automatic update

author: security tracker role <sectracker@soriano.debian.org> 2020-01-29 20:10:27 +0000
committer: security tracker role <sectracker@soriano.debian.org> 2020-01-29 20:10:27 +0000
commit: 4ee7200e1e815ef6f483fc75056aab7885b4bbc1 (patch)
tree: cdd66542a2e679f2eaffd95f4431b9d99267db7c /data
parent: 799a0d36d305130984f3c5a800ce1a7f60b5ea09 (diff)
1 files changed, 84 insertions, 85 deletions
diff --git a/data/CVE/list b/data/CVE/list
index a3d42049ed..cb793175c7 100644
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,11 @@
+CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...)
+	TODO: check
+CVE-2020-8431
+	RESERVED
+CVE-2020-8430
+	RESERVED
+CVE-2020-8429
+	RESERVED
 CVE-2020-8427
 	RESERVED
 CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...)
@@ -20,8 +28,8 @@ CVE-2020-8418
 	RESERVED
 CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...)
 	NOT-FOR-US: Code Snippets plugin for WordPress
-CVE-2020-8416
-	RESERVED
+CVE-2020-8416 (BearFTP before 0.2.0 allows remote attackers to achieve denial of serv ...)
+	TODO: check
 CVE-2020-8415
 	RESERVED
 CVE-2020-8414
@@ -672,10 +680,10 @@ CVE-2020-8095
 	RESERVED
 CVE-2020-8094
 	RESERVED
-CVE-2020-8093
-	RESERVED
-CVE-2020-8092
-	RESERVED
+CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...)
+	TODO: check
+CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...)
+	TODO: check
 CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...)
 	NOT-FOR-US: TYPO3
 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB  ...)
@@ -986,8 +994,8 @@ CVE-2020-7967
 	RESERVED
 CVE-2020-7966
 	RESERVED
-CVE-2020-7965
-	RESERVED
+CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...)
+	TODO: check
 CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect  ...)
 	NOT-FOR-US: Mirumee Saleor
 CVE-2020-7963
@@ -2520,8 +2528,8 @@ CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field
 	NOT-FOR-US: SMC D3G0804W devices
 CVE-2020-7248
 	RESERVED
-CVE-2020-7247 [LPE and RCE in OpenSMTPD]
-	RESERVED
+CVE-2020-7247 (smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6 ...)
+	{DSA-4611-1}
 	- opensmtpd 6.6.2p1-1
 	NOTE: https://www.openwall.com/lists/oss-security/2020/01/28/3
 	NOTE: Fixed by: https://github.com/OpenSMTPD/OpenSMTPD/commit/2afab2297347342f81fa31a75bbbf7dbee614fda
@@ -2839,6 +2847,7 @@ CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_i
 	NOTE: https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464
 	NOTE: https://github.com/Cacti/cacti/commit/b1c70e19466a6e69284e24cde437b55ccc454bee
 CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...)
+	{DLA-2083-1}
 	- hiredis 0.14.0-5 (bug #949995)
 	NOTE: https://github.com/redis/hiredis/pull/754
 	NOTE: https://github.com/redis/hiredis/pull/756
@@ -11018,8 +11027,8 @@ CVE-2020-3760
 	RESERVED
 CVE-2020-3759
 	RESERVED
-CVE-2020-3758
-	RESERVED
+CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
+	TODO: check
 CVE-2020-3757
 	RESERVED
 CVE-2020-3756
@@ -11096,26 +11105,26 @@ CVE-2020-3721
 	RESERVED
 CVE-2020-3720
 	RESERVED
-CVE-2020-3719
-	RESERVED
-CVE-2020-3718
-	RESERVED
-CVE-2020-3717
-	RESERVED
-CVE-2020-3716
-	RESERVED
-CVE-2020-3715
-	RESERVED
-CVE-2020-3714
-	RESERVED
-CVE-2020-3713
-	RESERVED
-CVE-2020-3712
-	RESERVED
-CVE-2020-3711
-	RESERVED
-CVE-2020-3710
-	RESERVED
+CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
+	TODO: check
+CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
+	TODO: check
+CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
+	TODO: check
+CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
+	TODO: check
+CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...)
