automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-02-21 08:10:20 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-02-21 08:10:20 +0000
commit: 063b5ad70703e4cb072e391de2eacdf1202ced56 (patch)
tree: c0e47fd99d7a0122aad201c2e3eab5b332d4e0a8
parent: 0d0f9b69813bbb591d999cc4838c5c38d14615a8 (diff)
10 files changed, 136 insertions, 117 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index d993c4ec1b..cb0916131a 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -17,7 +17,7 @@ CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2
 CVE-2010-5332 (In the Linux kernel before 2.6.37, an out of bounds array access happe ...)
 	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
 	NOTE: https://git.kernel.org/linus/0926f91083f34d047abc74f1ca4fa6a9c161f7db
-CVE-2010-5331 (In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/ ...)
+CVE-2010-5331 (** DISPUTED ** In the Linux kernel before 2.6.34, a range check issue  ...)
 	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
 	NOTE: https://git.kernel.org/linus/0031c41be5c529f8329e327b63cde92ba1284842
 CVE-2010-5330 (On certain Ubiquiti devices, Command Injection exists via a GET reques ...)
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index ba45574bec..bb806e5f57 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -967,8 +967,7 @@ CVE-2011-4917
 	NOTE: Minor info leak, unlikely to be fixed upstream
 CVE-2011-4916
 	RESERVED
-CVE-2011-4915
-	RESERVED
+CVE-2011-4915 (fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ...)
 	- linux <unfixed> (unimportant)
 	- linux-2.6 <removed> (unimportant)
 	NOTE: Minor info leak, unlikely to be fixed upstream
@@ -7456,8 +7455,7 @@ CVE-2011-2500 (The host_reliable_addrinfo function in support/export/hostname.c
 	[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
 CVE-2011-2499 (Mambo CMS through 4.6.5 has multiple XSS. ...)
 	NOT-FOR-US: Mambo CMS
-CVE-2011-2498
-	RESERVED
+CVE-2011-2498 (The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged ...)
 	- linux-2.6 2.6.39-1 (low)
 	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.36)
 	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.36)
@@ -12342,8 +12340,7 @@ CVE-2011-0700 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress
 	{DSA-2190-1}
 	- wordpress 3.0.5+dfsg-1
 	[lenny] - wordpress <not-affected> (2.x version is not affected)
-CVE-2011-0699
-	RESERVED
+CVE-2011-0699 (Integer signedness error in the btrfs_ioctl_space_info function in the ...)
 	- linux-2.6 2.6.37-2
 	[wheezy] - linux-2.6 <not-affected> (code introduced in .37)
 	[squeeze] - linux-2.6 <not-affected> (code introduced in .37)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 294b76dd62..999a962b1a 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -3410,30 +3410,25 @@ CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtain
 	- phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
 CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow r ...)
 	NOT-FOR-US: OrangeHRM
-CVE-2012-5366
-	RESERVED
+CVE-2012-5366 (The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 ...)
 	NOT-FOR-US: Mac OS X
-CVE-2012-5365
-	RESERVED
+CVE-2012-5365 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year  ...)
 	- kfreebsd-8 <removed> (low; bug #690986)
 	- kfreebsd-9 <removed> (low)
 	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
 	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
 	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
 	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
-CVE-2012-5364
-	RESERVED
+CVE-2012-5364 (The IPv6 implementation in Microsoft Windows 7 and earlier allows remo ...)
 	NOT-FOR-US: Microsoft Windows
-CVE-2012-5363
-	RESERVED
+CVE-2012-5363 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year  ...)
 	- kfreebsd-8 <removed> (low; bug #690986)
 	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
 	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
 	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
 	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
 	- kfreebsd-9 <removed> (low)
-CVE-2012-5362
-	RESERVED
+CVE-2012-5362 (The IPv6 implementation in Microsoft Windows 7 and earlier allows remo ...)
 	NOT-FOR-US: Microsoft Windows
 CVE-2012-5361 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ar ...)
 	- ffmpeg 7:2.4.1-1
@@ -3726,7 +3721,7 @@ CVE-2012-5237 (The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the
 	- wireshark 1.8.2-2 (bug #689972)
 	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
 CVE-2012-5236 [Admin can decrypt user files]
-	RESERVED
+	REJECTED
 	- owncloud 5.0.3+dfsg-1
 	[wheezy] - owncloud <no-dsa> (Low risk, requires entensive changes, will be fully fixed in 5.0)
 	NOTE: http://owncloud.org/about/security/advisories/CVE-2012-5236/
@@ -8443,8 +8438,8 @@ CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk
 	- asterisk <not-affected> (Only affects Asterisk 10)
 CVE-2012-3352
 	RESERVED
-CVE-2012-3351
-	RESERVED
+CVE-2012-3351 (Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video  ...)
