automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-02-05 20:10:17 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-02-05 20:10:17 +0000
commit: 283a0311a73bf698f7d7c503fdcb0a741cc8768a (patch)
tree: a93489af8a272bb121a361330cefa3ae9e6e132d /data
parent: a58417aba12a495544d27bea0e7645f610ad5b80 (diff)
7 files changed, 133 insertions, 97 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index ead6f642c5..64ab15742f 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -1132,8 +1132,7 @@ CVE-2010-4817 (pithos before 0.3.5 allows overwrite of arbitrary files via symli
 	- pithos 0.3.5-1
 CVE-2010-4816
 	RESERVED
-CVE-2010-4815
-	RESERVED
+CVE-2010-4815 (Coppermine gallery before 1.4.26 has an input validation vulnerability ...)
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) Adva ...)
 	NOT-FOR-US: Best Soft Inc.
@@ -1520,8 +1519,7 @@ CVE-2010-4664 (In ConsoleKit before 0.4.2, an intended security policy restricti
 	[squeeze] - consolekit <no-dsa> (Minor issue)
 CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple (CMSMS ...)
 	NOT-FOR-US: CMS Made Simple
-CVE-2010-4662
-	RESERVED
+CVE-2010-4662 (PmWiki before 2.2.21 has XSS. ...)
 	NOT-FOR-US: pmwiki
 CVE-2010-4661 (udisks before 1.0.3 allows a local user to load arbitrary Linux kernel ...)
 	- udisks 1.0.3-1
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index 53709d6cc4..38edcf75e2 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -4068,7 +4068,7 @@ CVE-2013-5991 (The displaySystemError function in html/handle_error.php in LOCKO
 CVE-2013-5990 (Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; I ...)
 	NOT-FOR-US: JustSystems Ichitaro
 CVE-2013-5989
-	RESERVED
+	REJECTED
 CVE-2013-5988
 	RESERVED
 CVE-2013-5987 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325,  ...)
@@ -12437,8 +12437,8 @@ CVE-2013-2677
 	RESERVED
 CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
 	NOT-FOR-US: Brother
-CVE-2013-2675
-	RESERVED
+CVE-2013-2675 (Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable r ...)
+	TODO: check
 CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...)
 	NOT-FOR-US: Brother MFC-9970CDW 1.10 firmware L devices
 CVE-2013-2673 (Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass  ...)
@@ -18719,8 +18719,8 @@ CVE-2013-0509 (Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcoo
 	NOT-FOR-US: IBM
 CVE-2013-0508 (Multiple buffer overflows in IBM Tivoli Netcool System Service Monitor ...)
 	NOT-FOR-US: IBM
-CVE-2013-0507
-	RESERVED
+CVE-2013-0507 (IBM InfoSphere Information Server 8.1, 8.5, 8.7, 9.1 has a Session Fix ...)
+	TODO: check
 CVE-2013-0506 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order Managem ...)
 	NOT-FOR-US: IBM Sterling Order Management
 CVE-2013-0505 (IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 b ...)
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index 1ba4f47966..e55efa13e3 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -16672,7 +16672,7 @@ CVE-2014-3895 (The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-W
 CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional M ...)
 	NOT-FOR-US: PHP Kobo Multifunctional MailForm
 CVE-2014-3893
-	RESERVED
+	REJECTED
 CVE-2014-3892 (Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014  ...)
 	NOT-FOR-US: Nexa Meridian
 CVE-2014-3891 (Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows rem ...)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index 4b80590360..0d8b6b7024 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -11195,12 +11195,12 @@ CVE-2015-5630 (Cross-site scripting (XSS) vulnerability in the NTT Broadband Pla
 	NOT-FOR-US: NTT
 CVE-2015-5629 (The NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6. ...)
 	NOT-FOR-US: NTT
-CVE-2015-5628
-	RESERVED
-CVE-2015-5627
-	RESERVED
-CVE-2015-5626
-	RESERVED
+CVE-2015-5628 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
+	TODO: check
+CVE-2015-5627 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
+	TODO: check
+CVE-2015-5626 (Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and ea ...)
