diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-04 20:10:23 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-04 20:10:23 +0000 |
commit | 2bc8fd6e3375f8fa652ba22f84e39ce4b9060fad (patch) | |
tree | 2fcf4e32f64650394743929d21df6e0844daea50 /data | |
parent | 86505d8bc17bcfbebf5da0543bb1d8e026e20fe4 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2011.list | 9 | ||||
-rw-r--r-- | data/CVE/2012.list | 7 | ||||
-rw-r--r-- | data/CVE/2013.list | 27 | ||||
-rw-r--r-- | data/CVE/2016.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 52 | ||||
-rw-r--r-- | data/CVE/2020.list | 44 |
6 files changed, 85 insertions, 58 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index f3ca78c2c7..2da4f58772 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -901,8 +901,7 @@ CVE-2011-4939 (The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin CVE-2011-4938 RESERVED NOT-FOR-US: Ariadne CMS not in Debian -CVE-2011-4937 - RESERVED +CVE-2011-4937 (Joomla! 1.7.1 has core information disclosure due to inadequate error ...) NOT-FOR-US: Joomla! CVE-2011-4936 REJECTED @@ -980,8 +979,7 @@ CVE-2011-4914 (The ROSE protocol implementation in the Linux kernel before 2.6.3 CVE-2011-4913 (The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux ker ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-4 -CVE-2011-4912 - RESERVED +CVE-2011-4912 (Joomla! com_mailto 1.5.x through 1.5.13 has an automated mail timeout ...) NOT-FOR-US: Joomla! CVE-2011-4911 (Joomla! before 1.5.12 does not perform a JEXEC check in unspecified fi ...) NOT-FOR-US: Joomla! @@ -4155,8 +4153,7 @@ CVE-2011-3631 (Hardlink before 0.1.2 has multiple integer overflows leading to h - hardlink <not-affected> (Only the C version, ours are written in Python) CVE-2011-3630 (Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow ...) - hardlink <not-affected> (Only the C version, ours are written in Python) -CVE-2011-3629 - RESERVED +CVE-2011-3629 (Joomla! core 1.7.1 allows information disclosure due to weak encryptio ...) NOT-FOR-US: Joomla! CVE-2011-3628 (Untrusted search path vulnerability in pam_motd (aka the MOTD module) ...) - pam 1.1.3-7 (low; bug #670076) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 46e58a1527..dc4f61515b 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -2584,8 +2584,8 @@ CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DN - isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp) CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature ...) NOT-FOR-US: TP-LINK TL-WR841N router -CVE-2012-5686 - RESERVED +CVE-2012-5686 (ZPanel 10.0.1 has insufficient entropy for its password reset process. ...) + TODO: check CVE-2012-5685 (SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote ...) NOT-FOR-US: ZPanel CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier ...) @@ -2785,8 +2785,7 @@ CVE-2012-5620 REJECTED CVE-2012-5619 (The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file ...) - sleuthkit 4.1.2-1 (unimportant; bug #695097) -CVE-2012-5618 - RESERVED +CVE-2012-5618 (Ushahidi before 2.6.1 has insufficient entropy for forgot-password tok ...) NOT-FOR-US: Ushahidi CVE-2012-5617 (gksu-polkit: permissive PolicyKit policy configuration file allows pri ...) - gksu-polkit <removed> (bug #695807) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 805b0e35ce..cf85331602 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -1217,20 +1217,15 @@ CVE-2013-7057 (Cross-site request forgery (CSRF) vulnerability in Axway SecureTr NOT-FOR-US: Axway SecureTransport CVE-2013-7056 RESERVED -CVE-2013-7055 - RESERVED +CVE-2013-7055 (D-Link DIR-100 4.03B07 has PPTP and poe information disclosure ...) NOT-FOR-US: Router D-Link DIR-100 -CVE-2013-7054 - RESERVED +CVE-2013-7054 (D-Link DIR-100 4.03B07: cli.cgi XSS ...) NOT-FOR-US: Router D-Link DIR-100 -CVE-2013-7053 - RESERVED +CVE-2013-7053 (D-Link DIR-100 4.03B07: cli.cgi CSRF ...) NOT-FOR-US: Router