From bd802e00079c192d5536c3a74b666f2d36b88697 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 16 Jun 2020 20:10:25 +0000 Subject: automatic update --- data/CVE/list | 166 +++++++++++++++++++++++++++++++++++++++++++--------------- 1 file changed, 125 insertions(+), 41 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index 8f8aa81b23..903bbe870f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,91 @@ +CVE-2020-14207 + RESERVED +CVE-2020-14206 + RESERVED +CVE-2020-14205 + RESERVED +CVE-2020-14204 + RESERVED +CVE-2020-14203 + RESERVED +CVE-2020-14202 + RESERVED +CVE-2020-14201 + RESERVED +CVE-2020-14200 + RESERVED +CVE-2020-14199 (BIP-143 in the Bitcoin protocol specification mishandles the signing o ...) + TODO: check +CVE-2020-14198 + RESERVED +CVE-2020-14197 + RESERVED +CVE-2020-14196 + RESERVED +CVE-2020-14195 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) + TODO: check +CVE-2020-14194 + RESERVED +CVE-2020-14193 + RESERVED +CVE-2020-14192 + RESERVED +CVE-2020-14191 + RESERVED +CVE-2020-14190 + RESERVED +CVE-2020-14189 + RESERVED +CVE-2020-14188 + RESERVED +CVE-2020-14187 + RESERVED +CVE-2020-14186 + RESERVED +CVE-2020-14185 + RESERVED +CVE-2020-14184 + RESERVED +CVE-2020-14183 + RESERVED +CVE-2020-14182 + RESERVED +CVE-2020-14181 + RESERVED +CVE-2020-14180 + RESERVED +CVE-2020-14179 + RESERVED +CVE-2020-14178 + RESERVED +CVE-2020-14177 + RESERVED +CVE-2020-14176 + RESERVED +CVE-2020-14175 + RESERVED +CVE-2020-14174 + RESERVED +CVE-2020-14173 + RESERVED +CVE-2020-14172 + RESERVED +CVE-2020-14171 + RESERVED +CVE-2020-14170 + RESERVED +CVE-2020-14169 + RESERVED +CVE-2020-14168 + RESERVED +CVE-2020-14167 + RESERVED +CVE-2020-14166 + RESERVED +CVE-2020-14165 + RESERVED +CVE-2020-14164 + RESERVED CVE-2020-14163 (An issue was discovered in ecma/operations/ecma-container-object.c in ...) NOT-FOR-US: JerryScript CVE-2020-14162 @@ -458,7 +546,7 @@ CVE-2020-13976 (** DISPUTED ** An issue was discovered in DD-WRT through 16214. NOT-FOR-US: DD-WRT CVE-2020-13975 RESERVED -CVE-2020-13974 (An issue was discovered in the Linux kernel through 5.7.1. drivers/tty ...) +CVE-2020-13974 (** DISPUTED ** An issue was discovered in the Linux kernel through 5.7 ...) - linux NOTE: https://git.kernel.org/linus/b86dab054059b970111b5516ae548efaae5b3aae CVE-2020-13973 (OWASP json-sanitizer before 1.2.1 allows XSS. An attacker who controls ...) @@ -1787,8 +1875,8 @@ CVE-2020-13433 (Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer NOT-FOR-US: Jason2605 AdminPanel CVE-2020-13432 (rejetto HFS (aka HTTP File Server) v2.3m Build #300, when virtual file ...) NOT-FOR-US: Rejetto HTTP File Server -CVE-2020-13431 - RESERVED +CVE-2020-13431 (I2P before 0.9.46 allows local users to gain privileges via a Trojan h ...) + TODO: check CVE-2020-13430 (Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource. ...) - grafana NOTE: https://github.com/grafana/grafana/pull/24539 @@ -3990,8 +4078,8 @@ CVE-2020-12496 RESERVED CVE-2020-12495 RESERVED -CVE-2020-12494 - RESERVED +CVE-2020-12494 (Beckhoff’s TwinCAT RT network driver for Intel 8254x and 8255x i ...) + TODO: check CVE-2020-12493 (An open port used for debugging in SWARCOs CPU LS4000 Series with vers ...) NOT-FOR-US: SWARCOs CPU LS4000 Series CVE-2020-12492 @@ -6238,14 +6326,14 @@ CVE-2020-11843 RESERVED CVE-2020-11842 (Information disclosure vulnerability in Micro Focus Verastream Host In ...) NOT-FOR-US: Micro Focus -CVE-2020-11841 - RESERVED -CVE-2020-11840 - RESERVED +CVE-2020-11841 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...) + TODO: check +CVE-2020-11840 (Unauthorized information disclosure vulnerability in Micro Focus ArcSi ...) + TODO: check CVE-2020-11839 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logge ...) NOT-FOR-US: Micro Focus -CVE-2020-11838 - RESERVED +CVE-2020-11838 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Manag ...) + TODO: check CVE-2020-11837 RESERVED CVE-2020-11836 @@ -11055,8 +11143,8 @@ CVE-2020-10270 RESERVED CVE-2020-10269 RESERVED -CVE-2020-10268 - RESERVED +CVE-2020-10268 (Critical services for operation can be terminated