+	TODO: check
 CVE-2015-5625 (Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 al ...)
 	NOT-FOR-US: OpenDocMan
 CVE-2015-5624 (Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ELP ...)
@@ -26976,8 +26976,8 @@ CVE-2015-0104 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Man
 	NOT-FOR-US: IBM
 CVE-2015-0103 (Multiple cross-site scripting (XSS) vulnerabilities in the Process Por ...)
 	NOT-FOR-US: IBM Business Process Manager
-CVE-2015-0102
-	RESERVED
+CVE-2015-0102 (IBM Workflow for Bluemix does not set the secure flag for the session  ...)
+	TODO: check
 CVE-2015-0101 (Cross-site scripting (XSS) vulnerability in IBM Business Process Manag ...)
 	NOT-FOR-US: IBM
 CVE-2015-0100 (Microsoft Internet Explorer 8 allows remote attackers to execute arbit ...)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index 2167307e1d..3c3c089486 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -27120,7 +27120,8 @@ CVE-2016-2035
 	REJECTED
 CVE-2016-2034 (SQL injection vulnerability in ClearPass Policy Manager 6.5.x through  ...)
 	NOT-FOR-US: ClearPass Policy Manager
-CVE-2016-2033 (Multiple vulnerabilities exist in Aruba ClearPass Policy Manager up to ...)
+CVE-2016-2033
+	REJECTED
 	NOT-FOR-US: Aruba ClearPass Policy Manager
 CVE-2016-2032 (A vulnerability exists in the Aruba AirWave Management Platform 8.x pr ...)
 	NOT-FOR-US: Aruba AirWave Management Platform
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index e17815ba03..8e6e624c7f 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -10417,10 +10417,10 @@ CVE-2019-16206 (The authentication mechanism, in Brocade SANnav versions before
 	NOT-FOR-US: Brocade
 CVE-2019-16205 (A vulnerability, in Brocade SANnav versions before v2.0, could allow r ...)
 	NOT-FOR-US: Brocade
-CVE-2019-16204
-	RESERVED
-CVE-2019-16203
-	RESERVED
+CVE-2019-16204 (Brocade Fabric OS Versions before v7.4.2f, v8.2.2a, v8.1.2j and v8.2.1 ...)
+	TODO: check
+CVE-2019-16203 (Brocade Fabric OS Versions before v8.2.2a and v8.2.1d could expose the ...)
+	TODO: check
 CVE-2019-16202 (MISP before 2.4.115 allows privilege escalation in certain situations. ...)
 	NOT-FOR-US: MISP
 CVE-2019-16201 (WEBrick::HTTPAuth::DigestAuth in Ruby through 2.4.7, 2.5.x through 2.5 ...)
@@ -12698,8 +12698,8 @@ CVE-2019-15255 (A vulnerability in the web-based management interface of Cisco I
 	NOT-FOR-US: Cisco
 CVE-2019-15254
 	RESERVED
-CVE-2019-15253
-	RESERVED
+CVE-2019-15253 (A vulnerability in the web-based management interface of Cisco Digital ...)
+	TODO: check
 CVE-2019-15252 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
 	NOT-FOR-US: Cisco
 CVE-2019-15251 (Multiple vulnerabilities in Cisco SPA100 Series Analog Telephone Adapt ...)
@@ -13090,8 +13090,8 @@ CVE-2019-15128 (iF.SVNAdmin through 1.6.2 allows svnadmin/usercreate.php CSRF to
 	NOT-FOR-US: iF.SVNAdmin
 CVE-2019-15127 (REDCap before 9.3.0 allows XSS attacks against non-administrator accou ...)
 	NOT-FOR-US: REDCap
-CVE-2019-15126
-	RESERVED
+CVE-2019-15126 (An issue was discovered on Broadcom Wi-Fi client devices. Specifically ...)
