automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-02-18 20:10:25 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-02-18 20:10:25 +0000
commit: dddc605831b1e59b08a12443e3c382a7d8261a36 (patch)
tree: 358bb7640cd8733800a3e99d10a51a194a780657
parent: 3b0f654f8871a12186ac2af77502581e89363a68 (diff)
7 files changed, 510 insertions, 64 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index d931e76ccf..d56eb7dc9b 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -53,7 +53,7 @@ CVE-2009-5147 (DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchle
 	NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220
 	NOTE: DL has been replaced in 2.2 with Fiddle which has the same problem according to maintainer.
 CVE-2009-5146 [memory leak in hostname TLS extension]
-	RESERVED
+	REJECTED
 	- openssl 0.9.8k-1
 	NOTE: Fixed by: https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424 (OpenSSL_0_9_8k)
 	NOTE: Introduced by: https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315 (OpenSSL_0_9_8f)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index f356caa80c..4b3204d264 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -14732,8 +14732,8 @@ CVE-2012-0720 (Cross-site scripting (XSS) vulnerability in the Integration Solut
 	NOT-FOR-US: IBM WebSphere Application
 CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manage ...)
 	NOT-FOR-US: IBM Tivoli Endpoint Manager
-CVE-2012-0718
-	RESERVED
+CVE-2012-0718 (IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookie ...)
+	TODO: check
 CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain S ...)
 	NOT-FOR-US: IBM WebSphere Application Server
 CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index e27dd5420d..7e379a9ac2 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -3412,8 +3412,8 @@ CVE-2013-6297
 	RESERVED
 CVE-2013-6296
 	RESERVED
-CVE-2013-6295
-	RESERVED
+CVE-2013-6295 (PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman acc ...)
+	TODO: check
 CVE-2013-6294
 	RESERVED
 CVE-2013-6293
@@ -5135,8 +5135,8 @@ CVE-2013-5595 (The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR
 	[wheezy] - iceape <end-of-life>
 	- icedove 17.0.10-1
 	- iceape <removed>
-CVE-2013-5594
-	RESERVED
+CVE-2013-5594 (Mozilla Firefox before 25 allows modification of anonymous content of  ...)
+	TODO: check
 CVE-2013-5593 (The SELECT element implementation in Mozilla Firefox before 25.0, Fire ...)
 	- iceweasel 24.1.0esr-1
 	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
@@ -7860,8 +7860,7 @@ CVE-2013-4456
 	RESERVED
 CVE-2013-4455 (Katello Installer before 0.0.18 uses world-readable permissions for /e ...)
 	NOT-FOR-US: Katello
-CVE-2013-4454
-	RESERVED
+CVE-2013-4454 (WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypas ...)
 	NOT-FOR-US: WordPress plugin
 CVE-2013-4453 (Cross-site scripting (XSS) vulnerability in templates/login.php in LDA ...)
 	- ldap-account-manager 4.4-1 (medium; bug #726976)
@@ -8661,14 +8660,11 @@ CVE-2013-4230 (The mm_webform submodule in the Monster Menus module 6.x-6.x befo
 	NOT-FOR-US: Monster Menus Drupal contributed module
 CVE-2013-4229 (Cross-site scripting (XSS) vulnerability in the Monster Menus module 7 ...)
 	NOT-FOR-US: Monster Menus Drupal contributed module
-CVE-2013-4228
-	RESERVED
+CVE-2013-4228 (The OG access fields (visibility fields) implementation in Organic Gro ...)
 	NOT-FOR-US: Organic Group Drupal contributed module
-CVE-2013-4227
-	RESERVED
+CVE-2013-4227 (Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_to ...)
 	NOT-FOR-US: Persona Drupal contributed module
-CVE-2013-4226
-	RESERVED
+CVE-2013-4226 (The Authenticated User Page Caching (Authcache) module 7.x-1.x before  ...)
 	NOT-FOR-US: Authenticated User Page Caching Drupal contributed module
 CVE-2013-4225 (The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7. ...)
 	NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
@@ -10839,8 +10835,8 @@ CVE-2013-3325 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.20
 	NOT-FOR-US: Adobe Flash Player
 CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on  ...)
