diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-28 08:10:28 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-28 08:10:28 +0000 |
commit | e5aa6b792f3424e2105a9a3c36bb318151e5a6d7 (patch) | |
tree | ab1faa1959924e6d9ad93d43bbb045b99be4b9f5 | |
parent | 68cea85b91679126255f436a7897e1146add7b45 (diff) |
automatic update
-rw-r--r-- | data/CVE/2012.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 16 | ||||
-rw-r--r-- | data/CVE/2016.list | 1 | ||||
-rw-r--r-- | data/CVE/2019.list | 111 | ||||
-rw-r--r-- | data/CVE/2020.list | 59 |
5 files changed, 104 insertions, 87 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 0b037010e2..e254e86dbf 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -745,8 +745,8 @@ CVE-2012-6450 RESERVED CVE-2012-6449 RESERVED -CVE-2012-6448 - RESERVED +CVE-2012-6448 (Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 all ...) + TODO: check CVE-2012-6447 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 ...) NOT-FOR-US: Splunk CVE-2012-6446 diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 985f4229d7..4210293497 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -12591,8 +12591,8 @@ CVE-2013-2614 RESERVED CVE-2013-2613 RESERVED -CVE-2013-2612 - RESERVED +CVE-2013-2612 (Command-injection vulnerability in Huawei E587 3G Mobile Hotspot 11.20 ...) + TODO: check CVE-2013-2611 RESERVED CVE-2013-2610 @@ -12832,8 +12832,8 @@ CVE-2013-2501 (Cross-site scripting (XSS) vulnerability in the Terillion Reviews NOT-FOR-US: Terillion Reviews plugin for Wordpress CVE-2013-2500 RESERVED -CVE-2013-2499 - RESERVED +CVE-2013-2499 (SimpleHRM 2.3 and earlier could allow remote attackers to bypass the a ...) + TODO: check CVE-2013-2498 (SQL injection vulnerability in the login page in flexycms/modules/user ...) NOT-FOR-US: SimpleHRM CVE-2013-2497 @@ -12967,8 +12967,8 @@ CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote a NOTE: http://www.wireshark.org/security/wnpa-sec-2013-10.html NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274 NOTE: Versions affected: 1.8.0 to 1.8.5 -CVE-2013-2474 - RESERVED +CVE-2013-2474 (Directory traversal vulnerability in AWS XMS 2.5 allows remote attacke ...) + TODO: check CVE-2013-2473 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) {DSA-2727-1 DSA-2722-1} - openjdk-6 6b27-1.12.6-1 @@ -13521,8 +13521,8 @@ CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit - chromium-browser 25.0.1364.97-1 [squeeze] - chromium-browser <not-affected> (Vulnerable code not present) NOTE: MathML added in chromium 24.x, disabled again in 25.x -CVE-2013-2267 - RESERVED +CVE-2013-2267 (PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3 ...) + TODO: check CVE-2013-2266 (libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before 9.8.5 ...) {DSA-2656-1} - bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #704174) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 2e460107cf..0a29de19a6 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -20419,6 +20419,7 @@ CVE-2016-4305 (A denial of service vulnerability exists in the syscall filtering CVE-2016-4304 (A denial of service vulnerability exists in the syscall filtering func ...) NOT-FOR-US: Kaspersky Internet Security KLIF driver CVE-2016-4303 (The parse_string function in cjson.c in the cJSON library mishandles U ...) + {DLA-2080-1} - iperf3 3.1.3-1 (bug #827116) NOTE: https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc NOTE: https://github.com/esnet/iperf/commit/f01a9ca8f7e878e438a53687dabe30b7f7222912 (3.1.x) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index cc6d1f1553..1302c7e60d 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,23 @@ +CVE-2019-20443 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) + TODO: check +CVE-2019-20442 