From c10236e3e1bab743be3b0b8c8eea518b136ea2c1 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Sat, 15 Feb 2020 08:10:13 +0000 Subject: automatic update --- data/CVE/2013.list | 3 +-- data/CVE/2016.list | 4 ++-- data/CVE/2017.list | 2 +- data/CVE/2019.list | 32 ++++++++++++++++---------------- data/CVE/2020.list | 12 ++++++------ 5 files changed, 26 insertions(+), 27 deletions(-) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 6e149d345e..ab1cefa4e1 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -8714,8 +8714,7 @@ CVE-2013-4213 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does no - jbossas4 (Only builds a few libraries, not the full application server, #581226) CVE-2013-4212 (Certain getText methods in the ActionSupport controller in Apache Roll ...) NOT-FOR-US: Apache Roller -CVE-2013-4211 - RESERVED +CVE-2013-4211 (A Code Execution Vulnerability exists in OpenX Ad Server 2.8.10 due to ...) NOT-FOR-US: OpenX CVE-2013-4210 (The org.jboss.remoting.transport.socket.ServerThread class in Red Hat ...) NOT-FOR-US: JBoss Remoting diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 9f3135972c..5cfd8018f9 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -25872,8 +25872,8 @@ CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the Fiddle:: NOTE: Fixed by: https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42 NOTE: Fixed by: https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e NOTE: Fixed by: https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10 -CVE-2016-2338 - RESERVED +CVE-2016-2338 (An exploitable heap overflow vulnerability exists in the Psych::Emitte ...) + TODO: check CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class method. Att ...) {DLA-1480-1} - ruby2.3 2.3.0-1 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index e299b7ba27..279d1581f4 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -4852,7 +4852,7 @@ CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections ...) CVE-2017-1000207 (A vulnerability in Swagger-Parser's version <= 1.0.30 and Swagger c ...) NOT-FOR-US: Swagger-Parser CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This af ...) - {DLA-1882-1 DLA-1881-1 DLA-1204-1} + {DSA-4624-1 DLA-1882-1 DLA-1881-1 DLA-1204-1} - atril 1.20.0-1 (low) [stretch] - atril (Minor issue) - evince 3.25.92-1 (low) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 86a8121170..514da36657 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -12107,15 +12107,15 @@ CVE-2019-15596 (A path traversal in statics-server exists in all version that al NOT-FOR-US: Node module statics-server CVE-2019-15595 (A privilege escalation exists in UniFi Video Controller =<3.10.6 th ...) NOT-FOR-US: UniFi Video Controller -CVE-2019-15594 - RESERVED +CVE-2019-15594 (GitLab 11.8 and later contains a security vulnerability that allows a ...) + TODO: check CVE-2019-15593 (GitLab 12.2.3 contains a security vulnerability that allows a user to ...) [experimental] - gitlab 12.0.8-1 - gitlab NOTE: https://hackerone.com/reports/557154 NOTE: https://gitlab.com/gitlab-org/gitlab/commit/5af535d919c50951513f5859730afd924a01c29b -CVE-2019-15592 - RESERVED +CVE-2019-15592 (GitLab 12.2.2 and below contains a security vulnerability that allows ...) + TODO: check CVE-2019-15591 (An improper access control vulnerability exists in GitLab <12.3.3 t ...) - gitlab NOTE: https://hackerone.com/reports/676976 @@ -16465,12 +16465,12 @@ CVE-2019-13969 (Metinfo 6.x allows SQL Injection via the id parameter in an admi NOT-FOR-US: Metinfo CVE-2019-13968 RESERVED -CVE-2019-13967 - RESERVED -CVE-2019-13966 - RESERVED -CVE-2019-13965 - RESERVED +CVE-2019-13967 (iTop 2.2.0 through 2.6.0 allows remote attackers to cause a denial of ...) + TODO: check +CVE-2019-13966 (In iTop through 2.6.0, an XSS payload can be delivered in certain fiel ...) + TODO: check +CVE-2019-13965 (Because of a lack of sanitization around error messages, multiple Refl ...) + TODO: check CVE-2019-13964 RESERVED CVE-2019-13963 @@ -23340,7 +23340,7 @@ CVE-2019-11460 (An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3 [jessie] - gnome-desktop3 (Vulnerable embedded gnome-desktop thumbnail script introduced later) NOTE: https://gitlab.gnome.org/GNOME/gnome-desktop/issues/112 CVE-2019-11459 (The tiff_document_render() and tiff_document_get_thumbnail() functions ...) - {DLA-1882-1 DLA-1881-1} + {DSA-4624-1 DLA-1882-1 DLA-1881-1} - atril 1.22.3-1 (unimportant; bug #927821) [buster] - atril 1.20.3-1+deb10u1 - evince 3.32.0-3 (unimportant; bug #927820) @@ -28407,7 +28407,7 @@ CVE-2019-1010008 (OpenEnergyMonitor Project Emoncms 9.8.8 is affected by: Cross CVE-2019-1010007 RESERVED CVE-2019-1010006 (Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Pos ...) - {DLA-1882-1 DLA-1881-1} + {DSA-4624-1 DLA-1882-1 DLA-1881-1} - atril 1.22.2-1 [buster] - atril 1.20.3-1+deb10u1 - evince 3.27.92-1 @@ -40300,8 +40300,8 @@ CVE-2019-5188 (A code execution vulnerability exists in the directory rehashing NOTE: Fixed by: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=8dd73c149f418238f19791f9d666089ef9734dff NOTE: Further hardening: https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=71ba137571ba13755337e19c9a826dfc874562a36e1b24d3 NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2019-0973 -CVE-2019-5187 - RESERVED +CVE-2019-5187 (An exploitable out-of-bounds write vulnerability exists in the TIFread ...) + TODO: check CVE-2019-5186 RESERVED CVE-2019-5185 @@ -42016,8 +42016,8 @@ CVE-2019-4394 (IBM Cloud Orchestrator 2.4 through 2.4.0.5 and 2.5 through 2.5.0. NOT-FOR-US: IBM CVE-2019-4393 RESERVED -CVE-2019-4392 - RESERVED +CVE-2019-4392 (HCL AppScan Standard Edition 9.0.3.13 and earlier uses hard-coded cred ...) + TODO: check CVE-2019-4391 RESERVED CVE-2019-4390 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 213ef2ac02..acc932e8f5 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1803,10 +1803,10 @@ CVE-2020-8131 RESERVED CVE-2020-8130 RESERVED -CVE-2020-8129 - RESERVED -CVE-2020-8128 - RESERVED +CVE-2020-8129 (An unintended require vulnerability in script-manager npm package vers ...) + TODO: check +CVE-2020-8128 (An unintended require and server-side request forgery vulnerabilities ...) + TODO: check CVE-2020-8127 RESERVED CVE-2020-8126 (A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CG ...) @@ -6196,8 +6196,8 @@ CVE-2020-6070 RESERVED CVE-2020-6069 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear -CVE-2020-6068 - RESERVED +CVE-2020-6068 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) + TODO: check CVE-2020-6067 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) NOT-FOR-US: Accusoft ImageGear CVE-2020-6066 (An exploitable out-of-bounds write vulnerability exists in the igcore1 ...) -- cgit v1.2.3