diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-12-11 08:10:14 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-12-11 08:10:14 +0000 |
| commit | 3dcb9864afa4daa677577e4c465b7838dc84cc31 (patch) | |
| tree | a23d80e60a21e907f023bc8cb5a11a8effcbac1d /data | |
| parent | fc1be823b96ea0b552153a70df7fa7954ed738f3 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/2016.list | 3 | ||||
| -rw-r--r-- | data/CVE/2019.list | 5 | ||||
| -rw-r--r-- | data/CVE/2020.list | 304 |
3 files changed, 196 insertions, 116 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 1e4aaa368e..cc895cb2b8 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,3 +1,6 @@ +CVE-2016-15001 + REJECTED + TODO: check CVE-2016-11086 (lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby doe ...) - ruby-oauth <unfixed> (bug #970932) NOTE: https://github.com/oauth-xx/oauth-ruby/issues/137 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 41da82738a..d903944b4c 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1752,6 +1752,7 @@ CVE-2019-20220 (In Support Incident Tracker (SiT!) 3.67, the search_id parameter CVE-2019-20219 (ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor i ...) NOT-FOR-US: ngiflib CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH stack u ...) + {DLA-2340-2} - sqlite3 3.30.1+fossil191229-1 [buster] - sqlite3 3.27.2-3+deb10u1 [jessie] - sqlite3 <no-dsa> (Minor issue) @@ -43009,8 +43010,8 @@ CVE-2019-4740 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is v NOT-FOR-US: IBM CVE-2019-4739 RESERVED -CVE-2019-4738 - RESERVED +CVE-2019-4738 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 a ...) + TODO: check CVE-2019-4737 (IBM DOORS Next Generation (DNG/RRC) 6.0.2. 6.0.6, and 6.0.61 is vulner ...) NOT-FOR-US: IBM CVE-2019-4736 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site requ ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 3af68f911b..725fbb543c 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,86 @@ +CVE-2020-35138 + RESERVED +CVE-2020-35137 + RESERVED +CVE-2020-35136 + RESERVED +CVE-2020-35135 (The ultimate-category-excluder plugin before 1.2 for WordPress allows ...) + TODO: check +CVE-2020-35134 + RESERVED +CVE-2020-35133 + RESERVED +CVE-2020-35132 (An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that a ...) + TODO: check +CVE-2020-35131 + RESERVED +CVE-2020-35130 + RESERVED +CVE-2020-35129 + RESERVED +CVE-2020-35128 + RESERVED +CVE-2020-35127 (Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.j ...) + TODO: check +CVE-2020-35126 (** DISPUTED ** Typesetter CMS 5.x through 5.1 allows admins to conduct ...) + TODO: check +CVE-2020-35125 + RESERVED +CVE-2020-35124 + RESERVED +CVE-2020-35123 + RESERVED +CVE-2020-35122 + RESERVED +CVE-2020-35121 + RESERVED +CVE-2020-35120 + RESERVED +CVE-2020-35119 + RESERVED +CVE-2020-35118 + RESERVED +CVE-2020-35117 + RESERVED +CVE-2020-35116 + RESERVED +CVE-2020-35115 + RESERVED +CVE-2020-35114 + RESERVED +CVE-2020-35113 + RESERVED +CVE-2020-35112 + RESERVED +CVE-2020-35111 + RESERVED +CVE-2020-35110 + REJECTED + TODO: check +CVE-2020-35109 + RESERVED +CVE-2020-35108 + RESERVED +CVE-2020-35107 + RESERVED +CVE-2020-35106 + RESERVED +CVE-2020-35096 + RESERVED +CVE-2020-35090 + REJECTED + TODO: check +CVE-2020-35076 + REJECTED + TODO: check +CVE-2020-35061 + RESERVED +CVE-2020-35030 + RESERVED +CVE-2020-35017 + RESERVED +CVE-2020-35001 + RESERVED CVE-2020-29670 RESERVED CVE-2020-29669 @@ -807,8 +890,8 @@ CVE-2020-29313 RESERVED CVE-2020-29312 RESERVED -CVE-2020-29311 - RESERVED +CVE-2020-29311 (Ubilling v1.0.9 allows Remote Command Execution as Root user by execut ...) + TODO: check CVE-2020-29310 RESERVED CVE-2020-29309 @@ -1292,7 +1375,7 @@ CVE-2020-29076 CVE-2020-29075 RESERVED CVE-2020-29074 (scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which all ...) - {DSA-4799-1} + {DSA-4799-1 