automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-01-23 20:10:20 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-01-23 20:10:20 +0000
commit: f2b7b69bc94391b950add273f256b7c2cfca5b1a (patch)
tree: 1e72d419f284b88f15bb40c049c63efdbfb78d4c /data/CVE
parent: 6059642c8877a24f73804e774c3de9489095719f (diff)
10 files changed, 156 insertions, 96 deletions
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 7d70caaa67..5803fcdf2b 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -10,8 +10,8 @@ CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmw
 	NOT-FOR-US: Dataprobe iBootBar
 CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released firmwa ...)
 	NOT-FOR-US: Dataprobe iBootBar
-CVE-2007-6758
-	RESERVED
+CVE-2007-6758 (Server-side request forgery (SSRF) vulnerability in feed-proxy.php in  ...)
+	TODO: check
 CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse! ...)
 	NOT-FOR-US: GE Healthcare Centricity DMS
 CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a d ...)
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 620a88c5ce..bf293554cd 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -26,8 +26,8 @@ CVE-2008-7315 (UI-Dialog 1.09 and earlier allows remote attackers to execute arb
 	[squeeze] - libui-dialog-perl <no-dsa> (Minor issue)
 	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=107364
 	NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/2
-CVE-2008-7314
-	RESERVED
+CVE-2008-7314 (mIRC before 6.35 allows attackers to cause a denial of service (crash) ...)
+	TODO: check
 CVE-2008-7313 (The _httpsrequest function in Snoopy allows remote attackers to execut ...)
 	{DSA-3248-1 DLA-357-1}
 	- libphp-snoopy 2.0.0-1 (bug #778634)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index ac0b88e3c1..7086c5c31e 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -5122,7 +5122,7 @@ CVE-2010-3296 (The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main
 	{DSA-2126-1}
 	- linux-2.6 2.6.32-24
 CVE-2010-3295 [drivers/net/tulip/de4x5.c: reading uninitialized stack memory]
-	RESERVED
+	REJECTED
 	NOTE: assigned to linux-2.6, but claimed not a problem: http://www.openwall.com/lists/oss-security/2010/09/15/2
 	NOTE: will probably get rejected
 CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x throug ...)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 73d2b5edf4..57df4c8459 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -1611,8 +1611,7 @@ CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybd
 	- ircd-ratbox 3.0.7.dfsg-3 (bug #697093)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1
 	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2
-CVE-2012-6083
-	RESERVED
+CVE-2012-6083 (Freeciv before 2.3.3 allows remote attackers to cause a denial of serv ...)
 	- freeciv 2.3.4-1 (low; bug #696306)
 	[squeeze] - freeciv <no-dsa> (Minor issue)
 	[wheezy] - freeciv 2.3.2-1+deb7u1
@@ -2163,8 +2162,8 @@ CVE-2012-5869
 CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session cookie upo ...)
 	- wordpress <unfixed> (unimportant; bug #696868)
 	NOTE: non-issue, see https://wordpress.org/support/topic/old-bug-cve-2012-5868
-CVE-2012-5867
-	RESERVED
+CVE-2012-5867 (HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability ...)
+	TODO: check
 CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4 ...)
 	NOT-FOR-US: Achievo
 CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows re ...)
@@ -2557,10 +2556,10 @@ CVE-2012-5701 (Multiple SQL injection vulnerabilities in dotProject before 2.1.7
 	NOT-FOR-US: dotProject
 CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko befo ...)
 	NOT-FOR-US: Baby Gekko
-CVE-2012-5699
-	RESERVED
-CVE-2012-5698
-	RESERVED
+CVE-2012-5699 (BabyGekko before 1.2.4 allows PHP file inclusion. ...)
+	TODO: check
+CVE-2012-5698 (BabyGekko before 1.2.4 has SQL injection. ...)
+	TODO: check
 CVE-2012-5979
 	REJECTED
 CVE-2012-5697 (The btinstall installation script in Bulb Security Smartphone Pentest  ...)
@@ -2770,8 +2769,7 @@ CVE-2012-5627 (Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12
 	- mysql-5.5 <removed> (unimportant)
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719
 	NOTE: https://mariadb.atlassian.net/browse/MDEV-3915
-CVE-2012-5626
-	RESERVED
+CVE-2012-5626 (EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Applicati ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when usin ...)
