automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-03-19 20:10:22 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-03-19 20:10:22 +0000
commit: 917aee59122ca05c86b70a21be69ea38a3a2603b (patch)
tree: e9bbaf59201d1265f36db900da571e4775bef6ce /data/CVE
parent: d7c724ade1f5d14d6d7e5ad0eb3d636bd5ac7b3b (diff)
3 files changed, 134 insertions, 134 deletions
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 40080a8876..f7aa50b6a1 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -20005,12 +20005,12 @@ CVE-2014-2725
 	RESERVED
 CVE-2014-2724
 	RESERVED
-CVE-2014-2723
-	RESERVED
-CVE-2014-2722
-	RESERVED
-CVE-2014-2721
-	RESERVED
+CVE-2014-2723 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote  ...)
+	TODO: check
+CVE-2014-2722 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote  ...)
+	TODO: check
+CVE-2014-2721 (In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote  ...)
+	TODO: check
 CVE-2014-2720 (IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Cen ...)
 	NOT-FOR-US: IZArc Archiver
 CVE-2014-2719 (Advanced_System_Content.asp in the ASUS RT series routers with firmwar ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 4eeba656a3..1d2f60259f 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -2,36 +2,36 @@ CVE-2019-20529 (In core/doctype/prepared_report/prepared_report.py in Frappe 11
 	NOT-FOR-US: Frappe Framework
 CVE-2019-20528 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
 	NOT-FOR-US: Ignite Realtime Openfire
-CVE-2019-20527
-	RESERVED
-CVE-2019-20526
-	RESERVED
-CVE-2019-20525
-	RESERVED
-CVE-2019-20524
-	RESERVED
-CVE-2019-20523
-	RESERVED
-CVE-2019-20522
-	RESERVED
-CVE-2019-20521
-	RESERVED
-CVE-2019-20520
-	RESERVED
-CVE-2019-20519
-	RESERVED
-CVE-2019-20518
-	RESERVED
-CVE-2019-20517
-	RESERVED
-CVE-2019-20516
-	RESERVED
-CVE-2019-20515
-	RESERVED
-CVE-2019-20514
-	RESERVED
-CVE-2019-20513
-	RESERVED
+CVE-2019-20527 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
+	TODO: check
+CVE-2019-20526 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
+	TODO: check
+CVE-2019-20525 (Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasour ...)
+	TODO: check
+CVE-2019-20524 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Banner param ...)
+	TODO: check
+CVE-2019-20523 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Name paramet ...)
+	TODO: check
+CVE-2019-20522 (ilchCMS 2.1.23 allows XSS via the index.php/partner/index Link paramet ...)
+	TODO: check
+CVE-2019-20521 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/ URI ...)
+	TODO: check
+CVE-2019-20520 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the api/meth ...)
+	TODO: check
+CVE-2019-20519 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the user/ UR ...)
+	TODO: check
+CVE-2019-20518 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the project/ ...)
+	TODO: check
+CVE-2019-20517 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the contact/ ...)
+	TODO: check
+CVE-2019-20516 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the blog/ UR ...)
+	TODO: check
+CVE-2019-20515 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the addresse ...)
+	TODO: check
+CVE-2019-20514 (ERPNext 11.1.47 allows reflected XSS via the PATH_INFO to the address/ ...)
+	TODO: check
+CVE-2019-20513 (Open edX Ironwood.1 allows support/certificates?user= reflected XSS. ...)
+	TODO: check
 CVE-2019-20512 (Open edX Ironwood.1 allows support/certificates?course_id= reflected X ...)
 	NOT-FOR-US: Open edX Ironwood.1
 CVE-2019-20511 (ERPNext 11.1.47 allows blog?blog_category= Frame Injection. ...)
@@ -1942,7 +1942,7 @@ CVE-2019-19801 (In Gallagher Command Centre Server versions of v8.10 prior to v8
 	NOT-FOR-US: Gallagher Command Centre Server
 CVE-2019-19800 (Zoho ManageEngine Applications Manager 14 before 14520 allows a remote ...)
