automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-01-10 08:10:31 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-01-10 08:10:31 +0000
commit: ec829131516433df332116a9f4700c41f4b6e98e (patch)
tree: 3ccaf7cf6ed7c8e0f7f2377a07a4a283ecf24ceb
parent: 6aaf23a9227de452daceb1618d7fa61a14408fe0 (diff)
6 files changed, 119 insertions, 88 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index eaff0a4dda..dec6a60208 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -5143,8 +5143,7 @@ CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH)
 	NOT-FOR-US: HP System Management Homepage
 CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage (SMH) bef ...)
 	NOT-FOR-US: HP System Management Homepage
-CVE-2010-3282
-	RESERVED
+CVE-2010-3282 (389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) ...)
 	NOT-FOR-US: Red Hat Directory Server
 CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucen ...)
 	NOT-FOR-US: Alcatel-Lucent OmniVista
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 83f2e42d52..fc437cc313 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -2979,8 +2979,8 @@ CVE-2012-5560 (The default configuration in mate-settings-daemon 1.5.3 allows lo
 	NOTE: https://github.com/mate-desktop/mate-settings-daemon/commit/c7d634acd12814a1fe298118e65f1c688b3a9f74#diff-52ccb9f1be1c09e2f24b64d37b56c2f4
 CVE-2012-5559 (Cross-site scripting (XSS) vulnerability in the page manager node view ...)
 	NOT-FOR-US: Drupal chaos tool addon
-CVE-2012-5558
-	RESERVED
+CVE-2012-5558 (Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x  ...)
+	TODO: check
 CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7. ...)
 	NOT-FOR-US: Drupal contributed-module
 CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the REST ...)
@@ -5587,8 +5587,7 @@ CVE-2012-4435 (fwknop before 2.0.3 does not properly validate IP addresses, whic
 	[wheezy] - fwknop 2.0.0rc2-2+deb7u1
 	NOTE: http://seclists.org/oss-sec/2012/q3/509
 	NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=f4c16bc47fc24a96b63105556b62d61c1ba7d799
-CVE-2012-4434 [fwknop 2.0.3: multiple DoS / code execution flaw]
-	RESERVED
+CVE-2012-4434 (fwknop before 2.0.3 allow remote authenticated users to cause a denial ...)
 	- fwknop 2.0.3-1 (bug #688151)
 	[squeeze] - fwknop <not-affected> (Vulnerable code not present)
 	[wheezy] - fwknop 2.0.0rc2-2+deb7u1
@@ -7259,16 +7258,16 @@ CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Ope
 	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
 CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the Wall ...)
 	NOT-FOR-US: Avaya IP Office Customer Call Reporter
-CVE-2012-3810
-	RESERVED
-CVE-2012-3809
-	RESERVED
-CVE-2012-3808
-	RESERVED
-CVE-2012-3807
-	RESERVED
-CVE-2012-3806
-	RESERVED
+CVE-2012-3810 (Samsung Kies before 2.5.0.12094_27_11 has registry modification. ...)
+	TODO: check
+CVE-2012-3809 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modifica ...)
+	TODO: check
+CVE-2012-3808 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. ...)
+	TODO: check
+CVE-2012-3807 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. ...)
+	TODO: check
+CVE-2012-3806 (Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer derefere ...)
+	TODO: check
 CVE-2012-3805 (Multiple cross-site scripting (XSS) vulnerabilities in the getAllPasse ...)
 	NOT-FOR-US: Kajona
 CVE-2012-3804
@@ -7976,8 +7975,7 @@ CVE-2012-3492 (The filesystem authentication (condor_io/condor_auth_fs.cpp) in C
 	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
 CVE-2012-3491 (src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8. ...)
 	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
-CVE-2012-3490
-	RESERVED
+CVE-2012-3490 (The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils ...)
 	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
 CVE-2012-3489 (The xml_parse function in the libxml2 support in the core server compo ...)
 	{DSA-2534-1}
@@ -9301,8 +9299,8 @@ CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earl
 	NOT-FOR-US: Jaow
 CVE-2012-2951
 	REJECTED
-CVE-2012-2950
-	RESERVED
+CVE-2012-2950 (Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local  ...)
+	TODO: check
 CVE-2012-2949 (The ZTE sync_agent program for Android 2.3.4 on the Score M device use ...)
