diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-03-13 20:10:28 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-03-13 20:10:28 +0000 |
| commit | 6936e9aecacceb16d99158067b084b530ab9316f (patch) | |
| tree | 8215311aed01c1c94dea247a2ce584bc52683da5 | |
| parent | d7a31fe8f751158de7d5fdfa4e03ef3d47706ca2 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/2009.list | 2 | ||||
| -rw-r--r-- | data/CVE/2019.list | 144 | ||||
| -rw-r--r-- | data/CVE/2020.list | 131 |
3 files changed, 155 insertions, 122 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 16452a558e..5d5bf85cf2 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1,3 +1,5 @@ +CVE-2009-5159 (Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Int ...) + TODO: check CVE-2009-5158 (The google-analyticator plugin before 5.2.1 for WordPress has insuffic ...) NOT-FOR-US: google-analyticator plugin for WordPress CVE-2009-5157 (On Linksys WAG54G2 1.00.10 devices, there is authenticated command inj ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 822b7b08f4..b12f74d896 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1900,8 +1900,8 @@ CVE-2019-19801 (In Gallagher Command Centre Server versions of v8.10 prior to v8 NOT-FOR-US: Gallagher Command Centre Server CVE-2019-19800 (Zoho ManageEngine Applications Manager 14 before 14520 allows a remote ...) NOT-FOR-US: Zoho ManageEngine Applications Manager -CVE-2019-19799 - RESERVED +CVE-2019-19799 (Zoho ManageEngine Applications Manager 14590 and before allows a remot ...) + TODO: check CVE-2019-19798 RESERVED CVE-2019-19797 (read_colordef in read.c in Xfig fig2dev 3.2.7b has an out-of-bounds wr ...) @@ -2037,8 +2037,8 @@ CVE-2019-19758 (A vulnerability in the web interface of Lenovo EZ Media & Ba NOT-FOR-US: Lenovo CVE-2019-19757 (An internal product security audit of Lenovo XClarity Administrator (L ...) NOT-FOR-US: Lenovo -CVE-2019-19756 - RESERVED +CVE-2019-19756 (An internal product security audit of Lenovo XClarity Administrator (L ...) + TODO: check CVE-2019-19755 RESERVED CVE-2019-19754 @@ -2405,8 +2405,8 @@ CVE-2019-19613 RESERVED CVE-2019-19612 RESERVED -CVE-2019-19611 - RESERVED +CVE-2019-19611 (An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the ...) + TODO: check CVE-2019-19610 RESERVED CVE-2019-19609 (The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Co ...) @@ -10893,8 +10893,8 @@ CVE-2019-16159 (BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through NOTE: https://gitlab.labs.nic.cz/labs/bird/commit/8388f5a7e14108a1458fea35bfbb5a453e2c563c (2.0.x) CVE-2019-16158 RESERVED -CVE-2019-16157 - RESERVED +CVE-2019-16157 (An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI a ...) + TODO: check CVE-2019-16156 (An Improper Neutralization of Input vulnerability in the Anomaly Detec ...) TODO: check CVE-2019-16155 (A privilege escalation vulnerability in FortiClient for Linux 6.2.1 an ...) @@ -15829,10 +15829,10 @@ CVE-2019-14312 (Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion NOT-FOR-US: Aptana Jaxer CVE-2019-14311 RESERVED -CVE-2019-14310 - RESERVED -CVE-2019-14309 - RESERVED +CVE-2019-14310 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 2 of 3). U ...) + TODO: check +CVE-2019-14309 (Ricoh SP C250DN 1.05 devices have a fixed password. FTP service creden ...) + TODO: check CVE-2019-14308 (Several Ricoh printers have multiple buffer overflows parsing LPD pack ...) NOT-FOR-US: Ricoh CVE-2019-14307 (Several Ricoh printers have multiple buffer overflows parsing HTTP par ...) @@ -15843,16 +15843,16 @@ CVE-2019-14305 (Several Ricoh printers have multiple buffer overflows parsing HT NOT-FOR-US: Ricoh CVE-2019-14304 (Ricoh SP C250DN 1.06 devices allow