 	NOT-FOR-US: Adobe Flash Player
-CVE-2013-3323
-	RESERVED
+CVE-2013-3323 (A Privilege Escalation Vulnerability exists in IBM Maximo Asset Manage ...)
+	TODO: check
 CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...)
 	NOT-FOR-US: NetApp OnCommand System Manager
 CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...)
@@ -12409,8 +12405,8 @@ CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Byp
 	NOT-FOR-US: Cisco
 CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartex ...)
 	NOT-FOR-US: Cisco
-CVE-2013-2679
-	RESERVED
+CVE-2013-2679 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E ...)
+	TODO: check
 CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...)
 	NOT-FOR-US: Cisco
 CVE-2013-2677
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 05c685fb23..8cf855544e 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -14124,12 +14124,10 @@ CVE-2014-4969
 	RESERVED
 CVE-2014-4968 (The WebView class and use of the WebView.addJavascriptInterface method ...)
 	NOT-FOR-US: Boat Browser application for Android
-CVE-2014-4967
-	RESERVED
+CVE-2014-4967 (Multiple argument injection vulnerabilities in Ansible before 1.6.7 al ...)
 	- ansible 1.6.8+dfsg-1
 	NOTE: https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871
-CVE-2014-4966
-	RESERVED
+CVE-2014-4966 (Ansible before 1.6.7 does not prevent inventory data with "{{" and "lo ...)
 	- ansible 1.6.8+dfsg-1
 	NOTE: https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871
 CVE-2014-4965 (Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5  ...)
@@ -14818,8 +14816,7 @@ CVE-2014-4662
 	RESERVED
 CVE-2014-4661 (Cross-site scripting (XSS) vulnerability in HP Records Manager before  ...)
 	NOT-FOR-US: HP Records Manager
-CVE-2014-4651
-	RESERVED
+CVE-2014-4651 (It was found that the jclouds scriptbuilder Statements class wrote a t ...)
 	NOT-FOR-US: JClouds
 CVE-2014-4647 (Stack-based buffer overflow in the loadExtensionFactory method in the  ...)
 	NOT-FOR-US: Embarcadero ER/Studio Data Architect
@@ -16705,8 +16702,8 @@ CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel
 	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
 	- kfreebsd-9 <removed>
 	- kfreebsd-10 10.0-6
-CVE-2014-3879
-	RESERVED
+CVE-2014-3879 (OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error ...)
+	TODO: check
 CVE-2014-3878 (Multiple cross-site scripting (XSS) vulnerabilities in the web client  ...)
 	NOT-FOR-US: IPSwitch IMail
 CVE-2014-3877 (Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, ...)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 6d529578f3..b1cf31c655 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -6118,8 +6118,7 @@ CVE-2015-7569 (SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yea
 	NOT-FOR-US: Yeager CMS
 CVE-2015-7568 (SQL injection vulnerability in the password recovery feature in Yeager ...)
 	NOT-FOR-US: Yeager CMS
-CVE-2015-7567
-	RESERVED
+CVE-2015-7567 (SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attacker ...)
 	NOT-FOR-US: Yeager CMS
 CVE-2015-7566 (The clie_5_attach function in drivers/usb/serial/visor.c in the Linux  ...)
 	{DSA-3448-1 DLA-412-1}
@@ -6367,24 +6366,21 @@ CVE-2015-7508 (Heap-based buffer overflow in the bmp_decode_rle function in libn
 	- netsurf 3.2+dfsg-3 (bug #810491)
 	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
 	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
-CVE-2015-7507 [out-of-bounds read]
-	RESERVED
+CVE-2015-7507 (libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cau ...)
 	- libnsbmp <removed>
 	[squeeze] - libnsbmp <no-dsa> (Library not used anywhere in Debian)
 	NOTE: http://source.netsurf-browser.org/libnsbmp.git/commit/?id=49427b52ba41a1813e3822301612e2e170107efd
 	- netsurf 3.2+dfsg-3 (bug #810491)
 	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
 	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
-CVE-2015-7506 [out-of-bounds read]
-	RESERVED
+CVE-2015-7506 (The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows conte ...)
 	- libnsgif <removed>
 	[squeeze] - libnsgif <no-dsa> (Library not used anywhere in Debian)
 	NOTE: http://source.netsurf-browser.org/libnsgif.git/commit/?id=088fa0819f1aeaf212a95caf7393a38c1640b5f0
 	- netsurf 3.2+dfsg-3 (bug #810491)
 	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
 	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
-CVE-2015-7505 [stack overflow]
-	RESERVED
+CVE-2015-7505 (Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c ...)
