diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-07-21 20:10:31 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-07-21 20:10:31 +0000 |
commit | 94173d9f125293d64c7d4ea4f0f3a5233a16ec0d (patch) | |
tree | 692c30ab8ece33fd1ec8c23065e65d94262d46d2 /data | |
parent | 5d3fe2ccc90f62748c8334eb73b842f0e70c8c40 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2010.list | 2 | ||||
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 8 | ||||
-rw-r--r-- | data/CVE/2018.list | 4 | ||||
-rw-r--r-- | data/CVE/2019.list | 4 | ||||
-rw-r--r-- | data/CVE/2020.list | 70 |
6 files changed, 63 insertions, 27 deletions
diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 8d7e637d06..5a5d7fc848 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -10778,7 +10778,7 @@ CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem [lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30) CVE-2010-1145 REJECTED -CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids 1.24, as used in d ...) +CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids before 1.24, as us ...) - libnids 1.23-1.2 (low; bug #576281) [lenny] - libnids <no-dsa> (Minor issue) NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor diff --git a/data/CVE/2015.list b/data/CVE/2015.list index b3826a52d9..38320dcfdd 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -12412,7 +12412,7 @@ CVE-2015-5239 (Integer overflow in the VNC display driver in QEMU before 2.1.0 a [squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS) NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d (v2.1.0-rc0) CVE-2015-5238 - RESERVED + REJECTED CVE-2015-5237 (protobuf allows remote authenticated attackers to cause a heap-based b ...) - protobuf <unfixed> (unimportant) NOTE: https://github.com/google/protobuf/issues/760 diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 3a1e3b984d..017c46935d 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -11795,10 +11795,10 @@ CVE-2016-7066 (It was found that the improper default permissions on /tmp/auth d NOT-FOR-US: admin-cli / jboss-cli in Red Hat CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...) NOT-FOR-US: Red Hat JBoss EAP -CVE-2016-7064 - RESERVED -CVE-2016-7063 - RESERVED +CVE-2016-7064 (A flaw was found in pritunl-client before version 1.0.1116.6. A lack o ...) + TODO: check +CVE-2016-7063 (A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrar ...) + TODO: check CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage Co ...) NOT-FOR-US: Red Hat rhscon-core CVE-2016-7061 (An information disclosure vulnerability was found in JBoss Enterprise ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 357680472c..99843ca35b 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -480,8 +480,8 @@ CVE-2018-21038 (An issue was discovered on Samsung mobile devices with N(7.x) so NOT-FOR-US: Samsung mobile devices CVE-2018-21037 (Subrion CMS 4.1.5 (and possibly earlier versions) allow CSRF to change ...) NOT-FOR-US: Subrion CMS -CVE-2018-21036 - RESERVED +CVE-2018-21036 (Sails.js before v1.0.0-46 allows attackers to cause a denial of servic ...) + TODO: check CVE-2018-21035 (In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB f ...) - qtwebsockets-opensource-src <unfixed> (low; bug #953049) [buster] - qtwebsockets-opensource-src <ignored> (Minor issue) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 631d336448..bfd996b800 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1173,7 +1173,7 @@ CVE-2019-20419 (Affected versions of Atlassian Jira Server and Data Center allow NOT-FOR-US: Atlassian CVE-2019-20418 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian -CVE-2019-20417 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) +CVE-2019-20417 (NOTE: This candidate is a duplicate of CVE-2019-15011. All CVE users s ...) NOT-FOR-US: Atlassian CVE-2019-20416 (Affected versions of Atlassian Jira Server and Data Center allow remot ...) NOT-FOR-US: Atlassian @@ -5397,7 +5397,7 @@ CVE-2019-18862 (maidag in GNU Mailutils before 3.8 is installed setuid and allow CVE-2019-18861 RESERVED CVE-2019-18860 (Squid before 4.9, when certain web browsers are used, mishandles HTML ...) - {DLA-2278-1} + {DSA-4732-1 DLA-2278-1} - squid 4.9-1 (low) - squid3 <removed> NOTE: https://github.com/squid-cache/squid/pull/504 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index b4da437489..824ff81044 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,11 +1,46 @@ +CVE-2020-15880 + RESERVED +CVE-2020-15879 (Bitwarden Server 1.35.1 allows SSRF because it does not consider certa ...) + TODO: check +CVE-2020-15878 + RESERVED +CVE-2020-15877 (An issue was discovered in LibreNMS before 1.65.1. It has insufficient ...) + TODO: check +CVE-2020-15876 + RESERVED +CVE-2020-15875 + RESERVED +CVE-2020-15874 + RESERVED +CVE-2020-15873 (In LibreNMS before 1.65.1, an authenticated attacker can achieve SQL I ...) + TODO: check +CVE-2020-15872 + RESERVED +CVE-2020-15871 + RESERVED +CVE-2020-15870 + RESERVED +CVE-2020-15869 + RESERVED +CVE-2020-15868 + RESERVED +CVE-2020-15867 + RESERVED +CVE-2020-15866 (mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yie ...) + TODO: check +CVE-2020-15865 + RESERVED +CVE-2020-15864 + RESERVED +CVE-2020-15863 + RESERVED CVE-2020-15862 RESERVED CVE-2020-15861 RESERVED CVE-2020-15860 RESERVED -CVE-2020-15859 [net: e1000e: use-after-free while sending packets] - RESERVED +CVE-2020-15859 (QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a gues ...) - qemu <unfixed> (bug #965978) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2020-07/msg05895.html NOTE: https://bugs.launchpad.net/qemu/+bug/1886362 @@ -297,12 +332,12 @@ CVE-2020-15726 RESERVED CVE-2020-15725 RESERVED -CVE-2020-15724 - RESERVED -CVE-2020-15723 - RESERVED -CVE-2020-15722 - RESERVED +CVE-2020-15724 (In the version 12.1.0.1005 and below of 360 Total Security, when the G ...) + TODO: check +CVE-2020-15723 (In the version 12.1.0.1004 and below of 360 Total Security, when the m ...) + TODO: check +CVE-2020-15722 (In version 12.1.0.1004 and below of 360 Total Security,when TPI calls ...) + TODO: check CVE-2020-15721 (RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XS ...) NOT-FOR-US: RosarioSIS CVE-2020-15720 (In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did n ...) @@ -1659,8 +1694,8 @@ CVE-2020-15103 NOTE: https://github.com/FreeRDP/FreeRDP/pull/6381 NOTE: https://github.com/FreeRDP/FreeRDP/commit/be8c8640ead04b1e4fc9176c504bf688351c8924 (stable-2.0) NOTE: https://github.com/FreeRDP/FreeRDP/commit/da684f5335c2b3b726a39f3c091ce804e55f4f8e (stable-2.0) -CVE-2020-15102 - RESERVED +CVE-2020-15102 (In PrestaShop Dashboard Productions before version 2.1.0, there is imp ...) + TODO: check CVE-2020-15101 (In freewvs before 0.1.1, a directory structure of more than 1000 neste ...) NOT-FOR-US: freewvs CVE-2020-15100 (In freewvs before 0.1.1, a user could create a large file that freewvs ...) @@ -3965,8 +4000,8 @@ CVE-2020-14065 (IceWarp Email Server 12.3.0.1 allows remote attackers to upload NOT-FOR-US: IceWarp Email Server CVE-2020-14064 (IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user ac ...) NOT-FOR-US: IceWarp Email Server -CVE-2020-14063 - RESERVED +CVE-2020-14063 (A stored Cross-Site Scripting (XSS) vulnerability in the TC Custom Jav ...) + TODO: check CVE-2020-14062 (FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interact ...) {DLA-2270-1} - jackson-databind 2.11.1-1 @@ -7678,8 +7713,8 @@ CVE-2020-12501 RESERVED CVE-2020-12500 RESERVED -CVE-2020-12499 - RESERVED +CVE-2020-12499 (In PHOENIX CONTACT PLCnext Engineer version 2020.3.1 and earlier an im ...) + TODO: check CVE-2020-12498 (mwe file parsing in Phoenix Contact PC Worx and PC Worx Express versio ...) NOT-FOR-US: Phoenix CVE-2020-12497 (PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Expres ...) @@ -7836,8 +7871,8 @@ CVE-2020-12434 RESERVED CVE-2020-12433 RESERVED -CVE-2020-12432 - RESERVED +CVE-2020-12432 (The WOPI API integration for Vereign Collabora CODE through 4.2.2 does ...) + TODO: check CVE-2020-12431 (A Windows privilege change issue was discovered in Splashtop Software ...) NOT-FOR-US: Splashtop Software Updater CVE-2020-12430 (An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_dri ...) @@ -20042,7 +20077,7 @@ CVE-2020-7265 (Privilege Escalation vulnerability in McAfee Endpoint Security (E NOT-FOR-US: McAfee CVE-2020-7264 (Privilege Escalation vulnerability in McAfee Endpoint Security (ENS) f ...) NOT-FOR-US: McAfee -CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in ENS for W ...) +CVE-2020-7263 (Improper access control vulnerability in ESConfigTool.exe in McAfee En ...) NOT-FOR-US: ENS for Windows CVE-2020-7262 (Improper Access Control vulnerability in McAfee Advanced Threat Defens ...) NOT-FOR-US: McAfee @@ -33097,6 +33132,7 @@ CVE-2020-1505 RESERVED CVE-2020-1504 RESERVED + {DSA-4732-1} CVE-2020-1503 RESERVED CVE-2020-1502 |