automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-03-11 20:10:22 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-03-11 20:10:22 +0000
commit: c31cec783259dd9e336381e2432bb8a492688dff (patch)
tree: 956d0e90536f8ed8c5a481a6e3f0642f3d2e4623 /data
parent: 22ae7ce255f82f0cff9e5f558f6d8844a4415229 (diff)
6 files changed, 51 insertions, 47 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list
index 34bb9aa357..8a77a28600 100644
--- a/data/CVE/2011.list
+++ b/data/CVE/2011.list
@@ -7489,8 +7489,7 @@ CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-te
 	- opie <removed> (bug #631344)
 CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which allows ...)
 	NOT-FOR-US: Joomla!
-CVE-2011-2487
-	RESERVED
+CVE-2011-2487 (The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncr ...)
 	NOT-FOR-US: Apache CXF
 CVE-2011-2486 (nspluginwrapper before 1.4.4 does not properly provide access to NPNVp ...)
 	- nspluginwrapper <unfixed> (bug #671846)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index 36e2280875..b16a9b8f9d 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -13793,8 +13793,7 @@ CVE-2012-1104 (A Security Bypass vulnerability exists in the phpCAS 1.2.2 librar
 CVE-2012-1103 (emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs in ...)
 	{DSA-2416-1}
 	- notmuch 0.11.1-1
-CVE-2012-1101
-	RESERVED
+CVE-2012-1101 (systemd 37-1 does not properly handle non-existent services, which cau ...)
 	- systemd 43-1 (bug #662029)
 CVE-2012-1100 (Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and  ...)
 	NOT-FOR-US: JBoss Operations Network
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index dc0721217e..4e4474f391 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -15168,8 +15168,7 @@ CVE-2013-1755
 	RESERVED
 CVE-2013-1754
 	RESERVED
-CVE-2013-1753
-	RESERVED
+CVE-2013-1753 (The gzip_decode function in the xmlrpc client library in Python 3.4 an ...)
 	- python2.5 <removed> (low)
 	- python2.6 <removed> (low)
 	- python2.7 2.7.9-1 (low; bug #742929)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index df975e5129..836a0408cc 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -16961,8 +16961,7 @@ CVE-2016-5388 (Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the
 	NOTE: versions in Debian.
 	NOTE: https://svn.apache.org/r1756941 (8.0.x)
 	NOTE: https://svn.apache.org/r1756942 (7.0.x)
-CVE-2016-1000111
-	RESERVED
+CVE-2016-1000111 (Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1 ...)
 	- twisted <unfixed> (unimportant)
 	[wheezy] - twisted <not-affected> (For wheezy affected file twcgi.py is in src:twisted-web)
 	- twisted-web <removed>
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 833e91b29b..88f39c82f9 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -13,6 +13,7 @@ CVE-2019-20505
 CVE-2019-20504 (service/krashrpt.php in Quest KACE K1000 Systems Management Appliance  ...)
 	NOT-FOR-US: Quest KACE
 CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...)
+	{DSA-4639-1}
 	- libusrsctp <unfixed> (bug #953270)
 	- firefox <unfixed>
 	- firefox-esr 68.6.0esr-1
@@ -3021,8 +3022,8 @@ CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a c
 	NOT-FOR-US: freeFTPd
 CVE-2019-19382 (Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the  ...)
 	NOT-FOR-US: Max Secure Anti Virus Plus
-CVE-2019-19381
-	RESERVED
+CVE-2019-19381 (oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 b ...)
+	TODO: check
 CVE-2019-19380
 	RESERVED
 CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users can bypass ...)
@@ -7934,7 +7935,7 @@ CVE-2019-17373 (Certain NETGEAR devices allow unauthenticated access to critical
 	NOT-FOR-US: NETGEAR
 CVE-2019-17372 (Certain NETGEAR devices allow remote attackers to disable all authenti ...)
 	NOT-FOR-US: NETGEAR
-CVE-2019-17371 (libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_ ...)
+CVE-2019-17371 (gif2png 2.5.13 has a memory leak in the writefile function. ...)
 	- gif2png <removed> (unimportant)
 	NOTE: https://github.com/glennrp/libpng/issues/307
 	NOTE: Initially filed for libpng, but the bug is actually in gif2png
@@ -11007,8 +11008,8 @@ CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It
 	NOT-FOR-US: Plataformatec Devise
 CVE-2019-16108
 	RESERVED
-CVE-2019-16107
-	RESERVED
+CVE-2019-16107 (Missing form token validation in phpBB 3.2.7 allows CSRF in deleting p ...)
+	TODO: check
 CVE-2019-16106 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681  ...)
 	NOT-FOR-US: Recruitment module in Humanica Humatrix
 CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...)
@@ -30992,26 +30993,26 @@ CVE-2019-9106 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEB
 	NOT-FOR-US: SAET Impianti Speciali TEBE Small devices
 CVE-2019-9105 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...)
