automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-05-13 20:10:23 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-05-13 20:10:23 +0000
commit: 88963e637ac284f81dab5cf8b2b5548d671c6781 (patch)
tree: 3675955e4127f10aa2200058ae7236bc060702bd /data/CVE
parent: d501e8f6a3d8ae9f28ef1cb6b77ecc00a84b57e1 (diff)
3 files changed, 117 insertions, 101 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index cb0916131a..8d7e637d06 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -5599,7 +5599,7 @@ CVE-2010-3134 (Untrusted search path vulnerability in Google Earth 5.1.3535.3218
 	NOT-FOR-US: Google Earth
 CVE-2010-3132 (Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 buil ...)
 	NOT-FOR-US: Adobe Dreamweaver
-CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) ...)
+CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit all versions 1 ...)
 	NOT-FOR-US: TechSmith Snagit
 CVE-2010-3129 (Untrusted search path vulnerability in uTorrent 2.0.3 and earlier allo ...)
 	NOT-FOR-US: uTorrent
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 75b2da34c6..6a3ebc76d1 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,5 @@
+CVE-2019-20796
+	RESERVED
 CVE-2019-20795 (iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ...)
 	- iproute2 5.2.0-1
 	[buster] - iproute2 <no-dsa> (Minor issue)
@@ -11679,8 +11681,8 @@ CVE-2019-16114 (In ATutor 2.2.4, an unauthenticated attacker can change the appl
 	NOT-FOR-US: ATutor
 CVE-2019-16113 (Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-im ...)
 	NOT-FOR-US: Bludit
-CVE-2019-16112
-	RESERVED
+CVE-2019-16112 (TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting ...)
+	TODO: check
 CVE-2019-16111
 	RESERVED
 CVE-2019-16110 (The network protocol of Blade Shadow though 2.13.3 allows remote attac ...)
@@ -12254,12 +12256,12 @@ CVE-2019-15882
 	RESERVED
 CVE-2019-15881
 	RESERVED
-CVE-2019-15880
-	RESERVED
-CVE-2019-15879
-	RESERVED
-CVE-2019-15878
-	RESERVED
+CVE-2019-15880 (In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, ins ...)
+	TODO: check
+CVE-2019-15879 (In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-ST ...)
+	TODO: check
+CVE-2019-15878 (In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and ...)
+	TODO: check
 CVE-2019-15877 (In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-REL ...)
 	TODO: check
 CVE-2019-15876 (In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEAS ...)
@@ -30111,8 +30113,8 @@ CVE-2019-9684
 	RESERVED
 CVE-2019-9683
 	RESERVED
-CVE-2019-9682
-	RESERVED
+CVE-2019-9682 (Dahua devices with Build time before December 2019 use strong security ...)
+	TODO: check
 CVE-2019-9681 (Online upgrade information in some firmware packages of Dahua products ...)
 	NOT-FOR-US: Dahua
 CVE-2019-9680 (Some Dahua products have information leakage issues. Attackers can obt ...)
@@ -47657,8 +47659,8 @@ CVE-2019-2389 (Incorrect scoping of kill operations in MongoDB Server's packaged
 	- mongodb <removed> (low)
 	[stretch] - mongodb <ignored> (Minor issue)
 	[jessie] - mongodb <ignored> (Minor issue)
-CVE-2019-2388
-	RESERVED
+CVE-2019-2388 (In affected Ops Manager versions there is an exposed http route was th ...)
+	TODO: check
 CVE-2019-2387
 	RESERVED
 CVE-2019-2386 (After user deletion in MongoDB Server the improper invalidation of aut ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 66be527869..d756400847 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,17 @@
+CVE-2020-12833
+	RESERVED
+CVE-2020-12832 (The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. ...)
+	TODO: check
+CVE-2020-12831 (** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Rang ...)
+	TODO: check
+CVE-2020-12830
+	RESERVED
+CVE-2020-12829
+	RESERVED
+CVE-2020-12828
+	RESERVED
+CVE-2020-12827
+	RESERVED
 CVE-2020-12826 (A signal access-control issue was discovered in the Linux kernel befor ...)
 	- linux 5.6.7-1
 	[buster] - linux 4.19.118-1
@@ -146,8 +160,8 @@ CVE-2020-12765 (Solis Miolo 2.0 allows index.php?module=install&amp;action=view&
 	NOT-FOR-US: Solis Miolo
 CVE-2020-12764 (Gnuteca 3.8 allows file.php?folder=/&amp;file= Directory Traversal. ...)
