diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-11-24 08:10:36 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-11-24 08:10:36 +0000 |
commit | d02398bb08cecdc81de2d7aad9a13b36b70b219f (patch) | |
tree | 5572c6fa1d416a65a74693016111969f5d2c5dff /data | |
parent | c0233f8eb8a20d38a3c385a774d1ac79d0a77a84 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2015.list | 4 | ||||
-rw-r--r-- | data/CVE/2018.list | 20 | ||||
-rw-r--r-- | data/CVE/2020.list | 137 |
3 files changed, 101 insertions, 60 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 0e83507faa..a43c1e2e90 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -11712,8 +11712,8 @@ CVE-2015-5438 REJECTED CVE-2015-5437 REJECTED -CVE-2015-5436 - REJECTED +CVE-2015-5436 (A potential security vulnerability has been identified with HP Integra ...) + TODO: check CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 ...) NOT-FOR-US: HP CVE-2015-5434 (HPE Networking Products, originally branded as Comware 5, Comware 7, H ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 55a8601493..c5db0e0216 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -12311,16 +12311,16 @@ CVE-2018-16725 (An issue is discovered in baijiacms V4. XSS exists via the asset NOT-FOR-US: baijiacms CVE-2018-16724 (An issue is discovered in baijiacms V4. Blind SQL Injection exists via ...) NOT-FOR-US: baijiacms -CVE-2018-16723 - RESERVED -CVE-2018-16722 - RESERVED -CVE-2018-16721 - RESERVED -CVE-2018-16720 - RESERVED -CVE-2018-16719 - RESERVED +CVE-2018-16723 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) + TODO: check +CVE-2018-16722 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) + TODO: check +CVE-2018-16721 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) + TODO: check +CVE-2018-16720 (In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows ...) + TODO: check +CVE-2018-16719 (In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows ...) + TODO: check CVE-2018-16718 (An XSS vulnerability exists in wwwblast.c in the 2.0.7 through 2.2.26 ...) NOT-FOR-US: NCBI ToolBox CVE-2018-16717 (A heap-based buffer overflow exists in nph-viewgif.cgi in the 2.0.7 th ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index a0ed849889..a526ba328b 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,47 @@ +CVE-2020-29005 + RESERVED +CVE-2020-29004 + RESERVED +CVE-2020-29003 (The PollNY extension for MediaWiki through 1.35 allows XSS via an answ ...) + TODO: check +CVE-2020-29002 (includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki ...) + TODO: check +CVE-2020-29001 + RESERVED +CVE-2020-29000 + RESERVED +CVE-2020-28999 + RESERVED +CVE-2020-28998 + RESERVED +CVE-2020-28997 + RESERVED +CVE-2020-28996 + RESERVED +CVE-2020-28995 + RESERVED +CVE-2020-28994 + RESERVED +CVE-2020-28993 + RESERVED +CVE-2020-28992 + RESERVED +CVE-2020-28991 (Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git proto ...) + TODO: check +CVE-2020-28990 + RESERVED +CVE-2020-28989 + RESERVED +CVE-2020-28988 + RESERVED +CVE-2020-28987 + RESERVED +CVE-2020-28986 + RESERVED +CVE-2020-28985 + RESERVED +CVE-2020-28983 + RESERVED CVE-2020-28982 RESERVED CVE-2020-28981 @@ -12,10 +56,10 @@ CVE-2020-28977 RESERVED CVE-2020-28976 RESERVED -CVE-2020-28984 [identified authors can execute arbitrary PHP code] +CVE-2020-28984 (prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does ...) - spip 3.2.8-1 NOTE: https://git.spip.net/spip/spip/commit/ae4267eba1022dabc12831ddb021c5d6e09040f8 -CVE-2020-28975 (svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn ...) +CVE-2020-28975 (** DISPUTED ** svm_predict_values in svm.cpp in Libsvm v324, as used i ...) TODO: check CVE-2020-28973 RESERVED @@ -131,8 +175,8 @@ CVE-2020-28928 [wcsnrtombs destination buffer overflow] - musl <unfixed> (bug #975365) [buster] - musl <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/11/20/4 -CVE-2020-28927 - RESERVED +CVE-2020-28927 (There is a Stored XSS in Magicpin v2.1 in the User Registration sectio ...) + TODO: check CVE-2020-28926 RESERVED CVE-2020-28925 @@ -1335,8 +1379,8 @@ CVE-2020-28974 (A slab-out-of-bounds read in fbcon in the Linux kernel before 5. NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/2 CVE-2020-28361 (Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy So ...) TODO: check, this might be specific to Kamailio as used in the specified product -CVE-2020-28360 - RESERVED +CVE-2020-28360 (Insufficient RegEx in private-ip npm package v1.0.5 and below insuffic ...) + TODO: check CVE-2020-28359 RESERVED CVE-2020-28358 @@ -1359,8 +1403,8 @@ CVE-2020-28350 (A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sok NOT-FOR-US: SOWA SowaSQL CVE-2020-28349 (** DISPUTED ** An inaccurate frame deduplication process in ChirpStack ...) NOT-FOR-US: ChirpStack Network Server -CVE-2020-28348 - RESERVED +CVE-2020-28348 (HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker ...) + TODO: check CVE-2020-28347 (tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows rem ...) NOT-FOR-US: TP-Link CVE-2020-28346 @@ -4555,8 +4599,8 @@ CVE-2020-26892 (The JWT library in NATS nats-server before 2.1.9 has Incorrect A CVE-2020-26891 (AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS d ...) - matrix-synapse 1.21.1-1 NOTE: https://github.com/matrix-org/synapse/pull/8444 -CVE-2020-26890 - RESERVED +CVE-2020-26890 (Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Inf ...) + TODO: check CVE-2020-26889 RESERVED CVE-2020-26888 @@ -5917,16 +5961,16 @@ CVE-2020-26233 RESERVED CVE-2020-26232 RESERVED -CVE-2020-26231 - RESERVED +CVE-2020-26231 (October is a free, open-source, self-hosted CMS platform based on the ...) + TODO: check CVE-2020-26230 (Radar COVID is the official COVID-19 exposure notification app for Spa ...) NOT-FOR-US: Radar COVID -CVE-2020-26229 - RESERVED -CVE-2020-26228 - RESERVED -CVE-2020-26227 - RESERVED +CVE-2020-26229 (TYPO3 is an open source PHP based web content management system. In TY ...) + TODO: check +CVE-2020-26228 (TYPO3 is an open source PHP based web content management system. In TY ...) + TODO: check +CVE-2020-26227 (TYPO3 is an open source PHP based web content management system. In TY ...) + TODO: check CVE-2020-26226 (In the npm package semantic-release before version 17.2.3, secrets tha ...) NOT-FOR-US: semantic-release nodejs module CVE-2020-26225 (In PrestaShop Product Comments before version 4.2.0, an attacker could ...) @@ -7148,8 +7192,7 @@ CVE-2020-25697 RESERVED NOTE: Long-standing design limitation in X11, unlikely to get fixed until the world moves to Wayland NOTE: https://www.openwall.com/lists/oss-security/2020/11/09/3 -CVE-2020-25696 [psql's \gset allows overwriting specially treated variables] - RESERVED +CVE-2020-25696 (A flaw was found in the psql interactive terminal of PostgreSQL in ver ...) - postgresql-13 13.1-1 - postgresql-12 <unfixed> - postgresql-11 <removed> @@ -7188,8 +7231,7 @@ CVE-2020-25690 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1893188 CVE-2020-25689 (A memory leak flaw was found in WildFly in all versions up to 21.0.0.F ...) - wildfly <itp> (bug #752018) -CVE-2020-25688 - RESERVED +CVE-2020-25688 (A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two ...) NOT-FOR-US: Red Hat Advanced Cluster Management for Kubernetes (RHACM) CVE-2020-25687 RESERVED @@ -7259,8 +7301,7 @@ CVE-2020-25662 (A Red Hat only CVE-2020-12352 regression issue was found in the - linux <not-affected> (Red Hat-specific regression) CVE-2020-25661 (A Red Hat only CVE-2020-12351 regression issue was found in the way th ...) - linux <not-affected> (Red Hat-specific regression) -CVE-2020-25660 [cephx authentication protocol does not verify ceph clients correctly] - RESERVED +CVE-2020-25660 (A flaw was found in the Cephx authentication protocol