D-Link DIR-100 -CVE-2013-7052 - RESERVED +CVE-2013-7052 (D-Link DIR-100 4.03B07: security bypass via an error in the cliget.cgi ...) NOT-FOR-US: Router D-Link DIR-100 -CVE-2013-7051 - RESERVED +CVE-2013-7051 (D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to chec ...) NOT-FOR-US: Router D-Link DIR-100 CVE-2013-7047 RESERVED @@ -12436,12 +12431,12 @@ CVE-2013-2680 RESERVED CVE-2013-2679 RESERVED -CVE-2013-2678 - RESERVED +CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...) + TODO: check CVE-2013-2677 RESERVED -CVE-2013-2676 - RESERVED +CVE-2013-2676 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...) + TODO: check CVE-2013-2675 RESERVED CVE-2013-2674 (Brother MFC-9970CDW 1.10 firmware L devices contain an information dis ...) @@ -16448,8 +16443,8 @@ CVE-2013-1424 [matplotlib buffer overrun] CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) ...) {DSA-2633-1} - fusionforge 5.2.1+20130227-1 -CVE-2013-1422 - RESERVED +CVE-2013-1422 (webcalendar before 1.2.7 shows the reason for a failed login (e.g., "n ...) + TODO: check CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...) - webcalendar <removed> CVE-2013-1420 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS b ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index f5e3280031..9bebf62e17 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -14543,8 +14543,8 @@ CVE-2016-1000106 REJECTED CVE-2016-1000105 REJECTED -CVE-2016-1000103 (A Security Bypass vulnerability exists in Nginx 2016-07-07 in the HTTP ...) - TODO: check +CVE-2016-1000103 + REJECTED CVE-2016-1000102 REJECTED CVE-2016-1000027 (Pivotal Spring Framework 4.1.4 suffers from a potential remote code ex ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index c8791653fd..5ddc552501 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1185,8 +1185,8 @@ CVE-2019-19970 RESERVED CVE-2019-19969 RESERVED -CVE-2019-19968 - RESERVED +CVE-2019-19968 (PandoraFMS 742 suffers from multiple XSS vulnerabilities, affecting th ...) + TODO: check CVE-2019-19967 (The Administration page on Connect Box EuroDOCSIS 3.0 Voice Gateway CH ...) NOT-FOR-US: Connect Box EuroDOCSIS 3.0 Voice Gateway devices CVE-2019-19977 (libESMTP through 1.0.6 mishandles domain copying into a fixed-size buf ...) @@ -3036,8 +3036,8 @@ CVE-2019-19274 (typed_ast 1.3.0 and 1.3.1 has a handle_keywordonly_args out-of-b NOTE: https://bugs.python.org/issue36495 NOTE: Introduced by: https://github.com/python/typed_ast/commit/156afcb26c198e162504a57caddfe0acd9ed7dce (1.3.0) NOTE: Fixed by: https://github.com/python/typed_ast/commit/dc317ac9cff859aa84eeabe03fb5004982545b3b (1.3.2) -CVE-2019-19273 - RESERVED +CVE-2019-19273 (On Samsung mobile devices with O(8.0) and P(9.0) software and an Exyno ...) + TODO: check CVE-2019-19272 (An issue was discovered in tls_verify_crl in ProFTPD before 1.3.6. Dir ...) - proftpd-dfsg 1.3.6-1 [stretch] - proftpd-dfsg <not-affected> (Bug was introduced in 1.3.5c) @@ -24838,8 +24838,8 @@ CVE-2019-10786 RESERVED CVE-2019-10785 RESERVED -CVE-2019-10784 - RESERVED +CVE-2019-10784 (phppgadmin through 7.12.1 allows sensitive actions to be performed wit ...) + TODO: check CVE-2019-10783 (All versions including 0.0.4 of lsof npm module are vulnerable to Comm ...) TODO: check CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScript obj ...) @@ -28817,8 +28817,8 @@ CVE-2019-9675 (** DISPUTED ** An issue was discovered in PHP 7.x before 7.1.27 a - php5 <removed> (unimportant) NOTE: Fixed in 7.1.27, 7.3.3 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77586 -CVE-2019-9674 - RESERVED +CVE-2019-9674 (Lib/zipfile.py in Python through 3.7.2 allows remote attackers to caus ...) + TODO: check CVE-2019-9673 (Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript e ...) NOT-FOR-US: Freenet CVE-2019-9672 @@ -41135,10 +41135,10 @@ CVE-2019-4677 RESERVED CVE-2019-4676 RESERVED -CVE-2019-4675 - RESERVED -CVE-2019-4674 - RESERVED +CVE-2019-4675 (IBM Security Identity Manager 7.0.1 contains hard-coded credentials, s ...) + TODO: check +CVE-2019-4674 (IBM Security Identity Manager 7.0.1 could allow a remote attacker to t ...) + TODO: check CVE-2019-4673 RESERVED CVE-2019-4672 @@ -41361,8 +41361,8 @@ CVE-2019-4564 (IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vu NOT-FOR-US: IBM CVE-2019-4563 RESERVED -CVE-2019-4562 - RESERVED +CVE-2019-4562 (IBM Security Directory Server 6.4.0 stores sensitive information in UR ...) + TODO: check CVE-2019-4561 (IBM Security Identity Manager 6.0.0 could allow a remote attacker to e ...) NOT-FOR-US: IBM CVE-2019-4560 (IBM MQ and IBM MQ Appliance 9.1 CD, 9.1 LTS, 9.0 LTS, and 8.0 is vulne ...) @@ -41383,14 +41383,14 @@ CVE-2019-4553 RESERVED CVE-2019-4552 RESERVED -CVE-2019-4551 - RESERVED -CVE-2019-4550 - RESERVED +CVE-2019-4551 (IBM Security Directory Server 6.4.0 does not perform an authentication ...) + TODO: check +CVE-2019-4550 (IBM Security Directory Server 6.4.0 is deployed with active debugging ...) + TODO: check CVE-2019-4549 (IBM Security Directory Server 6.4.0 discloses sensitive information to ...) NOT-FOR-US: IBM -CVE-2019-4548 - RESERVED +CVE-2019-4548 (IBM Security Directory Server 6.4.0 could allow a remote attacker to h ...) + TODO: check CVE-2019-4547 RESERVED CVE-2019-4546 (After installing the IBM Maximo Health- Safety and Environment Manager ...) @@ -41403,10 +41403,10 @@ CVE-2019-4543 RESERVED CVE-2019-4542 (IBM Security Directory Server 6.4.0 is vulnerable to cross-site script ...) NOT-FOR-US: IBM -CVE-2019-4541 - RESERVED -CVE-2019-4540 - RESERVED +CVE-2019-4541 (IBM Security Directory Server 6.4.0 uses incomplete blacklisting for i ...) + TODO: check +CVE-2019-4540 (IBM Security Directory Server 6.4.0 uses weaker than expected cryptogr ...) + TODO: check CVE-2019-4539 (IBM Security Directory Server 6.4.0 does not properly neutralize speci ...) NOT-FOR-US: IBM CVE-2019-4538 (IBM Security Directory Server 6.4.0 could allow a remote attacker to c ...) @@ -41583,8 +41583,8 @@ CVE-2019-4453 RESERVED CVE-2019-4452 RESERVED -CVE-2019-4451 - RESERVED +CVE-2019-4451 (IBM Security Identity Manager 6.0.0 is vulnerable to cross-site script ...) + TODO: check CVE-2019-4450 (IBM i 7.2, 7.3, and 7.4 for i is vulnerable to cross-site scripting. T ...) NOT-FOR-US: IBM CVE-2019-4449 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 6cc8619398..eff9c45072 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,39 @@ +CVE-2020-8615 (A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPres ...) + TODO: check +CVE-2020-8614 + RESERVED +CVE-2020-8613 + RESERVED +CVE-2020-8612 + RESERVED +CVE-2020-8611 + RESERVED +CVE-2020-8610 + RESERVED +CVE-2020-8609 + RESERVED +CVE-2020-8608 + RESERVED +CVE-2020-8607 + RESERVED +CVE-2020-8606 + RESERVED +CVE-2020-8605 + RESERVED +CVE-2020-8604 + RESERVED +CVE-2020-8603 + RESERVED +CVE-2020-8602 + RESERVED +CVE-2020-8601 + RESERVED +CVE-2020-8600 + RESERVED +CVE-2020-8599 + RESERVED +CVE-2020-8598 + RESERVED CVE-2020-8597 (eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overf ...) - ppp <unfixed> (bug #950618) NOTE: https://github.com/paulusmack/ppp/commit/8d7970b8f3db727fe798b65f3377fe6787575426 @@ -2840,8 +2876,8 @@ CVE-2020-7223 RESERVED CVE-2020-7222 (An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06- ...) NOT-FOR-US: Amcrest Web Server -CVE-2020-7221 - RESERVED +CVE-2020-7221 (mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege es ...) + TODO: check CVE-2020-7220 (HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circ ...) NOT-FOR-US: HashiCorp Vault CVE-2020-7219 (HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services a ...) @@ -9142,8 +9178,8 @@ CVE-2020-4165 RESERVED CVE-2020-4164 RESERVED -CVE-2020-4163 - RESERVED +CVE-2020-4163 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under special ...) + TODO: check CVE-2020-4162 RESERVED CVE-2020-4161 |