diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-23 20:10:20 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-23 20:10:20 +0000 |
commit | f2b7b69bc94391b950add273f256b7c2cfca5b1a (patch) | |
tree | 1e72d419f284b88f15bb40c049c63efdbfb78d4c /data/CVE | |
parent | 6059642c8877a24f73804e774c3de9489095719f (diff) |
automatic update
Diffstat (limited to 'data/CVE')
-rw-r--r-- | data/CVE/2007.list | 4 | ||||
-rw-r--r-- | data/CVE/2008.list | 4 | ||||
-rw-r--r-- | data/CVE/2010.list | 2 | ||||
-rw-r--r-- | data/CVE/2012.list | 34 | ||||
-rw-r--r-- | data/CVE/2013.list | 30 | ||||
-rw-r--r-- | data/CVE/2014.list | 10 | ||||
-rw-r--r-- | data/CVE/2015.list | 3 | ||||
-rw-r--r-- | data/CVE/2016.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 121 | ||||
-rw-r--r-- | data/CVE/2020.list | 40 |
10 files changed, 156 insertions, 96 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 7d70caaa67..5803fcdf2b 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -10,8 +10,8 @@ CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmw NOT-FOR-US: Dataprobe iBootBar CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released firmwa ...) NOT-FOR-US: Dataprobe iBootBar -CVE-2007-6758 - RESERVED +CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in feed-proxy.php in ...) + TODO: check CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse! ...) NOT-FOR-US: GE Healthcare Centricity DMS CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a d ...) diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 620a88c5ce..bf293554cd 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -26,8 +26,8 @@ CVE-2008-7315 (UI-Dialog 1.09 and earlier allows remote attackers to execute arb [squeeze] - libui-dialog-perl <no-dsa> (Minor issue) NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=107364 NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/2 -CVE-2008-7314 - RESERVED +CVE-2008-7314 (mIRC before 6.35 allows attackers to cause a denial of service (crash) ...) + TODO: check CVE-2008-7313 (The _httpsrequest function in Snoopy allows remote attackers to execut ...) {DSA-3248-1 DLA-357-1} - libphp-snoopy 2.0.0-1 (bug #778634) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index ac0b88e3c1..7086c5c31e 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -5122,7 +5122,7 @@ CVE-2010-3296 (The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main {DSA-2126-1} - linux-2.6 2.6.32-24 CVE-2010-3295 [drivers/net/tulip/de4x5.c: reading uninitialized stack memory] - RESERVED + REJECTED NOTE: assigned to linux-2.6, but claimed not a problem: http://www.openwall.com/lists/oss-security/2010/09/15/2 NOTE: will probably get rejected CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x throug ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 73d2b5edf4..57df4c8459 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1611,8 +1611,7 @@ CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybd - ircd-ratbox 3.0.7.dfsg-3 (bug #697093) NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1 NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2 -CVE-2012-6083 - RESERVED +CVE-2012-6083 (Freeciv before 2.3.3 allows remote attackers to cause a denial of serv ...) - freeciv 2.3.4-1 (low; bug #696306) [squeeze] - freeciv <no-dsa> (Minor issue) [wheezy] - freeciv 2.3.2-1+deb7u1 @@ -2163,8 +2162,8 @@ CVE-2012-5869 CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upo ...) - wordpress <unfixed> (unimportant; bug #696868) NOTE: non-issue, see https://wordpress.org/support/topic/old-bug-cve-2012-5868 -CVE-2012-5867 - RESERVED +CVE-2012-5867 (HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability ...) + TODO: check CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4 ...) NOT-FOR-US: Achievo CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows re ...) @@ -2557,10 +2556,10 @@ CVE-2012-5701 (Multiple SQL injection vulnerabilities in dotProject before 2.1.7 NOT-FOR-US: dotProject CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko befo ...) NOT-FOR-US: Baby Gekko -CVE-2012-5699 - RESERVED -CVE-2012-5698 - RESERVED +CVE-2012-5699 (BabyGekko before 1.2.4 allows PHP file