 	NOT-FOR-US: Android
 CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Ast ...)
@@ -9348,8 +9346,8 @@ CVE-2012-2933
 	RESERVED
 CVE-2012-2932 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery  ...)
 	NOT-FOR-US: TinyWebGallery
-CVE-2012-2931
-	RESERVED
+CVE-2012-2931 (PHP code injection in TinyWebGallery before 1.8.8 allows remote authen ...)
+	TODO: check
 CVE-2012-2930 (Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebG ...)
 	NOT-FOR-US: TinyWebGallery
 CVE-2012-2929
@@ -9948,8 +9946,7 @@ CVE-2012-2726 (Cross-site scripting (XSS) vulnerability in the Protest module 6.
 	NOT-FOR-US: Drupal module
 CVE-2012-2725 (classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML mod ...)
 	NOT-FOR-US: Drupal module
-CVE-2012-2724
-	RESERVED
+CVE-2012-2724 (The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-a ...)
 	NOT-FOR-US: Drupal module
 CVE-2012-2723 (Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x ...)
 	NOT-FOR-US: Drupal module
@@ -9969,8 +9966,7 @@ CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment Mo
 	NOT-FOR-US: Drupal module
 CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links function  ...)
 	NOT-FOR-US: Drupal module
-CVE-2012-2714
-	RESERVED
+CVE-2012-2714 (The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drup ...)
 	NOT-FOR-US: Drupal module
 CVE-2012-2713 (Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozi ...)
 	NOT-FOR-US: Drupal module
@@ -11149,8 +11145,8 @@ CVE-2012-2228
 	RESERVED
 CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml before ...)
 	NOT-FOR-US: PluXml
-CVE-2012-2226
-	RESERVED
+CVE-2012-2226 (Invision Power Board before 3.3.1 fails to sanitize user-supplied inpu ...)
+	TODO: check
 CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary code via  ...)
 	NOT-FOR-US: 360zip
 CVE-2012-2224 (Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitra ...)
@@ -11346,8 +11342,7 @@ CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9.
 	- postgresql-8.4 8.4.12-1
 	- php5 5.3.3-1
 	NOTE: Uses the unaffected system libraries since 5.3.3
-CVE-2012-2142 [Insufficient sanitization of escape sequences in the error message]
-	RESERVED
+CVE-2012-2142 (The error function in Error.cc in poppler before 0.21.4 allows remote  ...)
 	- xpdf <not-affected> (uses poppler's Error.cc)
 	- poppler 0.18.4-7  (unimportant; bug #487773)
 	NOTE: poppler upstream patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
@@ -11985,8 +11980,8 @@ CVE-2012-1917 (compose.php in @Mail WebMail Client in AtMail Open-Source before
 	- atmailopen <removed>
 CVE-2012-1916 (@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote a ...)
 	- atmailopen <removed>
-CVE-2012-1915
-	RESERVED
+CVE-2012-1915 (EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_c ...)
+	TODO: check
 CVE-2012-1914
 	RESERVED
 CVE-2012-1913
@@ -13396,14 +13391,14 @@ CVE-2012-1263
 CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi i ...)
 	{DSA-2423-1}
 	- movabletype-opensource 5.1.3+dfsg-1
-CVE-2012-1261
-	RESERVED
-CVE-2012-1260
-	RESERVED
-CVE-2012-1259
-	RESERVED
-CVE-2012-1258
-	RESERVED
+CVE-2012-1261 (Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusion ...)
+	TODO: check
+CVE-2012-1260 (Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in P ...)
+	TODO: check
+CVE-2012-1259 (Multiple SQL injection vulnerabilities in Plixer International Scrutin ...)
+	TODO: check
+CVE-2012-1258 (cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow &amp ...)
+	TODO: check
 CVE-2012-1257 (Pidgin 2.10.0 uses DBUS for certain cleartext communication, which all ...)
 	- pidgin <unfixed> (unimportant)
 	NOTE: Negligible local information disclosure
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 17e686a98d..95b9cee0e6 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -13948,18 +13948,15 @@ CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey
 	- limesurvey <itp> (bug #472802)
 CVE-2014-5014 (The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows  ...)
