From 177badd24ffc623002799bd3e603c80adc6b4045 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Wed, 29 Jan 2020 20:10:27 +0000 Subject: automatic update --- data/CVE/2012.list | 7 ++-- data/CVE/2013.list | 34 +++++++++--------- data/CVE/2018.list | 6 ++-- data/CVE/2019.list | 19 +++++----- data/CVE/2020.list | 103 ++++++++++++++++++++++++++--------------------------- 5 files changed, 84 insertions(+), 85 deletions(-) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 77c433bce4..5c3ba2bde2 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -2399,8 +2399,8 @@ CVE-2012-5778 RESERVED CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the te ...) NOT-FOR-US: EmpireCMS -CVE-2012-5776 - RESERVED +CVE-2012-5776 (Dokeos 2.1.1 has multiple XSS issues involving "extra_" parameters in ...) + TODO: check CVE-2012-5775 REJECTED CVE-2012-5774 @@ -5755,8 +5755,7 @@ CVE-2012-4385 (letodms 3.3.6 has CSRF via change password ...) - letodms 3.3.7+dfsg-1 (bug #689664) CVE-2012-4384 (letodms has multiple XSS issues: Reflected XSS in Login Page, Stored X ...) - letodms 3.3.7+dfsg-1 (bug #689664) -CVE-2012-4383 - RESERVED +CVE-2012-4383 (contao prior to 2.11.4 has a sql injection vulnerability ...) NOT-FOR-US: Contao CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly pr ...) - mediawiki 1:1.19.2-1 (bug #686330) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index 59a0f34087..1e76a5a896 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -11138,8 +11138,8 @@ CVE-2013-3217 RESERVED CVE-2013-3216 RESERVED -CVE-2013-3215 - RESERVED +CVE-2013-3215 (vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerab ...) + TODO: check CVE-2013-3214 (vtiger CRM 5.4.0 and earlier contain a PHP Code Injection Vulnerabilit ...) TODO: check CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through 5.4 ...) @@ -12667,23 +12667,22 @@ CVE-2013-2576 (Buffer overflow in Artweaver before 3.1.6 allows remote attackers NOT-FOR-US: Artweaver CVE-2013-2575 RESERVED -CVE-2013-2574 - RESERVED +CVE-2013-2574 (An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insuf ...) NOT-FOR-US: Foscam -CVE-2013-2573 - RESERVED -CVE-2013-2572 - RESERVED +CVE-2013-2573 (A Command Injection vulnerability exists in the ap parameter to the /c ...) + TODO: check +CVE-2013-2572 (A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 313 ...) + TODO: check CVE-2013-2571 (Iris 3.8 before build 1548, as used in Xpient point of sale (POS) syst ...) TODO: check -CVE-2013-2570 - RESERVED -CVE-2013-2569 - RESERVED -CVE-2013-2568 - RESERVED -CVE-2013-2567 - RESERVED +CVE-2013-2570 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...) + TODO: check +CVE-2013-2569 (A Security Bypass vulnerability exists in Zavio IP Cameras through 1.6 ...) + TODO: check +CVE-2013-2568 (A Command Injection vulnerability exists in Zavio IP Cameras through 1 ...) + TODO: check +CVE-2013-2567 (An Authentication Bypass vulnerability exists in the web interface in ...) + TODO: check CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has m ...) NOTE: Generic protocol flaw in RC4 CVE-2013-2565 (A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, edit ...) @@ -19722,8 +19721,7 @@ CVE-2013-0163 (OpenShift haproxy cartridge: predictable /tmp in set-proxy connec CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser ...) - ruby-parser 2.3.1-2 (bug #701637) NOTE: http://www.openwall.com/lists/oss-security/2013/02/22/5 -CVE-2013-0161 - RESERVED +CVE-2013-0161 (Havalite CMS 1.1.7 has a stored XSS vulnerability ...) NOT-FOR-US: Havalite CMS CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive ...) {DSA-2669-1} diff --git a/data/CVE/2018.list b/data/CVE/2018.list index a12461c271..4734a15c7d 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -35100,13 +35100,13 @@ CVE-2018-7716 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalat NOT-FOR-US: PrivateVPN for macOS CVE-2018-7715 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation v ...) NOT-FOR-US: PrivateVPN for macOS -CVE-2018-7714 (The validateInputImageSize function in modules/imgcodecs/src/loadsave. ...) +CVE-2018-7714 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...) NOTE: Non-issue, needs to be handled within applications using opencv NOTE: https://github.com/opencv/opencv/issues/10998 -CVE-2018-7713 (The validateInputImageSize function in modules/imgcodecs/src/loadsave. ...) +CVE-2018-7713 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...) NOTE: Non-issue, needs to be handled within applications using opencv NOTE: https://github.com/opencv/opencv/issues/10998 -CVE-2018-7712 (The validateInputImageSize function in modules/imgcodecs/src/loadsave. ...) +CVE-2018-7712 (** DISPUTED ** The validateInputImageSize function in modules/imgcodec ...) NOTE: Non-issue, needs to be handled within applications using opencv NOTE: https://github.com/opencv/opencv/issues/10998 CVE-2018-7710 diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 99ec8d697c..fa24a89732 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -4655,8 +4655,8 @@ CVE-2019-18636 (A cross-site scripting (XSS) vulnerability in Jitbit .NET Forum NOT-FOR-US: Jitbit .NET Forum CVE-2019-18635 (An issue was discovered in Mooltipass Moolticute through v0.42.1 and v ...) NOT-FOR-US: Mooltipass Moolticute -CVE-2019-18634 - RESERVED +CVE-2019-18634 (In Sudo through 1.8.29, if pwfeedback is enabled in /etc/sudoers, user ...) + TODO: check CVE-2019-18633 (European Commission eIDAS-Node Integration Package before 2.3.1 has Mi ...) NOT-FOR-US: European Commission eIDAS-Node Integration Package CVE-2019-18632 (European Commission eIDAS-Node Integration Package before 2.3.1 allows ...) @@ -31034,6 +31034,7 @@ CVE-2019-8847 RESERVED CVE-2019-8846 RESERVED + {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) @@ -31042,6 +31043,7 @@ CVE-2019-8845 RESERVED CVE-2019-8844 RESERVED + {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) @@ -31064,6 +31066,7 @@ CVE-2019-8836 RESERVED CVE-2019-8835 RESERVED + {DSA-4610-1} - webkit2gtk 2.26.3-1 [stretch] - webkit2gtk (Not covered by security support in stretch) [jessie] - webkit2gtk (Not covered by security support in jessie) @@ -33900,12 +33903,12 @@ CVE-2019-7658 RESERVED CVE-2019-7657 RESERVED -CVE-2019-7656 - RESERVED -CVE-2019-7655 - RESERVED -CVE-2019-7654 - RESERVED +CVE-2019-7656 (A privilege escalation vulnerability in Wowza Streaming Engine 4.7.7 a ...) + TODO: check +CVE-2019-7655 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple authentic ...) + TODO: check +CVE-2019-7654 (Wowza Streaming Engine 4.7.7 and 4.7.8 suffers from multiple CSRF vuln ...) + TODO: check CVE-2019-7652 (TheHive Project UnshortenLink analyzer before 1.1, included in Cortex- ...) NOT-FOR-US: TheHive Project UnshortenLink analyzer CVE-2019-7651 (EPP.sys in Emsisoft Anti-Malware prior to version 2018.12 allows an at ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index 6e7db58098..21bbe069fd 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,3 +1,11 @@ +CVE-2020-8432 (In Das U-Boot through 2020.01, a double free has been found in the cmd ...) + TODO: check +CVE-2020-8431 + RESERVED +CVE-2020-8430 + RESERVED +CVE-2020-8429 + RESERVED CVE-2020-8427 RESERVED CVE-2020-8426 (The Elementor plugin before 2.8.5 for WordPress suffers from a reflect ...) @@ -20,8 +28,8 @@ CVE-2020-8418 RESERVED CVE-2020-8417 (The Code Snippets plugin before 2.14.0 for WordPress allows CSRF becau ...) NOT-FOR-US: Code Snippets plugin for WordPress -CVE-2020-8416 - RESERVED +CVE-2020-8416 (BearFTP before 0.2.0 allows remote attackers to achieve denial of serv ...) + TODO: check CVE-2020-8415 RESERVED CVE-2020-8414 @@ -672,10 +680,10 @@ CVE-2020-8095 RESERVED CVE-2020-8094 RESERVED -CVE-2020-8093 - RESERVED -CVE-2020-8092 - RESERVED +CVE-2020-8093 (A vulnerability in the AntivirusforMac binary as used in Bitdefender A ...) + TODO: check +CVE-2020-8092 (A privilege escalation vulnerability in BDLDaemon as used in Bitdefend ...) + TODO: check CVE-2020-8091 (svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow a ...) NOT-FOR-US: TYPO3 CVE-2020-8090 (The Username field in the Storage Service settings of A1 WLAN Box ADB ...) @@ -933,8 +941,8 @@ CVE-2020-7967 RESERVED CVE-2020-7966 RESERVED -CVE-2020-7965 - RESERVED +CVE-2020-7965 (flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Con ...) + TODO: check CVE-2020-7964 (An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect ...) NOT-FOR-US: Mirumee Saleor CVE-2020-7963 @@ -2371,8 +2379,8 @@ CVE-2020-7249 (SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field NOT-FOR-US: SMC D3G0804W devices CVE-2020-7248 RESERVED -CVE-2020-7247 [LPE and RCE in OpenSMTPD] - RESERVED +CVE-2020-7247 (smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6 ...) + {DSA-4611-1} - opensmtpd 6.6.2p1-1 NOTE: https://www.openwall.com/lists/oss-security/2020/01/28/3 NOTE: Fixed by: https://github.com/OpenSMTPD/OpenSMTPD/commit/2afab2297347342f81fa31a75bbbf7dbee614fda @@ -2672,6 +2680,7 @@ CVE-2020-7106 (Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_i NOTE: https://github.com/Cacti/cacti/commit/47a000b5aba4af16967e249b25f25397506e3464 NOTE: https://github.com/Cacti/cacti/commit/b1c70e19466a6e69284e24cde437b55ccc454bee CVE-2020-7105 (async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a N ...) + {DLA-2083-1} - hiredis 0.14.0-5 (bug #949995) NOTE: https://github.com/redis/hiredis/pull/754 NOTE: https://github.com/redis/hiredis/pull/756 @@ -9518,8 +9527,8 @@ CVE-2020-3760 RESERVED CVE-2020-3759 RESERVED -CVE-2020-3758 - RESERVED +CVE-2020-3758 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check CVE-2020-3757 RESERVED CVE-2020-3756 @@ -9596,26 +9605,26 @@ CVE-2020-3721 RESERVED CVE-2020-3720 RESERVED -CVE-2020-3719 - RESERVED -CVE-2020-3718 - RESERVED -CVE-2020-3717 - RESERVED -CVE-2020-3716 - RESERVED -CVE-2020-3715 - RESERVED -CVE-2020-3714 - RESERVED -CVE-2020-3713 - RESERVED -CVE-2020-3712 - RESERVED -CVE-2020-3711 - RESERVED -CVE-2020-3710 - RESERVED +CVE-2020-3719 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check +CVE-2020-3718 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check +CVE-2020-3717 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check +CVE-2020-3716 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check +CVE-2020-3715 (Magento versions 2.3.3 and earlier, 2.2.10 and earlier, 1.14.4.3 and e ...) + TODO: check +CVE-2020-3714 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) + TODO: check +CVE-2020-3713 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) + TODO: check +CVE-2020-3712 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) + TODO: check +CVE-2020-3711 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) + TODO: check +CVE-2020-3710 (Adobe Illustrator CC versions 24.0 and earlier have a memory corruptio ...) + TODO: check CVE-2020-3709 RESERVED CVE-2020-3708 @@ -12881,35 +12890,25 @@ CVE-2020-2110 RESERVED CVE-2020-2109 RESERVED -CVE-2020-2108 - RESERVED +CVE-2020-2108 (Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2107 - RESERVED +CVE-2020-2107 (Jenkins Fortify Plugin 19.1.29 and earlier stores proxy server passwor ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2106 - RESERVED +CVE-2020-2106 (Jenkins Code Coverage API Plugin 1.1.2 and earlier does not escape the ...) NOT-FOR-US: Jenkins plugin -CVE-2020-2105 - RESERVED +CVE-2020-2105 (REST API endpoints in Jenkins 2.218 and earlier, LTS 2.204.1 and earli ...) NOT-FOR-US: Jenkins -CVE-2020-2104 - RESERVED +CVE-2020-2104 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier allowed users with ...) NOT-FOR-US: Jenkins -CVE-2020-2103 - RESERVED +CVE-2020-2103 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier exposed session ide ...) NOT-FOR-US: Jenkins -CVE-2020-2102 - RESERVED +CVE-2020-2102 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier used a non-constant ...) NOT-FOR-US: Jenkins -CVE-2020-2101 - RESERVED +CVE-2020-2101 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier did not use a const ...) NOT-FOR-US: Jenkins -CVE-2020-2100 - RESERVED +CVE-2020-2100 (Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a ...) NOT-FOR-US: Jenkins -CVE-2020-2099 - RESERVED +CVE-2020-2099 (Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses e ...) NOT-FOR-US: Jenkins CVE-2020-2098 (A cross-site request forgery vulnerability in Jenkins Sounds Plugin 0. ...) NOT-FOR-US: Jenkins plugin -- cgit v1.2.3