automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-07-21 20:10:31 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-07-21 20:10:31 +0000
commit: 94173d9f125293d64c7d4ea4f0f3a5233a16ec0d (patch)
tree: 692c30ab8ece33fd1ec8c23065e65d94262d46d2 /data/CVE
parent: 5d3fe2ccc90f62748c8334eb73b842f0e70c8c40 (diff)
6 files changed, 63 insertions, 27 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 8d7e637d06..5a5d7fc848 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -10778,7 +10778,7 @@ CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem
 	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
 CVE-2010-1145
 	REJECTED
-CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids 1.24, as used in d ...)
+CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids before 1.24, as us ...)
 	- libnids 1.23-1.2 (low; bug #576281)
 	[lenny] - libnids <no-dsa> (Minor issue)
 	NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index b3826a52d9..38320dcfdd 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -12412,7 +12412,7 @@ CVE-2015-5239 (Integer overflow in the VNC display driver in QEMU before 2.1.0 a
 	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
 	NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d (v2.1.0-rc0)
 CVE-2015-5238
-	RESERVED
+	REJECTED
 CVE-2015-5237 (protobuf allows remote authenticated attackers to cause a heap-based b ...)
 	- protobuf <unfixed> (unimportant)
 	NOTE: https://github.com/google/protobuf/issues/760
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 3a1e3b984d..017c46935d 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -11795,10 +11795,10 @@ CVE-2016-7066 (It was found that the improper default permissions on /tmp/auth d
 	NOT-FOR-US: admin-cli / jboss-cli in Red Hat
 CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...)
 	NOT-FOR-US: Red Hat JBoss EAP
-CVE-2016-7064
-	RESERVED
-CVE-2016-7063
-	RESERVED
+CVE-2016-7064 (A flaw was found in pritunl-client before version 1.0.1116.6. A lack o ...)
+	TODO: check
+CVE-2016-7063 (A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrar ...)
+	TODO: check
 CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Co ...)
 	NOT-FOR-US: Red Hat rhscon-core
 CVE-2016-7061 (An information disclosure vulnerability was found in JBoss Enterprise  ...)
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index 357680472c..99843ca35b 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -480,8 +480,8 @@ CVE-2018-21038 (An issue was discovered on Samsung mobile devices with N(7.x) so
 	NOT-FOR-US: Samsung mobile devices
 CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...)
 	NOT-FOR-US: Subrion CMS
-CVE-2018-21036
-	RESERVED
+CVE-2018-21036 (Sails.js before v1.0.0-46 allows attackers to cause a denial of servic ...)
+	TODO: check
 CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...)
 	- qtwebsockets-opensource-src <unfixed> (low; bug #953049)
 	[buster] - qtwebsockets-opensource-src <ignored> (Minor issue)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 631d336448..bfd996b800 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1173,7 +1173,7 @@ CVE-2019-20419 (Affected versions of Atlassian Jira Server and Data Center allow
 	NOT-FOR-US: Atlassian
 CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
-CVE-2019-20417 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
+CVE-2019-20417 (NOTE: This candidate is a duplicate of CVE-2019-15011. All CVE users s ...)
 	NOT-FOR-US: Atlassian
 CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...)
 	NOT-FOR-US: Atlassian
@@ -5397,7 +5397,7 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allow
 CVE-2019-18861
 	RESERVED
 CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML  ...)
-	{DLA-2278-1}
+	{DSA-4732-1 DLA-2278-1}
 	- squid 4.9-1 (low)
 	- squid3 <removed>
 	NOTE: https://github.com/squid-cache/squid/pull/504
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index b4da437489..824ff81044 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,11 +1,46 @@
+CVE-2020-15880
+	RESERVED
+CVE-2020-15879 (Bitwarden Server 1.35.1 allows SSRF because it does not consider certa ...)
+	TODO: check
+CVE-2020-15878
+	RESERVED
+CVE-2020-15877 (An issue was discovered in LibreNMS before 1.65.1. It has insufficient ...)
+	TODO: check
+CVE-2020-15876
+	RESERVED
+CVE-2020-15875
+	RESERVED
+CVE-2020-15874
+	RESERVED
+CVE-2020-15873 (In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL I ...)
