From b7449e14b5b83c2e3d87f3863f55f299a91b8359 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 8 Jul 2020 20:10:20 +0000 Subject: automatic update --- data/CVE/list | 76 ++++++++++++++++++++++++++++++----------------------------- 1 file changed, 39 insertions(+), 37 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index d857e596e2..74aec5bc5d 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -2513,7 +2513,7 @@ CVE-2020-14478 CVE-2020-14477 (In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX V ...) NOT-FOR-US: Philips CVE-2020-14476 - RESERVED + REJECTED CVE-2020-14475 (A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0. ...) - dolibarr NOTE: https://github.com/Dolibarr/dolibarr/commit/22ca5e067189bffe8066df26df923a386f044c08 @@ -8936,8 +8936,8 @@ CVE-2020-11996 (A specially crafted sequence of HTTP/2 requests sent to Apache T NOTE: https://github.com/apache/tomcat/commit/c8acd2ab7371e39aeca7c306f3b5380f00afe552 (8.5.56) CVE-2020-11995 RESERVED -CVE-2020-11994 - RESERVED +CVE-2020-11994 (Server-Side Template Injection and arbitrary file disclosure on Camel ...) + TODO: check CVE-2020-11993 RESERVED CVE-2020-11992 @@ -8947,6 +8947,7 @@ CVE-2020-11991 CVE-2020-11990 RESERVED CVE-2020-11989 (Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic ...) + {DLA-2273-1} - shiro NOTE: https://www.openwall.com/lists/oss-security/2020/06/22/1 NOTE: https://github.com/apache/shiro/pull/211 @@ -9926,8 +9927,8 @@ CVE-2020-11851 RESERVED CVE-2020-11850 RESERVED -CVE-2020-11849 - RESERVED +CVE-2020-11849 (Elevation of privilege and/or unauthorized access vulnerability in Mic ...) + TODO: check CVE-2020-11848 RESERVED CVE-2020-11847 @@ -12351,7 +12352,7 @@ CVE-2020-11076 (In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smu NOTE: https://github.com/puma/puma/commit/f24d5521295a2152c286abb0a45a1e1e2bd275bd CVE-2020-11075 (In Anchore Engine version 0.7.0, a specially crafted container image m ...) NOT-FOR-US: Anchore Engine -CVE-2020-11074 (In PrestaShop from version 1.5.3.0 and before version 1.7.7.6, there i ...) +CVE-2020-11074 (In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there i ...) NOT-FOR-US: PrestaShop CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...) NOT-FOR-US: zsh-autoswitch-virtualenv @@ -12879,6 +12880,7 @@ CVE-2020-10935 (Zulip Server before 2.1.3 allows XSS via a Markdown link, with r CVE-2020-10934 (Acyba AcyMailing before 6.9.2 mishandles file uploads by admins. ...) NOT-FOR-US: Acyba AcyMailing CVE-2020-10933 (An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6 ...) + {DSA-4721-1} - ruby2.7 2.7.1-1 - ruby2.5 - ruby2.3 (Vulnerable code introduced in 2.5.0) @@ -13920,7 +13922,7 @@ CVE-2020-10665 (Docker Desktop allows local privilege escalation to NT AUTHORITY CVE-2020-10664 (The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 ...) NOT-FOR-US: VxWorks CVE-2020-10663 (The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9 ...) - {DLA-2192-1 DLA-2190-1} + {DSA-4721-1 DLA-2192-1 DLA-2190-1} - ruby-json 2.3.0+dfsg-1 [buster] - ruby-json (Minor issue) [stretch] - ruby-json (Minor issue) @@ -14592,7 +14594,7 @@ CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libIma [jessie] - pillow (Minor issue) NOTE: https://github.com/python-pillow/Pillow/pull/4538 NOTE: Fixed in 6.2.3 and 7.1.0 -CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before 6.2.3 and 7.x before 7.0.1, ...) +CVE-2020-10378 (In libImaging/PcxDecode.c in Pillow before before 7.0.1, an out-of-bou ...) - pillow [jessie] - pillow (Minor issue) NOTE: https://github.com/python-pillow/Pillow/pull/4538 @@ -15059,7 +15061,7 @@ CVE-2020-10179 RESERVED CVE-2020-10178 REJECTED -CVE-2020-10177 (Pillow before 6.2.3 and 7.x before 7.0.1 has multiple out-of-bounds re ...) +CVE-2020-10177 (Pillow before 7.0.1 has multiple out-of-bounds reads in libImaging/Fli ...) - pillow [jessie] - pillow (Minor issue) NOTE: https://github.com/python-pillow/Pillow/pull/4503 @@ -22170,8 +22172,8 @@ CVE-2020-7142 RESERVED CVE-2020-7141 RESERVED -CVE-2020-7140 - RESERVED +CVE-2020-7140 (A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gatew ...) + TODO: check CVE-2020-7139 (Potential remote access security vulnerabilities have been identified ...) NOT-FOR-US: HPE CVE-2020-7138 (Potential remote code execution security vulnerabilities have been ide ...) @@ -22694,8 +22696,8 @@ CVE-2020-6940 RESERVED CVE-2020-6939 RESERVED -CVE-2020-6938 - RESERVED +CVE-2020-6938 (A sensitive information disclosure vulnerability in Tableau Server 10. ...) + TODO: check CVE-2020-6937 (A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, ...) NOT-FOR-US: MuleSoft CVE-2020-6936 @@ -25491,8 +25493,8 @@ CVE-2020-5841 (An issue was discovered in OpServices OpMon 9.3.1-1. Using