 	- nova <not-affected> (Only affects OpenStack Folsom, bug #695830)
@@ -4320,8 +4318,8 @@ CVE-2012-4983 (Multiple cross-site scripting (XSS) vulnerabilities on the Foresc
 	NOT-FOR-US: Forescout device
 CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout CounterAC ...)
 	NOT-FOR-US: Forescout device
-CVE-2012-4981
-	RESERVED
+CVE-2012-4981 (Toshiba ConfigFree 8.0.38 has a CF7 File Remote Command Execution Vuln ...)
+	TODO: check
 CVE-2012-4980 (Multiple stack-based buffer overflows in CFProfile.exe in Toshiba Conf ...)
 	NOT-FOR-US: Toshiba ConfigFree Utility
 CVE-2012-4979
@@ -4501,8 +4499,8 @@ CVE-2012-4902 (Multiple cross-site request forgery (CSRF) vulnerabilities in Tem
 	NOT-FOR-US: Template CMS (http://template-cms.ru)
 CVE-2012-4901 (Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and ear ...)
 	NOT-FOR-US: Template CMS (http://template-cms.ru)
-CVE-2012-4900
-	RESERVED
+CVE-2012-4900 (Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via unt ...)
+	TODO: check
 CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak password-hashing alg ...)
 	NOT-FOR-US: WellinTech KingView
 CVE-2012-4898 (Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a  ...)
@@ -4578,8 +4576,8 @@ CVE-2012-4865 (Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers
 	NOT-FOR-US: Oreans Themida
 CVE-2012-4864 (Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of ...)
 	NOT-FOR-US: Oreans WinLicense
-CVE-2012-4863
-	RESERVED
+CVE-2012-4863 (IBM WebSphere MQ 7.1 and 7.5: Queue manager has a DoS vulnerability ...)
+	TODO: check
 CVE-2012-4862 (The Host Connect emulator in IBM Rational Developer for System z 7.1 t ...)
 	NOT-FOR-US: IBM Rational
 CVE-2012-4861 (The web server in InfoSphere Data Replication Dashboard in IBM InfoSph ...)
@@ -11513,8 +11511,8 @@ CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in tif
 	{DSA-2552-1}
 	- tiff 4.0-1 (bug #678140)
 	- tiff3 3.9.6-6
-CVE-2012-2087
-	RESERVED
+CVE-2012-2087 (ISPConfig 3.0.4.3: the "Add new Webdav user" can chmod and chown entir ...)
+	TODO: check
 CVE-2012-2086 (SQL injection vulnerability in the get_last_conversation_lines functio ...)
 	{DSA-2453-2 DSA-2453-1}
 	- gajim 0.15-1 (low; bug #668038)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index f06ed7305f..c01063ab96 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -1976,8 +1976,8 @@ CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module i
 	NOT-FOR-US: Olat
 CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar mo ...)
 	NOT-FOR-US: Olat
-CVE-2013-6792
-	RESERVED
+CVE-2013-6792 (Google Android prior to 4.4 has an APK Signature Security Bypass Vulne ...)
+	TODO: check
 CVE-2013-6791 (Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 use ...)
 	NOT-FOR-US: Microsoft Enhanced Mitigation Experience Toolkit
 CVE-2013-6790
@@ -1990,8 +1990,8 @@ CVE-2013-6787 (SQL injection vulnerability in the check_user_password function i
 	NOT-FOR-US: Chamilo LMS
 CVE-2013-6786 (Cross-site scripting (XSS) vulnerability in Allegro RomPager before 4. ...)
 	NOT-FOR-US: Allegro RomPager
-CVE-2013-6785
-	RESERVED
+CVE-2013-6785 (Directory traversal vulnerability in url_redirect.cgi in Supermicro IP ...)
+	TODO: check
 CVE-2013-6784
 	RESERVED
 CVE-2013-6783
@@ -2019,10 +2019,10 @@ CVE-2013-6775 (The Chainfire SuperSU package before 1.69 for Android allows atta
 	NOT-FOR-US: Chainfire SuperSU package
 CVE-2013-6774 (Untrusted search path vulnerability in the ChainsDD Superuser package  ...)