+	TODO: check
+CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
+	TODO: check
+CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
+	TODO: check
+CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
+	TODO: check
+CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
+	TODO: check
+CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...)
+	TODO: check
 CVE-2020-3709
 	RESERVED
 CVE-2020-3708
@@ -15111,35 +15120,25 @@ CVE-2020-2110
 	RESERVED
 CVE-2020-2109
 	RESERVED
-CVE-2020-2108
-	RESERVED
+CVE-2020-2108 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2107
-	RESERVED
+CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwor ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2106
-	RESERVED
+CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the ...)
 	NOT-FOR-US: Jenkins plugin
-CVE-2020-2105
-	RESERVED
+CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earli ...)
 	NOT-FOR-US: Jenkins
-CVE-2020-2104
-	RESERVED
+CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with  ...)
 	NOT-FOR-US: Jenkins
-CVE-2020-2103
-	RESERVED
+CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session ide ...)
 	NOT-FOR-US: Jenkins
-CVE-2020-2102
-	RESERVED
+CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant ...)
 	NOT-FOR-US: Jenkins
-CVE-2020-2101
-	RESERVED
+CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a const ...)
 	NOT-FOR-US: Jenkins
-CVE-2020-2100
-	RESERVED
+CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a ...)
 	NOT-FOR-US: Jenkins
-CVE-2020-2099
-	RESERVED
+CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses e ...)
 	NOT-FOR-US: Jenkins
 CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...)
 	NOT-FOR-US: Jenkins plugin
@@ -20644,8 +20643,8 @@ CVE-2019-18636 (A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum
 	NOT-FOR-US: Jitbit .NET Forum
 CVE-2019-18635 (An issue was discovered in Mooltipass Moolticute through v0.42.1 and v ...)
 	NOT-FOR-US: Mooltipass Moolticute
-CVE-2019-18634
-	RESERVED
+CVE-2019-18634 (In Sudo through 1.8.29, if pwfeedback is enabled in /etc/sudoers, user ...)
+	TODO: check
 CVE-2019-18633 (European Commission eIDAS-Node Integration Package before 2.3.1 has Mi ...)
 	NOT-FOR-US: European Commission eIDAS-Node Integration Package
 CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1 allows ...)
@@ -51740,6 +51739,7 @@ CVE-2019-8847
 	RESERVED
 CVE-2019-8846
 	RESERVED
+	{DSA-4610-1}
 	- webkit2gtk 2.26.3-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -51748,6 +51748,7 @@ CVE-2019-8845
 	RESERVED
 CVE-2019-8844
 	RESERVED
+	{DSA-4610-1}
 	- webkit2gtk 2.26.3-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -51770,6 +51771,7 @@ CVE-2019-8836
 	RESERVED
 CVE-2019-8835
 	RESERVED
+	{DSA-4610-1}
 	- webkit2gtk 2.26.3-1
 	[stretch] - webkit2gtk <ignored> (Not covered by security support in stretch)
 	[jessie] - webkit2gtk <ignored> (Not covered by security support in jessie)
@@ -54658,12 +54660,12 @@ CVE-2019-7658
 	RESERVED
 CVE-2019-7657
 	RESERVED
-CVE-2019-7656
-	RESERVED
-CVE-2019-7655
-	RESERVED
-CVE-2019-7654
-	RESERVED
+CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 a ...)
+	TODO: check
+CVE-2019-7655 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authentic ...)
+	TODO: check
+CVE-2019-7654 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vuln ...)
+	TODO: check
 CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...)
 	NOT-FOR-US: TheHive Project UnshortenLink analyzer
 CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an at ...)
@@ -107161,13 +107163,13 @@ CVE-2018-7716 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalat
 	NOT-FOR-US: PrivateVPN for macOS
 CVE-2018-7715 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation v ...)
 	NOT-FOR-US: PrivateVPN for macOS
-CVE-2018-7714 (The validateInputImageSize function in modules/imgcodecs/src/loadsave. ...)
+CVE-2018-7714 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...)
 	NOTE: Non-issue, needs to be handled within applications using opencv
 	NOTE: https://github.com/opencv/opencv/issues/10998
-CVE-2018-7713 (The validateInputImageSize function in modules/imgcodecs/src/loadsave. ...)