passwo NOT-FOR-US: OpServices OpMon CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/R ...) NOT-FOR-US: HashBrown CMS -CVE-2020-5839 - RESERVED +CVE-2020-5839 (Symantec Endpoint Detection And Response, prior to 4.4, may be suscept ...) + TODO: check CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-s ...) NOT-FOR-US: Symantec CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...) @@ -25641,8 +25643,8 @@ CVE-2020-5766 RESERVED CVE-2020-5765 RESERVED -CVE-2020-5764 - RESERVED +CVE-2020-5764 (MX Player Android App versions prior to v1.24.5, are vulnerable to a d ...) + TODO: check CVE-2020-5763 RESERVED CVE-2020-5762 @@ -29917,8 +29919,8 @@ CVE-2020-3975 RESERVED CVE-2020-3974 RESERVED -CVE-2020-3973 - RESERVED +CVE-2020-3973 (The VeloCloud Orchestrator does not apply correct input validation whi ...) + TODO: check CVE-2020-3972 (VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a den ...) NOT-FOR-US: VMware CVE-2020-3971 (VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-20 ...) @@ -30662,8 +30664,8 @@ CVE-2020-3933 (Secom Co. Dr.ID, a Door Access Control and Personnel Attendance M NOT-FOR-US: Secom Co. Dr.ID CVE-2020-3932 (A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may ...) NOT-FOR-US: Draytek VigorAP910C -CVE-2020-3931 - RESERVED +CVE-2020-3931 (Buffer overflow exists in Geovision Door Access Control device family, ...) + TODO: check CVE-2020-3930 (GeoVision Door Access Control device family improperly stores and cont ...) NOT-FOR-US: GeoVision Door Access Control CVE-2020-3929 (GeoVision Door Access Control device family employs shared cryptograph ...) @@ -35635,16 +35637,16 @@ CVE-2020-2036 RESERVED CVE-2020-2035 RESERVED -CVE-2020-2034 - RESERVED +CVE-2020-2034 (An OS Command Injection vulnerability in the PAN-OS GlobalProtect port ...) + TODO: check CVE-2020-2033 (When the pre-logon feature is enabled, a missing certification validat ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2032 (A race condition vulnerability Palo Alto Networks GlobalProtect app on ...) NOT-FOR-US: Palo Alto Networks -CVE-2020-2031 - RESERVED -CVE-2020-2030 - RESERVED +CVE-2020-2031 (An integer underflow vulnerability in the dnsproxyd component of the P ...) + TODO: check +CVE-2020-2030 (An OS Command Injection vulnerability in the PAN-OS management interfa ...) + TODO: check CVE-2020-2029 (An OS Command Injection vulnerability in the PAN-OS web management int ...) NOT-FOR-US: Palo Alto Networks CVE-2020-2028 (An OS Command Injection vulnerability in PAN-OS management server allo ...) @@ -35747,8 +35749,8 @@ CVE-2020-1983 (A use after free vulnerability in ip_reass() in ip_input.c of lib NOTE: https://gitlab.freedesktop.org/slirp/libslirp/-/commit/9bd6c5913271eabcb7768a58197ed3301fe19f2d NOTE: qemu 1:4.1-2 switched to system libslirp, marking that version as fixed NOTE: slirp4netns 1.0.1-1 switched to system libslirp, marking that version as fixed. -CVE-2020-1982 - RESERVED +CVE-2020-1982 (Certain communication between PAN-OS and cloud-delivered services inad ...) + TODO: check CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local ...) NOT-FOR-US: PAN-OS CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...) @@ -36069,7 +36071,7 @@ CVE-2020-1959 (A Server-Side Template Injection was identified in Apache Syncope CVE-2020-1958 (When LDAP authentication is enabled in Apache Druid 0.17.0, callers of ...) - druid (bug #825797) CVE-2020-1957 (Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic ...) - {DLA-2181-1} + {DLA-2273-1 DLA-2181-1} - shiro (bug #955018) NOTE: https://www.openwall.com/lists/oss-security/2020/03/23/2 NOTE: Fixed by: https://github.com/apache/shiro/commit/3708d7907016bf2fa12691dff6ff0def1249b8ce#diff-98f7bc5c0391389e56531f8b3754081aL139 @@ -36722,17 +36724,17 @@ CVE-2019-19419 RESERVED CVE-2019-19418 RESERVED -CVE-2019-19417 - RESERVED -CVE-2019-19416 - RESERVED -CVE-2019-19415 - RESERVED +CVE-2019-19417 (The SIP module of some Huawei products have a denial of service (DoS) ...) + TODO: check +CVE-2019-19416 (The SIP module of some Huawei products have a denial of service (DoS) ...) + TODO: check +CVE-2019-19415 (The SIP module of some Huawei products have a denial of service (DoS) ...) + TODO: check CVE-2019-19414 (There is an integer overflow vulnerability in LDAP server of some Huaw ...) NOT-FOR-US: Huawei CVE-2019-19413 (There is an integer overflow vulnerability in LDAP client of some Huaw ...) NOT-FOR-US: Huawei -CVE-2019-19412 (Some Huawei smart phones have a Factory Reset Protection (FRP) bypass ...) +CVE-2019-19412 (Huawei smart phones have a Factory Reset Protection (FRP) bypass secur ...) NOT-FOR-US: Huawei CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...) NOT-FOR-US: Huawei -- cgit v1.2.3