summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsecurity tracker role <sectracker@soriano.debian.org>2020-04-10 08:10:21 +0000
committersecurity tracker role <sectracker@soriano.debian.org>2020-04-10 08:10:21 +0000
commit5ff770881a721b081835b2d2a8adf1d6d123f371 (patch)
tree3f774698f7cd87a47ccfe2b80fdf3bc7f428a73b
parentec3409c82f307e9ddaabc5469d6f0c4fd6056dfa (diff)
automatic update
-rw-r--r--data/CVE/2019.list11
-rw-r--r--data/CVE/2020.list46
2 files changed, 42 insertions, 15 deletions
diff --git a/data/CVE/2019.list b/data/CVE/2019.list
index 95304de..2fc4163 100644
--- a/data/CVE/2019.list
+++ b/data/CVE/2019.list
@@ -5938,10 +5938,10 @@ CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible
NOT-FOR-US: Symantec
CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a p ...)
NOT-FOR-US: Symantec
-CVE-2019-18376
- RESERVED
-CVE-2019-18375
- RESERVED
+CVE-2019-18376 (A CSRF token disclosure vulnerability allows a remote attacker, with a ...)
+ TODO: check
+CVE-2019-18375 (The ASG and ProxySG management consoles are susceptible to a session h ...)
+ TODO: check
CVE-2019-18374 (Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 &amp; ...)
NOT-FOR-US: Symantec
CVE-2019-18373 (Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass ex ...)
@@ -36011,8 +36011,7 @@ CVE-2019-7306 [Apport hook may expose sensitive information]
NOTE: https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202
NOTE: Issue in /usr/share/apport/package-hooks/source_byobu.py hook,
NOTE: non-issue in Debian as Apport not present.
-CVE-2019-7305 [extplorer exposes /usr and /etc/extplorer over HTTP]
- RESERVED
+CVE-2019-7305 (Information Exposure vulnerability in eXtplorer makes the /usr/ and /e ...)
- extplorer <removed>
NOTE: https://bugs.launchpad.net/ubuntu/+source/extplorer/+bug/1822013
CVE-2019-7304 (Canonical snapd before version 2.37.1 incorrectly performed socket own ...)
diff --git a/data/CVE/2020.list b/data/CVE/2020.list
index b3c55f5..7359ec4 100644
--- a/data/CVE/2020.list
+++ b/data/CVE/2020.list
@@ -1,5 +1,36 @@
-CVE-2020-11668 [media: xirlink_cit: add missing descriptor sanity checks]
+CVE-2020-11684
RESERVED
+CVE-2020-11683
+ RESERVED
+CVE-2020-11682
+ RESERVED
+CVE-2020-11681
+ RESERVED
+CVE-2020-11680
+ RESERVED
+CVE-2020-11679
+ RESERVED
+CVE-2020-11678
+ RESERVED
+CVE-2020-11677
+ RESERVED
+CVE-2020-11676
+ RESERVED
+CVE-2020-11675
+ RESERVED
+CVE-2020-11674
+ RESERVED
+CVE-2020-11673
+ RESERVED
+CVE-2020-11672
+ RESERVED
+CVE-2020-11671
+ RESERVED
+CVE-2020-11670
+ RESERVED
+CVE-2020-11669
+ RESERVED
+CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...)
- linux <unfixed>
NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8
CVE-2020-11667
@@ -5880,8 +5911,8 @@ CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110
NOT-FOR-US: TimeTools devices
CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...)
NOT-FOR-US: D-Link
-CVE-2020-8961
- RESERVED
+CVE-2020-8961 (An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. ...)
+ TODO: check
CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...)
NOT-FOR-US: Western Digital mycloud.com
CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...)
@@ -6163,16 +6194,14 @@ CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf
[stretch] - linux <not-affected> (Vulnerable code introduced later)
[jessie] - linux <not-affected> (Vulnerable code introduced later)
NOTE: https://git.kernel.org/linus/f2d67fec0b43edce8c416101cdc52e71145b5fef
-CVE-2020-8834 [Linux kernel Power8 conflicting use of HSTATE_HOST_R1 vulnerability]
- RESERVED
+CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting use of ...)
- linux 4.18.6-1
[stretch] - linux <not-affected> (Vulnerable code not present)
[jessie] - linux <not-affected> (Vulnerable code not present)
NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2
CVE-2020-8833
RESERVED
-CVE-2020-8832 [incomplete fix for CVE-2019-14615 allows for a local information exposure]
- RESERVED
+CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...)
- linux <undetermined>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817047
TODO: check (in kernel-sec) if we have incomplete fix
@@ -21728,8 +21757,7 @@ CVE-2020-1635
RESERVED
CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and when sp ...)
NOT-FOR-US: Juniper
-CVE-2020-1633
- RESERVED
+CVE-2020-1633 (Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos ...)
NOT-FOR-US: Juniper
CVE-2020-1632
RESERVED

© 2014-2020 Faster IT GmbH | imprint | privacy policy