automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-02-14 20:10:22 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-02-14 20:10:22 +0000
commit: 2745e96d69a2c55de25c080023a9312a0f1dcebd (patch)
tree: a0ba1b511a0dde524468e522b0953ff48934a516
parent: 470edd911759e2d0d2d35171930a09a569afff88 (diff)
3 files changed, 46 insertions, 40 deletions
diff --git a/data/CVE/list.2018 b/data/CVE/list.2018
index 50de0fae24..b3f2005fe5 100644
--- a/data/CVE/list.2018
+++ b/data/CVE/list.2018
@@ -1,9 +1,9 @@
 CVE-2018-21034
 	RESERVED
-CVE-2018-21033
-	RESERVED
-CVE-2018-21032
-	RESERVED
+CVE-2018-21033 (A vulnerability in Hitachi Command Suite prior to 8.6.2-00, Hitachi Au ...)
+	TODO: check
+CVE-2018-21032 (A vulnerability in Hitachi Command Suite prior to 8.7.1-00 and Hitachi ...)
+	TODO: check
 CVE-2018-21031 (Tautulli versions 2.1.38 and below allows remote attackers to bypass i ...)
 	NOT-FOR-US: Plex Media Server
 CVE-2018-21030 (Jupyter Notebook before 5.5.0 does not use a CSP header to treat serve ...)
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019
index 31b0779e06..9dfb529829 100644
--- a/data/CVE/list.2019
+++ b/data/CVE/list.2019
@@ -1,3 +1,7 @@
+CVE-2019-20455 (Gateways/Gateway.php in Heartland &amp; Global Payments PHP SDK before ...)
+	TODO: check
+CVE-2019-20454 (An out-of-bounds read was discovered in PCRE before 10.34 when the pat ...)
+	TODO: check
 CVE-2019-20453
 	RESERVED
 CVE-2019-20452
@@ -1030,10 +1034,10 @@ CVE-2019-20048 (An issue was discovered on Alcatel-Lucent OmniVista 8770 devices
 	NOT-FOR-US: Alcatel-Lucent OmniVista 8770 devices
 CVE-2019-20047 (An issue was discovered on Alcatel-Lucent OmniVista 4760 devices, and  ...)
 	NOT-FOR-US: Alcatel-Lucent OmniVista 4760 devices
-CVE-2019-20046
-	RESERVED
-CVE-2019-20045
-	RESERVED
+CVE-2019-20046 (The Synergy Systems &amp; Solutions PLC &amp; RTU system has a vulnera ...)
+	TODO: check
+CVE-2019-20045 (The Synergy Systems &amp; Solutions PLC &amp; RTU system has a vulnera ...)
+	TODO: check
 CVE-2019-20044
 	RESERVED
 CVE-2019-20040
@@ -1510,8 +1514,8 @@ CVE-2019-19880 (exprListAppendList in window.c in SQLite 3.30.1 allows attackers
 	NOTE: When fixing this issue make sure to apply as well
 	NOTE: https://github.com/sqlite/sqlite/commit/8428b3b437569338a9d1e10c4cd8154acbe33089
 	NOTE: to not open CVE-2019-19926.
-CVE-2019-19879
-	RESERVED
+CVE-2019-19879 (HashiCorp Sentinel up to 0.10.1 incorrectly parsed negation in certain ...)
+	TODO: check
 CVE-2019-19878
 	RESERVED
 CVE-2019-19877
@@ -1835,23 +1839,23 @@ CVE-2019-19767 (The Linux kernel before 5.4.2 mishandles ext4_expand_extra_isize
 CVE-2019-19766 (The Bitwarden server through 1.32.0 has a potentially unwanted KDF. ...)
 	NOT-FOR-US: Bitwarden server
 CVE-2019-19765
-	RESERVED
+	REJECTED
 CVE-2019-19764
-	RESERVED
+	REJECTED
 CVE-2019-19763
-	RESERVED
+	REJECTED
 CVE-2019-19762
-	RESERVED
+	REJECTED
 CVE-2019-19761
 	RESERVED
 CVE-2019-19760
 	RESERVED
 CVE-2019-19759
 	RESERVED
-CVE-2019-19758
-	RESERVED
-CVE-2019-19757
-	RESERVED
+CVE-2019-19758 (A vulnerability in the web interface of Lenovo EZ Media &amp; Backup C ...)
+	TODO: check
+CVE-2019-19757 (An internal product security audit of Lenovo XClarity Administrator (L ...)
+	TODO: check
 CVE-2019-19756
 	RESERVED
 CVE-2019-19755
@@ -23960,8 +23964,8 @@ CVE-2019-11217 (The GitController in Jakub Chodounsky Bonobo Git Server before 6
 	NOT-FOR-US: Bonobo Git Server
 CVE-2019-11216 (BMC Smart Reporting 7.3 20180418 allows authenticated XXE within the i ...)
