From 4ee7200e1e815ef6f483fc75056aab7885b4bbc1 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 29 Jan 2020 20:10:27 +0000 Subject: automatic update --- data/CVE/list | 169 +++++++++++++++++++++++++++++----------------------------- 1 file changed, 84 insertions(+), 85 deletions(-) (limited to 'data') diff --git a/data/CVE/list b/data/CVE/list index a3d42049ed..cb793175c7 100644 --- a/data/CVE/list +++ b/data/CVE/list @@ -1,3 +1,11 @@ +CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...) + TODO: check +CVE-2020-8431 + RESERVED +CVE-2020-8430 + RESERVED +CVE-2020-8429 + RESERVED CVE-2020-8427 RESERVED CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...) @@ -20,8 +28,8 @@ CVE-2020-8418 RESERVED CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) NOT-FOR-US: Code Snippets plugin for WordPress -CVE-2020-8416 - RESERVED +CVE-2020-8416 (BearFTP before 0.2.0 allows remote attackers to achieve denial of serv ...) + TODO: check CVE-2020-8415 RESERVED CVE-2020-8414 @@ -672,10 +680,10 @@ CVE-2020-8095 RESERVED CVE-2020-8094 RESERVED -CVE-2020-8093 - RESERVED -CVE-2020-8092 - RESERVED +CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...) + TODO: check +CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...) + TODO: check CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...) NOT-FOR-US: TYPO3 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) @@ -986,8 +994,8 @@ CVE-2020-7967 RESERVED CVE-2020-7966 RESERVED -CVE-2020-7965 - RESERVED +CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...) + TODO: check CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect ...) NOT-FOR-US: Mirumee Saleor CVE-2020-7963 @@ -2520,8 +2528,8 @@ CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field NOT-FOR-US: SMC D3G0804W devices CVE-2020-7248 RESERVED -CVE-2020-7247 [LPE and RCE in OpenSMTPD] - RESERVED +CVE-2020-7247 (smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6 ...) + {DSA-4611-1} - opensmtpd 6.6.2p1-1 NOTE: https://www.openwall.com/lists/oss-security/2020/01/28/3 NOTE: Fixed by: https://github.com/OpenSMTPD/OpenSMTPD/commit/2afab2297347342f81fa31a75bbbf7dbee614fda @@ -2839,6 +2847,7 @@ CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_i NOTE: https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464 NOTE: https://github.com/Cacti/cacti/commit/b1c70e19466a6e69284e24cde437b55ccc454bee CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...) + {DLA-2083-1} - hiredis 0.14.0-5 (bug #949995) NOTE: https://github.com/redis/hiredis/pull/754 NOTE: https://github.com/redis/hiredis/pull/756 @@ -11018,8 +11027,8 @@ CVE-2020-3760 RESERVED CVE-2020-3759 RESERVED -CVE-2020-3758 - RESERVED +CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check CVE-2020-3757 RESERVED CVE-2020-3756 @@ -11096,26 +11105,26 @@ CVE-2020-3721 RESERVED CVE-2020-3720 RESERVED -CVE-2020-3719 - RESERVED -CVE-2020-3718 - RESERVED -CVE-2020-3717 - RESERVED -CVE-2020-3716 - RESERVED -CVE-2020-3715 - RESERVED -CVE-2020-3714 - RESERVED -CVE-2020-3713 - RESERVED -CVE-2020-3712 - RESERVED -CVE-2020-3711 - RESERVED -CVE-2020-3710 - RESERVED +CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check +CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check +CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check +CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check +CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check +CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) + TODO: check +CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) + TODO: check +CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) + TODO: check +CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) + TODO: check +CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) + TODO: check CVE-2020-3709 RESERVED CVE-2020-3708 @@ -15111,35 +15120,25 @@ CVE-2020-2110 RESERVED CVE-2020-2109 RESERVED -CVE-2020-2108 - RESERVED +CVE-2020-2108 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2107 - RESERVED +CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwor ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2106 - RESERVED +CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2105 - RESERVED +CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earli ...) NOT-FOR-US: Jenkins -CVE-2020-2104 - RESERVED +CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with ...) NOT-FOR-US: Jenkins -CVE-2020-2103 - RESERVED +CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session ide ...) NOT-FOR-US: Jenkins -CVE-2020-2102 - RESERVED +CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant ...) NOT-FOR-US: Jenkins -CVE-2020-2101 - RESERVED +CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a const ...) NOT-FOR-US: Jenkins -CVE-2020-2100 - RESERVED +CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a ...) NOT-FOR-US: Jenkins -CVE-2020-2099 - RESERVED +CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses e ...) NOT-FOR-US: Jenkins CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...) NOT-FOR-US: Jenkins plugin @@ -20644,8 +20643,8 @@ CVE-2019-18636 (A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum NOT-FOR-US: Jitbit .NET Forum CVE-2019-18635 (An issue was discovered in Mooltipass Moolticute through v0.42.1 and v ...) NOT-FOR-US: Mooltipass Moolticute -CVE-2019-18634 - RESERVED +CVE-2019-18634 (In Sudo through 1.8.29, if pwfeedback is enabled in /etc/sudoers, user ...) + TODO: check CVE-2019-18633 (European Commission eIDAS-Node Integration Package before 2.3.1 has Mi ...) NOT-FOR-US: European Commission eIDAS-Node Integration Package CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1 allows ...) @@ -51740,6 +51739,7 @@ CVE-2019-8847 RESERVED CVE-2019-8846 RESERVED + {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) @@ -51748,6 +51748,7 @@ CVE-2019-8845 RESERVED CVE-2019-8844 RESERVED + {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) @@ -51770,6 +51771,7 @@ CVE-2019-8836 RESERVED CVE-2019-8835 RESERVED + {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) @@ -54658,12 +54660,12 @@ CVE-2019-7658 RESERVED CVE-2019-7657 RESERVED -CVE-2019-7656 - RESERVED -CVE-2019-7655 - RESERVED -CVE-2019-7654 - RESERVED +CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 a ...) + TODO: check +CVE-2019-7655 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authentic ...) + TODO: check +CVE-2019-7654 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vuln ...) + TODO: check CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...) NOT-FOR-US: TheHive Project UnshortenLink analyzer CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an at ...) @@ -107161,13 +107163,13 @@ CVE-2018-7716 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalat NOT-FOR-US: PrivateVPN for macOS CVE-2018-7715 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation v ...) NOT-FOR-US: PrivateVPN for macOS -CVE-2018-7714 (The validateInputImageSize function in modules/imgcodecs/src/loadsave. ...) +CVE-2018-7714 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...) NOTE: Non-issue, needs to be handled within applications using opencv NOTE: https://github.com/opencv/opencv/issues/10998 -CVE-2018-7713 (The validateInputImageSize function in modules/imgcodecs/src/loadsave. ...) +CVE-2018-7713 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...) NOTE: Non-issue, needs to be handled within applications using opencv NOTE: https://github.com/opencv/opencv/issues/10998 -CVE-2018-7712 (The validateInputImageSize function in modules/imgcodecs/src/loadsave. ...) +CVE-2018-7712 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...) NOTE: Non-issue, needs to be handled within applications using opencv NOTE: https://github.com/opencv/opencv/issues/10998 CVE-2018-7710 @@ -273220,8 +273222,8 @@ CVE-2013-3217 RESERVED CVE-2013-3216 RESERVED -CVE-2013-3215 - RESERVED +CVE-2013-3215 (vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerab ...) + TODO: check CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerabilit ...) TODO: check CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4 ...) @@ -274756,23 +274758,22 @@ CVE-2013-2576 (Buffer overflow in Artweaver before 3.1.6 allows remote attackers NOT-FOR-US: Artweaver CVE-2013-2575 RESERVED -CVE-2013-2574 - RESERVED +CVE-2013-2574 (An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insuf ...) NOT-FOR-US: Foscam -CVE-2013-2573 - RESERVED -CVE-2013-2572 - RESERVED +CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to the /c ...) + TODO: check +CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 313 ...) + TODO: check CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...) TODO: check -CVE-2013-2570 - RESERVED -CVE-2013-2569 - RESERVED -CVE-2013-2568 - RESERVED -CVE-2013-2567 - RESERVED +CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...) + TODO: check +CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6 ...) + TODO: check +CVE-2013-2568 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...) + TODO: check +CVE-2013-2567 (An Authentication Bypass vulnerability exists in the web interface in ...) + TODO: check CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has m ...) NOTE: Generic protocol flaw in RC4 CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the Linux ...) @@ -282376,8 +282377,7 @@ CVE-2013-0163 (OpenShift haproxy cartridge: predictable /tmp in set-proxy connec CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser ...) - ruby-parser 2.3.1-2 (bug #701637) NOTE: http://www.openwall.com/lists/oss-security/2013/02/22/5 -CVE-2013-0161 - RESERVED +CVE-2013-0161 (Havalite CMS 1.1.7 has a stored XSS vulnerability ...) NOT-FOR-US: Havalite CMS CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive ...) {DSA-2669-1} @@ -284179,8 +284179,8 @@ CVE-2012-5778 RESERVED CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the te ...) NOT-FOR-US: EmpireCMS -CVE-2012-5776 - RESERVED +CVE-2012-5776 (Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in ...) + TODO: check CVE-2012-5775 REJECTED CVE-2012-5774 @@ -288113,8 +288113,7 @@ CVE-2012-4385 (letodms 3.3.6 has CSRF via change password ...) - letodms 3.3.7+dfsg-1 (bug #689664) CVE-2012-4384 (letodms has multiple XSS issues: Reflected XSS in Login Page, Stored X ...) - letodms 3.3.7+dfsg-1 (bug #689664) -CVE-2012-4383 - RESERVED +CVE-2012-4383 (contao prior to 2.11.4 has a sql injection vulnerability ...) NOT-FOR-US: Contao CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly pr ...) - mediawiki 1:1.19.2-1 (bug #686330) -- cgit v1.2.3