automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-08-14 20:10:27 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-08-14 20:10:27 +0000
commit: fb35ce631db6e70901ea3a9d734a97335934220c (patch)
tree: 95bdf5659a3f2ef0e7062aa5d5142b27444d5bfc
parent: d0f4de4d549f8b56458878407a5a40a9416e10cc (diff)
3 files changed, 70 insertions, 62 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index dc7561768c..89511c3730 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -4720,10 +4720,10 @@ CVE-2015-8034 (The state.sls function in Salt before 2015.8.3 uses weak permissi
 	NOTE: https://github.com/saltstack/salt/issues/28455
 CVE-2015-8075
 	REJECTED
-CVE-2015-8033
-	RESERVED
-CVE-2015-8032
-	RESERVED
+CVE-2015-8033 (In Textpattern 4.5.7, the password-reset feature does not securely tet ...)
+	TODO: check
+CVE-2015-8032 (In Textpattern 4.5.7, an unprivileged author can change an article's m ...)
+	TODO: check
 CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly d ...)
 	{DSA-3430-1}
 	- libxml2 2.9.3+dfsg1-1 (bug #803942)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index e94dc8b0f1..0e6ee89f26 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -3272,8 +3272,8 @@ CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger inf
 	NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06
 CVE-2019-19644
 	RESERVED
-CVE-2019-19643
-	RESERVED
+CVE-2019-19643 (ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. ...)
+	TODO: check
 CVE-2019-19642 (On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02 ...)
 	NOT-FOR-US: SuperMicro
 CVE-2019-19641
@@ -4196,7 +4196,7 @@ CVE-2019-19303
 	RESERVED
 CVE-2019-19302
 	RESERVED
-CVE-2019-19301 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
+CVE-2019-19301 (A vulnerability has been identified in SCALANCE S602 (All versions), S ...)
 	NOT-FOR-US: Siemens
 CVE-2019-19300 (A vulnerability has been identified in KTK ATE530S (All versions), SID ...)
 	NOT-FOR-US: Siemens
@@ -26184,7 +26184,7 @@ CVE-2019-10925 (A vulnerability has been identified in SIMATIC Ident MV420 famil
 	NOT-FOR-US: Siemens
 CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...)
 	NOT-FOR-US: Siemens
-CVE-2019-10923 (A vulnerability has been identified in CP1604 (All versions &lt; V2.8) ...)
+CVE-2019-10923 (A vulnerability has been identified in Development/Evaluation Kits for ...)
 	NOT-FOR-US: Siemens
 CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier  ...)
 	NOT-FOR-US: Siemens
@@ -36501,8 +36501,8 @@ CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandle
 	NOT-FOR-US: Wordpress plugin
 CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher ...)
 	NOT-FOR-US: MyThemeShop Launcher plugin for WordPress
-CVE-2019-7410
-	RESERVED
+CVE-2019-7410 (There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remo ...)
+	TODO: check
 CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign C ...)
 	NOT-FOR-US: ProfileDesign CMS
 CVE-2019-7408
@@ -38509,7 +38509,7 @@ CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Serv
 	NOT-FOR-US: Siemens
 CVE-2019-6569 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
 	NOT-FOR-US: Scalance
-CVE-2019-6568 (A vulnerability has been identified in CP1604, CP1616, CP343-1 Advance ...)
+CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP O ...)
 	NOT-FOR-US: Siemens
 CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...)
 	NOT-FOR-US: Siemens
@@ -39626,8 +39626,8 @@ CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. A
 	NOT-FOR-US: Corel PaintShop Pro
 CVE-2019-6113 (Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-001 ...)
 	NOT-FOR-US: ONKYO
-CVE-2019-6112
-	RESERVED
+CVE-2019-6112 (A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in ...)
+	TODO: check
 CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp implementation  ...)
 	{DSA-4387-2 DSA-4387-1 DLA-1728-1}
 	- openssh 1:7.9p1-9 (bug #923486)
@@ -40967,8 +40967,8 @@ CVE-2019-5593 (Improper permission or value checking in the CLI console may allo
 	NOT-FOR-US: FortiOS
 CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE,  ...)
