diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-21 20:10:31 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-21 20:10:31 +0000 |
commit | 959918046f11791f3e87e1090b0b9d340d4841d1 (patch) | |
tree | db1957fdecca2a4f8dfaf7aef2bb1116b33aea1a | |
parent | 424c73afde96554cc31de9c3fff0b4a4ae528501 (diff) |
automatic update
-rw-r--r-- | data/CVE/2011.list | 21 | ||||
-rw-r--r-- | data/CVE/2012.list | 4 | ||||
-rw-r--r-- | data/CVE/2014.list | 4 | ||||
-rw-r--r-- | data/CVE/2015.list | 8 | ||||
-rw-r--r-- | data/CVE/2016.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 74 | ||||
-rw-r--r-- | data/CVE/2020.list | 476 |
7 files changed, 512 insertions, 79 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 8214c62af3..6cf388d753 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -119,8 +119,8 @@ CVE-2011-5284 (Cross-site request forgery (CSRF) vulnerability in the web manage NOT-FOR-US: Smoothwall CVE-2011-5283 (Cross-site scripting (XSS) vulnerability in the web management interfa ...) NOT-FOR-US: Smoothwall -CVE-2011-5282 - RESERVED +CVE-2011-5282 (mIRC prior to 7.22 has a message leak because chopping of outbound mes ...) + TODO: check CVE-2011-5374 RESERVED CVE-2011-5281 @@ -2344,8 +2344,7 @@ CVE-2011-4324 (The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux - linux-2.6 <not-affected> (RHEL5-specific backport error) CVE-2011-4323 REJECTED -CVE-2011-4322 - RESERVED +CVE-2011-4322 (websitebaker prior to and including 2.8.1 has an authentication error ...) NOT-FOR-US: websitebaker CVE-2011-4321 (The password reset functionality in Joomla! 1.5.x through 1.5.24 uses ...) NOT-FOR-US: Joomla! @@ -2894,11 +2893,9 @@ CVE-2011-4096 (The idnsGrokReply function in Squid before 3.1.16 does not proper {DSA-2381-1} - squid3 3.1.16-1 [lenny] - squid3 <not-affected> (no IPv6 support) -CVE-2011-4095 - RESERVED +CVE-2011-4095 (Jara 1.6 has an XSS vulnerability ...) NOT-FOR-US: Jara -CVE-2011-4094 - RESERVED +CVE-2011-4094 (Jara 1.6 has a SQL injection vulnerability. ...) NOT-FOR-US: Jara CVE-2011-4093 (Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 ...) - net6 1:1.3.14-1 (low; bug #647318) @@ -7055,10 +7052,10 @@ CVE-2011-2671 (Unspecified vulnerability in Megalith 12th edition through 27th e CVE-2011-2670 (Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of C ...) - firefox <not-affected> (Fixed before initial upload renamed as src:firefox) - firefox-esr <not-affected> (Fixed before initial upload renamed as src:firefox-esr) -CVE-2011-2669 - RESERVED -CVE-2011-2668 - RESERVED +CVE-2011-2669 (Mozilla Firefox prior to 3.6 has a DoS vulnerability due to an issue i ...) + TODO: check +CVE-2011-2668 (Mozilla Firefox through 1.5.0.3 has a vulnerability in processing the ...) + TODO: check CVE-2011-2667 (Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway Sec ...) NOT-FOR-US: CA Gateway Security for HTTP CVE-2011-2666 (The default configuration of the SIP channel driver in Asterisk Open S ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index fc2f2fb7ab..fac8a83e0e 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -3828,8 +3828,8 @@ CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in Bit NOT-FOR-US: Bitweaver CVE-2012-5191 RESERVED -CVE-2012-5190 - RESERVED +CVE-2012-5190 (Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability ...) + TODO: check CVE-2012-5189 REJECTED CVE-2012-5188 (Untrusted search path vulnerability in mora Downloader before 1.0.0.1 ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index f0f6e8595b..3039349a58 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -20129,8 +20129,8 @@ CVE-2014-2706 (Race condition in the mac80211 subsystem in the Linux kernel befo NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba CVE-2014-2686 (Ansible prior to 1.5.4 mishandles the evaluation of some strings. ...) - ansible 1.5.4+dfsg-1 -CVE-2014-2680 - RESERVED +CVE-2014-2680 (The update process in Xmind 3.4.1 and earlier allow remote attackers t ...) + TODO: check CVE-2014-2679 RESERVED CVE-2014-2677 diff --git a/data/CVE/2015.list b/data/CVE/2015.list index ae098ac39b..5c0ad42189 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -7840,7 +7840,7 @@ CVE-2015-6910 (SQL injection vulnerability in Synology Video Station before 1.5- CVE-2015-6909 (Cross-site scripting (XSS) vulnerability in the "Create download task ...) NOT-FOR-US: Synology Download Station CVE-2015-6907 - RESERVED + REJECTED CVE-2015-6906 REJECTED CVE-2015-6905 @@ -19313,8 +19313,8 @@ CVE-2015-2942 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1 NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1 CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 h ...) NOT-FOR-US: MyBB -CVE-2015-2784 - RESERVED +CVE-2015-2784 (The papercrop gem before 0.3.0 for Ruby on Rails does not properly han ...) + TODO: check CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x b ...) {DSA-3280-1 DLA-212-1} - php5 5.6.9+dfsg-1 @@ -21927,7 +21927,7 @@ CVE-2015-1863 (Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allo CVE-2015-1862 (The crash reporting feature in Abrt allows local users to gain privile ...) NOT-FOR-US: abrt is Red Hat / Fedora specific CVE-2015-1861 - RESERVED + REJECTED CVE-2015-1860 (Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase m ...) {DLA-210-1} - qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index ab614bb7bb..118a1faeee 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1,5 +1,5 @@ -CVE-2016-11018 - RESERVED +CVE-2016-11018 (An issue was discovered in the Huge-IT gallery-images plugin before 1. ...) + TODO: check CVE-2016-11017 (The application login page in AKIPS Network Monitor 15.37 through 16.5 ...) NOT-FOR-US: AKIPS Network Monitor CVE-2016-11016 (NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 3cb4cd7004..3aae0f43d8 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -2063,8 +2063,8 @@ CVE-2019-19594 (reset/modules/fotoliaFoto/multi_upload.php in the RESET.PRO Adob NOT-FOR-US: Adobe Stock API integration for PrestaShop CVE-2019-19593 RESERVED -CVE-2019-19592 - RESERVED +CVE-2019-19592 (Jama Connect 8.44.0 has XSS via the "Import File and Destination" tab ...) + TODO: check CVE-2019-19591 