From 0546cd8332cf64c2c2e71b85b23f5a0c6eb2d324 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 6 Apr 2020 20:10:23 +0000 Subject: automatic update --- data/CVE/list.2019 | 4 +-- data/CVE/list.2020 | 85 +++++++++++++++++++++++++++--------------------------- 2 files changed, 44 insertions(+), 45 deletions(-) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 7c6eac3ee5..be6ec0bd56 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -2460,8 +2460,8 @@ CVE-2019-19701 RESERVED CVE-2019-19700 RESERVED -CVE-2019-19699 - RESERVED +CVE-2019-19699 (There is Authenticated remote code execution in Centreon Infrastructur ...) + TODO: check CVE-2019-19698 (marc-q libwav through 2017-04-20 has a NULL pointer dereference in wav ...) NOT-FOR-US: libwav CVE-2019-19697 (An arbitrary code execution vulnerability exists in the Trend Micro Se ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 8c623abd58..2946bd3184 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -59,10 +59,10 @@ CVE-2020-11547 (PRTG Network Monitor before 20.1.57.1745 allows remote unauthent NOT-FOR-US: PRTG Network Monitor CVE-2020-11546 RESERVED -CVE-2020-11545 - RESERVED -CVE-2020-11544 - RESERVED +CVE-2020-11545 (Project Worlds Official Car Rental System 1 is vulnerable to multiple ...) + TODO: check +CVE-2020-11544 (An issue was discovered in Project Worlds Official Car Rental System 1 ...) + TODO: check CVE-2020-11543 RESERVED CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) @@ -135,8 +135,8 @@ CVE-2020-11509 RESERVED CVE-2020-11508 RESERVED -CVE-2020-11507 - RESERVED +CVE-2020-11507 (An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0. ...) + TODO: check CVE-2020-11506 RESERVED CVE-2020-11505 @@ -970,8 +970,7 @@ CVE-2020-11104 (An issue was discovered in USC iLab cereal through 1.3.0. Serial NOT-FOR-US: USC iLab cereal CVE-2020-11103 RESERVED -CVE-2020-11102 [tulip: OOB access in tulip_copy_tx_buffers] - RESERVED +CVE-2020-11102 (hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying ...) - qemu - qemu-kvm NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/1 @@ -2793,14 +2792,14 @@ CVE-2020-10269 RESERVED CVE-2020-10268 RESERVED -CVE-2020-10267 - RESERVED -CVE-2020-10266 - RESERVED -CVE-2020-10265 - RESERVED -CVE-2020-10264 - RESERVED +CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...) + TODO: check +CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...) + TODO: check +CVE-2020-10265 (Universal Robots Robot Controllers Version CB2 SW Version 1.4 upwards, ...) + TODO: check +CVE-2020-10264 (CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards al ...) + TODO: check CVE-2020-10263 RESERVED CVE-2020-10262 @@ -4484,7 +4483,7 @@ CVE-2020-9475 CVE-2020-9474 RESERVED CVE-2020-9473 - RESERVED + REJECTED CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...) NOT-FOR-US: Umbraco CMS CVE-2020-9471 (Umbraco Cloud 8.5.3 allows an authenticated file upload (and consequen ...) @@ -7697,8 +7696,8 @@ CVE-2020-8006 RESERVED CVE-2020-8005 RESERVED -CVE-2020-8004 - RESERVED +CVE-2020-8004 (STMicroelectronics STM32F1 devices have Incorrect Access Control. ...) + TODO: check CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...) - virglrenderer 0.8.2-1 (bug #949954) [buster] - virglrenderer (Minor issue) @@ -8468,24 +8467,24 @@ CVE-2020-7641 RESERVED CVE-2020-7640 RESERVED -CVE-2020-7639 - RESERVED -CVE-2020-7638 - RESERVED -CVE-2020-7637 - RESERVED -CVE-2020-7636 - RESERVED -CVE-2020-7635 - RESERVED -CVE-2020-7634 - RESERVED -CVE-2020-7633 - RESERVED -CVE-2020-7632 - RESERVED -CVE-2020-7631 - RESERVED +CVE-2020-7639 (eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.T ...) + TODO: check +CVE-2020-7638 (confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDe ...) + TODO: check +CVE-2020-7637 (class-transformer through 0.2.3 is vulnerable to Prototype Pollution. ...) + TODO: check +CVE-2020-7636 (adb-driver through 0.1.8 is vulnerable to Command Injection.It allows ...) + TODO: check +CVE-2020-7635 (compass-compile through 0.0.1 is vulnerable to Command Injection.It al ...) + TODO: check +CVE-2020-7634 (heroku-addonpool through 0.1.15 is vulnerable to Command Injection. ...) + TODO: check +CVE-2020-7633 (apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injectio ...) + TODO: check +CVE-2020-7632 (node-mpv through 1.4.3 is vulnerable to Command Injection. It allows e ...) + TODO: check +CVE-2020-7631 (diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allow ...) + TODO: check CVE-2020-7630 (git-add-remote through 1.0.0 is vulnerable to Command Injection. It al ...) NOT-FOR-US: git-add-remote node module CVE-2020-7629 (install-package through 0.4.0 is vulnerable to Command Injection. It a ...) @@ -8502,8 +8501,8 @@ CVE-2020-7624 (effect through 1.0.4 is vulnerable to Command Injection. It allow NOT-FOR-US: effect node module CVE-2020-7623 (jscover through 1.0.0 is vulnerable to Command Injection. It allows ex ...) NOT-FOR-US: Node jscover -CVE-2020-7622 - RESERVED +CVE-2020-7622 (All versions before 2.2.1 are vulnerable to HTTP Response Splitting. T ...) + TODO: check CVE-2020-7621 (strong-nginx-controller through 1.0.2 is vulnerable to Command Injecti ...) NOT-FOR-US: Node strong-nginx-controller CVE-2020-7620 (pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It all ...) @@ -13627,8 +13626,8 @@ CVE-2020-5302 RESERVED CVE-2020-5301 RESERVED -CVE-2020-5300 - RESERVED +CVE-2020-5300 (In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect ...) + TODO: check CVE-2020-5299 RESERVED CVE-2020-5298 @@ -21139,8 +21138,8 @@ CVE-2020-1730 CVE-2020-1729 RESERVED NOT-FOR-US: SmallRye Config -CVE-2020-1728 - RESERVED +CVE-2020-1728 (A vulnerability was found in all versions of Keycloak where, the pages ...) + TODO: check CVE-2020-1727 RESERVED CVE-2020-1726 (A flaw was discovered in Podman where it incorrectly allows containers ...) -- cgit v1.2.3