from windows task ma ...) + TODO: check CVE-2020-10267 (Universal Robots control box CB 3.1 across firmware versions (tested o ...) NOT-FOR-US: Universal Robots control box CB CVE-2020-10266 (UR+ (Universal Robots+) is a platform of hardware and software compone ...) @@ -12732,8 +12820,8 @@ CVE-2020-9524 (Cross Site scripting vulnerability on Micro Focus Enterprise Serv NOT-FOR-US: Micro Focus CVE-2020-9523 (Insufficiently protected credentials vulnerability on Micro Focus ente ...) NOT-FOR-US: Micro Focus -CVE-2020-9522 - RESERVED +CVE-2020-9522 (Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enter ...) + TODO: check CVE-2020-9521 (An SQL injection vulnerability was discovered in Micro Focus Service M ...) NOT-FOR-US: Micro Focus CVE-2020-9520 (A stored XSS vulnerability was discovered in Micro Focus Vibe, affecti ...) @@ -13320,8 +13408,8 @@ CVE-2020-9298 RESERVED CVE-2020-9297 RESERVED -CVE-2020-9296 - RESERVED +CVE-2020-9296 (Netflix Conductor uses Java Bean Validation (JSR 380) custom constrain ...) + TODO: check CVE-2020-9295 RESERVED CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6 ...) @@ -15086,14 +15174,14 @@ CVE-2020-8546 RESERVED CVE-2020-8545 (Global.py in AIL framework 2.8 allows path traversal. ...) NOT-FOR-US: AIL framework -CVE-2020-8544 - RESERVED -CVE-2020-8543 - RESERVED -CVE-2020-8542 - RESERVED -CVE-2020-8541 - RESERVED +CVE-2020-8544 (OX App Suite through 7.10.3 allows SSRF. ...) + TODO: check +CVE-2020-8543 (OX App Suite through 7.10.3 has Improper Input Validation. ...) + TODO: check +CVE-2020-8542 (OX App Suite through 7.10.3 allows XSS. ...) + TODO: check +CVE-2020-8541 (OX App Suite through 7.10.3 allows XXE attacks. ...) + TODO: check CVE-2020-8540 (An XML external entity (XXE) vulnerability in Zoho ManageEngine Deskto ...) NOT-FOR-US: Zoho ManageEngine Desktop Central CVE-2020-8539 @@ -17565,8 +17653,8 @@ CVE-2020-7494 RESERVED CVE-2020-7493 RESERVED -CVE-2020-7492 - RESERVED +CVE-2020-7492 (A CWE-521: Weak Password Requirements vulnerability exists in the GP-P ...) + TODO: check CVE-2020-7491 RESERVED CVE-2020-7490 (A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designe ...) @@ -25293,8 +25381,8 @@ CVE-2020-4322 RESERVED CVE-2020-4321 RESERVED -CVE-2020-4320 - RESERVED +CVE-2020-4320 (IBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9 ...) + TODO: check CVE-2020-4319 RESERVED CVE-2020-4318 @@ -25313,8 +25401,8 @@ CVE-2020-4312 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3 NOT-FOR-US: IBM CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute ar ...) NOT-FOR-US: IBM -CVE-2020-4310 - RESERVED +CVE-2020-4310 (IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are ...) + TODO: check CVE-2020-4309 (IBM Content Navigator 3.0CD could disclose sensitive information to an ...) NOT-FOR-US: IBM CVE-2020-4308 @@ -37517,8 +37605,8 @@ CVE-2019-18616 RESERVED CVE-2019-18615 (In CloudVision Portal (CVP) for all releases in the 2018.2 Train, unde ...) NOT-FOR-US: CloudVision Portal -CVE-2019-18614 - RESERVED +CVE-2019-18614 (On the Cypress CYW20735 evaluation board, any data that exceeds 384 by ...) + TODO: check CVE-2019-18613 RESERVED CVE-2019-18612 (An issue was discovered in the AbuseFilter extension through 1.34 for ...) @@ -39302,16 +39390,13 @@ CVE-2020-0237 RESERVED CVE-2020-0236 RESERVED -CVE-2020-0235 - RESERVED +CVE-2020-0235 (In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size ...) NOT-FOR-US: Pixel kernel drivers -CVE-2020-0234 - RESERVED +CVE-2020-0234 (In crus_afe_get_param of msm-cirrus-playback.c, there is a possible ou ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0233 (In main of main.cpp, there is possible memory corruption due to a use ...) NOT-FOR-US: Android -CVE-2020-0232 - RESERVED +CVE-2020-0232 (Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0231 RESERVED @@ -39329,8 +39414,7 @@ CVE-2020-0225 RESERVED CVE-2020-0224 RESERVED -CVE-2020-0223 - RESERVED +CVE-2020-0223 (This is an unbounded write into kernel global memory, via a user-contr ...) NOT-FOR-US: Pixel kernel drivers CVE-2020-0222 RESERVED -- cgit v1.2.3