diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-08-17 20:10:15 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-08-17 20:10:15 +0000 |
commit | 5ca476e834d3ad55eac5149d6a1ba4551c49305d (patch) | |
tree | 62a093d6d2dd3c98e81f58366b6c7017f8011c55 /data/CVE | |
parent | cd849ae6cc5724b26a79e1f8a255eeb5b893c4f4 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2016.list | 6 | ||||
-rw-r--r-- | data/CVE/2017.list | 42 | ||||
-rw-r--r-- | data/CVE/2018.list | 78 | ||||
-rw-r--r-- | data/CVE/2020.list | 194 |
4 files changed, 175 insertions, 145 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index c1ae5bce59..6dfe0c86bc 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -13505,15 +13505,15 @@ CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH be CVE-2016-6514 RESERVED CVE-2016-6502 - RESERVED + REJECTED CVE-2016-6501 (JFrog Artifactory before 4.11 allows remote attackers to execute arbit ...) NOT-FOR-US: JFrog Artifactory CVE-2016-6500 (Unspecified methods in the RACF Connector component before 1.1.1.0 in ...) NOT-FOR-US: ForgeRock CVE-2016-6499 - RESERVED + REJECTED CVE-2016-6498 - RESERVED + REJECTED CVE-2016-6497 (main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP ...) NOT-FOR-US: Groovy LDAP extension CVE-2016-6496 (The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index cc2c55cf3c..5712d8f655 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -28704,35 +28704,35 @@ CVE-2017-9020 CVE-2017-9019 RESERVED CVE-2017-9018 - RESERVED + REJECTED CVE-2017-9017 - RESERVED + REJECTED CVE-2017-9016 - RESERVED + REJECTED CVE-2017-9015 - RESERVED + REJECTED CVE-2017-9014 - RESERVED + REJECTED CVE-2017-9013 - RESERVED + REJECTED CVE-2017-9012 - RESERVED + REJECTED CVE-2017-9011 - RESERVED + REJECTED CVE-2017-9010 - RESERVED + REJECTED CVE-2017-9009 - RESERVED + REJECTED CVE-2017-9008 - RESERVED + REJECTED CVE-2017-9007 - RESERVED + REJECTED CVE-2017-9006 - RESERVED + REJECTED CVE-2017-9005 - RESERVED + REJECTED CVE-2017-9004 - RESERVED + REJECTED CVE-2017-9003 (Multiple memory corruption flaws are present in ArubaOS which could al ...) NOT-FOR-US: Aruba CVE-2017-9002 (All versions of Aruba ClearPass prior to 6.6.8 contain reflected cross ...) @@ -28742,15 +28742,15 @@ CVE-2017-9001 (Aruba ClearPass 6.6.3 and later includes a feature called "SSH Lo CVE-2017-9000 (ArubaOS, all versions prior to 6.3.1.25, 6.4 prior to 6.4.4.16, 6.5.x ...) NOT-FOR-US: Aruba CVE-2017-8999 - RESERVED + REJECTED CVE-2017-8998 - RESERVED + REJECTED CVE-2017-8997 - RESERVED + REJECTED CVE-2017-8996 - RESERVED + REJECTED CVE-2017-8995 - RESERVED + REJECTED CVE-2017-8994 (A input validation vulnerability in HPE Operations Orchestration produ ...) NOT-FOR-US: HPE CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and Portfol ...) @@ -28768,7 +28768,7 @@ CVE-2017-8988 (A Remote Bypass of Security Restrictions vulnerability was identi CVE-2017-8987 (A Unauthenticated Remote Denial of Service vulnerability was identifie ...) NOT-FOR-US: HPE CVE-2017-8986 - RESERVED + REJECTED CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local au ...) NOT-FOR-US: HPE XP Storage CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent Management Ce ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index dfc4ce3985..886364b602 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -37456,69 +37456,69 @@ CVE-2018-7159 (The HTTP parser in all current versions of Node.js ignores spaces CVE-2018-7158 (The `'path'` module in the Node.js 