diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-03-21 08:10:16 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-03-21 08:10:16 +0000 |
| commit | 1d88643867ea7bfa1315273c525831d7e9175ba5 (patch) | |
| tree | 1a5e9fcbeb2d78526e71143d25367ff00ff28ead | |
| parent | c5cf41c113bc2fe48942752a6667096e31f4526f (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2013.list | 4 | ||||
| -rw-r--r-- | data/CVE/2019.list | 79 | ||||
| -rw-r--r-- | data/CVE/2020.list | 305 |
3 files changed, 310 insertions, 78 deletions
diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 4e4474f391..7344aedf98 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1,5 +1,5 @@ -CVE-2013-7487 - RESERVED +CVE-2013-7487 (On Swann DVR04B, DVR08B, DVR-16CIF, and DVR16B devices, raysharpdvr ap ...) + TODO: check CVE-2013-7486 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...) NOT-FOR-US: Open-Xchange App Suite CVE-2013-7485 (Cross-site scripting (XSS) vulnerability in the backend in Open-Xchang ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 27a5a7b4ac..aaa9c73f6d 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -3203,8 +3203,8 @@ CVE-2019-19326 RESERVED CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows ...) NOT-FOR-US: SilverStripe -CVE-2019-19324 - RESERVED +CVE-2019-19324 (Xmidt cjwt through 1.0.1 before 2019-11-25 maps unsupported algorithms ...) + TODO: check CVE-2019-19323 RESERVED CVE-2019-19322 @@ -3680,8 +3680,8 @@ CVE-2019-19150 (On versions 15.0.0-15.0.1.1, 14.1.0-14.1.2, 14.0.0-14.0.1, 13.1. NOT-FOR-US: F5 BIG-IP CVE-2019-19149 RESERVED -CVE-2019-19148 - RESERVED +CVE-2019-19148 (Tellabs Optical Line Terminal (OLT) 1150 devices allow Remote Command ...) + TODO: check CVE-2019-19147 RESERVED CVE-2019-19146 @@ -4269,8 +4269,8 @@ CVE-2019-18938 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the E-Mail Add NOT-FOR-US: eQ-3 Homematic CVE-2019-18937 (eQ-3 Homematic CCU2 2.47.20 and CCU3 3.47.18 with the Script Parser Ad ...) NOT-FOR-US: eQ-3 Homematic -CVE-2019-18936 - RESERVED +CVE-2019-18936 (UniValue::read() in UniValue before 1.0.5 allow attackers to cause a d ...) + TODO: check CVE-2019-18935 (Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .N ...) NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec modul ...) @@ -4472,8 +4472,8 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allow NOTE: /usr/sbin/maidat not installed suid root on Debian CVE-2019-18861 RESERVED -CVE-2019-18860 - RESERVED +CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML ...) + TODO: check CVE-2019-18859 (Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. ...) NOT-FOR-US: Digi AnywhereUSB CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Con ...) @@ -5020,8 +5020,8 @@ CVE-2019-18643 RESERVED CVE-2019-18642 RESERVED -CVE-2019-18641 - RESERVED +CVE-2019-18641 (Rock RMS before 1.8.6 mishandles vCard access control within the Peopl ...) + TODO: check CVE-2019-18640 RESERVED CVE-2019-18639 @@ -8356,8 +8356,8 @@ CVE-2019-17187 (/var/WEB-GUI/cgi-bin/downloadfile.cgi on FiberHome HG2201T 1.00. NOT-FOR-US: FiberHome HG2201T devices CVE-2019-17186 (/var/WEB-GUI/cgi-bin/telnet.cgi on FiberHome HG2201T 1.00.M5007_JS_201 ...) NOT-FOR-US: FiberHome