 	- libnsgif <removed>
 	[squeeze] - libnsgif <no-dsa> (Library not used anywhere in Debian)
 	NOTE: http://source.netsurf-browser.org/libnsgif.git/commit/?id=a268d2c15252ac58c19f1b19771822c66bcf73b2
@@ -7687,8 +7683,8 @@ CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Rea
 	NOT-FOR-US: Openfire
 CVE-2015-6971 (Lenovo System Update (formerly ThinkVantage System Update) before 5.07 ...)
 	NOT-FOR-US: Lenovo
-CVE-2015-6970
-	RESERVED
+CVE-2015-6970 (The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night ...)
+	TODO: check
 CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 ...)
 	- serendipity <removed>
 CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the serendipity_isAct ...)
@@ -23214,8 +23210,8 @@ CVE-2015-1430 (Buffer overflow in xymon 4.3.17-1. ...)
 	[wheezy] - xymon <not-affected> (Vulnerable code not present)
 	NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/
 	NOTE: http://www.openwall.com/lists/oss-security/2015/01/30/17
-CVE-2015-1425
-	RESERVED
+CVE-2015-1425 (JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities ...)
+	TODO: check
 CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2 ...)
 	NOT-FOR-US: Gecko CMS
 CVE-2015-1423 (Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow  ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 83208303cb..e89ae29aeb 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -5525,8 +5525,8 @@ CVE-2019-18354
 	RESERVED
 CVE-2019-18353
 	RESERVED
-CVE-2019-18352
-	RESERVED
+CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices  ...)
+	TODO: check
 CVE-2019-18351
 	RESERVED
 CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET  ...)
@@ -11162,6 +11162,7 @@ CVE-2019-15963
 CVE-2019-15962 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...)
 	NOT-FOR-US: Cisco
 CVE-2019-15961 (A vulnerability in the email parsing module Clam AntiVirus (ClamAV) So ...)
+	{DLA-2108-1}
 	- clamav 0.102.1+dfsg-1 (bug #945265)
 	[buster] - clamav 0.102.1+dfsg-0+deb10u1
 	[stretch] - clamav 0.102.1+dfsg-0+deb9u2
@@ -11416,8 +11417,8 @@ CVE-2019-15877
 	RESERVED
 CVE-2019-15876
 	RESERVED
-CVE-2019-15875
-	RESERVED
+CVE-2019-15875 (In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEAS ...)
+	TODO: check
 CVE-2019-15874
 	RESERVED
 CVE-2019-15873 (The profilegrid-user-profiles-groups-and-communities plugin before 2.8 ...)
@@ -25161,16 +25162,16 @@ CVE-2019-10797
 	RESERVED
 CVE-2019-10796
 	RESERVED
-CVE-2019-10795
-	RESERVED
-CVE-2019-10794
-	RESERVED
-CVE-2019-10793
-	RESERVED
-CVE-2019-10792
-	RESERVED
-CVE-2019-10791
-	RESERVED
+CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...)
+	TODO: check
+CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype Pollutio ...)
+	TODO: check
+CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set  ...)
+	TODO: check
+CVE-2019-10792 (bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler ...)
+	TODO: check
+CVE-2019-10791 (promise-probe before 0.10.0 allows remote attackers to perform a comma ...)
+	TODO: check
 CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding additional proper ...)
 	TODO: check
 CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...)
@@ -39387,8 +39388,8 @@ CVE-2019-5615 (Users with Site-level permissions can access files containing the
 	NOT-FOR-US: Rapid7 InsightVM
 CVE-2019-5614
 	RESERVED
-CVE-2019-5613
-	RESERVED
+CVE-2019-5613 (In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in th ...)
+	TODO: check
 CVE-2019-5612 (In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEAS ...)
 	- kfreebsd-10 <unfixed> (unimportant)
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:23.midi.asc
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 5831e93f5c..3611882345 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,459 @@
+CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...)
+	TODO: check
+CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via  ...)
+	TODO: check
+CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...)
+	TODO: check
+CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause,  ...)
+	TODO: check
+CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...)
