diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-02-10 20:10:29 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-02-10 20:10:29 +0000 |
commit | e0669c82731a86d937118d1b4e106800bedadf31 (patch) | |
tree | 2bc262805bd6485e5a318f8f18b16425a0c8c2f0 /data | |
parent | 9257a938b8682ef71ca8faffc84cec61ce787a4c (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2012.list | 24 | ||||
-rw-r--r-- | data/CVE/2013.list | 10 | ||||
-rw-r--r-- | data/CVE/2014.list | 16 | ||||
-rw-r--r-- | data/CVE/2017.list | 2 | ||||
-rw-r--r-- | data/CVE/2018.list | 6 | ||||
-rw-r--r-- | data/CVE/2019.list | 69 | ||||
-rw-r--r-- | data/CVE/2020.list | 37 |
7 files changed, 91 insertions, 73 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 745c99e4a5..a06610d197 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -192,8 +192,8 @@ CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the Shout NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte ...) NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin -CVE-2012-6666 - RESERVED +CVE-2012-6666 (vBSeo before 3.6.0PL2 allows XSS via the member.php u parameter. ...) + TODO: check CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 ...) NOT-FOR-US: phpMoneyBooks CVE-2012-6664 @@ -329,8 +329,8 @@ CVE-2012-6613 (D-Link DSR-250N devices with firmware 1.05B73_WW allow Persistent CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in A ...) {DSA-2963-1} - lucene-solr 3.6.2+dfsg-2 (bug #731113) -CVE-2012-6611 - RESERVED +CVE-2012-6611 (Polycom HDX Video End Points before 3.0 allows attackers to read arbit ...) + TODO: check CVE-2012-6610 (Polycom HDX Video End Points before 3.0.4 and UC APL before 2.7.1.J al ...) NOT-FOR-US: Polycom HDX Video End Points CVE-2012-6609 (Directory traversal vulnerability in a_getlog.cgi in Polycom HDX Video ...) @@ -742,8 +742,8 @@ CVE-2012-6451 (Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication B NOT-FOR-US: Lorex LNC116 and LNC104 IP Cameras CVE-2012-6450 RESERVED -CVE-2012-6449 - RESERVED +CVE-2012-6449 (The clientconf.html and detailbw.html pages in x3 in cPanel & WHM ...) + TODO: check CVE-2012-6448 (Cross-site Scripting (XSS) in cPanel WebHost Manager (WHM) 11.34.0 all ...) NOT-FOR-US: cPanel CVE-2012-6447 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 ...) @@ -2283,8 +2283,8 @@ CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent functio - iceweasel 10.0.11esr-1 - icedove 10.0.11-1 - iceape 2.7.11-1 -CVE-2012-5828 - RESERVED +CVE-2012-5828 (BlackBerry PlayBook before 2.1 has an Information Disclosure Vulnerabi ...) + TODO: check CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote attack ...) NOT-FOR-US: Joomla! CVE-2012-5826 @@ -11188,8 +11188,8 @@ CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Editi NOT-FOR-US: IBM WebSphere MQ File Transfer Edition CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest 7. ...) NOT-FOR-US: IBM Rational ClearQuest -CVE-2012-2204 - RESERVED +CVE-2012-2204 (InfoSphere Guardium aix_ktap module: DoS ...) + TODO: check CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM R ...) NOT-FOR-US: IBM Global Security Kit CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus ...) @@ -11694,8 +11694,8 @@ CVE-2012-1996 (Unspecified vulnerability in HP Systems Insight Manager (SIM) bef NOT-FOR-US: HP Systems Insight Manager CVE-2012-1995 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7 ...) NOT-FOR-US: HP Systems Insight Manager -CVE-2012-1994 - RESERVED +CVE-2012-1994 (HP Systems Insight Manager before 7.0 allows a remote user on adjacent ...) + TODO: check CVE-2012-1993 (Unspecified vulnerability in HP System