From fccc446b4f8d689d32ffb2b6b09015df990fc2d5 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Tue, 2 Mar 2021 20:10:18 +0000 Subject: automatic update --- data/CVE/2020.list | 33 +++++++++++++++++++-------------- 1 file changed, 19 insertions(+), 14 deletions(-) (limited to 'data/CVE/2020.list') diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c92717d1a4..613efb71ec 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -5116,8 +5116,8 @@ CVE-2020-28659 RESERVED CVE-2020-28658 RESERVED -CVE-2020-28657 - RESERVED +CVE-2020-28657 (In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) a ...) + TODO: check CVE-2020-28656 (The update functionality of the Discover Media infotainment system in ...) NOT-FOR-US: 3Discover Media infotainment system in Volkswagen Polo 2019 vehicles CVE-2020-28655 @@ -7146,6 +7146,7 @@ CVE-2020-27780 (A flaw was found in Linux-Pam in versions prior to 1.5.1 in the NOTE: Fixed by: https://github.com/linux-pam/linux-pam/commit/30fdfb90d9864bcc254a62760aaa149d373fd4eb CVE-2020-27779 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2020-27778 (A flaw was found in Poppler in the way certain PDF files were converte ...) - poppler 0.85.0-2 @@ -7347,6 +7348,7 @@ CVE-2020-27750 (A flaw was found in ImageMagick in MagickCore/colorspace-private NOTE: ImageMagick6: https://github.com/ImageMagick/ImageMagick6/commit/c7038e710ad0204d6cb37a0229fc55f6f8a8662f CVE-2020-27749 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2020-27748 [local file inclusion vulnerability] RESERVED @@ -11480,8 +11482,8 @@ CVE-2020-25904 RESERVED CVE-2020-25903 RESERVED -CVE-2020-25902 - RESERVED +CVE-2020-25902 (Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripti ...) + TODO: check CVE-2020-25901 (Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to r ...) NOT-FOR-US: Spiceworks CVE-2020-25900 @@ -12250,6 +12252,7 @@ CVE-2020-25648 (A flaw was found in the way NSS handled CCS (ChangeCipherSpec) m NOTE: Fixed by: https://hg.mozilla.org/projects/nss/rev/57bbefa793232586d27cee83e74411171e128361 CVE-2020-25647 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2020-25646 (A flaw was found in Ansible Collection community.crypto. openssl_priva ...) TODO: check @@ -12308,6 +12311,7 @@ CVE-2020-25633 (A flaw was found in RESTEasy client in all versions of RESTEasy NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1879042 CVE-2020-25632 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2020-25631 (A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 ...) - moodle @@ -16867,8 +16871,8 @@ CVE-2020-23520 (imcat 5.2 allows an authenticated file upload and consequently r NOT-FOR-US: imcat CVE-2020-23519 RESERVED -CVE-2020-23518 - RESERVED +CVE-2020-23518 (Cross Site Scripting (XSS) vulnerability in UltimateKode Neo Billing - ...) + TODO: check CVE-2020-23517 RESERVED CVE-2020-23516 @@ -36431,6 +36435,7 @@ CVE-2020-14373 (A use after free was found in igc_reloc_struct_ptr() of psi/igc. NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=702851 CVE-2020-14372 RESERVED + {DSA-4867-1} - grub2 2.04-16 CVE-2020-14371 RESERVED @@ -60268,10 +60273,10 @@ CVE-2020-4728 RESERVED CVE-2020-4727 (IBM InfoSphere Information Server 11.7 could allow a remote attacker t ...) NOT-FOR-US: IBM -CVE-2020-4726 - RESERVED -CVE-2020-4725 - RESERVED +CVE-2020-4726 (The IBM Application Performance Monitoring UI (IBM Cloud APM 8.1.4) al ...) + TODO: check +CVE-2020-4725 (IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated use ...) + TODO: check CVE-2020-4724 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) NOT-FOR-US: IBM CVE-2020-4723 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker t ...) @@ -60282,8 +60287,8 @@ CVE-2020-4721 (IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attac NOT-FOR-US: IBM CVE-2020-4720 RESERVED -CVE-2020-4719 - RESERVED +CVE-2020-4719 (The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any ...) + TODO: check CVE-2020-4718 (IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerabl ...) NOT-FOR-US: IBM CVE-2020-4717 @@ -66254,8 +66259,8 @@ CVE-2020-1938 (When using the Apache JServ Protocol (AJP), care must be taken wh NOTE: https://github.com/apache/tomcat/commit/f7180bafc74cb1250c9e9287b68a230f0e1f4645 (7.0.100) CVE-2020-1937 (Kylin has some restful apis which will concatenate SQLs with the user ...) NOT-FOR-US: Apache Kylin -CVE-2020-1936 - RESERVED +CVE-2020-1936 (A cross-site scripting issue was found in Apache Ambari Views. This wa ...) + TODO: check CVE-2020-1935 (In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0. ...) {DSA-4680-1 DSA-4673-1 DLA-2209-1 DLA-2133-1} - tomcat9 9.0.31-1 -- cgit v1.2.3