diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-07-07 20:10:20 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-07-07 20:10:20 +0000 |
| commit | f2f34e93966490b33e9f8bbf6a150d0cac6280a7 (patch) | |
| tree | 92b895b14a3a828d12bc99e0bb6bfd8ee47b08d6 | |
| parent | 228b9523658b8ec8789f0ce69ef4573a74375355 (diff) | |
automatic update
| -rw-r--r-- | data/CVE/list.2019 | 16 | ||||
| -rw-r--r-- | data/CVE/list.2020 | 197 |
2 files changed, 127 insertions, 86 deletions
diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index 4bc27d213b..022b1a5a01 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -1,3 +1,5 @@ +CVE-2019-20896 (WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponen ...) + TODO: check CVE-2019-20895 RESERVED CVE-2019-20894 (Traefik 2.x, in certain configurations, allows HTTPS sessions to proce ...) @@ -2391,8 +2393,8 @@ CVE-2019-19937 (In JFrog Artifactory before 6.18, it is not possible to restrict NOT-FOR-US: JFrog Artifactory CVE-2019-19936 RESERVED -CVE-2019-19935 - RESERVED +CVE-2019-19935 (Froala Editor before 3.0.6 allows XSS. ...) + TODO: check CVE-2019-19934 RESERVED CVE-2019-19933 @@ -40924,7 +40926,7 @@ CVE-2019-5510 RESERVED CVE-2019-5509 (ONTAP Select Deploy administration utility versions 2.11.2 through 2.1 ...) NOT-FOR-US: ONTAP Select Deploy administration utility -CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.6 are susceptible to a vul ...) +CVE-2019-5508 (Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vul ...) NOT-FOR-US: Clustered Data ONTAP CVE-2019-5507 (SnapManager for Oracle prior to version 3.4.2P1 are susceptible to a v ...) NOT-FOR-US: SnapManager for Oracle @@ -43524,10 +43526,10 @@ CVE-2019-4326 RESERVED CVE-2019-4325 RESERVED -CVE-2019-4324 - RESERVED -CVE-2019-4323 - RESERVED +CVE-2019-4324 ("HCL AppScan Enterprise is susceptible to Cross-Site Scripting while i ...) + TODO: check +CVE-2019-4323 ("HCL AppScan Enterprise advisory API documentation is susceptible to c ...) + TODO: check CVE-2019-4322 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...) NOT-FOR-US: IBM CVE-2019-4321 (IBM Intelligent Operations Center V5.1.0 - V5.2.0, IBM Intelligent Ope ...) diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 95b3a79355..446ac89ca9 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1,3 +1,49 @@ +CVE-2020-15595 + RESERVED +CVE-2020-15594 + RESERVED +CVE-2020-15593 + RESERVED +CVE-2020-15592 + RESERVED +CVE-2020-15591 + RESERVED +CVE-2020-15590 + RESERVED +CVE-2020-15589 + RESERVED +CVE-2020-15588 + RESERVED +CVE-2020-15587 + RESERVED +CVE-2020-15586 + RESERVED +CVE-2020-15585 + RESERVED +CVE-2020-15584 (An issue was discovered on Samsung mobile devices with Q(10.0) softwar ...) + TODO: check +CVE-2020-15583 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + TODO: check +CVE-2020-15582 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + TODO: check +CVE-2020-15581 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + TODO: check +CVE-2020-15580 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + TODO: check +CVE-2020-15579 (An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), ...) + TODO: check +CVE-2020-15578 (An issue was discovered on Samsung mobile devices with O(8.x) software ...) + TODO: check +CVE-2020-15577 (An issue was discovered on Samsung mobile devices with P(9.0) and Q(10 ...) + TODO: check +CVE-2020-15576 (SolarWinds Serv-U File Server before 15.2.1 allows information disclos ...) + TODO: check +CVE-2020-15575 (SolarWinds Serv-U File Server before 15.2.1 allows XSS as demonstrated ...) + TODO: check +CVE-2020-15574 (SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site c ...) + TODO: check +CVE-2020-15573 (SolarWinds Serv-U File Server before 15.2.1 has a "Cross-script vulner ...) + TODO: check CVE-2020-15572 RESERVED CVE-2020-15571 @@ -9,28 +55,23 @@ CVE-2020-15569 (PlayerGeneric.cpp in MilkyTracker through 1.02.00 has a use-afte NOTE: https://github.com/milkytracker/MilkyTracker/commit/7afd55c42ad80d01a339197a2d8b5461d214edaf CVE-2020-15568 RESERVED -CVE-2020-15567 - RESERVED +CVE-2020-15567 (An issue was discovered in Xen through 4.13.x, allowing Intel guest OS ...) - xen <unfixed> [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-328.html -CVE-2020-15566 - RESERVED +CVE-2020-15566 (An issue was discovered in Xen through 4.13.x, allowing guest OS users ...) - xen <unfixed> [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-317.html -CVE-2020-15565 - RESERVED +CVE-2020-15565 (An issue was discovered in Xen through 4.13.x, allowing x86 Intel HVM ...) - xen <unfixed> [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-321.html -CVE-2020-15564 - RESERVED +CVE-2020-15564 (An issue was discovered in Xen through 4.13.x, allowing Arm guest OS u ...) - xen <unfixed> [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-327.html -CVE-2020-15563 - RESERVED +CVE-2020-15563 (An issue was discovered in Xen through 4.13.x, allowing x86 HVM guest ...) - xen <unfixed> [stretch] - xen <end-of-life> (DSA 4602-1) NOTE: https://xenbits.xen.org/xsa/advisory-319.html @@ -112,8 +153,8 @@ CVE-2020-15527 RESERVED CVE-2020-15526 RESERVED -CVE-2020-15525 - RESERVED +CVE-2020-15525 (GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of ...) + TODO: check CVE-2020-15524 RESERVED CVE-2020-15523 (In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, ...) @@ -129,24 +170,24 @@ CVE-2020-15519 RESERVED CVE-2020-15518 (VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup &a ...) NOT-FOR-US: Veeam -CVE-2020-15517 - RESERVED -CVE-2020-15516 - RESERVED -CVE-2020-15515 - RESERVED -CVE-2020-15514 - RESERVED -CVE-2020-15513 - RESERVED +CVE-2020-15517 (The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x th ...) + TODO: check +CVE-2020-15516 (The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be ...) + TODO: check +CVE-2020-15515 (The turn extension through 0.3.2 for TYPO3 allows Remote Code Executio ...) + TODO: check +CVE-2020-15514 (The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYP ...) + TODO: check +CVE-2020-15513 (The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access ...) + TODO: check CVE-2020-15512 RESERVED CVE-2020-15511 RESERVED CVE-2020-15510 RESERVED -CVE-2020-15509 - RESERVED +CVE-2020-15509 (Nordic Semiconductor Android BLE Library through 2.2.1 and DFU Library ...) + TODO: check CVE-2020-15508 RESERVED CVE-2020-15507 (MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, ...) @@ -415,8 +456,8 @@ CVE-2020-15394 CVE-2020-15393 (In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/m ...) - linux <unfixed> NOTE: https://git.kernel.org/linus/28ebeb8db77035e058a510ce9bd17c2b9a009dba -CVE-2020-15392 - RESERVED +CVE-2020-15392 (A user enumeration vulnerability flaw was found in Venki Supravizio BP ...) + TODO: check CVE-2020-15391 RESERVED CVE-2020-15390 @@ -467,8 +508,8 @@ CVE-2020-15369 RESERVED CVE-2020-15368 (AsrDrv103.sys in the ASRock RGB Driver does not properly restrict acce ...) NOT-FOR-US: ASRock RGB Driver -CVE-2020-15367 - RESERVED +CVE-2020-15367 (Venki Supravizio BPM 10.1.2 does not limit the number of authenticatio ...) + TODO: check CVE-2020-15366 RESERVED CVE-2020-15365 (LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in ...) @@ -507,8 +548,8 @@ CVE-2020-15352 RESERVED CVE-2020-15351 (IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES ...) NOT-FOR-US: IDrive -CVE-2020-15350 - RESERVED +CVE-2020-15350 (RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding ...) + TODO: check