inclusion. ...) + TODO: check +CVE-2012-5698 (BabyGekko before 1.2.4 has SQL injection. ...) + TODO: check CVE-2012-5979 REJECTED CVE-2012-5697 (The btinstall installation script in Bulb Security Smartphone Pentest ...) @@ -2770,8 +2769,7 @@ CVE-2012-5627 (Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12 - mysql-5.5 <removed> (unimportant) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719 NOTE: https://mariadb.atlassian.net/browse/MDEV-3915 -CVE-2012-5626 - RESERVED +CVE-2012-5626 (EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Applicati ...) - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when usin ...) - nova <not-affected> (Only affects OpenStack Folsom, bug #695830) @@ -4320,8 +4318,8 @@ CVE-2012-4983 (Multiple cross-site scripting (XSS) vulnerabilities on the Foresc NOT-FOR-US: Forescout device CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout CounterAC ...) NOT-FOR-US: Forescout device -CVE-2012-4981 - RESERVED +CVE-2012-4981 (Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vuln ...) + TODO: check CVE-2012-4980 (Multiple stack-based buffer overflows in CFProfile.exe in Toshiba Conf ...) NOT-FOR-US: Toshiba ConfigFree Utility CVE-2012-4979 @@ -4501,8 +4499,8 @@ CVE-2012-4902 (Multiple cross-site request forgery (CSRF) vulnerabilities in Tem NOT-FOR-US: Template CMS (http://template-cms.ru) CVE-2012-4901 (Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and ear ...) NOT-FOR-US: Template CMS (http://template-cms.ru) -CVE-2012-4900 - RESERVED +CVE-2012-4900 (Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via unt ...) + TODO: check CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak password-hashing alg ...) NOT-FOR-US: WellinTech KingView CVE-2012-4898 (Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a ...) @@ -4578,8 +4576,8 @@ CVE-2012-4865 (Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers NOT-FOR-US: Oreans Themida CVE-2012-4864 (Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Oreans WinLicense -CVE-2012-4863 - RESERVED +CVE-2012-4863 (IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability ...) + TODO: check CVE-2012-4862 (The Host Connect emulator in IBM Rational Developer for System z 7.1 t ...) NOT-FOR-US: IBM Rational CVE-2012-4861 (The web server in InfoSphere Data Replication Dashboard in IBM InfoSph ...) @@ -11513,8 +11511,8 @@ CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in tif {DSA-2552-1} - tiff 4.0-1 (bug #678140) - tiff3 3.9.6-6 -CVE-2012-2087 - RESERVED +CVE-2012-2087 (ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entir ...) + TODO: check CVE-2012-2086 (SQL injection vulnerability in the get_last_conversation_lines functio ...) {DSA-2453-2 DSA-2453-1} - gajim 0.15-1 (low; bug #668038) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index f06ed7305f..c01063ab96 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1976,8 +1976,8 @@ CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module i NOT-FOR-US: Olat CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar mo ...) NOT-FOR-US: Olat -CVE-2013-6792 - RESERVED +CVE-2013-6792 (Google Android prior to 4.4 has an APK Signature Security Bypass Vulne ...) + TODO: check CVE-2013-6791 (Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 use ...) NOT-FOR-US: Microsoft Enhanced Mitigation Experience Toolkit CVE-2013-6790 @@ -1990,8 +1990,8 @@ CVE-2013-6787 (SQL injection vulnerability in the check_user_password function i NOT-FOR-US: Chamilo LMS CVE-2013-6786 (Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4. ...) NOT-FOR-US: Allegro RomPager -CVE-2013-6785 - RESERVED +CVE-2013-6785 (Directory traversal vulnerability in url_redirect.cgi in Supermicro IP ...) + TODO: check CVE-2013-6784 RESERVED CVE-2013-6783 @@ -2019,10 +2019,10 @@ CVE-2013-6775 (The Chainfire SuperSU package before 1.69 for Android allows atta NOT-FOR-US: Chainfire SuperSU package CVE-2013-6774 (Untrusted search path vulnerability in the ChainsDD Superuser package ...) NOT-FOR-US: Chainfire SuperSU package -CVE-2013-6773 - RESERVED -CVE-2013-6772 - RESERVED +CVE-2013-6773 (Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal For ...) + TODO: check +CVE-2013-6772 (Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking ...) + TODO: check CVE-2013-6771 (Directory traversal vulnerability in the collect script in Splunk befo ...) NOT-FOR-US: Splunk CVE-2013-6770 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Andro ...) @@ -3269,8 +3269,8 @@ CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attacker - munin 2.0.18-1 [squeeze] - munin 1.4.5-3+deb6u1 NOTE: http://munin-monitoring.org/ticket/1397 -CVE-2013-6358 - RESERVED +CVE-2013-6358 (PrestaShop 1.5.5 allows remote authenticated attackers to execute arbi ...) + TODO: check CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the ...) NOT-FOR-US: Disputed non-issue in Tomcat CVE-2013-6356 @@ -8842,11 +8842,9 @@ CVE-2013-4178 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and NOT-FOR-US: GA Login Drupal contributed module CVE-2013-4177 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1 ...) NOT-FOR-US: GA Login Drupal contributed module -CVE-2013-4176 [information disclosure] - RESERVED +CVE-2013-4176 (mysecureshell 1.31: Local Information Disclosure Vulnerability ...) NOT-FOR-US: MySecureShell -CVE-2013-4175 [local denial of service] - RESERVED +CVE-2013-4175 (MySecureShell 1.31 has a Local Denial of Service Vulnerability ...) NOT-FOR-US: MySecureShell CVE-2013-4174 (Multiple cross-site scripting (XSS) vulnerabilities in the Scald modul ...) NOT-FOR-US: Scald Drupal contributed module @@ -15903,8 +15901,8 @@ CVE-2013-1594 RESERVED CVE-2013-1593 RESERVED -CVE-2013-1592 - RESERVED +CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server service _ ...) + TODO: check CVE-2013-1591 (Stack-based buffer overflow in libpixman, as used in Pale Moon before ...) - pixman 0.26.0-4 (bug #700308) [squeeze] - pixman <not-affected> (Vulnerable code not present) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 3039349a58..504ce7d0b1 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -8837,8 +8837,8 @@ CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact Form NOT-FOR-US: Wordpress plugin CVE-2014-7239 RESERVED -CVE-2014-7238 - RESERVED +CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4 ...) + TODO: check CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windo ...) - twiki <removed> NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237 @@ -17485,7 +17485,7 @@ CVE-2014-3608 (The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 all CVE-2014-3607 (DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not proper ...) - libvt-ldap-java 3.3.8-1 (bug #763608) CVE-2014-3606 - RESERVED + REJECTED - pillow <unfixed> (unimportant) - python-imaging <removed> (unimportant) NOTE: not a security issue, see https://bugzilla.redhat.com/show_bug.cgi?id=1133306#c8 @@ -21769,8 +21769,8 @@ CVE-2014-2052 NOTE: The reference wrt zendframework is for CVE-2012-6532 CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote att ...) - owncloud 6.0.2+dfsg-1 -CVE-2014-2050 - RESERVED +CVE-2014-2050 (Cross-site request forgery (CSRF) vulnerability in ownCloud Server bef ...) + TODO: check CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 5.0.15 and ...) - owncloud 6.0.0+dfsg-1 CVE-2014-2048 (The user_openid app in ownCloud Server before 5.0.15 allows remote att ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 5c0ad42189..da90d648c7 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -21743,8 +21743,7 @@ CVE-2015-1933 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7. NOT-FOR-US: IBM CVE-2015-1932 (IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0 ...) NOT-FOR-US: IBM WebSphere -CVE-2015-1931 - RESERVED +CVE-2015-1931 (IBM Java Security Components in IBM SDK, Java Technology Edition 8 bef ...) NOT-FOR-US: IBM JDK CVE-2015-1930 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...) NOT-FOR-US: IBM diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 52884f4d90..ec4e74b266 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -8340,8 +8340,8 @@ CVE-2016-1000239 RESERVED CVE-2016-1000238 RESERVED -CVE-2016-1000237 - RESERVED +CVE-2016-1000237 (sanitize-html before 1.4.3 has XSS. ...) + TODO: check CVE-2016-1000236 (Node-cookie-signature