From 9f337a26c8ae6ce40cf55c88ec0e597d5bc2efc2 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 29 Jan 2020 08:10:18 +0000 Subject: automatic update --- data/CVE/2013.list | 51 ++++++------ data/CVE/2014.list | 4 +- data/CVE/2015.list | 4 +- data/CVE/2018.list | 1 + data/CVE/2019.list | 12 +-- data/CVE/2020.list | 234 +++++++++++++++++++++++++++++++++++++++++++++++++++-- 6 files changed, 265 insertions(+), 41 deletions(-) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index f36edc9a83..59a0f34087 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -11140,12 +11140,12 @@ CVE-2013-3216 RESERVED CVE-2013-3215 RESERVED -CVE-2013-3214 - RESERVED +CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerabilit ...) + TODO: check CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4 ...) NOT-FOR-US: vTiger CRM -CVE-2013-3212 - RESERVED +CVE-2013-3212 (vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilitie ...) + TODO: check CVE-2013-3211 (Unspecified vulnerability in Opera before 12.15 has unknown impact and ...) NOT-FOR-US: Opera CVE-2013-3210 (Opera before 12.15 does not properly block top-level domains in Set-Co ...) @@ -11382,8 +11382,8 @@ CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-L NOT-FOR-US: D-Link CVE-2013-3094 RESERVED -CVE-2013-3093 - RESERVED +CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...) + TODO: check CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...) NOT-FOR-US: Belkin router CVE-2013-3091 @@ -11427,14 +11427,14 @@ CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initi - linux-2.6 (Vulnerable code not present) CVE-2013-3075 (Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Comp ...) NOT-FOR-US: Mitsubishi MX Component 3 -CVE-2013-3074 - RESERVED +CVE-2013-3074 (NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow rem ...) + TODO: check CVE-2013-3073 (A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 F ...) NOT-FOR-US: NETGEAR CVE-2013-3072 (An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4 ...) NOT-FOR-US: NETGEAR -CVE-2013-3071 - RESERVED +CVE-2013-3071 (NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authenti ...) + TODO: check CVE-2013-3070 (An Information Disclosure vulnerability exists in Netgear WNDR4700 run ...) NOT-FOR-US: NETGEAR CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR470 ...) @@ -12258,8 +12258,7 @@ CVE-2013-2765 (The ModSecurity module before 2.7.4 for the Apache HTTP Server al [squeeze] - libapache-mod-security 2.5.12-1+squeeze2 NOTE: https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES NOTE: https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba -CVE-2013-2764 - RESERVED +CVE-2013-2764 (Secure Entry Server before 4.7.0 contains a URI Redirection vulnerabil ...) NOT-FOR-US: Secure Entry Server CVE-2013-2763 (** DISPUTED ** The Schneider Electric M340 PLC modules allow remote at ...) NOT-FOR-US: Schneider Electric M340 modules @@ -12291,8 +12290,8 @@ CVE-2013-2750 (Cross-site scripting (XSS) vulnerability in e107_plugins/content/ NOT-FOR-US: e107 CVE-2013-2749 REJECTED -CVE-2013-2748 - RESERVED +CVE-2013-2748 (Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote att ...) + TODO: check CVE-2013-2747 (The password reset feature in Courion Access Risk Management Suite Ver ...) NOT-FOR-US: Courion Access Risk Management Suite CVE-2013-2746 @@ -12365,8 +12364,8 @@ CVE-2013-2716 (Puppet Labs Puppet Enterprise before 2.8.0 does not use a "random NOT-FOR-US: Puppet Labs Puppet Enterprise CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the Sear ...) NOT-FOR-US: Drupal module search_api -CVE-2013-2714 - RESERVED +CVE-2013-2714 (Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 coul ...) + TODO: check CVE-2013-2713 (Cross-site request forgery (CSRF) vulnerability in users_maint.html in ...) NOT-FOR-US: KrisonAV CVE-2013-2712 (Cross-site scripting (XSS) vulnerability in services/get_article.php i ...) @@ -15870,16 +15869,16 @@ CVE-2013-1605 (Buffer overflow in MayGion IP Cameras with firmware before 2013.0 