVE-2020-18723 (Stored cross-site scripting (XSS) in file attachment field in MDaemon ...) NOT-FOR-US: MDaemon webmail CVE-2020-18722 RESERVED CVE-2020-18721 RESERVED CVE-2020-18720 RESERVED CVE-2020-18719 RESERVED CVE-2020-18718 RESERVED CVE-2020-18717 (SQL Injection in ZZZCMS zzzphp 1.7.1 allows remote attackers to execut ...) NOT-FOR-US: ZZZCMS CVE-2020-18716 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...) NOT-FOR-US: Rockoa CVE-2020-18715 REJECTED CVE-2020-18714 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...) NOT-FOR-US: Rockoa CVE-2020-18713 (SQL Injection in Rockoa v1.8.7 allows remote attackers to gain privile ...) NOT-FOR-US: Rockoa CVE-2020-18712 RESERVED CVE-2020-18711 RESERVED CVE-2020-18710 RESERVED CVE-2020-18709 RESERVED CVE-2020-18708 RESERVED CVE-2020-18707 RESERVED CVE-2020-18706 RESERVED CVE-2020-18705 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...) NOT-FOR-US: Quokka CVE-2020-18704 (Unrestricted Upload of File with Dangerous Type in Django-Widgy v0.8.4 ...) NOT-FOR-US: Django-Widgy CVE-2020-18703 (XML External Entities (XXE) in Quokka v0.4.0 allows remote attackers t ...) NOT-FOR-US: Quokka CVE-2020-18702 (Cross Site Scripting (XSS) in Quokka v0.4.0 allows remote attackers to ...) NOT-FOR-US: Quokka CVE-2020-18701 (Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attacke ...) NOT-FOR-US: Lin-CMS-Flask CVE-2020-18700 RESERVED CVE-2020-18699 (Cross Site Scripting (XSS) in Lin-CMS-Flask v0.1.1 allows remote attac ...) NOT-FOR-US: Lin-CMS-Flask CVE-2020-18698 (Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attacker ...) NOT-FOR-US: Lin-CMS-Flask CVE-2020-18697 RESERVED CVE-2020-18696 RESERVED CVE-2020-18695 RESERVED CVE-2020-18694 (Cross Site Request Forgery (CSRF) in IgnitedCMS v1.0 allows remote att ...) NOT-FOR-US: IgnitedCMS CVE-2020-18693 (Cross Site Scripting (XSS) in MineWebCMS v1.7.0 allows remote attacker ...) NOT-FOR-US: MineWebCMS CVE-2020-18692 RESERVED CVE-2020-18691 RESERVED CVE-2020-18690 RESERVED CVE-2020-18689 RESERVED CVE-2020-18688 RESERVED CVE-2020-18687 RESERVED CVE-2020-18686 RESERVED CVE-2020-18685 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...) NOT-FOR-US: Floodlight CVE-2020-18684 (Floodlight through 1.2 has an integer overflow in checkFlow in StaticF ...) NOT-FOR-US: Floodlight CVE-2020-18683 (Floodlight through 1.2 has poor input validation in checkFlow in Stati ...) NOT-FOR-US: Floodlight CVE-2020-18682 RESERVED CVE-2020-18681 RESERVED CVE-2020-18680 RESERVED CVE-2020-18679 RESERVED CVE-2020-18678 RESERVED CVE-2020-18677 RESERVED CVE-2020-18676 RESERVED CVE-2020-18675 RESERVED CVE-2020-18674 RESERVED CVE-2020-18673 RESERVED CVE-2020-18672 RESERVED CVE-2020-18671 (Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 ...) - roundcube 1.4.5+dfsg.1-1 [buster] - roundcube 1.3.13+dfsg.1-1~deb10u1 [stretch] - roundcube (Minor issue, XSS in installer which is not exposed in Debian) NOTE: https://github.com/roundcube/roundcubemail/issues/7406 NOTE: https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12 CVE-2020-18670 (Cross Site Scripting (XSS) vulneraibility in Roundcube mail .4.4 via d ...) - roundcube 1.4.5+dfsg.1-1 [buster] - roundcube 1.3.13+dfsg.1-1~deb10u1 [stretch] - roundcube (Minor issue, XSS in installer which is not exposed in Debian) NOTE: https://github.com/roundcube/roundcubemail/issues/7406 NOTE: https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12 CVE-2020-18669 RESERVED CVE-2020-18668 (Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via t ...) NOT-FOR-US: WebPort CVE-2020-18667 (SQL Injection vulnerability in WebPort <=1.19.1 via the new connect ...) NOT-FOR-US: WebPort CVE-2020-18666 REJECTED CVE-2020-18665 (Directory Traversal vulnerability in WebPort <=1.19.1 in tags of sy ...) NOT-FOR-US: WebPort CVE-2020-18664 (Cross Site Scripting (XSS) vulnerability in WebPort <=1.19.1via the ...) NOT-FOR-US: WebPort CVE-2020-18663 (Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 vi ...) NOT-FOR-US: gnuboard5 CVE-2020-18662 (SQL Injection vulnerability in gnuboard5 <=v5.3.2.8 via the table_p ...) NOT-FOR-US: gnuboard5 CVE-2020-18661 (Cross Site Scripting (XSS) vulnerability in gnuboard5 <=v5.3.2.8 vi ...) NOT-FOR-US: gnuboard5 CVE-2020-18660 (GetSimpleCMS <=3.3.15 has an open redirect in admin/changedata.php ...) NOT-FOR-US: GetSimpleCMS CVE-2020-18659 (Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the ...) NOT-FOR-US: GetSimpleCMS CVE-2020-18658 (Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 ...) NOT-FOR-US: GetSimpleCMS CVE-2020-18657 (Cross Site Scripting (XSS) vulnerability in GetSimpleCMS <= 3.3.15 ...) NOT-FOR-US: GetSimpleCMS CVE-2020-18656 RESERVED CVE-2020-18655 RESERVED CVE-2020-18654 (Cross Site Scripting (XSS) in Wuzhi CMS v4.1.0 allows remote attackers ...) NOT-FOR-US: Wuzhi CMS CVE-2020-18653 RESERVED CVE-2020-18652 RESERVED CVE-2020-18651 RESERVED CVE-2020-18650 RESERVED CVE-2020-18649 RESERVED CVE-2020-18648 (Cross Site Request Forgery (CSRF) in JuQingCMS v1.0 allows remote atta ...) NOT-FOR-US: JuQingCMS CVE-2020-18647 (Information Disclosure in NoneCMS v1.3 allows remote attackers to obta ...) NOT-FOR-US: NoneCMS CVE-2020-18646 (Information Disclosure in NoneCMS v1.3 allows remote attackers to obta ...) NOT-FOR-US: NoneCMS CVE-2020-18645 RESERVED CVE-2020-18644 RESERVED CVE-2020-18643 RESERVED CVE-2020-18642 RESERVED CVE-2020-18641 RESERVED CVE-2020-18640 RESERVED CVE-2020-18639 RESERVED CVE-2020-18638 RESERVED CVE-2020-18637 RESERVED CVE-2020-18636 RESERVED CVE-2020-18635 RESERVED CVE-2020-18634 RESERVED CVE-2020-18633 RESERVED CVE-2020-18632 RESERVED CVE-2020-18631 RESERVED CVE-2020-18630 RESERVED CVE-2020-18629 RESERVED CVE-2020-18628 RESERVED CVE-2020-18627 RESERVED CVE-2020-18626 RESERVED CVE-2020-18625 RESERVED CVE-2020-18624 RESERVED CVE-2020-18623 RESERVED CVE-2020-18622 RESERVED CVE-2020-18621 RESERVED CVE-2020-18620 RESERVED CVE-2020-18619 RESERVED CVE-2020-18618 RESERVED CVE-2020-18617 RESERVED CVE-2020-18616 RESERVED CVE-2020-18615 RESERVED CVE-2020-18614 RESERVED CVE-2020-18613 RESERVED CVE-2020-18612 RESERVED CVE-2020-18611 RESERVED CVE-2020-18610 RESERVED CVE-2020-18609 RESERVED CVE-2020-18608 RESERVED CVE-2020-18607 RESERVED CVE-2020-18606 RESERVED CVE-2020-18605 RESERVED CVE-2020-18604 RESERVED CVE-2020-18603 RESERVED CVE-2020-18602 RESERVED CVE-2020-18601 RESERVED CVE-2020-18600 RESERVED CVE-2020-18599 RESERVED CVE-2020-18598 RESERVED CVE-2020-18597 RESERVED CVE-2020-18596 RESERVED CVE-2020-18595 RESERVED CVE-2020-18594 RESERVED CVE-2020-18593 RESERVED CVE-2020-18592 RESERVED CVE-2020-18591 RESERVED CVE-2020-18590 RESERVED CVE-2020-18589 RESERVED CVE-2020-18588 RESERVED CVE-2020-18587 RESERVED CVE-2020-18586 RESERVED CVE-2020-18585 RESERVED CVE-2020-18584 RESERVED CVE-2020-18583 RESERVED CVE-2020-18582 RESERVED CVE-2020-18581 RESERVED CVE-2020-18580 RESERVED CVE-2020-18579 RESERVED CVE-2020-18578 RESERVED CVE-2020-18577 RESERVED CVE-2020-18576 RESERVED CVE-2020-18575 RESERVED CVE-2020-18574 RESERVED CVE-2020-18573 RESERVED CVE-2020-18572 RESERVED CVE-2020-18571 RESERVED CVE-2020-18570 RESERVED CVE-2020-18569 RESERVED CVE-2020-18568 (The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a ...) NOT-FOR-US: D-Link CVE-2020-18567 RESERVED CVE-2020-18566 RESERVED CVE-2020-18565 RESERVED CVE-2020-18564 RESERVED CVE-2020-18563 RESERVED CVE-2020-18562 RESERVED CVE-2020-18561 RESERVED CVE-2020-18560 RESERVED CVE-2020-18559 RESERVED CVE-2020-18558 RESERVED CVE-2020-18557 RESERVED CVE-2020-18556 RESERVED CVE-2020-18555 RESERVED CVE-2020-18554 RESERVED CVE-2020-18553 RESERVED CVE-2020-18552 RESERVED CVE-2020-18551 RESERVED CVE-2020-18550 RESERVED CVE-2020-18549 RESERVED CVE-2020-18548 RESERVED CVE-2020-18547 RESERVED CVE-2020-18546 RESERVED CVE-2020-18545 RESERVED CVE-2020-18544 (SQL Injection in WMS v1.0 allows remote attackers to execute arbitrary ...) NOT-FOR-US: WMS CVE-2020-18543 RESERVED CVE-2020-18542 RESERVED CVE-2020-18541 RESERVED CVE-2020-18540 RESERVED CVE-2020-18539 RESERVED CVE-2020-18538 RESERVED CVE-2020-18537 RESERVED CVE-2020-18536 RESERVED CVE-2020-18535 RESERVED CVE-2020-18534 RESERVED CVE-2020-18533 RESERVED CVE-2020-18532 RESERVED CVE-2020-18531 RESERVED CVE-2020-18530 RESERVED CVE-2020-18529 RESERVED CVE-2020-18528 RESERVED CVE-2020-18527 RESERVED CVE-2020-18526 RESERVED CVE-2020-18525 RESERVED CVE-2020-18524 RESERVED CVE-2020-18523 RESERVED CVE-2020-18522 RESERVED CVE-2020-18521 RESERVED CVE-2020-18520 RESERVED CVE-2020-18519 RESERVED CVE-2020-18518 RESERVED CVE-2020-18517 RESERVED CVE-2020-18516 RESERVED CVE-2020-18515 RESERVED CVE-2020-18514 RESERVED CVE-2020-18513 RESERVED CVE-2020-18512 RESERVED CVE-2020-18511 RESERVED CVE-2020-18510 RESERVED CVE-2020-18509 RESERVED CVE-2020-18508 RESERVED CVE-2020-18507 RESERVED CVE-2020-18506 RESERVED CVE-2020-18505 RESERVED CVE-2020-18504 RESERVED CVE-2020-18503 RESERVED CVE-2020-18502 RESERVED CVE-2020-18501 RESERVED CVE-2020-18500 RESERVED CVE-2020-18499 RESERVED CVE-2020-18498 RESERVED CVE-2020-18497 RESERVED CVE-2020-18496 RESERVED CVE-2020-18495 RESERVED CVE-2020-18494 RESERVED CVE-2020-18493 RESERVED CVE-2020-18492 RESERVED CVE-2020-18491 RESERVED CVE-2020-18490 RESERVED CVE-2020-18489 RESERVED CVE-2020-18488 RESERVED CVE-2020-18487 RESERVED CVE-2020-18486 RESERVED CVE-2020-18485 RESERVED CVE-2020-18484 RESERVED CVE-2020-18483 RESERVED CVE-2020-18482 RESERVED CVE-2020-18481 RESERVED CVE-2020-18480 RESERVED CVE-2020-18479 RESERVED CVE-2020-18478 RESERVED CVE-2020-18477 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the purchase enqui ...) NOT-FOR-US: Hucart CMS CVE-2020-18476 (SQL Injection vulnerability in Hucart CMS 5.7.4 via the basic informat ...) NOT-FOR-US: Hucart CMS CVE-2020-18475 (Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is ...) NOT-FOR-US: Hucart CMS CVE-2020-18474 RESERVED CVE-2020-18473 RESERVED CVE-2020-18472 RESERVED CVE-2020-18471 RESERVED CVE-2020-18470 (Stored cross-site scripting (XSS) vulnerability in the Name of applica ...) NOT-FOR-US: Rukovoditel CVE-2020-18469 (Stored cross-site scripting (XSS) vulnerability in the Copyright Text ...) NOT-FOR-US: Rukovoditel CVE-2020-18468 (Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Hea ...) NOT-FOR-US: qdPM CVE-2020-18467 (Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in ...) NOT-FOR-US: BigTree-CMS CVE-2020-18466 RESERVED CVE-2020-18465 RESERVED CVE-2020-18464 (Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in vid ...) NOT-FOR-US: AikCms CVE-2020-18463 (Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in vi ...) NOT-FOR-US: AikCms CVE-2020-18462 (File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because t ...) NOT-FOR-US: AikCms CVE-2020-18461 RESERVED CVE-2020-18460 (Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0. ...) NOT-FOR-US: 711cms CVE-2020-18459 RESERVED CVE-2020-18458 (Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0 ...) NOT-FOR-US: DamiCMS CVE-2020-18457 (Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 ...) NOT-FOR-US: bycms CVE-2020-18456 (Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via ...) NOT-FOR-US: PbootCMS CVE-2020-18455 (Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via th ...) NOT-FOR-US: bycms CVE-2020-18454 (Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admi ...) NOT-FOR-US: bycms CVE-2020-18453 RESERVED CVE-2020-18452 RESERVED CVE-2020-18451 (Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via ...) NOT-FOR-US: DamiCMS CVE-2020-18450 RESERVED CVE-2020-18449 (Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via d ...) NOT-FOR-US: UKCMS CVE-2020-18448 RESERVED CVE-2020-18447 RESERVED CVE-2020-18446 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...) NOT-FOR-US: YUNUCMS CVE-2020-18445 (Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via t ...) NOT-FOR-US: YUNUCMS CVE-2020-18444 RESERVED CVE-2020-18443 RESERVED CVE-2020-18442 (Infinite Loop in zziplib v0.13.69 allows remote attackers to cause a d ...) - zziplib 0.13.72+dfsg.1-1 [bullseye] - zziplib (Minor issue) [buster] - zziplib (Minor issue) [stretch] - zziplib (Minor issue, fix along with next DLA) NOTE: https://github.com/gdraheim/zziplib/issues/68 NOTE: https://github.com/gdraheim/zziplib/commit/ac9ae39ef419e9f0f83da1e583314d8c7cda34a6 NOTE: https://github.com/gdraheim/zziplib/commit/7e786544084548da7fcfcd9090d3c4e7f5777f7e NOTE: https://github.com/gdraheim/zziplib/commit/d453977f59ca59c61bf59dec28dd724498828f2a NOTE: https://github.com/gdraheim/zziplib/commit/0a9db9ded9d15fbdb63bf5cf451920d0a368c00e NOTE: https://github.com/gdraheim/zziplib/commit/a34a96fbda1e58fbec5c79f4c0b5063e031ce11d NOTE: https://github.com/gdraheim/zziplib/commit/fa1f78abe1b08544061204019016809664f2618c NOTE: https://github.com/gdraheim/zziplib/commit/f7a6fa9f0c29aecb4c2299568ed2e6094c34aca7 CVE-2020-18441 RESERVED CVE-2020-18440 (Buffer overflow vulnerability in framework/init.php in qinggan phpok 5 ...) NOT-FOR-US: qinggan phpok CVE-2020-18439 (An issue was discoverered in in function edit_save_f in framework/admi ...) NOT-FOR-US: qinggan phpok CVE-2020-18438 (Directory traversal vulnerability in qinggan phpok 5.1, allows attacke ...) NOT-FOR-US: qinggan phpok CVE-2020-18437 RESERVED CVE-2020-18436 RESERVED CVE-2020-18435 RESERVED CVE-2020-18434 RESERVED CVE-2020-18433 RESERVED CVE-2020-18432 RESERVED CVE-2020-18431 RESERVED CVE-2020-18430 (tinyexr 0.9.5 was discovered to contain an array index error in the ti ...) - tinyexr (Fixed with initial upload to Debian) NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#cve-2020-18430-out-of-memory-in-function-tinyexrdecodeexrimage-tinyexrh11046 NOTE: https://github.com/syoyo/tinyexr/issues/108 CVE-2020-18429 RESERVED CVE-2020-18428 (tinyexr commit 0.9.5 was discovered to contain an array index error in ...) - tinyexr (Fixed with initial upload to Debian) NOTE: https://github.com/ChijinZ/security_advisories/tree/master/tinyexr_65f9859#cve-2020-18428-out-of-range-in-function-tinyexrsaveexr-tinyexrh13107 NOTE: https://github.com/syoyo/tinyexr/issues/109 CVE-2020-18427 RESERVED CVE-2020-18426 RESERVED CVE-2020-18425 RESERVED CVE-2020-18424 RESERVED CVE-2020-18423 RESERVED CVE-2020-18422 RESERVED CVE-2020-18421 RESERVED CVE-2020-18420 RESERVED CVE-2020-18419 RESERVED CVE-2020-18418 RESERVED CVE-2020-18417 RESERVED CVE-2020-18416 RESERVED CVE-2020-18415 RESERVED CVE-2020-18414 RESERVED CVE-2020-18413 RESERVED CVE-2020-18412 RESERVED CVE-2020-18411 RESERVED CVE-2020-18410 RESERVED CVE-2020-18409 RESERVED CVE-2020-18408 RESERVED CVE-2020-18407 RESERVED CVE-2020-18406 RESERVED CVE-2020-18405 RESERVED CVE-2020-18404 RESERVED CVE-2020-18403 RESERVED CVE-2020-18402 RESERVED CVE-2020-18401 RESERVED CVE-2020-18400 RESERVED CVE-2020-18399 RESERVED CVE-2020-18398 RESERVED CVE-2020-18397 RESERVED CVE-2020-18396 RESERVED CVE-2020-18395 (A NULL-pointer deference issue was discovered in GNU_gama::set() in el ...) NOT-FOR-US: GNU Gama CVE-2020-18394 RESERVED CVE-2020-18393 RESERVED CVE-2020-18392 (Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows ...) NOT-FOR-US: Cesanta MJS CVE-2020-18391 RESERVED CVE-2020-18390 RESERVED CVE-2020-18389 RESERVED CVE-2020-18388 RESERVED CVE-2020-18387 RESERVED CVE-2020-18386 RESERVED CVE-2020-18385 RESERVED CVE-2020-18384 RESERVED CVE-2020-18383 RESERVED CVE-2020-18382 RESERVED CVE-2020-18381 RESERVED CVE-2020-18380 RESERVED CVE-2020-18379 RESERVED CVE-2020-18378 RESERVED CVE-2020-18377 RESERVED CVE-2020-18376 RESERVED CVE-2020-18375 RESERVED CVE-2020-18374 RESERVED CVE-2020-18373 RESERVED CVE-2020-18372 RESERVED CVE-2020-18371 RESERVED CVE-2020-18370 RESERVED CVE-2020-18369 RESERVED CVE-2020-18368 RESERVED CVE-2020-18367 RESERVED CVE-2020-18366 RESERVED CVE-2020-18365 RESERVED CVE-2020-18364 RESERVED CVE-2020-18363 RESERVED CVE-2020-18362 RESERVED CVE-2020-18361 RESERVED CVE-2020-18360 RESERVED CVE-2020-18359 RESERVED CVE-2020-18358 RESERVED CVE-2020-18357 RESERVED CVE-2020-18356 RESERVED CVE-2020-18355 RESERVED CVE-2020-18354 RESERVED CVE-2020-18353 RESERVED CVE-2020-18352 RESERVED CVE-2020-18351 RESERVED CVE-2020-18350 RESERVED CVE-2020-18349 RESERVED CVE-2020-18348 RESERVED CVE-2020-18347 RESERVED CVE-2020-18346 RESERVED CVE-2020-18345 RESERVED CVE-2020-18344 RESERVED CVE-2020-18343 RESERVED CVE-2020-18342 RESERVED CVE-2020-18341 RESERVED CVE-2020-18340 RESERVED CVE-2020-18339 RESERVED CVE-2020-18338 RESERVED CVE-2020-18337 RESERVED CVE-2020-18336 RESERVED CVE-2020-18335 RESERVED CVE-2020-18334 RESERVED CVE-2020-18333 RESERVED CVE-2020-18332 RESERVED CVE-2020-18331 RESERVED CVE-2020-18330 RESERVED CVE-2020-18329 RESERVED CVE-2020-18328 RESERVED CVE-2020-18327 RESERVED CVE-2020-18326 RESERVED CVE-2020-18325 RESERVED CVE-2020-18324 RESERVED CVE-2020-18323 RESERVED CVE-2020-18322 RESERVED CVE-2020-18321 RESERVED CVE-2020-18320 RESERVED CVE-2020-18319 RESERVED CVE-2020-18318 RESERVED CVE-2020-18317 RESERVED CVE-2020-18316 RESERVED CVE-2020-18315 RESERVED CVE-2020-18314 RESERVED CVE-2020-18313 RESERVED CVE-2020-18312 RESERVED CVE-2020-18311 RESERVED CVE-2020-18310 RESERVED CVE-2020-18309 RESERVED CVE-2020-18308 RESERVED CVE-2020-18307 RESERVED CVE-2020-18306 RESERVED CVE-2020-18305 RESERVED CVE-2020-18304 RESERVED CVE-2020-18303 RESERVED CVE-2020-18302 RESERVED CVE-2020-18301 RESERVED CVE-2020-18300 RESERVED CVE-2020-18299 RESERVED CVE-2020-18298 RESERVED CVE-2020-18297 RESERVED CVE-2020-18296 RESERVED CVE-2020-18295 RESERVED CVE-2020-18294 RESERVED CVE-2020-18293 RESERVED CVE-2020-18292 RESERVED CVE-2020-18291 RESERVED CVE-2020-18290 RESERVED CVE-2020-18289 RESERVED CVE-2020-18288 RESERVED CVE-2020-18287 RESERVED CVE-2020-18286 RESERVED CVE-2020-18285 RESERVED CVE-2020-18284 RESERVED CVE-2020-18283 RESERVED CVE-2020-18282 RESERVED CVE-2020-18281 RESERVED CVE-2020-18280 RESERVED CVE-2020-18279 RESERVED CVE-2020-18278 RESERVED CVE-2020-18277 RESERVED CVE-2020-18276 RESERVED CVE-2020-18275 RESERVED CVE-2020-18274 RESERVED CVE-2020-18273 RESERVED CVE-2020-18272 RESERVED CVE-2020-18271 RESERVED CVE-2020-18270 RESERVED CVE-2020-18269 RESERVED CVE-2020-18268 (Open Redirect in Z-BlogPHP v1.5.2 and earlier allows remote attackers ...) NOT-FOR-US: Z-BlogPHP CVE-2020-18267 RESERVED CVE-2020-18266 RESERVED CVE-2020-18265 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote att ...) NOT-FOR-US: Simple-Log CVE-2020-18264 (Cross Site Request Forgery (CSRF) in Simple-Log v1.6 allows remote att ...) NOT-FOR-US: Simple-Log CVE-2020-18263 (PHP-CMS v1.0 was discovered to contain a SQL injection vulnerability i ...) NOT-FOR-US: PHP-CMS CVE-2020-18262 (ED01-CMS v1.0 was discovered to contain a SQL injection in the compone ...) NOT-FOR-US: ED01-CMS CVE-2020-18261 (An arbitrary file upload vulnerability in the image upload function of ...) NOT-FOR-US: ED01-CMS CVE-2020-18260 RESERVED CVE-2020-18259 (ED01-CMS v1.0 was discovered to contain a reflective cross-site script ...) NOT-FOR-US: ED01-CMS CVE-2020-18258 RESERVED CVE-2020-18257 RESERVED CVE-2020-18256 RESERVED CVE-2020-18255 RESERVED CVE-2020-18254 RESERVED CVE-2020-18253 RESERVED CVE-2020-18252 RESERVED CVE-2020-18251 RESERVED CVE-2020-18250 RESERVED CVE-2020-18249 RESERVED CVE-2020-18248 RESERVED CVE-2020-18247 RESERVED CVE-2020-18246 RESERVED CVE-2020-18245 RESERVED CVE-2020-18244 RESERVED CVE-2020-18243 RESERVED CVE-2020-18242 RESERVED CVE-2020-18241 RESERVED CVE-2020-18240 RESERVED CVE-2020-18239 RESERVED CVE-2020-18238 RESERVED CVE-2020-18237 RESERVED CVE-2020-18236 RESERVED CVE-2020-18235 RESERVED CVE-2020-18234 RESERVED CVE-2020-18233 RESERVED CVE-2020-18232 RESERVED CVE-2020-18231 RESERVED CVE-2020-18230 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...) NOT-FOR-US: PHPMyWind CVE-2020-18229 (Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers t ...) NOT-FOR-US: PHPMyWind CVE-2020-18228 RESERVED CVE-2020-18227 RESERVED CVE-2020-18226 RESERVED CVE-2020-18225 RESERVED CVE-2020-18224 RESERVED CVE-2020-18223 RESERVED CVE-2020-18222 RESERVED CVE-2020-18221 (Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote ...) NOT-FOR-US: Typora CVE-2020-18220 (Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attack ...) NOT-FOR-US: DoraCMS CVE-2020-18219 RESERVED CVE-2020-18218 RESERVED CVE-2020-18217 RESERVED CVE-2020-18216 RESERVED CVE-2020-18215 (Multiple SQL Injection vulnerabilities in PHPSHE 1.7 in phpshe/admin.p ...) NOT-FOR-US: PHPSHE CVE-2020-18214 RESERVED CVE-2020-18213 RESERVED CVE-2020-18212 RESERVED CVE-2020-18211 RESERVED CVE-2020-18210 RESERVED CVE-2020-18209 RESERVED CVE-2020-18208 RESERVED CVE-2020-18207 RESERVED CVE-2020-18206 RESERVED CVE-2020-18205 RESERVED CVE-2020-18204 RESERVED CVE-2020-18203 RESERVED CVE-2020-18202 RESERVED CVE-2020-18201 RESERVED CVE-2020-18200 RESERVED CVE-2020-18199 RESERVED CVE-2020-18198 (Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote at ...) NOT-FOR-US: Pluck CMS CVE-2020-18197 RESERVED CVE-2020-18196 RESERVED CVE-2020-18195 (Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote at ...) NOT-FOR-US: Pluck CMS CVE-2020-18194 (Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to ...) NOT-FOR-US: emlog CVE-2020-18193 RESERVED CVE-2020-18192 RESERVED CVE-2020-18191 (GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attacke ...) NOT-FOR-US: GetSimple CMS CVE-2020-18190 (Bludit v3.8.1 is affected by directory traversal. Remote attackers are ...) NOT-FOR-US: Bludit CVE-2020-18189 RESERVED CVE-2020-18188 RESERVED CVE-2020-18187 RESERVED CVE-2020-18186 RESERVED CVE-2020-18185 (class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrar ...) - pluxml (unimportant; bug #973382) NOTE: https://github.com/pluxml/PluXml/issues/321 NOTE: The attack vector is a little unusual but it would be quite expected that NOTE: the admin can execute arbitrary php code. CVE-2020-18184 (In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_ ...) - pluxml (unimportant; bug #973382) NOTE: https://github.com/pluxml/PluXml/issues/320 NOTE: One could question whether this is a vulnerability at all. The NOTE: developer documentation describes this as expected behavior. CVE-2020-18183 RESERVED CVE-2020-18182 RESERVED CVE-2020-18181 RESERVED CVE-2020-18180 RESERVED CVE-2020-18179 RESERVED CVE-2020-18178 (Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit ...) NOT-FOR-US: HongCMS CVE-2020-18177 RESERVED CVE-2020-18176 RESERVED CVE-2020-18175 (SQL Injection vulnerability in Metinfo 6.1.3 via a dosafety_emailadd a ...) NOT-FOR-US: Metinfo CVE-2020-18174 (A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 ...) NOT-FOR-US: AutoHotkey CVE-2020-18173 (A DLL injection vulnerability in 1password.dll of 1Password 7.3.712 al ...) NOT-FOR-US: 1Password CVE-2020-18172 (A code injection vulnerability in the SeDebugPrivilege component of Tr ...) NOT-FOR-US: Trezor Bridge CVE-2020-18171 (** DISPUTED ** TechSmith Snagit 19.1.0.2653 uses Object Linking and Em ...) NOT-FOR-US: TechSmith Snagit CVE-2020-18170 (An issue in the SeChangeNotifyPrivilege component of Abloy Key Manager ...) NOT-FOR-US: Abloy Key Manager CVE-2020-18169 (** DISPUTED ** A vulnerability in the Windows installer XML (WiX) tool ...) NOT-FOR-US: TechSmith Snagit CVE-2020-18168 RESERVED CVE-2020-18167 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...) NOT-FOR-US: LAOBANCMS CVE-2020-18166 (Unrestricted File Upload in LAOBANCMS v2.0 allows remote attackers to ...) NOT-FOR-US: LAOBANCMS CVE-2020-18165 (Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers t ...) NOT-FOR-US: LAOBANCMS CVE-2020-18164 (SQL Injection vulnerability exists in tp-shop 2.x-3.x via the /index.p ...) NOT-FOR-US: tp-shop CVE-2020-18163 RESERVED CVE-2020-18162 RESERVED CVE-2020-18161 RESERVED CVE-2020-18160 RESERVED CVE-2020-18159 RESERVED CVE-2020-18158 (Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname ...) NOT-FOR-US: HuCart CVE-2020-18157 (Cross Site Request Forgery (CSRF) vulnerability in MetInfo 6.1.3 via a ...) NOT-FOR-US: MetInfo CVE-2020-18156 RESERVED CVE-2020-18155 (SQL Injection vulnerability in Subrion CMS v4.2.1 in the search page i ...) NOT-FOR-US: Subrion CMS CVE-2020-18154 RESERVED CVE-2020-18153 RESERVED CVE-2020-18152 RESERVED CVE-2020-18151 (Cross Site Request Forgerly (CSRF) vulnerability in ThinkCMF v5.1.0, w ...) NOT-FOR-US: ThinkCMF CVE-2020-18150 RESERVED CVE-2020-18149 RESERVED CVE-2020-18148 RESERVED CVE-2020-18147 RESERVED CVE-2020-18146 RESERVED CVE-2020-18145 (Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /publi ...) NOT-FOR-US: umeditor CVE-2020-18144 (SQL Injection Vulnerability in ECTouch v2 via the integral_min paramet ...) NOT-FOR-US: ECTouch CVE-2020-18143 RESERVED CVE-2020-18142 RESERVED CVE-2020-18141 RESERVED CVE-2020-18140 RESERVED CVE-2020-18139 RESERVED CVE-2020-18138 RESERVED CVE-2020-18137 RESERVED CVE-2020-18136 RESERVED CVE-2020-18135 RESERVED CVE-2020-18134 RESERVED CVE-2020-18133 RESERVED CVE-2020-18132 RESERVED CVE-2020-18131 RESERVED CVE-2020-18130 RESERVED CVE-2020-18129 (A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an ad ...) NOT-FOR-US: Eyoucms CVE-2020-18128 RESERVED CVE-2020-18127 (An issue in the /config/config.php component of Indexhibit 2.1.5 allow ...) NOT-FOR-US: Indexhibit CVE-2020-18126 (Multiple stored cross-site scripting (XSS) vulnerabilities in the Sect ...) NOT-FOR-US: Indexhibit CVE-2020-18125 (A reflected cross-site scripting (XSS) vulnerability in the /plugin/aj ...) NOT-FOR-US: Indexhibit CVE-2020-18124 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 ...) NOT-FOR-US: Indexhibit CVE-2020-18123 (A cross-site request forgery (CSRF) vulnerability in Indexhibit 2.1.5 ...) NOT-FOR-US: Indexhibit CVE-2020-18122 RESERVED CVE-2020-18121 (A configuration issue in Indexhibit 2.1.5 allows authenticated attacke ...) NOT-FOR-US: Indexhibit CVE-2020-18120 RESERVED CVE-2020-18119 RESERVED CVE-2020-18118 RESERVED CVE-2020-18117 RESERVED CVE-2020-18116 (A lack of filtering for searched keywords in the search bar of YouDian ...) NOT-FOR-US: YouDianCMS CVE-2020-18115 RESERVED CVE-2020-18114 (An arbitrary file upload vulnerability in the /uploads/dede component ...) NOT-FOR-US: DedeCMS CVE-2020-18113 RESERVED CVE-2020-18112 RESERVED CVE-2020-18111 RESERVED CVE-2020-18110 RESERVED CVE-2020-18109 RESERVED CVE-2020-18108 RESERVED CVE-2020-18107 RESERVED CVE-2020-18106 (The GET parameter "id" in WMS v1.0 is passed without filtering, which ...) NOT-FOR-US: WMS NOTE: https://github.com/FeMiner/wms CVE-2020-18105 RESERVED CVE-2020-18104 RESERVED CVE-2020-18103 RESERVED CVE-2020-18102 (Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attacke ...) NOT-FOR-US: Hotels_Server CVE-2020-18101 RESERVED CVE-2020-18100 RESERVED CVE-2020-18099 RESERVED CVE-2020-18098 RESERVED CVE-2020-18097 RESERVED CVE-2020-18096 RESERVED CVE-2020-18095 RESERVED CVE-2020-18094 RESERVED CVE-2020-18093 RESERVED CVE-2020-18092 RESERVED CVE-2020-18091 RESERVED CVE-2020-18090 RESERVED CVE-2020-18089 RESERVED CVE-2020-18088 RESERVED CVE-2020-18087 RESERVED CVE-2020-18086 RESERVED CVE-2020-18085 RESERVED CVE-2020-18084 (Cross Site Scripting (XSS) in yzmCMS v5.2 allows remote attackers to e ...) NOT-FOR-US: yzmCMS CVE-2020-18083 RESERVED CVE-2020-18082 RESERVED CVE-2020-18081 RESERVED CVE-2020-18080 RESERVED CVE-2020-18079 RESERVED CVE-2020-18078 RESERVED CVE-2020-18077 RESERVED CVE-2020-18076 RESERVED CVE-2020-18075 RESERVED CVE-2020-18074 RESERVED CVE-2020-18073 RESERVED CVE-2020-18072 RESERVED CVE-2020-18071 RESERVED CVE-2020-18070 (Path Traversal in iCMS v7.0.13 allows remote attackers to delete folde ...) NOT-FOR-US: iCMS CVE-2020-18069 RESERVED CVE-2020-18068 RESERVED CVE-2020-18067 RESERVED CVE-2020-18066 (Cross Site Scripting vulnerability in ZrLog 2.1.0 via the (1) userName ...) NOT-FOR-US: Zrlog CVE-2020-18065 (Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in ...) NOT-FOR-US: PopojiCMS CVE-2020-18064 RESERVED CVE-2020-18063 RESERVED CVE-2020-18062 RESERVED CVE-2020-18061 RESERVED CVE-2020-18060 RESERVED CVE-2020-18059 RESERVED CVE-2020-18058 RESERVED CVE-2020-18057 RESERVED CVE-2020-18056 RESERVED CVE-2020-18055 RESERVED CVE-2020-18054 RESERVED CVE-2020-18053 RESERVED CVE-2020-18052 RESERVED CVE-2020-18051 RESERVED CVE-2020-18050 RESERVED CVE-2020-18049 RESERVED CVE-2020-18048 (An issue in craigms/main.php of CraigMS 1.0 allows attackers to execut ...) NOT-FOR-US: CraigMS NOTE: https://github.com/bertanddip/CraigMS CVE-2020-18047 RESERVED CVE-2020-18046 RESERVED CVE-2020-18045 RESERVED CVE-2020-18044 RESERVED CVE-2020-18043 RESERVED CVE-2020-18042 RESERVED CVE-2020-18041 RESERVED CVE-2020-18040 RESERVED CVE-2020-18039 RESERVED CVE-2020-18038 RESERVED CVE-2020-18037 RESERVED CVE-2020-18036 RESERVED CVE-2020-18035 (Cross Site Scripting (XSS) in Jeesns v1.4.2 allows remote attackers to ...) NOT-FOR-US: Jeesns CVE-2020-18034 RESERVED CVE-2020-18033 RESERVED CVE-2020-18032 (Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f ...) {DSA-4914-1 DLA-2659-1} - graphviz 2.42.2-5 (bug #988000) NOTE: https://gitlab.com/graphviz/graphviz/-/issues/1700 NOTE: https://gitlab.com/graphviz/graphviz/-/commit/784411ca3655c80da0f6025ab20634b2a6ff696b CVE-2020-18031 RESERVED CVE-2020-18030 RESERVED CVE-2020-18029 RESERVED CVE-2020-18028 RESERVED CVE-2020-18027 RESERVED CVE-2020-18026 RESERVED CVE-2020-18025 RESERVED CVE-2020-18024 RESERVED CVE-2020-18023 RESERVED CVE-2020-18022 (Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows r ...) NOT-FOR-US: Qibosoft QiboCMS CVE-2020-18021 RESERVED CVE-2020-18020 (SQL Injection in PHPSHE Mall System v1.7 allows remote attackers to ex ...) NOT-FOR-US: PHPSHE Mall System CVE-2020-18019 (SQL Injection in Xinhu OA System v1.8.3 allows remote attackers to obt ...) NOT-FOR-US: Xinhu OA System CVE-2020-18018 RESERVED CVE-2020-18017 RESERVED CVE-2020-18016 RESERVED CVE-2020-18015 RESERVED CVE-2020-18014 RESERVED CVE-2020-18013 (SQL Injextion vulnerability exists in Whatsns 4.0 via the ip parameter ...) NOT-FOR-US: Whatsns CVE-2020-18012 RESERVED CVE-2020-18011 RESERVED CVE-2020-18010 RESERVED CVE-2020-18009 RESERVED CVE-2020-18008 RESERVED CVE-2020-18007 RESERVED CVE-2020-18006 RESERVED CVE-2020-18005 RESERVED CVE-2020-18004 RESERVED CVE-2020-18003 RESERVED CVE-2020-18002 RESERVED CVE-2020-18001 RESERVED CVE-2020-18000 RESERVED CVE-2020-17999 (Cross Site Scripting (XSS) in MiniCMS v1.10 allows remote attackers to ...) NOT-FOR-US: MiniCMS CVE-2020-17998 RESERVED CVE-2020-17997 RESERVED CVE-2020-17996 RESERVED CVE-2020-17995 RESERVED CVE-2020-17994 RESERVED CVE-2020-17993 RESERVED CVE-2020-17992 RESERVED CVE-2020-17991 RESERVED CVE-2020-17990 RESERVED CVE-2020-17989 RESERVED CVE-2020-17988 RESERVED CVE-2020-17987 RESERVED CVE-2020-17986 RESERVED CVE-2020-17985 RESERVED CVE-2020-17984 RESERVED CVE-2020-17983 RESERVED CVE-2020-17982 RESERVED CVE-2020-17981 RESERVED CVE-2020-17980 RESERVED CVE-2020-17979 RESERVED CVE-2020-17978 RESERVED CVE-2020-17977 RESERVED CVE-2020-17976 RESERVED CVE-2020-17975 RESERVED CVE-2020-17974 RESERVED CVE-2020-17973 RESERVED CVE-2020-17972 RESERVED CVE-2020-17971 RESERVED CVE-2020-17970 RESERVED CVE-2020-17969 RESERVED CVE-2020-17968 RESERVED CVE-2020-17967 RESERVED CVE-2020-17966 RESERVED CVE-2020-17965 RESERVED CVE-2020-17964 RESERVED CVE-2020-17963 RESERVED CVE-2020-17962 RESERVED CVE-2020-17961 RESERVED CVE-2020-17960 RESERVED CVE-2020-17959 RESERVED CVE-2020-17958 RESERVED CVE-2020-17957 RESERVED CVE-2020-17956 RESERVED CVE-2020-17955 RESERVED CVE-2020-17954 RESERVED CVE-2020-17953 RESERVED CVE-2020-17952 (A remote code execution (RCE) vulnerability in /library/think/App.php ...) NOT-FOR-US: Twothink CVE-2020-17951 RESERVED CVE-2020-17950 RESERVED CVE-2020-17949 RESERVED CVE-2020-17948 RESERVED CVE-2020-17947 RESERVED CVE-2020-17946 RESERVED CVE-2020-17945 RESERVED CVE-2020-17944 RESERVED CVE-2020-17943 RESERVED CVE-2020-17942 RESERVED CVE-2020-17941 RESERVED CVE-2020-17940 RESERVED CVE-2020-17939 RESERVED CVE-2020-17938 RESERVED CVE-2020-17937 RESERVED CVE-2020-17936 RESERVED CVE-2020-17935 RESERVED CVE-2020-17934 RESERVED CVE-2020-17933 RESERVED CVE-2020-17932 RESERVED CVE-2020-17931 RESERVED CVE-2020-17930 RESERVED CVE-2020-17929 RESERVED CVE-2020-17928 RESERVED CVE-2020-17927 RESERVED CVE-2020-17926 RESERVED CVE-2020-17925 RESERVED CVE-2020-17924 RESERVED CVE-2020-17923 RESERVED CVE-2020-17922 RESERVED CVE-2020-17921 RESERVED CVE-2020-17920 RESERVED CVE-2020-17919 RESERVED CVE-2020-17918 RESERVED CVE-2020-17917 RESERVED CVE-2020-17916 RESERVED CVE-2020-17915 RESERVED CVE-2020-17914 RESERVED CVE-2020-17913 RESERVED CVE-2020-17912 RESERVED CVE-2020-17911 RESERVED CVE-2020-17910 RESERVED CVE-2020-17909 RESERVED CVE-2020-17908 RESERVED CVE-2020-17907 RESERVED CVE-2020-17906 RESERVED CVE-2020-17905 RESERVED CVE-2020-17904 RESERVED CVE-2020-17903 RESERVED CVE-2020-17902 RESERVED CVE-2020-17901 (Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers t ...) NOT-FOR-US: PbootCMS CVE-2020-17900 RESERVED CVE-2020-17899 RESERVED CVE-2020-17898 RESERVED CVE-2020-17897 RESERVED CVE-2020-17896 RESERVED CVE-2020-17895 RESERVED CVE-2020-17894 RESERVED CVE-2020-17893 RESERVED CVE-2020-17892 RESERVED CVE-2020-17891 (TP-Link Archer C1200 firmware version 1.13 Build 2018/01/24 rel.52299 ...) NOT-FOR-US: TP-Link CVE-2020-17890 RESERVED CVE-2020-17889 RESERVED CVE-2020-17888 RESERVED CVE-2020-17887 RESERVED CVE-2020-17886 RESERVED CVE-2020-17885 RESERVED CVE-2020-17884 RESERVED CVE-2020-17883 RESERVED CVE-2020-17882 RESERVED CVE-2020-17881 RESERVED CVE-2020-17880 RESERVED CVE-2020-17879 RESERVED CVE-2020-17878 RESERVED CVE-2020-17877 RESERVED CVE-2020-17876 RESERVED CVE-2020-17875 RESERVED CVE-2020-17874 RESERVED CVE-2020-17873 RESERVED CVE-2020-17872 RESERVED CVE-2020-17871 RESERVED CVE-2020-17870 RESERVED CVE-2020-17869 RESERVED CVE-2020-17868 RESERVED CVE-2020-17867 RESERVED CVE-2020-17866 RESERVED CVE-2020-17865 RESERVED CVE-2020-17864 RESERVED CVE-2020-17863 RESERVED CVE-2020-17862 RESERVED CVE-2020-17861 RESERVED CVE-2020-17860 RESERVED CVE-2020-17859 RESERVED CVE-2020-17858 RESERVED CVE-2020-17857 RESERVED CVE-2020-17856 RESERVED CVE-2020-17855 RESERVED CVE-2020-17854 RESERVED CVE-2020-17853 RESERVED CVE-2020-17852 RESERVED CVE-2020-17851 RESERVED CVE-2020-17850 RESERVED CVE-2020-17849 RESERVED CVE-2020-17848 RESERVED CVE-2020-17847 RESERVED CVE-2020-17846 RESERVED CVE-2020-17845 RESERVED CVE-2020-17844 RESERVED CVE-2020-17843 RESERVED CVE-2020-17842 RESERVED CVE-2020-17841 RESERVED CVE-2020-17840 RESERVED CVE-2020-17839 RESERVED CVE-2020-17838 RESERVED CVE-2020-17837 RESERVED CVE-2020-17836 RESERVED CVE-2020-17835 RESERVED CVE-2020-17834 RESERVED CVE-2020-17833 RESERVED CVE-2020-17832 RESERVED CVE-2020-17831 RESERVED CVE-2020-17830 RESERVED CVE-2020-17829 RESERVED CVE-2020-17828 RESERVED CVE-2020-17827 RESERVED CVE-2020-17826 RESERVED CVE-2020-17825 RESERVED CVE-2020-17824 RESERVED CVE-2020-17823 RESERVED CVE-2020-17822 RESERVED CVE-2020-17821 RESERVED CVE-2020-17820 RESERVED CVE-2020-17819 RESERVED CVE-2020-17818 RESERVED CVE-2020-17817 RESERVED CVE-2020-17816 RESERVED CVE-2020-17815 RESERVED CVE-2020-17814 RESERVED CVE-2020-17813 RESERVED CVE-2020-17812 RESERVED CVE-2020-17811 RESERVED CVE-2020-17810 RESERVED CVE-2020-17809 RESERVED CVE-2020-17808 RESERVED CVE-2020-17807 RESERVED CVE-2020-17806 RESERVED CVE-2020-17805 RESERVED CVE-2020-17804 RESERVED CVE-2020-17803 RESERVED CVE-2020-17802 RESERVED CVE-2020-17801 RESERVED CVE-2020-17800 RESERVED CVE-2020-17799 RESERVED CVE-2020-17798 RESERVED CVE-2020-17797 RESERVED CVE-2020-17796 RESERVED CVE-2020-17795 RESERVED CVE-2020-17794 RESERVED CVE-2020-17793 RESERVED CVE-2020-17792 RESERVED CVE-2020-17791 RESERVED CVE-2020-17790 RESERVED CVE-2020-17789 RESERVED CVE-2020-17788 RESERVED CVE-2020-17787 RESERVED CVE-2020-17786 RESERVED CVE-2020-17785 RESERVED CVE-2020-17784 RESERVED CVE-2020-17783 RESERVED CVE-2020-17782 RESERVED CVE-2020-17781 RESERVED CVE-2020-17780 RESERVED CVE-2020-17779 RESERVED CVE-2020-17778 RESERVED CVE-2020-17777 RESERVED CVE-2020-17776 RESERVED CVE-2020-17775 RESERVED CVE-2020-17774 RESERVED CVE-2020-17773 RESERVED CVE-2020-17772 RESERVED CVE-2020-17771 RESERVED CVE-2020-17770 RESERVED CVE-2020-17769 RESERVED CVE-2020-17768 RESERVED CVE-2020-17767 RESERVED CVE-2020-17766 RESERVED CVE-2020-17765 RESERVED CVE-2020-17764 RESERVED CVE-2020-17763 RESERVED CVE-2020-17762 RESERVED CVE-2020-17761 RESERVED CVE-2020-17760 RESERVED CVE-2020-17759 (An issue was found in the Evernote client for Windows 10, 7, and 2008 ...) NOT-FOR-US: Evernote CVE-2020-17758 RESERVED CVE-2020-17757 RESERVED CVE-2020-17756 RESERVED CVE-2020-17755 RESERVED CVE-2020-17754 RESERVED CVE-2020-17753 (An issue was discovered in function addMeByRC in the smart contract im ...) NOT-FOR-US: some Ethereum token CVE-2020-17752 (Integer overflow vulnerability in payable function of a smart contract ...) NOT-FOR-US: some Ethereum token CVE-2020-17751 RESERVED CVE-2020-17750 RESERVED CVE-2020-17749 RESERVED CVE-2020-17748 RESERVED CVE-2020-17747 RESERVED CVE-2020-17746 RESERVED CVE-2020-17745 RESERVED CVE-2020-17744 RESERVED CVE-2020-17743 RESERVED CVE-2020-17742 RESERVED CVE-2020-17741 RESERVED CVE-2020-17740 RESERVED CVE-2020-17739 RESERVED CVE-2020-17738 RESERVED CVE-2020-17737 RESERVED CVE-2020-17736 RESERVED CVE-2020-17735 RESERVED CVE-2020-17734 RESERVED CVE-2020-17733 RESERVED CVE-2020-17732 RESERVED CVE-2020-17731 RESERVED CVE-2020-17730 RESERVED CVE-2020-17729 RESERVED CVE-2020-17728 RESERVED CVE-2020-17727 RESERVED CVE-2020-17726 RESERVED CVE-2020-17725 RESERVED CVE-2020-17724 RESERVED CVE-2020-17723 RESERVED CVE-2020-17722 RESERVED CVE-2020-17721 RESERVED CVE-2020-17720 RESERVED CVE-2020-17719 RESERVED CVE-2020-17718 RESERVED CVE-2020-17717 RESERVED CVE-2020-17716 RESERVED CVE-2020-17715 RESERVED CVE-2020-17714 RESERVED CVE-2020-17713 RESERVED CVE-2020-17712 RESERVED CVE-2020-17711 RESERVED CVE-2020-17710 RESERVED CVE-2020-17709 RESERVED CVE-2020-17708 RESERVED CVE-2020-17707 RESERVED CVE-2020-17706 RESERVED CVE-2020-17705 RESERVED CVE-2020-17704 RESERVED CVE-2020-17703 RESERVED CVE-2020-17702 RESERVED CVE-2020-17701 RESERVED CVE-2020-17700 RESERVED CVE-2020-17699 RESERVED CVE-2020-17698 RESERVED CVE-2020-17697 RESERVED CVE-2020-17696 RESERVED CVE-2020-17695 RESERVED CVE-2020-17694 RESERVED CVE-2020-17693 RESERVED CVE-2020-17692 RESERVED CVE-2020-17691 RESERVED CVE-2020-17690 RESERVED CVE-2020-17689 RESERVED CVE-2020-17688 RESERVED CVE-2020-17687 RESERVED CVE-2020-17686 RESERVED CVE-2020-17685 RESERVED CVE-2020-17684 RESERVED CVE-2020-17683 RESERVED CVE-2020-17682 RESERVED CVE-2020-17681 RESERVED CVE-2020-17680 RESERVED CVE-2020-17679 RESERVED CVE-2020-17678 RESERVED CVE-2020-17677 RESERVED CVE-2020-17676 RESERVED CVE-2020-17675 RESERVED CVE-2020-17674 RESERVED CVE-2020-17673 RESERVED CVE-2020-17672 RESERVED CVE-2020-17671 RESERVED CVE-2020-17670 RESERVED CVE-2020-17669 RESERVED CVE-2020-17668 RESERVED CVE-2020-17667 RESERVED CVE-2020-17666 RESERVED CVE-2020-17665 RESERVED CVE-2020-17664 RESERVED CVE-2020-17663 RESERVED CVE-2020-17662 RESERVED CVE-2020-17661 RESERVED CVE-2020-17660 RESERVED CVE-2020-17659 RESERVED CVE-2020-17658 RESERVED CVE-2020-17657 RESERVED CVE-2020-17656 RESERVED CVE-2020-17655 RESERVED CVE-2020-17654 RESERVED CVE-2020-17653 RESERVED CVE-2020-17652 RESERVED CVE-2020-17651 RESERVED CVE-2020-17650 RESERVED CVE-2020-17649 RESERVED CVE-2020-17648 RESERVED CVE-2020-17647 RESERVED CVE-2020-17646 RESERVED CVE-2020-17645 RESERVED CVE-2020-17644 RESERVED CVE-2020-17643 RESERVED CVE-2020-17642 RESERVED CVE-2020-17641 RESERVED CVE-2020-17640 RESERVED CVE-2020-17639 RESERVED CVE-2020-17638 RESERVED CVE-2020-17637 RESERVED CVE-2020-17636 RESERVED CVE-2020-17635 RESERVED CVE-2020-17634 RESERVED CVE-2020-17633 RESERVED CVE-2020-17632 RESERVED CVE-2020-17631 RESERVED CVE-2020-17630 RESERVED CVE-2020-17629 RESERVED CVE-2020-17628 RESERVED CVE-2020-17627 RESERVED CVE-2020-17626 RESERVED CVE-2020-17625 RESERVED CVE-2020-17624 RESERVED CVE-2020-17623 RESERVED CVE-2020-17622 RESERVED CVE-2020-17621 RESERVED CVE-2020-17620 RESERVED CVE-2020-17619 RESERVED CVE-2020-17618 RESERVED CVE-2020-17617 RESERVED CVE-2020-17616 RESERVED CVE-2020-17615 RESERVED CVE-2020-17614 RESERVED CVE-2020-17613 RESERVED CVE-2020-17612 RESERVED CVE-2020-17611 RESERVED CVE-2020-17610 RESERVED CVE-2020-17609 RESERVED CVE-2020-17608 RESERVED CVE-2020-17607 RESERVED CVE-2020-17606 RESERVED CVE-2020-17605 RESERVED CVE-2020-17604 RESERVED CVE-2020-17603 RESERVED CVE-2020-17602 RESERVED CVE-2020-17601 RESERVED CVE-2020-17600 RESERVED CVE-2020-17599 RESERVED CVE-2020-17598 RESERVED CVE-2020-17597 RESERVED CVE-2020-17596 RESERVED CVE-2020-17595 RESERVED CVE-2020-17594 RESERVED CVE-2020-17593 RESERVED CVE-2020-17592 RESERVED CVE-2020-17591 RESERVED CVE-2020-17590 RESERVED CVE-2020-17589 RESERVED CVE-2020-17588 RESERVED CVE-2020-17587 RESERVED CVE-2020-17586 RESERVED CVE-2020-17585 RESERVED CVE-2020-17584 RESERVED CVE-2020-17583 RESERVED CVE-2020-17582 RESERVED CVE-2020-17581 RESERVED CVE-2020-17580 RESERVED CVE-2020-17579 RESERVED CVE-2020-17578 RESERVED CVE-2020-17577 RESERVED CVE-2020-17576 RESERVED CVE-2020-17575 RESERVED CVE-2020-17574 RESERVED CVE-2020-17573 RESERVED CVE-2020-17572 RESERVED CVE-2020-17571 RESERVED CVE-2020-17570 RESERVED CVE-2020-17569 RESERVED CVE-2020-17568 RESERVED CVE-2020-17567 RESERVED CVE-2020-17566 RESERVED CVE-2020-17565 RESERVED CVE-2020-17564 (Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arb ...) NOT-FOR-US: FeiFeiCMS CVE-2020-17563 (Path Traversal in FeiFeiCMS v4.0 allows remote attackers to delete arb ...) NOT-FOR-US: FeiFeiCMS CVE-2020-17562 RESERVED CVE-2020-17561 RESERVED CVE-2020-17560 RESERVED CVE-2020-17559 RESERVED CVE-2020-17558 RESERVED CVE-2020-17557 RESERVED CVE-2020-17556 RESERVED CVE-2020-17555 RESERVED CVE-2020-17554 RESERVED CVE-2020-17553 RESERVED CVE-2020-17552 RESERVED CVE-2020-17551 (ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which ...) NOT-FOR-US: ImpressCMS CVE-2020-17550 RESERVED CVE-2020-17549 RESERVED CVE-2020-17548 RESERVED CVE-2020-17547 RESERVED CVE-2020-17546 RESERVED CVE-2020-17545 RESERVED CVE-2020-17544 RESERVED CVE-2020-17543 RESERVED CVE-2020-17542 (Cross Site Scripting (XSS) in dotCMS v5.1.5 allows remote attackers to ...) NOT-FOR-US: dotCMS CVE-2020-17541 (Libjpeg-turbo all version have a stack-based buffer overflow in the "t ...) - libjpeg-turbo 1:2.0.5-1 (unimportant) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/c76f4a08263b0cea40d2967560ac7c21f6959079 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/392 CVE-2020-17540 RESERVED CVE-2020-17539 RESERVED CVE-2020-17538 (A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/g ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51) NOTE: chunk #1, see also CVE-2020-16296 CVE-2020-17537 REJECTED CVE-2020-17536 REJECTED CVE-2020-17535 REJECTED CVE-2020-17534 (There exists a race condition between the deletion of the temporary fi ...) NOT-FOR-US: netbeans-html4j CVE-2020-17533 (Apache Accumulo versions 1.5.0 through 1.10.0 and version 2.0.0 do not ...) NOT-FOR-US: Apache Accumulo CVE-2020-17532 (When handler-router component is enabled in servicecomb-java-chassis, ...) NOT-FOR-US: servicecomb-java-chassis CVE-2020-17531 (A Java Serialization vulnerability was found in Apache Tapestry 4. Apa ...) NOT-FOR-US: Apache Tapestry CVE-2020-17530 (Forced OGNL evaluation, when evaluated on raw user input in tag attrib ...) - libstruts1.2-java (Specific to 2.x) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-061 CVE-2020-17529 (Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incuba ...) NOT-FOR-US: Apache NuttX CVE-2020-17528 (Out-of-bounds Write vulnerability in TCP stack of Apache NuttX (incuba ...) NOT-FOR-US: Apache NuttX CVE-2020-17527 (While investigating bug 64830 it was discovered that Apache Tomcat 10. ...) {DSA-4835-1 DLA-2495-1} - tomcat9 9.0.40-1 - tomcat8 NOTE: https://github.com/apache/tomcat/commit/d56293f816d6dc9e2b47107f208fa9e95db58c65 (9.0.40) NOTE: https://github.com/apache/tomcat/commit/21e3408671aac7e0d7e264e720cac8b1b189eb29 (8.5.60) CVE-2020-17526 (Incorrect Session Validation in Apache Airflow Webserver versions prio ...) - airflow (bug #819700) CVE-2020-17525 (Subversion's mod_authz_svn module will crash if the server is using in ...) {DSA-4851-1 DLA-2646-1} - subversion 1.14.1-1 (bug #982464) NOTE: https://subversion.apache.org/security/CVE-2020-17525-advisory.txt CVE-2020-17524 REJECTED CVE-2020-17523 (Apache Shiro before 1.7.1, when using Apache Shiro with Spring, a spec ...) - shiro (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2021/02/01/3 NOTE: https://issues.apache.org/jira/browse/SHIRO-797 CVE-2020-17522 (When ORT (now via atstccfg) generates ip_allow.config files in Apache ...) NOT-FOR-US: Apache Traffic Control CVE-2020-17521 (Apache Groovy provides extension methods to aid with creating temporar ...) - groovy 2.4.21-1 (bug #977399) [buster] - groovy (Minor issue) [stretch] - groovy (Minor issue) - groovy2 NOTE: https://issues.apache.org/jira/browse/GROOVY-9824 NOTE: https://www.openwall.com/lists/oss-security/2020/12/06/1 NOTE: https://github.com/apache/groovy/commit/4e418d4a34c973a7ec1e822552103043ac13780e (GROOVY_2_4_21) CVE-2020-17520 (In the Pulsar manager 0.1.0 version, malicious users will be able to b ...) NOT-FOR-US: Apache Pulsar CVE-2020-17519 (A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and ...) NOT-FOR-US: Apache Flink CVE-2020-17518 (Apache Flink 1.5.1 introduced a REST handler that allows you to write ...) NOT-FOR-US: Apache Flink CVE-2020-17517 (The S3 buckets and keys in a secure Apache Ozone Cluster must be inacc ...) NOT-FOR-US: Apache Ozone CVE-2020-17516 (Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3 ...) - cassandra (bug #585905) CVE-2020-17515 (The "origin" parameter passed to some of the endpoints like '/trigger' ...) - airflow (bug #819700) CVE-2020-17514 (Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ...) NOT-FOR-US: Apache Fineract CVE-2020-17513 (In Apache Airflow versions prior to 1.10.13, the Charts and Query View ...) - airflow (bug #819700) CVE-2020-17512 RESERVED CVE-2020-17511 (In Airflow versions prior to 1.10.13, when creating a user using airfl ...) - airflow (bug #819700) CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...) {DLA-2726-1} - shiro 1.3.2-5 (bug #988728) [bullseye] - shiro 1.3.2-4+deb11u1 [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7 NOTE: https://lists.apache.org/thread.html/rc2cff2538b683d480426393eecf1ce8dd80e052fbef49303b4f47171%40%3Cdev.shiro.apache.org%3E NOTE: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12349284&styleName=Text&projectId=12310950 CVE-2020-17509 (ATS negative cache option is vulnerable to a cache poisoning attack. I ...) {DSA-4805-1} - trafficserver 8.1.1+ds-1 NOTE: https://github.com/apache/trafficserver/pull/7359 NOTE: https://lists.apache.org/thread.html/raa9f0589c26c4d146646425e51e2a33e1457492df9f7ea2019daa6d3%40%3Cdev.trafficserver.apache.org%3E CVE-2020-17508 (The ATS ESI plugin has a memory disclosure vulnerability. If you are r ...) {DSA-4805-1} - trafficserver 8.1.1+ds-1 NOTE: https://github.com/apache/trafficserver/pull/7358 NOTE: https://lists.apache.org/thread.html/r65434f7acca3aebf81b0588587149c893fe9f8f9f159eaa7364a70ff%40%3Cdev.trafficserver.apache.org%3E CVE-2020-17507 (An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15. ...) {DLA-2377-1 DLA-2376-1} - qtbase-opensource-src 5.14.2+dfsg-6 (bug #968444) [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u4 - qt4-x11 (bug #970308) [buster] - qt4-x11 4:4.8.7+dfsg-18+deb10u1 NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308436 (dev branch) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308496 (5.15 branch) NOTE: https://codereview.qt-project.org/c/qt/qtbase/+/308495 (5.12 branch) CVE-2020-17506 (Artica Web Proxy 4.30.00000000 allows remote attacker to bypass privil ...) NOT-FOR-US: Artica Web Proxy CVE-2020-17505 (Artica Web Proxy 4.30.000000 allows an authenticated remote attacker t ...) NOT-FOR-US: Artica Web Proxy CVE-2020-17504 (The NDN-210 has a web administration panel which is made available ove ...) NOT-FOR-US: Barco CVE-2020-17503 (The NDN-210 has a web administration panel which is made available ove ...) NOT-FOR-US: Barco CVE-2020-17502 (Barco TransForm N before 3.8 allows Command Injection (issue 2 of 4). ...) NOT-FOR-US: Barco CVE-2020-17501 RESERVED CVE-2020-17500 (Barco TransForm NDN-210 Lite, NDN-210 Pro, NDN-211 Lite, and NDN-211 P ...) NOT-FOR-US: Barco CVE-2020-17499 RESERVED CVE-2020-17498 (In Wireshark 3.2.0 to 3.2.5, the Kafka protocol dissector could crash. ...) - wireshark 3.2.6-1 [buster] - wireshark (Vulnerable compose_tvb code not present) [stretch] - wireshark (Vulnerable compose_tvb code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16672 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=76afda963de4f0b9be24f2d8e873990a5cbf221b NOTE: https://www.wireshark.org/security/wnpa-sec-2020-10.html CVE-2020-17497 (eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to ...) - iwd 1.9-1 (bug #968996) [buster] - iwd (Minor issue) NOTE: https://lists.01.org/hyperkitty/list/iwd@lists.01.org/thread/4GUXL4Z6KZWWZINATGHNJVAEUTS3I7PG/ NOTE: https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=f22ba5aebb569ca54521afd2babdc1f67e3904ea CVE-2020-17496 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...) NOT-FOR-US: vBulletin CVE-2020-17495 (django-celery-results through 1.2.1 stores task results in the databas ...) - python-django-celery-results (bug #968305) [bullseye] - python-django-celery-results (Minor issue) [buster] - python-django-celery-results (Minor issue) NOTE: https://github.com/celery/django-celery-results/issues/142 CVE-2020-17494 (Untangle Firewall NG before 16.0 uses MD5 for passwords. ...) NOT-FOR-US: Untangle Firewall NG CVE-2020-17493 RESERVED CVE-2020-17492 RESERVED CVE-2020-17491 RESERVED CVE-2020-17490 (The TLS module within SaltStack Salt through 3002 creates certificates ...) {DSA-4837-1 DLA-2480-1} - salt 3002.1+dfsg1-1 NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2018.3.x.patch (2018.3.x) NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2016.11.x.patch (2016.11.x) CVE-2020-17489 (An issue was discovered in certain configurations of GNOME gnome-shell ...) {DLA-2374-1} - gnome-shell 3.36.5-1 (bug #968311) [buster] - gnome-shell 3.30.2-11~deb10u2 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/2997 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1377 NOTE: https://gitlab.gnome.org/GNOME/gnome-shell/-/commit/13137aad9db52223e8b62cecbd3456f4a7f66f04 CVE-2020-17488 RESERVED CVE-2020-17487 (radare2 4.5.0 misparses signature information in PE files, causing a s ...) - radare2 5.0.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/issues/17431 CVE-2020-17486 RESERVED CVE-2020-17485 RESERVED CVE-2020-17484 RESERVED CVE-2020-17483 RESERVED CVE-2020-17482 (An issue has been found in PowerDNS Authoritative Server before 4.3.1 ...) - pdns 4.3.1-1 (bug #970737) [buster] - pdns 4.1.6-3+deb10u1 [stretch] - pdns (Minor issue) NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2020-05.html CVE-2020-17481 RESERVED CVE-2020-17480 (TinyMCE before 4.9.7 and 5.x before 5.1.4 allows XSS in the core parse ...) - tinymce (bug #972642) [buster] - tinymce (Minor issue) [stretch] - tinymce (Minor issue) NOTE: https://github.com/tinymce/tinymce/security/advisories/GHSA-27gm-ghr9-4v95 CVE-2020-17479 (jpv (aka Json Pattern Validator) before 2.2.2 does not properly valida ...) NOT-FOR-US: jpv CVE-2020-17478 (ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly conside ...) - libcrypt-perl-perl (bug #907353) CVE-2020-17477 RESERVED CVE-2020-17476 (Mibew Messenger before 3.2.7 allows XSS via a crafted user name. ...) NOT-FOR-US: Mibew Messenger CVE-2020-17475 (Lack of authentication in the network relays used in MEGVII Koala 2.9. ...) NOT-FOR-US: MEGVII Koala CVE-2020-17474 (A token-reuse vulnerability in ZKTeco FaceDepot 7B 1.0.213 and ZKBiose ...) NOT-FOR-US: ZKTeco FaceDepot 7B and ZKBiosecurity Server CVE-2020-17473 (Lack of mutual authentication in ZKTeco FaceDepot 7B 1.0.213 and ZKBio ...) NOT-FOR-US: ZKTeco FaceDepot and ZKBiosecurity Server CVE-2020-17472 RESERVED CVE-2020-17471 RESERVED CVE-2020-17470 (An issue was discovered in FNET through 4.6.4. The code that initializ ...) NOT-FOR-US: FNET CVE-2020-17469 (An issue was discovered in FNET through 4.6.4. The code for IPv6 fragm ...) NOT-FOR-US: FNET CVE-2020-17468 (An issue was discovered in FNET through 4.6.4. The code for processing ...) NOT-FOR-US: FNET CVE-2020-17467 (An issue was discovered in FNET through 4.6.4. The code for processing ...) NOT-FOR-US: FNET CVE-2020-17466 (Turcom TRCwifiZone through 2020-08-10 allows authentication bypass by ...) NOT-FOR-US: Turcom TRCwifiZone CVE-2020-17465 (Dashboards and progressiveProfileForms in ForgeRock Identity Manager b ...) NOT-FOR-US: Dashboards and progressiveProfileForms in ForgeRock Identity Manager CVE-2020-17464 REJECTED CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...) NOT-FOR-US: FUEL CMS CVE-2020-17462 (CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload beca ...) NOT-FOR-US: CMS Made Simple CVE-2020-17461 RESERVED CVE-2020-17460 RESERVED CVE-2020-17459 RESERVED CVE-2020-17458 (A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via th ...) NOT-FOR-US: MultiUx CVE-2020-17457 (Fujitsu ServerView Suite iRMC before 9.62F allows XSS. An authenticate ...) NOT-FOR-US: Fujitsu CVE-2020-17456 (SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution ...) NOT-FOR-US: SEOWON INTECH CVE-2020-17455 RESERVED CVE-2020-17454 (WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher ...) NOT-FOR-US: WSO2 API Manager CVE-2020-17453 (WSO2 Management Console through 5.10 allows XSS via the carbon/admin/l ...) NOT-FOR-US: WSO2 Management Console CVE-2020-17452 (flatCore before 1.5.7 allows upload and execution of a .php file by an ...) NOT-FOR-US: flatCore CMS CVE-2020-17451 (flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pa ...) NOT-FOR-US: flatCore CMS CVE-2020-17450 (PHP-Fusion 9.03 allows XSS on the preview page. ...) NOT-FOR-US: PHP-Fusion CVE-2020-17449 (PHP-Fusion 9.03 allows XSS via the error_log file. ...) NOT-FOR-US: PHP-Fusion CVE-2020-17448 (Telegram Desktop through 2.1.13 allows a spoofed file type to bypass t ...) - telegram-desktop 2.2.0+ds-1 [buster] - telegram-desktop (Minor issue) CVE-2020-17447 REJECTED CVE-2020-17446 (asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger ...) {DLA-2363-1} - asyncpg 0.21.0-1 NOTE: https://github.com/MagicStack/asyncpg/commit/69bcdf5bf7696b98ee708be5408fd7d854e910d0 CVE-2020-17445 (An issue was discovered in picoTCP 1.7.0. The code for processing the ...) NOT-FOR-US: picoTCP CVE-2020-17444 (An issue was discovered in picoTCP 1.7.0. The routine for processing t ...) NOT-FOR-US: picoTCP CVE-2020-17443 (An issue was discovered in picoTCP 1.7.0. The code for creating an ICM ...) NOT-FOR-US: picoTCP CVE-2020-17442 (An issue was discovered in picoTCP 1.7.0. The code for parsing the hop ...) NOT-FOR-US: picoTCP CVE-2020-17441 (An issue was discovered in picoTCP 1.7.0. The code for processing the ...) NOT-FOR-US: picoTCP CVE-2020-17440 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi) CVE-2020-17439 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi) CVE-2020-17438 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) NOT-FOR-US: uIP as used in Contiki and other products (but apparently not open-iscsi) CVE-2020-17437 (An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other p ...) - open-iscsi 2.1.3-1 [buster] - open-iscsi (Minor issue) [stretch] - open-iscsi (Minor issue) NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ NOTE: Adressed upstream in 2.1.3 release CVE-2020-17436 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17435 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17434 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17433 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17432 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17431 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17430 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17429 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17428 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17427 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17426 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17425 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17424 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17423 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17422 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17421 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17420 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17419 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17418 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17417 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-17416 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-17415 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Foxit CVE-2020-17414 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Foxit Reader CVE-2020-17413 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17412 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17411 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-17410 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17409 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: Netgear CVE-2020-17408 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: NEC CVE-2020-17407 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Microhard Bullet-LTE CVE-2020-17406 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Microhard Bullet-LTE CVE-2020-17405 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Senstar Symphony CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17402 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2020-17401 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2020-17400 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17399 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17398 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels Desktop CVE-2020-17397 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17396 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17395 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17394 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels Desktop CVE-2020-17393 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels Desktop CVE-2020-17392 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17391 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels Desktop CVE-2020-17390 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels Desktop CVE-2020-17389 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-17388 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-17387 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-17386 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) NOT-FOR-US: Cellopoint Cellos CVE-2020-17385 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) NOT-FOR-US: Cellopoint Cellos CVE-2020-17384 (Cellopoint Cellos v4.1.10 Build 20190922 does not validate URL inputte ...) NOT-FOR-US: Cellopoint Cellos CVE-2020-17383 RESERVED CVE-2020-17382 (The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x801 ...) NOT-FOR-US: MSI AmbientLink MsIo64 driver CVE-2020-17381 (An issue was discovered in Ghisler Total Commander 9.51. Due to insuff ...) NOT-FOR-US: Ghisler Total Commander CVE-2020-17380 (A heap-based buffer overflow was found in QEMU through 5.0.0 in the SD ...) {DLA-2623-1} - qemu 1:5.2+dfsg-10 (bug #970937) [buster] - qemu (Minor issue, fix along in future DSA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1862167 NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01175.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dfba99f17feb6d4a129da19d38df1bcd8579d1c3 NOTE: possible duplicate of CVE-2020-25085, see RH bug CVE-2020-17379 RESERVED CVE-2020-17378 RESERVED CVE-2020-17377 RESERVED CVE-2020-17376 (An issue was discovered in Guest.migrate in virt/libvirt/guest.py in O ...) - nova 2:21.1.0-1 (bug #969052) [buster] - nova (Minor issue) [stretch] - nova (Minor issue) NOTE: https://launchpad.net/bugs/1890501 NOTE: https://www.openwall.com/lists/oss-security/2020/08/25/4 CVE-2020-17375 RESERVED CVE-2020-17374 RESERVED CVE-2020-17373 (SugarCRM before 10.1.0 (Q3 2020) allows SQL Injection. ...) NOT-FOR-US: SugarCRM CVE-2020-17372 (SugarCRM before 10.1.0 (Q3 2020) allows XSS. ...) NOT-FOR-US: SugarCRM CVE-2020-17371 RESERVED CVE-2020-17370 RESERVED CVE-2020-17369 RESERVED CVE-2020-17368 (Firejail through 0.9.62 mishandles shell metacharacters during use of ...) {DSA-4767-1 DSA-4742-1 DLA-2336-1} - firejail 0.9.62-4 NOTE: https://phabricator.wikimedia.org/T258763 NOTE: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b NOTE: https://phabricator.wikimedia.org/T257062 NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory CVE-2020-17367 (Firejail through 0.9.62 does not honor the -- end-of-options indicator ...) {DSA-4767-1 DSA-4742-1 DLA-2336-1} - firejail 0.9.62-4 NOTE: https://phabricator.wikimedia.org/T258763 NOTE: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37 NOTE: https://phabricator.wikimedia.org/T257062 NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. ...) - routinator (bug #929024) NOTE: https://github.com/NLnetLabs/routinator/issues/319 CVE-2020-17365 (Improper directory permissions in the Hotspot Shield VPN client softwa ...) NOT-FOR-US: Hotspot Shield VPN client for Windows CVE-2020-17364 (USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. ...) NOT-FOR-US: User-friendly SVN CVE-2020-17363 (USVN (aka User-friendly SVN) before 1.0.9 allows remote code execution ...) NOT-FOR-US: User-friendly SVN CVE-2020-17362 (search.php in the Nova Lite theme before 1.3.9 for WordPress allows Re ...) NOT-FOR-US: Nova Lite theme for WordPress CVE-2020-17361 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...) NOT-FOR-US: ReadyTalk Avian CVE-2020-17360 (** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk A ...) NOT-FOR-US: ReadyTalk Avian CVE-2020-17359 RESERVED CVE-2020-17358 RESERVED CVE-2020-17357 RESERVED CVE-2020-17356 RESERVED CVE-2020-17355 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...) NOT-FOR-US: Arista CVE-2020-17354 RESERVED NOTE: https://phabricator.wikimedia.org/T259210 NOTE: https://phabricator.wikimedia.org/T257062 NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory CVE-2020-17353 (scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x ...) {DSA-4756-1} - lilypond 2.20.0-2 (bug #968993) NOTE: https://phabricator.wikimedia.org/T258547 NOTE: http://git.savannah.gnu.org/gitweb/?p=lilypond.git;a=commit;h=b84ea4740f3279516905c5db05f4074e777c16ff NOTE: https://phabricator.wikimedia.org/T257062 NOTE: https://www.mediawiki.org/wiki/Extension:Score/2021_security_advisory CVE-2020-17352 (Two OS command injection vulnerabilities in the User Portal of Sophos ...) NOT-FOR-US: Sophos CVE-2020-17351 RESERVED CVE-2020-17350 RESERVED CVE-2020-17349 RESERVED CVE-2020-17348 RESERVED CVE-2020-17347 RESERVED CVE-2020-17346 RESERVED CVE-2020-17345 RESERVED CVE-2020-17344 RESERVED CVE-2020-17343 RESERVED CVE-2020-17342 RESERVED CVE-2020-17341 RESERVED CVE-2020-17340 RESERVED CVE-2020-17339 RESERVED CVE-2020-17338 RESERVED CVE-2020-17337 RESERVED CVE-2020-17336 RESERVED CVE-2020-17335 RESERVED CVE-2020-17334 RESERVED CVE-2020-17333 RESERVED CVE-2020-17332 RESERVED CVE-2020-17331 RESERVED CVE-2020-17330 RESERVED CVE-2020-17329 RESERVED CVE-2020-17328 RESERVED CVE-2020-17327 RESERVED CVE-2020-17326 RESERVED CVE-2020-17325 RESERVED CVE-2020-17324 RESERVED CVE-2020-17323 RESERVED CVE-2020-17322 RESERVED CVE-2020-17321 RESERVED CVE-2020-17320 RESERVED CVE-2020-17319 RESERVED CVE-2020-17318 RESERVED CVE-2020-17317 RESERVED CVE-2020-17316 RESERVED CVE-2020-17315 RESERVED CVE-2020-17314 RESERVED CVE-2020-17313 RESERVED CVE-2020-17312 RESERVED CVE-2020-17311 RESERVED CVE-2020-17310 RESERVED CVE-2020-17309 RESERVED CVE-2020-17308 RESERVED CVE-2020-17307 RESERVED CVE-2020-17306 RESERVED CVE-2020-17305 RESERVED CVE-2020-17304 RESERVED CVE-2020-17303 RESERVED CVE-2020-17302 RESERVED CVE-2020-17301 RESERVED CVE-2020-17300 RESERVED CVE-2020-17299 RESERVED CVE-2020-17298 RESERVED CVE-2020-17297 RESERVED CVE-2020-17296 RESERVED CVE-2020-17295 RESERVED CVE-2020-17294 RESERVED CVE-2020-17293 RESERVED CVE-2020-17292 RESERVED CVE-2020-17291 RESERVED CVE-2020-17290 RESERVED CVE-2020-17289 RESERVED CVE-2020-17288 RESERVED CVE-2020-17287 RESERVED CVE-2020-17286 RESERVED CVE-2020-17285 RESERVED CVE-2020-17284 RESERVED CVE-2020-17283 RESERVED CVE-2020-17282 RESERVED CVE-2020-17281 RESERVED CVE-2020-17280 RESERVED CVE-2020-17279 RESERVED CVE-2020-17278 RESERVED CVE-2020-17277 RESERVED CVE-2020-17276 RESERVED CVE-2020-17275 RESERVED CVE-2020-17274 RESERVED CVE-2020-17273 RESERVED CVE-2020-17272 RESERVED CVE-2020-17271 RESERVED CVE-2020-17270 RESERVED CVE-2020-17269 RESERVED CVE-2020-17268 RESERVED CVE-2020-17267 RESERVED CVE-2020-17266 RESERVED CVE-2020-17265 RESERVED CVE-2020-17264 RESERVED CVE-2020-17263 RESERVED CVE-2020-17262 RESERVED CVE-2020-17261 RESERVED CVE-2020-17260 RESERVED CVE-2020-17259 RESERVED CVE-2020-17258 RESERVED CVE-2020-17257 RESERVED CVE-2020-17256 RESERVED CVE-2020-17255 RESERVED CVE-2020-17254 RESERVED CVE-2020-17253 RESERVED CVE-2020-17252 RESERVED CVE-2020-17251 RESERVED CVE-2020-17250 RESERVED CVE-2020-17249 RESERVED CVE-2020-17248 RESERVED CVE-2020-17247 RESERVED CVE-2020-17246 RESERVED CVE-2020-17245 RESERVED CVE-2020-17244 RESERVED CVE-2020-17243 RESERVED CVE-2020-17242 RESERVED CVE-2020-17241 RESERVED CVE-2020-17240 RESERVED CVE-2020-17239 RESERVED CVE-2020-17238 RESERVED CVE-2020-17237 RESERVED CVE-2020-17236 RESERVED CVE-2020-17235 RESERVED CVE-2020-17234 RESERVED CVE-2020-17233 RESERVED CVE-2020-17232 RESERVED CVE-2020-17231 RESERVED CVE-2020-17230 RESERVED CVE-2020-17229 RESERVED CVE-2020-17228 RESERVED CVE-2020-17227 RESERVED CVE-2020-17226 RESERVED CVE-2020-17225 RESERVED CVE-2020-17224 RESERVED CVE-2020-17223 RESERVED CVE-2020-17222 RESERVED CVE-2020-17221 RESERVED CVE-2020-17220 RESERVED CVE-2020-17219 RESERVED CVE-2020-17218 RESERVED CVE-2020-17217 RESERVED CVE-2020-17216 RESERVED CVE-2020-17215 RESERVED CVE-2020-17214 RESERVED CVE-2020-17213 RESERVED CVE-2020-17212 RESERVED CVE-2020-17211 RESERVED CVE-2020-17210 RESERVED CVE-2020-17209 RESERVED CVE-2020-17208 RESERVED CVE-2020-17207 RESERVED CVE-2020-17206 RESERVED CVE-2020-17205 RESERVED CVE-2020-17204 RESERVED CVE-2020-17203 RESERVED CVE-2020-17202 RESERVED CVE-2020-17201 RESERVED CVE-2020-17200 RESERVED CVE-2020-17199 RESERVED CVE-2020-17198 RESERVED CVE-2020-17197 RESERVED CVE-2020-17196 RESERVED CVE-2020-17195 RESERVED CVE-2020-17194 RESERVED CVE-2020-17193 RESERVED CVE-2020-17192 RESERVED CVE-2020-17191 RESERVED CVE-2020-17190 RESERVED CVE-2020-17189 RESERVED CVE-2020-17188 RESERVED CVE-2020-17187 RESERVED CVE-2020-17186 RESERVED CVE-2020-17185 RESERVED CVE-2020-17184 RESERVED CVE-2020-17183 RESERVED CVE-2020-17182 RESERVED CVE-2020-17181 RESERVED CVE-2020-17180 RESERVED CVE-2020-17179 RESERVED CVE-2020-17178 RESERVED CVE-2020-17177 RESERVED CVE-2020-17176 RESERVED CVE-2020-17175 RESERVED CVE-2020-17174 RESERVED CVE-2020-17173 RESERVED CVE-2020-17172 RESERVED CVE-2020-17171 RESERVED CVE-2020-17170 RESERVED CVE-2020-17169 RESERVED CVE-2020-17168 RESERVED CVE-2020-17167 RESERVED CVE-2020-17166 RESERVED CVE-2020-17165 RESERVED CVE-2020-17164 RESERVED CVE-2020-17163 RESERVED CVE-2020-17162 (Microsoft Windows Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17161 RESERVED CVE-2020-17160 REJECTED CVE-2020-17159 (Visual Studio Code Java Extension Pack Remote Code Execution Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2020-17158 (Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote ...) NOT-FOR-US: Microsoft CVE-2020-17157 RESERVED CVE-2020-17156 (Visual Studio Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17155 RESERVED CVE-2020-17154 RESERVED CVE-2020-17153 (Microsoft Edge for Android Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17152 (Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote ...) NOT-FOR-US: Microsoft CVE-2020-17151 RESERVED CVE-2020-17150 (Visual Studio Code Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17149 RESERVED CVE-2020-17148 (Visual Studio Code Remote Development Extension Remote Code Execution ...) NOT-FOR-US: Microsoft CVE-2020-17147 (Dynamics CRM Webclient Cross-site Scripting Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17146 RESERVED CVE-2020-17145 (Azure DevOps Server and Team Foundation Services Spoofing Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17144 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2020-17143 (Microsoft Exchange Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17142 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2020-17141 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2020-17140 (Windows SMB Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17139 (Windows Overlay Filter Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17138 (Windows Error Reporting Information Disclosure Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2020-17137 (DirectX Graphics Kernel Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17136 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2020-17135 (Azure DevOps Server Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17134 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2020-17133 (Microsoft Dynamics Business Central/NAV Information Disclosure ...) NOT-FOR-US: Microsoft CVE-2020-17132 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2020-17131 (Chakra Scripting Engine Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17130 (Microsoft Excel Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17129 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2020-17128 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2020-17127 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2020-17126 (Microsoft Excel Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17125 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2020-17124 (Microsoft PowerPoint Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17123 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2020-17122 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2020-17121 (Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID i ...) NOT-FOR-US: Microsoft CVE-2020-17120 (Microsoft SharePoint Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17119 (Microsoft Outlook Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17118 (Microsoft SharePoint Remote Code Execution Vulnerability This CVE ID i ...) NOT-FOR-US: Microsoft CVE-2020-17117 (Microsoft Exchange Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2020-17116 RESERVED CVE-2020-17115 (Microsoft SharePoint Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17114 RESERVED CVE-2020-17113 (Windows Camera Codec Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17112 RESERVED CVE-2020-17111 RESERVED CVE-2020-17110 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17109 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17108 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17107 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17106 (HEVC Video Extensions Remote Code Execution Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17105 (AV1 Video Extension Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17104 (Visual Studio Code JSHint Extension Remote Code Execution Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17103 (Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerab ...) NOT-FOR-US: Microsoft CVE-2020-17102 (WebP Image Extensions Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17101 (HEIF Image Extensions Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17100 (Visual Studio Tampering Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17099 (Windows Lock Screen Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17098 (Windows GDI+ Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17097 (Windows Digital Media Receiver Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17096 (Windows NTFS Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17095 (Hyper-V Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17094 (Windows Error Reporting Information Disclosure Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2020-17093 RESERVED CVE-2020-17092 (Windows Network Connections Service Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2020-17091 (Microsoft Teams Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17090 (Microsoft Defender for Endpoint Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17089 (Microsoft SharePoint Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17088 (Windows Common Log File System Driver Elevation of Privilege Vulnerabi ...) NOT-FOR-US: Microsoft CVE-2020-17087 (Windows Kernel Local Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17086 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2020-17085 (Microsoft Exchange Server Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17084 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2020-17083 (Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ...) NOT-FOR-US: Microsoft CVE-2020-17082 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2020-17081 (Microsoft Raw Image Extension Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17080 RESERVED CVE-2020-17079 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2020-17078 (Raw Image Extension Remote Code Execution Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2020-17077 (Windows Update Stack Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17076 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2020-17075 (Windows USO Core Worker Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17074 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2020-17073 (Windows Update Orchestrator Service Elevation of Privilege Vulnerabili ...) NOT-FOR-US: Microsoft CVE-2020-17072 RESERVED CVE-2020-17071 (Windows Delivery Optimization Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17070 (Windows Update Medic Service Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17069 (Windows NDIS Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17068 (Windows GDI+ Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17067 (Microsoft Excel Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17066 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2020-17065 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2020-17064 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2020-17063 (Microsoft Office Online Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17062 (Microsoft Office Access Connectivity Engine Remote Code Execution Vuln ...) NOT-FOR-US: Microsoft CVE-2020-17061 (Microsoft SharePoint Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17060 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2020-17059 RESERVED CVE-2020-17058 (Microsoft Browser Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17057 (Windows Win32k Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17056 (Windows Network File System Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17055 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17054 (Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2020-17053 (Internet Explorer Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17052 (Scripting Engine Memory Corruption Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17051 (Windows Network File System Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17050 RESERVED CVE-2020-17049 (Kerberos Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17048 (Chakra Scripting Engine Memory Corruption Vulnerability This CVE ID is ...) NOT-FOR-US: Microsoft CVE-2020-17047 (Windows Network File System Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17046 (Windows Error Reporting Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17045 (Windows KernelStream Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17044 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17043 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17042 (Windows Print Spooler Remote Code Execution Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17041 (Windows Print Configuration Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17040 (Windows Hyper-V Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17039 RESERVED CVE-2020-17038 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2020-17037 (Windows WalletService Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17036 (Windows Function Discovery SSDP Provider Information Disclosure Vulner ...) NOT-FOR-US: Microsoft CVE-2020-17035 (Windows Kernel Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17034 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17033 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17032 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17031 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17030 (Windows MSCTF Server Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17029 (Windows Canonical Display Driver Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17028 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17027 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17026 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17025 (Windows Remote Access Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17024 (Windows Client Side Rendering Print Provider Elevation of Privilege Vu ...) NOT-FOR-US: Microsoft CVE-2020-17023 (A remote code execution vulnerability exists in Visual Studio Code whe ...) NOT-FOR-US: Microsoft CVE-2020-17022 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-17021 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17020 (Microsoft Word Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17019 (Microsoft Excel Remote Code Execution Vulnerability This CVE ID is uni ...) NOT-FOR-US: Microsoft CVE-2020-17018 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17017 (Microsoft SharePoint Information Disclosure Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17016 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2020-17015 (Microsoft SharePoint Spoofing Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2020-17014 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17013 (Win32k Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17012 (Windows Bind Filter Driver Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17011 (Windows Port Class Library Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17010 (Win32k Elevation of Privilege Vulnerability This CVE ID is unique from ...) NOT-FOR-US: Microsoft CVE-2020-17009 RESERVED CVE-2020-17008 RESERVED CVE-2020-17007 (Windows Error Reporting Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17006 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17005 (Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-17004 (Windows Graphics Component Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17003 (A remote code execution vulnerability exists when the Base3D rendering ...) NOT-FOR-US: Microsoft CVE-2020-17002 (Azure SDK for C Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-17001 (Windows Print Spooler Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-17000 (Remote Desktop Protocol Client Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-16999 (Windows WalletService Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-16998 (DirectX Elevation of Privilege Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-16997 (Remote Desktop Protocol Server Information Disclosure Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-16996 (Kerberos Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-16995 (An elevation of privilege vulnerability exists in Network Watcher Agen ...) NOT-FOR-US: Microsoft CVE-2020-16994 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2020-16993 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...) NOT-FOR-US: Microsoft CVE-2020-16992 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...) NOT-FOR-US: Microsoft CVE-2020-16991 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2020-16990 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) NOT-FOR-US: Microsoft CVE-2020-16989 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...) NOT-FOR-US: Microsoft CVE-2020-16988 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...) NOT-FOR-US: Microsoft CVE-2020-16987 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2020-16986 (Azure Sphere Denial of Service Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-16985 (Azure Sphere Information Disclosure Vulnerability This CVE ID is uniqu ...) NOT-FOR-US: Microsoft CVE-2020-16984 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2020-16983 (Azure Sphere Tampering Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-16982 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2020-16981 (Azure Sphere Elevation of Privilege Vulnerability This CVE ID is uniqu ...) NOT-FOR-US: Microsoft CVE-2020-16980 (An elevation of privilege vulnerability exists when the Windows iSCSI ...) NOT-FOR-US: Microsoft CVE-2020-16979 (Microsoft SharePoint Information Disclosure Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-16978 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16977 (A remote code execution vulnerability exists in Visual Studio Code whe ...) NOT-FOR-US: Microsoft CVE-2020-16976 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-16975 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-16974 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-16973 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-16972 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-16971 (Azure SDK for Java Security Feature Bypass Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-16970 (Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is uniq ...) NOT-FOR-US: Microsoft CVE-2020-16969 (An information disclosure vulnerability exists in how Microsoft Exchan ...) NOT-FOR-US: Microsoft CVE-2020-16968 (A remote code execution vulnerability exists when the Windows Camera C ...) NOT-FOR-US: Microsoft CVE-2020-16967 (A remote code execution vulnerability exists when the Windows Camera C ...) NOT-FOR-US: Microsoft CVE-2020-16966 RESERVED CVE-2020-16965 RESERVED CVE-2020-16964 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-16963 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-16962 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-16961 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-16960 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-16959 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-16958 (Windows Backup Engine Elevation of Privilege Vulnerability This CVE ID ...) NOT-FOR-US: Microsoft CVE-2020-16957 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2020-16956 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16955 (An elevation of privilege vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-16954 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-16953 (An information disclosure vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2020-16952 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-16951 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-16950 (An information disclosure vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2020-16949 (A denial of service vulnerability exists in Microsoft Outlook software ...) NOT-FOR-US: Microsoft CVE-2020-16948 (An information disclosure vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2020-16947 (A remote code execution vulnerability exists in Microsoft Outlook soft ...) NOT-FOR-US: Microsoft CVE-2020-16946 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-16945 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-16944 (This vulnerability is caused when SharePoint Server does not properly ...) NOT-FOR-US: Microsoft CVE-2020-16943 (An elevation of privilege vulnerability exists in Microsoft Dynamics 3 ...) NOT-FOR-US: Microsoft CVE-2020-16942 (An information disclosure vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2020-16941 (An information disclosure vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2020-16940 (An elevation of privilege vulnerability exists when the Windows User P ...) NOT-FOR-US: Microsoft CVE-2020-16939 (An elevation of privilege vulnerability exists when Group Policy impro ...) NOT-FOR-US: Microsoft CVE-2020-16938 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-16937 (An information disclosure vulnerability exists when the .NET Framework ...) - dotnet-core-3.1 (bug #968921) CVE-2020-16936 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-16935 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-16934 (An elevation of privilege vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-16933 (A security feature bypass vulnerability exists in Microsoft Word softw ...) NOT-FOR-US: Microsoft CVE-2020-16932 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-16931 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-16930 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-16929 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-16928 (An elevation of privilege vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-16927 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...) NOT-FOR-US: Microsoft CVE-2020-16926 RESERVED CVE-2020-16925 RESERVED CVE-2020-16924 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-16923 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-16922 (A spoofing vulnerability exists when Windows incorrectly validates fil ...) NOT-FOR-US: Microsoft CVE-2020-16921 (An information disclosure vulnerability exists in Text Services Framew ...) NOT-FOR-US: Microsoft CVE-2020-16920 (An elevation of privilege vulnerability exists when the Windows Applic ...) NOT-FOR-US: Microsoft CVE-2020-16919 (An information disclosure vulnerability exists when the Windows Enterp ...) NOT-FOR-US: Microsoft CVE-2020-16918 (A remote code execution vulnerability exists when the Base3D rendering ...) NOT-FOR-US: Microsoft CVE-2020-16917 RESERVED CVE-2020-16916 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-16915 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-16914 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-16913 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-16912 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-16911 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-16910 (A security feature bypass vulnerability exists when Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2020-16909 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-16908 (An elevation of privilege vulnerability exists in Windows Setup in the ...) NOT-FOR-US: Microsoft CVE-2020-16907 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-16906 RESERVED CVE-2020-16905 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-16904 (An elevation of privilege vulnerability exists in the way Azure Functi ...) NOT-FOR-US: Microsoft CVE-2020-16903 RESERVED CVE-2020-16902 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-16901 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-16900 (An elevation of privilege vulnerability exists when the Windows Event ...) NOT-FOR-US: Microsoft CVE-2020-16899 (A denial of service vulnerability exists when the Windows TCP/IP stack ...) NOT-FOR-US: Microsoft CVE-2020-16898 (A remote code execution vulnerability exists when the Windows TCP/IP s ...) NOT-FOR-US: Microsoft CVE-2020-16897 (An information disclosure vulnerability exists when NetBIOS over TCP ( ...) NOT-FOR-US: Microsoft CVE-2020-16896 (An information disclosure vulnerability exists in Remote Desktop Proto ...) NOT-FOR-US: Microsoft CVE-2020-16895 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-16894 (A remote code execution vulnerability exists when Windows Network Addr ...) NOT-FOR-US: Microsoft CVE-2020-16893 RESERVED CVE-2020-16892 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-16891 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2020-16890 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-16889 (An information disclosure vulnerability exists when the Windows Kernel ...) NOT-FOR-US: Microsoft CVE-2020-16888 RESERVED CVE-2020-16887 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-16886 (A security feature bypass vulnerability exists in the PowerShellGet V2 ...) NOT-FOR-US: Microsoft CVE-2020-16885 (An elevation of privilege vulnerability exists when the Windows Storag ...) NOT-FOR-US: Microsoft CVE-2020-16884 (A remote code execution vulnerability exists in the way that the IEToE ...) NOT-FOR-US: IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer CVE-2020-16883 RESERVED CVE-2020-16882 RESERVED CVE-2020-16881 (A remote code execution vulnerability exists in Visual Studio Code whe ...) NOT-FOR-US: Microsoft CVE-2020-16880 RESERVED CVE-2020-16879 (An information disclosure vulnerability exists when a Windows Projecte ...) NOT-FOR-US: Microsoft CVE-2020-16878 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16877 (An elevation of privilege vulnerability exists when Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2020-16876 (An elevation of privilege vulnerability exists when the Windows Applic ...) NOT-FOR-US: Microsoft CVE-2020-16875 (A remote code execution vulnerability exists in Microsoft Exchange ser ...) NOT-FOR-US: Microsoft CVE-2020-16874 (A remote code execution vulnerability exists in Visual Studio when it ...) NOT-FOR-US: Microsoft CVE-2020-16873 (A spoofing vulnerability manifests in Microsoft Xamarin.Forms due to t ...) NOT-FOR-US: Microsoft CVE-2020-16872 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16871 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16870 RESERVED CVE-2020-16869 RESERVED CVE-2020-16868 RESERVED CVE-2020-16867 RESERVED CVE-2020-16866 RESERVED CVE-2020-16865 RESERVED CVE-2020-16864 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16863 (A denial of service vulnerability exists in Windows Remote Desktop Ser ...) NOT-FOR-US: Microsoft CVE-2020-16862 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...) NOT-FOR-US: Microsoft CVE-2020-16861 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16860 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...) NOT-FOR-US: Microsoft CVE-2020-16859 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16858 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-16857 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...) NOT-FOR-US: Microsoft CVE-2020-16856 (A remote code execution vulnerability exists in Visual Studio when it ...) NOT-FOR-US: Microsoft CVE-2020-16855 (An information disclosure vulnerability exists when Microsoft Office s ...) NOT-FOR-US: Microsoft CVE-2020-16854 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-16853 (An elevation of privilege vulnerability exists when the OneDrive for W ...) NOT-FOR-US: Microsoft CVE-2020-16852 (An elevation of privilege vulnerability exists when the OneDrive for W ...) NOT-FOR-US: Microsoft CVE-2020-16851 (An elevation of privilege vulnerability exists when the OneDrive for W ...) NOT-FOR-US: Microsoft CVE-2020-16850 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthent ...) NOT-FOR-US: Mitsubishi CVE-2020-16849 (An issue was discovered on Canon MF237w 06.07 devices. An "Improper Ha ...) NOT-FOR-US: Canon CVE-2020-16848 RESERVED CVE-2020-16847 (Extreme Analytics in Extreme Management Center before 8.5.0.169 allows ...) NOT-FOR-US: Extreme Management Center CVE-2020-16846 (An issue was discovered in SaltStack Salt through 3002. Sending crafte ...) {DSA-4837-1 DLA-2480-1} - salt 3002.1+dfsg1-1 NOTE: https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/ NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2018.3.x.patch (2018.3.x) NOTE: https://gitlab.com/saltstack/open/salt-patches/-/raw/master/patches/2020/09/02/2016.11.x.patch (2016.11.x) CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...) {DSA-4848-1 DLA-2460-1 DLA-2459-1} - golang-1.15 1.15~rc2-1 - golang-1.14 1.14.7-1 - golang-1.11 - golang-1.8 - golang-1.7 NOTE: https://groups.google.com/forum/#!topic/golang-announce/NyPIaucMgXo NOTE: https://github.com/golang/go/issues/40618 NOTE: Fixed in 1.15~rc2, 1.14.7, 1.13.15 CVE-2020-16844 (In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users ...) NOT-FOR-US: Istio CVE-2020-16843 (In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the netw ...) NOT-FOR-US: Firecracker CVE-2020-16842 RESERVED CVE-2020-16841 RESERVED CVE-2020-16840 RESERVED CVE-2020-16839 (On Crestron DM-NVX-DIR, DM-NVX-DIR80, and DM-NVX-ENT devices before th ...) NOT-FOR-US: Crestron CVE-2020-16838 RESERVED CVE-2020-16837 RESERVED CVE-2020-16836 RESERVED CVE-2020-16835 RESERVED CVE-2020-16834 RESERVED CVE-2020-16833 RESERVED CVE-2020-16832 RESERVED CVE-2020-16831 RESERVED CVE-2020-16830 RESERVED CVE-2020-16829 RESERVED CVE-2020-16828 RESERVED CVE-2020-16827 RESERVED CVE-2020-16826 RESERVED CVE-2020-16825 RESERVED CVE-2020-16824 RESERVED CVE-2020-16823 RESERVED CVE-2020-16822 RESERVED CVE-2020-16821 RESERVED CVE-2020-16820 RESERVED CVE-2020-16819 RESERVED CVE-2020-16818 RESERVED CVE-2020-16817 RESERVED CVE-2020-16816 RESERVED CVE-2020-16815 RESERVED CVE-2020-16814 RESERVED CVE-2020-16813 RESERVED CVE-2020-16812 RESERVED CVE-2020-16811 RESERVED CVE-2020-16810 RESERVED CVE-2020-16809 RESERVED CVE-2020-16808 RESERVED CVE-2020-16807 RESERVED CVE-2020-16806 RESERVED CVE-2020-16805 RESERVED CVE-2020-16804 RESERVED CVE-2020-16803 RESERVED CVE-2020-16802 RESERVED CVE-2020-16801 RESERVED CVE-2020-16800 RESERVED CVE-2020-16799 RESERVED CVE-2020-16798 RESERVED CVE-2020-16797 RESERVED CVE-2020-16796 RESERVED CVE-2020-16795 RESERVED CVE-2020-16794 RESERVED CVE-2020-16793 RESERVED CVE-2020-16792 RESERVED CVE-2020-16791 RESERVED CVE-2020-16790 RESERVED CVE-2020-16789 RESERVED CVE-2020-16788 RESERVED CVE-2020-16787 RESERVED CVE-2020-16786 RESERVED CVE-2020-16785 RESERVED CVE-2020-16784 RESERVED CVE-2020-16783 RESERVED CVE-2020-16782 RESERVED CVE-2020-16781 RESERVED CVE-2020-16780 RESERVED CVE-2020-16779 RESERVED CVE-2020-16778 RESERVED CVE-2020-16777 RESERVED CVE-2020-16776 RESERVED CVE-2020-16775 RESERVED CVE-2020-16774 RESERVED CVE-2020-16773 RESERVED CVE-2020-16772 RESERVED CVE-2020-16771 RESERVED CVE-2020-16770 RESERVED CVE-2020-16769 RESERVED CVE-2020-16768 RESERVED CVE-2020-16767 RESERVED CVE-2020-16766 RESERVED CVE-2020-16765 RESERVED CVE-2020-16764 RESERVED CVE-2020-16763 RESERVED CVE-2020-16762 RESERVED CVE-2020-16761 RESERVED CVE-2020-16760 RESERVED CVE-2020-16759 RESERVED CVE-2020-16758 RESERVED CVE-2020-16757 RESERVED CVE-2020-16756 RESERVED CVE-2020-16755 RESERVED CVE-2020-16754 RESERVED CVE-2020-16753 RESERVED CVE-2020-16752 RESERVED CVE-2020-16751 RESERVED CVE-2020-16750 RESERVED CVE-2020-16749 RESERVED CVE-2020-16748 RESERVED CVE-2020-16747 RESERVED CVE-2020-16746 RESERVED CVE-2020-16745 RESERVED CVE-2020-16744 RESERVED CVE-2020-16743 RESERVED CVE-2020-16742 RESERVED CVE-2020-16741 RESERVED CVE-2020-16740 RESERVED CVE-2020-16739 RESERVED CVE-2020-16738 RESERVED CVE-2020-16737 RESERVED CVE-2020-16736 RESERVED CVE-2020-16735 RESERVED CVE-2020-16734 RESERVED CVE-2020-16733 RESERVED CVE-2020-16732 RESERVED CVE-2020-16731 RESERVED CVE-2020-16730 RESERVED CVE-2020-16729 RESERVED CVE-2020-16728 RESERVED CVE-2020-16727 RESERVED CVE-2020-16726 RESERVED CVE-2020-16725 RESERVED CVE-2020-16724 RESERVED CVE-2020-16723 RESERVED CVE-2020-16722 RESERVED CVE-2020-16721 RESERVED CVE-2020-16720 RESERVED CVE-2020-16719 RESERVED CVE-2020-16718 RESERVED CVE-2020-16717 RESERVED CVE-2020-16716 RESERVED CVE-2020-16715 RESERVED CVE-2020-16714 RESERVED CVE-2020-16713 RESERVED CVE-2020-16712 RESERVED CVE-2020-16711 RESERVED CVE-2020-16710 RESERVED CVE-2020-16709 RESERVED CVE-2020-16708 RESERVED CVE-2020-16707 RESERVED CVE-2020-16706 RESERVED CVE-2020-16705 RESERVED CVE-2020-16704 RESERVED CVE-2020-16703 RESERVED CVE-2020-16702 RESERVED CVE-2020-16701 RESERVED CVE-2020-16700 RESERVED CVE-2020-16699 RESERVED CVE-2020-16698 RESERVED CVE-2020-16697 RESERVED CVE-2020-16696 RESERVED CVE-2020-16695 RESERVED CVE-2020-16694 RESERVED CVE-2020-16693 RESERVED CVE-2020-16692 RESERVED CVE-2020-16691 RESERVED CVE-2020-16690 RESERVED CVE-2020-16689 RESERVED CVE-2020-16688 RESERVED CVE-2020-16687 RESERVED CVE-2020-16686 RESERVED CVE-2020-16685 RESERVED CVE-2020-16684 RESERVED CVE-2020-16683 RESERVED CVE-2020-16682 RESERVED CVE-2020-16681 RESERVED CVE-2020-16680 RESERVED CVE-2020-16679 RESERVED CVE-2020-16678 RESERVED CVE-2020-16677 RESERVED CVE-2020-16676 RESERVED CVE-2020-16675 RESERVED CVE-2020-16674 RESERVED CVE-2020-16673 RESERVED CVE-2020-16672 RESERVED CVE-2020-16671 RESERVED CVE-2020-16670 RESERVED CVE-2020-16669 RESERVED CVE-2020-16668 RESERVED CVE-2020-16667 RESERVED CVE-2020-16666 RESERVED CVE-2020-16665 RESERVED CVE-2020-16664 RESERVED CVE-2020-16663 RESERVED CVE-2020-16662 RESERVED CVE-2020-16661 RESERVED CVE-2020-16660 RESERVED CVE-2020-16659 RESERVED CVE-2020-16658 RESERVED CVE-2020-16657 RESERVED CVE-2020-16656 RESERVED CVE-2020-16655 RESERVED CVE-2020-16654 RESERVED CVE-2020-16653 RESERVED CVE-2020-16652 RESERVED CVE-2020-16651 RESERVED CVE-2020-16650 RESERVED CVE-2020-16649 RESERVED CVE-2020-16648 RESERVED CVE-2020-16647 RESERVED CVE-2020-16646 RESERVED CVE-2020-16645 RESERVED CVE-2020-16644 RESERVED CVE-2020-16643 RESERVED CVE-2020-16642 RESERVED CVE-2020-16641 RESERVED CVE-2020-16640 RESERVED CVE-2020-16639 RESERVED CVE-2020-16638 RESERVED CVE-2020-16637 RESERVED CVE-2020-16636 REJECTED CVE-2020-16635 RESERVED CVE-2020-16634 RESERVED CVE-2020-16633 RESERVED CVE-2020-16632 (A XSS Vulnerability in /uploads/dede/action_search.php in DedeCMS V5.7 ...) NOT-FOR-US: DedeCMS CVE-2020-16631 RESERVED CVE-2020-16630 (TI’s BLE stack caches and reuses the LTK’s property for a ...) NOT-FOR-US: Texas Instruments CVE-2020-16629 (PhpOK 5.4.137 contains a SQL injection vulnerability that can inject a ...) NOT-FOR-US: PhpOK CVE-2020-16628 RESERVED CVE-2020-16627 RESERVED CVE-2020-16626 RESERVED CVE-2020-16625 RESERVED CVE-2020-16624 RESERVED CVE-2020-16623 RESERVED CVE-2020-16622 RESERVED CVE-2020-16621 RESERVED CVE-2020-16620 RESERVED CVE-2020-16619 RESERVED CVE-2020-16618 RESERVED CVE-2020-16617 RESERVED CVE-2020-16616 RESERVED CVE-2020-16615 RESERVED CVE-2020-16614 RESERVED CVE-2020-16613 RESERVED CVE-2020-16612 RESERVED CVE-2020-16611 RESERVED CVE-2020-16610 (Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site Request ...) NOT-FOR-US: Hoosk Codeigniter CMS CVE-2020-16609 RESERVED CVE-2020-16608 (Notable 1.8.4 allows XSS via crafted Markdown text, with resultant rem ...) NOT-FOR-US: Notable CVE-2020-16607 RESERVED CVE-2020-16606 RESERVED CVE-2020-16605 RESERVED CVE-2020-16604 RESERVED CVE-2020-16603 RESERVED CVE-2020-16602 (Razer Chroma SDK Rest Server through 3.12.17 allows remote attackers t ...) NOT-FOR-US: Razer Chroma SDK Rest Server CVE-2020-16601 RESERVED CVE-2020-16600 (A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF ...) - mupdf 1.17.0+ds1-1 (bug #989526) [buster] - mupdf 1.14.0+ds1-4+deb10u3 [stretch] - mupdf (Vulnerable code not present) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702253 NOTE: http://git.ghostscript.com/?p=mupdf.git;h=96751b25462f83d6e16a9afaf8980b0c3f979c8b CVE-2020-16599 (A Null Pointer Dereference vulnerability exists in the Binary File Des ...) - binutils 2.35-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25842 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8d55d10ac0d112c586eaceb92e75bd9b80aadcc4 NOTE: binutils not covered by security support CVE-2020-16598 REJECTED CVE-2020-16597 RESERVED CVE-2020-16596 RESERVED CVE-2020-16595 RESERVED CVE-2020-16594 RESERVED CVE-2020-16593 (A Null Pointer Dereference vulnerability exists in the Binary File Des ...) - binutils 2.35-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25827 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aec72fda3b320c36eb99fc1c4cf95b10fc026729 NOTE: binutils not covered by security support CVE-2020-16592 (A use after free issue exists in the Binary File Descriptor (BFD) libr ...) - binutils 2.35-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25823 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7ecb51549ab1ec22aba5aaf34b70323cf0b8509a NOTE: binutils not covered by security support CVE-2020-16591 (A Denial of Service vulnerability exists in the Binary File Descriptor ...) - binutils 2.35-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25822 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=001890e1f9269697f7e0212430a51479271bdab2 NOTE: binutils not covered by security support CVE-2020-16590 (A double free vulnerability exists in the Binary File Descriptor (BFD) ...) - binutils 2.35-1 (unimportant) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25821 NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c98a4545dc7bf2bcaf1de539c4eb84784680eaa4 NOTE: binutils not covered by security support CVE-2020-16589 (A head-based buffer overflow exists in Academy Software Foundation Ope ...) {DLA-2491-1} - openexr 2.5.3-2 [buster] - openexr (Minor issue) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6bb36714528a9563dd3b92720c5063a1284b86f8 (v2.4.0-beta.1) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/494 CVE-2020-16588 (A Null Pointer Deference issue exists in Academy Software Foundation O ...) {DLA-2491-1} - openexr 2.5.3-2 [buster] - openexr (Minor issue) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/74504503cff86e986bac441213c403b0ba28d58f (v2.4.0-beta.1) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/493 CVE-2020-16587 (A heap-based buffer overflow vulnerability exists in Academy Software ...) {DLA-2701-1} - openexr 2.5.3-2 [buster] - openexr (Minor issue) NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/8b5370c688a7362673c3a5256d93695617a4cd9a (v2.4.0-beta.1) NOTE: https://github.com/AcademySoftwareFoundation/openexr/issues/491 CVE-2020-16586 RESERVED CVE-2020-16585 RESERVED CVE-2020-16584 RESERVED CVE-2020-16583 RESERVED CVE-2020-16582 RESERVED CVE-2020-16581 RESERVED CVE-2020-16580 RESERVED CVE-2020-16579 RESERVED CVE-2020-16578 RESERVED CVE-2020-16577 RESERVED CVE-2020-16576 RESERVED CVE-2020-16575 RESERVED CVE-2020-16574 RESERVED CVE-2020-16573 RESERVED CVE-2020-16572 RESERVED CVE-2020-16571 RESERVED CVE-2020-16570 RESERVED CVE-2020-16569 RESERVED CVE-2020-16568 RESERVED CVE-2020-16567 RESERVED CVE-2020-16566 RESERVED CVE-2020-16565 RESERVED CVE-2020-16564 RESERVED CVE-2020-16563 RESERVED CVE-2020-16562 RESERVED CVE-2020-16561 RESERVED CVE-2020-16560 RESERVED CVE-2020-16559 RESERVED CVE-2020-16558 RESERVED CVE-2020-16557 RESERVED CVE-2020-16556 RESERVED CVE-2020-16555 RESERVED CVE-2020-16554 RESERVED CVE-2020-16553 RESERVED CVE-2020-16552 RESERVED CVE-2020-16551 RESERVED CVE-2020-16550 RESERVED CVE-2020-16549 RESERVED CVE-2020-16548 RESERVED CVE-2020-16547 RESERVED CVE-2020-16546 RESERVED CVE-2020-16545 RESERVED CVE-2020-16544 RESERVED CVE-2020-16543 RESERVED CVE-2020-16542 RESERVED CVE-2020-16541 RESERVED CVE-2020-16540 RESERVED CVE-2020-16539 RESERVED CVE-2020-16538 RESERVED CVE-2020-16537 RESERVED CVE-2020-16536 RESERVED CVE-2020-16535 RESERVED CVE-2020-16534 RESERVED CVE-2020-16533 RESERVED CVE-2020-16532 RESERVED CVE-2020-16531 RESERVED CVE-2020-16530 RESERVED CVE-2020-16529 RESERVED CVE-2020-16528 RESERVED CVE-2020-16527 RESERVED CVE-2020-16526 REJECTED CVE-2020-16525 RESERVED CVE-2020-16524 RESERVED CVE-2020-16523 RESERVED CVE-2020-16522 RESERVED CVE-2020-16521 RESERVED CVE-2020-16520 RESERVED CVE-2020-16519 RESERVED CVE-2020-16518 RESERVED CVE-2020-16517 RESERVED CVE-2020-16516 RESERVED CVE-2020-16515 RESERVED CVE-2020-16514 RESERVED CVE-2020-16513 RESERVED CVE-2020-16512 RESERVED CVE-2020-16511 RESERVED CVE-2020-16510 RESERVED CVE-2020-16509 RESERVED CVE-2020-16508 RESERVED CVE-2020-16507 RESERVED CVE-2020-16506 RESERVED CVE-2020-16505 RESERVED CVE-2020-16504 RESERVED CVE-2020-16503 RESERVED CVE-2020-16502 RESERVED CVE-2020-16501 RESERVED CVE-2020-16500 RESERVED CVE-2020-16499 RESERVED CVE-2020-16498 RESERVED CVE-2020-16497 RESERVED CVE-2020-16496 RESERVED CVE-2020-16495 RESERVED CVE-2020-16494 RESERVED CVE-2020-16493 RESERVED CVE-2020-16492 RESERVED CVE-2020-16491 RESERVED CVE-2020-16490 RESERVED CVE-2020-16489 RESERVED CVE-2020-16488 RESERVED CVE-2020-16487 RESERVED CVE-2020-16486 RESERVED CVE-2020-16485 RESERVED CVE-2020-16484 RESERVED CVE-2020-16483 RESERVED CVE-2020-16482 RESERVED CVE-2020-16481 RESERVED CVE-2020-16480 RESERVED CVE-2020-16479 RESERVED CVE-2020-16478 RESERVED CVE-2020-16477 RESERVED CVE-2020-16476 RESERVED CVE-2020-16475 RESERVED CVE-2020-16474 RESERVED CVE-2020-16473 RESERVED CVE-2020-16472 RESERVED CVE-2020-16471 RESERVED CVE-2020-16470 RESERVED CVE-2020-16469 RESERVED CVE-2020-16468 RESERVED CVE-2020-16467 RESERVED CVE-2020-16466 RESERVED CVE-2020-16465 RESERVED CVE-2020-16464 RESERVED CVE-2020-16463 RESERVED CVE-2020-16462 RESERVED CVE-2020-16461 RESERVED CVE-2020-16460 RESERVED CVE-2020-16459 RESERVED CVE-2020-16458 RESERVED CVE-2020-16457 RESERVED CVE-2020-16456 RESERVED CVE-2020-16455 RESERVED CVE-2020-16454 RESERVED CVE-2020-16453 RESERVED CVE-2020-16452 RESERVED CVE-2020-16451 RESERVED CVE-2020-16450 RESERVED CVE-2020-16449 RESERVED CVE-2020-16448 RESERVED CVE-2020-16447 RESERVED CVE-2020-16446 RESERVED CVE-2020-16445 RESERVED CVE-2020-16444 RESERVED CVE-2020-16443 RESERVED CVE-2020-16442 RESERVED CVE-2020-16441 RESERVED CVE-2020-16440 RESERVED CVE-2020-16439 RESERVED CVE-2020-16438 RESERVED CVE-2020-16437 RESERVED CVE-2020-16436 RESERVED CVE-2020-16435 RESERVED CVE-2020-16434 RESERVED CVE-2020-16433 RESERVED CVE-2020-16432 RESERVED CVE-2020-16431 RESERVED CVE-2020-16430 RESERVED CVE-2020-16429 RESERVED CVE-2020-16428 RESERVED CVE-2020-16427 RESERVED CVE-2020-16426 RESERVED CVE-2020-16425 RESERVED CVE-2020-16424 RESERVED CVE-2020-16423 RESERVED CVE-2020-16422 RESERVED CVE-2020-16421 RESERVED CVE-2020-16420 RESERVED CVE-2020-16419 RESERVED CVE-2020-16418 RESERVED CVE-2020-16417 RESERVED CVE-2020-16416 RESERVED CVE-2020-16415 RESERVED CVE-2020-16414 RESERVED CVE-2020-16413 RESERVED CVE-2020-16412 RESERVED CVE-2020-16411 RESERVED CVE-2020-16410 RESERVED CVE-2020-16409 RESERVED CVE-2020-16408 RESERVED CVE-2020-16407 RESERVED CVE-2020-16406 RESERVED CVE-2020-16405 RESERVED CVE-2020-16404 RESERVED CVE-2020-16403 RESERVED CVE-2020-16402 RESERVED CVE-2020-16401 RESERVED CVE-2020-16400 RESERVED CVE-2020-16399 RESERVED CVE-2020-16398 RESERVED CVE-2020-16397 RESERVED CVE-2020-16396 RESERVED CVE-2020-16395 RESERVED CVE-2020-16394 RESERVED CVE-2020-16393 RESERVED CVE-2020-16392 RESERVED CVE-2020-16391 RESERVED CVE-2020-16390 RESERVED CVE-2020-16389 RESERVED CVE-2020-16388 RESERVED CVE-2020-16387 RESERVED CVE-2020-16386 RESERVED CVE-2020-16385 RESERVED CVE-2020-16384 RESERVED CVE-2020-16383 RESERVED CVE-2020-16382 RESERVED CVE-2020-16381 RESERVED CVE-2020-16380 RESERVED CVE-2020-16379 RESERVED CVE-2020-16378 RESERVED CVE-2020-16377 RESERVED CVE-2020-16376 RESERVED CVE-2020-16375 RESERVED CVE-2020-16374 RESERVED CVE-2020-16373 RESERVED CVE-2020-16372 RESERVED CVE-2020-16371 RESERVED CVE-2020-16370 RESERVED CVE-2020-16369 RESERVED CVE-2020-16368 RESERVED CVE-2020-16367 RESERVED CVE-2020-16366 RESERVED CVE-2020-16365 RESERVED CVE-2020-16364 RESERVED CVE-2020-16363 RESERVED CVE-2020-16362 RESERVED CVE-2020-16361 RESERVED CVE-2020-16360 RESERVED CVE-2020-16359 RESERVED CVE-2020-16358 RESERVED CVE-2020-16357 RESERVED CVE-2020-16356 RESERVED CVE-2020-16355 RESERVED CVE-2020-16354 RESERVED CVE-2020-16353 RESERVED CVE-2020-16352 RESERVED CVE-2020-16351 RESERVED CVE-2020-16350 RESERVED CVE-2020-16349 RESERVED CVE-2020-16348 RESERVED CVE-2020-16347 RESERVED CVE-2020-16346 RESERVED CVE-2020-16345 RESERVED CVE-2020-16344 RESERVED CVE-2020-16343 RESERVED CVE-2020-16342 RESERVED CVE-2020-16341 RESERVED CVE-2020-16340 RESERVED CVE-2020-16339 RESERVED CVE-2020-16338 RESERVED CVE-2020-16337 RESERVED CVE-2020-16336 RESERVED CVE-2020-16335 RESERVED CVE-2020-16334 RESERVED CVE-2020-16333 RESERVED CVE-2020-16332 RESERVED CVE-2020-16331 RESERVED CVE-2020-16330 RESERVED CVE-2020-16329 RESERVED CVE-2020-16328 RESERVED CVE-2020-16327 RESERVED CVE-2020-16326 RESERVED CVE-2020-16325 RESERVED CVE-2020-16324 RESERVED CVE-2020-16323 RESERVED CVE-2020-16322 RESERVED CVE-2020-16321 RESERVED CVE-2020-16320 RESERVED CVE-2020-16319 RESERVED CVE-2020-16318 RESERVED CVE-2020-16317 RESERVED CVE-2020-16316 RESERVED CVE-2020-16315 RESERVED CVE-2020-16314 RESERVED CVE-2020-16313 RESERVED CVE-2020-16312 RESERVED CVE-2020-16311 RESERVED CVE-2020-16310 (A division by zero vulnerability in dot24_print_page() in devices/gdev ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701828 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e (9.51) CVE-2020-16309 (A buffer overflow vulnerability in lxm5700m_print_page() in devices/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701827 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10 (9.51) NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger CVE-2020-16308 (A buffer overflow vulnerability in p_print_image() in devices/gdevcdj. ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701829 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6 (9.51) CVE-2020-16307 (A null pointer dereference vulnerability in devices/vector/gdevtxtw.c ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701822 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f (9.51) CVE-2020-16306 (A null pointer dereference vulnerability in devices/gdevtsep.c of Arti ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701821 CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701819 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 (9.51) CVE-2020-16304 (A buffer overflow vulnerability in image_render_color_thresh() in base ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701816 NOTE: PoC requires de8b6458abaeb9d0b14f02377f3e617f2854e647 (9.27) to trigger CVE-2020-16303 (A use-after-free vulnerability in xps_finish_image_path() in devices/v ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701818 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a (9.51) CVE-2020-16302 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701815 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 (9.51) CVE-2020-16301 (A buffer overflow vulnerability in okiibm_print_page1() in devices/gde ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701808 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc (9.51) CVE-2020-16300 (A buffer overflow vulnerability in tiff12_print_page() in devices/gdev ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701807 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e (9.51) CVE-2020-16299 (A Division by Zero vulnerability in bj10v_print_page() in contrib/japa ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701801 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=19cebe708b9ee3d9e0f8bcdd79dbc6ef9ddc70d2 (9.51) NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece468706e0e89ed2856729b2ccacbc112be (9.51) CVE-2020-16298 (A buffer overflow vulnerability in mj_color_correct() in contrib/japan ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701799 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af (9.51) CVE-2020-16297 (A buffer overflow vulnerability in FloydSteinbergDitheringC() in contr ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701800 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39 (9.51) CVE-2020-16296 (A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/ ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51) NOTE: chunk #2, see also CVE-2020-17538 CVE-2020-16295 (A null pointer dereference vulnerability in clj_media_size() in device ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701796 CVE-2020-16294 (A buffer overflow vulnerability in epsc_print_page() in devices/gdevep ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701794 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358 (9.51) CVE-2020-16293 (A null pointer dereference vulnerability in compose_group_nonknockout_ ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701795 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231 (9.51) CVE-2020-16292 (A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701793 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7 (9.51) CVE-2020-16291 (A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Softwa ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701787 CVE-2020-16290 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701786 CVE-2020-16289 (A buffer overflow vulnerability in cif_print_page() in devices/gdevcif ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701788 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768 (9.51) CVE-2020-16288 (A buffer overflow vulnerability in pj_common_print_page() in devices/g ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f (9.51) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701791 CVE-2020-16287 (A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gd ...) {DSA-4748-1 DLA-2335-1} - ghostscript 9.51~dfsg-1 NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701785 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6 (9.51) CVE-2020-16286 RESERVED CVE-2020-16285 RESERVED CVE-2020-16284 RESERVED CVE-2020-16283 RESERVED CVE-2020-16282 (In the default configuration of Rangee GmbH RangeeOS 8.0.4, all compon ...) NOT-FOR-US: Rangee CVE-2020-16281 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a loca ...) NOT-FOR-US: Rangee CVE-2020-16280 (Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plain ...) NOT-FOR-US: Rangee CVE-2020-16279 (The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to R ...) NOT-FOR-US: Rangee CVE-2020-16278 (A cross-site scripting (XSS) vulnerability in the Permissions componen ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16277 (An SQL injection vulnerability in the Analytics component of SAINT Sec ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16276 (An SQL injection vulnerability in the Assets component of SAINT Securi ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16275 (A cross-site scripting (XSS) vulnerability in the Credential Manager c ...) NOT-FOR-US: SAINT Security Suite CVE-2020-16274 RESERVED CVE-2020-16273 (In Arm software implementing the Armv8-M processors (all versions), th ...) NOT-FOR-US: Arm hardware issue CVE-2020-16272 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is mis ...) NOT-FOR-US: Kee Vault KeePassRPC CVE-2020-16271 (The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 genera ...) NOT-FOR-US: Kee Vault KeePassRPC CVE-2020-16270 (OLIMPOKS under 3.3.39 allows Auth/Admin ErrorMessage XSS. Remote Attac ...) NOT-FOR-US: OLIMPOKS CVE-2020-16269 (radare2 4.5.0 misparses DWARF information in executable files, causing ...) - radare2 5.0.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/issues/17383 CVE-2020-16268 (The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote a ...) NOT-FOR-US: 1E Client CVE-2020-16267 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-16266 (An XSS issue was discovered in MantisBT before 2.24.2. Improper escapi ...) - mantis CVE-2020-16265 RESERVED CVE-2020-16264 RESERVED CVE-2020-16263 (Winston 1.5.4 devices have a CORS configuration that trusts arbitrary ...) NOT-FOR-US: Winston devices CVE-2020-16262 (Winston 1.5.4 devices have a local www-data user that is overly permis ...) NOT-FOR-US: Winston devices CVE-2020-16261 (Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local roo ...) NOT-FOR-US: Winston devices CVE-2020-16260 (Winston 1.5.4 devices do not enforce authorization. This is exploitabl ...) NOT-FOR-US: Winston devices CVE-2020-16259 (Winston 1.5.4 devices have an SSH user account with access from bastio ...) NOT-FOR-US: Winston devices CVE-2020-16258 (Winston 1.5.4 devices make use of a Monit service (not managed during ...) NOT-FOR-US: Winston devices CVE-2020-16257 (Winston 1.5.4 devices are vulnerable to command injection via the API. ...) NOT-FOR-US: Winston devices CVE-2020-16256 (The API on Winston 1.5.4 devices is vulnerable to CSRF. ...) NOT-FOR-US: Winston devices CVE-2020-16255 (ownCloud (Core) before 10.5 allows XSS in login page 'forgot password. ...) - owncloud CVE-2020-16254 (The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets ...) NOT-FOR-US: Chartkick gem CVE-2020-16253 (The PgHero gem through 2.6.0 for Ruby allows CSRF. ...) - ruby-pghero (bug #882288) CVE-2020-16252 (The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. ...) NOT-FOR-US: Field Test gem CVE-2020-16251 (HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when co ...) NOT-FOR-US: HashiCorp Vault CVE-2020-16250 (HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when co ...) NOT-FOR-US: HashiCorp Vault CVE-2020-16249 RESERVED CVE-2020-16248 (** DISPUTED ** Prometheus Blackbox Exporter through 0.17.0 allows /pro ...) - prometheus-blackbox-exporter (unimportant) NOTE: https://github.com/prometheus/blackbox_exporter/issues/669 NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/12 NOTE: https://www.openwall.com/lists/oss-security/2020/08/08/3 NOTE: Upstream of the project did disputed the CVE. Upstream position is NOTE: that the refererred behaviour is intended functionality. CVE-2020-16247 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-16246 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...) NOT-FOR-US: Reason S20 Ethernet Switch CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...) NOT-FOR-US: Advantech CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...) NOT-FOR-US: GE Digital APM Classic CVE-2020-16243 (Multiple buffer overflow vulnerabilities exist when LeviStudioU (Versi ...) NOT-FOR-US: LeviStudioU CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...) NOT-FOR-US: General Electric CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...) NOT-FOR-US: Philips SureSigns CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure direct obj ...) NOT-FOR-US: GE Digital APM Classic CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...) NOT-FOR-US: Philips SureSigns CVE-2020-16238 RESERVED CVE-2020-16237 (Philips SureSigns VS4, A.07.107 and prior. The product receives input ...) NOT-FOR-US: Philips SureSigns CVE-2020-16236 (FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a ...) NOT-FOR-US: FPWIN Pro CVE-2020-16235 RESERVED CVE-2020-16234 (In PLC WinProladder Version 3.28 and prior, a stack-based buffer overf ...) NOT-FOR-US: PLC WinProladder CVE-2020-16233 (An attacker could send a specially crafted packet that could have Code ...) NOT-FOR-US: CodeMeter CVE-2020-16232 RESERVED CVE-2020-16231 RESERVED CVE-2020-16230 (All version of Ewon Flexy and Cosy prior to 14.1 use wildcards such as ...) NOT-FOR-US: HMS Networks CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16228 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16227 (Delta Electronics TPEditor Versions 1.97 and prior. An improper input ...) NOT-FOR-US: Delta Electronics CVE-2020-16226 (Multiple Mitsubishi Electric products are vulnerable to impersonations ...) NOT-FOR-US: Mitsubishi CVE-2020-16225 (Delta Electronics TPEditor Versions 1.97 and prior. A write-what-where ...) NOT-FOR-US: Delta Electronics CVE-2020-16224 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16223 (Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffe ...) NOT-FOR-US: Delta Electronics CVE-2020-16222 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16221 (Delta Electronics TPEditor Versions 1.97 and prior. A stack-based buff ...) NOT-FOR-US: Delta Electronics CVE-2020-16220 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16219 (Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds r ...) NOT-FOR-US: Delta Electronics CVE-2020-16218 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16217 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A doubl ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16216 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16215 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16214 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16213 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16212 (Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, Perfo ...) NOT-FOR-US: Philips CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out- ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16210 (The affected product is vulnerable to reflected cross-site scripting, ...) NOT-FOR-US: N-Tron CVE-2020-16209 RESERVED CVE-2020-16208 (The affected product is vulnerable to cross-site request forgery, whic ...) NOT-FOR-US: N-Tron CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multipl ...) NOT-FOR-US: Advantech WebAccess CVE-2020-16206 (The affected product is vulnerable to stored cross-site scripting, whi ...) NOT-FOR-US: N-Tron CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated user can ...) NOT-FOR-US: G-Cam and G-Code CVE-2020-16204 (The affected product is vulnerable due to an undocumented interface fo ...) NOT-FOR-US: N-Tron CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation CVE-2020-16202 (WebAccess Node (All versions prior to 9.0.1) has incorrect permissions ...) NOT-FOR-US: WebAccess Node CVE-2020-16201 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation CVE-2020-16200 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-16199 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) NOT-FOR-US: Delta Industrial Automation CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Wh ...) NOT-FOR-US: Philips CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...) NOT-FOR-US: Octopus Deploy CVE-2020-16196 REJECTED CVE-2020-16195 RESERVED CVE-2020-16194 (An Insecure Direct Object Reference (IDOR) vulnerability was found in ...) NOT-FOR-US: Prestashop Opart devis CVE-2020-16193 (osTicket before 1.14.3 allows XSS because include/staff/banrule.inc.ph ...) NOT-FOR-US: osTicket CVE-2020-16192 (LimeSurvey 4.3.2 allows reflected XSS because application/controllers/ ...) - limesurvey (bug #472802) CVE-2020-16191 RESERVED CVE-2020-16190 RESERVED CVE-2020-16189 RESERVED CVE-2020-16188 RESERVED CVE-2020-16187 RESERVED CVE-2020-16186 REJECTED CVE-2020-16185 RESERVED CVE-2020-16184 RESERVED CVE-2020-16183 RESERVED CVE-2020-16182 RESERVED CVE-2020-16181 RESERVED CVE-2020-16180 RESERVED CVE-2020-16179 RESERVED CVE-2020-16178 RESERVED CVE-2020-16177 RESERVED CVE-2020-16176 RESERVED CVE-2020-16175 RESERVED CVE-2020-16174 RESERVED CVE-2020-16173 RESERVED CVE-2020-16172 RESERVED CVE-2020-16171 (An issue was discovered in Acronis Cyber Backup before 12.5 Build 1634 ...) NOT-FOR-US: Acronis CVE-2020-16170 (Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Andr ...) NOT-FOR-US: Temi application fo Android CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in temi Robox ...) NOT-FOR-US: Temi Robox OS CVE-2020-16168 (Origin Validation Error in temi Robox OS prior to 120, temi Android ap ...) NOT-FOR-US: Temi firmware CVE-2020-16167 (Missing Authentication for Critical Function in temi Robox OS prior to ...) NOT-FOR-US: Temi Launcher OS CVE-2020-16166 (The Linux kernel through 5.7.11 allows remote attackers to make observ ...) {DLA-2420-1 DLA-2385-1} - linux 5.7.17-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/f227e3ec3b5cad859ad15666874405e8c1bbc1d4 CVE-2020-16165 (The DAO/DTO implementation in SpringBlade through 2.7.1 allows SQL Inj ...) NOT-FOR-US: SpringBlade CVE-2020-16164 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...) NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16163 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...) NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16162 (** DISPUTED ** An issue was discovered in RIPE NCC RPKI Validator 3.x ...) NOT-FOR-US: RIPE NCC RPKI Validator CVE-2020-16161 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Sca ...) NOT-FOR-US: GoPro CVE-2020-16160 (GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Dec ...) NOT-FOR-US: GoPro CVE-2020-16159 (GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GP ...) NOT-FOR-US: GoPro CVE-2020-16158 (GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerab ...) NOT-FOR-US: GoPro CVE-2020-16157 (A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 vi ...) NOT-FOR-US: Nagios Log Server CVE-2020-16156 [Signature Verification Bypass] RESERVED - perl [bullseye] - perl (Minor issue) [buster] - perl (Minor issue) [stretch] - perl (Minor issue) NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html CVE-2020-16155 [does not uniquely define signed data] RESERVED - libcpan-checksums-perl [bullseye] - libcpan-checksums-perl (Minor issue) [buster] - libcpan-checksums-perl (Minor issue) [stretch] - libcpan-checksums-perl (Minor issue) NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html CVE-2020-16154 [Signature Verification Bypass] RESERVED - cpanminus [bullseye] - cpanminus (Minor issue) [buster] - cpanminus (Minor issue) [stretch] - cpanminus (Minor issue) NOTE: https://blog.hackeriet.no/cpan-signature-verification-vulnerabilities/ NOTE: http://blogs.perl.org/users/neilb/2021/11/addressing-cpan-vulnerabilities-related-to-checksums.html CVE-2020-16153 RESERVED CVE-2020-16152 (The NetConfig UI administrative interface in Extreme Networks ExtremeW ...) NOT-FOR-US: Extreme Networks CVE-2020-16151 RESERVED CVE-2020-16150 (A Lucky 13 timing side channel in mbedtls_ssl_decrypt_buf in library/s ...) - mbedtls 2.16.9-0.1 (bug #972806) [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-09-1 CVE-2020-16149 REJECTED CVE-2020-16148 (The ping page of the administration panel in Telmat AccessLog <= 6. ...) NOT-FOR-US: Telmat AccessLog CVE-2020-16147 (The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an ...) NOT-FOR-US: Telmat AccessLog CVE-2020-16146 (Espressif ESP-IDF 2.x, 3.0.x through 3.0.9, 3.1.x through 3.1.7, 3.2.x ...) NOT-FOR-US: Espressif CVE-2020-16145 (Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML me ...) {DSA-4744-1 DLA-2322-1} - roundcube 1.4.8+dfsg.1-1 (bug #968216) NOTE: https://github.com/roundcube/roundcubemail/commit/a71bf2e8d4a64ff2c83fdabc1e8cb0c045a41ef4 (1.4.8) NOTE: https://github.com/roundcube/roundcubemail/commit/d44ca2308a96576b88d6bf27528964d4fe1a6b8b (1.3.15) NOTE: https://github.com/roundcube/roundcubemail/commit/589d36010048300ed39f4887aab1afd3ae98d00e (1.2.12) CVE-2020-16144 (When using an object storage like S3 as the file store, when a user cr ...) - owncloud CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijac ...) - seafile-client (Windows-specific) CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the B ...) NOT-FOR-US: Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles CVE-2020-16141 RESERVED CVE-2020-16140 (The search functionality of the Greenmart theme 2.4.2 for WordPress is ...) NOT-FOR-US: search functionality of the Greenmart theme for WordPress CVE-2020-16139 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service in Cisco Unified I ...) NOT-FOR-US: Cisco CVE-2020-16138 (** UNSUPPORTED WHEN ASSIGNED ** A denial-of-service issue in Cisco Uni ...) NOT-FOR-US: Cisco CVE-2020-16137 (** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation issue in Cisco ...) NOT-FOR-US: Cisco CVE-2020-16136 (In tgstation-server 4.4.0 and 4.4.1, an authenticated user with permis ...) NOT-FOR-US: tgstation-server CVE-2020-16135 (libssh 0.9.4 has a NULL pointer dereference in tftpserver.c if ssh_buf ...) {DLA-2303-1} - libssh 0.9.5-1 (bug #966560) [buster] - libssh (Minor issue) NOTE: https://bugs.libssh.org/T232 NOTE: https://bugs.libssh.org/rLIBSSHe631ebb3e2247dd25e9678e6827c20dc73b73238 NOTE: https://gitlab.com/libssh/libssh-mirror/-/merge_requests/120 CVE-2020-16134 (An issue was discovered on Swisscom Internet Box 2, Internet Box Stand ...) NOT-FOR-US: Swisscom CVE-2020-16133 RESERVED CVE-2020-16132 REJECTED CVE-2020-16131 (Tiki before 21.2 allows XSS because [\s\/"\'] is not properly consider ...) - tikiwiki CVE-2020-16130 RESERVED CVE-2020-16129 RESERVED CVE-2020-16128 (The aptdaemon DBus interface disclosed file existence disclosure by se ...) - aptdaemon NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1899513 CVE-2020-16127 (An Ubuntu-specific modification to AccountsService in versions before ...) - accountsservice (Ubuntu-specific issue in 0010-set-language.patch) CVE-2020-16126 (An Ubuntu-specific modification to AccountsService in versions before ...) - accountsservice (Ubuntu-specific issue in 0010-set-language.patch) CVE-2020-16125 (gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup ...) {DLA-2434-1} - gdm3 3.38.2-1 [buster] - gdm3 (Minor issue on Debian) NOTE: https://github.com/GNOME/gdm/commit/dc8235128c3a1fcd5da8f30ab6839d413d353f28 NOTE: https://gitlab.gnome.org/GNOME/gdm/-/issues/642 CVE-2020-16124 (Integer Overflow or Wraparound vulnerability in the XML RPC library of ...) - ros-ros-comm 1.15.8+ds1-2 [buster] - ros-ros-comm 1.14.3+ds1-5+deb10u2 [stretch] - ros-ros-comm (Minor issue) NOTE: https://github.com/ros/ros_comm/pull/2065 CVE-2020-16123 (An Ubuntu-specific patch in PulseAudio created a race condition where ...) - pulseaudio (Ubuntu-specific issue) CVE-2020-16122 (PackageKit's apt backend mistakenly treated all local debs as trusted. ...) {DLA-2399-1} - packagekit 1.2.1-1 (bug #972229) [buster] - packagekit (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1882098 CVE-2020-16121 (PackageKit provided detailed error messages to unprivileged callers th ...) {DLA-2399-1} - packagekit 1.2.1-1 (bug #972229) [buster] - packagekit (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/1888887 CVE-2020-16120 (Overlayfs did not properly perform permission checking when copying up ...) - linux 5.8.7-1 [stretch] - linux (Vulnerable configuration combination not possible) NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/6 CVE-2020-16119 (Use-after-free vulnerability in the Linux kernel exploitable by a loca ...) {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://www.openwall.com/lists/oss-security/2020/10/13/7 NOTE: https://git.kernel.org/linus/d9ea761fdd197351890418acd462c51f241014a7 CVE-2020-16118 (In GNOME Balsa before 2.6.0, a malicious server operator or man in the ...) - balsa 2.6.0-1 [buster] - balsa (Minor issue) [stretch] - balsa (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/balsa/-/commit/4e245d758e1c826a01080d40c22ca8706f0339e5 NOTE: https://gitlab.gnome.org/GNOME/balsa/-/issues/23 CVE-2020-16117 (In GNOME evolution-data-server before 3.35.91, a malicious server can ...) {DLA-2309-1} - evolution-data-server 3.36.0-1 [buster] - evolution-data-server (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/2cc39592b532cf0dc994fd3694b8e6bf924c9ab5 NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/commit/627c3cdbfd077e59aa288c85ff8272950577f1d7 NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/189 CVE-2020-16116 (In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can ...) {DSA-4738-1} - ark 4:20.04.3-1 [stretch] - ark (Intrusive to backport, partial patch for GUI https://people.debian.org/~abhijith/upload/backport_to_1608.patch) NOTE: https://kde.org/info/security/advisory-20200730-1.txt NOTE: https://invent.kde.org/utilities/ark/-/commit/0df592524fed305d6fbe74ddf8a196bc9ffdb92f CVE-2020-16115 REJECTED CVE-2020-16114 REJECTED CVE-2020-16113 REJECTED CVE-2020-16112 REJECTED CVE-2020-16111 REJECTED CVE-2020-16110 REJECTED CVE-2020-16109 REJECTED CVE-2020-16108 REJECTED CVE-2020-16107 REJECTED CVE-2020-16106 REJECTED CVE-2020-16105 REJECTED CVE-2020-16104 (SQL Injection vulnerability in Enterprise Data Interface of Gallagher ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16103 (Type confusion in Gallagher Command Centre Server allows a remote atta ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16102 (Improper Authentication vulnerability in Gallagher Command Centre Serv ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16101 (It is possible for an unauthenticated remote DCOM websocket connection ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16100 (It is possible for an unauthenticated remote DCOM websocket connection ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16099 (In Gallagher Command Centre v8.20 prior to v8.20.1093(MR2) it is possi ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16098 (It is possible to enumerate access card credentials via an unauthentic ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16097 (On controllers running versions of v8.20 prior to vCR8.20.200221b (dis ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16096 (In Gallagher Command Centre versions 8.10 prior to 8.10.1134(MR4), 8.0 ...) NOT-FOR-US: Gallagher Command Centre Server CVE-2020-16095 (The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 all ...) NOT-FOR-US: dlf for TYPO3 CVE-2020-16094 (In imap_scan_tree_recursive in Claws Mail through 3.17.6, a malicious ...) - claws-mail 3.17.7-1 (bug #966630) [buster] - claws-mail (Minor issue) [stretch] - claws-mail (Minor issue) NOTE: https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4313 CVE-2020-16093 RESERVED - lemonldap-ng 2.0.9+ds-1 [buster] - lemonldap-ng (Minor issue) [stretch] - lemonldap-ng (Minor issue + 2.x is a complete re-write, so very hard to backport!) NOTE: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/issues/2250 CVE-2020-16092 (In QEMU through 5.0.0, an assertion failure can occur in the network p ...) {DSA-4760-1 DLA-2373-1} - qemu 1:5.1+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860283 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=035e69b063835a5fd23cacabd63690a3d84532a8 CVE-2020-16091 REJECTED CVE-2020-16090 RESERVED CVE-2020-16089 RESERVED CVE-2020-16088 (iked in OpenIKED, as used in OpenBSD through 6.7, allows authenticatio ...) NOT-FOR-US: OpenIKED CVE-2020-16087 (An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An a ...) NOT-FOR-US: VNG Zalo Desktop CVE-2020-16086 RESERVED CVE-2020-16085 RESERVED CVE-2020-16084 RESERVED CVE-2020-16083 RESERVED CVE-2020-16082 RESERVED CVE-2020-16081 RESERVED CVE-2020-16080 RESERVED CVE-2020-16079 RESERVED CVE-2020-16078 RESERVED CVE-2020-16077 RESERVED CVE-2020-16076 RESERVED CVE-2020-16075 RESERVED CVE-2020-16074 RESERVED CVE-2020-16073 RESERVED CVE-2020-16072 RESERVED CVE-2020-16071 RESERVED CVE-2020-16070 RESERVED CVE-2020-16069 RESERVED CVE-2020-16068 RESERVED CVE-2020-16067 RESERVED CVE-2020-16066 RESERVED CVE-2020-16065 RESERVED CVE-2020-16064 RESERVED CVE-2020-16063 RESERVED CVE-2020-16062 RESERVED CVE-2020-16061 RESERVED CVE-2020-16060 RESERVED CVE-2020-16059 RESERVED CVE-2020-16058 RESERVED CVE-2020-16057 RESERVED CVE-2020-16056 RESERVED CVE-2020-16055 RESERVED CVE-2020-16054 RESERVED CVE-2020-16053 RESERVED CVE-2020-16052 RESERVED CVE-2020-16051 RESERVED CVE-2020-16050 RESERVED CVE-2020-16049 RESERVED CVE-2020-16048 (Out of bounds read in ANGLE allowed a remote attacker to obtain sensit ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1926979 CVE-2020-16047 RESERVED CVE-2020-16046 (Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147. ...) - chromium (Only affects Chrome on iOS) CVE-2020-16045 (Use after Free in Payments in Google Chrome on Android prior to 87.0.4 ...) - chromium (Only affects Chrome on Android) CVE-2020-16044 (Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowe ...) {DSA-4846-1 DSA-4842-1 DSA-4827-1 DLA-2541-1 DLA-2521-1} - firefox 84.0.2-1 - firefox-esr 78.6.1esr-1 - thunderbird 1:78.6.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/#CVE-2020-16044 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-02/#CVE-2020-16044 CVE-2020-16043 (Insufficient data validation in networking in Google Chrome prior to 8 ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2020-16042 (Uninitialized Use in V8 in Google Chrome prior to 87.0.4280.88 allowed ...) {DSA-4824-1 DSA-4815-1 DSA-4813-1 DLA-2497-1 DLA-2496-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) - firefox 84.0-1 - firefox-esr 78.6.0esr-1 - thunderbird 1:78.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-54/#CVE-2020-16042 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-55/#CVE-2020-16042 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-56/#CVE-2020-16042 CVE-2020-16041 (Out of bounds read in networking in Google Chrome prior to 87.0.4280.8 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16040 (Insufficient data validation in V8 in Google Chrome prior to 87.0.4280 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16039 (Use after free in extensions in Google Chrome prior to 87.0.4280.88 al ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16038 (Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16037 (Use after free in clipboard in Google Chrome prior to 87.0.4280.88 all ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16036 (Inappropriate implementation in cookies in Google Chrome prior to 87.0 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16035 (Insufficient data validation in cros-disks in Google Chrome on ChromeO ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16034 (Inappropriate implementation in WebRTC in Google Chrome prior to 87.0. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16033 (Inappropriate implementation in WebUSB in Google Chrome prior to 87.0. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16032 (Insufficient data validation in sharing in Google Chrome prior to 87.0 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16031 (Insufficient data validation in UI in Google Chrome prior to 87.0.4280 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16030 (Insufficient data validation in Blink in Google Chrome prior to 87.0.4 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16029 (Inappropriate implementation in PDFium in Google Chrome prior to 87.0. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16028 (Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16027 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16026 (Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16025 (Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16024 (Heap buffer overflow in UI in Google Chrome prior to 87.0.4280.66 allo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16023 (Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 all ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16022 (Insufficient policy enforcement in networking in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16021 (Race in image burner in Google Chrome on ChromeOS prior to 87.0.4280.6 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16020 (Inappropriate implementation in cryptohome in Google Chrome on ChromeO ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16019 (Inappropriate implementation in filesystem in Google Chrome on ChromeO ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16018 (Use after free in payments in Google Chrome prior to 87.0.4280.66 allo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16017 (Use after free in site isolation in Google Chrome prior to 86.0.4240.1 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16016 (Inappropriate implementation in base in Google Chrome prior to 86.0.42 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16015 (Insufficient data validation in WASM in Google Chrome prior to 87.0.42 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16014 (Use after free in PPAPI in Google Chrome prior to 87.0.4280.66 allowed ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16013 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16012 (Side-channel information leakage in graphics in Google Chrome prior to ...) {DSA-4824-1 DSA-4796-1 DSA-4793-1 DLA-2464-1 DLA-2457-1} - firefox 83.0-1 - firefox-esr 78.5.0esr-1 - thunderbird 1:78.5.0-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-50/#CVE-2020-16012 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-51/#CVE-2020-16012 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-52/#CVE-2020-16012 CVE-2020-16011 (Heap buffer overflow in UI in Google Chrome on Windows prior to 86.0.4 ...) {DSA-4824-1} - chromium (Windows-specific) CVE-2020-16010 (Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4 ...) - chromium (Android-specific) CVE-2020-16009 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16008 (Stack buffer overflow in WebRTC in Google Chrome prior to 86.0.4240.18 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16007 (Insufficient data validation in installer in Google Chrome prior to 86 ...) - chromium (debian package disables the installer) CVE-2020-16006 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16005 (Insufficient policy enforcement in ANGLE in Google Chrome prior to 86. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16004 (Use after free in user interface in Google Chrome prior to 86.0.4240.1 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16003 (Use after free in printing in Google Chrome prior to 86.0.4240.111 all ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16002 (Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allow ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16001 (Use after free in media in Google Chrome prior to 86.0.4240.111 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-16000 (Inappropriate implementation in Blink in Google Chrome prior to 86.0.4 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15999 (Heap buffer overflow in Freetype in Google Chrome prior to 86.0.4240.1 ...) {DSA-4824-1 DSA-4777-1 DLA-2415-1} - freetype 2.10.2+dfsg-4 (bug #972586) NOTE: https://www.openwall.com/lists/oss-security/2020/10/20/7 NOTE: https://savannah.nongnu.org/bugs/?59308 NOTE: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a3bab162b2ae616074c8877a04556932998aeacd NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2103 CVE-2020-15998 (Use after free in USB in Google Chrome prior to 86.0.4240.99 allowed a ...) - chromium (Chrome on Android) CVE-2020-15997 (Use after free in Mojo in Google Chrome prior to 86.0.4240.99 allowed ...) - chromium (Chrome on Android) CVE-2020-15996 (Use after free in passwords in Google Chrome prior to 86.0.4240.99 all ...) - chromium (Chrome on Android) CVE-2020-15995 (Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allow ...) {DSA-4832-1} - chromium 87.0.4280.141-0.1 (bug #979533) [stretch] - chromium (see DSA 4562) CVE-2020-15994 (Use after free in V8 in Google Chrome prior to 86.0.4240.99 allowed a ...) - chromium (Chrome on Android) CVE-2020-15993 (Use after free in printing in Google Chrome prior to 86.0.4240.99 allo ...) - chromium (Chrome on Android) CVE-2020-15992 (Insufficient policy enforcement in networking in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15991 (Use after free in password manager in Google Chrome prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15990 (Use after free in autofill in Google Chrome prior to 86.0.4240.75 allo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15989 (Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 al ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15988 (Insufficient policy enforcement in downloads in Google Chrome on Windo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15987 (Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15986 (Integer overflow in media in Google Chrome prior to 86.0.4240.75 allow ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15985 (Inappropriate implementation in Blink in Google Chrome prior to 86.0.4 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15984 (Insufficient policy enforcement in Omnibox in Google Chrome on iOS pri ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15983 (Insufficient data validation in webUI in Google Chrome on ChromeOS pri ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15982 (Inappropriate implementation in cache in Google Chrome prior to 86.0.4 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15981 (Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 all ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15980 (Insufficient policy enforcement in Intents in Google Chrome on Android ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15979 (Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15978 (Insufficient data validation in navigation in Google Chrome on Android ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15977 (Insufficient data validation in dialogs in Google Chrome on OS X prior ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15976 (Use after free in WebXR in Google Chrome on Android prior to 86.0.4240 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15975 (Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15974 (Integer overflow in Blink in Google Chrome prior to 86.0.4240.75 allow ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15973 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15972 (Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15971 (Use after free in printing in Google Chrome prior to 86.0.4240.75 allo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15970 (Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15969 (Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowe ...) {DSA-4824-1 DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) - firefox 82.0-1 - firefox-esr 78.4.0esr-1 - thunderbird 1:78.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15969 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15969 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15969 CVE-2020-15968 (Use after free in Blink in Google Chrome prior to 86.0.4240.75 allowed ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15967 (Use after free in payments in Google Chrome prior to 86.0.4240.75 allo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15966 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15965 (Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15964 (Insufficient data validation in media in Google Chrome prior to 85.0.4 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15963 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15962 (Insufficient policy validation in serial in Google Chrome prior to 85. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15961 (Insufficient policy validation in extensions in Google Chrome prior to ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15960 (Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.12 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15959 (Insufficient policy enforcement in networking in Google Chrome prior t ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-15958 (An issue was discovered in 1CRM System through 8.6.7. An insecure dire ...) NOT-FOR-US: 1CRM System CVE-2020-15957 (An issue was discovered in DP3T-Backend-SDK before 1.1.1 for Decentral ...) NOT-FOR-US: DP3T-Backend-SDK for Decentralised Privacy-Preserving Proximity Tracing (DP3T) CVE-2020-15956 (ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows re ...) NOT-FOR-US: ACTi NVR3 Standard Server CVE-2020-15955 (In s/qmail through 4.0.07, an active MitM can inject arbitrary plainte ...) NOT-FOR-US: s/qmail CVE-2020-15954 (KDE KMail 19.12.3 (aka 5.13.3) engages in unencrypted POP3 communicati ...) {DLA-2300-1} - kdepim-runtime 4:20.04.1-2 (bug #966666) [buster] - kdepim-runtime (Minor issue) - kmail-account-wizard 4:20.04.1-2 (bug #966667) [buster] - kmail-account-wizard (Minor issue) - ksmtp [bullseye] - ksmtp (Minor issue; Upstream changes change API) [buster] - ksmtp (Minor issue; Upstream changes change API) NOTE: https://bugs.kde.org/show_bug.cgi?id=423426 NOTE: kdepim-runtime: https://invent.kde.org/pim/kdepim-runtime/commit/bd64ab29116aa7318fdee7f95878ff97580162f2 NOTE: kmail-account-wizard: https://invent.kde.org/pim/kmail-account-wizard/commit/a64d80e523edce7d3d59c26834973418fae042f6 NOTE: https://kde.org/info/security/advisory-20211118-1.txt NOTE: https://bugs.kde.org/show_bug.cgi?id=423423 CVE-2020-15953 (LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other ...) {DLA-2329-1} - libetpan 1.9.4-3 (bug #966647) [buster] - libetpan (Minor issue) NOTE: https://github.com/dinhvh/libetpan/issues/386 NOTE: https://github.com/dinhvh/libetpan/pull/387 NOTE: https://github.com/dinhvh/libetpan/pull/388 CVE-2020-15952 (Immuta v2.8.2 is affected by stored XSS that allows a low-privileged u ...) NOT-FOR-US: Immuta CVE-2020-15951 (Immuta v2.8.2 accepts user-supplied project names without properly san ...) NOT-FOR-US: Immuta CVE-2020-15950 (Immuta v2.8.2 is affected by improper session management: user session ...) NOT-FOR-US: Immuta CVE-2020-15949 (Immuta v2.8.2 is affected by one instance of insecure permissions that ...) NOT-FOR-US: Immuta CVE-2020-15948 (eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. ...) NOT-FOR-US: eGain Chat CVE-2020-25573 (An issue was discovered in the linked-hash-map crate before 0.5.3 for ...) - rust-linked-hash-map 0.5.4-1 (bug #966246) [buster] - rust-linked-hash-map (Minor issue) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0026.html CVE-2020-15947 (A SQL injection vulnerability in the qm_adm/qm_export_stats_run.do end ...) NOT-FOR-US: Loway QueueMetrics CVE-2020-15946 RESERVED CVE-2020-15945 (Lua through 5.4.0 has a segmentation fault in changedline in ldebug.c ...) - lua5.4 5.4.1-1 - lua5.3 (Specific to 5.4) - lua5.2 (Specific to 5.4) - lua5.1 (Specific to 5.4) - lua50 (Specific to 5.4) NOTE: https://github.com/lua/lua/commit/a2195644d89812e5b157ce7bac35543e06db05e3 (v5.4.1) NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00123.html CVE-2020-15944 (An issue was discovered in the Gantt-Chart module before 5.5.5 for Jir ...) NOT-FOR-US: Gantt-Chart module for Jira CVE-2020-15943 (An issue was discovered in the Gantt-Chart module before 5.5.4 for Jir ...) NOT-FOR-US: Gantt-Chart module for Jira CVE-2020-15942 (An information disclosure vulnerability in Web Vulnerability Scan prof ...) NOT-FOR-US: Fortinet CVE-2020-15941 (A path traversal vulnerability [CWE-22] in FortiClientEMS versions 6.4 ...) NOT-FOR-US: Fortiguard CVE-2020-15940 (An improper neutralization of input vulnerability [CWE-79] in FortiCli ...) NOT-FOR-US: Fortiguard CVE-2020-15939 (An improper access control vulnerability (CWE-284) in FortiSandbox ver ...) NOT-FOR-US: FortiGuard CVE-2020-15938 (When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the ...) NOT-FOR-US: FortiGate FortiGuard CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate version ...) NOT-FOR-US: FortiGate FortiGuard CVE-2020-15936 RESERVED CVE-2020-15935 (A cleartext storage of sensitive information in GUI in FortiADC versio ...) NOT-FOR-US: Fortiguard CVE-2020-15934 RESERVED CVE-2020-15933 RESERVED CVE-2020-15932 (Overwolf before 0.149.2.30 mishandles Symbolic Links during updates, c ...) NOT-FOR-US: Overwolf CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attackers to ...) NOT-FOR-US: Netwrix Account Lockout Examiner CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...) NOT-FOR-US: Joplin desktop CVE-2020-15929 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...) NOT-FOR-US: Ortus TestBox CVE-2020-15928 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...) NOT-FOR-US: Ortus TestBox CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...) NOT-FOR-US: Rocket.Chat CVE-2020-15925 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...) NOT-FOR-US: Loway QueueMetrics CVE-2020-15924 (There is a SQL Injection in Mida eFramework through 2.9.0 that leads t ...) NOT-FOR-US: Mida eFramework CVE-2020-15923 (Mida eFramework through 2.9.0 allows unauthenticated ../ directory tra ...) NOT-FOR-US: Mida eFramework CVE-2020-15922 (There is an OS Command Injection in Mida eFramework 2.9.0 that allows ...) NOT-FOR-US: Mida eFramework CVE-2020-15921 (Mida eFramework through 2.9.0 has a back door that permits a change of ...) NOT-FOR-US: Mida eFramework CVE-2020-15920 (There is an OS Command Injection in Mida eFramework through 2.9.0 that ...) NOT-FOR-US: Mida eFramework CVE-2020-15919 (A Reflected Cross Site Scripting (XSS) vulnerability was discovered in ...) NOT-FOR-US: Mida eFramework CVE-2020-15918 (Multiple Stored Cross Site Scripting (XSS) vulnerabilities were discov ...) NOT-FOR-US: Mida eFramework CVE-2020-15917 (common/session.c in Claws Mail before 3.17.6 has a protocol violation ...) - claws-mail 3.17.6-1 [buster] - claws-mail (Minor issue) [stretch] - claws-mail (low priority issue) NOTE: https://git.claws-mail.org/?p=claws.git;a=commit;h=fcc25329049b6f9bd8d890f1197ed61eb12e14d5 CVE-2020-15916 (goform/AdvSetLanip endpoint on Tenda AC15 AC1900 15.03.05.19 devices a ...) NOT-FOR-US: Tenda devices CVE-2020-15915 RESERVED CVE-2020-15914 (A cross-site scripting (XSS) vulnerability exists in the Origin Client ...) NOT-FOR-US: EA Origin Client CVE-2020-15913 RESERVED CVE-2020-15912 (** DISPUTED ** Tesla Model 3 vehicles allow attackers to open a door b ...) NOT-FOR-US: Tesla CVE-2020-15911 RESERVED CVE-2020-15910 (SolarWinds N-Central version 12.3 GA and lower does not set the JSESSI ...) NOT-FOR-US: SolarWinds CVE-2020-15909 (SolarWinds N-central through 2020.1 allows session hijacking and requi ...) NOT-FOR-US: SolarWinds CVE-2020-15908 (tar/TarFileReader.cpp in Cauldron cbang (aka C-Bang or C!) before 1.6. ...) NOT-FOR-US: Cauldron cbang CVE-2020-15907 (In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before ...) - mahara CVE-2020-15906 (tiki-login.php in Tiki before 21.2 sets the admin password to a blank ...) - tikiwiki CVE-2020-15905 RESERVED CVE-2020-15904 (A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allo ...) NOT-FOR-US: bsdiff4 (different from src:bsdiff) CVE-2020-15903 (An issue was found in Nagios XI before 5.7.3. There is a privilege esc ...) NOT-FOR-US: Nagios XI CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url o ...) NOT-FOR-US: Nagios XI CVE-2020-15901 (In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated ...) NOT-FOR-US: Nagios XI CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50 and 9. ...) - ghostscript 9.52.1~dfsg-1 [buster] - ghostscript (Vulnerable code introduced later) [stretch] - ghostscript (Vulnerable code introduced later) NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702582 NOTE: Introduced by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7ecbfda92b4c8dbf6f6c2bf8fc82020a29219eff (9.28rc1) NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5d499272b95a6b890a1397e11d20937de000d31b (9.53.0rc1) CVE-2020-15899 (Grin 3.0.0 before 4.0.0 has insufficient validation of data related to ...) NOT-FOR-US: Grin CVE-2020-15898 (In Arista EOS malformed packets can be incorrectly forwarded across VL ...) NOT-FOR-US: Arista CVE-2020-15897 (Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23. ...) NOT-FOR-US: Arista EOS CVE-2020-15896 (An authentication-bypass issue was discovered on D-Link DAP-1522 devic ...) NOT-FOR-US: D-Link CVE-2020-15895 (An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10 ...) NOT-FOR-US: D-Link CVE-2020-15894 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...) NOT-FOR-US: D-Link CVE-2020-15893 (An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04B ...) NOT-FOR-US: D-Link CVE-2020-15892 (An issue was discovered in apply.cgi on D-Link DAP-1520 devices before ...) NOT-FOR-US: D-Link CVE-2020-15891 RESERVED CVE-2020-15890 (LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc hand ...) {DLA-2296-1} - luajit (unimportant; bug #966148) NOTE: https://github.com/LuaJIT/LuaJIT/issues/601 NOTE: https://github.com/LuaJIT/LuaJIT/commit/53f82e6e2e858a0a62fd1a2ff47e9866693382e6 NOTE: No security impact, only "exploitable" with untrusted Lua code CVE-2020-15889 (Lua 5.4.0 has a getobjname heap-based buffer over-read because youngco ...) - lua5.4 5.4.0-2 NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00078.html NOTE: https://github.com/lua/lua/commit/127e7a6c8942b362aa3c6627f44d660a4fb75312 NOTE: Introduced in 5.4 CVE-2020-15888 (Lua through 5.4.0 mishandles the interaction between stack resizes and ...) - lua5.4 5.4.1-1 (bug #972101) NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00053.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00054.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00071.html NOTE: http://lua-users.org/lists/lua-l/2020-07/msg00079.html NOTE: https://github.com/lua/lua/commit/6298903e35217ab69c279056f925fb72900ce0b7 NOTE: https://github.com/lua/lua/commit/eb41999461b6f428186c55abd95f4ce1a76217d5 CVE-2020-15887 (A SQL injection vulnerability in softwareupdate_controller.php in the ...) NOT-FOR-US: MunkiReport CVE-2020-15886 (A SQL injection vulnerability in reportdata_controller.php in the repo ...) NOT-FOR-US: MunkiReport CVE-2020-15885 (A Cross-Site Scripting (XSS) vulnerability in the comment module befor ...) NOT-FOR-US: MunkiReport CVE-2020-15884 (A SQL injection vulnerability in TableQuery.php in MunkiReport before ...) NOT-FOR-US: MunkiReport CVE-2020-15883 (A Cross-Site Scripting (XSS) vulnerability in the managedinstalls modu ...) NOT-FOR-US: MunkiReport CVE-2020-15882 (A CSRF issue in manager/delete_machine/{id} in MunkiReport before 5.6. ...) NOT-FOR-US: MunkiReport CVE-2020-15881 (A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Mun ...) NOT-FOR-US: MunkiReport CVE-2020-15880 RESERVED CVE-2020-15879 (Bitwarden Server 1.35.1 allows SSRF because it does not consider certa ...) NOT-FOR-US: Bitwarden Server NOTE: bitwarden client is ITP'ed as #956836 CVE-2020-15878 RESERVED CVE-2020-15877 (An issue was discovered in LibreNMS before 1.65.1. It has insufficient ...) NOT-FOR-US: LibreNMS CVE-2020-15876 RESERVED CVE-2020-15875 RESERVED CVE-2020-15874 RESERVED CVE-2020-15873 (In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL I ...) NOT-FOR-US: LibreNMS CVE-2020-15872 RESERVED CVE-2020-15871 (Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15870 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15869 (Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15868 (Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect ...) NOT-FOR-US: Sonatype Nexus Repository Manager OSS/Pro CVE-2020-15867 (The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authentic ...) NOT-FOR-US: Go Git Service CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...) - mruby 2.1.2-1 (bug #972051) [buster] - mruby (Minor issue) [stretch] - mruby (Minor issue) NOTE: https://github.com/mruby/mruby/issues/5042 NOTE: https://github.com/mruby/mruby/commit/6334949ba69363cb909a57d6871895bd6d98bb6b (3.0.0-preview) NOTE: https://github.com/mruby/mruby/commit/63956036e116ef6a33a91e16348c4d1a09f6f72c (2.1.2-rc2) CVE-2020-15865 (A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Re ...) NOT-FOR-US: Stimulsoft CVE-2020-15864 (An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability ...) NOT-FOR-US: Quali CloudShell CVE-2020-15863 (hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2 ...) {DSA-4760-1 DLA-2288-1} - qemu 1:5.0-12 NOTE: https://www.openwall.com/lists/oss-security/2020/07/22/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=5519724a13664b43e225ca05351c60b4468e4555 CVE-2020-15861 (Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX ...) {DSA-4746-1 DLA-2313-1} - net-snmp 5.8+dfsg-5 (bug #966599) NOTE: https://github.com/net-snmp/net-snmp/issues/145 NOTE: https://github.com/net-snmp/net-snmp/commit/4fd9a450444a434a993bc72f7c3486ccce41f602 CVE-2020-15860 (Parallels Remote Application Server (RAS) 17.1.1 has a Business Logic ...) NOT-FOR-US: Parallels CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...) {DLA-2560-1} - qemu 1:5.2+dfsg-1 (bug #965978) [buster] - qemu (Minor issue, can be fixed along in next DSA) NOTE: Proposed patch: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html NOTE: https://bugs.launchpad.net/qemu/+bug/1886362 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=22dc8663d9fc7baa22100544c600b6285a63c7a3 CVE-2020-15858 (Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allo ...) NOT-FOR-US: Thales DIS CVE-2020-15857 RESERVED CVE-2020-15856 RESERVED CVE-2020-15855 RESERVED CVE-2020-15854 RESERVED CVE-2020-15853 RESERVED CVE-2020-XXXX [mpv insecure lua loadpath] - mpv 0.32.0-2 (bug #950816) [buster] - mpv (Minor issue) [stretch] - mpv (Minor issue) NOTE: https://github.com/mpv-player/mpv/commit/cce7062a8a6b6a3b3666aea3ff86db879cba67b6 CVE-2020-15851 (Lack of access control in Nakivo Backup & Replication Transporter ...) NOT-FOR-US: Nakivo Backup CVE-2020-15850 (Insecure permissions in Nakivo Backup & Replication Director versi ...) NOT-FOR-US: Nakivo Backup CVE-2020-15849 (Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in t ...) NOT-FOR-US: Re:Desk CVE-2020-15848 RESERVED CVE-2020-15847 RESERVED CVE-2020-15846 RESERVED CVE-2020-15845 RESERVED CVE-2020-15844 RESERVED CVE-2020-15843 (ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privil ...) NOT-FOR-US: ActFax CVE-2020-15842 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 90, 7 ...) NOT-FOR-US: Liferay CVE-2020-15841 (Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7 ...) NOT-FOR-US: Liferay CVE-2020-15840 (In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP ...) NOT-FOR-US: Liferay CVE-2020-15839 (Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 an ...) NOT-FOR-US: Liferay CVE-2020-15838 (The Agent Update System in ConnectWise Automate before 2020.8 allows P ...) NOT-FOR-US: ConnectWise Automate CVE-2020-15837 RESERVED CVE-2020-15836 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-15835 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-15834 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-15833 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-15832 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-15831 (JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in t ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15830 (JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15829 (In JetBrains TeamCity before 2019.2.3, password parameters could be di ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15828 (In JetBrains TeamCity before 2020.1.1, project parameter values can be ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15827 (In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signatu ...) NOT-FOR-US: JetBrains ToolBox CVE-2020-15826 (In JetBrains TeamCity before 2020.1, users are able to assign more per ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15825 (In JetBrains TeamCity before 2020.1, users with the Modify Group permi ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-15824 (In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not aff ...) - kotlin CVE-2020-15823 (JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Wor ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15822 (In JetBrains YouTrack before 2020.2.10514, SSRF is possible because UR ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15821 (In JetBrains YouTrack before 2020.2.6881, a user without permission is ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15820 (In JetBrains YouTrack before 2020.2.6881, the markdown parser could di ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15819 (JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that all ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15818 (In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15817 (In JetBrains YouTrack before 2020.1.1331, an external user could execu ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-15862 (Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP ...) {DSA-4746-1 DLA-2299-1} - net-snmp 5.8+dfsg-4 (bug #965166) NOTE: The commit https://github.com/net-snmp/net-snmp/commit/c2b96ee744392243782094432f657ded4e985a07 NOTE: disables NET-SNMP-EXTEND-MIB support by default. But it is still NOTE: possible to enable the MIB via --with-mib-modules configure option. NOTE: Upstream reverted the change and the solution is to make NET-SNMP-EXTEND-MIB NOTE: read-only, cf. https://bugs.debian.org/966544 NOTE: Disabling was reverted with: https://github.com/net-snmp/net-snmp/commit/4097a311e952d3b5c12610102bb4cc2fe72b56e5 NOTE: Makes extended mib read-only: NOTE: https://github.com/net-snmp/net-snmp/commit/77f6c60f57dba0aaea5d8ef1dd94bcd0c8e6d205 CVE-2020-15816 (In Western Digital WD Discovery before 4.0.251.0, a malicious applicat ...) NOT-FOR-US: Western Digital WD Discovery CVE-2020-15815 RESERVED CVE-2020-15814 RESERVED CVE-2020-15813 (Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers ...) - graylog2 (bug #652273) CVE-2020-15812 RESERVED CVE-2020-15811 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...) {DSA-4751-1 DLA-2394-1} - squid 4.13-1 (bug #968932) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_8.patch CVE-2020-24606 (Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...) {DSA-4751-1 DLA-2394-1} - squid 4.13-1 (bug #968933) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch CVE-2020-15810 (An issue was discovered in Squid before 4.13 and 5.x before 5.0.4. Due ...) {DSA-4751-1 DLA-2394-1} - squid 4.13-1 (bug #968934) - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_10.patch CVE-2020-15809 (spxmanage on certain SpinetiX devices allows requests that access unin ...) NOT-FOR-US: SpinetiX devices CVE-2020-15808 RESERVED CVE-2020-15807 (GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted ...) - libredwg (bug #595191) CVE-2020-15806 (CODESYS Control runtime system before 3.5.16.10 allows Uncontrolled Me ...) NOT-FOR-US: CODESYS CVE-2020-15805 RESERVED CVE-2020-15804 RESERVED CVE-2020-15803 (Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x bef ...) {DLA-2631-1 DLA-2311-1} - zabbix 1:5.0.2+dfsg-1 (bug #966146) [buster] - zabbix (Minor issue) NOTE: https://support.zabbix.com/browse/ZBX-18057 CVE-2020-15802 (Devices supporting Bluetooth before 5.1 may allow man-in-the-middle at ...) - linux [bullseye] - linux (Minor issue, revisit when/if fixed upstream) [buster] - linux (Minor issue, revisit when/if fixed upstream) NOTE: https://www.kb.cert.org/vuls/id/589825/ CVE-2020-15801 (In Python 3.8.4, sys.path restrictions specified in a python38._pth fi ...) - python3.9 (Windows-specific) - python3.8 (Windows-specific) - python3.7 (Windows-specific) - python3.5 (Windows-specific) - python2.7 (Windows-specific) CVE-2020-15852 (An issue was discovered in the Linux kernel 5.5 through 5.7.9, as used ...) - linux 5.7.10-1 [buster] - linux (Only affects 5.5 and later) [stretch] - linux (Only affects 5.5 and later) NOTE: https://www.openwall.com/lists/oss-security/2020/07/16/1 CVE-2020-15800 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2020-15799 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens CVE-2020-15798 (A vulnerability has been identified in SIMATIC HMI Comfort Panels (inc ...) NOT-FOR-US: Siemens CVE-2020-15797 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...) NOT-FOR-US: DCA Vantage Analyzer CVE-2020-15796 (A vulnerability has been identified in SIMATIC ET 200SP Open Controlle ...) NOT-FOR-US: Siemens CVE-2020-15795 (A vulnerability has been identified in Capital VSTAR (Versions includi ...) NOT-FOR-US: Nucleus (Siemens) CVE-2020-15794 (A vulnerability has been identified in Desigo Insight (All versions). ...) NOT-FOR-US: Desigo Insight CVE-2020-15793 (A vulnerability has been identified in Desigo Insight (All versions). ...) NOT-FOR-US: Desigo Insight CVE-2020-15792 (A vulnerability has been identified in Desigo Insight (All versions). ...) NOT-FOR-US: Desigo Insight CVE-2020-15791 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...) NOT-FOR-US: Siemens CVE-2020-15790 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) NOT-FOR-US: Siemens CVE-2020-15789 (A vulnerability has been identified in Polarion Subversion Webclient ( ...) NOT-FOR-US: Siemens CVE-2020-15788 (A vulnerability has been identified in Polarion Subversion Webclient ( ...) NOT-FOR-US: Siemens CVE-2020-15787 (A vulnerability has been identified in SIMATIC HMI Unified Comfort Pan ...) NOT-FOR-US: Siemens CVE-2020-15786 (A vulnerability has been identified in SIMATIC HMI Basic Panels 2nd Ge ...) NOT-FOR-US: Siemens CVE-2020-15785 (A vulnerability has been identified in Siveillance Video Client (All v ...) NOT-FOR-US: Siveillance Video Client CVE-2020-15784 (A vulnerability has been identified in Spectrum Power 4 (All versions ...) NOT-FOR-US: Spectrum Power 4 CVE-2020-15783 (A vulnerability has been identified in SIMATIC S7-300 CPU family (incl ...) NOT-FOR-US: Siemens CVE-2020-15782 (A vulnerability has been identified in SIMATIC Drive Controller family ...) NOT-FOR-US: Siemens CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...) NOT-FOR-US: SICAM CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...) NOT-FOR-US: Node socket.io-file CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...) - linux 5.7.10-1 [buster] - linux 4.19.146-1 [stretch] - linux (securelevel included but not supported) NOTE: https://www.openwall.com/lists/oss-security/2020/06/15/3 NOTE: Fixed by: https://git.kernel.org/linus/75b0cea7bf307f362057cc778efe89af4c615354 CVE-2020-15778 (** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection i ...) - openssh (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860487 NOTE: https://github.com/cpandya2909/CVE-2020-15778 NOTE: Negligible security impact, changing the scp protocol can have a good chance NOTE: of breaking existing workflows. CVE-2020-15777 (An issue was discovered in the Maven Extension plugin before 1.6 for G ...) NOT-FOR-US: Maven Extension plugin for Gradle Enterprise CVE-2020-15776 (An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CS ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15775 (An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. The /u ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15774 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. An att ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15773 (An issue was discovered in Gradle Enterprise before 2020.2.4. Because ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15772 (An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. When c ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15771 (An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterpr ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15770 (An issue was discovered in Gradle Enterprise 2018.5. An attacker can p ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15769 (An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15768 (An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gra ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15767 (An issue was discovered in Gradle Enterprise before 2020.2.5. The cook ...) NOT-FOR-US: Gradle Enterprise CVE-2020-15766 REJECTED CVE-2020-15765 REJECTED CVE-2020-15764 REJECTED CVE-2020-15763 REJECTED CVE-2020-15762 REJECTED CVE-2020-15761 REJECTED CVE-2020-15760 REJECTED CVE-2020-15759 REJECTED CVE-2020-15758 REJECTED CVE-2020-15757 REJECTED CVE-2020-15756 REJECTED CVE-2020-15755 REJECTED CVE-2020-15754 REJECTED CVE-2020-15753 REJECTED CVE-2020-15752 REJECTED CVE-2020-15751 REJECTED CVE-2020-15750 REJECTED CVE-2020-15749 REJECTED CVE-2020-15748 REJECTED CVE-2020-15747 REJECTED CVE-2020-15746 REJECTED CVE-2020-15745 REJECTED CVE-2020-15744 (Stack-based Buffer Overflow vulnerability in the ONVIF server componen ...) NOT-FOR-US: Victure PC420 devices CVE-2020-15743 REJECTED CVE-2020-15742 RESERVED CVE-2020-15741 REJECTED CVE-2020-15740 REJECTED CVE-2020-15739 RESERVED CVE-2020-15738 REJECTED CVE-2020-15737 REJECTED CVE-2020-15736 REJECTED CVE-2020-15735 RESERVED CVE-2020-15734 (An Origin Validation Error vulnerability in Bitdefender Safepay allows ...) NOT-FOR-US: Bitdefender CVE-2020-15733 (An Origin Validation Error vulnerability in the SafePay component of B ...) NOT-FOR-US: Bitdefender Antivirus Plus CVE-2020-15732 (Improper Certificate Validation vulnerability in the Online Threat Pre ...) NOT-FOR-US: Bitdefender CVE-2020-15731 (An improper Input Validation vulnerability in the code handling file r ...) NOT-FOR-US: Bitdefender CVE-2020-15730 RESERVED CVE-2020-15729 RESERVED CVE-2020-15728 REJECTED CVE-2020-15727 RESERVED CVE-2020-15726 RESERVED CVE-2020-15725 RESERVED CVE-2020-15724 (In the version 12.1.0.1005 and below of 360 Total Security, when the G ...) NOT-FOR-US: 360 Total Security CVE-2020-15723 (In the version 12.1.0.1004 and below of 360 Total Security, when the m ...) NOT-FOR-US: 360 Total Security CVE-2020-15722 (In version 12.1.0.1004 and below of 360 Total Security,when TPI calls ...) NOT-FOR-US: 360 Total Security CVE-2020-15721 (RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XS ...) NOT-FOR-US: RosarioSIS CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did n ...) - dogtag-pki 10.9.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855273 NOTE: https://github.com/dogtagpki/pki/commit/50c23ec146ee9abf28c9de87a5f7787d495f0b72 CVE-2020-15719 (libldap in certain third-party OpenLDAP packages has a certificate-val ...) - openldap (unimportant; bug #965184) NOTE: https://bugs.openldap.org/show_bug.cgi?id=9266 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1740070 NOTE: RedHat/CentOS applied patch: https://git.centos.org/rpms/openldap/raw/67459960064be9d226d57c5f82aaba0929876813/f/SOURCES/openldap-tlso-dont-check-cn-when-bad-san.patch NOTE: OpenLDAP upstream did dispute the issue as beeing valid, as the current libldap NOTE: behaviour does conform with RFC4513. RFC6125 does not superseed the rules for NOTE: verifying service identity provided in specifications for existing application NOTE: protocols published prior to RFC6125, like RFC4513 for LDAP. CVE-2020-15718 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) NOT-FOR-US: RosarioSIS CVE-2020-15717 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) NOT-FOR-US: RosarioSIS CVE-2020-15716 (RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation o ...) NOT-FOR-US: RosarioSIS CVE-2020-15715 (rConfig 3.9.5 could allow a remote authenticated attacker to execute a ...) NOT-FOR-US: rConfig CVE-2020-15714 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...) NOT-FOR-US: rConfig CVE-2020-15713 (rConfig 3.9.5 is vulnerable to SQL injection. A remote authenticated a ...) NOT-FOR-US: rConfig CVE-2020-15712 (rConfig 3.9.5 could allow a remote authenticated attacker to traverse ...) NOT-FOR-US: rConfig CVE-2020-15711 (In MISP before 2.4.129, setting a favourite homepage was not CSRF prot ...) NOT-FOR-US: MISP CVE-2020-15710 (Potential double free in Bluez 5 module of PulseAudio could allow a lo ...) - pulseaudio (Issue in Ubuntu-specific patch) NOTE: https://bugs.launchpad.net/ubuntu/%2Bsource/pulseaudio/%2Bbug/1884738 CVE-2020-15709 (Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20 ...) {DLA-2339-1} - software-properties (bug #968850) [bullseye] - software-properties (Minor issue) [buster] - software-properties (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/08/03/1 NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286 CVE-2020-15708 (Ubuntu's packaging of libvirt in 20.04 LTS created a control socket wi ...) - libvirt (Ubuntu specific issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866270#c2 NOTE: Debian used to use polkit in 1.2.9-rc1-1 and only later on NOTE: enabled as well libvirtd socket activation. Ubuntu OTOH continued NOTE: to ship the Allow-libvirt-group-to-access-the-socket.patch patch NOTE: which caused the CVE-2020-15708 issue. NOTE: Upstream improved documentation in with: NOTE: https://www.redhat.com/archives/libvir-list/2020-August/msg00360.html CVE-2020-15707 (Integer overflows were discovered in the functions grub_cmd_initrd and ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=e7b8856f8be3292afdb38d2e8c70ad8d62a61e10 CVE-2020-15706 (GRUB2 contains a race condition in grub_script_function_create() leadi ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=426f57383d647406ae9c628c472059c27cd6e040 CVE-2020-15705 (GRUB2 fails to validate kernel signature when booted directly without ...) - grub2 (Vulnerable code specific in Ubuntu) NOTE: Debian's grub_linuxefi_secure_validate has different interface than the one in NOTE: Ubuntu and returns the code from "shim not available" and "kernel signature NOTE: verification failed". The patch for CVE-2020-15705 is essentially about handling NOTE: those two cases in the same way when they were previously handled differently, NOTE: and so not a problem for src:grub2 in Debian. NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 CVE-2020-15704 (The modprobe child process in the ./debian/patches/load_ppp_generic_if ...) - ppp (Ubuntu-specific issue, load_ppp_generic_if_needed.patch not used in Debian) CVE-2020-15703 (There is no input validation on the Locale property in an apt transact ...) - aptdaemon NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1888235 CVE-2020-15702 (TOCTOU Race Condition vulnerability in apport allows a local attacker ...) NOT-FOR-US: Apport CVE-2020-15701 (An unhandled exception in check_ignored() in apport/report.py can be e ...) NOT-FOR-US: Apport CVE-2020-15700 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...) NOT-FOR-US: Joomla! CVE-2020-15699 (An issue was discovered in Joomla! through 3.9.19. Missing validation ...) NOT-FOR-US: Joomla! CVE-2020-15698 (An issue was discovered in Joomla! through 3.9.19. Inadequate filterin ...) NOT-FOR-US: Joomla! CVE-2020-15697 (An issue was discovered in Joomla! through 3.9.19. Internal read-only ...) NOT-FOR-US: Joomla! CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input filte ...) NOT-FOR-US: Joomla! CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...) NOT-FOR-US: Joomla! CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...) - nim 1.2.6-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2 CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...) - nim 1.2.6-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/2 CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...) - nim 1.2.6-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/1 CVE-2020-15691 RESERVED CVE-2020-15690 (In Nim before 1.2.6, the standard library asyncftpclient lacks a check ...) - nim 1.2.6-1 [buster] - nim (Minor issue) [stretch] - nim (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/02/04/3 CVE-2020-15689 (Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, ...) NOT-FOR-US: Appweb CVE-2020-15688 (The HTTP Digest Authentication in the GoAhead web server before 5.1.2 ...) NOT-FOR-US: Embedthis GoAhead CVE-2020-15687 (Missing access control restrictions in the Hypervisor component of the ...) NOT-FOR-US: ACRN Project CVE-2020-15686 RESERVED CVE-2020-15685 RESERVED {DSA-4842-1 DLA-2541-1} - thunderbird 1:78.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2021-05/#CVE-2020-15685 CVE-2020-15684 (Mozilla developers reported memory safety bugs present in Firefox 81. ...) - firefox 82.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15684 CVE-2020-15683 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4780-1 DSA-4778-1 DLA-2416-1 DLA-2411-1} - firefox 82.0-1 - firefox-esr 78.4.0esr-1 - thunderbird 1:78.4.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15683 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-46/#CVE-2020-15683 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-47/#CVE-2020-15683 CVE-2020-15682 (When a link to an external protocol was clicked, a prompt was presente ...) - firefox 82.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15682 CVE-2020-15681 (When multiple WASM threads had a reference to a module, and were looki ...) - firefox 82.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15681 CVE-2020-15680 (If a valid external protocol handler was referenced in an image tag, t ...) - firefox 82.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15680 CVE-2020-15679 RESERVED CVE-2020-15678 (When recursing through graphical layers while scrolling, an iterator m ...) {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 - thunderbird 1:78.3.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15678 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15678 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15678 CVE-2020-15677 (By exploiting an Open Redirect vulnerability on a website, an attacker ...) {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 - thunderbird 1:78.3.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15677 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15677 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15677 CVE-2020-15676 (Firefox sometimes ran the onload handler for SVG elements that the DOM ...) {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 - thunderbird 1:78.3.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15676 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15676 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15676 CVE-2020-15675 (When processing surfaces, the lifetime may outlive a persistent buffer ...) - firefox 81.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15675 CVE-2020-15674 (Mozilla developers reported memory safety bugs present in Firefox 80. ...) - firefox 81.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15674 CVE-2020-15673 (Mozilla developers reported memory safety bugs present in Firefox 80 a ...) {DSA-4770-1 DSA-4768-1 DLA-2408-1 DLA-2387-1} - firefox 81.0-1 - firefox-esr 78.3.0esr-1 - thunderbird 1:78.3.1-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-42/#CVE-2020-15673 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-43/#CVE-2020-15673 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-44/#CVE-2020-15673 CVE-2020-15672 RESERVED CVE-2020-15671 (When typing in a password under certain conditions, a race may have oc ...) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-39/#CVE-2020-15671 CVE-2020-15670 (Mozilla developers reported memory safety bugs present in Firefox for ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670 CVE-2020-15669 (When aborting an operation, such as a fetch, an abort signal may be de ...) {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1} - firefox-esr 68.12.0esr-1 - thunderbird 1:68.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15669 CVE-2020-15668 (A lock was missing when accessing a data structure and importing certi ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15668 CVE-2020-15667 (When processing a MAR update file, after the signature has been valida ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15667 CVE-2020-15666 (When trying to load a non-video in an audio/video context the exact st ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15666 CVE-2020-15665 (Firefox did not reset the address bar after the beforeunload dialog wa ...) - firefox 80.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665 CVE-2020-15664 (By holding a reference to the eval() function from an about:blank wind ...) {DSA-4754-1 DSA-4749-1 DLA-2360-1 DLA-2346-1} - firefox 80.0-1 - firefox-esr 68.12.0esr-1 - thunderbird 1:68.12.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15664 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15664 CVE-2020-15663 (If Firefox is installed to a user-writable directory, the Mozilla Main ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15663 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15663 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-40/#CVE-2020-15663 CVE-2020-15662 (A rogue webpage could override the injected WKUserScript used by the d ...) - firefox (Specific to Firefox for iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15662 CVE-2020-15661 (A rogue webpage could override the injected WKUserScript used by the l ...) - firefox (Specific to Firefox for iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15661 CVE-2020-15660 (Missing checks on Content-Type headers in geckodriver before 0.27.0 co ...) NOT-FOR-US: geckodriver CVE-2020-15659 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1} - firefox 79.0-1 - firefox-esr 68.11.0esr-1 - thunderbird 1:68.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15659 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15659 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15659 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15659 CVE-2020-15658 (The code for downloading files did not properly take care of special c ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15658 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15658 CVE-2020-15657 (Firefox could be made to load attacker-supplied DLL files from the ins ...) - firefox (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15657 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15657 CVE-2020-15656 (JIT optimizations involving the Javascript arguments object could conf ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15656 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15656 CVE-2020-15655 (A redirected HTTP request which is observed or modified through a web ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15655 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15655 CVE-2020-15654 (When in an endless loop, a website specifying a custom cursor using CS ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15654 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15654 CVE-2020-15653 (An iframe sandbox element with the allow-popups flag could be bypassed ...) - firefox 79.0-1 - thunderbird (Only affects Thunderbird 78.x) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15653 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15653 CVE-2020-15652 (By observing the stack trace for JavaScript errors in web workers, it ...) {DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1} - firefox 79.0-1 - firefox-esr 68.11.0esr-1 - thunderbird 1:68.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15652 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15652 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-15652 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-15652 CVE-2020-15651 (A unicode RTL order character in the downloaded file name can be used ...) - firefox (Specific to Firefox for iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-34/#CVE-2020-15651 CVE-2020-15650 (Given an installed malicious file picker application, an attacker was ...) - firefox-esr (Android specific) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15650 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15650 CVE-2020-15649 (Given an installed malicious file picker application, an attacker was ...) - firefox-esr (Android specific) - firefox (Android specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-15649 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-15649 CVE-2020-15648 (Using object or embed tags, it was possible to frame other websites, e ...) - firefox 78.0.2-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-28/#CVE-2020-15648 CVE-2020-15647 (A Content Provider in Firefox for Android allowed local files accessib ...) - firefox (Only affects Firefox for Android) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-27/#CVE-2020-15647 CVE-2020-15646 (If an attacker intercepts Thunderbird's initial attempt to perform aut ...) {DSA-4718-1} - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-15646 CVE-2020-15645 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15644 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15643 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15642 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15641 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15640 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15639 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Marvell QConvergeConsole CVE-2020-15638 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-15637 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-15636 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Netgear CVE-2020-15635 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-15634 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-15633 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-15632 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-15631 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: D-Link CVE-2020-15630 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit CVE-2020-15629 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-15628 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15627 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15626 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15625 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15624 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15623 (This vulnerability allows remote attackers to write arbitrary files on ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15622 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15621 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15620 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15619 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15618 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15617 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15616 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15615 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15614 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15613 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15612 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15611 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15610 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15609 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15608 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15607 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15606 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15605 (If LDAP authentication is enabled, an LDAP authentication bypass vulne ...) NOT-FOR-US: Trend Micro CVE-2020-15604 (An incomplete SSL server certification validation vulnerability in the ...) NOT-FOR-US: Trend Micro CVE-2020-15603 (An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v1 ...) NOT-FOR-US: Trend Micro CVE-2020-15602 (An untrusted search path remote code execution (RCE) vulnerability in ...) NOT-FOR-US: Trend Micro CVE-2020-15601 (If LDAP authentication is enabled, an LDAP authentication bypass vulne ...) NOT-FOR-US: Trend Micro CVE-2020-15600 (An issue was discovered in CMSUno before 1.6.1. uno.php allows CSRF to ...) NOT-FOR-US: CMSUno CVE-2020-15599 (Victor CMS through 2019-02-28 allows XSS via the register.php user_fir ...) NOT-FOR-US: Victor CMS CVE-2020-15598 (** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial o ...) {DSA-4765-1} - modsecurity 3.0.4-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879588 NOTE: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-regular-expressions-and-disputed-cve-2020-15598/ NOTE: https://coreruleset.org/20200914/cve-2020-15598/ NOTE: https://github.com/SpiderLabs/ModSecurity/pull/2348 CVE-2020-15597 (SOPlanning 1.46.01 allows persistent XSS via the Project Name, Statute ...) NOT-FOR-US: SOPlanning CVE-2020-15596 (The ALPS ALPINE touchpad driver before 8.2206.1717.634, as used on var ...) NOT-FOR-US: ALPS ALPINE touchpad driver for Windows CVE-2020-XXXX [veyon-configurator tmp handling] - veyon 4.4.1+repack1-1 (bug #964568) [buster] - veyon (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/07/07/1 CVE-2020-15595 (An issue was discovered in Zoho Application Control Plus before versio ...) NOT-FOR-US: Zoho Application Control Plus CVE-2020-15594 (An SSRF issue was discovered in Zoho Application Control Plus before v ...) NOT-FOR-US: Zoho Application Control Plus CVE-2020-15593 (SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It u ...) NOT-FOR-US: SteelCentral Aternity Agent CVE-2020-15592 (SteelCentral Aternity Agent before 11.0.0.120 on Windows allows Privil ...) NOT-FOR-US: SteelCentral Aternity Agent CVE-2020-15591 RESERVED CVE-2020-15590 (A vulnerability in the Private Internet Access (PIA) VPN Client for Li ...) NOT-FOR-US: Private Internet Access client for Linux CVE-2020-15589 (A design issue was discovered in GetInternetRequestHandle, InternetSen ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-15588 (An issue was discovered in the client side of Zoho ManageEngine Deskto ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-15587 RESERVED CVE-2020-15586 (Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net ...) {DSA-4848-1 DLA-2460-1 DLA-2459-1} - golang-1.15 1.15~rc1-1 - golang-1.14 1.14.6-1 - golang-1.11 - golang-1.8 - golang-1.7 - golang NOTE: https://github.com/golang/go/issues/34902 NOTE: https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ CVE-2020-15585 RESERVED CVE-2020-15584 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15583 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15582 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15581 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15580 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15579 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15578 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15577 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-15576 (SolarWinds Serv-U File Server before 15.2.1 allows information disclos ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2020-15575 (SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2020-15574 (SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site c ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulner ...) NOT-FOR-US: SolarWinds Serv-U File Server CVE-2020-15572 (Tor before 0.4.3.6 has an out-of-bounds memory access that allows a re ...) - tor 0.4.3.6-1 (unimportant) NOTE: Tor in Debian doesn't use NSS NOTE: https://blog.torproject.org/new-release-tor-03511-0428-0436-security-fixes CVE-2020-15571 RESERVED CVE-2020-15570 (The parse_report() function in whoopsie.c in Whoopsie through 0.2.69 m ...) NOT-FOR-US: Whoopsie CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-after-free ...) {DLA-2292-1} - milkytracker 1.02.00+dfsg-2.1 (bug #964797) [buster] - milkytracker 1.02.00+dfsg-1+deb10u1 NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf CVE-2020-15568 (TerraMaster TOS before 4.1.29 has Invalid Parameter Checking that lead ...) NOT-FOR-US: TerraMaster TOS CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel guest OS ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-328.html CVE-2020-15566 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-317.html CVE-2020-15565 (An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-321.html CVE-2020-15564 (An issue was discovered in Xen through 4.13.x, allowing Arm guest OS u ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-327.html CVE-2020-15563 (An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest ...) {DSA-4723-1} - xen 4.11.4+24-gddaaccbbab-1 [stretch] - xen (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-319.html CVE-2020-15561 RESERVED CVE-2020-15560 RESERVED CVE-2020-15559 RESERVED CVE-2020-15558 RESERVED CVE-2020-15557 RESERVED CVE-2020-15556 RESERVED CVE-2020-15555 RESERVED CVE-2020-15554 RESERVED CVE-2020-15553 RESERVED CVE-2020-15552 RESERVED CVE-2020-15551 RESERVED CVE-2020-15550 RESERVED CVE-2020-15549 RESERVED CVE-2020-15548 RESERVED CVE-2020-15547 RESERVED CVE-2020-15546 RESERVED CVE-2020-15545 RESERVED CVE-2020-15544 RESERVED CVE-2020-15543 (SolarWinds Serv-U FTP server before 15.2.1 does not validate an argume ...) NOT-FOR-US: SolarWinds Serv-U FTP server CVE-2020-15542 (SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD comman ...) NOT-FOR-US: SolarWinds Serv-U FTP server CVE-2020-15541 (SolarWinds Serv-U FTP server before 15.2.1 allows remote command execu ...) NOT-FOR-US: SolarWinds Serv-U FTP server CVE-2020-15562 (An issue was discovered in Roundcube Webmail before 1.2.11, 1.3.x befo ...) {DSA-4720-1} - roundcube 1.4.7+dfsg.1-1 (bug #964355) [stretch] - roundcube 1.2.3+dfsg.1-4+deb9u6 NOTE: 1.4.x https://github.com/roundcube/roundcubemail/commit/3e8832d029b035e3fcfb4c75839567a9580b4f82 NOTE: 1.3.x https://github.com/roundcube/roundcubemail/commit/19502419757a976dbd55ce5a746610c5bab7896b NOTE: 1.2.x https://github.com/roundcube/roundcubemail/commit/f3d1566cf223eb04f47b6dfffcd88753f66c36ee CVE-2020-15540 (We-com OpenData CMS 2.0 allows SQL Injection via the username field on ...) NOT-FOR-US: We-com OpenData CMS CVE-2020-15539 (SQL injection can occur in We-com Municipality portal CMS 2.1.x via th ...) NOT-FOR-US: We-com Municipality portal CMS CVE-2020-15538 (XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ s ...) NOT-FOR-US: We-com Municipality portal CMS CVE-2020-15537 (An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS ...) NOT-FOR-US: Vanguard plugin for WordPress CVE-2020-15536 (An issue was discovered in the bestsoftinc Hotel Booking System Pro pl ...) NOT-FOR-US: bestsoftinc Hotel Booking System Pro plugin for WordPress CVE-2020-15535 (An issue was discovered in the bestsoftinc Car Rental System plugin th ...) NOT-FOR-US: bestsoftinc Car Rental System plugin for WordPress CVE-2020-15534 RESERVED CVE-2020-15533 (In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 1468 ...) NOT-FOR-US: Zoho ManageEngine Application Manager CVE-2020-15532 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...) NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK CVE-2020-15531 (Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overf ...) NOT-FOR-US: Silicon Labs Bluetooth Low Energy SDK CVE-2020-15530 (An issue was discovered in Valve Steam Client 2.10.91.91. The installe ...) - steam (Steam on Windows) CVE-2020-15529 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...) NOT-FOR-US: GOG Galaxy client CVE-2020-15528 (An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation ...) NOT-FOR-US: GOG Galaxy client CVE-2020-15527 RESERVED CVE-2020-15526 (In Redgate SQL Monitor 7.1.4 through 10.1.6 (inclusive), the scope for ...) NOT-FOR-US: Redgate SQL Monitor CVE-2020-15525 (GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of ...) - gitlab (Specific to EE) CVE-2020-15524 RESERVED CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, ...) - python3.8 (Python on Windows) - python2.7 (Python on Windows) CVE-2020-15522 (Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA bef ...) - bouncycastle 1.68-1 [buster] - bouncycastle (Minor issue) [stretch] - bouncycastle (Minor issue) NOTE: https://github.com/bcgit/bc-java/wiki/CVE-2020-15522 CVE-2020-15521 (Zoho ManageEngine Applications Manager before 14 build 14730 has no pr ...) NOT-FOR-US: Zoho CVE-2020-15520 RESERVED CVE-2020-15519 RESERVED CVE-2020-15518 (VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup &a ...) NOT-FOR-US: Veeam CVE-2020-15517 (The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x th ...) NOT-FOR-US: Typo3 extension CVE-2020-15516 (The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be ...) NOT-FOR-US: Typo3 extension CVE-2020-15515 (The turn extension through 0.3.2 for TYPO3 allows Remote Code Executio ...) NOT-FOR-US: Typo3 extension CVE-2020-15514 (The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYP ...) NOT-FOR-US: Typo3 extension CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access ...) NOT-FOR-US: Typo3 extension CVE-2020-15512 RESERVED CVE-2020-15511 (HashiCorp Terraform Enterprise up to v202006-1 contained a default sig ...) NOT-FOR-US: HashiCorp Terraform Enterprise CVE-2020-15510 RESERVED CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library ...) NOT-FOR-US: Nordic Semiconductor CVE-2020-15508 RESERVED CVE-2020-15507 (An arbitrary file reading vulnerability in MobileIron Core versions 10 ...) NOT-FOR-US: MobileIron Core and Connector CVE-2020-15506 (An authentication bypass vulnerability in MobileIron Core & Connec ...) NOT-FOR-US: MobileIron Core and Connector CVE-2020-15505 (A remote code execution vulnerability in MobileIron Core & Connect ...) NOT-FOR-US: MobileIron Core and Connector CVE-2020-15504 (A SQL injection vulnerability in the user and admin web interfaces of ...) NOT-FOR-US: Sophos CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affect ...) [experimental] - libraw 0.20.0-1 - libraw 0.20.0-4 (bug #964747) [buster] - libraw (Minor issue) [stretch] - libraw (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853477 NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android, ...) NOT-FOR-US: DuckDuckGo application for Android and iOS CVE-2020-15501 (** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before 2nd genera ...) NOT-FOR-US: Smarter Coffee Maker CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...) NOT-FOR-US: TileServer GL CVE-2020-15499 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...) NOT-FOR-US: ASUS RT-AC1900P routers CVE-2020-15498 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...) NOT-FOR-US: ASUS RT-AC1900P routers CVE-2020-15497 (** DISPUTED ** jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build ...) NOT-FOR-US: Jalios JCMS CVE-2020-15496 (Acronis True Image for Mac before 2021 Update 4 allowed local privileg ...) NOT-FOR-US: Acronis CVE-2020-15495 (Acronis True Image 2019 update 1 through 2020 on macOS allows local pr ...) NOT-FOR-US: Acronis CVE-2020-15494 RESERVED CVE-2020-15493 RESERVED CVE-2020-15492 (An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 ...) NOT-FOR-US: INNEO CVE-2020-15491 RESERVED CVE-2020-15490 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) NOT-FOR-US: Wavlink WL-WN530HG4 CVE-2020-15489 (An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 dev ...) NOT-FOR-US: Wavlink WL-WN530HG4 CVE-2020-15488 (Re:Desk 2.3 allows insecure file upload. ...) NOT-FOR-US: Re:Desk CVE-2020-15487 (Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerabili ...) NOT-FOR-US: Re:Desk CVE-2020-15486 (An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because t ...) NOT-FOR-US: Dr Trust ECG Pen 2.00.08 devices CVE-2020-15485 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15484 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15483 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15482 (An issue was discovered on Nescomed Multipara Monitor M1000 devices. T ...) NOT-FOR-US: Nescomed Multipara Monitor M1000 devices CVE-2020-15481 (An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSFore ...) NOT-FOR-US: PassMark CVE-2020-15480 (An issue was discovered in PassMark BurnInTest through 9.1, OSForensic ...) NOT-FOR-US: PassMark CVE-2020-15479 (An issue was discovered in PassMark BurnInTest through 9.1, OSForensic ...) NOT-FOR-US: PassMark CVE-2020-15478 (The Journal theme before 3.1.0 for OpenCart allows exposure of sensiti ...) NOT-FOR-US: Journal theme for OpenCart CVE-2020-15477 (The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable t ...) NOT-FOR-US: RaspberryTortoise CVE-2020-15476 (In nDPI through 3.2, the Oracle protocol dissector has a heap-based bu ...) {DLA-2354-1} - ndpi 3.4-1 (bug #972050) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=21780 NOTE: https://github.com/ntop/nDPI/commit/b69177be2fbe01c2442239a61832c44e40136c05 (3.4) CVE-2020-15475 (In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c om ...) - ndpi 3.4-1 (bug #972050) [stretch] - ndpi (Vulnerable code not present, content_disposition_line introduced later) NOTE: https://github.com/ntop/nDPI/commit/6a9f5e4f7c3fd5ddab3e6727b071904d76773952 (3.4) CVE-2020-15474 (In nDPI through 3.2, there is a stack overflow in extractRDNSequence i ...) - ndpi 3.4-1 (bug #972050) [buster] - ndpi (Vulnerable code not present) [stretch] - ndpi (Vulnerable code not present) NOTE: https://github.com/ntop/nDPI/commit/23594f036536468072198a57c59b6e9d63caf6ce (3.4) CVE-2020-15473 (In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-bas ...) - ndpi 3.4-1 (bug #972050) [stretch] - ndpi (Vulnerable code introduced later) NOTE: https://github.com/ntop/nDPI/commit/8e7b1ea7a136cc4e4aa9880072ec2d69900a825e (3.4) CVE-2020-15472 (In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based ...) - ndpi 3.4-1 (bug #972050) [stretch] - ndpi (Vulnerable code introduced later) NOTE: https://github.com/ntop/nDPI/commit/b7e666e465f138ae48ab81976726e67deed12701 (3.4) CVE-2020-15471 (In nDPI through 3.2, the packet parsing code is vulnerable to a heap-b ...) - ndpi 3.4-1 (bug #972050) [buster] - ndpi (Vulnerable code not present) [stretch] - ndpi (Vulnerable code not present) NOTE: https://github.com/ntop/nDPI/commit/61066fb106efa6d3d95b67e47b662de208b2b622 (3.4) CVE-2020-15470 (ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_dec ...) NOT-FOR-US: ffjpeg CVE-2020-15469 (In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback m ...) {DLA-2560-1} - qemu 1:6.0+dfsg-3 (low; bug #970253) [bullseye] - qemu (Minor issue, too intrusive to backport) [buster] - qemu (Minor issue, too intrusive to backport) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg09961.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg00674.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=520f26fc6d17b71a43eaf620e834b3bdf316f3d3 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=4f2a5202a05fc1612954804a2482f07bff105ea2 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=24202d2b561c3b4c48bd28383c8c34b4ac66c2bf NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=f867cebaedbc9c43189f102e4cdfdff05e88df7f NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b5bf601f364e1a14ca4c3276f88dfec024acf613 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=921604e175b8ec06c39503310e7b3ec1e3eafe9e NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=2c9fb3b784000c1df32231e1c2464bb2e3fc4620 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=735754aaa15a6ed46db51fd731e88331c446ea54 CVE-2020-15468 (Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit ...) NOT-FOR-US: Persian VIP Download Script CVE-2020-15467 (The administrative interface of Cohesive Networks vns3:vpn appliances ...) NOT-FOR-US: Cohesive Networks vns3:vpn appliances CVE-2020-15466 (In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infin ...) {DLA-2547-1} - wireshark 3.2.5-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16029 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=11f40896b696e4e8c7f8b2ad96028404a83a51a4 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-09.html CVE-2020-15465 REJECTED CVE-2020-15464 REJECTED CVE-2020-15463 REJECTED CVE-2020-15462 REJECTED CVE-2020-15461 REJECTED CVE-2020-15460 REJECTED CVE-2020-15459 REJECTED CVE-2020-15458 REJECTED CVE-2020-15457 REJECTED CVE-2020-15456 REJECTED CVE-2020-15455 REJECTED CVE-2020-15454 REJECTED CVE-2020-15453 REJECTED CVE-2020-15452 REJECTED CVE-2020-15451 REJECTED CVE-2020-15450 REJECTED CVE-2020-15449 REJECTED CVE-2020-15448 REJECTED CVE-2020-15447 REJECTED CVE-2020-15446 REJECTED CVE-2020-15445 REJECTED CVE-2020-15444 REJECTED CVE-2020-15443 REJECTED CVE-2020-15442 REJECTED CVE-2020-15441 REJECTED CVE-2020-15440 REJECTED CVE-2020-15439 REJECTED CVE-2020-15438 REJECTED CVE-2020-15437 (The Linux kernel before version 5.8 is vulnerable to a NULL pointer de ...) - linux 5.7.17-1 [buster] - linux 4.19.146-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/f4c23a140d80ef5e6d3d1f8f57007649014b60fa CVE-2020-15436 (Use-after-free vulnerability in fs/block_dev.c in the Linux kernel bef ...) - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/2d3a8e2deddea6c89961c422ec0c5b851e648c14 CVE-2020-15435 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15434 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15433 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15432 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15431 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15430 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15429 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15428 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15427 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15426 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15425 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15424 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15423 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15422 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15421 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15420 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15419 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Veeam CVE-2020-15418 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Veeam CVE-2020-15417 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-15416 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2020-15415 (On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, c ...) NOT-FOR-US: DrayTek CVE-2020-15414 RESERVED CVE-2020-15413 RESERVED CVE-2020-15412 (An issue was discovered in MISP 2.4.128. app/Controller/EventsControll ...) NOT-FOR-US: MISP CVE-2020-15411 (An issue was discovered in MISP 2.4.128. app/Controller/AttributesCont ...) NOT-FOR-US: MISP CVE-2020-15410 RESERVED CVE-2020-15409 RESERVED CVE-2020-15408 (An issue was discovered in Pulse Secure Pulse Connect Secure before 9. ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-15407 RESERVED CVE-2020-15406 RESERVED CVE-2020-15405 RESERVED CVE-2020-15404 RESERVED CVE-2020-15403 RESERVED CVE-2020-15402 RESERVED CVE-2020-15401 (IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privile ...) NOT-FOR-US: IOBit Malware Fighter Pro CVE-2020-15400 (CakePHP before 4.0.6 mishandles CSRF token generation. This might be r ...) - cakephp (bug #985673) [bullseye] - cakephp (Minor issue) [buster] - cakephp (Minor issue) [stretch] - cakephp (Minor issue) CVE-2020-15399 RESERVED CVE-2020-15398 RESERVED CVE-2020-15397 (HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execut ...) - hylafax (/var/spool/hylafax/bin and /var/spool/hylafax/etc are root-owned in Debian) NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/ CVE-2020-15396 (In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility ...) - hylafax 3:6.0.7-3.1 (bug #964198) [buster] - hylafax (Minor issue) [stretch] - hylafax (Minor issue) NOTE: https://sourceforge.net/p/hylafax/HylaFAX+/2534/ CVE-2020-15395 (In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack-based b ...) {DLA-2603-1} - libmediainfo 20.09+dfsg-1 (low; bug #967073) [buster] - libmediainfo (Minor issue) [jessie] - libmediainfo (Minor issue) NOTE: https://sourceforge.net/p/mediainfo/bugs/1127/ NOTE: https://github.com/MediaArea/MediaInfoLib/commit/5b998282f47f080592d298a25c642f13a895c4dc CVE-2020-15394 (The REST API in Zoho ManageEngine Applications Manager before build 14 ...) NOT-FOR-US: Zoho CVE-2020-15393 (In the Linux kernel 4.4 through 5.7.6, usbtest_disconnect in drivers/u ...) {DLA-2420-1 DLA-2323-1} - linux 5.7.10-1 [buster] - linux 4.19.131-1 NOTE: https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki Supravizio BP ...) NOT-FOR-US: Venki CVE-2020-15391 (The UI in DevSpace 4.13.0 allows web sites to execute actions on pods ...) NOT-FOR-US: DevSpace CVE-2020-15390 (pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration ...) NOT-FOR-US: Pega Platform CVE-2020-15389 (jp2/opj_decompress.c in OpenJPEG through 2.3.1 has a use-after-free th ...) {DSA-4882-1 DLA-2277-1} - openjpeg2 2.4.0-1 (bug #965220) NOTE: https://github.com/uclouvain/openjpeg/issues/1261 NOTE: https://github.com/uclouvain/openjpeg/commit/e8e258ab049240c2dd1f1051b4e773b21e2d3dc0 (v2.4.0) CVE-2020-15388 RESERVED CVE-2020-15387 (The host SSH servers of Brocade Fabric OS before Brocade Fabric OS v7. ...) NOT-FOR-US: Brocade CVE-2020-15386 (Brocade Fabric OS prior to v9.0.1a and 8.2.3a and after v9.0.0 and 8.2 ...) NOT-FOR-US: Brocade CVE-2020-15385 (Brocade SANnav before version 2.1.1 allows an authenticated attacker t ...) NOT-FOR-US: Brocade CVE-2020-15384 (Brocade SANNav before version 2.1.1 contains an information disclosure ...) NOT-FOR-US: Brocade CVE-2020-15383 (Running security scans against the SAN switch can cause config and sec ...) NOT-FOR-US: Brocade CVE-2020-15382 (Brocade SANnav before version 2.1.1 uses a hard-coded administrator ac ...) NOT-FOR-US: Brocade CVE-2020-15381 (Brocade SANnav before version 2.1.1 contains an Improper Authenticatio ...) NOT-FOR-US: Brocade CVE-2020-15380 (Brocade SANnav before version 2.1.1 logs account credentials at the &# ...) NOT-FOR-US: Brocade CVE-2020-15379 (Brocade SANnav before v.2.1.0a could allow remote attackers cause a de ...) NOT-FOR-US: Brocade CVE-2020-15378 (The OVA version of Brocade SANnav before version 2.1.1 installation wi ...) NOT-FOR-US: Brocade CVE-2020-15377 (Webtools in Brocade SANnav before version 2.1.1 allows unauthenticated ...) NOT-FOR-US: Brocade CVE-2020-15376 (Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, con ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15375 (Brocade Fabric OS versions before v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15374 (Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versio ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15373 (Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15372 (A vulnerability in the command-line interface in Brocade Fabric OS bef ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15371 (Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15370 (Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allo ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15369 (Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, ...) NOT-FOR-US: Brocade Fabric OS CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...) NOT-FOR-US: ASRock RGB Driver CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authenticatio ...) NOT-FOR-US: Venki CVE-2020-15366 (An issue was discovered in ajv.validate() in Ajv (aka Another JSON Sch ...) - node-ajv 6.12.4-1 [buster] - node-ajv (Minor issue) NOTE: https://github.com/ajv-validator/ajv/releases/tag/v6.12.3 CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...) - libraw (Vulnerable code introduced in 0.20-Beta1) NOTE: https://github.com/LibRaw/LibRaw/issues/301 NOTE: https://github.com/LibRaw/LibRaw/commit/55f0a0c08974b8b79ebfa7762b555a1704b25fb2 CVE-2020-15364 (The Nexos theme through 1.7 for WordPress allows top-map/?search_locat ...) NOT-FOR-US: Wordpress theme CVE-2020-15363 (The Nexos theme through 1.7 for WordPress allows side-map/?search_orde ...) NOT-FOR-US: Wordpress theme CVE-2020-15362 (wifiscanner.js in thingsSDK WiFi Scanner 1.0.1 allows Code Injection b ...) NOT-FOR-US: thingsSDK WiFi Scanner CVE-2020-15361 RESERVED CVE-2020-15360 (com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalatio ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-15359 RESERVED CVE-2020-15357 (Network Analysis functionality in Askey AP5100W_Dual_SIG_1.01.097 and ...) NOT-FOR-US: Askey CVE-2020-15358 (In SQLite before 3.32.3, select.c mishandles query-flattener optimizat ...) - sqlite3 3.32.3-1 [buster] - sqlite3 3.27.2-3+deb10u1 [stretch] - sqlite3 (Vulnerable code introduced in 3.25.0) [jessie] - sqlite3 (Vulnerable code introduced in 3.25.0) NOTE: https://www.sqlite.org/src/info/10fa79d00f8091e5 NOTE: https://www.sqlite.org/src/tktview?name=8f157e8010 CVE-2020-15356 REJECTED CVE-2020-15355 REJECTED CVE-2020-15354 REJECTED CVE-2020-15353 RESERVED CVE-2020-15352 (An XML external entity (XXE) vulnerability in Pulse Connect Secure (PC ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...) NOT-FOR-US: IDrive CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...) NOT-FOR-US: RIOT RIOT-OS CVE-2020-15349 (BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation ...) NOT-FOR-US: BinaryNights ForkLift CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManag ...) NOT-FOR-US: Zyxel CVE-2020-15347 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b pa ...) NOT-FOR-US: Zyxel CVE-2020-15346 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API wit ...) NOT-FOR-US: Zyxel CVE-2020-15345 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...) NOT-FOR-US: Zyxel CVE-2020-15344 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_g ...) NOT-FOR-US: Zyxel CVE-2020-15343 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...) NOT-FOR-US: Zyxel CVE-2020-15342 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_i ...) NOT-FOR-US: Zyxel CVE-2020-15341 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated upda ...) NOT-FOR-US: Zyxel CVE-2020-15340 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/A ...) NOT-FOR-US: Zyxel CVE-2020-15339 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCa ...) NOT-FOR-US: Zyxel CVE-2020-15338 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...) NOT-FOR-US: Zyxel CVE-2020-15337 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request M ...) NOT-FOR-US: Zyxel CVE-2020-15336 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...) NOT-FOR-US: Zyxel CVE-2020-15335 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for / ...) NOT-FOR-US: Zyxel CVE-2020-15334 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence inje ...) NOT-FOR-US: Zyxel CVE-2020-15333 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discove ...) NOT-FOR-US: Zyxel CVE-2020-15332 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/def ...) NOT-FOR-US: Zyxel CVE-2020-15331 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRE ...) NOT-FOR-US: Zyxel CVE-2020-15330 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded APP_KEY in ...) NOT-FOR-US: Zyxel CVE-2020-15329 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permission ...) NOT-FOR-US: Zyxel CVE-2020-15328 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blo ...) NOT-FOR-US: Zyxel CVE-2020-15327 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without a ...) NOT-FOR-US: Zyxel CVE-2020-15326 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded certificate ...) NOT-FOR-US: Zyxel CVE-2020-15325 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded Erlang cook ...) NOT-FOR-US: Zyxel CVE-2020-15324 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/ ...) NOT-FOR-US: Zyxel CVE-2020-15323 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the cloud1234 password ...) NOT-FOR-US: Zyxel CVE-2020-15322 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the wbboEZ4BN3ssxAfM ha ...) NOT-FOR-US: Zyxel CVE-2020-15321 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axzyxel password fo ...) NOT-FOR-US: Zyxel CVE-2020-15320 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for ...) NOT-FOR-US: Zyxel CVE-2020-15319 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15318 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15317 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15316 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...) NOT-FOR-US: Zyxel CVE-2020-15315 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15314 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15313 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH k ...) NOT-FOR-US: Zyxel CVE-2020-15312 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key ...) NOT-FOR-US: Zyxel CVE-2020-15311 REJECTED CVE-2020-15310 RESERVED CVE-2020-15309 (An issue was discovered in wolfSSL before 4.5.0, when single precision ...) - wolfssl 4.5.0+dfsg-1 (bug #969663) NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v4.5.0-stable CVE-2020-15308 (Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-a ...) NOT-FOR-US: Support Incident Tracker CVE-2020-15307 (Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS ( ...) NOT-FOR-US: Nozomi Guardian CVE-2020-15306 (An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount a ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.2-1 - openexr 2.5.3-2 [jessie] - openexr (getChunkOffsetTableSize introduced in v2) NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/738 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6a9f8af6e89547bcd370ae3cec2b12849eee0b54 CVE-2020-15305 (An issue was discovered in OpenEXR before 2.5.2. Invalid input could c ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.2-1 - openexr 2.5.3-2 [jessie] - openexr (ImfDeepScanLineInputFile.cpp introduced in v2) NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/730 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3d03979dc101612e806cdf0b011475d9fa685a73 CVE-2020-15304 (An issue was discovered in OpenEXR before 2.5.2. An invalid tiled inpu ...) [experimental] - openexr 2.5.2-1 - openexr 2.5.3-2 [buster] - openexr (Vulnerable code not present) [stretch] - openexr (Vulnerable code not present) [jessie] - openexr (Vulnerable code not present) NOTE: https://github.com/AcademySoftwareFoundation/openexr/pull/727 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/36e05c14c612a89c43d4e0b013669ecd7f8e3440 (v3.0.4) NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/e79d2296496a50826a15c667bf92bdc5a05518b4 (v2.4.1) CVE-2020-15303 (Infoblox NIOS before 8.5.2 allows entity expansion during an XML uploa ...) NOT-FOR-US: Infoblox NIOS CVE-2020-15302 (In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A0397 ...) NOT-FOR-US: Argent RecoveryManager CVE-2020-15301 (SuiteCRM through 7.11.13 allows CSV Injection via registration fields ...) NOT-FOR-US: SuiteCRM CVE-2020-15300 (SuiteCRM through 7.11.13 has an Open Redirect in the Documents module ...) NOT-FOR-US: SuiteCRM CVE-2020-15299 (A reflected Cross-Site Scripting (XSS) Vulnerability in the KingCompos ...) NOT-FOR-US: KingComposer plugin for WordPress CVE-2020-15298 REJECTED CVE-2020-15297 (Insufficient validation in the Bitdefender Update Server and BEST Rela ...) NOT-FOR-US: Bitdefender CVE-2020-15296 REJECTED CVE-2020-15295 REJECTED CVE-2020-15294 (Compiler Optimization Removal or Modification of Security-critical Cod ...) NOT-FOR-US: Bitdefender CVE-2020-15293 (Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, Int ...) NOT-FOR-US: Bitdefender CVE-2020-15292 (Lack of validation on data read from guest memory in IntPeGetDirectory ...) NOT-FOR-US: Bitdefender CVE-2020-15291 REJECTED CVE-2020-15290 REJECTED CVE-2020-15289 REJECTED CVE-2020-15288 REJECTED CVE-2020-15287 REJECTED CVE-2020-15286 REJECTED CVE-2020-15285 REJECTED CVE-2020-15284 RESERVED CVE-2020-15283 RESERVED CVE-2020-15282 REJECTED CVE-2020-15281 REJECTED CVE-2020-15280 RESERVED CVE-2020-15279 (An Improper Access Control vulnerability in the logging component of B ...) NOT-FOR-US: Bitdefender CVE-2020-15278 (Red Discord Bot before version 3.4.1 has an unauthorized privilege esc ...) NOT-FOR-US: Red Discord Bot CVE-2020-15277 (baserCMS before version 4.4.1 is affected by Remote Code Execution (RC ...) NOT-FOR-US: baserCMS CVE-2020-15276 (baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. A ...) NOT-FOR-US: baserCMS CVE-2020-15275 (MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attac ...) {DSA-4787-1 DLA-2446-1} - moin NOTE: https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43 NOTE: https://github.com/moinwiki/moin-1.9/commit/64e16037a60646a4d834f0203c75481b9c3fa74c (1.9.11) CVE-2020-15274 (In Wiki.js before version 2.5.162, an XSS payload can be injected in a ...) NOT-FOR-US: Wiki.js CVE-2020-15273 (baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. T ...) NOT-FOR-US: baserCMS CVE-2020-15272 (In the git-tag-annotation-action (open source GitHub Action) before ve ...) NOT-FOR-US: git-tag-annotation-action CVE-2020-15271 (In lookatme (python/pypi package) versions prior to 2.3.0, the package ...) - lookatme 2.3.0-1 (bug #972988) NOTE: https://github.com/d0c-s4vage/lookatme/security/advisories/GHSA-c84h-w6cr-5v8q NOTE: https://github.com/d0c-s4vage/lookatme/commit/72fe36b784b234548d49dae60b840c37f0eb8d84 (v2.3.0) NOTE: https://github.com/d0c-s4vage/lookatme/pull/110 CVE-2020-15270 (Parse Server (npm package parse-server) broadcasts events to all clien ...) NOT-FOR-US: Node parse-server CVE-2020-15269 (In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens ...) NOT-FOR-US: Spree CVE-2020-15268 RESERVED CVE-2020-15267 RESERVED CVE-2020-15266 (In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.i ...) - tensorflow (bug #804612) CVE-2020-15265 (In Tensorflow before version 2.4.0, an attacker can pass an invalid `a ...) - tensorflow (bug #804612) CVE-2020-15264 (The Boxstarter installer before version 2.13.0 configures C:\ProgramDa ...) NOT-FOR-US: Boxstarter CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not properly e ...) NOT-FOR-US: Laravel Orchid Platform CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all dynamically ...) NOT-FOR-US: Node webpack-subresource-integrity CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an unquoted ...) - veyon (Windows-specific) NOTE: https://github.com/veyon/veyon/security/advisories/GHSA-c8cc-x786-hqqp CVE-2020-15260 (PJSIP is a free and open source multimedia communication library writt ...) - pjproject [stretch] - pjproject (Vulnerable code introduced later, no connection reuse available) - ring 20210112.2.b757bac~ds1-1 (bug #986815) [buster] - ring (Vulnerable code introduced later, no connection reuse available in embedded pjproject) [stretch] - ring (Vulnerable code introduced later, no connection reuse available in embedded pjproject) NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-8hcp-hm38-mfph NOTE: https://github.com/pjsip/pjproject/commit/67e46c1ac45ad784db5b9080f5ed8b133c122872 NOTE: https://github.com/pjsip/pjproject/pull/2663 CVE-2020-15259 (ad-ldap-connector's admin panel before version 5.0.13 does not provide ...) NOT-FOR-US: ad-ldap-connector CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without checking ...) NOT-FOR-US: Wire app CVE-2020-15257 (containerd is an industry-standard container runtime and is available ...) {DSA-4865-1} - containerd 1.4.3~ds1-1 - docker.io 20.10.0~rc1+dfsg2-1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-36xw-fx78-c5r4 NOTE: https://github.com/containerd/containerd/commit/3519233e1b5a408c7e92b0af4293000820a0089b (v1.2) NOTE: docker.io switched to systemwide containerd packages in 20.10.0~rc1+dfsg2-1 CVE-2020-15256 (A prototype pollution vulnerability has been found in `object-path` &l ...) - node-object-path 0.11.5-3 [buster] - node-object-path 0.11.4-2+deb10u1 [stretch] - node-object-path (Minor issue) NOTE: https://github.com/mariocasciaro/object-path/security/advisories/GHSA-cwx2-736x-mf6w CVE-2020-15255 (In Anuko Time Tracker before verion 1.19.23.5325, due to not properly ...) NOT-FOR-US: Anuko Time Tracker CVE-2020-15254 (Crossbeam is a set of tools for concurrent programming. In crossbeam-c ...) - firefox 82.0-1 - rust-crossbeam-channel (Only affected 0.4.3 which was not released in Debian) NOTE: https://github.com/crossbeam-rs/crossbeam/security/advisories/GHSA-v5m7-53cv-f3hx NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-45/#CVE-2020-15254 CVE-2020-15253 (Versions of Grocy <= 2.7.1 are vulnerable to Cross-Site Scripting v ...) NOT-FOR-US: Grocy CVE-2020-15252 (In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right ( ...) NOT-FOR-US: XWiki CVE-2020-15251 (In the Channelmgnt plug-in for Sopel (a Python IRC bot) before version ...) NOT-FOR-US: Channelmgnt plug-in for Sopel CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule TemporaryF ...) {DLA-2426-1} - junit4 4.13.1-1 (bug #972231) [buster] - junit4 (Minor issue) NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp NOTE: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae CVE-2020-15249 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2020-15248 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2020-15247 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2020-15246 (October is a free, open-source, self-hosted CMS platform based on the ...) NOT-FOR-US: October CMS CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...) NOT-FOR-US: Sylius CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before versions 19. ...) NOT-FOR-US: Magento CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi Authentication a ...) NOT-FOR-US: Smartstore CVE-2020-15242 (Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Re ...) NOT-FOR-US: next.js CVE-2020-15241 (TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, ...) NOT-FOR-US: TYPO3 Fluid Engine CVE-2020-15240 (omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improper ...) - ruby-omniauth-auth0 (Introduced in 2.3.0) NOTE: https://github.com/auth0/omniauth-auth0/security/advisories/GHSA-58r4-h6v8-jcvm CVE-2020-15239 (In xmpp-http-upload before version 0.4.0, when the GET method is attac ...) NOT-FOR-US: xmpp-http-upload CVE-2020-15238 (Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the Dhcp ...) {DSA-4781-1 DLA-2430-1} - blueman 2.1.4-1 (bug #973718) NOTE: https://github.com/blueman-project/blueman/security/advisories/GHSA-jpc9-mgw6-2xwx NOTE: https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1897287 NOTE: https://github.com/blueman-project/blueman/commit/02161d60e8e311b08fb18254615259085fcd6688 NOTE: Additionally Build-Depends on libpolkit-agent-1-dev needed (blueman should NOTE: use polkit for authorisation but due to a packaging issue this was not NOTE: enabled). CVE-2020-15237 (In Shrine before version 3.3.0, when using the `derivation_endpoint` p ...) NOT-FOR-US: Shrine CVE-2020-15236 (In Wiki.js before version 2.5.151, directory traversal outside of Wiki ...) NOT-FOR-US: Wiki.js CVE-2020-15235 (In RACTF before commit f3dc89b, unauthenticated users are able to get ...) NOT-FOR-US: RACTF CVE-2020-15234 (ORY Fosite is a security first OAuth2 & OpenID Connect framework f ...) NOT-FOR-US: ORY Fosite CVE-2020-15233 (ORY Fosite is a security first OAuth2 & OpenID Connect framework f ...) NOT-FOR-US: ORY Fosite CVE-2020-15232 (In mapfish-print before version 3.24, a user can do to an XML External ...) NOT-FOR-US: mapfish-print CVE-2020-15231 (In mapfish-print before version 3.24, a user can use the JSONP support ...) NOT-FOR-US: mapfish-print CVE-2020-15230 (Vapor is a web framework for Swift. In Vapor before version 4.29.4, At ...) NOT-FOR-US: Vapor CVE-2020-15229 (Singularity (an open source container platform) from version 3.1.1 thr ...) - singularity-container (bug #972212) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-7gcp-w6ww-2xv9 CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` and ` ...) NOT-FOR-US: Node @actions/core CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...) {DLA-2617-1} - php-nette NOTE: https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94 CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the API's se ...) - glpi CVE-2020-15225 (django-filter is a generic system for filtering Django QuerySets based ...) - django-filter 2.4.0-1 [buster] - django-filter (Minor issue) [stretch] - django-filter (Minor issue) NOTE: https://github.com/carltongibson/django-filter/security/advisories/GHSA-x7gm-rfgv-w973 NOTE: https://github.com/carltongibson/django-filter/commit/340cf7a23a2b3dcd7183f6a0d6c383e85b130d2b CVE-2020-15224 (In Open Enclave before version 0.12.0, an information disclosure vulne ...) NOT-FOR-US: Open Enclave CVE-2020-15223 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...) NOT-FOR-US: ORY Fosite CVE-2020-15222 (In ORY Fosite (the security first OAuth2 & OpenID Connect framewor ...) NOT-FOR-US: ORY Fosite CVE-2020-15221 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) NOT-FOR-US: Combodo iTop CVE-2020-15220 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) NOT-FOR-US: Combodo iTop CVE-2020-15219 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) NOT-FOR-US: Combodo iTop CVE-2020-15218 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) NOT-FOR-US: Combodo iTop CVE-2020-15217 (In GLPI before version 9.5.2, there is a leakage of user information t ...) - glpi CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) before ve ...) - golang-github-russellhaering-goxmldsig 1.1.0-1 (bug #971615) [buster] - golang-github-russellhaering-goxmldsig (Minor issue) NOTE: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7 NOTE: https://github.com/russellhaering/goxmldsig/commit/f6188febf0c29d7ffe26a0436212b19cb9615e64 CVE-2020-15215 (Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vuln ...) - electron (bug #842420) CVE-2020-15214 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...) - tensorflow (bug #804612) CVE-2020-15213 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...) - tensorflow (bug #804612) CVE-2020-15212 (In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segme ...) - tensorflow (bug #804612) CVE-2020-15211 (In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) - tensorflow (bug #804612) CVE-2020-15210 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) - tensorflow (bug #804612) CVE-2020-15209 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) - tensorflow (bug #804612) CVE-2020-15208 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) - tensorflow (bug #804612) CVE-2020-15207 (In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3 ...) - tensorflow (bug #804612) CVE-2020-15206 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, c ...) - tensorflow (bug #804612) CVE-2020-15205 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) - tensorflow (bug #804612) CVE-2020-15204 (In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 ...) - tensorflow (bug #804612) CVE-2020-15203 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, b ...) - tensorflow (bug #804612) CVE-2020-15202 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) - tensorflow (bug #804612) CVE-2020-15201 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...) - tensorflow (bug #804612) CVE-2020-15200 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` impl ...) - tensorflow (bug #804612) CVE-2020-15199 (In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does ...) - tensorflow (bug #804612) CVE-2020-15198 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...) - tensorflow (bug #804612) CVE-2020-15197 (In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` impl ...) - tensorflow (bug #804612) CVE-2020-15196 (In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `Ragged ...) - tensorflow (bug #804612) CVE-2020-15195 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) - tensorflow (bug #804612) CVE-2020-15194 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) - tensorflow (bug #804612) CVE-2020-15193 (In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of ` ...) - tensorflow (bug #804612) CVE-2020-15192 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list ...) - tensorflow (bug #804612) CVE-2020-15191 (In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an inv ...) - tensorflow (bug #804612) CVE-2020-15190 (In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, t ...) - tensorflow (bug #804612) CVE-2020-15189 (SOY CMS 3.0.2 and earlier is affected by Remote Code Execution (RCE) u ...) NOT-FOR-US: SOY CMS CVE-2020-15188 (SOY CMS 3.0.2.327 and earlier is affected by Unauthenticated Remote Co ...) NOT-FOR-US: SOY CMS CVE-2020-15187 (In Helm before versions 2.16.11 and 3.3.2, a Helm plugin can contain d ...) - helm-kubernetes (bug #910799) CVE-2020-15186 (In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitiz ...) - helm-kubernetes (bug #910799) CVE-2020-15185 (In Helm before versions 2.16.11 and 3.3.2, a Helm repository can conta ...) - helm-kubernetes (bug #910799) CVE-2020-15184 (In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the ...) - helm-kubernetes (bug #910799) CVE-2020-15183 (SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting ...) NOT-FOR-US: SoyCMS CVE-2020-15182 (The SOY Inquiry component of SOY CMS is affected by Cross-site Request ...) NOT-FOR-US: SoyCMS CVE-2020-15181 (The Alfresco Reset Password add-on before version 1.2.0 relies on untr ...) NOT-FOR-US: Alfresco Reset Password add-on CVE-2020-15180 (A flaw was found in the mysql-wsrep component of mariadb. Lack of inpu ...) {DSA-4776-1 DLA-2409-1} - mariadb-10.5 1:10.5.6-1 [experimental] - mariadb-10.3 1:10.3.27-1~exp1 - mariadb-10.3 (bug #972746) - mariadb-10.1 - percona-xtradb-cluster-5.5 NOTE: Fixed in MariaDB 10.5.6, 10.4.15, 10.3.25, 10.2.34, 10.1.47 NOTE: https://jira.mariadb.org/browse/MDEV-23884 NOTE: https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/ CVE-2020-15179 (The ScratchSig extension for MediaWiki before version 1.0.1 allows sto ...) NOT-FOR-US: ScratchSig MediaWiki extension CVE-2020-15178 (In PrestaShop contactform module (prestashop/contactform) before versi ...) NOT-FOR-US: PrestaShop CVE-2020-15177 (In GLPI before version 9.5.2, the `install/install.php` endpoint insec ...) - glpi CVE-2020-15176 (In GLPI before version 9.5.2, when supplying a back tick in input that ...) - glpi CVE-2020-15175 (In GLPI before version 9.5.2, the `​pluginimage.send.php​` ...) - glpi CVE-2020-15174 (In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the ...) - electron (bug #842420) CVE-2020-15173 (In ACCEL-PPP (an implementation of PPTP/PPPoE/L2TP/SSTP), there is a b ...) NOT-FOR-US: ACCEL-PPP CVE-2020-15172 (The Act module for Red Discord Bot before commit 6b9f3b86 is vulnerabl ...) NOT-FOR-US: Act module for Red Discord Bot CVE-2020-15171 (In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right ...) NOT-FOR-US: XWiki CVE-2020-15170 (apollo-adminservice before version 1.7.1 does not implement access con ...) NOT-FOR-US: apollo-adminservice CVE-2020-15169 (In Action View before versions 5.2.4.4 and 6.0.3.3 there is a potentia ...) {DSA-4766-1 DLA-2403-1} - rails 2:6.0.3.3+dfsg-1 (bug #970040) NOTE: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionview/CVE-2020-15169.yml NOTE: https://groups.google.com/g/rubyonrails-security/c/b-C9kSGXYrc?pli=1 NOTE: https://github.com/rails/rails/commit/e663f084460ea56c55c3dc76f78c7caeddeeb02e (master) NOTE: https://github.com/rails/rails/commit/aaa7ab1320330b3c4fa8f0fbda716dcfa21e3d65 (5.2) CVE-2020-15168 (node-fetch before versions 2.6.1 and 3.0.0-beta.9 did not honor the si ...) [experimental] - node-fetch 2.6.1-1 - node-fetch 2.6.1-2 (bug #970173) [buster] - node-fetch (Minor issue; Intrusive to backport) NOTE: https://github.com/node-fetch/node-fetch/security/advisories/GHSA-w7rc-rwvf-8q5r CVE-2020-15167 (In Miller (command line utility) using the configuration file support ...) - miller 5.9.1+dfsg-1 (bug #969467) [buster] - miller (Introduced in 5.9.0) [stretch] - miller (Introduced in 5.9.0) NOTE: https://github.com/johnkerl/miller/security/advisories/GHSA-mw2v-4q78-j2cw CVE-2020-15166 (In ZeroMQ before version 4.3.3, there is a denial-of-service vulnerabi ...) {DSA-4761-1 DLA-2443-1} - zeromq3 4.3.3-1 NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/3 NOTE: https://github.com/zeromq/libzmq/security/advisories/GHSA-25wp-cf8g-938m NOTE: https://github.com/zeromq/libzmq/commit/e7f0090b161ce6344f6bd35009816a925c070b09 CVE-2020-15165 (Version 1.1.6-free of Chameleon Mini Live Debugger on Google Play Stor ...) NOT-FOR-US: Chameleon Mini Live Debugger CVE-2020-15164 (in Scratch Login (MediaWiki extension) before version 1.1, any account ...) NOT-FOR-US: Scrach Login MediaWiki extension CVE-2020-15163 (Python TUF (The Update Framework) reference implementation before vers ...) - python-tuf (bug #934151) CVE-2020-15162 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users a ...) NOT-FOR-US: PrestaShop CVE-2020-15161 (In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attac ...) NOT-FOR-US: PrestaShop CVE-2020-15160 (PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerab ...) NOT-FOR-US: PrestaShop CVE-2020-15159 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) a ...) NOT-FOR-US: baserCMS CVE-2020-15158 (In libIEC61850 before version 1.4.3, when a message with COTP message ...) NOT-FOR-US: libIEC61850 CVE-2020-15157 (In containerd (an industry-standard container runtime) before version ...) {DSA-4865-1} - containerd 1.3.2~ds1-2 - docker.io 19.03.13+dfsg2-1 NOTE: https://www.openwall.com/lists/oss-security/2020/10/15/1 NOTE: https://github.com/containerd/containerd/security/advisories/GHSA-742w-89gc-8m9c NOTE: https://github.com/containerd/containerd/commit/1ead8d9deb3b175bf40413b8c47b3d19c2262726 (v1.2.14) NOTE: docker.io switched to systemwide containerd packages in 20.10.0~rc1+dfsg2-1 NOTE: docker.io/19.03.13+dfsg2-1 uses containerd 1.3.7 CVE-2020-15156 (In nodebb-plugin-blog-comments before version 0.7.0, a logged in user ...) NOT-FOR-US: nodebb-plugin-blog-comments CVE-2020-15155 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...) NOT-FOR-US: baserCMS CVE-2020-15154 (baserCMS 4.3.6 and earlier is affected by Cross Site Scripting (XSS) v ...) NOT-FOR-US: baserCMS CVE-2020-15153 (Ampache before version 4.2.2 allows unauthenticated users to perform S ...) - ampache CVE-2020-15152 (ftp-srv is an npm package which is a modern and extensible FTP server ...) NOT-FOR-US: Node ftp-srv CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...) NOT-FOR-US: OpenMage CVE-2020-15150 (There is a vulnerability in Paginator (Elixir/Hex package) which makes ...) NOT-FOR-US: Paginator CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...) NOT-FOR-US: NodeBB CVE-2020-15148 (Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote cod ...) - yii (bug #597899) CVE-2020-15147 (Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execu ...) NOT-FOR-US: Red Discord Bot CVE-2020-15146 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...) NOT-FOR-US: SyliusResourceBundle CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...) NOT-FOR-US: Composer-Setup for Windows CVE-2020-15144 RESERVED CVE-2020-15143 (In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4 ...) NOT-FOR-US: SyliusResourceBundle CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with ...) NOT-FOR-US: openapi-python-client CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...) NOT-FOR-US: openapi-python-client CVE-2020-15140 (In Red Discord Bot before version 3.3.11, a RCE exploit has been disco ...) NOT-FOR-US: Red Discord Bot CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visu ...) NOT-FOR-US: MyBB CVE-2020-15138 (Prism is vulnerable to Cross-Site Scripting. The easing preview of the ...) - node-prismjs 1.11.0+dfsg-4 (bug #968094) NOTE: https://github.com/PrismJS/prism/security/advisories/GHSA-wvhm-4hhf-97x9 NOTE: https://github.com/PrismJS/prism/commit/8bba4880202ef6bd7a1e379fe9aebe69dd75f7be CVE-2020-15137 (All versions of HoRNDIS are affected by an integer overflow in the RND ...) NOT-FOR-US: HoRNDIS CVE-2020-15136 (In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968752) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-wr2v-9rpq-c35q CVE-2020-15135 (save-server (npm package) before version 1.05 is affected by a CSRF vu ...) NOT-FOR-US: Node save-server CVE-2020-15134 (Faye before version 1.4.0, there is a lack of certification validation ...) - ruby-faye 1.4.0-1 (bug #967063) [buster] - ruby-faye (Minor issue) NOTE: https://github.com/faye/faye/security/advisories/GHSA-3q49-h8f9-9fr9 NOTE: https://github.com/faye/faye/issues/524 NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ CVE-2020-15133 (In faye-websocket before version 0.11.0, there is a lack of certificat ...) - ruby-faye-websocket 0.11.0-1 (bug #967061) [buster] - ruby-faye-websocket (Minor issue) NOTE: https://github.com/faye/faye-websocket-ruby/security/advisories/GHSA-2v5c-755p-p4gv NOTE: https://github.com/faye/faye-websocket-ruby/pull/129 NOTE: https://blog.jcoglan.com/2020/07/31/missing-tls-verification-in-faye/ CVE-2020-15132 (In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget pa ...) NOT-FOR-US: Sulu CVE-2020-15131 (In SLP Validate (npm package slp-validate) before version 1.2.2, there ...) NOT-FOR-US: Node slp-validate CVE-2020-15130 (In SLPJS (npm package slpjs) before version 0.27.4, there is a vulnera ...) NOT-FOR-US: Node slpjs CVE-2020-15129 (In Traefik before versions 1.7.26, 2.2.8, and 2.3.0-rc3, there exists ...) NOT-FOR-US: Traefik CVE-2020-15128 (In OctoberCMS before version 1.0.468, encrypted cookie values were not ...) NOT-FOR-US: October CMS CVE-2020-15127 (In Contour ( Ingress controller for Kubernetes) before version 1.7.0, ...) NOT-FOR-US: Countour CVE-2020-15126 (In parser-server from version 3.5.0 and before 4.3.0, an authenticated ...) NOT-FOR-US: Node parser-server CVE-2020-15125 (In auth0 (npm package) versions before 2.27.1, a DenyList of specific ...) NOT-FOR-US: Node auth0 CVE-2020-15124 (In Goobi Viewer Core before version 4.8.3, a path traversal vulnerabil ...) NOT-FOR-US: Goobi Viewer Core CVE-2020-15123 (In codecov (npm package) before version 3.7.1 the upload method has a ...) NOT-FOR-US: Node codedev CVE-2020-15122 RESERVED CVE-2020-15121 (In radare2 before version 4.5.0, malformed PDB file names in the PDB s ...) - radare2 5.0.0+dfsg-1 NOTE: https://github.com/radareorg/radare2/security/advisories/GHSA-r552-vp94-9358 NOTE: https://github.com/radareorg/radare2/commit/04edfa82c1f3fa2bc3621ccdad2f93bdbf00e4f9 NOTE: https://github.com/radareorg/radare2/issues/16945 NOTE: https://github.com/radareorg/radare2/pull/16966 CVE-2020-15120 (In "I hate money" before version 4.1.5, an authenticated member of one ...) NOT-FOR-US: ihatemoney CVE-2020-15119 (In auth0-lock versions before and including 11.25.1, dangerouslySetInn ...) NOT-FOR-US: Node auth0-lock CVE-2020-15118 (In Wagtail before versions 2.7.4 and 2.9.3, when a form page type is m ...) NOT-FOR-US: Wagtail CVE-2020-15117 (In Synergy before version 1.12.0, a Synergy server can be crashed by r ...) - synergy [stretch] - synergy (minor issue, low priority) NOTE: https://github.com/symless/synergy-core/commit/0a97c2be0da2d0df25cb86dfd642429e7a8bea39 NOTE: https://github.com/symless/synergy-core/security/advisories/GHSA-chfm-333q-gfpp CVE-2020-15116 RESERVED CVE-2020-15115 (etcd before versions 3.3.23 and 3.4.10 does not perform any password l ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968740) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-4993-m7g5-r9hh CVE-2020-15114 (In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simpl ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968740) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-2xhq-gv6c-p224 CVE-2020-15113 (In etcd before versions 3.3.23 and 3.4.10, certain directory paths are ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968740) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-chh6-ppwq-jh92 CVE-2020-15112 (In etcd before versions 3.3.23 and 3.4.10, it is possible to have an e ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968740) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-m332-53r6-2w93 CVE-2020-15111 (In Fiber before version 1.12.6, the filename that is given in c.Attach ...) NOT-FOR-US: Fiber CVE-2020-15110 (In jupyterhub-kubespawner before 0.12, certain usernames will be able ...) NOT-FOR-US: jupyterhub-kubespawner CVE-2020-15109 (In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bilit ...) NOT-FOR-US: solidus CVE-2020-15108 (In glpi before 9.5.1, there is a SQL injection for all usages of "Clon ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-qv6w-68gq-wx2v NOTE: https://github.com/glpi-project/glpi/commit/a4baa64114eb92fd2adf6056a36e0582324414ba NOTE: https://github.com/glpi-project/glpi/pull/6684 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-15107 (In openenclave before 0.10.0, enclaves that use x87 FPU operations are ...) NOT-FOR-US: openenclave CVE-2020-15106 (In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic ...) [experimental] - etcd 3.3.25+dfsg-1 - etcd 3.3.25+dfsg-5 (bug #968740) [buster] - etcd (Minor issue) NOTE: https://github.com/etcd-io/etcd/security/advisories/GHSA-p4g4-wgrh-qrg2 CVE-2020-15105 (Django Two-Factor Authentication before 1.12, stores the user's passwo ...) NOT-FOR-US: Django Two-Factor Authentication CVE-2020-15104 (In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when valid ...) - envoyproxy (bug #987544) CVE-2020-15103 (In FreeRDP less than or equal to 2.1.2, an integer overflow exists due ...) - freerdp2 2.2.0+dfsg1-1 (bug #965979) [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Vulnerable gfx code not present) NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381 NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0) NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0) CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...) NOT-FOR-US: PrestaShop CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...) NOT-FOR-US: freewvs CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...) NOT-FOR-US: freewvs CVE-2020-15099 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...) NOT-FOR-US: TYPO3 CVE-2020-15098 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and ...) NOT-FOR-US: TYPO3 CVE-2020-15097 (loklak is an open-source server application which is able to collect m ...) NOT-FOR-US: loklak CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...) - electron (bug #842420) CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...) - npm 6.14.6+ds-1 (low; bug #964746) [buster] - npm 5.8.0+ds6-4+deb10u2 NOTE: https://github.com/npm/cli/security/advisories/GHSA-93f3-23rq-pjfp NOTE: https://github.com/npm/cli/commit/a9857b8f6869451ff058789c4631fadfde5bbcbc CVE-2020-15094 (In Symfony before versions 4.4.13 and 5.1.5, the CachingHttpClient cla ...) - symfony 4.4.13+dfsg-1 [buster] - symfony (Vulnerable code introduced later - in v4.4.0) [stretch] - symfony (Vulnerable code introduced later - in v4.4.0) NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-754h-5r27-7x3r NOTE: https://github.com/symfony/symfony/commit/d9910e0b33a2e0f993abff41c6fbc86951b66d78 CVE-2020-15093 (The tough library (Rust/crates.io) prior to version 0.7.1 does not pro ...) NOT-FOR-US: Rust tough CVE-2020-15092 (In TimelineJS before version 3.7.0, some user data renders as HTML. An ...) NOT-FOR-US: TimelineJS CVE-2020-15091 (TenderMint from version 0.33.0 and before version 0.33.6 allows block ...) NOT-FOR-US: TenderMint CVE-2020-15090 RESERVED CVE-2020-15089 RESERVED CVE-2020-15088 RESERVED CVE-2020-15087 (In Presto before version 337, authenticated users can bypass authoriza ...) NOT-FOR-US: Presto query engine, different from src:presto CVE-2020-15086 (In TYPO3 installations with the "mediace" extension from version 7.6.2 ...) NOT-FOR-US: TYPO3 CVE-2020-15085 (In Saleor Storefront before version 2.10.3, request data used to authe ...) NOT-FOR-US: Saleor Storefront CVE-2020-15084 (In express-jwt (NPM package) up and including version 5.3.3, the algor ...) NOT-FOR-US: Node express-jwt CVE-2020-15083 (In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a ta ...) NOT-FOR-US: PrestaShop CVE-2020-15082 (In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the das ...) NOT-FOR-US: PrestaShop CVE-2020-15081 (In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is inform ...) NOT-FOR-US: PrestaShop CVE-2020-15080 (In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some fi ...) NOT-FOR-US: PrestaShop CVE-2020-15079 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there i ...) NOT-FOR-US: PrestaShop CVE-2020-15078 (OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass ...) - openvpn 2.5.1-2 (bug #987380) [buster] - openvpn 2.4.7-1+deb10u1 [stretch] - openvpn (Minor issue) NOTE: https://github.com/OpenVPN/openvpn/commit/f7b3bf067ffce72e7de49a4174fd17a3a83f0573 (v2.5.2) NOTE: https://github.com/OpenVPN/openvpn/commit/3d18e308c4e7e6f7ab7c2826c70d2d07b031c18a (v2.5.2) NOTE: https://github.com/OpenVPN/openvpn/commit/3aca477a1b58714754fea3a26d0892fffc51db6b (v2.5.2) NOTE: https://github.com/OpenVPN/openvpn/commit/0e5516a9d656ce86f7fb370c824344ea1760c255 (2.4.11) CVE-2020-15077 (OpenVPN Access Server 2.8.7 and earlier versions allows a remote attac ...) NOT-FOR-US: OpenVPN Access Server (security impact for src:openvpn covered by CVE-2020-15078) CVE-2020-15076 (Private Tunnel installer for macOS version 3.0.1 and older versions ma ...) NOT-FOR-US: Private Tunnel installer for macOS CVE-2020-15075 (OpenVPN Connect installer for macOS version 3.2.6 and older may corrup ...) NOT-FOR-US: OpenVPN Connect installer for macOS CVE-2020-15074 (OpenVPN Access Server older than version 2.8.4 and version 2.9.5 gener ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-15073 (An issue was discovered in phpList through 3.5.4. An XSS vulnerability ...) - phplist (bug #612288) CVE-2020-15072 (An issue was discovered in phpList through 3.5.4. An error-based SQL I ...) - phplist (bug #612288) CVE-2020-15071 (content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS ...) NOT-FOR-US: Symphony CMS CVE-2020-15070 (Zulip Server 2.x before 2.1.7 allows eval injection if a privileged at ...) - zulip-server (bug #800052) CVE-2020-15069 (Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow an ...) NOT-FOR-US: Sophos CVE-2020-15068 RESERVED CVE-2020-15067 RESERVED CVE-2020-15066 RESERVED CVE-2020-15065 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15064 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15063 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15062 (DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices al ...) NOT-FOR-US: DIGITUS DA-70254 4-Port Gigabit Network Hub devices CVE-2020-15061 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15060 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15059 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15058 (Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices al ...) NOT-FOR-US: Lindy 42633 4-Port USB 2.0 Gigabit Network Server devices CVE-2020-15057 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15056 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15055 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15054 (TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 al ...) NOT-FOR-US: TP-Link CVE-2020-15053 (An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflec ...) NOT-FOR-US: Artica Proxy CVE-2020-15052 (An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL In ...) NOT-FOR-US: Artica Proxy CVE-2020-15051 (An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS ...) NOT-FOR-US: Artica Proxy CVE-2020-15050 (An issue was discovered in the Video Extension in Suprema BioStar 2 be ...) NOT-FOR-US: Suprema BioStar CVE-2020-15049 (An issue was discovered in http/ContentLengthInterpreter.cc in Squid b ...) {DSA-4732-1 DLA-2394-1} - squid 4.12-1 - squid3 NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qf3v-rc95-96j5 NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-ea12a34d338b962707d5078d6d1fc7c6eb119a22.patch CVE-2020-15048 RESERVED CVE-2020-15047 (MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification er ...) - trojita (bug #795701) CVE-2020-15046 (The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a ...) NOT-FOR-US: Supermicro CVE-2020-15045 RESERVED CVE-2020-15044 RESERVED CVE-2020-15043 (iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling ...) NOT-FOR-US: iBall WRB303N devices CVE-2020-15042 RESERVED CVE-2020-15041 (PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Ad ...) NOT-FOR-US: PHP-Fusion CVE-2020-15040 RESERVED CVE-2020-15039 RESERVED CVE-2020-15038 (The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. ...) NOT-FOR-US: WordPress plugin CVE-2020-15037 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15036 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15035 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15034 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15033 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15032 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15031 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15030 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) NOT-FOR-US: NeDi CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...) NOT-FOR-US: NeDi CVE-2020-15027 (ConnectWise Automate through 2020.x has insufficient validation on cer ...) NOT-FOR-US: ConnectWise CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...) NOT-FOR-US: Bludit CVE-2020-15025 (ntpd in ntp 4.2.8 before 4.2.8p15 and 4.3.x before 4.3.101 allows remo ...) - ntp 1:4.2.8p15-1 (low; bug #963807) [buster] - ntp (Minor issue) [stretch] - ntp (Vulnerable code introduced later) [jessie] - ntp (Vulnerable code introduced later) - ntpsec (Vulnerable code not present) NOTE: https://support.ntp.org/bin/view/Main/NtpBug3661 NOTE: https://support.ntp.org/bin/view/Main/SecurityNotice#June_2020_ntp_4_2_8p15_NTP_Relea NOTE: https://bugs.ntp.org/show_bug.cgi?id=3661 NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e84aa07N2NcL4sE_0dW35Tizc74SA CVE-2020-15024 (An issue was discovered in the Login Password feature of the Password ...) NOT-FOR-US: Avast Antivirus CVE-2020-15023 (Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected b ...) NOT-FOR-US: Askey CVE-2020-15022 RESERVED CVE-2020-15021 RESERVED CVE-2020-15020 (An issue was discovered in the Elementor plugin through 2.9.13 for Wor ...) NOT-FOR-US: Elementor plugin for WordPress CVE-2020-15019 RESERVED CVE-2020-15018 (playSMS through 1.4.3 is vulnerable to session fixation. ...) NOT-FOR-US: playSMS CVE-2020-15017 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices ...) NOT-FOR-US: NeDi CVE-2020-15016 (NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other-C ...) NOT-FOR-US: NeDi CVE-2020-15015 (The FileExplorer component in GleamTech FileUltimate 6.1.5.0 allows XS ...) NOT-FOR-US: FileExplorer component in GleamTech FileUltimate CVE-2020-15014 (pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. ...) NOT-FOR-US: BlogCMS CVE-2020-15013 RESERVED CVE-2020-15012 (A Directory Traversal issue was discovered in Sonatype Nexus Repositor ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-15011 (GNU Mailman before 2.1.33 allows arbitrary content injection via the C ...) {DSA-4991-1 DLA-2276-1 DLA-2265-1} - mailman NOTE: https://bugs.launchpad.net/mailman/+bug/1877379 NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1848 CVE-2020-15010 RESERVED CVE-2020-15009 (AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe i ...) NOT-FOR-US: ASUS CVE-2020-15008 (A SQLi exists in the probe code of all Connectwise Automate versions b ...) NOT-FOR-US: Connectwise CVE-2020-15007 (A buffer overflow in the M_LoadDefaults function in m_misc.c in id Tec ...) - rbdoom3bfg (unimportant) NOTE: https://github.com/AXDOOMER/doom-vanille/commit/8a6d9a02fa991a91ff90ccdc73b5ceabaa6cb9ec NOTE: Problematic code not built CVE-2020-15006 (Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document ...) NOT-FOR-US: Bludit CVE-2020-15005 (In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34. ...) {DSA-4767-1 DLA-2504-1} - mediawiki 1:1.31.8-1 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-June/093535.html CVE-2020-15004 (OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. ...) NOT-FOR-US: Open-Xchange App Suite CVE-2020-15003 (OX App Suite through 7.10.3 allows Information Exposure because a user ...) NOT-FOR-US: Open-Xchange App Suite CVE-2020-15002 (OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/me ...) NOT-FOR-US: Open-Xchange App Suite CVE-2020-15001 (An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0 ...) NOT-FOR-US: Yubico YubiKey 5 NFC devices CVE-2020-15000 (A PIN management problem was discovered on Yubico YubiKey 5 devices 5. ...) NOT-FOR-US: Yubico YubiKey 5 devices CVE-2020-14999 (A logic bug in system monitoring driver of Acronis Agent after 12.5.21 ...) NOT-FOR-US: Acronis CVE-2020-14998 RESERVED CVE-2020-14997 RESERVED CVE-2020-14996 RESERVED CVE-2020-14995 RESERVED CVE-2020-14994 RESERVED CVE-2020-14993 (A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vig ...) NOT-FOR-US: DrayTek devices CVE-2020-14992 RESERVED CVE-2020-14991 RESERVED CVE-2020-14990 (IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain p ...) NOT-FOR-US: IOBit Advanced SystemCare Free CVE-2020-14989 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...) NOT-FOR-US: Bloomreach Experience Manager (brXM) CVE-2020-14988 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...) NOT-FOR-US: Bloomreach Experience Manager (brXM) CVE-2020-14987 (An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 ...) NOT-FOR-US: Bloomreach Experience Manager (brXM) CVE-2020-14986 RESERVED CVE-2020-14985 RESERVED CVE-2020-14984 RESERVED CVE-2020-14983 (The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't valid ...) - crispy-doom 5.9.0-1 (bug #964564) [buster] - crispy-doom (Minor issue) - chocolate-doom 3.0.1-1 [buster] - chocolate-doom 3.0.0-4+deb10u1 [stretch] - chocolate-doom (Minor issue) [jessie] - chocolate-doom (games are not supported) NOTE: https://github.com/chocolate-doom/chocolate-doom/issues/1293 NOTE: https://github.com/chocolate-doom/chocolate-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1 NOTE: https://github.com/fabiangreffrath/crispy-doom/commit/8b6cfbfc6c934923b3c2c16e5e7e5a74d5d238e1 CVE-2020-14982 (A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later be ...) NOT-FOR-US: Kronos WebTA CVE-2020-14981 (The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS ha ...) NOT-FOR-US: ThreatTrack VIPRE Password Vault app for IOS CVE-2020-14980 (The Sophos Secure Email application through 3.9.4 for Android has Miss ...) NOT-FOR-US: Sophos Secure Email application for Android CVE-2020-14979 (The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X ...) NOT-FOR-US: EVGA Precision X1 CVE-2020-14978 (An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorre ...) NOT-FOR-US: F-Secure SAFE CVE-2020-14977 (An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC servic ...) NOT-FOR-US: F-Secure SAFE CVE-2020-14976 (GNS3 ubridge through 0.9.18 on macOS, as used in GNS3 server before 2. ...) - gns3-server (bug #766166) CVE-2020-14975 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to del ...) NOT-FOR-US: IOBit Unlocker CVE-2020-14974 (The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unl ...) NOT-FOR-US: IOBit Unlocker CVE-2020-14973 (The loginForm within the general/login.php webpage in webTareas 2.0p8 ...) NOT-FOR-US: webTareas CVE-2020-14972 (Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online ...) NOT-FOR-US: Sourcecodester Pisay Online E-Learning System CVE-2020-14971 (Pi-hole through 5.0 allows code injection in piholedhcp (the Static DH ...) NOT-FOR-US: Pi-hole CVE-2020-14970 RESERVED CVE-2020-14969 (app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribu ...) NOT-FOR-US: MISP CVE-2020-14968 (An issue was discovered in the jsrsasign package before 8.0.17 for Nod ...) NOT-FOR-US: jsrsasign CVE-2020-14967 (An issue was discovered in the jsrsasign package before 8.0.18 for Nod ...) NOT-FOR-US: jsrsasign CVE-2020-14966 (An issue was discovered in the jsrsasign package through 8.0.18 for No ...) NOT-FOR-US: jsrsasign CVE-2020-14965 (On TP-Link TL-WR740N v4 and TL-WR740ND v4 devices, an attacker with ac ...) NOT-FOR-US: TP-Link CVE-2020-14964 RESERVED CVE-2020-14963 RESERVED CVE-2020-14962 (Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before ...) NOT-FOR-US: Final Tiles Gallery plugin for WordPress CVE-2020-14961 (Concrete5 before 8.5.3 does not constrain the sort direction to a vali ...) NOT-FOR-US: Concrete5 CVE-2020-14960 (A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoi ...) NOT-FOR-US: PHP-Fusion CVE-2020-14959 (Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3. ...) NOT-FOR-US: Easy Testimonials plugin for WordPress CVE-2020-14958 (In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not ...) NOT-FOR-US: Go Git Service CVE-2020-14957 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...) NOT-FOR-US: Windows cleaning assistant CVE-2020-14956 (In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allow ...) NOT-FOR-US: Windows cleaning assistant CVE-2020-14955 (In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows l ...) NOT-FOR-US: Jiangmin Antivirus CVE-2020-14953 RESERVED CVE-2020-14952 RESERVED CVE-2020-14951 RESERVED CVE-2020-14950 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...) NOT-FOR-US: aaPanel CVE-2020-14949 RESERVED CVE-2020-14948 RESERVED CVE-2020-14947 (OCS Inventory NG 2.7 allows Remote Command Execution via shell metacha ...) - ocsinventory-server (unimportant) NOTE: Only supported in trusted environments, see debtags CVE-2020-14946 (downloadFile.ashx in the Administrator section of the Surveillance mod ...) NOT-FOR-US: Surveillance module in Global RADAR BSA Radar CVE-2020-14945 (A privilege escalation vulnerability exists within Global RADAR BSA Ra ...) NOT-FOR-US: Global RADAR BSA Radar CVE-2020-14944 (Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authoriz ...) NOT-FOR-US: Global RADAR BSA Radar CVE-2020-14943 (The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.72 ...) NOT-FOR-US: Global RADAR BSA Radar CVE-2020-14942 (Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\ ...) NOT-FOR-US: Tendenci CVE-2020-14941 RESERVED CVE-2020-14940 (An issue was discovered in io/gpx/GPXDocumentReader.java in TuxGuitar ...) - tuxguitar (bug #963626) [bullseye] - tuxguitar (Minor issue) [buster] - tuxguitar (Minor issue) [stretch] - tuxguitar (Minor issue) [jessie] - tuxguitar (Minor issue) NOTE: https://logicaltrust.net/blog/2020/06/tuxguitar.html NOTE: https://sourceforge.net/p/tuxguitar/bugs/126/ CVE-2020-14939 (An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc ...) - freedroidrpg (low; bug #964197) [bullseye] - freedroidrpg (Minor issue) [buster] - freedroidrpg (Minor issue) [stretch] - freedroidrpg (Minor issue) [jessie] - freedroidrpg (games are not supported) NOTE: https://bugs.freedroid.org/b/issue953 NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html CVE-2020-14938 (An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes le ...) - freedroidrpg (low; bug #964197) [bullseye] - freedroidrpg (Minor issue) [buster] - freedroidrpg (Minor issue) [stretch] - freedroidrpg (Minor issue) [jessie] - freedroidrpg (games are not supported) NOTE: https://bugs.freedroid.org/b/issue952 NOTE: https://logicaltrust.net/blog/2020/02/freedroid.html CVE-2020-14937 (Memory access out of buffer boundaries issues was discovered in Contik ...) NOT-FOR-US: Contiki-NG CVE-2020-14936 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) NOT-FOR-US: Contiki-NG CVE-2020-14935 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) NOT-FOR-US: Contiki-NG CVE-2020-14934 (Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the ...) NOT-FOR-US: Contiki-NG CVE-2020-14933 (** DISPUTED ** compose.php in SquirrelMail 1.4.22 calls unserialize fo ...) - squirrelmail NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1 CVE-2020-14932 (compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtoda ...) - squirrelmail NOTE: https://www.openwall.com/lists/oss-security/2020/06/20/1 CVE-2020-14931 (A stack-based buffer overflow in DMitry (Deepmagic Information Gatheri ...) NOT-FOR-US: DMitry CVE-2020-14930 (An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. A ...) NOT-FOR-US: BT CTROMS Terminal OS Port Portal CT-464 CVE-2020-14929 (Alpine before 2.23 silently proceeds to use an insecure connection aft ...) {DLA-2254-1} - alpine 2.23+dfsg1-1 (bug #963179) [buster] - alpine (Minor issue) [stretch] - alpine (Minor issue) NOTE: http://mailman13.u.washington.edu/pipermail/alpine-info/2020-June/008989.html NOTE: https://repo.or.cz/alpine.git/commitdiff/000edd9036b6aea5e6a06900ecd6c58faec665ab CVE-2020-14928 (evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering is ...) {DSA-4725-1 DLA-2281-1} - evolution-data-server 3.36.4-1 NOTE: https://gitlab.gnome.org/GNOME/evolution-data-server/-/issues/226 NOTE: https://gitlab.gnome.org/GNOME//evolution-data-server/commit/ba82be72cfd427b5d72ff21f929b3a6d8529c4df CVE-2020-14927 (Navigate CMS 2.9 allows XSS via the Alias or Real URL field of the "We ...) NOT-FOR-US: Navigate CMS CVE-2020-14926 (CMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/modul ...) NOT-FOR-US: CMS Made Simple CVE-2020-14925 RESERVED CVE-2020-14924 RESERVED CVE-2020-14923 RESERVED CVE-2020-14922 RESERVED CVE-2020-14921 RESERVED CVE-2020-14920 RESERVED CVE-2020-14919 RESERVED CVE-2020-14918 RESERVED CVE-2020-14917 RESERVED CVE-2020-14916 RESERVED CVE-2020-14915 RESERVED CVE-2020-14914 RESERVED CVE-2020-14913 RESERVED CVE-2020-14912 RESERVED CVE-2020-14911 RESERVED CVE-2020-14910 RESERVED CVE-2020-14909 RESERVED CVE-2020-14908 RESERVED CVE-2020-14907 RESERVED CVE-2020-14906 RESERVED CVE-2020-14905 RESERVED CVE-2020-14904 RESERVED CVE-2020-14903 RESERVED CVE-2020-14902 RESERVED CVE-2020-14901 (Vulnerability in the RDBMS Security component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2020-14900 (Vulnerability in the Oracle Application Express Group Calendar compone ...) NOT-FOR-US: Oracle CVE-2020-14899 (Vulnerability in the Oracle Application Express Data Reporter componen ...) NOT-FOR-US: Oracle CVE-2020-14898 (Vulnerability in the Oracle Application Express Packaged Apps componen ...) NOT-FOR-US: Oracle CVE-2020-14897 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14896 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-14895 (Vulnerability in the Oracle Utilities Framework product of Oracle Util ...) NOT-FOR-US: Oracle CVE-2020-14894 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-14893 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14892 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14891 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14890 (Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14889 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14888 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14887 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14886 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14885 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14884 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14883 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14882 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14881 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14880 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) NOT-FOR-US: Oracle CVE-2020-14879 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) NOT-FOR-US: Oracle CVE-2020-14878 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14877 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...) NOT-FOR-US: Oracle CVE-2020-14876 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14875 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14874 (Vulnerability in the Oracle Cloud Infrastructure Identity and Access M ...) NOT-FOR-US: Oracle CVE-2020-14873 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14872 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.16-dfsg-1 CVE-2020-14871 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14870 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14869 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14868 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14867 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14866 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14865 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection pr ...) NOT-FOR-US: Oracle CVE-2020-14864 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14863 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14862 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-14861 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14860 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14859 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14858 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services prod ...) NOT-FOR-US: Oracle CVE-2020-14857 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14856 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14855 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-14854 (Vulnerability in the Hyperion Infrastructure Technology product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14853 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-cluster (bug #833356) CVE-2020-14852 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14851 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14850 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14849 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14848 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14847 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14846 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14845 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14844 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14843 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14842 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) NOT-FOR-US: Oracle CVE-2020-14841 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14840 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14839 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14838 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14837 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14836 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14835 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14834 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14833 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14832 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14831 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14830 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14829 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14828 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14827 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14826 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-14825 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14824 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14823 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14822 (Vulnerability in the Oracle Installed Base product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2020-14821 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14820 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14819 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14818 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14817 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14816 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14815 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14814 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14813 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14812 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) {DLA-2538-1} - mariadb-10.5 1:10.5.8-1 [experimental] - mariadb-10.3 1:10.3.27-1~exp1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 - mariadb-10.1 - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) NOTE: Fixed in MariaDB 10.5.7, 10.3.26, 10.1.48 CVE-2020-14811 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-14810 (Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospi ...) NOT-FOR-US: Oracle CVE-2020-14809 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14808 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14807 (Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospi ...) NOT-FOR-US: Oracle CVE-2020-14806 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14805 (Vulnerability in the Oracle E-Business Suite Secure Enterprise Search ...) NOT-FOR-US: Oracle CVE-2020-14804 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14803 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14802 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14801 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14800 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14799 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14798 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14797 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14796 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14795 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14794 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14793 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14792 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14791 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14790 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14789 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.5 1:10.5.8-1 [experimental] - mariadb-10.3 1:10.3.27-1~exp1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) NOTE: Fixed in MariaDB 10.5.7, 10.3.26 CVE-2020-14788 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...) NOT-FOR-US: Oracle CVE-2020-14787 (Vulnerability in the Oracle Communications Diameter Signaling Router ( ...) NOT-FOR-US: Oracle CVE-2020-14786 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14785 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14784 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14783 (Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Foo ...) NOT-FOR-US: Oracle CVE-2020-14782 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14780 (Vulnerability in the BI Publisher product of Oracle Fusion Middleware ...) NOT-FOR-US: Oracle CVE-2020-14779 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4779-1 DLA-2412-1} - openjdk-15 15.0.1+9-1 - openjdk-11 11.0.9+11-1 - openjdk-8 8u272-b10-1 CVE-2020-14778 (Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core pro ...) NOT-FOR-US: Oracle CVE-2020-14777 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14776 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.5 1:10.5.8-1 [experimental] - mariadb-10.3 1:10.3.27-1~exp1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 - mysql-8.0 8.0.22-1 (bug #972623) - mysql-5.7 (bug #972824) NOTE: Fixed in MariaDB 10.5.7, 10.3.26 CVE-2020-14775 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) - mysql-5.7 (bug #972824) CVE-2020-14774 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14773 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14772 (Vulnerability in the Hyperion Lifecycle Management product of Oracle H ...) NOT-FOR-US: Oracle CVE-2020-14771 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14770 (Vulnerability in the Hyperion BI+ product of Oracle Hyperion (componen ...) NOT-FOR-US: Oracle CVE-2020-14769 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-8.0 8.0.22-1 (bug #972623) - mysql-5.7 (bug #972824) CVE-2020-14768 (Vulnerability in the Hyperion Analytic Provider Services product of Or ...) NOT-FOR-US: Oracle CVE-2020-14767 (Vulnerability in the Hyperion BI+ product of Oracle Hyperion (componen ...) NOT-FOR-US: Oracle CVE-2020-14766 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14765 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) {DLA-2538-1} - mariadb-10.5 1:10.5.8-1 [experimental] - mariadb-10.3 1:10.3.27-1~exp1 - mariadb-10.3 [buster] - mariadb-10.3 1:10.3.27-0+deb10u1 - mariadb-10.1 - mysql-8.0 8.0.22-1 (bug #972623) - mysql-5.7 (bug #972824) NOTE: Fixed in MariaDB 10.5.7, 10.3.26, 10.1.48 CVE-2020-14764 (Vulnerability in the Hyperion Planning product of Oracle Hyperion (com ...) NOT-FOR-US: Oracle CVE-2020-14763 (Vulnerability in the Oracle Application Express Quick Poll component o ...) NOT-FOR-US: Oracle CVE-2020-14762 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-14761 (Vulnerability in the Oracle Applications Manager product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-14760 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) CVE-2020-14759 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14758 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14757 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14756 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-14755 RESERVED CVE-2020-14754 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14753 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14752 (Vulnerability in the Hyperion Lifecycle Management product of Oracle H ...) NOT-FOR-US: Oracle CVE-2020-14751 RESERVED CVE-2020-14750 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14749 RESERVED CVE-2020-14748 RESERVED CVE-2020-14747 RESERVED CVE-2020-14746 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14745 (Vulnerability in the Oracle REST Data Services product of Oracle REST ...) NOT-FOR-US: Oracle CVE-2020-14744 (Vulnerability in the Oracle REST Data Services product of Oracle REST ...) NOT-FOR-US: Oracle CVE-2020-14743 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2020-14742 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-14741 (Vulnerability in the Database Filesystem component of Oracle Database ...) NOT-FOR-US: Oracle CVE-2020-14740 (Vulnerability in the SQL Developer Install component of Oracle Databas ...) NOT-FOR-US: Oracle CVE-2020-14739 RESERVED CVE-2020-14738 RESERVED CVE-2020-14737 RESERVED CVE-2020-14736 (Vulnerability in the Database Vault component of Oracle Database Serve ...) NOT-FOR-US: Oracle CVE-2020-14735 (Vulnerability in the Scheduler component of Oracle Database Server. Su ...) NOT-FOR-US: Oracle CVE-2020-14734 (Vulnerability in the Oracle Text component of Oracle Database Server. ...) NOT-FOR-US: Oracle CVE-2020-14733 RESERVED CVE-2020-14732 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-14731 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-14730 RESERVED CVE-2020-14729 (Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracl ...) NOT-FOR-US: Oracle NetSuite CVE-2020-14728 (Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle ...) NOT-FOR-US: Oracle NetSuite CVE-2020-14727 RESERVED CVE-2020-14726 RESERVED CVE-2020-14725 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14724 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14723 (Vulnerability in the Oracle Help Technologies product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14722 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) NOT-FOR-US: Oracle CVE-2020-14721 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) NOT-FOR-US: Oracle CVE-2020-14720 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2020-14719 (Vulnerability in the Oracle Internet Expenses product of Oracle E-Busi ...) NOT-FOR-US: Oracle CVE-2020-14718 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14717 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-14716 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-14715 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14714 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14713 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14712 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14711 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox (MacOS-specific) CVE-2020-14710 (Vulnerability in the Customer Management and Segmentation Foundation p ...) NOT-FOR-US: Oracle CVE-2020-14709 (Vulnerability in the Customer Management and Segmentation Foundation p ...) NOT-FOR-US: Oracle CVE-2020-14708 (Vulnerability in the Customer Management and Segmentation Foundation p ...) NOT-FOR-US: Oracle CVE-2020-14707 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-14705 (Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (c ...) NOT-FOR-US: Oracle CVE-2020-14704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14702 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14701 (Vulnerability in the Oracle SD-WAN Aware product of Oracle Communicati ...) NOT-FOR-US: Oracle CVE-2020-14700 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14699 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14697 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14696 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14695 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14694 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14693 (Vulnerability in the Oracle Insurance Accounting Analyzer product of O ...) NOT-FOR-US: Oracle CVE-2020-14692 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...) NOT-FOR-US: Oracle CVE-2020-14691 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...) NOT-FOR-US: Oracle CVE-2020-14690 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14689 RESERVED CVE-2020-14688 (Vulnerability in the Oracle Common Applications product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-14687 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14686 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-14685 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14684 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14683 RESERVED CVE-2020-14682 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-14681 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14680 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14679 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14678 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14677 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14676 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14675 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14673 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14672 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #972824) - mysql-8.0 8.0.22-1 (bug #972623) CVE-2020-14671 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14670 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14669 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) NOT-FOR-US: Oracle CVE-2020-14668 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14667 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14666 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-14665 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-14664 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) - openjfx 11+26-1 [stretch] - openjfx (Minor issue) NOTE: Oracle CPU lists only 8.x as affected, so marking the first 11.x upload as fixed CVE-2020-14663 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14662 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14661 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14660 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14659 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14658 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14656 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14655 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14654 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14653 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-14652 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14651 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14650 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14649 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14648 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14647 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14646 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14645 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14644 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14643 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14642 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-14641 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14640 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14639 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14638 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14637 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14636 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14635 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14634 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14633 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14632 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14631 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14630 (Vulnerability in the Oracle Enterprise Session Border Controller produ ...) NOT-FOR-US: Oracle CVE-2020-14629 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14628 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.12-dfsg-1 CVE-2020-14627 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14626 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14625 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14624 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14623 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14622 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14621 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14620 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14619 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14618 (Vulnerability in the Primavera Unifier product of Oracle Construction ...) NOT-FOR-US: Oracle CVE-2020-14617 (Vulnerability in the Primavera Unifier product of Oracle Construction ...) NOT-FOR-US: Oracle CVE-2020-14616 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14615 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14614 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14613 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14612 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...) NOT-FOR-US: Oracle CVE-2020-14611 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14610 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14609 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14608 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14607 (Vulnerability in the Oracle Fusion Middleware MapViewer product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14606 (Vulnerability in the Oracle SD-WAN Edge product of Oracle Communicatio ...) NOT-FOR-US: Oracle CVE-2020-14605 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14604 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14603 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14602 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14601 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-14600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14599 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) NOT-FOR-US: Oracle CVE-2020-14598 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) NOT-FOR-US: Oracle CVE-2020-14597 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14596 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-14595 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...) NOT-FOR-US: Oracle CVE-2020-14594 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14592 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14591 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14590 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14589 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14588 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14587 (Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14586 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14585 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14584 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-14581 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14580 (Vulnerability in the Oracle Communications Session Border Controller p ...) NOT-FOR-US: Oracle CVE-2020-14579 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14578 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14577 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14576 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14575 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14574 (Vulnerability in the Oracle Communications Interactive Session Recorde ...) NOT-FOR-US: Oracle CVE-2020-14573 (Vulnerability in the Java SE product of Oracle Java SE (component: Hot ...) {DSA-4734-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 CVE-2020-14572 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14571 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14570 (Vulnerability in the Oracle BI Publisher product of Oracle Fusion Midd ...) NOT-FOR-US: Oracle CVE-2020-14569 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-14568 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) CVE-2020-14567 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14566 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14565 (Vulnerability in the Oracle Unified Directory product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14564 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14563 (Vulnerability in the Oracle Enterprise Communications Broker product o ...) NOT-FOR-US: Oracle CVE-2020-14562 (Vulnerability in the Java SE product of Oracle Java SE (component: Ima ...) {DSA-4734-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 CVE-2020-14561 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14560 (Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (c ...) NOT-FOR-US: Oracle CVE-2020-14559 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14558 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14557 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-14556 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4734-1 DLA-2325-1} - openjdk-14 14.0.2+12-1 - openjdk-11 11.0.8+10-1 - openjdk-8 8u265-b01-1 CVE-2020-14555 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-14554 (Vulnerability in the Oracle Application Object Library product of Orac ...) NOT-FOR-US: Oracle CVE-2020-14553 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14552 (Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14551 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...) NOT-FOR-US: Oracle CVE-2020-14550 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14549 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14548 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-14547 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14546 (Vulnerability in the Hyperion Financial Close Management product of Or ...) NOT-FOR-US: Oracle CVE-2020-14545 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14544 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-14543 (Vulnerability in the Oracle Hospitality Reporting and Analytics produc ...) NOT-FOR-US: Oracle CVE-2020-14542 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14541 (Vulnerability in the Hyperion Financial Close Management product of Or ...) NOT-FOR-US: Oracle CVE-2020-14540 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14539 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #965168) NOTE: https://www.oracle.com/security-alerts/cpujul2020.html#AppendixMSQL CVE-2020-14538 RESERVED CVE-2020-14537 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-14536 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce E ...) NOT-FOR-US: Oracle CVE-2020-14535 (Vulnerability in the Oracle Commerce Service Center product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14534 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-14533 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2020-14532 (Vulnerability in the Oracle Commerce Platform product of Oracle Commer ...) NOT-FOR-US: Oracle CVE-2020-14531 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-14530 (Vulnerability in the Oracle Security Service product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-14529 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14528 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14527 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-14526 RESERVED CVE-2020-14525 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-14524 (Softing Industrial Automation all versions prior to the latest build o ...) NOT-FOR-US: Softing Industrial Automation CVE-2020-14523 RESERVED CVE-2020-14522 (Softing Industrial Automation all versions prior to the latest build o ...) NOT-FOR-US: Softing Industrial Automation CVE-2020-14521 RESERVED CVE-2020-14520 (The affected product is vulnerable to an information leak, which may a ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-14519 (This vulnerability allows an attacker to use the internal WebSockets A ...) NOT-FOR-US: CodeMeter CVE-2020-14518 (Philips DreamMapper, Version 2.24 and prior. Information written to lo ...) NOT-FOR-US: Philips DreamMapper CVE-2020-14517 (Protocol encryption can be easily broken for CodeMeter (All versions p ...) NOT-FOR-US: CodeMeter CVE-2020-14516 (In Rockwell Automation FactoryTalk Services Platform Versions 6.10.00 ...) NOT-FOR-US: Rockwell Automation CVE-2020-14515 (CodeMeter (All versions prior to 6.90 when using CmActLicense update f ...) NOT-FOR-US: CodeMeter CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus traffic ca ...) NOT-FOR-US: PLC CVE-2020-14513 (CodeMeter (All versions prior to 6.81) and the software using it may c ...) NOT-FOR-US: CodeMeter CVE-2020-14512 (GateManager versions prior to 9.2c, The affected product uses a weak h ...) NOT-FOR-US: GateManager CVE-2020-14511 (Malicious operation of the crafted web browser cookie may cause a stac ...) NOT-FOR-US: EDR routers CVE-2020-14510 (GateManager versions prior to 9.2c, The affected product contains a ha ...) NOT-FOR-US: GateManager CVE-2020-14509 (Multiple memory corruption vulnerabilities exist in CodeMeter (All ver ...) NOT-FOR-US: CodeMeter CVE-2020-14508 (GateManager versions prior to 9.2c, The affected product is vulnerable ...) NOT-FOR-US: GateManager CVE-2020-14507 (Advantech iView, versions 5.6 and prior, is vulnerable to multiple pat ...) NOT-FOR-US: Advantech CVE-2020-14506 (Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. Th ...) NOT-FOR-US: Philips CVE-2020-14505 (Advantech iView, versions 5.6 and prior, has an improper neutralizatio ...) NOT-FOR-US: Advantech CVE-2020-14504 RESERVED CVE-2020-14503 (Advantech iView, versions 5.6 and prior, has an improper input validat ...) NOT-FOR-US: Advantech CVE-2020-14502 RESERVED CVE-2020-14501 (Advantech iView, versions 5.6 and prior, has an improper authenticatio ...) NOT-FOR-US: Advantech CVE-2020-14500 (Secomea GateManager all versions prior to 9.2c, An attacker can send a ...) NOT-FOR-US: Secomea GateManager CVE-2020-14499 (Advantech iView, versions 5.6 and prior, has an improper access contro ...) NOT-FOR-US: Advantech CVE-2020-14498 (HMS Industrial Networks AB eCatcher all versions prior to 6.5.5. The a ...) NOT-FOR-US: HMS Industrial Networks AB eCatche CVE-2020-14497 (Advantech iView, versions 5.6 and prior, contains multiple SQL injecti ...) NOT-FOR-US: Advantech CVE-2020-14496 RESERVED CVE-2020-14495 REJECTED CVE-2020-14494 (OpenClinic GA versions 5.09.02 and 5.89.05b contain an authentication ...) NOT-FOR-US: OpenClinic GA CVE-2020-14493 (A low-privilege user may use SQL syntax to write arbitrary files to th ...) NOT-FOR-US: OpenClinic CVE-2020-14492 (OpenClinic GA 5.09.02 and 5.89.05b does not properly neutralize user-c ...) NOT-FOR-US: OpenClinic CVE-2020-14491 (OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check perm ...) NOT-FOR-US: OpenClinic GA CVE-2020-14490 (OpenClinic GA 5.09.02 and 5.89.05b includes arbitrary local files spec ...) NOT-FOR-US: OpenClinic CVE-2020-14489 (OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate h ...) NOT-FOR-US: OpenClinic CVE-2020-14488 (OpenClinic GA 5.09.02 and 5.89.05b does not properly verify uploaded f ...) NOT-FOR-US: OpenClinic CVE-2020-14487 (OpenClinic GA 5.09.02 contains a hidden default user account that may ...) NOT-FOR-US: OpenClinic CVE-2020-14486 (An attacker may bypass permission/authorization checks in OpenClinic G ...) NOT-FOR-US: OpenClinic CVE-2020-14485 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...) NOT-FOR-US: OpenClinic GA CVE-2020-14484 (OpenClinic GA versions 5.09.02 and 5.89.05b may allow an attacker to b ...) NOT-FOR-US: OpenClinic GA CVE-2020-14483 (A timeout during a TLS handshake can result in the connection failing ...) NOT-FOR-US: Niagara CVE-2020-14482 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Ope ...) NOT-FOR-US: Delta Industrial Automation DOPSoft CVE-2020-14481 RESERVED CVE-2020-14480 RESERVED CVE-2020-14479 RESERVED CVE-2020-14478 RESERVED CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...) NOT-FOR-US: Philips CVE-2020-14476 REJECTED CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0. ...) - dolibarr NOTE: https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08 CVE-2020-14474 (The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on ke ...) NOT-FOR-US: Cellebrite CVE-2020-14473 (Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and ...) NOT-FOR-US: DrayTek CVE-2020-14472 (On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1 ...) NOT-FOR-US: DrayTek CVE-2020-14471 RESERVED CVE-2020-14470 (In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authent ...) NOT-FOR-US: Octopus Deploy CVE-2020-14469 RESERVED CVE-2020-14468 RESERVED CVE-2020-14467 REJECTED CVE-2020-14466 RESERVED CVE-2020-14465 RESERVED CVE-2020-14464 RESERVED CVE-2020-14463 RESERVED CVE-2020-14462 (CALDERA 2.7.0 allows XSS via the Operation Name box. ...) NOT-FOR-US: CALDERA CVE-2020-14461 (Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversa ...) NOT-FOR-US: Zyxel CVE-2020-14460 (An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5. ...) - mattermost-server (bug #823556) CVE-2020-14459 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...) - mattermost-server (bug #823556) CVE-2020-14458 (An issue was discovered in Mattermost Server before 5.19.0. Attackers ...) - mattermost-server (bug #823556) CVE-2020-14457 (An issue was discovered in Mattermost Server before 5.20.0. Non-member ...) - mattermost-server (bug #823556) CVE-2020-14456 (An issue was discovered in Mattermost Desktop App before 4.4.0. The Sa ...) - mattermost-desktop (bug #831861) CVE-2020-14455 (An issue was discovered in Mattermost Desktop App before 4.4.0. Prompt ...) - mattermost-desktop (bug #831861) CVE-2020-14454 (An issue was discovered in Mattermost Desktop App before 4.4.0. Attack ...) - mattermost-desktop (bug #831861) CVE-2020-14453 (An issue was discovered in Mattermost Server before 5.21.0. Socket rea ...) - mattermost-server (bug #823556) CVE-2020-14452 (An issue was discovered in Mattermost Server before 5.21.0. mmctl allo ...) - mattermost-server (bug #823556) CVE-2020-14451 (An issue was discovered in Mattermost Mobile Apps before 1.29.0. The i ...) NOT-FOR-US: Mattermost CVE-2020-14450 (An issue was discovered in Mattermost Server before 5.22.0. The markdo ...) - mattermost-server (bug #823556) CVE-2020-14449 (An issue was discovered in Mattermost Mobile Apps before 1.30.0. Autho ...) NOT-FOR-US: Mattermost CVE-2020-14448 (An issue was discovered in Mattermost Server before 5.23.0. Automatic ...) - mattermost-server (bug #823556) CVE-2020-14447 (An issue was discovered in Mattermost Server before 5.23.0. Large webh ...) - mattermost-server (bug #823556) CVE-2020-14954 (Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffe ...) {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1} - mutt 1.14.4-1 - neomutt 20200619+dfsg.1-1 NOTE: https://gitlab.com/muttmua/mutt/commit/c547433cdf2e79191b15c6932c57f1472bfb5ff4 NOTE: https://gitlab.com/muttmua/mutt/-/issues/248 NOTE: https://github.com/neomutt/neomutt/commit/fb013ec666759cb8a9e294347c7b4c1f597639cc CVE-2020-14446 (An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO ...) NOT-FOR-US: WSO2 Identity Server CVE-2020-14445 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...) NOT-FOR-US: WSO2 Identity Server CVE-2020-14444 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...) NOT-FOR-US: WSO2 Identity Server CVE-2020-14443 (A SQL injection vulnerability in accountancy/customer/card.php in Doli ...) - dolibarr CVE-2020-14442 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14441 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14440 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14439 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14438 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14437 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14436 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14435 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: NETGEAR CVE-2020-14434 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: NETGEAR CVE-2020-14433 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: NETGEAR CVE-2020-14432 (Certain NETGEAR devices are affected by CSRF. This affects RBK752 befo ...) NOT-FOR-US: NETGEAR CVE-2020-14431 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14430 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14429 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14428 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14427 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of administrative c ...) NOT-FOR-US: NETGEAR CVE-2020-14425 (Foxit Reader before 10.0 allows Remote Command Execution via the app.o ...) NOT-FOR-US: Foxit Reader CVE-2020-14424 (Cacti before 1.2.18 allows remote attackers to trigger XSS via templat ...) - cacti 1.2.19+ds1-1 [stretch] - cacti (Vulnerable code not present) NOTE: https://github.com/Cacti/cacti/pull/4261 NOTE: https://github.com/Cacti/cacti/commit/d12800ab479ad95a091bc577f28fd99ec95eb64c (release/1.2.18) CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...) NOT-FOR-US: Convos CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...) {DLA-2280-1} - python3.8 3.8.4~rc1-1 - python3.7 [buster] - python3.7 3.7.3-2+deb10u2 - python3.5 - python3.4 [jessie] - python3.4 (Minor issue, DoS with constraints) NOTE: https://bugs.python.org/issue41004 NOTE: https://github.com/python/cpython/pull/20956 NOTE: https://github.com/python/cpython/pull/21033 NOTE: https://github.com/python/cpython/commit/b30ee26e366bf509b7538d79bfec6c6d38d53f28 (master) NOTE: https://github.com/python/cpython/commit/9a646aa82dfa62d70ca2a99ada901ee6cf9f82bd (3.9-branch) NOTE: https://github.com/python/cpython/commit/dc8ce8ead182de46584cc1ed8a8c51d48240cbd5 (v3.8.4rc1) NOTE: https://github.com/python/cpython/commit/b98e7790c77a4378ec4b1c71b84138cb930b69b7 (3.7-branch) NOTE: https://github.com/python/cpython/commit/cfc7ff8d05f7a949a88b8a8dd506fb5c1c30d3e9 (3.6-branch) CVE-2020-14421 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...) NOT-FOR-US: aaPanel CVE-2020-14420 RESERVED CVE-2020-14419 RESERVED CVE-2020-14418 (A TOCTOU vulnerability exists in madCodeHook before 2020-07-16 that al ...) NOT-FOR-US: madCodeHook CVE-2020-14417 RESERVED CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...) - qemu 1:5.0-1 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=3ba4066d085f5bdce2c7ac145692a4fd52493d67 (4.2.0-rc0) NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=7a4ede0047a8613b0e3b72c9d351038f013dd357 (5.0.0-rc0) CVE-2020-14416 (In the Linux kernel before 5.4.16, a race condition in tty->disc_da ...) - linux 5.4.19-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.210-1+deb9u1 [jessie] - linux 3.16.84-1 NOTE: https://git.kernel.org/linus/0ace17d56824165c7f4c68785d6b58971db954dd CVE-2020-14414 (NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php imprope ...) NOT-FOR-US: NeDi CVE-2020-14413 (NeDi 1.9C is vulnerable to XSS because of an incorrect implementation ...) NOT-FOR-US: NeDi CVE-2020-14412 (NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.p ...) NOT-FOR-US: NeDi CVE-2020-14411 RESERVED CVE-2020-14410 (SDL (Simple DirectMedia Layer) through 2.0.12 has a heap-based buffer ...) {DLA-2536-1} - libsdl1.2 (Only affects SDL2) - libsdl2 2.0.14+dfsg2-2 [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200 NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 CVE-2020-14409 (SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow ...) {DLA-2536-1} - libsdl2 2.0.14+dfsg2-2 [buster] - libsdl2 (Minor issue) NOTE: https://bugzilla.libsdl.org/show_bug.cgi?id=5200 NOTE: https://hg.libsdl.org/SDL/rev/3f9b4e92c1d9 NOTE: Specific to SDL2, these checks were addresses in SDL 1.2 with CVE-2019-7637 CVE-2020-14408 (An issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanit ...) NOT-FOR-US: Agentejo Cockpit CVE-2020-14407 RESERVED CVE-2020-14406 RESERVED CVE-2020-14405 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rf ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/8937203441ee241c4ace85da687b7d6633a12365 CVE-2020-14404 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rr ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff CVE-2020-14403 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/he ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff CVE-2020-14402 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/co ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/74e8a70f2c9a5248d6718ce443e07c7ed314dfff CVE-2020-14401 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/sc ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/a6788d1da719ae006605b78d22f5a9f170b423af CVE-2020-14400 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/53073c8d7e232151ea2ecd8a1243124121e10e2d CVE-2020-14399 (** DISPUTED ** An issue was discovered in LibVNCServer before 0.9.13. ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/23e5cbe6b090d7f22982aee909a6a618174d3c2d CVE-2020-14398 (An issue was discovered in LibVNCServer before 0.9.13. An improperly c ...) - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Proposed patch might break ABI for consumers) [stretch] - libvncserver (Proposed patch might break ABI for consumers) [jessie] - libvncserver (Proposed patch might break ABI for consumers) NOTE: https://github.com/LibVNC/libvncserver/commit/57433015f856cc12753378254ce4f1c78f5d9c7b CVE-2020-14397 (An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rf ...) {DLA-2347-1 DLA-2264-1} - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver 0.9.11+dfsg-1.3+deb10u4 NOTE: https://github.com/LibVNC/libvncserver/commit/38e98ee61d74f5f5ab4aa4c77146faad1962d6d0 CVE-2020-14396 (An issue was discovered in LibVNCServer before 0.9.13. libvncclient/tl ...) - libvncserver 0.9.13+dfsg-1 [buster] - libvncserver (Vulnerable code not present) [stretch] - libvncserver (Vulnerable code not present) [jessie] - libvncserver (Vulnerable code not present) NOTE: https://github.com/LibVNC/libvncserver/commit/33441d90a506d5f3ae9388f2752901227e430553 CVE-2020-14395 RESERVED CVE-2020-14394 [infinite loop in xhci_ring_chain_length() in hw/usb/hcd-xhci.c] RESERVED - qemu (bug #979677) [bullseye] - qemu (Minor issue) [buster] - qemu (Minor issue) [stretch] - qemu (Minor issue, privileged local DoS, low CVSS, no patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1908004 CVE-2020-14393 (A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local ...) {DLA-2386-1} - libdbi-perl 1.643-1 [buster] - libdbi-perl 1.642-1+deb10u1 NOTE: https://github.com/perl5-dbi/dbi/commit/36f2a2c5fea36d7d47d6871e420286643460e71b CVE-2020-14392 (An untrusted pointer dereference flaw was found in Perl-DBI < 1.643 ...) {DLA-2386-1} - libdbi-perl 1.643-1 [buster] - libdbi-perl 1.642-1+deb10u1 NOTE: https://github.com/perl5-dbi/dbi/commit/ea99b6aafb437db53c28fd40d5eafbe119cd66e1 CVE-2020-14391 (A flaw was found in the GNOME Control Center in Red Hat Enterprise Lin ...) - gnome-settings-daemon (Red Hat-specific plugin) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1873093 CVE-2020-14390 (A flaw was found in the Linux kernel in versions before 5.9-rc6. When ...) {DLA-2420-1 DLA-2385-1} - linux 5.8.10-1 [buster] - linux 4.19.146-1 NOTE: https://git.kernel.org/linus/50145474f6ef4a9c19205b173da6264a644c7489 NOTE: https://www.openwall.com/lists/oss-security/2020/09/15/2 CVE-2020-14389 (It was found that Keycloak before version 12.0.0 would permit a user w ...) NOT-FOR-US: Keycloak CVE-2020-14388 (A flaw was found in the Red Hat 3scale API Management Platform, where ...) NOT-FOR-US: 3scale CVE-2020-14387 (A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperl ...) - rsync 3.2.3-3 (bug #969530) [buster] - rsync (Vulnerable code introduced later) [stretch] - rsync (Vulnerable code introduced later) NOTE: Introduced by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=2a87d78f693f10fe5ad13af0bb9311bd3714077d (v3.2.0pre1) NOTE: Fixed by: https://git.samba.org/?p=rsync.git;a=commitdiff;h=c3f7414c450faaf6a8281cc4a4403529aeb7d859 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1875549 CVE-2020-14386 (A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption ...) {DLA-2420-1 DLA-2385-1} - linux 5.8.7-1 [buster] - linux 4.19.146-1 NOTE: https://www.openwall.com/lists/oss-security/2020/09/03/3 CVE-2020-14385 (A flaw was found in the Linux kernel before 5.9-rc4. A failure of the ...) {DLA-2385-1} - linux 5.8.7-1 [buster] - linux 4.19.146-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f4020438fab05364018c91f7e02ebdd192085933 CVE-2020-14384 (A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. ...) NOT-FOR-US: JBossWeb CVE-2020-14383 (A flaw was found in samba's DNS server. An authenticated user could us ...) {DLA-2463-1} [experimental] - samba 2:4.13.2+dfsg-1 - samba 2:4.13.2+dfsg-2 (bug #973398) [buster] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2020-14383.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14472 CVE-2020-14382 (A vulnerability was found in upstream release cryptsetup-2.2.0 where, ...) - cryptsetup 2:2.3.4-1 (bug #969471) [buster] - cryptsetup (Vulnerable code not present) [stretch] - cryptsetup (Vulnerable code not present) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874712 NOTE: https://gitlab.com/cryptsetup/cryptsetup/-/merge_requests/102 NOTE: Fixed by: https://gitlab.com/cryptsetup/cryptsetup/-/commit/52f5cb8cedf22fb3e14c744814ec8af7614146c7 NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/46ee71edcd13e1dad50815ad65c28779aa6f7503 NOTE: Improvement: https://gitlab.com/cryptsetup/cryptsetup/-/commit/752c9a52798f11d3b765b673ebaa3058eb25316e NOTE: Introduced with: https://gitlab.com/cryptsetup/cryptsetup/-/commit/a7f80a27701450e40ef37e2224577f1a0c98cf0f (v2.2.0-rc0) CVE-2020-14381 (A flaw was found in the Linux kernel’s futex implementation. Thi ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/8019ad13ef7f64be44d4f892af9c840179009254 CVE-2020-14380 (An account takeover flaw was found in Red Hat Satellite 6.7.2 onward. ...) NOT-FOR-US: Red Hat Satellite CVE-2020-14379 RESERVED NOT-FOR-US: Red Hat AMQ broker CVE-2020-14378 (An integer underflow in dpdk versions before 18.11.10 and before 19.11 ...) - dpdk 19.11.5-1 (bug #971269) [buster] - dpdk 18.11.10-1~deb10u1 [stretch] - dpdk (Minor issue) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 CVE-2020-14377 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) - dpdk 19.11.5-1 (bug #971269) [buster] - dpdk 18.11.10-1~deb10u1 [stretch] - dpdk (Minor issue) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 CVE-2020-14376 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) - dpdk 19.11.5-1 (bug #971269) [buster] - dpdk 18.11.10-1~deb10u1 [stretch] - dpdk (Minor issue) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 CVE-2020-14375 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) - dpdk 19.11.5-1 (bug #971269) [buster] - dpdk 18.11.10-1~deb10u1 [stretch] - dpdk (Minor issue) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 CVE-2020-14374 (A flaw was found in dpdk in versions before 18.11.10 and before 19.11. ...) - dpdk 19.11.5-1 (bug #971269) [buster] - dpdk 18.11.10-1~deb10u1 [stretch] - dpdk (Minor issue) NOTE: https://bugs.dpdk.org/show_bug.cgi?id=272 CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc.c of g ...) - ghostscript 9.26~dfsg-1 [stretch] - ghostscript 9.26~dfsg-0+deb9u1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ece5cbbd9979cd35737b00e68267762d72feb2ea NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702851 CVE-2020-14372 (A flaw was found in grub2 in versions prior to 2.06, where it incorrec ...) {DSA-4867-1} - grub2 2.04-16 [stretch] - grub2 (No SecureBoot support in stretch) CVE-2020-14371 (A credential leak vulnerability was found in Red Hat Satellite. This f ...) NOT-FOR-US: Red Hat Satellite CVE-2020-14370 (An information disclosure vulnerability was found in containers/podman ...) - libpod 2.0.6+dfsg1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1874268 NOTE: https://github.com/containers/podman/commit/a7e864e6e7de894d4edde4fff00e53dc6a0b5074 CVE-2020-14369 (This release fixes a Cross Site Request Forgery vulnerability was foun ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14368 (A flaw was found in Eclipse Che in versions prior to 7.14.0 that impac ...) NOT-FOR-US: Eclipse Che CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating the PID ...) - chrony 3.5.1-1 (unimportant) [buster] - chrony 3.4-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/08/21/1 NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/util.c?id=7a4c396bba8f92a3ee8018620983529152050c74 (4.0-pre1) NOTE: Fixed by: https://git.tuxfamily.org/chrony/chrony.git/commit/main.c?id=e18903a6b56341481a2e08469c0602010bf7bfe3 (4.0-pre1) NOTE: Minimal backport: https://git.tuxfamily.org/chrony/chrony.git/commit/?id=f00fed20092b6a42283f29c6ee1f58244d74b545 (3.5.1) NOTE: Debian packaging relocates chronyd.pid as well to /run since 3.1-3 NOTE: additionally mitigating the issue. Earlier versions used /var/run/chronyd.pid. CVE-2020-14366 (A vulnerability was found in keycloak, where path traversal using URL- ...) NOT-FOR-US: Keycloak CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...) {DSA-4950-1} - ansible 2.9.13+dfsg-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154 NOTE: https://github.com/ansible/ansible/commit/1d043e082b3b1f3ad35c803137f5d3bcbae92275 (v2.9.13) NOTE: Negligible security impact on Debian systems CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator ...) {DSA-4760-1 DLA-2373-1} - qemu 1:5.1+dfsg-4 (bug #968947) NOTE: https://xenbits.xen.org/xsa/advisory-335.html NOTE: https://www.openwall.com/lists/oss-security/2020/08/24/3 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=b946434f2659a182afc17e155be6791ebfb302eb CVE-2020-14363 (An integer overflow vulnerability leading to a double-free was found i ...) {DLA-2361-1} - libx11 2:1.6.12-1 (bug #969008) [buster] - libx11 2:1.6.7-1+deb10u1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003056.html NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/acdaaadcb3d85c61fd43669fc5dddf0f8c3f911d CVE-2020-14362 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/2902b78535ecc6821cc027351818b28a5c7fdbdc CVE-2020-14361 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Int ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/144849ea27230962227e62a943b399e2ab304787 CVE-2020-14360 (A flaw was found in the X.Org Server before version 1.20.10. An out-of ...) {DSA-4803-1 DLA-2486-1} - xorg-server 2:1.20.10-1 (bug #976216) NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b CVE-2020-14359 (A vulnerability was found in all versions of keycloak, where on using ...) NOT-FOR-US: Keycloak CVE-2020-14358 REJECTED CVE-2020-14357 REJECTED CVE-2020-14356 (A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem ...) {DLA-2420-1 DLA-2385-1} - linux 5.7.10-1 (bug #966846) [buster] - linux 4.19.146-1 NOTE: Fixed by: https://git.kernel.org/linus/ad0f75e5f57ccbceec13274e1e242f2b5a6397ed CVE-2020-14355 (Multiple buffer overflow vulnerabilities were found in the QUIC image ...) {DSA-4771-1 DLA-2428-1 DLA-2427-1} - spice 0.14.3-2 (bug #971750) - spice-gtk 0.39-1 (bug #971751) [buster] - spice-gtk (Minor issue) NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/762e0abae36033ccde658fd52d3235887b60862d NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/404d74782c8b5e57d146c5bf3118bb41bf3378e4 NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/ef1b6ff7b82e15d759e5415b8e35b92bb1a4c206 NOTE: https://gitlab.freedesktop.org/spice/spice-common/-/commit/b24fe6b66b86e601c725d30f00c37e684b6395b6 CVE-2020-14354 (A possible use-after-free and double-free in c-ares lib version 1.16.0 ...) - c-ares 1.16.1-1 [buster] - c-ares (Vulnerable code introduced later) [stretch] - c-ares (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866838 NOTE: Introduced in: https://github.com/c-ares/c-ares/commit/dbd4c441fb7babad5c56f455d720af38e20546bc (1.16.0) NOTE: Fixed by: https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e (1.16.1) CVE-2020-14353 REJECTED CVE-2020-14352 (A flaw was found in librepo in versions before 1.12.1. A directory tra ...) NOT-FOR-US: librepo CVE-2020-14351 (A flaw was found in the Linux kernel. A use-after-free memory flaw was ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.6-1 [buster] - linux 4.19.160-1 NOTE: https://lore.kernel.org/lkml/20200910104153.1672460-1-jolsa@kernel.org/ CVE-2020-14350 (It was found that some PostgreSQL extensions did not use search_path s ...) {DLA-2331-1} - postgresql-12 12.4-1 - postgresql-11 [buster] - postgresql-11 11.9-0+deb10u1 - postgresql-9.6 NOTE: https://www.postgresql.org/about/news/2060/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=7eeb1d9861b0a3f453f8b31c7648396cdd7f1e59 CVE-2020-14349 (It was found that PostgreSQL versions before 12.4, before 11.9 and bef ...) - postgresql-12 12.4-1 - postgresql-11 [buster] - postgresql-11 11.9-0+deb10u1 - postgresql-9.6 (Vulnerable code introduced later) NOTE: https://www.postgresql.org/about/news/2060/ NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=11da97024abbe76b8c81e3f2375b2a62e9717c67 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=cec57b1a0fbcd3833086ba686897c5883e0a2afc CVE-2020-14348 (It was found in AMQ Online before 1.5.2 that injecting an invalid fiel ...) NOT-FOR-US: AMQ Online CVE-2020-14347 (A flaw was found in the way xserver memory was not properly initialize ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 (bug #968986) NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003051.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/aac28e162e5108510065ad4c323affd6deffd816 CVE-2020-14346 (A flaw was found in xorg-x11-server before 1.20.9. An integer underflo ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/c940cc8b6c0a2983c1ec974f1b3f019795dd4cff CVE-2020-14345 (A flaw was found in X.Org Server before xorg-x11-server 1.20.9. An Out ...) {DSA-4758-1 DLA-2359-1} - xorg-server 2:1.20.9-1 NOTE: https://lists.x.org/archives/xorg-announce/2020-August/003058.html NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/f7cd1276bbd4fe3a9700096dec33b52b8440788d CVE-2020-14344 (An integer overflow leading to a heap-buffer overflow was found in The ...) {DLA-2312-1} - libx11 2:1.6.10-1 [buster] - libx11 2:1.6.7-1+deb10u1 NOTE: https://lists.x.org/archives/xorg-announce/2020-July/003050.html NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/0e6561efcfaa0ae7b5c74eac7e064b76d687544e NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/388b303c62aa35a245f1704211a023440ad2c488 NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/2fcfcc49f3b1be854bb9085993a01d17c62acf60 NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1a566c9e00e5f35c1f9e7f3d741a02e5170852b2 NOTE: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/1703b9f3435079d3c6021e1ee2ec34fd4978103d NOTE: Original patchset introduces regression: https://bugs.debian.org/966691 and https://gitlab.freedesktop.org/xorg/lib/libx11/-/issues/116 NOTE: Follow-up for regression: https://gitlab.freedesktop.org/xorg/lib/libx11/-/commit/93fce3f4e79cbc737d6468a4f68ba3de1b83953b CVE-2020-14343 (A vulnerability was discovered in the PyYAML library in versions befor ...) - pyyaml 5.3.1-4 (bug #966233) [buster] - pyyaml (Vulnerable code not present) [stretch] - pyyaml (Vulnerable code not present) NOTE: https://github.com/yaml/pyyaml/issues/420 NOTE: Fixed via: https://github.com/yaml/pyyaml/pull/472 NOTE: https://github.com/yaml/pyyaml/commit/7adc0db3f613a82669f2b168edd98379b83adb3c NOTE: CVE is for an incomplete fix of CVE-2020-1747. CVE-2020-14342 (It was found that cifs-utils' mount.cifs was invoking a shell when req ...) - cifs-utils 2:6.11-1 (bug #970172) [buster] - cifs-utils (Minor issue) [stretch] - cifs-utils (Minor issue) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14442 NOTE: https://lists.samba.org/archive/samba-technical/2020-September/135747.html NOTE: https://git.samba.org/cifs-utils.git/?p=cifs-utils.git;a=commit;h=48a654e2e763fce24c22e1b9c695b42804bbdd4a CVE-2020-14341 (The "Test Connection" available in v7.x of the Red Hat Single Sign On ...) NOT-FOR-US: Red Hat Single Sign On application console CVE-2020-14340 (A vulnerability was discovered in XNIO where file descriptor leak caus ...) - jboss-xnio 3.8.2-1 [buster] - jboss-xnio (Minor issue) [stretch] - jboss-xnio (vulnerable code is not present) NOTE: Fix for 3.8: https://github.com/xnio/xnio/pull/233 NOTE: Fix for 3.7 (Buster): https://github.com/xnio/xnio/pull/234 CVE-2020-14339 (A flaw was found in libvirt, where it leaked a file descriptor for `/d ...) - libvirt 6.6.0-1 (bug #966563) [buster] - libvirt (Vulnerable code introduced later) [stretch] - libvirt (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1860069 NOTE: https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html NOTE: Proposed patch: https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=22494556542c676d1b9e7f1c1f2ea13ac17e1e3e (v6.6.0) CVE-2020-14338 (A flaw was found in Wildfly's implementation of Xerces, specifically i ...) - wildfly (bug #752018) CVE-2020-14337 (A data exposure flaw was found in Tower, where sensitive data was reve ...) NOT-FOR-US: Ansible Tower CVE-2020-14336 (A flaw was found in the Restricted Security Context Constraints (SCC), ...) NOT-FOR-US: OpenShift CVE-2020-14335 (A flaw was found in Red Hat Satellite, which allows a privileged attac ...) NOT-FOR-US: Red Hat Satellite CVE-2020-14334 (A flaw was found in Red Hat Satellite 6 which allows privileged attack ...) - foreman (bug #663101) CVE-2020-14333 (A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earl ...) NOT-FOR-US: ovirt-engine CVE-2020-14332 (A flaw was found in the Ansible Engine when using module_args. Tasks e ...) {DSA-4950-1} - ansible 2.9.13+dfsg-1 (bug #966672) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1857805 NOTE: https://github.com/ansible/ansible/pull/71033 NOTE: https://github.com/ansible/ansible/commit/6cae9a4b168df776bf82deb04b2c62e00c38b49a (v2.9.12) CVE-2020-14331 (A flaw was found in the Linux kernel’s implementation of the inv ...) {DLA-2420-1 DLA-2385-1} - linux 5.7.17-1 (unimportant) [buster] - linux 4.19.146-1 NOTE: https://www.openwall.com/lists/oss-security/2020/07/28/2 NOTE: Only exploitable when CONFIG_VGACON_SOFT_SCROLLBACK is set CVE-2020-14330 (An Improper Output Neutralization for Logs flaw was found in Ansible w ...) {DSA-4950-1} - ansible 2.9.13+dfsg-1 NOTE: https://github.com/ansible/ansible/issues/68400 NOTE: Initial fix: https://github.com/ansible/ansible/pull/69653 NOTE: Complete fix (reverting first and adding more elaborated fix): NOTE: https://github.com/ansible/ansible/pull/70762 NOTE: https://github.com/ansible/ansible/commit/e0f25a2b1f9e6c21f751ba0ed2dc2eee2152983e NOTE: https://github.com/ansible/ansible/commit/76815d3afccc7baffa196456d092f4de94b4fbb1 (v2.9.12) CVE-2020-14329 (A data exposure flaw was found in Ansible Tower in versions before 3.7 ...) NOT-FOR-US: Ansible Tower CVE-2020-14328 (A flaw was found in Ansible Tower in versions before 3.7.2. A Server S ...) NOT-FOR-US: Ansible Tower CVE-2020-14327 (A Server-side request forgery (SSRF) flaw was found in Ansible Tower i ...) NOT-FOR-US: Ansible Tower CVE-2020-14326 (A vulnerability was found in RESTEasy, where RootNode incorrectly cach ...) - resteasy - resteasy3.0 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1855826 NOTE: https://issues.redhat.com/browse/RESTEASY-2643 CVE-2020-14325 (Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Imperson ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14324 (A high severity vulnerability was found in all active versions of Red ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14323 (A null pointer dereference flaw was found in samba's Winbind service i ...) {DLA-2463-1} [experimental] - samba 2:4.13.2+dfsg-1 - samba 2:4.13.2+dfsg-2 (bug #973399) [buster] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2020-14323.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14436 CVE-2020-14322 RESERVED CVE-2020-14321 RESERVED CVE-2020-14320 RESERVED CVE-2020-14319 (It was found that the AMQ Online console is vulnerable to a Cross-Site ...) NOT-FOR-US: AMQ Online CVE-2020-14318 (A flaw was found in the way samba handled file and directory permissio ...) {DLA-2463-1} [experimental] - samba 2:4.13.2+dfsg-1 - samba 2:4.13.2+dfsg-2 (bug #973400) [buster] - samba (Minor issue) NOTE: https://www.samba.org/samba/security/CVE-2020-14318.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14434 CVE-2020-14317 (It was found that the issue for security flaw CVE-2019-3805 appeared a ...) - wildfly (bug #752018) CVE-2020-14316 (A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instanc ...) NOT-FOR-US: KubeVirt CVE-2020-14315 (A memory corruption vulnerability is present in bspatch as shipped in ...) - bsdiff 4.3-22 (bug #964796) [buster] - bsdiff (Minor issue) [stretch] - bsdiff (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/07/09/2 NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-16:29.bspatch.asc CVE-2020-14314 (A memory out-of-bounds read flaw was found in the Linux kernel before ...) {DLA-2420-1 DLA-2385-1} - linux 5.8.7-1 [buster] - linux 4.19.146-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1853922 NOTE: https://git.kernel.org/linus/5872331b3d91820e14716632ebb56b1399b34fe1 CVE-2020-14313 (An information disclosure vulnerability was found in Red Hat Quay in v ...) NOT-FOR-US: Quay CVE-2020-14312 (A flaw was found in the default configuration of dnsmasq, as shipped w ...) - dnsmasq 2.69-1 (bug #732610) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1851342 CVE-2020-14311 (There is an issue with grub2 before version 2.06 while handling symlin ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 CVE-2020-14310 (There is an issue on grub2 before version 2.06 at function read_sectio ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 CVE-2020-14309 (There's an issue with grub2 in all versions before 2.06 when handling ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=3f05d693d1274965ffbe4ba99080dc2c570944c6 CVE-2020-14308 (In grub2 versions before 2.06 the grub memory allocator doesn't check ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=f725fa7cb2ece547c5af01eeeecfe8d95802ed41 CVE-2020-14307 (A vulnerability was found in Wildfly's Enterprise Java Beans (EJB) ver ...) - wildfly (bug #752018) CVE-2020-14306 (An incorrect access control flaw was found in the operator, openshift- ...) NOT-FOR-US: OpenShift CVE-2020-14305 (An out-of-bounds memory write flaw was found in how the Linux kernel&# ...) {DLA-2420-1} - linux 4.12.6-1 NOTE: https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502@virtuozzo.com/ CVE-2020-14304 (A memory disclosure flaw was found in the Linux kernel's ethernet driv ...) - linux (bug #960702) [bullseye] - linux (Minor issue) [buster] - linux (Minor issue) CVE-2020-14303 (A flaw was found in the AD DC NBT server in all Samba versions before ...) {DLA-2463-1} - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) NOTE: https://www.samba.org/samba/security/CVE-2020-14303.html CVE-2020-14302 (A flaw was found in Keycloak before 13.0.0 where an external identity ...) NOT-FOR-US: Keycloak CVE-2020-14301 (An information disclosure vulnerability was found in libvirt in versio ...) - libvirt (Vulnerable code introduced with 6.2.0) NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/a5b064bf4b17a9884d7d361733737fb614ad8979 NOTE: Fixed by: https://github.com/libvirt/libvirt/commit/524de6cc35d3b222f0e940bb0fd027f5482572c5 CVE-2020-14300 (The docker packages version docker-1.13.1-108.git4ef4b30.el7 as releas ...) - docker.io (Red Hat specific regression) CVE-2020-14299 (A flaw was found in JBoss EAP, where the authentication configuration ...) NOT-FOR-US: JBoss EAP CVE-2020-14298 (The version of docker as released for Red Hat Enterprise Linux 7 Extra ...) - docker.io (Red Hat specific regression) CVE-2020-14297 (A flaw was discovered in Wildfly's EJB Client as shipped with Red Hat ...) - wildfly (bug #752018) CVE-2020-14296 (Red Hat CloudForms 4.7 and 5 was vulnerable to Server-Side Request For ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-14295 (A SQL injection issue in color.php in Cacti 1.2.12 allows an admin to ...) - cacti 1.2.13+ds1-1 (bug #963139) [buster] - cacti (Vulnerability introduced later) [stretch] - cacti (Vulnerability introduced later) [jessie] - cacti (Vulnerability introduced later) NOTE: https://github.com/Cacti/cacti/issues/3622 NOTE: Fixed by: https://github.com/Cacti/cacti/commit/cc1a656f37b08c0c45667c119a44a3751271ac6e NOTE: Introduced with the fix for https://github.com/Cacti/cacti/issues/2839 NOTE: Introduced by: https://github.com/Cacti/cacti/commit/b87747c38ba58e8cf6507d4f1f8476d1df567556 (1.2.6) CVE-2020-14294 (An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feat ...) NOT-FOR-US: Secudos Qiata FTA CVE-2020-14293 (conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute ...) NOT-FOR-US: Secudos DOMOS CVE-2020-14292 (In the COVIDSafe application through 1.0.21 for Android, unsafe use of ...) NOT-FOR-US: COVIDSafe application for Android CVE-2020-14291 RESERVED CVE-2020-14290 RESERVED CVE-2020-14289 RESERVED CVE-2020-14288 RESERVED CVE-2020-14287 RESERVED CVE-2020-14286 RESERVED CVE-2020-14285 RESERVED CVE-2020-14284 RESERVED CVE-2020-14283 RESERVED CVE-2020-14282 RESERVED CVE-2020-14281 RESERVED CVE-2020-14280 RESERVED CVE-2020-14279 RESERVED CVE-2020-14278 RESERVED CVE-2020-14277 RESERVED CVE-2020-14276 RESERVED CVE-2020-14275 (Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1 ...) NOT-FOR-US: HCL CVE-2020-14274 (Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9 ...) NOT-FOR-US: HCL CVE-2020-14273 (HCL Domino is susceptible to a Denial of Service (DoS) vulnerability d ...) NOT-FOR-US: HCL Domino CVE-2020-14272 RESERVED CVE-2020-14271 (HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scrip ...) NOT-FOR-US: HCL iNotes CVE-2020-14270 (HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vu ...) NOT-FOR-US: HCL Domino CVE-2020-14269 RESERVED CVE-2020-14268 (A vulnerability in the MIME message handling of the Notes client (vers ...) NOT-FOR-US: HCL Notes CVE-2020-14267 RESERVED CVE-2020-14266 RESERVED CVE-2020-14265 RESERVED CVE-2020-14264 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...) NOT-FOR-US: HCL CVE-2020-14263 ("HCL Traveler Companion is vulnerable to an iOS weak cryptographic pro ...) NOT-FOR-US: HCL CVE-2020-14262 RESERVED CVE-2020-14261 RESERVED CVE-2020-14260 (HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL du ...) NOT-FOR-US: HCL Domino CVE-2020-14259 RESERVED CVE-2020-14258 (HCL Notes is susceptible to a Denial of Service vulnerability caused b ...) NOT-FOR-US: HCL CVE-2020-14257 RESERVED CVE-2020-14256 RESERVED CVE-2020-14255 (HCL Digital Experience 9.5 containers include vulnerabilities that cou ...) NOT-FOR-US: HCL CVE-2020-14254 (TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v ...) NOT-FOR-US: HCL BigFix Inventory CVE-2020-14253 RESERVED CVE-2020-14252 RESERVED CVE-2020-14251 RESERVED CVE-2020-14250 RESERVED CVE-2020-14249 RESERVED CVE-2020-14248 (BigFix Inventory up to v10.0.2 does not set the secure flag for the se ...) NOT-FOR-US: HCL BigFix Inventory CVE-2020-14247 (HCL OneTest Performance V9.5, V10.0, V10.1 contains an inadequate sess ...) NOT-FOR-US: HCL CVE-2020-14246 (HCL OneTest Performance V9.5, V10.0, V10.1 uses basic authentication w ...) NOT-FOR-US: HCL CVE-2020-14245 (HCL OneTest UI V9.5, V10.0, and V10.1 does not perform authentication ...) NOT-FOR-US: HCL CVE-2020-14244 (A vulnerability in the MIME message handling of the Domino server (ver ...) NOT-FOR-US: HCL Domino server CVE-2020-14243 RESERVED CVE-2020-14242 RESERVED CVE-2020-14241 RESERVED CVE-2020-14240 (HCL Notes versions previous to releases 9.0.1 FP10 IF8, 10.0.1 FP6 and ...) NOT-FOR-US: HCL Notes CVE-2020-14239 RESERVED CVE-2020-14238 RESERVED CVE-2020-14237 RESERVED CVE-2020-14236 RESERVED CVE-2020-14235 RESERVED CVE-2020-14234 (HCL Domino is susceptible to a Denial of Service vulnerability due to ...) NOT-FOR-US: HCL CVE-2020-14233 RESERVED CVE-2020-14232 (A vulnerability in the input parameter handling of HCL Notes v9 could ...) NOT-FOR-US: HCL Notes CVE-2020-14231 (A vulnerability in the input parameter handling of HCL Client Applicat ...) NOT-FOR-US: HCL CVE-2020-14230 (HCL Domino is susceptible to a Denial of Service vulnerability caused ...) NOT-FOR-US: HCL CVE-2020-14229 RESERVED CVE-2020-14228 RESERVED CVE-2020-14227 RESERVED CVE-2020-14226 RESERVED CVE-2020-14225 (HCL iNotes is susceptible to a Tabnabbing vulnerability caused by impr ...) NOT-FOR-US: HCL iNotes CVE-2020-14224 (A vulnerability in the MIME message handling of the HCL Notes v9 clien ...) NOT-FOR-US: HCL Notes CVE-2020-14223 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scri ...) NOT-FOR-US: HCL Digital Experience CVE-2020-14222 (HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross site scri ...) NOT-FOR-US: HCL Digital Experience CVE-2020-14221 (HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the ...) NOT-FOR-US: HCL CVE-2020-14220 RESERVED CVE-2020-14219 RESERVED CVE-2020-14218 RESERVED CVE-2020-14217 RESERVED CVE-2020-14216 RESERVED CVE-2020-14215 (Zulip Server before 2.1.5 has Incorrect Access Control because 0198_pr ...) - zulip-server (bug #800052) CVE-2020-14214 (Zammad before 3.3.1, when Domain Based Assignment is enabled, relies o ...) - zammad (bug #841355) CVE-2020-14213 (In Zammad before 3.3.1, a Customer has ticket access that should only ...) - zammad (bug #841355) CVE-2020-14212 (FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in ...) - ffmpeg 7:4.3.1-1 [buster] - ffmpeg (Vulnerable code not present) [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://trac.ffmpeg.org/ticket/8716 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0b3bd001ac1745d9d008a2d195817df57d7d1d14 CVE-2020-14211 RESERVED CVE-2020-14210 (Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF i ...) NOT-FOR-US: MONITORAPP CVE-2020-14209 (Dolibarr before 11.0.5 allows low-privilege users to upload files of d ...) - dolibarr CVE-2020-14208 (SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in t ...) NOT-FOR-US: SuiteCRM CVE-2020-14207 (The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection w ...) NOT-FOR-US: DiveBook plugin for WordPress CVE-2020-14206 (The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XS ...) NOT-FOR-US: DiveBook plugin for WordPress CVE-2020-14205 (The DiveBook plugin 1.1.4 for WordPress is prone to improper access co ...) NOT-FOR-US: DiveBook plugin for WordPress CVE-2020-14204 (In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal ...) NOT-FOR-US: WebFOCUS Business Intelligence CVE-2020-14203 (WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request F ...) NOT-FOR-US: WebFOCUS Business Intelligence CVE-2020-14202 (WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrar ...) NOT-FOR-US: WebFOCUS Business Intelligence CVE-2020-14201 (Dolibarr CRM before 11.0.5 allows privilege escalation. This could all ...) - dolibarr CVE-2020-14200 RESERVED CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the signing o ...) NOT-FOR-US: Bitcoin protocol issue CVE-2020-14198 (Bitcoin Core 0.20.0 allows remote denial of service. ...) - bitcoin (bug #976448) NOTE: https://en.bitcoin.it/wiki/Common_Vulnerabilities_and_Exposures#CVE-2020-14198 CVE-2020-14197 RESERVED CVE-2020-14196 (In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1 ...) - pdns-recursor 4.3.2-1 (low; bug #964103) [buster] - pdns-recursor (Minor issue, fix along in next DSA) NOTE: https://www.openwall.com/lists/oss-security/2020/07/01/1 CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2765 NOTE: https://github.com/FasterXML/jackson-databind/commit/f6d9c664f6d481703138319f6a0f1fdbddb3a259 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14194 (Zulip Server before 2.1.5 allows reverse tabnapping via a topic header ...) - zulip-server (bug #800052) CVE-2020-14193 (Affected versions of Automation for Jira - Server allowed remote attac ...) NOT-FOR-US: Atlassian CVE-2020-14192 (Affected versions of Atlassian Fisheye and Crucible allow remote attac ...) NOT-FOR-US: Atlassian CVE-2020-14191 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...) NOT-FOR-US: Atlassian CVE-2020-14190 (Affected versions of Atlassian Fisheye/Crucible allow remote attackers ...) NOT-FOR-US: Atlassian CVE-2020-14189 (The execute function in in the Atlassian gajira-comment GitHub Action ...) NOT-FOR-US: Atlassian CVE-2020-14188 (The preprocessArgs function in the Atlassian gajira-create GitHub Acti ...) NOT-FOR-US: Atlassian CVE-2020-14187 RESERVED CVE-2020-14186 RESERVED CVE-2020-14185 (Affected versions of Jira Server allow remote unauthenticated attacker ...) NOT-FOR-US: Atlassian CVE-2020-14184 (Affected versions of Atlassian Jira Server allow remote attackers to i ...) NOT-FOR-US: Atlassian CVE-2020-14183 (Affected versions of Jira Server & Data Center allow a remote atta ...) NOT-FOR-US: Atlassian CVE-2020-14182 RESERVED CVE-2020-14181 (Affected versions of Atlassian Jira Server and Data Center allow an un ...) NOT-FOR-US: Atlassian CVE-2020-14180 (Affected versions of Atlassian Jira Service Desk Server and Data Cente ...) NOT-FOR-US: Atlassian CVE-2020-14179 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-14178 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-14177 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-14176 RESERVED CVE-2020-14175 (Affected versions of Atlassian Confluence Server and Data Center allow ...) NOT-FOR-US: Atlassian CVE-2020-14174 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian CVE-2020-14173 (The file upload feature in Atlassian Jira Server and Data Center in af ...) NOT-FOR-US: Atlassian CVE-2020-14172 (This issue exists to document that a security improvement in the way t ...) NOT-FOR-US: Atlassian CVE-2020-14171 (Atlassian Bitbucket Server from version 4.9.0 before version 7.2.4 all ...) NOT-FOR-US: Atlassian CVE-2020-14170 (Webhooks in Atlassian Bitbucket Server from version 5.4.0 before versi ...) NOT-FOR-US: Atlassian CVE-2020-14169 (The quick search component in Atlassian Jira Server and Data Center be ...) NOT-FOR-US: Atlassian CVE-2020-14168 (The email client in Jira Server and Data Center before version 7.13.16 ...) NOT-FOR-US: Atlassian CVE-2020-14167 (The MessageBundleResource resource in Jira Server and Data Center befo ...) NOT-FOR-US: Atlassian CVE-2020-14166 (The /servicedesk/customer/portals resource in Jira Service Desk Server ...) NOT-FOR-US: Atlassian CVE-2020-14165 (The UniversalAvatarResource.getAvatars resource in Jira Server and Dat ...) NOT-FOR-US: Atlassian CVE-2020-14164 (The WYSIWYG editor resource in Jira Server and Data Center before vers ...) NOT-FOR-US: Atlassian CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in ...) - iotjs (Vulnerable code never in released version) NOTE: https://github.com/jerryscript-project/jerryscript/commit/c2b662170245a16f46ce02eae68815c325d99821 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3804 CVE-2020-14162 (An issue was discovered in Pi-Hole through 5.0. The local www-data use ...) NOT-FOR-US: Pi-Hole CVE-2020-14161 (It is possible to inject HTML and/or JavaScript in the HTML to PDF con ...) NOT-FOR-US: Gotenberg CVE-2020-14160 (An SSRF vulnerability in Gotenberg through 6.2.1 exists in the remote ...) NOT-FOR-US: Gotenberg CVE-2020-14159 (By using an Automate API in ConnectWise Automate before 2020.5.178, a ...) NOT-FOR-US: ConnectWise CVE-2020-14158 (The ABUS Secvest FUMO50110 hybrid module does not have any security me ...) NOT-FOR-US: ABUS Secvest FUMO50110 hybrid module CVE-2020-14157 (The wireless-communication feature of the ABUS Secvest FUBE50001 devic ...) NOT-FOR-US: ABUS CVE-2020-14156 (user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020 ...) NOT-FOR-US: OpenBMC CVE-2020-14155 (libpcre in PCRE before 8.44 allows an integer overflow via a large num ...) - pcre3 2:8.39-13 (bug #963086) [buster] - pcre3 (Minor issue) [stretch] - pcre3 (Minor issue) [jessie] - pcre3 (Minor issue) NOTE: https://bugs.exim.org/show_bug.cgi?id=2463 NOTE: Fixed by: https://vcs.pcre.org/pcre?view=revision&revision=1761 (8.44) CVE-2020-14154 (Mutt before 1.14.3 proceeds with a connection even if, in response to ...) - mutt 1.14.3-1 (unimportant) [buster] - mutt 1.10.1-2.1+deb10u1 - neomutt 20200619+dfsg.1-1 (unimportant) NOTE: http://lists.mutt.org/pipermail/mutt-announce/Week-of-Mon-20200608/000022.html NOTE: https://gitlab.com/muttmua/mutt/commit/bb0e6277a45a5d4c3a30d3b968eeb31d78124e95 NOTE: https://gitlab.com/muttmua/mutt/commit/5fccf603ebcf352ba783136d6b2d2600d811fb3b NOTE: https://gitlab.com/muttmua/mutt/commit/f64ec1deefb67d471a642004e102cd1c501a1db3 NOTE: Negligible security impact CVE-2020-14153 (In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an o ...) - libjpeg9 1:9d-1 - libjpeg-turbo (Vulnerable code not present; problematic condition cannot be reached) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/445 CVE-2020-14152 (In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs. ...) {DLA-2302-1} - libjpeg9 1:9d-1 (low) - libjpeg-turbo 1:1.5.2-1 (low) [jessie] - libjpeg-turbo (Minor issue) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/da2a27ef056a0179cbd80f9146e58b89403d9933 CVE-2020-14151 REJECTED CVE-2020-14150 (GNU Bison before 3.5.4 allows attackers to cause a denial of service ( ...) - bison 2:3.6.1+dfsg-1 (unimportant) NOTE: https://lists.gnu.org/archive/html/info-gnu/2020-04/msg00000.html NOTE: Crash in CLI tool, no security impact CVE-2020-14149 (In uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provi ...) NOT-FOR-US: uftpd CVE-2020-14148 (The Server-Server protocol implementation in ngIRCd before 26~rc2 allo ...) {DLA-2252-1} - ngircd 26-1 (bug #963147) [buster] - ngircd (Minor issue) [stretch] - ngircd (Minor issue) NOTE: https://github.com/ngircd/ngircd/issues/274 NOTE: https://github.com/ngircd/ngircd/issues/277 NOTE: https://github.com/ngircd/ngircd/pull/275 NOTE: https://github.com/ngircd/ngircd/pull/276 NOTE: https://github.com/ngircd/ngircd/commit/02cf31c0e267a4c9a7656d43ad3ad4eeb37fc9c5 CVE-2020-14147 (An integer overflow in the getnum function in lua_struct.c in Redis be ...) {DSA-4731-1} - redis 5:6.0.0-1 [stretch] - redis (Vulnerable code reintroduced later) [jessie] - redis (Vulnerable code reintroduced later) NOTE: https://github.com/antirez/redis/pull/6875 NOTE: Issue re-introduced with https://github.com/antirez/redis/commit/1eb08bcd4634ae42ec45e8284923ac048beaa4c3 (5.0-rc4) NOTE: Fixed by: https://github.com/antirez/redis/commit/ef764dde1cca2f25d00686673d1bc89448819571 NOTE: Fixed upstream in 6.0~rc2 and 5.0.8 CVE-2020-14146 (KumbiaPHP through 1.1.1, in Development mode, allows XSS via the publi ...) NOT-FOR-US: KumbiaPHP CVE-2020-14145 (The client side in OpenSSH 5.7 through 8.4 has an Observable Discrepan ...) - openssh (unimportant) NOTE: https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-2-ausnutzung-eines-informationslecks-fuer-gezielte-mitm-angriffe-auf-ssh-clients/ NOTE: https://www.fzi.de/fileadmin/user_upload/2020-06-26-FSA-2020-2.pdf NOTE: The OpenSSH project is not planning to change the behaviour of OpenSSH regarding NOTE: the issue, details in "3.1 OpenSSH" in the publication. NOTE: Partial mitigation: https://anongit.mindrot.org/openssh.git/commit/?id=b3855ff053f5078ec3d3c653cdaedefaa5fc362d (V_8_4_P1) CVE-2020-14144 (** DISPUTED ** The git hook feature in Gitea 1.1.0 through 1.12.5 migh ...) - gitea CVE-2020-14143 RESERVED CVE-2020-14142 RESERVED CVE-2020-14141 RESERVED CVE-2020-14140 RESERVED CVE-2020-14139 RESERVED CVE-2020-14138 RESERVED CVE-2020-14137 RESERVED CVE-2020-14136 RESERVED CVE-2020-14135 RESERVED CVE-2020-14134 RESERVED CVE-2020-14133 RESERVED CVE-2020-14132 RESERVED CVE-2020-14131 RESERVED CVE-2020-14130 (Some js interfaces in the Xiaomi community were exposed, causing sensi ...) NOT-FOR-US: Xiaomi CVE-2020-14129 RESERVED CVE-2020-14128 RESERVED CVE-2020-14127 RESERVED CVE-2020-14126 RESERVED CVE-2020-14125 RESERVED CVE-2020-14124 (There is a buffer overflow in librsa.so called by getwifipwdurl interf ...) NOT-FOR-US: Xiaomi CVE-2020-14123 RESERVED CVE-2020-14122 RESERVED CVE-2020-14121 RESERVED CVE-2020-14120 RESERVED CVE-2020-14119 (There is command injection in the addMeshNode interface of xqnetwork.l ...) NOT-FOR-US: Xiaomi CVE-2020-14118 RESERVED CVE-2020-14117 RESERVED CVE-2020-14116 RESERVED CVE-2020-14115 RESERVED CVE-2020-14114 RESERVED CVE-2020-14113 RESERVED CVE-2020-14112 RESERVED CVE-2020-14111 RESERVED CVE-2020-14110 RESERVED CVE-2020-14109 (There is command injection in the meshd program in the routing system, ...) NOT-FOR-US: Xiaomi CVE-2020-14108 RESERVED CVE-2020-14107 RESERVED CVE-2020-14106 (The application in the mobile phone can unauthorized access to the lis ...) NOT-FOR-US: Xiaomi CVE-2020-14105 (The application in the mobile phone can read the SNO information of th ...) NOT-FOR-US: Xiaomi CVE-2020-14104 (A RACE CONDITION on XQBACKUP causes a decompression path error on Xiao ...) NOT-FOR-US: Xiaomi CVE-2020-14103 (The application in the mobile phone can read the SNO information of th ...) NOT-FOR-US: Xiaomi CVE-2020-14102 (There is command injection when ddns processes the hostname, which cau ...) NOT-FOR-US: Xiaomi CVE-2020-14101 (The data collection SDK of the router web management interface caused ...) NOT-FOR-US: Xiaomi CVE-2020-14100 (In Xiaomi router R3600 ROM version<1.0.66, filters in the set_WAN6 ...) NOT-FOR-US: Xiaomi CVE-2020-14099 (On Xiaomi router AX1800 rom version < 1.0.336 and RM1800 root versi ...) NOT-FOR-US: Xiaomi CVE-2020-14098 (The login verification can be bypassed by using the problem that the t ...) NOT-FOR-US: Xiaomi CVE-2020-14097 (Wrong nginx configuration, causing specific paths to be downloaded wit ...) NOT-FOR-US: Xiaomi CVE-2020-14096 (Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen ...) NOT-FOR-US: Xiaomi CVE-2020-14095 (In Xiaomi router R3600, ROM version<1.0.20, a connect service suffe ...) NOT-FOR-US: Xiaomi CVE-2020-14094 (In Xiaomi router R3600, ROM version<1.0.20, the connection service ...) NOT-FOR-US: Xiaomi CVE-2020-14093 (Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attac ...) {DSA-4708-1 DSA-4707-1 DLA-2268-2 DLA-2268-1} - mutt 1.14.3-1 (bug #962897) - neomutt 20200619+dfsg.1-1 NOTE: Fixed by: https://gitlab.com/muttmua/mutt/commit/3e88866dc60b5fa6aaba6fd7c1710c12c1c3cd01 NOTE: Fix for CVE-2020-14093 introduces a regression, cf. #963107 NOTE: Regression fixed by: https://gitlab.com/muttmua/mutt/-/commit/dc909119b3433a84290f0095c0f43a23b98b3748 CVE-2020-14092 (The CodePeople Payment Form for PayPal Pro plugin before 1.1.65 for Wo ...) NOT-FOR-US: CodePeople Payment Form for PayPal Pro plugin for WordPress CVE-2020-14091 RESERVED CVE-2020-14090 RESERVED CVE-2020-14089 RESERVED CVE-2020-14088 RESERVED CVE-2020-14087 RESERVED CVE-2020-14086 RESERVED CVE-2020-14085 RESERVED CVE-2020-14084 RESERVED CVE-2020-14083 RESERVED CVE-2020-14082 RESERVED CVE-2020-14081 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...) NOT-FOR-US: TRENDnet CVE-2020-14080 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14079 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14078 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14077 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14076 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet TEW-827DRU devices CVE-2020-14075 (TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command i ...) NOT-FOR-US: TRENDnet CVE-2020-14074 (TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buff ...) NOT-FOR-US: TRENDnet CVE-2020-14073 (XSS exists in PRTG Network Monitor 20.1.56.1574 via crafted map proper ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-14072 (An issue was discovered in MK-AUTH 19.01. It allows command execution ...) NOT-FOR-US: MK-AUTH CVE-2020-14071 (An issue was discovered in MK-AUTH 19.01. XSS vulnerabilities in admin ...) NOT-FOR-US: MK-AUTH CVE-2020-14070 (An issue was discovered in MK-AUTH 19.01. There is authentication bypa ...) NOT-FOR-US: MK-AUTH CVE-2020-14069 (An issue was discovered in MK-AUTH 19.01. There are SQL injection issu ...) NOT-FOR-US: MK-AUTH CVE-2020-14068 (An issue was discovered in MK-AUTH 19.01. The web login functionality ...) NOT-FOR-US: MK-AUTH CVE-2020-14067 (The install_from_hash functionality in Navigate CMS 2.9 does not consi ...) NOT-FOR-US: Navigate CMS CVE-2020-14066 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaSc ...) NOT-FOR-US: IceWarp Email Server CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload files ...) NOT-FOR-US: IceWarp Email Server CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user ac ...) NOT-FOR-US: IceWarp Email Server CVE-2020-14063 (A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom Jav ...) NOT-FOR-US: TC Custom JavaScript plugin for WordPress CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2704 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14061 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2698 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14060 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2688 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-14059 (An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect ...) - squid (vulnerability introduced in the 5.x series) - squid3 (vulnerability introduced in the 5.x series) NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-w7pw-2m4p-58hr CVE-2020-14058 (An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due ...) - squid 4.12-1 (unimportant) - squid3 (unimportant) NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-93f5fda134a2a010b84ffedbe833d670e63ba4be.patch NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-qvf6-485q-vm57 NOTE: Squid in Debian builds without OpenSSL support CVE-2020-14057 (Monsta FTP 2.10.1 or below allows external control of paths used in fi ...) NOT-FOR-US: Monsta FTP CVE-2020-14056 (Monsta FTP 2.10.1 or below is prone to a server-side request forgery v ...) NOT-FOR-US: Monsta FTP CVE-2020-14055 (Monsta FTP 2.10.1 or below is prone to a stored cross-site scripting v ...) NOT-FOR-US: Monsta FTP CVE-2020-14054 (SOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e ...) NOT-FOR-US: SOKKIA GNR5 Vanguard WEB CVE-2020-14053 RESERVED CVE-2020-14052 RESERVED CVE-2020-14051 RESERVED CVE-2020-14050 RESERVED CVE-2020-14049 (Viber for Windows up to 13.2.0.39 does not properly quote its custom U ...) NOT-FOR-US: Viber CVE-2020-14048 (Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remo ...) NOT-FOR-US: Zoho CVE-2020-14047 RESERVED CVE-2020-14046 RESERVED CVE-2020-14045 RESERVED CVE-2020-14044 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Server-Side Request Forger ...) NOT-FOR-US: Codiad CVE-2020-14043 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Side Request Forgery ...) NOT-FOR-US: Codiad CVE-2020-14042 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) ...) NOT-FOR-US: Codiad CVE-2020-14041 RESERVED CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in encoding ...) - golang-golang-x-text 0.3.3-1 (bug #964272) - golang-x-text (bug #964271) [buster] - golang-x-text (Minor issue) [stretch] - golang-x-text (Minor issue) NOTE: https://github.com/golang/go/issues/39491 NOTE: https://go.googlesource.com/text/+/23ae387dee1f90d29a23c0e87ee0b46038fbed0e NOTE: https://groups.google.com/forum/#!topic/golang-announce/bXVeAmGOqz0 CVE-2020-14039 (In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may ...) - golang-1.15 (Windows-specific) - golang-1.14 (Windows-specific) - golang-1.11 (Windows-specific) NOTE: https://golang.org/issue/39360 NOTE: https://groups.google.com/g/golang-announce/c/XZNfaiwgt2w/m/E6gHDs32AQAJ CVE-2020-25286 (In wp-includes/comment-template.php in WordPress before 5.4.2, comment ...) {DSA-4709-1 DLA-2371-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47984 CVE-2020-4050 (In affected versions of WordPress, misuse of the `set-screen-option` f ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47951 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc NOTE: https://github.com/WordPress/wordpress-develop/commit/b8dea76b495f0072523106c6ec46b9ea0d2a0920 NOTE: https://core.trac.wordpress.org/ticket/50392 (regression fix) CVE-2020-4049 (In affected versions of WordPress, when uploading themes, the name of ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47950 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p NOTE: https://github.com/WordPress/wordpress-develop/commit/404f397b4012fd9d382e55bf7d206c1317f01148 CVE-2020-4048 (In affected versions of WordPress, due to an issue in wp_validate_redi ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47949 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5 NOTE: https://github.com/WordPress/wordpress-develop/commit/6ef777e9a022bee2a80fa671118e7e2657e52693 CVE-2020-4046 (In affected versions of WordPress, users with low privileges (like con ...) - wordpress 5.4.2+dfsg1-1 (bug #962685) [buster] - wordpress (Vulnerable code introduced later) [stretch] - wordpress (Vulnerable code introduced later) [jessie] - wordpress (Vulnerable code introduced later) NOTE: https://core.trac.wordpress.org/changeset/47947 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf CVE-2020-4047 (In affected versions of WordPress, authenticated users with upload per ...) {DSA-4709-1 DLA-2371-1 DLA-2269-1} - wordpress 5.4.2+dfsg1-1 (bug #962685) NOTE: https://core.trac.wordpress.org/changeset/47948 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27 NOTE: https://github.com/WordPress/wordpress-develop/commit/0977c0d6b241479ecedfe19e96be69f727c3f81f CVE-2020-14038 RESERVED CVE-2020-14037 RESERVED CVE-2020-14036 RESERVED CVE-2020-14035 RESERVED CVE-2020-14034 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.2-1 NOTE: https://github.com/meetecho/janus-gateway/pull/2229 NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80 CVE-2020-14033 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.2-1 NOTE: https://github.com/meetecho/janus-gateway/pull/2229 NOTE: https://github.com/meetecho/janus-gateway/commit/dacb4edfad8e77f73b64d8c175cca0a7796ebf80 CVE-2020-14032 (ASRock 4x4 BOX-R1000 before BIOS P1.40 allows privilege escalation via ...) NOT-FOR-US: ASRock CVE-2020-14031 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ou ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14030 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It sto ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14029 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RS ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14028 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By lev ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14027 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The da ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14026 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14025 (Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14024 (Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14023 (Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14022 (Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file typ ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14021 (An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The AS ...) NOT-FOR-US: Ozeki NG SMS Gateway CVE-2020-14020 RESERVED CVE-2020-14019 (Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/targ ...) - python-rtslib-fb 2.1.71-3 (bug #972227) [buster] - python-rtslib-fb (Introduced in 2.1.70) [stretch] - python-rtslib-fb (vulnerable code introduced later, shutil.copyfile is not used) [jessie] - python-rtslib-fb (vulnerable code introduced later, shutil.copyfile is not used) NOTE: https://github.com/open-iscsi/rtslib-fb/pull/162 NOTE: https://github.com/open-iscsi/rtslib-fb/commit/75e73778dce1cb7a2816a936240ef75adfbd6ed9 CVE-2020-14018 (An issue was discovered in Navigate CMS 2.9 r1433. There is a stored X ...) NOT-FOR-US: Navigate CMS CVE-2020-14017 (An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well a ...) NOT-FOR-US: Navigate CMS CVE-2020-14016 (An issue was discovered in Navigate CMS 2.9 r1433. The forgot-password ...) NOT-FOR-US: Navigate CMS CVE-2020-14015 (An issue was discovered in Navigate CMS 2.9 r1433. When performing a p ...) NOT-FOR-US: Navigate CMS CVE-2020-14014 (An issue was discovered in Navigate CMS 2.8 and 2.9 r1433. The query p ...) NOT-FOR-US: Navigate CMS CVE-2020-14013 RESERVED CVE-2020-14012 (scp/categories.php in osTicket 1.14.2 allows XSS via a Knowledgebase C ...) NOT-FOR-US: osTicket CVE-2020-14011 (Lansweeper 6.0.x through 7.2.x has a default installation in which the ...) NOT-FOR-US: Lansweeper CVE-2020-14010 (The Laborator Xenon theme 1.3 for WordPress allows Reflected XSS via t ...) NOT-FOR-US: Laborator Xenon theme for WordPress CVE-2020-14009 (Proofpoint Enterprise Protection (PPS/PoD) before 8.16.4 contains a vu ...) NOT-FOR-US: Proofpoint Enterprise Protection (PPS/PoD) CVE-2020-14008 (Zoho ManageEngine Applications Manager 14710 and before allows an auth ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-14007 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) NOT-FOR-US: Solarwinds CVE-2020-14006 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) NOT-FOR-US: Solarwinds CVE-2020-14005 (Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF ...) NOT-FOR-US: Solarwinds CVE-2020-14004 (An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dir ...) - icinga2 2.11.5-1 (bug #970252) [buster] - icinga2 2.10.3-2+deb10u1 [stretch] - icinga2 (prepare-dirs script not shipped) [jessie] - icinga2 (prepare-dirs script not shipped) NOTE: https://www.openwall.com/lists/oss-security/2020/06/12/1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1172171 NOTE: https://github.com/Icinga/icinga2/commit/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6 CVE-2020-14003 RESERVED CVE-2020-14002 (PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an in ...) - putty 0.74-1 [buster] - putty (Minor issue) [stretch] - putty (Minor issue) [jessie] - putty (Minor issue) NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commit;h=08f1e2a5066ea95559945af339a60ca14560d764 (0.74) CVE-2020-14001 (The kramdown gem before 2.3.0 for Ruby processes the template option i ...) {DSA-4743-1 DLA-2316-1} [experimental] - ruby-kramdown 2.3.0-1 - ruby-kramdown 2.3.0-3 (bug #965305) NOTE: https://github.com/advisories/GHSA-mqm2-cgpr-p4m6 NOTE: https://github.com/gettalong/kramdown/commit/1b8fd33c3120bfc6e5164b449e2c2fc9c9306fde CVE-2020-14000 (MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.2 ...) NOT-FOR-US: scratch-vm different from src:scratch CVE-2020-13999 (ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Libr ...) - libemf 1.0.13-1 (bug #963778) [buster] - libemf (Minor issue) NOTE: Fixed upstream in 1.0.13 CVE-2020-13998 (** UNSUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled ...) NOT-FOR-US: Citrix CVE-2020-13997 (In Shopware before 6.2.3, the database password is leaked to an unauth ...) NOT-FOR-US: Shopware CVE-2020-13996 (The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection at ...) NOT-FOR-US: J2Store plugin for Joomla! CVE-2020-13995 (U.S. Air Force Sensor Data Management System extract75 has a buffer ov ...) NOT-FOR-US: U.S. Air Force Sensor Data Management System extract75 CVE-2020-13994 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A pri ...) NOT-FOR-US: Mods for HESK CVE-2020-13993 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A bli ...) NOT-FOR-US: Mods for HESK CVE-2020-13992 (An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A Sto ...) NOT-FOR-US: Mods for HESK CVE-2020-13991 (vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow ...) - iotjs (Vulnerable code not present; cf. #972228) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3858 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3859 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3860 NOTE: https://github.com/jerryscript-project/jerryscript/pull/3867 CVE-2020-13990 RESERVED CVE-2020-13989 RESERVED CVE-2020-13988 (An issue was discovered in Contiki through 3.0. An Integer Overflow ex ...) - open-iscsi 2.1.3-1 [buster] - open-iscsi (Minor issue) [stretch] - open-iscsi (Minor issue) NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ NOTE: Adressed upstream in 2.1.3 release CVE-2020-13987 (An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read ...) - open-iscsi 2.1.3-1 [buster] - open-iscsi (Minor issue) [stretch] - open-iscsi (Minor issue) NOTE: https://github.com/open-iscsi/open-iscsi/security/advisories/GHSA-r278-fm99-8rgp NOTE: https://groups.google.com/g/open-iscsi/c/iRS9fcB1bJU/m/BbxY1SGPEwAJ NOTE: Adressed upstream in 2.1.3 release CVE-2020-13986 (An issue was discovered in Contiki through 3.0. An infinite loop exist ...) NOT-FOR-US: Contiki CVE-2020-13985 (An issue was discovered in Contiki through 3.0. A memory corruption vu ...) NOT-FOR-US: Contiki CVE-2020-13984 (An issue was discovered in Contiki through 3.0. An infinite loop exist ...) NOT-FOR-US: Contiki CVE-2020-13983 REJECTED CVE-2020-13982 RESERVED CVE-2020-13981 RESERVED CVE-2020-13980 (** DISPUTED ** OpenCart 3.0.3.3 allows remote authenticated users to c ...) NOT-FOR-US: OpenCart CVE-2020-13979 RESERVED CVE-2020-13978 (** DISPUTED ** Monstra CMS 3.0.4 allows an attacker, who already has a ...) NOT-FOR-US: Monstra CMS CVE-2020-13977 (Nagios 4.4.5 allows an attacker, who already has administrative access ...) - nagios4 4.3.4-4 (bug #962826) [buster] - nagios4 (Minor issue) NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/8deeca7cad3df1143ad9c351d107b5c0a6c61213 CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214. The Di ...) NOT-FOR-US: DD-WRT CVE-2020-13975 RESERVED CVE-2020-13974 (An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...) NOT-FOR-US: OWASP json-sanitizer CVE-2020-13972 (Enghouse Web Chat 6.2.284.34 allows XSS. When one enters their own dom ...) NOT-FOR-US: Enghouse Web Chat CVE-2020-13971 (In Shopware before 6.2.3, authenticated users are allowed to use the M ...) NOT-FOR-US: Shopware CVE-2020-13970 (Shopware before 6.2.3 is vulnerable to a Server-Side Request Forgery ( ...) NOT-FOR-US: Shopware CVE-2020-13969 (CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx ...) NOT-FOR-US: CRK Business Platform CVE-2020-13968 (CRK Business Platform <= 2019.1 allows can inject SQL statements ag ...) NOT-FOR-US: CRK Business Platform CVE-2020-13967 RESERVED CVE-2020-13966 RESERVED CVE-2020-13963 (SOPlanning before 1.47 has Incorrect Access Control because certain se ...) NOT-FOR-US: SOPlanning CVE-2020-13962 (Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 ...) - qtbase-opensource-src 5.14.2+dfsg-6 [buster] - qtbase-opensource-src (Only affects 5.12.2 and later) [stretch] - qtbase-opensource-src (Only affects 5.12.2 and later) [jessie] - qtbase-opensource-src (Only affects 5.12.2 and later) NOTE: https://bugreports.qt.io/browse/QTBUG-83450 NOTE: https://github.com/mumble-voip/mumble/issues/3679 NOTE: https://github.com/mumble-voip/mumble/pull/4032 CVE-2020-13961 (Strapi before 3.0.2 could allow a remote authenticated attacker to byp ...) NOT-FOR-US: Strapi CVE-2020-13960 (D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have t ...) NOT-FOR-US: D-Link CVE-2020-13959 (The default error page for VelocityView in Apache Velocity Tools prior ...) {DLA-2597-1} - velocity-tools 2.0-8 (bug #985221) [buster] - velocity-tools (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/2 NOTE: Fixed by: https://github.com/apache/velocity-tools/commit/e141828a4eb03e4b0224535eed12b5c463a24152 CVE-2020-13958 (A vulnerability in Apache OpenOffice scripting events allows an attack ...) NOT-FOR-US: Apache OpenOffice CVE-2020-13957 (Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 ...) - lucene-solr (Vulnerable functionality not yet present) CVE-2020-13956 (Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misin ...) {DSA-4772-1 DLA-2405-1} - httpcomponents-client 4.5.13-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1886587 NOTE: Fixed by: https://github.com/apache/httpcomponents-client/commit/e628b4c5c464c2fa346385596cc78e035a91a62e (4.5.13-RC1) CVE-2020-13955 (HttpUtils#getURLConnection method disables explicitly hostname verific ...) NOT-FOR-US: Apache Calcite CVE-2020-13954 (By default, Apache CXF creates a /services page containing a listing o ...) NOT-FOR-US: Apache CXF CVE-2020-13953 (In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an att ...) NOT-FOR-US: Apache Tapestry CVE-2020-13952 (In the course of work on the open source project it was discovered tha ...) NOT-FOR-US: Apache Superset CVE-2020-13951 (Attackers can use public NetTest web service of Apache OpenMeetings 4. ...) NOT-FOR-US: Apache OpenMeetings CVE-2020-13950 (Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be mad ...) [experimental] - apache2 2.4.48-1 - apache2 2.4.46-6 [buster] - apache2 (Vulnerable code not present) [stretch] - apache2 (Vulnerable code not present) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13950 NOTE: Fixed by: https://svn.apache.org/r1678771 NOTE: Introduced by: https://svn.apache.org/r1656259 CVE-2020-13949 (In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send sho ...) - thrift (bug #988949) [bullseye] - thrift (Minor issue) [buster] - thrift (Minor issue) NOTE: https://seclists.org/oss-sec/2021/q1/140 CVE-2020-13948 (While investigating a bug report on Apache Superset, it was determined ...) NOT-FOR-US: Apache Superset CVE-2020-13947 (An instance of a cross-site scripting vulnerability was identified to ...) - activemq (unimportant) NOTE: Admin console not enabled in the Debian package, see #702670) NOTE: Fixed in 5.15.13, 5.16.1 CVE-2020-13946 (In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.1 ...) - cassandra (bug #585905) CVE-2020-13945 (In Apache APISIX, the user enabled the Admin API and deleted the Admin ...) NOT-FOR-US: Apache APISIX CVE-2020-13944 (In Apache Airflow < 1.10.12, the "origin" parameter passed to some ...) - airflow (bug #819700) CVE-2020-13943 (If an HTTP/2 client connecting to Apache Tomcat 10.0.0-M1 to 10.0.0-M7 ...) {DSA-4835-1 DLA-2407-1} - tomcat9 9.0.38-1 - tomcat8 NOTE: https://github.com/apache/tomcat/commit/55911430df13f8c9998fbdee1f9716994d2db59b (9.0.38) NOTE: https://github.com/apache/tomcat/commit/9d7def063b47407a09a2f9202beed99f4dcb292a (8.5.58) CVE-2020-13942 (It is possible to inject malicious OGNL or MVEL scripts into the /cont ...) NOT-FOR-US: Apache Unomi CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...) - lucene-solr 3.6.2+dfsg-23 [buster] - lucene-solr (Minor issue) [stretch] - lucene-solr (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/08/15/1 NOTE: https://issues.apache.org/jira/browse/SOLR-14561 NOTE: https://github.com/apache/lucene-solr/commit/936b9d770e769c9018a9f408d576f52e7c4e8be2 NOTE: Server components disabled in 3.6.2+dfsg-23, using that as the fixed version CVE-2020-13940 (In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and v ...) NOT-FOR-US: Apache NiFi CVE-2020-13939 REJECTED CVE-2020-13938 (Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users c ...) - apache2 (Only affects Apache on Windows) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-13938 CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2 ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2020-13936 (An attacker that is able to modify Velocity templates may execute arbi ...) {DLA-2595-1} - velocity 1.7-6 (bug #985220) [buster] - velocity 1.7-5+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2021/03/10/1 NOTE: Fixed by: https://github.com/apache/velocity-engine/commit/1ba60771d23dae7e6b3138ae6bee09cf6f9d2485 CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...) {DSA-4727-1 DLA-2286-1} - tomcat9 9.0.37-1 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/3 NOTE: https://github.com/apache/tomcat/commit/12d715676038efbf9c728af10163f8277fc019d5 (8.5.57) NOTE: https://github.com/apache/tomcat/commit/40fa74c74822711ab878079d0a69f7357926723d (9.0.37) CVE-2020-13934 (An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0. ...) {DSA-4727-1 DLA-2286-1} - tomcat9 9.0.37-1 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2020/07/14/4 NOTE: https://github.com/apache/tomcat/commit/923d834500802a61779318911d7898bd85fc950e (8.5.57) NOTE: https://github.com/apache/tomcat/commit/172977f04a5215128f1e278a688983dcd230f399 (9.0.37) CVE-2020-13933 (Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafte ...) {DLA-2726-1} - shiro 1.3.2-5 (bug #968753) [bullseye] - shiro 1.3.2-4+deb11u1 [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://lists.apache.org/thread.html/r539f87706094e79c5da0826030384373f0041068936912876856835f%40%3Cdev.shiro.apache.org%3E CVE-2020-13932 (In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT p ...) NOT-FOR-US: Apache ActiveMQ Artemis NOTE: https://activemq.apache.org/security-advisories.data/CVE-2020-13932-announcement.txt CVE-2020-13931 (If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0 ...) NOT-FOR-US: Apache TomEE CVE-2020-13930 RESERVED CVE-2020-13929 (Authentication bypass vulnerability in Apache Zeppelin allows an attac ...) NOT-FOR-US: Apache Zeppelin CVE-2020-13928 (Apache Atlas before 2.1.0 contain a XSS vulnerability. While saving se ...) NOT-FOR-US: Apache Atlas CVE-2020-13927 (The previous default setting for Airflow's Experimental API was to all ...) - airflow (bug #819700) CVE-2020-13926 (Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2020-13925 (Similar to CVE-2020-1956, Kylin has one more restful API which concate ...) NOT-FOR-US: Apache Kylin (different from Kylin desktop environment) CVE-2020-13924 (In Apache Ambari versions 2.6.2.2 and earlier, malicious users can con ...) NOT-FOR-US: Apache Ambari CVE-2020-13923 (IDOR vulnerability in the order processing feature from ecommerce comp ...) NOT-FOR-US: Apache OFBiz CVE-2020-13922 (Versions of Apache DolphinScheduler prior to 1.3.2 allowed an ordinary ...) NOT-FOR-US: Apache DolphinScheduler CVE-2020-13921 (**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storag ...) NOT-FOR-US: Apache SkyWalking CVE-2020-13920 (Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX ...) {DLA-2400-1} - activemq 5.16.0-1 [buster] - activemq (Minor issue; can be fixed via point release) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt NOTE: When fixing this issue make sure to use a complete fix and not open up NOTE: CVE-2020-11998 (a regression introduced in 5.15.12 in the commit preventing NOTE: JMX re-bind). NOTE: Fixed by: https://github.com/apache/activemq/commit/c29244931d54affaceabb478b3a52d9b74f5d543 (activemq-5.15.12) NOTE: Followup needed: https://github.com/apache/activemq/commit/0d6e5f240ef34bae2e4089102047593bef628e6c (activemq-5.15.13) CVE-2020-13919 (emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13918 (Incorrect access control in webs in Ruckus Wireless Unleashed through ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13917 (rkscli in Ruckus Wireless Unleashed through 200.7.10.92 allows a remot ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13916 (A stack buffer overflow in webs in Ruckus Wireless Unleashed through 2 ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13915 (Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed throu ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13914 (webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a rem ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13913 (An XSS issue in emfd in Ruckus Wireless Unleashed through 200.7.10.102 ...) NOT-FOR-US: Ruckus Wireless Unleashed CVE-2020-13912 (SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users ...) NOT-FOR-US: SolarWinds Advanced Monitoring Agent CVE-2020-13911 (Your Online Shop 1.8.0 allows authenticated users to trigger XSS via a ...) NOT-FOR-US: Your Online Shop CVE-2020-13910 (Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nf ...) NOT-FOR-US: Pengutronix Barebox CVE-2020-13909 (The Ignition component before 2.0.5 for Laravel mishandles globals, _g ...) NOT-FOR-US: Laravel CVE-2020-13908 RESERVED CVE-2020-13907 RESERVED CVE-2020-13906 (IrfanView 4.54 allows a user-mode write access violation starting at F ...) NOT-FOR-US: IrfanView CVE-2020-13905 (IrfanView 4.54 allows a user-mode write access violation starting at F ...) NOT-FOR-US: IrfanView CVE-2020-13904 (FFmpeg 2.8 and 4.2.3 has a use-after-free via a crafted EXTINF duratio ...) {DSA-4722-1 DLA-2291-1} - ffmpeg 7:4.3.1-1 NOTE: https://patchwork.ffmpeg.org/project/ffmpeg/patch/20200529033905.41926-1-lq@chinaffmpeg.org/ NOTE: https://github.com/FFmpeg/FFmpeg/commit/9dfb19baeb86a8bb02c53a441682c6e9a6e104cc NOTE: https://trac.ffmpeg.org/ticket/8673 CVE-2020-13903 REJECTED CVE-2020-13902 (ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-re ...) - imagemagick 8:6.9.11.24+dfsg-1 [buster] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) [stretch] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) [jessie] - imagemagick (Not affected, tiff uses TIFF_SETGET_C32_UINT32) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20920 NOTE: https://github.com/ImageMagick/ImageMagick/discussions/2132 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/824f344ceb823e156ad6e85314d79c087933c2a0 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/218d6abc4e36596c90a07463bfb2ab9e8312efbb CVE-2020-13901 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/90cc2ada775c4d4d8f6ae66f96b4ec7588e4bc86 CVE-2020-13900 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/5f33d5e1073207f7275a726b7bb4cd7dbb08d13a CVE-2020-13899 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/f46f27fb129fd1b3744830b4fc6e75ab78794636 CVE-2020-13898 (An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...) - janus 0.10.1-1 (bug #962680) NOTE: https://github.com/meetecho/janus-gateway/pull/2214 NOTE: https://github.com/meetecho/janus-gateway/pull/2214/commits/2ed485d04630b9ee9de7c96517135654b7f32120 CVE-2020-13897 (HESK before 3.1.10 allows reflected XSS. ...) NOT-FOR-US: HESK CVE-2020-13896 (The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remot ...) NOT-FOR-US: Maipu devices CVE-2020-13894 (handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows ...) NOT-FOR-US: DEXT5 Editor CVE-2020-13893 (Multiple stored cross-site scripting (XSS) vulnerabilities in Sage Eas ...) NOT-FOR-US: Sage EasyPay CVE-2020-13892 (The SportsPress plugin before 2.7.2 for WordPress allows XSS. ...) NOT-FOR-US: SportsPress plugin for WordPress CVE-2020-13891 (An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS ...) NOT-FOR-US: Mattermost CVE-2020-13890 (The Neon theme 2.0 before 2020-06-03 for Bootstrap allows XSS via an A ...) NOT-FOR-US: Bootstrap theme CVE-2020-13889 (showAlert() in the administration panel in Bludit 3.12.0 allows XSS. ...) NOT-FOR-US: Bludit CVE-2020-13888 (Kordil EDMS through 2.2.60rc3 allows stored XSS in users_edit.php, use ...) NOT-FOR-US: Kordil EDMS CVE-2020-13887 (documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Comma ...) NOT-FOR-US: Kordil EDMS CVE-2020-13895 (Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module befor ...) - libcrypt-perl-perl (bug #907353) NOTE: https://github.com/FGasper/p5-Crypt-Perl/issues/14 NOTE: https://github.com/FGasper/p5-Crypt-Perl/commit/f960ce75502acf7404187231a706672f8369acb2 CVE-2020-13886 (Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 6 ...) NOT-FOR-US: Intelbras TIP CVE-2020-13885 (Citrix Workspace App before 1912 on Windows has Insecure Permissions w ...) NOT-FOR-US: Citrix CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure Permissions a ...) NOT-FOR-US: Citrix CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...) NOT-FOR-US: WSO2 API Manager CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TO ...) - lynis 3.0.0-1 (unimportant) NOTE: Neutralised by kernel hardening NOTE: https://github.com/CISOfy/lynis/pull/594 NOTE: https://github.com/CISOfy/lynis/commit/5b09da0d9878096d45f04b858c4f65e674369ab4 CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...) {DLA-2730-1 DLA-2239-1} - libpam-tacplus 1.3.8-2.1 (low; bug #962830) [buster] - libpam-tacplus 1.3.8-2+deb10u1 [stretch] - libpam-tacplus (Minor issue) NOTE: https://github.com/kravietz/pam_tacplus/commit/4a9852c31c2fd0c0e72fbb689a586aabcfb11cb0 NOTE: https://github.com/kravietz/pam_tacplus/issues/149 CVE-2020-13880 RESERVED CVE-2020-13879 RESERVED CVE-2020-13878 RESERVED CVE-2020-13877 (SQL Injection issues in various ASPX pages of ResourceXpress Meeting M ...) NOT-FOR-US: ResourceXpress Meeting Monitor CVE-2020-13876 RESERVED CVE-2020-13875 RESERVED CVE-2020-13874 RESERVED CVE-2020-13873 (A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/T ...) NOT-FOR-US: Codoforum CVE-2020-13872 (Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for at ...) NOT-FOR-US: Royal TS CVE-2020-13871 (SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c bec ...) {DLA-2340-1} - sqlite3 3.32.2-2 [buster] - sqlite3 (Vulnerability introduced later) [jessie] - sqlite3 (Vulnerable code not present) NOTE: New fix: https://www.sqlite.org/src/info/44a58d6cb135a104 NOTE: Fixed by: https://www.sqlite.org/src/info/79eff1d0383179c4 NOTE: https://www.sqlite.org/src/info/c8d3b9f0a750a529 NOTE: https://www.sqlite.org/src/info/cd708fa84d2aaaea CVE-2020-13870 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...) NOT-FOR-US: Comments plugin for Craft CMS CVE-2020-13869 (An issue was discovered in the Comments plugin before 1.5.6 for Craft ...) NOT-FOR-US: Comments plugin for Craft CMS CVE-2020-13868 (An issue was discovered in the Comments plugin before 1.5.5 for Craft ...) NOT-FOR-US: Comments plugin for Craft CMS CVE-2020-13867 (Open-iSCSI targetcli-fb through 2.1.52 has weak permissions for /etc/t ...) - targetcli-fb 1:2.1.53-1 (low; bug #962331) [buster] - targetcli-fb (Minor issue) [stretch] - targetcli-fb (Minor issue) NOTE: https://github.com/open-iscsi/targetcli-fb/pull/172 CVE-2020-13866 (WinGate v9.4.1.5998 has insecure permissions for the installation dire ...) NOT-FOR-US: WinGate CVE-2020-13865 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...) NOT-FOR-US: Elementor Page Builder plugin for WordPress CVE-2020-13864 (The Elementor Page Builder plugin before 2.9.9 for WordPress suffers f ...) NOT-FOR-US: Elementor Page Builder plugin for WordPress CVE-2020-13863 (The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker ...) NOT-FOR-US: Mitel CVE-2020-13862 RESERVED CVE-2020-13861 RESERVED CVE-2020-13860 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-13859 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-13858 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and ...) NOT-FOR-US: Mofi Network devices CVE-2020-13857 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and ...) NOT-FOR-US: Mofi Network devices CVE-2020-13856 (An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std dev ...) NOT-FOR-US: Mofi Network devices CVE-2020-13855 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13854 (Artica Pandora FMS 7.44 allows privilege escalation. ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13853 (Artica Pandora FMS 7.44 has persistent XSS in the Messages feature. ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13852 (Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remot ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13851 (Artica Pandora FMS 7.44 allows remote command execution via the events ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13850 (Artica Pandora FMS 7.44 has inadequate access controls on a web folder ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-13849 (The MQTT protocol 3.1.1 requires a server to set a timeout value of 1. ...) NOT-FOR-US: MQTT protocol flaw CVE-2020-13848 (Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attac ...) {DLA-2585-1 DLA-2238-1} - pupnp-1.8 (bug #962282) [bullseye] - pupnp-1.8 (Minor issue) [buster] - pupnp-1.8 (Minor issue) - libupnp NOTE: https://github.com/pupnp/pupnp/issues/177 NOTE: https://github.com/pupnp/pupnp/commit/c805c1de1141cb22f74c0d94dd5664bda37398e0 CVE-2020-13847 (Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Chec ...) - singularity-container (bug #965040) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v CVE-2020-13846 (Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a S ...) - singularity-container (bug #965040) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-6w7g-p4jh-rf92 CVE-2020-13845 (Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integ ...) - singularity-container (bug #965040) NOTE: https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c CVE-2020-13844 (Arm Armv8-A core implementations utilizing speculative execution past ...) NOTE: https://lists.llvm.org/pipermail/llvm-dev/2020-June/142109.html NOTE: https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability/downloads/straight-line-speculation NOTE: Hardware issue, mitigations to intrusive to backport (and would require to recompile NOTE: the entire distro, which is not warranted for the impact) NOTE: GCC patches: NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=a9ba2a9b77bec7eacaf066801f22d1c366a2bc86 NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=be178ecd5ac1fe1510d960ff95c66d0ff831afe1 NOTE: https://gcc.gnu.org/git/?p=gcc.git;a=commit;h=96b7f495f9269d5448822e4fc28882edb35a58d7 CVE-2020-13843 (An issue was discovered on LG mobile devices with Android OS software ...) NOT-FOR-US: LG mobile devices CVE-2020-13842 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-13841 (An issue was discovered on LG mobile devices with Android OS 9 and 10 ...) NOT-FOR-US: LG mobile devices CVE-2020-13840 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-13839 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-13838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13837 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13835 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13834 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13833 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13832 (An issue was discovered on Samsung mobile devices with Q(10.0) (with T ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13831 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13830 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13829 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-13828 (Dolibarr 11.0.4 is affected by multiple stored Cross-Site Scripting (X ...) - dolibarr CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/a ...) - phplist (bug #612288) CVE-2020-13826 (A CSV injection (aka Excel Macro Injection or Formula Injection) issue ...) NOT-FOR-US: i-doit CVE-2020-13825 (A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows rem ...) NOT-FOR-US: i-doit CVE-2020-13824 RESERVED CVE-2020-13823 RESERVED CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleabi ...) - node-elliptic 6.5.3~dfsg-1 (bug #963149) [buster] - node-elliptic 6.4.1~dfsg-1+deb10u1 NOTE: https://github.com/indutny/elliptic/issues/226 CVE-2020-13821 (An issue was discovered in HiveMQ Broker Control Center 4.3.2. A craft ...) NOT-FOR-US: HiveMQ Broker Control Center CVE-2020-13820 (Extreme Management Center 8.4.1.24 allows unauthenticated reflected XS ...) NOT-FOR-US: Extreme Management Center CVE-2020-13819 (Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS vi ...) NOT-FOR-US: Extreme EAC Appliance CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when <cachestart> ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...) - ntp 1:4.2.8p14+dfsg-1 (low) [buster] - ntp (Minor issue) [stretch] - ntp (Minor issue) [jessie] - ntp (Too intrusive to backport, requires new configuration) - ntpsec (Doesn't affect ntpsec per upstream, #964395) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3596 NOTE: https://bugs.ntp.org/show_bug.cgi?id=3596 NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e312021VVVkyioYBR_aeIP1LqMCVg (4.2.8p14) NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5e4a536dzxRWAzMw-KsKjm04l6joNA (4.2.8p14) CVE-2020-13816 REJECTED CVE-2020-13815 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13814 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13813 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-13812 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-13811 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-13810 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13809 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13808 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13807 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13806 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13805 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) NOT-FOR-US: Foxit Reader CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...) NOT-FOR-US: Foxit Reader CVE-2020-13802 (Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command in ...) - rebar3 (bug #824773) NOTE: https://github.com/erlang/rebar3/pull/2302 NOTE: https://github.com/erlang/rebar3/commit/2e2d1a6bb141a969b6483e082a2afd361fc2ece2 CVE-2020-13801 RESERVED CVE-2020-13799 (Western Digital has identified a security vulnerability in the Replay ...) NOT-FOR-US: Western Digital iNAND devices CVE-2020-13798 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) NOT-FOR-US: Navigate CMS CVE-2020-13797 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) NOT-FOR-US: Navigate CMS CVE-2020-13796 (An issue was discovered in Navigate CMS through 2.8.7. It allows XSS b ...) NOT-FOR-US: Navigate CMS CVE-2020-13795 (An issue was discovered in Navigate CMS through 2.8.7. It allows Direc ...) NOT-FOR-US: Navigate CMS CVE-2020-13794 (Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information ...) NOT-FOR-US: Harbor CVE-2020-13793 (Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a st ...) NOT-FOR-US: Ivanti CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via ajax.php?type=../ad ...) NOT-FOR-US: PlayTube CVE-2020-13965 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...) {DSA-4700-1} - roundcube 1.4.5+dfsg.1-1 (bug #962124) NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/ccaccae6653031b809b4347a60021951e19a0e43 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/884eb611627ef2bd5a2e20e02009ebb1eceecdc3 CVE-2020-13964 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...) {DSA-4700-1} - roundcube 1.4.5+dfsg.1-1 (bug #962123) NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19 CVE-2020-13800 (ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to tri ...) - qemu 1:5.0-6 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/2 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00833.html NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=a98610c429d52db0937c1e48659428929835c455 CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of- ...) - qemu 1:5.0-6 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/1 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00831.html CVE-2020-13790 (libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-r ...) {DLA-2302-1} - libjpeg-turbo 1:2.0.5-1 (bug #962829) [buster] - libjpeg-turbo 1:1.5.2-2+deb10u1 [jessie] - libjpeg-turbo (No package in Debian jessie uses the TurboJPEG API) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/433 NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/1bfb0b5247f4fc8f6677639781ce468543490216 (1.5.x) NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/3de15e0c344d11d4b90f4a47136467053eb2d09a (2.0.x) CVE-2020-13789 RESERVED CVE-2020-13788 (Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker wi ...) NOT-FOR-US: Harbor CVE-2020-13787 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of ...) NOT-FOR-US: D-Link CVE-2020-13786 (D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. ...) NOT-FOR-US: D-Link CVE-2020-13785 (D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Str ...) NOT-FOR-US: D-Link CVE-2020-13784 (D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a P ...) NOT-FOR-US: D-Link CVE-2020-13783 (D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sens ...) NOT-FOR-US: D-Link CVE-2020-13782 (D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. ...) NOT-FOR-US: D-Link CVE-2020-13781 RESERVED CVE-2020-13780 RESERVED CVE-2020-13779 RESERVED CVE-2020-13778 (rConfig 3.9.4 and earlier allows authenticated code execution (of syst ...) NOT-FOR-US: rConfig CVE-2020-13777 (GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting ...) {DSA-4697-1} - gnutls28 3.6.14-1 (bug #962289) [stretch] - gnutls28 (Vulnerable code introduced in 3.6.4) [jessie] - gnutls28 (Vulnerable code introduced in 3.6.4) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1843723 NOTE: https://gnutls.org/security-new.html#GNUTLS-SA-2020-06-03 NOTE: https://gitlab.com/gnutls/gnutls/-/issues/1011 NOTE: https://gitlab.com/gnutls/gnutls/-/commit/c2646aeee94e71cb15c90a3147cf3b5b0ca158ca NOTE: https://gitlab.com/gnutls/gnutls/-/commit/3d7fae761e65e9d0f16d7247ee8a464d4fe002da CVE-2020-13776 (systemd through v245 mishandles numerical usernames such as ones compo ...) - systemd 246-2 (unimportant) NOTE: https://github.com/systemd/systemd/issues/15985 NOTE: https://github.com/systemd/systemd/commit/156a5fd297b61bce31630d7a52c15614bf784843 (v246-rc1) NOTE: https://github.com/systemd/systemd/commit/6495ceddf38aed2c9efdcf9d3440140190800b55 (v246-rc1) NOTE: Issue exists due to an incomplete fix for CVE-2017-1000082. CVE-2020-13775 (ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an app ...) - znc 1.8.1-1 (bug #962105) [buster] - znc (Vulnerable code introduced later) [stretch] - znc (Vulnerable code introduced later) [jessie] - znc (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/znc/znc/commit/2390ad111bde16a78c98ac44572090b33c3bd2d8 (znc-1.8.1-rc1) NOTE: Introduced with: https://github.com/znc/znc/commit/d229761821da38d984a9e4098ad96842490dc001 (znc-1.8.0) CVE-2020-13774 (An unrestricted file-upload issue in EditLaunchPadDialog.aspx in Ivant ...) NOT-FOR-US: Ivanti CVE-2020-13773 (Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_spli ...) NOT-FOR-US: Ivanti CVE-2020-13772 (In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, a ...) NOT-FOR-US: Ivanti CVE-2020-13771 (Various components in Ivanti Endpoint Manager through 2020.1.1 rely on ...) NOT-FOR-US: Ivanti CVE-2020-13770 (Several services are accessing named pipes in Ivanti Endpoint Manager ...) NOT-FOR-US: Ivanti CVE-2020-13769 (LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows S ...) NOT-FOR-US: Ivanti CVE-2020-13768 (In MiniShare before 1.4.2, there is a stack-based buffer overflow via ...) NOT-FOR-US: MiniShare CVE-2020-13767 (The Mitel MiCollab application before 9.1.332 for iOS could allow an u ...) NOT-FOR-US: Mitel CVE-2020-13766 RESERVED CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate ...) {DSA-4728-1 DLA-2288-1 DLA-2262-1} - qemu 1:4.2-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319 NOTE: https://bugs.launchpad.net/qemu/+bug/1844635 CVE-2020-13764 (common.php in the Gravity Forms plugin before 2.4.9 for WordPress can ...) NOT-FOR-US: Gravity Forms plugin for WordPress CVE-2020-13763 (In Joomla! before 3.9.19, the default settings of the global textfilte ...) NOT-FOR-US: Joomla! CVE-2020-13762 (In Joomla! before 3.9.19, incorrect input validation of the module tag ...) NOT-FOR-US: Joomla! CVE-2020-13761 (In Joomla! before 3.9.19, lack of input validation in the heading tag ...) NOT-FOR-US: Joomla! CVE-2020-13760 (In Joomla! before 3.9.19, missing token checks in com_postinstall lead ...) NOT-FOR-US: Joomla! CVE-2020-13759 (rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attacker ...) NOT-FOR-US: rust-vmm CVE-2020-13758 (modules/security/classes/general.post_filter.php/post_filter.php in th ...) NOT-FOR-US: Bitrix24 CVE-2020-13757 (Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ...) - python-rsa 4.7.2-1 (bug #962142) [bullseye] - python-rsa (Minor issue) [buster] - python-rsa (Minor issue) [stretch] - python-rsa (Minor issue) [jessie] - python-rsa (Minor issue) NOTE: https://github.com/sybrenstuvel/python-rsa/issues/146 NOTE: https://github.com/sybrenstuvel/python-rsa/commit/93af6f2f89a9bf28361e67716c4240e691520f30 (version-4.1) CVE-2020-13756 (Sabberworm PHP CSS Parser before 8.3.1 calls eval on uncontrolled data ...) NOT-FOR-US: Sabberworm PHP CSS Parser CVE-2020-13755 RESERVED CVE-2020-13753 (The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, f ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-13752 RESERVED CVE-2020-13751 RESERVED CVE-2020-13750 RESERVED CVE-2020-13749 RESERVED CVE-2020-13748 RESERVED CVE-2020-13747 RESERVED CVE-2020-13746 RESERVED CVE-2020-13745 RESERVED CVE-2020-13744 RESERVED CVE-2020-13743 RESERVED CVE-2020-13742 RESERVED CVE-2020-13741 RESERVED CVE-2020-13740 RESERVED CVE-2020-13739 RESERVED CVE-2020-13738 RESERVED CVE-2020-13737 RESERVED CVE-2020-13736 RESERVED CVE-2020-13735 RESERVED CVE-2020-13734 RESERVED CVE-2020-13733 RESERVED CVE-2020-13732 RESERVED CVE-2020-13731 RESERVED CVE-2020-13730 RESERVED CVE-2020-13729 RESERVED CVE-2020-13728 RESERVED CVE-2020-13727 RESERVED CVE-2020-13726 RESERVED CVE-2020-13725 RESERVED CVE-2020-13724 RESERVED CVE-2020-13723 RESERVED CVE-2020-13722 RESERVED CVE-2020-13721 RESERVED CVE-2020-13720 RESERVED CVE-2020-13719 RESERVED CVE-2020-13718 RESERVED CVE-2020-13717 RESERVED CVE-2020-13716 RESERVED CVE-2020-13715 RESERVED CVE-2020-13714 RESERVED CVE-2020-13713 RESERVED CVE-2020-13712 RESERVED CVE-2020-13711 RESERVED CVE-2020-13710 RESERVED CVE-2020-13709 RESERVED CVE-2020-13708 RESERVED CVE-2020-13707 RESERVED CVE-2020-13706 RESERVED CVE-2020-13705 RESERVED CVE-2020-13704 RESERVED CVE-2020-13703 RESERVED CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of ...) {DSA-4728-1 DLA-2288-1} - qemu 1:5.0-6 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=5d971f9e672507210e77d020d89e0e89165c8fc9 (fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dba04c3488c4699f5afe96f66e448b1d447cf3fb (regression fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e67fda2dd6202ccec093fda561107ba14830a17 (regression fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=70b78d4e71494c90d2ccb40381336bc9b9a22f79 (regression fix) CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google Exposure Not ...) NOT-FOR-US: Apple/Google Exposure Notification API CVE-2020-13701 RESERVED CVE-2020-13700 (An issue was discovered in the acf-to-rest-api plugin through 3.1.0 fo ...) NOT-FOR-US: acf-to-rest-api plugin for WordPress CVE-2020-13699 (TeamViewer Desktop for Windows before 15.8.3 does not properly quote i ...) NOT-FOR-US: TeamViewer Desktop CVE-2020-13698 RESERVED CVE-2020-13697 (An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2 ...) NOT-FOR-US: NanoHTTPD Java CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The function de ...) {DLA-2246-1} - xawtv 3.107-1 (bug #962221) [stretch] - xawtv (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6 NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=31f31f9cbaee7be806cba38e0ff5431bd44b20a3 NOTE: Fixed by: https://git.linuxtv.org/xawtv3.git/commit/?id=36dc44e68e5886339b4a0fbe3f404fb1a4fd2292 NOTE: But those sill allow to test for arbitrary files and would need: NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/6/1 CVE-2020-13695 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...) NOT-FOR-US: QuickBox CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition through 2. ...) NOT-FOR-US: QuickBox CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...) NOT-FOR-US: bbPress plugin for WordPress CVE-2020-13692 (PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. ...) - libpgjava 42.2.12-2 (low; bug #962828) [buster] - libpgjava (Minor issue) [stretch] - libpgjava (Minor issue) [jessie] - libpgjava (Minor issue) NOTE: https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65 CVE-2020-13691 RESERVED CVE-2020-13690 RESERVED CVE-2020-13689 RESERVED CVE-2020-13688 (Cross-site scripting vulnerability in l Drupal Core allows an attacker ...) - drupal7 (Only affects Drupal 8 and 9) NOTE: https://www.drupal.org/sa-core-2020-009 CVE-2020-13687 RESERVED CVE-2020-13686 RESERVED CVE-2020-13685 RESERVED CVE-2020-13684 RESERVED CVE-2020-13683 RESERVED CVE-2020-13682 RESERVED CVE-2020-13681 RESERVED CVE-2020-13680 RESERVED CVE-2020-13679 RESERVED CVE-2020-13678 RESERVED CVE-2020-13677 RESERVED CVE-2020-13676 RESERVED CVE-2020-13675 RESERVED CVE-2020-13674 RESERVED CVE-2020-13673 RESERVED CVE-2020-13671 (Drupal core does not properly sanitize certain filenames on uploaded f ...) {DLA-2458-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2020-012 NOTE: https://github.com/drupal/drupal/commit/0263ea89cfff630262b8c0bc6d9c629c42aa7a84 CVE-2020-13670 RESERVED CVE-2020-13669 RESERVED CVE-2020-13668 RESERVED CVE-2020-13667 (Access bypass vulnerability in of Drupal Core Workspaces allows an att ...) NOT-FOR-US: Drupal 8.x CVE-2020-13666 (Cross-site scripting vulnerability in Drupal Core. Drupal AJAX API doe ...) {DLA-2458-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2020-007 NOTE: https://github.com/drupal/drupal/commit/cd3721550d988240ef6e682bd1cae2939c6e9e5a CVE-2020-13665 (Access bypass vulnerability in Drupal Core allows JSON:API when JSON:A ...) - drupal7 (Drupal 7 not affected) NOTE: https://www.drupal.org/sa-core-2020-006 CVE-2020-13664 (Arbitrary PHP code execution vulnerability in Drupal Core under certai ...) - drupal7 (Drupal 7 not affected) NOTE: https://www.drupal.org/sa-core-2020-005 CVE-2020-13663 (Cross Site Request Forgery vulnerability in Drupal Core Form API does ...) {DSA-4706-1 DLA-2263-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2020-004 NOTE: https://git.drupalcode.org/project/drupal/-/commit/3999b8f658bf2ef8e96a7ee8ccb279c5d3073006 CVE-2020-13661 (Telerik Fiddler through 5.0.20202.18177 allows attackers to execute ar ...) NOT-FOR-US: Telerik CVE-2020-13660 (CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker pr ...) NOT-FOR-US: CMS Made Simple CVE-2020-13659 (address_space_map in exec.c in QEMU 4.2.0 can trigger a NULL pointer d ...) {DSA-4728-1 DLA-2288-1} - qemu 1:5.0-6 NOTE: https://bugs.launchpad.net/qemu/+bug/1878259 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07313.html NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=77f55eac6c433e23e82a1b88b2d74f385c4c7d82 CVE-2020-13658 (In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF atta ...) NOT-FOR-US: Lansweeper CVE-2020-13657 (An elevation of privilege vulnerability exists in Avast Free Antivirus ...) NOT-FOR-US: Avast CVE-2020-13656 (In Morgan Stanley Hobbes through 2020-05-21, the array implementation ...) NOT-FOR-US: Hobbes CVE-2020-13655 (An issue was discovered in Collabtive 3.0 and later. managefile.php is ...) - collabtive CVE-2020-13654 (XWiki Platform before 12.8 mishandles escaping in the property display ...) NOT-FOR-US: XWiki CVE-2020-13653 (An XSS vulnerability exists in the Webmail component of Zimbra Collabo ...) NOT-FOR-US: Zimbra CVE-2020-13652 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...) NOT-FOR-US: DigDash CVE-2020-13651 (An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 bef ...) NOT-FOR-US: DigDash CVE-2020-13650 (An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 ...) NOT-FOR-US: DigDash CVE-2020-13649 (parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during c ...) - iotjs 1.0+715-1 [buster] - iotjs (Minor issue) NOTE: https://github.com/jerryscript-project/jerryscript/commit/69f8e78c2f8d562bd6d8002b5488f1662ac30d24 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3786 NOTE: https://github.com/jerryscript-project/jerryscript/issues/3788 CVE-2020-13648 RESERVED CVE-2020-13647 RESERVED CVE-2020-13646 (In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows local ...) NOT-FOR-US: cheetah free wifi CVE-2020-13645 (In GNOME glib-networking through 2.64.2, the implementation of GTlsCli ...) - glib-networking 2.64.3-2 (bug #961756) [buster] - glib-networking 2.58.0-2+deb10u1 [stretch] - glib-networking 2.50.0-1+deb9u1 NOTE: https://gitlab.gnome.org/GNOME/glib-networking/-/issues/135 NOTE: Updating glib-networking to address CVE-2020-13645 will need a compatibility NOTE: update as well for balsa (cf. https://bugs.debian.org/961792) CVE-2020-13644 (An issue was discovered in the Accordion plugin before 2.2.9 for WordP ...) NOT-FOR-US: Accordion plugin for WordPress CVE-2020-13643 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...) NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress CVE-2020-13642 (An issue was discovered in the SiteOrigin Page Builder plugin before 2 ...) NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin befor ...) NOT-FOR-US: Real-Time Find and Replace plugin for WordPress CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlie ...) NOT-FOR-US: gVectors wpDiscuz plugin for WordPress CVE-2020-13639 (A stored XSS vulnerability was discovered in the ECT Provider in OutSy ...) NOT-FOR-US: OutSystems Platform CVE-2020-13638 (lib/crud/userprocess.php in rConfig 3.9.x before 3.9.7 has an authenti ...) NOT-FOR-US: rConfig CVE-2020-13637 (An issue was discovered in the stashcat app through 3.9.2 for macOS, W ...) NOT-FOR-US: stashcat app CVE-2020-13636 RESERVED CVE-2020-13635 RESERVED CVE-2020-13634 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the d ...) NOT-FOR-US: Windows Master (aka Windows Optimization Master) CVE-2020-13633 (Fork before 5.8.3 allows XSS via navigation_title or title. ...) NOT-FOR-US: Fork CMS CVE-2020-13632 (ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer der ...) {DLA-2340-1} - sqlite3 3.32.0-1 [buster] - sqlite3 3.27.2-3+deb10u1 [jessie] - sqlite3 (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/a4dd148928ea65bd NOTE: https://github.com/sqlite/sqlite/commit/219b8e7e7587df8669d96ce867cdd61ca1c05730 CVE-2020-13631 (SQLite before 3.32.0 allows a virtual table to be renamed to the name ...) - sqlite3 3.32.0-1 [buster] - sqlite3 (Minor issue, too intrusive to backport) [stretch] - sqlite3 (Vulnerable code not present) [jessie] - sqlite3 (Too intrusive to backport) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/eca0ba2cf4c0fdf7 CVE-2020-13630 (ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3Ev ...) {DLA-2340-1} - sqlite3 3.32.0-1 [buster] - sqlite3 3.27.2-3+deb10u1 [jessie] - sqlite3 (Vulnerable code not found) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1080459 NOTE: https://sqlite.org/src/info/0d69f76f0865f962 NOTE: https://github.com/sqlite/sqlite/commit/becd68ba0dac41904aa817d96a67fb4685734b41 CVE-2020-13629 RESERVED CVE-2020-13628 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) - centreon-web (bug #913903) CVE-2020-13627 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) - centreon-web (bug #913903) CVE-2020-13626 (OnePlus App Locker through 2020-10-06 allows physically proximate atta ...) NOT-FOR-US: OnePlus App Locker CVE-2020-13625 (PHPMailer before 6.1.6 contains an output escaping bug when the name o ...) {DLA-2306-1 DLA-2244-1} - libphp-phpmailer 6.1.6-1 (bug #962827) [buster] - libphp-phpmailer (Minor issue) NOTE: https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj NOTE: https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3 CVE-2020-13624 RESERVED CVE-2020-13623 (JerryScript 2.2.0 allows attackers to cause a denial of service (stack ...) - iotjs (Vulnerable code never in released version) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3785 CVE-2020-13622 (JerryScript 2.2.0 allows attackers to cause a denial of service (asser ...) - iotjs (Vulnerable code never in released version) NOTE: https://github.com/jerryscript-project/jerryscript/issues/3787 NOTE: https://github.com/jerryscript-project/jerryscript/pull/3797 CVE-2020-13621 RESERVED CVE-2020-13620 (Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF ...) NOT-FOR-US: Fastweb FASTGate GPON FGA2130FWB devices CVE-2020-13619 (php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attack ...) NOT-FOR-US: Locutus PHP CVE-2020-13618 RESERVED CVE-2020-13617 (The Web UI component of Mitel MiVoice 6800 and 6900 series SIP Phones ...) NOT-FOR-US: Mitel CVE-2020-13616 (The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS ...) NOT-FOR-US: pichi CVE-2020-13615 (lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification ...) NOT-FOR-US: Qore CVE-2020-13614 (An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implem ...) - axel 2.17.8-1 [buster] - axel (Minor issue) [stretch] - axel (Minor issue) [jessie] - axel (SSL/TLS implemented from v2.10. But without ssl support is a major drawback) NOTE: https://github.com/axel-download-accelerator/axel/issues/262 CVE-2020-13613 RESERVED CVE-2020-13612 REJECTED CVE-2020-13611 REJECTED CVE-2020-13610 REJECTED CVE-2020-13609 REJECTED CVE-2020-13608 REJECTED CVE-2020-13607 REJECTED CVE-2020-13606 REJECTED CVE-2020-13605 REJECTED CVE-2020-13604 REJECTED CVE-2020-13603 (Integer Overflow in memory allocating functions. Zephyr versions >= ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13602 (Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions > ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13601 (Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13600 (Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13599 (Security problem with settings and littlefs. Zephyr versions >= 1.1 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13598 (FS: Buffer Overflow when enabling Long File Names in FAT_FS and callin ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...) NOT-FOR-US: Calico CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) {DSA-4705-1 DLA-2233-1} - python-django 2:2.2.13-1 (bug #962323) NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 NOTE: https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master) NOTE: https://github.com/django/django/commit/49d7cc19e33a104bb23f7ae1dbb1240b4f6c40f9 (3.1 branch) NOTE: https://github.com/django/django/commit/1f2dd37f6fcefdd10ed44cb233b2e62b520afb38 (3.0 branch) NOTE: https://github.com/django/django/commit/6d61860b22875f358fac83d903dc629897934815 (2.2. branch) CVE-2020-13595 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...) NOT-FOR-US: Espressif CVE-2020-13594 (The Bluetooth Low Energy (BLE) controller implementation in Espressif ...) NOT-FOR-US: Espressif CVE-2020-13593 (The Bluetooth Low Energy Secure Manager Protocol (SMP) implementation ...) NOT-FOR-US: Espressif CVE-2020-13662 (Open Redirect vulnerability in Drupal Core allows a user to be tricked ...) {DSA-4693-1 DLA-2250-1} - drupal7 NOTE: https://www.drupal.org/sa-core-2020-003 NOTE: https://git.drupalcode.org/project/drupal/-/commit/905ff00a44160adee3f266cdcc87d3350a64a072 CVE-2020-13592 (An exploitable SQL injection vulnerability exists in "global_lists/cho ...) NOT-FOR-US: Rukovoditel Project Management App CVE-2020-13591 (An exploitable SQL injection vulnerability exists in the "access_rules ...) NOT-FOR-US: Rukovoditel Project Management App CVE-2020-13590 RESERVED CVE-2020-13589 (An exploitable SQL injection vulnerability exists in the ‘entiti ...) NOT-FOR-US: Rukovoditel Project Management App CVE-2020-13588 (An exploitable SQL injection vulnerability exists in the ‘entiti ...) NOT-FOR-US: Rukovoditel Project Management App CVE-2020-13587 (An exploitable SQL injection vulnerability exists in the "forms_fields ...) NOT-FOR-US: Rukovoditel Project Management App CVE-2020-13586 (A memory corruption vulnerability exists in the Excel Document SST Rec ...) NOT-FOR-US: SoftMaker CVE-2020-13585 (An out-of-bounds write vulnerability exists in the PSD Header processi ...) NOT-FOR-US: AccuSoft CVE-2020-13584 (An exploitable use-after-free vulnerability exists in WebKitGTK browse ...) {DSA-4797-1} - webkit2gtk 2.30.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.30.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0008.html CVE-2020-13583 (A denial-of-service vulnerability exists in the HTTP Server functional ...) NOT-FOR-US: Micrium CVE-2020-13582 (A denial-of-service vulnerability exists in the HTTP Server functional ...) NOT-FOR-US: Micrium CVE-2020-13581 (In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1 ...) NOT-FOR-US: SoftMaker CVE-2020-13580 (An exploitable heap-based buffer overflow vulnerability exists in the ...) NOT-FOR-US: SoftMaker CVE-2020-13579 (An exploitable integer overflow vulnerability exists in the PlanMaker ...) NOT-FOR-US: SoftMaker CVE-2020-13578 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) - gsoap 2.8.104-3 (bug #983596) [buster] - gsoap (Minor issue) [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1189 CVE-2020-13577 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) - gsoap 2.8.104-3 (bug #983596) [buster] - gsoap (Minor issue) [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1188 CVE-2020-13576 (A code execution vulnerability exists in the WS-Addressing plugin func ...) - gsoap 2.8.104-3 (bug #983596) [buster] - gsoap (Minor issue) [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1187 CVE-2020-13575 (A denial-of-service vulnerability exists in the WS-Addressing plugin f ...) - gsoap 2.8.104-3 (bug #983596) [buster] - gsoap (Minor issue) [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1186 CVE-2020-13574 (A denial-of-service vulnerability exists in the WS-Security plugin fun ...) - gsoap 2.8.104-3 (bug #983596) [buster] - gsoap (Minor issue) [stretch] - gsoap (intrusive to backport, will either not compile or may cause runtime errors) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1185 CVE-2020-13573 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...) NOT-FOR-US: Rockwell Automation RSLinx Classic CVE-2020-13572 (A heap overflow vulnerability exists in the way the GIF parser decodes ...) NOT-FOR-US: Accusoft CVE-2020-13571 (An out-of-bounds write vulnerability exists in the SGI RLE decompressi ...) NOT-FOR-US: Accusoft CVE-2020-13570 (A use-after-free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2020-13569 (A cross-site request forgery vulnerability exists in the GACL function ...) NOT-FOR-US: OpenEMR CVE-2020-13568 (SQL injection vulnerability exists in phpGACL 3.3.7. A specially craft ...) NOT-FOR-US: phpGACL CVE-2020-13567 RESERVED CVE-2020-13566 (SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially craf ...) NOT-FOR-US: phpGACL CVE-2020-13565 (An open redirect vulnerability exists in the return_page redirection f ...) NOT-FOR-US: OpenEMR CVE-2020-13564 (A cross-site scripting vulnerability exists in the template functional ...) NOT-FOR-US: phpGACL CVE-2020-13563 (A cross-site scripting vulnerability exists in the template functional ...) NOT-FOR-US: phpGACL CVE-2020-13562 (A cross-site scripting vulnerability exists in the template functional ...) NOT-FOR-US: phpGACL CVE-2020-13561 (An out-of-bounds write vulnerability exists in the TIFF parser of Accu ...) NOT-FOR-US: Accusoft CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging functi ...) NOT-FOR-US: FreyrSCADA IEC-60879-5-104 Server Simulator CVE-2020-13558 (A code execution vulnerability exists in the AudioSourceProviderGStrea ...) {DSA-4854-1} - webkit2gtk 2.30.5-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.5-1 NOTE: https://webkitgtk.org/security/WSA-2021-0001.html CVE-2020-13557 (A use after free vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server ...) NOT-FOR-US: EIP Stack Group OpENer CVE-2020-13555 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13554 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13553 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13552 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13551 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13550 (A local file inclusion vulnerability exists in the installation functi ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13549 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Sytech XL Reporter CVE-2020-13548 (In Foxit Reader 10.1.0.37527, a specially crafted PDF document can tri ...) NOT-FOR-US: Foxit Reader CVE-2020-13547 (A type confusion vulnerability exists in the JavaScript engine of Foxi ...) NOT-FOR-US: Foxit CVE-2020-13546 (In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1 ...) NOT-FOR-US: SoftMaker CVE-2020-13545 (An exploitable signed conversion vulnerability exists in the TextMaker ...) NOT-FOR-US: SoftMaker CVE-2020-13544 (An exploitable sign extension vulnerability exists in the TextMaker do ...) NOT-FOR-US: SoftMaker CVE-2020-13543 (A code execution vulnerability exists in the WebSocket functionality o ...) {DSA-4797-1} - webkit2gtk 2.30.