+	TODO: check
 CVE-2019-15125
 	RESERVED
 CVE-2019-15124
@@ -21143,8 +21143,8 @@ CVE-2019-12182
 	RESERVED
 CVE-2019-12181 (A privilege escalation vulnerability exists in SolarWinds Serv-U befor ...)
 	NOT-FOR-US: SolarWinds
-CVE-2019-12180
-	RESERVED
+CVE-2019-12180 (An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0  ...)
+	TODO: check
 CVE-2019-12179
 	RESERVED
 CVE-2019-12178
@@ -22975,8 +22975,8 @@ CVE-2019-11518 (An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows
 	NOT-FOR-US: SEMCMS
 CVE-2019-11517 (WampServer before 3.1.9 has CSRF in add_vhost.php because the synchron ...)
 	NOT-FOR-US: WampServer
-CVE-2019-11516
-	RESERVED
+CVE-2019-11516 (An issue was discovered in the Bluetooth component of the Cypress (for ...)
+	TODO: check
 CVE-2019-11515 (core/classes/db_backup.php in Gila CMS 1.10.1 allows admin/db_backup?d ...)
 	NOT-FOR-US: Gila CMS
 CVE-2019-11514 (User/Command/ConfirmEmailHandler.php in Flarum before 0.1.0-beta.8 mis ...)
@@ -41266,8 +41266,8 @@ CVE-2019-4672
 	RESERVED
 CVE-2019-4671
 	RESERVED
-CVE-2019-4670
-	RESERVED
+CVE-2019-4670 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a  ...)
+	TODO: check
 CVE-2019-4669
 	RESERVED
 CVE-2019-4668
@@ -41374,14 +41374,14 @@ CVE-2019-4618
 	RESERVED
 CVE-2019-4617
 	RESERVED
-CVE-2019-4616
-	RESERVED
+CVE-2019-4616 (IBM Cloud Automation Manager 3.2.1.0 does not set the secure attribute ...)
+	TODO: check
 CVE-2019-4615
 	RESERVED
 CVE-2019-4614 (IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Que ...)
 	NOT-FOR-US: IBM
-CVE-2019-4613
-	RESERVED
+CVE-2019-4613 (IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery ...)
+	TODO: check
 CVE-2019-4612 (IBM Planning Analytics 2.0 is vulnerable to malicious file upload in t ...)
 	NOT-FOR-US: IBM
 CVE-2019-4611 (IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index dec254841a..db425b84a8 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,3 +1,53 @@
+CVE-2020-8640
+	RESERVED
+CVE-2020-8639
+	RESERVED
+CVE-2020-8638
+	RESERVED
+CVE-2020-8637
+	RESERVED
+CVE-2020-8636
+	RESERVED
+CVE-2020-8635
+	RESERVED
+CVE-2020-8634
+	RESERVED
+CVE-2020-8633
+	RESERVED
+CVE-2020-8632 (In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_ ...)
+	TODO: check
+CVE-2020-8631 (cloud-init through 19.4 relies on Mersenne Twister for a random passwo ...)
+	TODO: check
+CVE-2020-8630
+	RESERVED
+CVE-2020-8629
+	RESERVED
+CVE-2020-8628
+	RESERVED
+CVE-2020-8627
+	RESERVED
+CVE-2020-8626
+	RESERVED
+CVE-2020-8625
+	RESERVED
+CVE-2020-8624
+	RESERVED
+CVE-2020-8623
+	RESERVED
+CVE-2020-8622
+	RESERVED
+CVE-2020-8621
+	RESERVED
+CVE-2020-8620
+	RESERVED
+CVE-2020-8619
+	RESERVED
+CVE-2020-8618
+	RESERVED
+CVE-2020-8617
+	RESERVED
+CVE-2020-8616
+	RESERVED
 CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...)