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 Enterprise Int ...) + TODO: check +CVE-2019-20441 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Stored ...) + TODO: check +CVE-2019-20440 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + TODO: check +CVE-2019-20439 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + TODO: check +CVE-2019-20438 (An issue was discovered in WSO2 API Manager 2.6.0. A potential stored ...) + TODO: check +CVE-2019-20437 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) + TODO: check +CVE-2019-20436 (An issue was discovered in WSO2 API Manager 2.6.0, WSO2 IS as Key Mana ...) + TODO: check +CVE-2019-20435 (An issue was discovered in WSO2 API Manager 2.6.0. A reflected XSS att ...) + TODO: check +CVE-2019-20434 (An issue was discovered in WSO2 API Manager 2.6.0. A potential Reflect ...) + TODO: check CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a s ...) - aspell 0.60.7-3 (bug #935128) [buster] - aspell <no-dsa> (Minor issue) @@ -6755,8 +6775,8 @@ CVE-2019-17653 RESERVED CVE-2019-17652 RESERVED -CVE-2019-17651 - RESERVED +CVE-2019-17651 (An Improper Neutralization of Input vulnerability in the description a ...) + TODO: check CVE-2019-17650 (An Improper Neutralization of Special Elements used in a Command vulne ...) NOT-FOR-US: Fortiguard CVE-2019-17649 @@ -11876,8 +11896,8 @@ CVE-2019-15609 RESERVED CVE-2019-15608 RESERVED -CVE-2019-15607 - RESERVED +CVE-2019-15607 (A stored XSS vulnerability is present within node-red (version: <= ...) + TODO: check CVE-2019-15606 RESERVED CVE-2019-15605 @@ -11914,8 +11934,8 @@ CVE-2019-15592 CVE-2019-15591 (An improper access control vulnerability exists in GitLab <12.3.3 t ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/676976 -CVE-2019-15590 - RESERVED +CVE-2019-15590 (An access control issue exists in < 12.3.5, < 12.2.8, and < 1 ...) + TODO: check CVE-2019-15589 (An improper access control vulnerability exists in Gitlab <v12.3.2, ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/497047 @@ -11925,25 +11945,25 @@ CVE-2019-15587 (In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript {DSA-4554-1} - ruby-loofah 2.3.1+dfsg-1 (bug #942894) NOTE: https://github.com/flavorjones/loofah/issues/171 -CVE-2019-15586 - RESERVED -CVE-2019-15585 - RESERVED +CVE-2019-15586 (A XSS exists in Gitlab CE/EE < 12.1.10 in the Mermaid plugin. ...) + TODO: check +CVE-2019-15585 (Improper authentication exists in < 12.3.2, < 12.2.6, and < 1 ...) + TODO: check CVE-2019-15584 (A denial of service exists in gitlab <v12.3.2, <v12.2.6, and < ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/670572 -CVE-2019-15583 - RESERVED -CVE-2019-15582 - RESERVED -CVE-2019-15581 - RESERVED +CVE-2019-15583 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) + TODO: check +CVE-2019-15582 (An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 f ...) + TODO: check +CVE-2019-15581 (An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLa ...) + TODO: check CVE-2019-15580 (An information exposure vulnerability exists in gitlab.com <v12.3.2 ...) - gitlab <not-affected> (Only affects EE) -CVE-2019-15579 - RESERVED -CVE-2019-15578 - RESERVED +CVE-2019-15579 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) + TODO: check +CVE-2019-15578 (An information disclosure exists in < 12.3.2, < 12.2.6, and < ...) + TODO: check CVE-2019-15577 (An information disclosure vulnerability exists in GitLab CE/EE <v12 ...) - gitlab <unfixed> NOTE: https://hackerone.com/reports/636560 @@ -17266,12 +17286,12 @@ CVE-2019-13523 (In Honeywell Performance IP Cameras and Performance NVRs, the in NOT-FOR-US: Honeywell CVE-2019-13522 (An attacker could use a specially crafted project file to corrupt the ...) NOT-FOR-US: EZ PLC Editor -CVE-2019-13521 - RESERVED +CVE-2019-13521 (A maliciously crafted program file opened by an unsuspecting user of R ...) + TODO: check CVE-2019-13520 (Multiple buffer overflow issues have been identified in Alpha5 Smart L ...) NOT-FOR-US: Fuji Electric -CVE-2019-13519 - RESERVED +CVE-2019-13519 (A maliciously crafted program file opened by an unsuspecting user of R ...) + TODO: check CVE-2019-13518 (An attacker could use a specially crafted project file to overflow the ...) NOT-FOR-US: EZAutomation CVE-2019-13517 (In Pyxis ES Versions 1.3.4 through to 1.6.1 and Pyxis Enterprise Serve ...) @@ -24734,8 +24754,8 @@ CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScri TODO: check CVE-2019-10780 (BibTeX-ruby before 5.1.0 allows shell command injection due to unsanit ...) NOT-FOR-US: BibTeX-ruby -CVE-2019-10779 - RESERVED +CVE-2019-10779 (All versions of stroom:stroom-app before 5.5.12 and all versions of th ...) + TODO: check CVE-2019-10778 (devcert-sanscache before 0.4.7 allows remote attackers to execute arbi ...) NOT-FOR-US: devcert-sanscache CVE-2019-10777 (In aws-lambda versions prior to version 1.0.5, the "config.FunctioName ...) @@ -24759,8 +24779,8 @@ CVE-2019-10772 (It is possible to bypass enshrined/svg-sanitize before 0.13.1 us NOT-FOR-US: svg-sanitize CVE-2019-10771 (Characters in the GET url path are not properly escaped and can be ref ...) NOT-FOR-US: IOBroker -CVE-2019-10770 - RESERVED +CVE-2019-10770 (All versions of io.ratpack:ratpack-core from 0.9.10 inclusive and befo ...) + TODO: check CVE-2019-10769 (safer-eval is a npm package to sandbox the he evaluation of code used ...) NOT-FOR-US: safer-eval Node module CVE-2019-10768 (In AngularJS before 1.7.9 the function `merge()` could be tricked into ...) @@ -32637,8 +32657,8 @@ CVE-2019-8259 (UltraVNC revision 1198 contains multiple memory leaks (CWE-655) i NOT-FOR-US: UltraVNC CVE-2019-8258 (UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC ...) NOT-FOR-US: UltraVNC -CVE-2019-8257 - RESERVED +CVE-2019-8257 (Adobe Acrobat and Reader versions , 2019.012.20035 and earlier, 2019.0 ...) + TODO: check CVE-2019-8256 (ColdFusion versions Update 6 and earlier have an insecure inherited pe ...) NOT-FOR-US: ColdFusion CVE-2019-8255 (Brackets versions 1.14 and earlier have a command injection vulnerabil ...) @@ -35343,8 +35363,8 @@ CVE-2019-7133 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds read vulnera NOT-FOR-US: Adobe CVE-2019-7132 (Adobe Bridge CC versions 9.0.2 have an out-of-bounds write vulnerabili ...) NOT-FOR-US: Adobe -CVE-2019-7131 - RESERVED +CVE-2019-7131 (Adobe Acrobat and Reader versions 2019.010.20064 and earlier, 2019.010 ...) + TODO: check CVE-2019-7130 (Adobe Bridge CC versions 9.0.2 have a heap overflow vulnerability. Suc ...) NOT-FOR-US: Adobe CVE-2019-7129 (Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored ...) @@ -39210,22 +39230,19 @@ CVE-2019-5476 (An SQL Injection in the Nextcloud Lookup-Server < v0.3.0 (runn NOT-FOR-US: Nextcloud Lookup-Server CVE-2019-5475 (The Nexus Yum Repository Plugin in v2 is vulnerable to Remote Code Exe ...) NOT-FOR-US: Nexus Yum Repository Plugin -CVE-2019-5474 [Override Merge Request Approval Rules] - RESERVED +CVE-2019-5474 (An authorization issue was discovered in GitLab EE < 12.1.2, < 1 ...) - gitlab <not-affected> (Only affects Gitlab EE 11.8 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5473 (An authentication issue was discovered in GitLab that allowed a bypass ...) - gitlab <not-affected> (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5472 [Denial Of Service Epic Comments] - RESERVED +CVE-2019-5472 (An authorization issue was discovered in Gitlab versions < 12.1.2, ...) - gitlab <not-affected> (Only affects Gitlab EE 10.7 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ CVE-2019-5471 (An input validation and output encoding issue was discovered in the Gi ...) - gitlab <not-affected> (Only affects Gitlab EE 8.9 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5470 [Information Disclosure Vulnerability Feedback] - RESERVED +CVE-2019-5470 (An information disclosure issue was discovered GitLab versions < 12 ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -39233,8 +39250,7 @@ CVE-2019-5469 (An IDOR vulnerability exists in GitLab <v12.1.2, <v12.0.4, [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5468 [User Revokation Bypass with Mattermost Integration] - RESERVED +CVE-2019-5468 (An privilege escalation issue was discovered in Gitlab versions < 1 ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -39242,18 +39258,15 @@ CVE-2019-5467 (An input validation and output encoding issue was discovered in t [experimental] - gitlab <unfixed> - gitlab <not-affected> (Only affects 11.10 and later) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5466 [IDOR Label Name Enumeration] - RESERVED +CVE-2019-5466 (An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5465 [Information Disclosure New Issue ID] - RESERVED +CVE-2019-5465 (An information disclosure issue was discovered in GitLab CE/EE 8.14 an ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5464 [SSRF Mitigation Bypass] - RESERVED +CVE-2019-5464 (A flawed DNS rebinding protection issue was discovered in GitLab CE/EE ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -39261,8 +39274,7 @@ CVE-2019-5463 (An authorization issue was discovered in the GitLab CE/EE CI badg [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ -CVE-2019-5462 [Trigger Token Impersonation] - RESERVED +CVE-2019-5462 (A privilege escalation issue was discovered in GitLab CE/EE 9.0 and la ...) [experimental] - gitlab 11.11.7+dfsg-1 - gitlab <unfixed> (bug #933785) NOTE: https://about.gitlab.com/2019/07/29/security-release-gitlab-12-dot-1-dot-2-released/ @@ -50039,8 +50051,7 @@ CVE-2019-0544 REJECTED CVE-2019-0543 (An elevation of privilege vulnerability exists when Windows improperly ...) NOT-FOR-US: Microsoft -CVE-2019-0542 - REJECTED +CVE-2019-0542 (A remote code execution vulnerability exists in Xterm.js when the comp ...) - node-xterm 3.8.1-1 (unimportant; bug #926670) NOTE: nodejs not covered by security support CVE-2019-0541 (A remote code execution vulnerability exists in the way that the MSHTM ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 2c1156a783..9d2bd47f17 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,13 @@ +CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...) + TODO: check +CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) + TODO: check +CVE-2020-8089 + RESERVED +CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login bypass ...) + TODO: check +CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...) + TODO: check CVE-2020-8086 RESERVED CVE-2020-8085 @@ -176,10 +186,10 @@ CVE-2020-8000 (Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for NOT-FOR-US: Intellian Aptus Web CVE-2020-7999 (The Intellian Aptus application 1.0.2 for Android has hardcoded values ...) NOT-FOR-US: Intellian Aptus application for Android -CVE-2020-7998 - RESERVED -CVE-2020-7997 - RESERVED +CVE-2020-7998 (An arbitrary file upload vulnerability has been discovered in the Supe ...) + TODO: check +CVE-2020-7997 (ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Na ...) + TODO: check CVE-2020-7996 (htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via th ...) - dolibarr <removed> CVE-2020-7995 (The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allow ...) @@ -5234,8 +5244,8 @@ CVE-2020-5525 RESERVED CVE-2020-5524 RESERVED -CVE-2020-5523 - RESERVED +CVE-2020-5523 (Android App 