NOT-FOR-US: MayGion IP Cameras CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with firmware ...) NOT-FOR-US: MayGion IP Cameras -CVE-2013-1603 - RESERVED -CVE-2013-1602 - RESERVED -CVE-2013-1601 - RESERVED -CVE-2013-1600 - RESERVED -CVE-2013-1599 - RESERVED +CVE-2013-1603 (An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO ...) + TODO: check +CVE-2013-1602 (An Information Disclosure vulnerability exists due to insufficient val ...) + TODO: check +CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure to res ...) + TODO: check +CVE-2013-1600 (An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when ...) + TODO: check +CVE-2013-1599 (A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd. ...) + TODO: check CVE-2013-1598 (A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras ...) NOT-FOR-US: Vivotek PT7135 IP Cameras CVE-2013-1597 (A Directory Traversal vulnerability exists in Vivotek PT7135 IP Camera ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index aee3ea4805..992541ec79 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -5563,8 +5563,8 @@ CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in assets/mis NOT-FOR-US: Wordpress plugin CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows remote at ...) NOT-FOR-US: Grand Flagallery plugin for WordPress -CVE-2014-8490 - RESERVED +CVE-2014-8490 (Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9 ...) + TODO: check CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attacke ...) {DSA-3130-1} - lsyncd 2.1.5-2 (low; bug #767227) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index b6d56395ed..a1bd26af5b 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -11574,8 +11574,8 @@ CVE-2015-5485 (Cross-site scripting (XSS) vulnerability in the Event Import page NOT-FOR-US: Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin for WordPress CVE-2015-5484 (Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1 ...) NOT-FOR-US: Plotly plugin for WordPress -CVE-2015-5483 - RESERVED +CVE-2015-5483 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Priv ...) + TODO: check CVE-2015-5482 (Directory traversal vulnerability in the GD bbPress Attachments plugin ...) NOT-FOR-US: GD bbPress Attachments plugin for WordPress CVE-2015-5481 (Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD ...) diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 90fbeab3b8..5828f756f5 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -38380,6 +38380,7 @@ CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF NOTE: http://git.ghostscript.com/?p=mupdf.git;h=985fdcfc117a3bd4bc097cdcae8347b3787fbab2 NOTE: negligible security impact, memory leak in CLI tool CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version <= 6. ...) + {DLA-2082-1} - unzip 6.0-22 (bug #889838) [stretch] - unzip 6.0-21+deb9u1 [wheezy] - unzip (Harmless crash, builds with fortified source) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 41266fc201..a3836fdc17 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -520,12 +520,12 @@ CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH s [stretch] - sqlite3 (Minor issue) [jessie] - sqlite3 (Minor issue) NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387 -CVE-2019-20217 - RESERVED -CVE-2019-20216 - RESERVED -CVE-2019-20215 - RESERVED +CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) + TODO: check +CVE-2019-20216 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) + TODO: check +CVE-2019-20215 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) + TODO: check CVE-2019-20214 RESERVED CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Info ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index c3bf2c3615..be3f95ee6d 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,4 +1,228 @@ -CVE-2020-8428 [user-triggerable read-after-free crash or 1-bit infoleak oracle in open] +CVE-2020-8427 + RESERVED +CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...) + TODO: check +CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) + TODO: check +CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) + TODO: check +CVE-2020-8423 + RESERVED +CVE-2020-8422 + RESERVED +CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...) + TODO: check +CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...) + TODO: check +CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...) + TODO: check +CVE-2020-8418 + RESERVED +CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) + TODO: check +CVE-2020-8416 + RESERVED +CVE-2020-8415 + RESERVED +CVE-2020-8414 + RESERVED +CVE-2020-8413 + RESERVED +CVE-2020-8412 + RESERVED +CVE-2020-8411 + RESERVED +CVE-2020-8410 + RESERVED +CVE-2020-8409 + RESERVED +CVE-2020-8408 + RESERVED +CVE-2020-8407 + RESERVED +CVE-2020-8406 + RESERVED +CVE-2020-8405 + RESERVED +CVE-2020-8404 + RESERVED +CVE-2020-8403 + RESERVED +CVE-2020-8402 + RESERVED +CVE-2020-8401 + RESERVED +CVE-2020-8400 + RESERVED +CVE-2020-8399 + RESERVED +CVE-2020-8398 + RESERVED +CVE-2020-8397 + RESERVED +CVE-2020-8396 + RESERVED +CVE-2020-8395 + RESERVED +CVE-2020-8394 + RESERVED +CVE-2020-8393 + RESERVED +CVE-2020-8392 + RESERVED +CVE-2020-8391 + RESERVED +CVE-2020-8390 + RESERVED +CVE-2020-8389 + RESERVED +CVE-2020-8388 + RESERVED +CVE-2020-8387 + RESERVED +CVE-2020-8386 + RESERVED +CVE-2020-8385 + RESERVED +CVE-2020-8384 + RESERVED +CVE-2020-8383 + RESERVED +CVE-2020-8382 + RESERVED +CVE-2020-8381 + RESERVED +CVE-2020-8380 + RESERVED +CVE-2020-8379 + RESERVED +CVE-2020-8378 + RESERVED +CVE-2020-8377 + RESERVED +CVE-2020-8376 + RESERVED +CVE-2020-8375 + RESERVED +CVE-2020-8374 + RESERVED +CVE-2020-8373 + RESERVED +CVE-2020-8372 + RESERVED +CVE-2020-8371 + RESERVED +CVE-2020-8370 + RESERVED +CVE-2020-8369 + RESERVED +CVE-2020-8368 + RESERVED +CVE-2020-8367 + RESERVED +CVE-2020-8366 + RESERVED +CVE-2020-8365 + RESERVED +CVE-2020-8364 + RESERVED +CVE-2020-8363 + RESERVED +CVE-2020-8362 + RESERVED +CVE-2020-8361 + RESERVED +CVE-2020-8360 + RESERVED +CVE-2020-8359 + RESERVED +CVE-2020-8358 + RESERVED +CVE-2020-8357 + RESERVED +CVE-2020-8356 + RESERVED +CVE-2020-8355 + RESERVED +CVE-2020-8354 + RESERVED +CVE-2020-8353 + RESERVED +CVE-2020-8352 + RESERVED +CVE-2020-8351 + RESERVED +CVE-2020-8350 + RESERVED +CVE-2020-8349 + RESERVED +CVE-2020-8348 + RESERVED +CVE-2020-8347 + RESERVED +CVE-2020-8346 + RESERVED +CVE-2020-8345 + RESERVED +CVE-2020-8344 + RESERVED +CVE-2020-8343 + RESERVED +CVE-2020-8342 + RESERVED +CVE-2020-8341 + RESERVED +CVE-2020-8340 + RESERVED +CVE-2020-8339 + RESERVED +CVE-2020-8338 + RESERVED +CVE-2020-8337 + RESERVED +CVE-2020-8336 + RESERVED +CVE-2020-8335 + RESERVED +CVE-2020-8334 + RESERVED +CVE-2020-8333 + RESERVED +CVE-2020-8332 + RESERVED +CVE-2020-8331 + RESERVED +CVE-2020-8330 + RESERVED +CVE-2020-8329 + RESERVED +CVE-2020-8328 + RESERVED +CVE-2020-8327 + RESERVED +CVE-2020-8326 + RESERVED +CVE-2020-8325 + RESERVED +CVE-2020-8324 + RESERVED +CVE-2020-8323 + RESERVED +CVE-2020-8322 + RESERVED +CVE-2020-8321 + RESERVED +CVE-2020-8320 + RESERVED +CVE-2020-8319 + RESERVED +CVE-2020-8318 + RESERVED +CVE-2020-8317 + RESERVED +CVE-2020-8316 + RESERVED +CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...) - linux [jessie] - linux (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6 @@ -6319,8 +6543,8 @@ CVE-2020-5229 RESERVED CVE-2020-5228 RESERVED -CVE-2020-5227 - RESERVED +CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of ...) + TODO: check CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...) - simplesamlphp 1.18.4-1 [buster] - simplesamlphp (Vulnerable code introduced later) @@ -6357,8 +6581,8 @@ CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection - ruby-secure-headers (bug #949998) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg NOTE: https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0 -CVE-2020-5215 - RESERVED +CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...) + TODO: check CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...) TODO: check CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...) -- cgit v1.2.3