+	TODO: check
 CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remo ...)
 	NOT-FOR-US: WebMatic
 	NOTE: http://seclists.org/bugtraq/2012/Jul/25
@@ -10173,8 +10168,8 @@ CVE-2012-2631 (Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB Shoppin
 	NOT-FOR-US: WEBLOGIC
 CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier for Andr ...)
 	NOT-FOR-US: Puella Magi Madoka Magica iP (Android application)
-CVE-2012-2629
-	RESERVED
+CVE-2012-2629 (Multiple cross-site request forgery (CSRF) and cross-site scripting (X ...)
+	TODO: check
 CVE-2012-2628
 	RESERVED
 CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell So ...)
@@ -10241,7 +10236,7 @@ CVE-2012-2601 (SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch W
 CVE-2012-2600
 	RESERVED
 CVE-2012-2599
-	RESERVED
+	REJECTED
 CVE-2012-2598 (Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 t ...)
 	NOT-FOR-US: Siemens WinCC
 CVE-2012-2597 (Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3  ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index c9c22bd51c..7aa9f1303b 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1109,8 +1109,8 @@ CVE-2013-7116
 	REJECTED
 CVE-2013-7115
 	REJECTED
-CVE-2013-7109
-	RESERVED
+CVE-2013-7109 (OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE ...)
+	TODO: check
 CVE-2013-7105 (Buffer overflow in the Interstage HTTP Server log functionality, as us ...)
 	NOT-FOR-US: Fujitsu Interstage HTTP Server
 CVE-2013-7104 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...)
@@ -14302,8 +14302,7 @@ CVE-2013-2019 (Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows r
 	- boinc 6.13.6+dfsg-1 (low)
 	[squeeze] - boinc <no-dsa> (Minor issue)
 	NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=9a4140ae30a72e5175f3f31646d91f2d58df7156
-CVE-2013-2018 [SQL injections in the server-side scheduler code]
-	RESERVED
+CVE-2013-2018 (Multiple SQL injection vulnerabilities in BOINC allow remote attackers ...)
 	- boinc 7.0.65+dfsg-1 (low)
 	[squeeze] - boinc <not-affected> (Vulnerable code not present)
 	[wheezy] - boinc <no-dsa> (Minor issue)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index a5224c2509..3a98b41a46 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -7122,8 +7122,8 @@ CVE-2014-7952 (The backup mechanism in the adb tool in Android might allow attac
 	NOT-FOR-US: Android
 	NOTE: the vulnerability is in the Android OS itself (and its backup manager)
 	NOTE: adb is just an intermediary in the backup process
-CVE-2014-7951
-	RESERVED
+CVE-2014-7951 (Directory traversal vulnerability in the Android debug bridge (aka adb ...)
+	TODO: check
 CVE-2014-7950
 	RESERVED
 CVE-2014-7949
@@ -7278,8 +7278,8 @@ CVE-2014-7916 (Integer overflow in SampleTable.cpp in libstagefright in Android
 	NOT-FOR-US: libstagefright in Android
 CVE-2014-7915 (Integer overflow in SampleTable.cpp in libstagefright in Android befor ...)
 	NOT-FOR-US: libstagefright in Android
-CVE-2014-7914
-	RESERVED
+CVE-2014-7914 (btif/src/btif_dm.c in Android before 5.1 does not properly enforce the ...)
+	TODO: check
 CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...)
 	{DLA-506-1}
 	- dhcpcd5 7.0.8-0.1 (unimportant; bug #846938)
@@ -14870,29 +14870,23 @@ CVE-2014-4652 (Race condition in the tlv handler functionality in the snd_ctl_el
 	[wheezy] - linux 3.2.60-1
 	- linux-2.6 <removed> (low)
 	[squeeze] - linux-2.6 2.6.32-48squeeze8
-CVE-2014-4678 [incomplete fix for CVE-2014-4657]
-	RESERVED
+CVE-2014-4678 (The safe_eval function in Ansible before 1.6.4 does not properly restr ...)
