diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-19 20:10:27 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-19 20:10:27 +0000 |
commit | b7c54778e621c031016d81415dd872e54572fa1a (patch) | |
tree | 33a734bc4724e4061bbeb238856a72c08562f9f7 /data/CVE | |
parent | 234e7ced37e7d2e6ede42bec9d69b467888794a8 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2012.list | 14 | ||||
-rw-r--r-- | data/CVE/2013.list | 2 | ||||
-rw-r--r-- | data/CVE/2014.list | 13 | ||||
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 9 | ||||
-rw-r--r-- | data/CVE/2019.list | 32 | ||||
-rw-r--r-- | data/CVE/2020.list | 61 |
7 files changed, 76 insertions, 57 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 75bb7dd7a0..e063a4cffd 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -150,8 +150,7 @@ CVE-2012-XXXX [Insufficient validation of USB device descriptors] [squeeze] - oss4 <no-dsa> (Minor issue) CVE-2012-6686 REJECTED -CVE-2012-6685 [ruby-nokogiri XXE] - RESERVED +CVE-2012-6685 (Nokogiri before 1.5.4 is vulnerable to XXE attacks ...) {DLA-229-1} - ruby-nokogiri 1.5.4-1 (low) - libnokogiri-ruby <removed> @@ -326,8 +325,8 @@ CVE-2012-6616 (The mov_text_decode_frame function in libavcodec/movtextdec.c in CVE-2012-6615 (The ff_ass_split_override_codes function in libavcodec/ass_split.c in ...) - libav <not-affected> (Vulnerable code not present in libav) - ffmpeg <not-affected> (Vulnerable code not present in older ffmpeg) -CVE-2012-6614 - RESERVED +CVE-2012-6614 (D-Link DSR-250N devices before 1.08B31 allow remote authenticated user ...) + TODO: check CVE-2012-6613 (D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent Root ...) NOT-FOR-US: D-Link CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in A ...) @@ -11938,8 +11937,8 @@ CVE-2012-1934 (SQL injection vulnerability in admin/country/edit.php in Newscoop - newscoop <itp> (bug #604113) CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x b ...) - newscoop <itp> (bug #604113) -CVE-2012-1932 - RESERVED +CVE-2012-1932 (A cross-site scripting (XSS) vulnerability in Wolf CMS 0.75 and earlie ...) + TODO: check CVE-2012-1931 (Opera before 11.62 on UNIX, when used in conjunction with an unspecifi ...) NOT-FOR-US: Opera CVE-2012-1930 (Opera before 11.62 on UNIX uses world-readable permissions for tempora ...) @@ -16390,8 +16389,7 @@ CVE-2012-0056 (The mem_write function in the Linux kernel before 3.2.2, when ASL [squeeze] - linux-2.6 <not-affected> (introduced in 2.6.39) [lenny] - linux-2.6 <not-affected> (introduced in 2.6.39) NOTE: fix is http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc (queued for 3.3) -CVE-2012-0055 - RESERVED +CVE-2012-0055 (OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10 ...) NOT-FOR-US: overlayfs is not (yet) in the Debian kernel CVE-2012-0054 (libs/updater.py in GoLismero 0.6.3, and other versions before Git revi ...) NOT-FOR-US: golismero not in Debian diff --git a/data/CVE/2013.list b/data/CVE/2013.list index af8f1f46a2..baf06377a3 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -5180,7 +5180,7 @@ CVE-2013-5583 (Cross-site scripting (XSS) vulnerability in libraries/idna_conver CVE-2013-5582 (Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory loc ...) NOT-FOR-US: Ammyy Admin CVE-2013-5581 - RESERVED + REJECTED NOT-FOR-US: Ammyy Admin CVE-2013-5579 RESERVED diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 7310ba7ce7..9787f2ae0c 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -17380,8 +17380,7 @@ CVE-2014-3624 (Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers NOTE: https://issues.apache.org/jira/browse/TS-2677 CVE-2014-3623 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF ...) NOT-FOR-US: Apache CXF -CVE-2014-3622 [Posthandler Potential Illegal efree() vulnerability] - RESERVED +CVE-2014-3622 (Use-after-free vulnerability in the add_post_var function in the Posth ...) - php5 5.6.1+dfsg-1 (unimportant) NOTE: Not exploitable NOTE: https://bugs.php.net/bug.php?id=68088 @@ -17935,6 +17934,7 @@ CVE-2014-3490 (RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in CVE-2014-3489 (lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine ( ...) NOT-FOR-US: Red Hat CloudForms Management Engine CVE-2014-3488 (The SslHandler in Netty before 3.9.2 allows remote attackers to cause ...) + {DLA-2110-1} - netty <not-affected> (Introduced in 3.9.0) - netty-3.9 3.9.9.Final-1 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1107983 says only affects @@ -19990,8 +19990,8 @@ CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektro NOT-FOR-US: Ektron Web Content Management System CVE-2014-2728 RESERVED -CVE-2014-2727 - RESERVED +CVE-2014-2727 (The STARTTLS implementation in MailMarshal before 7.2 allows plaintext ...) + TODO: check CVE-2014-1985 (Open redirect vulnerability in the redirect_back_or_default function i ...) - redmine 2.5.1-1 (bug #743828) [squeeze] - redmine <end-of-life> (Redmine not supported because of rails) @@ -21266,8 +21266,8 @@ CVE-2014-2230 (Open redirect vulnerability in the header function in adclick.php NOT-FOR-US: OpenX CVE-2014-2229 RESERVED -CVE-2014-2228 - RESERVED +CVE-2014-2228 (The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote a ...) + TODO: check CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Ne ...) NOT-FOR-US: Ubiquiti Networks CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative passwor ...) @@ -26106,6 +26106,7 @@ CVE-2014-0195 (The dtls1_reassemble_fragment function in d1_both.c in OpenSSL be CVE-2014-0194 REJECTED CVE-2014-0193 (WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before 3.7. ...) + {DLA-2110-1} - netty <not-affected> (WebSocket08FrameDecoder function not present; bug #746639) - netty-3.9 3.9.9.Final-1 NOTE: https://github.com/netty/netty/commit/48edb7802b42b0e2eb5a55d8eca390e0c9066783 diff --git a/data/CVE/2015.list b/data/CVE/2015.list index c5d4cf27e4..af86381be9 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -21316,7 +21316,7 @@ CVE-2015-2106 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmw CVE-2015-2105 RESERVED CVE-2015-2104 - RESERVED + REJECTED CVE-2015-2103 (Cross-site scripting (XSS) vulnerability in the admin-login panel (adm ...) NOT-FOR-US: Cosmoshop CVE-2015-2102 (SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2. ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index f6dbc5052c..7c70c54fda 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -14531,8 +14531,7 @@ CVE-2016-1000110 (The CGIHandler class in Python before 2.7.12 does not protect NOTE: No part of Python does set HTTP_PROXY based on a Proxy: header, the Python bug NOTE: just provides a hardening to discard HTTP_PROXY if it thinks a Python script is NOTE: running as a CGI script -CVE-2016-1000109 - RESERVED +CVE-2016-1000109 (HHVM does not attempt to address RFC 3875 section 4.1.18 namespace con ...) - hhvm 3.12.11+dfsg-1 (unimportant) CVE-2016-1000107 (inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1 ...) - erlang <unfixed> (unimportant) @@ -14825,11 +14824,9 @@ CVE-2016-1000008 RESERVED CVE-2016-1000006 (hhvm before 3.12.11 has a use-after-free in the serialize_memoize_para ...) - hhvm 3.12.11+dfsg-1 -CVE-2016-1000005 - RESERVED +CVE-2016-1000005 (mcrypt_get_block_size did not enforce that the provided "module" param ...) - hhvm 3.12.11+dfsg-1 -CVE-2016-1000004 - RESERVED +CVE-2016-1000004 (Insufficient type checks were employed prior to casting input data in ...) - hhvm 3.12.11+dfsg-1 CVE-2016-6173 (NSD before 4.1.11 allows remote DNS master servers to cause a denial o ...) - nsd 4.1.11-1 (unimportant; bug #830806) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 47611bbfaa..908985ea84 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -73,6 +73,7 @@ CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file wit NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515 NOTE: https://gitlab.gnome.org/GNOME/librsvg/commit/572f95f739529b865e2717664d6fefcef9493135 CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...) + {DLA-2110-1 