automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-02-10 20:10:29 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-02-10 20:10:29 +0000
commit: e0669c82731a86d937118d1b4e106800bedadf31 (patch)
tree: 2bc262805bd6485e5a318f8f18b16425a0c8c2f0 /data/CVE
parent: 9257a938b8682ef71ca8faffc84cec61ce787a4c (diff)
7 files changed, 91 insertions, 73 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 745c99e4a5..a06610d197 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -192,8 +192,8 @@ CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the Shout
 	NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
 CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte  ...)
 	NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
-CVE-2012-6666
-	RESERVED
+CVE-2012-6666 (vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. ...)
+	TODO: check
 CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4  ...)
 	NOT-FOR-US: phpMoneyBooks
 CVE-2012-6664
@@ -329,8 +329,8 @@ CVE-2012-6613 (D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent
 CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in A ...)
 	{DSA-2963-1}
 	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
-CVE-2012-6611
-	RESERVED
+CVE-2012-6611 (Polycom HDX Video End Points before 3.0 allows attackers to read arbit ...)
+	TODO: check
 CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J al ...)
 	NOT-FOR-US: Polycom HDX Video End Points
 CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video ...)
@@ -742,8 +742,8 @@ CVE-2012-6451 (Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication B
 	NOT-FOR-US: Lorex LNC116 and LNC104 IP Cameras
 CVE-2012-6450
 	RESERVED
-CVE-2012-6449
-	RESERVED
+CVE-2012-6449 (The clientconf.html and detailbw.html pages in x3 in cPanel &amp; WHM  ...)
+	TODO: check
 CVE-2012-6448 (Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 all ...)
 	NOT-FOR-US: cPanel
 CVE-2012-6447 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 ...)
@@ -2283,8 +2283,8 @@ CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent functio
 	- iceweasel 10.0.11esr-1
 	- icedove 10.0.11-1
 	- iceape 2.7.11-1
-CVE-2012-5828
-	RESERVED
+CVE-2012-5828 (BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerabi ...)
+	TODO: check
 CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attack ...)
 	NOT-FOR-US: Joomla!
 CVE-2012-5826
@@ -11188,8 +11188,8 @@ CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Editi
 	NOT-FOR-US: IBM WebSphere MQ File Transfer Edition
 CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7. ...)
 	NOT-FOR-US: IBM Rational ClearQuest
-CVE-2012-2204
-	RESERVED
+CVE-2012-2204 (InfoSphere Guardium aix_ktap module: DoS ...)
+	TODO: check
 CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM R ...)
 	NOT-FOR-US: IBM Global Security Kit
 CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus  ...)
@@ -11694,8 +11694,8 @@ CVE-2012-1996 (Unspecified vulnerability in HP Systems Insight Manager (SIM) bef
 	NOT-FOR-US: HP Systems Insight Manager
 CVE-2012-1995 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...)
 	NOT-FOR-US: HP Systems Insight Manager
-CVE-2012-1994
-	RESERVED
+CVE-2012-1994 (HP Systems Insight Manager before 7.0 allows a remote user on adjacent ...)
+	TODO: check
 CVE-2012-1993 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...)
 	NOT-FOR-US: HP System Management Homepage
 CVE-2012-1992 (Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS  ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index c9d0ee56b2..c8a989b92c 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -14016,11 +14016,9 @@ CVE-2013-2110 (Heap-based buffer overflow in the php_quot_print_encode function
 	[squeeze] - php5 <not-affected> (Vulnerable code not present)
 	NOTE: https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0
 	NOTE: vulnerability introduced with commit http://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629
-CVE-2013-2109
-	RESERVED
+CVE-2013-2109 (WordPress plugin wp-cleanfix has Remote Code Execution ...)
 	NOT-FOR-US: WordPress plugin wp-cleanfix
-CVE-2013-2108
-	RESERVED
+CVE-2013-2108 (WordPress WP Cleanfix Plugin 2.4.4 has CSRF ...)
 	NOT-FOR-US: WordPress plugin wp-cleanfix
 CVE-2013-2107 (Cross-site request forgery (CSRF) vulnerability in the Mail On Update  ...)
 	NOT-FOR-US: WordPress plugin mail-on-update
@@ -16591,8 +16589,8 @@ CVE-2013-1355
 	REJECTED
 CVE-2013-1354
 	RESERVED
-CVE-2013-1353
-	RESERVED
+CVE-2013-1353 (Orange HRM 2.7.1 allows XSS via the vacancy name. ...)
+	TODO: check
 CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a ...)
 	NOT-FOR-US: Verax NMS
 CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted passwo ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 6ce4f68aeb..4353ec75e4 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -13806,14 +13806,14 @@ CVE-2014-5088 (Cross-site scripting (XSS) vulnerability in Status2k allows remot
 	NOT-FOR-US: Status2k
 CVE-2014-5087 (A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to  ...)
