diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-03-10 20:10:18 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-03-10 20:10:18 +0000 |
commit | af04de5cbefc7c82dd5db43324b328c04a5d1f14 (patch) | |
tree | daf3eb0510facd4cec9ebf12cc57ca929e374775 /data | |
parent | 5d45c81ff4f1886b289176e7a8d4dfc1708c6069 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2012.list | 6 | ||||
-rw-r--r-- | data/CVE/2017.list | 4 | ||||
-rw-r--r-- | data/CVE/2018.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 114 | ||||
-rw-r--r-- | data/CVE/2020.list | 242 |
5 files changed, 282 insertions, 92 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 781cd2814c..36e2280875 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -13811,8 +13811,7 @@ CVE-2012-1098 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x b CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before 3.2.1 ...) {DSA-2443-1} - linux-2.6 3.2.10-1 (low) -CVE-2012-1096 - RESERVED +CVE-2012-1096 (NetworkManager 0.9 and earlier allows local users to use other users' ...) - network-manager <unfixed> (low; bug #684259) [buster] - network-manager <ignored> (Minor issue) [stretch] - network-manager <ignored> (Minor issue) @@ -13823,8 +13822,7 @@ CVE-2012-1096 CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or package ...) - osc <unfixed> (unimportant) NOTE: This is ultimately a bug in the respectice terminal emulations and not a vulnerability in osc -CVE-2012-1094 - RESERVED +CVE-2012-1094 (JBoss AS 7 prior to 7.1.1 and mod_cluster do not handle default hostna ...) - libapache2-mod-cluster <itp> (bug #731410) CVE-2012-1093 (The init script in the Debian x11-common package before 1:7.6+12 is vu ...) - xorg 1:7.6+12 (bug #661627) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 0b4614f67a..5e31e2d549 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -22317,8 +22317,8 @@ CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Ar NOT-FOR-US: Foxit Reader CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to i ...) NOT-FOR-US: Contao -CVE-2017-10992 - RESERVED +CVE-2017-10992 (In HPE Storage Essentials 9.5.0.142, there is Unauthenticated Java Des ...) + TODO: check CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the r ...) NOT-FOR-US: Wordpress plugin CVE-2017-10990 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 97fdaddf22..30fad3562c 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -6160,8 +6160,8 @@ CVE-2018-18896 RESERVED CVE-2018-18895 REJECTED -CVE-2018-18894 - RESERVED +CVE-2018-18894 (Certain older Lexmark devices (C, M, X, and 6500e before 2018-12-18) c ...) + TODO: check CVE-2018-18893 (Jinjava before 2.4.6 does not block the getClass method, related to co ...) NOT-FOR-US: Jinjava CVE-2018-18892 (MiniCMS 1.10 allows execution of arbitrary PHP code via the install.ph ...) @@ -17553,8 +17553,8 @@ CVE-2018-14504 (An issue was discovered in manage_filter_edit_page.php in Mantis NOTE: https://mantisbt.org/bugs/view.php?id=24608 CVE-2018-14503 (Cross-site scripting (XSS) vulnerability in intervalCheck.jsp in Corem ...) NOT-FOR-US: Coremail XT -CVE-2018-14502 - RESERVED +CVE-2018-14502 (controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 ...) + TODO: check CVE-2018-14501 (manager/admin_ajax.php in joyplus-cms 1.6.0 has SQL Injection, as demo ...) NOT-FOR-US: joyplus-cms CVE-2018-14500 (joyplus-cms 1.6.0 has XSS via the manager/collect/collect_vod_zhuiju.p ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index e8a4e5b9b0..56cafdbed4 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,5 @@ +CVE-2019-20509 (archive_read_support_format_lha.c in libarchive before 3.4.1 does not ...) + TODO: check CVE-2019-20508 RESERVED CVE-2019-20507 @@ -7164,8 +7166,8 @@ CVE-2019-17638 RESERVED CVE-2019-17637 RESERVED -CVE-2019-17636 - RESERVED +CVE-2019-17636 (In Eclipse Theia versions 0.3.9 through 0.15.0, one of the default pre ...) + TODO: check CVE-2019-17635 