diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-18 08:10:20 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-18 08:10:20 +0000 |
commit | 389e1321a2f474f2a740c325b722e0f856a8b93f (patch) | |
tree | 839425fde6ee9eb81d2807c3c74a99bf96baaf10 | |
parent | 8fd590de0787da64a06454dd6817ced174a3ffa1 (diff) |
automatic update
-rw-r--r-- | data/CVE/2012.list | 2 | ||||
-rw-r--r-- | data/CVE/2014.list | 13 | ||||
-rw-r--r-- | data/CVE/2015.list | 3 | ||||
-rw-r--r-- | data/CVE/2018.list | 1 | ||||
-rw-r--r-- | data/CVE/2019.list | 17 | ||||
-rw-r--r-- | data/CVE/2020.list | 122 |
6 files changed, 81 insertions, 77 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index a17b872f5d..f356caa80c 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -10617,7 +10617,7 @@ CVE-2012-2417 (PyCrypto before 2.6 does not produce appropriate prime numbers wh CVE-2012-2413 (Cross-site scripting (XSS) vulnerability in the ja_purity template for ...) NOT-FOR-US: Joomla template CVE-2012-2412 - RESERVED + REJECTED CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and RealP ...) NOT-FOR-US: RealNetworks RealPlayer CVE-2012-2410 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, RealPlaye ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 4c0ccf2f09..05c685fb23 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -6876,8 +6876,7 @@ CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/fi [wheezy] - linux <not-affected> (Vulnerable code not present) - linux-2.6 <not-affected> (Vulnerable code not present) NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html -CVE-2014-8089 [ZF2014-06: SQL injection vector when manually quoting values for sqlsrv extension, using null byte] - RESERVED +CVE-2014-8089 (SQL injection vulnerability in Zend Framework before 1.12.9, 2.2.x bef ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.9+dfsg-1 NOTE: http://framework.zend.com/security/advisory/ZF2014-06 @@ -8826,8 +8825,7 @@ CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 1.0 CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windo ...) - twiki <removed> NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237 -CVE-2014-7236 - RESERVED +CVE-2014-7236 (Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6 ...) - twiki <removed> NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236 CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Rec ...) @@ -14072,8 +14070,8 @@ CVE-2014-4983 RESERVED CVE-2014-4982 (LPAR2RRD ≤ 4.53 and ≤ 3.5 has arbitrary command injection ...) NOT-FOR-US: LPAR2RRD -CVE-2014-4981 - RESERVED +CVE-2014-4981 (LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitra ...) + TODO: check CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for Nes ...) NOT-FOR-US: Tenable Web UI for Nessus CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or c ...) @@ -22002,8 +22000,7 @@ CVE-2014-1948 (OpenStack Image Registry and Delivery Service (Glance) 2013.2 thr - glance 2013.2.2-1 (bug #738924) [wheezy] - glance <not-affected> (Only affects Havana) NOTE: https://launchpad.net/bugs/1275062 -CVE-2014-1947 [Buffer overflow vulnerability] - RESERVED +CVE-2014-1947 (Stack-based buffer overflow in the WritePSDImage function in coders/ps ...) {DSA-2898-1} - imagemagick 8:6.7.7.10+dfsg-1 (bug #740250) NOTE: http://web.archive.org/web/20090120112751/http://trac.imagemagick.org:80/changeset/13736 diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 5a70f71a19..6d529578f3 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -2259,8 +2259,7 @@ CVE-2015-8763 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote CVE-2015-8762 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote attac ...) - freeradius <not-affected> (Affects 3.0 up to 3.0.8) NOTE: http://freeradius.org/security.html#eap-pwd-2015 -CVE-2015-8751 - RESERVED +CVE-2015-8751 (Integer overflow in the jas_matrix_create function in JasPer allows co ...) - jasper 1.900.1-5.1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294039 NOTE: In 1.900.1-5.1 this issue was fixed as part of the patch for CVE-2008-3520 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 10f5c47968..f4a69f633d 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -17417,6 +17417,7 @@ CVE-2018-14555 CVE-2018-14554 RESERVED CVE-2018-14553 (gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL point ...) + {DLA-2106-1} - libgd2 <unfixed> (low; bug #951287) [buster] - libgd2 <no-dsa> (Minor issue) [stretch] - libgd2 <no-dsa> (Minor issue) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index f372b8c8ff..cbe6760d16 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -3021,8 +3021,8 @@ CVE-2019-19327 (ui/ResultView.js in Wikibase Wikidata Query Service GUI before 0 NOT-FOR-US: Wikibase Wikidata Query Service GUI CVE-2019-19326 RESERVED -CVE-2019-19325 - RESERVED +CVE-2019-19325 (SilverStripe through 4.4.x before 4.4.5 and 4.5.x before 4.5.2 allows ...) + TODO: check CVE-2019-19324 RESERVED CVE-2019-19323 @@ -24418,13 +24418,14 @@ CVE-2019-11052 CVE-2019-11051 RESERVED CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) - {DLA-2050-1} + {DSA-4626-1 DLA-2050-1} - php7.3 <unfixed> - php7.0 <removed> - php5 <removed> NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: http://bugs.php.net/78793 CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ...) + {DSA-4626-1} - php7.3 <unfixed> - php7.0 <removed> - php5 <removed> @@ -24434,21 +24435,21 @@ CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when su CVE-2019-11048 RESERVED CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) - {DLA-2050-1} + {DSA-4626-1 DLA-2050-1} - php7.3 <unfixed> - php7.0 <removed> - php5 <removed> NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: http://bugs.php.net/78910 CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...) - {DLA-2050-1} + {DSA-4626-1 DLA-2050-1} - php7.3 <unfixed> - php7.0 <removed> - php5 <removed> NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: http://bugs.php.net/78878 CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...) - {DLA-2050-1} + {DSA-4626-1 DLA-2050-1} - php7.3 <unfixed> - php7.0 <removed> - php5 <removed> @@ -25168,8 +25169,8 @@ CVE-2019-10792 RESERVED CVE-2019-10791 RESERVED -CVE-2019-10790 - RESERVED +CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding additional proper ...) + TODO: check CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...) NOT-FOR-US: curling.js CVE-2019-10788 (im-metadata through 3.0.1 allows remote attackers to execute arbitrary ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index d604c426aa..6914ac8d37 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -565,8 +565,8 @@ CVE-2020-8770 RESERVED CVE-2020-8769 RESERVED -CVE-2020-8768 - RESERVED +CVE-2020-8768 (An issue was discovered on Phoenix Contact Emalytics Controller ILC 20 ...) + TODO: check CVE-2020-8767 RESERVED CVE-2020-8766 @@ -2157,12 +2157,12 @@ CVE-2020-8014 RESERVED CVE-2020-8013 RESERVED -CVE-2020-8012 - RESERVED -CVE-2020-8011 - RESERVED -CVE-2020-8010 - RESERVED +CVE-2020-8012 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) + TODO: check +CVE-2020-8011 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) + TODO: check +CVE-2020-8010 (CA Unified Infrastructure Management (Nimsoft/UIM) 9.20 and below cont ...) + TODO: check CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...) NOT-FOR-US: AVB MOTU devices CVE-2020-8008 @@ -2280,8 +2280,8 @@ CVE-2020-7961 RESERVED CVE-2020-7960 RESERVED -CVE-2020-7959 - RESERVED +CVE-2020-7959 (LabVantage LIMS 8.3 does not properly maintain the confidentiality of ...) + TODO: check CVE-2020-7958 RESERVED CVE-2020-7957 (The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle ...) @@ -4136,6 +4136,7 @@ CVE-2020-7062 CVE-2020-7061 RESERVED CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings, ...) + {DSA-4626-1} - php7.4 7.4.2-7 - php7.3 <unfixed> - php7.0 <removed> @@ -4143,6 +4144,7 @@ CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodi NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27 NOTE: PHP Bug: http://bugs.php.net/79037 CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP ...) + {DSA-4626-1} - php7.4 7.4.2-7 - php7.3 <unfixed> - php7.0 <removed> @@ -7379,8 +7381,8 @@ CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo Ap NOT-FOR-US: ilbo App CVE-2020-5531 (Mitsubishi Electric MELSEC C Controller Module and MELIPC Series MI500 ...) NOT-FOR-US: Mitsubishi -CVE-2020-5530 - RESERVED +CVE-2020-5530 (Cross-site request forgery (CSRF) vulnerability in Easy Property Listi ...) + TODO: check CVE-2020-5529 (HtmlUnit prior to 2.37.0 contains code execution vulnerabilities. Html ...) - htmlunit <removed> NOTE: https://github.com/HtmlUnit/htmlunit/commit/934390fefcd2cd58e6d86f2bc19d811ae17bfa28 @@ -10782,6 +10784,7 @@ CVE-2020-3869 RESERVED CVE-2020-3868 RESERVED + {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -10789,6 +10792,7 @@ CVE-2020-3868 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3867 RESERVED + {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -10798,6 +10802,7 @@ CVE-2020-3866 RESERVED CVE-2020-3865 RESERVED + {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -10805,6 +10810,7 @@ CVE-2020-3865 NOTE: