diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-08-14 20:10:27 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-08-14 20:10:27 +0000 |
commit | fb35ce631db6e70901ea3a9d734a97335934220c (patch) | |
tree | 95bdf5659a3f2ef0e7062aa5d5142b27444d5bfc /data | |
parent | d0f4de4d549f8b56458878407a5a40a9416e10cc (diff) |
automatic update
Diffstat (limited to 'data')
-rw-r--r-- | data/CVE/2015.list | 8 | ||||
-rw-r--r-- | data/CVE/2019.list | 22 | ||||
-rw-r--r-- | data/CVE/2020.list | 102 |
3 files changed, 70 insertions, 62 deletions
diff --git a/data/CVE/2015.list b/data/CVE/2015.list index dc7561768c..89511c3730 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -4720,10 +4720,10 @@ CVE-2015-8034 (The state.sls function in Salt before 2015.8.3 uses weak permissi NOTE: https://github.com/saltstack/salt/issues/28455 CVE-2015-8075 REJECTED -CVE-2015-8033 - RESERVED -CVE-2015-8032 - RESERVED +CVE-2015-8033 (In Textpattern 4.5.7, the password-reset feature does not securely tet ...) + TODO: check +CVE-2015-8032 (In Textpattern 4.5.7, an unprivileged author can change an article's m ...) + TODO: check CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly d ...) {DSA-3430-1} - libxml2 2.9.3+dfsg1-1 (bug #803942) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index e94dc8b0f1..0e6ee89f26 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -3272,8 +3272,8 @@ CVE-2019-19645 (alter.c in SQLite through 3.30.1 allows attackers to trigger inf NOTE: https://github.com/sqlite/sqlite/commit/38096961c7cd109110ac21d3ed7dad7e0cb0ae06 CVE-2019-19644 RESERVED -CVE-2019-19643 - RESERVED +CVE-2019-19643 (ise smart connect KNX Vaillant 1.2.839 contain a Denial of Service. ...) + TODO: check CVE-2019-19642 (On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02 ...) NOT-FOR-US: SuperMicro CVE-2019-19641 @@ -4196,7 +4196,7 @@ CVE-2019-19303 RESERVED CVE-2019-19302 RESERVED -CVE-2019-19301 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) +CVE-2019-19301 (A vulnerability has been identified in SCALANCE S602 (All versions), S ...) NOT-FOR-US: Siemens CVE-2019-19300 (A vulnerability has been identified in KTK ATE530S (All versions), SID ...) NOT-FOR-US: Siemens @@ -26184,7 +26184,7 @@ CVE-2019-10925 (A vulnerability has been identified in SIMATIC Ident MV420 famil NOT-FOR-US: Siemens CVE-2019-10924 (A vulnerability has been identified in LOGO! Soft Comfort (All version ...) NOT-FOR-US: Siemens -CVE-2019-10923 (A vulnerability has been identified in CP1604 (All versions < V2.8) ...) +CVE-2019-10923 (A vulnerability has been identified in Development/Evaluation Kits for ...) NOT-FOR-US: Siemens CVE-2019-10922 (A vulnerability has been identified in SIMATIC PCS 7 V8.0 and earlier ...) NOT-FOR-US: Siemens @@ -36501,8 +36501,8 @@ CVE-2019-7412 (The PS PHPCaptcha WP plugin before v1.2.0 for WordPress mishandle NOT-FOR-US: Wordpress plugin CVE-2019-7411 (Multiple stored cross-site scripting (XSS) in the MyThemeShop Launcher ...) NOT-FOR-US: MyThemeShop Launcher plugin for WordPress -CVE-2019-7410 - RESERVED +CVE-2019-7410 (There is stored cross site scripting (XSS) in Galileo CMS v0.042. Remo ...) + TODO: check CVE-2019-7409 (Multiple cross-site scripting (XSS) vulnerabilities in ProfileDesign C ...) NOT-FOR-US: ProfileDesign CMS CVE-2019-7408 @@ -38509,7 +38509,7 @@ CVE-2019-6570 (A vulnerability has been identified in SINEMA Remote Connect Serv NOT-FOR-US: Siemens CVE-2019-6569 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Scalance -CVE-2019-6568 (A vulnerability has been identified in CP1604, CP1616, CP343-1 Advance ...) +CVE-2019-6568 (A vulnerability has been identified in RFID 181EIP, SIMATIC ET 200SP O ...) NOT-FOR-US: Siemens CVE-2019-6567 (A vulnerability has been identified in SCALANCE X-200 switch family (i ...) NOT-FOR-US: Siemens @@ -39626,8 +39626,8 @@ CVE-2019-6114 (An issue was discovered in Corel PaintShop Pro 2019 21.0.0.119. A NOT-FOR-US: Corel PaintShop Pro CVE-2019-6113 (Directory traversal vulnerability on ONKYO TX-NR686 1030-5000-1040-001 ...) NOT-FOR-US: ONKYO -CVE-2019-6112 - RESERVED +CVE-2019-6112 (A Cross-site scripting (XSS) vulnerability in /inc/class-search.php in ...) + TODO: check CVE-2019-6111 (An issue was discovered in OpenSSH 7.9. Due to the scp implementation ...) {DSA-4387-2 DSA-4387-1 DLA-1728-1} - openssh 1:7.9p1-9 (bug #923486) @@ -40967,8 +40967,8 @@ CVE-2019-5593 (Improper permission or value checking in the CLI console may allo NOT-FOR-US: FortiOS CVE-2019-5592 (Multiple padding oracle vulnerabilities (Zombie POODLE, GOLDENDOODLE, ...) NOT-FOR-US: Fortinet -CVE-2019-5591 - RESERVED +CVE-2019-5591 (A Default Configuration vulnerability in FortiOS may allow an unauthen ...) + TODO: check CVE-2019-5590 (The URL part of the report message is not encoded in Fortinet FortiWeb ...) NOT-FOR-US: Fortinet CVE-2019-5589 (An Unsafe Search Path vulnerability in FortiClient Online Installer (W ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 84e2b798a5..48fd1ec331 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,11 @@ +CVE-2020-24359 + RESERVED +CVE-2020-24358 + RESERVED +CVE-2020-24357 + RESERVED +CVE-2020-24356 + RESERVED CVE-2020-24355 RESERVED CVE-2020-24354 @@ -3273,12 +3281,12 @@ CVE-2020-22724 RESERVED CVE-2020-22723 RESERVED -CVE-2020-22722 - RESERVED -CVE-2020-22721 - RESERVED -CVE-2020-22720 - RESERVED +CVE-2020-22722 (Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege ...) + TODO: check +CVE-2020-22721 (A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8. ...) + TODO: check +CVE-2020-22720 (A local privilege escalation vulnerability in SPSSLVpnService.exe in S ...) + TODO: check CVE-2020-22719 RESERVED CVE-2020-22718 @@ -13805,8 +13813,8 @@ CVE-2020-17464 RESERVED CVE-2020-17463 (FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/it ...) NOT-FOR-US: FUEL CMS -CVE-2020-17462 - RESERVED +CVE-2020-17462 (CMS Made Simple 2.2.14 allows Authenticated Arbitrary File Upload beca ...) + TODO: check CVE-2020-17461 RESERVED CVE-2020-17460 @@ -16390,8 +16398,8 @@ CVE-2020-16207 (Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. M NOT-FOR-US: Advantech WebAccess CVE-2020-16206 RESERVED -CVE-2020-16205 - RESERVED +CVE-2020-16205 (Using a specially crafted URL command, a remote authenticated user can ...) + TODO: check CVE-2020-16204 