HG2201T devices -CVE-2019-17185 - RESERVED +CVE-2019-17185 (In FreeRADIUS 3.0.x before 3.0.20, the EAP-pwd module used a global Op ...) + TODO: check CVE-2019-17184 (Xerox AtlaLink B8045/B8055/B8065/B8075/B8090 C8030/C8035/C8045/C8055/C ...) NOT-FOR-US: Xerox printers CVE-2019-17183 (Foxit Reader before 9.7 allows an Access Violation and crash if insuff ...) @@ -10009,8 +10009,7 @@ CVE-2019-16530 (Sonatype Nexus Repository Manager 2.x before 2.14.15 and 3.x bef NOT-FOR-US: Sonatype CVE-2019-16529 (An issue was discovered in the CheckUser extension through 1.35.0 for ...) NOT-FOR-US: CheckUser extension for MediawWiki -CVE-2019-16528 - RESERVED +CVE-2019-16528 (An issue was discovered in the AbuseFilter extension for MediaWiki. in ...) NOT-FOR-US: AbuseFilter extension for MediawWiki CVE-2019-16527 RESERVED @@ -10616,8 +10615,8 @@ CVE-2019-16260 RESERVED CVE-2019-16259 RESERVED -CVE-2019-16258 - RESERVED +CVE-2019-16258 (The bootloader of the homee Brain Cube V2 through 2.23.0 allows attack ...) + TODO: check CVE-2019-16257 (Some Motorola devices include the SIMalliance Toolbox Browser (aka S@T ...) NOT-FOR-US: SIMalliance Toolbox Browser CVE-2019-16256 (Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T ...) @@ -12221,16 +12220,16 @@ CVE-2019-15666 (An issue was discovered in the Linux kernel before 5.0.19. There [stretch] - linux 4.9.184-1 [jessie] - linux 3.16.72-1 NOTE: https://git.kernel.org/linus/b805d78d300bcf2c83d6df7da0c818b0fee41427 -CVE-2019-15665 - RESERVED -CVE-2019-15664 - RESERVED -CVE-2019-15663 - RESERVED -CVE-2019-15662 - RESERVED -CVE-2019-15661 - RESERVED +CVE-2019-15665 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...) + TODO: check +CVE-2019-15664 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...) + TODO: check +CVE-2019-15663 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...) + TODO: check +CVE-2019-15662 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...) + TODO: check +CVE-2019-15661 (An issue was discovered in Rivet Killer Control Center before 2.1.1352 ...) + TODO: check CVE-2019-15660 (The wp-members plugin before 3.2.8 for WordPress has CSRF. ...) NOT-FOR-US: wp-members plugin for WordPress CVE-2019-15659 (The pie-register plugin before 3.1.2 for WordPress has SQL injection, ...) @@ -12578,8 +12577,8 @@ CVE-2019-15524 (CSZ CMS 1.2.3 allows arbitrary file upload, as demonstrated by a NOT-FOR-US: CSZ CMS CVE-2019-15523 RESERVED -CVE-2019-15522 - RESERVED +CVE-2019-15522 (An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_ses ...) + TODO: check CVE-2019-15521 (Spoon Library through 2014-02-06, as used in Fork CMS before 1.4.1 and ...) NOT-FOR-US: Spoon Library CVE-2019-15520 (comelz Quark before 2019-03-26 allows directory traversal to locations ...) @@ -13641,8 +13640,8 @@ CVE-2019-15077 RESERVED CVE-2019-15076 RESERVED -CVE-2019-15075 - RESERVED +CVE-2019-15075 (An issue was discovered in iNextrix ASTPP before 4.0.1. web_interface/ ...) + TODO: check CVE-2019-15074 (The Timeline feature in my_view_page.php in MantisBT through 2.21.1 ha ...) - mantis <removed> NOTE: https://github.com/mantisbt/mantisbt/commit/9cee1971c498bbe0a72bca1c773fae50171d8c27 @@ -18123,8 +18122,8 @@ CVE-2019-13464 (An issue was discovered in OWASP ModSecurity Core Rule Set (CRS) [jessie] - modsecurity-crs <not-affected> (incorrect rule does not exist) NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/commit/6090d6b0a90417f1a60aa68a01eb777cef2e1184 NOTE: https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/1386 -CVE-2019-13463 - RESERVED +CVE-2019-13463 (An XSS vulnerability in qcopd-shortcode-generator.php in the Simple Li ...) + TODO: check CVE-2019-13462 (Lansweeper before 7.1.117.4 allows unauthenticated SQL injection. ...) NOT-FOR-US: Lansweeper CVE-2019-13461 (In PrestaShop before 1.7.6.0 RC2, the id_address_delivery and id_addre ...) @@ -18322,8 +18321,8 @@ CVE-2019-13390 (In FFmpeg 4.1.3, there is a division by zero at adx_write_traile [stretch] - ffmpeg <postponed> (Minor issue, wait until fixed in 3.2.x branch) NOTE: https://trac.ffmpeg.org/ticket/7979 NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=aef24efb0c1e65097ab77a4bf9264189bdf3ace3 -CVE-2019-13389 - RESERVED +CVE-2019-13389 (RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as ...) + TODO: check CVE-2019-13388 RESERVED CVE-2019-13387 (In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, Reflected ...) @@ -20061,8 +20060,8 @@ CVE-2019-12769 (SolarWinds Serv-U Managed File Transfer (MFT) Web client before TODO: check CVE-2019-12768 RESERVED -CVE-2019-12767 - RESERVED +CVE-2019-12767 (An issue was discovered on D-Link DAP-1650 devices before 1.04B02_J65H ...) + TODO: check CVE-2019-12766 (An issue was discovered in Joomla! before 3.9.7. The subform fieldtype ...) NOT-FOR-US: Joomla! CVE-2019-12765 (An issue was discovered in Joomla! before 3.9.7. The CSV export of com ...) @@ -20666,8 +20665,8 @@ CVE-2019-12501 RESERVED CVE-2019-12500 (The Xiaomi M365 scooter 2019-02-12 before 1.5.1 allows spoofing of "su ...) NOT-FOR-US: Xiaomi M365 scooter -CVE-2019-12498 - RESERVED +CVE-2019-12498 (The WP Live Chat Support plugin before 8.0.33 for WordPress accepts ce ...) + TODO: check CVE-2019-12497 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...) {DLA-1816-1} - otrs2 6.0.19-1 @@ -23320,8 +23319,8 @@ CVE-2019-11576 (Gitea before 1.8.0 allows 1FA for user accounts that have comple - gitea <removed> CVE-2019-11575 RESERVED -CVE-2019-11574 - RESERVED +CVE-2019-11574 (An issue was discovered in Simple Machines Forum (SMF) before release ...) + TODO: check CVE-2019-11573 RESERVED CVE-2019-11572 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index fa10a54e53..97d30c98f7 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,235 @@ +CVE-2020-10799 (The svglib package through 0.9.3 for Python allows XXE attacks via an ...) + TODO: check +CVE-2020-10798 + RESERVED +CVE-2020-10797 + RESERVED +CVE-2020-10796 + RESERVED +CVE-2020-10795 + RESERVED +CVE-2020-10794 + RESERVED +CVE-2020-10793 + RESERVED +CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...) + TODO: check +CVE-2020-10791 + RESERVED +CVE-2020-10790 + RESERVED +CVE-2020-10789 + RESERVED +CVE-2020-10788 + RESERVED +CVE-2020-10787 + RESERVED +CVE-2020-10786 + RESERVED +CVE-2020-10785 + RESERVED +CVE-2020-10784 + RESERVED +CVE-2020-10783 + RESERVED +CVE-2020-10782 + RESERVED +CVE-2020-10781 + RESERVED +CVE-2020-10780 + RESERVED +CVE-2020-10779 + RESERVED +CVE-2020-10778 + RESERVED +CVE-2020-10777 + RESERVED +CVE-2020-10776 + RESERVED +CVE-2020-10775 + RESERVED +CVE-2020-10774 + RESERVED +CVE-2020-10773 + RESERVED +CVE-2020-10772 + RESERVED +CVE-2020-10771 + RESERVED +CVE-2020-10770 + RESERVED +CVE-2020-10769 + RESERVED +CVE-2020-10768 + RESERVED +CVE-2020-10767 + RESERVED +CVE-2020-10766 + RESERVED +CVE-2020-10765 + RESERVED +CVE-2020-10764 + RESERVED +CVE-2020-10763 + RESERVED +CVE-2020-10762 + RESERVED +CVE-2020-10761 + RESERVED +CVE-2020-10760 + RESERVED +CVE-2020-10759 + RESERVED +CVE-2020-10758 + RESERVED +CVE-2020-10757 + RESERVED +CVE-2020-10756 + RESERVED +CVE-2020-10755 + RESERVED +CVE-2020-10754 + RESERVED +CVE-2020-10753 + RESERVED +CVE-2020-10752 + RESERVED +CVE-2020-10751 + RESERVED +CVE-2020-10750 + RESERVED +CVE-2020-10749 + RESERVED +CVE-2020-10748 + RESERVED +CVE-2020-10747 + RESERVED +CVE-2020-10746 + RESERVED +CVE-2020-10745 + RESERVED +CVE-2020-10744 + RESERVED +CVE-2020-10743 + RESERVED +CVE-2020-10742 + RESERVED +CVE-2020-10741 + RESERVED +CVE-2020-10740 + RESERVED +CVE-2020-10739 + RESERVED +CVE-2020-10738 + RESERVED +CVE-2020-10737 + RESERVED +CVE-2020-10736 + RESERVED +CVE-2020-10735 + RESERVED +CVE-2020-10734 + RESERVED +CVE-2020-10733 + RESERVED +CVE-2020-10732 + RESERVED +CVE-2020-10731 + RESERVED +CVE-2020-10730 + RESERVED +CVE-2020-10729 + RESERVED +CVE-2020-10728 + RESERVED +CVE-2020-10727 + RESERVED +CVE-2020-10726 + RESERVED +CVE-2020-10725 + RESERVED +CVE-2020-10724 + RESERVED +CVE-2020-10723 + RESERVED +CVE-2020-10722 + RESERVED +CVE-2020-10721 + RESERVED +CVE-2020-10720 + RESERVED +CVE-2020-10719 + RESERVED +CVE-2020-10718 + RESERVED +CVE-2020-10717 + RESERVED +CVE-2020-10716 + RESERVED +CVE-2020-10715 + RESERVED +CVE-2020-10714 + RESERVED +CVE-2020-10713 + RESERVED +CVE-2020-10712 + RESERVED +CVE-2020-10711 + RESERVED +CVE-2020-10710 + RESERVED +CVE-2020-10709 + RESERVED +CVE-2020-10708 + RESERVED +CVE-2020-10707 + RESERVED +CVE-2020-10706 + RESERVED +CVE-2020-10705 + RESERVED +CVE-2020-10704 + RESERVED +CVE-2020-10703 + RESERVED +CVE-2020-10702 + RESERVED +CVE-2020-10701 + RESERVED +CVE-2020-10700 + RESERVED +CVE-2020-10699 + RESERVED +CVE-2020-10698 + RESERVED +CVE-2020-10697 + RESERVED +CVE-2020-10696 + RESERVED +CVE-2020-10695 + RESERVED +CVE-2020-10694 + RESERVED +CVE-2020-10693 + RESERVED +CVE-2020-10692 + RESERVED +CVE-2020-10691 + RESERVED +CVE-2020-10690 + RESERVED +CVE-2020-10689 + RESERVED +CVE-2020-10688 + RESERVED +CVE-2020-10687 + RESERVED +CVE-2020-10686 + RESERVED +CVE-2020-10685 + RESERVED +CVE-2020-10684 + RESERVED CVE-2020-10683 RESERVED CVE-2020-10682 (The Filemanager in CMS Made Simple 2.2.13 allows remote code execution ...) @@ -198,6 +430,7 @@ CVE-2020-10593 NOTE: https://bugs.torproject.org/33619 CVE-2020-10592 RESERVED + {DSA-4644-1} - tor 0.4.2.7-1 [stretch] - tor <end-of-life> (See DSA 4644) NOTE: https://blog.torproject.org/new-releases-03510-0419-0427 @@ -273,8 +506,8 @@ CVE-2020-10560 RESERVED CVE-2020-10559 RESERVED -CVE-2020-10558 - RESERVED +CVE-2020-10558 (The driving interface of Tesla Model 3 vehicles in any release before ...) + TODO: check CVE-2020-10557 (An issue was discovered