+	TODO: check
+CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...)
+	TODO: check
+CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...)
+	TODO: check
+CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass  ...)
+	TODO: check
+CVE-2020-9263
+	RESERVED
+CVE-2020-9262
+	RESERVED
+CVE-2020-9261
+	RESERVED
+CVE-2020-9260
+	RESERVED
+CVE-2020-9259
+	RESERVED
+CVE-2020-9258
+	RESERVED
+CVE-2020-9257
+	RESERVED
+CVE-2020-9256
+	RESERVED
+CVE-2020-9255
+	RESERVED
+CVE-2020-9254
+	RESERVED
+CVE-2020-9253
+	RESERVED
+CVE-2020-9252
+	RESERVED
+CVE-2020-9251
+	RESERVED
+CVE-2020-9250
+	RESERVED
+CVE-2020-9249
+	RESERVED
+CVE-2020-9248
+	RESERVED
+CVE-2020-9247
+	RESERVED
+CVE-2020-9246
+	RESERVED
+CVE-2020-9245
+	RESERVED
+CVE-2020-9244
+	RESERVED
+CVE-2020-9243
+	RESERVED
+CVE-2020-9242
+	RESERVED
+CVE-2020-9241
+	RESERVED
+CVE-2020-9240
+	RESERVED
+CVE-2020-9239
+	RESERVED
+CVE-2020-9238
+	RESERVED
+CVE-2020-9237
+	RESERVED
+CVE-2020-9236
+	RESERVED
+CVE-2020-9235
+	RESERVED
+CVE-2020-9234
+	RESERVED
+CVE-2020-9233
+	RESERVED
+CVE-2020-9232
+	RESERVED
+CVE-2020-9231
+	RESERVED
+CVE-2020-9230
+	RESERVED
+CVE-2020-9229
+	RESERVED
+CVE-2020-9228
+	RESERVED
+CVE-2020-9227
+	RESERVED
+CVE-2020-9226
+	RESERVED
+CVE-2020-9225
+	RESERVED
+CVE-2020-9224
+	RESERVED
+CVE-2020-9223
+	RESERVED
+CVE-2020-9222
+	RESERVED
+CVE-2020-9221
+	RESERVED
+CVE-2020-9220
+	RESERVED
+CVE-2020-9219
+	RESERVED
+CVE-2020-9218
+	RESERVED
+CVE-2020-9217
+	RESERVED
+CVE-2020-9216
+	RESERVED
+CVE-2020-9215
+	RESERVED
+CVE-2020-9214
+	RESERVED
+CVE-2020-9213
+	RESERVED
+CVE-2020-9212
+	RESERVED
+CVE-2020-9211
+	RESERVED
+CVE-2020-9210
+	RESERVED
+CVE-2020-9209
+	RESERVED
+CVE-2020-9208
+	RESERVED
+CVE-2020-9207
+	RESERVED
+CVE-2020-9206
+	RESERVED
+CVE-2020-9205
+	RESERVED
+CVE-2020-9204
+	RESERVED
+CVE-2020-9203
+	RESERVED
+CVE-2020-9202
+	RESERVED
+CVE-2020-9201
+	RESERVED
+CVE-2020-9200
+	RESERVED
+CVE-2020-9199
+	RESERVED
+CVE-2020-9198
+	RESERVED
+CVE-2020-9197
+	RESERVED
+CVE-2020-9196
+	RESERVED
+CVE-2020-9195
+	RESERVED
+CVE-2020-9194
+	RESERVED
+CVE-2020-9193
+	RESERVED
+CVE-2020-9192
+	RESERVED
+CVE-2020-9191
+	RESERVED
+CVE-2020-9190
+	RESERVED
+CVE-2020-9189
+	RESERVED
+CVE-2020-9188
+	RESERVED
+CVE-2020-9187
+	RESERVED
+CVE-2020-9186
+	RESERVED
+CVE-2020-9185
+	RESERVED
+CVE-2020-9184
+	RESERVED
+CVE-2020-9183
+	RESERVED
+CVE-2020-9182
+	RESERVED
+CVE-2020-9181
+	RESERVED
+CVE-2020-9180
+	RESERVED
+CVE-2020-9179
+	RESERVED
+CVE-2020-9178
+	RESERVED
+CVE-2020-9177
+	RESERVED
+CVE-2020-9176
+	RESERVED
+CVE-2020-9175
+	RESERVED
+CVE-2020-9174
+	RESERVED
+CVE-2020-9173
+	RESERVED
+CVE-2020-9172
+	RESERVED
+CVE-2020-9171
+	RESERVED
+CVE-2020-9170
+	RESERVED
+CVE-2020-9169
