diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-09 08:10:17 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-09 08:10:17 +0000 |
commit | 093dddcfa3f63621d9c5c886988ce8d4c60c28bd (patch) | |
tree | 91dfeb718c3db806b1c133c7ebe5c40f2c939e0b /data | |
parent | 3e2201c62782930fa7c86c3d38a824e8f40ef26c (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2011.list | 16 | ||||
-rw-r--r-- | data/CVE/2019.list | 124 | ||||
-rw-r--r-- | data/CVE/2020.list | 120 |
3 files changed, 174 insertions, 86 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 47d4dbd325..cef82c4ddc 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -159,8 +159,8 @@ CVE-2011-5268 (connection.c in Bip before 0.8.9 does not properly close sockets, NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9 CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in spell-check-sav ...) NOT-FOR-US: SpellChecker module in Xinha -CVE-2011-5266 - RESERVED +CVE-2011-5266 (Imperva SecureSphere Web Application Firewall (WAF) before 12-august-2 ...) + TODO: check CVE-2011-5265 (Cross-site scripting (XSS) vulnerability in cached_image.php in the Fe ...) NOT-FOR-US: Wordpress plugin CVE-2011-5264 (Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the ...) @@ -191,14 +191,14 @@ CVE-2011-5252 (Open redirect vulnerability in Users/Account/LogOff in Orchard 1. NOT-FOR-US: Orchard CVE-2011-5251 (Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and ...) NOT-FOR-US: vBulletin -CVE-2011-5250 - RESERVED +CVE-2011-5250 (Snare for Linux before 1.7.0 has CSRF in the web interface. ...) + TODO: check CVE-2011-5249 (Cross-site scripting (XSS) vulnerability in the events page in the Sys ...) NOT-FOR-US: SNARE CVE-2011-5248 RESERVED -CVE-2011-5247 - RESERVED +CVE-2011-5247 (Snare for Linux before 1.7.0 has password disclosure because the rende ...) + TODO: check CVE-2011-5246 RESERVED CVE-2011-5373 @@ -700,8 +700,8 @@ CVE-2011-5020 CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in Textpat ...) - textpattern <unfixed> (low) [squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which becomes inaccessible after installation) -CVE-2011-5018 - RESERVED +CVE-2011-5018 (Koala Framework before 2011-11-21 has XSS via the request_uri paramete ...) + TODO: check CVE-2011-5017 RESERVED CVE-2011-5016 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index a292585f94..5026b60389 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,11 @@ +CVE-2019-20371 + RESERVED +CVE-2019-20370 + RESERVED +CVE-2019-20369 + RESERVED +CVE-2019-20368 + RESERVED CVE-2019-20367 (nlist.c in libbsd before 0.10.0 has an out-of-bounds read during a com ...) - libbsd 0.10.0-1 NOTE: https://lists.freedesktop.org/archives/libbsd/2019-August/000229.html @@ -7692,7 +7700,7 @@ CVE-2019-17153 RESERVED CVE-2019-17152 RESERVED -CVE-2019-17151 (This vulnerability allows remote attackers to execute arbitrary code o ...) +CVE-2019-17151 (This vulnerability allows remote attackers redirect users to an extern ...) NOT-FOR-US: Tencent WeChat CVE-2019-17150 RESERVED @@ -7986,75 +7994,61 @@ CVE-2019-17026 - firefox 72.0.1-1 (bug #948452) - firefox-esr 68.4.1esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/#CVE-2019-17026 -CVE-2019-17025 - RESERVED +CVE-2019-17025 (Mozilla developers reported memory safety bugs present in Firefox 71. ...) - firefox 72.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17025 -CVE-2019-17024 - RESERVED +CVE-2019-17024 (Mozilla developers reported memory safety bugs present in Firefox 71 a ...) - firefox 72.0-1 - firefox-esr 68.4.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17024 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17024 -CVE-2019-17023 - RESERVED +CVE-2019-17023 (After a HelloRetryRequest has been sent, the client may negotiate a lo ...) - firefox 72.0-1 - nss 2:3.49-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17023 NOTE: https://hg.mozilla.org/projects/nss/rev/d64102b76a437f24d98a20480dcc9f1655143e7c NOTE: https://hg.mozilla.org/projects/nss/rev/8a2bd40e7f89a796cf24a0ff7cfb67c6e69c5c78 -CVE-2019-17022 - RESERVED +CVE-2019-17022 (When pasting a &lt;style&gt; tag from the clipboard into a ric ...) - firefox 72.0-1 - firefox-esr 68.4.