diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-05 20:10:17 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-05 20:10:17 +0000 |
commit | 283a0311a73bf698f7d7c503fdcb0a741cc8768a (patch) | |
tree | a93489af8a272bb121a361330cefa3ae9e6e132d | |
parent | a58417aba12a495544d27bea0e7645f610ad5b80 (diff) |
automatic update
-rw-r--r-- | data/CVE/2010.list | 6 | ||||
-rw-r--r-- | data/CVE/2013.list | 10 | ||||
-rw-r--r-- | data/CVE/2014.list | 2 | ||||
-rw-r--r-- | data/CVE/2015.list | 16 | ||||
-rw-r--r-- | data/CVE/2016.list | 3 | ||||
-rw-r--r-- | data/CVE/2019.list | 36 | ||||
-rw-r--r-- | data/CVE/2020.list | 157 |
7 files changed, 133 insertions, 97 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index ead6f642c5..64ab15742f 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -1132,8 +1132,7 @@ CVE-2010-4817 (pithos before 0.3.5 allows overwrite of arbitrary files via symli - pithos 0.3.5-1 CVE-2010-4816 RESERVED -CVE-2010-4815 - RESERVED +CVE-2010-4815 (Coppermine gallery before 1.4.26 has an input validation vulnerability ...) NOT-FOR-US: Coppermine Photo Gallery CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Adva ...) NOT-FOR-US: Best Soft Inc. @@ -1520,8 +1519,7 @@ CVE-2010-4664 (In ConsoleKit before 0.4.2, an intended security policy restricti [squeeze] - consolekit <no-dsa> (Minor issue) CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple (CMSMS ...) NOT-FOR-US: CMS Made Simple -CVE-2010-4662 - RESERVED +CVE-2010-4662 (PmWiki before 2.2.21 has XSS. ...) NOT-FOR-US: pmwiki CVE-2010-4661 (udisks before 1.0.3 allows a local user to load arbitrary Linux kernel ...) - udisks 1.0.3-1 diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 53709d6cc4..38edcf75e2 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -4068,7 +4068,7 @@ CVE-2013-5991 (The displaySystemError function in html/handle_error.php in LOCKO CVE-2013-5990 (Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; I ...) NOT-FOR-US: JustSystems Ichitaro CVE-2013-5989 - RESERVED + REJECTED CVE-2013-5988 RESERVED CVE-2013-5987 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...) @@ -12437,8 +12437,8 @@ CVE-2013-2677 RESERVED CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...) NOT-FOR-US: Brother -CVE-2013-2675 - RESERVED +CVE-2013-2675 (Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable r ...) + TODO: check CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...) NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices CVE-2013-2673 (Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass ...) @@ -18719,8 +18719,8 @@ CVE-2013-0509 (Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcoo NOT-FOR-US: IBM CVE-2013-0508 (Multiple buffer overflows in IBM Tivoli Netcool System Service Monitor ...) NOT-FOR-US: IBM -CVE-2013-0507 - RESERVED +CVE-2013-0507 (IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fix ...) + TODO: check CVE-2013-0506 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order Managem ...) NOT-FOR-US: IBM Sterling Order Management CVE-2013-0505 (IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 b ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 1ba4f47966..e55efa13e3 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -16672,7 +16672,7 @@ CVE-2014-3895 (The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-W CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional M ...) NOT-FOR-US: PHP Kobo Multifunctional MailForm CVE-2014-3893 - RESERVED + REJECTED CVE-2014-3892 (Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 ...) NOT-FOR-US: Nexa Meridian CVE-2014-3891 (Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows rem ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 4b80590360..0d8b6b7024 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -11195,12 +11195,12 @@ CVE-2015-5630 (Cross-site scripting (XSS) vulnerability in the NTT Broadband Pla NOT-FOR-US: NTT CVE-2015-5629 (The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6. ...) NOT-FOR-US: NTT -CVE-2015-5628 - RESERVED -CVE-2015-5627 - RESERVED -CVE-2015-5626 - RESERVED +CVE-2015-5628 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...) + TODO: check +CVE-2015-5627 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...) + TODO: check +CVE-2015-5626 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...) + TODO: check CVE-2015-5625 (Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 al ...) NOT-FOR-US: OpenDocMan CVE-2015-5624 (Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELP ...) @@ -26976,8 +26976,8 @@ CVE-2015-0104 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Man NOT-FOR-US: IBM CVE-2015-0103 (Multiple cross-site scripting (XSS) vulnerabilities in the Process Por ...) NOT-FOR-US: IBM Business Process Manager -CVE-2015-0102 - RESERVED +CVE-2015-0102 (IBM Workflow for Bluemix does not set the secure flag for the session ...) + TODO: check CVE-2015-0101 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...) NOT-FOR-US: IBM CVE-2015-0100 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 2167307e1d..3c3c089486 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -27120,7 +27120,8 @@ CVE-2016-2035 REJECTED CVE-2016-2034 (SQL injection vulnerability in ClearPass Policy Manager 6.5.x through ...) NOT-FOR-US: ClearPass Policy Manager -CVE-2016-2033 (Multiple vulnerabilities exist in Aruba ClearPass Policy Manager up to ...) +CVE-2016-2033 + REJECTED NOT-FOR-US: Aruba ClearPass Policy Manager CVE-2016-2032 (A vulnerability exists in the Aruba AirWave Management Platform 8.x pr ...) NOT-FOR-US: Aruba AirWave Management Platform diff --git a/data/CVE/2019.list b/data/CVE/2019.list index e17815ba03..8e6e624c7f 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -10417,10 +10417,10 @@ CVE-2019-16206 (The authentication mechanism, in Brocade SANnav versions before NOT-FOR-US: Brocade CVE-2019-16205 (A vulnerability, in Brocade SANnav versions before v2.0, could allow r ...) NOT-FOR-US: Brocade -CVE-2019-16204 - RESERVED -CVE-2019-16203 - RESERVED +CVE-2019-16204 (Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1 ...) + TODO: check +CVE-2019-16203 (Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the ...) + TODO: check CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...) NOT-FOR-US: MISP CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...) @@ -12698,8 +12698,8 @@ CVE-2019-15255 (A vulnerability in the web-based management interface of Cisco I NOT-FOR-US: Cisco CVE-2019-15254 RESERVED -CVE-2019-15253 - RESERVED +CVE-2019-15253 (A vulnerability in the web-based management interface of Cisco Digital ...) + TODO: check CVE-2019-15252 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) NOT-FOR-US: Cisco CVE-2019-15251 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...) @@ -13090,8 +13090,8 @@ CVE-2019-15128 (iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to NOT-FOR-US: iF.SVNAdmin CVE-2019-15127 (REDCap before 9.3.0 allows XSS attacks against non-administrator accou ...) NOT-FOR-US: REDCap -CVE-2019-15126 - RESERVED +CVE-2019-15126 (An issue was discovered on Broadcom Wi-Fi client devices. Specifically ...) + TODO: check CVE-2019-15125 RESERVED CVE-2019-15124 @@ -21143,8 +21143,8 @@ CVE-2019-12182 RESERVED CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...) NOT-FOR-US: SolarWinds -CVE-2019-12180 - RESERVED +CVE-2019-12180 (An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 ...) + TODO: check CVE-2019-12179 RESERVED CVE-2019-12178 @@ -22975,8 +22975,8 @@ CVE-2019-11518 (An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows NOT-FOR-US: SEMCMS CVE-2019-11517 (WampServer before 3.1.9 has CSRF in add_vhost.php because the synchron ...) NOT-FOR-US: WampServer -CVE-2019-11516 - RESERVED +CVE-2019-11516 (An issue was discovered in the Bluetooth component of the Cypress (for ...) + TODO: check CVE-2019-11515 (core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?d ...) NOT-FOR-US: Gila CMS CVE-2019-11514 (User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mis ...) @@ -41266,8 +41266,8 @@ CVE-2019-4672 RESERVED CVE-2019-4671 RESERVED -CVE-2019-4670 - RESERVED +CVE-2019-4670 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...) + TODO: check CVE-2019-4669 RESERVED CVE-2019-4668 @@ -41374,14 +41374,14 @@ CVE-2019-4618 RESERVED CVE-2019-4617 RESERVED -CVE-2019-4616 - RESERVED +CVE-2019-4616 (IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute ...) + TODO: check CVE-2019-4615 RESERVED CVE-2019-4614 (IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Que ...) NOT-FOR-US: IBM -CVE-2019-4613 - RESERVED +CVE-2019-4613 (IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery ...) + TODO: check CVE-2019-4612 (IBM Planning Analytics 2.0 is vulnerable to malicious file upload in t ...) NOT-FOR-US: IBM CVE-2019-4611 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index dec254841a..db425b84a8 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,53 @@ +CVE-2020-8640 + RESERVED +CVE-2020-8639 + RESERVED +CVE-2020-8638 + RESERVED +CVE-2020-8637 + RESERVED +CVE-2020-8636 + RESERVED +CVE-2020-8635 + RESERVED +CVE-2020-8634 + RESERVED +CVE-2020-8633 + RESERVED +CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...) + TODO: check +CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...) + TODO: check +CVE-2020-8630 + RESERVED +CVE-2020-8629 + RESERVED +CVE-2020-8628 + RESERVED +CVE-2020-8627 + RESERVED +CVE-2020-8626 + RESERVED +CVE-2020-8625 + RESERVED +CVE-2020-8624 + RESERVED +CVE-2020-8623 + RESERVED +CVE-2020-8622 + RESERVED +CVE-2020-8621 + RESERVED +CVE-2020-8620 + RESERVED +CVE-2020-8619 + RESERVED +CVE-2020-8618 + RESERVED +CVE-2020-8617 + RESERVED +CVE-2020-8616 + RESERVED CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...) NOT-FOR-US: Tutor LMS plugin for WordPress CVE-2020-8614 @@ -219,10 +269,10 @@ CVE-2020-8509 RESERVED CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...) NOT-FOR-US: Norman Malware Cleaner -CVE-2020-8507 - RESERVED -CVE-2020-8506 - RESERVED +CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...) + TODO: check +CVE-2020-8506 (The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Un ...) + TODO: check CVE-2020-8505 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) NOT-FOR-US: School Management Software PHP/mySQL CVE-2020-8504 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...) @@ -1031,8 +1081,7 @@ CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package version TODO: check CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...) TODO: check -CVE-2020-8114 [User Permissions Not Validated in ProjectExportWorker] - RESERVED +CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...) - gitlab <unfixed> NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-8113 @@ -1313,56 +1362,44 @@ CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injectio NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Intellian Aptus Web -CVE-2020-7979 [Private Project Names Exposed in GraphQL queries] - RESERVED +CVE-2020-7979 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...) - gitlab <not-affected> (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ -CVE-2020-7978 [Denial of Service via AsciiDoc] - RESERVED +CVE-2020-7978 (GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. ...) - gitlab <not-affected> (Only affects Gitlab EE 12.6 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ -CVE-2020-7977 [Arbitrary Change of Pipeline Status] - RESERVED +CVE-2020-7977 (GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. ...) - gitlab <not-affected> (Only affects Gitlab EE 8.8 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ -CVE-2020-7976 [Grafana Token Displayed in Plaintext] - RESERVED +CVE-2020-7976 (GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. ...) - gitlab <not-affected> (Only affects Gitlab EE 12.4 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7975 RESERVED -CVE-2020-7974 [Last Pipeline Status Exposed] - RESERVED +CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure. ...) - gitlab <not-affected> (Only affects Gitlab EE 10.1 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ -CVE-2020-7973 [XSS Vulnerability in File API] - RESERVED +CVE-2020-7973 (GitLab through 12.7.2 allows XSS. ...) - gitlab <unfixed> NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ -CVE-2020-7972 [Email Confirmation Bypass Using API] - RESERVED +CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). ...) - gitlab <not-affected> (Only affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ -CVE-2020-7971 [XSS Vulnerability in Create Groups] - RESERVED +CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS. ...) - gitlab <unfixed> NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7970 RESERVED -CVE-2020-7969 [Disclosure of Issues and Merge Requests via Todos] - RESERVED +CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. ...) - gitlab <not-affected> (Only affects Gitlab EE 8.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ -CVE-2020-7968 [Disclosure of Forked Private Project Source Code] - RESERVED +CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. ...) - gitlab <unfixed> NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ -CVE-2020-7967 [Issue and Merge Request Activity Counts Exposed] - RESERVED +CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). ...) - gitlab <not-affected> (ONly affects Gitlab EE 12.0 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ -CVE-2020-7966 [Path Traversal to Arbitrary File Read] - RESERVED +CVE-2020-7966 (GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. ...) - gitlab <not-affected> (Only affects Gitlab EE 11.11 and later) NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...) @@ -2846,7 +2883,7 @@ CVE-2020-7242 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated NOT-FOR-US: Comtech Stampede FX-1010 devices CVE-2020-7241 (The