diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-24 20:10:22 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-24 20:10:22 +0000 |
commit | 8386f5751b9741c8c3902228ca46084385d82c5a (patch) | |
tree | 95d0159b69efd73550195d0ea38aa539ec06a01e | |
parent | 26208db9b9e9c79229434c323d64ba985873cf58 (diff) |
automatic update
-rw-r--r-- | data/CVE/2012.list | 3 | ||||
-rw-r--r-- | data/CVE/2015.list | 3 | ||||
-rw-r--r-- | data/CVE/2016.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 76 | ||||
-rw-r--r-- | data/CVE/2020.list | 74 |
6 files changed, 97 insertions, 69 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index e0982a21bc..9cace2d283 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -16315,8 +16315,7 @@ CVE-2012-0072 (Unspecified vulnerability in the Listener component in Oracle Dat NOT-FOR-US: Oracle Database Server CVE-2012-0071 (Unspecified vulnerability in the Oracle Imaging and Process Management ...) NOT-FOR-US: Oracle Fusion Middleware -CVE-2012-0785 [Jenkins and hash collision attack] - RESERVED +CVE-2012-0785 (Hash collision attack vulnerability in Jenkins before 1.447, Jenkins L ...) - jenkins-winstone 0.9.10-jenkins-31+dfsg-1 (bug #655553) - jenkins-executable-war 1.25-1 (bug #655554) - jenkins 1.409.3+dfsg-2 diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 4c5658c17e..278389d573 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -2,8 +2,7 @@ CVE-2015-9543 (An issue was discovered in OpenStack Nova before 18.2.4, 19.x bef - nova <unfixed> (bug #951635) NOTE: https://launchpad.net/bugs/1492140 NOTE: https://review.opendev.org/220622 -CVE-2015-9542 [buffer overflow in password field] - RESERVED +CVE-2015-9542 (add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correct ...) {DLA-2116-1} - libpam-radius-auth 1.4.0-3 (bug #951396) NOTE: https://github.com/FreeRADIUS/pam_radius/commit/01173ec diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 775a249d19..083a6a104f 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,3 +1,5 @@ +CVE-2016-11020 (Kunena before 5.0.4 does not restrict avatar file extensions to gif, j ...) + TODO: check CVE-2016-11019 RESERVED CVE-2016-11018 (An issue was discovered in the Huge-IT gallery-images plugin before 1. ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index bd8923b4ee..fd25f911b0 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -16807,8 +16807,8 @@ CVE-2018-14707 (Directory traversal in the Drobo Pix web application on Drobo 5N NOT-FOR-US: Drobo Pix web application on Drobo 5N2 NAS CVE-2018-14706 (System command injection in the /DroboPix/api/drobopix/demo endpoint o ...) NOT-FOR-US: Drobo 5N2 NAS -CVE-2018-14705 - RESERVED +CVE-2018-14705 (In Drobo 5N2 4.0.5, all optional applications lack any form of authent ...) + TODO: check CVE-2018-14704 (Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS vers ...) NOT-FOR-US: Drobo 5N2 NAS CVE-2018-14703 (Incorrect access control in the /mysql/api/droboapp/data endpoint in D ...) @@ -20442,8 +20442,8 @@ CVE-2018-13315 (Incorrect access control in formPasswordSetup in TOTOLINK A3002R NOT-FOR-US: TOTOLINK CVE-2018-13314 (System command injection in formAliasIp in TOTOLINK A3002RU version 1. ...) NOT-FOR-US: TOTOLINK -CVE-2018-13313 - RESERVED +CVE-2018-13313 (In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the ...) + TODO: check CVE-2018-13312 (Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0 ...) NOT-FOR-US: TOTOLINK CVE-2018-13311 (System command injection in formDlna in TOTOLINK A3002RU version 1.0.8 ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 8fb33cdc3f..1c7a418c00 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,7 @@ +CVE-2019-20481 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Fun ...) + TODO: check +CVE-2019-20480 (In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website vis ...) + TODO: check CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...) - libapache2-mod-auth-openidc 2.4.1-1 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7 @@ -1103,8 +1107,8 @@ CVE-2019-20046 (The Synergy Systems & Solutions PLC & RTU system has a v NOT-FOR-US: Synergy Systems & Solutions PLC & RTU system CVE-2019-20045 (The Synergy Systems & Solutions PLC & RTU system has a vulnera ...) NOT-FOR-US: Synergy Systems & Solutions PLC & RTU system -CVE-2019-20044 [insecure dropping of privileges when unsetting PRIVILEGED option] - RESERVED +CVE-2019-20044 (In Zsh before 5.8, attackers able to execute commands can