diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-24 20:10:35 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-24 20:10:35 +0000 |
commit | b01b0c27517c02a87fadd348c03052641764356a (patch) | |
tree | bb1ea096844f9486862b29afdbd8a06194ab1426 /data | |
parent | 09926273c3965d081244288fa8e491dc58efddee (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2011.list | 4 | ||||
-rw-r--r-- | data/CVE/2012.list | 8 | ||||
-rw-r--r-- | data/CVE/2013.list | 27 | ||||
-rw-r--r-- | data/CVE/2014.list | 18 | ||||
-rw-r--r-- | data/CVE/2015.list | 26 | ||||
-rw-r--r-- | data/CVE/2019.list | 44 | ||||
-rw-r--r-- | data/CVE/2020.list | 64 |
7 files changed, 105 insertions, 86 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 2be38a8c41..a27227c6e9 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -5421,7 +5421,7 @@ CVE-2011-3174 (Buffer overflow in the DoFindReplace function in the ISGrid.Grid2 NOT-FOR-US: Novell ZENworks Configuration Management CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in nippl ...) NOT-FOR-US: Novell Open Enterprise Server -CVE-2011-3172 (A vulnerability in pam_modules of SUSE SUSE Linux Enterprise allows at ...) +CVE-2011-3172 (A vulnerability in pam_modules of SUSE Linux Enterprise allows attacke ...) - libpam-unix2 <removed> NOTE: https://bugzilla.suse.com/show_bug.cgi?id=707645 NOTE: Issue was not fixed up to the version removed from unstable. @@ -12915,7 +12915,7 @@ CVE-2011-0469 (Code injection in openSUSE when running some source services used NOTE: Secondary fix: https://github.com/openSUSE/open-build-service/commit/23c8d21c75242999e29379e6ca8418a14c8725c6 CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and befo ...) NOT-FOR-US: OpenSUSE aaa_base package -CVE-2011-0467 (A vulnerability in the listing of available software of SUSE SUSE Stud ...) +CVE-2011-0467 (A vulnerability in the listing of available software of SUSE Studio On ...) NOT-FOR-US: SUSE Studio Onsite CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and 2. ...) NOT-FOR-US: openSUSE Build Service diff --git a/data/CVE/2012.list b/data/CVE/2012.list index bff9e8cc76..9784ad38cd 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -739,8 +739,8 @@ CVE-2012-6454 RESERVED CVE-2012-6452 (Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway ...) NOT-FOR-US: Axway Secure Messenger -CVE-2012-6451 - RESERVED +CVE-2012-6451 (Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass ...) + TODO: check CVE-2012-6450 RESERVED CVE-2012-6449 @@ -1051,8 +1051,8 @@ CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in generi - wavesurfer <not-affected> (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615) NOTE: http://secunia.com/advisories/49889/ NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2 -CVE-2012-6302 - RESERVED +CVE-2012-6302 (Soapbox through 0.3.1: Sandbox bypass - runs a second instance of Soap ...) + TODO: check CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ca ...) NOT-FOR-US: Android browser CVE-2012-6300 diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 1cfaf4e1bc..9de7a424c7 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -8324,8 +8324,7 @@ CVE-2013-4335 CVE-2013-4334 RESERVED NOT-FOR-US: opWebAPIPlugin -CVE-2013-4333 - RESERVED +CVE-2013-4333 (OpenPNE 3 versions 3.8.7, 3.6.11, 3.4.21.1, 3.2.7.6, 3.0.8.5 has an Ex ...) NOT-FOR-US: OpenPNE CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library (ak ...) {DLA-165-1} @@ -9446,8 +9445,8 @@ CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, NOT-FOR-US: Grandstream CVE-2013-3961 (SQL injection vulnerability in edit_event.php in Simple PHP Agenda bef ...) NOT-FOR-US: Simple PHP Agenda -CVE-2013-3960 - RESERVED +CVE-2013-3960 (Easytime Studio Easy File Manager 1.1 has a HTTP request security bypa ...) + TODO: check CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIM ...) NOT-FOR-US: Siemens WinCC CVE-2013-3958 (The login implementation in the Web Navigator in Siemens WinCC before ...) @@ -15889,16 +15888,16 @@ CVE-2013-1600 