diff options
author | security tracker role <sectracker@soriano.debian.org> | 2020-01-27 20:10:29 +0000 |
---|---|---|
committer | security tracker role <sectracker@soriano.debian.org> | 2020-01-27 20:10:29 +0000 |
commit | a59703149cf62526da91796c2586921ba0e21bdc (patch) | |
tree | 3a885ddc452b3d0deab785e6c5192dfa4b70e15b | |
parent | 184c6ad7af56619ece4e911182c12dfb24431fe1 (diff) |
automatic update
-rw-r--r-- | data/CVE/list.2006 | 3 | ||||
-rw-r--r-- | data/CVE/list.2011 | 3 | ||||
-rw-r--r-- | data/CVE/list.2012 | 8 | ||||
-rw-r--r-- | data/CVE/list.2013 | 38 | ||||
-rw-r--r-- | data/CVE/list.2014 | 41 | ||||
-rw-r--r-- | data/CVE/list.2015 | 24 | ||||
-rw-r--r-- | data/CVE/list.2017 | 10 | ||||
-rw-r--r-- | data/CVE/list.2018 | 12 | ||||
-rw-r--r-- | data/CVE/list.2019 | 92 | ||||
-rw-r--r-- | data/CVE/list.2020 | 198 |
10 files changed, 291 insertions, 138 deletions
diff --git a/data/CVE/list.2006 b/data/CVE/list.2006 index 5dfaf300b1..4f4710966f 100644 --- a/data/CVE/list.2006 +++ b/data/CVE/list.2006 @@ -17,8 +17,7 @@ CVE-2006-7248 REJECTED CVE-2006-7247 (SQL injection vulnerability in the Weblinks (com_weblinks) component f ...) NOT-FOR-US: Joomla! -CVE-2006-7246 - RESERVED +CVE-2006-7246 (NetworkManager 0.9.x does not pin a certificate's subject to an ESSID ...) - wpasupplicant 0.7.3-1 [squeeze] - wpasupplicant <no-dsa> (Minor issue) - network-manager 0.9.4.0-1 diff --git a/data/CVE/list.2011 b/data/CVE/list.2011 index a27227c6e9..01f5a2f054 100644 --- a/data/CVE/list.2011 +++ b/data/CVE/list.2011 @@ -1796,8 +1796,7 @@ CVE-2011-4560 (Cross-site scripting (XSS) vulnerability in the Petition Node mod NOT-FOR-US: Petition node module for Drupal CVE-2011-4559 (SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 ...) NOT-FOR-US: vTiger -CVE-2011-4558 - RESERVED +CVE-2011-4558 (Tiki 8.2 and earlier allows remote administrators to execute arbitrary ...) - tikiwiki <removed> NOTE: http://dev.tiki.org/item4059 NOTE: http://info.tiki.org/article185-Tiki-Security-Patches-Available-for-8-3-and-6-6-LTS diff --git a/data/CVE/list.2012 b/data/CVE/list.2012 index 77a6b283ce..0b037010e2 100644 --- a/data/CVE/list.2012 +++ b/data/CVE/list.2012 @@ -12902,10 +12902,10 @@ CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Web CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before 5.0 ...) {DSA-2423-1} - movabletype-opensource 5.1.3+dfsg-1 -CVE-2012-1496 - RESERVED -CVE-2012-1495 - RESERVED +CVE-2012-1496 (Local file inclusion in WebCalendar before 1.2.5. ...) + TODO: check +CVE-2012-1495 (install/index.php in WebCalendar before 1.2.5 allows remote attackers ...) + TODO: check CVE-2012-1102 [XML::Atom Perl module XML entity expansion] RESERVED {DSA-2424-1} diff --git a/data/CVE/list.2013 b/data/CVE/list.2013 index 3200c68e4d..3c5950e661 100644 --- a/data/CVE/list.2013 +++ b/data/CVE/list.2013 @@ -355,8 +355,8 @@ CVE-2013-7392 (Gitlist allows remote attackers to execute arbitrary commands via - gitlist <itp> (bug #750368) CVE-2013-7391 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using th ...) NOT-FOR-US: Drupal contributed module Entity API -CVE-2013-7390 - RESERVED +CVE-2013-7390 (Unrestricted file upload vulnerability in AgentLogUploadServlet in Man ...) + TODO: check CVE-2013-7389 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 ...) NOT-FOR-US: D-Link router CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (f ...) @@ -3926,8 +3926,8 @@ CVE-2013-6058 (SQL injection vulnerability in appRain CMF 3.0.2 and earlier allo NOT-FOR-US: appRain CMS CVE-2013-6057 RESERVED -CVE-2013-6056 - RESERVED +CVE-2013-6056 (OSSIM before 4.3.3.1 has tele_compress.php path traversal vulnerabilit ...) + TODO: check CVE-2013-6055 REJECTED CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and ...) @@ -4887,8 +4887,8 @@ CVE-2013-5661 (Cache Poisoning issue exists in DNS Response Rate Limiting. ...) NOTE: https://www.isc.org/blogs/cache-poisoning-gets-a-second-wind-from-rrl-probably-not/ CVE-2013-5660 (Buffer overflow in Power Software WinArchiver 3.2 allows remote attack ...) NOT-FOR-US: Power Software WinArchiver -CVE-2013-5659 - RESERVED +CVE-2013-5659 (Wiz 5.0.3 has a user mode write access violation ...) + TODO: check CVE-2013-5658 (AultWare pwStore 2010.8.30.0 has XSS ...) NOT-FOR-US: AultWare pwStore CVE-2013-5657 (AultWare pwStore 2010.8.30.0 has DoS via an empty HTTP request ...) @@ -6931,8 +6931,8 @@ CVE-2013-4772 (D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wire NOT-FOR-US: D-Link CVE-2013-4771 RESERVED -CVE-2013-4770 - RESERVED +CVE-2013-4770 (Cross-site scripting (XSS) vulnerability in Eucalyptus Management Cons ...) + TODO: check CVE-2013-4769 (The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x ...) - eucalyptus <removed> CVE-2013-4768 (The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote att ...) @@ -7857,8 +7857,7 @@ CVE-2013-4464 CVE-2013-4463 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly ...) - nova 2013.2-3 (low; bug #728605) [wheezy] - nova <no-dsa> (Minor issue) -CVE-2013-4462 - RESERVED +CVE-2013-4462 (WordPress Portable phpMyAdmin Plugin has an authentication bypass vuln ...) NOT-FOR-US: WordPress plugin CVE-2013-4461 (SQL injection vulnerability in the web interface for cumin in Red Hat ...) NOT-FOR-US: Cumin @@ -7923,8 +7922,7 @@ CVE-2013-4442 (Password Generator (aka Pwgen) before 2.07 uses weak pseudo gener - pwgen 2.07-1 (unimportant; bug #767008) NOTE: /dev/random is universally available, if an attacker can create an environment NOTE: where it's not available that opens a far bigger can of worms -CVE-2013-4441 [Phonemes mode has heavy bias and is enabled by default] - RESERVED +CVE-2013-4441 (The Phonemes mode in Pwgen 2.06 generates predictable passwords, which ...) - pwgen <unfixed> (unimportant; bug #726578) NOTE: pwgen is documented to generate memorable passwords, so this is by design CVE-2013-4440 (Password Generator (aka Pwgen) before 2.07 generates weak non-tty pass ...) @@ -10519,10 +10517,10 @@ CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4. NOTE: Hardware design flaw, no software solution CVE-2013-3494 RESERVED -CVE-2013-3493 - RESERVED -CVE-2013-3492 - RESERVED +CVE-2013-3493 (XnView 2.03 has an integer overflow vulnerability ...) + TODO: check +CVE-2013-3492 (XnView 2.03 has a stack-based buffer overflow vulnerability ...) + TODO: check CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Shar ...) NOT-FOR-US: WordPress plugin sharebar CVE-2013-3490 @@ -10533,8 +10531,8 @@ CVE-2013-3488 RESERVED CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security lo ...) NOT-FOR-US: BulletProof Security plugin for WordPress -CVE-2013-3486 - RESERVED +CVE-2013-3486 (IrfanView FlashPix Plugin 4.3.4 0 has an Integer Overflow Vulnerabilit ...) + TODO: check CVE-2013-3485 (Multiple untrusted search path vulnerabilities in Soda PDF 5.1.183.105 ...) NOT-FOR-US: Soda PDF CVE-2013-3484 (Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2 ...) @@ -19307,8 +19305,8 @@ CVE-2013-0288 (nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows contex CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SSSD) 1 ...) - sssd <not-affected> (Introduced in 1.9.0) NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12 -CVE-2013-0286 - RESERVED +CVE-2013-0286 (Pinboard 1.0.6 theme for Wordpress has XSS. ...) + TODO: check CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before ...) NOT-FOR-US: nori Ruby gem CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when communic ...) diff --git a/data/CVE/list.2014 b/data/CVE/list.2014 