 	NOT-FOR-US: Chainfire SuperSU package
-CVE-2013-6773
-	RESERVED
-CVE-2013-6772
-	RESERVED
+CVE-2013-6773 (Splunk 5.0.3 has an Unquoted Service Path in Windows for Universal For ...)
+	TODO: check
+CVE-2013-6772 (Splunk before 5.0.4 lacks X-Frame-Options which can allow Clickjacking ...)
+	TODO: check
 CVE-2013-6771 (Directory traversal vulnerability in the collect script in Splunk befo ...)
 	NOT-FOR-US: Splunk
 CVE-2013-6770 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Andro ...)
@@ -3269,8 +3269,8 @@ CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attacker
 	- munin 2.0.18-1
 	[squeeze] - munin 1.4.5-3+deb6u1
 	NOTE: http://munin-monitoring.org/ticket/1397
-CVE-2013-6358
-	RESERVED
+CVE-2013-6358 (PrestaShop 1.5.5 allows remote authenticated attackers to execute arbi ...)
+	TODO: check
 CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the  ...)
 	NOT-FOR-US: Disputed non-issue in Tomcat
 CVE-2013-6356
@@ -8842,11 +8842,9 @@ CVE-2013-4178 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and
 	NOT-FOR-US: GA Login Drupal contributed module
 CVE-2013-4177 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1 ...)
 	NOT-FOR-US: GA Login Drupal contributed module
-CVE-2013-4176 [information disclosure]
-	RESERVED
+CVE-2013-4176 (mysecureshell 1.31: Local Information Disclosure Vulnerability ...)
 	NOT-FOR-US: MySecureShell
-CVE-2013-4175 [local denial of service]
-	RESERVED
+CVE-2013-4175 (MySecureShell 1.31 has a Local Denial of Service Vulnerability ...)
 	NOT-FOR-US: MySecureShell
 CVE-2013-4174 (Multiple cross-site scripting (XSS) vulnerabilities in the Scald modul ...)
 	NOT-FOR-US: Scald Drupal contributed module
@@ -15903,8 +15901,8 @@ CVE-2013-1594
 	RESERVED
 CVE-2013-1593
 	RESERVED
-CVE-2013-1592
-	RESERVED
+CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server service _ ...)
+	TODO: check
 CVE-2013-1591 (Stack-based buffer overflow in libpixman, as used in Pale Moon before  ...)
 	- pixman 0.26.0-4 (bug #700308)
 	[squeeze] - pixman <not-affected> (Vulnerable code not present)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 3039349a58..504ce7d0b1 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -8837,8 +8837,8 @@ CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact Form
 	NOT-FOR-US: Wordpress plugin
 CVE-2014-7239
 	RESERVED
-CVE-2014-7238
-	RESERVED
+CVE-2014-7238 (The WordPress plugin Contact Form Integrated With Google Maps 1.0-2.4  ...)
+	TODO: check
 CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windo ...)
 	- twiki <removed>
 	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
@@ -17485,7 +17485,7 @@ CVE-2014-3608 (The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 all
 CVE-2014-3607 (DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not proper ...)
 	- libvt-ldap-java 3.3.8-1 (bug #763608)
 CVE-2014-3606
-	RESERVED
+	REJECTED
 	- pillow <unfixed> (unimportant)
 	- python-imaging <removed> (unimportant)
 	NOTE: not a security issue, see https://bugzilla.redhat.com/show_bug.cgi?id=1133306#c8
@@ -21769,8 +21769,8 @@ CVE-2014-2052
 	NOTE: The reference wrt zendframework is for CVE-2012-6532
 CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote att ...)
 	- owncloud 6.0.2+dfsg-1
-CVE-2014-2050
-	RESERVED
+CVE-2014-2050 (Cross-site request forgery (CSRF) vulnerability in ownCloud Server bef ...)
+	TODO: check
 CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 5.0.15 and  ...)
