diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-10 08:10:31 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-10 08:10:31 +0000 |
commit | ec829131516433df332116a9f4700c41f4b6e98e (patch) | |
tree | 3ccaf7cf6ed7c8e0f7f2377a07a4a283ecf24ceb | |
parent | 6aaf23a9227de452daceb1618d7fa61a14408fe0 (diff) |
automatic update
-rw-r--r-- | data/CVE/2010.list | 3 | ||||
-rw-r--r-- | data/CVE/2012.list | 71 | ||||
-rw-r--r-- | data/CVE/2014.list | 9 | ||||
-rw-r--r-- | data/CVE/2016.list | 6 | ||||
-rw-r--r-- | data/CVE/2019.list | 73 | ||||
-rw-r--r-- | data/CVE/2020.list | 45 |
6 files changed, 119 insertions, 88 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index eaff0a4dda..dec6a60208 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -5143,8 +5143,7 @@ CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH) NOT-FOR-US: HP System Management Homepage CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage (SMH) bef ...) NOT-FOR-US: HP System Management Homepage -CVE-2010-3282 - RESERVED +CVE-2010-3282 (389 Directory Server before 1.2.7.1 (aka Red Hat Directory Server 8.2) ...) NOT-FOR-US: Red Hat Directory Server CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in Alcatel-Lucen ...) NOT-FOR-US: Alcatel-Lucent OmniVista diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 83f2e42d52..fc437cc313 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -2979,8 +2979,8 @@ CVE-2012-5560 (The default configuration in mate-settings-daemon 1.5.3 allows lo NOTE: https://github.com/mate-desktop/mate-settings-daemon/commit/c7d634acd12814a1fe298118e65f1c688b3a9f74#diff-52ccb9f1be1c09e2f24b64d37b56c2f4 CVE-2012-5559 (Cross-site scripting (XSS) vulnerability in the page manager node view ...) NOT-FOR-US: Drupal chaos tool addon -CVE-2012-5558 - RESERVED +CVE-2012-5558 (Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x ...) + TODO: check CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7. ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the REST ...) @@ -5587,8 +5587,7 @@ CVE-2012-4435 (fwknop before 2.0.3 does not properly validate IP addresses, whic [wheezy] - fwknop 2.0.0rc2-2+deb7u1 NOTE: http://seclists.org/oss-sec/2012/q3/509 NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=f4c16bc47fc24a96b63105556b62d61c1ba7d799 -CVE-2012-4434 [fwknop 2.0.3: multiple DoS / code execution flaw] - RESERVED +CVE-2012-4434 (fwknop before 2.0.3 allow remote authenticated users to cause a denial ...) - fwknop 2.0.3-1 (bug #688151) [squeeze] - fwknop <not-affected> (Vulnerable code not present) [wheezy] - fwknop 2.0.0rc2-2+deb7u1 @@ -7259,16 +7258,16 @@ CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Ope [squeeze] - asterisk <not-affected> (Vulnerable code not present) CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the Wall ...) NOT-FOR-US: Avaya IP Office Customer Call Reporter -CVE-2012-3810 - RESERVED -CVE-2012-3809 - RESERVED -CVE-2012-3808 - RESERVED -CVE-2012-3807 - RESERVED -CVE-2012-3806 - RESERVED +CVE-2012-3810 (Samsung Kies before 2.5.0.12094_27_11 has registry modification. ...) + TODO: check +CVE-2012-3809 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modifica ...) + TODO: check +CVE-2012-3808 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. ...) + TODO: check +CVE-2012-3807 (Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. ...) + TODO: check +CVE-2012-3806 (Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer derefere ...) + TODO: check CVE-2012-3805 (Multiple cross-site scripting (XSS) vulnerabilities in the getAllPasse ...) NOT-FOR-US: Kajona CVE-2012-3804 @@ -7976,8 +7975,7 @@ CVE-2012-3492 (The filesystem authentication (condor_io/condor_auth_fs.cpp) in C - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3491 (src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and 7.8. ...) - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) -CVE-2012-3490 - RESERVED +CVE-2012-3490 (The (1) my_popenv_impl and (2) my_spawnv functions in src/condor_utils ...) - condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210) CVE-2012-3489 (The xml_parse function in the libxml2 support in the core server compo ...) {DSA-2534-1} @@ -9301,8 +9299,8 @@ CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earl NOT-FOR-US: Jaow CVE-2012-2951 REJECTED -CVE-2012-2950 - RESERVED +CVE-2012-2950 (Gateway Geomatics MapServer for Windows before 3.0.6 contains a Local ...) + TODO: check CVE-2012-2949 (The ZTE sync_agent program for Android 2.3.4 on the Score M device use ...) NOT-FOR-US: Android CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified Ast ...) @@ -9348,8 +9346,8 @@ CVE-2012-2933 RESERVED CVE-2012-2932 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...) NOT-FOR-US: TinyWebGallery -CVE-2012-2931 - RESERVED +CVE-2012-2931 (PHP code injection in TinyWebGallery before 1.8.8 allows remote authen ...) + TODO: check CVE-2012-2930 (Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebG ...) NOT-FOR-US: TinyWebGallery CVE-2012-2929 @@ -9948,8 +9946,7 @@ CVE-2012-2726 (Cross-site scripting (XSS) vulnerability in the Protest module 6. NOT-FOR-US: Drupal module CVE-2012-2725 (classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML mod ...) NOT-FOR-US: Drupal module -CVE-2012-2724 - RESERVED +CVE-2012-2724 (The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-a ...) NOT-FOR-US: Drupal module CVE-2012-2723 (Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x ...) NOT-FOR-US: Drupal module @@ -9969,8 +9966,7 @@ CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment Mo NOT-FOR-US: Drupal module CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links function ...) NOT-FOR-US: Drupal module -CVE-2012-2714 - RESERVED +CVE-2012-2714 (The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drup ...) NOT-FOR-US: Drupal module CVE-2012-2713 (Cross-site request forgery (CSRF) vulnerability in the BrowserID (Mozi ...) NOT-FOR-US: Drupal module @@ -11149,8 +11145,8 @@ CVE-2012-2228 RESERVED CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml before ...) NOT-FOR-US: PluXml -CVE-2012-2226 - RESERVED +CVE-2012-2226 (Invision Power Board before 3.3.1 fails to sanitize user-supplied inpu ...) + TODO: check CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary code via ...) NOT-FOR-US: 360zip CVE-2012-2224 (Xunlei Thunder before 7.2.6 allows remote attackers to execute arbitra ...) @@ -11346,8 +11342,7 @@ CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before 9. - postgresql-8.4 8.4.12-1 - php5 5.3.3-1 NOTE: Uses the unaffected system libraries since 5.3.3 -CVE-2012-2142 [Insufficient sanitization of escape sequences in the error message] - RESERVED +CVE-2012-2142 (The error function in Error.cc in poppler before 0.21.4 allows remote ...) - xpdf <not-affected> (uses poppler's Error.cc) - poppler 0.18.4-7 (unimportant; bug #487773) NOTE: poppler upstream patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40 @@ -11985,8 +11980,8 @@ CVE-2012-1917 (compose.php in @Mail WebMail Client in AtMail Open-Source before - atmailopen <removed> CVE-2012-1916 (@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote a ...) - atmailopen <removed> -CVE-2012-1915 - RESERVED +CVE-2012-1915 (EllisLab CodeIgniter 2.1.2 allows remote attackers to bypass the xss_c ...) + TODO: check CVE-2012-1914 RESERVED CVE-2012-1913 @@ -13396,14 +13391,14 @@ CVE-2012-1263 CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi i ...) {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 -CVE-2012-1261 - RESERVED -CVE-2012-1260 - RESERVED -CVE-2012-1259 - RESERVED -CVE-2012-1258 - RESERVED +CVE-2012-1261 (Cross-site scripting (XSS) vulnerability in cgi-bin/scrut_fa_exclusion ...) + TODO: check +CVE-2012-1260 (Cross-site scripting (XSS) vulnerability in cgi-bin/userprefs.cgi in P ...) + TODO: check +CVE-2012-1259 (Multiple SQL injection vulnerabilities in Plixer International Scrutin ...) + TODO: check +CVE-2012-1258 (cgi-bin/userprefs.cgi in Plixer International Scrutinizer NetFlow & ...) + TODO: check CVE-2012-1257 (Pidgin 