automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-01-09 08:10:17 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-01-09 08:10:17 +0000
commit: 093dddcfa3f63621d9c5c886988ce8d4c60c28bd (patch)
tree: 91dfeb718c3db806b1c133c7ebe5c40f2c939e0b /data
parent: 3e2201c62782930fa7c86c3d38a824e8f40ef26c (diff)
3 files changed, 174 insertions, 86 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 47d4dbd325..cef82c4ddc 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -159,8 +159,8 @@ CVE-2011-5268 (connection.c in Bip before 0.8.9 does not properly close sockets,
 	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
 CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in spell-check-sav ...)
 	NOT-FOR-US: SpellChecker module in Xinha
-CVE-2011-5266
-	RESERVED
+CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...)
+	TODO: check
 CVE-2011-5265 (Cross-site scripting (XSS) vulnerability in cached_image.php in the Fe ...)
 	NOT-FOR-US: Wordpress plugin
 CVE-2011-5264 (Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the  ...)
@@ -191,14 +191,14 @@ CVE-2011-5252 (Open redirect vulnerability in Users/Account/LogOff in Orchard 1.
 	NOT-FOR-US: Orchard
 CVE-2011-5251 (Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and  ...)
 	NOT-FOR-US: vBulletin
-CVE-2011-5250
-	RESERVED
+CVE-2011-5250 (Snare for Linux before 1.7.0 has CSRF in the web interface. ...)
+	TODO: check
 CVE-2011-5249 (Cross-site scripting (XSS) vulnerability in the events page in the Sys ...)
 	NOT-FOR-US: SNARE
 CVE-2011-5248
 	RESERVED
-CVE-2011-5247
-	RESERVED
+CVE-2011-5247 (Snare for Linux before 1.7.0 has password disclosure because the rende ...)
+	TODO: check
 CVE-2011-5246
 	RESERVED
 CVE-2011-5373
@@ -700,8 +700,8 @@ CVE-2011-5020
 CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in Textpat ...)
 	- textpattern <unfixed> (low)
 	[squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which becomes inaccessible after installation)
-CVE-2011-5018
-	RESERVED
+CVE-2011-5018 (Koala Framework before 2011-11-21 has XSS via the request_uri paramete ...)
+	TODO: check
 CVE-2011-5017
 	RESERVED
 CVE-2011-5016
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index a292585f94..5026b60389 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,11 @@
+CVE-2019-20371
+	RESERVED
+CVE-2019-20370
+	RESERVED
+CVE-2019-20369
+	RESERVED
+CVE-2019-20368
+	RESERVED
 CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...)
 	- libbsd 0.10.0-1
 	NOTE: https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html
@@ -7692,7 +7700,7 @@ CVE-2019-17153
 	RESERVED
 CVE-2019-17152
 	RESERVED
-CVE-2019-17151 (This vulnerability allows remote attackers to execute arbitrary code o ...)
+CVE-2019-17151 (This vulnerability allows remote attackers redirect users to an extern ...)
 	NOT-FOR-US: Tencent WeChat
 CVE-2019-17150
 	RESERVED
@@ -7986,75 +7994,61 @@ CVE-2019-17026
 	- firefox 72.0.1-1 (bug #948452)
 	- firefox-esr 68.4.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026
-CVE-2019-17025
-	RESERVED
+CVE-2019-17025 (Mozilla developers reported memory safety bugs present in Firefox 71.  ...)
 	- firefox 72.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17025
-CVE-2019-17024
-	RESERVED
+CVE-2019-17024 (Mozilla developers reported memory safety bugs present in Firefox 71 a ...)
 	- firefox 72.0-1
 	- firefox-esr 68.4.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17024
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17024
-CVE-2019-17023
-	RESERVED
+CVE-2019-17023 (After a HelloRetryRequest has been sent, the client may negotiate a lo ...)
 	- firefox 72.0-1
 	- nss 2:3.49-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023
 	NOTE: https://hg.mozilla.org/projects/nss/rev/d64102b76a437f24d98a20480dcc9f1655143e7c
 	NOTE: https://hg.mozilla.org/projects/nss/rev/8a2bd40e7f89a796cf24a0ff7cfb67c6e69c5c78
-CVE-2019-17022
-	RESERVED
+CVE-2019-17022 (When pasting a &amp;lt;style&amp;gt; tag from the clipboard into a ric ...)
 	- firefox 72.0-1
 	- firefox-esr 68.4.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17022
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17022
-CVE-2019-17021
-	RESERVED
+CVE-2019-17021 (During the initialization of a new content process, a race condition o ...)