+	RESERVED
+CVE-2020-9168
+	RESERVED
+CVE-2020-9167
+	RESERVED
+CVE-2020-9166
+	RESERVED
+CVE-2020-9165
+	RESERVED
+CVE-2020-9164
+	RESERVED
+CVE-2020-9163
+	RESERVED
+CVE-2020-9162
+	RESERVED
+CVE-2020-9161
+	RESERVED
+CVE-2020-9160
+	RESERVED
+CVE-2020-9159
+	RESERVED
+CVE-2020-9158
+	RESERVED
+CVE-2020-9157
+	RESERVED
+CVE-2020-9156
+	RESERVED
+CVE-2020-9155
+	RESERVED
+CVE-2020-9154
+	RESERVED
+CVE-2020-9153
+	RESERVED
+CVE-2020-9152
+	RESERVED
+CVE-2020-9151
+	RESERVED
+CVE-2020-9150
+	RESERVED
+CVE-2020-9149
+	RESERVED
+CVE-2020-9148
+	RESERVED
+CVE-2020-9147
+	RESERVED
+CVE-2020-9146
+	RESERVED
+CVE-2020-9145
+	RESERVED
+CVE-2020-9144
+	RESERVED
+CVE-2020-9143
+	RESERVED
+CVE-2020-9142
+	RESERVED
+CVE-2020-9141
+	RESERVED
+CVE-2020-9140
+	RESERVED
+CVE-2020-9139
+	RESERVED
+CVE-2020-9138
+	RESERVED
+CVE-2020-9137
+	RESERVED
+CVE-2020-9136
+	RESERVED
+CVE-2020-9135
+	RESERVED
+CVE-2020-9134
+	RESERVED
+CVE-2020-9133
+	RESERVED
+CVE-2020-9132
+	RESERVED
+CVE-2020-9131
+	RESERVED
+CVE-2020-9130
+	RESERVED
+CVE-2020-9129
+	RESERVED
+CVE-2020-9128
+	RESERVED
+CVE-2020-9127
+	RESERVED
+CVE-2020-9126
+	RESERVED
+CVE-2020-9125
+	RESERVED
+CVE-2020-9124
+	RESERVED
+CVE-2020-9123
+	RESERVED
+CVE-2020-9122
+	RESERVED
+CVE-2020-9121
+	RESERVED
+CVE-2020-9120
+	RESERVED
+CVE-2020-9119
+	RESERVED
+CVE-2020-9118
+	RESERVED
+CVE-2020-9117
+	RESERVED
+CVE-2020-9116
+	RESERVED
+CVE-2020-9115
+	RESERVED
+CVE-2020-9114
+	RESERVED
+CVE-2020-9113
+	RESERVED
+CVE-2020-9112
+	RESERVED
+CVE-2020-9111
+	RESERVED
+CVE-2020-9110
+	RESERVED
+CVE-2020-9109
+	RESERVED
+CVE-2020-9108
+	RESERVED
+CVE-2020-9107
+	RESERVED
+CVE-2020-9106
+	RESERVED
+CVE-2020-9105
+	RESERVED
+CVE-2020-9104
+	RESERVED
+CVE-2020-9103
+	RESERVED
+CVE-2020-9102
+	RESERVED
+CVE-2020-9101
+	RESERVED
+CVE-2020-9100
+	RESERVED
+CVE-2020-9099
+	RESERVED
+CVE-2020-9098
+	RESERVED
+CVE-2020-9097
+	RESERVED
+CVE-2020-9096
+	RESERVED
+CVE-2020-9095
+	RESERVED
+CVE-2020-9094
+	RESERVED
+CVE-2020-9093
+	RESERVED
+CVE-2020-9092
+	RESERVED
+CVE-2020-9091
+	RESERVED
+CVE-2020-9090
+	RESERVED
+CVE-2020-9089
+	RESERVED
+CVE-2020-9088
+	RESERVED
+CVE-2020-9087
+	RESERVED
+CVE-2020-9086
+	RESERVED
+CVE-2020-9085
+	RESERVED
+CVE-2020-9084
+	RESERVED
+CVE-2020-9083
+	RESERVED
+CVE-2020-9082
+	RESERVED
+CVE-2020-9081
+	RESERVED
+CVE-2020-9080
+	RESERVED
+CVE-2020-9079
+	RESERVED
+CVE-2020-9078
+	RESERVED
+CVE-2020-9077
+	RESERVED
+CVE-2020-9076
+	RESERVED
+CVE-2020-9075
+	RESERVED
+CVE-2020-9074
+	RESERVED
+CVE-2020-9073
+	RESERVED
+CVE-2020-9072
+	RESERVED
+CVE-2020-9071
+	RESERVED
+CVE-2020-9070
+	RESERVED
+CVE-2020-9069
+	RESERVED
+CVE-2020-9068
+	RESERVED
+CVE-2020-9067
+	RESERVED
+CVE-2020-9066
+	RESERVED