DLA-2109-1} - netty <unfixed> (bug #950967) - netty-3.9 <removed> NOTE: https://github.com/netty/netty/issues/9861 @@ -80,6 +81,7 @@ CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-L NOTE: https://github.com/netty/netty/commit/629034624626b722128e0fcc6b3ec9d406cb3706 (4.1) NOTE: https://github.com/netty/netty/commit/5f68897880467c00f29495b0aa46ed19bf7a873c (tests) CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...) + {DLA-2110-1 DLA-2109-1} - netty <unfixed> (bug #950966) - netty-3.9 <removed> NOTE: https://github.com/netty/netty/issues/9866 @@ -7851,8 +7853,8 @@ CVE-2019-17335 (The Data access layer component of TIBCO Software Inc.'s TIBCO S NOT-FOR-US: TIBCO CVE-2019-17334 (The Visualizations component of TIBCO Software Inc.'s TIBCO Spotfire A ...) NOT-FOR-US: TIBCO -CVE-2019-17333 - RESERVED +CVE-2019-17333 (The Web server component of TIBCO Software Inc.'s TIBCO EBX contains a ...) + TODO: check CVE-2019-17332 (The Digital Asset Manager Web Interface component of TIBCO Software In ...) NOT-FOR-US: TIBCO CVE-2019-17331 (The Data Exchange Web Interface component of TIBCO Software Inc.'s TIB ...) @@ -9020,7 +9022,7 @@ CVE-2019-16871 (Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff CVE-2019-16870 RESERVED CVE-2019-16869 (Netty before 4.1.42.Final mishandles whitespace before the colon in HT ...) - {DSA-4597-1 DLA-1941-1} + {DSA-4597-1 DLA-2110-1 DLA-1941-1} - netty 1:4.1.33-2 (bug #941266) - netty-3.9 <removed> NOTE: https://github.com/netty/netty/issues/9571 @@ -20658,8 +20660,8 @@ CVE-2019-12440 (The Sitecore Rocks plugin before 2.1.149 for Sitecore allows an NOT-FOR-US: Sitecore CMS CVE-2019-12438 RESERVED -CVE-2019-12437 - RESERVED +CVE-2019-12437 (In SilverStripe through 4.3.3, the previous fix for SS-2018-007 does n ...) + TODO: check CVE-2019-12436 (Samba 4.10.x before 4.10.5 has a NULL pointer dereference, leading to ...) - samba <not-affected> (Only affects Samba since 4.10.0) NOTE: https://www.samba.org/samba/security/CVE-2019-12436.html @@ -21167,8 +21169,8 @@ CVE-2019-12247 (** DISPUTED ** QEMU 3.0.0 has an Integer Overflow because the qg NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg04596.html NOTE: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg05457.html NOTE: Disputed upstream as not beeing exploitable. -CVE-2019-12246 - RESERVED +CVE-2019-12246 (SilverStripe through 4.3.3 allows a Denial of Service on flush and dev ...) + TODO: check CVE-2019-12245 (SilverStripe through 4.3.3 has incorrect access control for protected ...) NOT-FOR-US: SilverStripe CVE-2019-12244 @@ -25167,8 +25169,8 @@ CVE-2019-10799 RESERVED CVE-2019-10798 RESERVED -CVE-2019-10797 - RESERVED +CVE-2019-10797 (Netty in WSO2 transport-http before v6.3.1 is vulnerable to HTTP Respo ...) + TODO: check CVE-2019-10796 RESERVED CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...) @@ -41586,8 +41588,8 @@ CVE-2019-4642 RESERVED CVE-2019-4641 RESERVED -CVE-2019-4640 - RESERVED +CVE-2019-4640 (IBM Security Secret Server 10.7 processes patches, image backups and o ...) + TODO: check CVE-2019-4639 (IBM Security Secret Server 10.7 uses weaker than expected cryptographi ...) NOT-FOR-US: IBM CVE-2019-4638 (IBM Security Secret Server 10.7 does not set the secure attribute on a ...) @@ -41952,8 +41954,8 @@ CVE-2019-4459 (IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 NOT-FOR-US: IBM CVE-2019-4458 RESERVED -CVE-2019-4457 - RESERVED +CVE-2019-4457 (IBM Jazz Foundation 6.0, 6.0.1, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, and ...) + TODO: check CVE-2019-4456 (IBM Daeja ViewONE Professional, Standard & Virtual 5.0.5 and 5.0.6 ...) NOT-FOR-US: IBM CVE-2019-4455 @@ -42008,8 +42010,8 @@ CVE-2019-4431 (IBM Rational Publishing Engine 6.0.6 and 6.0.6.1 is vulnerable to NOT-FOR-US: IBM CVE-2019-4430 (IBM Maximo Asset Management 7.6 could allow a remote attacker to trave ...) NOT-FOR-US: IBM -CVE-2019-4429 - RESERVED +CVE-2019-4429 (IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to