diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-08-27 20:10:20 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-08-27 20:10:20 +0000 |
commit | b2daf3514af6dd6fb6d8c7861ff81b59bab87716 (patch) | |
tree | 11fe69762489eab7f4fad0eaff577b25e7b3be8d /data/CVE | |
parent | 7a435203658d593db12f1c1e7fadf5a4f45840b2 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2012.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 2 | ||||
-rw-r--r-- | data/CVE/2020.list | 200 |
3 files changed, 127 insertions, 83 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 373c688e5b..9fcd8077c8 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -11187,8 +11187,8 @@ CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in NOT-FOR-US: IBM Global Security Kit CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus ...) NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security System -CVE-2012-2201 - RESERVED +CVE-2012-2201 (IBM WebSphere MQ 7.1 is vulnerable to a denial of service, caused by a ...) + TODO: check CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS ...) NOT-FOR-US: sendmail configuration in AIX CVE-2012-2199 (The server message channel agent in the queue manager in the server in ...) @@ -11270,8 +11270,8 @@ CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS) NOT-FOR-US: WebSphere CVE-2012-2161 (Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM Ec ...) NOT-FOR-US: IBM Security AppScan Source -CVE-2012-2160 - RESERVED +CVE-2012-2160 (IBM Rational Change 5.3 is vulnerable to cross-site scripting, caused ...) + TODO: check CVE-2012-2159 (Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used ...) NOT-FOR-US: IBM Eclipse Help System CVE-2012-2158 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 35ef8f1240..c328b3fda6 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -15511,7 +15511,7 @@ CVE-2019-14823 (A flaw was found in the "Leaf and Chain" OCSP policy implementat NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1747435 NOTE: https://github.com/dogtagpki/jss/pull/284 NOTE: https://github.com/dogtagpki/jss/commit/be37ff4738b4696d529a13b6ed33c7ac56d97ba4 -CVE-2019-14822 (A flaw was discovered in ibus that allows any unprivileged user to mon ...) +CVE-2019-14822 (A flaw was discovered in ibus in versions before 1.5.22 that allows an ...) {DSA-4525-1} - ibus 1.5.21-1 (bug #940267) [jessie] - ibus <ignored> (Hard to exploit, regression risk) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 391d57ddd9..fac4fbe354 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,41 @@ +CVE-2020-24718 + RESERVED +CVE-2020-24717 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group pe ...) + TODO: check +CVE-2020-24716 (OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permiss ...) + TODO: check +CVE-2020-24715 + RESERVED +CVE-2020-24714 + RESERVED +CVE-2020-24713 + RESERVED +CVE-2020-24712 + RESERVED +CVE-2020-24711 + RESERVED +CVE-2020-24710 + RESERVED +CVE-2020-24709 + RESERVED +CVE-2020-24708 + RESERVED +CVE-2020-24707 + RESERVED +CVE-2020-24706 (An issue was discovered in certain WSO2 products. The Try It tool allo ...) + TODO: check +CVE-2020-24705 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...) + TODO: check +CVE-2020-24704 (An issue was discovered in certain WSO2 products. The Try It tool allo ...) + TODO: check +CVE-2020-24703 (An issue was discovered in certain WSO2 products. A valid Carbon Manag ...) + TODO: check +CVE-2020-24702 + RESERVED +CVE-2020-24701 + RESERVED +CVE-2020-24700 + RESERVED CVE-2020-24699 RESERVED CVE-2020-24698 @@ -628,8 +666,8 @@ CVE-2020-24392 RESERVED CVE-2020-24391 RESERVED -CVE-2020-24390 - RESERVED +CVE-2020-24390 (eonweb in EyesOfNetwork before 5.3-7 does not properly escape the user ...) + TODO: check CVE-2020-24389 RESERVED CVE-2020-24388 @@ -1047,10 +1085,10 @@ CVE-2020-24205 RESERVED CVE-2020-24204 RESERVED -CVE-2020-24203 - RESERVED -CVE-2020-24202 - RESERVED +CVE-2020-24203 (Insecure File Permissions and Arbitrary File Upload in the upload pic ...) + TODO: check +CVE-2020-24202 (File Upload component in Projects World House Rental v1.0 suffers from ...) + TODO: check CVE-2020-24201 RESERVED CVE-2020-24200 @@ -1061,8 +1099,8 @@ CVE-2020-24198 RESERVED CVE-2020-24197 RESERVED -CVE-2020-24196 - RESERVED +CVE-2020-24196 (An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental ...) + TODO: check CVE-2020-24195 RESERVED CVE-2020-24194 @@ -1485,32 +1523,32 @@ CVE-2020-23986 RESERVED CVE-2020-23985 RESERVED -CVE-2020-23984 - RESERVED -CVE-2020-23983 - RESERVED -CVE-2020-23982 - RESERVED -CVE-2020-23981 - RESERVED -CVE-2020-23980 - RESERVED -CVE-2020-23979 - RESERVED -CVE-2020-23978 - RESERVED -CVE-2020-23977 - RESERVED -CVE-2020-23976 - RESERVED -CVE-2020-23975 - RESERVED -CVE-2020-23974 - RESERVED -CVE-2020-23973 - RESERVED -CVE-2020-23972 - RESERVED +CVE-2020-23984 (Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-s ...) + TODO: check +CVE-2020-23983 (Michael-design iChat Realtime PHP Live Support System 1.6 has persiste ...) + TODO: check +CVE-2020-23982 (DesignMasterEvents Conference management 1.0.0 has cross site scriptin ...) + TODO: check +CVE-2020-23981 (13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id pa ...) + TODO: check +CVE-2020-23980 (DesignMasterEvents Conference management 1.0.0 allows SQL Injection vi ...) + TODO: check +CVE-2020-23979 (13enforme CMS 1.0 has SQL Injection via the 'content.php' id parameter ...) + TODO: check +CVE-2020-23978 (SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the ...) + TODO: check +CVE-2020-23977 (KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the 't ...) + TODO: check +CVE-2020-23976 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection ...) + TODO: check +CVE-2020-23975 (Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scr ...) + TODO: check +CVE-2020-23974 (Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting ...) + TODO: check +CVE-2020-23973 (KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the 'team.php ...) + TODO: check +CVE-2020-23972 (In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can ...) + TODO: check CVE-2020-23971 RESERVED CVE-2020-23970 @@ -2301,8 +2339,8 @@ CVE-2020-23578 RESERVED CVE-2020-23577 RESERVED -CVE-2020-23576 - RESERVED +CVE-2020-23576 (Laborator Neon dashboard v3 is affected by stored Cross Site Scripting ...) + TODO: check CVE-2020-23575 RESERVED CVE-2020-23574 (When uploading a file in Sysax Multi Server 6.90, an authenticated use ...) @@ -17305,8 +17343,8 @@ CVE-2020-16144 RESERVED CVE-2020-16143 (The seafile-client client 7.0.8 for Seafile is vulnerable to DLL hijac ...) - seafile-client <not-affected> (Windows-specific) -CVE-2020-16142 - RESERVED +CVE-2020-16142 (On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the B ...) + TODO: check CVE-2020-16141 RESERVED CVE-2020-16140 @@ -18070,17 +18108,20 @@ CVE-2020-15812 RESERVED CVE-2020-15811 RESERVED + {DSA-4751-1} - squid 4.13-1 (bug #968932) - squid3 <removed> NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-c7p8-xqhm-49wv NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_8.patch CVE-2020-24606 (Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perfor ...) + {DSA-4751-1} - squid 4.13-1 (bug #968933) - squid3 <removed> NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-vvj7-xjgq-g2jg NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2020_9.patch CVE-2020-15810 RESERVED + {DSA-4751-1} - squid 4.13-1 (bug #968934) - squid3 <removed> NOTE: https://github.com/squid-cache/squid/security/advisories/GHSA-3365-q9qx-f98m @@ -18430,7 +18471,7 @@ CVE-2020-15670 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15670 CVE-2020-15669 RESERVED - {DSA-4749-1} + {DSA-4749-1 DLA-2346-1} - firefox-esr 68.