 	NOT-FOR-US: Zoho ManageEngine Applications Manager
-CVE-2019-19799 (Zoho ManageEngine Applications Manager 14590 and before allows a remot ...)
+CVE-2019-19799 (Zoho ManageEngine Applications Manager before 14600 allows a remote un ...)
 	NOT-FOR-US: Zoho ManageEngine
 CVE-2019-19798
 	RESERVED
@@ -3173,8 +3173,7 @@ CVE-2019-19338 [KVM: export MSR_IA32_TSX_CTRL to guest -  incomplete fix for TAA
 	NOTE: https://www.openwall.com/lists/oss-security/2019/12/11/1
 CVE-2019-19337 (A flaw was found in Red Hat Ceph Storage version 3 in the way the Ceph ...)
 	- ceph <not-affected> (Only affects Ceph as packaged by Red Hat)
-CVE-2019-19336
-	RESERVED
+CVE-2019-19336 (A cross-site scripting vulnerability was reported in the oVirt-engine' ...)
 	NOT-FOR-US: ovirt-engine
 CVE-2019-19335 (During installation of an OpenShift 4 cluster, the `openshift-install` ...)
 	NOT-FOR-US: OpenShift
@@ -10317,8 +10316,8 @@ CVE-2019-16384
 	RESERVED
 CVE-2019-16383 (MOVEit.DMZ.WebApi.dll in Progress MOVEit Transfer 2018 SP2 before 10.2 ...)
 	NOT-FOR-US: Progress MOVEit Transfer
-CVE-2019-16382
-	RESERVED
+CVE-2019-16382 (An issue was discovered in Ivanti Workspace Control 10.3.110.0. One is ...)
+	TODO: check
 CVE-2019-16381
 	RESERVED
 CVE-2019-16380
@@ -10329,8 +10328,7 @@ CVE-2019-16377 (The makandra consul gem through 1.0.2 for Ruby has Incorrect Acc
 	NOT-FOR-US: makandra consul gem
 CVE-2019-16376
 	RESERVED
-CVE-2019-16375
-	RESERVED
+CVE-2019-16375 (An issue was discovered in Open Ticket Request System (OTRS) 7.0.x thr ...)
 	- otrs2 6.0.23-1
 	[buster] - otrs2 <no-dsa> (Non-free not supported)
 	[stretch] - otrs2 <no-dsa> (Non-free not supported)
@@ -10434,10 +10432,10 @@ CVE-2019-16340 (Belkin Linksys Velop 1.1.8.192419 devices allows remote attacker
 	NOT-FOR-US: Belkin
 CVE-2019-16339
 	RESERVED
-CVE-2019-16338
-	RESERVED
-CVE-2019-16337
-	RESERVED
+CVE-2019-16338 (The tfo_common component in HwordApp.dll in Hancom Office 9.6.1.7634 a ...)
+	TODO: check
+CVE-2019-16337 (The hncbd90 component in Hancom Office 9.6.1.9403 allows a use-after-f ...)
+	TODO: check
 CVE-2019-16336 (The Bluetooth Low Energy implementation in Cypress PSoC 4 BLE componen ...)
 	NOT-FOR-US: Cypress
 CVE-2019-16335 (A Polymorphic Typing issue was discovered in FasterXML jackson-databin ...)
@@ -11123,26 +11121,26 @@ CVE-2019-16072
 	RESERVED
 CVE-2019-16071
 	RESERVED
-CVE-2019-16070
-	RESERVED
+CVE-2019-16070 (A number of stored Cross-site Scripting (XSS) vulnerabilities were ide ...)
+	TODO: check
 CVE-2019-16069
 	RESERVED
 CVE-2019-16068
 	RESERVED
-CVE-2019-16067
-	RESERVED
-CVE-2019-16066
-	RESERVED
-CVE-2019-16065
-	RESERVED
-CVE-2019-16064
-	RESERVED
+CVE-2019-16067 (NETSAS Enigma NMS 65.0.0 and prior utilises basic authentication over  ...)
+	TODO: check
+CVE-2019-16066 (An unrestricted file upload vulnerability exists in user and system fi ...)