cross-sit ...) + TODO: check CVE-2019-4428 (IBM Watson Assistant for IBM Cloud Pak for Data 1.0.0 through 1.3.0 is ...) NOT-FOR-US: IBM CVE-2019-4427 (IBM Cloud CLI 0.6.0 through 0.16.1 windows installers are signed using ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c050c60af6..e58f26ecf7 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,23 @@ +CVE-2020-9295 + RESERVED +CVE-2020-9294 + RESERVED +CVE-2020-9293 + RESERVED +CVE-2020-9292 + RESERVED +CVE-2020-9291 + RESERVED +CVE-2020-9290 + RESERVED +CVE-2020-9289 + RESERVED +CVE-2020-9288 + RESERVED +CVE-2020-9287 + RESERVED +CVE-2020-9286 + RESERVED CVE-2020-9285 RESERVED CVE-2020-9284 @@ -660,8 +680,8 @@ CVE-2020-8961 RESERVED CVE-2020-8960 RESERVED -CVE-2020-8959 - RESERVED +CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...) + TODO: check CVE-2020-8958 RESERVED CVE-2020-8957 @@ -936,8 +956,8 @@ CVE-2020-8826 RESERVED CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...) NOT-FOR-US: Vanilla Forums -CVE-2020-8824 - RESERVED +CVE-2020-8824 (Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name ...) + TODO: check CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerab ...) NOT-FOR-US: SockJS CVE-2020-8822 (Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices ...) @@ -1760,8 +1780,8 @@ CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible - ossec-hids <itp> (bug #361954) CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids <itp> (bug #361954) -CVE-2020-8441 - RESERVED +CVE-2020-8441 (JYaml through 1.3 allows remote code execution during deserialization ...) + TODO: check CVE-2020-8440 (controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is ...) NOT-FOR-US: Simplejobscript.com SJS CVE-2020-8439 @@ -4242,6 +4262,7 @@ CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow atta CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...) NOT-FOR-US: conversation-watson plugin for WordPress CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...) + {DLA-2110-1 DLA-2109-1} - netty <unfixed> (bug #950967) - netty-3.9 <removed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1796225 @@ -6803,10 +6824,10 @@ CVE-2020-6064 (An exploitable out-of-bounds write vulnerability exists in the un NOT-FOR-US: Accusoft ImageGear CVE-2020-6063 (An exploitable out-of-bounds write vulnerability exists in the uncompr ...) NOT-FOR-US: Accusoft ImageGear -CVE-2020-6062 - RESERVED -CVE-2020-6061 - RESERVED +CVE-2020-6062 (An exploitable denial-of-service vulnerability exists in the way CoTUR ...) + TODO: check +CVE-2020-6061 (An exploitable heap overflow vulnerability exists in the way CoTURN 4. ...) + TODO: check CVE-2020-6060 (A stack buffer overflow vulnerability exists in the way MiniSNMPD vers ...) NOT-FOR-US: MiniSNMPD CVE-2020-6059 (An exploitable out of bounds read vulnerability exists in the way Mini ...) @@ -10544,8 +10565,8 @@ CVE-2020-4232 RESERVED CVE-2020-4231 RESERVED -CVE-2020-4230 - RESERVED +CVE-2020-4230 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.1 ...) + TODO: check CVE-2020-4229 RESERVED CVE-2020-4228 @@ -10596,16 +10617,16 @@ CVE-2020-4206 RESERVED CVE-2020-4205 RESERVED -CVE-2020-4204 - RESERVED +CVE-2020-4204 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) + TODO: check CVE-2020-4203 RESERVED CVE-2020-4202 RESERVED CVE-2020-4201 RESERVED -CVE-2020-4200 - RESERVED +CVE-2020-4200 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5 ...) + TODO: check CVE-2020-4199 RESERVED CVE-2020-4198 @@ -10682,8 +10703,8 @@ CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under sp NOT-FOR-US: IBM CVE-2020-4162 RESERVED -CVE-2020-4161 - RESERVED +CVE-2020-4161 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 ...) + TODO: check CVE-2020-4160 RESERVED CVE-2020-4159 @@ -10734,8 +10755,8 @@ CVE-2020-4137 RESERVED CVE-2020-4136 RESERVED -CVE-2020-4135 - RESERVED +CVE-2020-4135 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) + TODO: check CVE-2020-4134 RESERVED CVE-2020-4133 |