 	NOT-FOR-US: Tutor LMS plugin for WordPress
 CVE-2020-8614
@@ -219,10 +269,10 @@ CVE-2020-8509
 	RESERVED
 CVE-2020-8508 (nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbi ...)
 	NOT-FOR-US: Norman Malware Cleaner
-CVE-2020-8507
-	RESERVED
-CVE-2020-8506
-	RESERVED
+CVE-2020-8507 (The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends ...)
+	TODO: check
+CVE-2020-8506 (The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Un ...)
+	TODO: check
 CVE-2020-8505 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...)
 	NOT-FOR-US: School Management Software PHP/mySQL
 CVE-2020-8504 (School Management Software PHP/mySQL through 2019-03-14 allows office_ ...)
@@ -1031,8 +1081,7 @@ CVE-2020-8116 (Prototype pollution vulnerability in dot-prop npm package version
 	TODO: check
 CVE-2020-8115 (A reflected XSS vulnerability has been discovered in the publicly acce ...)
 	TODO: check
-CVE-2020-8114 [User Permissions Not Validated in ProjectExportWorker]
-	RESERVED
+CVE-2020-8114 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
 CVE-2020-8113
@@ -1313,56 +1362,44 @@ CVE-2020-7981 (sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injectio
 	NOTE: https://github.com/alexreisner/geocoder/commit/dcdc3d8675411edce3965941a2ca7c441ca48613
 CVE-2020-7980 (Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary  ...)
 	NOT-FOR-US: Intellian Aptus Web
-CVE-2020-7979 [Private Project Names Exposed in GraphQL queries]
-	RESERVED
+CVE-2020-7979 (GitLab EE 8.9 and later through 12.7.2 has Insecure Permission ...)
 	- gitlab <not-affected> (Only affects Gitlab EE 12.0 and later)
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7978 [Denial of Service via AsciiDoc]
-	RESERVED
+CVE-2020-7978 (GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. ...)
 	- gitlab <not-affected> (Only affects Gitlab EE 12.6 and later)
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7977 [Arbitrary Change of Pipeline Status]
-	RESERVED
+CVE-2020-7977 (GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions. ...)
 	- gitlab <not-affected> (Only affects Gitlab EE 8.8 and later)
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7976 [Grafana Token Displayed in Plaintext]
-	RESERVED
+CVE-2020-7976 (GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. ...)
 	- gitlab <not-affected> (Only affects Gitlab EE 12.4 and later)
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
 CVE-2020-7975
 	RESERVED
-CVE-2020-7974 [Last Pipeline Status Exposed]
-	RESERVED
+CVE-2020-7974 (GitLab EE 10.1 through 12.7.2 allows Information Disclosure. ...)
 	- gitlab <not-affected> (Only affects Gitlab EE 10.1 and later)
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7973 [XSS Vulnerability in File API]
-	RESERVED
+CVE-2020-7973 (GitLab through 12.7.2 allows XSS. ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7972 [Email Confirmation Bypass Using API]
-	RESERVED
+CVE-2020-7972 (GitLab EE 12.2 has Insecure Permissions (issue 2 of 2). ...)
 	- gitlab <not-affected> (Only affects Gitlab EE 12.0 and later)
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7971 [XSS Vulnerability in Create Groups]
-	RESERVED
+CVE-2020-7971 (GitLab EE 11.0 and later through 12.7.2 allows XSS. ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
 CVE-2020-7970
 	RESERVED
-CVE-2020-7969 [Disclosure of Issues and Merge Requests via Todos]
-	RESERVED
+CVE-2020-7969 (GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. ...)
 	- gitlab <not-affected> (Only affects Gitlab EE 8.0 and later)
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7968 [Disclosure of Forked Private Project Source Code]
-	RESERVED
+CVE-2020-7968 (GitLab EE 8.0 through 12.7.2 has Incorrect Access Control. ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7967 [Issue and Merge Request Activity Counts Exposed]
-	RESERVED
+CVE-2020-7967 (GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2). ...)