+	TODO: check
+CVE-2019-16065 (A remote SQL injection web vulnerability was discovered in the Enigma  ...)
+	TODO: check
+CVE-2019-16064 (NETSAS Enigma NMS 65.0.0 and prior suffers from a directory traversal  ...)
+	TODO: check
 CVE-2019-16063
 	RESERVED
-CVE-2019-16062
-	RESERVED
-CVE-2019-16061
-	RESERVED
+CVE-2019-16062 (NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data sto ...)
+	TODO: check
+CVE-2019-16061 (A number of files on the NETSAS Enigma NMS server 65.0.0 and prior are ...)
+	TODO: check
 CVE-2019-16089 (An issue was discovered in the Linux kernel through 5.2.13. nbd_genl_s ...)
 	- linux <unfixed>
 	[stretch] - linux <not-affected> (Vulnerable code not present)
@@ -11263,12 +11261,12 @@ CVE-2019-16014
 	RESERVED
 CVE-2019-16013
 	RESERVED
-CVE-2019-16012
-	RESERVED
+CVE-2019-16012 (A vulnerability in the web UI of Cisco SD-WAN Solution vManage softwar ...)
+	TODO: check
 CVE-2019-16011
 	RESERVED
-CVE-2019-16010
-	RESERVED
+CVE-2019-16010 (A vulnerability in the web UI of the Cisco SD-WAN vManage software cou ...)
+	TODO: check
 CVE-2019-16009
 	RESERVED
 CVE-2019-16008 (A vulnerability in the web-based GUI of Cisco IP Phone 6800, 7800, and ...)
@@ -12242,14 +12240,14 @@ CVE-2019-15658 (connect-pg-simple before 6.0.1 allows SQL injection if tableName
 	NOT-FOR-US: connect-pg-simple
 CVE-2019-15657 (In eslint-utils before 1.4.1, the getStaticValue function can execute  ...)
 	NOT-FOR-US: eslint-utils
-CVE-2019-15656
-	RESERVED
-CVE-2019-15655
-	RESERVED
-CVE-2019-15654
-	RESERVED
-CVE-2019-15653
-	RESERVED
+CVE-2019-15656 (D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to  ...)
+	TODO: check
+CVE-2019-15655 (D-Link DSL-2875AL devices through 1.00.05 are prone to password disclo ...)
+	TODO: check
+CVE-2019-15654 (Comba AP2600-I devices through A02,0202N00PD2 are prone to password di ...)
+	TODO: check
+CVE-2019-15653 (Comba AP2600-I devices through A02,0202N00PD2 are prone to password di ...)
+	TODO: check
 CVE-2019-15652 (The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices ...)
 	NOT-FOR-US: NSSLGlobal SatLink VSAT Modem Unit (VMU) devices
 CVE-2019-15651 (wolfSSL 4.1.0 has a one-byte heap-based buffer over-read in DecodeCert ...)
@@ -12537,8 +12535,8 @@ CVE-2019-15541 (rustls-mio/examples/tlsserver.rs in the rustls crate before 0.16
 	NOT-FOR-US: Rust crate rustls
 CVE-2019-15540 (filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2. ...)
 	NOT-FOR-US: libMirage
-CVE-2019-15539
-	RESERVED
+CVE-2019-15539 (The proj_doc_edit_page.php Project Documentation feature in MantisBT b ...)
+	TODO: check
 CVE-2019-15538 (An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in ...)
 	{DLA-1919-1}
 	- linux 5.2.17-1
@@ -13530,8 +13528,7 @@ CVE-2019-15126 (An issue was discovered on Broadcom Wi-Fi client devices. Specif
 	NOT-FOR-US: Broadcom
 CVE-2019-15125
 	RESERVED
-CVE-2019-15124
-	RESERVED
+CVE-2019-15124 (In the MobileFrontend extension for MediaWiki, XSS exists within the e ...)