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-37/#CVE-2020-15669 CVE-2020-15668 @@ -18451,7 +18492,7 @@ CVE-2020-15665 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15665 CVE-2020-15664 RESERVED - {DSA-4749-1} + {DSA-4749-1 DLA-2346-1} - firefox 80.0-1 - firefox-esr 68.12.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/#CVE-2020-15664 @@ -21255,8 +21296,7 @@ CVE-2020-14418 RESERVED CVE-2020-14417 RESERVED -CVE-2020-14415 [division by zero in oss_write() in audio/ossaudio.c] - RESERVED +CVE-2020-14415 (oss_write in audio/ossaudio.c in QEMU before 5.0.0 mishandles a buffer ...) - qemu 1:5.0-1 [buster] - qemu <not-affected> (Vulnerable code introduced later) [stretch] - qemu <not-affected> (Vulnerable code introduced later) @@ -35466,6 +35506,7 @@ CVE-2020-8626 CVE-2020-8625 RESERVED CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21 ...) + {DSA-4752-1} - bind9 1:9.16.6-1 (bug #966497) [stretch] - bind9 <not-affected> (Vulnerable code (dns_ssu_mtypefromstring()) introduced later) NOTE: https://kb.isc.org/docs/cve-2020-8624 @@ -35476,11 +35517,13 @@ CVE-2020-8624 (In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9. NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/393e8f643c02215fa4e6d4edf67be7d77085da0e (v9_11_22) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/58e560beb50873c699f3431cf57e215dc645d7aa (v9_11_22) CVE-2020-8623 (In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3 ...) + {DSA-4752-1} - bind9 1:9.16.6-1 NOTE: https://kb.isc.org/docs/cve-2020-8623 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/ac3862a5da95bb07b6cf748b0958175687a9de1d (v9_16_6) NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/8d807cc21655eaa6e6a08afafeec3682c0f3f2ab (v9_11_22) CVE-2020-8622 (In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, ...) + {DSA-4752-1} - bind9 1:9.16.6-1 NOTE: https://kb.isc.org/docs/cve-2020-8622 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/0eec632d6a5a474280017ec949d8a8014612f3b3 (v9_16_6) @@ -35498,6 +35541,7 @@ CVE-2020-8620 (In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who NOTE: https://kb.isc.org/docs/cve-2020-8620 NOTE: https://gitlab.isc.org/isc-projects/bind9/commit/9a372f2bce642545164d2b4408eb6c4e301acc5e (v9_16_6) CVE-2020-8619 (In ISC BIND9 versions BIND 9.11.14 -> 9.11.19, BIND 9.14.9 -> 9. ...) + {DSA-4752-1} - bind9 1:9.16.4-1 [stretch] - bind9 <not-affected> (Vulnerable code introduced later) [jessie] - bind9 <not-affected> (Vulnerable code introduced later) @@ -43143,8 +43187,8 @@ CVE-2020-5385 (Dell Encryption versions prior to 10.8 and Dell Endpoint Security NOT-FOR-US: Dell CVE-2020-5384 (Authentication Bypass Vulnerability RSA MFA Agent 2.0 for Microsoft Wi ...) NOT-FOR-US: RSA MFA Agent -CVE-2020-5383 - RESERVED +CVE-2020-5383 (Dell EMC Isilon OneFS version 8.2.2 and Dell EMC PowerScale OneFS vers ...) + TODO: check CVE-2020-5382 RESERVED CVE-2020-5381 @@ -44850,8 +44894,8 @@ CVE-2020-4605 RESERVED CVE-2020-4604 RESERVED -CVE-2020-4603 - RESERVED +CVE-2020-4603 (IBM Security Guardium Insights 2.0.1 performs an operation at a privil ...) + TODO: check CVE-2020-4602 RESERVED CVE-2020-4601 @@ -44906,8 +44950,8 @@ CVE-2020-4577 RESERVED CVE-2020-4576 RESERVED -CVE-2020-4575 - RESERVED +CVE-2020-4575 (IBM WebSphere Application Server ND 8.5 and 9.0, and IBM WebSphere Vir ...) + TODO: check CVE-2020-4574 (IBM Tivoli Key Lifecycle Manager does not require that users should ha ...) NOT-FOR-US: IBM CVE-2020-4573 (IBM Tivoli Key Lifecycle Manager 3.0.1 and 4.0 could disclose sensitiv ...) @@ -45706,26 +45750,26 @@ CVE-2020-4177 (IBM Security Guardium 11.1 contains hard-coded credentials, such NOT-FOR-US: IBM CVE-2020-4176 RESERVED -CVE-2020-4175 - RESERVED -CVE-2020-4174 - RESERVED +CVE-2020-4175 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) + TODO: check +CVE-2020-4174 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...) + TODO: check CVE-2020-4173 (IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure a ...) NOT-FOR-US: IBM -CVE-2020-4172 - RESERVED -CVE-2020-4171 - RESERVED +CVE-2020-4172 (IBM Security Guardium Insights 2.0.1 stores sensitive information in U ...) + TODO: check +CVE-2020-4171 (IBM Security Guardium Insights 2.0.1 allows web pages to be stored loc ...) + TODO: check CVE-2020-4170 (IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site reque ...) NOT-FOR-US: IBM -CVE-2020-4169 - RESERVED +CVE-2020-4169 (IBM Security Guardium Insights 2.0.1 uses weaker than expected cryptog ...) + TODO: check CVE-2020-4168 RESERVED -CVE-2020-4167 - RESERVED -CVE-2020-4166 - RESERVED +CVE-2020-4167 (IBM Security Guardium Insights 2.0.1 could allow an attacker to obtain ...) + TODO: check +CVE-2020-4166 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) + TODO: check CVE-2020-4165 (IBM Security Guardium Insights 2.0.1 could allow a remote attacker to ...) NOT-FOR-US: IBM CVE-2020-4164 (IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0. ...) @@ -47144,8 +47188,8 @@ CVE-2020-3519 (A vulnerability in a specific REST API method of Cisco Data Cente TODO: check CVE-2020-3518 (A vulnerability in the web-based management interface of Cisco Data Ce ...) TODO: check -CVE-2020-3517 - RESERVED +CVE-2020-3517 (A vulnerability in the Cisco Fabric Services component of Cisco FXOS S ...) + TODO: check CVE-2020-3516 RESERVED CVE-2020-3515 @@ -47170,8 +47214,8 @@ CVE-2020-3506 (Multiple vulnerabilities in the Cisco Discovery Protocol implemen TODO: check CVE-2020-3505 (A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveil ...) TODO: check -CVE-2020-3504 - RESERVED +CVE-2020-3504 (A vulnerability in the local management (local-mgmt) CLI of Cisco UCS ...) + TODO: check CVE-2020-3503 RESERVED CVE-2020-3502 (Multiple vulnerabilities in the user interface of Cisco Webex Meetings ...) @@ -47273,8 +47317,8 @@ CVE-2020-3456 RESERVED CVE-2020-3455 RESERVED -CVE-2020-3454 - RESERVED +CVE-2020-3454 (A vulnerability in the Call Home feature of Cisco NX-OS Software could ...) + TODO: check CVE-2020-3453 RESERVED CVE-2020-3452 (A vulnerability in the web services interface of Cisco Adaptive Securi ...) @@ -47351,8 +47395,8 @@ CVE-2020-3417 RESERVED CVE-2020-3416 RESERVED -CVE-2020-3415 - RESERVED +CVE-2020-3415 (A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Sof ...) + TODO: check CVE-2020-3414 RESERVED CVE-2020-3413 (A vulnerability in the scheduled meeting template feature of Cisco Web ...) @@ -47385,16 +47429,16 @@ CVE-2020-3400 RESERVED CVE-2020-3399 RESERVED -CVE-2020-3398 - RESERVED -CVE-2020-3397 - RESERVED +CVE-2020-3398 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...) + TODO: check +CVE-2020-3397 (A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MV ...) + TODO: check CVE-2020-3396 RESERVED CVE-2020-3395 RESERVED -CVE-2020-3394 - RESERVED +CVE-2020-3394 (A vulnerability in the Enable Secret feature of Cisco Nexus 3000 Serie ...) + TODO: check CVE-2020-3393 RESERVED CVE-2020-3392 @@ -47512,8 +47556,8 @@ CVE-2020-3340 (Multiple vulnerabilities in the web-based management interface of NOT-FOR-US: Cisco CVE-2020-3339 (A vulnerability in the web-based management interface of Cisco Prime I ...) NOT-FOR-US: Cisco -CVE-2020-3338 - RESERVED +CVE-2020-3338 (A vulnerability in the Protocol Independent Multicast (PIM) feature fo ...) + TODO: check CVE-2020-3337 (A vulnerability in the web server of Cisco Umbrella could allow an una ...) NOT-FOR-US: Cisco CVE-2020-3336 (A vulnerability in the software upgrade process of Cisco TelePresence ...) |