diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-15 08:10:21 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-15 08:10:21 +0000 |
commit | ec00c9524bad503cca9ff36c651acab75ecec33d (patch) | |
tree | 5f7229489e96f06a56c9a5b36aeb273a149789ec /data/CVE | |
parent | 14d0a1632248dd04d76447cd6236c552bee824e7 (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2011.list | 24 | ||||
-rw-r--r-- | data/CVE/2016.list | 4 | ||||
-rw-r--r-- | data/CVE/2017.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 11 | ||||
-rw-r--r-- | data/CVE/2020.list | 216 |
6 files changed, 132 insertions, 129 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index a65194a6f4..9e40545852 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -5345,11 +5345,9 @@ CVE-2011-3204 (hammerhead.cc in Hammerhead 2.1.4 allows local users to write to [lenny] - hammerhead <no-dsa> (Minor issue) [squeeze] - hammerhead <no-dsa> (Minor issue) NOTE: https://launchpad.net/bugs/826679 -CVE-2011-3203 [Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution] - RESERVED +CVE-2011-3203 (A Code Execution vulnerability exists the attachment parameter to inde ...) NOT-FOR-US: Jcow -CVE-2011-3202 [Jcow CMS 4.2 <= | Cross Site Scripting] - RESERVED +CVE-2011-3202 (A Cross-Site Scripting (XSS) vulnerability exists in the g parameter t ...) NOT-FOR-US: Jcow CVE-2011-3201 (GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...) - evolution <unfixed> (unimportant) @@ -5411,8 +5409,7 @@ CVE-2011-3185 (gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assiste CVE-2011-3184 (The msn_httpconn_parse_data function in httpconn.c in the MSN protocol ...) - pidgin 2.10.0-1 (unimportant) NOTE: Only exploitable by a malicious MSN server to crash the client -CVE-2011-3183 - RESERVED +CVE-2011-3183 (A Cross-Site Scripting (XSS) vulnerability exists in the rcID paramete ...) NOT-FOR-US: Concrete CMS CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the mall ...) {DSA-2408-1} @@ -6220,11 +6217,9 @@ CVE-2011-2936 (Elgg through 1.7.10 has a SQL injection vulnerability ...) - elgg <itp> (bug #526197) CVE-2011-2935 (Elgg through 1.7.10 has XSS ...) - elgg <itp> (bug #526197) -CVE-2011-2934 - RESERVED +CVE-2011-2934 (A Cross Site Request Forgery (CSRF) vulnerability exists in the admini ...) NOT-FOR-US: WebsiteBaker -CVE-2011-2933 - RESERVED +CVE-2011-2933 (An Arbitrary File Upload vulnerability exists in admin/media/upload.ph ...) NOT-FOR-US: WebsiteBaker CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in activesupport/lib/active_s ...) {DSA-2655-1} @@ -6922,11 +6917,9 @@ CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote D - busybox 1:1.20.0-3 (unimportant; bug #635548) NOTE: the default action script of busybox is not vulnerable to this attack NOTE: fixed in 1.20 (experimental). default script in udeb may be vulnerable. -CVE-2011-2715 - RESERVED +CVE-2011-2715 (An SQL Injection vulnerability exists in Drupal 6.20 with Data 6.x-1.0 ...) NOT-FOR-US: Drupal data module -CVE-2011-2714 - RESERVED +CVE-2011-2714 (A Cross-Site Scripting vulnerability exists in Drupal 6.20 with Data 6 ...) NOT-FOR-US: Drupal data module CVE-2011-2713 (oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows u ...) {DSA-2315-1} @@ -6948,8 +6941,7 @@ CVE-2011-2708 REJECTED CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the Lin ...) - linux-2.6 <not-affected> (xtensa arch not used in Debian) -CVE-2011-2706 - RESERVED +CVE-2011-2706 (A Cross-Site Scripting (XSS) vulnerability exists in the reorder admin ...) NOT-FOR-US: sNews CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby ...) {DLA-235-1 DLA-88-1} diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 