diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-03-11 20:10:22 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-03-11 20:10:22 +0000 |
commit | c31cec783259dd9e336381e2432bb8a492688dff (patch) | |
tree | 956d0e90536f8ed8c5a481a6e3f0642f3d2e4623 /data | |
parent | 22ae7ce255f82f0cff9e5f558f6d8844a4415229 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2011.list | 3 | ||||
-rw-r--r-- | data/CVE/2012.list | 3 | ||||
-rw-r--r-- | data/CVE/2013.list | 3 | ||||
-rw-r--r-- | data/CVE/2016.list | 3 | ||||
-rw-r--r-- | data/CVE/2019.list | 47 | ||||
-rw-r--r-- | data/CVE/2020.list | 39 |
6 files changed, 51 insertions, 47 deletions
diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 34bb9aa357..8a77a28600 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -7489,8 +7489,7 @@ CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-te - opie <removed> (bug #631344) CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which allows ...) NOT-FOR-US: Joomla! -CVE-2011-2487 - RESERVED +CVE-2011-2487 (The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncr ...) NOT-FOR-US: Apache CXF CVE-2011-2486 (nspluginwrapper before 1.4.4 does not properly provide access to NPNVp ...) - nspluginwrapper <unfixed> (bug #671846) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 36e2280875..b16a9b8f9d 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -13793,8 +13793,7 @@ CVE-2012-1104 (A Security Bypass vulnerability exists in the phpCAS 1.2.2 librar CVE-2012-1103 (emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs in ...) {DSA-2416-1} - notmuch 0.11.1-1 -CVE-2012-1101 - RESERVED +CVE-2012-1101 (systemd 37-1 does not properly handle non-existent services, which cau ...) - systemd 43-1 (bug #662029) CVE-2012-1100 (Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and ...) NOT-FOR-US: JBoss Operations Network diff --git a/data/CVE/2013.list b/data/CVE/2013.list index dc0721217e..4e4474f391 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -15168,8 +15168,7 @@ CVE-2013-1755 RESERVED CVE-2013-1754 RESERVED -CVE-2013-1753 - RESERVED +CVE-2013-1753 (The gzip_decode function in the xmlrpc client library in Python 3.4 an ...) - python2.5 <removed> (low) - python2.6 <removed> (low) - python2.7 2.7.9-1 (low; bug #742929) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index df975e5129..836a0408cc 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -16961,8 +16961,7 @@ CVE-2016-5388 (Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the NOTE: versions in Debian. NOTE: https://svn.apache.org/r1756941 (8.0.x) NOTE: https://svn.apache.org/r1756942 (7.0.x) -CVE-2016-1000111 - RESERVED +CVE-2016-1000111 (Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1 ...) - twisted <unfixed> (unimportant) [wheezy] - twisted <not-affected> (For wheezy affected file twcgi.py is in src:twisted-web) - twisted-web <removed> diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 833e91b29b..88f39c82f9 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -13,6 +13,7 @@ CVE-2019-20505 CVE-2019-20504 (service/krashrpt.php in Quest KACE K1000 Systems Management Appliance ...) NOT-FOR-US: Quest KACE CVE-2019-20503 (usrsctp before 2019-12-20 has out-of-bounds reads in sctp_load_address ...) + {DSA-4639-1} - libusrsctp <unfixed> (bug #953270) - firefox <unfixed> - firefox-esr 68.6.0esr-1 @@ -3021,8 +3022,8 @@ CVE-2019-19383 (freeFTPd 1.0.8 has a Post-Authentication Buffer Overflow via a c NOT-FOR-US: freeFTPd CVE-2019-19382 (Max Secure Anti Virus Plus 19.0.4.020 has Insecure Permissions on the ...) NOT-FOR-US: Max Secure Anti Virus Plus -CVE-2019-19381 - RESERVED +CVE-2019-19381 (oauth/oauth2/v1/saml/ in Abacus OAuth Login 2019_01_r4_20191021_0000 b ...) + TODO: check CVE-2019-19380 RESERVED CVE-2019-19379 (In app/Controller/TagsController.php in MISP 2.4.118, users can bypass ...) @@ -7934,7 +7935,7 @@ CVE-2019-17373 (Certain NETGEAR devices allow unauthenticated access to critical NOT-FOR-US: NETGEAR CVE-2019-17372 (Certain NETGEAR devices allow remote attackers to disable all authenti ...) NOT-FOR-US: NETGEAR -CVE-2019-17371 (libpng 1.6.37 has memory leaks in png_malloc_warn and png_create_info_ ...) +CVE-2019-17371 (gif2png 2.5.13 has a memory leak in the writefile function. ...) - gif2png <removed> (unimportant) NOTE: https://github.com/glennrp/libpng/issues/307 NOTE: Initially filed for libpng, but the bug is actually in gif2png @@ -11007,8 +11008,8 @@ CVE-2019-16109 (An issue was discovered in Plataformatec Devise before 4.7.1. It NOT-FOR-US: Plataformatec Devise CVE-2019-16108 RESERVED -CVE-2019-16107 - RESERVED +CVE-2019-16107 (Missing form token validation in phpBB 3.2.7 allows CSRF in deleting p ...) + TODO: check CVE-2019-16106 (The Recruitment module in Humanica Humatrix 7 1.0.0.203 and 1.0.0.681 ...) NOT-FOR-US: Recruitment module in Humanica Humatrix CVE-2019-16105 (Silver Peak EdgeConnect SD-WAN before 8.1.7.x allows ..