4.x release line contains a potenti ...) - nodejs 6.0.0~dfsg-1 (unimportant) CVE-2018-7157 - RESERVED + REJECTED CVE-2018-7156 - RESERVED + REJECTED CVE-2018-7155 - RESERVED + REJECTED CVE-2018-7154 - RESERVED + REJECTED CVE-2018-7153 - RESERVED + REJECTED CVE-2018-7152 - RESERVED + REJECTED CVE-2018-7151 - RESERVED + REJECTED CVE-2018-7150 - RESERVED + REJECTED CVE-2018-7149 - RESERVED + REJECTED CVE-2018-7148 - RESERVED + REJECTED CVE-2018-7147 - RESERVED + REJECTED CVE-2018-7146 - RESERVED + REJECTED CVE-2018-7145 - RESERVED + REJECTED CVE-2018-7144 - RESERVED + REJECTED CVE-2018-7143 - RESERVED + REJECTED CVE-2018-7142 - RESERVED + REJECTED CVE-2018-7141 - RESERVED + REJECTED CVE-2018-7140 - RESERVED + REJECTED CVE-2018-7139 - RESERVED + REJECTED CVE-2018-7138 - RESERVED + REJECTED CVE-2018-7137 - RESERVED + REJECTED CVE-2018-7136 - RESERVED + REJECTED CVE-2018-7135 - RESERVED + REJECTED CVE-2018-7134 - RESERVED + REJECTED CVE-2018-7133 - RESERVED + REJECTED CVE-2018-7132 - RESERVED + REJECTED CVE-2018-7131 - RESERVED + REJECTED CVE-2018-7130 - RESERVED + REJECTED CVE-2018-7129 - RESERVED + REJECTED CVE-2018-7128 - RESERVED + REJECTED CVE-2018-7127 - RESERVED + REJECTED CVE-2018-7126 - RESERVED + REJECTED CVE-2018-7125 (A remote code execution vulnerability was identified in HPE Intelligen ...) NOT-FOR-US: HPE CVE-2018-7124 (A remote code execution vulnerability was identified in HPE Intelligen ...) @@ -37592,15 +37592,15 @@ CVE-2018-7091 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has op CVE-2018-7090 (HPE XP P9000 Command View Advanced Edition Software (CVAE) has local a ...) NOT-FOR-US: HPE CVE-2018-7089 - RESERVED + REJECTED CVE-2018-7088 - RESERVED + REJECTED CVE-2018-7087 - RESERVED + REJECTED CVE-2018-7086 - RESERVED + REJECTED CVE-2018-7085 - RESERVED + REJECTED CVE-2018-7084 (A command injection vulnerability is present that permits an unauthent ...) NOT-FOR-US: Aruba CVE-2018-7083 (If a process running within Aruba Instant crashes, it may leave behind ...) @@ -37646,9 +37646,9 @@ CVE-2018-7064 (A reflected cross-site scripting (XSS) vulnerability is present i CVE-2018-7063 (In Aruba ClearPass, disabled API admins can still perform read/write o ...) NOT-FOR-US: Aruba CVE-2018-7062 - RESERVED + REJECTED CVE-2018-7061 - RESERVED + REJECTED CVE-2018-7060 (Aruba ClearPass 6.6.x prior to 6.6.9 and 6.7.x prior to 6.7.1 is vulne ...) NOT-FOR-US: Aruba ClearPass CVE-2018-7059 (Aruba ClearPass prior to 6.6.9 has a vulnerability in the API that hel ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 060b5cee5e..33556275fc 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,31 @@ +CVE-2020-24381 + RESERVED +CVE-2020-24380 + RESERVED +CVE-2020-24379 + RESERVED +CVE-2020-24378 + RESERVED +CVE-2020-24377 + RESERVED +CVE-2020-24376 + RESERVED +CVE-2020-24375 + RESERVED +CVE-2020-24374 + RESERVED +CVE-2020-24373 + RESERVED +CVE-2020-24372 (LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in ...) + TODO: check +CVE-2020-24371 (lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the ...) + TODO: check +CVE-2020-24370 (ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation faul ...) + TODO: check +CVE-2020-24369 (ldebug.c in Lua 5.4.0 attempts to access debug information via the lin ...) + TODO: check +CVE-2020-24368 + RESERVED CVE-2020-24367 RESERVED CVE-2020-24366 @@ -304,8 +332,8 @@ CVE-2020-24222 RESERVED CVE-2020-24221 RESERVED -CVE-2020-24220 - RESERVED +CVE-2020-24220 (ShopXO v1.8.1 has a command