automatic update

author: security tracker role <sectracker@soriano.debian.org> 2021-03-03 20:10:23 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2021-03-03 20:10:23 +0000
commit: 23e05ed44f6ea42a79951ed5e735d251924aa0b1 (patch)
tree: da1d8c4caa799f6afd486fc5ac4ae1f2c39514de /data/CVE/2020.list
parent: afe89ad2eb8f067fe372702ef84e3e44428156a9 (diff)
1 files changed, 21 insertions, 27 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index a495507422..9fff9c90ac 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -493,7 +493,7 @@ CVE-2020-36081
 	RESERVED
 CVE-2020-36080
 	RESERVED
-CVE-2020-36079 (Zenphoto through 1.5.7 is affected by authenticated arbitrary file upl ...)
+CVE-2020-36079 (** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arb ...)
 	NOT-FOR-US: Zenphoto
 CVE-2020-36078
 	RESERVED
@@ -2328,8 +2328,8 @@ CVE-2020-35298
 	RESERVED
 CVE-2020-35297
 	RESERVED
-CVE-2020-35296
-	RESERVED
+CVE-2020-35296 (ThinkAdmin v6 has default administrator credentials, which allows atta ...)
+	TODO: check
 CVE-2020-35295
 	RESERVED
 CVE-2020-35294
@@ -4224,8 +4224,8 @@ CVE-2020-29049
 	RESERVED
 CVE-2020-29048
 	RESERVED
-CVE-2020-29047
-	RESERVED
+CVE-2020-29047 (The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote ...)
+	TODO: check
 CVE-2020-29046
 	RESERVED
 CVE-2020-29045
@@ -5247,8 +5247,8 @@ CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import
 	NOTE: https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874
 CVE-2020-28598
 	RESERVED
-CVE-2020-28597
-	RESERVED
+CVE-2020-28597 (A predictable seed vulnerability exists in the password reset function ...)
+	TODO: check
 CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...)
 	NOT-FOR-US: PrusaSlicer
 CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj()  ...)
@@ -5259,8 +5259,8 @@ CVE-2020-28593
 	RESERVED
 CVE-2020-28592
 	RESERVED
-CVE-2020-28591
-	RESERVED
+CVE-2020-28591 (An out-of-bounds read vulnerability exists in the AMF File AMFParserCo ...)
+	TODO: check
 CVE-2020-28590
 	RESERVED
 CVE-2020-28589
@@ -7144,8 +7144,7 @@ CVE-2020-27780 (A flaw was found in Linux-Pam in versions prior to 1.5.1 in the
 	NOTE: https://github.com/linux-pam/linux-pam/issues/284
 	NOTE: Introduced by: https://github.com/linux-pam/linux-pam/commit/af0faf666c5008e54dfe43684f210e3581ff1bca (v1.5.0)
 	NOTE: Fixed by: https://github.com/linux-pam/linux-pam/commit/30fdfb90d9864bcc254a62760aaa149d373fd4eb
-CVE-2020-27779
-	RESERVED
+CVE-2020-27779 (A flaw was found in grub2 in versions prior to 2.06. The cutmem comman ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
 CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...)
@@ -7346,8 +7345,7 @@ CVE-2020-27750 (A flaw was found in ImageMagick in MagickCore/colorspace-private
 	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1711
 	NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a81ca9a1b46a96be83682af3389f0a6f3d0d389d
 	NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c7038e710ad0204d6cb37a0229fc55f6f8a8662f
-CVE-2020-27749
-	RESERVED
+CVE-2020-27749 (A flaw was found in grub2 in versions prior to 2.06. Variable names pr ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
 CVE-2020-27748 [local file inclusion vulnerability]
@@ -12253,8 +12251,7 @@ CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) m
 	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 (private)
 	NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361
-CVE-2020-25647
-	RESERVED
+CVE-2020-25647 (A flaw was found in grub2 in versions prior to 2.06. During USB device ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
 CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. openssl_priva ...)
@@ -12312,8 +12309,7 @@ CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy
 	- resteasy3.0 <unfixed>
 	[buster] - resteasy3.0 <ignored> (Minor issue)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042
-CVE-2020-25632
-	RESERVED
+CVE-2020-25632 (A flaw was found in grub2 in versions prior to 2.06. The rmmod impleme ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
 CVE-2020-25631 (A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 ...)
@@ -32534,8 +32530,8 @@ CVE-2020-15939
 	RESERVED
 CVE-2020-15938
 	RESERVED
-CVE-2020-15937
-	RESERVED
+CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate version ...)
+	TODO: check
 CVE-2020-15936
 	RESERVED
 CVE-2020-15935
@@ -36436,8 +36432,7 @@ CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc.
 	[stretch] - ghostscript 9.26~dfsg-0+deb9u1
 	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ece5cbbd9979cd35737b00e68267762d72feb2ea
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702851
-CVE-2020-14372
-	RESERVED
+CVE-2020-14372 (A flaw was found in grub2 in versions prior to 2.06, where it incorrec ...)
 	{DSA-4867-1}
 	- grub2 2.04-16
 CVE-2020-14371
@@ -38671,8 +38666,7 @@ CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine o
 	NOT-FOR-US: Foxit
 CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging functi ...)
 	NOT-FOR-US: FreyrSCADA IEC-60879-5-104 Server Simulator
-CVE-2020-13558
-	RESERVED
+CVE-2020-13558 (A code execution vulnerability exists in the AudioSourceProviderGStrea ...)
 	{DSA-4854-1}
 	- webkit2gtk 2.30.5-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
@@ -38684,8 +38678,8 @@ CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP s
 	NOT-FOR-US: EIP Stack Group OpENer
 CVE-2020-13555 (An exploitable local privilege elevation vulnerability exists in the f ...)
 	NOT-FOR-US: Advantech WebAccess/SCADA
-CVE-2020-13554
-	RESERVED
+CVE-2020-13554 (An exploitable local privilege elevation vulnerability exists in the f ...)
+	TODO: check
 CVE-2020-13553 (An exploitable local privilege elevation vulnerability exists in the f ...)
 	NOT-FOR-US: Advantech WebAccess/SCADA
 CVE-2020-13552 (An exploitable local privilege elevation vulnerability exists in the f ...)
@@ -51697,8 +51691,8 @@ CVE-2020-8298
 	RESERVED
 CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...)
 	NOT-FOR-US: Nextcloud Deck
-CVE-2020-8296
-	RESERVED
+CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...)
+	TODO: check
 CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...)
 	- nextcloud-server <itp> (bug #941708)
 CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 1 ...)
author	security tracker role <sectracker@soriano.debian.org>	2021-03-03 20:10:23 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2021-03-03 20:10:23 +0000
commit	23e05ed44f6ea42a79951ed5e735d251924aa0b1 (patch)
tree	da1d8c4caa799f6afd486fc5ac4ae1f2c39514de /data/CVE/2020.list
parent	afe89ad2eb8f067fe372702ef84e3e44428156a9 (diff)