 	- firefox <not-affected> (Windows-specific)
 	- firefox-esr <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17021
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17021
-CVE-2019-17020
-	RESERVED
+CVE-2019-17020 (If an XML file is served with a Content Security Policy and the XML fi ...)
 	- firefox 72.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17020
-CVE-2019-17019
-	RESERVED
+CVE-2019-17019 (When Python was installed on Windows, a python file being served with  ...)
 	- firefox <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17019
-CVE-2019-17018
-	RESERVED
+CVE-2019-17018 (When in Private Browsing Mode on Windows 10, the Windows keyboard may  ...)
 	- firefox <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17018
-CVE-2019-17017
-	RESERVED
+CVE-2019-17017 (Due to a missing case handling object types, a type confusion vulnerab ...)
 	- firefox 72.0-1
 	- firefox-esr 68.4.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17017
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17017
-CVE-2019-17016
-	RESERVED
+CVE-2019-17016 (When pasting a &amp;lt;style&amp;gt; tag from the clipboard into a ric ...)
 	- firefox 72.0-1
 	- firefox-esr 68.4.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17016
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17016
-CVE-2019-17015
-	RESERVED
+CVE-2019-17015 (During the initialization of a new content process, a pointer offset c ...)
 	- firefox <not-affected> (Windows-specific)
 	- firefox-esr <not-affected> (Windows-specific)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17015
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17015
-CVE-2019-17014
-	RESERVED
+CVE-2019-17014 (If an image had not loaded correctly (such as when it is not actually  ...)
 	- firefox 71.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014
-CVE-2019-17013
-	RESERVED
+CVE-2019-17013 (Mozilla developers reported memory safety bugs present in Firefox 70.  ...)
 	- firefox 71.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013
-CVE-2019-17012
-	RESERVED
+CVE-2019-17012 (Mozilla developers reported memory safety bugs present in Firefox 70 a ...)
 	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
 	- firefox 71.0-1
 	- firefox-esr 68.3.0esr-1
@@ -8062,8 +8056,7 @@ CVE-2019-17012
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17012
-CVE-2019-17011
-	RESERVED
+CVE-2019-17011 (Under certain conditions, when retrieving a document from a DocShell i ...)
 	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
 	- firefox 71.0-1
 	- firefox-esr 68.3.0esr-1
@@ -8071,8 +8064,7 @@ CVE-2019-17011
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17011
-CVE-2019-17010
-	RESERVED
+CVE-2019-17010 (Under certain conditions, when checking the Resist Fingerprinting pref ...)
 	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
 	- firefox 71.0-1
 	- firefox-esr 68.3.0esr-1
@@ -8080,16 +8072,14 @@ CVE-2019-17010
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17010
-CVE-2019-17009
-	RESERVED
+CVE-2019-17009 (When running, the updater service wrote status and log files to an unr ...)
 	- firefox <not-affected> (Updater not used in Debian packages)
 	- firefox-esr <not-affected> (Updater not used in Debian packages)
 	- thunderbird <not-affected> (Updater not used in Debian packages)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17009
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17009
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17009
-CVE-2019-17008
-	RESERVED
+CVE-2019-17008 (When using nested workers, a use-after-free could occur during worker  ...)
 	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
 	- firefox 71.0-1
 	- firefox-esr 68.3.0esr-1
@@ -8114,8 +8104,7 @@ CVE-2019-17006 [Check length of inputs for cryptographic primitives]
 	NOTE: Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=1539788
 	NOTE: https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34
 	NOTE: https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe
-CVE-2019-17005
-	RESERVED
+CVE-2019-17005 (The plain text serializer used a fixed-size array for the number of &l ...)
 	{DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1}
 	- firefox 71.0-1
 	- firefox-esr 68.3.0esr-1
@@ -8127,16 +8116,13 @@ CVE-2019-17004
 	RESERVED
 CVE-2019-17003
 	RESERVED
-CVE-2019-17002
-	RESERVED
+CVE-2019-17002 (If upgrade-insecure-requests was specified in the Content Security Pol ...)
 	- firefox 70.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002
-CVE-2019-17001
-	RESERVED
+CVE-2019-17001 (A Content-Security-Policy that blocks in-line scripts could be bypasse ...)
 	- firefox 70.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17001
-CVE-2019-17000
-	RESERVED
+CVE-2019-17000 (An object tag with a data URI did not correctly inherit the document's ...)
 	- firefox 70.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17000
 CVE-2019-16999 (CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status ...)