30b2f67000..ffedbea523 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -13220,8 +13220,8 @@ CVE-2016-6594 (Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 NOT-FOR-US: Blue Coat CVE-2016-6593 (A code-execution vulnerability exists during startup in jhi.dll and ot ...) NOT-FOR-US: Symantec VIP Access -CVE-2016-6592 - RESERVED +CVE-2016-6592 (A vulnerability was found in Symantec Norton Download Manager versions ...) + TODO: check CVE-2016-6591 (A security bypass vulnerability exists in Symantec Norton App Lock 1.0 ...) NOT-FOR-US: Symantec CVE-2016-6590 (A privilege escalation vulnerability exists when loading DLLs during b ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index 3cd74b2a9c..22762bf867 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -37578,7 +37578,7 @@ CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphi CVE-2017-5716 REJECTED CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and indir ...) - {DSA-4213-1 DSA-4188-1 DSA-4187-1 DLA-1497-1 DLA-1422-1 DLA-1369-1} + {DSA-4213-1 DSA-4201-1 DSA-4188-1 DSA-4187-1 DLA-1497-1 DLA-1422-1 DLA-1369-1} - linux 4.15.11-1 - intel-microcode 3.20180425.1 [stretch] - intel-microcode 3.20180425.1~deb9u1 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 059f9ad3f3..d426fb741a 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -3539,8 +3539,8 @@ CVE-2018-19876 (cairo 1.16.0, in cairo_ft_apply_variations() in cairo-ft-font.c, NOTE: and became vulnerable with freetype 2.9 which allows to define a different allocator. Partially NOTE: fixed in https://gitlab.freedesktop.org/cairo/cairo/commit/c3659d7ef662b55949307ece7b1f613a7dc32620 NOTE: https://gitlab.freedesktop.org/cairo/cairo/commit/90e85c2493fdfa3551f202ff10282463f1e36645 -CVE-2018-1002104 - RESERVED +CVE-2018-1002104 (Versions < 1.5 of the Kubernetes ingress default backend, which han ...) + TODO: check CVE-2018-1002103 (In Minikube versions 0.3.0-0.29.0, minikube exposes the Kubernetes Das ...) NOT-FOR-US: minikube CVE-2018-1002102 (Improper validation of URL redirection in the Kubernetes API server in ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 70add1891a..29e4cd821b 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -7777,9 +7777,9 @@ CVE-2019-17152 CVE-2019-17151 (This vulnerability allows remote attackers redirect users to an extern ...) NOT-FOR-US: Tencent WeChat CVE-2019-17150 - RESERVED + REJECTED CVE-2019-17149 - RESERVED + REJECTED CVE-2019-17148 (This vulnerability allows local attackers to escalate privileges on af ...) NOT-FOR-US: Parallels CVE-2019-17147 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -8737,8 +8737,8 @@ CVE-2019-16785 (Waitress through version 1.3.1 implemented a "MAY" part of the R [jessie] - waitress <no-dsa> (Minor issue) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-pg36-wpm5-g57p NOTE: https://github.com/Pylons/waitress/commit/8eba394ad75deaf9e5cd15b78a3d16b12e6b0eba -CVE-2019-16784 - RESERVED +CVE-2019-16784 (In PyInstaller before version 3.6, only on Windows, a local privilege ...) + TODO: check CVE-2019-16783 RESERVED CVE-2019-16782 (There's a possible information leak / session hijack vulnerability in ...) @@ -46194,7 +46194,8 @@ CVE-2019-2226 (In device_class_to_int of device_class.cc, there is a possible ou NOT-FOR-US: Android CVE-2019-2225 (When pairing with a Bluetooth device, it may be possible to pair a mal ...) NOT-FOR-US: Android -CVE-2019-2224 (In ReadMATImage of mat.c, there is a possible out of bounds write due ...) +CVE-2019-2224 + REJECTED NOTE: Duplicate of CVE-2019-15140, reported to MITRE CVE-2019-2223 (In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bo ...) NOT-FOR-US: Android Media