diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-13 08:10:29 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-13 08:10:29 +0000 |
commit | 331725822fc4330d21d47ae8eebf809c09c99782 (patch) | |
tree | 5240385cb0e567e3078b15ab34f7b75fa6668df2 /data/CVE | |
parent | c08ae6e6d8af1fb39848f0b0b3cae1909a9e25dc (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2011.list | 17 | ||||
-rw-r--r-- | data/CVE/2013.list | 12 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 14 | ||||
-rw-r--r-- | data/CVE/2020.list | 138 |
5 files changed, 108 insertions, 77 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index ae0810181f..405a17eae3 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -986,13 +986,11 @@ CVE-2011-4910 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 NOT-FOR-US: Joomla! CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...) NOT-FOR-US: Joomla! -CVE-2011-4908 - RESERVED +CVE-2011-4908 (TinyBrowser plugin for Joomla! before 1.5.13 allows arbitrary file upl ...) NOT-FOR-US: Joomla! CVE-2011-4907 (Joomla! 1.5x through 1.5.12: Missing JEXEC Check ...) NOT-FOR-US: Joomla! -CVE-2011-4906 - RESERVED +CVE-2011-4906 (Tiny browser in TinyMCE 3.0 editor in Joomla! before 1.5.13 allows fil ...) NOT-FOR-US: Joomla! CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...) - activemq 5.5.0+dfsg-5 (bug #655495) @@ -3418,8 +3416,8 @@ CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform regex [squeeze] - chromium-browser <not-affected> CVE-2011-3902 RESERVED -CVE-2011-3901 - RESERVED +CVE-2011-3901 (Android SQLite Journal before 4.0.1 has an information disclosure vuln ...) + TODO: check CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows remote ...) - chromium-browser 15.0.874.121~r109964-1 - webkit <not-affected> (Chrome issue) @@ -5012,8 +5010,8 @@ CVE-2011-3338 RESERVED CVE-2011-3337 (eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 f ...) NOT-FOR-US: eEye Digital Security Audits -CVE-2011-3336 - RESERVED +CVE-2011-3336 (regcomp in the BSD implementation of libc is vulnerable to denial of s ...) + TODO: check CVE-2011-3335 RESERVED CVE-2011-3334 @@ -7456,8 +7454,7 @@ CVE-2011-2500 (The host_reliable_addrinfo function in support/export/hostname.c - nfs-utils 1:1.2.4-1 (bug #633155) [lenny] - nfs-utils <not-affected> (Introduced in 1.2.3) [squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3) -CVE-2011-2499 - RESERVED +CVE-2011-2499 (Mambo CMS through 4.6.5 has multiple XSS. ...) NOT-FOR-US: Mambo CMS CVE-2011-2498 RESERVED diff --git a/data/CVE/2013.list b/data/CVE/2013.list index fa695695ce..6ce15810dc 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -3994,8 +3994,8 @@ CVE-2013-6024 (The Edge Client components in F5 BIG-IP APM 10.x, 11.x, 12.x, 13. NOT-FOR-US: F5 BIG-IP CVE-2013-6023 (Directory traversal vulnerability in the TVT TD-2308SS-B DVR with firm ...) NOT-FOR-US: TVT TD-2308SS-B DVR -CVE-2013-6022 - RESERVED +CVE-2013-6022 (A Cross-Site Scripting (XSS) vulnerability exists in Tiki Wiki CMG Gro ...) + TODO: check CVE-2013-6021 (Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 ...) NOT-FOR-US: WatchGuard WSM and Fireware CVE-2013-6020 (passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends di ...) @@ -6163,8 +6163,8 @@ CVE-2013-5108 (Multiple cross-site scripting (XSS) vulnerabilities in the xn fun - rockmongo <itp> (bug #702961) CVE-2013-5107 (Directory traversal vulnerability in RockMongo 1.1.5 and earlier allow ...) - rockmongo <itp> (bug #702961) -CVE-2013-5106 - RESERVED +CVE-2013-5106 (A Code Execution vulnerability exists in select.py when using python-m ...) + TODO: check