 	TODO: check
-CVE-2014-5086
-	RESERVED
-CVE-2014-5085
-	RESERVED
-CVE-2014-5084
-	RESERVED
-CVE-2014-5083
-	RESERVED
+CVE-2014-5086 (A Command Execution vulnerability exists in Sphider Pro, and Sphider P ...)
+	TODO: check
+CVE-2014-5085 (A Command Execution vulnerability exists in Sphider Plus 3.2 due to in ...)
+	TODO: check
+CVE-2014-5084 (A Command Execution vulnerability exists in Sphider Pro 3.2 due to ins ...)
+	TODO: check
+CVE-2014-5083 (A Command Execution vulnerability exists in Sphider before 1.3.6 due t ...)
+	TODO: check
 CVE-2014-5082 (Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1 ...)
 	NOT-FOR-US: Sphider
 CVE-2014-5081 (sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus pri ...)
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index c1a6310a3d..a479b7ce39 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -1,3 +1,5 @@
+CVE-2017-18642
+	RESERVED
 CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext HTTP, a ...)
 	- lxc-templates <unfixed>
 	- lxc 1:3.0.3-1
diff --git a/data/CVE/2018.list b/data/CVE/2018.list
index c0cdb82a5e..3e96350778 100644
--- a/data/CVE/2018.list
+++ b/data/CVE/2018.list
@@ -10704,9 +10704,11 @@ CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka
 	[jessie] - audiofile <postponed> (Can be fixed along in future DLA)
 	NOTE: https://github.com/mpruett/audiofile/issues/50
 	NOTE: https://github.com/mpruett/audiofile/issues/51
-CVE-2018-17094 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL poi ...)
+CVE-2018-17094
+	REJECTED
 	- xar <removed>
-CVE-2018-17093 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL poi ...)
+CVE-2018-17093
+	REJECTED
 	- xar <removed>
 CVE-2018-17092 (An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/p ...)
 	NOT-FOR-US: DonLinkage
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 9cd3b36f47..2f0bc0fbee 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,5 @@
+CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 ...)
+	TODO: check
 CVE-2019-20450
 	RESERVED
 CVE-2019-20449
@@ -971,14 +973,14 @@ CVE-2019-20063 (hdf/dataobject.c in libmysofa before 0.8 has an uninitialized us
 	[buster] - libmysofa 0.6~dfsg0-3+deb10u1
 	NOTE: https://github.com/hoene/libmysofa/issues/67
 	NOTE: https://github.com/hoene/libmysofa/commit/ecb7b743b6f6d47b93a7bc680a60071a0f9524c6
-CVE-2019-20062
-	RESERVED
-CVE-2019-20061
-	RESERVED
-CVE-2019-20060
-	RESERVED
-CVE-2019-20059
-	RESERVED
+CVE-2019-20062 (MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to r ...)
+	TODO: check
+CVE-2019-20061 (The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5 ...)
+	TODO: check
+CVE-2019-20060 (MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information ...)
+	TODO: check
+CVE-2019-20059 (payment_manage.ajax.php and various *_manage.ajax.php in MFScripts Yet ...)
+	TODO: check
 CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS ...)
 	NOT-FOR-US: Bolt CMS
 CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman  ...)
@@ -2048,30 +2050,30 @@ CVE-2019-19672
 	RESERVED
 CVE-2019-19671
 	RESERVED
-CVE-2019-19670
-	RESERVED
-CVE-2019-19669
-	RESERVED
-CVE-2019-19668
-	RESERVED
-CVE-2019-19667
-	RESERVED
-CVE-2019-19666
-	RESERVED
-CVE-2019-19665
-	RESERVED
-CVE-2019-19664
-	RESERVED
-CVE-2019-19663
-	RESERVED
-CVE-2019-19662
-	RESERVED
-CVE-2019-19661
-	RESERVED
-CVE-2019-19660
-	RESERVED
-CVE-2019-19659
-	RESERVED
+CVE-2019-19670 (A HTTP Response Splitting vulnerability was identified in the Web Sett ...)
+	TODO: check
+CVE-2019-19669 (A CSRF vulnerability exists in the Upload Center Forms Component of We ...)
+	TODO: check
+CVE-2019-19668 (A CSRF vulnerability exists in the File Types component of Web File Ma ...)
+	TODO: check
+CVE-2019-19667 (A CSRF vulnerability exists in the Block Clients component of Web File ...)
+	TODO: check
+CVE-2019-19666 (A CSRF vulnerability exists in the Event Notices Settings of Web File  ...)
+	TODO: check
+CVE-2019-19665 (A CSRF vulnerability exists in the FTP Settings of Web File Manager in ...)
+	TODO: check
+CVE-2019-19664 (A CSRF vulnerability exists in the Web Settings of Web File Manager in ...)
+	TODO: check
+CVE-2019-19663 (A CSRF vulnerability exists in the Folder Sets Settings of Web File Ma ...)
+	TODO: check
+CVE-2019-19662 (A CSRF vulnerability exists in the Web File Manager's Create/Delete Ac ...)
+	TODO: check
+CVE-2019-19661 (A Cookie based reflected XSS exists in the Web File Manager of Rumpus  ...)