 	- gitlab <not-affected> (ONly affects Gitlab EE 12.0 and later)
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
-CVE-2020-7966 [Path Traversal to Arbitrary File Read]
-	RESERVED
+CVE-2020-7966 (GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal. ...)
 	- gitlab <not-affected> (Only affects Gitlab EE 11.11 and later)
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
 CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...)
@@ -2846,7 +2883,7 @@ CVE-2020-7242 (Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated
 	NOT-FOR-US: Comtech Stampede FX-1010 devices
 CVE-2020-7241 (The WP Database Backup plugin through 5.5 for WordPress stores downloa ...)
 	NOT-FOR-US: WP Database Backup plugin for WordPress
-CVE-2020-7240 (Meinberg Lantime M300 and M1000 devices allow attackers (with privileg ...)
+CVE-2020-7240 (** DISPUTED ** Meinberg Lantime M300 and M1000 devices allow attackers ...)
 	NOT-FOR-US: Meinberg Lantime M300 and M1000 devices
 CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...)
 	NOT-FOR-US: conversation-watson plugin for WordPress
@@ -2903,8 +2940,8 @@ CVE-2020-7218 (HashiCorp Nomad and Nomad Enterprise before 0.10.3 allow unbounde
 	NOTE: https://github.com/hashicorp/nomad/issues/7002
 CVE-2020-7217
 	RESERVED
-CVE-2020-7216
-	RESERVED
+CVE-2020-7216 (An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and e ...)
+	TODO: check
 CVE-2020-7215 (An issue was discovered in Gallagher Command Centre 7.x before 7.90.99 ...)
 	NOT-FOR-US: Gallagher Command Centre
 CVE-2020-7214
@@ -3298,6 +3335,7 @@ CVE-2020-7042
 CVE-2020-7041
 	RESERVED
 CVE-2020-7040 (storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBack ...)
+	{DLA-2095-1}
 	- storebackup <unfixed> (bug #949393)
 	[buster] - storebackup <no-dsa> (Minor issue)
 	[stretch] - storebackup <no-dsa> (Minor issue)
@@ -3456,8 +3494,8 @@ CVE-2020-6971
 	RESERVED
 CVE-2020-6970
 	RESERVED
-CVE-2020-6969
-	RESERVED
+CVE-2020-6969 (It is possible to unmask credentials and other sensitive information o ...)
+	TODO: check
 CVE-2020-6968
 	RESERVED
 CVE-2020-6967
@@ -3747,8 +3785,7 @@ CVE-2020-6835 (An issue was discovered in Bftpd before 5.4. There is a heap-base
 	- bftpd <itp> (bug #640469)
 CVE-2020-6834
 	RESERVED
-CVE-2020-6833 [Package and File Disclosure through GitLab Workhorse]
-	RESERVED
+CVE-2020-6833 (An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhors ...)
 	- gitlab <unfixed>
 	NOTE: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
 CVE-2020-6832 (An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 throug ...)
@@ -3908,8 +3945,8 @@ CVE-2020-6756 (languageOptions.php in Rasilient PixelStor 5000 K:4.0.1580-201506
 	NOT-FOR-US: Rasilient PixelStor
 CVE-2020-6755
 	RESERVED
-CVE-2020-6754
-	RESERVED
+CVE-2020-6754 (dotCMS before 5.2.4 is vulnerable to directory traversal, leading to i ...)
+	TODO: check
 CVE-2020-6753
 	RESERVED
 CVE-2020-6752
@@ -4636,9 +4673,9 @@ CVE-2020-6413
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6412
+	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
-	RESERVED
 	- chromium <unfixed>
 	[stretch] - chromium <end-of-life> (see DSA 4562)
 CVE-2020-6411
@@ -5180,8 +5217,8 @@ CVE-2020-6176
 	RESERVED
 CVE-2020-6175
 	RESERVED
-CVE-2020-6174
-	RESERVED
+CVE-2020-6174 (TUF (aka The Update Framework) through 0.12.1 has Improper Verificatio ...)
