diff options
Diffstat (limited to 'data/CVE/2020.list')
| -rw-r--r-- | data/CVE/2020.list | 95 |
1 files changed, 50 insertions, 45 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 65725966d5..2011724d01 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,5 @@ +CVE-2020-36255 (An issue was discovered in IdentityModel (aka ScottBrady.IdentityModel ...) + NOT-FOR-US: ScottBrady.IdentityModel CVE-2020-35358 RESERVED CVE-2020-36254 (scp.c in Dropbear before 2020.79 mishandles the filename of . or an em ...) @@ -1475,8 +1477,8 @@ CVE-2020-35638 RESERVED CVE-2020-35637 RESERVED -CVE-2020-35636 - RESERVED +CVE-2020-35636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) + TODO: check CVE-2020-35635 RESERVED CVE-2020-35634 @@ -1491,8 +1493,8 @@ CVE-2020-35630 RESERVED CVE-2020-35629 RESERVED -CVE-2020-35628 - RESERVED +CVE-2020-35628 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) + TODO: check CVE-2020-35627 (Ultimate WooCommerce Gift Cards 3.0.2 is affected by a file upload vul ...) NOT-FOR-US: Ultimate WooCommerce Gift Cards CVE-2020-35626 (An issue was discovered in the PushToWatch extension for MediaWiki thr ...) @@ -1801,7 +1803,7 @@ CVE-2020-35507 (There's a flaw in bfd_pef_parse_function_stubs of bfd/pef.c in b CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c] RESERVED - qemu <unfixed> (bug #984454) - [bullseye] - qemu <postponed> (Minor issue) + [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream) [buster] - qemu <postponed> (Fix along in future DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909996 @@ -1809,7 +1811,7 @@ CVE-2020-35506 [use after free vulnerability in esp_do_dma() in hw/scsi/esp.c] CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c] RESERVED - qemu <unfixed> (bug #984455) - [bullseye] - qemu <postponed> (Minor issue) + [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream) [buster] - qemu <postponed> (Fix along in future DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909769 @@ -1817,11 +1819,12 @@ CVE-2020-35505 [NULL pointer dereference in do_busid_cmd() in hw/scsi/esp.c] CVE-2020-35504 [NULL pointer dereference in scsi_req_continue() in hw/scsi/scsi-bus.c] RESERVED - qemu <unfixed> (bug #979679) - [bullseye] - qemu <postponed> (Minor issue) + [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream) [buster] - qemu <postponed> (Fix along in future DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1909766 NOTE: https://bugs.launchpad.net/qemu/+bug/1910723 (reproducer) + NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-12/msg06065.html CVE-2020-35503 [QEMU: NULL pointer dereference issue in megasas-gen2 host bus adapter] RESERVED - qemu <unfixed> (bug #979678) @@ -2262,12 +2265,12 @@ CVE-2020-35331 RESERVED CVE-2020-35330 RESERVED -CVE-2020-35329 - RESERVED -CVE-2020-35328 - RESERVED -CVE-2020-35327 - RESERVED +CVE-2020-35329 (Courier Management System 1.0 1.0 is affected by SQL Injection via 'MU ...) + NOT-FOR-US: Courier Management System +CVE-2020-35328 (Courier Management System 1.0 - 'First Name' Stored XSS ...) + NOT-FOR-US: Courier Management System +CVE-2020-35327 (SQL injection vulnerability was discovered in Courier Management Syste ...) + NOT-FOR-US: Courier Management System CVE-2020-35326 RESERVED CVE-2020-35325 @@ -5165,8 +5168,8 @@ CVE-2020-28638 (ask_password in Tomb 2.0 through 2.7 returns a warning when pine NOTE: https://github.com/dyne/Tomb/issues/392 CVE-2020-28637 RESERVED -CVE-2020-28636 - RESERVED +CVE-2020-28636 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) + TODO: check CVE-2020-28635 RESERVED CVE-2020-28634 @@ -5235,8 +5238,8 @@ CVE-2020-28603 RESERVED CVE-2020-28602 RESERVED -CVE-2020-28601 - RESERVED +CVE-2020-28601 (A code execution vulnerability exists in the Nef polygon-parsing funct ...) + TODO: check CVE-2020-28600 RESERVED CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import_stl.c ...) @@ -5248,7 +5251,7 @@ CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import CVE-2020-28598 RESERVED CVE-2020-28597 (A predictable seed vulnerability exists in the password reset function ...) - TODO: check + NOT-FOR-US: Epignosis EfrontPro CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...) NOT-FOR-US: PrusaSlicer CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() ...) @@ -11861,18 +11864,21 @@ CVE-2020-25744 (SaferVPN before 5.0.3.3 on Windows could allow low-privileged us NOT-FOR-US: SaferVPN CVE-2020-25743 (hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereferen ...) - qemu <unfixed> (bug #970940) + [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream) [buster] - qemu <postponed> (Fix along in next qemu DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg01568.