CSRF. ...) NOT-FOR-US: Ricoh SP C250DN 1.06 devices -CVE-2019-14303 - RESERVED +CVE-2019-14303 (Ricoh SP C250DN 1.05 devices allow denial of service (issue 1 of 3). S ...) + TODO: check CVE-2019-14302 (On Ricoh SP C250DN 1.06 devices, a debug port can be used. ...) NOT-FOR-US: Ricoh SP C250DN 1.06 devices CVE-2019-14301 (Ricoh SP C250DN 1.06 devices have Incorrect Access Control (issue 1 of ...) NOT-FOR-US: Ricoh SP C250DN 1.06 devices CVE-2019-14300 (Several Ricoh printers have multiple buffer overflows parsing HTTP coo ...) NOT-FOR-US: Ricoh -CVE-2019-14299 - RESERVED +CVE-2019-14299 (Ricoh SP C250DN 1.05 devices have an Authentication Method Vulnerable ...) + TODO: check CVE-2019-14298 (Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(con ...) NOT-FOR-US: Veeam ONE Reporter CVE-2019-14297 (Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with ...) @@ -18255,12 +18255,12 @@ CVE-2019-13397 (Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote at NOT-FOR-US: osTicket CVE-2019-13396 (FlightPath 4.x and 5.0-x allows directory traversal and Local File Inc ...) NOT-FOR-US: FlightPath -CVE-2019-13395 - RESERVED -CVE-2019-13394 - RESERVED -CVE-2019-13393 - RESERVED +CVE-2019-13395 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 allows CSRF a ...) + TODO: check +CVE-2019-13394 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses HTTP Bas ...) + TODO: check +CVE-2019-13393 (The Voo branded NETGEAR CG3700b custom firmware V2.02.03 uses the same ...) + TODO: check CVE-2019-13392 (A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette Na ...) NOT-FOR-US: MindPalette NateMail CVE-2019-13391 (In ImageMagick 7.0.8-50 Q16, ComplexImages in MagickCore/fourier.c has ...) @@ -18804,36 +18804,36 @@ CVE-2019-13207 (nsd-checkzone in NLnet Labs NSD 4.2.0 has a Stack-based Buffer O - nsd3 <removed> NOTE: https://github.com/NLnetLabs/nsd/issues/20 NOTE: https://github.com/NLnetLabs/nsd/commit/91102da24d5949ccfec8fdab5bae2d01c4cabab5 -CVE-2019-13206 - RESERVED -CVE-2019-13205 - RESERVED -CVE-2019-13204 - RESERVED -CVE-2019-13203 - RESERVED -CVE-2019-13202 - RESERVED -CVE-2019-13201 - RESERVED -CVE-2019-13200 - RESERVED -CVE-2019-13199 - RESERVED -CVE-2019-13198 - RESERVED -CVE-2019-13197 - RESERVED -CVE-2019-13196 - RESERVED -CVE-2019-13195 - RESERVED -CVE-2019-13194 - RESERVED -CVE-2019-13193 - RESERVED -CVE-2019-13192 - RESERVED +CVE-2019-13206 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13205 (All configuration parameters of certain Kyocera printers (such as the ...) + TODO: check +CVE-2019-13204 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13203 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13202 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13201 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13200 (The web application of several Kyocera printers (such as the ECOSYS M5 ...) + TODO: check +CVE-2019-13199 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) d ...) + TODO: check +CVE-2019-13198 (The web application of several Kyocera printers (such as the ECOSYS M5 ...) + TODO: check +CVE-2019-13197 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13196 (Some Kyocera printers (such as the ECOSYS M5526cdw 2R7_2000.001.701) w ...) + TODO: check +CVE-2019-13195 (The web application of some Kyocera printers (such as the ECOSYS M5526 ...) + TODO: check +CVE-2019-13194 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...) + TODO: check +CVE-2019-13193 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...) + TODO: check +CVE-2019-13192 (Some Brother printers (such as the HL-L8360CDW v1.20) were affected by ...) + TODO: check CVE-2019-13191 (A SQL injection vulnerability