CVE-2020-15349 RESERVED CVE-2020-15348 (Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManag ...) @@ -1023,8 +1064,8 @@ CVE-2020-15097 RESERVED CVE-2020-15096 (In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, the ...) TODO: check -CVE-2020-15095 - RESERVED +CVE-2020-15095 (Versions of the npm CLI prior to 6.14.6 are vulnerable to an informati ...) + TODO: check CVE-2020-15094 RESERVED CVE-2020-15093 @@ -1142,26 +1183,26 @@ CVE-2020-15039 RESERVED CVE-2020-15038 (The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. ...) NOT-FOR-US: WordPress plugin -CVE-2020-15037 - RESERVED -CVE-2020-15036 - RESERVED -CVE-2020-15035 - RESERVED -CVE-2020-15034 - RESERVED -CVE-2020-15033 - RESERVED -CVE-2020-15032 - RESERVED -CVE-2020-15031 - RESERVED -CVE-2020-15030 - RESERVED -CVE-2020-15029 - RESERVED -CVE-2020-15028 - RESERVED +CVE-2020-15037 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + TODO: check +CVE-2020-15036 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + TODO: check +CVE-2020-15035 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + TODO: check +CVE-2020-15034 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + TODO: check +CVE-2020-15033 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + TODO: check +CVE-2020-15032 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + TODO: check +CVE-2020-15031 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + TODO: check +CVE-2020-15030 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + TODO: check +CVE-2020-15029 (NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The appl ...) + TODO: check +CVE-2020-15028 (NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The ap ...) + TODO: check CVE-2020-15027 RESERVED CVE-2020-15026 (Bludit 3.12.0 allows admins to use a /plugin-backup-download?file=../ ...) @@ -3334,7 +3375,7 @@ CVE-2020-14042 RESERVED CVE-2020-14041 RESERVED -CVE-2020-14040 (Go version v0.3.3 of the x/text package fixes a vulnerability in encod ...) +CVE-2020-14040 (The x/text package before 0.3.3 for Go has a vulnerability in encoding ...) - golang-golang-x-text <unfixed> (bug #964272) - golang-x-text <unfixed> (bug #964271) NOTE: https://github.com/golang/go/issues/39491 @@ -8449,8 +8490,8 @@ CVE-2020-11884 (In the Linux kernel through 5.6.7 on the s390 platform, code exe NOTE: https://git.kernel.org/linus/316ec154810960052d4586b634156c54d0778f74 CVE-2020-11883 (In Divante vue-storefront-api through 1.11.1 and storefront-api throug ...) NOT-FOR-US: Divante vue-storefront-api -CVE-2020-11882 - RESERVED +CVE-2020-11882 (The O2 Business application 1.2.0 for Android exposes the canvasm.myo2 ...) + TODO: check CVE-2020-11881 RESERVED CVE-2020-11880 (An issue was discovered in KDE KMail before 19.12.3. By using the prop ...) @@ -11409,8 +11450,7 @@ CVE-2020-10747 REJECTED CVE-2020-10746 RESERVED -CVE-2020-10745 - RESERVED +CVE-2020-10745 (A flaw was found in all Samba versions before 4.10.17, before 4.11.11 ...) - samba 2:4.12.5+dfsg-1 NOTE: https://www.samba.org/samba/security/CVE-2020-10745.html CVE-2020-10744 (An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansi ...) @@ -11463,8 +11503,7 @@ CVE-2020-10732 (A flaw was found in the Linux kernel's implementation of Userspa NOTE: https://git.kernel.org/linus/1d605416fb7175e1adf094251466caa52093b413 CVE-2020-10731 RESERVED -CVE-2020-10730 - RESERVED +CVE-2020-10730 (A NULL pointer dereference, or possible use-after-free flaw was found ...) - ldb 2:2.1.4-1 - samba 2:4.12.5+dfsg-1 [stretch] - ldb <not-affected> (Vulnerable code introduced later) @@ -12348,7 +12387,7 @@ CVE-2020-10380 (RMySQL through 0.10.19 allows SQL Injection. ...) [jessie] - rmysql <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/r-dbi/RMySQL/commit/c2467c466684b4733a7b0df4689987e1f9dcfc32 