index 2deb1d1a1f..9eaef3e73a 100644 --- a/data/CVE/list.2014 +++ b/data/CVE/list.2014 @@ -3008,8 +3008,7 @@ CVE-2014-9489 (The gollum-grit_adapter Ruby gem dependency in gollum before 3.1. NOT-FOR-US: Gollum wiki CVE-2014-9487 (The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.1 ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions -CVE-2014-9481 - RESERVED +CVE-2014-9481 (The Scribunto extension for MediaWiki allows remote attackers to obtai ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions CVE-2014-9480 (Cross-site scripting (XSS) vulnerability in the Hovercards extension f ...) NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions @@ -4873,10 +4872,10 @@ CVE-2014-8767 (Integer underflow in the olsr_print function in tcpdump 3.9.6 thr {DSA-3086-1 DLA-102-1} - tcpdump 4.6.2-2 (bug #770434) NOTE: http://www.securityfocus.com/archive/1/534011/30/0/threaded -CVE-2014-8742 - RESERVED -CVE-2014-8741 - RESERVED +CVE-2014-8742 (Directory traversal vulnerability in the ReportDownloadServlet servlet ...) + TODO: check +CVE-2014-8741 (Directory traversal vulnerability in the GfdFileUploadServerlet servle ...) + TODO: check CVE-2014-8740 RESERVED CVE-2014-8739 @@ -5337,8 +5336,8 @@ CVE-2014-8564 (The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuT NOTE: https://gitlab.com/gnutls/gnutls/commit/e821e1908686657a45c1b735f6d077b7a8493e2b (3.3.x branch) NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2014-5 NOTE: in experimental fixed in 3.3.10-1 -CVE-2014-8563 - RESERVED +CVE-2014-8563 (Synacor Zimbra Collaboration before 8.0.9 allows plaintext command inj ...) + TODO: check CVE-2014-8560 RESERVED CVE-2014-8558 (JExperts Channel Platform 5.0.33_CCB allows remote authenticated users ...) @@ -6465,8 +6464,7 @@ CVE-2014-8163 (Directory traversal vulnerability in the XMLRPC interface in Red NOT-FOR-US: Red Hat Satellite CVE-2014-8162 (XML external entity (XXE) in the RPC interface in Spacewalk and Red Ha ...) NOT-FOR-US: Red Hat Satellite -CVE-2014-8161 - RESERVED +CVE-2014-8161 (PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9. ...) {DSA-3155-1 DLA-152-1} - postgresql-9.4 9.4.1-1 - postgresql-9.1 9.1.11-2 @@ -8675,12 +8673,12 @@ CVE-2014-7305 RESERVED CVE-2014-7304 RESERVED -CVE-2014-7303 - RESERVED -CVE-2014-7302 - RESERVED -CVE-2014-7301 - RESERVED +CVE-2014-7303 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...) + TODO: check +CVE-2014-7302 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...) + TODO: check +CVE-2014-7301 (SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for cer ...) + TODO: check CVE-2014-7299 (Unspecified vulnerability in administrative interfaces in ArubaOS 6.3. ...) NOT-FOR-US: Aruba ArubaOS CVE-2014-7298 (adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify ...) @@ -12736,8 +12734,8 @@ CVE-2014-5502 (The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA a NOT-FOR-US: Sophos Cyberoam CyberoamOS CVE-2014-5501 (Stack-based buffer overflow in the diagnose service in the Sophos Cybe ...) NOT-FOR-US: Sophos Cyberoam CyberoamOS -CVE-2014-5500 - RESERVED +CVE-2014-5500 (Synacor Zimbra Collaboration before 8.0.8 has XSS. ...) + TODO: check CVE-2014-5499 RESERVED CVE-2014-5498 @@ -16066,8 +16064,8 @@ CVE-2014-4159 (Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplie NOT-FOR-US: SAP Supplier Relationship Management CVE-2014-4158 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...) NOT-FOR-US: Kolibri -CVE-2014-4156 - RESERVED +CVE-2014-4156 (Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerabi ...) + TODO: check CVE-2014-4155 (Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 ...) NOT-FOR-US: ZTE router CVE-2014-4154 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitiv ...) @@ -16487,8 +16485,7 @@ CVE-2014-3982 (include/tests_webservers in Lynis before 1.5.5 on AIX allows loca CVE-2014-3981 (acinclude.m4, as used in the configure script in PHP 5.5.13 and earlie ...) - php5 5.6.0~rc1+dfsg-1 (unimportant) NOTE: Only exploitable during package build -CVE-2014-3979 - RESERVED +CVE-2014-3979 (Bytemark Symbiosis allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Bytemark Symbiosis CVE-2014-3978 (SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote auth ...) NOT-FOR-US: TomatoCart diff --git a/data/CVE/list.2015 b/data/CVE/list.2015 index 32b0252bff..7ab58ff711 100644 --- a/data/CVE/list.2015 +++ b/data/CVE/list.2015 @@ -13901,7 +13901,7 @@ CVE-2015-4711 CVE-2015-4710 RESERVED CVE-2015-4709 - RESERVED + REJECTED CVE-2015-4708 RESERVED CVE-2015-4705 @@ -18310,8 +18310,7 @@ CVE-2015-3156 (The _write_config function in trove/guestagent/datastore/experime NOTE: will be completed during kilo release CVE-2015-3155 (Foreman before 1.8.1 does not set the secure flag for the _session_id ...) - foreman <itp> (bug #663101) -CVE-2015-3154 [Potential CRLF injection attacks in mail and HTTP headers] - RESERVED +CVE-2015-3154 (CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framewor ...) {DSA-3265-1 DLA-251-1} - zendframework 1.12.12+dfsg-1 [jessie] - zendframework 1.12.9+dfsg-2+deb8u1 @@ -20923,8 +20922,8 @@ CVE-2015-2251 (The DeviceManager in Huawei OceanStor UDS devices with software b NOT-FOR-US: Huawei CVE-2015-2250 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 befor ...) NOT-FOR-US: concrete5 -CVE-2015-2249 - RESERVED +CVE-2015-2249 (Zimbra Collaboration before 8.6.0 patch5 has XSS. ...) + TODO: check CVE-2015-2248 (Cross-site request forgery (CSRF) vulnerability in the user portal in ...) NOT-FOR-US: Dell SonicWALL CVE-2015-2247 (Unspecified vulnerability in Boosted Boards skateboards allows physica ...) @@ -26448,8 +26447,7 @@ CVE-2015-0295 (The BMP decoder in QtGui in QT before 5.5 does not properly calcu - qtbase-opensource-src 5.3.2+dfsg-5 (bug #779580) [jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1 NOTE: http://lists.qt-project.org/pipermail/announce/2015-February/000059.html -CVE-2015-0294 [certificate algorithm consistency checking issue] - RESERVED +CVE-2015-0294 (GnuTLS before 3.3.13 does not validate that the signature algorithms m ...) {DSA-3191-1 DLA-180-1} - gnutls26 <removed> [experimental] - gnutls28 3.3.13-1 @@ -26607,26 +26605,22 @@ CVE-2015-0245 (D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and {DSA-3161-1} - dbus 1.8.16-1 (bug #777545) [squeeze] - dbus <not-affected> (affects 1.4 and above) -CVE-2015-0244 - RESERVED +CVE-2015-0244 (PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9. ...) {DSA-3155-1 DLA-152-1} - postgresql-9.4 9.4.1-1 - postgresql-9.1 9.1.11-2 - postgresql-8.4 <removed> [wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl) -CVE-2015-0243 - RESERVED +CVE-2015-0243 (Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0 ...) {DSA-3155-1 DLA-152-1} - postgresql-9.4 9.4.1-1 - postgresql-9.1 9.1.11-2 - postgresql-8.4 <removed> [wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl) -CVE-2015-0242 - RESERVED +CVE-2015-0242 (Stack-based buffer overflow in the *printf function implementations in ...) - postgresql-9.4 <not-affected> (Only affects PostgreSQL on Windows) - postgresql-9.1 <not-affected> (Only affects PostgreSQL on Windows) -CVE-2015-0241 - RESERVED +CVE-2015-0241 (The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, ...) {DSA-3155-1 DLA-152-1} - postgresql-9.4 9.4.1-1 - postgresql-9.1 9.1.11-2 diff --git a/data/CVE/list.2017 b/data/CVE/list.2017 index 75a3458552..b04b7e561d 100644 --- a/data/CVE/list.2017 +++ b/data/CVE/list.2017 @@ -7515,7 +7515,7 @@ CVE-2017-16114 (The marked module is vulnerable to a regular