diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-21 08:10:20 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-21 08:10:20 +0000 |
commit | 063b5ad70703e4cb072e391de2eacdf1202ced56 (patch) | |
tree | c0e47fd99d7a0122aad201c2e3eab5b332d4e0a8 | |
parent | 0d0f9b69813bbb591d999cc4838c5c38d14615a8 (diff) |
automatic update
-rw-r--r-- | data/CVE/2010.list | 2 | ||||
-rw-r--r-- | data/CVE/2011.list | 9 | ||||
-rw-r--r-- | data/CVE/2012.list | 27 | ||||
-rw-r--r-- | data/CVE/2013.list | 7 | ||||
-rw-r--r-- | data/CVE/2014.list | 35 | ||||
-rw-r--r-- | data/CVE/2015.list | 9 | ||||
-rw-r--r-- | data/CVE/2016.list | 10 | ||||
-rw-r--r-- | data/CVE/2017.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 52 | ||||
-rw-r--r-- | data/CVE/2020.list | 100 |
10 files changed, 136 insertions, 117 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index d993c4ec1b..cb0916131a 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -17,7 +17,7 @@ CVE-2010-5333 (The web server in Integard Pro and Home before 2.0.0.9037 and 2.2 CVE-2010-5332 (In the Linux kernel before 2.6.37, an out of bounds array access happe ...) - linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename) NOTE: https://git.kernel.org/linus/0926f91083f34d047abc74f1ca4fa6a9c161f7db -CVE-2010-5331 (In the Linux kernel before 2.6.34, a range check issue in drivers/gpu/ ...) +CVE-2010-5331 (** DISPUTED ** In the Linux kernel before 2.6.34, a range check issue ...) - linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename) NOTE: https://git.kernel.org/linus/0031c41be5c529f8329e327b63cde92ba1284842 CVE-2010-5330 (On certain Ubiquiti devices, Command Injection exists via a GET reques ...) diff --git a/data/CVE/2011.list b/data/CVE/2011.list index ba45574bec..bb806e5f57 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -967,8 +967,7 @@ CVE-2011-4917 NOTE: Minor info leak, unlikely to be fixed upstream CVE-2011-4916 RESERVED -CVE-2011-4915 - RESERVED +CVE-2011-4915 (fs/proc/base.c in the Linux kernel through 3.1 allows local users to o ...) - linux <unfixed> (unimportant) - linux-2.6 <removed> (unimportant) NOTE: Minor info leak, unlikely to be fixed upstream @@ -7456,8 +7455,7 @@ CVE-2011-2500 (The host_reliable_addrinfo function in support/export/hostname.c [squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3) CVE-2011-2499 (Mambo CMS through 4.6.5 has multiple XSS. ...) NOT-FOR-US: Mambo CMS -CVE-2011-2498 - RESERVED +CVE-2011-2498 (The Linux kernel from v2.3.36 before v2.6.39 allows local unprivileged ...) - linux-2.6 2.6.39-1 (low) [squeeze] - linux-2.6 <not-affected> (introduced in 2.6.36) [lenny] - linux-2.6 <not-affected> (introduced in 2.6.36) @@ -12342,8 +12340,7 @@ CVE-2011-0700 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress {DSA-2190-1} - wordpress 3.0.5+dfsg-1 [lenny] - wordpress <not-affected> (2.x version is not affected) -CVE-2011-0699 - RESERVED +CVE-2011-0699 (Integer signedness error in the btrfs_ioctl_space_info function in the ...) - linux-2.6 2.6.37-2 [wheezy] - linux-2.6 <not-affected> (code introduced in .37) [squeeze] - linux-2.6 <not-affected> (code introduced in .37) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 294b76dd62..999a962b1a 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -3410,30 +3410,25 @@ CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtain - phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728) CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow r ...) NOT-FOR-US: OrangeHRM -CVE-2012-5366 - RESERVED +CVE-2012-5366 (The IPv6 implementation in Apple Mac OS X (unknown versions, year 2012 ...) NOT-FOR-US: Mac OS X -CVE-2012-5365 - RESERVED +CVE-2012-5365 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year ...) - kfreebsd-8 <removed> (low; bug #690986) - kfreebsd-9 <removed> (low) [squeeze] - kfreebsd-8 <no-dsa> (Minor issue) [squeeze] - kfreebsd-9 <no-dsa> (Minor issue) [wheezy] - kfreebsd-8 <no-dsa> (Minor issue) [wheezy] - kfreebsd-9 <no-dsa> (Minor issue) -CVE-2012-5364 - RESERVED +CVE-2012-5364 (The IPv6 implementation in Microsoft Windows 7 and earlier allows remo ...) NOT-FOR-US: Microsoft Windows -CVE-2012-5363 - RESERVED +CVE-2012-5363 (The IPv6 implementation in FreeBSD and NetBSD (unknown versions, year ...) - kfreebsd-8 <removed> (low; bug #690986) [squeeze] - kfreebsd-8 <no-dsa> (Minor issue) [squeeze] - kfreebsd-9 <no-dsa> (Minor issue) [wheezy] - kfreebsd-8 <no-dsa> (Minor issue) [wheezy] - kfreebsd-9 <no-dsa> (Minor issue) - kfreebsd-9 <removed> (low) -CVE-2012-5362 - RESERVED +CVE-2012-5362 (The IPv6 implementation in Microsoft Windows 7 and earlier allows remo ...) NOT-FOR-US: Microsoft Windows CVE-2012-5361 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ar ...) - ffmpeg 7:2.4.1-1 @@ -3726,7 +3721,7 @@ CVE-2012-5237 (The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the - wireshark 1.8.2-2 (bug #689972) [squeeze] - wireshark <not-affected> (Only affects 1.8.x) CVE-2012-5236 [Admin can decrypt user files] - RESERVED + REJECTED - owncloud 5.0.3+dfsg-1 [wheezy] - owncloud <no-dsa> (Low risk, requires entensive changes, will be fully fixed in 5.0) NOTE: http://owncloud.org/about/security/advisories/CVE-2012-5236/ @@ -8443,8 +8438,8 @@ CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk - asterisk <not-affected> (Only affects Asterisk 10) CVE-2012-3352 RESERVED -CVE-2012-3351 - RESERVED +CVE-2012-3351 (Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video ...) + TODO: check CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1 allows remo ...) NOT-FOR-US: WebMatic NOTE: http://seclists.org/bugtraq/2012/Jul/25 @@ -10173,8 +10168,8 @@ CVE-2012-2631 (Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB Shoppin NOT-FOR-US: WEBLOGIC CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier for Andr ...) NOT-FOR-US: Puella Magi Madoka Magica iP (Android application) -CVE-2012-2629 - RESERVED +CVE-2012-2629 (Multiple cross-site request forgery (CSRF) and cross-site scripting (X ...) + TODO: check CVE-2012-2628 RESERVED CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell So ...) @@ -10241,7 +10236,7 @@ CVE-2012-2601 (SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch W CVE-2012-2600 RESERVED CVE-2012-2599 - RESERVED + REJECTED CVE-2012-2598 (Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 t ...) NOT-FOR-US: Siemens WinCC CVE-2012-2597 (Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index c9c22bd51c..7aa9f1303b 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1109,8 +1109,8 @@ CVE-2013-7116 REJECTED CVE-2013-7115 REJECTED -CVE-2013-7109 - RESERVED +CVE-2013-7109 (OpenStack Swift as of 2013-12-15 mishandles PYTHON_EGG_CACHE ...) + TODO: check CVE-2013-7105 (Buffer overflow in the Interstage HTTP Server log functionality, as us ...) NOT-FOR-US: Fujitsu Interstage HTTP Server CVE-2013-7104 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...) @@ -14302,8 +14302,7 @@ CVE-2013-2019 (Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows r - boinc 6.13.6+dfsg-1 (low) [squeeze] - boinc <no-dsa> (Minor issue) NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=9a4140ae30a72e5175f3f31646d91f2d58df7156 -CVE-2013-2018 [SQL injections in the server-side scheduler code] - RESERVED +CVE-2013-2018 (Multiple SQL injection vulnerabilities in BOINC allow remote attackers ...) - boinc 7.0.65+dfsg-1 (low) [squeeze] - boinc <not-affected> (Vulnerable code not present) [wheezy] - boinc <no-dsa> (Minor issue) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index a5224c2509..3a98b41a46 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -7122,8 +7122,8 @@ CVE-2014-7952 (The backup mechanism in the adb tool in Android might allow attac NOT-FOR-US: Android NOTE: the vulnerability is in the Android OS itself (and its backup manager) NOTE: adb is just an intermediary in the backup process -CVE-2014-7951 - RESERVED +CVE-2014-7951 (Directory traversal vulnerability in the Android debug bridge (aka adb ...) + TODO: check CVE-2014-7950 RESERVED CVE-2014-7949 @@ -7278,8 +7278,8 @@ CVE-2014-7916 (Integer overflow in SampleTable.cpp in libstagefright in Android NOT-FOR-US: libstagefright in Android CVE-2014-7915 (Integer overflow in SampleTable.cpp in libstagefright in Android befor ...) NOT-FOR-US: libstagefright in Android -CVE-2014-7914 - RESERVED +CVE-2014-7914 (btif/src/btif_dm.c in Android before 5.1 does not properly enforce the ...) + TODO: check CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...) {DLA-506-1} - dhcpcd5 7.0.8-0.1 (unimportant; bug #846938) @@ -14870,29 +14870,23 @@ CVE-2014-4652 (Race condition in the tlv handler functionality in the snd_ctl_el [wheezy] - linux 3.2.60-1 - linux-2.6 <removed> (low) [squeeze] - linux-2.6 2.6.32-48squeeze8 -CVE-2014-4678 [incomplete fix for CVE-2014-4657] - RESERVED +CVE-2014-4678 (The safe_eval function in Ansible before 1.6.4 does not properly restr ...) - ansible 1.6.6+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916 NOTE: See http://www.openwall.com/lists/oss-security/2014/06/26/30 -CVE-2014-4660 - RESERVED +CVE-2014-4660 (Ansible before 1.5.5 constructs filenames containing user and password ...) - ansible 1.5.5+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08 -CVE-2014-4659 - RESERVED +CVE-2014-4659 (Ansible before 1.5.5 sets 0644 permissions for sources.list, which mig ...) - ansible 1.5.5+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08 -CVE-2014-4658 - RESERVED +CVE-2014-4658 (The vault subsystem in Ansible before 1.5.5 does not set the umask bef ...) - ansible 1.5.5+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69 -CVE-2014-4657 - RESERVED +CVE-2014-4657 (The safe_eval function in Ansible before 1.5.4 does not properly restr ...) - ansible 1.5.5+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c -CVE-2014-4650 - RESERVED +CVE-2014-4650 (The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly h ...) - python2.6 <removed> (low) [squeeze] - python2.6 <no-dsa> (Minor issue) [wheezy] - python2.6 <no-dsa> (Minor issue) @@ -16318,8 +16312,8 @@ CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.j NOT-FOR-US: F5 BIG-IP CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, wh ...) - xen <not-affected> (Only 32- and 64-bit ARM systems from Xen 4.4 onwards) -CVE-2014-4019 - RESERVED +CVE-2014-4019 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...) + TODO: check CVE-2014-4018 (The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a defau ...) NOT-FOR-US: ZTE router CVE-2014-4168 ((1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote atta ...) @@ -17696,7 +17690,7 @@ CVE-2014-3558 (ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) NOTE: have in Debian. Known fixed versions are 4.2.1, 4.3.2, and 5.1.2. NOTE: Upstream ticket: https://hibernate.atlassian.net/browse/HV-912 CVE-2014-3557 - RESERVED + REJECTED CVE-2014-3556 (The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the SMT ...) - nginx 1.6.1-1 (bug #757196) [wheezy] - nginx <not-affected> (Affects 1.5.6 - 1.7.3) @@ -17953,8 +17947,7 @@ CVE-2014-3486 (The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) t NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2014-3485 (The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterpri ...) NOT-FOR-US: ovirt-engine-api / RHEV -CVE-2014-3484 [stack-based buffer overflow] - RESERVED +CVE-2014-3484 (Multiple stack-based buffer overflows in the __dn_expand function in n ...) - musl 1.1.4-1 (bug #750815) CVE-2014-3483 (SQL injection vulnerability in activerecord/lib/active_record/connecti ...) {DSA-2982-1} diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 5f00e5d620..b632f2848a 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -15227,12 +15227,10 @@ CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function CVE-2015-4412 (BSON injection vulnerability in the legal? function in BSON (bson-ruby ...) - ruby-bson <not-affected> (corresponding change in ruby-bson not present) NOTE: Originating from https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219 -CVE-2015-4411 [ruby-bson: DoS and possible injection, with bernerdschaefer 2012-04-17 commit] - RESERVED +CVE-2015-4411 (The Moped::BSON::ObjecId.legal? method in mongodb/bson-ruby before 3.0 ...) - ruby-bson <not-affected> (corresponding change in ruby-bson not present) NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24 -CVE-2015-4410 [ruby-bson: DoS and possible injection] - RESERVED +CVE-2015-4410 (The Moped::BSON::ObjecId.legal? method in rubygem-moped before commit ...) - ruby-bson 1.10.0-2 (bug #787951) [jessie] - ruby-bson 1.10.0-1+deb8u1 NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression @@ -19106,8 +19104,7 @@ CVE-2015-2924 (The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor [jessie] - network-manager <no-dsa> (Minor issue) [wheezy] - network-manager <no-dsa> (Minor issue) [squeeze] - network-manager <no-dsa> (Minor issue) -CVE-2015-2923 [IPv6 Hop limit lowering via RA messages] - RESERVED +CVE-2015-2923 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...) {DSA-3175-2} [experimental] - kfreebsd-11 11.0~svn284956-1 - kfreebsd-10 10.1~svn274115-4 (bug #782107) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 7c70c54fda..22795b5dc9 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -19467,8 +19467,8 @@ CVE-2016-4607 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes be NOTE: contacted Apple for more information, but no reply for quite a while. NOTE: Apple still does not provide information on this CVE, although it is NOTE: possible that it's fixed in 1.1.29 upstream. -CVE-2016-4606 - RESERVED +CVE-2016-4606 (Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 al ...) + TODO: check CVE-2016-4605 (Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a ...) NOT-FOR-US: Apple CVE-2016-4604 (Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the ...) @@ -23584,14 +23584,12 @@ CVE-2016-3183 (The sycc422_t_rgb function in common/color.c in OpenJPEG before 2 [jessie] - openjpeg2 <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14 NOTE: https://github.com/uclouvain/openjpeg/issues/726 -CVE-2016-3182 [Heap Corruption in opj_free function] - RESERVED +CVE-2016-3182 (The color_esycc_to_rgb function in bin/common/color.c in OpenJPEG befo ...) - openjpeg2 2.1.1-1 [jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0) NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/13 NOTE: https://github.com/uclouvain/openjpeg/issues/725 -CVE-2016-3181 [Out-Of-Bounds Read in opj_tcd_free_tile function] - RESERVED +CVE-2016-3181 (DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-3182. Reason: T ...) - openjpeg2 2.1.1-1 [jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0) NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/12 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 279d1581f4..29195525b9 