diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-29 08:10:18 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-29 08:10:18 +0000 |
commit | 026e3d2c68f22fe9bb9fd636f0f5f7414e5784a3 (patch) | |
tree | 17591eecdcba8bc9ce61e825f63785b81d73f1fd /data/CVE/list | |
parent | c23d11ea9dde0ee93e4cacf233e99ee0f518193d (diff) |
automatic update
Diffstat (limited to 'data/CVE/list')
-rw-r--r-- | data/CVE/list | 306 |
1 files changed, 265 insertions, 41 deletions
diff --git a/data/CVE/list b/data/CVE/list index a16e9ec931..ac325cb840 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,4 +1,228 @@ -CVE-2020-8428 [user-triggerable read-after-free crash or 1-bit infoleak oracle in open] +CVE-2020-8427 + RESERVED +CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...) + TODO: check +CVE-2020-8425 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) + TODO: check +CVE-2020-8424 (Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that le ...) + TODO: check +CVE-2020-8423 + RESERVED +CVE-2020-8422 + RESERVED +CVE-2020-8421 (An issue was discovered in Joomla! before 3.9.15. Inadequate escaping ...) + TODO: check +CVE-2020-8420 (An issue was discovered in Joomla! before 3.9.15. A missing CSRF token ...) + TODO: check +CVE-2020-8419 (An issue was discovered in Joomla! before 3.9.15. Missing token checks ...) + TODO: check +CVE-2020-8418 + RESERVED +CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) + TODO: check +CVE-2020-8416 + RESERVED +CVE-2020-8415 + RESERVED +CVE-2020-8414 + RESERVED +CVE-2020-8413 + RESERVED +CVE-2020-8412 + RESERVED +CVE-2020-8411 + RESERVED +CVE-2020-8410 + RESERVED +CVE-2020-8409 + RESERVED +CVE-2020-8408 + RESERVED +CVE-2020-8407 + RESERVED +CVE-2020-8406 + RESERVED +CVE-2020-8405 + RESERVED +CVE-2020-8404 + RESERVED +CVE-2020-8403 + RESERVED +CVE-2020-8402 + RESERVED +CVE-2020-8401 + RESERVED +CVE-2020-8400 + RESERVED +CVE-2020-8399 + RESERVED +CVE-2020-8398 + RESERVED +CVE-2020-8397 + RESERVED +CVE-2020-8396 + RESERVED +CVE-2020-8395 + RESERVED +CVE-2020-8394 + RESERVED +CVE-2020-8393 + RESERVED +CVE-2020-8392 + RESERVED +CVE-2020-8391 + RESERVED +CVE-2020-8390 + RESERVED +CVE-2020-8389 + RESERVED +CVE-2020-8388 + RESERVED +CVE-2020-8387 + RESERVED +CVE-2020-8386 + RESERVED +CVE-2020-8385 + RESERVED +CVE-2020-8384 + RESERVED +CVE-2020-8383 + RESERVED +CVE-2020-8382 + RESERVED +CVE-2020-8381 + RESERVED +CVE-2020-8380 + RESERVED +CVE-2020-8379 + RESERVED +CVE-2020-8378 + RESERVED +CVE-2020-8377 + RESERVED +CVE-2020-8376 + RESERVED +CVE-2020-8375 + RESERVED +CVE-2020-8374 + RESERVED +CVE-2020-8373 + RESERVED +CVE-2020-8372 + RESERVED +CVE-2020-8371 + RESERVED +CVE-2020-8370 + RESERVED +CVE-2020-8369 + RESERVED +CVE-2020-8368 + RESERVED +CVE-2020-8367 + RESERVED +CVE-2020-8366 + RESERVED +CVE-2020-8365 + RESERVED +CVE-2020-8364 + RESERVED +CVE-2020-8363 + RESERVED +CVE-2020-8362 + RESERVED +CVE-2020-8361 + RESERVED +CVE-2020-8360 + RESERVED +CVE-2020-8359 + RESERVED +CVE-2020-8358 + RESERVED +CVE-2020-8357 + RESERVED +CVE-2020-8356 + RESERVED +CVE-2020-8355 + RESERVED +CVE-2020-8354 + RESERVED +CVE-2020-8353 + RESERVED +CVE-2020-8352 + RESERVED +CVE-2020-8351 + RESERVED +CVE-2020-8350 + RESERVED +CVE-2020-8349 + RESERVED +CVE-2020-8348 + RESERVED +CVE-2020-8347 + RESERVED +CVE-2020-8346 + RESERVED +CVE-2020-8345 + RESERVED +CVE-2020-8344 + RESERVED +CVE-2020-8343 + RESERVED +CVE-2020-8342 + RESERVED +CVE-2020-8341 + RESERVED +CVE-2020-8340 + RESERVED +CVE-2020-8339 + RESERVED +CVE-2020-8338 + RESERVED +CVE-2020-8337 + RESERVED +CVE-2020-8336 + RESERVED +CVE-2020-8335 + RESERVED +CVE-2020-8334 + RESERVED +CVE-2020-8333 + RESERVED +CVE-2020-8332 + RESERVED +CVE-2020-8331 + RESERVED +CVE-2020-8330 + RESERVED +CVE-2020-8329 + RESERVED +CVE-2020-8328 + RESERVED +CVE-2020-8327 + RESERVED +CVE-2020-8326 + RESERVED +CVE-2020-8325 + RESERVED +CVE-2020-8324 + RESERVED +CVE-2020-8323 + RESERVED +CVE-2020-8322 + RESERVED +CVE-2020-8321 + RESERVED +CVE-2020-8320 + RESERVED +CVE-2020-8319 + RESERVED +CVE-2020-8318 + RESERVED +CVE-2020-8317 + RESERVED +CVE-2020-8316 + RESERVED +CVE-2020-8428 (fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky u ...) - linux <unfixed> [jessie] - linux <not-affected> (Vulnerable code introduced later) NOTE: Fixed by: https://git.kernel.org/linus/d0cb50185ae942b03c4327be322055d622dc79f6 @@ -6613,8 +6837,8 @@ CVE-2020-5229 RESERVED CVE-2020-5228 RESERVED -CVE-2020-5227 - RESERVED +CVE-2020-5227 (Feedgen (python feedgen) before 0.9.0 is susceptible to XML Denial of ...) + TODO: check CVE-2020-5226 (Cross-site scripting in SimpleSAMLphp before version 1.18.4. The www/e ...) - simplesamlphp 1.18.4-1 [buster] - simplesamlphp <not-affected> (Vulnerable code introduced later) @@ -6651,8 +6875,8 @@ CVE-2020-5216 (In Secure Headers (RubyGem secure_headers), a directive injection - ruby-secure-headers <unfixed> (bug #949998) NOTE: https://github.com/twitter/secure_headers/security/advisories/GHSA-w978-rmpf-qmwg NOTE: https://github.com/twitter/secure_headers/commit/301695706f6a70517c2a90c6ef9b32178440a2d0 -CVE-2020-5215 - RESERVED +CVE-2020-5215 (In TensorFlow before 1.15.2 and 2.0.1, converting a string (from Pytho ...) + TODO: check CVE-2020-5214 (In NetHack before 3.6.5, detecting an unknown configuration file optio ...) TODO: check CVE-2020-5213 (In NetHack before 3.6.5, too long of a value for the SYMBOL configurat ...) @@ -6971,12 +7195,12 @@ CVE-2019-20218 (selectExpander in select.c in SQLite 3.30.1 proceeds with WITH s [stretch] - sqlite3 <no-dsa> (Minor issue) [jessie] - sqlite3 <no-dsa> (Minor issue) NOTE: Fixed by: https://github.com/sqlite/sqlite/commit/a6c1a71cde082e09750465d5675699062922e387 -CVE-2019-20217 - RESERVED -CVE-2019-20216 - RESERVED -CVE-2019-20215 - RESERVED +CVE-2019-20217 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) + TODO: check +CVE-2019-20216 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) + TODO: check +CVE-2019-20215 (D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers ...) + TODO: check CVE-2019-20214 RESERVED CVE-2019-20213 (D-Link DIR-859 routers before v1.07b03_beta allow Unauthenticated Info ...) @@ -110570,6 +110794,7 @@ CVE-2018-1000036 (In MuPDF 1.12.0 and earlier, multiple memory leaks in the PDF NOTE: http://git.ghostscript.com/?p=mupdf.git;h=985fdcfc117a3bd4bc097cdcae8347b3787fbab2 NOTE: negligible security impact, memory leak in CLI tool CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version <= 6. ...) + {DLA-2082-1} - unzip 6.0-22 (bug #889838) [stretch] - unzip 6.0-21+deb9u1 [wheezy] - unzip <no-dsa> (Harmless crash, builds with fortified source) @@ -220617,8 +220842,8 @@ CVE-2015-5485 (Cross-site scripting (XSS) vulnerability in the Event Import page NOT-FOR-US: Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin for WordPress CVE-2015-5484 (Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1 ...) NOT-FOR-US: Plotly plugin for WordPress -CVE-2015-5483 - RESERVED +CVE-2015-5483 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Priv ...) + TODO: check CVE-2015-5482 (Directory traversal vulnerability in the GD bbPress Attachments plugin ...) NOT-FOR-US: GD bbPress Attachments plugin for WordPress CVE-2015-5481 (Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD ...) @@ -240438,8 +240663,8 @@ CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in assets/mis NOT-FOR-US: Wordpress plugin CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows remote at ...) NOT-FOR-US: Grand Flagallery plugin for WordPress -CVE-2014-8490 - RESERVED +CVE-2014-8490 (Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9 ...) + TODO: check CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attacke ...) {DSA-3130-1} - lsyncd 2.1.5-2 (low; bug #767227) @@ -272965,12 +273190,12 @@ CVE-2013-3216 RESERVED CVE-2013-3215 RESERVED -CVE-2013-3214 - RESERVED +CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerabilit ...) + TODO: check CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4 ...) NOT-FOR-US: vTiger CRM -CVE-2013-3212 - RESERVED +CVE-2013-3212 (vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilitie ...) + TODO: check CVE-2012-6551 (The default configuration of Apache ActiveMQ before 5.8.0 enables a sa ...) - activemq <not-affected> (Example code not shipped in .deb) CVE-2013-3211 (Unspecified vulnerability in Opera before 12.15 has unknown impact and ...) @@ -273209,8 +273434,8 @@ CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-L NOT-FOR-US: D-Link CVE-2013-3094 RESERVED -CVE-2013-3093 - RESERVED +CVE-2013-3093 (ASUS RT-N56U devices allow CSRF. ...) + TODO: check CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass a ...) NOT-FOR-US: Belkin router CVE-2013-3091 @@ -273254,14 +273479,14 @@ CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initi - linux-2.6 <not-affected> (Vulnerable code not present) CVE-2013-3075 (Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Comp ...) NOT-FOR-US: Mitsubishi MX Component 3 -CVE-2013-3074 - RESERVED +CVE-2013-3074 (NetGear WNDR4700 Media Server devices with firmware 1.0.0.34 allow rem ...) + TODO: check CVE-2013-3073 (A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 F ...) NOT-FOR-US: NETGEAR CVE-2013-3072 (An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4 ...) NOT-FOR-US: NETGEAR -CVE-2013-3071 - RESERVED +CVE-2013-3071 (NETGEAR Centria WNDR4700 devices with firmware 1.0.0.34 allow authenti ...) + TODO: check CVE-2013-3070 (An Information Disclosure vulnerability exists in Netgear WNDR4700 run ...) NOT-FOR-US: NETGEAR CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR470 ...) @@ -274085,8 +274310,7 @@ CVE-2013-2765 (The ModSecurity module before 2.7.4 for the Apache HTTP Server al [squeeze] - libapache-mod-security 2.5.12-1+squeeze2 NOTE: https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES NOTE: https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba -CVE-2013-2764 - RESERVED +CVE-2013-2764 (Secure Entry Server before 4.7.0 contains a URI Redirection vulnerabil ...) NOT-FOR-US: Secure Entry Server CVE-2013-2763 (** DISPUTED ** The Schneider Electric M340 PLC modules allow remote at ...) NOT-FOR-US: Schneider Electric M340 modules @@ -274118,8 +274342,8 @@ CVE-2013-2750 (Cross-site scripting (XSS) vulnerability in e107_plugins/content/ NOT-FOR-US: e107 CVE-2013-2749 REJECTED -CVE-2013-2748 - RESERVED +CVE-2013-2748 (Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote att ...) + TODO: check CVE-2013-2747 (The password reset feature in Courion Access Risk Management Suite Ver ...) NOT-FOR-US: Courion Access Risk Management Suite CVE-2013-2746 @@ -274197,8 +274421,8 @@ CVE-2013-2716 (Puppet Labs Puppet Enterprise before 2.8.0 does not use a "random NOT-FOR-US: Puppet Labs Puppet Enterprise CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the Sear ...) NOT-FOR-US: Drupal module search_api -CVE-2013-2714 - RESERVED +CVE-2013-2714 (Cross-site Scripting (XSS) in WordPress podPress Plugin 8.8.10.13 coul ...) + TODO: check CVE-2013-2713 (Cross-site request forgery (CSRF) vulnerability in users_maint.html in ...) NOT-FOR-US: KrisonAV CVE-2013-2712 (Cross-site scripting (XSS) vulnerability in services/get_article.php i ...) @@ -277806,16 +278030,16 @@ CVE-2013-1605 (Buffer overflow in MayGion IP Cameras with firmware before 2013.0 NOT-FOR-US: MayGion IP Cameras CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with firmware ...) NOT-FOR-US: MayGion IP Cameras -CVE-2013-1603 - RESERVED -CVE-2013-1602 - RESERVED -CVE-2013-1601 - RESERVED -CVE-2013-1600 - RESERVED -CVE-2013-1599 - RESERVED +CVE-2013-1603 (An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO ...) + TODO: check +CVE-2013-1602 (An Information Disclosure vulnerability exists due to insufficient val ...) + TODO: check +CVE-2013-1601 (An Information Disclosure vulnerability exists due to a failure to res ...) + TODO: check +CVE-2013-1600 (An Authentication Bypass vulnerability exists in upnp/asf-mp4.asf when ...) + TODO: check +CVE-2013-1599 (A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd. ...) + TODO: check CVE-2013-1598 (A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras ...) NOT-FOR-US: Vivotek PT7135 IP Cameras CVE-2013-1597 (A Directory Traversal vulnerability exists in Vivotek PT7135 IP Camera ...) |