 	NOT-FOR-US: BMC Smart Reporting
-CVE-2019-11215
-	RESERVED
+CVE-2019-11215 (In Combodo iTop 2.2.0 through 2.6.0, if the configuration file is writ ...)
+	TODO: check
 CVE-2019-11214
 	RESERVED
 CVE-2019-11213 (In Pulse Secure Pulse Desktop Client and Network Connect, an attacker  ...)
@@ -37917,18 +37921,18 @@ CVE-2019-6197
 	RESERVED
 CVE-2019-6196
 	RESERVED
-CVE-2019-6195
-	RESERVED
-CVE-2019-6194
-	RESERVED
-CVE-2019-6193
-	RESERVED
+CVE-2019-6195 (An authorization bypass exists in Lenovo XClarity Controller (XCC) ver ...)
+	TODO: check
+CVE-2019-6194 (An XML External Entity (XXE) processing vulnerability was reported in  ...)
+	TODO: check
+CVE-2019-6193 (An information disclosure vulnerability was reported in Lenovo XClarit ...)
+	TODO: check
 CVE-2019-6192 (A potential vulnerability has been reported in Lenovo Power Management ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-6191 (A potential vulnerability in the discontinued LenovoPaper software ver ...)
 	NOT-FOR-US: Lenovo
-CVE-2019-6190
-	RESERVED
+CVE-2019-6190 (Lenovo was notified of a potential denial of service vulnerability, af ...)
+	TODO: check
 CVE-2019-6189 (A potential vulnerability was reported in Lenovo System Interface Foun ...)
 	NOT-FOR-US: Lenovo
 CVE-2019-6188 (The BIOS tamper detection mechanism was not triggered in Lenovo ThinkP ...)
diff --git a/data/CVE/list.2020 b/data/CVE/list.2020
index dba867fd66..ddf4d91972 100644
--- a/data/CVE/list.2020
+++ b/data/CVE/list.2020
@@ -1,3 +1,5 @@
+CVE-2020-8995
+	RESERVED
 CVE-2020-8994
 	RESERVED
 CVE-2020-8993
@@ -306,8 +308,8 @@ CVE-2020-8845 (This vulnerability allows remote atackers to execute arbitrary co
 	NOT-FOR-US: Foxit PhantomPDF
 CVE-2020-8844 (This vulnerability allows remote attackers to execute arbitrary code o ...)
 	NOT-FOR-US: Foxit Reader
-CVE-2020-8843
-	RESERVED
+CVE-2020-8843 (An issue was discovered in Istio 1.3 through 1.3.6. Under certain circ ...)
+	TODO: check
 CVE-2020-8842
 	RESERVED
 CVE-2020-8841 (An issue was discovered in TestLink 1.9.19. The relation_type paramete ...)
@@ -782,10 +784,10 @@ CVE-2020-8614 (An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. A
 	NOT-FOR-US: Askey devices
 CVE-2020-8613
 	RESERVED
-CVE-2020-8612
-	RESERVED
-CVE-2020-8611
-	RESERVED
+CVE-2020-8612 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...)
+	TODO: check
+CVE-2020-8611 (In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2 ...)
+	TODO: check
 CVE-2020-8610
 	RESERVED
 CVE-2020-8609
@@ -830,8 +832,8 @@ CVE-2020-8596 (participants-database.php in the Participants Database plugin 1.9
 	NOT-FOR-US: Participants Database plugin for WordPress
 CVE-2020-8595 (Istio 1.3 through 1.4.3 allows authentication bypass. The Authenticati ...)
 	NOT-FOR-US: itsio
-CVE-2020-8594
-	RESERVED
+CVE-2020-8594 (The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vu ...)
+	TODO: check
 CVE-2020-8593
 	RESERVED
 CVE-2020-8592 (eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg ...)
@@ -3608,8 +3610,8 @@ CVE-2020-7253
 	RESERVED
 CVE-2020-7252
 	RESERVED
-CVE-2020-7251
-	RESERVED
+CVE-2020-7251 (Improper access control vulnerability in Configuration Tool in McAfee  ...)
+	TODO: check
 CVE-2020-7250
 	RESERVED
 CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on th ...)
@@ -7264,8 +7266,8 @@ CVE-2020-5534
 	RESERVED
 CVE-2020-5533
 	RESERVED
-CVE-2020-5532
-	RESERVED
+CVE-2020-5532 (ilbo App (ilbo App for Android prior to version 1.1.8 and ilbo App for ...)
+	TODO: check
 CVE-2020-5531
 	RESERVED
 CVE-2020-5530
author	security tracker role <sectracker@soriano.debian.org>	2020-02-14 20:10:22 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-02-14 20:10:22 +0000
commit	2745e96d69a2c55de25c080023a9312a0f1dcebd (patch)
tree	a0ba1b511a0dde524468e522b0953ff48934a516
parent	470edd911759e2d0d2d35171930a09a569afff88 (diff)