RESERVED CVE-2019-19590 (In radare2 through 4.0, there is an integer overflow for the variable ...) @@ -2524,8 +2524,8 @@ CVE-2019-19413 RESERVED CVE-2019-19412 RESERVED -CVE-2019-19411 - RESERVED +CVE-2019-19411 (USG9500 with versions of V500R001C30SPC100, V500R001C30SPC200, V500R00 ...) + TODO: check CVE-2019-19410 RESERVED CVE-2019-19409 @@ -2562,8 +2562,8 @@ CVE-2019-19394 RESERVED CVE-2019-19393 RESERVED -CVE-2019-19392 - RESERVED +CVE-2019-19392 (The forDNN.UsersExportImport module before 1.2.0 for DNN (formerly Dot ...) + TODO: check CVE-2019-19391 (** DISPUTED ** In LuaJIT through 2.0.5, as used in Moonjit before 2.1. ...) - luajit <unfixed> (bug #946053; unimportant) NOTE: https://github.com/LuaJIT/LuaJIT/pull/526 @@ -2661,8 +2661,7 @@ CVE-2019-19346 RESERVED CVE-2019-19345 RESERVED -CVE-2019-19344 [Use after free during DNS zone scavenging in Samba AD DC] - RESERVED +CVE-2019-19344 (There is a use-after-free issue in all samba 4.9.x versions before 4.9 ...) - samba <unfixed> [buster] - samba <no-dsa> (Minor issue) [stretch] - samba <not-affected> (Only affects Samba 4.9 onwards) @@ -3758,8 +3757,7 @@ CVE-2019-18934 (Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec NOTE: https://nlnetlabs.nl/downloads/unbound/CVE-2019-18934.txt CVE-2019-18933 (In Zulip Server versions from 1.7.0 to before 2.0.7, a bug in the new ...) NOT-FOR-US: Zulip -CVE-2019-18932 [sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector] - RESERVED +CVE-2019-18932 (log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows ...) - sarg <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2020/01/20/6 NOTE: The sarg-reports as shipped in Debian has already safe use of mktemp for @@ -7414,7 +7412,7 @@ CVE-2019-17362 (In LibTomCrypt through 1.18.2, the der_decode_utf8_string functi [stretch] - libtomcrypt <no-dsa> (Minor issue) NOTE: https://github.com/libtom/libtomcrypt/issues/507 NOTE: https://github.com/libtom/libtomcrypt/pull/508 -CVE-2019-17361 (In SaltStack Salt through 2019.2.0, the salt-api NEST API with the ssh ...) +CVE-2019-17361 (In SaltStack Salt through 2019.2.0, the salt-api NET API with the ssh ...) - salt <unfixed> (bug #949222) NOTE: https://github.com/saltstack/salt/commit/bca115f3f00fbde564dd2f12bf036b5d2fd08387 CVE-2019-17360 (A vulnerability in Hitachi Command Suite 7.x and 8.x before 8.7.0-00 a ...) @@ -7428,8 +7426,7 @@ CVE-2019-17358 (Cacti through 1.2.7 is affected by multiple instances of lib/fun - cacti 1.2.8+ds1-1 (bug #947375) NOTE: https://github.com/Cacti/cacti/issues/3026 NOTE: https://github.com/Cacti/cacti/commit/adf221344359f5b02b8aed43dfb6b33ae5d708c8 -CVE-2019-17357 - RESERVED +CVE-2019-17357 (Cacti through 1.2.7 is affected by a graphs.php?template_id= SQL injec ...) - cacti 1.2.8+ds1-1 (bug #947374) [buster] - cacti 1.2.2+ds1-2+deb10u2 [stretch] - cacti <not-affected> (Vulnerable code not present) @@ -13369,8 +13366,7 @@ CVE-2019-14909 (A vulnerability was found in Keycloak 7.x where the user federat NOT-FOR-US: Keycloak CVE-2019-14908 RESERVED -CVE-2019-14907 [Crash after failed character conversion at