From c1f5fdb27e541c9c96215f5510c62db867e39dbf Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 1 Mar 2021 20:10:31 +0000 Subject: automatic update --- data/CVE/2020.list | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'data/CVE/2020.list') diff --git a/data/CVE/2020.list b/data/CVE/2020.list index f1cf4fba94..b9401995f9 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -39,8 +39,8 @@ CVE-2020-36241 (autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used [stretch] - gnome-autoar (Minor issue) NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/commit/adb067e645732fdbe7103516e506d09eb6a54429 NOTE: https://gitlab.gnome.org/GNOME/gnome-autoar/-/issues/7 -CVE-2020-36240 - RESERVED +CVE-2020-36240 (The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, a ...) + TODO: check CVE-2020-36239 RESERVED CVE-2020-36238 @@ -38283,7 +38283,7 @@ CVE-2020-13754 (hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=dba04c3488c4699f5afe96f66e448b1d447cf3fb (regression fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=8e67fda2dd6202ccec093fda561107ba14830a17 (regression fix) NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=70b78d4e71494c90d2ccb40381336bc9b9a22f79 (regression fix) -CVE-2020-13702 (** DISPUTED ** The Rolling Proximity Identifier used in the Apple/Goog ...) +CVE-2020-13702 (The Rolling Proximity Identifier used in the Apple/Google Exposure Not ...) NOT-FOR-US: Apple/Google Exposure Notification API CVE-2020-13701 RESERVED @@ -48927,8 +48927,7 @@ CVE-2020-9481 (Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is NOTE: https://github.com/apache/trafficserver/commit/50441b39e6631389ef95c4133f06bbf94544879c CVE-2020-9480 (In Apache Spark 2.4.5 and earlier, a standalone resource manager's mas ...) - apache-spark (bug #802194) -CVE-2020-9479 - RESERVED +CVE-2020-9479 (When loading a UDF, a specially crafted zip file could allow files to ...) NOT-FOR-US: Apache AsterixDB CVE-2020-9478 (An issue was discovered in Rubrik 5.0.3-2296. An OS command injection ...) NOT-FOR-US: Rubrik @@ -52608,8 +52607,8 @@ CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template pr NOT-FOR-US: JFrog Artifactory CVE-2020-7930 RESERVED -CVE-2020-7929 - RESERVED +CVE-2020-7929 (A user authorized to perform database queries may trigger denial of se ...) + TODO: check CVE-2020-7928 (A user authorized to perform database queries may trigger a read overr ...) - mongodb [stretch] - mongodb (Vulnerable code introduced later) -- cgit v1.2.3