From 6cd1aac95bc38e5b6a166f80fd3d341a4eeb46db Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 23 Sep 2020 20:10:28 +0000 Subject: automatic update --- data/CVE/2020.list | 142 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 90 insertions(+), 52 deletions(-) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 842b92cf94..6ff2d8221a 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,51 @@ +CVE-2020-25850 + RESERVED +CVE-2020-25849 + RESERVED +CVE-2020-25848 + RESERVED +CVE-2020-25847 + RESERVED +CVE-2020-25846 + RESERVED +CVE-2020-25845 + RESERVED +CVE-2020-25844 + RESERVED +CVE-2020-25843 + RESERVED +CVE-2020-25842 + RESERVED +CVE-2020-25841 + RESERVED +CVE-2020-25840 + RESERVED +CVE-2020-25839 + RESERVED +CVE-2020-25838 + RESERVED +CVE-2020-25837 + RESERVED +CVE-2020-25836 + RESERVED +CVE-2020-25835 + RESERVED +CVE-2020-25834 + RESERVED +CVE-2020-25833 + RESERVED +CVE-2020-25832 + RESERVED +CVE-2020-25831 + RESERVED +CVE-2020-25830 + RESERVED +CVE-2020-25829 + RESERVED +CVE-2020-25828 + RESERVED +CVE-2020-25827 + RESERVED CVE-2020-25826 (PingID Integration for Windows Login before 2.4.2 allows local users t ...) NOT-FOR-US: PingID Integration for Windows Login CVE-2020-25825 @@ -191,8 +239,8 @@ CVE-2020-25741 RESERVED CVE-2020-25740 RESERVED -CVE-2020-25739 - RESERVED +CVE-2020-25739 (An issue was discovered in the gon gem before gon-6.4.0 for Ruby. Mult ...) + TODO: check CVE-2020-25738 RESERVED CVE-2020-25737 @@ -2580,12 +2628,12 @@ CVE-2020-24628 RESERVED CVE-2020-24627 RESERVED -CVE-2020-24626 - RESERVED -CVE-2020-24625 - RESERVED -CVE-2020-24624 - RESERVED +CVE-2020-24626 (Unathenticated directory traversal in the ReceiverServlet class doPost ...) + TODO: check +CVE-2020-24625 (Unathenticated directory traversal in the ReceiverServlet class doGet( ...) + TODO: check +CVE-2020-24624 (Unathenticated directory traversal in the DownloadServlet class execut ...) + TODO: check CVE-2020-24623 (A potential security vulnerability has been identified in Hewlett Pack ...) NOT-FOR-US: Hewlett Packard Enterprise Universal API Framework CVE-2020-24622 (In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed b ...) @@ -3492,8 +3540,8 @@ CVE-2020-24215 RESERVED CVE-2020-24214 RESERVED -CVE-2020-24213 - RESERVED +CVE-2020-24213 (An integer overflow was discovered in YGOPro ygocore v13.51. Attackers ...) + TODO: check CVE-2020-24212 REJECTED CVE-2020-24211 @@ -19574,16 +19622,16 @@ CVE-2020-16246 RESERVED CVE-2020-16245 (Advantech iView, Versions 5.7 and prior. The affected product is vulne ...) NOT-FOR-US: Advantech -CVE-2020-16244 - RESERVED +CVE-2020-16244 (GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for h ...) + TODO: check CVE-2020-16243 RESERVED CVE-2020-16242 RESERVED CVE-2020-16241 (Philips SureSigns VS4, A.07.107 and prior. The software does not restr ...) NOT-FOR-US: Philips SureSigns -CVE-2020-16240 - RESERVED +CVE-2020-16240 (GE Digital APM Classic, Versions 4.4 and prior. An insecure direct obj ...) + TODO: check CVE-2020-16239 (Philips SureSigns VS4, A.07.107 and prior. When an actor claims to hav ...) NOT-FOR-US: Philips SureSigns CVE-2020-16238 @@ -23969,8 +24017,8 @@ CVE-2020-14372 CVE-2020-14371 RESERVED NOT-FOR-US: Red Hat Satellite -CVE-2020-14370 - RESERVED +CVE-2020-14370 (An information disclosure vulnerability was found in containers/podman ...) + TODO: check CVE-2020-14369 RESERVED NOT-FOR-US: Red Hat CloudForm @@ -23987,8 +24035,7 @@ CVE-2020-14367 (A flaw was found in chrony versions before 3.5.1 when creating t NOTE: additionally mitigating the issue. Earlier versions used /var/run/chronyd.pid. CVE-2020-14366 RESERVED -CVE-2020-14365 [dnf module install packages with no GPG signature] - RESERVED +CVE-2020-14365 (A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before ...) - ansible NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1869154 CVE-2020-14364 (An out-of-bounds read/write access flaw was found in the USB emulator ...) @@ -32341,8 +32388,8 @@ CVE-2020-11032 (In GLPI before version 9.4.6, there is a SQL injection vulnerabi - glpi (unimportant) NOTE: https://github.com/glpi-project/glpi/security/advisories/GHSA-344w-34h9-wwhh NOTE: Only supported behind an authenticated HTTP zone -CVE-2020-11031 - RESERVED +CVE-2020-11031 (In GLPI before version 9.5.0, the encryption algorithm