@@ -8642,8 +8628,8 @@ CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in
 	[stretch] - waitress <no-dsa> (Minor issue)
 	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4
 	NOTE: https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017
-CVE-2019-16788
-	RESERVED
+CVE-2019-16788 (In WordPress versions from 3.7 to 5.3.0, authenticated users who do no ...)
+	TODO: check
 CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...)
 	- waitress 1.4.1-1 (bug #947306)
 	[buster] - waitress <no-dsa> (Minor issue)
@@ -8698,8 +8684,8 @@ CVE-2019-16774 (In phpfastcache before 5.1.3, there is a possible object injecti
 	NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4 (5.0.13)
 	NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/82a84adff6e8fc9b564c616d0fdc9238ae2e86c3 (4.3.18)
 	NOTE: Affected phpfastcache code is not used in kopano-webapp-plugin-files.
-CVE-2019-16773
-	RESERVED
+CVE-2019-16773 (In WordPress versions from 3.7 to 5.3.0, the function wp_targeted_link ...)
+	TODO: check
 CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is vulnerable to  ...)
 	NOT-FOR-US: serialize-to-js Node package
 CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable ...)
@@ -21464,12 +21450,10 @@ CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffe
 	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present; D6_OPTION_PD_EXCLUDE support added later)
 	NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8
 	NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b
-CVE-2019-11765
-	RESERVED
+CVE-2019-11765 (A compromised content process could send a message to the parent proce ...)
 	- firefox 70.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765
-CVE-2019-11764
-	RESERVED
+CVE-2019-11764 (Mozilla developers and community members reported memory safety bugs p ...)
 	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
@@ -21477,8 +21461,7 @@ CVE-2019-11764
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11764
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11764
-CVE-2019-11763
-	RESERVED
+CVE-2019-11763 (Failure to correctly handle null bytes when processing HTML entities r ...)
 	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
@@ -21486,8 +21469,7 @@ CVE-2019-11763
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11763
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763
-CVE-2019-11762
-	RESERVED
+CVE-2019-11762 (If two same-origin documents set document.domain differently to become ...)
 	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
@@ -21495,8 +21477,7 @@ CVE-2019-11762
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762
-CVE-2019-11761
-	RESERVED
+CVE-2019-11761 (By using a form with a data URI it was possible to gain access to the  ...)
 	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
@@ -21504,8 +21485,7 @@ CVE-2019-11761
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761
-CVE-2019-11760
-	RESERVED
+CVE-2019-11760 (A fixed-size stack buffer could overflow in nrappkit when doing WebRTC ...)
 	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
@@ -21513,8 +21493,7 @@ CVE-2019-11760
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11760
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11760
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11760
-CVE-2019-11759
-	RESERVED
+CVE-2019-11759 (An attacker could have caused 4 bytes of HMAC output to be written pas ...)
 	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
@@ -21522,14 +21501,12 @@ CVE-2019-11759
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11759
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11759
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11759
-CVE-2019-11758
-	RESERVED
+CVE-2019-11758 (Mozilla community member Philipp reported a memory safety bug present  ...)
 	- firefox-esr <not-affected> (Only an issue in combination with 360 Total Security)
 	- thunderbird <not-affected> (Only an issue in combination with 360 Total Security)
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11758
-CVE-2019-11757
-	RESERVED
+CVE-2019-11757 (When following the value's prototype chain, it was possible to retain  ...)
 	{DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1}
 	- firefox 70.0-1
 	- firefox-esr 68.2.0esr-1
@@ -21537,8 +21514,7 @@ CVE-2019-11757
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757
-CVE-2019-11756
-	RESERVED
+CVE-2019-11756 (Improper refcounting of soft token session objects could cause a use-a ...)
 	- firefox 71.0-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756
 CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption layer and a ...)
@@ -21611,8 +21587,7 @@ CVE-2019-11746 (A use-after-free vulnerability can occur while manipulating vide
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11746
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746
-CVE-2019-11745 [Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate]
-	RESERVED
+CVE-2019-11745 (When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa ...)
 	{DSA-4579-1 DLA-2008-1}
 	- nss 2:3.47.1-1
 	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public)
@@ -22941,8 +22916,8 @@ CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allow
 	NOT-FOR-US: Cloud Foundry
 CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set to log ...)
 	NOT-FOR-US: Cloud Foundry UAA Release
-CVE-2019-11292
-	RESERVED
+CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2. ...)
+	TODO: check
 CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior  ...)