 	NOT-FOR-US: Gnuteca
-CVE-2020-12763
-	RESERVED
+CVE-2020-12763 (TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable t ...)
+	TODO: check
 CVE-2020-12762 (json-c through 0.14 has an integer overflow and out-of-bounds write vi ...)
 	- json-c <unfixed> (bug #960326)
 	NOTE: https://github.com/json-c/json-c/pull/592
@@ -199,8 +213,8 @@ CVE-2020-12744
 	RESERVED
 CVE-2020-12743 (An issue was discovered in Gazie 7.32. A successful installation does  ...)
 	NOT-FOR-US: Gazie
-CVE-2020-12742
-	RESERVED
+CVE-2020-12742 (The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does ...)
+	TODO: check
 CVE-2020-12741
 	RESERVED
 CVE-2020-12740 (tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-rea ...)
@@ -286,14 +300,14 @@ CVE-2020-12702
 	RESERVED
 CVE-2020-12701
 	RESERVED
-CVE-2020-12700
-	RESERVED
-CVE-2020-12699
-	RESERVED
-CVE-2020-12698
-	RESERVED
-CVE-2020-12697
-	RESERVED
+CVE-2020-12700 (The direct_mail extension through 5.2.3 for TYPO3 allows Information D ...)
+	TODO: check
+CVE-2020-12699 (The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect ...)
+	TODO: check
+CVE-2020-12698 (The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Co ...)
+	TODO: check
+CVE-2020-12697 (The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Ser ...)
+	TODO: check
 CVE-2020-12696 (The iframe plugin before 4.5 for WordPress does not sanitize a URL. ...)
 	NOT-FOR-US: iframe plugin for WordPress
 CVE-2020-12695
@@ -395,7 +409,7 @@ CVE-2020-12657 (An issue was discovered in the Linux kernel before 5.6.5. There
 	- linux 5.6.7-1
 	[buster] - linux 4.19.118-1
 	NOTE: https://git.kernel.org/linus/2f95fa5c955d0a9987ffdc3a095e2f4e62c5f2a9 (5.7-rc1)
-CVE-2020-12656 (gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_g ...)
+CVE-2020-12656 (** DISPUTED ** gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c  ...)
 	- linux <unfixed> (unimportant)
 	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=206651
 	NOTE: Issue is triggered only at module reloading / rebinding
@@ -890,8 +904,8 @@ CVE-2020-12429 (Online Course Registration 2.0 has multiple SQL injections that
 	NOT-FOR-US: Online Course Registration
 CVE-2020-12428
 	RESERVED
-CVE-2020-12427
-	RESERVED
+CVE-2020-12427 (The Western Digital WD Discovery application before 3.8.229 for MyClou ...)
+	TODO: check
 CVE-2020-12426
 	RESERVED
 CVE-2020-12425
@@ -2973,7 +2987,7 @@ CVE-2020-11543 (OpsRamp Gateway before 5.5.0 has a backdoor account vadmin with
 	NOT-FOR-US: OpsRamp Gateway
 CVE-2020-11542 (3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authenticat ...)
 	NOT-FOR-US: 3xLOGIC Infinias eIDC32 2.213 devices
-CVE-2020-11541 (In TechSmith SnagIt before 20.1.1, an XML External Entity (XXE) inject ...)
+CVE-2020-11541 (In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE ...)
 	NOT-FOR-US: TechSmith SnagIt
 CVE-2020-11540
 	RESERVED
@@ -3961,14 +3975,14 @@ CVE-2020-11075
 	RESERVED
 CVE-2020-11074
 	RESERVED
-CVE-2020-11073
-	RESERVED
+CVE-2020-11073 (In Autoswitch Python Virtualenv before version 0.16.0, a user who ente ...)
+	TODO: check
 CVE-2020-11072 (In SLP Validate (npm package slp-validate) before version 1.2.1, users ...)
 	TODO: check
 CVE-2020-11071 (SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability w ...)
 	TODO: check
-CVE-2020-11070
-	RESERVED
+CVE-2020-11070 (The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulne ...)
+	TODO: check
 CVE-2020-11069
 	RESERVED
 CVE-2020-11068
@@ -5138,8 +5152,8 @@ CVE-2020-10656
 	RESERVED
 CVE-2020-10655
 	RESERVED
-CVE-2020-10654
-	RESERVED
+CVE-2020-10654 (Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow ...)
