From de179a7a8d9f23b2162b1efbd16969af55569198 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 9 Apr 2020 08:10:27 +0000 Subject: automatic update --- data/CVE/2019.list | 2 + data/CVE/2020.list | 107 ++++++++++++++++++++++++++--------------------------- 2 files changed, 55 insertions(+), 54 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 933c0c2af3..088d8e03aa 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,5 @@ +CVE-2019-20637 (An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6 ...) + TODO: check CVE-2019-20636 (In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bo ...) - linux 5.4.13-1 [buster] - linux 4.19.98-1 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 26972288cc..b8367b1e49 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,25 @@ +CVE-2020-11657 + RESERVED +CVE-2020-11656 (In SQLite through 3.31.1, the ALTER TABLE implementation has a use-aft ...) + TODO: check +CVE-2020-11655 (SQLite through 3.31.1 allows attackers to cause a denial of service (s ...) + TODO: check +CVE-2020-11654 + RESERVED +CVE-2020-11653 (An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6 ...) + TODO: check +CVE-2020-11652 + RESERVED +CVE-2020-11651 + RESERVED +CVE-2020-11650 (An issue was discovered in iXsystems FreeNAS 11.2 and 11.3 before 11.3 ...) + TODO: check +CVE-2020-11649 + RESERVED +CVE-2020-11648 + RESERVED +CVE-2020-11647 + RESERVED CVE-2020-11646 RESERVED CVE-2020-11645 @@ -6113,12 +6135,12 @@ CVE-2020-8830 RESERVED CVE-2020-8829 RESERVED -CVE-2020-8828 - RESERVED -CVE-2020-8827 - RESERVED -CVE-2020-8826 - RESERVED +CVE-2020-8828 (As of v1.5.0, the default admin password is set to the argocd-server p ...) + TODO: check +CVE-2020-8827 (As of v1.5.0, the Argo API does not implement anti-automation measures ...) + TODO: check +CVE-2020-8826 (As of v1.5.0, the Argo web interface authentication system issued immu ...) + TODO: check CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...) NOT-FOR-US: Vanilla Forums CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...) @@ -19161,8 +19183,7 @@ CVE-2020-2734 RESERVED CVE-2020-2733 RESERVED -CVE-2020-2732 [kvm: nVMX: L2 guest may trick the L0 hypervisor to access sensitive L1 resources] - RESERVED +CVE-2020-2732 (A flaw was discovered in the way that the KVM hypervisor handled instr ...) - linux 5.5.13-1 NOTE: https://git.kernel.org/linus/07721feee46b4b248402133228235318199b05ec NOTE: https://git.kernel.org/linus/35a571346a94fb93b5b3b6a599675ef3384bc75c @@ -20985,8 +21006,8 @@ CVE-2020-1887 (Incorrect validation of the TLS SNI hostname in osquery versions - osquery (bug #803502) CVE-2020-1886 RESERVED -CVE-2020-1885 - RESERVED +CVE-2020-1885 (Writing to an unprivileged file from a privileged OVRRedir.exe process ...) + TODO: check CVE-2020-1884 RESERVED CVE-2020-1883 @@ -21640,21 +21661,17 @@ CVE-2020-1641 RESERVED CVE-2020-1640 RESERVED -CVE-2020-1639 - RESERVED +CVE-2020-1639 (When an attacker sends a specific crafted Ethernet Operation, Administ ...) NOT-FOR-US: Juniper -CVE-2020-1638 - RESERVED +CVE-2020-1638 (The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and J ...) NOT-FOR-US: Juniper -CVE-2020-1637 - RESERVED +CVE-2020-1637 (A vulnerability in Juniper Networks SRX Series device configured as a ...) NOT-FOR-US: Juniper CVE-2020-1636 RESERVED CVE-2020-1635 RESERVED -CVE-2020-1634 - RESERVED +CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and when sp ...) NOT-FOR-US: Juniper CVE-2020-1633 RESERVED @@ -21664,59 +21681,41 @@ CVE-2020-1632 NOT-FOR-US: Juniper CVE-2020-1631 RESERVED -CVE-2020-1630 - RESERVED +CVE-2020-1630 (A privilege escalation vulnerability in Juniper Networks Junos OS devi ...) NOT-FOR-US: Juniper -CVE-2020-1629 - RESERVED +CVE-2020-1629 (A race condition vulnerability on Juniper Network Junos OS devices may ...) NOT-FOR-US: Juniper -CVE-2020-1628 - RESERVED +CVE-2020-1628 (Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal com ...) NOT-FOR-US: Juniper -CVE-2020-1627 - RESERVED +CVE-2020-1627 (A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices ...) NOT-FOR-US: Juniper -CVE-2020-1626 - RESERVED +CVE-2020-1626 (A vulnerability in Juniper Networks Junos OS Evolved may allow an atta ...) NOT-FOR-US: Juniper -CVE-2020-1625 - RESERVED +CVE-2020-1625 (The kernel memory usage represented as "temp" via 'show system virtual ...) NOT-FOR-US: Juniper -CVE-2020-1624 - RESERVED +CVE-2020-1624 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper -CVE-2020-1623 - RESERVED +CVE-2020-1623 (A local, authenticated user with shell can view sensitive configuratio ...) NOT-FOR-US: Juniper -CVE-2020-1622 - RESERVED +CVE-2020-1622 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper -CVE-2020-1621 - RESERVED +CVE-2020-1621 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper -CVE-2020-1620 - RESERVED +CVE-2020-1620 (A local, authenticated user with shell can obtain the hashed values of ...) NOT-FOR-US: Juniper -CVE-2020-1619 - RESERVED +CVE-2020-1619 (A privilege escalation vulnerability in Juniper Networks QFX10K Series ...) NOT-FOR-US: Juniper -CVE-2020-1618 - RESERVED +CVE-2020-1618 (On Juniper Networks EX and QFX Series, an authentication bypass vulner ...) NOT-FOR-US: Juniper -CVE-2020-1617 - RESERVED +CVE-2020-1617 (This issue occurs on Juniper Networks Junos OS devices which do not su ...) NOT-FOR-US: Juniper -CVE-2020-1616 - RESERVED +CVE-2020-1616 (Due to insufficient server-side login attempt limit enforcement, a vul ...) NOT-FOR-US: Juniper -CVE-2020-1615 - RESERVED +CVE-2020-1615 (The factory configuration for vMX installations, as shipped, includes ...) NOT-FOR-US: Juniper -CVE-2020-1614 - RESERVED +CVE-2020-1614 (A Use of Hard-coded Credentials vulnerability exists in the NFX250 Ser ...) NOT-FOR-US: Juniper -CVE-2020-1613 - RESERVED +CVE-2020-1613 (A vulnerability in the BGP FlowSpec implementation may cause a Juniper ...) NOT-FOR-US: Juniper CVE-2020-1612 RESERVED -- cgit v1.2.3