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17022 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17022 -CVE-2019-17021 - RESERVED +CVE-2019-17021 (During the initialization of a new content process, a race condition o ...) - firefox <not-affected> (Windows-specific) - firefox-esr <not-affected> (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17021 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17021 -CVE-2019-17020 - RESERVED +CVE-2019-17020 (If an XML file is served with a Content Security Policy and the XML fi ...) - firefox 72.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17020 -CVE-2019-17019 - RESERVED +CVE-2019-17019 (When Python was installed on Windows, a python file being served with ...) - firefox <not-affected> (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17019 -CVE-2019-17018 - RESERVED +CVE-2019-17018 (When in Private Browsing Mode on Windows 10, the Windows keyboard may ...) - firefox <not-affected> (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17018 -CVE-2019-17017 - RESERVED +CVE-2019-17017 (Due to a missing case handling object types, a type confusion vulnerab ...) - firefox 72.0-1 - firefox-esr 68.4.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17017 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17017 -CVE-2019-17016 - RESERVED +CVE-2019-17016 (When pasting a &lt;style&gt; tag from the clipboard into a ric ...) - firefox 72.0-1 - firefox-esr 68.4.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17016 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17016 -CVE-2019-17015 - RESERVED +CVE-2019-17015 (During the initialization of a new content process, a pointer offset c ...) - firefox <not-affected> (Windows-specific) - firefox-esr <not-affected> (Windows-specific) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-01/#CVE-2019-17015 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-02/#CVE-2019-17015 -CVE-2019-17014 - RESERVED +CVE-2019-17014 (If an image had not loaded correctly (such as when it is not actually ...) - firefox 71.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17014 -CVE-2019-17013 - RESERVED +CVE-2019-17013 (Mozilla developers reported memory safety bugs present in Firefox 70. ...) - firefox 71.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17013 -CVE-2019-17012 - RESERVED +CVE-2019-17012 (Mozilla developers reported memory safety bugs present in Firefox 70 a ...) {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 @@ -8062,8 +8056,7 @@ CVE-2019-17012 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17012 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17012 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17012 -CVE-2019-17011 - RESERVED +CVE-2019-17011 (Under certain conditions, when retrieving a document from a DocShell i ...) {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 @@ -8071,8 +8064,7 @@ CVE-2019-17011 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17011 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17011 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17011 -CVE-2019-17010 - RESERVED +CVE-2019-17010 (Under certain conditions, when checking the Resist Fingerprinting pref ...) {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 @@ -8080,16 +8072,14 @@ CVE-2019-17010 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17010 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17010 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17010 -CVE-2019-17009 - RESERVED +CVE-2019-17009 (When running, the updater service wrote status and log files to an unr ...) - firefox <not-affected> (Updater not used in Debian packages) - firefox-esr <not-affected> (Updater not used in Debian packages) - thunderbird <not-affected> (Updater not used in Debian packages) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-17009 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-37/#CVE-2019-17009 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-38/#CVE-2019-17009 -CVE-2019-17008 - RESERVED +CVE-2019-17008 (When using nested workers, a use-after-free could occur during worker ...) {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 @@ -8114,8 +8104,7 @@ CVE-2019-17006 [Check length of inputs for cryptographic primitives] NOTE: Upstream bug (currently non-public): https://bugzilla.mozilla.org/show_bug.cgi?id=1539788 NOTE: https://hg.mozilla.org/projects/nss/rev/dfd6996fe7425eb0437346d11a01082f16fcfe34 NOTE: https://hg.mozilla.org/projects/nss/rev/9d1f5e71773d4e3146524096d74cb96c8df51abe -CVE-2019-17005 - RESERVED +CVE-2019-17005 (The plain text serializer used a fixed-size array for the number of &l ...) {DSA-4585-1 DSA-4580-1 DLA-2036-1 DLA-2029-1} - firefox 71.0-1 - firefox-esr 68.3.0esr-1 @@ -8127,16 +8116,13 @@ CVE-2019-17004 RESERVED CVE-2019-17003 RESERVED -CVE-2019-17002 - RESERVED +CVE-2019-17002 (If upgrade-insecure-requests was specified in the Content Security Pol ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17002 -CVE-2019-17001 - RESERVED +CVE-2019-17001 (A Content-Security-Policy that blocks in-line scripts could be bypasse ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17001 -CVE-2019-17000 - RESERVED +CVE-2019-17000 (An object tag with a data URI did not correctly inherit the document's ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-17000 CVE-2019-16999 (CloudBoot through 2019-03-08 allows SQL Injection via a crafted Status ...) @@ -8642,8 +8628,8 @@ CVE-2019-16789 (In Waitress through version 1.4.0, if a proxy server is used in [stretch] - waitress <no-dsa> (Minor issue) NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-m5ff-3wj3-8ph4 NOTE: https://github.com/Pylons/waitress/commit/11d9e138125ad46e951027184b13242a3c1de017 -CVE-2019-16788 - RESERVED +CVE-2019-16788 (In WordPress versions from 3.7 to 5.3.0, authenticated users who do no ...) + TODO: check CVE-2019-16786 (Waitress through version 1.3.1 would parse the Transfer-Encoding heade ...) - waitress 1.4.1-1 (bug #947306) [buster] - waitress <no-dsa> (Minor issue) @@ -8698,8 +8684,8 @@ CVE-2019-16774 (In phpfastcache before 5.1.3, there is a possible object injecti NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/c4527205cb7a402b595790c74310791f5b04a1a4 (5.0.13) NOTE: https://github.com/PHPSocialNetwork/phpfastcache/commit/82a84adff6e8fc9b564c616d0fdc9238ae2e86c3 (4.3.18) NOTE: Affected phpfastcache code is not used in kopano-webapp-plugin-files. -CVE-2019-16773 - RESERVED +CVE-2019-16773 (In WordPress versions from 3.7 to 5.3.0, the function wp_targeted_link ...) + TODO: check CVE-2019-16772 (The serialize-to-js NPM package before version 3.0.1 is vulnerable to ...) NOT-FOR-US: serialize-to-js Node package CVE-2019-16771 (Versions of Armeria 0.85.0 through and including 0.96.0 are vulnerable ...) @@ -21464,12 +21450,10 @@ CVE-2019-11766 (dhcp6.c in dhcpcd before 6.11.7 and 7.x before 7.2.2 has a buffe [jessie] - dhcpcd5 <not-affected> (Vulnerable code not present; D6_OPTION_PD_EXCLUDE support added later) NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=c1ebeaafeb324bac997984abdcee2d4e8b61a8a8 NOTE: https://roy.marples.name/cgit/dhcpcd.git/commit/?&id=896ef4a54b0578985e5e1360b141593f1d62837b -CVE-2019-11765 - RESERVED +CVE-2019-11765 (A compromised content process could send a message to the parent proce ...) - firefox 70.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11765 -CVE-2019-11764 - RESERVED +CVE-2019-11764 (Mozilla developers and community members reported memory safety bugs p ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 @@ -21477,8 +21461,7 @@ CVE-2019-11764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11764 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11764 -CVE-2019-11763 - RESERVED +CVE-2019-11763 (Failure to correctly handle null bytes when processing HTML entities r ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 @@ -21486,8 +21469,7 @@ CVE-2019-11763 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11763 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11763 