From 03443fa7bd1c56d39bcda21139fa8276b23848ee Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 30 Jan 2020 20:11:31 +0000 Subject: automatic update --- data/CVE/list | 196 ++++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 142 insertions(+), 54 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index dd2ad17e99..377f928e51 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,91 @@ +CVE-2020-8492 (Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 ...) + TODO: check +CVE-2020-8491 + RESERVED +CVE-2020-8490 + RESERVED +CVE-2020-8489 + RESERVED +CVE-2020-8488 + RESERVED +CVE-2020-8487 + RESERVED +CVE-2020-8486 + RESERVED +CVE-2020-8485 + RESERVED +CVE-2020-8484 + RESERVED +CVE-2020-8483 + RESERVED +CVE-2020-8482 + RESERVED +CVE-2020-8481 + RESERVED +CVE-2020-8480 + RESERVED +CVE-2020-8479 + RESERVED +CVE-2020-8478 + RESERVED +CVE-2020-8477 + RESERVED +CVE-2020-8476 + RESERVED +CVE-2020-8475 + RESERVED +CVE-2020-8474 + RESERVED +CVE-2020-8473 + RESERVED +CVE-2020-8472 + RESERVED +CVE-2020-8471 + RESERVED +CVE-2020-8470 + RESERVED +CVE-2020-8469 + RESERVED +CVE-2020-8468 + RESERVED +CVE-2020-8467 + RESERVED +CVE-2020-8466 + RESERVED +CVE-2020-8465 + RESERVED +CVE-2020-8464 + RESERVED +CVE-2020-8463 + RESERVED +CVE-2020-8462 + RESERVED +CVE-2020-8461 + RESERVED +CVE-2020-8460 + RESERVED +CVE-2020-8459 + RESERVED +CVE-2020-8458 + RESERVED +CVE-2020-8457 + RESERVED +CVE-2020-8456 + RESERVED +CVE-2020-8455 + RESERVED +CVE-2020-8454 + RESERVED +CVE-2020-8453 + RESERVED +CVE-2020-8452 + RESERVED +CVE-2020-8451 + RESERVED +CVE-2020-8450 + RESERVED +CVE-2020-8449 + RESERVED CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) - ossec-hids (bug #361954) CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) @@ -1189,26 +1277,26 @@ CVE-2020-7915 (An issue was discovered on Eaton 5P 850 devices. The Ubicacion SA NOT-FOR-US: Eaton devices CVE-2020-7914 RESERVED -CVE-2020-7913 - RESERVED -CVE-2020-7912 - RESERVED -CVE-2020-7911 - RESERVED -CVE-2020-7910 - RESERVED -CVE-2020-7909 - RESERVED -CVE-2020-7908 - RESERVED +CVE-2020-7913 (JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS vi ...) + TODO: check +CVE-2020-7912 (In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could ...) + TODO: check +CVE-2020-7911 (In JetBrains TeamCity before 2019.2, several user-level pages were vul ...) + TODO: check +CVE-2020-7910 (JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack ...) + TODO: check +CVE-2020-7909 (In JetBrains TeamCity before 2019.1.5, some server-stored passwords co ...) + TODO: check +CVE-2020-7908 (In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible ...) + TODO: check CVE-2020-7907 RESERVED -CVE-2020-7906 - RESERVED -CVE-2020-7905 - RESERVED -CVE-2020-7904 - RESERVED +CVE-2020-7906 (In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there wer ...) + TODO: check +CVE-2020-7905 (Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were expose ...) + TODO: check +CVE-2020-7904 (In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were ...) + TODO: check CVE-2019-20399 (A timing vulnerability in the Scalar::check_overflow function in Parit ...) NOT-FOR-US: libsecp256k1-rs (Rust Implementation of secp256k1) CVE-2019-20398 (A NULL pointer dereference is present in libyang before v1.0-r3 in the ...) @@ -2125,6 +2213,7 @@ CVE-2019-20388 (xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlS [jessie] - libxml2 (Minor issue) NOTE: Proposed merge request: https://gitlab.gnome.org/GNOME/libxml2/merge_requests/68 CVE-2019-20387 (repodata_schema2id in repodata.c in libsolv before 0.7.6 has a heap-ba ...) + {DLA-2088-1} - libsolv 0.6.36-2 (bug #949611) [buster] - libsolv (Minor issue) [stretch] - libsolv (Minor issue) @@ -6898,8 +6987,8 @@ CVE-2020-5235 RESERVED CVE-2020-5234 RESERVED -CVE-2020-5233 - RESERVED +CVE-2020-5233 (OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentica ...) + TODO: check CVE-2020-5232 RESERVED CVE-2020-5231 @@ -10214,8 +10303,8 @@ CVE-2019-20052 (A memory leak was