CVE-2013-5105 RESERVED CVE-2013-5104 @@ -7278,8 +7278,8 @@ CVE-2013-4604 (Fortinet FortiOS before 5.0.3 on FortiGate devices does not prope NOT-FOR-US: Fortinet FortiOS CVE-2013-4603 RESERVED -CVE-2013-4602 - RESERVED +CVE-2013-4602 (A Denial of Service (infinite loop) vulnerability exists in Avira Anti ...) + TODO: check CVE-2013-4601 RESERVED CVE-2013-4600 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index ae79c6684d..edc00e7726 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -45307,8 +45307,8 @@ CVE-2018-3989 (An exploitable kernel memory disclosure vulnerability exists in t NOT-FOR-US: WibuKey CVE-2018-3988 (Signal Messenger for Android 4.24.8 may expose private information whe ...) NOT-FOR-US: Signal Messenger -CVE-2018-3987 - RESERVED +CVE-2018-3987 (An exploitable information disclosure vulnerability exists in the 'Sec ...) + TODO: check CVE-2018-3986 (An exploitable information disclosure vulnerability exists in the "Sec ...) NOT-FOR-US: Telegram Android CVE-2018-3985 (An exploitable double free vulnerability exists in the mdnscap binary ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 36faafb96c..96131b0091 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -4087,8 +4087,8 @@ CVE-2019-18917 RESERVED CVE-2019-18916 RESERVED -CVE-2019-18915 - RESERVED +CVE-2019-18915 (A potential security vulnerability has been identified with certain ve ...) + TODO: check CVE-2019-18914 RESERVED CVE-2019-18913 (A potential security vulnerability with pre-boot DMA may allow unautho ...) @@ -5801,7 +5801,7 @@ CVE-2019-18212 (XMLLanguageService.java in XML Language Server (aka lsp4xml) bef NOT-FOR-US: XML Language Server (aka lsp4xml) CVE-2019-18211 (An issue was discovered in Orckestra C1 CMS through 6.6. The EntityTok ...) NOT-FOR-US: Orckestra C1 CMS -CVE-2019-18210 (** DISPUTED ** Persistent XSS in /course/modedit.php of Moodle through ...) +CVE-2019-18210 (Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows a ...) - moodle <removed> CVE-2019-18209 (templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser doe ...) - etherpad-lite <itp> (bug #576998) @@ -14659,8 +14659,8 @@ CVE-2019-XXXX [Buffer overflow during processing of large server replies] [jessie] - pump 0.8.24-7+deb8u1 CVE-2019-14653 (pandao Editor.md 1.5.0 allows XSS via an attribute of an ABBR or SUP e ...) NOT-FOR-US: pandao Editor.md -CVE-2019-14652 - RESERVED +CVE-2019-14652 (explorer.js in Amazon AWS JavaScript S3 Explorer (aka aws-js-s3-explor ...) + TODO: check CVE-2019-14651 RESERVED CVE-2019-14650 @@ -40010,8 +40010,8 @@ CVE-2019-5324 RESERVED CVE-2019-5323 RESERVED -CVE-2019-5322 - RESERVED +CVE-2019-5322 (A remotely exploitable information disclosure vulnerability is present ...) + TODO: check CVE-2019-5321 RESERVED CVE-2019-5320 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 23b5bdad13..8f08d07f03 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,33 @@ +CVE-2020-8964 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) + TODO: check +CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.0 ...) + TODO: check +CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...) + TODO: check +CVE-2020-8961 + RESERVED +CVE-2020-8960 + RESERVED +CVE-2020-8959 + RESERVED +CVE-2020-8958 + RESERVED +CVE-2020-8957 + RESERVED +CVE-2020-8956 + RESERVED +CVE-2020-8955 (irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2 ...) + TODO: check +CVE-2020-8954 + RESERVED +CVE-2020-8953 (OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication by ...) + TODO: check +CVE-2020-8952 + RESERVED +CVE-2020-8951 + RESERVED +CVE-2020-8950 (The AUEPLauncher service in Radeon AMD