log level 3 or above] - RESERVED +CVE-2019-14907 (All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11 ...) - samba <unfixed> [buster] - samba <no-dsa> (Minor issue) [stretch] - samba <no-dsa> (Minor issue) @@ -13393,8 +13389,7 @@ CVE-2019-14904 [vulnerability in solaris_zone module via crafted solaris zone] NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1776944 CVE-2019-14903 RESERVED -CVE-2019-14902 [Replication of ACLs set to inherit down a subtree on AD Directory not automatic] - RESERVED +CVE-2019-14902 (There is an issue in all samba 4.11.x versions before 4.11.5, all samb ...) - samba <unfixed> [buster] - samba <no-dsa> (Minor issue) [stretch] - samba <no-dsa> (Minor issue) @@ -13926,14 +13921,14 @@ CVE-2019-14770 (In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, s - backdrop <itp> (bug #914257) CVE-2019-14769 (Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't suf ...) - backdrop <itp> (bug #914257) -CVE-2019-14768 - RESERVED -CVE-2019-14767 - RESERVED -CVE-2019-14766 - RESERVED -CVE-2019-14765 - RESERVED +CVE-2019-14768 (An Arbitrary File Upload issue in the file browser of DIMO YellowBox C ...) + TODO: check +CVE-2019-14767 (In DIMO YellowBox CRM before 6.3.4, Path Traversal in images/Apparence ...) + TODO: check +CVE-2019-14766 (Path Traversal in the file browser of DIMO YellowBox CRM before 6.3.4 ...) + TODO: check +CVE-2019-14765 (Incorrect Access Control in AfficheExplorateurParam() in DIMO YellowBo ...) + TODO: check CVE-2019-14764 RESERVED CVE-2019-14763 (In the Linux kernel before 4.16.4, a double-locking error in drivers/u ...) @@ -38502,29 +38497,29 @@ CVE-2019-5716 (In Wireshark 2.6.0 to 2.6.5, the 6LoWPAN dissector could crash. T CVE-2019-5715 (All versions of SilverStripe 3 prior to 3.6.7 and 3.7.3, and all versi ...) NOT-FOR-US: SilverStripe CVE-2019-5714 - RESERVED + REJECTED CVE-2019-5713 - RESERVED + REJECTED CVE-2019-5712 - RESERVED + REJECTED CVE-2019-5711 - RESERVED + REJECTED CVE-2019-5710 - RESERVED + REJECTED CVE-2019-5709 - RESERVED + REJECTED CVE-2019-5708 - RESERVED + REJECTED CVE-2019-5707 - RESERVED + REJECTED CVE-2019-5706 - RESERVED + REJECTED CVE-2019-5705 - RESERVED + REJECTED CVE-2019-5704 - RESERVED + REJECTED CVE-2019-5703 - RESERVED + REJECTED CVE-2019-5702 (NVIDIA GeForce Experience, all versions prior to 3.20.2, contains a vu ...) NOT-FOR-US: NVIDIA CVE-2019-5701 (NVIDIA GeForce Experience, all versions prior to 3.20.1, contains a vu ...) @@ -42551,8 +42546,7 @@ CVE-2019-3866 (An information-exposure vulnerability was discovered where openst CVE-2019-3865 RESERVED NOT-FOR-US: Quay -CVE-2019-3864 - RESERVED +CVE-2019-3864 (A vulnerability was discovered in all quay-2 versions before quay-3.0. ...) NOT-FOR-US: Quay CVE-2019-3863 (A flaw was found in libssh2 before 1.8.1. A server could send a multip ...) {DSA-4431-1 DLA-1730-1} @@ -44550,7 +44544,7 @@ CVE-2019-2991 (Vulnerability in the MySQL Server product of Oracle MySQL (compon - mysql-5.7 <not-affected> (Only affects MySQL 8) CVE-2019-2990 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) NOT-FOR-US: Oracle -CVE-2019-2989 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) +CVE-2019-2989 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4548-1 DSA-4546-1 DLA-2023-1} - openjdk-11 11.0.5+10-1 - openjdk-8 8u232-b09-1 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 12e7273ea8..49a304ff56 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,11 +1,455 @@ +CVE-2020-7471 + RESERVED +CVE-2020-7470 (Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the ...) + TODO: check +CVE-2020-7469 + RESERVED +CVE-2020-7468 + RESERVED +CVE-2020-7467 + RESERVED +CVE-2020-7466 + RESERVED +CVE-2020-7465 + RESERVED +CVE-2020-7464 + RESERVED +CVE-2020-7463 + RESERVED +CVE-2020-7462 + RESERVED +CVE-2020-7461 + RESERVED +CVE-2020-7460 + RESERVED +CVE-2020-7459 + RESERVED +CVE-2020-7458 + RESERVED +CVE-2020-7457 + RESERVED +CVE-2020-7456 + RESERVED +CVE-2020-7455 + RESERVED +CVE-2020-7454 + RESERVED +CVE-2020-7453 + RESERVED +CVE-2020-7452 + RESERVED +CVE-2020-7451 + RESERVED +CVE-2020-7450 + RESERVED +CVE-2020-7449 + RESERVED +CVE-2020-7448 + RESERVED +CVE-2020-7447 + RESERVED +CVE-2020-7446 + RESERVED +CVE-2020-7445 + RESERVED +CVE-2020-7444 + RESERVED +CVE-2020-7443 + RESERVED +CVE-2020-7442 + RESERVED +CVE-2020-7441 + RESERVED +CVE-2020-7440 + RESERVED +CVE-2020-7439 + RESERVED +CVE-2020-7438 + RESERVED +CVE-2020-7437 + RESERVED +CVE-2020-7436 + RESERVED +CVE-2020-7435 + RESERVED +CVE-2020-7434 + RESERVED +CVE-2020-7433 + RESERVED +CVE-2020-7432 + RESERVED +CVE-2020-7431 + RESERVED +CVE-2020-7430 + RESERVED +CVE-2020-7429 + RESERVED +CVE-2020-7428 + RESERVED +CVE-2020-7427 + RESERVED +CVE-2020-7426 + RESERVED +CVE-2020-7425 + RESERVED +CVE-2020-7424 + RESERVED +CVE-2020-7423 + RESERVED +CVE-2020-7422 + RESERVED +CVE-2020-7421 + RESERVED +CVE-2020-7420 + RESERVED +CVE-2020-7419 + RESERVED +CVE-2020-7418 + RESERVED +CVE-2020-7417 + RESERVED +CVE-2020-7416 + RESERVED +CVE-2020-7415 + RESERVED +CVE-2020-7414 + RESERVED +CVE-2020-7413 + RESERVED +CVE-2020-7412 + RESERVED +CVE-2020-7411 + RESERVED +CVE-2020-7410 + RESERVED +CVE-2020-7409 + RESERVED +CVE-2020-7408 + RESERVED +CVE-2020-7407 + RESERVED +CVE-2020-7406 + RESERVED +CVE-2020-7405 + RESERVED +CVE-2020-7404 + RESERVED +CVE-2020-7403 + RESERVED +CVE-2020-7402 + RESERVED +CVE-2020-7401 + RESERVED +CVE-2020-7400 + RESERVED +CVE-2020-7399 + RESERVED +CVE-2020-7398 + RESERVED +CVE-2020-7397 + RESERVED +CVE-2020-7396 + RESERVED +CVE-2020-7395 + RESERVED +CVE-2020-7394 + RESERVED +CVE-2020-7393 + RESERVED +CVE-2020-7392 + RESERVED +CVE-2020-7391 + RESERVED +CVE-2020-7390 + RESERVED +CVE-2020-7389 + RESERVED +CVE-2020-7388 + RESERVED +CVE-2020-7387 + RESERVED +CVE-2020-7386 + RESERVED +CVE-2020-7385 + RESERVED +CVE-2020-7384 + RESERVED +CVE-2020-7383 + RESERVED +CVE-2020-7382 + RESERVED +CVE-2020-7381 + RESERVED +CVE-2020-7380 + RESERVED +CVE-2020-7379 + RESERVED +CVE-2020-7378 + RESERVED +CVE-2020-7377 + RESERVED +CVE-2020-7376 + RESERVED +CVE-2020-7375 + RESERVED +CVE-2020-7374 + RESERVED +CVE-2020-7373 + RESERVED +CVE-2020-7372 + RESERVED +CVE-2020-7371 + RESERVED +CVE-2020-7370 + RESERVED +CVE-2020-7369 + RESERVED +CVE-2020-7368 + RESERVED +CVE-2020-7367 + RESERVED +CVE-2020-7366 + RESERVED +CVE-2020-7365 + RESERVED +CVE-2020-7364 + RESERVED +CVE-2020-7363 + RESERVED +CVE-2020-7362 + RESERVED +CVE-2020-7361 + RESERVED +CVE-2020-7360 + RESERVED +CVE-2020-7359 + RESERVED +CVE-2020-7358 + RESERVED +CVE-2020-7357 + RESERVED +CVE-2020-7356 + RESERVED +CVE-2020-7355 + RESERVED +CVE-2020-7354 + RESERVED +CVE-2020-7353 + RESERVED +CVE-2020-7352 + RESERVED +CVE-2020-7351 + RESERVED +CVE-2020-7350 + RESERVED +CVE-2020-7349 + RESERVED +CVE-2020-7348 + RESERVED +CVE-2020-7347 + RESERVED +CVE-2020-7346 + RESERVED +CVE-2020-7345 + RESERVED +CVE-2020-7344 + RESERVED +CVE-2020-7343 + RESERVED +CVE-2020-7342 + RESERVED +CVE-2020-7341 + RESERVED +CVE-2020-7340 + RESERVED +CVE-2020-7339 + RESERVED +CVE-2020-7338 + RESERVED +CVE-2020-7337 + RESERVED +CVE-2020-7336 + RESERVED +CVE-2020-7335 + RESERVED +CVE-2020-7334 + RESERVED +CVE-2020-7333 + RESERVED +CVE-2020-7332 + RESERVED +CVE-2020-7331 + RESERVED +CVE-2020-7330 + RESERVED +CVE-2020-7329 + RESERVED +CVE-2020-7328 + RESERVED +CVE-2020-7327 + RESERVED +CVE-2020-7326 + RESERVED +CVE-2020-7325 + RESERVED +CVE-2020-7324 + RESERVED +CVE-2020-7323 + RESERVED +CVE-2020-7322 + RESERVED +CVE-2020-7321 + RESERVED +CVE-2020-7320 + RESERVED +CVE-2020-7319 + RESERVED +CVE-2020-7318 + RESERVED +CVE-2020-7317 + RESERVED +CVE-2020-7316 + RESERVED +CVE-2020-7315 + RESERVED +CVE-2020-7314 + RESERVED +CVE-2020-7313 + RESERVED +CVE-2020-7312 + RESERVED +CVE-2020-7311 + RESERVED +CVE-2020-7310 + RESERVED +CVE-2020-7309 + RESERVED +CVE-2020-7308 + RESERVED +CVE-2020-7307 + RESERVED +CVE-2020-7306 + RESERVED +CVE-2020-7305 + RESERVED +CVE-2020-7304 + RESERVED +CVE-2020-7303 + RESERVED +CVE-2020-7302 + RESERVED +CVE-2020-7301 + RESERVED +CVE-2020-7300 + RESERVED +CVE-2020-7299 + RESERVED +CVE-2020-7298 + RESERVED +CVE-2020-7297 + RESERVED +CVE-2020-7296 + RESERVED +CVE-2020-7295 + RESERVED +CVE-2020-7294 + RESERVED +CVE-2020-7293 + RESERVED +CVE-2020-7292 + RESERVED +CVE-2020-7291 + RESERVED +CVE-2020-7290 + RESERVED +CVE-2020-7289 + RESERVED +CVE-2020-7288 + RESERVED +CVE-2020-7287 + RESERVED +CVE-2020-7286 + RESERVED +CVE-2020-7285 + RESERVED +CVE-2020-7284 + RESERVED +CVE-2020-7283 + RESERVED +CVE-2020-7282 + RESERVED +CVE-2020-7281 + RESERVED +CVE-2020-7280 + RESERVED +CVE-2020-7279 + RESERVED +CVE-2020-7278 + RESERVED +CVE-2020-7277 + RESERVED +CVE-2020-7276 + RESERVED +CVE-2020-7275 + RESERVED +CVE-2020-7274 + RESERVED +CVE-2020-7273 + RESERVED +CVE-2020-7272 + RESERVED +CVE-2020-7271 + RESERVED +CVE-2020-7270 + RESERVED +CVE-2020-7269 + RESERVED +CVE-2020-7268 + RESERVED +CVE-2020-7267 + RESERVED +CVE-2020-7266 + RESERVED +CVE-2020-7265 + RESERVED +CVE-2020-7264 + RESERVED +CVE-2020-7263 + RESERVED +CVE-2020-7262 + RESERVED +CVE-2020-7261 + RESERVED +CVE-2020-7260 + RESERVED +CVE-2020-7259 + RESERVED +CVE-2020-7258 + RESERVED +CVE-2020-7257 + RESERVED +CVE-2020-7256 + RESERVED +CVE-2020-7255 + RESERVED +CVE-2020-7254 + RESERVED +CVE-2020-7253 + RESERVED +CVE-2020-7252 + RESERVED +CVE-2020-7251 + RESERVED +CVE-2020-7250 + RESERVED CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...) NOT-FOR-US: SMC D3G0804W devices CVE-2020-7248 RESERVED CVE-2020-7247 RESERVED -CVE-2020-7246 - RESERVED +CVE-2020-7246 (A remote code execution (RCE) vulnerability exists in qdPM 9.1 and ear ...) + TODO: check CVE-2020-7245 RESERVED CVE-2020-7244 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated admi ...) @@ -40,8 +484,8 @@ CVE-2020-7231 (Evoko Home 1.31 devices provide different error messages for fail NOT-FOR-US: Evoko Home devices CVE-2020-7230 RESERVED -CVE-2020-7229 - RESERVED +CVE-2020-7229 (An issue was discovered in Simplejobscript.com SJS before 1.65. There ...) + TODO: check CVE-2020-7228 RESERVED CVE-2020-7227 (Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosur ...) @@ -72,12 +516,11 @@ CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7. NOT-FOR-US: Gallagher Command Centre CVE-2020-7214 RESERVED -CVE-2020-7213 - RESERVED +CVE-2020-7213 (Parallels 13 uses cleartext HTTP as part of the update process, allowi ...) + TODO: check CVE-2020-7212 RESERVED -CVE-2020-7211 - RESERVED +CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ ...) - libslirp <unfixed> (unimportant) NOTE: https://bugs.launchpad.net/qemu/+bug/1812451 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 @@ -829,8 +1272,8 @@ CVE-2020-6859 (Multiple Insecure Direct Object Reference vulnerabilities in incl NOT-FOR-US: Ultimate Member plugin for WordPress CVE-2020-6858 RESERVED -CVE-2020-6857 - RESERVED +CVE-2020-6857 (CarbonFTP v1.4 uses insecure proprietary password encryption with a ha ...) + TODO: check CVE-2020-6856 RESERVED CVE-2020-6855 @@ -846,8 +1289,8 @@ CVE-2020-6851 (OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1 NOTE: https://github.com/uclouvain/openjpeg/issues/1228 CVE-2020-6850 RESERVED -CVE-2020-6849 - RESERVED +CVE-2020-6849 (The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allo ...) + TODO: check CVE-2020-6848 (Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Na ...) NOT-FOR-US: Axper Vision II 4 devices CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is exec ...) @@ -4220,8 +4663,7 @@ CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in NOT-FOR-US: uftpd CVE-2020-5203 RESERVED -CVE-2020-5202 - RESERVED +CVE-2020-5202 (apt-cacher-ng through 3.3 allows local users to obtain sensitive infor ...) - apt-cacher-ng 3.3.1-1 [buster] - apt-cacher-ng <no-dsa> (Minor issue) [stretch] - apt-cacher-ng <no-dsa> (Minor issue) @@ -9453,7 +9895,7 @@ CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of NOT-FOR-US: Oracle CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle -CVE-2020-2604 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) +CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) {DSA-4605-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 @@ -11011,8 +11453,8 @@ CVE-2020-1842 RESERVED CVE-2020-1841 RESERVED -CVE-2020-1840 - RESERVED +CVE-2020-1840 (HUAWEI Mate 20 smart phones with versions earlier than 10.0.0.175(C00E ...) + TODO: check CVE-2020-1839 RESERVED CVE-2020-1838 |