automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-02-06 08:10:29 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-02-06 08:10:29 +0000
commit: 3707994c0d3c333bca680c11d6064afef0b04b27 (patch)
tree: c5e692d6b4815198fdda6a4a5595850c20f76754 /data
parent: d0b167d43601bdf1fec0ee2e457e7f65fa4c0881 (diff)
5 files changed, 93 insertions, 49 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 64ab15742f..3085a9f687 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -98,8 +98,7 @@ CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default
 	NOT-FOR-US: GE Healthcare Optima
 CVE-2010-5305 (The potential exists for exposure of the product's password used to re ...)
 	NOT-FOR-US: Rockwell
-CVE-2010-5304
-	RESERVED
+CVE-2010-5304 (A NULL pointer dereference flaw was found in the way LibVNCServer befo ...)
 	NOT-FOR-US: RealVNC
 CVE-2010-5303 (Cross-site scripting (XSS) vulnerability in the displayError function  ...)
 	NOT-FOR-US: TimThumb
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 2da4f58772..38c0c8f49d 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -9785,8 +9785,7 @@ CVE-2011-1599 (manager.c in the Manager Interface in Asterisk Open Source 1.4.x
 CVE-2011-1598 (The bcm_release function in net/can/bcm.c in the Linux kernel before 2 ...)
 	{DSA-2264-1 DSA-2240-1}
 	- linux-2.6 2.6.38-5
-CVE-2011-1597
-	RESERVED
+CVE-2011-1597 (OpenVAS Manager v2.0.3 allows plugin remote code execution. ...)
 	NOT-FOR-US: OpenVAS Manager
 CVE-2011-1596
 	RESERVED
@@ -10037,8 +10036,8 @@ CVE-2011-XXXX [htmlpurifier various]
 	NOTE: http://web.archive.org/web/20120515064303/http://htmlpurifier.org/news/2011/0327-4.3.0-released
 	NOTE: htmlpurifier only provides library functions, it's not vulnerable by itself
 	NOTE: If apps are vulnerable, this must be addressed there (as done for Mahara)
-CVE-2011-1517
-	RESERVED
+CVE-2011-1517 (SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service c ...)
+	TODO: check
 CVE-2011-1516 (The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in ...)
 	NOT-FOR-US: Apple Mac OS X
 CVE-2011-1515 (The inet service in HP OpenView Storage Data Protector 6.00 through 6. ...)
@@ -11054,11 +11053,9 @@ CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the ph
 	NOTE: only exploitable by malicious scripts
 CVE-2011-1152
 	REJECTED
-CVE-2011-1151
-	RESERVED
+CVE-2011-1151 (Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and  ...)
 	NOT-FOR-US: Joomla!
-CVE-2011-1150
-	RESERVED
+CVE-2011-1150 (bbPress through 1.0.2 has XSS in /bb-login.php url via the re paramete ...)
 	NOT-FOR-US: bbPress
 CVE-2011-1149 (Android before 2.3 does not properly restrict access to the system pro ...)
 	NOT-FOR-US: Android
@@ -11328,8 +11325,7 @@ CVE-2011-1070 (v86d before 0.1.10 do not verify if received netlink messages are
 	- v86d 0.1.10-1 (low; bug #619404)
 	[squeeze] - v86d 0.1.9-1+squeeze1
 	[lenny] - v86d 0.1.5.2-1+lenny1
-CVE-2011-1069
-	RESERVED
+CVE-2011-1069 (PHPShop through 0.8.1 has XSS. ...)
 	NOT-FOR-US: PHPShop
 CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1. ...)
 	NOT-FOR-US: Microsoft Windows Azure SDK
@@ -11496,8 +11492,7 @@ CVE-2011-1010 (Buffer overflow in the mac_partition function in fs/partitions/ma
 	- linux-2.6 2.6.37-2
 	[wheezy] - linux-2.6 2.6.32-31
 	[squeeze] - linux-2.6 2.6.32-31
-CVE-2011-1009
-	RESERVED
+CVE-2011-1009 (Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php ...)
 	NOT-FOR-US: Vanilla Forums
 CVE-2011-1008 (Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not ...)
 	- request-tracker3.8 3.8.10-1 (bug #614576)
@@ -12746,8 +12741,7 @@ CVE-2011-0527 (VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x befor
 	NOT-FOR-US: VMware vFabric tc Server
 CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forum ...)
 	NOT-FOR-US: Vanilla Forums
-CVE-2011-0525
-	RESERVED
+CVE-2011-0525 (Batavi before 1.0 has CSRF. ...)
 	NOT-FOR-US: Batavi
 CVE-2011-0524 (Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 ...)
 	- gypsy <itp> (bug #491723)
@@ -13492,8 +13486,8 @@ CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote attac
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
-CVE-2011-0220
-	RESERVED
+CVE-2011-0220 (Apple Bonjour before 2011 allows a crash via a crafted multicast DNS p ...)
+	TODO: check
 CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the Same O ...)
 	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
 CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers  ...)