2.10.0 uses DBUS for certain cleartext communication, which all ...) - pidgin <unfixed> (unimportant) NOTE: Negligible local information disclosure diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 17e686a98d..95b9cee0e6 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -13948,18 +13948,15 @@ CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey - limesurvey <itp> (bug #472802) CVE-2014-5014 (The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows ...) NOT-FOR-US: WordPress Flash Uploader plugin for WordPress -CVE-2014-5013 [Remote Code Execution (complement of CVE-2014-2383)] - RESERVED +CVE-2014-5013 (DOMPDF before 0.6.2 allows remote code execution, a related issue to C ...) - php-dompdf 0.6.2+dfsg-1 (bug #813849) [jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1 NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2 -CVE-2014-5012 [Denial Of Service Vector] - RESERVED +CVE-2014-5012 (DOMPDF before 0.6.2 allows denial of service. ...) - php-dompdf 0.6.2+dfsg-1 (bug #813849) [jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1 NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2 -CVE-2014-5011 [Information Disclosure] - RESERVED +CVE-2014-5011 (DOMPDF before 0.6.2 allows Information Disclosure. ...) - php-dompdf 0.6.2+dfsg-1 (bug #813849) [jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1 NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2 diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 1023b48a31..5e082e8a59 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -17257,8 +17257,8 @@ CVE-2016-5313 (Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticat NOT-FOR-US: Symantec CVE-2016-5312 (Directory traversal vulnerability in the charting component in Symante ...) NOT-FOR-US: Symantec -CVE-2016-5311 - RESERVED +CVE-2016-5311 (A Privilege Escalation vulnerability exists in Symantec Norton Antivir ...) + TODO: check CVE-2016-5310 (The RAR file parser component in the AntiVirus Decomposer engine in Sy ...) NOT-FOR-US: Symantec CVE-2016-5309 (The RAR file parser component in the AntiVirus Decomposer engine in Sy ...) @@ -17327,7 +17327,7 @@ CVE-2016-5287 (A potentially exploitable use-after-free crash during actor destr NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1309823 CVE-2016-5286 RESERVED -CVE-2016-5285 (Null pointer dereference vulnerability exists in K11_SignWithSymKey / ...) +CVE-2016-5285 (A Null pointer dereference vulnerability exists in Mozilla Network Sec ...) - nss 2:3.25-1 NOTE: Fixed by https://hg.mozilla.org/projects/nss/rev/45c047d18ac4 NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1306103 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 3093dc10a8..81605a7e58 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,4 +1,13 @@ -CVE-2019-20373 [ldm privilege escalation] +CVE-2019-20376 (A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG ...) + TODO: check +CVE-2019-20375 (A cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG ...) + TODO: check +CVE-2019-20374 (A mutation cross-site scripting (XSS) issue in Typora through 0.9.9.31 ...) + TODO: check +CVE-2019-20372 (NGINX before 1.17.7, with certain error_page configurations, allows HT ...) + TODO: check +CVE-2019-20373 (LTSP LDM through 2.18.06 allows fat-client root access because the LDM ...) + {DSA-4601-1} - ldm <unfixed> (bug #948538) NOTE: https://git.launchpad.net/~ltsp-upstream/ltsp/+git/ldm/commit/?id=c351ac69ef63ed6c84221cef73e409059661b8ba NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/1839431 @@ -399,20 +408,20 @@ CVE-2019-20186 RESERVED CVE-2019-20185 RESERVED -CVE-2019-20184 - RESERVED -CVE-2019-20183 - RESERVED -CVE-2019-20182 - RESERVED -CVE-2019-20181 - RESERVED -CVE-2019-20180 - RESERVED -CVE-2019-20179 - RESERVED -CVE-2019-20178 - RESERVED +CVE-2019-20184 (KeePass 2.4.1 allows CSV injection in the title field of a CSV export. ...) + TODO: check +CVE-2019-20183 (uploadimage.php in Employee Records System 1.0 allows upload and execu ...) + TODO: check +CVE-2019-20182 (The FooGallery plugin 1.8.12 for WordPress allow XSS via the post_titl ...) + TODO: check +CVE-2019-20181 (The awesome-support plugin 5.8.0 for WordPress allows XSS via the post ...) + TODO: check +CVE-2019-20180 (The TablePress plugin 1.9.2 for WordPress allows tablepress[data] CSV ...) + TODO: check +CVE-2019-20179 (SOPlanning 1.45 has SQL injection via the user_list.php "by" parameter ...) + TODO: check +CVE-2019-20178 (Advisto PEEL Shopping 9.2.1 has CSRF via administrer/utilisateurs.php ...) + TODO: check CVE-2019-20177 RESERVED CVE-2019-20176 (In Pure-FTPd 1.0.49, a stack exhaustion issue was discovered in the li ...) @@ -3561,25 +3570,25 @@ CVE-2019-18972 CVE-2019-18971 RESERVED CVE-2019-18970 - RESERVED + REJECTED CVE-2019-18969 - RESERVED + REJECTED CVE-2019-18968 - RESERVED + REJECTED CVE-2019-18967 - RESERVED + REJECTED CVE-2019-18966 - RESERVED + REJECTED CVE-2019-18965 - RESERVED + REJECTED CVE-2019-18964 - RESERVED + REJECTED CVE-2019-18963 - RESERVED + REJECTED CVE-2019-18962 - RESERVED + REJECTED CVE-2019-18961 - RESERVED + REJECTED CVE-2019-18960 (Firecracker vsock implementation buffer overflow in versions 0.18.0 an ...) NOT-FOR-US: AWS Firecracker CVE-2019-18959 @@ -3823,8 +3832,8 @@ CVE-2019-18861 RESERVED CVE-2019-18860 RESERVED -CVE-2019-18859 - RESERVED +CVE-2019-18859 (Digi AnywhereUSB 14 allows XSS via a link for the Digi Page. ...) + TODO: check CVE-2019-18858 (CODESYS 3 web server before 3.5.15.20, as distributed with CODESYS Con ...) NOT-FOR-US: CODESYS 3 web server CVE-2019-18857 (darylldoyle svg-sanitizer before 0.12.0 mishandles script and data val ...) @@ -39376,15 +39385,15 @@ CVE-2019-5211 (The Huawei Share function of P20 phones with versions earlier tha CVE-2019-5210 (Nova 5i pro and Nova 5 smartphones with versions earlier than 9.1.1.19 ...) NOT-FOR-US: Huawei CVE-2019-5209 - RESERVED + REJECTED CVE-2019-5208 - RESERVED + REJECTED CVE-2019-5207 - RESERVED + REJECTED CVE-2019-5206 - RESERVED + REJECTED CVE-2019-5205 - RESERVED + REJECTED CVE-2019-5204 RESERVED CVE-2019-5203 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index a67bd79249..e9bac96f3a 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,4 +1,36 @@ -CVE-2020-6750 [Socks5 Proxy: Proxy on a SocketClient set via set_proxy_resolver ignored] +CVE-2020-6766 + RESERVED +CVE-2020-6765 + RESERVED +CVE-2020-6764 + RESERVED +CVE-2020-6763 + RESERVED +CVE-2020-6762 + RESERVED +CVE-2020-6761 + RESERVED +CVE-2020-6760 + RESERVED +CVE-2020-6759 + RESERVED +CVE-2020-6758 (A cross-site scripting (XSS) vulnerability in Option/optionsAll.php in ...) + TODO: check +CVE-2020-6757 (contentHostProperties.php in Rasilient PixelStor 5000 K:4.0.1580-20150 ...) + TODO: check +CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-20150629 (K ...) + TODO: check +CVE-2020-6755 + RESERVED +CVE-2020-6754 + RESERVED +CVE-2020-6753 + RESERVED +CVE-2020-6752 + RESERVED +CVE-2020-6751 + RESERVED +CVE-2020-6750 (GSocketClient in GNOME GLib through 2.62.4 may occasionally connect di ...) - glib2.0 <unfixed> (bug #948554) [buster] - glib2.0 <not-affected> (Vulnerable code introduced later, regreession from 2.60.0) [stretch] - glib2.0 <not-affected> (Vulnerable code introduced later, regreession from 2.60.0) @@ -1175,12 +1207,12 @@ CVE-2020-6170 (An authentication bypass vulnerability on Genexis Platinum-4410 v NOT-FOR-US: Genexis CVE-2020-6169 RESERVED -CVE-2020-6168 - RESERVED +CVE-2020-6168 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) + TODO: check CVE-2020-6167 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) NOT-FOR-US: WordPress plugin -CVE-2020-6166 - RESERVED +CVE-2020-6166 (A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance ...) + TODO: check CVE-2020-6165 RESERVED CVE-2020-6164 @@ -2503,8 +2535,7 @@ CVE-2020-5506 RESERVED CVE-2020-5505 RESERVED -CVE-2020-5504 - RESERVED +CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists ...) {DLA-2060-1} - phpmyadmin <unfixed> NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983 |