User Experience Program Launche ...) + TODO: check CVE-2020-8949 (Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3. ...) NOT-FOR-US: Gocloud devices CVE-2020-8948 @@ -3615,10 +3645,10 @@ CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...) NOT-FOR-US: Umbraco CMS -CVE-2020-7209 - RESERVED -CVE-2020-7208 - RESERVED +CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution w ...) + TODO: check +CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved i ...) + TODO: check CVE-2020-7207 RESERVED CVE-2020-7206 @@ -4139,12 +4169,12 @@ CVE-2020-6977 RESERVED CVE-2020-6976 RESERVED -CVE-2020-6975 - RESERVED +CVE-2020-6975 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) + TODO: check CVE-2020-6974 RESERVED -CVE-2020-6973 - RESERVED +CVE-2020-6973 (Digi International ConnectPort LTS 32 MEI, Firmware Version 1.4.3 (820 ...) + TODO: check CVE-2020-6972 RESERVED CVE-2020-6971 @@ -4514,6 +4544,7 @@ CVE-2020-6801 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6801 CVE-2020-6800 RESERVED + {DSA-4620-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird <unfixed> @@ -4528,6 +4559,7 @@ CVE-2020-6799 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-06/#CVE-2020-6799 CVE-2020-6798 RESERVED + {DSA-4620-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 - thunderbird <unfixed> @@ -4544,6 +4576,7 @@ CVE-2020-6797 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-07/#CVE-2020-6797 CVE-2020-6796 RESERVED + {DSA-4620-1} - firefox 73.0-1 - firefox-esr 68.5.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-05/#CVE-2020-6796 @@ -5836,40 +5869,40 @@ CVE-2020-6195 RESERVED CVE-2020-6194 RESERVED -CVE-2020-6193 - RESERVED -CVE-2020-6192 - RESERVED -CVE-2020-6191 - RESERVED -CVE-2020-6190 - RESERVED -CVE-2020-6189 - RESERVED -CVE-2020-6188 - RESERVED -CVE-2020-6187 - RESERVED -CVE-2020-6186 - RESERVED -CVE-2020-6185 - RESERVED -CVE-2020-6184 - RESERVED -CVE-2020-6183 - RESERVED +CVE-2020-6193 (SAP NetWeaver (Knowledge Management ICE Service), versions 7.30, 7.31, ...) + TODO: check +CVE-2020-6192 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...) + TODO: check +CVE-2020-6191 (SAP Landscape Management, version 3.0, allows an attacker with admin p ...) + TODO: check +CVE-2020-6190 (Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Appli ...) + TODO: check +CVE-2020-6189 (Certain settings page(s) in SAP Business Objects Business Intelligence ...) + TODO: check +CVE-2020-6188 (VAT Pro-Rata reports in SAP ERP (SAP_APPL versions 600, 602, 603, 604, ...) + TODO: check +CVE-2020-6187 (SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7. ...) + TODO: check +CVE-2020-6186 (SAP Host Agent, version 7.21, allows an attacker to cause a slowdown i ...) + TODO: check +CVE-2020-6185 (Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_B ...) + TODO: check +CVE-2020-6184 (Under certain conditions, ABAP Online Community in SAP NetWeaver (SAP_ ...) + TODO: check +CVE-2020-6183 (SAP Host Agent, version 7.21, allows an unprivileged user to read the ...) + TODO: check CVE-2020-6182 RESERVED -CVE-2020-6181 - RESERVED +CVE-2020-6181 (Under some circumstances the SAML SSO implementation in the SAP NetWea ...) + TODO: check CVE-2020-6180 RESERVED CVE-2020-6179 RESERVED CVE-2020-6178 RESERVED -CVE-2020-6177 - RESERVED +CVE-2020-6177 (SAP Mobile Platform, version 3.0, does not sufficiently validate an XM ...) + TODO: check CVE-2020-6176 RESERVED CVE-2020-6175 @@ -7433,8 +7466,8 @@ CVE-2020-5401 RESERVED CVE-2020-5400 RESERVED -CVE-2020-5399 - RESERVED +CVE-2020-5399 (Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL d ...) + TODO: check