discovered in Mat_VarCalloc in mat.c in matio CVE-2019-20051 (A floating-point exception was discovered in PackLinuxElf::elf_hash in ...) - upx-ucl (unimportant) NOTE: https://github.com/upx/upx/issues/313 -CVE-2019-20050 - RESERVED +CVE-2019-20050 (Pandora FMS ≤ 7.42 suffers from a remote code execution vulnerab ...) + TODO: check CVE-2019-20054 (In the Linux kernel before 5.0.6, there is a NULL pointer dereference ...) - linux 5.2.6-1 [buster] - linux 4.19.67-1 @@ -15769,13 +15858,11 @@ CVE-2020-1933 (A XSS vulnerability was found in Apache NiFi 1.0.0 to 1.10.0. Mal NOT-FOR-US: Apache NiFi CVE-2020-1932 (An information disclosure issue was found in Apache Superset 0.34.0, 0 ...) NOT-FOR-US: Apache Superset -CVE-2020-1931 - RESERVED +CVE-2020-1931 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/2 -CVE-2020-1930 - RESERVED +CVE-2020-1930 (A command execution issue was found in Apache SpamAssassin prior to 3. ...) - spamassassin 3.4.4~rc1-1 (bug #950258) NOTE: https://svn.apache.org/repos/asf/spamassassin/branches/3.4/build/announcements/3.4.4.txt NOTE: https://www.openwall.com/lists/oss-security/2020/01/30/3 @@ -17025,7 +17112,7 @@ CVE-2019-19236 RESERVED CVE-2019-19235 (AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 (for Windows 10 note ...) NOT-FOR-US: ASUS -CVE-2019-19234 (In Sudo through 1.8.29, the fact that a user has been blocked (e.g., b ...) +CVE-2019-19234 (** DISPUTED ** In Sudo through 1.8.29, the fact that a user has been b ...) - sudo (bug #947225) [buster] - sudo (Minor issue) [stretch] - sudo (Minor issue) @@ -17033,7 +17120,7 @@ CVE-2019-19234 (In Sudo through 1.8.29, the fact that a user has been blocked (e NOTE: https://www.sudo.ws/devel.html#1.8.30b2 CVE-2019-19233 RESERVED -CVE-2019-19232 (In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer ...) +CVE-2019-19232 (** DISPUTED ** In Sudo through 1.8.29, an attacker with access to a Ru ...) - sudo (bug #947225) [buster] - sudo (Minor issue) [stretch] - sudo (Minor issue) @@ -18178,6 +18265,7 @@ CVE-2019-18793 (Parallels Plesk Panel 9.5 allows XSS in target/locales/tr-TR/hel CVE-2017-18639 (Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : ...) NOT-FOR-US: Progress Sitefinity CMS CVE-2019-18792 (An issue was discovered in Suricata 5.0.0. It is possible to bypass/ev ...) + {DLA-2087-1} - suricata NOTE: https://github.com/OISF/suricata/commit/1c63d3905852f746ccde7e2585600b2199cefb4b (master-4.1.x) NOTE: https://github.com/OISF/suricata/commit/fa692df37a796c3330c81988d15ef1a219afc006 (suricata-5.0.1) @@ -20737,6 +20825,7 @@ CVE-2018-21029 (** DISPUTED ** systemd 239 through 244 accepts any certificate s [jessie] - systemd (Only affected v243) NOTE: https://github.com/systemd/systemd/issues/9397 CVE-2019-18625 (An issue was discovered in Suricata 5.0.0. It was possible to bypass/e ...) + {DLA-2087-1} - suricata NOTE: https://github.com/OISF/suricata/commit/9f0294fadca3dcc18c919424242a41e01f3e8318 (suricata-5.0.1) NOTE: https://github.com/OISF/suricata/commit/ea0659de7640cf6a51de5bbd1dbbb0414e4623a0 (master-4.1.x) @@ -25223,8 +25312,8 @@ CVE-2019-17275 RESERVED CVE-2019-17274 RESERVED -CVE-2019-17273 - RESERVED +CVE-2019-17273 (E-Series SANtricity OS Controller Software version 11.60.0 is suscepti ...) + TODO: check CVE-2019-17272 (All versions of ONTAP Select Deploy administration utility are suscept ...) NOT-FOR-US: ONTAP CVE-2019-17271 (vBulletin 5.5.4 allows SQL Injection via the ajax/api/hook/getHookList ...) @@ -252464,8 +252553,8 @@ CVE-2014-3721 RESERVED CVE-2014-3720 RESERVED -CVE-2014-3718 - RESERVED +CVE-2014-3718 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.c ...) + TODO: check CVE-2014-3713 RESERVED CVE-2014-3712 (Katello allows remote attackers to cause a denial of service (memory c ...) @@ -253532,8 +253621,7 @@ CVE-2014-3775 (libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pi [squeeze] - libgadu (Vulnerable code not present) CVE-2014-3749 (SQL injection vulnerability in Construtiva CIS Manager allows remote a ...) NOT-FOR-US: Construtiva CIS Manager CMS -CVE-2014-3719 - RESERVED +CVE-2014-3719 (Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex L ...) NOT-FOR-US: ALEPH500 Integrated library management system CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for 64-bit ARM g ...) - xen (Only ARM systems are affected from Xen 4.4 onwards) @@ -277088,10 +277176,10 @@ CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and [squeeze] - vlc (Unsupported in squeeze-lts) NOTE: http://www.videolan.org/security/sa1301.html NOTE: The freetype issue is a harmless NULL deref and won't be fixed -CVE-2013-1867 - RESERVED -CVE-2013-1866 - RESERVED +CVE-2013-1867 (Gemalto Tokend 2013 has an Arbitrary File Creation/Overwrite Vulnerabi ...) + TODO: check +CVE-2013-1866 (OpenSC OpenSC.tokend has an Arbitrary File Creation/Overwrite Vulnerab ...) + TODO: check CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform revocatio ...) - keystone (only affects folsom) NOTE: fixed in experimental with keystone/2012.2.3-2 @@ -278074,8 +278162,8 @@ CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packa NOTE: Lack of a security feature, not a vulnerability CVE-2013-1632 RESERVED -CVE-2013-1631 - RESERVED +CVE-2013-1631 (Verax NMS prior to 2.1.0 leaks connection details when any user execut ...) + TODO: check CVE-2013-1630 (pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repos ...) NOT-FOR-US: pyshop CVE-2013-1629 (pip before 1.3 uses HTTP to retrieve packages from the PyPI repository ...) @@ -278966,12 +279054,12 @@ CVE-2013-1354 RESERVED CVE-2013-1353 RESERVED -CVE-2013-1352 - RESERVED -CVE-2013-1351 - RESERVED -CVE-2013-1350 - RESERVED +CVE-2013-1352 (Verax NMS prior to 2.1.0 uses an encryption key that is hardcoded in a ...) + TODO: check +CVE-2013-1351 (Verax NMS prior to 2.10 allows authentication via the encrypted passwo ...) + TODO: check +CVE-2013-1350 (Verax NMS prior to 2.1.0 has multiple security bypass vulnerabilities ...) + TODO: check CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 al ...) NOT-FOR-US: openSIS CVE-2013-1348 (The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attacke ...) @@ -280645,10 +280733,10 @@ CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in Perc NOT-FOR-US: Percipient Studios ImageGen CVE-2013-0740 (Open redirect vulnerability in Dell OpenManage Server Administrator (O ...) NOT-FOR-US: Dell OpenManage Server Administrator -CVE-2013-0739 - RESERVED -CVE-2013-0738 - RESERVED +CVE-2013-0739 (Chamilo 1.9.4 has XSS due to improper validation of user-supplied inpu ...) + TODO: check +CVE-2013-0738 (Chamilo 1.9.4 has Multiple XSS and HTML Injection Vulnerabilities: blo ...) + TODO: check CVE-2013-0737 (Cross-site scripting (XSS) vulnerability in BoltWire 3.5 and earlier a ...) NOT-FOR-US: BoltWire CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Ming ...) @@ -280673,8 +280761,8 @@ CVE-2013-0727 (Multiple untrusted search path vulnerabilities in Global Mapper 1 NOT-FOR-US: Global Mapper CVE-2013-0726 (Stack-based buffer overflow in the ERM_convert_to_correct_webpath func ...) NOT-FOR-US: ERDAS ER Viewer -CVE-2013-0725 - RESERVED +CVE-2013-0725 (ERDAS ER Viewer 13.0 has dwmapi.dll and irml.dll libraries arbitrary c ...) + TODO: check CVE-2013-0724 (PHP remote file inclusion vulnerability in includes/generate-pdf.php i ...) NOT-FOR-US: Wordpress plugin ecommerce Shop Styling CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft Spreadsh ...) @@ -282018,8 +282106,8 @@ CVE-2013-0293 (oVirt Node: Lock screen accepts F2 to drop to shell causing privi CVE-2013-0292 (The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib b ...) - dbus-glib 0.100.1-1 (bug #700638; high) [squeeze] - dbus-glib 0.88-2.1+squeeze1 -CVE-2013-0291 - RESERVED +CVE-2013-0291 (NextGEN Gallery Plugin for WordPress 1.9.10 and 1.9.11 has a Path Disc ...) + TODO: check CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux k ...) - linux (Introduced in 3.4, fixed in 3.8) - linux-2.6 (Introduced in 3.4) -- cgit v1.2.3