Framework diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 19ba7221c1..38efec4bb8 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,4 +1,14 @@ -CVE-2020-7053 [drm/i915: Fix use-after-free when destroying GEM context] +CVE-2020-7058 (** DISPUTED ** data_input.php in Cacti 1.2.8 allows remote code execut ...) + TODO: check +CVE-2020-7057 (Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a d ...) + TODO: check +CVE-2020-7056 + RESERVED +CVE-2020-7055 + RESERVED +CVE-2020-7054 (MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in li ...) + TODO: check +CVE-2020-7053 (In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm t ...) - linux 5.2.6-1 NOTE: https://lore.kernel.org/stable/20200114183937.12224-1-tyhicks@canonical.com/ CVE-2020-7052 @@ -3156,10 +3166,10 @@ CVE-2020-5504 (In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection ex NOTE: https://www.phpmyadmin.net/security/PMASA-2020-1/ CVE-2020-5503 RESERVED -CVE-2020-5502 - RESERVED -CVE-2020-5501 - RESERVED +CVE-2020-5502 (phpBB 3.2.8 allows a CSRF attack that can approve pending group member ...) + TODO: check +CVE-2020-5501 (phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. ...) + TODO: check CVE-2020-5500 RESERVED CVE-2020-5499 (Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non ...) @@ -12980,118 +12990,118 @@ CVE-2020-0658 RESERVED CVE-2020-0657 RESERVED -CVE-2020-0656 - RESERVED +CVE-2020-0656 (A cross site scripting vulnerability exists when Microsoft Dynamics 36 ...) + TODO: check CVE-2020-0655 RESERVED -CVE-2020-0654 - RESERVED -CVE-2020-0653 - RESERVED -CVE-2020-0652 - RESERVED -CVE-2020-0651 - RESERVED -CVE-2020-0650 - RESERVED +CVE-2020-0654 (A security feature bypass vulnerability exists in Microsoft OneDrive A ...) + TODO: check +CVE-2020-0653 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) + TODO: check +CVE-2020-0652 (A remote code execution vulnerability exists in Microsoft Office softw ...) + TODO: check +CVE-2020-0651 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) + TODO: check +CVE-2020-0650 (A remote code execution vulnerability exists in Microsoft Excel softwa ...) + TODO: check CVE-2020-0649 RESERVED CVE-2020-0648 RESERVED -CVE-2020-0647 - RESERVED -CVE-2020-0646 - RESERVED +CVE-2020-0647 (A spoofing vulnerability exists when Office Online does not validate o ...) + TODO: check +CVE-2020-0646 (A remote code execution vulnerability exists when the Microsoft .NET F ...) + TODO: check CVE-2020-0645 RESERVED -CVE-2020-0644 - RESERVED -CVE-2020-0643 - RESERVED -CVE-2020-0642 - RESERVED -CVE-2020-0641 - RESERVED -CVE-2020-0640 - RESERVED -CVE-2020-0639 - RESERVED -CVE-2020-0638 - RESERVED -CVE-2020-0637 - RESERVED -CVE-2020-0636 - RESERVED -CVE-2020-0635 - RESERVED -CVE-2020-0634 - RESERVED -CVE-2020-0633 - RESERVED -CVE-2020-0632 - RESERVED -CVE-2020-0631 - RESERVED -CVE-2020-0630 - RESERVED -CVE-2020-0629 - RESERVED -CVE-2020-0628 - RESERVED -CVE-2020-0627 - RESERVED -CVE-2020-0626 - RESERVED -CVE-2020-0625 - RESERVED -CVE-2020-0624 - RESERVED -CVE-2020-0623 - RESERVED -CVE-2020-0622 - RESERVED -CVE-2020-0621 - RESERVED -CVE-2020-0620 - RESERVED +CVE-2020-0644 (An elevation of privilege vulnerability exists when Microsoft Windows ...) + TODO: check +CVE-2020-0643 (An information disclosure vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0642 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2020-0641 (An elevation of privilege vulnerability exists in Windows Media Servic ...) + TODO: check +CVE-2020-0640 (A remote code execution vulnerability exists when Internet Explorer im ...) + TODO: check +CVE-2020-0639 (An information disclosure vulnerability exists in the Windows