automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-02-13 08:10:29 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-02-13 08:10:29 +0000
commit: 331725822fc4330d21d47ae8eebf809c09c99782 (patch)
tree: 5240385cb0e567e3078b15ab34f7b75fa6668df2 /data/CVE
parent: c08ae6e6d8af1fb39848f0b0b3cae1909a9e25dc (diff)
5 files changed, 108 insertions, 77 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index ae0810181f..405a17eae3 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -986,13 +986,11 @@ CVE-2011-4910 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12
 	NOT-FOR-US: Joomla!
 CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before  ...)
 	NOT-FOR-US: Joomla!
-CVE-2011-4908
-	RESERVED
+CVE-2011-4908 (TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upl ...)
 	NOT-FOR-US: Joomla!
 CVE-2011-4907 (Joomla! 1.5x through 1.5.12: Missing JEXEC Check ...)
 	NOT-FOR-US: Joomla!
-CVE-2011-4906
-	RESERVED
+CVE-2011-4906 (Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows fil ...)
 	NOT-FOR-US: Joomla!
 CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...)
 	- activemq 5.5.0+dfsg-5 (bug #655495)
@@ -3418,8 +3416,8 @@ CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform regex
 	[squeeze] - chromium-browser <not-affected>
 CVE-2011-3902
 	RESERVED
-CVE-2011-3901
-	RESERVED
+CVE-2011-3901 (Android SQLite Journal before 4.0.1 has an information disclosure vuln ...)
+	TODO: check
 CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows remote ...)
 	- chromium-browser 15.0.874.121~r109964-1
 	- webkit <not-affected> (Chrome issue)
@@ -5012,8 +5010,8 @@ CVE-2011-3338
 	RESERVED
 CVE-2011-3337 (eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 f ...)
 	NOT-FOR-US: eEye Digital Security Audits
-CVE-2011-3336
-	RESERVED
+CVE-2011-3336 (regcomp in the BSD implementation of libc is vulnerable to denial of s ...)
+	TODO: check
 CVE-2011-3335
 	RESERVED
 CVE-2011-3334
@@ -7456,8 +7454,7 @@ CVE-2011-2500 (The host_reliable_addrinfo function in support/export/hostname.c
 	- nfs-utils 1:1.2.4-1 (bug #633155)
 	[lenny] - nfs-utils <not-affected> (Introduced in 1.2.3)
 	[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
-CVE-2011-2499
-	RESERVED
+CVE-2011-2499 (Mambo CMS through 4.6.5 has multiple XSS. ...)
 	NOT-FOR-US: Mambo CMS
 CVE-2011-2498
 	RESERVED
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index fa695695ce..6ce15810dc 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -3994,8 +3994,8 @@ CVE-2013-6024 (The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13.
 	NOT-FOR-US: F5 BIG-IP
 CVE-2013-6023 (Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firm ...)
 	NOT-FOR-US: TVT TD-2308SS-B DVR
-CVE-2013-6022
-	RESERVED
+CVE-2013-6022 (A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Gro ...)
+	TODO: check
 CVE-2013-6021 (Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8  ...)
 	NOT-FOR-US: WatchGuard WSM and Fireware
 CVE-2013-6020 (passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends di ...)
@@ -6163,8 +6163,8 @@ CVE-2013-5108 (Multiple cross-site scripting (XSS) vulnerabilities in the xn fun
 	- rockmongo <itp> (bug #702961)
 CVE-2013-5107 (Directory traversal vulnerability in RockMongo 1.1.5 and earlier allow ...)
 	- rockmongo <itp> (bug #702961)
-CVE-2013-5106
-	RESERVED
+CVE-2013-5106 (A Code Execution vulnerability exists in select.py when using python-m ...)
+	TODO: check
 CVE-2013-5105
 	RESERVED
 CVE-2013-5104
@@ -7278,8 +7278,8 @@ CVE-2013-4604 (Fortinet FortiOS before 5.0.3 on FortiGate devices does not prope
 	NOT-FOR-US: Fortinet FortiOS
 CVE-2013-4603
 	RESERVED
-CVE-2013-4602
-	RESERVED
+CVE-2013-4602 (A Denial of Service (infinite loop) vulnerability exists in Avira Anti ...)
+	TODO: check
 CVE-2013-4601
 	RESERVED
 CVE-2013-4600 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index ae79c6684d..edc00e7726 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -45307,8 +45307,8 @@ CVE-2018-3989 (An exploitable kernel memory disclosure vulnerability exists in t
 	NOT-FOR-US: WibuKey
 CVE-2018-3988 (Signal Messenger for Android 4.24.8 may expose private information whe ...)
 	NOT-FOR-US: Signal Messenger
-CVE-2018-3987
-	RESERVED
+CVE-2018-3987 (An exploitable information disclosure vulnerability exists in the 'Sec ...)
+	TODO: check
 CVE-2018-3986 (An exploitable information disclosure vulnerability exists in the "Sec ...)