 	NOT-FOR-US: WordPress Flash Uploader plugin for WordPress
-CVE-2014-5013 [Remote Code Execution (complement of CVE-2014-2383)]
-	RESERVED
+CVE-2014-5013 (DOMPDF before 0.6.2 allows remote code execution, a related issue to C ...)
 	- php-dompdf 0.6.2+dfsg-1 (bug #813849)
 	[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
 	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
-CVE-2014-5012 [Denial Of Service Vector]
-	RESERVED
+CVE-2014-5012 (DOMPDF before 0.6.2 allows denial of service. ...)
 	- php-dompdf 0.6.2+dfsg-1 (bug #813849)
 	[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
 	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
-CVE-2014-5011 [Information Disclosure]
-	RESERVED
+CVE-2014-5011 (DOMPDF before 0.6.2 allows Information Disclosure. ...)
 	- php-dompdf 0.6.2+dfsg-1 (bug #813849)
 	[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
 	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 1023b48a31..5e082e8a59 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -17257,8 +17257,8 @@ CVE-2016-5313 (Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticat
 	NOT-FOR-US: Symantec
 CVE-2016-5312 (Directory traversal vulnerability in the charting component in Symante ...)
 	NOT-FOR-US: Symantec
-CVE-2016-5311
-	RESERVED
+CVE-2016-5311 (A Privilege Escalation vulnerability exists in Symantec Norton Antivir ...)
+	TODO: check
 CVE-2016-5310 (The RAR file parser component in the AntiVirus Decomposer engine in Sy ...)
 	NOT-FOR-US: Symantec
 CVE-2016-5309 (The RAR file parser component in the AntiVirus Decomposer engine in Sy ...)
@@ -17327,7 +17327,7 @@ CVE-2016-5287 (A potentially exploitable use-after-free crash during actor destr
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1309823
 CVE-2016-5286
 	RESERVED
-CVE-2016-5285 (Null pointer dereference vulnerability exists in K11_SignWithSymKey /  ...)
+CVE-2016-5285 (A Null pointer dereference vulnerability exists in Mozilla Network Sec ...)
 	- nss 2:3.25-1
 	NOTE: Fixed by https://hg.mozilla.org/projects/nss/rev/45c047d18ac4
 	NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 3093dc10a8..81605a7e58 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,4 +1,13 @@
-CVE-2019-20373 [ldm privilege escalation]
+CVE-2019-20376 (A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG ...)
+	TODO: check
+CVE-2019-20375 (A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG ...)
+	TODO: check
+CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31 ...)
+	TODO: check
+CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations, allows HT ...)
+	TODO: check
+CVE-2019-20373 (LTSP LDM through 2.18.06 allows fat-client root access because the LDM ...)
+	{DSA-4601-1}
 	- ldm <unfixed> (bug #948538)
 	NOTE: https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba
 	NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/1839431
@@ -399,20 +408,20 @@ CVE-2019-20186
 	RESERVED
 CVE-2019-20185
 	RESERVED
-CVE-2019-20184
-	RESERVED
-CVE-2019-20183
-	RESERVED
-CVE-2019-20182
-	RESERVED
-CVE-2019-20181
-	RESERVED
-CVE-2019-20180
-	RESERVED
-CVE-2019-20179
-	RESERVED
-CVE-2019-20178
-	RESERVED
+CVE-2019-20184 (KeePass 2.4.1 allows CSV injection in the title field of a CSV export. ...)
+	TODO: check
+CVE-2019-20183 (uploadimage.php in Employee Records System 1.0 allows upload and execu ...)
+	TODO: check
+CVE-2019-20182 (The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_titl ...)
+	TODO: check
+CVE-2019-20181 (The awesome-support plugin 5.8.0 for WordPress allows XSS via the post ...)
+	TODO: check
+CVE-2019-20180 (The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV  ...)
+	TODO: check
+CVE-2019-20179 (SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter ...)
+	TODO: check
+CVE-2019-20178 (Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php  ...)
+	TODO: check
 CVE-2019-20177
 	RESERVED
 CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ...)
