From 9b9a68bca18b52a74f0efcd61692037ffbde5ace Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 14 Feb 2020 20:10:22 +0000 Subject: automatic update --- data/CVE/list | 86 ++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 46 insertions(+), 40 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index a8fe6b0d90..be390aeac8 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,9 @@ +CVE-2020-8995 + RESERVED +CVE-2019-20455 (Gateways/Gateway.php in Heartland & Global Payments PHP SDK before ...) + TODO: check +CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...) + TODO: check CVE-2020-8994 RESERVED CVE-2020-8993 @@ -314,8 +320,8 @@ CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary co NOT-FOR-US: Foxit PhantomPDF CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit Reader -CVE-2020-8843 - RESERVED +CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...) + TODO: check CVE-2020-8842 RESERVED CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...) @@ -822,10 +828,10 @@ CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. A NOT-FOR-US: Askey devices CVE-2020-8613 RESERVED -CVE-2020-8612 - RESERVED -CVE-2020-8611 - RESERVED +CVE-2020-8612 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) + TODO: check +CVE-2020-8611 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...) + TODO: check CVE-2020-8610 RESERVED CVE-2020-8609 @@ -870,8 +876,8 @@ CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9 NOT-FOR-US: Participants Database plugin for WordPress CVE-2020-8595 (Istio 1.3 through 1.4.3 allows authentication bypass. The Authenticati ...) NOT-FOR-US: itsio -CVE-2020-8594 - RESERVED +CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...) + TODO: check CVE-2020-8593 RESERVED CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...) @@ -3824,8 +3830,8 @@ CVE-2020-7253 RESERVED CVE-2020-7252 RESERVED -CVE-2020-7251 - RESERVED +CVE-2020-7251 (Improper access control vulnerability in Configuration Tool in McAfee ...) + TODO: check CVE-2020-7250 RESERVED CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...) @@ -7563,8 +7569,8 @@ CVE-2020-5534 RESERVED CVE-2020-5533 RESERVED -CVE-2020-5532 - RESERVED +CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for ...) + TODO: check CVE-2020-5531 RESERVED CVE-2020-5530 @@ -11600,10 +11606,10 @@ CVE-2019-20048 (An issue was discovered on Alcatel-Lucent OmniVista 8770 devices NOT-FOR-US: Alcatel-Lucent OmniVista 8770 devices CVE-2019-20047 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and ...) NOT-FOR-US: Alcatel-Lucent OmniVista 4760 devices -CVE-2019-20046 - RESERVED -CVE-2019-20045 - RESERVED +CVE-2019-20046 (The Synergy Systems & Solutions PLC & RTU system has a vulnera ...) + TODO: check +CVE-2019-20045 (The Synergy Systems & Solutions PLC & RTU system has a vulnera ...) + TODO: check CVE-2019-20044 RESERVED CVE-2019-20040 @@ -12335,8 +12341,8 @@ CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers NOTE: When fixing this issue make sure to apply as well NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089 NOTE: to not open CVE-2019-19926. -CVE-2019-19879 - RESERVED +CVE-2019-19879 (HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain ...) + TODO: check CVE-2019-19878 RESERVED CVE-2019-19877 @@ -14093,23 +14099,23 @@ CVE-2019-19767 (The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize CVE-2019-19766 (The Bitwarden server through 1.32.0 has a potentially unwanted KDF. ...) NOT-FOR-US: Bitwarden server CVE-2019-19765 - RESERVED + REJECTED CVE-2019-19764 - RESERVED + REJECTED CVE-2019-19763 - RESERVED + REJECTED CVE-2019-19762 - RESERVED + REJECTED CVE-2019-19761 RESERVED CVE-2019-19760 RESERVED CVE-2019-19759 RESERVED -CVE-2019-19758 - RESERVED -CVE-2019-19757 - RESERVED +CVE-2019-19758 (A vulnerability in the web interface of Lenovo EZ Media & Backup C ...) + TODO: check +CVE-2019-19757 (An internal product security audit of Lenovo XClarity Administrator (L ...) + TODO: check CVE-2019-19756 RESERVED CVE-2019-19755 @@ -15519,10 +15525,10 @@ CVE-2019-19703 (In Ktor through 1.2.6, the client resends data from the HTTP Aut NOT-FOR-US: Ktor CVE-2019-19702 (The modoboa-dmarc plugin 1.1.0 for Modoboa is vulnerable to an XML Ext ...) NOT-FOR-US: Modoboa -CVE-2018-21033 - RESERVED -CVE-2018-21032 - RESERVED +CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Au ...) + TODO: check +CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi ...) + TODO: check CVE-2020-2509 RESERVED CVE-2020-2508 @@ -45978,8 +45984,8 @@ CVE-2019-11217 (The GitController in Jakub Chodounsky Bonobo Git Server before 6 NOT-FOR-US: Bonobo Git Server CVE-2019-11216 (BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the i ...) NOT-FOR-US: BMC Smart Reporting -CVE-2019-11215 - RESERVED +CVE-2019-11215 (In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writ ...) + TODO: check CVE-2019-11214 RESERVED CVE-2019-11213 (In Pulse Secure Pulse Desktop Client and Network Connect, an attacker ...) @@ -60408,18 +60414,18 @@ CVE-2019-6197 RESERVED CVE-2019-6196 RESERVED -CVE-2019-6195 - RESERVED -CVE-2019-6194 - RESERVED -CVE-2019-6193 - RESERVED +CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...) + TODO: check +CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in ...) + TODO: check +CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo XClarit ...) + TODO: check CVE-2019-6192 (A potential vulnerability has been reported in Lenovo Power Management ...) NOT-FOR-US: Lenovo CVE-2019-6191 (A potential vulnerability in the discontinued LenovoPaper software ver ...) NOT-FOR-US: Lenovo -CVE-2019-6190 - RESERVED +CVE-2019-6190 (Lenovo was notified of a potential denial of service vulnerability, af ...) + TODO: check CVE-2019-6189 (A potential vulnerability was reported in Lenovo System Interface Foun ...) NOT-FOR-US: Lenovo CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...) -- cgit v1.2.3