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Fide_nullptr1 CVE-2020-25742 (pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL p ...) - qemu <unfixed> (bug #971390) + [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream) [buster] - qemu <postponed> (Fix along in next qemu DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg05294.html NOTE: https://ruhr-uni-bochum.sciebo.de/s/NNWP2GfwzYKeKwE?path=%2Flsi_nullptr1 CVE-2020-25741 (fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer d ...) - qemu <unfixed> (bug #970939) + [bullseye] - qemu <postponed> (Minor issue, revisit when fixed upstream) [buster] - qemu <postponed> (Fix along in next qemu DSA) [stretch] - qemu <postponed> (Fix along in future DLA) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-09/msg07779.html @@ -12278,8 +12284,7 @@ CVE-2020-25641 (A flaw was found in the Linux kernel's implementation of biovecs NOTE: https://git.kernel.org/linus/7e24969022cbd61ddc586f14824fc205661bb124 CVE-2020-25640 (A flaw was discovered in WildFly before 21.0.0.Final where, Resource a ...) - wildfly <itp> (bug #752018) -CVE-2020-25639 [NULL pointer dereference via nouveau ioctl can lead to DoS] - RESERVED +CVE-2020-25639 (A NULL pointer dereference flaw was found in the Linux kernel’s ...) - linux 5.10.19-1 [buster] - linux <not-affected> (Vulnerable code introduced later) [stretch] - linux <not-affected> (Vulnerable code introduced later) @@ -13911,12 +13916,12 @@ CVE-2020-24916 (CGI implementation in Yaws web server versions 1.81 to 2.0.7 is NOTE: https://github.com/vulnbe/poc-yaws-cgi-shell-injection CVE-2020-24915 RESERVED -CVE-2020-24914 - RESERVED -CVE-2020-24913 - RESERVED -CVE-2020-24912 - RESERVED +CVE-2020-24914 (A PHP object injection bug in profile.php in qcubed (all versions incl ...) + TODO: check +CVE-2020-24913 (A SQL injection vulnerability in qcubed (all versions including 3.1.1) ...) + TODO: check +CVE-2020-24912 (A reflected cross-site scripting (XSS) vulnerability in qcubed (all ve ...) + TODO: check CVE-2020-24911 RESERVED CVE-2020-24910 @@ -15832,8 +15837,8 @@ CVE-2020-24038 RESERVED CVE-2020-24037 RESERVED -CVE-2020-24036 - RESERVED +CVE-2020-24036 (PHP object injection in the Ajax endpoint of the backend in ForkCMS be ...) + NOT-FOR-US: ForkCMS CVE-2020-24035 RESERVED CVE-2020-24034 (Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecu ...) @@ -32532,10 +32537,10 @@ CVE-2020-15940 RESERVED CVE-2020-15939 RESERVED -CVE-2020-15938 - RESERVED +CVE-2020-15938 (When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the ...) + NOT-FOR-US: FortiGate FortiGuard CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate version ...) - TODO: check + NOT-FOR-US: FortiGate FortiGuard CVE-2020-15936 RESERVED CVE-2020-15935 @@ -51692,8 +51697,8 @@ CVE-2020-8300 RESERVED CVE-2020-8299 RESERVED -CVE-2020-8298 - RESERVED +CVE-2020-8298 (fs-path node module before 0.0.25 is vulnerable to command injection b ...) + TODO: check CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...) NOT-FOR-US: Nextcloud Deck CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...) @@ -59428,8 +59433,8 @@ CVE-2020-5150 RESERVED CVE-2020-5149 RESERVED -CVE-2020-5148 - RESERVED +CVE-2020-5148 (SonicWall SSO-agent default configuration uses NetAPI to probe the ass ...) + TODO: check CVE-2020-5147 (SonicWall NetExtender Windows client vulnerable to unquoted service pa ...) NOT-FOR-US: SonicWall CVE-2020-5146 (A vulnerability in SonicWall SMA100 appliance allow an authenticated m ...) @@ -59774,8 +59779,8 @@ CVE-2020-4977 RESERVED CVE-2020-4976 RESERVED -CVE-2020-4975 - RESERVED +CVE-2020-4975 (IBM Engineering products are vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM CVE-2020-4974 RESERVED CVE-2020-4973 @@ -59992,14 +59997,14 @@ CVE-2020-4868 RESERVED CVE-2020-4867 RESERVED -CVE-2020-4866 - RESERVED +CVE-2020-4866 (IBM Engineering products are vulnerable to cross-site scripting. This ...) + NOT-FOR-US: IBM CVE-2020-4865 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2020-4864 (IBM Resilient SOAR V38.0 could allow an attacker on the internal net w ...) NOT-FOR-US: IBM -CVE-2020-4863 - RESERVED +CVE-2020-4863 (IBM Engineering products are vulnerable to stored cross-site scripting ...) + NOT-FOR-US: IBM CVE-2020-4862 RESERVED CVE-2020-4861 @@ -60010,10 +60015,10 @@ CVE-2020-4859 RESERVED CVE-2020-4858 RESERVED -CVE-2020-4857 - RESERVED -CVE-2020-4856 - RESERVED +CVE-2020-4857 (IBM Engineering products are vulnerable to stored cross-site scripting ...) + NOT-FOR-US: IBM +CVE-2020-4856 (IBM Engineering products are vulnerable to stored cross-site scripting ...) + NOT-FOR-US: IBM CVE-2020-4855 (IBM Jazz Foundation products is vulnerable to cross-site scripting. Th ...) NOT-FOR-US: IBM CVE-2020-4854 (IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded cr ...) |