expression denial o CVE-2017-16113 (The parsejson module is vulnerable to regular expression denial of ser ...) NOT-FOR-US: parsejson node module CVE-2017-16112 - RESERVED + REJECTED CVE-2017-16111 (The content module is a module to parse HTTP Content-* headers. It is ...) NOT-FOR-US: node content CVE-2017-16110 (weather.swlyons is a simple web server for weather updates. weather.sw ...) @@ -11341,10 +11341,10 @@ CVE-2017-14809 REJECTED CVE-2017-14808 REJECTED -CVE-2017-14807 - RESERVED -CVE-2017-14806 - RESERVED +CVE-2017-14807 (An Improper Neutralization of Special Elements used in an SQL Command ...) + TODO: check +CVE-2017-14806 (A Improper Certificate Validation vulnerability in susestudio-common o ...) + TODO: check CVE-2017-14805 RESERVED CVE-2017-14804 (The build package before 20171128 did not check directory names during ...) diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index e048fd5774..30f19ade9e 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -2862,8 +2862,8 @@ CVE-2018-20107 REJECTED CVE-2018-20106 (In yast2-printer up to and including version 4.0.2 the SMB printer set ...) NOT-FOR-US: yast2-printer -CVE-2018-20105 - RESERVED +CVE-2018-20105 (A Inclusion of Sensitive Information in Log Files vulnerability in yas ...) + TODO: check CVE-2018-20104 RESERVED CVE-2018-20103 (An issue was discovered in dns.c in HAProxy through 1.8.14. In the cas ...) @@ -4775,8 +4775,8 @@ CVE-2018-19444 (A use after free in the TextBox field Validate action in IReader NOT-FOR-US: Foxit Reader SDK CVE-2018-19442 (A Buffer Overflow in Network::AuthenticationClient::VerifySignature in ...) NOT-FOR-US: Neato Botvac Connected -CVE-2018-19441 - RESERVED +CVE-2018-19441 (An issue was discovered in Neato Botvac Connected 2.2.0. The GenerateR ...) + TODO: check CVE-2018-19440 (ARM Trusted Firmware-A allows information disclosure. ...) NOT-FOR-US: ARM Trusted Firmware-A CVE-2018-19439 (XSS exists in the Administration Console in Oracle Secure Global Deskt ...) @@ -22663,8 +22663,8 @@ CVE-2018-12477 (A Improper Neutralization of CRLF Sequences vulnerability in Ope NOT-FOR-US: obs-service refresh_patches NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1108189 NOTE: https://github.com/openSUSE/obs-service-refresh_patches/commit/d6244245dda5367767efc989446fe4b5e4609cce -CVE-2018-12476 - RESERVED +CVE-2018-12476 (Relative Path Traversal vulnerability in obs-service-tar_scm of SUSE L ...) + TODO: check CVE-2018-12475 RESERVED CVE-2018-12474 (Improper input validation in obs-service-tar_scm of Open Build Service ...) diff --git a/data/CVE/list.2019 b/data/CVE/list.2019 index bd399fa0de..8c2e47ca2c 100644 --- a/data/CVE/list.2019 +++ b/data/CVE/list.2019 @@ -1,3 +1,5 @@ +CVE-2019-20433 (libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a s ...) + TODO: check CVE-2019-20432 (In the Lustre file system before 2.12.3, the mdt module has an out-of- ...) TODO: check CVE-2019-20431 (In the Lustre file system before 2.12.3, the ptlrpc module has an osd_ ...) @@ -1579,14 +1581,14 @@ CVE-2019-19827 RESERVED CVE-2019-19826 (The Views Dynamic Fields module through 7.x-1.0-alpha4 for Drupal make ...) NOT-FOR-US: Views Dynamic Fields module for Drupal -CVE-2019-19825 - RESERVED -CVE-2019-19824 - RESERVED -CVE-2019-19823 - RESERVED -CVE-2019-19822 - RESERVED +CVE-2019-19825 (On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be ...) + TODO: check +CVE-2019-19824 (On certain TOTOLINK Realtek SDK based routers, an authenticated attack ...) + TODO: check +CVE-2019-19823 (A certain router administration interface (that includes Realtek APMIB ...) + TODO: check +CVE-2019-19822 (A certain router administration interface (that includes Realtek APMIB ...) + TODO: check CVE-2019-19821 RESERVED CVE-2019-19820 (An invalid