Common L ...) + TODO: check +CVE-2020-0638 (An elevation of privilege vulnerability exists in the way the Update N ...) + TODO: check +CVE-2020-0637 (An information disclosure vulnerability exists when Remote Desktop Web ...) + TODO: check +CVE-2020-0636 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0635 (An elevation of privilege vulnerability exists in Microsoft Windows wh ...) + TODO: check +CVE-2020-0634 (An elevation of privilege vulnerability exists when the Windows Common ...) + TODO: check +CVE-2020-0633 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0632 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0631 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0630 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0629 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0628 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0627 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0626 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0625 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0624 (An elevation of privilege vulnerability exists in Windows when the Win ...) + TODO: check +CVE-2020-0623 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0622 (An information disclosure vulnerability exists when the Microsoft Wind ...) + TODO: check +CVE-2020-0621 (A security feature bypass vulnerability exists in Windows 10 when thir ...) + TODO: check +CVE-2020-0620 (An elevation of privilege vulnerability exists when Microsoft Cryptogr ...) + TODO: check CVE-2020-0619 RESERVED CVE-2020-0618 RESERVED -CVE-2020-0617 - RESERVED -CVE-2020-0616 - RESERVED -CVE-2020-0615 - RESERVED -CVE-2020-0614 - RESERVED -CVE-2020-0613 - RESERVED -CVE-2020-0612 - RESERVED -CVE-2020-0611 - RESERVED -CVE-2020-0610 - RESERVED -CVE-2020-0609 - RESERVED -CVE-2020-0608 - RESERVED -CVE-2020-0607 - RESERVED -CVE-2020-0606 - RESERVED -CVE-2020-0605 - RESERVED +CVE-2020-0617 (A denial of service vulnerability exists when Microsoft Hyper-V Virtua ...) + TODO: check +CVE-2020-0616 (A denial of service vulnerability exists when Windows improperly handl ...) + TODO: check +CVE-2020-0615 (An information disclosure vulnerability exists in the Windows Common L ...) + TODO: check +CVE-2020-0614 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0613 (An elevation of privilege vulnerability exists in the way that the Win ...) + TODO: check +CVE-2020-0612 (A denial of service vulnerability exists in Windows Remote Desktop Gat ...) + TODO: check +CVE-2020-0611 (A remote code execution vulnerability exists in the Windows Remote Des ...) + TODO: check +CVE-2020-0610 (A remote code execution vulnerability exists in Windows Remote Desktop ...) + TODO: check +CVE-2020-0609 (A remote code execution vulnerability exists in Windows Remote Desktop ...) + TODO: check +CVE-2020-0608 (An information disclosure vulnerability exists when the win32k compone ...) + TODO: check +CVE-2020-0607 (An information disclosure vulnerability exists in the way that Microso ...) + TODO: check +CVE-2020-0606 (A remote code execution vulnerability exists in .NET software when the ...) + TODO: check +CVE-2020-0605 (A remote code execution vulnerability exists in .NET software when the ...) + TODO: check CVE-2020-0604 RESERVED -CVE-2020-0603 - RESERVED -CVE-2020-0602 - RESERVED -CVE-2020-0601 - RESERVED +CVE-2020-0603 (A remote code execution vulnerability exists in ASP.NET Core software ...) + TODO: check +CVE-2020-0602 (A denial of service vulnerability exists when ASP.NET Core improperly ...) + TODO: check +CVE-2020-0601 (A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32. ...) + TODO: check CVE-2020-0600 RESERVED CVE-2020-0599 |