execution vulnerability. Attackers can use ...) + TODO: check CVE-2020-24219 RESERVED CVE-2020-24218 @@ -328,8 +356,8 @@ CVE-2020-24210 RESERVED CVE-2020-24209 RESERVED -CVE-2020-24208 - RESERVED +CVE-2020-24208 (A SQL injection vulnerability in SourceCodester Online Shopping Alphaw ...) + TODO: check CVE-2020-24207 RESERVED CVE-2020-24206 @@ -3304,7 +3332,8 @@ CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local priv NOT-FOR-US: Rapid Software LLC Rapid SCADA CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8. ...) NOT-FOR-US: PNotes - Andrey Gruber PNotes.NET -CVE-2020-22720 (A local privilege escalation vulnerability in SPSSLVpnService.exe in S ...) +CVE-2020-22720 + REJECTED NOT-FOR-US: Securepoint SSL VPN Client CVE-2020-22719 RESERVED @@ -13869,7 +13898,8 @@ CVE-2020-17449 (PHP-Fusion 9.03 allows XSS via the error_log file. ...) CVE-2020-17448 (Telegram Desktop through 2.1.13 allows a spoofed file type to bypass t ...) - telegram-desktop 2.2.0+ds-1 [buster] - telegram-desktop <no-dsa> (Minor issue) -CVE-2020-17447 (MyBB before 1.8.24 allows XSS because the visual editor mishandles [al ...) +CVE-2020-17447 + REJECTED NOT-FOR-US: MyBB CVE-2020-17446 (asyncpg before 0.21.0 allows a malicious PostgreSQL server to trigger ...) - asyncpg 0.21.0-1 @@ -21695,8 +21725,8 @@ CVE-2020-13943 RESERVED CVE-2020-13942 RESERVED -CVE-2020-13941 - RESERVED +CVE-2020-13941 (Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), rel ...) + TODO: check CVE-2020-13940 RESERVED CVE-2020-13939 @@ -23627,8 +23657,8 @@ CVE-2020-13124 (SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerabil NOT-FOR-US: SABnzbd CVE-2020-13123 RESERVED -CVE-2020-13122 - RESERVED +CVE-2020-13122 (The novish command-line interface, included in NoviFlow NoviWare befor ...) + TODO: check CVE-2020-13121 (Submitty through 20.04.01 has an open redirect via authentication/logi ...) NOT-FOR-US: Submitty CVE-2020-13120 @@ -24910,8 +24940,8 @@ CVE-2020-12608 (An issue was discovered in SolarWinds MSP PME (Patch Management NOT-FOR-US: SolarWinds CVE-2020-12607 (An issue was discovered in fastecdsa before 2.1.2. When using the NIST ...) NOT-FOR-US: fastecdsa -CVE-2020-12606 - RESERVED +CVE-2020-12606 (An issue was discovered in DB Soft SGLAC before 20.05.001. The Procedi ...) + TODO: check CVE-2020-12605 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive ...) NOT-FOR-US: envoy proxy (not the same as itp'ed envoy, #758651) CVE-2020-12604 (Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to incr ...) @@ -33247,26 +33277,26 @@ CVE-2020-9244 (HUAWEI Mate 20 versions Versions earlier than 10.1.0.160(C00E160R NOT-FOR-US: Huawei CVE-2020-9243 (HUAWEI Mate 30 with versions earlier than 10.1.0.150(C00E136R5P3) have ...) NOT-FOR-US: Huawei -CVE-2020-9242 - RESERVED -CVE-2020-9241 - RESERVED +CVE-2020-9242 (FusionCompute 8.0.0 have a command injection vulnerability. The softwa ...) + TODO: check +CVE-2020-9241 (Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00), ...) + TODO: check CVE-2020-9240 RESERVED CVE-2020-9239 RESERVED CVE-2020-9238 RESERVED -CVE-2020-9237 - RESERVED +CVE-2020-9237 (Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C ...) + TODO: check CVE-2020-9236 RESERVED CVE-2020-9235 RESERVED CVE-2020-9234 RESERVED -CVE-2020-9233 - RESERVED +CVE-2020-9233 (FusionCompute 8.0.0 have an insufficient authentication vulnerability. ...) + TODO: check CVE-2020-9232 RESERVED CVE-2020-9231 @@ -33525,8 +33555,8 @@ CVE-2020-9105 RESERVED CVE-2020-9104 