From d1f4aff4b41569de3e3db3fa7350b328fc9b3d51 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 29 Oct 2020 20:10:31 +0000 Subject: automatic update --- data/CVE/list | 176 ++++++++++++++++++++++++++++++++-------------------------- 1 file changed, 98 insertions(+), 78 deletions(-) (limited to 'data/CVE/list') diff --git a/data/CVE/list b/data/CVE/list index e34995af63..d256b7c351 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,21 @@ +CVE-2020-28000 + RESERVED +CVE-2020-27999 + RESERVED +CVE-2020-27998 (An issue was discovered in FastReport before 2020.4.0. It lacks a Scri ...) + TODO: check +CVE-2020-27997 + RESERVED +CVE-2020-27996 (An issue was discovered in SmartStoreNET before 4.0.1. It does not pro ...) + TODO: check +CVE-2020-27995 (SQL Injection in Zoho ManageEngine Applications Manager 14 before 1456 ...) + TODO: check +CVE-2020-27994 + RESERVED +CVE-2020-27993 (Hrsale 2.0.0 allows download?type=files&filename=../ directory tra ...) + TODO: check +CVE-2020-27992 + RESERVED CVE-2020-27991 RESERVED CVE-2020-27990 @@ -406,10 +424,10 @@ CVE-2021-0202 RESERVED CVE-2021-0201 RESERVED -CVE-2020-27887 - RESERVED -CVE-2020-27886 - RESERVED +CVE-2020-27887 (An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authent ...) + TODO: check +CVE-2020-27886 (An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. T ...) + TODO: check CVE-2020-27885 RESERVED CVE-2020-27884 @@ -686,14 +704,14 @@ CVE-2020-27749 RESERVED CVE-2020-27748 RESERVED -CVE-2020-27747 - RESERVED +CVE-2020-27747 (An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973 ...) + TODO: check CVE-2020-27746 RESERVED CVE-2020-27745 RESERVED -CVE-2020-27744 - RESERVED +CVE-2020-27744 (An issue was discovered on Western Digital My Cloud NAS devices before ...) + TODO: check CVE-2020-27743 (libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAN ...) - libpam-tacplus (bug #973250) NOTE: https://github.com/kravietz/pam_tacplus/pull/163 @@ -1265,28 +1283,28 @@ CVE-2020-27660 RESERVED CVE-2020-27659 RESERVED -CVE-2020-27658 - RESERVED -CVE-2020-27657 - RESERVED -CVE-2020-27656 - RESERVED -CVE-2020-27655 - RESERVED -CVE-2020-27654 - RESERVED -CVE-2020-27653 - RESERVED -CVE-2020-27652 - RESERVED -CVE-2020-27651 - RESERVED -CVE-2020-27650 - RESERVED -CVE-2020-27649 - RESERVED -CVE-2020-27648 - RESERVED +CVE-2020-27658 (Synology Router Manager (SRM) before 1.2.4-8081 does not include the H ...) + TODO: check +CVE-2020-27657 (Cleartext transmission of sensitive information vulnerability in DDNS ...) + TODO: check +CVE-2020-27656 (Cleartext transmission of sensitive information vulnerability in DDNS ...) + TODO: check +CVE-2020-27655 (Improper access control vulnerability in Synology Router Manager (SRM) ...) + TODO: check +CVE-2020-27654 (Improper access control vulnerability in lbd in Synology Router Manage ...) + TODO: check +CVE-2020-27653 (Algorithm downgrade vulnerability in QuickConnect in Synology Router M ...) + TODO: check +CVE-2020-27652 (Algorithm downgrade vulnerability in QuickConnect in Synology DiskStat ...) + TODO: check +CVE-2020-27651 (Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secur ...) + TODO: check +CVE-2020-27650 (Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set t ...) + TODO: check +CVE-2020-27649 (Improper certificate validation vulnerability in OpenVPN client in Syn ...) + TODO: check +CVE-2020-27648 (Improper certificate validation vulnerability in OpenVPN client in Syn ...) + TODO: check CVE-2020-27647 RESERVED CVE-2020-27646 (Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1 ...) @@ -2919,6 +2937,7 @@ CVE-2020-26872 CVE-2020-26871 RESERVED CVE-2020-26870 (Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs becaus ...) + {DLA-2419-1} - dompurify.js NOTE: https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ NOTE: https://github.com/cure53/DOMPurify/commit/02724b8eb048dd219d6725b05c3000936f11d62d @@ -5282,8 +5301,8 @@ CVE-2020-25791 (An issue was discovered in the sized-chunks crate through 0.6.2 - rust-sized-chunks (bug #970586) NOTE: https://rustsec.org/advisories/RUSTSEC-2020-0041.html NOTE: https://github.com/bodil/sized-chunks/issues/11 -CVE-2020-25780 - RESERVED +CVE-2020-25780 (In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before ...) + TODO: check CVE-2020-25779 