before 1.0.6 is affected by a timing attack due ...) - node-cookie-signature 1.1.0-1 (unimportant; bug #838618) NOTE: https://nodesecurity.io/advisories/134 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 7887b24231..b315079399 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,43 @@ +CVE-2019-20419 + RESERVED +CVE-2019-20418 + RESERVED +CVE-2019-20417 + RESERVED +CVE-2019-20416 + RESERVED +CVE-2019-20415 + RESERVED +CVE-2019-20414 + RESERVED +CVE-2019-20413 + RESERVED +CVE-2019-20412 + RESERVED +CVE-2019-20411 + RESERVED +CVE-2019-20410 + RESERVED +CVE-2019-20409 + RESERVED +CVE-2019-20408 + RESERVED +CVE-2019-20407 + RESERVED +CVE-2019-20406 + RESERVED +CVE-2019-20405 + RESERVED +CVE-2019-20404 + RESERVED +CVE-2019-20403 + RESERVED +CVE-2019-20402 + RESERVED +CVE-2019-20401 + RESERVED +CVE-2019-20400 + RESERVED CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...) TODO: check CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...) @@ -1445,16 +1485,16 @@ CVE-2019-19841 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows NOT-FOR-US: Ruckus devices CVE-2019-19840 (A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruc ...) NOT-FOR-US: Ruckus devices -CVE-2019-19839 - RESERVED -CVE-2019-19838 - RESERVED -CVE-2019-19837 - RESERVED +CVE-2019-19839 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...) + TODO: check +CVE-2019-19838 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...) + TODO: check +CVE-2019-19837 (Incorrect access control in the web interface in Ruckus Wireless Unlea ...) + TODO: check CVE-2019-19836 (AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200. ...) NOT-FOR-US: Ruckus devices -CVE-2019-19835 - RESERVED +CVE-2019-19835 (SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed thro ...) + TODO: check CVE-2019-19834 (Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed throug ...) NOT-FOR-US: Ruckus devices CVE-2019-20043 (In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...) @@ -3897,11 +3937,9 @@ CVE-2019-18901 RESERVED CVE-2019-18900 RESERVED -CVE-2019-18899 - RESERVED +CVE-2019-18899 (The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in use ...) - apt-cacher-ng <not-affected> (openSUSE specific systemd service unit configuration) -CVE-2019-18898 - RESERVED +CVE-2019-18898 (UNIX Symbolic Link (Symlink) Following vulnerability in the trousers p ...) NOT-FOR-US: SUSE specific packaging issue in %posttrans section in src:trousers CVE-2019-18897 RESERVED @@ -5519,8 +5557,8 @@ CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c CVE-2019-18223 RESERVED -CVE-2019-18222 - RESERVED +CVE-2019-18222 (The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 a ...) + TODO: check CVE-2019-18221 (CoreHR Core Portal before 27.0.7 allows stored XSS. ...) NOT-FOR-US: CoreHR Core Portal CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) ...) @@ -7799,10 +7837,10 @@ CVE-2019-17204 (TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowle - teampass <itp> (bug #730180) CVE-2019-17203 (TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a c ...) - teampass <itp> (bug #730180) -CVE-2019-17202 - RESERVED -CVE-2019-17201 - RESERVED +CVE-2019-17202 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...) + TODO: check +CVE-2019-17201 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...) + TODO: check CVE-2019-17200 RESERVED CVE-2019-17199 (www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory T ...) @@ -9494,18 +9532,18 @@ CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for macOS allows a local attacker NOT-FOR-US: ESET Cyber Security CVE-2019-16518 (An issue was discovered on Swell Kit Mod devices that use the Vandy Va ...) NOT-FOR-US: Swell Kit Mod devices -CVE-2019-16517 - RESERVED -CVE-2019-16516 - RESERVED -CVE-2019-16515 - RESERVED -CVE-2019-16514 - RESERVED -CVE-2019-16513 - RESERVED -CVE-2019-16512 - RESERVED +CVE-2019-16517 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check +CVE-2019-16516 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check +CVE-2019-16515 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check +CVE-2019-16514 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check +CVE-2019-16513 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check +CVE-2019-16512 (An issue was discovered in ConnectWise Control (formerly known as Scre ...) + TODO: check CVE-2019-16511 (An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. ...) NOT-FOR-US: FireGiant CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady ...) @@ -10401,8 +10439,8 @@ CVE-2019-16155 RESERVED CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...) NOT-FOR-US: FortiAuthenticator WEB UI -CVE-2019-16153 - RESERVED +CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM database ...) + TODO: check CVE-2019-16152 RESERVED CVE-2019-16151 @@ -11508,8 +11546,8 @@ CVE-2019-15714 (cli/lib/main.js in Entropic before 2019-06-13 does not reject / NOT-FOR-US: Entropic CVE-2019-15713 (The my-calendar plugin before 3.1.10 for WordPress has XSS. ...) NOT-FOR-US: my-calendar plugin for WordPress -CVE-2019-15712 - RESERVED +CVE-2019-15712 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...) + TODO: check CVE-2019-15711 RESERVED CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, ...) @@ -11518,8 +11556,8 @@ CVE-2019-15709 RESERVED CVE-2019-15708 RESERVED -CVE-2019-15707 - RESERVED +CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...) + TODO: check CVE-2019-15706 RESERVED CVE-2019-15705 (An Improper Input Validation vulnerability in the SSL VPN portal of Fo ...) @@ -13521,8 +13559,7 @@ CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in v NOTE: The fix in libssh makes an update in x2goclient necessary, cf: NOTE: https://bugs.debian.org/947129 NOTE: https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d163a943737fe4160f7233925df2eee1f9a -CVE-2019-14888 - RESERVED +CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in versions befo ...) - undertow <undetermined> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464 CVE-2019-14887 @@ -38860,8 +38897,8 @@ CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STA NOTE: kfreebsd not covered by security support CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation ("Cross ...) NOT-FOR-US: Fortinet -CVE-2019-5593 - RESERVED +CVE-2019-5593 (Improper permission or value checking in the CLI console may allow a n ...) + TODO: check CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, ...) NOT-FOR-US: Fortinet CVE-2019-5591 @@ -43183,8 +43220,8 @@ CVE-2019-3693 RESERVED CVE-2019-3692 RESERVED -CVE-2019-3691 - RESERVED +CVE-2019-3691 (A Symbolic Link (Symlink) Following vulnerability in the packaging of ...) + TODO: check CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks before c ...) NOT-FOR-US: SuSE-specific tool CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before and in ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 686c7122e7..961aca0a98 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,31 @@ +CVE-2020-7934 + RESERVED +CVE-2020-7933 + RESERVED +CVE-2020-7932 + RESERVED +CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...) + TODO: check +CVE-2020-7930 + RESERVED +CVE-2020-7929 + RESERVED +CVE-2020-7928 + RESERVED +CVE-2020-7927 + RESERVED +CVE-2020-7926 + RESERVED +CVE-2020-7925 + RESERVED +CVE-2020-7924 + RESERVED +CVE-2020-7923 + RESERVED +CVE-2020-7922 + RESERVED +CVE-2020-7921 + RESERVED CVE-2020-7920 RESERVED CVE-2020-7919 @@ -1402,8 +1430,8 @@ CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 201 NOT-FOR-US: Amcrest Web Server CVE-2020-7221 RESERVED -CVE-2020-7220 - RESERVED +CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...) + TODO: check CVE-2020-7219 RESERVED CVE-2020-7218 @@ -1424,8 +1452,8 @@ CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent - libslirp <unfixed> (unimportant) NOTE: https://bugs.launchpad.net/qemu/+bug/1812451 NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4 -CVE-2020-7210 - RESERVED +CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...) + TODO: check CVE-2020-7209 RESERVED CVE-2020-7208 @@ -2201,8 +2229,8 @@ CVE-2020-6845 RESERVED CVE-2020-6844 RESERVED -CVE-2020-6843 - RESERVED +CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. ...) + TODO: check CVE-2020-6842 RESERVED CVE-2020-6841 |