diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-06 08:10:29 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-06 08:10:29 +0000 |
commit | 3707994c0d3c333bca680c11d6064afef0b04b27 (patch) | |
tree | c5e692d6b4815198fdda6a4a5595850c20f76754 /data | |
parent | d0b167d43601bdf1fec0ee2e457e7f65fa4c0881 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2010.list | 3 | ||||
-rw-r--r-- | data/CVE/2011.list | 26 | ||||
-rw-r--r-- | data/CVE/2013.list | 12 | ||||
-rw-r--r-- | data/CVE/2019.list | 43 | ||||
-rw-r--r-- | data/CVE/2020.list | 58 |
5 files changed, 93 insertions, 49 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 64ab15742f..3085a9f687 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -98,8 +98,7 @@ CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default NOT-FOR-US: GE Healthcare Optima CVE-2010-5305 (The potential exists for exposure of the product's password used to re ...) NOT-FOR-US: Rockwell -CVE-2010-5304 - RESERVED +CVE-2010-5304 (A NULL pointer dereference flaw was found in the way LibVNCServer befo ...) NOT-FOR-US: RealVNC CVE-2010-5303 (Cross-site scripting (XSS) vulnerability in the displayError function ...) NOT-FOR-US: TimThumb diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 2da4f58772..38c0c8f49d 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -9785,8 +9785,7 @@ CVE-2011-1599 (manager.c in the Manager Interface in Asterisk Open Source 1.4.x CVE-2011-1598 (The bcm_release function in net/can/bcm.c in the Linux kernel before 2 ...) {DSA-2264-1 DSA-2240-1} - linux-2.6 2.6.38-5 -CVE-2011-1597 - RESERVED +CVE-2011-1597 (OpenVAS Manager v2.0.3 allows plugin remote code execution. ...) NOT-FOR-US: OpenVAS Manager CVE-2011-1596 RESERVED @@ -10037,8 +10036,8 @@ CVE-2011-XXXX [htmlpurifier various] NOTE: http://web.archive.org/web/20120515064303/http://htmlpurifier.org/news/2011/0327-4.3.0-released NOTE: htmlpurifier only provides library functions, it's not vulnerable by itself NOTE: If apps are vulnerable, this must be addressed there (as done for Mahara) -CVE-2011-1517 - RESERVED +CVE-2011-1517 (SAP NetWeaver 7.0 allows Remote Code Execution and Denial of Service c ...) + TODO: check CVE-2011-1516 (The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in ...) NOT-FOR-US: Apple Mac OS X CVE-2011-1515 (The inet service in HP OpenView Storage Data Protector 6.00 through 6. ...) @@ -11054,11 +11053,9 @@ CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the ph NOTE: only exploitable by malicious scripts CVE-2011-1152 REJECTED -CVE-2011-1151 - RESERVED +CVE-2011-1151 (Joomla! 1.6.0 is vulnerable to SQL Injection via the filter_order and ...) NOT-FOR-US: Joomla! -CVE-2011-1150 - RESERVED +CVE-2011-1150 (bbPress through 1.0.2 has XSS in /bb-login.php url via the re paramete ...) NOT-FOR-US: bbPress CVE-2011-1149 (Android before 2.3 does not properly restrict access to the system pro ...) NOT-FOR-US: Android @@ -11328,8 +11325,7 @@ CVE-2011-1070 (v86d before 0.1.10 do not verify if received netlink messages are - v86d 0.1.10-1 (low; bug #619404) [squeeze] - v86d 0.1.9-1+squeeze1 [lenny] - v86d 0.1.5.2-1+lenny1 -CVE-2011-1069 - RESERVED +CVE-2011-1069 (PHPShop through 0.8.1 has XSS. ...) NOT-FOR-US: PHPShop CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before 1. ...) NOT-FOR-US: Microsoft Windows Azure SDK @@ -11496,8 +11492,7 @@ CVE-2011-1010 (Buffer overflow in the mac_partition function in fs/partitions/ma - linux-2.6 2.6.37-2 [wheezy] - linux-2.6 2.6.32-31 [squeeze] - linux-2.6 2.6.32-31 -CVE-2011-1009 - RESERVED +CVE-2011-1009 (Vanilla Forums 2.0.17.1 through 2.0.17.5 has XSS in /vanilla/index.php ...) NOT-FOR-US: Vanilla Forums CVE-2011-1008 (Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not ...) - request-tracker3.8 3.8.10-1 (bug #614576) @@ -12746,8 +12741,7 @@ CVE-2011-0527 (VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x befor NOT-FOR-US: VMware vFabric tc Server CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in Vanilla Forum ...) NOT-FOR-US: Vanilla Forums -CVE-2011-0525 - RESERVED +CVE-2011-0525 (Batavi before 1.0 has CSRF. ...) NOT-FOR-US: Batavi CVE-2011-0524 (Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 ...) - gypsy <itp> (bug #491723) @@ -13492,8 +13486,8 @@ CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote attac NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix -CVE-2011-0220 - RESERVED +CVE-2011-0220 (Apple Bonjour before 2011 allows a crash via a crafted multicast DNS p ...) + TODO: check CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the Same O ...) NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index b0edf8e9ca..5de04c7534 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -12423,12 +12423,12 @@ CVE-2013-2684 RESERVED CVE-2013-2683 RESERVED -CVE-2013-2682 - RESERVED -CVE-2013-2681 - RESERVED -CVE-2013-2680 - RESERVED +CVE-2013-2682 