diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-09-01 20:10:30 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-09-01 20:10:30 +0000 |
commit | f2b39cd468d17f420f0030dda5a8e6d506831c4a (patch) | |
tree | 0325f73057cbfb539e0fa805aac50eb8d6e32059 | |
parent | 03721f95d8823fdc6520208f633d2ef57a4a0182 (diff) |
automatic update
-rw-r--r-- | data/CVE/2012.list | 20 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 4 | ||||
-rw-r--r-- | data/CVE/2020.list | 292 |
4 files changed, 160 insertions, 160 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 21749206b1..de99c4810d 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -8458,18 +8458,18 @@ CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys bef CVE-2012-3342 (Unspecified vulnerability in the Java Runtime Environment (JRE) compon ...) - openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) - openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java) -CVE-2012-3341 - RESERVED -CVE-2012-3340 - RESERVED +CVE-2012-3341 (IBM InfoSphere Guardium 7.0, 8.0, 8.01, and 8.2 is vulnerable to cross ...) + TODO: check +CVE-2012-3340 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to XML extern ...) + TODO: check CVE-2012-3339 RESERVED -CVE-2012-3338 - RESERVED -CVE-2012-3337 - RESERVED -CVE-2012-3336 - RESERVED +CVE-2012-3338 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attack ...) + TODO: check +CVE-2012-3337 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 could allow a remote attack ...) + TODO: check +CVE-2012-3336 (IBM InfoSphere Guardium 8.0, 8.01, and 8.2 is vulnerable to SQL inject ...) + TODO: check CVE-2012-3335 RESERVED CVE-2012-3334 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index ec4b8c0598..edba4affae 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -23188,8 +23188,8 @@ CVE-2018-12477 (A Improper Neutralization of CRLF Sequences vulnerability in Ope NOTE: https://github.com/openSUSE/obs-service-refresh_patches/commit/d6244245dda5367767efc989446fe4b5e4609cce CVE-2018-12476 (Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE L ...) NOT-FOR-US: obs-service-tar_scm -CVE-2018-12475 - RESERVED +CVE-2018-12475 (A Externally Controlled Reference to a Resource in Another Sphere vuln ...) + TODO: check CVE-2018-12474 (Improper input validation in obs-service-tar_scm of Open Build Service ...) NOT-FOR-US: obs-service-tar_scm of Open Build Service CVE-2018-12473 (A path traversal traversal vulnerability in obs-service-tar_scm of Ope ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index c413665074..0592e4c0a2 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -40838,8 +40838,8 @@ CVE-2019-5647 (The Chrome Plugin for Rapid7 AppSpider can incorrectly keep brows NOT-FOR-US: Chrome Plugin for Rapid7 AppSpider CVE-2019-5646 RESERVED -CVE-2019-5645 - RESERVED +CVE-2019-5645 (By sending a specially crafted HTTP GET request to a listening Rapid7 ...) + TODO: check CVE-2019-5644 (Computing For Good's Basic Laboratory Information System (also known a ...) NOT-FOR-US: Computing For Good's Basic Laboratory Information System CVE-2019-5643 (Computing For Good's Basic Laboratory Information System (also known a ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 8866fe1008..dc390aaff1 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,5 @@ +CVE-2020-25068 + RESERVED CVE-2020-25067 (NETGEAR R8300 devices before 1.0.2.134 are affected by command injecti ...) NOT-FOR-US: Netgear CVE-2020-25066 @@ -980,15 +982,13 @@ CVE-2020-24585 (An issue was discovered in the DTLS handshake implementation in - wolfssl <unfixed> NOTE: https://github.com/wolfSSL/wolfssl/pull/3219 NOTE: https://github.com/wolfSSL/wolfssl/commit/3be7f3ea3a56d178acf0f7f84ee4ae8cbfee8915 (v4.5.0-stable) -CVE-2020-24584 - RESERVED +CVE-2020-24584 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...) - python-django 2:2.2.16-1 (bug #969367) NOTE: https://github.com/django/django/commit/1853724acaf17ed7414d54c7d2b5563a25025a71 (master) NOTE: https://github.com/django/django/commit/2b099caa5923afa8cfb5f1e8c0d56b6e0e81915b (3.1.1) NOTE: https://github.com/django/django/commit/cdb367c92a0ba72ddc0cbd13ff42b0e6df709554 (3.0.10) NOTE: https://github.com/django/django/commit/a3aebfdc8153dc230686b6d2454ccd32ed4c9e6f (2.2.16) -CVE-2020-24583 - RESERVED +CVE-2020-24583 (An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10 ...) - python-django 2:2.2.16-1 (bug #969367) NOTE: https://github.com/django/django/commit/8d7271578d7b153435b40fe40236ebec43cbf1b9 (master) NOTE: https://github.com/django/django/commit/934430d22aa5d90c2ba33495ff69a6a1d997d584 (3.1.1) @@ -1040,14 +1040,14 @@ CVE-2020-24561 RESERVED CVE-2020-24560 RESERVED -CVE-2020-24559 - RESERVED -CVE-2020-24558 - RESERVED -CVE-2020-24557 - RESERVED -CVE-2020-24556 - RESERVED +CVE-2020-24559 (A vulnerability in Trend Micro Apex One on macOS may allow an attacker ...) + TODO: check +CVE-2020-24558 (A vulnerability in an Trend Micro Apex One dll may allow an attacker t ...) + TODO: check +CVE-2020-24557 (A vulnerability in Trend Micro Apex One on Microsoft Windows may allow ...) + TODO: check +CVE-2020-24556 (A vulnerability in Trend Micro Apex One and OfficeScan XG SP1 on Micro ...) + TODO: check CVE-2020-24614 (Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 a ...) - fossil 1:2.12.1-1 [buster] - fossil <no-dsa> (Minor issue) @@ -1056,8 +1056,8 @@ CVE-2020-24614 (Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2. NOTE: https://fossil-scm.org/fossil/vdiff?branch=sec2020-2.12-patch&diff=1&w CVE-2020-24555 RESERVED -CVE-2020-24554 - RESERVED +CVE-2020-24554 (The redirect module in Liferay Portal before 7.3.3 does not limit the ...) + TODO: check CVE-2020-24553 RESERVED CVE-2020-24552 @@ -2146,8 +2146,8 @@ CVE-2020-24036 RESERVED CVE-2020-24035 RESERVED -CVE-2020-24034 - RESERVED +CVE-2020-24034 (Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecu ...) + TODO: check CVE-2020-24033 RESERVED CVE-2020-24032 (tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cm ...) @@ -2272,8 +2272,8 @@ CVE-2020-23973 (KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'te NOT-FOR-US: KandNconcepts Club CMS CVE-2020-23972 (In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can ...) NOT-FOR-US: Joomla Component GMapFP -CVE-2020-23971 - RESERVED +CVE-2020-23971 (gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Pe ...) + TODO: check CVE-2020-23970 RESERVED CVE-2020-23969 @@ -2536,28 +2536,28 @@ CVE-2020-23841 RESERVED CVE-2020-23840 RESERVED -CVE-2020-23839 - RESERVED +CVE-2020-23839 (A Reflected Cross-Site Scripting (XSS) vulnerability in GetSimple CMS ...) + TODO: check CVE-2020-23838 RESERVED CVE-2020-23837 RESERVED -CVE-2020-23836 - RESERVED -CVE-2020-23835 - RESERVED +CVE-2020-23836 (A Cross-Site Request Forgery (CSRF) vulnerability in edit_user.php in ...) + TODO: check +CVE-2020-23835 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...) + TODO: check CVE-2020-23834 RESERVED CVE-2020-23833 RESERVED CVE-2020-23832 RESERVED -CVE-2020-23831 - RESERVED +CVE-2020-23831 (A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php ...) + TODO: check CVE-2020-23830 RESERVED -CVE-2020-23829 - RESERVED +CVE-2020-23829 (interface/new/new_comprehensive_save.php in LibreHealth EHR 2.0.0 suff ...) + TODO: check CVE-2020-23828 