in IntraMaps MapControl 8 allows attacke ...) NOT-FOR-US: IntraMaps MapControl CVE-2019-13190 (In Knowage through 6.1.1, the sign up page does not invalidate a valid ...) @@ -18890,22 +18890,22 @@ CVE-2019-13173 (fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. [jessie] - node-fstream <end-of-life> (Nodejs in jessie not covered by security support) NOTE: https://www.npmjs.com/advisories/886 NOTE: https://github.com/npm/fstream/commit/6a77d2fa6e1462693cf8e46f930da96ec1b0bb22 -CVE-2019-13172 - RESERVED -CVE-2019-13171 - RESERVED -CVE-2019-13170 - RESERVED -CVE-2019-13169 - RESERVED -CVE-2019-13168 - RESERVED -CVE-2019-13167 - RESERVED -CVE-2019-13166 - RESERVED -CVE-2019-13165 - RESERVED +CVE-2019-13172 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) + TODO: check +CVE-2019-13171 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) + TODO: check +CVE-2019-13170 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not i ...) + TODO: check +CVE-2019-13169 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) + TODO: check +CVE-2019-13168 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) + TODO: check +CVE-2019-13167 (Multiple Stored XSS vulnerabilities were found in the Xerox Web Applic ...) + TODO: check +CVE-2019-13166 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) did not i ...) + TODO: check +CVE-2019-13165 (Some Xerox printers (such as the Phaser 3320 V53.006.16.000) were affe ...) + TODO: check CVE-2019-13164 (qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network inte ...) {DSA-4512-1 DSA-4506-1 DLA-1927-1} - qemu 1:4.1-1 (bug #931351) @@ -21560,8 +21560,8 @@ CVE-2019-12184 (There is XSS in browser/components/MarkdownPreview.js in BoostIO NOT-FOR-US: Boostnote CVE-2019-12183 (Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 serie ...) NOT-FOR-US: Safescan Timemoto -CVE-2019-12182 - RESERVED +CVE-2019-12182 (Directory Traversal in Safescan Timemoto and TA-8000 series version 1. ...) + TODO: check CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...) NOT-FOR-US: SolarWinds CVE-2019-12180 (An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 ...) @@ -37010,8 +37010,8 @@ CVE-2019-6701 RESERVED CVE-2019-6700 (An information exposure vulnerability in the external authentication p ...) NOT-FOR-US: FortiSIEM (Fortiguard) -CVE-2019-6699 - RESERVED +CVE-2019-6699 (An improper neutralization of input vulnerability in Fortinet FortiADC ...) + TODO: check CVE-2019-6698 (Use of Hard-coded Credentials vulnerability in FortiRecorder all versi ...) NOT-FOR-US: Fortinet CVE-2019-6697 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 9fca4cd066..eb44f7aa03 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,33 @@ +CVE-2020-10558 + RESERVED +CVE-2020-10557 + RESERVED +CVE-2020-10556 + RESERVED +CVE-2020-10555 + RESERVED +CVE-2020-10554 + RESERVED +CVE-2020-10553 + RESERVED +CVE-2020-10552 + RESERVED +CVE-2020-10551 + RESERVED +CVE-2020-10550 + RESERVED +CVE-2020-10549 + RESERVED +CVE-2020-10548 + RESERVED +CVE-2020-10547 + RESERVED +CVE-2020-10546 + RESERVED +CVE-2020-10545 + RESERVED +CVE-2020-10544 (An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFac ...) + TODO: check CVE-2020-10543 RESERVED CVE-2020-10542 @@ -666,8 +696,8 @@ CVE-2020-10220 (An issue was discovered in rConfig through 3.9.4. The web interf NOT-FOR-US: rConfig CVE-2020-10219 RESERVED -CVE-2020-10218 - RESERVED +CVE-2020-10218 (A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 ...) + TODO: check CVE-2020-10217 RESERVED CVE-2020-10216 (An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They all ...) @@ -710,10 +740,10 @@ CVE-2020-10198 RESERVED CVE-2020-10197 RESERVED -CVE-2020-10196 - RESERVED -CVE-2020-10195 - RESERVED +CVE-2020-10196 (An XSS vulnerability in the popup-builder plugin before 3.64.1 for Wor ...) + TODO: check +CVE-2020-10195 (The popup-builder plugin before 3.64.1 for WordPress allows informatio ...) + TODO: check CVE-2020-10194 RESERVED CVE-2020-10193 (ESET Archive Support Module before 1294 allows virus-detection bypass ...) @@ -932,46 +962,46 @@ CVE-2020-10094 RESERVED CVE-2020-10093 RESERVED -CVE-2020-10092 - RESERVED -CVE-2020-10091 - RESERVED -CVE-2020-10090 - RESERVED -CVE-2020-10089 - RESERVED -CVE-2020-10088 - RESERVED -CVE-2020-10087 - RESERVED -CVE-2020-10086 - RESERVED -CVE-2020-10085 - RESERVED -CVE-2020-10084 - RESERVED -CVE-2020-10083 - RESERVED -CVE-2020-10082 - RESERVED -CVE-2020-10081 - RESERVED -CVE-2020-10080 - RESERVED -CVE-2020-10079 - RESERVED -CVE-2020-10078 - RESERVED -CVE-2020-10077 - RESERVED -CVE-2020-10076 - RESERVED -CVE-2020-10075 - RESERVED -CVE-2020-10074 - RESERVED -CVE-2020-10073 - RESERVED +CVE-2020-10092 (GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerab ...) + TODO: check +CVE-2020-10091 (GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerabi ...) + TODO: check +CVE-2020-10090 (GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certai ...) + TODO: check +CVE-2020-10089 (GitLab 8.11 through 12.8.1 allows a Denial of Service when using sever ...) + TODO: check +CVE-2020-10088 (GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on part ...) + TODO: check +CVE-2020-10087 (GitLab before 12.8.2 allows Information Disclosure. Badge images were ...) + TODO: check +CVE-2020-10086 (GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular en ...) + TODO: check +CVE-2020-10085 (GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particul ...) + TODO: check +CVE-2020-10084 (GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a ...) + TODO: check +CVE-2020-10083 (GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain con ...) + TODO: check +CVE-2020-10082 (GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of servi ...) + TODO: check +CVE-2020-10081 (GitLab before 12.8.2 has Incorrect Access Control. It was internally d ...) + TODO: check +CVE-2020-10080 (GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possib ...) + TODO: check +CVE-2020-10079 (GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain ...) + TODO: check +CVE-2020-10078 (GitLab 12.1 through 12.8.1 allows XSS. The merge request submission fo ...) + TODO: check +CVE-2020-10077 (GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation re ...) + TODO: check +CVE-2020-10076 (GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting v ...) + TODO: check +CVE-2020-10075 (GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error h ...) + TODO: check +CVE-2020-10074 (GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario wa ...) + TODO: check +CVE-2020-10073 (GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was inter ...) + TODO: check CVE-2020-10072 RESERVED CVE-2020-10071 @@ -4079,6 +4109,7 @@ CVE-2020-8610 CVE-2020-8609 RESERVED CVE-2020-8608 (In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf ...) + {DLA-2142-1} - libslirp <unfixed> - qemu 1:4.1-2 [buster] - qemu <postponed> (Minor issue) @@ -4168,8 +4199,8 @@ CVE-2020-8573 RESERVED CVE-2020-8572 RESERVED -CVE-2020-8571 - RESERVED +CVE-2020-8571 (StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11 ...) + TODO: check CVE-2020-8570 RESERVED CVE-2020-8569 @@ -18083,8 +18114,8 @@ CVE-2020-1955 RESERVED CVE-2020-1954 RESERVED -CVE-2020-1953 - RESERVED +CVE-2020-1953 (Apache Commons Configuration uses a third-party library to parse YAML ...) + TODO: check CVE-2020-1952 RESERVED CVE-2020-1951 |