Management Homepage (SMH) befor ...) NOT-FOR-US: HP System Management Homepage CVE-2012-1992 (Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index c9d0ee56b2..c8a989b92c 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -14016,11 +14016,9 @@ CVE-2013-2110 (Heap-based buffer overflow in the php_quot_print_encode function [squeeze] - php5 <not-affected> (Vulnerable code not present) NOTE: https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0 NOTE: vulnerability introduced with commit http://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629 -CVE-2013-2109 - RESERVED +CVE-2013-2109 (WordPress plugin wp-cleanfix has Remote Code Execution ...) NOT-FOR-US: WordPress plugin wp-cleanfix -CVE-2013-2108 - RESERVED +CVE-2013-2108 (WordPress WP Cleanfix Plugin 2.4.4 has CSRF ...) NOT-FOR-US: WordPress plugin wp-cleanfix CVE-2013-2107 (Cross-site request forgery (CSRF) vulnerability in the Mail On Update ...) NOT-FOR-US: WordPress plugin mail-on-update @@ -16591,8 +16589,8 @@ CVE-2013-1355 REJECTED CVE-2013-1354 RESERVED -CVE-2013-1353 - RESERVED +CVE-2013-1353 (Orange HRM 2.7.1 allows XSS via the vacancy name. ...) + TODO: check CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a ...) NOT-FOR-US: Verax NMS CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted passwo ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 6ce4f68aeb..4353ec75e4 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -13806,14 +13806,14 @@ CVE-2014-5088 (Cross-site scripting (XSS) vulnerability in Status2k allows remot NOT-FOR-US: Status2k CVE-2014-5087 (A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to ...) TODO: check -CVE-2014-5086 - RESERVED -CVE-2014-5085 - RESERVED -CVE-2014-5084 - RESERVED -CVE-2014-5083 - RESERVED +CVE-2014-5086 (A Command Execution vulnerability exists in Sphider Pro, and Sphider P ...) + TODO: check +CVE-2014-5085 (A Command Execution vulnerability exists in Sphider Plus 3.2 due to in ...) + TODO: check +CVE-2014-5084 (A Command Execution vulnerability exists in Sphider Pro 3.2 due to ins ...) + TODO: check +CVE-2014-5083 (A Command Execution vulnerability exists in Sphider before 1.3.6 due t ...) + TODO: check CVE-2014-5082 (Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1 ...) NOT-FOR-US: Sphider CVE-2014-5081 (sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus pri ...) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index c1a6310a3d..a479b7ce39 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -1,3 +1,5 @@ +CVE-2017-18642 + RESERVED CVE-2017-18641 (In LXC 2.0, many template scripts download code over cleartext HTTP, a ...) - lxc-templates <unfixed> - lxc 1:3.0.3-1 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index c0cdb82a5e..3e96350778 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -10704,9 +10704,11 @@ CVE-2018-17095 (An issue has been discovered in mpruett Audio File Library (aka [jessie] - audiofile <postponed> (Can be fixed along in future DLA) NOTE: https://github.com/mpruett/audiofile/issues/50 NOTE: https://github.com/mpruett/audiofile/issues/51 -CVE-2018-17094 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL poi ...) +CVE-2018-17094 + REJECTED - xar <removed> -CVE-2018-17093 (An issue has been discovered in mackyle xar 1.6.1. There is a NULL poi ...) +CVE-2018-17093 + REJECTED - xar <removed> CVE-2018-17092 (An issue was discovered in DonLinkage 6.6.8. SQL injection in /pages/p ...) NOT-FOR-US: DonLinkage diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 9cd3b36f47..2f0bc0fbee 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -1,3 +1,5 @@ +CVE-2019-20451 (The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 ...) + TODO: check CVE-2019-20450 RESERVED CVE-2019-20449 @@ -971,14 +973,14 @@ CVE-2019-20063 (hdf/dataobject.c in libmysofa before 0.8 has an uninitialized us [buster] - libmysofa 0.6~dfsg0-3+deb10u1 NOTE: https://github.com/hoene/libmysofa/issues/67 NOTE: https://github.com/hoene/libmysofa/commit/ecb7b743b6f6d47b93a7bc680a60071a0f9524c6 -CVE-2019-20062 - RESERVED -CVE-2019-20061 - RESERVED -CVE-2019-20060 - RESERVED -CVE-2019-20059 - RESERVED +CVE-2019-20062 (MFScripts YetiShare v3.5.2 through v4.5.4 might allow an attacker to r ...) + TODO: check +CVE-2019-20061 (The user-introduction email in MFScripts YetiShare v3.5.2 through v4.5 ...) + TODO: check +CVE-2019-20060 (MFScripts YetiShare v3.5.2 through v4.5.4 places sensitive information ...) + TODO: check +CVE-2019-20059 (payment_manage.ajax.php and various *_manage.ajax.php in MFScripts Yet ...) + TODO: check CVE-2019-20058 (** DISPUTED ** Bolt 3.7.0, if Symfony Web Profiler is used, allows XSS ...) NOT-FOR-US: Bolt CMS CVE-2019-20057 (com.proxyman.NSProxy.HelperTool in Privileged Helper Tool in Proxyman ...) @@ -2048,30 +2050,30 @@ CVE-2019-19672 RESERVED CVE-2019-19671 RESERVED -CVE-2019-19670 - RESERVED -CVE-2019-19669 - RESERVED -CVE-2019-19668 - RESERVED -CVE-2019-19667 - RESERVED -CVE-2019-19666 - RESERVED -CVE-2019-19665 - RESERVED -CVE-2019-19664 - RESERVED -CVE-2019-19663 - RESERVED -CVE-2019-19662 - RESERVED -CVE-2019-19661 - RESERVED -CVE-2019-19660 - RESERVED -CVE-2019-19659 - RESERVED +CVE-2019-19670 (A HTTP Response Splitting vulnerability was identified in the Web Sett ...) + TODO: check +CVE-2019-19669 (A CSRF vulnerability exists in the Upload Center Forms Component of We ...) + TODO: check +CVE-2019-19668 (A CSRF vulnerability exists in the File Types component of Web File Ma ...) + TODO: check +CVE-2019-19667 (A CSRF vulnerability exists in the Block Clients component of Web File ...) + TODO: check +CVE-2019-19666 (A CSRF vulnerability exists in the Event Notices Settings of Web File ...) + TODO: check +CVE-2019-19665 (A CSRF vulnerability exists in the FTP Settings of Web File Manager in ...) + TODO: check +CVE-2019-19664 (A CSRF vulnerability exists in the Web Settings of Web File Manager in ...) + TODO: check +CVE-2019-19663 (A CSRF vulnerability exists in the Folder Sets Settings of Web File Ma ...) + TODO: check +CVE-2019-19662 (A CSRF vulnerability exists in the Web File Manager's Create/Delete Ac ...) + TODO: check +CVE-2019-19661 (A Cookie based reflected XSS exists in the Web File Manager of Rumpus ...) + TODO: check +CVE-2019-19660 (A CSRF vulnerability exists in the Web File Manager's Network Setting ...) + TODO: check +CVE-2019-19659 (A CSRF vulnerability exists in the Web File Manager's Edit Accounts fu ...) + TODO: check CVE-2019-19658 RESERVED CVE-2019-19657 @@ -29130,6 +29132,7 @@ CVE-2019-9660 (Stored XSS exists in YzmCMS 5.2 via the admin/category/edit.html CVE-2019-9659 (The Chuango 433 MHz burglar-alarm product line uses static codes in th ...) NOT-FOR-US: Chuango CVE-2019-10782 (All versions of com.puppycrawl.tools:checkstyle before 8.29 are vulner ...) + {DLA-2099-1} - checkstyle 8.29-1 [buster] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658 not applied) [stretch] - checkstyle <not-affected> (Incomplete fix for CVE-2019-9658 not applied) @@ -30224,7 +30227,7 @@ CVE-2019-9280 (In keyguard, there is a possible escalation of privilege due to i CVE-2019-9279 (In the wifi hotspot service, there is a possible denial of service due ...) NOT-FOR-US: Android CVE-2019-9278 (In libexif, there is a possible out of bounds write due to an