From a48b17a3bb72b4a74fbd4664af2a5807187290b0 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 20 Oct 2020 08:10:14 +0000 Subject: automatic update --- data/CVE/list.2019 | 4 +-- data/CVE/list.2020 | 82 +++++++++++++++++++++++++++++++++--------------------- 2 files changed, 52 insertions(+), 34 deletions(-) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 1619847c7f..24344fcdf2 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -18833,8 +18833,8 @@ CVE-2019-13635 (The WP Fastest Cache plugin through 0.8.9.5 for WordPress allows NOT-FOR-US: WP Fastest Cache plugin for WordPress CVE-2019-13634 RESERVED -CVE-2019-13633 - RESERVED +CVE-2019-13633 (Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS. An attack ...) + TODO: check CVE-2019-13632 RESERVED CVE-2019-13631 (In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the L ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 0165da458d..d2cd1f61bf 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1,3 +1,21 @@ +CVE-2020-27344 + RESERVED +CVE-2020-27343 + RESERVED +CVE-2020-27342 + RESERVED +CVE-2020-27341 + RESERVED +CVE-2020-27340 + RESERVED +CVE-2020-27339 + RESERVED +CVE-2020-27338 + RESERVED +CVE-2020-27337 + RESERVED +CVE-2020-27336 + RESERVED CVE-2020-27335 RESERVED CVE-2020-27334 @@ -6309,10 +6327,10 @@ CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape th NOT-FOR-US: EyesOfNetwork (EON) CVE-2020-24389 RESERVED -CVE-2020-24388 - RESERVED -CVE-2020-24387 - RESERVED +CVE-2020-24388 (An issue was discovered in the _send_secure_msg() function of yubihsm- ...) + TODO: check +CVE-2020-24387 (An issue was discovered in the yh_create_session() function of yubihsm ...) + TODO: check CVE-2020-24386 RESERVED CVE-2020-24385 (In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD be ...) @@ -25238,12 +25256,12 @@ CVE-2020-15265 RESERVED CVE-2020-15264 RESERVED -CVE-2020-15263 - RESERVED -CVE-2020-15262 - RESERVED -CVE-2020-15261 - RESERVED +CVE-2020-15263 (In platform before version 9.4.4, inline attributes are not properly e ...) + TODO: check +CVE-2020-15262 (In webpack-subresource-integrity before version 1.5.1, all dynamically ...) + TODO: check +CVE-2020-15261 (On Windows the Veyon Service before version 4.4.2 contains an unquoted ...) + TODO: check CVE-2020-15260 RESERVED CVE-2020-15259 @@ -25252,8 +25270,8 @@ CVE-2020-15258 (In Wire before 3.20.x, `shell.openExternal` was used without che NOT-FOR-US: Wire app CVE-2020-15257 RESERVED -CVE-2020-15256 - RESERVED +CVE-2020-15256 (A prototype pollution vulnerability has been found in `object-path` &l ...) + TODO: check CVE-2020-15255 (In Anuko Time Tracker before verion 1.19.23.5325, due to not properly ...) NOT-FOR-US: Anuko Time Tracker CVE-2020-15254 (Crossbeam is a set of tools for concurrent programming. In crossbeam-c ...) @@ -25276,8 +25294,8 @@ CVE-2020-15247 RESERVED CVE-2020-15246 RESERVED -CVE-2020-15245 - RESERVED +CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...) + TODO: check CVE-2020-15244 RESERVED CVE-2020-15243 (Affected versions of Smartstore have a missing WebApi Authentication a ...) @@ -28512,8 +28530,8 @@ CVE-2020-13939 REJECTED CVE-2020-13938 RESERVED -CVE-2020-13937 - RESERVED +CVE-2020-13937 (Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2 ...) + TODO: check CVE-2020-13936 RESERVED CVE-2020-13935 (The payload length in a WebSocket frame was not correctly validated in ...) @@ -36647,8 +36665,8 @@ CVE-2020-10748 (A flaw was found in Keycloak's data filter, in version 10.0.1, w NOT-FOR-US: Keycloak CVE-2020-10747 REJECTED -CVE-2020-10746 - RESERVED +CVE-2020-10746 (A flaw was found in Infinispan version 10, where it permits local acce ...) + TODO: check CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 4.11.11 ...) - samba 2:4.12.5+dfsg-1 [buster] - samba (Minor issue, fix along in next DSA) @@ -40186,8 +40204,8 @@ CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections agai NOT-FOR-US: phpMyChat-Plus CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...) NOT-FOR-US: ESET -CVE-2020-9263 - RESERVED +CVE-2020-9263 (HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWE ...) + TODO: check CVE-2020-9262 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: HUAWEI CVE-2020-9261 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) @@ -40486,12 +40504,12 @@ CVE-2020-9115 RESERVED CVE-2020-9114 RESERVED -CVE-2020-9113 - RESERVED -CVE-2020-9112 - RESERVED -CVE-2020-9111 - RESERVED +CVE-2020-9113 (HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buf ...) + TODO: check +CVE-2020-9112 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a priv ...) + TODO: check +CVE-2020-9111 (E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E ...) + TODO: check CVE-2020-9110 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an inf ...) NOT-FOR-US: Huawei CVE-2020-9109 (There is an information disclosure vulnerability in several smartphone ...) @@ -40528,8 +40546,8 @@ CVE-2020-9094 RESERVED CVE-2020-9093 RESERVED -CVE-2020-9092 - RESERVED +CVE-2020-9092 (HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a Ja ...) + TODO: check CVE-2020-9091 (Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out ...) NOT-FOR-US: Huawei CVE-2020-9090 (FusionAccess version 6.5.1 has an improper authorization vulnerability ...) @@ -47811,10 +47829,10 @@ CVE-2020-6087 (An exploitable denial of service vulnerability exists in the ENIP NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6086 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) NOT-FOR-US: Allen-Bradley Flex IO -CVE-2020-6085 - RESERVED -CVE-2020-6084 - RESERVED +CVE-2020-6085 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) + TODO: check +CVE-2020-6084 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) + TODO: check CVE-2020-6083 (An exploitable denial of service vulnerability exists in the ENIP Requ ...) NOT-FOR-US: Allen-Bradley Flex IO CVE-2020-6082 (An exploitable out-of-bounds write vulnerability exists in the ico_rea ...) -- cgit v1.2.3