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -39247,7 +39247,7 @@ CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware applianc NOT-FOR-US: Rapid7 Nexpose hardware appliances CVE-2017-5242 RESERVED -CVE-2017-5241 (Biscom Secure File Transfer version 5.1.1015 (and possibly prior) is v ...) +CVE-2017-5241 (Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulne ...) NOT-FOR-US: Biscom Secure File Transfer CVE-2017-5240 (Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a h ...) NOT-FOR-US: Rapid7 AppSpider Pro diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 8efe98183f..28bbf06a07 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,4 +1,4 @@ -CVE-2019-20479 [open redirect issue exists in URLs with slash and backslash] +CVE-2019-20479 (A flaw was found in mod_auth_openidc before version 2.4.1. An open red ...) - libapache2-mod-auth-openidc 2.4.1-1 NOTE: https://github.com/zmartzone/mod_auth_openidc/commit/02431c0adfa30f478cf2eb20ed6ea51fdf446be7 NOTE: https://github.com/zmartzone/mod_auth_openidc/pull/453 @@ -1959,8 +1959,8 @@ CVE-2019-19743 (On D-Link DIR-615 devices, a normal user is able to create a roo NOT-FOR-US: D-Link CVE-2019-19742 (On D-Link DIR-615 devices, the User Account Configuration page is vuln ...) NOT-FOR-US: D-Link -CVE-2019-19741 - RESERVED +CVE-2019-19741 (Electronic Arts Origin 10.5.55.33574 is vulnerable to local privilege ...) + TODO: check CVE-2019-19740 (Octeth Oempro 4.7 and 4.8 allow SQL injection. The parameter CampaignI ...) NOT-FOR-US: Octeth Oempro CVE-2019-19739 (MFScripts YetiShare 3.5.2 through 4.5.3 does not set the Secure flag o ...) @@ -2076,8 +2076,8 @@ CVE-2019-19696 (A RootCA vulnerability found in Trend Micro Password Manager for NOT-FOR-US: Trend Micro CVE-2019-19695 (A privilege escalation vulnerability in Trend Micro Antivirus for Mac ...) NOT-FOR-US: Trend Micro -CVE-2019-19694 - RESERVED +CVE-2019-19694 (The Trend Micro Security 2019 (15.0.0.1163 and below) consumer family ...) + TODO: check CVE-2019-19693 (The Trend Micro Security 2020 consumer family of products contains a v ...) NOT-FOR-US: Trend Micro CVE-2019-19692 (Trend Micro Apex One (2019) is affected by a cross-site scripting (XSS ...) @@ -10329,18 +10329,18 @@ CVE-2019-16304 RESERVED CVE-2019-16303 (A class generated by the Generator in JHipster before 6.3.0 and JHipst ...) NOT-FOR-US: JHipster -CVE-2019-16302 - RESERVED -CVE-2019-16301 - RESERVED -CVE-2019-16300 - RESERVED -CVE-2019-16299 - RESERVED -CVE-2019-16298 - RESERVED -CVE-2019-16297 - RESERVED +CVE-2019-16302 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) + TODO: check +CVE-2019-16301 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) + TODO: check +CVE-2019-16300 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) + TODO: check +CVE-2019-16299 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) + TODO: check +CVE-2019-16298 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) + TODO: check +CVE-2019-16297 (An issue was discovered in Open Network Operating System (ONOS) 1.14. ...) + TODO: check CVE-2019-16296 RESERVED CVE-2019-16295 (Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS ...) @@ -14666,8 +14666,8 @@ CVE-2019-14697 (musl libc through 1.1.23 has an x87 floating-point stack adjustm NOTE: https://www.openwall.com/lists/oss-security/2019/08/06/1 CVE-2019-14689 RESERVED -CVE-2019-14688 - RESERVED +CVE-2019-14688 (Trend Micro has repackaged installers for several Trend Micro products ...) + TODO: check CVE-2019-14687 (A DLL hijacking vulnerability exists in Trend Micro Password Manager 5 ...) NOT-FOR-US: Trend Micro CVE-2019-14686 (A DLL hijacking vulnerability exists in the Trend Micro Security's 201 ...) @@ -24098,8 +24098,8 @@ CVE-2019-11193 (The FileManager in InfinitumIT DirectAdmin through v1.561 has XS NOT-FOR-US: DirectAdmin CVE-2019-11192 RESERVED -CVE-2019-11189 - RESERVED +CVE-2019-11189 (Authentication Bypass by Spoofing in org.onosproject.acl (access contr ...) + TODO: check CVE-2019-11191 (** DISPUTED ** The Linux kernel through 5.0.7, when CONFIG_IA32_AOUT i ...) - linux <unfixed> (unimportant) NOTE: https://www.openwall.com/lists/oss-security/2019/04/03/4 @@ -41380,8 +41380,8 @@ CVE-2019-4754 RESERVED CVE-2019-4753 RESERVED -CVE-2019-4752 - RESERVED +CVE-2019-4752 (IBM Emptoris Spend Analysis and IBM Emptoris Strategic Supply Manageme ...) + TODO: check CVE-2019-4751 RESERVED CVE-2019-4750 @@ -41718,8 +41718,8 @@ CVE-2019-4585 RESERVED CVE-2019-4584 RESERVED -CVE-2019-4583 - RESERVED +CVE-2019-4583 (IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 could allow an authen ...) + TODO: check CVE-2019-4582 RESERVED CVE-2019-4581 (IBM QRadar 7.3.0 to 7.3.2 Patch 4 is vulnerable to cross-site scriptin ...) @@ -47645,7 +47645,7 @@ CVE-2019-1952 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure NOT-FOR-US: Cisco CVE-2019-1951 (A vulnerability in the packet filtering features of Cisco SD-WAN Solut ...) NOT-FOR-US: Cisco -CVE-2019-1950 (A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers ...) +CVE-2019-1950 (A vulnerability in Cisco IOS XE SD-WAN Software could allow an unauthe ...) TODO: check CVE-2019-1949 (A vulnerability in the web-based management interface of Cisco Firepow ...) NOT-FOR-US: Cisco diff --git a/data/CVE/2020.list b/data/CVE/2020.list index b6fb860d86..f6d8b91ffc 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,43 @@ +CVE-2020-9326 + RESERVED +CVE-2020-9325 + RESERVED +CVE-2020-9324 + RESERVED +CVE-2020-9323 + RESERVED +CVE-2020-9322 + RESERVED +CVE-2020-9321 + RESERVED +CVE-2020-9320 (Avira AV Engine before 8.3.54.138 allows virus-detection bypass via a ...) + TODO: check +CVE-2020-9319 + RESERVED +CVE-2020-9318 (Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative us ...) + TODO: check +CVE-2020-9317 + RESERVED +CVE-2020-9316 + RESERVED +CVE-2020-9315 + RESERVED +CVE-2020-9314 + RESERVED +CVE-2020-9313 + RESERVED +CVE-2020-9312 + RESERVED +CVE-2020-9311 + RESERVED +CVE-2020-9310 + RESERVED +CVE-2020-9309 + RESERVED +CVE-2020-9308 (archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts ...) + TODO: check +CVE-2020-9307 + RESERVED CVE-2020-9306 RESERVED CVE-2020-9305 @@ -44,8 +84,8 @@ CVE-2020-9285 RESERVED CVE-2020-9284 RESERVED -CVE-2020-9283 - RESERVED +CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...) + TODO: check CVE-2020-9282 RESERVED CVE-2020-9281 @@ -64,10 +104,10 @@ CVE-2020-9275 RESERVED CVE-2020-9274 RESERVED -CVE-2020-9273 - RESERVED -CVE-2020-9272 - RESERVED +CVE-2020-9273 (In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interru ...) + TODO: check +CVE-2020-9272 (ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap ...) + TODO: check CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...) NOT-FOR-US: ICE Hrm CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via ...) @@ -585,8 +625,8 @@ CVE-2020-9017 RESERVED CVE-2020-9016 (Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, ...) - dolibarr <removed> -CVE-2020-9015 - RESERVED +CVE-2020-9015 (Arista DCS-7050QX-32S-R 4.20.9M, DCS-7050CX3-32S-R 4.20.11M, and DCS-7 ...) + TODO: check CVE-2020-9014 RESERVED CVE-2020-9013 (Arvato Skillpipe 3.0 allows attackers to bypass intended print restric ...) @@ -609,8 +649,8 @@ CVE-2020-9005 (meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote a NOT-FOR-US: Dota 2 CVE-2020-9004 RESERVED -CVE-2020-9003 - RESERVED +CVE-2020-9003 (A stored XSS vulnerability exists in the Modula Image Gallery