 	NOT-FOR-US: MobileFrontend extension for MediaWiki
 CVE-2019-15123
 	RESERVED
@@ -14164,56 +14161,49 @@ CVE-2019-14880
 	- moodle <removed>
 CVE-2019-14879 (moodle before versions 3.7.3, 3.6.7, 3.5.9 is vulnerable to a None. ...)
 	- moodle <removed>
-CVE-2019-14878
-	RESERVED
+CVE-2019-14878 (In the __d2b function of the newlib libc library, all versions prior t ...)
 	- newlib 3.3.0-1
 	[buster] - newlib <no-dsa> (Minor issue)
 	[stretch] - newlib <no-dsa> (Minor issue)
 	[jessie] - newlib <ignored> (Minor issue)
 	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
 	TODO: picolibc might be affected, not yet in the archive
-CVE-2019-14877
-	RESERVED
+CVE-2019-14877 (In the __mdiff function of the newlib libc library, all versions prior ...)
 	- newlib 3.3.0-1
 	[buster] - newlib <no-dsa> (Minor issue)
 	[stretch] - newlib <no-dsa> (Minor issue)
 	[jessie] - newlib <ignored> (Minor issue)
 	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
 	TODO: picolibc might be affected, not yet in the archive
-CVE-2019-14876
-	RESERVED
+CVE-2019-14876 (In the __lshift function of the newlib libc library, all versions prio ...)
 	- newlib 3.3.0-1
 	[buster] - newlib <no-dsa> (Minor issue)
 	[stretch] - newlib <no-dsa> (Minor issue)
 	[jessie] - newlib <ignored> (Minor issue)
 	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
 	TODO: picolibc might be affected, not yet in the archive
-CVE-2019-14875
-	RESERVED
+CVE-2019-14875 (In the __multiply function of the newlib libc library, all versions pr ...)
 	- newlib 3.3.0-1
 	[buster] - newlib <no-dsa> (Minor issue)
 	[stretch] - newlib <no-dsa> (Minor issue)
 	[jessie] - newlib <ignored> (Minor issue)
 	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
 	TODO: picolibc might be affected, not yet in the archive
-CVE-2019-14874
-	RESERVED
+CVE-2019-14874 (In the __i2b function of the newlib libc library, all versions prior t ...)
 	- newlib 3.3.0-1
 	[buster] - newlib <no-dsa> (Minor issue)
 	[stretch] - newlib <no-dsa> (Minor issue)
 	[jessie] - newlib <ignored> (Minor issue)
 	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
 	TODO: picolibc might be affected, not yet in the archive
-CVE-2019-14873
-	RESERVED
+CVE-2019-14873 (In the __multadd function of the newlib libc library, prior to version ...)
 	- newlib 3.3.0-1
 	[buster] - newlib <no-dsa> (Minor issue)
 	[stretch] - newlib <no-dsa> (Minor issue)
 	[jessie] - newlib <ignored> (Minor issue)
 	NOTE: https://census-labs.com/news/2020/01/31/multiple-null-pointer-dereference-vulnerabilities-in-newlib/
 	TODO: picolibc might be affected, not yet in the archive
-CVE-2019-14872
-	RESERVED
+CVE-2019-14872 (The _dtoa_r function of the newlib libc library, prior to version 3.3. ...)
 	- newlib 3.3.0-1
 	[buster] - newlib <no-dsa> (Minor issue)
 	[stretch] - newlib <no-dsa> (Minor issue)
@@ -20974,8 +20964,8 @@ CVE-2019-12418 (When Apache Tomcat 9.0.0.M1 to 9.0.28, 8.5.0 to 8.5.47, 7.0.0 an
 	NOTE: https://github.com/apache/tomcat/commit/bef3f40400243348d12f4abfe9b413f43897c02b (7.0.98)
 CVE-2019-12417 (A malicious admin user could edit the state of objects in the Airflow  ...)
 	- airflow <itp> (bug #819700)
-CVE-2019-12416
-	RESERVED
+CVE-2019-12416 (we got reports for 2 injection attacks against the DeltaSpike windowha ...)
+	TODO: check
 CVE-2019-12415 (In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to conv ...)
