diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-31 20:10:24 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-31 20:10:24 +0000 |
commit | b4dae2fa30d56d869aa6fbce81f83bb98129457e (patch) | |
tree | a7b04cea4550e3c9df01e3e619cbbd5edb74123f | |
parent | 8f44c61e809ab6fa8e9906b39c44f73e150a04e0 (diff) |
automatic update
-rw-r--r-- | data/CVE/2011.list | 12 | ||||
-rw-r--r-- | data/CVE/2013.list | 28 | ||||
-rw-r--r-- | data/CVE/2014.list | 10 | ||||
-rw-r--r-- | data/CVE/2019.list | 12 | ||||
-rw-r--r-- | data/CVE/2020.list | 34 |
5 files changed, 46 insertions, 50 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 01f5a2f054..6fb69e7bcc 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -2809,16 +2809,13 @@ CVE-2011-4120 (Yubico PAM Module before 2.10 performed user authentication when - yubico-pam 2.10-1 CVE-2011-4119 RESERVED -CVE-2011-4117 - RESERVED +CVE-2011-4117 (The Batch::BatchRun module 1.03 for Perl does not properly handle temp ...) NOT-FOR-US: perl Batch::BatchRun CPAN module -CVE-2011-4116 [unsafe traversal of symlinks] - RESERVED +CVE-2011-4116 (_is_safe in the File::Temp module for Perl does not properly handle sy ...) - perl <unfixed> (unimportant; bug #776268) NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/6174/focus=6177 NOTE: https://github.com/Perl-Toolchain-Gang/File-Temp/issues/14 -CVE-2011-4115 - RESERVED +CVE-2011-4115 (Parallel::ForkManager module before 1.0.0 for Perl does not properly h ...) - libparallel-forkmanager-perl <not-affected> (issue introduced in 0.7.6 upstream, never in Debian) NOTE: affected code was never in Debian. Upstream fixed in 1.0.0 NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=68298 @@ -2917,8 +2914,7 @@ CVE-2011-4089 (The bzexe command in bzip2 1.0.5 and earlier generates compressed - bzip2 1.0.6-1 (low; bug #632862) [squeeze] - bzip2 1.0.5-6+squeeze1 [lenny] - bzip2 <no-dsa> (Minor issue) -CVE-2011-4088 - RESERVED +CVE-2011-4088 (ABRT might allow attackers to obtain sensitive information from crash ...) NOT-FOR-US: abrt/libreport CVE-2011-4087 (The br_parse_ip_options function in net/bridge/br_netfilter.c in the L ...) - linux-2.6 3.0.0-1 diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 1ae65aec10..2a2a4300cc 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -6156,16 +6156,16 @@ CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterpri NOT-FOR-US: Good for Enterprise app for iOS CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in th ...) NOT-FOR-US: DotNetNuke -CVE-2013-5116 - RESERVED +CVE-2013-5116 (Evernote prior to 5.5.1 has insecure password change ...) + TODO: check CVE-2013-5115 RESERVED -CVE-2013-5114 - RESERVED -CVE-2013-5113 - RESERVED -CVE-2013-5112 - RESERVED +CVE-2013-5114 (LastPass prior to 2.5.1 allows secure wipe bypass. ...) + TODO: check +CVE-2013-5113 (LastPass prior to 2.5.1 has an insecure PIN implementation. ...) + TODO: check +CVE-2013-5112 (Evernote before 5.5.1 has insecure PIN storage ...) + TODO: check CVE-2013-5111 RESERVED CVE-2013-5110 @@ -10519,10 +10519,10 @@ CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the NOT-FOR-US: WordPress plugin sharebar CVE-2013-3490 RESERVED -CVE-2013-3489 - RESERVED -CVE-2013-3488 - RESERVED +CVE-2013-3489 (Buffer overflow in Media Player Classic - Home Cinema (MPC-HC) before ...) + TODO: check +CVE-2013-3488 (Stack-based buffer overflow in Media Player Classic - Home Cinema (MPC ...) + TODO: check CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security lo ...) NOT-FOR-US: BulletProof Security plugin for WordPress CVE-2013-3486 (IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerabilit ...) @@ -10867,8 +10867,8 @@ CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.20 NOT-FOR-US: Adobe Flash Player CVE-2013-3323 RESERVED -CVE-2013-3322 - RESERVED +CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...) + TODO: check CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...) NOT-FOR-US: NetApp CVE-2013-3320 (Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Ma ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 31788a25fc..0e2510f3fd 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -14365,12 +14365,10 @@ CVE-2014-4862 (The Netmaster CBW700N cable modem with software 81.447.392110.729 NOT-FOR-US: Netmaster CBW700N cable modem CVE-2014-4861 (The Remote Desktop Launcher in Thycotic Secret Server before 8.6.00001 ...) NOT-FOR-US: Remote Desktop Launcher in Thycotic Secret Server -CVE-2014-4860 - RESERVED +CVE-2014-4860 (Multiple integer overflows in the Pre-EFI Initialization (PEI) boot ph ...) - edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests) NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf -CVE-2014-4859 - RESERVED +CVE-2014-4859 (Integer overflow in the Drive Execution Environment (DXE) phase in the ...) - edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests) NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf CVE-2014-4858 (Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCe ...) @@ -19714,8 +19712,8 @@ CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does not properly validate X.50 NOT-FOR-US: Cyberduck on Windows CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure ...) NOT-FOR-US: F-Secure Messaging Secure Gateway -CVE-2014-2843 - RESERVED +CVE-2014-2843 (Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1 ...) + TODO: check CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a de ...) NOT-FOR-US: Juniper ScreenOS CVE-2014-2841 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 666f045255..61264befa6 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -2346,8 +2346,8 @@ CVE-2019-19552 (In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS ex NOT-FOR-US: FreePBX CVE-2019-19551 (In userman 13.0.76.43 through 15.0.20 in Sangoma FreePBX, XSS exists i ...) NOT-FOR-US: FreePBX -CVE-2019-19550 - RESERVED +CVE-2019-19550 (Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 ...) + TODO: check CVE-2019-19549 RESERVED CVE-2019-19548 (Norton Power Eraser, prior to 5.3.0.67, may be susceptible to a privil ...) @@ -5200,8 +5200,8 @@ CVE-2019-18414 (Sourcecodester Restaurant Management System 1.0 is affected by a NOT-FOR-US: Sourcecodester Restaurant Management System CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation can b ...) NOT-FOR-US: TypeStack class-validator -CVE-2019-18412 - REJECTED +CVE-2019-18412 (JetBrains IDETalk plugin before version 193.4099.10 allows XXE ...) + TODO: check CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the ...) NOT-FOR-US: Zoho ManageEngine CVE-2019-18410 @@ -40977,8 +40977,8 @@ CVE-2019-4722 RESERVED CVE-2019-4721 RESERVED -CVE-2019-4720 - RESERVED +CVE-2019-4720 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...) + TODO: check CVE-2019-4719 RESERVED CVE-2019-4718 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 838f26fb07..71876c402c 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,5 @@ +CVE-2020-8501 + RESERVED CVE-2020-8500 RESERVED CVE-2020-8499 @@ -125,8 +127,8 @@ CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible - ossec-hids <itp> (bug #361954) CVE-2020-8441 RESERVED -CVE-2020-8440 - RESERVED +CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is ...) + TODO: check CVE-2020-8439 RESERVED CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...) @@ -163,8 +165,8 @@ CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF th NOT-FOR-US: Cups Easy (Purchase & Inventory) CVE-2020-8423 RESERVED -CVE-2020-8422 - RESERVED +CVE-2020-8422 (An authorization issue was discovered in the Credential Manager featur ...) + TODO: check CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...) NOT-FOR-US: Joomla! CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...) @@ -1110,10 +1112,10 @@ CVE-2020-7958 RESERVED CVE-2020-7957 RESERVED -CVE-2020-7956 - RESERVED -CVE-2020-7955 - RESERVED +CVE-2020-7956 (HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validate ...) + TODO: check +CVE-2020-7955 (HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uni ...) + TODO: check CVE-2020-7954 RESERVED CVE-2020-7953 @@ -1194,8 +1196,8 @@ CVE-2020-7916 RESERVED CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI fie ...) NOT-FOR-US: Eaton devices -CVE-2020-7914 - RESERVED +CVE-2020-7914 (In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfigur ...) + TODO: check CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...) NOT-FOR-US: JetBrains CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could ...) @@ -2604,10 +2606,10 @@ CVE-2020-7221 RESERVED CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...) NOT-FOR-US: HashiCorp Vault -CVE-2020-7219 - RESERVED -CVE-2020-7218 - RESERVED +CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...) + TODO: check +CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounded res ...) + TODO: check CVE-2020-7217 RESERVED CVE-2020-7216 @@ -6705,8 +6707,8 @@ CVE-2020-5236 RESERVED CVE-2020-5235 RESERVED -CVE-2020-5234 - RESERVED +CVE-2020-5234 (MessagePack for C# and Unity before version 1.9.3 and 2.1.80 has a vul ...) + TODO: check CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...) NOT-FOR-US: OAuth2 Proxy CVE-2020-5232 (A user who owns an ENS domain can set a trapdoor, allowing them to tra ...) |