+	TODO: check
+CVE-2019-19660 (A CSRF vulnerability exists in the Web File Manager's Network Setting  ...)
+	TODO: check
+CVE-2019-19659 (A CSRF vulnerability exists in the Web File Manager's Edit Accounts fu ...)
+	TODO: check
 CVE-2019-19658
 	RESERVED
 CVE-2019-19657
@@ -29130,6 +29132,7 @@ CVE-2019-9660 (Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html
 CVE-2019-9659 (The Chuango 433 MHz burglar-alarm product line uses static codes in th ...)
 	NOT-FOR-US: Chuango
 CVE-2019-10782 (All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulner ...)
+	{DLA-2099-1}
 	- checkstyle 8.29-1
 	[buster] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658 not applied)
 	[stretch] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658 not applied)
@@ -30224,7 +30227,7 @@ CVE-2019-9280 (In keyguard, there is a possible escalation of privilege due to i
 CVE-2019-9279 (In the wifi hotspot service, there is a possible denial of service due ...)
 	NOT-FOR-US: Android
 CVE-2019-9278 (In libexif, there is a possible out of bounds write due to an integer  ...)
-	{DSA-4618-1}
+	{DSA-4618-1 DLA-2100-1}
 	- libexif 0.6.21-6 (bug #945948)
 	NOTE: https://android.googlesource.com/platform/external/libexif/+/a5e8e5812a11ec9686294de8a5d68aaf2ab72475%5E%21/#F0
 	NOTE: https://github.com/libexif/libexif/issues/26
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index b0723ab399..f26f6e93b2 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,19 @@
+CVE-2020-8838
+	RESERVED
+CVE-2020-8837
+	RESERVED
+CVE-2020-8836
+	RESERVED
+CVE-2020-8835
+	RESERVED
+CVE-2020-8834
+	RESERVED
+CVE-2020-8833
+	RESERVED
+CVE-2020-8832
+	RESERVED
+CVE-2020-8831
+	RESERVED
 CVE-2020-8830
 	RESERVED
 CVE-2020-8829
@@ -8,8 +24,8 @@ CVE-2020-8827
 	RESERVED
 CVE-2020-8826
 	RESERVED
-CVE-2020-8825
-	RESERVED
+CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...)
+	TODO: check
 CVE-2020-8824
 	RESERVED
 CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerab ...)
@@ -643,13 +659,13 @@ CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect in
 	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-c62d2b43ad4962ea44aa0c5edb4cc99cb83a413d.patch
 	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch
 	NOTE: Debian binary packages are not build with --enable-external-acl-helpers="[...]LM_group[...".
-CVE-2020-8516 (The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not ...)
+CVE-2020-8516 (** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0 ...)
 	- tor <unfixed> (unimportant)
 	NOTE: Not considered a bug / explicit design choice by upstream
 	NOTE: https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html
 	NOTE: https://trac.torproject.org/projects/tor/ticket/33129
 	NOTE: http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html
-CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and Vigor300B 1.3. ...)
+CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3. ...)
 	NOT-FOR-US: DrayTek devices
 CVE-2020-8514 (An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a direc ...)
 	NOT-FOR-US: Rumpus on macOS
@@ -1539,8 +1555,8 @@ CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could al
 	NOT-FOR-US: TYPO3
 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB  ...)
 	NOT-FOR-US: A1 WLAN Box ADB VV2220v2 devices
-CVE-2020-8089
-	RESERVED
+CVE-2020-8089 (Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to th ...)
+	TODO: check
 CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login bypass  ...)
 	NOT-FOR-US: UseBB
 CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...)
@@ -3671,16 +3687,14 @@ CVE-2020-7062
 	RESERVED
 CVE-2020-7061
 	RESERVED
-CVE-2020-7060 [Global buffer-overflow in mbfl_filt_conv_big5_wchar function]
-	RESERVED
+CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings,  ...)
 	- php7.4 7.4.2-7
 	- php7.3 <unfixed>
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
 	NOTE: PHP Bug: http://bugs.php.net/79037
-CVE-2020-7059 [Out of bounds read in php_strip_tags_ex]
-	RESERVED
+CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP  ...)
 	- php7.4 7.4.2-7
 	- php7.3 <unfixed>
 	- php7.0 <removed>
@@ -14784,8 +14798,7 @@ CVE-2020-1699 [improper URL checking leads to information disclosure]
 	NOTE: https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158
 CVE-2020-1698
 	RESERVED
-CVE-2020-1697
-	RESERVED
+CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to exter ...)
 	NOT-FOR-US: Keycloak
 CVE-2020-1696
 	RESERVED
author	security tracker role <sectracker@soriano.debian.org>	2020-02-10 20:10:29 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-02-10 20:10:29 +0000
commit	e0669c82731a86d937118d1b4e106800bedadf31 (patch)
tree	2bc262805bd6485e5a318f8f18b16425a0c8c2f0 /data/CVE
parent	9257a938b8682ef71ca8faffc84cec61ce787a4c (diff)