 	NOT-FOR-US: Fortinet
-CVE-2019-5591
-	RESERVED
+CVE-2019-5591 (A Default Configuration vulnerability in FortiOS may allow an unauthen ...)
+	TODO: check
 CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet FortiWeb ...)
 	NOT-FOR-US: Fortinet
 CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 84e2b798a5..48fd1ec331 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,11 @@
+CVE-2020-24359
+	RESERVED
+CVE-2020-24358
+	RESERVED
+CVE-2020-24357
+	RESERVED
+CVE-2020-24356
+	RESERVED
 CVE-2020-24355
 	RESERVED
 CVE-2020-24354
@@ -3273,12 +3281,12 @@ CVE-2020-22724
 	RESERVED
 CVE-2020-22723
 	RESERVED
-CVE-2020-22722
-	RESERVED
-CVE-2020-22721
-	RESERVED
-CVE-2020-22720
-	RESERVED
+CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege  ...)
+	TODO: check
+CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8. ...)
+	TODO: check
+CVE-2020-22720 (A local privilege escalation vulnerability in SPSSLVpnService.exe in S ...)
+	TODO: check
 CVE-2020-22719
 	RESERVED
 CVE-2020-22718
@@ -13805,8 +13813,8 @@ CVE-2020-17464
 	RESERVED
 CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...)
 	NOT-FOR-US: FUEL CMS
-CVE-2020-17462
-	RESERVED
+CVE-2020-17462 (CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload beca ...)
+	TODO: check
 CVE-2020-17461
 	RESERVED
 CVE-2020-17460
@@ -16390,8 +16398,8 @@ CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. M
 	NOT-FOR-US: Advantech WebAccess
 CVE-2020-16206
 	RESERVED
-CVE-2020-16205
-	RESERVED
+CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated user can ...)
+	TODO: check
 CVE-2020-16204
 	RESERVED
 CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...)
@@ -16460,7 +16468,7 @@ CVE-2020-16172
 	RESERVED
 CVE-2020-16171
 	RESERVED
-CVE-2020-16170 (The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded ...)
+CVE-2020-16170 (Use of Hard-coded Credentials in Robotemi Global Ltd Temi Firmware up  ...)
 	NOT-FOR-US: Temi application fo Android
 CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in Robotemi G ...)
 	NOT-FOR-US: Temi Robox OS
@@ -17352,8 +17360,8 @@ CVE-2020-15783
 	RESERVED
 CVE-2020-15782
 	RESERVED
-CVE-2020-15781
-	RESERVED
+CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...)
+	TODO: check
 CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...)
 	NOT-FOR-US: Node socket.io-file
 CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...)
@@ -17567,12 +17575,12 @@ CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input
 	NOT-FOR-US: Joomla!
 CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...)
 	NOT-FOR-US: Joomla!
-CVE-2020-15694
-	RESERVED
-CVE-2020-15693
-	RESERVED
-CVE-2020-15692
-	RESERVED
+CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...)
+	TODO: check
+CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...)
+	TODO: check
+CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...)
+	TODO: check
 CVE-2020-15691
 	RESERVED
 CVE-2020-15690
@@ -18812,16 +18820,16 @@ CVE-2020-15147
 	RESERVED
 CVE-2020-15146
 	RESERVED
-CVE-2020-15145
-	RESERVED
+CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...)
+	TODO: check
 CVE-2020-15144
 	RESERVED
 CVE-2020-15143
 	RESERVED
-CVE-2020-15142
-	RESERVED
-CVE-2020-15141
-	RESERVED
+CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with  ...)
+	TODO: check
+CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...)
+	TODO: check
 CVE-2020-15140
 	RESERVED
 CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visu ...)
@@ -20575,7 +20583,7 @@ CVE-2020-14354 [ares_destroy() with pending ares_getaddrinfo() leads to Use-Afte
 	NOTE: Introduced in:  https://github.com/c-ares/c-ares/commit/dbd4c441fb7babad5c56f455d720af38e20546bc (1.16.0)
 	NOTE: Fixed by: https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e (1.16.1)
 CVE-2020-14353
-	RESERVED
+	REJECTED
 	- linux 4.13.10-1
 	[stretch] - linux 4.9.65-1
 	[jessie] - linux 3.16.56-1
@@ -24789,8 +24797,8 @@ CVE-2020-12650
 	REJECTED
 CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...)
