diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-15 20:10:24 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-15 20:10:24 +0000 |
commit | 0ae319c7d09410e8d3f57add9846971721ff1ebc (patch) | |
tree | 1e0b2e92e81d08b0147f6895e0df51ef17a8160d /data/CVE | |
parent | af8789cb4e95425b1dda4c4f31cc2d337c36d9c4 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2005.list | 4 | ||||
-rw-r--r-- | data/CVE/2007.list | 8 | ||||
-rw-r--r-- | data/CVE/2009.list | 4 | ||||
-rw-r--r-- | data/CVE/2011.list | 6 | ||||
-rw-r--r-- | data/CVE/2012.list | 25 | ||||
-rw-r--r-- | data/CVE/2014.list | 4 | ||||
-rw-r--r-- | data/CVE/2015.list | 51 | ||||
-rw-r--r-- | data/CVE/2017.list | 4 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 45 | ||||
-rw-r--r-- | data/CVE/2020.list | 940 |
11 files changed, 563 insertions, 532 deletions
diff --git a/data/CVE/2005.list b/data/CVE/2005.list index a17035d769..7938fd533c 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -22,8 +22,8 @@ CVE-2005-4893 RESERVED CVE-2005-4892 RESERVED -CVE-2005-4891 - RESERVED +CVE-2005-4891 (Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL inje ...) + TODO: check CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo ...) - shadow 1:4.1.5-1 (low; bug #628843) [squeeze] - shadow <no-dsa> (Minor issue) diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 2789c3bf94..6bd4b08fb5 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -4741,10 +4741,10 @@ CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edit NOT-FOR-US: Microsoft Visual Basic CVE-2007-4775 RESERVED -CVE-2007-4774 - RESERVED -CVE-2007-4773 - RESERVED +CVE-2007-4774 (The Linux kernel before 2.4.36-rc1 has a race condition. It was possib ...) + TODO: check +CVE-2007-4773 (Systrace before 1.6.0 has insufficient escape policy enforcement. ...) + TODO: check CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in Postgre ...) {DSA-1463-1 DSA-1460-1} - postgresql-8.2 8.2.6-1 diff --git a/data/CVE/2009.list b/data/CVE/2009.list index aae1f43f58..4d80c5a72d 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -10765,8 +10765,8 @@ CVE-2009-1122 (The WebDAV extension in Microsoft Internet Information Services ( NOT-FOR-US: Microsoft CVE-2009-1121 RESERVED -CVE-2009-1120 - RESERVED +CVE-2009-1120 (EMC RepliStor Server Service before ESA-09-003 has a DoASOCommand Remo ...) + TODO: check CVE-2009-1119 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 a ...) NOT-FOR-US: EMC RepliStor CVE-2009-1118 diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 9e40545852..8214c62af3 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -992,8 +992,7 @@ CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! be CVE-2011-4908 RESERVED NOT-FOR-US: Joomla! -CVE-2011-4907 - RESERVED +CVE-2011-4907 (Joomla! 1.5x through 1.5.12: Missing JEXEC Check ...) NOT-FOR-US: Joomla! CVE-2011-4906 RESERVED @@ -2312,8 +2311,7 @@ CVE-2011-4338 NOT-FOR-US: Arch-Linux specific tool CVE-2011-4337 (Static code injection vulnerability in translate.php in Support Incide ...) NOT-FOR-US: Support Incident Tracker -CVE-2011-4336 - RESERVED +CVE-2011-4336 (Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to sn ...) NOT-FOR-US: Tiki Wiki CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao before 2 ...) NOT-FOR-US: Contao diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 0d6e370efe..9d2d2e9617 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -12761,11 +12761,9 @@ CVE-2012-1565 (Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5 NOT-FOR-US: eZ Publish CVE-2012-1564 (Cross-site scripting (XSS) vulnerability in administration/create_albu ...) NOT-FOR-US: YVS -CVE-2012-1563 - RESERVED +CVE-2012-1563 (Joomla! before 2.5.3 allows Admin Account Creation. ...) NOT-FOR-US: Joomla! -CVE-2012-1562 - RESERVED +CVE-2012-1562 (Joomla! core before 2.5.3 allows unauthorized password change. ...) NOT-FOR-US: Joomla! CVE-2012-1561 (Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x ...) NOT-FOR-US: Drupal Finder @@ -13259,8 +13257,8 @@ CVE-2012-1328 (Cisco Unified IP Phones 9900 series devices with firmware 9.1 and NOT-FOR-US: Cisco IP Phone CVE-2012-1327 (dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 al ...) NOT-FOR-US: Cisco IOS -CVE-2012-1326 - RESERVED +CVE-2012-1326 (Cisco IronPort Web Security Appliance up to and including 7.5 does not ...) + TODO: check CVE-2012-1325 RESERVED CVE-2012-1324 (Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, ...) @@ -13279,8 +13277,8 @@ CVE-2012-1318 RESERVED CVE-2012-1317 (The multicast implementation in Cisco IOS before 15.1(1)SY allows remo ...) NOT-FOR-US: Cisco IOS -CVE-2012-1316 - RESERVED +CVE-2012-1316 (Cisco IronPort Web Security Appliance does not check for certificate r ...) + TODO: check CVE-2012-1315 (Memory leak in the SIP inspection feature in the Zone-Based Firewall i ...) NOT-FOR-US: Cisco IOS CVE-2012-1314 (The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote atta ...) @@ -14179,8 +14177,8 @@ CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in th CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access arbi ...) - nvidia-graphics-drivers 295.40-1 [squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1 -CVE-2012-0945 - RESERVED +CVE-2012-0945 (whoopsie-daisy before 0.1.26: Root user can remove arbitrary files ...) + TODO: check CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does ...) - aptdaemon 0.43+bzr790-1 [squeeze] - aptdaemon <not-affected> (Vulnerable code not present) @@ -15751,8 +15749,8 @@ CVE-2012-0336 RESERVED CVE-2012-0335 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with soft ...) NOT-FOR-US: Cisco -CVE-2012-0334 - RESERVED +CVE-2012-0334 (Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 ha ...) + TODO: check CVE-2012-0333 (Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and ...) NOT-FOR-US: Cisco CVE-2012-0332 @@ -16346,8 +16344,7 @@ CVE-2012-0785 [Jenkins and hash collision attack] - jenkins-winstone 0.9.10-jenkins-31+dfsg-1 (bug #655553) - jenkins-executable-war 1.25-1 (bug #655554) - jenkins 1.409.3+dfsg-2 -CVE-2012-0070 - RESERVED +CVE-2012-0070 (spamdyke prior to 4.2.1: STARTTLS reveals plaintext ...) NOT-FOR-US: spamdyke not in Debian CVE-2012-0069 (SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows ...) NOT-FOR-US: batavi not in Debian diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 4df3e24c09..2ca8a80c42 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -10685,8 +10685,8 @@ CVE-2014-6450 (Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 1 NOT-FOR-US: Juniper Junos OS CVE-2014-6449 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, 12.1X ...) NOT-FOR-US: Juniper Junos OS -CVE-2014-6448 - RESERVED +CVE-2014-6448 (Juniper Junos OS 13.2 before 13.2R5, 13.2X51, 13.2X52, and 13.3 before ...) + TODO: check CVE-2014-6447 RESERVED CVE-2014-6446 (The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for WordPre ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 3d5dea1c93..a9a2ee8d46 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -3112,8 +3112,8 @@ CVE-2015-8550 (Xen, when used on a system providing PV backends, allows local gu NOTE: https://git.kernel.org/linus/18779149101c0dd43ded43669ae2a92d21b6f9cb NOTE: https://git.kernel.org/linus/be69746ec12f35b484707da505c6c76ff06f97dc NOTE: https://git.kernel.org/linus/8135cf8b092723dbfcc611fe6fdcb3a36c9951c5 -CVE-2015-8549 - RESERVED +CVE-2015-8549 (XML external entity (XXE) vulnerability in PyAMF before 0.8.0 allows r ...) + TODO: check CVE-2015-8569 (The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pp ...) {DSA-3434-1} - linux 4.3.3-3 @@ -5151,8 +5151,8 @@ CVE-2015-7876 (The escapeLike function in sqlsrv/database.inc in the Drupal 7 dr NOT-FOR-US: Driver for SQL Server and SQL Azure module for Drupal CVE-2015-7875 (ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal do ...) NOT-FOR-US: Ctools module for Drupal -CVE-2015-7874 - RESERVED +CVE-2015-7874 (Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and ear ...) + TODO: check CVE-2015-7873 (The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 ...) {DSA-3382-1} - phpmyadmin 4:4.5.1-1 (low) @@ -6154,8 +6154,8 @@ CVE-2015-7557 (The _rsvg_node_poly_build_path function in rsvg-shapes.c in librs [wheezy] - librsvg 2.36.1-2+deb7u1 NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=738050 (not public accessible) NOTE: https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df (2.40.7) -CVE-2015-7556 - RESERVED +CVE-2015-7556 (DeleGate 9.9.13 allows local users to gain privileges as demonstrated ...) + TODO: check CVE-2015-7555 (Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 allow ...) {DLA-389-1} - giflib 5.1.2-0.1 (bug #808704) @@ -8772,8 +8772,8 @@ CVE-2015-6594 RESERVED CVE-2015-6592 (Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require auth ...) NOT-FOR-US: Huawei -CVE-2015-6591 - RESERVED +CVE-2015-6591 (Directory traversal vulnerability in application/templates/amelia/load ...) + TODO: check CVE-2015-6590 RESERVED CVE-2015-6589 @@ -9041,8 +9041,8 @@ CVE-2015-6499 RESERVED CVE-2015-6498 (Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 a ...) NOT-FOR-US: Alcatel-Lucent Home Device Manager -CVE-2015-6497 - RESERVED +CVE-2015-6497 (The create function in app/code/core/Mage/Catalog/Model/Product/Api/V2 ...) + TODO: check CVE-2015-6495 (There is Sensitive Information in Cloudera Manager before 5.4.6 Diagno ...) NOT-FOR-US: Cloudera CVE-2015-6494 (Cross-site scripting (XSS) vulnerability in Infinite Automation Mango ...) @@ -10287,8 +10287,8 @@ CVE-2015-5953 (Cross-site scripting (XSS) vulnerability in the activity applicat {DSA-3373-1} - owncloud 7.0.6+dfsg-1 NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-010 -CVE-2015-5952 - RESERVED +CVE-2015-5952 (Directory traversal vulnerability in Thomson Reuters for FATCA before ...) + TODO: check CVE-2015-5951 (A file upload issue exists in the specid parameter in Thomson Reuters ...) NOT-FOR-US: Thomson Reuters FATCH CVE-2015-5950 (The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on ...) @@ -11574,8 +11574,8 @@ CVE-2015-5486 RESERVED CVE-2015-5485 (Cross-site scripting (XSS) vulnerability in the Event Import page (imp ...) NOT-FOR-US: Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin for WordPress -CVE-2015-5484 - RESERVED +CVE-2015-5484 (Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1 ...) + TODO: check CVE-2015-5483 RESERVED CVE-2015-5482 (Directory traversal vulnerability in the GD bbPress Attachments plugin ...) @@ -11620,8 +11620,8 @@ CVE-2015-5468 (Directory traversal vulnerability in the WP e-Commerce Shop Styli NOT-FOR-US: Commerce Shop Styling plugin for WordPress CVE-2015-5467 RESERVED -CVE-2015-5466 - RESERVED +CVE-2015-5466 (Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA ...) + TODO: check CVE-2015-5465 (Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver M ...) NOT-FOR-US: Silicon Integrated Systems CVE-2015-5464 (The Gemalto SafeNet Luna HSM allows remote authenticated users to bypa ...) @@ -12420,8 +12420,7 @@ CVE-2015-5232 (Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before 1 CVE-2015-5231 (The service daemon in CRIU does not properly restrict access to non-du ...) - criu 1.8-2 (bug #797110) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1256728 -CVE-2015-5230 - RESERVED +CVE-2015-5230 (The DNS packet parsing/generation code in PowerDNS (aka pdns) Authorit ...) {DSA-3347-1} - pdns 3.4.6-1 [wheezy] - pdns <not-affected> (Only affects 3.4.0-3.4.5) @@ -12913,10 +12912,10 @@ CVE-2015-5075 (Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM NOT-FOR-US: X2Engine CVE-2015-5074 (Incomplete blacklist vulnerability in the FileUploadsFilter class in p ...) NOT-FOR-US: X2Engine -CVE-2015-5072 - RESERVED -CVE-2015-5071 - RESERVED +CVE-2015-5072 (The BIRT Engine servlet in the AR System Mid Tier component before 9.0 ...) + TODO: check +CVE-2015-5071 (AR System Mid Tier in the AR System Mid Tier component before 9.0 SP1 ...) + TODO: check CVE-2015-5146 (ntpd in ntp before 4.2.8p3 with remote configuration enabled allows re ...) {DSA-3388-1 DLA-335-1} - ntp 1:4.2.8p3+dfsg-1 @@ -21992,7 +21991,7 @@ CVE-2015-1851 (OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1231817 NOTE: https://bugs.launchpad.net/cinder/+bug/1415087 CVE-2015-1850 [Host file disclosure through qcow2 backing file] - RESERVED + REJECTED - nova <unfixed> (unimportant) NOTE: http://www.openwall.com/lists/oss-security/2015/06/13/1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1231816 @@ -22114,15 +22113,13 @@ CVE-2015-1813 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 CVE-2015-1812 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and L ...) - jenkins <removed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23 -CVE-2015-1811 [External entity processing in XML can reveal sensitive local files (SECURITY-167)] - RESERVED +CVE-2015-1811 (XML external entity (XXE) vulnerability in CloudBees Jenkins before 1. ...) - jenkins <removed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 CVE-2015-1810 (The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS b ...) - jenkins <removed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 -CVE-2015-1809 [external entity injection via XPath (SECURITY-165)] - RESERVED +CVE-2015-1809 (XML external entity (XXE) vulnerability in CloudBees Jenkins before 1. ...) - jenkins <removed> (bug #781223) NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27 CVE-2015-1808 (Jenkins before 1.600 and LTS before 1.596.1 allows remote authenticate ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 22762bf867..aa124f2e4d 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -44180,8 +44180,8 @@ CVE-2017-3213 (The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not v NOT-FOR-US: Think Mutual Bank Mobile Banking app CVE-2017-3212 (The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for ...) NOT-FOR-US: Space Coast Credit Union Mobile app -CVE-2017-3211 - RESERVED +CVE-2017-3211 (Yopify, an e-commerce notification plugin, up to April 06, 2017, leaks ...) + TODO: check CVE-2017-3210 (Applications developed using the Portrait Display SDK, versions 2.30 t ...) NOT-FOR-US: Portrait Display SDK CVE-2017-3209 (The DBPOWER U818A WIFI quadcopter drone provides FTP access over its o ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index d426fb741a..72bc8c3446 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -6355,7 +6355,7 @@ CVE-2018-18813 (The Spotfire web server component of TIBCO Software Inc.'s TIBCO CVE-2018-18812 (The Spotfire Library component of TIBCO Software Inc.'s TIBCO Spotfire ...) NOT-FOR-US: TIBCO CVE-2018-18811 - RESERVED + REJECTED CVE-2018-18810 (The Administrator Service component of TIBCO Software Inc.'s TIBCO Man ...) NOT-FOR-US: TIBCO CVE-2018-18809 (The default server implementation of TIBCO Software Inc.'s TIBCO Jaspe ...) @@ -22814,7 +22814,7 @@ CVE-2018-12419 CVE-2018-12418 (Archive.java in Junrar before 1.0.1, as used in Apache Tika and other ...) NOT-FOR-US: Junrar CVE-2018-12417 - RESERVED + REJECTED CVE-2018-12416 (The GridServer Broker and GridServer Director components of TIBCO Soft ...) NOT-FOR-US: TIBCO CVE-2018-12415 (The Central Administration server (emsca) component of TIBCO Software ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 768ab5e6a0..54f37990fe 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -4947,7 +4947,7 @@ CVE-2019-18414 (Sourcecodester Restaurant Management System 1.0 is affected by a CVE-2019-18413 (In TypeStack class-validator 0.10.2, validate() input validation can b ...) NOT-FOR-US: TypeStack class-validator CVE-2019-18412 - RESERVED + REJECTED CVE-2019-18411 (Zoho ManageEngine ADSelfService Plus 5.x through 5803 has CSRF on the ...) NOT-FOR-US: Zoho ManageEngine CVE-2019-18410 @@ -5276,16 +5276,16 @@ CVE-2019-18276 (An issue was discovered in disable_priv_mode in shell.c in GNU B NOTE: https://git.savannah.gnu.org/cgit/bash.git/commit/?h=devel&id=951bdaad7a18cc0dc1036bba86b18b90874d39ff NOTE: https://savannah.gnu.org/patch/?9822 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1158028 -CVE-2019-18275 - RESERVED +CVE-2019-18275 (OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affect ...) + TODO: check CVE-2019-18274 RESERVED -CVE-2019-18273 - RESERVED +CVE-2019-18273 (OSIsoft PI Vision, PI Vision 2017 R2 and PI Vision 2017 R2 SP1. The af ...) + TODO: check CVE-2019-18272 RESERVED -CVE-2019-18271 - RESERVED +CVE-2019-18271 (OSIsoft PI Vision, All versions of PI Vision prior to 2019. The affect ...) + TODO: check CVE-2019-18270 RESERVED CVE-2019-18269 (In Omron PLC CJ series, all versions, and Omron PLC CS series, all ver ...) @@ -5338,8 +5338,8 @@ CVE-2019-18246 RESERVED CVE-2019-18245 (Reliable Controls LicenseManager versions 3.4 and prior may allow an a ...) NOT-FOR-US: Reliable Controls LicenseManager -CVE-2019-18244 - RESERVED +CVE-2019-18244 (OSIsoft PI Vision, PI Vision 2017 R2, PI Vision 2017 R2 SP1, PI Vision ...) + TODO: check CVE-2019-18243 RESERVED CVE-2019-18242 @@ -9443,14 +9443,14 @@ CVE-2019-16471 RESERVED CVE-2019-16470 RESERVED -CVE-2019-16469 - RESERVED -CVE-2019-16468 - RESERVED -CVE-2019-16467 - RESERVED -CVE-2019-16466 - RESERVED +CVE-2019-16469 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...) + TODO: check +CVE-2019-16468 