 	- libapache-poi-java <unfixed> (bug #943565)
 	[buster] - libapache-poi-java <no-dsa> (Minor issue)
@@ -21727,18 +21717,18 @@ CVE-2019-12132 (An issue was discovered in ONAP SDNC before Dublin. By executing
 	TODO: check
 CVE-2019-12131 (An issue was detected in ONAP APPC through Dublin and SDC through Dubl ...)
 	TODO: check
-CVE-2019-12130
-	RESERVED
-CVE-2019-12129
-	RESERVED
-CVE-2019-12128
-	RESERVED
-CVE-2019-12127
-	RESERVED
-CVE-2019-12126
-	RESERVED
-CVE-2019-12125
-	RESERVED
+CVE-2019-12130 (In ONAP CLI through Dublin, by accessing an applicable port (30234, 30 ...)
+	TODO: check
+CVE-2019-12129 (In ONAP MSB through Dublin, by accessing an applicable port (30234, 30 ...)
+	TODO: check
+CVE-2019-12128 (In ONAP SO through Dublin, by accessing an applicable port (30234, 302 ...)
+	TODO: check
+CVE-2019-12127 (In ONAP OOM through Dublin, by accessing an applicable port (30234, 30 ...)
+	TODO: check
+CVE-2019-12126 (In ONAP DCAE through Dublin, by accessing an applicable port (30234, 3 ...)
+	TODO: check
+CVE-2019-12125 (In ONAP Logging through Dublin, by accessing an applicable port (30234 ...)
+	TODO: check
 CVE-2019-12124 (An issue was discovered in ONAP APPC before Dublin. By using an expose ...)
 	TODO: check
 CVE-2019-12123 (An issue was discovered in ONAP SDNC before Dublin. By executing sla/p ...)
@@ -23878,8 +23868,8 @@ CVE-2019-11363 (A SQL injection vulnerability in Snare Central before 7.4.5 allo
 	NOT-FOR-US: Snare Central
 CVE-2019-11362 (app/controllers/frontend/PostController.php in ROCBOSS V2.2.1 has SQL  ...)
 	NOT-FOR-US: ROCBOSS
-CVE-2019-11361
-	RESERVED
+CVE-2019-11361 (Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user p ...)
+	TODO: check
 CVE-2019-11366 (An issue was discovered in atftpd in atftp 0.7.1. It does not lock the ...)
 	{DSA-4438-1 DLA-1783-1}
 	- atftp 0.7.git20120829-3.1 (bug #927553)
@@ -40821,7 +40811,7 @@ CVE-2019-5106 (A hard-coded encryption key vulnerability exists in the authentic
 CVE-2019-5105
 	RESERVED
 CVE-2019-5104
-	RESERVED
+	REJECTED
 CVE-2019-5103
 	RESERVED
 CVE-2019-5102 (An exploitable information leak vulnerability exists in the ustream-ss ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index c29e0e13ba..655ff8fe92 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,17 +1,27 @@
+CVE-2020-10679
+	RESERVED
+CVE-2020-10678 (In Octopus Deploy before 2020.1.5, for customers running on-premises A ...)
+	TODO: check
+CVE-2020-10677
+	RESERVED
+CVE-2020-10676
+	RESERVED
+CVE-2020-10675 (The Library API in buger jsonparser through 2019-12-04 allows attacker ...)
+	TODO: check
 CVE-2020-10673 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	TODO: check
 CVE-2020-10672 (FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interact ...)
 	TODO: check
-CVE-2020-10671
-	RESERVED
-CVE-2020-10670
-	RESERVED
+CVE-2020-10671 (The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missi ...)
+	TODO: check
+CVE-2020-10670 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
+	TODO: check
 CVE-2020-10669
 	RESERVED
-CVE-2020-10668
-	RESERVED
-CVE-2020-10667
-	RESERVED
+CVE-2020-10668 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
+	TODO: check
+CVE-2020-10667 (The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 pri ...)
+	TODO: check
 CVE-2020-10666
 	RESERVED
 CVE-2020-10674 (PerlSpeak through 2.01 allows attackers to execute arbitrary OS comman ...)