 	- owncloud 6.0.0+dfsg-1
 CVE-2014-2048 (The user_openid app in ownCloud Server before 5.0.15 allows remote att ...)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 5c0ad42189..da90d648c7 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -21743,8 +21743,7 @@ CVE-2015-1933 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.
 	NOT-FOR-US: IBM
 CVE-2015-1932 (IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before 8.0 ...)
 	NOT-FOR-US: IBM WebSphere
-CVE-2015-1931
-	RESERVED
+CVE-2015-1931 (IBM Java Security Components in IBM SDK, Java Technology Edition 8 bef ...)
 	NOT-FOR-US: IBM JDK
 CVE-2015-1930 (Stack-based buffer overflow in the server in IBM Tivoli Storage Manage ...)
 	NOT-FOR-US: IBM
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 52884f4d90..ec4e74b266 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -8340,8 +8340,8 @@ CVE-2016-1000239
 	RESERVED
 CVE-2016-1000238
 	RESERVED
-CVE-2016-1000237
-	RESERVED
+CVE-2016-1000237 (sanitize-html before 1.4.3 has XSS. ...)
+	TODO: check
 CVE-2016-1000236 (Node-cookie-signature before 1.0.6 is affected by a timing attack due  ...)
 	- node-cookie-signature 1.1.0-1 (unimportant; bug #838618)
 	NOTE: https://nodesecurity.io/advisories/134
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 7887b24231..b315079399 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,43 @@
+CVE-2019-20419
+	RESERVED
+CVE-2019-20418
+	RESERVED
+CVE-2019-20417
+	RESERVED
+CVE-2019-20416
+	RESERVED
+CVE-2019-20415
+	RESERVED
+CVE-2019-20414
+	RESERVED
+CVE-2019-20413
+	RESERVED
+CVE-2019-20412
+	RESERVED
+CVE-2019-20411
+	RESERVED
+CVE-2019-20410
+	RESERVED
+CVE-2019-20409
+	RESERVED
+CVE-2019-20408
+	RESERVED
+CVE-2019-20407
+	RESERVED
+CVE-2019-20406
+	RESERVED
+CVE-2019-20405
+	RESERVED
+CVE-2019-20404
+	RESERVED
+CVE-2019-20403
+	RESERVED
+CVE-2019-20402
+	RESERVED
+CVE-2019-20401
+	RESERVED
+CVE-2019-20400
+	RESERVED
 CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...)
 	TODO: check
 CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...)
@@ -1445,16 +1485,16 @@ CVE-2019-19841 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows
 	NOT-FOR-US: Ruckus devices
 CVE-2019-19840 (A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruc ...)
 	NOT-FOR-US: Ruckus devices
-CVE-2019-19839
-	RESERVED
-CVE-2019-19838
-	RESERVED
-CVE-2019-19837
-	RESERVED
+CVE-2019-19839 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...)
+	TODO: check
+CVE-2019-19838 (emfd in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remot ...)
+	TODO: check
+CVE-2019-19837 (Incorrect access control in the web interface in Ruckus Wireless Unlea ...)
+	TODO: check
 CVE-2019-19836 (AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200. ...)
 	NOT-FOR-US: Ruckus devices
-CVE-2019-19835
-	RESERVED
+CVE-2019-19835 (SSRF in AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed thro ...)
+	TODO: check
 CVE-2019-19834 (Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed throug ...)
 	NOT-FOR-US: Ruckus devices
 CVE-2019-20043 (In in wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.ph ...)
@@ -3897,11 +3937,9 @@ CVE-2019-18901
 	RESERVED
 CVE-2019-18900
 	RESERVED
-CVE-2019-18899
-	RESERVED
+CVE-2019-18899 (The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in use ...)
 	- apt-cacher-ng <not-affected> (openSUSE specific systemd service unit configuration)
-CVE-2019-18898
-	RESERVED
+CVE-2019-18898 (UNIX Symbolic Link (Symlink) Following vulnerability in the trousers p ...)
 	NOT-FOR-US: SUSE specific packaging issue in %posttrans section in src:trousers
 CVE-2019-18897
 	RESERVED
@@ -5519,8 +5557,8 @@ CVE-2019-18224 (idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has
 	NOTE: https://github.com/libidn/libidn2/commit/e4d1558aa2c1c04a05066ee8600f37603890ba8c
 CVE-2019-18223
 	RESERVED
-CVE-2019-18222
-	RESERVED
+CVE-2019-18222 (The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 a ...)