 	- ansible 1.6.6+dfsg-1
 	NOTE: https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
 	NOTE: See http://www.openwall.com/lists/oss-security/2014/06/26/30
-CVE-2014-4660
-	RESERVED
+CVE-2014-4660 (Ansible before 1.5.5 constructs filenames containing user and password ...)
 	- ansible 1.5.5+dfsg-1
 	NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
-CVE-2014-4659
-	RESERVED
+CVE-2014-4659 (Ansible before 1.5.5 sets 0644 permissions for sources.list, which mig ...)
 	- ansible 1.5.5+dfsg-1
 	NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
-CVE-2014-4658
-	RESERVED
+CVE-2014-4658 (The vault subsystem in Ansible before 1.5.5 does not set the umask bef ...)
 	- ansible 1.5.5+dfsg-1
 	NOTE: https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69
-CVE-2014-4657
-	RESERVED
+CVE-2014-4657 (The safe_eval function in Ansible before 1.5.4 does not properly restr ...)
 	- ansible 1.5.5+dfsg-1
 	NOTE: https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c
-CVE-2014-4650
-	RESERVED
+CVE-2014-4650 (The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly h ...)
 	- python2.6 <removed> (low)
 	[squeeze] - python2.6 <no-dsa> (Minor issue)
 	[wheezy] - python2.6 <no-dsa> (Minor issue)
@@ -16318,8 +16312,8 @@ CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.j
 	NOT-FOR-US: F5 BIG-IP
 CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, wh ...)
 	- xen <not-affected> (Only 32- and 64-bit ARM systems from Xen 4.4 onwards)
-CVE-2014-4019
-	RESERVED
+CVE-2014-4019 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...)
+	TODO: check
 CVE-2014-4018 (The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a defau ...)
 	NOT-FOR-US: ZTE router
 CVE-2014-4168 ((1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote atta ...)
@@ -17696,7 +17690,7 @@ CVE-2014-3558 (ReflectionHelper (org.hibernate.validator.util.ReflectionHelper)
 	NOTE: have in Debian. Known fixed versions are 4.2.1, 4.3.2, and 5.1.2.
 	NOTE: Upstream ticket: https://hibernate.atlassian.net/browse/HV-912
 CVE-2014-3557
-	RESERVED
+	REJECTED
 CVE-2014-3556 (The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMT ...)
 	- nginx 1.6.1-1 (bug #757196)
 	[wheezy] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
@@ -17953,8 +17947,7 @@ CVE-2014-3486 (The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) t
 	NOT-FOR-US: Red Hat CloudForms Management Engine
 CVE-2014-3485 (The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterpri ...)
 	NOT-FOR-US: ovirt-engine-api / RHEV
-CVE-2014-3484 [stack-based buffer overflow]
-	RESERVED
+CVE-2014-3484 (Multiple stack-based buffer overflows in the __dn_expand function in n ...)
 	- musl 1.1.4-1 (bug #750815)
 CVE-2014-3483 (SQL injection vulnerability in activerecord/lib/active_record/connecti ...)
 	{DSA-2982-1}
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 5f00e5d620..b632f2848a 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -15227,12 +15227,10 @@ CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function
 CVE-2015-4412 (BSON injection vulnerability in the legal? function in BSON (bson-ruby ...)
 	- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
 	NOTE: Originating from  https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
-CVE-2015-4411 [ruby-bson: DoS and possible injection, with bernerdschaefer 2012-04-17 commit]
-	RESERVED
+CVE-2015-4411 (The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0 ...)
 	- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
 	NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
-CVE-2015-4410 [ruby-bson: DoS and possible injection]
-	RESERVED
+CVE-2015-4410 (The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit  ...)
 	- ruby-bson 1.10.0-2 (bug #787951)
 	[jessie] - ruby-bson 1.10.0-1+deb8u1
 	NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
@@ -19106,8 +19104,7 @@ CVE-2015-2924 (The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor
 	[jessie] - network-manager <no-dsa> (Minor issue)
 	[wheezy] - network-manager <no-dsa> (Minor issue)
 	[squeeze] - network-manager <no-dsa> (Minor issue)
-CVE-2015-2923 [IPv6 Hop limit lowering via RA messages]
-	RESERVED
+CVE-2015-2923 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack  ...)
