diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2021-02-23 20:10:30 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2021-02-23 20:10:30 +0000 |
| commit | 491445dbbff0b4bd070cd9486e8e258527177ec8 (patch) | |
| tree | f3a45288dfda83f32031f8dc6a111d7bad42ca9b /data/CVE/2020.list | |
| parent | 16267b8bf4c0e16e90ccaa4dc57e12bde6f86254 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2020.list')
| -rw-r--r-- | data/CVE/2020.list | 64 |
1 files changed, 31 insertions, 33 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index dd8bce4c11..2a95027d1e 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -5251,8 +5251,8 @@ CVE-2020-28588 [lib/syscall: fix syscall registers retrieval on 32-bit platforms [stretch] - linux <not-affected> (Vulnerable code not present) NOTE: https://git.kernel.org/linus/4f134b89a24b965991e7c345b9a4591821f7c2a6 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211 -CVE-2020-28587 - RESERVED +CVE-2020-28587 (A specially crafted document can cause the document parser to copy dat ...) + TODO: check CVE-2020-28586 RESERVED CVE-2020-28585 @@ -5581,14 +5581,14 @@ CVE-2020-28434 RESERVED CVE-2020-28433 RESERVED -CVE-2020-28432 - RESERVED -CVE-2020-28431 - RESERVED -CVE-2020-28430 - RESERVED -CVE-2020-28429 - RESERVED +CVE-2020-28432 (All versions of package theme-core are vulnerable to Command Injection ...) + TODO: check +CVE-2020-28431 (All versions of package wc-cmd are vulnerable to Command Injection via ...) + TODO: check +CVE-2020-28430 (All versions of package nuance-gulp-build-common are vulnerable to Com ...) + TODO: check +CVE-2020-28429 (All versions of package geojson2kml are vulnerable to Command Injectio ...) + TODO: check CVE-2020-28428 RESERVED CVE-2020-28427 @@ -7103,8 +7103,7 @@ CVE-2020-27783 (A XSS vulnerability was discovered in python-lxml's clean module - lxml 4.6.2-1 NOTE: https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e (lxml-4.6.1) NOTE: https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7 (lxml-4.6.2) -CVE-2020-27782 - RESERVED +CVE-2020-27782 (A flaw was found in the Undertow AJP connector. Malicious requests and ...) - undertow 2.2.4-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1901304 NOTE: https://issues.redhat.com/browse/UNDERTOW-1824 @@ -9875,8 +9874,8 @@ CVE-2020-26611 RESERVED CVE-2020-26610 RESERVED -CVE-2020-26609 - RESERVED +CVE-2020-26609 (fastadmin V1.0.0.20200506_beta contains a cross-site scripting (XSS) v ...) + TODO: check CVE-2020-26608 RESERVED CVE-2020-26607 (An issue was discovered in TimaService on Samsung mobile devices with ...) @@ -12051,7 +12050,7 @@ CVE-2020-25679 CVE-2020-25678 (A flaw was found in ceph in versions prior to 16.y.z where ceph stores ...) - ceph <unfixed> NOTE: https://tracker.ceph.com/issues/37503 -CVE-2020-25677 (Ceph-ansible 4.0.34.1 creates /etc/ceph/iscsi-gateway.conf with insecu ...) +CVE-2020-25677 (A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph ...) NOT-FOR-US: ceph Ansible module CVE-2020-25676 (In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), Inte ...) - imagemagick 8:6.9.11.24+dfsg-1 @@ -13328,8 +13327,8 @@ CVE-2020-25163 RESERVED CVE-2020-25162 RESERVED -CVE-2020-25161 - RESERVED +CVE-2020-25161 (The WADashboard component of WebAccess/SCADA Versions 9.0 and prior ma ...) + TODO: check CVE-2020-25160 RESERVED CVE-2020-25159 (499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack- ...) @@ -31627,8 +31626,8 @@ CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is NOT-FOR-US: Advantech CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...) NOT-FOR-US: GE Digital APM Classic -CVE-2020-16243 - RESERVED +CVE-2020-16243 (Multiple buffer overflow vulnerabilities exist when LeviStudioU (Versi ...) + TODO: check CVE-2020-16242 (The affected Reason S20 Ethernet Switch is vulnerable to cross-site sc ...) NOT-FOR-US: General Electric CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...) @@ -36455,8 +36454,7 @@ CVE-2020-14360 (A flaw was found in the X.Org Server before version 1.20.10. An {DSA-4803-1 DLA-2486-1} - xorg-server 2:1.20.10-1 (bug #976216) NOTE: https://gitlab.freedesktop.org/xorg/xserver/-/commit/446ff2d3177087b8173fa779fa5b77a2a128988b -CVE-2020-14359 - RESERVED +CVE-2020-14359 (A vulnerability was found in all versions of keycloak, where on using ...) NOT-FOR-US: Keycloak CVE-2020-14358 RESERVED @@ -38269,8 +38267,8 @@ CVE-2020-13699 (TeamViewer Desktop for Windows before 15.8.3 does not properly q NOT-FOR-US: TeamViewer Desktop CVE-2020-13698 RESERVED -CVE-2020-13697 - RESERVED +CVE-2020-13697 (An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2 ...) + TODO: check CVE-2020-13696 (An issue was discovered in LinuxTV xawtv before 3.107. The function de ...) {DLA-2246-1} - xawtv 3.107-1 (bug #962221) @@ -50199,8 +50197,8 @@ CVE-2020-8903 (A vulnerability in Google Cloud Platform's guest-oslogin versions - google-compute-image-packages <unfixed> NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 NOTE: https://github.com/GoogleCloudPlatform/guest-oslogin/pull/29 -CVE-2020-8902 - RESERVED +CVE-2020-8902 (Rendertron versions prior to 3.0.0 are are susceptible to a Server-Sid ...) + TODO: check CVE-2020-8901 RESERVED CVE-2020-8900 @@ -51637,8 +51635,8 @@ CVE-2020-8299 RESERVED CVE-2020-8298 RESERVED -CVE-2020-8297 - RESERVED +CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...) + TODO: check CVE-2020-8296 RESERVED CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...) @@ -52778,8 +52776,8 @@ CVE-2020-7849 (A vulnerability of uPrism.io CURIX(Video conferecing solution) co NOT-FOR-US: uPrism.io CURIX CVE-2020-7848 (The EFM ipTIME C200 IP Camera is affected by a Command Injection vulne ...) NOT-FOR-US: EFM ipTIME C200 IP Camera -CVE-2020-7847 - RESERVED +CVE-2020-7847 (The ipTIME NAS product allows an arbitrary file upload vulnerability i ...) + TODO: check CVE-2020-7846 RESERVED CVE-2020-7845 (Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerabi ...) @@ -54359,8 +54357,8 @@ CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Se NOT-FOR-US: Aruba CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...) NOT-FOR-US: Aruba -CVE-2020-7120 - RESERVED +CVE-2020-7120 (A local authenticated buffer overflow vulnerability was discovered in ...) + TODO: check CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location Engine (ALE ...) NOT-FOR-US: Aruba CVE-2020-7118 @@ -59761,8 +59759,8 @@ CVE-2020-4955 (IBM Spectrum Protect Operations Center 7.1 and 8.1could allow a r NOT-FOR-US: IBM CVE-2020-4954 (IBM Spectrum Protect Operations Center 7.1 and 8.1 could allow a remot ...) NOT-FOR-US: IBM -CVE-2020-4953 - RESERVED +CVE-2020-4953 (IBM Planning Analytics 2.0 could allow a remote authenticated attacker ...) + TODO: check CVE-2020-4952 (IBM Security Guardium 11.2 could allow an authenticated user to gain r ...) NOT-FOR-US: IBM CVE-2020-4951 |