+	TODO: check
 CVE-2019-18221 (CoreHR Core Portal before 27.0.7 allows stored XSS. ...)
 	NOT-FOR-US: CoreHR Core Portal
 CVE-2019-18220 (Sitemagic CMS 4.4.1 is affected by a Cross-Site-Request-Forgery (CSRF) ...)
@@ -7799,10 +7837,10 @@ CVE-2019-17204 (TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowle
 	- teampass <itp> (bug #730180)
 CVE-2019-17203 (TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a c ...)
 	- teampass <itp> (bug #730180)
-CVE-2019-17202
-	RESERVED
-CVE-2019-17201
-	RESERVED
+CVE-2019-17202 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...)
+	TODO: check
+CVE-2019-17201 (FastTrack Admin By Request 6.1.0.0 supports group policies that are su ...)
+	TODO: check
 CVE-2019-17200
 	RESERVED
 CVE-2019-17199 (www/getfile.php in WPO WebPageTest 19.04 on Windows allows Directory T ...)
@@ -9494,18 +9532,18 @@ CVE-2019-16519 (ESET Cyber Security 6.7.900.0 for macOS allows a local attacker
 	NOT-FOR-US: ESET Cyber Security
 CVE-2019-16518 (An issue was discovered on Swell Kit Mod devices that use the Vandy Va ...)
 	NOT-FOR-US: Swell Kit Mod devices
-CVE-2019-16517
-	RESERVED
-CVE-2019-16516
-	RESERVED
-CVE-2019-16515
-	RESERVED
-CVE-2019-16514
-	RESERVED
-CVE-2019-16513
-	RESERVED
-CVE-2019-16512
-	RESERVED
+CVE-2019-16517 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
+	TODO: check
+CVE-2019-16516 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
+	TODO: check
+CVE-2019-16515 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
+	TODO: check
+CVE-2019-16514 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
+	TODO: check
+CVE-2019-16513 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
+	TODO: check
+CVE-2019-16512 (An issue was discovered in ConnectWise Control (formerly known as Scre ...)
+	TODO: check
 CVE-2019-16511 (An issue was discovered in DTF in FireGiant WiX Toolset before 3.11.2. ...)
 	NOT-FOR-US: FireGiant
 CVE-2019-16510 (libIEC61850 through 1.3.3 has a use-after-free in MmsServer_waitReady  ...)
@@ -10401,8 +10439,8 @@ CVE-2019-16155
 	RESERVED
 CVE-2019-16154 (An improper neutralization of input during web page generation in Fort ...)
 	NOT-FOR-US: FortiAuthenticator WEB UI
-CVE-2019-16153
-	RESERVED
+CVE-2019-16153 (A hard-coded password vulnerability in the Fortinet FortiSIEM database ...)
+	TODO: check
 CVE-2019-16152
 	RESERVED
 CVE-2019-16151
@@ -11508,8 +11546,8 @@ CVE-2019-15714 (cli/lib/main.js in Entropic before 2019-06-13 does not reject /
 	NOT-FOR-US: Entropic
 CVE-2019-15713 (The my-calendar plugin before 3.1.10 for WordPress has XSS. ...)
 	NOT-FOR-US: my-calendar plugin for WordPress
-CVE-2019-15712
-	RESERVED
+CVE-2019-15712 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
+	TODO: check
 CVE-2019-15711
 	RESERVED
 CVE-2019-15710 (An OS command injection vulnerability in FortiExtender 4.1.0 to 4.1.1, ...)
@@ -11518,8 +11556,8 @@ CVE-2019-15709
 	RESERVED
 CVE-2019-15708
 	RESERVED
-CVE-2019-15707
-	RESERVED
+CVE-2019-15707 (An improper access control vulnerability in FortiMail admin webUI 6.2. ...)
+	TODO: check
 CVE-2019-15706
 	RESERVED
 CVE-2019-15705 (An Improper Input Validation vulnerability in the SSL VPN portal of Fo ...)