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in w ...) NOT-FOR-US: Trend Micro CVE-2020-25778 (Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a ...) @@ -5924,8 +5943,8 @@ CVE-2020-25518 RESERVED CVE-2020-25517 RESERVED -CVE-2020-25516 - RESERVED +CVE-2020-25516 (WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-si ...) + TODO: check CVE-2020-25515 (Sourcecodester Simple Library Management System 1.0 is affected by Ins ...) NOT-FOR-US: Sourcecodester Simple Library Management System CVE-2020-25514 (Sourcecodester Simple Library Management System 1.0 is affected by Inc ...) @@ -14692,8 +14711,8 @@ CVE-2020-21268 RESERVED CVE-2020-21267 RESERVED -CVE-2020-21266 - RESERVED +CVE-2020-21266 (Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) ...) + TODO: check CVE-2020-21265 RESERVED CVE-2020-21264 @@ -48389,8 +48408,8 @@ CVE-2020-7748 (This affects the package @tsed/core before 5.65.7. This vulnerabi NOT-FOR-US: Ts.ED CVE-2020-7747 (This affects all versions of package lightning-server. It is possible ...) NOT-FOR-US: lightning-server nodejs module -CVE-2020-7746 - RESERVED +CVE-2020-7746 (This affects the package chart.js before 2.9.4. The options parameter ...) + TODO: check CVE-2020-7745 (This affects the package MintegralAdSDK before 6.6.0.0. The SDK distri ...) NOT-FOR-US: MintegralAdSDK CVE-2020-7744 (This affects all versions of package com.mintegral.msdk:alphab. The An ...) @@ -49194,8 +49213,8 @@ CVE-2020-7386 RESERVED CVE-2020-7385 RESERVED -CVE-2020-7384 - RESERVED +CVE-2020-7384 (Rapid7's Metasploit msfvenom framework handles APK files in a way that ...) + TODO: check CVE-2020-7383 (A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that m ...) NOT-FOR-US: Rapid7 Nexpose CVE-2020-7382 (Rapid7 Nexpose installer version prior to 6.6.40 contains an Unquoted ...) @@ -53006,22 +53025,22 @@ CVE-2020-5940 RESERVED CVE-2020-5939 RESERVED -CVE-2020-5938 - RESERVED -CVE-2020-5937 - RESERVED -CVE-2020-5936 - RESERVED -CVE-2020-5935 - RESERVED -CVE-2020-5934 - RESERVED -CVE-2020-5933 - RESERVED -CVE-2020-5932 - RESERVED -CVE-2020-5931 - RESERVED +CVE-2020-5938 (On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when ...) + TODO: check +CVE-2020-5937 (On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM ...) + TODO: check +CVE-2020-5936 (On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 1 ...) + TODO: check +CVE-2020-5935 (On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Con ...) + TODO: check +CVE-2020-5934 (On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, w ...) + TODO: check +CVE-2020-5933 (On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0- ...) + TODO: check +CVE-2020-5932 (On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerabil ...) + TODO: check +CVE-2020-5931 (On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12 ...) + TODO: check CVE-2020-5930 (In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12 ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5929 (In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, B ...) @@ -55849,8 +55868,8 @@ CVE-2020-4866 RESERVED CVE-2020-4865 RESERVED -CVE-2020-4864 - RESERVED +CVE-2020-4864 (IBM Resilient SOAR V38.0 could allow an attacker on the internal net w ...) + TODO: check CVE-2020-4863 RESERVED CVE-2020-4862 @@ -56129,14 +56148,14 @@ CVE-2020-4726 RESERVED CVE-2020-4725 RESERVED -CVE-2020-4724 - RESERVED -CVE-2020-4723 - RESERVED -CVE-2020-4722 - RESERVED -CVE-2020-4721 - RESERVED +CVE-2020-4724 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) + TODO: check +CVE-2020-4723 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) + TODO: check +CVE-2020-4722 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) + TODO: check +CVE-2020-4721 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) + TODO: check CVE-2020-4720 RESERVED CVE-2020-4719 @@ -75432,6 +75451,7 @@ CVE-2019-16731 (The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 an CVE-2019-16730 (processCommandUpgrade() in libcommon.so in Petwant PF-103 firmware 4.2 ...) NOT-FOR-US: Petwant PF-103 and Petalk AI CVE-2019-16728 (DOMPurify before 2.0.1 allows XSS because of innerHTML mutation XSS (m ...) + {DLA-2419-1} - dompurify.js NOTE: https://research.securitum.com/dompurify-bypass-using-mxss/ CVE-2019-16746 (An issue was discovered in net/wireless/nl80211.c in the