diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-05-13 20:10:23 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-05-13 20:10:23 +0000 |
commit | 88963e637ac284f81dab5cf8b2b5548d671c6781 (patch) | |
tree | 3675955e4127f10aa2200058ae7236bc060702bd | |
parent | d501e8f6a3d8ae9f28ef1cb6b77ecc00a84b57e1 (diff) |
automatic update
-rw-r--r-- | data/CVE/2010.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 26 | ||||
-rw-r--r-- | data/CVE/2020.list | 190 |
3 files changed, 117 insertions, 101 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index cb0916131a..8d7e637d06 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -5599,7 +5599,7 @@ CVE-2010-3134 (Untrusted search path vulnerability in Google Earth 5.1.3535.3218 NOT-FOR-US: Google Earth CVE-2010-3132 (Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 buil ...) NOT-FOR-US: Adobe Dreamweaver -CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) ...) +CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit all versions 1 ...) NOT-FOR-US: TechSmith Snagit CVE-2010-3129 (Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allo ...) NOT-FOR-US: uTorrent diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 75b2da34c6..6a3ebc76d1 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,5 @@ +CVE-2019-20796 + RESERVED CVE-2019-20795 (iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ...) - iproute2 5.2.0-1 [buster] - iproute2 <no-dsa> (Minor issue) @@ -11679,8 +11681,8 @@ CVE-2019-16114 (In ATutor 2.2.4, an unauthenticated attacker can change the appl NOT-FOR-US: ATutor CVE-2019-16113 (Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-im ...) NOT-FOR-US: Bludit -CVE-2019-16112 - RESERVED +CVE-2019-16112 (TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting ...) + TODO: check CVE-2019-16111 RESERVED CVE-2019-16110 (The network protocol of Blade Shadow though 2.13.3 allows remote attac ...) @@ -12254,12 +12256,12 @@ CVE-2019-15882 RESERVED CVE-2019-15881 RESERVED -CVE-2019-15880 - RESERVED -CVE-2019-15879 - RESERVED -CVE-2019-15878 - RESERVED +CVE-2019-15880 (In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, ins ...) + TODO: check +CVE-2019-15879 (In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-ST ...) + TODO: check +CVE-2019-15878 (In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and ...) + TODO: check CVE-2019-15877 (In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-REL ...) TODO: check CVE-2019-15876 (In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEAS ...) @@ -30111,8 +30113,8 @@ CVE-2019-9684 RESERVED CVE-2019-9683 RESERVED -CVE-2019-9682 - RESERVED +CVE-2019-9682 (Dahua devices with Build time before December 2019 use strong security ...) + TODO: check CVE-2019-9681 (Online upgrade information in some firmware packages of Dahua products ...) NOT-FOR-US: Dahua CVE-2019-9680 (Some Dahua products have information leakage issues. Attackers can obt ...) @@ -47657,8 +47659,8 @@ CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged - mongodb <removed> (low) [stretch] - mongodb <ignored> (Minor issue) [jessie] - mongodb <ignored> (Minor issue) -CVE-2019-2388 - RESERVED +CVE-2019-2388 (In affected Ops Manager versions there is an exposed http route was th ...) + TODO: check CVE-2019-2387 RESERVED CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation of aut ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 66be527869..d756400847 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,17 @@ +CVE-2020-12833 + RESERVED +CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. ...) + TODO: check +CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ...) + TODO: check +CVE-2020-12830 + RESERVED +CVE-2020-12829 + RESERVED +CVE-2020-12828 + RESERVED +CVE-2020-12827 + RESERVED CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...) - linux 5.6.7-1 [buster] - linux 4.19.118-1 @@ -146,8 +160,8 @@ CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&action=view& NOT-FOR-US: Solis Miolo CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. ...) NOT-FOR-US: Gnuteca -CVE-2020-12763 - RESERVED +CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...) + TODO: check CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...) - json-c <unfixed> (bug #960326) NOTE: https://github.com/json-c/json-c/pull/592 @@ -199,8 +213,8 @@ CVE-2020-12744 RESERVED CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does ...) NOT-FOR-US: Gazie -CVE-2020-12742 - RESERVED +CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does ...) + TODO: check CVE-2020-12741 RESERVED CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ...) @@ -286,14 +300,14 @@ CVE-2020-12702 RESERVED CVE-2020-12701 RESERVED -CVE-2020-12700 - RESERVED -CVE-2020-12699 - RESERVED -CVE-2020-12698 - RESERVED -CVE-2020-12697 - RESERVED +CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...) + TODO: check +CVE-2020-12699 (The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect ...) + TODO: check +CVE-2020-12698 (The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Co ...) + TODO: check +CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Ser ...) + TODO: check CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...) NOT-FOR-US: iframe plugin for WordPress CVE-2020-12695 @@ -395,7 +409,7 @@ CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There - linux 5.6.7-1 [buster] - linux 4.19.118-1 NOTE: https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1) -CVE-2020-12656 (gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_g ...) +CVE-2020-12656 (** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c ...) - linux <unfixed> (unimportant) NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651 NOTE: Issue is triggered only at module reloading / rebinding @@ -890,8 +904,8 @@ CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that NOT-FOR-US: Online Course Registration CVE-2020-12428 RESERVED -CVE-2020-12427 - RESERVED +CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...) + TODO: check CVE-2020-12426 RESERVED CVE-2020-12425 @@ -2973,7 +2987,7 @@ CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with NOT-FOR-US: OpsRamp Gateway CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...) NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices -CVE-2020-11541 (In TechSmith SnagIt before 20.1.1, an XML External Entity (XXE) inject ...) +CVE-2020-11541 (In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE ...) NOT-FOR-US: TechSmith SnagIt CVE-2020-11540 RESERVED @@ -3961,14 +3975,14 @@ CVE-2020-11075 RESERVED CVE-2020-11074 RESERVED -CVE-2020-11073 - RESERVED +CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...) + TODO: check CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1, users ...) TODO: check CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability w ...) TODO: check -CVE-2020-11070 - RESERVED +CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulne ...) + TODO: check CVE-2020-11069 RESERVED CVE-2020-11068 @@ -5138,8 +5152,8 @@ CVE-2020-10656 RESERVED CVE-2020-10655 RESERVED -CVE-2020-10654 - RESERVED +CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...) + TODO: check CVE-2020-10653 RESERVED CVE-2020-10652 @@ -7594,10 +7608,10 @@ CVE-2020-9504 RESERVED CVE-2020-9503 RESERVED -CVE-2020-9502 - RESERVED -CVE-2020-9501 - RESERVED +CVE-2020-9502 (Some Dahua products with Build time before December 2019 have Session ...) + TODO: check +CVE-2020-9501 (Attackers can obtain Cloud Key information from the Dahua Web P2P cont ...) + TODO: check CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...) NOT-FOR-US: Dahua CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...) @@ -10867,8 +10881,8 @@ CVE-2020-8022 RESERVED CVE-2020-8021 RESERVED -CVE-2020-8020 - RESERVED +CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...) + TODO: check CVE-2020-8019 RESERVED CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...) @@ -12065,10 +12079,10 @@ CVE-2020-7457 RESERVED CVE-2020-7456 RESERVED -CVE-2020-7455 - RESERVED -CVE-2020-7454 - RESERVED +CVE-2020-7455 (In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-ST ...) + TODO: check +CVE-2020-7454 (In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-ST ...) + TODO: check CVE-2020-7453 (In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEAS ...) - kfreebsd-10 <unfixed> (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:08.jail.asc @@ -15844,8 +15858,8 @@ CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Ent NOT-FOR-US: HashBrown CMS CVE-2020-5839 RESERVED -CVE-2020-5838 - RESERVED +CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-s ...) + TODO: check CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...) TODO: check CVE-2020-5836 (Symantec Endpoint Protection, prior to 14.3, can potentially reset the ...) @@ -16717,8 +16731,8 @@ CVE-2020-5409 RESERVED CVE-2020-5408 RESERVED -CVE-2020-5407 - RESERVED +CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 ...) + TODO: check CVE-2020-5406 (VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6. ...) NOT-FOR-US: