summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsecurity tracker role <sectracker@soriano.debian.org>2020-09-23 20:10:28 +0000
committersecurity tracker role <sectracker@soriano.debian.org>2020-09-23 20:10:28 +0000
commit6cd1aac95bc38e5b6a166f80fd3d341a4eeb46db (patch)
treef6b4e8f989f26161ad7f2663b00a030a7a952838
parentccec75c4b8fc5bc3e6f3b3be8239f09b72a4bb06 (diff)
automatic update
-rw-r--r--data/CVE/2020.list142
1 files changed, 90 insertions, 52 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 842b92cf94..6ff2d8221a 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,51 @@
+CVE-2020-25850
+ RESERVED
+CVE-2020-25849
+ RESERVED
+CVE-2020-25848
+ RESERVED
+CVE-2020-25847
+ RESERVED
+CVE-2020-25846
+ RESERVED
+CVE-2020-25845
+ RESERVED
+CVE-2020-25844
+ RESERVED
+CVE-2020-25843
+ RESERVED
+CVE-2020-25842
+ RESERVED
+CVE-2020-25841
+ RESERVED
+CVE-2020-25840
+ RESERVED
+CVE-2020-25839
+ RESERVED
+CVE-2020-25838
+ RESERVED
+CVE-2020-25837
+ RESERVED
+CVE-2020-25836
+ RESERVED
+CVE-2020-25835
+ RESERVED
+CVE-2020-25834
+ RESERVED
+CVE-2020-25833
+ RESERVED
+CVE-2020-25832
+ RESERVED
+CVE-2020-25831
+ RESERVED
+CVE-2020-25830
+ RESERVED
+CVE-2020-25829
+ RESERVED
+CVE-2020-25828
+ RESERVED
+CVE-2020-25827
+ RESERVED
CVE-2020-25826 (PingID Integration for Windows Login before 2.4.2 allows local users t ...)
NOT-FOR-US: PingID Integration for Windows Login
CVE-2020-25825
@@ -191,8 +239,8 @@ CVE-2020-25741
RESERVED
CVE-2020-25740
RESERVED
-CVE-2020-25739
- RESERVED
+CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Mult ...)
+ TODO: check
CVE-2020-25738
RESERVED
CVE-2020-25737
@@ -2580,12 +2628,12 @@ CVE-2020-24628
RESERVED
CVE-2020-24627
RESERVED
-CVE-2020-24626
- RESERVED
-CVE-2020-24625
- RESERVED
-CVE-2020-24624
- RESERVED
+CVE-2020-24626 (Unathenticated directory traversal in the ReceiverServlet class doPost ...)
+ TODO: check
+CVE-2020-24625 (Unathenticated directory traversal in the ReceiverServlet class doGet( ...)
+ TODO: check
+CVE-2020-24624 (Unathenticated directory traversal in the DownloadServlet class execut ...)
+ TODO: check
CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...)
NOT-FOR-US: Hewlett Packard Enterprise Universal API Framework
CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...)
@@ -3492,8 +3540,8 @@ CVE-2020-24215
RESERVED
CVE-2020-24214
RESERVED
-CVE-2020-24213
- RESERVED
+CVE-2020-24213 (An integer overflow was discovered in YGOPro ygocore v13.51. Attackers ...)
+ TODO: check
CVE-2020-24212
REJECTED
CVE-2020-24211
@@ -19574,16 +19622,16 @@ CVE-2020-16246
RESERVED
CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...)
NOT-FOR-US: Advantech
-CVE-2020-16244
- RESERVED
+CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...)
+ TODO: check
CVE-2020-16243
RESERVED
CVE-2020-16242
RESERVED
CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...)
NOT-FOR-US: Philips SureSigns
-CVE-2020-16240
- RESERVED
+CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure direct obj ...)
+ TODO: check
CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...)
NOT-FOR-US: Philips SureSigns
CVE-2020-16238
@@ -23969,8 +24017,8 @@ CVE-2020-14372
CVE-2020-14371
RESERVED
NOT-FOR-US: Red Hat Satellite
-CVE-2020-14370
- RESERVED
+CVE-2020-14370 (An information disclosure vulnerability was found in containers/podman ...)
+ TODO: check
CVE-2020-14369
RESERVED
NOT-FOR-US: Red Hat CloudForm
@@ -23987,8 +24035,7 @@ CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating t
NOTE: additionally mitigating the issue. Earlier versions used /var/run/chronyd.pid.