RESERVED -CVE-2020-9103 - RESERVED +CVE-2020-9103 (HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic er ...) + TODO: check CVE-2020-9102 (There is a information leak vulnerability in some Huawei products, and ...) NOT-FOR-US: Huawei CVE-2020-9101 (There is an out-of-bounds write vulnerability in some products. An una ...) @@ -35462,22 +35492,22 @@ CVE-2020-8235 RESERVED CVE-2020-8234 RESERVED -CVE-2020-8233 - RESERVED -CVE-2020-8232 - RESERVED +CVE-2020-8233 (A command injection vulnerability exists in EdgeSwitch firmware <v1 ...) + TODO: check +CVE-2020-8232 (An information disclosure vulnerability exists in EdgeMax EdgeSwitch f ...) + TODO: check CVE-2020-8231 RESERVED -CVE-2020-8230 - RESERVED +CVE-2020-8230 (A memory corruption vulnerability exists in NextCloud Desktop Client v ...) + TODO: check CVE-2020-8229 (A memory leak in the OCUtil.dll library used by Nextcloud Desktop Clie ...) TODO: check CVE-2020-8228 RESERVED CVE-2020-8227 RESERVED -CVE-2020-8226 - RESERVED +CVE-2020-8226 (A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allow ...) + TODO: check CVE-2020-8225 RESERVED CVE-2020-8224 (A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arb ...) @@ -35504,16 +35534,16 @@ CVE-2020-8214 (A path traversal vulnerability in servey version < 3 allows an NOT-FOR-US: servey CVE-2020-8213 (An information exposure vulnerability exists in UniFi Protect before v ...) NOT-FOR-US: UniFi Protect -CVE-2020-8212 - RESERVED -CVE-2020-8211 - RESERVED -CVE-2020-8210 - RESERVED -CVE-2020-8209 - RESERVED -CVE-2020-8208 - RESERVED +CVE-2020-8212 (Improper access control in Citrix XenMobile Server 10.12 before RP3, C ...) + TODO: check +CVE-2020-8211 (Improper input validation in Citrix XenMobile Server 10.12 before RP3, ...) + TODO: check +CVE-2020-8210 (Insufficient protection of secrets in Citrix XenMobile Server 10.12 be ...) + TODO: check +CVE-2020-8209 (Improper access control in Citrix XenMobile Server 10.12 before RP2, C ...) + TODO: check +CVE-2020-8208 (Improper input validation in Citrix XenMobile Server 10.12 before RP1, ...) + TODO: check CVE-2020-8207 (Improper access control in Citrix Workspace app for Windows 1912 CU1 a ...) NOT-FOR-US: Citrix CVE-2020-8206 (An improper authentication vulnerability exists in Pulse Connect Secur ...) @@ -36670,12 +36700,12 @@ CVE-2020-7706 RESERVED CVE-2020-7705 RESERVED -CVE-2020-7704 - RESERVED -CVE-2020-7703 - RESERVED -CVE-2020-7702 - RESERVED +CVE-2020-7704 (The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pol ...) + TODO: check +CVE-2020-7703 (All versions of package nis-utils are vulnerable to Prototype Pollutio ...) + TODO: check +CVE-2020-7702 (All versions of package templ8 are vulnerable to Prototype Pollution v ...) + TODO: check CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution ...) TODO: check CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...) @@ -43726,8 +43756,8 @@ CVE-2020-4688 RESERVED CVE-2020-4687 RESERVED -CVE-2020-4686 - RESERVED +CVE-2020-4686 (IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated ...) + TODO: check CVE-2020-4685 RESERVED CVE-2020-4684 @@ -46210,12 +46240,12 @@ CVE-2020-3504 RESERVED CVE-2020-3503 RESERVED -CVE-2020-3502 - RESERVED -CVE-2020-3501 - RESERVED -CVE-2020-3500 - RESERVED +CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...) + TODO: check +CVE-2020-3501 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...) + TODO: check +CVE-2020-3500 (A vulnerability in the IPv6 implementation of