 	NOT-FOR-US: Gurbalib
-CVE-2020-12648
-	RESERVED
+CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...)
+	TODO: check
 CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...)
 	NOT-FOR-US: Unisys ALGOL Compiler
 CVE-2020-12646
@@ -31325,8 +31333,8 @@ CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to
 	NOT-FOR-US: GeniXCMS
 CVE-2020-10056
 	RESERVED
-CVE-2020-10055
-	RESERVED
+CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...)
+	TODO: check
 CVE-2020-10054
 	RESERVED
 CVE-2020-10053
@@ -31925,8 +31933,8 @@ CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. T
 	NOT-FOR-US: Apple
 CVE-2020-9768 (A use after free issue was addressed with improved memory management.  ...)
 	NOT-FOR-US: Apple
-CVE-2020-9767
-	RESERVED
+CVE-2020-9767 (A vulnerability related to Dynamic-link Library (&#8220;DLL&#8221;) lo ...)
+	TODO: check
 CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...)
 	NOT-FOR-US: Zephyr, different from src:zephyr
 CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...)
@@ -32114,8 +32122,8 @@ CVE-2020-9710
 	RESERVED
 CVE-2020-9709
 	RESERVED
-CVE-2020-9708
-	RESERVED
+CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...)
+	TODO: check
 CVE-2020-9707
 	RESERVED
 CVE-2020-9706
@@ -33238,10 +33246,10 @@ CVE-2020-9231
 	RESERVED
 CVE-2020-9230
 	RESERVED
-CVE-2020-9229
-	RESERVED
-CVE-2020-9228
-	RESERVED
+CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
+	TODO: check
+CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...)
+	TODO: check
 CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166  ...)
 	NOT-FOR-US: Huawei
 CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...)
@@ -36641,10 +36649,10 @@ CVE-2020-7703
 	RESERVED
 CVE-2020-7702
 	RESERVED
-CVE-2020-7701
-	RESERVED
-CVE-2020-7700
-	RESERVED
+CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution  ...)
+	TODO: check
+CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...)
+	TODO: check
 CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...)
 	NOT-FOR-US: express-fileupload
 CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...)
@@ -36912,8 +36920,8 @@ CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and ear
 	NOT-FOR-US: Siemens
 CVE-2020-7584 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU family ...)
 	NOT-FOR-US: Siemens
-CVE-2020-7583
-	RESERVED
+CVE-2020-7583 (A vulnerability has been identified in Automation License Manager 5 (A ...)
+	TODO: check
 CVE-2020-7582
 	RESERVED
 CVE-2020-7581 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...)
@@ -37504,7 +37512,7 @@ CVE-2020-7294
 	RESERVED
 CVE-2020-7293
 	RESERVED
-CVE-2020-7292 (Inappropriate Encoding for output context in McAfee Web Gateway (MWG)  ...)
+CVE-2020-7292 (Inappropriate Encoding for output context vulnerability in McAfee Web  ...)
 	NOT-FOR-US: McAfee
 CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...)
 	NOT-FOR-US: McAfee
@@ -43739,8 +43747,8 @@ CVE-2020-4664
 	RESERVED
 CVE-2020-4663
 	RESERVED
-CVE-2020-4662
-	RESERVED
+CVE-2020-4662 (IBM Event Streams 10.0.0 could allow an authenticated user to perform  ...)
+	TODO: check
 CVE-2020-4661
 	RESERVED
 CVE-2020-4660
author	security tracker role <sectracker@soriano.debian.org>	2020-08-14 20:10:27 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-08-14 20:10:27 +0000
commit	fb35ce631db6e70901ea3a9d734a97335934220c (patch)
tree	95bdf5659a3f2ef0e7062aa5d5142b27444d5bfc
parent	d0f4de4d549f8b56458878407a5a40a9416e10cc (diff)