RESERVED CVE-2020-23827 @@ -3314,8 +3314,8 @@ CVE-2020-23452 RESERVED CVE-2020-23451 RESERVED -CVE-2020-23450 - RESERVED +CVE-2020-23450 (Spiceworks Version <= 7.5.00107 is affected by XSS. Any name typed ...) + TODO: check CVE-2020-23449 RESERVED CVE-2020-23448 @@ -15432,8 +15432,8 @@ CVE-2020-17407 RESERVED CVE-2020-17406 RESERVED -CVE-2020-17405 - RESERVED +CVE-2020-17405 (This vulnerability allows network-adjacent attackers to execute arbitr ...) + TODO: check CVE-2020-17404 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: Foxit CVE-2020-17403 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -20421,8 +20421,8 @@ CVE-2020-15152 (ftp-srv versions 1.0.0 through 4.3.3 are vulnerable to Server-Si NOT-FOR-US: Node ftp-srv CVE-2020-15151 (OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to cir ...) NOT-FOR-US: OpenMage -CVE-2020-15150 - RESERVED +CVE-2020-15150 (There is a vulnerability in Paginator (Elixir/Hex package) which makes ...) + TODO: check CVE-2020-15149 (NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in ...) NOT-FOR-US: NodeBB CVE-2020-15148 @@ -21818,8 +21818,8 @@ CVE-2020-14516 RESERVED CVE-2020-14515 RESERVED -CVE-2020-14514 - RESERVED +CVE-2020-14514 (All trailer Power Line Communications are affected. PLC bus traffic ca ...) + TODO: check CVE-2020-14513 RESERVED CVE-2020-14512 (GateManager versions prior to 9.2c, The affected product uses a weak h ...) @@ -26091,8 +26091,8 @@ CVE-2020-12778 (Combodo iTop does not validate inputted parameters, attackers ca NOT-FOR-US: Combodo iTop CVE-2020-12777 (A function in Combodo iTop contains a vulnerability of Broken Access C ...) NOT-FOR-US: Combodo iTop -CVE-2020-12776 - RESERVED +CVE-2020-12776 (Openfind Mail2000 contains Broken Access Control vulnerability, which ...) + TODO: check CVE-2020-12775 RESERVED CVE-2020-12774 (D-Link DSL-7740C does not properly validate user input, which allows a ...) @@ -37736,8 +37736,8 @@ CVE-2020-8025 (A Incorrect Execution-Assigned Permissions vulnerability in the p NOT-FOR-US: SAP CVE-2020-8024 (A Incorrect Default Permissions vulnerability in the packaging of hyla ...) - hylafax <not-affected> (SuSE-specific packaging issue) -CVE-2020-8023 - RESERVED +CVE-2020-8023 (A acceptance of Extraneous Untrusted Data With Trusted Data vulnerabil ...) + TODO: check CVE-2020-8022 (A Incorrect Default Permissions vulnerability in the packaging of tomc ...) NOT-FOR-US: SAP CVE-2020-8021 (a Improper Access Control vulnerability in of Open Build Service allow ...) @@ -38382,36 +38382,36 @@ CVE-2020-7729 RESERVED CVE-2020-7728 RESERVED -CVE-2020-7727 - RESERVED -CVE-2020-7726 - RESERVED -CVE-2020-7725 - RESERVED -CVE-2020-7724 - RESERVED -CVE-2020-7723 - RESERVED -CVE-2020-7722 - RESERVED -CVE-2020-7721 - RESERVED -CVE-2020-7720 - RESERVED -CVE-2020-7719 - RESERVED -CVE-2020-7718 - RESERVED -CVE-2020-7717 - RESERVED -CVE-2020-7716 - RESERVED -CVE-2020-7715 - RESERVED -CVE-2020-7714 - RESERVED -CVE-2020-7713 - RESERVED +CVE-2020-7727 (All versions of package gedi are vulnerable to Prototype Pollution via ...) + TODO: check +CVE-2020-7726 (All versions of package safe-object2 are vulnerable to Prototype Pollu ...) + TODO: check +CVE-2020-7725 (All versions of package worksmith are vulnerable to Prototype Pollutio ...) + TODO: check +CVE-2020-7724 (All versions of package tiny-conf are vulnerable to Prototype Pollutio ...) + TODO: check +CVE-2020-7723 (All versions of package promisehelpers are vulnerable to Prototype Pol ...) + TODO: check +CVE-2020-7722 (All versions of package nodee-utils are vulnerable to Prototype Pollut ...) + TODO: check +CVE-2020-7721 (All versions of