diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-11-06 08:10:14 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-11-06 08:10:14 +0000 |
| commit | d6b31ff276d845dc44adb9e9485e6fc507b0d762 (patch) | |
| tree | af3fbafd3658b31a59c258f452b145bafbf73928 | |
| parent | 6da76b0509d2a6a13cde9e9ba9257a03ef13b16d (diff) | |
automatic update
| -rw-r--r-- | data/CVE/1999.list | 10 | ||||
| -rw-r--r-- | data/CVE/2000.list | 10 | ||||
| -rw-r--r-- | data/CVE/2001.list | 10 | ||||
| -rw-r--r-- | data/CVE/2002.list | 6 | ||||
| -rw-r--r-- | data/CVE/2003.list | 6 | ||||
| -rw-r--r-- | data/CVE/2004.list | 8 | ||||
| -rw-r--r-- | data/CVE/2005.list | 6 | ||||
| -rw-r--r-- | data/CVE/2006.list | 2 | ||||
| -rw-r--r-- | data/CVE/2007.list | 6 | ||||
| -rw-r--r-- | data/CVE/2008.list | 10 | ||||
| -rw-r--r-- | data/CVE/2009.list | 10 | ||||
| -rw-r--r-- | data/CVE/2010.list | 10 | ||||
| -rw-r--r-- | data/CVE/2011.list | 10 | ||||
| -rw-r--r-- | data/CVE/2012.list | 12 | ||||
| -rw-r--r-- | data/CVE/2013.list | 10 | ||||
| -rw-r--r-- | data/CVE/2014.list | 6 | ||||
| -rw-r--r-- | data/CVE/2015.list | 10 | ||||
| -rw-r--r-- | data/CVE/2016.list | 6 | ||||
| -rw-r--r-- | data/CVE/2017.list | 190 | ||||
| -rw-r--r-- | data/CVE/2018.list | 92 | ||||
| -rw-r--r-- | data/CVE/2020.list | 227 |
21 files changed, 356 insertions, 301 deletions
diff --git a/data/CVE/1999.list b/data/CVE/1999.list index f7bfd6fe46..d23b8b457b 100644 --- a/data/CVE/1999.list +++ b/data/CVE/1999.list @@ -1,15 +1,15 @@ CVE-1999-0199 (manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a ...) - glibc 2.2-1 CVE-1999-1598 - RESERVED + REJECTED CVE-1999-1597 - RESERVED + REJECTED CVE-1999-1596 - RESERVED + REJECTED CVE-1999-1595 - RESERVED + REJECTED CVE-1999-1594 - RESERVED + REJECTED CVE-1999-1593 (Windows Internet Naming Service (WINS) allows remote attackers to caus ...) NOT-FOR-US: Windows CVE-1999-1592 (Multiple unspecified vulnerabilities in sendmail 5, as installed on Su ...) diff --git a/data/CVE/2000.list b/data/CVE/2000.list index db60f5b21e..4d09587612 100644 --- a/data/CVE/2000.list +++ b/data/CVE/2000.list @@ -4,15 +4,15 @@ CVE-2000-1254 (crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C bitwise CVE-2000-1253 RESERVED CVE-2000-1252 - RESERVED + REJECTED CVE-2000-1251 - RESERVED + REJECTED CVE-2000-1250 - RESERVED + REJECTED CVE-2000-1249 - RESERVED + REJECTED CVE-2000-1248 - RESERVED + REJECTED CVE-2000-1247 (The default configuration of the jserv-status handler in jserv.conf in ...) - apache <removed> CVE-2000-1246 (NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 al ...) diff --git a/data/CVE/2001.list b/data/CVE/2001.list index aa21f783f1..cff8eeeb46 100644 --- a/data/CVE/2001.list +++ b/data/CVE/2001.list @@ -4,15 +4,15 @@ CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and e {DSA-2892-1} - a2ps 1:4.14-1.2 (low; bug #737385) CVE-2001-1592 - RESERVED + REJECTED CVE-2001-1591 - RESERVED + REJECTED CVE-2001-1590 - RESERVED + REJECTED CVE-2001-1589 - RESERVED + REJECTED CVE-2001-1588 - RESERVED + REJECTED CVE-2001-1587 (NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows rem ...) NOT-FOR-US: Novell NetWare CVE-2001-1586 (Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier ...) diff --git a/data/CVE/2002.list b/data/CVE/2002.list index 3bffd33c93..39eac950ca 100644 --- a/data/CVE/2002.list +++ b/data/CVE/2002.list @@ -16,11 +16,11 @@ CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 NOTE: https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c CVE-2002-2442 - RESERVED + REJECTED CVE-2002-2441 - RESERVED + REJECTED CVE-2002-2440 - RESERVED + REJECTED CVE-2002-2439 (Integer overflow in the new[] operator in gcc before 4.8.0 allows atta ...) - gcc-4.1 <removed> [squeeze] - gcc-4.1 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) diff --git a/data/CVE/2003.list b/data/CVE/2003.list index e734f58e33..9b08fd165b 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -8,11 +8,11 @@ CVE-2003-1604 (The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c - linux-2.6 <not-affected> (Fixed before initial upload of linux-2.6 in Debian) NOTE: https://marc.info/?l=netfilter-devel&m=106668497403047&w=2 CVE-2003-1602 - RESERVED + REJECTED CVE-2003-1601 - RESERVED + REJECTED CVE-2003-1600 - RESERVED + REJECTED CVE-2003-1599 (PHP remote file inclusion vulnerability in wp-links/links.all.php in W ...) NOT-FOR-US: WordPress plugin wp-links CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...) diff --git a/data/CVE/2004.list b/data/CVE/2004.list index 7a3d0d7f08..32eae339a2 100644 --- a/data/CVE/2004.list +++ b/data/CVE/2004.list @@ -12,13 +12,13 @@ CVE-2004-XXXX [base-passwd: sets valid shells for system services] CVE-2004-2776 (go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: Montitorix CVE-2004-2775 - RESERVED + REJECTED CVE-2004-2774 - RESERVED + REJECTED CVE-2004-2773 - RESERVED + REJECTED CVE-2004-2772 - RESERVED + REJECTED CVE-2004-2771 (The expand function in fio.c in Heirloom mailx 12.5 and earlier and BS ...) {DSA-3105-1 DLA-114-1} - heirloom-mailx 12.5-3.1 (bug #773417) diff --git a/data/CVE/2005.list b/data/CVE/2005.list index 6761bdbff7..4b96eeb19d 100644 --- a/data/CVE/2005.list +++ b/data/CVE/2005.list @@ -17,11 +17,11 @@ CVE-2005-XXXX [more related to CVE-2005-4890] CVE-2005-4895 (Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools bef ...) - google-perftools 0.7-1 CVE-2005-4894 - RESERVED + REJECTED CVE-2005-4893 - RESERVED + REJECTED CVE-2005-4892 - RESERVED + REJECTED CVE-2005-4891 (Simple Machine Forum (SMF) versions 1.0.4 and earlier have an SQL inje ...) NOT-FOR-US: Simple Machine Forum (SMF) CVE-2005-4890 (There is a possible tty hijacking in shadow 4.x before 4.1.5 and sudo ...) diff --git a/data/CVE/2006.list b/data/CVE/2006.list index cef1eacf1a..96323cddab 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -6,7 +6,7 @@ CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia fo CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in jem ...) NOT-FOR-US: NetBSD/FreeBSD libc CVE-2006-7251 - RESERVED + REJECTED CVE-2006-7250 (The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t ...) {DSA-2454-1} - openssl 1.0.0h-1 diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 38a6002f54..6a5bf1448d 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -32,11 +32,11 @@ CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x allows remote attackers to cau - apache <removed> (medium; bug #533662) [lenny] - apache2 <no-dsa> (Minor issue) CVE-2007-6749 - RESERVED + REJECTED CVE-2007-6748 - RESERVED + REJECTED CVE-2007-6747 - RESERVED + REJECTED CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer is a ...) - telepathy-idle 0.1.15-1 (low; bug #706094) [wheezy] - telepathy-idle <no-dsa> (Minor issue) diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 06939defd3..6711fad327 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -42,15 +42,15 @@ CVE-2008-7310 (Spree 0.2.0 does not properly restrict the use of a hash to provi CVE-2008-7309 (Insoshi before 20080920 does not properly restrict the use of a hash t ...) NOT-FOR-US: Insoshi CVE-2008-7308 - RESERVED + REJECTED CVE-2008-7307 - RESERVED + REJECTED CVE-2008-7306 - RESERVED + REJECTED CVE-2008-7305 - RESERVED + REJECTED CVE-2008-7304 - RESERVED + REJECTED CVE-2008-7303 (The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do ...) NOT-FOR-US: Apple Mac OS X CVE-2008-7302 (SQL injection vulnerability in netinvoice.php in the nBill (com_netinv ...) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index a6e7d452fe..572a620f65 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -142,11 +142,11 @@ CVE-2009-5108 CVE-2009-5107 REJECTED CVE-2009-5106 - RESERVED + REJECTED CVE-2009-5105 - RESERVED + REJECTED CVE-2009-5104 - RESERVED + REJECTED CVE-2009-5103 (Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP ...) NOT-FOR-US: ATCOM Netvolution CVE-2009-5102 (SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 AS ...) @@ -220,9 +220,9 @@ CVE-2009-5072 (Memory leak in the ldap_explode_dn function in IBM Tivoli Directo CVE-2009-5071 (Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown i ...) NOT-FOR-US: Palm WebOS CVE-2009-5070 - RESERVED + REJECTED CVE-2009-5069 - RESERVED + REJECTED CVE-2009-5068 (There is a file disclosure vulnerability in SMF (Simple Machines Forum ...) NOT-FOR-US: Simple Machines Forum CVE-2009-5067 (Directory traversal vulnerability in html2ps before 1.0b6 allows remot ...) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index e5f495442f..2714ec1e54 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -480,15 +480,15 @@ CVE-2010-5118 CVE-2010-5117 REJECTED CVE-2010-5116 - RESERVED + REJECTED CVE-2010-5115 - RESERVED + REJECTED CVE-2010-5114 - RESERVED + REJECTED CVE-2010-5113 - RESERVED + REJECTED CVE-2010-5112 - RESERVED + REJECTED CVE-2010-5111 (Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote ...) - echoping 6.0.2-4 (low; bug #606808) [squeeze] - echoping <no-dsa> (Minor issue) diff --git a/data/CVE/2011.list b/data/CVE/2011.list index 9fc930ce0b..cc319c7516 100644 --- a/data/CVE/2011.list +++ b/data/CVE/2011.list @@ -783,15 +783,15 @@ CVE-2011-4980 CVE-2011-4979 REJECTED CVE-2011-4978 - RESERVED + REJECTED CVE-2011-4977 - RESERVED + REJECTED CVE-2011-4976 - RESERVED + REJECTED CVE-2011-4975 - RESERVED + REJECTED CVE-2011-4974 - RESERVED + REJECTED CVE-2011-4973 (Authentication bypass vulnerability in mod_nss 1.0.8 allows remote att ...) - libapache2-mod-nss 1.0.8-4 (low; bug #729626) [wheezy] - libapache2-mod-nss <no-dsa> (Minor issue) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index cbe4555614..34e3d4f799 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1342,13 +1342,13 @@ CVE-2012-6159 CVE-2012-6158 REJECTED CVE-2012-6157 - RESERVED + REJECTED CVE-2012-6156 - RESERVED + REJECTED CVE-2012-6155 - RESERVED + REJECTED CVE-2012-6154 - RESERVED + REJECTED CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient befor ...) {DLA-222-1} - commons-httpclient 3.1-10.2 (bug #692442) @@ -2980,7 +2980,7 @@ CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x befo CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the REST ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5555 - RESERVED + REJECTED CVE-2012-5554 (The default configuration for the Webform CiviCRM Integration module 7 ...) NOT-FOR-US: Drupal contributed-module CVE-2012-5553 (Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu ...) @@ -3042,7 +3042,7 @@ CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, - firebird2.5 2.5.2~svn+54698.ds4-2 (low; bug #693210) - firebird2.1 <not-affected> (Only affects 2.5.x) CVE-2012-5528 - RESERVED + REJECTED CVE-2012-5527 (Claws Mail vCalendar plugin: credentials exposed on interface ...) - claws-mail-extra-plugins 3.8.1-2 (unimportant; bug #693391) NOTE: More of a plain bug than a security vulnerability diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 1b421eb2b2..9d97ee0a30 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -2729,15 +2729,15 @@ CVE-2013-6508 CVE-2013-6507 REJECTED CVE-2013-6506 - RESERVED + REJECTED CVE-2013-6505 - RESERVED + REJECTED CVE-2013-6504 - RESERVED + REJECTED CVE-2013-6503 - RESERVED + REJECTED CVE-2013-6502 - RESERVED + REJECTED CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...) - php5 <removed> (unimportant) NOTE: Rendererd unexpoitable by kernel level hardening for tmp races diff --git a/data/CVE/2014.list b/data/CVE/2014.list index 208226dd9d..ad48139984 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -7475,9 +7475,9 @@ CVE-2014-7858 (The check_login function in D-Link DNR-326 before 2.10 build 03 a CVE-2014-7857 (D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 Build ...) NOT-FOR-US: D-Link CVE-2014-7856 - RESERVED + REJECTED CVE-2014-7855 - RESERVED + REJECTED CVE-2014-7854 RESERVED CVE-2014-7853 (The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBo ...) @@ -7623,7 +7623,7 @@ CVE-2014-7821 (OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 al NOTE: Versions up to 2014.1.3 and 2014.2 NOTE: https://launchpad.net/bugs/1378450 CVE-2014-7820 - RESERVED + REJECTED CVE-2014-7819 (Multiple directory traversal vulnerabilities in server.rb in Sprockets ...) - ruby-sprockets 2.12.3-1 [wheezy] - ruby-sprockets <no-dsa> (Minor issue) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index c774fefb66..0e83507faa 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -22066,13 +22066,13 @@ CVE-2015-1827 (The get_user_grouplist function in the extdom plug-in in FreeIPA - freeipa <not-affected> (Only affects 4.1, see bug #781224) NOTE: https://fedorahosted.org/freeipa/ticket/4908 CVE-2015-1826 - RESERVED + REJECTED CVE-2015-1825 - RESERVED + REJECTED CVE-2015-1824 - RESERVED + REJECTED CVE-2015-1823 - RESERVED + REJECTED CVE-2015-1822 (chrony before 1.31.1 does not initialize the last "next" pointer when ...) {DSA-3222-1 DLA-193-1} - chrony 1.30-2 (bug #782160) @@ -26443,7 +26443,7 @@ CVE-2015-0302 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before CVE-2015-0301 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0 ...) NOT-FOR-US: Adobe Flash Player CVE-2015-0300 - RESERVED + REJECTED CVE-2015-0299 (Multiple cross-site scripting (XSS) vulnerabilities in Open Source Poi ...) NOT-FOR-US: Open Source Point of Sale CVE-2015-0298 (Cross-site scripting (XSS) vulnerability in the manager web interface ...) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index 5c2bf36bc3..682c276fda 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -30905,11 +30905,11 @@ CVE-2016-0746 (Use-after-free vulnerability in the resolver in nginx 0.6.18 thro NOTE: https://github.com/nginx/nginx/commit/4b581a7c21e4328d059bf400a059c0458fc9f806 (release-1.9.10) NOTE: https://github.com/nginx/nginx/commit/a3d42258d97ebd0b638c20976654d3edfbaf943f (release-1.9.10) CVE-2016-0745 - RESERVED + REJECTED CVE-2016-0744 - RESERVED + REJECTED CVE-2016-0743 - RESERVED + REJECTED CVE-2016-0742 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remo ...) {DSA-3473-1 DLA-404-1} - nginx 1.9.10-1 (bug #812806) diff --git a/data/CVE/2017.list b/data/CVE/2017.list index b1b04de11c..78a7c0abcc 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -4519,105 +4519,105 @@ CVE-2017-17381 (The Virtio Vring implementation in QEMU allows local OS guest us [wheezy] - qemu-kvm <postponed> (Can be fixed along in later update) NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html CVE-2017-17380 - RESERVED + REJECTED CVE-2017-17379 - RESERVED + REJECTED CVE-2017-17378 - RESERVED + REJECTED CVE-2017-17377 - RESERVED + REJECTED CVE-2017-17376 - RESERVED + REJECTED CVE-2017-17375 - RESERVED + REJECTED CVE-2017-17374 - RESERVED + REJECTED CVE-2017-17373 - RESERVED + REJECTED CVE-2017-17372 - RESERVED + REJECTED CVE-2017-17371 - RESERVED + REJECTED CVE-2017-17370 - RESERVED + REJECTED CVE-2017-17369 - RESERVED + REJECTED CVE-2017-17368 - RESERVED + REJECTED CVE-2017-17367 - RESERVED + REJECTED CVE-2017-17366 - RESERVED + REJECTED CVE-2017-17365 - RESERVED + REJECTED CVE-2017-17364 - RESERVED + REJECTED CVE-2017-17363 - RESERVED + REJECTED CVE-2017-17362 - RESERVED + REJECTED CVE-2017-17361 - RESERVED + REJECTED CVE-2017-17360 - RESERVED + REJECTED CVE-2017-17359 - RESERVED + REJECTED CVE-2017-17358 - RESERVED + REJECTED CVE-2017-17357 - RESERVED + REJECTED CVE-2017-17356 - RESERVED + REJECTED CVE-2017-17355 - RESERVED + REJECTED CVE-2017-17354 - RESERVED + REJECTED CVE-2017-17353 - RESERVED + REJECTED CVE-2017-17352 - RESERVED + REJECTED CVE-2017-17351 - RESERVED + REJECTED CVE-2017-17350 - RESERVED + REJECTED CVE-2017-17349 - RESERVED + REJECTED CVE-2017-17348 - RESERVED + REJECTED CVE-2017-17347 - RESERVED + REJECTED CVE-2017-17346 - RESERVED + REJECTED CVE-2017-17345 - RESERVED + REJECTED CVE-2017-17344 - RESERVED + REJECTED CVE-2017-17343 - RESERVED + REJECTED CVE-2017-17342 - RESERVED + REJECTED CVE-2017-17341 - RESERVED + REJECTED CVE-2017-17340 - RESERVED + REJECTED CVE-2017-17339 - RESERVED + REJECTED CVE-2017-17338 - RESERVED + REJECTED CVE-2017-17337 - RESERVED + REJECTED CVE-2017-17336 - RESERVED + REJECTED CVE-2017-17335 - RESERVED + REJECTED CVE-2017-17334 - RESERVED + REJECTED CVE-2017-17333 - RESERVED + REJECTED CVE-2017-17332 - RESERVED + REJECTED CVE-2017-17331 - RESERVED + REJECTED CVE-2017-17330 (Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; V200 ...) NOT-FOR-US: Huawei CVE-2017-17329 (Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. Th ...) @@ -10597,95 +10597,95 @@ CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_blo [wheezy] - libmp3splt <no-dsa> (Minor issue) NOTE: https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932 CVE-2017-15184 - RESERVED + REJECTED CVE-2017-15183 - RESERVED + REJECTED CVE-2017-15182 - RESERVED + REJECTED CVE-2017-15181 - RESERVED + REJECTED CVE-2017-15180 - RESERVED + REJECTED CVE-2017-15179 - RESERVED + REJECTED CVE-2017-15178 - RESERVED + REJECTED CVE-2017-15177 - RESERVED + REJECTED CVE-2017-15176 - RESERVED + REJECTED CVE-2017-15175 - RESERVED + REJECTED CVE-2017-15174 - RESERVED + REJECTED CVE-2017-15173 - RESERVED + REJECTED CVE-2017-15172 - RESERVED + REJECTED CVE-2017-15171 - RESERVED + REJECTED CVE-2017-15170 - RESERVED + REJECTED CVE-2017-15169 - RESERVED + REJECTED CVE-2017-15168 - RESERVED + REJECTED CVE-2017-15167 - RESERVED + REJECTED CVE-2017-15166 - RESERVED + REJECTED CVE-2017-15165 - RESERVED + REJECTED CVE-2017-15164 - RESERVED + REJECTED CVE-2017-15163 - RESERVED + REJECTED CVE-2017-15162 - RESERVED + REJECTED CVE-2017-15161 - RESERVED + REJECTED CVE-2017-15160 - RESERVED + REJECTED CVE-2017-15159 - RESERVED + REJECTED CVE-2017-15158 - RESERVED + REJECTED CVE-2017-15157 - RESERVED + REJECTED CVE-2017-15156 - RESERVED + REJECTED CVE-2017-15155 - RESERVED + REJECTED CVE-2017-15154 - RESERVED + REJECTED CVE-2017-15153 - RESERVED + REJECTED CVE-2017-15152 - RESERVED + REJECTED CVE-2017-15151 - RESERVED + REJECTED CVE-2017-15150 - RESERVED + REJECTED CVE-2017-15149 - RESERVED + REJECTED CVE-2017-15148 - RESERVED + REJECTED CVE-2017-15147 - RESERVED + REJECTED CVE-2017-15146 - RESERVED + REJECTED CVE-2017-15145 - RESERVED + REJECTED CVE-2017-15144 - RESERVED + REJECTED CVE-2017-15143 - RESERVED + REJECTED CVE-2017-15142 - RESERVED + REJECTED CVE-2017-15141 - RESERVED + REJECTED CVE-2017-15140 - RESERVED + REJECTED CVE-2017-15139 (A vulnerability was found in openstack-cinder releases up to and inclu ...) [experimental] - cinder 2:13.0.0-1 - cinder 2:13.0.0-2 diff --git a/data/CVE/2018.list b/data/CVE/2018.list index 1c7c1b270c..19bc244fe7 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -11571,97 +11571,97 @@ CVE-2018-16938 CVE-2018-16937 RESERVED CVE-2018-16936 - RESERVED + REJECTED CVE-2018-16935 - RESERVED + REJECTED CVE-2018-16934 - RESERVED + REJECTED CVE-2018-16933 - RESERVED + REJECTED CVE-2018-16932 - RESERVED + REJECTED CVE-2018-16931 - RESERVED + REJECTED CVE-2018-16930 - RESERVED + REJECTED CVE-2018-16929 - RESERVED + REJECTED CVE-2018-16928 - RESERVED + REJECTED CVE-2018-16927 - RESERVED + REJECTED CVE-2018-16926 - RESERVED + REJECTED CVE-2018-16925 - RESERVED + REJECTED CVE-2018-16924 - RESERVED + REJECTED CVE-2018-16923 - RESERVED + REJECTED CVE-2018-16922 - RESERVED + REJECTED CVE-2018-16921 - RESERVED + REJECTED CVE-2018-16920 - RESERVED + REJECTED CVE-2018-16919 - RESERVED + REJECTED CVE-2018-16918 - RESERVED + REJECTED CVE-2018-16917 - RESERVED + REJECTED CVE-2018-16916 - RESERVED + REJECTED CVE-2018-16915 - RESERVED + REJECTED CVE-2018-16914 - RESERVED + REJECTED CVE-2018-16913 - RESERVED + REJECTED CVE-2018-16912 - RESERVED + REJECTED CVE-2018-16911 - RESERVED + REJECTED CVE-2018-16910 - RESERVED + REJECTED CVE-2018-16909 - RESERVED + REJECTED CVE-2018-16908 - RESERVED + REJECTED CVE-2018-16907 - RESERVED + REJECTED CVE-2018-16906 - RESERVED + REJECTED CVE-2018-16905 - RESERVED + REJECTED CVE-2018-16904 - RESERVED + REJECTED CVE-2018-16903 - RESERVED + REJECTED CVE-2018-16902 - RESERVED + REJECTED CVE-2018-16901 - RESERVED + REJECTED CVE-2018-16900 - RESERVED + REJECTED CVE-2018-16899 - RESERVED + REJECTED CVE-2018-16898 - RESERVED + REJECTED CVE-2018-16897 - RESERVED + REJECTED CVE-2018-16896 - RESERVED + REJECTED CVE-2018-16895 - RESERVED + REJECTED CVE-2018-16894 - RESERVED + REJECTED CVE-2018-16893 - RESERVED + REJECTED CVE-2018-16892 - RESERVED + REJECTED CVE-2018-16891 - RESERVED + REJECTED CVE-2018-16890 (libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap ...) {DSA-4386-1 DLA-1672-1} - curl 7.64.0-1 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index f83609c015..4bbcd365c6 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,59 @@ +CVE-2020-28266 + RESERVED +CVE-2020-28265 + RESERVED +CVE-2020-28264 + RESERVED +CVE-2020-28263 + RESERVED +CVE-2020-28262 + RESERVED +CVE-2020-28261 + RESERVED +CVE-2020-28260 + RESERVED +CVE-2020-28259 + RESERVED +CVE-2020-28258 + RESERVED +CVE-2020-28257 + RESERVED +CVE-2020-28256 + RESERVED +CVE-2020-28255 + RESERVED +CVE-2020-28254 + RESERVED +CVE-2020-28253 + RESERVED +CVE-2020-28252 + RESERVED +CVE-2020-28251 + RESERVED +CVE-2020-28250 (Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user ...) + TODO: check +CVE-2020-28249 (Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note. ...) + TODO: check +CVE-2020-28248 + RESERVED +CVE-2020-28247 + RESERVED +CVE-2020-28246 + RESERVED +CVE-2020-28245 + RESERVED +CVE-2020-28244 + RESERVED +CVE-2020-28243 + RESERVED +CVE-2020-28242 (An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 1 ...) + TODO: check +CVE-2020-28241 (libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_en ...) + TODO: check +CVE-2020-28240 + RESERVED +CVE-2020-28239 + RESERVED CVE-2020-28238 RESERVED CVE-2020-28237 @@ -82,8 +138,8 @@ CVE-2020-28198 RESERVED CVE-2020-28197 RESERVED -CVE-2020-28196 - RESERVED +CVE-2020-28196 (MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allow ...) + TODO: check CVE-2020-28195 RESERVED CVE-2020-28194 @@ -386,8 +442,7 @@ CVE-2020-28048 RESERVED CVE-2020-28047 (AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scr ...) NOT-FOR-US: AudimexEE -CVE-2020-27347 [tmux buffer overflow in CSI parsing] - RESERVED +CVE-2020-27347 (The function input_csi_dispatch_sgr_colon() in file input.c contained ...) - tmux 3.1c-1 [buster] - tmux <not-affected> (Vulnerable code introduced later) [stretch] - tmux <not-affected> (Vulnerable code introduced later) @@ -5043,8 +5098,8 @@ CVE-2020-25839 RESERVED CVE-2020-25838 RESERVED -CVE-2020-25837 - RESERVED +CVE-2020-25837 (Sensitive information disclosure vulnerability in Micro Focus Self Ser ...) + TODO: check CVE-2020-25836 RESERVED CVE-2020-25835 @@ -5469,10 +5524,10 @@ CVE-2020-25664 RESERVED CVE-2020-25663 RESERVED -CVE-2020-25662 - RESERVED -CVE-2020-25661 - RESERVED +CVE-2020-25662 (A Red Hat only CVE-2020-12352 regression issue was found in the way th ...) + TODO: check +CVE-2020-25661 (A Red Hat only CVE-2020-12351 regression issue was found in the way th ...) + TODO: check CVE-2020-25660 RESERVED CVE-2020-25659 [bleichenbacher timing oracle attack against RSA decryption] @@ -8198,34 +8253,34 @@ CVE-2020-24441 RESERVED CVE-2020-24440 RESERVED -CVE-2020-24439 - RESERVED -CVE-2020-24438 - RESERVED -CVE-2020-24437 - RESERVED -CVE-2020-24436 - RESERVED -CVE-2020-24435 - RESERVED -CVE-2020-24434 - RESERVED -CVE-2020-24433 - RESERVED -CVE-2020-24432 - RESERVED -CVE-2020-24431 - RESERVED -CVE-2020-24430 - RESERVED -CVE-2020-24429 - RESERVED -CVE-2020-24428 - RESERVED -CVE-2020-24427 - RESERVED -CVE-2020-24426 - RESERVED +CVE-2020-24439 (Acrobat Reader DC for macOS versions 2020.012.20048 (and earlier), 202 ...) + TODO: check +CVE-2020-24438 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) + TODO: check +CVE-2020-24437 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) + TODO: check +CVE-2020-24436 (Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 ( ...) + TODO: check +CVE-2020-24435 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) + TODO: check +CVE-2020-24434 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) + TODO: check +CVE-2020-24433 (Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.00 ...) + TODO: check +CVE-2020-24432 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) + TODO: check +CVE-2020-24431 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) + TODO: check +CVE-2020-24430 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) + TODO: check +CVE-2020-24429 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) + TODO: check +CVE-2020-24428 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) + TODO: check +CVE-2020-24427 (Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 ( ...) + TODO: check +CVE-2020-24426 (Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.3000 ...) + TODO: check CVE-2020-24425 (Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled ...) NOT-FOR-US: Adobe CVE-2020-24424 (Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncont ...) @@ -22129,8 +22184,7 @@ CVE-2020-17512 RESERVED CVE-2020-17511 RESERVED -CVE-2020-17510 [Authentication Bypass Vulnerability] - RESERVED +CVE-2020-17510 (Apache Shiro before 1.7.0, when using Apache Shiro with Spring, a spec ...) - shiro <unfixed> NOTE: https://www.openwall.com/lists/oss-security/2020/11/04/7 CVE-2020-17509 @@ -26114,8 +26168,7 @@ CVE-2020-15709 (Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0 [buster] - software-properties <no-dsa> (Minor issue) NOTE: https://www.openwall.com/lists/oss-security/2020/08/03/1 NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/1890286 -CVE-2020-15708 [incorrect permissions on the UNIX domain socket allows local attacker to escalate privileges] - RESERVED +CVE-2020-15708 (Ubuntu's packaging of libvirt in 20.04 LTS created a control socket wi ...) - libvirt <not-affected> (Ubuntu specific issue) NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1866270#c2 NOTE: Debian used to use polkit in 1.2.9-rc1-1 and only later on @@ -31615,10 +31668,10 @@ CVE-2020-13539 RESERVED CVE-2020-13538 RESERVED -CVE-2020-13537 - RESERVED -CVE-2020-13536 - RESERVED +CVE-2020-13537 (An exploitable local privilege elevation vulnerability exists in the f ...) + TODO: check +CVE-2020-13536 (An exploitable local privilege elevation vulnerability exists in the f ...) + TODO: check CVE-2020-13535 RESERVED CVE-2020-13534 @@ -41671,11 +41724,13 @@ CVE-2020-9500 (Some products of Dahua have Denial of Service vulnerabilities. Af CVE-2020-9499 (Some Dahua products have buffer overflow vulnerabilities. After the su ...) NOT-FOR-US: Dahua CVE-2020-9498 (Apache Guacamole 1.1.0 and older may mishandle pointers involved inpro ...) + {DLA-2435-1} - guacamole-server <unfixed> (bug #964195) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/3 NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/ NOTE: Fixed by https://github.com/apache/guacamole-server/commit/a0e11dc81727528224d28466903454e1cb0266bb CVE-2020-9497 (Apache Guacamole 1.1.0 and older do not properly validate datareceived ...) + {DLA-2435-1} - guacamole-server <unfixed> (bug #964195) NOTE: https://www.openwall.com/lists/oss-security/2020/07/02/2 NOTE: https://research.checkpoint.com/2020/apache-guacamole-rce/ @@ -46956,8 +47011,8 @@ CVE-2020-7209 (LinuxKI v6.0-1 and earlier is vulnerable to an remote code execut NOT-FOR-US: LinuxKI CVE-2020-7208 (LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved i ...) NOT-FOR-US: LinuxKI -CVE-2020-7207 - RESERVED +CVE-2020-7207 (A local elevation of privilege using physical access security vulnerab ...) + TODO: check CVE-2020-7206 (HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has ...) NOT-FOR-US: HP nagios plugin for iLO CVE-2020-7205 (A potential security vulnerability has been identified in HPE Intellig ...) @@ -47753,8 +47808,8 @@ CVE-2020-6879 RESERVED CVE-2020-6878 RESERVED -CVE-2020-6877 - RESERVED +CVE-2020-6877 (A ZTE product is impacted by an information leak vulnerability. An att ...) + TODO: check CVE-2020-6876 (A ZTE product is impacted by an XSS vulnerability. The vulnerability i ...) NOT-FOR-US: ZTE CVE-2020-6875 (A ZTE product is impacted by the improper access control vulnerability ...) @@ -50107,8 +50162,8 @@ CVE-2020-6017 RESERVED CVE-2020-6016 RESERVED -CVE-2020-6015 - RESERVED +CVE-2020-6015 (Check Point Endpoint Security for Windows before E84.10 can reach deni ...) + TODO: check CVE-2020-6014 (Check Point Endpoint Security Client for Windows, with Anti-Bot or Thr ...) NOT-FOR-US: Check Point Endpoint Security Client CVE-2020-6013 (ZoneAlarm Firewall and Antivirus products before version 15.8.109.1843 ...) @@ -50276,22 +50331,22 @@ CVE-2020-5948 RESERVED CVE-2020-5947 RESERVED -CVE-2020-5946 - RESERVED -CVE-2020-5945 - RESERVED -CVE-2020-5944 - RESERVED -CVE-2020-5943 - RESERVED -CVE-2020-5942 - RESERVED -CVE-2020-5941 - RESERVED -CVE-2020-5940 - RESERVED -CVE-2020-5939 - RESERVED +CVE-2020-5946 (In BIG-IP Advanced WAF and FPS versions 16.0.0-16.0.0.1, 15.1.0-15.1.0 ...) + TODO: check +CVE-2020-5945 (In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2 ...) + TODO: check +CVE-2020-5944 (In BIG-IQ 7.1.0, accessing the DoS Summary events and DNS Overview pag ...) + TODO: check +CVE-2020-5943 (In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP objec ...) + TODO: check +CVE-2020-5942 (In BIG-IP PEM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.2 ...) + TODO: check +CVE-2020-5941 (On BIG-IP versions 16.0.0-16.0.0.1 and 15.1.0-15.1.0.5, using the RESO ...) + TODO: check +CVE-2020-5940 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.3, a s ...) + TODO: check +CVE-2020-5939 (In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.3, 15.0.0-15.0.1.3, 14.1.0- ...) + TODO: check CVE-2020-5938 (On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when ...) NOT-FOR-US: F5 BIG-IP CVE-2020-5937 (On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM ...) @@ -50582,8 +50637,8 @@ CVE-2020-5795 RESERVED CVE-2020-5794 RESERVED -CVE-2020-5793 - RESERVED +CVE-2020-5793 (A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows &a ...) + TODO: check CVE-2020-5792 (Improper neutralization of argument delimiters in a command in Nagios ...) NOT-FOR-US: Nagios XI CVE-2020-5791 (Improper neutralization of special elements used in an OS command in N ...) @@ -50834,8 +50889,8 @@ CVE-2020-5669 RESERVED CVE-2020-5668 RESERVED -CVE-2020-5667 - RESERVED +CVE-2020-5667 (Studyplus App for Android v6.3.7 and earlier and Studyplus App for iOS ...) + TODO: check CVE-2020-5666 RESERVED CVE-2020-5665 @@ -50870,20 +50925,20 @@ CVE-2020-5651 (SQL injection vulnerability in Simple Download Monitor 3.8.8 and NOT-FOR-US: Simple Download Monitor CVE-2020-5650 (Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 an ...) NOT-FOR-US: Simple Download Monitor -CVE-2020-5649 - RESERVED -CVE-2020-5648 - RESERVED -CVE-2020-5647 - RESERVED -CVE-2020-5646 - RESERVED -CVE-2020-5645 - RESERVED -CVE-2020-5644 - RESERVED -CVE-2020-5643 - RESERVED +CVE-2020-5649 (Resource management error vulnerability in TCP/IP function included in ...) + TODO: check +CVE-2020-5648 (Improper neutralization of argument delimiters in a command ('Argument ...) + TODO: check +CVE-2020-5647 (Improper access control vulnerability in TCP/IP function included in t ...) + TODO: check +CVE-2020-5646 (NULL pointer dereferences vulnerability in TCP/IP function included in ...) + TODO: check +CVE-2020-5645 (Session fixation vulnerability in TCP/IP function included in the firm ...) + TODO: check +CVE-2020-5644 (Buffer overflow vulnerability in TCP/IP function included in the firmw ...) + TODO: check +CVE-2020-5643 (Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0. ...) + TODO: check CVE-2020-5642 (Cross-site request forgery (CSRF) vulnerability in Live Chat - Live su ...) NOT-FOR-US: Live Chat CVE-2020-5641 |