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a dese ...) NOT-FOR-US: Eclipse Memory Analyzer CVE-2019-17634 (Eclipse Memory Analyzer version 1.9.1 and earlier is subject to a cros ...) @@ -13675,8 +13677,8 @@ CVE-2019-15036 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCi NOT-FOR-US: JetBrains TeamCity CVE-2019-15035 (An issue was discovered in JetBrains TeamCity 2018.2.4. A TeamCity Pro ...) NOT-FOR-US: JetBrains TeamCity -CVE-2019-15034 - RESERVED +CVE-2019-15034 (hw/display/bochs-display.c in QEMU 4.0.0 does not ensure a sufficient ...) + TODO: check CVE-2019-15033 (Pydio 6.0.8 allows Authenticated SSRF during a Remote Link Feature dow ...) - ajaxplorer <itp> (bug #668381) CVE-2019-15032 (Pydio 6.0.8 mishandles error reporting when a directory allows unauthe ...) @@ -18074,8 +18076,8 @@ CVE-2019-13458 (An issue was discovered in Open Ticket Request System (OTRS) 7.0 NOTE: https://community.otrs.com/security-advisory-2019-12-security-update-for-otrs-framework/ NOTE: OTRS 6.0: https://github.com/OTRS/otrs/commit/69430f260d52e5a7afc185048da0cfc2eef2659a NOTE: OTRS 5.0: https://github.com/OTRS/otrs/commit/0e26066dfff8efff0039da13e29609ca7f00d9a2 -CVE-2019-13457 - RESERVED +CVE-2019-13457 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...) + TODO: check CVE-2019-13456 (In FreeRADIUS 3.0 through 3.0.19, on average 1 in every 2048 EAP-pwd h ...) - freeradius 3.0.17+dfsg-1.1 [stretch] - freeradius <no-dsa> (Minor issue; plugin not enabled by default) @@ -19006,8 +19008,7 @@ CVE-2019-13123 (Foxit Reader 9.6.0.25114 and earlier has two unique RecursiveCal NOT-FOR-US: Foxit Reader CVE-2019-13122 (A Cross Site Scripting (XSS) vulnerability exists in the template tag ...) NOT-FOR-US: Patchwork -CVE-2019-13121 [SSRF Vulnerability in Project GitHub Integration] - RESERVED +CVE-2019-13121 (An issue was discovered in GitLab Enterprise Edition 10.6 through 12.0 ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ @@ -19325,53 +19326,43 @@ CVE-2019-13014 (Little Snitch versions 4.4.0 fixes a vulnerability in a privileg NOT-FOR-US: Little Snitch CVE-2019-13013 (Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalatio ...) NOT-FOR-US: Little Snitch -CVE-2019-13011 [Merge Request Template Name Disclosure] - RESERVED +CVE-2019-13011 (An issue was discovered in GitLab Enterprise Edition 8.11.0 through 12 ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ -CVE-2019-13010 [Decoding Color Codes Caused Reseource Depletion] - RESERVED +CVE-2019-13010 (An issue was discovered in GitLab Enterprise Edition 8.3 through 12.0. ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ -CVE-2019-13009 [Broken Access Control for the Content of Personal Snippets] - RESERVED +CVE-2019-13009 (An issue was discovered in GitLab Community and Enterprise Edition 9.2 ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ CVE-2019-13008 RESERVED -CVE-2019-13007 [Enabling One of the Service Templates Could Cause Resource Depletion] - RESERVED +CVE-2019-13007 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab <not-affected> (Only affects 11.1 and later) NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ -CVE-2019-13006 [Number of Merge Requests was Accessible] - RESERVED +CVE-2019-13006 (An issue was discovered in GitLab Community and Enterprise Edition 9.0 ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ -CVE-2019-13005 [Authorization Issues in GraphQL] - RESERVED +CVE-2019-13005 (An issue was discovered in GitLab Enterprise Edition and Community Edi ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab <not-affected> (Only affects 11.10 and later) NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ -CVE-2019-13004 [Error Caused by Encoded Characters in Comments] - RESERVED +CVE-2019-13004 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab <not-affected> (Only affects 11.1 and later) NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ -CVE-2019-13003 [Resource Exhaustion Attack] - RESERVED +CVE-2019-13003 (An issue was discovered in GitLab Community and Enterprise Edition bef ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab <unfixed> NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ -CVE-2019-13002 [Recent Pipeline Information Disclosed to Unauthorised Users] - RESERVED +CVE-2019-13002 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab <not-affected> (Only affects 11.10 and later) NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ -CVE-2019-13001 [Ability to Write a Note to a Private Snippet] - RESERVED +CVE-2019-13001 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 11.10.8+dfsg-1 - gitlab <not-affected> (Only affects 11.9 and later) NOTE: https://about.gitlab.com/2019/07/03/security-release-gitlab-12-dot-0-dot-3-released/ @@ -20809,33 +20800,27 @@ CVE-2019-12447 (An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. dae [jessie] - gvfs <not-affected> (Vulnerable code introduced later) NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/daf1163aba229afcfddf0f925aef7e97047e8959 NOTE: https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d -CVE-2019-12446 [Repository Password Disclosed on Import Error Page] - RESERVED +CVE-2019-12446 (An issue was discovered in GitLab Community and Enterprise Edition 8.3 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12445 [Stored Cross-Site Scripting on Notes] - RESERVED +CVE-2019-12445 (An issue was discovered in GitLab Community and Enterprise Edition 8.4 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12444 [Stored Cross-Site Scripting on Wiki Pages] - RESERVED +CVE-2019-12444 (An issue was discovered in GitLab Community and Enterprise Edition 8.9 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12443 [Server-Side Request Forgery Through DNS Rebinding] - RESERVED +CVE-2019-12443 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12442 [Stored Cross-Site Scripting Vulnerability on Child Epics] - RESERVED +CVE-2019-12442 (An issue was discovered in GitLab Enterprise Edition 11.7 through 11.1 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12441 [Protected Branches Restriction Rules Bypass] - RESERVED +CVE-2019-12441 (An issue was discovered in GitLab Community and Enterprise Edition 8.4 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ @@ -20853,36 +20838,29 @@ CVE-2019-12435 (Samba 4.9.x before 4.9.9 and 4.10.x before 4.10.5 has a NULL poi [stretch] - samba <not-affected> (Only affects Samba since 4.9) [jessie] - samba <not-affected> (Only affects Samba since 4.9) NOTE: https://www.samba.org/samba/security/CVE-2019-12435.html -CVE-2019-12434 [Private Project Discovery via Comment Links] - RESERVED +CVE-2019-12434 (An issue was discovered in GitLab Community and Enterprise Edition 10. ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12433 [Internal Projects Allowed to Be Created on in Private Groups] - RESERVED +CVE-2019-12433 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12432 [Confidential Issue Titles Revealed to Restricted Users on Unsubscribe] - RESERVED +CVE-2019-12432 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12431 [Disclosure of Milestone Metadata through the Search API] - RESERVED +CVE-2019-12431 (An issue was discovered in GitLab Community and Enterprise Edition 8.1 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12430 [Remote Command Execution Vulnerability on Repository Download Feature] - RESERVED +CVE-2019-12430 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab <not-affected> (Only affects 11.11) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12429 [Metadata of Confidential Issues Disclosed to Restricted Users] - RESERVED +CVE-2019-12429 (An issue was discovered in GitLab Community and Enterprise Edition 11. ...) - gitlab <not-affected> (Only affects 11.9 and later) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12428 [Mandatory External Authentication Provider Sign-In Restrictions Bypass] - RESERVED +CVE-2019-12428 (An issue was discovered in GitLab Community and Enterprise Edition 6.8 ...) [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ @@ -23012,8 +22990,8 @@ CVE-2019-11688 RESERVED CVE-2019-11687 (An issue was discovered in the DICOM Part 10 File Format in the NEMA D ...) NOT-FOR-US: DICOM -CVE-2019-11686 - RESERVED +CVE-2019-11686 (Western Digital SanDisk X300, X300s, X400, and X600 devices: A vulnera ...) + TODO: check CVE-2019-11685 RESERVED CVE-2019-11684 @@ -23874,8 +23852,8 @@ CVE-2019-11555 (The EAP-pwd implementation in hostapd (EAP server) before 2.8 an NOTE: Patches: https://w1.fi/security/2019-5/ CVE-2019-11346 RESERVED -CVE-2019-11345 - RESERVED +CVE-2019-11345 (Citrix SD-WAN Center 10.2.x before 10.2.1 and NetScaler SD-WAN Center ...) + TODO: check CVE-2019-11344 (data/inc/files.php in Pluck 4.7.8 allows remote attackers to execute a ...) NOT-FOR-US: Pluck CMS CVE-2019-11343 @@ -25711,10 +25689,10 @@ CVE-2019-10708 (S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=un NOT-FOR-US: S-CMS PHP CVE-2019-10707 (MKCMS V5.0 has SQL injection via the bplay.php play parameter. ...) NOT-FOR-US: MKCMS -CVE-2019-10706 - RESERVED -CVE-2019-10705 - RESERVED +CVE-2019-10706 (Western Digital SanDisk SanDisk X300, X300s, X400, and X600 devices: T ...) + TODO: check +CVE-2019-10705 (Western Digital SanDisk X600 devices in certain configurations, a vuln ...) + TODO: check CVE-2019-10704 RESERVED CVE-2019-10703 @@ -27406,8 +27384,8 @@ CVE-2019-10066 (An issue was discovered in Open Ticket Request System (OTRS) 7.x [jessie] - otrs2 <not-affected> (vulnerable code is not present) NOTE: OTRS 6: https://github.com/OTRS/otrs/commit/b99cad21f2dd1c2d52299424a589b0b2f20d7ba8 NOTE: https://community.otrs.com/security-advisory-2019-06-security-update-for-otrs-framework/ -CVE-2019-10065 - RESERVED +CVE-2019-10065 (An issue was discovered in Open Ticket Request System (OTRS) 7.0 throu ...) + TODO: check CVE-2019-10064 (hostapd before 2.6, in EAP mode, makes calls to the rand() and random( ...) - wpa 2:2.6-7 NOTE: https://www.openwall.com/lists/oss-security/2020/02/27/1 @@ -28763,8 +28741,8 @@ CVE-2019-9861 (Due to the use of an insecure RFID technology (MIFARE Classic), A NOT-FOR-US: ABUS CVE-2019-9860 (Due to unencrypted signal communication and predictability of rolling ...) NOT-FOR-US: ABUS -CVE-2019-9859 - RESERVED +CVE-2019-9859 (Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to ...) + TODO: check CVE-2019-9858 (Remote code execution was discovered in Horde Groupware Webmail 5.2.22 ...) {DSA-4468-1 DLA-1822-1} - php-horde-form 2.0.18-3.1 (bug #930321) @@ -41868,8 +41846,8 @@ CVE-2019-4610 RESERVED CVE-2019-4609 (IBM API Connect 2018.4.1.7 uses weaker than expected cryptographic alg ...) NOT-FOR-US: IBM -CVE-2019-4608 - RESERVED +CVE-2019-4608 (IBM Tivoli Workload Scheduler 9.3 is vulnerable to cross-site scriptin ...) + TODO: check CVE-2019-4607 RESERVED CVE-2019-4606 (IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 could allow a ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index cf4442c5d6..a114c17ae5 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,217 @@ +CVE-2020-10370 + RESERVED +CVE-2020-10369 + RESERVED +CVE-2020-10368 + RESERVED +CVE-2020-10367 + RESERVED +CVE-2020-10366 + RESERVED +CVE-2020-10365 + RESERVED +CVE-2020-10364 + RESERVED +CVE-2020-10363 + RESERVED +CVE-2020-10362 + RESERVED +CVE-2020-10361 + RESERVED +CVE-2020-10360 + RESERVED +CVE-2020-10359 + RESERVED +CVE-2020-10358 + RESERVED +CVE-2020-10357 + RESERVED +CVE-2020-10356 + RESERVED +CVE-2020-10355 + RESERVED +CVE-2020-10354 + RESERVED +CVE-2020-10353 + RESERVED +CVE-2020-10352 + RESERVED +CVE-2020-10351 + RESERVED +CVE-2020-10350 + RESERVED +CVE-2020-10349 + RESERVED +CVE-2020-10348 + RESERVED +CVE-2020-10347 + RESERVED +CVE-2020-10346 + RESERVED +CVE-2020-10345 + RESERVED +CVE-2020-10344 + RESERVED +CVE-2020-10343 + RESERVED +CVE-2020-10342 + RESERVED +CVE-2020-10341 + RESERVED +CVE-2020-10340 + RESERVED +CVE-2020-10339 + RESERVED +CVE-2020-10338 + RESERVED +CVE-2020-10337 + RESERVED +CVE-2020-10336 + RESERVED +CVE-2020-10335 + RESERVED +CVE-2020-10334 + RESERVED +CVE-2020-10333 + RESERVED +CVE-2020-10332 + RESERVED +CVE-2020-10331 + RESERVED +CVE-2020-10330 + RESERVED +CVE-2020-10329 + RESERVED +CVE-2020-10328 + RESERVED +CVE-2020-10327 + RESERVED +CVE-2020-10326 + RESERVED +CVE-2020-10325 + RESERVED +CVE-2020-10324 + RESERVED +CVE-2020-10323 + RESERVED +CVE-2020-10322 + RESERVED +CVE-2020-10321 + RESERVED +CVE-2020-10320 + RESERVED +CVE-2020-10319 + RESERVED +CVE-2020-10318 + RESERVED +CVE-2020-10317 + RESERVED +CVE-2020-10316 + RESERVED +CVE-2020-10315 + RESERVED +CVE-2020-10314 + RESERVED +CVE-2020-10313 + RESERVED +CVE-2020-10312 + RESERVED +CVE-2020-10311 + RESERVED +CVE-2020-10310 + RESERVED +CVE-2020-10309 + RESERVED +CVE-2020-10308 + RESERVED +CVE-2020-10307 + RESERVED +CVE-2020-10306 + RESERVED +CVE-2020-10305 + RESERVED +CVE-2020-10304 + RESERVED +CVE-2020-10303 + RESERVED +CVE-2020-10302 + RESERVED +CVE-2020-10301 + RESERVED +CVE-2020-10300 + RESERVED +CVE-2020-10299 + RESERVED +CVE-2020-10298 + RESERVED +CVE-2020-10297 + RESERVED +CVE-2020-10296 + RESERVED +CVE-2020-10295 + RESERVED +CVE-2020-10294 + RESERVED +CVE-2020-10293 + RESERVED +CVE-2020-10292 + RESERVED +CVE-2020-10291 + RESERVED +CVE-2020-10290 + RESERVED +CVE-2020-10289 + RESERVED +CVE-2020-10288 + RESERVED +CVE-2020-10287 + RESERVED +CVE-2020-10286 + RESERVED +CVE-2020-10285 + RESERVED +CVE-2020-10284 + RESERVED +CVE-2020-10283 + RESERVED +CVE-2020-10282 + RESERVED +CVE-2020-10281 + RESERVED +CVE-2020-10280 + RESERVED +CVE-2020-10279 + RESERVED +CVE-2020-10278 + RESERVED +CVE-2020-10277 + RESERVED +CVE-2020-10276 + RESERVED +CVE-2020-10275 + RESERVED +CVE-2020-10274 + RESERVED +CVE-2020-10273 + RESERVED +CVE-2020-10272 + RESERVED +CVE-2020-10271 + RESERVED +CVE-2020-10270 + RESERVED +CVE-2020-10269 + RESERVED +CVE-2020-10268 + RESERVED +CVE-2020-10267 + RESERVED +CVE-2020-10266 + RESERVED +CVE-2020-10265 + RESERVED +CVE-2020-10264 + RESERVED CVE-2020-10263 RESERVED CVE-2020-10262 @@ -14,8 +228,8 @@ CVE-2020-10257 (The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks NOT-FOR-US: ThemeREX Addons plugin for WordPress CVE-2020-10256 RESERVED -CVE-2020-10255 - RESERVED +CVE-2020-10255 (Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulne ...) + TODO: check CVE-2020-10254 RESERVED CVE-2020-10253 @@ -1685,8 +1899,8 @@ CVE-2020-9442 (OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for NOT-FOR-US: OpenVPN Connect on Windows CVE-2020-9441 RESERVED -CVE-2020-9440 - RESERVED +CVE-2020-9440 (A cross-site scripting (XSS) vulnerability in the WSC plugin through 5 ...) + TODO: check CVE-2020-9439 RESERVED CVE-2020-9438 @@ -10629,20 +10843,20 @@ CVE-2020-5261 RESERVED CVE-2020-5260 RESERVED -CVE-2020-5259 - RESERVED -CVE-2020-5258 - RESERVED +CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...) + TODO: check +CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...) + TODO: check CVE-2020-5257 RESERVED CVE-2020-5256 (BookStack before version 0.25.5 has a vulnerability where a user could ...) TODO: check CVE-2020-5255 RESERVED -CVE-2020-5254 - RESERVED -CVE-2020-5253 - RESERVED +CVE-2020-5254 (In NetHack before 3.6.6, some out-of-bound values for the hilite_statu ...) + TODO: check +CVE-2020-5253 (NetHack before version 3.6.0 allowed malicious use of escaping of char ...) + TODO: check CVE-2020-5252 RESERVED CVE-2020-5251 (In parser-server before version 4.1.0, you can fetch all the users obj ...) @@ -12885,8 +13099,8 @@ CVE-2020-4164 RESERVED CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under special ...) NOT-FOR-US: IBM -CVE-2020-4162 - RESERVED +CVE-2020-4162 (IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to cross ...) + TODO: check CVE-2020-4161 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) NOT-FOR-US: IBM CVE-2020-4160 |