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...) + TODO: check +CVE-2019-16467 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...) + TODO: check +CVE-2019-16466 (Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 hav ...) + TODO: check CVE-2019-16465 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) NOT-FOR-US: Adobe CVE-2019-16464 (Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.0 ...) @@ -10678,8 +10678,7 @@ CVE-2019-15963 RESERVED CVE-2019-15962 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...) NOT-FOR-US: Cisco -CVE-2019-15961 - RESERVED +CVE-2019-15961 (A vulnerability in the email parsing module Clam AntiVirus (ClamAV) So ...) - clamav 0.102.1+dfsg-1 (bug #945265) [buster] - clamav <no-dsa> (ClamAV is updated via -updates) [stretch] - clamav <no-dsa> (ClamAV is updated via -updates) @@ -28976,8 +28975,8 @@ CVE-2019-9511 (Some HTTP/2 implementations are vulnerable to window size manipul NOTE: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md NOTE: https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/ NOTE: https://github.com/nghttp2/nghttp2/releases/tag/v1.39.2 -CVE-2019-9510 - RESERVED +CVE-2019-9510 (A vulnerability in Microsoft Windows 10 1803 and Windows Server 2019 a ...) + TODO: check CVE-2019-9509 RESERVED CVE-2019-9508 @@ -29046,8 +29045,8 @@ CVE-2019-9494 (The implementations of SAE in hostapd and wpa_supplicant are vuln NOTE: https://w1.fi/security/2019-1/sae-side-channel-attacks.txt NOTE: Patches: https://w1.fi/security/2019-1/ NOTE: CONFIG_SAE=y enabled since 2:2.7~git20180706+420b5dd-1 -CVE-2019-9493 - RESERVED +CVE-2019-9493 (The MyCar Controls of AutoMobility Distribution Inc., mobile applicati ...) + TODO: check CVE-2019-9492 (A DLL side-loading vulnerability in Trend Micro OfficeScan 11.0 SP1 an ...) NOT-FOR-US: Trend Micro CVE-2019-9491 (Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index b0d650ad36..637a8bccc5 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,93 @@ +CVE-2020-7103 + RESERVED +CVE-2020-7102 + RESERVED +CVE-2020-7101 + RESERVED +CVE-2020-7100 + RESERVED +CVE-2020-7099 + RESERVED +CVE-2020-7098 + RESERVED +CVE-2020-7097 + RESERVED +CVE-2020-7096 + RESERVED +CVE-2020-7095 + RESERVED +CVE-2020-7094 + RESERVED +CVE-2020-7093 + RESERVED +CVE-2020-7092 + RESERVED +CVE-2020-7091 + RESERVED +CVE-2020-7090 + RESERVED +CVE-2020-7089 + RESERVED +CVE-2020-7088 + RESERVED +CVE-2020-7087 + RESERVED +CVE-2020-7086 + RESERVED +CVE-2020-7085 + RESERVED +CVE-2020-7084 + RESERVED +CVE-2020-7083 + RESERVED +CVE-2020-7082 + RESERVED +CVE-2020-7081 + RESERVED +CVE-2020-7080 + RESERVED +CVE-2020-7079 + RESERVED +CVE-2020-7078 + RESERVED +CVE-2020-7077 + RESERVED +CVE-2020-7076 + RESERVED +CVE-2020-7075 + RESERVED +CVE-2020-7074 + RESERVED +CVE-2020-7073 + RESERVED +CVE-2020-7072 + RESERVED +CVE-2020-7071 + RESERVED +CVE-2020-7070 + RESERVED +CVE-2020-7069 + RESERVED +CVE-2020-7068 + RESERVED +CVE-2020-7067 + RESERVED +CVE-2020-7066 + RESERVED +CVE-2020-7065 + RESERVED +CVE-2020-7064 + RESERVED +CVE-2020-7063 + RESERVED +CVE-2020-7062 + RESERVED +CVE-2020-7061 + RESERVED +CVE-2020-7060 + RESERVED +CVE-2020-7059 + RESERVED CVE-2020-7058 (** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execut ...) TODO: check CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a d ...) @@ -6314,8 +6404,8 @@ CVE-2020-3943 RESERVED CVE-2020-3942 RESERVED -CVE-2020-3941 - RESERVED +CVE-2020-3941 (The repair operation of VMware Tools for Windows 10.x.y has a race con ...) + TODO: check CVE-2020-3940 RESERVED CVE-2020-3939 @@ -8734,510 +8824,469 @@ CVE-2020-2733 RESERVED CVE-2020-2732 RESERVED -CVE-2020-2731 - RESERVED -CVE-2020-2730 - RESERVED -CVE-2020-2729 - RESERVED -CVE-2020-2728 - RESERVED -CVE-2020-2727 - RESERVED +CVE-2020-2731 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + TODO: check +CVE-2020-2730 (Vulnerability in the Oracle Financial Services Revenue Management and ...) + TODO: check +CVE-2020-2729 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) + TODO: check +CVE-2020-2728 (Vulnerability in the Identity Manager product of Oracle Fusion Middlew ...) + TODO: check +CVE-2020-2727 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2726 - RESERVED +CVE-2020-2726 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2725 - RESERVED +CVE-2020-2725 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2724 - RESERVED -CVE-2020-2723 - RESERVED -CVE-2020-2722 - RESERVED -CVE-2020-2721 - RESERVED -CVE-2020-2720 - RESERVED -CVE-2020-2719 - RESERVED -CVE-2020-2718 - RESERVED -CVE-2020-2717 - RESERVED -CVE-2020-2716 - RESERVED -CVE-2020-2715 - RESERVED -CVE-2020-2714 - RESERVED -CVE-2020-2713 - RESERVED -CVE-2020-2712 - RESERVED -CVE-2020-2711 - RESERVED -CVE-2020-2710 - RESERVED -CVE-2020-2709 - RESERVED +CVE-2020-2724 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) + TODO: check +CVE-2020-2723 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) + TODO: check +CVE-2020-2722 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) + TODO: check +CVE-2020-2721 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) + TODO: check +CVE-2020-2720 (Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Ora ...) + TODO: check +CVE-2020-2719 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) + TODO: check +CVE-2020-2718 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) + TODO: check +CVE-2020-2717 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) + TODO: check +CVE-2020-2716 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) + TODO: check +CVE-2020-2715 (Vulnerability in the Oracle Banking Corporate Lending product of Oracl ...) + TODO: check +CVE-2020-2714 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) + TODO: check +CVE-2020-2713 