+CVE-2020-9065
+	RESERVED
+CVE-2020-9064
+	RESERVED
+CVE-2020-9063
+	RESERVED
+CVE-2020-9062
+	RESERVED
+CVE-2020-9061
+	RESERVED
+CVE-2020-9060
+	RESERVED
+CVE-2020-9059
+	RESERVED
+CVE-2020-9058
+	RESERVED
+CVE-2020-9057
+	RESERVED
+CVE-2020-9056
+	RESERVED
+CVE-2020-9055
+	RESERVED
+CVE-2020-9054
+	RESERVED
+CVE-2020-9053
+	RESERVED
+CVE-2020-9052
+	RESERVED
+CVE-2020-9051
+	RESERVED
+CVE-2020-9050
+	RESERVED
+CVE-2020-9049
+	RESERVED
+CVE-2020-9048
+	RESERVED
+CVE-2020-9047
+	RESERVED
+CVE-2020-9046
+	RESERVED
+CVE-2020-9045
+	RESERVED
+CVE-2020-9044
+	RESERVED
 CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...)
 	NOT-FOR-US: wpCentral plugin for WordPress
 CVE-2020-9042
@@ -94,7 +550,7 @@ CVE-2020-9000
 CVE-2020-8999
 	RESERVED
 CVE-2020-8998
-	RESERVED
+	REJECTED
 CVE-2020-8997 (Abbott FreeStyle Libre 14-day before February 2020 and FreeStyle Libre ...)
 	NOT-FOR-US: Abbott FreeStyle Libre
 CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to read  ...)
@@ -3320,8 +3776,8 @@ CVE-2020-7452
 	RESERVED
 CVE-2020-7451
 	RESERVED
-CVE-2020-7450
-	RESERVED
+CVE-2020-7450 (In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEAS ...)
+	TODO: check
 CVE-2020-7449
 	RESERVED
 CVE-2020-7448
@@ -4622,10 +5078,10 @@ CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is
 	NOT-FOR-US: OpenTrade
 CVE-2020-6846
 	RESERVED
-CVE-2020-6845
-	RESERVED
-CVE-2020-6844
-	RESERVED
+CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no ReadOnly ...)
+	TODO: check
+CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vulnerab ...)
+	TODO: check
 CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...)
 	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
 CVE-2020-6842
@@ -14760,13 +15216,13 @@ CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Mal
 CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...)
 	NOT-FOR-US: Apache Superset
 CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin prior to 3. ...)
-	{DSA-4615-1}
+	{DSA-4615-1 DLA-2107-1}
 	- spamassassin 3.4.4~rc1-1 (bug #950258)
 	NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2
 	NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784 (restricted)
 CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin prior to 3. ...)
-	{DSA-4615-1}
+	{DSA-4615-1 DLA-2107-1}
 	- spamassassin 3.4.4~rc1-1 (bug #950258)
 	NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3
author	security tracker role <sectracker@soriano.debian.org>	2020-02-18 20:10:25 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-02-18 20:10:25 +0000
commit	dddc605831b1e59b08a12443e3c382a7d8261a36 (patch)
tree	358bb7640cd8733800a3e99d10a51a194a780657
parent	3b0f654f8871a12186ac2af77502581e89363a68 (diff)