plugin b ...) + TODO: check CVE-2020-9002 RESERVED CVE-2020-9001 @@ -640,8 +680,8 @@ CVE-2020-8991 (vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanag [jessie] - lvm2 <no-dsa> (Minor issue) NOTE: https://sourceware.org/git/?p=lvm2.git;a=commit;h=bcf9556b8fcd16ad8997f80cc92785f295c66701 NOTE: 2.03.00 upstream removed lvmetad (and the still vulnerable code) -CVE-2020-8990 - RESERVED +CVE-2020-8990 (Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow ...) + TODO: check CVE-2020-8989 (In the Voatz application 2020-01-01 for Android, the amount of data tr ...) NOT-FOR-US: Voatz application for Android CVE-2020-8988 (The Voatz application 2020-01-01 for Android allows only 100 million d ...) @@ -700,8 +740,8 @@ CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REV NOT-FOR-US: D-Link CVE-2020-8961 RESERVED -CVE-2020-8960 - RESERVED +CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...) + TODO: check CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...) NOT-FOR-US: Western Digital CVE-2020-8958 @@ -1444,8 +1484,8 @@ CVE-2020-8603 RESERVED CVE-2020-8602 RESERVED -CVE-2020-8601 - RESERVED +CVE-2020-8601 (Trend Micro Vulnerability Protection 2.0 is affected by a vulnerabilit ...) + TODO: check CVE-2020-8600 RESERVED CVE-2020-8599 @@ -1461,7 +1501,7 @@ CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9.5.5 ...) NOT-FOR-US: Participants Database plugin for WordPress -CVE-2020-8595 (Istio 1.3 through 1.4.3 allows authentication bypass. The Authenticati ...) +CVE-2020-8595 (Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and ...) NOT-FOR-US: itsio CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...) NOT-FOR-US: Ninja Forms plugin for WordPress @@ -1856,7 +1896,7 @@ CVE-2020-8418 RESERVED CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) NOT-FOR-US: Code Snippets plugin for WordPress -CVE-2020-8416 (BearFTP before 0.2.0 allows remote attackers to achieve denial of serv ...) +CVE-2020-8416 (IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial ...) NOT-FOR-US: BearFTP CVE-2020-8415 RESERVED @@ -4879,8 +4919,8 @@ CVE-2020-6979 RESERVED CVE-2020-6978 RESERVED -CVE-2020-6977 - RESERVED +CVE-2020-6977 (A restricted desktop environment escape vulnerability exists in the Ki ...) + TODO: check CVE-2020-6976 RESERVED CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) @@ -4897,8 +4937,8 @@ CVE-2020-6970 (A Heap-based Buffer Overflow was found in Emerson OpenEnterprise NOT-FOR-US: Emerson OpenEnterprise SCADA Server CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...) NOT-FOR-US: AutomationDirect -CVE-2020-6968 - RESERVED +CVE-2020-6968 (Honeywell INNCOM INNControl 3 allows workstation users to escalate app ...) + TODO: check CVE-2020-6967 RESERVED CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) @@ -8520,10 +8560,10 @@ CVE-2020-5245 RESERVED CVE-2020-5244 RESERVED -CVE-2020-5243 - RESERVED -CVE-2020-5242 - RESERVED +CVE-2020-5243 (uap-core before 0.7.3 is vulnerable to a denial of service attack when ...) + TODO: check +CVE-2020-5242 (openHAB before 2.5.2 allow a remote attacker to use REST calls to inst ...) + TODO: check CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...) NOT-FOR-US: matestack-ui-core Ruby gem CVE-2020-5240 @@ -11555,10 +11595,10 @@ CVE-2020-3767 RESERVED CVE-2020-3766 RESERVED -CVE-2020-3765 - RESERVED -CVE-2020-3764 - RESERVED +CVE-2020-3765 (Adobe After Effects versions 16.1.2 and earlier have an out-of-bounds ...) + TODO: check +CVE-2020-3764 (Adobe Media Encoder versions 14.0 and earlier have an out-of-bounds wr ...) + TODO: check CVE-2020-3763 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2020-3762 (Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011 ...) |