RESERVED CVE-2013-1599 RESERVED -CVE-2013-1598 - RESERVED -CVE-2013-1597 - RESERVED -CVE-2013-1596 - RESERVED -CVE-2013-1595 - RESERVED -CVE-2013-1594 - RESERVED +CVE-2013-1598 (A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras ...) + TODO: check +CVE-2013-1597 (A Directory Traversal vulnerability exists in Vivotek PT7135 IP Camera ...) + TODO: check +CVE-2013-1596 (An Authentication Bypass Vulnerability exists in Vivotek PT7135 IP Cam ...) + TODO: check +CVE-2013-1595 (A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 030 ...) + TODO: check +CVE-2013-1594 (An Information Disclosure vulnerability exists via a GET request in Vi ...) + TODO: check CVE-2013-1593 (A Denial of Service vulnerability exists in the WRITE_C function in th ...) NOT-FOR-US: SAP CVE-2013-1592 (A Buffer Overflow vulnerability exists in the Message Server service _ ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 3f27eb7d44..0fd372be95 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1923,8 +1923,7 @@ CVE-2014-9723 RESERVED CVE-2014-9722 RESERVED -CVE-2014-9720 - RESERVED +CVE-2014-9720 (Tornado before 3.2.2 sends arbitrary responses that contain a fixed CS ...) {DLA-475-1 DLA-279-1} - python-tornado 3.2.2-1 NOTE: https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308 @@ -16037,8 +16036,7 @@ CVE-2014-4174 (wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x [wheezy] - wireshark <not-affected> (Only affects 1.10.x) CVE-2014-4173 RESERVED -CVE-2014-4172 [php-cas unencoded tickets] - RESERVED +CVE-2014-4172 (A URL parameter injection vulnerability was found in the back-channel ...) {DSA-3017-1} - php-cas 1.3.3-1 (bug #759718) NOTE: https://github.com/Jasig/phpCAS/pull/125 @@ -22169,17 +22167,13 @@ CVE-2014-1928 (The shell_quote function in python-gnupg 0.3.5 does not properly CVE-2014-1927 (The shell_quote function in python-gnupg 0.3.5 does not properly quote ...) {DSA-2946-1} - python-gnupg 0.3.6-1 (bug #738509) -CVE-2014-1925 [SQL injection] - RESERVED +CVE-2014-1925 (SQL injection vulnerability in the MARC framework import/export functi ...) - koha <itp> (bug #702134) -CVE-2014-1924 [MARC framework import/export function did not require authentication] - RESERVED +CVE-2014-1924 (The MARC framework import/export function (admin/import_export_framewo ...) - koha <itp> (bug #702134) -CVE-2014-1923 [arbitrary file write trough edithelp.pl] - RESERVED +CVE-2014-1923 (Multiple directory traversal vulnerabilities in the (1) staff interfac ...) - koha <itp> (bug #702134) -CVE-2014-1922 [path traversal] - RESERVED +CVE-2014-1922 (Absolute path traversal vulnerability in tools/pdfViewer.pl in Koha be ...) - koha <itp> (bug #702134) CVE-2014-1921 (parcimonie before 0.8.1, when using a large keyring, sleeps for the sa ...) {DSA-2860-1} diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 1e44ff1075..784ccc04ba 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -15720,13 +15720,11 @@ CVE-2015-4012 RESERVED CVE-2015-4011 RESERVED -CVE-2015-4042 [buffer overflow related to SIZE_MAX - lenb - 2 < lena test] - RESERVED +CVE-2015-4042 (Integer overflow in the keycompare_mb function in sort.c in sort in GN ...) - coreutils <not-affected> (Debian does not apply coreutils-i18n.patch) NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940 NOTE: http://pkgs.fedoraproject.org/cgit/coreutils.git/plain/coreutils-i18n.patch -CVE-2015-4041 [heap overflow; size calculation without properly considering the number of bytes occupied by multibyte characters] - RESERVED +CVE-2015-4041 (The keycompare_mb function in sort.c in sort in GNU Coreutils through ...) - coreutils <not-affected> (Debian does not apply coreutils-i18n.patch) NOTE: https://bugzilla.suse.com/show_bug.cgi?id=928749 NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940 @@ -19040,14 +19038,12 @@ CVE-2015-2839 (The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses a NOT-FOR-US: Citrix NetScaler CVE-2015-2838 (Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix ...) NOT-FOR-US: Citrix NetScaler -CVE-2015-2929 [Dos against tor client; client to crash with an assertion failure] - RESERVED +CVE-2015-2929 (The Hidden Service (HS) client implementation in Tor before 0.2.4.27, ...) {DSA-3216-1 DLA-187-1} - tor 0.2.5.12-1 NOTE: https://trac.torproject.org/projects/tor/ticket/15601 NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5 -CVE-2015-2928 [DoS against hidden services] - RESERVED +CVE-2015-2928 (The Hidden Service (HS) server implementation in Tor before 0.2.4.27, ...) {DSA-3216-1 DLA-187-1} - tor 0.2.5.12-1 NOTE: https://trac.torproject.org/projects/tor/ticket/15600 @@ -19742,13 +19738,11 @@ CVE-2015-2677 (Multiple cross-site scripting (XSS) vulnerabilities in ocPortal b - ocportal <itp> (bug #625865) CVE-2015-2676 (Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 rou ...) NOT-FOR-US: Asus -CVE-2015-2689 [Assertion failure in dns.c, possibly connected to UDP DoS attack] - RESERVED +CVE-2015-2689 (Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not properly hand ...) {DSA-3203-1 DLA-178-1} - tor 0.2.5.11-1 NOTE: https://bugs.torproject.org/14129 -CVE-2015-2688 [relay could crash with an assertion] - RESERVED +CVE-2015-2688 (buf_pullup in Tor before 0.2.4.26 and 0.2.5.x before 0.2.5.11 does not ...) {DSA-3203-1 DLA-178-1} - tor 0.2.5.11-1 NOTE: https://trac.torproject.org/projects/tor/ticket/15083 @@ -22848,8 +22842,8 @@ CVE-2015-1532 RESERVED CVE-2015-1531 RESERVED -CVE-2015-1530 - RESERVED +CVE-2015-1530 (media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows at ...) + TODO: check CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android ...) NOT-FOR-US: Android CVE-2015-1528 (Integer overflow in the native_handle_create function in libcutils/nat ...) @@ -22858,8 +22852,8 @@ CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows loc NOT-FOR-US: Android CVE-2015-1526 (The media_server component in Android allows remote attackers to cause ...) NOT-FOR-US: Android -CVE-2015-1525 - RESERVED +CVE-2015-1525 (audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attacker ...) + TODO: check CVE-2015-1524 RESERVED CVE-2015-1523 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index dfc7953b8c..e18caeafa0 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -2041,10 +2041,10 @@ CVE-2019-19634 (class.upload.php in verot.net class.upload through 1.0.3 and 2.x NOT-FOR-US: K2 extension for Joomla! CVE-2019-19633 RESERVED -CVE-2019-19632 - RESERVED -CVE-2019-19631 - RESERVED +CVE-2019-19632 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...) + TODO: check +CVE-2019-19631 (An issue was discovered in Big Switch Big Monitoring Fabric 6.2 throug ...) + TODO: check CVE-2019-19630 (HTMLDOC 1.9.7 allows a stack-based buffer overflow in the hd_strlcpy() ...) {DLA-2026-1} - htmldoc 1.9.7-1 (low) @@ -2718,8 +2718,8 @@ CVE-2019-19365 RESERVED CVE-2019-19364 (A weak malicious user can escalate its privilege whenever CatalystProd ...) NOT-FOR-US: Sony Catalyst Production Suite -CVE-2019-19363 - RESERVED +CVE-2019-19363 (An issue was discovered in Ricoh (including Savin and Lanier) Windows ...) + TODO: check CVE-2019-19362 (An issue was discovered in the Chat functionality of the TeamViewer de ...) NOT-FOR-US: TeamViewer CVE-2019-19361 @@ -3935,8 +3935,8 @@ CVE-2019-18902 RESERVED CVE-2019-18901 RESERVED -CVE-2019-18900 - RESERVED +CVE-2019-18900 (: Incorrect Default Permissions vulnerability in libzypp of SUSE CaaS ...) + TODO: check CVE-2019-18899 (The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in use ...) - apt-cacher-ng <not-affected> (openSUSE specific systemd service unit configuration) CVE-2019-18898 (UNIX Symbolic Link (Symlink) Following vulnerability in the trousers p ...) @@ -43204,24 +43204,24 @@ CVE-2019-3701 (An issue was discovered in can_can_gw_rcv in net/can/gw.c in the [stretch] - linux 4.9.161-1 NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1120386 NOTE: https://marc.info/?l=linux-netdev&m=154651842302479&w=2 -CVE-2019-3700 - RESERVED -CVE-2019-3699 - RESERVED +CVE-2019-3700 (yast2-security didn't use secure defaults to protect passwords. This b ...) + TODO: check +CVE-2019-3699 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging ...) + TODO: check CVE-2019-3698 RESERVED -CVE-2019-3697 - RESERVED +CVE-2019-3697 (UNIX Symbolic Link (Symlink) Following vulnerability in the packaging ...) + TODO: check CVE-2019-3696 RESERVED CVE-2019-3695 RESERVED -CVE-2019-3694 - RESERVED -CVE-2019-3693 - RESERVED -CVE-2019-3692 - RESERVED +CVE-2019-3694 (A Symbolic Link (Symlink) Following vulnerability in the packaging of ...) + TODO: check +CVE-2019-3693 (A symlink following vulnerability in the packaging of mailman in SUSE ...) + TODO: check +CVE-2019-3692 (The packaging of inn on SUSE Linux Enterprise Server 11; openSUSE Fact ...) + TODO: check CVE-2019-3691 (A Symbolic Link (Symlink) Following vulnerability in the packaging of ...) TODO: check CVE-2019-3690 (The chkstat tool in the permissions package followed symlinks before c ...) @@ -43237,8 +43237,8 @@ CVE-2019-3689 (The nfs-utils package in SUSE Linux Enterprise Server 12 before a CVE-2019-3688 (The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterpri ...) - squid <not-affected> (/usr/lib/squid/pinger permissions are root:root) - squid3 <not-affected> (/usr/lib/squid/pinger permissions are root:root) -CVE-2019-3687 - RESERVED +CVE-2019-3687 (The permission package in SUSE Linux Enterprise Server allowed all loc ...) + TODO: check CVE-2019-3686 (openQA before commit c172e8883d8f32fced5e02f9b6faaacc913df27b was vuln ...) TODO: check CVE-2019-3685 (Open Build Service before version 0.165.4 diddn't validate TLS certifi ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index fcaac9a170..f106fcb87c 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,35 @@ +CVE-2020-7962 + RESERVED +CVE-2020-7961 + RESERVED +CVE-2020-7960 + RESERVED +CVE-2020-7959 + RESERVED +CVE-2020-7958 + RESERVED +CVE-2020-7957 + RESERVED +CVE-2020-7956 + RESERVED +CVE-2020-7955 + RESERVED +CVE-2020-7954 + RESERVED +CVE-2020-7953 + RESERVED +CVE-2020-7952 + RESERVED +CVE-2020-7951 + RESERVED +CVE-2020-7950 + RESERVED +CVE-2020-7949 + RESERVED +CVE-2020-7948 + RESERVED +CVE-2020-7947 + RESERVED CVE-2020-7946 RESERVED CVE-2020-7945 @@ -1442,8 +1474,8 @@ CVE-2020-7228 (The Calculated Fields Form plugin through 1.0.353 for WordPress s NOT-FOR-US: Calculated Fields Form plugin for WordPress CVE-2020-7227 (Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosur ...) NOT-FOR-US: Westermo MRD-315 devices -CVE-2020-7226 - RESERVED +CVE-2020-7226 (CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and ...) + TODO: check CVE-2020-7225 RESERVED CVE-2020-7224 @@ -2004,18 +2036,18 @@ CVE-2020-6968 RESERVED CVE-2020-6967 RESERVED -CVE-2020-6966 - RESERVED -CVE-2020-6965 - RESERVED -CVE-2020-6964 - RESERVED -CVE-2020-6963 - RESERVED -CVE-2020-6962 - RESERVED -CVE-2020-6961 - RESERVED +CVE-2020-6966 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) + TODO: check +CVE-2020-6965 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) + TODO: check +CVE-2020-6964 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) + TODO: check +CVE-2020-6963 (In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetr ...) + TODO: check +CVE-2020-6962 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...) + TODO: check +CVE-2020-6961 (In ApexPro Telemetry Server, Versions 4.2 and prior, CARESCAPE Telemet ...) + TODO: check CVE-2020-6960 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...) NOT-FOR-US: Honeywell CVE-2020-6959 (The following versions of MAXPRO VMS and NVR, MAXPRO VMS:HNMSWVMS prio ...) @@ -5577,8 +5609,8 @@ CVE-2020-5221 (In uftpd before 2.11, it is possible for an unauthenticated user NOT-FOR-US: uftpd CVE-2020-5220 RESERVED -CVE-2020-5219 - RESERVED +CVE-2020-5219 (Angular Expressions before version 1.0.1 has a remote code execution v ...) + TODO: check CVE-2020-5218 RESERVED CVE-2020-5217 (In Secure Headers (RubyGem secure_headers), a directive injection vuln ...) |