+	TODO: check
+CVE-2020-15872
+	RESERVED
+CVE-2020-15871
+	RESERVED
+CVE-2020-15870
+	RESERVED
+CVE-2020-15869
+	RESERVED
+CVE-2020-15868
+	RESERVED
+CVE-2020-15867
+	RESERVED
+CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...)
+	TODO: check
+CVE-2020-15865
+	RESERVED
+CVE-2020-15864
+	RESERVED
+CVE-2020-15863
+	RESERVED
 CVE-2020-15862
 	RESERVED
 CVE-2020-15861
 	RESERVED
 CVE-2020-15860
 	RESERVED
-CVE-2020-15859 [net: e1000e: use-after-free while sending packets]
-	RESERVED
+CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...)
 	- qemu <unfixed> (bug #965978)
 	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1886362
@@ -297,12 +332,12 @@ CVE-2020-15726
 	RESERVED
 CVE-2020-15725
 	RESERVED
-CVE-2020-15724
-	RESERVED
-CVE-2020-15723
-	RESERVED
-CVE-2020-15722
-	RESERVED
+CVE-2020-15724 (In the version 12.1.0.1005 and below of 360 Total Security, when the G ...)
+	TODO: check
+CVE-2020-15723 (In the version 12.1.0.1004 and below of 360 Total Security, when the m ...)
+	TODO: check
+CVE-2020-15722 (In version 12.1.0.1004 and below of 360 Total Security,when TPI calls  ...)
+	TODO: check
 CVE-2020-15721 (RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XS ...)
 	NOT-FOR-US: RosarioSIS
 CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did n ...)
@@ -1659,8 +1694,8 @@ CVE-2020-15103
 	NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0)
 	NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0)
-CVE-2020-15102
-	RESERVED
+CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...)
+	TODO: check
 CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...)
 	NOT-FOR-US: freewvs
 CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...)
@@ -3965,8 +4000,8 @@ CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload
 	NOT-FOR-US: IceWarp Email Server
 CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user ac ...)
 	NOT-FOR-US: IceWarp Email Server
-CVE-2020-14063
-	RESERVED
+CVE-2020-14063 (A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom Jav ...)
+	TODO: check
 CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...)
 	{DLA-2270-1}
 	- jackson-databind 2.11.1-1
@@ -7678,8 +7713,8 @@ CVE-2020-12501
 	RESERVED
 CVE-2020-12500
 	RESERVED
-CVE-2020-12499
-	RESERVED
+CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...)
+	TODO: check
 CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...)
 	NOT-FOR-US: Phoenix
 CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...)
@@ -7836,8 +7871,8 @@ CVE-2020-12434
 	RESERVED
 CVE-2020-12433
 	RESERVED
-CVE-2020-12432
-	RESERVED
+CVE-2020-12432 (The WOPI API integration for Vereign Collabora CODE through 4.2.2 does ...)
+	TODO: check
 CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software  ...)
 	NOT-FOR-US: Splashtop Software Updater
 CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...)
@@ -20042,7 +20077,7 @@ CVE-2020-7265 (Privilege Escalation vulnerability in McAfee Endpoint Security (E
 	NOT-FOR-US: McAfee
 CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...)
 	NOT-FOR-US: McAfee
-CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...)
+CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in McAfee En ...)
 	NOT-FOR-US: ENS for Windows
 CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...)
 	NOT-FOR-US: McAfee
@@ -33097,6 +33132,7 @@ CVE-2020-1505
 	RESERVED
 CVE-2020-1504
 	RESERVED
+	{DSA-4732-1}
 CVE-2020-1503
 	RESERVED
 CVE-2020-1502
author	security tracker role <sectracker@soriano.debian.org>	2020-07-21 20:10:31 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-07-21 20:10:31 +0000
commit	94173d9f125293d64c7d4ea4f0f3a5233a16ec0d (patch)
tree	692c30ab8ece33fd1ec8c23065e65d94262d46d2 /data/CVE
parent	5d3fe2ccc90f62748c8334eb73b842f0e70c8c40 (diff)