+CVE-2018-7713 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...)
 	NOTE: Non-issue, needs to be handled within applications using opencv
 	NOTE: https://github.com/opencv/opencv/issues/10998
-CVE-2018-7712 (The validateInputImageSize function in modules/imgcodecs/src/loadsave. ...)
+CVE-2018-7712 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...)
 	NOTE: Non-issue, needs to be handled within applications using opencv
 	NOTE: https://github.com/opencv/opencv/issues/10998
 CVE-2018-7710
@@ -273220,8 +273222,8 @@ CVE-2013-3217
 	RESERVED
 CVE-2013-3216
 	RESERVED
-CVE-2013-3215
-	RESERVED
+CVE-2013-3215 (vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerab ...)
+	TODO: check
 CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerabilit ...)
 	TODO: check
 CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4 ...)
@@ -274756,23 +274758,22 @@ CVE-2013-2576 (Buffer overflow in Artweaver before 3.1.6 allows remote attackers
 	NOT-FOR-US: Artweaver
 CVE-2013-2575
 	RESERVED
-CVE-2013-2574
-	RESERVED
+CVE-2013-2574 (An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insuf ...)
 	NOT-FOR-US: Foscam
-CVE-2013-2573
-	RESERVED
-CVE-2013-2572
-	RESERVED
+CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to the /c ...)
+	TODO: check
+CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 313 ...)
+	TODO: check
 CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...)
 	TODO: check
-CVE-2013-2570
-	RESERVED
-CVE-2013-2569
-	RESERVED
-CVE-2013-2568
-	RESERVED
-CVE-2013-2567
-	RESERVED
+CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...)
+	TODO: check
+CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6 ...)
+	TODO: check
+CVE-2013-2568 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...)
+	TODO: check
+CVE-2013-2567 (An Authentication Bypass vulnerability exists in the web interface in  ...)
+	TODO: check
 CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has m ...)
 	NOTE: Generic protocol flaw in RC4
 CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the Linux  ...)
@@ -282376,8 +282377,7 @@ CVE-2013-0163 (OpenShift haproxy cartridge: predictable /tmp in set-proxy connec
 CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser  ...)
 	- ruby-parser 2.3.1-2 (bug #701637)
 	NOTE: http://www.openwall.com/lists/oss-security/2013/02/22/5
-CVE-2013-0161
-	RESERVED
+CVE-2013-0161 (Havalite CMS 1.1.7 has a stored XSS vulnerability ...)
 	NOT-FOR-US: Havalite CMS
 CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive  ...)
 	{DSA-2669-1}
@@ -284179,8 +284179,8 @@ CVE-2012-5778
 	RESERVED
 CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the te ...)
 	NOT-FOR-US: EmpireCMS
-CVE-2012-5776
-	RESERVED
+CVE-2012-5776 (Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in  ...)
+	TODO: check
 CVE-2012-5775
 	REJECTED
 CVE-2012-5774
@@ -288113,8 +288113,7 @@ CVE-2012-4385 (letodms 3.3.6 has CSRF via change password ...)
 	- letodms 3.3.7+dfsg-1 (bug #689664)
 CVE-2012-4384 (letodms has multiple XSS issues: Reflected XSS in Login Page, Stored X ...)
 	- letodms 3.3.7+dfsg-1 (bug #689664)
-CVE-2012-4383
-	RESERVED
+CVE-2012-4383 (contao prior to 2.11.4 has a sql injection vulnerability ...)
 	NOT-FOR-US: Contao
 CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly pr ...)
 	- mediawiki 1:1.19.2-1 (bug #686330)
author	security tracker role <sectracker@soriano.debian.org>	2020-01-29 20:10:27 +0000
committer	security tracker role <sectracker@soriano.debian.org>	2020-01-29 20:10:27 +0000
commit	4ee7200e1e815ef6f483fc75056aab7885b4bbc1 (patch)
tree	cdd66542a2e679f2eaffd95f4431b9d99267db7c /data
parent	799a0d36d305130984f3c5a800ce1a7f60b5ea09 (diff)