diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-08-06 20:10:18 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-08-06 20:10:18 +0000 |
| commit | f8c53825a383e867756d9ea60f833b3eda8e3c9d (patch) | |
| tree | 3bc2aa7737bb6da6f704a283d1e762e6731613c2 /data | |
| parent | 75a0b6166ad9047588cd3f0eb8c7207a18894a03 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/list.2020 | 85 |
1 files changed, 47 insertions, 38 deletions
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 0a6de9269d..e1c9064474 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1,3 +1,9 @@ +CVE-2020-17374 + RESERVED +CVE-2020-17373 + RESERVED +CVE-2020-17372 + RESERVED CVE-2020-17371 RESERVED CVE-2020-17370 @@ -6,10 +12,12 @@ CVE-2020-17369 RESERVED CVE-2020-17368 [don't pass command line through shell when redirecting output] RESERVED + {DSA-4742-1} - firejail 0.9.62-4 NOTE: https://github.com/netblue30/firejail/commit/34193604fed04cad2b7b6b0f1a3a0428afd9ed5b CVE-2020-17367 [don't interpret output arguments after end-of-options tag] RESERVED + {DSA-4742-1} - firejail 0.9.62-4 NOTE: https://github.com/netblue30/firejail/commit/2c734d6350ad321fccbefc5ef0382199ac331b37 CVE-2020-17366 (An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. ...) @@ -1055,8 +1063,8 @@ CVE-2020-16847 (Extreme Analytics in Extreme Management Center before 8.5.0.169 NOT-FOR-US: Extreme Management Center CVE-2020-16846 RESERVED -CVE-2020-16845 - RESERVED +CVE-2020-16845 (Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loo ...) + TODO: check CVE-2020-16844 RESERVED CVE-2020-16843 (In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the netw ...) @@ -2288,8 +2296,8 @@ CVE-2020-16231 RESERVED CVE-2020-16230 RESERVED -CVE-2020-16229 - RESERVED +CVE-2020-16229 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) + TODO: check CVE-2020-16228 RESERVED CVE-2020-16227 @@ -2312,28 +2320,28 @@ CVE-2020-16219 RESERVED CVE-2020-16218 RESERVED -CVE-2020-16217 - RESERVED +CVE-2020-16217 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. A doubl ...) + TODO: check CVE-2020-16216 RESERVED -CVE-2020-16215 - RESERVED +CVE-2020-16215 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) + TODO: check CVE-2020-16214 RESERVED -CVE-2020-16213 - RESERVED +CVE-2020-16213 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Process ...) + TODO: check CVE-2020-16212 RESERVED -CVE-2020-16211 - RESERVED +CVE-2020-16211 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out- ...) + TODO: check CVE-2020-16210 RESERVED CVE-2020-16209 RESERVED CVE-2020-16208 RESERVED -CVE-2020-16207 - RESERVED +CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multipl ...) + TODO: check CVE-2020-16206 RESERVED CVE-2020-16205 @@ -2988,7 +2996,7 @@ CVE-2020-15903 RESERVED CVE-2020-15902 (Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url o ...) NOT-FOR-US: Nagios XI -CVE-2020-15901 (ajaxhelper.php in Nagios XI before 5.7.2 allows remote attackers to ex ...) +CVE-2020-15901 (In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated ...) NOT-FOR-US: Nagios XI CVE-2020-15900 (A memory corruption issue was found in Artifex Ghostscript 9.50 and 9. ...) - ghostscript <unfixed> @@ -7929,8 +7937,8 @@ CVE-2020-13795 (An issue was discovered in Navigate CMS through 2.8.7. It allows NOT-FOR-US: Navigate CMS CVE-2020-13794 RESERVED -CVE-2020-13793 - RESERVED +CVE-2020-13793 (Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a st ...) + TODO: check CVE-2020-13792 (PlayTube 1.8 allows disclosure of user details via ajax.php?type=../ad ...) NOT-FOR-US: PlayTube CVE-2020-13965 (An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x b ...) @@ -8932,10 +8940,10 @@ CVE-2020-13367 RESERVED CVE-2020-13366 