VMware CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...) @@ -19051,8 +19065,8 @@ CVE-2020-4314 RESERVED CVE-2020-4313 RESERVED -CVE-2020-4312 - RESERVED +CVE-2020-4312 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 co ...) + TODO: check CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute ar ...) NOT-FOR-US: IBM CVE-2020-4310 @@ -23913,58 +23927,58 @@ CVE-2020-2020 RESERVED CVE-2020-2019 RESERVED -CVE-2020-2018 - RESERVED -CVE-2020-2017 - RESERVED -CVE-2020-2016 - RESERVED -CVE-2020-2015 - RESERVED -CVE-2020-2014 - RESERVED -CVE-2020-2013 - RESERVED -CVE-2020-2012 - RESERVED -CVE-2020-2011 - RESERVED -CVE-2020-2010 - RESERVED -CVE-2020-2009 - RESERVED -CVE-2020-2008 - RESERVED -CVE-2020-2007 - RESERVED -CVE-2020-2006 - RESERVED -CVE-2020-2005 - RESERVED -CVE-2020-2004 - RESERVED -CVE-2020-2003 - RESERVED -CVE-2020-2002 - RESERVED -CVE-2020-2001 - RESERVED +CVE-2020-2018 (An authentication bypass vulnerability in Palo Alto Networks PAN-OS Pa ...) + TODO: check +CVE-2020-2017 (A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Pa ...) + TODO: check +CVE-2020-2016 (A race condition due to insecure creation of a file in a temporary dir ...) + TODO: check +CVE-2020-2015 (A buffer overflow vulnerability in the PAN-OS management server allows ...) + TODO: check +CVE-2020-2014 (An OS Command Injection vulnerability in PAN-OS management server allo ...) + TODO: check +CVE-2020-2013 (A cleartext transmission of sensitive information vulnerability in Pal ...) + TODO: check +CVE-2020-2012 (Improper restriction of XML external entity reference ('XXE') vulnerab ...) + TODO: check +CVE-2020-2011 (An improper input validation vulnerability in the configuration daemon ...) + TODO: check +CVE-2020-2010 (An OS command injection vulnerability in PAN-OS management interface a ...) + TODO: check +CVE-2020-2009 (An external control of filename vulnerability in the SD WAN component ...) + TODO: check +CVE-2020-2008 (An OS command injection and external control of filename vulnerability ...) + TODO: check +CVE-2020-2007 (An OS command injection vulnerability in the management server compone ...) + TODO: check +CVE-2020-2006 (A stack-based buffer overflow vulnerability in the management server c ...) + TODO: check +CVE-2020-2005 (A cross-site scripting (XSS) vulnerability exists when visiting malici ...) + TODO: check +CVE-2020-2004 (Under certain circumstances a user's password may be logged in clearte ...) + TODO: check +CVE-2020-2003 (An external control of filename vulnerability in the command processin ...) + TODO: check +CVE-2020-2002 (An authentication bypass by spoofing vulnerability exists in the authe ...) + TODO: check +CVE-2020-2001 (An external control of path and data vulnerability in the Palo Alto Ne ...) + TODO: check CVE-2020-2000 RESERVED CVE-2020-1999 RESERVED -CVE-2020-1998 - RESERVED -CVE-2020-1997 - RESERVED -CVE-2020-1996 - RESERVED -CVE-2020-1995 - RESERVED -CVE-2020-1994 - RESERVED -CVE-2020-1993 - RESERVED +CVE-2020-1998 (An improper authorization vulnerability in PAN-OS that mistakenly uses ...) + TODO: check +CVE-2020-1997 (An open redirection vulnerability in the GlobalProtect component of Pa ...) + TODO: check +CVE-2020-1996 (A missing authorization vulnerability in the management server compone ...) + TODO: check +CVE-2020-1995 (A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS ...) + TODO: check +CVE-2020-1994 (A predictable temporary file vulnerability in PAN-OS allows a local au ...) + TODO: check +CVE-2020-1993 (The GlobalProtect Portal feature in PAN-OS does not set a new session ...) + TODO: check CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...) NOT-FOR-US: Palo Alto Networks CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...) @@ -24551,6 +24565,7 @@ CVE-2020-1765 (An improper control of parameters allows the spoofing of the from CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default configurat ...) NOT-FOR-US: Kiali CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon of lib ...) + {DSA-4684-1} - libreswan <unfixed> (bug #960458) NOTE: Introduced by: https://github.com/libreswan/libreswan/commit/fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 (v3.27) NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 @@ -24755,8 +24770,7 @@ CVE-2020-1716 NOT-FOR-US: ceph-ansible CVE-2020-1715 RESERVED -CVE-2020-1714 - RESERVED +CVE-2020-1714 (A flaw was found in Keycloak before version 11.0.0, where the code bas ...) NOT-FOR-US: Keycloak CVE-2020-1713 RESERVED |