package node-oojs are vulnerable to Prototype Pollutio ...) + TODO: check +CVE-2020-7720 (All versions of package node-forge are vulnerable to Prototype Polluti ...) + TODO: check +CVE-2020-7719 (All versions of package locutus are vulnerable to Prototype Pollution ...) + TODO: check +CVE-2020-7718 (All versions of package gammautils are vulnerable to Prototype Polluti ...) + TODO: check +CVE-2020-7717 (All versions of package dot-notes are vulnerable to Prototype Pollutio ...) + TODO: check +CVE-2020-7716 (All versions of package deeps are vulnerable to Prototype Pollution vi ...) + TODO: check +CVE-2020-7715 (All versions of package deep-get-set are vulnerable to Prototype Pollu ...) + TODO: check +CVE-2020-7714 (All versions of package confucious are vulnerable to Prototype Polluti ...) + TODO: check +CVE-2020-7713 (All versions of package arr-flatten-unflatten are vulnerable to Protot ...) + TODO: check CVE-2020-7712 (This affects the package json before 10.0.0. It is possible to inject ...) TODO: check CVE-2020-7711 (This affects all versions of package github.com/russellhaering/goxmlds ...) @@ -38514,17 +38514,17 @@ CVE-2020-7671 (goliath through 1.0.6 allows request smuggling attacks where goli NOT-FOR-US: Ruby gem goliath CVE-2020-7670 (agoo through 2.12.3 allows request smuggling attacks where agoo is use ...) NOT-FOR-US: Ruby gem agoo -CVE-2020-7669 - RESERVED +CVE-2020-7669 (This affects all versions of package github.com/u-root/u-root/pkg/taru ...) + TODO: check CVE-2020-7668 (In all versions of the package github.com/unknwon/cae/tz, the ExtractT ...) - golang-github-unknwon-cae <removed> (bug #967956) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAETZ-570384 CVE-2020-7667 (In package github.com/sassoftware/go-rpmutils/cpio before version 0.1. ...) NOT-FOR-US: github.com/sassoftware/go-rpmutils/cpio go module -CVE-2020-7666 - RESERVED -CVE-2020-7665 - RESERVED +CVE-2020-7666 (This affects all versions of package github.com/u-root/u-root/pkg/cpio ...) + TODO: check +CVE-2020-7665 (This affects all versions of package github.com/u-root/u-root/pkg/uzip ...) + TODO: check CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the Extract ...) - golang-github-unknwon-cae <removed> (bug #967955) NOTE: https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMUNKNWONCAEZIP-570383 @@ -42366,8 +42366,8 @@ CVE-2020-6143 RESERVED CVE-2020-6142 RESERVED -CVE-2020-6141 - RESERVED +CVE-2020-6141 (An exploitable SQL injection vulnerability exists in the login functio ...) + TODO: check CVE-2020-6140 RESERVED CVE-2020-6139 @@ -42376,46 +42376,46 @@ CVE-2020-6138 RESERVED CVE-2020-6137 RESERVED -CVE-2020-6136 - RESERVED -CVE-2020-6135 - RESERVED -CVE-2020-6134 - RESERVED -CVE-2020-6133 - RESERVED -CVE-2020-6132 - RESERVED -CVE-2020-6131 - RESERVED -CVE-2020-6130 - RESERVED -CVE-2020-6129 - RESERVED -CVE-2020-6128 - RESERVED -CVE-2020-6127 - RESERVED -CVE-2020-6126 - RESERVED -CVE-2020-6125 - RESERVED -CVE-2020-6124 - RESERVED -CVE-2020-6123 - RESERVED -CVE-2020-6122 - RESERVED -CVE-2020-6121 - RESERVED -CVE-2020-6120 - RESERVED -CVE-2020-6119 - RESERVED -CVE-2020-6118 - RESERVED -CVE-2020-6117 - RESERVED +CVE-2020-6136 (An exploitable SQL injection vulnerability exists in the DownloadWindo ...) + TODO: check +CVE-2020-6135 (An exploitable SQL injection vulnerability exists in the Validator.php ...) + TODO: check +CVE-2020-6134 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...) + TODO: check +CVE-2020-6133 (SQL injection vulnerabilities exist in the ID parameters of OS4Ed open ...) + TODO: check +CVE-2020-6132 (SQL injection vulnerability exists in the ID parameters