diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-01-13 20:10:28 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-13 20:10:28 +0000 |
| commit | 971933c62699fd4c5709b1b8e5a31d42ae34bddc (patch) | |
| tree | 08611a637145df039f1e2e2ac5b3aeb39432b199 /data | |
| parent | cff5afcd1be1be763034308e3c794af72525ba97 (diff) | |
automatic update
Diffstat (limited to 'data')
| -rw-r--r-- | data/CVE/2011.list | 4 | ||||
| -rw-r--r-- | data/CVE/2012.list | 4 | ||||
| -rw-r--r-- | data/CVE/2013.list | 4 | ||||
| -rw-r--r-- | data/CVE/2014.list | 22 | ||||
| -rw-r--r-- | data/CVE/2019.list | 39 | ||||
| -rw-r--r-- | data/CVE/2020.list | 190 |
6 files changed, 218 insertions, 45 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index a21da5a94d..560600c18c 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -7062,8 +7062,8 @@ CVE-2011-2672 (Cross-site scripting (XSS) vulnerability in SemanticScuttle befor NOT-FOR-US: SemanticScuttle CVE-2011-2671 (Unspecified vulnerability in Megalith 12th edition through 27th editio ...) NOT-FOR-US: Megalith -CVE-2011-2670 - RESERVED +CVE-2011-2670 (Mozilla Firefox before 3.6 is vulnerable to XSS via the rendering of C ...) + TODO: check CVE-2011-2669 RESERVED CVE-2011-2668 diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 8e3f3403f7..aa7ad6ccd9 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -4774,8 +4774,8 @@ CVE-2012-4769 RESERVED CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor plugi ...) NOT-FOR-US: Download Monitor plugin for WordPress -CVE-2012-4767 - RESERVED +CVE-2012-4767 (An issue exists in Safend Data Protector Agent 3.4.5586.9772 in the se ...) + TODO: check CVE-2012-4766 RESERVED CVE-2012-4765 diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 1966f4d430..11da4c0c1d 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -3573,8 +3573,8 @@ CVE-2013-6227 (Unrestricted file upload vulnerability in plugins/editor.zoho/age NOT-FOR-US: Zoho plugin in Pydio (AjaXplorer) CVE-2013-6226 (Directory traversal vulnerability in plugins/editor.zoho/agent/save_zo ...) NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin -CVE-2013-6225 - RESERVED +CVE-2013-6225 (LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability ...) + TODO: check CVE-2013-6224 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla befor ...) NOT-FOR-US: Livezilla CVE-2013-6223 (LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 5b9a2ed5b5..d9059a036a 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -3208,8 +3208,8 @@ CVE-2014-9384 RESERVED CVE-2014-9383 RESERVED -CVE-2014-9382 - RESERVED +CVE-2014-9382 (Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user accou ...) + TODO: check CVE-2014-9375 (Directory traversal vulnerability in the LibraryFileUploadServlet serv ...) NOT-FOR-US: Lexmark CVE-2014-9373 (Directory traversal vulnerability in the CollectorConfInfoServlet serv ...) @@ -11609,8 +11609,8 @@ CVE-2014-6062 RESERVED CVE-2014-6061 RESERVED -CVE-2014-6059 - RESERVED +CVE-2014-6059 (WordPress Advanced Access Manager Plugin before 2.8.2 has an Arbitrary ...) + TODO: check CVE-2014-6058 RESERVED CVE-2014-6057 @@ -11675,11 +11675,9 @@ CVE-2014-6042 RESERVED CVE-2014-6041 (The Android WebView in Android before 4.4 allows remote attackers to b ...) NOT-FOR-US: Android Browser application -CVE-2014-6039 - RESERVED +CVE-2014-6039 (ManageEngine EventLog Analyzer version 7 through 9.9 build 9002 has a ...) NOT-FOR-US: ManageEngine EventLog Analyzer -CVE-2014-6038 - RESERVED +CVE-2014-6038 (Zoho ManageEngine EventLog Analyzer versions 7 through 9.9 build 9002 ...) NOT-FOR-US: ManageEngine EventLog Analyzer CVE-2014-6037 (Directory traversal vulnerability in the agentUpload servlet in ZOHO M ...) NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer @@ -13045,10 +13043,10 @@ CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091 CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web interfa ...) NOT-FOR-US: Schrack Technik microControl -CVE-2014-5381 - RESERVED -CVE-2014-5380 - RESERVED +CVE-2014-5381 (Grand MA 300 allows a brute-force attack on the PIN. ...) + TODO: check +CVE-2014-5380 (Grand MA 300 allows retrieval of the access PIN from sniffed data. ...) + TODO: check CVE-2014-5379 RESERVED CVE-2014-5378 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 1f3518322c..b1952ac329 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -365,14 +365,14 @@ CVE-2019-20214 RESERVED CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Info ...) NOT-FOR-US: D-Link -CVE-2019-20212 - RESERVED -CVE-2019-20211 - RESERVED -CVE-2019-20210 - RESERVED -CVE-2019-20209 - RESERVED +CVE-2019-20212 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...) + TODO: check +CVE-2019-20211 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...) + TODO: check +CVE-2019-20210 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...) + TODO: check +CVE-2019-20209 (The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBoo ...) + TODO: check CVE-2019-20208 (dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based ...) - gpac <unfixed> [buster] - gpac <no-dsa> (Minor issue) @@ -1217,8 +1217,8 @@ CVE-2019-19893 RESERVED CVE-2019-19892 RESERVED -CVE-2019-19891 - RESERVED +CVE-2019-19891 (An encryption key vulnerability on Mitel SIP-DECT wireless devices 8.0 ...) + TODO: check CVE-2019-19906 (cyrus-sasl (aka Cyrus SASL) 2.1.27 has an out-of-bounds write leading ...) {DSA-4591-1 DLA-2044-1} - cyrus-sasl2 2.1.27+dfsg-2 (bug #947043) @@ -1661,15 +1661,13 @@ CVE-2019-19730 RESERVED CVE-2019-19729 (An issue was discovered in the BSON ObjectID (aka bson-objectid) packa ...) NOT-FOR-US: bsjon-objectid node module -CVE-2019-19728 - RESERVED +CVE-2019-19728 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 executes srun --u ...) - slurm-llnl <unfixed> [buster] - slurm-llnl <no-dsa> (Minor issue) [stretch] - slurm-llnl <no-dsa> (Minor issue) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1159692 NOTE: Fixed upstream in 18.08.9, 19.05.5 -CVE-2019-19727 - RESERVED +CVE-2019-19727 (SchedMD Slurm before 18.08.9 and 19.x before 19.05.5 has weak slurmdbd ...) - slurm-llnl <unfixed> (unimportant) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1155784 NOTE: Fixed upstream in 18.08.9, 19.05.5 @@ -2136,8 +2134,8 @@ CVE-2019-19549 RESERVED CVE-2019-19548 RESERVED -CVE-2019-19547 - RESERVED +CVE-2019-19547 (Symantec Endpoint Detection and Response (SEDR), prior to 4.3.0, may b ...) + TODO: check CVE-2019-19546 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to an in ...) NOT-FOR-US: Norton Password Manager CVE-2019-19545 (Norton Password Manager, prior to 6.6.2.5, may be susceptible to a cro ...) @@ -3772,10 +3770,10 @@ CVE-2019-18896 RESERVED CVE-2019-18895 (Scanguard through 2019-11-12 on Windows has Insecure Permissions for t ...) NOT-FOR-US: Scanguard -CVE-2019-18894 - RESERVED -CVE-2019-18893 - RESERVED +CVE-2019-18894 (In Avast Premium Security 19.8.2393, attackers can send a specially cr ...) + TODO: check +CVE-2019-18893 (XSS in the Video Downloader component before 1.5 of Avast Secure Brows ...) + TODO: check CVE-2019-18892 RESERVED CVE-2019-18891 @@ -14180,6 +14178,7 @@ CVE-2019-14609 (Improper input validation in firmware for Intel(R) NUC(R) may al CVE-2019-14608 (Improper buffer restrictions in firmware for Intel(R) NUC(R) may allow ...) NOT-FOR-US: Intel CVE-2019-14607 (Improper conditions check in multiple Intel® Processors may allow ...) + {DSA-4565-2} - intel-microcode 3.20191115.1 NOTE: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00317.html CVE-2019-14606 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index