From 461881ed3674fdc0ce3f39b0bc584f2e23d35fd9 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 9 Apr 2020 20:10:28 +0000 Subject: automatic update --- data/CVE/2018.list | 4 +-- data/CVE/2020.list | 99 +++++++++++++++++++++++++++++++++--------------------- 2 files changed, 63 insertions(+), 40 deletions(-) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 085de13df2..8503bf611b 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -119,8 +119,8 @@ CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to [jessie] - qtwebsockets-opensource-src (Minor issue) NOTE: https://bugreports.qt.io/browse/QTBUG-70693 NOTE: https://codereview.qt-project.org/c/qt/qtwebsockets/+/284735 -CVE-2018-21034 - RESERVED +CVE-2018-21034 (In Argo versions prior to v1.5.0-rc1, it was possible for authenticate ...) + TODO: check CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Au ...) NOT-FOR-US: Hitachi CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 038024f8ed..43158cca85 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,25 @@ +CVE-2020-11668 + RESERVED +CVE-2020-11667 + RESERVED +CVE-2020-11666 + RESERVED +CVE-2020-11665 + RESERVED +CVE-2020-11664 + RESERVED +CVE-2020-11663 + RESERVED +CVE-2020-11662 + RESERVED +CVE-2020-11661 + RESERVED +CVE-2020-11660 + RESERVED +CVE-2020-11659 + RESERVED +CVE-2020-11658 + RESERVED CVE-2020-11657 RESERVED CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) @@ -220,16 +242,16 @@ CVE-2020-11558 (An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstra NOTE: https://github.com/gpac/gpac/commit/6063b1a011c3f80cee25daade18154e15e4c058c NOTE: https://github.com/gpac/gpac/issues/1440 TODO: check -CVE-2020-11557 - RESERVED -CVE-2020-11556 - RESERVED -CVE-2020-11555 - RESERVED -CVE-2020-11554 - RESERVED -CVE-2020-11553 - RESERVED +CVE-2020-11557 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) + TODO: check +CVE-2020-11556 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) + TODO: check +CVE-2020-11555 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) + TODO: check +CVE-2020-11554 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) + TODO: check +CVE-2020-11553 (An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 20 ...) + TODO: check CVE-2020-11552 RESERVED CVE-2020-11551 @@ -2239,36 +2261,36 @@ CVE-2020-10633 (A non-persistent XSS (cross-site scripting) vulnerability exists NOT-FOR-US: eWON Flexy and Cosy CVE-2020-10632 RESERVED -CVE-2020-10631 - RESERVED +CVE-2020-10631 (An attacker could use a specially crafted URL to delete or read files ...) + TODO: check CVE-2020-10630 RESERVED -CVE-2020-10629 - RESERVED +CVE-2020-10629 (WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. S ...) + TODO: check CVE-2020-10628 RESERVED CVE-2020-10627 RESERVED CVE-2020-10626 RESERVED -CVE-2020-10625 - RESERVED +CVE-2020-10625 (WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remo ...) + TODO: check CVE-2020-10624 RESERVED -CVE-2020-10623 - RESERVED +CVE-2020-10623 (Multiple vulnerabilities could allow an attacker with low privileges t ...) + TODO: check CVE-2020-10622 RESERVED -CVE-2020-10621 - RESERVED +CVE-2020-10621 (Multiple issues exist that allow files to be uploaded and executed on ...) + TODO: check CVE-2020-10620 RESERVED -CVE-2020-10619 - RESERVED +CVE-2020-10619 (An attacker could use a specially crafted URL to delete files outside ...) + TODO: check CVE-2020-10618 RESERVED -CVE-2020-10617 - RESERVED +CVE-2020-10617 (There are multiple ways an unauthenticated attacker could perform SQL ...) + TODO: check CVE-2020-10616 RESERVED CVE-2020-10615 @@ -2295,8 +2317,8 @@ CVE-2020-10605 RESERVED CVE-2020-10604 RESERVED -CVE-2020-10603 - RESERVED +CVE-2020-10603 (WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize use ...) + TODO: check CVE-2020-10602 RESERVED CVE-2020-10601 (VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow ...) @@ -2416,8 +2438,8 @@ CVE-2020-10553 RESERVED CVE-2020-10552 RESERVED -CVE-2020-10551 - RESERVED +CVE-2020-10551 (QQBrowser before 10.5.3870.400 installs a Windows service TsService.ex ...) + TODO: check CVE-2020-10550 RESERVED CVE-2020-10549 @@ -4638,10 +4660,10 @@ CVE-2020-9502 RESERVED CVE-2020-9501 RESERVED -CVE-2020-9500 - RESERVED -CVE-2020-9499 - RESERVED +CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...) + TODO: check +CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...) + TODO: check CVE-2020-9498 RESERVED CVE-2020-9497 @@ -8105,8 +8127,8 @@ CVE-2020-7924 RESERVED CVE-2020-7923 RESERVED -CVE-2020-7922 - RESERVED +CVE-2020-7922 (X.509 certificates generated by the MongoDB Enterprise Kubernetes Oper ...) + TODO: check CVE-2020-7921 RESERVED CVE-2020-7920 (pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2 ...) @@ -14009,8 +14031,8 @@ CVE-2020-5265 RESERVED CVE-2020-5264 RESERVED -CVE-2020-5263 - RESERVED +CVE-2020-5263 (auth0.js (NPM package auth0-js) greater than version 8.0.0 and before ...) + TODO: check CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...) NOT-FOR-US: EasyBuild CVE-2020-5261 (Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Sa ...) @@ -20990,8 +21012,8 @@ CVE-2020-1897 RESERVED CVE-2020-1896 RESERVED -CVE-2020-1895 - RESERVED +CVE-2020-1895 (A large heap overflow could occur in Instagram for Android when attemp ...) + TODO: check CVE-2020-1894 RESERVED CVE-2020-1893 (Insufficient boundary checks when decoding JSON in TryParse reads out ...) @@ -21312,6 +21334,7 @@ CVE-2020-1761 NOT-FOR-US: OpenShift CVE-2020-1760 [header-splitting in RGW GetObject has a possible XSS] RESERVED + {DLA-2171-1} - ceph (bug #956142) NOTE: Introduced with: https://github.com/ceph/ceph-ci/commit/f4a0b2d9260a4523745875e3977a8a1ef9dc5e2e NOTE: Fixed by: https://github.com/ceph/ceph-ci/commit/8aa1f77363ec32bdc57744a143035033291ab5e1 -- cgit v1.2.3