 	- rabbitmq-server <unfixed> (bug #945601)
 	[buster] - rabbitmq-server <no-dsa> (Minor issue)
@@ -27852,8 +27827,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confus
 	- firefox-esr 60.6.1esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813
-CVE-2019-9812
-	RESERVED
+CVE-2019-9812 (Given a compromised sandboxed content process due to a separate vulner ...)
 	{DSA-4516-1 DLA-1910-1}
 	- firefox 69.0-1
 	- firefox-esr 68.1.0esr-1
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 820434b8e1..2b2b028708 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,115 @@
+CVE-2020-6639
+	RESERVED
+CVE-2020-6638
+	RESERVED
+CVE-2020-6637
+	RESERVED
+CVE-2020-6636
+	RESERVED
+CVE-2020-6635
+	RESERVED
+CVE-2020-6634
+	RESERVED
+CVE-2020-6633
+	RESERVED
+CVE-2020-6632 (In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a Q ...)
+	TODO: check
+CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...)
+	TODO: check
+CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...)
+	TODO: check
+CVE-2020-6629 (Ming (aka libming) 0.4.8 has z NULL pointer dereference in the functio ...)
+	TODO: check
+CVE-2020-6628 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the func ...)
+	TODO: check
+CVE-2020-6627
+	RESERVED
+CVE-2020-6626
+	RESERVED
+CVE-2020-6625 (jhead through 3.04 has a heap-based buffer over-read in Get32s when ca ...)
+	TODO: check
+CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_DQT in ...)
+	TODO: check
+CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
+	TODO: check
+CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
+	TODO: check
+CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...)
+	TODO: check
+CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
+	TODO: check
+CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...)
+	TODO: check
+CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...)
+	TODO: check
+CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...)
+	TODO: check
+CVE-2020-6616
+	RESERVED
+CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...)
+	TODO: check
+CVE-2020-6614 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read  ...)
+	TODO: check
+CVE-2020-6613 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_searc ...)
+	TODO: check
+CVE-2020-6612 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_comp ...)
+	TODO: check
+CVE-2020-6611 (GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_own ...)
+	TODO: check
+CVE-2020-6610 (GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation i ...)
+	TODO: check
+CVE-2020-6609 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_page ...)
+	TODO: check
+CVE-2020-6608
+	RESERVED
+CVE-2020-6607
+	RESERVED
+CVE-2020-6606
+	RESERVED
+CVE-2020-6605
+	RESERVED
+CVE-2020-6604
+	RESERVED
+CVE-2020-6603
+	RESERVED
+CVE-2020-6602
+	RESERVED
+CVE-2020-6601
+	RESERVED
+CVE-2020-6600
+	RESERVED
+CVE-2020-6599
+	RESERVED
+CVE-2020-6598
+	RESERVED
+CVE-2020-6597
+	RESERVED
+CVE-2020-6596
+	RESERVED
+CVE-2020-6595
+	RESERVED
+CVE-2020-6594
+	RESERVED
+CVE-2020-6593
+	RESERVED
+CVE-2020-6592
+	RESERVED
+CVE-2020-6591
+	RESERVED
+CVE-2020-6590
+	RESERVED
+CVE-2020-6589
+	RESERVED
+CVE-2020-6588
+	RESERVED
+CVE-2020-6587
+	RESERVED
+CVE-2020-6586
+	RESERVED
+CVE-2020-6585
+	RESERVED
+CVE-2020-6584
+	RESERVED
 CVE-2020-6583 (BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be  ...)
 	NOT-FOR-US: BigProf Online Invoicing System (OIS)
 CVE-2020-6582
@@ -2156,7 +2268,9 @@ CVE-2020-5506
 	RESERVED
 CVE-2020-5505
 	RESERVED
-CVE-2020-5504 (A SQL injection flaw has been discovered in the user accounts page. A ma...)
+CVE-2020-5504
+	RESERVED
+	{DLA-2060-1}
 	- phpmyadmin <unfixed>
 	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983
 	NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b
@@ -2773,8 +2887,8 @@ CVE-2020-5207
 	RESERVED
 CVE-2020-5206
 	RESERVED
-CVE-2020-5205
-	RESERVED
+CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...)
+	TODO: check
 CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...)
 	NOT-FOR-US: uftpd
 CVE-2020-5203
author	security tracker role <sectracker@soriano.debian.org>	2020-01-09 08:10:17 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-01-09 08:10:17 +0000
commit	093dddcfa3f63621d9c5c886988ce8d4c60c28bd (patch)
tree	91dfeb718c3db806b1c133c7ebe5c40f2c939e0b /data
parent	3e2201c62782930fa7c86c3d38a824e8f40ef26c (diff)