From 2207786ce4461f6d49c5c3e2b10d46a4a9a898d5 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Mon, 30 Nov 2020 20:10:26 +0000 Subject: automatic update --- data/CVE/list | 107 ++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 66 insertions(+), 41 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 1bdb2694c3..973674e7b6 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,27 @@ +CVE-2020-29395 (The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS v ...) + TODO: check +CVE-2020-29394 (A buffer overflow in the dlt_filter_load function in dlt_common.c in d ...) + TODO: check +CVE-2020-29393 + RESERVED +CVE-2020-29392 (The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* ...) + TODO: check +CVE-2020-29391 + RESERVED +CVE-2020-29390 (Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi ...) + TODO: check +CVE-2020-29389 + RESERVED +CVE-2020-29388 + RESERVED +CVE-2020-29387 + RESERVED +CVE-2020-29386 + RESERVED +CVE-2020-29385 + RESERVED +CVE-2020-29384 (An issue was discovered in PNGOUT 2020-01-15. When compressing a craft ...) + TODO: check CVE-2020-29383 (An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1. ...) NOT-FOR-US: V-SOL devices CVE-2020-29382 (An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 ...) @@ -68,8 +92,8 @@ CVE-2020-29366 RESERVED CVE-2020-29365 RESERVED -CVE-2020-29364 - RESERVED +CVE-2020-29364 (In NetArt News Lister 1.0.0, the news headlines are vulnerable to stor ...) + TODO: check CVE-2020-29363 RESERVED CVE-2020-29362 @@ -856,12 +880,12 @@ CVE-2020-28980 RESERVED CVE-2020-28979 RESERVED -CVE-2020-28978 - RESERVED -CVE-2020-28977 - RESERVED -CVE-2020-28976 - RESERVED +CVE-2020-28978 (The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability ...) + TODO: check +CVE-2020-28977 (The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability ...) + TODO: check +CVE-2020-28976 (The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerabili ...) + TODO: check CVE-2020-28984 (prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does ...) {DSA-4798-1} - spip 3.2.8-1 @@ -995,8 +1019,8 @@ CVE-2020-28928 (In musl libc through 1.2.1, wcsnrtombs mishandles particular com NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4 CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User Registration sectio ...) NOT-FOR-US: Magicpin -CVE-2020-28926 - RESERVED +CVE-2020-28926 (ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code exe ...) + TODO: check CVE-2020-28925 RESERVED CVE-2020-28924 (An issue was discovered in Rclone before 1.53.3. Due to the use of a w ...) @@ -1072,6 +1096,7 @@ CVE-2020-28898 CVE-2020-28897 RESERVED CVE-2020-28896 (Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $s ...) + {DLA-2472-1} - mutt 2.0.2-1 [buster] - mutt (Minor issue) - neomutt 20201120+dfsg.1-1 @@ -7125,10 +7150,10 @@ CVE-2020-27661 [divide by zero in dwc2_handle_packet() in hw/usb/hcd-dwc2.c] [stretch] - qemu (Vulnerable code introduced later) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2020-10/msg04263.html NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=bea2a9e3e00b275dc40cfa09c760c715b8753e03 (v5.2.0-rc0) -CVE-2020-27660 - RESERVED -CVE-2020-27659 - RESERVED +CVE-2020-27660 (SQL injection vulnerability in request.cgi in Synology SafeAccess befo ...) + TODO: check +CVE-2020-27659 (Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAc ...) + TODO: check CVE-2020-27658 (Synology Router Manager (SRM) before 1.2.4-8081 does not include the H ...) NOT-FOR-US: Synology Router Manager (SRM) CVE-2020-27657 (Cleartext transmission of sensitive information vulnerability in DDNS ...) @@ -12035,8 +12060,8 @@ CVE-2020-25539 RESERVED CVE-2020-25538 (An authenticated attacker can inject malicious code into "lang" parame ...) NOT-FOR-US: CMSuno -CVE-2020-25537 - RESERVED +CVE-2020-25537 (File upload vulnerability exists in UCMS 1.5.0, and the attacker can t ...) + TODO: check CVE-2020-25536 RESERVED CVE-2020-25535 @@ -27604,8 +27629,8 @@ CVE-2020-17903 RESERVED CVE-2020-17902 RESERVED -CVE-2020-17901 - RESERVED +CVE-2020-17901 (Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers t ...) + TODO: check CVE-2020-17900 RESERVED CVE-2020-17899 @@ -42535,17 +42560,17 @@ CVE-2020-11970 REJECTED CVE-2020-11969 (If Apache TomEE is configured to use the embedded ActiveMQ broker, and ...) NOT-FOR-US: Apache TomEE -CVE-2020-11968 (In the web-panel in IQrouter through 3.3.1, remote attackers can read ...) +CVE-2020-11968 (** DISPUTED ** In the web-panel in IQrouter through 3.3.1, remote atta ...) NOT-FOR-US: IQrouter -CVE-2020-11967 (In IQrouter through 3.3.1, remote attackers can control the device (re ...) +CVE-2020-11967 (** DISPUTED ** In IQrouter through 3.3.1, remote attackers can control ...) NOT-FOR-US: IQrouter -CVE-2020-11966 (In IQrouter through 3.3.1, the Lua function reset_password in the web- ...) +CVE-2020-11966 (** DISPUTED ** In IQrouter through 3.3.1, the Lua function reset_passw ...) NOT-FOR-US: IQrouter -CVE-2020-11965 (In IQrouter through 3.3.1, there is a root user without a password, wh ...) +CVE-2020-11965 (** DISPUTED ** In IQrouter through 3.3.1, there is a root user without ...) NOT-FOR-US: IQrouter -CVE-2020-11964 (In IQrouter through 3.3.1, the Lua function diag_set_password in the w ...) +CVE-2020-11964 (** DISPUTED ** In IQrouter through 3.3.1, the Lua function diag_set_pa ...) NOT-FOR-US: IQrouter -CVE-2020-11963 (IQrouter through 3.3.1, when unconfigured, has multiple remote code ex ...) +CVE-2020-11963 (** DISPUTED ** IQrouter through 3.3.1, when unconfigured, has multiple ...) NOT-FOR-US: IQrouter CVE-2020-11962 RESERVED @@ -53139,8 +53164,8 @@ CVE-2020-8353 (Prior to August 10, 2020, some Lenovo Desktop and Workstation sys NOT-FOR-US: Lenovo CVE-2020-8352 (In some Lenovo Desktop models, the Configuration Change Detection BIOS ...) NOT-FOR-US: Lenovo -CVE-2020-8351 - RESERVED +CVE-2020-8351 (A privilege escalation vulnerability was reported in Lenovo PCManager ...) + TODO: check CVE-2020-8350 (An authentication bypass vulnerability was reported in Lenovo ThinkPad ...) NOT-FOR-US: Lenovo CVE-2020-8349 (An internal security review has identified an unauthenticated remote c ...) @@ -58493,8 +58518,8 @@ CVE-2020-6319 (SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.2 NOT-FOR-US: SAP CVE-2020-6318 (A Remote Code Execution vulnerability exists in the SAP NetWeaver (ABA ...) NOT-FOR-US: SAP -CVE-2020-6317 - RESERVED +CVE-2020-6317 (In certain situations, an attacker with regular user credentials and l ...) + TODO: check CVE-2020-6316 (SAP ERP and SAP S/4 HANA allows an authenticated user to see cost reco ...) NOT-FOR-US: SAP CVE-2020-6315 (SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send ...) @@ -62150,8 +62175,8 @@ CVE-2020-4902 RESERVED CVE-2020-4901 RESERVED -CVE-2020-4900 - RESERVED +CVE-2020-4900 (IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive ...) + TODO: check CVE-2020-4899 RESERVED CVE-2020-4898 @@ -62559,8 +62584,8 @@ CVE-2020-4698 (IBM Business Process Manager 8.5, 8.6 and IBM Business Automation NOT-FOR-US: IBM CVE-2020-4697 RESERVED -CVE-2020-4696 - RESERVED +CVE-2020-4696 (IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session a ...) + TODO: check CVE-2020-4695 RESERVED CVE-2020-4694 @@ -62697,14 +62722,14 @@ CVE-2020-4629 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could all NOT-FOR-US: IBM CVE-2020-4628 RESERVED -CVE-2020-4627 - RESERVED -CVE-2020-4626 - RESERVED -CVE-2020-4625 - RESERVED -CVE-2020-4624 - RESERVED +CVE-2020-4627 (IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS ...) + TODO: check +CVE-2020-4626 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive infor ...) + TODO: check +CVE-2020-4625 (IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker ...) + TODO: check +CVE-2020-4624 (IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cr ...) + TODO: check CVE-2020-4623 RESERVED CVE-2020-4622 (IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, su ...) @@ -127666,7 +127691,7 @@ CVE-2018-19788 (A flaw was found in PolicyKit (aka polkit) 0.115 that allows a u NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/2cb40c4d5feeaa09325522bd7d97910f1b59e379 NOTE: https://gitlab.freedesktop.org/polkit/polkit/commit/b534a10727455409acd54018a9c91000e7626126 CVE-2018-19787 (An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in th ...) - {DLA-2467-1 DLA-1604-1} + {DLA-2467-1} - lxml 4.2.5-1 NOTE: Fixed by: https://github.com/lxml/lxml/commit/6be1d081b49c97cfd7b3fbd934a193b668629109 (lxml-4.2.5) CVE-2018-19786 (HashiCorp Vault before 1.0.0 writes the master key to the server log i ...) -- cgit v1.2.3