integer ...) - {DSA-4618-1} + {DSA-4618-1 DLA-2100-1} - libexif 0.6.21-6 (bug #945948) NOTE: https://android.googlesource.com/platform/external/libexif/+/a5e8e5812a11ec9686294de8a5d68aaf2ab72475%5E%21/#F0 NOTE: https://github.com/libexif/libexif/issues/26 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index b0723ab399..f26f6e93b2 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,19 @@ +CVE-2020-8838 + RESERVED +CVE-2020-8837 + RESERVED +CVE-2020-8836 + RESERVED +CVE-2020-8835 + RESERVED +CVE-2020-8834 + RESERVED +CVE-2020-8833 + RESERVED +CVE-2020-8832 + RESERVED +CVE-2020-8831 + RESERVED CVE-2020-8830 RESERVED CVE-2020-8829 @@ -8,8 +24,8 @@ CVE-2020-8827 RESERVED CVE-2020-8826 RESERVED -CVE-2020-8825 - RESERVED +CVE-2020-8825 (index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows store ...) + TODO: check CVE-2020-8824 RESERVED CVE-2020-8823 (htmlfile in lib/transport/htmlfile.js in SockJS before 3.0 is vulnerab ...) @@ -643,13 +659,13 @@ CVE-2020-8517 (An issue was discovered in Squid before 4.10. Due to incorrect in NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-c62d2b43ad4962ea44aa0c5edb4cc99cb83a413d.patch NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/squid-4-6982f1187a26557e582172965e266f544ea562a5.patch NOTE: Debian binary packages are not build with --enable-external-acl-helpers="[...]LM_group[...". -CVE-2020-8516 (The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not ...) +CVE-2020-8516 (** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0 ...) - tor <unfixed> (unimportant) NOTE: Not considered a bug / explicit design choice by upstream NOTE: https://lists.torproject.org/pipermail/tor-dev/2020-February/014147.html NOTE: https://trac.torproject.org/projects/tor/ticket/33129 NOTE: http://www.hackerfactor.com/blog/index.php?/archives/868-Deanonymizing-Tor-Circuits.html -CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta; Vigor3900 1.4.4_Beta; and Vigor300B 1.3. ...) +CVE-2020-8515 (DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3. ...) NOT-FOR-US: DrayTek devices CVE-2020-8514 (An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a direc ...) NOT-FOR-US: Rumpus on macOS @@ -1539,8 +1555,8 @@ CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could al NOT-FOR-US: TYPO3 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) NOT-FOR-US: A1 WLAN Box ADB VV2220v2 devices -CVE-2020-8089 - RESERVED +CVE-2020-8089 (Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to th ...) + TODO: check CVE-2020-8088 (panel_login.php in UseBB 1.0.12 allows type juggling for login bypass ...) NOT-FOR-US: UseBB CVE-2020-8087 (SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote comma ...) @@ -3671,16 +3687,14 @@ CVE-2020-7062 RESERVED CVE-2020-7061 RESERVED -CVE-2020-7060 [Global buffer-overflow in mbfl_filt_conv_big5_wchar function] - RESERVED +CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings, ...) - php7.4 7.4.2-7 - php7.3 <unfixed> - php7.0 <removed> - php5 <removed> NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27 NOTE: PHP Bug: http://bugs.php.net/79037 -CVE-2020-7059 [Out of bounds read in php_strip_tags_ex] - RESERVED +CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP ...) - php7.4 7.4.2-7 - php7.3 <unfixed> - php7.0 <removed> @@ -14784,8 +14798,7 @@ CVE-2020-1699 [improper URL checking leads to information disclosure] NOTE: https://github.com/ceph/ceph/commit/0443e40c11280ba3b7efcba61522afa70c4f8158 CVE-2020-1698 RESERVED -CVE-2020-1697 - RESERVED +CVE-2020-1697 (It was found in all keycloak versions before 9.0.0 that links to exter ...) NOT-FOR-US: Keycloak CVE-2020-1696 RESERVED |