used is insecur ...) + TODO: check CVE-2020-11030 (In affected versions of WordPress, a special payload can be crafted th ...) - wordpress 5.4.1+dfsg1-1 (bug #959391) [buster] - wordpress (Vulnerable code not present) @@ -33326,8 +33373,7 @@ CVE-2020-10716 NOT-FOR-US: tfm-rubygem-foreman_ansible / Red Hat Satellite's Job Invocation CVE-2020-10715 (A content spoofing vulnerability was found in the openshift/console 3. ...) NOT-FOR-US: Openshift Web Console -CVE-2020-10714 - RESERVED +CVE-2020-10714 (A flaw was found in WildFly Elytron version 1.11.3.Final and before. W ...) NOT-FOR-US: WildFly Elytron CVE-2020-10713 (A flaw was found in grub2, prior to version 2.06. An attacker may use ...) {DSA-4735-1} @@ -33448,8 +33494,7 @@ CVE-2020-10688 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1814974 NOTE: https://github.com/quarkusio/quarkus/issues/7248 NOTE: https://issues.redhat.com/browse/RESTEASY-2519 (restricted) -CVE-2020-10687 - RESERVED +CVE-2020-10687 (A flaw was discovered in all versions of Undertow before Undertow 2.2. ...) - undertow 2.2.0-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1785049 NOTE: https://issues.jboss.org/browse/UNDERTOW-1780 @@ -41544,10 +41589,10 @@ CVE-2020-7124 RESERVED CVE-2020-7123 RESERVED -CVE-2020-7122 - RESERVED -CVE-2020-7121 - RESERVED +CVE-2020-7122 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...) + TODO: check +CVE-2020-7121 (Two memory corruption vulnerabilities in the Aruba CX Switches Series ...) + TODO: check CVE-2020-7120 RESERVED CVE-2020-7119 (A vulnerability exists in the Aruba Analytics and Location Engine (ALE ...) @@ -44998,12 +45043,12 @@ CVE-2020-5785 RESERVED CVE-2020-5784 RESERVED -CVE-2020-5783 - RESERVED -CVE-2020-5782 - RESERVED -CVE-2020-5781 - RESERVED +CVE-2020-5783 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does n ...) + TODO: check +CVE-2020-5782 (In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ...) + TODO: check +CVE-2020-5781 (In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is ...) + TODO: check CVE-2020-5780 (Missing Authentication for Critical Function in Icegram Email Subscrib ...) NOT-FOR-US: Icegram Email Subscribers & Newsletters Plugin for WordPress CVE-2020-5779 (A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates t ...) @@ -48059,8 +48104,8 @@ CVE-2020-4342 (IBM Security Secret Server 10.7 could disclose sensitive informat NOT-FOR-US: IBM CVE-2020-4341 (IBM Security Secret Server 10.7 could allow a remote attacker to obtai ...) NOT-FOR-US: IBM -CVE-2020-4340 - RESERVED +CVE-2020-4340 (IBM Security Secret Server prior to 10.9 could allow an attacker to by ...) + TODO: check CVE-2020-4339 RESERVED CVE-2020-4338 (IBM MQ 9.1.4 could allow a local attacker to obtain sensitive informat ...) @@ -48091,8 +48136,8 @@ CVE-2020-4326 RESERVED CVE-2020-4325 (The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0 ...) NOT-FOR-US: IBM -CVE-2020-4324 - RESERVED +CVE-2020-4324 (IBM Security Secret Server proir to 10.9 could allow a remote attacker ...) + TODO: check CVE-2020-4323 (IBM Security Secret Server 10.7 is vulnerable to cross-site scripting. ...) NOT-FOR-US: IBM CVE-2020-4322 (IBM Security Secret Server 10.7 could allow a remote attacker to hijac ...) @@ -52495,26 +52540,19 @@ CVE-2020-2287 RESERVED CVE-2020-2286 RESERVED -CVE-2020-2285 - RESERVED +CVE-2020-2285 (A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 an ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2284 - RESERVED +CVE-2020-2284 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure i ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2283 - RESERVED +CVE-2020-2283 (Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape chan ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2282 - RESERVED +CVE-2020-2282 (Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permi ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2281 - RESERVED +CVE-2020-2281 (A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2280 - RESERVED +CVE-2020-2280 (A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2279 - RESERVED +CVE-2020-2279 (A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 ...) NOT-FOR-US: Jenkins plugin CVE-2020-2278 (Jenkins Storable Configs Plugin 1.0 and earlier does not restrict the ...) NOT-FOR-US: Jenkins plugin -- cgit v1.2.3