Linux kernel ...) @@ -111765,8 +111785,8 @@ CVE-2019-4565 (IBM Security Key Lifecycle Manager 3.0 and 3.0.1 does not require NOT-FOR-US: IBM CVE-2019-4564 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnera ...) NOT-FOR-US: IBM -CVE-2019-4563 - RESERVED +CVE-2019-4563 (IBM Security Directory Server 6.4.0 does not set the secure attribute ...) + TODO: check CVE-2019-4562 (IBM Security Directory Server 6.4.0 stores sensitive information in UR ...) NOT-FOR-US: IBM CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote attacker to e ...) @@ -111797,8 +111817,8 @@ CVE-2019-4549 (IBM Security Directory Server 6.4.0 discloses sensitive informati NOT-FOR-US: IBM CVE-2019-4548 (IBM Security Directory Server 6.4.0 could allow a remote attacker to h ...) NOT-FOR-US: IBM -CVE-2019-4547 - RESERVED +CVE-2019-4547 (IBM Security Directory Server 6.4.0 generates an error message that in ...) + TODO: check CVE-2019-4546 (After installing the IBM Maximo Health- Safety and Environment Manager ...) NOT-FOR-US: IBM CVE-2019-4545 (IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Au ...) @@ -113443,7 +113463,7 @@ CVE-2019-3834 (It was found that the fix for CVE-2014-0114 had been reverted in CVE-2019-3833 (Openwsman, versions up to and including 2.6.9, are vulnerable to infin ...) - openwsman (bug #754501) CVE-2019-3832 (It was discovered the fix for CVE-2018-19758 (libsndfile) was not comp ...) - {DLA-1712-1} + {DLA-2418-1 DLA-1712-1} - libsndfile 1.0.28-6 (bug #922372) NOTE: https://github.com/erikd/libsndfile/issues/456#issuecomment-463542436 NOTE: https://github.com/erikd/libsndfile/pull/460 @@ -121379,7 +121399,7 @@ CVE-2018-19759 (There is a heap-based buffer over-read at stb_image_write.h (fun NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1649202 (reproducer) NOTE: CVE description is misleading, not an issue in libstb CVE-2018-19758 (There is a heap-based buffer over-read at wav.c in wav_write_header in ...) - {DLA-1632-1} + {DLA-2418-1 DLA-1632-1} - libsndfile 1.0.28-5 (bug #917416) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1643812 NOTE: https://github.com/erikd/libsndfile/issues/435 @@ -121607,13 +121627,13 @@ CVE-2018-19664 (libjpeg-turbo 2.0.1 has a heap-based buffer over-read in the put CVE-2018-19663 RESERVED CVE-2018-19662 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...) - {DLA-1618-1} + {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (low) NOTE: https://github.com/erikd/libsndfile/issues/429 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f NOTE: similar to CVE-2017-17456/CVE-2017-17457 (but not duplicate) CVE-2018-19661 (An issue was discovered in libsndfile 1.0.28. There is a buffer over-r ...) - {DLA-1618-1} + {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (low) NOTE: https://github.com/erikd/libsndfile/issues/429 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f @@ -187402,7 +187422,7 @@ CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Hord NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2 NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function do ...) - {DLA-1618-1} + {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (bug #876783) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/318 @@ -188550,13 +188570,13 @@ CVE-2017-14248 (A heap-based buffer over-read in SampleImage() in MagickCore/res CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) 5 ...) NOT-FOR-US: EyesOfNetwork (EON) CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of libs ...) - {DLA-1618-1} + {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (low; bug #876682) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 NOTE: https://github.com/erikd/libsndfile/commit/8ddc442d539ca775d80cdbc7af17a718634a743f CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of libs ...) - {DLA-1618-1} + {DLA-2418-1 DLA-1618-1} - libsndfile 1.0.28-5 (low; bug #876682) [wheezy] - libsndfile (Minor issue) NOTE: https://github.com/erikd/libsndfile/issues/317 @@ -211316,7 +211336,7 @@ CVE-2017-6894 CVE-2017-6893 RESERVED CVE-2017-6892 (In libsndfile version 1.0.28, an error in the "aiff_read_chanmap()" fu ...) - {DLA-985-1} + {DLA-2418-1 DLA-985-1} - libsndfile 1.0.28-1 (bug #864704) [jessie] - libsndfile (Minor issue) NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748 -- cgit v1.2.3