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0009.html CVE-2020-13542 (A local privilege elevation vulnerability exists in the file system pe ...) NOT-FOR-US: LogicalDoc CVE-2020-13541 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Mobile-911 Server CVE-2020-13540 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Win-911 Enterprise CVE-2020-13539 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Win-911 Enterprise CVE-2020-13538 RESERVED CVE-2020-13537 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Moxa CVE-2020-13536 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Microsoft CVE-2020-13535 (A privilege escalation vulnerability exists in Kepware LinkMaster 3.0. ...) NOT-FOR-US: Kepware LinkMaster CVE-2020-13534 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. C ...) NOT-FOR-US: Dream Report CVE-2020-13533 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. I ...) NOT-FOR-US: Dream Report CVE-2020-13532 (A privilege escalation vulnerability exists in Dream Report 5 R20-2. I ...) NOT-FOR-US: Dream Report CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 pro ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...) NOT-FOR-US: EIP Stack Group OpENer CVE-2020-13529 (An exploitable denial-of-service vulnerability exists in Systemd 245. ...) [experimental] - systemd 249~rc2-1 - systemd (unimportant) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1142 NOTE: https://github.com/systemd/systemd/issues/16774 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1959397 NOTE: Fixed by: https://github.com/systemd/systemd/commit/38e980a6a5a3442c2f48b1f827284388096d8ca5 (v249-rc2) NOTE: Generic DHCP protocol issue, negligible security impact CVE-2020-13528 (An information disclosure vulnerability exists in the Web Manager and ...) NOT-FOR-US: Lantronix CVE-2020-13527 (An authentication bypass vulnerability exists in the Web Manager funct ...) NOT-FOR-US: Lantronix CVE-2020-13526 (SQL injection vulnerability exists in the handling of sort parameters ...) NOT-FOR-US: ProcessMaker CVE-2020-13525 (The sort parameter in the download page /sysworkflow/en/neoclassic/rep ...) NOT-FOR-US: ProcessMaker CVE-2020-13524 (An out-of-bounds memory corruption vulnerability exists in the way Pix ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13523 (An exploitable information disclosure vulnerability exists in SoftPerf ...) NOT-FOR-US: SoftPerfect CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in SoftPerfe ...) NOT-FOR-US: SoftPerfect CVE-2020-13521 REJECTED CVE-2020-13520 (An out of bounds memory corruption vulnerability exists in the way Pix ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13519 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) NOT-FOR-US: NZXT CAM CVE-2020-13518 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13517 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13516 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13515 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) NOT-FOR-US: NZXT CAM CVE-2020-13514 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) NOT-FOR-US: NZXT CAM CVE-2020-13513 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) NOT-FOR-US: NZXT CAM CVE-2020-13512 (A privilege escalation vulnerability exists in the WinRing0x64 Driver ...) NOT-FOR-US: NZXT CAM CVE-2020-13511 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13510 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13509 (An information disclosure vulnerability exists in the WinRing0x64 Driv ...) NOT-FOR-US: NZXT CAM CVE-2020-13508 REJECTED CVE-2020-13507 REJECTED CVE-2020-13506 REJECTED CVE-2020-13505 (Parameter psClass in ednareporting.asmx is vulnerable to unauthenticat ...) NOT-FOR-US: ednareporting.asmx CVE-2020-13504 (Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauth ...) NOT-FOR-US: ednareporting.asmx CVE-2020-13503 REJECTED CVE-2020-13502 REJECTED CVE-2020-13501 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...) NOT-FOR-US: CHaD.asmx CVE-2020-13500 (SQL injection vulnerability exists in the CHaD.asmx web service functi ...) NOT-FOR-US: CHaD.asmx CVE-2020-13499 (An SQL injection vulnerability exists in the CHaD.asmx web service fun ...) NOT-FOR-US: CHaD.asmx CVE-2020-13498 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13497 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13496 (An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 han ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13495 RESERVED CVE-2020-13494 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsin ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13493 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-13492 RESERVED CVE-2020-13491 RESERVED CVE-2020-13490 RESERVED CVE-2020-13489 RESERVED CVE-2020-13488 RESERVED CVE-2020-13487 (The bbPress plugin through 2.6.4 for WordPress has stored XSS in the F ...) NOT-FOR-US: Wordpress plugin CVE-2020-13486 (The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious red ...) NOT-FOR-US: Craft CMS plugin CVE-2020-13485 (The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist ...) NOT-FOR-US: Craft CMS plugin CVE-2020-13484 (Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in th ...) NOT-FOR-US: Bitrix24 CVE-2020-13483 (The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via ...) NOT-FOR-US: Bitrix24 CVE-2020-13482 (EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way ...) NOT-FOR-US: EM-HTTP-Request CVE-2020-13481 RESERVED CVE-2020-13480 (Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the ...) NOT-FOR-US: Verint Workforce Optimization (WFO) CVE-2020-13479 RESERVED CVE-2020-13478 RESERVED CVE-2020-13477 RESERVED CVE-2020-13476 (NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the ...) NOT-FOR-US: NCH Express Invoice CVE-2020-13475 RESERVED CVE-2020-13474 (In NCH Express Accounts 8.24 and earlier, an authenticated low-privile ...) NOT-FOR-US: NCH Express Accounts CVE-2020-13473 (NCH Express Accounts 8.24 and earlier allows local users to discover t ...) NOT-FOR-US: NCH Express Accounts CVE-2020-13472 (The flash memory readout protection in Gigadevice GD32F103 devices all ...) NOT-FOR-US: Gigadevice GD32F103 devices CVE-2020-13471 (Apex Microelectronics APM32F103 devices allow physical attackers to ex ...) NOT-FOR-US: Apex Microelectronics APM32F103 devices CVE-2020-13470 (Gigadevice GD32F103 and GD32F130 devices allow physical attackers to e ...) NOT-FOR-US: Gigadevice GD32F103 and GD32F130 devices CVE-2020-13469 (The flash memory readout protection in Gigadevice GD32VF103 devices al ...) NOT-FOR-US: Gigadevice GD32VF103 devices CVE-2020-13468 (Gigadevice GD32F130 devices allow physical attackers to escalate their ...) NOT-FOR-US: Gigadevice GD32F130 devices CVE-2020-13467 (The flash memory readout protection in China Key Systems & Integra ...) NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices CVE-2020-13466 (STMicroelectronics STM32F103 devices through 2020-05-20 allow physical ...) NOT-FOR-US: STMicroelectronics STM32F103 devices CVE-2020-13465 (The security protection in Gigadevice GD32F103 devices allows physical ...) NOT-FOR-US: Gigadevice GD32F103 devices CVE-2020-13464 (The flash memory readout protection in China Key Systems & Integra ...) NOT-FOR-US: China Key Systems & Integrated Circuit CKS32F103 devices CVE-2020-13463 (The flash memory readout protection in Apex Microelectronics APM32F103 ...) NOT-FOR-US: Apex Microelectronics APM32F103 devices CVE-2020-13462 (Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, ...) NOT-FOR-US: Tufin CVE-2020-13461 (Username enumeration in present in Tufin SecureTrack. It's affecting a ...) NOT-FOR-US: Tufin CVE-2020-13460 (Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were presen ...) NOT-FOR-US: Tufin CVE-2020-13459 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...) NOT-FOR-US: Image Resizer plugin for Craft CMS CVE-2020-13458 (An issue was discovered in the Image Resizer plugin before 2.0.9 for C ...) NOT-FOR-US: Image Resizer plugin for Craft CMS CVE-2020-13457 RESERVED CVE-2020-13456 RESERVED CVE-2020-13455 RESERVED CVE-2020-13454 RESERVED CVE-2020-13453 RESERVED CVE-2020-13452 (In Gotenberg through 6.2.1, insecure permissions for tini (writable by ...) NOT-FOR-US: Gotenberg CVE-2020-13451 (An incomplete-cleanup vulnerability in the Office rendering engine of ...) NOT-FOR-US: Gotenberg CVE-2020-13450 (A directory traversal vulnerability in file upload function of Gotenbe ...) NOT-FOR-US: Gotenberg CVE-2020-13449 (A directory traversal vulnerability in the Markdown engine of Gotenber ...) NOT-FOR-US: Gotenberg CVE-2020-13448 (QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 ...) NOT-FOR-US: QuickBox CVE-2020-13447 RESERVED CVE-2020-13446 RESERVED CVE-2020-13445 (In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, ...) NOT-FOR-US: Liferay CVE-2020-13444 (Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 9 ...) NOT-FOR-US: Liferay CVE-2020-13443 (ExpressionEngine before 5.3.2 allows remote attackers to upload and ex ...) NOT-FOR-US: ExpressionEngine CVE-2020-13442 (A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 t ...) NOT-FOR-US: DEXT5 CVE-2020-13441 RESERVED CVE-2020-13440 (ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c. ...) NOT-FOR-US: ffjpeg CVE-2020-13439 (ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_de ...) NOT-FOR-US: ffjpeg CVE-2020-13438 (ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c ...) NOT-FOR-US: ffjpeg CVE-2020-13437 RESERVED CVE-2020-13436 RESERVED CVE-2020-13435 (SQLite through 3.32.0 has a segmentation fault in sqlite3ExprCodeTarge ...) - sqlite3 3.32.1-1 [buster] - sqlite3 3.27.2-3+deb10u1 [stretch] - sqlite3 (Vulnerable code introduced later) [jessie] - sqlite3 (Vulnerable code introduced later) NOTE: https://www.sqlite.org/src/info/7a5279a25c57adf1 NOTE: https://www.sqlite.org/src/info/ad7bb70af9bb68d1 NOTE: https://www.sqlite.org/src/info/572105de1d44bca4 CVE-2020-13434 (SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf ...) {DLA-2340-1 DLA-2221-1} - sqlite3 3.32.1-1 [buster] - sqlite3 3.27.2-3+deb10u1 NOTE: https://www.sqlite.org/src/info/23439ea582241138 NOTE: https://www.sqlite.org/src/info/d08d3405878d394e NOTE: https://github.com/sqlite/sqlite/commit/dd6c33d372f3b83f4fe57904c2bd5ebba5c38018 CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php h ...) NOT-FOR-US: Jason2605 AdminPanel CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...) NOT-FOR-US: Rejetto HTTP File Server CVE-2020-13431 (I2P before 0.9.46 allows local users to gain privileges via a Trojan h ...) - i2p (Windows-specific) CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...) - grafana NOTE: https://github.com/grafana/grafana/pull/24539 CVE-2020-13429 (legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1. ...) NOT-FOR-US: piechart-panel plugin for Grafana CVE-2020-13428 (A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in mod ...) {DSA-4704-1} - vlc 3.0.11-1 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://github.com/videolan/vlc-3.0/releases/tag/3.0.11 NOTE: https://git.videolan.org/?p=vlc/vlc-3.0.git;a=commit;h=d5c43c21c747ff30ed19fcca745dea3481c733e0 CVE-2020-13427 (Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user v ...) NOT-FOR-US: Victor CMS CVE-2020-13426 (The Multi-Scheduler plugin 1.0.0 for WordPress has a Cross-Site Reques ...) NOT-FOR-US: Multi-Scheduler plugin for WordPress CVE-2020-13425 (TrackR devices through 2020-05-06 allow attackers to trigger the Beep ...) NOT-FOR-US: TrackR CVE-2020-13424 (The XCloner component before 3.5.4 for Joomla! allows Authenticated Lo ...) NOT-FOR-US: Joomla addon CVE-2020-13423 (Form Builder 2.1.0 for Magento has multiple XSS issues that can be exp ...) NOT-FOR-US: Form Builder for Magento CVE-2020-13422 (OpenIAM before 4.2.0.3 does not verify if a user has permissions to pe ...) NOT-FOR-US: OpenIAM CVE-2020-13421 (OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create Use ...) NOT-FOR-US: OpenIAM CVE-2020-13420 (OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: OpenIAM CVE-2020-13419 (OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. ...) NOT-FOR-US: OpenIAM CVE-2020-13418 (OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. ...) NOT-FOR-US: OpenIAM CVE-2020-13417 (An Elevation of Privilege issue was discovered in Aviatrix VPN Client ...) NOT-FOR-US: Aviatrix CVE-2020-13416 (An issue was discovered in Aviatrix Controller before 5.4.1066. A Cont ...) NOT-FOR-US: Aviatrix CVE-2020-13415 (An issue was discovered in Aviatrix Controller through 5.1. An attacke ...) NOT-FOR-US: Aviatrix CVE-2020-13414 (An issue was discovered in Aviatrix Controller before 5.4.1204. It con ...) NOT-FOR-US: Aviatrix CVE-2020-13413 (An issue was discovered in Aviatrix Controller before 5.4.1204. There ...) NOT-FOR-US: Aviatrix CVE-2020-13412 (An issue was discovered in Aviatrix Controller before 5.4.1204. An API ...) NOT-FOR-US: Aviatrix CVE-2020-13411 RESERVED CVE-2020-13410 (An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not ...) NOT-FOR-US: MoscaJS Aedes CVE-2020-13409 (Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in ...) NOT-FOR-US: Tufin CVE-2020-13408 (Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in ...) NOT-FOR-US: Tufin CVE-2020-13407 (Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in ...) NOT-FOR-US: Tufin CVE-2020-13406 RESERVED CVE-2020-13405 (userfiles/modules/users/controller/controller.php in Microweber before ...) NOT-FOR-US: Microweber CVE-2020-13404 (The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for M ...) NOT-FOR-US: Atos-Magento CVE-2020-13403 RESERVED CVE-2020-13402 RESERVED CVE-2020-13401 (An issue was discovered in Docker Engine before 19.03.11. An attacker ...) {DSA-4716-1} - docker.io 19.03.11+dfsg1-1 (bug #962141) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833233 NOTE: https://github.com/moby/libnetwork/commit/153d0769a1181bf591a9637fd487a541ec7db1e6 CVE-2020-13400 RESERVED CVE-2020-13399 RESERVED CVE-2020-13398 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/8305349a943c68b1bc8c158f431dc607655aadea CVE-2020-13397 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/d6cd14059b257318f176c0ba3ee0a348826a9ef8 CVE-2020-13396 (An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/commit/48361c411e50826cb602c7aab773a8a20e1da6bc CVE-2020-13395 RESERVED CVE-2020-13394 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13393 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13392 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13391 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13390 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13389 (An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 ...) NOT-FOR-US: Tenda devices CVE-2020-13388 (An exploitable vulnerability exists in the configuration-loading funct ...) NOT-FOR-US: jw.util CVE-2020-13387 (Pexip Infinity before 23.4 has a lack of input validation, leading to ...) NOT-FOR-US: Pexip Infinity CVE-2020-13386 (In SmartDraw 2020 27.0.0.0, the installer gives inherited write permis ...) NOT-FOR-US: SmartDraw CVE-2020-13385 RESERVED CVE-2020-13384 (Monstra CMS 3.0.4 allows remote authenticated users to upload and exec ...) NOT-FOR-US: Monstra CMS CVE-2020-13383 (openSIS through 7.4 allows Directory Traversal. ...) NOT-FOR-US: openSIS CVE-2020-13382 (openSIS through 7.4 has Incorrect Access Control. ...) NOT-FOR-US: openSIS CVE-2020-13381 (openSIS through 7.4 allows SQL Injection. ...) NOT-FOR-US: openSIS CVE-2020-13380 (openSIS before 7.4 allows SQL Injection. ...) NOT-FOR-US: openSIS CVE-2020-13379 (The avatar feature in Grafana 3.0.1 through 7.0.1 has an SSRF Incorrec ...) - grafana NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/4 NOTE: https://grafana.com/blog/2020/06/03/grafana-6.7.4-and-7.0.2-released-with-important-security-fix/ CVE-2020-13378 RESERVED CVE-2020-13377 RESERVED CVE-2020-13376 (SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable fil ...) NOT-FOR-US: SecurEnvoy SecurMail CVE-2020-13375 RESERVED CVE-2020-13374 RESERVED CVE-2020-13373 RESERVED CVE-2020-13372 RESERVED CVE-2020-13371 RESERVED CVE-2020-13370 RESERVED CVE-2020-13369 RESERVED CVE-2020-13368 RESERVED CVE-2020-13367 RESERVED CVE-2020-13366 RESERVED CVE-2020-13365 (Certain Zyxel products have a locally accessible binary that allows a ...) NOT-FOR-US: Zyxel CVE-2020-13364 (A backdoor in certain Zyxel products allows remote TELNET access via a ...) NOT-FOR-US: Zyxel CVE-2020-13363 RESERVED CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...) {DSA-4728-1 DLA-2288-1 DLA-2262-1} - qemu 1:5.0-6 (bug #961887) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg03463.html CVE-2020-13361 (In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c ...) {DSA-4728-1 DLA-2288-1 DLA-2262-1} - qemu 1:5.0-6 (bug #961888) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg07230.html CVE-2020-13360 REJECTED CVE-2020-13359 (The Terraform API in GitLab CE/EE 12.10+ exposed the object storage si ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13358 (A vulnerability in the internal Kubernetes agent api in GitLab CE/EE v ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13357 (An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13. ...) - gitlab 13.4.7-1 NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ CVE-2020-13356 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13355 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13354 (A potential DOS vulnerability was discovered in GitLab CE/EE starting ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13353 (When importing repos via URL, one time use git credentials were persis ...) - gitaly 13.3.9-1 CVE-2020-13352 (Private group info is leaked leaked in GitLab CE/EE version 10.2 and a ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13351 (Insufficient permission checks in scheduled pipeline API in GitLab CE/ ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13350 (CSRF in runner administration page in all versions of GitLab CE/EE all ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13349 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2020-13348 (An issue has been discovered in GitLab EE affecting all versions start ...) - gitlab (Specific to EE) CVE-2020-13347 (A command injection vulnerability was discovered in Gitlab runner vers ...) - gitlab-ci-multi-runner (Only affects gitlab-runner when configured on Windows) CVE-2020-13346 (Membership changes are not reflected in ToDo subscriptions in GitLab v ...) - gitlab 13.2.10-1 CVE-2020-13345 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 13.2.10-1 CVE-2020-13344 (An issue has been discovered in GitLab affecting all versions prior to ...) - gitlab 13.2.10-1 CVE-2020-13343 (An issue has been discovered in GitLab affecting all versions starting ...) - gitlab 13.2.10-1 CVE-2020-13342 (An issue has been discovered in GitLab affecting versions prior to 13. ...) - gitlab 13.2.10-1 CVE-2020-13341 (An issue has been discovered in GitLab affecting all versions prior to ...) - gitlab 13.2.10-1 CVE-2020-13340 (An issue has been discovered in GitLab affecting all versions prior to ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ CVE-2020-13339 (An issue has been discovered in GitLab affecting all versions before 1 ...) - gitlab 13.2.10-1 CVE-2020-13338 (An issue has been discovered in GitLab affecting versions prior to 12. ...) - gitlab 13.2.3-2 NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/213273 CVE-2020-13337 (An issue has been discovered in GitLab affecting versions from 12.10 t ...) - gitlab (Only affected 12.10 to 12.10.12) NOTE: https://gitlab.com/gitlab-org/gitlab/-/issues/199049 CVE-2020-13336 (An issue has been discovered in GitLab affecting versions from 11.8 be ...) - gitlab (Only affected 11.x/12.x while unstable on 13.x) CVE-2020-13335 (Improper group membership validation when deleting a user account in G ...) - gitlab 13.2.10-1 CVE-2020-13334 (In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper autho ...) - gitlab 13.2.10-1 CVE-2020-13333 (A potential DOS vulnerability was discovered in GitLab versions 13.1, ...) - gitlab 13.2.10-1 CVE-2020-13332 REJECTED CVE-2020-13331 (An issue has been discovered in GitLab affecting versions prior to 12. ...) - gitlab 13.2.3-2 CVE-2020-13330 (An issue has been discovered in GitLab affecting versions prior to 12. ...) - gitlab 13.2.3-2 CVE-2020-13329 (An issue has been discovered in GitLab affecting versions from 12.6.2 ...) - gitlab 13.2.3-2 CVE-2020-13328 (An issue has been discovered in GitLab affecting versions prior to 13. ...) - gitlab 13.2.3-2 CVE-2020-13327 (An issue has been discovered in GitLab Runner affecting all versions s ...) - gitlab-ci-multi-runner (bug #985377) CVE-2020-13326 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...) - gitlab 13.2.3-2 CVE-2020-13325 (A vulnerability was discovered in GitLab versions prior 13.1. The comm ...) - gitlab 13.2.3-2 CVE-2020-13324 (A vulnerability was discovered in GitLab versions prior to 13.1. Under ...) - gitlab 13.2.3-2 CVE-2020-13323 (A vulnerability was discovered in GitLab versions prior 13.1. Under ce ...) - gitlab 13.2.3-2 CVE-2020-13322 (A vulnerability was discovered in GitLab versions after 12.9. Due to i ...) - gitlab 13.2.3-2 CVE-2020-13321 (A vulnerability was discovered in GitLab versions prior to 13.1. Usern ...) - gitlab 13.2.3-2 CVE-2020-13320 (An issue has been discovered in GitLab before version 12.10.13 that al ...) - gitlab 13.2.3-2 CVE-2020-13319 (An issue has been discovered in GitLab affecting versions prior to 13. ...) - gitlab 13.2.3-2 CVE-2020-13318 (A vulnerability was discovered in GitLab versions before 13.0.12, 13.1 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13317 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13316 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13315 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13314 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13313 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13312 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13311 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13310 (A vulnerability was discovered in GitLab runner versions before 13.1.3 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13309 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13308 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13307 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13306 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13305 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13304 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13303 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13302 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13301 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13300 (GitLab before version 13.3.4 was vulnerable to an OAuth authorization ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13299 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13298 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13297 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13296 (An issue has been discovered in GitLab affecting versions >=10.7 &l ...) - gitlab 13.2.6-1 CVE-2020-13295 (For GitLab Runner before 13.0.12, 13.1.6, 13.2.3, by replacing dockerd ...) - gitlab-ci-multi-runner (bug #985377) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13294 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, access grants were not re ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13293 (In GitLab before 13.0.12, 13.1.6 and 13.2.3 using a branch with a hexa ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13292 (In GitLab before 13.0.12, 13.1.6 and 13.2.3, it is possible to bypass ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13291 (In GitLab before 13.2.3, project sharing could temporarily allow too p ...) - gitlab (Only affects GitLab 13.2 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13290 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, improper access control ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13289 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13288 (In GitLab before 13.0.12, 13.1.6, and 13.2.3, a stored XSS vulnerabili ...) - gitlab (Only affects GitLab 13.0 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13287 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13286 (For GitLab before 13.0.12, 13.1.6, 13.2.3 user controlled git configur ...) - gitlab (Only affects GitLab 12.7 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13285 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting (XSS) ...) - gitlab (Only affects GitLab 12.9 and later) NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13284 (A vulnerability was discovered in GitLab versions before 13.1.10, 13.2 ...) - gitlab 13.2.8-1 NOTE: https://about.gitlab.com/releases/2020/09/02/security-release-gitlab-13-3-3-released/ CVE-2020-13283 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a cross-site scripting vulne ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13282 (For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occur ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13281 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a denial of service exists i ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13280 (For GitLab before 13.0.12, 13.1.6, 13.2.3 a memory exhaustion flaw exi ...) [experimental] - gitlab 13.1.6-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/ CVE-2020-13279 (Client side code execution in gitlab-vscode-extension v2.2.0 allows at ...) NOT-FOR-US: gitlab-vscode-extension CVE-2020-13278 (Reflected Cross-Site Scripting vulnerability in Modules.php in Rosario ...) NOT-FOR-US: RosarioSIS Student Information System CVE-2020-13277 (An authorization issue in the mirroring logic allowed read access to p ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/06/10/critical-security-release-13-0-6-released/ CVE-2020-13276 (User is allowed to set an email as a notification email even without v ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13275 (A user with an unverified email address could request an access to dom ...) - gitlab (Only affects GitLab EE/CE 12.2 and later) CVE-2020-13274 (A security issue allowed achieving Denial of Service attacks through m ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13273 (A Denial of Service vulnerability allowed exhausting the system resour ...) - gitlab (Only affects GitLab 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13272 (OAuth flow missing verification checks CE/EE 12.3 and later through 13 ...) - gitlab (Only affects GitLab 12.3 and later) CVE-2020-13271 (A Stored Cross-Site Scripting vulnerability allowed the execution of a ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13270 (Missing permission check on fork relation creation in GitLab CE/EE 11. ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13269 (A Reflected Cross-Site Scripting vulnerability allowed the execution o ...) - gitlab (Only affects GitLab 12.10 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13268 (A specially crafted request could be used to confirm the existence of ...) - gitlab (Only affects GitLab 12.10 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13267 (A Stored Cross-Site Scripting vulnerability allowed the execution on J ...) - gitlab (Only affects GitLab 12.8 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13266 (Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and ...) - gitlab (Only affects GitLab 12.8 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13265 (User email verification bypass in GitLab CE/EE 12.5 and later through ...) - gitlab (Only affects GitLab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13264 (Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later thr ...) - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13263 (An authorization issue relating to project maintainer impersonation wa ...) - gitlab (Specific to EE) CVE-2020-13262 (Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 ...) - gitlab (Only affects GitLab 12.9 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13261 (Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later throu ...) - gitlab (Only affects GitLab 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/05/27/security-release-13-0-1-released/ CVE-2020-13260 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) NOT-FOR-US: RAD SecFlow-1v os-image CVE-2020-13259 (A vulnerability in the web-based management interface of RAD SecFlow-1 ...) NOT-FOR-US: RAD SecFlow-1v os-image CVE-2020-13258 (Contentful through 2020-05-21 for Python allows reflected XSS, as demo ...) NOT-FOR-US: Contentful CVE-2020-13257 RESERVED CVE-2020-13256 RESERVED CVE-2020-13255 RESERVED CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) {DSA-4705-1 DLA-2233-1} - python-django 2:2.2.13-1 (bug #962323) NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 NOTE: https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master) NOTE: https://github.com/django/django/commit/580bd64c0482ae9b7c05715390e25f4405a12719 (3.1 branch) NOTE: https://github.com/django/django/commit/84b2da5552e100ae3294f564f6c862fef8d0e693 (3.0 branch) NOTE: https://github.com/django/django/commit/07e59caa02831c4569bbebb9eb773bdd9cb4b206 (2.2 branch) NOTE: Regression https://code.djangoproject.com/ticket/31654 CVE-2020-13253 (sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, wh ...) {DLA-2373-1} - qemu 1:5.0-8 (bug #961297) [buster] - qemu (Minor issue, revisit when fixed upstream) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg05835.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/2 NOTE: https://bugs.launchpad.net/qemu/+bug/1880822 (reproducer) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=790762e5487114341cccc5bffcec4cb3c022c3cd (5.1) CVE-2020-13252 (Centreon before 19.04.15 allows remote attackers to execute arbitrary ...) - centreon-web (bug #913903) CVE-2020-13251 RESERVED CVE-2020-13250 (HashiCorp Consul and Consul Enterprise include an HTTP API (introduced ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/8023 CVE-2020-13249 (libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not ...) - mariadb-10.3 1:10.3.23-1 [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 - mariadb-10.1 (Vulnerable code introduced later) NOTE: Fixed by: https://github.com/mariadb-corporation/mariadb-connector-c/commit/2759b87d72926b7c9b5426437a7c8dd15ff57945 (v3.1.8) NOTE: Introduced around: https://github.com/mariadb-corporation/mariadb-connector-c/commit/b4efe73c9e725f97b3550371f8a78a10a20bf2fd (v3.0-cc-server-integ-0) CVE-2020-13248 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS ...) NOT-FOR-US: BooleBox Secure File Sharing Utility CVE-2020-13247 (BooleBox Secure File Sharing Utility before 4.2.3.0 allows CSV injecti ...) NOT-FOR-US: BooleBox Secure File Sharing Utility CVE-2020-13246 (An issue was discovered in Gitea through 1.11.5. An attacker can trigg ...) - gitea CVE-2020-13245 (Certain NETGEAR devices are affected by Missing SSL Certificate Valida ...) NOT-FOR-US: Netgear CVE-2020-13244 RESERVED CVE-2020-13243 RESERVED CVE-2020-13242 RESERVED CVE-2020-13241 (Microweber 1.1.18 allows Unrestricted File Upload because admin/view:m ...) NOT-FOR-US: Microweber CVE-2020-13240 (The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup doc ...) - dolibarr CVE-2020-13239 (The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html file ...) - dolibarr CVE-2020-13238 (Mitsubishi MELSEC iQ-R Series PLCs with firmware 33 allow attackers to ...) NOT-FOR-US: Mitsubishi CVE-2020-13237 RESERVED CVE-2020-13236 RESERVED CVE-2020-13235 RESERVED CVE-2020-13234 RESERVED CVE-2020-13233 RESERVED CVE-2020-13232 RESERVED CVE-2020-13231 (In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for a ...) - cacti 1.2.11+ds1-1 [buster] - cacti 1.2.2+ds1-2+deb10u3 [stretch] - cacti (Minor issue) NOTE: https://github.com/Cacti/cacti/issues/3342 CVE-2020-13230 (In Cacti before 1.2.11, disabling a user account does not immediately ...) - cacti 1.2.11+ds1-1 [buster] - cacti 1.2.2+ds1-2+deb10u3 [stretch] - cacti (Minor issue, Partial patch https://people.debian.org/~abhijith/upload/CVE-2020-13230.patch) NOTE: https://github.com/Cacti/cacti/issues/3343 CVE-2020-13229 (An issue was discovered in Sysax Multi Server 6.90. A session can be h ...) NOT-FOR-US: Sysax Multi Server CVE-2020-13228 (An issue was discovered in Sysax Multi Server 6.90. There is reflected ...) NOT-FOR-US: Sysax Multi Server CVE-2020-13227 (An issue was discovered in Sysax Multi Server 6.90. An attacker can de ...) NOT-FOR-US: Sysax Multi Server CVE-2020-13226 (WSO2 API Manager 3.0.0 does not properly restrict outbound network acc ...) NOT-FOR-US: WSO2 API Manager CVE-2020-13225 (phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability ...) - phpipam (bug #731713) NOTE: https://github.com/phpipam/phpipam/issues/3025 CVE-2020-13224 (TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices throu ...) NOT-FOR-US: TP-LINK CVE-2020-13223 (HashiCorp Vault and Vault Enterprise logged proxy environment variable ...) NOT-FOR-US: HashiCorp Vault CVE-2020-13222 REJECTED CVE-2020-13221 REJECTED CVE-2020-13220 REJECTED CVE-2020-13219 REJECTED CVE-2020-13218 REJECTED CVE-2020-13217 REJECTED CVE-2020-13216 REJECTED CVE-2020-13215 REJECTED CVE-2020-13214 REJECTED CVE-2020-13213 REJECTED CVE-2020-13212 REJECTED CVE-2020-13211 REJECTED CVE-2020-13210 REJECTED CVE-2020-13209 REJECTED CVE-2020-13208 REJECTED CVE-2020-13207 REJECTED CVE-2020-13206 REJECTED CVE-2020-13205 REJECTED CVE-2020-13204 REJECTED CVE-2020-13203 REJECTED CVE-2020-13202 REJECTED CVE-2020-13201 REJECTED CVE-2020-13200 REJECTED CVE-2020-13199 REJECTED CVE-2020-13198 REJECTED CVE-2020-13197 REJECTED CVE-2020-13196 REJECTED CVE-2020-13195 REJECTED CVE-2020-13194 REJECTED CVE-2020-13193 REJECTED CVE-2020-13192 REJECTED CVE-2020-13191 REJECTED CVE-2020-13190 REJECTED CVE-2020-13189 REJECTED CVE-2020-13188 REJECTED CVE-2020-13187 REJECTED CVE-2020-13186 (An Anti CSRF mechanism was discovered missing in the Teradici Cloud Ac ...) NOT-FOR-US: Teradici CVE-2020-13185 (Certain web application pages in the authenticated section of the Tera ...) NOT-FOR-US: Teradici CVE-2020-13184 RESERVED CVE-2020-13183 (Reflected Cross Site Scripting in Teradici PCoIP Management Console pr ...) NOT-FOR-US: Teradici CVE-2020-13182 RESERVED CVE-2020-13181 RESERVED CVE-2020-13180 RESERVED CVE-2020-13179 (Broker Protocol messages in Teradici PCoIP Standard Agent for Windows ...) NOT-FOR-US: Teradici CVE-2020-13178 (A function in the Teradici PCoIP Standard Agent for Windows and Graphi ...) NOT-FOR-US: Teradici CVE-2020-13177 (The support bundler in Teradici PCoIP Standard Agent for Windows and G ...) NOT-FOR-US: Teradici CVE-2020-13176 (The Management Interface of the Teradici Cloud Access Connector and Cl ...) NOT-FOR-US: Teradici CVE-2020-13175 (The Management Interface of the Teradici Cloud Access Connector and Cl ...) NOT-FOR-US: Teradici CVE-2020-13174 (The web server in the Teradici Managament console versions 20.04 and 2 ...) NOT-FOR-US: Teradici CVE-2020-13173 (Initialization of the pcoip_credential_provider in Teradici PCoIP Stan ...) NOT-FOR-US: Teradici CVE-2020-13172 RESERVED CVE-2020-13171 RESERVED CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enforce s ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/8068 CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platf ...) NOT-FOR-US: SolarWinds CVE-2020-13168 (SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp acco ...) NOT-FOR-US: SysAid CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution ...) NOT-FOR-US: Netsweeper CVE-2020-13166 (The management tool in MyLittleAdmin 3.8 allows remote attackers to ex ...) NOT-FOR-US: MyLittleAdmin CVE-2020-13165 RESERVED CVE-2020-13164 (In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the ...) {DLA-2547-1} - wireshark 3.2.4-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (Can be fixed along with other CVEs) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16476 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e6e98eab8e5e0bbc982cfdc808f2469d7cab6c5a NOTE: https://www.wireshark.org/security/wnpa-sec-2020-08.html CVE-2020-13163 (em-imap 0.5 uses the library eventmachine in an insecure way that allo ...) NOT-FOR-US: em-imap CVE-2020-13162 (A time-of-check time-of-use vulnerability in PulseSecureService.exe in ...) NOT-FOR-US: Pulse Secure Client CVE-2020-13161 RESERVED CVE-2020-13160 (AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerab ...) NOT-FOR-US: AnyDesk CVE-2020-13159 (Artica Proxy before 4.30.000000 Community Edition allows OS command in ...) NOT-FOR-US: Artica Proxy CVE-2020-13158 (Artica Proxy before 4.30.000000 Community Edition allows Directory Tra ...) NOT-FOR-US: Artica Proxy CVE-2020-13157 (modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a u ...) NOT-FOR-US: NukeViet CVE-2020-13156 (modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a ...) NOT-FOR-US: NukeViet CVE-2020-13155 (clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML inject ...) NOT-FOR-US: NukeViet CVE-2020-13154 (Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-priv ...) NOT-FOR-US: Zoho CVE-2020-13153 (app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS ...) NOT-FOR-US: MISP CVE-2020-13152 (A remote user can create a specially crafted M3U file, media playlist ...) - amarok (unimportant) NOTE: Elevated resource usage in client application, no security impact CVE-2020-13151 (Aerospike Community Edition 4.9.0.5 allows for unauthenticated submiss ...) NOT-FOR-US: Aerospike CVE-2020-13150 (D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 secon ...) NOT-FOR-US: D-link CVE-2020-13149 (Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dr ...) NOT-FOR-US: Dragon Center CVE-2020-13148 RESERVED CVE-2020-13147 RESERVED CVE-2020-13146 (Studio in Open edX Ironwood 2.5 allows CSV injection because an added ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13145 (Studio in Open edX Ironwood 2.5 allows users to upload SVG files via t ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13144 (Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a u ...) NOT-FOR-US: Studio in Open edX Ironwood CVE-2020-13142 RESERVED CVE-2020-13141 RESERVED CVE-2020-13140 RESERVED CVE-2020-13139 RESERVED CVE-2020-13138 RESERVED CVE-2020-13137 RESERVED CVE-2020-13136 (D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be re ...) NOT-FOR-US: D-Link CVE-2020-13135 (D-Link DSP-W215 1.26b03 devices allow information disclosure by interc ...) NOT-FOR-US: D-Link CVE-2020-13134 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to ...) NOT-FOR-US: Tufin SecureChange CVE-2020-13133 (Tufin SecureChange prior to R19.3 HF3 and R20-1 HF1 are vulnerable to ...) NOT-FOR-US: Tufin SecureChange CVE-2020-13132 (An issue was discovered in Yubico libykpiv before 2.1.0. An attacker c ...) - yubico-piv-tool 2.1.1-1 (bug #972644) [stretch] - yubico-piv-tool (Vulnerable code not present) NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-02/ NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/ CVE-2020-13131 (An issue was discovered in Yubico libykpiv before 2.1.0. lib/util.c in ...) - yubico-piv-tool 2.1.1-1 (bug #975612) [stretch] - yubico-piv-tool (Vulnerable code not present) NOTE: https://blog.inhq.net/posts/yubico-libykpiv-vuln/ CVE-2020-13143 (gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linu ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/15753588bcd4bbffae1cca33c8ced5722477fe1f CVE-2020-13130 RESERVED CVE-2020-13129 (An issue was discovered in the stashcat app through 3.9.1 for macOS, W ...) NOT-FOR-US: stashcat app for MacOS CVE-2020-13128 (An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServle ...) NOT-FOR-US: Manolo GWTUpload CVE-2020-13127 (A SQL injection vulnerability at a tpf URI in Loway QueueMetrics befor ...) NOT-FOR-US: Loway QueueMetrics CVE-2020-13126 (An issue was discovered in the Elementor Pro plugin before 2.9.4 for W ...) NOT-FOR-US: Elementor Pro plugin for WordPress CVE-2020-13125 (An issue was discovered in the "Ultimate Addons for Elementor" plugin ...) NOT-FOR-US: "Ultimate Addons for Elementor" plugin for WordPress CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in ...) - sabnzbdplus 3.1.1+dfsg-1 [buster] - sabnzbdplus 2.3.6+dfsg-1+deb10u1 [stretch] - sabnzbdplus (contrib not supported) NOTE: https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-9x87-96gg-33w2 NOTE: https://github.com/sabnzbd/sabnzbd/commit/dfcba6e2fb37f58fea06b453b1ba258c7f110429 NOTE: https://github.com/sabnzbd/sabnzbd/commit/73d3f7b5c248fc369de3454fe53e3e93924ebfe3 CVE-2020-13123 RESERVED CVE-2020-13122 (The novish command-line interface, included in NoviFlow NoviWare befor ...) NOT-FOR-US: Noviflow CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...) NOT-FOR-US: Submitty CVE-2020-13120 RESERVED CVE-2020-13119 (ismartgate PRO 1.5.9 is vulnerable to clickjacking. ...) NOT-FOR-US: ismartgate PRO CVE-2020-13118 (An issue was discovered in Mikrotik-Router-Monitoring-System through 2 ...) NOT-FOR-US: Mikrotik-Router-Monitoring-System CVE-2020-13117 (Wavlink WN575A4 and WN579X3 devices through 2020-05-15 allow unauthent ...) NOT-FOR-US: Wavlink WN575A4 and WN579X3 devices CVE-2020-13116 (OpenText Carbonite Server Backup Portal before 8.8.7 allows XSS by an ...) NOT-FOR-US: OpenText Carbonite Server Backup Portal CVE-2020-13115 RESERVED CVE-2020-13114 (An issue was discovered in libexif before 0.6.22. An unrestricted size ...) {DLA-2222-1} - libexif 0.6.21-9 (bug #961410) [buster] - libexif 0.6.21-5.1+deb10u3 [stretch] - libexif 0.6.21-2+deb9u3 NOTE: https://github.com/libexif/libexif/commit/e6a38a1a23ba94d139b1fa2cd4519fdcfe3c9bab (0.6.22) CVE-2020-13113 (An issue was discovered in libexif before 0.6.22. Use of uninitialized ...) {DLA-2222-1} - libexif 0.6.21-9 (bug #961409) [buster] - libexif 0.6.21-5.1+deb10u3 [stretch] - libexif 0.6.21-2+deb9u3 NOTE: https://github.com/libexif/libexif/commit/ec412aa4583ad71ecabb967d3c77162760169d1f (0.6.22) CVE-2020-13112 (An issue was discovered in libexif before 0.6.22. Several buffer over- ...) {DLA-2222-1} - libexif 0.6.21-9 (bug #961407) [buster] - libexif 0.6.21-5.1+deb10u3 [stretch] - libexif 0.6.21-2+deb9u3 NOTE: https://github.com/libexif/libexif/commit/435e21f05001fb03f9f186fa7cbc69454afd00d1 (0.6.22) CVE-2020-13111 (NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/d ...) NOT-FOR-US: NaviServer CVE-2020-13110 (The kerberos package before 1.0.0 for Node.js allows arbitrary code ex ...) NOT-FOR-US: Node kerberos CVE-2020-13109 (Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remo ...) NOT-FOR-US: Morita Shogi CVE-2020-13108 RESERVED CVE-2020-13107 RESERVED CVE-2020-13106 RESERVED CVE-2020-13105 RESERVED CVE-2020-13104 RESERVED CVE-2020-13103 RESERVED CVE-2020-13102 RESERVED CVE-2020-13101 (In OASIS Digital Signature Services (DSS) 1.0, an attacker can control ...) NOT-FOR-US: OASIS Digital Signature Services (DSS) CVE-2020-13100 (Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22 ...) NOT-FOR-US: Arista CVE-2020-13099 RESERVED CVE-2020-13098 RESERVED CVE-2020-13097 RESERVED CVE-2020-13096 RESERVED CVE-2020-13095 (Little Snitch version 4.5.1 and older changed ownership of a directory ...) NOT-FOR-US: Little Snitch CVE-2020-13094 (Dolibarr before 11.0.4 allows XSS. ...) - dolibarr CVE-2020-13093 (iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. ...) NOT-FOR-US: iSpyConnect.com Agent DVR CVE-2020-13092 (** DISPUTED ** scikit-learn (aka sklearn) through 0.23.0 can unseriali ...) - scikit-learn (unimportant) CVE-2020-13091 (** DISPUTED ** pandas through 1.0.3 can unserialize and execute comman ...) - pandas (unimportant) CVE-2020-13090 RESERVED CVE-2020-13089 RESERVED CVE-2020-13088 RESERVED CVE-2020-13087 RESERVED CVE-2020-13086 RESERVED CVE-2020-13085 RESERVED CVE-2020-13084 RESERVED CVE-2020-13083 RESERVED CVE-2020-13082 RESERVED CVE-2020-13081 RESERVED CVE-2020-13080 RESERVED CVE-2020-13079 RESERVED CVE-2020-13078 RESERVED CVE-2020-13077 RESERVED CVE-2020-13076 RESERVED CVE-2020-13075 RESERVED CVE-2020-13074 RESERVED CVE-2020-13073 RESERVED CVE-2020-13072 RESERVED CVE-2020-13071 RESERVED CVE-2020-13070 RESERVED CVE-2020-13069 RESERVED CVE-2020-13068 RESERVED CVE-2020-13067 RESERVED CVE-2020-13066 RESERVED CVE-2020-13065 RESERVED CVE-2020-13064 RESERVED CVE-2020-13063 RESERVED CVE-2020-13062 RESERVED CVE-2020-13061 RESERVED CVE-2020-13060 RESERVED CVE-2020-13059 RESERVED CVE-2020-13058 RESERVED CVE-2020-13057 RESERVED CVE-2020-13056 RESERVED CVE-2020-13055 RESERVED CVE-2020-13054 RESERVED CVE-2020-13053 RESERVED CVE-2020-13052 RESERVED CVE-2020-13051 RESERVED CVE-2020-13050 RESERVED CVE-2020-13049 RESERVED CVE-2020-13048 RESERVED CVE-2020-13047 RESERVED CVE-2020-13046 RESERVED CVE-2020-13045 RESERVED CVE-2020-13044 RESERVED CVE-2020-13043 RESERVED CVE-2020-13042 RESERVED CVE-2020-13041 RESERVED CVE-2020-13040 RESERVED CVE-2020-13039 RESERVED CVE-2020-13038 RESERVED CVE-2020-13037 RESERVED CVE-2020-13036 RESERVED CVE-2020-13035 RESERVED CVE-2020-13034 RESERVED CVE-2020-13033 RESERVED CVE-2020-13032 RESERVED CVE-2020-13031 RESERVED CVE-2020-13030 RESERVED CVE-2020-13029 RESERVED CVE-2020-13028 RESERVED CVE-2020-13027 RESERVED CVE-2020-13026 RESERVED CVE-2020-13025 RESERVED CVE-2020-13024 RESERVED CVE-2020-13023 RESERVED CVE-2020-13022 RESERVED CVE-2020-13021 RESERVED CVE-2020-13020 RESERVED CVE-2020-13019 RESERVED CVE-2020-13018 RESERVED CVE-2020-13017 RESERVED CVE-2020-13016 RESERVED CVE-2020-13015 RESERVED CVE-2020-13014 RESERVED CVE-2020-13013 RESERVED CVE-2020-13012 RESERVED CVE-2020-13011 RESERVED CVE-2020-13010 RESERVED CVE-2020-13009 REJECTED CVE-2020-13008 REJECTED CVE-2020-13007 REJECTED CVE-2020-13006 REJECTED CVE-2020-13005 REJECTED CVE-2020-13004 REJECTED CVE-2020-13003 REJECTED CVE-2020-13002 REJECTED CVE-2020-13001 REJECTED CVE-2020-13000 REJECTED CVE-2020-12999 REJECTED CVE-2020-12998 REJECTED CVE-2020-12997 REJECTED CVE-2020-12996 REJECTED CVE-2020-12995 REJECTED CVE-2020-12994 REJECTED CVE-2020-12993 REJECTED CVE-2020-12992 REJECTED CVE-2020-12991 REJECTED CVE-2020-12990 REJECTED CVE-2020-12989 REJECTED CVE-2020-12988 REJECTED CVE-2020-12987 REJECTED CVE-2020-12986 REJECTED CVE-2020-12985 REJECTED CVE-2020-12984 REJECTED CVE-2020-12983 REJECTED CVE-2020-12982 REJECTED CVE-2020-12981 REJECTED CVE-2020-12980 REJECTED CVE-2020-12979 REJECTED CVE-2020-12978 REJECTED CVE-2020-12977 REJECTED CVE-2020-12976 REJECTED CVE-2020-12975 REJECTED CVE-2020-12974 REJECTED CVE-2020-12973 REJECTED CVE-2020-12972 REJECTED CVE-2020-12971 REJECTED CVE-2020-12970 REJECTED CVE-2020-12969 REJECTED CVE-2020-12968 REJECTED CVE-2020-12967 (The lack of nested page table protection in the AMD SEV/SEV-ES feature ...) NOT-FOR-US: AMD CVE-2020-12966 RESERVED CVE-2020-12965 RESERVED CVE-2020-12964 (A potential privilege escalation/denial of service issue exists in the ...) NOT-FOR-US: Intel / AMD CVE-2020-12963 (An insufficient pointer validation vulnerability in the AMD Graphics D ...) NOT-FOR-US: Intel / AMD CVE-2020-12962 (Escape call interface in the AMD Graphics Driver for Windows may cause ...) NOT-FOR-US: AMD CVE-2020-12961 (A potential vulnerability exists in AMD Platform Security Processor (P ...) NOT-FOR-US: AMD CVE-2020-12960 (AMD Graphics Driver for Windows 10, amdfender.sys may improperly handl ...) NOT-FOR-US: AMD CVE-2020-12959 REJECTED CVE-2020-12958 RESERVED CVE-2020-12957 REJECTED CVE-2020-12956 RESERVED CVE-2020-12955 RESERVED CVE-2020-12954 (A side effect of an integrated chipset option may be able to be used b ...) NOT-FOR-US: AMD CVE-2020-12953 RESERVED CVE-2020-12952 RESERVED CVE-2020-12951 (Race condition in PSP FW could allow less privileged x86 code to perfo ...) NOT-FOR-US: AMD CVE-2020-12950 RESERVED CVE-2020-12949 RESERVED CVE-2020-12948 RESERVED CVE-2020-12947 RESERVED CVE-2020-12946 (Insufficient input validation in PSP firmware for discrete TPM command ...) NOT-FOR-US: AMD CVE-2020-12945 RESERVED CVE-2020-12944 (Insufficient validation of BIOS image length by PSP Firmware could lea ...) NOT-FOR-US: AMD CVE-2020-12943 RESERVED CVE-2020-12942 RESERVED CVE-2020-12941 REJECTED CVE-2020-12940 RESERVED CVE-2020-12939 RESERVED CVE-2020-12938 RESERVED CVE-2020-12937 RESERVED CVE-2020-12936 REJECTED CVE-2020-12935 REJECTED CVE-2020-12934 RESERVED CVE-2020-12933 (A denial of service vulnerability exists in the D3DKMTEscape handler f ...) NOT-FOR-US: AMD ATIKMDAG.SYS CVE-2020-12932 RESERVED CVE-2020-12931 RESERVED CVE-2020-12930 RESERVED CVE-2020-12929 (Improper parameters validation in some trusted applications of the PSP ...) NOT-FOR-US: AMD CVE-2020-12928 (A vulnerability in a dynamically loaded AMD driver in AMD Ryzen Master ...) NOT-FOR-US: AMD Ryzen Master CVE-2020-12927 (A potential vulnerability in a dynamically loaded AMD driver in AMD VB ...) NOT-FOR-US: AMD CVE-2020-12926 (The Trusted Platform Modules (TPM) reference software may not properly ...) NOT-FOR-US: AMD CVE-2020-12925 REJECTED CVE-2020-12924 REJECTED CVE-2020-12923 REJECTED CVE-2020-12922 REJECTED CVE-2020-12921 REJECTED CVE-2020-12920 (A potential denial of service issue exists in the AMD Display driver E ...) NOT-FOR-US: AMD CVE-2020-12919 REJECTED CVE-2020-12918 RESERVED CVE-2020-12917 REJECTED CVE-2020-12916 REJECTED CVE-2020-12915 REJECTED CVE-2020-12914 REJECTED CVE-2020-12913 REJECTED CVE-2020-12912 (A potential vulnerability in the AMD extension to Linux "hwmon" servic ...) - linux 5.9.9-1 (unimportant) [buster] - linux (Vulnerable driver introduced later) [stretch] - linux (Vulnerable driver introduced later) NOTE: https://lore.kernel.org/stable/238e3cf7-582f-a265-5300-9b44948107b0@roeck-us.net/T/#ma48754bff34127867149bf466fc2f9c2deea3960 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1897402 NOTE: https://support.lenovo.com/lu/uk/product_security/LEN-50481 NOTE: CONFIG_SENSORS_AMD_ENERGY not enabled in Debian builds CVE-2020-12911 (A denial of service vulnerability exists in the D3DKMTCreateAllocation ...) NOT-FOR-US: AMD ATIKMDAG.SYS CVE-2020-12910 REJECTED CVE-2020-12909 REJECTED CVE-2020-12908 RESERVED CVE-2020-12907 RESERVED CVE-2020-12906 REJECTED CVE-2020-12905 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...) NOT-FOR-US: Intel / AMD CVE-2020-12904 (Out of Bounds Read in AMD Graphics Driver for Windows 10 in Escape 0x3 ...) NOT-FOR-US: Intel / AMD CVE-2020-12903 (Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in ...) NOT-FOR-US: Intel / AMD CVE-2020-12902 (Arbitrary Decrement Privilege Escalation in AMD Graphics Driver for Wi ...) NOT-FOR-US: Intel / AMD CVE-2020-12901 (Arbitrary Free After Use in AMD Graphics Driver for Windows 10 may lea ...) NOT-FOR-US: Intel / AMD CVE-2020-12900 (An arbitrary write vulnerability in the AMD Radeon Graphics Driver for ...) NOT-FOR-US: Intel / AMD CVE-2020-12899 (Arbitrary Read in AMD Graphics Driver for Windows 10 may lead to KASLR ...) NOT-FOR-US: Intel / AMD CVE-2020-12898 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead t ...) NOT-FOR-US: Intel / AMD CVE-2020-12897 (Kernel Pool Address disclosure in AMD Graphics Driver for Windows 10 m ...) NOT-FOR-US: Intel / AMD CVE-2020-12896 REJECTED CVE-2020-12895 (Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x1 ...) NOT-FOR-US: Intel / AMD CVE-2020-12894 (Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x4001 ...) NOT-FOR-US: Intel / AMD CVE-2020-12893 (Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape ...) NOT-FOR-US: Intel / AMD CVE-2020-12892 (An untrusted search path in AMD Radeon settings Installer may lead to ...) NOT-FOR-US: Intel / AMD CVE-2020-12891 RESERVED NOT-FOR-US: AMD CVE-2020-12890 RESERVED CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across us ...) NOT-FOR-US: MISP CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...) {DLA-2420-1 DLA-2385-1} - linux 5.8.7-1 [buster] - linux 4.19.146-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244 CVE-2020-12887 (Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12886 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12885 (An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.1 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12884 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12883 (Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5 ...) NOT-FOR-US: Mbed CoAP (diffrent from src:mbedtls) CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG document, as ...) NOT-FOR-US: Submitty CVE-2020-12881 RESERVED CVE-2020-12880 (An issue was discovered in Pulse Policy Secure (PPS) and Pulse Connect ...) NOT-FOR-US: Pulse CVE-2020-12879 RESERVED CVE-2020-12878 (Digi ConnectPort X2e before 3.2.30.6 allows an attacker to escalate pr ...) NOT-FOR-US: Digi ConnectPort X2e CVE-2020-12877 (Veritas APTARE versions prior to 10.4 allowed sensitive information to ...) NOT-FOR-US: Veritas CVE-2020-12876 (Veritas APTARE versions prior to 10.4 allowed remote users to access s ...) NOT-FOR-US: Veritas CVE-2020-12875 (Veritas APTARE versions prior to 10.4 did not perform adequate authori ...) NOT-FOR-US: Veritas CVE-2020-12874 (Veritas APTARE versions prior to 10.4 included code that bypassed the ...) NOT-FOR-US: Veritas CVE-2020-12873 (An issue was discovered in Alfresco Enterprise Content Management (ECM ...) NOT-FOR-US: Alfresco Enterprise Content Management (ECM) CVE-2020-12872 (yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ...) - erlang 1:21.2.6+dfsg-1 (low) [stretch] - erlang 1:19.2.1+dfsg-2+deb9u3 [jessie] - erlang (Minor issue) NOTE: https://medium.com/@charlielabs101/cve-2020-12872-df315411aa70 NOTE: https://github.com/erlyaws/yaws/issues/402 NOTE: In Debian yaws uses the cipher settings from erlang, mark the version which NOTE: landed in Buster as fixed (although it was possibly fixed earlier between NOTE: Stretch and Buster. The CVE was assigned specifically for yaws, cf. #961422 NOTE: for discussion. CVE-2020-12871 RESERVED CVE-2020-12870 (RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username ...) NOT-FOR-US: RainbowFish PacsOne Server CVE-2020-12869 (RainbowFish PacsOne Server 6.8.4 allows XSS. ...) NOT-FOR-US: RainbowFish PacsOne Server CVE-2020-12868 RESERVED CVE-2020-12867 (A NULL pointer dereference in sanei_epson_net_read in SANE Backends be ...) {DLA-2332-1 DLA-2231-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-1-ghsl-2020-075-null-pointer-dereference-in-sanei_epson_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/fff83e7eacd0f27bb2d71c42488e0fd735c15ac3 (1.0.30) CVE-2020-12866 (A NULL pointer dereference in SANE Backends before 1.0.30 allows a mal ...) [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-2-ghsl-2020-079-null-pointer-dereference-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) CVE-2020-12865 (A heap buffer overflow in SANE Backends before 1.0.30 may allow a mali ...) {DLA-2332-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-9-ghsl-2020-084-buffer-overflow-in-esci2_img NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/b9b0173409df73e235da2aa0dae5edd21fb55967 (1.0.30) CVE-2020-12864 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-4-ghsl-2020-081-reading-uninitialized-data-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) CVE-2020-12863 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) {DLA-2332-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-7-ghsl-2020-083-out-of-bounds-read-in-esci2_check_header NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/db9480b09ea807e52029f2334769a55d4b95e45b (1.0.30) CVE-2020-12862 (An out-of-bounds read in SANE Backends before 1.0.30 may allow a malic ...) {DLA-2332-1} [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-5-ghsl-2020-082-out-of-bounds-read-in-decode_binary NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/27ea994d23ee52fe1ec1249c92ebc1080a358288 (1.0.30) CVE-2020-12861 (A heap buffer overflow in SANE Backends before 1.0.30 allows a malicio ...) [experimental] - sane-backends 1.0.30-1~experimental1 - sane-backends 1.0.31-2 (bug #961302) [buster] - sane-backends (Minor issue) [stretch] - sane-backends (already mitigated, auto-discovery for unsupported network access added in 1.0.27) [jessie] - sane-backends (epsonds backend was added in 1.0.25) NOTE: https://gitlab.com/sane-project/backends/-/issues/279 NOTE: https://gitlab.com/sane-project/backends/-/issues/279#issue-3-ghsl-2020-080-heap-buffer-overflow-in-epsonds_net_read NOTE: https://alioth-lists.debian.net/pipermail/sane-announce/2020/000041.html NOTE: https://gitlab.com/sane-project/backends/-/commit/30b1831a28f24ab2921b9f717c66d37f02bb81cc (1.0.30, disable unsupported network access) NOTE: https://gitlab.com/sane-project/backends/-/merge_requests/500 (prospective network code fix) CVE-2020-12860 (COVIDSafe through v1.0.17 allows a remote attacker to access phone nam ...) NOT-FOR-US: COVIDSafe CVE-2020-12859 (Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe th ...) NOT-FOR-US: COVIDSafe CVE-2020-12858 (Non-reinitialisation of random data in the advertising payload in COVI ...) NOT-FOR-US: COVIDSafe CVE-2020-12857 (Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 an ...) NOT-FOR-US: COVIDSafe CVE-2020-12856 (OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTrac ...) NOT-FOR-US: COVIDSafe CVE-2020-12855 (A Host header injection vulnerability has been discovered in SecZetta ...) NOT-FOR-US: SecZetta NEProfile CVE-2020-12854 (A remote code execution vulnerability was identified in SecZetta NEPro ...) NOT-FOR-US: SecZetta NEProfile CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...) NOT-FOR-US: Pydio Cells CVE-2020-12852 (The update feature for Pydio Cells 2.0.4 allows an administrator user ...) NOT-FOR-US: Pydio Cells CVE-2020-12851 (Pydio Cells 2.0.4 allows an authenticated user to write or overwrite e ...) NOT-FOR-US: Pydio Cells CVE-2020-12850 (The following vulnerability applies only to the Pydio Cells Enterprise ...) NOT-FOR-US: Pydio Cells CVE-2020-12849 (Pydio Cells 2.0.4 allows any user to upload a profile image to the web ...) NOT-FOR-US: Pydio Cells CVE-2020-12848 (In Pydio Cells 2.0.4, once an authenticated user shares a file selecti ...) NOT-FOR-US: Pydio Cells CVE-2020-12847 (Pydio Cells 2.0.4 web application offers an administrative console nam ...) NOT-FOR-US: Pydio Cells CVE-2020-12846 (Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remo ...) NOT-FOR-US: Zimbra CVE-2020-12845 (Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a ...) - cherokee CVE-2020-12844 RESERVED CVE-2020-12843 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...) NOT-FOR-US: ismartgate PRO CVE-2020-12842 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...) NOT-FOR-US: ismartgate PRO CVE-2020-12841 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) NOT-FOR-US: ismartgate PRO CVE-2020-12840 (ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) NOT-FOR-US: ismartgate PRO CVE-2020-12839 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...) NOT-FOR-US: ismartgate PRO CVE-2020-12838 (ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appendin ...) NOT-FOR-US: ismartgate PRO CVE-2020-12837 (ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the f ...) NOT-FOR-US: ismartgate PRO CVE-2020-12836 RESERVED CVE-2020-12835 (An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to ...) NOT-FOR-US: SmartBear ReadyAPI SoapUI Pro CVE-2020-12834 (eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 thr ...) NOT-FOR-US: eQ-3 Homematic Central Control Unit CVE-2020-12833 RESERVED CVE-2020-12832 (WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerabi ...) NOT-FOR-US: simple-file-list plugin for WordPress CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ...) - frr (unimportant) NOTE: https://github.com/FRRouting/frr/pull/6383 NOTE: https://github.com/FRRouting/frr/commit/7734484a378052a513c9e21165c13bf85f78ad48 CVE-2020-12830 (Addressed multiple stack buffer overflow vulnerabilities that could al ...) NOT-FOR-US: Western Digital My Cloud devices CVE-2020-12829 (In QEMU through 5.0.0, an integer overflow was found in the SM501 disp ...) {DSA-4760-1} - qemu 1:5.0-12 (low; bug #961451) [stretch] - qemu (SM501 only compiled for misc/sh4 where it's not enabled as a graphics device yet; intrusive) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1808510 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1786026 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=b15a22bbcbe6a78dc3d88fe3134985e4cdd87de4 CVE-2020-12828 (An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VP ...) NOT-FOR-US: AnchorFree VPN SDK CVE-2020-12827 (MJML prior to 4.6.3 contains a path traversal vulnerability when proce ...) NOT-FOR-US: MJML CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...) {DLA-2241-1} - linux 5.6.7-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/d1e7fd6462ca9fc76650fbe6ca800e35b24267da CVE-2020-12825 (libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any ...) - libcroco (low; bug #960527) [buster] - libcroco (Minor issue) [stretch] - libcroco (Minor issue) [jessie] - libcroco (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libcroco/-/issues/8 CVE-2020-12824 (Pexip Infinity 23.x before 23.3 has improper input validation, leading ...) NOT-FOR-US: Pexip Infinity CVE-2020-12823 (OpenConnect 8.09 has a buffer overflow, causing a denial of service (a ...) {DLA-2212-1} - openconnect 8.10-1 (unimportant; bug #960620) NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/108 NOTE: Only triggerable by local certs, which are under the control of the user CVE-2020-12822 RESERVED CVE-2020-12821 (Gossipsub 1.0 does not properly resist invalid message spam, such as a ...) NOT-FOR-US: Gossipsub CVE-2020-12820 RESERVED CVE-2020-12819 RESERVED CVE-2020-12818 (An insufficient logging vulnerability in FortiGate before 6.4.1 may al ...) NOT-FOR-US: FortiGuard CVE-2020-12817 (An improper neutralization of input vulnerability in FortiAnalyzer bef ...) NOT-FOR-US: FortiGuard CVE-2020-12816 (An improper neutralization of input vulnerability in FortiNAC before 8 ...) NOT-FOR-US: FortiGuard CVE-2020-12815 (An improper neutralization of input vulnerability in FortiTester befor ...) NOT-FOR-US: FortiGuard CVE-2020-12814 (A improper neutralization of input during web page generation ('cross- ...) NOT-FOR-US: Fortiguard CVE-2020-12813 RESERVED CVE-2020-12812 (An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, ...) NOT-FOR-US: Fortinet CVE-2020-12811 (An improper neutralization of script-related HTML tags in a web page i ...) NOT-FOR-US: FortiGuard CVE-2020-12810 RESERVED CVE-2020-12809 RESERVED CVE-2020-12808 RESERVED CVE-2020-12807 RESERVED CVE-2020-12806 RESERVED CVE-2020-12805 RESERVED CVE-2020-12804 RESERVED CVE-2020-12803 (ODF documents can contain forms to be filled out by the user. Similar ...) - libreoffice 1:6.4.4-1 (low) [buster] - libreoffice (Minor issue) [stretch] - libreoffice (Minor issue) [jessie] - libreoffice (Minor issue) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12803 CVE-2020-12802 (LibreOffice has a 'stealth mode' in which only documents from location ...) - libreoffice 1:6.4.4-1 (low) [buster] - libreoffice (Minor issue) [stretch] - libreoffice (Minor issue) [jessie] - libreoffice (Minor issue) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12802 CVE-2020-12801 (If LibreOffice has an encrypted document open and crashes, that docume ...) - libreoffice 1:6.4.3-1 (low) [buster] - libreoffice (Minor issue) [stretch] - libreoffice (Minor issue) [jessie] - libreoffice (Minor issue) NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2020-12801 CVE-2020-12800 (The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1. ...) NOT-FOR-US: drag-and-drop-multiple-file-upload-contact-form-7 plugin for WordPress CVE-2020-12799 RESERVED CVE-2020-12798 (Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system pol ...) NOT-FOR-US: Cellebrite UFED CVE-2020-12797 (HashiCorp Consul and Consul Enterprise failed to enforce changes to le ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/8047 CVE-2020-12796 RESERVED CVE-2020-12795 RESERVED CVE-2020-12794 RESERVED CVE-2020-12793 RESERVED CVE-2020-12792 RESERVED CVE-2020-12791 RESERVED CVE-2020-12790 (In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMet ...) NOT-FOR-US: SEOmatic plugin for Craft CMS CVE-2020-12789 (The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded ...) NOT-FOR-US: Microchip Atmel ATSAMA5 products CVE-2020-12788 (CMAC verification functionality in Microchip Atmel ATSAMA5 products is ...) NOT-FOR-US: Microchip Atmel ATSAMA5 products CVE-2020-12787 (Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to b ...) NOT-FOR-US: Microchip Atmel ATSAMA5 products CVE-2020-12786 RESERVED CVE-2020-12785 (cPanel before 86.0.14 allows attackers to obtain access to the current ...) NOT-FOR-US: cPanel CVE-2020-12784 (cPanel before 86.0.14 allows remote attackers to trigger a bandwidth s ...) NOT-FOR-US: cPanel CVE-2020-12782 (Openfind MailGates contains a Command Injection flaw, when receiving e ...) NOT-FOR-US: Openfind MailGates CVE-2020-12781 (Combodo iTop contains a cross-site request forgery (CSRF) vulnerabilit ...) NOT-FOR-US: Combodo iTop CVE-2020-12780 (A security misconfiguration exists in Combodo iTop, which can expose s ...) NOT-FOR-US: Combodo iTop CVE-2020-12779 (Combodo iTop contains a stored Cross-site Scripting vulnerability, whi ...) NOT-FOR-US: Combodo iTop CVE-2020-12778 (Combodo iTop does not validate inputted parameters, attackers can inje ...) NOT-FOR-US: Combodo iTop CVE-2020-12777 (A function in Combodo iTop contains a vulnerability of Broken Access C ...) NOT-FOR-US: Combodo iTop CVE-2020-12776 (Openfind Mail2000 contains Broken Access Control vulnerability, which ...) NOT-FOR-US: Openfind Mail2000 CVE-2020-12775 RESERVED CVE-2020-12774 (D-Link DSL-7740C does not properly validate user input, which allows a ...) NOT-FOR-US: D-Link CVE-2020-12773 (A security misconfiguration vulnerability exists in the SDK of some Re ...) NOT-FOR-US: Realtek ADSL/PON Modem SoC firmware CVE-2020-12783 (Exim through 4.93 has an out-of-bounds read in the SPA authenticator t ...) {DSA-4687-1 DLA-2213-1} - exim4 4.93-16 NOTE: https://bugs.exim.org/show_bug.cgi?id=2571 NOTE: https://git.exim.org/exim.git/commitdiff/57aa14b216432be381b6295c312065b2fd034f86 NOTE: https://git.exim.org/exim.git/commitdiff/a04174dc2a84ae1008c23b6a7109e7fa3fb7b8b0 CVE-2020-12772 (An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR p ...) NOT-FOR-US: Ignite Realtime Spark CVE-2020-12767 (exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by ...) {DLA-2214-1} - libexif 0.6.21-7 (bug #960199) [buster] - libexif 0.6.21-5.1+deb10u2 [stretch] - libexif 0.6.21-2+deb9u2 NOTE: https://github.com/libexif/libexif/issues/31 NOTE: https://github.com/libexif/libexif/commit/e22f73064f804c94e90b642cd0db4697c827da72 CVE-2020-XXXX [unspecified fexsrv security issue] - fex 20160919-2 [buster] - fex 20160919-2~deb10u1 [stretch] - fex 20160919-2~deb9u1 CVE-2020-12771 (An issue was discovered in the Linux kernel through 5.6.11. btree_gc_c ...) {DLA-2420-1 DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 NOTE: https://lkml.org/lkml/2020/4/26/87 NOTE: https://git.kernel.org/linus/be23e837333a914df3f24bf0b32e87b0331ab8d1 (5.8-rc2) CVE-2020-12770 (An issue was discovered in the Linux kernel through 5.6.11. sg_write l ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/83c6f2390040f188cc25b270b4befeb5628c1aee (5.7-rc3) CVE-2020-12769 (An issue was discovered in the Linux kernel before 5.4.17. drivers/spi ...) {DLA-2241-1} - linux 5.4.19-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/19b61392c5a852b4e8a0bf35aecb969983c5932d (5.5-rc6) CVE-2020-12768 (** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. ...) {DSA-4699-1} - linux 5.6.7-1 (unimportant) [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/d80b64ff297e40c2b6f7d7abc1b3eba70d22a068 (5.6-rc4) CVE-2020-12766 (Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via t ...) NOT-FOR-US: Gnuteca CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view&it ...) NOT-FOR-US: Solis Miolo CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. ...) NOT-FOR-US: Gnuteca CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...) NOT-FOR-US: TRENDnet ProView CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...) {DSA-4741-1 DLA-2301-1 DLA-2228-2 DLA-2228-1} - json-c 0.13.1+dfsg-8 (bug #960326) NOTE: https://github.com/json-c/json-c/pull/592 NOTE: https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426 NOTE: https://github.com/json-c/json-c/commit/77d935b7ae7871a1940cd827e850e6063044ec45 NOTE: https://github.com/json-c/json-c/commit/d07b91014986900a3a75f306d302e13e005e9d67 NOTE: https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157 NOTE: https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6 NOTE: d07b91014986 ("Fix integer overflows.") introduces a regression tracked as: NOTE: https://github.com/json-c/json-c/issues/599 NOTE: https://github.com/json-c/json-c/pull/610 NOTE: Working backports for older branches: https://github.com/json-c/json-c/pull/608 CVE-2020-12761 (modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow ( ...) - imlib2 1.6.1-2 (bug #960192) [buster] - imlib2 (Vulnerable code introduced later) [stretch] - imlib2 (Vulnerable code introduced later) [jessie] - imlib2 (Vulnerable code introduced later) NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63 CVE-2020-12760 (An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian ...) - opennms (bug #450615) CVE-2020-12759 (Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook ...) - zulip-server (bug #800052) CVE-2020-12758 (HashiCorp Consul and Consul Enterprise could crash when configured wit ...) - consul 1.7.4+dfsg1-1 [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/7783 CVE-2020-12757 (HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured ...) NOT-FOR-US: HashiCorp Vault CVE-2020-12756 RESERVED CVE-2020-12755 (fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras t ...) - kio-extras 4:20.08.3-1 (low; bug #960306) [buster] - kio-extras (Minor issue) [stretch] - kio-extras (Minor issue) NOTE: https://github.com/KDE/kio-extras/commit/d813cef3cecdec9af1532a40d677a203ff979145 CVE-2020-12754 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-12753 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-12752 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12751 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12750 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12749 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12748 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12747 (An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12746 (An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12745 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-12744 RESERVED CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does ...) NOT-FOR-US: Gazie CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does ...) NOT-FOR-US: iubenda-cookie-law-solution plugin for WordPress CVE-2020-12741 RESERVED CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ...) - tcpreplay 4.3.3-1 (unimportant) [jessie] - tcpreplay (Vulnerable code added later) NOTE: https://github.com/appneta/tcpreplay/issues/576 NOTE: https://github.com/appneta/tcpreplay/pull/590 NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578 NOTE: --fuzz-seed in PoC not present until version 4.2.0 NOTE: Crash in CLI tool, no security impact CVE-2020-12739 (A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and ...) NOT-FOR-US: Fanuc i Series CNC CVE-2020-12738 RESERVED CVE-2020-12737 (An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authen ...) NOT-FOR-US: Maxum Rumpus CVE-2020-12736 (Code42 environments with on-premises server versions 7.0.4 and earlier ...) NOT-FOR-US: Code42 CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...) NOT-FOR-US: DomainMOD CVE-2020-12734 (DEPSTECH WiFi Digital Microscope 3 allows remote attackers to change t ...) NOT-FOR-US: DEPSTECH WiFi Digital Microscope CVE-2020-12733 (Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microsc ...) NOT-FOR-US: DEPSTECH WiFi Digital Microscope CVE-2020-12732 (DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxx ...) NOT-FOR-US: DEPSTECH WiFi Digital Microscope CVE-2020-12731 (The MagicMotion Flamingo 2 application for Android stores data on an s ...) NOT-FOR-US: MagicMotion Flamingo 2 application for Android CVE-2020-12730 (MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing an ...) NOT-FOR-US: MagicMotion Flamingo 2 CVE-2020-12729 (MagicMotion Flamingo 2 has a lack of access control for reading from d ...) NOT-FOR-US: MagicMotion Flamingo 2 CVE-2020-12728 RESERVED CVE-2020-12727 RESERVED CVE-2020-12726 RESERVED CVE-2020-12725 (Havoc Research discovered an authenticated Server-Side Request Forgery ...) NOT-FOR-US: Redash CVE-2020-12724 RESERVED CVE-2020-12723 (regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted ...) - perl 5.30.3-1 (bug #962005) [buster] - perl 5.28.1-6+deb10u1 [stretch] - perl 5.24.1-3+deb9u7 NOTE: https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a (v5.30.3) CVE-2020-12722 RESERVED CVE-2020-12721 RESERVED CVE-2020-12720 (vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6 ...) NOT-FOR-US: vBulletin CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Console in ...) NOT-FOR-US: WSO2 CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...) NOT-FOR-US: PHP-Fusion CVE-2020-12717 (The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote atta ...) NOT-FOR-US: COVIDSafe (Australia) app CVE-2020-12716 RESERVED CVE-2020-12715 (RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. ...) NOT-FOR-US: RainbowFish PacsOne Server CVE-2020-12714 (An issue was discovered in CipherMail Community Gateway Virtual Applia ...) NOT-FOR-US: CipherMail CVE-2020-12713 (An issue was discovered in CipherMail Community Gateway and Profession ...) NOT-FOR-US: CipherMail CVE-2020-12712 (A vulnerability based on insecure user/password encryption in the JOE ...) NOT-FOR-US: SOS JobScheduler CVE-2020-12711 RESERVED CVE-2020-12710 RESERVED CVE-2020-12709 RESERVED CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) NOT-FOR-US: PHP-Fusion CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4 ...) NOT-FOR-US: LeptonCMS CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) NOT-FOR-US: PHP-Fusion CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS ...) NOT-FOR-US: LeptonCMS CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...) NOT-FOR-US: UliCMS CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall. ...) NOT-FOR-US: UliCMS CVE-2020-12702 (Weak encryption in the Quick Pairing mode in the eWeLink mobile applic ...) NOT-FOR-US: eWeLink mobile application CVE-2020-12701 RESERVED CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...) NOT-FOR-US: Typo3 extension CVE-2020-12699 (The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect ...) NOT-FOR-US: Typo3 extension CVE-2020-12698 (The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Co ...) NOT-FOR-US: Typo3 extension CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Ser ...) NOT-FOR-US: Typo3 extension CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...) NOT-FOR-US: iframe plugin for WordPress CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17 ...) {DSA-4898-1 DSA-4806-1 DLA-2489-1 DLA-2318-1 DLA-2315-1} - wpa 2:2.9.0-16 (bug #976106) - gupnp 1.2.3-1 [buster] - gupnp 1.0.5-0+deb10u1 - minidlna 1.2.1+dfsg-3 (bug #976594) - pupnp-1.8 (bug #983206) [bullseye] - pupnp-1.8 (Minor issue) [buster] - pupnp-1.8 (Minor issue) - libupnp [stretch] - libupnp (Invasive change, hard to backport; chances of regression) NOTE: https://w1.fi/security/2020-1/upnp-subscribe-misbehavior-wps-ap.txt NOTE: https://w1.fi/security/2020-1/0001-WPS-UPnP-Do-not-allow-event-subscriptions-with-URLs-.patch NOTE: https://w1.fi/security/2020-1/0002-WPS-UPnP-Fix-event-message-generation-using-a-long-U.patch NOTE: https://w1.fi/security/2020-1/0003-WPS-UPnP-Handle-HTTP-initiation-failures-for-events-.patch NOTE: https://sourceforge.net/p/minidlna/git/ci/06ee114731612462eb1eb1266f0431ccf59269d2 (v1_3_0) NOTE: https://github.com/pupnp/pupnp/commit/5f76bf2858dd601bd985bf37a1db9f262c0ff7bf (release-1.14.0) NOTE: https://github.com/pupnp/pupnp/commit/7b3f0f5f497f9f493c82307af495b87fa9ebdacb (release-1.14.0) CVE-2020-12694 RESERVED CVE-2020-12693 (Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare c ...) {DSA-4841-1} - slurm-wlm (Fixed with first upload to Debian with renamed source package) - slurm-llnl (bug #961406) [stretch] - slurm-llnl (Minor issue) [jessie] - slurm-llnl (Message Aggregation added in 14.11) NOTE: https://www.schedmd.com/news.php?id=236 NOTE: https://lists.schedmd.com/pipermail/slurm-announce/2020/000036.html NOTE: Issue affects systems with Message Aggregation enabled NOTE: slurm-wlm/20.02.6-1 changed the source package name and included the fix CVE-2020-12688 RESERVED CVE-2020-12687 (An issue was discovered in Serpico before 1.3.3. The /admin/attacments ...) NOT-FOR-US: Serpico CVE-2020-12686 RESERVED CVE-2020-12685 (XSS in the admin help system admin/help.html and admin/quicklinks.html ...) NOT-FOR-US: Interchange CVE-2020-12684 (XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer ...) NOT-FOR-US: i-net Clear Reports CVE-2020-12683 (Katyshop2 before 2.12 has multiple stored XSS issues. ...) NOT-FOR-US: Katyshop2 CVE-2020-12682 RESERVED CVE-2020-12681 (Missing TLS certificate validation on 3xLogic Infinias eIDC32 devices ...) NOT-FOR-US: 3xLogic Infinias eIDC32 devices CVE-2020-12680 (** DISPUTED ** Avira Free Antivirus through 15.0.2005.1866 allows loca ...) NOT-FOR-US: Avira Free Antivirus CVE-2020-12679 (A reflected cross-site scripting (XSS) vulnerability in the Mitel Shor ...) NOT-FOR-US: Mitel CVE-2020-12678 REJECTED CVE-2020-12677 (An issue was discovered in Progress MOVEit Automation Web Admin. A Web ...) NOT-FOR-US: Progress MOVEit Automation Web Admin CVE-2020-12676 (FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge me ...) NOT-FOR-US: FusionAuth CVE-2020-12675 (The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPr ...) NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress CVE-2020-12692 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1872737 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/4 CVE-2020-12691 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1872733 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5 CVE-2020-12690 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie LTS) NOTE: https://bugs.launchpad.net/keystone/+bug/1873290 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/6 CVE-2020-12674 (In Dovecot before 2.3.11.3, sending a specially formatted RPA request ...) {DSA-4745-1 DLA-2328-1} - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/3 NOTE: https://github.com/dovecot/core/commit/69ad3c902ea4bbf9f21ab1857d8923f975dc6145 CVE-2020-12673 (In Dovecot before 2.3.11.3, sending a specially formatted NTLM request ...) {DSA-4745-1 DLA-2328-1} - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/2 NOTE: https://github.com/dovecot/core/commit/fb246611e62ad8c5a95b0ca180a63f17aa34b0d8 CVE-2020-12689 (An issue was discovered in OpenStack Keystone before 15.0.1, and 16.0. ...) {DSA-4679-1} - keystone 2:17.0.0~rc2-1 (bug #959900) [stretch] - keystone (Not supported in stretch LTS) [jessie] - keystone (Not supported in Jessie) NOTE: https://bugs.launchpad.net/keystone/+bug/1872735 NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/5 CVE-2020-12672 (GraphicsMagick through 1.3.35 has a heap-based buffer overflow in Read ...) {DLA-2236-1} - graphicsmagick 1.4+really1.3.35-2 (bug #960000) [buster] - graphicsmagick (Minor issue; can be fixed along in future DSA) [stretch] - graphicsmagick (Minor issue; can be fixed along in future DSA) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19025 NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/50395430a37188d0d197e71bd85ed6dd0f649ee3/ CVE-2020-12671 RESERVED CVE-2020-12670 (XSS exists in Webmin 1.941 and earlier affecting the Save function of ...) - webmin CVE-2020-12669 (core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authentic ...) - dolibarr CVE-2020-12668 (Jinjava before 2.5.4 allow access to arbitrary classes by calling Java ...) NOT-FOR-US: Jinjava CVE-2020-12667 (Knot Resolver before 5.1.1 allows traffic amplification via a crafted ...) - knot-resolver 5.1.1-0.1 (bug #961076) [buster] - knot-resolver (Minor issue; can be fixed via point release) NOTE: https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/ NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/54f05e4d7b2e47c0bdd30b84272fc503cc65304b NOTE: commit: https://gitlab.labs.nic.cz/knot/knot-resolver/-/commit/ba7b89db780fe3884b4e90090318e25ee5afb118 CVE-2020-12666 (macaron before 1.3.7 has an open redirect in the static handler, as de ...) NOT-FOR-US: macaron CVE-2020-12665 RESERVED CVE-2020-12664 RESERVED CVE-2020-12663 (Unbound before 1.10.1 has an infinite loop via malformed DNS answers r ...) {DSA-4694-1 DLA-2556-1} - unbound 1.10.1-1 [stretch] - unbound (No longer supported, see DSA 4694) [jessie] - unbound (No longer supported) NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff CVE-2020-12662 (Unbound before 1.10.1 has Insufficient Control of Network Message Volu ...) {DSA-4694-1 DLA-2556-1} - unbound 1.10.1-1 [stretch] - unbound (No longer supported, see DSA 4694) [jessie] - unbound (No longer supported) NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2020-12662_2020-12663.txt NOTE: Patch: https://nlnetlabs.nl/downloads/unbound/patch_cve_2020-12662_2020-12663.diff CVE-2020-12661 RESERVED CVE-2020-12660 RESERVED CVE-2020-12659 (An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg ...) - linux 5.6.7-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/99e3a236dd43d06c65af0a2ef9cb44306aef6e02 (5.7-rc2) CVE-2020-12658 (** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3 does not unlock c ...) {DLA-2516-1} - gssproxy (unimportant; bug #978931) NOTE: https://github.com/gssapi/gssproxy/commit/cb761412e299ef907f22cd7c4146d50c8a792003 (v0.8.3) NOTE: code change in question only happens in a shutdown path. CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There is a u ...) - linux 5.6.7-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1) CVE-2020-12656 (** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c ...) - linux 5.7.6-1 (unimportant) [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651 NOTE: Issue is triggered only at module reloading / rebinding CVE-2020-12655 (An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c ...) {DLA-2420-1 DLA-2323-1} - linux 5.6.14-1 [buster] - linux 4.19.131-1 NOTE: https://git.kernel.org/linus/d0c7feaf87678371c2c09b3709400be416b2dc62 (5.7-rc1) CVE-2020-12654 (An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_s ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/3a9b153c5591548612c3955c9600a98150c81875 (5.6-rc1) CVE-2020-12653 (An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_appen ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/b70261a288ea4d2f4ac7cd04be08a9f0f2de4f4d (5.6-rc1) CVE-2020-12652 (The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.4.19-1 [buster] - linux 4.19.98-1 NOTE: https://git.kernel.org/linus/28d76df18f0ad5bcf5fa48510b225f0ed262a99b (5.5-rc7) CVE-2020-12651 (SecureCRT before 8.7.2 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: SecureCRT CVE-2020-12650 REJECTED CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...) NOT-FOR-US: Gurbalib CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...) - tinymce (bug #972642) [buster] - tinymce (Minor issue) [stretch] - tinymce (Vulnerable code not present and not reproducible) NOTE: https://labs.bishopfox.com/advisories/tinymce-version-5.2.1 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...) NOT-FOR-US: Unisys ALGOL Compiler CVE-2020-12646 (OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text ...) NOT-FOR-US: OX App Suite CVE-2020-12645 (OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate l ...) NOT-FOR-US: OX App Suite CVE-2020-12644 (OX App Suite 7.10.3 and earlier allows SSRF, related to the mail accou ...) NOT-FOR-US: OX App Suite CVE-2020-12643 (OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /a ...) NOT-FOR-US: OX App Suite CVE-2020-12642 (An issue was discovered in service-api before 4.3.12 and 5.x before 5. ...) NOT-FOR-US: Report Portal CVE-2020-12641 (rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to ...) - roundcube 1.4.4+dfsg.1-1 (unimportant) [buster] - roundcube 1.3.11+dfsg.1-1~deb10u1 NOTE: https://github.com/roundcube/roundcubemail/commit/fcfb099477f353373c34c8a65c9035b06b364db3 NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 CVE-2020-12640 (Roundcube Webmail before 1.4.4 allows attackers to include local files ...) - roundcube 1.4.4+dfsg.1-1 (unimportant) [buster] - roundcube 1.3.11+dfsg.1-1~deb10u1 NOTE: https://github.com/roundcube/roundcubemail/commit/814eadb699e8576ce3a78f21e95bf69a7c7b3794 NOTE: https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10 CVE-2020-12639 (phpList before 3.5.3 allows XSS, with resultant privilege elevation, v ...) - phplist (bug #612288) CVE-2020-12638 (An encryption-bypass issue was discovered on Espressif ESP-IDF devices ...) NOT-FOR-US: Espressif CVE-2020-12637 (Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation beca ...) NOT-FOR-US: Zulip Desktop CVE-2020-12636 RESERVED CVE-2020-12635 (XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento ...) NOT-FOR-US: WebForms Pro M2 extension for Magento CVE-2020-12634 RESERVED CVE-2020-12633 RESERVED CVE-2020-12632 RESERVED CVE-2020-12631 RESERVED CVE-2020-12630 RESERVED CVE-2020-12629 (include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA ...) NOT-FOR-US: osTicket CVE-2020-12628 RESERVED CVE-2020-12627 (Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j ...) NOT-FOR-US: Calibre-Web CVE-2020-12624 (The League application before 2020-05-02 on Android sends a bearer tok ...) NOT-FOR-US: League CVE-2020-12623 RESERVED CVE-2020-12622 RESERVED CVE-2020-12621 (The Teamwire application 5.3.0 for Android allows physically proximate ...) NOT-FOR-US: Teamwire application for Android CVE-2020-12620 (Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.con ...) NOT-FOR-US: Pi-hole CVE-2020-12619 (MailMate before 1.11 automatically imported S/MIME certificates and th ...) NOT-FOR-US: MailMate CVE-2020-12618 (eM Client before 7.2.33412.0 automatically imported S/MIME certificate ...) NOT-FOR-US: eM Client CVE-2020-12617 RESERVED CVE-2020-12616 RESERVED CVE-2020-12615 RESERVED CVE-2020-12614 RESERVED CVE-2020-12613 RESERVED CVE-2020-12612 RESERVED CVE-2020-12611 RESERVED CVE-2020-12610 RESERVED CVE-2020-12609 RESERVED CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management Engine ...) NOT-FOR-US: SolarWinds CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...) NOT-FOR-US: fastecdsa CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...) NOT-FOR-US: DB Soft CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...) - envoyproxy (bug #987544) CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...) - envoyproxy (bug #987544) CVE-2020-12603 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...) - envoyproxy (bug #987544) CVE-2020-12602 RESERVED CVE-2020-12601 RESERVED CVE-2020-12600 RESERVED CVE-2020-12599 RESERVED CVE-2020-12598 RESERVED CVE-2020-12597 RESERVED CVE-2020-12596 RESERVED CVE-2020-12595 (An information disclosure flaw allows a malicious, authenticated, priv ...) NOT-FOR-US: Symantec CVE-2020-12594 (A privilege escalation flaw allows a malicious, authenticated, privile ...) NOT-FOR-US: Symantec CVE-2020-12593 (Symantec Endpoint Detection & Response, prior to 4.5, may be susce ...) NOT-FOR-US: Symantec CVE-2020-12592 RESERVED CVE-2020-12591 RESERVED CVE-2020-12590 RESERVED CVE-2020-12589 RESERVED CVE-2020-12588 RESERVED CVE-2020-12587 RESERVED CVE-2020-12586 RESERVED CVE-2020-12585 RESERVED CVE-2020-12584 RESERVED CVE-2020-12583 RESERVED CVE-2020-12582 RESERVED CVE-2020-12581 RESERVED CVE-2020-12580 RESERVED CVE-2020-12579 RESERVED CVE-2020-12578 RESERVED CVE-2020-12577 RESERVED CVE-2020-12576 RESERVED CVE-2020-12575 RESERVED CVE-2020-12574 RESERVED CVE-2020-12573 RESERVED CVE-2020-12572 RESERVED CVE-2020-12571 RESERVED CVE-2020-12570 RESERVED CVE-2020-12569 RESERVED CVE-2020-12568 RESERVED CVE-2020-12567 RESERVED CVE-2020-12566 RESERVED CVE-2020-12565 RESERVED CVE-2020-12564 RESERVED CVE-2020-12563 RESERVED CVE-2020-12562 RESERVED CVE-2020-12561 RESERVED CVE-2020-12560 RESERVED CVE-2020-12559 RESERVED CVE-2020-12558 RESERVED CVE-2020-12557 RESERVED CVE-2020-12556 RESERVED CVE-2020-12555 RESERVED CVE-2020-12554 RESERVED CVE-2020-12553 RESERVED CVE-2020-12552 RESERVED CVE-2020-12551 RESERVED CVE-2020-12550 RESERVED CVE-2020-12549 RESERVED CVE-2020-12548 RESERVED CVE-2020-12547 RESERVED CVE-2020-12546 RESERVED CVE-2020-12545 RESERVED CVE-2020-12544 RESERVED CVE-2020-12543 RESERVED CVE-2020-12542 RESERVED CVE-2020-12541 RESERVED CVE-2020-12540 RESERVED CVE-2020-12539 RESERVED CVE-2020-12538 RESERVED CVE-2020-12537 RESERVED CVE-2020-12536 RESERVED CVE-2020-12535 RESERVED CVE-2020-12534 RESERVED CVE-2020-12533 RESERVED CVE-2020-12532 RESERVED CVE-2020-12531 RESERVED CVE-2020-12530 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB connect software CVE-2020-12529 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB connect software CVE-2020-12528 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB connect software CVE-2020-12527 (An issue was discovered in MB connect line mymbCONNECT24 and mbCONNECT ...) NOT-FOR-US: MB connect software CVE-2020-12526 (TwinCAT OPC UA Server in versions up to 2.3.0.12 and IPC Diagnostics U ...) NOT-FOR-US: TwinCAT OPC UA Server CVE-2020-12525 (M&M Software fdtCONTAINER Component in versions below 3.5.20304.x ...) NOT-FOR-US: M&M Software fdtCONTAINER Component CVE-2020-12524 (Uncontrolled Resource Consumption can be exploited to cause the Phoeni ...) NOT-FOR-US: Phoenix Contact HMIs BTP CVE-2020-12523 (On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get ...) NOT-FOR-US: Phoenix Contact mGuard Devices CVE-2020-12522 (The reported vulnerability allows an attacker who has network access t ...) NOT-FOR-US: WAGO CVE-2020-12521 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) NOT-FOR-US: Phoenix Contact PLCnext Control Devices CVE-2020-12520 RESERVED CVE-2020-12519 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) NOT-FOR-US: Phoenix Contact PLCnext Control Devices CVE-2020-12518 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) NOT-FOR-US: Phoenix Contact PLCnext Control Devices CVE-2020-12517 (On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS ...) NOT-FOR-US: Phoenix Contact PLCnext Control Devices CVE-2020-12516 (Older firmware versions (FW1 up to FW10) of the WAGO PLC family 750-88 ...) NOT-FOR-US: WAGO CVE-2020-12515 RESERVED CVE-2020-12514 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master CVE-2020-12513 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master CVE-2020-12512 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master CVE-2020-12511 (Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is pr ...) NOT-FOR-US: Pepperl+Fuchs Comtrol IO-Link Master CVE-2020-12510 (The default installation path of the TwinCAT XAR 3.1 software in all v ...) NOT-FOR-US: Beckhoff CVE-2020-12509 RESERVED CVE-2020-12508 RESERVED CVE-2020-12507 RESERVED CVE-2020-12506 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...) NOT-FOR-US: WAGO CVE-2020-12505 (Improper Authentication vulnerability in WAGO 750-8XX series with FW v ...) NOT-FOR-US: WAGO CVE-2020-12504 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) NOT-FOR-US: Pepperl+Fuchs CVE-2020-12503 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) NOT-FOR-US: Pepperl+Fuchs CVE-2020-12502 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) NOT-FOR-US: Pepperl+Fuchs CVE-2020-12501 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) NOT-FOR-US: Pepperl+Fuchs CVE-2020-12500 (Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol Rock ...) NOT-FOR-US: Pepperl+Fuchs CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...) NOT-FOR-US: PHOENIX CONTACT PLCnext Engineer CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...) NOT-FOR-US: Phoenix CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...) NOT-FOR-US: Phoenix CVE-2020-12496 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and ...) NOT-FOR-US: Endress+Hauser CVE-2020-12495 (Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with ...) NOT-FOR-US: Endress+Hauser CVE-2020-12494 (Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is prov ...) NOT-FOR-US: Beckhoff CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...) NOT-FOR-US: SWARCOs CPU LS4000 Series CVE-2020-12492 RESERVED CVE-2020-12491 RESERVED CVE-2020-12490 RESERVED CVE-2020-12489 RESERVED CVE-2020-12488 (The attacker can access the sensitive information stored within the jo ...) NOT-FOR-US: Vivo CVE-2020-12487 RESERVED CVE-2020-12486 RESERVED CVE-2020-12485 (The frame touch module does not make validity judgments on parameter l ...) NOT-FOR-US: Vivo CVE-2020-12484 RESERVED CVE-2020-12483 (The appstore before 8.12.0.0 exposes some of its components, and the a ...) NOT-FOR-US: Vivo CVE-2020-12482 RESERVED CVE-2020-12481 RESERVED CVE-2020-12480 (In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed ...) NOT-FOR-US: Play Framework CVE-2020-12479 (TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a ...) - teampass (bug #730180) CVE-2020-12478 (TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve file ...) - teampass (bug #730180) CVE-2020-12477 (The REST API functions in TeamPass 2.1.27.36 allow any user with a val ...) - teampass (bug #730180) CVE-2020-12476 RESERVED CVE-2020-12475 (TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for ...) NOT-FOR-US: TP-Link CVE-2020-12474 (Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, an ...) - telegram-desktop 2.1.0+ds-1 [buster] - telegram-desktop (Minor issue) NOTE: https://github.com/VijayT007/Vulnerability-Database/blob/master/Telegram:CVE-2020-12474 CVE-2020-12473 (MonoX through 5.1.40.5152 allows admins to execute arbitrary programs ...) NOT-FOR-US: MonoX CVE-2020-12472 (MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comm ...) NOT-FOR-US: MonoX CVE-2020-12471 (MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload ...) NOT-FOR-US: MonoX CVE-2020-12470 (MonoX through 5.1.40.5152 allows administrators to execute arbitrary c ...) NOT-FOR-US: MonoX CVE-2020-12469 (admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Inject ...) NOT-FOR-US: Subrion CMS CVE-2020-12468 (Subrion CMS 4.2.1 allows CSV injection via a phrase value within a lan ...) NOT-FOR-US: Subrion CMS CVE-2020-12467 (Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in ...) NOT-FOR-US: Subrion CMS CVE-2020-12626 (An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF atta ...) {DSA-4674-1} - roundcube 1.4.4+dfsg.1-1 (bug #959142) NOTE: https://github.com/roundcube/roundcubemail/pull/7302 NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/9bbda422ff0b782b81de59c86994f1a5fd93f8e6 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/1e7bec9cb868fa32b05acf6b0a557a6311350c56 NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/cceeff2472c00acb2c6b96c9df7a289f1db77713 CVE-2020-12625 (An issue was discovered in Roundcube Webmail before 1.4.4. There is a ...) {DSA-4674-1} - roundcube 1.4.4+dfsg.1-1 (bug #959140) NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/87e4cd0cf2c550e77586860b94e5c75d2b7686d0 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/23c06159ae8c6f500336e3075820e648aa6f40a4 NOTE: 1.2.x: https://github.com/roundcube/roundcubemail/commit/4312dc4efecb9553fcacfab0ab9d9ee6e88477e7 CVE-2020-12466 RESERVED CVE-2020-12465 (An array overflow was discovered in mt76_add_fragment in drivers/net/w ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/b102f0c522cf668c8382c56a4f771b37d011cda2 (5.6-rc6) CVE-2020-12464 (usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/056ad39ee9253873522f6469c3364964a322912b (5.7-rc3) CVE-2020-12463 (An elevation of privilege vulnerability exists in Avira Software Updat ...) NOT-FOR-US: Avira CVE-2020-12462 (The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with ...) NOT-FOR-US: ninja-forms plugin for WordPress CVE-2020-12461 (PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an in ...) NOT-FOR-US: PHP-Fusion CVE-2020-12460 (OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper nul ...) {DLA-2639-1} - opendmarc 1.4.0~beta1+dfsg-3 (bug #966464) [buster] - opendmarc 1.3.2-6+deb10u2 NOTE: https://github.com/trusteddomainproject/OpenDMARC/issues/64 NOTE: https://github.com/trusteddomainproject/OpenDMARC/commit/50d28af25d8735504b6103537228ce7f76ad765f CVE-2020-12459 (In certain Red Hat packages for Grafana 6.x through 6.3.6, the configu ...) NOT-FOR-US: Grafana as shipped in Red Hat CVE-2020-12458 (An information-disclosure flaw was found in Grafana through 6.7.3. The ...) - grafana NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1827765 NOTE: https://github.com/grafana/grafana/issues/8283 CVE-2020-12457 (An issue was discovered in wolfSSL before 4.5.0. It mishandles the cha ...) - wolfssl 4.5.0+dfsg-1 (bug #969663) NOTE: https://github.com/wolfSSL/wolfssl/commit/df1b7f34f173cfc2968ce12e8fcd2fd8bcc61a59 (v4.5.0-stable) NOTE: https://github.com/wolfSSL/wolfssl/pull/2927 CVE-2020-12456 (A remote code execution vulnerability in Mitel MiVoice Connect Client ...) NOT-FOR-US: Mitel CVE-2020-12455 RESERVED CVE-2020-12454 RESERVED CVE-2020-12453 RESERVED CVE-2020-12452 RESERVED CVE-2020-12451 RESERVED CVE-2020-12450 RESERVED CVE-2020-12449 RESERVED CVE-2020-12448 (GitLab EE 12.8 and later allows Exposure of Sensitive Information to a ...) - gitlab (Only affects GitLab EE 12.8 and later) NOTE: https://about.gitlab.com/releases/2020/04/30/security-release-12-10-2-released/ CVE-2020-12447 (A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-000 ...) NOT-FOR-US: Onkyo CVE-2020-12446 (The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00. ...) NOT-FOR-US: G.SKILL Trident Z Lighting Control CVE-2020-12445 RESERVED CVE-2020-12444 RESERVED CVE-2020-12443 (BigBlueButton before 2.2.6 allows remote attackers to read arbitrary f ...) NOT-FOR-US: BigBlueButton CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated ...) NOT-FOR-US: Ivanti CVE-2020-12441 (Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control ...) NOT-FOR-US: Ivanti CVE-2020-12440 REJECTED CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...) NOT-FOR-US: Grin CVE-2020-12438 (An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03 ...) NOT-FOR-US: PHP-Fusion CVE-2020-12437 RESERVED CVE-2020-12436 RESERVED CVE-2020-12435 RESERVED CVE-2020-12434 RESERVED CVE-2020-12433 RESERVED CVE-2020-12432 (The WOPI API integration for Vereign Collabora CODE through 4.2.2 does ...) NOT-FOR-US: Vereign Collabora CODE CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software ...) NOT-FOR-US: Splashtop Software Updater CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...) [experimental] - libvirt 6.2.0-1 - libvirt 6.4.0-2 (low; bug #959447) [buster] - libvirt (Minor issue) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9bf9e0ae6af38c806f4672ca7b12a6b38d5a9581 (v6.1.0-rc1) NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=d1eac92784573559b6fd56836e33b215c89308e3 (v4.10.0-rc1) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1804548 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828190 CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that would ...) NOT-FOR-US: Online Course Registration CVE-2020-12428 RESERVED CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...) NOT-FOR-US: Western Digital CVE-2020-12426 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12426 CVE-2020-12425 (Due to confusion processing a hyphen character in Date.parse(), a one- ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12425 CVE-2020-12424 (When constructing a permission prompt for WebRTC, a URI was supplied f ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12424 CVE-2020-12423 (When the Windows DLL "webauthn.dll" was missing from the Operating Sys ...) - firefox (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12423 CVE-2020-12422 (In non-standard configurations, a JPEG image created by JavaScript cou ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12422 CVE-2020-12421 (When performing add-on updates, certificate chains terminating in non- ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12421 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12421 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12421 CVE-2020-12420 (When trying to connect to a STUN server, a race condition could have c ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12420 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12420 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12420 CVE-2020-12419 (When processing callbacks that occurred during window flushing in the ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12419 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12419 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12419 CVE-2020-12418 (Manipulating individual parts of a URL object could have caused an out ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12418 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12418 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12418 CVE-2020-12417 (Due to confusion about ValueTags on JavaScript Objects, an object may ...) {DSA-4718-1 DSA-4713-1} - firefox 78.0-1 - firefox-esr 68.10.0esr-1 - thunderbird 1:68.10.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12417 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-25/#CVE-2020-12417 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-26/#CVE-2020-12417 CVE-2020-12416 (A VideoStreamEncoder may have been freed in a race condition with Vide ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12416 CVE-2020-12415 (When "%2F" was present in a manifest URL, Firefox's AppCache behavior ...) - firefox 78.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-24/#CVE-2020-12415 CVE-2020-12414 (IndexedDB should be cleared when leaving private browsing mode and it ...) - firefox (Specific to Firefox on iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-23/#CVE-2020-12414 CVE-2020-12413 [racoon attack for NSS] RESERVED - nss 2:3.17-1 [buster] - nss (Minor issue) [stretch] - nss (Minor issue) NOTE: https://raccoon-attack.com/ NOTE: Starting with 3.17 NSS allows to disable reuse of ECDHE keys, marking this NOTE: as the "fixed" version for unstable: NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.17_release_notes CVE-2020-12412 (By navigating a tab using the history API, an attacker could cause the ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2020-12412 CVE-2020-12411 (Mozilla developers reported memory safety bugs present in Firefox 76. ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12411 CVE-2020-12410 (Mozilla developers reported memory safety bugs present in Firefox 76 a ...) {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12410 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12410 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12410 CVE-2020-12409 (When using certain blank characters in a URL, they where incorrectly r ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12409 CVE-2020-12408 (When browsing a document hosted on an IP address, an attacker could in ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12408 CVE-2020-12407 (Mozilla Developer Nicolas Silva found that when using WebRender, Firef ...) - firefox 77.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12407 CVE-2020-12406 (Mozilla Developer Iain Ireland discovered a missing type check during ...) {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12406 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12406 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12406 CVE-2020-12405 (When browsing a malicious page, a race condition in our SharedWorkerSe ...) {DSA-4702-1 DSA-4695-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12405 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12405 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12405 CVE-2020-12404 (For native-to-JS bridging the app requires a unique token to be passed ...) - firefox (Specific to iOS) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-19/#CVE-2020-12404 CVE-2020-12403 (A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS i ...) {DLA-2388-1} - nss 2:3.55-1 [buster] - nss (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/f282556e6cc7715f5754aeaadda6f902590e7e38 NOTE: https://hg.mozilla.org/projects/nss/rev/c25adfdfab34ddb08d3262aac3242e3399de1095 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1636771 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1868931 CVE-2020-12402 (During RSA key generation, bignum implementations used a variation of ...) {DSA-4726-1 DLA-2388-1 DLA-2266-1} - nss 2:3.53.1-1 (bug #963152) NOTE: https://hg.mozilla.org/projects/nss/rev/699541a7793bbe9b20f1d73dc49e25c6054aa4c1 NOTE: Fixed upstream in 3.53.1 CVE-2020-12401 (During ECDSA signature generation, padding applied in the nonce design ...) {DLA-2388-1} - firefox 80.0-1 - nss 2:3.55-1 [buster] - nss (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/aeb2e583ee957a699d949009c7ba37af76515c20 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631573 (private) NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12401 CVE-2020-12400 (When converting coordinates from projective to affine, the modular inv ...) {DLA-2388-1} - firefox 80.0-1 - nss 2:3.55-1 [buster] - nss (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0 NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes NOTE: Issue relates to CVE-2020-6829 and resolved in the same commits. NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-12400 CVE-2020-12399 (NSS has shown timing differences when performing DSA signatures, which ...) {DSA-4726-1 DSA-4702-1 DSA-4695-1 DLA-2388-1 DLA-2266-1 DLA-2247-1 DLA-2243-1} - firefox 77.0-1 - firefox-esr 68.9.0esr-1 - nss 2:3.53-1 (bug #961752) - thunderbird 1:68.9.0-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1631576 (non-public) NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/daa823a4a29bcef0fec33a379ec83857429aea2e NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-20/#CVE-2020-12399 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-21/#CVE-2020-12399 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12399 CVE-2020-12398 (If Thunderbird is configured to use STARTTLS for an IMAP server, and t ...) {DSA-4702-1 DLA-2247-1} - thunderbird 1:68.9.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-22/#CVE-2020-12398 CVE-2020-12397 (By encoding Unicode whitespace characters within the From email header ...) {DSA-4683-1 DLA-2206-1} - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12397 CVE-2020-12396 (Mozilla developers and community members reported memory safety bugs p ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12396 CVE-2020-12395 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12395 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12395 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12395 CVE-2020-12394 (A logic flaw in our location bar implementation could have allowed a l ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12394 CVE-2020-12393 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) - thunderbird (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12393 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12393 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12393 CVE-2020-12392 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12392 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12392 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12392 CVE-2020-12391 (Documents formed using data: URLs in an OBJECT element failed to inher ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12391 CVE-2020-12390 (Incorrect origin serialization of URLs with IPv6 addresses could lead ...) - firefox 76.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12390 CVE-2020-12389 (The Firefox content processes did not sufficiently lockdown access con ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12389 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12389 CVE-2020-12388 (The Firefox content processes did not sufficiently lockdown access con ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12388 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12388 CVE-2020-12387 (A race condition when running shutdown code for Web Worker led to a us ...) {DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-12387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-12387 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-12387 CVE-2020-12386 (Out-of-bounds write in some Intel(R) Graphics Drivers before version 1 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12385 (Improper input validation in some Intel(R) Graphics Drivers before ver ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12384 (Improper access control in some Intel(R) Graphics Drivers before versi ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12383 RESERVED CVE-2020-12382 RESERVED CVE-2020-12381 RESERVED CVE-2020-12380 (Out of bounds read in the BMC firmware for some Intel(R) Server Boards ...) NOT-FOR-US: Intel CVE-2020-12379 RESERVED CVE-2020-12378 RESERVED CVE-2020-12377 (Insufficient input validation in the BMC firmware for some Intel(R) Se ...) NOT-FOR-US: Intel CVE-2020-12376 (Use of hard-coded key in the BMC firmware for some Intel(R) Server Boa ...) NOT-FOR-US: Intel CVE-2020-12375 (Heap overflow in the BMC firmware for some Intel(R) Server Boards, Ser ...) NOT-FOR-US: Intel CVE-2020-12374 (Buffer overflow in the BMC firmware for some Intel(R) Server Boards, S ...) NOT-FOR-US: Intel CVE-2020-12373 (Expired pointer dereference in some Intel(R) Graphics Drivers before v ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12372 (Unchecked return value in some Intel(R) Graphics Drivers before versio ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12371 (Divide by zero in some Intel(R) Graphics Drivers before version 26.20. ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12370 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12369 (Out of bound write in some Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12368 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12367 (Integer overflow in some Intel(R) Graphics Drivers before version 26.2 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12366 (Insufficient input validation in some Intel(R) Graphics Drivers before ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12365 (Untrusted pointer dereference in some Intel(R) Graphics Drivers before ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12364 (Null pointer reference in some Intel(R) Graphics Drivers for Windows* ...) - linux [bullseye] - linux (Too intrusive to backport) [buster] - linux (Too intrusive to backport) - firmware-nonfree 20210208-1 [buster] - firmware-nonfree (Non-free not supported) [stretch] - firmware-nonfree (Minor issue, too intrusive to fix since kernel patch is needed) NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the NOTE: firmware is required. The new firmware requires a kernel patch NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load NOTE: the updated firmware, thus also marking linux as affected CVE-2020-12363 (Improper input validation in some Intel(R) Graphics Drivers for Window ...) - linux [bullseye] - linux (Too intrusive to backport) [buster] - linux (Too intrusive to backport) - firmware-nonfree 20210208-1 [buster] - firmware-nonfree (Non-free not supported) [stretch] - firmware-nonfree (Minor issue, too intrusive to fix since kernel patch is needed) NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the NOTE: firmware is required. The new firmware requires a kernel patch NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load NOTE: the updated firmware, thus also marking linux as affected CVE-2020-12362 (Integer overflow in the firmware for some Intel(R) Graphics Drivers fo ...) - linux [bullseye] - linux (Too intrusive to backport) [buster] - linux (Too intrusive to backport) - firmware-nonfree 20210208-1 [buster] - firmware-nonfree (Non-free not supported) [stretch] - firmware-nonfree (Minor issue, too intrusive to fix since kernel patch is needed) NOTE: Short of details: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00438.html NOTE: Per Intel, this was fixed by a firmware update. v49.0.1 of the NOTE: firmware is required. The new firmware requires a kernel patch NOTE: https://git.kernel.org/linus/c784e5249e773689e38d2bc1749f08b986621a26 NOTE: Firmware was added via https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=c487f7dadcd21116613441ed355b764003b3f57b NOTE: The vulnerability is fixed in firmware, but needs an updated Linux kernel to load NOTE: the updated firmware, thus also marking linux as affected CVE-2020-12361 (Use after free in some Intel(R) Graphics Drivers before version 15.33. ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-12360 (Out of bounds read in the firmware for some Intel(R) Processors may al ...) NOT-FOR-US: Intel CVE-2020-12359 (Insufficient control flow management in the firmware for some Intel(R) ...) NOT-FOR-US: Intel CVE-2020-12358 (Out of bounds write in the firmware for some Intel(R) Processors may a ...) NOT-FOR-US: Intel CVE-2020-12357 (Improper initialization in the firmware for some Intel(R) Processors m ...) NOT-FOR-US: Intel CVE-2020-12356 (Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.8 ...) NOT-FOR-US: Intel CVE-2020-12355 (Authentication bypass by capture-replay in RPMB protocol message authe ...) NOT-FOR-US: Intel CVE-2020-12354 (Incorrect default permissions in Windows(R) installer in Intel(R) AMT ...) NOT-FOR-US: Intel CVE-2020-12353 (Improper permissions in the Intel(R) Data Center Manager Console befor ...) NOT-FOR-US: Intel CVE-2020-12352 (Improper access control in BlueZ may allow an unauthenticated user to ...) {DSA-4774-1 DLA-2420-1 DLA-2417-1} - linux 5.9.1-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html NOTE: https://github.com/google/security-research/security/advisories/GHSA-7mh3-gq28-gfrq NOTE: Fixed by: https://git.kernel.org/linus/eddb7732119d53400f48a02536a84c509692faa8 CVE-2020-12351 (Improper input validation in BlueZ may allow an unauthenticated user t ...) {DSA-4774-1 DLA-2420-1 DLA-2417-1} - linux 5.9.1-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html NOTE: https://github.com/google/security-research/security/advisories/GHSA-h637-c88j-47wq NOTE: Fixed by: https://git.kernel.org/linus/f19425641cb2572a33cb074d5e30283720bd4d22 CVE-2020-12350 (Improper access control in the Intel(R) XTU before version 6.5.1.360 m ...) NOT-FOR-US: Intel CVE-2020-12349 (Improper input validation in the Intel(R) Data Center Manager Console ...) NOT-FOR-US: Intel CVE-2020-12348 RESERVED CVE-2020-12347 (Improper input validation in the Intel(R) Data Center Manager Console ...) NOT-FOR-US: Intel CVE-2020-12346 (Improper permissions in the installer for the Intel(R) Battery Life Di ...) NOT-FOR-US: Intel CVE-2020-12345 (Improper permissions in the installer for the Intel(R) Data Center Man ...) NOT-FOR-US: Intel CVE-2020-12344 RESERVED CVE-2020-12343 RESERVED CVE-2020-12342 RESERVED CVE-2020-12341 RESERVED CVE-2020-12340 RESERVED CVE-2020-12339 (Insufficient control flow management in the API for the Intel(R) Colla ...) NOT-FOR-US: Intel CVE-2020-12338 (Insufficient control flow management in the Open WebRTC Toolkit before ...) NOT-FOR-US: Intel CVE-2020-12337 (Improper buffer restrictions in firmware for some Intel(R) NUCs may al ...) NOT-FOR-US: Intel CVE-2020-12336 (Insecure default variable initialization in firmware for some Intel(R) ...) NOT-FOR-US: Intel CVE-2020-12335 (Improper permissions in the installer for the Intel(R) Processor Ident ...) NOT-FOR-US: Intel CVE-2020-12334 (Improper permissions in the installer for the Intel(R) Advisor tools b ...) NOT-FOR-US: Intel CVE-2020-12333 (Insufficiently protected credentials in the Intel(R) QAT for Linux bef ...) NOT-FOR-US: Intel CVE-2020-12332 (Improper permissions in the installer for the Intel(R) HID Event Filte ...) NOT-FOR-US: Intel CVE-2020-12331 (Improper access controls in Intel Unite(R) Cloud Service client before ...) NOT-FOR-US: Intel CVE-2020-12330 (Improper permissions in the installer for the Intel(R) Falcon 8+ UAS A ...) NOT-FOR-US: Intel CVE-2020-12329 (Uncontrolled search path in the Intel(R) VTune(TM) Profiler before ver ...) NOT-FOR-US: Intel CVE-2020-12328 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...) NOT-FOR-US: Intel CVE-2020-12327 (Insecure default variable initialization in some Intel(R) Thunderbolt( ...) NOT-FOR-US: Intel CVE-2020-12326 (Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers f ...) NOT-FOR-US: Intel CVE-2020-12325 (Improper buffer restrictions in some Intel(R) Thunderbolt(TM) DCH driv ...) NOT-FOR-US: Intel CVE-2020-12324 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) DCH driv ...) NOT-FOR-US: Intel CVE-2020-12323 (Improper input validation in the Intel(R) ADAS IE before version ADAS_ ...) NOT-FOR-US: Intel CVE-2020-12322 (Improper input validation in some Intel(R) Wireless Bluetooth(R) produ ...) NOT-FOR-US: Intel (Wireless Bluetooth products, but only affecting Windows) CVE-2020-12321 (Improper buffer restriction in some Intel(R) Wireless Bluetooth(R) pro ...) - firmware-nonfree [buster] - firmware-nonfree (non-free not supported) [stretch] - firmware-nonfree (Minor issue, can be considered if some other major issue appear) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00403.html NOTE: See notes for CVE-2020-12313 CVE-2020-12320 (Uncontrolled search path in Intel(R) SCS Add-on for Microsoft* SCCM be ...) NOT-FOR-US: Intel CVE-2020-12319 (Insufficient control flow management in some Intel(R) PROSet/Wireless ...) - firmware-nonfree [buster] - firmware-nonfree (non-free not supported) [stretch] - firmware-nonfree (Minor issue, can be considered if some other major issue appear) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html NOTE: See notes for CVE-2020-12313 CVE-2020-12318 (Protection mechanism failure in some Intel(R) PROSet/Wireless WiFi pro ...) NOT-FOR-US: Intel PROSet/Wireless WiFi products (not applicable to Linux) CVE-2020-12317 (Improper buffer restriction in some Intel(R) PROSet/Wireless WiFi prod ...) - firmware-nonfree [buster] - firmware-nonfree (non-free not supported) [stretch] - firmware-nonfree (Minor Issue, May be considered if some major issue appear) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html NOTE: See notes for CVE-2020-12313 CVE-2020-12316 (Insufficiently protected credentials in the Intel(R) EMA before versio ...) NOT-FOR-US: Intel CVE-2020-12315 (Path traversal in the Intel(R) EMA before version 1.3.3 may allow an u ...) NOT-FOR-US: Intel CVE-2020-12314 (Improper input validation in some Intel(R) PROSet/Wireless WiFi produc ...) NOT-FOR-US: Intel PROSet/Wireless WiFi products (not applicable to Linux) CVE-2020-12313 (Insufficient control flow management in some Intel(R) PROSet/Wireless ...) - firmware-nonfree [buster] - firmware-nonfree (non-free not supported) [stretch] - firmware-nonfree (Minor Issue, May be considered if some major issue appear) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00402.html NOTE: Fixed firmware blobs: NOTE: ibt-18-16-1.sfi: FW Build: REL17064 Release Version: 22.20.0.3 NOTE: ibt-hw-37.8.10-fw-22.50.19.14.f.bseq NOTE: Not shipped in Debian: Wi-Fi 6 AX200, Wireless-AC 9560, Wireless-AC 9462, Wireless-AC 9461, Dual Band Wireless-AC 3165 NOTE: Intel seems to have missed the update for ibt-12-16.sfi, last update from May 2019 NOTE: Intel seems to have missed the update for ibt-11-5.sfi, last update from Jan 2019 NOTE: There's no conclusive information which allows to track these, until something NOTE: gets confirmed by Intel, track as CVE-2020-12312 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...) NOT-FOR-US: Intel CVE-2020-12311 (Insufficient control flow managementin firmware in some Intel(R) Clien ...) NOT-FOR-US: Intel CVE-2020-12310 (Insufficient control flow managementin firmware in some Intel(R) Clien ...) NOT-FOR-US: Intel CVE-2020-12309 (Insufficiently protected credentialsin subsystem in some Intel(R) Clie ...) NOT-FOR-US: Intel CVE-2020-12308 (Improper access control for the Intel(R) Computing Improvement Program ...) NOT-FOR-US: Intel CVE-2020-12307 (Improper permissions in some Intel(R) High Definition Audio drivers be ...) NOT-FOR-US: Intel CVE-2020-12306 (Incorrect default permissions in the Intel(R) RealSense(TM) D400 Serie ...) NOT-FOR-US: Intel CVE-2020-12305 RESERVED CVE-2020-12304 (Improper access control in Installer for Intel(R) DAL SDK before versi ...) NOT-FOR-US: Intel CVE-2020-12303 (Use after free in DAL subsystem for Intel(R) CSME versions before 11.8 ...) NOT-FOR-US: Intel CVE-2020-12302 (Improper permissions in the Intel(R) Driver & Support Assistant be ...) NOT-FOR-US: Intel CVE-2020-12301 (Improper initialization in BIOS firmware for Intel(R) Server Board Fam ...) NOT-FOR-US: Intel CVE-2020-12300 (Uninitialized pointer in BIOS firmware for Intel(R) Server Board Famil ...) NOT-FOR-US: Intel CVE-2020-12299 (Improper input validation in BIOS firmware for Intel(R) Server Board F ...) NOT-FOR-US: Intel CVE-2020-12298 RESERVED CVE-2020-12297 (Improper access control in Installer for Intel(R) CSME Driver for Wind ...) NOT-FOR-US: Intel CVE-2020-12296 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...) NOT-FOR-US: Intel CVE-2020-12295 (Improper input validation in some Intel(R) Thunderbolt(TM) controllers ...) NOT-FOR-US: Intel CVE-2020-12294 (Insufficient control flow management in some Intel(R) Thunderbolt(TM) ...) NOT-FOR-US: Intel CVE-2020-12293 (Improper control of a resource through its lifetime in some Intel(R) T ...) NOT-FOR-US: Intel CVE-2020-12292 (Improper conditions check in some Intel(R) Thunderbolt(TM) controllers ...) NOT-FOR-US: Intel CVE-2020-12291 (Uncontrolled resource consumption in some Intel(R) Thunderbolt(TM) con ...) NOT-FOR-US: Intel CVE-2020-12290 (Improper access control in some Intel(R) Thunderbolt(TM) controllers m ...) NOT-FOR-US: Intel CVE-2020-12289 (Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may a ...) NOT-FOR-US: Intel CVE-2020-12288 (Protection mechanism failure in some Intel(R) Thunderbolt(TM) controll ...) NOT-FOR-US: Intel CVE-2020-12287 (Incorrect permissions in the Intel(R) Distribution of OpenVINO(TM) Too ...) NOT-FOR-US: Intel CVE-2020-12286 (In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the Task ...) NOT-FOR-US: Octopus Deploy CVE-2020-12285 RESERVED CVE-2020-12284 (cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2 ...) {DSA-4722-1} - ffmpeg 7:4.2.3-1 [stretch] - ffmpeg (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=19734 NOTE: https://github.com/FFmpeg/FFmpeg/commit/1812352d767ccf5431aa440123e2e260a4db2726 CVE-2020-12283 (Sourcegraph before 3.15.1 has a vulnerable authentication workflow bec ...) NOT-FOR-US: Sourcegraph CVE-2020-12282 (iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in ...) NOT-FOR-US: iSmartgate PRO CVE-2020-12281 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) NOT-FOR-US: iSmartgate PRO CVE-2020-12280 (iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attacker ...) NOT-FOR-US: iSmartgate PRO CVE-2020-12279 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) - libgit2 0.28.4+dfsg.1-2 [buster] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [stretch] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) NOTE: https://github.com/libgit2/libgit2/commit/64c612cc3e25eff5fb02c59ef5a66ba7a14751e4 CVE-2020-12278 (An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99. ...) - libgit2 0.28.4+dfsg.1-2 [buster] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [stretch] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) [jessie] - libgit2 (Minor issue; only problematic when used on NTFS like filesystem) NOTE: https://github.com/libgit2/libgit2/commit/3f7851eadca36a99627ad78cbe56a40d3776ed01 NOTE: https://github.com/libgit2/libgit2/commit/e1832eb20a7089f6383cfce474f213157f5300cb CVE-2020-12277 (GitLab 10.8 through 12.9 has a vulnerability that allows someone to mi ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12276 (GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin noti ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12275 (GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-12274 (In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url param ...) NOT-FOR-US: TestLink CVE-2020-12273 (In TestLink 1.9.20, a crafted login.php viewer parameter exposes clear ...) NOT-FOR-US: TestLink CVE-2020-12272 (OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentic ...) - opendmarc 1.4.0~beta1+dfsg-4 (bug #977767) [buster] - opendmarc (Minor issue) [stretch] - opendmarc (Minor issue; can be fixed in next update) NOTE: https://sourceforge.net/p/opendmarc/tickets/237/ NOTE: https://www.usenix.org/system/files/sec20fall_chen-jianjun_prepub_0.pdf NOTE: Fix: https://github.com/trusteddomainproject/OpenDMARC/commit/f3a9a9d4edfaa05102292727d021683f58aa4b6e CVE-2020-12271 (A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 bef ...) NOT-FOR-US: SFOS CVE-2020-12270 (** DISPUTED ** React Native Bluetooth Scan in Bluezone 1.0.0 uses six- ...) NOT-FOR-US: Bluezone CVE-2020-12269 RESERVED CVE-2020-12268 (jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 h ...) {DLA-2796-1} - jbig2dec 0.18-1 [buster] - jbig2dec (Minor issue) [jessie] - jbig2dec (Minor issue) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20332 NOTE: https://github.com/ArtifexSoftware/jbig2dec/commit/0726320a4b55078e9d8deb590e477d598b3da66e CVE-2020-12267 (setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextM ...) - qtbase-opensource-src (Vulnerable code not present) NOTE: https://github.com/qt/qtbase/commit/7447e2b337f12b4d04935d0f30fc673e4327d5a0 NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20450 NOTE: The 5.14 in experimental contains the code, but is already fixed CVE-2020-12266 (An issue was discovered where there are multiple externally accessible ...) NOT-FOR-US: WAVLINK CVE-2020-12265 (The decompress package before 4.2.1 for Node.js is vulnerable to Arbit ...) NOT-FOR-US: Node decompress CVE-2020-12264 RESERVED CVE-2020-12263 RESERVED CVE-2020-12262 (Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61 ...) NOT-FOR-US: Intelbras CVE-2020-12261 (Open-AudIT 3.3.0 allows an XSS attack after login. ...) NOT-FOR-US: Open-AudIT CVE-2020-12260 RESERVED CVE-2020-12259 (rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php fil ...) NOT-FOR-US: rConfig CVE-2020-12258 (rConfig 3.9.4 is vulnerable to session fixation because session expiry ...) NOT-FOR-US: rConfig CVE-2020-12257 (rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) becau ...) NOT-FOR-US: rConfig CVE-2020-12256 (rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file ...) NOT-FOR-US: rConfig CVE-2020-12255 (rConfig 3.9.4 is vulnerable to remote code execution due to improper v ...) NOT-FOR-US: rConfig CVE-2020-12254 (Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escal ...) NOT-FOR-US: Avira Antivirus CVE-2020-12253 RESERVED CVE-2020-12252 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...) NOT-FOR-US: Gigamon CVE-2020-12251 (An issue was discovered in Gigamon GigaVUE 5.5.01.11. The upload funct ...) NOT-FOR-US: Gigamon CVE-2020-12250 RESERVED CVE-2020-12249 RESERVED CVE-2020-12248 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) NOT-FOR-US: Foxit CVE-2020-12247 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) NOT-FOR-US: Foxit CVE-2020-12246 (Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other & ...) NOT-FOR-US: Beeline Smart Box CVE-2020-12245 (Grafana before 6.7.3 allows table-panel XSS via column.title or cellLi ...) - grafana NOTE: https://github.com/grafana/grafana/pull/23816 CVE-2020-12244 (An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where ...) {DSA-4691-1} - pdns-recursor 4.3.1-1 [jessie] - pdns-recursor (Vulnerable code added later) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-02.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 CVE-2020-12243 (In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters wi ...) {DSA-4666-1 DLA-2199-1} - openldap 2.4.50+dfsg-1 NOTE: https://bugs.openldap.org/show_bug.cgi?id=9202 NOTE: https://git.openldap.org/openldap/openldap/-/commit/d38d48fc8f572dedfb67b9da61a2ba3b125ced91 (master) NOTE: https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440 (OPENLDAP_REL_ENG_2_4_50) CVE-2020-12242 (Valve Source allows local users to gain privileges by writing to the / ...) NOT-FOR-US: Valve CVE-2020-12241 RESERVED CVE-2020-12240 RESERVED CVE-2020-12239 RESERVED CVE-2020-12238 RESERVED CVE-2020-12237 RESERVED CVE-2020-12236 RESERVED CVE-2020-12235 RESERVED CVE-2020-12234 RESERVED CVE-2020-12233 RESERVED CVE-2020-12232 RESERVED CVE-2020-12231 RESERVED CVE-2020-12230 RESERVED CVE-2020-12229 RESERVED CVE-2020-12228 RESERVED CVE-2020-12227 RESERVED CVE-2020-12226 RESERVED CVE-2020-12225 RESERVED CVE-2020-12224 RESERVED CVE-2020-12223 RESERVED CVE-2020-12222 RESERVED CVE-2020-12221 RESERVED CVE-2020-12220 RESERVED CVE-2020-12219 RESERVED CVE-2020-12218 RESERVED CVE-2020-12217 RESERVED CVE-2020-12216 RESERVED CVE-2020-12215 RESERVED CVE-2020-12214 RESERVED CVE-2020-12213 RESERVED CVE-2020-12212 RESERVED CVE-2020-12211 RESERVED CVE-2020-12210 RESERVED CVE-2020-12209 RESERVED CVE-2020-12208 RESERVED CVE-2020-12207 RESERVED CVE-2020-12206 RESERVED CVE-2020-12205 RESERVED CVE-2020-12204 RESERVED CVE-2020-12203 RESERVED CVE-2020-12202 RESERVED CVE-2020-12201 RESERVED CVE-2020-12200 RESERVED CVE-2020-12199 RESERVED CVE-2020-12198 RESERVED CVE-2020-12197 RESERVED CVE-2020-12196 RESERVED CVE-2020-12195 RESERVED CVE-2020-12194 RESERVED CVE-2020-12193 RESERVED CVE-2020-12192 RESERVED CVE-2020-12191 RESERVED CVE-2020-12190 RESERVED CVE-2020-12189 RESERVED CVE-2020-12188 RESERVED CVE-2020-12187 RESERVED CVE-2020-12186 RESERVED CVE-2020-12185 RESERVED CVE-2020-12184 RESERVED CVE-2020-12183 RESERVED CVE-2020-12182 RESERVED CVE-2020-12181 RESERVED CVE-2020-12180 RESERVED CVE-2020-12179 RESERVED CVE-2020-12178 RESERVED CVE-2020-12177 RESERVED CVE-2020-12176 RESERVED CVE-2020-12175 RESERVED CVE-2020-12174 RESERVED CVE-2020-12173 RESERVED CVE-2020-12172 RESERVED CVE-2020-12171 RESERVED CVE-2020-12170 RESERVED CVE-2020-12169 RESERVED CVE-2020-12168 RESERVED CVE-2020-12167 RESERVED CVE-2020-12166 RESERVED CVE-2020-12165 RESERVED CVE-2020-12164 RESERVED CVE-2020-12163 RESERVED CVE-2020-12162 RESERVED CVE-2020-12161 RESERVED CVE-2020-12160 RESERVED CVE-2020-12159 RESERVED CVE-2020-12158 RESERVED CVE-2020-12157 RESERVED CVE-2020-12156 RESERVED CVE-2020-12155 RESERVED CVE-2020-12154 RESERVED CVE-2020-12153 RESERVED CVE-2020-12152 RESERVED CVE-2020-12151 RESERVED CVE-2020-12150 RESERVED CVE-2020-12149 (The configuration backup/restore function in Silver Peak Unity ECOSTM ...) NOT-FOR-US: Silver Peak Unity ECOSTM (ECOS) appliance software CVE-2020-12148 (A command injection flaw identified in the nslookup API in Silver Peak ...) NOT-FOR-US: Silver Peak Unity ECOSTM (ECOS) appliance software CVE-2020-12147 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...) NOT-FOR-US: Silver Peak Unity Orchestrator CVE-2020-12146 (In Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, ...) NOT-FOR-US: Silver Peak Unity Orchestrator CVE-2020-12145 (Silver Peak Unity Orchestrator versions prior to 8.9.11+, 8.10.11+, or ...) NOT-FOR-US: Silver Peak Unity Orchestrator CVE-2020-12144 (The certificate used to identify the Silver Peak Cloud Portal to EdgeC ...) NOT-FOR-US: Silver Peak Cloud Portal CVE-2020-12143 (The certificate used to identify Orchestrator to EdgeConnect devices i ...) NOT-FOR-US: EdgeConnect CVE-2020-12142 (1. IPSec UDP key material can be retrieved from machine-to-machine int ...) NOT-FOR-US: EdgeConnect CVE-2020-12141 (An out-of-bounds read in the SNMP stack in Contiki-NG 4.4 and earlier ...) NOT-FOR-US: SNMP stack in Contiki-NG CVE-2020-12140 RESERVED CVE-2020-12139 RESERVED CVE-2020-12138 (AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact ...) NOT-FOR-US: AMD ATI atillk64.sys specific issue CVE-2020-12136 RESERVED CVE-2020-12135 (bson before 0.8 incorrectly uses int rather than size_t for many varia ...) - duo-unix (unimportant; bug #958998) NOTE: Embedded older version, but affected function not used CVE-2020-12134 (Nanometrics Centaur through 4.3.23 and TitanSMA through 4.2.20 mishand ...) NOT-FOR-US: Nanometrics Centaur / TitanSMA CVE-2020-12133 (The Apros Evolution, ConsciusMap, and Furukawa provisioning systems th ...) NOT-FOR-US: Apros Evolution, ConsciusMap, and Furukawa CVE-2020-12132 (Fifthplay S.A.M.I before 2019.3_HP2 allows unauthenticated stored XSS ...) NOT-FOR-US: Fifthplay CVE-2020-12131 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the devicename parame ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12130 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the deleteFile parame ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12129 (The AirDisk Pro app 5.5.3 for iOS allows XSS via the createFolder para ...) NOT-FOR-US: AirDisk Pro app for iOS CVE-2020-12128 (DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal rela ...) NOT-FOR-US: DONG JOO CHO File Transfer iFamily CVE-2020-12127 (An information disclosure vulnerability in the /cgi-bin/ExportAllSetti ...) NOT-FOR-US: WAVLINK CVE-2020-12126 (Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoi ...) NOT-FOR-US: WAVLINK CVE-2020-12125 (A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi ...) NOT-FOR-US: WAVLINK CVE-2020-12124 (A remote command-line injection vulnerability in the /cgi-bin/live_api ...) NOT-FOR-US: WAVLINK CVE-2020-12123 (CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 ...) NOT-FOR-US: WAVLINK CVE-2020-12122 (In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc ...) NOT-FOR-US: Max Secure Max Spyware Detector CVE-2020-12121 RESERVED CVE-2020-12120 (The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote ...) NOT-FOR-US: PrestaShop CVE-2020-12119 (Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF ...) NOT-FOR-US: Ledger Live CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2.0 all ...) NOT-FOR-US: Binance tss-lib CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allo ...) NOT-FOR-US: Moxa CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Released bu ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-12115 RESERVED CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.3.7-1 NOTE: https://www.openwall.com/lists/oss-security/2020/05/04/2 CVE-2020-12113 (BigBlueButton before 2.2.4 allows XSS via closed captions because dang ...) NOT-FOR-US: BigBlueButton CVE-2020-12112 (BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive ...) NOT-FOR-US: BigBlueButton CVE-2020-12111 (Certain TP-Link devices allow Command Injection. This affects NC260 1. ...) NOT-FOR-US: TP-Link CVE-2020-12110 (Certain TP-Link devices have a Hardcoded Encryption Key. This affects ...) NOT-FOR-US: TP-Link CVE-2020-12109 (Certain TP-Link devices allow Command Injection. This affects NC200 2. ...) NOT-FOR-US: TP-Link CVE-2020-12108 (/options/mailman in GNU Mailman before 2.1.31 allows Arbitrary Content ...) {DSA-4991-1 DLA-2276-1 DLA-2204-1} - mailman NOTE: https://bugs.launchpad.net/mailman/+bug/1873722 NOTE: Fixed by: https://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1844 CVE-2020-12107 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows command ...) NOT-FOR-US: VPNCrypt CVE-2020-12106 (The Web portal of the WiFi module of VPNCrypt M10 2.6.5 allows unauthe ...) NOT-FOR-US: VPNCrypt CVE-2020-12105 (OpenConnect through 8.08 mishandles negative return values from X509_c ...) - openconnect (unimportant; bug #959428) [jessie] - openconnect (Vulnerable code introduced later) NOTE: https://gitlab.com/openconnect/openconnect/-/merge_requests/96 NOTE: Only an issue if building with OpenSSL, where Debian binary packages use NOTE: GnuTLS. CVE-2020-12104 (The Import feature in the wp-advanced-search plugin 3.3.6 for WordPres ...) NOT-FOR-US: Import feature in the wp-advanced-search plugin for WordPress CVE-2020-12103 (In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file b ...) NOT-FOR-US: Tiny File Manager CVE-2020-12102 (In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in ...) NOT-FOR-US: Tiny File Manager CVE-2020-12101 (The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remo ...) NOT-FOR-US: xt:Commerce CVE-2020-12100 (In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp ...) {DSA-4745-1 DLA-2328-1} - dovecot 1:2.3.11.3+dfsg1-1 (bug #968302) NOTE: https://www.openwall.com/lists/oss-security/2020/08/12/1 NOTE: https://github.com/dovecot/core/commit/d4bb43a08ab9ecfab7249a17279e5f773c8abaad NOTE: https://github.com/dovecot/core/commit/6d77e00e4d170efde908591dc5871a8e48ea844b NOTE: https://github.com/dovecot/core/commit/926742088a3c66c11099386b2c6e80999c29f405 NOTE: https://github.com/dovecot/core/commit/e5830ae88531a32db36c97ebf122cba9a39cf801 NOTE: https://github.com/dovecot/core/commit/cb00e21fd70aae49453aedc1bb33c0765ab98667 NOTE: https://github.com/dovecot/core/commit/5ecadd30746d91854b5aa484feff9c70ea91c20b NOTE: https://github.com/dovecot/core/commit/24f0bfefdbccaaaaab9f52be428648ec3f1c34d3 NOTE: https://github.com/dovecot/core/commit/02c7c6dbb51748a5af8b0c70a499a3ab17de8490 NOTE: https://github.com/dovecot/core/commit/729941c996ee0b0ede40f462c9e34ceb6a6bd049 NOTE: https://github.com/dovecot/core/commit/8dbc754a31fbf7684e858aa1fb633b8dfbeb13cf NOTE: https://github.com/dovecot/core/commit/a175d654c3bc4d57641b871bbff99c10799b7d67 NOTE: https://github.com/dovecot/core/commit/a676cb539fc1545c58d1341baa2f875f7b694133 NOTE: https://github.com/dovecot/core/commit/0f46088a1af7b493db76a1d97ef4ecc6bb41f5a4 NOTE: https://github.com/dovecot/core/commit/7868f5f49be91fe51795b477a5440e69c1540716 NOTE: https://github.com/dovecot/core/commit/be53a118e789886efcdd57c513651c5148651161 NOTE: https://github.com/dovecot/core/commit/19193f40b1d74e8d4ef88121992b4a61d84773e3 CVE-2020-12099 RESERVED CVE-2020-12098 RESERVED CVE-2020-12097 RESERVED CVE-2020-12096 RESERVED CVE-2020-12095 RESERVED CVE-2020-12094 RESERVED CVE-2020-12093 RESERVED CVE-2020-12092 RESERVED CVE-2020-12091 RESERVED CVE-2020-12090 RESERVED CVE-2020-12089 RESERVED CVE-2020-12088 RESERVED CVE-2020-12087 RESERVED CVE-2020-12086 RESERVED CVE-2020-12085 RESERVED CVE-2020-12084 RESERVED CVE-2020-12083 (An elevated privileges issue related to Spring MVC calls impacts Code ...) NOT-FOR-US: Code Insight CVE-2020-12082 (A stored cross-site scripting issue impacts certain areas of the Web U ...) NOT-FOR-US: Insight CVE-2020-12081 (An information disclosure vulnerability has been identified in FlexNet ...) NOT-FOR-US: FlexNet Publisher lmadmin.exe CVE-2020-12080 (A Denial of Service vulnerability has been identified in FlexNet Publi ...) NOT-FOR-US: FlexNet CVE-2020-12137 (GNU Mailman 2.x before 2.1.30 uses the .obj extension for scrubbed app ...) {DSA-4664-1 DLA-2200-1} - mailman (bug #958930) NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/2 NOTE: http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1801 CVE-2020-12079 (Beaker before 0.8.9 allows a sandbox escape, enabling system access an ...) NOT-FOR-US: Beaker browser, different from src:beaker CVE-2020-12078 (An issue was discovered in Open-AudIT 3.3.1. There is shell metacharac ...) NOT-FOR-US: Open-AudIT CVE-2020-12077 (The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPr ...) NOT-FOR-US: mappress-google-maps-for-wordpress plugin for WordPress CVE-2020-12076 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress CVE-2020-12075 (The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPr ...) NOT-FOR-US: data-tables-generator-by-supsystic plugin for WordPress CVE-2020-12074 (The users-customers-import-export-for-wp-woocommerce plugin before 1.3 ...) NOT-FOR-US: users-customers-import-export-for-wp-woocommerce plugin for WordPress CVE-2020-12073 (The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect ...) NOT-FOR-US: responsive-add-ons plugin for WordPress CVE-2020-12072 RESERVED CVE-2020-12071 (Anchor 0.12.7 allows admins to cause XSS via crafted post content. ...) NOT-FOR-US: Anchor CVE-2020-12070 (The Advanced Woo Search plugin version through 1.99 for Wordpress suff ...) NOT-FOR-US: Advanced Woo Search plugin for WordPress CVE-2020-12069 RESERVED CVE-2020-12068 (An issue was discovered in CODESYS Development System before 3.5.16.0. ...) NOT-FOR-US: CODESYS CVE-2020-12067 RESERVED CVE-2020-12066 (CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before ...) {DSA-4763-1} - teeworlds 0.7.5-1 [jessie] - teeworlds (Not supported in jessie LTS) NOTE: https://github.com/teeworlds/teeworlds/commit/c68402fa7e279d42886d5951d1ea8ac2facc1ea5 NOTE: https://www.teeworlds.com/forum/viewtopic.php?id=14785 CVE-2020-12065 RESERVED CVE-2020-12064 RESERVED CVE-2020-12063 (** DISPUTED ** A certain Postfix 2.10.1-7 package could allow an attac ...) NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/3 NOTE: https://www.openwall.com/lists/oss-security/2020/04/23/12 NOTE: Not considered a Postfix vulnerability and scope is outside of the design goals CVE-2020-12062 (** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplica ...) - openssh 1:8.3p1-1 (unimportant) NOTE: https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1 NOTE: https://github.com/openssh/openssh-portable/commit/aad87b88fc2536b1ea023213729aaf4eaabe1894 NOTE: https://www.openwall.com/lists/oss-security/2020/05/27/1 NOTE: Negligible security impact, a malicious peer can achieve no more than already NOTE: able o achieve within the scp protocol. CVE-2020-12061 (An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Com ...) NOT-FOR-US: Nitrokey firmware CVE-2020-12060 RESERVED CVE-2020-12059 (An issue was discovered in Ceph through 13.2.9. A POST request with an ...) - ceph 14.2.4-1 [buster] - ceph (Minor issue) [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/44967 NOTE: Introduced with: https://github.com/ceph/ceph/commit/5fb068114bb3da2f8fabea89160a8453f861dc96 (v12.1.1) NOTE: Fixed by: https://github.com/ceph/ceph/commit/375d926a4f2720a29b079c216bafb884eef985c3 (v13.2.10) NOTE: Consider 14.x series as fixed due to the use of the new style xml parsing. CVE-2020-12058 (Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 al ...) NOT-FOR-US: osCommerce CE Phoenix CVE-2020-12057 RESERVED CVE-2020-12056 RESERVED CVE-2020-12055 RESERVED CVE-2020-12054 (The Catch Breadcrumb plugin before 1.5.4 for WordPress allows Reflecte ...) NOT-FOR-US: Catch Breadcrumb plugin for WordPress CVE-2020-12053 (In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-ba ...) NOT-FOR-US: Unisys Stealth CVE-2020-12052 (Grafana version < 6.7.3 is vulnerable for annotation popup XSS. ...) - grafana CVE-2020-12051 (The CentralAuth extension through REL1_34 for MediaWiki allows remote ...) NOT-FOR-US: MediaWiki extension CVE-2020-12050 (SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.99 ...) - sqliteodbc (unimportant) NOTE: The issue is located in the *.spec files used for rpm packaging using insecurely NOTE: /tmp/sqliteodbc$$. Debian packaging maintainer scripts do not suffer from same NOTE: issue. CVE-2020-12049 (An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusSe ...) {DLA-2235-1} - dbus 1.12.18-1 [buster] - dbus 1.12.20-0+deb10u1 [stretch] - dbus 1.10.32-0+deb9u1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/3 NOTE: https://gitlab.freedesktop.org/dbus/dbus/-/issues/294 NOTE: Fixed by: https://gitlab.freedesktop.org/dbus/dbus/-/commit/272d484283883fa9ff95b69d924fff6cd34842f5 NOTE: Test: https://gitlab.freedesktop.org/dbus/dbus/-/commit/8bc1381819e5a845331650bfa28dacf6d2ac1748 CVE-2020-12048 (Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hem ...) NOT-FOR-US: Phoenix Hemodialysis Delivery System CVE-2020-12047 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), whe ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12046 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmwar ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-12045 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12044 RESERVED CVE-2020-12043 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12042 (Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-12041 (The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) teln ...) NOT-FOR-US: Baxter Spectrum WBM CVE-2020-12040 (Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spec ...) NOT-FOR-US: Sigma Spectrum Infusion System CVE-2020-12039 (Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v' ...) NOT-FOR-US: Baxter CVE-2020-12038 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...) NOT-FOR-US: Rockwell Automation CVE-2020-12037 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) NOT-FOR-US: Baxter CVE-2020-12036 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) NOT-FOR-US: Baxter CVE-2020-12035 (Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The ...) NOT-FOR-US: Baxter CVE-2020-12034 (Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk ...) NOT-FOR-US: Rockwell Automation CVE-2020-12033 (In Rockwell Automation FactoryTalk Services Platform, all versions, th ...) NOT-FOR-US: Rockwell Automation CVE-2020-12032 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...) NOT-FOR-US: Baxter CVE-2020-12031 (In all versions of FactoryTalk View SE, after bypassing memory corrupt ...) NOT-FOR-US: FactoryTalk View SE CVE-2020-12030 (There is a flaw in the code used to configure the internal gateway fir ...) NOT-FOR-US: Emerson WirelessHART Gateway CVE-2020-12029 (All versions of FactoryTalk View SE do not properly validate input of ...) NOT-FOR-US: FactoryTalk View SE CVE-2020-12028 (In all versions of FactoryTalk View SEA remote, an authenticated attac ...) NOT-FOR-US: FactoryTalk View CVE-2020-12027 (All versions of FactoryTalk View SE disclose the hostnames and file pa ...) NOT-FOR-US: FactoryTalk View SE CVE-2020-12026 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12025 (Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, ...) NOT-FOR-US: Rockwell Automation CVE-2020-12024 (Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix ...) NOT-FOR-US: Baxter CVE-2020-12023 (Philips IntelliBridge Enterprise (IBE), Versions B.12 and prior, Intel ...) NOT-FOR-US: Philips CVE-2020-12022 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An i ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12021 (In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous vers ...) NOT-FOR-US: OSIsoft PI Web CVE-2020-12020 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix E ...) NOT-FOR-US: Baxter CVE-2020-12019 (WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based ...) NOT-FOR-US: WebAccess Node CVE-2020-12018 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An o ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12017 (GE Grid Solutions Reason RT Clocks, RT430, RT431, and RT434, all firmw ...) NOT-FOR-US: GE Grid Solutions Reason RT Clocks CVE-2020-12016 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...) NOT-FOR-US: Baxter CVE-2020-12015 (A specially crafted communication packet sent to the affected systems ...) NOT-FOR-US: Mitsubishi CVE-2020-12014 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Inpu ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12013 (A specially crafted WCF client that interfaces to the may allow the ex ...) NOT-FOR-US: Mitsubishi CVE-2020-12012 (Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Vers ...) NOT-FOR-US: Baxter CVE-2020-12011 (A specially crafted communication packet sent to the affected systems ...) NOT-FOR-US: Mitsubishi CVE-2020-12010 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12009 (A specially crafted communication packet sent to the affected device c ...) NOT-FOR-US: Mitsubishi CVE-2020-12008 (Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Vers ...) NOT-FOR-US: Baxter CVE-2020-12007 (A specially crafted communication packet sent to the affected devices ...) NOT-FOR-US: Mitsubishi CVE-2020-12006 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12005 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-12004 (The affected product lacks proper authentication required to query the ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-12003 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-12002 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-12001 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-12000 (The affected product is vulnerable to the handling of serialized data. ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-11999 (FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.0 ...) NOT-FOR-US: FactoryTalk CVE-2020-11998 (A regression has been introduced in the commit preventing JMX re-bind. ...) - activemq (Only affects 5.15.12) NOTE: http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt CVE-2020-11997 (Apache Guacamole 1.2.0 and earlier do not consistently restrict access ...) - guacamole-client [stretch] - guacamole-client (Minor issue; fix intrusive to backport) NOTE: https://lists.apache.org/thread.html/r1a9ae9d1608c9f846875c4191cd738f95543d1be06b52dc1320e8117%40%3Cannounce.guacamole.apache.org%3E NOTE: https://issues.apache.org/jira/browse/GUACAMOLE-1123 NOTE: https://github.com/apache/guacamole-client/pulls?q=is%3Apr+guacamole-1123+is%3Aclosed NOTE: https://github.com/glyptodon/guacamole-client/pull/453 NOTE: https://enterprise.glyptodon.com/doc/latest/cve-2020-11997-inconsistent-restriction-of-connection-history-visibility-31424710.html NOTE: https://enterprise.glyptodon.com/doc/1.x/changelog-950368.html#id-.Changelogv1.x-1.14 CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache Tomcat ...) {DSA-4727-1 DLA-2279-1} - tomcat9 9.0.36-1 - tomcat8 NOTE: https://www.openwall.com/lists/oss-security/2020/06/25/6 NOTE: https://github.com/apache/tomcat/commit/9a0231683a77e2957cea0fdee88b193b30b0c976 (9.0.36) NOTE: https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552 (8.5.56) CVE-2020-11995 (A deserialization vulnerability existed in dubbo 2.7.5 and its earlier ...) NOT-FOR-US: Apache Dubbo CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure on Camel ...) NOT-FOR-US: Apache Camel CVE-2020-11993 (Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enab ...) {DSA-4757-1} - apache2 2.4.46-1 [stretch] - apache2 (Too intrusive to backport) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11993 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/3 NOTE: https://svn.apache.org/r1879642 NOTE: https://github.com/apache/httpd/commit/63a0a87efa0925514d15c211b508f6594669888c CVE-2020-11992 REJECTED CVE-2020-11991 (When using the StreamGenerator, the code parse a user-provided XML. A ...) - cocoon CVE-2020-11990 (We have resolved a security issue in the camera plugin that could have ...) NOT-FOR-US: Apache Cordova CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...) {DLA-2273-1} - shiro 1.3.2-5 (bug #988728) [bullseye] - shiro 1.3.2-4+deb11u1 [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1 NOTE: https://github.com/apache/shiro/pull/211 NOTE: https://issues.apache.org/jira/browse/SHIRO-753 NOTE: The original CVE-2020-1957 adressed in 1.5.2 introduced an encoding issue NOTE: which can (security wise) be exploited, resulting in a 1.5.3 release. This NOTE: CVE is closely related to CVE-2020-1957. CVE-2020-11988 (Apache XmlGraphics Commons 2.4 is vulnerable to server-side request fo ...) - xmlgraphics-commons 2.4-2 (bug #984949) [bullseye] - xmlgraphics-commons 2.4-2~deb11u1 [buster] - xmlgraphics-commons 2.3-1+deb10u1 [stretch] - xmlgraphics-commons (Vulnerable code is not present) NOTE: https://github.com/apache/xmlgraphics-commons/commit/57393912eb87b994c7fed39ddf30fb778a275183 NOTE: https://issues.apache.org/jira/browse/XGC-122 CVE-2020-11987 (Apache Batik 1.13 is vulnerable to server-side request forgery, caused ...) - batik 1.14-1 (bug #984829) [bullseye] - batik (Minor issue) [buster] - batik (Minor issue) [stretch] - batik (Minor issue) NOTE: https://github.com/apache/xmlgraphics-batik/commit/0ef5b661a1f77772d1110877ea9e0287987098f6 CVE-2020-11986 (To be able to analyze gradle projects, the build scripts need to be ex ...) - netbeans 12.1-1 [stretch] - netbeans (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/09/07/2 CVE-2020-11985 (IP address spoofing when proxying using mod_remoteip and mod_rewrite F ...) - apache2 2.4.25-1 NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=60251 NOTE: https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1875299 NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11985 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/2 NOTE: Upstream patch: https://svn.apache.org/r1688399 NOTE: https://github.com/apache/httpd/commit/dd6c959b3625048ee15ba4ad72e6cb7bcaf91020 CVE-2020-11984 (Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure an ...) {DSA-4757-1 DLA-2362-1} - apache2 2.4.46-1 [stretch] - apache2 (Vulnerable code not present) - uwsgi (unimportant) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-11984 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/1 NOTE: https://svn.apache.org/r1880251 NOTE: https://github.com/apache/httpd/commit/0c543e3f5b3881d515d6235f152aacaaaf3aba72 NOTE: uwsgi since 2.0.15-11 drops building the libapache2-mod-proxy-uwsgi{,-dbg} NOTE: packages which are provided by src:apache2 itself. CVE-2020-11983 (An issue was found in Apache Airflow versions 1.10.10 and below. It wa ...) - airflow (bug #819700) CVE-2020-11982 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...) - airflow (bug #819700) CVE-2020-11981 (An issue was found in Apache Airflow versions 1.10.10 and below. When ...) - airflow (bug #819700) CVE-2020-11980 (In Karaf, JMX authentication takes place using JAAS and authorization ...) - apache-karaf (bug #881297) CVE-2020-11979 (As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissi ...) - ant 1.10.9-1 (bug #971612) [buster] - ant (Vulnerability not present as CVE-2020-1945 not addressed) [stretch] - ant (Vulnerability not present as CVE-2020-1945 not addressed) NOTE: https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E NOTE: Issue is pesent depending on if CVE-2020-1945 was fixed. CVE-2020-11978 (An issue was found in Apache Airflow versions 1.10.10 and below. A rem ...) - airflow (bug #819700) CVE-2020-11977 (In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable ext ...) NOT-FOR-US: Apache Syncope CVE-2020-11976 (By crafting a special URL it is possible to make Wicket deliver unproc ...) NOT-FOR-US: Apache Wicket CVE-2020-11975 (Apache Unomi allows conditions to use OGNL scripting which offers the ...) NOT-FOR-US: Apache Unomi CVE-2020-11974 (In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote co ...) NOT-FOR-US: DolphinScheduler CVE-2020-11973 (Apache Camel Netty enables Java deserialization by default. Apache Cam ...) NOT-FOR-US: Apache Camel CVE-2020-11972 (Apache Camel RabbitMQ enables Java deserialization by default. Apache ...) NOT-FOR-US: Apache Camel CVE-2020-11971 (Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, ...) NOT-FOR-US: Apache Camel CVE-2020-11970 REJECTED CVE-2020-11969 (If Apache TomEE is configured to use the embedded ActiveMQ broker, and ...) NOT-FOR-US: Apache TomEE CVE-2020-11968 (** DISPUTED ** In the web-panel in IQrouter through 3.3.1, remote atta ...) NOT-FOR-US: IQrouter CVE-2020-11967 (** DISPUTED ** In IQrouter through 3.3.1, remote attackers can control ...) NOT-FOR-US: IQrouter CVE-2020-11966 (** DISPUTED ** In IQrouter through 3.3.1, the Lua function reset_passw ...) NOT-FOR-US: IQrouter CVE-2020-11965 (** DISPUTED ** In IQrouter through 3.3.1, there is a root user without ...) NOT-FOR-US: IQrouter CVE-2020-11964 (** DISPUTED ** In IQrouter through 3.3.1, the Lua function diag_set_pa ...) NOT-FOR-US: IQrouter CVE-2020-11963 (** DISPUTED ** IQrouter through 3.3.1, when unconfigured, has multiple ...) NOT-FOR-US: IQrouter CVE-2020-11962 RESERVED CVE-2020-11961 (Xiaomi router R3600 ROM before 1.0.50 is affected by a sensitive infor ...) NOT-FOR-US: Xiaomi CVE-2020-11960 (Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability w ...) NOT-FOR-US: Xiaomi CVE-2020-11959 (An unsafe configuration of nginx lead to information leak in Xiaomi ro ...) NOT-FOR-US: Xiaomi CVE-2020-11958 (re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/sc ...) - re2c 1.3-2 (bug #963158) [buster] - re2c (Vulnerability introduced later) [stretch] - re2c (Vulnerability introduced later) [jessie] - re2c (Vulnerability introduced later) NOTE: http://blogs.gentoo.org/ago/2020/04/19/re2c-heap-overflow-in-scannerfill-scanner-cc/ NOTE: Logical error introduced in: https://github.com/skvadrik/re2c/commit/2f3e597abce36fb7f41413373308b7f13fc98181 (1.2) NOTE: Vulnerability introduced in: https://github.com/skvadrik/re2c/commit/1edd26a35457c5835afd58b8fa8330d33e7a1192 (1.2) NOTE: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a#commitcomment-38652070 NOTE: Fixed by: https://github.com/skvadrik/re2c/commit/c4603ba5ce229db83a2a4fb93e6d4b4e3ec3776a CVE-2020-11957 (The Bluetooth Low Energy implementation in Cypress PSoC Creator BLE 4. ...) NOT-FOR-US: Cypress CVE-2020-11956 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11955 (An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11954 RESERVED CVE-2020-11953 (An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11952 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11951 (An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMC ...) NOT-FOR-US: Rittal PDU-3C002DEC CVE-2020-11950 (VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XX ...) NOT-FOR-US: VIVOTEK Network Cameras CVE-2020-11949 (testserver.cgi of the web service on VIVOTEK Network Cameras before XX ...) NOT-FOR-US: VIVOTEK Network Cameras CVE-2020-11948 RESERVED CVE-2020-11947 (iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buf ...) {DSA-4665-1 DLA-2288-1} - qemu 1:4.2-7 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=ff0507c239a246fd7215b31c5658fc6a3ee1e4c5 (v5.0.0-rc4) CVE-2020-11946 (Zoho ManageEngine OpManager before 125120 allows an unauthenticated us ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-11945 (An issue was discovered in Squid before 5.0.2. A remote attacker can r ...) {DSA-4682-1 DLA-2278-1} - squid 4.11-1 - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_4.txt NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-eeebf0f37a72a2de08348e85ae34b02c34e9a811.patch CVE-2020-11944 (Abe (aka bitcoin-abe) through 0.7.2, and 0.8pre, allows XSS in __call_ ...) NOT-FOR-US: bitcoin-abe CVE-2020-11943 (An issue was discovered in Open-AudIT 3.2.2. There is Arbitrary file u ...) NOT-FOR-US: Open-AudIT CVE-2020-11942 (An issue was discovered in Open-AudIT 3.2.2. There are Multiple SQL In ...) NOT-FOR-US: Open-AudIT CVE-2020-11941 (An issue was discovered in Open-AudIT 3.2.2. There is OS Command injec ...) NOT-FOR-US: Open-AudIT CVE-2020-11940 (In nDPI through 3.2 Stable, an out-of-bounds read in concat_hash_strin ...) - ndpi 3.4-1 (bug #972050) [buster] - ndpi (Introduced in 3.0) [stretch] - ndpi (Introduced in 3.0) [jessie] - ndpi (Introduced in 3.0) NOTE: https://github.com/ntop/nDPI/commit/3bbb0cd3296023f6f922c71d21a1c374d2b0a435 (3.4) NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi CVE-2020-11939 (In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KE ...) - ndpi 3.4-1 (bug #972050) [buster] - ndpi (Introduced in 3.0) [stretch] - ndpi (Introduced in 3.0) [jessie] - ndpi (Introduced in 3.0) NOTE: https://github.com/ntop/nDPI/commit/7ce478a58b4dd29a8d1e6f4e9df2f778613d9202 (3.4) NOTE: https://securitylab.github.com/advisories/GHSL-2020-051_052-ntop-ndpi CVE-2020-11938 (In JetBrains TeamCity 2018.2 through 2019.2.1, a project administrator ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11937 (In whoopsie, parse_report() from whoopsie.c allows a local attacker to ...) NOT-FOR-US: Whoopsie CVE-2020-11936 RESERVED CVE-2020-11935 RESERVED - aufs (bug #964748) [buster] - aufs (Minor issue; CONFIG_IMA not enabled in kernel; can be fixed via point release) [stretch] - aufs (Minor issue; too many other aufs issues open) NOTE: To exploit the issue CONFIG_IMA in Kernel needs to be enabled. NOTE: linux/4.9.y had the config enabled, but was disabled in later versions NOTE: including linux/4.19.y. NOTE: https://sourceforge.net/p/aufs/mailman/message/37048642/ NOTE: https://github.com/sfjro/aufs4-linux/commit/515a586eeef31e0717d5dea21e2c11a965340b3c NOTE: https://github.com/sfjro/aufs4-linux/commit/f10aea57d39d6cd311312e9e7746804f7059b5c8 CVE-2020-11934 (It was discovered that snapctl user-open allowed altering the $XDG_DAT ...) - snapd 2.45.2-1 [buster] - snapd (Minor issue) [stretch] - snapd (Vulnerable code not present) NOTE: https://github.com/snapcore/snapd/commit/06342a31878f1cf99d56da5483e71b9af61f46ad CVE-2020-11933 (cloud-init as managed by snapd on Ubuntu Core 16 and Ubuntu Core 18 de ...) NOT-FOR-US: cloud-init in some Ubuntu images CVE-2020-11932 (It was discovered that the Subiquity installer for Ubuntu Server logge ...) NOT-FOR-US: Subiquity installer for Ubuntu CVE-2020-11931 (An Ubuntu-specific modification to Pulseaudio to provide security medi ...) NOT-FOR-US: Ubuntu snap packaging of Pulseaudio CVE-2020-11930 (The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS vi ...) NOT-FOR-US: GTranslate plugin for WordPress CVE-2020-11929 RESERVED CVE-2020-11928 (In the media-library-assistant plugin before 2.82 for WordPress, Remot ...) NOT-FOR-US: media-library-assistant plugin for WordPress CVE-2020-11927 RESERVED CVE-2020-11926 RESERVED CVE-2020-11925 (An issue was discovered in Luvion Grand Elite 3 Connect through 2020-0 ...) NOT-FOR-US: Luvion Grand Elite 3 Connect CVE-2020-11924 (An issue was discovered in WiZ Colors A60 1.14.0. Wi-Fi credentials ar ...) NOT-FOR-US: WiZ Colors A60 CVE-2020-11923 (An issue was discovered in WiZ Colors A60 1.14.0. API credentials are ...) NOT-FOR-US: WiZ Colors A60 CVE-2020-11922 (An issue was discovered in WiZ Colors A60 1.14.0. The device sends unn ...) NOT-FOR-US: WiZ Colors A60 CVE-2020-11921 RESERVED CVE-2020-11920 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...) NOT-FOR-US: Svakom Siime Eye CVE-2020-11919 RESERVED CVE-2020-11918 RESERVED CVE-2020-11917 RESERVED CVE-2020-11916 RESERVED CVE-2020-11915 (An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3. ...) NOT-FOR-US: Svakom Siime Eye CVE-2020-11914 (The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11913 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11912 (The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11911 (The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Cont ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11910 (The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Rea ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11909 (The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11908 (The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11907 (The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Par ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11906 (The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Inte ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11905 (The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11904 (The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11903 (The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11902 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling O ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11901 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution vi ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11900 (The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Fr ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11899 (The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read. ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11898 (The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMP ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11897 (The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11896 (The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, r ...) NOT-FOR-US: Treck TCP/IP stack / Cisco CVE-2020-11895 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (2 bytes) i ...) - ming NOTE: https://github.com/libming/libming/issues/197 CVE-2020-11894 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read (8 bytes) i ...) - ming NOTE: https://github.com/libming/libming/issues/196 CVE-2020-11893 RESERVED CVE-2020-11892 RESERVED CVE-2020-11891 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...) NOT-FOR-US: Joomla! CVE-2020-11890 (An issue was discovered in Joomla! before 3.9.17. Improper input valid ...) NOT-FOR-US: Joomla! CVE-2020-11889 (An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks ...) NOT-FOR-US: Joomla! CVE-2020-11888 (python-markdown2 through 2.3.8 allows XSS because element names are mi ...) - python-markdown2 2.3.9-1 (bug #959445) [buster] - python-markdown2 2.3.7-2+deb10u1 NOTE: https://github.com/trentm/python-markdown2/issues/348 CVE-2020-11887 (svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an ...) NOT-FOR-US: svg2png CVE-2020-11886 (OpenNMS Horizon and Meridian allows HQL Injection in element/nodeList. ...) - opennms (bug #450615) CVE-2020-11885 (WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability wher ...) NOT-FOR-US: WSO2 Enterprise Integrator CVE-2020-11884 (In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code exec ...) {DSA-4667-1} - linux 5.6.7-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/316ec154810960052d4586b634156c54d0778f74 CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...) NOT-FOR-US: Divante vue-storefront-api CVE-2020-11882 (The O2 Business application 1.2.0 for Android exposes the canvasm.myo2 ...) NOT-FOR-US: O2 Business CVE-2020-11881 (An array index error in MikroTik RouterOS 6.41.3 through 6.46.5, and 7 ...) NOT-FOR-US: MikroTik RouterOS CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...) - kmail 4:20.04.1-1 (bug #958054) [buster] - kmail (Minor issue) - kdepim [stretch] - kdepim (Minor issue) [jessie] - kdepim (Minor issue) NOTE: https://github.com/KDE/kmail/commit/2a348eccd352260f192d9b449492071bbf2b34b1 CVE-2020-11879 (An issue was discovered in GNOME Evolution before 3.35.91. By using th ...) - evolution 3.36.0-1 [buster] - evolution (Minor issue) [stretch] - evolution (Minor issue) [jessie] - evolution (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/evolution/issues/784 NOTE: https://gitlab.gnome.org/GNOME/evolution/-/commit/6489f20d6905cc797e2b2581c415e558c457caa7 CVE-2020-11878 (The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4 ...) - jitsi-meet (bug #760485) CVE-2020-11877 (** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses 342 ...) NOT-FOR-US: Zoom Client for Meetings CVE-2020-11876 (** DISPUTED ** airhost.exe in Zoom Client for Meetings 4.6.11 uses the ...) NOT-FOR-US: Zoom Client for Meetings CVE-2020-11875 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-11874 (An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, ...) NOT-FOR-US: LG mobile devices CVE-2020-11873 (An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, ...) NOT-FOR-US: LG mobile devices CVE-2020-11872 (The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication ...) NOT-FOR-US: OpenTrace CVE-2020-11871 RESERVED CVE-2020-11870 RESERVED CVE-2020-11869 (An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way i ...) - qemu 1:5.0-1 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=ac2071c3791b67fc7af78b8ceb320c01ca1b5df7 NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/2 CVE-2020-11868 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows an off-pat ...) {DLA-2201-1} - ntp 1:4.2.8p14+dfsg-1 [buster] - ntp (Minor issue) [stretch] - ntp (Minor issue) - ntpsec (Doesn't affect ntpsec per upstream, #958027) NOTE: http://support.ntp.org/bin/view/Main/NtpBug3592 NOTE: http://bugs.ntp.org/3592 NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5df73278nIf5dNbaR_vTeCY43_h7Vg NOTE: http://bk.ntp.org/ntp-stable/?PAGE=patch&REV=5deb5269ieF1tee6Mp3UJyZOk8DB-Q NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1716665 NOTE: https://gitlab.com/NTPsec/ntpsec/issues/651 CVE-2020-11867 (Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USE ...) - audacity 2.4.2~dfsg0-4 (bug #976874) [buster] - audacity (Minor issue) [stretch] - audacity (Minor issue) NOTE: https://github.com/audacity/audacity/pull/700 CVE-2020-11866 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-aft ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11865 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bo ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11864 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of ...) - libemf 1.0.12-1 [buster] - libemf (Minor issue) CVE-2020-11862 RESERVED CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...) NOT-FOR-US: Micro Focus CVE-2020-11860 (Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger prod ...) NOT-FOR-US: Micro Focus CVE-2020-11859 RESERVED CVE-2020-11858 (Code execution with escalated privileges vulnerability in Micro Focus ...) NOT-FOR-US: Micro Focus CVE-2020-11857 (An Authorization Bypass vulnerability on Micro Focus Operation Bridge ...) NOT-FOR-US: Micro Focus CVE-2020-11856 (Arbitrary code execution vulnerability on Micro Focus Operation Bridge ...) NOT-FOR-US: Micro Focus CVE-2020-11855 (An Authorization Bypass vulnerability on Micro Focus Operation Bridge ...) NOT-FOR-US: Micro Focus CVE-2020-11854 (Arbitrary code execution vlnerability in Operation bridge Manager, App ...) NOT-FOR-US: Micro Focus CVE-2020-11853 (Arbitrary code execution vulnerability affecting multiple Micro Focus ...) NOT-FOR-US: Micro Focus CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure Messaging ...) NOT-FOR-US: Micro Focus CVE-2020-11851 (Arbitrary code execution vulnerability on Micro Focus ArcSight Logger ...) NOT-FOR-US: Micro Focus CVE-2020-11850 RESERVED CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...) NOT-FOR-US: Micro Focus CVE-2020-11848 (Denial of service vulnerability on Micro Focus ArcSight Management Cen ...) NOT-FOR-US: Micro Focus CVE-2020-11847 RESERVED CVE-2020-11846 RESERVED CVE-2020-11845 (Cross Site Scripting vulnerability in Micro Focus Service Manager prod ...) NOT-FOR-US: Micro Focus CVE-2020-11844 (Incorrect Authorization vulnerability in Micro Focus Container Deploym ...) NOT-FOR-US: Micro Focus CVE-2020-11843 RESERVED CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...) NOT-FOR-US: Micro Focus CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...) NOT-FOR-US: Micro Focus CVE-2020-11840 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...) NOT-FOR-US: Micro Focus CVE-2020-11839 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logge ...) NOT-FOR-US: Micro Focus CVE-2020-11838 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Manag ...) NOT-FOR-US: Micro Focus CVE-2020-11837 RESERVED CVE-2020-11836 (OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions h ...) NOT-FOR-US: OPPO Android Phone CVE-2020-11835 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_d ...) NOT-FOR-US: oppo CVE-2020-11834 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the ...) NOT-FOR-US: oppo CVE-2020-11833 (In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_m ...) NOT-FOR-US: oppo CVE-2020-11832 (In functions charging_limit_current_write and charging_limit_time_writ ...) NOT-FOR-US: oppo CVE-2020-11831 (OvoiceManager has system permission to write vulnerability reports for ...) NOT-FOR-US: OvoiceManager CVE-2020-11830 (QualityProtect has a vulnerability to execute arbitrary system command ...) NOT-FOR-US: QualityProtect CVE-2020-11829 (Dynamic loading of services in the backup and restore SDK leads to ele ...) NOT-FOR-US: com.coloros.codebook (oppo.com) CVE-2020-11828 (In ColorOS (oppo mobile phone operating system, based on AOSP framewor ...) NOT-FOR-US: ColorOS CVE-2020-11827 (In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak fi ...) NOT-FOR-US: GOG Galaxy client CVE-2020-11826 (Users can lock their notes with a password in Memono version 3.8. Thus ...) NOT-FOR-US: Memono CVE-2020-11825 (In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF ...) - dolibarr CVE-2020-11824 RESERVED CVE-2020-11823 (In Dolibarr 10.0.6, if USER_LOGIN_FAILED is active, there is a stored ...) - dolibarr CVE-2020-11822 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the appli ...) NOT-FOR-US: Rukovoditel CVE-2020-11821 (In Rukovoditel 2.5.2, users' passwords and usernames are stored in a c ...) NOT-FOR-US: Rukovoditel CVE-2020-11820 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11819 (In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file lo ...) NOT-FOR-US: Rukovoditel CVE-2020-11818 (In Rukovoditel 2.5.2 has a form_session_token value to prevent CSRF at ...) NOT-FOR-US: Rukovoditel CVE-2020-11817 (In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the s ...) NOT-FOR-US: Rukovoditel CVE-2020-11816 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11815 (In Rukovoditel 2.5.2, attackers can upload arbitrary file to the serve ...) NOT-FOR-US: Rukovoditel CVE-2020-11814 (A Host Header Injection vulnerability in qdPM 9.1 may allow an attacke ...) NOT-FOR-US: qdPM CVE-2020-11813 (In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the confi ...) NOT-FOR-US: Rukovoditel CVE-2020-11812 (Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because ...) NOT-FOR-US: Rukovoditel CVE-2020-11811 (In qdPM 9.1, an attacker can upload a malicious .php file to the serve ...) NOT-FOR-US: qdPM CVE-2020-11810 (An issue was discovered in OpenVPN 2.4.x before 2.4.9. An attacker can ...) - openvpn 2.4.9-1 (low) [buster] - openvpn 2.4.7-1+deb10u1 [stretch] - openvpn (Minor issue) [jessie] - openvpn (Minor issue) NOTE: https://github.com/OpenVPN/openvpn/commit/37bc691e7d26ea4eb61a8a434ebd7a9ae76225ab CVE-2020-11809 RESERVED CVE-2020-11808 RESERVED CVE-2020-11807 (Because of Unrestricted Upload of a File with a Dangerous Type, Source ...) NOT-FOR-US: Sourcefabric Newscoop CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through ...) NOT-FOR-US: MailStore Outlook Add-in CVE-2020-11805 (Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Acc ...) NOT-FOR-US: Pexip Reverse Proxy and TURN Server CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to improper sanit ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11802 RESERVED CVE-2020-11801 RESERVED CVE-2020-11800 (Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote att ...) {DLA-2461-1} - zabbix 1:4.0.0+dfsg-1 NOTE: https://support.zabbix.com/browse/DEV-1538 NOTE: https://support.zabbix.com/browse/ZBX-17600 NOTE: https://support.zabbix.com/browse/ZBXSEC-30 (not public) NOTE: https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/85453e04656fc7bd8a6790f5295d79410101745c CVE-2020-11799 (Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privile ...) NOT-FOR-US: Z-Cron CVE-2020-11798 (A Directory Traversal vulnerability in the web conference component of ...) NOT-FOR-US: Mitel CVE-2020-11797 (An Authentication Bypass vulnerability in the Published Area of the we ...) NOT-FOR-US: Mitel CVE-2020-11796 (In JetBrains Space through 2020-04-22, the password authentication imp ...) NOT-FOR-US: JetBrains Space CVE-2020-11795 (In JetBrains Space through 2020-04-22, the session timeout period was ...) NOT-FOR-US: JetBrains Space CVE-2020-11794 RESERVED CVE-2020-11793 (A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKi ...) {DSA-4658-1} - webkit2gtk 2.28.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.1-1 NOTE: https://webkitgtk.org/security/WSA-2020-0004.html CVE-2020-11792 (NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are ...) NOT-FOR-US: Netgear CVE-2020-11791 (NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS ...) NOT-FOR-US: Netgear CVE-2020-11790 (NETGEAR R7800 devices before 1.0.2.68 are affected by remote code exec ...) NOT-FOR-US: Netgear CVE-2020-11789 (Certain NETGEAR devices are affected by command injection by an unauth ...) NOT-FOR-US: Netgear CVE-2020-11788 (Certain NETGEAR devices are affected by authentication bypass. This af ...) NOT-FOR-US: Netgear CVE-2020-11787 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11786 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11785 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11784 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11783 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11782 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11781 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11780 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11779 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11778 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11777 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11776 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11775 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11774 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11773 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11772 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11771 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11770 (Certain NETGEAR devices are affected by command injection by an authen ...) NOT-FOR-US: Netgear CVE-2020-11769 (Certain NETGEAR devices are affected by stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11768 (Certain NETGEAR devices are affected by Stored XSS. This affects D7800 ...) NOT-FOR-US: Netgear CVE-2020-11767 (Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. I ...) NOT-FOR-US: Istio CVE-2020-11766 (sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web I ...) NOT-FOR-US: iFAX AvantFAX CVE-2020-11765 (An issue was discovered in OpenEXR before 2.4.1. There is an off-by-on ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0) CVE-2020-11764 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/e7c26f6ef5bf7ae8ea21ecf19963186cd1391720 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/a6408c90339bdf19f89476578d7f936b741be9b2 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/6bad53af7eebed507564dd5fc90320e4c6a6c0bc CVE-2020-11763 (An issue was discovered in OpenEXR before 2.4.1. There is an std::vect ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3 CVE-2020-11762 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/3eda5d70aba127bae9bd6bae9956fcf024b64031 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/2ae5f8376b0a6c3e2bb100042f5de79503ba837a NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/7f0c9e256f34cac5a31e9d9cce00ccc898f49f3b (v2.2.0) CVE-2020-11761 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b1c34c496b62117115b1089b18a44e0031800a09 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/801272c9bf8b84a66c62f1e8a4490ece81da6a56 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/43cd3ad47d53356da6ae2e983e47c8313aebf72e NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/ea3349896d4a8a3b523e8f3b830334a85240b1e6 CVE-2020-11760 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Minor issue) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/37750013830def57f19f3c3b7faaa9fc1dae81b3 CVE-2020-11759 (An issue was discovered in OpenEXR before 2.4.1. Because of integer ov ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (Vulnerable code not present) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/b9997d0c045fa01af3d2e46e1a74b07cc4519446 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/acad98d6d3e787f36012a3737c23c42c7f43a00f NOTE: Introduced by https://github.com/AcademySoftwareFoundation/openexr/commit/9f011ae9ce9b1ca03521ff76e7659d34ee830344 (v2.0.0) CVE-2020-11758 (An issue was discovered in OpenEXR before 2.4.1. There is an out-of-bo ...) {DSA-4755-1 DLA-2358-1} [experimental] - openexr 2.5.0-1 - openexr 2.5.3-2 (bug #959444) [jessie] - openexr (SSE support introduced in v2.0) NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1987 NOTE: https://github.com/AcademySoftwareFoundation/openexr/commit/7a52d40ae23c148f27116cb1f6e897b9143b372c CVE-2020-11757 RESERVED CVE-2020-11756 RESERVED CVE-2020-11755 RESERVED CVE-2020-11754 RESERVED CVE-2020-11753 (An issue was discovered in Sonatype Nexus Repository Manager in versio ...) NOT-FOR-US: Sonatype CVE-2020-11752 RESERVED CVE-2020-11751 RESERVED CVE-2020-11750 RESERVED CVE-2020-11749 (Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities ...) NOT-FOR-US: Pandora FMS CVE-2020-11748 RESERVED CVE-2020-11747 REJECTED CVE-2020-11746 RESERVED CVE-2020-11745 RESERVED CVE-2020-11744 RESERVED CVE-2020-11743 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-316.html CVE-2020-11742 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-318.html CVE-2020-11741 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-313.html CVE-2020-11740 (An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-313.html CVE-2020-11739 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) {DSA-4723-1} - xen 4.11.4-1 [stretch] - xen (DSA 4602-1) [jessie] - xen (Not supported in jessie LTS) NOTE: https://xenbits.xen.org/xsa/advisory-314.html CVE-2020-11738 (The Snap Creek Duplicator plugin before 1.3.28 for WordPress (and Dupl ...) NOT-FOR-US: Snap Creek Duplicator plugin for WordPress CVE-2020-11737 (A cross-site scripting (XSS) vulnerability in Web Client in Zimbra 9.0 ...) NOT-FOR-US: Zimbra CVE-2020-11735 (The private-key operations in ecc.c in wolfSSL before 4.4.0 do not use ...) - wolfssl 4.4.0+dfsg-1 NOTE: https://github.com/wolfSSL/wolfssl/commit/1de07da61f0c8e9926dcbd68119f73230dae283f CVE-2020-11736 (fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Dir ...) {DLA-2180-1} - file-roller 3.36.2-1 (bug #956638) [buster] - file-roller 3.30.1-2+deb10u1 [stretch] - file-roller 3.22.3-1+deb9u2 NOTE: https://gitlab.gnome.org/GNOME/file-roller/-/commit/21dfcdbfe258984db89fb65243a1a888924e45a0 CVE-2020-11734 (cgi-bin/go in CyberSolutions CyberMail 5 or later allows XSS via the A ...) NOT-FOR-US: CyberSolutions CyberMail CVE-2020-11733 (An issue was discovered on Spirent TestCenter and Avalanche appliance ...) NOT-FOR-US: Spirent CVE-2020-11732 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2020-11731 (The Media Library Assistant plugin before 2.82 for Wordpress suffers f ...) NOT-FOR-US: Media Library Assistant plugin for WordPress CVE-2020-11730 RESERVED CVE-2020-11729 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...) {DSA-4660-1 DLA-2178-1} - awl 0.61-1 (bug #956650) NOTE: https://gitlab.com/davical-project/awl/-/issues/18 NOTE: https://gitlab.com/davical-project/awl/-/commit/535505c9acd0dda9cf664c38f5f8cb8dd61dc0cd CVE-2020-11728 (An issue was discovered in DAViCal Andrew's Web Libraries (AWL) throug ...) {DSA-4660-1 DLA-2178-1} - awl 0.61-1 (bug #956650) NOTE: https://gitlab.com/davical-project/awl/-/issues/19 NOTE: https://gitlab.com/davical-project/awl/-/commit/c2e808cc2420f8d870ac0a4aa9cc1f2c90562428 CVE-2020-11727 (A cross-site scripting (XSS) vulnerability in the AlgolPlus Advanced O ...) NOT-FOR-US: AlgolPlus CVE-2020-11726 RESERVED CVE-2020-11724 (An issue was discovered in OpenResty before 1.15.8.4. ngx_http_lua_sub ...) {DSA-4750-1 DLA-2283-1} - nginx 1.18.0-5 (bug #964950) NOTE: https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa (ngx_lua 0.10.17, with tests) NOTE: https://github.com/openresty/openresty/commit/4e8b4c395f842a078e429c80dd063b2323999957 (ngx_lua 0.10.15) NOTE: nginx packages include ngx_lua in debian/modules/ CVE-2020-11725 (** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux k ...) - linux (unimportant) NOTE: https://twitter.com/yabbadabbadrew/status/1248632267028582400 NOTE: Disputed security-impact across the kernel community CVE-2020-11723 (Cellebrite UFED 5.0 through 7.29 uses four hardcoded RSA private keys ...) NOT-FOR-US: Cellebrite UFED CVE-2020-11722 (Dungeon Crawl Stone Soup (aka DCSS or crawl) before 0.25 allows remote ...) - crawl 2:0.25.0-1 (bug #958232) [buster] - crawl (Minor issue) [stretch] - crawl (Minor issue) [jessie] - crawl (Minor issue) NOTE: https://dpmendenhall.blogspot.com/2020/03/dungeon-crawl-stone-soup.html NOTE: https://github.com/crawl/crawl/commit/768f60da87a3fa0b5561da5ade9309577c176d04 NOTE: https://github.com/crawl/crawl/commit/fc522ff6eb1bbb85e3de60c60a45762571e48c28 CVE-2020-11721 (load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitiali ...) - libsixel (low; bug #972641) [bullseye] - libsixel (Minor issue) [buster] - libsixel (Minor issue) [stretch] - libsixel (Minor issue) [jessie] - libsixel (Minor issue) NOTE: https://github.com/saitoha/libsixel/issues/134 CVE-2020-11720 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...) NOT-FOR-US: Programi Bilanc CVE-2020-11719 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...) NOT-FOR-US: Programi Bilanc CVE-2020-11718 (An issue was discovered in Programi Bilanc build 007 release 014 31.01 ...) NOT-FOR-US: Programi Bilanc CVE-2020-11717 (An issue was discovered in Programi 014 31.01.2020. It has multiple SQ ...) NOT-FOR-US: Programi CVE-2020-11716 (Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices throu ...) NOT-FOR-US: Panasonic CVE-2020-11715 (Panasonic P99 devices through 2020-04-10 have Incorrect Access Control ...) NOT-FOR-US: Panasonic CVE-2020-11714 (eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Loc ...) NOT-FOR-US: eten PSG-6528VM 1.1 devices CVE-2020-11713 (wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does n ...) - wolfssl 4.4.0+dfsg-1 (bug #960190) NOTE: https://github.com/wolfSSL/wolfssl/pull/2894/ CVE-2020-11712 (Open Upload through 0.4.3 allows XSS via index.php?action=u and the fi ...) NOT-FOR-US: Open Upload CVE-2020-11711 RESERVED CVE-2020-11710 (** DISPUTED ** An issue was discovered in docker-kong (for Kong) throu ...) NOT-FOR-US: docker-kong CVE-2020-11709 (cpp-httplib through 0.5.8 does not filter \r\n in parameters passed in ...) NOT-FOR-US: cpp-httplip NOTE: https://github.com/yhirose/cpp-httplib/issues/425 CVE-2020-11708 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11707 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11706 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11705 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11704 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11703 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11702 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11700 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11699 (An issue was discovered in Titan SpamTitan 7.07. Improper validation o ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11698 (An issue was discovered in Titan SpamTitan 7.07. Improper input saniti ...) NOT-FOR-US: Titan SpamTitan CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a reflective XSS ...) NOT-FOR-US: Combodo iTop CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a stored XS ...) NOT-FOR-US: Combodo iTop CVE-2020-11695 RESERVED CVE-2020-11694 (In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarizatio ...) - pycharm (bug #742394) CVE-2020-11693 (JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-11692 (In JetBrains YouTrack before 2020.1.659, DB export was accessible to r ...) NOT-FOR-US: JetBrains YouTrack CVE-2020-11691 (In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAut ...) NOT-FOR-US: JetBrains Hub CVE-2020-11690 (In JetBrains IntelliJ IDEA before 2020.1, the license server could be ...) - intellij-idea (bug #747616) CVE-2020-11689 (In JetBrains TeamCity before 2019.2.1, a user without appropriate perm ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11688 (In JetBrains TeamCity before 2019.2.1, the application state is kept a ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11687 (In JetBrains TeamCity before 2019.2.2, password values were shown in a ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11686 (In JetBrains TeamCity before 2019.1.4, a project administrator was abl ...) NOT-FOR-US: JetBrains TeamCity CVE-2020-11685 (In JetBrains GoLand before 2019.3.2, the plugin repository was accesse ...) NOT-FOR-US: JetBrains GoLand CVE-2020-11684 (AT91bootstrap before 3.9.2 does not properly wipe encryption and authe ...) NOT-FOR-US: Microchip AT91bootstrap CVE-2020-11683 (A timing side channel was discovered in AT91bootstrap before 3.9.2. It ...) NOT-FOR-US: Microchip AT91bootstrap CVE-2020-11682 (Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11681 (Castel NextGen DVR v1.0.0 stores and displays credentials for the asso ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11680 (Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11679 (Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation throug ...) NOT-FOR-US: Castel NextGen DVR CVE-2020-11678 RESERVED CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). ...) NOT-FOR-US: Cerner medico CVE-2020-11676 (Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3). ...) NOT-FOR-US: Cerner medico CVE-2020-11675 (Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3). ...) NOT-FOR-US: Cerner medico CVE-2020-11674 (Cerner medico 26.00 allows variable reuse, possibly causing data corru ...) NOT-FOR-US: Cerner medico CVE-2020-11673 (An issue was discovered in the Responsive Poll through 1.3.4 for Wordp ...) NOT-FOR-US: Responsive Poll for WordPress CVE-2020-11672 RESERVED CVE-2020-11671 (Lack of authorization controls in REST API functions in TeamPass throu ...) - teampass (bug #730180) CVE-2020-11670 RESERVED CVE-2020-11669 (An issue was discovered in the Linux kernel before 5.2 on the powerpc ...) - linux 5.2.6-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerability introduced later with support for KVM guests on POWER9) [jessie] - linux (Vulnerability introduced later with support for KVM guests on POWER9) NOTE: https://git.kernel.org/linus/53a712bae5dd919521a58d7bad773b949358add0 NOTE: https://www.openwall.com/lists/oss-security/2020/04/15/1 CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 CVE-2020-11667 RESERVED CVE-2020-11666 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11665 (CA API Developer Portal 4.3.1 and earlier handles loginRedirect page r ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11664 (CA API Developer Portal 4.3.1 and earlier handles homeRedirect page re ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11663 (CA API Developer Portal 4.3.1 and earlier handles 404 requests in an i ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11662 (CA API Developer Portal 4.3.1 and earlier handles requests insecurely, ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11661 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11660 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11659 (CA API Developer Portal 4.3.1 and earlier contains an access control f ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11658 (CA API Developer Portal 4.3.1 and earlier handles shared secret keys i ...) NOT-FOR-US: CA API Developer Portal CVE-2020-11657 RESERVED CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) - sqlite3 3.32.0-1 (unimportant) NOTE: https://www.sqlite.org/cgi/src/tktview?name=4722bdab08cb14 NOTE: https://www.sqlite.org/src/info/d09f8c3621d5f7f8 NOTE: https://www.sqlite.org/src/info/b64674919f673602 NOTE: Negliglible security impact (and uncovered in DEBUG build) CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) {DLA-2340-1 DLA-2203-1} - sqlite3 3.31.1-5 [buster] - sqlite3 (Introduced/exploitable in 3.30 with 3251a2031bfd29f338a5fda1a08c18878296d354) NOTE: https://www.sqlite.org/cgi/src/tktview?name=af4556bb5c NOTE: Issue covered before: https://www.sqlite.org/cgi/src/info/712e47714863a8ed NOTE: Fixed by: https://www.sqlite.org/cgi/src/info/4a302b42c7bf5e11 NOTE: https://github.com/sqlite/sqlite/commit/3251a2031bfd29f338a5fda1a08c18878296d354 NOTE: https://github.com/sqlite/sqlite/commit/c415d91007e1680e4eb17def583b202c3c83c718 NOTE: https://github.com/sqlite/sqlite/commit/4db7ab53f9c30e2e22731ace93ab6b18eef6c4ae CVE-2020-11654 RESERVED CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...) - varnish 6.4.0-1 (bug #956307) [buster] - varnish (Can be fixed along in next DSA) [stretch] - varnish (Only affects 6.x) [jessie] - varnish (Only affects 6.x) NOTE: https://varnish-cache.org/security/VSV00005.html#vsv00005 NOTE: https://github.com/varnishcache/varnish-cache/commit/2d8fc1a784a1e26d78c30174923a2b14ee2ebf62 CVE-2020-11652 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...) {DSA-4676-2 DSA-4676-1 DLA-2223-1} - salt 3000.2+dfsg1-1 (bug #959684) NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst NOTE: Fixed by: https://github.com/saltstack/salt/commit/cce7abad9c22d9d50ccee2813acabff8deca35dd CVE-2020-11651 (An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 bef ...) {DSA-4676-2 DSA-4676-1 DLA-2223-1} - salt 3000.2+dfsg1-1 (bug #959684) NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst NOTE: Fixed by: https://github.com/saltstack/salt/commit/a67d76b15615983d467ed81371b38b4a17e4f3b7 NOTE: Followup needed: https://github.com/saltstack/salt/commit/78172bf647473d5c1c2720e72fc12d6f2314d583 NOTE: There is a typo in the whitelisted methods on AESFuncs: NOTE: https://github.com/saltstack/salt/blob/v3000.2_docs/doc/topics/releases/3000.2.rst#known-issue NOTE: Regression bugreport: https://github.com/saltstack/salt/issues/57016 NOTE: https://github.com/saltstack/salt/issues/57027 CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before ...) NOT-FOR-US: FreeNAS CVE-2020-11649 (An issue was discovered in GitLab CE and EE 8.15 through 12.9.2. Membe ...) [experimental] - gitlab 12.9.3+dfsg-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11648 RESERVED CVE-2020-11647 (In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the ...) {DLA-2547-1} - wireshark 3.2.3-1 (low; bug #958213) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (Minor, can be fixed along in a future update) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16474 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f56fc9496db158218243ea87e3660c874a0bab0 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-07.html CVE-2020-11646 (A log information disclosure vulnerability in B&R GateManager 4260 ...) NOT-FOR-US: B&R GateManager CVE-2020-11645 (A denial of service vulnerability in B&R GateManager 4260 and 9250 ...) NOT-FOR-US: B&R GateManager CVE-2020-11644 (The information disclosure vulnerability present in B&R GateManage ...) NOT-FOR-US: B&R GateManager CVE-2020-11643 (An information disclosure vulnerability in B&R GateManager 4260 an ...) NOT-FOR-US: B&R GateManager CVE-2020-11642 (The local file inclusion vulnerability present in B&R SiteManager ...) NOT-FOR-US: B&R SiteManager CVE-2020-11641 (A local file inclusion vulnerability in B&R SiteManager versions & ...) NOT-FOR-US: B&R GateManager CVE-2020-11640 RESERVED CVE-2020-11639 RESERVED CVE-2020-11638 RESERVED CVE-2020-11637 (A memory leak in the TFTP service in B&R Automation Runtime versio ...) NOT-FOR-US: B&R Automation Runtime CVE-2020-11636 RESERVED CVE-2020-11635 (The Zscaler Client Connector prior to 3.1.0 did not sufficiently valid ...) NOT-FOR-US: Zscaler Client Connector CVE-2020-11634 (The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL ...) NOT-FOR-US: Zscaler Client Connector CVE-2020-11633 (The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack ...) NOT-FOR-US: Zscaler Client Connector for Windows CVE-2020-11632 (The Zscaler Client Connector prior to 2.1.2.150 did not quote the sear ...) NOT-FOR-US: Zscaler Client Connector CVE-2020-11631 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11630 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11629 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11628 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11627 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11626 (An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1. ...) NOT-FOR-US: EJBCA / PrimeKey CVE-2020-11625 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) NOT-FOR-US: AvertX CVE-2020-11624 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) NOT-FOR-US: AvertX CVE-2020-11623 (An issue was discovered in AvertX Auto focus Night Vision HD Indoor/Ou ...) NOT-FOR-US: AvertX CVE-2020-11622 (A vulnerability exists in Arista’s Cloud EOS VM / vEOS 4.23.2M a ...) NOT-FOR-US: Cloud EOS CVE-2020-11621 RESERVED CVE-2020-11620 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2682 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11619 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2680 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set-top b ...) NOT-FOR-US: THOMSON CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA ...) NOT-FOR-US: THOMSON CVE-2020-11616 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11615 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...) NOT-FOR-US: Mids' Reborn Hero Designer CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...) NOT-FOR-US: Mids' Reborn Hero Designer CVE-2020-11612 (The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memo ...) {DSA-4885-1 DLA-2364-1} - netty 1:4.1.48-1 [jessie] - netty (OOM DoS with fix/mitigation involving new API; too intrusive to backport due to more limited 3.x buffer API) NOTE: https://github.com/netty/netty/issues/6168 NOTE: https://github.com/netty/netty/pull/9924 NOTE: https://github.com/netty/netty/commit/1543218d3e7afcb33a90b728b14370395a3deca0 CVE-2020-11611 (An issue was discovered in xdLocalStorage through 2.0.5. The buildMess ...) NOT-FOR-US: xdLocalStorage CVE-2020-11610 (An issue was discovered in xdLocalStorage through 2.0.5. The postData( ...) NOT-FOR-US: xdLocalStorage CVE-2020-11609 (An issue was discovered in the stv06xx subsystem in the Linux kernel b ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/485b06aadb933190f4bc44e006076bc27a23f205 CVE-2020-11608 (An issue was discovered in the Linux kernel before 5.6.1. drivers/medi ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/998912346c0da53a6dbb71fab3a138586b596b30 CVE-2020-11607 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11606 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11605 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11604 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11603 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11602 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11601 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11600 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-11599 (An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. Ge ...) NOT-FOR-US: CIPPlanner CVE-2020-11598 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. Upl ...) NOT-FOR-US: CIPPlanner CVE-2020-11597 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11596 (A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Bu ...) NOT-FOR-US: CIPPlanner CVE-2020-11595 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11594 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11593 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11592 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11591 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11590 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11589 (An Insecure Direct Object Reference issue was discovered in CIPPlanner ...) NOT-FOR-US: CIPPlanner CVE-2020-11588 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11587 (An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An ...) NOT-FOR-US: CIPPlanner CVE-2020-11586 (An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. ...) NOT-FOR-US: CIPPlanner CVE-2020-11585 (There is an information disclosure issue in DNN (formerly DotNetNuke) ...) NOT-FOR-US: DNN (formerly DotNetNuke) CVE-2020-11584 (A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows r ...) NOT-FOR-US: Plesk Onyx CVE-2020-11583 (A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allo ...) NOT-FOR-US: Plesk Obsidian CVE-2020-11582 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11581 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11580 (An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) thr ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-11579 (An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. instal ...) NOT-FOR-US: Chadha PHPKB CVE-2020-11578 RESERVED CVE-2020-11577 RESERVED CVE-2020-11576 (Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumerat ...) NOT-FOR-US: Argo CVE-2020-11575 RESERVED CVE-2020-11574 RESERVED CVE-2020-11573 RESERVED CVE-2020-11572 RESERVED CVE-2020-11571 RESERVED CVE-2020-11570 RESERVED CVE-2020-11569 RESERVED CVE-2020-11568 RESERVED CVE-2020-11567 RESERVED CVE-2020-11566 RESERVED CVE-2020-11565 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.6 ...) {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 NOTE: https://git.kernel.org/linus/aa9f7d5172fac9bf1f09e678c35e287a40a7b7dd CVE-2020-11564 RESERVED CVE-2020-11563 RESERVED CVE-2020-11562 RESERVED CVE-2020-11561 (In NCH Express Invoice 7.25, an authenticated low-privilege user can e ...) NOT-FOR-US: NCH Express Invoice CVE-2020-11560 (NCH Express Invoice 7.25 allows local users to discover the cleartext ...) NOT-FOR-US: NCH Express Invoice CVE-2020-11559 RESERVED CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Vulnerable code not present and not reproducible) NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c NOTE: https://github.com/gpac/gpac/issues/1440 CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11555 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11554 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) NOT-FOR-US: Castle Rock SNMPc CVE-2020-11552 (An elevation of privilege vulnerability exists in ManageEngine ADSelfS ...) NOT-FOR-US: ManageEngine CVE-2020-11551 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11550 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11549 (An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on ...) NOT-FOR-US: Netgear CVE-2020-11548 (The Search Meter plugin through 2.13.2 for WordPress allows user input ...) NOT-FOR-US: Search Meter plugin for WordPress CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-11546 (SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution ...) NOT-FOR-US: SuperWebMailer CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to multiple ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...) NOT-FOR-US: Project Worlds Official Car Rental System 1 CVE-2020-11543 (OpsRamp Gateway before 7.0.0 has a backdoor account vadmin with the pa ...) NOT-FOR-US: OpsRamp Gateway CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices CVE-2020-11541 (In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE ...) NOT-FOR-US: TechSmith SnagIt CVE-2020-11540 RESERVED CVE-2020-11539 (An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It ...) NOT-FOR-US: Tata Sonata Smart SF Rush 1.12 devices CVE-2020-11538 (In libImaging/SgiRleDecode.c in Pillow through 7.0.0, a number of out- ...) - pillow 7.2.0-1 (low) [buster] - pillow 5.4.1-2+deb10u2 [stretch] - pillow (Vulnerable code not present) NOTE: https://github.com/python-pillow/Pillow/pull/4504 NOTE: https://github.com/python-pillow/Pillow/pull/4538 CVE-2020-11537 (A SQL Injection issue was discovered in ONLYOFFICE Document Server 5.5 ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11536 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11535 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11534 (An issue was discovered in ONLYOFFICE Document Server 5.5.0. An attack ...) NOT-FOR-US: ONLYOFFICE Document Server CVE-2020-11533 (Ivanti Workspace Control before 10.4.30.0, when SCCM integration is en ...) NOT-FOR-US: Ivanti Workspace Control CVE-2020-11532 (Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin ...) NOT-FOR-US: Zoho ManageEngine DataSecurity Plus CVE-2020-11531 (The DataEngine Xnode Server application in Zoho ManageEngine DataSecur ...) NOT-FOR-US: Zoho ManageEngine DataSecurity Plus CVE-2020-11530 (A blind SQL injection vulnerability is present in Chop Slider 3, a Wor ...) NOT-FOR-US: Chop Slider 3 WordPress plugin CVE-2020-11529 (Common/Grav.php in Grav before 1.7 has an Open Redirect. This is parti ...) NOT-FOR-US: Grav CMS CVE-2020-11528 (bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) ...) NOT-FOR-US: bit2spr CVE-2020-11527 (In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated rem ...) NOT-FOR-US: Zoho CVE-2020-11526 (libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-97jw-m5w5-xvf9 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/192856cb59974ee4d7d3e72cbeafa676aa7565cf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6012 CVE-2020-11525 (libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-r ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9755-fphh-gmjg NOTE: https://github.com/FreeRDP/FreeRDP/commit/0b6b92a25a77d533b8a92d6acc840a81e103684e CVE-2020-11524 (libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2. ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgw8-3mp2-p5qw NOTE: https://github.com/FreeRDP/FreeRDP/commit/7b1d4b49391b4512402840431757703a96946820 CVE-2020-11523 (libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-4qrh-8cp8-4x42 NOTE: https://github.com/FreeRDP/FreeRDP/commit/ce21b9d7ecd967e0bc98ed31a6b3757848aa6c9e CVE-2020-11522 (libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out- ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-48wx-7vgj-fffh NOTE: https://github.com/FreeRDP/FreeRDP/commit/907640a924fa7a9a99c80a48ac225e9d8e41548b CVE-2020-11521 (libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 2.0.0~git20190204.1.2693389a+dfsg1-1+deb10u2 - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5cwc-6wc9-255w NOTE: https://github.com/FreeRDP/FreeRDP/commit/17f547ae11835bb11baa3d045245dc1694866845 CVE-2020-11520 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...) NOT-FOR-US: WinMagic SecureDoc CVE-2020-11519 (The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows ...) NOT-FOR-US: WinMagic SecureDoc CVE-2020-11518 (Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticate ...) NOT-FOR-US: Zoho CVE-2020-11517 RESERVED CVE-2020-11516 (Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for W ...) NOT-FOR-US: Contact Form 7 Datepicker plugin for WordPress CVE-2020-11515 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) NOT-FOR-US: Rank Math plugin for WordPress CVE-2020-11514 (The Rank Math plugin through 1.0.40.2 for WordPress allows unauthentic ...) NOT-FOR-US: Rank Math plugin for WordPress CVE-2020-11513 RESERVED CVE-2020-11512 (Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 ...) NOT-FOR-US: IMPress for IDX Broker WordPress plugin CVE-2020-11511 (The LearnPress plugin before 3.2.6.9 for WordPress allows remote attac ...) NOT-FOR-US: LearnPress plugin for WordPress CVE-2020-11510 RESERVED NOT-FOR-US: LearnPress plugin for WordPress CVE-2020-11509 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) NOT-FOR-US: WP Lead Plus X plugin for WordPress CVE-2020-11508 (An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for Wor ...) NOT-FOR-US: WP Lead Plus X plugin for WordPress CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0. ...) NOT-FOR-US: Malwarebytes AdwCleaner CVE-2020-11506 (An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A W ...) [experimental] - gitlab 12.9.3+dfsg-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11505 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) - gitlab (Only affects GitLab EE 12.8.0 and later) NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11504 RESERVED CVE-2020-11503 (A heap-based buffer overflow in the awarrensmtp component of Sophos XG ...) NOT-FOR-US: Sophos CVE-2020-11502 RESERVED CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...) NOT-FOR-US: Zoom CVE-2020-11499 (Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when upd ...) NOT-FOR-US: Firmware Analysis and Comparison Tool CVE-2020-11498 (Slack Nebula through 1.1.0 contains a relative path vulnerability that ...) NOT-FOR-US: Slack Nebula CVE-2020-11497 (An issue was discovered in the NAB Transact extension 2.1.0 for the Wo ...) NOT-FOR-US: NAB Transact extension 2.1.0 for the WooCommerce plugin for WordPress CVE-2020-11496 (Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers ...) NOT-FOR-US: Sprecher SPRECON-E firmware CVE-2020-11495 REJECTED CVE-2020-11494 (An issue was discovered in slc_bump in drivers/net/can/slcan.c in the ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.17-1 [buster] - linux 4.19.118-1 NOTE: https://lore.kernel.org/netdev/20200401100639.20199-1-rpalethorpe@suse.com/ CVE-2020-11493 (In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9. ...) NOT-FOR-US: Foxit CVE-2020-11492 (An issue was discovered in Docker Desktop through 2.2.0.5 on Windows. ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticat ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...) NOT-FOR-US: Zen Load Balancer CVE-2020-11489 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11488 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11487 (NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11486 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11485 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11484 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11483 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) NOT-FOR-US: NVIDIA DGX servers CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...) {DSA-4652-1} - gnutls28 3.6.13-2 (bug #955556) [stretch] - gnutls28 (Vulnerable code introduced later) [jessie] - gnutls28 (Vulnerable code introduced later) NOTE: https://gitlab.com/gnutls/gnutls/-/issues/960 NOTE: https://www.gnutls.org/security-new.html#GNUTLS-SA-2020-03-31 NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/-/commit/c01011c2d8533dbbbe754e49e256c109cb848d0d (3.6.13) NOTE: Broken-by: https://gitlab.com/gnutls/gnutls/-/commit/bcf4de0371efbdf0846388e2df0cb14b5db09954 (gnutls_3_6_3) CVE-2020-11482 RESERVED CVE-2020-11481 RESERVED CVE-2020-11480 RESERVED CVE-2020-11479 RESERVED CVE-2020-11478 RESERVED CVE-2020-11477 RESERVED CVE-2020-11476 (Concrete5 before 8.5.3 allows Unrestricted Upload of File with Dangero ...) NOT-FOR-US: Concrete5 CVE-2020-11475 RESERVED CVE-2020-11474 (NCP Secure Enterprise Client before 10.15 r47589 allows a symbolic lin ...) NOT-FOR-US: NCP Secure Enterprise Client CVE-2020-11473 RESERVED CVE-2020-11472 RESERVED CVE-2020-11471 RESERVED CVE-2020-11470 (Zoom Client for Meetings through 4.6.8 on macOS has the disable-librar ...) NOT-FOR-US: Zoom CVE-2020-11469 (Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to ...) NOT-FOR-US: Zoom CVE-2020-11468 RESERVED CVE-2020-11467 (An issue was discovered in Deskpro before 2019.8.0. This product enabl ...) NOT-FOR-US: Deskpro CVE-2020-11466 (An issue was discovered in Deskpro before 2019.8.0. The /api/tickets e ...) NOT-FOR-US: Deskpro CVE-2020-11465 (An issue was discovered in Deskpro before 2019.8.0. The /api/apps/* en ...) NOT-FOR-US: Deskpro CVE-2020-11464 (An issue was discovered in Deskpro before 2019.8.0. The /api/people en ...) NOT-FOR-US: Deskpro CVE-2020-11463 (An issue was discovered in Deskpro before 2019.8.0. The /api/email_acc ...) NOT-FOR-US: Deskpro CVE-2020-11462 (An issue was discovered in OpenVPN Access Server before 2.7.0 and 2.8. ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-11461 RESERVED CVE-2020-11460 RESERVED CVE-2020-11459 RESERVED CVE-2020-11458 (app/Model/feed.php in MISP before 2.4.124 allows administrators to cho ...) NOT-FOR-US: MISP CVE-2020-11457 (pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php ...) NOT-FOR-US: pfSense CVE-2020-11456 (LimeSurvey before 4.1.12+200324 has stored XSS in application/views/ad ...) - limesurvey (bug #472802) CVE-2020-11455 (LimeSurvey before 4.1.12+200324 contains a path traversal vulnerabilit ...) - limesurvey (bug #472802) CVE-2020-11454 (Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Contain ...) NOT-FOR-US: Microstrategy Web CVE-2020-11453 (** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Req ...) NOT-FOR-US: Microstrategy Web CVE-2020-11452 (Microstrategy Web 10.4 includes functionality to allow users to import ...) NOT-FOR-US: Microstrategy Web CVE-2020-11451 (The Upload Visualization plugin in the Microstrategy Web 10.4 admin pa ...) NOT-FOR-US: Microstrategy Web CVE-2020-11450 (Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture ...) NOT-FOR-US: Microstrategy Web CVE-2020-11449 (An issue was discovered on Technicolor TC7337 8.89.17 devices. An atta ...) NOT-FOR-US: Technicolor devices CVE-2020-11448 RESERVED CVE-2020-11447 RESERVED CVE-2020-11446 (ESET Antivirus and Antispyware Module module 1553 through 1560 allows ...) NOT-FOR-US: ESET CVE-2020-11445 (TP-Link cloud cameras through 2020-02-09 allow remote attackers to byp ...) NOT-FOR-US: TP-Link CVE-2020-11444 (Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has I ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-11443 (The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to ver ...) NOT-FOR-US: Zoom CVE-2020-11442 RESERVED CVE-2020-11441 (** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated ...) - phpmyadmin (unimportant) [jessie] - phpmyadmin (The pma_error display code does not exist in this version) NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/16056 NOTE: Not considered a security issue CVE-2020-11440 (httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no ...) NOT-FOR-US: Wind River CVE-2020-11439 (LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue all ...) NOT-FOR-US: LibreHealth EMR CVE-2020-11438 (LibreHealth EMR v2.0.0 is affected by systemic CSRF. ...) NOT-FOR-US: LibreHealth EMR CVE-2020-11437 (LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privi ...) NOT-FOR-US: LibreHealth EMR CVE-2020-11436 (LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the abilit ...) NOT-FOR-US: LibreHealth EMR CVE-2020-11435 RESERVED CVE-2020-11434 RESERVED CVE-2020-11433 RESERVED CVE-2020-11432 RESERVED CVE-2020-11431 (The documentation component in i-net Clear Reports 16.0 to 19.2, HelpD ...) NOT-FOR-US: i-net CVE-2020-11430 RESERVED CVE-2020-11429 RESERVED CVE-2020-11428 RESERVED CVE-2020-11427 RESERVED CVE-2020-11426 RESERVED CVE-2020-11425 RESERVED CVE-2020-11424 RESERVED CVE-2020-11423 RESERVED CVE-2020-11422 RESERVED CVE-2020-11421 RESERVED CVE-2020-11420 (UPS Adapter CS141 before 1.90 allows Directory Traversal. An attacker ...) NOT-FOR-US: UPS Adapter CS141 CVE-2020-11419 RESERVED CVE-2020-11418 RESERVED CVE-2020-11417 RESERVED CVE-2020-11416 (JetBrains Space through 2020-04-22 allows stored XSS in Chats. ...) NOT-FOR-US: JetBrains Space CVE-2020-11415 (An issue was discovered in Sonatype Nexus Repository Manager 2.x befor ...) NOT-FOR-US: Sonatype Nexus Repository Manager CVE-2020-11414 (An issue was discovered in Progress Telerik UI for Silverlight before ...) NOT-FOR-US: Progress Telerik UI CVE-2020-11413 RESERVED CVE-2020-11412 RESERVED CVE-2020-11411 RESERVED CVE-2020-11410 RESERVED CVE-2020-11409 RESERVED CVE-2020-11408 RESERVED CVE-2020-11407 RESERVED CVE-2020-11406 RESERVED CVE-2020-11405 RESERVED CVE-2020-11404 RESERVED CVE-2020-11403 RESERVED CVE-2020-11402 RESERVED CVE-2020-11401 RESERVED CVE-2020-11400 RESERVED CVE-2020-11399 RESERVED CVE-2020-11398 RESERVED CVE-2020-11397 RESERVED CVE-2020-11396 RESERVED CVE-2020-11395 RESERVED CVE-2020-11394 RESERVED CVE-2020-11393 RESERVED CVE-2020-11392 RESERVED CVE-2020-11391 RESERVED CVE-2020-11390 RESERVED CVE-2020-11389 RESERVED CVE-2020-11388 RESERVED CVE-2020-11387 RESERVED CVE-2020-11386 RESERVED CVE-2020-11385 RESERVED CVE-2020-11384 RESERVED CVE-2020-11383 RESERVED CVE-2020-11382 RESERVED CVE-2020-11381 RESERVED CVE-2020-11380 RESERVED CVE-2020-11379 RESERVED CVE-2020-11378 RESERVED CVE-2020-11377 RESERVED CVE-2020-11376 RESERVED CVE-2020-11375 RESERVED CVE-2020-11374 RESERVED CVE-2020-11373 RESERVED CVE-2020-11372 RESERVED CVE-2020-11371 RESERVED CVE-2020-11370 RESERVED CVE-2020-11369 RESERVED CVE-2020-11368 RESERVED CVE-2020-11367 RESERVED CVE-2020-11366 RESERVED CVE-2020-11365 RESERVED CVE-2020-11364 RESERVED CVE-2020-11363 RESERVED CVE-2020-11362 RESERVED CVE-2020-11361 RESERVED CVE-2020-11360 RESERVED CVE-2020-11359 RESERVED CVE-2020-11358 RESERVED CVE-2020-11357 RESERVED CVE-2020-11356 RESERVED CVE-2020-11355 RESERVED CVE-2020-11354 RESERVED CVE-2020-11353 RESERVED CVE-2020-11352 RESERVED CVE-2020-11351 RESERVED CVE-2020-11350 RESERVED CVE-2020-11349 RESERVED CVE-2020-11348 RESERVED CVE-2020-11347 RESERVED CVE-2020-11346 RESERVED CVE-2020-11345 RESERVED CVE-2020-11344 RESERVED CVE-2020-11343 RESERVED CVE-2020-11342 RESERVED CVE-2020-11341 RESERVED CVE-2020-11340 RESERVED CVE-2020-11339 RESERVED CVE-2020-11338 RESERVED CVE-2020-11337 RESERVED CVE-2020-11336 RESERVED CVE-2020-11335 RESERVED CVE-2020-11334 RESERVED CVE-2020-11333 RESERVED CVE-2020-11332 RESERVED CVE-2020-11331 RESERVED CVE-2020-11330 RESERVED CVE-2020-11329 RESERVED CVE-2020-11328 RESERVED CVE-2020-11327 RESERVED CVE-2020-11326 RESERVED CVE-2020-11325 RESERVED CVE-2020-11324 RESERVED CVE-2020-11323 RESERVED CVE-2020-11322 RESERVED CVE-2020-11321 RESERVED CVE-2020-11320 RESERVED CVE-2020-11319 RESERVED CVE-2020-11318 RESERVED CVE-2020-11317 RESERVED CVE-2020-11316 RESERVED CVE-2020-11315 RESERVED CVE-2020-11314 RESERVED CVE-2020-11313 RESERVED CVE-2020-11312 RESERVED CVE-2020-11311 RESERVED CVE-2020-11310 RESERVED CVE-2020-11309 (Use after free in GPU driver while mapping the user memory to GPU memo ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11308 (Buffer overflow occurs when trying to convert ASCII string to Unicode ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11307 (Buffer overflow in modem due to improper array index check before copy ...) NOT-FOR-US: Snapdragon CVE-2020-11306 (Possible integer overflow in RPMB counter due to lack of length check ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11305 (Integer overflow in boot due to improper length check on arguments rec ...) NOT-FOR-US: Snapdragon CVE-2020-11304 (Possible out of bound read in DRM due to improper buffer length check. ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11303 (Accepting AMSDU frames with mismatched destination and source address ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11302 RESERVED CVE-2020-11301 (Improper authentication of un-encrypted plaintext Wi-Fi frames in an e ...) NOT-FOR-US: Qualcomm WIGIG chipsets CVE-2020-11300 RESERVED CVE-2020-11299 (Buffer overflow can occur in video while playing the non-standard clip ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11298 (While waiting for a response to a callback or listener request, non-se ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11297 (Denial of service in WLAN module due to improper check of subtypes in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11296 (Arithmetic overflow can happen while processing NOA IE due to improper ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11295 (Use after free in camera If the threadmanager is being cleaned up whil ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11294 (Out of bound write in logger due to prefix size is not validated while ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11293 (Out of bound read can happen in Widevine TA while copying data to buff ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11292 (Possible buffer overflow in voice service due to lack of input validat ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11291 (Possible buffer overflow while updating ikev2 parameters for delete pa ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11290 (Use after free condition in msm ioctl events due to race between the i ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11289 (Out of bound write can occur in TZ command handler due to lack of vali ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11288 (Out of bound write can occur in playready while processing command due ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11287 (Allowing RTT frames to be linked with non randomized MAC address by co ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11286 (An Untrusted Pointer Dereference can occur while doing USB control tra ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11285 (Buffer over-read while unpacking the RTCP packet we may read extra byt ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11284 (Locked memory can be unlocked and modified by non secure boot loader t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11283 (A buffer overflow can occur when playing an MKV clip due to lack of in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11282 (Improper access control when using mmap with the kgsl driver with a sp ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11281 (Allowing RTT frames to be linked with non randomized MAC address by co ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11280 (Denial of service while processing fine timing measurement request (FT ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11279 (Memory corruption while processing crafted SDES packets due to imprope ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11278 (Possible denial of service while handling host WMI command due to impr ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11277 (Possible race condition during async fastrpc session after sending RPC ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11276 (Possible buffer over read while processing P2P IE and NOA attribute of ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11275 (Possible buffer over-read while parsing quiet IE in Rx beacon frame du ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11274 (Denial of service in MODEM due to assert to the invalid configuration ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11273 (Histogram type KPI was teardown with the assumption of the existence o ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11272 (Before enqueuing a frame to the PE queue for further processing, an en ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11271 (Possible out of bounds while accessing global control elements due to ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11270 (Possible denial of service due to RTT responder consistently rejects a ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11269 (Possible memory corruption while processing EAPOL frames due to lack o ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11268 (Potential UE reset while decoding a crafted Sib1 or SIB1 that schedule ...) NOT-FOR-US: Snapdragon CVE-2020-11267 (Stack out-of-bounds write occurs while setting up a cipher device if t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11266 (Image address is dereferenced before validating its range which can ca ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11265 (Information disclosure issue due to lack of validation of pointer argu ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11264 (Improper authentication of Non-EAPOL/WAPI plaintext frames during four ...) NOT-FOR-US: Qualcomm WLAN Windows Host CVE-2020-11263 RESERVED CVE-2020-11262 (A race between command submission and destroying the context can cause ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11261 (Memory corruption due to improper check to return error when user appl ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11260 (An improper free of uninitialized memory can occur in DIAG services in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11259 (Memory corruption due to lack of validation of pointer arguments passe ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11258 (Memory corruption due to lack of validation of pointer arguments passe ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11257 (Memory corruption due to lack of validation of pointer arguments passe ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11256 (Memory corruption due to lack of check of validation of pointer to buf ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11255 (Denial of service while processing RTCP packets containing multiple SD ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11254 (Memory corruption during buffer allocation due to dereferencing sessio ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11253 (Arbitrary memory write issue in video driver while setting the interna ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11252 (Trustzone initialization code will disable xPU`s when memory dumps are ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11251 (Out-of-bounds read vulnerability while accessing DTMF payload due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11250 (Use after free due to race condition when reopening the device driver ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11249 RESERVED CVE-2020-11248 RESERVED CVE-2020-11247 (Out of bound memory read while unpacking data due to lack of offset le ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11246 (A double free condition can occur when the device moves to suspend mod ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11245 (Unintended reads and writes by NS EL2 in access control driver due to ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11244 RESERVED CVE-2020-11243 (RRC sends a connection establishment success to NAS even though connec ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11242 (User could gain access to secure memory due to incorrect argument into ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11241 (Out of bound read will happen if EAPOL Key length is less than expecte ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11240 (Memory corruption due to ioctl command size was incorrectly set to the ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11239 (Use after free issue when importing a DMA buffer by using the CPU addr ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11238 (Possible Buffer over-read in ARP/NS parsing due to lack of check of pa ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11237 (Memory crash when accessing histogram type KPI input received due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11236 (Memory corruption due to invalid value of total dimension in the non-h ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11235 (Buffer overflow might occur while parsing unified command due to lack ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11234 (When sending a socket event message to a user application, invalid inf ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11233 (Time-of-check time-of-use race condition While processing partition en ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11232 RESERVED CVE-2020-11231 (Two threads call one or both functions concurrently leading to corrupt ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11230 (Potential arbitrary memory corruption when the qseecom driver updates ...) NOT-FOR-US: Snapdragon CVE-2020-11229 RESERVED CVE-2020-11228 (Part of RPM region was not protected from xblSec itself due to imprope ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11227 (Out of bound write while parsing RTT/TTY packet parsing due to lack of ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11226 (Out of bound memory read in Data modem while unpacking data due to lac ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11225 (Out of bound access in WLAN driver due to lack of validation of array ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11224 RESERVED CVE-2020-11223 (Out of bound in camera driver due to lack of check of validation of ar ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11222 (Buffer over read while processing MT SMS with maximum length due to im ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11221 (Usage of syscall by non-secure entity can allow extraction of secure Q ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11220 (While processing storage SCM commands there is a time of check or time ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11219 RESERVED CVE-2020-11218 (Denial of service in baseband when NW configures LTE betaOffset-RI-Ind ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11217 (A possible double free or invalid memory access in audio driver while ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11216 (Buffer over read can happen in video driver when playing clip with ato ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11215 (An out of bounds read can happen when processing VSA attribute due to ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11214 (Buffer over-read while processing NDL attribute if attribute length is ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11213 (Out of bound reads might occur in while processing Service descriptor ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11212 (Out of bounds reads while parsing NAN beacons attributes and OUIs due ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11211 RESERVED CVE-2020-11210 (Possible memory corruption in RPM region due to improper XPU configura ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11209 (Improper authorization in DSP process could allow unauthorized users t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11208 (Out of Bound issue in DSP services while processing received arguments ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11207 (Buffer overflow in LibFastCV library due to improper size checks with ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11206 (Possible buffer overflow in Fastrpc while handling received parameters ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11205 (u'Possible integer overflow to heap overflow while processing command ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11204 (Possible memory corruption and information leakage in sub-system due t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11203 (Stack overflow may occur if GSM/WCDMA broadcast config size received f ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11202 (Buffer overflow/underflow occurs when typecasting the buffer passed by ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11201 (Arbitrary access to DSP memory due to improper check in loaded library ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11200 (Buffer over-read while parsing RPS due to lack of check of input valid ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11199 (HLOS to access EL3 stack canary by just mapping imem region due to Imp ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11198 (Key material used for TZ diag buffer encryption and other data related ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11197 (Possible integer overflow can occur when stream info update is called ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11196 (u'Integer overflow to buffer overflow occurs while playback of ASF cli ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11195 (Out of bound write and read in TA while processing command from NS sid ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11194 (Possible out of bound access in TA while processing a command from NS ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11193 (u'Buffer over read can happen while parsing mkv clip due to improper t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11192 (Out of bound write while parsing SDP string due to missing check on nu ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11191 (Out of bound read occurs while processing crafted SDP due to lack of c ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11190 (Buffer over-read can happen while parsing received SDP values due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11189 (Buffer over-read can happen while parsing received SDP values due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11188 (Buffer over-read can happen while parsing received SDP values due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11187 (Possible memory corruption in BSI module due to improper validation of ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11186 (Modem will enter into busy mode in an infinite loop while parsing hist ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11185 (Out of bound issue in WLAN driver while processing vdev responses from ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11184 (u'Possible buffer overflow will occur in video while parsing mp4 clip ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11183 (A process can potentially cause a buffer overflow in the display servi ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11182 (Possible heap overflow while parsing NAL header due to lack of check o ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11181 (Out of bound access issue while handling cvp process control command d ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11180 (Out of bound access in computer vision control due to improper validat ...) NOT-FOR-US: Snapdragon CVE-2020-11179 (Arbitrary read and write to kernel addresses by temporarily overwritin ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11178 (Trusted APPS to overwrite the CPZ memory of another use-case as TZ onl ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11177 (User can overwrite Security Code NV item without knowing current SPC d ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11176 (While processing server certificate from IPSec server, certificate val ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11175 (u'Use after free issue in Bluetooth transport driver when a method in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11174 (u'Array index underflow issue in adsp driver due to improper check of ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11173 (u'Two threads running simultaneously from user space can lead to race ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11172 (u'fscanf reads a string from a file and stores its contents on a stati ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11171 (Buffer over-read can happen while parsing received SDP values due to l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11170 (Out of bound memory access while playing music playbacks with crafted ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11169 (u'Buffer over-read while processing received L2CAP packet due to lack ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11168 (u'Null-pointer dereference can occur while accessing data buffer beyon ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11167 (Memory corruption while calculating L2CAP packet length in reassembly ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11166 (Potential out of bound read exception when UE receives unusually large ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11165 (Memory corruption due to buffer overflow while copying the message pro ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11164 (u'Third-party app may also call the broadcasts in Perfdump and cause p ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11163 (Possible buffer overflow while updating ikev2 parameters due to lack o ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11162 (u'Possible buffer overflow in MHI driver due to lack of input paramete ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11161 (Out-of-bounds memory access can occur while calculating alignment requ ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11160 (Resource leakage issue during dci client registration due to reference ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11159 (Buffer over-read can happen while processing WPA,RSN IE of beacon and ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11158 (u'Null pointer dereference in HP OfficeJet Pro 8210 jbig2 filter due t ...) NOT-FOR-US: Qualcomm CVE-2020-11157 (u'Lack of handling unexpected control messages while encryption was in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11156 (u'Buffer over-read issue in Bluetooth estack due to lack of check for ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11155 (u'Buffer overflow while processing PDU packet in bluetooth due to lack ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11154 (u'Buffer overflow while processing a crafted PDU data packet in blueto ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11153 (u'Out of bound memory access while processing GATT data received due t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11152 (Race condition in HAL layer while processing callback objects received ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11151 (Race condition occurs while calling user space ioctl from two differen ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11150 (Out of bound memory access in camera driver due to improper validation ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11149 (Out of bound access due to usage of an out-of-range pointer offset in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11148 (Use after free issue in HIDL while using callback to post event in Rx ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11147 (Use after free issue in audio modules while removing and freeing objec ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11146 (Out of bound write while copying data using IOCTL due to lack of check ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11145 (Divide by zero issue can happen while updating delta extension header ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11144 (Buffer over-read while UE process invalid DL ROHC packet for decompres ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11143 (Out of bound memory access during music playback with modified content ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11142 RESERVED CVE-2020-11141 (u'Buffer over-read issue in Bluetooth estack due to lack of check for ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11140 (Out of bound memory access during music playback with ALAC modified co ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11139 (Out of bound memory access while processing frames due to lack of chec ...) NOT-FOR-US: Snapdragon CVE-2020-11138 (Uninitialized pointers accessed during music play back with incorrect ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11137 (Integer multiplication overflow resulting in lower buffer size allocat ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11136 (Buffer Over-read in audio driver while using malloc management functio ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11135 (u'Reachable assertion when wrong data size is returned by parser for a ...) NOT-FOR-US: Snapdragon CVE-2020-11134 (Possible stack out of bound write might happen due to time bitmap leng ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11133 (u'Possible out of bound array write in rxdco cal utility due to lack o ...) NOT-FOR-US: Snapdragon CVE-2020-11132 (u'Buffer over read in boot due to size check ignored before copying GU ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11131 (u'Possible buffer overflow in WMA message processing due to integer ov ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11130 (u'Possible buffer overflow in WIFI hal process due to copying data wit ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11129 (u'During the error occurrence in capture request, the buffer is freed ...) NOT-FOR-US: Snapdragon CVE-2020-11128 (u'Possible out of bound access while copying the mask file content int ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11127 (u'Integer overflow can cause a buffer overflow due to lack of table le ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11126 (Possible out of bound read while WLAN frame parsing due to lack of che ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11125 (u'Out of bound access can happen in MHI command process due to lack of ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11124 (u'Possible use-after-free while accessing diag client map table since ...) NOT-FOR-US: Snapdragon CVE-2020-11123 (u'information disclosure in gatekeeper trustzone implementation as the ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11122 (u'Null Pointer exception while playing crafted mkv file as data stream ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11121 (u'Possible buffer overflow in WIFI hal process due to usage of memcpy ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11120 (u'Calling thread may free the data buffer pointer that was passed to t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11119 (Buffer over-read can happen when the buffer length received from respo ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11118 (u'Information exposure issues while processing IE header due to improp ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11117 (u'In the lbd service, an external user can issue a specially crafted d ...) NOT-FOR-US: Snapdragon CVE-2020-11116 (u'Possible out of bound write while processing association response re ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11115 (u'Buffer over read occurs while processing information element from be ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-11114 (u'Bluetooth devices does not properly restrict the L2CAP payload lengt ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-5291 (Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode a ...) - bubblewrap 0.4.1-1 (low; bug #955441) [buster] - bubblewrap (Introduced in 0.4.0) [stretch] - bubblewrap (Introduced in 0.4.0) NOTE: https://github.com/containers/bubblewrap/security/advisories/GHSA-j2qp-rvxj-43vj NOTE: https://github.com/containers/bubblewrap/commit/1f7e2ad948c051054b683461885a0215f1806240 CVE-2020-11113 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2670 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11112 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2666 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11111 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2664 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-11110 (Grafana through 6.7.1 allows stored XSS due to insufficient input prot ...) - grafana CVE-2020-11109 RESERVED CVE-2020-11108 (The Gravity updater in Pi-hole through 4.4 allows an authenticated adv ...) NOT-FOR-US: Pi-hole CVE-2020-11107 (An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , ...) NOT-FOR-US: XAMPP CVE-2020-11106 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) NOT-FOR-US: Responsive Filemanager CVE-2020-11105 (An issue was discovered in USC iLab cereal through 1.3.0. It employs c ...) NOT-FOR-US: USC iLab cereal CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serializatio ...) NOT-FOR-US: USC iLab cereal CVE-2020-11103 (JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, ...) NOT-FOR-US: Webswing CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ...) - qemu 1:4.2-4 (bug #956145) [buster] - qemu (Vulnerable code/Tulip NIC emulator added later) [stretch] - qemu (Vulnerable code/Tulip NIC emulator added later) [jessie] - qemu (Vulnerable code/Tulip NIC emulator added later) - qemu-kvm (Vulnerable code/Tulip NIC emulator added later) NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1 NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=8ffb7265af64ec81748335ec8f20e7ab542c3850 (v5.0.0-rc1) CVE-2020-11101 RESERVED CVE-2020-11100 (In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 ...) {DSA-4649-1} - haproxy 2.0.13-2 [stretch] - haproxy (Vulnerable code introduced in 1.8) [jessie] - haproxy (Vulnerable code introduced in 1.8) NOTE: https://git.haproxy.org/?p=haproxy-2.1.git;a=commit;h=f17f86304f187b0f10ca6a8d46346afd9851a543 CVE-2020-11099 (In FreeRDP before version 2.1.2, there is an out of bounds read in lic ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-977w-866x-4v5h CVE-2020-11098 (In FreeRDP before version 2.1.2, there is an out-of-bound read in glyp ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-jr57-f58x-hjmv CVE-2020-11097 (In FreeRDP before version 2.1.2, an out of bounds read occurs resultin ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-c8x2-c3c9-9r3f CVE-2020-11096 (In FreeRDP before version 2.1.2, there is a global OOB read in update_ ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mjw7-3mq2-996x CVE-2020-11095 (In FreeRDP before version 2.1.2, an out of bound reads occurs resultin ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-563r-pvh7-4fw2 CVE-2020-11094 (The October CMS debugbar plugin before version 3.1.0 contains a featur ...) NOT-FOR-US: October CMS CVE-2020-11093 (Hyperledger Indy Node is the server portion of a distributed ledger pu ...) NOT-FOR-US: Hyperledger Indy Node CVE-2020-11092 RESERVED CVE-2020-11091 (In Weave Net before version 2.6.3, an attacker able to run a process a ...) NOT-FOR-US: Weave Net CVE-2020-11090 (In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vul ...) NOT-FOR-US: Indy Node CVE-2020-11089 (In FreeRDP before 2.1.0, there is an out-of-bound read in irp function ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hfc7-c5gv-8c2h CVE-2020-11088 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-xh4f-fh87-43hp CVE-2020-11087 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-84vj-g73m-chw7 CVE-2020-11086 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fg8v-w34r-c974 CVE-2020-11085 (In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_rea ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-2j4w-v45m-95hf CVE-2020-11084 (In iPear, the manual execution of the eval() function can lead to comm ...) NOT-FOR-US: iPear CVE-2020-11083 (In October from version 1.0.319 and before version 1.0.466, a user wit ...) NOT-FOR-US: October CMS CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would allow an ...) {DSA-5005-1 DLA-2763-1} - ruby-kaminari 1.0.1-6 (bug #961847) [jessie] - ruby-kaminari (No reverse dependency) NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433 NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8 CVE-2020-11081 (osquery before version 4.4.0 enables a privilege escalation vulnerabil ...) - osquery (bug #803502) CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...) {DSA-4696-1 DLA-2786-1} - nghttp2 1.41.0-1 [buster] - nghttp2 (Minor issue) - nodejs 10.21.0~dfsg-1 (bug #962145) [stretch] - nodejs (Nodejs in stretch not covered by security support) [jessie] - nodejs (Nodejs in jessie not covered by security support) NOTE: https://github.com/nghttp2/nghttp2/security/advisories/GHSA-q5wr-xfw9-q7xr NOTE: https://github.com/nghttp2/nghttp2/commit/336a98feb0d56b9ac54e12736b18785c27f75090 (v1.41.0) NOTE: https://github.com/nghttp2/nghttp2/commit/f8da73bd042f810f34d19f9eae02b46d870af394 (v1.41.0) NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#http-2-large-settings-frame-dos-low-cve-2020-11080 CVE-2020-11079 (node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of ...) NOT-FOR-US: dns-sync nodejs module CVE-2020-11078 (In httplib2 before version 0.18.0, an attacker controlling unescaped p ...) {DLA-2232-1} - python-httplib2 0.18.1-1 [buster] - python-httplib2 (Minor issue) [stretch] - python-httplib2 (Minor issue) NOTE: https://github.com/httplib2/httplib2/security/advisories/GHSA-gg84-qgv9-w4pq NOTE: https://github.com/httplib2/httplib2/commit/a1457cc31f3206cf691d11d2bf34e98865873e9e CVE-2020-11077 (In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a re ...) {DLA-2398-1} - puma 4.3.6-1 (bug #972102) [buster] - puma 3.12.0-2+deb10u2 NOTE: https://github.com/puma/puma/security/advisories/GHSA-w64w-qqph-5gxm CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle a ...) {DLA-2398-1} - puma 4.3.6-1 (bug #972102) [buster] - puma 3.12.0-2+deb10u2 NOTE: https://github.com/puma/puma/security/advisories/GHSA-x7jg-6pwg-fx5h NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...) NOT-FOR-US: Anchore Engine CVE-2020-11074 (In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there i ...) NOT-FOR-US: PrestaShop CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...) NOT-FOR-US: zsh-autoswitch-virtualenv CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1, users ...) NOT-FOR-US: Node slp-validate CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability w ...) NOT-FOR-US: Node slpjs CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulne ...) NOT-FOR-US: TYPO3 CVE-2020-11069 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...) NOT-FOR-US: TYPO3 CVE-2020-11068 (In LoRaMac-node before 4.4.4, a reception buffer overflow can happen d ...) NOT-FOR-US: LoRaMac-node CVE-2020-11067 (In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has be ...) NOT-FOR-US: TYPO3 CVE-2020-11066 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...) NOT-FOR-US: TYPO3 CVE-2020-11065 (In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and ...) NOT-FOR-US: TYPO3 CVE-2020-11064 (In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and g ...) NOT-FOR-US: TYPO3 CVE-2020-11063 (In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that t ...) NOT-FOR-US: TYPO3 CVE-2020-11062 (In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3xxh-f5p2-jg3h NOTE: https://github.com/glpi-project/glpi/commit/5e1c52c5e8a30ceb4e9572964da7ed89ddfb1aaf NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11061 (In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and ...) {DLA-2353-1} - bacula 9.6.5-1 [buster] - bacula 9.4.2-2+deb10u1 - bareos (bug #968957) [buster] - bareos (Minor issue; can be fixed via point release) [stretch] - bareos (minor issue, low priority) NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4 NOTE: https://bugs.bareos.org/view.php?id=1210 NOTE: https://github.com/bareos/bareos/commit/86c6fa479a21a1464366babb74e6cf33770ed7ae (master) NOTE: https://www.bacula.org/git/cgit.cgi/bacula/commit/?id=f9472227317b8e1d26a781d042e0efdf432a633f (Release-9.6.4) CVE-2020-11060 (In GLPI before 9.4.6, an attacker can execute system commands by abusi ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-cvvq-3fww-5v6f NOTE: https://github.com/glpi-project/glpi/commit/ad748d59c94da177a3ed25111c453902396f320c NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11059 (In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir ...) NOT-FOR-US: AEgir CVE-2020-11058 (In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wjg2-2f82-466g NOTE: https://github.com/FreeRDP/FreeRDP/commit/3627aaf7d289315b614a584afb388f04abfb5bbf NOTE: https://github.com/FreeRDP/FreeRDP/issues/6011 CVE-2020-11057 (In XWiki Platform 7.2 through 11.10.2, registered users without script ...) NOT-FOR-US: XWiki CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...) NOT-FOR-US: Sprout Forms CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 0.29.2, the ...) NOT-FOR-US: BookStack CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with certif ...) - qutebrowser 1.11.1.post1-1 (unimportant) NOTE: https://github.com/qutebrowser/qutebrowser/issues/5403 NOTE: https://github.com/qutebrowser/qutebrowser/security/advisories/GHSA-4rcq-jv2f-898j NOTE: Depends on qtwebkit, which is not covered by security support CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...) - oauth2-proxy (bug #982891) CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...) NOT-FOR-US: Sorcery CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...) NOT-FOR-US: Wiki.js CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Improper Va ...) NOT-FOR-US: Java-WebSocket, different from src:websocket-api CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008 CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007 CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f5e73cc7c9cd973b516a618da877c87b80950b65 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6009 CVE-2020-11046 (In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hx48-wmmm-mr5q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/ed53cd148f43cbab905eaa0f5308c2bf3c48cc37 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6006 CVE-2020-11045 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read i ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3x39-248q-f4q6 NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/f8890a645c221823ac133dbf991f8a65ae50d637 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6005 CVE-2020-11044 (In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_ ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp (Vulnerable code introduced later) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-cgqh-p732-6x2w NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/67c2aa52b2ae0341d469071d1bc8aab91f8d2ed8 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6013 CVE-2020-11043 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-5mr4-28w3-rc84 CVE-2020-11042 (In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bound ...) {DLA-2356-1} - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9jp6-5vf2-cx2q NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/6b2bc41935e53b0034fe5948aeeab4f32e80f30f NOTE: https://github.com/FreeRDP/FreeRDP/issues/6010 CVE-2020-11041 (In FreeRDP less than or equal to 2.0.0, an outside controlled array in ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-w67c-26c4-2h9w CVE-2020-11040 (In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-x4wq-m7c9-rjgr CVE-2020-11039 (In FreeRDP less than or equal to 2.0.0, when using a manipulated serve ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-mx9p-f6q8-mqwq CVE-2020-11038 (In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-h25x-cqr6-fp6g CVE-2020-11037 (In Wagtail before versions 2.7.2 and 2.8.2, a potential timing attack ...) NOT-FOR-US: Wagtail CVE-2020-11036 (In GLPI before version 9.4.6 there are multiple related stored XSS vul ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-3g3h-rwhr-7385 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11035 (In GLPI after version 0.83.3 and before version 9.4.6, the CSRF tokens ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-w7q8-58qp-vmpf NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11034 (In GLPI before version 9.4.6, there is a vulnerability that allows byp ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-gxv6-xq9q-37hg NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11033 (In GLPI from version 9.1 and before version 9.4.6, any API user with R ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-rf54-3r4w-4h55 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11032 (In GLPI before version 9.4.6, there is a SQL injection vulnerability f ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11031 (In GLPI before version 9.5.0, the encryption algorithm used is insecur ...) - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-7xwm-4vjr-jvqh NOTE: https://github.com/glpi-project/glpi/commit/f1ae6c8481e5c19a6f1801a5548cada45702e01a#diff-b5d0ee8c97c7abd7e3fa29b9a27d1780 NOTE: Only supported behind an authenticated HTTP zone CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...) - wordpress 5.4.1+dfsg1-1 (bug #959391) [buster] - wordpress (Vulnerable code not present) [stretch] - wordpress (Vulnerable code not present) [jessie] - wordpress (Vulnerable code not present) NOTE: https://core.trac.wordpress.org/changeset/47636 NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: Fixed by: https://github.com/WordPress/wordpress-develop/commit/ec05c8b897ef4ae77fc0cba576573e90a726a52f CVE-2020-11029 (In affected versions of WordPress, a vulnerability in the stats() meth ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47637 NOTE: https://github.com/WordPress/wordpress-develop/935ab39e8ee754735a553c74d41270df1164ae56 (master) CVE-2020-11028 (In affected versions of WordPress, some private posts, which were prev ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47635 NOTE: https://github.com/WordPress/wordpress-develop/commit/8e11facb671932a6eefe0e7e4f3d63d39eef55b3 CVE-2020-11027 (In affected versions of WordPress, a password reset link emailed to a ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47634 NOTE: https://github.com/WordPress/wordpress-develop/commit/4354d1fc5cd55a18bc24555b11db201d5eb87e0c (master) CVE-2020-11026 (In affected versions of WordPress, files with a specially crafted name ...) {DSA-4677-1 DLA-2208-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2 NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47638 NOTE: https://github.com/WordPress/wordpress-develop/commit/74d6f9613b96a2948f7675513b8b7f8224bfc386 (master) CVE-2020-11025 (In affected versions of WordPress, a cross-site scripting (XSS) vulner ...) {DSA-4677-1} - wordpress 5.4.1+dfsg1-1 (bug #959391) [jessie] - wordpress (Vulnerable code not present) NOTE: https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c NOTE: https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates NOTE: https://core.trac.wordpress.org/changeset/47633 NOTE: https://github.com/WordPress/wordpress-develop/commit/cfb690cb8efaee32d55b10a7771afb0f1f47aab3 CVE-2020-11024 (In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable ...) NOT-FOR-US: Moonlight iOS/tvOS CVE-2020-11023 (In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, pa ...) {DSA-4693-1 DLA-2608-1} - jquery [buster] - jquery 3.3.1~dfsg-3+deb10u1 [jessie] - jquery (Vulnerable code not present) - drupal7 [jessie] - drupal7 (Vulnerable code not embedded) - node-jquery 3.5.0+dfsg-2 [buster] - node-jquery (Minor issue) - otrs2 6.0.30-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 NOTE: https://www.drupal.org/sa-core-2020-002 NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/ CVE-2020-11022 (In jQuery versions greater than or equal to 1.2 and before 3.5.0, pass ...) {DSA-4693-1 DLA-2608-1} - jquery [buster] - jquery 3.3.1~dfsg-3+deb10u1 [jessie] - jquery (Vulnerable code not present) - node-jquery 3.5.0+dfsg-2 [buster] - node-jquery (Minor issue) - drupal7 [jessie] - drupal7 (Vulnerable code not embedded) - otrs2 6.0.30-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://github.com/jquery/jquery/security/advisories/GHSA-gxr4-xjj5-5px2 NOTE: https://github.com/jquery/jquery/commit/1d61fd9407e6fbe82fe55cb0b938307aa0791f77 NOTE: https://www.drupal.org/sa-core-2020-002 NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-14/ CVE-2020-11021 (Actions Http-Client (NPM @actions/http-client) before version 1.0.8 ca ...) NOT-FOR-US: Actions Http-Client CVE-2020-11020 (Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1. ...) - ruby-faye 1.4.0-1 (bug #959392) [buster] - ruby-faye (Minor issue) NOTE: https://github.com/faye/faye/security/advisories/GHSA-qpg4-4w7w-2mq5 NOTE: https://github.com/faye/faye/commit/65d297d341b607f3cb0b5fa6021a625a991cc30e CVE-2020-11019 (In FreeRDP less than or equal to 2.0.0, when running with logger set t ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wvrr-2f4r-hjvh CVE-2020-11018 (In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) [jessie] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-8cvc-vcw7-6mfw CVE-2020-11017 (In FreeRDP less than or equal to 2.0.0, by providing manipulated input ...) - freerdp2 2.1.1+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) [jessie] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-q5c8-fm29-q57c CVE-2020-11016 (IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vuln ...) NOT-FOR-US: IntelMQ Manager CVE-2020-11015 RESERVED CVE-2020-11014 (Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token ...) NOT-FOR-US: Electron-Cash-SLP CVE-2020-11013 (Their is an information disclosure vulnerability in Helm from version ...) - helm-kubernetes (bug #910799) CVE-2020-11012 (MinIO versions before RELEASE.2020-04-23T00-58-49Z have an authenticat ...) NOT-FOR-US: MinIO CVE-2020-11011 (In Phproject before version 1.7.8, there's a vulnerability which allow ...) NOT-FOR-US: Phproject CVE-2020-11010 (In Tortoise ORM before versions 0.15.23 and 0.16.6, various forms of S ...) NOT-FOR-US: Tortoise ORM CVE-2020-11009 (In Rundeck before version 3.2.6, authenticated users can craft a reque ...) NOT-FOR-US: Rundeck CVE-2020-11008 (Affected versions of Git have a vulnerability whereby Git can be trick ...) {DSA-4659-1 DLA-2182-1} - git 1:2.26.2-1 NOTE: https://lore.kernel.org/lkml/xmqq4kterq5s.fsf@gitster.c.googlers.com/ NOTE: https://github.com/git/git/security/advisories/GHSA-hjc9-x69f-jqj7 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a88dbd2f8c7fd8c1e2f63483da03bd6928e8791f NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=73aafe9bc27585554181c58871a25e6d0f58a3dc NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=24036686c4af84c9e84e486ef3debab6e6d8e6b5 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=8ba8ed568e2a3b75ee84c49ddffb026fde1a0a91 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=a2b26ffb1a81aa23dd14453f4db05d8fe24ee7cc NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=fe29a9b7b0236d3d45c254965580d6aff7fa8504 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c44088ecc4b0722636e0a305f9608d3047197282 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e7fab62b736cca3416660636e46f0be8386a5030 NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=1a3609e402a062ef7b11f197fe96c28cabca132c CVE-2020-11007 (In Shopizer before version 2.11.0, using API or Controller based versi ...) NOT-FOR-US: Shopizer CVE-2020-11006 (In Shopizer before version 2.11.0, a script can be injected in various ...) NOT-FOR-US: Shopizer CVE-2020-11005 (The WindowsHello open source library (NuGet HaemmerElectronics.SeppPen ...) NOT-FOR-US: WindowsHello CVE-2020-11004 (SQL Injection was discovered in Admidio before version 3.3.13. The mai ...) NOT-FOR-US: Admidio CVE-2020-11003 (Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vuln ...) NOT-FOR-US: Oasis (not the same as src:oasis) CVE-2020-11002 (dropwizard-validation before versions 2.0.3 and 1.3.21 has a remote co ...) NOT-FOR-US: dropwizard-validation CVE-2020-11001 (In Wagtail before versions 2.8.1 and 2.7.2, a cross-site scripting (XS ...) NOT-FOR-US: Wagtail CVE-2020-11000 (GreenBrowser before version 1.2 has a vulnerability where apps that re ...) NOT-FOR-US: GreenBrowser CVE-2020-10999 RESERVED CVE-2020-10998 RESERVED CVE-2020-10997 (Percona XtraBackup before 2.4.20 unintentionally writes the command li ...) - percona-xtrabackup (Vulnerable code introduced later) NOTE: https://jira.percona.com/browse/PXB-2142 NOTE: Introduced in: https://github.com/percona/percona-xtrabackup/commit/0b38ffc0f30f1b6d3ff7ed0f9cb3ab31a2ccad13 (percona-xtrabackup-2.4.11) NOTE: https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/ CVE-2020-10996 (An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41. ...) - percona-xtradb-cluster-5.5 CVE-2020-10995 (PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not suffic ...) {DSA-4691-1} - pdns-recursor 4.3.1-1 [jessie] - pdns-recursor (Vulnerable code added later) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-01.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 CVE-2020-10994 (In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multipl ...) - pillow 7.2.0-1 (unimportant) NOTE: https://github.com/python-pillow/Pillow/pull/4505 NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: Fixed in 7.1.0 NOTE: Debian packages are built without JPEG2000 support CVE-2020-10993 (Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader. ...) NOT-FOR-US: Osmand CVE-2020-10992 (Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorMa ...) NOT-FOR-US: Azkaban CVE-2020-10991 (Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXml ...) NOT-FOR-US: Mulesoft APIkit CVE-2020-10990 (An XXE issue exists in Accenture Mercury before 1.12.28 because of the ...) NOT-FOR-US: Accenture Mercury CVE-2020-10989 (An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 ...) NOT-FOR-US: Tenda CVE-2020-10988 (A hard-coded telnet credential in the tenda_login binary of Tenda AC15 ...) NOT-FOR-US: Tenda CVE-2020-10987 (The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05 ...) NOT-FOR-US: Tenda CVE-2020-10986 (A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC190 ...) NOT-FOR-US: Tenda CVE-2020-10985 (Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. ...) NOT-FOR-US: Gambio GX CVE-2020-10984 (Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. ...) NOT-FOR-US: Gambio GX CVE-2020-10983 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. ...) NOT-FOR-US: Gambio GX CVE-2020-10982 (Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. ...) NOT-FOR-US: Gambio GX CVE-2020-10981 (GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintaine ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10980 (GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogB ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10979 (GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pip ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10978 (GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10977 (GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when mov ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10976 (GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when qu ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10975 (GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerab ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10974 (An issue was discovered affecting a backup feature where a crafted POS ...) NOT-FOR-US: Wavlink CVE-2020-10973 (An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink ...) NOT-FOR-US: Wavlink CVE-2020-10972 (An issue was discovered where a page is exposed that has the current a ...) NOT-FOR-US: Wavlink CVE-2020-10971 (An issue was discovered on Wavlink Jetstream devices where a crafted P ...) NOT-FOR-US: Wavlink CVE-2020-10970 RESERVED CVE-2020-10969 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2642 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10968 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2179-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2662 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10967 (In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash ...) {DSA-4690-1} - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-35861 (An issue was discovered in the bumpalo crate before 3.2.1 for Rust. Th ...) - rust-bumpalo 3.2.1-1 (bug #955151) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0006.html NOTE: https://github.com/fitzgen/bumpalo/issues/69 CVE-2020-10966 (In the Password Reset Module in VESTA Control Panel through 0.9.8-25 a ...) NOT-FOR-US: VESTA Control Panel CVE-2020-10965 (Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to ...) NOT-FOR-US: Teradici PCoIP Management Console CVE-2020-10964 (Serendipity before 2.3.4 on Windows allows remote attackers to execute ...) - serendipity CVE-2020-10963 (FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted fi ...) NOT-FOR-US: FrozenNode Laravel-Administrator CVE-2020-10962 RESERVED CVE-2020-10961 RESERVED CVE-2020-10960 (In MediaWiki before 1.34.1, users can add various Cascading Style Shee ...) {DSA-4651-1} - mediawiki 1:1.31.7-1 [stretch] - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T246602 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html CVE-2020-10959 (resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 a ...) - mediawiki (Vulnerable code introduced later) NOTE: https://phabricator.wikimedia.org/T232932 NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2020-March/093243.html CVE-2020-10958 (In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an un ...) {DSA-4690-1} - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-10957 (In Dovecot before 2.3.10.1, unauthenticated sending of malformed param ...) {DSA-4690-1} - dovecot 1:2.3.10.1+dfsg1-1 (bug #960963) [stretch] - dovecot (Vulnerable code introduced in 2.3.0) [jessie] - dovecot (Vulnerable code introduced in 2.3.0) NOTE: https://www.openwall.com/lists/oss-security/2020/05/18/1 CVE-2020-10956 (GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a proje ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10955 (GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10954 (GitLab through 12.9 is affected by a potential DoS in repository archi ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10953 (In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a pat ...) - gitlab (Only affects GitLab EE 11.7 and later) NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10952 (GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push doc ...) [experimental] - gitlab 12.8.8-1 - gitlab 13.2.3-2 NOTE: https://about.gitlab.com/releases/2020/03/26/security-release-12-dot-9-dot-1-released/ CVE-2020-10951 (Western Digital My Cloud Home and ibi devices before 2.2.0 allow click ...) NOT-FOR-US: Western Digital My Cloud Home and ibi devices CVE-2020-10950 RESERVED CVE-2020-10949 RESERVED CVE-2020-10948 (Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) ...) NOT-FOR-US: Jon Hedley AlienForm2 CVE-2020-10947 (Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Soph ...) NOT-FOR-US: Sophos CVE-2020-10946 (Cross-site scripting (XSS) vulnerability allows remote attackers to in ...) - centreon-web (bug #913903) CVE-2020-10945 (Centreon before 19.10.7 exposes Session IDs in server responses. ...) - centreon-web (bug #913903) CVE-2020-10944 (HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-si ...) - nomad 0.10.5+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7468 CVE-2020-10943 RESERVED CVE-2020-10942 (In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net. ...) {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/42d84c8490f9f0931786f1623191fcab397c3d64 (5.6-rc4) CVE-2020-10941 (Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive inform ...) - mbedtls 2.16.5-1 [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-02 CVE-2020-10940 (Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER ...) NOT-FOR-US: PHOENIX CONTACT CVE-2020-10939 (Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT thro ...) NOT-FOR-US: PHOENIX CONTACT CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resultant hea ...) {DSA-4675-1 DLA-2173-1} - graphicsmagick 1.4+really1.3.34-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/95abc2b694ce CVE-2020-10937 (An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can ...) - ipfs (bug #779893) CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...) {DSA-4818-1 DLA-2401-1} - sympa 6.2.40~dfsg-5 (bug #961491) NOTE: https://sympa-community.github.io/security/2020-002.html NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch NOTE: Patch for sympa-6.1.25: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.1.25-sa-2020-002-r2.patch NOTE: https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/ NOTE: https://github.com/sympa-community/sympa/issues/943 CVE-2020-26932 (debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg- ...) {DSA-4818-1 DLA-2401-1} - sympa 6.2.40~dfsg-7 (bug #971904) NOTE: Debian specific issue where sympa_newaliases-wrapper had loose permissions NOTE: (already suid root and word-executable) allowing to gain root privileges NOTE: without first to escalate to sympa user. NOTE: https://salsa.debian.org/sympa-team/sympa/-/merge_requests/1 CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with resulta ...) - zulip-server (bug #800052) CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. ...) NOT-FOR-US: Acyba AcyMailing CVE-2020-10933 (An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6 ...) {DSA-4721-1} - ruby2.7 2.7.1-1 - ruby2.5 - ruby2.3 (Vulnerable code introduced in 2.5.0) - ruby2.1 (Vulnerable code introduced in 2.5.0) NOTE: https://www.ruby-lang.org/en/news/2020/03/31/heap-exposure-in-socket-cve-2020-10933/ NOTE: Fixed by: https://github.com/ruby/ruby/commit/61b7f86248bd121be2e83768be71ef289e8e5b90 NOTE: Introduced around https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc NOTE: and https://github.com/ruby/ruby/commit/ba5eb6458a7e9a41ee76cfe45b84f997600681dc CVE-2020-10932 (An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before ...) - mbedtls 2.16.9-0.1 (bug #963159) [buster] - mbedtls (Minor issue) [stretch] - mbedtls (Minor issue) NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.16.6-and-2.7.15-released NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2020-04 CVE-2020-10930 (This vulnerability allows network-adjacent attackers to disclose sensi ...) NOT-FOR-US: Netgear CVE-2020-10929 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10928 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10927 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10926 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: Netgear CVE-2020-10925 (This vulnerability allows network-adjacent attackers to compromise the ...) NOT-FOR-US: Netgear CVE-2020-10924 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2020-10923 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: Netgear CVE-2020-10922 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: C-MORE HMI CVE-2020-10921 (This vulnerability allows remote attackers to issue commands on affect ...) NOT-FOR-US: C-MORE HMI CVE-2020-10920 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: C-MORE HMI CVE-2020-10919 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: C-MORE HMI CVE-2020-10918 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: C-MORE HMI CVE-2020-10917 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: NEC CVE-2020-10916 (This vulnerability allows network-adjacent attackers to escalate privi ...) NOT-FOR-US: TP-Link CVE-2020-10915 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: VEEAM One Agent CVE-2020-10914 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: VEEAM One Agent CVE-2020-10913 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10912 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10911 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10910 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10909 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10908 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10907 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10906 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10905 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10904 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10903 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10902 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10901 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10900 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10899 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-10898 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10897 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10896 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10895 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10894 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10893 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10892 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10891 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10890 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10889 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-10888 (This vulnerability allows remote attackers to bypass authentication on ...) NOT-FOR-US: TP-Link CVE-2020-10887 (This vulnerability allows a firewall bypass on affected installations ...) NOT-FOR-US: TP-Link CVE-2020-10886 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10885 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10884 (This vulnerability allows network-adjacent attackers execute arbitrary ...) NOT-FOR-US: TP-Link CVE-2020-10883 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: TP-Link CVE-2020-10882 (This vulnerability allows network-adjacent attackers to execute arbitr ...) NOT-FOR-US: TP-Link CVE-2020-10881 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: TP-Link CVE-2020-10880 RESERVED CVE-2020-10879 (rConfig before 3.9.5 allows command injection by sending a crafted GET ...) NOT-FOR-US: rConfig CVE-2020-10878 (Perl before 5.30.3 has an integer overflow related to mishandling of a ...) - perl 5.30.3-1 (bug #962005) [buster] - perl 5.28.1-6+deb10u1 [stretch] - perl 5.24.1-3+deb9u7 NOTE: https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 (v5.30.3) NOTE: https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c (v5.30.3) CVE-2020-10877 RESERVED CVE-2020-10876 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-10875 (Motorola FX9500 devices allow remote attackers to conduct absolute pat ...) NOT-FOR-US: Motorola devices CVE-2020-10874 (Motorola FX9500 devices allow remote attackers to read database files. ...) NOT-FOR-US: Motorola devices CVE-2020-10873 RESERVED CVE-2020-10872 RESERVED CVE-2020-10871 (** DISPUTED ** In OpenWrt LuCI git-20.x, remote unauthenticated attack ...) NOT-FOR-US: OpenWrt LuCI CVE-2020-10870 (Zim through 0.72.1 creates temporary directories with predictable name ...) - zim 0.72.1-1 (unimportant; bug #954810) NOTE: https://github.com/zim-desktop-wiki/zim-desktop-wiki/issues/1028 NOTE: Negligible security impact CVE-2020-10869 RESERVED CVE-2020-10868 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10867 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10866 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10865 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10864 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10863 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10862 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10861 (An issue was discovered in Avast Antivirus before 20. The aswTask RPC ...) NOT-FOR-US: Avast Antivirus CVE-2020-10860 (An issue was discovered in Avast Antivirus before 20. An Arbitrary Mem ...) NOT-FOR-US: Avast Antivirus CVE-2020-10859 (Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated ...) NOT-FOR-US: Zoho CVE-2020-10858 (Zulip Desktop before 5.0.0 allows attackers to perform recording via t ...) NOT-FOR-US: Zulip Desktop CVE-2020-10857 (Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shel ...) NOT-FOR-US: Zulip Desktop CVE-2020-10856 RESERVED CVE-2020-10931 (Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial ...) - memcached 1.6.2-1 (bug #954808) [buster] - memcached (Introduced in 1.6) [stretch] - memcached (Introduced in 1.6) [jessie] - memcached (Introduced in 1.6) NOTE: https://github.com/memcached/memcached/issues/629 NOTE: https://github.com/memcached/memcached/commit/02c6a2b62ddcb6fa4569a591d3461a156a636305 CVE-2020-10855 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10854 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10853 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10852 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10851 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10850 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10849 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10848 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10847 (An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10846 (An issue was discovered on Samsung mobile devices with P(9.x) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10845 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10844 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10843 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10842 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10841 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10840 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10839 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10837 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10835 (An issue was discovered on Samsung mobile devices with any (before Feb ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10834 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10833 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10832 (An issue was discovered on Samsung mobile devices with P(9.0) (Exynos ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10831 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10830 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10829 (An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), ...) NOT-FOR-US: Samsung mobile devices CVE-2020-10828 (A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, ...) NOT-FOR-US: Draytek CVE-2020-10827 (A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, ...) NOT-FOR-US: Draytek CVE-2020-10826 (/cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B d ...) NOT-FOR-US: Draytek CVE-2020-10825 (A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 de ...) NOT-FOR-US: Draytek CVE-2020-10824 (A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket ...) NOT-FOR-US: Draytek CVE-2020-10823 (A stack-based buffer overflow in /cgi-bin/activate.cgi through var par ...) NOT-FOR-US: Draytek CVE-2020-10822 RESERVED CVE-2020-10821 (Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter. ...) NOT-FOR-US: Nagios XI CVE-2020-10820 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) NOT-FOR-US: Nagios XI CVE-2020-10819 (Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integr ...) NOT-FOR-US: Nagios XI CVE-2020-10818 (Artica Proxy 4.26 allows remote command execution for an authenticated ...) NOT-FOR-US: Artica Proxy CVE-2020-10817 (The custom-searchable-data-entry-system (aka Custom Searchable Data En ...) NOT-FOR-US: custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin for WordPress CVE-2020-10816 (Zoho ManageEngine Applications Manager 14780 and before allows a remot ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-10815 RESERVED CVE-2020-10814 (A buffer overflow vulnerability in Code::Blocks 17.12 allows an attack ...) NOT-FOR-US: Code::Blocks CVE-2020-10813 (A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to cr ...) NOT-FOR-US: FTPDMIN CVE-2020-10812 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) - hdf5 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_4 NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5fquery-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-10811 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) - hdf5 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_2 NOTE: https://research.loginsoft.com/bugs/heap-buffer-overflow-in-h5olayout-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-10810 (An issue was discovered in HDF5 through 1.12.0. A NULL pointer derefer ...) - hdf5 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3 NOTE: https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-10809 (An issue was discovered in HDF5 through 1.12.0. A heap-based buffer ov ...) - hdf5 (unimportant) NOTE: https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_1 NOTE: https://research.loginsoft.com/bugs/heap-overflow-in-decompress-c-hdf5-1-13-0/ NOTE: Negligible security impact, malicous scientific data has more issues than a crash... CVE-2020-10808 (Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injectio ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10807 (auth_svc in Caldera before 2.6.5 allows authentication bypass (for RES ...) NOT-FOR-US: Caldera CVE-2020-10806 (eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before ...) NOT-FOR-US: eZ Publish Kernel CVE-2020-10805 RESERVED CVE-2020-10804 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954667) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 [jessie] - phpmyadmin (Vulnerable code not present) NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/56b43527196b0349ec2bea8ca711667e5aa75c65 NOTE: Introduced-by: https://github.com/phpmyadmin/phpmyadmin/commit/d55abcd5ffa1ea8785f1217f5b7d78a8a54b8542 NOTE: https://www.phpmyadmin.net/security/PMASA-2020-2/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80 CVE-2020-10803 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) {DLA-2154-1} - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954666) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 NOTE: https://www.phpmyadmin.net/security/PMASA-2020-4/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6b9b2601d8af916659cde8aefd3a6eaadd10284a CVE-2020-10802 (In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection v ...) {DLA-2154-1} - phpmyadmin 4:4.9.5+dfsg1-1 (bug #954665) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 NOTE: https://www.phpmyadmin.net/security/PMASA-2020-3/ NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/a8acd7a42cf743186528b0453f90aaa32bfefabe CVE-2020-10801 RESERVED CVE-2020-10800 (lix through 15.8.7 allows man-in-the-middle attackers to execute arbit ...) NOT-FOR-US: lix node (different from src:lix) CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks via an ...) NOT-FOR-US: svglib CVE-2020-10798 RESERVED CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_ping.ph ...) NOT-FOR-US: pfSense CVE-2020-10796 RESERVED CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code ...) NOT-FOR-US: Gira TKS-IP-Gateway CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...) NOT-FOR-US: Gira TKS-IP-Gateway CVE-2020-10793 (CodeIgniter through 4.0.0 allows remote attackers to gain privileges v ...) - codeigniter (bug #471583) CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10791 (app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10790 (openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10789 (openITCOCKPIT before 3.7.3 has a web-based terminal that allows attack ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10788 (openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a941523 ...) NOT-FOR-US: openITCOCKPIT CVE-2020-10787 (An elevation of privilege in Vesta Control Panel through 0.9.8-26 allo ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10786 (A remote command execution in Vesta Control Panel through 0.9.8-26 all ...) NOT-FOR-US: Vesta Control Panel CVE-2020-10785 RESERVED CVE-2020-10784 RESERVED CVE-2020-10783 (Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege esc ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible version ...) NOT-FOR-US: Ansible Tower CVE-2020-10781 (A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel ...) {DLA-2385-1} - linux 5.7.10-1 [buster] - linux 4.19.146-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/18/1 NOTE: https://git.kernel.org/linus/853eab68afc80f59f36bbdeb715e5c88c501e680 CVE-2020-10780 (Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a craf ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10779 (Red Hat CloudForms 4.7 and 5 leads to insecure direct object reference ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10778 (In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited b ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10777 (A cross-site scripting flaw was found in Report Menu feature of Red Ha ...) NOT-FOR-US: Red Hat CloudForm CVE-2020-10776 (A flaw was found in Keycloak before version 12.0.0, where it is possib ...) NOT-FOR-US: Keycloak CVE-2020-10775 (An Open redirect vulnerability was found in ovirt-engine versions 4.4 ...) NOT-FOR-US: ovirt-engine CVE-2020-10774 (A memory disclosure flaw was found in the Linux kernel's versions befo ...) - linux (Red Hat-specific patch) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846964 CVE-2020-10773 (A stack information leak flaw was found in s390/s390x in the Linux ker ...) - linux 5.3.9-1 [buster] - linux 4.19.87-1 [stretch] - linux 4.9.210-1 [jessie] - linux 3.16.81-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1846380 CVE-2020-10772 (An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Ha ...) - unbound (Red Hat specific regression in backport) CVE-2020-10771 (A flaw was found in Infinispan version 10, where it is possible to per ...) NOT-FOR-US: Infinispan CVE-2020-10770 (A flaw was found in Keycloak before 13.0.0, where it is possible to fo ...) NOT-FOR-US: Keycloak CVE-2020-10769 (A buffer over-read flaw was found in RH kernel versions before 5.0 in ...) - linux 4.19.20-1 [stretch] - linux 4.9.161-1 [jessie] - linux 3.16.68-1 NOTE: https://git.kernel.org/linus/8f9c469348487844328e162db57112f7d347c49f CVE-2020-10768 (A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() fun ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 NOTE: https://git.kernel.org/linus/4d8df8cbb9156b0a0ab3f802b80cb5db57acc0bf CVE-2020-10767 (A flaw was found in the Linux kernel before 5.8-rc1 in the implementat ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 NOTE: https://git.kernel.org/linus/21998a351512eba4ed5969006f0c55882d995ada CVE-2020-10766 (A logic bug flaw was found in Linux kernel before 5.8-rc1 in the imple ...) {DLA-2323-1} - linux 5.7.6-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/10/1 NOTE: https://git.kernel.org/linus/dbbe2ad02e9df26e372f38cc3e70dab9222c832e CVE-2020-10765 RESERVED CVE-2020-10764 RESERVED CVE-2020-10763 (An information-disclosure flaw was found in the way Heketi before 10.1 ...) - heketi (bug #903384) CVE-2020-10762 (An information-disclosure flaw was found in the way that gluster-block ...) NOT-FOR-US: gluster-block CVE-2020-10761 (An assertion failure issue was found in the Network Block Device(NBD) ...) - qemu 1:5.0-6 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/09/1 NOTE: Proposed upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg02031.html NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=5c4fe018c025740fef4a0a4421e8162db0c3eefd NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=93676c88d7a5cd5971de94f9091eff8e9773b1af CVE-2020-10760 (A use-after-free flaw was found in all samba LDAP server versions befo ...) {DLA-2463-1} - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) NOTE: https://www.samba.org/samba/security/CVE-2020-10760.html CVE-2020-10759 (A PGP signature bypass flaw was found in fwupd (all versions), which c ...) {DLA-2274-1} - fwupd 1.3.10-1 (bug #962517) [buster] - fwupd 1.2.13-1 - libjcat 0.1.3-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1844316 NOTE: https://github.com/justinsteven/advisories/blob/master/2020_fwupd_dangling_s3_bucket_and_CVE-2020-10759_signature_verification_bypass.md NOTE: Fixed by: https://github.com/fwupd/fwupd/commit/21f2d12fccef63b8aaa99ec53278ce18250b0444 (1.3.10) NOTE: Introduced with: https://github.com/fwupd/fwupd/commit/36a889034c3d34ae4ac4530ea7b6b16e82476fae (0.1.2) NOTE: https://github.com/hughsie/libjcat/commit/839b89f45a38b2373bf5836337a33f450aaab72e CVE-2020-10758 (A vulnerability was found in Keycloak before 11.0.1 where DoS attack i ...) NOT-FOR-US: Keycloak CVE-2020-10757 (A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-2 [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/5bfea2d9b17f1034a68147a8b03b9789af5700f9 CVE-2020-10756 (An out-of-bounds read vulnerability was found in the SLiRP networking ...) {DSA-4728-1 DLA-2288-1} - libslirp 4.3.1-1 - qemu 1:4.1-2 - slirp4netns 1.0.1-1 [buster] - slirp4netns (Minor issue) NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835986#c11 NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-96c5-v27g-58vf CVE-2020-10755 (An insecure-credentials flaw was found in all openstack-cinder version ...) - cinder 2:16.1.0-1 (low) [buster] - cinder (Minor issue) [stretch] - cinder (Minor issue) [jessie] - cinder (OpenStack component, not supported in jessie LTS) - python-os-brick 3.1.0-1 (low) [buster] - python-os-brick (Minor issue) [stretch] - python-os-brick (Minor issue) NOTE: https://bugs.launchpad.net/cinder/+bug/1823200 NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0086 CVE-2020-10754 (It was found that nmcli, a command line interface to NetworkManager di ...) - network-manager 1.24.2-1 (unimportant) NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/448 NOTE: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/8affcc19b61fc3c516474ba075e61b82030feeb4 NOTE: Only affects builds enabling ifcfg-rh settings plugin, source-wise only NOTE: affected but not the Debian binary builds (and is RedHat/Fedora specific NOTE: plugin). CVE-2020-10753 (A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gate ...) {DLA-2735-1} - ceph 14.2.15-1 (bug #975300) [buster] - ceph (Minor issue) [jessie] - ceph (Minor issue) NOTE: https://github.com/ceph/ceph/pull/35773 NOTE: Fix: https://github.com/ceph/ceph/commit/1524d3c0c5cb11775313ea1e2bb36a93257947f2 CVE-2020-10752 (A flaw was found in the OpenShift API Server, where it failed to suffi ...) NOT-FOR-US: OpenShift CVE-2020-10751 (A flaw was found in the Linux kernels SELinux LSM hook implementation ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.6.14-1 NOTE: https://git.kernel.org/linus/fb73974172ffaaf57a7c42f35424d9aece1a5af6 CVE-2020-10750 (Sensitive information written to a log file vulnerability was found in ...) NOT-FOR-US: Jaeger CVE-2020-10749 (A vulnerability was found in all versions of containernetworking/plugi ...) - golang-github-containernetworking-plugins 0.8.6-1 NOTE: https://github.com/containernetworking/plugins/pull/484 NOTE: https://github.com/containernetworking/plugins/commit/219eb9e0464761c47383d239aba206da695e1a43 CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1, where i ...) NOT-FOR-US: Keycloak CVE-2020-10747 REJECTED CVE-2020-10746 (A flaw was found in Infinispan (org.infinispan:infinispan-server-runti ...) NOT-FOR-US: Infinispan CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 4.11.11 ...) {DLA-2463-1} - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) NOTE: https://www.samba.org/samba/security/CVE-2020-10745.html CVE-2020-10744 (An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...) - ansible 2.9.13+dfsg-1 (bug #966660) [buster] - ansible (Incomplete fix not applied) [stretch] - ansible (Incomplete fix not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835566 NOTE: https://github.com/ansible/ansible/commit/77d0effcc5b2da1ef23e4ba32986a9759c27c10d NOTE: https://github.com/ansible/ansible/commit/84afa8e90cd168ff13208c8eae3e533ce7e21e1f (v2.9.12) NOTE: CVE is for an incomplete fix of CVE-2020-1733 CVE-2020-10743 (It was discovered that OpenShift Container Platform's (OCP) distributi ...) - kibana (bug #700337) CVE-2020-10742 (A flaw was found in the Linux kernel. An index buffer overflow during ...) - linux 3.16.2-2 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1835127 CVE-2020-10741 REJECTED CVE-2020-10740 (A vulnerability was found in Wildfly in versions before 20.0.0.Final, ...) - wildfly (bug #752018) CVE-2020-10739 (Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the foll ...) - envoyproxy (bug #987544) CVE-2020-10738 (A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6 ...) - moodle CVE-2020-10737 (A race condition was found in the mkhomedir tool shipped with the oddj ...) - oddjob 0.34.6-1 (bug #960089) [buster] - oddjob (Minor issue) [stretch] - oddjob (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1833042 NOTE: https://pagure.io/oddjob/c/10b8aaa1564b723a005b53acc069df71313f4cac CVE-2020-10736 (An authorization bypass vulnerability was found in Ceph versions 15.2. ...) - ceph (Vulnerable code introduced later) NOTE: https://ceph.io/releases/v15-2-2-octopus-released/ NOTE: https://github.com/ceph/ceph/commit/c7e7009a690621aacd4ac2c70c6469f25d692868 (master) NOTE: https://github.com/ceph/ceph/commit/f2cf2ce1bd9a86462510a7a12afa4e528b615df2 (v15.2.2) CVE-2020-10735 RESERVED CVE-2020-10734 (A vulnerability was found in keycloak in the way that the OIDC logout ...) NOT-FOR-US: Keycloak CVE-2020-10733 (The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided ...) - postgresql-12 (Windows-specific) - postgresql-11 (Windows-specific) - postgresql-9.6 (Windows-specific) NOTE: https://www.postgresql.org/about/news/2038/ CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of Userspace cor ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-2 [jessie] - linux (Does not affect supported architectures) NOTE: https://www.openwall.com/lists/oss-security/2020/05/06/1 NOTE: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413 CVE-2020-10731 (A flaw was found in the nova_libvirt container provided by the Red Hat ...) NOT-FOR-US: Red Hat OpenStack platform CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found ...) {DSA-4884-1 DLA-2463-1} - ldb 2:2.1.4-1 [stretch] - ldb (Vulnerable code introduced later) - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) NOTE: https://www.samba.org/samba/security/CVE-2020-10730.html NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14364 NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=9dd458956d7af1b4bbe505ba2ab72235e81c27d0 (for ldb) CVE-2020-10729 (A flaw was found in the use of insufficiently random values in Ansible ...) {DSA-4950-1} - ansible 2.9.6+dfsg-1 [jessie] - ansible (Vulnerable code introduced later, no variables template caching) NOTE: https://github.com/ansible/ansible/issues/34144 NOTE: https://github.com/ansible/ansible/pull/67429/ NOTE: https://github.com/ansible/ansible/commit/b38603c45ed3a53574ec2080fb3a24db38ab5bc6 NOTE: Introduced in https://github.com/ansible/ansible/commit/87a9485b2f5a3188460f0a0219d2e0d990ce4e67 (2.0) CVE-2020-10728 RESERVED NOT-FOR-US: automationbroker/apb CVE-2020-10727 (A flaw was found in ActiveMQ Artemis management API from version 2.7.0 ...) NOT-FOR-US: ApacheMQ Artemis CVE-2020-10726 (A vulnerability was found in DPDK versions 19.11 and above. A maliciou ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk (Vulnerable code not present) [stretch] - dpdk (Vulnerable code not present) CVE-2020-10725 (A flaw was found in DPDK version 19.11 and above that allows a malicio ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk (Vulnerable code not present) [stretch] - dpdk (Vulnerable code not present) CVE-2020-10724 (A vulnerability was found in DPDK versions 18.11 and above. The vhost- ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk 18.11.6-1~deb10u2 [stretch] - dpdk (Vulnerable code not present) CVE-2020-10723 (A memory corruption issue was found in DPDK versions 17.05 and above. ...) - dpdk 19.11.2-1 (bug #960936) [buster] - dpdk 18.11.6-1~deb10u2 [stretch] - dpdk (Vulnerable code not present) CVE-2020-10722 (A vulnerability was found in DPDK versions 18.05 and above. A missing ...) {DSA-4688-1} - dpdk 19.11.2-1 (bug #960936) CVE-2020-10721 (A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When usi ...) NOT-FOR-US: fabric8-maven-plugin CVE-2020-10720 (A flaw was found in the Linux kernel's implementation of GRO in versio ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 [stretch] - linux 4.9.184-1 [jessie] - linux 3.16.76-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1781204 NOTE: Fixed by: https://git.kernel.org/linus/a4270d6795b0580287453ea55974d948393e66ef CVE-2020-10719 (A flaw was found in Undertow in versions before 2.1.1.Final, regarding ...) - undertow 2.1.1-1 (bug #969913) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1828459 NOTE: https://issues.redhat.com/browse/UNDERTOW-1708 (not public) NOTE: most likely fixed by https://github.com/undertow-io/undertow/commit/bfc8fbd67f6b3dd96702b363f61cf805baf3c6cf CVE-2020-10718 (A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, wher ...) - wildfly (bug #752018) CVE-2020-10717 (A potential DoS flaw was found in the virtio-fs shared file system dae ...) - qemu 1:5.0-5 (bug #959746) [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) NOTE: Introduced in: https://git.qemu.org/?p=qemu.git;a=commit;h=01a6dc95ec7f71eeff9963fe3cb03d85225fba3e (v5.0.0-rc0) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-05/msg00143.html CVE-2020-10716 (A flaw was found in Red Hat Satellite's Job Invocation, where the "Use ...) NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...) NOT-FOR-US: Openshift Web Console CVE-2020-10714 (A flaw was found in WildFly Elytron version 1.11.3.Final and before. W ...) NOT-FOR-US: WildFly Elytron CVE-2020-10713 (A flaw was found in grub2, prior to version 2.06. An attacker may use ...) {DSA-4735-1} - grub2 2.04-9 [stretch] - grub2 (No SecureBoot support in stretch) NOTE: https://www.eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ NOTE: https://www.openwall.com/lists/oss-security/2020/07/29/3 NOTE: https://git.savannah.gnu.org/gitweb/?p=grub.git;a=commit;h=a4d3fbdff1e3ca8f87642af2ac8752c30c617a3e CVE-2020-10712 (A flaw was found in OpenShift Container Platform version 4.1 and later ...) NOT-FOR-US: image registry operator in OpenShift Container Platform CVE-2020-10711 (A NULL pointer dereference flaw was found in the Linux kernel's SELinu ...) {DSA-4699-1 DSA-4698-1 DLA-2242-1} - linux 5.6.14-1 [jessie] - linux (Vulnerability introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/05/12/2 CVE-2020-10710 RESERVED CVE-2020-10709 (A security flaw was found in Ansible Tower when requesting an OAuth2 t ...) - ansible-awx (bug #908763) NOTE: https://github.com/ansible/awx/issues/6630 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1824033 CVE-2020-10708 REJECTED CVE-2020-10707 REJECTED CVE-2020-10706 (A flaw was found in OpenShift Container Platform where OAuth tokens ar ...) NOT-FOR-US: OpenShift CVE-2020-10705 (A flaw was discovered in Undertow in versions before Undertow 2.1.1.Fi ...) - undertow 2.1.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803241 NOTE: https://github.com/undertow-io/undertow/commit/b53d4589c586e8bbdcc89ed60f32cd7977e9a4f4 CVE-2020-10704 (A flaw was found when using samba as an Active Directory Domain Contro ...) {DLA-2463-1} - samba 2:4.12.3+dfsg-2 (bug #960188) [buster] - samba (Can be fixed along in future DSA) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14334 NOTE: https://www.samba.org/samba/security/CVE-2020-10704.html CVE-2020-10703 (A NULL pointer dereference was found in the libvirt API responsible in ...) - libvirt 6.0.0-2 [buster] - libvirt (Minor issue) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725 NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1) CVE-2020-10702 (A flaw was found in QEMU in the implementation of the Pointer Authenti ...) - qemu 1:4.2-5 [buster] - qemu (Vulnerable code introduced later) [stretch] - qemu (Vulnerable code introduced later) [jessie] - qemu (Vulnerable code introduced later) - qemu-kvm (Vulnerable code introduced later) NOTE: https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9 (v5.0.0-rc0) CVE-2020-10701 (A missing authorization flaw was found in the libvirt API responsible ...) - libvirt 6.0.0-7 (bug #955841) [buster] - libvirt (Vulnerable code introduced later) [stretch] - libvirt (Vulnerable code introduced later) [jessie] - libvirt (Vulnerable code introduced later) NOTE: Introduced in: https://libvirt.org/git/?p=libvirt.git;a=commit;h=95f5ac9ae52455e9da47afc95fa31c9456ac27ae (v5.10.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=4cc90c2e62df653e909ad31fd810224bf8bcf913 (v6.2.0-rc1) CVE-2020-10700 (A use-after-free flaw was found in the way samba AD DC LDAP servers, h ...) - samba 2:4.12.3+dfsg-2 (bug #960189) [buster] - samba (Vulnerable code introduced later) [stretch] - samba (Vulnerable code introduced later) [jessie] - samba (Vulnerable code introduced later) NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14331 NOTE: https://www.samba.org/samba/security/CVE-2020-10700.html CVE-2020-10699 (A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 ...) - targetcli-fb (Vulnerable code introduced later) NOTE: https://github.com/open-iscsi/targetcli-fb/issues/162 NOTE: Introduced in: https://github.com/open-iscsi/targetcli-fb/commit/ad37f94ae72d0e3d5963ce182e2897c84af9c039 (v2.1.50) NOTE: Fixed by: https://github.com/open-iscsi/targetcli-fb/commit/6e4f39357a90a914d11bac21cc2d2b52c07c213d CVE-2020-10698 (A flaw was found in Ansible Tower when running jobs. This flaw allows ...) NOT-FOR-US: Ansible Tower CVE-2020-10697 (A flaw was found in Ansible Tower when running Openshift. Tower runs a ...) NOT-FOR-US: Ansible Tower CVE-2020-10696 (A path traversal flaw was found in Buildah in versions before 1.14.5. ...) - golang-github-containers-buildah 1.11.6-2 NOTE: https://github.com/containers/buildah/commit/c61925b8936e93a5e900f91b653a846f7ea3a9ed CVE-2020-10695 (An insecure modification flaw in the /etc/passwd file was found in the ...) NOTE: Red Hat specific CVE assignment for openshift/redhat-sso-7 container CVE-2020-10694 RESERVED CVE-2020-10693 (A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in ...) - libhibernate-validator-java (bug #988946) [bullseye] - libhibernate-validator-java (Minor issue) [buster] - libhibernate-validator-java (EL support added in 5.x) [stretch] - libhibernate-validator-java (EL support added in 5.x) [jessie] - libhibernate-validator-java (EL support added in 5.x) - libhibernate-validator4-java (EL support added in 5.x) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805501 CVE-2020-10692 RESERVED CVE-2020-10691 (An archive traversal flaw was found in all ansible-engine versions 2.9 ...) - ansible 2.9.7+dfsg-1 [buster] - ansible (Vulnerable code introduced later) [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817161 NOTE: https://github.com/ansible/ansible/pull/68596 NOTE: https://github.com/ansible/ansible/commit/b2551bb6943eec078066aa3a923e0bb3ed85abe8 (stable-2.9) CVE-2020-10690 (There is a use-after-free in kernel versions before 5.5 due to a race ...) {DLA-2241-1} - linux 5.4.8-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.228-1 NOTE: Fixed by: https://git.kernel.org/linus/a33121e5487b424339636b25c35d3a180eaa5f5e CVE-2020-10689 (A flaw was found in the Eclipse Che up to version 7.8.x, where it did ...) NOT-FOR-US: Eclipse Che CVE-2020-10688 (A cross-site scripting (XSS) flaw was found in RESTEasy in versions be ...) - resteasy (bug #970328) - resteasy3.0 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974 NOTE: https://github.com/quarkusio/quarkus/issues/7248 NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted) CVE-2020-10687 (A flaw was discovered in all versions of Undertow before Undertow 2.2. ...) - undertow 2.2.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049 NOTE: https://issues.jboss.org/browse/UNDERTOW-1780 NOTE: https://github.com/undertow-io/undertow/pull/951 NOTE: https://github.com/undertow-io/undertow/commit/a18574a4da09449d855c0a7e58dfca3e9e2e488e (2.2.0.Final) CVE-2020-10686 (A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in ...) NOT-FOR-US: Keycloak CVE-2020-10685 (A flaw was found in Ansible Engine affecting Ansible Engine versions 2 ...) {DSA-4950-1} - ansible 2.9.7+dfsg-1 [jessie] - ansible (Vulnerable code introduced later, all decryption in-memory, no transparent file decryption) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814627 NOTE: https://github.com/ansible/ansible/pull/68433 NOTE: https://github.com/ansible/ansible/commit/6452a82452f3a721233b50f62419598206442fd9 NOTE: Introduced in https://github.com/ansible/ansible/commit/cdf6e3e4bf44fdab62c2e4ccd3f5fd67ea554548 (2.1) CVE-2020-10684 (A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9. ...) {DSA-4950-1} - ansible 2.9.7+dfsg-1 [stretch] - ansible (Vulnerable code introduced later, 'ansible_facts' variable not exposed) [jessie] - ansible (Vulnerable code introduced later, 'ansible_facts' variable not exposed) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1815519 NOTE: https://github.com/ansible/ansible/pull/68431 NOTE: https://github.com/ansible/ansible/commit/a9d2ceafe429171c0e2ad007058b88bae57c74ce CVE-2020-10683 (dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and Ext ...) {DLA-2191-1} - dom4j 2.1.3-1 (bug #958055) [buster] - dom4j (Minor issue) [stretch] - dom4j (Minor issue) NOTE: https://github.com/dom4j/dom4j/commit/1707bf3d898a8ada3b213acb0e3b38f16eaae73d (the fix?) NOTE: https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658 (post-fix refactor?) CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...) NOT-FOR-US: CMS Made Simple CVE-2020-10681 (The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd fi ...) NOT-FOR-US: CMS Made Simple CVE-2020-10680 RESERVED CVE-2020-10679 RESERVED CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-premises A ...) NOT-FOR-US: Octopus Deploy CVE-2020-10677 RESERVED CVE-2020-10676 RESERVED CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows attacker ...) - golang-github-buger-jsonparser 0.0~git20200322.0.f7e751e-1 (bug #954373) [buster] - golang-github-buger-jsonparser (Minor issue) NOTE: https://github.com/buger/jsonparser/issues/188 NOTE: https://github.com/buger/jsonparser/commit/91ac96899e492584984ded0c8f9a08f10b473717 CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2153-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2660 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2153-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2659 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missi ...) NOT-FOR-US: Canon CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10669 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...) NOT-FOR-US: Canon CVE-2020-10666 (The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXa ...) NOT-FOR-US: FreePBX CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...) - libperlspeak-perl (bug #954238) [jessie] - libperlspeak-perl (Not supported in jessie LTS) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=132173 CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTE ...) NOT-FOR-US: Docker Desktop on Windows CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 ...) NOT-FOR-US: VxWorks CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...) {DSA-4721-1 DLA-2192-1 DLA-2190-1} - ruby-json 2.3.0+dfsg-1 [buster] - ruby-json 2.1.0+dfsg-2+deb10u1 [stretch] - ruby-json 2.0.1+dfsg-3+deb9u1 - ruby2.7 (Fixed before initial upload to Debian) - ruby2.5 - ruby2.3 [stretch] - ruby2.3 2.3.3-1+deb9u8 - ruby2.1 NOTE: https://www.ruby-lang.org/en/news/2020/03/19/json-dos-cve-2020-10663/ NOTE: https://hackerone.com/reports/706934 NOTE: https://github.com/ruby/ruby/commit/36e9ed7fef6eb2d14becf6c52452e4ab16e4bf01 (2.6.6) NOTE: https://github.com/ruby/ruby/commit/b379ecd8b6832dfcd5dad353b6bfd41701e2d678 (2.5.8) CVE-2020-10662 RESERVED CVE-2020-10661 (HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may ...) NOT-FOR-US: HashiCorp Vault CVE-2020-10660 (HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, ...) NOT-FOR-US: HashiCorp Vault CVE-2020-10659 (Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows ...) NOT-FOR-US: Entrust Entelligence Security Provider (ESP) CVE-2020-10658 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2020-10657 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2020-10656 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2020-10655 (The Proofpoint Insider Threat Management Server (formerly ObserveIT Se ...) NOT-FOR-US: Proofpoint Insider Threat Management Server CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...) NOT-FOR-US: Ping Identity PingID CVE-2020-10653 RESERVED CVE-2020-10652 RESERVED CVE-2020-10651 RESERVED CVE-2020-10650 RESERVED CVE-2020-10649 (DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 ...) NOT-FOR-US: ASUS Device Activation CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...) - u-boot 2020.04+dfsg-1 [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/5 NOTE: https://labs.f-secure.com/advisories/das-u-boot-verified-boot-bypass/ NOTE: https://lists.denx.de/pipermail/u-boot/2020-March/403409.html CVE-2020-10647 REJECTED CVE-2020-10646 (Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a h ...) NOT-FOR-US: Fuji Electric V-Server Lite CVE-2020-10645 RESERVED CVE-2020-10644 (The affected product lacks proper validation of user-supplied data, wh ...) NOT-FOR-US: Inductive Automation Ignition CVE-2020-10643 (An authenticated remote attacker could use specially crafted URLs to s ...) NOT-FOR-US: PI Vision CVE-2020-10642 (In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an a ...) NOT-FOR-US: Rockwell CVE-2020-10641 (An unprotected logging route may allow an attacker to write endless lo ...) NOT-FOR-US: Inductive Automation CVE-2020-10640 RESERVED CVE-2020-10639 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) NOT-FOR-US: Eaton HMiSoft VU3 CVE-2020-10638 (Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Mult ...) NOT-FOR-US: Advantech WebAccess Node CVE-2020-10637 (Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and p ...) NOT-FOR-US: Eaton HMiSoft VU3 CVE-2020-10636 RESERVED CVE-2020-10635 RESERVED CVE-2020-10634 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted ...) NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists in eW ...) NOT-FOR-US: eWON Flexy and Cosy CVE-2020-10632 RESERVED CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10630 (SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does no ...) NOT-FOR-US: SAE IT-systems FW-50 Remote Telemetry Unit CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10628 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...) NOT-FOR-US: ControlEdge PLC CVE-2020-10627 (Insulet Omnipod Insulin Management System insulin pump product ID 1919 ...) NOT-FOR-US: Insulet Omnipod Insulin Management System CVE-2020-10626 (In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled sear ...) NOT-FOR-US: Fazecast jSerialComm CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10624 (ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R1 ...) NOT-FOR-US: ControlEdge PLC CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10622 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) NOT-FOR-US: LCDS LAquis SCADA CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10620 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication d ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10618 (LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vu ...) NOT-FOR-US: LCDS LAquis SCADA CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10616 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specif ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10615 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10614 (In OSIsoft PI System multiple products and versions, an authenticated ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10613 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10612 (Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicat ...) NOT-FOR-US: Opto 22 SoftPAC Project CVE-2020-10611 (Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41 ...) NOT-FOR-US: Triangle MicroWorks SCADA Data Gateway CVE-2020-10610 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10609 (Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may all ...) NOT-FOR-US: Grundfos CVE-2020-10608 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10607 (In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer ...) NOT-FOR-US: Advantech WebAccess CVE-2020-10606 (In OSIsoft PI System multiple products and versions, a local attacker ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10605 (Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests ...) NOT-FOR-US: Grundfos CIM CVE-2020-10604 (In OSIsoft PI System multiple products and versions, a remote, unauthe ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...) NOT-FOR-US: WebAccess/NMS CVE-2020-10602 (In OSIsoft PI System multiple products and versions, an authenticated ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-10600 (An authenticated remote attacker could crash PI Archive Subsystem when ...) NOT-FOR-US: OSIsoft PI System CVE-2020-10599 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-10598 (In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES ...) NOT-FOR-US: Pyxis CVE-2020-10597 (Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Mul ...) NOT-FOR-US: Insulet CVE-2020-10596 (OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS atta ...) NOT-FOR-US: OpenCart CVE-2020-10595 (pam-krb5 before 4.9 has a buffer overflow that might cause remote code ...) {DSA-4648-1 DLA-2166-1} - libpam-krb5 4.9-1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/31/1 CVE-2020-10594 (An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows att ...) NOT-FOR-US: drf-jwt CVE-2020-10593 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) - tor 0.4.2.7-1 [buster] - tor (Only affects tor 0.4.0.1-alpha onwards) [stretch] - tor (Only affects tor 0.4.0.1-alpha onwards) [jessie] - tor (Only affects tor 0.4.0.1-alpha onwards) NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 NOTE: https://bugs.torproject.org/33619 CVE-2020-10592 (Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 ...) {DSA-4644-1} - tor 0.4.2.7-1 [stretch] - tor (See DSA 4644) [jessie] - tor (Not supported in jessie LTS) NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 NOTE: https://bugs.torproject.org/33120 CVE-2020-10591 (An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Ac ...) NOT-FOR-US: Walmart Labs Concord CVE-2020-10590 (Replicated Classic 2.x versions have an improperly secured API that ex ...) NOT-FOR-US: Replicated Classic CVE-2020-10589 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) NOT-FOR-US: v2rayL CVE-2020-10588 (v2rayL 2.1.3 allows local users to achieve root access because /etc/v2 ...) NOT-FOR-US: v2rayL CVE-2020-10587 (antiX and MX Linux allow local users to achieve root access via "persi ...) NOT-FOR-US: antiX and MX Linux CVE-2020-10586 RESERVED CVE-2020-10585 RESERVED CVE-2020-10584 (A directory traversal on the /admin/search_by.php script of Invigo Aut ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10583 (The /admin/admapi.php script of Invigo Automatic Device Management (AD ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10582 (A SQL injection on the /admin/display_errors.php script of Invigo Auto ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10581 (Multiple session validity check issues in several administration funct ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10580 (A command injection on the /admin/broadcast.php script of Invigo Autom ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10579 (A directory traversal on the /admin/sysmon.php script of Invigo Automa ...) NOT-FOR-US: Invigo Automatic Device Management (ADM) CVE-2020-10578 (An arbitrary file read vulnerability exists in system/controller/backe ...) NOT-FOR-US: QCMS CVE-2020-10577 (An issue was discovered in Janus through 0.9.1. janus.c has multiple c ...) - janus 0.9.2-1 (bug #954668) NOTE: https://github.com/meetecho/janus-gateway/pull/1990 CVE-2020-10576 (An issue was discovered in Janus through 0.9.1. plugins/janus_voicemai ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1993 CVE-2020-10575 (An issue was discovered in Janus through 0.9.1. plugins/janus_videocal ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1994 CVE-2020-10574 (An issue was discovered in Janus through 0.9.1. janus.c tries to use a ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1989 CVE-2020-10573 (An issue was discovered in Janus through 0.9.1. janus_audiobridge.c ha ...) - janus 0.9.1+20200313-1 NOTE: https://github.com/meetecho/janus-gateway/pull/1988 CVE-2020-10572 RESERVED CVE-2020-10571 (An issue was discovered in psd-tools before 1.9.4. The Cython implemen ...) NOT-FOR-US: psd-tools CVE-2020-10570 (The Telegram application through 5.12 for Android, when Show Popup is ...) NOT-FOR-US: Telegram for Android CVE-2020-10569 (** DISPUTED ** SysAid On-Premise 20.1.11, by default, allows the AJP p ...) NOT-FOR-US: SysAid On-Premise CVE-2020-10568 (The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for Word ...) NOT-FOR-US: sitepress-multilingual-cms (WPML) plugin for WordPress CVE-2020-10567 (An issue was discovered in Responsive Filemanager through 9.14.0. In t ...) NOT-FOR-US: Responsive Filemanager CVE-2020-10566 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) NOT-FOR-US: FreeBSD CVE-2020-10565 (grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-1 ...) NOT-FOR-US: FreeBSD CVE-2020-10564 (An issue was discovered in the File Upload plugin before 4.13.0 for Wo ...) NOT-FOR-US: File Upload plugin for WordPress CVE-2020-10563 (An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.ph ...) NOT-FOR-US: DEVOME GRR CVE-2020-10562 (An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.p ...) NOT-FOR-US: DEVOME GRR CVE-2020-10561 (An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_01 ...) NOT-FOR-US: Xiaomi CVE-2020-10560 (An issue was discovered in Open Source Social Network (OSSN) through 5 ...) NOT-FOR-US: Open Source Social Network (OSSN) CVE-2020-10559 RESERVED CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before ...) NOT-FOR-US: driving interface of Tesla Model 3 vehicles CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...) NOT-FOR-US: AContent CVE-2020-10556 RESERVED CVE-2020-10555 RESERVED CVE-2020-10554 (An issue was discovered in Psyprax beforee 3.2.2. Passwords used to en ...) NOT-FOR-US: Psyprax CVE-2020-10553 (An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA ...) NOT-FOR-US: Psyprax CVE-2020-10552 (An issue was discovered in Psyprax before 3.2.2. The Firebird database ...) NOT-FOR-US: Psyprax CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...) NOT-FOR-US: QQBrowser CVE-2020-10550 RESERVED CVE-2020-10549 (rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.p ...) NOT-FOR-US: rConfig CVE-2020-10548 (rConfig 3.9.4 and previous versions has unauthenticated devices.inc.ph ...) NOT-FOR-US: rConfig CVE-2020-10547 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...) NOT-FOR-US: rConfig CVE-2020-10546 (rConfig 3.9.4 and previous versions has unauthenticated compliancepoli ...) NOT-FOR-US: rConfig CVE-2020-10545 RESERVED CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFac ...) NOT-FOR-US: PrimeTek PrimeFaces CVE-2020-10543 (Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer over ...) - perl 5.30.3-1 (bug #962005) [buster] - perl 5.28.1-6+deb10u1 [stretch] - perl 5.24.1-3+deb9u7 NOTE: https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed (v5.30.3) CVE-2020-10542 RESERVED CVE-2020-10541 (Zoho ManageEngine OpManager before 12.4.179 allows remote code executi ...) NOT-FOR-US: Zoho ManageEngine OpManager CVE-2020-10540 (Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of ...) NOT-FOR-US: Untis WebUntis CVE-2020-10539 (An issue was discovered in Epikur before 20.1.1. The Epikur server con ...) NOT-FOR-US: Epikur CVE-2020-10538 (An issue was discovered in Epikur before 20.1.1. It stores the secret ...) NOT-FOR-US: Epikur CVE-2020-10537 (An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 serve ...) NOT-FOR-US: Epikur CVE-2020-10536 RESERVED CVE-2020-10534 (In the GlobalBlocking extension before 2020-03-10 for MediaWiki throug ...) NOT-FOR-US: MediaWiki extension CVE-2020-10535 (GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote at ...) - gitlab (Only affects Gitlab 12.8.x) NOTE: https://about.gitlab.com/releases/2020/03/11/critical-security-release-gitlab-12-dot-8-dot-6-released/ CVE-2020-10533 RESERVED CVE-2020-10532 (The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allo ...) NOT-FOR-US: AD Helper component in WatchGuard Fireware CVE-2020-10531 (An issue was discovered in International Components for Unicode (ICU) ...) {DSA-4646-1 DLA-2151-1} [experimental] - icu 66.1-2 - icu 63.2-3 (bug #953747) NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public) NOTE: Upstream ICU bug: https://unicode-org.atlassian.net/browse/ICU-20958 (private) NOTE: Fixed by: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca NOTE: https://github.com/unicode-org/icu/pull/971 CVE-2020-10530 RESERVED CVE-2020-10529 RESERVED CVE-2020-10528 RESERVED CVE-2020-10527 RESERVED CVE-2020-10526 RESERVED CVE-2020-10525 RESERVED CVE-2020-10524 RESERVED CVE-2020-10523 RESERVED CVE-2020-10522 RESERVED CVE-2020-10521 RESERVED CVE-2020-10520 RESERVED CVE-2020-10519 (A remote code execution vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: GitHub Enterprise Server CVE-2020-10518 (A remote code execution vulnerability was identified in GitHub Enterpr ...) NOT-FOR-US: GitHub Enterprise Server CVE-2020-10517 (An improper access control vulnerability was identified in GitHub Ente ...) NOT-FOR-US: GitHub Enterprise Server CVE-2020-10516 (An improper access control vulnerability was identified in the GitHub ...) NOT-FOR-US: GitHub Enterprise Server API CVE-2020-10515 (STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting ...) NOT-FOR-US: STARFACE UCC Client CVE-2020-10514 (iCatch DVR firmware before 20200103 do not validate function parameter ...) NOT-FOR-US: iCatch DVR CVE-2020-10513 (The file management interface of iCatch DVR firmware before 20200103 c ...) NOT-FOR-US: iCatch DVR CVE-2020-10512 (HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CC ...) NOT-FOR-US: HGiga C&Cmail CVE-2020-10511 (HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAIL ...) NOT-FOR-US: HGiga C&Cmail CVE-2020-10510 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10509 (Sunnet eHRD, a human training and development management system, conta ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10508 (Sunnet eHRD, a human training and development management system, impro ...) NOT-FOR-US: Sunnet eHRD CVE-2020-10507 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10506 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10505 (The School Manage System before 2020, developed by ALLE INFORMATION CO ...) NOT-FOR-US: The School Manage System CVE-2020-10504 (CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10503 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10502 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10501 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10500 (CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10499 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10498 (CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10497 (CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Lan ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10496 (CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10495 (CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10494 (CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10493 (CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Languag ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10492 (CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Lang ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10491 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10490 (CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10489 (CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Langua ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10488 (CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10487 (CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10486 (CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10485 (CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10484 (CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10483 (CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 a ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10482 (CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10481 (CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10480 (CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10479 (CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 a ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10478 (CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Langu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10477 (Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi- ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10476 (Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10475 (Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Mul ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10474 (Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10473 (Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10472 (Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard M ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10471 (Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Mu ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10470 (Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10469 (Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10468 (Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10467 (Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10466 (Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10465 (Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10464 (Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10463 (Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Mult ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10462 (Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-L ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10461 (The way comments in article.php (vulnerable function in include/functi ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10460 (admin/include/operations.php (via admin/email-harvester.php) in Chadha ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10459 (Path Traversal in admin/assetmanager/assetmanager.php (vulnerable func ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10458 (Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Sta ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10457 (Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10456 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10455 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10454 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10453 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10452 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10451 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10450 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10449 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10448 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10447 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10446 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10445 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10444 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10443 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10442 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10441 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10440 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10439 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10438 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10437 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10436 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10435 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10434 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10433 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10432 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10431 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10430 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10429 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10428 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10427 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10426 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10425 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10424 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10423 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10422 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10421 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10420 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10419 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10418 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10417 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10416 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10415 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10414 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10413 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10412 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10411 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10410 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10409 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10408 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10407 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10406 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10405 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10404 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10403 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10402 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10401 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10400 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10399 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10398 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10397 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10396 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10395 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10394 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10393 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10392 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10391 (The way URIs are handled in admin/header.php in Chadha PHPKB Standard ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10390 (OS Command Injection in export.php (vulnerable function called from in ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10389 (admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allo ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10388 (The way the Referer header in article.php is handled in Chadha PHPKB S ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10387 (Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-La ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10386 (admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Lang ...) NOT-FOR-US: Chadha PHPKB CVE-2020-10385 (A stored cross-site scripting (XSS) vulnerability exists in the WPForm ...) NOT-FOR-US: WPForms Contact Form plugin for WordPress CVE-2020-10384 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10383 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10382 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10381 (An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCON ...) NOT-FOR-US: MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...) - rmysql 0.10.20-1 [buster] - rmysql (Minor issue) [jessie] - rmysql (Minor issue) NOTE: Fixed by: https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32 NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40 CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...) - pillow 7.2.0-1 [buster] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) [stretch] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) [jessie] - pillow (Support for old-JPEG compressed TIFFs introduced in 6.0.0) NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: https://github.com/python-pillow/Pillow/pull/4507 NOTE: Fixed in 6.2.3 and 7.1.0 CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds rea ...) - pillow 7.2.0-1 [buster] - pillow 5.4.1-2+deb10u2 [stretch] - pillow (Vulnerable code not present) [jessie] - pillow (Vulnerable code not present) NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: https://github.com/python-pillow/Pillow/pull/4506 NOTE: https://github.com/python-pillow/Pillow/commit/124f4bb591e16212605d0e41c413ed53e242cba2 (Test) NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/6a83e4324738bb0452fbe8074a995b1c73f08de7 NOTE: https://github.com/python-pillow/Pillow/commit/ada137eba5b605fd5aeff619c33bbf0e53af26ee (Test) NOTE: Fixed in 6.2.3 and 7.1.0 CVE-2020-10377 (A weak encryption vulnerability in Mitel MiVoice Connect Client before ...) NOT-FOR-US: Mitel CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...) NOT-FOR-US: Technicolor CVE-2020-10375 (An issue was discovered in New Media Smarty before 9.10. Passwords are ...) NOT-FOR-US: New Media Smarty CVE-2020-10374 (A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG ...) NOT-FOR-US: PRTG Network Monitor CVE-2020-10373 RESERVED CVE-2020-10372 (Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XS ...) NOT-FOR-US: Ramp AltitudeCDN Altimeter CVE-2020-10371 RESERVED CVE-2020-10370 RESERVED CVE-2020-10369 RESERVED CVE-2020-10368 RESERVED CVE-2020-10367 RESERVED CVE-2020-10366 (LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a d ...) NOT-FOR-US: LogicalDoc CVE-2020-10365 (LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the ...) NOT-FOR-US: LogicalDoc CVE-2020-10364 (The SSH daemon on MikroTik routers through v6.44.3 could allow remote ...) NOT-FOR-US: SSH daemon on MikroTik routers CVE-2020-10363 RESERVED CVE-2020-10362 RESERVED CVE-2020-10361 RESERVED CVE-2020-10360 RESERVED CVE-2020-10359 RESERVED CVE-2020-10358 RESERVED CVE-2020-10357 RESERVED CVE-2020-10356 RESERVED CVE-2020-10355 RESERVED CVE-2020-10354 RESERVED CVE-2020-10353 RESERVED CVE-2020-10352 RESERVED CVE-2020-10351 RESERVED CVE-2020-10350 RESERVED CVE-2020-10349 RESERVED CVE-2020-10348 RESERVED CVE-2020-10347 RESERVED CVE-2020-10346 RESERVED CVE-2020-10345 RESERVED CVE-2020-10344 RESERVED CVE-2020-10343 RESERVED CVE-2020-10342 RESERVED CVE-2020-10341 RESERVED CVE-2020-10340 RESERVED CVE-2020-10339 RESERVED CVE-2020-10338 RESERVED CVE-2020-10337 RESERVED CVE-2020-10336 RESERVED CVE-2020-10335 RESERVED CVE-2020-10334 RESERVED CVE-2020-10333 RESERVED CVE-2020-10332 RESERVED CVE-2020-10331 RESERVED CVE-2020-10330 RESERVED CVE-2020-10329 RESERVED CVE-2020-10328 RESERVED CVE-2020-10327 RESERVED CVE-2020-10326 RESERVED CVE-2020-10325 RESERVED CVE-2020-10324 RESERVED CVE-2020-10323 RESERVED CVE-2020-10322 RESERVED CVE-2020-10321 RESERVED CVE-2020-10320 RESERVED CVE-2020-10319 RESERVED CVE-2020-10318 RESERVED CVE-2020-10317 RESERVED CVE-2020-10316 RESERVED CVE-2020-10315 RESERVED CVE-2020-10314 RESERVED CVE-2020-10313 RESERVED CVE-2020-10312 RESERVED CVE-2020-10311 RESERVED CVE-2020-10310 RESERVED CVE-2020-10309 RESERVED CVE-2020-10308 RESERVED CVE-2020-10307 RESERVED CVE-2020-10306 RESERVED CVE-2020-10305 RESERVED CVE-2020-10304 RESERVED CVE-2020-10303 RESERVED CVE-2020-10302 RESERVED CVE-2020-10301 RESERVED CVE-2020-10300 RESERVED CVE-2020-10299 RESERVED CVE-2020-10298 RESERVED CVE-2020-10297 RESERVED CVE-2020-10296 RESERVED CVE-2020-10295 RESERVED CVE-2020-10294 RESERVED CVE-2020-10293 RESERVED CVE-2020-10292 (Visual Components (owned by KUKA) is a robotic simulator that allows s ...) NOT-FOR-US: Visual Components CVE-2020-10291 (Visual Components (owned by KUKA) is a robotic simulator that allows s ...) NOT-FOR-US: Visual Components CVE-2020-10290 (Universal Robots controller execute URCaps (zip files containing Java- ...) NOT-FOR-US: Universal Robots controller CVE-2020-10289 (Use of unsafe yaml load. Allows instantiation of arbitrary objects. Th ...) {DLA-2357-1} - ros-actionlib 1.13.1-4 (bug #968830) [buster] - ros-actionlib 1.11.15-1+deb10u1 NOTE: https://github.com/ros/actionlib/pull/171 CVE-2020-10288 (IRC5 exposes an ftp server (port 21). Upon attempting to gain access y ...) NOT-FOR-US: ABB IRC5 CVE-2020-10287 (The IRC5 family with UAS service enabled comes by default with credent ...) NOT-FOR-US: ABB IRC5 CVE-2020-10286 (the main user account has restricted privileges but is in the sudoers ...) NOT-FOR-US: xArm CVE-2020-10285 (The authentication implementation on the xArm controller has very low ...) NOT-FOR-US: xArm CVE-2020-10284 (No authentication is required to control the robot inside the network, ...) NOT-FOR-US: xArm CVE-2020-10283 (The Micro Air Vehicle Link (MAVLink) protocol presents authentication ...) NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol CVE-2020-10282 (The Micro Air Vehicle Link (MAVLink) protocol presents no authenticati ...) NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol CVE-2020-10281 (This vulnerability applies to the Micro Air Vehicle Link (MAVLink) pro ...) NOT-FOR-US: Micro Air Vehicle Link (MAVLink) protocol CVE-2020-10280 (The Apache server on port 80 that host the web interface is vulnerable ...) NOT-FOR-US: MiR CVE-2020-10279 (MiR robot controllers (central computation unit) makes use of Ubuntu 1 ...) NOT-FOR-US: MiR CVE-2020-10278 (The BIOS onboard MiR's Computer is not protected by password, therefor ...) NOT-FOR-US: MiR CVE-2020-10277 (There is no mechanism in place to prevent a bad operator to boot from ...) NOT-FOR-US: MiR CVE-2020-10276 (The password for the safety PLC is the default and thus easy to find ( ...) NOT-FOR-US: Safety PLC CVE-2020-10275 (The access tokens for the REST API are directly derived from the publi ...) NOT-FOR-US: MiR CVE-2020-10274 (The access tokens for the REST API are directly derived (sha256 and ba ...) NOT-FOR-US: MiR CVE-2020-10273 (MiR controllers across firmware versions 2.8.1.1 and before do not enc ...) NOT-FOR-US: MiR CVE-2020-10272 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...) NOT-FOR-US: MiR CVE-2020-10271 (MiR100, MiR200 and other MiR robots use the Robot Operating System (RO ...) NOT-FOR-US: MiR CVE-2020-10270 (Out of the wired and wireless interfaces within MiR100, MiR200 and oth ...) NOT-FOR-US: MiR CVE-2020-10269 (One of the wireless interfaces within MiR100, MiR200 and possibly (acc ...) NOT-FOR-US: MiR CVE-2020-10268 (Critical services for operation can be terminated from windows task ma ...) NOT-FOR-US: Kuka CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...) NOT-FOR-US: Universal Robots control box CB CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...) NOT-FOR-US: Universal Robots+ CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, ...) NOT-FOR-US: Universal Robots+ CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards al ...) NOT-FOR-US: CB3 SW CVE-2020-10263 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Atta ...) NOT-FOR-US: XIAOMI CVE-2020-10262 (An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Att ...) NOT-FOR-US: XIAOMI CVE-2020-10261 RESERVED CVE-2020-10260 RESERVED CVE-2020-10259 RESERVED CVE-2020-10258 RESERVED CVE-2020-10257 (The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks acces ...) NOT-FOR-US: ThemeREX Addons plugin for WordPress CVE-2020-10256 (An issue was discovered in beta versions of the 1Password command-line ...) NOT-FOR-US: 1Password CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...) NOT-FOR-US: Hardware vulnerabliity in DDR4 DRAM chips CVE-2020-10254 (An issue was discovered in ownCloud before 10.4. An attacker can bypas ...) - owncloud CVE-2020-10253 RESERVED CVE-2020-10252 (An issue was discovered in ownCloud before 10.4. Because of an SSRF is ...) - owncloud CVE-2020-10251 (In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists withi ...) - imagemagick 8:6.9.11.24+dfsg-1 (low; bug #953741) [buster] - imagemagick (Minor issue) [stretch] - imagemagick (Vulnerable code introduced later with HEIC image format support) [jessie] - imagemagick (Vulnerable code introduced later with HEIC image format support) NOTE: https://github.com/ImageMagick/ImageMagick/issues/1859 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/868aad754ee599eb7153b84d610f2ecdf7b339f6 NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/3456724dff047db5adb32f8cf70c903c1b7d16d4 CVE-2020-10250 (BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitra ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10249 (BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10248 (BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwo ...) NOT-FOR-US: BWA DiREX-Pro devices CVE-2020-10247 (MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is ...) NOT-FOR-US: MISP CVE-2020-10246 (MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is ...) NOT-FOR-US: MISP CVE-2020-10245 (CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control run ...) NOT-FOR-US: CODESYS CVE-2020-10244 (JPaseto before 0.3.0 generates weak hashes when using v2.local tokens. ...) NOT-FOR-US: JPaseto CVE-2020-10243 (An issue was discovered in Joomla! before 3.9.16. The lack of type cas ...) NOT-FOR-US: Joomla! CVE-2020-10242 (An issue was discovered in Joomla! before 3.9.16. Inadequate handling ...) NOT-FOR-US: Joomla! CVE-2020-10241 (An issue was discovered in Joomla! before 3.9.16. Missing token checks ...) NOT-FOR-US: Joomla! CVE-2020-10240 (An issue was discovered in Joomla! before 3.9.16. Missing length check ...) NOT-FOR-US: Joomla! CVE-2020-10239 (An issue was discovered in Joomla! before 3.9.16. Incorrect Access Con ...) NOT-FOR-US: Joomla! CVE-2020-10238 (An issue was discovered in Joomla! before 3.9.16. Various actions in c ...) NOT-FOR-US: Joomla! CVE-2020-10237 (An issue was discovered in Froxlor through 0.10.15. The installer wrot ...) NOT-FOR-US: Froxlor CVE-2020-10236 (An issue was discovered in Froxlor before 0.10.14. It created files wi ...) NOT-FOR-US: Froxlor CVE-2020-10235 (An issue was discovered in Froxlor before 0.10.14. Remote attackers wi ...) NOT-FOR-US: Froxlor CVE-2020-10234 (The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 1 ...) NOT-FOR-US: IObit Advanced SystemCare CVE-2020-10233 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap- ...) - sleuthkit (unimportant) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1829 NOTE: Crash in CLI tool, no security impact CVE-2020-10232 (In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack ...) {DLA-2137-1} - sleuthkit 4.9.0+dfsg-2 (low; bug #953976) [buster] - sleuthkit 4.6.5-1+deb10u1 [stretch] - sleuthkit (Minor issue) NOTE: https://github.com/sleuthkit/sleuthkit/issues/1836 NOTE: https://github.com/sleuthkit/sleuthkit/commit/459ae818fc8dae717549810150de4d191ce158f1 CVE-2020-10231 (TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_17 ...) NOT-FOR-US: TP-Link CVE-2020-10230 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) al ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-10229 (A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unw ...) NOT-FOR-US: vtecrm vtenext CVE-2020-10228 (A file upload vulnerability in vtecrm vtenext 19 CE allows authenticat ...) NOT-FOR-US: vtecrm vtenext CVE-2020-10227 (A cross-site scripting (XSS) vulnerability in the messages module of v ...) NOT-FOR-US: vtecrm vtenext CVE-2020-10226 RESERVED CVE-2020-10225 (An unauthenticated file upload vulnerability has been identified in ad ...) NOT-FOR-US: PHPGurukul Job Portal CVE-2020-10224 (An unauthenticated file upload vulnerability has been identified in ad ...) NOT-FOR-US: PHPGurukul Online Book Store CVE-2020-10223 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode ...) NOT-FOR-US: npdf.dll in Nitro Pro CVE-2020-10222 (npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corrupt ...) NOT-FOR-US: npdf.dll in Nitro Pro CVE-2020-10221 (lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows re ...) NOT-FOR-US: rConfig CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interface is ...) NOT-FOR-US: rConfig CVE-2020-10219 RESERVED CVE-2020-10218 (A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 ...) NOT-FOR-US: Sapplica Sentrifugo CVE-2020-10217 RESERVED CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10215 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10214 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is ...) NOT-FOR-US: D-Link CVE-2020-10213 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) NOT-FOR-US: D-Link CVE-2020-10212 (upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via ...) NOT-FOR-US: Responsive FileManager CVE-2020-10211 (A remote code execution vulnerability in UCB component of Mitel MiVoic ...) NOT-FOR-US: Mitel CVE-2020-10210 (Because of hard-coded SSH keys for the root user in Amino Communicatio ...) NOT-FOR-US: Amino Communications CVE-2020-10209 (Command Injection in the CPE WAN Management Protocol (CWMP) registrati ...) NOT-FOR-US: Amino Communications CVE-2020-10208 (Command Injection in EntoneWebEngine in Amino Communications AK45x ser ...) NOT-FOR-US: Amino Communications CVE-2020-10207 (Use of Hard-coded Credentials in EntoneWebEngine in Amino Communicatio ...) NOT-FOR-US: Amino Communications CVE-2020-10206 (Use of a Hard-coded Password in VNCserver in Amino Communications AK45 ...) NOT-FOR-US: Amino Communications CVE-2020-10205 RESERVED CVE-2020-10204 (Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution. ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10203 (Sonatype Nexus Repository before 3.21.2 allows XSS. ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10202 RESERVED CVE-2020-10201 RESERVED CVE-2020-10200 RESERVED CVE-2020-10199 (Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue ...) NOT-FOR-US: Sonatype Nexus Repository CVE-2020-10198 RESERVED CVE-2020-10197 RESERVED CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 for Wor ...) NOT-FOR-US: popup-builder plugin for WordPress CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...) NOT-FOR-US: popup-builder plugin for WordPress CVE-2020-10194 (cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8. ...) NOT-FOR-US: Zimbra CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...) NOT-FOR-US: ESET Archive Support Module CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...) NOT-FOR-US: Munkireport CVE-2020-10191 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) NOT-FOR-US: Munkireport CVE-2020-10190 (An issue was discovered in MunkiReport before 5.3.0. An authenticated ...) NOT-FOR-US: Munkireport CVE-2020-10189 (Zoho ManageEngine Desktop Central before 10.0.474 allows remote code e ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-10188 (utility.c in telnetd in netkit telnet through 0.17 allows remote attac ...) {DLA-2341-1 DLA-2176-1} - inetutils 2:1.9.4-12 (bug #956084) [buster] - inetutils 2:1.9.4-7+deb10u1 - netkit-telnet 0.17-18woody2 (bug #953477) - netkit-telnet-ssl 0.17.17+0.1-2woody3 (bug #953478) NOTE: https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html NOTE: https://github.com/marado/netkit-telnet-ssl/issues/5 NOTE: https://lists.gnu.org/archive/html/bug-inetutils/2020-04/msg00010.html NOTE: Patch in Fedora: https://src.fedoraproject.org/rpms/telnet/raw/master/f/telnet-0.17-overflow-exploit.patch CVE-2020-10187 (Doorkeeper version 5.0.0 and later contains an information disclosure ...) - ruby-doorkeeper 5.0.3-1 (bug #959903) [buster] - ruby-doorkeeper (Vulnerable code not present) [stretch] - ruby-doorkeeper (Vulnerable code not present) NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/25d038022c2fcad45af5b73f9d003cf38ff491f6 NOTE: https://github.com/doorkeeper-gem/doorkeeper/security/advisories/GHSA-j7vx-8mqj-cqp9 NOTE: Introduced in https://github.com/doorkeeper-gem/doorkeeper/commit/4acc923dc77fa00928268136f54136d5a6a865dc (v5.0.0.rc1) CVE-2020-10186 RESERVED CVE-2020-10185 (The sync endpoint in YubiKey Validation Server before 2.40 allows remo ...) {DLA-2141-1} - yubikey-val [buster] - yubikey-val (Minor issue) [stretch] - yubikey-val (Minor issue) NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 CVE-2020-10184 (The verify endpoint in YubiKey Validation Server before 2.40 does not ...) {DLA-2141-1} - yubikey-val [buster] - yubikey-val (Minor issue) [stretch] - yubikey-val (Minor issue) NOTE: https://www.yubico.com/support/security-advisories/ysa-2020-01/ NOTE: https://github.com/Yubico/yubikey-val/commit/d0e4db3245deb5ce0c8d7d26069c78071a140286 CVE-2020-10183 RESERVED CVE-2020-10182 RESERVED CVE-2020-10181 (goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4. ...) NOT-FOR-US: Sumavision Enhanced Multimedia Router CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...) NOT-FOR-US: ESET AV parsing engine CVE-2020-10179 RESERVED CVE-2020-10178 REJECTED CVE-2020-10177 (Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/Fli ...) {DLA-2317-1} - pillow 7.2.0-1 [buster] - pillow 5.4.1-2+deb10u2 NOTE: https://github.com/python-pillow/Pillow/pull/4503 NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: Fixed in 6.2.3 and 7.1.0 CVE-2020-10176 (ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow E ...) NOT-FOR-US: ASSA ABLOY Yale WIPC-301W CVE-2020-10175 REJECTED CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely ...) - timeshift 20.03+ds-1 (bug #953385) [buster] - timeshift 19.01+ds-2+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/06/3 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1165802 NOTE: https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462 CVE-2020-10173 (Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Mult ...) NOT-FOR-US: Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices CVE-2020-10172 RESERVED CVE-2020-10171 RESERVED CVE-2020-10170 RESERVED CVE-2020-10169 RESERVED CVE-2020-10168 RESERVED CVE-2020-10167 RESERVED CVE-2020-10166 RESERVED CVE-2020-10165 RESERVED CVE-2020-10164 RESERVED CVE-2020-10163 RESERVED CVE-2020-10162 RESERVED CVE-2020-10161 RESERVED CVE-2020-10160 RESERVED CVE-2020-10159 RESERVED CVE-2020-10158 RESERVED CVE-2020-10157 RESERVED CVE-2020-10156 RESERVED CVE-2020-10155 RESERVED CVE-2020-10154 RESERVED CVE-2020-10153 RESERVED CVE-2020-10152 RESERVED CVE-2020-10151 RESERVED CVE-2020-10150 RESERVED CVE-2020-10149 RESERVED CVE-2020-10148 (The SolarWinds Orion API is vulnerable to an authentication bypass tha ...) NOT-FOR-US: SolarWinds CVE-2020-10147 RESERVED CVE-2020-10146 (The Microsoft Teams online service contains a stored cross-site script ...) NOT-FOR-US: Microsoft Teams CVE-2020-10145 (The Adobe ColdFusion installer fails to set a secure access-control li ...) NOT-FOR-US: Adobe CVE-2020-10144 RESERVED CVE-2020-10143 (Macrium Reflect includes an OpenSSL component that specifies an OPENSS ...) NOT-FOR-US: Macrium Reflect CVE-2020-10142 RESERVED CVE-2020-10141 RESERVED CVE-2020-10140 (Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramDa ...) NOT-FOR-US: Acronis CVE-2020-10139 (Acronis True Image 2021 includes an OpenSSL component that specifies a ...) NOT-FOR-US: Acronis CVE-2020-10138 (Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL comp ...) NOT-FOR-US: Acronis CVE-2020-10137 RESERVED CVE-2020-10136 (Multiple products that implement the IP Encapsulation within IP standa ...) NOT-FOR-US: Cisco CVE-2020-10135 (Legacy pairing and secure-connections pairing authentication in Blueto ...) NOTE: Bluetooth protocol issue CVE-2020-10134 (Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthe ...) NOTE: Bluetooth protocol issue CVE-2020-10133 RESERVED CVE-2020-10132 RESERVED CVE-2020-10131 RESERVED CVE-2020-10130 RESERVED CVE-2020-10129 RESERVED CVE-2020-10128 RESERVED CVE-2020-10127 RESERVED CVE-2020-10126 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-10125 (NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 51 ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-10124 (NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authentic ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-10123 (The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-10122 (cPanel before 84.0.20 allows a webmail or demo account to delete arbit ...) NOT-FOR-US: cPanel CVE-2020-10121 (cPanel before 84.0.20 allows a demo account to achieve code execution ...) NOT-FOR-US: cPanel CVE-2020-10120 (cPanel before 84.0.20 allows resellers to achieve remote code executio ...) NOT-FOR-US: cPanel CVE-2020-10119 (cPanel before 84.0.20 allows a demo account to achieve remote code exe ...) NOT-FOR-US: cPanel CVE-2020-10118 (cPanel before 84.0.20 allows a demo account to modify files via Brandi ...) NOT-FOR-US: cPanel CVE-2020-10117 (cPanel before 84.0.20 mishandles enforcement of demo checks in the Mar ...) NOT-FOR-US: cPanel CVE-2020-10116 (cPanel before 84.0.20 allows attackers to bypass intended restrictions ...) NOT-FOR-US: cPanel CVE-2020-10115 (cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code ex ...) NOT-FOR-US: cPanel CVE-2020-10114 (cPanel before 84.0.20 allows stored self-XSS via the HTML file editor ...) NOT-FOR-US: cPanel CVE-2020-10113 (cPanel before 84.0.20 allows self XSS via a temporary character-set sp ...) NOT-FOR-US: cPanel CVE-2020-10112 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poison ...) NOT-FOR-US: Citrix CVE-2020-10111 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent ...) NOT-FOR-US: Citrix CVE-2020-10110 (** DISPUTED ** Citrix Gateway 11.1, 12.0, and 12.1 allows Information ...) NOT-FOR-US: Citrix CVE-2020-10109 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) {DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted (Minor issue) [stretch] - twisted (Minor issue) NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 CVE-2020-10108 (In Twisted Web through 19.10.0, there was an HTTP request splitting vu ...) {DLA-2145-1} - twisted 18.9.0-7 (bug #953950) [buster] - twisted (Minor issue) [stretch] - twisted (Minor issue) NOTE: https://know.bishopfox.com/advisories/twisted-version-19.10.0#INOR NOTE: https://github.com/twisted/twisted/commit/4a7d22e490bb8ff836892cc99a1f54b85ccb0281 CVE-2020-10107 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XS ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2020-10106 (PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injec ...) NOT-FOR-US: PHPGurukul Daily Expense Tracker System CVE-2020-10105 (An issue was discovered in Zammad 3.0 through 3.2. It returns source c ...) - zammad (bug #841355) CVE-2020-10104 (An issue was discovered in Zammad 3.0 through 3.2. After authenticatio ...) - zammad (bug #841355) CVE-2020-10103 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10102 (An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password ...) - zammad (bug #841355) CVE-2020-10101 (An issue was discovered in Zammad 3.0 through 3.2. The WebSocket serve ...) - zammad (bug #841355) CVE-2020-10100 (An issue was discovered in Zammad 3.0 through 3.2. It allows for users ...) - zammad (bug #841355) CVE-2020-10099 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10098 (An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code ...) - zammad (bug #841355) CVE-2020-10097 (An issue was discovered in Zammad 3.0 through 3.2. It may respond with ...) - zammad (bug #841355) CVE-2020-10096 (An issue was discovered in Zammad 3.0 through 3.2. It does not prevent ...) - zammad (bug #841355) CVE-2020-10095 RESERVED CVE-2020-10094 (A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW7 ...) NOT-FOR-US: Lexmark CVE-2020-10093 (A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series in ...) NOT-FOR-US: Lexmark CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...) - gitlab (Only affects Gitlab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...) - gitlab (Only affects Gitlab 12.3.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain con ...) - gitlab (Only affects Gitlab 12.7 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of servi ...) - gitlab (Only affects Gitlab 12.2 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation re ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting v ...) - gitlab (Only affects Gitlab 12.1 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error h ...) - gitlab (Only affects Gitlab 12.5 and later) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-10072 (Improper Handling of Insufficient Permissions or Privileges in zephyr. ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10071 (The Zephyr MQTT parsing code performs insufficient checking of the len ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10070 (In the Zephyr Project MQTT code, improper bounds checking can result i ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10069 (Zephyr Bluetooth unchecked packet data results in denial of service. Z ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10068 (In the Zephyr project Bluetooth subsystem, certain duplicate and back- ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10067 (A malicious userspace application can cause a integer overflow and byp ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10066 (Incorrect Error Handling in Bluetooth HCI core. Zephyr versions >= ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10065 (Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10064 (Improper Input Frame Validation in ieee802154 Processing. Zephyr versi ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10063 (A remote adversary with the ability to send arbitrary CoAP packets to ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10062 (An off-by-one error in the Zephyr project MQTT packet length decoder c ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10061 (Improper handling of the full-buffer case in the Zephyr Bluetooth impl ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10060 (In updatehub_probe, right after JSON parsing is complete, objects\[1] ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10059 (The UpdateHub module disables DTLS peer checking, which allows for a m ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10058 (Multiple syscalls in the Kscan subsystem perform insufficient argument ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broke ...) NOT-FOR-US: GeniXCMS CVE-2020-10056 (A vulnerability has been identified in License Management Utility (LMU ...) NOT-FOR-US: Siemens CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...) NOT-FOR-US: Desigo CVE-2020-10054 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10053 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10052 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10051 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10050 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10049 (A vulnerability has been identified in SIMATIC RTLS Locating Manager ( ...) NOT-FOR-US: Siemens CVE-2020-10048 (A vulnerability has been identified in SIMATIC PCS 7 (All versions), S ...) NOT-FOR-US: Siemens CVE-2020-10047 RESERVED CVE-2020-10046 RESERVED CVE-2020-10045 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10044 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10043 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10042 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10041 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10040 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10039 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10038 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10037 (A vulnerability has been identified in SICAM MMU (All versions < V2 ...) NOT-FOR-US: Siemens CVE-2020-10036 RESERVED CVE-2020-10035 RESERVED CVE-2020-10034 RESERVED CVE-2020-10033 RESERVED CVE-2020-10032 RESERVED CVE-2020-10031 RESERVED CVE-2020-10030 (An issue has been found in PowerDNS Recursor 4.1.0 up to and including ...) - pdns-recursor 4.3.1-1 (unimportant) NOTE: https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2020-03.html NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/3 NOTE: Non exploitable on Linux CVE-2020-10029 (The GNU C Library (aka glibc or libc6) before 2.32 could overflow an o ...) - glibc 2.30-1 (bug #953108) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25487 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9333498794cde1d5cca518badf79533a24114b6f NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c10acd40262486dac597001aecc20ad9d3bd0e4a CVE-2020-9999 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9998 RESERVED CVE-2020-9997 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-9996 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9995 (An issue existed in the parsing of URLs. This issue was addressed with ...) NOT-FOR-US: Apple CVE-2020-9994 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2020-9993 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2020-9992 (This issue was addressed by encrypting communications over the network ...) NOT-FOR-US: Apple CVE-2020-9991 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: sqlite3 as used by Apple NOTE: No details available due to typical Apple intransparency CVE-2020-9990 (A race condition was addressed with additional validation. This issue ...) NOT-FOR-US: Apple CVE-2020-9989 (The issue was addressed with improved deletion. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9988 (The issue was addressed with improved deletion. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9987 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-9986 (A file access issue existed with certain home folder files. This was a ...) NOT-FOR-US: Apple CVE-2020-9985 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9984 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9983 (An out-of-bounds write issue was addressed with improved bounds checki ...) {DSA-4797-1} - webkit2gtk 2.30.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.30.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0008.html CVE-2020-9982 (This issue was addressed with improved checks to prevent unauthorized ...) NOT-FOR-US: Apple CVE-2020-9981 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9980 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9979 (A trust issue was addressed by removing a legacy API. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-9978 (This issue was addressed with improved setting propagation. This issue ...) NOT-FOR-US: Apple CVE-2020-9977 (A validation issue existed in the entitlement verification. This issue ...) NOT-FOR-US: Apple CVE-2020-9976 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9975 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9974 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9973 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9972 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9971 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-9970 RESERVED CVE-2020-9969 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2020-9968 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9967 (Multiple memory corruption issues were addressed with improved input v ...) NOT-FOR-US: Apple CVE-2020-9966 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9965 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9964 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-9963 (The issue was addressed with improved handling of icon caches. This is ...) NOT-FOR-US: Apple CVE-2020-9962 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2020-9961 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9960 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9959 (A lock screen issue allowed access to messages on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2020-9958 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9957 RESERVED CVE-2020-9956 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9955 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9954 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9953 RESERVED CVE-2020-9952 (An input validation issue was addressed with improved input validation ...) {DSA-4739-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0008.html CVE-2020-9951 (A use after free issue was addressed with improved memory management. ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0008.html CVE-2020-9950 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9949 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9948 (A type confusion issue was addressed with improved memory handling. Th ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0008.html CVE-2020-9947 (A use after free issue was addressed with improved memory management. ...) {DSA-4797-1} - webkit2gtk 2.30.1-1 [stretch] - webkit2gtk (Not covered by security support in stretch) - wpewebkit 2.30.0-1 NOTE: https://webkitgtk.org/security/WSA-2021-0002.html CVE-2020-9946 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9945 (A spoofing issue existed in the handling of URLs. This issue was addre ...) NOT-FOR-US: Apple CVE-2020-9944 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9943 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9942 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-9941 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9940 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9939 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9938 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9937 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9936 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9935 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9934 (An issue existed in the handling of environment variables. This issue ...) NOT-FOR-US: Apple CVE-2020-9933 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2020-9932 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2020-9931 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9930 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9929 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-9928 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2020-9927 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9926 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9925 (A logic issue was addressed with improved state management. This issue ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9924 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9923 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-9922 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9921 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-9920 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2020-9919 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9918 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9917 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9916 (A URL Unicode encoding issue was addressed with improved state managem ...) NOT-FOR-US: Apple CVE-2020-9915 (An access issue existed in Content Security Policy. This issue was add ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9914 (An input validation issue existed in Bluetooth. This issue was address ...) NOT-FOR-US: Apple CVE-2020-9913 (This issue was addressed with improved data protection. This issue is ...) NOT-FOR-US: Apple CVE-2020-9912 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Safari CVE-2020-9911 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Safari CVE-2020-9910 (Multiple issues were addressed with improved logic. This issue is fixe ...) NOT-FOR-US: Safari CVE-2020-9909 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9908 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9907 (A memory corruption issue was addressed by removing the vulnerable cod ...) NOT-FOR-US: Apple CVE-2020-9906 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9905 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2020-9904 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9903 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Safari CVE-2020-9902 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9901 (An issue existed within the path validation logic for symlinks. This i ...) NOT-FOR-US: Apple CVE-2020-9900 (An issue existed within the path validation logic for symlinks. This i ...) NOT-FOR-US: Apple CVE-2020-9899 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9898 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2020-9897 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-9896 RESERVED CVE-2020-9895 (A use after free issue was addressed with improved memory management. ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9894 (An out-of-bounds read was addressed with improved input validation. Th ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9893 (A use after free issue was addressed with improved memory management. ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9892 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-9891 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9890 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9889 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9888 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9887 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9886 RESERVED CVE-2020-9885 (An issue existed in the handling of iMessage tapbacks. The issue was r ...) NOT-FOR-US: Apple CVE-2020-9884 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9883 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9882 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9881 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9880 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2020-9879 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9878 (A buffer overflow issue was addressed with improved memory handling. T ...) NOT-FOR-US: Apple CVE-2020-9877 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9876 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9875 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-9874 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9873 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9872 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9871 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9870 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-9869 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-9868 (A certificate validation issue existed when processing administrator a ...) NOT-FOR-US: Apple CVE-2020-9867 RESERVED CVE-2020-9866 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2020-9865 (A memory corruption issue was addressed by removing the vulnerable cod ...) NOT-FOR-US: Apple CVE-2020-9864 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9863 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-9862 (A command injection issue existed in Web Inspector. This issue was add ...) {DSA-4739-1} - webkit2gtk 2.28.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0007.html CVE-2020-9861 (A stack overflow issue existed in Swift for Linux. The issue was addre ...) NOT-FOR-US: Swift (different from src:swift) CVE-2020-9860 (A custom URL scheme handling issue was addressed with improved input v ...) NOT-FOR-US: Apple CVE-2020-9859 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2020-9858 (A dynamic library loading issue was addressed with improved path searc ...) NOT-FOR-US: Apple CVE-2020-9857 (An issue existed in the parsing of URLs. This issue was addressed with ...) NOT-FOR-US: Safari CVE-2020-9856 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9855 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2020-9854 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-9853 (A memory corruption issue was addressed with improved validation. This ...) NOT-FOR-US: Apple CVE-2020-9852 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-9851 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2020-9850 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9849 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: sqlite3 as used by Apple NOTE: No details available due to typical Apple intransparency CVE-2020-9848 (An authorization issue was addressed with improved state management. T ...) NOT-FOR-US: Apple CVE-2020-9847 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9846 RESERVED CVE-2020-9845 RESERVED CVE-2020-9844 (A double free issue was addressed with improved memory management. Thi ...) NOT-FOR-US: Apple CVE-2020-9843 (An input validation issue was addressed with improved input validation ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9842 (An entitlement parsing issue was addressed with improved parsing. This ...) NOT-FOR-US: Apple CVE-2020-9841 (An integer overflow was addressed through improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-9840 (In SwiftNIO Extras before 1.4.1, a logic issue was addressed with impr ...) NOT-FOR-US: SwiftNIO Extras CVE-2020-9839 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2020-9838 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9837 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9836 RESERVED CVE-2020-9835 (An issue existed in the pausing of FaceTime video. The issue was resol ...) NOT-FOR-US: Apple CVE-2020-9834 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9833 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-9832 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9831 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9830 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9829 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-9828 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9827 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9826 (A denial of service issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9825 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2020-9824 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9823 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-9822 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9821 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9820 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9819 (A memory consumption issue was addressed with improved memory handling ...) NOT-FOR-US: Apple CVE-2020-9818 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9817 (A permissions issue existed. This issue was addressed with improved pe ...) NOT-FOR-US: Apple CVE-2020-9816 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9815 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9814 (A logic issue existed resulting in memory corruption. This was address ...) NOT-FOR-US: Apple CVE-2020-9813 (A logic issue existed resulting in memory corruption. This was address ...) NOT-FOR-US: Apple CVE-2020-9812 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-9811 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-9810 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9809 (An information disclosure issue was addressed with improved state mana ...) NOT-FOR-US: Apple CVE-2020-9808 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-9807 (A memory corruption issue was addressed with improved state management ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9806 (A memory corruption issue was addressed with improved state management ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9805 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9804 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9803 (A memory corruption issue was addressed with improved validation. This ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9802 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4724-1} - webkit2gtk 2.28.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.3-1 NOTE: https://webkitgtk.org/security/WSA-2020-0006.html CVE-2020-9801 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9800 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2020-9799 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-9798 RESERVED CVE-2020-9797 (An information disclosure issue was addressed by removing the vulnerab ...) NOT-FOR-US: Apple CVE-2020-9796 (A race condition was addressed with improved state handling. This issu ...) NOT-FOR-US: Apple CVE-2020-9795 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9794 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: sqlite3 as used by Apple NOTE: No details available due to typical Apple intransparency CVE-2020-9793 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-9792 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-9791 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9790 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9789 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-9788 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-9787 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9786 (This issue was addressed with improved checks This issue is fixed in m ...) NOT-FOR-US: Apple CVE-2020-9785 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-9784 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple Safari CVE-2020-9783 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9782 (A parsing issue in the handling of directory paths was addressed with ...) NOT-FOR-US: Apple CVE-2020-9781 (The issue was addressed by clearing website permission prompts after n ...) NOT-FOR-US: Apple CVE-2020-9780 (The issue was resolved by clearing application previews when content i ...) NOT-FOR-US: Apple CVE-2020-9779 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-9778 RESERVED CVE-2020-9777 (An issue existed in the selection of video file by Mail. The issue was ...) NOT-FOR-US: Apple CVE-2020-9776 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2020-9775 (An issue existed in the handling of tabs displaying picture in picture ...) NOT-FOR-US: Apple CVE-2020-9774 (An issue existed with Siri Suggestions access to encrypted data. The i ...) NOT-FOR-US: Apple CVE-2020-9773 (The issue was addressed with improved handling of icon caches. This is ...) NOT-FOR-US: Apple CVE-2020-9772 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-9771 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2020-9770 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. This i ...) NOT-FOR-US: Apple CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-9767 (A vulnerability related to Dynamic-link Library (“DLL”) lo ...) NOT-FOR-US: Zoom CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10026 REJECTED CVE-2020-10025 REJECTED CVE-2020-10024 (The arm platform-specific code uses a signed integer comparison when v ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10023 (The shell subsystem contains a buffer overflow, whereby an adversary w ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10022 (A malformed JSON payload that is received from an UpdateHub server may ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10021 (Out-of-bounds Write in the USB Mass Storage memoryWrite handler with u ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10020 REJECTED CVE-2020-10019 (USB DFU has a potential buffer overflow where the requested length (wL ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10018 (WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the ...) {DSA-4641-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0003.html CVE-2020-10017 (An out-of-bounds write was addressed with improved input validation. T ...) NOT-FOR-US: Apple CVE-2020-10016 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-10015 (An out-of-bounds write issue was addressed with improved bounds checki ...) NOT-FOR-US: Apple CVE-2020-10014 (A parsing issue in the handling of directory paths was addressed with ...) NOT-FOR-US: Apple CVE-2020-10013 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-10012 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2020-10011 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-10010 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2020-10009 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-10008 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-10007 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-10006 (This issue was addressed with improved entitlements. This issue is fix ...) NOT-FOR-US: Apple CVE-2020-10005 (A resource exhaustion issue was addressed with improved input validati ...) NOT-FOR-US: Apple CVE-2020-10004 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-10003 (An issue existed within the path validation logic for symlinks. This i ...) NOT-FOR-US: Apple CVE-2020-10002 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-10001 (An input validation issue was addressed with improved memory handling. ...) {DLA-2800-1} - cups 2.3.3op2-1 [buster] - cups (Minor issue) NOTE: https://github.com/OpenPrinting/cups/commit/efbea1742bd30f842fbbfb87a473e5c84f4162f9 (v2.3.3op2) CVE-2020-10000 RESERVED CVE-2020-9766 RESERVED CVE-2020-9765 RESERVED CVE-2020-9764 RESERVED CVE-2020-9763 RESERVED CVE-2020-9762 RESERVED CVE-2020-9761 (An issue was discovered in UNCTAD ASYCUDA World 2001 through 2020. The ...) NOT-FOR-US: UNCTAD ASYCUDA World CVE-2020-9760 (An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affe ...) {DLA-2770-1 DLA-2157-1} - weechat 2.7.1-1 [buster] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d CVE-2020-9759 (A Vulnerability of LG Electronic web OS TV Emulator could allow an att ...) {DLA-2770-1 DLA-2157-1} - weechat 2.7.1-1 [buster] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e CVE-2020-9758 (An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (He ...) NOT-FOR-US: LiveZilla Live Chat CVE-2020-9757 (The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side T ...) NOT-FOR-US: Seomatic component for Craft CMS CVE-2020-9756 (Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insuff ...) NOT-FOR-US: Patriot Viper RGB Driver CVE-2020-9755 RESERVED CVE-2020-9754 RESERVED CVE-2020-9753 (Whale Browser Installer before 1.2.0.5 versions don't support signatur ...) NOT-FOR-US: Whale Browser CVE-2020-9752 (Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a lo ...) NOT-FOR-US: Naver Cloud Explorer CVE-2020-9751 (Naver Cloud Explorer before 2.2.2.11 allows the system to download an ...) NOT-FOR-US: Naver Cloud Explorer CVE-2020-9750 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...) NOT-FOR-US: Adobe CVE-2020-9749 (Adobe Animate version 20.5 (and earlier) is affected by an out-of-boun ...) NOT-FOR-US: Adobe CVE-2020-9748 (Adobe Animate version 20.5 (and earlier) is affected by a stack overfl ...) NOT-FOR-US: Adobe CVE-2020-9747 (Adobe Animate version 20.5 (and earlier) is affected by a double free ...) NOT-FOR-US: Adobe CVE-2020-9746 (Adobe Flash Player version 32.0.0.433 (and earlier) are affected by an ...) NOT-FOR-US: Adobe Flash Plugin CVE-2020-9745 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) NOT-FOR-US: Adobe CVE-2020-9744 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) NOT-FOR-US: Adobe CVE-2020-9743 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9742 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9741 (The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9740 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9739 (Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-o ...) NOT-FOR-US: Adobe CVE-2020-9738 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9737 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9736 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9735 (AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and be ...) NOT-FOR-US: Adobe AEM CVE-2020-9734 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.1 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9733 (An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (a ...) NOT-FOR-US: Adobe AEM CVE-2020-9732 (The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and ...) NOT-FOR-US: Adobe AEM CVE-2020-9731 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9730 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9729 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9728 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9727 (A memory corruption vulnerability exists in InDesign 15.1.1 (and earli ...) NOT-FOR-US: Adobe CVE-2020-9726 (Adobe FrameMaker version 2019.0.6 (and earlier versions) has an out-of ...) NOT-FOR-US: Adobe CVE-2020-9725 (Adobe FrameMaker version 2019.0.6 (and earlier versions) lacks proper ...) NOT-FOR-US: Adobe CVE-2020-9724 (Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library ...) NOT-FOR-US: Adobe CVE-2020-9723 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9722 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9721 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9720 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9719 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9718 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9717 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9716 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9715 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9714 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9713 RESERVED CVE-2020-9712 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9711 RESERVED CVE-2020-9710 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9709 RESERVED CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...) NOT-FOR-US: Adobe CVE-2020-9707 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9706 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9705 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9704 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9703 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9702 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9701 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9700 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9699 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9698 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9697 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9696 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9695 RESERVED CVE-2020-9694 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9693 (Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001 ...) NOT-FOR-US: Adobe CVE-2020-9692 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9691 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9690 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9689 (Magento versions 2.3.5-p1 and earlier, and 2.3.5-p1 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9688 (Adobe Download Manager version 2.0.0.518 have a command injection vuln ...) NOT-FOR-US: Adobe CVE-2020-9687 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9686 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9685 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9684 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9683 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-9682 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9681 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Unco ...) NOT-FOR-US: Adobe CVE-2020-9680 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vul ...) NOT-FOR-US: Adobe CVE-2020-9679 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vuln ...) NOT-FOR-US: Adobe CVE-2020-9678 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vul ...) NOT-FOR-US: Adobe CVE-2020-9677 (Adobe Prelude versions 9.0 and earlier have an out-of-bounds read vuln ...) NOT-FOR-US: Adobe CVE-2020-9676 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write v ...) NOT-FOR-US: Adobe CVE-2020-9675 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds read vu ...) NOT-FOR-US: Adobe CVE-2020-9674 (Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write v ...) NOT-FOR-US: Adobe CVE-2020-9673 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...) NOT-FOR-US: Adobe CVE-2020-9672 (Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2 ...) NOT-FOR-US: Adobe CVE-2020-9671 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9670 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9669 (Adobe Creative Cloud Desktop Application versions 5.1 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-9668 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Impr ...) NOT-FOR-US: Adobe CVE-2020-9667 (Adobe Genuine Service version 6.6 (and earlier) is affected by an Unco ...) NOT-FOR-US: Adobe CVE-2020-9666 (Adobe Campaign Classic before 20.2 have an out-of-bounds read vulnerab ...) NOT-FOR-US: Adobe CVE-2020-9665 (Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9664 (Magento versions 1.14.4.5 and earlier, and 1.9.4.5 and earlier have a ...) NOT-FOR-US: Magento CVE-2020-9663 (Adobe Reader Mobile versions 20.0.1 and earlier have a directory trave ...) NOT-FOR-US: Adobe CVE-2020-9662 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9661 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds re ...) NOT-FOR-US: Adobe CVE-2020-9660 (Adobe After Effects versions 17.1 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9659 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...) NOT-FOR-US: Adobe CVE-2020-9658 (Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write ...) NOT-FOR-US: Adobe CVE-2020-9657 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9656 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9655 (Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9654 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9653 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9652 (Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds rea ...) NOT-FOR-US: Adobe CVE-2020-9651 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9650 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9649 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds re ...) NOT-FOR-US: Adobe CVE-2020-9648 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9647 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9646 (Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-9645 (Adobe Experience Manager versions 6.5 and earlier have a blind server- ...) NOT-FOR-US: Adobe CVE-2020-9644 (Adobe Experience Manager versions 6.5 and earlier have a cross-site sc ...) NOT-FOR-US: Adobe CVE-2020-9643 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...) NOT-FOR-US: Adobe CVE-2020-9642 (Adobe Illustrator versions 24.1.2 and earlier have a buffer errors vul ...) NOT-FOR-US: Adobe CVE-2020-9641 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9640 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9639 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9638 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...) NOT-FOR-US: Adobe CVE-2020-9637 (Adobe After Effects versions 17.1 and earlier have a heap overflow vul ...) NOT-FOR-US: Adobe CVE-2020-9636 (Adobe Framemaker versions 2019.0.5 and below have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9635 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9634 (Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-9633 (Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash ...) NOT-FOR-US: Adobe CVE-2020-9632 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9631 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9630 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9629 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9628 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9627 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9626 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9625 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9624 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9623 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9622 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9621 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9620 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9619 RESERVED CVE-2020-9618 (Adobe Audition versions 13.0.5 and earlier have an out-of-bounds read ...) NOT-FOR-US: Adobe CVE-2020-9617 (Adobe Premiere Rush versions 1.5.8 and earlier have an out-of-bounds r ...) NOT-FOR-US: Adobe CVE-2020-9616 (Adobe Premiere Pro versions 14.1 and earlier have an out-of-bounds rea ...) NOT-FOR-US: Adobe CVE-2020-9615 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9614 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9613 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9612 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9611 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9610 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9609 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9608 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9607 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9606 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9605 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9604 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9603 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9602 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9601 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9600 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9599 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9598 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9597 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9596 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9595 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9594 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9593 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9592 (Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-9591 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9590 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9589 (Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have ...) NOT-FOR-US: Adobe CVE-2020-9588 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9587 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9586 (Adobe Character Animator versions 3.2 and earlier have a buffer overfl ...) NOT-FOR-US: Adobe CVE-2020-9585 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9584 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9583 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9582 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9581 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9580 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9579 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9578 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9577 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9576 (Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.1 ...) NOT-FOR-US: Magento CVE-2020-9575 (Adobe Illustrator versions 24.1.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9574 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9573 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9572 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9571 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9570 (Adobe Illustrator versions 24.0.2 and earlier have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-9569 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9568 (Adobe Bridge versions 10.0.1 and earlier version have a memory corrupt ...) NOT-FOR-US: Adobe CVE-2020-9567 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...) NOT-FOR-US: Adobe CVE-2020-9566 (Adobe Bridge versions 10.0.1 and earlier version have an use after fre ...) NOT-FOR-US: Adobe CVE-2020-9565 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9564 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9563 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow ...) NOT-FOR-US: Adobe CVE-2020-9562 (Adobe Bridge versions 10.0.1 and earlier version have a heap overflow ...) NOT-FOR-US: Adobe CVE-2020-9561 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9560 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9559 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9558 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9557 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9556 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9555 (Adobe Bridge versions 10.0.1 and earlier version have a stack-based bu ...) NOT-FOR-US: Adobe CVE-2020-9554 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9553 (Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-9552 (Adobe Bridge versions 10.0 have a heap-based buffer overflow vulnerabi ...) NOT-FOR-US: Adobe CVE-2020-9551 (Adobe Bridge versions 10.0 have an out-of-bounds write vulnerability. ...) NOT-FOR-US: Adobe CVE-2020-9550 (Rubetek SmartHome 2020 devices use unencrypted 433 MHz communication b ...) NOT-FOR-US: Rubetek SmartHome 2020 devices CVE-2020-9549 (In PDFResurrect 0.12 through 0.19, get_type in pdf.c has an out-of-bou ...) {DLA-2134-1} - pdfresurrect 0.20-1 (unimportant; bug #952948) NOTE: https://github.com/enferex/pdfresurrect/issues/8 NOTE: Crash in CLI tool, no security impact CVE-2020-9548 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9547 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2634 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9546 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...) {DLA-2135-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2631 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-9545 (Pale Moon 28.x before 28.8.4 has a segmentation fault related to modul ...) NOT-FOR-US: Pale Moon CVE-2020-9544 (An issue was discovered on D-Link DSL-2640B E1 EU_1.01 devices. The ad ...) NOT-FOR-US: D-Link CVE-2020-9543 (OpenStack Manila <7.4.1, >=8.0.0 <8.1.1, and >=9.0.0 <9 ...) - manila 1:9.0.0-5 (bug #953581) [buster] - manila 1:7.0.0-1+deb10u1 [stretch] - manila (Minor issue) NOTE: https://bugs.launchpad.net/manila/+bug/1861485 NOTE: https://security.openstack.org/ossa/OSSA-2020-002.html CVE-2020-9542 RESERVED CVE-2020-9541 RESERVED CVE-2020-9540 (Sophos HitmanPro.Alert before build 861 allows local elevation of priv ...) NOT-FOR-US: Sophos CVE-2020-9539 RESERVED CVE-2020-9538 RESERVED CVE-2020-9537 RESERVED CVE-2020-9536 RESERVED CVE-2020-9535 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) NOT-FOR-US: D-Link CVE-2020-9534 (fmwlan.c on D-Link DIR-615Jx10 devices has a stack-based buffer overfl ...) NOT-FOR-US: D-Link CVE-2020-9533 RESERVED CVE-2020-9532 RESERVED CVE-2020-9531 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. In t ...) NOT-FOR-US: Xiaomi CVE-2020-9530 (An issue was discovered on Xiaomi MIUI V11.0.5.0.QFAEUXM devices. The ...) NOT-FOR-US: Xiaomi CVE-2020-9529 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology CVE-2020-9528 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology CVE-2020-9527 (Firmware developed by Shenzhen Hichip Vision Technology (V6 through V2 ...) NOT-FOR-US: Firmware developed by Shenzhen Hichip Vision Technology CVE-2020-9526 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...) NOT-FOR-US: CS2 Network P2P CVE-2020-9525 (CS2 Network P2P through 3.x, as used in millions of Internet of Things ...) NOT-FOR-US: CS2 Network P2P CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Server an ...) NOT-FOR-US: Micro Focus CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...) NOT-FOR-US: Micro Focus CVE-2020-9522 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enter ...) NOT-FOR-US: Micro Focus CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus Service M ...) NOT-FOR-US: Micro Focus CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...) NOT-FOR-US: Micro Focus Vibe CVE-2020-9519 (HTTP methods reveled in Web services vulnerability in Micro Focus Serv ...) NOT-FOR-US: Micro Focus CVE-2020-9518 (Login filter can access configuration files vulnerability in Micro Foc ...) NOT-FOR-US: Micro Focus CVE-2020-9517 (There is an improper restriction of rendered UI layers or frames vulne ...) NOT-FOR-US: Micro Focus CVE-2020-9516 RESERVED CVE-2020-9515 RESERVED CVE-2020-9514 (An issue was discovered in the IMPress for IDX Broker plugin before 2. ...) NOT-FOR-US: IMPress for IDX Broker plugin for WordPress CVE-2020-9513 RESERVED CVE-2020-9512 RESERVED CVE-2020-9511 RESERVED CVE-2020-9510 RESERVED CVE-2020-9509 RESERVED CVE-2020-9508 RESERVED CVE-2020-9507 RESERVED CVE-2020-9506 RESERVED CVE-2020-9505 RESERVED CVE-2020-9504 RESERVED CVE-2020-9503 RESERVED CVE-2020-9502 (Some Dahua products with Build time before December 2019 have Session ...) NOT-FOR-US: Dahua CVE-2020-9501 (Attackers can obtain Cloud Key information from the Dahua Web P2P cont ...) NOT-FOR-US: Dahua CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...) NOT-FOR-US: Dahua CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...) NOT-FOR-US: Dahua CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved inpro ...) {DLA-2435-1} - guacamole-server 1.3.0-1 (bug #964195) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3 NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/ NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...) {DLA-2435-1} - guacamole-server 1.3.0-1 (bug #964195) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2 NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/ NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb CVE-2020-9496 (XML-RPC request are vulnerable to unsafe deserialization and Cross-Sit ...) NOT-FOR-US: Apache OFBiz CVE-2020-9495 (Apache Archiva login service before 2.2.5 is vulnerable to LDAP inject ...) NOT-FOR-US: Apache Archiva CVE-2020-9494 (Apache Traffic Server 6.0.0 to 6.2.3, 7.0.0 to 7.1.10, and 8.0.0 to 8. ...) {DSA-4710-1} - trafficserver 8.0.8+ds-1 (bug #963629) NOTE: https://github.com/apache/trafficserver/pull/6922 CVE-2020-9493 (A deserialization flaw was found in Apache Chainsaw versions prior to ...) NOT-FOR-US: Apache Chainsaw CVE-2020-9492 (In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alph ...) - hadoop (bug #793644) CVE-2020-9491 (In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by ...) NOT-FOR-US: Apache NiFi CVE-2020-9490 (Apache HTTP Server versions 2.4.20 to 2.4.43. A specially crafted valu ...) {DSA-4757-1} - apache2 2.4.46-1 [stretch] - apache2 (Too intrusive to backport) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490 NOTE: https://www.openwall.com/lists/oss-security/2020/08/07/4 NOTE: https://svn.apache.org/r1880396 NOTE: https://github.com/apache/httpd/commit/a61223e9cb906110f35ec144b93fee9eb80ad6e4 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2030 CVE-2020-9489 (A carefully crafted or corrupt file may trigger a System.exit in Tika' ...) - tika (bug #984666) [bullseye] - tika (Minor issue) [buster] - tika (Minor issue) [jessie] - tika (the fix is too invasive to backport) NOTE: https://www.openwall.com/lists/oss-security/2020/04/24/1 CVE-2020-9488 (Improper validation of certificate with host mismatch in Apache Log4j ...) - apache-log4j2 2.13.3-1 (bug #959450) [buster] - apache-log4j2 (Minor issue) [stretch] - apache-log4j2 (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification) [jessie] - apache-log4j2 (Minor issue; set mail.smtp.ssl.checkserveridentity to true to enable hostname verification) NOTE: https://www.openwall.com/lists/oss-security/2020/04/25/1 NOTE: https://issues.apache.org/jira/browse/LOG4J2-2819 NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=6851b5083ef9610bae320bf07e1f24d2aa08851b (release-2.x) NOTE: https://gitbox.apache.org/repos/asf?p=logging-log4j2.git;h=fb91a3d71e2f3dadad6fd1beb2ab857f44fe8bbb (master) CVE-2020-9487 (In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time pass ...) NOT-FOR-US: Apache NiFi CVE-2020-9486 (In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine p ...) NOT-FOR-US: Apache NiFi CVE-2020-9485 (An issue was found in Apache Airflow versions 1.10.10 and below. A sto ...) - airflow (bug #819700) CVE-2020-9484 (When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to ...) {DSA-4727-1 DLA-2279-1 DLA-2217-1 DLA-2209-1} - tomcat9 9.0.35-1 (bug #961209) - tomcat8 - tomcat7 [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: https://github.com/apache/tomcat/commit/bb33048e3f9b4f2b70e4da2e6c4e34ca89023b1b (10.0.0-M5) NOTE: https://github.com/apache/tomcat/commit/3aa8f28db7efb311cdd1b6fe15a9cd3b167a2222 (9.0.35) NOTE: https://github.com/apache/tomcat/commit/ec08af18d0f9ddca3f2d800ef66fe7fd20afef2f (8.5.55) NOTE: https://github.com/apache/tomcat/commit/53e30390943c18fca0c9e57dbcc14f1c623cfd06 (7.0.104) CVE-2020-9483 (**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the ...) NOT-FOR-US: Apache SkyWalking CVE-2020-9482 (If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other ...) NOT-FOR-US: Apache NiFi CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulne ...) {DSA-4672-1} - trafficserver 8.0.7+ds-1 NOTE: https://lists.apache.org/thread.html/rcb8bae0b289d71d18a3220be256c1dfcc4d9ab49d2d6e07d1eac7c9d%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...) - apache-spark (bug #802194) CVE-2020-9479 (When loading a UDF, a specially crafted zip file could allow files to ...) NOT-FOR-US: Apache AsterixDB CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...) NOT-FOR-US: Rubrik CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. A vu ...) NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...) NOT-FOR-US: ARRIS TG1692A devices CVE-2020-9475 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9474 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9473 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 has a p ...) NOT-FOR-US: S. Siedle & Soehne SG 150-0 Smart Gateway CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...) NOT-FOR-US: Umbraco CMS CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...) NOT-FOR-US: Umbraco CVE-2020-9470 (An issue was discovered in Wing FTP Server 6.2.5 before February 2020. ...) NOT-FOR-US: Wing FTP Server CVE-2020-9469 RESERVED CVE-2020-9468 (The Community plugin 2.9.e-beta for Piwigo allows users to set image i ...) - piwigo CVE-2020-9467 (Piwigo 2.10.1 has stored XSS via the file parameter in a /ws.php reque ...) - piwigo CVE-2020-9466 (The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV ...) NOT-FOR-US: Export Users to CSV plugin for WordPress CVE-2020-9465 (An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP/IP B ...) NOT-FOR-US: BECKHOFF Ethernet TCP/IP Bus Coupler BK9000 CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary ...) - centreon-web (bug #913903) CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro devices up to ...) NOT-FOR-US: Athom CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...) NOT-FOR-US: Octech Oempro CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...) NOT-FOR-US: Octech Oempro CVE-2020-9459 (Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webn ...) NOT-FOR-US: Webnus Modern Events Calendar Lite plugin for WordPress CVE-2020-9458 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the exp ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9457 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9456 (In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the use ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9455 (The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9454 (A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 f ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-9453 (In Epson iProjection v2.30, the driver file EMP_MPAU.sys allows local ...) NOT-FOR-US: Epson CVE-2020-9452 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) NOT-FOR-US: Acronis CVE-2020-9451 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) NOT-FOR-US: Acronis CVE-2020-9450 (An issue was discovered in Acronis True Image 2020 24.5.22510. anti_ra ...) NOT-FOR-US: Acronis CVE-2020-9449 (An insecure random number generation vulnerability in BlaB! AX, BlaB! ...) NOT-FOR-US: BlaB! CVE-2020-9448 RESERVED CVE-2020-9447 (There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0. ...) NOT-FOR-US: GwtUpload CVE-2020-9446 RESERVED CVE-2020-9445 (Zulip Server before 2.1.3 allows XSS via the modal_link feature in the ...) - zulip-server (bug #800052) CVE-2020-9444 (Zulip Server before 2.1.3 allows reverse tabnabbing via the Markdown f ...) - zulip-server (bug #800052) CVE-2020-9443 (Zulip Desktop before 4.0.3 loaded untrusted content in an Electron web ...) NOT-FOR-US: Zulip Desktop (different from itp'ed zulip-server) CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PRO ...) NOT-FOR-US: OpenVPN Connect on Windows CVE-2020-9441 RESERVED CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...) NOT-FOR-US: CKEditor plugin CVE-2020-9439 (Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin ...) NOT-FOR-US: Uncanny Owl Tin Canny LearnDash Reporting CVE-2020-9438 (Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a d ...) NOT-FOR-US: Tinxy Door Lock CVE-2020-9437 (SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side tem ...) NOT-FOR-US: SecureAuth IdP CVE-2020-9436 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) NOT-FOR-US: PHOENIX CVE-2020-9435 (PHOENIX CONTACT TC ROUTER 3002T-4G through 2.05.3, TC ROUTER 2002T-3G ...) NOT-FOR-US: PHOENIX CVE-2020-9434 (openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 cert ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9433 (openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certi ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9432 (openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certif ...) NOT-FOR-US: lua-openssl (different from lua-luaossl) CVE-2020-9427 (OX Guard 2.10.3 and earlier allows SSRF. ...) NOT-FOR-US: OX Guard CVE-2020-9426 (OX Guard 2.10.3 and earlier allows XSS. ...) NOT-FOR-US: OX Guard CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...) NOT-FOR-US: rConfig CVE-2020-9424 RESERVED CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...) NOT-FOR-US: LogicalDoc CVE-2020-9422 RESERVED CVE-2020-9421 RESERVED CVE-2020-9420 RESERVED CVE-2020-9419 RESERVED CVE-2020-9431 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) {DLA-2547-1} - wireshark 3.2.2-1 [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (composite TVB handling added later) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-03.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16341 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086003c9d616906e08bbeeab9c17b3aa4c6ff850 CVE-2020-9430 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) {DLA-2547-1} - wireshark 3.2.2-1 [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-04.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16368 NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16383 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6b98dc63701b1da1cc7681cb383dabb0b7007d73 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=93d6b03a67953b82880cdbdcf0d30e2a3246d790 CVE-2020-9428 (In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the ...) {DLA-2547-1} - wireshark 3.2.2-1 (low) [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-05.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16397 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9fe2de783dbcbe74144678d60a4e3923367044b2 CVE-2020-9429 (In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This ...) - wireshark 3.2.2-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) [jessie] - wireshark (Vulnerable code not present) NOTE: https://www.wireshark.org/security/wnpa-sec-2020-06.