in AContent through 1.4. It allows the user to ...) NOT-FOR-US: AContent CVE-2020-10556 @@ -1023,8 +1256,8 @@ CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 f NOT-FOR-US: popup-builder plugin for WordPress CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...) NOT-FOR-US: popup-builder plugin for WordPress -CVE-2020-10194 - RESERVED +CVE-2020-10194 (cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8. ...) + TODO: check CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...) NOT-FOR-US: ESET Archive Support Module CVE-2020-10192 (An issue was discovered in Munkireport before 5.3.0.3923. An unauthent ...) @@ -2635,8 +2868,8 @@ CVE-2020-9427 RESERVED CVE-2020-9426 RESERVED -CVE-2020-9425 - RESERVED +CVE-2020-9425 (An issue was discovered in includes/head.inc.php in rConfig before 3.9 ...) + TODO: check CVE-2020-9424 RESERVED CVE-2020-9423 (LogicalDoc before 8.3.3 could allow an attacker to upload arbitrary fi ...) @@ -3848,20 +4081,20 @@ CVE-2020-8885 RESERVED CVE-2020-8884 RESERVED -CVE-2020-8883 - RESERVED -CVE-2020-8882 - RESERVED -CVE-2020-8881 - RESERVED -CVE-2020-8880 - RESERVED -CVE-2020-8879 - RESERVED -CVE-2020-8878 - RESERVED -CVE-2020-8877 - RESERVED +CVE-2020-8883 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-8882 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-8881 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-8880 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-8879 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check +CVE-2020-8878 (This vulnerability allows remote attackers to execute arbitrary code o ...) + TODO: check +CVE-2020-8877 (This vulnerability allows remote attackers to disclose sensitive infor ...) + TODO: check CVE-2020-8876 RESERVED CVE-2020-8875 @@ -5432,20 +5665,20 @@ CVE-2020-8142 CVE-2020-8141 (The dot package v1.1.2 uses Function() to compile templates. This can ...) - node-dot 1.1.3+ds-1 NOTE: https://hackerone.com/reports/390929 -CVE-2020-8140 - RESERVED -CVE-2020-8139 - RESERVED -CVE-2020-8138 - RESERVED -CVE-2020-8137 - RESERVED -CVE-2020-8136 - RESERVED -CVE-2020-8135 - RESERVED -CVE-2020-8134 - RESERVED +CVE-2020-8140 (A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed t ...) + TODO: check +CVE-2020-8139 (A missing access control check in Nextcloud Server < 18.0.1, < 1 ...) + TODO: check +CVE-2020-8138 (A missing check for IPv4 nested inside IPv6 in Nextcloud server < 1 ...) + TODO: check +CVE-2020-8137 (Code injection vulnerability in blamer 1.0.0 and earlier may result in ...) + TODO: check +CVE-2020-8136 (Prototype pollution vulnerability in fastify-multipart < 1.0.5 allo ...) + TODO: check +CVE-2020-8135 (The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request ...) + TODO: check +CVE-2020-8134 (Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.1 ...) + TODO: check CVE-2020-8133 RESERVED CVE-2020-8132 (Lack of input validation in pdf-image npm package version <= 2.0.0 ...) @@ -5833,8 +6066,8 @@ CVE-2020-7963 RESERVED CVE-2020-7962 RESERVED -CVE-2020-7961 - RESERVED +CVE-2020-7961 (Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE ...) + TODO: check CVE-2020-7960 RESERVED CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...) |