diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-06-04 20:38:09 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-06-04 20:38:09 +0000 |
commit | 799fab9f1186f0ddc62c838e6f6ece925402b76e (patch) | |
tree | 709faac8a412665fb6f99ad101984a9b814fa95b /data/CVE/2020.list | |
parent | 7c827e4cc1f34c03ef91676f3814a2b756eed64a (diff) |
automatic update
Diffstat (limited to 'data/CVE/2020.list')
-rw-r--r-- | data/CVE/2020.list | 152 |
1 files changed, 103 insertions, 49 deletions
diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 2b390eaf19..ce69341f10 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,29 +1,85 @@ -CVE-2020-13815 +CVE-2020-13843 RESERVED -CVE-2020-13814 +CVE-2020-13842 RESERVED -CVE-2020-13813 +CVE-2020-13841 RESERVED -CVE-2020-13812 +CVE-2020-13840 RESERVED -CVE-2020-13811 +CVE-2020-13839 RESERVED -CVE-2020-13810 +CVE-2020-13838 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + TODO: check +CVE-2020-13837 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + TODO: check +CVE-2020-13836 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + TODO: check +CVE-2020-13835 (An issue was discovered on Samsung mobile devices with O(8.x) (with TE ...) + TODO: check +CVE-2020-13834 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + TODO: check +CVE-2020-13833 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + TODO: check +CVE-2020-13832 (An issue was discovered on Samsung mobile devices with Q(10.0) (with T ...) + TODO: check +CVE-2020-13831 (An issue was discovered on Samsung mobile devices with O(8.x) and P(9. ...) + TODO: check +CVE-2020-13830 (An issue was discovered on Samsung mobile devices with P(9.0) software ...) + TODO: check +CVE-2020-13829 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + TODO: check +CVE-2020-13828 RESERVED -CVE-2020-13809 +CVE-2020-13827 (phpList before 3.5.4 allows XSS via /lists/admin/user.php and /lists/a ...) + TODO: check +CVE-2020-13826 RESERVED -CVE-2020-13808 +CVE-2020-13825 RESERVED -CVE-2020-13807 +CVE-2020-13824 RESERVED -CVE-2020-13806 +CVE-2020-13823 RESERVED -CVE-2020-13805 +CVE-2020-13822 (The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleabi ...) + TODO: check +CVE-2020-13821 RESERVED -CVE-2020-13804 +CVE-2020-13820 RESERVED -CVE-2020-13803 +CVE-2020-13819 + RESERVED +CVE-2020-13818 (In Zoho ManageEngine OpManager before 125144, when <cachestart> ...) + TODO: check +CVE-2020-13817 (ntpd in ntp before 4.2.8p14 and 4.3.x before 4.3.100 allows remote att ...) + TODO: check +CVE-2020-13816 RESERVED +CVE-2020-13815 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...) + TODO: check +CVE-2020-13814 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.1. I ...) + TODO: check +CVE-2020-13813 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...) + TODO: check +CVE-2020-13812 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It all ...) + TODO: check +CVE-2020-13811 (An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has ...) + TODO: check +CVE-2020-13810 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + TODO: check +CVE-2020-13809 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + TODO: check +CVE-2020-13808 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + TODO: check +CVE-2020-13807 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + TODO: check +CVE-2020-13806 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + TODO: check +CVE-2020-13805 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + TODO: check +CVE-2020-13804 (An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. I ...) + TODO: check +CVE-2020-13803 (An issue was discovered in Foxit PhantomPDF Mac and Foxit Reader for M ...) + TODO: check CVE-2020-13802 RESERVED CVE-2020-13801 @@ -52,16 +108,14 @@ CVE-2020-XXXX [Cross-Site Scripting (XSS) vulnerability in template object 'user - roundcube 1.4.5+dfsg.1-1 (bug #962123) NOTE: 1.4.x: https://github.com/roundcube/roundcubemail/commit/4beec65d40c5e5b1f2bace935c110baf05e10ae5 NOTE: 1.3.x: https://github.com/roundcube/roundcubemail/commit/37e2bc745723ef6322f0f785aefd0b9313a40f19 -CVE-2020-13800 [ati-vga: infinite recursion in ati_mm_read/write calls may lead to DoS] - RESERVED +CVE-2020-13800 (ati-vga in hw/display/ati.c in QEMU 4.2.0 allows guest OS users to tri ...) - qemu <unfixed> [buster] - qemu <not-affected> (Vulnerable code introduced later) [stretch] - qemu <not-affected> (Vulnerable code introduced later) [jessie] - qemu <not-affected> (Vulnerable code introduced later) NOTE: https://www.openwall.com/lists/oss-security/2020/06/04/2 NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-06/msg00833.html -CVE-2020-13791 [ati-vga: OOB access while reading PCI configuration may lead to DoS] - RESERVED +CVE-2020-13791 (hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of- ...) - qemu <unfixed> [buster] - qemu <not-affected> (Vulnerable code introduced later) [stretch] - qemu <not-affected> (Vulnerable code introduced later) @@ -127,8 +181,7 @@ CVE-2020-13767 RESERVED CVE-2020-13766 RESERVED -CVE-2020-13765 [loader: OOB access while loading registered ROM may lead to code execution] - RESERVED +CVE-2020-13765 (rom_copy() in hw/core/loader.c in QEMU 4.1.0 does not validate the rel ...) - qemu 1:4.2-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/6 NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=e423455c4f23a1a828901c78fe6d03b7dde79319 @@ -286,8 +339,8 @@ CVE-2020-13694 (In QuickBox Community Edition through 2.5.5 and Pro Edition thro NOT-FOR-US: QuickBox CVE-2020-13693 (An unauthenticated privilege-escalation issue exists in the bbPress pl ...) NOT-FOR-US: bbPress plugin for WordPress -CVE-2020-13692 - RESERVED +CVE-2020-13692 (PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. ...) + TODO: check CVE-2020-13691 RESERVED CVE-2020-13690 @@ -492,6 +545,7 @@ CVE-2020-13598 CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...) TODO: check CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) + {DLA-2233-1} - python-django 2:2.2.13-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 NOTE: https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master) @@ -1216,6 +1270,7 @@ CVE-2020-13256 CVE-2020-13255 RESERVED CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) + {DLA-2233-1} - python-django 2:2.2.13-1 NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 NOTE: https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master) @@ -2103,8 +2158,8 @@ CVE-2020-12855 RESERVED CVE-2020-12854 RESERVED -CVE-2020-12853 - RESERVED +CVE-2020-12853 (Pydio Cells 2.0.4 allows XSS. A malicious user can either upload or cr ...) + TODO: check CVE-2020-12852 RESERVED CVE-2020-12851 @@ -4891,12 +4946,12 @@ CVE-2020-11683 RESERVED CVE-2020-11682 RESERVED -CVE-2020-11681 - RESERVED -CVE-2020-11680 - RESERVED -CVE-2020-11679 - RESERVED +CVE-2020-11681 (Castel NextGen DVR v1.0.0 stores and displays credentials for the asso ...) + TODO: check +CVE-2020-11680 (Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all ...) + TODO: check +CVE-2020-11679 (Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation throug ...) + TODO: check CVE-2020-11678 RESERVED CVE-2020-11677 (Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3). ...) @@ -7393,8 +7448,7 @@ CVE-2020-10703 (A NULL pointer dereference was found in the libvirt API responsi NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1790725 NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5d5c732d748d644ec14626bce448e84bdc4bd93e (v3.10.0-rc1) NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=dfff16a7c261f8d28e3abe60a47165f845fa952f (v6.0.0-rc1) -CVE-2020-10702 [weak signature generation in Pointer Authentication support for ARM] - RESERVED +CVE-2020-10702 (A flaw