From 49cd4618dc6fe48fd2a43d94eeea5eeb08872245 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 17 Sep 2020 20:10:23 +0000 Subject: automatic update --- data/CVE/2019.list | 2 +- data/CVE/2020.list | 268 +++++++++++++++++++++++++++++------------------------ 2 files changed, 146 insertions(+), 124 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 5653662115..20e05fba1e 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,4 +1,4 @@ -CVE-2019-20919 [NULL porfile dereference in dbi_profile()] +CVE-2019-20919 (An issue was discovered in the DBI module before 1.643 for Perl. The h ...) - libdbi-perl 1.643-1 [buster] - libdbi-perl (Minor issue) NOTE: https://github.com/perl5-dbi/dbi/commit/eca7d7c8f43d96f6277e86d1000e842eb4cc67ff diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 3fbc741590..b4ae68399e 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,29 @@ +CVE-2020-25739 + RESERVED +CVE-2020-25738 + RESERVED +CVE-2020-25737 + RESERVED +CVE-2020-25736 + RESERVED +CVE-2020-25735 + RESERVED +CVE-2020-25734 + RESERVED +CVE-2020-25733 + RESERVED +CVE-2020-25732 + RESERVED +CVE-2020-25731 + RESERVED +CVE-2020-25730 + RESERVED +CVE-2020-25729 (ZoneMinder before 1.34.21 has XSS via the connkey parameter to downloa ...) + TODO: check +CVE-2020-25728 (The Reset Password add-on before 1.2.0 for Alfresco has a broken algor ...) + TODO: check +CVE-2020-25727 (The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS- ...) + TODO: check CVE-2020-25726 RESERVED CVE-2020-25725 @@ -468,10 +494,10 @@ CVE-2020-25492 RESERVED CVE-2020-25491 RESERVED -CVE-2020-25490 - RESERVED -CVE-2020-25489 - RESERVED +CVE-2020-25490 (Lack of cryptographic signature verification in the Sqreen PHP agent d ...) + TODO: check +CVE-2020-25489 (A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0 ...) + TODO: check CVE-2020-25488 RESERVED CVE-2020-25487 @@ -1034,10 +1060,10 @@ CVE-2020-25218 RESERVED CVE-2020-25217 RESERVED -CVE-2020-25216 - RESERVED -CVE-2020-25215 - RESERVED +CVE-2020-25216 (yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Tran ...) + TODO: check +CVE-2020-25215 (yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or Grap ...) + TODO: check CVE-2020-25214 RESERVED CVE-2020-25213 (The File Manager (wp-file-manager) plugin before 6.9 for WordPress all ...) @@ -2025,14 +2051,14 @@ CVE-2020-24755 RESERVED CVE-2020-24754 RESERVED -CVE-2020-24753 - RESERVED +CVE-2020-24753 (A memory corruption vulnerability in Objective Open CBOR Run-time (ooc ...) + TODO: check CVE-2020-24752 RESERVED CVE-2020-24751 RESERVED -CVE-2020-24750 - RESERVED +CVE-2020-24750 (FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interact ...) + TODO: check CVE-2020-24749 RESERVED CVE-2020-24748 @@ -3536,10 +3562,10 @@ CVE-2020-24048 RESERVED CVE-2020-24047 RESERVED -CVE-2020-24046 - RESERVED -CVE-2020-24045 - RESERVED +CVE-2020-24046 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...) + TODO: check +CVE-2020-24045 (A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.0 ...) + TODO: check CVE-2020-24044 RESERVED CVE-2020-24043 @@ -23790,8 +23816,7 @@ CVE-2020-14339 [leak of /dev/mapper/control into QEMU guests] NOTE: https://www.redhat.com/archives/libvir-list/2020-July/msg01500.html NOTE: Proposed patch: https://www.redhat.com/archives/libvir-list/2020-July/msg01501.html NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=22494556542c676d1b9e7f1c1f2ea13ac17e1e3e (v6.6.0) -CVE-2020-14338 - RESERVED +CVE-2020-14338 (A flaw was found in Wildfly's implementation of Xerces, specifically i ...) - wildfly (bug #752018) CVE-2020-14337 (A data exposure flaw was found in Tower, where sensitive data was reve ...) NOT-FOR-US: Ansible Tower @@ -24789,8 +24814,7 @@ CVE-2020-13950 RESERVED CVE-2020-13949 RESERVED -CVE-2020-13948 - RESERVED +CVE-2020-13948 (While investigating a bug report on Apache Superset, it was determined ...) NOT-FOR-US: Apache Superset CVE-2020-13947 RESERVED @@ -24798,8 +24822,7 @@ CVE-2020-13946 (In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.2 - cassandra (bug #585905) CVE-2020-13945 RESERVED -CVE-2020-13944 - RESERVED +CVE-2020-13944 (In Apache Airflow < 1.10.12, the "origin" parameter passed to some ...) - airflow (bug #819700) CVE-2020-13943 RESERVED @@ -26684,8 +26707,8 @@ CVE-2020-13170 (HashiCorp Consul and Consul Enterprise did not appropriately enf [buster] - consul (Vulnerable code not present) NOTE: https://github.com/hashicorp/consul/blob/v1.7.4/CHANGELOG.md NOTE: https://github.com/hashicorp/consul/pull/8068 -CVE-2020-13169 - RESERVED +CVE-2020-13169 (Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platf ...) + TODO: check CVE-2020-13168 RESERVED CVE-2020-13167 (Netsweeper through 6.4.3 allows unauthenticated remote code execution ...) @@ -30065,10 +30088,10 @@ CVE-2020-11806 (In MailStore Outlook Add-in (and Email Archive Outlook Add-in) t NOT-FOR-US: MailStore Outlook Add-in CVE-2020-11805 RESERVED -CVE-2020-11804 - RESERVED -CVE-2020-11803 - RESERVED +CVE-2020-11804 (An issue was discovered in Titan SpamTitan 7.07. Due to improper sanit ...) + TODO: check +CVE-2020-11803 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) + TODO: check CVE-2020-11802 RESERVED CVE-2020-11801 @@ -30370,12 +30393,12 @@ CVE-2020-11702 (An issue was discovered in ProVide (formerly zFTPServer) through NOT-FOR-US: ProVide (formerly zFTPServer) CVE-2020-11701 (An issue was discovered in ProVide (formerly zFTPServer) through 13.1. ...) NOT-FOR-US: ProVide (formerly zFTPServer) -CVE-2020-11700 - RESERVED -CVE-2020-11699 - RESERVED -CVE-2020-11698 - RESERVED +CVE-2020-11700 (An issue was discovered in Titan SpamTitan 7.07. Improper sanitization ...) + TODO: check +CVE-2020-11699 (An issue was discovered in Titan SpamTitan 7.07. Improper validation o ...) + TODO: check +CVE-2020-11698 (An issue was discovered in Titan SpamTitan 7.07. Improper input saniti ...) + TODO: check CVE-2020-11697 (In Combodo iTop, dashboard ids can be exploited with a reflective XSS ...) NOT-FOR-US: Combodo iTop CVE-2020-11696 (In Combodo iTop a menu shortcut name can be exploited with a stored XS ...) @@ -31808,7 +31831,7 @@ CVE-2020-11082 (In Kaminari before 1.2.1, there is a vulnerability that would al [jessie] - ruby-kaminari (No reverse dependency) NOTE: https://github.com/kaminari/kaminari/security/advisories/GHSA-r5jw-62xg-j433 NOTE: https://github.com/kaminari/kaminari/commit/8dd52a1aed3d2fa2835d836de23fc0d8c4ff5db8 -CVE-2020-11081 (osquery before version 4.4.0 enables a priviledge escalation vulnerabi ...) +CVE-2020-11081 (osquery before version 4.4.0 enables a privilege escalation vulnerabil ...) - osquery (bug #803502) CVE-2020-11080 (In nghttp2 before version 1.41.0, the overly large HTTP/2 SETTINGS fra ...) {DSA-4696-1} @@ -39239,8 +39262,8 @@ CVE-2020-8030 RESERVED CVE-2020-8029 RESERVED -CVE-2020-8028 - RESERVED +CVE-2020-8028 (A Improper Access Control vulnerability in the configuration of salt o ...) + TODO: check CVE-2020-8027 RESERVED CVE-2020-8026 (A Incorrect Default Permissions vulnerability in the packaging of inn ...) @@ -43949,16 +43972,16 @@ CVE-2020-6118 (SQL injection vulnerabilities exist in the CheckDuplicateStudent. NOT-FOR-US: OS4Ed openSIS CVE-2020-6117 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) NOT-FOR-US: OS4Ed openSIS -CVE-2020-6116 - RESERVED -CVE-2020-6115 - RESERVED +CVE-2020-6116 (An arbitrary code execution vulnerability exists in the rendering func ...) + TODO: check +CVE-2020-6115 (An exploitable vulnerability exists in the cross-reference table repai ...) + TODO: check CVE-2020-6114 (An exploitable SQL injection vulnerability exists in the Admin Reports ...) NOT-FOR-US: Glacies IceHRM -CVE-2020-6113 - RESERVED -CVE-2020-6112 - RESERVED +CVE-2020-6113 (An exploitable vulnerability