DLA-2490-1} - x11vnc 0.9.16-5 (bug #975875) NOTE: https://github.com/LibVNC/x11vnc/commit/69eeb9f7baa14ca03b16c9de821f9876def7a36a CVE-2020-29073 @@ -1628,7 +1711,7 @@ CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular com CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User Registration sectio ...) NOT-FOR-US: Magicpin CVE-2020-28926 (ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code exe ...) - {DSA-4806-1} + {DSA-4806-1 DLA-2489-1} - minidlna <unfixed> (bug #976595) NOTE: https://www.rootshellsecurity.net/remote-heap-corruption-bug-discovery-minidlna/ NOTE: https://sourceforge.net/p/minidlna/git/ci/9fba41008adebc1da0f4f6c6e27ae422ace3fe4a (v1_3_0) @@ -3142,20 +3225,20 @@ CVE-2020-28222 RESERVED CVE-2020-28221 RESERVED -CVE-2020-28220 - RESERVED -CVE-2020-28219 - RESERVED -CVE-2020-28218 - RESERVED -CVE-2020-28217 - RESERVED -CVE-2020-28216 - RESERVED -CVE-2020-28215 - RESERVED -CVE-2020-28214 - RESERVED +CVE-2020-28220 (A CWE-119: Improper Restriction of Operations within the Bounds of a M ...) + TODO: check +CVE-2020-28219 (A CWE-522: Insufficiently Protected Credentials vulnerability exists i ...) + TODO: check +CVE-2020-28218 (A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulne ...) + TODO: check +CVE-2020-28217 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists i ...) + TODO: check +CVE-2020-28216 (A CWE-311: Missing Encryption of Sensitive Data vulnerability exists i ...) + TODO: check +CVE-2020-28215 (A CWE-862: Missing Authorization vulnerability exists in Easergy T300 ...) + TODO: check +CVE-2020-28214 (A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability ...) + TODO: check CVE-2020-28213 (A CWE-494: Download of Code Without Integrity Check vulnerability exis ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-28212 (A CWE-307: Improper Restriction of Excessive Authentication Attempts v ...) @@ -3991,8 +4074,7 @@ CVE-2020-27830 [Linux kernel NULL-ptr deref bug in spk_ttyio_receive_buf2] NOTE: https://git.kernel.org/linus/f0992098cadb4c9c6a00703b66cafe604e178fea CVE-2020-27829 RESERVED -CVE-2020-27828 [heap-based buffer overflow in cp_create function in libjasper/jpc/jpc_enc.c] - RESERVED +CVE-2020-27828 (There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Cr ...) - jasper <removed> NOTE: https://github.com/jasper-software/jasper/issues/252 NOTE: https://github.com/jasper-software/jasper/pull/253 @@ -4102,8 +4184,7 @@ CVE-2020-27788 RESERVED CVE-2020-27787 RESERVED -CVE-2020-27786 - RESERVED +CVE-2020-27786 (A flaw was found in the Linux kernels implementation of MIDI (kernel 5 ...) - linux 5.6.14-1 [buster] - linux 4.19.131-1 [stretch] - linux 4.9.228-1 @@ -7247,30 +7328,27 @@ CVE-2020-26419 RESERVED CVE-2020-26418 RESERVED -CVE-2020-26417 - RESERVED -CVE-2020-26416 - RESERVED -CVE-2020-26415 - RESERVED +CVE-2020-26417 (Information disclosure via GraphQL in GitLab CE/EE 13.1 and later expo ...) + TODO: check +CVE-2020-26416 (Information disclosure in Advanced Search component of GitLab EE start ...) + TODO: check +CVE-2020-26415 (Information about the starred projects for private user profiles was e ...) + TODO: check CVE-2020-26414 RESERVED -CVE-2020-26413 - RESERVED -CVE-2020-26412 - RESERVED -CVE-2020-26411 - RESERVED +CVE-2020-26413 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) + TODO: check +CVE-2020-26412 (Removed group members were able to use the To-Do functionality to retr ...) + TODO: check +CVE-2020-26411 (A potential DOS vulnerability was discovered in all versions of Gitlab ...) - gitlab 13.4.7-1 NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ CVE-2020-26410 RESERVED -CVE-2020-26409 - RESERVED +CVE-2020-26409 (A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>= ...) - gitlab 13.4.7-1 NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ -CVE-2020-26408 - RESERVED +CVE-2020-26408 (A limited information