was found in QEMU in the implementation of the Pointer Authenti ...) - qemu 1:4.2-5 [buster] - qemu <not-affected> (Vulnerable code introduced later) [stretch] - qemu <not-affected> (Vulnerable code introduced later) @@ -10136,8 +10190,8 @@ CVE-2020-9464 (A Denial-of-Service vulnerability exists in BECKHOFF Ethernet TCP NOT-FOR-US: BECKHOFF Ethernet TCP/IP Bus Coupler BK9000 CVE-2020-9463 (Centreon 19.10 allows remote authenticated users to execute arbitrary ...) - centreon-web <itp> (bug #913903) -CVE-2020-9462 - RESERVED +CVE-2020-9462 (An issue was discovered in all Athom Homey and Homey Pro devices up to ...) + TODO: check CVE-2020-9461 (Octech Oempro 4.7 through 4.11 allow stored XSS by an authenticated us ...) NOT-FOR-US: Octech Oempro CVE-2020-9460 (Octech Oempro 4.7 through 4.11 allow XSS by an authenticated user. The ...) @@ -10566,8 +10620,8 @@ CVE-2020-9294 (An improper authentication vulnerability in FortiMail 5.4.10, 6.0 NOT-FOR-US: FortiMail Fortiguard CVE-2020-9293 RESERVED -CVE-2020-9292 - RESERVED +CVE-2020-9292 (An unquoted service path vulnerability in the FortiSIEM Windows Agent ...) + TODO: check CVE-2020-9291 (An Insecure Temporary File vulnerability in FortiClient for Windows 6. ...) NOT-FOR-US: Fortiguard / FortiClient for Windows CVE-2020-9290 (An Unsafe Search Path vulnerability in FortiClient for Windows online ...) @@ -14136,8 +14190,8 @@ CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of TODO: check CVE-2020-7662 (websocket-extensions npm module prior to 1.0.4 allows Denial of Servic ...) TODO: check -CVE-2020-7661 - RESERVED +CVE-2020-7661 (all versions of url-regex are vulnerable to Regular Expression Denial ...) + TODO: check CVE-2020-7660 (serialize-javascript prior to 3.1.0 allows remote attackers to inject ...) TODO: check CVE-2020-7659 (reel through 0.6.1 allows Request Smuggling attacks due to incorrect C ...) @@ -16506,8 +16560,8 @@ CVE-2020-6642 RESERVED CVE-2020-6641 RESERVED -CVE-2020-6640 - RESERVED +CVE-2020-6640 (An improper neutralization of input vulnerability in the Admin Profile ...) + TODO: check CVE-2020-6639 RESERVED CVE-2020-6638 (Grin through 2.1.1 has Insufficient Validation. ...) @@ -21201,8 +21255,8 @@ CVE-2020-4511 RESERVED CVE-2020-4510 RESERVED -CVE-2020-4509 - RESERVED +CVE-2020-4509 (IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity In ...) + TODO: check CVE-2020-4508 RESERVED CVE-2020-4507 @@ -21833,12 +21887,12 @@ CVE-2020-4195 (IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a rem NOT-FOR-US: IBM CVE-2020-4194 RESERVED -CVE-2020-4193 - RESERVED +CVE-2020-4193 (IBM Security Guardium 11.1 uses an inadequate account lockout setting ...) + TODO: check CVE-2020-4192 RESERVED -CVE-2020-4191 - RESERVED +CVE-2020-4191 (IBM Security Guardium 11.1 uses weaker than expected cryptographic alg ...) + TODO: check CVE-2020-4190 (IBM Security Guardium 10.6, 11.0, and 11.1 contains hard-coded credent ...) NOT-FOR-US: IBM CVE-2020-4189 @@ -21853,8 +21907,8 @@ CVE-2020-4185 RESERVED CVE-2020-4184 RESERVED -CVE-2020-4183 - RESERVED +CVE-2020-4183 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...) + TODO: check CVE-2020-4182 (IBM Security Guardium 11.1 is vulnerable to cross-site scripting. This ...) NOT-FOR-US: IBM CVE-2020-4181 @@ -22669,11 +22723,11 @@ CVE-2020-3814 CVE-2020-3813 RESERVED CVE-2020-3812 (qmail-verify as used in netqmail 1.06 is prone to an information discl ...) - {DSA-4692-1} + {DSA-4692-1 DLA-2234-1} - netqmail 1.06-6.2 (bug #961060) NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2020-3811 (qmail-verify as used in netqmail 1.06 is prone to a mail-address verif ...) - {DSA-4692-1} + {DSA-4692-1 DLA-2234-1} - netqmail 1.06-6.2 (bug #961060) NOTE: https://www.openwall.com/lists/oss-security/2020/05/19/8 CVE-2020-3810 (Missing input validation in the ar/tar implementations of APT before v ...) |