%2f directory t ...) @@ -30992,26 +30993,26 @@ CVE-2019-9106 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEB NOT-FOR-US: SAET Impianti Speciali TEBE Small devices CVE-2019-9105 (The WebApp v04.68 in the supervisor on SAET Impianti Speciali TEBE Sma ...) NOT-FOR-US: SAET Impianti Speciali TEBE Small devices -CVE-2019-9104 - RESERVED -CVE-2019-9103 - RESERVED -CVE-2019-9102 - RESERVED -CVE-2019-9101 - RESERVED +CVE-2019-9104 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9103 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9102 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9101 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check CVE-2019-9100 RESERVED -CVE-2019-9099 - RESERVED -CVE-2019-9098 - RESERVED -CVE-2019-9097 - RESERVED -CVE-2019-9096 - RESERVED -CVE-2019-9095 - RESERVED +CVE-2019-9099 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9098 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9097 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9096 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check +CVE-2019-9095 (An issue was discovered on Moxa MGate MB3170 and MB3270 devices before ...) + TODO: check CVE-2019-9094 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...) NOT-FOR-US: Humhub CVE-2019-9093 (A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 0c9599a011..08c7a2260f 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -16,8 +16,8 @@ CVE-2020-10378 RESERVED CVE-2020-10377 RESERVED -CVE-2020-10376 - RESERVED +CVE-2020-10376 (Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to ...) + TODO: check CVE-2020-10375 RESERVED CVE-2020-10374 @@ -423,8 +423,8 @@ CVE-2020-10183 RESERVED CVE-2020-10182 RESERVED -CVE-2020-10181 - RESERVED +CVE-2020-10181 (goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4. ...) + TODO: check CVE-2020-10180 (The ESET AV parsing engine allows virus-detection bypass via a crafted ...) NOT-FOR-US: ESET AV parsing engine CVE-2020-10179 @@ -3900,8 +3900,8 @@ CVE-2020-8542 RESERVED CVE-2020-8541 RESERVED -CVE-2020-8540 - RESERVED +CVE-2020-8540 (An XML external entity (XXE) vulnerability iin Zoho ManageEngine Deskt ...) + TODO: check CVE-2020-8539 RESERVED CVE-2020-8538 @@ -7612,6 +7612,7 @@ CVE-2020-6815 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6815 CVE-2020-6814 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6814 @@ -7622,12 +7623,14 @@ CVE-2020-6813 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6813 CVE-2020-6812 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6812 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6812 CVE-2020-6811 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6811 @@ -7646,18 +7649,21 @@ CVE-2020-6808 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6808 CVE-2020-6807 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6807 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6807 CVE-2020-6806 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6806 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-08/#CVE-2020-6806 CVE-2020-6805 RESERVED + {DSA-4639-1} - firefox <unfixed> - firefox-esr 68.6.0esr-1 NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2020-09/#CVE-2020-6805 @@ -10952,11 +10958,13 @@ CVE-2020-5261 CVE-2020-5260 RESERVED CVE-2020-5259 (In affected versions of dojox (NPM package), the jqMix method is vulne ...) + {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953587) [buster] - dojo <no-dsa> (Minor issue) NOTE: https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw NOTE: https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da CVE-2020-5258 (In affected versions of dojo (NPM package), the deepCopy method is vul ...) + {DLA-2139-1} - dojo 1.15.3+dfsg1-1 (bug #953585) [buster] - dojo <no-dsa> (Minor issue) NOTE: https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2 @@ -11129,8 +11137,8 @@ CVE-2020-5205 (In Pow (Hex package) before 1.0.16, the use of Plug.Session in Po NOT-FOR-US: Pow CVE-2020-5204 (In uftpd before 2.11, there is a buffer overflow vulnerability in hand ...) NOT-FOR-US: uftpd -CVE-2020-5203 - RESERVED +CVE-2020-5203 (In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code exec ...) + TODO: check CVE-2020-5202 (apt-cacher-ng through 3.3 allows local users to obtain sensitive infor ...) - apt-cacher-ng 3.3.1-1 [buster] - apt-cacher-ng <no-dsa> (Minor issue) @@ -17684,12 +17692,12 @@ CVE-2020-1983 RESERVED CVE-2020-1982 RESERVED -CVE-2020-1981 - RESERVED -CVE-2020-1980 - RESERVED -CVE-2020-1979 - RESERVED +CVE-2020-1981 (A predictable temporary filename vulnerability in PAN-OS allows local ...) + TODO: check +CVE-2020-1980 (A shell command injection vulnerability in the PAN-OS CLI allows a loc ...) + TODO: check +CVE-2020-1979 (A format string vulnerability in the PAN-OS log daemon (logd) on Panor ...) + TODO: check CVE-2020-1978 RESERVED CVE-2020-1977 (Insufficient Cross-Site Request Forgery (XSRF) protection on Expeditio ...) @@ -18278,8 +18286,7 @@ CVE-2020-1734 (A flaw was found in the pipe lookup plugin of ansible. Arbitrary NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801804 NOTE: https://github.com/ansible/ansible/issues/6550 NOTE: https://github.com/ansible/ansible/issues/67792 -CVE-2020-1733 [insecure temporary directory when running become_user from become directive] - RESERVED +CVE-2020-1733 (A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2. ...) - ansible <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1801735 CVE-2020-1732 |