diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-05-08 08:10:24 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-05-08 08:10:24 +0000 |
commit | 3d69dbf3b41f33405261a8019ab606ead3e4218b (patch) | |
tree | c4cf25e04fa2da90c096d2bd997bab1158644196 /data/CVE | |
parent | d32dfe00dd746fd4da49ee1ac2e356cc8ecd7094 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2012.list | 8 | ||||
-rw-r--r-- | data/CVE/2014.list | 4 | ||||
-rw-r--r-- | data/CVE/2015.list | 4 | ||||
-rw-r--r-- | data/CVE/2020.list | 145 |
4 files changed, 103 insertions, 58 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index f9a36c85bb..d030ee0473 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -14132,10 +14132,10 @@ CVE-2012-0955 CVE-2012-0954 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the apt-ke ...) - apt 0.7.25 (unimportant) NOTE: net-update is not enabled by default in Debian -CVE-2012-0953 - RESERVED -CVE-2012-0952 - RESERVED +CVE-2012-0953 (A race condition was discovered in the Linux drivers for Nvidia graphi ...) + TODO: check +CVE-2012-0952 (A heap buffer overflow was discovered in the device control ioctl in t ...) + TODO: check CVE-2012-0951 (A Memory Corruption Vulnerability exists in NVIDIA Graphics Drivers 29 ...) - nvidia-graphics-drivers 295.53-1 CVE-2012-0950 (The Apport hook (DistUpgradeApport.py) in Update Manager, as used by U ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 30355fa033..fb33ed7771 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -23697,8 +23697,8 @@ CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubunt NOTE: of AppArmor 2.9.0) is not affected. The closest version to the NOTE: affected one that we ever had in Debian (2.8.96~2652) did not NOTE: include the faulty patch. -CVE-2014-1423 - RESERVED +CVE-2014-1423 (signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch ...) + TODO: check CVE-2014-1422 RESERVED CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the u ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index a470dcab44..74a64d335d 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -4977,8 +4977,8 @@ CVE-2015-7948 REJECTED CVE-2015-7947 REJECTED -CVE-2015-7946 - RESERVED +CVE-2015-7946 (Information Exposure vulnerability in Unity8 as used on the Ubuntu pho ...) + TODO: check CVE-2015-7945 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti befo ...) {DSA-3431-1} - ganeti 2.15.2-1 (bug #809538) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index d67da8fefd..f295e9033b 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,21 +1,69 @@ -CVE-2020-12711 +CVE-2020-12735 (reset.php in DomainMOD 4.13.0 uses insufficient entropy for password r ...) + TODO: check +CVE-2020-12734 RESERVED -CVE-2020-12710 +CVE-2020-12733 RESERVED -CVE-2020-12709 +CVE-2020-12732 RESERVED -CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) - NOT-FOR-US: PHP-Fusion -CVE-2020-12707 +CVE-2020-12731 + RESERVED +CVE-2020-12730 + RESERVED +CVE-2020-12729 + RESERVED +CVE-2020-12728 + RESERVED +CVE-2020-12727 + RESERVED +CVE-2020-12726 + RESERVED +CVE-2020-12725 + RESERVED +CVE-2020-12724 + RESERVED +CVE-2020-12723 + RESERVED +CVE-2020-12722 + RESERVED +CVE-2020-12721 + RESERVED +CVE-2020-12720 (vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6 ...) + TODO: check +CVE-2020-12719 (XXE during an EventPublisher update can occur in Management Console in ...) + TODO: check +CVE-2020-12718 (In administration/comments.php in PHP-Fusion 9.03.50, an authenticated ...) + TODO: check +CVE-2020-12717 + RESERVED +CVE-2020-12716 RESERVED -CVE-2020-12706 +CVE-2020-12715 RESERVED -CVE-2020-12705 +CVE-2020-12714 RESERVED -CVE-2020-12704 +CVE-2020-12713 RESERVED -CVE-2020-12703 +CVE-2020-12712 + RESERVED +CVE-2020-12711 + RESERVED +CVE-2020-12710 + RESERVED +CVE-2020-12709 RESERVED +CVE-2020-12708 (Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) + NOT-FOR-US: PHP-Fusion +CVE-2020-12707 (An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4 ...) + TODO: check +CVE-2020-12706 (Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 al ...) + TODO: check +CVE-2020-12705 (Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS ...) + TODO: check +CVE-2020-12704 (UliCMS before 2020.2 has PageController stored XSS. ...) + TODO: check +CVE-2020-12703 (UliCMS before 2020.2 has XSS during PackageController uninstall. ...) + TODO: check CVE-2020-12702 RESERVED CVE-2020-12701 @@ -1309,8 +1357,8 @@ CVE-2020-12118 (The keygen protocol implementation in Binance tss-lib before 1.2 NOT-FOR-US: Binance tss-lib CVE-2020-12117 (Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allo ...) NOT-FOR-US: Moxa -CVE-2020-12116 - RESERVED +CVE-2020-12116 (Zoho ManageEngine OpManager Stable build before 124196 and Released bu ...) + TODO: check CVE-2020-12115 RESERVED CVE-2020-12114 (A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4. ...) @@ -3705,36 +3753,33 @@ CVE-2020-11058 RESERVED CVE-2020-11057 RESERVED -CVE-2020-11056 - RESERVED -CVE-2020-11055 - RESERVED -CVE-2020-11054 - RESERVED -CVE-2020-11053 - RESERVED -CVE-2020-11052 - RESERVED +CVE-2020-11056 (In Sprout Forms before 3.9.0, there is a potential Server-Side Templat ...) + TODO: check +CVE-2020-11055 (In BookStack greater than or equal to 0.18.0 and less than 0.29.2, the ...) + TODO: check +CVE-2020-11054 (In qutebrowser versions less than 1.11.1, reloading a page with certif ...) + TODO: check +CVE-2020-11053 (In OAuth2 Proxy before 5.1.1, there is an open redirect vulnerability. ...) + TODO: check +CVE-2020-11052 (In Sorcery before 0.15.0, there is a brute force vulnerability when us ...) + TODO: check CVE-2020-11051 (In Wiki.js before 2.3.81, there is a stored XSS in the Markdown editor ...) NOT-FOR-US: Wiki.js -CVE-2020-11050 - RESERVED -CVE-2020-11049 - RESERVED +CVE-2020-11050 (In Java-WebSocket less than or equal to 1.4.1, there is an Improper Va ...) + TODO: check +CVE-2020-11049 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read o ...) - freerdp2 <unfixed> - freerdp <removed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-wwh7-r2r8-xjpr NOTE: Fixed with: https://github.com/FreeRDP/FreeRDP/pull/6019 NOTE: https://github.com/FreeRDP/FreeRDP/issues/6008 -CVE-2020-11048 - RESERVED +CVE-2020-11048 (In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. ...) - freerdp2 <unfixed> - freerdp <removed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-hv8w-f2hx-5gcv NOTE: Fixed by: https://github.com/FreeRDP/FreeRDP/commit/9301bfe730c66180263248b74353daa99f5a969b NOTE: https://github.com/FreeRDP/FreeRDP/issues/6007 -CVE-2020-11047 - RESERVED +CVE-2020-11047 (In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read ...) - freerdp2 <unfixed> - freerdp <removed> NOTE: https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-9fw6-m2q8-h5pw @@ -4143,8 +4188,8 @@ CVE-2020-10918 RESERVED CVE-2020-10917 RESERVED -CVE-2020-10916 - RESERVED +CVE-2020-10916 (This vulnerability allows network-adjacent attackers to escalate privi ...) + TODO: check CVE-2020-10915 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: VEEAM One Agent CVE-2020-10914 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -4422,10 +4467,10 @@ CVE-2020-10797 (An XSS vulnerability resides in the hostname field of the diag_p NOT-FOR-US: pfSense CVE-2020-10796 RESERVED -CVE-2020-10795 - RESERVED -CVE-2020-10794 - RESERVED +CVE-2020-10795 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code ...) + TODO: check +CVE-2020-10794 (Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path trav ...) + TODO: check CVE-2020-10793 (** DISPUTED ** CodeIgniter through 4.0.0 allows remote attackers to ga ...) - codeigniter <itp> (bug #471583) CVE-2020-10792 (openITCOCKPIT through 3.7.2 allows remote attackers to configure the s ...) @@ -5854,8 +5899,8 @@ CVE-2020-10178 REJECTED CVE-2020-10177 RESERVED -CVE-2020-10176 - RESERVED +CVE-2020-10176 (ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow E ...) + TODO: check CVE-2020-10175 REJECTED CVE-2020-10174 (init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely ...) @@ -7351,10 +7396,10 @@ CVE-2020-9477 (An issue was discovered on HUMAX HGA12R-02 BRGCAA 1.1.53 devices. NOT-FOR-US: HUMAX HGA12R-02 BRGCAA devices CVE-2020-9476 (ARRIS TG1692A devices allow remote attackers to discover the administr ...) NOT-FOR-US: ARRIS TG1692A devices -CVE-2020-9475 - RESERVED -CVE-2020-9474 - RESERVED +CVE-2020-9475 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...) + TODO: check +CVE-2020-9474 (The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows ...) + TODO: check CVE-2020-9473 REJECTED CVE-2020-9472 (Umbraco CMS 8.5.3 allows an authenticated file upload (and consequentl ...) @@ -18503,14 +18548,14 @@ CVE-2020-4432 RESERVED CVE-2020-4431 RESERVED -CVE-2020-4430 - RESERVED -CVE-2020-4429 - RESERVED -CVE-2020-4428 - RESERVED -CVE-2020-4427 - RESERVED +CVE-2020-4430 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...) + TODO: check +CVE-2020-4429 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 con ...) + TODO: check +CVE-2020-4428 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...) + TODO: check +CVE-2020-4427 (IBM Data Risk Manager 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, and 2.0.6 cou ...) + TODO: check CVE-2020-4426 RESERVED CVE-2020-4425 |