CVE-2020-5398 (In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x pri ...) - libspring-java <unfixed> NOTE: https://pivotal.io/security/cve-2020-5398 @@ -7764,12 +7797,12 @@ CVE-2020-5243 RESERVED CVE-2020-5242 RESERVED -CVE-2020-5241 - RESERVED +CVE-2020-5241 (matestack-ui-core (RubyGem) before 0.7.4 is vulnerable to XSS/Script i ...) + TODO: check CVE-2020-5240 RESERVED -CVE-2020-5239 - RESERVED +CVE-2020-5239 (In Mailu before version 1.7, an authenticated user can exploit a vulne ...) + TODO: check CVE-2020-5238 RESERVED CVE-2020-5237 (oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to uplo ...) @@ -13004,6 +13037,7 @@ CVE-2020-2660 (Vulnerability in the MySQL Server product of Oracle MySQL (compon - mysql-5.7 <unfixed> (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2659 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) + {DSA-4621-1} - openjdk-8 8u242-b08-1 - openjdk-7 <removed> CVE-2020-2658 (Vulnerability in the Oracle iSupport product of Oracle E-Business Suit ...) @@ -13017,7 +13051,7 @@ CVE-2020-2655 (Vulnerability in the Java SE product of Oracle Java SE (component - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 CVE-2020-2654 (Vulnerability in the Java SE product of Oracle Java SE (component: Lib ...) - {DSA-4605-1} + {DSA-4621-1 DSA-4605-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 @@ -13122,7 +13156,7 @@ CVE-2020-2606 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of CVE-2020-2605 (Vulnerability in the Oracle Solaris product of Oracle Systems (compone ...) NOT-FOR-US: Oracle CVE-2020-2604 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - {DSA-4605-1} + {DSA-4621-1 DSA-4605-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 @@ -13132,7 +13166,7 @@ CVE-2020-2603 (Vulnerability in the Oracle Field Service product of Oracle E-Bus CVE-2020-2602 (Vulnerability in the PeopleSoft Enterprise PeopleTools product of Orac ...) NOT-FOR-US: Oracle CVE-2020-2601 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - {DSA-4605-1} + {DSA-4621-1 DSA-4605-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 @@ -13152,7 +13186,7 @@ CVE-2020-2595 (Vulnerability in the Oracle GraalVM Enterprise Edition product of CVE-2020-2594 RESERVED CVE-2020-2593 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - {DSA-4605-1} + {DSA-4621-1 DSA-4605-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 @@ -13162,7 +13196,7 @@ CVE-2020-2592 (Vulnerability in the Oracle AutoVue product of Oracle Supply Chai CVE-2020-2591 (Vulnerability in the Oracle Web Applications Desktop Integrator produc ...) NOT-FOR-US: Oracle CVE-2020-2590 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - {DSA-4605-1} + {DSA-4621-1 DSA-4605-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 @@ -13184,7 +13218,7 @@ CVE-2020-2584 (Vulnerability in the MySQL Server product of Oracle MySQL (compon - mysql-5.7 <unfixed> (bug #949994) NOTE: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixMSQL CVE-2020-2583 (Vulnerability in the Java SE, Java SE Embedded product of Oracle Java ...) - {DSA-4605-1} + {DSA-4621-1 DSA-4605-1} - openjdk-13 13.0.2+8-1 - openjdk-11 11.0.6+10-1 - openjdk-8 8u242-b08-1 @@ -14411,12 +14445,12 @@ CVE-2020-1979 RESERVED CVE-2020-1978 RESERVED -CVE-2020-1977 - RESERVED -CVE-2020-1976 - RESERVED -CVE-2020-1975 - RESERVED +CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...) + TODO: check +CVE-2020-1976 (A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalPr ...) + TODO: check +CVE-2020-1975 (Missing XML validation vulnerability in the PAN-OS web interface on Pa ...) + TODO: check CVE-2020-1974 RESERVED CVE-2020-1973 |