From a758dde9d5ecb5aca8cca7193b346eeb80a47890 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sat, 19 Sep 2020 08:10:19 +0000 Subject: automatic update --- data/CVE/list | 77 +++++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 49 insertions(+), 28 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 4efa5bfa0b..740e864c3f 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,27 @@ +CVE-2020-25780 + RESERVED +CVE-2020-25779 + RESERVED +CVE-2020-25778 + RESERVED +CVE-2020-25777 + RESERVED +CVE-2020-25776 + RESERVED +CVE-2020-25775 + RESERVED +CVE-2020-25774 + RESERVED +CVE-2020-25773 + RESERVED +CVE-2020-25772 + RESERVED +CVE-2020-25771 + RESERVED +CVE-2020-25770 + RESERVED +CVE-2020-25769 + RESERVED CVE-2020-25768 RESERVED CVE-2020-25767 @@ -1025,7 +1049,7 @@ CVE-2020-25271 CVE-2020-25270 RESERVED CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...) - {DSA-4764-1} + {DSA-4764-1 DLA-2375-1} - inspircd (bug #960650) NOTE: https://docs.inspircd.org/security/2020-01/ NOTE: https://github.com/inspircd/inspircd/commit/07d7dea334fc56642793aa5ae1e05ae3185c474b (v2) @@ -1130,7 +1154,7 @@ CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence NOTE: Introduced by: https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57 (v3.0.0) NOTE: Fixed by: https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51 (v3.1.0) CVE-2019-20917 (An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0 ...) - {DSA-4764-1} + {DSA-4764-1 DLA-2375-1} - inspircd 3.3.0-1 NOTE: https://docs.inspircd.org/security/2019-02/ NOTE: https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 (v2) @@ -31371,8 +31395,8 @@ CVE-2019-20769 (An issue was discovered in LG PC Suite for LG G3 and earlier (ak NOT-FOR-US: LG PC Suite CVE-2020-11862 RESERVED -CVE-2020-11861 - RESERVED +CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...) + TODO: check CVE-2020-11860 RESERVED CVE-2020-11859 @@ -41177,16 +41201,14 @@ CVE-2020-8255 RESERVED CVE-2020-8254 RESERVED -CVE-2020-8253 - RESERVED -CVE-2020-8252 [fs.realpath.native on may cause buffer overflow] - RESERVED +CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...) + TODO: check +CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18.4, an ...) - libuv1 1.39.0-1 NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one NOTE: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd -CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests] - RESERVED +CVE-2020-8251 (Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) att ...) - nodejs (Only affects 14.x series) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251 CVE-2020-8250 @@ -41195,12 +41217,12 @@ CVE-2020-8249 RESERVED CVE-2020-8248 RESERVED -CVE-2020-8247 - RESERVED -CVE-2020-8246 - RESERVED -CVE-2020-8245 - RESERVED +CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) + TODO: check +CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) + TODO: check +CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before ...) + TODO: check CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, &l ...) - node-bl 4.0.3-1 (bug #969309) [buster] - node-bl (Minor issue) @@ -41219,8 +41241,8 @@ CVE-2020-8239 RESERVED CVE-2020-8238 RESERVED -CVE-2020-8237 - RESERVED +CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lead to ...) + TODO: check CVE-2020-8236 RESERVED CVE-2020-8235 @@ -41253,8 +41275,8 @@ CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Cl NOTE: https://hackerone.com/reports/685552 CVE-2020-8226 (A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allow ...) NOT-FOR-US: phpBB -CVE-2020-8225 - RESERVED +CVE-2020-8225 (A cleartext storage of sensitive information in Nextcloud Desktop Clie ...) + TODO: check CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...) - nextcloud-desktop (Windows-specific) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030 @@ -41306,14 +41328,13 @@ CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash & NOTE: https://hackerone.com/reports/712065 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...) NOT-FOR-US: Nextcloud Preferred Providers app -CVE-2020-8201 [HTTP Request Smuggling due to CR-to-Hyphen conversion] - RESERVED +CVE-2020-8201 (Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP d ...) - nodejs 12.18.4~dfsg-1 [buster] - nodejs (Only affects 12.x and later) [stretch] - nodejs (Only affects 12.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201 -CVE-2020-8200 - RESERVED +CVE-2020-8200 (Improper authentication in Citrix StoreFront Server < 1912.0.1000 a ...) + TODO: check CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...) NOT-FOR-US: Citrix CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) @@ -41460,8 +41481,8 @@ CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2 - ruby-actionpack-page-caching 1.2.2-1 (bug #960680) [buster] - ruby-actionpack-page-caching (Minor issue) NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 -CVE-2020-8158 - RESERVED +CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package < 0.2.25 m ...) + TODO: check CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...) NOT-FOR-US: UniFi Cloud Key CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...) @@ -48271,8 +48292,8 @@ CVE-2020-5423 RESERVED CVE-2020-5422 RESERVED -CVE-2020-5421 - RESERVED +CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...) + TODO: check CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...) NOT-FOR-US: Cloud Foundry CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...) -- cgit v1.2.3