From d5152cb34cd67353898260bcd76bfaa1631d589f Mon Sep 17 00:00:00 2001 From: security tracker role Date: Thu, 30 Jan 2020 08:10:18 +0000 Subject: automatic update --- data/CVE/list | 72 ++++++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 56 insertions(+), 16 deletions(-) diff --git a/data/CVE/list b/data/CVE/list index 0063426a28..817bb817c2 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,39 @@ +CVE-2020-8448 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + TODO: check +CVE-2020-8447 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + TODO: check +CVE-2020-8446 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + TODO: check +CVE-2020-8445 (In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-ana ...) + TODO: check +CVE-2020-8444 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + TODO: check +CVE-2020-8443 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + TODO: check +CVE-2020-8442 (In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for ...) + TODO: check +CVE-2020-8441 + RESERVED +CVE-2020-8440 + RESERVED +CVE-2020-8439 + RESERVED +CVE-2020-8438 (Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated att ...) + TODO: check +CVE-2020-8437 + RESERVED +CVE-2020-8436 + RESERVED +CVE-2020-8435 + RESERVED +CVE-2020-8434 + RESERVED +CVE-2020-8433 + RESERVED +CVE-2019-20445 (HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length ...) + TODO: check +CVE-2019-20444 (HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header th ...) + TODO: check CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...) - u-boot (low) [buster] - u-boot (Minor issue) @@ -10425,6 +10461,7 @@ CVE-2019-19955 CVE-2019-19954 (Signal Desktop before 1.29.1 on Windows allows local users to gain pri ...) - signal-desktop (bug #842943) CVE-2019-19953 (In GraphicsMagick 1.4 snapshot-20191208 Q8, there is a heap-based buff ...) + {DLA-2084-1} - graphicsmagick 1.4+really1.3.34-1 (bug #947311) NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/28f8bacd4bbf NOTE: https://sourceforge.net/p/graphicsmagick/bugs/617/ @@ -10437,10 +10474,12 @@ CVE-2019-19952 (In ImageMagick 7.0.9-7 Q16, there is a use-after-free in the fun NOTE: https://github.com/ImageMagick/ImageMagick/commit/916d7bbd2c66a286d379dbd94bc6035c8fab937c (7.x) NOTE: https://github.com/ImageMagick/ImageMagick6/commit/7ef923841437bb57bd9b55fc0bf40ddc99b93c2b (6.x) CVE-2019-19951 (In GraphicsMagick 1.4 snapshot-20190423 Q8, there is a heap-based buff ...) + {DLA-2084-1} - graphicsmagick 1.4~hg16039-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/bc99af93614d NOTE: https://sourceforge.net/p/graphicsmagick/bugs/608/ CVE-2019-19950 (In GraphicsMagick 1.4 snapshot-20190403 Q8, there is a use-after-free ...) + {DLA-2084-1} - graphicsmagick 1.4~hg16039-1 NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ab7f6c20b4 NOTE: https://sourceforge.net/p/graphicsmagick/bugs/603/ @@ -12545,8 +12584,8 @@ CVE-2020-3149 RESERVED CVE-2020-3148 RESERVED -CVE-2020-3147 - RESERVED +CVE-2020-3147 (A vulnerability in the web UI of Cisco Small Business Switches could a ...) + TODO: check CVE-2020-3146 RESERVED CVE-2020-3145 @@ -45338,8 +45377,8 @@ CVE-2019-10785 RESERVED CVE-2019-10784 RESERVED -CVE-2019-10783 - RESERVED +CVE-2019-10783 (All versions including 0.0.4 of lsof npm module are vulnerable to Comm ...) + TODO: check CVE-2019-10782 RESERVED CVE-2019-10781 (In schema-inspector before 1.6.9, a maliciously crafted JavaScript obj ...) @@ -174112,7 +174151,7 @@ CVE-2016-9845 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulat - qemu-kvm (Vulnerable code not present) NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ...) - {DLA-1725-1} + {DLA-2085-1 DLA-1725-1} - zlib 1:1.2.8.dfsg-3 (bug #847275) [wheezy] - zlib (Minor issue) - rsync 3.1.3-6 (bug #924509) @@ -174120,7 +174159,7 @@ CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow conte NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811 NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ...) - {DLA-1725-1} + {DLA-2085-1 DLA-1725-1} - zlib 1:1.2.8.dfsg-3 (bug #847274) [wheezy] - zlib (Minor issue) - rsync 3.1.3-6 (bug #924509) @@ -174128,7 +174167,7 @@ CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow c NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958 NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to hav ...) - {DLA-1725-1} + {DLA-2085-1 DLA-1725-1} - zlib 1:1.2.8.dfsg-4 (bug #847270) [wheezy] - zlib (Minor issue) - rsync 3.1.3-6 (bug #924509) @@ -174136,7 +174175,7 @@ CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers t NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ha ...) - {DLA-1725-1} + {DLA-2085-1 DLA-1725-1} - zlib 1:1.2.8.dfsg-3 (bug #847270) [wheezy] - zlib (Minor issue) - rsync 3.1.3-6 (bug #924509) @@ -188907,6 +188946,7 @@ CVE-2016-7092 (The get_page_from_l3e function in arch/x86/mm.c in Xen allows loc CVE-2016-7090 (The integrated web server on Siemens SCALANCE M-800 and S615 modules w ...) NOT-FOR-US: Siemens CVE-2016-7098 (Race condition in wget 1.17 and earlier, when used in recursive or mir ...) + {DLA-2086-1} - wget 1.18-4 (low; bug #836503) [wheezy] - wget (Minor issue) NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d @@ -272984,18 +273024,18 @@ CVE-2013-3323 RESERVED CVE-2013-3322 RESERVED -CVE-2013-3321 - RESERVED -CVE-2013-3320 - RESERVED +CVE-2013-3321 (NetApp OnCommand System Manager 2.1 and earlier allows remote attacker ...) + TODO: check +CVE-2013-3320 (Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Ma ...) + TODO: check CVE-2013-3319 (The GetComputerSystem method in the HostControl service in SAP Netweav ...) NOT-FOR-US: SAP Netweaver CVE-2013-3318 REJECTED -CVE-2013-3317 - RESERVED -CVE-2013-3316 - RESERVED +CVE-2013-3317 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...) + TODO: check +CVE-2013-3316 (Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentica ...) + TODO: check CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly verify acces ...) NOT-FOR-US: TIBCO CVE-2013-3314 (The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) I ...) -- cgit v1.2.3