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16394 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=73c5fff899f253c44a72657048aec7db6edee571 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2530f740d67d41908e84434bb5ec99480c2ac2e CVE-2020-9418 (An untrusted search path vulnerability in the installer of PDFescape D ...) NOT-FOR-US: PDFescape CVE-2020-9417 (The Transaction Insight reporting component of TIBCO Software Inc.'s T ...) NOT-FOR-US: TIBCO CVE-2020-9416 (The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2020-9415 (The TIBCO Data Virtualization Server component of TIBCO Software Inc.' ...) NOT-FOR-US: TIBCO CVE-2020-9414 (The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed ...) NOT-FOR-US: TIBCO CVE-2020-9413 (The MFT Browser file transfer client and MFT Browser admin client comp ...) NOT-FOR-US: TIBCO CVE-2020-9412 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) NOT-FOR-US: TIBCO CVE-2020-9411 (The file transfer component of TIBCO Software Inc.'s TIBCO Managed Fil ...) NOT-FOR-US: TIBCO CVE-2020-9410 (The report generator component of TIBCO Software Inc.'s TIBCO JasperRe ...) NOT-FOR-US: TIBCO CVE-2020-9409 (The administrative UI component of TIBCO Software Inc.'s TIBCO JasperR ...) NOT-FOR-US: TIBCO CVE-2020-9408 (The Spotfire library component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2020-9407 (IBL Online Weather before 4.3.5a allows attackers to obtain sensitive ...) NOT-FOR-US: IBL Online Weather CVE-2020-9406 (IBL Online Weather before 4.3.5a allows unauthenticated eval injection ...) NOT-FOR-US: IBL Online Weather CVE-2020-9405 (IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS ...) NOT-FOR-US: IBL Online Weather CVE-2020-9404 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...) NOT-FOR-US: PACTware CVE-2020-9403 (In PACTware before 4.1 SP6 and 5.x before 5.0.5.31, passwords are stor ...) NOT-FOR-US: PACTware CVE-2020-9402 (Django 1.11 before 1.11.29, 2.2 before 2.2.11, and 3.0 before 3.0.4 al ...) - python-django 2:2.2.11-1 (low; bug #953102) [buster] - python-django 1:1.11.29-1~deb10u1 [stretch] - python-django (Can be fixed along in a future DSA) [jessie] - python-django (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/03/04/1 NOTE: Introduced by: https://github.com/django/django/commit/fcf494b48fea7c0c55ea29721ba0b2d250351ff8 NOTE: Fixed by: https://github.com/django/django/commit/fe886a3b58a93cfbe8864b485f93cb6d426cd1f2 (v2.2) NOTE: Fixed by: https://github.com/django/django/commit/02d97f3c9a88adc890047996e5606180bd1c6166 (v1.11) CVE-2020-9401 RESERVED CVE-2020-9400 RESERVED CVE-2020-9399 (The Avast AV parsing engine allows virus-detection bypass via a crafte ...) NOT-FOR-US: Avast AV parsing engine CVE-2020-9398 (ISPConfig before 3.1.15p3, when the undocumented reverse_proxy_panel_a ...) NOT-FOR-US: ISPConfig CVE-2020-9397 RESERVED CVE-2020-9396 RESERVED CVE-2020-9395 (An issue was discovered on Realtek RTL8195AM, RTL8711AM, RTL8711AF, an ...) NOT-FOR-US: Realtek CVE-2020-9394 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9393 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9392 (An issue was discovered in the pricing-table-by-supsystic plugin befor ...) NOT-FOR-US: pricing-table-by-supsystic plugin for WordPress CVE-2020-9390 (SquaredUp allowed Stored XSS before version 4.6.0. A user was able to ...) NOT-FOR-US: SquaredUp CVE-2020-9389 (A username enumeration issue was discovered in SquaredUp before versio ...) NOT-FOR-US: SquaredUp CVE-2020-9388 (CSRF protection was not present in SquaredUp before version 4.6.0. A C ...) NOT-FOR-US: SquaredUp CVE-2020-9387 (In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account detai ...) - mahara CVE-2020-9386 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) - mahara CVE-2020-9391 (An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 ...) - linux 5.5.13-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/dcde237319e626d1ec3c9d8b7613032f0fd4663a CVE-2020-9385 (A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because mul ...) - zint (Fixed with initial upload to archive) CVE-2020-9384 (** DISPUTED ** An Insecure Direct Object Reference (IDOR) vulnerabilit ...) NOT-FOR-US: Subex CVE-2020-9383 (An issue was discovered in the Linux kernel 3.16 through 5.5.6. set_fd ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/2e90ca68b0d2f5548804f22f0dd61145516171e3 CVE-2020-9382 (An issue was discovered in the Widgets extension through 1.4.0 for Med ...) NOT-FOR-US: Widgets extension for MediaWiki CVE-2020-9381 (controllers/admin.js in Total.js CMS 13 allows remote attackers to exe ...) NOT-FOR-US: Total.js CMS CVE-2020-9380 (IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to exe ...) NOT-FOR-US: IPTV Smarters WEB TV PLAYER CVE-2020-9379 (The Software Development Kit of the MiContact Center Business with Sit ...) NOT-FOR-US: Mitel CVE-2020-9378 RESERVED CVE-2020-9377 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Remote Co ...) NOT-FOR-US: D-Link CVE-2020-9376 (** UNSUPPORTED WHEN ASSIGNED ** D-Link DIR-610 devices allow Informati ...) NOT-FOR-US: D-Link CVE-2020-9375 (TP-Link Archer C50 V3 devices before Build 200318 Rel. 62209 allows re ...) NOT-FOR-US: TP-Link CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...) NOT-FOR-US: TP-Link CVE-2020-9373 RESERVED CVE-2020-9372 (The Appointment Booking Calendar plugin before 1.3.35 for WordPress al ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2020-9371 (Stored XSS exists in the Appointment Booking Calendar plugin before 1. ...) NOT-FOR-US: Appointment Booking Calendar plugin for WordPress CVE-2020-9370 (HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. ...) NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial ...) {DSA-4818-1} - sympa 6.2.40~dfsg-4 (low; bug #952428) [stretch] - sympa (Vulnerability introduced later in 6.2.38) [jessie] - sympa (Vulnerability introduced later in 6.2.38) NOTE: https://github.com/sympa-community/sympa/issues/886 NOTE: https://sympa-community.github.io/security/2020-001.html NOTE: Upstream patch: https://github.com/sympa-community/sympa/releases/download/6.2.54/sympa-6.2.52-sa-2020-001.patch CVE-2020-9368 (The Module Olea Gift On Order module through 5.0.8 for PrestaShop enab ...) NOT-FOR-US: Module Olea Gift On Order module for PrestaShop CVE-2020-9367 (The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ...) - pure-ftpd 1.0.49-3 (bug #952471) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) [jessie] - pure-ftpd (Vulnerable code does not exist) NOTE: https://github.com/jedisct1/pure-ftpd/commit/36c6d268cb190282a2c17106acfd31863121b CVE-2020-9364 (An issue was discovered in helpers/mailer.php in the Creative Contact ...) NOT-FOR-US: Creative Contact Form extension for Joomla! CVE-2020-9363 (The Sophos AV parsing engine before 2020-01-14 allows virus-detection ...) NOT-FOR-US: Sophos AV CVE-2020-9362 (The Quick Heal AV parsing engine (November 2019) allows virus-detectio ...) NOT-FOR-US: Quick Heal AV parsing engine CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 treated ...) - screen 4.8.0-1 (bug #950896) [buster] - screen (Vulnerable code introduced in v4.7.0) [stretch] - screen (Vulnerable code introduced in v4.7.0) [jessie] - screen (Vulnerable code introduced in v4.7.0) NOTE: https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html NOTE: https://www.openwall.com/lists/oss-security/2020/02/06/3 NOTE: Fixed by: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=68386dfb1fa33471372a8cd2e74686758a2f527b (v4.8.0) NOTE: Follow-up: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=0dd53533e20d2948351a99ec5336fbc9b82b226a (v4.8.0) NOTE: Introduced due to: https://git.savannah.gnu.org/cgit/screen.git/commit/?id=c5db181b6e017cfccb8d7842ce140e59294d9f62 (v4.7.0) CVE-2020-9361 (CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local use ...) NOT-FOR-US: CryptoPro CSP CVE-2020-9360 RESERVED CVE-2020-9359 (KDE Okular before 1.10.0 allows code execution via an action link in a ...) {DLA-2159-1} - okular 4:19.12.3-2 (bug #954891) [buster] - okular 4:17.12.2-2.2+deb10u1 [stretch] - okular (Minor issue) NOTE: https://invent.kde.org/kde/okular/-/commit/6a93a033b4f9248b3cd4d04689b8391df754e244 NOTE: https://kde.org/info/security/advisory-20200312-1.txt NOTE: https://sysdream.com/news/lab/2020-03-24-cve-2020-9359-okular-command-execution/ (PoC) CVE-2020-9358 RESERVED CVE-2020-9357 RESERVED CVE-2020-9356 RESERVED CVE-2020-9354 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) NOT-FOR-US: SmartClient CVE-2020-9353 (An issue was discovered in SmartClient 12.0. The Remote Procedure Call ...) NOT-FOR-US: SmartClient CVE-2020-9352 (An issue was discovered in SmartClient 12.0. Unauthenticated exploitat ...) NOT-FOR-US: SmartClient CVE-2020-9351 (An issue was discovered in SmartClient 12.0. If an unauthenticated att ...) NOT-FOR-US: SmartClient CVE-2020-9350 (Graph Builder in SAS Visual Analytics 8.5 allows XSS via a graph templ ...) NOT-FOR-US: Graph Builder in SAS Visual Analytics CVE-2020-9349 (The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmwar ...) NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP CVE-2020-9348 RESERVED CVE-2020-9347 (** DISPUTED ** Zoho ManageEngine Password Manager Pro through 10.x has ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9346 (Zoho ManageEngine Password Manager Pro 10.4 and prior has no protectio ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-9345 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) NOT-FOR-US: signoPAD-API/Web CVE-2020-9344 (Subversion ALM for the enterprise before 8.8.2 allows reflected XSS at ...) NOT-FOR-US: Subversion ALM CVE-2020-9343 (An issue was discovered in signotec signoPAD-API/Web (formerly Websock ...) NOT-FOR-US: signoPAD-API/Web CVE-2020-9342 (The F-Secure AV parsing engine before 2020-02-05 allows virus-detectio ...) NOT-FOR-US: F-Secure AV parsing engine CVE-2020-9341 (CandidATS 2.1.0 is vulnerable to CSRF that allows for an administrator ...) NOT-FOR-US: CandidATS CVE-2020-9340 (fauzantrif eLection 2.0 has SQL Injection via the admin/ajax/op_kandid ...) NOT-FOR-US: fauzantrif eLection CVE-2020-9339 (SOPlanning 1.45 allows XSS via the Name or Comment to status.php. ...) NOT-FOR-US: SOPlanning CVE-2020-9338 (SOPlanning 1.45 allows XSS via the "Your SoPlanning url" field. ...) NOT-FOR-US: SOPlanning CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encod ...) NOT-FOR-US: GolfBuddy Course Manager CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -> Settings ...) NOT-FOR-US: fauzantrif eLection CVE-2020-6816 (In Mozilla Bleach before 3.12, a mutation XSS in bleach.clean when RCD ...) {DSA-4643-1} - python-bleach 3.1.3-1 (bug #954236) [stretch] - python-bleach (Requires invasive changes to address issue) [jessie] - python-bleach (Requires invasive change to address issue) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743 NOTE: https://github.com/mozilla/bleach/commit/175f67740e7951e1d80cefb7831e6c3e4efeb986 CVE-2020-6802 (In Mozilla Bleach before 3.11, a mutation XSS affects users calling bl ...) {DSA-4636-1} - python-bleach 3.1.1-1 (bug #951907) [stretch] - python-bleach (Requires invasive changes to address issue) [jessie] - python-bleach (Fix too invasive in jessie; uses external html5 parser) NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1615315 (not public) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-q65m-pv3f-wr5r NOTE: https://github.com/mozilla/bleach/commit/f77e0f6392177a06e46a49abd61a4d9f035e57fd CVE-2020-9335 (Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery p ...) NOT-FOR-US: 10Web Photo Gallery plugin for WordPress CVE-2020-9334 (A stored XSS vulnerability exists in the Envira Photo Gallery plugin t ...) NOT-FOR-US: Envira Photo Gallery plugin for WordPress CVE-2020-9333 RESERVED CVE-2020-9332 (ftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 ...) NOT-FOR-US: FabulaTech CVE-2020-9331 (CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Pri ...) NOT-FOR-US: CryptoPro CSP CVE-2020-9330 (Certain Xerox WorkCentre printers before 073.xxx.000.02300 do not requ ...) NOT-FOR-US: Xerox CVE-2020-9329 (Gogs through 0.11.91 allows attackers to violate the admin-specified r ...) NOT-FOR-US: Go Git Service CVE-2020-9328 RESERVED CVE-2020-9327 (In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger ...) - sqlite3 3.31.1-3 (bug #951835) [buster] - sqlite3 (Vulnerable code not present) [stretch] - sqlite3 (vulnerable code not present) [jessie] - sqlite3 (vulnerable code not present) NOTE: https://www.sqlite.org/cgi/src/info/4374860b29383380 NOTE: https://www.sqlite.org/cgi/src/info/9d0d4ab95dc0c56e NOTE: https://www.sqlite.org/cgi/src/info/abc473fb8fb99900 NOTE: https://github.com/sqlite/sqlite/commit/bf48ce49f7c25e5d4524de9fdc5c0d505218d06d NOTE: https://github.com/sqlite/sqlite/commit/78d1d225d87af40f5bdca57fa72f00b6ffaffa21 CVE-2020-9326 (BeyondTrust Privilege Management for Windows and Mac (aka PMWM; former ...) NOT-FOR-US: BeyondTrust Privilege Management for Windows and Mac CVE-2020-9325 (Aquaforest TIFF Server 4.0 allows Unauthenticated Arbitrary File Downl ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9324 (Aquaforest TIFF Server 4.0 allows Unauthenticated SMB Hash Capture via ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9323 (Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory E ...) NOT-FOR-US: Aquaforest TIFF Server CVE-2020-9322 RESERVED CVE-2020-9321 (configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0. ...) NOT-FOR-US: Traefik CVE-2020-9320 (** DISPUTED ** Avira AV Engine before 8.3.54.138 allows virus-detectio ...) NOT-FOR-US: Avira CVE-2020-9319 RESERVED CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...) NOT-FOR-US: Red Gate SQL Monitor CVE-2020-9317 RESERVED CVE-2020-9316 RESERVED CVE-2020-9315 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...) NOT-FOR-US: Oracle CVE-2020-9314 (** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7. ...) NOT-FOR-US: Oracle CVE-2020-9313 RESERVED CVE-2020-9312 RESERVED CVE-2020-9311 (In SilverStripe through 4.5, malicious users with a valid Silverstripe ...) NOT-FOR-US: SilverStripe CVE-2020-9310 REJECTED CVE-2020-9309 (Silverstripe CMS through 4.5 can be susceptible to script execution fr ...) NOT-FOR-US: SilverStripe CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...) - libarchive 3.4.0-2 (bug #951759) [buster] - libarchive (rar5 support added in 3.4.0) [stretch] - libarchive (rar5 support added in 3.4.0) [jessie] - libarchive (rar5 support added in 3.4.0) NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459 NOTE: https://github.com/libarchive/libarchive/pull/1326 NOTE: https://github.com/libarchive/libarchive/commit/94821008d6eea81e315c5881cdf739202961040a CVE-2020-9307 (Hirschmann OS2, RSP, and RSPE devices before HiOS 08.3.00 allow a deni ...) NOT-FOR-US: Hirschmann OS2, RSP, and RSPE devices CVE-2020-9306 (Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of ...) NOT-FOR-US: Tesla SolarCity Solar Monitoring Gateway CVE-2020-9305 RESERVED CVE-2020-9304 RESERVED CVE-2020-9303 RESERVED CVE-2020-9302 RESERVED CVE-2020-9301 (Nolan Ray from Apple Information Security identified a security vulner ...) NOT-FOR-US: Spinnaker CVE-2020-9300 (The Access Control issues include allowing a regular user to view a re ...) NOT-FOR-US: Netflix dispatch CVE-2020-9299 (There were XSS vulnerabilities discovered and reported in the Dispatch ...) NOT-FOR-US: Netflix dispatch CVE-2020-9298 (The Spinnaker template resolution functionality is vulnerable to Serve ...) NOT-FOR-US: Spinnaker CVE-2020-9297 (Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java ...) NOT-FOR-US: Netflix Titus CVE-2020-9296 (Netflix Titus uses Java Bean Validation (JSR 380) custom constraint va ...) NOT-FOR-US: Netflix Conductor CVE-2020-9295 RESERVED CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...) NOT-FOR-US: FortiMail Fortiguard CVE-2020-9293 RESERVED CVE-2020-9292 (An unquoted service path vulnerability in the FortiSIEM Windows Agent ...) NOT-FOR-US: Fortiguard CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windows 6. ...) NOT-FOR-US: Fortiguard / FortiClient for Windows CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online ...) NOT-FOR-US: Fortiguard CVE-2020-9289 (Use of a hard-coded cryptographic key to encrypt password data in CLI ...) NOT-FOR-US: Fortiguard CVE-2020-9288 (An improper neutralization of input vulnerability in FortiWLC 8.5.1 al ...) NOT-FOR-US: Fortinet CVE-2020-9287 (An Unsafe Search Path vulnerability in FortiClient EMS online installe ...) NOT-FOR-US: Fortiguard CVE-2020-9286 (An improper authorization vulnerability in FortiADC may allow a remote ...) NOT-FOR-US: Fortiguard CVE-2020-9285 RESERVED CVE-2020-9284 RESERVED CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...) {DLA-2455-1 DLA-2453-1 DLA-2402-1} - golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462) [buster] - golang-go.crypto (Minor issue) [jessie] - golang-go.crypto (Minor issue) NOTE: https://github.com/golang/crypto/commit/bac4c82f69751a6dd76e702d54b3ceb88adab236 CVE-2020-9282 (In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before ...) - mahara CVE-2020-9281 (A cross-site scripting (XSS) vulnerability in the HTML Data Processor ...) NOT-FOR-US: CKEditor plugin CVE-2020-9280 (In SilverStripe through 4.5, files uploaded via Forms to folders migra ...) NOT-FOR-US: SilverStripe CVE-2020-9279 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A har ...) NOT-FOR-US: D-Link CVE-2020-9278 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The d ...) NOT-FOR-US: D-Link CVE-2020-9277 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. Authe ...) NOT-FOR-US: D-Link CVE-2020-9276 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The f ...) NOT-FOR-US: D-Link CVE-2020-9275 (An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. A cfm ...) NOT-FOR-US: D-Link CVE-2020-9274 (An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer ...) {DLA-2123-1} - pure-ftpd 1.0.49-4 (bug #952666) [buster] - pure-ftpd (Minor issue) [stretch] - pure-ftpd (Minor issue) NOTE: https://github.com/jedisct1/pure-ftpd/commit/8d0d42542e2cb7a56d645fbe4d0ef436e38bcefa NOTE: though the CVE description does not specifically say, the issue seems to be an NOTE: out-of-bounds memory read which may result in information disclosure; NOTE: probably not the end of the world, but it is made worse by use of the rather NOTE: unsafe strcmp() instead of strncmp() in the vulnerable functions CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...) {DSA-4635-1 DLA-2115-2 DLA-2115-1} - proftpd-dfsg 1.3.6c-2 (bug #951800) NOTE: https://github.com/proftpd/proftpd/issues/903 NOTE: https://github.com/proftpd/proftpd/commit/d388f7904d4c9a6d0ea54237b8b54a57c19d8d49 (master) NOTE: https://github.com/proftpd/proftpd/commit/f8047a1ed0e0eb15193f555c4cbbb281e705c5c3 (master) NOTE: https://github.com/proftpd/proftpd/commit/e845abc1bd86eebec7a0342fded908a1b0f1996b (1.3.6c) NOTE: https://github.com/proftpd/proftpd/commit/cd9036f4ef7a05c107f0ffcb19a018b20267c531 (1.3.6-branch) CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...) - proftpd-dfsg 1.3.6c-1 (unimportant) NOTE: https://github.com/proftpd/proftpd/issues/902 NOTE: Debian does not build mod_cap and does not use the embedded libcap. NOTE: Sourcewise fixed in 1.3.6c by updating to the lastest libcap. CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...) NOT-FOR-US: ICE Hrm CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via ...) NOT-FOR-US: ICE Hrm CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...) NOT-FOR-US: SOPlanning CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, ...) NOT-FOR-US: SOPlanning CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) NOT-FOR-US: SOPlanning CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) NOT-FOR-US: SOPlanning CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...) NOT-FOR-US: phpMyChat-Plus CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...) NOT-FOR-US: ESET CVE-2020-9263 (HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWE ...) NOT-FOR-US: Huawei CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: HUAWEI CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: HUAWEI CVE-2020-9260 (HUAWEI P30 and HUAWEI P30 Pro smartphones with versions earlier than 1 ...) NOT-FOR-US: HUAWEI CVE-2020-9259 (Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00 ...) NOT-FOR-US: Huawei CVE-2020-9258 (HUAWEI P30 smartphone with versions earlier than 10.1.0.135(C00E135R2P ...) NOT-FOR-US: HUAWEI CVE-2020-9257 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...) NOT-FOR-US: Huawei CVE-2020-9256 (Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C ...) NOT-FOR-US: Huawei CVE-2020-9255 (Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E ...) NOT-FOR-US: Huawei CVE-2020-9254 (HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E ...) NOT-FOR-US: Huawei CVE-2020-9253 RESERVED CVE-2020-9252 (HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI M ...) NOT-FOR-US: Huawei CVE-2020-9251 (HUAWEI Mate 20 smartphones with versions earlier than 10.1.0.160(C00E1 ...) NOT-FOR-US: Huawei CVE-2020-9250 RESERVED CVE-2020-9249 (HUAWEI P30 smartphones with versions earlier than 10.1.0.160(C00E160R2 ...) NOT-FOR-US: Huawei CVE-2020-9248 (Huawei FusionComput 8.0.0 have an improper authorization vulnerability ...) NOT-FOR-US: Huawei CVE-2020-9247 (There is a buffer overflow vulnerability in several Huawei products. T ...) NOT-FOR-US: Huawei CVE-2020-9246 (FusionCompute 8.0.0 has an information leak vulnerability. A module do ...) NOT-FOR-US: Huawei CVE-2020-9245 (HUAWEI P30 versions Versions earlier than 10.1.0.160(C00E160R2P11);HUA ...) NOT-FOR-US: Huawei CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R3P8); ...) NOT-FOR-US: Huawei CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: Huawei CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The softwa ...) NOT-FOR-US: Huawei CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...) NOT-FOR-US: Huawei CVE-2020-9240 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buff ...) NOT-FOR-US: Huawei CVE-2020-9239 (Huawei smartphones BLA-A09 versions 8.0.0.123(C212),versions earlier t ...) NOT-FOR-US: Huawei CVE-2020-9238 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buff ...) NOT-FOR-US: Huawei CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...) NOT-FOR-US: Huawei CVE-2020-9236 RESERVED CVE-2020-9235 (Huawei smartphones HONOR 20 PRO Versions earlier than 10.1.0.230(C432E ...) NOT-FOR-US: Huawei CVE-2020-9234 RESERVED CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...) NOT-FOR-US: Huawei CVE-2020-9232 RESERVED CVE-2020-9231 RESERVED CVE-2020-9230 (WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due ...) NOT-FOR-US: Huawei CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) NOT-FOR-US: Huawei CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) NOT-FOR-US: Huawei CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 ...) NOT-FOR-US: Huawei CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...) NOT-FOR-US: HUAWEI CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...) NOT-FOR-US: Huawei CVE-2020-9224 RESERVED CVE-2020-9223 (There is a denial of service vulnerability in some Huawei smartphones. ...) NOT-FOR-US: Huawei CVE-2020-9222 RESERVED CVE-2020-9221 RESERVED CVE-2020-9220 RESERVED CVE-2020-9219 RESERVED CVE-2020-9218 RESERVED CVE-2020-9217 RESERVED CVE-2020-9216 RESERVED CVE-2020-9215 RESERVED CVE-2020-9214 RESERVED CVE-2020-9213 (There is a denial of service vulnerability in some huawei products. In ...) NOT-FOR-US: Huawei CVE-2020-9212 (There is a vulnerability in some version of USG9500 that the device im ...) NOT-FOR-US: Huawei CVE-2020-9211 RESERVED CVE-2020-9210 RESERVED CVE-2020-9209 (There is a privilege escalation vulnerability in SMC2.0 product. Some ...) NOT-FOR-US: Huawei CVE-2020-9208 (There is an information leak vulnerability in iManager NetEco 6000 ver ...) NOT-FOR-US: Huawei CVE-2020-9207 (There is an improper authentication vulnerability in some verisons of ...) NOT-FOR-US: Huawei CVE-2020-9206 (The eUDC660 product has a resource management vulnerability. An attack ...) NOT-FOR-US: Huawei CVE-2020-9205 (There has a CSV injection vulnerability in ManageOne 8.0.1. An attacke ...) NOT-FOR-US: Huawei CVE-2020-9204 RESERVED CVE-2020-9203 (There is a resource management errors vulnerability in Huawei P30. Loc ...) NOT-FOR-US: Huawei CVE-2020-9202 (There is an information disclosure vulnerability in TE Mobile software ...) NOT-FOR-US: TE Mobile CVE-2020-9201 (There is an out-of-bounds read vulnerability in some versions of NIP68 ...) NOT-FOR-US: Huawei CVE-2020-9200 (There has a CSV injection vulnerability in iManager NetEco 6000 versio ...) NOT-FOR-US: Huawei CVE-2020-9199 (B2368-22 V100R001C00;B2368-57 V100R001C00;B2368-66 V100R001C00 have a ...) NOT-FOR-US: Huawei CVE-2020-9198 RESERVED CVE-2020-9197 RESERVED CVE-2020-9196 RESERVED CVE-2020-9195 RESERVED CVE-2020-9194 RESERVED CVE-2020-9193 RESERVED CVE-2020-9192 RESERVED CVE-2020-9191 RESERVED CVE-2020-9190 RESERVED CVE-2020-9189 RESERVED CVE-2020-9188 RESERVED CVE-2020-9187 RESERVED CVE-2020-9186 RESERVED CVE-2020-9185 RESERVED CVE-2020-9184 RESERVED CVE-2020-9183 RESERVED CVE-2020-9182 RESERVED CVE-2020-9181 RESERVED CVE-2020-9180 RESERVED CVE-2020-9179 RESERVED CVE-2020-9178 RESERVED CVE-2020-9177 RESERVED CVE-2020-9176 RESERVED CVE-2020-9175 RESERVED CVE-2020-9174 RESERVED CVE-2020-9173 RESERVED CVE-2020-9172 RESERVED CVE-2020-9171 RESERVED CVE-2020-9170 RESERVED CVE-2020-9169 RESERVED CVE-2020-9168 RESERVED CVE-2020-9167 RESERVED CVE-2020-9166 RESERVED CVE-2020-9165 RESERVED CVE-2020-9164 RESERVED CVE-2020-9163 RESERVED CVE-2020-9162 RESERVED CVE-2020-9161 RESERVED CVE-2020-9160 RESERVED CVE-2020-9159 RESERVED CVE-2020-9158 (There is a Missing Cryptographic Step vulnerability in Huawei Smartpho ...) NOT-FOR-US: Huawei CVE-2020-9157 RESERVED CVE-2020-9156 RESERVED CVE-2020-9155 RESERVED CVE-2020-9154 RESERVED CVE-2020-9153 RESERVED CVE-2020-9152 RESERVED CVE-2020-9151 RESERVED CVE-2020-9150 RESERVED CVE-2020-9149 (An application error verification vulnerability exists in a component ...) NOT-FOR-US: Huawei CVE-2020-9148 (An application bypass mechanism vulnerability exists in a component in ...) NOT-FOR-US: Huawei CVE-2020-9147 (A memory buffer error vulnerability exists in a component interface of ...) NOT-FOR-US: Huawei CVE-2020-9146 (A memory buffer error vulnerability exists in a component interface of ...) NOT-FOR-US: Huawei CVE-2020-9145 (There is an Out-of-bounds Write vulnerability in some Huawei smartphon ...) NOT-FOR-US: Huawei CVE-2020-9144 (There is a heap overflow vulnerability in some Huawei smartphone, atta ...) NOT-FOR-US: Huawei CVE-2020-9143 (There is a missing authentication vulnerability in some Huawei smartph ...) NOT-FOR-US: Huawei CVE-2020-9142 (There is a heap base buffer overflow vulnerability in some Huawei smar ...) NOT-FOR-US: Huawei CVE-2020-9141 (There is a improper privilege management vulnerability in some Huawei ...) NOT-FOR-US: Huawei CVE-2020-9140 (There is a vulnerability with buffer access with incorrect length valu ...) NOT-FOR-US: Huawei CVE-2020-9139 (There is a improper input validation vulnerability in some Huawei Smar ...) NOT-FOR-US: Huawei CVE-2020-9138 (There is a heap-based buffer overflow vulnerability in some Huawei Sma ...) NOT-FOR-US: Huawei CVE-2020-9137 (There is a privilege escalation vulnerability in some versions of Clou ...) NOT-FOR-US: Huawei CVE-2020-9136 RESERVED CVE-2020-9135 RESERVED CVE-2020-9134 RESERVED CVE-2020-9133 RESERVED CVE-2020-9132 RESERVED CVE-2020-9131 RESERVED CVE-2020-9130 RESERVED CVE-2020-9129 (HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vu ...) NOT-FOR-US: Huawei CVE-2020-9128 (FusionCompute versions 8.0.0 have an insecure encryption algorithm vul ...) NOT-FOR-US: Uawei FusionCompute CVE-2020-9127 (Some Huawei products have a command injection vulnerability. Due to in ...) NOT-FOR-US: Huawei CVE-2020-9126 RESERVED CVE-2020-9125 (There is an out-of-bound read vulnerability in huawei smartphone Mate ...) NOT-FOR-US: Huawei CVE-2020-9124 (There is a memory leak vulnerability in some versions of Huawei CloudE ...) NOT-FOR-US: Huawei CVE-2020-9123 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versi ...) NOT-FOR-US: Huawei CVE-2020-9122 (Some Huawei products have an insufficient input verification vulnerabi ...) NOT-FOR-US: Huawei CVE-2020-9121 RESERVED CVE-2020-9120 (CloudEngine 1800V versions V100R019C10SPC500 has a resource management ...) NOT-FOR-US: Huawei CVE-2020-9119 (There is a privilege escalation vulnerability on some Huawei smart pho ...) NOT-FOR-US: Huawei CVE-2020-9118 (There is an insufficient integrity check vulnerability in Huawei Sound ...) NOT-FOR-US: Huawei CVE-2020-9117 (HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM ...) NOT-FOR-US: Huawei CVE-2020-9116 (Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection ...) NOT-FOR-US: Huawei CVE-2020-9115 (ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B ...) NOT-FOR-US: Huawei CVE-2020-9114 (FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a pri ...) NOT-FOR-US: Huawei CVE-2020-9113 (HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buf ...) NOT-FOR-US: Huawei CVE-2020-9112 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a priv ...) NOT-FOR-US: Huawei CVE-2020-9111 (E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E ...) NOT-FOR-US: Huawei CVE-2020-9110 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an inf ...) NOT-FOR-US: Huawei CVE-2020-9109 (There is an information disclosure vulnerability in several smartphone ...) NOT-FOR-US: Huawei CVE-2020-9108 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an o ...) NOT-FOR-US: Huawei CVE-2020-9107 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an o ...) NOT-FOR-US: Huawei CVE-2020-9106 (HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a pa ...) NOT-FOR-US: Huawei CVE-2020-9105 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an ins ...) NOT-FOR-US: Huawei CVE-2020-9104 (HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2 ...) NOT-FOR-US: Huawei CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...) NOT-FOR-US: Huawei CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...) NOT-FOR-US: Huawei CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...) NOT-FOR-US: Huawei CVE-2020-9100 (Earlier than HiSuite 10.1.0.500 have a DLL hijacking vulnerability. Th ...) NOT-FOR-US: Huawei CVE-2020-9099 (Huawei products IPS Module; NGFW Module; NIP6300; NIP6600; NIP6800; Se ...) NOT-FOR-US: Huawei CVE-2020-9098 (Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an ...) NOT-FOR-US: Huawei CVE-2020-9097 RESERVED CVE-2020-9096 (HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E1 ...) NOT-FOR-US: Huawei CVE-2020-9095 (HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E16 ...) NOT-FOR-US: Huawei CVE-2020-9094 (There is an out of bound read vulnerability in some verisons of Huawei ...) NOT-FOR-US: Huawei CVE-2020-9093 (There is a use after free vulnerability in Taurus-AL00A versions 10.0. ...) NOT-FOR-US: Huawei CVE-2020-9092 (HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a Ja ...) NOT-FOR-US: Huawei CVE-2020-9091 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out ...) NOT-FOR-US: Huawei CVE-2020-9090 (FusionAccess version 6.5.1 has an improper authorization vulnerability ...) NOT-FOR-US: Huawei CVE-2020-9089 RESERVED CVE-2020-9088 RESERVED CVE-2020-9087 (Taurus-AL00A version 10.0.0.1(C00E1R1P1) has an out-of-bounds read vul ...) NOT-FOR-US: Huawei CVE-2020-9086 RESERVED CVE-2020-9085 RESERVED CVE-2020-9084 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a use- ...) NOT-FOR-US: Taurus-AN00B CVE-2020-9083 (HUAWEI Mate 20 smart phones with Versions earlier than 10.1.0.163(C00E ...) NOT-FOR-US: Huawei CVE-2020-9082 RESERVED CVE-2020-9081 RESERVED CVE-2020-9080 RESERVED CVE-2020-9079 (FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulne ...) NOT-FOR-US: Huawei CVE-2020-9078 (FusionCompute 8.0.0 have local privilege escalation vulnerability. A l ...) NOT-FOR-US: Huawei CVE-2020-9077 (HUAWEI P30 smart phones with versions earlier than 10.1.0.160(C00E160R ...) NOT-FOR-US: Huawei CVE-2020-9076 (HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier ...) NOT-FOR-US: Huawei CVE-2020-9075 (Huawei products Secospace USG6300;USG6300E with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-9074 (Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an imprope ...) NOT-FOR-US: Huawei CVE-2020-9073 (Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1 ...) NOT-FOR-US: Huawei CVE-2020-9072 (Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a ...) NOT-FOR-US: Huawei CVE-2020-9071 (There is a few bytes out-of-bounds read vulnerability in some Huawei p ...) NOT-FOR-US: Huawei CVE-2020-9070 (Huawei smartphones Taurus-AL00B with versions earlier than 10.0.0.205( ...) NOT-FOR-US: Huawei CVE-2020-9069 (There is an information leakage vulnerability in some Huawei products. ...) NOT-FOR-US: Huawei CVE-2020-9068 (Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00 ...) NOT-FOR-US: Huawei CVE-2020-9067 (There is a buffer overflow vulnerability in some Huawei products. The ...) NOT-FOR-US: Huawei CVE-2020-9066 (Huawei smartphones OxfordP-AN10B with versions earlier than 10.0.1.169 ...) NOT-FOR-US: Huawei CVE-2020-9065 (Huawei smart phone Taurus-AL00B with versions earlier than 10.0.0.203( ...) NOT-FOR-US: Huawei CVE-2020-9064 (Huawei smartphone Honor V30 with versions earlier than OxfordS-AN00A 1 ...) NOT-FOR-US: Huawei CVE-2020-9063 (NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authent ...) NOT-FOR-US: NCR SelfServ ATMs CVE-2020-9062 (Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version ...) NOT-FOR-US: Diebold Nixdorf ProCash 2100xe USB ATMs CVE-2020-9061 RESERVED CVE-2020-9060 RESERVED CVE-2020-9059 RESERVED CVE-2020-9058 RESERVED CVE-2020-9057 RESERVED CVE-2020-9056 (Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scr ...) NOT-FOR-US: Periscope BuySpeed CVE-2020-9055 (Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnera ...) NOT-FOR-US: Versiant LYNX Customer Service Portal CVE-2020-9054 (Multiple ZyXEL network-attached storage (NAS) devices running firmware ...) NOT-FOR-US: ZyXEL CVE-2020-9053 REJECTED CVE-2020-9052 REJECTED CVE-2020-9051 REJECTED CVE-2020-9050 (Path Traversal vulnerability exists in Metasys Reporting Engine (MRE) ...) NOT-FOR-US: Metasys Reporting Engine (MRE) Web Services CVE-2020-9049 (A vulnerability in specified versions of American Dynamics victor Web ...) NOT-FOR-US: Sensormatic Electronics, LLC; a subsidiary of Johnson Controls CVE-2020-9048 (A vulnerability in specified versions of American Dynamics victor Web ...) NOT-FOR-US: Johnson Controls CVE-2020-9047 (A vulnerability exists that could allow the execution of unauthorized ...) NOT-FOR-US: exacqVision Web Service CVE-2020-9046 (A vulnerability in all versions of Kantech EntraPass Editions could po ...) NOT-FOR-US: Kantech CVE-2020-9045 (During installation or upgrade to Software House C•CURE 9000 v2. ...) NOT-FOR-US: Software House CVE-2020-9044 (XXE vulnerability exists in the Metasys family of product Web Services ...) NOT-FOR-US: Johnson Controls CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...) NOT-FOR-US: wpCentral plugin for WordPress CVE-2020-9042 (In Couchbase Server 6.0, credentials cached by a browser can be used t ...) NOT-FOR-US: Couchbase CVE-2020-9041 (In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, th ...) NOT-FOR-US: Couchbase CVE-2020-9040 (Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker t ...) NOT-FOR-US: Couchbase CVE-2020-9039 (Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6. ...) NOT-FOR-US: Couchbase CVE-2020-9038 (Joplin through 1.0.184 allows Arbitrary File Read via XSS. ...) NOT-FOR-US: Joplin CVE-2020-9037 RESERVED CVE-2020-9036 (Jeedom through 4.0.38 allows XSS. ...) NOT-FOR-US: Jeedom CVE-2020-9035 RESERVED CVE-2020-9355 (danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalati ...) {DSA-4637-1} - network-manager-ssh 1.2.11-1 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/pull/98 NOTE: https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1803499 CVE-2020-9034 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9033 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9032 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9031 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9030 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9029 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9028 (Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65 ...) NOT-FOR-US: Symmetricom SyncServer CVE-2020-9027 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) NOT-FOR-US: ELTEX devices CVE-2020-9026 (ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection v ...) NOT-FOR-US: ELTEX devices CVE-2020-9025 (Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9024 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world- ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9023 (Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two us ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9022 (An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 de ...) NOT-FOR-US: Xirrus devices CVE-2020-9021 (Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1. ...) NOT-FOR-US: Post Oak AWAM Bluetooth Field Device CVE-2020-9020 (Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow ...) NOT-FOR-US: Iteris Vantage Velocity Field Unit devices CVE-2020-9019 (The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via th ...) NOT-FOR-US: WPJobBoard plugin for WordPress CVE-2020-9018 (LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF ...) NOT-FOR-US: LiteCart CVE-2020-9017 (LiteCart through 2.2.1 allows CSV injection via a customer's profile. ...) NOT-FOR-US: LiteCart CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, ...) - dolibarr CVE-2020-9015 (** DISPUTED ** Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20 ...) NOT-FOR-US: Arista devices CVE-2020-9014 (In Epson iProjection v2.30, the driver file (EMP_NSAU.sys) allows loca ...) NOT-FOR-US: Epson CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...) NOT-FOR-US: Arvato Skillpipe CVE-2020-9012 (A cross-site scripting (XSS) vulnerability in the Import People functi ...) NOT-FOR-US: Gluu Identity Configuration CVE-2020-9011 RESERVED CVE-2020-9010 RESERVED CVE-2020-9009 RESERVED CVE-2020-9008 (Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/Pe ...) NOT-FOR-US: Blackboard Learn/PeopleTool CVE-2020-9007 (Codoforum 4.8.8 allows self-XSS via the title of a new topic. ...) NOT-FOR-US: Codoforum CVE-2020-9006 (The Popup Builder plugin 2.2.8 through 2.6.7.6 for WordPress is vulner ...) NOT-FOR-US: Popup Builder plugin for WordPress CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attack ...) NOT-FOR-US: Dota 2 CVE-2020-9004 (A remote authenticated authorization-bypass vulnerability in Wowza Str ...) NOT-FOR-US: Wowza Streaming Engine CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...) NOT-FOR-US: Modula Image Gallery plugin for WordPress CVE-2020-9002 (An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gai ...) NOT-FOR-US: iPortalis iCS CVE-2020-9001 REJECTED CVE-2020-9000 (An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send ...) NOT-FOR-US: iPortalis iCS CVE-2020-8999 REJECTED CVE-2020-8998 REJECTED CVE-2020-8997 (Older generation Abbott FreeStyle Libre sensors allow remote attackers ...) NOT-FOR-US: Abbott FreeStyle Libre CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to read ...) NOT-FOR-US: AnyShare Cloud CVE-2020-8995 (Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file ...) NOT-FOR-US: Programi Bilanc CVE-2020-8994 (An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1. ...) NOT-FOR-US: XIAOMI AI speaker MDZ-25-DT CVE-2020-8993 RESERVED CVE-2020-8992 (ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux k ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://patchwork.ozlabs.org/patch/1236118/ CVE-2020-8991 (** DISPUTED ** vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.0 ...) - lvm2 2.03.01-2 [stretch] - lvm2 (Minor issue) [jessie] - lvm2 (Minor issue) NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701 NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code) CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow ...) NOT-FOR-US: Western Digital My Cloud Home CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...) NOT-FOR-US: Voatz application for Android CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...) NOT-FOR-US: Voatz application for Android CVE-2020-8987 (Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 pr ...) NOT-FOR-US: Avast AntiTrack CVE-2020-8986 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly c ...) NOT-FOR-US: ZendTo CVE-2020-8985 (ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unl ...) NOT-FOR-US: ZendTo CVE-2020-8984 (lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address s ...) NOT-FOR-US: ZendTo CVE-2020-8983 (An arbitrary file write issue exists in all versions of Citrix ShareFi ...) NOT-FOR-US: Citrix CVE-2020-8982 (An unauthenticated arbitrary file read issue exists in all versions of ...) NOT-FOR-US: Citrix CVE-2020-8981 (A cross-site scripting (XSS) vulnerability was discovered in the Sourc ...) NOT-FOR-US: Source Integration plugin for MantisBT CVE-2020-8980 RESERVED CVE-2020-8979 RESERVED CVE-2020-8978 RESERVED CVE-2020-8977 RESERVED CVE-2020-8976 RESERVED CVE-2020-8975 RESERVED CVE-2020-8974 RESERVED CVE-2020-8973 RESERVED CVE-2020-8972 RESERVED CVE-2020-8971 RESERVED CVE-2020-8970 RESERVED CVE-2020-8969 RESERVED CVE-2020-8968 RESERVED CVE-2020-8967 (There is an improper Neutralization of Special Elements used in an SQL ...) NOT-FOR-US: GESIO CVE-2020-8966 (There is an Improper Neutralization of Script-Related HTML Tags in a W ...) - tikiwiki CVE-2020-8965 RESERVED CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) NOT-FOR-US: TimeTools devices CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) NOT-FOR-US: TimeTools devices CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...) NOT-FOR-US: D-Link CVE-2020-8961 (An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. ...) NOT-FOR-US: Avira CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...) NOT-FOR-US: Western Digital mycloud.com CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...) NOT-FOR-US: Western Digital CVE-2020-8958 (Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804R ...) NOT-FOR-US: Guangzhou CVE-2020-8957 RESERVED CVE-2020-8956 (Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 ...) NOT-FOR-US: Pulse Secure Pulse Secure Desktop Client CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...) {DLA-2770-1 DLA-2157-1} - weechat 2.7.1-1 (bug #951289) [buster] - weechat (Minor issue) NOTE: https://github.com/weechat/weechat/commit/6f4f147d8e86adf9ad34a8ffd7e7f1f23a7e74da CVE-2020-8954 (OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link ...) NOT-FOR-US: OpenSearch Web browser CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...) NOT-FOR-US: OpenVPN Access Server CVE-2020-8952 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allow ...) NOT-FOR-US: Fiserv Accurate Reconciliation CVE-2020-8951 (Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allow ...) NOT-FOR-US: Fiserv Accurate Reconciliation CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...) NOT-FOR-US: Radeon AMD User Experience Program Launcher CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...) NOT-FOR-US: Gocloud devices CVE-2020-8948 (The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) be ...) NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) CVE-2020-8947 (functions_netflow.php in Artica Pandora FMS 7.0 allows remote attacker ...) NOT-FOR-US: Pandora FMS CVE-2020-8946 (Netis WF2471 v1.2.30142 devices allow an authenticated attacker to exe ...) NOT-FOR-US: Netis devices CVE-2020-8945 (The proglottis Go wrapper before 0.1.1 for the GPGME library has a use ...) - golang-github-proglottis-gpgme 0.1.1-1 (bug #951372) [buster] - golang-github-proglottis-gpgme (Minor issue) NOTE: https://github.com/proglottis/gpgme/pull/23 CVE-2020-8944 (An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 ...) NOT-FOR-US: Asylo CVE-2020-8943 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) NOT-FOR-US: Asylo CVE-2020-8942 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) NOT-FOR-US: Asylo CVE-2020-8941 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) NOT-FOR-US: Asylo CVE-2020-8940 (An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 a ...) NOT-FOR-US: Asylo CVE-2020-8939 (An out of bounds read on the enc_untrusted_inet_ntop function allows a ...) NOT-FOR-US: Asylo CVE-2020-8938 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) NOT-FOR-US: Asylo CVE-2020-8937 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) NOT-FOR-US: Asylo CVE-2020-8936 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) NOT-FOR-US: Asylo CVE-2020-8935 (An arbitrary memory overwrite vulnerability in Asylo versions up to 0. ...) NOT-FOR-US: Asylo CVE-2020-8934 RESERVED CVE-2020-8933 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) - google-compute-image-packages (bug #987353) [buster] - google-compute-image-packages (Minor issue) NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 CVE-2020-8932 RESERVED CVE-2020-8931 RESERVED CVE-2020-8930 RESERVED CVE-2020-8929 (A mis-handling of invalid unicode characters in the Java implementatio ...) NOT-FOR-US: Tink CVE-2020-8928 RESERVED CVE-2020-8927 (A buffer overflow exists in the Brotli library versions prior to 1.0.8 ...) {DSA-4801-1 DLA-2476-1} - brotli 1.0.9-1 NOTE: https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6 CVE-2020-8926 RESERVED CVE-2020-8925 RESERVED CVE-2020-8924 RESERVED CVE-2020-8923 (An improper HTML sanitization in Dart versions up to and including 2.7 ...) NOT-FOR-US: Dart (different from src:dart) CVE-2020-8922 RESERVED CVE-2020-8921 RESERVED CVE-2020-8920 (An information leak vulnerability exists in Gerrit versions prior to 2 ...) - gerrit (bug #589436) CVE-2020-8919 (An information leak vulnerability exists in Gerrit versions prior to 2 ...) - gerrit (bug #589436) CVE-2020-8918 (An improperly initialized 'migrationAuth' value in Google's go-tpm TPM ...) NOT-FOR-US: go-tpm TPM1.2 library CVE-2020-8917 RESERVED CVE-2020-8916 (A memory leak in Openthread's wpantund versions up to commit 0e5d1601f ...) NOT-FOR-US: wpantund CVE-2020-8915 RESERVED CVE-2020-8914 RESERVED CVE-2020-8913 (A local, arbitrary code execution vulnerability exists in the SplitCom ...) NOT-FOR-US: Android's Play Core Library CVE-2020-8912 (A vulnerability in the in-band key negotiation exists in the AWS S3 Cr ...) NOT-FOR-US: AWS S3 Crypto SDK for Go CVE-2020-8911 (A padding oracle vulnerability exists in the AWS S3 Crypto SDK for GoL ...) NOT-FOR-US: AWS S3 Crypto SDK for Go CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library versions ...) NOT-FOR-US: Google Closure Library CVE-2020-8909 RESERVED CVE-2020-8908 (A temp directory creation vulnerability exists in all versions of Guav ...) NOT-FOR-US: Google Guava CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) - google-compute-image-packages (bug #987353) [buster] - google-compute-image-packages (Minor issue) NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 CVE-2020-8906 RESERVED CVE-2020-8905 (A buffer length validation vulnerability in Asylo versions prior to 0. ...) NOT-FOR-US: Asylo CVE-2020-8904 (An arbitrary memory overwrite vulnerability in the trusted memory of A ...) NOT-FOR-US: Asylo CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) - google-compute-image-packages (bug #987353) [buster] - google-compute-image-packages (Minor issue) NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 CVE-2020-8902 (Rendertron versions prior to 3.0.0 are are susceptible to a Server-Sid ...) NOT-FOR-US: Rendertron CVE-2020-8901 RESERVED CVE-2020-8900 RESERVED CVE-2020-8899 (There is a buffer overwrite vulnerability in the Quram qmg library of ...) NOT-FOR-US: Samsung CVE-2020-8898 RESERVED CVE-2020-8897 (A weak robustness vulnerability exists in the AWS Encryption SDKs for ...) NOT-FOR-US: AWS Encryption SDKs CVE-2020-8896 (A Buffer Overflow vulnerability in the khcrypt implementation in Googl ...) NOT-FOR-US: Google Earth Pro CVE-2020-8895 (Untrusted Search Path vulnerability in the windows installer of Google ...) NOT-FOR-US: windows installer of Google Earth Pro CVE-2020-8894 (An issue was discovered in MISP before 2.4.121. ACLs for discussion th ...) NOT-FOR-US: MISP CVE-2020-8893 (An issue was discovered in MISP before 2.4.121. The Galaxy view contai ...) NOT-FOR-US: MISP CVE-2020-8892 (An issue was discovered in MISP before 2.4.121. It did not consider th ...) NOT-FOR-US: MISP CVE-2020-8891 (An issue was discovered in MISP before 2.4.121. It did not canonicaliz ...) NOT-FOR-US: MISP CVE-2020-8890 (An issue was discovered in MISP before 2.4.121. It mishandled time ske ...) NOT-FOR-US: MISP CVE-2020-8889 RESERVED CVE-2020-8888 RESERVED CVE-2020-8887 (Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 hav ...) NOT-FOR-US: Telestream Tektronix Medius CVE-2020-8886 RESERVED CVE-2020-8885 RESERVED CVE-2020-8884 (rcdsvc in the Proofpoint Insider Threat Management Windows Agent (form ...) NOT-FOR-US: Proofpoint Insider Threat Management Windows Agent CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8881 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8880 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8879 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Studio Photo CVE-2020-8876 (This vulnerability allows local attackers to disclose information on a ...) NOT-FOR-US: Parallels CVE-2020-8875 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8874 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8873 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8872 (This vulnerability allows local attackers to disclose sensitive inform ...) NOT-FOR-US: Parallels CVE-2020-8871 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2020-8870 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-8869 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-8868 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Quest Foglight Evolve CVE-2020-8867 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: OPC Foundation UA .NET Standard CVE-2020-8866 (This vulnerability allows remote attackers to create arbitrary files o ...) {DLA-2162-1} - php-horde-form 2.0.20-1 (bug #955020) [buster] - php-horde-form 2.0.18-3.1+deb10u1 [stretch] - php-horde-form 2.0.15-1+deb9u2 NOTE: https://lists.horde.org/archives/announce/2020/001288.html NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-275/ NOTE: https://github.com/horde/Form/commit/813f8e7e9479fad4546b89c569325ee9eef60b0f CVE-2020-8865 (This vulnerability allows remote attackers to execute local PHP files ...) {DLA-2175-1} - php-horde-trean 1.1.10-1 (bug #955019) [buster] - php-horde-trean 1.1.9-3+deb10u1 [stretch] - php-horde-trean 1.1.7-1+deb9u1 NOTE: https://lists.horde.org/archives/announce/2020/001286.html NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-276/ NOTE: https://github.com/horde/trean/commit/db0714a0c04d87bda9e2852f1b0d259fc281ca75 NOTE: https://github.com/horde/trean/commit/055029f551501803d7e293a48316e2cf31307908 CVE-2020-8864 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8863 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8862 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8861 (This vulnerability allows network-adjacent attackers to bypass authent ...) NOT-FOR-US: D-Link CVE-2020-8860 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Samsung Galaxy S10 Firmware CVE-2020-8859 (This vulnerability allows remote attackers to create a denial-of-servi ...) NOT-FOR-US: elog CVE-2020-8858 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Moxa CVE-2020-8857 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8856 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8855 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8854 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8853 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8852 (This vulnerability allows remote attackers to disclose sensitive infor ...) NOT-FOR-US: Foxit Reader CVE-2020-8851 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8850 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8849 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8848 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8847 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8846 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary code on ...) NOT-FOR-US: Foxit PhantomPDF CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...) NOT-FOR-US: Istio CVE-2020-8842 REJECTED CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...) NOT-FOR-US: TestLink CVE-2020-8840 (FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean- ...) {DLA-2111-1} - jackson-databind 2.11.1-1 [buster] - jackson-databind 2.9.8-3+deb10u2 [stretch] - jackson-databind 2.8.6-1+deb9u7 NOTE: https://github.com/FasterXML/jackson-databind/issues/2620 NOTE: https://github.com/FasterXML/jackson-databind/commit/914e7c9f2cb8ce66724bf26a72adc7e958992497 NOTE: Starting from 2.10 series mitigated as Safe Default Typing is enabled by default NOTE: but still an issue when Default Typing is enabled. CVE-2020-8839 (Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter dev ...) NOT-FOR-US: CHIYU BF-430 232/485 TCP/IP Converter devices CVE-2020-8838 (An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-8837 RESERVED CVE-2020-8836 RESERVED CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/veri ...) - linux 5.5.13-2 [buster] - linux (Vulnerable code introduced later) [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f2d67fec0b43edce8c416101cdc52e71145b5fef NOTE: https://www.zerodayinitiative.com/advisories/ZDI-20-350/ CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting use of ...) - linux 4.18.6-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2 CVE-2020-8833 (Time-of-check Time-of-use Race Condition vulnerability on crash report ...) NOT-FOR-US: Apport CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...) - linux 4.16.5-1 [stretch] - linux (Vulnerable code not present, incomplete fix not applied) [jessie] - linux (No support for this hardware) NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1862840 NOTE: The CVE is for an incomplete fix for CVE-2019-14615 which technically only NOTE: affects upstream versions (and downstreams) which applied the fix fo NOTE: CVE-2019-14615 which is bc8a76a152c5 ("drm/i915/gen9: Clear residual context NOTE: state on context switch"). But there is need to apply as well the prerequistite NOTE: d2b4b97933f5 ("drm/i915: Record the default hw state after reset upon load"). CVE-2020-8831 (Apport creates a world writable lock file with root ownership in the w ...) NOT-FOR-US: Apport CVE-2020-8830 (CSRF in login.asp on Ruckus devices allows an attacker to access the p ...) NOT-FOR-US: Ruckus CVE-2020-8829 (CSRF on Intelbras CIP 92200 devices allows an attacker to access the p ...) NOT-FOR-US: Intelbras CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...) NOT-FOR-US: Argo CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...) NOT-FOR-US: Argo CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...) NOT-FOR-US: Argo CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...) NOT-FOR-US: Vanilla Forums CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...) NOT-FOR-US: Hitron devices CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulner ...) NOT-FOR-US: SockJS CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices ...) NOT-FOR-US: Digi TransPort CVE-2020-8821 (An Improper Data Validation Vulnerability exists in Webmin 1.941 and e ...) - webmin CVE-2020-8820 (An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the ...) - webmin CVE-2020-8819 (An issue was discovered in the CardGate Payments plugin through 3.1.15 ...) NOT-FOR-US: CardGate Payments plugin for WooCommerce CVE-2020-8818 (An issue was discovered in the CardGate Payments plugin through 2.0.30 ...) NOT-FOR-US: CardGate Payments plugin for Magento CVE-2020-8817 (Dataiku DSS before 6.0.5 allows attackers write access to the project ...) NOT-FOR-US: Dataiku CVE-2020-8816 (Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by priv ...) NOT-FOR-US: Pi-hole CVE-2020-8815 (Improper connection handling in the base connection handler in IKTeam ...) NOT-FOR-US: BearFTP CVE-2020-8814 RESERVED CVE-2020-8813 (graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute a ...) - cacti 1.2.10+ds1-1 (bug #951832) [buster] - cacti (Minor issue) [stretch] - cacti (Vulnerable code not present) [jessie] - cacti (Vulnerable code not present) NOTE: https://gist.github.com/mhaskar/ebe6b74c32fd0f7e1eedf1aabfd44129 NOTE: https://shells.systems/cacti-v1-2-8-authenticated-remote-code-execution-cve-2020-8813/ NOTE: https://github.com/Cacti/cacti/issues/3285 NOTE: https://github.com/Cacti/cacti/commit/fea919e8fe05bb730c802054661fd3a7ec029784 CVE-2020-8812 (** DISPUTED ** Bludit 3.10.0 allows Editor or Author roles to insert m ...) NOT-FOR-US: Bludit CVE-2020-8811 (ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated ...) NOT-FOR-US: Bludit CVE-2020-8810 (An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301 ...) NOT-FOR-US: Gurux CVE-2020-8809 (Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add- ...) NOT-FOR-US: Gurux CVE-2020-8808 (The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR ...) NOT-FOR-US: CORSAIR iCUE CVE-2020-8807 (In Electric Coin Company Zcashd before 2.1.1-1, the time offset betwee ...) NOT-FOR-US: Electric Coin Company Zcashd CVE-2020-8806 (Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigge ...) NOT-FOR-US: Electric Coin Company Zcashd CVE-2020-8805 RESERVED CVE-2020-8804 (SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the Em ...) NOT-FOR-US: SuiteCRM CVE-2020-8803 (SuiteCRM through 7.11.11 allows Directory Traversal to include arbitra ...) NOT-FOR-US: SuiteCRM CVE-2020-8802 (SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveH ...) NOT-FOR-US: SuiteCRM CVE-2020-8801 (SuiteCRM through 7.11.11 allows PHAR Deserialization. ...) NOT-FOR-US: SuiteCRM CVE-2020-8800 (SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PH ...) NOT-FOR-US: SuiteCRM CVE-2020-8799 (A Stored XSS vulnerability has been found in the administration page o ...) NOT-FOR-US: administration page of the WTI Like Post plugin for WordPress CVE-2020-8798 (httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to cha ...) NOT-FOR-US: Juplink CVE-2020-8797 (Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to ...) NOT-FOR-US: Juplink CVE-2020-8796 (Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8795 (In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a gro ...) - gitlab (Only affects EE version) NOTE: https://about.gitlab.com/releases/2020/02/13/critical-security-release-gitlab-12-dot-7-dot-6-released/ CVE-2020-8794 (OpenSMTPD before 6.6.4 allows remote code execution because of an out- ...) {DSA-4634-1} - opensmtpd 6.6.4p1-1 (bug #952453) NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/5 NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ NOTE: https://www.openwall.com/lists/oss-security/2020/02/26/1 CVE-2020-8793 (OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g ...) - opensmtpd 6.6.4p1-1 (unimportant; bug #952453) [buster] - opensmtpd 6.0.3p1-5+deb10u4 [stretch] - opensmtpd 6.0.2p1-2+deb9u3 NOTE: https://www.openwall.com/lists/oss-security/2020/02/24/4 NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/021_smtpd_envelope.patch.sig NOTE: https://poolp.org/posts/2020-01-30/opensmtpd-advisory-dissected/ NOTE: Neutralised by kernel hardening CVE-2020-8792 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8791 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8790 (The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlo ...) NOT-FOR-US: OKLOK CVE-2020-8789 (Composr 10.0.30 allows Persistent XSS via a Usergroup name under the S ...) NOT-FOR-US: Composr CVE-2020-8788 (Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HT ...) NOT-FOR-US: Synaptive Medical ClearCanvas ImageServer CVE-2020-8787 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8786 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8785 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8784 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8783 (SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to ...) NOT-FOR-US: SuiteCRM CVE-2020-8782 (Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 al ...) NOT-FOR-US: ALEOS CVE-2020-8781 (Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 an ...) NOT-FOR-US: ALEOS CVE-2020-8780 RESERVED CVE-2020-8779 RESERVED CVE-2020-8778 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8777 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8776 (Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 ( ...) NOT-FOR-US: Alfresco CVE-2020-8775 (Pega Platform before version 8.2.6 is affected by a Stored Cross-Site ...) NOT-FOR-US: Pega Platform CVE-2020-8774 (Pega Platform before version 8.2.6 is affected by a Reflected Cross-Si ...) NOT-FOR-US: Pega Platform CVE-2020-8773 (The Richtext Editor in Pega Platform before 8.2.6 is affected by a Sto ...) NOT-FOR-US: Pega Platform CVE-2020-8772 (The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missin ...) NOT-FOR-US: InfiniteWP Client plugin for WordPress CVE-2020-8771 (The Time Capsule plugin before 1.21.16 for WordPress has an authentica ...) NOT-FOR-US: Time Capsule plugin for WordPress CVE-2020-8770 RESERVED CVE-2020-8769 RESERVED CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...) NOT-FOR-US: PHOENIX CONTACT Emalytics Controller ILC 2050 BI(L) CVE-2020-8767 (Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus ...) NOT-FOR-US: Intel CVE-2020-8766 (Improper conditions check in the Intel(R) SGX DCAP software before ver ...) NOT-FOR-US: Intel CVE-2020-8765 (Incorrect default permissions in the installer for the Intel(R) RealSe ...) NOT-FOR-US: Intel CVE-2020-8764 (Improper access control in BIOS firmware for some Intel(R) Processors ...) NOT-FOR-US: Intel CVE-2020-8763 (Improper permissions in the installer for the Intel(R) RealSense(TM) D ...) NOT-FOR-US: Intel CVE-2020-8762 RESERVED CVE-2020-8761 (Inadequate encryption strength in subsystem for Intel(R) CSME versions ...) NOT-FOR-US: Intel CVE-2020-8760 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...) NOT-FOR-US: Intel CVE-2020-8759 (Improper access control in the installer for Intel(R) SSD DCT versions ...) NOT-FOR-US: Intel CVE-2020-8758 (Improper buffer restrictions in network subsystem in provisioned Intel ...) NOT-FOR-US: Intel CVE-2020-8757 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) NOT-FOR-US: Intel CVE-2020-8756 (Improper input validation in subsystem for Intel(R) CSME versions befo ...) NOT-FOR-US: Intel CVE-2020-8755 (Race condition in subsystem for Intel(R) CSME versions before 12.0.70 ...) NOT-FOR-US: Intel CVE-2020-8754 (Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM version ...) NOT-FOR-US: Intel CVE-2020-8753 (Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM ve ...) NOT-FOR-US: Intel CVE-2020-8752 (Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM v ...) NOT-FOR-US: Intel CVE-2020-8751 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...) NOT-FOR-US: Intel CVE-2020-8750 (Use after free in Kernel Mode Driver for Intel(R) TXE versions before ...) NOT-FOR-US: Intel CVE-2020-8749 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) NOT-FOR-US: Intel CVE-2020-8748 RESERVED CVE-2020-8747 (Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8. ...) NOT-FOR-US: Intel CVE-2020-8746 (Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80 ...) NOT-FOR-US: Intel CVE-2020-8745 (Insufficient control flow management in subsystem for Intel(R) CSME ve ...) NOT-FOR-US: Intel CVE-2020-8744 (Improper initialization in subsystem for Intel(R) CSME versions before ...) NOT-FOR-US: Intel CVE-2020-8743 (Improper permissions in the installer for the Intel(R) Mailbox Interfa ...) NOT-FOR-US: Intel CVE-2020-8742 (Improper input validation in the firmware for Intel(R) NUCs may allow ...) NOT-FOR-US: Intel CVE-2020-8741 (Improper permissions in the installer for the Intel(R) Thunderbolt(TM) ...) NOT-FOR-US: Intel CVE-2020-8740 (Out of bounds write in Intel BIOS platform sample code for some Intel( ...) NOT-FOR-US: Intel CVE-2020-8739 (Use of potentially dangerous function in Intel BIOS platform sample co ...) NOT-FOR-US: Intel CVE-2020-8738 (Improper conditions check in Intel BIOS platform sample code for some ...) NOT-FOR-US: Intel CVE-2020-8737 (Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmwa ...) NOT-FOR-US: Intel CVE-2020-8736 (Improper access control in subsystem for the Intel(R) Computing Improv ...) NOT-FOR-US: Intel CVE-2020-8735 RESERVED CVE-2020-8734 (Improper input validation in the firmware for Intel(R) Server Board M1 ...) NOT-FOR-US: Intel CVE-2020-8733 (Improper buffer restrictions in the firmware for Intel(R) Server Board ...) NOT-FOR-US: Intel CVE-2020-8732 (Heap-based buffer overflow in the firmware for some Intel(R) Server Bo ...) NOT-FOR-US: Intel CVE-2020-8731 (Incorrect execution-assigned permissions in the file system for some I ...) NOT-FOR-US: Intel CVE-2020-8730 (Heap-based overflow for some Intel(R) Server Boards, Server Systems an ...) NOT-FOR-US: Intel CVE-2020-8729 (Buffer copy without checking size of input for some Intel(R) Server Bo ...) NOT-FOR-US: Intel CVE-2020-8728 RESERVED CVE-2020-8727 RESERVED CVE-2020-8726 RESERVED CVE-2020-8725 RESERVED CVE-2020-8724 RESERVED CVE-2020-8723 (Cross-site scripting for some Intel(R) Server Boards, Server Systems a ...) NOT-FOR-US: Intel CVE-2020-8722 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) NOT-FOR-US: Intel CVE-2020-8721 (Improper input validation for some Intel(R) Server Boards, Server Syst ...) NOT-FOR-US: Intel CVE-2020-8720 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) NOT-FOR-US: Intel CVE-2020-8719 (Buffer overflow in subsystem for some Intel(R) Server Boards, Server S ...) NOT-FOR-US: Intel CVE-2020-8718 (Buffer overflow in a subsystem for some Intel(R) Server Boards, Server ...) NOT-FOR-US: Intel CVE-2020-8717 (Improper input validation in a subsystem for some Intel Server Boards, ...) NOT-FOR-US: Intel CVE-2020-8716 (Improper access control for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8715 (Invalid pointer for some Intel(R) Server Boards, Server Systems and Co ...) NOT-FOR-US: Intel CVE-2020-8714 (Improper authentication for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8713 (Improper authentication for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8712 (Buffer overflow in a verification process for some Intel(R) Server Boa ...) NOT-FOR-US: Intel CVE-2020-8711 (Improper access control in the bootloader for some Intel(R) Server Boa ...) NOT-FOR-US: Intel CVE-2020-8710 (Buffer overflow in the bootloader for some Intel(R) Server Boards, Ser ...) NOT-FOR-US: Intel CVE-2020-8709 (Improper authentication in socket services for some Intel(R) Server Bo ...) NOT-FOR-US: Intel CVE-2020-8708 (Improper authentication for some Intel(R) Server Boards, Server System ...) NOT-FOR-US: Intel CVE-2020-8707 (Buffer overflow in daemon for some Intel(R) Server Boards, Server Syst ...) NOT-FOR-US: Intel CVE-2020-8706 (Buffer overflow in a daemon for some Intel(R) Server Boards, Server Sy ...) NOT-FOR-US: Intel CVE-2020-8705 (Insecure default initialization of resource in Intel(R) Boot Guard in ...) NOT-FOR-US: Intel CVE-2020-8704 (Race condition in a subsystem in the Intel(R) LMS versions before 2039 ...) NOT-FOR-US: Intel CVE-2020-8703 (Improper buffer restrictions in a subsystem in the Intel(R) CSME versi ...) NOT-FOR-US: Intel CVE-2020-8702 (Uncontrolled search path element in the Intel(R) Processor Diagnostic ...) NOT-FOR-US: Intel CVE-2020-8701 (Incorrect default permissions in installer for the Intel(R) SSD Toolbo ...) NOT-FOR-US: Intel CVE-2020-8700 (Improper input validation in the firmware for some Intel(R) Processors ...) NOT-FOR-US: Intel CVE-2020-8699 RESERVED CVE-2020-8698 (Improper isolation of shared resources in some Intel(R) Processors may ...) {DLA-2546-1} - intel-microcode 3.20201110.1 [buster] - intel-microcode 3.20201118.1~deb10u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html CVE-2020-8697 RESERVED CVE-2020-8696 (Improper removal of sensitive information before storage or transfer i ...) {DLA-2546-1} - intel-microcode 3.20201110.1 [buster] - intel-microcode 3.20201118.1~deb10u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00381.html CVE-2020-8695 (Observable discrepancy in the RAPL interface for some Intel(R) Process ...) {DLA-2546-1} - intel-microcode 3.20201110.1 [buster] - intel-microcode 3.20201118.1~deb10u1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html CVE-2020-8694 (Insufficient access control in the Linux kernel driver for some Intel( ...) {DLA-2494-1 DLA-2483-1} - linux 5.9.9-1 [buster] - linux 4.19.160-1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00389.html NOTE: https://git.kernel.org/linus/949dd0104c496fa7c14991a23c03c62e44637e71 CVE-2020-8693 (Improper buffer restrictions in the firmware of the Intel(R) Ethernet ...) NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) CVE-2020-8692 (Insufficient access control in the firmware of the Intel(R) Ethernet 7 ...) NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) CVE-2020-8691 (A logic issue in the firmware of the Intel(R) Ethernet 700 Series Cont ...) NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) CVE-2020-8690 (Protection mechanism failure in Intel(R) Ethernet 700 Series Controlle ...) NOT-FOR-US: Intel drivers for Ethernet 700 series (apparently for Windows) CVE-2020-8689 (Improper buffer restrictions in the Intel(R) Wireless for Open Source ...) - iwd 1.5-1 [buster] - iwd (Minor issue) NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00379.html CVE-2020-8688 (Improper input validation in the Intel(R) RAID Web Console 3 for Windo ...) NOT-FOR-US: Intel CVE-2020-8687 (Uncontrolled search path in the installer for Intel(R) RSTe Software R ...) NOT-FOR-US: Intel CVE-2020-8686 RESERVED CVE-2020-8685 (Improper authentication in subsystem for Intel (R) LED Manager for NUC ...) NOT-FOR-US: Intel CVE-2020-8684 (Improper access control in firmware for Intel(R) PAC with Arria(R) 10 ...) NOT-FOR-US: Intel CVE-2020-8683 (Improper buffer restrictions in system driver for some Intel(R) Graphi ...) NOT-FOR-US: Intel CVE-2020-8682 (Out of bounds read in system driver for some Intel(R) Graphics Drivers ...) NOT-FOR-US: Intel CVE-2020-8681 (Out of bounds write in system driver for some Intel(R) Graphics Driver ...) NOT-FOR-US: Intel CVE-2020-8680 (Race condition in some Intel(R) Graphics Drivers before version 15.40. ...) NOT-FOR-US: Intel CVE-2020-8679 (Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics D ...) NOT-FOR-US: Intel CVE-2020-8678 (Improper access control for Intel(R) Graphics Drivers before version 1 ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-8677 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...) NOT-FOR-US: Intel CVE-2020-8676 (Improper access control in the Intel(R) Visual Compute Accelerator 2, ...) NOT-FOR-US: Intel CVE-2020-8675 (Insufficient control flow management in firmware build and signing too ...) NOT-FOR-US: Intel CVE-2020-8674 (Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM ...) NOT-FOR-US: Intel CVE-2020-8673 RESERVED CVE-2020-8672 (Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Co ...) NOT-FOR-US: Intel CVE-2020-8671 (Insufficient control flow management in BIOS firmware 8th, 9th Generat ...) NOT-FOR-US: Intel CVE-2020-8670 (Race condition in the firmware for some Intel(R) Processors may allow ...) NOT-FOR-US: Intel CVE-2020-8669 (Improper input validation in the Intel(R) Data Center Manager Console ...) NOT-FOR-US: Intel CVE-2020-8668 RESERVED CVE-2020-8667 RESERVED CVE-2020-8666 RESERVED CVE-2020-8665 RESERVED CVE-2020-8664 (CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS ...) - envoyproxy (bug #987544) CVE-2020-8663 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descr ...) - envoyproxy (bug #987544) CVE-2020-8662 RESERVED CVE-2020-8661 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) - envoyproxy (bug #987544) CVE-2020-8660 (CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could ha ...) - envoyproxy (bug #987544) CVE-2020-8659 (CNCF Envoy through 1.13.0 may consume excessive amounts of memory when ...) - envoyproxy (bug #987544) CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...) NOT-FOR-US: BestWebSoft Htaccess plugin for WordPress CVE-2020-8657 (An issue was discovered in EyesOfNetwork 5.3. The installation uses th ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8656 (An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2. ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8655 (An issue was discovered in EyesOfNetwork 5.3. The sudoers configuratio ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8654 (An issue was discovered in EyesOfNetwork 5.3. An authenticated web use ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-8653 RESERVED CVE-2020-8652 RESERVED CVE-2020-8651 RESERVED CVE-2020-8650 RESERVED CVE-2020-8646 RESERVED CVE-2020-8645 (An issue was discovered in Simplejobscript.com SJS through 1.66. There ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-8644 (PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. ...) NOT-FOR-US: PlaySMS CVE-2020-8643 RESERVED CVE-2020-8642 RESERVED CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...) NOT-FOR-US: Lotus Core CMS CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/07e6124a1a46b4b5a9b3cacc0c306b50da87abf5 CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) {DSA-4698-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/513dc792d6060d5ef572e43852683097a8420f56 CVE-2020-8640 RESERVED CVE-2020-8639 (An unrestricted file upload vulnerability in keywordsImport.php in Tes ...) NOT-FOR-US: TestLink CVE-2020-8638 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) NOT-FOR-US: TestLink CVE-2020-8637 (A SQL injection vulnerability in TestLink 1.9.20 allows attackers to e ...) NOT-FOR-US: TestLink CVE-2020-8636 (An issue was discovered in OpServices OpMon 9.3.2 that allows Remote C ...) NOT-FOR-US: OpServices OpMon CVE-2020-8635 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) NOT-FOR-US: Wing FTP Server CVE-2020-8634 (Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure per ...) NOT-FOR-US: Wing FTP Server CVE-2020-8633 (An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8 ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...) {DLA-2113-1} - cloud-init 19.4-2 (bug #951363) [buster] - cloud-init (Minor issue) [stretch] - cloud-init (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 NOTE: https://github.com/canonical/cloud-init/pull/189 NOTE: https://github.com/canonical/cloud-init/commit/42788bf24a1a0a5421a2d00a7f59b59e38ba1a14 CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...) {DLA-2113-1} - cloud-init 19.4-2 (bug #951362) [buster] - cloud-init (Minor issue) [stretch] - cloud-init (Minor issue) NOTE: https://bugs.launchpad.net/ubuntu/+source/cloud-init/+bug/1860795 NOTE: https://github.com/canonical/cloud-init/pull/204 CVE-2020-8630 REJECTED CVE-2020-8629 REJECTED CVE-2020-8628 REJECTED CVE-2020-8627 REJECTED CVE-2020-8626 REJECTED CVE-2020-8625 (BIND servers are vulnerable if they are running an affected version an ...) {DSA-4857-1 DLA-2568-1} - bind9 1:9.16.12-1 (bug #983004) NOTE: https://kb.isc.org/v1/docs/cve-2020-8625 NOTE: 9.11 branch: https://downloads.isc.org/isc/bind9/9.11.28/patches NOTE: 9.16 branch: https://downloads.isc.org/isc/bind9/9.16.12/patches NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/b04cb88462863d762093760ffcfe1946200e30f5 CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21 ...) {DSA-4752-1} - bind9 1:9.16.6-1 (bug #966497) [stretch] - bind9 (Vulnerable code (dns_ssu_mtypefromstring()) introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8624 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/7630a64141a997b5247d9ad4a7dfff6ac6d9a485 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/5bf457e89a3fdc355aad74140f5e010b42d1df82 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/14aa0c5df65d28cf6aaf437151c6a008afb66fb1 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/e4cccf9668c7adee4724a7649ec64685f82c8677 (v9_11_22) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/393e8f643c02215fa4e6d4edf67be7d77085da0e (v9_11_22) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/58e560beb50873c699f3431cf57e215dc645d7aa (v9_11_22) CVE-2020-8623 (In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3 ...) {DSA-4752-1 DLA-2355-1} - bind9 1:9.16.6-1 NOTE: https://kb.isc.org/docs/cve-2020-8623 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/ac3862a5da95bb07b6cf748b0958175687a9de1d (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab (v9_11_22) CVE-2020-8622 (In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, ...) {DSA-4752-1 DLA-2355-1} - bind9 1:9.16.6-1 NOTE: https://kb.isc.org/docs/cve-2020-8622 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0eec632d6a5a474280017ec949d8a8014612f3b3 (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/6ed167ad0a647dff20c8cb08c944a7967df2d415 (v9_11_22) CVE-2020-8621 (In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is confi ...) - bind9 1:9.16.6-1 [buster] - bind9 (Vulnerable code introduced in 9.14.x) [stretch] - bind9 (Vulnerable code introduced in 9.14.x) NOTE: https://kb.isc.org/docs/cve-2020-8621 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/81514ff925dfc6e0c293745e0fc8320a8af95586 (v9_16_6) CVE-2020-8620 (In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can ...) - bind9 1:9.16.6-1 [buster] - bind9 (Vulnerable code introduced later) [stretch] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8620 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9a372f2bce642545164d2b4408eb6c4e301acc5e (v9_16_6) CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9. ...) {DSA-4752-1} - bind9 1:9.16.4-1 [stretch] - bind9 (Vulnerable code introduced later) [jessie] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8619 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1718 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0854f631149848b64cc193979d0b0edf39159330 (v9_17_3) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/90a7416d1599df7aa1cdfac33b2da9352eeec4b0 (v9_11_21) CVE-2020-8618 (An attacker who is permitted to send zone data to a server via zone tr ...) - bind9 1:9.16.4-1 [buster] - bind9 (Vulnerable code introduced later) [stretch] - bind9 (Vulnerable code introduced later) [jessie] - bind9 (Vulnerable code introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8618 NOTE: https://gitlab.isc.org/isc-projects/bind9/-/issues/1850 CVE-2020-8617 (Using a specially-crafted message, an attacker may potentially cause a ...) {DSA-4689-1 DLA-2227-1} - bind9 1:9.16.3-1 (bug #961939) NOTE: https://kb.isc.org/docs/cve-2020-8617 NOTE: https://kb.isc.org/docs/cve-2020-8617-faq-and-supplemental-information CVE-2020-8616 (A malicious actor who intentionally exploits this lack of effective li ...) {DSA-4689-1 DLA-2227-1} - bind9 1:9.16.3-1 (bug #961939) NOTE: https://kb.isc.org/docs/cve-2020-8616 CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...) NOT-FOR-US: Tutor LMS plugin for WordPress CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An att ...) NOT-FOR-US: Askey devices CVE-2020-8613 RESERVED CVE-2020-8612 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2020-8611 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) NOT-FOR-US: Progress MOVEit Transfer CVE-2020-8610 RESERVED CVE-2020-8609 RESERVED CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...) {DSA-4733-1 DLA-2551-1 DLA-2288-1 DLA-2144-1 DLA-2142-1} - libslirp 4.2.0-1 - qemu 1:4.1-2 - qemu-kvm - slirp 1:1.0.17-11 [buster] - slirp 1:1.0.17-8+deb10u1 - slirp4netns 1.0.1-1 [buster] - slirp4netns (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/68ccb8021a838066f0951d4b2817eb6b6f10a843 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/30648c03b27fb8d9611b723184216cd3174b6775 NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-p3hx-89v2-4r99 CVE-2020-8607 (An input validation vulnerability found in multiple Trend Micro produc ...) NOT-FOR-US: Trend Micro CVE-2020-8606 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8605 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8604 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8603 (A cross-site scripting vulnerability (XSS) in Trend Micro InterScan We ...) NOT-FOR-US: Trend Micro CVE-2020-8602 (A vulnerability in the management consoles of Trend Micro Deep Securit ...) NOT-FOR-US: Trend Micro CVE-2020-8601 (Trend Micro Vulnerability Protection 2.0 is affected by a vulnerabilit ...) NOT-FOR-US: Trend Micro CVE-2020-8600 (Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected ...) NOT-FOR-US: Trend Micro CVE-2020-8599 (Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnera ...) NOT-FOR-US: Trend Micro CVE-2020-8598 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overf ...) {DSA-4632-1 DLA-2097-1} - lwip 2.1.2+dfsg1-5 (bug #951291) [buster] - lwip 2.0.3-3+deb10u1 - ppp 2.4.8-1+1 (bug #950618) NOTE: http://git.savannah.nongnu.org/cgit/lwip.git/commit/?id=2ee3cbe69c6d2805e64e7cac2a1c1706e49ffd86 NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...) NOT-FOR-US: Participants Database plugin for WordPress CVE-2020-8595 (Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and ...) NOT-FOR-US: Istio CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...) NOT-FOR-US: Ninja Forms plugin for WordPress CVE-2020-8593 RESERVED CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...) NOT-FOR-US: eG Manager CVE-2020-8591 (eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLogi ...) NOT-FOR-US: eG Manager CVE-2020-8590 (Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptib ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8589 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8588 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptib ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8587 (OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to ...) NOT-FOR-US: NetApp CVE-2020-8586 RESERVED CVE-2020-8585 (OnCommand Unified Manager Core Package versions prior to 5.2.5 may dis ...) NOT-FOR-US: OnCommand Unified Manager Core Package CVE-2020-8584 (Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulne ...) NOT-FOR-US: Element OS CVE-2020-8583 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...) NOT-FOR-US: HCI CVE-2020-8582 (Element Software versions prior to 12.2 and HCI versions prior to 1.8P ...) NOT-FOR-US: HCI CVE-2020-8581 (Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8580 (SANtricity OS Controller Software versions 11.30 and higher are suscep ...) NOT-FOR-US: SANtricity OS Controller Software CVE-2020-8579 (Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a v ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8578 (Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vul ...) NOT-FOR-US: Clustered Data ONTAP CVE-2020-8577 (SANtricity OS Controller Software versions 11.50.1 and higher are susc ...) NOT-FOR-US: SANtricity OS Controller Software CVE-2020-8576 (Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 a ...) NOT-FOR-US: ONTAP CVE-2020-8575 (Active IQ Unified Manager for VMware vSphere and Windows versions prio ...) NOT-FOR-US: Active IQ Unified Manager CVE-2020-8574 (Active IQ Unified Manager for Linux versions prior to 9.6 ship with th ...) NOT-FOR-US: Active IQ Unified Manager CVE-2020-8573 (The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers ...) NOT-FOR-US: NetApp CVE-2020-8572 (Element OS prior to version 12.0 and Element HealthTools prior to vers ...) NOT-FOR-US: Element OS CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...) NOT-FOR-US: StorageGRID CVE-2020-8570 (Kubernetes Java client libraries in version 10.0.0 and versions prior ...) NOT-FOR-US: Kubernetes Java client CVE-2020-8569 (Kubernetes CSI snapshot-controller prior to v2.1.3 and v3.0.2 could pa ...) NOT-FOR-US: Kubernetes CSI Snapshotter NOTE: https://github.com/kubernetes-csi/external-snapshotter/issues/421 CVE-2020-8568 (Kubernetes Secrets Store CSI Driver versions v0.0.15 and v0.0.16 allow ...) NOT-FOR-US: Kubernetes Secrets Store CSI Driver CVE-2020-8567 (Kubernetes Secrets Store CSI Driver Vault Plugin prior to v0.0.6, Azur ...) NOT-FOR-US: Kubernetes Secrets Store CSI Driver CVE-2020-8566 (In Kubernetes clusters using Ceph RBD as a storage provisioner, with l ...) - kubernetes 1.19.3-1 (bug #972341) NOTE: https://github.com/kubernetes/kubernetes/pull/95245 NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk NOTE: https://github.com/kubernetes/kubernetes/issues/95624 CVE-2020-8565 (In Kubernetes, if the logging level is set to at least 9, authorizatio ...) - kubernetes 1.20.0-1 (bug #972649) NOTE: https://github.com/kubernetes/kubernetes/pull/95316 NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk NOTE: https://github.com/kubernetes/kubernetes/issues/95623 CVE-2020-8564 (In Kubernetes clusters using a logging level of at least 4, processing ...) - kubernetes 1.19.3-1 (bug #972341) NOTE: https://github.com/kubernetes/kubernetes/pull/94712 NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk NOTE: https://github.com/kubernetes/kubernetes/issues/95622 CVE-2020-8563 (In Kubernetes clusters using VSphere as a cloud provider, with a loggi ...) - kubernetes (Only affects 19.x) NOTE: https://github.com/kubernetes/kubernetes/pull/95236 NOTE: https://groups.google.com/g/kubernetes-announce/c/ScdmyORnPDk NOTE: https://github.com/kubernetes/kubernetes/issues/95621 CVE-2020-8562 RESERVED - kubernetes (bug #990793) [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) NOTE: https://www.openwall.com/lists/oss-security/2021/05/04/8 NOTE: Server components no longer built since 1.20.5+really1.20.2-1 CVE-2020-8561 (A security issue was discovered in Kubernetes where actors that contro ...) - kubernetes [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) NOTE: Server components no longer built since 1.20.5+really1.20.2-1 NOTE: https://github.com/kubernetes/kubernetes/issues/104720 CVE-2020-8560 RESERVED CVE-2020-8559 (The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions pri ...) - kubernetes 1.18.5-1 NOTE: https://www.openwall.com/lists/oss-security/2020/07/15/6 CVE-2020-8558 (The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17. ...) - kubernetes 1.18.5-1 NOTE: Issue: https://github.com/kubernetes/kubernetes/issues/90259 NOTE: Upstream fix: https://github.com/kubernetes/kubernetes/pull/91569 CVE-2020-8557 (The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17. ...) - kubernetes 1.18.5-1 NOTE: https://github.com/kubernetes/kubernetes/issues/93032 NOTE: https://github.com/kubernetes/kubernetes/pull/92916 CVE-2020-8556 RESERVED CVE-2020-8555 (The Kubernetes kube-controller-manager in versions v1.0-1.14, versions ...) - kubernetes 1.18.2-1 NOTE: https://github.com/kubernetes/kubernetes/issues/91542 CVE-2020-8554 (Kubernetes API server in all versions allow an attacker who is able to ...) - kubernetes (bug #990793) [bullseye] - kubernetes (Kubernetes in Bullseye only ships the client) NOTE: https://www.openwall.com/lists/oss-security/2020/12/07/5 NOTE: https://github.com/kubernetes/kubernetes/issues/97076 NOTE: Server components no longer built since 1.20.5+really1.20.2-1 CVE-2020-8553 (The Kubernetes ingress-nginx component prior to version 0.28.0 allows ...) NOT-FOR-US: Kubernetes ingress-nginx component CVE-2020-8552 (The Kubernetes API server component in versions prior to 1.15.9, 1.16. ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/89378 CVE-2020-8551 (The Kubelet component in versions 1.15.0-1.15.9, 1.16.0-1.16.6, and 1. ...) - kubernetes 1.17.4-1 NOTE: https://github.com/kubernetes/kubernetes/issues/89377 CVE-2020-8550 RESERVED CVE-2020-8549 (Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPre ...) NOT-FOR-US: Strong Testimonials plugin for WordPress CVE-2020-8548 (massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resu ...) NOT-FOR-US: massCode CVE-2020-8547 (phpList 3.5.0 allows type juggling for admin login bypass because == i ...) - phplist (bug #612288) CVE-2020-8546 RESERVED CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...) NOT-FOR-US: AIL framework CVE-2020-8544 (OX App Suite through 7.10.3 allows SSRF. ...) NOT-FOR-US: OX App Suite CVE-2020-8543 (OX App Suite through 7.10.3 has Improper Input Validation. ...) NOT-FOR-US: OX App Suite CVE-2020-8542 (OX App Suite through 7.10.3 allows XSS. ...) NOT-FOR-US: OX App Suite CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks. ...) NOT-FOR-US: OX App Suite CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8539 (Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.00 ...) NOT-FOR-US: Kia Motors Head Unit with Software CVE-2020-8538 RESERVED CVE-2020-8537 RESERVED CVE-2020-8536 RESERVED CVE-2020-8535 RESERVED CVE-2020-8534 RESERVED CVE-2020-8533 RESERVED CVE-2020-8532 RESERVED CVE-2020-8531 RESERVED CVE-2020-8530 RESERVED CVE-2020-8529 RESERVED CVE-2020-8528 RESERVED CVE-2020-8527 RESERVED CVE-2020-8526 RESERVED CVE-2020-8525 RESERVED CVE-2020-8524 RESERVED CVE-2020-8523 RESERVED CVE-2020-8522 RESERVED CVE-2020-8521 (SQL injection with start and length parameters in Records.php for phpz ...) NOT-FOR-US: phpzag CVE-2020-8520 (SQL injection in order and column parameters in Records.php for phpzag ...) NOT-FOR-US: phpzag CVE-2020-8519 (SQL injection with the search parameter in Records.php for phpzag live ...) NOT-FOR-US: phpzag CVE-2020-8518 (Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary P ...) {DLA-2174-1} - php-horde-data 2.1.5-1 (bug #951537) [buster] - php-horde-data 2.1.4-5+deb10u1 [stretch] - php-horde-data 2.1.4-3+deb9u1 NOTE: https://lists.horde.org/archives/announce/2020/001285.html NOTE: https://github.com/horde/Data/commit/78ad0c2390176cdde7260a271bc6ddd86f4c9c0e CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) - squid 4.10-1 (unimportant) - squid3 (unimportant) NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_3.txt NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-c62d2b43ad4962ea44aa0c5edb4cc99cb83a413d.patch NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch NOTE: Debian binary packages are not build with --enable-external-acl-helpers="[...]LM_group[...". CVE-2020-8516 (** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0 ...) - tor (unimportant) NOTE: Not considered a bug / explicit design choice by upstream NOTE: https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html NOTE: https://trac.torproject.org/projects/tor/ticket/33129 NOTE: http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3. ...) NOT-FOR-US: DrayTek devices CVE-2020-8514 (An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a direc ...) NOT-FOR-US: Rumpus on macOS CVE-2020-8513 RESERVED CVE-2020-8512 (In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webma ...) NOT-FOR-US: IceWarp Webmail Server CVE-2020-8511 (In Artica Pandora FMS through 7.42, Web Admin users can execute arbitr ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8510 (An issue was discovered in phpABook 0.9 Intermediate. On the login pag ...) NOT-FOR-US: phpABook CVE-2020-8509 (Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticat ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...) NOT-FOR-US: Norman Malware Cleaner CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...) NOT-FOR-US: Citytv Video application for Android and iOS CVE-2020-8506 (The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Un ...) NOT-FOR-US: Global TV application for Android and iOS CVE-2020-8505 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) NOT-FOR-US: School Management Software PHP/mySQL CVE-2020-8504 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) NOT-FOR-US: School Management Software PHP/mySQL CVE-2020-8503 (Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.10 ...) NOT-FOR-US: Biscom Secure File Transfer (SFT) CVE-2020-8502 RESERVED CVE-2020-8501 RESERVED CVE-2020-8500 (** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8499 RESERVED CVE-2020-8498 (XSS exists in the shortcode functionality of the GistPress plugin befo ...) NOT-FOR-US: shortcode functionality of the GistPress plugin for WordPress CVE-2020-8497 (In Artica Pandora FMS through 7.42, an unauthenticated attacker can re ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-8496 (In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8495 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8494 (In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8493 (A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) a ...) NOT-FOR-US: Kronos Web Time and Attendance (webTA) CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...) {DLA-2280-1} - python3.8 3.8.3~rc1-1 - python3.7 [buster] - python3.7 3.7.3-2+deb10u2 - python3.5 - python3.4 [jessie] - python3.4 (Minor issue) - python2.7 2.7.18-2 (low; bug #970099) [buster] - python2.7 (Minor issue) [stretch] - python2.7 (Minor issue) [jessie] - python2.7 (Minor issue) NOTE: https://bugs.python.org/issue39503 NOTE: https://github.com/python/cpython/pull/18284 NOTE: https://python-security.readthedocs.io/vuln/urllib-basic-auth-regex.html NOTE: https://github.com/python/cpython/commit/0b297d4ff1c0e4480ad33acae793fbaf4bf015b4 (master) NOTE: https://github.com/python/cpython/commit/ea9e240aa02372440be8024acb110371f69c9d41 (3.8-branch) NOTE: https://github.com/python/cpython/commit/b57a73694e26e8b2391731b5ee0b1be59437388e (3.7-branch) NOTE: https://github.com/python/cpython/commit/69cdeeb93e0830004a495ed854022425b93b3f3e (3.6-branch) CVE-2020-8491 RESERVED CVE-2020-8490 RESERVED CVE-2020-8489 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8488 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8487 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8486 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8485 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8484 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8483 RESERVED CVE-2020-8482 (Insecure storage of sensitive information in ABB Device Library Wizard ...) NOT-FOR-US: ABB CVE-2020-8481 (For ABB products ABB Ability™ System 800xA and related system ex ...) NOT-FOR-US: ABB CVE-2020-8480 RESERVED CVE-2020-8479 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8478 (Insufficient protection of the inter-process communication functions i ...) NOT-FOR-US: ABB CVE-2020-8477 (The installations for ABB System 800xA Information Manager versions 5. ...) NOT-FOR-US: ABB CVE-2020-8476 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8475 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8474 (Weak Registry permissions in ABB System 800xA Base allow low privilege ...) NOT-FOR-US: ABB CVE-2020-8473 (Insufficient folder permissions used by system functions in ABB System ...) NOT-FOR-US: ABB CVE-2020-8472 (Insufficient folder permissions used by system functions in ABB System ...) NOT-FOR-US: ABB CVE-2020-8471 (For the Central Licensing Server component used in ABB products ABB Ab ...) NOT-FOR-US: ABB CVE-2020-8470 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8469 (Trend Micro Password Manager for Windows version 5.0 is affected by a ...) NOT-FOR-US: Trend Micro CVE-2020-8468 (Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Sec ...) NOT-FOR-US: Trend Micro CVE-2020-8467 (A migration tool component of Trend Micro Apex One (2019) and OfficeSc ...) NOT-FOR-US: Trend Micro CVE-2020-8466 (A command injection vulnerability in Trend Micro InterScan Web Securit ...) NOT-FOR-US: Trend Micro CVE-2020-8465 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8464 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8463 (A vulnerability in Trend Micro InterScan Web Security Virtual Applianc ...) NOT-FOR-US: Trend Micro CVE-2020-8462 (A cross-site scripting (XSS) vulnerability in Trend Micro InterScan We ...) NOT-FOR-US: Trend Micro CVE-2020-8461 (A CSRF protection bypass vulnerability in Trend Micro InterScan Web Se ...) NOT-FOR-US: Trend Micro CVE-2020-8460 RESERVED CVE-2020-8459 RESERVED CVE-2020-8458 RESERVED CVE-2020-8457 RESERVED CVE-2020-8456 RESERVED CVE-2020-8455 RESERVED CVE-2020-8454 RESERVED CVE-2020-8453 RESERVED CVE-2020-8452 RESERVED CVE-2020-8451 RESERVED CVE-2020-8450 (An issue was discovered in Squid before 4.10. Due to incorrect buffer ...) {DSA-4682-1 DLA-2278-1} - squid 4.10-1 (bug #950802) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) CVE-2020-8449 (An issue was discovered in Squid before 4.10. Due to incorrect input v ...) {DSA-4682-1 DLA-2278-1} - squid 4.10-1 (bug #950802) - squid3 NOTE: http://www.squid-cache.org/Advisories/SQUID-2020_1.txt NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2020_1.patch (Squid 3.5) NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_1.patch (Squid 4.8 and older) NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-b3a0719affab099c684f1cd62b79ab02816fa962.patch (Squid 4.9) CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8446 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8445 (In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-ana ...) - ossec-hids (bug #361954) CVE-2020-8444 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8441 (JYaml through 1.3 allows remote code execution during deserialization ...) NOT-FOR-US: JYaml CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-8439 (Monstra CMS through 3.0.4 allows remote authenticated users to take ov ...) NOT-FOR-US: Monstra CMS CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...) NOT-FOR-US: Ruckus devices CVE-2020-8437 (The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505 ...) NOT-FOR-US: uTorrent CVE-2020-8436 (XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPre ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-8435 (An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for Wo ...) NOT-FOR-US: RegistrationMagic plugin for WordPress CVE-2020-8434 (Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 ...) NOT-FOR-US: Jenzabar JICS (aka Internet Campus Solution) CVE-2020-8433 RESERVED CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...) - u-boot 2020.01+dfsg-2 (low) [buster] - u-boot (Minor issue) [stretch] - u-boot (Minor issue) [jessie] - u-boot (Minor issue) NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396799.html NOTE: https://lists.denx.de/pipermail/u-boot/2020-January/396853.html CVE-2020-8431 RESERVED CVE-2020-8430 (Stormshield Network Security 310 3.7.10 devices have an auth/lang.html ...) NOT-FOR-US: Stormshield Network Security 310 CVE-2020-8429 (The Admin web application in Kinetica 7.0.9.2.20191118151947 does not ...) NOT-FOR-US: Kinetica CVE-2020-8427 (In Unitrends Backup before 10.4.1, an HTTP request parameter was not p ...) NOT-FOR-US: Kaseya Traverse CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...) NOT-FOR-US: Elementor plugin for WordPress CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8423 (A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmwa ...) NOT-FOR-US: TP-Link CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...) NOT-FOR-US: Zoho ManageEngine CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...) NOT-FOR-US: Joomla! CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...) NOT-FOR-US: Joomla! CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...) NOT-FOR-US: Joomla! CVE-2020-8418 RESERVED CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) NOT-FOR-US: Code Snippets plugin for WordPress CVE-2020-8416 (IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial ...) NOT-FOR-US: BearFTP CVE-2020-8415 REJECTED CVE-2020-8414 REJECTED CVE-2020-8413 REJECTED CVE-2020-8412 REJECTED CVE-2020-8411 REJECTED CVE-2020-8410 REJECTED CVE-2020-8409 REJECTED CVE-2020-8408 REJECTED CVE-2020-8407 REJECTED CVE-2020-8406 REJECTED CVE-2020-8405 REJECTED CVE-2020-8404 REJECTED CVE-2020-8403 REJECTED CVE-2020-8402 REJECTED CVE-2020-8401 REJECTED CVE-2020-8400 REJECTED CVE-2020-8399 REJECTED CVE-2020-8398 REJECTED CVE-2020-8397 REJECTED CVE-2020-8396 REJECTED CVE-2020-8395 REJECTED CVE-2020-8394 REJECTED CVE-2020-8393 REJECTED CVE-2020-8392 REJECTED CVE-2020-8391 REJECTED CVE-2020-8390 REJECTED CVE-2020-8389 REJECTED CVE-2020-8388 REJECTED CVE-2020-8387 REJECTED CVE-2020-8386 REJECTED CVE-2020-8385 REJECTED CVE-2020-8384 REJECTED CVE-2020-8383 REJECTED CVE-2020-8382 REJECTED CVE-2020-8381 REJECTED CVE-2020-8380 REJECTED CVE-2020-8379 REJECTED CVE-2020-8378 REJECTED CVE-2020-8377 REJECTED CVE-2020-8376 REJECTED CVE-2020-8375 REJECTED CVE-2020-8374 REJECTED CVE-2020-8373 REJECTED CVE-2020-8372 REJECTED CVE-2020-8371 REJECTED CVE-2020-8370 REJECTED CVE-2020-8369 REJECTED CVE-2020-8368 REJECTED CVE-2020-8367 REJECTED CVE-2020-8366 REJECTED CVE-2020-8365 REJECTED CVE-2020-8364 REJECTED CVE-2020-8363 REJECTED CVE-2020-8362 REJECTED CVE-2020-8361 REJECTED CVE-2020-8360 REJECTED CVE-2020-8359 REJECTED CVE-2020-8358 REJECTED CVE-2020-8357 (A denial of service vulnerability was reported in Lenovo PCManager, pr ...) NOT-FOR-US: Lenovo CVE-2020-8356 (An internal product security audit of LXCO, prior to version 1.2.2, di ...) NOT-FOR-US: Lenovo CVE-2020-8355 (An internal product security audit of Lenovo XClarity Administrator (L ...) NOT-FOR-US: Lenovo CVE-2020-8354 (A potential vulnerability in the SMI callback function used in the Var ...) NOT-FOR-US: Lenovo CVE-2020-8353 (Prior to August 10, 2020, some Lenovo Desktop and Workstation systems ...) NOT-FOR-US: Lenovo CVE-2020-8352 (In some Lenovo Desktop models, the Configuration Change Detection BIOS ...) NOT-FOR-US: Lenovo CVE-2020-8351 (A privilege escalation vulnerability was reported in Lenovo PCManager ...) NOT-FOR-US: Lenovo PCManager CVE-2020-8350 (An authentication bypass vulnerability was reported in Lenovo ThinkPad ...) NOT-FOR-US: Lenovo CVE-2020-8349 (An internal security review has identified an unauthenticated remote c ...) NOT-FOR-US: Lenovo CVE-2020-8348 (A DOM-based cross-site scripting (XSS) vulnerability was reported in L ...) NOT-FOR-US: Lenovo CVE-2020-8347 (A reflective cross-site scripting (XSS) vulnerability was reported in ...) NOT-FOR-US: Lenovo CVE-2020-8346 (A denial of service vulnerability was reported in the Lenovo Vantage c ...) NOT-FOR-US: Lenovo CVE-2020-8345 (A DLL search path vulnerability was reported in the Lenovo HardwareSca ...) NOT-FOR-US: Lenovo CVE-2020-8344 REJECTED CVE-2020-8343 REJECTED CVE-2020-8342 (A race condition vulnerability was reported in Lenovo System Update pr ...) NOT-FOR-US: Lenovo CVE-2020-8341 (In Lenovo systems, SMM BIOS Write Protection is used to prevent writes ...) NOT-FOR-US: Lenovo CVE-2020-8340 (A cross-site scripting (XSS) vulnerability was discovered in the legac ...) NOT-FOR-US: IBM CVE-2020-8339 (A cross-site scripting inclusion (XSSI) vulnerability was reported in ...) NOT-FOR-US: IBM CVE-2020-8338 (A DLL search path vulnerability was reported in Lenovo Diagnostics pri ...) NOT-FOR-US: Lenovo CVE-2020-8337 (An unquoted search path vulnerability was reported in versions prior t ...) NOT-FOR-US: Synaptics Smart Audio UWP app CVE-2020-8336 (Lenovo implemented Intel CSME Anti-rollback ARB protections on some Th ...) NOT-FOR-US: Lenovo CVE-2020-8335 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) NOT-FOR-US: Lenovo CVE-2020-8334 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) NOT-FOR-US: Lenovo CVE-2020-8333 (A potential vulnerability in the SMI callback function used in the EEP ...) NOT-FOR-US: Lenovo CVE-2020-8332 (A potential vulnerability in the SMI callback function used in the leg ...) NOT-FOR-US: Lenovo CVE-2020-8331 REJECTED CVE-2020-8330 (A denial of service vulnerability was reported in the firmware prior t ...) NOT-FOR-US: Lenovo CVE-2020-8329 (A denial of service vulnerability was reported in the firmware prior t ...) NOT-FOR-US: Lenovo CVE-2020-8328 REJECTED CVE-2020-8327 (A privilege escalation vulnerability was reported in LenovoBatteryGaug ...) NOT-FOR-US: Lenovo CVE-2020-8326 (An unquoted service path vulnerability was reported in Lenovo Drivers ...) NOT-FOR-US: Lenovo CVE-2020-8325 REJECTED CVE-2020-8324 (A vulnerability was reported in LenovoAppScenarioPluginSystem for Leno ...) NOT-FOR-US: Lenovo CVE-2020-8323 (A potential vulnerability in the SMI callback function used in the Leg ...) NOT-FOR-US: Lenovo CVE-2020-8322 (A potential vulnerability in the SMI callback function used in the Leg ...) NOT-FOR-US: Lenovo CVE-2020-8321 (A potential vulnerability in the SMI callback function used in the Sys ...) NOT-FOR-US: Lenovo CVE-2020-8320 (An internal shell was included in BIOS image in some ThinkPad models t ...) NOT-FOR-US: Lenovo CVE-2020-8319 (A privilege escalation vulnerability was reported in Lenovo System Int ...) NOT-FOR-US: Lenovo CVE-2020-8318 (A privilege escalation vulnerability was reported in the LenovoSystemU ...) NOT-FOR-US: Lenovo CVE-2020-8317 (A DLL search path vulnerability was reported in Lenovo Drivers Managem ...) NOT-FOR-US: Lenovo CVE-2020-8316 (A vulnerability was reported in Lenovo Vantage prior to version 10.200 ...) NOT-FOR-US: Lenovo CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...) {DSA-4698-1 DSA-4667-1 DLA-2242-1} - linux 5.4.19-1 [jessie] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6 CVE-2020-8315 (In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 thr ...) - python3.8 (Windows-specific) - python3.7 (Windows-specific) NOTE: https://bugs.python.org/issue39401 CVE-2020-8314 RESERVED CVE-2020-8313 RESERVED CVE-2020-8312 RESERVED CVE-2020-8311 RESERVED CVE-2020-8310 RESERVED CVE-2020-8309 RESERVED CVE-2020-8308 RESERVED CVE-2020-8307 RESERVED CVE-2020-8306 RESERVED CVE-2020-8305 RESERVED CVE-2020-8304 RESERVED CVE-2020-8303 RESERVED CVE-2020-8302 RESERVED CVE-2020-8301 RESERVED CVE-2020-8300 (Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, ...) NOT-FOR-US: Citrix CVE-2020-8299 (Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-6 ...) NOT-FOR-US: Citrix CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command injection b ...) NOT-FOR-US: Node fs-path CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...) - nextcloud-server (bug #941708) CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...) - nextcloud-server (bug #941708) CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 1 ...) - nextcloud-server (bug #941708) CVE-2020-8293 (A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, ...) - nextcloud-server (bug #941708) CVE-2020-8292 (Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scr ...) NOT-FOR-US: Rocket.Chat CVE-2020-8291 (A link preview rendering issue in Rocket.Chat versions before 3.9 coul ...) NOT-FOR-US: Rocket.Chat CVE-2020-8290 (Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer ...) NOT-FOR-US: Backblaze CVE-2020-8289 (Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before ...) NOT-FOR-US: Backblaze CVE-2020-8288 (The `specializedRendering` function in Rocket.Chat server before 3.9.2 ...) NOT-FOR-US: Rocket.Chat CVE-2020-8287 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two co ...) {DSA-4826-1} - nodejs 12.20.1~dfsg-1 (bug #979364) [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/release/v10.23.1/ NOTE: https://github.com/nodejs/node/commit/fc70ce08f5818a286fb5899a1bc3aff5965a745e (v10.23.1) CVE-2020-8286 (curl 7.41.0 through 7.73.0 is vulnerable to an improper check for cert ...) {DSA-4881-1 DLA-2500-1} - curl 7.74.0-1 (bug #977161) NOTE: https://curl.se/docs/CVE-2020-8286.html NOTE: https://github.com/curl/curl/commit/d9d01672785b8ac04aab1abb6de95fe3072ae199 (curl-7_74_0) CVE-2020-8285 (curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recu ...) {DSA-4881-1 DLA-2500-1} - curl 7.74.0-1 (bug #977162) NOTE: https://curl.se/docs/CVE-2020-8285.html NOTE: https://github.com/curl/curl/issues/6255 NOTE: https://github.com/curl/curl/commit/69a358f2186e04cf44698b5100332cbf1ee7f01d (curl-7_74_0) CVE-2020-8284 (A malicious server can use the FTP PASV response to trick curl 7.73.0 ...) {DSA-4881-1 DLA-2500-1} - curl 7.74.0-1 (bug #977163) NOTE: https://curl.se/docs/CVE-2020-8284.html NOTE: https://github.com/curl/curl/commit/ec9cc725d598ac77de7b6df8afeec292b3c8ad46 (curl-7_74_0) CVE-2020-8283 (An authorised user on a Windows host running Citrix Universal Print Se ...) NOT-FOR-US: Citrix CVE-2020-8282 (A security issue was found in EdgePower 24V/54V firmware v1.7.0 and ea ...) NOT-FOR-US: EdgePower 24V/54V firmware CVE-2020-8281 (A missing file type check in Nextcloud Contacts 3.3.0 allows a malicio ...) NOT-FOR-US: Nextcloud Contacts CVE-2020-8280 (A missing file type check in Nextcloud Contacts 3.4.0 allows a malicio ...) NOT-FOR-US: Nextcloud Contacts CVE-2020-8279 (Missing validation of server certificates for out-going connections in ...) NOT-FOR-US: Nextcloud Social app CVE-2020-8278 (Improper access control in Nextcloud Social app version 0.3.1 allowed ...) NOT-FOR-US: Nextcloud Social app CVE-2020-8277 (A Node.js application that allows an attacker to trigger a DNS request ...) - c-ares 1.17.1-1 [buster] - c-ares (Introduced in 1.16) [stretch] - c-ares (Introduced in 1.16) NOTE: Originally reported for nodes, which bundles c-ares: https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/#denial-of-service-through-dns-request-cve-2020-8277 NOTE: Fix in c-ares: https://github.com/c-ares/c-ares/commit/0d252eb3b2147179296a3bdb4ef97883c97c54d3 NOTE: Introduced in https://github.com/c-ares/c-ares/commit/7d3591ee8a1a63e7748e68e6d880bd1763a32885 CVE-2020-8276 (The implementation of Brave Desktop's privacy-preserving analytics sys ...) - brave-browser (bug #864795) CVE-2020-8275 (Citrix Secure Mail for Android before 20.11.0 suffers from improper ac ...) NOT-FOR-US: Citrix CVE-2020-8274 (Citrix Secure Mail for Android before 20.11.0 suffers from Improper Co ...) NOT-FOR-US: Citrix CVE-2020-8273 (Privilege escalation of an authenticated user to root in Citrix SD-WAN ...) NOT-FOR-US: Citrix SD-WAN center CVE-2020-8272 (Authentication Bypass resulting in exposure of SD-WAN functionality in ...) NOT-FOR-US: Citrix SD-WAN Center CVE-2020-8271 (Unauthenticated remote code execution with root privileges in Citrix S ...) NOT-FOR-US: Citrix SD-WAN Center CVE-2020-8270 (An unprivileged Windows user on the VDA or an SMB user can perform arb ...) NOT-FOR-US: Citrix CVE-2020-8269 (An unprivileged Windows user on the VDA can perform arbitrary command ...) NOT-FOR-US: Citrix CVE-2020-8268 (Prototype pollution vulnerability in json8-merge-patch npm package < ...) NOT-FOR-US: Node json8-merge-patch CVE-2020-8267 (A security issue was found in UniFi Protect controller v1.14.10 and ea ...) NOT-FOR-US: UniFi Protect controller CVE-2020-8266 RESERVED CVE-2020-8265 (Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerab ...) {DSA-4826-1} - nodejs 12.20.1~dfsg-1 (bug #979364) [stretch] - nodejs (Nodejs in stretch not covered by security support) NOTE: https://nodejs.org/en/blog/release/v10.23.1/ NOTE: https://github.com/nodejs/node/commit/7f178663ebffc82c9f8a5a1b6bf2da0c263a30ed (v10.23.1) CVE-2020-8264 (In actionpack gem >= 6.0.0, a possible XSS vulnerability exists whe ...) - rails 2:6.0.3.4+dfsg-1 (bug #971988) [buster] - rails (Vulnerable code not present) [stretch] - rails (Vulnerable code not present) NOTE: https://groups.google.com/g/rubyonrails-security/c/yQzUVfv42jk/m/oJWw-xhNAQAJ CVE-2020-8263 (A vulnerability in the authenticated user web interface of Pulse Conne ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-8262 (A vulnerability in the Pulse Connect Secure / Pulse Policy Secure belo ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure CVE-2020-8261 (A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure / Pulse Policy Secure CVE-2020-8260 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web inter ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-8259 (Insufficient protection of the server-side encryption keys in Nextclou ...) - nextcloud-server (bug #941708) CVE-2020-8258 (Improper privilege management on services run by Citrix Gateway Plug-i ...) NOT-FOR-US: Citrix CVE-2020-8257 (Improper privilege management on services run by Citrix Gateway Plug-i ...) NOT-FOR-US: Citrix CVE-2020-8256 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web int ...) NOT-FOR-US: Pulse Connect Secure CVE-2020-8255 (A vulnerability in the Pulse Connect Secure < 9.1R9 admin web inter ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure CVE-2020-8254 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remo ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...) NOT-FOR-US: Citrix CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18.4, an ...) - libuv1 1.39.0-1 (unimportant) [stretch] - libuv1 (Vulnerable code introduced later) NOTE: https://hackerone.com/reports/965914 NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead NOTE: of the bundled one. NOTE: https://github.com/libuv/libuv/issues/2965 NOTE: Introduced by: https://github.com/libuv/libuv/commit/b56d279b172fbe78dee2fb1d29cae9c9c5c6d1c4 (v1.24.0) NOTE: Fixed by: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd (v1.39.0) NOTE: Broken path in uv__fs_realpath() only taken when libuv1 build in NOTE: pre-POSIX.2008 mode (defined(_POSIX_VERSION) && _POSIX_VERSION < 200809L). CVE-2020-8251 (Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) att ...) - nodejs (Only affects 14.x series) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251 CVE-2020-8250 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8249 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8248 (A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) NOT-FOR-US: Citrix CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) NOT-FOR-US: Citrix CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before ...) NOT-FOR-US: Citrix CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, &l ...) {DLA-2698-1} - node-bl 4.0.3-1 (bug #969309) [buster] - node-bl 1.1.2-1+deb10u1 NOTE: https://hackerone.com/reports/966347 NOTE: https://github.com/rvagg/bl/commit/d3e240e3b8ba4048d3c76ef5fb9dd1f8872d3190 CVE-2020-8243 (A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web int ...) NOT-FOR-US: Pulse Connect Secure CVE-2020-8242 RESERVED CVE-2020-8241 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could al ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8240 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8239 (A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulne ...) NOT-FOR-US: Pulse Secure Pulse Connect Secure Desktop Client CVE-2020-8238 (A vulnerability in the authenticated user web interface of Pulse Conne ...) NOT-FOR-US: Pulse Connect Secure CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lead to ...) NOT-FOR-US: Node json-bigint CVE-2020-8236 (A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the ...) - nextcloud-server (bug #941708) CVE-2020-8235 (Missing access control in Nextcloud Deck 1.0.4 caused an insecure dire ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8234 (A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 w ...) NOT-FOR-US: EdgeMax EdgeSwitch firmware CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware <v1 ...) NOT-FOR-US: Edgeswitch CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...) NOT-FOR-US: Edgeswitch CVE-2020-8231 (Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can us ...) {DSA-4881-1 DLA-2382-1} - curl 7.72.0-1 (bug #968831) NOTE: https://curl.haxx.se/docs/CVE-2020-8231.html NOTE: https://github.com/curl/curl/pull/5824 NOTE: https://github.com/curl/curl/commit/3c9e021f86872baae412a427e807fbfa2f3e8 CVE-2020-8230 (A memory corruption vulnerability exists in NextCloud Desktop Client v ...) - nextcloud-desktop (Windows-specific) CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop Clie ...) - nextcloud-desktop (Windows-specific) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-034 NOTE: Windows-specific code in shell_integration/windows/OCUtil NOTE: https://hackerone.com/reports/588562 CVE-2020-8228 (A missing rate limit in the Preferred Providers app 1.7.0 allowed an a ...) NOT-FOR-US: Preferred Providers app CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Client ...) - nextcloud-desktop 3.0.1-1 [buster] - nextcloud-desktop (Minor issue) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-032 NOTE: https://hackerone.com/reports/685552 CVE-2020-8226 (A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allow ...) NOT-FOR-US: phpBB CVE-2020-8225 (A cleartext storage of sensitive information in Nextcloud Desktop Clie ...) - nextcloud-desktop 3.0.1-1 [buster] - nextcloud-desktop (Minor issue) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-031 CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...) - nextcloud-desktop (Windows-specific) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030 NOTE: https://hackerone.com/reports/622170 CVE-2020-8223 (A logic error in Nextcloud Server 19.0.0 caused a privilege escalation ...) - nextcloud-server (bug #941708) CVE-2020-8222 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R ...) NOT-FOR-US: Pulse CVE-2020-8221 (A path traversal vulnerability exists in Pulse Connect Secure <9.1R ...) NOT-FOR-US: Pulse CVE-2020-8220 (A denial of service vulnerability exists in Pulse Connect Secure <9 ...) NOT-FOR-US: Pulse CVE-2020-8219 (An insufficient permission check vulnerability exists in Pulse Connect ...) NOT-FOR-US: Pulse CVE-2020-8218 (A code injection vulnerability exists in Pulse Connect Secure <9.1R ...) NOT-FOR-US: Pulse CVE-2020-8217 (A cross site scripting (XSS) vulnerability in Pulse Connect Secure < ...) NOT-FOR-US: Pulse CVE-2020-8216 (An information disclosure vulnerability in meeting of Pulse Connect Se ...) NOT-FOR-US: Pulse CVE-2020-8215 (A buffer overflow is present in canvas version <= 1.6.9, which coul ...) NOT-FOR-US: Node canvas CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an atta ...) NOT-FOR-US: servey CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect before v ...) NOT-FOR-US: UniFi Protect CVE-2020-8212 (Improper access control in Citrix XenMobile Server 10.12 before RP3, C ...) NOT-FOR-US: Citrix CVE-2020-8211 (Improper input validation in Citrix XenMobile Server 10.12 before RP3, ...) NOT-FOR-US: Citrix CVE-2020-8210 (Insufficient protection of secrets in Citrix XenMobile Server 10.12 be ...) NOT-FOR-US: Citrix CVE-2020-8209 (Improper access control in Citrix XenMobile Server 10.12 before RP2, C ...) NOT-FOR-US: Citrix CVE-2020-8208 (Improper input validation in Citrix XenMobile Server 10.12 before RP1, ...) NOT-FOR-US: Citrix CVE-2020-8207 (Improper access control in Citrix Workspace app for Windows 1912 CU1 a ...) NOT-FOR-US: Citrix CVE-2020-8206 (An improper authentication vulnerability exists in Pulse Connect Secur ...) NOT-FOR-US: Pulse CVE-2020-8205 (The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable ...) NOT-FOR-US: Node uppy CVE-2020-8204 (A cross site scripting (XSS) vulnerability exists in Pulse Connect Sec ...) NOT-FOR-US: Pulse CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash before ...) - node-lodash 4.17.19+dfsg-1 (bug #965283) [buster] - node-lodash (Minor issue; can be fixed via point release) [stretch] - node-lodash (Nodejs in stretch not covered by security support) NOTE: https://hackerone.com/reports/712065 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...) NOT-FOR-US: Nextcloud Preferred Providers app CVE-2020-8201 (Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP d ...) - nodejs 12.18.4~dfsg-1 [buster] - nodejs (Only affects 12.x and later) [stretch] - nodejs (Only affects 12.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201 CVE-2020-8200 (Improper authentication in Citrix StoreFront Server < 1912.0.1000 a ...) NOT-FOR-US: Citrix CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...) NOT-FOR-US: Citrix CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8197 (Privilege escalation vulnerability on Citrix ADC and Citrix Gateway ve ...) NOT-FOR-US: Citrix CVE-2020-8196 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) NOT-FOR-US: Citrix CVE-2020-8195 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8194 (Reflected code injection in Citrix ADC and Citrix Gateway versions bef ...) NOT-FOR-US: Citrix CVE-2020-8193 (Improper access control in Citrix ADC and Citrix Gateway versions befo ...) NOT-FOR-US: Citrix CVE-2020-8192 (A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0 ...) NOT-FOR-US: Node fastify CVE-2020-8191 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8190 (Incorrect file permissions in Citrix ADC and Citrix Gateway before ver ...) NOT-FOR-US: Citrix CVE-2020-8189 (A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed ...) - nextcloud-desktop 3.0.1-1 [buster] - nextcloud-desktop (Minor issue) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-027 CVE-2020-8188 (We have recently released new version of UniFi Protect firmware v1.13. ...) NOT-FOR-US: UniFi Protect CVE-2020-8187 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) NOT-FOR-US: Citrix CVE-2020-8186 (A command injection vulnerability in the `devcert` module may lead to ...) NOT-FOR-US: Node devcert CVE-2020-8185 (A denial of service vulnerability exists in Rails <6.0.3.2 that all ...) [experimental] - rails 6.0.3.2+dfsg-1 (bug #964081) - rails (Introduced in rails 6.x) NOTE: https://groups.google.com/g/rubyonrails-security/c/pAe9EV8gbM0 CVE-2020-8184 (A reliance on cookies without validation/integrity check security vuln ...) {DLA-2275-1} - ruby-rack 2.1.1-6 (bug #963477) [buster] - ruby-rack (Minor issue) NOTE: https://hackerone.com/reports/895727 NOTE: Fixed by: https://github.com/rack/rack/commit/1f5763de6a9fe515ff84992b343d63c88104654c CVE-2020-8183 (A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of ...) - nextcloud-server (bug #941708) CVE-2020-8182 (Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8181 (A missing file type check in Nextcloud Contacts 3.2.0 allowed a malici ...) NOT-FOR-US: Nextcloud Contacts CVE-2020-8180 (A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a cod ...) NOT-FOR-US: Nextcloud Talk CVE-2020-8179 (Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8178 (Insufficient input validation in npm package `jison` <= 0.4.18 may ...) - node-jison (Vulnerable code not included in Debian source) NOTE: https://hackerone.com/reports/690010 NOTE: ports/ is stripped/excluded in the src:node-jison source package. CVE-2020-8177 (curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of na ...) {DSA-4881-1 DLA-2295-1} - curl 7.72.0-1 (bug #965281) NOTE: https://curl.haxx.se/docs/CVE-2020-8177.html NOTE: https://github.com/curl/curl/commit/8236aba58542c5f89f1d41ca09d84579efb05e22 (7.71.0) CVE-2020-8176 (A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.6 ...) NOT-FOR-US: koa-shopify-auth CVE-2020-8175 (Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow ...) NOT-FOR-US: Node jimp CVE-2020-8174 (napi_get_value_string_*() allows various kinds of memory corruption in ...) {DSA-4696-1} - nodejs 10.21.0~dfsg-1 (bug #962145) [stretch] - nodejs (Nodejs in stretch not covered by security support) [jessie] - nodejs (Nodejs in jessie not covered by security support) NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#napi_get_value_string_-allows-various-kinds-of-memory-corruption-high-cve-2020-8174 CVE-2020-8173 (A too small set of random characters being used for encryption in Next ...) - nextcloud-server (bug #941708) CVE-2020-8172 (TLS session reuse can lead to host certificate verification bypass in ...) - nodejs (Only affects 12.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/june-2020-security-releases/#tls-session-reuse-can-lead-to-host-certificate-verification-bypass-high-cve-2020-8172 CVE-2020-8171 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS CVE-2020-8170 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS CVE-2020-8169 (curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure ...) {DSA-4881-1} - curl 7.72.0-1 (bug #965280) [stretch] - curl (Vulnerable code introduced later) [jessie] - curl (Vulnerable code introduced later) NOTE: https://curl.haxx.se/docs/CVE-2020-8169.html NOTE: https://github.com/curl/curl/commit/600a8cded447cd7118ed50142c576567c0cf5158 (7.71.0) CVE-2020-8168 (We have recently released new version of AirMax AirOS firmware v6.3.0 ...) NOT-FOR-US: AirMax AirOS CVE-2020-8167 (A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that ...) {DSA-4766-1} - rails 2:5.2.4.3+dfsg-1 [stretch] - rails (Vulnerable code introduced later) [jessie] - rails (Vulnerable code introduced later) NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/fbc7bec074b5ef9ae22f79ca5d9bafec7b276dd3 (5.2) CVE-2020-8166 (A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6. ...) {DSA-4766-1} - rails 2:5.2.4.3+dfsg-1 [stretch] - rails (Vulnerable code introduced later) [jessie] - rails (Vulnerable code introduced later) NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/d124f19287f4892c72ca54da728a781591c6fca1 (5.2) NOTE: per-form CSRF token introduced in 5.x: https://github.com/rails/rails/commit/3e98819e20bc113343d4d4c0df614865ad5a9d3a CVE-2020-8165 (A deserialization of untrusted data vulnernerability exists in rails & ...) {DSA-4766-1 DLA-2282-1 DLA-2251-1} - rails 2:5.2.4.3+dfsg-1 NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/f7e077f85e61fc0b7381963eda0ceb0e457546b5 (MemCache backend) (5.2) NOTE: https://github.com/rails/rails/commit/467e3399c9007996c03ffe3212689d48dd25ae99 (Redis backend) (5.2) NOTE: Redis backend introduced in 5.2: https://github.com/rails/rails/commit/9f8ec3535247ac41a9c92e84ddc7a3b771bc318b CVE-2020-8164 (A deserialization of untrusted data vulnerability exists in rails < ...) {DSA-4766-1 DLA-2282-1 DLA-2251-1} [experimental] - rails 2:6.0.3.1+dfsg-1 - rails 2:5.2.4.3+dfsg-1 NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/7a3ee4fea90b7555f8d09c6c05c15fe7ab5a06ec (5.2) CVE-2020-8163 (The is a code injection vulnerability in versions of Rails prior to 5. ...) {DLA-2282-1} - rails 2:5.2.0+dfsg-2 NOTE: https://weblog.rubyonrails.org/2020/5/15/Rails-4-2-11-2-has-been-released/ NOTE: https://weblog.rubyonrails.org/2020/5/16/rails-4-2-11-3-has-been-released/ NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/hWuKcHyoKh0 NOTE: https://github.com/rails/rails/commit/4c46a15e0a7815ca9e4cd7c7fda042eb8c1b7724 (4.2.11.2) NOTE: Follow-up needed due to breaking change: https://github.com/rails/rails/issues/39301 NOTE: https://github.com/rails/rails/commit/1f3db0ad793441a0c00e85d56228fc80aafbe6c1 (4.2.11.3) NOTE: Follow-up #2: NOTE: https://github.com/rails/rails/commit/0ecaaf76d1b79cf2717cdac754e55b4114ad6599 (4-2-stable) NOTE: For rails 5.0 the issue is fixed in >= 5.0.1 CVE-2020-8162 (A client side enforcement of server side security vulnerability exists ...) {DSA-4766-1} - rails 2:5.2.4.3+dfsg-1 [stretch] - rails (Vulnerable code introduced later) [jessie] - rails (Vulnerable code introduced later) NOTE: https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released NOTE: https://github.com/rails/rails/commit/e8df5648515a0e8324d3b3c4bdb7bde6802cd8be (5.2) CVE-2020-8161 (A directory traversal vulnerability exists in rack < 2.2.0 that all ...) {DLA-2275-1 DLA-2216-1} - ruby-rack 2.1.1-5 [buster] - ruby-rack (Minor issue; can be fixed via point release) NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/IOO1vNZTzPA/Ylzi1UYLAAAJ NOTE: Fixed by: https://github.com/rack/rack/commit/dddb7ad18ed79ca6ab06ccc417a169fde451246e NOTE: Required followup: https://github.com/rack/rack/commit/e7ba1b0557d3ad97af1ef113bbeb5f27417983fa NOTE: Test: https://github.com/rack/rack/commit/775c836bdd25b63340399fea739532d746860a94 CVE-2020-8160 (MendixSSO <= 2.1.1 contains endpoints that make use of the openid h ...) NOT-FOR-US: MendixSSO CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2.1 th ...) {DLA-2719-1} - ruby-actionpack-page-caching 1.2.2-1 (bug #960680) [buster] - ruby-actionpack-page-caching (Minor issue) NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 NOTE: https://github.com/rails/actionpack-page_caching/commit/127da70a559bed4fc573fdb4a6d498a7d5815ce2 (v1.2.1) NOTE: https://github.com/rails/actionpack-page_caching/commit/bf4aab113f90a0c5182009709d5115a1d5772608 (v1.2.2) CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package < 0.2.25 m ...) NOT-FOR-US: TypeORM CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...) NOT-FOR-US: UniFi Cloud Key CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...) NOT-FOR-US: Nextcloud Mail CVE-2020-8155 (An outdated 3rd party library in the Files PDF viewer for Nextcloud Se ...) - nextcloud-server (bug #941708) CVE-2020-8154 (An Insecure direct object reference vulnerability in Nextcloud Server ...) - nextcloud-server (bug #941708) CVE-2020-8153 (Improper access control in Groupfolders app 4.0.3 allowed to delete hi ...) NOT-FOR-US: Nextcloud Groupfolders app CVE-2020-8152 (Insufficient protection of the server-side encryption keys in Nextclou ...) - nextcloud-server (bug #941708) CVE-2020-8151 (There is a possible information disclosure issue in Active Resource &l ...) - rails (Vulnerable code splitted out upstream before initial upload to Debian) NOTE: ActiveResource was extracted to a separate gem in starting in the 4.0 rails NOTE: release as it was not widely used. CVE-2020-8150 (A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker t ...) - nextcloud-server (bug #941708) CVE-2020-8149 (Lack of output sanitization allowed an attack to execute arbitrary she ...) NOT-FOR-US: Node logkitty CVE-2020-8148 (UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enab ...) NOT-FOR-US: UniFi Cloud Key firmware CVE-2020-8147 (Flaw in input validation in npm package utils-extend version 1.0.8 and ...) NOT-FOR-US: Node utils-extend CVE-2020-8146 (In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privi ...) NOT-FOR-US: UniFi CVE-2020-8145 (The UniFi Video Server (Windows) web interface configuration restore f ...) NOT-FOR-US: UniFi CVE-2020-8144 (The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web i ...) NOT-FOR-US: UniFi CVE-2020-8143 (An Open Redirect vulnerability was discovered in Revive Adserver versi ...) NOT-FOR-US: Revive Adserver CVE-2020-8142 (A security restriction bypass vulnerability has been discovered in Rev ...) NOT-FOR-US: Revive Adserver CVE-2020-8141 (The dot package v1.1.2 uses Function() to compile templates. This can ...) - node-dot 1.1.3+ds-1 [buster] - node-dot 1.1.1-1+deb10u1 NOTE: https://hackerone.com/reports/390929 CVE-2020-8140 (A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed t ...) - nextcloud-desktop (MacOS-specific) CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1, < 1 ...) - nextcloud-server (bug #941708) CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server < 1 ...) - nextcloud-server (bug #941708) CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...) NOT-FOR-US: Node blamer CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5 allo ...) NOT-FOR-US: Node fastify-multipart CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request ...) NOT-FOR-US: Node uppy CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...) NOT-FOR-US: Ghost CMS CVE-2020-8133 (A wrong generation of the passphrase for the encrypted block in Nextcl ...) - nextcloud-server (bug #941708) CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...) NOT-FOR-US: Node pdf-image package CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...) - node-yarnpkg 1.22.4-2 (bug #952912) [buster] - node-yarnpkg (Minor issue) NOTE: https://hackerone.com/reports/730239 NOTE: https://github.com/yarnpkg/yarn/pull/7831 CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake < 12.3. ...) {DLA-2120-1} - rake 12.3.3-1 [buster] - rake 12.3.1-3+deb10u1 [stretch] - rake 10.5.0-2+deb9u1 NOTE: https://hackerone.com/reports/651518 NOTE: Fixed by: https://github.com/ruby/rake/commit/5b8f8fc41a5d7d7d6a5d767e48464c60884d3aee (v12.3.3) CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...) NOT-FOR-US: script-manager nodejs module CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities ...) NOT-FOR-US: jsreport CVE-2020-8127 (Insufficient validation in cross-origin communication (postMessage) in ...) NOT-FOR-US: reveal.js CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...) NOT-FOR-US: Ubiquiti Networks EdgeSwitch CVE-2020-8125 (Flaw in input validation in npm package klona version 1.1.0 and earlie ...) NOT-FOR-US: klona node module CVE-2020-8124 (Insufficient validation and sanitization of user input exists in url-p ...) - node-url-parse 1.4.7-1 [buster] - node-url-parse 1.2.0-2+deb10u1 [stretch] - node-url-parse (Nodejs in stretch not covered by security support) NOTE: https://github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b NOTE: https://hackerone.com/reports/496293 CVE-2020-8123 (A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that ...) NOT-FOR-US: strapi CVE-2020-8122 (A missing check in Nextcloud Server 14.0.3 could give recipient the po ...) - nextcloud-server (bug #941708) CVE-2020-8121 (A bug in Nextcloud Server 14.0.4 could expose more data in reshared li ...) - nextcloud-server (bug #941708) CVE-2020-8120 (A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16. ...) - nextcloud-server (bug #941708) CVE-2020-8119 (Improper authorization in Nextcloud server 17.0.0 causes leaking of pr ...) - nextcloud-server (bug #941708) CVE-2020-8118 (An authenticated server-side request forgery in Nextcloud server 16.0. ...) - nextcloud-server (bug #941708) CVE-2020-8117 (Improper preservation of permissions in Nextcloud Server 14.0.3 causes ...) - nextcloud-server (bug #941708) CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package versions bef ...) - node-dot-prop 5.2.0-1 [buster] - node-dot-prop 4.1.1-1+deb10u1 NOTE: https://hackerone.com/reports/719856 NOTE: https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2 CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...) NOT-FOR-US: Revive Adserver CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...) - gitlab (Only affects Gitlab EE) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-8113 (GitLab 10.7 and later through 12.7.2 has Incorrect Access Control. ...) [experimental] - gitlab 12.6.8-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/03/04/gitlab-12-dot-8-dot-2-released/ CVE-2020-8112 (opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through ...) {DSA-4882-1 DLA-2277-1 DLA-2089-1} - openjpeg2 2.4.0-1 (bug #950184) NOTE: https://github.com/uclouvain/openjpeg/issues/1231 NOTE: https://github.com/rouault/openjpeg/commit/05f9b91e60debda0e83977e5e63b2e66486f7074 (v2.4.0) CVE-2020-8111 REJECTED CVE-2020-8110 (A vulnerability has been discovered in the ceva_emu.cvd module that re ...) NOT-FOR-US: Bitdefender CVE-2020-8109 (A vulnerability has been discovered in the ace.xmd parser that results ...) NOT-FOR-US: Bitdefender CVE-2020-8108 (Improper Authentication vulnerability in Bitdefender Endpoint Security ...) NOT-FOR-US: Bitdefender CVE-2020-8107 RESERVED CVE-2020-8106 REJECTED CVE-2020-8105 RESERVED CVE-2020-8104 RESERVED CVE-2020-8103 (A vulnerability in the improper handling of symbolic links in Bitdefen ...) NOT-FOR-US: Bitdefender Antivirus Free CVE-2020-8102 (Improper Input Validation vulnerability in the Safepay browser compone ...) NOT-FOR-US: Safepay CVE-2020-8101 (Improper Neutralization of Special Elements used in a Command ('Comman ...) NOT-FOR-US: Bitdefender CVE-2020-8100 (Improper Input Validation vulnerability in the cevakrnl.rv0 module as ...) NOT-FOR-US: Bitdefender CVE-2020-8099 (A vulnerability in the improper handling of junctions in Bitdefender A ...) NOT-FOR-US: Bitdefender Antivirus Free CVE-2020-8098 RESERVED CVE-2020-8097 (An improper authentication vulnerability in Bitdefender Endpoint Secur ...) NOT-FOR-US: Bitdefender CVE-2020-8096 (Untrusted Search Path vulnerability in Bitdefender High-Level Antimalw ...) NOT-FOR-US: Bitdefender CVE-2020-8095 (A vulnerability in the improper handling of junctions before deletion ...) NOT-FOR-US: Bitdefender Total Security CVE-2020-8094 RESERVED CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...) NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...) NOT-FOR-US: Bitdefender Antivirus for Mac CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...) NOT-FOR-US: TYPO3 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) NOT-FOR-US: A1 WLAN Box ADB VV2220v2 devices CVE-2020-8089 (Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to th ...) - piwigo CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login bypass ...) NOT-FOR-US: UseBB CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...) NOT-FOR-US: SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices CVE-2020-8086 (The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01 ...) {DSA-4612-1} - prosody-modules 0.0~hg20200128.09e7e880e056+dfsg-1 NOTE: https://hg.prosody.im/prosody-modules/rev/f2b29183ef08 NOTE: https://prosody.im/security/advisory_20200128/ CVE-2020-8085 RESERVED CVE-2020-8084 RESERVED CVE-2020-8083 RESERVED CVE-2020-8082 RESERVED CVE-2020-8081 RESERVED CVE-2020-8080 RESERVED CVE-2020-8079 RESERVED CVE-2020-8078 RESERVED CVE-2020-8077 RESERVED CVE-2020-8076 RESERVED CVE-2020-8075 RESERVED CVE-2020-8074 RESERVED CVE-2020-8073 RESERVED CVE-2020-8072 RESERVED CVE-2020-8071 RESERVED CVE-2020-8070 RESERVED CVE-2020-8069 RESERVED CVE-2020-8068 RESERVED CVE-2020-8067 RESERVED CVE-2020-8066 RESERVED CVE-2020-8065 RESERVED CVE-2020-8064 RESERVED CVE-2020-8063 RESERVED CVE-2020-8062 RESERVED CVE-2020-8061 RESERVED CVE-2020-8060 RESERVED CVE-2020-8059 RESERVED CVE-2020-8058 RESERVED CVE-2020-8057 RESERVED CVE-2020-8056 RESERVED CVE-2020-8055 RESERVED CVE-2020-8054 RESERVED CVE-2020-8053 RESERVED CVE-2020-8052 RESERVED CVE-2020-8051 RESERVED CVE-2020-8050 RESERVED CVE-2020-8049 RESERVED CVE-2020-8048 RESERVED CVE-2020-8047 RESERVED CVE-2020-8046 RESERVED CVE-2020-8045 RESERVED CVE-2020-8044 RESERVED CVE-2020-8043 RESERVED CVE-2020-8042 RESERVED CVE-2020-8041 RESERVED CVE-2020-8040 RESERVED CVE-2020-8039 RESERVED CVE-2020-8038 RESERVED CVE-2020-8037 (The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a l ...) {DLA-2444-1} - tcpdump 4.9.3-7 (unimportant; bug #973877) [buster] - tcpdump 4.9.3-1~deb10u2 NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/32027e199368dad9508965aae8cd8de5b6ab5231 CVE-2020-8036 (The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SO ...) - tcpdump (Vulnerable code and support for SOME/IP protocol added later) NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/e2256b4f2506102be2c6f7976f84f0d607c53d43 CVE-2020-8035 (The image view functionality in Horde Groupware Webmail Edition before ...) {DLA-2230-1} - php-horde 5.2.23+debian0-1 (bug #963809) [buster] - php-horde 5.2.20+debian0-1+deb10u2 [stretch] - php-horde 5.2.13+debian0-1+deb9u2 NOTE: https://github.com/horde/base/commit/64127fe3c2b9843c9760218e59dae9731cc56bdf NOTE: https://lists.horde.org/archives/announce/2020/001290.html CVE-2020-8034 (Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.2 ...) {DLA-2229-1} - php-horde-gollem 3.0.12-6 (bug #961649) [buster] - php-horde-gollem 3.0.12-3+deb10u1 [stretch] - php-horde-gollem 3.0.10-1+deb9u1 NOTE: https://lists.horde.org/archives/announce/2020/001289.html NOTE: https://github.com/horde/gollem/commit/a73bef1aef27d4cbfc7b939c2a81dea69aabb083 CVE-2020-8033 (Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Nam ...) NOT-FOR-US: Ruckus CVE-2020-8032 (A Insecure Temporary File vulnerability in the packaging of cyrus-sasl ...) - cyrus-sasl2 (openSUSE specific packaging issue) CVE-2020-8031 (A Improper Neutralization of Input During Web Page Generation ('Cross- ...) - open-build-service (bug #983576) [stretch] - open-build-service (Minor issue, XSS in web app) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1178880 CVE-2020-8030 (A Insecure Temporary File vulnerability in skuba of SUSE CaaS Platform ...) NOT-FOR-US: SuSE CaaS CVE-2020-8029 (A Incorrect Permission Assignment for Critical Resource vulnerability ...) NOT-FOR-US: SuSE CaaS CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...) NOT-FOR-US: Salt configuration in SUSE Server Manager CVE-2020-8027 (A Insecure Temporary File vulnerability in openldap2 of SUSE Linux Ent ...) NOT-FOR-US: SAP CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) - inn2 (inews has correct ownership in Debian) CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the permis ...) NOT-FOR-US: SAP CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging of hyla ...) - hylafax (SuSE-specific packaging issue) CVE-2020-8023 (A acceptance of Extraneous Untrusted Data With Trusted Data vulnerabil ...) NOT-FOR-US: SAP CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...) NOT-FOR-US: SAP CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...) {DLA-2545-1} - open-build-service (bug #983576) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171649 NOTE: https://github.com/openSUSE/open-build-service/commit/7323c904f86ba9e04065c23422d06c03647589fb CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...) {DLA-2545-1} - open-build-service (bug #983576) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1171439 NOTE: https://github.com/openSUSE/open-build-service/commit/7cc32c8e2ff7290698e101d9a80a9dc29a5500fb CVE-2020-8019 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) NOT-FOR-US: SAP CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...) NOT-FOR-US: Some SLES images CVE-2020-8017 (A Race Condition Enabling Link Following vulnerability in the cron job ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8016 (A Race Condition Enabling Link Following vulnerability in the packagin ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8015 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) NOT-FOR-US: SuSE packaging of TexLive CVE-2020-8014 (A UNIX Symbolic Link (Symlink) Following vulnerability in the packagin ...) - kopanocore (SuSE-specific packaging issue) CVE-2020-8013 (A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of S ...) NOT-FOR-US: chkstat CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9 ...) NOT-FOR-US: CA Unified Infrastructure Management (Nimsoft/UIM) CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...) NOT-FOR-US: AVB MOTU devices CVE-2020-8008 RESERVED CVE-2020-8007 RESERVED CVE-2020-8006 RESERVED CVE-2020-8005 RESERVED CVE-2020-8004 (STMicroelectronics STM32F1 devices have Incorrect Access Control. ...) NOT-FOR-US: STMicroelectronics STM32F1 devices CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...) - virglrenderer 0.8.2-1 (bug #949954) [buster] - virglrenderer (Minor issue) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42 CVE-2020-8002 (A NULL pointer dereference in vrend_renderer.c in virglrenderer throug ...) - virglrenderer 0.8.2-1 (bug #949954) [buster] - virglrenderer (Minor issue) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/63bcca251f093d83da7e290ab4bbd38ae69089b5 CVE-2020-8001 (The Intellian Aptus application 1.0.2 for Android has a hardcoded pass ...) NOT-FOR-US: Intellian Aptus application for Android CVE-2020-8000 (Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7999 (The Intellian Aptus application 1.0.2 for Android has hardcoded values ...) NOT-FOR-US: Intellian Aptus application for Android CVE-2020-7998 (An arbitrary file upload vulnerability has been discovered in the Supe ...) NOT-FOR-US: Super File Explorer app for iOS CVE-2020-7997 (ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Na ...) NOT-FOR-US: ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices CVE-2020-7996 (htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via th ...) - dolibarr CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allow ...) - dolibarr CVE-2020-7994 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 ...) - dolibarr CVE-2020-7993 (Prototype 1.6.0.1 allows remote authenticated users to forge ticket cr ...) NOT-FOR-US: Prototype node module CVE-2020-7992 RESERVED CVE-2020-7991 (Adive Framework 2.0.8 has admin/config CSRF to change the Administrato ...) NOT-FOR-US: Adive Framework CVE-2020-7990 (Adive Framework 2.0.8 has admin/user/add userName XSS. ...) NOT-FOR-US: Adive Framework CVE-2020-7989 (Adive Framework 2.0.8 has admin/user/add userUsername XSS. ...) NOT-FOR-US: Adive Framework CVE-2020-7988 (An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4 ...) NOT-FOR-US: phpIPAM CVE-2020-7987 RESERVED CVE-2020-7986 RESERVED CVE-2020-7985 RESERVED CVE-2020-7984 (SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allow ...) NOT-FOR-US: SolarWinds CVE-2020-7983 (A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows re ...) NOT-FOR-US: Ruckus CVE-2020-7982 (An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and ...) NOT-FOR-US: OpenWrt CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection whe ...) - ruby-geocoder 1.5.1-3 (bug #949870) NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web CVE-2020-7979 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...) - gitlab (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7978 (GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. ...) - gitlab (Only affects Gitlab EE 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7977 (GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. ...) - gitlab (Only affects Gitlab EE 8.8 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7976 (GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. ...) - gitlab (Only affects Gitlab EE 12.4 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7975 REJECTED CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure. ...) - gitlab (Only affects Gitlab EE 10.1 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7973 (GitLab through 12.7.2 allows XSS. ...) [experimental] - gitlab 12.6.7-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). ...) - gitlab (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS. ...) - gitlab (Only affects Gitlab EE 11.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7970 RESERVED CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. ...) - gitlab (Only affects Gitlab EE 8.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. ...) [experimental] - gitlab 12.6.7-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). ...) - gitlab (ONly affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7966 (GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. ...) - gitlab (Only affects Gitlab EE 11.11 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...) NOT-FOR-US: webargs CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect ...) NOT-FOR-US: Mirumee Saleor CVE-2020-7963 RESERVED CVE-2020-7962 (An issue was discovered in One Identity Password Manager 5.8. An attac ...) NOT-FOR-US: One Identity Password Manager CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE ...) NOT-FOR-US: Liferay Portal CVE-2020-7960 RESERVED CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...) NOT-FOR-US: LabVantage LIMS CVE-2020-7958 (An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. ...) NOT-FOR-US: OnePlus 7 Pro devices CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...) - dovecot (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/2 CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...) - nomad 0.10.3+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7003 CVE-2020-7955 (HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...) - consul 1.7.0+dfsg1-1 (bug #950736) [buster] - consul (Minor issue) NOTE: https://github.com/hashicorp/consul/issues/7160 NOTE: Fixed in 1.6.3. CVE-2020-7954 (An issue was discovered in OpServices OpMon 9.3.2. Starting from the a ...) NOT-FOR-US: OpServices OpMon CVE-2020-7953 (An issue was discovered in OpServices OpMon 9.3.2. Without authenticat ...) NOT-FOR-US: OpServices OpMon CVE-2020-7952 (rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attacke ...) NOT-FOR-US: rendersystemdx9.dll in Valve Dota 2 CVE-2020-7951 (meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to ...) NOT-FOR-US: Dota 2 CVE-2020-7950 (meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to ...) NOT-FOR-US: Dota 2 CVE-2020-7949 (schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers ...) NOT-FOR-US: Dota 2 CVE-2020-7948 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-7947 (An issue was discovered in the Login by Auth0 plugin before 4.0.0 for ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-7946 RESERVED CVE-2020-7945 (Local registry credentials were included directly in the CD4PE deploym ...) NOT-FOR-US: Puppet Enterprise CVE-2020-7944 (In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, cha ...) NOT-FOR-US: Puppet Enterprise CVE-2020-7943 (Puppet Server and PuppetDB provide useful performance and debugging in ...) - puppet (Doesn't affect Puppet masters (passenger-based) in Debian) - puppetdb (low) [buster] - puppetdb (Minor issue) NOTE: https://puppet.com/security/cve/CVE-2020-7943/ NOTE: https://github.com/puppetlabs/puppet_metrics_dashboard/pull/92 CVE-2020-7942 (Previously, Puppet operated on a model that a node with a valid certif ...) - puppet (unimportant) NOTE: This CVE assignment is for switching the default setting of strict_hostname_checking, NOTE: the option is available in older Puppet releases (such as 4.8 from Stretch) NOTE: https://puppet.com/security/cve/CVE-2020-7942/ CVE-2020-7941 (A privilege escalation issue in plone.app.contenttypes in Plone 4.3 th ...) NOT-FOR-US: Plone CVE-2020-7940 (Missing password strength checks on some forms in Plone 4.3 through 5. ...) NOT-FOR-US: Plone CVE-2020-7939 (SQL Injection in DTML or in connection objects in Plone 4.0 through 5. ...) NOT-FOR-US: Plone CVE-2020-7938 (plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain ...) NOT-FOR-US: Plone CVE-2020-7937 (An XSS issue in the title field in Plone 5.0 through 5.2.1 allows user ...) NOT-FOR-US: Plone CVE-2020-7936 (An open redirect on the login form (and possibly other places) in Plon ...) NOT-FOR-US: Plone CVE-2020-7935 (Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execu ...) NOT-FOR-US: Artica Pandora FMS CVE-2020-7934 (In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle N ...) NOT-FOR-US: LifeRay Portal CVE-2020-7933 RESERVED CVE-2020-7932 (OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g. ...) NOT-FOR-US: OMERO CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...) NOT-FOR-US: JFrog Artifactory CVE-2020-7930 RESERVED CVE-2020-7929 (A user authorized to perform database queries may trigger denial of se ...) - mongodb [stretch] - mongodb (https://lists.debian.org/debian-lts/2020/11/msg00058.html) NOTE: https://jira.mongodb.org/browse/SERVER-51083 CVE-2020-7928 (A user authorized to perform database queries may trigger a read overr ...) - mongodb [stretch] - mongodb (Vulnerable code introduced later) NOTE: https://jira.mongodb.org/browse/SERVER-49404 NOTE: https://github.com/mongodb/mongo/commit/e10ce2e779cd17c9ba217c49740cffd2bef72694 (v3.6.20, SSPL) NOTE: Introduced by: https://github.com/mongodb/mongo/commit/5b8b1ca6364342d5a1bf21ec6c707edfae0f3555 (v3.5.5) CVE-2020-7927 (Specially crafted API calls may allow an authenticated user who holds ...) NOT-FOR-US: MongoDB Ops Manager CVE-2020-7926 (A user authorized to perform database queries may cause denial of serv ...) - mongodb [stretch] - mongodb (Minor issue, authenticated DoS) NOTE: https://jira.mongodb.org/browse/SERVER-50170 NOTE: https://github.com/mongodb/mongo/commit/859ec65c84f201e7aa687865633a2fa34e318174 (v4.4.1, SSPL) CVE-2020-7925 (Incorrect validation of user input in the role name parser may lead to ...) - mongodb [stretch] - mongodb (Vulnerable code introduced later) NOTE: https://jira.mongodb.org/browse/SERVER-49142 NOTE: https://github.com/mongodb/mongo/commit/8fbd1af03310704de68c22163900636f58f7eba8 (v3.6.19) NOTE: Introduced by: https://github.com/mongodb/mongo/commit/3ca76fd569c94de72c4daf6eef27fbf9bf51233b (v3.6.18) CVE-2020-7924 (Usage of specific command line parameter in MongoDB Tools which was or ...) - mongo-tools (bug #988021) [buster] - mongo-tools (Minor issue) [stretch] - mongo-tools (Minor issue) NOTE: https://jira.mongodb.org/browse/TOOLS-2587 CVE-2020-7923 (A user authorized to perform database queries may cause denial of serv ...) {DLA-2344-1} - mongodb NOTE: https://jira.mongodb.org/browse/SERVER-47773 CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...) NOT-FOR-US: MongoDB Enterprise CVE-2020-7921 (Improper serialization of internal state in the authorization subsyste ...) - mongodb [stretch] - mongodb (Minor issue) [jessie] - mongodb (Minor issue) NOTE: https://jira.mongodb.org/browse/SERVER-45472 CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...) NOT-FOR-US: Percona Monitoring and Management (PMM) CVE-2020-7919 (Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte ...) {DSA-4848-1} - golang-1.14 1.14~rc1-1 - golang-1.13 1.13.7-1 - golang-1.11 - golang-1.8 [stretch] - golang-1.8 (cryptobyte stuff introduced in golang-1.10) - golang-1.7 [stretch] - golang-1.7 (cryptobyte stuff introduced in golang-1.10) - golang NOTE: https://github.com/golang/go/issues/36837 NOTE: https://github.com/golang/go/commit/b13ce14c4a6aa59b7b041ad2b6eed2d23e15b574 (master) NOTE: https://github.com/golang/go/issues/36838 (Go 1.13) NOTE: https://github.com/golang/go/commit/f938e06d0623d0e1de202575d16f1e126741f6e0 (go1.13.7) CVE-2020-7918 (An insecure direct object reference in webmail in totemo totemomail 7. ...) NOT-FOR-US: totemo totemomail CVE-2020-7917 RESERVED CVE-2020-7916 (be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 ...) NOT-FOR-US: LearnPress plugin for WordPress CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...) NOT-FOR-US: Eaton devices CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...) - intellij-idea (bug #747616) CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...) NOT-FOR-US: JetBrains CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could ...) NOT-FOR-US: JetBrains CVE-2020-7911 (In JetBrains TeamCity before 2019.2, several user-level pages were vul ...) NOT-FOR-US: JetBrains CVE-2020-7910 (JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack ...) NOT-FOR-US: JetBrains CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwords co ...) NOT-FOR-US: JetBrains CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...) NOT-FOR-US: JetBrains CVE-2020-7907 (In the JetBrains Scala plugin before 2019.2.1, some artefact dependenc ...) NOT-FOR-US: JetBrains Scala plugin CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...) NOT-FOR-US: JetBrains CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...) - intellij-idea (bug #747616) CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...) - intellij-idea (bug #747616) CVE-2020-7903 RESERVED CVE-2020-7902 RESERVED CVE-2020-7901 RESERVED CVE-2020-7900 RESERVED CVE-2020-7899 RESERVED CVE-2020-7898 RESERVED CVE-2020-7897 RESERVED CVE-2020-7896 RESERVED CVE-2020-7895 RESERVED CVE-2020-7894 RESERVED CVE-2020-7893 RESERVED CVE-2020-7892 RESERVED CVE-2020-7891 RESERVED CVE-2020-7890 RESERVED CVE-2020-7889 RESERVED CVE-2020-7888 RESERVED CVE-2020-7887 RESERVED CVE-2020-7886 RESERVED CVE-2020-7885 RESERVED CVE-2020-7884 RESERVED CVE-2020-7883 RESERVED CVE-2020-7882 (Using the parameter of getPFXFolderList function, attackers can see th ...) NOT-FOR-US: anySign CVE-2020-7881 (The vulnerability function is enabled when the streamer service relate ...) NOT-FOR-US: AfreecaTV CVE-2020-7880 (The vulnerabilty was discovered in ActiveX module related to NeoRS rem ...) NOT-FOR-US: duozone NeoRS remote support CVE-2020-7879 (This issue was discovered when the ipTIME C200 IP Camera was synchroni ...) NOT-FOR-US: ipTIME C200 IP Camera CVE-2020-7878 RESERVED CVE-2020-7877 (A buffer overflow issue was discovered in ZOOK solution(remote adminis ...) NOT-FOR-US: ZOOK CVE-2020-7876 RESERVED CVE-2020-7875 (DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, w ...) NOT-FOR-US: DEXT5 Upload CVE-2020-7874 (Download of code without integrity check vulnerability in NEXACRO14 Ru ...) NOT-FOR-US: NEXACRO14 Runtime ActiveX control of tobesoft CVE-2020-7873 (Download of code without integrity check vulnerability in ActiveX cont ...) NOT-FOR-US: Younglimwon CVE-2020-7872 (DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vuln ...) NOT-FOR-US: DaviewIndy CVE-2020-7871 (A vulnerability of Helpcom could allow an unauthenticated attacker to ...) NOT-FOR-US: Cnesty Helpcom CVE-2020-7870 (A memory corruption vulnerability exists when ezPDF improperly handles ...) NOT-FOR-US: ezPDF CVE-2020-7869 (An improper input validation vulnerability of ZOOK software (remote ad ...) NOT-FOR-US: ZOOK software CVE-2020-7868 (A remote code execution vulnerability exists in helpUS(remote administ ...) NOT-FOR-US: helpUS(remote administration tool) CVE-2020-7867 (An improper input validation vulnerability in Helpu solution could all ...) NOT-FOR-US: Helpu CVE-2020-7866 (When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, ...) NOT-FOR-US: XPLATFORM CVE-2020-7865 (A vulnerability(improper input validation) in the ExECM CoreB2B soluti ...) NOT-FOR-US: ExECM CoreB2B CVE-2020-7864 (Parameter manipulation can bypass authentication to cause file upload ...) NOT-FOR-US: Raonwiz DEXT5Editor CVE-2020-7863 (A vulnerability in File Transfer Solution of Raonwiz could allow arbit ...) NOT-FOR-US: Raonwiz CVE-2020-7862 (A vulnerability in agent program of HelpU remote control solution coul ...) NOT-FOR-US: HelpU remote control solution CVE-2020-7861 (AnySupport (Remote support solution) before 2019.3.21.0 allows directo ...) NOT-FOR-US: AnySupport CVE-2020-7860 (UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, ...) NOT-FOR-US: UnEgg CVE-2020-7859 REJECTED CVE-2020-7858 (There is a directory traversing vulnerability in the download page url ...) NOT-FOR-US: AquaNPlayer CVE-2020-7857 (A vulnerability of XPlatform could allow an unauthenticated attacker t ...) NOT-FOR-US: XPlatform CVE-2020-7856 (A vulnerability of Helpcom could allow an unauthenticated attacker to ...) NOT-FOR-US: Helpcom CVE-2020-7855 RESERVED CVE-2020-7854 RESERVED CVE-2020-7853 (An outbound read/write vulnerability exists in XPLATFORM that does not ...) NOT-FOR-US: XPLATFORM CVE-2020-7852 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...) NOT-FOR-US: DaviewIndy CVE-2020-7851 (Innorix Web-Based File Transfer Solution versuibs prior to and includi ...) NOT-FOR-US: Innorix CVE-2020-7850 (NBBDownloader.ocx ActiveX Control in Groupware contains a vulnerabilit ...) NOT-FOR-US: NBBDownloader.ocx ActiveX Control in Groupware CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) could a ...) NOT-FOR-US: uPrism.io CURIX CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...) NOT-FOR-US: EFM ipTIME C200 IP Camera CVE-2020-7847 (The ipTIME NAS product allows an arbitrary file upload vulnerability i ...) NOT-FOR-US: ipTIME NAS product CVE-2020-7846 (Helpcom before v10.0 contains a file download and execution vulnerabil ...) NOT-FOR-US: Helpcom CVE-2020-7845 (Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerabi ...) NOT-FOR-US: Spamsniper CVE-2020-7844 RESERVED CVE-2020-7843 RESERVED CVE-2020-7842 (Improper Input validation vulnerability exists in Netis Korea D'live A ...) NOT-FOR-US: Netis Korea D'live AP CVE-2020-7841 (Improper input validation vulnerability exists in TOBESOFT XPLATFORM w ...) NOT-FOR-US: TOBESOFT XPLATFORM CVE-2020-7840 RESERVED CVE-2020-7839 (In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability c ...) NOT-FOR-US: MaEPSBroker CVE-2020-7838 (A arbitrary code execution vulnerability exists in the way that the St ...) NOT-FOR-US: Smilegate STOVE Client CVE-2020-7837 (An issue was discovered in ML Report Program. There is a stack-based b ...) NOT-FOR-US: ML Report Program CVE-2020-7836 (VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-ba ...) NOT-FOR-US: VOICEYE WSActiveBridgeES CVE-2020-7835 RESERVED CVE-2020-7834 RESERVED CVE-2020-7833 RESERVED CVE-2020-7832 (A vulnerability (improper input validation) in the DEXT5 Upload soluti ...) NOT-FOR-US: DEXT5 Upload CVE-2020-7831 (A vulnerability in the web-based contract management service interface ...) NOT-FOR-US: Inogard Ebiz4u CVE-2020-7830 (RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability tha ...) NOT-FOR-US: RAONWIZ CVE-2020-7829 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) NOT-FOR-US: DaviewIndy CVE-2020-7828 (DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vuln ...) NOT-FOR-US: DaviewIndy CVE-2020-7827 (DaviewIndy 8.98.7 and earlier version contain Use-After-Free vulnerabi ...) NOT-FOR-US: DaviewIndy CVE-2020-7826 (EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a ...) NOT-FOR-US: EyeSurfer BflyInstallerX.ocx CVE-2020-7825 (A vulnerability exists that could allow the execution of operating sys ...) NOT-FOR-US: MiPlatform CVE-2020-7824 (A vulnerability in the web-based management interface of iPECS could a ...) NOT-FOR-US: iPECS CVE-2020-7823 (DaviewIndy has a Memory corruption vulnerability, triggered when the u ...) NOT-FOR-US: DaviewIndy CVE-2020-7822 (DaviewIndy has a Heap-based overflow vulnerability, triggered when the ...) NOT-FOR-US: DaviewIndy CVE-2020-7821 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a ...) NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library CVE-2020-7820 (Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a ...) NOT-FOR-US: Nexacro14/17 ExtCommonApiV13 Library CVE-2020-7819 (A SQL-Injection vulnerability in the nTracker USB Enterprise(secure US ...) NOT-FOR-US: nTracker USB Enterprise CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, ...) NOT-FOR-US: Daview CVE-2020-7817 (MyBrowserPlus downloads the files needed to run the program through th ...) NOT-FOR-US: MyBrowserPlus CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...) NOT-FOR-US: DaView CVE-2020-7815 (XPLATFORM v9.2.260 and eariler versions contain a vulnerability that c ...) NOT-FOR-US: XPLATFORM CVE-2020-7814 (RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability tha ...) NOT-FOR-US: RAONWIZ CVE-2020-7813 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) NOT-FOR-US: Kaoni CVE-2020-7812 (Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prio ...) NOT-FOR-US: Kaoni ezHTTPTrans CVE-2020-7811 (Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows priv ...) NOT-FOR-US: Samsung CVE-2020-7810 (hslogin2.dll ActiveX Control in Groupware contains a vulnerability tha ...) NOT-FOR-US: hslogin2.dll ActiveX Control in Groupware CVE-2020-7809 (ALSong 3.46 and earlier version contain a Document Object Model (DOM) ...) NOT-FOR-US: ALSong CVE-2020-7808 (In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processin ...) NOT-FOR-US: RAONWIZ K Upload CVE-2020-7807 (A vulnerability that can hijack a DLL file that is loaded during produ ...) NOT-FOR-US: LG CVE-2020-7806 (Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary cod ...) NOT-FOR-US: Tobesoft Xplatform CVE-2020-7805 (An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) an ...) NOT-FOR-US: KT Slim egg IML500 wifi devices CVE-2020-7804 (ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, ...) NOT-FOR-US: Handy Groupware CVE-2020-7803 (IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, versio ...) NOT-FOR-US: Zoneplayer CVE-2020-7802 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7801 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7800 (The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with fir ...) NOT-FOR-US: Synergy Systems & Solutions (SSS) CVE-2020-7799 (An issue was discovered in FusionAuth before 1.11.0. An authenticated ...) NOT-FOR-US: FusionAuth CVE-2020-7798 RESERVED CVE-2020-7797 RESERVED CVE-2020-7796 (Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF whe ...) NOT-FOR-US: Zimbra Collaboration Suite (ZCS) CVE-2020-7795 RESERVED CVE-2020-7794 (This affects all versions of package buns. The injection point is loca ...) NOT-FOR-US: Node buns CVE-2020-7793 (The package ua-parser-js before 0.7.23 are vulnerable to Regular Expre ...) - node-ua-parser-js 0.7.23+ds-1 [buster] - node-ua-parser-js (Minor issue) NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-1023599 NOTE: https://github.com/faisalman/ua-parser-js/commit/6d1f26df051ba681463ef109d36c9cf0f7e32b18 (0.7.23) CVE-2020-7792 (This affects all versions of package mout. The deepFillIn function can ...) NOT-FOR-US: Node mout CVE-2020-7791 (This affects the package i18n before 2.1.15. Vulnerability arises out ...) NOT-FOR-US: i18n module for asp.net CVE-2020-7790 (This affects the package spatie/browsershot from 0.0.0. By specifying ...) NOT-FOR-US: spatie/browsershot CVE-2020-7789 (This affects the package node-notifier before 9.0.0. It allows an atta ...) NOT-FOR-US: Node node-notifier CVE-2020-7788 (This affects the package ini before 1.3.6. If an attacker submits a ma ...) {DLA-2503-1} - node-ini 2.0.0-1 (bug #977718) [buster] - node-ini 1.3.5-1+deb10u1 NOTE: https://snyk.io/vuln/SNYK-JS-INI-1048974 NOTE: https://github.com/npm/ini/commit/56d2805e07ccd94e2ba0984ac9240ff02d44b6f1 (v1.3.6) CVE-2020-7787 (This affects all versions of package react-adal. It is possible for a ...) NOT-FOR-US: Node react-adal CVE-2020-7786 (This affects all versions of package macfromip. The injection point is ...) NOT-FOR-US: Node macfromip CVE-2020-7785 (This affects all versions of package node-ps. The injection point is l ...) NOT-FOR-US: Noed node-ps CVE-2020-7784 (This affects all versions of package ts-process-promises. The injectio ...) NOT-FOR-US: Node ts-process-promises CVE-2020-7783 RESERVED CVE-2020-7782 (This affects all versions of package spritesheet-js. It depends on a v ...) NOT-FOR-US: Node spritesheet-js CVE-2020-7781 (This affects the package connection-tester before 0.2.1. The injection ...) NOT-FOR-US: Node connection-tester CVE-2020-7780 (This affects the package com.softwaremill.akka-http-session:core_2.13 ...) NOT-FOR-US: om.softwaremill.akka-http-session:core_2.13 CVE-2020-7779 (All versions of package djvalidator are vulnerable to Regular Expressi ...) NOT-FOR-US: Node djvalidator CVE-2020-7778 (This affects the package systeminformation before 4.30.2. The attacker ...) NOT-FOR-US: Node systeminformation CVE-2020-7777 (This affects all versions of package jsen. If an attacker can control ...) NOT-FOR-US: Node jsen CVE-2020-7776 (This affects the package phpoffice/phpspreadsheet from 0.0.0. The libr ...) NOT-FOR-US: phpoffice/phpspreadsheet CVE-2020-7775 (This affects all versions of package freediskspace. The vulnerability ...) NOT-FOR-US: Node freediskspace CVE-2020-7774 (This affects the package y18n before 3.2.2, 4.0.1 and 5.0.5. PoC by po ...) - node-y18n 4.0.0-3 (bug #976390) [buster] - node-y18n 3.2.1-2+deb10u1 [stretch] - node-y18n (Minor issue) NOTE: https://snyk.io/vuln/SNYK-JS-Y18N-1021887 NOTE: https://github.com/yargs/y18n/issues/96 NOTE: https://github.com/yargs/y18n/pull/108 CVE-2020-7773 (This affects the package markdown-it-highlightjs before 3.3.1. It is p ...) NOT-FOR-US: Node markdown-it-highlightjs CVE-2020-7772 (This affects the package doc-path before 2.1.2. ...) NOT-FOR-US: Node doc-path CVE-2020-7771 (The package asciitable.js before 1.0.3 are vulnerable to Prototype Pol ...) NOT-FOR-US: Node asciitable.js CVE-2020-7770 (This affects the package json8 before 1.0.3. The function adds in the ...) NOT-FOR-US: Node json8 CVE-2020-7769 (This affects the package nodemailer before 6.4.16. Use of crafted reci ...) - node-nodemailer 6.4.16-1 NOTE: https://snyk.io/vuln/SNYK-JS-NODEMAILER-1038834 NOTE: https://github.com/nodemailer/nodemailer/commit/ba31c64c910d884579875c52d57ac45acc47aa54 CVE-2020-7768 (The package grpc before 1.24.4; the package @grpc/grpc-js before 1.1.8 ...) NOT-FOR-US: Node grpc CVE-2020-7767 (All versions of package express-validators are vulnerable to Regular E ...) NOT-FOR-US: Node express-validators CVE-2020-7766 (This affects all versions of package json-ptr. The issue occurs in the ...) NOT-FOR-US: Node json-ptr CVE-2020-7765 (This affects the package @firebase/util before 0.3.4. This vulnerabili ...) NOT-FOR-US: Node firebase/util CVE-2020-7764 (This affects the package find-my-way before 2.2.5, from 3.0.0 and befo ...) NOT-FOR-US: Node find-my-way CVE-2020-7763 (This affects the package phantom-html-to-pdf before 0.6.1. ...) NOT-FOR-US: Node phantom-html-to-pdf CVE-2020-7762 (This affects the package jsreport-chrome-pdf before 1.10.0. ...) NOT-FOR-US: Node jsreport-chrome-pdf CVE-2020-7761 (This affects the package @absolunet/kafe before 3.2.10. It allows caus ...) NOT-FOR-US: @absolunet/kafe CVE-2020-7760 (This affects the package codemirror before 5.58.2; the package org.apa ...) {DSA-4789-1} - codemirror-js 5.58.2+~cs0.23.101-1 [stretch] - codemirror-js (Vulnerable code added later) NOTE: https://snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937 NOTE: https://github.com/codemirror/CodeMirror/commit/55d0333907117c9231ffdf555ae8824705993bbb CVE-2020-7759 (The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable ...) NOT-FOR-US: pimcore CVE-2020-7758 (This affects versions of package browserless-chrome before 1.40.2-chro ...) NOT-FOR-US: Node browserless-chrome CVE-2020-7757 (This affects all versions of package droppy. It is possible to travers ...) NOT-FOR-US: droppy CVE-2020-7756 RESERVED CVE-2020-7755 (All versions of package dat.gui are vulnerable to Regular Expression D ...) NOT-FOR-US: dat.GUI CVE-2020-7754 (This affects the package npm-user-validate before 1.0.1. The regex tha ...) NOT-FOR-US: npm-user-validate CVE-2020-7753 (All versions of package trim are vulnerable to Regular Expression Deni ...) NOT-FOR-US: Node trim CVE-2020-7752 (This affects the package systeminformation before 4.27.11. This packag ...) NOT-FOR-US: Node systeminformation CVE-2020-7751 (pathval before version 1.1.1 is vulnerable to prototype pollution. ...) - node-pathval 1.1.0-4 (bug #972895) [buster] - node-pathval 1.1.0-3+deb10u1 NOTE: https://snyk.io/vuln/SNYK-JS-PATHVAL-596926 NOTE: https://github.com/chaijs/pathval/pull/58 CVE-2020-7750 (This affects the package scratch-svg-renderer before 0.2.0-prerelease. ...) NOT-FOR-US: scratch-svg-renderer nodejs module CVE-2020-7749 (This affects all versions of package osm-static-maps. User input given ...) NOT-FOR-US: osm-static-maps nodejs module CVE-2020-7748 (This affects the package @tsed/core before 5.65.7. This vulnerability ...) NOT-FOR-US: Ts.ED CVE-2020-7747 (This affects all versions of package lightning-server. It is possible ...) NOT-FOR-US: lightning-server nodejs module CVE-2020-7746 (This affects the package chart.js before 2.9.4. The options parameter ...) - node-chart.js 2.9.4+dfsg+~cs2.10.1-1 [buster] - node-chart.js (Minor issue; intrusive to backport) NOTE: https://snyk.io/vuln/SNYK-JS-CHARTJS-1018716 NOTE: https://github.com/chartjs/Chart.js/pull/7920 CVE-2020-7745 (This affects the package MintegralAdSDK before 6.6.0.0. The SDK distri ...) NOT-FOR-US: MintegralAdSDK CVE-2020-7744 (This affects all versions of package com.mintegral.msdk:alphab. The An ...) NOT-FOR-US: com.mintegral.msdk:alphab CVE-2020-7743 (The package mathjs before 7.5.1 are vulnerable to Prototype Pollution ...) NOT-FOR-US: Node mathjs CVE-2020-7742 (This affects the package simpl-schema before 1.10.2. ...) NOT-FOR-US: Node simpl-schema CVE-2020-7741 (This affects the package hellojs before 1.18.6. The code get the param ...) NOT-FOR-US: hello.js CVE-2020-7740 (This affects all versions of package node-pdf-generator. Due to lack o ...) NOT-FOR-US: Node pdf-generator CVE-2020-7739 (This affects all versions of package phantomjs-seo. It is possible for ...) NOT-FOR-US: Node phantomjs-seo CVE-2020-7738 (All versions of package shiba are vulnerable to Arbitrary Code Executi ...) NOT-FOR-US: Node shiba CVE-2020-7737 (All versions of package safetydance are vulnerable to Prototype Pollut ...) NOT-FOR-US: Node safetydance CVE-2020-7736 (The package bmoor before 0.8.12 are vulnerable to Prototype Pollution ...) NOT-FOR-US: Node bmoor CVE-2020-7735 (The package ng-packagr before 10.1.1 are vulnerable to Command Injecti ...) NOT-FOR-US: ng-packagr CVE-2020-7734 (All versions of package cabot are vulnerable to Cross-site Scripting ( ...) NOT-FOR-US: cabot CVE-2020-7733 (The package ua-parser-js before 0.7.22 are vulnerable to Regular Expre ...) - node-ua-parser-js (No affected version present in the archive, introduced after 0.7.14 and fixed in 0.7.22) NOTE: https://github.com/faisalman/ua-parser-js/commit/233d3bae22a795153a7e6638887ce159c63e557d NOTE: https://snyk.io/vuln/SNYK-JS-UAPARSERJS-610226 CVE-2020-7732 RESERVED CVE-2020-7731 (This affects all versions of package github.com/russellhaering/gosaml2 ...) - golang-github-russellhaering-gosaml2 (bug #948190) NOTE: https://github.com/russellhaering/gosaml2/issues/59 NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302 CVE-2020-7730 (The package bestzip before 2.1.7 are vulnerable to Command Injection v ...) NOT-FOR-US: bestzip nodejs module CVE-2020-7729 (The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execut ...) {DLA-2368-1} - grunt 1.3.0-1 (bug #969668) [buster] - grunt 1.0.1-8+deb10u1 NOTE: https://github.com/gruntjs/grunt/commit/e350cea1724eb3476464561a380fb6a64e61e4e7 NOTE: https://snyk.io/vuln/SNYK-JS-GRUNT-597546 CVE-2020-7728 RESERVED CVE-2020-7727 (All versions of package gedi are vulnerable to Prototype Pollution via ...) NOT-FOR-US: Node gedi CVE-2020-7726 (All versions of package safe-object2 are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node safe-object2 CVE-2020-7725 (All versions of package worksmith are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node worksmith CVE-2020-7724 (All versions of package tiny-conf are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node tiny-conf CVE-2020-7723 (All versions of package promisehelpers are vulnerable to Prototype Pol ...) NOT-FOR-US: Node promisehelpers CVE-2020-7722 (All versions of package nodee-utils are vulnerable to Prototype Pollut ...) NOT-FOR-US: Node nodee-utils CVE-2020-7721 (All versions of package node-oojs are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node node-oojs CVE-2020-7720 (The package node-forge before 0.10.0 is vulnerable to Prototype Pollut ...) - node-node-forge 0.10.0~dfsg-1 (bug #969669) [buster] - node-node-forge (Minor issue) NOTE: https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677 NOTE: https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756 CVE-2020-7719 (Versions of package locutus before 2.0.12 are vulnerable to prototype ...) NOT-FOR-US: Node locutus CVE-2020-7718 (All versions of package gammautils are vulnerable to Prototype Polluti ...) NOT-FOR-US: Node gammautils CVE-2020-7717 (All versions of package dot-notes are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node dot-notes CVE-2020-7716 (All versions of package deeps are vulnerable to Prototype Pollution vi ...) NOT-FOR-US: Node deeps CVE-2020-7715 (All versions of package deep-get-set are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node deep-get-set CVE-2020-7714 (All versions of package confucious are vulnerable to Prototype Polluti ...) NOT-FOR-US: Node confucious CVE-2020-7713 (All versions of package arr-flatten-unflatten are vulnerable to Protot ...) NOT-FOR-US: Node arr-flatten-unflatten CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to inject ...) NOT-FOR-US: Node json CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...) - golang-github-russellhaering-goxmldsig (bug #968928) [bullseye] - golang-github-russellhaering-goxmldsig (Minor issue) [buster] - golang-github-russellhaering-goxmldsig (Minor issue) NOTE: https://github.com/russellhaering/goxmldsig/issues/48 CVE-2020-7710 (This affects all versions of package safe-eval. It is possible for an ...) NOT-FOR-US: Node safe-eval CVE-2020-7709 (This affects the package json-pointer before 0.6.1. Multiple reference ...) NOT-FOR-US: Node json-pointer CVE-2020-7708 (The package irrelon-path before 4.7.0; the package @irrelon/path befor ...) NOT-FOR-US: Node irrelon-path CVE-2020-7707 (The package property-expr before 2.0.3 are vulnerable to Prototype Pol ...) NOT-FOR-US: Node property-expr CVE-2020-7706 (The package connie-lang before 0.1.1 are vulnerable to Prototype Pollu ...) NOT-FOR-US: Node connie-lang CVE-2020-7705 (This affects the package MintegralAdSDK from 0.0.0. The SDK distribute ...) NOT-FOR-US: MintegralAdSDK CVE-2020-7704 (The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pol ...) NOT-FOR-US: Node linux-cmdline CVE-2020-7703 (All versions of package nis-utils are vulnerable to Prototype Pollutio ...) NOT-FOR-US: Node nis-utils CVE-2020-7702 (All versions of package templ8 are vulnerable to Prototype Pollution v ...) NOT-FOR-US: templ8 CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution ...) NOT-FOR-US: Node madlib-object-utils CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...) NOT-FOR-US: phpjs CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...) NOT-FOR-US: express-fileupload CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...) NOT-FOR-US: Gerapy CVE-2020-7697 (This affects all versions of package mock2easy. a malicious user could ...) NOT-FOR-US: mock2easy nodejs module CVE-2020-7696 (This affects all versions of package react-native-fast-image. When an ...) NOT-FOR-US: react-native-fast-image nodejs module CVE-2020-7695 (Uvicorn before 0.11.7 is vulnerable to HTTP response splitting. CRLF s ...) - python-uvicorn 0.13.3-1 (bug #969275) [buster] - python-uvicorn (Minor issue) NOTE: https://snyk.io/vuln/SNYK-PYTHON-UVICORN-570471 NOTE: https://github.com/encode/uvicorn/issues/719 CVE-2020-7694 (This affects all versions of package uvicorn. The request logger provi ...) - python-uvicorn 0.13.3-1 (bug #969276) [buster] - python-uvicorn (Minor issue) NOTE: https://snyk.io/vuln/SNYK-PYTHON-UVICORN-575560 NOTE: https://github.com/encode/uvicorn/issues/723 CVE-2020-7693 (Incorrect handling of Upgrade header with the value websocket leads in ...) - node-socks (bug #922921) CVE-2020-7692 (PKCE support is not implemented in accordance with the RFC for OAuth 2 ...) - google-oauth-client-java 1.28.0-2 (bug #988944) NOTE: https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEOAUTHCLIENT-575276 NOTE: https://github.com/googleapis/google-oauth-java-client/issues/469 NOTE: https://github.com/googleapis/google-oauth-java-client/commit/13433cd7dd06267fc261f0b1d4764f8e3432c824 CVE-2020-7691 (In all versions of the package jspdf, it is possible to use <<sc ...) NOT-FOR-US: jspdf CVE-2020-7690 (All affected versions <2.0.0 of package jspdf are vulnerable to Cro ...) NOT-FOR-US: jspdf CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes. ...) NOT-FOR-US: Node bcrypt CVE-2020-7688 (The issue occurs because tagName user input is formatted inside the ex ...) NOT-FOR-US: Node mversion CVE-2020-7687 (This affects all versions of package fast-http. There is no path sanit ...) NOT-FOR-US: Node fast-http CVE-2020-7686 (This affects all versions of package rollup-plugin-dev-server. There i ...) NOT-FOR-US: Node rollup-plugin-dev-server CVE-2020-7685 (This affects all versions of package UmbracoForms. When using the defa ...) NOT-FOR-US: UmbracoForms CVE-2020-7684 (This affects all versions of package rollup-plugin-serve. There is no ...) NOT-FOR-US: Node rollup-plugin-server CVE-2020-7683 (This affects all versions of package rollup-plugin-server. There is no ...) NOT-FOR-US: Node rollup-plugin-server CVE-2020-7682 (This affects all versions of package marked-tree. There is no path san ...) NOT-FOR-US: Node marked-tree CVE-2020-7681 (This affects all versions of package marscode. There is no path saniti ...) NOT-FOR-US: Node marscode CVE-2020-7680 (docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). ...) NOT-FOR-US: docsify CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility function ...) NOT-FOR-US: Node casperjs CVE-2020-7678 RESERVED CVE-2020-7677 RESERVED CVE-2020-7676 (angular.js prior to 1.8.0 allows cross site scripting. The regex-based ...) - angular.js 1.8.0-1 [buster] - angular.js (Minor issue; can be fixed via point release) [stretch] - angular.js (Nodejs in stretch not covered by security support) [jessie] - angular.js (Minor issue, low usage of 2014-era Nodejs) NOTE: https://github.com/angular/angular.js/pull/17028 NOTE: https://snyk.io/vuln/SNYK-JS-ANGULAR-570058 CVE-2020-7675 (cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. ...) NOT-FOR-US: Node cd-messenger CVE-2020-7674 (access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. ...) NOT-FOR-US: Node access-policy CVE-2020-7673 (node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. U ...) - node-extend (Vulnerable code not present) NOTE: Debian's node-extend is a different package(fork?) which doesn't eval() CVE-2020-7672 (mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User inp ...) NOT-FOR-US: Node mosc CVE-2020-7671 (goliath through 1.0.6 allows request smuggling attacks where goliath i ...) NOT-FOR-US: Ruby gem goliath CVE-2020-7670 (agoo prior to 2.14.0 allows request smuggling attacks where agoo is us ...) NOT-FOR-US: Ruby gem agoo CVE-2020-7669 (This affects all versions of package github.com/u-root/u-root/pkg/taru ...) NOT-FOR-US: github.com/u-root/u-root/pkg/tarutil Go package CVE-2020-7668 (In all versions of the package github.com/unknwon/cae/tz, the ExtractT ...) - golang-github-unknwon-cae (bug #967956) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384 CVE-2020-7667 (In package github.com/sassoftware/go-rpmutils/cpio before version 0.1. ...) NOT-FOR-US: github.com/sassoftware/go-rpmutils/cpio go module CVE-2020-7666 (This affects all versions of package github.com/u-root/u-root/pkg/cpio ...) NOT-FOR-US: github.com/u-root/u-root/pkg/cpio Go package CVE-2020-7665 (This affects all versions of package github.com/u-root/u-root/pkg/uzip ...) NOT-FOR-US: github.com/u-root/u-root/pkg/uzip Go package CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the Extract ...) - golang-github-unknwon-cae (bug #967955) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383 CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of Servi ...) {DLA-2334-1} - ruby-websocket-extensions 0.1.5-1 (bug #964274) [buster] - ruby-websocket-extensions 0.1.2-1+deb10u1 NOTE: https://github.com/faye/websocket-extensions-ruby/security/advisories/GHSA-g6wq-qcwm-j5g2 NOTE: https://github.com/faye/websocket-extensions-ruby/commit/aa156a439da681361ed6f53f1a8131892418838b CVE-2020-7662 (websocket-extensions npm module prior to 0.1.4 allows Denial of Servic ...) NOT-FOR-US: Node websocket-extensions CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression Denial ...) NOT-FOR-US: Node url-regex CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to inject ...) NOT-FOR-US: serialize-javascript Node package CVE-2020-7659 (reel through 0.6.1 allows Request Smuggling attacks due to incorrect C ...) - reel [stretch] - reel (Not supported in Stretch LTS) NOTE: https://snyk.io/vuln/SNYK-RUBY-REEL-569135 CVE-2020-7658 (meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP ...) NOT-FOR-US: meinheld CVE-2020-7657 RESERVED CVE-2020-7656 (jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load ...) - jquery 2.2.4+dfsg-1 [jessie] - jquery (Too intrusive to backport) NOTE: https://snyk.io/vuln/SNYK-JS-JQUERY-569619 NOTE: See debian-lts discussion starting at: https://lists.debian.org/debian-lts/2020/06/msg00025.html CVE-2020-7655 (netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP ...) NOT-FOR-US: netius CVE-2020-7654 (All versions of snyk-broker before 4.73.1 are vulnerable to Informatio ...) NOT-FOR-US: snyk-broker CVE-2020-7653 (All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary ...) NOT-FOR-US: snyk-broker CVE-2020-7652 (All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary ...) NOT-FOR-US: snyk-broker CVE-2020-7651 (All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary ...) NOT-FOR-US: snyk-broker CVE-2020-7650 (All versions of snyk-broker after 4.72.0 including and before 4.73.1 a ...) NOT-FOR-US: snyk-broker CVE-2020-7649 RESERVED CVE-2020-7648 (All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary ...) NOT-FOR-US: snyk-broker CVE-2020-7647 (All versions before 1.6.7 and all versions after 2.0.0 inclusive and b ...) NOT-FOR-US: jooby CVE-2020-7646 (curlrequest through 1.0.1 allows reading any file by populating the fi ...) NOT-FOR-US: Noed curlrequest CVE-2020-7645 (All versions of chrome-launcher allow execution of arbitrary commands, ...) NOT-FOR-US: Node chrome-launcher CVE-2020-7644 (fun-map through 3.3.1 is vulnerable to Prototype Pollution. The functi ...) NOT-FOR-US: Node fun-map CVE-2020-7643 (paypal-adaptive through 0.4.2 manipulation of JavaScript objects resul ...) NOT-FOR-US: Node paypal-adaptive CVE-2020-7642 (lazysizes through 5.2.0 allows execution of malicious JavaScript. The ...) NOT-FOR-US: Node lazysizes CVE-2020-7641 RESERVED CVE-2020-7640 (pixl-class prior to 1.0.3 allows execution of arbitrary commands. The ...) NOT-FOR-US: Node pixl-class CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...) NOT-FOR-US: Node eivindfjeldstad-dot CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...) NOT-FOR-US: Node confinit CVE-2020-7637 (class-transformer before 0.3.1 allow attackers to perform Prototype Po ...) NOT-FOR-US: Node class-transformer CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows ...) NOT-FOR-US: Node adb-driver CVE-2020-7635 (compass-compile through 0.0.1 is vulnerable to Command Injection.It al ...) NOT-FOR-US: Node compass-compile CVE-2020-7634 (heroku-addonpool through 0.1.15 is vulnerable to Command Injection. ...) NOT-FOR-US: Node heroku-addonpool CVE-2020-7633 (apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injectio ...) NOT-FOR-US: Node apiconnect-cli-plugins CVE-2020-7632 (node-mpv through 1.4.3 is vulnerable to Command Injection. It allows e ...) NOT-FOR-US: Node node-mpv CVE-2020-7631 (diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allow ...) NOT-FOR-US: Node diskusage-ng CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection. It al ...) NOT-FOR-US: git-add-remote node module CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...) NOT-FOR-US: install-package node module CVE-2020-7628 (umount through 1.1.6 is vulnerable to Command Injection. The argument ...) NOT-FOR-US: install-package node module CVE-2020-7627 (node-key-sender through 1.0.11 is vulnerable to Command Injection. It ...) NOT-FOR-US: node-key-sender node module CVE-2020-7626 (karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows ...) NOT-FOR-US: karma-mojo node module CVE-2020-7625 (op-browser through 1.0.6 is vulnerable to Command Injection. It allows ...) NOT-FOR-US: op-browser node module CVE-2020-7624 (effect through 1.0.4 is vulnerable to Command Injection. It allows exe ...) NOT-FOR-US: effect node module CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It allows ex ...) NOT-FOR-US: Node jscover CVE-2020-7622 (This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 ...) NOT-FOR-US: Jooby CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command Injecti ...) NOT-FOR-US: Node strong-nginx-controller CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It all ...) NOT-FOR-US: Node pomelo-monitor CVE-2020-7619 (get-git-data through 1.3.1 is vulnerable to Command Injection. It is p ...) NOT-FOR-US: get-git-data node module CVE-2020-7618 (sds through 3.2.0 is vulnerable to Prototype Pollution.The library cou ...) NOT-FOR-US: Node sds CVE-2020-7617 (ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The libr ...) NOT-FOR-US: Node ini-parser CVE-2020-7616 (express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollu ...) NOT-FOR-US: Node express-mock-middleware CVE-2020-7615 (fsa through 0.5.1 is vulnerable to Command Injection. The first argume ...) NOT-FOR-US: Node fsa CVE-2020-7614 (npm-programmatic through 0.0.12 is vulnerable to Command Injection.The ...) NOT-FOR-US: npm-programmatic CVE-2020-7613 (clamscan through 1.2.0 is vulnerable to Command Injection. It is possi ...) NOT-FOR-US: Node clamscan CVE-2020-7612 REJECTED CVE-2020-7611 (All versions of io.micronaut:micronaut-http-client before 1.2.11 and a ...) NOT-FOR-US: io.micronaut:micronaut-http-client CVE-2020-7610 (All versions of bson before 1.1.4 are vulnerable to Deserialization of ...) [experimental] - node-mongodb 3.5.5+~cs11.12.19-1 - node-mongodb 3.5.6+~cs11.12.19-1 [buster] - node-mongodb 3.1.13+~3.1.11-2+deb10u1 NOTE: Fixed in js-bson v1.1.4 included in 3.5.5+~cs11.12.19 NOTE: https://snyk.io/vuln/SNYK-JS-BSON-561052 NOTE: https://github.com/mongodb/js-bson/commit/3809c1313a7b2a8001065f0271199df9fa3d16a8 CVE-2020-7609 (node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbi ...) NOT-FOR-US: Node node-rules CVE-2020-7608 (yargs-parser could be tricked into adding or modifying properties of O ...) - node-yargs-parser 18.1.1-1 [buster] - node-yargs-parser 11.1.1-1+deb10u1 [stretch] - node-yargs-parser (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-YARGSPARSER-560381 NOTE: https://github.com/yargs/yargs-parser/commit/63810ca1ae1a24b08293a4d971e70e058c7a41e2 NOTE: https://gist.github.com/Kirill89/dcd8100d010896157a36624119439832 CVE-2020-7607 (gulp-styledocco through 0.0.3 allows execution of arbitrary commands. ...) NOT-FOR-US: Node gulp-styledocco CVE-2020-7606 (docker-compose-remote-api through 0.1.4 allows execution of arbitrary ...) NOT-FOR-US: Node docker-compose-remote-api CVE-2020-7605 (gulp-tape through 1.0.0 allows execution of arbitrary commands. It is ...) NOT-FOR-US: Node gulp-tape CVE-2020-7604 (pulverizr through 0.7.0 allows execution of arbitrary commands. Within ...) NOT-FOR-US: Node pulverizr CVE-2020-7603 (closure-compiler-stream through 0.1.15 allows execution of arbitrary c ...) NOT-FOR-US: closure-compiler-stream CVE-2020-7602 (node-prompt-here through 1.0.1 allows execution of arbitrary commands. ...) NOT-FOR-US: Node node-prompt-here CVE-2020-7601 (gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. I ...) NOT-FOR-US: Node gulp-scss-lint CVE-2020-7600 (querymen prior to 2.1.4 allows modification of object properties. The ...) NOT-FOR-US: querymen nodejs module CVE-2020-7599 (All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable ...) NOT-FOR-US: com.gradle.plugin-publish CVE-2020-7598 (minimist before 1.2.2 could be tricked into adding or modifying proper ...) - node-minimist 1.2.5-1 (bug #953762) [buster] - node-minimist 1.2.0-1+deb10u1 [stretch] - node-minimist (Nodejs in stretch not covered by security support) NOTE: https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 NOTE: POC: https://gist.github.com/Kirill89/47feb345b09bf081317f08dd43403a8a NOTE: Fixed by: https://github.com/substack/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94 CVE-2020-7597 (codecov-node npm module before 3.6.5 allows remote attackers to execut ...) NOT-FOR-US: codecov-node nodejs module CVE-2020-7596 (Codecov npm module before 3.6.2 allows remote attackers to execute arb ...) NOT-FOR-US: Codecov npm module CVE-2020-7595 (xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infini ...) {DLA-2369-1} - libxml2 2.9.10+dfsg-2.1 (bug #949582) [buster] - libxml2 2.9.4+dfsg1-7+deb10u1 [jessie] - libxml2 (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/libxml2/commit/0e1a49c8907645d2e155f0d89d4d9895ac5112b5 CVE-2020-7594 (MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remo ...) NOT-FOR-US: MultiTech Conduit MTCDT-LVW2-24XX devices CVE-2020-7593 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-7592 (A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Ge ...) NOT-FOR-US: Siemens CVE-2020-7591 (A vulnerability has been identified in SIPORT MP (All versions < 3. ...) NOT-FOR-US: Siemens CVE-2020-7590 (A vulnerability has been identified in DCA Vantage Analyzer (All versi ...) NOT-FOR-US: DCA Vantage Analyzer CVE-2020-7589 (A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS varian ...) NOT-FOR-US: Siemens CVE-2020-7588 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...) NOT-FOR-US: Siemens CVE-2020-7587 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...) NOT-FOR-US: Siemens CVE-2020-7586 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) NOT-FOR-US: Siemens CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier ...) NOT-FOR-US: Siemens CVE-2020-7584 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU family ...) NOT-FOR-US: Siemens CVE-2020-7583 (A vulnerability has been identified in Automation License Manager 5 (A ...) NOT-FOR-US: Siemens CVE-2020-7582 RESERVED CVE-2020-7581 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...) NOT-FOR-US: Siemens CVE-2020-7580 (A vulnerability has been identified in SIMATIC Automation Tool (All ve ...) NOT-FOR-US: Siemens CVE-2020-7579 (A vulnerability has been identified in Spectrum Power™ 5 (All ve ...) NOT-FOR-US: Siemens CVE-2020-7578 (A vulnerability has been identified in Camstar Enterprise Platform (Al ...) NOT-FOR-US: Siemens CVE-2020-7577 (A vulnerability has been identified in Camstar Enterprise Platform (Al ...) NOT-FOR-US: Siemens CVE-2020-7576 (A vulnerability has been identified in Camstar Enterprise Platform (Al ...) NOT-FOR-US: Siemens CVE-2020-7575 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...) NOT-FOR-US: Climatix CVE-2020-7574 (A vulnerability has been identified in Climatix POL908 (BACnet/IP modu ...) NOT-FOR-US: Climatix CVE-2020-7573 (A CWE-284 Improper Access Control vulnerability exists in EcoStruxure ...) NOT-FOR-US: EcoStruxure Building Operation WebReports CVE-2020-7572 (A CWE-611 Improper Restriction of XML External Entity Reference vulner ...) NOT-FOR-US: EcoStruxure Building Operation WebReports CVE-2020-7571 (A CWE-79 Multiple Improper Neutralization of Input During Web Page Gen ...) NOT-FOR-US: EcoStruxure Building Operation WebReports CVE-2020-7570 (A CWE-79 Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: EcoStruxure Building Operation WebReports CVE-2020-7569 (A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerabilit ...) NOT-FOR-US: EcoStruxure Building Operation WebReports CVE-2020-7568 (A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor ...) NOT-FOR-US: Modicon CVE-2020-7567 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists i ...) NOT-FOR-US: Modicon CVE-2020-7566 (A CWE-334: Small Space of Random Values vulnerability exists in Modico ...) NOT-FOR-US: Modicon CVE-2020-7565 (A CWE-326: Inadequate Encryption Strength vulnerability exists in Modi ...) NOT-FOR-US: Modicon CVE-2020-7564 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer ...) NOT-FOR-US: Modicon CVE-2020-7563 (A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server ...) NOT-FOR-US: Modicon CVE-2020-7562 (A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server o ...) NOT-FOR-US: Modicon CVE-2020-7561 (A CWE-284: Improper Access Control vulnerability exists in Easergy T30 ...) NOT-FOR-US: Easergy CVE-2020-7560 (A CWE-123: Write-what-where Condition vulnerability exists in EcoStrux ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-7559 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-7558 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition ...) NOT-FOR-US: IGSS Definition (Def.exe) CVE-2020-7557 (A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition ( ...) NOT-FOR-US: IGSS Definition (Def.exe) CVE-2020-7556 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition ...) NOT-FOR-US: IGSS Definition (Def.exe) CVE-2020-7555 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition ...) NOT-FOR-US: IGSS Definition (Def.exe) CVE-2020-7554 (A CWE-119 Improper Restriction of Operations within the Bounds of a Me ...) NOT-FOR-US: IGSS Definition (Def.exe) CVE-2020-7553 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition ...) NOT-FOR-US: IGSS Definition (Def.exe) CVE-2020-7552 (A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition ...) NOT-FOR-US: IGSS Definition (Def.exe) CVE-2020-7551 (A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition ...) NOT-FOR-US: IGSS Definition (Def.exe) CVE-2020-7550 (A CWE-119 Improper Restriction of Operations within the Bounds of a Me ...) NOT-FOR-US: IGSS Definition (Def.exe) CVE-2020-7549 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Modicon CVE-2020-7548 (A CWE-330 - Use of Insufficiently Random Values vulnerability exists i ...) NOT-FOR-US: Schneider CVE-2020-7547 (A CWE-284: Improper Access Control vulnerability exists in EcoStruxure ...) NOT-FOR-US: Schneider CVE-2020-7546 (A CWE-79: Improper Neutralization of Input During Web Page Generation ...) NOT-FOR-US: Schneider CVE-2020-7545 (A CWE-284:Improper Access Control vulnerability exists in EcoStruxure& ...) NOT-FOR-US: Schneider CVE-2020-7544 (A CWE-269 Improper Privilege Management vulnerability exists in EcoStr ...) NOT-FOR-US: EcoStruxure Operator Terminal Expert runtime CVE-2020-7543 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Modicon CVE-2020-7542 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Modicon CVE-2020-7541 (A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in ...) NOT-FOR-US: Modicon CVE-2020-7540 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: Modicon CVE-2020-7539 (A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnera ...) NOT-FOR-US: Modicon CVE-2020-7538 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-7537 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Modicon CVE-2020-7536 (A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnera ...) NOT-FOR-US: Modicon CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Modicon CVE-2020-7534 RESERVED CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web Server o ...) NOT-FOR-US: Modicon CVE-2020-7532 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...) NOT-FOR-US: SCADAPack x70 Security Administrator CVE-2020-7531 (A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x ...) NOT-FOR-US: SCADAPack 7x Remote Connect CVE-2020-7530 (A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x ...) NOT-FOR-US: SCADAPack 7x Remote Connect CVE-2020-7529 (A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ( ...) NOT-FOR-US: SCADAPack 7x Remote Connect CVE-2020-7528 (A CWE-502 Deserialization of Untrusted Data vulnerability exists in SC ...) NOT-FOR-US: SCADAPack 7x Remote Connect CVE-2020-7527 (Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) a ...) NOT-FOR-US: Schneider CVE-2020-7526 (Improper Input Validation vulnerability exists in PowerChute Business ...) NOT-FOR-US: Schneider CVE-2020-7525 (Improper Restriction of Excessive Authentication Attempts vulnerabilit ...) NOT-FOR-US: Schneider CVE-2020-7524 (Out-of-bounds Write vulnerability exists in Modicon M218 Logic Control ...) NOT-FOR-US: Schneider CVE-2020-7523 (Improper Privilege Management vulnerability exists in Schneider Electr ...) NOT-FOR-US: Schneider CVE-2020-7522 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Schneider CVE-2020-7521 (Improper Limitation of a Pathname to a Restricted Directory ('Path Tra ...) NOT-FOR-US: Schneider CVE-2020-7520 (A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnera ...) NOT-FOR-US: Schneider CVE-2020-7519 (A CWE-521: Weak Password Requirements vulnerability exists in Easergy ...) NOT-FOR-US: Schneider CVE-2020-7518 (A CWE-20: Improper input validation vulnerability exists in Easergy Bu ...) NOT-FOR-US: Schneider CVE-2020-7517 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...) NOT-FOR-US: Schneider CVE-2020-7516 (A CWE-316: Cleartext Storage of Sensitive Information in Memory vulner ...) NOT-FOR-US: Schneider CVE-2020-7515 (A CWE-321: Use of hard-coded cryptographic key stored in cleartext vul ...) NOT-FOR-US: Schneider CVE-2020-7514 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...) NOT-FOR-US: Schneider CVE-2020-7513 (A CWE-312: Cleartext Storage of Sensitive Information vulnerability ex ...) NOT-FOR-US: Schneider CVE-2020-7512 (A CWE-1103: Use of Platform-Dependent Third Party Components with vuln ...) NOT-FOR-US: Easergy T300 CVE-2020-7511 (A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerabil ...) NOT-FOR-US: Easergy T300 CVE-2020-7510 (A CWE-200: Information Exposure vulnerability exists in Easergy T300 ( ...) NOT-FOR-US: Easergy T300 CVE-2020-7509 (A CWE-269: Improper privilege management (write) vulnerability exists ...) NOT-FOR-US: Easergy T300 CVE-2020-7508 (A CWE-307 Improper Restriction of Excessive Authentication Attempts vu ...) NOT-FOR-US: Easergy T300 CVE-2020-7507 (A CWE-400: Uncontrolled Resource Consumption vulnerability exists in E ...) NOT-FOR-US: Easergy T300 CVE-2020-7506 (A CWE-200: Information Exposure vulnerability exists in Easergy T300, ...) NOT-FOR-US: Easergy T300 CVE-2020-7505 (A CWE-494 Download of Code Without Integrity Check vulnerability exist ...) NOT-FOR-US: Easergy T300 CVE-2020-7504 (A CWE-20: Improper Input Validation vulnerability exists in Easergy T3 ...) NOT-FOR-US: Easergy T300 CVE-2020-7503 (A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in E ...) NOT-FOR-US: Easergy T300 CVE-2020-7502 (A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Lo ...) NOT-FOR-US: Modicon CVE-2020-7501 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo ...) NOT-FOR-US: Schneider CVE-2020-7500 (A CWE-89:Improper Neutralization of Special Elements used in an SQL Co ...) NOT-FOR-US: Schneider CVE-2020-7499 (A CWE-863: Incorrect Authorization vulnerability exists in U.motion Se ...) NOT-FOR-US: Schneider CVE-2020-7498 (A CWE-798: Use of Hard-coded Credentials vulnerability exists in the U ...) NOT-FOR-US: Schneider CVE-2020-7497 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider CVE-2020-7496 (A CWE-88: Argument Injection or Modification vulnerability exists in E ...) NOT-FOR-US: Schneider CVE-2020-7495 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider CVE-2020-7494 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: Schneider CVE-2020-7493 (A CWE-89: Improper Neutralization of Special Elements used in an SQL C ...) NOT-FOR-US: Schneider CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in the GP-P ...) NOT-FOR-US: Schneider CVE-2020-7491 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in ...) NOT-FOR-US: Schneider CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...) NOT-FOR-US: Schneider CVE-2020-7489 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...) NOT-FOR-US: Schneider CVE-2020-7488 (A CWE-319: Cleartext Transmission of Sensitive Information vulnerabili ...) NOT-FOR-US: Schneider CVE-2020-7487 (A CWE-345: Insufficient Verification of Data Authenticity vulnerabilit ...) NOT-FOR-US: Schneider CVE-2020-7486 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TC ...) NOT-FOR-US: Schneider Electric CVE-2020-7485 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in th ...) NOT-FOR-US: Schneider Electric CVE-2020-7484 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the forme ...) NOT-FOR-US: Schneider Electric CVE-2020-7483 (**VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause ce ...) NOT-FOR-US: Schneider Electric CVE-2020-7482 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: Andover Continuum CVE-2020-7481 (A CWE-79:Improper Neutralization of Input During Web Page Generation ( ...) NOT-FOR-US: Andover Continuum CVE-2020-7480 (A CWE-94: Improper Control of Generation of Code ('Code Injection') vu ...) NOT-FOR-US: Andover Continuum CVE-2020-7479 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) NOT-FOR-US: IGSS CVE-2020-7478 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) NOT-FOR-US: IGSS CVE-2020-7477 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: Quantum Ethernet Network module CVE-2020-7476 (A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Instal ...) NOT-FOR-US: ZigBee Installation Kit CVE-2020-7475 (A CWE-74: Improper Neutralization of Special Elements in Output Used b ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-7474 (A CWE-427: Uncontrolled Search Path Element vulnerability exists in Pr ...) NOT-FOR-US: ProSoft Configurator CVE-2020-7473 (In certain situations, all versions of Citrix ShareFile StorageZones ( ...) NOT-FOR-US: Citrix CVE-2020-7472 (An authorization bypass and PHP local-file-include vulnerability in th ...) NOT-FOR-US: SugarCRM CVE-2020-7471 (Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 al ...) {DSA-4629-1} - python-django 2:2.2.10-1 (bug #950581) [jessie] - python-django (Vulnerable code introduced in Django ~1.9) NOTE: https://www.djangoproject.com/weblog/2020/feb/03/security-releases/ NOTE: https://github.com/django/django/commit/eb31d845323618d688ad429479c6dda973056136 (master) NOTE: https://github.com/django/django/commit/505826b469b16ab36693360da9e11fd13213421b (3.0.3) NOTE: https://github.com/django/django/commit/c67a368c16e4680b324b4f385398d638db4d8147 (2.2.10) NOTE: https://github.com/django/django/commit/001b0634cd309e372edb6d7d95d083d02b8e37bd (1.11.28) CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the ...) NOT-FOR-US: Sonoff TH 10 and 16 devices CVE-2020-7469 (In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12. ...) - kfreebsd-10 (unimportant) CVE-2020-7468 (In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12. ...) NOT-FOR-US: FreeBSD ftpd CVE-2020-7467 (In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12. ...) NOT-FOR-US: FreeBSD CVE-2020-7466 (The PPP implementation of MPD before 5.9 allows a remote attacker who ...) NOT-FOR-US: MPD (FreeBSD PPP daemon) CVE-2020-7465 (The L2TP implementation of MPD before 5.9 allows a remote attacker who ...) NOT-FOR-US: MPD (FreeBSD PPP daemon) CVE-2020-7464 (In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12. ...) - kfreebsd-10 (unimportant) CVE-2020-7463 (In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12. ...) - kfreebsd-10 (unimportant) CVE-2020-7462 (In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, imprope ...) - kfreebsd-10 (unimportant) CVE-2020-7461 (In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12. ...) NOT-FOR-US: FreeBSD CVE-2020-7460 (In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-ST ...) NOT-FOR-US: FreeBSD CVE-2020-7459 (In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-ST ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:21.usb_net.asc CVE-2020-7458 (In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and ...) NOT-FOR-US: FreeBSD CVE-2020-7457 (In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-ST ...) NOT-FOR-US: FreeBSD CVE-2020-7456 (In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-ST ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:17.usb.asc CVE-2020-7455 (In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-ST ...) NOT-FOR-US: FreeBSD CVE-2020-7454 (In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-ST ...) NOT-FOR-US: FreeBSD CVE-2020-7453 (In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:08.jail.asc CVE-2020-7452 (In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEAS ...) - kfreebsd-10 (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:07.epair.asc CVE-2020-7451 (In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEAS ...) NOT-FOR-US: FreeBSD CVE-2020-7450 (In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEAS ...) NOT-FOR-US: FreeBSD CVE-2020-7449 RESERVED CVE-2020-7448 RESERVED CVE-2020-7447 RESERVED CVE-2020-7446 RESERVED CVE-2020-7445 RESERVED CVE-2020-7444 RESERVED CVE-2020-7443 RESERVED CVE-2020-7442 RESERVED CVE-2020-7441 RESERVED CVE-2020-7440 RESERVED CVE-2020-7439 RESERVED CVE-2020-7438 RESERVED CVE-2020-7437 RESERVED CVE-2020-7436 RESERVED CVE-2020-7435 RESERVED CVE-2020-7434 RESERVED CVE-2020-7433 RESERVED CVE-2020-7432 RESERVED CVE-2020-7431 RESERVED CVE-2020-7430 RESERVED CVE-2020-7429 RESERVED CVE-2020-7428 RESERVED CVE-2020-7427 RESERVED CVE-2020-7426 RESERVED CVE-2020-7425 RESERVED CVE-2020-7424 RESERVED CVE-2020-7423 RESERVED CVE-2020-7422 RESERVED CVE-2020-7421 RESERVED CVE-2020-7420 RESERVED CVE-2020-7419 RESERVED CVE-2020-7418 RESERVED CVE-2020-7417 RESERVED CVE-2020-7416 RESERVED CVE-2020-7415 RESERVED CVE-2020-7414 RESERVED CVE-2020-7413 RESERVED CVE-2020-7412 RESERVED CVE-2020-7411 RESERVED CVE-2020-7410 RESERVED CVE-2020-7409 RESERVED CVE-2020-7408 RESERVED CVE-2020-7407 RESERVED CVE-2020-7406 RESERVED CVE-2020-7405 RESERVED CVE-2020-7404 RESERVED CVE-2020-7403 RESERVED CVE-2020-7402 RESERVED CVE-2020-7401 RESERVED CVE-2020-7400 RESERVED CVE-2020-7399 RESERVED CVE-2020-7398 RESERVED CVE-2020-7397 RESERVED CVE-2020-7396 RESERVED CVE-2020-7395 RESERVED CVE-2020-7394 RESERVED CVE-2020-7393 RESERVED CVE-2020-7392 RESERVED CVE-2020-7391 RESERVED CVE-2020-7390 (Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Pr ...) NOT-FOR-US: Sage X3 CVE-2020-7389 (Sage X3 System CHAINE Variable Script Command Injection. An authentica ...) NOT-FOR-US: Sage X3 CVE-2020-7388 (Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in Ad ...) NOT-FOR-US: Sage X3 CVE-2020-7387 (Sage X3 Installation Pathname Disclosure. A specially crafted packet c ...) NOT-FOR-US: Sage X3 CVE-2020-7386 RESERVED CVE-2020-7385 (By launching the drb_remote_codeexec exploit, a Metasploit Framework u ...) NOT-FOR-US: Rapid7 CVE-2020-7384 (Rapid7's Metasploit msfvenom framework handles APK files in a way that ...) NOT-FOR-US: Rapid7 CVE-2020-7383 (A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that m ...) NOT-FOR-US: Rapid7 Nexpose CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted ...) NOT-FOR-US: Rapid7 Nexpose installer CVE-2020-7381 (In Rapid7 Nexpose installer versions prior to 6.6.40, the Nexpose inst ...) NOT-FOR-US: Rapid7 Nexpose installer CVE-2020-7380 RESERVED CVE-2020-7379 RESERVED CVE-2020-7378 (CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an ...) NOT-FOR-US: CRIXP OpenCRX CVE-2020-7377 (The Metasploit Framework module "auxiliary/admin/http/telpho10_credent ...) NOT-FOR-US: Metasploit Framework module CVE-2020-7376 (The Metasploit Framework module "post/osx/gather/enum_osx module" is a ...) NOT-FOR-US: Metasploit Framework module CVE-2020-7375 RESERVED CVE-2020-7374 (Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scan ...) NOT-FOR-US: Documalis Free PDF Editor CVE-2020-7373 (vBulletin 5.5.4 through 5.6.2 allows remote command execution via craf ...) NOT-FOR-US: vBulletin CVE-2020-7372 RESERVED CVE-2020-7371 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) NOT-FOR-US: Yandex Browser CVE-2020-7370 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) NOT-FOR-US: Danyil Vasilenko's Bolt Browser CVE-2020-7369 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) NOT-FOR-US: Yandex Browser CVE-2020-7368 RESERVED CVE-2020-7367 RESERVED CVE-2020-7366 RESERVED CVE-2020-7365 RESERVED CVE-2020-7364 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) NOT-FOR-US: UCWeb's UC Browser CVE-2020-7363 (User Interface (UI) Misrepresentation of Critical Information vulnerab ...) NOT-FOR-US: UCWeb's UC Browser CVE-2020-7362 RESERVED CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command injecti ...) NOT-FOR-US: EasyCorp ZenTao Pro application CVE-2020-7360 (An Uncontrolled Search Path Element (CWE-427) vulnerability in SmartCo ...) NOT-FOR-US: SmartControl CVE-2020-7359 RESERVED CVE-2020-7358 (In AppSpider installer versions prior to 7.2.126, the AppSpider instal ...) NOT-FOR-US: AppSpider installer CVE-2020-7357 (Cayin CMS suffers from an authenticated OS semi-blind command injectio ...) NOT-FOR-US: Cayin CMS CVE-2020-7356 (CAYIN xPost suffers from an unauthenticated SQL Injection vulnerabilit ...) NOT-FOR-US: CAYIN xPost CVE-2020-7355 (Cross-site Scripting (XSS) vulnerability in the 'notes' field of a dis ...) NOT-FOR-US: Metasploit Pro CVE-2020-7354 (Cross-site Scripting (XSS) vulnerability in the 'host' field of a disc ...) NOT-FOR-US: Metasploit Pro CVE-2020-7353 RESERVED CVE-2020-7352 (The GalaxyClientService component of GOG Galaxy runs with elevated SYS ...) NOT-FOR-US: GOG Galaxy CVE-2020-7351 (An OS Command Injection vulnerability in the endpoint_devicemap.php co ...) NOT-FOR-US: Fonality Trixbox Community Edition CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from an ins ...) NOT-FOR-US: Rapid7 Metasploit Framework CVE-2020-7349 RESERVED CVE-2020-7348 RESERVED CVE-2020-7347 RESERVED CVE-2020-7346 (Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP ...) NOT-FOR-US: McAfee CVE-2020-7345 RESERVED CVE-2020-7344 RESERVED CVE-2020-7343 (Missing Authorization vulnerability in McAfee Agent (MA) for Windows p ...) NOT-FOR-US: McAfee CVE-2020-7342 RESERVED CVE-2020-7341 RESERVED CVE-2020-7340 RESERVED CVE-2020-7339 (Use of a Broken or Risky Cryptographic Algorithm vulnerability in McAf ...) NOT-FOR-US: McAfee CVE-2020-7338 RESERVED CVE-2020-7337 (Incorrect Permission Assignment for Critical Resource vulnerability in ...) NOT-FOR-US: McAfee CVE-2020-7336 (Cross Site Request Forgery vulnerability in McAfee Network Security Ma ...) NOT-FOR-US: McAfee CVE-2020-7335 (Privilege Escalation vulnerability in Microsoft Windows client McAfee ...) NOT-FOR-US: McAfee CVE-2020-7334 (Improper privilege assignment vulnerability in the installer McAfee Ap ...) NOT-FOR-US: McAfee CVE-2020-7333 (Cross site scripting vulnerability in the firewall ePO extension of Mc ...) NOT-FOR-US: McAfee CVE-2020-7332 (Cross Site Request Forgery vulnerability in the firewall ePO extension ...) NOT-FOR-US: McAfee CVE-2020-7331 (Unquoted service executable path in McAfee Endpoint Security (ENS) pri ...) NOT-FOR-US: McAfee CVE-2020-7330 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) tr ...) NOT-FOR-US: McAfee CVE-2020-7329 (Server-side request forgery vulnerability in the ePO extension in McAf ...) NOT-FOR-US: McAfee CVE-2020-7328 (External entity attack vulnerability in the ePO extension in McAfee MV ...) NOT-FOR-US: McAfee CVE-2020-7327 (Improperly implemented security check in McAfee MVISION Endpoint Detec ...) NOT-FOR-US: McAfee CVE-2020-7326 (Improperly implemented security check in McAfee Active Response (MAR) ...) NOT-FOR-US: McAfee CVE-2020-7325 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...) NOT-FOR-US: McAfee CVE-2020-7324 (Improper Access Control vulnerability in McAfee MVISION Endpoint prior ...) NOT-FOR-US: McAfee CVE-2020-7323 (Authentication Protection Bypass vulnerability in McAfee Endpoint Secu ...) NOT-FOR-US: McAfee CVE-2020-7322 (Information Disclosure Vulnerability in McAfee Endpoint Security (ENS) ...) NOT-FOR-US: McAfee CVE-2020-7321 RESERVED CVE-2020-7320 (Protection Mechanism Failure vulnerability in McAfee Endpoint Security ...) NOT-FOR-US: McAfee CVE-2020-7319 (Improper Access Control vulnerability in McAfee Endpoint Security (ENS ...) NOT-FOR-US: McAfee CVE-2020-7318 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO ...) NOT-FOR-US: McAfee CVE-2020-7317 (Cross-Site Scripting vulnerability in McAfee ePolicy Orchistrator (ePO ...) NOT-FOR-US: McAfee CVE-2020-7316 (Unquoted service path vulnerability in McAfee File and Removable Media ...) NOT-FOR-US: McAfee CVE-2020-7315 (DLL Injection Vulnerability in McAfee Agent (MA) for Windows prior to ...) NOT-FOR-US: McAfee CVE-2020-7314 (Privilege Escalation Vulnerability in the installer in McAfee Data Exc ...) NOT-FOR-US: McAfee CVE-2020-7313 RESERVED CVE-2020-7312 (DLL Search Order Hijacking Vulnerability in the installer in McAfee Ag ...) NOT-FOR-US: McAfee CVE-2020-7311 (Privilege Escalation vulnerability in the installer in McAfee Agent (M ...) NOT-FOR-US: McAfee CVE-2020-7310 (Privilege Escalation vulnerability in the installer in McAfee McAfee T ...) NOT-FOR-US: McAfee CVE-2020-7309 (Cross Site Scripting vulnerability in ePO extension in McAfee Applicat ...) NOT-FOR-US: McAfee CVE-2020-7308 (Cleartext Transmission of Sensitive Information between McAfee Endpoin ...) NOT-FOR-US: McAfee CVE-2020-7307 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...) NOT-FOR-US: McAfee CVE-2020-7306 (Unprotected Storage of Credentials vulnerability in McAfee Data Loss P ...) NOT-FOR-US: McAfee CVE-2020-7305 (Privilege escalation vulnerability in McAfee Data Loss Prevention (DLP ...) NOT-FOR-US: McAfee CVE-2020-7304 (Cross site request forgery vulnerability in McAfee Data Loss Preventio ...) NOT-FOR-US: McAfee CVE-2020-7303 (Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP ...) NOT-FOR-US: McAfee CVE-2020-7302 (Unrestricted Upload of File with Dangerous Type in McAfee Data Loss Pr ...) NOT-FOR-US: McAfee CVE-2020-7301 (Cross Site scripting vulnerability in McAfee Data Loss Prevention (DLP ...) NOT-FOR-US: McAfee CVE-2020-7300 (Improper Authorization vulnerability in McAfee Data Loss Prevention (D ...) NOT-FOR-US: McAfee CVE-2020-7299 (Cleartext Storage of Sensitive Information in Memory vulnerability in ...) NOT-FOR-US: McAfee CVE-2020-7298 (Unexpected behavior violation in McAfee Total Protection (MTP) prior t ...) NOT-FOR-US: McAfee CVE-2020-7297 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) NOT-FOR-US: McAfee CVE-2020-7296 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) NOT-FOR-US: McAfee CVE-2020-7295 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) NOT-FOR-US: McAfee CVE-2020-7294 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) NOT-FOR-US: McAfee CVE-2020-7293 (Privilege Escalation vulnerability in McAfee Web Gateway (MWG) prior t ...) NOT-FOR-US: McAfee CVE-2020-7292 (Inappropriate Encoding for output context vulnerability in McAfee Web ...) NOT-FOR-US: McAfee CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) NOT-FOR-US: McAfee CVE-2020-7290 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) NOT-FOR-US: McAfee CVE-2020-7289 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) NOT-FOR-US: McAfee CVE-2020-7288 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...) NOT-FOR-US: McAfee CVE-2020-7287 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...) NOT-FOR-US: McAfee CVE-2020-7286 (Privilege Escalation vulnerability in McAfee Exploit Detection and Res ...) NOT-FOR-US: McAfee CVE-2020-7285 (Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to ...) NOT-FOR-US: McAfee CVE-2020-7284 (Exposure of Sensitive Information in McAfee Network Security Managemen ...) NOT-FOR-US: McAfee CVE-2020-7283 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) be ...) NOT-FOR-US: McAfee CVE-2020-7282 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) be ...) NOT-FOR-US: McAfee CVE-2020-7281 (Privilege Escalation vulnerability in McAfee Total Protection (MTP) pr ...) NOT-FOR-US: McAfee CVE-2020-7280 (Privilege Escalation vulnerability during daily DAT updates when using ...) NOT-FOR-US: McAfee CVE-2020-7279 (DLL Search Order Hijacking Vulnerability in the installer component of ...) NOT-FOR-US: McAfee CVE-2020-7278 (Exploiting incorrectly configured access control security levels vulne ...) NOT-FOR-US: McAfee CVE-2020-7277 (Protection mechanism failure in all processes in McAfee Endpoint Secur ...) NOT-FOR-US: McAfee CVE-2020-7276 (Authentication bypass vulnerability in MfeUpgradeTool in McAfee Endpoi ...) NOT-FOR-US: McAfee CVE-2020-7275 (Accessing, modifying or executing executable files vulnerability in th ...) NOT-FOR-US: McAfee CVE-2020-7274 (Privilege escalation vulnerability in McTray.exe in McAfee Endpoint Se ...) NOT-FOR-US: McAfee CVE-2020-7273 (Accessing functionality not properly constrained by ACLs vulnerability ...) NOT-FOR-US: McAfee CVE-2020-7272 RESERVED CVE-2020-7271 RESERVED CVE-2020-7270 (Exposure of Sensitive Information in the web interface in McAfee Advan ...) NOT-FOR-US: McAfee CVE-2020-7269 (Exposure of Sensitive Information in the web interface in McAfee Advan ...) NOT-FOR-US: McAfee CVE-2020-7268 (Path Traversal vulnerability in McAfee McAfee Email Gateway (MEG) prio ...) NOT-FOR-US: McAfee CVE-2020-7267 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...) NOT-FOR-US: McAfee CVE-2020-7266 (Privilege Escalation vulnerability in McAfee VirusScan Enterprise (VSE ...) NOT-FOR-US: McAfee CVE-2020-7265 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...) NOT-FOR-US: McAfee CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...) NOT-FOR-US: McAfee CVE-2020-7263 (Improper access control vulnerability in ESconfigTool.exe in McAfee En ...) NOT-FOR-US: ENS for Windows CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...) NOT-FOR-US: McAfee CVE-2020-7261 (Buffer Overflow via Environment Variables vulnerability in AMSI compon ...) NOT-FOR-US: McAfee CVE-2020-7260 (DLL Side Loading vulnerability in the installer for McAfee Application ...) NOT-FOR-US: McAfee CVE-2020-7259 (Exploitation of Privilege/Trust vulnerability in file in McAfee Endpoi ...) NOT-FOR-US: McAfee CVE-2020-7258 (Cross site scripting vulnerability in McAfee Network Security Manageme ...) NOT-FOR-US: McAfee CVE-2020-7257 (Privilege escalation vulnerability in McAfee Endpoint Security (ENS) f ...) NOT-FOR-US: McAfee CVE-2020-7256 (Cross site scripting vulnerability in McAfee Network Security Manageme ...) NOT-FOR-US: McAfee CVE-2020-7255 (Privilege escalation vulnerability in the administrative user interfac ...) NOT-FOR-US: McAfee CVE-2020-7254 (Privilege Escalation vulnerability in the command line interface in Mc ...) NOT-FOR-US: McAfee CVE-2020-7253 (Improper access control vulnerability in masvc.exe in McAfee Agent (MA ...) NOT-FOR-US: McAfee CVE-2020-7252 (Unquoted service executable path in DXL Broker in McAfee Data eXchange ...) NOT-FOR-US: McAfee CVE-2020-7251 (Improper access control vulnerability in Configuration Tool in McAfee ...) NOT-FOR-US: McAfee CVE-2020-7250 (Symbolic link manipulation vulnerability in McAfee Endpoint Security ( ...) NOT-FOR-US: McAfee CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...) NOT-FOR-US: SMC D3G0804W devices CVE-2020-7248 (libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged ...) NOT-FOR-US: libubox in OpenWrt CVE-2020-XXXX [opensmtpd DoS via opportunistic TLS downgrade] - opensmtpd 6.6.2p1-1 (bug #950121) [buster] - opensmtpd 6.0.3p1-5+deb10u3 [stretch] - opensmtpd 6.0.2p1-2+deb9u2 NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/018_smtpd_tls.patch.sig CVE-2020-7247 (smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6 ...) {DSA-4611-1} - opensmtpd 6.6.2p1-1 (bug #950121) NOTE: https://www.openwall.com/lists/oss-security/2020/01/28/3 NOTE: Fixed by: https://github.com/OpenSMTPD/OpenSMTPD/commit/2afab2297347342f81fa31a75bbbf7dbee614fda NOTE: https://ftp.openbsd.org/pub/OpenBSD/patches/6.6/common/019_smtpd_exec.patch.sig NOTE: The issue is exploitable after switching "to new grammar", which is included NOTE: in portable sync commit: NOTE: https://github.com/OpenSMTPD/OpenSMTPD/commit/be6ef06cba9484d008d9f057e6b25d863cf278ff (opensmtpd-6.4.0) CVE-2020-7246 (A remote code execution (RCE) vulnerability exists in qdPM 9.1 and ear ...) NOT-FOR-US: qdPM CVE-2020-7245 (Incorrect username validation in the registration process of CTFd v2.0 ...) NOT-FOR-US: CTFd CVE-2020-7244 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7243 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7242 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7241 (The WP Database Backup plugin through 5.5 for WordPress stores downloa ...) NOT-FOR-US: WP Database Backup plugin for WordPress CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers ...) NOT-FOR-US: Meinberg Lantime M300 and M1000 devices CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...) NOT-FOR-US: conversation-watson plugin for WordPress CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...) {DSA-4885-1 DLA-2364-1 DLA-2110-1 DLA-2109-1} - netty 1:4.1.45-1 (bug #950967) - netty-3.9 [stretch] - netty-3.9 (Incomplete fix for CVE-2019-16869 was not applied) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225 NOTE: https://github.com/jdordonezn/CVE-2020-72381/issues/1 NOTE: Issue exists because of incomplete fix for CVE-2019-16869. NOTE: https://github.com/netty/netty/issues/9861#issuecomment-582307539 (same fix as CVE-2019-20445) CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...) - cacti 1.2.9+ds1-1 (bug #949997) [buster] - cacti 1.2.2+ds1-2+deb10u3 [stretch] - cacti (Minor issue) [jessie] - cacti (Vulnerable code introduced later) NOTE: https://github.com/Cacti/cacti/issues/3201 NOTE: https://github.com/Cacti/cacti/commit/5010719dbd160198be3e07bb994cf237e3af1308 CVE-2020-7236 (UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= ...) NOT-FOR-US: UHP UHP-100 devices CVE-2020-7235 (UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= ...) NOT-FOR-US: UHP UHP-100 devices CVE-2020-7234 (Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the S ...) NOT-FOR-US: Ruckus ZoneFlex R310 devices CVE-2020-7233 (KMS Controls BAC-A1616BC BACnet devices have a cleartext password of s ...) NOT-FOR-US: KMS Controls BAC-A1616BC BACnet devices CVE-2020-7232 (Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain ...) NOT-FOR-US: Evoko Home devices CVE-2020-7231 (Evoko Home 1.31 devices provide different error messages for failed lo ...) NOT-FOR-US: Evoko Home devices CVE-2020-7230 RESERVED CVE-2020-7229 (An issue was discovered in Simplejobscript.com SJS before 1.65. There ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-7228 (The Calculated Fields Form plugin through 1.0.353 for WordPress suffer ...) NOT-FOR-US: Calculated Fields Form plugin for WordPress CVE-2020-7227 (Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosur ...) NOT-FOR-US: Westermo MRD-315 devices CVE-2020-7226 (CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and ...) NOT-FOR-US: cryptacular CVE-2020-7225 RESERVED CVE-2020-7224 (The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows ...) NOT-FOR-US: Aviatrix OpenVPN client CVE-2020-7223 RESERVED CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06- ...) NOT-FOR-US: Amcrest Web Server CVE-2020-7221 (mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege es ...) - mariadb-10.3 (Only affects MariaDB 10.4.7 through 10.4.11) - mariadb-10.1 (Only affects MariaDB 10.4.7 through 10.4.11) CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...) NOT-FOR-US: HashiCorp Vault CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...) - consul 1.7.0+dfsg1-1 (bug #950736) [buster] - consul (Minor issue) NOTE: https://github.com/hashicorp/consul/issues/7159 NOTE: Fixed in 1.6.3. CVE-2020-7218 (HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services al ...) - nomad 0.10.3+dfsg1-1 NOTE: https://github.com/hashicorp/nomad/issues/7002 CVE-2020-7217 (An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0. ...) NOT-FOR-US: openSUSE wicked CVE-2020-7216 (An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and e ...) NOT-FOR-US: openSUSE wicked CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7.90.99 ...) NOT-FOR-US: Gallagher Command Centre CVE-2020-7214 RESERVED CVE-2020-7213 (Parallels 13 uses cleartext HTTP as part of the update process, allowi ...) NOT-FOR-US: Parallels CVE-2020-7212 (The _encode_invalid_chars function in util/url.py in the urllib3 libra ...) - python-urllib3 1.25.8-1 [buster] - python-urllib3 (Vulnerable code introduced later) [stretch] - python-urllib3 (Vulnerable code introduced later) [jessie] - python-urllib3 (Vulnerable code introduced later) NOTE: https://github.com/urllib3/urllib3/pull/1787 NOTE: Introduced by: https://github.com/urllib3/urllib3/commit/a74c9cfbaed9f811e7563cfc3dce894928e0221a (1.25.2) NOTE: Fixed by: https://github.com/urllib3/urllib3/commit/a2697e7c6b275f05879b60f593c5854a816489f0 (1.25.8) CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ ...) - libslirp (unimportant) NOTE: https://bugs.launchpad.net/qemu/+bug/1812451 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...) NOT-FOR-US: Umbraco CMS CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution w ...) NOT-FOR-US: LinuxKI CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved i ...) NOT-FOR-US: LinuxKI CVE-2020-7207 (A local elevation of privilege using physical access security vulnerab ...) NOT-FOR-US: HPE CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has ...) NOT-FOR-US: HP nagios plugin for iLO CVE-2020-7205 (A potential security vulnerability has been identified in HPE Intellig ...) NOT-FOR-US: HPE CVE-2020-7204 RESERVED CVE-2020-7203 (A potential security vulnerability has been identified in HPE iLO Ampl ...) NOT-FOR-US: HPE CVE-2020-7202 (A potential security vulnerability has been identified in HPE Integrat ...) NOT-FOR-US: HPE CVE-2020-7201 (A potential security vulnerability has been identified in the HPE Stor ...) NOT-FOR-US: HPE CVE-2020-7200 (A potential security vulnerability has been identified in HPE Systems ...) NOT-FOR-US: HPE CVE-2020-7199 (A security vulnerability has been identified in the HPE Edgeline Infra ...) NOT-FOR-US: HPE CVE-2020-7198 (There is a remote escalation of privilege possible for a malicious use ...) NOT-FOR-US: HPE CVE-2020-7197 (SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreSe ...) NOT-FOR-US: HPE CVE-2020-7196 (The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Co ...) NOT-FOR-US: HPE CVE-2020-7195 (A iccselectrules expression language injection remote code execution v ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7194 (A perfaddormoddevicemonitor expression language injection remote code ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7193 (A ictexpertcsvdownload expression language injection remote code execu ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7192 (A devicethresholdconfig expression language injection remote code exec ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7191 (A devsoftsel expression language injection remote code execution vulne ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7190 (A deviceselect expression language injection remote code execution vul ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7189 (A faultflasheventselectfact expression language injectionremote code e ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7188 (A userselectpagingcontent expression language injection remote code ex ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7187 (A reportpage index expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7186 (A powershellconfigcontent expression language injection remote code ex ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7185 (A tvxlanlegend expression language injection remote code execution vul ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7184 (A viewbatchtaskresultdetailfact expression language injection remote c ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7183 (A forwardredirect expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7182 (A sshconfig expression language injection remote code execution vulner ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7181 (A smsrulesdownload expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7180 (A ictexpertdownload expression language injection remote code executio ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7179 (A thirdpartyperfselecttask expression language injection remote code e ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7178 (A mediaforaction expression language injection remote code execution v ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7177 (A wmiconfigcontent expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7176 (A viewtaskresultdetailfact expression language injection remote code e ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7175 (A iccselectdymicparam expression language injection remote code execut ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7174 (A soapconfigcontent expression language injection remote code executio ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7173 (A actionselectcontent expression language injection remote code execut ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7172 (A templateselect expression language injection remote code execution v ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7171 (A guidatadetail expression language injection remote code execution vu ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7170 (A select expression language injection remote code execution vulnerabi ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7169 (A ictexpertcsvdownload expression language injection remote code execu ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7168 (A selectusergroup expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7167 (A quicktemplateselect expression language injection remote code execut ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7166 (A operatorgrouptreeselectcontent expression language injection remote ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7165 (A iccselectcommand expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7164 (A operationselect expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7163 (A navigationto expression language injection remote code execution vul ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7162 (A operatorgroupselectcontent expression language injection remote code ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7161 (A reporttaskselect expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7160 (A iccselectdeviceseries expression language injection remote code exec ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7159 (A customtemplateselect expression language injection remote code execu ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7158 (A perfselecttask expression language injection remote code execution v ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7157 (A selviewnavcontent expression language injection remote code executio ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7156 (A faultinfo_content expression language injection remote code executio ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7155 (A select expression language injection remote code execution vulnerabi ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7154 (A ifviewselectpage expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7153 (A iccselectdevtype expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7152 (A faultparasset expression language injection remote code execution vu ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7151 (A faulttrapgroupselect expression language injection remote code execu ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7150 (A faultstatchoosefaulttype expression language injection remote code e ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7149 (A ictexpertcsvdownload expression language injection remote code execu ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7148 (A deployselectsoftware expression language injection remote code execu ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7147 (A deployselectbootrom expression language injection remote code execut ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7146 (A devgroupselect expression language injection remote code execution v ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7145 (A chooseperfview expression language injection remote code execution v ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7144 (A comparefilesresult expression language injection remote code executi ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7143 (A faultdevparasset expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7142 (A eventinfo_content expression language injection remote code executio ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7141 (A adddevicetoview expression language injection remote code execution ...) NOT-FOR-US: HPE Intelligent Management Center (iMC) CVE-2020-7140 (A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gatew ...) NOT-FOR-US: HPE CVE-2020-7139 (Potential remote access security vulnerabilities have been identified ...) NOT-FOR-US: HPE CVE-2020-7138 (Potential remote code execution security vulnerabilities have been ide ...) NOT-FOR-US: HPE CVE-2020-7137 (A validation issue in HPE Superdome Flex's RMC component may allow loc ...) NOT-FOR-US: HPE CVE-2020-7136 (A security vulnerability in HPE Smart Update Manager (SUM) prior to ve ...) NOT-FOR-US: HPE Smart Update Manager (SUM) CVE-2020-7135 (A potential security vulnerability has been identified in the disk dri ...) NOT-FOR-US: HPE CVE-2020-7134 (A remote access to sensitive data vulnerability was discovered in HPE ...) NOT-FOR-US: HPE CVE-2020-7133 (A unauthorized remote access vulnerability was discovered in HPE IOT + ...) NOT-FOR-US: HPE CVE-2020-7132 (A potential security vulnerability has been identified in HPE Onboard ...) NOT-FOR-US: HPE CVE-2020-7131 (This document describes a security vulnerability in Blade Maintenance ...) NOT-FOR-US: HPE CVE-2020-7130 (HPE OneView Global Dashboard (OVGD) 1.9 has a remote information discl ...) NOT-FOR-US: HPE CVE-2020-7129 (A remote execution of arbitrary commands vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2020-7128 (A remote unauthenticated arbitrary code execution vulnerability was di ...) NOT-FOR-US: Aruba CVE-2020-7127 (A remote unauthenticated arbitrary code execution vulnerability was di ...) NOT-FOR-US: Aruba CVE-2020-7126 (A remote server-side request forgery (ssrf) vulnerability was discover ...) NOT-FOR-US: Aruba CVE-2020-7125 (A remote escalation of privilege vulnerability was discovered in Aruba ...) NOT-FOR-US: Aruba CVE-2020-7124 (A remote unauthorized access vulnerability was discovered in Aruba Air ...) NOT-FOR-US: Aruba CVE-2020-7123 (A local escalation of privilege vulnerability was discovered in Aruba ...) NOT-FOR-US: Aruba CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...) NOT-FOR-US: Aruba CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...) NOT-FOR-US: Aruba CVE-2020-7120 (A local authenticated buffer overflow vulnerability was discovered in ...) NOT-FOR-US: Aruba CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location Engine (ALE ...) NOT-FOR-US: Aruba CVE-2020-7118 RESERVED CVE-2020-7117 (The ClearPass Policy Manager WebUI administrative interface has an aut ...) NOT-FOR-US: ClearPass Policy Manager WebUI CVE-2020-7116 (The ClearPass Policy Manager WebUI administrative interface has an aut ...) NOT-FOR-US: ClearPass Policy Manager WebUI CVE-2020-7115 (The ClearPass Policy Manager web interface is affected by a vulnerabil ...) NOT-FOR-US: ClearPass Policy Manager CVE-2020-7114 (A vulnerability exists allowing attackers, when present in the same ne ...) NOT-FOR-US: ClearPass CVE-2020-7113 (A vulnerability was found when an attacker, while communicating with t ...) NOT-FOR-US: ClearPass CVE-2020-7112 RESERVED CVE-2020-7111 (A server side injection vulnerability exists which could allow an auth ...) NOT-FOR-US: ClearPass CVE-2020-7110 (ClearPass is vulnerable to Stored Cross Site Scripting by allowing a m ...) NOT-FOR-US: ClearPass CVE-2020-7109 (The Elementor Page Builder plugin before 2.8.4 for WordPress does not ...) NOT-FOR-US: Elementor Page Builder plugin for WordPress CVE-2020-7108 (The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ...) NOT-FOR-US: LearnDash LMS plugin for WordPress CVE-2020-7107 (The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Dis ...) NOT-FOR-US: Ultimate FAQ plugin for WordPress CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.p ...) {DLA-2069-1} - cacti 1.2.9+ds1-1 (bug #949996) [buster] - cacti 1.2.2+ds1-2+deb10u3 [stretch] - cacti (can be fixed along with more important issues) NOTE: https://github.com/Cacti/cacti/issues/3191 NOTE: https://github.com/Cacti/cacti/commit/4cbb045e03ee20a2bd09094a201a925fbb8a39d9 NOTE: https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464 NOTE: https://github.com/Cacti/cacti/commit/b1c70e19466a6e69284e24cde437b55ccc454bee CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...) {DLA-2083-1} - hiredis 0.14.0-5 (bug #949995) [buster] - hiredis (Minor issue) [stretch] - hiredis (Minor issue) NOTE: https://github.com/redis/hiredis/pull/754 NOTE: https://github.com/redis/hiredis/pull/756 CVE-2020-7104 (The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via th ...) NOT-FOR-US: chained-quiz plugin for WordPress CVE-2020-7103 RESERVED CVE-2020-7102 RESERVED CVE-2020-7101 RESERVED CVE-2020-7100 RESERVED CVE-2020-7099 RESERVED CVE-2020-7098 RESERVED CVE-2020-7097 RESERVED CVE-2020-7096 RESERVED CVE-2020-7095 RESERVED CVE-2020-7094 RESERVED CVE-2020-7093 RESERVED CVE-2020-7092 RESERVED CVE-2020-7091 RESERVED CVE-2020-7090 RESERVED CVE-2020-7089 RESERVED CVE-2020-7088 RESERVED CVE-2020-7087 RESERVED CVE-2020-7086 RESERVED CVE-2020-7085 (A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 ...) NOT-FOR-US: Autodesk CVE-2020-7084 (A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versi ...) NOT-FOR-US: Autodesk CVE-2020-7083 (An intager overflow vulnerability in the Autodesk FBX-SDK versions 201 ...) NOT-FOR-US: Autodesk CVE-2020-7082 (A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 ...) NOT-FOR-US: Autodesk CVE-2020-7081 (A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 ...) NOT-FOR-US: Autodesk CVE-2020-7080 (A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019. ...) NOT-FOR-US: Autodesk CVE-2020-7079 (An improper signature validation vulnerability in Autodesk Dynamo BIM ...) NOT-FOR-US: Autodesk CVE-2020-7078 RESERVED CVE-2020-7077 RESERVED CVE-2020-7076 RESERVED CVE-2020-7075 RESERVED CVE-2020-7074 RESERVED CVE-2020-7073 RESERVED CVE-2020-7072 RESERVED CVE-2020-7071 (In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when ...) {DSA-4856-1 DLA-2708-1} - php8.0 8.0.1-1 - php7.4 7.4.14-1 - php7.3 - php7.0 NOTE: Fixed in PHP 8.0.1, 7.4.14, 7.3.26 NOTE: PHP Bug: https://bugs.php.net/77423 CVE-2020-7070 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...) {DSA-4856-1 DLA-2397-1} - php7.4 7.4.11-1 - php7.3 - php7.0 NOTE: Fixed in PHP 7.4.11, 7.3.23, 7.2.34 NOTE: PHP Bug: https://bugs.php.net/79699 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6559fe912661ca5ce5f0eeeb591d928451428ed0 CVE-2020-7069 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below ...) {DSA-4856-1} - php7.4 7.4.11-1 - php7.3 - php7.0 (Affected code not present) NOTE: Fixed in PHP 7.4.11, 7.3.23, 7.2.34 NOTE: PHP Bug: https://bugs.php.net/79601 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0216630ea2815a5789a24279a1211ac398d4de79 CVE-2020-7068 (In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below ...) {DSA-4856-1 DLA-2345-1} - php7.4 7.4.9-1 - php7.3 - php7.0 NOTE: Fixed in PHP 7.4.9, 7.3.21, 7.2.33 NOTE: PHP Bug: https://bugs.php.net/79797 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=7355ab81763a3d6a04ac11660e6a16d58838d187 CVE-2020-7067 (In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2188-1} - php7.4 7.4.5-1 (unimportant) - php7.3 (unimportant) - php7.0 (unimportant) - php5 (unimportant) NOTE: Fixed in PHP 7.4.5, 7.3.17 NOTE: PHP Bug: https://bugs.php.net/79465 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be NOTE: This only affects builds which enable EDBDIC CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2188-1} - php7.4 7.4.5-1 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29 NOTE: PHP Bug: https://bugs.php.net/79329 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43 CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using ...) {DSA-4719-1} - php7.4 7.4.5-1 - php7.3 - php7.0 (Vulnerable code introduced later) - php5 (Vulnerable code introduced later) NOTE: Fixed in PHP 7.4.4, 7.3.16 NOTE: PHP Bug: https://bugs.php.net/79371 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1fdffd1c55d771ca22ae217784ab75fce592ad38 CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2188-1} - php7.4 7.4.5-1 - php7.3 - php7.0 - php5 NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29 NOTE: PHP Bug: https://bugs.php.net/79282 NOTE: https://git.php.net/?p=php-src.git;a=commit;h=25238bdf6005b85ab844aa2b743b589dfce9f0d2 CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2160-1} - php7.4 7.4.3-1 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28 NOTE: PHP Bug: https://bugs.php.net/79082 CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2160-1} - php7.4 7.4.3-1 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28 NOTE: PHP Bug: https://bugs.php.net/79221 CVE-2020-7061 (In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...) - php7.4 (Windows specific issue) - php7.3 (Windows specific issue) - php7.0 (Windows specific issue) - php5 (Windows specific issue) NOTE: Fixed in PHP 7.4.3, 7.3.15 NOTE: PHP Bug: https://bugs.php.net/79171 CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings, ...) {DSA-4628-1 DSA-4626-1 DLA-2124-1} - php7.4 7.4.2-7 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27 NOTE: PHP Bug: https://bugs.php.net/79037 CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP ...) {DSA-4628-1 DSA-4626-1 DLA-2124-1} - php7.4 7.4.2-7 - php7.3 7.3.15-1 - php7.0 - php5 NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27 NOTE: PHP Bug: https://bugs.php.net/79099 CVE-2020-7058 (** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execut ...) - cacti (unimportant) NOTE: https://github.com/Cacti/cacti/issues/3186 NOTE: Properly configured in there is no security impact, cf. NOTE: https://github.com/Cacti/cacti/issues/3186#issuecomment-574444803 CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a d ...) NOT-FOR-US: Hikvision CVE-2020-7056 RESERVED CVE-2020-7055 (An issue was discovered in Elementor 2.7.4. Arbitrary file upload is p ...) NOT-FOR-US: Elementor CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in li ...) NOT-FOR-US: libIEC61850 CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...) - linux 5.2.6-1 [buster] - linux 4.19.98-1 [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/ CVE-2020-7052 (CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow unco ...) NOT-FOR-US: CODESYS CVE-2020-7051 (Codologic Codoforum through 4.8.4 allows stored XSS in the login area. ...) NOT-FOR-US: Codoforum CVE-2020-7050 (Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creati ...) NOT-FOR-US: Codoforum CVE-2020-7049 (Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_li ...) NOT-FOR-US: Nozomi Networks OS CVE-2020-7048 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...) NOT-FOR-US: Wordpress plugin CVE-2020-7047 (The WordPress plugin, WP Database Reset through 3.1, contains a flaw t ...) NOT-FOR-US: Wordpress plugin CVE-2020-7046 (lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 ...) - dovecot (Only affects 2.3.9) NOTE: https://www.openwall.com/lists/oss-security/2020/02/12/1 CVE-2020-7045 (In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. Thi ...) {DLA-2547-1} - wireshark 3.2.0-1 [buster] - wireshark 2.6.20-0+deb10u1 [jessie] - wireshark (Doesn't support request-respone tracking in affected code passage, yet) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16258 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=01f261de41f4dd3233ef578e5c0ffb9c25c7d14d NOTE: https://www.wireshark.org/security/wnpa-sec-2020-02.html CVE-2020-7044 (In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This ...) - wireshark 3.2.1-1 [buster] - wireshark (Vulnerable code not present) [stretch] - wireshark (Vulnerable code not present) [jessie] - wireshark (Vulnerable code not present) NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16324 NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f90a3720b73ca140403315126e2a478c4f70ca03 NOTE: https://www.wireshark.org/security/wnpa-sec-2020-01.html CVE-2020-7043 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 (unimportant) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/6328a070ddaab16faaf008cb9a8a62439c30f2a8 NOTE: No version of openfortivpn was shipped with OpenSSL < 1.0.2, marking as unimportant CVE-2020-7042 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 [buster] - openfortivpn (Minor issue) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/9eee997d599a89492281fc7ffdd79d88cd61afc3 CVE-2020-7041 (An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL ...) - openfortivpn 1.12.0-1 [buster] - openfortivpn (Minor issue) NOTE: https://github.com/adrienverge/openfortivpn/issues/536 NOTE: https://github.com/adrienverge/openfortivpn/commit/60660e00b80bad0fadcf39aee86f6f8756c94f91 CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...) {DLA-2095-1} - storebackup 3.2.1-2 (bug #949393) [buster] - storebackup 3.2.1-2~deb10u1 [stretch] - storebackup 3.2.1-2~deb9u1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1156767 NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/3 NOTE: SuSE provided patch: https://www.openwall.com/lists/oss-security/2020/01/20/3/1 CVE-2020-7039 (tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, misman ...) {DSA-4616-1 DLA-2551-1 DLA-2090-1 DLA-2076-1} - libslirp 4.1.0-2 (bug #949084) - qemu 1:4.1-2 - qemu-kvm - slirp 1:1.0.17-10 (bug #949085) [buster] - slirp 1:1.0.17-8+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/01/16/2 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/2655fffed7a9e765bcb4701dd876e9dab975f289 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/82ebe9c370a0e2970fb5695aa19aa5214a6a1c80 NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed. NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-vjwg-42w7-w64h CVE-2020-7038 (A vulnerability was discovered in Management component of Avaya Equino ...) NOT-FOR-US: Avaya Equinox Conferencing CVE-2020-7037 (An XML External Entities (XXE) vulnerability in Media Server component ...) NOT-FOR-US: Avaya Equinox Conferencing CVE-2020-7036 (An XML External Entities (XXE)vulnerability in Callback Assist could a ...) NOT-FOR-US: Callback Assist CVE-2020-7035 (An XML External Entities (XXE)vulnerability in the web-based user inte ...) NOT-FOR-US: Avaya Aura Orchestration Designer CVE-2020-7034 (A command injection vulnerability in Avaya Session Border Controller f ...) NOT-FOR-US: Avaya Session Border Controller for Enterprise CVE-2020-7033 (A Cross Site Scripting (XSS) Vulnerability on the Unified Portal Clien ...) NOT-FOR-US: Avaya CVE-2020-7032 (An XML external entity (XXE) vulnerability in Avaya WebLM admin interf ...) NOT-FOR-US: Avaya CVE-2020-7031 REJECTED CVE-2020-7030 (A sensitive information disclosure vulnerability was discovered in the ...) NOT-FOR-US: IP Office CVE-2020-7029 (A Cross-Site Request Forgery (CSRF) vulnerability was discovered in th ...) NOT-FOR-US: Avaya CVE-2020-7028 RESERVED CVE-2020-7027 RESERVED CVE-2020-7026 RESERVED CVE-2020-7025 RESERVED CVE-2020-7024 RESERVED CVE-2020-7023 RESERVED CVE-2020-7022 RESERVED CVE-2020-7021 (Elasticsearch versions before 7.10.0 and 6.8.14 have an information di ...) - elasticsearch CVE-2020-7020 (Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disc ...) - elasticsearch CVE-2020-7019 (In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was f ...) - elasticsearch CVE-2020-7018 (Elastic Enterprise Search before 7.9.0 contain a credential exposure f ...) - elasticsearch CVE-2020-7017 (In Kibana versions before 6.8.11 and 7.8.1 the region map visualizatio ...) - kibana (bug #700337) CVE-2020-7016 (Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (D ...) - kibana (bug #700337) CVE-2020-7015 (Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in t ...) - kibana (bug #700337) CVE-2020-7014 (The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch ve ...) - elasticsearch CVE-2020-7013 (Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution f ...) - kibana (bug #700337) CVE-2020-7012 (Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype ...) - kibana (bug #700337) CVE-2020-7011 (Elastic App Search versions before 7.7.0 contain a cross site scriptin ...) - elasticsearch CVE-2020-7010 (Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate pas ...) NOT-FOR-US: Elastic Cloud CVE-2020-7009 (Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 ...) - elasticsearch CVE-2020-7008 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-7007 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker ...) NOT-FOR-US: Moxa CVE-2020-7006 (Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), ...) NOT-FOR-US: Systech Corporation CVE-2020-7005 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...) NOT-FOR-US: Honeywell CVE-2020-7004 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-7003 (In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpre ...) NOT-FOR-US: Moxa CVE-2020-7002 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...) NOT-FOR-US: McAfee CVE-2020-7001 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected ...) NOT-FOR-US: Moxa CVE-2020-7000 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may al ...) NOT-FOR-US: VISAM VBASE Editor CVE-2020-6999 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the p ...) NOT-FOR-US: Moxa CVE-2020-6998 RESERVED CVE-2020-6997 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, sensitive inf ...) NOT-FOR-US: Moxa CVE-2020-6996 (Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Prot ...) NOT-FOR-US: Triangle MicroWorks CVE-2020-6995 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6994 (A buffer overflow vulnerability was found in some devices of Hirschman ...) NOT-FOR-US: Hirschmann Automation and Control HiOS and HiSecOS CVE-2020-6993 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6992 (A local privilege escalation vulnerability has been identified in the ...) NOT-FOR-US: GE Digital CVE-2020-6991 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, weak password ...) NOT-FOR-US: Moxa CVE-2020-6990 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6989 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6988 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6987 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6986 (In all versions of Omron PLC CJ Series, an attacker can send a series ...) NOT-FOR-US: Omron CVE-2020-6985 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6984 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6983 (In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 ser ...) NOT-FOR-US: Moxa CVE-2020-6982 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injecti ...) NOT-FOR-US: Honeywell CVE-2020-6981 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, an attacker m ...) NOT-FOR-US: Moxa CVE-2020-6980 (Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and p ...) NOT-FOR-US: Rockwell CVE-2020-6979 (In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected ...) NOT-FOR-US: Moxa CVE-2020-6978 (In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected produ ...) NOT-FOR-US: Honeywell CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...) NOT-FOR-US: GE CVE-2020-6976 (Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. ...) NOT-FOR-US: Delta Industrial Automation CNCSoft ScreenEditor CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6974 (Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a pa ...) NOT-FOR-US: Honeywell CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) NOT-FOR-US: Digi International ConnectPort LTS 32 MEI CVE-2020-6972 (In Notifier Web Server (NWS) Version 3.50 and earlier, the Honeywell F ...) NOT-FOR-US: Honeywell CVE-2020-6971 (In Emerson ValveLink v12.0.264 to v13.4.118, a vulnerability in the Va ...) NOT-FOR-US: Emerson CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA ...) NOT-FOR-US: Emerson OpenEnterprise SCADA Server CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...) NOT-FOR-US: AutomationDirect CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to escalate app ...) NOT-FOR-US: Honeywell CVE-2020-6967 (In Rockwell Automation all versions of FactoryTalk Diagnostics softwar ...) NOT-FOR-US: Rockwell CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6965 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6964 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6963 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6962 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6961 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...) NOT-FOR-US: ApexPro Telemetry Server CVE-2020-6960 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...) NOT-FOR-US: Honeywell CVE-2020-6959 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...) NOT-FOR-US: Honeywell CVE-2020-6958 (An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrappe ...) NOT-FOR-US: Yet Another Java Service Wrapper (YAJSW) CVE-2020-6957 RESERVED CVE-2020-6956 (PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_acti ...) NOT-FOR-US: PCS DEXICON CVE-2020-6955 (An issue was discovered on Cayin SMP-PRO4 devices. They allow image_pr ...) NOT-FOR-US: Cayin SMP-PRO4 devices CVE-2020-6954 (An issue was discovered on Cayin SMP-PRO4 devices. A user can discover ...) NOT-FOR-US: Cayin SMP-PRO4 devices CVE-2020-6953 RESERVED CVE-2020-6952 RESERVED CVE-2020-6951 RESERVED CVE-2020-6950 (Directory traversal in Eclipse Mojarra before 2.3.14 allows attackers ...) - mojarra (Vulnerable code introduced later) NOTE: https://github.com/eclipse-ee4j/mojarra/commit/cefbb9447e7be560e59da2da6bd7cb93776f7741 CVE-2020-6949 (A privilege escalation issue was discovered in the postUser function i ...) NOT-FOR-US: HashBrown CMS CVE-2020-6948 (A remote code execution issue was discovered in HashBrown CMS through ...) NOT-FOR-US: HashBrown CMS CVE-2020-6947 RESERVED CVE-2020-6946 RESERVED CVE-2020-6945 RESERVED CVE-2020-6944 RESERVED CVE-2020-6943 RESERVED CVE-2020-6942 RESERVED CVE-2020-6941 RESERVED CVE-2020-6940 RESERVED CVE-2020-6939 (Tableau Server installations configured with Site-Specific SAML that a ...) NOT-FOR-US: Tableau Server CVE-2020-6938 (A sensitive information disclosure vulnerability in Tableau Server 10. ...) NOT-FOR-US: Tableau Server CVE-2020-6937 (A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, ...) NOT-FOR-US: MuleSoft CVE-2020-6936 RESERVED CVE-2020-6935 RESERVED CVE-2020-6934 RESERVED CVE-2020-6933 (An improper input validation vulnerability in the UEM Core of BlackBer ...) NOT-FOR-US: BlackBerry CVE-2020-6932 (An information disclosure and remote code execution vulnerability in t ...) NOT-FOR-US: BlackBerry QNX Software Development Platform CVE-2020-6931 (HP Print and Scan Doctor may potentially be vulnerable to local elevat ...) NOT-FOR-US: HP CVE-2020-6930 RESERVED CVE-2020-6929 RESERVED CVE-2020-6928 RESERVED CVE-2020-6927 RESERVED CVE-2020-6926 RESERVED CVE-2020-6925 RESERVED CVE-2020-6924 RESERVED CVE-2020-6923 RESERVED CVE-2020-6922 RESERVED CVE-2020-6921 RESERVED CVE-2020-6920 RESERVED CVE-2020-6919 RESERVED CVE-2020-6918 RESERVED CVE-2020-6917 RESERVED CVE-2020-6916 RESERVED CVE-2020-6915 RESERVED CVE-2020-6914 RESERVED CVE-2020-6913 RESERVED CVE-2020-6912 RESERVED CVE-2020-6911 REJECTED CVE-2020-6910 REJECTED CVE-2020-6909 REJECTED CVE-2020-6908 REJECTED CVE-2020-6907 REJECTED CVE-2020-6906 REJECTED CVE-2020-6905 REJECTED CVE-2020-6904 REJECTED CVE-2020-6903 REJECTED CVE-2020-6902 REJECTED CVE-2020-6901 REJECTED CVE-2020-6900 REJECTED CVE-2020-6899 REJECTED CVE-2020-6898 REJECTED CVE-2020-6897 REJECTED CVE-2020-6896 REJECTED CVE-2020-6895 REJECTED CVE-2020-6894 REJECTED CVE-2020-6893 REJECTED CVE-2020-6892 REJECTED CVE-2020-6891 REJECTED CVE-2020-6890 REJECTED CVE-2020-6889 REJECTED CVE-2020-6888 REJECTED CVE-2020-6887 REJECTED CVE-2020-6886 REJECTED CVE-2020-6885 REJECTED CVE-2020-6884 REJECTED CVE-2020-6883 REJECTED CVE-2020-6882 (ZTE E8810/E8820/E8822 series routers have an information leak vulnerab ...) NOT-FOR-US: ZTE CVE-2020-6881 (ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, w ...) NOT-FOR-US: ZTE CVE-2020-6880 (A ZXELINK wireless controller has a SQL injection vulnerability. A rem ...) NOT-FOR-US: ZXELINK CVE-2020-6879 (Some ZTE devices have input verification vulnerabilities. The devices ...) NOT-FOR-US: ZTE CVE-2020-6878 REJECTED CVE-2020-6877 (A ZTE product is impacted by an information leak vulnerability. An att ...) NOT-FOR-US: ZTE CVE-2020-6876 (A ZTE product is impacted by an XSS vulnerability. The vulnerability i ...) NOT-FOR-US: ZTE CVE-2020-6875 (A ZTE product is impacted by the improper access control vulnerability ...) NOT-FOR-US: ZTE CVE-2020-6874 (A ZTE product is impacted by the cryptographic issues vulnerability. T ...) NOT-FOR-US: ZTE CVE-2020-6873 (A ZTE product has a DoS vulnerability. Because the equipment couldn ...) NOT-FOR-US: ZTE CVE-2020-6872 (The server management software module of ZTE has a storage XSS vulnera ...) NOT-FOR-US: ZTE CVE-2020-6871 (The server management software module of ZTE has an authentication iss ...) NOT-FOR-US: ZTE CVE-2020-6870 (The version V12.17.20T115 of ZTE U31R20 product is impacted by a desig ...) NOT-FOR-US: ZTE CVE-2020-6869 (All versions up to 10.06 of ZTEMarket APK are impacted by an informati ...) NOT-FOR-US: ZTE CVE-2020-6868 (There is an input validation vulnerability in a PON terminal product o ...) NOT-FOR-US: ZTE CVE-2020-6867 (ZTE's SDON controller is impacted by the resource management error vul ...) NOT-FOR-US: ZTE CVE-2020-6866 (A ZTE product is impacted by a resource management error vulnerability ...) NOT-FOR-US: ZTE CVE-2020-6865 (ZTE SDN controller platform is impacted by an information leakage vuln ...) NOT-FOR-US: ZTE CVE-2020-6864 (ZTE E8820V3 router product is impacted by an information leak vulnerab ...) NOT-FOR-US: ZTE CVE-2020-6863 (ZTE E8820V3 router product is impacted by a permission and access cont ...) NOT-FOR-US: ZTE CVE-2020-6862 (V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Informati ...) NOT-FOR-US: ZTE F6x2W CVE-2020-6861 (A flawed protocol design in the Ledger Monero app before 1.5.1 for Led ...) NOT-FOR-US: Ledger Monero app CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...) - libmysofa 1.0~dfsg0-1 (bug #949325) [buster] - libmysofa (Minor issue) NOTE: https://github.com/hoene/libmysofa/issues/96 NOTE: https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85 CVE-2020-6859 (Multiple Insecure Direct Object Reference vulnerabilities in includes/ ...) NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2020-6858 (Hotels Styx through 1.0.0.beta8 allows HTTP response splitting due to ...) NOT-FOR-US: Hotels Styx CVE-2020-6857 (CarbonFTP v1.4 uses insecure proprietary password encryption with a ha ...) NOT-FOR-US: CarbonFTP CVE-2020-6856 (An XML External Entity (XEE) vulnerability exists in the JOC Cockpit c ...) NOT-FOR-US: JOC Cockpit component of SOS JobScheduler CVE-2020-6855 (A large or infinite loop vulnerability in the JOC Cockpit component of ...) NOT-FOR-US: JOC Cockpit component of SOS JobScheduler CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit componen ...) NOT-FOR-US: JOC Cockpit, different from src:cockpit CVE-2020-6853 RESERVED CVE-2020-6852 (CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3. ...) NOT-FOR-US: CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl ...) {DSA-4882-1 DLA-2277-1 DLA-2081-1} - openjpeg2 2.4.0-1 (bug #950000) NOTE: https://github.com/uclouvain/openjpeg/issues/1228 NOTE: https://github.com/uclouvain/openjpeg/commit/024b8407392cb0b82b04b58ed256094ed5799e04 (v2.4.0) CVE-2020-6850 (Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4 ...) NOT-FOR-US: miniorange-saml-20-single-sign-on plugin for WordPress CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allo ...) NOT-FOR-US: marketo-forms-and-tracking plugin for WordPress CVE-2020-6848 (Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Na ...) NOT-FOR-US: Axper Vision II 4 devices CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is exec ...) NOT-FOR-US: OpenTrade CVE-2020-6846 RESERVED CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no ReadOnly ...) NOT-FOR-US: TopManage CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vulnerab ...) NOT-FOR-US: TopManage CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2020-6842 (D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated ...) NOT-FOR-US: D-Link CVE-2020-6841 (D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to ...) NOT-FOR-US: D-Link CVE-2020-6840 (In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mru ...) - mruby (Vulnerable code introduced later) NOTE: https://github.com/mruby/mruby/issues/4927 NOTE: Introduced by: https://github.com/mruby/mruby/commit/694089fafe4eae36c379a3d918d540eb0c4b8661 NOTE: Fixed by: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 CVE-2020-6839 (In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_ ...) - mruby (Vulnerable code not present) NOTE: https://github.com/mruby/mruby/issues/4929 NOTE: Introduced by: https://github.com/mruby/mruby/commit/2532e625edc2457447369e36e2ecf7882d872ef9 NOTE: Fixed by: https://github.com/mruby/mruby/commit/2124b9b4c95e66e63b1eb26a8dab49753b82fd6c CVE-2020-6838 (In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems ...) - mruby (Vulnerable code not present) NOTE: Introduced by: https://github.com/mruby/mruby/commit/694089fafe4eae36c379a3d918d540eb0c4b8661 NOTE: https://github.com/mruby/mruby/issues/4926 NOTE: https://github.com/mruby/mruby/commit/fc8fb41451b07b3fda0726ba80e88e509ad02452 NOTE: https://github.com/mruby/mruby/commit/70e574689664c10ed2c47581999cc2ce3e3c5afb NOTE: https://github.com/mruby/mruby/commit/2742ded32fe18f88833d76b297f5c2170b6880c3 CVE-2020-6837 RESERVED CVE-2020-6836 (grammar-parser.jison in the hot-formula-parser package before 3.0.1 fo ...) NOT-FOR-US: hot-formula-parser Node package CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a heap-based off ...) - bftpd (bug #640469) CVE-2020-6834 RESERVED CVE-2020-6833 (An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhors ...) - gitlab (Only affects Gitlab EE 11.3 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 throug ...) - gitlab (Only affects GitLab EE 8.9.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/13/critical-security-release-gitlab-12-dot-6-dot-4-released/ CVE-2020-6831 (A buffer overflow could occur when parsing and validating SCTP chunks ...) {DSA-4714-1 DSA-4683-1 DSA-4678-1 DLA-2206-1 DLA-2205-1} - firefox 76.0-1 - firefox-esr 68.8.0esr-1 - thunderbird 1:68.8.0-1 - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-16/#CVE-2020-6831 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-17/#CVE-2020-6831 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-18/#CVE-2020-6831 CVE-2020-6830 (For native-to-JS bridging, the app requires a unique token to be passe ...) - firefox (Firefox on iOS) CVE-2020-6829 (When performing EC scalar point multiplication, the wNAF point multipl ...) {DLA-2388-1} - firefox 80.0-1 - nss 2:3.55-1 [buster] - nss (Minor issue) NOTE: https://hg.mozilla.org/projects/nss/rev/e55ab3145546ae3cf1333b43956a974675d2d25c NOTE: https://hg.mozilla.org/projects/nss/rev/3f022d5eca5d3cd0e366a825a5681953d76299d0 NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.55_release_notes NOTE: Issue relates to CVE-2020-12400 and resolved in the same commits. NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-6829 CVE-2020-6828 (A malicious Android application could craft an Intent that would have ...) - firefox-esr (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6828 CVE-2020-6827 (When following a link that opened an intent://-schemed URL, causing a ...) - firefox-esr (Android-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6827 CVE-2020-6826 (Mozilla developers Tyson Smith, Bob Clary, and Alexandru Michis report ...) - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6826 CVE-2020-6825 (Mozilla developers and community members Tyson Smith and Christian Hol ...) {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6825 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6825 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6825 CVE-2020-6824 (Initially, a user opens a Private Browsing Window and generates a pass ...) - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6824 CVE-2020-6823 (A malicious extension could have called <code>browser.identity.l ...) - firefox 75.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6823 CVE-2020-6822 (On 32-bit builds, an out of bounds write could have occurred when proc ...) {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6822 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6822 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6822 CVE-2020-6821 (When reading from areas partially or fully outside the source resource ...) {DSA-4656-1 DSA-4655-1 DLA-2172-1 DLA-2170-1} - firefox 75.0-1 - firefox-esr 68.7.0esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6821 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-13/#CVE-2020-6821 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-12/#CVE-2020-6821 CVE-2020-6820 (Under certain conditions, when handling a ReadableStream, a race condi ...) {DSA-4656-1 DSA-4653-1 DLA-2172-1 DLA-2170-1} - firefox 74.0.1-1 - firefox-esr 68.6.1esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6820 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6820 CVE-2020-6819 (Under certain conditions, when running the nsDocShell destructor, a ra ...) {DSA-4656-1 DSA-4653-1 DLA-2172-1 DLA-2170-1} - firefox 74.0.1-1 - firefox-esr 68.6.1esr-1 - thunderbird 1:68.7.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/#CVE-2020-6819 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-14/#CVE-2020-6819 CVE-2020-6818 RESERVED CVE-2020-6817 [Regular expression denial of service] RESERVED {DLA-2167-1} - python-bleach 3.1.4-1 (bug #955388) [buster] - python-bleach (Minor issue; some regression potential) [stretch] - python-bleach (Minor issue; some regression potential) NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-vqhp-cxgc-6wmm NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1623633 NOTE: https://github.com/mozilla/bleach/commit/d6018f2539d271963c3e7f54f36ef11900363c69 NOTE: https://github.com/mozilla/bleach/commit/6e74a5027b57055cdaeb040343d32934121392a7 NOTE: Regression report: https://github.com/mozilla/bleach/pull/530 CVE-2020-6815 (Mozilla developers reported memory safety and script safety bugs prese ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815 CVE-2020-6814 (Mozilla developers reported memory safety bugs present in Firefox and ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6814 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6814 CVE-2020-6813 (When protecting CSS blocks with the nonce feature of Content Security ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813 CVE-2020-6812 (The first time AirPods are connected to an iPhone, they become named a ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812 CVE-2020-6811 (The 'Copy as cURL' feature of Devtools' network tab did not properly e ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6811 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6811 CVE-2020-6810 (After a website had entered fullscreen mode, it could have used a prev ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6810 CVE-2020-6809 (When a Web Extension had the all-urls permission and made a fetch requ ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6809 CVE-2020-6808 (When a JavaScript URL (javascript:) is evaluated and the result is a s ...) - firefox 74.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808 CVE-2020-6807 (When a device was changed while a stream was about to be destroyed, th ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6807 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807 CVE-2020-6806 (By carefully crafting promise resolutions, it was possible to cause an ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6806 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806 CVE-2020-6805 (When removing data about an origin whose tab was recently closed, a us ...) {DSA-4642-1 DSA-4639-1 DLA-2150-1 DLA-2140-1} - firefox 74.0-1 - firefox-esr 68.6.0esr-1 - thunderbird 1:68.6.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-10/#CVE-2020-6805 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6805 CVE-2020-6804 (A reflected XSS vulnerability exists within the gateway, allowing an a ...) NOT-FOR-US: Mozilla IOT CVE-2020-6803 (An open redirect is present on the gateway's login page, which could c ...) NOT-FOR-US: Mozilla IOT CVE-2020-6801 (Mozilla developers reported memory safety bugs present in Firefox 72. ...) - firefox 73.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801 CVE-2020-6800 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6800 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6800 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6800 CVE-2020-6799 (Command line arguments could have been injected during Firefox invocat ...) - firefox (Only affects Windows) - firefox-esr (Only affects Windows) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6799 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799 CVE-2020-6798 (If a template tag was used in a select tag, the parser could be confus ...) {DSA-4625-1 DSA-4620-1 DLA-2104-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6798 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6798 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6798 CVE-2020-6797 (By downloading a file with the .fileloc extension, a semi-privileged e ...) - firefox (Only affects Mac OSX) - firefox-esr (Only affects Mac OSX) - thunderbird (Only affects Mac OSX) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797 CVE-2020-6796 (A content process could have modified shared memory relating to crash ...) {DSA-4620-1 DLA-2102-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6796 CVE-2020-6795 (When processing a message that contains multiple S/MIME signatures, a ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6795 CVE-2020-6794 (If a user saved passwords before Thunderbird 60 and then later set a m ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6794 CVE-2020-6793 (When processing an email message with an ill-formed envelope, Thunderb ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6793 CVE-2020-6792 (When deriving an identifier for an email message, uninitialized memory ...) {DSA-4625-1 DLA-2104-1} - thunderbird 1:68.5.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6792 CVE-2020-6791 RESERVED CVE-2020-6790 (Calling an executable through an Uncontrolled Search Path Element in t ...) NOT-FOR-US: Bosch CVE-2020-6789 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...) NOT-FOR-US: Bosch CVE-2020-6788 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...) NOT-FOR-US: Bosch CVE-2020-6787 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...) NOT-FOR-US: Bosch CVE-2020-6786 (Loading a DLL through an Uncontrolled Search Path Element in the Bosch ...) NOT-FOR-US: Bosch CVE-2020-6785 (Loading a DLL through an Uncontrolled Search Path Element in Bosch BVM ...) NOT-FOR-US: Bosch CVE-2020-6784 RESERVED CVE-2020-6783 RESERVED CVE-2020-6782 RESERVED CVE-2020-6781 (Improper certificate validation for certain connections in the Bosch S ...) NOT-FOR-US: Bosch Smart Home System App for iOS CVE-2020-6780 (Use of Password Hash With Insufficient Computational Effort in the dat ...) NOT-FOR-US: Bosch CVE-2020-6779 (Use of Hard-coded Credentials in the database of Bosch FSM-2500 server ...) NOT-FOR-US: Bosch CVE-2020-6778 RESERVED CVE-2020-6777 (A vulnerability in the web-based management interface of Bosch PRAESID ...) NOT-FOR-US: Bosch CVE-2020-6776 (A vulnerability in the web-based management interface of Bosch PRAESID ...) NOT-FOR-US: Bosch CVE-2020-6775 RESERVED CVE-2020-6774 (Improper Access Control in the Kiosk Mode functionality of Bosch Recor ...) NOT-FOR-US: Bosch CVE-2020-6773 RESERVED CVE-2020-6772 RESERVED CVE-2020-6771 (Loading a DLL through an Uncontrolled Search Path Element in Bosch IP ...) NOT-FOR-US: Bosch CVE-2020-6770 (Deserialization of Untrusted Data in the BVMS Mobile Video Service (BV ...) NOT-FOR-US: BVMS Mobile Video Service (BVMS MVS) CVE-2020-6769 (Missing Authentication for Critical Function in the Bosch Video Stream ...) NOT-FOR-US: Bosch CVE-2020-6768 (A path traversal vulnerability in the Bosch Video Management System (B ...) NOT-FOR-US: Bosch CVE-2020-6767 (A path traversal vulnerability in the Bosch Video Management System (B ...) NOT-FOR-US: Bosch CVE-2020-6766 RESERVED CVE-2020-6765 (D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS comm ...) NOT-FOR-US: D-Link CVE-2020-6764 REJECTED CVE-2020-6763 RESERVED CVE-2020-6762 RESERVED CVE-2020-6761 RESERVED CVE-2020-6760 (Schmid ZI 620 V400 VPN 090 routers allow an attacker to execute OS com ...) NOT-FOR-US: Schmid ZI 620 V400 VPN 090 routers CVE-2020-6759 RESERVED CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6757 (contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150 ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (K ...) NOT-FOR-US: Rasilient PixelStor CVE-2020-6755 RESERVED CVE-2020-6754 (dotCMS before 5.2.4 is vulnerable to directory traversal, leading to i ...) NOT-FOR-US: dotCMS CVE-2020-6753 (The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS ...) NOT-FOR-US: Login by Auth0 plugin for WordPress CVE-2020-6752 (In OMERO before 5.6.1, group owners can access members' data in other ...) NOT-FOR-US: OMERO CVE-2020-6751 RESERVED CVE-2020-6750 (GSocketClient in GNOME GLib through 2.62.4 may occasionally connect di ...) - glib2.0 2.62.5-1 (bug #948554) [buster] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) [stretch] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) [jessie] - glib2.0 (Vulnerable code introduced later, regreession from 2.60.0) NOTE: https://gitlab.gnome.org/GNOME/glib/issues/1989 CVE-2020-6749 REJECTED CVE-2020-6748 REJECTED CVE-2020-6747 REJECTED CVE-2020-6746 REJECTED CVE-2020-6745 REJECTED CVE-2020-6744 REJECTED CVE-2020-6743 REJECTED CVE-2020-6742 REJECTED CVE-2020-6741 REJECTED CVE-2020-6740 REJECTED CVE-2020-6739 REJECTED CVE-2020-6738 REJECTED CVE-2020-6737 REJECTED CVE-2020-6736 REJECTED CVE-2020-6735 REJECTED CVE-2020-6734 REJECTED CVE-2020-6733 REJECTED CVE-2020-6732 REJECTED CVE-2020-6731 REJECTED CVE-2020-6730 REJECTED CVE-2020-6729 REJECTED CVE-2020-6728 REJECTED CVE-2020-6727 REJECTED CVE-2020-6726 REJECTED CVE-2020-6725 REJECTED CVE-2020-6724 REJECTED CVE-2020-6723 REJECTED CVE-2020-6722 REJECTED CVE-2020-6721 REJECTED CVE-2020-6720 REJECTED CVE-2020-6719 REJECTED CVE-2020-6718 REJECTED CVE-2020-6717 REJECTED CVE-2020-6716 REJECTED CVE-2020-6715 REJECTED CVE-2020-6714 REJECTED CVE-2020-6713 REJECTED CVE-2020-6712 REJECTED CVE-2020-6711 REJECTED CVE-2020-6710 REJECTED CVE-2020-6709 REJECTED CVE-2020-6708 REJECTED CVE-2020-6707 REJECTED CVE-2020-6706 REJECTED CVE-2020-6705 REJECTED CVE-2020-6704 REJECTED CVE-2020-6703 REJECTED CVE-2020-6702 REJECTED CVE-2020-6701 REJECTED CVE-2020-6700 REJECTED CVE-2020-6699 REJECTED CVE-2020-6698 REJECTED CVE-2020-6697 REJECTED CVE-2020-6696 REJECTED CVE-2020-6695 REJECTED CVE-2020-6694 REJECTED CVE-2020-6693 REJECTED CVE-2020-6692 REJECTED CVE-2020-6691 REJECTED CVE-2020-6690 REJECTED CVE-2020-6689 REJECTED CVE-2020-6688 REJECTED CVE-2020-6687 REJECTED CVE-2020-6686 REJECTED CVE-2020-6685 REJECTED CVE-2020-6684 REJECTED CVE-2020-6683 REJECTED CVE-2020-6682 REJECTED CVE-2020-6681 REJECTED CVE-2020-6680 REJECTED CVE-2020-6679 REJECTED CVE-2020-6678 REJECTED CVE-2020-6677 REJECTED CVE-2020-6676 REJECTED CVE-2020-6675 REJECTED CVE-2020-6674 REJECTED CVE-2020-6673 REJECTED CVE-2020-6672 REJECTED CVE-2020-6671 REJECTED CVE-2020-6670 REJECTED CVE-2020-6669 REJECTED CVE-2020-6668 REJECTED CVE-2020-6667 REJECTED CVE-2020-6666 REJECTED CVE-2020-6665 REJECTED CVE-2020-6664 REJECTED CVE-2020-6663 REJECTED CVE-2020-6662 REJECTED CVE-2020-6661 REJECTED CVE-2020-6660 REJECTED CVE-2020-6659 RESERVED CVE-2020-6658 RESERVED CVE-2020-6657 RESERVED CVE-2020-6656 (Eaton's easySoft software v7.xx prior to v7.22 are susceptible to file ...) NOT-FOR-US: Eaton CVE-2020-6655 (The Eaton's easySoft software v7.xx prior to v7.22 are susceptible to ...) NOT-FOR-US: Eaton CVE-2020-6654 (A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configu ...) NOT-FOR-US: Eaton CVE-2020-6653 (Eaton's Secure connect mobile app v1.7.3 & prior stores the user l ...) NOT-FOR-US: Eaton CVE-2020-6652 (Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Po ...) NOT-FOR-US: Eaton CVE-2020-6651 (Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v ...) NOT-FOR-US: Eaton CVE-2020-6650 (UPS companion software v1.05 & Prior is affected by ‘Eval In ...) NOT-FOR-US: UPS companion software CVE-2020-6649 (An insufficient session expiration vulnerability in FortiNet's FortiIs ...) NOT-FOR-US: Fortinet CVE-2020-6648 (A cleartext storage of sensitive information vulnerability in FortiOS ...) NOT-FOR-US: Fortiguard FortiOS CVE-2020-6647 (An improper neutralization of input vulnerability in the dashboard of ...) NOT-FOR-US: Fortiguard CVE-2020-6646 (An improper neutralization of input vulnerability in FortiWeb allows a ...) NOT-FOR-US: Fortiguard CVE-2020-6645 RESERVED CVE-2020-6644 (An insufficient session expiration vulnerability in FortiDeceptor 3.0. ...) NOT-FOR-US: Fortiguard CVE-2020-6643 (An improper neutralization of input vulnerability in the URL Descripti ...) NOT-FOR-US: Fortinet CVE-2020-6642 RESERVED CVE-2020-6641 (Two authorization bypass through user-controlled key vulnerabilities i ...) NOT-FOR-US: FortiGuard CVE-2020-6640 (An improper neutralization of input vulnerability in the Admin Profile ...) NOT-FOR-US: Fortiguard CVE-2020-6639 RESERVED CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...) NOT-FOR-US: Grin CVE-2020-6637 (openSIS Community Edition version 7.3 is vulnerable to SQL injection v ...) NOT-FOR-US: openSIS CVE-2020-6636 RESERVED CVE-2020-6635 RESERVED CVE-2020-6634 RESERVED CVE-2020-6633 RESERVED CVE-2020-6632 (In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a Q ...) NOT-FOR-US: PrestaShop CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue, clean crash, MP42TS not shipped, incomplete patch) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1378 NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) - gpac 1.0.1+dfsg1-2 (bug #972053) [buster] - gpac (Minor issue) [stretch] - gpac (Minor issue) [jessie] - gpac (Minor issue, clean crash, MP42TS not shipped, incomplete patch) - ccextractor 0.93+ds2-1 (bug #994746) [bullseye] - ccextractor (Minor issue) [buster] - ccextractor (Minor issue) NOTE: https://github.com/gpac/gpac/issues/1377 NOTE: https://github.com/gpac/gpac/commit/c7e46e948ebe2d4a532539c7e714cdf655b84521 NOTE: fix considered "ugly" by upstream and introduces abort(3)-based DoS CVE-2020-6629 (Ming (aka libming) 0.4.8 has z NULL pointer dereference in the functio ...) - ming NOTE: https://github.com/libming/libming/issues/190 CVE-2020-6628 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the func ...) - ming NOTE: https://github.com/libming/libming/issues/191 CVE-2020-6627 RESERVED CVE-2020-6626 RESERVED CVE-2020-6625 (jhead through 3.04 has a heap-based buffer over-read in Get32s when ca ...) - jhead (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858746 NOTE: Crash in CLI tool, no security impact CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_DQT in ...) - jhead (unimportant) NOTE: https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/1858744 NOTE: Crash in CLI tool, no security impact CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) - libstb (unimportant; bug #949560) NOTE: https://github.com/nothings/stb/issues/865 NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (unimportant; bug #949559) NOTE: https://github.com/nothings/stb/issues/869 NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...) - libstb (unimportant; bug #949558) NOTE: https://github.com/nothings/stb/issues/867 NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (unimportant; bug #949557) NOTE: https://github.com/nothings/stb/issues/868 NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...) - libstb (unimportant; bug #949556) NOTE: https://github.com/nothings/stb/issues/863 NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) - libstb (unimportant; bug #949555) NOTE: https://github.com/nothings/stb/issues/866 NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) - libstb (unimportant; bug #949554) NOTE: https://github.com/nothings/stb/issues/867 NOTE: stb_truetype.h explicitly marked as unsuitable for untrusted files CVE-2020-6616 (Some Broadcom chips mishandle Bluetooth random-number generation becau ...) NOT-FOR-US: Broadcom CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...) - libredwg (bug #595191) CVE-2020-6614 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read ...) - libredwg (bug #595191) CVE-2020-6613 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_searc ...) - libredwg (bug #595191) CVE-2020-6612 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_comp ...) - libredwg (bug #595191) CVE-2020-6611 (GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_own ...) - libredwg (bug #595191) CVE-2020-6610 (GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation i ...) - libredwg (bug #595191) CVE-2020-6609 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_page ...) - libredwg (bug #595191) CVE-2020-6608 RESERVED CVE-2020-6607 RESERVED CVE-2020-6606 RESERVED CVE-2020-6605 RESERVED CVE-2020-6604 RESERVED CVE-2020-6603 RESERVED CVE-2020-6602 RESERVED CVE-2020-6601 RESERVED CVE-2020-6600 RESERVED CVE-2020-6599 RESERVED CVE-2020-6598 RESERVED CVE-2020-6597 RESERVED CVE-2020-6596 RESERVED CVE-2020-6595 RESERVED CVE-2020-6594 RESERVED CVE-2020-6593 RESERVED CVE-2020-6592 RESERVED CVE-2020-6591 RESERVED CVE-2020-6590 (Forcepoint Web Security Content Gateway versions prior to 8.5.4 improp ...) NOT-FOR-US: Forcepoint Web Security Content Gateway CVE-2020-6589 RESERVED CVE-2020-6588 RESERVED CVE-2020-6587 RESERVED CVE-2020-6586 (Nagios Log Server 2.1.3 allows XSS by visiting /profile and entering a ...) NOT-FOR-US: Nagios Log Server CVE-2020-6585 (Nagios Log Server 2.1.3 has CSRF. ...) NOT-FOR-US: Nagios Log Server CVE-2020-6584 (Nagios Log Server 2.1.3 has Incorrect Access Control. ...) NOT-FOR-US: Nagios Log Server CVE-2020-6583 (BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be ...) NOT-FOR-US: BigProf Online Invoicing System (OIS) CVE-2020-6582 (Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by ...) - nagios-nrpe 4.0.0-1 [buster] - nagios-nrpe (Minor issue) [stretch] - nagios-nrpe (Minor issue) [jessie] - nagios-nrpe (Minor issue) NOTE: https://herolab.usd.de/security-advisories/usd-2020-0001/ NOTE: https://github.com/NagiosEnterprises/nrpe/commit/b84f9b8c9d290dd02e139df8dad1c3eb690c1213 NOTE: https://github.com/NagiosEnterprises/nrpe/commit/8e3bea4e1b1937e395a182729762aa8894e8649e NOTE: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197 (part validating incoming buffer size) CVE-2020-6581 (Nagios NRPE 3.2.1 has Insufficient Filtering because, for example, nas ...) - nagios-nrpe 4.0.0-1 [buster] - nagios-nrpe (Minor issue) [stretch] - nagios-nrpe (Minor issue) [jessie] - nagios-nrpe (Vulnerable code introduced later) NOTE: https://herolab.usd.de/security-advisories/usd-2020-0002/ NOTE: https://github.com/NagiosEnterprises/nrpe/commit/0db345444d0dcb3e37cca1bcbb0027dcbb764197 (part for proper processing of nasty_metachars) CVE-2020-6580 RESERVED CVE-2020-6579 (Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudlo ...) NOT-FOR-US: MailBeez plugin for ZenCart CVE-2020-6578 (Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to in ...) NOT-FOR-US: Zen Cart CVE-2020-6577 (The IT-Recht Kanzlei plugin in Zen Cart 1.5.6c (German edition) allows ...) NOT-FOR-US: IT-Recht Kanzlei plugin in Zen Cart CVE-2020-6576 (Use after free in offscreen canvas in Google Chrome prior to 85.0.4183 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6575 (Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6574 (Insufficient policy enforcement in installer in Google Chrome on OS X ...) - chromium (debian package disables the installer) CVE-2020-6573 (Use after free in video in Google Chrome on Android prior to 85.0.4183 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6572 (Use after free in Media in Google Chrome prior to 81.0.4044.92 allowed ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6571 (Insufficient data validation in Omnibox in Google Chrome prior to 85.0 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6570 (Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 a ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6569 (Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allo ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6568 (Insufficient policy enforcement in intent handling in Google Chrome on ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6567 (Insufficient validation of untrusted input in command line handling in ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6566 (Insufficient policy enforcement in media in Google Chrome prior to 85. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6565 (Inappropriate implementation in Omnibox in Google Chrome on iOS prior ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6564 (Inappropriate implementation in permissions in Google Chrome prior to ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6563 (Insufficient policy enforcement in intent handling in Google Chrome on ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6562 (Insufficient policy enforcement in Blink in Google Chrome prior to 85. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6561 (Inappropriate implementation in Content Security Policy in Google Chro ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6560 (Insufficient policy enforcement in autofill in Google Chrome prior to ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6559 (Use after free in presentation API in Google Chrome prior to 85.0.4183 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6558 (Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prio ...) - chromium (ios specific) CVE-2020-6557 (Inappropriate implementation in networking in Google Chrome prior to 8 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6556 (Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.414 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6555 (Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 al ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6554 (Use after free in extensions in Google Chrome prior to 84.0.4147.125 a ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6553 (Use after free in offline mode in Google Chrome on iOS prior to 84.0.4 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6552 (Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6551 (Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6550 (Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 al ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6549 (Use after free in media in Google Chrome prior to 84.0.4147.125 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6548 (Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 a ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6547 (Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6546 (Inappropriate implementation in installer in Google Chrome prior to 84 ...) - chromium (debian package disables the installer) CVE-2020-6545 (Use after free in audio in Google Chrome prior to 84.0.4147.125 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6544 (Use after free in media in Google Chrome prior to 84.0.4147.125 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6543 (Use after free in task scheduling in Google Chrome prior to 84.0.4147. ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6542 (Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowe ...) {DSA-4824-1} - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6541 (Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allow ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.105-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6540 (Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowe ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.105-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6539 (Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.105-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6538 (Inappropriate implementation in WebView in Google Chrome on Android pr ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.105-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6537 (Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.105-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6536 (Incorrect security UI in PWAs in Google Chrome prior to 84.0.4147.89 a ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6535 (Insufficient data validation in WebUI in Google Chrome prior to 84.0.4 ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6534 (Heap buffer overflow in WebRTC in Google Chrome prior to 84.0.4147.89 ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6533 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6532 (Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.105-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6531 (Side-channel information leakage in scroll to text in Google Chrome pr ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6530 (Out of bounds memory access in developer tools in Google Chrome prior ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6529 (Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6528 (Incorrect security UI in basic auth in Google Chrome on iOS prior to 8 ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6527 (Insufficient policy enforcement in CSP in Google Chrome prior to 84.0. ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6526 (Inappropriate implementation in iframe sandbox in Google Chrome prior ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6525 (Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 al ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6524 (Heap buffer overflow in WebAudio in Google Chrome prior to 84.0.4147.8 ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6523 (Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 all ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6522 (Inappropriate implementation in external protocol handlers in Google C ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6521 (Side-channel information leakage in autofill in Google Chrome prior to ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6520 (Buffer overflow in Skia in Google Chrome prior to 84.0.4147.89 allowed ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6519 (Policy bypass in CSP in Google Chrome prior to 84.0.4147.89 allowed a ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6518 (Use after free in developer tools in Google Chrome prior to 84.0.4147. ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6517 (Heap buffer overflow in history in Google Chrome prior to 84.0.4147.89 ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6516 (Policy bypass in CORS in Google Chrome prior to 84.0.4147.89 allowed a ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6515 (Use after free in tab strip in Google Chrome prior to 84.0.4147.89 all ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6514 (Inappropriate implementation in WebRTC in Google Chrome prior to 84.0. ...) {DSA-4824-1 DSA-4740-1 DSA-4736-1 DLA-2310-1 DLA-2297-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) - firefox 79.0-1 - firefox-esr 68.11.0esr-1 - thunderbird 1:68.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-6514 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-6514 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-6514 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-6514 CVE-2020-6513 (Heap buffer overflow in PDFium in Google Chrome prior to 84.0.4147.89 ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6512 (Type Confusion in V8 in Google Chrome prior to 84.0.4147.89 allowed a ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6511 (Information leak in content security policy in Google Chrome prior to ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6510 (Heap buffer overflow in background fetch in Google Chrome prior to 84. ...) {DSA-4824-1} [experimental] - chromium 84.0.4147.89-1 - chromium 87.0.4280.88-0.1 [stretch] - chromium (see DSA 4562) CVE-2020-6509 (Use after free in extensions in Google Chrome prior to 83.0.4103.116 a ...) {DSA-4714-1} - chromium 83.0.4103.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6508 RESERVED CVE-2020-6507 (Out of bounds write in V8 in Google Chrome prior to 83.0.4103.106 allo ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6506 (Insufficient policy enforcement in WebView in Google Chrome on Android ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6505 (Use after free in speech in Google Chrome prior to 83.0.4103.106 allow ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6504 (Insufficient policy enforcement in notifications in Google Chrome prio ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2020-6503 (Inappropriate implementation in accessibility in Google Chrome prior t ...) {DSA-4500-1} - chromium 74.0.3729.108-1 [stretch] - chromium (see DSA 4562) CVE-2020-6502 (Incorrect implementation in permissions in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6501 (Insufficient policy enforcement in CSP in Google Chrome prior to 80.0. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6500 (Inappropriate implementation in interstitials in Google Chrome prior t ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6499 (Inappropriate implementation in AppCache in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6498 (Incorrect implementation in user interface in Google Chrome on iOS pri ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6497 (Insufficient policy enforcement in Omnibox in Google Chrome on iOS pri ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6496 (Use after free in payments in Google Chrome on MacOS prior to 83.0.410 ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6495 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6494 (Incorrect security UI in payments in Google Chrome on Android prior to ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6493 (Use after free in WebAuthentication in Google Chrome prior to 83.0.410 ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6492 (Use after free in ANGLE in Google Chrome prior to 83.0.4103.97 allowed ...) {DSA-4714-1} - chromium 83.0.4103.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6491 (Insufficient data validation in site information in Google Chrome prio ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6490 (Insufficient data validation in loader in Google Chrome prior to 83.0. ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6489 (Inappropriate implementation in developer tools in Google Chrome prior ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6488 (Insufficient policy enforcement in downloads in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6487 (Insufficient policy enforcement in downloads in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6486 (Insufficient policy enforcement in navigations in Google Chrome prior ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6485 (Insufficient data validation in media router in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6484 (Insufficient data validation in ChromeDriver in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6483 (Insufficient policy enforcement in payments in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6482 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6481 (Insufficient policy enforcement in URL formatting in Google Chrome pri ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6480 (Insufficient policy enforcement in enterprise in Google Chrome prior t ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6479 (Inappropriate implementation in sharing in Google Chrome prior to 83.0 ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6478 (Inappropriate implementation in full screen in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6477 (Inappropriate implementation in installer in Google Chrome on OS X pri ...) - chromium (Only affects installer) CVE-2020-6476 (Insufficient policy enforcement in tab strip in Google Chrome prior to ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6475 (Incorrect implementation in full screen in Google Chrome prior to 83.0 ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6474 (Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6473 (Insufficient policy enforcement in Blink in Google Chrome prior to 83. ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6472 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6471 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6470 (Insufficient validation of untrusted input in clipboard in Google Chro ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6469 (Insufficient policy enforcement in developer tools in Google Chrome pr ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6468 (Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6467 (Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowe ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6466 (Use after free in media in Google Chrome prior to 83.0.4103.61 allowed ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6465 (Use after free in reader mode in Google Chrome on Android prior to 83. ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6464 (Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowe ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6463 (Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowe ...) {DSA-4740-1 DSA-4736-1 DSA-4714-1 DLA-2310-1 DLA-2297-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) - firefox 79.0-1 - firefox-esr 68.11.0esr-1 - thunderbird 1:68.11.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-31/#CVE-2020-6463 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-32/#CVE-2020-6463 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-33/#CVE-2020-6463 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-35/#CVE-2020-6463 CVE-2020-6462 (Use after free in task scheduling in Google Chrome prior to 81.0.4044. ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6461 (Use after free in storage in Google Chrome prior to 81.0.4044.129 allo ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6460 (Insufficient data validation in URL formatting in Google Chrome prior ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6459 (Use after free in payments in Google Chrome prior to 81.0.4044.122 all ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6458 (Out of bounds read and write in PDFium in Google Chrome prior to 81.0. ...) {DSA-4714-1} - chromium 83.0.4103.83-1 [stretch] - chromium (see DSA 4562) CVE-2020-6457 (Use after free in speech recognizer in Google Chrome prior to 81.0.404 ...) {DSA-4714-1} - chromium 83.0.4103.83-1 (bug #958450) [stretch] - chromium (see DSA 4562) CVE-2020-6456 (Insufficient validation of untrusted input in clipboard in Google Chro ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6455 (Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 al ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6454 (Use after free in extensions in Google Chrome prior to 81.0.4044.92 al ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6453 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...) {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6452 (Heap buffer overflow in media in Google Chrome prior to 80.0.3987.162 ...) {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6451 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 all ...) {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6450 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.162 all ...) {DSA-4654-1} - chromium 80.0.3987.162-1 [stretch] - chromium (see DSA 4562) CVE-2020-6449 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6448 (Use after free in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6447 (Inappropriate implementation in developer tools in Google Chrome prior ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6446 (Insufficient policy enforcement in trusted types in Google Chrome prio ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6445 (Insufficient policy enforcement in trusted types in Google Chrome prio ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6444 (Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 all ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6443 (Insufficient data validation in developer tools in Google Chrome prior ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6442 (Inappropriate implementation in cache in Google Chrome prior to 81.0.4 ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6441 (Insufficient policy enforcement in omnibox in Google Chrome prior to 8 ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6440 (Inappropriate implementation in extensions in Google Chrome prior to 8 ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6439 (Insufficient policy enforcement in navigations in Google Chrome prior ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6438 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6437 (Inappropriate implementation in WebView in Google Chrome prior to 81.0 ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6436 (Use after free in window management in Google Chrome prior to 81.0.404 ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6435 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6434 (Use after free in devtools in Google Chrome prior to 81.0.4044.92 allo ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6433 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6432 (Insufficient policy enforcement in navigations in Google Chrome prior ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6431 (Insufficient policy enforcement in full screen in Google Chrome prior ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6430 (Type Confusion in V8 in Google Chrome prior to 81.0.4044.92 allowed a ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6429 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6428 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6427 (Use after free in audio in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6426 (Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987 ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6425 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6424 (Use after free in media in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6423 (Use after free in audio in Google Chrome prior to 81.0.4044.92 allowed ...) {DSA-4714-1} - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6422 (Use after free in WebGL in Google Chrome prior to 80.0.3987.149 allowe ...) {DSA-4645-1} - chromium 80.0.3987.149-1 [stretch] - chromium (see DSA 4562) CVE-2020-6421 RESERVED CVE-2020-6420 (Insufficient policy enforcement in media in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.132-1 [stretch] - chromium (see DSA 4562) CVE-2020-6419 (Out of bounds write in V8 in Google Chrome prior to 81.0.4044.92 allow ...) - chromium 81.0.4044.92-1 [stretch] - chromium (see DSA 4562) CVE-2020-6418 (Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a ...) {DSA-4638-1} - chromium 80.0.3987.122-1 [stretch] - chromium (see DSA 4562) CVE-2020-6417 (Inappropriate implementation in installer in Google Chrome prior to 80 ...) - chromium (debian package does not support the chromium installer) CVE-2020-6416 (Insufficient data validation in streams in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6415 (Inappropriate implementation in JavaScript in Google Chrome prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6414 (Insufficient policy enforcement in Safe Browsing in Google Chrome prio ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6413 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6412 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6411 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6410 (Insufficient policy enforcement in navigation in Google Chrome prior t ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6409 (Inappropriate implementation in Omnibox in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6408 (Insufficient policy enforcement in CORS in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6407 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...) {DSA-4638-1} - chromium 80.0.3987.122-1 [stretch] - chromium (see DSA 4562) CVE-2020-6406 (Use after free in audio in Google Chrome prior to 80.0.3987.87 allowed ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6405 (Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 al ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6404 (Inappropriate implementation in Blink in Google Chrome prior to 80.0.3 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6403 (Incorrect implementation in Omnibox in Google Chrome on iOS prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6402 (Insufficient policy enforcement in downloads in Google Chrome on OS X ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6401 (Insufficient validation of untrusted input in Omnibox in Google Chrome ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6400 (Inappropriate implementation in CORS in Google Chrome prior to 80.0.39 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6399 (Insufficient policy enforcement in AppCache in Google Chrome prior to ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6398 (Use of uninitialized data in PDFium in Google Chrome prior to 80.0.398 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6397 (Inappropriate implementation in sharing in Google Chrome prior to 80.0 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6396 (Inappropriate implementation in Skia in Google Chrome prior to 80.0.39 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6395 (Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6394 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6393 (Insufficient policy enforcement in Blink in Google Chrome prior to 80. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6392 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6391 (Insufficient validation of untrusted input in Blink in Google Chrome p ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6390 (Out of bounds memory access in streams in Google Chrome prior to 80.0. ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6389 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6388 (Out of bounds access in WebAudio in Google Chrome prior to 80.0.3987.8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6387 (Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 a ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6386 (Use after free in speech in Google Chrome prior to 80.0.3987.116 allow ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6385 (Insufficient policy enforcement in storage in Google Chrome prior to 8 ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6384 (Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 all ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6383 (Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a ...) {DSA-4638-1} - chromium 80.0.3987.116-1 [stretch] - chromium (see DSA 4562) CVE-2020-6382 (Type confusion in JavaScript in Google Chrome prior to 80.0.3987.87 al ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6381 (Integer overflow in JavaScript in Google Chrome on ChromeOS and Androi ...) {DSA-4638-1} - chromium 80.0.3987.106-1 [stretch] - chromium (see DSA 4562) CVE-2020-6380 (Insufficient policy enforcement in extensions in Google Chrome prior t ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6379 (Use after free in V8 in Google Chrome prior to 79.0.3945.130 allowed a ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6378 (Use after free in speech in Google Chrome prior to 79.0.3945.130 allow ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6377 (Use after free in audio in Google Chrome prior to 79.0.3945.117 allowe ...) {DSA-4606-1} - chromium 79.0.3945.130-1 [stretch] - chromium (see DSA 4562) CVE-2020-6376 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6375 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6374 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6373 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6372 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6371 (User enumeration vulnerability can be exploited to get a list of user ...) NOT-FOR-US: SAP CVE-2020-6370 (SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.3 ...) NOT-FOR-US: SAP CVE-2020-6369 (SAP Solution Manager and SAP Focused Run (update provided in WILY_INTR ...) NOT-FOR-US: SAP CVE-2020-6368 (SAP Business Planning and Consolidation, versions - 750, 751, 752, 753 ...) NOT-FOR-US: SAP CVE-2020-6367 (There is a reflected cross site scripting vulnerability in SAP NetWeav ...) NOT-FOR-US: SAP CVE-2020-6366 (SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, doe ...) NOT-FOR-US: SAP CVE-2020-6365 (SAP NetWeaver AS Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, ...) NOT-FOR-US: SAP CVE-2020-6364 (SAP Solution Manager and SAP Focused Run (update provided in WILY_INTR ...) NOT-FOR-US: SAP CVE-2020-6363 (SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several ...) NOT-FOR-US: SAP CVE-2020-6362 (SAP Banking Services version 500, use an incorrect authorization objec ...) NOT-FOR-US: SAP CVE-2020-6361 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6360 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6359 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6358 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6357 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6356 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6355 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6354 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6353 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6352 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6351 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6350 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6349 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6348 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6347 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6346 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6345 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6344 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6343 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6342 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6341 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6340 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6339 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6338 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6337 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6336 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6335 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6334 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6333 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6332 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6331 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6330 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6329 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6328 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6327 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6326 (SAP NetWeaver (Knowledge Management), version-7.30,7.31,7.40,7.50, all ...) NOT-FOR-US: SAP CVE-2020-6325 RESERVED CVE-2020-6324 (SAP Netweaver AS ABAP(BSP Test Application sbspext_table), version-700 ...) NOT-FOR-US: SAP CVE-2020-6323 (SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50 ...) NOT-FOR-US: SAP CVE-2020-6322 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6321 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6320 (SAP Marketing (Servlet), version-130,140,150, allows an authenticated ...) NOT-FOR-US: SAP CVE-2020-6319 (SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7. ...) NOT-FOR-US: SAP CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABA ...) NOT-FOR-US: SAP CVE-2020-6317 (In certain situations, an attacker with regular user credentials and l ...) NOT-FOR-US: SAP CVE-2020-6316 (SAP ERP and SAP S/4 HANA allows an authenticated user to see cost reco ...) NOT-FOR-US: SAP CVE-2020-6315 (SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send ...) NOT-FOR-US: SAP CVE-2020-6314 (SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open ma ...) NOT-FOR-US: SAP CVE-2020-6313 (SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, ...) NOT-FOR-US: SAP CVE-2020-6312 (SAP BusinessObjects Business Intelligence Platform (Web Intelligence H ...) NOT-FOR-US: SAP CVE-2020-6311 (Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP ...) NOT-FOR-US: SAP CVE-2020-6310 (Improper access control in SOA Configuration Trace component in SAP Ne ...) NOT-FOR-US: SAP CVE-2020-6309 (SAP NetWeaver AS JAVA, versions - (ENGINEAPI 7.10; WSRM 7.10, 7.11, 7. ...) NOT-FOR-US: SAP CVE-2020-6308 (SAP BusinessObjects Business Intelligence Platform (Web Services) vers ...) NOT-FOR-US: SAP CVE-2020-6307 (Automated Note Search Tool (update provided in SAP Basis 7.0, 7.01, 7. ...) NOT-FOR-US: SAP CVE-2020-6306 (Missing authorization check in a transaction within SAP Leasing (updat ...) NOT-FOR-US: SAP CVE-2020-6305 (PI Rest Adapter of SAP Process Integration (update provided in SAP_XIA ...) NOT-FOR-US: SAP CVE-2020-6304 (Improper input validation in SAP NetWeaver Internet Communication Mana ...) NOT-FOR-US: SAP CVE-2020-6303 (SAP Disclosure Management, before version 10.1, does not validate user ...) NOT-FOR-US: SAP CVE-2020-6302 (SAP Commerce versions 6.7, 1808, 1811, 1905, 2005 contains the jSessio ...) NOT-FOR-US: SAP CVE-2020-6301 (SAP ERP (HCM Travel Management), versions - 600, 602, 603, 604, 605, 6 ...) NOT-FOR-US: SAP CVE-2020-6300 (SAP Business Objects Business Intelligence Platform (Central Managemen ...) NOT-FOR-US: SAP CVE-2020-6299 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 740, 750, 75 ...) NOT-FOR-US: SAP CVE-2020-6298 (SAP Banking Services (Generic Market Data), versions - 400, 450, 500, ...) NOT-FOR-US: SAP CVE-2020-6297 (Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data I ...) NOT-FOR-US: SAP CVE-2020-6296 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions - 700, 701, 70 ...) NOT-FOR-US: SAP CVE-2020-6295 (Under certain conditions the SAP Adaptive Server Enterprise, version 1 ...) NOT-FOR-US: SAP CVE-2020-6294 (Xvfb of SAP Business Objects Business Intelligence Platform, versions ...) NOT-FOR-US: SAP CVE-2020-6293 (SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.5 ...) NOT-FOR-US: SAP CVE-2020-6292 (Logout mechanism in SAP Disclosure Management, version 10.1, does not ...) NOT-FOR-US: SAP CVE-2020-6291 (SAP Disclosure Management, version 10.1, session mechanism does not ha ...) NOT-FOR-US: SAP CVE-2020-6290 (SAP Disclosure Management, version 10.1, is vulnerable to Session Fixa ...) NOT-FOR-US: SAP CVE-2020-6289 (SAP Disclosure Management, version 10.1, had insufficient protection a ...) NOT-FOR-US: SAP CVE-2020-6288 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6287 (SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31 ...) NOT-FOR-US: SAP CVE-2020-6286 (The insufficient input path validation of certain parameter in the web ...) NOT-FOR-US: SAP CVE-2020-6285 (SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11 ...) NOT-FOR-US: SAP CVE-2020-6284 (SAP NetWeaver (Knowledge Management), versions - 7.30, 7.31, 7.40, 7.5 ...) NOT-FOR-US: SAP CVE-2020-6283 (SAP Fiori Launchpad does not sufficiently encode user controlled input ...) NOT-FOR-US: SAP CVE-2020-6282 (SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11 ...) NOT-FOR-US: SAP CVE-2020-6281 (SAP Business Objects Business Intelligence Platform (BI Launchpad), ve ...) NOT-FOR-US: SAP CVE-2020-6280 (SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, ...) NOT-FOR-US: SAP CVE-2020-6279 REJECTED CVE-2020-6278 (SAP Business Objects Business Intelligence Platform (BI Launchpad and ...) NOT-FOR-US: SAP CVE-2020-6277 RESERVED CVE-2020-6276 (SAP Business Objects Business Intelligence Platform (bipodata), versio ...) NOT-FOR-US: SAP CVE-2020-6275 (SAP Netweaver AS ABAP, versions 700, 701, 702, 710, 711, 730, 731, 740 ...) NOT-FOR-US: SAP CVE-2020-6274 RESERVED CVE-2020-6273 (SAP S/4 HANA (Fiori UI for General Ledger Accounting), versions 103, 1 ...) NOT-FOR-US: SAP CVE-2020-6272 (SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not suffici ...) NOT-FOR-US: SAP CVE-2020-6271 (SAP Solution Manager (Problem Context Manager), version 7.2, does not ...) NOT-FOR-US: SAP CVE-2020-6270 (SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 75 ...) NOT-FOR-US: SAP CVE-2020-6269 (Under certain conditions SAP Business Objects Business Intelligence Pl ...) NOT-FOR-US: SAP CVE-2020-6268 (Statutory Reporting for Insurance Companies in SAP ERP (EA-FINSERV ver ...) NOT-FOR-US: SAP CVE-2020-6267 (Some sensitive cookies in SAP Disclosure Management, version 10.1, are ...) NOT-FOR-US: SAP CVE-2020-6266 (SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an at ...) NOT-FOR-US: SAP CVE-2020-6265 (SAP Commerce, versions - 6.7, 1808, 1811, 1905, and SAP Commerce (Data ...) NOT-FOR-US: SAP CVE-2020-6264 (SAP Commerce, versions - 6.7, 1808, 1811, 1905, may allow an attacker ...) NOT-FOR-US: SAP CVE-2020-6263 (Standalone clients connecting to SAP NetWeaver AS Java via P4 Protocol ...) NOT-FOR-US: SAP CVE-2020-6262 (Service Data Download in SAP Application Server ABAP (ST-PI, before ve ...) NOT-FOR-US: SAP CVE-2020-6261 (SAP Solution Manager (Trace Analysis), version 7.20, allows an attacke ...) NOT-FOR-US: SAP CVE-2020-6260 (SAP Solution Manager (Trace Analysis), version 7.20, allows an attacke ...) NOT-FOR-US: SAP CVE-2020-6259 (Under certain conditions SAP Adaptive Server Enterprise, versions 15.7 ...) NOT-FOR-US: SAP CVE-2020-6258 (SAP Identity Management, version 8.0, does not perform necessary autho ...) NOT-FOR-US: SAP CVE-2020-6257 (SAP Business Objects Business Intelligence Platform (CMC and BI Launch ...) NOT-FOR-US: SAP CVE-2020-6256 (SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 8 ...) NOT-FOR-US: SAP CVE-2020-6255 RESERVED CVE-2020-6254 (SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficien ...) NOT-FOR-US: SAP CVE-2020-6253 (Under certain conditions, SAP Adaptive Server Enterprise (Web Services ...) NOT-FOR-US: SAP CVE-2020-6252 (Under certain conditions SAP Adaptive Server Enterprise (Cockpit), ver ...) NOT-FOR-US: SAP CVE-2020-6251 (Under certain conditions or error scenarios SAP Business Objects Busin ...) NOT-FOR-US: SAP CVE-2020-6250 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated ...) NOT-FOR-US: SAP CVE-2020-6249 (The use of an admin backend report within SAP Master Data Governance, ...) NOT-FOR-US: SAP CVE-2020-6248 (SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not ...) NOT-FOR-US: SAP CVE-2020-6247 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...) NOT-FOR-US: SAP CVE-2020-6246 (SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_T ...) NOT-FOR-US: SAP CVE-2020-6245 (SAP Business Objects Business Intelligence Platform, version 4.2, allo ...) NOT-FOR-US: SAP CVE-2020-6244 (SAP Business Client, version 7.0, allows an attacker after a successfu ...) NOT-FOR-US: SAP CVE-2020-6243 (Under certain conditions, SAP Adaptive Server Enterprise (XP Server on ...) NOT-FOR-US: SAP CVE-2020-6242 (SAP Business Objects Business Intelligence Platform (Live Data Connect ...) NOT-FOR-US: SAP CVE-2020-6241 (SAP Adaptive Server Enterprise, version 16.0, allows an authenticated ...) NOT-FOR-US: SAP CVE-2020-6240 (SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 75 ...) NOT-FOR-US: SAP CVE-2020-6239 (Under certain conditions SAP Business One (Backup service), versions 9 ...) NOT-FOR-US: SAP CVE-2020-6238 (SAP Commerce, versions - 6.6, 6.7, 1808, 1811, 1905, does not process ...) NOT-FOR-US: SAP CVE-2020-6237 (Under certain conditions, SAP Business Objects Business Intelligence P ...) NOT-FOR-US: SAP CVE-2020-6236 (SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, ve ...) NOT-FOR-US: SAP CVE-2020-6235 (SAP Solution Manager (Diagnostics Agent), version 7.2, does not perfor ...) NOT-FOR-US: SAP CVE-2020-6234 (SAP Host Agent, version 7.21, allows an attacker with admin privileges ...) NOT-FOR-US: SAP CVE-2020-6233 (SAP S/4 HANA (Financial Products Subledger and Banking Services), vers ...) NOT-FOR-US: SAP CVE-2020-6232 (SAP Commerce, versions 1811, 1905, does not perform necessary authoriz ...) NOT-FOR-US: SAP CVE-2020-6231 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6230 (SAP OrientDB, version 3.0, allows an authenticated attacker with scrip ...) NOT-FOR-US: SAP CVE-2020-6229 (SAP NetWeaver AS ABAP (Business Server Pages application CRM_BSP_FRAME ...) NOT-FOR-US: SAP CVE-2020-6228 (SAP Business Client, versions 6.5, 7.0, does not perform necessary int ...) NOT-FOR-US: SAP CVE-2020-6227 (SAP Business Objects Business Intelligence Platform (CMS / Auditing is ...) NOT-FOR-US: SAP CVE-2020-6226 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6225 (SAP NetWeaver (Knowledge Management), versions (KMC-CM - 7.00, 7.01, 7 ...) NOT-FOR-US: SAP CVE-2020-6224 (SAP NetWeaver AS Java (HTTP Service), versions 7.10, 7.11, 7.20, 7.30, ...) NOT-FOR-US: SAP CVE-2020-6223 (The open document of SAP Business Objects Business Intelligence Platfo ...) NOT-FOR-US: SAP CVE-2020-6222 (SAP Business Objects Business Intelligence Platform (Web Intelligence ...) NOT-FOR-US: SAP CVE-2020-6221 (Web Intelligence HTML interface in SAP Business Objects Business Intel ...) NOT-FOR-US: SAP CVE-2020-6220 RESERVED CVE-2020-6219 (SAP Business Objects Business Intelligence Platform (CrystalReports We ...) NOT-FOR-US: SAP CVE-2020-6218 (Admin tools and Query Builder in SAP Business Objects Business Intelli ...) NOT-FOR-US: SAP CVE-2020-6217 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...) NOT-FOR-US: SAP CVE-2020-6216 (SAP Business Objects Business Intelligence Platform (BI Launchpad), ve ...) NOT-FOR-US: SAP CVE-2020-6215 (SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, ver ...) NOT-FOR-US: SAP CVE-2020-6214 (SAP S/4HANA (Financial Products Subledger), version 100, uses an incor ...) NOT-FOR-US: SAP CVE-2020-6213 (SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_P ...) NOT-FOR-US: SAP CVE-2020-6212 (Egypt localized withholding tax reports Clearing of Liabilities and Re ...) NOT-FOR-US: SAP CVE-2020-6211 (SAP Business Objects Business Intelligence Platform (AdminTools), vers ...) NOT-FOR-US: SAP CVE-2020-6210 (SAP Fiori Launchpad, versions- 753, 754, does not sufficiently encode ...) NOT-FOR-US: SAP CVE-2020-6209 (SAP Disclosure Management, version 10.1, does not perform necessary au ...) NOT-FOR-US: SAP CVE-2020-6208 (SAP Business Objects Business Intelligence Platform (Crystal Reports), ...) NOT-FOR-US: SAP CVE-2020-6207 (SAP Solution Manager (User Experience Monitoring), version- 7.2, due t ...) NOT-FOR-US: SAP CVE-2020-6206 (SAP Cloud Platform Integration for Data Services, version 1.0, allows ...) NOT-FOR-US: SAP CVE-2020-6205 (SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS v ...) NOT-FOR-US: SAP CVE-2020-6204 (The selection query in SAP Treasury and Risk Management (Transaction M ...) NOT-FOR-US: SAP CVE-2020-6203 (SAP NetWeaver UDDI Server (Services Registry), versions- 7.10, 7.11, 7 ...) NOT-FOR-US: SAP CVE-2020-6202 (SAP NetWeaver Application Server Java (User Management Engine), versio ...) NOT-FOR-US: SAP CVE-2020-6201 (The SAP Commerce (Testweb Extension), versions- 6.6, 6.7, 1808, 1811, ...) NOT-FOR-US: SAP CVE-2020-6200 (The SAP Commerce (SmartEdit Extension), versions- 6.6, 6.7, 1808, 1811 ...) NOT-FOR-US: SAP CVE-2020-6199 (The view FIMENAV_COMPCERT in SAP ERP (MENA Certificate Management), EA ...) NOT-FOR-US: SAP CVE-2020-6198 (SAP Solution Manager (Diagnostics Agent), version 720, allows unencryp ...) NOT-FOR-US: SAP CVE-2020-6197 (SAP Enable Now, before version 1908, does not invalidate session token ...) NOT-FOR-US: SAP CVE-2020-6196 (SAP BusinessObjects Mobile (MobileBIService), version 4.2, allows an a ...) NOT-FOR-US: SAP CVE-2020-6195 (SAP Business Objects Business Intelligence Platform (CMC), version 4.1 ...) NOT-FOR-US: SAP CVE-2020-6194 RESERVED CVE-2020-6193 (SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, ...) NOT-FOR-US: SAP CVE-2020-6192 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...) NOT-FOR-US: SAP CVE-2020-6191 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...) NOT-FOR-US: SAP CVE-2020-6190 (Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Appli ...) NOT-FOR-US: SAP CVE-2020-6189 (Certain settings page(s) in SAP Business Objects Business Intelligence ...) NOT-FOR-US: SAP CVE-2020-6188 (VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, ...) NOT-FOR-US: SAP CVE-2020-6187 (SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7. ...) NOT-FOR-US: SAP CVE-2020-6186 (SAP Host Agent, version 7.21, allows an attacker to cause a slowdown i ...) NOT-FOR-US: SAP CVE-2020-6185 (Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_B ...) NOT-FOR-US: SAP CVE-2020-6184 (Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_ ...) NOT-FOR-US: SAP CVE-2020-6183 (SAP Host Agent, version 7.21, allows an unprivileged user to read the ...) NOT-FOR-US: SAP CVE-2020-6182 RESERVED CVE-2020-6181 (Under some circumstances the SAML SSO implementation in the SAP NetWea ...) NOT-FOR-US: SAP CVE-2020-6180 RESERVED CVE-2020-6179 RESERVED CVE-2020-6178 (SAP Enable Now, before version 1911, sends the Session ID cookie value ...) NOT-FOR-US: SAP CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate an XM ...) NOT-FOR-US: SAP CVE-2020-6176 RESERVED CVE-2020-6175 (Citrix SD-WAN 10.2.x before 10.2.6 and 11.0.x before 11.0.3 has Missin ...) NOT-FOR-US: Citrix CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper Verificatio ...) - python-tuf (bug #934151) CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolle ...) - python-tuf (bug #934151) CVE-2020-6172 RESERVED CVE-2020-6171 (A cross-site scripting (XSS) vulnerability in the index page of the CL ...) NOT-FOR-US: Clink Office CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P ...) NOT-FOR-US: Genexis CVE-2020-6169 RESERVED CVE-2020-6168 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin CVE-2020-6165 (SilverStripe 4.5.0 allows attackers to read certain records that shoul ...) NOT-FOR-US: SilverStripe CVE-2020-6164 (In SilverStripe through 4.5.0, a specific URL path configured by defau ...) NOT-FOR-US: SilverStripe CVE-2020-6163 (The WikibaseMediaInfo extension 1.35 for MediaWiki allows XSS because ...) NOT-FOR-US: WikibaseMediaInfo MediaWiki extension CVE-2020-6162 (An issue was discovered in Bftpd 5.3. Under certain circumstances, an ...) - bftpd (bug #640469) CVE-2020-6161 RESERVED CVE-2020-6160 RESERVED CVE-2020-6159 (URLs using “javascript:” have the protocol removed when pa ...) NOT-FOR-US: Opera CVE-2020-6158 RESERVED CVE-2020-6157 (Opera Touch for iOS before version 2.4.5 is vulnerable to an address b ...) NOT-FOR-US: Opera Touch for iOS CVE-2020-6156 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-6155 (A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-6154 RESERVED CVE-2020-6153 REJECTED CVE-2020-6152 (A code execution vulnerability exists in the DICOM parse_dicom_meta_in ...) NOT-FOR-US: Accusoft CVE-2020-6151 (A memory corruption vulnerability exists in the TIFF handle_COMPRESSIO ...) NOT-FOR-US: Accusoft CVE-2020-6150 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-6149 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-6148 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-6147 (A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the s ...) NOT-FOR-US: Pixar OpenUSD CVE-2020-6146 (An exploitable code execution vulnerability exists in the rendering fu ...) NOT-FOR-US: Nitro Pro CVE-2020-6145 (An SQL injection vulnerability exists in the frappe.desk.reportview.ge ...) NOT-FOR-US: ERPNext CVE-2020-6144 (A remote code execution vulnerability exists in the install functional ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6143 (A remote code execution vulnerability exists in the install functional ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6142 (A remote code execution vulnerability exists in the Modules.php functi ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6141 (An exploitable SQL injection vulnerability exists in the login functio ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6140 (SQL injection vulnerability exists in the password reset functionality ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6139 (SQL injection vulnerability exists in the password reset functionality ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6138 (SQL injection vulnerability exists in the password reset functionality ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6137 (SQL injection vulnerability exists in the password reset functionality ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6136 (An exploitable SQL injection vulnerability exists in the DownloadWindo ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6135 (An exploitable SQL injection vulnerability exists in the Validator.php ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6134 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6133 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6132 (SQL injection vulnerability exists in the ID parameters of OS4Ed openS ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6131 (SQL injection vulnerabilities exist in the course_period_id parameters ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6130 (SQL injection vulnerabilities exist in the course_period_id parameters ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6129 (SQL injection vulnerabilities exist in the course_period_id parameters ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6128 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6127 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6126 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6125 (An exploitable SQL injection vulnerability exists in the GetSchool.php ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6124 (An exploitable sql injection vulnerability exists in the email paramet ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6123 (An exploitable sql injection vulnerability exists in the email paramet ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6122 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6121 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6120 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6119 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6118 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6117 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) NOT-FOR-US: OS4Ed openSIS CVE-2020-6116 (An arbitrary code execution vulnerability exists in the rendering func ...) NOT-FOR-US: Nitro Pro CVE-2020-6115 (An exploitable vulnerability exists in the cross-reference table repai ...) NOT-FOR-US: Nitro Pro CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin Reports ...) NOT-FOR-US: Glacies IceHRM CVE-2020-6113 (An exploitable vulnerability exists in the object stream parsing funct ...) NOT-FOR-US: Nitro Pro CVE-2020-6112 (An exploitable code execution vulnerability exists in the JPEG2000 Str ...) NOT-FOR-US: Nitro Pro CVE-2020-6111 (An exploitable denial-of-service vulnerability exists in the IPv4 func ...) NOT-FOR-US: Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way ...) NOT-FOR-US: Zoom CVE-2020-6109 (An exploitable path traversal vulnerability exists in the Zoom client, ...) NOT-FOR-US: Zoom CVE-2020-6108 (An exploitable code execution vulnerability exists in the fsck_chk_orp ...) - f2fs-tools 1.14.0-1 (bug #973380) [buster] - f2fs-tools (Minor issue) [stretch] - f2fs-tools (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1050 CVE-2020-6107 (An exploitable information disclosure vulnerability exists in the dev_ ...) - f2fs-tools 1.14.0-1 (bug #973380) [buster] - f2fs-tools (Minor issue) [stretch] - f2fs-tools (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1049 CVE-2020-6106 (An exploitable information disclosure vulnerability exists in the init ...) - f2fs-tools 1.14.0-1 (bug #973380) [buster] - f2fs-tools (Minor issue) [stretch] - f2fs-tools (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1048 CVE-2020-6105 (An exploitable code execution vulnerability exists in the multiple dev ...) - f2fs-tools 1.14.0-1 (bug #973380) [buster] - f2fs-tools (Minor issue) [stretch] - f2fs-tools (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1047 CVE-2020-6104 (An exploitable information disclosure vulnerability exists in the get_ ...) - f2fs-tools 1.14.0-1 (bug #973380) [buster] - f2fs-tools (Minor issue) [stretch] - f2fs-tools (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1046 CVE-2020-6103 (An exploitable code execution vulnerability exists in the Shader funct ...) NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll CVE-2020-6102 (An exploitable code execution vulnerability exists in the Shader funct ...) NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll CVE-2020-6101 (An exploitable code execution vulnerability exists in the Shader funct ...) NOT-FOR-US: AMD Radeon DirectX 11 Driver atidxx64.dll CVE-2020-6100 (An exploitable memory corruption vulnerability exists in AMD atidxx64. ...) NOT-FOR-US: AMD CVE-2020-6099 RESERVED CVE-2020-6098 (An exploitable denial of service vulnerability exists in the freeDiame ...) - freediameter 1.2.1-8 (bug #985088) [buster] - freediameter 1.2.1-7+deb10u1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1030 NOTE: Possible fix: http://www.freediameter.net/trac/changeset/19ab8ac08a361642e7f9ec9f2657202c6f8ef9ee/freeDiameter?old=edfb2b662b91af94b2fccc48b11eec904ccab370 CVE-2020-6097 (An exploitable denial of service vulnerability exists in the atftpd da ...) {DLA-2820-1} - atftp 0.7.git20120829-3.2 (bug #970066) [buster] - atftp 0.7.git20120829-3.2~deb10u1 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1029 NOTE: https://sourceforge.net/u/peterkaestle/atftp/ci/96409ef3b9ca061f9527cfaafa778105cf15d994/ CVE-2020-6096 (An exploitable signed comparison vulnerability exists in the ARMv7 mem ...) - glibc 2.31-2 (low; bug #961452) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Vulnerable code not present) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25620 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1019 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=beea361050728138b82c57dda0c4810402d342b9 NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=79a4fa341b8a89cb03f84564fd72abaa1a2db394 CVE-2020-6095 (An exploitable denial of service vulnerability exists in the GstRTSPAu ...) - gst-rtsp-server1.0 1.16.2-3 (low) [buster] - gst-rtsp-server1.0 (Minor issue) [stretch] - gst-rtsp-server1.0 (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018 NOTE: https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a CVE-2020-6094 (An exploitable code execution vulnerability exists in the TIFF fillinr ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6093 (An exploitable information disclosure vulnerability exists in the way ...) NOT-FOR-US: Nitro Pro CVE-2020-6092 (An exploitable code execution vulnerability exists in the way Nitro Pr ...) NOT-FOR-US: Nitro Pro CVE-2020-6091 (An exploitable authentication bypass vulnerability exists in the ESPON ...) NOT-FOR-US: EPSON CVE-2020-6090 (An exploitable code execution vulnerability exists in the Web-Based Ma ...) NOT-FOR-US: WAGO CVE-2020-6089 (An exploitable code execution vulnerability exists in the ANI file for ...) NOT-FOR-US: Leadtools CVE-2020-6088 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6087 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6086 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6085 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6084 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6083 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...) NOT-FOR-US: Accusoft CVE-2020-6081 (An exploitable code execution vulnerability exists in the PLC_Task fun ...) NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Runtime CVE-2020-6080 (An exploitable denial-of-service vulnerability exists in the resource ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6079 (An exploitable denial-of-service vulnerability exists in the resource ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1002 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6078 (An exploitable denial-of-service vulnerability exists in the message-p ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1001 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6077 (An exploitable denial-of-service vulnerability exists in the message-p ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1000 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6076 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft CVE-2020-6075 (An exploitable out-of-bounds write vulnerability exists in the store_d ...) NOT-FOR-US: Accusoft CVE-2020-6074 (An exploitable code execution vulnerability exists in the PDF parser o ...) NOT-FOR-US: Nitro Pro CVE-2020-6073 (An exploitable denial-of-service vulnerability exists in the TXT recor ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0996 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6072 (An exploitable code execution vulnerability exists in the label-parsin ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0995 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6071 (An exploitable denial-of-service vulnerability exists in the resource ...) {DSA-4671-1} - libmicrodns - vlc 3.0.8-4 [jessie] - vlc (Not supported in jessie LTS) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0994 NOTE: These were addressed on the source level in 3.0.9, but 3.0.8-4 disables the plugin CVE-2020-6070 (An exploitable code execution vulnerability exists in the file system ...) - f2fs-tools 1.14.0-1 (bug #970941) [buster] - f2fs-tools (Minor issue) [stretch] - f2fs-tools (Minor issue) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0988 CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6068 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6067 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6066 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6065 (An exploitable out-of-bounds write vulnerability exists in the bmp_par ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6064 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way CoTUR ...) {DSA-4711-1} - coturn 4.5.1.1-1.2 (bug #951876) [jessie] - coturn (Vulnerable code introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985 NOTE: https://github.com/coturn/coturn/commit/e09bcd9f7af5b32c81b37f51835b384b5a7d03a8 CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...) {DSA-4711-1} - coturn 4.5.1.1-1.2 (bug #951876) [jessie] - coturn (Vulnerable code introduced later) NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984 NOTE: https://github.com/coturn/coturn/commit/51a7c2b9bf924890c7a3ff4db9c4976c5a93340a CVE-2020-6060 (A stack buffer overflow vulnerability exists in the way MiniSNMPD vers ...) NOT-FOR-US: MiniSNMPD CVE-2020-6059 (An exploitable out of bounds read vulnerability exists in the way Mini ...) NOT-FOR-US: MiniSNMPD CVE-2020-6058 (An exploitable out-of-bounds read vulnerability exists in the way Mini ...) NOT-FOR-US: MiniSNMPD CVE-2020-6057 RESERVED CVE-2020-6056 RESERVED CVE-2020-6055 RESERVED CVE-2020-6054 RESERVED CVE-2020-6053 RESERVED CVE-2020-6052 RESERVED CVE-2020-6051 RESERVED CVE-2020-6050 RESERVED CVE-2020-6049 RESERVED CVE-2020-6048 RESERVED CVE-2020-6047 RESERVED CVE-2020-6046 RESERVED CVE-2020-6045 RESERVED CVE-2020-6044 RESERVED CVE-2020-6043 RESERVED CVE-2020-6042 RESERVED CVE-2020-6041 RESERVED CVE-2020-6040 RESERVED CVE-2020-6039 RESERVED CVE-2020-6038 RESERVED CVE-2020-6037 RESERVED CVE-2020-6036 RESERVED CVE-2020-6035 RESERVED CVE-2020-6034 RESERVED CVE-2020-6033 RESERVED CVE-2020-6032 RESERVED CVE-2020-6031 RESERVED CVE-2020-6030 RESERVED CVE-2020-6029 RESERVED CVE-2020-6028 RESERVED CVE-2020-6027 RESERVED CVE-2020-6026 RESERVED CVE-2020-6025 RESERVED CVE-2020-6024 (Check Point SmartConsole before R80.10 Build 185, R80.20 Build 119, R8 ...) NOT-FOR-US: Check Point SmartConsole CVE-2020-6023 (Check Point ZoneAlarm before version 15.8.139.18543 allows a local act ...) NOT-FOR-US: Check Point ZoneAlarm CVE-2020-6022 (Check Point ZoneAlarm before version 15.8.139.18543 allows a local act ...) NOT-FOR-US: Check Point ZoneAlarm CVE-2020-6021 (Check Point Endpoint Security Client for Windows before version E84.20 ...) NOT-FOR-US: Check Point Endpoint Security Client for Windows CVE-2020-6020 (Check Point Security Management's Internal CA web management before Ju ...) NOT-FOR-US: Check Point CVE-2020-6019 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...) NOT-FOR-US: Valve's Game Networking Sockets CVE-2020-6018 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...) NOT-FOR-US: Valve's Game Networking Sockets CVE-2020-6017 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...) NOT-FOR-US: Valve's Game Networking Sockets CVE-2020-6016 (Valve's Game Networking Sockets prior to version v1.2.0 improperly han ...) NOT-FOR-US: Valve's Game Networking Sockets CVE-2020-6015 (Check Point Endpoint Security for Windows before E84.10 can reach deni ...) NOT-FOR-US: Check Point Endpoint Security Client CVE-2020-6014 (Check Point Endpoint Security Client for Windows, with Anti-Bot or Thr ...) NOT-FOR-US: Check Point Endpoint Security Client CVE-2020-6013 (ZoneAlarm Firewall and Antivirus products before version 15.8.109.1843 ...) NOT-FOR-US: ZoneAlarm CVE-2020-6012 (ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the ...) NOT-FOR-US: ZoneAlarm CVE-2020-6011 RESERVED CVE-2020-6010 (LearnPress Wordpress plugin version prior and including 3.2.6.7 is vul ...) NOT-FOR-US: LearnPress Wordpress plugin CVE-2020-6009 (LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauth ...) NOT-FOR-US: LearnDash Wordpress plugin CVE-2020-6008 (LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbi ...) NOT-FOR-US: LifterLMS Wordpress plugin CVE-2020-6007 (Philips Hue Bridge model 2.X prior to and including version 1935144020 ...) NOT-FOR-US: Philips Hue Bridge model CVE-2020-6006 REJECTED CVE-2020-6005 REJECTED CVE-2020-6004 REJECTED CVE-2020-6003 REJECTED CVE-2020-6002 REJECTED CVE-2020-6001 REJECTED CVE-2020-6000 REJECTED CVE-2020-5999 REJECTED CVE-2020-5998 REJECTED CVE-2020-5997 REJECTED CVE-2020-5996 REJECTED CVE-2020-5995 REJECTED CVE-2020-5994 REJECTED CVE-2020-5993 REJECTED CVE-2020-5992 (NVIDIA GeForce NOW application software on Windows, all versions prior ...) NOT-FOR-US: NVIDIA GeForce NOW application software CVE-2020-5991 (NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerab ...) [experimental] - nvidia-cuda-toolkit 11.1.1-1 - nvidia-cuda-toolkit 11.1.1-2 (bug #973543) [buster] - nvidia-cuda-toolkit (Non-free not supported) [stretch] - nvidia-cuda-toolkit (Non-free not supported) NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5094 CVE-2020-5990 (NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a ...) NOT-FOR-US: NVIDIA GeForce Experience CVE-2020-5989 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5988 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5987 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5986 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5985 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5984 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5983 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5982 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5981 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5980 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5979 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5978 (NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a ...) NOT-FOR-US: NVIDIA GeForce Experience CVE-2020-5977 (NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a ...) NOT-FOR-US: NVIDIA GeForce Experience CVE-2020-5976 (NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and vers ...) NOT-FOR-US: NVIDIA GeForce NOW CVE-2020-5975 (NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, con ...) NOT-FOR-US: NVIDIA GeForce NOW CVE-2020-5974 (NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in i ...) NOT-FOR-US: NVIDIA CVE-2020-5973 (NVIDIA Virtual GPU Manager and the guest drivers contain a vulnerabili ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5972 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5971 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5970 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5969 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5968 (NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5967 (NVIDIA Linux GPU Display Driver, all versions, contains a vulnerabilit ...) - nvidia-graphics-drivers 440.100-1 (bug #963766) [buster] - nvidia-graphics-drivers 418.152.00-1 [stretch] - nvidia-graphics-drivers 390.138-1 [jessie] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908) [buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1 - nvidia-graphics-drivers-legacy-340xx [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) - nvidia-graphics-drivers-legacy-304xx [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) - nvidia-graphics-drivers-tesla-440 440.95.01-1 - nvidia-graphics-drivers-tesla-418 418.152.00-1 NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin CVE-2020-5966 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5965 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5964 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5963 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) - nvidia-graphics-drivers 440.100-1 (bug #963766) [buster] - nvidia-graphics-drivers 418.152.00-1 [stretch] - nvidia-graphics-drivers 390.138-1 [jessie] - nvidia-graphics-drivers (Non-free not supported) - nvidia-graphics-drivers-legacy-390xx 390.138-1 (bug #963908) [buster] - nvidia-graphics-drivers-legacy-390xx 390.138-1~deb10u1 - nvidia-graphics-drivers-legacy-340xx [buster] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) [stretch] - nvidia-graphics-drivers-legacy-340xx (Non-free not supported, no updates provided by Nvidia for 340) - nvidia-graphics-drivers-legacy-304xx [stretch] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) [jessie] - nvidia-graphics-drivers-legacy-304xx (Non-free not supported) - nvidia-graphics-drivers-tesla-440 440.95.01-1 - nvidia-graphics-drivers-tesla-418 418.152.00-1 NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin CVE-2020-5962 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5961 (NVIDIA vGPU graphics driver for guest OS contains a vulnerability in w ...) NOT-FOR-US: NVIDIA vGPU graphics driver for guest OS CVE-2020-5960 (NVIDIA Virtual GPU Manager contains a vulnerability in the kernel modu ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5959 (NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in ...) NOT-FOR-US: NVIDIA Virtual GPU Manager CVE-2020-5958 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: NVIDIA Windows GPU Display Driver CVE-2020-5957 (NVIDIA Windows GPU Display Driver, all versions, contains a vulnerabil ...) NOT-FOR-US: Nvidia driver for Windows CVE-2020-5956 RESERVED CVE-2020-5955 (An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O befor ...) NOT-FOR-US: Int15MicrocodeSmm CVE-2020-5954 RESERVED CVE-2020-5953 RESERVED CVE-2020-5952 RESERVED CVE-2020-5951 RESERVED CVE-2020-5950 (On BIG-IP 14.1.0-14.1.2.6, undisclosed endpoints in iControl REST allo ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5949 (On BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5948 (On BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5947 (In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP plat ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5946 (In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5945 (In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5944 (In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pag ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5943 (In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP objec ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5942 (In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5941 (On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESO ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5940 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a s ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5939 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5938 (On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5937 (On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5936 (On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5935 (On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Con ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5934 (On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, w ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5933 (On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5932 (On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerabil ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5931 (On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5930 (In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5929 (In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, B ...) NOT-FOR-US: F5 CVE-2020-5928 (In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, 13.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5927 (In versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2.6, BIG ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5926 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, and 14.1.0-14.1.2 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5925 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5924 (In BIG-IP APM versions 12.1.0-12.1.5.1 and 11.6.1-11.6.5.2, RADIUS aut ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5923 (In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5922 (In BIG-IP versions 15.0.0-15.1.0.4, 14.1.0-14.1.2.6, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5921 (in BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.6, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5920 (In versions 15.0.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5919 (In versions 15.1.0-15.1.0.4, rendering of certain session variables by ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5918 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5917 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5916 (In BIG-IP versions 15.1.0-15.1.0.4 and 15.0.0-15.0.1.3 the Certificate ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5915 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5914 (In BIG-IP ASM versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5913 (In versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5912 (In BIG-IP versions 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5911 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller ...) NOT-FOR-US: NGINX Controller CVE-2020-5910 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, the Neural Autonomic ...) NOT-FOR-US: NGINX Controller CVE-2020-5909 (In versions 3.0.0-3.5.0, 2.0.0-2.9.0, and 1.0.1, when users run the co ...) NOT-FOR-US: NGINX Controller CVE-2020-5908 (In versions bundled with BIG-IP APM 12.1.0-12.1.5 and 11.6.1-11.6.5.2, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5907 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5906 (In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5905 (In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration utility ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5904 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5903 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5902 (In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5901 (In NGINX Controller 3.3.0-3.4.0, undisclosed API endpoints may allow f ...) NOT-FOR-US: NGINX Controller CVE-2020-5900 (In versions 3.0.0-3.4.0, 2.0.0-2.9.0, and 1.0.1, there is insufficient ...) NOT-FOR-US: NGINX Controller CVE-2020-5899 (In NGINX Controller 3.0.0-3.4.0, recovery code required to change a us ...) NOT-FOR-US: NGINX Controller CVE-2020-5898 (In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver d ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5897 (In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5896 (On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Se ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5895 (On NGINX Controller versions 3.1.0-3.3.0, AVRD uses world-readable and ...) NOT-FOR-US: NGINX Controller CVE-2020-5894 (On versions 3.0.0-3.3.0, the NGINX Controller webserver does not inval ...) NOT-FOR-US: NGINX Controller CVE-2020-5893 (In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Ed ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5892 (In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP A ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5891 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undis ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5890 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5889 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5888 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5887 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5886 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5885 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12. ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5884 (On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5883 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5882 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5881 (On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, whe ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5880 (Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process m ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5879 (On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-I ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5878 (On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Tra ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5877 (On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5876 (On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5875 (On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5874 (On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5873 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5872 (On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0- ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5871 (On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial o ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5870 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization mechanis ...) NOT-FOR-US: F5 CVE-2020-5869 (In BIG-IQ 5.2.0-7.0.0, high availability (HA) synchronization is not s ...) NOT-FOR-US: F5 CVE-2020-5868 (In BIG-IQ 6.0.0-7.0.0, a remote access vulnerability has been discover ...) NOT-FOR-US: F5 CVE-2020-5867 (In versions prior to 3.3.0, the NGINX Controller Agent installer scrip ...) NOT-FOR-US: NGINX Controller CVE-2020-5866 (In versions of NGINX Controller prior to 3.3.0, the helper.sh script, ...) NOT-FOR-US: NGINX Controller CVE-2020-5865 (In versions prior to 3.3.0, the NGINX Controller is configured to comm ...) NOT-FOR-US: NGINX Controller CVE-2020-5864 (In versions of NGINX Controller prior to 3.2.0, communication between ...) NOT-FOR-US: NGINX Controller CVE-2020-5863 (In NGINX Controller versions prior to 3.2.0, an unauthenticated attack ...) NOT-FOR-US: NGINX Controller CVE-2020-5862 (On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5861 (On BIG-IP 12.1.0-12.1.5, the TMM process may produce a core file in so ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5860 (On BIG-IP 15.0.0-15.1.0.2, 14.1.0-14.1.2.3, 13.1.0-13.1.3.2, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5859 (On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5858 (On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5857 (On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5856 (On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specif ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5855 (When the Windows Logon Integration feature is configured for all versi ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5854 (On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5853 (In BIG-IP APM portal access on versions 15.0.0-15.1.0, 14.0.0-14.1.2.3 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5852 (Undisclosed traffic patterns received may cause a disruption of servic ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5851 (On impacted versions and platforms the Trusted Platform Module (TPM) s ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5850 RESERVED CVE-2020-5849 (Unraid 6.8.0 allows authentication bypass. ...) NOT-FOR-US: Unraid CVE-2020-5848 RESERVED CVE-2020-5847 (Unraid through 6.8.0 allows Remote Code Execution. ...) NOT-FOR-US: Unraid CVE-2020-5846 (An insecure file upload and code execution issue was discovered in Ahs ...) NOT-FOR-US: Ahsay Cloud Backup Suite CVE-2020-5845 RESERVED CVE-2020-5844 (index.php?sec=godmode/extensions&sec2=extensions/files_repo in Pan ...) NOT-FOR-US: Pandora FMS CVE-2020-5843 (Codoforum 4.8.3 allows XSS in the admin dashboard via a category to th ...) NOT-FOR-US: Codoforum CVE-2020-5842 (Codoforum 4.8.3 allows XSS in the user registration page: via the user ...) NOT-FOR-US: Codoforum CVE-2020-5841 (An issue was discovered in OpServices OpMon 9.3.1-1. Using password ch ...) NOT-FOR-US: OpServices OpMon CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/R ...) NOT-FOR-US: HashBrown CMS CVE-2020-5839 (Symantec Endpoint Detection And Response, prior to 4.4, may be suscept ...) NOT-FOR-US: Symantec CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-s ...) NOT-FOR-US: Symantec CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...) NOT-FOR-US: Symantec CVE-2020-5836 (Symantec Endpoint Protection, prior to 14.3, can potentially reset the ...) NOT-FOR-US: Symantec CVE-2020-5835 (Symantec Endpoint Protection Manager, prior to 14.3, has a race condit ...) NOT-FOR-US: Symantec CVE-2020-5834 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...) NOT-FOR-US: Symantec CVE-2020-5833 (Symantec Endpoint Protection Manager, prior to 14.3, may be susceptibl ...) NOT-FOR-US: Symantec CVE-2020-5832 (Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6 ...) NOT-FOR-US: Symantec CVE-2020-5831 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5830 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5829 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5828 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5827 (Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, ma ...) NOT-FOR-US: Symantec Endpoint Protection Manager (SEPM) CVE-2020-5826 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5825 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5824 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5823 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5822 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5821 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5820 (Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Sm ...) NOT-FOR-US: Symantec CVE-2020-5819 RESERVED CVE-2020-5818 RESERVED CVE-2020-5817 RESERVED CVE-2020-5816 RESERVED CVE-2020-5815 RESERVED CVE-2020-5814 RESERVED CVE-2020-5813 RESERVED CVE-2020-5812 (Nessus AMI versions 8.12.0 and earlier were found to either not valida ...) NOT-FOR-US: Nessus CVE-2020-5811 (An authenticated path traversal vulnerability exists during package in ...) NOT-FOR-US: Umbraco CMS CVE-2020-5810 (A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or curren ...) NOT-FOR-US: Umbraco CMS CVE-2020-5809 (A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or curren ...) NOT-FOR-US: Umbraco CMS CVE-2020-5808 (In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could po ...) NOT-FOR-US: Tenable CVE-2020-5807 (An unauthenticated remote attacker can send data to RsvcHost.exe liste ...) NOT-FOR-US: FactoryTalk Diagnostics CVE-2020-5806 (An attacker-controlled memory allocation size can be passed to the C++ ...) NOT-FOR-US: FactoryTalk CVE-2020-5805 (In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored ...) NOT-FOR-US: Marvell QConvergeConsole GUI CVE-2020-5804 (Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path trav ...) NOT-FOR-US: Marvell QConvergeConsole GUI CVE-2020-5803 (Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allow ...) NOT-FOR-US: Marvell QConvergeConsole GUI CVE-2020-5802 (An attacker-controlled memory allocation size can be passed to the C++ ...) NOT-FOR-US: FactoryTalk CVE-2020-5801 (An attacker can craft and send an OpenNamespace message to port 4241 w ...) NOT-FOR-US: FactoryTalk CVE-2020-5800 (The Eat Spray Love mobile app for both iOS and Android contains logic ...) NOT-FOR-US: Eat Spray Love mobile app CVE-2020-5799 (The Eat Spray Love mobile app for both iOS and Android contains a back ...) NOT-FOR-US: Eat Spray Love mobile app CVE-2020-5798 (inSync Client installer for macOS versions v6.8.0 and prior could allo ...) NOT-FOR-US: inSync Client installer for macOS CVE-2020-5797 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180 ...) NOT-FOR-US: TP-Link CVE-2020-5796 (Improper preservation of permissions in Nagios XI 5.7.4 allows a local ...) NOT-FOR-US: Nagios XI CVE-2020-5795 (UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200 ...) NOT-FOR-US: TP-Link CVE-2020-5794 (A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and ...) NOT-FOR-US: Nessus CVE-2020-5793 (A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows &a ...) NOT-FOR-US: Nessus CVE-2020-5792 (Improper neutralization of argument delimiters in a command in Nagios ...) NOT-FOR-US: Nagios XI CVE-2020-5791 (Improper neutralization of special elements used in an OS command in N ...) NOT-FOR-US: Nagios XI CVE-2020-5790 (Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker ...) NOT-FOR-US: Nagios XI CVE-2020-5789 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...) NOT-FOR-US: Teltonika CVE-2020-5788 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...) NOT-FOR-US: Teltonika CVE-2020-5787 (Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows ...) NOT-FOR-US: Teltonika CVE-2020-5786 (Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 all ...) NOT-FOR-US: Teltonika CVE-2020-5785 (Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04 ...) NOT-FOR-US: Teltonika CVE-2020-5784 (Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 al ...) NOT-FOR-US: Teltonika CVE-2020-5783 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does n ...) NOT-FOR-US: IgniteNet HeliOS GLinq CVE-2020-5782 (In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ...) NOT-FOR-US: IgniteNet HeliOS GLinq CVE-2020-5781 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is ...) NOT-FOR-US: IgniteNet HeliOS GLinq CVE-2020-5780 (Missing Authentication for Critical Function in Icegram Email Subscrib ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates t ...) NOT-FOR-US: Trading Technologies Messaging CVE-2020-5778 (A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) du ...) NOT-FOR-US: Trading Technologies Messaging CVE-2020-5777 (MAGMI versions prior to 0.7.24 are vulnerable to a remote authenticati ...) NOT-FOR-US: MAGMI CVE-2020-5776 (Currently, all versions of MAGMI are vulnerable to CSRF due to the lac ...) NOT-FOR-US: MAGMI CVE-2020-5775 (Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, ...) NOT-FOR-US: Canvas LMS CVE-2020-5774 (Nessus versions 8.11.0 and earlier were found to maintain sessions lon ...) NOT-FOR-US: Nessus CVE-2020-5773 (Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allow ...) NOT-FOR-US: Teltonika firmware CVE-2020-5772 (Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 all ...) NOT-FOR-US: Teltonika firmware CVE-2020-5771 (Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 all ...) NOT-FOR-US: Teltonika firmware CVE-2020-5770 (Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 al ...) NOT-FOR-US: Teltonika firmware CVE-2020-5769 (Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 ...) NOT-FOR-US: Teltonika CVE-2020-5768 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress CVE-2020-5767 (Cross-site request forgery in Icegram Email Subscribers & Newslett ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress CVE-2020-5766 (Improper Neutralization of Special Elements used in an SQL Command ('S ...) NOT-FOR-US: Wordpress plugin CVE-2020-5765 (Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerabi ...) NOT-FOR-US: Nessus CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable to a d ...) NOT-FOR-US: MX Player Android App CVE-2020-5763 (Grandstream HT800 series firmware version 1.0.17.5 and below contain a ...) NOT-FOR-US: Grandstream CVE-2020-5762 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...) NOT-FOR-US: Grandstream CVE-2020-5761 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...) NOT-FOR-US: Grandstream CVE-2020-5760 (Grandstream HT800 series firmware version 1.0.17.5 and below is vulner ...) NOT-FOR-US: Grandstream CVE-2020-5759 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...) NOT-FOR-US: Grandstream CVE-2020-5758 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...) NOT-FOR-US: Grandstream CVE-2020-5757 (Grandstream UCM6200 series firmware version 1.0.20.23 and below is vul ...) NOT-FOR-US: Grandstream CVE-2020-5756 (Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenti ...) NOT-FOR-US: Grandstream CVE-2020-5755 (Webroot endpoint agents prior to version v9.0.28.48 did not protect th ...) NOT-FOR-US: Webroot CVE-2020-5754 (Webroot endpoint agents prior to version v9.0.28.48 allows remote atta ...) NOT-FOR-US: Webroot CVE-2020-5753 (Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and u ...) NOT-FOR-US: Signal Private Messenger (Android and iOS version) CVE-2020-5752 (Relative path traversal in Druva inSync Windows Client 6.6.3 allows a ...) NOT-FOR-US: Druva inSync Windows Client CVE-2020-5751 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5750 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...) NOT-FOR-US: TCExam CVE-2020-5749 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5748 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, una ...) NOT-FOR-US: TCExam CVE-2020-5747 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5746 (Insufficient output sanitization in TCExam 14.2.2 allows a remote, aut ...) NOT-FOR-US: TCExam CVE-2020-5745 (Cross-site request forgery in TCExam 14.2.2 allows a remote attacker t ...) NOT-FOR-US: TCExam CVE-2020-5744 (Relative Path Traversal in TCExam 14.2.2 allows a remote, authenticate ...) NOT-FOR-US: TCExam CVE-2020-5743 (Improper Control of Resource Identifiers in TCExam 14.2.2 allows a rem ...) NOT-FOR-US: TCExam CVE-2020-5742 (Improper Access Control in Plex Media Server prior to June 15, 2020 al ...) NOT-FOR-US: Plex Media Server CVE-2020-5741 (Deserialization of Untrusted Data in Plex Media Server on Windows allo ...) NOT-FOR-US: Plex Media Server on Windows CVE-2020-5740 (Improper Input Validation in Plex Media Server on Windows allows a loc ...) NOT-FOR-US: Plex Media Server CVE-2020-5739 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...) NOT-FOR-US: Grandstream CVE-2020-5738 (Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable ...) NOT-FOR-US: Grandstream CVE-2020-5737 (Stored XSS in Tenable.Sc before 5.14.0 could allow an authenticated re ...) NOT-FOR-US: Tenable.Sc CVE-2020-5736 (Amcrest cameras and NVR are vulnerable to a null pointer dereference o ...) NOT-FOR-US: Amcrest CVE-2020-5735 (Amcrest cameras and NVR are vulnerable to a stack-based buffer overflo ...) NOT-FOR-US: Amcrest CVE-2020-5734 (Classic buffer overflow in SolarWinds Dameware allows a remote, unauth ...) NOT-FOR-US: SolarWinds CVE-2020-5733 (In OpenMRS 2.9 and prior, the export functionality of the Data Exchang ...) NOT-FOR-US: OpenMRS CVE-2020-5732 (In OpenMRS 2.9 and prior, he import functionality of the Data Exchange ...) NOT-FOR-US: OpenMRS CVE-2020-5731 (In OpenMRS 2.9 and prior, the app parameter for the ActiveVisit's page ...) NOT-FOR-US: OpenMRS CVE-2020-5730 (In OpenMRS 2.9 and prior, the sessionLocation parameter for the login ...) NOT-FOR-US: OpenMRS CVE-2020-5729 (In OpenMRS 2.9 and prior, the UI Framework Error Page reflects arbitra ...) NOT-FOR-US: OpenMRS CVE-2020-5728 (OpenMRS 2.9 and prior copies "Referrer" header values into an html ele ...) NOT-FOR-US: OpenMRS CVE-2020-5727 (Authentication bypass using an alternate path or channel in SimpliSafe ...) NOT-FOR-US: SimpliSafe CVE-2020-5726 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5725 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5724 (The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQ ...) NOT-FOR-US: Grandstream CVE-2020-5723 (The UCM6200 series 1.0.20.22 and below stores unencrypted user passwor ...) NOT-FOR-US: UCM6200 CVE-2020-5722 (The HTTP interface of the Grandstream UCM6200 series is vulnerable to ...) NOT-FOR-US: Grandstream CVE-2020-5721 (MikroTik WinBox 3.22 and below stores the user's cleartext password in ...) NOT-FOR-US: MikroTik CVE-2020-5720 (MikroTik WinBox before 3.21 is vulnerable to a path traversal vulnerab ...) NOT-FOR-US: MikroTik WinBox CVE-2020-5719 RESERVED CVE-2020-5718 RESERVED CVE-2020-5717 RESERVED CVE-2020-5716 RESERVED CVE-2020-5715 RESERVED CVE-2020-5714 RESERVED CVE-2020-5713 RESERVED CVE-2020-5712 RESERVED CVE-2020-5711 RESERVED CVE-2020-5710 RESERVED CVE-2020-5709 RESERVED CVE-2020-5708 RESERVED CVE-2020-5707 RESERVED CVE-2020-5706 RESERVED CVE-2020-5705 RESERVED CVE-2020-5704 RESERVED CVE-2020-5703 RESERVED CVE-2020-5702 RESERVED CVE-2020-5701 RESERVED CVE-2020-5700 RESERVED CVE-2020-5699 RESERVED CVE-2020-5698 RESERVED CVE-2020-5697 RESERVED CVE-2020-5696 RESERVED CVE-2020-5695 RESERVED CVE-2020-5694 RESERVED CVE-2020-5693 RESERVED CVE-2020-5692 RESERVED CVE-2020-5691 RESERVED CVE-2020-5690 RESERVED CVE-2020-5689 RESERVED CVE-2020-5688 RESERVED CVE-2020-5687 RESERVED CVE-2020-5686 (Incorrect implementation of authentication algorithm issue in UNIVERGE ...) NOT-FOR-US: UNIVERGE CVE-2020-5685 (UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 al ...) NOT-FOR-US: UNIVERGE CVE-2020-5684 (iSM client versions from V5.1 prior to V12.1 running on NEC Storage Ma ...) NOT-FOR-US: iSM client CVE-2020-5683 (Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v ...) NOT-FOR-US: GROWI CVE-2020-5682 (Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Seri ...) NOT-FOR-US: GROWI CVE-2020-5681 (Untrusted search path vulnerability in self-extracting files created b ...) NOT-FOR-US: EpsonNet SetupManager CVE-2020-5680 (Improper input validation vulnerability in EC-CUBE versions from 3.0.5 ...) NOT-FOR-US: EC-CUBE CVE-2020-5679 (Improper restriction of rendered UI layers or frames in EC-CUBE versio ...) NOT-FOR-US: EC-CUBE CVE-2020-5678 (Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier ...) NOT-FOR-US: GROWI CVE-2020-5677 (Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earli ...) NOT-FOR-US: GROWI CVE-2020-5676 (GROWI v4.1.3 and earlier allow remote attackers to obtain information ...) NOT-FOR-US: GROWI CVE-2020-5675 (Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD ...) NOT-FOR-US: Mitsubishi CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...) NOT-FOR-US: SEIKO EPSON products CVE-2020-5673 RESERVED CVE-2020-5672 RESERVED CVE-2020-5671 RESERVED CVE-2020-5670 RESERVED CVE-2020-5669 (Cross-site scripting vulnerability in Movable Type Movable Type Premiu ...) - movabletype-opensource CVE-2020-5668 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series ...) NOT-FOR-US: Mitsubishi Electric CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS ...) NOT-FOR-US: Studyplus CVE-2020-5666 (Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series ...) NOT-FOR-US: Mitsubishi Electric CVE-2020-5665 (Improper check or handling of exceptional conditions in MELSEC iQ-F se ...) NOT-FOR-US: Mitsubishi Electric CVE-2020-5664 (Deserialization of untrusted data vulnerability in XooNIps 3.49 and ea ...) NOT-FOR-US: XooNIps CVE-2020-5663 (Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier ...) NOT-FOR-US: XooNIps CVE-2020-5662 (Reflected cross-site scripting vulnerability in XooNIps 3.49 and earli ...) NOT-FOR-US: XooNIps CVE-2020-5661 RESERVED CVE-2020-5660 RESERVED CVE-2020-5659 (SQL injection vulnerability in the XooNIps 3.49 and earlier allows rem ...) NOT-FOR-US: XooNIps CVE-2020-5658 (Resource Management Errors vulnerability in TCP/IP function included i ...) NOT-FOR-US: Mitsubishi CVE-2020-5657 (Improper neutralization of argument delimiters in a command ('Argument ...) NOT-FOR-US: Mitsubishi CVE-2020-5656 (Improper access control vulnerability in TCP/IP function included in t ...) NOT-FOR-US: Mitsubishi CVE-2020-5655 (NULL pointer dereferences vulnerability in TCP/IP function included in ...) NOT-FOR-US: Mitsubishi CVE-2020-5654 (Session fixation vulnerability in TCP/IP function included in the firm ...) NOT-FOR-US: Mitsubishi CVE-2020-5653 (Buffer overflow vulnerability in TCP/IP function included in the firmw ...) NOT-FOR-US: Mitsubishi CVE-2020-5652 (Uncontrolled resource consumption vulnerability in Ethernet Port on ME ...) NOT-FOR-US: Mitsubishi CVE-2020-5651 (SQL injection vulnerability in Simple Download Monitor 3.8.8 and earli ...) NOT-FOR-US: Simple Download Monitor CVE-2020-5650 (Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 an ...) NOT-FOR-US: Simple Download Monitor CVE-2020-5649 (Resource management error vulnerability in TCP/IP function included in ...) NOT-FOR-US: Mitsubishi CVE-2020-5648 (Improper neutralization of argument delimiters in a command ('Argument ...) NOT-FOR-US: Mitsubishi CVE-2020-5647 (Improper access control vulnerability in TCP/IP function included in t ...) NOT-FOR-US: Mitsubishi CVE-2020-5646 (NULL pointer dereferences vulnerability in TCP/IP function included in ...) NOT-FOR-US: Mitsubishi CVE-2020-5645 (Session fixation vulnerability in TCP/IP function included in the firm ...) NOT-FOR-US: Mitsubishi CVE-2020-5644 (Buffer overflow vulnerability in TCP/IP function included in the firmw ...) NOT-FOR-US: Mitsubishi CVE-2020-5643 (Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0. ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Live su ...) NOT-FOR-US: Live Chat CVE-2020-5641 (Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware v ...) NOT-FOR-US: GS108Ev3 firmware CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier ...) NOT-FOR-US: OneThird CMS CVE-2020-5639 (Directory traversal vulnerability in FileZen versions from V3.0.0 to V ...) NOT-FOR-US: FileZen CVE-2020-5638 (Cross-site scripting vulnerability in desknet's NEO (desknet's NEO Sma ...) NOT-FOR-US: desknet's NEO CVE-2020-5637 (Improper validation of integrity check value vulnerability in Aterm SA ...) NOT-FOR-US: Aterm SA3500G firmware CVE-2020-5636 (Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker ...) NOT-FOR-US: Aterm SA3500G firmware CVE-2020-5635 (Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker ...) NOT-FOR-US: Aterm SA3500G firmware CVE-2020-5634 (ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC ...) NOT-FOR-US: ELECOM LAN routers CVE-2020-5633 (Multiple NEC products (Express5800/T110j, Express5800/T110j-S, Express ...) NOT-FOR-US: NEC CVE-2020-5632 (InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and ...) NOT-FOR-US: InfoCage SiteShell CVE-2020-5631 (Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 ...) NOT-FOR-US: CMONOS.JP CVE-2020-5630 RESERVED CVE-2020-5629 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...) NOT-FOR-US: UNIQLO App for Android CVE-2020-5628 (UNIQLO App for Android versions 7.3.3 and earlier allows remote attack ...) NOT-FOR-US: UNIQLO App for Android CVE-2020-5627 (Yodobashi App for Android versions 1.8.7 and earlier allows remote att ...) NOT-FOR-US: Yodobashi App for Android CVE-2020-5626 (Logstorage version 8.0.0 and earlier, and ELC Analytics version 3.0.0 ...) NOT-FOR-US: Logstorage CVE-2020-5625 (Cross-site scripting vulnerability in XooNIps 3.48 and earlier allows ...) NOT-FOR-US: XooNIps CVE-2020-5624 (SQL injection vulnerability in the XooNIps 3.48 and earlier allows rem ...) NOT-FOR-US: XooNIps CVE-2020-5623 (NITORI App for Android versions 6.0.4 and earlier and NITORI App for i ...) NOT-FOR-US: NITORI App for Android and iOS CVE-2020-5622 (Shadankun Server Security Type (excluding normal blocking method types ...) NOT-FOR-US: Shadankun Server Security Type CVE-2020-5621 (Cross-site request forgery (CSRF) vulnerability in NETGEAR switching h ...) NOT-FOR-US: Netgear CVE-2020-5620 (Cross-site scripting vulnerability in Exment prior to v3.6.0 allows re ...) NOT-FOR-US: Exment CVE-2020-5619 (Cross-site scripting vulnerability in Exment prior to v3.6.0 allows re ...) NOT-FOR-US: Exment CVE-2020-5618 RESERVED CVE-2020-5617 (Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12 ...) NOT-FOR-US: SKYSEA Client View CVE-2020-5616 ([Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], ...) NOT-FOR-US: Calendar01 CVE-2020-5615 (Cross-site request forgery (CSRF) vulnerability in [Calendar01] free e ...) NOT-FOR-US: Calendar01 CVE-2020-5614 (Directory traversal vulnerability in KonaWiki 3.1.0 and earlier allows ...) NOT-FOR-US: KonaWiki CVE-2020-5613 (Cross-site scripting vulnerability in KonaWiki 3.1.0 and earlier allow ...) NOT-FOR-US: KonaWiki CVE-2020-5612 (Cross-site scripting vulnerability in KonaWiki 2.2.0 and earlier allow ...) NOT-FOR-US: KonaWiki CVE-2020-5611 (Cross-site request forgery (CSRF) vulnerability in Social Sharing Plug ...) NOT-FOR-US: Social Sharing Plugin for WordPress CVE-2020-5610 (Global TechStream (GTS) for TOYOTA dealers version 15.10.032 and earli ...) NOT-FOR-US: Global TechStream (GTS) for TOYOTA dealers CVE-2020-5609 (Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (incl ...) NOT-FOR-US: Yokogawa CAMS CVE-2020-5608 (CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 t ...) NOT-FOR-US: Yokogawa CAMS CVE-2020-5607 (Open redirect vulnerability in SHIRASAGI v1.13.1 and earlier allows re ...) NOT-FOR-US: SHIRASAGI CVE-2020-5606 (Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earli ...) NOT-FOR-US: WHR-G54S firmware CVE-2020-5605 (Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlie ...) NOT-FOR-US: WHR-G54S firmware CVE-2020-5604 (Android App 'Mercari' (Japan version) prior to version 3.52.0 allows a ...) NOT-FOR-US: Mercari CVE-2020-5603 (Uncontrolled resource consumption vulnerability in Mitsubishi Electori ...) NOT-FOR-US: Mitsubishi CVE-2020-5602 (Mitsubishi Electoric FA Engineering Software (CPU Module Logging Confi ...) NOT-FOR-US: Mitsubishi CVE-2020-5601 (Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote a ...) NOT-FOR-US: Chrome Extension for e-Tax Reception System CVE-2020-5600 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5599 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5598 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5597 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5596 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5595 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) NOT-FOR-US: Mitsubishi CVE-2020-5594 (Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules ...) NOT-FOR-US: Mitsubishi CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP cod ...) NOT-FOR-US: Zenphoto CVE-2020-5592 (Cross-site scripting vulnerability in Zenphoto versions prior to 1.5.7 ...) NOT-FOR-US: Zenphoto CVE-2020-5591 (XACK DNS 1.11.0 to 1.11.4, 1.10.0 to 1.10.8, 1.8.0 to 1.8.23, 1.7.0 to ...) NOT-FOR-US: XACK DNS CVE-2020-5590 (Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 ...) NOT-FOR-US: EC-CUBE CVE-2020-5589 (SONY Wireless Headphones WF-1000X, WF-SP700N, WH-1000XM2, WH-1000XM3, ...) NOT-FOR-US: SONY CVE-2020-5588 (Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows at ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5587 (Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to o ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5586 (Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 5.0.1 al ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5585 (Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 all ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5584 (Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintend ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5583 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5582 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5581 (Path traversal vulnerability in Cybozu Garoon 4.0.0 to 5.0.1 allows re ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5580 (Cybozu Garoon 4.0.0 to 5.0.1 allows remote authenticated attackers to ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5579 (SQL injection vulnerability in the Paid Memberships versions prior to ...) NOT-FOR-US: Paid Memberships CVE-2020-5578 RESERVED CVE-2020-5577 (Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movabl ...) - movabletype-opensource CVE-2020-5576 (Cross-site request forgery (CSRF) vulnerability in Movable Type series ...) - movabletype-opensource CVE-2020-5575 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...) - movabletype-opensource CVE-2020-5574 (HTML attribute value injection vulnerability in Movable Type series (M ...) - movabletype-opensource CVE-2020-5573 (Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attack ...) NOT-FOR-US: Android App 'kintone mobile for Android' CVE-2020-5572 (Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker t ...) NOT-FOR-US: Android App 'Mailwise for Android' CVE-2020-5571 (SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQ ...) NOT-FOR-US: SHARP AQUOS CVE-2020-5570 (Cross-site scripting vulnerability in Sales Force Assistant version 11 ...) NOT-FOR-US: Sales Force Assistant CVE-2020-5569 (An unquoted search path vulnerability exists in HDD Password tool (for ...) NOT-FOR-US: HDD Password tool (CANVIO) CVE-2020-5568 (Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 all ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5567 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5566 (Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5565 (Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5564 (Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 al ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5563 (Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5562 (Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6. ...) NOT-FOR-US: Cybozu Garoon CVE-2020-5561 (Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS ...) NOT-FOR-US: Keijiban Tsumiki CVE-2020-5560 (WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS c ...) NOT-FOR-US: WL-Enq CVE-2020-5559 (Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remo ...) NOT-FOR-US: WL-Enq CVE-2020-5558 (CuteNews 2.0.1 allows remote authenticated attackers to execute arbitr ...) NOT-FOR-US: CuteNews CVE-2020-5557 (Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote att ...) NOT-FOR-US: CuteNews CVE-2020-5556 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5555 (Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5554 (Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 a ...) NOT-FOR-US: Shihonkanri Plus GOOUT CVE-2020-5553 (mailform version 1.04 allows remote attackers to execute arbitrary PHP ...) NOT-FOR-US: mailform CVE-2020-5552 (Cross-site scripting vulnerability in mailform version 1.04 allows rem ...) NOT-FOR-US: mailform CVE-2020-5551 (Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenti ...) NOT-FOR-US: Toyota CVE-2020-5550 (Session fixation vulnerability in EasyBlocks IPv6 Ver. 2.0.1 and earli ...) NOT-FOR-US: EasyBlocks CVE-2020-5549 (Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver ...) NOT-FOR-US: EasyBlocks CVE-2020-5548 (Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yam ...) NOT-FOR-US: Yamaha CVE-2020-5547 (Resource Management Errors vulnerability in TCP function included in t ...) NOT-FOR-US: Mitsubishi CVE-2020-5546 (Improper Neutralization of Argument Delimiters in a Command ('Argument ...) NOT-FOR-US: Mitsubishi CVE-2020-5545 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...) NOT-FOR-US: Mitsubishi CVE-2020-5544 (Null Pointer Dereference vulnerability in TCP function included in the ...) NOT-FOR-US: Mitsubishi CVE-2020-5543 (TCP function included in the firmware of Mitsubishi Electric MELQIC IU ...) NOT-FOR-US: Mitsubishi CVE-2020-5542 (Buffer error vulnerability in TCP function included in the firmware of ...) NOT-FOR-US: Mitsubishi CVE-2020-5541 (Open redirect vulnerability in CyberMail Ver.6.x and Ver.7.x allows re ...) NOT-FOR-US: CyberMail CVE-2020-5540 (Cross-site scripting vulnerability in CyberMail Ver.6.x and Ver.7.x al ...) NOT-FOR-US: CyberMail CVE-2020-5539 (GRANDIT Ver.1.6, Ver.2.0, Ver.2.1, Ver.2.2, Ver.2.3, and Ver.3.0 do no ...) NOT-FOR-US: GRANDIT CVE-2020-5538 (Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows ...) NOT-FOR-US: PALLET CONTROL CVE-2020-5537 (Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code executi ...) NOT-FOR-US: Cybozu CVE-2020-5536 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...) NOT-FOR-US: OpenBlocks IoT VX2 CVE-2020-5535 (OpenBlocks IoT VX2 prior to Ver.4.0.0 (Ver.3 Series) allows an attacke ...) NOT-FOR-US: OpenBlocks IoT VX2 CVE-2020-5534 (Aterm WG2600HS firmware Ver1.3.2 and earlier allows an authenticated a ...) NOT-FOR-US: Aterm WG2600HS firmware CVE-2020-5533 (Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.3.2 ...) NOT-FOR-US: Aterm WG2600HS firmware CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for ...) NOT-FOR-US: ilbo App CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI500 ...) NOT-FOR-US: Mitsubishi CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy Property Listi ...) NOT-FOR-US: Easy Property Listings plugin for WordPress CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...) {DLA-2326-1} - htmlunit NOTE: https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28 CVE-2020-5528 (Cross-site scripting vulnerability in Movable Type series (Movable Typ ...) - movabletype-opensource CVE-2020-5527 (When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC ...) NOT-FOR-US: Mitsubishi CVE-2020-5526 (The AWMS Mobile App for Android 2.0.0 to 2.0.5 and for iOS 2.0.0 to 2. ...) NOT-FOR-US: AWMS Mobile App for Android and iOS CVE-2020-5525 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG120 ...) NOT-FOR-US: Aterm series firmware CVE-2020-5524 (Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG120 ...) NOT-FOR-US: Aterm series firmware CVE-2020-5523 (Android App 'MyPallete' and some of the Android banking applications b ...) NOT-FOR-US: MyPallete CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify ...) NOT-FOR-US: kantan netprint App for Android CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...) NOT-FOR-US: kantan netprint App for iOS CVE-2020-5520 (The netprint App for iOS 3.2.3 and earlier does not verify X.509 certi ...) NOT-FOR-US: netprint App for iOS CVE-2020-5519 (The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly ...) NOT-FOR-US: OpenLiteSpeed CVE-2020-5518 RESERVED CVE-2020-5517 (CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access ...) NOT-FOR-US: BlueOnyx CVE-2020-5516 RESERVED CVE-2020-5515 (Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. ...) NOT-FOR-US: Gila CMS CVE-2020-5514 (Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous ...) NOT-FOR-US: Gila CMS CVE-2020-5513 (Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. ...) NOT-FOR-US: Gila CMS CVE-2020-5512 (Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. ...) NOT-FOR-US: Gila CMS CVE-2020-5511 (PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypas ...) NOT-FOR-US: PHPGurukul Small CRM CVE-2020-5510 (PHPGurukul Hostel Management System v2.0 allows SQL injection via the ...) NOT-FOR-US: PHPGurukul Hostel Management System CVE-2020-5509 (PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an ...) NOT-FOR-US: PHPGurukul Car Rental Project CVE-2020-5508 RESERVED CVE-2020-5507 RESERVED CVE-2020-5506 RESERVED CVE-2020-5505 (Freelancy v1.0.0 allows remote command execution via the "file":"data: ...) NOT-FOR-US: Freelancy CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists ...) {DLA-2060-1} - phpmyadmin 4:4.9.4+dfsg1-1 (bug #948718) [stretch] - phpmyadmin 4:4.6.6-4+deb9u1 NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983 NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/ CVE-2020-5503 RESERVED CVE-2020-5502 (phpBB 3.2.8 allows a CSRF attack that can approve pending group member ...) NOT-FOR-US: phpBB CVE-2020-5501 (phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. ...) NOT-FOR-US: phpBB CVE-2020-5500 RESERVED CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...) NOT-FOR-US: Baidu Rust SGX SDK CVE-2020-5498 REJECTED CVE-2020-5497 (The OpenID Connect reference implementation for MITREid Connect throug ...) NOT-FOR-US: MITREid Connect CVE-2020-5496 (FontForge 20190801 has a heap-based buffer overflow in the Type2NotDef ...) - fontforge 1:20201107~dfsg-1 (bug #948231) [buster] - fontforge (Minor issue) [stretch] - fontforge (Minor issue) [jessie] - fontforge (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/4085 CVE-2020-5495 REJECTED CVE-2020-5494 REJECTED CVE-2020-5493 REJECTED CVE-2020-5492 REJECTED CVE-2020-5491 REJECTED CVE-2020-5490 REJECTED CVE-2020-5489 REJECTED CVE-2020-5488 REJECTED CVE-2020-5487 REJECTED CVE-2020-5486 REJECTED CVE-2020-5485 REJECTED CVE-2020-5484 REJECTED CVE-2020-5483 REJECTED CVE-2020-5482 REJECTED CVE-2020-5481 REJECTED CVE-2020-5480 REJECTED CVE-2020-5479 REJECTED CVE-2020-5478 REJECTED CVE-2020-5477 REJECTED CVE-2020-5476 REJECTED CVE-2020-5475 REJECTED CVE-2020-5474 REJECTED CVE-2020-5473 REJECTED CVE-2020-5472 REJECTED CVE-2020-5471 REJECTED CVE-2020-5470 REJECTED CVE-2020-5469 REJECTED CVE-2020-5468 REJECTED CVE-2020-5467 REJECTED CVE-2020-5466 REJECTED CVE-2020-5465 REJECTED CVE-2020-5464 REJECTED CVE-2020-5463 REJECTED CVE-2020-5462 REJECTED CVE-2020-5461 REJECTED CVE-2020-5460 REJECTED CVE-2020-5459 REJECTED CVE-2020-5458 REJECTED CVE-2020-5457 REJECTED CVE-2020-5456 REJECTED CVE-2020-5455 REJECTED CVE-2020-5454 REJECTED CVE-2020-5453 REJECTED CVE-2020-5452 REJECTED CVE-2020-5451 REJECTED CVE-2020-5450 REJECTED CVE-2020-5449 REJECTED CVE-2020-5448 REJECTED CVE-2020-5447 REJECTED CVE-2020-5446 REJECTED CVE-2020-5445 REJECTED CVE-2020-5444 REJECTED CVE-2020-5443 REJECTED CVE-2020-5442 REJECTED CVE-2020-5441 REJECTED CVE-2020-5440 REJECTED CVE-2020-5439 REJECTED CVE-2020-5438 REJECTED CVE-2020-5437 REJECTED CVE-2020-5436 REJECTED CVE-2020-5435 REJECTED CVE-2020-5434 REJECTED CVE-2020-5433 REJECTED CVE-2020-5432 REJECTED CVE-2020-5431 REJECTED CVE-2020-5430 REJECTED CVE-2020-5429 REJECTED CVE-2020-5428 (In applications using Spring Cloud Task 2.2.4.RELEASE and below, may b ...) NOT-FOR-US: VMware CVE-2020-5427 (In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5 ...) NOT-FOR-US: VMware CVE-2020-5426 (Scheduler for TAS prior to version 1.4.0 was permitting plaintext tran ...) NOT-FOR-US: VMware CVE-2020-5425 (Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x v ...) NOT-FOR-US: VMware CVE-2020-5424 REJECTED CVE-2020-5423 (CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a ...) NOT-FOR-US: Cloud Foundry CVE-2020-5422 (BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA pas ...) NOT-FOR-US: BOSH System Metrics Server CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...) - libspring-java 4.3.30-1 (bug #973381) [buster] - libspring-java (Minor issue) [stretch] - libspring-java (Minor issue, no known patch) NOTE: https://tanzu.vmware.com/security/cve-2020-5421 NOTE: https://github.com/spring-projects/spring-framework/issues/26821 (patch unidentifiable) CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...) NOT-FOR-US: Cloud Foundry CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...) - rabbitmq-server (Windows-specific vulnerability) CVE-2020-5418 (Cloud Foundry CAPI (Cloud Controller) versions prior to 1.98.0 allow a ...) NOT-FOR-US: Cloud Foundry CVE-2020-5417 (Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when ...) NOT-FOR-US: Cloud Foundry CVE-2020-5416 (Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used ...) NOT-FOR-US: Cloud Foundry CVE-2020-5415 (Concourse, versions prior to 6.3.1 and 6.4.1, in installations which u ...) NOT-FOR-US: Councourse CVE-2020-5414 (VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7. ...) NOT-FOR-US: VMware CVE-2020-5413 (Spring Integration framework provides Kryo Codec implementations as an ...) NOT-FOR-US: VMware CVE-2020-5412 (Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x pr ...) NOT-FOR-US: Spring Cloud Netflix CVE-2020-5411 (When configured to enable default typing, Jackson contained a deserial ...) NOT-FOR-US: spring-batch CVE-2020-5410 (Spring Cloud Config, versions 2.2.x prior to 2.2.3, versions 2.1.x pri ...) NOT-FOR-US: Spring Cloud Config CVE-2020-5409 (Pivotal Concourse, most versions prior to 6.0.0, allows redirects to u ...) NOT-FOR-US: Pivotal CVE-2020-5408 (Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5 ...) - libspring-security-2.0-java [jessie] - libspring-security-2.0-java (Vulnerable code introduced later) CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 ...) - libspring-security-2.0-java [jessie] - libspring-security-2.0-java (Vulnerable code introduced later) CVE-2020-5406 (VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6. ...) NOT-FOR-US: VMware CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...) NOT-FOR-US: Spring Cloud Config CVE-2020-5404 (The HttpClient from Reactor Netty, versions 0.9.x prior to 0.9.5, and ...) NOT-FOR-US: Reactor Netty, different from src:netty CVE-2020-5403 (Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a UR ...) NOT-FOR-US: Reactor Netty, different from src:netty CVE-2020-5402 (In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability ...) NOT-FOR-US: Cloud Foundry CVE-2020-5401 (Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoR ...) NOT-FOR-US: Cloud Foundry CVE-2020-5400 (Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs ...) NOT-FOR-US: Cloud Foundry CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...) NOT-FOR-US: Cloud Foundry CredHub CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...) - libspring-java (Vulnerable code not present) NOTE: https://pivotal.io/security/cve-2020-5398 NOTE: https://github.com/spring-projects/spring-framework/issues/24220 NOTE: https://github.com/spring-projects/spring-framework/commit/41f40c6c229d3b4f768718f1ec229d8f0ad76d76 NOTE: https://github.com/spring-projects/spring-framework/commit/956ffe68587c8d5f21135b5ce4650af0c2dea933 CVE-2020-5397 (Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF ...) - libspring-java (Only affects 5.2.x) NOTE: https://pivotal.io/security/cve-2020-5397 NOTE: https://github.com/spring-projects/spring-framework/issues/24327 NOTE: https://github.com/spring-projects/spring-framework/commit/bc7d01048579430b4b2df668178809b63d3f1929 CVE-2020-5396 (VMware GemFire versions prior to 9.10.0, 9.9.2, 9.8.7, and 9.7.6, and ...) NOT-FOR-US: VMware CVE-2020-5395 (FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd. ...) - fontforge 1:20201107~dfsg-1 (bug #948231) [buster] - fontforge (Minor issue) [stretch] - fontforge (Minor issue) [jessie] - fontforge (Minor issue) NOTE: https://github.com/fontforge/fontforge/issues/4084 NOTE: https://github.com/fontforge/fontforge/commit/048a91e2682c1a8936ae34dbc7bd70291ec05410 NOTE: Additional patch required (to not open up CVE-2020-25690): NOTE: https://github.com/fontforge/fontforge/commit/b96273acc691ac8a36c6a8dd4de8e6edd7eaae59 CVE-2020-5394 RESERVED CVE-2020-5393 (In Appspace On-Prem through 7.1.3, an adversary can steal a session to ...) NOT-FOR-US: Appspace On-Prem CVE-2020-5392 (A stored cross-site scripting (XSS) vulnerability exists in the Auth0 ...) NOT-FOR-US: Auth0 plugin for WordPress CVE-2020-5391 (Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 p ...) NOT-FOR-US: Auth0 plugin for WordPress CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML docum ...) {DSA-4630-1 DLA-2119-1} - python-pysaml2 4.5.0-7 (bug #949322) NOTE: https://github.com/IdentityPython/pysaml2/commit/5e9d5acbcd8ae45c4e736ac521fd2df5b1c62e25 (v5.0.0) CVE-2020-5389 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...) NOT-FOR-US: Dell CVE-2020-5388 (Dell Inspiron 15 7579 2-in-1 BIOS versions prior to 1.31.0 contain an ...) NOT-FOR-US: Dell CVE-2020-5387 (Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Ex ...) NOT-FOR-US: Dell CVE-2020-5386 (Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource ...) NOT-FOR-US: EMC CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suit ...) NOT-FOR-US: Dell CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Wi ...) NOT-FOR-US: RSA MFA Agent CVE-2020-5383 (Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS vers ...) NOT-FOR-US: EMC CVE-2020-5382 RESERVED CVE-2020-5381 RESERVED CVE-2020-5380 RESERVED CVE-2020-5379 (Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot ...) NOT-FOR-US: Dell CVE-2020-5378 (Dell G7 17 7790 BIOS versions prior to 1.13.2 contain a UEFI BIOS Boot ...) NOT-FOR-US: Dell CVE-2020-5377 (Dell EMC OpenManage Server Administrator (OMSA) versions 9.4 and prior ...) NOT-FOR-US: EMC CVE-2020-5376 (Dell Inspiron 7347 BIOS versions prior to A13 contain a UEFI BIOS Boot ...) NOT-FOR-US: Dell CVE-2020-5375 RESERVED CVE-2020-5374 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...) NOT-FOR-US: EMC CVE-2020-5373 (Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) ...) NOT-FOR-US: EMC CVE-2020-5372 (Dell EMC PowerStore versions prior to 1.0.1.0.5.002 contain a vulnerab ...) NOT-FOR-US: EMC CVE-2020-5371 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...) NOT-FOR-US: EMC CVE-2020-5370 (Dell EMC OpenManage Enterprise (OME) versions prior to 3.4 contain an ...) NOT-FOR-US: EMC CVE-2020-5369 (Dell EMC Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...) NOT-FOR-US: EMC CVE-2020-5368 (Dell EMC VxRail versions 4.7.410 and 4.7.411 contain an improper authe ...) NOT-FOR-US: EMC CVE-2020-5367 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC U ...) NOT-FOR-US: Dell EMC CVE-2020-5366 (Dell EMC iDRAC9 versions prior to 4.20.20.20 contain a Path Traversal ...) NOT-FOR-US: EMC CVE-2020-5365 (Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vul ...) NOT-FOR-US: EMC CVE-2020-5364 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vul ...) NOT-FOR-US: EMC CVE-2020-5363 (Select Dell Client Consumer and Commercial platforms include an issue ...) NOT-FOR-US: Dell CVE-2020-5362 (Dell Client Consumer and Commercial platforms include an improper auth ...) NOT-FOR-US: Dell CVE-2020-5361 (Select Dell Client Commercial and Consumer platforms support a BIOS pa ...) NOT-FOR-US: Dell CVE-2020-5360 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable ...) NOT-FOR-US: Dell CVE-2020-5359 (Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable ...) NOT-FOR-US: Dell CVE-2020-5358 (Dell Encryption versions prior to 10.7 and Dell Endpoint Security Suit ...) NOT-FOR-US: Dell Encryption CVE-2020-5357 (Dell Dock Firmware Update Utilities for Dell Client Consumer and Comme ...) NOT-FOR-US: Dell CVE-2020-5356 (Dell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell ...) NOT-FOR-US: Dell CVE-2020-5355 RESERVED CVE-2020-5354 RESERVED CVE-2020-5353 (The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerSca ...) NOT-FOR-US: EMC CVE-2020-5352 (Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS comma ...) NOT-FOR-US: EMC CVE-2020-5351 (Dell EMC Data Protection Advisor versions 6.4, 6.5 and 18.1 contain an ...) NOT-FOR-US: EMC CVE-2020-5350 (Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, ...) NOT-FOR-US: EMC CVE-2020-5349 (Dell EMC Networking S4100 and S5200 Series Switches manufactured prior ...) NOT-FOR-US: EMC CVE-2020-5348 (Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a ...) NOT-FOR-US: Dell CVE-2020-5347 (Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of s ...) NOT-FOR-US: Dell EMC Isilon OneFS CVE-2020-5346 (RSA Authentication Manager versions prior to 8.4 P11 contain a stored ...) NOT-FOR-US: RSA Authentication Manager CVE-2020-5345 (Dell EMC Unisphere for PowerMax versions prior to 9.1.0.17, Dell EMC U ...) NOT-FOR-US: Dell EMC CVE-2020-5344 (Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70. ...) NOT-FOR-US: EMC CVE-2020-5343 (Dell Client platforms restored using a Dell OS recovery image download ...) NOT-FOR-US: Dell CVE-2020-5342 (Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect ...) NOT-FOR-US: Dell CVE-2020-5341 (Deserialization of Untrusted Data Vulnerability Dell EMC Avamar Server ...) NOT-FOR-US: EMC CVE-2020-5340 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...) NOT-FOR-US: RSA Authentication Manager CVE-2020-5339 (RSA Authentication Manager versions prior to 8.4 P10 contain a stored ...) NOT-FOR-US: RSA Authentication Manager CVE-2020-5338 RESERVED CVE-2020-5337 (RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirect ...) NOT-FOR-US: RSA CVE-2020-5336 (RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL injectio ...) NOT-FOR-US: RSA CVE-2020-5335 (RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contain a cross-site r ...) NOT-FOR-US: RSA CVE-2020-5334 (RSA Archer, versions prior to 6.7 P2 (6.7.0.2), contains a Document Ob ...) NOT-FOR-US: RSA CVE-2020-5333 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an authorizati ...) NOT-FOR-US: RSA CVE-2020-5332 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command inje ...) NOT-FOR-US: RSA CVE-2020-5331 (RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information ...) NOT-FOR-US: RSA CVE-2020-5330 (Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell ...) NOT-FOR-US: EMC CVE-2020-5329 (Dell EMC Avamar Server contains an open redirect vulnerability. A remo ...) NOT-FOR-US: EMC CVE-2020-5328 (Dell EMC Isilon OneFS versions prior to 8.2.0 contain an unauthorized ...) NOT-FOR-US: EMC CVE-2020-5327 (Dell Security Management Server versions prior to 10.2.10 contain a Ja ...) NOT-FOR-US: Dell CVE-2020-5326 (Affected Dell Client platforms contain a BIOS Setup configuration auth ...) NOT-FOR-US: Dell CVE-2020-5325 RESERVED CVE-2020-5324 (Dell Client Consumer and Commercial Platforms contain an Arbitrary Fil ...) NOT-FOR-US: Dell CVE-2020-5323 (Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenMan ...) NOT-FOR-US: EMC CVE-2020-5322 (Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10. ...) NOT-FOR-US: EMC CVE-2020-5321 (Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenMan ...) NOT-FOR-US: EMC CVE-2020-5320 (Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenMan ...) NOT-FOR-US: EMC CVE-2020-5319 (Dell EMC Unity, Dell EMC Unity XT, and Dell EMC UnityVSA versions prio ...) NOT-FOR-US: EMC CVE-2020-5318 (Dell EMC Isilon OneFS versions 8.1.2, 8.1.0.4, 8.1.0.3, and 8.0.0.7 co ...) NOT-FOR-US: EMC CVE-2020-5317 (Dell EMC ECS versions prior to 3.4.0.1 contain an XSS vulnerability. A ...) NOT-FOR-US: EMC CVE-2020-5316 (Dell SupportAssist for Business PCs versions 2.0, 2.0.1, 2.0.2, 2.1, 2 ...) NOT-FOR-US: Dell CVE-2020-5315 (Dell EMC Repository Manager (DRM) version 3.2 contains a plain-text pa ...) NOT-FOR-US: EMC CVE-2020-5314 RESERVED CVE-2020-5313 (libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overfl ...) {DSA-4631-1 DLA-2057-1} - pillow 7.0.0-1 (bug #948224) NOTE: https://github.com/python-pillow/Pillow/commit/a09acd0decd8a87ccce939d5ff65dab59e7d365b (6.2.2) CVE-2020-5312 (libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer ...) {DSA-4631-1 DLA-2057-1} - pillow 7.0.0-1 (bug #948224) NOTE: https://github.com/python-pillow/Pillow/commit/93b22b846e0269ee9594ff71a72bec02d2bea8fd (6.2.2) CVE-2020-5311 (libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer ove ...) - pillow 7.0.0-1 (bug #948224) [buster] - pillow 5.4.1-2+deb10u1 [stretch] - pillow (Vulnerable code not present) [jessie] - pillow (The vulnerable code was introduced later) NOTE: https://github.com/python-pillow/Pillow/commit/a79b65c47c7dc6fe623aadf09aa6192fc54548f3 (6.2.2) CVE-2020-5310 (libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding int ...) - pillow 7.0.0-1 (bug #948224) [buster] - pillow (Vulnerability introduced later) [stretch] - pillow (Vulnerable code not present) [jessie] - pillow (The vulnerable code was introduced later) NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/f0436a4ddc954541fa10a531e2d9ea0c5ae2065d (5.3.0) NOTE: and https://github.com/python-pillow/Pillow/commit/e91b851fdc1c914419543f485bdbaa010790719f (6.0.0) NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/4e2def2539ec13e53a82e06c4b3daf00454100c4 (6.2.2) CVE-2020-5309 RESERVED CVE-2020-5308 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to XSS, ...) NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System CVE-2020-5307 (PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL ...) NOT-FOR-US: PHPGurukul Dairy Farm Shop Management System CVE-2020-5306 (Codoforum 4.8.3 allows XSS via a post using parameters display name, t ...) NOT-FOR-US: Codoforum CVE-2020-5305 (Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of ...) NOT-FOR-US: Codoforum CVE-2020-5304 (The dashboard in WhiteSource Application Vulnerability Management (AVM ...) NOT-FOR-US: WhiteSource Application Vulnerability Management (AVM) CVE-2020-5303 (Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-o ...) NOT-FOR-US: Tendermint CVE-2020-5302 (MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a b ...) NOT-FOR-US: MH-WikiBot CVE-2020-5301 (SimpleSAMLphp versions before 1.18.6 contain an information disclosure ...) - simplesamlphp (Windows-only issue) CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect ...) NOT-FOR-US: ORY Hydra CVE-2020-5299 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...) NOT-FOR-US: OctoberCMS CVE-2020-5298 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...) NOT-FOR-US: OctoberCMS CVE-2020-5297 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...) NOT-FOR-US: OctoberCMS CVE-2020-5296 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...) NOT-FOR-US: OctoberCMS CVE-2020-5295 (In OctoberCMS (october/october composer package) versions from 1.0.319 ...) NOT-FOR-US: OctoberCMS CVE-2020-5294 (PrestaShop module ps_facetedsearch versions before 2.1.0 has a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5293 (In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there are improper ...) NOT-FOR-US: PrestaShop CVE-2020-5292 (Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vuln ...) NOT-FOR-US: Leantime CVE-2020-5290 (In RedpwnCTF before version 2.3, there is a session fixation vulnerabi ...) NOT-FOR-US: RedpwnCTF CVE-2020-5289 (In Elide before 4.5.14, it is possible for an adversary to "guess and ...) NOT-FOR-US: Elide CVE-2020-5288 ("In PrestaShop between versions 1.7.0.0 and 1.7.6.5, there is improper ...) NOT-FOR-US: PrestaShop CVE-2020-5287 (In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is improper ...) NOT-FOR-US: PrestaShop CVE-2020-5286 (In PrestaShop between versions 1.7.4.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5285 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5284 (Next.js versions before 9.3.2 have a directory traversal vulnerability ...) NOT-FOR-US: next.js CVE-2020-5283 (ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS ...) - viewvc [buster] - viewvc (Minor issue) [stretch] - viewvc (Minor issue) [jessie] - viewvc (Minor issue) NOTE: https://github.com/viewvc/viewvc/security/advisories/GHSA-xpxf-fvqv-7mfg NOTE: https://github.com/viewvc/viewvc/commit/ad0f966e9a997b17d853a6972ea283d4dcd70fa8 NOTE: https://github.com/viewvc/viewvc/issues/211 CVE-2020-5282 (In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in ...) NOT-FOR-US: Nick Chan Bot CVE-2020-5281 (In Perun before version 3.9.1, VO or group manager can modify configur ...) NOT-FOR-US: Perun CVE-2020-5280 (http4s before versions 0.18.26, 0.20.20, and 0.21.2 has a local file i ...) NOT-FOR-US: http4s CVE-2020-5279 (In PrestaShop between versions 1.5.0.0 and 1.7.6.5, there are improper ...) NOT-FOR-US: PrestaShop CVE-2020-5278 (In PrestaShop between versions 1.5.4.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5277 (PrestaShop module ps_facetedsearch versions before 3.5.0 has a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5276 (In PrestaShop between versions 1.7.1.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5275 (In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Fire ...) - symfony 4.4.8-1 (bug #961415) [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5275-all-access-control-rules-are-required-when-a-firewall-uses-the-unanimous-strategy NOTE: https://github.com/symfony/symfony/commit/c935e4a3fba6cc2ab463a6ca382858068d63cebf CVE-2020-5274 (In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exc ...) - symfony 4.4.8-1 (bug #961415) [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5274-fix-exception-message-escaping-rendered-by-errorhandler NOTE: https://github.com/symfony/symfony/commit/cf80224589ac05402d4f72f5ddf80900ec94d5ad NOTE: https://github.com/symfony/symfony/commit/629d21b800a15dc649fb0ae9ed7cd9211e7e45db CVE-2020-5273 (In PrestaShop module ps_linklist versions before 3.1.0, there is a sto ...) NOT-FOR-US: PrestaShop CVE-2020-5272 (In PrestaShop between versions 1.5.5.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5271 (In PrestaShop between versions 1.6.0.0 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5270 (In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open r ...) NOT-FOR-US: PrestaShop CVE-2020-5269 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5268 (In Saml2 Authentication Services for ASP.NET versions before 1.0.2, an ...) NOT-FOR-US: Saml2 Authentication Services for ASP.NET CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...) {DLA-2149-1} - rails 2:5.2.4.1+dfsg-2 (bug #954304) [buster] - rails 2:5.2.2.1+dfsg-1+deb10u1 [stretch] - rails 2:4.2.7.1-1+deb9u2 NOTE: https://www.openwall.com/lists/oss-security/2020/03/19/1 NOTE: https://github.com/rails/rails/commit/033a738817abd6e446e1b320cb7d1a5c15224e9a (master) CVE-2020-5266 (In the ps_link module for PrestaShop before version 3.1.0, there is a ...) NOT-FOR-US: PrestaShop CVE-2020-5265 (In PrestaShop between versions 1.7.6.1 and 1.7.6.5, there is a reflect ...) NOT-FOR-US: PrestaShop CVE-2020-5264 (In PrestaShop before version 1.7.6.5, there is a reflected XSS while r ...) NOT-FOR-US: PrestaShop CVE-2020-5263 (auth0.js (NPM package auth0-js) greater than version 8.0.0 and before ...) NOT-FOR-US: Node auth0-js CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...) NOT-FOR-US: EasyBuild CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...) NOT-FOR-US: ASP.NET CVE-2020-5260 (Affected versions of Git have a vulnerability whereby Git can be trick ...) {DSA-4657-1 DLA-2177-1} - git 1:2.26.1-1 NOTE: https://lore.kernel.org/lkml/xmqqy2qy7xn8.fsf@gitster.c.googlers.com/ NOTE: Fixed by: https://git.kernel.org/pub/scm/git/git.git/commit/?id=9a6bbee8006c24b46a85d29e7b38cfa79e9ab21b NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=17f1c0b8c7e447aa62f85dc355bb48133d2812f2 NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=c716fe4bd917e013bf376a678b3a924447777b2d NOTE: Additional/nice-to-have: https://git.kernel.org/pub/scm/git/git.git/commit/?id=07259e74ec1237c836874342c65650bdee8a3993 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=2021 NOTE: https://github.com/git/git/security/advisories/GHSA-qm7j-c969-7j4q CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...) {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953587) [buster] - dojo 1.14.2+dfsg1-1+deb10u2 NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...) {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953585) [buster] - dojo 1.14.2+dfsg1-1+deb10u2 NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2 NOTE: https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d CVE-2020-5257 (In Administrate (rubygem) before version 0.13.0, when sorting by attri ...) NOT-FOR-US: Administrate ruby gem CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...) NOT-FOR-US: BookStack CVE-2020-5255 (In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not ...) - symfony 4.4.8-1 (bug #961415) [buster] - symfony (Introduced in 4.4.0) [stretch] - symfony (Introduced in 4.4.0) [jessie] - symfony (Introduced in 4.4.0) NOTE: https://symfony.com/blog/cve-2020-5255-prevent-cache-poisoning-via-a-response-content-type-header NOTE: https://github.com/symfony/symfony/commit/dca343442e6a954f96a2609e7b4e9c21ed6d74e6 CVE-2020-5254 (In NetHack before 3.6.6, some out-of-bound values for the hilite_statu ...) - nethack 3.6.6-1 (bug #953978) [buster] - nethack (Minor issue) [stretch] - nethack (Vulnerable code introduced in 3.6.1) [jessie] - nethack (Vulnerable code introduced in 3.6.1) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2ch6-6r8h-m2p9 NOTE: https://nethack.org/security/CVE-2020-5254.html NOTE: Fixed with: https://github.com/NetHack/NetHack/commit/abdd3254ae06dd1fbcff637c4c631783d5ed9741 (NetHack-3.6.6_Released) NOTE: Introduced with: https://github.com/NetHack/NetHack/commit/f8211f69f2008609b59fe4c9ba341ff1fa520825 (NetHack-3.6.1_RC01) CVE-2020-5253 (NetHack before version 3.6.0 allowed malicious use of escaping of char ...) - nethack 3.6.0-1 [jessie] - nethack (Not supported in jessie LTS) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-2c7p-3fj4-223m NOTE: https://github.com/NetHack/NetHack/commit/612755bfb5c412079795c68ba392df5d93874ed8 CVE-2020-5252 (The command-line "safety" package for Python has a potential security ...) NOT-FOR-US: safety Python module CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...) NOT-FOR-US: parser-server CVE-2020-5250 (In PrestaShop before version 1.7.6.4, when a customer edits their addr ...) NOT-FOR-US: PrestaShop CVE-2020-5249 (In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Pum ...) - puma 3.12.4-1 (bug #953122) [buster] - puma 3.12.0-2+deb10u2 [stretch] - puma (early_hint feature added in later version) NOTE: https://github.com/puma/puma/security/advisories/GHSA-33vf-4xgg-9r58 NOTE: https://github.com/puma/puma/commit/c22712fc93284a45a93f9ad7023888f3a65524f3 CVE-2020-5248 (GLPI before before version 9.4.6 has a vulnerability involving a defau ...) - glpi (unimportant) NOTE: Only supported behind an authenticated HTTP zone NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-j222-j9mf-h6j9 NOTE: https://github.com/glpi-project/glpi/commit/efd14468c92c4da43333aa9735e65fd20cbc7c6c CVE-2020-5247 (In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application us ...) - puma 3.12.4-1 (bug #952766) [buster] - puma 3.12.0-2+deb10u2 [stretch] - puma (intrusive to backport) NOTE: https://github.com/puma/puma/security/advisories/GHSA-84j7-475p-hp8v NOTE: https://github.com/puma/puma/commit/1b17e85a06183cd169b41ca719928c26d44a6e03 (3.12.3) NOTE: https://github.com/puma/puma/commit/694feafcd4fdcea786a0730701dad933f7547bea (4.3.2) CVE-2020-5246 (Traccar GPS Tracking System before version 4.9 has a LDAP injection vu ...) NOT-FOR-US: Traccar GPS Tracking System CVE-2020-5245 (Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary cod ...) NOT-FOR-US: Dropwizard-Validation CVE-2020-5244 (In BuddyPress before 5.1.2, requests to a certain REST API endpoint ca ...) NOT-FOR-US: BuddyPress CVE-2020-5243 (uap-core before 0.7.3 is vulnerable to a denial of service attack when ...) - uap-core 1:0.8.0-1 (bug #952649) [buster] - uap-core (Minor issue) NOTE: https://github.com/ua-parser/uap-core/security/advisories/GHSA-cmcx-xhr8-3w9p NOTE: https://github.com/ua-parser/uap-core/commit/a679b131697e7371f0441f4799940779efa2f27e NOTE: https://github.com/ua-parser/uap-core/commit/dd279cff09546dbd4174bd05d29c0e90c2cffa7c NOTE: https://github.com/ua-parser/uap-core/commit/7d92a383440c9742ec878273c90a4dcf8446f9af NOTE: https://github.com/ua-parser/uap-core/commit/e9a1c74dae9ecd4aa6385bd34ef6c7243f89b537 CVE-2020-5242 (openHAB before 2.5.2 allow a remote attacker to use REST calls to inst ...) NOT-FOR-US: openHAB CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...) NOT-FOR-US: matestack-ui-core Ruby gem CVE-2020-5240 (In wagtail-2fa before 1.4.1, any user with access to the CMS can view ...) NOT-FOR-US: wagtail-2fa CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...) NOT-FOR-US: Mailu CVE-2020-5238 (The table extension in GitHub Flavored Markdown before version 0.29.0. ...) - cmark-gfm (bug #965984) [bullseye] - cmark-gfm (Minor issue) [buster] - cmark-gfm (Minor issue) - python-cmarkgfm (bug #965983) [bullseye] - python-cmarkgfm (Minor issue) [buster] - python-cmarkgfm (Minor issue) - ruby-commonmarker 0.21.0-1 (bug #965981) [buster] - ruby-commonmarker (Minor issue) - haskell-cmark-gfm 0.2.1+ds1-1 (bug #965982) [buster] - haskell-cmark-gfm (Minor issue) - r-cran-commonmark (bug #965980) [bullseye] - r-cran-commonmark (Minor issue) [buster] - r-cran-commonmark (Minor issue) NOTE: https://github.com/github/cmark-gfm/security/advisories/GHSA-7gc6-9qr5-hc85 NOTE: https://github.com/github/cmark-gfm/commit/85d895289c5ab67f988ca659493a64abb5fec7b4 NOTE: haskell-cmark-gfm switched to src:cmark-gfm in 0.2.1+ds1-1, marking that as fixed (despite cmark-gfm not fixed yet) CVE-2020-5237 (Multiple relative path traversal vulnerabilities in the oneup/uploader ...) NOT-FOR-US: oneup/uploader-bundle CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...) - waitress (Vulnerable code introduced later) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc NOTE: Introduced in: https://github.com/Pylons/waitress/commit/0bf98dadd8cae23830cb365cc6cb9cedd7f98db0 (v1.4.2) NOTE: https://github.com/Pylons/waitress/commit/6e46f9e3f014d64dd7d1e258eaf626e39870ee1f (v1.4.3) CVE-2020-5235 (There is a potentially exploitable out of memory condition In Nanopb b ...) - nanopb (Fixed before initial upload to Debian) NOTE: https://github.com/nanopb/nanopb/security/advisories/GHSA-gcx3-7m76-287p NOTE: https://github.com/nanopb/nanopb/commit/45582f1f97f49e2abfdba1463d1e1027682d9856 NOTE: https://github.com/nanopb/nanopb/commit/7b396821ddd06df8e39143f16e1dc0a4645b89a3 NOTE: https://github.com/nanopb/nanopb/commit/aa9d0d1ca78d6adec3adfeecf3a706c7f9df81f2 CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vu ...) NOT-FOR-US: MessagePack for C# CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...) - oauth2-proxy (bug #982891) CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...) NOT-FOR-US: Ethereum CVE-2020-5231 (In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN ...) NOT-FOR-US: Opencast CVE-2020-5230 (Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for me ...) NOT-FOR-US: Opencast CVE-2020-5229 (Opencast before 8.1 stores passwords using the rather outdated and cry ...) NOT-FOR-US: Opencast CVE-2020-5228 (Opencast before 8.1 and 7.6 allows unauthorized public access to all m ...) NOT-FOR-US: Opencast CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of ...) NOT-FOR-US: Feedgen CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...) - simplesamlphp 1.18.4-1 [buster] - simplesamlphp (Vulnerable code introduced later) [stretch] - simplesamlphp (Vulnerable code introduced later) [jessie] - simplesamlphp (Vulnerable code introduced later) NOTE: https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-mj9p-v2r8-wf8w NOTE: https://simplesamlphp.org/security/202001-01 CVE-2020-5225 (Log injection in SimpleSAMLphp before version 1.18.4. The www/errorepo ...) - simplesamlphp 1.18.4-1 (low) [buster] - simplesamlphp (Minor issue) [stretch] - simplesamlphp (Minor issue) [jessie] - simplesamlphp (Minor issue) NOTE: https://github.com/simplesamlphp/simplesamlphp/security/advisories/GHSA-6gc6-m364-85ww NOTE: https://simplesamlphp.org/security/202001-02 CVE-2020-5224 (In Django User Sessions (django-user-sessions) before 1.7.1, the views ...) NOT-FOR-US: Django User Sessions (django-user-sessions) CVE-2020-5223 (In PrivateBin versions 1.2.0 before 1.2.2, and 1.3.0 before 1.3.2, a p ...) NOT-FOR-US: PrivateBin CVE-2020-5222 (Opencast before 7.6 and 8.1 enables a remember-me cookie based on a ha ...) NOT-FOR-US: Opencast CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...) NOT-FOR-US: uftpd CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups to be ...) NOT-FOR-US: Sylius CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...) NOT-FOR-US: Angular Expressions CVE-2020-5218 (Affected versions of Sylius give attackers the ability to switch chann ...) NOT-FOR-US: Sylius CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) - ruby-secure-headers 6.3.1-1 (bug #949999) [buster] - ruby-secure-headers (Minor issue) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c NOTE: https://github.com/twitter/secure_headers/commit/936a160e3e9659737a9f9eafce13eea36b5c9fa3 NOTE: https://github.com/twitter/secure_headers/issues/418 NOTE: https://github.com/twitter/secure_headers/pull/421 CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) - ruby-secure-headers 6.3.1-1 (bug #949998) [buster] - ruby-secure-headers (Minor issue) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg NOTE: https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0 CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...) - tensorflow (bug #804612) CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-p8fw-rq89-xqx6 NOTE: Negligible security impact CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-rr25-4v34-pr7v NOTE: Negligible security impact CVE-2020-5212 (In NetHack before 3.6.5, an extremely long value for the MENUCOLOR con ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-g89f-m829-4m56 NOTE: Negligible security impact CVE-2020-5211 (In NetHack before 3.6.5, an invalid extended command in value for the ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-r788-4jf4-r9f7 NOTE: Negligible security impact CVE-2020-5210 (In NetHack before 3.6.5, an invalid argument to the -w command line op ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-v5pg-hpjg-9rpp NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 NOTE: Negligible security impact CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i can ...) - nethack 3.6.6-1 (unimportant) NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8 NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 NOTE: Negligible security impact CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 negl ...) {DLA-2699-1 DLA-2098-1} - ipmitool 1.8.18-10.1 (bug #950761) [buster] - ipmitool 1.8.18-6+deb10u1 NOTE: https://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp NOTE: https://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2 NOTE: https://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10 NOTE: https://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22 NOTE: https://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4 NOTE: https://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10 NOTE: https://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637 CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...) NOT-FOR-US: Ktor CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with an arb ...) NOT-FOR-US: Opencast CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...) NOT-FOR-US: Pow CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...) NOT-FOR-US: uftpd CVE-2020-5203 (In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code exec ...) NOT-FOR-US: Fat-Free Framework CVE-2020-5202 (apt-cacher-ng through 3.3 allows local users to obtain sensitive infor ...) - apt-cacher-ng 3.3.1-1 [buster] - apt-cacher-ng 3.2.1-1 [stretch] - apt-cacher-ng (Minor issue) [jessie] - apt-cacher-ng (Minor issue) NOTE: https://salsa.debian.org/blade/apt-cacher-ng/commit/3b91874b0c099b0ded1a94f1784fe1265082efbc CVE-2020-5201 RESERVED CVE-2020-5200 RESERVED CVE-2020-5199 RESERVED CVE-2020-5198 RESERVED CVE-2020-5197 (An issue was discovered in GitLab Community Edition (CE) and Enterpris ...) [experimental] - gitlab 12.6.2-1 - gitlab 12.6.8-3 NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2020-5196 (Cerberus FTP Server Enterprise Edition prior to versions 11.0.3 and 10 ...) NOT-FOR-US: Cerberus FTP Server Enterprise Edition CVE-2020-5195 (Reflected XSS through an IMG element in Cerberus FTP Server prior to v ...) NOT-FOR-US: Cerberus FTP Server CVE-2020-5194 (The zip API endpoint in Cerberus FTP Server 8 allows an authenticated ...) NOT-FOR-US: Cerberus FTP Server CVE-2020-5193 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5192 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5191 (PHPGurukul Hospital Management System in PHP v4.0 suffers from multipl ...) NOT-FOR-US: PHPGurukul Hospital Management System CVE-2020-5190 RESERVED CVE-2020-5189 RESERVED CVE-2020-5188 (DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. ...) NOT-FOR-US: DNN CVE-2020-5187 (DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 ...) NOT-FOR-US: DNN CVE-2020-5186 (DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). ...) NOT-FOR-US: DNN CVE-2020-5185 RESERVED CVE-2020-5184 RESERVED CVE-2020-5183 (FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption ...) NOT-FOR-US: FTPGetter Professional CVE-2020-5182 (The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reve ...) NOT-FOR-US: J-BusinessDirectory extension for Joomla! CVE-2020-5181 RESERVED CVE-2020-5180 (Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to se ...) NOT-FOR-US: Viscosity on Widnows and macOS CVE-2020-5179 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) NOT-FOR-US: Comtech Stampede FX-1010 7.4.3 devices CVE-2020-5178 RESERVED CVE-2020-5177 RESERVED CVE-2020-5176 RESERVED CVE-2020-5175 RESERVED CVE-2020-5174 RESERVED CVE-2020-5173 RESERVED CVE-2020-5172 RESERVED CVE-2020-5171 RESERVED CVE-2020-5170 RESERVED CVE-2020-5169 RESERVED CVE-2020-5168 RESERVED CVE-2020-5167 RESERVED CVE-2020-5166 RESERVED CVE-2020-5165 RESERVED CVE-2020-5164 RESERVED CVE-2020-5163 RESERVED CVE-2020-5162 RESERVED CVE-2020-5161 RESERVED CVE-2020-5160 RESERVED CVE-2020-5159 RESERVED CVE-2020-5158 RESERVED CVE-2020-5157 RESERVED CVE-2020-5156 RESERVED CVE-2020-5155 RESERVED CVE-2020-5154 RESERVED CVE-2020-5153 RESERVED CVE-2020-5152 RESERVED CVE-2020-5151 RESERVED CVE-2020-5150 RESERVED CVE-2020-5149 RESERVED CVE-2020-5148 (SonicWall SSO-agent default configuration uses NetAPI to probe the ass ...) NOT-FOR-US: SonicWall CVE-2020-5147 (SonicWall NetExtender Windows client vulnerable to unquoted service pa ...) NOT-FOR-US: SonicWall CVE-2020-5146 (A vulnerability in SonicWall SMA100 appliance allow an authenticated m ...) NOT-FOR-US: SonicWall CVE-2020-5145 (SonicWall Global VPN client version 4.10.4.0314 and earlier have an in ...) NOT-FOR-US: SonicWall CVE-2020-5144 (SonicWall Global VPN client version 4.10.4.0314 and earlier allows unp ...) NOT-FOR-US: SonicWall CVE-2020-5143 (SonicOS SSLVPN login page allows a remote unauthenticated attacker to ...) NOT-FOR-US: SonicOS SSLVPN CVE-2020-5142 (A stored cross-site scripting (XSS) vulnerability exists in the SonicO ...) NOT-FOR-US: SonicOS SSLVPN CVE-2020-5141 (A vulnerability in SonicOS allows a remote unauthenticated attacker to ...) NOT-FOR-US: SonicOS CVE-2020-5140 (A vulnerability in SonicOS allows a remote unauthenticated attacker to ...) NOT-FOR-US: SonicOS CVE-2020-5139 (A vulnerability in SonicOS SSLVPN service allows a remote unauthentica ...) NOT-FOR-US: SonicOS CVE-2020-5138 (A Heap Overflow vulnerability in the SonicOS allows a remote unauthent ...) NOT-FOR-US: SonicOS CVE-2020-5137 (A buffer overflow vulnerability in SonicOS allows a remote unauthentic ...) NOT-FOR-US: SonicOS CVE-2020-5136 (A buffer overflow vulnerability in SonicOS allows an authenticated att ...) NOT-FOR-US: SonicOS CVE-2020-5135 (A buffer overflow vulnerability in SonicOS allows a remote attacker to ...) NOT-FOR-US: SonicOS CVE-2020-5134 (A vulnerability in SonicOS allows an authenticated attacker to cause o ...) NOT-FOR-US: SonicOS CVE-2020-5133 (A vulnerability in SonicOS allows a remote unauthenticated attacker to ...) NOT-FOR-US: SonicOS CVE-2020-5132 (SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misc ...) NOT-FOR-US: SonicWall CVE-2020-5131 (SonicWall NetExtender Windows client vulnerable to arbitrary file writ ...) NOT-FOR-US: SonicWall NetExtender Windows client CVE-2020-5130 (SonicOS SSLVPN LDAP login request allows remote attackers to cause ext ...) NOT-FOR-US: SonicOS SSLVPN / SonicWall CVE-2020-5129 (A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows a ...) NOT-FOR-US: SonicWall CVE-2020-5128 REJECTED CVE-2020-5127 REJECTED CVE-2020-5126 REJECTED CVE-2020-5125 REJECTED CVE-2020-5124 REJECTED CVE-2020-5123 REJECTED CVE-2020-5122 REJECTED CVE-2020-5121 REJECTED CVE-2020-5120 REJECTED CVE-2020-5119 REJECTED CVE-2020-5118 REJECTED CVE-2020-5117 REJECTED CVE-2020-5116 REJECTED CVE-2020-5115 REJECTED CVE-2020-5114 REJECTED CVE-2020-5113 REJECTED CVE-2020-5112 REJECTED CVE-2020-5111 REJECTED CVE-2020-5110 REJECTED CVE-2020-5109 REJECTED CVE-2020-5108 REJECTED CVE-2020-5107 REJECTED CVE-2020-5106 REJECTED CVE-2020-5105 REJECTED CVE-2020-5104 REJECTED CVE-2020-5103 REJECTED CVE-2020-5102 REJECTED CVE-2020-5101 REJECTED CVE-2020-5100 REJECTED CVE-2020-5099 REJECTED CVE-2020-5098 REJECTED CVE-2020-5097 REJECTED CVE-2020-5096 REJECTED CVE-2020-5095 REJECTED CVE-2020-5094 REJECTED CVE-2020-5093 REJECTED CVE-2020-5092 REJECTED CVE-2020-5091 REJECTED CVE-2020-5090 REJECTED CVE-2020-5089 REJECTED CVE-2020-5088 REJECTED CVE-2020-5087 REJECTED CVE-2020-5086 REJECTED CVE-2020-5085 REJECTED CVE-2020-5084 REJECTED CVE-2020-5083 REJECTED CVE-2020-5082 REJECTED CVE-2020-5081 REJECTED CVE-2020-5080 REJECTED CVE-2020-5079 REJECTED CVE-2020-5078 REJECTED CVE-2020-5077 REJECTED CVE-2020-5076 REJECTED CVE-2020-5075 REJECTED CVE-2020-5074 REJECTED CVE-2020-5073 REJECTED CVE-2020-5072 REJECTED CVE-2020-5071 REJECTED CVE-2020-5070 REJECTED CVE-2020-5069 REJECTED CVE-2020-5068 REJECTED CVE-2020-5067 REJECTED CVE-2020-5066 REJECTED CVE-2020-5065 REJECTED CVE-2020-5064 REJECTED CVE-2020-5063 REJECTED CVE-2020-5062 REJECTED CVE-2020-5061 REJECTED CVE-2020-5060 REJECTED CVE-2020-5059 REJECTED CVE-2020-5058 REJECTED CVE-2020-5057 REJECTED CVE-2020-5056 REJECTED CVE-2020-5055 REJECTED CVE-2020-5054 REJECTED CVE-2020-5053 REJECTED CVE-2020-5052 REJECTED CVE-2020-5051 REJECTED CVE-2020-5050 REJECTED CVE-2020-5049 REJECTED CVE-2020-5048 REJECTED CVE-2020-5047 REJECTED CVE-2020-5046 REJECTED CVE-2020-5045 REJECTED CVE-2020-5044 REJECTED CVE-2020-5043 REJECTED CVE-2020-5042 REJECTED CVE-2020-5041 REJECTED CVE-2020-5040 REJECTED CVE-2020-5039 REJECTED CVE-2020-5038 REJECTED CVE-2020-5037 REJECTED CVE-2020-5036 REJECTED CVE-2020-5035 RESERVED CVE-2020-5034 RESERVED CVE-2020-5033 RESERVED CVE-2020-5032 (IBM QRadar SIEM 7.3 and 7.4 in some configurations may be vulnerable t ...) NOT-FOR-US: IBM CVE-2020-5031 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2020-5030 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2020-5029 RESERVED CVE-2020-5028 RESERVED CVE-2020-5027 RESERVED CVE-2020-5026 RESERVED CVE-2020-5025 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-5024 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-5023 (IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote u ...) NOT-FOR-US: IBM CVE-2020-5022 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow unauthentica ...) NOT-FOR-US: IBM CVE-2020-5021 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 does not invalidate se ...) NOT-FOR-US: IBM CVE-2020-5020 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-5019 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 is vulnerable to HTTP ...) NOT-FOR-US: IBM CVE-2020-5018 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive ...) NOT-FOR-US: IBM CVE-2020-5017 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user ...) NOT-FOR-US: IBM CVE-2020-5016 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2020-5015 (IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Stora ...) NOT-FOR-US: IBM CVE-2020-5014 (IBM DataPower Gateway V10 and V2018 could allow a local attacker with ...) NOT-FOR-US: IBM CVE-2020-5013 (IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity In ...) NOT-FOR-US: IBM CVE-2020-5012 RESERVED CVE-2020-5011 RESERVED CVE-2020-5010 RESERVED CVE-2020-5009 RESERVED CVE-2020-5008 (IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through ...) NOT-FOR-US: IBM CVE-2020-5007 RESERVED CVE-2020-5006 RESERVED CVE-2020-5005 RESERVED CVE-2020-5004 (IBM Jazz Foundation products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2020-5003 (IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML Extern ...) NOT-FOR-US: IBM CVE-2020-5002 RESERVED CVE-2020-5001 RESERVED CVE-2020-5000 (IBM Financial Transaction Manager 3.0.2 and 3.2.4 is vulnerable to cro ...) NOT-FOR-US: IBM CVE-2020-4999 RESERVED CVE-2020-4998 RESERVED CVE-2020-4997 (IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scr ...) NOT-FOR-US: IBM CVE-2020-4996 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) NOT-FOR-US: IBM CVE-2020-4995 (IBM Security Identity Governance and Intelligence 5.2.6 does not inval ...) NOT-FOR-US: IBM CVE-2020-4994 RESERVED CVE-2020-4993 (IBM QRadar SIEM 7.3 and 7.4 when decompressing or verifying signature ...) NOT-FOR-US: IBM CVE-2020-4992 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.16 is vulnerable to ...) NOT-FOR-US: IBM CVE-2020-4991 RESERVED CVE-2020-4990 (IBM Security Guardium 11.2 is vulnerable to SQL injection. A remote at ...) NOT-FOR-US: IBM CVE-2020-4989 RESERVED CVE-2020-4988 (Loopback 8.0.0 contains a vulnerability that could allow an attacker t ...) NOT-FOR-US: IBM CVE-2020-4987 (The IBM FlashSystem 900 user management GUI is vulnerable to stored cr ...) NOT-FOR-US: IBM CVE-2020-4986 RESERVED CVE-2020-4985 (IBM Planning Analytics Local 2.0 could allow an attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2020-4984 RESERVED CVE-2020-4983 (IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a us ...) NOT-FOR-US: IBM CVE-2020-4982 RESERVED CVE-2020-4981 (IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privile ...) NOT-FOR-US: IBM CVE-2020-4980 (IBM QRadar SIEM 7.3 and 7.4 uses less secure methods for protecting da ...) NOT-FOR-US: IBM CVE-2020-4979 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to insecure inter-deployment ...) NOT-FOR-US: IBM CVE-2020-4978 RESERVED CVE-2020-4977 (IBM Engineering Lifecycle Optimization - Publishing is vulnerable to s ...) NOT-FOR-US: IBM CVE-2020-4976 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4975 (IBM Engineering products are vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2020-4974 (IBM Jazz Foundation products are vulnerable to server side request for ...) NOT-FOR-US: IBM CVE-2020-4973 RESERVED CVE-2020-4972 RESERVED CVE-2020-4971 RESERVED CVE-2020-4970 RESERVED CVE-2020-4969 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) NOT-FOR-US: IBM CVE-2020-4968 (IBM Security Identity Governance and Intelligence 5.2.6 uses weaker th ...) NOT-FOR-US: IBM CVE-2020-4967 (IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive inf ...) NOT-FOR-US: IBM CVE-2020-4966 (IBM Security Identity Governance and Intelligence 5.2.6 does not set t ...) NOT-FOR-US: IBM CVE-2020-4965 (IBM Jazz Team Server products use weaker than expected cryptographic a ...) NOT-FOR-US: IBM CVE-2020-4964 (IBM Jazz Team Server products contain an undisclosed vulnerability tha ...) NOT-FOR-US: IBM CVE-2020-4963 RESERVED CVE-2020-4962 RESERVED CVE-2020-4961 RESERVED CVE-2020-4960 RESERVED CVE-2020-4959 RESERVED CVE-2020-4958 (IBM Security Identity Governance and Intelligence 5.2.6 does not perfo ...) NOT-FOR-US: IBM CVE-2020-4957 RESERVED CVE-2020-4956 (IBM Spectrum Protect Operations Center 7.1 and 8.1 is vulnerable to a ...) NOT-FOR-US: IBM CVE-2020-4955 (IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a remote ...) NOT-FOR-US: IBM CVE-2020-4954 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...) NOT-FOR-US: IBM CVE-2020-4953 (IBM Planning Analytics 2.0 could allow a remote authenticated attacker ...) NOT-FOR-US: IBM CVE-2020-4952 (IBM Security Guardium 11.2 could allow an authenticated user to gain r ...) NOT-FOR-US: IBM CVE-2020-4951 (IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser ...) NOT-FOR-US: IBM CVE-2020-4950 RESERVED CVE-2020-4949 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2020-4948 RESERVED CVE-2020-4947 RESERVED CVE-2020-4946 RESERVED CVE-2020-4945 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2020-4944 (IBM UrbanCode Deploy (UCD) 7.0.3.0, 7.0.4.0, 7.0.5.3, 7.0.5.4, 7.1.0.0 ...) NOT-FOR-US: IBM CVE-2020-4943 RESERVED CVE-2020-4942 (IBM Curam Social Program Management 7.0.9 and 7.0.11 is vulnerable to ...) NOT-FOR-US: IBM CVE-2020-4941 (IBM Edge 4.2 could reveal sensitive version information about the serv ...) NOT-FOR-US: IBM CVE-2020-4940 RESERVED CVE-2020-4939 RESERVED CVE-2020-4938 (IBM MQ Appliance 9.1 and 9.2 is vulnerable to cross-site request forge ...) NOT-FOR-US: IBM CVE-2020-4937 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 u ...) NOT-FOR-US: IBM CVE-2020-4936 RESERVED CVE-2020-4935 (IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerab ...) NOT-FOR-US: IBM CVE-2020-4934 (IBM Content Navigator 3.0.CD could allow a remote attacker to traverse ...) NOT-FOR-US: IBM CVE-2020-4933 (IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerabl ...) NOT-FOR-US: IBM CVE-2020-4932 (IBM QRadar SIEM 7.3 and 7.4 contains hard-coded credentials, such as a ...) NOT-FOR-US: IBM CVE-2020-4931 (IBM MQ 9.1 LTS, 9.2 LTS, and 9.1 CD AMQP Channels could allow an authe ...) NOT-FOR-US: IBM CVE-2020-4930 RESERVED CVE-2020-4929 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2020-4928 (IBM Cloud Pak System 2.3 could allow a local privileged attacker to up ...) NOT-FOR-US: IBM CVE-2020-4927 RESERVED CVE-2020-4926 RESERVED CVE-2020-4925 RESERVED CVE-2020-4924 RESERVED CVE-2020-4923 RESERVED CVE-2020-4922 RESERVED CVE-2020-4921 (IBM Security Guardium 10.6 and 11.2 is vulnerable to SQL injection. A ...) NOT-FOR-US: IBM CVE-2020-4920 (IBM Jazz Team Server products are vulnerable to stored cross-site scri ...) NOT-FOR-US: IBM CVE-2020-4919 (IBM Cloud Pak System 2.3 has insufficient logout controls which could ...) NOT-FOR-US: IBM CVE-2020-4918 (IBM Cloud Pak System 2.3 could allow l local privileged user to disclo ...) NOT-FOR-US: IBM CVE-2020-4917 (IBM Cloud Pak System 2.3 is vulnerable to cross-site request forgery w ...) NOT-FOR-US: IBM CVE-2020-4916 (IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This v ...) NOT-FOR-US: IBM CVE-2020-4915 RESERVED CVE-2020-4914 RESERVED CVE-2020-4913 (IBM Cloud Pak System 2.3 could reveal credential information in the HT ...) NOT-FOR-US: IBM CVE-2020-4912 (IBM Cloud Pak System 2.3 Self Service Console could allow a privilege ...) NOT-FOR-US: IBM CVE-2020-4911 RESERVED CVE-2020-4910 (IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This v ...) NOT-FOR-US: IBM CVE-2020-4909 (IBM Cloud Pak System 2.3 is vulnerable to cross-site scripting. This v ...) NOT-FOR-US: IBM CVE-2020-4908 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...) NOT-FOR-US: IBM CVE-2020-4907 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...) NOT-FOR-US: IBM CVE-2020-4906 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...) NOT-FOR-US: IBM CVE-2020-4905 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...) NOT-FOR-US: IBM CVE-2020-4904 (IBM Financial Transaction Manager for SWIFT Services for Multiplatform ...) NOT-FOR-US: IBM CVE-2020-4903 (IBM API Connect V10 and V2018 could allow an attacker who has intercep ...) NOT-FOR-US: IBM CVE-2020-4902 (IBM Datacap Taskmaster Capture (IBM Datacap Navigator 9.1.7) is vulner ...) NOT-FOR-US: IBM CVE-2020-4901 (IBM Robotic Process Automation with Automation Anywhere 11.0 could all ...) NOT-FOR-US: IBM CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive ...) NOT-FOR-US: IBM CVE-2020-4899 (IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensit ...) NOT-FOR-US: IBM CVE-2020-4898 (IBM Emptoris Strategic Supply Management 10.1.3 uses weaker than expec ...) NOT-FOR-US: IBM CVE-2020-4897 (IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1. ...) NOT-FOR-US: IBM CVE-2020-4896 (IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web ...) NOT-FOR-US: IBM CVE-2020-4895 (IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 is ...) NOT-FOR-US: IBM CVE-2020-4894 RESERVED CVE-2020-4893 (IBM Emptoris Strategic Supply Management 10.1.0, 10.1.1, and 10.1.3 tr ...) NOT-FOR-US: IBM CVE-2020-4892 (IBM Emptoris Contract Management 10.1.3 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2020-4891 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 use ...) NOT-FOR-US: IBM CVE-2020-4890 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 cou ...) NOT-FOR-US: IBM CVE-2020-4889 (IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local ...) NOT-FOR-US: IBM CVE-2020-4888 (IBM QRadar SIEM 7.4.0 to 7.4.2 Patch 1 and 7.3.0 to 7.3.3 Patch 7 coul ...) NOT-FOR-US: IBM CVE-2020-4887 (IBM AIX 7.1, 7.2 and AIX VIOS 3.1 could allow a local user to exploit ...) NOT-FOR-US: IBM CVE-2020-4886 (IBM InfoSphere Information Server 11.7 stores sensitive information in ...) NOT-FOR-US: IBM CVE-2020-4885 (IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2020-4884 (IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 stores user c ...) NOT-FOR-US: IBM CVE-2020-4883 (IBM QRadar SIEM 7.3 and 7.4 could disclose sensitive information about ...) NOT-FOR-US: IBM