From 5ff770881a721b081835b2d2a8adf1d6d123f371 Mon Sep 17 00:00:00 2001 From: security tracker role Date: Fri, 10 Apr 2020 08:10:21 +0000 Subject: automatic update --- data/CVE/2019.list | 11 +++++------ data/CVE/2020.list | 46 +++++++++++++++++++++++++++++++++++++--------- 2 files changed, 42 insertions(+), 15 deletions(-) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 95304decc8..2fc4163f6e 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -5938,10 +5938,10 @@ CVE-2019-18378 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible NOT-FOR-US: Symantec CVE-2019-18377 (Symantec Messaging Gateway, prior to 10.7.3, may be susceptible to a p ...) NOT-FOR-US: Symantec -CVE-2019-18376 - RESERVED -CVE-2019-18375 - RESERVED +CVE-2019-18376 (A CSRF token disclosure vulnerability allows a remote attacker, with a ...) + TODO: check +CVE-2019-18375 (The ASG and ProxySG management consoles are susceptible to a session h ...) + TODO: check CVE-2019-18374 (Symantec Critical System Protection (CSP), versions 8.0, 8.0 HF1 & ...) NOT-FOR-US: Symantec CVE-2019-18373 (Norton App Lock, prior to 1.4.0.503, may be susceptible to a bypass ex ...) @@ -36011,8 +36011,7 @@ CVE-2019-7306 [Apport hook may expose sensitive information] NOTE: https://bugs.launchpad.net/ubuntu/+source/byobu/+bug/1827202 NOTE: Issue in /usr/share/apport/package-hooks/source_byobu.py hook, NOTE: non-issue in Debian as Apport not present. -CVE-2019-7305 [extplorer exposes /usr and /etc/extplorer over HTTP] - RESERVED +CVE-2019-7305 (Information Exposure vulnerability in eXtplorer makes the /usr/ and /e ...) - extplorer NOTE: https://bugs.launchpad.net/ubuntu/+source/extplorer/+bug/1822013 CVE-2019-7304 (Canonical snapd before version 2.37.1 incorrectly performed socket own ...) diff --git a/data/CVE/2020.list b/data/CVE/2020.list index b3c55f546a..7359ec447b 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -1,5 +1,36 @@ -CVE-2020-11668 [media: xirlink_cit: add missing descriptor sanity checks] +CVE-2020-11684 RESERVED +CVE-2020-11683 + RESERVED +CVE-2020-11682 + RESERVED +CVE-2020-11681 + RESERVED +CVE-2020-11680 + RESERVED +CVE-2020-11679 + RESERVED +CVE-2020-11678 + RESERVED +CVE-2020-11677 + RESERVED +CVE-2020-11676 + RESERVED +CVE-2020-11675 + RESERVED +CVE-2020-11674 + RESERVED +CVE-2020-11673 + RESERVED +CVE-2020-11672 + RESERVED +CVE-2020-11671 + RESERVED +CVE-2020-11670 + RESERVED +CVE-2020-11669 + RESERVED +CVE-2020-11668 (In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit. ...) - linux NOTE: https://git.kernel.org/linus/a246b4d547708f33ff4d4b9a7a5dbac741dc89d8 CVE-2020-11667 @@ -5880,8 +5911,8 @@ CVE-2020-8963 (TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 NOT-FOR-US: TimeTools devices CVE-2020-8962 (A stack-based buffer overflow was found on the D-Link DIR-842 REVC wit ...) NOT-FOR-US: D-Link -CVE-2020-8961 - RESERVED +CVE-2020-8961 (An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. ...) + TODO: check CVE-2020-8960 (Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS. ...) NOT-FOR-US: Western Digital mycloud.com CVE-2020-8959 (Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 all ...) @@ -6163,16 +6194,14 @@ CVE-2020-8835 (In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf [stretch] - linux (Vulnerable code introduced later) [jessie] - linux (Vulnerable code introduced later) NOTE: https://git.kernel.org/linus/f2d67fec0b43edce8c416101cdc52e71145b5fef -CVE-2020-8834 [Linux kernel Power8 conflicting use of HSTATE_HOST_R1 vulnerability] - RESERVED +CVE-2020-8834 (KVM in the Linux kernel on Power8 processors has a conflicting use of ...) - linux 4.18.6-1 [stretch] - linux (Vulnerable code not present) [jessie] - linux (Vulnerable code not present) NOTE: https://www.openwall.com/lists/oss-security/2020/04/06/2 CVE-2020-8833 RESERVED -CVE-2020-8832 [incomplete fix for CVE-2019-14615 allows for a local information exposure] - RESERVED +CVE-2020-8832 (The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 (" ...) - linux NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1817047 TODO: check (in kernel-sec) if we have incomplete fix @@ -21728,8 +21757,7 @@ CVE-2020-1635 RESERVED CVE-2020-1634 (On High-End SRX Series devices, in specific configurations and when sp ...) NOT-FOR-US: Juniper -CVE-2020-1633 - RESERVED +CVE-2020-1633 (Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos ...) NOT-FOR-US: Juniper CVE-2020-1632 RESERVED -- cgit v1.2.3