'MyPallete' and some of the Android banking applications b ...) + TODO: check CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify ...) NOT-FOR-US: kantan netprint App for Android CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...) @@ -5870,12 +5880,12 @@ CVE-2020-5222 RESERVED CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user to pe ...) NOT-FOR-US: uftpd -CVE-2020-5220 - RESERVED +CVE-2020-5220 (Sylius ResourceBundle accepts and uses any serialisation groups to be ...) + TODO: check CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...) TODO: check -CVE-2020-5218 - RESERVED +CVE-2020-5218 (Affected versions of Sylius give attackers the ability to switch chann ...) + TODO: check CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) - ruby-secure-headers <unfixed> (bug #949999) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-xq52-rv6w-397c @@ -5902,8 +5912,8 @@ CVE-2020-5209 RESERVED CVE-2020-5208 RESERVED -CVE-2020-5207 - RESERVED +CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...) + TODO: check CVE-2020-5206 RESERVED CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...) @@ -10038,29 +10048,29 @@ CVE-2020-3144 RESERVED CVE-2020-3143 RESERVED -CVE-2020-3142 ([CVE-2020-3142_su] A vulnerability in Cisco Webex Meetings Suite sites ...) +CVE-2020-3142 (A vulnerability in Cisco Webex Meetings Suite sites and Cisco Webex Me ...) NOT-FOR-US: Cisco CVE-2020-3141 RESERVED CVE-2020-3140 RESERVED -CVE-2020-3139 ([CVE-2020-3139_su] A vulnerability in the out of band (OOB) management ...) +CVE-2020-3139 (A vulnerability in the out of band (OOB) management interface IP table ...) NOT-FOR-US: Cisco CVE-2020-3138 RESERVED CVE-2020-3137 RESERVED -CVE-2020-3136 ([CVE-2020-3136_su] A vulnerability in the web-based management interfa ...) +CVE-2020-3136 (A vulnerability in the web-based management interface of Cisco Jabber ...) NOT-FOR-US: Cisco CVE-2020-3135 RESERVED -CVE-2020-3134 ([CVE-2020-3134_su] A vulnerability in the zip decompression engine of ...) +CVE-2020-3134 (A vulnerability in the zip decompression engine of Cisco AsyncOS Softw ...) NOT-FOR-US: Cisco CVE-2020-3133 RESERVED CVE-2020-3132 RESERVED -CVE-2020-3131 ([CVE-2020-3131_su] A vulnerability in the Cisco Webex Teams client for ...) +CVE-2020-3131 (A vulnerability in the Cisco Webex Teams client for Windows could allo ...) NOT-FOR-US: Cisco CVE-2020-3130 RESERVED @@ -12516,11 +12526,9 @@ CVE-2020-1935 RESERVED CVE-2020-1934 RESERVED -CVE-2020-1933 - RESERVED +CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Maliciou ...) NOT-FOR-US: Apache NiFi -CVE-2020-1932 - RESERVED +CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...) NOT-FOR-US: Apache Superset CVE-2020-1931 RESERVED @@ -12528,8 +12536,7 @@ CVE-2020-1930 RESERVED CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an ...) TODO: check -CVE-2020-1928 - RESERVED +CVE-2020-1928 (An information disclosure vulnerability was found in Apache NiFi 1.10. ...) NOT-FOR-US: Apache NiFi CVE-2020-1927 RESERVED @@ -15322,14 +15329,12 @@ CVE-2020-0551 RESERVED CVE-2020-0550 RESERVED -CVE-2020-0549 [CacheOut attack / L1D Eviction Sampling] - RESERVED +CVE-2020-0549 (Cleanup errors in some data cache evictions for some Intel(R) Processo ...) - intel-microcode <unfixed> NOTE: https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling NOTE: https://cacheoutattack.com/ NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html -CVE-2020-0548 [Vector Register Sampling] - RESERVED +CVE-2020-0548 (Cleanup errors in some Intel(R) Processors may allow an authenticated ...) - intel-microcode <unfixed> NOTE: https://software.intel.com/security-software-guidance/software-guidance/vector-register-sampling NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html |