pointer vulnerability in IOCTL Handling in the kyrld.sys dr ...) @@ -2329,8 +2331,8 @@ CVE-2019-19543 (In the Linux kernel before 5.1.6, there is a use-after-free in s [stretch] - linux <not-affected> (Vulnerability introduced later) [jessie] - linux <not-affected> (Vulnerability introduced later) NOTE: https://git.kernel.org/linus/56cd26b618855c9af48c8301aa6754ced8dd0beb -CVE-2019-19539 - RESERVED +CVE-2019-19539 (An issue was discovered in Idelji Web ViewPoint H01ABO-H01BY and L01AB ...) + TODO: check CVE-2019-19538 RESERVED CVE-2019-19537 (In the Linux kernel before 5.2.10, there is a race condition bug that ...) @@ -3343,8 +3345,8 @@ CVE-2019-19145 RESERVED CVE-2019-19144 RESERVED -CVE-2019-19143 - RESERVED +CVE-2019-19143 (TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to ...) + TODO: check CVE-2019-19142 (Intelbras WRN240 devices do not require authentication to replace the ...) NOT-FOR-US: Intelbras CVE-2019-19141 (The Camera Upload functionality in Plex Media Server through 1.18.2.20 ...) @@ -7900,8 +7902,8 @@ CVE-2019-17192 (** DISPUTED ** The WebRTC component in the Signal Private Messen NOT-FOR-US: Signal CVE-2019-17191 (The Signal Private Messenger application before 4.47.7 for Android all ...) NOT-FOR-US: Signal -CVE-2019-17190 - RESERVED +CVE-2019-17190 (A Local Privilege Escalation issue was discovered in Avast Secure Brow ...) + TODO: check CVE-2019-17189 (totemodata 3.0.0_b936 has XSS via a folder name. ...) NOT-FOR-US: totemodata CVE-2019-17188 (An unrestricted file upload vulnerability was discovered in catalog/pr ...) @@ -8090,26 +8092,26 @@ CVE-2019-17105 (The token generator in index.php in Centreon Web before 2.8.27 i - centreon-web <itp> (bug #913903) CVE-2019-17104 (In Centreon VM through 19.04.3, the cookie configuration within the Ap ...) - centreon-web <itp> (bug #913903) -CVE-2019-17103 - RESERVED -CVE-2019-17102 - RESERVED +CVE-2019-17103 (An Incorrect Default Permissions vulnerability in the BDLDaemon compon ...) + TODO: check +CVE-2019-17102 (An exploitable command execution vulnerability exists in the recovery ...) + TODO: check CVE-2019-17101 RESERVED -CVE-2019-17100 - RESERVED -CVE-2019-17099 - RESERVED +CVE-2019-17100 (An Untrusted Search Path vulnerability in bdserviceshost.exe as used i ...) + TODO: check +CVE-2019-17099 (An Untrusted Search Path vulnerability in EPSecurityService.exe as use ...) + TODO: check CVE-2019-17098 RESERVED CVE-2019-17097 RESERVED CVE-2019-17096 RESERVED -CVE-2019-17095 - RESERVED -CVE-2019-17094 - RESERVED +CVE-2019-17095 (A command injection vulnerability has been discovered in the bootstrap ...) + TODO: check +CVE-2019-17094 (A Stack-based Buffer Overflow vulnerability in libbelkin_api.so compon ...) + TODO: check CVE-2019-17093 (An issue was discovered in Avast antivirus before 19.8 and AVG antivir ...) NOT-FOR-US: Avast CVE-2019-17092 (An XSS vulnerability in project list in OpenProject before 9.0.4 and 1 ...) @@ -12496,8 +12498,8 @@ CVE-2019-15315 (Valve Steam Client for Windows through 2019-08-16 allows privile NOT-FOR-US: Valve Steam Client for Windows CVE-2019-15314 (tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to uplo ...) - tikiwiki <removed> -CVE-2019-15313 - RESERVED +CVE-2019-15313 (In Zimbra Collaboration before 8.8.15 Patch 1, there is a non-persiste ...) + TODO: check CVE-2019-15312 RESERVED CVE-2019-15311 @@ -20227,8 +20229,8 @@ CVE-2019-12428 [Mandatory External Authentication Provider Sign-In Restrictions [experimental] - gitlab 11.10.5+dfsg-1 - gitlab <unfixed> (bug #930004) NOTE: https://about.gitlab.com/2019/06/03/security-release-gitlab-11-dot-11-dot-1-released/ -CVE-2019-12427 - RESERVED +CVE-2019-12427 (Zimbra Collaboration before 8.8.15 Patch 1 is vulnerable to a non-pers ...) + TODO: check