CVE-2020-14366
RESERVED
-CVE-2020-14365 [dnf module install packages with no GPG signature]
- RESERVED
+CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154
CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator ...)
@@ -32341,8 +32388,8 @@ CVE-2020-11032 (In GLPI before version 9.4.6, there is a SQL injection vulnerabi
- glpi <removed> (unimportant)
NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh
NOTE: Only supported behind an authenticated HTTP zone
-CVE-2020-11031
- RESERVED
+CVE-2020-11031 (In GLPI before version 9.5.0, the encryption algorithm used is insecur ...)
+ TODO: check
CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...)
- wordpress 5.4.1+dfsg1-1 (bug #959391)
[buster] - wordpress <not-affected> (Vulnerable code not present)
@@ -33326,8 +33373,7 @@ CVE-2020-10716
NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation
CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...)
NOT-FOR-US: Openshift Web Console
-CVE-2020-10714
- RESERVED
+CVE-2020-10714 (A flaw was found in WildFly Elytron version 1.11.3.Final and before. W ...)
NOT-FOR-US: WildFly Elytron
CVE-2020-10713 (A flaw was found in grub2, prior to version 2.06. An attacker may use ...)
{DSA-4735-1}
@@ -33448,8 +33494,7 @@ CVE-2020-10688
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974
NOTE: https://github.com/quarkusio/quarkus/issues/7248
NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted)
-CVE-2020-10687
- RESERVED
+CVE-2020-10687 (A flaw was discovered in all versions of Undertow before Undertow 2.2. ...)
- undertow 2.2.0-1
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049
NOTE: https://issues.jboss.org/browse/UNDERTOW-1780
@@ -41544,10 +41589,10 @@ CVE-2020-7124
RESERVED
CVE-2020-7123
RESERVED
-CVE-2020-7122
- RESERVED
-CVE-2020-7121
- RESERVED
+CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...)
+ TODO: check
+CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...)
+ TODO: check
CVE-2020-7120
RESERVED
CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location Engine (ALE ...)
@@ -44998,12 +45043,12 @@ CVE-2020-5785
RESERVED
CVE-2020-5784
RESERVED
-CVE-2020-5783
- RESERVED
-CVE-2020-5782
- RESERVED
-CVE-2020-5781
- RESERVED
+CVE-2020-5783 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does n ...)
+ TODO: check
+CVE-2020-5782 (In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ...)
+ TODO: check
+CVE-2020-5781 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is ...)
+ TODO: check
CVE-2020-5780 (Missing Authentication for Critical Function in Icegram Email Subscrib ...)
NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress
CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates t ...)
@@ -48059,8 +48104,8 @@ CVE-2020-4342 (IBM Security Secret Server 10.7 could disclose sensitive informat
NOT-FOR-US: IBM
CVE-2020-4341 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...)
NOT-FOR-US: IBM
-CVE-2020-4340
- RESERVED
+CVE-2020-4340 (IBM Security Secret Server prior to 10.9 could allow an attacker to by ...)
+ TODO: check
CVE-2020-4339
RESERVED
CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...)
@@ -48091,8 +48136,8 @@ CVE-2020-4326
RESERVED
CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0 ...)
NOT-FOR-US: IBM
-CVE-2020-4324
- RESERVED
+CVE-2020-4324 (IBM Security Secret Server proir to 10.9 could allow a remote attacker ...)
+ TODO: check
CVE-2020-4323 (IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. ...)
NOT-FOR-US: IBM
CVE-2020-4322 (IBM Security Secret Server 10.7 could allow a remote attacker to hijac ...)
@@ -52495,26 +52540,19 @@ CVE-2020-2287
RESERVED
CVE-2020-2286
RESERVED
-CVE-2020-2285
- RESERVED
+CVE-2020-2285 (A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 an ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2284
- RESERVED
+CVE-2020-2284 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure i ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2283
- RESERVED
+CVE-2020-2283 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape chan ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2282
- RESERVED
+CVE-2020-2282 (Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permi ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2281
- RESERVED
+CVE-2020-2281 (A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2280
- RESERVED
+CVE-2020-2280 (A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings ...)
NOT-FOR-US: Jenkins plugin
-CVE-2020-2279
- RESERVED
+CVE-2020-2279 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 ...)
NOT-FOR-US: Jenkins plugin
CVE-2020-2278 (Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the ...)
NOT-FOR-US: Jenkins plugin

© 2014-2024 Faster IT GmbH | imprint | privacy policy