+	TODO: check
 CVE-2020-6173 (TUF (aka The Update Framework) 0.7.2 through 0.12.1 allows Uncontrolle ...)
 	- python-tuf <itp> (bug #934151)
 CVE-2020-6172
@@ -7076,8 +7113,8 @@ CVE-2020-5239
 	RESERVED
 CVE-2020-5238
 	RESERVED
-CVE-2020-5237
-	RESERVED
+CVE-2020-5237 (oneup/uploader-bundle before 1.9.3 and 2.1.5, can be exploited to uplo ...)
+	TODO: check
 CVE-2020-5236 (Waitress version 1.4.2 allows a DOS attack When waitress receives a he ...)
 	- waitress <unfixed>
 	NOTE: https://github.com/Pylons/waitress/security/advisories/GHSA-73m2-3pwg-5fgc
@@ -7168,8 +7205,8 @@ CVE-2020-5209 (In NetHack before 3.6.5, unknown options starting with -de and -i
 	NOTE: https://github.com/NetHack/NetHack/security/advisories/GHSA-fw72-r8xm-45p8
 	NOTE: https://github.com/NetHack/NetHack/commit/f3def5c0b999478da2d0a8f0b6a7c370a2065f77
 	NOTE: Negligible security impact
-CVE-2020-5208
-	RESERVED
+CVE-2020-5208 (It's been found that multiple functions in ipmitool before 1.8.19 negl ...)
+	TODO: check
 CVE-2020-5207 (In Ktor before 1.3.0, request smuggling is possible when running behin ...)
 	NOT-FOR-US: Ktor
 CVE-2020-5206 (In Opencast before 7.6 and 8.1, using a remember-me cookie with an arb ...)
@@ -11292,8 +11329,8 @@ CVE-2020-3151
 	RESERVED
 CVE-2020-3150
 	RESERVED
-CVE-2020-3149
-	RESERVED
+CVE-2020-3149 (A vulnerability in the web-based management interface of Cisco Identit ...)
+	TODO: check
 CVE-2020-3148
 	RESERVED
 CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...)
@@ -11344,18 +11381,18 @@ CVE-2020-3125
 	RESERVED
 CVE-2020-3124
 	RESERVED
-CVE-2020-3123
-	RESERVED
+CVE-2020-3123 (A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiV ...)
+	TODO: check
 CVE-2020-3122
 	RESERVED
 CVE-2020-3121 (A vulnerability in the web-based management interface of Cisco Small B ...)
 	NOT-FOR-US: Cisco
-CVE-2020-3120
-	RESERVED
-CVE-2020-3119
-	RESERVED
-CVE-2020-3118
-	RESERVED
+CVE-2020-3120 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+	TODO: check
+CVE-2020-3119 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+	TODO: check
+CVE-2020-3118 (A vulnerability in the Cisco Discovery Protocol implementation for Cis ...)
+	TODO: check
 CVE-2020-3117
 	RESERVED
 CVE-2020-3116
@@ -11368,10 +11405,10 @@ CVE-2020-3113
 	RESERVED
 CVE-2020-3112
 	RESERVED
-CVE-2020-3111
-	RESERVED
-CVE-2020-3110
-	RESERVED
+CVE-2020-3111 (A vulnerability in the Cisco Discovery Protocol implementation for the ...)
+	TODO: check
+CVE-2020-3110 (A vulnerability in the Cisco Discovery Protocol implementation for the ...)
+	TODO: check
 CVE-2020-3109
 	RESERVED
 CVE-2020-3108
author	security tracker role <sectracker@soriano.debian.org>	2020-02-05 20:10:17 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-02-05 20:10:17 +0000
commit	283a0311a73bf698f7d7c503fdcb0a741cc8768a (patch)
tree	a93489af8a272bb121a361330cefa3ae9e6e132d /data
parent	a58417aba12a495544d27bea0e7645f610ad5b80 (diff)