exists in the object stream parsing funct ...) + TODO: check +CVE-2020-6112 (An exploitable code execution vulnerability exists in the JPEG2000 Str ...) + TODO: check CVE-2020-6111 RESERVED CVE-2020-6110 (An exploitable partial path traversal vulnerability exists in the way ...) @@ -56260,24 +56283,24 @@ CVE-2020-0437 RESERVED CVE-2020-0436 RESERVED -CVE-2020-0435 - RESERVED -CVE-2020-0434 - RESERVED -CVE-2020-0433 - RESERVED -CVE-2020-0432 - RESERVED -CVE-2020-0431 - RESERVED -CVE-2020-0430 - RESERVED -CVE-2020-0429 - RESERVED -CVE-2020-0428 - RESERVED -CVE-2020-0427 - RESERVED +CVE-2020-0435 (In inline_data_addr of f2fs.h, there is a possible out of bounds write ...) + TODO: check +CVE-2020-0434 (In Pixel's use of the Catpipe library, there is possible memory corrup ...) + TODO: check +CVE-2020-0433 (In blk_mq_queue_tag_busy_iter of blk-mq-tag.c, there is a possible use ...) + TODO: check +CVE-2020-0432 (In skb_to_mamac of networking.c, there is a possible out of bounds wri ...) + TODO: check +CVE-2020-0431 (In kbd_keycode of keyboard.c, there is a possible out of bounds write ...) + TODO: check +CVE-2020-0430 (In skb_headlen of /include/linux/skbuff.h, there is a possible out of ...) + TODO: check +CVE-2020-0429 (In l2tp_session_delete and related functions of l2tp_core.c, there is ...) + TODO: check +CVE-2020-0428 (In CamX code, there is a possible use after free due to a race conditi ...) + TODO: check +CVE-2020-0427 (In create_pinctrl of core.c, there is a possible out of bounds read du ...) + TODO: check CVE-2020-0426 RESERVED CVE-2020-0425 @@ -56316,69 +56339,68 @@ CVE-2020-0409 RESERVED CVE-2020-0408 RESERVED -CVE-2020-0407 - RESERVED +CVE-2020-0407 (In various functions in fscrypt_ice.c and related files in some implem ...) + TODO: check CVE-2020-0406 RESERVED CVE-2020-0405 RESERVED -CVE-2020-0404 - RESERVED +CVE-2020-0404 (In uvc_scan_chain_forward of uvc_driver.c, there is a possible linked ...) - linux 5.4.19-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.228-1 NOTE: https://git.kernel.org/linus/68035c80e129c4cfec659aac4180354530b26527 -CVE-2020-0403 - RESERVED +CVE-2020-0403 (In the FPC TrustZone fingerprint App, there is a possible invalid comm ...) + TODO: check CVE-2020-0402 RESERVED NOTE: Duplicate assignment for CVE-2019-19769 (Android security informed) -CVE-2020-0401 - RESERVED +CVE-2020-0401 (In setInstallerPackageName of PackageManagerService.java, there is a m ...) + TODO: check CVE-2020-0400 RESERVED -CVE-2020-0399 - RESERVED +CVE-2020-0399 (In showLimitedSimFunctionWarningNotification of NotificationMgr.java, ...) + TODO: check CVE-2020-0398 RESERVED -CVE-2020-0397 - RESERVED -CVE-2020-0396 - RESERVED -CVE-2020-0395 - RESERVED -CVE-2020-0394 - RESERVED -CVE-2020-0393 - RESERVED -CVE-2020-0392 - RESERVED -CVE-2020-0391 - RESERVED -CVE-2020-0390 - RESERVED -CVE-2020-0389 - RESERVED -CVE-2020-0388 - RESERVED -CVE-2020-0387 - RESERVED -CVE-2020-0386 - RESERVED -CVE-2020-0385 - RESERVED -CVE-2020-0384 - RESERVED -CVE-2020-0383 - RESERVED -CVE-2020-0382 - RESERVED -CVE-2020-0381 - RESERVED -CVE-2020-0380 - RESERVED -CVE-2020-0379 - RESERVED +CVE-2020-0397 (In getNotificationBuilder of CarrierServiceStateTracker.java, there is ...) + TODO: check +CVE-2020-0396 (In various places in Telephony, there is a possible permission bypass ...) + TODO: check +CVE-2020-0395 (In showNotification of EmergencyCallbackModeService.java, there is a p ...) + TODO: check +CVE-2020-0394 (In onCreate of BluetoothPairingDialog.java, there is a possible tapjac ...) + TODO: check +CVE-2020-0393 (In decrypt and decrypt_1_2 of CryptoPlugin.cpp, there is a possible ou ...) + TODO: check +CVE-2020-0392 (In getLayerDebugInfo of SurfaceFlinger.cpp, there is a possible code e ...) + TODO: check +CVE-2020-0391 (In applyPolicy of PackageManagerService.java, there is possible arbitr ...) + TODO: check +CVE-2020-0390 (In the app zygote SE Policy, there is a possible permissions bypass. T ...) + TODO: check +CVE-2020-0389 (In createSaveNotification of RecordingService.java, there is a possibl ...) + TODO: check +CVE-2020-0388 (In createEmergencyLocationUserNotification of GnssVisibilityControl.ja ...) + TODO: check +CVE-2020-0387 (In manifest files of the SmartSpace package, there is a possible tapja ...) + TODO: check +CVE-2020-0386 (In onCreate of RequestPermissionActivity.java, there is a possible tap ...) + TODO: check +CVE-2020-0385 (In Parse_insh of eas_mdls.c, there is a possible out of bounds write d ...) + TODO: check +CVE-2020-0384 (In Parse_art of eas_mdls.c, there is a possible out of bounds write du ...) + TODO: check +CVE-2020-0383 (In Parse_ins of eas_mdls.c, there is a possible out of bounds write du ...) + TODO: check +CVE-2020-0382 (In RunInternal of dumpstate.cpp, there is a possible user consent bypa ...) + TODO: check +CVE-2020-0381 (In Parse_wave of eas_mdls.c, there is a possible out of bounds write d ...) + TODO: check +CVE-2020-0380 (In allocExcessBits of bitalloc.c, there is a possible out of bounds wr ...) + TODO: check +CVE-2020-0379 (In the Bluetooth service, there is a possible spoofing attack due to a ...) + TODO: check CVE-2020-0378 RESERVED CVE-2020-0377 @@ -56451,8 +56473,8 @@ CVE-2020-0344 RESERVED CVE-2020-0343 RESERVED -CVE-2020-0342 - RESERVED +CVE-2020-0342 (There is a possible out of bounds write due to an incorrect bounds che ...) + TODO: check CVE-2020-0341 RESERVED CVE-2020-0340 @@ -56583,8 +56605,8 @@ CVE-2020-0280 RESERVED CVE-2020-0279 RESERVED -CVE-2020-0278 - RESERVED +CVE-2020-0278 (There is a possible out of bounds write due to an incorrect bounds che ...) + TODO: check CVE-2020-0277 RESERVED CVE-2020-0276 @@ -56649,8 +56671,8 @@ CVE-2020-0247 (In Threshold::getHistogram of ImageProcessHelper.java, there is a NOT-FOR-US: Android CVE-2020-0246 RESERVED -CVE-2020-0245 - RESERVED +CVE-2020-0245 (In DecodeFrameCombinedMode of combined_decode.cpp, there is a possible ...) + TODO: check CVE-2020-0244 RESERVED CVE-2020-0243 (In clearPropValue of MediaAnalyticsItem.cpp, there is a possible use-a ...) @@ -56681,8 +56703,8 @@ CVE-2020-0231 (There is a possible out of bounds write due to an incorrect bound NOT-FOR-US: MediaTek components for Android CVE-2020-0230 (There is a possible out of bounds write due to an incorrect bounds che ...) NOT-FOR-US: MediaTek components for Android -CVE-2020-0229 - RESERVED +CVE-2020-0229 (There is a possible out of bounds write due to an incorrect bounds che ...) + TODO: check CVE-2020-0228 (There is an improper configuration of recorder related service. Produc ...) NOT-FOR-US: MediaTek components for Android CVE-2020-0227 (In onCommand of CompanionDeviceManagerService.java, there is a possibl ...) @@ -56906,8 +56928,8 @@ CVE-2020-0125 RESERVED CVE-2020-0124 (In markBootComplete of InstalldNativeService.cpp, there is a possible ...) NOT-FOR-US: Android -CVE-2020-0123 - RESERVED +CVE-2020-0123 (There is a possible out of bounds write due to an incorrect bounds che ...) + TODO: check CVE-2020-0122 (In the permission declaration for com.google.android.providers.gsf.per ...) NOT-FOR-US: Android CVE-2020-0121 (In updateUidProcState of AppOpsService.java, there is a possible permi ...) @@ -57014,8 +57036,8 @@ CVE-2020-0076 (In get_auth_result of the FPC IRIS TrustZone app, there is a poss NOT-FOR-US: Android CVE-2020-0075 (In set_shared_key of the FPC IRIS TrustZone app, there is a possible o ...) NOT-FOR-US: Android -CVE-2020-0074 - RESERVED +CVE-2020-0074 (In verifyIntentFiltersIfNeeded of PackageManagerService.java, there is ...) + TODO: check CVE-2020-0073 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...) NOT-FOR-US: Android CVE-2020-0072 (In rw_t2t_handle_tlv_detect_rsp of rw_t2t_ndef.cc, there is a possible ...) -- cgit v1.2.3