automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-09-19 08:10:19 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-09-19 08:10:19 +0000
commit: a758dde9d5ecb5aca8cca7193b346eeb80a47890 (patch)
tree: 7fb713cec9f2362d17ebaea075245dda7f5da0d5
parent: 9fa915146f4f854d98c9ff4ea5a12be5e7dae901 (diff)
1 files changed, 49 insertions, 28 deletions
diff --git a/data/CVE/list b/data/CVE/list
index 4efa5bfa0b..740e864c3f 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,27 @@
+CVE-2020-25780
+	RESERVED
+CVE-2020-25779
+	RESERVED
+CVE-2020-25778
+	RESERVED
+CVE-2020-25777
+	RESERVED
+CVE-2020-25776
+	RESERVED
+CVE-2020-25775
+	RESERVED
+CVE-2020-25774
+	RESERVED
+CVE-2020-25773
+	RESERVED
+CVE-2020-25772
+	RESERVED
+CVE-2020-25771
+	RESERVED
+CVE-2020-25770
+	RESERVED
+CVE-2020-25769
+	RESERVED
 CVE-2020-25768
 	RESERVED
 CVE-2020-25767
@@ -1025,7 +1049,7 @@ CVE-2020-25271
 CVE-2020-25270
 	RESERVED
 CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...)
-	{DSA-4764-1}
+	{DSA-4764-1 DLA-2375-1}
 	- inspircd <unfixed> (bug #960650)
 	NOTE: https://docs.inspircd.org/security/2020-01/
 	NOTE: https://github.com/inspircd/inspircd/commit/07d7dea334fc56642793aa5ae1e05ae3185c474b (v2)
@@ -1130,7 +1154,7 @@ CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence
 	NOTE: Introduced by: https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57 (v3.0.0)
 	NOTE: Fixed by: https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51 (v3.1.0)
 CVE-2019-20917 (An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0 ...)
-	{DSA-4764-1}
+	{DSA-4764-1 DLA-2375-1}
 	- inspircd 3.3.0-1
 	NOTE: https://docs.inspircd.org/security/2019-02/
 	NOTE: https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 (v2)
@@ -31371,8 +31395,8 @@ CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier (ak
 	NOT-FOR-US: LG PC Suite
 CVE-2020-11862
 	RESERVED
-CVE-2020-11861
-	RESERVED
+CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...)
+	TODO: check
 CVE-2020-11860
 	RESERVED
 CVE-2020-11859
@@ -41177,16 +41201,14 @@ CVE-2020-8255
 	RESERVED
 CVE-2020-8254
 	RESERVED
-CVE-2020-8253
-	RESERVED
-CVE-2020-8252 [fs.realpath.native on may cause buffer overflow]
-	RESERVED
+CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...)
+	TODO: check
+CVE-2020-8252 (The implementation of realpath in libuv &lt; 10.22.1, &lt; 12.18.4, an ...)
 	- libuv1 1.39.0-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
 	NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one
 	NOTE: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd
-CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests]
-	RESERVED
+CVE-2020-8251 (Node.js &lt; 14.11.0 is vulnerable to HTTP denial of service (DoS) att ...)
 	- nodejs <not-affected> (Only affects 14.x series)
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251
 CVE-2020-8250
@@ -41195,12 +41217,12 @@ CVE-2020-8249
 	RESERVED
 CVE-2020-8248
 	RESERVED
-CVE-2020-8247
-	RESERVED
-CVE-2020-8246
-	RESERVED
-CVE-2020-8245
-	RESERVED
+CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...)
+	TODO: check
+CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...)
+	TODO: check
+CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before ...)
+	TODO: check
 CVE-2020-8244 (A buffer over-read vulnerability exists in bl &lt;4.0.3, &lt;3.0.1, &l ...)
 	- node-bl 4.0.3-1 (bug #969309)
 	[buster] - node-bl <no-dsa> (Minor issue)
@@ -41219,8 +41241,8 @@ CVE-2020-8239
 	RESERVED
 CVE-2020-8238
 	RESERVED
-CVE-2020-8237
-	RESERVED
+CVE-2020-8237 (Prototype pollution in json-bigint npm package &lt; 1.0.0 may lead to  ...)
+	TODO: check
 CVE-2020-8236
 	RESERVED
 CVE-2020-8235
@@ -41253,8 +41275,8 @@ CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Cl
 	NOTE: https://hackerone.com/reports/685552
 CVE-2020-8226 (A vulnerability exists in phpBB &lt;v3.2.10 and &lt;v3.3.1 which allow ...)
 	NOT-FOR-US: phpBB
-CVE-2020-8225
-	RESERVED
+CVE-2020-8225 (A cleartext storage of sensitive information in Nextcloud Desktop Clie ...)
+	TODO: check
 CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...)
 	- nextcloud-desktop <not-affected> (Windows-specific)
 	NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030
@@ -41306,14 +41328,13 @@ CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash &
 	NOTE: https://hackerone.com/reports/712065
 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...)
 	NOT-FOR-US: Nextcloud Preferred Providers app
-CVE-2020-8201 [HTTP Request Smuggling due to CR-to-Hyphen conversion]
-	RESERVED
+CVE-2020-8201 (Node.js &lt; 12.18.4 and &lt; 14.11 can be exploited to perform HTTP d ...)
 	- nodejs 12.18.4~dfsg-1
 	[buster] - nodejs <not-affected> (Only affects 12.x and later)
 	[stretch] - nodejs <not-affected> (Only affects 12.x and later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201
-CVE-2020-8200
-	RESERVED
+CVE-2020-8200 (Improper authentication in Citrix StoreFront Server &lt; 1912.0.1000 a ...)
+	TODO: check
 CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...)
 	NOT-FOR-US: Citrix
 CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
@@ -41460,8 +41481,8 @@ CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem &lt; v1.2
 	- ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
 	[buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
 	NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
-CVE-2020-8158
-	RESERVED
+CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package &lt; 0.2.25 m ...)
+	TODO: check
 CVE-2020-8157 (UniFi Cloud Key firmware &lt;= v1.1.10 for Cloud Key gen2 and Cloud Ke ...)
 	NOT-FOR-US: UniFi Cloud Key
 CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...)
@@ -48271,8 +48292,8 @@ CVE-2020-5423
 	RESERVED
 CVE-2020-5422
 	RESERVED
-CVE-2020-5421
-	RESERVED
+CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...)
+	TODO: check
 CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...)
author	security tracker role <sectracker@soriano.debian.org>	2020-09-19 08:10:19 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-09-19 08:10:19 +0000
commit	a758dde9d5ecb5aca8cca7193b346eeb80a47890 (patch)
tree	7fb713cec9f2362d17ebaea075245dda7f5da0d5
parent	9fa915146f4f854d98c9ff4ea5a12be5e7dae901 (diff)