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) + TODO: check +CVE-2020-2712 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) + TODO: check +CVE-2020-2711 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) + TODO: check +CVE-2020-2710 (Vulnerability in the Oracle Banking Payments product of Oracle Financi ...) + TODO: check +CVE-2020-2709 (Vulnerability in the Oracle iLearning product of Oracle iLearning (com ...) + TODO: check CVE-2020-2708 RESERVED -CVE-2020-2707 - RESERVED +CVE-2020-2707 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + TODO: check CVE-2020-2706 RESERVED -CVE-2020-2705 - RESERVED +CVE-2020-2705 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2704 - RESERVED +CVE-2020-2704 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2703 - RESERVED +CVE-2020-2703 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2702 - RESERVED +CVE-2020-2702 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2701 - RESERVED +CVE-2020-2701 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2700 - RESERVED -CVE-2020-2699 - RESERVED -CVE-2020-2698 - RESERVED +CVE-2020-2700 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + TODO: check +CVE-2020-2699 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + TODO: check +CVE-2020-2698 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2697 - RESERVED -CVE-2020-2696 - RESERVED -CVE-2020-2695 - RESERVED -CVE-2020-2694 - RESERVED +CVE-2020-2697 (Vulnerability in the Oracle Hospitality Suites Management component of ...) + TODO: check +CVE-2020-2696 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-2695 (Vulnerability in the PeopleSoft Enterprise CC Common Application Objec ...) + TODO: check +CVE-2020-2694 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2693 - RESERVED +CVE-2020-2693 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2692 - RESERVED +CVE-2020-2692 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2691 - RESERVED +CVE-2020-2691 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2690 - RESERVED +CVE-2020-2690 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2689 - RESERVED +CVE-2020-2689 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2688 - RESERVED -CVE-2020-2687 - RESERVED -CVE-2020-2686 - RESERVED +CVE-2020-2688 (Vulnerability in the Oracle Financial Services Analytical Applications ...) + TODO: check +CVE-2020-2687 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-2686 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2685 - RESERVED -CVE-2020-2684 - RESERVED -CVE-2020-2683 - RESERVED -CVE-2020-2682 - RESERVED +CVE-2020-2685 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + TODO: check +CVE-2020-2684 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + TODO: check +CVE-2020-2683 (Vulnerability in the Oracle FLEXCUBE Universal Banking product of Orac ...) + TODO: check +CVE-2020-2682 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2681 - RESERVED +CVE-2020-2681 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2680 - RESERVED -CVE-2020-2679 - RESERVED +CVE-2020-2680 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-2679 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2678 - RESERVED +CVE-2020-2678 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2677 - RESERVED -CVE-2020-2676 - RESERVED -CVE-2020-2675 - RESERVED -CVE-2020-2674 - RESERVED +CVE-2020-2677 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) + TODO: check +CVE-2020-2676 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) + TODO: check +CVE-2020-2675 (Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hosp ...) + TODO: check +CVE-2020-2674 (Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualiza ...) - virtualbox 6.1.2-dfsg-1 [jessie] - virtualbox <end-of-life> (DSA-3699-1) -CVE-2020-2673 - RESERVED -CVE-2020-2672 - RESERVED -CVE-2020-2671 - RESERVED -CVE-2020-2670 - RESERVED -CVE-2020-2669 - RESERVED -CVE-2020-2668 - RESERVED -CVE-2020-2667 - RESERVED -CVE-2020-2666 - RESERVED -CVE-2020-2665 - RESERVED -CVE-2020-2664 - RESERVED -CVE-2020-2663 - RESERVED -CVE-2020-2662 - RESERVED -CVE-2020-2661 - RESERVED -CVE-2020-2660 - RESERVED +CVE-2020-2673 (Vulnerability in the Oracle Application Testing Suite product of Oracl ...) + TODO: check +CVE-2020-2672 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) + TODO: check +CVE-2020-2671 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) + TODO: check +CVE-2020-2670 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) + TODO: check +CVE-2020-2669 (Vulnerability in the Oracle Email Center product of Oracle E-Business ...) + TODO: check +CVE-2020-2668 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) + TODO: check +CVE-2020-2667 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) + TODO: check +CVE-2020-2666 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + TODO: check +CVE-2020-2665 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) + TODO: check +CVE-2020-2664 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-2663 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-2662 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) + TODO: check +CVE-2020-2661 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) + TODO: check +CVE-2020-2660 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2659 - RESERVED +CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-8 <unfixed> - openjdk-7 <removed> -CVE-2020-2658 - RESERVED -CVE-2020-2657 - RESERVED -CVE-2020-2656 - RESERVED -CVE-2020-2655 - RESERVED +CVE-2020-2658 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) + TODO: check +CVE-2020-2657 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2020-2656 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-2655 (Vulnerability in the Java SE product of Oracle Java SE (component: JSS ...) - openjdk-13 <unfixed> - openjdk-11 11.0.6+10-1 -CVE-2020-2654 - RESERVED +CVE-2020-2654 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...) - openjdk-13 <unfixed> - openjdk-11 11.0.6+10-1 - openjdk-8 <unfixed> - openjdk-7 <removed> -CVE-2020-2653 - RESERVED -CVE-2020-2652 - RESERVED -CVE-2020-2651 - RESERVED -CVE-2020-2650 - RESERVED -CVE-2020-2649 - RESERVED -CVE-2020-2648 - RESERVED -CVE-2020-2647 - RESERVED -CVE-2020-2646 - RESERVED -CVE-2020-2645 - RESERVED -CVE-2020-2644 - RESERVED -CVE-2020-2643 - RESERVED -CVE-2020-2642 - RESERVED -CVE-2020-2641 - RESERVED -CVE-2020-2640 - RESERVED -CVE-2020-2639 - RESERVED -CVE-2020-2638 - RESERVED -CVE-2020-2637 - RESERVED -CVE-2020-2636 - RESERVED -CVE-2020-2635 - RESERVED -CVE-2020-2634 - RESERVED -CVE-2020-2633 - RESERVED -CVE-2020-2632 - RESERVED -CVE-2020-2631 - RESERVED -CVE-2020-2630 - RESERVED -CVE-2020-2629 - RESERVED -CVE-2020-2628 - RESERVED -CVE-2020-2627 - RESERVED +CVE-2020-2653 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2020-2652 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2020-2651 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2020-2650 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) + TODO: check +CVE-2020-2649 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) + TODO: check +CVE-2020-2648 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) + TODO: check +CVE-2020-2647 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-2646 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2645 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2644 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2643 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2642 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2641 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) + TODO: check +CVE-2020-2640 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) + TODO: check +CVE-2020-2639 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2638 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) + TODO: check +CVE-2020-2637 (Vulnerability in the Enterprise Manager for Oracle Database product of ...) + TODO: check +CVE-2020-2636 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2635 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2634 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2633 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2632 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2631 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2630 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2629 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2628 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2627 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (Only affects MySQL 8) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2626 - RESERVED -CVE-2020-2625 - RESERVED -CVE-2020-2624 - RESERVED -CVE-2020-2623 - RESERVED -CVE-2020-2622 - RESERVED -CVE-2020-2621 - RESERVED -CVE-2020-2620 - RESERVED -CVE-2020-2619 - RESERVED -CVE-2020-2618 - RESERVED -CVE-2020-2617 - RESERVED -CVE-2020-2616 - RESERVED -CVE-2020-2615 - RESERVED -CVE-2020-2614 - RESERVED -CVE-2020-2613 - RESERVED -CVE-2020-2612 - RESERVED -CVE-2020-2611 - RESERVED -CVE-2020-2610 - RESERVED -CVE-2020-2609 - RESERVED -CVE-2020-2608 - RESERVED -CVE-2020-2607 - RESERVED -CVE-2020-2606 - RESERVED -CVE-2020-2605 - RESERVED -CVE-2020-2604 - RESERVED +CVE-2020-2626 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2625 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2624 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2623 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2622 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2621 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2620 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2619 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2618 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2617 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2616 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2615 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2614 (Vulnerability in the Enterprise Manager for Fusion Middleware product ...) + TODO: check +CVE-2020-2613 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2612 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2611 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2610 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2609 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2608 (Vulnerability in the Enterprise Manager Base Platform product of Oracl ...) + TODO: check +CVE-2020-2607 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-2604 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) - openjdk-13 <unfixed> - openjdk-11 11.0.6+10-1 - openjdk-8 <unfixed> - openjdk-7 <removed> -CVE-2020-2603 - RESERVED -CVE-2020-2602 - RESERVED -CVE-2020-2601 - RESERVED +CVE-2020-2603 (Vulnerability in the Oracle Field Service product of Oracle E-Business ...) + TODO: check +CVE-2020-2602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-2601 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-13 <unfixed> - openjdk-11 11.0.6+10-1 - openjdk-8 <unfixed> - openjdk-7 <removed> -CVE-2020-2600 - RESERVED -CVE-2020-2599 - RESERVED -CVE-2020-2598 - RESERVED -CVE-2020-2597 - RESERVED -CVE-2020-2596 - RESERVED -CVE-2020-2595 - RESERVED +CVE-2020-2600 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-2599 (Vulnerability in the Oracle Hospitality Cruise Materials Management pr ...) + TODO: check +CVE-2020-2598 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) + TODO: check +CVE-2020-2597 (Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E ...) + TODO: check +CVE-2020-2596 (Vulnerability