WP Database Backup plugin through 5.5 for WordPress stores downloa ...) NOT-FOR-US: WP Database Backup plugin for WordPress -CVE-2020-7240 (Meinberg Lantime M300 and M1000 devices allow attackers (with privileg ...) +CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers ...) NOT-FOR-US: Meinberg Lantime M300 and M1000 devices CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...) NOT-FOR-US: conversation-watson plugin for WordPress @@ -2903,8 +2940,8 @@ CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounde NOTE: https://github.com/hashicorp/nomad/issues/7002 CVE-2020-7217 RESERVED -CVE-2020-7216 - RESERVED +CVE-2020-7216 (An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and e ...) + TODO: check CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7.90.99 ...) NOT-FOR-US: Gallagher Command Centre CVE-2020-7214 @@ -3298,6 +3335,7 @@ CVE-2020-7042 CVE-2020-7041 RESERVED CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...) + {DLA-2095-1} - storebackup <unfixed> (bug #949393) [buster] - storebackup <no-dsa> (Minor issue) [stretch] - storebackup <no-dsa> (Minor issue) @@ -3456,8 +3494,8 @@ CVE-2020-6971 RESERVED CVE-2020-6970 RESERVED -CVE-2020-6969 - RESERVED +CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...) + TODO: check CVE-2020-6968 RESERVED CVE-2020-6967 @@ -3747,8 +3785,7 @@ CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a heap-base - bftpd <itp> (bug #640469) CVE-2020-6834 RESERVED -CVE-2020-6833 [Package and File Disclosure through GitLab Workhorse] - RESERVED +CVE-2020-6833 (An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhors ...) - gitlab <unfixed> NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/ CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 throug ...) @@ -3908,8 +3945,8 @@ CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-201506 NOT-FOR-US: Rasilient PixelStor CVE-2020-6755 RESERVED -CVE-2020-6754 - RESERVED +CVE-2020-6754 (dotCMS before 5.2.4 is vulnerable to directory traversal, leading to i ...) + TODO: check CVE-2020-6753 RESERVED CVE-2020-6752 @@ -4636,9 +4673,9 @@ CVE-2020-6413 - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6412 + RESERVED - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) - RESERVED - chromium <unfixed> [stretch] - chromium <end-of-life> (see DSA 4562) CVE-2020-6411 @@ -5180,8 +5217,8 @@ CVE-2020-6176 RESERVED CVE-2020-6175 RESERVED -CVE-2020-6174 - RESERVED +CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper Verificatio ...) + TODO: check CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolle ...) - python-tuf <itp> (bug #934151) CVE-2020-6172 @@ -7076,8 +7113,8 @@ CVE-2020-5239 RESERVED CVE-2020-5238 RESERVED -CVE-2020-5237 - RESERVED +CVE-2020-5237 (oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to uplo ...) + TODO: check CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...) - waitress <unfixed> NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc @@ -7168,8 +7205,8 @@ CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8 NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77 NOTE: Negligible security impact -CVE-2020-5208 - RESERVED +CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 negl ...) + TODO: check CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...) NOT-FOR-US: Ktor CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with an arb ...) @@ -11292,8 +11329,8 @@ CVE-2020-3151 RESERVED CVE-2020-3150 RESERVED -CVE-2020-3149 - RESERVED +CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...) + TODO: check CVE-2020-3148 RESERVED CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...) @@ -11344,18 +11381,18 @@ CVE-2020-3125 RESERVED CVE-2020-3124 RESERVED -CVE-2020-3123 - RESERVED +CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...) + TODO: check CVE-2020-3122 RESERVED CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...) NOT-FOR-US: Cisco -CVE-2020-3120 - RESERVED -CVE-2020-3119 - RESERVED -CVE-2020-3118 - RESERVED +CVE-2020-3120 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) + TODO: check +CVE-2020-3119 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) + TODO: check +CVE-2020-3118 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) + TODO: check CVE-2020-3117 RESERVED CVE-2020-3116 @@ -11368,10 +11405,10 @@ CVE-2020-3113 RESERVED CVE-2020-3112 RESERVED -CVE-2020-3111 - RESERVED -CVE-2020-3110 - RESERVED +CVE-2020-3111 (A vulnerability in the Cisco Discovery Protocol implementation for the ...) + TODO: check +CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation for the ...) + TODO: check CVE-2020-3109 RESERVED CVE-2020-3108 |