CVE-2020-4882 (IBM Planning Analytics 2.0 could be vulnerable to a Server-Side Reques ...) NOT-FOR-US: IBM CVE-2020-4881 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2020-4880 RESERVED CVE-2020-4879 RESERVED CVE-2020-4878 RESERVED CVE-2020-4877 RESERVED CVE-2020-4876 RESERVED CVE-2020-4875 RESERVED CVE-2020-4874 RESERVED CVE-2020-4873 (IBM Planning Analytics 2.0 could allow an attacker to obtain sensitive ...) NOT-FOR-US: IBM CVE-2020-4872 RESERVED CVE-2020-4871 (IBM Planning Analytics 2.0 allows web pages to be stored locally which ...) NOT-FOR-US: IBM CVE-2020-4870 (IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack cau ...) NOT-FOR-US: IBM CVE-2020-4869 (IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of servi ...) NOT-FOR-US: IBM CVE-2020-4868 RESERVED CVE-2020-4867 RESERVED CVE-2020-4866 (IBM Engineering products are vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2020-4865 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2020-4864 (IBM Resilient SOAR V38.0 could allow an attacker on the internal net w ...) NOT-FOR-US: IBM CVE-2020-4863 (IBM Engineering products are vulnerable to stored cross-site scripting ...) NOT-FOR-US: IBM CVE-2020-4862 RESERVED CVE-2020-4861 RESERVED CVE-2020-4860 RESERVED CVE-2020-4859 RESERVED CVE-2020-4858 RESERVED CVE-2020-4857 (IBM Engineering products are vulnerable to stored cross-site scripting ...) NOT-FOR-US: IBM CVE-2020-4856 (IBM Engineering products are vulnerable to stored cross-site scripting ...) NOT-FOR-US: IBM CVE-2020-4855 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2020-4854 (IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded cr ...) NOT-FOR-US: IBM CVE-2020-4853 RESERVED CVE-2020-4852 RESERVED CVE-2020-4851 (IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 cou ...) NOT-FOR-US: IBM CVE-2020-4850 (IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering c ...) NOT-FOR-US: IBM CVE-2020-4849 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could ...) NOT-FOR-US: IBM CVE-2020-4848 (IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow a ...) NOT-FOR-US: IBM CVE-2020-4847 RESERVED CVE-2020-4846 (IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote ...) NOT-FOR-US: IBM CVE-2020-4845 (IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2020-4844 RESERVED CVE-2020-4843 (IBM Security Secret Server 10.6 stores potentially sensitive informati ...) NOT-FOR-US: IBM CVE-2020-4842 (IBM Security Secret Server 10.6 could allow a remote attacker to obtai ...) NOT-FOR-US: IBM CVE-2020-4841 (IBM Security Secret Server 10.6 could allow a remote attacker to obtai ...) NOT-FOR-US: IBM CVE-2020-4840 (IBM Security Secret Server 10.6 could allow a remote attacker to condu ...) NOT-FOR-US: IBM CVE-2020-4839 (IBM Host firmware for LC-class Systems is vulnerable to a stack based ...) NOT-FOR-US: IBM CVE-2020-4838 (IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to stored cross ...) NOT-FOR-US: IBM CVE-2020-4837 RESERVED CVE-2020-4836 RESERVED CVE-2020-4835 RESERVED CVE-2020-4834 RESERVED CVE-2020-4833 RESERVED CVE-2020-4832 (IBM PowerHA 7.2 could allow a local attacker to obtain sensitive infor ...) NOT-FOR-US: IBM CVE-2020-4831 (IBM DataPower Gateway 10.0.0.0 through 10.0.1.0 uses weaker than expec ...) NOT-FOR-US: IBM CVE-2020-4830 RESERVED CVE-2020-4829 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...) NOT-FOR-US: IBM CVE-2020-4828 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...) NOT-FOR-US: IBM CVE-2020-4827 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...) NOT-FOR-US: IBM CVE-2020-4826 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...) NOT-FOR-US: IBM CVE-2020-4825 (IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 through 2018. ...) NOT-FOR-US: IBM CVE-2020-4824 RESERVED CVE-2020-4823 RESERVED CVE-2020-4822 RESERVED CVE-2020-4821 (IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Ca ...) NOT-FOR-US: IBM CVE-2020-4820 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2020-4819 RESERVED CVE-2020-4818 RESERVED CVE-2020-4817 RESERVED CVE-2020-4816 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4815 (IBM Cloud Pak for Security (CP4S) 1.4.0.0 could allow a remote user to ...) NOT-FOR-US: IBM CVE-2020-4814 RESERVED CVE-2020-4813 RESERVED CVE-2020-4812 RESERVED CVE-2020-4811 (IBM Cloud Pak for Security (CP4S) 1.4.0.0, 1.5.0.0, 1.5.0.1, 1.6.0.0, ...) NOT-FOR-US: IBM CVE-2020-4810 RESERVED CVE-2020-4809 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...) NOT-FOR-US: IBM CVE-2020-4808 RESERVED CVE-2020-4807 RESERVED CVE-2020-4806 RESERVED CVE-2020-4805 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...) NOT-FOR-US: IBM CVE-2020-4804 RESERVED CVE-2020-4803 (IBM Edge 4.2 allows web pages to be stored locally which can be read b ...) NOT-FOR-US: IBM CVE-2020-4802 RESERVED CVE-2020-4801 RESERVED CVE-2020-4800 RESERVED CVE-2020-4799 (IBM Informix spatial 14.10 could allow a local user to execute command ...) NOT-FOR-US: IBM CVE-2020-4798 RESERVED CVE-2020-4797 RESERVED CVE-2020-4796 RESERVED CVE-2020-4795 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...) NOT-FOR-US: IBM CVE-2020-4794 (IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Busines ...) NOT-FOR-US: IBM CVE-2020-4793 RESERVED CVE-2020-4792 (IBM Edge 4.2 is vulnerable to cross-site scripting. This vulnerability ...) NOT-FOR-US: IBM CVE-2020-4791 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...) NOT-FOR-US: IBM CVE-2020-4790 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) NOT-FOR-US: IBM CVE-2020-4789 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...) NOT-FOR-US: IBM CVE-2020-4788 (IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local ...) {DLA-2483-1} - linux 5.9.11-1 [buster] - linux 4.19.160-1 [stretch] - linux (powerpc architectures not included in LTS) CVE-2020-4787 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...) NOT-FOR-US: IBM CVE-2020-4786 (IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and ...) NOT-FOR-US: IBM CVE-2020-4785 (IBM App Connect Enterprise Certified Container 1.0.0, 1.0.1, 1.0.2, 1. ...) NOT-FOR-US: IBM CVE-2020-4784 RESERVED CVE-2020-4783 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4782 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2020-4781 (An improper input validation before calling java readLine() method may ...) NOT-FOR-US: IBM CVE-2020-4780 (OOTB build scripts does not set the secure attribute on session cookie ...) NOT-FOR-US: IBM CVE-2020-4779 (A HTTP Verb Tampering vulnerability may impact IBM Curam Social Progra ...) NOT-FOR-US: IBM CVE-2020-4778 (IBM Curam Social Program Management 7.0.9 and 7.0.10 uses MD5 algorith ...) NOT-FOR-US: IBM CVE-2020-4777 RESERVED CVE-2020-4776 (A path traversal vulnerability may impact IBM Curam Social Program Man ...) NOT-FOR-US: IBM CVE-2020-4775 (A cross-site scripting (XSS) vulnerability may impact IBM Curam Social ...) NOT-FOR-US: IBM CVE-2020-4774 (An XPath vulnerability may impact IBM Curam Social Program Management ...) NOT-FOR-US: IBM CVE-2020-4773 (A cross-site request forgery (CSRF) vulnerability may impact IBM Curam ...) NOT-FOR-US: IBM CVE-2020-4772 (An XML External Entity Injection (XXE) vulnerability may impact IBM Cu ...) NOT-FOR-US: IBM CVE-2020-4771 (IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7. ...) NOT-FOR-US: IBM CVE-2020-4770 RESERVED CVE-2020-4769 RESERVED CVE-2020-4768 (IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0 ...) NOT-FOR-US: IBM CVE-2020-4767 (IBM Sterling Connect Direct for Microsoft Windows 4.7, 4.8, 6.0, and 6 ...) NOT-FOR-US: IBM CVE-2020-4766 (IBM MQ Internet Pass-Thru 2.1 and 9.2 could allow a remote user to cau ...) NOT-FOR-US: IBM CVE-2020-4765 (IBM Cloud Pak for Multicloud Management prior to 2.3 allows web pages ...) NOT-FOR-US: IBM CVE-2020-4764 (IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery ...) NOT-FOR-US: IBM CVE-2020-4763 (IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through ...) NOT-FOR-US: IBM CVE-2020-4762 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2 ...) NOT-FOR-US: IBM CVE-2020-4761 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2 ...) NOT-FOR-US: IBM CVE-2020-4760 (IBM Content Navigator 3.0CD is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2020-4759 (IBM FileNet Content Manager 5.5.4 and 5.5.5 is potentially vulnerable ...) NOT-FOR-US: IBM CVE-2020-4758 RESERVED CVE-2020-4757 (IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulner ...) NOT-FOR-US: IBM CVE-2020-4756 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5. ...) NOT-FOR-US: IBM CVE-2020-4755 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4754 RESERVED CVE-2020-4753 RESERVED CVE-2020-4752 RESERVED CVE-2020-4751 RESERVED CVE-2020-4750 RESERVED CVE-2020-4749 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attri ...) NOT-FOR-US: IBM CVE-2020-4748 (IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4747 (IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a ...) NOT-FOR-US: IBM CVE-2020-4746 RESERVED CVE-2020-4745 RESERVED CVE-2020-4744 RESERVED CVE-2020-4743 RESERVED CVE-2020-4742 RESERVED CVE-2020-4741 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to store ...) NOT-FOR-US: IBM CVE-2020-4740 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML ...) NOT-FOR-US: IBM CVE-2020-4739 (IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, ...) NOT-FOR-US: IBM CVE-2020-4738 RESERVED CVE-2020-4737 RESERVED CVE-2020-4736 RESERVED CVE-2020-4735 RESERVED CVE-2020-4734 RESERVED CVE-2020-4733 (IBM Jazz Foundation products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2020-4732 (IBM Jazz Foundation and IBM Engineering products could allow an authen ...) NOT-FOR-US: IBM CVE-2020-4731 (IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scri ...) NOT-FOR-US: IBM CVE-2020-4730 RESERVED CVE-2020-4729 RESERVED CVE-2020-4728 RESERVED CVE-2020-4727 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) NOT-FOR-US: IBM CVE-2020-4726 (The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) al ...) NOT-FOR-US: IBM CVE-2020-4725 (IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated use ...) NOT-FOR-US: IBM CVE-2020-4724 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4723 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4722 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4721 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4720 RESERVED CVE-2020-4719 (The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any ...) NOT-FOR-US: IBM CVE-2020-4718 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerabl ...) NOT-FOR-US: IBM CVE-2020-4717 (A vulnerability exists in IBM SPSS Modeler Subscription Installer that ...) NOT-FOR-US: IBM CVE-2020-4716 RESERVED CVE-2020-4715 RESERVED CVE-2020-4714 RESERVED CVE-2020-4713 RESERVED CVE-2020-4712 RESERVED CVE-2020-4711 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4710 RESERVED CVE-2020-4709 RESERVED CVE-2020-4708 (IBM Security Trusteer Pinpoint Detect 11.6.5 could disclose some infor ...) NOT-FOR-US: IBM CVE-2020-4707 (IBM API Connect 5.0.0.0 through 5.0.8.11 is vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4706 (IBM API Connect 5.0.0.0 through 5.0.8.10 is vulnerable to HTTP header ...) NOT-FOR-US: IBM CVE-2020-4705 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...) NOT-FOR-US: IBM CVE-2020-4704 (IBM Content Navigator 3.0CD is vulnerable to stored cross-site scripti ...) NOT-FOR-US: IBM CVE-2020-4703 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 Administrative Console ...) NOT-FOR-US: IBM CVE-2020-4702 (IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-s ...) NOT-FOR-US: IBM CVE-2020-4701 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2020-4700 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...) NOT-FOR-US: IBM CVE-2020-4699 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...) NOT-FOR-US: IBM CVE-2020-4698 (IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Work ...) NOT-FOR-US: IBM CVE-2020-4697 (IBM Jazz Foundation products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2020-4696 (IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session a ...) NOT-FOR-US: IBM CVE-2020-4695 (IBM API Connect V10 is impacted by insecure communications during data ...) NOT-FOR-US: IBM CVE-2020-4694 RESERVED CVE-2020-4693 (IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8. ...) NOT-FOR-US: IBM CVE-2020-4692 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...) NOT-FOR-US: IBM CVE-2020-4691 (IBM Jazz Foundation Products are vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2020-4690 (IBM Security Guardium 11.3 contains hard-coded credentials, such as a ...) NOT-FOR-US: IBM CVE-2020-4689 (IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote pr ...) NOT-FOR-US: IBM CVE-2020-4688 (IBM Security Guardium 10.6 and 11.2 could allow a local attacker to ex ...) NOT-FOR-US: IBM CVE-2020-4687 (IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated use ...) NOT-FOR-US: IBM CVE-2020-4686 (IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated ...) NOT-FOR-US: IBM CVE-2020-4685 (A low level user of IBM Cognos Controller 10.3.0, 10.3.1, 10.4.0, 10.4 ...) NOT-FOR-US: IBM CVE-2020-4684 RESERVED CVE-2020-4683 RESERVED CVE-2020-4682 (IBM MQ 7.5, 8.0, 9.0, 9.1, 9.2 LTS, and 9.2 CD could allow a remote at ...) NOT-FOR-US: IBM CVE-2020-4681 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2020-4680 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2020-4679 (IBM Security Guardium 11.2 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2020-4678 (IBM Security Guardium 11.2 could allow an attacker with admin access t ...) NOT-FOR-US: IBM CVE-2020-4677 RESERVED CVE-2020-4676 RESERVED CVE-2020-4675 (IBM InfoSphere Master Data Management Server 11.6 is vulnerable to cro ...) NOT-FOR-US: IBM CVE-2020-4674 (IBM Workload Automation 9.5 stores the server path in URLs that could ...) NOT-FOR-US: IBM CVE-2020-4673 (IBM Workload Automation 9.5 stores sensitive information in HTML comme ...) NOT-FOR-US: IBM CVE-2020-4672 (IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2020-4671 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...) NOT-FOR-US: IBM CVE-2020-4670 (IBM Planning Analytics Local 2.0 connects to a Redis server. The Redis ...) NOT-FOR-US: IBM CVE-2020-4669 (IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB ...) NOT-FOR-US: IBM CVE-2020-4668 RESERVED CVE-2020-4667 (IBM Engineering Requirements Quality Assistant On-Premises could allow ...) NOT-FOR-US: IBM CVE-2020-4666 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...) NOT-FOR-US: IBM CVE-2020-4665 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through ...) NOT-FOR-US: IBM CVE-2020-4664 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...) NOT-FOR-US: IBM CVE-2020-4663 (IBM Engineering Requirements Quality Assistant On-Premises is vulnerab ...) NOT-FOR-US: IBM CVE-2020-4662 (IBM Event Streams 10.0.0 could allow an authenticated user to perform ...) NOT-FOR-US: IBM CVE-2020-4661 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...) NOT-FOR-US: IBM CVE-2020-4660 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...) NOT-FOR-US: IBM CVE-2020-4659 RESERVED CVE-2020-4658 (IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cro ...) NOT-FOR-US: IBM CVE-2020-4657 (IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition i ...) NOT-FOR-US: IBM CVE-2020-4656 RESERVED CVE-2020-4655 (IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 a ...) NOT-FOR-US: IBM CVE-2020-4654 (IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authe ...) NOT-FOR-US: IBM CVE-2020-4653 (IBM Planning Analytics 2.0 could allow a remote attacker to conduct ph ...) NOT-FOR-US: IBM CVE-2020-4652 RESERVED CVE-2020-4651 (IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6 ...) NOT-FOR-US: IBM CVE-2020-4650 (IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6 ...) NOT-FOR-US: IBM CVE-2020-4649 (IBM Planning Analytics Local 2.0.9.2 and IBM Planning Analytics Worksp ...) NOT-FOR-US: IBM CVE-2020-4648 (A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars ...) NOT-FOR-US: IBM CVE-2020-4647 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through ...) NOT-FOR-US: IBM CVE-2020-4646 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, ...) NOT-FOR-US: IBM CVE-2020-4645 (IBM Planning Analytics Local 2.0.0 through 2.0.9.1 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4644 (IBM Planning Analytics Local 2.0.0 through 2.0.9.1 could allow a remot ...) NOT-FOR-US: IBM CVE-2020-4643 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2020-4642 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4641 RESERVED CVE-2020-4640 (Certain IBM API Connect 10.0.0.0 through 10.0.1.0 and 2018.4.1.0 throu ...) NOT-FOR-US: IBM CVE-2020-4639 RESERVED CVE-2020-4638 (IBM API Connect's API Manager 2018.4.1.0 through 2018.4.1.12 is vulner ...) NOT-FOR-US: IBM CVE-2020-4637 RESERVED CVE-2020-4636 (IBM Resilient OnPrem 38.2 could allow a privileged user to inject mali ...) NOT-FOR-US: IBM CVE-2020-4635 (IBM Resilient SOAR 40 and earlier could disclose sensitive information ...) NOT-FOR-US: IBM CVE-2020-4634 RESERVED CVE-2020-4633 (IBM Resilient SOAR V38.0 could allow a remote attacker to execute arbi ...) NOT-FOR-US: IBM CVE-2020-4632 (IBM InfoSphere Metadata Asset Manager 11.7 is vulnerable to server-sid ...) NOT-FOR-US: IBM CVE-2020-4631 (IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-de ...) NOT-FOR-US: IBM CVE-2020-4630 RESERVED CVE-2020-4629 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2020-4628 (IBM Cloud Pak for Security (CP4S) 1.3.0.1 and 1.4.0.0 could allow a re ...) NOT-FOR-US: IBM CVE-2020-4627 (IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS ...) NOT-FOR-US: IBM CVE-2020-4626 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive infor ...) NOT-FOR-US: IBM CVE-2020-4625 (IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2020-4624 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cr ...) NOT-FOR-US: IBM CVE-2020-4623 (IBM i2 iBase 8.9.13 could allow a local authenticated attacker to exec ...) NOT-FOR-US: IBM CVE-2020-4622 (IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, su ...) NOT-FOR-US: IBM CVE-2020-4621 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...) NOT-FOR-US: IBM CVE-2020-4620 (IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated ...) NOT-FOR-US: IBM CVE-2020-4619 (IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in ...) NOT-FOR-US: IBM CVE-2020-4618 (IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to ca ...) NOT-FOR-US: IBM CVE-2020-4617 (IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request ...) NOT-FOR-US: IBM CVE-2020-4616 (IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username i ...) NOT-FOR-US: IBM CVE-2020-4615 (IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2020-4614 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...) NOT-FOR-US: IBM CVE-2020-4613 (IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptogra ...) NOT-FOR-US: IBM CVE-2020-4612 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...) NOT-FOR-US: IBM CVE-2020-4611 (IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user t ...) NOT-FOR-US: IBM CVE-2020-4610 (IBM Security Secret Server (IBM Security Verify Privilege Manager 10.8 ...) NOT-FOR-US: IBM CVE-2020-4609 (IBM Security Sevret Server (IBM Security Verify Privilege Manager 10.8 ...) NOT-FOR-US: IBM CVE-2020-4608 RESERVED CVE-2020-4607 (IBM Security Secret Server (IBM Security Verify Privilege Vault Remote ...) NOT-FOR-US: IBM CVE-2020-4606 (IBM Security Verify Privilege Manager 10.8 is vulnerable to an XML Ext ...) NOT-FOR-US: IBM CVE-2020-4605 RESERVED CVE-2020-4604 (IBM Security Guardium Insights 2.0.2 stores user credentials in plain ...) NOT-FOR-US: IBM CVE-2020-4603 (IBM Security Guardium Insights 2.0.1 performs an operation at a privil ...) NOT-FOR-US: IBM CVE-2020-4602 (IBM Security Guardium Insights 2.0.2 stores user credentials in plain ...) NOT-FOR-US: IBM CVE-2020-4601 RESERVED CVE-2020-4600 (IBM Security Guardium Insights 2.0.2 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4599 (IBM Security Guardium Insights 2.0.2 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4598 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4597 (IBM Security Guardium Insights 2.0.2 does not set the secure attribute ...) NOT-FOR-US: IBM CVE-2020-4596 (IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptog ...) NOT-FOR-US: IBM CVE-2020-4595 (IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptog ...) NOT-FOR-US: IBM CVE-2020-4594 (IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptog ...) NOT-FOR-US: IBM CVE-2020-4593 (IBM Security Guardium Insights 2.0.1 stores user credentials in plain ...) NOT-FOR-US: IBM CVE-2020-4592 (IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, und ...) NOT-FOR-US: IBM CVE-2020-4591 (IBM Spectrum Protect Server 8.1.0.000 through 8.1.10.000 could disclos ...) NOT-FOR-US: IBM CVE-2020-4590 (IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 run ...) NOT-FOR-US: IBM CVE-2020-4589 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2020-4588 (IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary execut ...) NOT-FOR-US: IBM CVE-2020-4587 (IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is ...) NOT-FOR-US: IBM CVE-2020-4586 RESERVED CVE-2020-4585 RESERVED CVE-2020-4584 (IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive ...) NOT-FOR-US: IBM CVE-2020-4583 RESERVED CVE-2020-4582 RESERVED CVE-2020-4581 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a rem ...) NOT-FOR-US: IBM CVE-2020-4580 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a rem ...) NOT-FOR-US: IBM CVE-2020-4579 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a rem ...) NOT-FOR-US: IBM CVE-2020-4578 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) NOT-FOR-US: IBM CVE-2020-4577 RESERVED CVE-2020-4576 (IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional co ...) NOT-FOR-US: IBM CVE-2020-4575 (IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Vir ...) NOT-FOR-US: IBM CVE-2020-4574 (IBM Tivoli Key Lifecycle Manager does not require that users should ha ...) NOT-FOR-US: IBM CVE-2020-4573 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitiv ...) NOT-FOR-US: IBM CVE-2020-4572 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote at ...) NOT-FOR-US: IBM CVE-2020-4571 RESERVED CVE-2020-4570 RESERVED CVE-2020-4569 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses a protection mecha ...) NOT-FOR-US: IBM CVE-2020-4568 (IBM Tivoli Key Lifecycle Manager 3.0, 3.0.1, and 4.0 stores user crede ...) NOT-FOR-US: IBM CVE-2020-4567 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 uses an inadequate acco ...) NOT-FOR-US: IBM CVE-2020-4566 (IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 a ...) NOT-FOR-US: IBM CVE-2020-4565 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an attacke ...) NOT-FOR-US: IBM CVE-2020-4564 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 a ...) NOT-FOR-US: IBM CVE-2020-4563 RESERVED CVE-2020-4562 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2020-4561 (IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all co ...) NOT-FOR-US: IBM CVE-2020-4560 (IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2020-4559 (IBM Spectrum Protect 7.1 and 8.1 could allow an attacker to cause a de ...) NOT-FOR-US: IBM CVE-2020-4558 RESERVED CVE-2020-4557 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...) NOT-FOR-US: IBM CVE-2020-4556 RESERVED CVE-2020-4555 (IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate ...) NOT-FOR-US: IBM CVE-2020-4554 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4553 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4552 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute ...) NOT-FOR-US: IBM CVE-2020-4551 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4550 (IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4549 (IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute ...) NOT-FOR-US: IBM CVE-2020-4548 (IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input ...) NOT-FOR-US: IBM CVE-2020-4547 (IBM Jazz Foundation products could allow a remote attacker to hijack t ...) NOT-FOR-US: IBM CVE-2020-4546 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4545 (IBM Aspera Connect 3.9.9 could allow a remote attacker to execute arbi ...) NOT-FOR-US: IBM CVE-2020-4544 (IBM Jazz Foundation Products could allow a remote attacker to obtain s ...) NOT-FOR-US: IBM CVE-2020-4543 RESERVED CVE-2020-4542 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2020-4541 (IBM Jazz Reporting Service 7.0 and 7.0.1 is vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4540 RESERVED CVE-2020-4539 (IBM Jazz Reporting Service 6.0.2, 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vu ...) NOT-FOR-US: IBM CVE-2020-4538 RESERVED CVE-2020-4537 RESERVED CVE-2020-4536 (IBM OpenPages GRC Platform 8.1 could allow a remote attacker to obtain ...) NOT-FOR-US: IBM CVE-2020-4535 (IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2020-4534 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) NOT-FOR-US: IBM CVE-2020-4533 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4532 (IBM Business Automation Workflow and IBM Business Process Manager (IBM ...) NOT-FOR-US: IBM CVE-2020-4531 (IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business ...) NOT-FOR-US: IBM CVE-2020-4530 (IBM Business Automation Workflow C.D.0 and IBM Business Process Manage ...) NOT-FOR-US: IBM CVE-2020-4529 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to server si ...) NOT-FOR-US: IBM CVE-2020-4528 (IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 throug ...) NOT-FOR-US: IBM CVE-2020-4527 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2020-4526 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2020-4525 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2020-4524 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2020-4523 RESERVED CVE-2020-4522 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4521 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote authe ...) NOT-FOR-US: IBM CVE-2020-4520 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to in ...) NOT-FOR-US: IBM CVE-2020-4519 RESERVED CVE-2020-4518 RESERVED CVE-2020-4517 RESERVED CVE-2020-4516 (IBM Business Process Manager 8.5, 8.6 and IBM Business Automation Work ...) NOT-FOR-US: IBM CVE-2020-4515 RESERVED CVE-2020-4514 RESERVED CVE-2020-4513 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2020-4512 (IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to ex ...) NOT-FOR-US: IBM CVE-2020-4511 (IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause ...) NOT-FOR-US: IBM CVE-2020-4510 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity In ...) NOT-FOR-US: IBM CVE-2020-4509 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity In ...) NOT-FOR-US: IBM CVE-2020-4508 RESERVED CVE-2020-4507 RESERVED CVE-2020-4506 RESERVED CVE-2020-4505 RESERVED CVE-2020-4504 RESERVED CVE-2020-4503 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2020-4502 RESERVED CVE-2020-4501 RESERVED CVE-2020-4500 RESERVED CVE-2020-4499 (IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0. ...) NOT-FOR-US: IBM CVE-2020-4498 (IBM MQ Appliance 9.1 LTS and 9.1 CD could allow a local privileged use ...) NOT-FOR-US: IBM CVE-2020-4497 RESERVED CVE-2020-4496 RESERVED CVE-2020-4495 (IBM Jazz Foundation and IBM Engineering products could allow a remote ...) NOT-FOR-US: IBM CVE-2020-4494 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...) NOT-FOR-US: IBM CVE-2020-4493 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to ...) NOT-FOR-US: IBM CVE-2020-4492 (IBM Spectrum Scale V5.0.0.0 through V5.0.4.3 and V4.2.0.0 through V4.2 ...) NOT-FOR-US: IBM CVE-2020-4491 (IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5. ...) NOT-FOR-US: IBM CVE-2020-4490 (IBM Business Automation Workflow 18 and 19, and IBM Business Process M ...) NOT-FOR-US: IBM CVE-2020-4489 RESERVED CVE-2020-4488 RESERVED CVE-2020-4487 (IBM Jazz Foundation Products could allow a remote attacker to obtain s ...) NOT-FOR-US: IBM CVE-2020-4486 (IBM QRadar 7.2.0 thorugh 7.2.9 could allow an authenticated user to ov ...) NOT-FOR-US: IBM CVE-2020-4485 (IBM QRadar 7.2.0 through 7.2.9 could allow an authenticated user to di ...) NOT-FOR-US: IBM CVE-2020-4484 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 coul ...) NOT-FOR-US: IBM CVE-2020-4483 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 coul ...) NOT-FOR-US: IBM CVE-2020-4482 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 coul ...) NOT-FOR-US: IBM CVE-2020-4481 (IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is v ...) NOT-FOR-US: IBM CVE-2020-4480 RESERVED CVE-2020-4479 RESERVED CVE-2020-4478 RESERVED CVE-2020-4477 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensi ...) NOT-FOR-US: IBM CVE-2020-4476 (IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through ...) NOT-FOR-US: IBM CVE-2020-4475 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 a ...) NOT-FOR-US: IBM CVE-2020-4474 RESERVED CVE-2020-4473 RESERVED CVE-2020-4472 RESERVED CVE-2020-4471 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthe ...) NOT-FOR-US: IBM CVE-2020-4470 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console ...) NOT-FOR-US: IBM CVE-2020-4469 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4468 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4467 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4466 (IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could allow a remote authentica ...) NOT-FOR-US: IBM CVE-2020-4465 (IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and ...) NOT-FOR-US: IBM CVE-2020-4464 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...) NOT-FOR-US: IBM CVE-2020-4463 (IBM Maximo Asset Management 7.6.0.1 and 7.6.0.2 is vulnerable to an XM ...) NOT-FOR-US: IBM CVE-2020-4462 (IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and ...) NOT-FOR-US: IBM CVE-2020-4461 (IBM Security Access Manager Appliance 9.0.7.1 could allow an authentic ...) NOT-FOR-US: IBM CVE-2020-4460 RESERVED CVE-2020-4459 (IBM Security Verify Access 10.7 contains hard-coded credentials, such ...) NOT-FOR-US: IBM CVE-2020-4458 RESERVED CVE-2020-4457 RESERVED CVE-2020-4456 RESERVED CVE-2020-4455 RESERVED CVE-2020-4454 RESERVED CVE-2020-4453 RESERVED CVE-2020-4452 (IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses weaker than expec ...) NOT-FOR-US: IBM CVE-2020-4451 RESERVED CVE-2020-4450 (IBM WebSphere Application Server 8.5 and 9.0 traditional could allow a ...) NOT-FOR-US: IBM CVE-2020-4449 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional co ...) NOT-FOR-US: IBM CVE-2020-4448 (IBM WebSphere Application Server Network Deployment 7.0, 8.0, 8.5, and ...) NOT-FOR-US: IBM CVE-2020-4447 (IBM FileNet Content Manager 5.5.3 and 5.5.4 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2020-4446 (IBM Business Process Manager 8.0, 8.5, and 8.6 and IBM Business Automa ...) NOT-FOR-US: IBM CVE-2020-4445 (IBM Jazz Team Server based Applications are vulnerable to cross-site s ...) NOT-FOR-US: IBM CVE-2020-4444 RESERVED CVE-2020-4443 RESERVED CVE-2020-4442 RESERVED CVE-2020-4441 RESERVED CVE-2020-4440 RESERVED CVE-2020-4439 RESERVED CVE-2020-4438 RESERVED CVE-2020-4437 RESERVED CVE-2020-4436 (Certain IBM Aspera applications are vulnerable to buffer overflow afte ...) NOT-FOR-US: IBM CVE-2020-4435 (Certain IBM Aspera applications are vulnerable to arbitrary memory cor ...) NOT-FOR-US: IBM CVE-2020-4434 (Certain IBM Aspera applications are vulnerable to buffer overflow base ...) NOT-FOR-US: IBM CVE-2020-4433 (Certain IBM Aspera applications are vulnerable to a stack-based buffer ...) NOT-FOR-US: IBM CVE-2020-4432 (Certain IBM Aspera applications are vulnerable to command injection af ...) NOT-FOR-US: IBM CVE-2020-4431 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2020-4430 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a rem ...) NOT-FOR-US: IBM CVE-2020-4429 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 con ...) NOT-FOR-US: IBM CVE-2020-4428 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, and 2.0.4 could allow a rem ...) NOT-FOR-US: IBM CVE-2020-4427 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...) NOT-FOR-US: IBM CVE-2020-4426 RESERVED CVE-2020-4425 RESERVED CVE-2020-4424 RESERVED CVE-2020-4423 RESERVED CVE-2020-4422 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4421 (IBM WebSphere Application Liberty 19.0.0.5 through 20.0.0.4 could allo ...) NOT-FOR-US: IBM CVE-2020-4420 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4419 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4418 RESERVED CVE-2020-4417 RESERVED CVE-2020-4416 RESERVED CVE-2020-4415 (IBM Spectrum Protect 7.1 and 8.1 server is vulnerable to a stack-based ...) NOT-FOR-US: IBM CVE-2020-4414 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4413 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...) NOT-FOR-US: IBM CVE-2020-4412 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...) NOT-FOR-US: IBM CVE-2020-4411 (The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...) NOT-FOR-US: IBM CVE-2020-4410 (IBM Jazz Foundation and IBM Engineering products could allow an authen ...) NOT-FOR-US: IBM CVE-2020-4409 (IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4408 (The IBM QRadar Advisor 1.1 through 2.5.2 with Watson App for IBM QRada ...) NOT-FOR-US: IBM CVE-2020-4407 RESERVED CVE-2020-4406 (IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows ...) NOT-FOR-US: IBM CVE-2020-4405 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could disclose potentially se ...) NOT-FOR-US: IBM CVE-2020-4404 RESERVED CVE-2020-4403 RESERVED CVE-2020-4402 RESERVED CVE-2020-4401 RESERVED CVE-2020-4400 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 uses an inadequate account lo ...) NOT-FOR-US: IBM CVE-2020-4399 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 could allow an authenticated ...) NOT-FOR-US: IBM CVE-2020-4398 RESERVED CVE-2020-4397 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 transmits sensitive informati ...) NOT-FOR-US: IBM CVE-2020-4396 (IBM Jazz Foundation and IBM Engineering products are vulnerable to cro ...) NOT-FOR-US: IBM CVE-2020-4395 (IBM Security Access Manager Appliance 9.0.7 does not invalidate sessio ...) NOT-FOR-US: IBM CVE-2020-4394 RESERVED CVE-2020-4393 RESERVED CVE-2020-4392 RESERVED CVE-2020-4391 RESERVED CVE-2020-4390 RESERVED CVE-2020-4389 RESERVED CVE-2020-4388 (IBM Cognos Analytics 11.0 and 11.1 could be vulnerable to a denial of ...) NOT-FOR-US: IBM CVE-2020-4387 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4386 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4385 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains hard-coded credentia ...) NOT-FOR-US: IBM CVE-2020-4384 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) NOT-FOR-US: IBM CVE-2020-4383 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 ...) NOT-FOR-US: IBM CVE-2020-4382 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 ...) NOT-FOR-US: IBM CVE-2020-4381 (IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 ...) NOT-FOR-US: IBM CVE-2020-4380 (IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2020-4379 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...) NOT-FOR-US: IBM CVE-2020-4378 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged au ...) NOT-FOR-US: IBM CVE-2020-4377 (IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Ent ...) NOT-FOR-US: IBM CVE-2020-4376 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0.4 and 8.1.0 could ...) NOT-FOR-US: IBM CVE-2020-4375 (IBM MQ, IBM MQ Appliance, IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 ...) NOT-FOR-US: IBM CVE-2020-4374 RESERVED CVE-2020-4373 RESERVED CVE-2020-4372 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores user credentials in pl ...) NOT-FOR-US: IBM CVE-2020-4371 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 contains sensitive informatio ...) NOT-FOR-US: IBM CVE-2020-4370 RESERVED CVE-2020-4369 (IBM Verify Gateway (IVG) 1.0.0 and 1.0.1 stores highly sensitive infor ...) NOT-FOR-US: IBM CVE-2020-4368 RESERVED CVE-2020-4367 (IBM Planning Analytics Local 2.0 uses weaker than expected cryptograph ...) NOT-FOR-US: IBM CVE-2020-4366 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2020-4365 (IBM WebSphere Application Server 8.5 is vulnerable to server-side requ ...) NOT-FOR-US: IBM CVE-2020-4364 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. Thi ...) NOT-FOR-US: IBM CVE-2020-4363 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4362 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...) NOT-FOR-US: IBM CVE-2020-4361 (IBM Planning Analytics 2.0 could allow a remote attacker to obtain sen ...) NOT-FOR-US: IBM CVE-2020-4360 (IBM Planning Analytics Local 2.0 is vulnerable to cross-site scripting ...) NOT-FOR-US: IBM CVE-2020-4359 RESERVED CVE-2020-4358 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site ...) NOT-FOR-US: IBM CVE-2020-4357 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attack ...) NOT-FOR-US: IBM CVE-2020-4356 RESERVED CVE-2020-4355 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4354 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripti ...) NOT-FOR-US: IBM CVE-2020-4353 (IBM MaaS360 6.82 could allow a user with pysical access to the device ...) NOT-FOR-US: IBM CVE-2020-4352 (IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege esc ...) NOT-FOR-US: IBM CVE-2020-4351 RESERVED CVE-2020-4350 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...) NOT-FOR-US: IBM CVE-2020-4349 (IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected c ...) NOT-FOR-US: IBM CVE-2020-4348 (IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4. ...) NOT-FOR-US: IBM CVE-2020-4347 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could be subjec ...) NOT-FOR-US: IBM CVE-2020-4346 (IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server ha ...) NOT-FOR-US: IBM CVE-2020-4345 (IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a s ...) NOT-FOR-US: IBM CVE-2020-4344 (IBM Tivoli Business Service Manager 6.2.0.0 - 6.2.0.2 IF 1 allows web ...) NOT-FOR-US: IBM CVE-2020-4343 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4342 (IBM Security Secret Server 10.7 could disclose sensitive information i ...) NOT-FOR-US: IBM CVE-2020-4341 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...) NOT-FOR-US: IBM CVE-2020-4340 (IBM Security Secret Server prior to 10.9 could allow an attacker to by ...) NOT-FOR-US: IBM CVE-2020-4339 RESERVED CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...) NOT-FOR-US: IBM CVE-2020-4337 (IBM API Connect 2018.4.1.0 through 2018.4.1.12 could allow an attacker ...) NOT-FOR-US: IBM CVE-2020-4336 (IBM WebSphere eXtreme Scale 8.6.1 stores sensitive information in URL ...) NOT-FOR-US: IBM CVE-2020-4335 RESERVED CVE-2020-4334 RESERVED CVE-2020-4333 RESERVED CVE-2020-4332 RESERVED CVE-2020-4331 RESERVED CVE-2020-4330 RESERVED CVE-2020-4329 (IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0 ...) NOT-FOR-US: IBM CVE-2020-4328 (IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection ...) NOT-FOR-US: IBM CVE-2020-4327 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...) NOT-FOR-US: IBM CVE-2020-4326 RESERVED CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0 ...) NOT-FOR-US: IBM CVE-2020-4324 (IBM Security Secret Server proir to 10.9 could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2020-4323 (IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2020-4322 (IBM Security Secret Server 10.7 could allow a remote attacker to hijac ...) NOT-FOR-US: IBM CVE-2020-4321 RESERVED CVE-2020-4320 (IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9 ...) NOT-FOR-US: IBM CVE-2020-4319 (IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 LTS, and ...) NOT-FOR-US: IBM CVE-2020-4318 (IBM Intelligent Operations Center for Emergency Management, Intelligen ...) NOT-FOR-US: IBM CVE-2020-4317 (IBM Intelligent Operations Center for Emergency Management, Intelligen ...) NOT-FOR-US: IBM CVE-2020-4316 (IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure ...) NOT-FOR-US: IBM CVE-2020-4315 (IBM Business Automation Content Analyzer on Cloud 1.0 does not set the ...) NOT-FOR-US: IBM CVE-2020-4314 RESERVED CVE-2020-4313 RESERVED CVE-2020-4312 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 co ...) NOT-FOR-US: IBM CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute ar ...) NOT-FOR-US: IBM CVE-2020-4310 (IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are ...) NOT-FOR-US: IBM CVE-2020-4309 (IBM Content Navigator 3.0CD could disclose sensitive information to an ...) NOT-FOR-US: IBM CVE-2020-4308 RESERVED CVE-2020-4307 (IBM Security Guardium 11.1 could allow an attacker on the same network ...) NOT-FOR-US: IBM CVE-2020-4306 (IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2020-4305 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a r ...) NOT-FOR-US: IBM CVE-2020-4304 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...) NOT-FOR-US: IBM CVE-2020-4303 (IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 i ...) NOT-FOR-US: IBM CVE-2020-4302 (IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to ex ...) NOT-FOR-US: IBM CVE-2020-4301 RESERVED CVE-2020-4300 (IBM Cognos Analytics 11.0 and 11.1 is vulnerable to an XML External En ...) NOT-FOR-US: IBM CVE-2020-4299 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 c ...) NOT-FOR-US: IBM CVE-2020-4298 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) NOT-FOR-US: IBM CVE-2020-4297 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is ...) NOT-FOR-US: IBM CVE-2020-4296 RESERVED CVE-2020-4295 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is ...) NOT-FOR-US: IBM CVE-2020-4294 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to Server Side Request ...) NOT-FOR-US: IBM CVE-2020-4293 RESERVED CVE-2020-4292 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and ...) NOT-FOR-US: IBM CVE-2020-4291 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4290 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4289 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4288 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4287 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4286 (IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable t ...) NOT-FOR-US: IBM CVE-2020-4285 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacke ...) NOT-FOR-US: IBM CVE-2020-4284 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4283 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, and ...) NOT-FOR-US: IBM CVE-2020-4282 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4281 (IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is ...) NOT-FOR-US: IBM CVE-2020-4280 (IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute a ...) NOT-FOR-US: IBM CVE-2020-4279 RESERVED CVE-2020-4278 (IBM Platform LSF 9.1 and 10.1, IBM Spectrum LSF Suite 10.2, and IBM Sp ...) NOT-FOR-US: IBM CVE-2020-4277 (IBM TRIRIGA Application Platform 3.5.3 and 3.6.1 discloses sensitive i ...) NOT-FOR-US: IBM CVE-2020-4276 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is ...) NOT-FOR-US: IBM CVE-2020-4275 RESERVED CVE-2020-4274 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to ...) NOT-FOR-US: IBM CVE-2020-4273 (IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attack ...) NOT-FOR-US: IBM CVE-2020-4272 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a remote attacker to inc ...) NOT-FOR-US: IBM CVE-2020-4271 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow an authenticated user to ...) NOT-FOR-US: IBM CVE-2020-4270 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 could allow a local user to gain esc ...) NOT-FOR-US: IBM CVE-2020-4269 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 contains hard-coded credentials, suc ...) NOT-FOR-US: IBM CVE-2020-4268 (IBM QRadar 7.3.0 to 7.3.3 Patch 2 is vulnerable to cross-site scriptin ...) NOT-FOR-US: IBM CVE-2020-4267 (IBM MQ and MQ Appliance 8.0, 9.1 LTS, and 9.1 CD could allow an authen ...) NOT-FOR-US: IBM CVE-2020-4266 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4265 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4264 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4263 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4262 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4261 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4260 (IBM UrbanCode Deploy (UCD) 7.0.5 could allow a user with special permi ...) NOT-FOR-US: IBM CVE-2020-4259 (IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authe ...) NOT-FOR-US: IBM CVE-2020-4258 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4257 (IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker ...) NOT-FOR-US: IBM CVE-2020-4256 RESERVED CVE-2020-4255 RESERVED CVE-2020-4254 (IBM Security Guardium Big Data Intelligence 1.0 (SonarG) uses weaker t ...) NOT-FOR-US: IBM CVE-2020-4253 (IBM Content Navigator 3.0CD does not invalidate session after logout w ...) NOT-FOR-US: IBM CVE-2020-4252 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...) NOT-FOR-US: IBM CVE-2020-4251 (IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2020-4250 RESERVED CVE-2020-4249 (IBM Security Identity Governance and Intelligence 5.2.6 could disclose ...) NOT-FOR-US: IBM CVE-2020-4248 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) NOT-FOR-US: IBM CVE-2020-4247 RESERVED CVE-2020-4246 (IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable ...) NOT-FOR-US: IBM CVE-2020-4245 (IBM Security Identity Governance and Intelligence 5.2.6 does not requi ...) NOT-FOR-US: IBM CVE-2020-4244 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...) NOT-FOR-US: IBM CVE-2020-4243 (IBM Security Identity Governance and Intelligence 5.2.6 Virtual Applia ...) NOT-FOR-US: IBM CVE-2020-4242 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...) NOT-FOR-US: IBM CVE-2020-4241 (IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 ...) NOT-FOR-US: IBM CVE-2020-4240 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4239 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remot ...) NOT-FOR-US: IBM CVE-2020-4238 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4237 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4236 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an auth ...) NOT-FOR-US: IBM CVE-2020-4235 (IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cr ...) NOT-FOR-US: IBM CVE-2020-4234 RESERVED CVE-2020-4233 (IBM Security Identity Governance and Intelligence 5.2.6 could allow a ...) NOT-FOR-US: IBM CVE-2020-4232 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...) NOT-FOR-US: IBM CVE-2020-4231 (IBM Security Identity Governance and Intelligence 5.2.6 could allow an ...) NOT-FOR-US: IBM CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...) NOT-FOR-US: IBM CVE-2020-4229 (IBM Worklight/MobileFoundation 8.0.0.0 does not properly invalidate se ...) NOT-FOR-US: IBM CVE-2020-4228 RESERVED CVE-2020-4227 RESERVED CVE-2020-4226 (IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive in ...) NOT-FOR-US: IBM CVE-2020-4225 RESERVED CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive inform ...) NOT-FOR-US: IBM CVE-2020-4223 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cros ...) NOT-FOR-US: IBM CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM Spectrum Protect Plus CVE-2020-4221 RESERVED CVE-2020-4220 RESERVED CVE-2020-4219 RESERVED CVE-2020-4218 RESERVED CVE-2020-4217 (The IBM Spectrum Scale 4.2 and 5.0 file system component is affected b ...) NOT-FOR-US: IBM CVE-2020-4216 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded cr ...) NOT-FOR-US: IBM CVE-2020-4215 RESERVED CVE-2020-4214 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4213 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4212 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4211 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4210 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4209 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4208 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded cr ...) NOT-FOR-US: IBM CVE-2020-4207 (IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 ...) NOT-FOR-US: IBM CVE-2020-4206 (IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4205 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an aut ...) NOT-FOR-US: IBM CVE-2020-4204 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4203 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially ...) NOT-FOR-US: IBM CVE-2020-4202 (IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenti ...) NOT-FOR-US: IBM CVE-2020-4201 RESERVED CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...) NOT-FOR-US: IBM CVE-2020-4199 (IBM Tivoli Netcool/OMNIbus 8.1.0 is vulnerable to cross-site request f ...) NOT-FOR-US: IBM CVE-2020-4198 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2020-4197 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 allows web pages to be stored loc ...) NOT-FOR-US: IBM CVE-2020-4196 (IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scrip ...) NOT-FOR-US: IBM CVE-2020-4195 (IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote a ...) NOT-FOR-US: IBM CVE-2020-4194 RESERVED CVE-2020-4193 (IBM Security Guardium 11.1 uses an inadequate account lockout setting ...) NOT-FOR-US: IBM CVE-2020-4192 RESERVED CVE-2020-4191 (IBM Security Guardium 11.1 uses weaker than expected cryptographic alg ...) NOT-FOR-US: IBM CVE-2020-4190 (IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credent ...) NOT-FOR-US: IBM CVE-2020-4189 (IBM Security Guardium 11.2 discloses sensitive information in the resp ...) NOT-FOR-US: IBM CVE-2020-4188 (IBM Security Guardium 10.6 and 11.1 may use insufficiently random numb ...) NOT-FOR-US: IBM CVE-2020-4187 (IBM Security Guardium 11.1 could disclose sensitive information on the ...) NOT-FOR-US: IBM CVE-2020-4186 (IBM Security Guardium 10.5, 10.6, and 11.1 could disclose sensitive in ...) NOT-FOR-US: IBM CVE-2020-4185 (IBM Security Guardium 10.5, 10.6, and 11.1 uses weaker than expected c ...) NOT-FOR-US: IBM CVE-2020-4184 (IBM Security Guardium 11.2 performs an operation at a privilege level ...) NOT-FOR-US: IBM CVE-2020-4183 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2020-4182 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2020-4181 RESERVED CVE-2020-4180 (IBM Security Guardium 11.1 could allow a remote authenticated attacker ...) NOT-FOR-US: IBM CVE-2020-4179 RESERVED CVE-2020-4178 RESERVED CVE-2020-4177 (IBM Security Guardium 11.1 contains hard-coded credentials, such as a ...) NOT-FOR-US: IBM CVE-2020-4176 RESERVED CVE-2020-4175 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4174 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...) NOT-FOR-US: IBM CVE-2020-4173 (IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure a ...) NOT-FOR-US: IBM CVE-2020-4172 (IBM Security Guardium Insights 2.0.1 stores sensitive information in U ...) NOT-FOR-US: IBM CVE-2020-4171 (IBM Security Guardium Insights 2.0.1 allows web pages to be stored loc ...) NOT-FOR-US: IBM CVE-2020-4170 (IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site reque ...) NOT-FOR-US: IBM CVE-2020-4169 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...) NOT-FOR-US: IBM CVE-2020-4168 RESERVED CVE-2020-4167 (IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain ...) NOT-FOR-US: IBM CVE-2020-4166 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4165 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4164 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) NOT-FOR-US: IBM CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under special ...) NOT-FOR-US: IBM CVE-2020-4162 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross ...) NOT-FOR-US: IBM CVE-2020-4161 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2020-4160 (IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attac ...) NOT-FOR-US: IBM CVE-2020-4159 RESERVED CVE-2020-4158 RESERVED CVE-2020-4157 RESERVED CVE-2020-4156 RESERVED CVE-2020-4155 RESERVED CVE-2020-4154 RESERVED CVE-2020-4153 (IBM QRadar Network Security 5.4.0 and 5.5.0 is vulnerable to cross-sit ...) NOT-FOR-US: IBM CVE-2020-4152 (IBM QRadar Network Security 5.4.0 and 5.5.0 transmits sensitive or sec ...) NOT-FOR-US: IBM CVE-2020-4151 (IBM QRadar SIEM 7.3.0 through 7.3.3 could allow an authenticated attac ...) NOT-FOR-US: IBM CVE-2020-4150 RESERVED CVE-2020-4149 RESERVED CVE-2020-4148 RESERVED CVE-2020-4147 RESERVED CVE-2020-4146 (IBM Security SiteProtector System 3.1.1 could allow a remote attacker ...) NOT-FOR-US: IBM CVE-2020-4145 RESERVED CVE-2020-4144 RESERVED CVE-2020-4143 RESERVED CVE-2020-4142 RESERVED CVE-2020-4141 RESERVED CVE-2020-4140 (IBM Security SiteProtector System 3.1.1 is vulnerable to cross-site sc ...) NOT-FOR-US: IBM CVE-2020-4139 RESERVED CVE-2020-4138 RESERVED CVE-2020-4137 RESERVED CVE-2020-4136 RESERVED CVE-2020-4135 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2020-4134 RESERVED CVE-2020-4133 RESERVED CVE-2020-4132 RESERVED CVE-2020-4131 RESERVED CVE-2020-4130 RESERVED CVE-2020-4129 (HCL Domino is susceptible to a lockout policy bypass vulnerability in ...) NOT-FOR-US: HCL Domino CVE-2020-4128 (HCL Domino is susceptible to a lockout policy bypass vulnerability in ...) NOT-FOR-US: HCL Domino CVE-2020-4127 (HCL Domino is susceptible to a Login CSRF vulnerability. With a valid ...) NOT-FOR-US: HCL Domino CVE-2020-4126 (HCL iNotes is susceptible to a sensitive cookie exposure vulnerability ...) NOT-FOR-US: HCL iNotes CVE-2020-4125 (Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious ...) NOT-FOR-US: HCL CVE-2020-4124 RESERVED CVE-2020-4123 RESERVED CVE-2020-4122 RESERVED CVE-2020-4121 RESERVED CVE-2020-4120 RESERVED CVE-2020-4119 RESERVED CVE-2020-4118 RESERVED CVE-2020-4117 RESERVED CVE-2020-4116 RESERVED CVE-2020-4115 RESERVED CVE-2020-4114 RESERVED CVE-2020-4113 RESERVED CVE-2020-4112 RESERVED CVE-2020-4111 RESERVED CVE-2020-4110 RESERVED CVE-2020-4109 RESERVED CVE-2020-4108 RESERVED CVE-2020-4107 RESERVED CVE-2020-4106 RESERVED CVE-2020-4105 RESERVED CVE-2020-4104 (HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) wi ...) NOT-FOR-US: HCL CVE-2020-4103 RESERVED CVE-2020-4102 (HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due ...) NOT-FOR-US: HCL Notes CVE-2020-4101 ("HCL Digital Experience is susceptible to Server Side Request Forgery. ...) NOT-FOR-US: HCL Digital Experience CVE-2020-4100 ("HCL Verse for Android was found to employ dynamic code loading. This ...) NOT-FOR-US: HCL CVE-2020-4099 RESERVED CVE-2020-4098 RESERVED CVE-2020-4097 (In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fi ...) NOT-FOR-US: HCL Notes CVE-2020-4096 RESERVED CVE-2020-4095 ("BigFix Platform is storing clear text credentials within the system's ...) NOT-FOR-US: HCL CVE-2020-4094 RESERVED CVE-2020-4093 RESERVED CVE-2020-4092 ("If port encryption is not enabled on the Domino Server, HCL Nomad on ...) NOT-FOR-US: HCL Nomad CVE-2020-4091 RESERVED CVE-2020-4090 RESERVED CVE-2020-4089 (HCL Notes is vulnerable to an information leakage vulnerability throug ...) NOT-FOR-US: HCL Notes CVE-2020-4088 RESERVED CVE-2020-4087 RESERVED CVE-2020-4086 RESERVED CVE-2020-4085 ("HCL Connections is vulnerable to possible information leakage and cou ...) NOT-FOR-US: HCL Connections CVE-2020-4084 (HCL Connections v5.5, v6.0, and v6.5 are vulnerable to cross-site scri ...) NOT-FOR-US: HCL Connections CVE-2020-4083 (HCL Connections 6.5 is vulnerable to possible information leakage. Con ...) NOT-FOR-US: HCL Connections CVE-2020-4082 (The HCL Connections 5.5 help system is vulnerable to cross-site script ...) NOT-FOR-US: HCL Connections CVE-2020-4081 (In Digital Experience 8.5, 9.0, and 9.5, WSRP consumer is vulnerable t ...) NOT-FOR-US: Digital Experience CVE-2020-4080 (HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting ...) NOT-FOR-US: HCL CVE-2020-4079 (Combodo iTop is a web based IT Service Management tool. In iTop before ...) NOT-FOR-US: Combodo iTop CVE-2020-4078 RESERVED CVE-2020-4077 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...) - electron (bug #842420) CVE-2020-4076 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a ...) - electron (bug #842420) CVE-2020-4075 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary ...) - electron (bug #842420) CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the aut ...) NOT-FOR-US: PrestaShop CVE-2020-4073 RESERVED CVE-2020-4072 (In generator-jhipster-kotlin version 1.6.0 log entries are created for ...) NOT-FOR-US: generator-jhipster-kotlin CVE-2020-4071 (In django-basic-auth-ip-whitelist before 0.3.4, a potential timing att ...) NOT-FOR-US: django-basic-auth-ip-whitelist CVE-2020-4070 (In CSS Validator less than or equal to commit 54d68a1, there is a cros ...) NOT-FOR-US: w3c css-validator CVE-2020-4069 RESERVED CVE-2020-4068 (In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to r ...) NOT-FOR-US: APNSwift CVE-2020-4067 (In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN ...) {DSA-4711-1 DLA-2271-1} - coturn 4.5.1.3-1 NOTE: https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm NOTE: https://github.com/coturn/coturn/commit/170da1140797748ae85565b5a93a2e35e7b07b6a CVE-2020-4066 (In Limdu before 0.95, the trainBatch function has a command injection ...) NOT-FOR-US: Limdu CVE-2020-4065 RESERVED CVE-2020-4064 RESERVED CVE-2020-4063 RESERVED CVE-2020-4062 (In Conjur OSS Helm Chart before 2.0.0, a recently identified critical ...) NOT-FOR-US: Conjur Helm Chart CVE-2020-4061 (In October from version 1.0.319 and before version 1.0.467, pasting co ...) NOT-FOR-US: October CMS CVE-2020-4060 (In LoRa Basics Station before 2.0.4, there is a Use After Free vulnera ...) NOT-FOR-US: LoRa Basics Station CVE-2020-4059 (In mversion before 2.0.0, there is a command injection vulnerability. ...) NOT-FOR-US: mversion CVE-2020-4058 RESERVED CVE-2020-4057 RESERVED CVE-2020-4056 RESERVED CVE-2020-4055 RESERVED CVE-2020-4054 (In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less ...) {DSA-4730-1} - ruby-sanitize 4.6.6-2.1 (bug #963808) [stretch] - ruby-sanitize (Vulnerable code introduced later) [jessie] - ruby-sanitize (Vulnerable code introduced later) NOTE: https://github.com/rgrove/sanitize/security/advisories/GHSA-p4x4-rw2p-8j8m NOTE: Fixed by: https://github.com/rgrove/sanitize/commit/a11498de9e283cd457b35ee252983662f7452aa9 (v5.2.1) NOTE: Only in 5.0.0 removing of useless filtered elements content is done by default NOTE: with: https://github.com/rgrove/sanitize/commit/faf9a0f432fda3cef29f0f8aad99d4dedf079d67 (v5.0.0) CVE-2020-4053 (In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path tra ...) - helm-kubernetes (bug #910799) CVE-2020-4052 (In Wiki.js before 2.4.107, there is a stored cross-site scripting thro ...) NOT-FOR-US: Wiki.js CVE-2020-4051 (In Dijit before versions 1.11.11, and greater than or equal to 1.12.0 ...) - dojo 1.15.4+dfsg1-1 (bug #970000) [buster] - dojo (Minor issue) NOTE: https://github.com/dojo/dijit/security/advisories/GHSA-cxjc-r2fp-7mq6 NOTE: https://github.com/dojo/dijit/commit/462bdcd60d0333315fe69ab4709c894d78f61301 CVE-2020-4045 (SSB-DB version 20.0.0 has an information disclosure vulnerability. The ...) NOT-FOR-US: SSB-DB CVE-2020-4044 (The xrdp-sesman service before version 0.9.13.1 can be crashed by conn ...) {DSA-4737-1 DLA-2319-1} - xrdp 0.9.12-1.1 (bug #964573) NOTE: https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-j9fv-6fwf-p3g4 NOTE: Fixed by: https://github.com/neutrinolabs/xrdp/commit/e593f58a82bf79b556601ae08e9e25e366a662fb CVE-2020-4043 (phpMussel from versions 1.0.0 and less than 1.6.0 has an unserializati ...) NOT-FOR-US: phpMussel CVE-2020-4042 (Bareos before version 19.2.8 and earlier allows a malicious client to ...) - bareos (bug #965985) [buster] - bareos (Minor issue; workaround exists; intrusive to backport to older versions) [stretch] - bareos (minor issue, low priority) NOTE: https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752 NOTE: https://bugs.bareos.org/view.php?id=1250 NOTE: https://github.com/bareos/bareos/commit/93f2db6451a684fbb224a7d24cdd85e77b2b51fc (master) NOTE: Workaround: Make sure the director will not connect to a client that can NOTE: initiate connections. As a rule: every client with "Connection From Client NOTE: To Director = yes" must also set "Connection From Director To Client = no". CVE-2020-4041 (In Bolt CMS before version 3.7.1, the filename of uploaded files was v ...) NOT-FOR-US: Bolt CMS CVE-2020-4040 (Bolt CMS before version 3.7.1 lacked CSRF protection in the preview ge ...) NOT-FOR-US: Bolt CMS CVE-2020-4039 (SUSI.AI is an intelligent Open Source personal assistant. SUSI.AI Serv ...) NOT-FOR-US: SUSI.AI CVE-2020-4038 (GraphQL Playground (graphql-playground-html NPM package) before versio ...) NOT-FOR-US: Node graphql-playground-html CVE-2020-4037 (In OAuth2 Proxy from version 5.1.1 and less than version 6.0.0, users ...) - oauth2-proxy (bug #982891) CVE-2020-4036 RESERVED CVE-2020-4035 (In WatermelonDB (NPM package "@nozbe/watermelondb") before versions 0. ...) NOT-FOR-US: WatermelonDB CVE-2020-4034 RESERVED CVE-2020-4033 (In FreeRDP before version 2.1.2, there is an out of bounds read in RLE ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-7rhj-856w-82p8 CVE-2020-4032 (In FreeRDP before version 2.1.2, there is an integer casting vulnerabi ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-3898-mc89-x2vc CVE-2020-4031 (In FreeRDP before version 2.1.2, there is a use-after-free in gdi_Sele ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-gwcq-hpq2-m74g CVE-2020-4030 (In FreeRDP before version 2.1.2, there is an out of bounds read in Tri ...) - freerdp2 2.1.2+dfsg1-1 [buster] - freerdp2 (Minor issue) - freerdp [stretch] - freerdp (Minor issue) NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-fjr5-97f5-qq98 CVE-2020-4029 (The /rest/project-templates/1.0/createshared resource in Atlassian Jir ...) NOT-FOR-US: Atlassian CVE-2020-4028 (Versions before 8.9.1, Various resources in Jira responded with a 404 ...) NOT-FOR-US: Atlassian CVE-2020-4027 (Affected versions of Atlassian Confluence Server and Data Center allow ...) NOT-FOR-US: Atlassian CVE-2020-4026 (The CustomAppsRestResource list resource in Atlassian Navigator Links ...) NOT-FOR-US: Atlassian CVE-2020-4025 (The attachment download resource in Atlassian Jira Server and Data Cen ...) NOT-FOR-US: Atlassian CVE-2020-4024 (The attachment download resource in Atlassian Jira Server and Data Cen ...) NOT-FOR-US: Atlassian CVE-2020-4023 (The review coverage resource in Atlassian Fisheye and Crucible before ...) NOT-FOR-US: Atlassian Fisheye and Crucible CVE-2020-4022 (The attachment download resource in Atlassian Jira Server and Data Cen ...) NOT-FOR-US: Atlassian CVE-2020-4021 (Affected versions are: Before 8.5.5, and from 8.6.0 before 8.8.1 of At ...) NOT-FOR-US: Atlassian CVE-2020-4020 (The file downloading functionality in the Atlassian Companion App befo ...) NOT-FOR-US: Atlassian CVE-2020-4019 (The file editing functionality in the Atlassian Companion App before v ...) NOT-FOR-US: Atlassian CVE-2020-4018 (The setup resources in Atlassian Fisheye and Crucible before version 4 ...) NOT-FOR-US: Atlassian CVE-2020-4017 (The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jir ...) NOT-FOR-US: Atlassian CVE-2020-4016 (The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril ...) NOT-FOR-US: Atlassian CVE-2020-4015 (The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Cru ...) NOT-FOR-US: Atlassian CVE-2020-4014 (The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible ...) NOT-FOR-US: Atlassian CVE-2020-4013 (The review resource in Atlassian Fisheye and Crucible before version 4 ...) NOT-FOR-US: Atlassian CVE-2020-4012 RESERVED CVE-2020-4011 RESERVED CVE-2020-4010 RESERVED CVE-2020-4009 RESERVED CVE-2020-4008 (The installer of the macOS Sensor for VMware Carbon Black Cloud prior ...) NOT-FOR-US: VMware CVE-2020-4007 RESERVED CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity Manager, and I ...) NOT-FOR-US: VMware CVE-2020-4005 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...) NOT-FOR-US: VMware CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...) NOT-FOR-US: VMware CVE-2020-4003 (VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4 ...) NOT-FOR-US: VMware CVE-2020-4002 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, ...) NOT-FOR-US: VMware CVE-2020-4001 (The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords ...) NOT-FOR-US: VMware CVE-2020-4000 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, ...) NOT-FOR-US: VMware CVE-2020-3999 (VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16. ...) NOT-FOR-US: VMware CVE-2020-3998 (VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an inf ...) NOT-FOR-US: VMware CVE-2020-3997 (VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross ...) NOT-FOR-US: VMware CVE-2020-3996 (Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t prop ...) NOT-FOR-US: Velero CVE-2020-3995 (In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2020-3994 (VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a ...) NOT-FOR-US: VMware CVE-2020-3993 (VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a sec ...) NOT-FOR-US: VMware CVE-2020-3992 (OpenSLP as used in VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6. ...) NOT-FOR-US: VMware NOTE: Might affect src:openslp-dfsg, but removed years ago CVE-2020-3991 (VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial ...) NOT-FOR-US: VMware CVE-2020-3990 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) NOT-FOR-US: VMware CVE-2020-3989 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) NOT-FOR-US: VMware CVE-2020-3988 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) NOT-FOR-US: VMware CVE-2020-3987 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) NOT-FOR-US: VMware CVE-2020-3986 (VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5 ...) NOT-FOR-US: VMware CVE-2020-3985 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4 ...) NOT-FOR-US: VMware CVE-2020-3984 (The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4 ...) NOT-FOR-US: VMware CVE-2020-3983 RESERVED CVE-2020-3982 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...) NOT-FOR-US: VMware CVE-2020-3981 (VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-20 ...) NOT-FOR-US: VMware CVE-2020-3980 (VMware Fusion (11.x) contains a privilege escalation vulnerability due ...) NOT-FOR-US: VMware CVE-2020-3979 (InstallBuilder for Qt Windows (versions prior to 20.7.0) installers lo ...) NOT-FOR-US: InstallBuilder for Qt Windows installers CVE-2020-3978 RESERVED CVE-2020-3977 (VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a bro ...) NOT-FOR-US: VMware CVE-2020-3976 (VMware ESXi and vCenter Server contain a partial denial of service vul ...) NOT-FOR-US: VMware CVE-2020-3975 (VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior ...) NOT-FOR-US: VMware CVE-2020-3974 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...) NOT-FOR-US: VMware CVE-2020-3973 (The VeloCloud Orchestrator does not apply correct input validation whi ...) NOT-FOR-US: VMware CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...) NOT-FOR-US: VMware CVE-2020-3971 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2020-3970 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3969 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3968 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3967 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3966 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3965 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3964 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3963 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3962 (VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-2 ...) NOT-FOR-US: VMware CVE-2020-3961 (VMware Horizon Client for Windows (prior to 5.4.3) contains a privileg ...) NOT-FOR-US: VMware CVE-2020-3960 (VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2020-3959 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2020-3958 (VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-20 ...) NOT-FOR-US: VMware CVE-2020-3957 (VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11. ...) NOT-FOR-US: VMware CVE-2020-3956 (VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, ...) NOT-FOR-US: VMware CVE-2020-3955 (ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ...) NOT-FOR-US: VMware CVE-2020-3954 (Open Redirect vulnerability exists in VMware vRealize Log Insight prio ...) NOT-FOR-US: VMware CVE-2020-3953 (Cross Site Scripting (XSS) vulnerability exists in VMware vRealize Log ...) NOT-FOR-US: VMware CVE-2020-3952 (Under certain conditions, vmdir that ships with VMware vCenter Server, ...) NOT-FOR-US: VMware CVE-2020-3951 (VMware Workstation (15.x before 15.5.2) and Horizon Client for Windows ...) NOT-FOR-US: VMware CVE-2020-3950 (VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11. ...) NOT-FOR-US: VMware CVE-2020-3949 RESERVED CVE-2020-3948 (Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and ...) NOT-FOR-US: VMware CVE-2020-3947 (VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2 ...) NOT-FOR-US: VMware CVE-2020-3946 (InstallBuilder AutoUpdate tool and regular installers enabling <che ...) NOT-FOR-US: InstallBuilder CVE-2020-3945 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3944 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3943 (vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6. ...) NOT-FOR-US: VMware CVE-2020-3942 RESERVED CVE-2020-3941 (The repair operation of VMware Tools for Windows 10.x.y has a race con ...) NOT-FOR-US: VMware Tools for Windows CVE-2020-3940 (VMware Workspace ONE SDK and dependent mobile application updates addr ...) NOT-FOR-US: VMware CVE-2020-3939 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3938 (SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerabil ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3937 (SQL Injection in SysJust Syuan-Gu-Da-Shih, versions before 20191223, a ...) NOT-FOR-US: SysJust Syuan-Gu-Da-Shih CVE-2020-3936 (UltraLog Express device management interface does not properly filter ...) NOT-FOR-US: UltraLog Express CVE-2020-3935 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3934 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3933 (TAIWAN SECOM CO., LTD., a Door Access Control and Personnel Attendance ...) NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may ...) NOT-FOR-US: Draytek VigorAP910C CVE-2020-3931 (Buffer overflow exists in Geovision Door Access Control device family, ...) NOT-FOR-US: Geovision Door Access Control CVE-2020-3930 (GeoVision Door Access Control device family improperly stores and cont ...) NOT-FOR-US: GeoVision Door Access Control CVE-2020-3929 (GeoVision Door Access Control device family employs shared cryptograph ...) NOT-FOR-US: GeoVision Door Access Control CVE-2020-3928 (GeoVision Door Access Control device family is hardcoded with a root p ...) NOT-FOR-US: GeoVision Door Access Control CVE-2020-3927 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3926 (An arbitrary-file-access vulnerability exists in ServiSign security pl ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3925 (A Remote Code Execution(RCE) vulnerability exists in some designated a ...) NOT-FOR-US: ServiSign security plugin CVE-2020-3924 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...) NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series CVE-2020-3923 (DVR firmware in TAT-76 and TAT-77 series of products, provided by TONN ...) NOT-FOR-US: DVR firmware in TAT-76 and TAT-77 series CVE-2020-3922 (LisoMail, by ArmorX, allows SQL Injections, attackers can access the d ...) NOT-FOR-US: LisoMail CVE-2020-3921 (UltraLog Express device management software stores user’s inform ...) NOT-FOR-US: UltraLog Express CVE-2020-3920 (UltraLog Express device management interface does not properly perform ...) NOT-FOR-US: UltraLog Express CVE-2020-3919 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3918 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2020-3917 (This issue was addressed with a new entitlement. This issue is fixed i ...) NOT-FOR-US: Apple CVE-2020-3916 (An access issue was addressed with additional sandbox restrictions. Th ...) NOT-FOR-US: Apple CVE-2020-3915 (A path handling issue was addressed with improved validation. This iss ...) NOT-FOR-US: Apple CVE-2020-3914 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3913 (A permissions issue existed. This issue was addressed with improved pe ...) NOT-FOR-US: Apple CVE-2020-3912 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3911 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple CVE-2020-3910 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple, unknown if it affects libxml2 upstream, but Apple is a black hole CVE-2020-3909 (A buffer overflow was addressed with improved bounds checking. This is ...) NOT-FOR-US: Apple, unknown if it affects libxml2 upstream, but Apple is a black hole CVE-2020-3908 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3907 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3906 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3905 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3904 (Multiple memory corruption issues were addressed with improved state m ...) NOT-FOR-US: Apple CVE-2020-3903 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3902 (An input validation issue was addressed with improved input validation ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3901 (A type confusion issue was addressed with improved memory handling. Th ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3900 (A memory corruption issue was addressed with improved memory handling. ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3899 (A memory consumption issue was addressed with improved memory handling ...) {DSA-4681-1} - webkit2gtk 2.28.2-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.2-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3898 (A memory corruption issue was addressed with improved validation. This ...) {DLA-2237-1} - cups 2.3.1-12 [buster] - cups 2.2.10-6+deb10u3 [stretch] - cups 2.2.1-8+deb9u6 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1823964 NOTE: https://src.fedoraproject.org/rpms/cups/blob/c1920d09b842bd2d0611559d00d595abd8aa2424/f/cups-ppdopen-heap-overflow.patch NOTE: https://github.com/apple/cups/commit/82e3ee0e3230287b76a76fb8f16b92ca6e50b444 (cups/ppd.c, ppdc/ppdc-source.cxx) CVE-2020-3897 (A type confusion issue was addressed with improved memory handling. Th ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3896 RESERVED CVE-2020-3895 (A memory corruption issue was addressed with improved memory handling. ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3894 (A race condition was addressed with additional validation. This issue ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3893 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3892 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3891 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3890 (The issue was addressed with improved deletion. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3889 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3888 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3887 (A logic issue was addressed with improved restrictions. This issue is ...) NOT-FOR-US: Apple CVE-2020-3886 RESERVED CVE-2020-3885 (A logic issue was addressed with improved restrictions. This issue is ...) {DSA-4681-1} - webkit2gtk 2.28.0-2 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.28.0-1 NOTE: https://webkitgtk.org/security/WSA-2020-0005.html CVE-2020-3884 (An injection issue was addressed with improved validation. This issue ...) NOT-FOR-US: Apple CVE-2020-3883 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3882 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3881 (A logic issue was addressed with improved state management. This issue ...) NOT-FOR-US: Apple CVE-2020-3880 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3879 RESERVED CVE-2020-3878 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3877 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3876 RESERVED CVE-2020-3875 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-3874 (An issued existed in the naming of screenshots. The issue was correcte ...) NOT-FOR-US: Apple CVE-2020-3873 (This issue was addressed with improved setting propagation. This issue ...) NOT-FOR-US: Apple CVE-2020-3872 (A memory initialization issue was addressed with improved memory handl ...) NOT-FOR-US: Apple CVE-2020-3871 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3870 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3869 (An issue existed in the handling of the local user's self-view. The is ...) NOT-FOR-US: Apple CVE-2020-3868 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3867 (A logic issue was addressed with improved state management. This issue ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3866 (This was addressed with additional checks by Gatekeeper on files mount ...) NOT-FOR-US: Apple CVE-2020-3865 (Multiple memory corruption issues were addressed with improved memory ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3864 (A logic issue was addressed with improved validation. This issue is fi ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3863 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3862 (A denial of service issue was addressed with improved memory handling. ...) {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) - wpewebkit 2.26.4-1 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3861 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2020-3860 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3859 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-3858 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3857 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3856 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3855 (An access issue was addressed with improved access restrictions. This ...) NOT-FOR-US: Apple CVE-2020-3854 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3853 (A type confusion issue was addressed with improved memory handling. Th ...) NOT-FOR-US: Apple CVE-2020-3852 (A logic issue was addressed with improved validation. This issue is fi ...) NOT-FOR-US: Safari CVE-2020-3851 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple CVE-2020-3850 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3849 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3848 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3847 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3846 (A buffer overflow was addressed with improved size validation. This is ...) NOT-FOR-US: Apple CVE-2020-3845 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3844 (This issue was addressed with improved checks. This issue is fixed in ...) NOT-FOR-US: Apple CVE-2020-3843 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3842 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3841 (The issue was addressed with improved UI handling. This issue is fixed ...) NOT-FOR-US: Apple CVE-2020-3840 (An off by one issue existed in the handling of racoon configuration fi ...) NOT-FOR-US: Apple CVE-2020-3839 (A validation issue was addressed with improved input sanitization. Thi ...) NOT-FOR-US: Apple CVE-2020-3838 (The issue was addressed with improved permissions logic. This issue is ...) NOT-FOR-US: Apple CVE-2020-3837 (A memory corruption issue was addressed with improved memory handling. ...) NOT-FOR-US: Apple CVE-2020-3836 (An access issue was addressed with improved memory management. This is ...) NOT-FOR-US: Apple CVE-2020-3835 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2020-3834 (A memory corruption issue was addressed with improved state management ...) NOT-FOR-US: Apple CVE-2020-3833 (An inconsistent user interface issue was addressed with improved state ...) NOT-FOR-US: Apple CVE-2020-3832 RESERVED CVE-2020-3831 (A race condition was addressed with improved locking. This issue is fi ...) NOT-FOR-US: Apple CVE-2020-3830 (A validation issue existed in the handling of symlinks. This issue was ...) NOT-FOR-US: Apple CVE-2020-3829 (An out-of-bounds read was addressed with improved bounds checking. Thi ...) NOT-FOR-US: Apple CVE-2020-3828 (A lock screen issue allowed access to contacts on a locked device. Thi ...) NOT-FOR-US: Apple CVE-2020-3827 (A memory corruption issue was addressed with improved input validation ...) NOT-FOR-US: Apple CVE-2020-3826 (An out-of-bounds read was addressed with improved input validation. Th ...) NOT-FOR-US: Apple CVE-2020-3825 (Multiple memory corruption issues were addressed with improved memory ...) NOT-FOR-US: Apple CVE-2020-3824 REJECTED CVE-2020-3823 REJECTED CVE-2020-3822 REJECTED CVE-2020-3821 REJECTED CVE-2020-3820 REJECTED CVE-2020-3819 REJECTED CVE-2020-3818 REJECTED CVE-2020-3817 REJECTED CVE-2020-3816 REJECTED CVE-2020-3815 REJECTED CVE-2020-3814 REJECTED CVE-2020-3813 REJECTED CVE-2020-3812 (qmail-verify as used in netqmail 1.06 is prone to an information discl ...) {DSA-4692-1 DLA-2234-1} - netqmail 1.06-6.2 (bug #961060) NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2020-3811 (qmail-verify as used in netqmail 1.06 is prone to a mail-address verif ...) {DSA-4692-1 DLA-2234-1} - netqmail 1.06-6.2 (bug #961060) NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT before v ...) {DSA-4685-1 DLA-2210-1} - apt 2.1.2 NOTE: https://github.com/Debian/apt/issues/111 NOTE: https://bugs.launchpad.net/bugs/1878177 NOTE: https://salsa.debian.org/apt-team/apt/-/commit/dceb1e49e4b8e4dadaf056be34088b415939cda6 CVE-2020-3809 (Adobe After Effects versions 17.0.1 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-3808 (Creative Cloud Desktop Application versions 5.0 and earlier have a tim ...) NOT-FOR-US: Adobe CVE-2020-3807 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3806 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3805 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3804 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3803 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3802 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3801 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3800 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3799 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3798 (Adobe Digital Editions versions 4.5.11.187212 and below have a file en ...) NOT-FOR-US: Adobe CVE-2020-3797 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3796 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an impro ...) NOT-FOR-US: ColdFusion CVE-2020-3795 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3794 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a file i ...) NOT-FOR-US: Adobe CVE-2020-3793 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3792 (Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3791 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3790 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3789 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3788 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3787 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3786 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3785 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3784 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3783 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3782 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3781 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3780 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3779 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3778 (Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an ...) NOT-FOR-US: Adobe CVE-2020-3777 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3776 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3775 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3774 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3773 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3772 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3771 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3770 (Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 202 ...) NOT-FOR-US: Adobe CVE-2020-3769 (Adobe Experience Manager versions 6.5 and earlier have a server-side r ...) NOT-FOR-US: Adobe CVE-2020-3768 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a dll se ...) NOT-FOR-US: ColdFusion CVE-2020-3767 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an insuf ...) NOT-FOR-US: ColdFusion CVE-2020-3766 (Adobe Genuine Integrity Service versions Version 6.4 and earlier have ...) NOT-FOR-US: Adobe CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds ...) NOT-FOR-US: Adobe CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...) NOT-FOR-US: Adobe CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3761 (ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have a remote ...) NOT-FOR-US: Adobe CVE-2020-3760 (Adobe Digital Editions versions 4.5.10 and below have a command inject ...) NOT-FOR-US: Adobe CVE-2020-3759 (Adobe Digital Editions versions 4.5.10 and below have a buffer errors ...) NOT-FOR-US: Adobe CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3757 (Adobe Flash Player versions 32.0.0.321 and earlier, 32.0.0.314 and ear ...) NOT-FOR-US: Adobe CVE-2020-3756 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3755 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3754 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3753 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3752 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3751 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3750 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3749 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3748 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3747 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3746 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3745 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3744 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3743 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3742 (Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.01 ...) NOT-FOR-US: Adobe CVE-2020-3741 (Adobe Experience Manager versions 6.5, and 6.4 have an uncontrolled re ...) NOT-FOR-US: Adobe CVE-2020-3740 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-3739 (Adobe Framemaker versions 2019.0.4 and below have a memory corruption ...) NOT-FOR-US: Adobe CVE-2020-3738 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3737 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3736 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3735 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...) NOT-FOR-US: Adobe CVE-2020-3734 (Adobe Framemaker versions 2019.0.4 and below have a buffer error vulne ...) NOT-FOR-US: Adobe CVE-2020-3733 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3732 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3731 (Adobe Framemaker versions 2019.0.4 and below have a heap overflow vuln ...) NOT-FOR-US: Adobe CVE-2020-3730 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3729 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3728 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3727 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3726 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3725 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3724 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3723 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3722 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3721 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3720 (Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds wri ...) NOT-FOR-US: Adobe CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) NOT-FOR-US: Magento CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) NOT-FOR-US: Adobe CVE-2020-3709 RESERVED CVE-2020-3708 RESERVED CVE-2020-3707 RESERVED CVE-2020-3706 RESERVED CVE-2020-3705 RESERVED CVE-2020-3704 (u'While processing invalid connection request PDU which is nonstandard ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3703 (u'Buffer over-read issue in Bluetooth peripheral firmware due to lack ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3702 (u'Specifically timed and handcrafted traffic can cause internal errors ...) {DSA-4978-1 DLA-2785-1} - linux 5.14.6-1 [buster] - linux 4.19.208-1 NOTE: https://lore.kernel.org/linux-wireless/CABvG-CVvPF++0vuGzCrBj8+s=Bcx1GwWfiW1_Somu_GVncTAcQ@mail.gmail.com/ NOTE: https://lore.kernel.org/stable/20210818084859.vcs4vs3yd6zetmyt@pali/t/#mf8b430d4f19f1b939a29b6c5098fdc514fd1a928 CVE-2020-3701 (Use after free issue while processing error notification from camx dri ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3700 (Possible out of bounds read due to a missing bounds check and could le ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3699 (Possible out of bound access while processing assoc response from host ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3698 (Out of bound write while QoS DSCP mapping due to improper input valida ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3697 RESERVED CVE-2020-3696 (u'Use after free while installing new security rule in ipcrtr as old o ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3695 RESERVED CVE-2020-3694 (u'Use out of range pointer issue can occur due to incorrect buffer ran ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3693 (u'Use out of range pointer issue can occur due to incorrect buffer ran ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3692 (u'Possible buffer overflow while updating output buffer for IMEI and G ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3691 (Possible out of bound memory access in audio due to integer underflow ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3690 (u'Due to an incorrect SMMU configuration, the modem crypto engine can ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3689 RESERVED CVE-2020-3688 (Possible buffer overflow while parsing mp4 clip with corrupted sample ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3687 (Local privilege escalation in admin services in Windows environment ca ...) NOT-FOR-US: Qualcomm CVE-2020-3686 (Possible memory out of bound issue during music playback when an incor ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3685 (Pointer variable which is freed is not cleared can result in memory co ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3684 (u'QSEE reads the access permission policy for the SMEM TOC partition f ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3683 RESERVED CVE-2020-3682 RESERVED CVE-2020-3681 (Authenticated and encrypted payload MMEs can be forged and remotely se ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3680 (A race condition can occur when using the fastrpc memory mapping API. ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3679 (u'During execution after Address Space Layout Randomization is turned ...) NOT-FOR-US: Snapdragon CVE-2020-3678 (u'A buffer overflow could occur if the API is improperly used due to U ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3677 RESERVED CVE-2020-3676 (Possible memory corruption in perfservice due to improper validation a ...) NOT-FOR-US: Snapdragon CVE-2020-3675 (u'Potential integer underflow while parsing Service Info and IPv6 link ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3674 (Information can leak into userspace due to improper transfer of data f ...) NOT-FOR-US: Snapdragon CVE-2020-3673 (u'Buffer overflow can happen as part of SIP message packet processing ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3672 RESERVED CVE-2020-3671 (Use-after-free issue could occur due to dangling pointer when generati ...) NOT-FOR-US: Snapdragon CVE-2020-3670 (u'Potential out of bounds read while processing downlink NAS transport ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3669 (u'Buffer Overflow issue in WLAN tcp ip verification due to usage of ou ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3668 (u'Buffer overflow while parsing PMF enabled MCBC frames due to frame l ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3667 (u'Buffer Overflow in mic calculation for WPA due to copying data into ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3666 (u'Out of bounds memory access during memory copy while processing Host ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3665 (A possible buffer overflow would occur while processing command from f ...) NOT-FOR-US: Snapdragon CVE-2020-3664 (Out of bound read access in hypervisor due to an invalid read access a ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3663 (Buffer over-write may occur during fetching track decoder specific inf ...) NOT-FOR-US: Snapdragon CVE-2020-3662 (Buffer overflow can occur while parsing eac3 header while playing the ...) NOT-FOR-US: Snapdragon CVE-2020-3661 (Buffer overflow will happen while parsing mp4 clip with corrupted samp ...) NOT-FOR-US: Snapdragon CVE-2020-3660 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...) NOT-FOR-US: Snapdragon CVE-2020-3659 RESERVED CVE-2020-3658 (Possible null-pointer dereference can occur while parsing mp4 clip wit ...) NOT-FOR-US: Snapdragon CVE-2020-3657 (u'Remote code execution can happen by sending a carefully crafted POST ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3656 (Out of bound access can happen in MHI command process due to lack of c ...) NOT-FOR-US: Snapdragon CVE-2020-3655 RESERVED CVE-2020-3654 (u'Buffer overflow occurs while processing SIP message packet due to la ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3653 (Possible buffer over-read in windows wlan driver function due to lack ...) NOT-FOR-US: Snapdragon CVE-2020-3652 (Possible buffer over-read issue in windows x86 wlan driver function wh ...) NOT-FOR-US: Snapdragon CVE-2020-3651 (Active command timeout since WM status change cmd is not removed from ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3650 RESERVED CVE-2020-3649 RESERVED CVE-2020-3648 (u'Possible out of bound write in DSP driver code due to lack of check ...) NOT-FOR-US: Snapdragon CVE-2020-3647 (u'Potential buffer overflow when accessing npu debugfs node "off"/"log ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3646 (u'Buffer overflow seen as the destination buffer size is lesser than t ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3645 (Firmware will hit assert in WLAN firmware If encrypted data length in ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3644 (u'Information disclosure issue occurs as in current logic Secure Touch ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3643 (u'Information disclosure issue can occur due to partial secure display ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3642 (Use after free issue in camera applications when used randomly over mu ...) NOT-FOR-US: Snapdragon CVE-2020-3641 (Integer overflow may occur if atom size is less than atom offset as th ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3640 (u'Resizing the usage table header before passing all the checks leads ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3639 (u'When a non standard SIP sigcomp message is received from the network ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3638 (u'An Unaligned address or size can propagate to the database due to im ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3637 RESERVED CVE-2020-3636 (u'Out of bound writes happen when accessing usage_table header entry b ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3635 (Stack based overflow If the maximum number of arguments allowed per re ...) NOT-FOR-US: Snapdragon CVE-2020-3634 (u'Multiple Read overflows issue due to improper length check while dec ...) NOT-FOR-US: Snapdragon CVE-2020-3633 (Array out of bound may occur while playing mp3 file as no check is the ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3632 (u'Incorrect validation of ring context fetched from host memory can le ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3631 RESERVED CVE-2020-3630 (Possibility of out of bound access while processing the responses from ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3629 (u'Stack out of bound issue occurs when making query to DSP capabilitie ...) NOT-FOR-US: Snapdragon CVE-2020-3628 (Improper access due to socket opened by the logging application withou ...) NOT-FOR-US: Snapdragon CVE-2020-3627 RESERVED CVE-2020-3626 (Any application can bind to it and exercise the APIs due to no protect ...) NOT-FOR-US: Snapdragon CVE-2020-3625 (When making query to DSP capabilities, Stack out of bounds occurs due ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3624 (u'A potential buffer overflow exists due to integer overflow when pars ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3623 (kernel failure due to load failures while running v1 path directly via ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3622 (u'Channel name string which has been read from shared memory is potent ...) NOT-FOR-US: Snapdragon CVE-2020-3621 (u'Lack of check to ensure that the TX read index & RX write index ...) NOT-FOR-US: Snapdragon CVE-2020-3620 (u'Lack of check of integer overflow while doing a round up operation f ...) NOT-FOR-US: Snapdragon CVE-2020-3619 (u'Non-secure memory is touched multiple times during TrustZone\u2019s ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3618 (NULL exception due to accessing bad pointer while posting events on RT ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3617 (u'Buffer over-read Issue in Q6 testbus framework due to diag packet le ...) NOT-FOR-US: Snapdragon CVE-2020-3616 (Buffer overflow in display function due to memory copy without checkin ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3615 (Valid deauth/disassoc frames is dropped in case if RMF is enabled and ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3614 (Possible buffer overflow while copying the frame to local buffer due t ...) NOT-FOR-US: Snapdragon CVE-2020-3613 (Double free issue in kernel memory mapping due to lack of memory prote ...) NOT-FOR-US: Snapdragon CVE-2020-3612 RESERVED CVE-2020-3611 (u'XBL SEC clears only ZI region when loading Qualcomm-signed segments ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3610 (Possibility of double free of the drawobj that is added to the drawque ...) NOT-FOR-US: Qualcomm components for Android CVE-2020-3609 RESERVED CVE-2020-3608 RESERVED CVE-2020-3607 RESERVED CVE-2020-3606 RESERVED CVE-2020-3605 RESERVED CVE-2020-3604 (Multiple vulnerabilities in Cisco Webex Network Recording Player for W ...) NOT-FOR-US: Cisco CVE-2020-3603 (Multiple vulnerabilities in Cisco Webex Network Recording Player for W ...) NOT-FOR-US: Cisco CVE-2020-3602 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco ...) NOT-FOR-US: Cisco CVE-2020-3601 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco ...) NOT-FOR-US: Cisco CVE-2020-3600 (A vulnerability in Cisco SD-WAN Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3599 (A vulnerability in the web-based management interface of Cisco Adaptiv ...) NOT-FOR-US: Cisco CVE-2020-3598 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2020-3597 (A vulnerability in the configuration restore feature of Cisco Nexus Da ...) NOT-FOR-US: Cisco CVE-2020-3596 (A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expr ...) NOT-FOR-US: Cisco CVE-2020-3595 (A vulnerability in Cisco SD-WAN Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3594 (A vulnerability in Cisco SD-WAN Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3593 (A vulnerability in Cisco SD-WAN Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3592 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3591 (A vulnerability in the web-based management interface of the Cisco SD- ...) NOT-FOR-US: Cisco CVE-2020-3590 (A vulnerability in the web-based management interface of the Cisco SD- ...) NOT-FOR-US: Cisco CVE-2020-3589 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-3588 (A vulnerability in virtualization channel messaging in Cisco Webex Mee ...) NOT-FOR-US: Cisco CVE-2020-3587 (A vulnerability in the web-based management interface of the Cisco SD- ...) NOT-FOR-US: Cisco CVE-2020-3586 (A vulnerability in the web-based management interface of Cisco DNA Spa ...) NOT-FOR-US: Cisco CVE-2020-3585 (A vulnerability in the TLS handler of Cisco Adaptive Security Applianc ...) NOT-FOR-US: Cisco CVE-2020-3584 RESERVED CVE-2020-3583 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...) NOT-FOR-US: Cisco CVE-2020-3582 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...) NOT-FOR-US: Cisco CVE-2020-3581 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...) NOT-FOR-US: Cisco CVE-2020-3580 (Multiple vulnerabilities in the web services interface of Cisco Adapti ...) NOT-FOR-US: Cisco CVE-2020-3579 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3578 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3577 (A vulnerability in the ingress packet processing path of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2020-3576 RESERVED CVE-2020-3575 RESERVED CVE-2020-3574 (A vulnerability in the TCP packet processing functionality of Cisco IP ...) NOT-FOR-US: Cisco CVE-2020-3573 (Multiple vulnerabilities in Cisco Webex Network Recording Player for W ...) NOT-FOR-US: Cisco CVE-2020-3572 (A vulnerability in the SSL/TLS session handler of Cisco Adaptive Secur ...) NOT-FOR-US: Cisco CVE-2020-3571 (A vulnerability in the ICMP ingress packet processing of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2020-3570 RESERVED CVE-2020-3569 (Multiple vulnerabilities in the Distance Vector Multicast Routing Prot ...) NOT-FOR-US: Cisco CVE-2020-3568 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3567 (A vulnerability in the management REST API of Cisco Industrial Network ...) NOT-FOR-US: Cisco CVE-2020-3566 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...) NOT-FOR-US: Cisco CVE-2020-3565 (A vulnerability in the TCP Intercept functionality of Cisco Firepower ...) NOT-FOR-US: Cisco CVE-2020-3564 (A vulnerability in the FTP inspection engine of Cisco Adaptive Securit ...) NOT-FOR-US: Cisco CVE-2020-3563 (A vulnerability in the packet processing functionality of Cisco Firepo ...) NOT-FOR-US: Cisco CVE-2020-3562 (A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat De ...) NOT-FOR-US: Cisco CVE-2020-3561 (A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive S ...) NOT-FOR-US: Cisco CVE-2020-3560 (A vulnerability in Cisco Aironet Access Points (APs) could allow an un ...) NOT-FOR-US: Cisco CVE-2020-3559 (A vulnerability in Cisco Aironet Access Point (AP) Software could allo ...) NOT-FOR-US: Cisco CVE-2020-3558 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2020-3557 (A vulnerability in the host input API daemon of Cisco Firepower Manage ...) NOT-FOR-US: Cisco CVE-2020-3556 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) NOT-FOR-US: Cisco CVE-2020-3555 (A vulnerability in the SIP inspection process of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3554 (A vulnerability in the TCP packet processing of Cisco Adaptive Securit ...) NOT-FOR-US: Cisco CVE-2020-3553 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3552 (A vulnerability in the Ethernet packet handling of Cisco Aironet Acces ...) NOT-FOR-US: Cisco CVE-2020-3551 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-3550 (A vulnerability in the sfmgr daemon of Cisco Firepower Management Cent ...) NOT-FOR-US: Cisco CVE-2020-3549 (A vulnerability in the sftunnel functionality of Cisco Firepower Manag ...) NOT-FOR-US: Cisco CVE-2020-3548 RESERVED CVE-2020-3547 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3545 (A vulnerability in Cisco FXOS Software could allow an authenticated, l ...) NOT-FOR-US: Cisco CVE-2020-3544 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3543 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...) NOT-FOR-US: Cisco CVE-2020-3542 (A vulnerability in Cisco Webex Training could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3541 (A vulnerability in the media engine component of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2020-3540 RESERVED CVE-2020-3539 RESERVED CVE-2020-3538 RESERVED CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could allow an au ...) NOT-FOR-US: Cisco CVE-2020-3536 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3535 (A vulnerability in the loading mechanism of specific DLLs in the Cisco ...) NOT-FOR-US: Cisco CVE-2020-3534 RESERVED CVE-2020-3533 (A vulnerability in the Simple Network Management Protocol (SNMP) input ...) NOT-FOR-US: Cisco CVE-2020-3532 RESERVED CVE-2020-3531 (A vulnerability in the REST API of Cisco IoT Field Network Director (F ...) NOT-FOR-US: Cisco CVE-2020-3530 (A vulnerability in task group assignment for a specific CLI command in ...) NOT-FOR-US: Cisco CVE-2020-3529 (A vulnerability in the SSL VPN negotiation process for Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2020-3528 (A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco ...) NOT-FOR-US: Cisco CVE-2020-3527 (A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Sw ...) NOT-FOR-US: Cisco CVE-2020-3526 (A vulnerability in the Common Open Policy Service (COPS) engine of Cis ...) NOT-FOR-US: Cisco CVE-2020-3525 RESERVED CVE-2020-3524 (A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for ...) NOT-FOR-US: Cisco CVE-2020-3523 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3522 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3521 (A vulnerability in a specific REST API of Cisco Data Center Network Ma ...) NOT-FOR-US: Cisco CVE-2020-3520 (A vulnerability in Cisco Data Center Network Manager (DCNM) Software c ...) NOT-FOR-US: Cisco CVE-2020-3519 (A vulnerability in a specific REST API method of Cisco Data Center Net ...) NOT-FOR-US: Cisco CVE-2020-3518 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3517 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) NOT-FOR-US: Cisco CVE-2020-3516 (A vulnerability in the web server authentication of Cisco IOS XE Softw ...) NOT-FOR-US: Cisco CVE-2020-3515 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3514 (A vulnerability in the multi-instance feature of Cisco Firepower Threa ...) NOT-FOR-US: Cisco CVE-2020-3513 (Multiple vulnerabilities in the initialization routines that are execu ...) NOT-FOR-US: Cisco CVE-2020-3512 (A vulnerability in the PROFINET handler for Link Layer Discovery Proto ...) NOT-FOR-US: Cisco CVE-2020-3511 (A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco ...) NOT-FOR-US: Cisco CVE-2020-3510 (A vulnerability in the Umbrella Connector component of Cisco IOS XE So ...) NOT-FOR-US: Cisco CVE-2020-3509 (A vulnerability in the DHCP message handler of Cisco IOS XE Software f ...) NOT-FOR-US: Cisco CVE-2020-3508 (A vulnerability in the IP Address Resolution Protocol (ARP) feature of ...) NOT-FOR-US: Cisco CVE-2020-3507 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...) NOT-FOR-US: Cisco CVE-2020-3506 (Multiple vulnerabilities in the Cisco Discovery Protocol implementatio ...) NOT-FOR-US: Cisco CVE-2020-3505 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...) NOT-FOR-US: Cisco CVE-2020-3504 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...) NOT-FOR-US: Cisco CVE-2020-3503 (A vulnerability in the file system permissions of Cisco IOS XE Softwar ...) NOT-FOR-US: Cisco CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2020-3501 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2020-3500 (A vulnerability in the IPv6 implementation of Cisco StarOS could allow ...) NOT-FOR-US: Cisco CVE-2020-3499 (A vulnerability in the licensing service of Cisco Firepower Management ...) NOT-FOR-US: Cisco CVE-2020-3498 (A vulnerability in Cisco Jabber software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3497 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2020-3496 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...) NOT-FOR-US: Cisco CVE-2020-3495 (A vulnerability in Cisco Jabber for Windows could allow an authenticat ...) NOT-FOR-US: Cisco CVE-2020-3494 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2020-3493 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2020-3492 (A vulnerability in the Flexible NetFlow Version 9 packet processor of ...) NOT-FOR-US: Cisco CVE-2020-3491 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2020-3490 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2020-3489 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2020-3488 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2020-3487 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2020-3486 (Multiple vulnerabilities in the Control and Provisioning of Wireless A ...) NOT-FOR-US: Cisco CVE-2020-3485 (A vulnerability in the role-based access control (RBAC) functionality ...) NOT-FOR-US: Cisco CVE-2020-3484 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2020-3483 (Duo has identified and fixed an issue with the Duo Network Gateway (DN ...) NOT-FOR-US: Duo CVE-2020-3482 (A vulnerability in the Traversal Using Relays around NAT (TURN) server ...) NOT-FOR-US: Cisco CVE-2020-3481 (A vulnerability in the EGG archive parsing module in Clam AntiVirus (C ...) {DLA-2314-1} - clamav 0.102.4+dfsg-1 [buster] - clamav 0.102.4+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html CVE-2020-3480 (Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco I ...) NOT-FOR-US: Cisco CVE-2020-3479 (A vulnerability in the implementation of Multiprotocol Border Gateway ...) NOT-FOR-US: Cisco CVE-2020-3478 (A vulnerability in the REST API of Cisco Enterprise NFV Infrastructure ...) NOT-FOR-US: Cisco CVE-2020-3477 (A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-3476 (A vulnerability in the CLI implementation of a specific command of Cis ...) NOT-FOR-US: Cisco CVE-2020-3475 (Multiple vulnerabilities in the web management framework of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-3474 (Multiple vulnerabilities in the web management framework of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-3473 (A vulnerability in task group assignment for a specific CLI command in ...) NOT-FOR-US: Cisco CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings could ...) NOT-FOR-US: Cisco CVE-2020-3471 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...) NOT-FOR-US: Cisco CVE-2020-3470 (Multiple vulnerabilities in the API subsystem of Cisco Integrated Mana ...) NOT-FOR-US: Cisco CVE-2020-3469 RESERVED CVE-2020-3468 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3467 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-3466 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3465 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...) NOT-FOR-US: Cisco CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) NOT-FOR-US: Cisco CVE-2020-3463 (A vulnerability in the web-based management interface of Cisco Webex M ...) NOT-FOR-US: Cisco CVE-2020-3462 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3461 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3460 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3459 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3458 (Multiple vulnerabilities in the secure boot process of Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2020-3457 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3456 (A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco ...) NOT-FOR-US: Cisco CVE-2020-3455 (A vulnerability in the secure boot process of Cisco FXOS Software coul ...) NOT-FOR-US: Cisco CVE-2020-3454 (A vulnerability in the Call Home feature of Cisco NX-OS Software could ...) NOT-FOR-US: Cisco CVE-2020-3453 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3452 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3451 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco CVE-2020-3449 (A vulnerability in the Border Gateway Protocol (BGP) additional paths ...) NOT-FOR-US: Cisco CVE-2020-3448 (A vulnerability in an access control mechanism of Cisco Cyber Vision C ...) NOT-FOR-US: Cisco CVE-2020-3447 (A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security A ...) NOT-FOR-US: Cisco CVE-2020-3446 (A vulnerability in Cisco Virtual Wide Area Application Services (vWAAS ...) NOT-FOR-US: Cisco CVE-2020-3445 RESERVED CVE-2020-3444 (A vulnerability in the packet filtering features of Cisco SD-WAN Softw ...) NOT-FOR-US: Cisco CVE-2020-3443 (A vulnerability in Cisco Smart Software Manager On-Prem (SSM On-Prem) ...) NOT-FOR-US: Cisco CVE-2020-3442 (The DuoConnect client enables users to establish SSH connections to ho ...) NOT-FOR-US: DuoConnect CVE-2020-3441 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...) NOT-FOR-US: Cisco CVE-2020-3440 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could ...) NOT-FOR-US: Cisco CVE-2020-3439 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3438 RESERVED CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3436 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3435 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) NOT-FOR-US: Cisco CVE-2020-3434 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) NOT-FOR-US: Cisco CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) NOT-FOR-US: Cisco CVE-2020-3432 RESERVED CVE-2020-3431 RESERVED CVE-2020-3430 (A vulnerability in the application protocol handling features of Cisco ...) NOT-FOR-US: Cisco CVE-2020-3429 (A vulnerability in the WPA2 and WPA3 security implementation of Cisco ...) NOT-FOR-US: Cisco CVE-2020-3428 (A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wi ...) NOT-FOR-US: Cisco CVE-2020-3427 (The Windows Logon installer prior to 4.1.2 did not properly validate f ...) NOT-FOR-US: Duo CVE-2020-3426 (A vulnerability in the implementation of the Low Power, Wide Area (LPW ...) NOT-FOR-US: Cisco CVE-2020-3425 (Multiple vulnerabilities in the web management framework of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-3424 RESERVED CVE-2020-3423 (A vulnerability in the implementation of the Lua interpreter that is i ...) NOT-FOR-US: Cisco CVE-2020-3422 (A vulnerability in the IP Service Level Agreement (SLA) responder feat ...) NOT-FOR-US: Cisco CVE-2020-3421 (Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco I ...) NOT-FOR-US: Cisco CVE-2020-3420 RESERVED CVE-2020-3419 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...) NOT-FOR-US: Cisco CVE-2020-3418 (A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco ...) NOT-FOR-US: Cisco CVE-2020-3417 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3416 (Multiple vulnerabilities in the initialization routines that are execu ...) NOT-FOR-US: Cisco CVE-2020-3415 (A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Sof ...) NOT-FOR-US: Cisco CVE-2020-3414 (A vulnerability in the packet processing of Cisco IOS XE Software for ...) NOT-FOR-US: Cisco CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of Cisco Web ...) NOT-FOR-US: Cisco CVE-2020-3412 (A vulnerability in the scheduled meeting template feature of Cisco Web ...) NOT-FOR-US: Cisco CVE-2020-3411 (A vulnerability in Cisco DNA Center software could allow an unauthenti ...) NOT-FOR-US: Cisco CVE-2020-3410 (A vulnerability in the Common Access Card (CAC) authentication feature ...) NOT-FOR-US: Cisco CVE-2020-3409 (A vulnerability in the PROFINET feature of Cisco IOS Software and Cisc ...) NOT-FOR-US: Cisco CVE-2020-3408 (A vulnerability in the Split DNS feature of Cisco IOS Software and Cis ...) NOT-FOR-US: Cisco CVE-2020-3407 (A vulnerability in the RESTCONF and NETCONF-YANG access control list ( ...) NOT-FOR-US: Cisco CVE-2020-3406 (A vulnerability in the web-based management interface of the Cisco SD- ...) NOT-FOR-US: Cisco CVE-2020-3405 (A vulnerability in the web UI of Cisco SD-WAN vManage Software could a ...) NOT-FOR-US: Cisco CVE-2020-3404 (A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cis ...) NOT-FOR-US: Cisco CVE-2020-3403 (A vulnerability in the CLI of Cisco IOS XE Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2020-3402 (A vulnerability in the Java Remote Method Invocation (RMI) interface o ...) NOT-FOR-US: Cisco CVE-2020-3401 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3400 (A vulnerability in the web UI feature of Cisco IOS XE Software could a ...) NOT-FOR-US: Cisco CVE-2020-3399 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2020-3398 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...) NOT-FOR-US: Cisco CVE-2020-3397 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...) NOT-FOR-US: Cisco CVE-2020-3396 (A vulnerability in the file system on the pluggable USB 3.0 Solid Stat ...) NOT-FOR-US: Cisco CVE-2020-3395 RESERVED CVE-2020-3394 (A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Serie ...) NOT-FOR-US: Cisco CVE-2020-3393 (A vulnerability in the application-hosting subsystem of Cisco IOS XE S ...) NOT-FOR-US: Cisco CVE-2020-3392 (A vulnerability in the API of Cisco IoT Field Network Director (FND) c ...) NOT-FOR-US: Cisco CVE-2020-3391 (A vulnerability in Cisco Digital Network Architecture (DNA) Center cou ...) NOT-FOR-US: Cisco CVE-2020-3390 (A vulnerability in Simple Network Management Protocol (SNMP) trap gene ...) NOT-FOR-US: Cisco CVE-2020-3389 (A vulnerability in the installation component of Cisco Hyperflex HX-Se ...) NOT-FOR-US: Cisco CVE-2020-3388 (A vulnerability in the CLI of Cisco SD-WAN vManage Software could allo ...) NOT-FOR-US: Cisco CVE-2020-3387 (A vulnerability in Cisco SD-WAN vManage Software could allow an authen ...) NOT-FOR-US: Cisco CVE-2020-3386 (A vulnerability in the REST API endpoint of Cisco Data Center Network ...) NOT-FOR-US: Cisco CVE-2020-3385 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...) NOT-FOR-US: Cisco CVE-2020-3384 (A vulnerability in specific REST API endpoints of Cisco Data Center Ne ...) NOT-FOR-US: Cisco CVE-2020-3383 (A vulnerability in the archive utility of Cisco Data Center Network Ma ...) NOT-FOR-US: Cisco CVE-2020-3382 (A vulnerability in the REST API of Cisco Data Center Network Manager ( ...) NOT-FOR-US: Cisco CVE-2020-3381 (A vulnerability in the web management interface of Cisco SD-WAN vManag ...) NOT-FOR-US: Cisco CVE-2020-3380 (A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) ...) NOT-FOR-US: Cisco CVE-2020-3379 (A vulnerability in Cisco SD-WAN Solution Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3378 (A vulnerability in the web-based management interface for Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3377 (A vulnerability in the Device Manager application of Cisco Data Center ...) NOT-FOR-US: Cisco CVE-2020-3376 (A vulnerability in the Device Manager application of Cisco Data Center ...) NOT-FOR-US: Cisco CVE-2020-3375 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...) NOT-FOR-US: Cisco CVE-2020-3374 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3373 (A vulnerability in the IP fragment-handling implementation of Cisco Ad ...) NOT-FOR-US: Cisco CVE-2020-3372 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco CVE-2020-3371 (A vulnerability in the web UI of Cisco Integrated Management Controlle ...) NOT-FOR-US: Cisco CVE-2020-3370 (A vulnerability in URL filtering of Cisco Content Security Management ...) NOT-FOR-US: Cisco CVE-2020-3369 (A vulnerability in the deep packet inspection (DPI) engine of Cisco SD ...) NOT-FOR-US: Cisco CVE-2020-3368 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3367 (A vulnerability in the log subscription subsystem of Cisco AsyncOS for ...) NOT-FOR-US: Cisco CVE-2020-3366 RESERVED CVE-2020-3365 (A vulnerability in the directory permissions of Cisco Enterprise NFV I ...) NOT-FOR-US: Cisco CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality of the ...) NOT-FOR-US: Cisco CVE-2020-3363 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...) NOT-FOR-US: Cisco CVE-2020-3362 (A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO ...) NOT-FOR-US: Cisco CVE-2020-3361 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...) NOT-FOR-US: Cisco CVE-2020-3360 (A vulnerability in the Web Access feature of Cisco IP Phones Series 78 ...) NOT-FOR-US: Cisco CVE-2020-3359 (A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE So ...) NOT-FOR-US: Cisco CVE-2020-3358 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisc ...) NOT-FOR-US: Cisco CVE-2020-3357 (A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco ...) NOT-FOR-US: Cisco CVE-2020-3356 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3355 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3354 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3353 (A vulnerability in the syslog processing engine of Cisco Identity Serv ...) NOT-FOR-US: Cisco CVE-2020-3352 (A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Sof ...) NOT-FOR-US: Cisco CVE-2020-3351 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...) NOT-FOR-US: Cisco CVE-2020-3350 (A vulnerability in the endpoint software of Cisco AMP for Endpoints an ...) {DLA-2314-1} - clamav 0.102.4+dfsg-1 [buster] - clamav 0.102.4+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html CVE-2020-3349 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3348 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could ...) NOT-FOR-US: Cisco CVE-2020-3346 (A vulnerability in the web UI of Cisco Unified Communications Manager ...) NOT-FOR-US: Cisco CVE-2020-3345 (A vulnerability in certain web pages of Cisco Webex Meetings and Cisco ...) NOT-FOR-US: Cisco CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...) NOT-FOR-US: Cisco CVE-2020-3343 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...) NOT-FOR-US: Cisco CVE-2020-3342 (A vulnerability in the software update feature of Cisco Webex Meetings ...) NOT-FOR-US: Cisco CVE-2020-3341 (A vulnerability in the PDF archive parsing module in Clam AntiVirus (C ...) {DLA-2215-1} - clamav 0.102.3+dfsg-1 [buster] - clamav 0.102.3+dfsg-0~deb10u1 [stretch] - clamav 0.102.3+dfsg-0~deb9u1 NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html CVE-2020-3340 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco CVE-2020-3338 (A vulnerability in the Protocol Independent Multicast (PIM) feature fo ...) NOT-FOR-US: Cisco CVE-2020-3337 (A vulnerability in the web server of Cisco Umbrella could allow an una ...) NOT-FOR-US: Cisco CVE-2020-3336 (A vulnerability in the software upgrade process of Cisco TelePresence ...) NOT-FOR-US: Cisco CVE-2020-3335 (A vulnerability in the key store of Cisco Application Services Engine ...) NOT-FOR-US: Cisco CVE-2020-3334 (A vulnerability in the ARP packet processing of Cisco Adaptive Securit ...) NOT-FOR-US: Cisco CVE-2020-3333 (A vulnerability in the API of Cisco Application Services Engine Softwa ...) NOT-FOR-US: Cisco CVE-2020-3332 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2020-3331 (A vulnerability in the web-based management interface of Cisco RV110W ...) NOT-FOR-US: Cisco CVE-2020-3330 (A vulnerability in the Telnet service of Cisco Small Business RV110W W ...) NOT-FOR-US: Cisco CVE-2020-3329 (A vulnerability in role-based access control of Cisco Integrated Manag ...) NOT-FOR-US: Cisco CVE-2020-3328 RESERVED CVE-2020-3327 (A vulnerability in the ARJ archive parsing module in Clam AntiVirus (C ...) {DLA-2314-1 DLA-2215-1} - clamav 0.102.4+dfsg-1 [buster] - clamav 0.102.4+dfsg-0+deb10u1 NOTE: https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html NOTE: https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html NOTE: Original fix from 0.102.3 was incomplete CVE-2020-3326 RESERVED CVE-2020-3325 RESERVED CVE-2020-3324 RESERVED CVE-2020-3323 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...) NOT-FOR-US: Cisco CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...) NOT-FOR-US: Cisco CVE-2020-3320 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco CVE-2020-3319 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...) NOT-FOR-US: Cisco CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...) NOT-FOR-US: Cisco CVE-2020-3317 (A vulnerability in the ssl_inspection component of Cisco Firepower Thr ...) NOT-FOR-US: Cisco CVE-2020-3316 RESERVED CVE-2020-3315 (Multiple Cisco products are affected by a vulnerability in the Snort d ...) NOT-FOR-US: Cisco CVE-2020-3314 (A vulnerability in the file scan process of Cisco AMP for Endpoints Ma ...) NOT-FOR-US: Cisco CVE-2020-3313 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...) NOT-FOR-US: Cisco CVE-2020-3312 (A vulnerability in the application policy configuration of Cisco Firep ...) NOT-FOR-US: Cisco CVE-2020-3311 (A vulnerability in the web interface of Cisco Firepower Management Cen ...) NOT-FOR-US: Cisco CVE-2020-3310 (A vulnerability in the XML parser code of Cisco Firepower Device Manag ...) NOT-FOR-US: Cisco CVE-2020-3309 (A vulnerability in Cisco Firepower Device Manager (FDM) On-Box softwar ...) NOT-FOR-US: Cisco CVE-2020-3308 (A vulnerability in the Image Signature Verification feature of Cisco F ...) NOT-FOR-US: Cisco CVE-2020-3307 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...) NOT-FOR-US: Cisco CVE-2020-3306 (A vulnerability in the DHCP module of Cisco Adaptive Security Applianc ...) NOT-FOR-US: Cisco CVE-2020-3305 (A vulnerability in the implementation of the Border Gateway Protocol ( ...) NOT-FOR-US: Cisco CVE-2020-3304 (A vulnerability in the web interface of Cisco Adaptive Security Applia ...) NOT-FOR-US: Cisco CVE-2020-3303 (A vulnerability in the Internet Key Exchange version 1 (IKEv1) feature ...) NOT-FOR-US: Cisco CVE-2020-3302 (A vulnerability in the web UI of Cisco Firepower Management Center (FM ...) NOT-FOR-US: Cisco CVE-2020-3301 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...) NOT-FOR-US: Cisco CVE-2020-3300 RESERVED CVE-2020-3299 (Multiple Cisco products are affected by a vulnerability in the Snort d ...) NOT-FOR-US: Cisco CVE-2020-3298 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...) NOT-FOR-US: Cisco CVE-2020-3297 (A vulnerability in session management for the web-based interface of C ...) NOT-FOR-US: Cisco CVE-2020-3296 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3295 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3294 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3293 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3292 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3291 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3290 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3289 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3288 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3287 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3286 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3285 (A vulnerability in the Transport Layer Security version 1.3 (TLS 1.3) ...) NOT-FOR-US: Cisco CVE-2020-3284 (A vulnerability in the enhanced Preboot eXecution Environment (PXE) bo ...) NOT-FOR-US: Cisco CVE-2020-3283 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...) NOT-FOR-US: Cisco CVE-2020-3282 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2020-3281 (A vulnerability in the audit logging component of Cisco Digital Networ ...) NOT-FOR-US: Cisco CVE-2020-3280 (A vulnerability in the Java Remote Management Interface of Cisco Unifi ...) NOT-FOR-US: Cisco CVE-2020-3279 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3278 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3277 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3276 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3275 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3274 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3273 (A vulnerability in the 802.11 Generic Advertisement Service (GAS) fram ...) NOT-FOR-US: Cisco CVE-2020-3272 (A vulnerability in the DHCP server of Cisco Prime Network Registrar co ...) NOT-FOR-US: Cisco CVE-2020-3271 RESERVED CVE-2020-3270 RESERVED CVE-2020-3269 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3268 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3267 (A vulnerability in the API subsystem of Cisco Unified Contact Center E ...) NOT-FOR-US: Cisco CVE-2020-3266 (A vulnerability in the CLI of Cisco SD-WAN Solution software could all ...) NOT-FOR-US: Cisco CVE-2020-3265 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3264 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3263 (A vulnerability in Cisco Webex Meetings Desktop App could allow an una ...) NOT-FOR-US: Cisco CVE-2020-3262 (A vulnerability in the Control and Provisioning of Wireless Access Poi ...) NOT-FOR-US: Cisco CVE-2020-3261 (A vulnerability in the web-based management interface of Cisco Mobilit ...) NOT-FOR-US: Cisco CVE-2020-3260 (A vulnerability in Cisco Aironet Series Access Points Software could a ...) NOT-FOR-US: Cisco CVE-2020-3259 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3258 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...) NOT-FOR-US: Cisco CVE-2020-3257 (Multiple vulnerabilities in the Cisco IOx application environment of C ...) NOT-FOR-US: Cisco CVE-2020-3256 (A vulnerability in the web-based management interface of Cisco Hosted ...) NOT-FOR-US: Cisco CVE-2020-3255 (A vulnerability in the packet processing functionality of Cisco Firepo ...) NOT-FOR-US: Cisco CVE-2020-3254 (Multiple vulnerabilities in the Media Gateway Control Protocol (MGCP) ...) NOT-FOR-US: Cisco CVE-2020-3253 (A vulnerability in the support tunnel feature of Cisco Firepower Threa ...) NOT-FOR-US: Cisco CVE-2020-3252 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3251 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3250 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3249 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3248 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3247 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3246 (A vulnerability in the web server of Cisco Umbrella could allow an una ...) NOT-FOR-US: Cisco CVE-2020-3245 (A vulnerability in the web application of Cisco Smart Software Manager ...) NOT-FOR-US: Cisco CVE-2020-3244 (A vulnerability in the Enhanced Charging Service (ECS) functionality o ...) NOT-FOR-US: Cisco CVE-2020-3243 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3242 (A vulnerability in the REST API of Cisco UCS Director could allow an a ...) NOT-FOR-US: Cisco CVE-2020-3241 (A vulnerability in the orchestration tasks of Cisco UCS Director could ...) NOT-FOR-US: Cisco CVE-2020-3240 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3239 (Multiple vulnerabilities in the REST API of Cisco UCS Director and Cis ...) NOT-FOR-US: Cisco CVE-2020-3238 (A vulnerability in the Cisco Application Framework component of the Ci ...) NOT-FOR-US: Cisco CVE-2020-3237 (A vulnerability in the Cisco Application Framework component of the Ci ...) NOT-FOR-US: Cisco CVE-2020-3236 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Soft ...) NOT-FOR-US: Cisco CVE-2020-3235 (A vulnerability in the Simple Network Management Protocol (SNMP) subsy ...) NOT-FOR-US: Cisco CVE-2020-3234 (A vulnerability in the virtual console authentication of Cisco IOS Sof ...) NOT-FOR-US: Cisco CVE-2020-3233 (A vulnerability in the web-based Local Manager interface of the Cisco ...) NOT-FOR-US: Cisco CVE-2020-3232 (A vulnerability in the Simple Network Management Protocol (SNMP) imple ...) NOT-FOR-US: Cisco CVE-2020-3231 (A vulnerability in the 802.1X feature of Cisco Catalyst 2960-L Series ...) NOT-FOR-US: Cisco CVE-2020-3230 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) impleme ...) NOT-FOR-US: Cisco CVE-2020-3229 (A vulnerability in Role Based Access Control (RBAC) functionality of C ...) NOT-FOR-US: Cisco CVE-2020-3228 (A vulnerability in Security Group Tag Exchange Protocol (SXP) in Cisco ...) NOT-FOR-US: Cisco CVE-2020-3227 (A vulnerability in the authorization controls for the Cisco IOx applic ...) NOT-FOR-US: Cisco CVE-2020-3226 (A vulnerability in the Session Initiation Protocol (SIP) library of Ci ...) NOT-FOR-US: Cisco CVE-2020-3225 (Multiple vulnerabilities in the implementation of the Common Industria ...) NOT-FOR-US: Cisco CVE-2020-3224 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-3223 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-3222 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-3221 (A vulnerability in the Flexible NetFlow Version 9 packet processor of ...) NOT-FOR-US: Cisco CVE-2020-3220 (A vulnerability in the hardware crypto driver of Cisco IOS XE Software ...) NOT-FOR-US: Cisco CVE-2020-3219 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2020-3218 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2020-3217 (A vulnerability in the Topology Discovery Service of Cisco One Platfor ...) NOT-FOR-US: Cisco CVE-2020-3216 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...) NOT-FOR-US: Cisco CVE-2020-3215 (A vulnerability in the Virtual Services Container of Cisco IOS XE Soft ...) NOT-FOR-US: Cisco CVE-2020-3214 (A vulnerability in Cisco IOS XE Software could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3213 (A vulnerability in the ROMMON of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2020-3212 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2020-3211 (A vulnerability in the web UI of Cisco IOS XE Software could allow an ...) NOT-FOR-US: Cisco CVE-2020-3210 (A vulnerability in the CLI parsers of Cisco IOS Software for Cisco 809 ...) NOT-FOR-US: Cisco CVE-2020-3209 (A vulnerability in software image verification in Cisco IOS XE Softwar ...) NOT-FOR-US: Cisco CVE-2020-3208 (A vulnerability in the image verification feature of Cisco IOS Softwar ...) NOT-FOR-US: Cisco CVE-2020-3207 (A vulnerability in the processing of boot options of specific Cisco IO ...) NOT-FOR-US: Cisco CVE-2020-3206 (A vulnerability in the handling of IEEE 802.11w Protected Management F ...) NOT-FOR-US: Cisco CVE-2020-3205 (A vulnerability in the implementation of the inter-VM channel of Cisco ...) NOT-FOR-US: Cisco CVE-2020-3204 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3203 (A vulnerability in the locally significant certificate (LSC) provision ...) NOT-FOR-US: Cisco CVE-2020-3202 RESERVED CVE-2020-3201 (A vulnerability in the Tool Command Language (Tcl) interpreter of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3200 (A vulnerability in the Secure Shell (SSH) server code of Cisco IOS Sof ...) NOT-FOR-US: Cisco CVE-2020-3199 (Multiple vulnerabilities in the Cisco IOx application environment of C ...) NOT-FOR-US: Cisco CVE-2020-3198 (Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 I ...) NOT-FOR-US: Cisco CVE-2020-3197 (A vulnerability in the API subsystem of Cisco Meetings App could allow ...) NOT-FOR-US: Cisco CVE-2020-3196 (A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Secu ...) NOT-FOR-US: Cisco CVE-2020-3195 (A vulnerability in the Open Shortest Path First (OSPF) implementation ...) NOT-FOR-US: Cisco CVE-2020-3194 (A vulnerability in Cisco Webex Network Recording Player for Microsoft ...) NOT-FOR-US: Cisco CVE-2020-3193 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2020-3192 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2020-3191 (A vulnerability in DNS over IPv6 packet processing for Cisco Adaptive ...) NOT-FOR-US: Cisco CVE-2020-3190 (A vulnerability in the IPsec packet processor of Cisco IOS XR Software ...) NOT-FOR-US: Cisco CVE-2020-3189 (A vulnerability in the VPN System Logging functionality for Cisco Fire ...) NOT-FOR-US: Cisco CVE-2020-3188 (A vulnerability in how Cisco Firepower Threat Defense (FTD) Software h ...) NOT-FOR-US: Cisco CVE-2020-3187 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) NOT-FOR-US: Cisco CVE-2020-3186 (A vulnerability in the management access list configuration of Cisco F ...) NOT-FOR-US: Cisco CVE-2020-3185 (A vulnerability in the web-based management interface of Cisco TelePre ...) NOT-FOR-US: Cisco CVE-2020-3184 (A vulnerability in the web-based management interface of Cisco Prime C ...) NOT-FOR-US: Cisco CVE-2020-3183 RESERVED CVE-2020-3182 (A vulnerability in the multicast DNS (mDNS) protocol configuration of ...) NOT-FOR-US: Cisco CVE-2020-3181 (A vulnerability in the malware detection functionality in Cisco Advanc ...) NOT-FOR-US: Cisco CVE-2020-3180 (A vulnerability in Cisco SD-WAN Solution Software could allow an unaut ...) NOT-FOR-US: Cisco CVE-2020-3179 (A vulnerability in the generic routing encapsulation (GRE) tunnel deca ...) NOT-FOR-US: Cisco CVE-2020-3178 (Multiple vulnerabilities in the web-based GUI of Cisco AsyncOS Softwar ...) NOT-FOR-US: Cisco CVE-2020-3177 (A vulnerability in the Tool for Auto-Registered Phones Support (TAPS) ...) NOT-FOR-US: Cisco CVE-2020-3176 (A vulnerability in Cisco Remote PHY Device Software could allow an aut ...) NOT-FOR-US: Cisco CVE-2020-3175 (A vulnerability in the resource handling system of Cisco NX-OS Softwar ...) NOT-FOR-US: Cisco CVE-2020-3174 (A vulnerability in the anycast gateway feature of Cisco NX-OS Software ...) NOT-FOR-US: Cisco CVE-2020-3173 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...) NOT-FOR-US: Cisco CVE-2020-3172 (A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS ...) NOT-FOR-US: Cisco CVE-2020-3171 (A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS ...) NOT-FOR-US: Cisco CVE-2020-3170 (A vulnerability in the NX-API feature of Cisco NX-OS Software could al ...) NOT-FOR-US: Cisco CVE-2020-3169 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3168 (A vulnerability in the Secure Login Enhancements capability of Cisco N ...) NOT-FOR-US: Cisco CVE-2020-3167 (A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manage ...) NOT-FOR-US: Cisco CVE-2020-3166 (A vulnerability in the CLI of Cisco FXOS Software could allow an authe ...) NOT-FOR-US: Cisco CVE-2020-3165 (A vulnerability in the implementation of Border Gateway Protocol (BGP) ...) NOT-FOR-US: Cisco CVE-2020-3164 (A vulnerability in the web-based management interface of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3163 (A vulnerability in the Live Data server of Cisco Unified Contact Cente ...) NOT-FOR-US: Cisco CVE-2020-3162 (A vulnerability in the Constrained Application Protocol (CoAP) impleme ...) NOT-FOR-US: Cisco CVE-2020-3161 (A vulnerability in the web server for Cisco IP Phones could allow an u ...) NOT-FOR-US: Cisco CVE-2020-3160 (A vulnerability in the Extensible Messaging and Presence Protocol (XMP ...) NOT-FOR-US: Cisco CVE-2020-3159 (A vulnerability in the web-based management interface of Cisco Finesse ...) NOT-FOR-US: Cisco CVE-2020-3158 (A vulnerability in the High Availability (HA) service of Cisco Smart S ...) NOT-FOR-US: Cisco CVE-2020-3157 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-3156 (A vulnerability in the logging component of Cisco Identity Services En ...) NOT-FOR-US: Cisco CVE-2020-3155 (A vulnerability in the SSL implementation of the Cisco Intelligent Pro ...) NOT-FOR-US: Cisco CVE-2020-3154 (A vulnerability in the web UI of Cisco Cloud Web Security (CWS) could ...) NOT-FOR-US: Cisco CVE-2020-3153 (A vulnerability in the installer component of Cisco AnyConnect Secure ...) NOT-FOR-US: Cisco CVE-2020-3152 (A vulnerability in Cisco Connected Mobile Experiences (CMX) could allo ...) NOT-FOR-US: Cisco CVE-2020-3151 (A vulnerability in the CLI of Cisco Connected Mobile Experiences (CMX) ...) NOT-FOR-US: Cisco CVE-2020-3150 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...) NOT-FOR-US: Cisco CVE-2020-3148 (A vulnerability in the web-based interface of Cisco Prime Network Regi ...) NOT-FOR-US: Cisco CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...) NOT-FOR-US: Cisco CVE-2020-3146 (Multiple vulnerabilities in the web-based management interface of the ...) NOT-FOR-US: Cisco CVE-2020-3145 (Multiple vulnerabilities in the web-based management interface of the ...) NOT-FOR-US: Cisco CVE-2020-3144 (A vulnerability in the web-based management interface of the Cisco RV1 ...) NOT-FOR-US: Cisco CVE-2020-3143 (A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence ...) NOT-FOR-US: Cisco CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...) NOT-FOR-US: Cisco CVE-2020-3141 (Multiple vulnerabilities in the web management framework of Cisco IOS ...) NOT-FOR-US: Cisco CVE-2020-3140 (A vulnerability in the web management interface of Cisco Prime License ...) NOT-FOR-US: Cisco CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...) NOT-FOR-US: Cisco CVE-2020-3138 (A vulnerability in the upgrade component of Cisco Enterprise NFV Infra ...) NOT-FOR-US: Cisco CVE-2020-3137 (A vulnerability in the web-based management interface of Cisco Email S ...) NOT-FOR-US: Cisco CVE-2020-3136 (A vulnerability in the web-based management interface of Cisco Jabber ...) NOT-FOR-US: Cisco CVE-2020-3135 (A vulnerability in the web-based management interface of Cisco Unified ...) NOT-FOR-US: Cisco CVE-2020-3134 (A vulnerability in the zip decompression engine of Cisco AsyncOS Softw ...) NOT-FOR-US: Cisco CVE-2020-3133 (A vulnerability in the email message scanning of Cisco AsyncOS Softwar ...) NOT-FOR-US: Cisco CVE-2020-3132 (A vulnerability in the email message scanning feature of Cisco AsyncOS ...) NOT-FOR-US: Cisco CVE-2020-3131 (A vulnerability in the Cisco Webex Teams client for Windows could allo ...) NOT-FOR-US: Cisco CVE-2020-3130 (A vulnerability in the web management interface of Cisco Unity Connect ...) NOT-FOR-US: Cisco CVE-2020-3129 (A vulnerability in the web-based management interface of Cisco Unity C ...) NOT-FOR-US: Cisco CVE-2020-3128 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2020-3127 (Multiple vulnerabilities in Cisco Webex Network Recording Player for M ...) NOT-FOR-US: Cisco CVE-2020-3126 (vulnerability within the Multimedia Viewer feature of Cisco Webex Meet ...) NOT-FOR-US: Cisco CVE-2020-3125 (A vulnerability in the Kerberos authentication feature of Cisco Adapti ...) NOT-FOR-US: Cisco CVE-2020-3124 (A vulnerability in the web-based interface of Cisco Hosted Collaborati ...) NOT-FOR-US: Cisco CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...) - clamav 0.102.2+dfsg-1 (bug #950944) [buster] - clamav 0.102.2+dfsg-0+deb10u1 [stretch] - clamav 0.102.2+dfsg-0~deb9u1 [jessie] - clamav (Vulnerable code introduced in 0.102.x) NOTE: https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html CVE-2020-3122 RESERVED CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco CVE-2020-3120 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3119 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3118 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) NOT-FOR-US: Cisco CVE-2020-3117 (A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Se ...) NOT-FOR-US: Cisco CVE-2020-3116 (A vulnerability in the way Cisco Webex applications process Universal ...) NOT-FOR-US: Cisco CVE-2020-3115 (A vulnerability in the CLI of the Cisco SD-WAN Solution vManage softwa ...) NOT-FOR-US: Cisco CVE-2020-3114 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3113 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3112 (A vulnerability in the REST API endpoint of Cisco Data Center Network ...) NOT-FOR-US: Cisco CVE-2020-3111 (A vulnerability in the Cisco Discovery Protocol implementation for the ...) NOT-FOR-US: Cisco CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation for the ...) NOT-FOR-US: Cisco CVE-2020-3109 RESERVED CVE-2020-3108 RESERVED CVE-2020-3107 RESERVED CVE-2020-3106 RESERVED CVE-2020-3105 RESERVED CVE-2020-3104 RESERVED CVE-2020-3103 RESERVED CVE-2020-3102 RESERVED CVE-2020-3101 RESERVED CVE-2020-3100 RESERVED CVE-2020-3099 RESERVED CVE-2020-3098 RESERVED CVE-2020-3097 RESERVED CVE-2020-3096 RESERVED CVE-2020-3095 RESERVED CVE-2020-3094 RESERVED CVE-2020-3093 RESERVED CVE-2020-3092 RESERVED CVE-2020-3091 RESERVED CVE-2020-3090 RESERVED CVE-2020-3089 RESERVED CVE-2020-3088 RESERVED CVE-2020-3087 RESERVED CVE-2020-3086 RESERVED CVE-2020-3085 RESERVED CVE-2020-3084 RESERVED CVE-2020-3083 RESERVED CVE-2020-3082 RESERVED CVE-2020-3081 RESERVED CVE-2020-3080 RESERVED CVE-2020-3079 RESERVED CVE-2020-3078 RESERVED CVE-2020-3077 RESERVED CVE-2020-3076 RESERVED CVE-2020-3075 RESERVED CVE-2020-3074 RESERVED CVE-2020-3073 RESERVED CVE-2020-3072 RESERVED CVE-2020-3071 RESERVED CVE-2020-3070 RESERVED CVE-2020-3069 RESERVED CVE-2020-3068 RESERVED CVE-2020-3067 RESERVED CVE-2020-3066 RESERVED CVE-2020-3065 RESERVED CVE-2020-3064 RESERVED CVE-2020-3063 RESERVED CVE-2020-3062 RESERVED CVE-2020-3061 RESERVED CVE-2020-3060 RESERVED CVE-2020-3059 RESERVED CVE-2020-3058 RESERVED CVE-2020-3057 RESERVED CVE-2020-3056 RESERVED CVE-2020-3055 RESERVED CVE-2020-3054 RESERVED CVE-2020-3053 RESERVED CVE-2020-3052 RESERVED CVE-2020-3051 RESERVED CVE-2020-3050 RESERVED CVE-2020-3049 RESERVED CVE-2020-3048 RESERVED CVE-2020-3047 RESERVED CVE-2020-3046 RESERVED CVE-2020-3045 RESERVED CVE-2020-3044 RESERVED CVE-2020-3043 RESERVED CVE-2020-3042 RESERVED CVE-2020-3041 RESERVED CVE-2020-3040 RESERVED CVE-2020-3039 RESERVED CVE-2020-3038 RESERVED CVE-2020-3037 RESERVED CVE-2020-3036 RESERVED CVE-2020-3035 RESERVED CVE-2020-3034 RESERVED CVE-2020-3033 RESERVED CVE-2020-3032 RESERVED CVE-2020-3031 RESERVED CVE-2020-3030 RESERVED CVE-2020-3029 RESERVED CVE-2020-3028 RESERVED CVE-2020-3027 RESERVED CVE-2020-3026 RESERVED CVE-2020-3025 RESERVED CVE-2020-3024 RESERVED CVE-2020-3023 RESERVED CVE-2020-3022 RESERVED CVE-2020-3021 RESERVED CVE-2020-3020 RESERVED CVE-2020-3019 RESERVED CVE-2020-3018 RESERVED CVE-2020-3017 RESERVED CVE-2020-3016 RESERVED CVE-2020-3015 RESERVED CVE-2020-3014 RESERVED CVE-2020-3013 RESERVED CVE-2020-3012 RESERVED CVE-2020-3011 RESERVED CVE-2020-3010 RESERVED CVE-2020-3009 RESERVED CVE-2020-3008 RESERVED CVE-2020-3007 RESERVED CVE-2020-3006 RESERVED CVE-2020-3005 RESERVED CVE-2020-3004 RESERVED CVE-2020-3003 RESERVED CVE-2020-3002 RESERVED CVE-2020-3001 RESERVED CVE-2020-3000 RESERVED CVE-2020-2999 RESERVED CVE-2020-2998 RESERVED CVE-2020-2997 RESERVED CVE-2020-2996 RESERVED CVE-2020-2995 RESERVED CVE-2020-2994 RESERVED CVE-2020-2993 RESERVED CVE-2020-2992 RESERVED CVE-2020-2991 RESERVED CVE-2020-2990 RESERVED CVE-2020-2989 RESERVED CVE-2020-2988 RESERVED CVE-2020-2987 RESERVED CVE-2020-2986 RESERVED CVE-2020-2985 RESERVED CVE-2020-2984 (Vulnerability in the Oracle Configuration Manager product of Oracle En ...) NOT-FOR-US: Oracle CVE-2020-2983 (Vulnerability in the Oracle Data Masking and Subsetting product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2982 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2981 (Vulnerability in the Data Store component of Oracle Berkeley DB. The s ...) NOT-FOR-US: Oracle CVE-2020-2980 RESERVED CVE-2020-2979 RESERVED CVE-2020-2978 (Vulnerability in the Oracle Database - Enterprise Edition component of ...) NOT-FOR-US: Oracle CVE-2020-2977 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2976 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2975 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2974 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2973 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2972 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2971 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2970 RESERVED CVE-2020-2969 (Vulnerability in the Data Pump component of Oracle Database Server. Su ...) NOT-FOR-US: Oracle CVE-2020-2968 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2020-2967 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2966 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2965 RESERVED CVE-2020-2964 (Vulnerability in the Oracle Financial Services Data Foundation product ...) NOT-FOR-US: Oracle CVE-2020-2963 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2962 RESERVED CVE-2020-2961 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2960 RESERVED CVE-2020-2959 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2958 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2957 RESERVED CVE-2020-2956 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2955 (Vulnerability in the Oracle FLEXCUBE Core Banking product of Oracle Fi ...) NOT-FOR-US: Oracle CVE-2020-2954 (Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle Peop ...) NOT-FOR-US: Oracle CVE-2020-2953 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2952 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2020-2951 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2950 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2949 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2948 RESERVED CVE-2020-2947 (Vulnerability in the PeopleSoft Enterprise HCM Absence Management prod ...) NOT-FOR-US: Oracle CVE-2020-2946 (Vulnerability in the Application Performance Management product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2945 (Vulnerability in the Oracle Financial Services Deposit Insurance Calcu ...) NOT-FOR-US: Oracle CVE-2020-2944 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle Solaris CVE-2020-2943 (Vulnerability in the Oracle Financial Services Liquidity Risk Measurem ...) NOT-FOR-US: Oracle CVE-2020-2942 (Vulnerability in the Oracle Financial Services Price Creation and Disc ...) NOT-FOR-US: Oracle CVE-2020-2941 (Vulnerability in the Oracle Financial Services Funds Transfer Pricing ...) NOT-FOR-US: Oracle CVE-2020-2940 (Vulnerability in the Oracle Financial Services Profitability Managemen ...) NOT-FOR-US: Oracle CVE-2020-2939 (Vulnerability in the Oracle Financial Services Asset Liability Managem ...) NOT-FOR-US: Oracle CVE-2020-2938 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting a ...) NOT-FOR-US: Oracle CVE-2020-2937 (Vulnerability in the Oracle Insurance Accounting Analyzer product of O ...) NOT-FOR-US: Oracle CVE-2020-2936 (Vulnerability in the Oracle Financial Services Balance Sheet Planning ...) NOT-FOR-US: Oracle CVE-2020-2935 (Vulnerability in the Oracle Financial Services Hedge Management and IF ...) NOT-FOR-US: Oracle CVE-2020-2934 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) {DSA-4703-1 DLA-2245-1} - mysql-connector-java NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2933 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) {DSA-4703-1 DLA-2245-1} - mysql-connector-java NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2932 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2931 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2930 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2929 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2928 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2927 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2926 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2925 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2924 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2923 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2922 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2921 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2920 (Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain ( ...) NOT-FOR-US: Oracle CVE-2020-2919 RESERVED CVE-2020-2918 RESERVED CVE-2020-2917 RESERVED CVE-2020-2916 RESERVED CVE-2020-2915 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2914 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2913 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2912 (Vulnerability in the PeopleSoft Enterprise CS Campus Community product ...) NOT-FOR-US: Oracle CVE-2020-2911 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2910 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2909 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2908 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2907 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2906 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...) NOT-FOR-US: Oracle CVE-2020-2905 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2904 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2903 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2902 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2901 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2900 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2899 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of O ...) NOT-FOR-US: Oracle CVE-2020-2898 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2897 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2896 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2895 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2894 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2893 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2892 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2891 (Vulnerability in the Oracle Financial Services Liquidity Risk Manageme ...) NOT-FOR-US: Oracle CVE-2020-2890 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2889 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2888 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2887 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2020-2886 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2885 (Vulnerability in the Oracle Document Management and Collaboration prod ...) NOT-FOR-US: Oracle CVE-2020-2884 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2883 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2882 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2881 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2880 (Vulnerability in the Oracle Learning Management product of Oracle E-Bu ...) NOT-FOR-US: Oracle CVE-2020-2879 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2878 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2877 (Vulnerability in the Oracle Partner Management product of Oracle E-Bus ...) NOT-FOR-US: Oracle CVE-2020-2876 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2875 (Vulnerability in the MySQL Connectors product of Oracle MySQL (compone ...) {DSA-4703-1 DLA-2245-1} - mysql-connector-java NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2874 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2873 (Vulnerability in the Oracle Customer Interaction History product of Or ...) NOT-FOR-US: Oracle CVE-2020-2872 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2871 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2870 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2869 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2868 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2867 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2866 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2865 (Vulnerability in the Oracle Configurator product of Oracle Supply Chai ...) NOT-FOR-US: Oracle CVE-2020-2864 (Vulnerability in the Oracle iSupplier Portal product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-2863 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2862 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2861 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2860 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2859 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2858 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2857 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2856 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2855 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2854 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2853 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2852 (Vulnerability in the Oracle Advanced Outbound Telephony product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2851 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle Solaris CVE-2020-2850 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2849 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2848 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2847 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2846 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2845 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2844 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2843 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2842 (Vulnerability in the Oracle Depot Repair product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2841 (Vulnerability in the Oracle Knowledge Management product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2840 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2839 (Vulnerability in the Oracle Service Intelligence product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2838 (Vulnerability in the Oracle CRM Gateway for Mobile Devices product of ...) NOT-FOR-US: Oracle CVE-2020-2837 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2836 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2835 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2834 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2833 (Vulnerability in the Oracle Quoting product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-2832 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2831 (Vulnerability in the Oracle Marketing product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2830 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2829 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2828 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2827 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2826 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2825 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2824 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2823 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) NOT-FOR-US: Oracle CVE-2020-2822 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-2821 (Vulnerability in the Oracle Trade Management product of Oracle E-Busin ...) NOT-FOR-US: Oracle CVE-2020-2820 (Vulnerability in the Oracle Common Applications Calendar product of Or ...) NOT-FOR-US: Oracle CVE-2020-2819 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2818 (Vulnerability in the Oracle Universal Work Queue product of Oracle E-B ...) NOT-FOR-US: Oracle CVE-2020-2817 (Vulnerability in the Oracle Scripting product of Oracle E-Business Sui ...) NOT-FOR-US: Oracle CVE-2020-2816 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2815 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2814 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.3 1:10.3.23-1 (bug #961849) [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.45-0+deb9u1 - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL NOTE: Fixed in MariaDB 10.3.23, 10.1.45 CVE-2020-2813 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2812 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.3 1:10.3.23-1 (bug #961849) [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.45-0+deb9u1 - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL NOTE: Fixed in MariaDB 10.3.23, 10.1.45 CVE-2020-2811 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2810 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-2809 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2808 (Vulnerability in the Oracle E-Business Intelligence product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2807 (Vulnerability in the Oracle Marketing Encyclopedia System product of O ...) NOT-FOR-US: Oracle CVE-2020-2806 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2805 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2804 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2803 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2802 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2801 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2800 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2799 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2798 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2797 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2796 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2795 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2794 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2793 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-2792 RESERVED CVE-2020-2791 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2790 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2789 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2788 RESERVED CVE-2020-2787 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2786 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2785 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2784 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2783 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2782 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2781 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2780 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2779 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2778 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2777 (Vulnerability in the Hyperion Financial Management product of Oracle H ...) NOT-FOR-US: Oracle CVE-2020-2776 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2775 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2774 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2773 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2772 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2771 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle Solaris CVE-2020-2770 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2769 (Vulnerability in the Hyperion Financial Reporting product of Oracle Hy ...) NOT-FOR-US: Oracle CVE-2020-2768 (Vulnerability in the MySQL Cluster product of Oracle MySQL (component: ...) - mysql-cluster (bug #833356) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2767 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 CVE-2020-2766 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2765 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2764 (Vulnerability in the Java SE product of Oracle Java SE (component: Adv ...) NOT-FOR-US: Java Advanced Management Console CVE-2020-2763 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2762 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2761 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2760 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mariadb-10.3 1:10.3.23-1 (bug #961849) [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL NOTE: Fixed in MariaDB 10.3.23 CVE-2020-2759 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL CVE-2020-2758 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2757 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2756 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1 DLA-2193-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 - openjdk-7 CVE-2020-2755 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 CVE-2020-2754 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4668-1 DSA-4662-1} - openjdk-14 14.0.1+7-1 - openjdk-11 11.0.7+10-1 - openjdk-8 8u252-b09-1 CVE-2020-2753 (Vulnerability in the Oracle Workflow product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2752 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mariadb-10.3 1:10.3.23-1 (bug #961849) [buster] - mariadb-10.3 1:10.3.23-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.45-0+deb9u1 - mysql-5.7 (bug #956832) NOTE: https://www.oracle.com/security-alerts/cpuapr2020.html#AppendixMSQL NOTE: Fixed in MariaDB 10.3.23, 10.1.45 CVE-2020-2751 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2750 (Vulnerability in the Oracle General Ledger product of Oracle E-Busines ...) NOT-FOR-US: Oracle CVE-2020-2749 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2748 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2747 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2020-2746 (Vulnerability in the Oracle Hospitality Reporting and Analytics compon ...) NOT-FOR-US: Oracle CVE-2020-2745 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2020-2744 (Vulnerability in the Oracle Transportation Management product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2743 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2742 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2741 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2740 (Vulnerability in the Oracle Access Manager product of Oracle Fusion Mi ...) NOT-FOR-US: Oracle CVE-2020-2739 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2738 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2737 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2736 RESERVED CVE-2020-2735 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2020-2734 (Vulnerability in the RDBMS/Optimizer component of Oracle Database Serv ...) NOT-FOR-US: Oracle CVE-2020-2733 (Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor handled instr ...) {DSA-4698-1 DSA-4667-1 DLA-2242-1 DLA-2241-1} - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c NOTE: https://git.kernel.org/linus/e71237d3ff1abf9f3388337cfebf53b96df2020d CVE-2020-2731 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2730 (Vulnerability in the Oracle Financial Services Revenue Management and ...) NOT-FOR-US: Oracle CVE-2020-2729 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2728 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2727 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2726 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2725 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2724 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2723 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2722 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2721 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2720 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) NOT-FOR-US: Oracle CVE-2020-2719 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2718 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2717 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2716 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2715 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2714 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2713 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2712 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2711 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2710 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) NOT-FOR-US: Oracle CVE-2020-2709 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...) NOT-FOR-US: Oracle CVE-2020-2708 RESERVED CVE-2020-2707 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2706 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2705 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2702 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2701 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2700 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2699 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2697 (Vulnerability in the Oracle Hospitality Suites Management component of ...) NOT-FOR-US: Oracle CVE-2020-2696 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2695 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) NOT-FOR-US: Oracle CVE-2020-2694 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2693 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2692 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2691 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2690 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2689 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2688 (Vulnerability in the Oracle Financial Services Analytical Applications ...) NOT-FOR-US: Oracle CVE-2020-2687 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2686 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2685 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2684 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2683 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2682 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2681 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2680 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2679 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2678 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2677 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2676 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2675 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) NOT-FOR-US: Oracle CVE-2020-2674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2673 (Vulnerability in the Oracle Application Testing Suite product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2672 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2671 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2670 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2669 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2668 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2667 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2666 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2665 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2664 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2663 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2662 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2661 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2660 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DLA-2128-1} - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2658 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) NOT-FOR-US: Oracle CVE-2020-2657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2656 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2655 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) {DSA-4605-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 CVE-2020-2654 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2653 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2652 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2651 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2650 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2649 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2648 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2647 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2646 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2645 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2644 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2643 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2642 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2641 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2640 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2639 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2638 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2637 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) NOT-FOR-US: Oracle CVE-2020-2636 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2635 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2634 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2633 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2632 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2631 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2630 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2629 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2628 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2627 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2626 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2625 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2624 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2622 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2621 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2620 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2619 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2618 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2617 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2616 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2615 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2614 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...) NOT-FOR-US: Oracle CVE-2020-2613 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2612 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2611 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2610 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2609 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2608 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) NOT-FOR-US: Oracle CVE-2020-2607 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2603 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2020-2602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2601 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2599 (Vulnerability in the Oracle Hospitality Cruise Materials Management pr ...) NOT-FOR-US: Oracle CVE-2020-2598 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2597 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2596 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2595 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2594 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2592 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...) NOT-FOR-US: Oracle CVE-2020-2591 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2589 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2588 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2587 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2586 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) NOT-FOR-US: Oracle CVE-2020-2585 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) - openjfx 11+26-1 [stretch] - openjfx (Minor issue) NOTE: This only affects JavaFX 8, so marking the first post 8 version as fixed CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4621-1 DSA-4605-1 DLA-2128-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 - openjdk-7 CVE-2020-2582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle CVE-2020-2581 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2580 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2579 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2578 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2576 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2575 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.6-dfsg-1 [jessie] - virtualbox (DSA-3699-1) CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) - mariadb-10.3 1:10.3.22-1 [buster] - mariadb-10.3 1:10.3.22-0+deb10u1 - mariadb-10.1 [stretch] - mariadb-10.1 10.1.44-0+deb9u1 NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL NOTE: Fixed in MariaDB: 5.5.67, 10.1.44, 10.2.31, 10.3.22, 10.4.12 CVE-2020-2573 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2572 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2571 (Vulnerability in the Oracle VM Server for SPARC product of Oracle Syst ...) NOT-FOR-US: Oracle CVE-2020-2570 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2569 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...) NOT-FOR-US: Oracle CVE-2020-2568 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...) NOT-FOR-US: Oracle CVE-2020-2567 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) NOT-FOR-US: Oracle CVE-2020-2566 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) NOT-FOR-US: Oracle CVE-2020-2565 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2564 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2563 (Vulnerability in the Hyperion Financial Close Management product of Or ...) NOT-FOR-US: Oracle CVE-2020-2562 (Vulnerability in the Primavera Portfolio Management product of Oracle ...) NOT-FOR-US: Oracle CVE-2020-2561 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...) NOT-FOR-US: Oracle CVE-2020-2560 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2559 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) NOT-FOR-US: Oracle CVE-2020-2558 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2557 (Vulnerability in the Oracle Demantra Demand Management product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2556 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) NOT-FOR-US: Oracle CVE-2020-2555 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) NOT-FOR-US: Oracle CVE-2020-2554 RESERVED CVE-2020-2553 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2551 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2550 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2549 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2548 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2547 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2546 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2545 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2020-2544 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2543 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2542 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2541 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2540 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2539 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2538 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2537 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2536 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) NOT-FOR-US: Oracle CVE-2020-2535 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2534 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-2533 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...) NOT-FOR-US: Oracle CVE-2020-2532 RESERVED CVE-2020-2531 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) NOT-FOR-US: Oracle CVE-2020-2530 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) NOT-FOR-US: Oracle CVE-2020-2529 RESERVED CVE-2020-2528 RESERVED CVE-2020-2527 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2526 RESERVED CVE-2020-2525 RESERVED CVE-2020-2524 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2523 RESERVED CVE-2020-2522 (Vulnerability in the Oracle Knowledge product of Oracle Knowledge (com ...) NOT-FOR-US: Oracle CVE-2020-2521 RESERVED CVE-2020-2520 RESERVED CVE-2020-2519 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) NOT-FOR-US: Oracle CVE-2020-2518 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) NOT-FOR-US: Oracle CVE-2020-2517 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2516 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2515 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2514 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2513 (Vulnerability in the Oracle Application Express component of Oracle Da ...) NOT-FOR-US: Oracle CVE-2020-2512 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) NOT-FOR-US: Oracle CVE-2020-2511 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2510 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) NOT-FOR-US: Oracle CVE-2020-2509 (A command injection vulnerability has been reported to affect QTS and ...) NOT-FOR-US: QNAP CVE-2020-2508 (A command injection vulnerability has been reported to affect QTS and ...) NOT-FOR-US: QNAP CVE-2020-2507 (The vulnerability have been reported to affect earlier versions of QTS ...) NOT-FOR-US: QNAP CVE-2020-2506 (The vulnerability have been reported to affect earlier versions of QTS ...) NOT-FOR-US: QNAP CVE-2020-2505 (If exploited, this vulnerability could allow attackers to gain sensiti ...) NOT-FOR-US: QNAP CVE-2020-2504 (If exploited, this absolute path traversal vulnerability could allow a ...) NOT-FOR-US: QNAP CVE-2020-2503 (If exploited, this stored cross-site scripting vulnerability could all ...) NOT-FOR-US: QNAP CVE-2020-2502 (This cross-site scripting vulnerability in Photo Station allows remote ...) NOT-FOR-US: QNAP CVE-2020-2501 (A stack-based buffer overflow vulnerability has been reported to affec ...) NOT-FOR-US: QNAP CVE-2020-2500 (This improper access control vulnerability in Helpdesk allows attacker ...) NOT-FOR-US: QNAP CVE-2020-2499 (A hard-coded password vulnerability has been reported to affect earlie ...) NOT-FOR-US: QNAP CVE-2020-2498 (If exploited, this cross-site scripting vulnerability could allow remo ...) NOT-FOR-US: QNAP CVE-2020-2497 (If exploited, this cross-site scripting vulnerability could allow remo ...) NOT-FOR-US: QNAP CVE-2020-2496 (If exploited, this cross-site scripting vulnerability could allow remo ...) NOT-FOR-US: QNAP CVE-2020-2495 (If exploited, this cross-site scripting vulnerability could allow remo ...) NOT-FOR-US: QNAP CVE-2020-2494 (This cross-site scripting vulnerability in Music Station allows remote ...) NOT-FOR-US: QNAP CVE-2020-2493 (This cross-site scripting vulnerability in Multimedia Console allows r ...) NOT-FOR-US: QNAP CVE-2020-2492 (If exploited, the command injection vulnerability could allow remote a ...) NOT-FOR-US: QNAP CVE-2020-2491 (This cross-site scripting vulnerability in Photo Station allows remote ...) NOT-FOR-US: QNAP CVE-2020-2490 (If exploited, the command injection vulnerability could allow remote a ...) NOT-FOR-US: QNAP CVE-2020-2489 RESERVED CVE-2020-2488 RESERVED CVE-2020-2487 RESERVED CVE-2020-2486 RESERVED CVE-2020-2485 RESERVED CVE-2020-2484 RESERVED CVE-2020-2483 RESERVED CVE-2020-2482 RESERVED CVE-2020-2481 RESERVED CVE-2020-2480 RESERVED CVE-2020-2479 RESERVED CVE-2020-2478 RESERVED CVE-2020-2477 RESERVED CVE-2020-2476 RESERVED CVE-2020-2475 RESERVED CVE-2020-2474 RESERVED CVE-2020-2473 RESERVED CVE-2020-2472 RESERVED CVE-2020-2471 RESERVED CVE-2020-2470 RESERVED CVE-2020-2469 RESERVED CVE-2020-2468 RESERVED CVE-2020-2467 RESERVED CVE-2020-2466 RESERVED CVE-2020-2465 RESERVED CVE-2020-2464 RESERVED CVE-2020-2463 RESERVED CVE-2020-2462 RESERVED CVE-2020-2461 RESERVED CVE-2020-2460 RESERVED CVE-2020-2459 RESERVED CVE-2020-2458 RESERVED CVE-2020-2457 RESERVED CVE-2020-2456 RESERVED CVE-2020-2455 RESERVED CVE-2020-2454 RESERVED CVE-2020-2453 RESERVED CVE-2020-2452 RESERVED CVE-2020-2451 RESERVED CVE-2020-2450 RESERVED CVE-2020-2449 RESERVED CVE-2020-2448 RESERVED CVE-2020-2447 RESERVED CVE-2020-2446 RESERVED CVE-2020-2445 RESERVED CVE-2020-2444 RESERVED CVE-2020-2443 RESERVED CVE-2020-2442 RESERVED CVE-2020-2441 RESERVED CVE-2020-2440 RESERVED CVE-2020-2439 RESERVED CVE-2020-2438 RESERVED CVE-2020-2437 RESERVED CVE-2020-2436 RESERVED CVE-2020-2435 RESERVED CVE-2020-2434 RESERVED CVE-2020-2433 RESERVED CVE-2020-2432 RESERVED CVE-2020-2431 RESERVED CVE-2020-2430 RESERVED CVE-2020-2429 RESERVED CVE-2020-2428 RESERVED CVE-2020-2427 RESERVED CVE-2020-2426 RESERVED CVE-2020-2425 RESERVED CVE-2020-2424 RESERVED CVE-2020-2423 RESERVED CVE-2020-2422 RESERVED CVE-2020-2421 RESERVED CVE-2020-2420 RESERVED CVE-2020-2419 RESERVED CVE-2020-2418 RESERVED CVE-2020-2417 RESERVED CVE-2020-2416 RESERVED CVE-2020-2415 RESERVED CVE-2020-2414 RESERVED CVE-2020-2413 RESERVED CVE-2020-2412 RESERVED CVE-2020-2411 RESERVED CVE-2020-2410 RESERVED CVE-2020-2409 RESERVED CVE-2020-2408 RESERVED CVE-2020-2407 RESERVED CVE-2020-2406 RESERVED CVE-2020-2405 RESERVED CVE-2020-2404 RESERVED CVE-2020-2403 RESERVED CVE-2020-2402 RESERVED CVE-2020-2401 RESERVED CVE-2020-2400 RESERVED CVE-2020-2399 RESERVED CVE-2020-2398 RESERVED CVE-2020-2397 RESERVED CVE-2020-2396 RESERVED CVE-2020-2395 RESERVED CVE-2020-2394 RESERVED CVE-2020-2393 RESERVED CVE-2020-2392 RESERVED CVE-2020-2391 RESERVED CVE-2020-2390 RESERVED CVE-2020-2389 RESERVED CVE-2020-2388 RESERVED CVE-2020-2387 RESERVED CVE-2020-2386 RESERVED CVE-2020-2385 RESERVED CVE-2020-2384 RESERVED CVE-2020-2383 RESERVED CVE-2020-2382 RESERVED CVE-2020-2381 RESERVED CVE-2020-2380 RESERVED CVE-2020-2379 RESERVED CVE-2020-2378 RESERVED CVE-2020-2377 RESERVED CVE-2020-2376 RESERVED CVE-2020-2375 RESERVED CVE-2020-2374 RESERVED CVE-2020-2373 RESERVED CVE-2020-2372 RESERVED CVE-2020-2371 RESERVED CVE-2020-2370 RESERVED CVE-2020-2369 RESERVED CVE-2020-2368 RESERVED CVE-2020-2367 RESERVED CVE-2020-2366 RESERVED CVE-2020-2365 RESERVED CVE-2020-2364 RESERVED CVE-2020-2363 RESERVED CVE-2020-2362 RESERVED CVE-2020-2361 RESERVED CVE-2020-2360 RESERVED CVE-2020-2359 RESERVED CVE-2020-2358 RESERVED CVE-2020-2357 RESERVED CVE-2020-2356 RESERVED CVE-2020-2355 RESERVED CVE-2020-2354 RESERVED CVE-2020-2353 RESERVED CVE-2020-2352 RESERVED CVE-2020-2351 RESERVED CVE-2020-2350 RESERVED CVE-2020-2349 RESERVED CVE-2020-2348 RESERVED CVE-2020-2347 RESERVED CVE-2020-2346 RESERVED CVE-2020-2345 RESERVED CVE-2020-2344 RESERVED CVE-2020-2343 RESERVED CVE-2020-2342 RESERVED CVE-2020-2341 RESERVED CVE-2020-2340 RESERVED CVE-2020-2339 RESERVED CVE-2020-2338 RESERVED CVE-2020-2337 RESERVED CVE-2020-2336 RESERVED CVE-2020-2335 RESERVED CVE-2020-2334 RESERVED CVE-2020-2333 RESERVED CVE-2020-2332 RESERVED CVE-2020-2331 RESERVED CVE-2020-2330 RESERVED CVE-2020-2329 RESERVED CVE-2020-2328 RESERVED CVE-2020-2327 RESERVED CVE-2020-2326 RESERVED CVE-2020-2325 RESERVED CVE-2020-2324 (Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser ...) NOT-FOR-US: Jenkins plugin CVE-2020-2323 (Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permissio ...) NOT-FOR-US: Jenkins plugin CVE-2020-2322 (Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permissio ...) NOT-FOR-US: Jenkins plugin CVE-2020-2321 (A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Pr ...) NOT-FOR-US: Jenkins plugin CVE-2020-2320 (Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not ve ...) NOT-FOR-US: Jenkins plugin CVE-2020-2319 (Jenkins VMware Lab Manager Slaves Plugin 0.2.8 and earlier stores a pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2318 (Jenkins Mail Commander Plugin for Jenkins-ci Plugin 1.0.0 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2317 (Jenkins FindBugs Plugin 5.0.0 and earlier does not escape the annotati ...) NOT-FOR-US: Jenkins plugin CVE-2020-2316 (Jenkins Static Analysis Utilities Plugin 1.96 and earlier does not esc ...) NOT-FOR-US: Jenkins plugin CVE-2020-2315 (Jenkins Visualworks Store Plugin 1.1.3 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2314 (Jenkins AppSpider Plugin 1.0.12 and earlier stores a password unencryp ...) NOT-FOR-US: Jenkins plugin CVE-2020-2313 (A missing permission check in Jenkins Azure Key Vault Plugin 2.0 and e ...) NOT-FOR-US: Jenkins plugin CVE-2020-2312 (Jenkins SQLPlus Script Runner Plugin 2.0.12 and earlier does not mask ...) NOT-FOR-US: Jenkins plugin CVE-2020-2311 (A missing permission check in Jenkins AWS Global Configuration Plugin ...) NOT-FOR-US: Jenkins plugin CVE-2020-2310 (Missing permission checks in Jenkins Ansible Plugin 1.0 and earlier al ...) NOT-FOR-US: Jenkins plugin CVE-2020-2309 (A missing/An incorrect permission check in Jenkins Kubernetes Plugin 1 ...) NOT-FOR-US: Jenkins plugin CVE-2020-2308 (A missing permission check in Jenkins Kubernetes Plugin 1.27.3 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2020-2307 (Jenkins Kubernetes Plugin 1.27.3 and earlier allows low-privilege user ...) NOT-FOR-US: Jenkins plugin CVE-2020-2306 (A missing permission check in Jenkins Mercurial Plugin 2.11 and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2020-2305 (Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML p ...) NOT-FOR-US: Jenkins plugin CVE-2020-2304 (Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XM ...) NOT-FOR-US: Jenkins plugin CVE-2020-2303 (A cross-site request forgery (CSRF) vulnerability in Jenkins Active Di ...) NOT-FOR-US: Jenkins plugin CVE-2020-2302 (A missing permission check in Jenkins Active Directory Plugin 2.19 and ...) NOT-FOR-US: Jenkins plugin CVE-2020-2301 (Jenkins Active Directory Plugin 2.19 and earlier allows attackers to l ...) NOT-FOR-US: Jenkins plugin CVE-2020-2300 (Jenkins Active Directory Plugin 2.19 and earlier does not prohibit the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2299 (Jenkins Active Directory Plugin 2.19 and earlier allows attackers to l ...) NOT-FOR-US: Jenkins plugin CVE-2020-2298 (Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML ...) NOT-FOR-US: Jenkins plugin CVE-2020-2297 (Jenkins SMS Notification Plugin 1.2 and earlier stores an access token ...) NOT-FOR-US: Jenkins plugin CVE-2020-2296 (A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Ob ...) NOT-FOR-US: Jenkins plugin CVE-2020-2295 (A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cas ...) NOT-FOR-US: Jenkins plugin CVE-2020-2294 (Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perfor ...) NOT-FOR-US: Jenkins plugin CVE-2020-2293 (Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read ...) NOT-FOR-US: Jenkins plugin CVE-2020-2292 (Jenkins Release Plugin 2.10.2 and earlier does not escape the release ...) NOT-FOR-US: Jenkins plugin CVE-2020-2291 (Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2290 (Jenkins Active Choices Plugin 2.4 and earlier does not escape some ret ...) NOT-FOR-US: Jenkins plugin CVE-2020-2289 (Jenkins Active Choices Plugin 2.4 and earlier does not escape the name ...) NOT-FOR-US: Jenkins plugin CVE-2020-2288 (In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular exp ...) NOT-FOR-US: Jenkins plugin CVE-2020-2287 (Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to ...) NOT-FOR-US: Jenkins plugin CVE-2020-2286 (Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does ...) NOT-FOR-US: Jenkins plugin CVE-2020-2285 (A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 an ...) NOT-FOR-US: Jenkins plugin CVE-2020-2284 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure i ...) NOT-FOR-US: Jenkins plugin CVE-2020-2283 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape chan ...) NOT-FOR-US: Jenkins plugin CVE-2020-2282 (Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2281 (A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable ...) NOT-FOR-US: Jenkins plugin CVE-2020-2280 (A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings ...) NOT-FOR-US: Jenkins plugin CVE-2020-2279 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 ...) NOT-FOR-US: Jenkins plugin CVE-2020-2278 (Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2277 (Jenkins Storable Configs Plugin 1.0 and earlier allows users with Job/ ...) NOT-FOR-US: Jenkins plugin CVE-2020-2276 (Jenkins Selection tasks Plugin 1.0 and earlier executes a user-specifi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2275 (Jenkins Copy data to workspace Plugin 1.0 and earlier does not limit w ...) NOT-FOR-US: Jenkins plugin CVE-2020-2274 (Jenkins ElasTest Plugin 1.2.1 and earlier stores its server password u ...) NOT-FOR-US: Jenkins plugin CVE-2020-2273 (A cross-site request forgery (CSRF) vulnerability in Jenkins ElasTest ...) NOT-FOR-US: Jenkins plugin CVE-2020-2272 (A missing permission check in Jenkins ElasTest Plugin 1.2.1 and earlie ...) NOT-FOR-US: Jenkins plugin CVE-2020-2271 (Jenkins Locked Files Report Plugin 1.6 and earlier does not escape loc ...) NOT-FOR-US: Jenkins plugin CVE-2020-2270 (Jenkins ClearCase Release Plugin 0.3 and earlier does not escape the c ...) NOT-FOR-US: Jenkins plugin CVE-2020-2269 (Jenkins chosen-views-tabbar Plugin 1.2 and earlier does not escape vie ...) NOT-FOR-US: Jenkins plugin CVE-2020-2268 (A cross-site request forgery (CSRF) vulnerability in Jenkins MongoDB P ...) NOT-FOR-US: Jenkins plugin CVE-2020-2267 (A missing permission check in Jenkins MongoDB Plugin 1.3 and earlier a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2266 (Jenkins Description Column Plugin 1.3 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2265 (Jenkins Coverage/Complexity Scatter Plot Plugin 1.1.1 and earlier does ...) NOT-FOR-US: Jenkins plugin CVE-2020-2264 (Jenkins Custom Job Icon Plugin 0.2 and earlier does not escape the job ...) NOT-FOR-US: Jenkins plugin CVE-2020-2263 (Jenkins Radiator View Plugin 1.29 and earlier does not escape the full ...) NOT-FOR-US: Jenkins plugin CVE-2020-2262 (Jenkins Android Lint Plugin 2.6 and earlier does not escape the annota ...) NOT-FOR-US: Jenkins plugin CVE-2020-2261 (Jenkins Perfecto Plugin 1.17 and earlier executes a command on the Jen ...) NOT-FOR-US: Jenkins plugin CVE-2020-2260 (A missing permission check in Jenkins Perfecto Plugin 1.17 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2259 (Jenkins computer-queue-plugin Plugin 1.5 and earlier does not escape t ...) NOT-FOR-US: Jenkins plugin CVE-2020-2258 (Jenkins Health Advisor by CloudBees Plugin 3.2.0 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2020-2257 (Jenkins Validating String Parameter Plugin 2.4 and earlier does not es ...) NOT-FOR-US: Jenkins plugin CVE-2020-2256 (Jenkins Pipeline Maven Integration Plugin 3.9.2 and earlier does not e ...) NOT-FOR-US: Jenkins plugin CVE-2020-2255 (A missing permission check in Jenkins Blue Ocean Plugin 1.23.2 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2020-2254 (Jenkins Blue Ocean Plugin 1.23.2 and earlier provides an undocumented ...) NOT-FOR-US: Jenkins plugin CVE-2020-2253 (Jenkins Email Extension Plugin 2.75 and earlier does not perform hostn ...) NOT-FOR-US: Jenkins plugin CVE-2020-2252 (Jenkins Mailer Plugin 1.32 and earlier does not perform hostname valid ...) NOT-FOR-US: Jenkins plugin CVE-2020-2251 (Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits ...) NOT-FOR-US: Jenkins plugin CVE-2020-2250 (Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores pr ...) NOT-FOR-US: Jenkins plugin CVE-2020-2249 (Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a web ...) NOT-FOR-US: Jenkins plugin CVE-2020-2248 (Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code ...) NOT-FOR-US: Jenkins plugin CVE-2020-2247 (Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configu ...) NOT-FOR-US: Jenkins plugin CVE-2020-2246 (Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Va ...) NOT-FOR-US: Jenkins plugin CVE-2020-2245 (Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2244 (Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not esca ...) NOT-FOR-US: Jenkins plugin CVE-2020-2243 (Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape buil ...) NOT-FOR-US: Jenkins plugin CVE-2020-2242 (A missing permission check in Jenkins database Plugin 1.6 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2241 (A cross-site request forgery (CSRF) vulnerability in Jenkins database ...) NOT-FOR-US: Jenkins plugin CVE-2020-2240 (A cross-site request forgery (CSRF) vulnerability in Jenkins database ...) NOT-FOR-US: Jenkins plugin CVE-2020-2239 (Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2238 (Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the re ...) NOT-FOR-US: Jenkins plugin CVE-2020-2237 (A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Tes ...) NOT-FOR-US: Jenkins plugin CVE-2020-2236 (Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not ...) NOT-FOR-US: Jenkins plugin CVE-2020-2235 (A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline ...) NOT-FOR-US: Jenkins plugin CVE-2020-2234 (A missing permission check in Jenkins Pipeline Maven Integration Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2233 (A missing permission check in Jenkins Pipeline Maven Integration Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2232 (Jenkins Email Extension Plugin 2.72 and 2.73 transmits and displays th ...) NOT-FOR-US: Jenkins plugin CVE-2020-2231 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...) - jenkins CVE-2020-2230 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...) - jenkins CVE-2020-2229 (Jenkins 2.251 and earlier, LTS 2.235.3 and earlier does not escape the ...) - jenkins CVE-2020-2228 (Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform ...) NOT-FOR-US: Jenkins plugin CVE-2020-2227 (Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2226 (Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does no ...) NOT-FOR-US: Jenkins plugin CVE-2020-2225 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2224 (Jenkins Matrix Project Plugin 1.16 and earlier does not escape the nod ...) NOT-FOR-US: Jenkins plugin CVE-2020-2223 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape cor ...) - jenkins CVE-2020-2222 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) - jenkins CVE-2020-2221 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) - jenkins CVE-2020-2220 (Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the ...) - jenkins CVE-2020-2219 (Jenkins Link Column Plugin 1.0 and earlier does not filter URLs of lin ...) NOT-FOR-US: Jenkins plugin CVE-2020-2218 (Jenkins HP ALM Quality Center Plugin 1.6 and earlier stores a password ...) NOT-FOR-US: Jenkins plugin CVE-2020-2217 (Jenkins Compatibility Action Storage Plugin 1.0 and earlier does not e ...) NOT-FOR-US: Jenkins plugin CVE-2020-2216 (A missing permission check in Jenkins Zephyr for JIRA Test Management ...) NOT-FOR-US: Jenkins plugin CVE-2020-2215 (A cross-site request forgery vulnerability in Jenkins Zephyr for JIRA ...) NOT-FOR-US: Jenkins plugin CVE-2020-2214 (Jenkins ZAP Pipeline Plugin 1.9 and earlier programmatically disables ...) NOT-FOR-US: Jenkins plugin CVE-2020-2213 (Jenkins White Source Plugin 19.1.1 and earlier stores credentials unen ...) NOT-FOR-US: Jenkins plugin CVE-2020-2212 (Jenkins GitHub Coverage Reporter Plugin 1.8 and earlier stores secrets ...) NOT-FOR-US: Jenkins plugin CVE-2020-2211 (Jenkins ElasticBox Jenkins Kubernetes CI/CD Plugin 1.3 and earlier doe ...) NOT-FOR-US: Jenkins plugin CVE-2020-2210 (Jenkins Stash Branch Parameter Plugin 0.3.0 and earlier transmits conf ...) NOT-FOR-US: Jenkins plugin CVE-2020-2209 (Jenkins TestComplete support Plugin 2.4.1 and earlier stores a passwor ...) NOT-FOR-US: Jenkins plugin CVE-2020-2208 (Jenkins Slack Upload Plugin 1.7 and earlier stores a secret unencrypte ...) NOT-FOR-US: Jenkins plugin CVE-2020-2207 (Jenkins VncViewer Plugin 1.7 and earlier does not escape a parameter v ...) NOT-FOR-US: Jenkins plugin CVE-2020-2206 (Jenkins VncRecorder Plugin 1.25 and earlier does not escape a paramete ...) NOT-FOR-US: Jenkins plugin CVE-2020-2205 (Jenkins VncRecorder Plugin 1.25 and earlier does not escape a tool pat ...) NOT-FOR-US: Jenkins plugin CVE-2020-2204 (A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2203 (A cross-site request forgery vulnerability in Jenkins Fortify on Deman ...) NOT-FOR-US: Jenkins plugin CVE-2020-2202 (A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2201 (Jenkins Sonargraph Integration Plugin 3.0.0 and earlier does not escap ...) NOT-FOR-US: Jenkins plugin CVE-2020-2200 (Jenkins Play Framework Plugin 1.0.2 and earlier lets users specify the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2199 (Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier do ...) NOT-FOR-US: Jenkins plugin CVE-2020-2198 (Jenkins Project Inheritance Plugin 19.08.02 and earlier does not redac ...) NOT-FOR-US: Jenkins plugin CVE-2020-2197 (Jenkins Project Inheritance Plugin 19.08.02 and earlier does not requi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2196 (Jenkins Selenium Plugin 3.141.59 and earlier has no CSRF protection fo ...) NOT-FOR-US: Jenkins plugin CVE-2020-2195 (Jenkins Compact Columns Plugin 1.11 and earlier displays the unprocess ...) NOT-FOR-US: Jenkins plugin CVE-2020-2194 (Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the dis ...) NOT-FOR-US: Jenkins plugin CVE-2020-2193 (Jenkins ECharts API Plugin 4.7.0-3 and earlier does not escape the par ...) NOT-FOR-US: Jenkins plugin CVE-2020-2192 (A cross-site request forgery vulnerability in Jenkins Self-Organizing ...) NOT-FOR-US: Jenkins plugin CVE-2020-2191 (Jenkins Self-Organizing Swarm Plug-in Modules Plugin 3.20 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2190 (Jenkins Script Security Plugin 1.72 and earlier does not correctly esc ...) NOT-FOR-US: Jenkins plugin CVE-2020-2189 (Jenkins SCM Filter Jervis Plugin 0.2.1 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2188 (A missing permission check in Jenkins Amazon EC2 Plugin 1.50.1 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2020-2187 (Jenkins Amazon EC2 Plugin 1.50.1 and earlier unconditionally accepts s ...) NOT-FOR-US: Jenkins plugin CVE-2020-2186 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2185 (Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH hos ...) NOT-FOR-US: Jenkins plugin CVE-2020-2184 (A cross-site request forgery vulnerability in Jenkins CVS Plugin 2.15 ...) NOT-FOR-US: Jenkins plugin CVE-2020-2183 (Jenkins Copy Artifact Plugin 1.43.1 and earlier performs improper perm ...) NOT-FOR-US: Jenkins plugin CVE-2020-2182 (Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e ...) NOT-FOR-US: Jenkins plugin CVE-2020-2181 (Jenkins Credentials Binding Plugin 1.22 and earlier does not mask (i.e ...) NOT-FOR-US: Jenkins plugin CVE-2020-2180 (Jenkins AWS SAM Plugin 1.2.2 and earlier does not configure its YAML p ...) NOT-FOR-US: Jenkins plugin CVE-2020-2179 (Jenkins Yaml Axis Plugin 0.2.0 and earlier does not configure its YAML ...) NOT-FOR-US: Jenkins plugin CVE-2020-2178 (Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2177 (Jenkins Copr Plugin 0.3 and earlier stores credentials unencrypted in ...) NOT-FOR-US: Jenkins plugin CVE-2020-2176 (Multiple form validation endpoints in Jenkins useMango Runner Plugin 1 ...) NOT-FOR-US: Jenkins plugin CVE-2020-2175 (Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape rep ...) NOT-FOR-US: Jenkins plugin CVE-2020-2174 (Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape var ...) NOT-FOR-US: Jenkins plugin CVE-2020-2173 (Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Pol ...) NOT-FOR-US: Jenkins plugin CVE-2020-2172 (Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2171 (Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML ...) NOT-FOR-US: Jenkins plugin CVE-2020-2170 (Jenkins RapidDeploy Plugin 4.2 and earlier does not escape package nam ...) NOT-FOR-US: Jenkins plugin CVE-2020-2169 (A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and ear ...) NOT-FOR-US: Jenkins plugin CVE-2020-2168 (Jenkins Azure Container Service Plugin 1.0.1 and earlier does not conf ...) NOT-FOR-US: Jenkins plugin CVE-2020-2167 (Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configur ...) NOT-FOR-US: Jenkins plugin CVE-2020-2166 (Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2165 (Jenkins Artifactory Plugin 3.6.0 and earlier transmits configured pass ...) NOT-FOR-US: Jenkins plugin CVE-2020-2164 (Jenkins Artifactory Plugin 3.5.0 and earlier stores its Artifactory se ...) NOT-FOR-US: Jenkins plugin CVE-2020-2163 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier improperly processe ...) - jenkins CVE-2020-2162 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not set Conten ...) - jenkins CVE-2020-2161 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier does not properly e ...) - jenkins CVE-2020-2160 (Jenkins 2.227 and earlier, LTS 2.204.5 and earlier uses different repr ...) - jenkins CVE-2020-2159 (Jenkins CryptoMove Plugin 0.1.33 and earlier allows attackers with Job ...) NOT-FOR-US: Jenkins CryptoMove Plugin CVE-2020-2158 (Jenkins Literate Plugin 1.0 and earlier does not configure its YAML pa ...) NOT-FOR-US: Jenkins Literate Plugin CVE-2020-2157 (Jenkins Skytap Cloud CI Plugin 2.07 and earlier transmits configured c ...) NOT-FOR-US: Jenkins Skytap Cloud CI Plugin CVE-2020-2156 (Jenkins DeployHub Plugin 8.0.14 and earlier transmits configured crede ...) NOT-FOR-US: Jenkins DeployHub Plugin CVE-2020-2155 (Jenkins OpenShift Deployer Plugin 1.2.0 and earlier transmits configur ...) NOT-FOR-US: Jenkins OpenShift Deployer Plugin CVE-2020-2154 (Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier stores ...) NOT-FOR-US: Jenkins Zephyr for JIRA Test Management Plugin CVE-2020-2153 (Jenkins Backlog Plugin 2.4 and earlier transmits configured credential ...) NOT-FOR-US: Jenkins Backlog Plugin CVE-2020-2152 (Jenkins Subversion Release Manager Plugin 1.2 and earlier does not esc ...) NOT-FOR-US: Jenkins Subversion Release Manager Plugin CVE-2020-2151 (Jenkins Quality Gates Plugin 2.5 and earlier transmits configured cred ...) NOT-FOR-US: Jenkins Quality Gates Plugin CVE-2020-2150 (Jenkins Sonar Quality Gates Plugin 1.3.1 and earlier transmits configu ...) NOT-FOR-US: Jenkins Sonar Quality Gates Plugin CVE-2020-2149 (Jenkins Repository Connector Plugin 1.2.6 and earlier transmits config ...) NOT-FOR-US: Jenkins Repository Connector Plugin CVE-2020-2148 (A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier all ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2147 (A cross-site request forgery vulnerability in Jenkins Mac Plugin 1.1.0 ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2146 (Jenkins Mac Plugin 1.1.0 and earlier does not validate SSH host keys w ...) NOT-FOR-US: Jenkins Mac Plugin CVE-2020-2145 (Jenkins Zephyr Enterprise Test Management Plugin 1.9.1 and earlier sto ...) NOT-FOR-US: Jenkins Zephyr Enterprise Test Management Plugin CVE-2020-2144 (Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML pa ...) NOT-FOR-US: Jenkins Rundeck Plugin CVE-2020-2143 (Jenkins Logstash Plugin 2.3.1 and earlier transmits configured credent ...) NOT-FOR-US: Jenkins Logstash Plugin CVE-2020-2142 (A missing permission check in Jenkins P4 Plugin 1.10.10 and earlier al ...) NOT-FOR-US: Jenkins P4 Plugin CVE-2020-2141 (A cross-site request forgery vulnerability in Jenkins P4 Plugin 1.10.1 ...) NOT-FOR-US: Jenkins P4 Plugin CVE-2020-2140 (Jenkins Audit Trail Plugin 3.2 and earlier does not escape the error m ...) NOT-FOR-US: Jenkins Audit Trail Plugin CVE-2020-2139 (An arbitrary file write vulnerability in Jenkins Cobertura Plugin 1.15 ...) NOT-FOR-US: Jenkins Cobertura Plugin CVE-2020-2138 (Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML p ...) NOT-FOR-US: Jenkins Cobertura Plugin CVE-2020-2137 (Jenkins Timestamper Plugin 1.11.1 and earlier does not sanitize HTML f ...) NOT-FOR-US: Jenkins Timestamper Plugin CVE-2020-2136 (Jenkins Git Plugin 4.2.0 and earlier does not escape the error message ...) NOT-FOR-US: Jenkins Git Plugin CVE-2020-2135 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2020-2134 (Sandbox protection in Jenkins Script Security Plugin 1.70 and earlier ...) NOT-FOR-US: Jenkins Script Security Plugin CVE-2020-2133 (Jenkins Applatix Plugin 1.1 and earlier stores a password unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2020-2132 (Jenkins Parasoft Environment Manager Plugin 2.14 and earlier stores a ...) NOT-FOR-US: Jenkins plugin CVE-2020-2131 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores passwords unencryp ...) NOT-FOR-US: Jenkins plugin CVE-2020-2130 (Jenkins Harvest SCM Plugin 0.5.1 and earlier stores a password unencry ...) NOT-FOR-US: Jenkins plugin CVE-2020-2129 (Jenkins Eagle Tester Plugin 1.0.9 and earlier stores a password unencr ...) NOT-FOR-US: Jenkins plugin CVE-2020-2128 (Jenkins ECX Copy Data Management Plugin 1.9 and earlier stores a passw ...) NOT-FOR-US: Jenkins plugin CVE-2020-2127 (Jenkins BMC Release Package and Deployment Plugin 1.1 and earlier stor ...) NOT-FOR-US: Jenkins plugin CVE-2020-2126 (Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted ...) NOT-FOR-US: Jenkins plugin CVE-2020-2125 (Jenkins Debian Package Builder Plugin 1.6.11 and earlier stores a GPG ...) NOT-FOR-US: Jenkins plugin CVE-2020-2124 (Jenkins Dynamic Extended Choice Parameter Plugin 1.0.1 and earlier sto ...) NOT-FOR-US: Jenkins plugin CVE-2020-2123 (Jenkins RadarGun Plugin 1.7 and earlier does not configure its YAML pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2122 (Jenkins Brakeman Plugin 0.12 and earlier did not escape values receive ...) NOT-FOR-US: Jenkins plugin CVE-2020-2121 (Jenkins Google Kubernetes Engine Plugin 0.8.0 and earlier does not con ...) NOT-FOR-US: Jenkins plugin CVE-2020-2120 (Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2119 (Jenkins Azure AD Plugin 1.1.2 and earlier transmits configured credent ...) NOT-FOR-US: Jenkins plugin CVE-2020-2118 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2117 (A missing permission check in Jenkins Pipeline GitHub Notify Step Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2116 (A cross-site request forgery vulnerability in Jenkins Pipeline GitHub ...) NOT-FOR-US: Jenkins plugin CVE-2020-2115 (Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parse ...) NOT-FOR-US: Jenkins plugin CVE-2020-2114 (Jenkins S3 publisher Plugin 0.11.4 and earlier transmits configured cr ...) NOT-FOR-US: Jenkins plugin CVE-2020-2113 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the de ...) NOT-FOR-US: Jenkins plugin CVE-2020-2112 (Jenkins Git Parameter Plugin 0.9.11 and earlier does not escape the pa ...) NOT-FOR-US: Jenkins plugin CVE-2020-2111 (Jenkins Subversion Plugin 2.13.0 and earlier does not escape the error ...) NOT-FOR-US: Jenkins plugin CVE-2020-2110 (Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2109 (Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier ...) NOT-FOR-US: Jenkins plugin CVE-2020-2108 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwor ...) NOT-FOR-US: Jenkins plugin CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earli ...) - jenkins CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with ...) - jenkins CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session ide ...) - jenkins CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant ...) - jenkins CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a const ...) - jenkins CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a ...) - jenkins CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses e ...) - jenkins CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...) NOT-FOR-US: Jenkins plugin CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform permission chec ...) NOT-FOR-US: Jenkins plugin CVE-2020-2096 (Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project n ...) NOT-FOR-US: Jenkins plugin CVE-2020-2095 (Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored ...) NOT-FOR-US: Jenkins plugin CVE-2020-2094 (A missing permission check in Jenkins Health Advisor by CloudBees Plug ...) NOT-FOR-US: Jenkins plugin CVE-2020-2093 (A cross-site request forgery vulnerability in Jenkins Health Advisor b ...) NOT-FOR-US: Jenkins plugin CVE-2020-2092 (Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure it ...) NOT-FOR-US: Jenkins plugin CVE-2020-2091 (A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earli ...) NOT-FOR-US: Jenkins plugin CVE-2020-2090 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2089 REJECTED CVE-2020-2088 REJECTED CVE-2020-2087 REJECTED CVE-2020-2086 REJECTED CVE-2020-2085 REJECTED CVE-2020-2084 REJECTED CVE-2020-2083 REJECTED CVE-2020-2082 REJECTED CVE-2020-2081 REJECTED CVE-2020-2080 REJECTED CVE-2020-2079 REJECTED CVE-2020-2078 (Passwords are stored in plain text within the configuration of SICK Pa ...) NOT-FOR-US: SICK CVE-2020-2077 (SICK Package Analytics software up to and including version V04.0.0 ar ...) NOT-FOR-US: SICK CVE-2020-2076 (SICK Package Analytics software up to and including version V04.0.0 ar ...) NOT-FOR-US: SICK CVE-2020-2075 (Platform mechanism AutoIP allows remote attackers to reboot the device ...) NOT-FOR-US: SICK CVE-2020-2074 RESERVED CVE-2020-2073 RESERVED CVE-2020-2072 RESERVED CVE-2020-2071 RESERVED CVE-2020-2070 RESERVED CVE-2020-2069 RESERVED CVE-2020-2068 RESERVED CVE-2020-2067 RESERVED CVE-2020-2066 RESERVED CVE-2020-2065 RESERVED CVE-2020-2064 RESERVED CVE-2020-2063 RESERVED CVE-2020-2062 RESERVED CVE-2020-2061 RESERVED CVE-2020-2060 RESERVED CVE-2020-2059 RESERVED CVE-2020-2058 RESERVED CVE-2020-2057 RESERVED CVE-2020-2056 RESERVED CVE-2020-2055 RESERVED CVE-2020-2054 RESERVED CVE-2020-2053 RESERVED CVE-2020-2052 RESERVED CVE-2020-2051 RESERVED CVE-2020-2050 (An authentication bypass vulnerability exists in the GlobalProtect SSL ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2049 (A local privilege escalation vulnerability exists in Palo Alto Network ...) NOT-FOR-US: Palo Alto Networks Cortex XDR Agent CVE-2020-2048 (An information exposure through log file vulnerability exists where th ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2047 RESERVED CVE-2020-2046 RESERVED CVE-2020-2045 RESERVED CVE-2020-2044 (An information exposure through log file vulnerability where an admini ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2043 (An information exposure through log file vulnerability where sensitive ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2042 (A buffer overflow vulnerability in the PAN-OS management web interface ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2041 (An insecure configuration of the appweb daemon of Palo Alto Networks P ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2040 (A buffer overflow vulnerability in PAN-OS allows an unauthenticated at ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2039 (An uncontrolled resource consumption vulnerability in Palo Alto Networ ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2038 (An