in the Oracle CRM Technical Foundation product of Oracle ...) + TODO: check +CVE-2020-2595 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) + TODO: check CVE-2020-2594 RESERVED -CVE-2020-2593 - RESERVED +CVE-2020-2593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-13 <unfixed> - openjdk-11 11.0.6+10-1 - openjdk-8 <unfixed> - openjdk-7 <removed> -CVE-2020-2592 - RESERVED -CVE-2020-2591 - RESERVED -CVE-2020-2590 - RESERVED +CVE-2020-2592 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (co ...) + TODO: check +CVE-2020-2591 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) + TODO: check +CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-13 <unfixed> - openjdk-11 11.0.6+10-1 - openjdk-8 <unfixed> - openjdk-7 <removed> -CVE-2020-2589 - RESERVED +CVE-2020-2589 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2588 - RESERVED +CVE-2020-2588 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2587 - RESERVED -CVE-2020-2586 - RESERVED -CVE-2020-2585 - RESERVED -CVE-2020-2584 - RESERVED +CVE-2020-2587 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) + TODO: check +CVE-2020-2586 (Vulnerability in the Oracle Human Resources product of Oracle E-Busine ...) + TODO: check +CVE-2020-2585 (Vulnerability in the Java SE product of Oracle Java SE (component: Jav ...) + TODO: check +CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2583 - RESERVED +CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - openjdk-13 <unfixed> - openjdk-11 11.0.6+10-1 - openjdk-8 <unfixed> - openjdk-7 <removed> -CVE-2020-2582 - RESERVED -CVE-2020-2581 - RESERVED -CVE-2020-2580 - RESERVED +CVE-2020-2582 (Vulnerability in the Oracle iStore product of Oracle E-Business Suite ...) + TODO: check +CVE-2020-2581 (Vulnerability in the Oracle GraalVM Enterprise Edition product of Orac ...) + TODO: check +CVE-2020-2580 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <not-affected> (MySQL 8 only) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2579 - RESERVED +CVE-2020-2579 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2578 - RESERVED -CVE-2020-2577 - RESERVED +CVE-2020-2578 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-2577 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2576 - RESERVED +CVE-2020-2576 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + TODO: check CVE-2020-2575 RESERVED -CVE-2020-2574 - RESERVED +CVE-2020-2574 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2573 - RESERVED +CVE-2020-2573 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2572 - RESERVED +CVE-2020-2572 (Vulnerability in the MySQL Server product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2571 - RESERVED -CVE-2020-2570 - RESERVED +CVE-2020-2571 (Vulnerability in the Oracle VM Server for SPARC product of Oracle Syst ...) + TODO: check +CVE-2020-2570 (Vulnerability in the MySQL Client product of Oracle MySQL (component: ...) - mysql-5.7 <unfixed> NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL -CVE-2020-2569 - RESERVED -CVE-2020-2568 - RESERVED -CVE-2020-2567 - RESERVED -CVE-2020-2566 - RESERVED -CVE-2020-2565 - RESERVED -CVE-2020-2564 - RESERVED -CVE-2020-2563 - RESERVED +CVE-2020-2569 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...) + TODO: check +CVE-2020-2568 (Vulnerability in the Oracle Applications DBA component of Oracle Datab ...) + TODO: check +CVE-2020-2567 (Vulnerability in the Oracle Retail Customer Management and Segmentatio ...) + TODO: check +CVE-2020-2566 (Vulnerability in the Oracle Applications Framework product of Oracle E ...) + TODO: check +CVE-2020-2565 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-2564 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) + TODO: check +CVE-2020-2563 (Vulnerability in the Hyperion Financial Close Management product of Or ...) + TODO: check CVE-2020-2562 RESERVED -CVE-2020-2561 - RESERVED -CVE-2020-2560 - RESERVED -CVE-2020-2559 - RESERVED -CVE-2020-2558 - RESERVED -CVE-2020-2557 - RESERVED -CVE-2020-2556 - RESERVED -CVE-2020-2555 - RESERVED +CVE-2020-2561 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources product ...) + TODO: check +CVE-2020-2560 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) + TODO: check +CVE-2020-2559 (Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM ...) + TODO: check +CVE-2020-2558 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) + TODO: check +CVE-2020-2557 (Vulnerability in the Oracle Demantra Demand Management product of Orac ...) + TODO: check +CVE-2020-2556 (Vulnerability in the Primavera P6 Enterprise Project Portfolio Managem ...) + TODO: check +CVE-2020-2555 (Vulnerability in the Oracle Coherence product of Oracle Fusion Middlew ...) + TODO: check CVE-2020-2554 RESERVED CVE-2020-2553 RESERVED -CVE-2020-2552 - RESERVED -CVE-2020-2551 - RESERVED -CVE-2020-2550 - RESERVED -CVE-2020-2549 - RESERVED -CVE-2020-2548 - RESERVED -CVE-2020-2547 - RESERVED -CVE-2020-2546 - RESERVED -CVE-2020-2545 - RESERVED -CVE-2020-2544 - RESERVED -CVE-2020-2543 - RESERVED -CVE-2020-2542 - RESERVED -CVE-2020-2541 - RESERVED -CVE-2020-2540 - RESERVED -CVE-2020-2539 - RESERVED -CVE-2020-2538 - RESERVED -CVE-2020-2537 - RESERVED -CVE-2020-2536 - RESERVED -CVE-2020-2535 - RESERVED -CVE-2020-2534 - RESERVED -CVE-2020-2533 - RESERVED +CVE-2020-2552 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-2551 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-2550 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-2549 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-2548 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-2547 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-2546 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-2545 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) + TODO: check +CVE-2020-2544 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-2543 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + TODO: check +CVE-2020-2542 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + TODO: check +CVE-2020-2541 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + TODO: check +CVE-2020-2540 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + TODO: check +CVE-2020-2539 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) + TODO: check +CVE-2020-2538 (Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion M ...) + TODO: check +CVE-2020-2537 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check +CVE-2020-2536 (Vulnerability in the Oracle Outside In Technology product of Oracle Fu ...) + TODO: check +CVE-2020-2535 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check +CVE-2020-2534 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...) + TODO: check +CVE-2020-2533 (Vulnerability in the Oracle Reports Developer product of Oracle Fusion ...) + TODO: check CVE-2020-2532 RESERVED -CVE-2020-2531 - RESERVED -CVE-2020-2530 - RESERVED +CVE-2020-2531 (Vulnerability in the Oracle Business Intelligence Enterprise Edition p ...) + TODO: check +CVE-2020-2530 (Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middl ...) + TODO: check CVE-2020-2529 RESERVED CVE-2020-2528 RESERVED -CVE-2020-2527 - RESERVED +CVE-2020-2527 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + TODO: check CVE-2020-2526 RESERVED CVE-2020-2525 @@ -9252,26 +9301,26 @@ CVE-2020-2521 RESERVED CVE-2020-2520 RESERVED -CVE-2020-2519 - RESERVED -CVE-2020-2518 - RESERVED -CVE-2020-2517 - RESERVED -CVE-2020-2516 - RESERVED -CVE-2020-2515 - RESERVED +CVE-2020-2519 (Vulnerability in the Oracle WebLogic Server product of Oracle Fusion M ...) + TODO: check +CVE-2020-2518 (Vulnerability in the Java VM component of Oracle Database Server. Supp ...) + TODO: check +CVE-2020-2517 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) + TODO: check +CVE-2020-2516 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + TODO: check +CVE-2020-2515 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) + TODO: check CVE-2020-2514 RESERVED CVE-2020-2513 RESERVED -CVE-2020-2512 - RESERVED -CVE-2020-2511 - RESERVED -CVE-2020-2510 - RESERVED +CVE-2020-2512 (Vulnerability in the Database Gateway for ODBC component of Oracle Dat ...) + TODO: check +CVE-2020-2511 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + TODO: check +CVE-2020-2510 (Vulnerability in the Core RDBMS component of Oracle Database Server. S ...) + TODO: check CVE-2020-2509 RESERVED CVE-2020-2508 @@ -10094,32 +10143,23 @@ CVE-2020-2100 RESERVED CVE-2020-2099 RESERVED -CVE-2020-2098 - RESERVED +CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2097 - RESERVED +CVE-2020-2097 (Jenkins Sounds Plugin 0.5 and earlier does not perform permission chec ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2096 - RESERVED +CVE-2020-2096 (Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project n ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2095 - RESERVED +CVE-2020-2095 (Jenkins Redgate SQL Change Automation Plugin 2.0.4 and earlier stored ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2094 - RESERVED +CVE-2020-2094 (A missing permission check in Jenkins Health Advisor by CloudBees Plug ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2093 - RESERVED +CVE-2020-2093 (A cross-site request forgery vulnerability in Jenkins Health Advisor b ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2092 - RESERVED +CVE-2020-2092 (Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure it ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2091 - RESERVED +CVE-2020-2091 (A missing permission check in Jenkins Amazon EC2 Plugin 1.47 and earli ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2090 - RESERVED +CVE-2020-2090 (A cross-site request forgery vulnerability in Jenkins Amazon EC2 Plugi ...) NOT-FOR-US: Jenkins plugin CVE-2020-2089 RESERVED @@ -10441,8 +10481,8 @@ CVE-2020-1931 RESERVED CVE-2020-1930 RESERVED -CVE-2020-1929 - RESERVED +CVE-2020-1929 (The Apache Beam MongoDB connector in versions 2.10.0 to 2.16.0 has an ...) + TODO: check CVE-2020-1928 RESERVED CVE-2020-1927 @@ -11091,30 +11131,30 @@ CVE-2020-1613 RESERVED CVE-2020-1612 RESERVED -CVE-2020-1611 - RESERVED +CVE-2020-1611 (A Local File Inclusion vulnerability in Juniper Networks Junos Space a ...) + TODO: check CVE-2020-1610 RESERVED -CVE-2020-1609 - RESERVED -CVE-2020-1608 - RESERVED -CVE-2020-1607 - RESERVED -CVE-2020-1606 - RESERVED -CVE-2020-1605 - RESERVED -CVE-2020-1604 - RESERVED -CVE-2020-1603 - RESERVED -CVE-2020-1602 - RESERVED -CVE-2020-1601 - RESERVED -CVE-2020-1600 - RESERVED +CVE-2020-1609 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) + TODO: check +CVE-2020-1608 (Receipt of a specific MPLS or IPv6 packet on the core facing interface ...) + TODO: check +CVE-2020-1607 (Insufficient Cross-Site Scripting (XSS) protection in J-Web may potent ...) + TODO: check +CVE-2020-1606 (A path traversal vulnerability in the Juniper Networks Junos OS device ...) + TODO: check +CVE-2020-1605 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) + TODO: check +CVE-2020-1604 (On EX4300, EX4600, QFX3500, and QFX5100 Series, a vulnerability in the ...) + TODO: check +CVE-2020-1603 (Specific IPv6 packets sent by clients processed by the Routing Engine ...) + TODO: check +CVE-2020-1602 (When a device using Juniper Network's Dynamic Host Configuration Proto ...) + TODO: check +CVE-2020-1601 (Certain types of malformed Path Computation Element Protocol (PCEP) pa ...) + TODO: check +CVE-2020-1600 (In a Point-to-Multipoint (P2MP) Label Switched Path (LSP) scenario, an ...) + TODO: check CVE-2020-1599 RESERVED CVE-2020-1598 |