Cisco StarOS could allow ...) + TODO: check CVE-2020-3499 RESERVED CVE-2020-3498 @@ -46273,8 +46303,8 @@ CVE-2020-3474 RESERVED CVE-2020-3473 RESERVED -CVE-2020-3472 - RESERVED +CVE-2020-3472 (A vulnerability in the contacts feature of Cisco Webex Meetings could ...) + TODO: check CVE-2020-3471 RESERVED CVE-2020-3470 @@ -46289,10 +46319,10 @@ CVE-2020-3466 RESERVED CVE-2020-3465 RESERVED -CVE-2020-3464 - RESERVED -CVE-2020-3463 - RESERVED +CVE-2020-3464 (A vulnerability in the web-based management interface of Cisco UCS Dir ...) + TODO: check +CVE-2020-3463 (A vulnerability in the web-based management interface of Cisco Webex M ...) + TODO: check CVE-2020-3462 (A vulnerability in the web-based management interface of Cisco Data Ce ...) NOT-FOR-US: Cisco CVE-2020-3461 (A vulnerability in the web-based management interface of Cisco Data Ce ...) @@ -46319,12 +46349,12 @@ CVE-2020-3451 RESERVED CVE-2020-3450 (A vulnerability in the web-based management interface of Cisco Vision ...) NOT-FOR-US: Cisco -CVE-2020-3449 - RESERVED -CVE-2020-3448 - RESERVED -CVE-2020-3447 - RESERVED +CVE-2020-3449 (A vulnerability in the Border Gateway Protocol (BGP) additional paths ...) + TODO: check +CVE-2020-3448 (A vulnerability in an access control mechanism of Cisco Cyber Vision C ...) + TODO: check +CVE-2020-3447 (A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security A ...) + TODO: check CVE-2020-3446 RESERVED CVE-2020-3445 @@ -46347,12 +46377,12 @@ CVE-2020-3437 (A vulnerability in the web-based management interface of Cisco SD NOT-FOR-US: Cisco CVE-2020-3436 RESERVED -CVE-2020-3435 - RESERVED -CVE-2020-3434 - RESERVED -CVE-2020-3433 - RESERVED +CVE-2020-3435 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) + TODO: check +CVE-2020-3434 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) + TODO: check +CVE-2020-3433 (A vulnerability in the interprocess communication (IPC) channel of Cis ...) + TODO: check CVE-2020-3432 RESERVED CVE-2020-3431 @@ -46391,12 +46421,12 @@ CVE-2020-3415 RESERVED CVE-2020-3414 RESERVED -CVE-2020-3413 - RESERVED -CVE-2020-3412 - RESERVED -CVE-2020-3411 - RESERVED +CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of Cisco Web ...) + TODO: check +CVE-2020-3412 (A vulnerability in the scheduled meeting template feature of Cisco Web ...) + TODO: check +CVE-2020-3411 (A vulnerability in Cisco DNA Center software could allow an unauthenti ...) + TODO: check CVE-2020-3410 RESERVED CVE-2020-3409 @@ -46491,8 +46521,8 @@ CVE-2020-3365 RESERVED CVE-2020-3364 (A vulnerability in the access control list (ACL) functionality of the ...) NOT-FOR-US: Cisco -CVE-2020-3363 - RESERVED +CVE-2020-3363 (A vulnerability in the IPv6 packet processing engine of Cisco Small Bu ...) + TODO: check CVE-2020-3362 (A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO ...) NOT-FOR-US: Cisco CVE-2020-3361 (A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Serve ...) @@ -46528,8 +46558,8 @@ CVE-2020-3348 (Multiple vulnerabilities in the web-based management interface of NOT-FOR-US: Cisco CVE-2020-3347 (A vulnerability in Cisco Webex Meetings Desktop App for Windows could ...) NOT-FOR-US: Cisco -CVE-2020-3346 - RESERVED +CVE-2020-3346 (A vulnerability in the web UI of Cisco Unified Communications Manager ...) + TODO: check CVE-2020-3345 (A vulnerability in certain web pages of Cisco Webex Meetings and Cisco ...) NOT-FOR-US: Cisco CVE-2020-3344 (A vulnerability in Cisco AMP for Endpoints Linux Connector Software an ...) |