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Clickjacking Vuln ...) + TODO: check +CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Bypass V ...) + TODO: check +CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartex ...) + TODO: check CVE-2013-2679 RESERVED CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 668351816b..0dd6ec26f9 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,5 @@ +CVE-2019-20447 (Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endp ...) + TODO: check CVE-2019-20446 (In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nest ...) - librsvg 2.46.4-1 NOTE: https://gitlab.gnome.org/GNOME/librsvg/issues/515 @@ -92,20 +94,20 @@ CVE-2019-20408 RESERVED CVE-2019-20407 RESERVED -CVE-2019-20406 - RESERVED -CVE-2019-20405 - RESERVED -CVE-2019-20404 - RESERVED -CVE-2019-20403 - RESERVED -CVE-2019-20402 - RESERVED -CVE-2019-20401 - RESERVED -CVE-2019-20400 - RESERVED +CVE-2019-20406 (The usage of Tomcat in Confluence on the Microsoft Windows operating s ...) + TODO: check +CVE-2019-20405 (The JMX monitoring flag in Atlassian Jira Server and Data Center befor ...) + TODO: check +CVE-2019-20404 (The API in Atlassian Jira Server and Data Center before version 8.6.0 ...) + TODO: check +CVE-2019-20403 (The API in Atlassian Jira Server and Data Center before version 8.6.0 ...) + TODO: check +CVE-2019-20402 (Support zip files in Atlassian Jira Server and Data Center before vers ...) + TODO: check +CVE-2019-20401 (Various installation setup resources in Jira before version 8.5.2 allo ...) + TODO: check +CVE-2019-20400 (The usage of Tomcat in Jira before version 8.5.2 allows local attacker ...) + TODO: check CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...) NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1) CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...) @@ -646,8 +648,8 @@ CVE-2019-20175 (** DISPUTED ** An issue was discovered in ide_dma_cb() in hw/ide NOTE: is disputed by QEMU security team. CVE-2019-20174 (Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is us ...) TODO: check -CVE-2019-20173 - RESERVED +CVE-2019-20173 (The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XS ...) + TODO: check CVE-2019-20172 (Kernel/VM/MemoryManager.cpp in SerenityOS before 2019-12-30 does not r ...) NOT-FOR-US: SerenityOS CVE-2019-20171 (An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20 ...) @@ -844,12 +846,12 @@ CVE-2019-20108 RESERVED CVE-2019-20107 RESERVED -CVE-2019-20106 - RESERVED +CVE-2019-20106 (Comment properties in Atlassian Jira Server and Data Center before ver ...) + TODO: check CVE-2019-20105 RESERVED -CVE-2019-20104 - RESERVED +CVE-2019-20104 (The OpenID client application in Atlassian Crowd before version 3.6.2, ...) + TODO: check CVE-2019-20103 RESERVED CVE-2019-20102 @@ -3846,6 +3848,7 @@ CVE-2019-18980 (On Signify Philips Taolight Smart Wi-Fi Wiz Connected LED Bulb 9 CVE-2019-18979 RESERVED CVE-2019-18978 (An issue was discovered in the rack-cors (aka Rack CORS Middleware) ge ...) + {DLA-2096-1} - ruby-rack-cors <unfixed> (bug #944849) NOTE: https://github.com/cyu/rack-cors/commit/e4d4fc362a4315808927011cbe5afcfe5486f17d NOTE: https://github.com/cyu/rack-cors/compare/v1.0.3...v1.0.4 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 27d5771ff8..cb1f29e375 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,8 +1,56 @@ -CVE-2020-8649 [vgacon_invert_region use-after-free] +CVE-2020-8667 + RESERVED +CVE-2020-8666 + RESERVED +CVE-2020-8665 + RESERVED +CVE-2020-8664 + RESERVED +CVE-2020-8663 + RESERVED +CVE-2020-8662 + RESERVED +CVE-2020-8661 + RESERVED +CVE-2020-8660 + RESERVED +CVE-2020-8659 + RESERVED +CVE-2020-8658 (The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp- ...) + TODO: check +CVE-2020-8657 + RESERVED +CVE-2020-8656 + RESERVED +CVE-2020-8655 + RESERVED +CVE-2020-8654 + RESERVED +CVE-2020-8653 + RESERVED +CVE-2020-8652 + RESERVED +CVE-2020-8651 + RESERVED +CVE-2020-8650 + RESERVED +CVE-2020-8646 + RESERVED +CVE-2020-8645 + RESERVED +CVE-2020-8644 (PlaySMS before 1.4.3 does not sanitize inputs from a malicious string. ...) + TODO: check +CVE-2020-8643 + RESERVED +CVE-2020-8642 + RESERVED +CVE-2020-8641 (Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php ...) + TODO: check +CVE-2020-8649 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux <unfixed> -CVE-2020-8648 [n_tty_receive_buf_common use-after-free] +CVE-2020-8648 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux <unfixed> -CVE-2020-8647 [vc_do_resize use-after-free] +CVE-2020-8647 (There is a use-after-free vulnerability in the Linux kernel through 5. ...) - linux <unfixed> CVE-2020-8640 RESERVED @@ -3751,8 +3799,8 @@ CVE-2020-6856 RESERVED CVE-2020-6855 RESERVED -CVE-2020-6854 - RESERVED +CVE-2020-6854 (A cross-site scripting (XSS) vulnerability in the JOC Cockpit componen ...) + TODO: check CVE-2020-6853 RESERVED CVE-2020-6852 |