fb236c6594..a93717c22d 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,11 +1,187 @@ +CVE-2020-6949 (A privilege escalation issue was discovered in the postUser function i ...) + TODO: check +CVE-2020-6948 (A remote code execution issue was discovered in HashBrown CMS through ...) + TODO: check +CVE-2020-6947 + RESERVED +CVE-2020-6946 + RESERVED +CVE-2020-6945 + RESERVED +CVE-2020-6944 + RESERVED +CVE-2020-6943 + RESERVED +CVE-2020-6942 + RESERVED +CVE-2020-6941 + RESERVED +CVE-2020-6940 + RESERVED +CVE-2020-6939 + RESERVED +CVE-2020-6938 + RESERVED +CVE-2020-6937 + RESERVED +CVE-2020-6936 + RESERVED +CVE-2020-6935 + RESERVED +CVE-2020-6934 + RESERVED +CVE-2020-6933 + RESERVED +CVE-2020-6932 + RESERVED +CVE-2020-6931 + RESERVED +CVE-2020-6930 + RESERVED +CVE-2020-6929 + RESERVED +CVE-2020-6928 + RESERVED +CVE-2020-6927 + RESERVED +CVE-2020-6926 + RESERVED +CVE-2020-6925 + RESERVED +CVE-2020-6924 + RESERVED +CVE-2020-6923 + RESERVED +CVE-2020-6922 + RESERVED +CVE-2020-6921 + RESERVED +CVE-2020-6920 + RESERVED +CVE-2020-6919 + RESERVED +CVE-2020-6918 + RESERVED +CVE-2020-6917 + RESERVED +CVE-2020-6916 + RESERVED +CVE-2020-6915 + RESERVED +CVE-2020-6914 + RESERVED +CVE-2020-6913 + RESERVED +CVE-2020-6912 + RESERVED +CVE-2020-6911 + RESERVED +CVE-2020-6910 + RESERVED +CVE-2020-6909 + RESERVED +CVE-2020-6908 + RESERVED +CVE-2020-6907 + RESERVED +CVE-2020-6906 + RESERVED +CVE-2020-6905 + RESERVED +CVE-2020-6904 + RESERVED +CVE-2020-6903 + RESERVED +CVE-2020-6902 + RESERVED +CVE-2020-6901 + RESERVED +CVE-2020-6900 + RESERVED +CVE-2020-6899 + RESERVED +CVE-2020-6898 + RESERVED +CVE-2020-6897 + RESERVED +CVE-2020-6896 + RESERVED +CVE-2020-6895 + RESERVED +CVE-2020-6894 + RESERVED +CVE-2020-6893 + RESERVED +CVE-2020-6892 + RESERVED +CVE-2020-6891 + RESERVED +CVE-2020-6890 + RESERVED +CVE-2020-6889 + RESERVED +CVE-2020-6888 + RESERVED +CVE-2020-6887 + RESERVED +CVE-2020-6886 + RESERVED +CVE-2020-6885 + RESERVED +CVE-2020-6884 + RESERVED +CVE-2020-6883 + RESERVED +CVE-2020-6882 + RESERVED +CVE-2020-6881 + RESERVED +CVE-2020-6880 + RESERVED +CVE-2020-6879 + RESERVED +CVE-2020-6878 + RESERVED +CVE-2020-6877 + RESERVED +CVE-2020-6876 + RESERVED +CVE-2020-6875 + RESERVED +CVE-2020-6874 + RESERVED +CVE-2020-6873 + RESERVED +CVE-2020-6872 + RESERVED +CVE-2020-6871 + RESERVED +CVE-2020-6870 + RESERVED +CVE-2020-6869 + RESERVED +CVE-2020-6868 + RESERVED +CVE-2020-6867 + RESERVED +CVE-2020-6866 + RESERVED +CVE-2020-6865 + RESERVED +CVE-2020-6864 + RESERVED +CVE-2020-6863 + RESERVED +CVE-2020-6862 + RESERVED CVE-2020-6861 RESERVED CVE-2020-6860 (libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hd ...) - libmysofa <unfixed> NOTE: https://github.com/hoene/libmysofa/issues/96 NOTE: https://github.com/hoene/libmysofa/commit/c31120a4ddfe3fc705cfdd74da7e884e1866da85 -CVE-2020-6859 - RESERVED +CVE-2020-6859 (Multiple Insecure Direct Object Reference vulnerabilities in includes/ ...) + TODO: check CVE-2020-6858 RESERVED CVE-2020-6857 @@ -3002,8 +3178,8 @@ CVE-2020-5392 RESERVED CVE-2020-5391 RESERVED -CVE-2020-5390 - RESERVED +CVE-2020-5390 (PySAML2 before 5.0.0 does not check that the signature in a SAML docum ...) + TODO: check CVE-2020-5389 RESERVED CVE-2020-5388 @@ -3408,8 +3584,8 @@ CVE-2020-5197 NOTE: https://about.gitlab.com/blog/2020/01/02/security-release-gitlab-12-6-2-released/ CVE-2020-5196 RESERVED -CVE-2020-5195 - RESERVED +CVE-2020-5195 (Reflected XSS through an IMG element in Cerberus FTP Server prior to v ...) + TODO: check CVE-2020-5194 RESERVED CVE-2020-5193 @@ -10178,7 +10354,7 @@ CVE-2020-1812 RESERVED CVE-2020-1811 RESERVED -CVE-2020-1810 (Huawei products CloudEngine 12800, S5700, and S6700 have a weak algori ...) +CVE-2020-1810 (Huawei products CloudEngine 12800;S5700;S6700 have a weak algorithm vu ...) NOT-FOR-US: Huawei CVE-2020-1809 RESERVED |