diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-18 20:10:25 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-18 20:10:25 +0000 |
commit | dddc605831b1e59b08a12443e3c382a7d8261a36 (patch) | |
tree | 358bb7640cd8733800a3e99d10a51a194a780657 /data | |
parent | 3b0f654f8871a12186ac2af77502581e89363a68 (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2009.list | 2 | ||||
-rw-r--r-- | data/CVE/2012.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 28 | ||||
-rw-r--r-- | data/CVE/2014.list | 13 | ||||
-rw-r--r-- | data/CVE/2015.list | 20 | ||||
-rw-r--r-- | data/CVE/2019.list | 33 | ||||
-rw-r--r-- | data/CVE/2020.list | 474 |
7 files changed, 510 insertions, 64 deletions
diff --git a/data/CVE/2009.list b/data/CVE/2009.list index d931e76ccf..d56eb7dc9b 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -53,7 +53,7 @@ CVE-2009-5147 (DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchle NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220 NOTE: DL has been replaced in 2.2 with Fiddle which has the same problem according to maintainer. CVE-2009-5146 [memory leak in hostname TLS extension] - RESERVED + REJECTED - openssl 0.9.8k-1 NOTE: Fixed by: https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424 (OpenSSL_0_9_8k) NOTE: Introduced by: https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315 (OpenSSL_0_9_8f) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index f356caa80c..4b3204d264 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -14732,8 +14732,8 @@ CVE-2012-0720 (Cross-site scripting (XSS) vulnerability in the Integration Solut NOT-FOR-US: IBM WebSphere Application CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint Manage ...) NOT-FOR-US: IBM Tivoli Endpoint Manager -CVE-2012-0718 - RESERVED +CVE-2012-0718 (IBM Tivoli Endpoint Manager 8 does not set the HttpOnly flag on cookie ...) + TODO: check CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain S ...) NOT-FOR-US: IBM WebSphere Application Server CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index e27dd5420d..7e379a9ac2 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -3412,8 +3412,8 @@ CVE-2013-6297 RESERVED CVE-2013-6296 RESERVED -CVE-2013-6295 - RESERVED +CVE-2013-6295 (PrestaShop 1.5.5 vulnerable to privilege escalation via a Salesman acc ...) + TODO: check CVE-2013-6294 RESERVED CVE-2013-6293 @@ -5135,8 +5135,8 @@ CVE-2013-5595 (The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR [wheezy] - iceape <end-of-life> - icedove 17.0.10-1 - iceape <removed> -CVE-2013-5594 - RESERVED +CVE-2013-5594 (Mozilla Firefox before 25 allows modification of anonymous content of ...) + TODO: check CVE-2013-5593 (The SELECT element implementation in Mozilla Firefox before 25.0, Fire ...) - iceweasel 24.1.0esr-1 [wheezy] - iceweasel <not-affected> (Only affects Firefox > 17) @@ -7860,8 +7860,7 @@ CVE-2013-4456 RESERVED CVE-2013-4455 (Katello Installer before 0.0.18 uses world-readable permissions for /e ...) NOT-FOR-US: Katello -CVE-2013-4454 - RESERVED +CVE-2013-4454 (WordPress Portable phpMyAdmin Plugin 1.4.1 has Multiple Security Bypas ...) NOT-FOR-US: WordPress plugin CVE-2013-4453 (Cross-site scripting (XSS) vulnerability in templates/login.php in LDA ...) - ldap-account-manager 4.4-1 (medium; bug #726976) @@ -8661,14 +8660,11 @@ CVE-2013-4230 (The mm_webform submodule in the Monster Menus module 6.x-6.x befo NOT-FOR-US: Monster Menus Drupal contributed module CVE-2013-4229 (Cross-site scripting (XSS) vulnerability in the