RESERVED CVE-2020-16203 (Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and ...) @@ -16460,7 +16468,7 @@ CVE-2020-16172 RESERVED CVE-2020-16171 RESERVED -CVE-2020-16170 (The Temi application 1.3.3 through 1.3.7931 for Android has hard-coded ...) +CVE-2020-16170 (Use of Hard-coded Credentials in Robotemi Global Ltd Temi Firmware up ...) NOT-FOR-US: Temi application fo Android CVE-2020-16169 (Authentication Bypass Using an Alternate Path or Channel in Robotemi G ...) NOT-FOR-US: Temi Robox OS @@ -17352,8 +17360,8 @@ CVE-2020-15783 RESERVED CVE-2020-15782 RESERVED -CVE-2020-15781 - RESERVED +CVE-2020-15781 (A vulnerability has been identified in SICAM WEB firmware for SICAM A8 ...) + TODO: check CVE-2020-15779 (A Path Traversal issue was discovered in the socket.io-file package th ...) NOT-FOR-US: Node socket.io-file CVE-2020-15780 (An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux k ...) @@ -17567,12 +17575,12 @@ CVE-2020-15696 (An issue was discovered in Joomla! through 3.9.19. Lack of input NOT-FOR-US: Joomla! CVE-2020-15695 (An issue was discovered in Joomla! through 3.9.19. A missing token che ...) NOT-FOR-US: Joomla! -CVE-2020-15694 - RESERVED -CVE-2020-15693 - RESERVED -CVE-2020-15692 - RESERVED +CVE-2020-15694 (In Nim 1.2.4, the standard library httpClient fails to properly valida ...) + TODO: check +CVE-2020-15693 (In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF ...) + TODO: check +CVE-2020-15692 (In Nim 1.2.4, the standard library browsers mishandles the URL argumen ...) + TODO: check CVE-2020-15691 RESERVED CVE-2020-15690 @@ -18812,16 +18820,16 @@ CVE-2020-15147 RESERVED CVE-2020-15146 RESERVED -CVE-2020-15145 - RESERVED +CVE-2020-15145 (In Composer-Setup for Windows before version 6.0.0, if the developer's ...) + TODO: check CVE-2020-15144 RESERVED CVE-2020-15143 RESERVED -CVE-2020-15142 - RESERVED -CVE-2020-15141 - RESERVED +CVE-2020-15142 (In openapi-python-client before version 0.5.3, clients generated with ...) + TODO: check +CVE-2020-15141 (In openapi-python-client before version 0.5.3, there is a path travers ...) + TODO: check CVE-2020-15140 RESERVED CVE-2020-15139 (In MyBB before version 1.8.24, the custom MyCode (BBCode) for the visu ...) @@ -20575,7 +20583,7 @@ CVE-2020-14354 [ares_destroy() with pending ares_getaddrinfo() leads to Use-Afte NOTE: Introduced in: https://github.com/c-ares/c-ares/commit/dbd4c441fb7babad5c56f455d720af38e20546bc (1.16.0) NOTE: Fixed by: https://github.com/c-ares/c-ares/commit/1cc7e83c3bdfaafbc5919c95025592d8de3a170e (1.16.1) CVE-2020-14353 - RESERVED + REJECTED - linux 4.13.10-1 [stretch] - linux 4.9.65-1 [jessie] - linux 3.16.56-1 @@ -24789,8 +24797,8 @@ CVE-2020-12650 REJECTED CVE-2020-12649 (Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory tr ...) NOT-FOR-US: Gurbalib -CVE-2020-12648 - RESERVED +CVE-2020-12648 (A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlie ...) + TODO: check CVE-2020-12647 (Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 6 ...) NOT-FOR-US: Unisys ALGOL Compiler CVE-2020-12646 @@ -31325,8 +31333,8 @@ CVE-2020-10057 (GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to NOT-FOR-US: GeniXCMS CVE-2020-10056 RESERVED -CVE-2020-10055 - RESERVED +CVE-2020-10055 (A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3 ...) + TODO: check CVE-2020-10054 RESERVED CVE-2020-10053 @@ -31925,8 +31933,8 @@ CVE-2020-9769 (Multiple issues were addressed by updating to version 8.1.1850. T NOT-FOR-US: Apple CVE-2020-9768 (A use after free issue was addressed with improved memory management. ...) NOT-FOR-US: Apple -CVE-2020-9767 - RESERVED +CVE-2020-9767 (A vulnerability related to Dynamic-link Library (“DLL”) lo ...) + TODO: check CVE-2020-10028 (Multiple syscalls with insufficient argument validation See NCC-ZEP-00 ...) NOT-FOR-US: Zephyr, different from src:zephyr CVE-2020-10027 (An attacker who has obtained code execution within a user thread is ab ...) @@ -32114,8 +32122,8 @@ CVE-2020-9710 RESERVED CVE-2020-9709 RESERVED -CVE-2020-9708 - RESERVED +CVE-2020-9708 (The resolveRepositoryPath function doesn't properly validate user inpu ...) + TODO: check CVE-2020-9707 RESERVED CVE-2020-9706 @@ -33238,10 +33246,10 @@ CVE-2020-9231 RESERVED CVE-2020-9230 RESERVED -CVE-2020-9229 - RESERVED -CVE-2020-9228 - RESERVED +CVE-2020-9229 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) + TODO: check +CVE-2020-9228 (FusionCompute 8.0.0 has an information disclosure vulnerability. Due t ...) + TODO: check CVE-2020-9227 (Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 ...) NOT-FOR-US: Huawei CVE-2020-9226 (HUAWEI P30 with versions earlier than 10.1.0.135(C00E135R2P11) have an ...) @@ -36641,10 +36649,10 @@ CVE-2020-7703 RESERVED CVE-2020-7702 RESERVED -CVE-2020-7701 - RESERVED -CVE-2020-7700 - RESERVED +CVE-2020-7701 (madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution ...) + TODO: check +CVE-2020-7700 (All versions of phpjs are vulnerable to Prototype Pollution via parse_ ...) + TODO: check CVE-2020-7699 (This affects the package express-fileupload before 1.1.8. If the parse ...) NOT-FOR-US: express-fileupload CVE-2020-7698 (This affects the package Gerapy from 0 and before 0.9.3. The input bei ...) @@ -36912,8 +36920,8 @@ CVE-2020-7585 (A vulnerability has been identified in SIMATIC PCS 7 V8.2 and ear NOT-FOR-US: Siemens CVE-2020-7584 (A vulnerability has been identified in SIMATIC S7-200 SMART CPU family ...) NOT-FOR-US: Siemens -CVE-2020-7583 - RESERVED +CVE-2020-7583 (A vulnerability has been identified in Automation License Manager 5 (A ...) + TODO: check CVE-2020-7582 RESERVED CVE-2020-7581 (A vulnerability has been identified in Opcenter Execution Discrete (Al ...) @@ -37504,7 +37512,7 @@ CVE-2020-7294 RESERVED CVE-2020-7293 RESERVED -CVE-2020-7292 (Inappropriate Encoding for output context in McAfee Web Gateway (MWG) ...) +CVE-2020-7292 (Inappropriate Encoding for output context vulnerability in McAfee Web ...) NOT-FOR-US: McAfee CVE-2020-7291 (Privilege Escalation vulnerability in McAfee Active Response (MAR) for ...) NOT-FOR-US: McAfee @@ -43739,8 +43747,8 @@ CVE-2020-4664 RESERVED CVE-2020-4663 RESERVED -CVE-2020-4662 - RESERVED +CVE-2020-4662 (IBM Event Streams 10.0.0 could allow an authenticated user to perform ...) + TODO: check CVE-2020-4661 RESERVED CVE-2020-4660 |