 	NOT-FOR-US: Telegram Android
 CVE-2018-3985 (An exploitable double free vulnerability exists in the mdnscap binary  ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 36faafb96c..96131b0091 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -4087,8 +4087,8 @@ CVE-2019-18917
 	RESERVED
 CVE-2019-18916
 	RESERVED
-CVE-2019-18915
-	RESERVED
+CVE-2019-18915 (A potential security vulnerability has been identified with certain ve ...)
+	TODO: check
 CVE-2019-18914
 	RESERVED
 CVE-2019-18913 (A potential security vulnerability with pre-boot DMA may allow unautho ...)
@@ -5801,7 +5801,7 @@ CVE-2019-18212 (XMLLanguageService.java in XML Language Server (aka lsp4xml) bef
 	NOT-FOR-US: XML Language Server (aka lsp4xml)
 CVE-2019-18211 (An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTok ...)
 	NOT-FOR-US: Orckestra C1 CMS
-CVE-2019-18210 (** DISPUTED ** Persistent XSS in /course/modedit.php of Moodle through ...)
+CVE-2019-18210 (Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows a ...)
 	- moodle <removed>
 CVE-2019-18209 (templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser doe ...)
 	- etherpad-lite <itp> (bug #576998)
@@ -14659,8 +14659,8 @@ CVE-2019-XXXX [Buffer overflow during processing of large server replies]
 	[jessie] - pump 0.8.24-7+deb8u1
 CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP e ...)
 	NOT-FOR-US: pandao Editor.md
-CVE-2019-14652
-	RESERVED
+CVE-2019-14652 (explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explor ...)
+	TODO: check
 CVE-2019-14651
 	RESERVED
 CVE-2019-14650
@@ -40010,8 +40010,8 @@ CVE-2019-5324
 	RESERVED
 CVE-2019-5323
 	RESERVED
-CVE-2019-5322
-	RESERVED
+CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...)
+	TODO: check
 CVE-2019-5321
 	RESERVED
 CVE-2019-5320
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 23b5bdad13..8f08d07f03 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,33 @@
+CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...)
+	TODO: check
+CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...)
+	TODO: check
+CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...)
+	TODO: check
+CVE-2020-8961
+	RESERVED
+CVE-2020-8960
+	RESERVED
+CVE-2020-8959
+	RESERVED
+CVE-2020-8958
+	RESERVED
+CVE-2020-8957
+	RESERVED
+CVE-2020-8956
+	RESERVED
+CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...)
+	TODO: check
+CVE-2020-8954
+	RESERVED
+CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...)
+	TODO: check
+CVE-2020-8952
+	RESERVED
+CVE-2020-8951
+	RESERVED
+CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...)
+	TODO: check
 CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...)
 	NOT-FOR-US: Gocloud devices
 CVE-2020-8948
@@ -3615,10 +3645,10 @@ CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
 CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...)
 	NOT-FOR-US: Umbraco CMS
-CVE-2020-7209
-	RESERVED
-CVE-2020-7208
-	RESERVED
+CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution w ...)
+	TODO: check
+CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved i ...)
+	TODO: check
 CVE-2020-7207
 	RESERVED
 CVE-2020-7206
@@ -4139,12 +4169,12 @@ CVE-2020-6977
 	RESERVED
 CVE-2020-6976
 	RESERVED
-CVE-2020-6975
-	RESERVED
+CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
+	TODO: check
 CVE-2020-6974
 	RESERVED
-CVE-2020-6973
-	RESERVED
+CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...)
+	TODO: check
 CVE-2020-6972
 	RESERVED
 CVE-2020-6971
@@ -4514,6 +4544,7 @@ CVE-2020-6801
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801
 CVE-2020-6800
 	RESERVED
+	{DSA-4620-1}
 	- firefox 73.0-1
 	- firefox-esr 68.5.0esr-1
 	- thunderbird <unfixed>
@@ -4528,6 +4559,7 @@ CVE-2020-6799
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799
 CVE-2020-6798
 	RESERVED
+	{DSA-4620-1}
 	- firefox 73.0-1
 	- firefox-esr 68.5.0esr-1
 	- thunderbird <unfixed>
@@ -4544,6 +4576,7 @@ CVE-2020-6797
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797
 CVE-2020-6796
 	RESERVED
+	{DSA-4620-1}
 	- firefox 73.0-1
 	- firefox-esr 68.5.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796
@@ -5836,40 +5869,40 @@ CVE-2020-6195
 	RESERVED
 CVE-2020-6194
 	RESERVED
-CVE-2020-6193
-	RESERVED
-CVE-2020-6192
-	RESERVED
-CVE-2020-6191
-	RESERVED
-CVE-2020-6190
-	RESERVED
-CVE-2020-6189
-	RESERVED
-CVE-2020-6188
-	RESERVED
-CVE-2020-6187
-	RESERVED
-CVE-2020-6186
-	RESERVED
-CVE-2020-6185
-	RESERVED
-CVE-2020-6184
-	RESERVED
-CVE-2020-6183
-	RESERVED
+CVE-2020-6193 (SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, ...)