disclosure vulnerability exists in Gitlab CE/EE ...) - gitlab 13.4.7-1 NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ CVE-2020-26407 (A XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13 ...) @@ -7547,18 +7625,18 @@ CVE-2020-26273 RESERVED CVE-2020-26272 RESERVED -CVE-2020-26271 - RESERVED -CVE-2020-26270 - RESERVED -CVE-2020-26269 - RESERVED -CVE-2020-26268 - RESERVED -CVE-2020-26267 - RESERVED -CVE-2020-26266 - RESERVED +CVE-2020-26271 (In affected versions of TensorFlow under certain cases, loading a save ...) + TODO: check +CVE-2020-26270 (In affected versions of TensorFlow running an LSTM/GRU model where the ...) + TODO: check +CVE-2020-26269 (In TensorFlow release candidate versions 2.4.0rc*, the general impleme ...) + TODO: check +CVE-2020-26268 (In affected versions of TensorFlow the tf.raw_ops.ImmutableConst opera ...) + TODO: check +CVE-2020-26267 (In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute ...) + TODO: check +CVE-2020-26266 (In affected versions of TensorFlow under certain cases a saved model c ...) + TODO: check CVE-2020-26265 RESERVED CVE-2020-26264 @@ -7704,8 +7782,8 @@ CVE-2020-26203 RESERVED CVE-2020-26202 RESERVED -CVE-2020-26201 - RESERVED +CVE-2020-26201 (Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak pass ...) + TODO: check CVE-2020-26200 RESERVED CVE-2020-26199 @@ -8228,8 +8306,8 @@ CVE-2020-25969 RESERVED CVE-2020-25968 RESERVED -CVE-2020-25967 - RESERVED +CVE-2020-25967 (The member center function in fastadmin V1.0.0.20200506_beta is vulner ...) + TODO: check CVE-2020-25966 (** DISPUTED ** Sectona Spectra before 3.4.0 has a vulnerable SOAP API ...) NOT-FOR-US: Sectona Spectra CVE-2020-25965 @@ -8502,8 +8580,8 @@ CVE-2020-25840 RESERVED CVE-2020-25839 (NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected b ...) NOT-FOR-US: NetIQ Identity Manager -CVE-2020-25838 - RESERVED +CVE-2020-25838 (Unauthorized disclosure of sensitive information vulnerability in Micr ...) + TODO: check CVE-2020-25837 (Sensitive information disclosure vulnerability in Micro Focus Self Ser ...) NOT-FOR-US: Micro Focus CVE-2020-25836 @@ -10147,8 +10225,8 @@ CVE-2020-25193 RESERVED CVE-2020-25192 RESERVED -CVE-2020-25191 - RESERVED +CVE-2020-25191 (Incorrect permissions are set by default for an API entry-point of a s ...) + TODO: check CVE-2020-25190 RESERVED CVE-2020-25189 (The affected product is vulnerable to three stack-based buffer overflo ...) @@ -11341,16 +11419,16 @@ CVE-2020-24639 RESERVED CVE-2020-24638 RESERVED -CVE-2020-24637 - RESERVED +CVE-2020-24637 (Two vulnerabilities in ArubaOS GRUB2 implementation allows for an atta ...) + TODO: check CVE-2020-24636 RESERVED CVE-2020-24635 RESERVED -CVE-2020-24634 - RESERVED -CVE-2020-24633 - RESERVED +CVE-2020-24634 (An attacker is able to remotely inject arbitrary commands by sending e ...) + TODO: check +CVE-2020-24633 (There are multiple buffer overflow vulnerabilities that could lead to ...) + TODO: check CVE-2020-24632 (A remote execution of arbitrary commandss vulnerability was discovered ...) NOT-FOR-US: Aruba CVE-2020-24631 (A remote execution of arbitrary commands vulnerability was discovered ...) @@ -11764,8 +11842,8 @@ CVE-2020-24449 RESERVED CVE-2020-24448 RESERVED -CVE-2020-24447 - RESERVED +CVE-2020-24447 (Adobe Lightroom Classic version 10.0 (and earlier) for Windows is affe ...) + TODO: check CVE-2020-24446 RESERVED CVE-2020-24445 (AEM's Cloud Service offering, as well as versions 6.5.6.0 (and below), ...) @@ -11778,8 +11856,8 @@ CVE-2020-24442 (Adobe Connect version 11.0 (and earlier) is affected by a reflec NOT-FOR-US: Adobe CVE-2020-24441 (Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not ...) NOT-FOR-US: Adobe -CVE-2020-24440 - RESERVED +CVE-2020-24440 (Adobe Prelude version 9.0.1 (and earlier) is affected by an uncontroll ...) + TODO: check CVE-2020-24439 (Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 202 ...) NOT-FOR-US: Adobe CVE-2020-24438 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) @@ -21687,8 +21765,8 @@ CVE-2020-19529 RESERVED CVE-2020-19528 RESERVED -CVE-2020-19527 - RESERVED +CVE-2020-19527 (iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metac ...) + TODO: check CVE-2020-19526 RESERVED CVE-2020-19525 @@ -22457,8 +22535,8 @@ CVE-2020-19144 RESERVED CVE-2020-19143 RESERVED -CVE-2020-19142 - RESERVED +CVE-2020-19142 (iCMS 7 attackers to execute arbitrary OS commands via shell metacharac ...) + TODO: check CVE-2020-19141 RESERVED CVE-2020-19140 @@ -25687,8 +25765,7 @@ CVE-2020-17532 RESERVED CVE-2020-17531 (A Java Serialization vulnerability was found in Apache Tapestry 4. Apa ...) NOT-FOR-US: Apache Tapestry -CVE-2020-17530 - RESERVED +CVE-2020-17530 (Forced OGNL evaluation, when evaluated on raw user input in tag attrib ...) - libstruts1.2-java <not-affected> (Specific to 2.x) NOTE: https://cwiki.apache.org/confluence/display/WW/S2-061 CVE-2020-17529 (Out-of-bounds Write vulnerability in TCP Stack of Apache NuttX (incuba ...) @@ -27615,8 +27692,8 @@ CVE-2020-16610 (Hoosk Codeigniter CMS before 1.7.2 is affected by a Cross Site R NOT-FOR-US: Hoosk Codeigniter CMS CVE-2020-16609 RESERVED -CVE-2020-16608 - RESERVED +CVE-2020-16608 (Notable 1.8.4 allows XSS via crafted Markdown text, with resultant rem ...) + TODO: check CVE-2020-16607 RESERVED CVE-2020-16606 @@ -28549,7 +28626,7 @@ CVE-2020-16198 (Philips Clinical Collaboration Platform, Versions 12.2.1 and pri CVE-2020-16197 (An issue was discovered in Octopus Deploy 3.4. A deployment target can ...) NOT-FOR-US: Octopus Deploy CVE-2020-16196 - RESERVED + REJECTED CVE-2020-16195 RESERVED CVE-2020-16194 @@ -35345,8 +35422,8 @@ CVE-2020-13558 RESERVED CVE-2020-13557 RESERVED -CVE-2020-13556 - RESERVED +CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP server ...) + TODO: check CVE-2020-13555 RESERVED CVE-2020-13554 @@ -35401,16 +35478,16 @@ CVE-2020-13532 RESERVED CVE-2020-13531 (A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 pro ...) NOT-FOR-US: Pixar OpenUSD -CVE-2020-13530 - RESERVED +CVE-2020-13530 (A denial-of-service vulnerability exists in the Ethernet/IP server fun ...) + TODO: check CVE-2020-13529 RESERVED CVE-2020-13528 RESERVED CVE-2020-13527 RESERVED -CVE-2020-13526 - RESERVED +CVE-2020-13526 (SQL injection vulnerability exists in the handling of sort parameters ...) + TODO: check CVE-2020-13525 (The sort parameter in the download page /sysworkflow/en/neoclassic/rep ...) NOT-FOR-US: ProcessMaker CVE-2020-13524 (An out-of-bounds memory corruption vulnerability exists in the way Pix ...) @@ -35421,8 +35498,8 @@ CVE-2020-13522 (An exploitable arbitrary file delete vulnerability exists in Sof NOT-FOR-US: SoftPerfect CVE-2020-13521 REJECTED -CVE-2020-13520 - RESERVED +CVE-2020-13520 (An out of bounds memory corruption vulnerability exists in the way Pix ...) + TODO: check CVE-2020-13519 RESERVED CVE-2020-13518 @@ -35786,8 +35863,7 @@ CVE-2020-13359 (The Terraform API in GitLab CE/EE 12.10+ exposed the object stor CVE-2020-13358 (A vulnerability in the internal Kubernetes agent api in GitLab CE/EE v ...) - gitlab 13.3.9-1 NOTE: https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/ -CVE-2020-13357 - RESERVED +CVE-2020-13357 (An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13. ...) - gitlab 13.4.7-1 NOTE: https://about.gitlab.com/releases/2020/12/07/security-release-gitlab-13-6-2-released/ CVE-2020-13356 (An issue has been discovered in GitLab CE/EE affecting all versions st ...) @@ -37408,7 +37484,7 @@ CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...) NOT-FOR-US: iframe plugin for WordPress CVE-2020-12695 (The Open Connectivity Foundation UPnP specification before 2020-04-17 ...) - {DSA-4806-1 DLA-2318-1 DLA-2315-1} + {DSA-4806-1 