RESERVED -CVE-2020-13365 - RESERVED -CVE-2020-13364 - RESERVED +CVE-2020-13365 (Certain Zyxel products have a locally accessible binary that allows a ...) + TODO: check +CVE-2020-13364 (A backdoor in certain Zyxel products allows remote TELNET access via a ...) + TODO: check CVE-2020-13363 RESERVED CVE-2020-13362 (In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c h ...) @@ -10379,7 +10387,7 @@ CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer ov NOTE: Fixed with: https://github.com/appneta/tcpreplay/issues/578 NOTE: --fuzz-seed in PoC not present until version 4.2.0 NOTE: Crash in CLI tool, no security impact -CVE-2020-12739 (A vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could ...) +CVE-2020-12739 (A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and ...) NOT-FOR-US: Fanuc i Series CNC CVE-2020-12738 RESERVED @@ -10471,6 +10479,7 @@ CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...) NOT-FOR-US: iframe plugin for WordPress CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17 ...) + {DLA-2315-1} - wpa <unfixed> [buster] - wpa <no-dsa> (Minor issue) - gupnp 1.2.3-1 @@ -11079,8 +11088,8 @@ CVE-2020-12443 (BigBlueButton before 2.2.6 allows remote attackers to read arbit NOT-FOR-US: BigBlueButton CVE-2020-12442 (Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated ...) NOT-FOR-US: Ivanti -CVE-2020-12441 - RESERVED +CVE-2020-12441 (Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control ...) + TODO: check CVE-2020-12440 REJECTED CVE-2020-12439 (Grin before 3.1.0 allows attackers to adversely affect availability of ...) @@ -22219,8 +22228,8 @@ CVE-2020-7819 RESERVED CVE-2020-7818 (DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, ...) NOT-FOR-US: Daview -CVE-2020-7817 - RESERVED +CVE-2020-7817 (MyBrowserPlus downloads the files needed to run the program through th ...) + TODO: check CVE-2020-7816 (A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+ ...) NOT-FOR-US: DaView CVE-2020-7815 (XPLATFORM v9.2.260 and eariler versions contain a vulnerability that c ...) @@ -22975,10 +22984,10 @@ CVE-2020-7462 RESERVED CVE-2020-7461 RESERVED -CVE-2020-7460 - RESERVED -CVE-2020-7459 - RESERVED +CVE-2020-7460 (In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-ST ...) + TODO: check +CVE-2020-7459 (In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-ST ...) + TODO: check CVE-2020-7458 (In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and ...) NOT-FOR-US: FreeBSD CVE-2020-7457 (In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-ST ...) @@ -23176,26 +23185,26 @@ CVE-2020-7363 RESERVED CVE-2020-7362 RESERVED -CVE-2020-7361 - RESERVED +CVE-2020-7361 (The EasyCorp ZenTao Pro application suffers from an OS command injecti ...) + TODO: check CVE-2020-7360 RESERVED CVE-2020-7359 RESERVED CVE-2020-7358 RESERVED -CVE-2020-7357 - RESERVED -CVE-2020-7356 - RESERVED +CVE-2020-7357 (Cayin CMS suffers from an authenticated OS semi-blind command injectio ...) + TODO: check +CVE-2020-7356 (CAYIN xPost suffers from an unauthenticated SQL Injection vulnerabilit ...) + TODO: check CVE-2020-7355 (Cross-site Scripting (XSS) vulnerability in the 'notes' field of a dis ...) NOT-FOR-US: Metasploit Pro CVE-2020-7354 (Cross-site Scripting (XSS) vulnerability in the 'host' field of a disc ...) NOT-FOR-US: Metasploit Pro CVE-2020-7353 RESERVED -CVE-2020-7352 - RESERVED +CVE-2020-7352 (The GalaxyClientService component of GOG Galaxy runs with elevated SYS ...) + TODO: check CVE-2020-7351 (An OS Command Injection vulnerability in the endpoint_devicemap.php co ...) NOT-FOR-US: Fonality Trixbox Community Edition CVE-2020-7350 (Rapid7 Metasploit Framework versions before 5.0.85 suffers from an ins ...) |