regain privi ...) + {DLA-2117-1} - zsh 5.8-1 (bug #951458) [buster] - zsh <no-dsa> (Minor issue) [stretch] - zsh <no-dsa> (Minor issue) @@ -5969,10 +5973,10 @@ CVE-2019-18185 RESERVED CVE-2019-18184 (Crestron DMC-STRO 1.0 devices allow remote command execution as root v ...) NOT-FOR-US: Crestron DMC-STRO 1.0 devices -CVE-2019-18183 - RESERVED -CVE-2019-18182 - RESERVED +CVE-2019-18183 (pacman before 5.2 is vulnerable to arbitrary command injection in lib/ ...) + TODO: check +CVE-2019-18182 (pacman before 5.2 is vulnerable to arbitrary command injection in conf ...) + TODO: check CVE-2019-18181 (In CloudVision Portal all releases in the 2018.1 and 2018.2 Code train ...) NOT-FOR-US: CloudVision Portal CVE-2019-18180 (Improper Check for filenames with overly long extensions in PostMaster ...) @@ -8113,10 +8117,10 @@ CVE-2019-17231 RESERVED CVE-2019-17230 RESERVED -CVE-2019-17229 - RESERVED -CVE-2019-17228 - RESERVED +CVE-2019-17229 (includes/options.php in the motors-car-dealership-classified-listings ...) + TODO: check +CVE-2019-17228 (includes/options.php in the motors-car-dealership-classified-listings ...) + TODO: check CVE-2019-17227 RESERVED CVE-2019-17226 (CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Modu ...) @@ -10572,7 +10576,7 @@ CVE-2019-16231 (drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not NOTE: https://lkml.org/lkml/2019/9/9/487 NOTE: Requires memory allocation failure during device probe, so unlikely to NOTE: be exploitable, and then it's only a local DoS. -CVE-2019-16230 (drivers/gpu/drm/radeon/radeon_display.c in the Linux kernel 5.2.14 doe ...) +CVE-2019-16230 (** DISPUTED ** drivers/gpu/drm/radeon/radeon_display.c in the Linux ke ...) - linux <unfixed> (unimportant) NOTE: https://lkml.org/lkml/2019/9/9/487 NOTE: Requires memory allocation failure during device probe, so unlikely to @@ -12868,8 +12872,8 @@ CVE-2019-15301 (A SQL injection vulnerability in the method Terrasoft.Core.DB.Co NOT-FOR-US: Terrasoft Bpm'online CRM-System SDK CVE-2019-15300 (A problem was found in Centreon Web through 19.04.3. An authenticated ...) - centreon-web <itp> (bug #913903) -CVE-2019-15299 - RESERVED +CVE-2019-15299 (An issue was discovered in Centreon Web through 19.04.3. When a user c ...) + TODO: check CVE-2019-15298 (A problem was found in Centreon Web through 19.04.3. An authenticated ...) - centreon-web <itp> (bug #913903) CVE-2019-15297 (res_pjsip_t38 in Sangoma Asterisk 13.21-cert4, 15.7.3, and 16.5.0 allo ...) @@ -20460,14 +20464,14 @@ CVE-2019-12515 (There is an out-of-bounds read vulnerability in the function Fla NOTE: https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar CVE-2019-12514 RESERVED -CVE-2019-12513 - RESERVED -CVE-2019-12512 - RESERVED -CVE-2019-12511 - RESERVED -CVE-2019-12510 - RESERVED +CVE-2019-12513 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP dis ...) + TODO: check +CVE-2019-12512 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execu ...) + TODO: check +CVE-2019-12511 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may execu ...) + TODO: check +CVE-2019-12510 (In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypas ...) + TODO: check CVE-2019-12509 RESERVED CVE-2019-12508 @@ -23941,7 +23945,7 @@ CVE-2019-11269 (Spring Security OAuth versions 2.3 prior to 2.3.6, 2.2 prior to CVE-2019-11268 (Cloud Foundry UAA version prior to 73.3.0, contain endpoints that cont ...) NOT-FOR-US: Cloud Foundry UAA CVE-2019-11358 (jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other produc ...) - {DSA-4460-1 DSA-4434-1 DLA-1797-1 DLA-1777-1} + {DSA-4460-1 DSA-4434-1 DLA-2118-1 DLA-1797-1 DLA-1777-1} - drupal7 <removed> (bug #927330) - jquery 3.3.1~dfsg-2 (bug #927385) [stretch] - jquery 3.1.1-2+deb9u1 @@ -25224,14 +25228,14 @@ CVE-2019-10801 RESERVED CVE-2019-10800 RESERVED -CVE-2019-10799 - RESERVED -CVE-2019-10798 - RESERVED +CVE-2019-10799 (compile-sass prior to 1.0.5 allows execution of arbritary commands. Th ...) + TODO: check +CVE-2019-10798 (rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects r ...) + TODO: check CVE-2019-10797 (Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Respo ...) TODO: check -CVE-2019-10796 - RESERVED +CVE-2019-10796 (rpi through 0.0.3 allows execution of arbritary commands. The variable ...) + TODO: check CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...) NOT-FOR-US: undefsafe CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype Pollutio ...) @@ -41439,8 +41443,8 @@ CVE-2019-4747 RESERVED CVE-2019-4746 RESERVED -CVE-2019-4745 - RESERVED +CVE-2019-4745 (IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to d ...) + TODO: check CVE-2019-4744 (IBM Financial Transaction Manager 3.0 is vulnerable to cross-site scri ...) NOT-FOR-US: IBM CVE-2019-4743 (IBM Financial Transaction Manager 3.0 does not set the secure attribut ...) @@ -41523,8 +41527,8 @@ CVE-2019-4705 RESERVED CVE-2019-4704 RESERVED -CVE-2019-4703 - RESERVED +CVE-2019-4703 (IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft ...) + TODO: check CVE-2019-4702 RESERVED CVE-2019-4701 @@ -41739,8 +41743,8 @@ CVE-2019-4597 RESERVED CVE-2019-4596 RESERVED -CVE-2019-4595 - RESERVED +CVE-2019-4595 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 c ...) + TODO: check CVE-2019-4594 RESERVED CVE-2019-4593 @@ -43888,8 +43892,8 @@ CVE-2019-3672 RESERVED CVE-2019-3671 RESERVED -CVE-2019-3670 - RESERVED +CVE-2019-3670 (Remote Code Execution vulnerability in the web interface in McAfee Web ...) + TODO: check CVE-2019-3669 RESERVED CVE-2019-3668 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index a4ac91c0af..f9b3004b4f 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,4 +1,28 @@ -CVE-2020-9366 +CVE-2020-9374 (On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vu ...) + TODO: check +CVE-2020-9373 + RESERVED +CVE-2020-9372 + RESERVED +CVE-2020-9371 + RESERVED +CVE-2020-9370 + RESERVED +CVE-2020-9369 (Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial ...) + TODO: check +CVE-2020-9368 + RESERVED +CVE-2020-9367 + RESERVED +CVE-2020-9365 (An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) re ...) + TODO: check +CVE-2020-9364 + RESERVED +CVE-2020-9363 (The Sophos AV parsing engine before 2020-01-14 allows virus-detection ...) + TODO: check +CVE-2020-9362 (The Quick Heal AV parsing engine (November 2019) allows virus-detectio ...) + TODO: check +CVE-2020-9366 (A buffer overflow was found in the way GNU Screen before 4.8.0 treated ...) - screen 4.8.0-1 (bug #950896) NOTE: https://lists.gnu.org/archive/html/screen-devel/2020-02/msg00007.html NOTE: https://www.openwall.com/lists/oss-security/2020/02/06/3 @@ -2586,10 +2610,10 @@ CVE-2020-8133 RESERVED CVE-2020-8132 RESERVED -CVE-2020-8131 - RESERVED -CVE-2020-8130 - RESERVED +CVE-2020-8131 (Arbitrary filesystem write vulnerability in Yarn 1.21.1 and earlier al ...) + TODO: check +CVE-2020-8130 (There is an OS command injection vulnerability in Ruby Rake < 12.3. ...) + TODO: check CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...) NOT-FOR-US: script-manager nodejs module CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities ...) @@ -8689,10 +8713,10 @@ CVE-2020-5247 RESERVED CVE-2020-5246 RESERVED -CVE-2020-5245 - RESERVED -CVE-2020-5244 - RESERVED +CVE-2020-5245 (Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary cod ...) + TODO: check +CVE-2020-5244 (In BuddyPress before 5.1.2, requests to a certain REST API endpoint ca ...) + TODO: check CVE-2020-5243 (uap-core before 0.7.3 is vulnerable to a denial of service attack when ...) TODO: check CVE-2020-5242 (openHAB before 2.5.2 allow a remote attacker to use REST calls to inst ...) @@ -8852,12 +8876,12 @@ CVE-2020-5190 RESERVED CVE-2020-5189 RESERVED -CVE-2020-5188 - RESERVED -CVE-2020-5187 - RESERVED -CVE-2020-5186 - RESERVED +CVE-2020-5188 (DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. ...) + TODO: check +CVE-2020-5187 (DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 ...) + TODO: check +CVE-2020-5186 (DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2). ...) + TODO: check CVE-2020-5185 RESERVED CVE-2020-5184 @@ -10784,8 +10808,8 @@ CVE-2020-4224 (IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive i NOT-FOR-US: IBM CVE-2020-4223 RESERVED -CVE-2020-4222 - RESERVED +CVE-2020-4222 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) + TODO: check CVE-2020-4221 RESERVED CVE-2020-4220 @@ -10802,14 +10826,14 @@ CVE-2020-4215 RESERVED CVE-2020-4214 RESERVED -CVE-2020-4213 - RESERVED -CVE-2020-4212 - RESERVED -CVE-2020-4211 - RESERVED -CVE-2020-4210 - RESERVED +CVE-2020-4213 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) + TODO: check +CVE-2020-4212 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) + TODO: check +CVE-2020-4211 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) + TODO: check +CVE-2020-4210 (IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attac ...) + TODO: check CVE-2020-4209 RESERVED CVE-2020-4208 |