diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2020-06-18 20:10:27 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2020-06-18 20:10:27 +0000 |
| commit | 9b82dbd0dff889578cfb55becd4dcaf2ae79dc28 (patch) | |
| tree | a0c2ef08bccd8aaa7d2ba4aa86e53532a3458a29 | |
| parent | 5bbf7dccaa5dab13ec27d7f39e674d7b2b74298c (diff) | |
automatic update
| -rw-r--r-- | data/CVE/list | 149 |
1 files changed, 102 insertions, 47 deletions
diff --git a/data/CVE/list b/data/CVE/list index f73c13d566..6133bca889 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,4 +1,66 @@ -CVE-2020-14416 [can, slip: Protect tty->disc_data in write_wakeup and close with RCU] +CVE-2020-14446 (An issue was discovered in WSO2 Identity Server through 5.10.0 and WSO ...) + TODO: check +CVE-2020-14445 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...) + TODO: check +CVE-2020-14444 (An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 ...) + TODO: check +CVE-2020-14443 (A SQL injection vulnerability in accountancy/customer/card.php in Doli ...) + TODO: check +CVE-2020-14442 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-14441 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-14440 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-14439 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-14438 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-14437 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-14436 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-14435 (Certain NETGEAR devices are affected by command injection by an unauth ...) + TODO: check +CVE-2020-14434 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-14433 (Certain NETGEAR devices are affected by command injection by an authen ...) + TODO: check +CVE-2020-14432 (Certain NETGEAR devices are affected by CSRF. This affects RBK752 befo ...) + TODO: check +CVE-2020-14431 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-14430 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-14429 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-14428 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-14427 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-14426 (Certain NETGEAR devices are affected by disclosure of administrative c ...) + TODO: check +CVE-2020-14425 + RESERVED +CVE-2020-14424 + RESERVED +CVE-2020-14423 (Convos before 4.20 does not properly generate a random secret in Core/ ...) + TODO: check +CVE-2020-14422 (Lib/ipaddress.py in Python through 3.8.3 improperly computes hash valu ...) + TODO: check +CVE-2020-14421 (aaPanel through 6.6.6 allows remote authenticated users to execute arb ...) + TODO: check +CVE-2020-14420 + RESERVED +CVE-2020-14419 + RESERVED +CVE-2020-14418 + RESERVED +CVE-2020-14417 + RESERVED +CVE-2020-14415 + RESERVED +CVE-2020-14416 (In the Linux kernel before 5.4.16, a race condition in tty->disc_da ...) - linux 5.4.19-1 [buster] - linux 4.19.118-1 [stretch] - linux 4.9.210-1+deb9u1 @@ -1205,8 +1267,8 @@ CVE-2020-13884 (Citrix Workspace App before 1912 on Windows has Insecure Permiss NOT-FOR-US: Citrix CVE-2020-13883 (In WSO2 API Manager 3.0.0 and earlier, WSO2 API Microgateway 2.2.0, an ...) NOT-FOR-US: WSO2 API Manager -CVE-2020-13882 - RESERVED +CVE-2020-13882 (CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TO ...) + TODO: check CVE-2020-13881 (In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared se ...) {DLA-2239-1} - libpam-tacplus <unfixed> (low; bug #962830) @@ -1882,8 +1944,8 @@ CVE-2020-13642 (An issue was discovered in the SiteOrigin Page Builder plugin be NOT-FOR-US: SiteOrigin Page Builder plugin for WordPress CVE-2020-13641 (An issue was discovered in the Real-Time Find and Replace plugin befor ...) NOT-FOR-US: Real-Time Find and Replace plugin for WordPress -CVE-2020-13640 - RESERVED +CVE-2020-13640 (A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlie ...) + TODO: check CVE-2020-13639 RESERVED CVE-2020-13638 @@ -1985,7 +2047,7 @@ CVE-2020-13598 CVE-2020-13597 (Clusters using Calico (version 3.14.0 and below), Calico Enterprise (v ...) NOT-FOR-US: Calico CVE-2020-13596 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) - {DLA-2233-1} + {DSA-4705-1 DLA-2233-1} - python-django 2:2.2.13-1 (bug #962323) NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 NOTE: https://github.com/django/django/commit/2dd4d110c159d0c81dff42eaead2c378a0998735 (master) @@ -2736,7 +2798,7 @@ CVE-2020-13256 CVE-2020-13255 RESERVED CVE-2020-13254 (An issue was discovered in Django 2.2 before 2.2.13 and 3.0 before 3.0 ...) - {DLA-2233-1} + {DSA-4705-1 DLA-2233-1} - python-django 2:2.2.13-1 (bug #962323) NOTE: https://www.openwall.com/lists/oss-security/2020/06/03/1 NOTE: https://github.com/django/django/commit/2c82414914ae6476be5a166be9ff49c24d0d9069 (master) @@ -3533,16 +3595,16 @@ CVE-2020-12889 (MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection acr CVE-2020-12888 (The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles atte ...) - linux <unfixed> NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1836244 -CVE-2020-12887 - RESERVED -CVE-2020-12886 - RESERVED -CVE-2020-12885 - RESERVED -CVE-2020-12884 - RESERVED -CVE-2020-12883 - RESERVED +CVE-2020-12887 (Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 ...) + TODO: check +CVE-2020-12886 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...) + TODO: check +CVE-2020-12885 (An infinite loop was discovered in the CoAP library in Arm Mbed OS 5.1 ...) + TODO: check +CVE-2020-12884 (A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5 ...) + TODO: check +CVE-2020-12883 (Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5 ...) + TODO: check CVE-2020-12882 (Submitty through 20.04.01 allows XSS via upload of an SVG document, as ...) NOT-FOR-US: Submitty CVE-2020-12881 @@ -8226,8 +8288,8 @@ CVE-2020-11505 (An issue was discovered in GitLab Community Edition (CE) and Ent NOTE: https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/ CVE-2020-11504 RESERVED -CVE-2020-11503 - RESERVED +CVE-2020-11503 (A heap-based buffer overflow in the awarrensmtp component of Sophos XG ...) + TODO: check CVE-2020-11502 RESERVED CVE-2020-11500 (Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for vi ...) @@ -10277,8 +10339,8 @@ CVE-2020-10784 RESERVED CVE-2020-10783 RESERVED -CVE-2020-10782 - RESERVED +CVE-2020-10782 (An exposure of sensitive information flaw was found in Ansible Tower b ...) + TODO: check CVE-2020-10781 [zram sysfs resource consumption] RESERVED - linux <unfixed> @@ -14059,8 +14121,8 @@ CVE-2020-9227 RESERVED CVE-2020-9226 RESERVED -CVE-2020-9225 - RESERVED +CVE-2020-9225 (FusionSphere OpenStack 6.5.1 have an improper permissions management v ...) + TODO: check CVE-2020-9224 RESERVED CVE-2020-9223 @@ -33120,10 +33182,10 @@ CVE-2020-1837 RESERVED CVE-2020-1836 RESERVED -CVE-2020-1835 - RESERVED -CVE-2020-1834 - RESERVED +CVE-2020-1835 (HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have ...) + TODO: check +CVE-2020-1834 (HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C0 ...) + TODO: check CVE-2020-1833 (Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) ...) NOT-FOR-US: Huawei CVE-2020-1832 (E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3. ...) @@ -33140,7 +33202,7 @@ CVE-2020-1827 (Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R NOT-FOR-US: Huawei CVE-2020-1826 (Huawei Honor Magic2 mobile phones with versions earlier than 10.0.0.17 ...) NOT-FOR-US: Huawei -CVE-2020-1825 (Huawei FusionAccess products with versions earlier than 6.5.1.SPC002 h ...) +CVE-2020-1825 (FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of ...) NOT-FOR-US: Huawei CVE-2020-1824 RESERVED @@ -56817,8 +56879,8 @@ CVE-2019-13045 (Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, NOTE: https://github.com/irssi/irssi/pull/1058 NOTE: https://github.com/irssi/irssi/commit/5a67b983dc97caeb5df1139aabd0bc4f260a47d8 NOTE: Fixed in 1.0.8, 1.1.3, 1.2.1 -CVE-2019-13033 - RESERVED +CVE-2019-13033 (In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by ...) + TODO: check CVE-2019-13032 (An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL point ...) - flightcrew 0.7.2+dfsg-14 (unimportant; bug #931246) [buster] - flightcrew 0.7.2+dfsg-13+deb10u1 @@ -72577,11 +72639,11 @@ CVE-2019-7658 RESERVED CVE-2019-7657 RESERVED -CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 a ...) +CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.8.0 a ...) NOT-FOR-US: Wowza Streaming Engine -CVE-2019-7655 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authentic ...) +CVE-2019-7655 (Wowza Streaming Engine 4.8.0 and earlier from multiple authenticated X ...) NOT-FOR-US: Wowza Streaming Engine -CVE-2019-7654 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vuln ...) +CVE-2019-7654 (Wowza Streaming Engine 4.8.0 and earlier suffers from multiple CSRF vu ...) NOT-FOR-US: Wowza Streaming Engine CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...) NOT-FOR-US: TheHive Project UnshortenLink analyzer @@ -172809,38 +172871,31 @@ CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode func [jessie] - openexr <no-dsa> (Minor issue) NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5 NOTE: https://github.com/openexr/openexr/issues/232 -CVE-2017-9109 - RESERVED +CVE-2017-9109 (An issue was discovered in adns before 1.5.2. It fails to ignore appar ...) - adns <unfixed> (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=fcf2b4e1faf22accb6184cca595aaee602839868 NOTE: Stub resolver that should only be used with trusted recursors -CVE-2017-9108 - RESERVED +CVE-2017-9108 (An issue was discovered in adns before 1.5.2. adnshost mishandles a mi ...) - adns <unfixed> (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=72c6bfd77dfdb34457a792874fd1c3030fca90ac NOTE: Stub resolver that should only be used with trusted recursors -CVE-2017-9107 - RESERVED +CVE-2017-9107 (An issue was discovered in adns before 1.5.2. It overruns reading a bu ...) - adns <unfixed> (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=278f8eee581c4c4a0ddd0f98c4dc8c2974cf6b90 NOTE: Stub resolver that should only be used with trusted recursors -CVE-2017-9106 - RESERVED +CVE-2017-9106 (An issue was discovered in adns before 1.5.2. adns_rr_info mishandles ...) - adns <unfixed> (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=37792aacaf7abbcdac6a02715a5ef794b5147f13 NOTE: Stub resolver that should only be used with trusted recursors -CVE-2017-9105 - RESERVED +CVE-2017-9105 (An issue was discovered in adns before 1.5.2. It corrupts a pointer wh ...) - adns <unfixed> (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=17afb298d90c5aafed76bd3855a5fe7dcd58594c NOTE: Stub resolver that should only be used with trusted recursors -CVE-2017-9104 - RESERVED +CVE-2017-9104 (An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if ...) - adns <unfixed> (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=7ba7a232de0516d2cce934bdc91627b33b46ef47 NOTE: Stub resolver that should only be used with trusted recursors -CVE-2017-9103 - RESERVED +CVE-2017-9103 (An issue was discovered in adns before 1.5.2. pap_mailbox822 does not ...) - adns <unfixed> (unimportant) NOTE: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=020d86e2eccc2dbdfa9dcca08ddb327cc7ca3ae2 NOTE: Stub resolver that should only be used with trusted recursors |