NOTE: Test: https://github.com/r-dbi/RMySQL/commit/6137ce887c1e36b278f11656a9a9fc1cae6a5f40 -CVE-2020-10379 (In Pillow before 6.2.3 and 7.x before 7.0.1, there are two Buffer Over ...) +CVE-2020-10379 (In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/T ...) - pillow <unfixed> [jessie] - pillow <no-dsa> (Minor issue) NOTE: https://github.com/python-pillow/Pillow/pull/4538 @@ -18321,9 +18360,9 @@ CVE-2020-7693 RESERVED CVE-2020-7692 RESERVED -CVE-2020-7691 (It's possible to use <<script>script> in order to go over ...) +CVE-2020-7691 (In all versions of the package jspdf, it is possible to use <<sc ...) TODO: check -CVE-2020-7690 (It's possible to inject JavaScript code via the html method. ...) +CVE-2020-7690 (In all versions of package jspdf, it is possible to inject JavaScript ...) TODO: check CVE-2020-7689 (Data is truncated wrong when its length is greater than 255 bytes. ...) NOT-FOR-US: Node bcrypt @@ -18345,7 +18384,7 @@ CVE-2020-7681 RESERVED CVE-2020-7680 RESERVED -CVE-2020-7679 (The mergeObjects utility function is susceptible to Prototype Pollutio ...) +CVE-2020-7679 (In all versions of package casperjs, the mergeObjects utility function ...) NOT-FOR-US: Node casperjs CVE-2020-7678 RESERVED @@ -18372,15 +18411,15 @@ CVE-2020-7670 (agoo through 2.12.3 allows request smuggling attacks where agoo i TODO: check CVE-2020-7669 RESERVED -CVE-2020-7668 (The ExtractTo function doesn't securely escape file paths in zip archi ...) +CVE-2020-7668 (In all versions of the package github.com/unknwon/cae/tz, the ExtractT ...) TODO: check -CVE-2020-7667 (The CPIO extraction functionality doesn't sanitize the paths of the ar ...) +CVE-2020-7667 (In package github.com/sassoftware/go-rpmutils/cpio before version 0.1. ...) TODO: check CVE-2020-7666 RESERVED CVE-2020-7665 RESERVED -CVE-2020-7664 (The ExtractTo function doesn't securely escape file paths in zip archi ...) +CVE-2020-7664 (In all versions of the package github.com/unknwon/cae/zip, the Extract ...) TODO: check CVE-2020-7663 (websocket-extensions ruby module prior to 0.1.5 allows Denial of Servi ...) - ruby-websocket-extensions <unfixed> (bug #964274) @@ -23232,18 +23271,18 @@ CVE-2020-5602 (Mitsubishi Electoric FA Engineering Software (CPU Module Logging NOT-FOR-US: Mitsubishi CVE-2020-5601 (Chrome Extension for e-Tax Reception System Ver1.0.0.0 allows remote a ...) NOT-FOR-US: Chrome Extension for e-Tax Reception System -CVE-2020-5600 - RESERVED -CVE-2020-5599 - RESERVED -CVE-2020-5598 - RESERVED -CVE-2020-5597 - RESERVED -CVE-2020-5596 - RESERVED -CVE-2020-5595 - RESERVED +CVE-2020-5600 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) + TODO: check +CVE-2020-5599 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) + TODO: check +CVE-2020-5598 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) + TODO: check +CVE-2020-5597 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) + TODO: check +CVE-2020-5596 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) + TODO: check +CVE-2020-5595 (TCP/IP function included in the firmware of Mitsubishi Electric GOT200 ...) + TODO: check CVE-2020-5594 (Mitsubishi Electric MELSEC iQ-R, iQ-F, Q, L, and FX series CPU modules ...) NOT-FOR-US: Mitsubishi CVE-2020-5593 (Zenphoto versions prior to 1.5.7 allows an attacker to conduct PHP cod ...) @@ -26448,7 +26487,7 @@ CVE-2020-4076 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there TODO: check CVE-2020-4075 (In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary ...) TODO: check -CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.7.6, the aut ...) +CVE-2020-4074 (In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the aut ...) TODO: check CVE-2020-4073 RESERVED |