DLA-2489-1 DLA-2318-1 DLA-2315-1} - wpa 2:2.9.0-16 (bug #976106) [buster] - wpa <no-dsa> (Minor issue) - gupnp 1.2.3-1 @@ -46005,8 +46081,8 @@ CVE-2020-9303 RESERVED CVE-2020-9302 RESERVED -CVE-2020-9301 - RESERVED +CVE-2020-9301 (Nolan Ray from Apple Information Security identified a security vulner ...) + TODO: check CVE-2020-9300 (The Access Control issues include allowing a regular user to view a re ...) NOT-FOR-US: Netflix dispatch CVE-2020-9299 (There were XSS vulnerabilities discovered and reported in the Dispatch ...) @@ -46836,8 +46912,8 @@ CVE-2020-8910 (A URL parsing issue in goog.uri of the Google Closure Library ver NOT-FOR-US: Google Closure Library CVE-2020-8909 RESERVED -CVE-2020-8908 - RESERVED +CVE-2020-8908 (A temp directory creation vulnerability exist in Guava versions prior ...) + TODO: check CVE-2020-8907 (A vulnerability in Google Cloud Platform's guest-oslogin versions betw ...) - google-compute-image-packages <unfixed> NOTE: https://cloud.google.com/compute/docs/security-bulletins#2020619 @@ -50061,8 +50137,8 @@ CVE-2020-7562 (A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Ser NOT-FOR-US: Modicon CVE-2020-7561 (A CWE-284: Improper Access Control vulnerability exists in Easergy T30 ...) NOT-FOR-US: Easergy -CVE-2020-7560 - RESERVED +CVE-2020-7560 (A CWE-123: Write-what-where Condition vulnerability exists in EcoStrux ...) + TODO: check CVE-2020-7559 (A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer ...) NOT-FOR-US: EcoStruxure Control Expert CVE-2020-7558 (A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition ...) @@ -50083,8 +50159,8 @@ CVE-2020-7551 (A CWE-119 Improper Restriction of Operations within the Bounds of NOT-FOR-US: IGSS Definition (Def.exe) CVE-2020-7550 (A CWE-119 Improper Restriction of Operations within the Bounds of a Me ...) NOT-FOR-US: IGSS Definition (Def.exe) -CVE-2020-7549 - RESERVED +CVE-2020-7549 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + TODO: check CVE-2020-7548 (A CWE-330 - Use of Insufficiently Random Values vulnerability exists i ...) NOT-FOR-US: Schneider CVE-2020-7547 (A CWE-284: Improper Access Control vulnerability exists in EcoStruxure ...) @@ -50095,24 +50171,24 @@ CVE-2020-7545 (A CWE-284:Improper Access Control vulnerability exists in EcoStru NOT-FOR-US: Schneider CVE-2020-7544 (A CWE-269 Improper Privilege Management vulnerability exists in EcoStr ...) NOT-FOR-US: EcoStruxure Operator Terminal Expert runtime -CVE-2020-7543 - RESERVED -CVE-2020-7542 - RESERVED -CVE-2020-7541 - RESERVED -CVE-2020-7540 - RESERVED -CVE-2020-7539 - RESERVED +CVE-2020-7543 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + TODO: check +CVE-2020-7542 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + TODO: check +CVE-2020-7541 (A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in ...) + TODO: check +CVE-2020-7540 (A CWE-306: Missing Authentication for Critical Function vulnerability ...) + TODO: check +CVE-2020-7539 (A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnera ...) + TODO: check CVE-2020-7538 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) NOT-FOR-US: EcoStruxure Control Expert -CVE-2020-7537 - RESERVED -CVE-2020-7536 - RESERVED -CVE-2020-7535 - RESERVED +CVE-2020-7537 (A CWE-754: Improper Check for Unusual or Exceptional Conditions vulner ...) + TODO: check +CVE-2020-7536 (A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnera ...) + TODO: check +CVE-2020-7535 (A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ...) + TODO: check CVE-2020-7534 RESERVED CVE-2020-7533 (A CWE-255: Credentials Management vulnerability exists in Web Server o ...) @@ -56560,8 +56636,8 @@ CVE-2020-4831 RESERVED CVE-2020-4830 RESERVED -CVE-2020-4829 - RESERVED +CVE-2020-4829 (IBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a v ...) + TODO: check CVE-2020-4828 RESERVED CVE-2020-4827 |