 	{DSA-3175-2}
 	[experimental] - kfreebsd-11 11.0~svn284956-1
 	- kfreebsd-10 10.1~svn274115-4 (bug #782107)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 7c70c54fda..22795b5dc9 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -19467,8 +19467,8 @@ CVE-2016-4607 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes be
 	NOTE: contacted Apple for more information, but no reply for quite a while.
 	NOTE: Apple still does not provide information on this CVE, although it is
 	NOTE: possible that it's fixed in 1.1.29 upstream.
-CVE-2016-4606
-	RESERVED
+CVE-2016-4606 (Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 al ...)
+	TODO: check
 CVE-2016-4605 (Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a  ...)
 	NOT-FOR-US: Apple
 CVE-2016-4604 (Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the  ...)
@@ -23584,14 +23584,12 @@ CVE-2016-3183 (The sycc422_t_rgb function in common/color.c in OpenJPEG before 2
 	[jessie] - openjpeg2 <no-dsa> (Minor issue)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14
 	NOTE: https://github.com/uclouvain/openjpeg/issues/726
-CVE-2016-3182 [Heap Corruption in opj_free function]
-	RESERVED
+CVE-2016-3182 (The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG befo ...)
 	- openjpeg2 2.1.1-1
 	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/13
 	NOTE: https://github.com/uclouvain/openjpeg/issues/725
-CVE-2016-3181 [Out-Of-Bounds Read in opj_tcd_free_tile function]
-	RESERVED
+CVE-2016-3181 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3182. Reason: T ...)
 	- openjpeg2 2.1.1-1
 	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
 	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/12
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index 279d1581f4..29195525b9 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -39247,7 +39247,7 @@ CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware applianc
 	NOT-FOR-US: Rapid7 Nexpose hardware appliances
 CVE-2017-5242
 	RESERVED
-CVE-2017-5241 (Biscom Secure File Transfer version 5.1.1015 (and possibly prior) is v ...)
+CVE-2017-5241 (Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulne ...)
 	NOT-FOR-US: Biscom Secure File Transfer
 CVE-2017-5240 (Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a h ...)
 	NOT-FOR-US: Rapid7 AppSpider Pro
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 8efe98183f..28bbf06a07 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,4 +1,4 @@
-CVE-2019-20479 [open redirect issue exists in URLs with slash and backslash]
+CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...)
 	- libapache2-mod-auth-openidc 2.4.1-1
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7
 	NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453
@@ -1959,8 +1959,8 @@ CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a roo
 	NOT-FOR-US: D-Link
 CVE-2019-19742 (On D-Link DIR-615 devices, the User Account Configuration page is vuln ...)
 	NOT-FOR-US: D-Link
-CVE-2019-19741
-	RESERVED
+CVE-2019-19741 (Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege  ...)
+	TODO: check
 CVE-2019-19740 (Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignI ...)
 	NOT-FOR-US: Octeth Oempro
 CVE-2019-19739 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag o ...)
@@ -2076,8 +2076,8 @@ CVE-2019-19696 (A RootCA vulnerability found in Trend Micro Password Manager for
 	NOT-FOR-US: Trend Micro
 CVE-2019-19695 (A privilege escalation vulnerability in Trend Micro Antivirus for Mac  ...)
 	NOT-FOR-US: Trend Micro
-CVE-2019-19694
-	RESERVED
+CVE-2019-19694 (The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family  ...)
+	TODO: check
 CVE-2019-19693 (The Trend Micro Security 2020 consumer family of products contains a v ...)
 	NOT-FOR-US: Trend Micro
 CVE-2019-19692 (Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS ...)
@@ -10329,18 +10329,18 @@ CVE-2019-16304
 	RESERVED
 CVE-2019-16303 (A class generated by the Generator in JHipster before 6.3.0 and JHipst ...)
 	NOT-FOR-US: JHipster
-CVE-2019-16302
-	RESERVED
-CVE-2019-16301
-	RESERVED
-CVE-2019-16300
-	RESERVED
-CVE-2019-16299
-	RESERVED
-CVE-2019-16298
-	RESERVED
-CVE-2019-16297
-	RESERVED
+CVE-2019-16302 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
+	TODO: check
+CVE-2019-16301 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
+	TODO: check
+CVE-2019-16300 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
+	TODO: check
+CVE-2019-16299 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
+	TODO: check
+CVE-2019-16298 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
+	TODO: check
+CVE-2019-16297 (An issue was discovered in Open Network Operating System (ONOS) 1.14.  ...)