of OS4Ed openS ...) + TODO: check +CVE-2020-6131 (SQL injection vulnerabilities exist in the course_period_id parameters ...) + TODO: check +CVE-2020-6130 (SQL injection vulnerabilities exist in the course_period_id parameters ...) + TODO: check +CVE-2020-6129 (SQL injection vulnerabilities exist in the course_period_id parameters ...) + TODO: check +CVE-2020-6128 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) + TODO: check +CVE-2020-6127 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) + TODO: check +CVE-2020-6126 (SQL injection vulnerability exists in the CoursePeriodModal.php page o ...) + TODO: check +CVE-2020-6125 (An exploitable SQL injection vulnerability exists in the GetSchool.php ...) + TODO: check +CVE-2020-6124 (An exploitable sql injection vulnerability exists in the email paramet ...) + TODO: check +CVE-2020-6123 (An exploitable sql injection vulnerability exists in the email paramet ...) + TODO: check +CVE-2020-6122 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...) + TODO: check +CVE-2020-6121 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) + TODO: check +CVE-2020-6120 (SQL injection vulnerability exists in the CheckDuplicateStudent.php pa ...) + TODO: check +CVE-2020-6119 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) + TODO: check +CVE-2020-6118 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) + TODO: check +CVE-2020-6117 (SQL injection vulnerabilities exist in the CheckDuplicateStudent.php p ...) + TODO: check CVE-2020-6116 RESERVED CVE-2020-6115 @@ -50742,34 +50742,34 @@ CVE-2020-2253 RESERVED CVE-2020-2252 RESERVED -CVE-2020-2251 - RESERVED -CVE-2020-2250 - RESERVED -CVE-2020-2249 - RESERVED -CVE-2020-2248 - RESERVED -CVE-2020-2247 - RESERVED -CVE-2020-2246 - RESERVED -CVE-2020-2245 - RESERVED -CVE-2020-2244 - RESERVED -CVE-2020-2243 - RESERVED -CVE-2020-2242 - RESERVED -CVE-2020-2241 - RESERVED -CVE-2020-2240 - RESERVED -CVE-2020-2239 - RESERVED -CVE-2020-2238 - RESERVED +CVE-2020-2251 (Jenkins SoapUI Pro Functional Testing Plugin 1.5 and earlier transmits ...) + TODO: check +CVE-2020-2250 (Jenkins SoapUI Pro Functional Testing Plugin 1.3 and earlier stores pr ...) + TODO: check +CVE-2020-2249 (Jenkins Team Foundation Server Plugin 5.157.1 and earlier stores a web ...) + TODO: check +CVE-2020-2248 (Jenkins JSGames Plugin 0.2 and earlier evaluates part of a URL as code ...) + TODO: check +CVE-2020-2247 (Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configu ...) + TODO: check +CVE-2020-2246 (Jenkins Valgrind Plugin 0.28 and earlier does not escape content in Va ...) + TODO: check +CVE-2020-2245 (Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML pa ...) + TODO: check +CVE-2020-2244 (Jenkins Build Failure Analyzer Plugin 1.27.0 and earlier does not esca ...) + TODO: check +CVE-2020-2243 (Jenkins Cadence vManager Plugin 3.0.4 and earlier does not escape buil ...) + TODO: check +CVE-2020-2242 (A missing permission check in Jenkins database Plugin 1.6 and earlier ...) + TODO: check +CVE-2020-2241 (A cross-site request forgery (CSRF) vulnerability in Jenkins database ...) + TODO: check +CVE-2020-2240 (A cross-site request forgery (CSRF) vulnerability in Jenkins database ...) + TODO: check +CVE-2020-2239 (Jenkins Parameterized Remote Trigger Plugin 3.1.3 and earlier stores a ...) + TODO: check +CVE-2020-2238 (Jenkins Git Parameter Plugin 0.9.12 and earlier does not escape the re ...) + TODO: check CVE-2020-2237 (A cross-site request forgery (CSRF) vulnerability in Jenkins Flaky Tes ...) NOT-FOR-US: Jenkins plugin CVE-2020-2236 (Jenkins Yet Another Build Visualizer Plugin 1.11 and earlier does not ...) |