CVE-2019-12426 RESERVED CVE-2019-12425 @@ -23287,8 +23289,8 @@ CVE-2019-11320 (In Motorola CX2 1.01 and M2 1.01, users can access the router's NOT-FOR-US: Motorola CVE-2019-11319 (An issue was discovered in Motorola CX2 1.01 and M2 1.01. There is a c ...) NOT-FOR-US: Motorola -CVE-2019-11318 - RESERVED +CVE-2019-11318 (Zimbra Collaboration before 8.8.12 Patch 1 has persistent XSS. ...) + TODO: check CVE-2019-11317 RESERVED CVE-2019-11316 @@ -23351,8 +23353,8 @@ CVE-2019-11290 (Cloud Foundry UAA Release, versions prior to v74.8.0, logs all q NOT-FOR-US: Cloud Foundry CVE-2019-11289 (Cloud Foundry Routing, all versions before 0.193.0, does not properly ...) NOT-FOR-US: Cloud Foundry Routing -CVE-2019-11288 - RESERVED +CVE-2019-11288 (In Pivotal tc Server, 3.x versions prior to 3.2.19 and 4.x versions pr ...) + TODO: check CVE-2019-11287 (Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3. ...) - rabbitmq-server <unfixed> (bug #945600) [buster] - rabbitmq-server <no-dsa> (Minor issue) @@ -30757,12 +30759,12 @@ CVE-2019-8949 RESERVED CVE-2019-8948 (PaperCut MF before 18.3.6 and PaperCut NG before 18.3.6 allow script i ...) NOT-FOR-US: PaperCut MF -CVE-2019-8947 - RESERVED -CVE-2019-8946 - RESERVED -CVE-2019-8945 - RESERVED +CVE-2019-8947 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains non-persistent XSS. ...) + TODO: check +CVE-2019-8946 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. ...) + TODO: check +CVE-2019-8945 (Zimbra Collaboration 8.7.x - 8.8.11P2 contains persistent XSS. ...) + TODO: check CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step in Octo ...) NOT-FOR-US: Terraform CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...) @@ -37843,8 +37845,8 @@ CVE-2019-6038 RESERVED CVE-2019-6037 RESERVED -CVE-2019-6036 - RESERVED +CVE-2019-6036 (Cross-site scripting vulnerability in F-RevoCRM 6.0 to F-RevoCRM 6.5 p ...) + TODO: check CVE-2019-6035 (Open redirect vulnerability in Athenz v1.8.24 and earlier allows remot ...) NOT-FOR-US: Athenz CVE-2019-6034 (a-blog cms versions prior to Ver.2.10.23 (Ver.2.10.x), Ver.2.9.26 (Ver ...) @@ -48376,8 +48378,7 @@ CVE-2019-1354 (A remote code execution vulnerability exists when Git for Visual [buster] - git 1:2.20.1-2+deb10u1 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=e1d911dd4c7b76a5a8cec0f5c8de15981e34da83 NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 -CVE-2019-1353 - REJECTED +CVE-2019-1353 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...) {DSA-4581-1 DLA-2059-1} - git 1:2.24.0-2 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=9102f958ee5254b10c0be72672aa3305bf4f4704 @@ -48404,8 +48405,7 @@ CVE-2019-1349 (A remote code execution vulnerability exists when Git for Visual - git 1:2.24.0-2 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=0060fd1511b94c918928fa3708f69a3f33895a4a NOTE: https://www.openwall.com/lists/oss-security/2019/12/13/1 -CVE-2019-1348 - REJECTED +CVE-2019-1348 (An issue was found in Git before v2.24.1, v2.23.1, v2.22.2, v2.21.1, v ...) {DSA-4581-1 DLA-2059-1} - git 1:2.24.0-2 NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=68061e3470210703cb15594194718d35094afdc0 diff --git a/data/CVE/list.2020 b/data/CVE/list.2020 index 60516dd124..c192c79bca 100644 --- a/data/CVE/list.2020 +++ b/data/CVE/list.2020 @@ -1,3 +1,169 @@ +CVE-2020-8086 + RESERVED +CVE-2020-8085 + RESERVED +CVE-2020-8084 + RESERVED +CVE-2020-8083 + RESERVED +CVE-2020-8082 + RESERVED +CVE-2020-8081 + RESERVED +CVE-2020-8080 + RESERVED +CVE-2020-8079 + RESERVED +CVE-2020-8078 + RESERVED +CVE-2020-8077 + RESERVED +CVE-2020-8076 + RESERVED +CVE-2020-8075 + RESERVED +CVE-2020-8074 + RESERVED +CVE-2020-8073 + RESERVED +CVE-2020-8072 + RESERVED +CVE-2020-8071 + RESERVED +CVE-2020-8070 + RESERVED +CVE-2020-8069 + RESERVED +CVE-2020-8068 + RESERVED +CVE-2020-8067 + RESERVED +CVE-2020-8066 + RESERVED +CVE-2020-8065 + RESERVED +CVE-2020-8064 + RESERVED +CVE-2020-8063 + RESERVED +CVE-2020-8062 + RESERVED +CVE-2020-8061 + RESERVED +CVE-2020-8060 + RESERVED +CVE-2020-8059 + RESERVED +CVE-2020-8058 + RESERVED +CVE-2020-8057 + RESERVED +CVE-2020-8056 + RESERVED +CVE-2020-8055 + RESERVED +CVE-2020-8054 + RESERVED +CVE-2020-8053 + RESERVED +CVE-2020-8052 + RESERVED +CVE-2020-8051 + RESERVED +CVE-2020-8050 + RESERVED +CVE-2020-8049 + RESERVED +CVE-2020-8048 + RESERVED +CVE-2020-8047 + RESERVED +CVE-2020-8046 + RESERVED +CVE-2020-8045 + RESERVED +CVE-2020-8044 + RESERVED +CVE-2020-8043 + RESERVED +CVE-2020-8042 + RESERVED +CVE-2020-8041 + RESERVED +CVE-2020-8040 + RESERVED +CVE-2020-8039 + RESERVED +CVE-2020-8038 + RESERVED +CVE-2020-8037 + RESERVED +CVE-2020-8036 + RESERVED +CVE-2020-8035 + RESERVED +CVE-2020-8034 + RESERVED +CVE-2020-8033 + RESERVED +CVE-2020-8032 + RESERVED +CVE-2020-8031 + RESERVED +CVE-2020-8030 + RESERVED +CVE-2020-8029 + RESERVED +CVE-2020-8028 + RESERVED +CVE-2020-8027 + RESERVED +CVE-2020-8026 + RESERVED +CVE-2020-8025 + RESERVED +CVE-2020-8024 + RESERVED +CVE-2020-8023 + RESERVED +CVE-2020-8022 + RESERVED +CVE-2020-8021 + RESERVED +CVE-2020-8020 + RESERVED +CVE-2020-8019 + RESERVED +CVE-2020-8018 + RESERVED +CVE-2020-8017 + RESERVED +CVE-2020-8016 + RESERVED +CVE-2020-8015 + RESERVED +CVE-2020-8014 + RESERVED +CVE-2020-8013 + RESERVED +CVE-2020-8012 + RESERVED +CVE-2020-8011 + RESERVED +CVE-2020-8010 + RESERVED +CVE-2020-8009 (AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as ...) + TODO: check +CVE-2020-8008 + RESERVED +CVE-2020-8007 + RESERVED +CVE-2020-8006 + RESERVED +CVE-2020-8005 + RESERVED +CVE-2020-8004 + RESERVED CVE-2020-8003 (A double-free vulnerability in vrend_renderer.c in virglrenderer throu ...) - virglrenderer <unfixed> (bug #949954) NOTE: https://gitlab.freedesktop.org/virgl/virglrenderer/commit/522b610a826f6de58c560cbb38fa8dfc65ae3c42 @@ -103,14 +269,14 @@ CVE-2020-7954 RESERVED CVE-2020-7953 RESERVED -CVE-2020-7952 - RESERVED -CVE-2020-7951 - RESERVED -CVE-2020-7950 - RESERVED -CVE-2020-7949 - RESERVED +CVE-2020-7952 (rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attacke ...) + TODO: check +CVE-2020-7951 (meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to ...) + TODO: check +CVE-2020-7950 (meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to ...) + TODO: check +CVE-2020-7949 (schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers ...) + TODO: check CVE-2020-7948 RESERVED CVE-2020-7947 @@ -1533,8 +1699,8 @@ CVE-2020-7240 (Meinberg Lantime M300 and M1000 devices allow attackers (with pri NOT-FOR-US: Meinberg Lantime M300 and M1000 devices CVE-2020-7239 (The conversation-watson plugin before 0.8.21 for WordPress has a DOM-b ...) NOT-FOR-US: conversation-watson plugin for WordPress -CVE-2020-7238 - RESERVED +CVE-2020-7238 (Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles ...) + TODO: check CVE-2020-7237 (Cacti 1.2.8 allows Remote Code Execution (by privileged users) via she ...) - cacti <unfixed> [jessie] - cacti <not-affected> (Vulnerable code introduced later) @@ -5068,12 +5234,12 @@ CVE-2020-5524 RESERVED CVE-2020-5523 RESERVED -CVE-2020-5522 - RESERVED -CVE-2020-5521 - RESERVED -CVE-2020-5520 - RESERVED +CVE-2020-5522 (The kantan netprint App for Android 2.0.3 and earlier does not verify ...) + TODO: check +CVE-2020-5521 (The kantan netprint App for iOS 2.0.2 and earlier does not verify X.50 ...) + TODO: check +CVE-2020-5520 (The netprint App for iOS 3.2.3 and earlier does not verify X.509 certi ...) + TODO: check CVE-2020-5519 (The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly ...) NOT-FOR-US: OpenLiteSpeed CVE-2020-5518 |