+	TODO: check
 CVE-2020-10653
 	RESERVED
 CVE-2020-10652
@@ -7594,10 +7608,10 @@ CVE-2020-9504
 	RESERVED
 CVE-2020-9503
 	RESERVED
-CVE-2020-9502
-	RESERVED
-CVE-2020-9501
-	RESERVED
+CVE-2020-9502 (Some Dahua products with Build time before December 2019 have Session  ...)
+	TODO: check
+CVE-2020-9501 (Attackers can obtain Cloud Key information from the Dahua Web P2P cont ...)
+	TODO: check
 CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. After t ...)
 	NOT-FOR-US: Dahua
 CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...)
@@ -10867,8 +10881,8 @@ CVE-2020-8022
 	RESERVED
 CVE-2020-8021
 	RESERVED
-CVE-2020-8020
-	RESERVED
+CVE-2020-8020 (A Improper Neutralization of Input During Web Page Generation vulnerab ...)
+	TODO: check
 CVE-2020-8019
 	RESERVED
 CVE-2020-8018 (A Incorrect Default Permissions vulnerability in the SLES15-SP1-CHOST- ...)
@@ -12065,10 +12079,10 @@ CVE-2020-7457
 	RESERVED
 CVE-2020-7456
 	RESERVED
-CVE-2020-7455
-	RESERVED
-CVE-2020-7454
-	RESERVED
+CVE-2020-7455 (In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-ST ...)
+	TODO: check
+CVE-2020-7454 (In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-ST ...)
+	TODO: check
 CVE-2020-7453 (In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEAS ...)
 	- kfreebsd-10 <unfixed> (unimportant)
 	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-20:08.jail.asc
@@ -15844,8 +15858,8 @@ CVE-2020-5840 (An issue was discovered in HashBrown CMS before 1.3.2. Server/Ent
 	NOT-FOR-US: HashBrown CMS
 CVE-2020-5839
 	RESERVED
-CVE-2020-5838
-	RESERVED
+CVE-2020-5838 (Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-s ...)
+	TODO: check
 CVE-2020-5837 (Symantec Endpoint Protection, prior to 14.3, may not respect file perm ...)
 	TODO: check
 CVE-2020-5836 (Symantec Endpoint Protection, prior to 14.3, can potentially reset the ...)
@@ -16717,8 +16731,8 @@ CVE-2020-5409
 	RESERVED
 CVE-2020-5408
 	RESERVED
-CVE-2020-5407
-	RESERVED
+CVE-2020-5407 (Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 ...)
+	TODO: check
 CVE-2020-5406 (VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6. ...)
 	NOT-FOR-US: VMware
 CVE-2020-5405 (Spring Cloud Config, versions 2.2.x prior to 2.2.2, versions 2.1.x pri ...)
@@ -19051,8 +19065,8 @@ CVE-2020-4314
 	RESERVED
 CVE-2020-4313
 	RESERVED
-CVE-2020-4312
-	RESERVED
+CVE-2020-4312 (IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 co ...)
+	TODO: check
 CVE-2020-4311 (IBM Tivoli Monitoring 6.3.0 could allow a local attacker to execute ar ...)
 	NOT-FOR-US: IBM
 CVE-2020-4310
@@ -23913,58 +23927,58 @@ CVE-2020-2020
 	RESERVED
 CVE-2020-2019
 	RESERVED
-CVE-2020-2018
-	RESERVED
-CVE-2020-2017
-	RESERVED
-CVE-2020-2016
-	RESERVED
-CVE-2020-2015
-	RESERVED
-CVE-2020-2014
-	RESERVED
-CVE-2020-2013
-	RESERVED
-CVE-2020-2012
-	RESERVED
-CVE-2020-2011
-	RESERVED
-CVE-2020-2010
-	RESERVED
-CVE-2020-2009
-	RESERVED
-CVE-2020-2008
-	RESERVED
-CVE-2020-2007
-	RESERVED
-CVE-2020-2006
-	RESERVED
-CVE-2020-2005
-	RESERVED
-CVE-2020-2004
-	RESERVED
-CVE-2020-2003
-	RESERVED
-CVE-2020-2002
-	RESERVED
-CVE-2020-2001
-	RESERVED
+CVE-2020-2018 (An authentication bypass vulnerability in Palo Alto Networks PAN-OS Pa ...)
+	TODO: check
+CVE-2020-2017 (A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Pa ...)
+	TODO: check
+CVE-2020-2016 (A race condition due to insecure creation of a file in a temporary dir ...)
