From 23e05ed44f6ea42a79951ed5e735d251924aa0b1 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 3 Mar 2021 20:10:23 +0000 Subject: automatic update --- data/CVE/2020.list | 48 +++++++++++++++++++++--------------------------- 1 file changed, 21 insertions(+), 27 deletions(-) (limited to 'data/CVE/2020.list') diff --git a/data/CVE/2020.list b/data/CVE/2020.list index a495507422..9fff9c90ac 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -493,7 +493,7 @@ CVE-2020-36081 RESERVED CVE-2020-36080 RESERVED -CVE-2020-36079 (Zenphoto through 1.5.7 is affected by authenticated arbitrary file upl ...) +CVE-2020-36079 (** DISPUTED ** Zenphoto through 1.5.7 is affected by authenticated arb ...) NOT-FOR-US: Zenphoto CVE-2020-36078 RESERVED @@ -2328,8 +2328,8 @@ CVE-2020-35298 RESERVED CVE-2020-35297 RESERVED -CVE-2020-35296 - RESERVED +CVE-2020-35296 (ThinkAdmin v6 has default administrator credentials, which allows atta ...) + TODO: check CVE-2020-35295 RESERVED CVE-2020-35294 @@ -4224,8 +4224,8 @@ CVE-2020-29049 RESERVED CVE-2020-29048 RESERVED -CVE-2020-29047 - RESERVED +CVE-2020-29047 (The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote ...) + TODO: check CVE-2020-29046 RESERVED CVE-2020-29045 @@ -5247,8 +5247,8 @@ CVE-2020-28599 (A stack-based buffer overflow vulnerability exists in the import NOTE: https://github.com/openscad/openscad/commit/07ea60f82e94a155f4926f17fad8e8366bc74874 CVE-2020-28598 RESERVED -CVE-2020-28597 - RESERVED +CVE-2020-28597 (A predictable seed vulnerability exists in the password reset function ...) + TODO: check CVE-2020-28596 (A stack-based buffer overflow vulnerability exists in the Objparser::o ...) NOT-FOR-US: PrusaSlicer CVE-2020-28595 (An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() ...) @@ -5259,8 +5259,8 @@ CVE-2020-28593 RESERVED CVE-2020-28592 RESERVED -CVE-2020-28591 - RESERVED +CVE-2020-28591 (An out-of-bounds read vulnerability exists in the AMF File AMFParserCo ...) + TODO: check CVE-2020-28590 RESERVED CVE-2020-28589 @@ -7144,8 +7144,7 @@ CVE-2020-27780 (A flaw was found in Linux-Pam in versions prior to 1.5.1 in the NOTE: https://github.com/linux-pam/linux-pam/issues/284 NOTE: Introduced by: https://github.com/linux-pam/linux-pam/commit/af0faf666c5008e54dfe43684f210e3581ff1bca (v1.5.0) NOTE: Fixed by: https://github.com/linux-pam/linux-pam/commit/30fdfb90d9864bcc254a62760aaa149d373fd4eb -CVE-2020-27779 - RESERVED +CVE-2020-27779 (A flaw was found in grub2 in versions prior to 2.06. The cutmem comman ...) {DSA-4867-1} - grub2 2.04-16 CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...) @@ -7346,8 +7345,7 @@ CVE-2020-27750 (A flaw was found in ImageMagick in MagickCore/colorspace-private NOTE: https://github.com/ImageMagick/ImageMagick/issues/1711 NOTE: ImageMagick: https://github.com/ImageMagick/ImageMagick/commit/a81ca9a1b46a96be83682af3389f0a6f3d0d389d NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c7038e710ad0204d6cb37a0229fc55f6f8a8662f -CVE-2020-27749 - RESERVED +CVE-2020-27749 (A flaw was found in grub2 in versions prior to 2.06. Variable names pr ...) {DSA-4867-1} - grub2 2.04-16 CVE-2020-27748 [local file inclusion vulnerability] @@ -12253,8 +12251,7 @@ CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) m NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.58_release_notes NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1641480 (private) NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361 -CVE-2020-25647 - RESERVED +CVE-2020-25647 (A flaw was found in grub2 in versions prior to 2.06. During USB device ...) {DSA-4867-1} - grub2 2.04-16 CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. openssl_priva ...) @@ -12312,8 +12309,7 @@ CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy - resteasy3.0 [buster] - resteasy3.0 (Minor issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042 -CVE-2020-25632 - RESERVED +CVE-2020-25632 (A flaw was found in grub2 in versions prior to 2.06. The rmmod impleme ...) {DSA-4867-1} - grub2 2.04-16 CVE-2020-25631 (A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 ...) @@ -32534,8 +32530,8 @@ CVE-2020-15939 RESERVED CVE-2020-15938 RESERVED -CVE-2020-15937 - RESERVED +CVE-2020-15937 (An improper neutralization of input vulnerability in FortiGate version ...) + TODO: check CVE-2020-15936 RESERVED CVE-2020-15935 @@ -36436,8 +36432,7 @@ CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc. [stretch] - ghostscript 9.26~dfsg-0+deb9u1 NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ece5cbbd9979cd35737b00e68267762d72feb2ea NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702851 -CVE-2020-14372 - RESERVED +CVE-2020-14372 (A flaw was found in grub2 in versions prior to 2.06, where it incorrec ...) {DSA-4867-1} - grub2 2.04-16 CVE-2020-14371 @@ -38671,8 +38666,7 @@ CVE-2020-13560 (A use after free vulnerability exists in the JavaScript engine o NOT-FOR-US: Foxit CVE-2020-13559 (A denial-of-service vulnerability exists in the traffic-logging functi ...) NOT-FOR-US: FreyrSCADA IEC-60879-5-104 Server Simulator -CVE-2020-13558 - RESERVED +CVE-2020-13558 (A code execution vulnerability exists in the AudioSourceProviderGStrea ...) {DSA-4854-1} - webkit2gtk 2.30.5-1 [stretch] - webkit2gtk (Not covered by security support in stretch) @@ -38684,8 +38678,8 @@ CVE-2020-13556 (An out-of-bounds write vulnerability exists in the Ethernet/IP s NOT-FOR-US: EIP Stack Group OpENer CVE-2020-13555 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA -CVE-2020-13554 - RESERVED +CVE-2020-13554 (An exploitable local privilege elevation vulnerability exists in the f ...) + TODO: check CVE-2020-13553 (An exploitable local privilege elevation vulnerability exists in the f ...) NOT-FOR-US: Advantech WebAccess/SCADA CVE-2020-13552 (An exploitable local privilege elevation vulnerability exists in the f ...) @@ -51697,8 +51691,8 @@ CVE-2020-8298 RESERVED CVE-2020-8297 (Nextcloud Deck before 1.0.2 suffers from an insecure direct object ref ...) NOT-FOR-US: Nextcloud Deck -CVE-2020-8296 - RESERVED +CVE-2020-8296 (Nextcloud Server prior to 20.0.0 stores passwords in a recoverable for ...) + TODO: check CVE-2020-8295 (A wrong check in Nextcloud Server 19 and prior allowed to perform a de ...) - nextcloud-server (bug #941708) CVE-2020-8294 (A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 1 ...) -- cgit v1.2.3