in versions befo ...) - ceph <unfixed> (bug #975275) [buster] - ceph <not-affected> (Vulnerable code introduced later) [stretch] - ceph <not-affected> (Vulnerable code introduced later) @@ -10506,8 +10547,8 @@ CVE-2020-24229 RESERVED CVE-2020-24228 RESERVED -CVE-2020-24227 - RESERVED +CVE-2020-24227 (Playground Sessions v2.5.582 (and earlier) for Windows, stores the use ...) + TODO: check CVE-2020-24226 RESERVED CVE-2020-24225 @@ -27459,10 +27500,10 @@ CVE-2020-15931 (Netwrix Account Lockout Examiner before 5.1 allows remote attack NOT-FOR-US: Netwrix Account Lockout Examiner CVE-2020-15930 (An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary cod ...) NOT-FOR-US: Joplin desktop -CVE-2020-15929 - RESERVED -CVE-2020-15928 - RESERVED +CVE-2020-15929 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...) + TODO: check +CVE-2020-15928 (In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string paramet ...) + TODO: check CVE-2020-15927 (Zoho ManageEngine Applications Manager version 14740 and prior allows ...) NOT-FOR-US: Zoho ManageEngine Applications Manager CVE-2020-15926 (Rocket.Chat through 3.4.2 allows XSS where an attacker can send a spec ...) @@ -28744,10 +28785,10 @@ CVE-2020-15439 RESERVED CVE-2020-15438 RESERVED -CVE-2020-15437 - RESERVED -CVE-2020-15436 - RESERVED +CVE-2020-15437 (The Linux kernel before version 5.8 is vulnerable to a NULL pointer de ...) + TODO: check +CVE-2020-15436 (Use-after-free vulnerability in fs/block_dev.c in the Linux kernel bef ...) + TODO: check CVE-2020-15435 (This vulnerability allows remote attackers to execute arbitrary code o ...) NOT-FOR-US: CentOS-WebPanel.com CVE-2020-15434 (This vulnerability allows remote attackers to execute arbitrary code o ...) @@ -29182,14 +29223,14 @@ CVE-2020-15250 (In JUnit4 from version 4.7 and before 4.13.1, the test rule Temp [buster] - junit4 <no-dsa> (Minor issue) NOTE: https://github.com/junit-team/junit4/security/advisories/GHSA-269g-pwp5-87pp NOTE: https://github.com/junit-team/junit4/commit/610155b8c22138329f0723eec22521627dbc52ae -CVE-2020-15249 - RESERVED -CVE-2020-15248 - RESERVED -CVE-2020-15247 - RESERVED -CVE-2020-15246 - RESERVED +CVE-2020-15249 (October is a free, open-source, self-hosted CMS platform based on the ...) + TODO: check +CVE-2020-15248 (October is a free, open-source, self-hosted CMS platform based on the ...) + TODO: check +CVE-2020-15247 (October is a free, open-source, self-hosted CMS platform based on the ...) + TODO: check +CVE-2020-15246 (October is a free, open-source, self-hosted CMS platform based on the ...) + TODO: check CVE-2020-15245 (In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may registe ...) NOT-FOR-US: Sylius CVE-2020-15244 (In Magento (rubygems openmage/magento-lts package) before versions 19. ...) @@ -52813,8 +52854,8 @@ CVE-2020-5676 RESERVED CVE-2020-5675 RESERVED -CVE-2020-5674 - RESERVED +CVE-2020-5674 (Untrusted search path vulnerability in the installers of multiple SEIK ...) + TODO: check CVE-2020-5673 RESERVED CVE-2020-5672 @@ -52879,8 +52920,8 @@ CVE-2020-5643 (Improper input validation vulnerability in Cybozu Garoon 5.0.0 to NOT-FOR-US: Cybozu Garoon CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Live su ...) NOT-FOR-US: Live Chat -CVE-2020-5641 - RESERVED +CVE-2020-5641 (Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware v ...) + TODO: check CVE-2020-5640 (Local file inclusion vulnerability in OneThird CMS v1.96c and earlier ...) NOT-FOR-US: OneThird CMS CVE-2020-5639 @@ -56360,8 +56401,8 @@ CVE-2020-4008 RESERVED CVE-2020-4007 RESERVED -CVE-2020-4006 - RESERVED +CVE-2020-4006 (VMware Workspace One Access, Access Connector, Identity Manager, and I ...) + TODO: check CVE-2020-4005 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...) NOT-FOR-US: VMware CVE-2020-4004 (VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-2020111 ...) |