OS Command Injection vulnerability in the PAN-OS management interfa ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2037 (An OS Command Injection vulnerability in the PAN-OS management interfa ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2036 (A reflected cross-site scripting (XSS) vulnerability exists in the PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-2035 (When SSL/TLS Forward Proxy Decryption mode has been configured to decr ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2034 (An OS Command Injection vulnerability in the PAN-OS GlobalProtect port ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2033 (When the pre-logon feature is enabled, a missing certification validat ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2032 (A race condition vulnerability Palo Alto Networks GlobalProtect app on ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2031 (An integer underflow vulnerability in the dnsproxyd component of the P ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2030 (An OS Command Injection vulnerability in the PAN-OS management interfa ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2029 (An OS Command Injection vulnerability in the PAN-OS web management int ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2028 (An OS Command Injection vulnerability in PAN-OS management server allo ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2027 (A buffer overflow vulnerability in the authd component of the PAN-OS m ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2026 (A malicious guest compromised before a container creation (e.g. a mali ...) NOT-FOR-US: Kata Containers CVE-2020-2025 (Kata Containers before 1.11.0 on Cloud Hypervisor persists guest files ...) NOT-FOR-US: Kata Containers CVE-2020-2024 (An improper link resolution vulnerability affects Kata Containers vers ...) NOT-FOR-US: Kata Containers CVE-2020-2023 (Kata Containers doesn't restrict containers from accessing the guest's ...) NOT-FOR-US: Kata Containers CVE-2020-2022 (An information exposure vulnerability exists in Palo Alto Networks Pan ...) NOT-FOR-US: Palo Alto Networks Panorama CVE-2020-2021 (When Security Assertion Markup Language (SAML) authentication is enabl ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2020 (An improper handling of exceptional conditions vulnerability in Cortex ...) NOT-FOR-US: Palo Alto Networks Cortex XDR Agent CVE-2020-2019 RESERVED CVE-2020-2018 (An authentication bypass vulnerability in the Panorama context switchi ...) NOT-FOR-US: PAN-OS CVE-2020-2017 (A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Pa ...) NOT-FOR-US: PAN-OS CVE-2020-2016 (A race condition due to insecure creation of a file in a temporary dir ...) NOT-FOR-US: PAN-OS CVE-2020-2015 (A buffer overflow vulnerability in the PAN-OS management server allows ...) NOT-FOR-US: PAN-OS CVE-2020-2014 (An OS Command Injection vulnerability in PAN-OS management server allo ...) NOT-FOR-US: PAN-OS CVE-2020-2013 (A cleartext transmission of sensitive information vulnerability in Pal ...) NOT-FOR-US: PAN-OS CVE-2020-2012 (Improper restriction of XML external entity reference ('XXE') vulnerab ...) NOT-FOR-US: PAN-OS CVE-2020-2011 (An improper input validation vulnerability in the configuration daemon ...) NOT-FOR-US: PAN-OS CVE-2020-2010 (An OS command injection vulnerability in PAN-OS management interface a ...) NOT-FOR-US: PAN-OS CVE-2020-2009 (An external control of filename vulnerability in the SD WAN component ...) NOT-FOR-US: PAN-OS CVE-2020-2008 (An OS command injection and external control of filename vulnerability ...) NOT-FOR-US: PAN-OS CVE-2020-2007 (An OS command injection vulnerability in the management server compone ...) NOT-FOR-US: PAN-OS CVE-2020-2006 (A stack-based buffer overflow vulnerability in the management server c ...) NOT-FOR-US: PAN-OS CVE-2020-2005 (A cross-site scripting (XSS) vulnerability exists when visiting malici ...) NOT-FOR-US: PAN-OS CVE-2020-2004 (Under certain circumstances a user's password may be logged in clearte ...) NOT-FOR-US: PAN-OS CVE-2020-2003 (An external control of filename vulnerability in the command processin ...) NOT-FOR-US: PAN-OS CVE-2020-2002 (An authentication bypass by spoofing vulnerability exists in the authe ...) NOT-FOR-US: PAN-OS CVE-2020-2001 (An external control of path and data vulnerability in the Palo Alto Ne ...) NOT-FOR-US: PAN-OS CVE-2020-2000 (An OS command injection and memory corruption vulnerability in the PAN ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-1999 (A vulnerability exists in the Palo Alto Network PAN-OS signature-based ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-1998 (An improper authorization vulnerability in PAN-OS that mistakenly uses ...) NOT-FOR-US: PAN-OS CVE-2020-1997 (An open redirection vulnerability in the GlobalProtect component of Pa ...) NOT-FOR-US: PAN-OS CVE-2020-1996 (A missing authorization vulnerability in the management server compone ...) NOT-FOR-US: PAN-OS CVE-2020-1995 (A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS ...) NOT-FOR-US: PAN-OS CVE-2020-1994 (A predictable temporary file vulnerability in PAN-OS allows a local au ...) NOT-FOR-US: PAN-OS CVE-2020-1993 (The GlobalProtect Portal feature in PAN-OS does not set a new session ...) NOT-FOR-US: PAN-OS CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1990 (A stack-based buffer overflow vulnerability in the management server c ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1989 (An incorrect privilege assignment vulnerability when writing applicati ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1988 (An unquoted search path vulnerability in the Windows release of Global ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1987 (An information exposure vulnerability in the logging component of Palo ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1986 (Improper input validation vulnerability in Secdo allows an authenticat ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1985 (Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in S ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1984 (Secdo tries to execute a script at a hardcoded path if present, which ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of libslirp ...) {DSA-4665-1 DLA-2288-1 DLA-2262-1} - qemu 1:4.1-2 - qemu-kvm - libslirp 4.2.0-2 - slirp4netns 1.0.1-1 [buster] - slirp4netns (Minor issue) NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9bd6c5913271eabcb7768a58197ed3301fe19f2d NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. NOTE: https://github.com/rootless-containers/slirp4netns/security/advisories/GHSA-p3hx-89v2-4r99 CVE-2020-1982 (Certain communication between PAN-OS and cloud-delivered services inad ...) NOT-FOR-US: PAN-OS CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local ...) NOT-FOR-US: PAN-OS CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...) NOT-FOR-US: PAN-OS CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...) NOT-FOR-US: PAN-OS CVE-2020-1978 (TechSupport files generated on Palo Alto Networks VM Series firewalls ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...) NOT-FOR-US: Palo Alto CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...) NOT-FOR-US: Palo Alto Networks GlobalProtect software CVE-2020-1975 (Missing XML validation vulnerability in the PAN-OS web interface on Pa ...) NOT-FOR-US: Palo Alto Networks PAN-OS CVE-2020-1974 REJECTED CVE-2020-1973 REJECTED CVE-2020-1972 REJECTED CVE-2020-1971 (The X.509 GeneralName type is a generic type for representing differen ...) {DSA-4807-1 DLA-2493-1 DLA-2492-1} - openssl 1.1.1i-1 - openssl1.0 NOTE: https://www.openssl.org/news/secadv/20201208.txt NOTE: Prerequisite: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=aa0ad2011d3e7ad8a611da274ef7d9c7706e289b (OpenSSL_1_1_1-stable) NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=f960d81215ebf3f65e03d4d5d857fb9b666d6920 (OpenSSL_1_1_1-stable) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ecc76f6746cefd502c7e9000bdfa4e5d7911386 (OpenSSL_1_1_1-stable) NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=41d62636fd996c031c0c7cef746476278583dc9e (OpenSSL_1_1_1-stable) NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=94ece6af0c89d596f9c5221b7df7d6582168c8ba (OpenSSL_1_1_1-stable) NOTE: Test: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=433974af7b188d55b1da049b84f3fdeca320cb6a (OpenSSL_1_1_1-stable) CVE-2020-1970 REJECTED CVE-2020-1969 REJECTED CVE-2020-1968 (The Raccoon attack exploits a flaw in the TLS specification which can ...) {DLA-2378-1} - openssl 1.1.0c-1 - openssl1.0 NOTE: https://www.openssl.org/news/secadv/20200909.txt NOTE: https://raccoon-attack.com/ NOTE: Fixed DH ciphersuites removed upstream in 1.1.0~pre2: NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc71f91064a3eec10310fa4cc14fe2a3fd9bc7bb (OpenSSL_1_1_0-pre2) CVE-2020-1967 (Server or client applications that call the SSL_check_chain() function ...) {DSA-4661-1} - openssl 1.1.1g-1 [stretch] - openssl (Only affects 1.1.1d to 1.1.1f) [jessie] - openssl (Only affects 1.1.1d to 1.1.1f) - openssl1.0 (Only affects 1.1.1d to 1.1.1f) NOTE: https://www.openssl.org/news/secadv/20200421.txt CVE-2020-1966 REJECTED CVE-2020-1965 RESERVED CVE-2020-1964 (It was noticed that Apache Heron 0.20.2-incubating, Release 0.20.1-inc ...) NOT-FOR-US: Apache Heron CVE-2020-1963 (Apache Ignite uses H2 database to build SQL distributed execution engi ...) NOT-FOR-US: Apache Ignite CVE-2020-1962 REJECTED CVE-2020-1961 (Vulnerability to Server-Side Template Injection on Mail templates for ...) NOT-FOR-US: Apache Syncope CVE-2020-1960 (A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 ...) NOT-FOR-US: Apache Flink CVE-2020-1959 (A Server-Side Template Injection was identified in Apache Syncope prio ...) NOT-FOR-US: Apache Syncope CVE-2020-1958 (When LDAP authentication is enabled in Apache Druid 0.17.0, callers of ...) - druid (bug #825797) CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...) {DLA-2273-1 DLA-2181-1} - shiro 1.3.2-5 (bug #955018) [bullseye] - shiro 1.3.2-4+deb11u1 [buster] - shiro 1.3.2-4+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2 NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139 NOTE: https://github.com/apache/shiro/pull/203#issuecomment-606270322 NOTE: Fix for CVE-2020-1957 introduces a (security sensitive) encoding issue NOTE: resulting in a followup release 1.5.3. CVE-2020-1956 (Apache Kylin 2.3.0, and releases up to 2.6.5 and 3.0.1 has some restfu ...) NOT-FOR-US: Apache Kylin CVE-2020-1955 (CouchDB version 3.0.0 shipped with a new configuration setting that go ...) - couchdb CVE-2020-1954 (Apache CXF has the ability to integrate with JMX by registering an Ins ...) NOT-FOR-US: Apache CXF CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML ...) - commons-configuration2 2.7-1 (bug #954713) [buster] - commons-configuration2 2.2-1+deb10u1 NOTE: https://www.openwall.com/lists/oss-security/2020/03/13/1 CVE-2020-1952 (An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2. W ...) NOT-FOR-US: Apache IoTDB CVE-2020-1951 (A carefully crafted or corrupt PSD file can cause an infinite loop in ...) {DLA-2161-1} - tika 1.22-2 (bug #954302) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/4 NOTE: https://github.com/apache/tika/commit/ab8a9ed830ec710a32e4ffdf4989aea3aaea92ef CVE-2020-1950 (A carefully crafted or corrupt PSD file can cause excessive memory usa ...) {DLA-2161-1} - tika 1.22-2 (bug #954303) [buster] - tika (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/03/18/3 NOTE: https://github.com/apache/tika/commit/ab8a9ed830ec710a32e4ffdf4989aea3aaea92ef CVE-2020-1949 (Scripts in Sling CMS before 0.16.0 do not property escape the Sling Se ...) NOT-FOR-US: Apache Sling CVE-2020-1948 (This vulnerability can affect all Dubbo users stay on version 2.7.6 or ...) NOT-FOR-US: Apache Dubbo CVE-2020-1947 (In Apache ShardingSphere(incubator) 4.0.0-RC3 and 4.0.0, the ShardingS ...) NOT-FOR-US: Apache ShardingSphere CVE-2020-1946 (In Apache SpamAssassin before 3.4.5, malicious rule configuration (.cf ...) {DSA-4879-1 DLA-2615-1} - spamassassin 3.4.5~pre1-1 (bug #985962) NOTE: https://www.openwall.com/lists/oss-security/2021/03/24/3 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7793 (not public) NOTE: https://svn.apache.org/viewvc/spamassassin/branches/3.4/lib/Mail/SpamAssassin/Conf/Parser.pm?r1=1864416&r2=1876381&pathrev=1876381 CVE-2020-1945 (Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default tempora ...) - ant 1.10.8-1 (low; bug #960630) [buster] - ant (Minor issue) [stretch] - ant (Minor issue) [jessie] - ant (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/05/13/1 NOTE: https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (1.9.15) NOTE: https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (1.9.15) NOTE: https://github.com/apache/ant/commit/d591851ae3921172bb825b5a5344afa3de0e28ca (10.8) NOTE: https://github.com/apache/ant/commit/9c1f4d905da59bf446570ac28df5b68a37281f35 (10.8) NOTE: https://github.com/apache/ant/commit/041b058c7bf10a94d56db3ca9dba38cf90ab9943 (10.8) NOTE: https://github.com/apache/ant/commit/a8645a151bc706259fb1789ef587d05482d98612 (10.8) NOTE: https://github.com/apache/ant/commit/926f339ea30362bec8e53bf5924ce803938163b7 (10.8) NOTE: Adressing CVE-2020-1945 introduces a new issue CVE-2020-11979. CVE-2020-1944 (There is a vulnerability in Apache Traffic Server 6.0.0 to 6.2.3, 7.0. ...) {DSA-4672-1} - trafficserver 8.0.6+ds-1 NOTE: https://lists.apache.org/thread.html/r99d18d0bc4daa05e7d0e5a63e0e22701a421b2ef5a8f4f7694c43869%40%3Cannounce.trafficserver.apache.org%3E NOTE: https://github.com/apache/trafficserver/commit/5830bc72611e85e7a31098ce86710242f29076dc CVE-2020-1943 (Data sent with contentId to /control/stream is not sanitized, allowing ...) NOT-FOR-US: Apache OFBiz CVE-2020-1942 (In Apache NiFi 0.0.1 to 1.11.0, the flow fingerprint factory generated ...) NOT-FOR-US: Apache NiFi CVE-2020-1941 (In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open ...) - activemq (unimportant) NOTE: Admin console not enabled in the Debian package, see #702670) NOTE: Fixed in 5.15.12 CVE-2020-1940 (The optional initial password change and password expiration features ...) NOT-FOR-US: Apache Jackrabbit Oak CVE-2020-1939 (The Apache NuttX (Incubating) project provides an optional separate "a ...) NOT-FOR-US: Apache NuttX CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken when tr ...) {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1} - tomcat9 9.0.31-1 (bug #952437) - tomcat8 (bug #952438) - tomcat7 (bug #952436) [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: AJP disabled in Debian in default configuration since 2008 NOTE: fixed in upstream versions 9.0.31, 8.5.51, 7.0.100 NOTE: https://www.tenable.com/blog/cve-2020-1938-ghostcat-apache-tomcat-ajp-file-readinclusion-vulnerability-cnvd-2020-10487 NOTE: https://github.com/apache/tomcat/commit/0e8a50f0a5958744bea1fd6768c862e04d3b7e75 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/9ac90532e9a7d239f90952edb229b07c80a9a3eb (9.0.31) NOTE: https://github.com/apache/tomcat/commit/64fa5b99442589ef0bf2a7fcd71ad2bc68b35fad (9.0.31) NOTE: https://github.com/apache/tomcat/commit/7a1406a3cd20fdd90656add6cd8f27ef8f24e957 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/49ad3f954f69c6e838c8cd112ad79aa5fa8e7153 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/69c56080fb3355507e1b55d014ec0ee6767a6150 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/b962835f98b905286b78c414d5aaec2d0e711f75 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/9be57601efb8a81e3832feb0dd60b1eb9d2b61d5 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/64159aa1d7cdc2c118fcb5eac098e70129d54a19 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/03c436126db6794db5277a3b3d871016fb9a3f23 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/0d633e72ebc7b3c242d0081c23bba5e4dacd9b72 (7.0.100) NOTE: https://github.com/apache/tomcat/commit/40d5d93bd284033cf4a1f77f5492444f83d803e2 (7.0.100) NOTE: https://github.com/apache/tomcat/commit/b99fba5bd796d876ea536e83299603443842feba (7.0.100) NOTE: https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645 (7.0.100) CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the user ...) NOT-FOR-US: Apache Kylin CVE-2020-1936 (A cross-site scripting issue was found in Apache Ambari Views. This wa ...) NOT-FOR-US: Apache Ambari CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...) {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1} - tomcat9 9.0.31-1 - tomcat8 - tomcat7 [stretch] - tomcat7 (No components in libservlet3.0-java binary package are affected) NOTE: https://github.com/apache/tomcat/commit/8bfb0ff7f25fe7555a5eb2f7984f73546c11aa26 (9.0.31) NOTE: https://github.com/apache/tomcat/commit/8fbe2e962f0ea138d92361921643fe5abe0c4f56 (8.5.51) NOTE: https://github.com/apache/tomcat/commit/702bf15bea292915684d931526d95d4990b2e73d (7.0.100) CVE-2020-1934 (In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitial ...) {DSA-4757-1 DLA-2706-1} - apache2 2.4.43-1 (low) [jessie] - apache2 (Minor issue) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1934 NOTE: Upstream patch: https://svn.apache.org/r1873745 CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Maliciou ...) NOT-FOR-US: Apache NiFi CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...) NOT-FOR-US: Apache Superset CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) {DSA-4615-1 DLA-2107-1} - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784 (restricted) CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) {DSA-4615-1 DLA-2107-1} - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7648 (restricted) CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an ...) NOT-FOR-US: Apache Beam MongoDB connector CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...) NOT-FOR-US: Apache NiFi CVE-2020-1927 (In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_r ...) {DSA-4757-1 DLA-2706-1} - apache2 2.4.43-1 (low) [jessie] - apache2 (Minor issue) NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-1927 NOTE: https://svn.apache.org/r1873905 NOTE: https://svn.apache.org/r1874191 CVE-2020-1926 (Apache Hive cookie signature verification used a non constant time com ...) NOT-FOR-US: Apache Hive CVE-2020-1925 (Apache Olingo versions 4.0.0 to 4.7.0 provide the AsyncRequestWrapperI ...) NOT-FOR-US: Olingo CVE-2020-1924 RESERVED CVE-2020-1923 RESERVED CVE-2020-1922 RESERVED CVE-2020-1921 (In the crypt function, we attempt to null terminate a buffer using the ...) - hhvm CVE-2020-1920 (A regular expression denial of service (ReDoS) vulnerability in the va ...) NOT-FOR-US: react-native CVE-2020-1919 (Incorrect bounds calculations in substr_compare could lead to an out-o ...) - hhvm CVE-2020-1918 (In-memory file operations (ie: using fopen on a data URI) did not prop ...) - hhvm CVE-2020-1917 (xbuf_format_converter, used as part of exif_read_data, was appending a ...) - hhvm CVE-2020-1916 (An incorrect size calculation in ldap_escape may lead to an integer ov ...) - hhvm CVE-2020-1915 (An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes ...) NOT-FOR-US: Facebook Hermes CVE-2020-1914 (A logic vulnerability when handling the SaveGeneratorLong instruction ...) NOT-FOR-US: Facebook Hermes CVE-2020-1913 (An Integer signedness error in the JavaScript Interpreter in Facebook ...) NOT-FOR-US: Facebook Hermes CVE-2020-1912 (An out-of-bounds read/write vulnerability when executing lazily compil ...) NOT-FOR-US: Facebook Hermes CVE-2020-1911 (A type confusion vulnerability when resolving properties of JavaScript ...) NOT-FOR-US: Facebook Hermes CVE-2020-1910 (A missing bounds check in WhatsApp for Android prior to v2.21.1.13 and ...) NOT-FOR-US: WhatsApp CVE-2020-1909 (A use-after-free in a logging library in WhatsApp for iOS prior to v2. ...) NOT-FOR-US: WhatsApp CVE-2020-1908 (Improper authorization of the Screen Lock feature in WhatsApp and What ...) NOT-FOR-US: WhatsApp CVE-2020-1907 (A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsA ...) NOT-FOR-US: WhatsApp CVE-2020-1906 (A buffer overflow in WhatsApp for Android prior to v2.20.130 and Whats ...) NOT-FOR-US: WhatsApp CVE-2020-1905 (Media ContentProvider URIs used for opening attachments in other apps ...) NOT-FOR-US: WhatsApp CVE-2020-1904 (A path validation issue in WhatsApp for iOS prior to v2.20.61 and What ...) NOT-FOR-US: WhatsApp CVE-2020-1903 (An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for ...) NOT-FOR-US: WhatsApp CVE-2020-1902 (A user running a quick search on a highly forwarded message on WhatsAp ...) NOT-FOR-US: WhatsApp CVE-2020-1901 (Receiving a large text message containing URLs in WhatsApp for iOS pri ...) NOT-FOR-US: WhatsApp CVE-2020-1900 (When unserializing an object with dynamic properties HHVM needs to pre ...) - hhvm CVE-2020-1899 (The unserialize() function supported a type code, "S", which was meant ...) - hhvm CVE-2020-1898 (The fb_unserialize function did not impose a depth limit for nested de ...) - hhvm CVE-2020-1897 (A use-after-free is possible due to an error in lifetime management in ...) NOT-FOR-US: Facebook Proxygen CVE-2020-1896 (A stack overflow vulnerability in Facebook Hermes 'builtin apply' prio ...) NOT-FOR-US: Facebook Hermes CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...) NOT-FOR-US: Instagram for Android CVE-2020-1894 (A stack write overflow in WhatsApp for Android prior to v2.20.35, What ...) NOT-FOR-US: WhatsApp CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...) - hhvm CVE-2020-1892 (Insufficient boundary checks when decoding JSON in JSON_parser allows ...) - hhvm CVE-2020-1891 (A user controlled parameter used in video call in WhatsApp for Android ...) NOT-FOR-US: WhatsApp CVE-2020-1890 (A URL validation issue in WhatsApp for Android prior to v2.20.11 and W ...) NOT-FOR-US: WhatsApp CVE-2020-1889 (A security feature bypass issue in WhatsApp Desktop versions prior to ...) NOT-FOR-US: WhatsApp CVE-2020-1888 (Insufficient boundary checks when decoding JSON in handleBackslash rea ...) - hhvm CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions after ...) - osquery (bug #803502) CVE-2020-1886 (A buffer overflow in WhatsApp for Android prior to v2.20.11 and WhatsA ...) NOT-FOR-US: WhatsApp CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...) NOT-FOR-US: Oculus Desktop CVE-2020-1884 RESERVED CVE-2020-1883 (Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak v ...) NOT-FOR-US: Huawei CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...) NOT-FOR-US: Huawei CVE-2020-1881 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1880 (Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00 ...) NOT-FOR-US: Huawei CVE-2020-1879 (There is an improper integrity checking vulnerability on some huawei p ...) NOT-FOR-US: Huawei CVE-2020-1878 (Huawei smartphone OxfordS-AN00A with versions earlier than 10.0.1.152D ...) NOT-FOR-US: Huawei CVE-2020-1877 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...) NOT-FOR-US: Huawei CVE-2020-1876 (NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R0 ...) NOT-FOR-US: Huawei CVE-2020-1875 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...) NOT-FOR-US: Huawei CVE-2020-1874 (NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V5 ...) NOT-FOR-US: Huawei CVE-2020-1873 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E ...) NOT-FOR-US: Huawei CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...) NOT-FOR-US: Huawei CVE-2020-1870 (There is a denial of service vulnerability in some Huawei products. Du ...) NOT-FOR-US: Huawei CVE-2020-1869 RESERVED CVE-2020-1868 RESERVED CVE-2020-1867 RESERVED CVE-2020-1866 (There is an out-of-bounds read vulnerability in several products. The ...) NOT-FOR-US: Huawei CVE-2020-1865 (There is an out-of-bounds read vulnerability in Huawei CloudEngine pro ...) NOT-FOR-US: Huawei CVE-2020-1864 (Some Huawei products have a security vulnerability due to improper aut ...) NOT-FOR-US: Huawei CVE-2020-1863 (Huawei USG6000V with versions V500R001C20SPC300, V500R003C00SPC100, an ...) NOT-FOR-US: Huawei CVE-2020-1862 (There is a double free vulnerability in some Huawei products. A local ...) NOT-FOR-US: Huawei CVE-2020-1861 (CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700 ...) NOT-FOR-US: Huawei CVE-2020-1860 (NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C3 ...) NOT-FOR-US: Huawei CVE-2020-1859 RESERVED CVE-2020-1858 (Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V ...) NOT-FOR-US: Huawei CVE-2020-1857 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1856 (Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG ...) NOT-FOR-US: Huawei CVE-2020-1855 (Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-55 ...) NOT-FOR-US: Huawei CVE-2020-1854 RESERVED CVE-2020-1853 (GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. ...) NOT-FOR-US: Huawei CVE-2020-1852 RESERVED CVE-2020-1851 RESERVED CVE-2020-1850 RESERVED CVE-2020-1849 RESERVED CVE-2020-1848 (There is a resource management error vulnerability in Jackman-AL00D ve ...) NOT-FOR-US: Huawei CVE-2020-1847 (There is a denial of service vulnerability in some Huawei products. Th ...) NOT-FOR-US: Huawei CVE-2020-1846 RESERVED CVE-2020-1845 (Huawei PCManager product with versions earlier than 10.0.5.53 have a l ...) NOT-FOR-US: Huawei CVE-2020-1844 (PCManager with versions earlier than 10.0.5.51 have a privilege escala ...) NOT-FOR-US: Huawei CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...) NOT-FOR-US: Huawei CVE-2020-1842 (Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version ...) NOT-FOR-US: Huawei CVE-2020-1841 (Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6 ...) NOT-FOR-US: Huawei CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...) NOT-FOR-US: Huawei CVE-2020-1839 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: Huawei CVE-2020-1838 (HUAWEI Mate 30 Pro with versions earlier than 10.1.0.150(C00E136R5P3) ...) NOT-FOR-US: Huawei CVE-2020-1837 (ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) ...) NOT-FOR-US: Huawei CVE-2020-1836 (HUAWEI P30 with versions earlier than 10.1.0.160(C00E160R2P11) and HUA ...) NOT-FOR-US: Huawei CVE-2020-1835 (HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have ...) NOT-FOR-US: Huawei CVE-2020-1834 (HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C0 ...) NOT-FOR-US: Huawei CVE-2020-1833 (Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) ...) NOT-FOR-US: Huawei CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3. ...) NOT-FOR-US: Huawei CVE-2020-1831 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C ...) NOT-FOR-US: Huawei CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...) NOT-FOR-US: Huawei CVE-2020-1828 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...) NOT-FOR-US: Huawei CVE-2020-1825 (FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of ...) NOT-FOR-US: Huawei CVE-2020-1824 RESERVED CVE-2020-1823 RESERVED CVE-2020-1822 RESERVED CVE-2020-1821 RESERVED CVE-2020-1820 RESERVED CVE-2020-1819 RESERVED CVE-2020-1818 RESERVED CVE-2020-1817 (Huawei PCManager with versions earlier than 10.0.1.36 has a privilege ...) NOT-FOR-US: Huawei CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1814 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) NOT-FOR-US: Huawei CVE-2020-1813 (HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2 ...) NOT-FOR-US: Huawei CVE-2020-1812 (HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P ...) NOT-FOR-US: Huawei CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) NOT-FOR-US: Huawei CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...) NOT-FOR-US: Huawei CVE-2020-1809 (HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E1 ...) NOT-FOR-US: Huawei CVE-2020-1808 (Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI ...) NOT-FOR-US: Huawei CVE-2020-1807 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E7 ...) NOT-FOR-US: Huawei CVE-2020-1806 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) NOT-FOR-US: Huawei CVE-2020-1805 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) NOT-FOR-US: Huawei CVE-2020-1804 (Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00 ...) NOT-FOR-US: Huawei CVE-2020-1803 (Huawei smartphones Honor V20 with versions earlier than 10.0.0.179(C63 ...) NOT-FOR-US: Huawei CVE-2020-1802 (There is an insufficient integrity validation vulnerability in several ...) NOT-FOR-US: Huawei CVE-2020-1801 (There is an improper authentication vulnerability in several smartphon ...) NOT-FOR-US: Huawei CVE-2020-1800 (HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P ...) NOT-FOR-US: Huawei CVE-2020-1799 (E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00 ...) NOT-FOR-US: Huawei CVE-2020-1798 (HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2 ...) NOT-FOR-US: Huawei CVE-2020-1797 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...) NOT-FOR-US: Huawei CVE-2020-1796 (There is an improper authorization vulnerability in several smartphone ...) NOT-FOR-US: Huawei CVE-2020-1795 (There is a logic error vulnerability in several smartphones. The softw ...) NOT-FOR-US: Huawei CVE-2020-1794 (There is an improper authentication vulnerability in several smartphon ...) NOT-FOR-US: Huawei CVE-2020-1793 (There is an improper authentication vulnerability in several smartphon ...) NOT-FOR-US: Huawei CVE-2020-1792 (Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C ...) NOT-FOR-US: Huawei CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...) NOT-FOR-US: Huawei CVE-2020-1790 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) NOT-FOR-US: Huawei CVE-2020-1789 (Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with ve ...) NOT-FOR-US: Huawei CVE-2020-1788 (Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P ...) NOT-FOR-US: Huawei CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...) NOT-FOR-US: Huawei CVE-2020-1786 (HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69 ...) NOT-FOR-US: Huawei CVE-2020-1785 (Mate 10 Pro;Honor V10;Honor 10;Nova 4 smartphones have a denial of ser ...) NOT-FOR-US: Huawei CVE-2020-1784 RESERVED CVE-2020-1783 RESERVED CVE-2020-1782 RESERVED CVE-2020-1781 RESERVED CVE-2020-1780 RESERVED CVE-2020-1779 (When dynamic templates are used (OTRSTicketForms), admin can use OTRS ...) NOT-FOR-US: OTRSTicketForms (OTRS addon) CVE-2020-1778 (When OTRS uses multiple backends for user authentication (with LDAP), ...) - otrs2 (Only affects 8.x) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-16/ CVE-2020-1777 (Agent names that participates in a chat conversation are revealed in c ...) - otrs2 (Only affects 7.x and 8.x) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-15/ CVE-2020-1776 (When an agent user is renamed or set to invalid the session belonging ...) - otrs2 6.0.29-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-13/ CVE-2020-1775 (BCC recipients in mails sent from OTRS are visible in article detail o ...) - otrs2 (ONly affects 7.x and 8.x series) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-12/ CVE-2020-1774 (When user downloads PGP or S/MIME keys/certificates, exported file has ...) {DLA-2198-1} - otrs2 6.0.28-1 (bug #959448) [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-11/ NOTE: Fixed in 7.0.17, 6.0.28 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ff725cbea77f03fa296bb13f93f5b07086920342 CVE-2020-1773 (An attacker with the ability to generate session IDs or password reset ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (Too intrusive to backport) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-10/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/ab253734bc211541309b9f8ea2b8b70389c4a64e NOTE: OTRS5: https://github.com/OTRS/otrs/commit/4955521af50238046847bce51ad9865950324f77 CVE-2020-1772 (It's possible to craft Lost Password requests with wildcards in the To ...) {DLA-2198-1} - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-09/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/c0255365d5c455272b2b9e7bb1f6c96c3fce441b NOTE: OTRS5: https://github.com/OTRS/otrs/commit/2628464f659c39fafbc32147d569553eb07d41d7 CVE-2020-1771 (Attacker is able craft an article with a link to the customer address ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (Vulnerable code introduced in later version) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-08/ NOTE: Fixed in 7.0.16, 6.0.27 NOTE: https://github.com/OTRS/otrs/commit/2576830053f70a3a9251558e55f34843dec61aa2 CVE-2020-1770 (Support bundle generated files could contain sensitive information tha ...) {DLA-2198-1} - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-07/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/cb6d12a74fbf721ba33f24ce93ae37ed9a945a95 NOTE: OTRS5: https://github.com/OTRS/otrs/commit/d37defe6592992e886cc5cc8fec444d34875fd4d CVE-2020-1769 (In the login screens (in agent and customer interface), Username and P ...) - otrs2 6.0.27-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) [jessie] - otrs2 (https://lists.debian.org/debian-lts/2020/04/msg00040.html) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-06/ NOTE: Fixed in 7.0.16, 6.0.27, 5.0.42 NOTE: OTRS6: https://github.com/OTRS/otrs/commit/1b74e24582c946d02209acfc248d4ba451251f93 NOTE: OTRS5: https://github.com/OTRS/otrs/commit/7974ea582211c13730d223fc4dcdffa542af423f CVE-2020-1768 (The external frontend system uses numerous background calls to the bac ...) - otrs2 (Only affects 7.0.x series) NOTE: https://community.otrs.com/security-advisory-2020-04/ CVE-2020-1767 (Agent A is able to save a draft (i.e. for customer reply). Then Agent ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-03/ NOTE: https://github.com/OTRS/otrs/commit/5f488fd6c809064ee49def3a432030258d211570 CVE-2020-1766 (Due to improper handling of uploaded images it is possible in very unl ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-02/ NOTE: https://github.com/OTRS/otrs/commit/128078b0bb30f601ed97d4a13906644264ee6013 (OTRS6) NOTE: https://github.com/OTRS/otrs/commit/b7d80f9000fc9a435743d8d1d7d44d9a17483a9a (OTRS5) CVE-2020-1765 (An improper control of parameters allows the spoofing of the from fiel ...) {DLA-2079-1} - otrs2 6.0.25-1 [buster] - otrs2 (Non-free not supported) [stretch] - otrs2 (Non-free not supported) NOTE: https://otrs.com/release-notes/otrs-security-advisory-2020-01/ NOTE: https://github.com/OTRS/otrs/commit/d146d4997cbd6e1370669784c6a2ec8d64655252 (OTRS6) NOTE: https://github.com/OTRS/otrs/commit/874889b86abea4c01ceb1368a836b66694fae1c3 (OTRS5) CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default configurat ...) NOT-FOR-US: Kiali CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon of lib ...) {DSA-4684-1} - libreswan 3.32-1 (bug #960458) NOTE: Introduced by: https://github.com/libreswan/libreswan/commit/fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 (v3.27) NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 NOTE: https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt CVE-2020-1762 (An insufficient JWT validation vulnerability was found in Kiali versio ...) NOT-FOR-US: Kiali CVE-2020-1761 (A flaw was found in the OpenShift web console, where the access token ...) NOT-FOR-US: OpenShift CVE-2020-1760 (A flaw was found in the Ceph Object Gateway, where it supports request ...) {DLA-2735-1 DLA-2171-1} - ceph 14.2.9-1 (bug #956142) [buster] - ceph (Minor issue) NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/8aa1f77363ec32bdc57744a143035033291ab5e1 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/18eb4d918b27d362312c29a3bbd57a421897c0a5 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/1bf14094fec34770d2cc74317f4238ccb2dfef98 NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/1 CVE-2020-1759 (A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Opensh ...) - ceph 14.2.9-1 (bug #956139) [buster] - ceph (Vulnerable code not present) [stretch] - ceph (Vulnerable code not present) [jessie] - ceph (Vulnerable code not present) NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/fe387e02b11df98357d8cdbfa3b1f1d5f2bb3f74 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/84d2e215969cde830b086d11544aeb3666614211 NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/659ec7dc6e30fe961832f813da007f49e603a33d NOTE: https://www.openwall.com/lists/oss-security/2020/04/07/2 CVE-2020-1758 (A flaw was found in Keycloak in versions before 10.0.0, where it does ...) NOT-FOR-US: Keycloak CVE-2020-1757 (A flaw was found in all undertow-2.x.x SP1 versions prior to undertow- ...) - undertow 2.1.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1752770 NOTE: https://issues.redhat.com/browse/UNDERTOW-1464 NOTE: https://issues.redhat.com/browse/UNDERTOW-1671 NOTE: https://github.com/undertow-io/undertow/pull/871 CVE-2020-1756 RESERVED CVE-2020-1755 RESERVED CVE-2020-1754 RESERVED CVE-2020-1753 (A security flaw was found in Ansible Engine, all Ansible 2.7.x version ...) {DSA-4950-1} - ansible 2.9.16+dfsg-1 [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1811008 NOTE: https://github.com/ansible-collections/kubernetes/pull/51 NOTE: https://github.com/ansible/ansible/pull/71971 NOTE: Fixed by: https://github.com/ansible/ansible/commit/3728530c9a21c0992047d32cb02518d1b076e23d (v2.9.14rc1) NOTE: Followup fix: https://github.com/ansible/ansible/commit/7529d31ba9042843ca4364459a744381728b7b4f (v2.9.15rc1) NOTE: Fixing commit only introduces a warning about disclosure when using certain NOTE: options. CVE-2020-1752 (A use-after-free vulnerability introduced in glibc upstream version 2. ...) - glibc 2.30-3 (bug #953788) [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25414 NOTE: Introduced in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f2962a71959fd254a7a223437ca4b63b9e81130c (2.14) NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ddc650e9b3dc916eab417ce9f79e67337b05035c CVE-2020-1751 (An out-of-bounds write vulnerability was found in glibc before 2.31 wh ...) - glibc 2.30-3 [buster] - glibc (Minor issue) [stretch] - glibc (Minor issue) [jessie] - glibc (Minor issue) NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=25423 NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d93769405996dfc11d216ddbe415946617b5a494 CVE-2020-1750 (A flaw was found in the machine-config-operator that causes an OpenShi ...) NOT-FOR-US: OpenShift machine-config-operator CVE-2020-1749 (A flaw was found in the Linux kernel's implementation of some networki ...) {DLA-2241-1} - linux 5.4.6-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2 CVE-2020-1748 (A flaw was found in all supported versions before wildfly-elytron-1.6. ...) - wildfly (bug #752018) CVE-2020-1747 (A vulnerability was discovered in the PyYAML library in versions befor ...) - pyyaml 5.3-2 (bug #953013) [buster] - pyyaml (Loader/Constructor classes are unsafe in this version) [stretch] - pyyaml (Loader/Constructor classes are unsafe in this version) [jessie] - pyyaml (Loader/Constructor classes are unsafe in this version) NOTE: https://github.com/yaml/pyyaml/pull/386 CVE-2020-1746 (A flaw was found in the Ansible Engine affecting Ansible Engine versio ...) {DSA-4950-1} - ansible 2.9.7+dfsg-1 [stretch] - ansible (Vulnerable code introduced later) [jessie] - ansible (Vulnerable code introduced later) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1805491 NOTE: https://github.com/ansible/ansible/pull/67866 NOTE: Fixed by: https://github.com/ansible/ansible/commit/d41e38435b1a9e300d8011ac28f16a5add2db119 (v2.9.7) CVE-2020-1745 (A file inclusion vulnerability was found in the AJP connector enabled ...) - undertow 2.0.30-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1807305 NOTE: Variant of the Ghostcat Tomcat vulnerability, CVE-2020-1938. NOTE: According to https://lists.jboss.org/pipermail/undertow-dev/2020-March/002422.html NOTE: the fix is: https://github.com/undertow-io/undertow/pull/859 CVE-2020-1744 (A flaw was found in keycloak before version 9.0.1. When configuring an ...) NOT-FOR-US: Keycloak CVE-2020-1743 RESERVED CVE-2020-1742 (An insecure modification vulnerability flaw was found in containers us ...) NOT-FOR-US: OpenShift jenkins-slave-base-rhel7-container CVE-2020-1741 (A flaw was found in openshift-ansible. OpenShift Container Platform (O ...) NOT-FOR-US: openshift-ansible CVE-2020-1740 (A flaw was found in Ansible Engine when using Ansible Vault for editin ...) {DSA-4950-1 DLA-2202-1} - ansible 2.9.7+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802193 NOTE: https://github.com/ansible/ansible/issues/67798 NOTE: https://github.com/ansible/ansible/pull/68644 CVE-2020-1739 (A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9 ...) {DSA-4950-1 DLA-2202-1} - ansible 2.9.7+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802178 NOTE: https://github.com/ansible/ansible/issues/67797 NOTE: https://github.com/ansible/ansible/pull/67829 NOTE: https://github.com/ansible/ansible/commit/d91658ec0c8434c82c3ef98bfe9eb4e1027a43a3 CVE-2020-1738 (A flaw was found in Ansible Engine when the module package or service ...) - ansible (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802164 NOTE: https://github.com/ansible/ansible/issues/67796 NOTE: Marked unimportant as for exploitation it requires already a remote that is NOTE: compromised, cf. https://github.com/ansible/ansible/issues/67796#issuecomment-614656017 CVE-2020-1737 (A flaw was found in Ansible 2.7.17 and prior, 2.8.9 and prior, and 2.9 ...) - ansible 2.9.7+dfsg-1 (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802154 NOTE: https://github.com/ansible/ansible/issues/67795 NOTE: https://github.com/ansible/ansible/pull/67799 NOTE: Issue in the win_unzip module which is executed only on Windows plattform CVE-2020-1736 (A flaw was found in Ansible Engine when a file is moved using atomic_m ...) - ansible (unimportant; bug #966663) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802124 NOTE: https://github.com/ansible/ansible/issues/67794 NOTE: https://github.com/ansible/ansible/pull/70221 NOTE: The issue will not be fixed source-wise, but to avoid the issue raised in NOTE: CVE-2020-1736 one should specify a mode parameter in all file-based tasks NOTE: that accept it, cf. https://github.com/ansible/ansible/commit/7eec8e4d268d6711f317583974e9e936083de636 CVE-2020-1735 (A flaw was found in the Ansible Engine when the fetch module is used. ...) {DSA-4950-1} - ansible 2.9.7+dfsg-1 [jessie] - ansible (No remote expansion in fetch module) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1802085 NOTE: https://github.com/ansible/ansible/issues/67793 NOTE: https://github.com/ansible/ansible/pull/68720 NOTE: Introduced in https://github.com/ansible/ansible/commit/e47f6137e5b897dec4319e7cb7791fb9b2cffb8d (1.8) NOTE: Fixed by: https://github.com/ansible/ansible/commit/290bfa820d533dc224e0c3fa7dd7c6b907ed0189 NOTE: The commit has incorrect CVE reference adressed in NOTE: https://github.com/ansible/ansible/commit/18f91bbb88a84b1d3614ef41c3550da735592ac1 CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary comma ...) - ansible (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804 NOTE: https://github.com/ansible/ansible/issues/6550 NOTE: https://github.com/ansible/ansible/issues/67792 NOTE: Upstream considers this intended functionality and delegates it up to the NOTE: playbook author to ensure they use the quote filter. CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...) {DSA-4950-1 DLA-2202-1} - ansible 2.9.7+dfsg-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735 NOTE: https://github.com/ansible/ansible/issues/67791 NOTE: https://github.com/ansible/ansible/pull/68921 NOTE: https://github.com/ansible/ansible/commit/8077d8e40148fe77e2393caa5f2b2ea855149d63 NOTE: When applying the fix for CVE-2020-1733 make sure to apply complete fix to NOTE: not open up CVE-2020-10744. CVE-2020-1732 (A flaw was found in Soteria before 1.0.1, in a way that multiple reque ...) - wildfly (bug #752018) CVE-2020-1731 (A flaw was found in all versions of the Keycloak operator, before vers ...) NOT-FOR-US: Keycloak CVE-2020-1730 (A flaw was found in libssh versions before 0.8.9 and before 0.9.4 in t ...) - libssh 0.9.4-1 (bug #956308) [buster] - libssh 0.8.7-1+deb10u1 [stretch] - libssh (Vulnerable code introduced later) [jessie] - libssh (Vulnerable code introduced later) NOTE: https://www.libssh.org/security/advisories/CVE-2020-1730.txt NOTE: https://bugs.libssh.org/T213 NOTE: Introduced by: https://git.libssh.org/projects/libssh.git/commit/?id=84a85803b4c83b8dac03b0d0aba58b48c98253e6 (libssh-0.8.0) NOTE: Fixed by: https://git.libssh.org/projects/libssh.git/commit/?id=b36272eac1b36982598c10de7af0a501582de07a CVE-2020-1729 (A flaw was found in SmallRye's API through version 1.6.1. The API can ...) NOT-FOR-US: SmallRye Config CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the pages ...) NOT-FOR-US: Keycloak CVE-2020-1727 (A vulnerability was found in Keycloak before 9.0.2, where every Author ...) NOT-FOR-US: Keycloak CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...) - libpod 1.6.4+dfsg1-3 (bug #961421) NOTE: Introduced in: https://github.com/containers/libpod/commit/997c4b56ed2121726e966afe9a102ed16ba78f93 (v1.6.0-rc1) NOTE: https://github.com/containers/libpod/pull/5168 NOTE: Fixed by: https://github.com/containers/libpod/commit/c140ecdc9b416ab4efd4d21d14acd63b6adbdd42 (v1.8.1-rc1) CVE-2020-1725 (A flaw was found in keycloak before version 13.0.0. In some scenarios ...) NOT-FOR-US: Keycloak CVE-2020-1724 (A flaw was found in Keycloak in versions before 9.0.2. This flaw allow ...) NOT-FOR-US: Keycloak CVE-2020-1723 (The logout endpoint /oauth/logout?redirect=url can be abused to redire ...) NOT-FOR-US: Keycloak CVE-2020-1722 (A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending ...) - freeipa 4.8.8-2 (bug #966200) [buster] - freeipa (Minor issue) NOTE: https://pagure.io/freeipa/issue/8268 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1793071 NOTE: https://pagure.io/freeipa/c/dbf5df4a66b68f62a9e063c43a30b46e539c603b (master) NOTE: https://pagure.io/freeipa/c/089a393581aa249ddec66ce1455fff4951cdb827 (ipa-4-8) CVE-2020-1721 (A flaw was found in the Key Recovery Authority (KRA) Agent Service in ...) - dogtag-pki 10.9.1-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1777579 NOTE: https://github.com/dogtagpki/pki/commit/b3514113c867c9394dd84e313c55dc66f3e846b6 (v10.9.0-a2) CVE-2020-1720 (A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", whe ...) {DSA-4623-1 DSA-4622-1 DLA-2105-1} - postgresql-12 12.2-1 - postgresql-11 - postgresql-9.6 - postgresql-9.4 NOTE: https://www.postgresql.org/about/news/2011/ NOTE: Fixed in 12.2, 11.7, 10.12, 9.6.17, 9.5.21, and 9.4.26 NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b048f558dd7c26a0c630a2cff29d3d8981eaf6b9 CVE-2020-1719 (A flaw was found in wildfly. The EJBContext principle is not popped ba ...) - wildfly (bug #752018) CVE-2020-1718 (A flaw was found in the reset credential flow in all Keycloak versions ...) NOT-FOR-US: Keycloak CVE-2020-1717 (A flaw was found in Keycloak 7.0.1. A logged in user can do an account ...) NOT-FOR-US: Keycloak CVE-2020-1716 (A flaw was found in the ceph-ansible playbook where it contained hardc ...) NOT-FOR-US: ceph-ansible CVE-2020-1715 RESERVED CVE-2020-1714 (A flaw was found in Keycloak before version 11.0.0, where the code bas ...) NOT-FOR-US: Keycloak CVE-2020-1713 RESERVED CVE-2020-1712 (A heap use-after-free vulnerability was found in systemd before versio ...) - systemd 244.2-1 (bug #950732) [buster] - systemd 241-7~deb10u4 [stretch] - systemd (Can be fixed via point release) [jessie] - systemd (Vulnerable code introduced later) NOTE: https://github.com/systemd/systemd/commit/773b1a7916bfce3aa2a21ecf534d475032e8528e (preparation) NOTE: https://github.com/systemd/systemd/commit/95f82ae9d774f3508ce89dcbdd0714ef7385df59 (preparation) NOTE: https://github.com/systemd/systemd/commit/7f56982289275ce84e20f0554475864953e6aaab (preparation) NOTE: https://github.com/systemd/systemd/commit/f4425c72c7395ec93ae00052916a66e2f60f200b (preparation) NOTE: https://github.com/systemd/systemd/commit/1068447e6954dc6ce52f099ed174c442cb89ed54 (introduce new API) NOTE: https://github.com/systemd/systemd/commit/637486261528e8aa3da9f26a4487dc254f4b7abb (use new function to fix CVE-2020-1712) NOTE: https://github.com/systemd/systemd/commit/5c1163273569809742c164260cfd9f096520cb82 (documentation) NOTE: https://github.com/systemd/systemd/commit/bc130b6858327b382b07b3985cf48e2aa9016b2d (documentation) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1794578 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1971 CVE-2020-1711 (An out-of-bounds heap buffer access flaw was found in the way the iSCS ...) {DLA-2373-1 DLA-2144-1} - qemu 1:4.2-2 (bug #949731) [buster] - qemu 1:3.1+dfsg-8+deb10u4 - qemu-kvm NOTE: Upstream patch: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=693fd2acdf14dd86c0bf852610f1c2cca80a74dc (5.0) NOTE: https://www.openwall.com/lists/oss-security/2020/01/23/3 CVE-2020-1710 (The issue appears to be that JBoss EAP 6.4.21 does not parse the field ...) NOT-FOR-US: JBoss EAP CVE-2020-1709 (A vulnerability was found in all openshift/mediawiki 4.x.x versions pr ...) NOT-FOR-US: openshift CVE-2020-1708 (It has been found in openshift-enterprise version 3.11 and all openshi ...) NOT-FOR-US: openshift CVE-2020-1707 (A vulnerability was found in all openshift/postgresql-apb 4.x.x versio ...) NOT-FOR-US: openshift CVE-2020-1706 (It has been found that in openshift-enterprise version 3.11 and opensh ...) NOT-FOR-US: openshift CVE-2020-1705 (A vulnerability was found in openshift/template-service-broker-operato ...) NOT-FOR-US: openshift CVE-2020-1704 (An insecure modification vulnerability in the /etc/passwd file was fou ...) NOT-FOR-US: openshift CVE-2020-1703 REJECTED CVE-2020-1702 (A malicious container image can consume an unbounded amount of memory ...) NOT-FOR-US: Red Hat container manager tooling CVE-2020-1701 (A flaw was found in the KubeVirt main virt-handler versions before 0.2 ...) NOT-FOR-US: KubeVirt CVE-2020-1700 (A flaw was found in the way the Ceph RGW Beast front-end handles unexp ...) - ceph 14.2.7-1 [buster] - ceph (Minor issue) [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/42531 NOTE: https://github.com/ceph/ceph/pull/33017 NOTE: https://github.com/ceph/ceph/commit/ff72c50a2c43c57aead933eb4903ad1ca6d1748a CVE-2020-1699 (A path traversal flaw was found in the Ceph dashboard implemented in u ...) - ceph 14.2.6-4 (bug #949206) [buster] - ceph (Vulnerable code introduced later) [stretch] - ceph (Vulnerable code introduced later) [jessie] - ceph (Vulnerable code introduced later) NOTE: https://tracker.ceph.com/issues/41320 NOTE: https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158 CVE-2020-1698 (A flaw was found in keycloak in versions before 9.0.0. A logged except ...) NOT-FOR-US: Keycloak CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to exter ...) NOT-FOR-US: Keycloak CVE-2020-1696 (A flaw was found in the all pki-core 10.x.x versions, where Token Proc ...) - dogtag-pki [bullseye] - dogtag-pki (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1780707 CVE-2020-1695 (A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final ...) - resteasy - resteasy3.0 3.0.26-2 [buster] - resteasy3.0 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1730462 NOTE: https://github.com/resteasy/Resteasy/commit/acf15f2a8067f7e4cf5838342cecfa0b78a174fb CVE-2020-1694 (A flaw was found in all versions of Keycloak before 10.0.0, where the ...) NOT-FOR-US: Keycloak CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...) NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...) - moodle CVE-2020-1691 RESERVED CVE-2020-1690 (An improper authorization flaw was discovered in openstack-selinux's a ...) NOT-FOR-US: openstack-selinux CVE-2020-1689 (On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series d ...) NOT-FOR-US: Juniper CVE-2020-1688 (On Juniper Networks SRX Series and NFX Series, a local authenticated u ...) NOT-FOR-US: Juniper CVE-2020-1687 (On Juniper Networks EX4300-MP Series, EX4600 Series and QFX5K Series d ...) NOT-FOR-US: Juniper CVE-2020-1686 (On Juniper Networks Junos OS devices, receipt of a malformed IPv6 pack ...) NOT-FOR-US: Juniper CVE-2020-1685 (When configuring stateless firewall filters in Juniper Networks EX4600 ...) NOT-FOR-US: Juniper CVE-2020-1684 (On Juniper Networks SRX Series configured with application identificat ...) NOT-FOR-US: Juniper CVE-2020-1683 (On Juniper Networks Junos OS devices, a specific SNMP OID poll causes ...) NOT-FOR-US: Juniper CVE-2020-1682 (An input validation vulnerability exists in Juniper Networks Junos OS, ...) NOT-FOR-US: Juniper CVE-2020-1681 (Receipt of a specifically malformed NDP packet sent from the local are ...) NOT-FOR-US: Juniper CVE-2020-1680 (On Juniper Networks MX Series with MS-MIC or MS-MPC card configured wi ...) NOT-FOR-US: Juniper CVE-2020-1679 (On Juniper Networks PTX and QFX Series devices with packet sampling co ...) NOT-FOR-US: Juniper CVE-2020-1678 (On Juniper Networks Junos OS and Junos OS Evolved platforms with EVPN ...) NOT-FOR-US: Juniper CVE-2020-1677 (When SAML authentication is enabled, Juniper Networks Mist Cloud UI mi ...) NOT-FOR-US: Juniper CVE-2020-1676 (When SAML authentication is enabled, Juniper Networks Mist Cloud UI mi ...) NOT-FOR-US: Juniper CVE-2020-1675 (When Security Assertion Markup Language (SAML) authentication is enabl ...) NOT-FOR-US: Juniper CVE-2020-1674 REJECTED CVE-2020-1673 (Insufficient Cross-Site Scripting (XSS) protection in Juniper Networks ...) NOT-FOR-US: Juniper CVE-2020-1672 (On Juniper Networks Junos OS devices configured with DHCPv6 relay enab ...) NOT-FOR-US: Juniper CVE-2020-1671 (On Juniper Networks Junos OS platforms configured as DHCPv6 local serv ...) NOT-FOR-US: Juniper CVE-2020-1670 (On Juniper Networks EX4300 Series, receipt of a stream of specific IPv ...) NOT-FOR-US: Juniper CVE-2020-1669 (The Juniper Device Manager (JDM) container, used by the disaggregated ...) NOT-FOR-US: Juniper CVE-2020-1668 (On Juniper Networks EX2300 Series, receipt of a stream of specific mul ...) NOT-FOR-US: Juniper CVE-2020-1667 (When DNS filtering is enabled on Juniper Networks Junos MX Series with ...) NOT-FOR-US: Juniper CVE-2020-1666 (The system console configuration option 'log-out-on-disconnect' In Jun ...) NOT-FOR-US: Juniper CVE-2020-1665 (On Juniper Networks MX Series and EX9200 Series, in a certain conditio ...) NOT-FOR-US: Juniper CVE-2020-1664 (A stack buffer overflow vulnerability in the device control daemon (DC ...) NOT-FOR-US: Juniper CVE-2020-1663 RESERVED CVE-2020-1662 (On Juniper Networks Junos OS and Junos OS Evolved devices, BGP session ...) NOT-FOR-US: Juniper CVE-2020-1661 (On Juniper Networks Junos OS devices configured as a DHCP forwarder, t ...) NOT-FOR-US: Juniper CVE-2020-1660 (When DNS filtering is enabled on Juniper Networks Junos MX Series with ...) NOT-FOR-US: Juniper CVE-2020-1659 RESERVED CVE-2020-1658 RESERVED CVE-2020-1657 (On SRX Series devices, a vulnerability in the key-management-daemon (k ...) NOT-FOR-US: Juniper CVE-2020-1656 (The DHCPv6 Relay-Agent service, part of the Juniper Enhanced jdhcpd da ...) NOT-FOR-US: Juniper CVE-2020-1655 (When a device running Juniper Networks Junos OS with MPC7, MPC8, or MP ...) NOT-FOR-US: Juniper CVE-2020-1654 (On Juniper Networks SRX Series with ICAP (Internet Content Adaptation ...) NOT-FOR-US: Juniper CVE-2020-1653 (On Juniper Networks Junos OS devices, a stream of TCP packets sent to ...) NOT-FOR-US: Juniper CVE-2020-1652 (OpenNMS is accessible via port 9443 ...) - opennms (bug #450615) CVE-2020-1651 (On Juniper Networks MX series, receipt of a stream of specific Layer 2 ...) NOT-FOR-US: Juniper CVE-2020-1650 (On Juniper Networks Junos MX Series with service card configured, rece ...) NOT-FOR-US: Juniper CVE-2020-1649 (When a device running Juniper Networks Junos OS with MPC7, MPC8, or MP ...) NOT-FOR-US: Juniper CVE-2020-1648 (On Juniper Networks Junos OS and Junos OS Evolved devices, processing ...) NOT-FOR-US: Juniper CVE-2020-1647 (On Juniper Networks SRX Series with ICAP (Internet Content Adaptation ...) NOT-FOR-US: Juniper CVE-2020-1646 (On Juniper Networks Junos OS and Junos OS Evolved devices, processing ...) NOT-FOR-US: Juniper CVE-2020-1645 (When DNS filtering is enabled on Juniper Networks Junos MX Series with ...) NOT-FOR-US: Juniper CVE-2020-1644 (On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt ...) NOT-FOR-US: Juniper CVE-2020-1643 (Execution of the "show ospf interface extensive" or "show ospf interfa ...) NOT-FOR-US: Juniper CVE-2020-1642 RESERVED CVE-2020-1641 (A Race Condition vulnerability in Juniper Networks Junos OS LLDP imple ...) NOT-FOR-US: Juniper CVE-2020-1640 (An improper use of a validation framework when processing incoming gen ...) NOT-FOR-US: Juniper CVE-2020-1639 (When an attacker sends a specific crafted Ethernet Operation, Administ ...) NOT-FOR-US: Juniper CVE-2020-1638 (The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and J ...) NOT-FOR-US: Juniper CVE-2020-1637 (A vulnerability in Juniper Networks SRX Series device configured as a ...) NOT-FOR-US: Juniper CVE-2020-1636 RESERVED CVE-2020-1635 RESERVED CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and when sp ...) NOT-FOR-US: Juniper CVE-2020-1633 (Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos ...) NOT-FOR-US: Juniper CVE-2020-1632 (In a certain condition, receipt of a specific BGP UPDATE message might ...) NOT-FOR-US: Juniper CVE-2020-1631 (A vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentic ...) NOT-FOR-US: Juniper CVE-2020-1630 (A privilege escalation vulnerability in Juniper Networks Junos OS devi ...) NOT-FOR-US: Juniper CVE-2020-1629 (A race condition vulnerability on Juniper Network Junos OS devices may ...) NOT-FOR-US: Juniper CVE-2020-1628 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...) NOT-FOR-US: Juniper CVE-2020-1627 (A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices ...) NOT-FOR-US: Juniper CVE-2020-1626 (A vulnerability in Juniper Networks Junos OS Evolved may allow an atta ...) NOT-FOR-US: Juniper CVE-2020-1625 (The kernel memory usage represented as "temp" via 'show system virtual ...) NOT-FOR-US: Juniper CVE-2020-1624 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1623 (A local, authenticated user with shell can view sensitive configuratio ...) NOT-FOR-US: Juniper CVE-2020-1622 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1621 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1620 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper CVE-2020-1619 (A privilege escalation vulnerability in Juniper Networks QFX10K Series ...) NOT-FOR-US: Juniper CVE-2020-1618 (On Juniper Networks EX and QFX Series, an authentication bypass vulner ...) NOT-FOR-US: Juniper CVE-2020-1617 (This issue occurs on Juniper Networks Junos OS devices which do not su ...) NOT-FOR-US: Juniper CVE-2020-1616 (Due to insufficient server-side login attempt limit enforcement, a vul ...) NOT-FOR-US: Juniper CVE-2020-1615 (The factory configuration for vMX installations, as shipped, includes ...) NOT-FOR-US: Juniper CVE-2020-1614 (A Use of Hard-coded Credentials vulnerability exists in the NFX250 Ser ...) NOT-FOR-US: Juniper CVE-2020-1613 (A vulnerability in the BGP FlowSpec implementation may cause a Juniper ...) NOT-FOR-US: Juniper CVE-2020-1612 RESERVED CVE-2020-1611 (A Local File Inclusion vulnerability in Juniper Networks Junos Space a ...) NOT-FOR-US: Juniper CVE-2020-1610 RESERVED CVE-2020-1609 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1608 (Receipt of a specific MPLS or IPv6 packet on the core facing interface ...) NOT-FOR-US: Juniper CVE-2020-1607 (Insufficient Cross-Site Scripting (XSS) protection in J-Web may potent ...) NOT-FOR-US: Juniper CVE-2020-1606 (A path traversal vulnerability in the Juniper Networks Junos OS device ...) NOT-FOR-US: Juniper CVE-2020-1605 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1604 (On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the ...) NOT-FOR-US: Juniper CVE-2020-1603 (Specific IPv6 packets sent by clients processed by the Routing Engine ...) NOT-FOR-US: Juniper CVE-2020-1602 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) NOT-FOR-US: Juniper CVE-2020-1601 (Certain types of malformed Path Computation Element Protocol (PCEP) pa ...) NOT-FOR-US: Juniper CVE-2020-1600 (In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an ...) NOT-FOR-US: Juniper CVE-2020-1599 (Windows Spoofing Vulnerability ...) NOT-FOR-US: Microsoft CVE-2020-1598 (An elevation of privilege vulnerability exists when the Windows Univer ...) NOT-FOR-US: Microsoft CVE-2020-1597 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: Microsoft CVE-2020-1596 (A information disclosure vulnerability exists when TLS components use ...) NOT-FOR-US: Microsoft CVE-2020-1595 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1594 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1593 (A remote code execution vulnerability exists when Windows Media Audio ...) NOT-FOR-US: Microsoft CVE-2020-1592 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1591 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-1590 (An elevation of privilege vulnerability exists when the Connected User ...) NOT-FOR-US: Microsoft CVE-2020-1589 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1588 RESERVED CVE-2020-1587 (An elevation of privilege vulnerability exists when the Windows Ancill ...) NOT-FOR-US: Microsoft CVE-2020-1586 RESERVED CVE-2020-1585 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1584 (An elevation of privilege vulnerability exists in the way that the dns ...) NOT-FOR-US: Microsoft CVE-2020-1583 (An information disclosure vulnerability exists when Microsoft Word imp ...) NOT-FOR-US: Microsoft CVE-2020-1582 (A remote code execution vulnerability exists in Microsoft Access softw ...) NOT-FOR-US: Microsoft CVE-2020-1581 (An elevation of privilege vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-1580 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1579 (An elevation of privilege vulnerability exists when the Windows Functi ...) NOT-FOR-US: Microsoft CVE-2020-1578 (An information disclosure vulnerability exists in the Windows kernel t ...) NOT-FOR-US: Microsoft CVE-2020-1577 (An information disclosure vulnerability exists when DirectWrite improp ...) NOT-FOR-US: Microsoft CVE-2020-1576 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1575 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1574 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1573 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1572 RESERVED CVE-2020-1571 (An elevation of privilege vulnerability exists in Windows Setup in the ...) NOT-FOR-US: Microsoft CVE-2020-1570 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-1569 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2020-1568 (A remote code execution vulnerability exists when Microsoft Edge PDF R ...) NOT-FOR-US: Microsoft CVE-2020-1567 (A remote code execution vulnerability exists in the way that the MSHTM ...) NOT-FOR-US: Microsoft CVE-2020-1566 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1565 (An elevation of privilege vulnerability exists when the &quot;Publ ...) NOT-FOR-US: Microsoft CVE-2020-1564 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1563 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-1562 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1561 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1560 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1559 (An elevation of privilege vulnerability exists when the Windows Storag ...) NOT-FOR-US: Microsoft CVE-2020-1558 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1557 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1556 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1555 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-1554 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1553 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1552 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-1551 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1550 (An elevation of privilege vulnerability exists when the Windows CDP Us ...) NOT-FOR-US: Microsoft CVE-2020-1549 (An elevation of privilege vulnerability exists when the Windows CDP Us ...) NOT-FOR-US: Microsoft CVE-2020-1548 (An information disclosure vulnerability exists when the Windows WaasMe ...) NOT-FOR-US: Microsoft CVE-2020-1547 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1546 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1545 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1544 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1543 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1542 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1541 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1540 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1539 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1538 (An elevation of privilege vulnerability exists when the Windows UPnP D ...) NOT-FOR-US: Microsoft CVE-2020-1537 (An elevation of privilege vulnerability exists when the Windows Remote ...) NOT-FOR-US: Microsoft CVE-2020-1536 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1535 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1534 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1533 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1532 (An elevation of privilege vulnerability exists when the Windows Instal ...) NOT-FOR-US: Microsoft CVE-2020-1531 (An elevation of privilege vulnerability exists when the Windows Accoun ...) NOT-FOR-US: Microsoft CVE-2020-1530 (An elevation of privilege vulnerability exists when Windows Remote Acc ...) NOT-FOR-US: Microsoft CVE-2020-1529 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1528 (An elevation of privilege vulnerability exists when the Windows Radio ...) NOT-FOR-US: Microsoft CVE-2020-1527 (An elevation of privilege vulnerability exists when the Windows Custom ...) NOT-FOR-US: Microsoft CVE-2020-1526 (An elevation of privilege vulnerability exists when the Windows Networ ...) NOT-FOR-US: Microsoft CVE-2020-1525 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1524 (An elevation of privilege vulnerability exists when the Windows Speech ...) NOT-FOR-US: Microsoft CVE-2020-1523 (A tampering vulnerability exists when Microsoft SharePoint Server fail ...) NOT-FOR-US: Microsoft CVE-2020-1522 (An elevation of privilege vulnerability exists when the Windows Speech ...) NOT-FOR-US: Microsoft CVE-2020-1521 (An elevation of privilege vulnerability exists when the Windows Speech ...) NOT-FOR-US: Microsoft CVE-2020-1520 (A remote code execution vulnerability exists when the Windows Font Dri ...) NOT-FOR-US: Microsoft CVE-2020-1519 (An elevation of privilege vulnerability exists when the Windows UPnP D ...) NOT-FOR-US: Microsoft CVE-2020-1518 (An elevation of privilege vulnerability exists when the Windows File S ...) NOT-FOR-US: Microsoft CVE-2020-1517 (An elevation of privilege vulnerability exists when the Windows File S ...) NOT-FOR-US: Microsoft CVE-2020-1516 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-1515 (An elevation of privilege vulnerability exists when the Windows Teleph ...) NOT-FOR-US: Microsoft CVE-2020-1514 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1513 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-1512 (An information disclosure vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1511 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-1510 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-1509 (An elevation of privilege vulnerability exists in the Local Security A ...) NOT-FOR-US: Microsoft CVE-2020-1508 (A remote code execution vulnerability exists when Windows Media Audio ...) NOT-FOR-US: Microsoft CVE-2020-1507 (An elevation of privilege vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-1506 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1505 (An information disclosure vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2020-1504 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1503 (An information disclosure vulnerability exists when Microsoft Word imp ...) NOT-FOR-US: Microsoft CVE-2020-1502 (An information disclosure vulnerability exists when Microsoft Word imp ...) NOT-FOR-US: Microsoft CVE-2020-1501 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1500 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1499 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1498 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1497 (An information disclosure vulnerability exists when Microsoft Excel im ...) NOT-FOR-US: Microsoft CVE-2020-1496 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1495 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1494 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1493 (An information disclosure vulnerability exists when attaching files to ...) NOT-FOR-US: Microsoft CVE-2020-1492 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1491 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1490 (An elevation of privilege vulnerability exists when the Storage Servic ...) NOT-FOR-US: Microsoft CVE-2020-1489 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-1488 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2020-1487 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-1486 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1485 (An information disclosure vulnerability exists when the Windows Image ...) NOT-FOR-US: Microsoft CVE-2020-1484 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-1483 (A remote code execution vulnerability exists in Microsoft Outlook when ...) NOT-FOR-US: Microsoft CVE-2020-1482 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1481 (A remote code execution vulnerability exists in the ESLint extension f ...) NOT-FOR-US: Microsoft CVE-2020-1480 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1479 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-1478 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1477 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1476 (An elevation of privilege vulnerability exists when ASP.NET or .NET we ...) NOT-FOR-US: Microsoft CVE-2020-1475 (An elevation of privilege vulnerability exists in the way that the srm ...) NOT-FOR-US: Microsoft CVE-2020-1474 (An information disclosure vulnerability exists when the Windows Image ...) NOT-FOR-US: Microsoft CVE-2020-1473 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1472 (An elevation of privilege vulnerability exists when an attacker establ ...) {DLA-2463-1} [experimental] - samba 2:4.13.2+dfsg-1 - samba 2:4.13.2+dfsg-2 (bug #971048) [buster] - samba (Has already safe defaults; can be fixed along in point release) NOTE: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1472 NOTE: Originally a Microsoft only CVE but it was found that the ZeroLogon attack NOTE: https://bugzilla.samba.org/show_bug.cgi?id=14497 NOTE: Mitigation: server schannel = yes; but code changes planned. NOTE: https://www.openwall.com/lists/oss-security/2020/09/17/2 NOTE: https://www.samba.org/samba/security/CVE-2020-1472.html CVE-2020-1471 (An elevation of privilege vulnerability exists when Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2020-1470 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-1469 (A denial of service vulnerability exists when the .NET implementation ...) NOT-FOR-US: Microsoft CVE-2020-1468 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1467 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1466 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...) NOT-FOR-US: Microsoft CVE-2020-1465 (An elevation of privilege vulnerability exists in Microsoft OneDrive t ...) NOT-FOR-US: Microsoft CVE-2020-1464 (A spoofing vulnerability exists when Windows incorrectly validates fil ...) NOT-FOR-US: Microsoft CVE-2020-1463 (An elevation of privilege vulnerability exists in the way that the Sha ...) NOT-FOR-US: Microsoft CVE-2020-1462 (An information disclosure vulnerability exists when Skype for Business ...) NOT-FOR-US: Microsoft CVE-2020-1461 (An elevation of privilege vulnerability exists when the MpSigStub.exe ...) NOT-FOR-US: Microsoft CVE-2020-1460 (A remote code execution vulnerability exists in Microsoft SharePoint S ...) NOT-FOR-US: Microsoft CVE-2020-1459 (An information disclosure vulnerability exists on ARM implementations ...) NOT-FOR-US: Microsoft CVE-2020-1458 (A remote code execution vulnerability exists when Microsoft Office imp ...) NOT-FOR-US: Microsoft CVE-2020-1457 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1456 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1455 (A denial of service vulnerability exists when Microsoft SQL Server Man ...) NOT-FOR-US: Microsoft CVE-2020-1454 (This vulnerability is caused when SharePoint Server does not properly ...) NOT-FOR-US: Microsoft CVE-2020-1453 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1452 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1451 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1450 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1449 (A remote code execution vulnerability exists in Microsoft Project soft ...) NOT-FOR-US: Microsoft CVE-2020-1448 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-1447 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-1446 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-1445 (An information disclosure vulnerability exists when Microsoft Office i ...) NOT-FOR-US: Microsoft CVE-2020-1444 (A remote code execution vulnerability exists in the way Microsoft Shar ...) NOT-FOR-US: Microsoft CVE-2020-1443 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1442 (A spoofing vulnerability exists when an Office Web Apps server does no ...) NOT-FOR-US: Microsoft CVE-2020-1441 RESERVED CVE-2020-1440 (A tampering vulnerability exists when Microsoft SharePoint Server fail ...) NOT-FOR-US: Microsoft CVE-2020-1439 (A remote code execution vulnerability exists in PerformancePoint Servi ...) NOT-FOR-US: Microsoft CVE-2020-1438 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1437 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1436 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2020-1435 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-1434 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1433 (An information disclosure vulnerability exists when Microsoft Edge PDF ...) NOT-FOR-US: Microsoft CVE-2020-1432 (An information disclosure vulnerability exists when Skype for Business ...) NOT-FOR-US: Microsoft CVE-2020-1431 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2020-1430 (An elevation of privilege vulnerability exists when the Windows UPnP D ...) NOT-FOR-US: Microsoft CVE-2020-1429 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-1428 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1427 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1426 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1425 (A remoted code execution vulnerability exists in the way that Microsof ...) NOT-FOR-US: Microsoft CVE-2020-1424 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-1423 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1422 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1421 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-1420 (An information disclosure vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-1419 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1418 (An elevation of privilege vulnerability exists when the Windows Diagno ...) NOT-FOR-US: Microsoft CVE-2020-1417 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1416 (An elevation of privilege vulnerability exists in Visual Studio and Vi ...) NOT-FOR-US: Microsoft CVE-2020-1415 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1414 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1413 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1412 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1411 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1410 (A remote code execution vulnerability exists when Windows Address Book ...) NOT-FOR-US: Microsoft CVE-2020-1409 (A remote code execution vulnerability exists in the way that DirectWri ...) NOT-FOR-US: Microsoft CVE-2020-1408 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2020-1407 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1406 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1405 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-1404 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1403 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1402 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-1401 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1400 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1399 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1398 (An elevation of privilege vulnerability exists when Windows Lockscreen ...) NOT-FOR-US: Microsoft CVE-2020-1397 (An information disclosure vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1396 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1395 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1394 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1393 (An elevation of privilege vulnerability exists when the Windows Diagno ...) NOT-FOR-US: Microsoft CVE-2020-1392 (An elevation of privilege vulnerability exists when the Windows Delive ...) NOT-FOR-US: Microsoft CVE-2020-1391 (An information disclosure vulnerability exists when the Windows Agent ...) NOT-FOR-US: Microsoft CVE-2020-1390 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1389 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1388 (An elevation of privilege vulnerability exists in the way that the psm ...) NOT-FOR-US: Microsoft CVE-2020-1387 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1386 (An information vulnerability exists when Windows Connected User Experi ...) NOT-FOR-US: Microsoft CVE-2020-1385 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1384 (An elevation of privilege vulnerability exists when the Windows Crypto ...) NOT-FOR-US: Microsoft CVE-2020-1383 (An information disclosure vulnerability exists in RPC if the server ha ...) NOT-FOR-US: Microsoft CVE-2020-1382 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-1381 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-1380 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-1379 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1378 (An elevation of privilege vulnerability exists when the Windows Kernel ...) NOT-FOR-US: Microsoft CVE-2020-1377 (An elevation of privilege vulnerability exists when the Windows Kernel ...) NOT-FOR-US: Microsoft CVE-2020-1376 (An elevation of privilege vulnerability exists in the way that fdSSDP. ...) NOT-FOR-US: Microsoft CVE-2020-1375 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1374 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-1373 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1372 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-1371 (An elevation of privilege vulnerability exists when the Windows Event ...) NOT-FOR-US: Microsoft CVE-2020-1370 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1369 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1368 (An elevation of privilege vulnerability exists in the way that the Cre ...) NOT-FOR-US: Microsoft CVE-2020-1367 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1366 (An elevation of privilege vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2020-1365 (An elevation of privilege vulnerability exists when the Windows Event ...) NOT-FOR-US: Microsoft CVE-2020-1364 (A denial of service vulnerability exists in the way that the WalletSer ...) NOT-FOR-US: Microsoft CVE-2020-1363 (An elevation of privilege vulnerability exists when the Windows Picker ...) NOT-FOR-US: Microsoft CVE-2020-1362 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1361 (An information disclosure vulnerability exists in the way that the Wal ...) NOT-FOR-US: Microsoft CVE-2020-1360 (An elevation of privilege vulnerability exists when the Windows Profil ...) NOT-FOR-US: Microsoft CVE-2020-1359 (An elevation of privilege vulnerability exists when the Windows Crypto ...) NOT-FOR-US: Microsoft CVE-2020-1358 (An information disclosure vulnerability exists when the Windows Resour ...) NOT-FOR-US: Microsoft CVE-2020-1357 (An elevation of privilege vulnerability exists when the Windows System ...) NOT-FOR-US: Microsoft CVE-2020-1356 (An elevation of privilege vulnerability exists when the Windows iSCSI ...) NOT-FOR-US: Microsoft CVE-2020-1355 (A remote code execution vulnerability exists when the Windows Font Dri ...) NOT-FOR-US: Microsoft CVE-2020-1354 (An elevation of privilege vulnerability exists when the Windows UPnP D ...) NOT-FOR-US: Microsoft CVE-2020-1353 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1352 (An elevation of privilege vulnerability exists when the Windows USO Co ...) NOT-FOR-US: Microsoft CVE-2020-1351 (An information disclosure vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-1350 (A remote code execution vulnerability exists in Windows Domain Name Sy ...) NOT-FOR-US: Microsoft CVE-2020-1349 (A remote code execution vulnerability exists in Microsoft Outlook soft ...) NOT-FOR-US: Microsoft CVE-2020-1348 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1347 (An elevation of privilege vulnerability exists when the Windows Storag ...) NOT-FOR-US: Microsoft CVE-2020-1346 (An elevation of privilege vulnerability exists when the Windows Module ...) NOT-FOR-US: Microsoft CVE-2020-1345 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1344 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1343 (An information disclosure vulnerability exists in Visual Studio Code L ...) NOT-FOR-US: Microsoft CVE-2020-1342 (An information disclosure vulnerability exists when Microsoft Office s ...) NOT-FOR-US: Microsoft CVE-2020-1341 RESERVED CVE-2020-1340 (A spoofing vulnerability exists when the NuGetGallery does not properl ...) NOT-FOR-US: Microsoft CVE-2020-1339 (A remote code execution vulnerability exists when Windows Media Audio ...) NOT-FOR-US: Microsoft CVE-2020-1338 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-1337 (An elevation of privilege vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2020-1336 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1335 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1334 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1333 (An elevation of privilege vulnerability exists when Group Policy Servi ...) NOT-FOR-US: Microsoft CVE-2020-1332 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1331 (A spoofing vulnerability exists when System Center Operations Manager ...) NOT-FOR-US: Microsoft CVE-2020-1330 (An information disclosure vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-1329 (A spoofing vulnerability exists when Microsoft Bing Search for Android ...) NOT-FOR-US: Microsoft CVE-2020-1328 RESERVED CVE-2020-1327 (A spoofing vulnerability exists in Microsoft Azure DevOps Server when ...) NOT-FOR-US: Microsoft CVE-2020-1326 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2020-1325 (Azure DevOps Server and Team Foundation Services Spoofing Vulnerabilit ...) NOT-FOR-US: Microsoft CVE-2020-1324 (An elevation of privilege (user to user) vulnerability exists in Windo ...) NOT-FOR-US: Microsoft CVE-2020-1323 (An open redirect vulnerability exists in Microsoft SharePoint that cou ...) NOT-FOR-US: Microsoft CVE-2020-1322 (An information disclosure vulnerability exists when Microsoft Project ...) NOT-FOR-US: Microsoft CVE-2020-1321 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-1320 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1319 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1318 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1317 (An elevation of privilege vulnerability exists when Group Policy impro ...) NOT-FOR-US: Microsoft CVE-2020-1316 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1315 (An information disclosure vulnerability exists when Internet Explorer ...) NOT-FOR-US: Microsoft CVE-2020-1314 (An elevation of privilege vulnerability exists in Windows Text Service ...) NOT-FOR-US: Microsoft CVE-2020-1313 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-1312 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-1311 (An elevation of privilege vulnerability exists when Component Object M ...) NOT-FOR-US: Microsoft CVE-2020-1310 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1309 (An elevation of privilege vulnerability exists when the Microsoft Stor ...) NOT-FOR-US: Microsoft CVE-2020-1308 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-1307 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1306 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1305 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1304 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1303 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1302 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-1301 (A remote code execution vulnerability exists in the way that the Micro ...) NOT-FOR-US: Microsoft CVE-2020-1300 (A remote code execution vulnerability exists when Microsoft Windows fa ...) NOT-FOR-US: Microsoft CVE-2020-1299 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-1298 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1297 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1296 (A vulnerability exists in the way the Windows Diagnostics &amp; fe ...) NOT-FOR-US: Microsoft CVE-2020-1295 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...) NOT-FOR-US: Microsoft CVE-2020-1294 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1293 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1292 (An elevation of privilege vulnerability exists in OpenSSH for Windows ...) NOT-FOR-US: Microsoft CVE-2020-1291 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1290 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-1289 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1288 RESERVED CVE-2020-1287 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1286 (A remote code execution vulnerability exists when the Windows Shell do ...) NOT-FOR-US: Microsoft CVE-2020-1285 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-1284 (A denial of service vulnerability exists in the way that the Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1283 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2020-1282 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1281 (A remote code execution vulnerability exists when Microsoft Windows OL ...) NOT-FOR-US: Microsoft CVE-2020-1280 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1279 (An elevation of privilege vulnerability exists when Windows Lockscreen ...) NOT-FOR-US: Microsoft CVE-2020-1278 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1277 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-1276 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1275 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1274 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1273 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1272 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-1271 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-1270 (An elevation of privilege vulnerability exists in the way that the wla ...) NOT-FOR-US: Microsoft CVE-2020-1269 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1268 (An information disclosure vulnerability exists when a Windows service ...) NOT-FOR-US: Microsoft CVE-2020-1267 (This security update corrects a denial of service in the Local Securit ...) NOT-FOR-US: Microsoft CVE-2020-1266 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1265 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1264 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1263 (An information disclosure vulnerability exists in the way Windows Erro ...) NOT-FOR-US: Microsoft CVE-2020-1262 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1261 (An information disclosure vulnerability exists in the way Windows Erro ...) NOT-FOR-US: Microsoft CVE-2020-1260 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1259 (A security feature bypass vulnerability exists when Windows Host Guard ...) NOT-FOR-US: Microsoft CVE-2020-1258 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-1257 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1256 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1255 (An elevation of privilege vulnerability exists when the Windows Backgr ...) NOT-FOR-US: Microsoft CVE-2020-1254 (An elevation of privilege vulnerability exists when Windows Modules In ...) NOT-FOR-US: Microsoft CVE-2020-1253 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1252 (A remote code execution vulnerability exists when Windows improperly h ...) NOT-FOR-US: Microsoft CVE-2020-1251 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1250 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-1249 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1248 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-1247 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1246 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1245 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1244 (A denial of service vulnerability exists when Connected User Experienc ...) NOT-FOR-US: Microsoft CVE-2020-1243 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-1242 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-1241 (A security feature bypass vulnerability exists when Windows Kernel fai ...) NOT-FOR-US: Microsoft CVE-2020-1240 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1239 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1238 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1237 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1236 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1235 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1234 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-1233 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1232 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-1231 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1230 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1229 (A security feature bypass vulnerability exists in Microsoft Outlook wh ...) NOT-FOR-US: Microsoft CVE-2020-1228 (A denial of service vulnerability exists in Windows DNS when it fails ...) NOT-FOR-US: Microsoft CVE-2020-1227 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1226 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1225 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1224 (An information disclosure vulnerability exists when Microsoft Excel im ...) NOT-FOR-US: Microsoft CVE-2020-1223 (A remote code execution vulnerability exists when Microsoft Word for A ...) NOT-FOR-US: Microsoft CVE-2020-1222 (An elevation of privilege vulnerability exists when the Microsoft Stor ...) NOT-FOR-US: Microsoft CVE-2020-1221 RESERVED CVE-2020-1220 (A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based ...) NOT-FOR-US: Microsoft CVE-2020-1219 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1218 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-1217 (An information disclosure vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1216 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1215 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1214 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1213 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1212 (An elevation of privilege vulnerability exists when an OLE Automation ...) NOT-FOR-US: Microsoft CVE-2020-1211 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-1210 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1209 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1208 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1207 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1206 (An information disclosure vulnerability exists in the way that the Mic ...) NOT-FOR-US: Microsoft CVE-2020-1205 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1204 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-1203 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1202 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1201 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1200 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1199 (An elevation of privilege vulnerability exists when the Windows Feedba ...) NOT-FOR-US: Microsoft CVE-2020-1198 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1197 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-1196 (An elevation of privilege vulnerability exists in the way that the pri ...) NOT-FOR-US: Microsoft CVE-2020-1195 (An elevation of privilege vulnerability exists in Microsoft Edge (Chro ...) NOT-FOR-US: Microsoft CVE-2020-1194 (A denial of service vulnerability exists when Windows Registry imprope ...) NOT-FOR-US: Microsoft CVE-2020-1193 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-1192 (A remote code execution vulnerability exists in Visual Studio Code whe ...) NOT-FOR-US: Microsoft CVE-2020-1191 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1190 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1189 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1188 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1187 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1186 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1185 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1184 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1183 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1182 (A remote code execution vulnerability exists in Microsoft Dynamics 365 ...) NOT-FOR-US: Microsoft CVE-2020-1181 (A remote code execution vulnerability exists in Microsoft SharePoint S ...) NOT-FOR-US: Microsoft CVE-2020-1180 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1179 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1178 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2020-1177 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1176 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1175 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1174 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1173 (A spoofing vulnerability exists in Microsoft Power BI Report Server in ...) NOT-FOR-US: Microsoft CVE-2020-1172 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1171 (A remote code execution vulnerability exists in Visual Studio Code whe ...) NOT-FOR-US: Microsoft CVE-2020-1170 (An elevation of privilege vulnerability exists in Windows Defender tha ...) NOT-FOR-US: Microsoft CVE-2020-1169 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1168 RESERVED CVE-2020-1167 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1166 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1165 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1164 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1163 (An elevation of privilege vulnerability exists in Windows Defender tha ...) NOT-FOR-US: Microsoft CVE-2020-1162 (An elevation of privilege (user to user) vulnerability exists in Windo ...) NOT-FOR-US: Microsoft CVE-2020-1161 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: Microsoft .NET CVE-2020-1160 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-1159 (An elevation of privilege vulnerability exists in the way that the Sta ...) NOT-FOR-US: Microsoft CVE-2020-1158 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1157 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1156 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1155 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1154 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-1153 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1152 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1151 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1150 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1149 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1148 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1147 (A remote code execution vulnerability exists in .NET Framework, Micros ...) NOT-FOR-US: Microsoft .NET CVE-2020-1146 (An elevation of privilege vulnerability exists when the Microsoft Stor ...) NOT-FOR-US: Microsoft CVE-2020-1145 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1144 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1143 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1142 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1141 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1140 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-1139 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1138 (An elevation of privilege vulnerability exists when the Storage Servic ...) NOT-FOR-US: Microsoft CVE-2020-1137 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1136 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1135 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-1134 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1133 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1132 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-1131 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1130 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-1129 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-1128 RESERVED CVE-2020-1127 RESERVED CVE-2020-1126 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1125 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1124 (An elevation of privilege vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-1123 (A denial of service vulnerability exists when Connected User Experienc ...) NOT-FOR-US: Microsoft CVE-2020-1122 (An elevation of privilege vulnerability exists when the Windows Langua ...) NOT-FOR-US: Microsoft CVE-2020-1121 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1120 (A denial of service vulnerability exists when Connected User Experienc ...) NOT-FOR-US: Microsoft CVE-2020-1119 (An information disclosure vulnerability exists when StartTileData.dll ...) NOT-FOR-US: Microsoft CVE-2020-1118 (A denial of service vulnerability exists in the Windows implementation ...) NOT-FOR-US: Microsoft CVE-2020-1117 (A remote code execution vulnerability exists in the way that the Color ...) NOT-FOR-US: Microsoft CVE-2020-1116 (An information disclosure vulnerability exists when the Windows Client ...) NOT-FOR-US: Microsoft CVE-2020-1115 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-1114 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1113 (A security feature bypass vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2020-1112 (An elevation of privilege vulnerability exists when the Windows Backgr ...) NOT-FOR-US: Microsoft CVE-2020-1111 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1110 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-1109 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-1108 (A denial of service vulnerability exists when .NET Core or .NET Framew ...) NOT-FOR-US: Microsoft .NET CVE-2020-1107 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1106 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1105 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1104 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-1103 (An information disclosure vulnerability exists where certain modes of ...) NOT-FOR-US: Microsoft CVE-2020-1102 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1101 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1100 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1099 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-1098 (An elevation of privilege vulnerability exists when the Shell infrastr ...) NOT-FOR-US: Microsoft CVE-2020-1097 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1096 (A remote code execution vulnerability exists when Microsoft Edge PDF R ...) NOT-FOR-US: Microsoft CVE-2020-1095 RESERVED CVE-2020-1094 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-1093 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1092 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-1091 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-1090 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1089 RESERVED CVE-2020-1088 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-1087 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1086 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1085 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1084 (A Denial Of Service vulnerability exists when Connected User Experienc ...) NOT-FOR-US: Microsoft CVE-2020-1083 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-1082 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-1081 (An elevation of privilege vulnerability exists when the Windows Printe ...) NOT-FOR-US: Microsoft CVE-2020-1080 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...) NOT-FOR-US: Microsoft CVE-2020-1079 (An elevation of privilege vulnerability exists when the Windows fails ...) NOT-FOR-US: Microsoft CVE-2020-1078 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-1077 (An elevation of privilege vulnerability exists when the Windows Runtim ...) NOT-FOR-US: Microsoft CVE-2020-1076 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2020-1075 (An information disclosure vulnerability exists when Windows Subsystem ...) NOT-FOR-US: Microsoft CVE-2020-1074 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1073 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1072 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1071 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-1070 (An elevation of privilege vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2020-1069 (A remote code execution vulnerability exists in Microsoft SharePoint S ...) NOT-FOR-US: Microsoft CVE-2020-1068 (An elevation of privilege vulnerability exists in Windows Media Servic ...) NOT-FOR-US: Microsoft CVE-2020-1067 (A remote code execution vulnerability exists in the way that Windows h ...) NOT-FOR-US: Microsoft CVE-2020-1066 (An elevation of privilege vulnerability exists in .NET Framework which ...) NOT-FOR-US: Microsoft CVE-2020-1065 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1064 (A remote code execution vulnerability exists in the way that the MSHTM ...) NOT-FOR-US: Microsoft CVE-2020-1063 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-1062 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-1061 (A remote code execution vulnerability exists in the way that the Micro ...) NOT-FOR-US: Microsoft CVE-2020-1060 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1059 (A spoofing vulnerability exists when Microsoft Edge does not properly ...) NOT-FOR-US: Microsoft CVE-2020-1058 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1057 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1056 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...) NOT-FOR-US: Microsoft CVE-2020-1055 (A cross-site-scripting (XSS) vulnerability exists when Active Director ...) NOT-FOR-US: Microsoft CVE-2020-1054 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-1053 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-1052 (An elevation of privilege vulnerability exists in the way that the ssd ...) NOT-FOR-US: Microsoft CVE-2020-1051 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1050 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-1049 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-1048 (An elevation of privilege vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2020-1047 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...) NOT-FOR-US: Microsoft CVE-2020-1046 (A remote code execution vulnerability exists when Microsoft .NET Frame ...) NOT-FOR-US: Microsoft CVE-2020-1045 (A security feature bypass vulnerability exists in the way Microsoft AS ...) - dotnet-core-3.1 (bug #968921) CVE-2020-1044 (A security feature bypass vulnerability exists in SQL Server Reporting ...) NOT-FOR-US: Microsoft CVE-2020-1043 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1042 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1041 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1040 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1039 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1038 (A denial of service vulnerability exists when Windows Routing Utilitie ...) NOT-FOR-US: Microsoft CVE-2020-1037 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-1036 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1035 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-1034 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1033 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1032 (A remote code execution vulnerability exists when Hyper-V RemoteFX vGP ...) NOT-FOR-US: Microsoft CVE-2020-1031 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1030 (An elevation of privilege vulnerability exists when the Windows Print ...) NOT-FOR-US: Microsoft CVE-2020-1029 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-1028 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-1027 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1026 (A Security Feature Bypass vulnerability exists in the MSR JavaScript C ...) NOT-FOR-US: Microsoft CVE-2020-1025 (An elevation of privilege vulnerability exists when Microsoft SharePoi ...) NOT-FOR-US: Microsoft CVE-2020-1024 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1023 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-1022 (A remote code execution vulnerability exists in Microsoft Dynamics Bus ...) NOT-FOR-US: Microsoft CVE-2020-1021 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-1020 (A remote code execution vulnerability exists in Microsoft Windows when ...) NOT-FOR-US: Microsoft CVE-2020-1019 (An elevation of privilege vulnerability exists in RMS Sharing App for ...) NOT-FOR-US: Microsoft CVE-2020-1018 (An information disclosure vulnerability exists when Microsoft Dynamics ...) NOT-FOR-US: Microsoft CVE-2020-1017 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1016 (An information disclosure vulnerability exists when the Windows Push N ...) NOT-FOR-US: Microsoft CVE-2020-1015 (An elevation of privilege vulnerability exists in the way that the Use ...) NOT-FOR-US: Microsoft CVE-2020-1014 (An elevation of privilege vulnerability exists in the Microsoft Window ...) NOT-FOR-US: Microsoft CVE-2020-1013 (An elevation of privilege vulnerability exists when Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2020-1012 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-1011 (An elevation of privilege vulnerability exists when the Windows System ...) NOT-FOR-US: Microsoft CVE-2020-1010 (An elevation of privilege vulnerability exists in Windows Block Level ...) NOT-FOR-US: Microsoft CVE-2020-1009 (An elevation of privilege vulnerability exists in the way that the Mic ...) NOT-FOR-US: Microsoft CVE-2020-1008 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-1007 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1006 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1005 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-1004 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-1003 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-1002 (An elevation of privilege vulnerability exists when the MpSigStub.exe ...) NOT-FOR-US: Microsoft CVE-2020-1001 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-1000 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0999 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0998 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0997 (A remote code execution vulnerability exists when the Windows Camera C ...) NOT-FOR-US: Microsoft CVE-2020-0996 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0995 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0994 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0993 (A denial of service vulnerability exists in Windows DNS when it fails ...) NOT-FOR-US: Microsoft CVE-2020-0992 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0991 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-0990 RESERVED CVE-2020-0989 (An information disclosure vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-0988 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0987 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0986 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0985 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0984 (An elevation of privilege vulnerability exists when the Microsoft Auto ...) NOT-FOR-US: Microsoft CVE-2020-0983 (An elevation of privilege vulnerability exists when the Windows Delive ...) NOT-FOR-US: Microsoft CVE-2020-0982 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0981 (A security feature bypass vulnerability exists when Windows fails to p ...) NOT-FOR-US: Microsoft CVE-2020-0980 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0979 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0978 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0977 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0976 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0975 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0974 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0973 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0972 (A spoofing vulnerability exists when Microsoft SharePoint Server does ...) NOT-FOR-US: Microsoft CVE-2020-0971 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0970 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0969 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0968 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0967 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0966 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0965 (A remoted code execution vulnerability exists in the way that Microsof ...) NOT-FOR-US: Microsoft CVE-2020-0964 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-0963 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0962 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0961 (A remote code execution vulnerability exists when the Microsoft Office ...) NOT-FOR-US: Microsoft CVE-2020-0960 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0959 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0958 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0957 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0956 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0955 (An information disclosure vulnerability exists when certain central pr ...) NOT-FOR-US: Microsoft CVE-2020-0954 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0953 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0952 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0951 (A security feature bypass vulnerability exists in Windows Defender App ...) NOT-FOR-US: Microsoft CVE-2020-0950 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0949 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0948 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0947 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0946 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0945 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0944 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-0943 (An authentication bypass vulnerability exists in Microsoft YourPhoneCo ...) NOT-FOR-US: Microsoft CVE-2020-0942 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-0941 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0940 (An elevation of privilege vulnerability exists in the way the Windows ...) NOT-FOR-US: Microsoft CVE-2020-0939 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0938 (A remote code execution vulnerability exists in Microsoft Windows when ...) NOT-FOR-US: Microsoft CVE-2020-0937 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0936 (An elevation of privilege vulnerability exists when a Windows schedule ...) NOT-FOR-US: Microsoft CVE-2020-0935 (An elevation of privilege vulnerability exists when the OneDrive for W ...) NOT-FOR-US: Microsoft CVE-2020-0934 (An elevation of privilege vulnerability exists when the Windows WpcDes ...) NOT-FOR-US: Microsoft CVE-2020-0933 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0932 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0931 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0930 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0929 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0928 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0927 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0926 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0925 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0924 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0923 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0922 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-0921 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0920 (A remote code execution vulnerability exists in Microsoft SharePoint w ...) NOT-FOR-US: Microsoft CVE-2020-0919 (An elevation of privilege vulnerability exists in Remote Desktop App f ...) NOT-FOR-US: Microsoft CVE-2020-0918 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...) NOT-FOR-US: Microsoft CVE-2020-0917 (An elevation of privilege vulnerability exists when Windows Hyper-V on ...) NOT-FOR-US: Microsoft CVE-2020-0916 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0915 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0914 (An information disclosure vulnerability exists when the Windows State ...) NOT-FOR-US: Microsoft CVE-2020-0913 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0912 (An elevation of privilege vulnerability exists when the Windows Functi ...) NOT-FOR-US: Microsoft CVE-2020-0911 (An elevation of privilege vulnerability exists when Windows Modules In ...) NOT-FOR-US: Microsoft CVE-2020-0910 (A remote code execution vulnerability exists when Windows Hyper-V on a ...) NOT-FOR-US: Microsoft CVE-2020-0909 (A denial of service vulnerability exists when Hyper-V on a Windows Ser ...) NOT-FOR-US: Microsoft CVE-2020-0908 (A remote code execution vulnerability exists when the Windows Text Ser ...) NOT-FOR-US: Microsoft CVE-2020-0907 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-0906 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0905 (An remote code execution vulnerability exists in Microsoft Dynamics Bu ...) NOT-FOR-US: Microsoft CVE-2020-0904 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0903 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Excha ...) NOT-FOR-US: Microsoft CVE-2020-0902 (An elevation of privilege vulnerability exists in Service Fabric File ...) NOT-FOR-US: Microsoft CVE-2020-0901 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0900 (An elevation of privilege vulnerability exists when the Visual Studio ...) NOT-FOR-US: Microsoft CVE-2020-0899 (An elevation of privilege vulnerability exists when Microsoft Visual S ...) NOT-FOR-US: Microsoft CVE-2020-0898 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0897 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0896 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0895 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0894 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0893 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0892 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0891 (This vulnerability is caused when SharePoint Server does not properly ...) NOT-FOR-US: Microsoft CVE-2020-0890 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0889 (A remote code execution vulnerability exists when the Windows Jet Data ...) NOT-FOR-US: Microsoft CVE-2020-0888 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0887 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0886 (An elevation of privilege vulnerability exists when the Windows Storag ...) NOT-FOR-US: Microsoft CVE-2020-0885 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0884 (A spoofing vulnerability exists in Microsoft Visual Studio as it inclu ...) NOT-FOR-US: Microsoft CVE-2020-0883 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-0882 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0881 (A remote code execution vulnerability exists in the way that the Windo ...) NOT-FOR-US: Microsoft CVE-2020-0880 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0879 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0878 (A remote code execution vulnerability exists in the way that Microsoft ...) NOT-FOR-US: Microsoft CVE-2020-0877 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0876 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0875 (An information disclosure vulnerability exists in how splwow64.exe han ...) NOT-FOR-US: Microsoft CVE-2020-0874 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0873 RESERVED CVE-2020-0872 (A remote code execution vulnerability exists in Application Inspector ...) NOT-FOR-US: Microsoft CVE-2020-0871 (An information disclosure vulnerability exists when Windows Network Co ...) NOT-FOR-US: Microsoft CVE-2020-0870 (An elevation of privilege vulnerability exists when the Shell infrastr ...) NOT-FOR-US: Microsoft CVE-2020-0869 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0868 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0867 (An elevation of privilege vulnerability exists when the Windows Update ...) NOT-FOR-US: Microsoft CVE-2020-0866 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0865 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0864 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0863 (An information vulnerability exists when Windows Connected User Experi ...) NOT-FOR-US: Microsoft CVE-2020-0862 RESERVED CVE-2020-0861 (An information disclosure vulnerability exists when the Windows Networ ...) NOT-FOR-US: Microsoft CVE-2020-0860 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0859 (An information vulnerability exists when Windows Modules Installer Ser ...) NOT-FOR-US: Microsoft CVE-2020-0858 (An elevation of privilege vulnerability exists when the &quot;Publ ...) NOT-FOR-US: Microsoft CVE-2020-0857 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0856 (An information disclosure vulnerability exists when Active Directory i ...) NOT-FOR-US: Microsoft CVE-2020-0855 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0854 (An elevation of privilege vulnerability exists when Windows Mobile Dev ...) NOT-FOR-US: Microsoft CVE-2020-0853 (An information disclosure vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0852 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0851 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0850 (A remote code execution vulnerability exists in Microsoft Word softwar ...) NOT-FOR-US: Microsoft CVE-2020-0849 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0848 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0847 (A remote code execution vulnerability exists in the way that the VBScr ...) NOT-FOR-US: Microsoft CVE-2020-0846 RESERVED CVE-2020-0845 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0844 (An elevation of privilege vulnerability exists when Connected User Exp ...) NOT-FOR-US: Microsoft CVE-2020-0843 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0842 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0841 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0840 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0839 (An elevation of privilege vulnerability exists in the way that the dns ...) NOT-FOR-US: Microsoft CVE-2020-0838 (An elevation of privilege vulnerability exists when NTFS improperly ch ...) NOT-FOR-US: Microsoft CVE-2020-0837 (A spoofing vulnerability exists when Active Directory Federation Servi ...) NOT-FOR-US: Microsoft CVE-2020-0836 (A denial of service vulnerability exists in Windows DNS when it fails ...) NOT-FOR-US: Microsoft CVE-2020-0835 (An elevation of privilege vulnerability exists when Windows Defender a ...) NOT-FOR-US: Microsoft CVE-2020-0834 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0833 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0832 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0831 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0830 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2020-0829 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0828 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0827 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0826 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0825 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0824 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-0823 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0822 (An elevation of privilege vulnerability exists when the Windows Langua ...) NOT-FOR-US: Microsoft CVE-2020-0821 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0820 (An information disclosure vulnerability exists when Media Foundation i ...) NOT-FOR-US: Microsoft CVE-2020-0819 (An elevation of privilege vulnerability exists when the Windows Device ...) NOT-FOR-US: Microsoft CVE-2020-0818 RESERVED CVE-2020-0817 RESERVED CVE-2020-0816 (A remote code execution vulnerability exists when Microsoft Edge impro ...) NOT-FOR-US: Microsoft CVE-2020-0815 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...) NOT-FOR-US: Microsoft CVE-2020-0814 (An elevation of privilege vulnerability exists in Windows Installer be ...) NOT-FOR-US: Microsoft CVE-2020-0813 (An information disclosure vulnerability exists when Chakra improperly ...) NOT-FOR-US: Microsoft CVE-2020-0812 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0811 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0810 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-0809 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0808 (An elevation of privilege vulnerability exists in the way the Provisio ...) NOT-FOR-US: Microsoft CVE-2020-0807 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0806 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0805 (A security feature bypass vulnerability exists when a Windows Projecte ...) NOT-FOR-US: Microsoft CVE-2020-0804 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0803 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0802 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0801 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0800 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0799 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2020-0798 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0797 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0796 (A remote code execution vulnerability exists in the way that the Micro ...) NOT-FOR-US: Microsoft CVE-2020-0795 (This vulnerability is caused when SharePoint Server does not properly ...) NOT-FOR-US: Microsoft CVE-2020-0794 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2020-0793 (An elevation of privilege vulnerability exists when the Diagnostics Hu ...) NOT-FOR-US: Microsoft CVE-2020-0792 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0791 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0790 (A local elevation of privilege vulnerability exists in how splwow64.ex ...) NOT-FOR-US: Microsoft CVE-2020-0789 (A denial of service vulnerability exists when the Visual Studio Extens ...) NOT-FOR-US: Microsoft CVE-2020-0788 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0787 (An elevation of privilege vulnerability exists when the Windows Backgr ...) NOT-FOR-US: Microsoft CVE-2020-0786 (A denial of service vulnerability exists when the Windows Tile Object ...) NOT-FOR-US: Microsoft CVE-2020-0785 (An elevation of privilege vulnerability exists when the Windows User P ...) NOT-FOR-US: Microsoft CVE-2020-0784 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0783 (An elevation of privilege vulnerability exists when the Windows Univer ...) NOT-FOR-US: Microsoft CVE-2020-0782 (An elevation of privilege vulnerability exists when the Windows Crypto ...) NOT-FOR-US: Microsoft CVE-2020-0781 (An elevation of privilege vulnerability exists when the Windows Univer ...) NOT-FOR-US: Microsoft CVE-2020-0780 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0779 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0778 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0777 (An elevation of privilege vulnerability exists when the Windows Work F ...) NOT-FOR-US: Microsoft CVE-2020-0776 (An elevation of privilege vulnerability exists when the Windows AppX D ...) NOT-FOR-US: Microsoft CVE-2020-0775 (An information disclosure vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0774 (An information disclosure vulnerability exists when the Windows GDI co ...) NOT-FOR-US: Microsoft CVE-2020-0773 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0772 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0771 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-0770 (An elevation of privilege vulnerability exists when the Windows Active ...) NOT-FOR-US: Microsoft CVE-2020-0769 (An elevation of privilege vulnerability exists when the Windows CSC Se ...) NOT-FOR-US: Microsoft CVE-2020-0768 (A remote code execution vulnerability exists in the way the scripting ...) NOT-FOR-US: Microsoft CVE-2020-0767 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0766 (An elevation of privilege vulnerability exists when the Microsoft Stor ...) NOT-FOR-US: Microsoft CVE-2020-0765 (An information disclosure vulnerability exists in the Remote Desktop C ...) NOT-FOR-US: Microsoft CVE-2020-0764 (An elevation of privilege vulnerability exists when the Windows Storag ...) NOT-FOR-US: Microsoft CVE-2020-0763 (An elevation of privilege vulnerability exists when Windows Defender S ...) NOT-FOR-US: Microsoft CVE-2020-0762 (An elevation of privilege vulnerability exists when Windows Defender S ...) NOT-FOR-US: Microsoft CVE-2020-0761 (A remote code execution vulnerability exists when Active Directory int ...) NOT-FOR-US: Microsoft CVE-2020-0760 (A remote code execution vulnerability exists when Microsoft Office imp ...) NOT-FOR-US: Microsoft CVE-2020-0759 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0758 (An elevation of privilege vulnerability exists when Azure DevOps Serve ...) NOT-FOR-US: Microsoft CVE-2020-0757 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0756 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0755 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0754 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0753 (An elevation of privilege vulnerability exists in Windows Error Report ...) NOT-FOR-US: Microsoft CVE-2020-0752 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0751 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0750 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0749 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0748 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0747 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2020-0746 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-0745 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0744 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0743 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0742 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0741 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0740 (An elevation of privilege vulnerability exists in the way that the Con ...) NOT-FOR-US: Microsoft CVE-2020-0739 (An elevation of privilege vulnerability exists in the way that the dss ...) NOT-FOR-US: Microsoft CVE-2020-0738 (A memory corruption vulnerability exists when Windows Media Foundation ...) NOT-FOR-US: Microsoft CVE-2020-0737 (An elevation of privilege vulnerability exists in the way that the tap ...) NOT-FOR-US: Microsoft CVE-2020-0736 (An information disclosure vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0735 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0734 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0733 (An elevation of privilege vulnerability exists when the Windows Malici ...) NOT-FOR-US: Microsoft CVE-2020-0732 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0731 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0730 (An elevation of privilege vulnerability exists when the Windows User P ...) NOT-FOR-US: Microsoft CVE-2020-0729 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-0728 (An information vulnerability exists when Windows Modules Installer Ser ...) NOT-FOR-US: Microsoft CVE-2020-0727 (An elevation of privilege vulnerability exists when the Connected User ...) NOT-FOR-US: Microsoft CVE-2020-0726 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0725 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0724 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0723 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0722 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0721 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0720 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0719 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0718 (A remote code execution vulnerability exists when Active Directory int ...) NOT-FOR-US: Microsoft CVE-2020-0717 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0716 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0715 (An elevation of privilege vulnerability exists when the Windows Graphi ...) NOT-FOR-US: Microsoft CVE-2020-0714 (An information disclosure vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0713 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0712 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0711 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0710 (A remote code execution vulnerability exists in the way that the Chakr ...) NOT-FOR-US: Microsoft CVE-2020-0709 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0708 (A remote code execution vulnerability exists when the Windows Imaging ...) NOT-FOR-US: Microsoft CVE-2020-0707 (An elevation of privilege vulnerability exists when the Windows IME im ...) NOT-FOR-US: Microsoft CVE-2020-0706 (An information disclosure vulnerability exists in the way that affecte ...) NOT-FOR-US: Microsoft CVE-2020-0705 (An information disclosure vulnerability exists when the Windows Networ ...) NOT-FOR-US: Microsoft CVE-2020-0704 (An elevation of privilege vulnerability exists when the Windows Wirele ...) NOT-FOR-US: Microsoft CVE-2020-0703 (An elevation of privilege vulnerability exists when the Windows Backup ...) NOT-FOR-US: Microsoft CVE-2020-0702 (A security feature bypass vulnerability exists in Surface Hub when pro ...) NOT-FOR-US: Microsoft CVE-2020-0701 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0700 (A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Se ...) NOT-FOR-US: Microsoft CVE-2020-0699 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0698 (An information disclosure vulnerability exists when the Telephony Serv ...) NOT-FOR-US: Microsoft CVE-2020-0697 (An elevation of privilege vulnerability exists in Microsoft Office OLi ...) NOT-FOR-US: Microsoft CVE-2020-0696 (A security feature bypass vulnerability exists in Microsoft Outlook so ...) NOT-FOR-US: Microsoft CVE-2020-0695 (A spoofing vulnerability exists when Office Online Server does not val ...) NOT-FOR-US: Microsoft CVE-2020-0694 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0693 (A cross-site-scripting (XSS) vulnerability exists when Microsoft Share ...) NOT-FOR-US: Microsoft CVE-2020-0692 (An elevation of privilege vulnerability exists in Microsoft Exchange S ...) NOT-FOR-US: Microsoft CVE-2020-0691 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0690 (An elevation of privilege vulnerability exists when DirectX improperly ...) NOT-FOR-US: Microsoft CVE-2020-0689 (A security feature bypass vulnerability exists in secure boot, aka 'Mi ...) NOT-FOR-US: Microsoft CVE-2020-0688 (A remote code execution vulnerability exists in Microsoft Exchange sof ...) NOT-FOR-US: Microsoft CVE-2020-0687 (A remote code execution vulnerability exists when the Windows font lib ...) NOT-FOR-US: Microsoft CVE-2020-0686 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0685 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft CVE-2020-0684 (A remote code execution vulnerability exists in Microsoft Windows that ...) NOT-FOR-US: Microsoft CVE-2020-0683 (An elevation of privilege vulnerability exists in the Windows Installe ...) NOT-FOR-US: Microsoft CVE-2020-0682 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0681 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0680 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0679 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0678 (An elevation of privilege vulnerability exists when Windows Error Repo ...) NOT-FOR-US: Microsoft CVE-2020-0677 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0676 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0675 (An information disclosure vulnerability exists in the Cryptography Nex ...) NOT-FOR-US: Microsoft CVE-2020-0674 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0673 (A remote code execution vulnerability exists in the way that the scrip ...) NOT-FOR-US: Microsoft CVE-2020-0672 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0671 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0670 (An elevation of privilege vulnerability exists when the Windows kernel ...) NOT-FOR-US: Microsoft CVE-2020-0669 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0668 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0667 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0666 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0665 (An elevation of privilege vulnerability exists in Active Directory For ...) NOT-FOR-US: Microsoft CVE-2020-0664 (An information disclosure vulnerability exists when Active Directory i ...) NOT-FOR-US: Microsoft CVE-2020-0663 (An elevation of privilege vulnerability exists when Microsoft Edge doe ...) NOT-FOR-US: Microsoft CVE-2020-0662 (A remote code execution vulnerability exists in the way that Windows h ...) NOT-FOR-US: Microsoft CVE-2020-0661 (A denial of service vulnerability exists when Microsoft Hyper-V on a h ...) NOT-FOR-US: Microsoft CVE-2020-0660 (A denial of service vulnerability exists in Remote Desktop Protocol (R ...) NOT-FOR-US: Microsoft CVE-2020-0659 (An elevation of privilege vulnerability exists when the Windows Data S ...) NOT-FOR-US: Microsoft CVE-2020-0658 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0657 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-0656 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) NOT-FOR-US: Microsoft CVE-2020-0655 (A remote code execution vulnerability exists in Remote Desktop Service ...) NOT-FOR-US: Microsoft CVE-2020-0654 (A security feature bypass vulnerability exists in Microsoft OneDrive A ...) NOT-FOR-US: Microsoft CVE-2020-0653 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0652 (A remote code execution vulnerability exists in Microsoft Office softw ...) NOT-FOR-US: Microsoft CVE-2020-0651 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0650 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) NOT-FOR-US: Microsoft CVE-2020-0649 RESERVED CVE-2020-0648 (An elevation of privilege vulnerability exists when the Windows RSoP S ...) NOT-FOR-US: Microsoft CVE-2020-0647 (A spoofing vulnerability exists when Office Online does not validate o ...) NOT-FOR-US: Microsoft CVE-2020-0646 (A remote code execution vulnerability exists when the Microsoft .NET F ...) NOT-FOR-US: Microsoft CVE-2020-0645 (A tampering vulnerability exists when Microsoft IIS Server improperly ...) NOT-FOR-US: Microsoft CVE-2020-0644 (An elevation of privilege vulnerability exists when Microsoft Windows ...) NOT-FOR-US: Microsoft CVE-2020-0643 (An information disclosure vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0642 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0641 (An elevation of privilege vulnerability exists in Windows Media Servic ...) NOT-FOR-US: Microsoft CVE-2020-0640 (A remote code execution vulnerability exists when Internet Explorer im ...) NOT-FOR-US: Microsoft CVE-2020-0639 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0638 (An elevation of privilege vulnerability exists in the way the Update N ...) NOT-FOR-US: Microsoft CVE-2020-0637 (An information disclosure vulnerability exists when Remote Desktop Web ...) NOT-FOR-US: Microsoft CVE-2020-0636 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0635 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) NOT-FOR-US: Microsoft CVE-2020-0634 (An elevation of privilege vulnerability exists when the Windows Common ...) NOT-FOR-US: Microsoft CVE-2020-0633 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0632 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0631 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0630 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0629 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0628 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0627 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0626 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0625 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0624 (An elevation of privilege vulnerability exists in Windows when the Win ...) NOT-FOR-US: Microsoft CVE-2020-0623 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0622 (An information disclosure vulnerability exists when the Microsoft Wind ...) NOT-FOR-US: Microsoft CVE-2020-0621 (A security feature bypass vulnerability exists in Windows 10 when thir ...) NOT-FOR-US: Microsoft CVE-2020-0620 (An elevation of privilege vulnerability exists when Microsoft Cryptogr ...) NOT-FOR-US: Microsoft CVE-2020-0619 RESERVED CVE-2020-0618 (A remote code execution vulnerability exists in Microsoft SQL Server R ...) NOT-FOR-US: Microsoft CVE-2020-0617 (A denial of service vulnerability exists when Microsoft Hyper-V Virtua ...) NOT-FOR-US: Microsoft CVE-2020-0616 (A denial of service vulnerability exists when Windows improperly handl ...) NOT-FOR-US: Microsoft CVE-2020-0615 (An information disclosure vulnerability exists in the Windows Common L ...) NOT-FOR-US: Microsoft CVE-2020-0614 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0613 (An elevation of privilege vulnerability exists in the way that the Win ...) NOT-FOR-US: Microsoft CVE-2020-0612 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...) NOT-FOR-US: Microsoft CVE-2020-0611 (A remote code execution vulnerability exists in the Windows Remote Des ...) NOT-FOR-US: Microsoft CVE-2020-0610 (A remote code execution vulnerability exists in Windows Remote Desktop ...) NOT-FOR-US: Microsoft CVE-2020-0609 (A remote code execution vulnerability exists in Windows Remote Desktop ...) NOT-FOR-US: Microsoft CVE-2020-0608 (An information disclosure vulnerability exists when the win32k compone ...) NOT-FOR-US: Microsoft CVE-2020-0607 (An information disclosure vulnerability exists in the way that Microso ...) NOT-FOR-US: Microsoft CVE-2020-0606 (A remote code execution vulnerability exists in .NET software when the ...) NOT-FOR-US: Microsoft CVE-2020-0605 (A remote code execution vulnerability exists in .NET software when the ...) NOT-FOR-US: Microsoft CVE-2020-0604 (A remote code execution vulnerability exists in Visual Studio Code whe ...) NOT-FOR-US: Microsoft CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core software ...) NOT-FOR-US: Microsoft CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core improperly ...) NOT-FOR-US: Microsoft CVE-2020-0601 (A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32. ...) NOT-FOR-US: Microsoft CVE-2020-0600 (Improper buffer restrictions in firmware for some Intel(R) NUC may all ...) NOT-FOR-US: Intel CVE-2020-0599 (Improper access control in the PMC for some Intel(R) Processors may al ...) NOT-FOR-US: Intel CVE-2020-0598 (Uncontrolled search path in the installer for the Intel(R) Binary Conf ...) NOT-FOR-US: Intel CVE-2020-0597 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM ...) NOT-FOR-US: Intel CVE-2020-0596 (Improper input validation in DHCPv6 subsystem in Intel(R) AMT and Inte ...) NOT-FOR-US: Intel CVE-2020-0595 (Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM vers ...) NOT-FOR-US: Intel CVE-2020-0594 (Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM ...) NOT-FOR-US: Intel CVE-2020-0593 (Improper buffer restrictions in BIOS firmware for some Intel(R) Proces ...) NOT-FOR-US: Intel CVE-2020-0592 (Out of bounds write in BIOS firmware for some Intel(R) Processors may ...) NOT-FOR-US: Intel CVE-2020-0591 (Improper buffer restrictions in BIOS firmware for some Intel(R) Proces ...) NOT-FOR-US: Intel CVE-2020-0590 (Improper input validation in BIOS firmware for some Intel(R) Processor ...) NOT-FOR-US: Intel CVE-2020-0589 RESERVED CVE-2020-0588 (Improper conditions check in BIOS firmware for some Intel(R) Processor ...) NOT-FOR-US: Intel CVE-2020-0587 (Improper conditions check in BIOS firmware for some Intel(R) Processor ...) NOT-FOR-US: Intel CVE-2020-0586 (Improper initialization in subsystem for Intel(R) SPS versions before ...) NOT-FOR-US: Intel CVE-2020-0585 RESERVED CVE-2020-0584 (Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Seri ...) NOT-FOR-US: Intel CVE-2020-0583 (Improper access control in the subsystem for Intel(R) Smart Sound Tech ...) NOT-FOR-US: Intel CVE-2020-0582 RESERVED CVE-2020-0581 RESERVED CVE-2020-0580 RESERVED CVE-2020-0579 RESERVED CVE-2020-0578 (Improper conditions check for Intel(R) Modular Server MFS2600KISPP Com ...) NOT-FOR-US: Intel CVE-2020-0577 (Insufficient control flow for Intel(R) Modular Server MFS2600KISPP Com ...) NOT-FOR-US: Intel CVE-2020-0576 (Buffer overflow in Intel(R) Modular Server MFS2600KISPP Compute Module ...) NOT-FOR-US: Intel CVE-2020-0575 (Improper buffer restrictions in the Intel(R) Unite Client for Windows* ...) NOT-FOR-US: Intel CVE-2020-0574 (Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all ...) NOT-FOR-US: Intel CVE-2020-0573 (Out of bounds read in the Intel CSI2 Host Controller driver may allow ...) NOT-FOR-US: Intel CVE-2020-0572 (Improper input validation in the firmware for Intel(R) Server Board S2 ...) NOT-FOR-US: Intel CVE-2020-0571 (Improper conditions check in BIOS firmware for 8th Generation Intel(R) ...) NOT-FOR-US: Intel CVE-2020-0570 (Uncontrolled search path in the QT Library before 5.14.0, 5.12.7 and 5 ...) - qtbase-opensource-src 5.12.5+dfsg-8 [buster] - qtbase-opensource-src 5.11.3+dfsg1-1+deb10u3 [stretch] - qtbase-opensource-src (Only affects 5.12.0 through 5.14.0) [jessie] - qtbase-opensource-src (Only affects 5.12.0 through 5.14.0) NOTE: https://bugreports.qt.io/browse/QTBUG-81272 NOTE: Patch: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=e6f1fde24f77f63fb16b2df239f82a89d2bf05dd NOTE: https://lists.qt-project.org/pipermail/development/2020-January/038534.html CVE-2020-0569 (Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windo ...) {DSA-4617-1 DLA-2092-1} - qtbase-opensource-src 5.12.5+dfsg-8 NOTE: Patch for 5.6.0 through 5.13.2: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=bf131e8d2181b3404f5293546ed390999f760404 NOTE: Patch for 5.0.0 through 5.5.1: https://code.qt.io/cgit/qt/qtbase.git/commit/?id=5c4234ed958130d655df8197129806f687d4df0d CVE-2020-0568 (Race condition in the Intel(R) Driver and Support Assistant before ver ...) NOT-FOR-US: Intel CVE-2020-0567 (Improper input validation in Intel(R) Graphics Drivers before version ...) NOT-FOR-US: Intel graphics driver for Windows CVE-2020-0566 (Improper Access Control in subsystem for Intel(R) TXE versions before ...) NOT-FOR-US: Intel CVE-2020-0565 (Uncontrolled search path in Intel(R) Graphics Drivers before version 2 ...) NOT-FOR-US: Intel graphics driver for Windows CVE-2020-0564 (Improper permissions in the installer for Intel(R) RWC3 for Windows be ...) NOT-FOR-US: Intel CVE-2020-0563 (Improper permissions in the installer for Intel(R) MPSS before version ...) NOT-FOR-US: Intel CVE-2020-0562 (Improper permissions in the installer for Intel(R) RWC2, all versions, ...) NOT-FOR-US: Intel CVE-2020-0561 (Improper initialization in the Intel(R) SGX SDK before v2.6.100.1 may ...) NOT-FOR-US: Intel CVE-2020-0560 (Improper permissions in the installer for the Intel(R) Renesas Electro ...) NOT-FOR-US: Intel CVE-2020-0559 (Insecure inherited permissions in some Intel(R) PROSet/Wireless WiFi p ...) NOT-FOR-US: Intel CVE-2020-0558 (Improper buffer restrictions in kernel mode driver for Intel(R) PROSet ...) NOT-FOR-US: Intel CVE-2020-0557 (Insecure inherited permissions in Intel(R) PROSet/Wireless WiFi produc ...) NOT-FOR-US: Intel CVE-2020-0556 (Improper access control in subsystem for BlueZ before version 5.54 may ...) {DSA-4647-1 DLA-2240-1} - bluez 5.50-1.1 (bug #953770) NOTE: https://lore.kernel.org/linux-bluetooth/20200310023516.209146-1-alainm@chromium.org/ NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=8cdbd3b09f29da29374e2f83369df24228da0ad1 NOTE: Fixed by: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=3cccdbab2324086588df4ccf5f892fb3ce1f1787 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html NOTE: Second commit introduces new configuration option "ClassicBondedOnly" which defaults NOTE: to false, and allows to make sure that input connections only come from bonded NOTE: device connections. NOTE: Followup commits to avoid (functional) regression: NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=35d8d895cd0b724e58129374beb0bb4a2edf9519 NOTE: Followup: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=f2778f5877d20696d68a452b26e4accb91bfb19e CVE-2020-0555 (Improper input validation for some Intel(R) Wireless Bluetooth(R) prod ...) NOT-FOR-US: Intel CVE-2020-0554 (Race condition in software installer for some Intel(R) Wireless Blueto ...) NOT-FOR-US: Intel CVE-2020-0553 (Out-of-bounds read in kernel mode driver for some Intel(R) Wireless Bl ...) NOT-FOR-US: Intel CVE-2020-0552 RESERVED CVE-2020-0551 (Load value injection in some Intel(R) Processors utilizing speculative ...) NOTE: https://software.intel.com/security-software-guidance/software-guidance/load-value-injection NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-load-value-injection NOTE: https://xenbits.xen.org/xsa/advisory-315.html NOTE: https://lviattack.eu/ NOTE: No mitigation will provided by this issue in software, primarily impacts Intel SGX NOTE: binutils/toolchain updates will include a patch that optionally emits lfence NOTE: instructions in problematic situations (but have performance impact), cf. NOTE: https://sourceware.org/pipermail/binutils/2020-March/110175.html CVE-2020-0550 (Improper data forwarding in some data cache for some Intel(R) Processo ...) NOTE: Intel is (currently) no planning to release microcode updates to mitigate issue. NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-snoop-assisted-l1-data-sampling NOTE: https://software.intel.com/security-software-guidance/insights/processors-affected-snoop-assisted-l1-data-sampling CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...) {DSA-4701-1 DLA-2248-1} - intel-microcode 3.20200609.1 NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling NOTE: https://cacheoutattack.com/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated ...) {DSA-4701-1 DLA-2248-1} - intel-microcode 3.20200609.1 NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html CVE-2020-0547 (Incorrect default permissions in the installer for Intel(R) Data Migra ...) NOT-FOR-US: Intel CVE-2020-0546 (Unquoted service path in Intel(R) Optane(TM) DC Persistent Memory Modu ...) NOT-FOR-US: Intel CVE-2020-0545 (Integer overflow in subsystem for Intel(R) CSME versions before 11.8.7 ...) NOT-FOR-US: Intel CVE-2020-0544 (Insufficient control flow management in the kernel mode driver for som ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-0543 (Incomplete cleanup from specific special register read operations in s ...) {DSA-4701-1 DSA-4699-1 DSA-4698-1 DLA-2248-1 DLA-2242-1 DLA-2241-1} - intel-microcode 3.20200609.1 - linux 5.6.14-2 NOTE: https://www.vusec.net/projects/crosstalk/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00320.html NOTE: https://software.intel.com/security-software-guidance/insights/deep-dive-special-register-buffer-data-sampling CVE-2020-0542 (Improper buffer restrictions in subsystem for Intel(R) CSME versions b ...) NOT-FOR-US: Intel CVE-2020-0541 (Out-of-bounds write in subsystem for Intel(R) CSME versions before 12. ...) NOT-FOR-US: Intel CVE-2020-0540 (Insufficiently protected credentials in Intel(R) AMT versions before 1 ...) NOT-FOR-US: Intel CVE-2020-0539 (Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSM ...) NOT-FOR-US: Intel CVE-2020-0538 (Improper input validation in subsystem for Intel(R) AMT versions befor ...) NOT-FOR-US: Intel CVE-2020-0537 (Improper input validation in subsystem for Intel(R) AMT versions befor ...) NOT-FOR-US: Intel CVE-2020-0536 (Improper input validation in the DAL subsystem for Intel(R) CSME versi ...) NOT-FOR-US: Intel CVE-2020-0535 (Improper input validation in Intel(R) AMT versions before 11.8.76, 11. ...) NOT-FOR-US: Intel CVE-2020-0534 (Improper input validation in the DAL subsystem for Intel(R) CSME versi ...) NOT-FOR-US: Intel CVE-2020-0533 (Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.1 ...) NOT-FOR-US: Intel CVE-2020-0532 (Improper input validation in subsystem for Intel(R) AMT versions befor ...) NOT-FOR-US: Intel CVE-2020-0531 (Improper input validation in Intel(R) AMT versions before 11.8.77, 11. ...) NOT-FOR-US: Intel CVE-2020-0530 (Improper buffer restrictions in firmware for Intel(R) NUC may allow an ...) NOT-FOR-US: Intel CVE-2020-0529 (Improper initialization in BIOS firmware for 8th, 9th and 10th Generat ...) NOT-FOR-US: Intel CVE-2020-0528 (Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10 ...) NOT-FOR-US: Intel CVE-2020-0527 (Insufficient control flow management in firmware for some Intel(R) Dat ...) NOT-FOR-US: Intel CVE-2020-0526 (Improper input validation in firmware for Intel(R) NUC may allow a pri ...) NOT-FOR-US: Intel CVE-2020-0525 (Improper access control in firmware for the Intel(R) Ethernet I210 Con ...) NOT-FOR-US: Intel CVE-2020-0524 (Improper default permissions in the firmware for the Intel(R) Ethernet ...) NOT-FOR-US: Intel CVE-2020-0523 (Improper access control in the firmware for the Intel(R) Ethernet I210 ...) NOT-FOR-US: Intel CVE-2020-0522 (Improper initialization in the firmware for the Intel(R) Ethernet I210 ...) NOT-FOR-US: Intel CVE-2020-0521 (Insufficient control flow management in some Intel(R) Graphics Drivers ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-0520 (Path traversal in igdkmd64.sys for Intel(R) Graphics Drivers before ve ...) NOT-FOR-US: Intel CVE-2020-0519 (Improper access control for Intel(R) Graphics Drivers before versions ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0518 (Improper access control in the Intel(R) HD Graphics Control Panel befo ...) NOT-FOR-US: Intel graphics drivers for Windows CVE-2020-0517 (Out-of-bounds write in Intel(R) Graphics Drivers before version 15.36. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0516 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0515 (Uncontrolled search path element in the installer for Intel(R) Graphic ...) NOT-FOR-US: Intel CVE-2020-0514 (Improper default permissions in the installer for Intel(R) Graphics Dr ...) NOT-FOR-US: Intel CVE-2020-0513 (Out of bounds write for some Intel(R) Graphics Drivers before version ...) NOT-FOR-US: Intel CVE-2020-0512 (Uncaught exception in the system driver for some Intel(R) Graphics Dri ...) NOT-FOR-US: Intel CVE-2020-0511 (Uncaught exception in system driver for Intel(R) Graphics Drivers befo ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0510 (Out of bounds read in some Intel(R) Graphics Drivers before versions 1 ...) NOT-FOR-US: Intel CVE-2020-0509 RESERVED CVE-2020-0508 (Incorrect default permissions in the installer for Intel(R) Graphics D ...) NOT-FOR-US: Intel CVE-2020-0507 (Unquoted service path in Intel(R) Graphics Drivers before versions 15. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0506 (Improper initialization in Intel(R) Graphics Drivers before versions 1 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0505 (Improper conditions check in Intel(R) Graphics Drivers before versions ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0504 (Buffer overflow in Intel(R) Graphics Drivers before versions 15.40.44. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0503 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0502 (Improper access control in Intel(R) Graphics Drivers before version 26 ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0501 (Buffer overflow in Intel(R) Graphics Drivers before version 26.20.100. ...) NOT-FOR-US: Intel Graphics drivers for Windows CVE-2020-0500 (In startInputUncheckedLocked of InputMethodManager.java, there is a po ...) NOT-FOR-US: Android CVE-2020-0499 (In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a p ...) {DLA-2514-1} - flac 1.3.3-2 (bug #977764) [buster] - flac (Minor issue) NOTE: https://github.com/xiph/flac/commit/2e7931c27eb15e387da440a37f12437e35b22dd4 NOTE: https://android.googlesource.com/platform/external/flac/+/029048f823ced50f63a92e25073427ec3a9bd909%5E%21/#F0 NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01 CVE-2020-0498 (In decode_packed_entry_number of codebook.c, there is a possible out o ...) NOT-FOR-US: Android media framework CVE-2020-0497 (In canUseBiometric of BiometricServiceBase, there is a missing permiss ...) NOT-FOR-US: Android CVE-2020-0496 (In CPDF_RenderStatus::LoadSMask of cpdf_renderstatus.cpp, there is a p ...) NOT-FOR-US: Android CVE-2020-0495 (In decode_Huffman of JBig2_SddProc.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2020-0494 (In ih264d_parse_ave of ih264d_sei.c, there is a possible out of bounds ...) NOT-FOR-US: Android media framework CVE-2020-0493 (In CPDF_SampledFunc::v_Call of cpdf_sampledfunc.cpp, there is a possib ...) NOT-FOR-US: Android CVE-2020-0492 (In BitstreamFillCache of bitstream.cpp, there is a possible out of bou ...) NOT-FOR-US: Android media framework CVE-2020-0491 (In readBlock of MatroskaExtractor.cpp, there is a possible denial of s ...) NOT-FOR-US: Android media framework CVE-2020-0490 (In floor1_info_unpack of floor1.c, there is a possible out of bounds r ...) NOT-FOR-US: Android media framework CVE-2020-0489 (In Parse_data of eas_mdls.c, there is a possible out of bounds write d ...) NOT-FOR-US: Android media framework CVE-2020-0488 (In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse ...) NOT-FOR-US: Android media framework CVE-2020-0487 REJECTED CVE-2020-0486 (In openAssetFileListener of ContactsProvider2.java, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0485 (In areFunctionsSupported of UsbBackend.java, there is a possible acces ...) NOT-FOR-US: Android CVE-2020-0484 (In destroyResources of ComposerClient.h, there is possible memory corr ...) NOT-FOR-US: Android media framework CVE-2020-0483 (In DrmManagerService::~DrmManagerService() of DrmManagerService.cpp, t ...) NOT-FOR-US: Android media framework CVE-2020-0482 (In command of IncidentService.cpp, there is a possible out of bounds r ...) NOT-FOR-US: Android CVE-2020-0481 (In AndroidManifest.xml, there is a possible permissions bypass. This c ...) NOT-FOR-US: Android CVE-2020-0480 (In callUnchecked of DocumentsProvider.java, there is a possible permis ...) NOT-FOR-US: Android CVE-2020-0479 (In callUnchecked of DocumentsProvider.java, there is a possible permis ...) NOT-FOR-US: Android CVE-2020-0478 (In extend_frame_lowbd of restoration.c, there is a possible out of bou ...) - aom NOTE: https://android.googlesource.com/platform/external/libaom/+/816f15265cb89a02d7ce4b657de277828e71a4b1 NOTE: https://source.android.com/security/bulletin/pixel/2020-12-01 NOTE: https://aomedia.googlesource.com/aom/+/ebba9c769be2c99d5396d0018901e9a4af5e2d2c (v1.0.0-errata1-avif) TODO: check if ebba9c769be2c99d5396d0018901e9a4af5e2d2c is the needed commit CVE-2020-0477 (In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there ...) NOT-FOR-US: Android CVE-2020-0476 (In onNotificationRemoved of Assistant.java, there is a possible leak o ...) NOT-FOR-US: Android CVE-2020-0475 (In createInputConsumer of WindowManagerService.java, there is a possib ...) NOT-FOR-US: Android CVE-2020-0474 (In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible us ...) NOT-FOR-US: Android media framework CVE-2020-0473 (In updateIncomingFileConfirmNotification of BluetoothOppNotification.j ...) NOT-FOR-US: Android CVE-2020-0472 RESERVED CVE-2020-0471 (In reassemble_and_dispatch of packet_fragmenter.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0470 (In extend_frame_highbd of restoration.c, there is a possible out of bo ...) NOT-FOR-US: Android Media Framework CVE-2020-0469 (In addEscrowToken of LockSettingsService.java, there is a possible los ...) NOT-FOR-US: Android CVE-2020-0468 (In listen() and related functions of TelephonyRegistry.java, there is ...) NOT-FOR-US: Android CVE-2020-0467 (In onUserStopped of Vpn.java, there is a possible resetting of user pr ...) NOT-FOR-US: Android CVE-2020-0466 (In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a poss ...) - linux 5.8.7-1 [buster] - linux 4.19.146-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/52c479697c9b73f628140dcdfcd39ea302d05482 NOTE: https://git.kernel.org/linus/a9ed4a6560b8562b7e2e2bed9527e88001f7b682 CVE-2020-0465 (In various methods of hid-multitouch.c, there is a possible out of bou ...) - linux 5.8.7-1 [buster] - linux 4.19.146-1 [stretch] - linux 4.9.240-1 NOTE: https://git.kernel.org/linus/35556bed836f8dc07ac55f69c8d17dce3e7f0e25 NOTE: https://git.kernel.org/linus/bce1305c0ece3dc549663605e567655dd701752c CVE-2020-0464 (In resolv_cache_lookup of res_cache.cpp, there is a possible side chan ...) NOT-FOR-US: Android CVE-2020-0463 (In sdp_server_handle_client_req of sdp_server.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-0462 RESERVED CVE-2020-0461 RESERVED CVE-2020-0460 (In createNameCredentialDialog of CertInstaller.java, there exists the ...) NOT-FOR-US: Android CVE-2020-0459 (In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, th ...) NOT-FOR-US: Android CVE-2020-0458 (In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEnc ...) NOT-FOR-US: Android Media Framework CVE-2020-0457 (There is a possible out of bounds write due to a missing bounds check. ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0456 (There is a possible out of bounds write due to a missing bounds check. ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0455 (There is a possible out of bounds write due to a missing bounds check. ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0454 (In callCallbackForRequest of ConnectivityService.java, there is a poss ...) NOT-FOR-US: Android CVE-2020-0453 (In updateNotification of BeamTransferManager.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0452 (In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...) {DSA-4786-1 DLA-2439-1} - libexif 0.6.22-3 NOTE: https://github.com/libexif/libexif/commit/9266d14b5ca4e29b970fa03272318e5f99386e06 CVE-2020-0451 (In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there i ...) NOT-FOR-US: Android Media Framework CVE-2020-0450 (In rw_i93_sm_format of rw_i93.cc, there is a possible out of bounds re ...) NOT-FOR-US: Android CVE-2020-0449 (In btm_sec_disconnected of btm_sec.cc, there is a possible memory corr ...) NOT-FOR-US: Android CVE-2020-0448 (In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a p ...) NOT-FOR-US: Android CVE-2020-0447 (There is a possible out of bounds write due to a missing bounds check. ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0446 (There is a possible out of bounds write due to a missing bounds check. ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0445 (There is a possible out of bounds write due to a missing bounds check. ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0444 (In audit_free_lsm_field of auditfilter.c, there is a possible bad kfre ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/2ad3e17ebf94b7b7f3f64c050ff168f9915345eb CVE-2020-0443 (In LocaleList of LocaleList.java, there is a possible forced reboot du ...) NOT-FOR-US: Android CVE-2020-0442 (In Message and toBundle of Notification.java, there is a possible UI s ...) NOT-FOR-US: Android CVE-2020-0441 (In Message and toBundle of Notification.java, there is a possible reso ...) NOT-FOR-US: Android CVE-2020-0440 (In createVirtualDisplay of DisplayManagerService.java, there is a poss ...) NOT-FOR-US: Android CVE-2020-0439 (In generatePackageInfo of PackageManagerService.java, there is a possi ...) NOT-FOR-US: Android CVE-2020-0438 (In the AIBinder_Class constructor of ibinder.cpp, there is a possible ...) NOT-FOR-US: Android Media Framework CVE-2020-0437 (In CellBroadcastReceiver's intent handlers, there is a possible denial ...) NOT-FOR-US: Android CVE-2020-0436 RESERVED CVE-2020-0435 REJECTED CVE-2020-0434 (In Pixel's use of the Catpipe library, there is possible memory corrup ...) NOT-FOR-US: Catpipe CVE-2020-0433 (In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use ...) - linux 4.19.9-1 [stretch] - linux 4.9.228-1 NOTE: https://source.android.com/security/bulletin/pixel/2020-09-01 NOTE: https://git.kernel.org/linus/f5bbbbe4d63577026f908a809f22f5fd5a90ea1f NOTE: https://git.kernel.org/linus/530ca2c9bd6949c72c9b5cfc330cb3dbccaa3f5b CVE-2020-0432 (In skb_to_mamac of networking.c, there is a possible out of bounds wri ...) - linux 5.4.19-1 (unimportant) [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/4d1356ac12f4d5180d0df345d85ff0ee42b89c72 NOTE: Staging driver, not enabled/built CVE-2020-0431 (In kbd_keycode of keyboard.c, there is a possible out of bounds write ...) - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 NOTE: https://git.kernel.org/linus/4f3882177240a1f55e45a3d241d3121341bead78 CVE-2020-0430 (In skb_headlen of /include/linux/skbuff.h, there is a possible out of ...) - linux 4.17.8-1 [stretch] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/58990d1ff3f7896ee341030e9a7c2e4002570683 CVE-2020-0429 (In l2tp_session_delete and related functions of l2tp_core.c, there is ...) - linux 4.14.2-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/b228a94066406b6c456321d69643b0d7ce11cfa6 NOTE: https://git.kernel.org/linus/cdd10c9627496ad25c87ce6394e29752253c69d3 CVE-2020-0428 (In CamX code, there is a possible use after free due to a race conditi ...) NOT-FOR-US: Android on Pixel CVE-2020-0427 (In create_pinctrl of core.c, there is a possible out of bounds read du ...) {DLA-2494-1} - linux 5.4.8-1 [buster] - linux 4.19.98-1 NOTE: https://git.kernel.org/linus/be4c60b563edee3712d392aaeb0943a768df7023 CVE-2020-0426 (In SyncManager, there is a possible permission bypass due to an unsafe ...) NOT-FOR-US: Android CVE-2020-0425 (There is a possible way to view notifications even when the "Lockdown" ...) NOT-FOR-US: Android CVE-2020-0424 (In send_vc of res_send.cpp, there is a possible out of bounds read due ...) NOT-FOR-US: Android CVE-2020-0423 (In binder_release_work of binder.c, there is a possible use-after-free ...) {DLA-2483-1} - linux 5.9.6-1 [buster] - linux 4.19.160-1 [stretch] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/f3277cbfba763cd2826396521b9296de67cf1bbc CVE-2020-0422 (In constructImportFailureNotification of NotificationImportExportListe ...) NOT-FOR-US: Android CVE-2020-0421 (In appendFormatV of String8.cpp, there is a possible out of bounds wri ...) NOT-FOR-US: Android CVE-2020-0420 (In setUpdatableDriverPath of GpuService.cpp, there is a possible memor ...) NOT-FOR-US: Android CVE-2020-0419 (In generateInfo of PackageInstallerSession.java, there is a possible l ...) NOT-FOR-US: Android CVE-2020-0418 (In getPermissionInfosForGroup of Utils.java, there is a logic error. T ...) NOT-FOR-US: Android CVE-2020-0417 (In setNiNotification of GpsNetInitiatedHandler.java, there is a possib ...) NOT-FOR-US: Android CVE-2020-0416 (In multiple settings screens, there are possible tapjacking attacks du ...) NOT-FOR-US: Android CVE-2020-0415 (In various locations in SystemUI, there is a possible permission bypas ...) NOT-FOR-US: Android CVE-2020-0414 (In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, ...) NOT-FOR-US: Android Media Framework CVE-2020-0413 (In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0412 (In setProcessMemoryTrimLevel of ActivityManagerService.java, there is ...) NOT-FOR-US: Android CVE-2020-0411 (In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bou ...) NOT-FOR-US: Android Media Framework CVE-2020-0410 (In setNotification of SapServer.java, there is a possible permission b ...) NOT-FOR-US: Android CVE-2020-0409 (In create of FileMap.cpp, there is a possible out of bounds write due ...) NOT-FOR-US: Android CVE-2020-0408 (In remove of String16.cpp, there is a possible out of bounds write due ...) NOT-FOR-US: Android CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some implem ...) NOT-FOR-US: Android kernel CVE-2020-0406 (In libmpeg2dec, there is a possible out of bounds write due to a missi ...) NOT-FOR-US: Android Media Framework CVE-2020-0405 (In NetworkStackNotifier, there is a possible permissions bypass due to ...) NOT-FOR-US: Android CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked ...) - linux 5.4.19-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/68035c80e129c4cfec659aac4180354530b26527 CVE-2020-0403 (In the FPC TrustZone fingerprint App, there is a possible invalid comm ...) NOT-FOR-US: FPC TrustZone fingerprint App CVE-2020-0402 RESERVED NOTE: Duplicate assignment for CVE-2019-19769 (Android security informed) CVE-2020-0401 (In setInstallerPackageName of PackageManagerService.java, there is a m ...) NOT-FOR-US: Android CVE-2020-0400 (In showDataRoamingNotification of NotificationMgr.java, there is a pos ...) NOT-FOR-US: Android CVE-2020-0399 (In showLimitedSimFunctionWarningNotification of NotificationMgr.java, ...) NOT-FOR-US: Android CVE-2020-0398 (In updateMwi of NotificationMgr.java, there is a possible permission b ...) NOT-FOR-US: Android CVE-2020-0397 (In getNotificationBuilder of CarrierServiceStateTracker.java, there is ...) NOT-FOR-US: Android CVE-2020-0396 (In various places in Telephony, there is a possible permission bypass ...) NOT-FOR-US: Android CVE-2020-0395 (In showNotification of EmergencyCallbackModeService.java, there is a p ...) NOT-FOR-US: Android CVE-2020-0394 (In onCreate of BluetoothPairingDialog.java, there is a possible tapjac ...) NOT-FOR-US: Android CVE-2020-0393 (In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible ou ...) NOT-FOR-US: Android Media Framework CVE-2020-0392 (In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code e ...) NOT-FOR-US: Android Media Framework CVE-2020-0391 (In applyPolicy of PackageManagerService.java, there is possible arbitr ...) NOT-FOR-US: Android CVE-2020-0390 (In the app zygote SE Policy, there is a possible permissions bypass. T ...) NOT-FOR-US: Android CVE-2020-0389 (In createSaveNotification of RecordingService.java, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0388 (In createEmergencyLocationUserNotification of GnssVisibilityControl.ja ...) NOT-FOR-US: Android CVE-2020-0387 (In manifest files of the SmartSpace package, there is a possible tapja ...) NOT-FOR-US: Android CVE-2020-0386 (In onCreate of RequestPermissionActivity.java, there is a possible tap ...) NOT-FOR-US: Android CVE-2020-0385 (In Parse_insh of eas_mdls.c, there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2020-0384 (In Parse_art of eas_mdls.c, there is a possible out of bounds write du ...) NOT-FOR-US: Android CVE-2020-0383 (In Parse_ins of eas_mdls.c, there is a possible out of bounds write du ...) NOT-FOR-US: Android CVE-2020-0382 (In RunInternal of dumpstate.cpp, there is a possible user consent bypa ...) NOT-FOR-US: Android CVE-2020-0381 (In Parse_wave of eas_mdls.c, there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2020-0380 (In allocExcessBits of bitalloc.c, there is a possible out of bounds wr ...) NOT-FOR-US: Android CVE-2020-0379 (In the Bluetooth service, there is a possible spoofing attack due to a ...) NOT-FOR-US: Android CVE-2020-0378 (In onWnmFrameReceived of PasspointManager.java, there is a missing per ...) NOT-FOR-US: Android CVE-2020-0377 (In gatt_process_read_by_type_rsp of gatt_cl.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0376 (There is a possible out of bounds read due to a missing bounds check.P ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0375 (In Telephony, there is a possible permission bypass due to a missing p ...) NOT-FOR-US: Android CVE-2020-0374 (In NFC, there is a possible permission bypass due to an unsafe Pending ...) NOT-FOR-US: Android CVE-2020-0373 (In SoundTriggerHwService, there is a possible out of bounds read due t ...) NOT-FOR-US: Android Media Framework CVE-2020-0372 (In ActivityManager, there is a possible access to protected data due t ...) NOT-FOR-US: Android CVE-2020-0371 (There is a possible out of bounds read due to a missing bounds check.P ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0370 (In libAACdec, there is a possible out of bounds read due to missing bo ...) NOT-FOR-US: Android Media Framework CVE-2020-0369 (In libavb, there is a possible out of bounds write due to an integer o ...) NOT-FOR-US: Android CVE-2020-0368 (In queryInternal of CallLogProvider.java, there is a possible permissi ...) NOT-FOR-US: Android CVE-2020-0367 (There is a possible out of bounds write due to a missing bounds check. ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0366 (In PackageInstaller, there is a possible permissions bypass due to a t ...) NOT-FOR-US: Android CVE-2020-0365 (In netd, there is a possible out of bounds read due to a missing bound ...) NOT-FOR-US: Android CVE-2020-0364 (In libDRCdec, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android Media Framework CVE-2020-0363 (In libmedia, there is a possible resource exhaustion due to improper i ...) NOT-FOR-US: Android Media Framework CVE-2020-0362 (In libstagefright, there is a possible resource exhaustion due to impr ...) NOT-FOR-US: Android Media Framework CVE-2020-0361 (In libDRCdec, there is a possible information disclosure due to uninit ...) NOT-FOR-US: Android Media Framework CVE-2020-0360 (In Notification Access Confirmation, there is a possible permissions b ...) NOT-FOR-US: Android Media Framework CVE-2020-0359 (In GLESRenderEngine, there is a possible out of bounds read due to a b ...) NOT-FOR-US: Android Media Framework CVE-2020-0358 (In SurfaceFlinger, there is a possible use after free due to a race co ...) NOT-FOR-US: Android Media Framework CVE-2020-0357 (In SurfaceFlinger, there is a possible use-after-free due to improper ...) NOT-FOR-US: Android Media Framework CVE-2020-0356 (In the Audio HAL, there is a possible out of bounds write due to an in ...) NOT-FOR-US: Android Media Framework CVE-2020-0355 (In libFraunhoferAAC, there is a possible out of bounds read due to a m ...) NOT-FOR-US: Android Media Framework CVE-2020-0354 (In Bluetooth, there is a possible out of bounds write due to a missing ...) NOT-FOR-US: Android CVE-2020-0353 (In libmp4extractor, there is a possible resource exhaustion due to a m ...) NOT-FOR-US: Android Media Framework CVE-2020-0352 (In MediaProvider, there is a possible permissions bypass due to SQL in ...) NOT-FOR-US: Android CVE-2020-0351 (In libstagefright, there is possible CPU exhaustion due to improper in ...) NOT-FOR-US: Android Media Framework CVE-2020-0350 (In NFC, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Android CVE-2020-0349 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2020-0348 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2020-0347 (In iptables, there is a possible out of bounds write due to an incorre ...) - linux CVE-2020-0346 (In Mediaserver, there is a possible out of bounds write due to an inte ...) NOT-FOR-US: Android Media Framework CVE-2020-0345 (In DocumentsUI, there is a possible permission bypass due to a confuse ...) NOT-FOR-US: Android CVE-2020-0344 (In MediaProvider, there is a possible permissions bypass due to SQL in ...) NOT-FOR-US: Android Media Framework CVE-2020-0343 (In NetworkStatsService, there is a possible access to protected data d ...) NOT-FOR-US: Android CVE-2020-0342 (There is a possible out of bounds write due to an incorrect bounds che ...) NOT-FOR-US: Android CVE-2020-0341 (In DisplayManager, there is a possible permission bypass due to a miss ...) NOT-FOR-US: Android CVE-2020-0340 (In libcodec2_soft_mp3dec, there is a possible information disclosure d ...) NOT-FOR-US: Android Media Framework CVE-2020-0339 (There is a possible out of bounds read due to a missing bounds check.P ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0338 (In AccountManager, there is a possible bypass of a permissions check d ...) NOT-FOR-US: Android CVE-2020-0337 (In MediaProvider, there is a possible bypass of a permissions check du ...) NOT-FOR-US: Android CVE-2020-0336 (In SurfaceFlinger, there is possible memory corruption due to type con ...) NOT-FOR-US: Android Media Framework CVE-2020-0335 (In NFC, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Android CVE-2020-0334 (In NFC, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Android CVE-2020-0333 (In UrlQuerySanitizer, there is a possible improper input validation. T ...) NOT-FOR-US: Android CVE-2020-0332 (In libstagefright, there is a possible dead loop due to an uncaught ex ...) NOT-FOR-US: Android Media Framework CVE-2020-0331 (In Settings, there is a possible permissions bypass. This could lead t ...) NOT-FOR-US: Android CVE-2020-0330 (In iorap, there is a possible memory corruption due to a use after fre ...) NOT-FOR-US: Android CVE-2020-0329 (In the OMX encoder, there is a possible out of bounds read due to inva ...) NOT-FOR-US: Android Media Framework CVE-2020-0328 (In the camera, there is a possible out of bounds read due to an intege ...) NOT-FOR-US: Android Media Framework CVE-2020-0327 (In core networking, there is a missing permission check. This could le ...) NOT-FOR-US: Android CVE-2020-0326 (In NFC, there is a possible out of bounds write due to uninitialized d ...) NOT-FOR-US: Android CVE-2020-0325 (In NFC, there is a missing bounds check. This could lead to local info ...) NOT-FOR-US: Android CVE-2020-0324 (In libsonivox, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android Media Framework CVE-2020-0323 (In libavb, there is a possible out of bounds read due to a missing bou ...) NOT-FOR-US: Android CVE-2020-0322 (In apexd, there is a possible out of bounds read due to a missing boun ...) NOT-FOR-US: Android CVE-2020-0321 (In the mp3 extractor, there is a possible out of bounds write due to u ...) NOT-FOR-US: Android Media Framework CVE-2020-0320 (In libstagefright, there is a possible resource exhaustion due to impr ...) NOT-FOR-US: Android Media Framework CVE-2020-0319 (In NFC, there is a possible out of bounds write due to a missing bound ...) NOT-FOR-US: Android CVE-2020-0318 (In the System UI, there is a possible system crash due to an uncaught ...) NOT-FOR-US: Android CVE-2020-0317 (In UsageStatsManager, there is a possible access to protected data due ...) NOT-FOR-US: Android CVE-2020-0316 (In Telephony, there is a missing permission check. This could lead to ...) NOT-FOR-US: Android CVE-2020-0315 (In Zen Mode, there is a possible permission bypass due to an unsafe Pe ...) NOT-FOR-US: Android CVE-2020-0314 (In AudioService, there are missing permission checks. This could lead ...) NOT-FOR-US: Android Media Framework CVE-2020-0313 (In NotificationManagerService, there is a possible permission bypass d ...) NOT-FOR-US: Android CVE-2020-0312 (In Battery Saver, there is a possible permission bypass due to an unsa ...) NOT-FOR-US: Android CVE-2020-0311 (In InputManagerService, there is a possible permission bypass due to a ...) NOT-FOR-US: Android CVE-2020-0310 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) NOT-FOR-US: Android CVE-2020-0309 (In the Bluetooth server, there is a possible out of bounds write due t ...) NOT-FOR-US: Android CVE-2020-0308 (In Window Manager, there is a possible permission bypass due to an uns ...) NOT-FOR-US: Android CVE-2020-0307 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) NOT-FOR-US: Android CVE-2020-0306 (In LLVM, there is a possible ineffective stack cookie placement due to ...) - llvm-toolchain-11 - llvm-toolchain-9 CVE-2020-0305 (In cdev_get of char_dev.c, there is a possible use-after-free due to a ...) - linux 5.4.13-1 [buster] - linux 4.19.98-1 [stretch] - linux 4.9.210-1 [jessie] - linux 3.16.84-1 NOTE: https://git.kernel.org/linus/68faa679b8be1a74e6663c21c3a9d25d32f1c079 CVE-2020-0304 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) NOT-FOR-US: Android CVE-2020-0303 (In the Media extractor, there is a possible use after free due to impr ...) NOT-FOR-US: Android Media Framework CVE-2020-0302 (In Settings, there is a possible permission bypass due to an unsafe Pe ...) NOT-FOR-US: Android CVE-2020-0301 (In libstagefright, there is a possible resource exhaustion due to impr ...) NOT-FOR-US: Android Media Framework CVE-2020-0300 (In NFC, there is a possible out of bounds read due to uninitialized da ...) NOT-FOR-US: Android CVE-2020-0299 (In Bluetooth, there is a possible spoofing of bluetooth device metadat ...) NOT-FOR-US: Android CVE-2020-0298 (In Bluetooth, there is a possible control over Bluetooth enabled state ...) NOT-FOR-US: Android CVE-2020-0297 (In devicepolicy service, there is a possible permission bypass due to ...) NOT-FOR-US: Android CVE-2020-0296 (In ADB server and USB server, there is a possible permission bypass du ...) NOT-FOR-US: Android CVE-2020-0295 (In Telecom, there is a possible permission bypass due to an unsafe Pen ...) NOT-FOR-US: Android CVE-2020-0294 (In bindWallpaperComponentLocked of WallpaperManagerService.java, there ...) NOT-FOR-US: Android CVE-2020-0293 (In Java network APIs, there is possible access to sensitive network st ...) NOT-FOR-US: Android CVE-2020-0292 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2020-0291 (In Bluetooth, there is a possible out of bounds read due to a missing ...) NOT-FOR-US: Android CVE-2020-0290 (In PackageManager, there is a missing permission check. This could lea ...) NOT-FOR-US: Android CVE-2020-0289 (In PackageManager, there is a missing permission check. This could lea ...) NOT-FOR-US: Android CVE-2020-0288 (In PackageManager, there is a missing permission check. This could lea ...) NOT-FOR-US: Android CVE-2020-0287 (In libmkvextractor, there is a possible resource exhaustion due to a m ...) NOT-FOR-US: Android Media Framework CVE-2020-0286 (In Bluetooth AVRCP, there is a possible leak of audio metadata due to ...) NOT-FOR-US: Android CVE-2020-0285 (In Telephony, there is a possible permission bypass due to a missing p ...) NOT-FOR-US: Android CVE-2020-0284 (In Telephony, there is a possible permission bypass due to a missing p ...) NOT-FOR-US: Android CVE-2020-0283 (There is a possible out of bounds write due to a missing bounds check. ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0282 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2020-0281 (In NFC, there is a possible out of bounds read due to a missing bounds ...) NOT-FOR-US: Android CVE-2020-0280 (In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0279 (In the AAC parser, there is a possible out of bounds read due to a mis ...) NOT-FOR-US: Android Media Framework CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bounds che ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0277 (In NetworkPolicyManagerService, there is a possible permissions bypass ...) NOT-FOR-US: Android CVE-2020-0276 (In Telephony, there is a possible permission bypass due to a missing p ...) NOT-FOR-US: Android CVE-2020-0275 (In MediaProvider, there is a possible way to access ContentResolver an ...) NOT-FOR-US: Android CVE-2020-0274 (In the OMX parser, there is a possible information disclosure due to a ...) NOT-FOR-US: Android Media Framework CVE-2020-0273 (In hwservicemanager, there is a possible out of bounds write due to fr ...) NOT-FOR-US: Android CVE-2020-0272 (In libhwbinder, there is a possible information disclosure due to unin ...) NOT-FOR-US: Android CVE-2020-0271 (In the Settings app, there is an insecure default value. This could le ...) NOT-FOR-US: Android CVE-2020-0270 (In tremolo, there is a possible out of bounds read due to a missing bo ...) NOT-FOR-US: Android Media Framework CVE-2020-0269 (In Android Auto Settings, there is a possible permission bypass due to ...) NOT-FOR-US: Android CVE-2020-0268 (In NFC, there is a possible use-after-free due to a race condition. Th ...) NOT-FOR-US: Android CVE-2020-0267 (In WindowManager, there is a possible launch of an unexpected app due ...) NOT-FOR-US: Android CVE-2020-0266 (In factory reset protection, there is a possible FRP bypass due to a m ...) NOT-FOR-US: Android CVE-2020-0265 (In Telephony, there are possible leaks of sensitive data due to missin ...) NOT-FOR-US: Android CVE-2020-0264 (In libstagefright, there is a possible out of bounds write due to an i ...) NOT-FOR-US: Android Media Framework CVE-2020-0263 (In the Accessibility service, there is a possible permission bypass du ...) NOT-FOR-US: Android CVE-2020-0262 (In WiFi tethering, there is a possible attacker controlled intent due ...) NOT-FOR-US: Android CVE-2020-0261 (In C2 flame devices, there is a possible bypass of seccomp due to a mi ...) NOT-FOR-US: C2 flame devices CVE-2020-0260 (There is a possible out of bounds read due to an incorrect bounds chec ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0259 (In android_verity_ctr of dm-android-verity.c, there is a possible way ...) NOT-FOR-US: Android CVE-2020-0258 (In stopZygoteLocked of AppZygote.java, there is an insufficient cleanu ...) NOT-FOR-US: Android CVE-2020-0257 (In SpecializeCommon of com_android_internal_os_Zygote.cpp, there is a ...) NOT-FOR-US: Android CVE-2020-0256 (In LoadPartitionTable of gpt.cc, there is a possible out of bounds wri ...) {DLA-2549-1} - gdisk 1.0.6-1 [buster] - gdisk (Minor issue) NOTE: https://sourceforge.net/p/gptfdisk/code/ci/81c8bbee46ad6ebacf72eae70ba5147f376205a4/ NOTE: https://android.googlesource.com/platform/external/gptfdisk/+/7ffd0a26064cf25c0922f2bab511e4b4e8149083 CVE-2020-0255 REJECTED CVE-2020-0254 (There is a possible out of bounds read due to an incorrect bounds chec ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0253 (There is a possible memory corruption due to a use after free.Product: ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0252 (There is a possible memory corruption due to a use after free.Product: ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0251 (There is a possible out of bounds read due to an incorrect bounds chec ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0250 (In requestCellInfoUpdateInternal of PhoneInterfaceManager.java, there ...) NOT-FOR-US: Android CVE-2020-0249 (In postInstantAppNotif of InstantAppNotifier.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0248 (In postInstantAppNotif of InstantAppNotifier.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0247 (In Threshold::getHistogram of ImageProcessHelper.java, there is a poss ...) NOT-FOR-US: Android CVE-2020-0246 (In getCarrierPrivilegeStatus of UiccAccessRule.java, there is a missin ...) NOT-FOR-US: Android CVE-2020-0245 (In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible ...) NOT-FOR-US: Android Media framework CVE-2020-0244 (In writeBurstBufferBytes of SPDIFEncoder.cpp, there is a possible out ...) NOT-FOR-US: Android media framework CVE-2020-0243 (In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-a ...) NOT-FOR-US: Android media framework CVE-2020-0242 (In reset of NuPlayerDriver.cpp, there is a possible use-after-free due ...) NOT-FOR-US: Android media framework CVE-2020-0241 (In NuPlayerStreamListener of NuPlayerStreamListener.cpp, there is poss ...) NOT-FOR-US: Android media framework CVE-2020-0240 (In NewFixedDoubleArray of factory.cc, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2020-0239 (In getDocumentMetadata of DocumentsContract.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0238 (In updatePreferenceIntents of AccountTypePreferenceLoader, there is a ...) NOT-FOR-US: Android CVE-2020-0237 REJECTED CVE-2020-0236 (In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of- ...) NOT-FOR-US: Android CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0234 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0233 (In main of main.cpp, there is possible memory corruption due to a use ...) NOT-FOR-US: Android CVE-2020-0232 (Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0231 (There is a possible out of bounds write due to an incorrect bounds che ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0230 (There is a possible out of bounds write due to an incorrect bounds che ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0229 (There is a possible out of bounds write due to an incorrect bounds che ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0228 (There is an improper configuration of recorder related service. Produc ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0227 (In onCommand of CompanionDeviceManagerService.java, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0226 (In createWithSurfaceParent of Client.cpp, there is a possible out of b ...) NOT-FOR-US: Android Media Framework CVE-2020-0225 (In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder. ...) NOT-FOR-US: Android CVE-2020-0224 (In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0223 (This is an unbounded write into kernel global memory, via a user-contr ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0222 RESERVED CVE-2020-0221 (Airbrush FW's scratch memory allocator is susceptible to numeric overf ...) NOT-FOR-US: Android CVE-2020-0220 (In crus_afe_callback of msm-cirrus-playback.c, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0219 (In onCreate of SliceDeepLinkSpringBoard.java there is a possible insec ...) NOT-FOR-US: Android CVE-2020-0218 (In loadSoundModel and related functions of SoundTriggerHwService.cpp, ...) NOT-FOR-US: Android Media Framework CVE-2020-0217 (In RW_T4tPresenceCheck of rw_t4t.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0216 (In phNciNfc_RecvMfResp of phNxpExtns_MifareStd.cpp, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0215 (In onCreate of ConfirmConnectActivity.java, there is a possible leak o ...) NOT-FOR-US: Android CVE-2020-0214 (In ce_t4t_process_select_file_cmd of ce_t4t.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0213 (In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp ...) NOT-FOR-US: Android Media Framework CVE-2020-0212 (In _onBufferDestroyed of InputBufferManager.cpp, there is a possible o ...) NOT-FOR-US: Android Media Framework CVE-2020-0211 (In SumCompoundHorizontalTaps of convolve_neon.cc, there is a possible ...) NOT-FOR-US: Android Media Framework CVE-2020-0210 (In removeSharedAccountAsUser of AccountManager.java, there is a possib ...) NOT-FOR-US: Android CVE-2020-0209 (In multiple functions of AccountManager.java, there is a possible perm ...) NOT-FOR-US: Android CVE-2020-0208 (In multiple functions of AccountManager.java, there is a possible perm ...) NOT-FOR-US: Android CVE-2020-0207 (In next_marker of jdmarker.c, there is a possible out of bounds read d ...) NOT-FOR-US: Android Media Framework CVE-2020-0206 (In the settings app, there is a possible app crash due to improper inp ...) NOT-FOR-US: Android CVE-2020-0205 (In the DaalaBitReader constructor of entropy_decoder.cc, there is a po ...) NOT-FOR-US: Android Media Framework CVE-2020-0204 (In InstallPackage of package.cpp, there is a possible bypass of a sign ...) NOT-FOR-US: Android CVE-2020-0203 (In freeIsolatedUidLocked of ProcessList.java, there is a possible UID ...) NOT-FOR-US: Android CVE-2020-0202 (In onHandleIntent of TraceService.java, there is a possible bypass of ...) NOT-FOR-US: Android CVE-2020-0201 (In showSecurityFields of WifiConfigController.java there is a possible ...) NOT-FOR-US: Android CVE-2020-0200 (In ReadLittleEndian of raw_bit_reader.cc, there is a possible out of b ...) NOT-FOR-US: Android Media Framework CVE-2020-0199 (In TimeCheck::TimeCheckThread::threadLoop of TimeCheck.cpp, there is a ...) NOT-FOR-US: Android Media Framework CVE-2020-0198 (In exif_data_load_data_content of exif-data.c, there is a possible UBS ...) {DLA-2249-1} - libexif 0.6.22-2 (bug #962345) [buster] - libexif 0.6.21-5.1+deb10u4 [stretch] - libexif 0.6.21-2+deb9u4 NOTE: https://android.googlesource.com/platform/external/libexif/+/1e187b62682ffab5003c702657d6d725b4278f16%5E%21/#F0 NOTE: https://github.com/libexif/libexif/commit/ce03ad7ef4e8aeefce79192bf5b6f69fae396f0c CVE-2020-0197 (In InitDataParser::parsePssh of InitDataParser.cpp, there is a possibl ...) NOT-FOR-US: Android Media Framework CVE-2020-0196 (In RegisterNotificationResponse::GetEvent of register_notification_pac ...) NOT-FOR-US: Android CVE-2020-0195 (In ihevcd_iquant_itrans_recon_ctb of ihevcd_iquant_itrans_recon_ctb.c ...) NOT-FOR-US: Android Media Framework CVE-2020-0194 (In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c, there is ...) NOT-FOR-US: Android Media Framework CVE-2020-0193 (In ihevc_intra_pred_chroma_mode_3_to_9_av8 of ihevc_intra_pred_chroma_ ...) NOT-FOR-US: Android Media Framework CVE-2020-0192 (In ih264d_decode_slice_thread of ih264d_thread_parse_decode.c, there i ...) NOT-FOR-US: Android Media Framework CVE-2020-0191 (In ih264d_update_default_index_list() of ih264d_dpb_mgr.c, there is a ...) NOT-FOR-US: Android Media Framework CVE-2020-0190 (In ideint_weave_blk of ideint_utils.c, there is a possible out of boun ...) NOT-FOR-US: Android Media Framework CVE-2020-0189 (In ihevcd_decode() of ihevcd_decode.c, there is possible resource exha ...) NOT-FOR-US: Android Media Framework CVE-2020-0188 (In onCreatePermissionRequest of SettingsSliceProvider.java, there is a ...) NOT-FOR-US: Android CVE-2020-0187 (In engineSetMode of BaseBlockCipher.java, there is a possible incorrec ...) NOT-FOR-US: Android CVE-2020-0186 (In hal_fd_init of hal_fd.cc, there is a possible out of bounds write d ...) NOT-FOR-US: Android CVE-2020-0185 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0184 (In ihevcd_ref_list() of ihevcd_ref_list.c, there is a possible infinit ...) NOT-FOR-US: Android Media Framework CVE-2020-0183 (In handleMessage of BluetoothManagerService, there is an incomplete re ...) NOT-FOR-US: Android CVE-2020-0182 (In exif_entry_get_value of exif-entry.c, there is a possible out of bo ...) {DLA-2249-1} - libexif 0.6.22-1 (low) [buster] - libexif 0.6.21-5.1+deb10u4 [stretch] - libexif 0.6.21-2+deb9u4 NOTE: https://github.com/libexif/libexif/commit/f9bb9f263fb00f0603ecbefa8957cad24168cbff (0.6.22) NOTE: CVE originally originally reported by Android where a different patch was shipped CVE-2020-0181 (In exif_data_load_data_thumbnail of exif-data.c, there is a possible d ...) {DSA-4618-1 DLA-2100-1} - libexif 0.6.21-6 (bug #962346) NOTE: https://android.googlesource.com/platform/external/libexif/+/f6c54954cbfc25eb73d2d2902f0597c0220174a4 NOTE: Fixed by the patch for CVE-2019-9278 CVE-2020-0180 (In GetOpusHeaderBuffers() of OpusHeader.cpp, there is a possible out o ...) NOT-FOR-US: Android Media Framework CVE-2020-0179 (In doSendObjectInfo of MtpServer.cpp, there is a possible path travers ...) NOT-FOR-US: Android Media Framework CVE-2020-0178 (In getAllConfigFlags of SettingsProvider.cpp, there is a possible ille ...) NOT-FOR-US: Android CVE-2020-0177 (In connect() of PanService.java, there is a possible permissions bypas ...) NOT-FOR-US: Android CVE-2020-0176 (In avdt_msg_prs_rej of avdt_msg.cc, there is a possible out-of-bounds ...) NOT-FOR-US: Android CVE-2020-0175 (In XMF_ReadNode of eas_xmf.c, there is possible resource exhaustion du ...) NOT-FOR-US: Android Media Framework CVE-2020-0174 (In Parse_ptbl of eas_mdls.c, there is possible resource exhaustion due ...) NOT-FOR-US: Android Media Framework CVE-2020-0173 (In Parse_lins of eas_mdls.c, there is possible resource exhaustion due ...) NOT-FOR-US: Android Media Framework CVE-2020-0172 (In Parse_art of eas_mdls.c, there is possible resource exhaustion due ...) NOT-FOR-US: Android Media Framework CVE-2020-0171 (In Parse_lart of eas_mdls.c, there is possible resource exhaustion due ...) NOT-FOR-US: Android Media Framework CVE-2020-0170 (In IMY_Event of eas_imelody.c, there is possible resource exhaustion d ...) NOT-FOR-US: Android Media Framework CVE-2020-0169 (In RTTTL_Event of eas_rtttl.c, there is possible resource exhaustion d ...) NOT-FOR-US: Android Media Framework CVE-2020-0168 (In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv of impeg2_format_conv.c, the ...) NOT-FOR-US: Android Media Framework CVE-2020-0167 (In load of ResourceTypes.cpp, there is a possible out of bounds read d ...) NOT-FOR-US: Android CVE-2020-0166 (In multiple functions of URI.java, there is a possible escalation of p ...) NOT-FOR-US: Android CVE-2020-0165 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...) NOT-FOR-US: Android CVE-2020-0164 (In phNxpNciHal_NfcDep_cmd_ext of phNxpNciHal_NfcDepSWPrio.cc, there is ...) NOT-FOR-US: Android CVE-2020-0163 (In parseSampleAuxiliaryInformationSizes of MPEG4Extractor.cpp, there i ...) NOT-FOR-US: Android Media Framework CVE-2020-0162 (In parseSampleAuxiliaryInformationOffsets of MPEG4Extractor.cpp, there ...) NOT-FOR-US: Android Media Framework CVE-2020-0161 (In parseChunk of MPEG4Extractor.cpp, there is possible resource exhaus ...) NOT-FOR-US: Android Media Framework CVE-2020-0160 (In setSyncSampleParams of SampleTable.cpp, there is possible resource ...) NOT-FOR-US: Android Media Framework CVE-2020-0159 (In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds r ...) NOT-FOR-US: Android CVE-2020-0158 (In nfc_ncif_proc_t3t_polling_ntf of nfc_ncif.cc, there is a possible o ...) NOT-FOR-US: Android CVE-2020-0157 (In nfa_hci_conn_cback of nfa_hci_main.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2020-0156 (In NxpNfc::ioctl of NxpNfc.cpp, there is a possible out of bounds read ...) NOT-FOR-US: Android CVE-2020-0155 (In phNxpNciHal_send_ese_hal_cmd of phNxpNciHal_ext.cc, there is a poss ...) NOT-FOR-US: Android CVE-2020-0154 (In nci_proc_core_rsp of nci_hrcv.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0153 (In phNxpNciHal_write_ext of phNxpNciHal_ext.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0152 (In avb_vbmeta_image_verify of avb_vbmeta_image.c, there is a possible ...) NOT-FOR-US: Android Media Framework CVE-2020-0151 (In avb_vbmeta_image_verify of avb_vbmeta_image.c there is a possible o ...) NOT-FOR-US: Android Media Framework CVE-2020-0150 (In rw_t3t_message_set_block_list of rw_t3t.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0149 (In btu_hcif_mode_change_evt of btu_hcif.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2020-0148 (In btu_hcif_pin_code_request_evt, btu_hcif_link_key_request_evt, and b ...) NOT-FOR-US: Android CVE-2020-0147 (In btu_hcif_esco_connection_chg_evt of btu_hcif.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0146 (In btu_hcif_hardware_error_evt of btu_hcif.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0145 (In btm_simple_pair_complete of btm_sec.cc, there is a possible out of ...) NOT-FOR-US: Android CVE-2020-0144 (In btm_proc_sp_req_evt of btm_sec.cc, there is a possible out of bound ...) NOT-FOR-US: Android CVE-2020-0143 (In nfa_dm_ndef_find_next_handler of nfa_dm_ndef.c, there is a possible ...) NOT-FOR-US: Android CVE-2020-0142 (In rw_i93_sm_format of rw_i93.c, there is a possible information discl ...) NOT-FOR-US: Android CVE-2020-0141 (In OutputBuffersArray::realloc of CCodecBuffers.cpp, there is a possib ...) NOT-FOR-US: Android Media Framework CVE-2020-0140 (In rw_i93_sm_detect_ndef of rw_i93.c, there is a possible information ...) NOT-FOR-US: Android CVE-2020-0139 (In NDEF_MsgValidate of ndef_utils.c, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0138 (In get_element_attr_rsp of btif_rc.cc, there is a possible out of boun ...) NOT-FOR-US: Android CVE-2020-0137 (In setIPv6AddrGenMode of NetworkManagementService.java, there is a pos ...) NOT-FOR-US: Android CVE-2020-0136 (In multiple locations of Parcel.cpp, there is a possible out-of-bounds ...) NOT-FOR-US: Android CVE-2020-0135 (In dump of RollbackManagerServiceImpl.java, there is a possible backup ...) NOT-FOR-US: Android CVE-2020-0134 (In BnDrm::onTransact of IDrm.cpp, there is a possible information disc ...) NOT-FOR-US: Android Media Framework CVE-2020-0133 (In MockLocationAppPreferenceController.java, it is possible to mock th ...) NOT-FOR-US: Android CVE-2020-0132 (In BnAAudioService::onTransact of IAAudioService.cpp, there is a possi ...) NOT-FOR-US: Android Media Framework CVE-2020-0131 (In parseChunk of MPEG4Extractor.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android Media Framework CVE-2020-0130 (In screencap, there is a possible command injection due to improper in ...) NOT-FOR-US: Android CVE-2020-0129 (In SetData of btm_ble_multi_adv.cc, there is a possible out-of-bound w ...) NOT-FOR-US: Android CVE-2020-0128 (In addPacket of AMPEG4ElementaryAssembler, there is an out of bounds r ...) NOT-FOR-US: Android Media Framework CVE-2020-0127 (In AudioStream::decode of AudioGroup.cpp, there is a possible out of b ...) NOT-FOR-US: Android Media Framework CVE-2020-0126 (In multiple functions in DrmPlugin.cpp, there is a possible use after ...) NOT-FOR-US: Android Media Framework CVE-2020-0125 (In mediadrm, there is a possible out of bounds read due to a missing b ...) NOT-FOR-US: Android Media framework CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a possible ...) NOT-FOR-US: Android CVE-2020-0123 (There is a possible out of bounds write due to an incorrect bounds che ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0122 (In the permission declaration for com.google.android.providers.gsf.per ...) NOT-FOR-US: Android CVE-2020-0121 (In updateUidProcState of AppOpsService.java, there is a possible permi ...) NOT-FOR-US: Android CVE-2020-0120 (In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possib ...) NOT-FOR-US: Android Media Framework CVE-2020-0119 (In addOrUpdateNetworkInternal and related functions of WifiConfigManag ...) NOT-FOR-US: Android CVE-2020-0118 (In addListener of RegionSamplingThread.cpp, there is a possible out of ...) NOT-FOR-US: Android Media Framework CVE-2020-0117 (In aes_cmac of aes_cmac.cc, there is a possible out of bounds write du ...) NOT-FOR-US: Android CVE-2020-0116 (In checkSystemLocationAccess of LocationAccessPolicy.java, there is a ...) NOT-FOR-US: Android CVE-2020-0115 (In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is ...) NOT-FOR-US: Android CVE-2020-0114 (In onCreateSliceProvider of KeyguardSliceProvider.java, there is a pos ...) NOT-FOR-US: Android CVE-2020-0113 (In sendCaptureResult of Camera3OutputUtils.cpp, there is a possible ou ...) NOT-FOR-US: Android Media Framework CVE-2020-0112 RESERVED CVE-2020-0111 RESERVED CVE-2020-0110 (In psi_write of psi.c, there is a possible out of bounds write due to ...) - linux 5.5.13-1 [buster] - linux (Vulnerable code not present) [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://git.kernel.org/linus/6fcca0fa48118e6d63733eb4644c6cd880c15b8f (5.6-rc2) CVE-2020-0109 (In simulatePackageSuspendBroadcast of NotificationManagerService.java, ...) NOT-FOR-US: Android CVE-2020-0108 (In postNotification of ServiceRecord.java, there is a possible bypass ...) NOT-FOR-US: Android CVE-2020-0107 (In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0106 (In getCellLocation of PhoneInterfaceManager.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0105 (In onKeyguardVisibilityChanged of key_store_service.cpp, there is a mi ...) NOT-FOR-US: Android CVE-2020-0104 (In onShowingStateChanged of KeyguardStateMonitor.java, there is a poss ...) NOT-FOR-US: Android CVE-2020-0103 (In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0102 (In GattServer::SendResponse of gatt_server.cc, there is a possible out ...) NOT-FOR-US: Android CVE-2020-0101 (In BnCrypto::onTransact of ICrypto.cpp, there is a possible informatio ...) NOT-FOR-US: Android media framework CVE-2020-0100 (In onTransact of IHDCP.cpp, there is a possible out of bounds read due ...) NOT-FOR-US: Android media framework CVE-2020-0099 (In addWindow of WindowManagerService.java, there is a possible window ...) NOT-FOR-US: Android CVE-2020-0098 (In navigateUpToLocked of ActivityStack.java, there is a possible permi ...) NOT-FOR-US: Android CVE-2020-0097 (In various methods of PackageManagerService.java, there is a possible ...) NOT-FOR-US: Android CVE-2020-0096 (In startActivities of ActivityStartController.java, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0095 RESERVED NOT-FOR-US: Android Media Framework CVE-2020-0094 (In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possi ...) NOT-FOR-US: Android media framework CVE-2020-0093 (In exif_data_save_data_entry of exif-data.c, there is a possible out o ...) {DLA-2214-1} - libexif 0.6.21-8 [buster] - libexif 0.6.21-5.1+deb10u2 [stretch] - libexif 0.6.21-2+deb9u2 NOTE: https://github.com/libexif/libexif/issues/42 NOTE: https://github.com/libexif/libexif/commit/5ae5973bed1947f4d447dc80b76d5cefadd90133 CVE-2020-0092 (In setHideSensitive of NotificationStackScrollLayout.java, there is a ...) NOT-FOR-US: Android CVE-2020-0091 (In mnld, an incorrect configuration in driver_cfg of mnld for meta fac ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0090 (An improper authorization in the receiver component of Email.Product: ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0089 (In the audio server, there is a missing permission check. This could l ...) NOT-FOR-US: Android CVE-2020-0088 (In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible reso ...) NOT-FOR-US: Android Media Framework CVE-2020-0087 (In getProcessPss of ActivityManagerService.java, there is a possible s ...) NOT-FOR-US: Android CVE-2020-0086 (In readCString of Parcel.cpp, there is a possible out of bounds write ...) NOT-FOR-US: Android Media Framework CVE-2020-0085 (In setBluetoothTethering of PanService.java, there is a possible permi ...) NOT-FOR-US: Android CVE-2020-0084 (In several functions of NotificationManagerService.java, there are mis ...) NOT-FOR-US: Android CVE-2020-0083 (In setRequirePmfInternal of sta_network.cpp, there is a possible defau ...) NOT-FOR-US: Android CVE-2020-0082 (In ExternalVibration of ExternalVibration.java, there is a possible ac ...) NOT-FOR-US: Android CVE-2020-0081 (In finalize of AssetManager.java, there is possible memory corruption ...) NOT-FOR-US: Android CVE-2020-0080 (In onOpActiveChanged and related methods of AppOpsControllerImpl.java, ...) NOT-FOR-US: Android CVE-2020-0079 (In decrypt_1_2 of CryptoPlugin.cpp, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0078 (In releaseSecureStops of DrmPlugin.cpp, there is a possible out of bou ...) NOT-FOR-US: Android CVE-2020-0077 (In authorize_enroll of the FPC IRIS TrustZone app, there is a possible ...) NOT-FOR-US: Android CVE-2020-0076 (In get_auth_result of the FPC IRIS TrustZone app, there is a possible ...) NOT-FOR-US: Android CVE-2020-0075 (In set_shared_key of the FPC IRIS TrustZone app, there is a possible o ...) NOT-FOR-US: Android CVE-2020-0074 (In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is ...) NOT-FOR-US: Android CVE-2020-0073 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-0072 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-0071 (In rw_t2t_extract_default_locks_info of rw_t2t_ndef.cc, there is a pos ...) NOT-FOR-US: Android CVE-2020-0070 (In rw_t2t_update_lock_attributes of rw_t2t_ndef.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0069 (In the ioctl handlers of the Mediatek Command Queue driver, there is a ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0068 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0067 (In f2fs_xattr_generic_list of xattr.c, there is a possible out of boun ...) - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux (f2fs is not supportable) [jessie] - linux (f2fs is not supportable) NOTE: https://git.kernel.org/linus/688078e7f36c293dae25b338ddc9e0a2790f6e06 CVE-2020-0066 (In the netlink driver, there is a possible out of bounds write due to ...) - linux 4.2.5-1 [jessie] - linux 3.16.7-ckt20-1 NOTE: https://git.kernel.org/linus/db65a3aaf29ecce2e34271d52e8d2336b97bd9fe CVE-2020-0065 (An improper authorization in the receiver component of the Android Sui ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0064 (An improper authorization while processing the provisioning data.Produ ...) NOT-FOR-US: Mediatek components for Android CVE-2020-0063 (In SurfaceFlinger, it is possible to override UI confirmation screen p ...) NOT-FOR-US: Android CVE-2020-0062 (In Euicc, there is a possible information disclosure due to an include ...) NOT-FOR-US: Android CVE-2020-0061 (In Pixel Recorder, there is a possible permissions bypass allowing arb ...) NOT-FOR-US: Android CVE-2020-0060 (In query of SmsProvider.java and MmsSmsProvider.java, there is a possi ...) NOT-FOR-US: Android CVE-2020-0059 (In btm_ble_batchscan_filter_track_adv_vse_cback of btm_ble_batchscan.c ...) NOT-FOR-US: Android CVE-2020-0058 (In l2c_rcv_acl_data of l2c_main.cc, there is a possible out of bounds ...) NOT-FOR-US: Android CVE-2020-0057 (In btm_process_inq_results of btm_inq.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2020-0056 (In btu_hcif_connection_comp_evt of btu_hcif.cc, there is a possible ou ...) NOT-FOR-US: Android CVE-2020-0055 (In l2c_link_process_num_completed_pkts of l2c_link.cc, there is a poss ...) NOT-FOR-US: Android CVE-2020-0054 (In WifiNetworkSuggestionsManager of WifiNetworkSuggestionsManager.java ...) NOT-FOR-US: Android CVE-2020-0053 (In convertHidlNanDataPathInitiatorRequestToLegacy, and convertHidlNanD ...) NOT-FOR-US: Android CVE-2020-0052 (In smsSelected of AnswerFragment.java, there is a way to send an SMS f ...) NOT-FOR-US: Android CVE-2020-0051 (In onCreate of SettingsHomepageActivity, there is a possible tapjackin ...) NOT-FOR-US: Android CVE-2020-0050 (In nfa_hciu_send_msg of nfa_hci_utils.cc, there is a possible out of b ...) NOT-FOR-US: Android CVE-2020-0049 (In onReadBuffer() of StreamingSource.cpp, there is a possible informat ...) NOT-FOR-US: Android media framework CVE-2020-0048 (In onTransact of IAudioFlinger.cpp, there is a possible stack informat ...) NOT-FOR-US: Android media framework CVE-2020-0047 (In setMasterMute of AudioService.java, there is a missing permission c ...) NOT-FOR-US: Android media framework CVE-2020-0046 (In DrmPlugin::releaseSecureStops of DrmPlugin.cpp, there is a possible ...) NOT-FOR-US: Android media framework CVE-2020-0045 (In StatsService::command of StatsService.cpp, there is possible memory ...) NOT-FOR-US: Android CVE-2020-0044 (In set_nonce of fpc_ta_qc_auth.c, there is a possible out of bounds re ...) NOT-FOR-US: FPC components for Android CVE-2020-0043 (In authorize_enrol of fpc_ta_hw_auth.c, there is a possible out of bou ...) NOT-FOR-US: FPC components for Android CVE-2020-0042 (In fpc_ta_hw_auth_unwrap_key of fpc_ta_hw_auth_qsee.c, there is a poss ...) NOT-FOR-US: FPC components for Android CVE-2020-0041 (In binder_transaction of binder.c, there is a possible out of bounds w ...) - linux 5.4.6-1 [buster] - linux (Vulnerability introduced later) [stretch] - linux (Vulnerability introduced later) [jessie] - linux (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/16981742717b04644a41052570fb502682a315d2 CVE-2020-0040 RESERVED NOTE: Duplicate of CVE-2019-15239, will be rejected CVE-2020-0039 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...) NOT-FOR-US: Android CVE-2020-0038 (In rw_i93_sm_update_ndef of rw_i93.cc, there is a possible read of uni ...) NOT-FOR-US: Android CVE-2020-0037 (In rw_i93_sm_set_read_only of rw_i93.cc, there is a possible out of bo ...) NOT-FOR-US: Android CVE-2020-0036 (In hasPermissions of PermissionMonitor.java, there is a possible acces ...) NOT-FOR-US: Android CVE-2020-0035 (In query of TelephonyProvider.java, there is a possible access to SIM ...) NOT-FOR-US: Android CVE-2020-0034 (In vp8_decode_frame of decodeframe.c, there is a possible out of bound ...) {DLA-2829-1 DLA-2136-1} - libvpx 1.7.0-3 NOTE: https://github.com/webmproject/libvpx/commit/45daecb4f73a47ab3236a29a3a48c52324cbf19a CVE-2020-0033 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...) NOT-FOR-US: Android media framework CVE-2020-0032 (In ih264d_release_display_bufs of ih264d_utils.c, there is a possible ...) NOT-FOR-US: Android media framework CVE-2020-0031 (In triggerAugmentedAutofillLocked and related functions of Session.jav ...) NOT-FOR-US: Android CVE-2020-0030 (In binder_thread_release of binder.c, there is a possible use after fr ...) - linux 4.15.11-1 NOTE: Fixed by: https://git.kernel.org/linus/5eeb2ca02a2f6084fc57ae5c244a38baab07033a CVE-2020-0029 (In the WifiConfigManager, there is a possible storage of location hist ...) NOT-FOR-US: Android CVE-2020-0028 (In notifyNetworkTested and related functions of NetworkMonitor.java, t ...) NOT-FOR-US: Android CVE-2020-0027 (In HidRawSensor::batch of HidRawSensor.cpp, there is a possible out of ...) NOT-FOR-US: Android CVE-2020-0026 (In Parcel::continueWrite of Parcel.cpp, there is possible memory corru ...) NOT-FOR-US: Android CVE-2020-0025 (In deletePackageVersionedInternal of PackageManagerService.java, there ...) NOT-FOR-US: Android CVE-2020-0024 (In onCreate of SettingsBaseActivity.java, there is a possible unauthor ...) NOT-FOR-US: Android CVE-2020-0023 (In setPhonebookAccessPermission of AdapterService.java, there is a pos ...) NOT-FOR-US: Android CVE-2020-0022 (In reassemble_and_dispatch of packet_fragmenter.cc, there is possible ...) NOT-FOR-US: Android CVE-2020-0021 (In removeUnusedPackagesLPw of PackageManagerService.java, there is a p ...) NOT-FOR-US: Android CVE-2020-0020 (In getAttributeRange of ExifInterface.java, there is a possible failur ...) NOT-FOR-US: Android CVE-2020-0019 (In the Broadcom Nexus firmware, there is an insecure default password. ...) NOT-FOR-US: Broadcom components for Android CVE-2020-0018 (In MotionEntry::appendDescription of InputDispatcher.cpp, there is a p ...) NOT-FOR-US: Android CVE-2020-0017 (In multiple places, it was possible for the primary user’s dicti ...) NOT-FOR-US: Android CVE-2020-0016 (In the Broadcom Nexus firmware, there is an insecure default password. ...) NOT-FOR-US: Broadcom components for Android CVE-2020-0015 (In onCreate of CertInstaller.java, there is a possible way to overlay ...) NOT-FOR-US: Android CVE-2020-0014 (It is possible for a malicious application to construct a TYPE_TOAST w ...) NOT-FOR-US: Android CVE-2020-0013 RESERVED CVE-2020-0012 (In fpc_ta_pn_get_unencrypted_image of fpc_ta_pn.c, there is a possible ...) NOT-FOR-US: FPC components for Android CVE-2020-0011 (In get_auth_result of fpc_ta_hw_auth.c, there is a possible out of bou ...) NOT-FOR-US: FPC components for Android CVE-2020-0010 (In fpc_ta_get_build_info of fpc_ta_kpi.c, there is a possible out of b ...) NOT-FOR-US: FPC components for Android CVE-2020-0009 (In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write ...) {DLA-2241-1} - linux 5.5.13-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1949 CVE-2020-0008 (In LowEnergyClient::MtuChangedCallback of low_energy_client.cc, there ...) NOT-FOR-US: Android CVE-2020-0007 (In flattenString8 of Sensor.cpp, there is a possible information discl ...) NOT-FOR-US: Android CVE-2020-0006 (In rw_i93_send_cmd_write_single_block of rw_i93.cc, there is a possibl ...) NOT-FOR-US: Android CVE-2020-0005 (In btm_read_remote_ext_features_complete of btm_acl.cc, there is a pos ...) NOT-FOR-US: Android CVE-2020-0004 (In generateCrop of WallpaperManagerService.java, there is a possible s ...) NOT-FOR-US: Android CVE-2020-0003 (In onCreate of InstallStart.java, there is a possible package validati ...) NOT-FOR-US: Android CVE-2020-0002 (In ih264d_init_decoder of ih264d_api.c, there is a possible out of bou ...) NOT-FOR-US: Android Media Framework CVE-2020-0001 (In getProcessRecordLocked of ActivityManagerService.java isolated apps ...) NOT-FOR-US: Android