@@ -13521,8 +13559,7 @@ CVE-2019-14889 (A flaw was found with the libssh API function ssh_scp_new() in v
 	NOTE: The fix in libssh makes an update in x2goclient necessary, cf:
 	NOTE: https://bugs.debian.org/947129
 	NOTE: https://code.x2go.org/gitweb?p=x2goclient.git;a=commitdiff;h=ce559d163a943737fe4160f7233925df2eee1f9a
-CVE-2019-14888
-	RESERVED
+CVE-2019-14888 (A vulnerability was found in the Undertow HTTP server in versions befo ...)
 	- undertow <undetermined>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1772464
 CVE-2019-14887
@@ -38860,8 +38897,8 @@ CVE-2019-5595 (In FreeBSD before 11.2-STABLE(r343782), 11.2-RELEASE-p9, 12.0-STA
 	NOTE: kfreebsd not covered by security support
 CVE-2019-5594 (An Improper Neutralization of Input During Web Page Generation ("Cross ...)
 	NOT-FOR-US: Fortinet
-CVE-2019-5593
-	RESERVED
+CVE-2019-5593 (Improper permission or value checking in the CLI console may allow a n ...)
+	TODO: check
 CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE,  ...)
 	NOT-FOR-US: Fortinet
 CVE-2019-5591
@@ -43183,8 +43220,8 @@ CVE-2019-3693
 	RESERVED
 CVE-2019-3692
 	RESERVED
-CVE-2019-3691
-	RESERVED
+CVE-2019-3691 (A Symbolic Link (Symlink) Following vulnerability in the packaging of  ...)
+	TODO: check
 CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks before c ...)
 	NOT-FOR-US: SuSE-specific tool
 CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before and in ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 686c7122e7..961aca0a98 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,31 @@
+CVE-2020-7934
+	RESERVED
+CVE-2020-7933
+	RESERVED
+CVE-2020-7932
+	RESERVED
+CVE-2020-7931 (In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template process ...)
+	TODO: check
+CVE-2020-7930
+	RESERVED
+CVE-2020-7929
+	RESERVED
+CVE-2020-7928
+	RESERVED
+CVE-2020-7927
+	RESERVED
+CVE-2020-7926
+	RESERVED
+CVE-2020-7925
+	RESERVED
+CVE-2020-7924
+	RESERVED
+CVE-2020-7923
+	RESERVED
+CVE-2020-7922
+	RESERVED
+CVE-2020-7921
+	RESERVED
 CVE-2020-7920
 	RESERVED
 CVE-2020-7919
@@ -1402,8 +1430,8 @@ CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 201
 	NOT-FOR-US: Amcrest Web Server
 CVE-2020-7221
 	RESERVED
-CVE-2020-7220
-	RESERVED
+CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...)
+	TODO: check
 CVE-2020-7219
 	RESERVED
 CVE-2020-7218
@@ -1424,8 +1452,8 @@ CVE-2020-7211 (tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent
 	- libslirp <unfixed> (unimportant)
 	NOTE: https://bugs.launchpad.net/qemu/+bug/1812451
 	NOTE: https://gitlab.freedesktop.org/slirp/libslirp/commit/14ec36e107a8c9af7d0a80c3571fe39b291ff1d4
-CVE-2020-7210
-	RESERVED
+CVE-2020-7210 (Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user account ...)
+	TODO: check
 CVE-2020-7209
 	RESERVED
 CVE-2020-7208
@@ -2201,8 +2229,8 @@ CVE-2020-6845
 	RESERVED
 CVE-2020-6844
 	RESERVED
-CVE-2020-6843
-	RESERVED
+CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. ...)
+	TODO: check
 CVE-2020-6842
 	RESERVED
 CVE-2020-6841
author	security tracker role <sectracker@soriano.debian.org>	2020-01-23 20:10:20 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-01-23 20:10:20 +0000
commit	f2b7b69bc94391b950add273f256b7c2cfca5b1a (patch)
tree	1e72d419f284b88f15bb40c049c63efdbfb78d4c /data/CVE
parent	6059642c8877a24f73804e774c3de9489095719f (diff)