https://webkitgtk.org/security/WSA-2020-0002.html CVE-2020-3864 RESERVED + {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -10814,6 +10820,7 @@ CVE-2020-3863 RESERVED CVE-2020-3862 RESERVED + {DSA-4627-1} - webkit2gtk 2.26.4-1 [stretch] - webkit2gtk <ignored> (Not covered by security support in stretch) [jessie] - webkit2gtk <ignored> (Not covered by security support in jessie) @@ -14856,8 +14863,8 @@ CVE-2020-1884 RESERVED CVE-2020-1883 RESERVED -CVE-2020-1882 - RESERVED +CVE-2020-1882 (Huawei mobile phones Ever-L29B versions earlier than 10.0.0.180(C185E6 ...) + TODO: check CVE-2020-1881 RESERVED CVE-2020-1880 @@ -14876,8 +14883,8 @@ CVE-2020-1874 RESERVED CVE-2020-1873 RESERVED -CVE-2020-1872 - RESERVED +CVE-2020-1872 (Huawei smart phones P10 Plus with versions earlier than 9.1.0.201(C01E ...) + TODO: check CVE-2020-1871 (USG9500 with software of V500R001C30SPC100; V500R001C30SPC200; V500R00 ...) NOT-FOR-US: Huawei CVE-2020-1870 @@ -14904,18 +14911,18 @@ CVE-2020-1860 RESERVED CVE-2020-1859 RESERVED -CVE-2020-1858 - RESERVED -CVE-2020-1857 - RESERVED -CVE-2020-1856 - RESERVED -CVE-2020-1855 - RESERVED +CVE-2020-1858 (Huawei products NIP6800 versions V500R001C30, V500R001C60SPC500, and V ...) + TODO: check +CVE-2020-1857 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check +CVE-2020-1856 (Huawei NGFW Module, NIP6300, NIP6600, Secospace USG6500, Secospace USG ...) + TODO: check +CVE-2020-1855 (Huawei HEGE-570 version 1.0.1.22(SP3); and HEGE-560, OSCA-550, OSCA-55 ...) + TODO: check CVE-2020-1854 RESERVED -CVE-2020-1853 - RESERVED +CVE-2020-1853 (GaussDB 200 with version of 6.5.1 have a path traversal vulnerability. ...) + TODO: check CVE-2020-1852 RESERVED CVE-2020-1851 @@ -14934,12 +14941,12 @@ CVE-2020-1845 RESERVED CVE-2020-1844 RESERVED -CVE-2020-1843 - RESERVED -CVE-2020-1842 - RESERVED -CVE-2020-1841 - RESERVED +CVE-2020-1843 (Huawei HEGE-560 version 1.0.1.20(SP2), OSCA-550 version 1.0.0.71(SP1), ...) + TODO: check +CVE-2020-1842 (Huawei HEGE-560 version 1.0.1.20(SP2); OSCA-550 and OSCA-550A version ...) + TODO: check +CVE-2020-1841 (Huawei CloudLink Board version 20.0.0; DP300 version V500R002C00; RSE6 ...) + TODO: check CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...) NOT-FOR-US: Huawei CVE-2020-1839 @@ -14960,14 +14967,14 @@ CVE-2020-1832 RESERVED CVE-2020-1831 RESERVED -CVE-2020-1830 - RESERVED -CVE-2020-1829 - RESERVED -CVE-2020-1828 - RESERVED -CVE-2020-1827 - RESERVED +CVE-2020-1830 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check +CVE-2020-1829 (Huawei NIP6800 versions V500R001C30 and V500R001C60SPC500; and Secospa ...) + TODO: check +CVE-2020-1828 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check +CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...) NOT-FOR-US: Huawei CVE-2020-1825 @@ -14988,18 +14995,18 @@ CVE-2020-1818 RESERVED CVE-2020-1817 RESERVED -CVE-2020-1816 - RESERVED -CVE-2020-1815 - RESERVED -CVE-2020-1814 - RESERVED +CVE-2020-1816 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check +CVE-2020-1815 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check +CVE-2020-1814 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C0 ...) + TODO: check CVE-2020-1813 RESERVED -CVE-2020-1812 - RESERVED -CVE-2020-1811 - RESERVED +CVE-2020-1812 (HUAWEI P30 smartphones with versions earlier than 10.0.0.173(C00E73R1P ...) + TODO: check +CVE-2020-1811 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) + TODO: check CVE-2020-1810 (There is a weak algorithm vulnerability in some Huawei products. The a ...) NOT-FOR-US: Huawei CVE-2020-1809 @@ -15038,12 +15045,12 @@ CVE-2020-1793 RESERVED CVE-2020-1792 RESERVED -CVE-2020-1791 - RESERVED -CVE-2020-1790 - RESERVED -CVE-2020-1789 - RESERVED +CVE-2020-1791 (HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E7 ...) + TODO: check +CVE-2020-1790 (GaussDB 200 with version of 6.5.1 have a command injection vulnerabili ...) + TODO: check +CVE-2020-1789 (Huawei OSCA-550, OSCA-550A, OSCA-550AX, and OSCA-550X products with ve ...) + TODO: check CVE-2020-1788 (Honor V30 smartphones with versions earlier than 10.0.1.135(C00E130R4P ...) NOT-FOR-US: Huawei CVE-2020-1787 (HUAWEI Mate 20 smartphones versions earlier than 9.1.0.139(C00E133R3P1 ...) @@ -15301,8 +15308,7 @@ CVE-2020-1695 RESERVED CVE-2020-1694 RESERVED -CVE-2020-1693 - RESERVED +CVE-2020-1693 (A flaw was found in Spacewalk up to version 2.9 where it was vulnerabl ...) NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk CVE-2020-1692 (Moodle before version 3.7.2 is vulnerable to information exposure of s ...) - moodle <removed> |