From 2bbcdc913f19733990d81bd90857d85b490d87d3 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 29 Oct 2020 08:10:14 +0000 Subject: automatic update --- data/CVE/list | 92 ++++++++++++++++++++++++++++++++++++----------------------- 1 file changed, 57 insertions(+), 35 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index d0d18bbc4c..9133c6291c 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,25 @@ +CVE-2020-27991 + RESERVED +CVE-2020-27990 + RESERVED +CVE-2020-27989 + RESERVED +CVE-2020-27988 + RESERVED +CVE-2020-27987 + RESERVED +CVE-2020-27986 (** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discov ...) + TODO: check +CVE-2020-27985 + RESERVED +CVE-2020-27984 + RESERVED +CVE-2020-27983 + RESERVED +CVE-2020-27982 + RESERVED +CVE-2020-27981 (An XSS vulnerability in the auto-complete function of the description ...) + TODO: check CVE-2020-27980 (Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WL ...) NOT-FOR-US: Genexis Platinum-4410 P4410-V2-1.28 devices CVE-2020-27979 @@ -6188,8 +6210,8 @@ CVE-2020-25376 RESERVED CVE-2020-25375 (Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affect ...) NOT-FOR-US: Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM -CVE-2020-25374 - RESERVED +CVE-2020-25374 (CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers t ...) + TODO: check CVE-2020-25373 RESERVED CVE-2020-25372 @@ -7650,20 +7672,20 @@ CVE-2020-24715 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Valid NOT-FOR-US: Scalyr CVE-2020-24714 (The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation ...) NOT-FOR-US: Scalyr -CVE-2020-24713 - RESERVED -CVE-2020-24712 - RESERVED -CVE-2020-24711 - RESERVED -CVE-2020-24710 - RESERVED -CVE-2020-24709 - RESERVED -CVE-2020-24708 - RESERVED -CVE-2020-24707 - RESERVED +CVE-2020-24713 (Gophish through 0.10.1 does not invalidate the gophish cookie upon log ...) + TODO: check +CVE-2020-24712 (Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via ...) + TODO: check +CVE-2020-24711 (The Reset button on the Account Settings page in Gophish before 0.11.0 ...) + TODO: check +CVE-2020-24710 (Gophish before 0.11.0 allows SSRF attacks. ...) + TODO: check +CVE-2020-24709 (Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via ...) + TODO: check +CVE-2020-24708 (Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via ...) + TODO: check +CVE-2020-24707 (Gophish before 0.11.0 allows the creation of CSV sheets that contain m ...) + TODO: check CVE-2020-24706 (An issue was discovered in certain WSO2 products. The Try It tool allo ...) NOT-FOR-US: WSO2 CVE-2020-24705 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...) @@ -37123,7 +37145,7 @@ CVE-2020-11855 (An Authorization Bypass vulnerability on Micro Focus Operation B NOT-FOR-US: Micro Focus CVE-2020-11854 (Arbitrary code execution vlnerability in Operation bridge Manager, App ...) NOT-FOR-US: Micro Focus -CVE-2020-11853 (An arbitrary code execution vulnerability exists in Micro Focus Operat ...) +CVE-2020-11853 (Arbitrary code execution vulnerability affecting multiple Micro Focus ...) NOT-FOR-US: Micro Focus CVE-2020-11852 (DKIM key management page vulnerability on Micro Focus Secure Messaging ...) NOT-FOR-US: Micro Focus @@ -38040,10 +38062,10 @@ CVE-2020-11618 (THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA DVB-T2 2.2.1 set NOT-FOR-US: THOMSON CVE-2020-11617 (The RSS application on THOMSON THT741FTA 2.2.1 and Philips DTR3502BFTA ...) NOT-FOR-US: THOMSON -CVE-2020-11616 - RESERVED -CVE-2020-11615 - RESERVED +CVE-2020-11616 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...) + TODO: check +CVE-2020-11615 (NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contai ...) + TODO: check CVE-2020-11614 (Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as w ...) NOT-FOR-US: Mids' Reborn Hero Designer CVE-2020-11613 (Mids' Reborn Hero Designer 2.6.0.7 has an elevation of privilege vulne ...) @@ -38637,20 +38659,20 @@ CVE-2020-11491 (Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authe NOT-FOR-US: Zen Load Balancer CVE-2020-11490 (Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authent ...) NOT-FOR-US: Zen Load Balancer -CVE-2020-11489 - RESERVED -CVE-2020-11488 - RESERVED -CVE-2020-11487 - RESERVED -CVE-2020-11486 - RESERVED -CVE-2020-11485 - RESERVED -CVE-2020-11484 - RESERVED -CVE-2020-11483 - RESERVED +CVE-2020-11489 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + TODO: check +CVE-2020-11488 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + TODO: check +CVE-2020-11487 (NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. ...) + TODO: check +CVE-2020-11486 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + TODO: check +CVE-2020-11485 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + TODO: check +CVE-2020-11484 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + TODO: check +CVE-2020-11483 (NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38 ...) + TODO: check CVE-2019-20635 (codeBeamer before 9.5.0-RC3 does not properly restrict the ability to ...) NOT-FOR-US: codeBeamer CVE-2020-11501 (GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The e ...) -- cgit v1.2.3