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11763 -CVE-2019-11762 - RESERVED +CVE-2019-11762 (If two same-origin documents set document.domain differently to become ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 @@ -21495,8 +21477,7 @@ CVE-2019-11762 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11762 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11762 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11762 -CVE-2019-11761 - RESERVED +CVE-2019-11761 (By using a form with a data URI it was possible to gain access to the ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 @@ -21504,8 +21485,7 @@ CVE-2019-11761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11761 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11761 -CVE-2019-11760 - RESERVED +CVE-2019-11760 (A fixed-size stack buffer could overflow in nrappkit when doing WebRTC ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 @@ -21513,8 +21493,7 @@ CVE-2019-11760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11760 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11760 -CVE-2019-11759 - RESERVED +CVE-2019-11759 (An attacker could have caused 4 bytes of HMAC output to be written pas ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 @@ -21522,14 +21501,12 @@ CVE-2019-11759 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11759 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11759 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11759 -CVE-2019-11758 - RESERVED +CVE-2019-11758 (Mozilla community member Philipp reported a memory safety bug present ...) - firefox-esr <not-affected> (Only an issue in combination with 360 Total Security) - thunderbird <not-affected> (Only an issue in combination with 360 Total Security) NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11758 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11758 -CVE-2019-11757 - RESERVED +CVE-2019-11757 (When following the value's prototype chain, it was possible to retain ...) {DSA-4571-1 DSA-4549-1 DLA-1997-1 DLA-1987-1} - firefox 70.0-1 - firefox-esr 68.2.0esr-1 @@ -21537,8 +21514,7 @@ CVE-2019-11757 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-33/#CVE-2019-11757 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/#CVE-2019-11757 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-35/#CVE-2019-11757 -CVE-2019-11756 - RESERVED +CVE-2019-11756 (Improper refcounting of soft token session objects could cause a use-a ...) - firefox 71.0-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-36/#CVE-2019-11756 CVE-2019-11755 (A crafted S/MIME message consisting of an inner encryption layer and a ...) @@ -21611,8 +21587,7 @@ CVE-2019-11746 (A use-after-free vulnerability can occur while manipulating vide NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-26/#CVE-2019-11746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-27/#CVE-2019-11746 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-29/#CVE-2019-11746 -CVE-2019-11745 [Out-of-bounds write when passing an output buffer smaller than the block size to NSC_EncryptUpdate] - RESERVED +CVE-2019-11745 (When encrypting with a block cipher, if a call to NSC_EncryptUpdate wa ...) {DSA-4579-1 DLA-2008-1} - nss 2:3.47.1-1 NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1586176 (not public) @@ -22941,8 +22916,8 @@ CVE-2019-11294 (Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allow NOT-FOR-US: Cloud Foundry CVE-2019-11293 (Cloud Foundry UAA Release, versions prior to v74.10.0, when set to log ...) NOT-FOR-US: Cloud Foundry UAA Release -CVE-2019-11292 - RESERVED +CVE-2019-11292 (Pivotal Ops Manager, versions 2.4.x prior to 2.4.27, 2.5.x prior to 2. ...) + TODO: check CVE-2019-11291 (Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior ...) - rabbitmq-server <unfixed> (bug #945601) [buster] - rabbitmq-server <no-dsa> (Minor issue) @@ -27852,8 +27827,7 @@ CVE-2019-9813 (Incorrect handling of __proto__ mutations may lead to type confus - firefox-esr 60.6.1esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-09/#CVE-2019-9813 