Monster Menus module 7 ...) NOT-FOR-US: Monster Menus Drupal contributed module -CVE-2013-4228 - RESERVED +CVE-2013-4228 (The OG access fields (visibility fields) implementation in Organic Gro ...) NOT-FOR-US: Organic Group Drupal contributed module -CVE-2013-4227 - RESERVED +CVE-2013-4227 (Cross-site request forgery (CSRF) vulnerability in the persona_xsrf_to ...) NOT-FOR-US: Persona Drupal contributed module -CVE-2013-4226 - RESERVED +CVE-2013-4226 (The Authenticated User Page Caching (Authcache) module 7.x-1.x before ...) NOT-FOR-US: Authenticated User Page Caching Drupal contributed module CVE-2013-4225 (The RESTful Web Services (restws) module 7.x-1.x before 7.x-1.4 and 7. ...) NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module @@ -10839,8 +10835,8 @@ CVE-2013-3325 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.20 NOT-FOR-US: Adobe Flash Player CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...) NOT-FOR-US: Adobe Flash Player -CVE-2013-3323 - RESERVED +CVE-2013-3323 (A Privilege Escalation Vulnerability exists in IBM Maximo Asset Manage ...) + TODO: check CVE-2013-3322 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...) NOT-FOR-US: NetApp OnCommand System Manager CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...) @@ -12409,8 +12405,8 @@ CVE-2013-2681 (Cisco Linksys E4200 1.0.05 Build 7 devices contain a Security Byp NOT-FOR-US: Cisco CVE-2013-2680 (Cisco Linksys E4200 1.0.05 Build 7 devices store passwords in cleartex ...) NOT-FOR-US: Cisco -CVE-2013-2679 - RESERVED +CVE-2013-2679 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E ...) + TODO: check CVE-2013-2678 (Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Includ ...) NOT-FOR-US: Cisco CVE-2013-2677 diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 05c685fb23..8cf855544e 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -14124,12 +14124,10 @@ CVE-2014-4969 RESERVED CVE-2014-4968 (The WebView class and use of the WebView.addJavascriptInterface method ...) NOT-FOR-US: Boat Browser application for Android -CVE-2014-4967 - RESERVED +CVE-2014-4967 (Multiple argument injection vulnerabilities in Ansible before 1.6.7 al ...) - ansible 1.6.8+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871 -CVE-2014-4966 - RESERVED +CVE-2014-4966 (Ansible before 1.6.7 does not prevent inventory data with "{{" and "lo ...) - ansible 1.6.8+dfsg-1 NOTE: https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871 CVE-2014-4965 (Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 ...) @@ -14818,8 +14816,7 @@ CVE-2014-4662 RESERVED CVE-2014-4661 (Cross-site scripting (XSS) vulnerability in HP Records Manager before ...) NOT-FOR-US: HP Records Manager -CVE-2014-4651 - RESERVED +CVE-2014-4651 (It was found that the jclouds scriptbuilder Statements class wrote a t ...) NOT-FOR-US: JClouds CVE-2014-4647 (Stack-based buffer overflow in the loadExtensionFactory method in the ...) NOT-FOR-US: Embarcadero ER/Studio Data Architect @@ -16705,8 +16702,8 @@ CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel [squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts) - kfreebsd-9 <removed> - kfreebsd-10 10.0-6 -CVE-2014-3879 - RESERVED +CVE-2014-3879 (OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error ...) + TODO: check CVE-2014-3878 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...) NOT-FOR-US: IPSwitch IMail CVE-2014-3877 (Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index 6d529578f3..b1cf31c655 