@@ -3561,25 +3570,25 @@ CVE-2019-18972
 CVE-2019-18971
 	RESERVED
 CVE-2019-18970
-	RESERVED
+	REJECTED
 CVE-2019-18969
-	RESERVED
+	REJECTED
 CVE-2019-18968
-	RESERVED
+	REJECTED
 CVE-2019-18967
-	RESERVED
+	REJECTED
 CVE-2019-18966
-	RESERVED
+	REJECTED
 CVE-2019-18965
-	RESERVED
+	REJECTED
 CVE-2019-18964
-	RESERVED
+	REJECTED
 CVE-2019-18963
-	RESERVED
+	REJECTED
 CVE-2019-18962
-	RESERVED
+	REJECTED
 CVE-2019-18961
-	RESERVED
+	REJECTED
 CVE-2019-18960 (Firecracker vsock implementation buffer overflow in versions 0.18.0 an ...)
 	NOT-FOR-US: AWS Firecracker
 CVE-2019-18959
@@ -3823,8 +3832,8 @@ CVE-2019-18861
 	RESERVED
 CVE-2019-18860
 	RESERVED
-CVE-2019-18859
-	RESERVED
+CVE-2019-18859 (Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. ...)
+	TODO: check
 CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Con ...)
 	NOT-FOR-US: CODESYS 3 web server
 CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and data val ...)
@@ -39376,15 +39385,15 @@ CVE-2019-5211 (The Huawei Share function of P20 phones with versions earlier tha
 CVE-2019-5210 (Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.19 ...)
 	NOT-FOR-US: Huawei
 CVE-2019-5209
-	RESERVED
+	REJECTED
 CVE-2019-5208
-	RESERVED
+	REJECTED
 CVE-2019-5207
-	RESERVED
+	REJECTED
 CVE-2019-5206
-	RESERVED
+	REJECTED
 CVE-2019-5205
-	RESERVED
+	REJECTED
 CVE-2019-5204
 	RESERVED
 CVE-2019-5203
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index a67bd79249..e9bac96f3a 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,4 +1,36 @@
-CVE-2020-6750 [Socks5 Proxy: Proxy on a SocketClient set via set_proxy_resolver ignored]
+CVE-2020-6766
+	RESERVED
+CVE-2020-6765
+	RESERVED
+CVE-2020-6764
+	RESERVED
+CVE-2020-6763
+	RESERVED
+CVE-2020-6762
+	RESERVED
+CVE-2020-6761
+	RESERVED
+CVE-2020-6760
+	RESERVED
+CVE-2020-6759
+	RESERVED
+CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in ...)
+	TODO: check
+CVE-2020-6757 (contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150 ...)
+	TODO: check
+CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (K ...)
+	TODO: check
+CVE-2020-6755
+	RESERVED
+CVE-2020-6754
+	RESERVED
+CVE-2020-6753
+	RESERVED
+CVE-2020-6752
+	RESERVED
+CVE-2020-6751
+	RESERVED
+CVE-2020-6750 (GSocketClient in GNOME GLib through 2.62.4 may occasionally connect di ...)
 	- glib2.0 <unfixed> (bug #948554)
 	[buster] - glib2.0 <not-affected> (Vulnerable code introduced later, regreession from 2.60.0)
 	[stretch] - glib2.0 <not-affected> (Vulnerable code introduced later, regreession from 2.60.0)
@@ -1175,12 +1207,12 @@ CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v
 	NOT-FOR-US: Genexis
 CVE-2020-6169
 	RESERVED
-CVE-2020-6168
-	RESERVED
+CVE-2020-6168 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; Maintenance  ...)
+	TODO: check
 CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; Maintenance  ...)
 	NOT-FOR-US: WordPress plugin
-CVE-2020-6166
-	RESERVED
+CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon &amp; Maintenance  ...)
+	TODO: check
 CVE-2020-6165
 	RESERVED
 CVE-2020-6164
@@ -2503,8 +2535,7 @@ CVE-2020-5506
 	RESERVED
 CVE-2020-5505
 	RESERVED
-CVE-2020-5504
-	RESERVED
+CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists  ...)
 	{DLA-2060-1}
 	- phpmyadmin <unfixed>
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983
author	security tracker role <sectracker@soriano.debian.org>	2020-01-10 08:10:31 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-01-10 08:10:31 +0000
commit	ec829131516433df332116a9f4700c41f4b6e98e (patch)
tree	3ccaf7cf6ed7c8e0f7f2377a07a4a283ecf24ceb
parent	6aaf23a9227de452daceb1618d7fa61a14408fe0 (diff)