automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-09-19 08:10:19 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-09-19 08:10:19 +0000
commit: b913904891143ffe6b9324f72ce5c30ac3592a03 (patch)
tree: 4bf9d8ddd99abce10decd5b7fb1fbae972c568d4
parent: 0d919ad2d8736e709b714d5a9ef03b2d125f124e (diff)
2 files changed, 49 insertions, 28 deletions
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index 8ec5a9c5a5..2fdf3a594d 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -8,7 +8,7 @@ CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence
 	NOTE: Introduced by: https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57 (v3.0.0)
 	NOTE: Fixed by: https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51 (v3.1.0)
 CVE-2019-20917 (An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0 ...)
-	{DSA-4764-1}
+	{DSA-4764-1 DLA-2375-1}
 	- inspircd 3.3.0-1
 	NOTE: https://docs.inspircd.org/security/2019-02/
 	NOTE: https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 (v2)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index 48ad4399ad..bd8eeb1152 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -1,3 +1,27 @@
+CVE-2020-25780
+	RESERVED
+CVE-2020-25779
+	RESERVED
+CVE-2020-25778
+	RESERVED
+CVE-2020-25777
+	RESERVED
+CVE-2020-25776
+	RESERVED
+CVE-2020-25775
+	RESERVED
+CVE-2020-25774
+	RESERVED
+CVE-2020-25773
+	RESERVED
+CVE-2020-25772
+	RESERVED
+CVE-2020-25771
+	RESERVED
+CVE-2020-25770
+	RESERVED
+CVE-2020-25769
+	RESERVED
 CVE-2020-25768
 	RESERVED
 CVE-2020-25767
@@ -1009,7 +1033,7 @@ CVE-2020-25271
 CVE-2020-25270
 	RESERVED
 CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...)
-	{DSA-4764-1}
+	{DSA-4764-1 DLA-2375-1}
 	- inspircd <unfixed> (bug #960650)
 	NOTE: https://docs.inspircd.org/security/2020-01/
 	NOTE: https://github.com/inspircd/inspircd/commit/07d7dea334fc56642793aa5ae1e05ae3185c474b (v2)
@@ -30045,8 +30069,8 @@ CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows den
 	[buster] - libemf <no-dsa> (Minor issue)
 CVE-2020-11862
 	RESERVED
-CVE-2020-11861
-	RESERVED
+CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...)
+	TODO: check
 CVE-2020-11860
 	RESERVED
 CVE-2020-11859
@@ -38758,16 +38782,14 @@ CVE-2020-8255
 	RESERVED
 CVE-2020-8254
 	RESERVED
-CVE-2020-8253
-	RESERVED
-CVE-2020-8252 [fs.realpath.native on may cause buffer overflow]
-	RESERVED
+CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...)
+	TODO: check
+CVE-2020-8252 (The implementation of realpath in libuv &lt; 10.22.1, &lt; 12.18.4, an ...)
 	- libuv1 1.39.0-1
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252
 	NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one
 	NOTE: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd
-CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests]
-	RESERVED
+CVE-2020-8251 (Node.js &lt; 14.11.0 is vulnerable to HTTP denial of service (DoS) att ...)
 	- nodejs <not-affected> (Only affects 14.x series)
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251
 CVE-2020-8250
@@ -38776,12 +38798,12 @@ CVE-2020-8249
 	RESERVED
 CVE-2020-8248
 	RESERVED
-CVE-2020-8247
-	RESERVED
-CVE-2020-8246
-	RESERVED
-CVE-2020-8245
-	RESERVED
+CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...)
+	TODO: check
+CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...)
+	TODO: check
+CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before ...)
+	TODO: check
 CVE-2020-8244 (A buffer over-read vulnerability exists in bl &lt;4.0.3, &lt;3.0.1, &l ...)
 	- node-bl 4.0.3-1 (bug #969309)
 	[buster] - node-bl <no-dsa> (Minor issue)
@@ -38800,8 +38822,8 @@ CVE-2020-8239
 	RESERVED
 CVE-2020-8238
 	RESERVED
-CVE-2020-8237
-	RESERVED
+CVE-2020-8237 (Prototype pollution in json-bigint npm package &lt; 1.0.0 may lead to  ...)
+	TODO: check
 CVE-2020-8236
 	RESERVED
 CVE-2020-8235
@@ -38834,8 +38856,8 @@ CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Cl
 	NOTE: https://hackerone.com/reports/685552
 CVE-2020-8226 (A vulnerability exists in phpBB &lt;v3.2.10 and &lt;v3.3.1 which allow ...)
 	NOT-FOR-US: phpBB
-CVE-2020-8225
-	RESERVED
+CVE-2020-8225 (A cleartext storage of sensitive information in Nextcloud Desktop Clie ...)
+	TODO: check
 CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...)
 	- nextcloud-desktop <not-affected> (Windows-specific)
 	NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030
@@ -38887,14 +38909,13 @@ CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash &
 	NOTE: https://hackerone.com/reports/712065
 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...)
 	NOT-FOR-US: Nextcloud Preferred Providers app
-CVE-2020-8201 [HTTP Request Smuggling due to CR-to-Hyphen conversion]
-	RESERVED
+CVE-2020-8201 (Node.js &lt; 12.18.4 and &lt; 14.11 can be exploited to perform HTTP d ...)
 	- nodejs 12.18.4~dfsg-1
 	[buster] - nodejs <not-affected> (Only affects 12.x and later)
 	[stretch] - nodejs <not-affected> (Only affects 12.x and later)
 	NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201
-CVE-2020-8200
-	RESERVED
+CVE-2020-8200 (Improper authentication in Citrix StoreFront Server &lt; 1912.0.1000 a ...)
+	TODO: check
 CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...)
 	NOT-FOR-US: Citrix
 CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...)
@@ -39041,8 +39062,8 @@ CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem &lt; v1.2
 	- ruby-actionpack-page-caching 1.2.2-1 (bug #960680)
 	[buster] - ruby-actionpack-page-caching <no-dsa> (Minor issue)
 	NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8
-CVE-2020-8158
-	RESERVED
+CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package &lt; 0.2.25 m ...)
+	TODO: check
 CVE-2020-8157 (UniFi Cloud Key firmware &lt;= v1.1.10 for Cloud Key gen2 and Cloud Ke ...)
 	NOT-FOR-US: UniFi Cloud Key
 CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...)
@@ -45536,8 +45557,8 @@ CVE-2020-5423
 	RESERVED
 CVE-2020-5422
 	RESERVED
-CVE-2020-5421
-	RESERVED
+CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...)
+	TODO: check
 CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...)
 	NOT-FOR-US: Cloud Foundry
 CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...)
author	security tracker role <sectracker@soriano.debian.org>	2020-09-19 08:10:19 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-09-19 08:10:19 +0000
commit	b913904891143ffe6b9324f72ce5c30ac3592a03 (patch)
tree	4bf9d8ddd99abce10decd5b7fb1fbae972c568d4
parent	0d919ad2d8736e709b714d5a9ef03b2d125f124e (diff)