diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-10-08 08:10:14 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-10-08 08:10:14 +0000 |
commit | 4d9e357b92a2297802c76d52c88dcf31f13353d9 (patch) | |
tree | 8d4abe025b12dd81cacc27d3a5779eaa89924097 /data/CVE | |
parent | 05b2541c34dd8a8f307a2ccd814fc89e8ea886be (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2015.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 6 | ||||
-rw-r--r-- | data/CVE/2020.list | 84 |
3 files changed, 51 insertions, 43 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index bd649981c0..024193c2e1 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -6691,9 +6691,9 @@ CVE-2015-7382 (SQL injection vulnerability in install.php in Web Reference Datab CVE-2015-7381 (Multiple PHP remote file inclusion vulnerabilities in install.php in W ...) NOT-FOR-US: Web Reference Database (aka refbase) CVE-2015-7380 - RESERVED + REJECTED CVE-2015-7379 - RESERVED + REJECTED CVE-2015-7378 (Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "P ...) NOT-FOR-US: Panda Security CVE-2015-7377 (Cross-site scripting (XSS) vulnerability in pie-register/pie-register. ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 73923ea68a..f1bb735eff 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -2524,7 +2524,7 @@ CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict NOT-FOR-US: JFrog Artifactory CVE-2019-19936 RESERVED -CVE-2019-19935 (Froala Editor before 3.0.6 allows XSS. ...) +CVE-2019-19935 (Froala Editor before 3.2.2 allows XSS. ...) NOT-FOR-US: Froala Editor CVE-2019-19934 RESERVED @@ -23566,7 +23566,7 @@ CVE-2019-11844 (An HTML Injection vulnerability has been discovered on the RICOH CVE-2019-11843 (The MailPoet plugin before 3.23.2 for WordPress allows remote attacker ...) NOT-FOR-US: MailPoet plugin for WordPress CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsign/cle ...) - {DLA-1920-1} + {DLA-2402-1 DLA-1920-1} - golang-go.crypto 1:0.0~git20200221.2aa609c-1 NOTE: https://go.googlesource.com/crypto/+/c05e17bb3b2dca130fc919668a96b4bec9eb9442 NOTE: Patch fixes the second part of the CVE ("prepend arbitrary text") @@ -23574,7 +23574,7 @@ CVE-2019-11841 (A message-forgery issue was discovered in crypto/openpgp/clearsi NOTE: https://packetstormsecurity.com/files/152840/Go-Cryptography-Libraries-Cleartext-Message-Spoofing.html NOTE: Upstream feels that this is not a security issue. See https://github.com/golang/go/issues/41200. CVE-2019-11840 (An issue was discovered in supplementary Go cryptography libraries, ak ...) - {DLA-1840-1} + {DLA-2402-1 DLA-1840-1} - golang-go.crypto 1:0.0~git20200221.2aa609c-1 NOTE: https://github.com/golang/go/issues/30965 NOTE: https://go.googlesource.com/crypto/+/b7391e95e576cacdcdd422573063bc057239113d diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 18d04b4cf0..92cb9a3b43 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,9 @@ +CVE-2020-26886 + RESERVED +CVE-2020-26885 + RESERVED +CVE-2020-26884 + RESERVED CVE-2020-26883 RESERVED CVE-2020-26882 @@ -2102,8 +2108,8 @@ CVE-2020-25869 (An information leak was discovered in MediaWiki before 1.31.10 a NOTE: https://phabricator.wikimedia.org/T260485 CVE-2020-25868 RESERVED -CVE-2020-25867 - RESERVED +CVE-2020-25867 (SoPlanning before 1.47 doesn't correctly check the security