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index b0edf8e9ca..5de04c7534 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -12423,12 +12423,12 @@ CVE-2013-2684
 	RESERVED
 CVE-2013-2683
 	RESERVED
-CVE-2013-2682
-	RESERVED
-CVE-2013-2681
-	RESERVED
-CVE-2013-2680
-	RESERVED
+CVE-2013-2682 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vuln ...)
+	TODO: check
+CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass V ...)
+	TODO: check
+CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartex ...)
+	TODO: check
 CVE-2013-2679
 	RESERVED
 CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...)
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 668351816b..0dd6ec26f9 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -1,3 +1,5 @@
+CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...)
+	TODO: check
 CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nest ...)
 	- librsvg 2.46.4-1
 	NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515
@@ -92,20 +94,20 @@ CVE-2019-20408
 	RESERVED
 CVE-2019-20407
 	RESERVED
-CVE-2019-20406
-	RESERVED
-CVE-2019-20405
-	RESERVED
-CVE-2019-20404
-	RESERVED
-CVE-2019-20403
-	RESERVED
-CVE-2019-20402
-	RESERVED
-CVE-2019-20401
-	RESERVED
-CVE-2019-20400
-	RESERVED
+CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...)
+	TODO: check
+CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data Center befor ...)
+	TODO: check
+CVE-2019-20404 (The API in Atlassian Jira Server and Data Center before version 8.6.0  ...)
+	TODO: check
+CVE-2019-20403 (The API in Atlassian Jira Server and Data Center before version 8.6.0  ...)
+	TODO: check
+CVE-2019-20402 (Support zip files in Atlassian Jira Server and Data Center before vers ...)
+	TODO: check
+CVE-2019-20401 (Various installation setup resources in Jira before version 8.5.2 allo ...)
+	TODO: check
+CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local attacker ...)
+	TODO: check
 CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...)
 	NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1)
 CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...)
@@ -646,8 +648,8 @@ CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide
 	NOTE: is disputed by QEMU security team.
 CVE-2019-20174 (Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is us ...)
 	TODO: check
-CVE-2019-20173
-	RESERVED
+CVE-2019-20173 (The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XS ...)
+	TODO: check
 CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...)
 	NOT-FOR-US: SerenityOS
 CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...)
@@ -844,12 +846,12 @@ CVE-2019-20108
 	RESERVED
 CVE-2019-20107
 	RESERVED
-CVE-2019-20106
-	RESERVED
+CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center before ver ...)
+	TODO: check
 CVE-2019-20105
 	RESERVED
-CVE-2019-20104
-	RESERVED
+CVE-2019-20104 (The OpenID client application in Atlassian Crowd before version 3.6.2, ...)
+	TODO: check
 CVE-2019-20103
 	RESERVED
 CVE-2019-20102
@@ -3846,6 +3848,7 @@ CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9
 CVE-2019-18979
 	RESERVED
 CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...)
+	{DLA-2096-1}
 	- ruby-rack-cors <unfixed> (bug #944849)
 	NOTE: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d
 	NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 27d5771ff8..cb1f29e375 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,8 +1,56 @@
-CVE-2020-8649 [vgacon_invert_region use-after-free]
+CVE-2020-8667
+	RESERVED
+CVE-2020-8666
+	RESERVED
+CVE-2020-8665
+	RESERVED
+CVE-2020-8664
+	RESERVED
+CVE-2020-8663
+	RESERVED
+CVE-2020-8662
+	RESERVED
+CVE-2020-8661
+	RESERVED
+CVE-2020-8660
+	RESERVED
+CVE-2020-8659
+	RESERVED
+CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...)
+	TODO: check
+CVE-2020-8657
+	RESERVED
+CVE-2020-8656
+	RESERVED
+CVE-2020-8655
+	RESERVED
+CVE-2020-8654
+	RESERVED
+CVE-2020-8653
+	RESERVED
+CVE-2020-8652
+	RESERVED
+CVE-2020-8651
+	RESERVED
+CVE-2020-8650
+	RESERVED
+CVE-2020-8646
+	RESERVED
+CVE-2020-8645
+	RESERVED
+CVE-2020-8644 (PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. ...)
+	TODO: check
+CVE-2020-8643
+	RESERVED
+CVE-2020-8642
+	RESERVED
+CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...)
+	TODO: check
+CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
 	- linux <unfixed>
-CVE-2020-8648 [n_tty_receive_buf_common use-after-free]
+CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
 	- linux <unfixed>
-CVE-2020-8647 [vc_do_resize use-after-free]
+CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...)
 	- linux <unfixed>
 CVE-2020-8640
 	RESERVED
@@ -3751,8 +3799,8 @@ CVE-2020-6856
 	RESERVED
 CVE-2020-6855
 	RESERVED
-CVE-2020-6854
-	RESERVED
+CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit componen ...)
+	TODO: check
 CVE-2020-6853
 	RESERVED
 CVE-2020-6852
author	security tracker role <sectracker@soriano.debian.org>	2020-02-06 08:10:29 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-02-06 08:10:29 +0000
commit	3707994c0d3c333bca680c11d6064afef0b04b27 (patch)
tree	c5e692d6b4815198fdda6a4a5595850c20f76754 /data
parent	d0b167d43601bdf1fec0ee2e457e7f65fa4c0881 (diff)