From b913904891143ffe6b9324f72ce5c30ac3592a03 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sat, 19 Sep 2020 08:10:19 +0000 Subject: automatic update --- data/CVE/list.2019 | 2 +- data/CVE/list.2020 | 75 ++++++++++++++++++++++++++++++++++-------------------- 2 files changed, 49 insertions(+), 28 deletions(-) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 8ec5a9c5a5..2fdf3a594d 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -8,7 +8,7 @@ CVE-2019-20918 (An issue was discovered in InspIRCd 3 before 3.1.0. The silence NOTE: Introduced by: https://github.com/inspircd/inspircd/commit/bcd65de1ec4bb71591ae417fee649d7ecd37cd57 (v3.0.0) NOTE: Fixed by: https://github.com/inspircd/inspircd/commit/7b47de3c194f239c5fea09a0e49696c9af017d51 (v3.1.0) CVE-2019-20917 (An issue was discovered in InspIRCd 2 before 2.0.28 and 3 before 3.3.0 ...) - {DSA-4764-1} + {DSA-4764-1 DLA-2375-1} - inspircd 3.3.0-1 NOTE: https://docs.inspircd.org/security/2019-02/ NOTE: https://github.com/inspircd/inspircd/commit/2cc35d8625b7ea5cbd1d1ebb116aff86c5280162 (v2) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 48ad4399ad..bd8eeb1152 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1,3 +1,27 @@ +CVE-2020-25780 + RESERVED +CVE-2020-25779 + RESERVED +CVE-2020-25778 + RESERVED +CVE-2020-25777 + RESERVED +CVE-2020-25776 + RESERVED +CVE-2020-25775 + RESERVED +CVE-2020-25774 + RESERVED +CVE-2020-25773 + RESERVED +CVE-2020-25772 + RESERVED +CVE-2020-25771 + RESERVED +CVE-2020-25770 + RESERVED +CVE-2020-25769 + RESERVED CVE-2020-25768 RESERVED CVE-2020-25767 @@ -1009,7 +1033,7 @@ CVE-2020-25271 CVE-2020-25270 RESERVED CVE-2020-25269 (An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0 ...) - {DSA-4764-1} + {DSA-4764-1 DLA-2375-1} - inspircd (bug #960650) NOTE: https://docs.inspircd.org/security/2020-01/ NOTE: https://github.com/inspircd/inspircd/commit/07d7dea334fc56642793aa5ae1e05ae3185c474b (v2) @@ -30045,8 +30069,8 @@ CVE-2020-11863 (libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows den [buster] - libemf (Minor issue) CVE-2020-11862 RESERVED -CVE-2020-11861 - RESERVED +CVE-2020-11861 (Unauthorized escalation of local privileges vulnerability on Micro Foc ...) + TODO: check CVE-2020-11860 RESERVED CVE-2020-11859 @@ -38758,16 +38782,14 @@ CVE-2020-8255 RESERVED CVE-2020-8254 RESERVED -CVE-2020-8253 - RESERVED -CVE-2020-8252 [fs.realpath.native on may cause buffer overflow] - RESERVED +CVE-2020-8253 (Improper authentication in Citrix XenMobile Server 10.12 before RP2, C ...) + TODO: check +CVE-2020-8252 (The implementation of realpath in libuv < 10.22.1, < 12.18.4, an ...) - libuv1 1.39.0-1 NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#fs-realpath-native-on-may-cause-buffer-overflow-medium-cve-2020-8252 NOTE: Debian's version of nodejs uses the shared system library of libuv1 instead of the bundled one NOTE: https://github.com/libuv/libuv/commit/0e6e8620496dff0eb285589ef1e37a7f407f3ddd -CVE-2020-8251 [Denial of Service by resource exhaustion CWE-400 due to unfinished HTTP/1.1 requests] - RESERVED +CVE-2020-8251 (Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) att ...) - nodejs (Only affects 14.x series) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#denial-of-service-by-resource-exhaustion-cwe-400-due-to-unfinished-http-1-1-requests-critical-cve-2020-8251 CVE-2020-8250 @@ -38776,12 +38798,12 @@ CVE-2020-8249 RESERVED CVE-2020-8248 RESERVED -CVE-2020-8247 - RESERVED -CVE-2020-8246 - RESERVED -CVE-2020-8245 - RESERVED +CVE-2020-8247 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) + TODO: check +CVE-2020-8246 (Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and N ...) + TODO: check +CVE-2020-8245 (Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before ...) + TODO: check CVE-2020-8244 (A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, &l ...) - node-bl 4.0.3-1 (bug #969309) [buster] - node-bl (Minor issue) @@ -38800,8 +38822,8 @@ CVE-2020-8239 RESERVED CVE-2020-8238 RESERVED -CVE-2020-8237 - RESERVED +CVE-2020-8237 (Prototype pollution in json-bigint npm package < 1.0.0 may lead to ...) + TODO: check CVE-2020-8236 RESERVED CVE-2020-8235 @@ -38834,8 +38856,8 @@ CVE-2020-8227 (Missing sanitization of a server response in Nextcloud Desktop Cl NOTE: https://hackerone.com/reports/685552 CVE-2020-8226 (A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allow ...) NOT-FOR-US: phpBB -CVE-2020-8225 - RESERVED +CVE-2020-8225 (A cleartext storage of sensitive information in Nextcloud Desktop Clie ...) + TODO: check CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...) - nextcloud-desktop (Windows-specific) NOTE: https://nextcloud.com/security/advisory/?id=NC-SA-2020-030 @@ -38887,14 +38909,13 @@ CVE-2020-8203 (Prototype pollution attack when using _.zipObjectDeep in lodash & NOTE: https://hackerone.com/reports/712065 CVE-2020-8202 (Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 a ...) NOT-FOR-US: Nextcloud Preferred Providers app -CVE-2020-8201 [HTTP Request Smuggling due to CR-to-Hyphen conversion] - RESERVED +CVE-2020-8201 (Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP d ...) - nodejs 12.18.4~dfsg-1 [buster] - nodejs (Only affects 12.x and later) [stretch] - nodejs (Only affects 12.x and later) NOTE: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/#http-request-smuggling-due-to-cr-to-hyphen-conversion-high-cve-2020-8201 -CVE-2020-8200 - RESERVED +CVE-2020-8200 (Improper authentication in Citrix StoreFront Server < 1912.0.1000 a ...) + TODO: check CVE-2020-8199 (Improper access control in Citrix ADC Gateway Linux client versions be ...) NOT-FOR-US: Citrix CVE-2020-8198 (Improper input validation in Citrix ADC and Citrix Gateway versions be ...) @@ -39041,8 +39062,8 @@ CVE-2020-8159 (There is a vulnerability in actionpack_page-caching gem < v1.2 - ruby-actionpack-page-caching 1.2.2-1 (bug #960680) [buster] - ruby-actionpack-page-caching (Minor issue) NOTE: https://groups.google.com/forum/#!topic/rubyonrails-security/CFRVkEytdP8 -CVE-2020-8158 - RESERVED +CVE-2020-8158 (Prototype pollution vulnerability in the TypeORM package < 0.2.25 m ...) + TODO: check CVE-2020-8157 (UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Ke ...) NOT-FOR-US: UniFi Cloud Key CVE-2020-8156 (A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed ...) @@ -45536,8 +45557,8 @@ CVE-2020-5423 RESERVED CVE-2020-5422 RESERVED -CVE-2020-5421 - RESERVED +CVE-2020-5421 (In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5. ...) + TODO: check CVE-2020-5420 (Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a mal ...) NOT-FOR-US: Cloud Foundry CVE-2020-5419 (RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific ...) -- cgit v1.2.3