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -6118,8 +6118,7 @@ CVE-2015-7569 (SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yea NOT-FOR-US: Yeager CMS CVE-2015-7568 (SQL injection vulnerability in the password recovery feature in Yeager ...) NOT-FOR-US: Yeager CMS -CVE-2015-7567 - RESERVED +CVE-2015-7567 (SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attacker ...) NOT-FOR-US: Yeager CMS CVE-2015-7566 (The clie_5_attach function in drivers/usb/serial/visor.c in the Linux ...) {DSA-3448-1 DLA-412-1} @@ -6367,24 +6366,21 @@ CVE-2015-7508 (Heap-based buffer overflow in the bmp_decode_rle function in libn - netsurf 3.2+dfsg-3 (bug #810491) [jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs) [wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs) -CVE-2015-7507 [out-of-bounds read] - RESERVED +CVE-2015-7507 (libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cau ...) - libnsbmp <removed> [squeeze] - libnsbmp <no-dsa> (Library not used anywhere in Debian) NOTE: http://source.netsurf-browser.org/libnsbmp.git/commit/?id=49427b52ba41a1813e3822301612e2e170107efd - netsurf 3.2+dfsg-3 (bug #810491) [jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs) [wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs) -CVE-2015-7506 [out-of-bounds read] - RESERVED +CVE-2015-7506 (The gif_next_LZW function in libnsgif.c in Libnsgif 0.1.2 allows conte ...) - libnsgif <removed> [squeeze] - libnsgif <no-dsa> (Library not used anywhere in Debian) NOTE: http://source.netsurf-browser.org/libnsgif.git/commit/?id=088fa0819f1aeaf212a95caf7393a38c1640b5f0 - netsurf 3.2+dfsg-3 (bug #810491) [jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs) [wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs) -CVE-2015-7505 [stack overflow] - RESERVED +CVE-2015-7505 (Stack-based buffer overflow in the gif_next_LZW function in libnsgif.c ...) - libnsgif <removed> [squeeze] - libnsgif <no-dsa> (Library not used anywhere in Debian) NOTE: http://source.netsurf-browser.org/libnsgif.git/commit/?id=a268d2c15252ac58c19f1b19771822c66bcf73b2 @@ -7687,8 +7683,8 @@ CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Rea NOT-FOR-US: Openfire CVE-2015-6971 (Lenovo System Update (formerly ThinkVantage System Update) before 5.07 ...) NOT-FOR-US: Lenovo -CVE-2015-6970 - RESERVED +CVE-2015-6970 (The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night ...) + TODO: check CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 ...) - serendipity <removed> CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the serendipity_isAct ...) @@ -23214,8 +23210,8 @@ CVE-2015-1430 (Buffer overflow in xymon 4.3.17-1. ...) [wheezy] - xymon <not-affected> (Vulnerable code not present) NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/ NOTE: http://www.openwall.com/lists/oss-security/2015/01/30/17 -CVE-2015-1425 - RESERVED +CVE-2015-1425 (JAKWEB Gecko CMS has Multiple Input Validation Vulnerabilities ...) + TODO: check CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2 ...) NOT-FOR-US: Gecko CMS CVE-2015-1423 (Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 83208303cb..e89ae29aeb 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -5525,8 +5525,8 @@ CVE-2019-18354 RESERVED CVE-2019-18353 RESERVED -CVE-2019-18352 - RESERVED +CVE-2019-18352 (Improper access control exists on PHOENIX CONTACT FL NAT 2208 devices ...) + TODO: check CVE-2019-18351 RESERVED CVE-2019-18350 (In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET ...) @@ -11162,6 +11162,7 @@ CVE-2019-15963 CVE-2019-15962 (A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoin ...) NOT-FOR-US: Cisco CVE-2019-15961 (A vulnerability in the email parsing module Clam AntiVirus (ClamAV) So ...) + {DLA-2108-1} - clamav 0.102.1+dfsg-1 (bug #945265) [buster] - clamav 0.102.1+dfsg-0+deb10u1 [stretch] - clamav 0.102.1+dfsg-0+deb9u2 @@ -11416,8 +11417,8 @@ CVE-2019-15877 RESERVED CVE-2019-15876 RESERVED -CVE-2019-15875 - RESERVED +CVE-2019-15875 (In FreeBSD 12.1-STABLE before r354734, 12.1-RELEASE before 12.1-RELEAS ...) + TODO: check CVE-2019-15874 RESERVED CVE-2019-15873 (The profilegrid-user-profiles-groups-and-communities plugin before 2.8 ...) @@ -25161,16 +25162,16 @@ CVE-2019-10797 RESERVED CVE-2019-10796 RESERVED -CVE-2019-10795 - RESERVED -CVE-2019-10794 - RESERVED -CVE-2019-10793 - RESERVED -CVE-2019-10792 - RESERVED -CVE-2019-10791 - RESERVED +CVE-2019-10795 (undefsafe before 2.0.3 is vulnerable to Prototype Pollution. The 'a' f ...) + TODO: check +CVE-2019-10794 (All versions of component-flatten are vulnerable to Prototype Pollutio ...) + TODO: check +CVE-2019-10793 (dot-object before 2.1.3 is vulnerable to Prototype Pollution. The set ...) + TODO: check +CVE-2019-10792 (bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler ...) + TODO: check +CVE-2019-10791 (promise-probe before 0.10.0 allows remote attackers to perform a comma ...) + TODO: check CVE-2019-10790 (taffy through 2.6.2 allows attackers to forge adding additional proper ...) TODO: check CVE-2019-10789 (All versions of curling.js are vulnerable to Command Injection via the ...) @@ -39387,8 +39388,8 @@ CVE-2019-5615 (Users with Site-level permissions can access files containing the NOT-FOR-US: Rapid7 InsightVM CVE-2019-5614 RESERVED -CVE-2019-5613 - RESERVED +CVE-2019-5613 (In FreeBSD 12.0-RELEASE before 12.0-RELEASE-p13, a missing check in th ...) + TODO: check CVE-2019-5612 (In FreeBSD 12.0-STABLE before r351264, 12.0-RELEASE before 12.0-RELEAS ...) - kfreebsd-10 <unfixed> (unimportant) NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-19:23.midi.asc diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 5831e93f5c..3611882345 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,459 @@ +CVE-2020-9271 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to user creation via s ...) + TODO: check +CVE-2020-9270 (ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via ...) + TODO: check +CVE-2020-9269 (SOPlanning 1.45 is vulnerable to authenticated SQL Injection that lead ...) + TODO: check +CVE-2020-9268 (SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, ...) + TODO: check +CVE-2020-9267 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) + TODO: check +CVE-2020-9266 (SOPlanning 1.45 is vulnerable to a CSRF attack that allows for arbitra ...) + TODO: check +CVE-2020-9265 (phpMyChat-Plus 1.98 is vulnerable to multiple SQL injections against t ...) + TODO: check +CVE-2020-9264 (ESET Archive Support Module before 1296 allows virus-detection bypass ...) + TODO: check +CVE-2020-9263 + RESERVED +CVE-2020-9262 + RESERVED +CVE-2020-9261 + RESERVED +CVE-2020-9260 + RESERVED +CVE-2020-9259 + RESERVED +CVE-2020-9258 + RESERVED +CVE-2020-9257 + RESERVED +CVE-2020-9256 + RESERVED +CVE-2020-9255 + RESERVED +CVE-2020-9254 + RESERVED +CVE-2020-9253 + RESERVED +CVE-2020-9252 + RESERVED +CVE-2020-9251 + RESERVED +CVE-2020-9250 + RESERVED +CVE-2020-9249 + RESERVED +CVE-2020-9248 + RESERVED +CVE-2020-9247 + RESERVED +CVE-2020-9246 + RESERVED +CVE-2020-9245 + RESERVED +CVE-2020-9244 + RESERVED +CVE-2020-9243 + RESERVED +CVE-2020-9242 + RESERVED +CVE-2020-9241 + RESERVED +CVE-2020-9240 + RESERVED +CVE-2020-9239 + RESERVED +CVE-2020-9238 + RESERVED +CVE-2020-9237 + RESERVED +CVE-2020-9236 + RESERVED +CVE-2020-9235 + RESERVED +CVE-2020-9234 + RESERVED +CVE-2020-9233 + RESERVED +CVE-2020-9232 + RESERVED +CVE-2020-9231 + RESERVED +CVE-2020-9230 + RESERVED +CVE-2020-9229 + RESERVED +CVE-2020-9228 + RESERVED +CVE-2020-9227 + RESERVED +CVE-2020-9226 + RESERVED +CVE-2020-9225 + RESERVED +CVE-2020-9224 + RESERVED +CVE-2020-9223 + RESERVED +CVE-2020-9222 + RESERVED +CVE-2020-9221 + RESERVED +CVE-2020-9220 + RESERVED +CVE-2020-9219 + RESERVED +CVE-2020-9218 + RESERVED +CVE-2020-9217 + RESERVED +CVE-2020-9216 + RESERVED +CVE-2020-9215 + RESERVED +CVE-2020-9214 + RESERVED +CVE-2020-9213 + RESERVED +CVE-2020-9212 + RESERVED +CVE-2020-9211 + RESERVED +CVE-2020-9210 + RESERVED +CVE-2020-9209 + RESERVED +CVE-2020-9208 + RESERVED +CVE-2020-9207 + RESERVED +CVE-2020-9206 + RESERVED +CVE-2020-9205 + RESERVED +CVE-2020-9204 + RESERVED +CVE-2020-9203 + RESERVED +CVE-2020-9202 + RESERVED +CVE-2020-9201 + RESERVED +CVE-2020-9200 + RESERVED +CVE-2020-9199 + RESERVED +CVE-2020-9198 + RESERVED +CVE-2020-9197 + RESERVED +CVE-2020-9196 + RESERVED +CVE-2020-9195 + RESERVED +CVE-2020-9194 + RESERVED +CVE-2020-9193 + RESERVED +CVE-2020-9192 + RESERVED +CVE-2020-9191 + RESERVED +CVE-2020-9190 + RESERVED +CVE-2020-9189 + RESERVED +CVE-2020-9188 + RESERVED +CVE-2020-9187 + RESERVED +CVE-2020-9186 + RESERVED +CVE-2020-9185 + RESERVED +CVE-2020-9184 + RESERVED +CVE-2020-9183 + RESERVED +CVE-2020-9182 + RESERVED +CVE-2020-9181 + RESERVED +CVE-2020-9180 + RESERVED +CVE-2020-9179 + RESERVED +CVE-2020-9178 + RESERVED +CVE-2020-9177 + RESERVED +CVE-2020-9176 + RESERVED +CVE-2020-9175 + RESERVED +CVE-2020-9174 + RESERVED +CVE-2020-9173 + RESERVED +CVE-2020-9172 + RESERVED +CVE-2020-9171 + RESERVED +CVE-2020-9170 + RESERVED +CVE-2020-9169 + RESERVED +CVE-2020-9168 + RESERVED +CVE-2020-9167 + RESERVED +CVE-2020-9166 + RESERVED +CVE-2020-9165 + RESERVED +CVE-2020-9164 + RESERVED +CVE-2020-9163 + RESERVED +CVE-2020-9162 + RESERVED +CVE-2020-9161 + RESERVED +CVE-2020-9160 + RESERVED +CVE-2020-9159 + RESERVED +CVE-2020-9158 + RESERVED +CVE-2020-9157 + RESERVED +CVE-2020-9156 + RESERVED +CVE-2020-9155 + RESERVED +CVE-2020-9154 + RESERVED +CVE-2020-9153 + RESERVED +CVE-2020-9152 + RESERVED +CVE-2020-9151 + RESERVED +CVE-2020-9150 + RESERVED +CVE-2020-9149 + RESERVED +CVE-2020-9148 + RESERVED +CVE-2020-9147 + RESERVED +CVE-2020-9146 + RESERVED +CVE-2020-9145 + RESERVED +CVE-2020-9144 + RESERVED +CVE-2020-9143 + RESERVED +CVE-2020-9142 + RESERVED +CVE-2020-9141 + RESERVED +CVE-2020-9140 + RESERVED +CVE-2020-9139 + RESERVED +CVE-2020-9138 + RESERVED +CVE-2020-9137 + RESERVED +CVE-2020-9136 + RESERVED +CVE-2020-9135 + RESERVED +CVE-2020-9134 + RESERVED +CVE-2020-9133 + RESERVED +CVE-2020-9132 + RESERVED +CVE-2020-9131 + RESERVED +CVE-2020-9130 + RESERVED +CVE-2020-9129 + RESERVED +CVE-2020-9128 + RESERVED +CVE-2020-9127 + RESERVED +CVE-2020-9126 + RESERVED +CVE-2020-9125 + RESERVED +CVE-2020-9124 + RESERVED +CVE-2020-9123 + RESERVED +CVE-2020-9122 + RESERVED +CVE-2020-9121 + RESERVED +CVE-2020-9120 + RESERVED +CVE-2020-9119 + RESERVED +CVE-2020-9118 + RESERVED +CVE-2020-9117 + RESERVED +CVE-2020-9116 + RESERVED +CVE-2020-9115 + RESERVED +CVE-2020-9114 + RESERVED +CVE-2020-9113 + RESERVED +CVE-2020-9112 + RESERVED +CVE-2020-9111 + RESERVED +CVE-2020-9110 + RESERVED +CVE-2020-9109 + RESERVED +CVE-2020-9108 + RESERVED +CVE-2020-9107 + RESERVED +CVE-2020-9106 + RESERVED +CVE-2020-9105 + RESERVED +CVE-2020-9104 + RESERVED +CVE-2020-9103 + RESERVED +CVE-2020-9102 + RESERVED +CVE-2020-9101 + RESERVED +CVE-2020-9100 + RESERVED +CVE-2020-9099 + RESERVED +CVE-2020-9098 + RESERVED +CVE-2020-9097 + RESERVED +CVE-2020-9096 + RESERVED +CVE-2020-9095 + RESERVED +CVE-2020-9094 + RESERVED +CVE-2020-9093 + RESERVED +CVE-2020-9092 + RESERVED +CVE-2020-9091 + RESERVED +CVE-2020-9090 + RESERVED +CVE-2020-9089 + RESERVED +CVE-2020-9088 + RESERVED +CVE-2020-9087 + RESERVED +CVE-2020-9086 + RESERVED +CVE-2020-9085 + RESERVED +CVE-2020-9084 + RESERVED +CVE-2020-9083 + RESERVED +CVE-2020-9082 + RESERVED +CVE-2020-9081 + RESERVED +CVE-2020-9080 + RESERVED +CVE-2020-9079 + RESERVED +CVE-2020-9078 + RESERVED +CVE-2020-9077 + RESERVED +CVE-2020-9076 + RESERVED +CVE-2020-9075 + RESERVED +CVE-2020-9074 + RESERVED +CVE-2020-9073 + RESERVED +CVE-2020-9072 + RESERVED +CVE-2020-9071 + RESERVED +CVE-2020-9070 + RESERVED +CVE-2020-9069 + RESERVED +CVE-2020-9068 + RESERVED +CVE-2020-9067 + RESERVED +CVE-2020-9066 + RESERVED +CVE-2020-9065 + RESERVED +CVE-2020-9064 + RESERVED +CVE-2020-9063 + RESERVED +CVE-2020-9062 + RESERVED +CVE-2020-9061 + RESERVED +CVE-2020-9060 + RESERVED +CVE-2020-9059 + RESERVED +CVE-2020-9058 + RESERVED +CVE-2020-9057 + RESERVED +CVE-2020-9056 + RESERVED +CVE-2020-9055 + RESERVED +CVE-2020-9054 + RESERVED +CVE-2020-9053 + RESERVED +CVE-2020-9052 + RESERVED +CVE-2020-9051 + RESERVED +CVE-2020-9050 + RESERVED +CVE-2020-9049 + RESERVED +CVE-2020-9048 + RESERVED +CVE-2020-9047 + RESERVED +CVE-2020-9046 + RESERVED +CVE-2020-9045 + RESERVED +CVE-2020-9044 + RESERVED CVE-2020-9043 (The wpCentral plugin before 1.5.1 for WordPress allows disclosure of t ...) NOT-FOR-US: wpCentral plugin for WordPress CVE-2020-9042 @@ -94,7 +550,7 @@ CVE-2020-9000 CVE-2020-8999 RESERVED CVE-2020-8998 - RESERVED + REJECTED CVE-2020-8997 (Abbott FreeStyle Libre 14-day before February 2020 and FreeStyle Libre ...) NOT-FOR-US: Abbott FreeStyle Libre CVE-2020-8996 (AnyShare Cloud 6.0.9 allows authenticated directory traversal to read ...) @@ -3320,8 +3776,8 @@ CVE-2020-7452 RESERVED CVE-2020-7451 RESERVED -CVE-2020-7450 - RESERVED +CVE-2020-7450 (In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEAS ...) + TODO: check CVE-2020-7449 RESERVED CVE-2020-7448 @@ -4622,10 +5078,10 @@ CVE-2020-6847 (OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is NOT-FOR-US: OpenTrade CVE-2020-6846 RESERVED -CVE-2020-6845 - RESERVED -CVE-2020-6844 - RESERVED +CVE-2020-6845 (An issue was discovered in TopManage OLK 2020. As there is no ReadOnly ...) + TODO: check +CVE-2020-6844 (In TopManage OLK 2020, login CSRF can be chained with another vulnerab ...) + TODO: check CVE-2020-6843 (Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This i ...) NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus CVE-2020-6842 @@ -14760,13 +15216,13 @@ CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Mal CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...) NOT-FOR-US: Apache Superset CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) - {DSA-4615-1} + {DSA-4615-1 DLA-2107-1} - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2 NOTE: https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7784 (restricted) CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) - {DSA-4615-1} + {DSA-4615-1 DLA-2107-1} - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3 |