key used t ...) + TODO: check CVE-2020-25866 (In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dis ...) - wireshark 3.2.7-1 [buster] - wireshark <not-affected> (Vulnerable code not present) @@ -2350,8 +2356,8 @@ CVE-2020-25770 (An out-of-bounds read information disclosure vulnerabilities in NOT-FOR-US: Trend Micro CVE-2020-25769 RESERVED -CVE-2020-25768 - RESERVED +CVE-2020-25768 (Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 hav ...) + TODO: check CVE-2020-25767 RESERVED CVE-2020-25766 (An issue was discovered in MISP before 2.4.132. It can perform an unwa ...) @@ -23725,8 +23731,8 @@ CVE-2020-15503 (LibRaw before 0.20-RC1 lacks a thumbnail size range check. This NOTE: https://github.com/LibRaw/LibRaw/commit/20ad21c0d87ca80217aee47533d91e633ce1864d CVE-2020-15502 (** DISPUTED ** The DuckDuckGo application through 5.58.0 for Android, ...) NOT-FOR-US: DuckDuckGo application for Android and iOS -CVE-2020-15501 - RESERVED +CVE-2020-15501 (** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before 2nd genera ...) + TODO: check CVE-2020-15500 (An issue was discovered in server.js in TileServer GL through 3.0.0. T ...) NOT-FOR-US: TileServer GL CVE-2020-15499 (An issue was discovered on ASUS RT-AC1900P routers before 3.0.0.4.385_ ...) @@ -24346,8 +24352,8 @@ CVE-2020-15228 (In the `@actions/core` npm module before version 1.2.6,`addPath` CVE-2020-15227 (Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 ar ...) - php-nette <removed> NOTE: https://github.com/nette/application/security/advisories/GHSA-8gv3-3j7f-wg94 -CVE-2020-15226 - RESERVED +CVE-2020-15226 (In GLPI before version 9.5.2, there is a SQL Injection in the API's se ...) + TODO: check CVE-2020-15225 RESERVED CVE-2020-15224 @@ -24364,8 +24370,8 @@ CVE-2020-15219 RESERVED CVE-2020-15218 RESERVED -CVE-2020-15217 - RESERVED +CVE-2020-15217 (In GLPI before version 9.5.2, there is a leakage of user information t ...) + TODO: check CVE-2020-15216 (In goxmldsig (XML Digital Signatures implemented in pure Go) before ve ...) - golang-github-russellhaering-goxmldsig <unfixed> (bug #971615) NOTE: https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7 @@ -35098,6 +35104,7 @@ CVE-2020-10938 (GraphicsMagick before 1.3.35 has an integer overflow and resulta CVE-2020-10937 RESERVED CVE-2020-10936 (Sympa before 6.2.56 allows privilege escalation. ...) + {DLA-2401-1} - sympa 6.2.40~dfsg-5 (bug #961491) NOTE: https://sympa-community.github.io/security/2020-002.html NOTE: Patch: https://github.com/sympa-community/sympa/releases/download/6.2.56/sympa-6.2.54-sa-2020-002-r2.patch @@ -39095,6 +39102,7 @@ CVE-2020-9285 CVE-2020-9284 RESERVED CVE-2020-9283 (golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go a ...) + {DLA-2402-1} - golang-go.crypto 1:0.0~git20200221.2aa609c-1 (bug #952462) [buster] - golang-go.crypto <no-dsa> (Minor issue) [stretch] - golang-go.crypto <no-dsa> (Minor issue) @@ -52077,20 +52085,20 @@ CVE-2020-3604 RESERVED CVE-2020-3603 RESERVED -CVE-2020-3602 - RESERVED -CVE-2020-3601 - RESERVED +CVE-2020-3602 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco ...) + TODO: check +CVE-2020-3601 (A vulnerability in the CLI of Cisco StarOS operating system for Cisco ...) + TODO: check CVE-2020-3600 RESERVED CVE-2020-3599 RESERVED -CVE-2020-3598 - RESERVED -CVE-2020-3597 - RESERVED -CVE-2020-3596 - RESERVED +CVE-2020-3598 (A vulnerability in the web-based management interface of Cisco Vision ...) + TODO: check +CVE-2020-3597 (A vulnerability in the configuration restore feature of Cisco Nexus Da ...) + TODO: check +CVE-2020-3596 (A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expr ...) + TODO: check CVE-2020-3595 RESERVED CVE-2020-3594 @@ -52103,8 +52111,8 @@ CVE-2020-3591 RESERVED CVE-2020-3590 RESERVED -CVE-2020-3589 - RESERVED +CVE-2020-3589 (A vulnerability in the web-based management interface of Cisco Identit ...) + TODO: check CVE-2020-3588 RESERVED CVE-2020-3587 @@ -52145,10 +52153,10 @@ CVE-2020-3570 RESERVED CVE-2020-3569 (Multiple vulnerabilities in the Distance Vector Multicast Routing Prot ...) NOT-FOR-US: Cisco -CVE-2020-3568 - RESERVED -CVE-2020-3567 - RESERVED +CVE-2020-3568 (A vulnerability in the antispam protection mechanisms of Cisco AsyncOS ...) + TODO: check +CVE-2020-3567 (A vulnerability in the management REST API of Cisco Industrial Network ...) + TODO: check CVE-2020-3566 (A vulnerability in the Distance Vector Multicast Routing Protocol (DVM ...) NOT-FOR-US: Cisco CVE-2020-3565 @@ -52193,10 +52201,10 @@ CVE-2020-3546 (A vulnerability in the web-based management interface of Cisco As NOT-FOR-US: Cisco CVE-2020-3545 (A vulnerability in Cisco FXOS Software could allow an authenticated, l ...) NOT-FOR-US: Cisco -CVE-2020-3544 - RESERVED -CVE-2020-3543 - RESERVED +CVE-2020-3544 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...) + TODO: check +CVE-2020-3543 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...) + TODO: check CVE-2020-3542 (A vulnerability in Cisco Webex Training could allow an authenticated, ...) NOT-FOR-US: Cisco CVE-2020-3541 (A vulnerability in the media engine component of Cisco Webex Meetings ...) @@ -52209,10 +52217,10 @@ CVE-2020-3538 RESERVED CVE-2020-3537 (A vulnerability in Cisco Jabber for Windows software could allow an au ...) NOT-FOR-US: Cisco -CVE-2020-3536 - RESERVED -CVE-2020-3535 - RESERVED +CVE-2020-3536 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) + TODO: check +CVE-2020-3535 (A vulnerability in the loading mechanism of specific DLLs in the Cisco ...) + TODO: check CVE-2020-3534 RESERVED CVE-2020-3533 @@ -52350,8 +52358,8 @@ CVE-2020-3469 RESERVED CVE-2020-3468 (A vulnerability in the web-based management interface of Cisco SD-WAN ...) NOT-FOR-US: Cisco -CVE-2020-3467 - RESERVED +CVE-2020-3467 (A vulnerability in the web-based management interface of Cisco Identit ...) + TODO: check CVE-2020-3466 (Multiple vulnerabilities in the web-based management interface of Cisc ...) NOT-FOR-US: Cisco CVE-2020-3465 (A vulnerability in Cisco IOS XE Software could allow an unauthenticate ...) @@ -52656,8 +52664,8 @@ CVE-2020-3322 (A vulnerability in Cisco Webex Network Recording Player and Cisco NOT-FOR-US: Cisco CVE-2020-3321 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...) NOT-FOR-US: Cisco -CVE-2020-3320 - RESERVED +CVE-2020-3320 (A vulnerability in the web-based management interface of Cisco Firepow ...) + TODO: check CVE-2020-3319 (A vulnerability in Cisco Webex Network Recording Player and Cisco Webe ...) NOT-FOR-US: Cisco CVE-2020-3318 (Multiple vulnerabilities in Cisco Firepower Management Center (FMC) So ...) |