+	TODO: check
 CVE-2019-16296
 	RESERVED
 CVE-2019-16295 (Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS ...)
@@ -14666,8 +14666,8 @@ CVE-2019-14697 (musl libc through 1.1.23 has an x87 floating-point stack adjustm
 	NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/1
 CVE-2019-14689
 	RESERVED
-CVE-2019-14688
-	RESERVED
+CVE-2019-14688 (Trend Micro has repackaged installers for several Trend Micro products ...)
+	TODO: check
 CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...)
 	NOT-FOR-US: Trend Micro
 CVE-2019-14686 (A DLL hijacking vulnerability exists in the Trend Micro Security's 201 ...)
@@ -24098,8 +24098,8 @@ CVE-2019-11193 (The FileManager in InfinitumIT DirectAdmin through v1.561 has XS
 	NOT-FOR-US: DirectAdmin
 CVE-2019-11192
 	RESERVED
-CVE-2019-11189
-	RESERVED
+CVE-2019-11189 (Authentication Bypass by Spoofing in org.onosproject.acl (access contr ...)
+	TODO: check
 CVE-2019-11191 (** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT i ...)
 	- linux <unfixed> (unimportant)
 	NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4
@@ -41380,8 +41380,8 @@ CVE-2019-4754
 	RESERVED
 CVE-2019-4753
 	RESERVED
-CVE-2019-4752
-	RESERVED
+CVE-2019-4752 (IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Manageme ...)
+	TODO: check
 CVE-2019-4751
 	RESERVED
 CVE-2019-4750
@@ -41718,8 +41718,8 @@ CVE-2019-4585
 	RESERVED
 CVE-2019-4584
 	RESERVED
-CVE-2019-4583
-	RESERVED
+CVE-2019-4583 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authen ...)
+	TODO: check
 CVE-2019-4582
 	RESERVED
 CVE-2019-4581 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...)
@@ -47645,7 +47645,7 @@ CVE-2019-1952 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure
 	NOT-FOR-US: Cisco
 CVE-2019-1951 (A vulnerability in the packet filtering features of Cisco SD-WAN Solut ...)
 	NOT-FOR-US: Cisco
-CVE-2019-1950 (A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers ...)
+CVE-2019-1950 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...)
 	TODO: check
 CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Firepow ...)
 	NOT-FOR-US: Cisco
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index b6fb860d86..f6d8b91ffc 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,43 @@
+CVE-2020-9326
+	RESERVED
+CVE-2020-9325
+	RESERVED
+CVE-2020-9324
+	RESERVED
+CVE-2020-9323
+	RESERVED
+CVE-2020-9322
+	RESERVED
+CVE-2020-9321
+	RESERVED
+CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a  ...)
+	TODO: check
+CVE-2020-9319
+	RESERVED
+CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...)
+	TODO: check
+CVE-2020-9317
+	RESERVED
+CVE-2020-9316
+	RESERVED
+CVE-2020-9315
+	RESERVED
+CVE-2020-9314
+	RESERVED
+CVE-2020-9313
+	RESERVED
+CVE-2020-9312
+	RESERVED
+CVE-2020-9311
+	RESERVED
+CVE-2020-9310
+	RESERVED
+CVE-2020-9309
+	RESERVED
+CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...)
+	TODO: check
+CVE-2020-9307
+	RESERVED
 CVE-2020-9306
 	RESERVED
 CVE-2020-9305
@@ -44,8 +84,8 @@ CVE-2020-9285
 	RESERVED
 CVE-2020-9284
 	RESERVED
-CVE-2020-9283
-	RESERVED
+CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...)
+	TODO: check
 CVE-2020-9282
 	RESERVED
 CVE-2020-9281
@@ -64,10 +104,10 @@ CVE-2020-9275
 	RESERVED
 CVE-2020-9274
 	RESERVED
-CVE-2020-9273
-	RESERVED
-CVE-2020-9272
-	RESERVED
+CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...)
+	TODO: check
+CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...)
+	TODO: check
 CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...)
 	NOT-FOR-US: ICE Hrm
 CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via  ...)
@@ -585,8 +625,8 @@ CVE-2020-9017
 	RESERVED
 CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter,  ...)
 	- dolibarr <removed>
-CVE-2020-9015
-	RESERVED
+CVE-2020-9015 (Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7 ...)