 	NOT-FOR-US: SAET Impianti Speciali TEBE Small devices
-CVE-2019-9104
-	RESERVED
-CVE-2019-9103
-	RESERVED
-CVE-2019-9102
-	RESERVED
-CVE-2019-9101
-	RESERVED
+CVE-2019-9104 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+	TODO: check
+CVE-2019-9103 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+	TODO: check
+CVE-2019-9102 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+	TODO: check
+CVE-2019-9101 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+	TODO: check
 CVE-2019-9100
 	RESERVED
-CVE-2019-9099
-	RESERVED
-CVE-2019-9098
-	RESERVED
-CVE-2019-9097
-	RESERVED
-CVE-2019-9096
-	RESERVED
-CVE-2019-9095
-	RESERVED
+CVE-2019-9099 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+	TODO: check
+CVE-2019-9098 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+	TODO: check
+CVE-2019-9097 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+	TODO: check
+CVE-2019-9096 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+	TODO: check
+CVE-2019-9095 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...)
+	TODO: check
 CVE-2019-9094 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
 	NOT-FOR-US: Humhub
 CVE-2019-9093 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index 0c9599a011..08c7a2260f 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -16,8 +16,8 @@ CVE-2020-10378
 	RESERVED
 CVE-2020-10377
 	RESERVED
-CVE-2020-10376
-	RESERVED
+CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...)
+	TODO: check
 CVE-2020-10375
 	RESERVED
 CVE-2020-10374
@@ -423,8 +423,8 @@ CVE-2020-10183
 	RESERVED
 CVE-2020-10182
 	RESERVED
-CVE-2020-10181
-	RESERVED
+CVE-2020-10181 (goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4. ...)
+	TODO: check
 CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...)
 	NOT-FOR-US: ESET AV parsing engine
 CVE-2020-10179
@@ -3900,8 +3900,8 @@ CVE-2020-8542
 	RESERVED
 CVE-2020-8541
 	RESERVED
-CVE-2020-8540
-	RESERVED
+CVE-2020-8540 (An XML external entity (XXE) vulnerability iin Zoho ManageEngine Deskt ...)
+	TODO: check
 CVE-2020-8539
 	RESERVED
 CVE-2020-8538
@@ -7612,6 +7612,7 @@ CVE-2020-6815
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815
 CVE-2020-6814
 	RESERVED
+	{DSA-4639-1}
 	- firefox <unfixed>
 	- firefox-esr 68.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814
@@ -7622,12 +7623,14 @@ CVE-2020-6813
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813
 CVE-2020-6812
 	RESERVED
+	{DSA-4639-1}
 	- firefox <unfixed>
 	- firefox-esr 68.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812
 CVE-2020-6811
 	RESERVED
+	{DSA-4639-1}
 	- firefox <unfixed>
 	- firefox-esr 68.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811
@@ -7646,18 +7649,21 @@ CVE-2020-6808
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808
 CVE-2020-6807
 	RESERVED
+	{DSA-4639-1}
 	- firefox <unfixed>
 	- firefox-esr 68.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807
 CVE-2020-6806
 	RESERVED
+	{DSA-4639-1}
 	- firefox <unfixed>
 	- firefox-esr 68.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806
 CVE-2020-6805
 	RESERVED
+	{DSA-4639-1}
 	- firefox <unfixed>
 	- firefox-esr 68.6.0esr-1
 	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805
@@ -10952,11 +10958,13 @@ CVE-2020-5261
 CVE-2020-5260
 	RESERVED
 CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...)
+	{DLA-2139-1}
 	- dojo 1.15.3+dfsg1-1 (bug #953587)
 	[buster] - dojo <no-dsa> (Minor issue)
 	NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw
 	NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da
 CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...)
+	{DLA-2139-1}
 	- dojo 1.15.3+dfsg1-1 (bug #953585)
 	[buster] - dojo <no-dsa> (Minor issue)
 	NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2
@@ -11129,8 +11137,8 @@ CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Po
 	NOT-FOR-US: Pow
 CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...)
 	NOT-FOR-US: uftpd
-CVE-2020-5203
-	RESERVED
+CVE-2020-5203 (In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code exec ...)
+	TODO: check
 CVE-2020-5202 (apt-cacher-ng through 3.3 allows local users to obtain sensitive infor ...)
 	- apt-cacher-ng 3.3.1-1
 	[buster] - apt-cacher-ng <no-dsa> (Minor issue)
@@ -17684,12 +17692,12 @@ CVE-2020-1983
 	RESERVED
 CVE-2020-1982
 	RESERVED
-CVE-2020-1981
-	RESERVED
-CVE-2020-1980
-	RESERVED
-CVE-2020-1979
-	RESERVED
+CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local  ...)
+	TODO: check
+CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...)
+	TODO: check
+CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...)
+	TODO: check
 CVE-2020-1978
 	RESERVED
 CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...)
@@ -18278,8 +18286,7 @@ CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804
 	NOTE: https://github.com/ansible/ansible/issues/6550
 	NOTE: https://github.com/ansible/ansible/issues/67792
-CVE-2020-1733 [insecure temporary directory when running become_user from become directive]
-	RESERVED
+CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...)
 	- ansible <unfixed>
 	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735
 CVE-2020-1732
author	security tracker role <sectracker@soriano.debian.org>	2020-03-11 20:10:22 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-03-11 20:10:22 +0000
commit	c31cec783259dd9e336381e2432bb8a492688dff (patch)
tree	956d0e90536f8ed8c5a481a6e3f0642f3d2e4623 /data
parent	22ae7ce255f82f0cff9e5f558f6d8844a4415229 (diff)