@@ -51,8 +61,8 @@ CVE-2020-10650
 	RESERVED
 CVE-2020-10649
 	RESERVED
-CVE-2020-10648
-	RESERVED
+CVE-2020-10648 (Das U-Boot through 2020.01 allows attackers to bypass verified boot re ...)
+	TODO: check
 CVE-2020-10647
 	RESERVED
 CVE-2020-10646
@@ -2850,6 +2860,7 @@ CVE-2020-9337 (In GolfBuddy Course Manager 1.1, passwords are sent (with base64
 CVE-2020-9336 (fauzantrif eLection 2.0 has XSS via the Admin Dashboard -&gt; Settings ...)
 	NOT-FOR-US: fauzantrif eLection
 CVE-2020-6816 [mutation XSS vulnerability again]
+	RESERVED
 	- python-bleach 3.1.3-1 (bug #954236)
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1621692 (not public)
 	NOTE: https://github.com/mozilla/bleach/security/advisories/GHSA-m6xf-fq7q-8743
@@ -11639,8 +11650,8 @@ CVE-2020-5269
 	RESERVED
 CVE-2020-5268
 	RESERVED
-CVE-2020-5267
-	RESERVED
+CVE-2020-5267 (In ActionView before versions 6.0.2.2 and 5.2.4.2, there is a possible ...)
+	TODO: check
 CVE-2020-5266
 	RESERVED
 CVE-2020-5265
@@ -11649,8 +11660,8 @@ CVE-2020-5264
 	RESERVED
 CVE-2020-5263
 	RESERVED
-CVE-2020-5262
-	RESERVED
+CVE-2020-5262 (In EasyBuild before version 4.1.2, the GitHub Personal Access Token (P ...)
+	TODO: check
 CVE-2020-5261
 	RESERVED
 CVE-2020-5260
@@ -13843,12 +13854,12 @@ CVE-2020-4207 (IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0
 	NOT-FOR-US: IBM
 CVE-2020-4206
 	RESERVED
-CVE-2020-4205
-	RESERVED
+CVE-2020-4205 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could allow an aut ...)
+	TODO: check
 CVE-2020-4204 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
 	NOT-FOR-US: IBM
-CVE-2020-4203
-	RESERVED
+CVE-2020-4203 (IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially  ...)
+	TODO: check
 CVE-2020-4202
 	RESERVED
 CVE-2020-4201
@@ -15747,12 +15758,12 @@ CVE-2020-3268
 	RESERVED
 CVE-2020-3267
 	RESERVED
-CVE-2020-3266
-	RESERVED
-CVE-2020-3265
-	RESERVED
-CVE-2020-3264
-	RESERVED
+CVE-2020-3266 (A vulnerability in the CLI of Cisco SD-WAN Solution software could all ...)
+	TODO: check
+CVE-2020-3265 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...)
+	TODO: check
+CVE-2020-3264 (A vulnerability in Cisco SD-WAN Solution software could allow an authe ...)
+	TODO: check
 CVE-2020-3263
 	RESERVED
 CVE-2020-3262
@@ -19095,8 +19106,7 @@ CVE-2020-1707
 	NOT-FOR-US: openshift
 CVE-2020-1706 (It has been found that in openshift-enterprise version 3.11 and opensh ...)
 	NOT-FOR-US: openshift
-CVE-2020-1705
-	RESERVED
+CVE-2020-1705 (A vulnerability was found in openshift/template-service-broker-operato ...)
 	NOT-FOR-US: openshift
 CVE-2020-1704 (An insecure modification vulnerability in the /etc/passwd file was fou ...)
 	NOT-FOR-US: openshift
author	security tracker role <sectracker@soriano.debian.org>	2020-03-19 20:10:22 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-03-19 20:10:22 +0000
commit	917aee59122ca05c86b70a21be69ea38a3a2603b (patch)
tree	e9bbaf59201d1265f36db900da571e4775bef6ce /data/CVE
parent	d7c724ade1f5d14d6d7e5ad0eb3d636bd5ac7b3b (diff)