+	TODO: check
 CVE-2020-9014
 	RESERVED
 CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...)
@@ -609,8 +649,8 @@ CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote a
 	NOT-FOR-US: Dota 2
 CVE-2020-9004
 	RESERVED
-CVE-2020-9003
-	RESERVED
+CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...)
+	TODO: check
 CVE-2020-9002
 	RESERVED
 CVE-2020-9001
@@ -640,8 +680,8 @@ CVE-2020-8991 (vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanag
 	[jessie] - lvm2 <no-dsa> (Minor issue)
 	NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701
 	NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code)
-CVE-2020-8990
-	RESERVED
+CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow  ...)
+	TODO: check
 CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...)
 	NOT-FOR-US: Voatz application for Android
 CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...)
@@ -700,8 +740,8 @@ CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REV
 	NOT-FOR-US: D-Link
 CVE-2020-8961
 	RESERVED
-CVE-2020-8960
-	RESERVED
+CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...)
+	TODO: check
 CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...)
 	NOT-FOR-US: Western Digital
 CVE-2020-8958
@@ -1444,8 +1484,8 @@ CVE-2020-8603
 	RESERVED
 CVE-2020-8602
 	RESERVED
-CVE-2020-8601
-	RESERVED
+CVE-2020-8601 (Trend Micro Vulnerability Protection 2.0 is affected by a vulnerabilit ...)
+	TODO: check
 CVE-2020-8600
 	RESERVED
 CVE-2020-8599
@@ -1461,7 +1501,7 @@ CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer
 	NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426
 CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5  ...)
 	NOT-FOR-US: Participants Database plugin for WordPress
-CVE-2020-8595 (Istio 1.3 through 1.4.3 allows authentication bypass. The Authenticati ...)
+CVE-2020-8595 (Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and  ...)
 	NOT-FOR-US: itsio
 CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...)
 	NOT-FOR-US: Ninja Forms plugin for WordPress
@@ -1856,7 +1896,7 @@ CVE-2020-8418
 	RESERVED
 CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...)
 	NOT-FOR-US: Code Snippets plugin for WordPress
-CVE-2020-8416 (BearFTP before 0.2.0 allows remote attackers to achieve denial of serv ...)
+CVE-2020-8416 (IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial  ...)
 	NOT-FOR-US: BearFTP
 CVE-2020-8415
 	RESERVED
@@ -4879,8 +4919,8 @@ CVE-2020-6979
 	RESERVED
 CVE-2020-6978
 	RESERVED
-CVE-2020-6977
-	RESERVED
+CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...)
+	TODO: check
 CVE-2020-6976
 	RESERVED
 CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
@@ -4897,8 +4937,8 @@ CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson OpenEnterprise
 	NOT-FOR-US: Emerson OpenEnterprise SCADA Server
 CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...)
 	NOT-FOR-US: AutomationDirect
-CVE-2020-6968
-	RESERVED
+CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to escalate app ...)
+	TODO: check
 CVE-2020-6967
 	RESERVED
 CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...)
@@ -8520,10 +8560,10 @@ CVE-2020-5245
 	RESERVED
 CVE-2020-5244
 	RESERVED
-CVE-2020-5243
-	RESERVED
-CVE-2020-5242
-	RESERVED
+CVE-2020-5243 (uap-core before 0.7.3 is vulnerable to a denial of service attack when ...)
+	TODO: check
+CVE-2020-5242 (openHAB before 2.5.2 allow a remote attacker to use REST calls to inst ...)
+	TODO: check
 CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...)
 	NOT-FOR-US: matestack-ui-core Ruby gem
 CVE-2020-5240
@@ -11555,10 +11595,10 @@ CVE-2020-3767
 	RESERVED
 CVE-2020-3766
 	RESERVED
-CVE-2020-3765
-	RESERVED
-CVE-2020-3764
-	RESERVED
+CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds  ...)
+	TODO: check
+CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...)
+	TODO: check
 CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
 	NOT-FOR-US: Adobe
 CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...)
author	security tracker role <sectracker@soriano.debian.org>	2020-02-21 08:10:20 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-02-21 08:10:20 +0000
commit	063b5ad70703e4cb072e391de2eacdf1202ced56 (patch)
tree	c0e47fd99d7a0122aad201c2e3eab5b332d4e0a8
parent	0d0f9b69813bbb591d999cc4838c5c38d14615a8 (diff)