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2019-10/#CVE-2019-9813 -CVE-2019-9812 - RESERVED +CVE-2019-9812 (Given a compromised sandboxed content process due to a separate vulner ...) {DSA-4516-1 DLA-1910-1} - firefox 69.0-1 - firefox-esr 68.1.0esr-1 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 820434b8e1..2b2b028708 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,115 @@ +CVE-2020-6639 + RESERVED +CVE-2020-6638 + RESERVED +CVE-2020-6637 + RESERVED +CVE-2020-6636 + RESERVED +CVE-2020-6635 + RESERVED +CVE-2020-6634 + RESERVED +CVE-2020-6633 + RESERVED +CVE-2020-6632 (In PrestaShop 1.7.6.2, XSS can occur during addition or removal of a Q ...) + TODO: check +CVE-2020-6631 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) + TODO: check +CVE-2020-6630 (An issue was discovered in GPAC version 0.8.0. There is a NULL pointer ...) + TODO: check +CVE-2020-6629 (Ming (aka libming) 0.4.8 has z NULL pointer dereference in the functio ...) + TODO: check +CVE-2020-6628 (Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the func ...) + TODO: check +CVE-2020-6627 + RESERVED +CVE-2020-6626 + RESERVED +CVE-2020-6625 (jhead through 3.04 has a heap-based buffer over-read in Get32s when ca ...) + TODO: check +CVE-2020-6624 (jhead through 3.04 has a heap-based buffer over-read in process_DQT in ...) + TODO: check +CVE-2020-6623 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) + TODO: check +CVE-2020-6622 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) + TODO: check +CVE-2020-6621 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in t ...) + TODO: check +CVE-2020-6620 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) + TODO: check +CVE-2020-6619 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf ...) + TODO: check +CVE-2020-6618 (stb stb_truetype.h through 1.22 has a heap-based buffer over-read in s ...) + TODO: check +CVE-2020-6617 (stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff ...) + TODO: check +CVE-2020-6616 + RESERVED +CVE-2020-6615 (GNU LibreDWG 0.9.3.2564 has an invalid pointer dereference in dwg_dyna ...) + TODO: check +CVE-2020-6614 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read ...) + TODO: check +CVE-2020-6613 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_searc ...) + TODO: check +CVE-2020-6612 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_comp ...) + TODO: check +CVE-2020-6611 (GNU LibreDWG 0.9.3.2564 has a NULL pointer dereference in get_next_own ...) + TODO: check +CVE-2020-6610 (GNU LibreDWG 0.9.3.2564 has an attempted excessive memory allocation i ...) + TODO: check +CVE-2020-6609 (GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_page ...) + TODO: check +CVE-2020-6608 + RESERVED +CVE-2020-6607 + RESERVED +CVE-2020-6606 + RESERVED +CVE-2020-6605 + RESERVED +CVE-2020-6604 + RESERVED +CVE-2020-6603 + RESERVED +CVE-2020-6602 + RESERVED +CVE-2020-6601 + RESERVED +CVE-2020-6600 + RESERVED +CVE-2020-6599 + RESERVED +CVE-2020-6598 + RESERVED +CVE-2020-6597 + RESERVED +CVE-2020-6596 + RESERVED +CVE-2020-6595 + RESERVED +CVE-2020-6594 + RESERVED +CVE-2020-6593 + RESERVED +CVE-2020-6592 + RESERVED +CVE-2020-6591 + RESERVED +CVE-2020-6590 + RESERVED +CVE-2020-6589 + RESERVED +CVE-2020-6588 + RESERVED +CVE-2020-6587 + RESERVED +CVE-2020-6586 + RESERVED +CVE-2020-6585 + RESERVED +CVE-2020-6584 + RESERVED CVE-2020-6583 (BigProf Online Invoicing System (OIS) through 2.6 has XSS that can be ...) NOT-FOR-US: BigProf Online Invoicing System (OIS) CVE-2020-6582 @@ -2156,7 +2268,9 @@ CVE-2020-5506 RESERVED CVE-2020-5505 RESERVED -CVE-2020-5504 (A SQL injection flaw has been discovered in the user accounts page. A ma...) +CVE-2020-5504 + RESERVED + {DLA-2060-1} - phpmyadmin <unfixed> NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983 NOTE: https://gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b @@ -2773,8 +2887,8 @@ CVE-2020-5207 RESERVED CVE-2020-5206 RESERVED -CVE-2020-5205 - RESERVED +CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Pow.Plu ...) + TODO: check CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...) NOT-FOR-US: uftpd CVE-2020-5203 |