+	TODO: check
+CVE-2020-2015 (A buffer overflow vulnerability in the PAN-OS management server allows ...)
+	TODO: check
+CVE-2020-2014 (An OS Command Injection vulnerability in PAN-OS management server allo ...)
+	TODO: check
+CVE-2020-2013 (A cleartext transmission of sensitive information vulnerability in Pal ...)
+	TODO: check
+CVE-2020-2012 (Improper restriction of XML external entity reference ('XXE') vulnerab ...)
+	TODO: check
+CVE-2020-2011 (An improper input validation vulnerability in the configuration daemon ...)
+	TODO: check
+CVE-2020-2010 (An OS command injection vulnerability in PAN-OS management interface a ...)
+	TODO: check
+CVE-2020-2009 (An external control of filename vulnerability in the SD WAN component  ...)
+	TODO: check
+CVE-2020-2008 (An OS command injection and external control of filename vulnerability ...)
+	TODO: check
+CVE-2020-2007 (An OS command injection vulnerability in the management server compone ...)
+	TODO: check
+CVE-2020-2006 (A stack-based buffer overflow vulnerability in the management server c ...)
+	TODO: check
+CVE-2020-2005 (A cross-site scripting (XSS) vulnerability exists when visiting malici ...)
+	TODO: check
+CVE-2020-2004 (Under certain circumstances a user's password may be logged in clearte ...)
+	TODO: check
+CVE-2020-2003 (An external control of filename vulnerability in the command processin ...)
+	TODO: check
+CVE-2020-2002 (An authentication bypass by spoofing vulnerability exists in the authe ...)
+	TODO: check
+CVE-2020-2001 (An external control of path and data vulnerability in the Palo Alto Ne ...)
+	TODO: check
 CVE-2020-2000
 	RESERVED
 CVE-2020-1999
 	RESERVED
-CVE-2020-1998
-	RESERVED
-CVE-2020-1997
-	RESERVED
-CVE-2020-1996
-	RESERVED
-CVE-2020-1995
-	RESERVED
-CVE-2020-1994
-	RESERVED
-CVE-2020-1993
-	RESERVED
+CVE-2020-1998 (An improper authorization vulnerability in PAN-OS that mistakenly uses ...)
+	TODO: check
+CVE-2020-1997 (An open redirection vulnerability in the GlobalProtect component of Pa ...)
+	TODO: check
+CVE-2020-1996 (A missing authorization vulnerability in the management server compone ...)
+	TODO: check
+CVE-2020-1995 (A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS  ...)
+	TODO: check
+CVE-2020-1994 (A predictable temporary file vulnerability in PAN-OS allows a local au ...)
+	TODO: check
+CVE-2020-1993 (The GlobalProtect Portal feature in PAN-OS does not set a new session  ...)
+	TODO: check
 CVE-2020-1992 (A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-70 ...)
 	NOT-FOR-US: Palo Alto Networks
 CVE-2020-1991 (An insecure temporary file vulnerability in Palo Alto Networks Traps a ...)
@@ -24551,6 +24565,7 @@ CVE-2020-1765 (An improper control of parameters allows the spoofing of the from
 CVE-2020-1764 (A hard-coded cryptographic key vulnerability in the default configurat ...)
 	NOT-FOR-US: Kiali
 CVE-2020-1763 (An out-of-bounds buffer read flaw was found in the pluto daemon of lib ...)
+	{DSA-4684-1}
 	- libreswan <unfixed> (bug #960458)
 	NOTE: Introduced by: https://github.com/libreswan/libreswan/commit/fa004e7d4b83fbeaa8d0f6d8430a96aed97a97b9 (v3.27)
 	NOTE: Fixed by: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8
@@ -24755,8 +24770,7 @@ CVE-2020-1716
 	NOT-FOR-US: ceph-ansible
 CVE-2020-1715
 	RESERVED
-CVE-2020-1714
-	RESERVED
+CVE-2020-1714 (A flaw was found in Keycloak before version 11.0.0, where the code bas ...)
 	NOT-FOR-US: Keycloak
 CVE-2020-1713
 	RESERVED
author	security tracker role <sectracker@soriano.debian.org>	2020-05-13 20:10:23 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-05-13 20:10:23 +0000
commit	88963e637ac284f81dab5cf8b2b5548d671c6781 (patch)
tree	3675955e4127f10aa2200058ae7236bc060702bd /data/CVE
parent	d501e8f6a3d8ae9f28ef1cb6b77ecc00a84b57e1 (diff)