+	TODO: check
+CVE-2020-6192 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...)
+	TODO: check
+CVE-2020-6191 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...)
+	TODO: check
+CVE-2020-6190 (Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Appli ...)
+	TODO: check
+CVE-2020-6189 (Certain settings page(s) in SAP Business Objects Business Intelligence ...)
+	TODO: check
+CVE-2020-6188 (VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, ...)
+	TODO: check
+CVE-2020-6187 (SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7. ...)
+	TODO: check
+CVE-2020-6186 (SAP Host Agent, version 7.21, allows an attacker to cause a slowdown i ...)
+	TODO: check
+CVE-2020-6185 (Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_B ...)
+	TODO: check
+CVE-2020-6184 (Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_ ...)
+	TODO: check
+CVE-2020-6183 (SAP Host Agent, version 7.21, allows an unprivileged user to read the  ...)
+	TODO: check
 CVE-2020-6182
 	RESERVED
-CVE-2020-6181
-	RESERVED
+CVE-2020-6181 (Under some circumstances the SAML SSO implementation in the SAP NetWea ...)
+	TODO: check
 CVE-2020-6180
 	RESERVED
 CVE-2020-6179
 	RESERVED
 CVE-2020-6178
 	RESERVED
-CVE-2020-6177
-	RESERVED
+CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate an XM ...)
+	TODO: check
 CVE-2020-6176
 	RESERVED
 CVE-2020-6175
@@ -7433,8 +7466,8 @@ CVE-2020-5401
 	RESERVED
 CVE-2020-5400
 	RESERVED
-CVE-2020-5399
-	RESERVED
+CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...)
+	TODO: check
 CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...)
 	- libspring-java <unfixed>
 	NOTE: https://pivotal.io/security/cve-2020-5398
@@ -7764,12 +7797,12 @@ CVE-2020-5243
 	RESERVED
 CVE-2020-5242
 	RESERVED
-CVE-2020-5241
-	RESERVED
+CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...)
+	TODO: check
 CVE-2020-5240
 	RESERVED
-CVE-2020-5239
-	RESERVED
+CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...)
+	TODO: check
 CVE-2020-5238
 	RESERVED
 CVE-2020-5237 (oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to uplo ...)
@@ -13004,6 +13037,7 @@ CVE-2020-2660 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	- mysql-5.7 <unfixed> (bug #949994)
 	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
 CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
+	{DSA-4621-1}
 	- openjdk-8 8u242-b08-1
 	- openjdk-7 <removed>
 CVE-2020-2658 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...)
@@ -13017,7 +13051,7 @@ CVE-2020-2655 (Vulnerability in the Java SE product of Oracle Java SE (component
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 CVE-2020-2654 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...)
-	{DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -13122,7 +13156,7 @@ CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of
 CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...)
 	NOT-FOR-US: Oracle
 CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -13132,7 +13166,7 @@ CVE-2020-2603 (Vulnerability in the Oracle Field Service product of Oracle E-Bus
 CVE-2020-2602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...)
 	NOT-FOR-US: Oracle
 CVE-2020-2601 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -13152,7 +13186,7 @@ CVE-2020-2595 (Vulnerability in the Oracle GraalVM Enterprise Edition product of
 CVE-2020-2594
 	RESERVED
 CVE-2020-2593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -13162,7 +13196,7 @@ CVE-2020-2592 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chai
 CVE-2020-2591 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...)
 	NOT-FOR-US: Oracle
 CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -13184,7 +13218,7 @@ CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (compon
 	- mysql-5.7 <unfixed> (bug #949994)
 	NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL
 CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java  ...)
-	{DSA-4605-1}
+	{DSA-4621-1 DSA-4605-1}
 	- openjdk-13 13.0.2+8-1
 	- openjdk-11 11.0.6+10-1
 	- openjdk-8 8u242-b08-1
@@ -14411,12 +14445,12 @@ CVE-2020-1979
 	RESERVED
 CVE-2020-1978
 	RESERVED
-CVE-2020-1977
-	RESERVED
-CVE-2020-1976
-	RESERVED
-CVE-2020-1975
-	RESERVED
+CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...)
+	TODO: check
+CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...)
+	TODO: check
+CVE-2020-1975 (Missing XML validation vulnerability in the PAN-OS web interface on Pa ...)
+	TODO: check
 CVE-2020-1974
 	RESERVED
 CVE-2020-1973
author	security tracker role <sectracker@soriano.debian.org>	2020-02-13 08:10:29 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-02-13 08:10:29 +0000
commit	331725822fc4330d21d47ae8eebf809c09c99782 (patch)
tree	5240385cb0e567e3078b15ab34f7b75fa6668df2 /data/CVE
parent	c08ae6e6d8af1fb39848f0b0b3cae1909a9e25dc (diff)